/* Copyright (c) 2018, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "test_state.h" #include <openssl/ssl.h> #include "../../crypto/internal.h" #include "../internal.h" using namespace bssl; static CRYPTO_once_t g_once = CRYPTO_ONCE_INIT; static int g_state_index = 0; // Some code treats the zero time special, so initialize the clock to a // non-zero time. static timeval g_clock = { 1234, 1234 }; static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int index, long argl, void *argp) { delete ((TestState *)ptr); } static void init_once() { g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); if (g_state_index < 0) { abort(); } } struct timeval *GetClock() { CRYPTO_once(&g_once, init_once); return &g_clock; } void AdvanceClock(unsigned seconds) { CRYPTO_once(&g_once, init_once); g_clock.tv_sec += seconds; } bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) { CRYPTO_once(&g_once, init_once); // |SSL_set_ex_data| takes ownership of |state| only on success. if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { state.release(); return true; } return false; } TestState *GetTestState(const SSL *ssl) { CRYPTO_once(&g_once, init_once); return (TestState *)SSL_get_ex_data(ssl, g_state_index); } static void ssl_ctx_add_session(SSL_SESSION *session, void *void_param) { SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(void_param); UniquePtr<SSL_SESSION> new_session = SSL_SESSION_dup( session, SSL_SESSION_INCLUDE_NONAUTH | SSL_SESSION_INCLUDE_TICKET); if (new_session != nullptr) { SSL_CTX_add_session(ctx, new_session.get()); } } void CopySessions(SSL_CTX *dst, const SSL_CTX *src) { lh_SSL_SESSION_doall_arg(src->sessions, ssl_ctx_add_session, dst); } static void push_session(SSL_SESSION *session, void *arg) { auto s = reinterpret_cast<std::vector<SSL_SESSION *> *>(arg); s->push_back(session); } bool SerializeContextState(SSL_CTX *ctx, CBB *cbb) { CBB out, ctx_sessions, ticket_keys; uint8_t keys[48]; if (!CBB_add_u24_length_prefixed(cbb, &out) || !CBB_add_u16(&out, 0 /* version */) || !SSL_CTX_get_tlsext_ticket_keys(ctx, &keys, sizeof(keys)) || !CBB_add_u8_length_prefixed(&out, &ticket_keys) || !CBB_add_bytes(&ticket_keys, keys, sizeof(keys)) || !CBB_add_asn1(&out, &ctx_sessions, CBS_ASN1_SEQUENCE)) { return false; } std::vector<SSL_SESSION *> sessions; lh_SSL_SESSION_doall_arg(ctx->sessions, push_session, &sessions); for (const auto &sess : sessions) { if (!ssl_session_serialize(sess, &ctx_sessions)) { return false; } } return CBB_flush(cbb); } bool DeserializeContextState(CBS *cbs, SSL_CTX *ctx) { CBS in, sessions, ticket_keys; uint16_t version; constexpr uint16_t kVersion = 0; if (!CBS_get_u24_length_prefixed(cbs, &in) || !CBS_get_u16(&in, &version) || version > kVersion || !CBS_get_u8_length_prefixed(&in, &ticket_keys) || !SSL_CTX_set_tlsext_ticket_keys(ctx, CBS_data(&ticket_keys), CBS_len(&ticket_keys)) || !CBS_get_asn1(&in, &sessions, CBS_ASN1_SEQUENCE)) { return false; } while (CBS_len(&sessions)) { UniquePtr<SSL_SESSION> session = SSL_SESSION_parse(&sessions, ctx->x509_method, ctx->pool); if (!session) { return false; } SSL_CTX_add_session(ctx, session.get()); } return true; } bool TestState::Serialize(CBB *cbb) const { CBB out, pending, text; if (!CBB_add_u24_length_prefixed(cbb, &out) || !CBB_add_u16(&out, 0 /* version */) || !CBB_add_u24_length_prefixed(&out, &pending) || (pending_session && !ssl_session_serialize(pending_session.get(), &pending)) || !CBB_add_u16_length_prefixed(&out, &text) || !CBB_add_bytes( &text, reinterpret_cast<const uint8_t *>(msg_callback_text.data()), msg_callback_text.length()) || !CBB_flush(cbb)) { return false; } return true; } std::unique_ptr<TestState> TestState::Deserialize(CBS *cbs, SSL_CTX *ctx) { CBS in, pending_session, text; std::unique_ptr<TestState> out_state(new TestState()); uint16_t version; constexpr uint16_t kVersion = 0; if (!CBS_get_u24_length_prefixed(cbs, &in) || !CBS_get_u16(&in, &version) || version > kVersion || !CBS_get_u24_length_prefixed(&in, &pending_session) || !CBS_get_u16_length_prefixed(&in, &text)) { return nullptr; } if (CBS_len(&pending_session)) { out_state->pending_session = SSL_SESSION_parse( &pending_session, ctx->x509_method, ctx->pool); if (!out_state->pending_session) { return nullptr; } } out_state->msg_callback_text = std::string( reinterpret_cast<const char *>(CBS_data(&text)), CBS_len(&text)); return out_state; }