/* Copyright (c) 2018, Google Inc. * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include #include #include "handshake_util.h" #include "test_config.h" #include "test_state.h" using namespace bssl; namespace { ssize_t read_eintr(int fd, void *out, size_t len) { ssize_t ret; do { ret = read(fd, out, len); } while (ret < 0 && errno == EINTR); return ret; } ssize_t write_eintr(int fd, const void *in, size_t len) { ssize_t ret; do { ret = write(fd, in, len); } while (ret < 0 && errno == EINTR); return ret; } bool HandbackReady(SSL *ssl, int ret) { return ret < 0 && SSL_get_error(ssl, ret) == SSL_ERROR_HANDBACK; } bool Handshaker(const TestConfig *config, int rfd, int wfd, Span input, int control) { UniquePtr ctx = config->SetupCtx(/*old_ctx=*/nullptr); if (!ctx) { return false; } UniquePtr ssl = config->NewSSL(ctx.get(), /*session=*/nullptr, /*test_state=*/nullptr); if (!ssl) { return false; } // Set |O_NONBLOCK| in order to break out of the loop when we hit // |SSL_ERROR_WANT_READ|, so that we can send |kControlMsgWantRead| to the // proxy. if (fcntl(rfd, F_SETFL, O_NONBLOCK) != 0) { perror("fcntl"); return false; } SSL_set_rfd(ssl.get(), rfd); SSL_set_wfd(ssl.get(), wfd); CBS cbs, handoff; CBS_init(&cbs, input.data(), input.size()); if (!CBS_get_asn1_element(&cbs, &handoff, CBS_ASN1_SEQUENCE) || !DeserializeContextState(&cbs, ctx.get()) || !SetTestState(ssl.get(), TestState::Deserialize(&cbs, ctx.get())) || !GetTestState(ssl.get()) || !SSL_apply_handoff(ssl.get(), handoff)) { fprintf(stderr, "Handoff application failed.\n"); return false; } int ret = 0; for (;;) { ret = CheckIdempotentError( "SSL_do_handshake", ssl.get(), [&]() -> int { return SSL_do_handshake(ssl.get()); }); if (SSL_get_error(ssl.get(), ret) == SSL_ERROR_WANT_READ) { // Synchronize with the proxy, i.e. don't let the handshake continue until // the proxy has sent more data. char msg = kControlMsgWantRead; if (write_eintr(control, &msg, 1) != 1 || read_eintr(control, &msg, 1) != 1 || msg != kControlMsgWriteCompleted) { fprintf(stderr, "read via proxy failed\n"); return false; } continue; } if (!RetryAsync(ssl.get(), ret)) { break; } } if (!HandbackReady(ssl.get(), ret)) { fprintf(stderr, "Handshaker: %s\n", SSL_error_description(SSL_get_error(ssl.get(), ret))); ERR_print_errors_fp(stderr); return false; } ScopedCBB output; CBB handback; if (!CBB_init(output.get(), 1024) || !CBB_add_u24_length_prefixed(output.get(), &handback) || !SSL_serialize_handback(ssl.get(), &handback) || !SerializeContextState(ctx.get(), output.get()) || !GetTestState(ssl.get())->Serialize(output.get())) { fprintf(stderr, "Handback serialisation failed.\n"); return false; } char msg = kControlMsgDone; if (write_eintr(control, &msg, 1) == -1 || write_eintr(control, CBB_data(output.get()), CBB_len(output.get())) == -1) { perror("write"); return false; } return true; } bool GenerateHandshakeHint(const TestConfig *config, bssl::Span request, int control) { // The handshake hint contains the ClientHello and the capabilities string. CBS cbs = request; CBS client_hello, capabilities; if (!CBS_get_u24_length_prefixed(&cbs, &client_hello) || !CBS_get_u24_length_prefixed(&cbs, &capabilities) || // CBS_len(&cbs) != 0) { fprintf(stderr, "Handshaker: Could not parse hint request\n"); return false; } UniquePtr ctx = config->SetupCtx(/*old_ctx=*/nullptr); if (!ctx) { return false; } UniquePtr ssl = config->NewSSL(ctx.get(), /*session=*/nullptr, std::unique_ptr(new TestState)); if (!ssl) { return false; } // TODO(davidben): When split handshakes is replaced, move this into |NewSSL|. assert(config->is_server); SSL_set_accept_state(ssl.get()); if (!SSL_request_handshake_hints( ssl.get(), CBS_data(&client_hello), CBS_len(&client_hello), CBS_data(&capabilities), CBS_len(&capabilities))) { fprintf(stderr, "Handshaker: SSL_request_handshake_hints failed\n"); return false; } int ret = 0; do { ret = CheckIdempotentError("SSL_do_handshake", ssl.get(), [&] { return SSL_do_handshake(ssl.get()); }); } while (RetryAsync(ssl.get(), ret)); if (ret > 0) { fprintf(stderr, "Handshaker: handshake unexpectedly succeeded.\n"); return false; } if (SSL_get_error(ssl.get(), ret) != SSL_ERROR_HANDSHAKE_HINTS_READY) { // Errors here may be expected if the test is testing a failing case. The // shim should continue executing without a hint, so we report an error // "successfully". This allows the shim to distinguish this from the other // unexpected error cases. // // We intentionally avoid printing the error in this case, to avoid mixing // up test expectations with errors from the shim. char msg = kControlMsgError; if (write_eintr(control, &msg, 1) == -1) { return false; } return true; } bssl::ScopedCBB hints; if (!CBB_init(hints.get(), 256) || !SSL_serialize_handshake_hints(ssl.get(), hints.get())) { fprintf(stderr, "Handshaker: failed to serialize handshake hints\n"); return false; } char msg = kControlMsgDone; if (write_eintr(control, &msg, 1) == -1 || write_eintr(control, CBB_data(hints.get()), CBB_len(hints.get())) == -1) { perror("write"); return false; } return true; } int SignalError() { const char msg = kControlMsgError; if (write_eintr(kFdControl, &msg, 1) != 1) { return 2; } return 1; } } // namespace int main(int argc, char **argv) { TestConfig initial_config, resume_config, retry_config; if (!ParseConfig(argc - 1, argv + 1, /*is_shim=*/false, &initial_config, &resume_config, &retry_config)) { return SignalError(); } const TestConfig *config = initial_config.handshaker_resume ? &resume_config : &initial_config; #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) if (initial_config.handshaker_resume) { // If the PRNG returns exactly the same values when trying to resume then a // "random" session ID will happen to exactly match the session ID // "randomly" generated on the initial connection. The client will thus // incorrectly believe that the server is resuming. uint8_t byte; RAND_bytes(&byte, 1); } #endif // BORINGSSL_UNSAFE_DETERMINISTIC_MODE // read() will return the entire message in one go, because it's a datagram // socket. constexpr size_t kBufSize = 1024 * 1024; std::vector request(kBufSize); ssize_t len = read_eintr(kFdControl, request.data(), request.size()); if (len == -1) { perror("read"); return 2; } request.resize(static_cast(len)); if (config->handshake_hints) { if (!GenerateHandshakeHint(config, request, kFdControl)) { return SignalError(); } } else { if (!Handshaker(config, kFdProxyToHandshaker, kFdHandshakerToProxy, request, kFdControl)) { return SignalError(); } } return 0; }