From 6bdcc6f7cf641503697dcc3d29cb8b43c98bd451 Mon Sep 17 00:00:00 2001 From: Ruslan Nigmatullin Date: Mon, 23 Apr 2018 16:20:30 -0700 Subject: [PATCH] [openssl] Use 80-bytes STEK for OpenSSL-1.1 --- test/core/tsi/ssl_transport_security_test.cc | 22 +++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/test/core/tsi/ssl_transport_security_test.cc b/test/core/tsi/ssl_transport_security_test.cc index 88f1abc18c3..cf1ac824139 100644 --- a/test/core/tsi/ssl_transport_security_test.cc +++ b/test/core/tsi/ssl_transport_security_test.cc @@ -34,6 +34,10 @@ #include #include +extern "C" { +#include +} + #define SSL_TSI_TEST_ALPN1 "foo" #define SSL_TSI_TEST_ALPN2 "toto" #define SSL_TSI_TEST_ALPN3 "baz" @@ -42,6 +46,14 @@ #define SSL_TSI_TEST_BAD_SERVER_KEY_CERT_PAIRS_NUM 1 #define SSL_TSI_TEST_CREDENTIALS_DIR "src/core/tsi/test_creds/" +// OpenSSL 1.1 uses AES256 for encryption session ticket by default so specify +// different STEK size. +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(OPENSSL_IS_BORINGSSL) +const size_t kSessionTicketEncryptionKeySize = 80; +#else +const size_t kSessionTicketEncryptionKeySize = 48; +#endif + typedef enum AlpnMode { NO_ALPN, ALPN_CLIENT_NO_SERVER, @@ -624,7 +636,7 @@ void ssl_tsi_test_do_round_trip_odd_buffer_size() { void ssl_tsi_test_do_handshake_session_cache() { tsi_ssl_session_cache* session_cache = tsi_ssl_session_cache_create_lru(16); - char session_ticket_key[48]; + char session_ticket_key[kSessionTicketEncryptionKeySize]; auto do_handshake = [&session_ticket_key, &session_cache](bool session_reused) { tsi_test_fixture* fixture = ssl_tsi_test_fixture_create(); @@ -633,22 +645,22 @@ void ssl_tsi_test_do_handshake_session_cache() { ssl_fixture->server_name_indication = const_cast("waterzooi.test.google.be"); ssl_fixture->session_ticket_key = session_ticket_key; - ssl_fixture->session_ticket_key_size = 48; + ssl_fixture->session_ticket_key_size = sizeof(session_ticket_key); tsi_ssl_session_cache_ref(session_cache); ssl_fixture->session_cache = session_cache; ssl_fixture->session_reused = session_reused; tsi_test_do_round_trip(&ssl_fixture->base); tsi_test_fixture_destroy(fixture); }; - memset(session_ticket_key, 'a', 48); + memset(session_ticket_key, 'a', sizeof(session_ticket_key)); do_handshake(false); do_handshake(true); do_handshake(true); // Changing session_ticket_key on server invalidates ticket. - memset(session_ticket_key, 'b', 48); + memset(session_ticket_key, 'b', sizeof(session_ticket_key)); do_handshake(false); do_handshake(true); - memset(session_ticket_key, 'c', 48); + memset(session_ticket_key, 'c', sizeof(session_ticket_key)); do_handshake(false); do_handshake(true); tsi_ssl_session_cache_unref(session_cache);