summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/tlsext
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2018-11-07 01:08:50 +0000
committercvs2svn <admin@example.com>2018-11-07 01:08:50 +0000
commit2035faf3f8aa95b888d9416c3cc7328c0ea18beb (patch)
treef08a08d357c5d30455c569890f747c1d9b241316 /src/regress/lib/libssl/tlsext
parentbe03b61c1b8f59ccdd34dbe5f6c6b30de697d28b (diff)
downloadopenbsd-bluhm_20181106.tar.gz
openbsd-bluhm_20181106.tar.bz2
openbsd-bluhm_20181106.zip
This commit was manufactured by cvs2git to create tag 'bluhm_20181106'.bluhm_20181106
Diffstat (limited to 'src/regress/lib/libssl/tlsext')
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile9
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c2981
2 files changed, 0 insertions, 2990 deletions
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 48b5bc1e25..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/07/16 18:18:10 jsing Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index b50736d802..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,2981 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.19 2018/11/06 01:19:35 jsing Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <err.h>
20
21#include "ssl_locl.h"
22
23#include "bytestring.h"
24#include "ssl_tlsext.h"
25
26static void
27hexdump(const unsigned char *buf, size_t len)
28{
29 size_t i;
30
31 for (i = 1; i <= len; i++)
32 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
33
34 fprintf(stderr, "\n");
35}
36
37static void
38hexdump2(const uint16_t *buf, size_t len)
39{
40 size_t i;
41
42 for (i = 1; i <= len / 2; i++)
43 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
44
45 fprintf(stderr, "\n");
46}
47
48static void
49compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
50 size_t expect_len)
51{
52 fprintf(stderr, "received:\n");
53 hexdump(recv, recv_len);
54
55 fprintf(stderr, "test data:\n");
56 hexdump(expect, expect_len);
57}
58
59static void
60compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
61 size_t expect_len)
62{
63 fprintf(stderr, "received:\n");
64 hexdump2(recv, recv_len);
65
66 fprintf(stderr, "test data:\n");
67 hexdump2(expect, expect_len);
68}
69
70#define FAIL(msg, ...) \
71do { \
72 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
73 fprintf(stderr, msg, ##__VA_ARGS__); \
74} while(0)
75
76/*
77 * Supported Application-Layer Protocol Negotiation - RFC 7301
78 *
79 * There are already extensive unit tests for this so this just
80 * tests the state info.
81 */
82
83const uint8_t tlsext_alpn_multiple_protos_val[] = {
84 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
85 0x08, /* len */
86 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
87 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
88 0x09, /* len */
89 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
90};
91
92const uint8_t tlsext_alpn_multiple_protos[] = {
93 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
94 0x00, 0x13, /* len of all names */
95 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
96 0x08, /* len */
97 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
98 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
99 0x09, /* len */
100 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
101};
102
103const uint8_t tlsext_alpn_single_proto_val[] = {
104 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
105 0x08, /* len */
106 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
107};
108
109const uint8_t tlsext_alpn_single_proto_name[] = {
110 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
111};
112
113const uint8_t tlsext_alpn_single_proto[] = {
114 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
115 0x00, 0x09, /* len of all names */
116 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
117 0x08, /* len */
118 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
119};
120
121static int
122test_tlsext_alpn_clienthello(void)
123{
124 SSL_CTX *ssl_ctx = NULL;
125 SSL *ssl = NULL;
126 uint8_t *data = NULL;
127 CBB cbb;
128 CBS cbs;
129 int failure, alert;
130 size_t dlen;
131
132 CBB_init(&cbb, 0);
133
134 failure = 1;
135
136 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
137 errx(1, "failed to create SSL_CTX");
138 if ((ssl = SSL_new(ssl_ctx)) == NULL)
139 errx(1, "failed to create SSL");
140
141 /* By default, we don't need this */
142 if (tlsext_alpn_clienthello_needs(ssl)) {
143 FAIL("clienthello should not need ALPN by default");
144 goto err;
145 }
146
147 /*
148 * Prereqs:
149 * 1) Set s->internal->alpn_client_proto_list
150 * - Using SSL_set_alpn_protos()
151 * 2) We have not finished or renegotiated.
152 * - S3I(s)->tmp.finish_md_len == 0
153 */
154 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
155 sizeof(tlsext_alpn_single_proto_val)) != 0) {
156 FAIL("should be able to set ALPN to http/1.1");
157 goto err;
158 }
159 if (!tlsext_alpn_clienthello_needs(ssl)) {
160 FAIL("clienthello should need ALPN by now");
161 goto err;
162 }
163
164 /* Make sure we can build the clienthello with a single proto. */
165
166 if (!tlsext_alpn_clienthello_build(ssl, &cbb)) {
167 FAIL("clienthello failed to build ALPN\n");
168 goto err;
169 }
170 if (!CBB_finish(&cbb, &data, &dlen))
171 errx(1, "failed to finish CBB");
172
173 if (dlen != sizeof(tlsext_alpn_single_proto)) {
174 FAIL("got clienthello ALPN with length %zu, "
175 "want length %zu\n", dlen,
176 sizeof(tlsext_alpn_single_proto));
177 compare_data(data, dlen, tlsext_alpn_single_proto,
178 sizeof(tlsext_alpn_single_proto));
179 goto err;
180 }
181 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
182 FAIL("clienthello ALPN differs:\n");
183 compare_data(data, dlen, tlsext_alpn_single_proto,
184 sizeof(tlsext_alpn_single_proto));
185 goto err;
186 }
187
188 CBB_cleanup(&cbb);
189 CBB_init(&cbb, 0);
190 free(data);
191 data = NULL;
192
193 /* Make sure we can parse the single proto. */
194
195 CBS_init(&cbs, tlsext_alpn_single_proto,
196 sizeof(tlsext_alpn_single_proto));
197 if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) {
198 FAIL("failed to parse ALPN");
199 goto err;
200 }
201 if (CBS_len(&cbs) != 0) {
202 FAIL("extension data remaining");
203 goto err;
204 }
205
206 if (ssl->internal->alpn_client_proto_list_len !=
207 sizeof(tlsext_alpn_single_proto_val)) {
208 FAIL("got clienthello ALPN with length %zu, "
209 "want length %zu\n", dlen,
210 sizeof(tlsext_alpn_single_proto_val));
211 compare_data(ssl->internal->alpn_client_proto_list,
212 ssl->internal->alpn_client_proto_list_len,
213 tlsext_alpn_single_proto_val,
214 sizeof(tlsext_alpn_single_proto_val));
215 goto err;
216 }
217 if (memcmp(ssl->internal->alpn_client_proto_list,
218 tlsext_alpn_single_proto_val,
219 sizeof(tlsext_alpn_single_proto_val)) != 0) {
220 FAIL("clienthello ALPN differs:\n");
221 compare_data(data, dlen, tlsext_alpn_single_proto_val,
222 sizeof(tlsext_alpn_single_proto_val));
223 goto err;
224 }
225
226 /* Make sure we can build the clienthello with multiple entries. */
227
228 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
229 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
230 FAIL("should be able to set ALPN to http/1.1");
231 goto err;
232 }
233 if (!tlsext_alpn_clienthello_needs(ssl)) {
234 FAIL("clienthello should need ALPN by now");
235 goto err;
236 }
237
238 if (!tlsext_alpn_clienthello_build(ssl, &cbb)) {
239 FAIL("clienthello failed to build ALPN\n");
240 goto err;
241 }
242 if (!CBB_finish(&cbb, &data, &dlen))
243 errx(1, "failed to finish CBB");
244
245 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
246 FAIL("got clienthello ALPN with length %zu, "
247 "want length %zu\n", dlen,
248 sizeof(tlsext_alpn_multiple_protos));
249 compare_data(data, dlen, tlsext_alpn_multiple_protos,
250 sizeof(tlsext_alpn_multiple_protos));
251 goto err;
252 }
253 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
254 FAIL("clienthello ALPN differs:\n");
255 compare_data(data, dlen, tlsext_alpn_multiple_protos,
256 sizeof(tlsext_alpn_multiple_protos));
257 goto err;
258 }
259
260 /* Make sure we can parse multiple protos */
261
262 CBS_init(&cbs, tlsext_alpn_multiple_protos,
263 sizeof(tlsext_alpn_multiple_protos));
264 if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) {
265 FAIL("failed to parse ALPN");
266 goto err;
267 }
268 if (CBS_len(&cbs) != 0) {
269 FAIL("extension data remaining");
270 goto err;
271 }
272
273 if (ssl->internal->alpn_client_proto_list_len !=
274 sizeof(tlsext_alpn_multiple_protos_val)) {
275 FAIL("got clienthello ALPN with length %zu, "
276 "want length %zu\n", dlen,
277 sizeof(tlsext_alpn_multiple_protos_val));
278 compare_data(ssl->internal->alpn_client_proto_list,
279 ssl->internal->alpn_client_proto_list_len,
280 tlsext_alpn_multiple_protos_val,
281 sizeof(tlsext_alpn_multiple_protos_val));
282 goto err;
283 }
284 if (memcmp(ssl->internal->alpn_client_proto_list,
285 tlsext_alpn_multiple_protos_val,
286 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
287 FAIL("clienthello ALPN differs:\n");
288 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
289 sizeof(tlsext_alpn_multiple_protos_val));
290 goto err;
291 }
292
293 /* Make sure we can remove the list and avoid ALPN */
294
295 free(ssl->internal->alpn_client_proto_list);
296 ssl->internal->alpn_client_proto_list = NULL;
297 ssl->internal->alpn_client_proto_list_len = 0;
298
299 if (tlsext_alpn_clienthello_needs(ssl)) {
300 FAIL("clienthello should need ALPN by default");
301 goto err;
302 }
303
304 failure = 0;
305
306 err:
307 CBB_cleanup(&cbb);
308 SSL_CTX_free(ssl_ctx);
309 SSL_free(ssl);
310 free(data);
311
312 return (failure);
313}
314
315static int
316test_tlsext_alpn_serverhello(void)
317{
318 SSL_CTX *ssl_ctx = NULL;
319 SSL *ssl = NULL;
320 uint8_t *data = NULL;
321 CBB cbb;
322 CBS cbs;
323 int failure, alert;
324 size_t dlen;
325
326 CBB_init(&cbb, 0);
327
328 failure = 1;
329
330 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
331 errx(1, "failed to create SSL_CTX");
332 if ((ssl = SSL_new(ssl_ctx)) == NULL)
333 errx(1, "failed to create SSL");
334
335 /* By default, ALPN isn't needed. */
336 if (tlsext_alpn_serverhello_needs(ssl)) {
337 FAIL("serverhello should not need ALPN by default\n");
338 goto err;
339 }
340
341 /*
342 * The server has a single ALPN selection which is set by
343 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
344 *
345 * This will be a plain name and separate length.
346 */
347 if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
348 errx(1, "failed to malloc");
349 }
350 memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
351 sizeof(tlsext_alpn_single_proto_name));
352 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
353
354 if (!tlsext_alpn_serverhello_needs(ssl)) {
355 FAIL("serverhello should need ALPN after a protocol is selected\n");
356 goto err;
357 }
358
359 /* Make sure we can build a serverhello with one protocol */
360
361 if (!tlsext_alpn_serverhello_build(ssl, &cbb)) {
362 FAIL("serverhello should be able to build a response");
363 goto err;
364 }
365 if (!CBB_finish(&cbb, &data, &dlen))
366 errx(1, "failed to finish CBB");
367
368 if (dlen != sizeof(tlsext_alpn_single_proto)) {
369 FAIL("got clienthello ALPN with length %zu, "
370 "want length %zu\n", dlen,
371 sizeof(tlsext_alpn_single_proto));
372 compare_data(data, dlen, tlsext_alpn_single_proto,
373 sizeof(tlsext_alpn_single_proto));
374 goto err;
375 }
376 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
377 FAIL("clienthello ALPN differs:\n");
378 compare_data(data, dlen, tlsext_alpn_single_proto,
379 sizeof(tlsext_alpn_single_proto));
380 goto err;
381 }
382
383 CBB_cleanup(&cbb);
384 CBB_init(&cbb, 0);
385 free(data);
386 data = NULL;
387
388 /* Make sure we can parse the single proto. */
389
390 CBS_init(&cbs, tlsext_alpn_single_proto,
391 sizeof(tlsext_alpn_single_proto));
392
393 /* Shouldn't be able to parse without requesting */
394 if (tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) {
395 FAIL("Should only parse serverhello if we requested it");
396 goto err;
397 }
398
399 /* Should be able to parse once requested. */
400 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
401 sizeof(tlsext_alpn_single_proto_val)) != 0) {
402 FAIL("should be able to set ALPN to http/1.1");
403 goto err;
404 }
405 if (!tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) {
406 FAIL("Should be able to parse serverhello when we request it");
407 goto err;
408 }
409 if (CBS_len(&cbs) != 0) {
410 FAIL("extension data remaining");
411 goto err;
412 }
413
414 if (S3I(ssl)->alpn_selected_len !=
415 sizeof(tlsext_alpn_single_proto_name)) {
416 FAIL("got serverhello ALPN with length %zu, "
417 "want length %zu\n", dlen,
418 sizeof(tlsext_alpn_single_proto_name));
419 compare_data(S3I(ssl)->alpn_selected,
420 S3I(ssl)->alpn_selected_len,
421 tlsext_alpn_single_proto_name,
422 sizeof(tlsext_alpn_single_proto_name));
423 goto err;
424 }
425 if (memcmp(S3I(ssl)->alpn_selected,
426 tlsext_alpn_single_proto_name,
427 sizeof(tlsext_alpn_single_proto_name)) != 0) {
428 FAIL("serverhello ALPN differs:\n");
429 compare_data(S3I(ssl)->alpn_selected,
430 S3I(ssl)->alpn_selected_len,
431 tlsext_alpn_single_proto_name,
432 sizeof(tlsext_alpn_single_proto_name));
433 goto err;
434 }
435
436 /*
437 * We should NOT be able to build a serverhello with multiple
438 * protocol names. However, the existing code did not check for this
439 * case because it is passed in as an encoded value.
440 */
441
442 /* Make sure we can remove the list and avoid ALPN */
443
444 free(S3I(ssl)->alpn_selected);
445 S3I(ssl)->alpn_selected = NULL;
446 S3I(ssl)->alpn_selected_len = 0;
447
448 if (tlsext_alpn_serverhello_needs(ssl)) {
449 FAIL("serverhello should need ALPN by default");
450 goto err;
451 }
452
453 failure = 0;
454
455 err:
456 CBB_cleanup(&cbb);
457 SSL_CTX_free(ssl_ctx);
458 SSL_free(ssl);
459 free(data);
460
461 return (failure);
462
463}
464
465/*
466 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
467 *
468 * This extension is only used by the client.
469 */
470
471static uint8_t tlsext_supportedgroups_clienthello_default[] = {
472 0x00, 0x06,
473 0x00, 0x1d, /* X25519 (29) */
474 0x00, 0x17, /* secp256r1 (23) */
475 0x00, 0x18 /* secp384r1 (24) */
476};
477
478static uint16_t tlsext_supportedgroups_clienthello_secp384r1_val[] = {
479 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */
480};
481static uint8_t tlsext_supportedgroups_clienthello_secp384r1[] = {
482 0x00, 0x02,
483 0x00, 0x18 /* secp384r1 (24) */
484};
485
486/* Example from RFC 4492 section 5.1.1 */
487static uint16_t tlsext_supportedgroups_clienthello_nistp192and224_val[] = {
488 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */
489 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */
490};
491static uint8_t tlsext_supportedgroups_clienthello_nistp192and224[] = {
492 0x00, 0x04,
493 0x00, 0x13, /* secp192r1 aka NIST P-192 */
494 0x00, 0x15 /* secp224r1 aka NIST P-224 */
495};
496
497static int
498test_tlsext_supportedgroups_clienthello(void)
499{
500 unsigned char *data = NULL;
501 SSL_CTX *ssl_ctx = NULL;
502 SSL *ssl = NULL;
503 size_t dlen;
504 int failure, alert;
505 CBB cbb;
506 CBS cbs;
507
508 failure = 1;
509
510 if (!CBB_init(&cbb, 0))
511 errx(1, "failed to create CBB");
512
513 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
514 errx(1, "failed to create SSL_CTX");
515 if ((ssl = SSL_new(ssl_ctx)) == NULL)
516 errx(1, "failed to create SSL");
517
518 /*
519 * Default ciphers include EC so we need it by default.
520 */
521 if (!tlsext_supportedgroups_clienthello_needs(ssl)) {
522 FAIL("clienthello should need Ellipticcurves for default "
523 "ciphers\n");
524 goto err;
525 }
526
527 /*
528 * Exclude cipher suites so we can test not including it.
529 */
530 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
531 FAIL("clienthello should be able to set cipher list\n");
532 goto err;
533 }
534 if (tlsext_supportedgroups_clienthello_needs(ssl)) {
535 FAIL("clienthello should not need Ellipticcurves\n");
536 goto err;
537 }
538
539 /*
540 * Use libtls default for the rest of the testing
541 */
542 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
543 FAIL("clienthello should be able to set cipher list\n");
544 goto err;
545 }
546 if (!tlsext_supportedgroups_clienthello_needs(ssl)) {
547 FAIL("clienthello should need Ellipticcurves\n");
548 goto err;
549 }
550
551 /*
552 * Test with a session secp384r1. The default is used instead.
553 */
554 if ((ssl->session = SSL_SESSION_new()) == NULL)
555 errx(1, "failed to create session");
556
557 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
558 == NULL) {
559 FAIL("client could not malloc\n");
560 goto err;
561 }
562 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
563 SSI(ssl)->tlsext_supportedgroups_length = 1;
564
565 if (!tlsext_supportedgroups_clienthello_needs(ssl)) {
566 FAIL("clienthello should need Ellipticcurves\n");
567 goto err;
568 }
569
570 if (!tlsext_supportedgroups_clienthello_build(ssl, &cbb)) {
571 FAIL("clienthello failed to build Ellipticcurves\n");
572 goto err;
573 }
574
575 if (!CBB_finish(&cbb, &data, &dlen))
576 errx(1, "failed to finish CBB");
577
578 if (dlen != sizeof(tlsext_supportedgroups_clienthello_default)) {
579 FAIL("got clienthello Ellipticcurves with length %zu, "
580 "want length %zu\n", dlen,
581 sizeof(tlsext_supportedgroups_clienthello_default));
582 compare_data(data, dlen, tlsext_supportedgroups_clienthello_default,
583 sizeof(tlsext_supportedgroups_clienthello_default));
584 goto err;
585 }
586
587 if (memcmp(data, tlsext_supportedgroups_clienthello_default, dlen) != 0) {
588 FAIL("clienthello Ellipticcurves differs:\n");
589 compare_data(data, dlen, tlsext_supportedgroups_clienthello_default,
590 sizeof(tlsext_supportedgroups_clienthello_default));
591 goto err;
592 }
593
594 /*
595 * Test parsing secp384r1
596 */
597 CBB_cleanup(&cbb);
598 CBB_init(&cbb, 0);
599 free(data);
600 data = NULL;
601
602 SSL_SESSION_free(ssl->session);
603 if ((ssl->session = SSL_SESSION_new()) == NULL)
604 errx(1, "failed to create session");
605
606 CBS_init(&cbs, tlsext_supportedgroups_clienthello_secp384r1,
607 sizeof(tlsext_supportedgroups_clienthello_secp384r1));
608 if (!tlsext_supportedgroups_clienthello_parse(ssl, &cbs, &alert)) {
609 FAIL("failed to parse clienthello Ellipticcurves\n");
610 goto err;
611 }
612 if (CBS_len(&cbs) != 0) {
613 FAIL("extension data remaining");
614 goto err;
615 }
616
617 if (SSI(ssl)->tlsext_supportedgroups_length !=
618 sizeof(tlsext_supportedgroups_clienthello_secp384r1_val) / sizeof(uint16_t)) {
619 FAIL("no tlsext_ellipticcurves from clienthello "
620 "Ellipticcurves\n");
621 goto err;
622 }
623
624 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
625 tlsext_supportedgroups_clienthello_secp384r1_val,
626 sizeof(tlsext_supportedgroups_clienthello_secp384r1_val)) != 0) {
627 FAIL("clienthello had an incorrect Ellipticcurves "
628 "entry\n");
629 compare_data2(SSI(ssl)->tlsext_supportedgroups,
630 SSI(ssl)->tlsext_supportedgroups_length * 2,
631 tlsext_supportedgroups_clienthello_secp384r1_val,
632 sizeof(tlsext_supportedgroups_clienthello_secp384r1_val));
633 goto err;
634 }
635
636 /*
637 * Use a custom order.
638 */
639 CBB_cleanup(&cbb);
640 CBB_init(&cbb, 0);
641
642 SSL_SESSION_free(ssl->session);
643 if ((ssl->session = SSL_SESSION_new()) == NULL)
644 errx(1, "failed to create session");
645
646 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
647 FAIL("client could not malloc\n");
648 goto err;
649 }
650 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1);
651 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
652 ssl->internal->tlsext_supportedgroups_length = 2;
653
654 if (!tlsext_supportedgroups_clienthello_needs(ssl)) {
655 FAIL("clienthello should need Ellipticcurves\n");
656 goto err;
657 }
658
659 if (!tlsext_supportedgroups_clienthello_build(ssl, &cbb)) {
660 FAIL("clienthello failed to build Ellipticcurves\n");
661 goto err;
662 }
663
664 if (!CBB_finish(&cbb, &data, &dlen))
665 errx(1, "failed to finish CBB");
666
667 if (dlen != sizeof(tlsext_supportedgroups_clienthello_nistp192and224)) {
668 FAIL("got clienthello Ellipticcurves with length %zu, "
669 "want length %zu\n", dlen,
670 sizeof(tlsext_supportedgroups_clienthello_nistp192and224));
671 fprintf(stderr, "received:\n");
672 hexdump(data, dlen);
673 fprintf(stderr, "test data:\n");
674 hexdump(tlsext_supportedgroups_clienthello_nistp192and224,
675 sizeof(tlsext_supportedgroups_clienthello_nistp192and224));
676 goto err;
677 }
678
679 if (memcmp(data, tlsext_supportedgroups_clienthello_nistp192and224, dlen) != 0) {
680 FAIL("clienthello Ellipticcurves differs:\n");
681 fprintf(stderr, "received:\n");
682 hexdump(data, dlen);
683 fprintf(stderr, "test data:\n");
684 hexdump(tlsext_supportedgroups_clienthello_nistp192and224,
685 sizeof(tlsext_supportedgroups_clienthello_nistp192and224));
686 goto err;
687 }
688
689 /*
690 * Parse non-default curves to session.
691 */
692 CBB_cleanup(&cbb);
693 CBB_init(&cbb, 0);
694 free(data);
695 data = NULL;
696
697 SSL_SESSION_free(ssl->session);
698 if ((ssl->session = SSL_SESSION_new()) == NULL)
699 errx(1, "failed to create session");
700
701 /* Reset back to the default list. */
702 free(ssl->internal->tlsext_supportedgroups);
703 ssl->internal->tlsext_supportedgroups = NULL;
704 ssl->internal->tlsext_supportedgroups_length = 0;
705
706 CBS_init(&cbs, tlsext_supportedgroups_clienthello_nistp192and224,
707 sizeof(tlsext_supportedgroups_clienthello_nistp192and224));
708 if (!tlsext_supportedgroups_clienthello_parse(ssl, &cbs, &alert)) {
709 FAIL("failed to parse clienthello Ellipticcurves\n");
710 goto err;
711 }
712 if (CBS_len(&cbs) != 0) {
713 FAIL("extension data remaining");
714 goto err;
715 }
716
717 if (SSI(ssl)->tlsext_supportedgroups_length !=
718 sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val) / sizeof(uint16_t)) {
719 FAIL("no tlsext_ellipticcurves from clienthello "
720 "Ellipticcurves\n");
721 goto err;
722 }
723
724 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
725 tlsext_supportedgroups_clienthello_nistp192and224_val,
726 sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val)) != 0) {
727 FAIL("clienthello had an incorrect Ellipticcurves entry\n");
728 compare_data2(SSI(ssl)->tlsext_supportedgroups,
729 SSI(ssl)->tlsext_supportedgroups_length * 2,
730 tlsext_supportedgroups_clienthello_nistp192and224_val,
731 sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val));
732 goto err;
733 }
734
735 failure = 0;
736
737 err:
738 CBB_cleanup(&cbb);
739 SSL_CTX_free(ssl_ctx);
740 SSL_free(ssl);
741 free(data);
742
743 return (failure);
744}
745
746
747/* elliptic_curves is only used by the client so this doesn't test much. */
748static int
749test_tlsext_supportedgroups_serverhello(void)
750{
751 SSL_CTX *ssl_ctx = NULL;
752 SSL *ssl = NULL;
753 int failure;
754
755 failure = 1;
756
757 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
758 errx(1, "failed to create SSL_CTX");
759 if ((ssl = SSL_new(ssl_ctx)) == NULL)
760 errx(1, "failed to create SSL");
761
762 if (tlsext_supportedgroups_serverhello_needs(ssl)) {
763 FAIL("serverhello should not need elliptic_curves\n");
764 goto err;
765 }
766
767 if ((ssl->session = SSL_SESSION_new()) == NULL)
768 errx(1, "failed to create session");
769
770 if (tlsext_supportedgroups_serverhello_needs(ssl)) {
771 FAIL("serverhello should not need elliptic_curves\n");
772 goto err;
773 }
774
775 failure = 0;
776
777 err:
778 SSL_CTX_free(ssl_ctx);
779 SSL_free(ssl);
780
781 return (failure);
782
783}
784
785/*
786 * Supported Point Formats - RFC 4492 section 5.1.2.
787 *
788 * Examples are from the RFC. Both client and server have the same build and
789 * parse but the needs differ.
790 */
791
792static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
793 TLSEXT_ECPOINTFORMAT_uncompressed
794};
795static uint8_t tlsext_ecpf_hello_uncompressed[] = {
796 0x01,
797 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
798};
799
800static uint8_t tlsext_ecpf_hello_prime[] = {
801 0x01,
802 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
803};
804
805static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
806 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
807 TLSEXT_ECPOINTFORMAT_uncompressed,
808 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
809};
810static uint8_t tlsext_ecpf_hello_prefer_order[] = {
811 0x03,
812 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
813 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
814 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
815};
816
817static int
818test_tlsext_ecpf_clienthello(void)
819{
820 uint8_t *data = NULL;
821 SSL_CTX *ssl_ctx = NULL;
822 SSL *ssl = NULL;
823 size_t dlen;
824 int failure, alert;
825 CBB cbb;
826 CBS cbs;
827
828 failure = 1;
829
830 CBB_init(&cbb, 0);
831
832 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
833 errx(1, "failed to create SSL_CTX");
834 if ((ssl = SSL_new(ssl_ctx)) == NULL)
835 errx(1, "failed to create SSL");
836
837 /*
838 * Default ciphers include EC so we need it by default.
839 */
840 if (!tlsext_ecpf_clienthello_needs(ssl)) {
841 FAIL("clienthello should need ECPointFormats for default "
842 "ciphers\n");
843 goto err;
844 }
845
846 /*
847 * Exclude EC cipher suites so we can test not including it.
848 */
849 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
850 FAIL("clienthello should be able to set cipher list\n");
851 goto err;
852 }
853 if (tlsext_ecpf_clienthello_needs(ssl)) {
854 FAIL("clienthello should not need ECPointFormats\n");
855 goto err;
856 }
857
858 /*
859 * Use libtls default for the rest of the testing
860 */
861 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
862 FAIL("clienthello should be able to set cipher list\n");
863 goto err;
864 }
865 if (!tlsext_ecpf_clienthello_needs(ssl)) {
866 FAIL("clienthello should need ECPointFormats\n");
867 goto err;
868 }
869
870 /*
871 * The default ECPointFormats should only have uncompressed
872 */
873 if ((ssl->session = SSL_SESSION_new()) == NULL)
874 errx(1, "failed to create session");
875
876 if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) {
877 FAIL("clienthello failed to build ECPointFormats\n");
878 goto err;
879 }
880
881 if (!CBB_finish(&cbb, &data, &dlen))
882 errx(1, "failed to finish CBB");
883
884 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
885 FAIL("got clienthello ECPointFormats with length %zu, "
886 "want length %zu\n", dlen,
887 sizeof(tlsext_ecpf_hello_uncompressed));
888 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
889 sizeof(tlsext_ecpf_hello_uncompressed));
890 goto err;
891 }
892
893 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
894 FAIL("clienthello ECPointFormats differs:\n");
895 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
896 sizeof(tlsext_ecpf_hello_uncompressed));
897 goto err;
898 }
899
900 /*
901 * Make sure we can parse the default.
902 */
903 CBB_cleanup(&cbb);
904 CBB_init(&cbb, 0);
905 free(data);
906 data = NULL;
907
908 SSL_SESSION_free(ssl->session);
909 if ((ssl->session = SSL_SESSION_new()) == NULL)
910 errx(1, "failed to create session");
911
912 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
913 sizeof(tlsext_ecpf_hello_uncompressed));
914 if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) {
915 FAIL("failed to parse clienthello ECPointFormats\n");
916 goto err;
917 }
918 if (CBS_len(&cbs) != 0) {
919 FAIL("extension data remaining");
920 goto err;
921 }
922
923 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
924 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
925 FAIL("no tlsext_ecpointformats from clienthello "
926 "ECPointFormats\n");
927 goto err;
928 }
929
930 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
931 tlsext_ecpf_hello_uncompressed_val,
932 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
933 FAIL("clienthello had an incorrect ECPointFormats entry\n");
934 goto err;
935 }
936
937 /*
938 * Test with a custom order.
939 */
940 CBB_cleanup(&cbb);
941 CBB_init(&cbb, 0);
942 free(data);
943 data = NULL;
944
945 SSL_SESSION_free(ssl->session);
946 if ((ssl->session = SSL_SESSION_new()) == NULL)
947 errx(1, "failed to create session");
948
949 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
950 FAIL("client could not malloc\n");
951 goto err;
952 }
953 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
954 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
955 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
956 ssl->internal->tlsext_ecpointformatlist_length = 3;
957
958 if (!tlsext_ecpf_clienthello_needs(ssl)) {
959 FAIL("clienthello should need ECPointFormats with a custom "
960 "format\n");
961 goto err;
962 }
963
964 if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) {
965 FAIL("clienthello failed to build ECPointFormats\n");
966 goto err;
967 }
968
969 if (!CBB_finish(&cbb, &data, &dlen))
970 errx(1, "failed to finish CBB");
971
972 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
973 FAIL("got clienthello ECPointFormats with length %zu, "
974 "want length %zu\n", dlen,
975 sizeof(tlsext_ecpf_hello_prefer_order));
976 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
977 sizeof(tlsext_ecpf_hello_prefer_order));
978 goto err;
979 }
980
981 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
982 FAIL("clienthello ECPointFormats differs:\n");
983 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
984 sizeof(tlsext_ecpf_hello_prefer_order));
985 goto err;
986 }
987
988 /*
989 * Make sure that we can parse this custom order.
990 */
991 CBB_cleanup(&cbb);
992 CBB_init(&cbb, 0);
993 free(data);
994 data = NULL;
995
996 SSL_SESSION_free(ssl->session);
997 if ((ssl->session = SSL_SESSION_new()) == NULL)
998 errx(1, "failed to create session");
999
1000 /* Reset the custom list so we go back to the default uncompressed. */
1001 free(ssl->internal->tlsext_ecpointformatlist);
1002 ssl->internal->tlsext_ecpointformatlist = NULL;
1003 ssl->internal->tlsext_ecpointformatlist_length = 0;
1004
1005 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1006 sizeof(tlsext_ecpf_hello_prefer_order));
1007 if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) {
1008 FAIL("failed to parse clienthello ECPointFormats\n");
1009 goto err;
1010 }
1011 if (CBS_len(&cbs) != 0) {
1012 FAIL("extension data remaining");
1013 goto err;
1014 }
1015
1016 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1017 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1018 FAIL("no tlsext_ecpointformats from clienthello "
1019 "ECPointFormats\n");
1020 goto err;
1021 }
1022
1023 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1024 tlsext_ecpf_hello_prefer_order_val,
1025 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1026 FAIL("clienthello had an incorrect ECPointFormats entry\n");
1027 goto err;
1028 }
1029
1030
1031 failure = 0;
1032
1033 err:
1034 CBB_cleanup(&cbb);
1035 SSL_CTX_free(ssl_ctx);
1036 SSL_free(ssl);
1037 free(data);
1038
1039 return (failure);
1040}
1041
1042static int
1043test_tlsext_ecpf_serverhello(void)
1044{
1045 uint8_t *data = NULL;
1046 SSL_CTX *ssl_ctx = NULL;
1047 SSL *ssl = NULL;
1048 size_t dlen;
1049 int failure, alert;
1050 CBB cbb;
1051 CBS cbs;
1052
1053 failure = 1;
1054
1055 CBB_init(&cbb, 0);
1056
1057 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1058 errx(1, "failed to create SSL_CTX");
1059 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1060 errx(1, "failed to create SSL");
1061
1062 if ((ssl->session = SSL_SESSION_new()) == NULL)
1063 errx(1, "failed to create session");
1064
1065 /* Setup the state so we can call needs. */
1066 if ((S3I(ssl)->hs.new_cipher =
1067 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1068 == NULL) {
1069 FAIL("serverhello cannot find cipher\n");
1070 goto err;
1071 }
1072 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1073 == NULL) {
1074 FAIL("server could not malloc\n");
1075 goto err;
1076 }
1077 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1078 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1079
1080 if (!tlsext_ecpf_serverhello_needs(ssl)) {
1081 FAIL("serverhello should need ECPointFormats now\n");
1082 goto err;
1083 }
1084
1085 /*
1086 * The server will ignore the session list and use either a custom
1087 * list or the default (uncompressed).
1088 */
1089 if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) {
1090 FAIL("serverhello failed to build ECPointFormats\n");
1091 goto err;
1092 }
1093
1094 if (!CBB_finish(&cbb, &data, &dlen))
1095 errx(1, "failed to finish CBB");
1096
1097 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1098 FAIL("got serverhello ECPointFormats with length %zu, "
1099 "want length %zu\n", dlen,
1100 sizeof(tlsext_ecpf_hello_uncompressed));
1101 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1102 sizeof(tlsext_ecpf_hello_uncompressed));
1103 goto err;
1104 }
1105
1106 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1107 FAIL("serverhello ECPointFormats differs:\n");
1108 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1109 sizeof(tlsext_ecpf_hello_uncompressed));
1110 goto err;
1111 }
1112
1113 /*
1114 * Cannot parse a non-default list without at least uncompressed.
1115 */
1116 CBB_cleanup(&cbb);
1117 CBB_init(&cbb, 0);
1118 free(data);
1119 data = NULL;
1120
1121 SSL_SESSION_free(ssl->session);
1122 if ((ssl->session = SSL_SESSION_new()) == NULL)
1123 errx(1, "failed to create session");
1124
1125 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1126 sizeof(tlsext_ecpf_hello_prime));
1127 if (tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) {
1128 FAIL("must include uncompressed in serverhello ECPointFormats\n");
1129 goto err;
1130 }
1131 if (CBS_len(&cbs) != 0) {
1132 FAIL("extension data remaining");
1133 goto err;
1134 }
1135
1136 /*
1137 * Test with a custom order that replaces the default uncompressed.
1138 */
1139 CBB_cleanup(&cbb);
1140 CBB_init(&cbb, 0);
1141 free(data);
1142 data = NULL;
1143
1144 SSL_SESSION_free(ssl->session);
1145 if ((ssl->session = SSL_SESSION_new()) == NULL)
1146 errx(1, "failed to create session");
1147
1148 /* Add a session list even though it will be ignored. */
1149 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1150 == NULL) {
1151 FAIL("server could not malloc\n");
1152 goto err;
1153 }
1154 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1155 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1156
1157 /* Replace the default list with a custom one. */
1158 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1159 FAIL("server could not malloc\n");
1160 goto err;
1161 }
1162 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1163 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1164 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1165 ssl->internal->tlsext_ecpointformatlist_length = 3;
1166
1167 if (!tlsext_ecpf_serverhello_needs(ssl)) {
1168 FAIL("serverhello should need ECPointFormats\n");
1169 goto err;
1170 }
1171
1172 if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) {
1173 FAIL("serverhello failed to build ECPointFormats\n");
1174 goto err;
1175 }
1176
1177 if (!CBB_finish(&cbb, &data, &dlen))
1178 errx(1, "failed to finish CBB");
1179
1180 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1181 FAIL("got serverhello ECPointFormats with length %zu, "
1182 "want length %zu\n", dlen,
1183 sizeof(tlsext_ecpf_hello_prefer_order));
1184 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1185 sizeof(tlsext_ecpf_hello_prefer_order));
1186 goto err;
1187 }
1188
1189 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1190 FAIL("serverhello ECPointFormats differs:\n");
1191 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1192 sizeof(tlsext_ecpf_hello_prefer_order));
1193 goto err;
1194 }
1195
1196 /*
1197 * Should be able to parse the custom list into a session list.
1198 */
1199 CBB_cleanup(&cbb);
1200 CBB_init(&cbb, 0);
1201 free(data);
1202 data = NULL;
1203
1204 SSL_SESSION_free(ssl->session);
1205 if ((ssl->session = SSL_SESSION_new()) == NULL)
1206 errx(1, "failed to create session");
1207
1208 /* Reset back to the default (uncompressed) */
1209 free(ssl->internal->tlsext_ecpointformatlist);
1210 ssl->internal->tlsext_ecpointformatlist = NULL;
1211 ssl->internal->tlsext_ecpointformatlist_length = 0;
1212
1213 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1214 sizeof(tlsext_ecpf_hello_prefer_order));
1215 if (!tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) {
1216 FAIL("failed to parse serverhello ECPointFormats\n");
1217 goto err;
1218 }
1219 if (CBS_len(&cbs) != 0) {
1220 FAIL("extension data remaining");
1221 goto err;
1222 }
1223
1224 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1225 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1226 FAIL("no tlsext_ecpointformats from serverhello "
1227 "ECPointFormats\n");
1228 goto err;
1229 }
1230
1231 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1232 tlsext_ecpf_hello_prefer_order_val,
1233 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1234 FAIL("serverhello had an incorrect ECPointFormats entry\n");
1235 goto err;
1236 }
1237
1238 failure = 0;
1239
1240 err:
1241 CBB_cleanup(&cbb);
1242 SSL_CTX_free(ssl_ctx);
1243 SSL_free(ssl);
1244 free(data);
1245
1246 return (failure);
1247}
1248
1249/*
1250 * Renegotiation Indication - RFC 5746.
1251 */
1252
1253static unsigned char tlsext_ri_prev_client[] = {
1254 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1255 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1256};
1257
1258static unsigned char tlsext_ri_prev_server[] = {
1259 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1260 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1261};
1262
1263static unsigned char tlsext_ri_clienthello[] = {
1264 0x10,
1265 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1266 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1267};
1268
1269static unsigned char tlsext_ri_serverhello[] = {
1270 0x20,
1271 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1272 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1273 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1274 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1275};
1276
1277static int
1278test_tlsext_ri_clienthello(void)
1279{
1280 unsigned char *data = NULL;
1281 SSL_CTX *ssl_ctx = NULL;
1282 SSL *ssl = NULL;
1283 int failure;
1284 size_t dlen;
1285 int alert;
1286 CBB cbb;
1287 CBS cbs;
1288
1289 failure = 1;
1290
1291 CBB_init(&cbb, 0);
1292
1293 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1294 errx(1, "failed to create SSL_CTX");
1295 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1296 errx(1, "failed to create SSL");
1297
1298 if (tlsext_ri_clienthello_needs(ssl)) {
1299 FAIL("clienthello should not need RI\n");
1300 goto err;
1301 }
1302
1303 if (!SSL_renegotiate(ssl)) {
1304 FAIL("client failed to set renegotiate\n");
1305 goto err;
1306 }
1307
1308 if (!tlsext_ri_clienthello_needs(ssl)) {
1309 FAIL("clienthello should need RI\n");
1310 goto err;
1311 }
1312
1313 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1314 sizeof(tlsext_ri_prev_client));
1315 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1316
1317 S3I(ssl)->renegotiate_seen = 0;
1318
1319 if (!tlsext_ri_clienthello_build(ssl, &cbb)) {
1320 FAIL("clienthello failed to build RI\n");
1321 goto err;
1322 }
1323
1324 if (!CBB_finish(&cbb, &data, &dlen))
1325 errx(1, "failed to finish CBB");
1326
1327 if (dlen != sizeof(tlsext_ri_clienthello)) {
1328 FAIL("got clienthello RI with length %zu, "
1329 "want length %zu\n", dlen, sizeof(tlsext_ri_clienthello));
1330 goto err;
1331 }
1332
1333 if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) {
1334 FAIL("clienthello RI differs:\n");
1335 fprintf(stderr, "received:\n");
1336 hexdump(data, dlen);
1337 fprintf(stderr, "test data:\n");
1338 hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
1339 goto err;
1340 }
1341
1342 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
1343 if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
1344 FAIL("failed to parse clienthello RI\n");
1345 goto err;
1346 }
1347 if (CBS_len(&cbs) != 0) {
1348 FAIL("extension data remaining");
1349 goto err;
1350 }
1351
1352 if (S3I(ssl)->renegotiate_seen != 1) {
1353 FAIL("renegotiate seen not set\n");
1354 goto err;
1355 }
1356 if (S3I(ssl)->send_connection_binding != 1) {
1357 FAIL("send connection binding not set\n");
1358 goto err;
1359 }
1360
1361 memset(S3I(ssl)->previous_client_finished, 0,
1362 sizeof(S3I(ssl)->previous_client_finished));
1363
1364 S3I(ssl)->renegotiate_seen = 0;
1365
1366 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
1367 if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
1368 FAIL("parsed invalid clienthello RI\n");
1369 failure = 1;
1370 goto err;
1371 }
1372
1373 if (S3I(ssl)->renegotiate_seen == 1) {
1374 FAIL("renegotiate seen set\n");
1375 goto err;
1376 }
1377
1378 failure = 0;
1379
1380 err:
1381 CBB_cleanup(&cbb);
1382 SSL_CTX_free(ssl_ctx);
1383 SSL_free(ssl);
1384 free(data);
1385
1386 return (failure);
1387}
1388
1389static int
1390test_tlsext_ri_serverhello(void)
1391{
1392 unsigned char *data = NULL;
1393 SSL_CTX *ssl_ctx = NULL;
1394 SSL *ssl = NULL;
1395 int failure;
1396 size_t dlen;
1397 int alert;
1398 CBB cbb;
1399 CBS cbs;
1400
1401 failure = 1;
1402
1403 CBB_init(&cbb, 0);
1404
1405 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1406 errx(1, "failed to create SSL_CTX");
1407 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1408 errx(1, "failed to create SSL");
1409
1410 if (tlsext_ri_serverhello_needs(ssl)) {
1411 FAIL("serverhello should not need RI\n");
1412 goto err;
1413 }
1414
1415 S3I(ssl)->send_connection_binding = 1;
1416
1417 if (!tlsext_ri_serverhello_needs(ssl)) {
1418 FAIL("serverhello should need RI\n");
1419 goto err;
1420 }
1421
1422 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1423 sizeof(tlsext_ri_prev_client));
1424 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1425
1426 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
1427 sizeof(tlsext_ri_prev_server));
1428 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1429
1430 S3I(ssl)->renegotiate_seen = 0;
1431
1432 if (!tlsext_ri_serverhello_build(ssl, &cbb)) {
1433 FAIL("serverhello failed to build RI\n");
1434 goto err;
1435 }
1436
1437 if (!CBB_finish(&cbb, &data, &dlen))
1438 errx(1, "failed to finish CBB");
1439
1440 if (dlen != sizeof(tlsext_ri_serverhello)) {
1441 FAIL("got serverhello RI with length %zu, "
1442 "want length %zu\n", dlen, sizeof(tlsext_ri_serverhello));
1443 goto err;
1444 }
1445
1446 if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) {
1447 FAIL("serverhello RI differs:\n");
1448 fprintf(stderr, "received:\n");
1449 hexdump(data, dlen);
1450 fprintf(stderr, "test data:\n");
1451 hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
1452 goto err;
1453 }
1454
1455 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
1456 if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
1457 FAIL("failed to parse serverhello RI\n");
1458 goto err;
1459 }
1460 if (CBS_len(&cbs) != 0) {
1461 FAIL("extension data remaining");
1462 goto err;
1463 }
1464
1465 if (S3I(ssl)->renegotiate_seen != 1) {
1466 FAIL("renegotiate seen not set\n");
1467 goto err;
1468 }
1469 if (S3I(ssl)->send_connection_binding != 1) {
1470 FAIL("send connection binding not set\n");
1471 goto err;
1472 }
1473
1474 memset(S3I(ssl)->previous_client_finished, 0,
1475 sizeof(S3I(ssl)->previous_client_finished));
1476 memset(S3I(ssl)->previous_server_finished, 0,
1477 sizeof(S3I(ssl)->previous_server_finished));
1478
1479 S3I(ssl)->renegotiate_seen = 0;
1480
1481 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
1482 if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
1483 FAIL("parsed invalid serverhello RI\n");
1484 goto err;
1485 }
1486
1487 if (S3I(ssl)->renegotiate_seen == 1) {
1488 FAIL("renegotiate seen set\n");
1489 goto err;
1490 }
1491
1492 failure = 0;
1493
1494 err:
1495 CBB_cleanup(&cbb);
1496 SSL_CTX_free(ssl_ctx);
1497 SSL_free(ssl);
1498 free(data);
1499
1500 return (failure);
1501}
1502
1503/*
1504 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1505 */
1506
1507static unsigned char tlsext_sigalgs_clienthello[] = {
1508 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,
1509 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,
1510 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,
1511 0x02, 0x01, 0x02, 0x03,
1512};
1513
1514static int
1515test_tlsext_sigalgs_clienthello(void)
1516{
1517 unsigned char *data = NULL;
1518 SSL_CTX *ssl_ctx = NULL;
1519 SSL *ssl = NULL;
1520 int failure = 0;
1521 size_t dlen;
1522 int alert;
1523 CBB cbb;
1524 CBS cbs;
1525
1526 CBB_init(&cbb, 0);
1527
1528 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1529 errx(1, "failed to create SSL_CTX");
1530 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1531 errx(1, "failed to create SSL");
1532
1533 ssl->client_version = TLS1_1_VERSION;
1534
1535 if (tlsext_sigalgs_clienthello_needs(ssl)) {
1536 fprintf(stderr, "FAIL: clienthello should not need sigalgs\n");
1537 failure = 1;
1538 goto done;
1539 }
1540
1541 ssl->client_version = TLS1_2_VERSION;
1542
1543 if (!tlsext_sigalgs_clienthello_needs(ssl)) {
1544 fprintf(stderr, "FAIL: clienthello should need sigalgs\n");
1545 failure = 1;
1546 goto done;
1547 }
1548
1549 if (!tlsext_sigalgs_clienthello_build(ssl, &cbb)) {
1550 fprintf(stderr, "FAIL: clienthello failed to build sigalgs\n");
1551 failure = 1;
1552 goto done;
1553 }
1554
1555 if (!CBB_finish(&cbb, &data, &dlen))
1556 errx(1, "failed to finish CBB");
1557
1558 if (dlen != sizeof(tlsext_sigalgs_clienthello)) {
1559 fprintf(stderr, "FAIL: got clienthello sigalgs with length %zu, "
1560 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_clienthello));
1561 failure = 1;
1562 goto done;
1563 }
1564
1565 if (memcmp(data, tlsext_sigalgs_clienthello, dlen) != 0) {
1566 fprintf(stderr, "FAIL: clienthello SNI differs:\n");
1567 fprintf(stderr, "received:\n");
1568 hexdump(data, dlen);
1569 fprintf(stderr, "test data:\n");
1570 hexdump(tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello));
1571 failure = 1;
1572 goto done;
1573 }
1574
1575 CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello));
1576 if (!tlsext_sigalgs_clienthello_parse(ssl, &cbs, &alert)) {
1577 fprintf(stderr, "FAIL: failed to parse clienthello SNI\n");
1578 failure = 1;
1579 goto done;
1580 }
1581 if (CBS_len(&cbs) != 0) {
1582 FAIL("extension data remaining");
1583 goto done;
1584 }
1585
1586 if (ssl->cert->pkeys[SSL_PKEY_RSA_SIGN].digest != EVP_sha512()) {
1587 fprintf(stderr, "FAIL: RSA sign digest mismatch\n");
1588 failure = 1;
1589 goto done;
1590 }
1591 if (ssl->cert->pkeys[SSL_PKEY_RSA_ENC].digest != EVP_sha512()) {
1592 fprintf(stderr, "FAIL: RSA enc digest mismatch\n");
1593 failure = 1;
1594 goto done;
1595 }
1596 if (ssl->cert->pkeys[SSL_PKEY_ECC].digest != EVP_sha512()) {
1597 fprintf(stderr, "FAIL: ECC digest mismatch\n");
1598 failure = 1;
1599 goto done;
1600 }
1601 if (ssl->cert->pkeys[SSL_PKEY_GOST01].digest != EVP_streebog512()) {
1602 fprintf(stderr, "FAIL: GOST01 digest mismatch\n");
1603 failure = 1;
1604 goto done;
1605 }
1606
1607 done:
1608 CBB_cleanup(&cbb);
1609 SSL_CTX_free(ssl_ctx);
1610 SSL_free(ssl);
1611 free(data);
1612
1613 return (failure);
1614}
1615
1616static int
1617test_tlsext_sigalgs_serverhello(void)
1618{
1619 unsigned char *data = NULL;
1620 SSL_CTX *ssl_ctx = NULL;
1621 SSL *ssl = NULL;
1622 int failure = 0;
1623 size_t dlen;
1624 int alert;
1625 CBB cbb;
1626 CBS cbs;
1627
1628 CBB_init(&cbb, 0);
1629
1630 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1631 errx(1, "failed to create SSL_CTX");
1632 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1633 errx(1, "failed to create SSL");
1634
1635 if (tlsext_sigalgs_serverhello_needs(ssl)) {
1636 fprintf(stderr, "FAIL: serverhello should not need sigalgs\n");
1637 failure = 1;
1638 goto done;
1639 }
1640
1641 if (tlsext_sigalgs_serverhello_build(ssl, &cbb)) {
1642 fprintf(stderr, "FAIL: serverhello should not build sigalgs\n");
1643 failure = 1;
1644 goto done;
1645 }
1646
1647 if (!CBB_finish(&cbb, &data, &dlen))
1648 errx(1, "failed to finish CBB");
1649
1650 CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello));
1651 if (tlsext_sigalgs_serverhello_parse(ssl, &cbs, &alert)) {
1652 fprintf(stderr, "FAIL: serverhello should not parse sigalgs\n");
1653 failure = 1;
1654 goto done;
1655 }
1656
1657 done:
1658 CBB_cleanup(&cbb);
1659 SSL_CTX_free(ssl_ctx);
1660 SSL_free(ssl);
1661 free(data);
1662
1663 return (failure);
1664}
1665
1666/*
1667 * Server Name Indication - RFC 6066 section 3.
1668 */
1669
1670#define TEST_SNI_SERVERNAME "www.libressl.org"
1671
1672static unsigned char tlsext_sni_clienthello[] = {
1673 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1674 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1675 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1676};
1677
1678static unsigned char tlsext_sni_serverhello[] = {
1679};
1680
1681static int
1682test_tlsext_sni_clienthello(void)
1683{
1684 unsigned char *data = NULL;
1685 SSL_CTX *ssl_ctx = NULL;
1686 SSL *ssl = NULL;
1687 int failure;
1688 size_t dlen;
1689 int alert;
1690 CBB cbb;
1691 CBS cbs;
1692
1693 failure = 1;
1694
1695 CBB_init(&cbb, 0);
1696
1697 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1698 errx(1, "failed to create SSL_CTX");
1699 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1700 errx(1, "failed to create SSL");
1701
1702 if (tlsext_sni_clienthello_needs(ssl)) {
1703 FAIL("clienthello should not need SNI\n");
1704 goto err;
1705 }
1706
1707 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1708 FAIL("client failed to set server name\n");
1709 goto err;
1710 }
1711
1712 if (!tlsext_sni_clienthello_needs(ssl)) {
1713 FAIL("clienthello should need SNI\n");
1714 goto err;
1715 }
1716
1717 if (!tlsext_sni_clienthello_build(ssl, &cbb)) {
1718 FAIL("clienthello failed to build SNI\n");
1719 goto err;
1720 }
1721
1722 if (!CBB_finish(&cbb, &data, &dlen))
1723 errx(1, "failed to finish CBB");
1724
1725 if (dlen != sizeof(tlsext_sni_clienthello)) {
1726 FAIL("got clienthello SNI with length %zu, "
1727 "want length %zu\n", dlen, sizeof(tlsext_sni_clienthello));
1728 goto err;
1729 }
1730
1731 if (memcmp(data, tlsext_sni_clienthello, dlen) != 0) {
1732 FAIL("clienthello SNI differs:\n");
1733 fprintf(stderr, "received:\n");
1734 hexdump(data, dlen);
1735 fprintf(stderr, "test data:\n");
1736 hexdump(tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
1737 goto err;
1738 }
1739
1740 if ((ssl->session = SSL_SESSION_new()) == NULL)
1741 errx(1, "failed to create session");
1742
1743 ssl->internal->hit = 0;
1744
1745 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
1746 if (!tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
1747 FAIL("failed to parse clienthello SNI\n");
1748 goto err;
1749 }
1750 if (CBS_len(&cbs) != 0) {
1751 FAIL("extension data remaining");
1752 goto err;
1753 }
1754
1755 if (ssl->session->tlsext_hostname == NULL) {
1756 FAIL("no tlsext_hostname from clienthello SNI\n");
1757 goto err;
1758 }
1759
1760 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1761 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1762 strlen(TEST_SNI_SERVERNAME)) != 0) {
1763 FAIL("got tlsext_hostname `%s', want `%s'\n",
1764 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1765 goto err;
1766 }
1767
1768 ssl->internal->hit = 1;
1769
1770 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1771 NULL)
1772 errx(1, "failed to strdup tlsext_hostname");
1773
1774 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
1775 if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
1776 FAIL("parsed clienthello with mismatched SNI\n");
1777 goto err;
1778 }
1779
1780 failure = 0;
1781
1782 err:
1783 CBB_cleanup(&cbb);
1784 SSL_CTX_free(ssl_ctx);
1785 SSL_free(ssl);
1786 free(data);
1787
1788 return (failure);
1789}
1790
1791static int
1792test_tlsext_sni_serverhello(void)
1793{
1794 unsigned char *data = NULL;
1795 SSL_CTX *ssl_ctx = NULL;
1796 SSL *ssl = NULL;
1797 int failure;
1798 size_t dlen;
1799 int alert;
1800 CBB cbb;
1801 CBS cbs;
1802
1803 failure = 1;
1804
1805 CBB_init(&cbb, 0);
1806
1807 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1808 errx(1, "failed to create SSL_CTX");
1809 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1810 errx(1, "failed to create SSL");
1811
1812 if ((ssl->session = SSL_SESSION_new()) == NULL)
1813 errx(1, "failed to create session");
1814
1815 if (tlsext_sni_serverhello_needs(ssl)) {
1816 FAIL("serverhello should not need SNI\n");
1817 goto err;
1818 }
1819
1820 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1821 FAIL("client failed to set server name\n");
1822 goto err;
1823 }
1824
1825 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1826 NULL)
1827 errx(1, "failed to strdup tlsext_hostname");
1828
1829 if (!tlsext_sni_serverhello_needs(ssl)) {
1830 FAIL("serverhello should need SNI\n");
1831 goto err;
1832 }
1833
1834 if (!tlsext_sni_serverhello_build(ssl, &cbb)) {
1835 FAIL("serverhello failed to build SNI\n");
1836 goto err;
1837 }
1838
1839 if (!CBB_finish(&cbb, &data, &dlen))
1840 errx(1, "failed to finish CBB");
1841
1842 if (dlen != sizeof(tlsext_sni_serverhello)) {
1843 FAIL("got serverhello SNI with length %zu, "
1844 "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello));
1845 goto err;
1846 }
1847
1848 if (memcmp(data, tlsext_sni_serverhello, dlen) != 0) {
1849 FAIL("serverhello SNI differs:\n");
1850 fprintf(stderr, "received:\n");
1851 hexdump(data, dlen);
1852 fprintf(stderr, "test data:\n");
1853 hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
1854 goto err;
1855 }
1856
1857 free(ssl->session->tlsext_hostname);
1858 ssl->session->tlsext_hostname = NULL;
1859
1860 CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
1861 if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
1862 FAIL("failed to parse serverhello SNI\n");
1863 goto err;
1864 }
1865 if (CBS_len(&cbs) != 0) {
1866 FAIL("extension data remaining");
1867 goto err;
1868 }
1869
1870 if (ssl->session->tlsext_hostname == NULL) {
1871 FAIL("no tlsext_hostname after serverhello SNI\n");
1872 goto err;
1873 }
1874
1875 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1876 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1877 strlen(TEST_SNI_SERVERNAME)) != 0) {
1878 FAIL("got tlsext_hostname `%s', want `%s'\n",
1879 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1880 goto err;
1881 }
1882
1883 failure = 0;
1884
1885 err:
1886 CBB_cleanup(&cbb);
1887 SSL_CTX_free(ssl_ctx);
1888 SSL_free(ssl);
1889 free(data);
1890
1891 return (failure);
1892}
1893
1894static unsigned char tls_ocsp_clienthello_default[] = {
1895 0x01, 0x00, 0x00, 0x00, 0x00
1896};
1897
1898static int
1899test_tlsext_ocsp_clienthello(void)
1900{
1901 unsigned char *data = NULL;
1902 SSL_CTX *ssl_ctx = NULL;
1903 SSL *ssl = NULL;
1904 size_t dlen;
1905 int failure;
1906 int alert;
1907 CBB cbb;
1908 CBS cbs;
1909
1910 failure = 1;
1911
1912 CBB_init(&cbb, 0);
1913
1914 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1915 errx(1, "failed to create SSL_CTX");
1916 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1917 errx(1, "failed to create SSL");
1918
1919 if (tlsext_ocsp_clienthello_needs(ssl)) {
1920 FAIL("clienthello should not need ocsp\n");
1921 goto err;
1922 }
1923 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
1924
1925 if (!tlsext_ocsp_clienthello_needs(ssl)) {
1926 FAIL("clienthello should need ocsp\n");
1927 goto err;
1928 }
1929 if (!tlsext_ocsp_clienthello_build(ssl, &cbb)) {
1930 FAIL("clienthello failed to build SNI\n");
1931 goto err;
1932 }
1933 if (!CBB_finish(&cbb, &data, &dlen))
1934 errx(1, "failed to finish CBB");
1935
1936 if (dlen != sizeof(tls_ocsp_clienthello_default)) {
1937 FAIL("got ocsp clienthello with length %zu, "
1938 "want length %zu\n", dlen,
1939 sizeof(tls_ocsp_clienthello_default));
1940 goto err;
1941 }
1942 if (memcmp(data, tls_ocsp_clienthello_default, dlen) != 0) {
1943 FAIL("ocsp clienthello differs:\n");
1944 fprintf(stderr, "received:\n");
1945 hexdump(data, dlen);
1946 fprintf(stderr, "test data:\n");
1947 hexdump(tls_ocsp_clienthello_default,
1948 sizeof(tls_ocsp_clienthello_default));
1949 goto err;
1950 }
1951 CBS_init(&cbs, tls_ocsp_clienthello_default,
1952 sizeof(tls_ocsp_clienthello_default));
1953 if (!tlsext_ocsp_clienthello_parse(ssl, &cbs, &alert)) {
1954 FAIL("failed to parse ocsp clienthello\n");
1955 goto err;
1956 }
1957 if (CBS_len(&cbs) != 0) {
1958 FAIL("extension data remaining");
1959 goto err;
1960 }
1961
1962 failure = 0;
1963
1964 err:
1965 CBB_cleanup(&cbb);
1966 SSL_CTX_free(ssl_ctx);
1967 SSL_free(ssl);
1968 free(data);
1969
1970 return (failure);
1971}
1972
1973static int
1974test_tlsext_ocsp_serverhello(void)
1975{
1976 unsigned char *data = NULL;
1977 SSL_CTX *ssl_ctx = NULL;
1978 SSL *ssl = NULL;
1979 size_t dlen;
1980 int failure;
1981 CBB cbb;
1982
1983 failure = 1;
1984
1985 CBB_init(&cbb, 0);
1986
1987 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1988 errx(1, "failed to create SSL_CTX");
1989 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1990 errx(1, "failed to create SSL");
1991
1992 if (tlsext_ocsp_serverhello_needs(ssl)) {
1993 FAIL("serverhello should not need ocsp\n");
1994 goto err;
1995 }
1996
1997 ssl->internal->tlsext_status_expected = 1;
1998
1999 if (!tlsext_ocsp_serverhello_needs(ssl)) {
2000 FAIL("serverhello should need ocsp\n");
2001 goto err;
2002 }
2003 if (!tlsext_ocsp_serverhello_build(ssl, &cbb)) {
2004 FAIL("serverhello failed to build ocsp\n");
2005 goto err;
2006 }
2007
2008 if (!CBB_finish(&cbb, &data, &dlen))
2009 errx(1, "failed to finish CBB");
2010
2011 failure = 0;
2012
2013 err:
2014 CBB_cleanup(&cbb);
2015 SSL_CTX_free(ssl_ctx);
2016 SSL_free(ssl);
2017 free(data);
2018
2019 return (failure);
2020}
2021
2022/*
2023 * Session ticket - RFC 5077 since no known implementations use 4507.
2024 *
2025 * Session tickets can be length 0 (special case) to 2^16-1.
2026 *
2027 * The state is encrypted by the server so it is opaque to the client.
2028 */
2029static uint8_t tlsext_sessionticket_hello_min[1];
2030static uint8_t tlsext_sessionticket_hello_max[65535];
2031
2032static int
2033test_tlsext_sessionticket_clienthello(void)
2034{
2035 unsigned char *data = NULL;
2036 SSL_CTX *ssl_ctx = NULL;
2037 SSL *ssl = NULL;
2038 int failure;
2039 CBB cbb;
2040 size_t dlen;
2041 uint8_t dummy[1234];
2042
2043 failure = 1;
2044
2045 CBB_init(&cbb, 0);
2046
2047 /* Create fake session tickets with random data. */
2048 arc4random_buf(tlsext_sessionticket_hello_min,
2049 sizeof(tlsext_sessionticket_hello_min));
2050 arc4random_buf(tlsext_sessionticket_hello_max,
2051 sizeof(tlsext_sessionticket_hello_max));
2052
2053 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2054 errx(1, "failed to create SSL_CTX");
2055 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2056 errx(1, "failed to create SSL");
2057
2058 /* Should need a ticket by default. */
2059 if (!tlsext_sessionticket_clienthello_needs(ssl)) {
2060 FAIL("clienthello should need Sessionticket for default "
2061 "ciphers\n");
2062 goto err;
2063 }
2064
2065 /* Test disabling tickets. */
2066 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2067 FAIL("Cannot disable tickets in the TLS connection");
2068 return 0;
2069 }
2070 if (tlsext_sessionticket_clienthello_needs(ssl)) {
2071 FAIL("clienthello should not need SessionTicket if it was disabled");
2072 goto err;
2073 }
2074
2075 /* Test re-enabling tickets. */
2076 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2077 FAIL("Cannot re-enable tickets in the TLS connection");
2078 return 0;
2079 }
2080 if (!tlsext_sessionticket_clienthello_needs(ssl)) {
2081 FAIL("clienthello should need SessionTicket if it was disabled");
2082 goto err;
2083 }
2084
2085 /* Since we don't have a session, we should build an empty ticket. */
2086 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) {
2087 FAIL("Cannot build a ticket");
2088 goto err;
2089 }
2090 if (!CBB_finish(&cbb, &data, &dlen)) {
2091 FAIL("Cannot finish CBB");
2092 goto err;
2093 }
2094 if (dlen != 0) {
2095 FAIL("Expected 0 length but found %zu\n", dlen);
2096 goto err;
2097 }
2098
2099 CBB_cleanup(&cbb);
2100 CBB_init(&cbb, 0);
2101 free(data);
2102 data = NULL;
2103
2104 /* With a new session (but no ticket), we should still have 0 length */
2105 if ((ssl->session = SSL_SESSION_new()) == NULL)
2106 errx(1, "failed to create session");
2107 if (!tlsext_sessionticket_clienthello_needs(ssl)) {
2108 FAIL("Should still want a session ticket with a new session");
2109 goto err;
2110 }
2111 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) {
2112 FAIL("Cannot build a ticket");
2113 goto err;
2114 }
2115 if (!CBB_finish(&cbb, &data, &dlen)) {
2116 FAIL("Cannot finish CBB");
2117 goto err;
2118 }
2119 if (dlen != 0) {
2120 FAIL("Expected 0 length but found %zu\n", dlen);
2121 goto err;
2122 }
2123
2124 CBB_cleanup(&cbb);
2125 CBB_init(&cbb, 0);
2126 free(data);
2127 data = NULL;
2128
2129 /* With a new session (and ticket), we should use that ticket */
2130 SSL_SESSION_free(ssl->session);
2131 if ((ssl->session = SSL_SESSION_new()) == NULL)
2132 errx(1, "failed to create session");
2133
2134 arc4random_buf(&dummy, sizeof(dummy));
2135 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2136 errx(1, "failed to malloc");
2137 }
2138 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2139 ssl->session->tlsext_ticklen = sizeof(dummy);
2140
2141 if (!tlsext_sessionticket_clienthello_needs(ssl)) {
2142 FAIL("Should still want a session ticket with a new session");
2143 goto err;
2144 }
2145 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) {
2146 FAIL("Cannot build a ticket");
2147 goto err;
2148 }
2149 if (!CBB_finish(&cbb, &data, &dlen)) {
2150 FAIL("Cannot finish CBB");
2151 goto err;
2152 }
2153 if (dlen != sizeof(dummy)) {
2154 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2155 goto err;
2156 }
2157 if (memcmp(data, dummy, dlen) != 0) {
2158 FAIL("serverhello SNI differs:\n");
2159 compare_data(data, dlen,
2160 dummy, sizeof(dummy));
2161 goto err;
2162 }
2163
2164 CBB_cleanup(&cbb);
2165 CBB_init(&cbb, 0);
2166 free(data);
2167 data = NULL;
2168 free(ssl->session->tlsext_tick);
2169 ssl->session->tlsext_tick = NULL;
2170 ssl->session->tlsext_ticklen = 0;
2171
2172 /*
2173 * Send in NULL to disable session tickets at runtime without going
2174 * through SSL_set_options().
2175 */
2176 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2177 FAIL("Could not set a NULL custom ticket");
2178 goto err;
2179 }
2180 /* Should not need a ticket in this case */
2181 if (tlsext_sessionticket_clienthello_needs(ssl)) {
2182 FAIL("Should not want to use session tickets with a NULL custom");
2183 goto err;
2184 }
2185
2186 /*
2187 * If you want to remove the tlsext_session_ticket behavior, you have
2188 * to do it manually.
2189 */
2190 free(ssl->internal->tlsext_session_ticket);
2191 ssl->internal->tlsext_session_ticket = NULL;
2192
2193 if (!tlsext_sessionticket_clienthello_needs(ssl)) {
2194 FAIL("Should need a session ticket again when the custom one is removed");
2195 goto err;
2196 }
2197
2198 /* Test a custom session ticket (not recommended in practice) */
2199 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2200 sizeof(tlsext_sessionticket_hello_max))) {
2201 FAIL("Should be able to set a custom ticket");
2202 goto err;
2203 }
2204 if (!tlsext_sessionticket_clienthello_needs(ssl)) {
2205 FAIL("Should need a session ticket again when the custom one is not empty");
2206 goto err;
2207 }
2208 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) {
2209 FAIL("Cannot build a ticket with a max length random payload");
2210 goto err;
2211 }
2212 if (!CBB_finish(&cbb, &data, &dlen)) {
2213 FAIL("Cannot finish CBB");
2214 goto err;
2215 }
2216 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2217 FAIL("Expected %zu length but found %zu\n",
2218 sizeof(tlsext_sessionticket_hello_max), dlen);
2219 goto err;
2220 }
2221 if (memcmp(data, tlsext_sessionticket_hello_max,
2222 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2223 FAIL("Expected to get what we passed in");
2224 compare_data(data, dlen,
2225 tlsext_sessionticket_hello_max,
2226 sizeof(tlsext_sessionticket_hello_max));
2227 goto err;
2228 }
2229
2230 failure = 0;
2231
2232 err:
2233 CBB_cleanup(&cbb);
2234 SSL_CTX_free(ssl_ctx);
2235 SSL_free(ssl);
2236 free(data);
2237
2238 return (failure);
2239}
2240
2241
2242static int
2243test_tlsext_sessionticket_serverhello(void)
2244{
2245 SSL_CTX *ssl_ctx = NULL;
2246 SSL *ssl = NULL;
2247 int failure;
2248 uint8_t *data;
2249 size_t dlen;
2250 CBB cbb;
2251
2252 CBB_init(&cbb, 0);
2253
2254 failure = 1;
2255
2256 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2257 errx(1, "failed to create SSL_CTX");
2258 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2259 errx(1, "failed to create SSL");
2260
2261 /*
2262 * By default, should not need a session ticket since the ticket
2263 * is not yet expected.
2264 */
2265 if (tlsext_sessionticket_serverhello_needs(ssl)) {
2266 FAIL("serverhello should not need SessionTicket by default\n");
2267 goto err;
2268 }
2269
2270 /* Test disabling tickets. */
2271 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2272 FAIL("Cannot disable tickets in the TLS connection");
2273 return 0;
2274 }
2275 if (tlsext_sessionticket_serverhello_needs(ssl)) {
2276 FAIL("serverhello should not need SessionTicket if it was disabled");
2277 goto err;
2278 }
2279
2280 /* Test re-enabling tickets. */
2281 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2282 FAIL("Cannot re-enable tickets in the TLS connection");
2283 return 0;
2284 }
2285 if (tlsext_sessionticket_serverhello_needs(ssl)) {
2286 FAIL("serverhello should not need SessionTicket yet");
2287 goto err;
2288 }
2289
2290 /* Set expected to require it. */
2291 ssl->internal->tlsext_ticket_expected = 1;
2292 if (!tlsext_sessionticket_serverhello_needs(ssl)) {
2293 FAIL("serverhello should now be required for SessionTicket");
2294 goto err;
2295 }
2296
2297 /* server hello's session ticket should always be 0 length payload. */
2298 if (!tlsext_sessionticket_serverhello_build(ssl, &cbb)) {
2299 FAIL("Cannot build a ticket with a max length random payload");
2300 goto err;
2301 }
2302 if (!CBB_finish(&cbb, &data, &dlen)) {
2303 FAIL("Cannot finish CBB");
2304 goto err;
2305 }
2306 if (dlen != 0) {
2307 FAIL("Expected 0 length but found %zu\n", dlen);
2308 goto err;
2309 }
2310
2311 failure = 0;
2312
2313 err:
2314 SSL_CTX_free(ssl_ctx);
2315 SSL_free(ssl);
2316
2317 return (failure);
2318}
2319
2320#ifndef OPENSSL_NO_SRTP
2321/*
2322 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2323 */
2324
2325/* Colon separated string values */
2326const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2327const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2328
2329const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2330const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2331
2332const uint8_t tlsext_srtp_single[] = {
2333 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2334 0x00, 0x02, /* len */
2335 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2336 0x00 /* opaque srtp_mki<0..255> */
2337};
2338
2339const uint8_t tlsext_srtp_multiple[] = {
2340 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2341 0x00, 0x04, /* len */
2342 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2343 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2344 0x00 /* opaque srtp_mki<0..255> */
2345};
2346
2347const uint8_t tlsext_srtp_multiple_invalid[] = {
2348 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2349 0x00, 0x04, /* len */
2350 0x00, 0x08, /* arbitrary value not found in known profiles */
2351 0x00, 0x09, /* arbitrary value not found in known profiles */
2352 0x00 /* opaque srtp_mki<0..255> */
2353};
2354
2355const uint8_t tlsext_srtp_single_invalid[] = {
2356 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2357 0x00, 0x02, /* len */
2358 0x00, 0x08, /* arbitrary value not found in known profiles */
2359 0x00 /* opaque srtp_mki<0..255> */
2360};
2361
2362const uint8_t tlsext_srtp_multiple_one_valid[] = {
2363 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2364 0x00, 0x04, /* len */
2365 0x00, 0x08, /* arbitrary value not found in known profiles */
2366 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2367 0x00 /* opaque srtp_mki<0..255> */
2368};
2369
2370static int
2371test_tlsext_srtp_clienthello(void)
2372{
2373 SRTP_PROTECTION_PROFILE *prof;
2374 SSL_CTX *ssl_ctx = NULL;
2375 SSL *ssl = NULL;
2376 uint8_t *data = NULL;
2377 CBB cbb;
2378 CBS cbs;
2379 int failure, alert;
2380 size_t dlen;
2381
2382 CBB_init(&cbb, 0);
2383
2384 failure = 1;
2385
2386 /* SRTP is for DTLS */
2387 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2388 errx(1, "failed to create SSL_CTX");
2389 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2390 errx(1, "failed to create SSL");
2391
2392 /* By default, we don't need this */
2393 if (tlsext_srtp_clienthello_needs(ssl)) {
2394 FAIL("clienthello should not need SRTP by default\n");
2395 goto err;
2396 }
2397
2398 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2399 FAIL("should be able to set a single SRTP\n");
2400 goto err;
2401 }
2402 if (!tlsext_srtp_clienthello_needs(ssl)) {
2403 FAIL("clienthello should need SRTP\n");
2404 goto err;
2405 }
2406
2407 /* Make sure we can build the clienthello with a single profile. */
2408
2409 if (!tlsext_srtp_clienthello_build(ssl, &cbb)) {
2410 FAIL("clienthello failed to build SRTP\n");
2411 goto err;
2412 }
2413 if (!CBB_finish(&cbb, &data, &dlen))
2414 errx(1, "failed to finish CBB");
2415
2416 if (dlen != sizeof(tlsext_srtp_single)) {
2417 FAIL("got clienthello SRTP with length %zu, "
2418 "want length %zu\n", dlen,
2419 sizeof(tlsext_srtp_single));
2420 compare_data(data, dlen, tlsext_srtp_single,
2421 sizeof(tlsext_srtp_single));
2422 goto err;
2423 }
2424 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2425 FAIL("clienthello SRTP differs:\n");
2426 compare_data(data, dlen, tlsext_srtp_single,
2427 sizeof(tlsext_srtp_single));
2428 goto err;
2429 }
2430
2431 CBB_cleanup(&cbb);
2432 CBB_init(&cbb, 0);
2433 free(data);
2434 data = NULL;
2435
2436 /* Make sure we can parse the single profile. */
2437
2438 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2439 FAIL("SRTP profile should not be set yet\n");
2440 goto err;
2441 }
2442
2443 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2444 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
2445 FAIL("failed to parse SRTP\n");
2446 goto err;
2447 }
2448 if (CBS_len(&cbs) != 0) {
2449 FAIL("extension data remaining");
2450 goto err;
2451 }
2452
2453 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2454 FAIL("SRTP profile should be set now\n");
2455 goto err;
2456 }
2457 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2458 FAIL("SRTP profile was not set properly\n");
2459 goto err;
2460 }
2461
2462 if (!tlsext_srtp_serverhello_needs(ssl)) {
2463 FAIL("should send server extension when profile selected\n");
2464 goto err;
2465 }
2466
2467 /* Make sure we can build the clienthello with multiple entries. */
2468
2469 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2470 FAIL("should be able to set SRTP to multiple profiles\n");
2471 goto err;
2472 }
2473 if (!tlsext_srtp_clienthello_needs(ssl)) {
2474 FAIL("clienthello should need SRTP by now\n");
2475 goto err;
2476 }
2477
2478 if (!tlsext_srtp_clienthello_build(ssl, &cbb)) {
2479 FAIL("clienthello failed to build SRTP\n");
2480 goto err;
2481 }
2482 if (!CBB_finish(&cbb, &data, &dlen))
2483 errx(1, "failed to finish CBB");
2484
2485 if (dlen != sizeof(tlsext_srtp_multiple)) {
2486 FAIL("got clienthello SRTP with length %zu, "
2487 "want length %zu\n", dlen,
2488 sizeof(tlsext_srtp_multiple));
2489 compare_data(data, dlen, tlsext_srtp_multiple,
2490 sizeof(tlsext_srtp_multiple));
2491 goto err;
2492 }
2493 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2494 FAIL("clienthello SRTP differs:\n");
2495 compare_data(data, dlen, tlsext_srtp_multiple,
2496 sizeof(tlsext_srtp_multiple));
2497 goto err;
2498 }
2499
2500 CBB_cleanup(&cbb);
2501 CBB_init(&cbb, 0);
2502 free(data);
2503 data = NULL;
2504
2505 /* Make sure we can parse multiple profiles (selects server preferred) */
2506
2507 ssl->internal->srtp_profile = NULL;
2508
2509 CBS_init(&cbs, tlsext_srtp_multiple,
2510 sizeof(tlsext_srtp_multiple));
2511 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
2512 FAIL("failed to parse SRTP\n");
2513 goto err;
2514 }
2515 if (CBS_len(&cbs) != 0) {
2516 FAIL("extension data remaining");
2517 goto err;
2518 }
2519
2520 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2521 FAIL("SRTP profile should be set now\n");
2522 goto err;
2523 }
2524 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2525 FAIL("SRTP profile was not set properly\n");
2526 goto err;
2527 }
2528
2529 if (!tlsext_srtp_serverhello_needs(ssl)) {
2530 FAIL("should send server extension when profile selected\n");
2531 goto err;
2532 }
2533
2534 /*
2535 * Make sure we can parse the clienthello with multiple entries
2536 * where one is unknown.
2537 */
2538 ssl->internal->srtp_profile = NULL;
2539
2540 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2541 sizeof(tlsext_srtp_multiple_one_valid));
2542 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
2543 FAIL("failed to parse SRTP\n");
2544 goto err;
2545 }
2546 if (CBS_len(&cbs) != 0) {
2547 FAIL("extension data remaining");
2548 goto err;
2549 }
2550
2551 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2552 FAIL("SRTP profile should be set now\n");
2553 goto err;
2554 }
2555 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
2556 FAIL("SRTP profile was not set properly\n");
2557 goto err;
2558 }
2559
2560 if (!tlsext_srtp_serverhello_needs(ssl)) {
2561 FAIL("should send server extension when profile selected\n");
2562 goto err;
2563 }
2564
2565 /* Make sure we fall back to negotiated when none work. */
2566
2567 ssl->internal->srtp_profile = NULL;
2568
2569 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
2570 sizeof(tlsext_srtp_multiple_invalid));
2571 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) {
2572 FAIL("should be able to fall back to negotiated\n");
2573 goto err;
2574 }
2575 if (CBS_len(&cbs) != 0) {
2576 FAIL("extension data remaining");
2577 goto err;
2578 }
2579
2580 /* If we fallback, the server should NOT send the extension. */
2581 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2582 FAIL("should not have selected a profile when none found\n");
2583 goto err;
2584 }
2585 if (tlsext_srtp_serverhello_needs(ssl)) {
2586 FAIL("should not send server tlsext when no profile found\n");
2587 goto err;
2588 }
2589
2590 failure = 0;
2591
2592 err:
2593 CBB_cleanup(&cbb);
2594 SSL_CTX_free(ssl_ctx);
2595 SSL_free(ssl);
2596 free(data);
2597
2598 return (failure);
2599}
2600
2601static int
2602test_tlsext_srtp_serverhello(void)
2603{
2604 SRTP_PROTECTION_PROFILE *prof;
2605 SSL_CTX *ssl_ctx = NULL;
2606 SSL *ssl = NULL;
2607 uint8_t *data = NULL;
2608 CBB cbb;
2609 CBS cbs;
2610 int failure, alert;
2611 size_t dlen;
2612
2613 CBB_init(&cbb, 0);
2614
2615 failure = 1;
2616
2617 /* SRTP is for DTLS */
2618 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2619 errx(1, "failed to create SSL_CTX");
2620 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2621 errx(1, "failed to create SSL");
2622
2623 /* By default, we don't need this */
2624 if (tlsext_srtp_serverhello_needs(ssl)) {
2625 FAIL("serverhello should not need SRTP by default\n");
2626 goto err;
2627 }
2628
2629 if (srtp_find_profile_by_name((char *)tlsext_srtp_aes128cmsha80, &prof,
2630 strlen(tlsext_srtp_aes128cmsha80))) {
2631 FAIL("should be able to find the given profile\n");
2632 goto err;
2633 }
2634 ssl->internal->srtp_profile = prof;
2635 if (!tlsext_srtp_serverhello_needs(ssl)) {
2636 FAIL("serverhello should need SRTP by now\n");
2637 goto err;
2638 }
2639
2640 /* Make sure we can build the serverhello with a single profile. */
2641
2642 if (!tlsext_srtp_serverhello_build(ssl, &cbb)) {
2643 FAIL("serverhello failed to build SRTP\n");
2644 goto err;
2645 }
2646 if (!CBB_finish(&cbb, &data, &dlen))
2647 errx(1, "failed to finish CBB");
2648
2649 if (dlen != sizeof(tlsext_srtp_single)) {
2650 FAIL("got serverhello SRTP with length %zu, "
2651 "want length %zu\n", dlen,
2652 sizeof(tlsext_srtp_single));
2653 compare_data(data, dlen, tlsext_srtp_single,
2654 sizeof(tlsext_srtp_single));
2655 goto err;
2656 }
2657 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2658 FAIL("serverhello SRTP differs:\n");
2659 compare_data(data, dlen, tlsext_srtp_single,
2660 sizeof(tlsext_srtp_single));
2661 goto err;
2662 }
2663
2664 CBB_cleanup(&cbb);
2665 CBB_init(&cbb, 0);
2666 free(data);
2667 data = NULL;
2668
2669 /* Make sure we can parse the single profile. */
2670 ssl->internal->srtp_profile = NULL;
2671
2672 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2673 FAIL("SRTP profile should not be set yet\n");
2674 goto err;
2675 }
2676
2677 /* Setup the environment as if a client sent a list of profiles. */
2678 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2679 FAIL("should be able to set multiple profiles in SRTP\n");
2680 goto err;
2681 }
2682
2683 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2684 if (!tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
2685 FAIL("failed to parse SRTP\n");
2686 goto err;
2687 }
2688 if (CBS_len(&cbs) != 0) {
2689 FAIL("extension data remaining");
2690 goto err;
2691 }
2692
2693 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2694 FAIL("SRTP profile should be set now\n");
2695 goto err;
2696 }
2697 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2698 FAIL("SRTP profile was not set properly\n");
2699 goto err;
2700 }
2701
2702 /* Make sure we cannot parse multiple profiles */
2703 ssl->internal->srtp_profile = NULL;
2704
2705 CBS_init(&cbs, tlsext_srtp_multiple,
2706 sizeof(tlsext_srtp_multiple));
2707 if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
2708 FAIL("should not find multiple entries from the server\n");
2709 goto err;
2710 }
2711
2712 /* Make sure we cannot parse a serverhello with unknown profile */
2713 ssl->internal->srtp_profile = NULL;
2714
2715 CBS_init(&cbs, tlsext_srtp_single_invalid,
2716 sizeof(tlsext_srtp_single_invalid));
2717 if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) {
2718 FAIL("should not be able to parse this\n");
2719 goto err;
2720 }
2721
2722 failure = 0;
2723
2724 err:
2725 CBB_cleanup(&cbb);
2726 SSL_CTX_free(ssl_ctx);
2727 SSL_free(ssl);
2728 free(data);
2729
2730 return (failure);
2731}
2732#endif /* OPENSSL_NO_SRTP */
2733
2734unsigned char tlsext_clienthello_default[] = {
2735 0x00, 0x36, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
2736 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
2737 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
2738 0x00, 0x0d, 0x00, 0x1c, 0x00, 0x1a, 0x06, 0x01,
2739 0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03,
2740 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed,
2741 0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
2742};
2743
2744unsigned char tlsext_clienthello_disabled[] = {};
2745
2746static int
2747test_tlsext_clienthello_build(void)
2748{
2749 unsigned char *data = NULL;
2750 SSL_CTX *ssl_ctx = NULL;
2751 SSL *ssl = NULL;
2752 size_t dlen;
2753 int failure;
2754 CBB cbb;
2755
2756 failure = 1;
2757
2758 if (!CBB_init(&cbb, 0))
2759 errx(1, "failed to create CBB");
2760
2761 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2762 errx(1, "failed to create SSL_CTX");
2763 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2764 errx(1, "failed to create SSL");
2765
2766 if (!tlsext_clienthello_build(ssl, &cbb)) {
2767 FAIL("failed to build clienthello extensions\n");
2768 goto err;
2769 }
2770 if (!CBB_finish(&cbb, &data, &dlen))
2771 errx(1, "failed to finish CBB");
2772
2773 if (dlen != sizeof(tlsext_clienthello_default)) {
2774 FAIL("got clienthello extensions with length %zu, "
2775 "want length %zu\n", dlen,
2776 sizeof(tlsext_clienthello_default));
2777 compare_data(data, dlen, tlsext_clienthello_default,
2778 sizeof(tlsext_clienthello_default));
2779 goto err;
2780 }
2781 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
2782 FAIL("clienthello extensions differs:\n");
2783 compare_data(data, dlen, tlsext_clienthello_default,
2784 sizeof(tlsext_clienthello_default));
2785 goto err;
2786 }
2787
2788 CBB_cleanup(&cbb);
2789 CBB_init(&cbb, 0);
2790
2791 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
2792 ssl->client_version = TLS1_1_VERSION;
2793 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
2794 FAIL("failed to set cipher list\n");
2795 goto err;
2796 }
2797 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2798 FAIL("failed to disable session tickets");
2799 return 0;
2800 }
2801
2802 if (!tlsext_clienthello_build(ssl, &cbb)) {
2803 FAIL("failed to build clienthello extensions\n");
2804 goto err;
2805 }
2806 if (!CBB_finish(&cbb, &data, &dlen))
2807 errx(1, "failed to finish CBB");
2808
2809 if (dlen != sizeof(tlsext_clienthello_disabled)) {
2810 FAIL("got clienthello extensions with length %zu, "
2811 "want length %zu\n", dlen,
2812 sizeof(tlsext_clienthello_disabled));
2813 compare_data(data, dlen, tlsext_clienthello_disabled,
2814 sizeof(tlsext_clienthello_disabled));
2815 goto err;
2816 }
2817 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
2818 FAIL("clienthello extensions differs:\n");
2819 compare_data(data, dlen, tlsext_clienthello_disabled,
2820 sizeof(tlsext_clienthello_disabled));
2821 goto err;
2822 }
2823
2824 failure = 0;
2825
2826 err:
2827 CBB_cleanup(&cbb);
2828 SSL_CTX_free(ssl_ctx);
2829 SSL_free(ssl);
2830 free(data);
2831
2832 return (failure);
2833}
2834
2835unsigned char tlsext_serverhello_default[] = {};
2836
2837unsigned char tlsext_serverhello_enabled[] = {
2838 0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
2839 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
2840 0x00, 0x00, 0x23, 0x00, 0x00,
2841};
2842
2843static int
2844test_tlsext_serverhello_build(void)
2845{
2846 unsigned char *data = NULL;
2847 SSL_CTX *ssl_ctx = NULL;
2848 SSL *ssl = NULL;
2849 size_t dlen;
2850 int failure;
2851 CBB cbb;
2852
2853 failure = 1;
2854
2855 if (!CBB_init(&cbb, 0))
2856 errx(1, "failed to create CBB");
2857
2858 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2859 errx(1, "failed to create SSL_CTX");
2860 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2861 errx(1, "failed to create SSL");
2862 if ((ssl->session = SSL_SESSION_new()) == NULL)
2863 errx(1, "failed to create session");
2864
2865 S3I(ssl)->hs.new_cipher =
2866 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
2867
2868 if (!tlsext_serverhello_build(ssl, &cbb)) {
2869 FAIL("failed to build serverhello extensions\n");
2870 goto err;
2871 }
2872 if (!CBB_finish(&cbb, &data, &dlen))
2873 errx(1, "failed to finish CBB");
2874
2875 if (dlen != sizeof(tlsext_serverhello_default)) {
2876 FAIL("got serverhello extensions with length %zu, "
2877 "want length %zu\n", dlen,
2878 sizeof(tlsext_serverhello_default));
2879 compare_data(data, dlen, tlsext_serverhello_default,
2880 sizeof(tlsext_serverhello_default));
2881 goto err;
2882 }
2883 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
2884 FAIL("serverhello extensions differs:\n");
2885 compare_data(data, dlen, tlsext_serverhello_default,
2886 sizeof(tlsext_serverhello_default));
2887 goto err;
2888 }
2889
2890 CBB_cleanup(&cbb);
2891 CBB_init(&cbb, 0);
2892
2893 /* Turn a few things on so we get extensions... */
2894 S3I(ssl)->send_connection_binding = 1;
2895 S3I(ssl)->hs.new_cipher =
2896 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
2897 ssl->internal->tlsext_status_expected = 1;
2898 ssl->internal->tlsext_ticket_expected = 1;
2899 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL)
2900 errx(1, "malloc failed");
2901 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
2902 SSI(ssl)->tlsext_ecpointformatlist[0] =
2903 TLSEXT_ECPOINTFORMAT_uncompressed;
2904
2905 if (!tlsext_serverhello_build(ssl, &cbb)) {
2906 FAIL("failed to build serverhello extensions\n");
2907 goto err;
2908 }
2909 if (!CBB_finish(&cbb, &data, &dlen))
2910 errx(1, "failed to finish CBB");
2911
2912 if (dlen != sizeof(tlsext_serverhello_enabled)) {
2913 FAIL("got serverhello extensions with length %zu, "
2914 "want length %zu\n", dlen,
2915 sizeof(tlsext_serverhello_enabled));
2916 compare_data(data, dlen, tlsext_serverhello_enabled,
2917 sizeof(tlsext_serverhello_enabled));
2918 goto err;
2919 }
2920 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
2921 FAIL("serverhello extensions differs:\n");
2922 compare_data(data, dlen, tlsext_serverhello_enabled,
2923 sizeof(tlsext_serverhello_enabled));
2924 goto err;
2925 }
2926
2927 failure = 0;
2928
2929 err:
2930 CBB_cleanup(&cbb);
2931 SSL_CTX_free(ssl_ctx);
2932 SSL_free(ssl);
2933 free(data);
2934
2935 return (failure);
2936}
2937
2938int
2939main(int argc, char **argv)
2940{
2941 int failed = 0;
2942
2943 SSL_library_init();
2944 SSL_load_error_strings();
2945
2946 failed |= test_tlsext_alpn_clienthello();
2947 failed |= test_tlsext_alpn_serverhello();
2948
2949 failed |= test_tlsext_supportedgroups_clienthello();
2950 failed |= test_tlsext_supportedgroups_serverhello();
2951
2952 failed |= test_tlsext_ecpf_clienthello();
2953 failed |= test_tlsext_ecpf_serverhello();
2954
2955 failed |= test_tlsext_ri_clienthello();
2956 failed |= test_tlsext_ri_serverhello();
2957
2958 failed |= test_tlsext_sigalgs_clienthello();
2959 failed |= test_tlsext_sigalgs_serverhello();
2960
2961 failed |= test_tlsext_sni_clienthello();
2962 failed |= test_tlsext_sni_serverhello();
2963
2964 failed |= test_tlsext_ocsp_clienthello();
2965 failed |= test_tlsext_ocsp_serverhello();
2966
2967 failed |= test_tlsext_sessionticket_clienthello();
2968 failed |= test_tlsext_sessionticket_serverhello();
2969
2970#ifndef OPENSSL_NO_SRTP
2971 failed |= test_tlsext_srtp_clienthello();
2972 failed |= test_tlsext_srtp_serverhello();
2973#else
2974 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
2975#endif
2976
2977 failed |= test_tlsext_clienthello_build();
2978 failed |= test_tlsext_serverhello_build();
2979
2980 return (failed);
2981}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 23:47:38 +0000