summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/tlsext
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2022-10-20 07:33:15 +0000
committercvs2svn <admin@example.com>2022-10-20 07:33:15 +0000
commit963a7b06e7d578322df5c53439ac3f52eae54095 (patch)
tree47b3068b3442e2e9768ae23e8bcf303231adf015 /src/regress/lib/libssl/tlsext
parent6ef02c2707dc554983552781e5b767ae8103de15 (diff)
downloadopenbsd-tb_20221020.tar.gz
openbsd-tb_20221020.tar.bz2
openbsd-tb_20221020.zip
This commit was manufactured by cvs2git to create tag 'tb_20221020'.tb_20221020
Diffstat (limited to 'src/regress/lib/libssl/tlsext')
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile10
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c4496
2 files changed, 0 insertions, 4506 deletions
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 9ff441697f..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2022/06/29 15:06:18 tb Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index 331d554c0e..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,4496 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.76 2022/10/02 16:38:23 jsing Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
6 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#include <err.h>
22
23#include <openssl/tls1.h>
24
25#include "ssl_locl.h"
26
27#include "bytestring.h"
28#include "ssl_tlsext.h"
29
30struct tls_extension_funcs {
31 int (*needs)(SSL *s, uint16_t msg_type);
32 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
33 int (*parse)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
34};
35
36const struct tls_extension *tls_extension_find(uint16_t, size_t *);
37const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
38 int);
39
40static int
41tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
42 const struct tls_extension_funcs **server_funcs)
43{
44 const struct tls_extension *ext;
45 size_t idx;
46
47 if ((ext = tls_extension_find(type, &idx)) == NULL)
48 return 0;
49
50 if ((*client_funcs = tlsext_funcs(ext, 0)) == NULL)
51 return 0;
52
53 if ((*server_funcs = tlsext_funcs(ext, 1)) == NULL)
54 return 0;
55
56 return 1;
57}
58
59static void
60hexdump(const unsigned char *buf, size_t len)
61{
62 size_t i;
63
64 for (i = 1; i <= len; i++)
65 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
66
67 fprintf(stderr, "\n");
68}
69
70static void
71hexdump2(const uint16_t *buf, size_t len)
72{
73 size_t i;
74
75 for (i = 1; i <= len / 2; i++)
76 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
77
78 fprintf(stderr, "\n");
79}
80
81static void
82compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
83 size_t expect_len)
84{
85 fprintf(stderr, "received:\n");
86 hexdump(recv, recv_len);
87
88 fprintf(stderr, "test data:\n");
89 hexdump(expect, expect_len);
90}
91
92static void
93compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
94 size_t expect_len)
95{
96 fprintf(stderr, "received:\n");
97 hexdump2(recv, recv_len);
98
99 fprintf(stderr, "test data:\n");
100 hexdump2(expect, expect_len);
101}
102
103#define FAIL(msg, ...) \
104do { \
105 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
106 fprintf(stderr, msg, ##__VA_ARGS__); \
107} while(0)
108
109/*
110 * Supported Application-Layer Protocol Negotiation - RFC 7301
111 *
112 * There are already extensive unit tests for this so this just
113 * tests the state info.
114 */
115
116const uint8_t tlsext_alpn_multiple_protos_val[] = {
117 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
118 0x08, /* len */
119 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
120 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
121 0x09, /* len */
122 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
123};
124
125const uint8_t tlsext_alpn_multiple_protos[] = {
126 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
127 0x00, 0x13, /* len of all names */
128 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
129 0x08, /* len */
130 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
131 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
132 0x09, /* len */
133 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
134};
135
136const uint8_t tlsext_alpn_single_proto_val[] = {
137 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
138 0x08, /* len */
139 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
140};
141
142const uint8_t tlsext_alpn_single_proto_name[] = {
143 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
144};
145
146const uint8_t tlsext_alpn_single_proto[] = {
147 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
148 0x00, 0x09, /* len of all names */
149 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
150 0x08, /* len */
151 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
152};
153
154#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation
155
156static int
157test_tlsext_alpn_client(void)
158{
159 SSL_CTX *ssl_ctx = NULL;
160 SSL *ssl = NULL;
161 const struct tls_extension_funcs *client_funcs;
162 const struct tls_extension_funcs *server_funcs;
163 uint8_t *data = NULL;
164 CBB cbb;
165 CBS cbs;
166 int failure, alert;
167 size_t dlen;
168
169 failure = 1;
170
171 if (!CBB_init(&cbb, 0))
172 errx(1, "Failed to create CBB");
173
174 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
175 errx(1, "failed to create SSL_CTX");
176 if ((ssl = SSL_new(ssl_ctx)) == NULL)
177 errx(1, "failed to create SSL");
178
179 if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs))
180 errx(1, "failed to fetch ALPN funcs");
181
182 /* By default, we don't need this */
183 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
184 FAIL("client should not need ALPN by default\n");
185 goto err;
186 }
187
188 /*
189 * Prereqs:
190 * 1) Set s->alpn_client_proto_list
191 * - Using SSL_set_alpn_protos()
192 * 2) We have not finished or renegotiated.
193 * - s->s3->tmp.finish_md_len == 0
194 */
195 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
196 sizeof(tlsext_alpn_single_proto_val)) != 0) {
197 FAIL("should be able to set ALPN to http/1.1\n");
198 goto err;
199 }
200 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
201 FAIL("client should need ALPN by default\n");
202 goto err;
203 }
204
205 /* Make sure we can build the client with a single proto. */
206
207 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
208 FAIL("client failed to build ALPN\n");
209 goto err;
210 }
211 if (!CBB_finish(&cbb, &data, &dlen))
212 errx(1, "failed to finish CBB");
213
214 if (dlen != sizeof(tlsext_alpn_single_proto)) {
215 FAIL("got client ALPN with length %zu, "
216 "want length %zu\n", dlen,
217 sizeof(tlsext_alpn_single_proto));
218 compare_data(data, dlen, tlsext_alpn_single_proto,
219 sizeof(tlsext_alpn_single_proto));
220 goto err;
221 }
222 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
223 FAIL("client ALPN differs:\n");
224 compare_data(data, dlen, tlsext_alpn_single_proto,
225 sizeof(tlsext_alpn_single_proto));
226 goto err;
227 }
228
229 CBB_cleanup(&cbb);
230 if (!CBB_init(&cbb, 0))
231 errx(1, "Failed to create CBB");
232 free(data);
233 data = NULL;
234
235 /* Make sure we can parse the single proto. */
236
237 CBS_init(&cbs, tlsext_alpn_single_proto,
238 sizeof(tlsext_alpn_single_proto));
239 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
240 FAIL("failed to parse ALPN\n");
241 goto err;
242 }
243 if (CBS_len(&cbs) != 0) {
244 FAIL("extension data remaining\n");
245 goto err;
246 }
247
248 if (ssl->alpn_client_proto_list_len !=
249 sizeof(tlsext_alpn_single_proto_val)) {
250 FAIL("got client ALPN with length %zu, "
251 "want length %zu\n", dlen,
252 sizeof(tlsext_alpn_single_proto_val));
253 compare_data(ssl->alpn_client_proto_list,
254 ssl->alpn_client_proto_list_len,
255 tlsext_alpn_single_proto_val,
256 sizeof(tlsext_alpn_single_proto_val));
257 goto err;
258 }
259 if (memcmp(ssl->alpn_client_proto_list,
260 tlsext_alpn_single_proto_val,
261 sizeof(tlsext_alpn_single_proto_val)) != 0) {
262 FAIL("client ALPN differs:\n");
263 compare_data(data, dlen, tlsext_alpn_single_proto_val,
264 sizeof(tlsext_alpn_single_proto_val));
265 goto err;
266 }
267
268 /* Make sure we can build the clienthello with multiple entries. */
269
270 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
271 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
272 FAIL("should be able to set ALPN to http/1.1\n");
273 goto err;
274 }
275 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
276 FAIL("client should need ALPN by now\n");
277 goto err;
278 }
279
280 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
281 FAIL("client failed to build ALPN\n");
282 goto err;
283 }
284 if (!CBB_finish(&cbb, &data, &dlen))
285 errx(1, "failed to finish CBB");
286
287 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
288 FAIL("got client ALPN with length %zu, "
289 "want length %zu\n", dlen,
290 sizeof(tlsext_alpn_multiple_protos));
291 compare_data(data, dlen, tlsext_alpn_multiple_protos,
292 sizeof(tlsext_alpn_multiple_protos));
293 goto err;
294 }
295 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
296 FAIL("client ALPN differs:\n");
297 compare_data(data, dlen, tlsext_alpn_multiple_protos,
298 sizeof(tlsext_alpn_multiple_protos));
299 goto err;
300 }
301
302 /* Make sure we can parse multiple protos */
303
304 CBS_init(&cbs, tlsext_alpn_multiple_protos,
305 sizeof(tlsext_alpn_multiple_protos));
306 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
307 FAIL("failed to parse ALPN\n");
308 goto err;
309 }
310 if (CBS_len(&cbs) != 0) {
311 FAIL("extension data remaining\n");
312 goto err;
313 }
314
315 if (ssl->alpn_client_proto_list_len !=
316 sizeof(tlsext_alpn_multiple_protos_val)) {
317 FAIL("got client ALPN with length %zu, "
318 "want length %zu\n", dlen,
319 sizeof(tlsext_alpn_multiple_protos_val));
320 compare_data(ssl->alpn_client_proto_list,
321 ssl->alpn_client_proto_list_len,
322 tlsext_alpn_multiple_protos_val,
323 sizeof(tlsext_alpn_multiple_protos_val));
324 goto err;
325 }
326 if (memcmp(ssl->alpn_client_proto_list,
327 tlsext_alpn_multiple_protos_val,
328 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
329 FAIL("client ALPN differs:\n");
330 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
331 sizeof(tlsext_alpn_multiple_protos_val));
332 goto err;
333 }
334
335 /* Make sure we can remove the list and avoid ALPN */
336
337 free(ssl->alpn_client_proto_list);
338 ssl->alpn_client_proto_list = NULL;
339 ssl->alpn_client_proto_list_len = 0;
340
341 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
342 FAIL("client should need ALPN by default\n");
343 goto err;
344 }
345
346 failure = 0;
347
348 err:
349 CBB_cleanup(&cbb);
350 SSL_CTX_free(ssl_ctx);
351 SSL_free(ssl);
352 free(data);
353
354 return (failure);
355}
356
357static int
358test_tlsext_alpn_server(void)
359{
360 SSL_CTX *ssl_ctx = NULL;
361 SSL *ssl = NULL;
362 const struct tls_extension_funcs *client_funcs;
363 const struct tls_extension_funcs *server_funcs;
364 uint8_t *data = NULL;
365 CBB cbb;
366 CBS cbs;
367 int failure, alert;
368 size_t dlen;
369
370 failure = 1;
371
372 if (!CBB_init(&cbb, 0))
373 errx(1, "Failed to create CBB");
374
375 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
376 errx(1, "failed to create SSL_CTX");
377 if ((ssl = SSL_new(ssl_ctx)) == NULL)
378 errx(1, "failed to create SSL");
379
380 if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs))
381 errx(1, "failed to fetch ALPN funcs");
382
383 /* By default, ALPN isn't needed. */
384 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
385 FAIL("server should not need ALPN by default\n");
386 goto err;
387 }
388
389 /*
390 * The server has a single ALPN selection which is set by
391 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
392 *
393 * This will be a plain name and separate length.
394 */
395 if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
396 errx(1, "failed to malloc");
397 }
398 memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name,
399 sizeof(tlsext_alpn_single_proto_name));
400 ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
401
402 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
403 FAIL("server should need ALPN after a protocol is selected\n");
404 goto err;
405 }
406
407 /* Make sure we can build a server with one protocol */
408
409 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
410 FAIL("server should be able to build a response\n");
411 goto err;
412 }
413 if (!CBB_finish(&cbb, &data, &dlen))
414 errx(1, "failed to finish CBB");
415
416 if (dlen != sizeof(tlsext_alpn_single_proto)) {
417 FAIL("got client ALPN with length %zu, "
418 "want length %zu\n", dlen,
419 sizeof(tlsext_alpn_single_proto));
420 compare_data(data, dlen, tlsext_alpn_single_proto,
421 sizeof(tlsext_alpn_single_proto));
422 goto err;
423 }
424 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
425 FAIL("client ALPN differs:\n");
426 compare_data(data, dlen, tlsext_alpn_single_proto,
427 sizeof(tlsext_alpn_single_proto));
428 goto err;
429 }
430
431 CBB_cleanup(&cbb);
432 if (!CBB_init(&cbb, 0))
433 errx(1, "Failed to create CBB");
434 free(data);
435 data = NULL;
436
437 /* Make sure we can parse the single proto. */
438
439 CBS_init(&cbs, tlsext_alpn_single_proto,
440 sizeof(tlsext_alpn_single_proto));
441
442 /* Shouldn't be able to parse without requesting */
443 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
444 FAIL("Should only parse server if we requested it\n");
445 goto err;
446 }
447
448 /* Should be able to parse once requested. */
449 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
450 sizeof(tlsext_alpn_single_proto_val)) != 0) {
451 FAIL("should be able to set ALPN to http/1.1\n");
452 goto err;
453 }
454 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
455 FAIL("Should be able to parse server when we request it\n");
456 goto err;
457 }
458 if (CBS_len(&cbs) != 0) {
459 FAIL("extension data remaining\n");
460 goto err;
461 }
462
463 if (ssl->s3->alpn_selected_len !=
464 sizeof(tlsext_alpn_single_proto_name)) {
465 FAIL("got server ALPN with length %zu, "
466 "want length %zu\n", dlen,
467 sizeof(tlsext_alpn_single_proto_name));
468 compare_data(ssl->s3->alpn_selected,
469 ssl->s3->alpn_selected_len,
470 tlsext_alpn_single_proto_name,
471 sizeof(tlsext_alpn_single_proto_name));
472 goto err;
473 }
474 if (memcmp(ssl->s3->alpn_selected,
475 tlsext_alpn_single_proto_name,
476 sizeof(tlsext_alpn_single_proto_name)) != 0) {
477 FAIL("server ALPN differs:\n");
478 compare_data(ssl->s3->alpn_selected,
479 ssl->s3->alpn_selected_len,
480 tlsext_alpn_single_proto_name,
481 sizeof(tlsext_alpn_single_proto_name));
482 goto err;
483 }
484
485 /*
486 * We should NOT be able to build a server with multiple
487 * protocol names. However, the existing code did not check for this
488 * case because it is passed in as an encoded value.
489 */
490
491 /* Make sure we can remove the list and avoid ALPN */
492
493 free(ssl->s3->alpn_selected);
494 ssl->s3->alpn_selected = NULL;
495 ssl->s3->alpn_selected_len = 0;
496
497 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
498 FAIL("server should not need ALPN by default\n");
499 goto err;
500 }
501
502 failure = 0;
503
504 err:
505 CBB_cleanup(&cbb);
506 SSL_CTX_free(ssl_ctx);
507 SSL_free(ssl);
508 free(data);
509
510 return (failure);
511
512}
513
514/*
515 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
516 *
517 * This extension is only used by the client.
518 */
519
520static uint8_t tlsext_supportedgroups_client_default[] = {
521 0x00, 0x08,
522 0x00, 0x1d, /* X25519 (29) */
523 0x00, 0x17, /* secp256r1 (23) */
524 0x00, 0x18, /* secp384r1 (24) */
525 0x00, 0x19, /* secp521r1 (25) */
526};
527
528static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
529 0x0018 /* tls1_ec_nid2group_id(NID_secp384r1) */
530};
531static uint8_t tlsext_supportedgroups_client_secp384r1[] = {
532 0x00, 0x02,
533 0x00, 0x18 /* secp384r1 (24) */
534};
535
536/* Example from RFC 4492 section 5.1.1 */
537static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
538 0x0013, /* tls1_ec_nid2group_id(NID_X9_62_prime192v1) */
539 0x0015 /* tls1_ec_nid2group_id(NID_secp224r1) */
540};
541static uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
542 0x00, 0x04,
543 0x00, 0x13, /* secp192r1 aka NIST P-192 */
544 0x00, 0x15 /* secp224r1 aka NIST P-224 */
545};
546
547static int
548test_tlsext_supportedgroups_client(void)
549{
550 unsigned char *data = NULL;
551 SSL_CTX *ssl_ctx = NULL;
552 SSL *ssl = NULL;
553 const struct tls_extension_funcs *client_funcs;
554 const struct tls_extension_funcs *server_funcs;
555 size_t dlen;
556 int failure, alert;
557 CBB cbb;
558 CBS cbs;
559
560 failure = 1;
561
562 if (!CBB_init(&cbb, 0))
563 errx(1, "failed to create CBB");
564
565 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
566 errx(1, "failed to create SSL_CTX");
567 if ((ssl = SSL_new(ssl_ctx)) == NULL)
568 errx(1, "failed to create SSL");
569
570 if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs,
571 &server_funcs))
572 errx(1, "failed to fetch supported groups funcs");
573
574 /*
575 * Default ciphers include EC so we need it by default.
576 */
577 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
578 FAIL("client should need Ellipticcurves for default "
579 "ciphers\n");
580 goto err;
581 }
582
583 /*
584 * Exclude cipher suites so we can test not including it.
585 */
586 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
587 FAIL("client should be able to set cipher list\n");
588 goto err;
589 }
590 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
591 FAIL("client should not need Ellipticcurves\n");
592 goto err;
593 }
594
595 /*
596 * Use libtls default for the rest of the testing
597 */
598 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
599 FAIL("client should be able to set cipher list\n");
600 goto err;
601 }
602 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
603 FAIL("client should need Ellipticcurves\n");
604 goto err;
605 }
606
607 /*
608 * Test with a session secp384r1. The default is used instead.
609 */
610 if ((ssl->session = SSL_SESSION_new()) == NULL)
611 errx(1, "failed to create session");
612
613 if ((ssl->session->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
614 == NULL) {
615 FAIL("client could not malloc\n");
616 goto err;
617 }
618 if (!tls1_ec_nid2group_id(NID_secp384r1,
619 &ssl->session->tlsext_supportedgroups[0]))
620 goto err;
621 ssl->session->tlsext_supportedgroups_length = 1;
622
623 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
624 FAIL("client should need Ellipticcurves\n");
625 goto err;
626 }
627
628 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
629 FAIL("client failed to build Ellipticcurves\n");
630 goto err;
631 }
632
633 if (!CBB_finish(&cbb, &data, &dlen))
634 errx(1, "failed to finish CBB");
635
636 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
637 FAIL("got client Ellipticcurves with length %zu, "
638 "want length %zu\n", dlen,
639 sizeof(tlsext_supportedgroups_client_default));
640 compare_data(data, dlen, tlsext_supportedgroups_client_default,
641 sizeof(tlsext_supportedgroups_client_default));
642 goto err;
643 }
644
645 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
646 FAIL("client Ellipticcurves differs:\n");
647 compare_data(data, dlen, tlsext_supportedgroups_client_default,
648 sizeof(tlsext_supportedgroups_client_default));
649 goto err;
650 }
651
652 /*
653 * Test parsing secp384r1
654 */
655 CBB_cleanup(&cbb);
656 if (!CBB_init(&cbb, 0))
657 errx(1, "Failed to create CBB");
658 free(data);
659 data = NULL;
660
661 SSL_SESSION_free(ssl->session);
662 if ((ssl->session = SSL_SESSION_new()) == NULL)
663 errx(1, "failed to create session");
664
665 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
666 sizeof(tlsext_supportedgroups_client_secp384r1));
667 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
668 FAIL("failed to parse client Ellipticcurves\n");
669 goto err;
670 }
671 if (CBS_len(&cbs) != 0) {
672 FAIL("extension data remaining\n");
673 goto err;
674 }
675
676 if (ssl->session->tlsext_supportedgroups_length !=
677 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
678 FAIL("no tlsext_ellipticcurves from client "
679 "Ellipticcurves\n");
680 goto err;
681 }
682
683 if (memcmp(ssl->session->tlsext_supportedgroups,
684 tlsext_supportedgroups_client_secp384r1_val,
685 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
686 FAIL("client had an incorrect Ellipticcurves "
687 "entry\n");
688 compare_data2(ssl->session->tlsext_supportedgroups,
689 ssl->session->tlsext_supportedgroups_length * 2,
690 tlsext_supportedgroups_client_secp384r1_val,
691 sizeof(tlsext_supportedgroups_client_secp384r1_val));
692 goto err;
693 }
694
695 /*
696 * Use a custom order.
697 */
698 CBB_cleanup(&cbb);
699 if (!CBB_init(&cbb, 0))
700 errx(1, "Failed to create CBB");
701
702 SSL_SESSION_free(ssl->session);
703 if ((ssl->session = SSL_SESSION_new()) == NULL)
704 errx(1, "failed to create session");
705
706 if ((ssl->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
707 FAIL("client could not malloc\n");
708 goto err;
709 }
710 if (!tls1_ec_nid2group_id(NID_X9_62_prime192v1,
711 &ssl->tlsext_supportedgroups[0]))
712 goto err;
713 if (!tls1_ec_nid2group_id(NID_secp224r1,
714 &ssl->tlsext_supportedgroups[1]))
715 goto err;
716 ssl->tlsext_supportedgroups_length = 2;
717
718 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
719 FAIL("client should need Ellipticcurves\n");
720 goto err;
721 }
722
723 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
724 FAIL("client failed to build Ellipticcurves\n");
725 goto err;
726 }
727
728 if (!CBB_finish(&cbb, &data, &dlen))
729 errx(1, "failed to finish CBB");
730
731 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
732 FAIL("got client Ellipticcurves with length %zu, "
733 "want length %zu\n", dlen,
734 sizeof(tlsext_supportedgroups_client_nistp192and224));
735 fprintf(stderr, "received:\n");
736 hexdump(data, dlen);
737 fprintf(stderr, "test data:\n");
738 hexdump(tlsext_supportedgroups_client_nistp192and224,
739 sizeof(tlsext_supportedgroups_client_nistp192and224));
740 goto err;
741 }
742
743 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
744 FAIL("client Ellipticcurves differs:\n");
745 fprintf(stderr, "received:\n");
746 hexdump(data, dlen);
747 fprintf(stderr, "test data:\n");
748 hexdump(tlsext_supportedgroups_client_nistp192and224,
749 sizeof(tlsext_supportedgroups_client_nistp192and224));
750 goto err;
751 }
752
753 /*
754 * Parse non-default curves to session.
755 */
756 CBB_cleanup(&cbb);
757 if (!CBB_init(&cbb, 0))
758 errx(1, "Failed to create CBB");
759 free(data);
760 data = NULL;
761
762 SSL_SESSION_free(ssl->session);
763 if ((ssl->session = SSL_SESSION_new()) == NULL)
764 errx(1, "failed to create session");
765
766 /* Reset back to the default list. */
767 free(ssl->tlsext_supportedgroups);
768 ssl->tlsext_supportedgroups = NULL;
769 ssl->tlsext_supportedgroups_length = 0;
770
771 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
772 sizeof(tlsext_supportedgroups_client_nistp192and224));
773 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
774 FAIL("failed to parse client Ellipticcurves\n");
775 goto err;
776 }
777 if (CBS_len(&cbs) != 0) {
778 FAIL("extension data remaining\n");
779 goto err;
780 }
781
782 if (ssl->session->tlsext_supportedgroups_length !=
783 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
784 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
785 goto err;
786 }
787
788 if (memcmp(ssl->session->tlsext_supportedgroups,
789 tlsext_supportedgroups_client_nistp192and224_val,
790 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
791 FAIL("client had an incorrect Ellipticcurves entry\n");
792 compare_data2(ssl->session->tlsext_supportedgroups,
793 ssl->session->tlsext_supportedgroups_length * 2,
794 tlsext_supportedgroups_client_nistp192and224_val,
795 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
796 goto err;
797 }
798
799 failure = 0;
800
801 err:
802 CBB_cleanup(&cbb);
803 SSL_CTX_free(ssl_ctx);
804 SSL_free(ssl);
805 free(data);
806
807 return (failure);
808}
809
810
811/* elliptic_curves is only used by the client so this doesn't test much. */
812static int
813test_tlsext_supportedgroups_server(void)
814{
815 SSL_CTX *ssl_ctx = NULL;
816 SSL *ssl = NULL;
817 const struct tls_extension_funcs *client_funcs;
818 const struct tls_extension_funcs *server_funcs;
819 int failure;
820
821 failure = 1;
822
823 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
824 errx(1, "failed to create SSL_CTX");
825 if ((ssl = SSL_new(ssl_ctx)) == NULL)
826 errx(1, "failed to create SSL");
827
828 if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs,
829 &server_funcs))
830 errx(1, "failed to fetch supported groups funcs");
831
832 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
833 FAIL("server should not need elliptic_curves\n");
834 goto err;
835 }
836
837 if ((ssl->session = SSL_SESSION_new()) == NULL)
838 errx(1, "failed to create session");
839
840 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
841 FAIL("server should not need elliptic_curves\n");
842 goto err;
843 }
844
845 failure = 0;
846
847 err:
848 SSL_CTX_free(ssl_ctx);
849 SSL_free(ssl);
850
851 return (failure);
852
853}
854
855/*
856 * Supported Point Formats - RFC 4492 section 5.1.2.
857 *
858 * Examples are from the RFC. Both client and server have the same build and
859 * parse but the needs differ.
860 */
861
862static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
863 TLSEXT_ECPOINTFORMAT_uncompressed
864};
865static uint8_t tlsext_ecpf_hello_uncompressed[] = {
866 0x01,
867 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
868};
869
870static uint8_t tlsext_ecpf_hello_prime[] = {
871 0x01,
872 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
873};
874
875static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
876 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
877 TLSEXT_ECPOINTFORMAT_uncompressed,
878 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
879};
880static uint8_t tlsext_ecpf_hello_prefer_order[] = {
881 0x03,
882 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
883 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
884 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
885};
886
887static int
888test_tlsext_ecpf_client(void)
889{
890 uint8_t *data = NULL;
891 SSL_CTX *ssl_ctx = NULL;
892 SSL *ssl = NULL;
893 const struct tls_extension_funcs *client_funcs;
894 const struct tls_extension_funcs *server_funcs;
895 size_t dlen;
896 int failure, alert;
897 CBB cbb;
898 CBS cbs;
899
900 failure = 1;
901
902 if (!CBB_init(&cbb, 0))
903 errx(1, "Failed to create CBB");
904
905 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
906 errx(1, "failed to create SSL_CTX");
907 if ((ssl = SSL_new(ssl_ctx)) == NULL)
908 errx(1, "failed to create SSL");
909
910 if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs,
911 &server_funcs))
912 errx(1, "failed to fetch ecpf funcs");
913
914 /*
915 * Default ciphers include EC so we need it by default.
916 */
917 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
918 FAIL("client should need ECPointFormats for default "
919 "ciphers\n");
920 goto err;
921 }
922
923 /*
924 * Exclude EC cipher suites so we can test not including it.
925 */
926 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
927 FAIL("client should be able to set cipher list\n");
928 goto err;
929 }
930 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
931 FAIL("client should not need ECPointFormats\n");
932 goto err;
933 }
934
935 /*
936 * Use libtls default for the rest of the testing
937 */
938 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
939 FAIL("client should be able to set cipher list\n");
940 goto err;
941 }
942 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
943 FAIL("client should need ECPointFormats\n");
944 goto err;
945 }
946
947 /*
948 * The default ECPointFormats should only have uncompressed
949 */
950 if ((ssl->session = SSL_SESSION_new()) == NULL)
951 errx(1, "failed to create session");
952
953 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
954 FAIL("client failed to build ECPointFormats\n");
955 goto err;
956 }
957
958 if (!CBB_finish(&cbb, &data, &dlen))
959 errx(1, "failed to finish CBB");
960
961 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
962 FAIL("got client ECPointFormats with length %zu, "
963 "want length %zu\n", dlen,
964 sizeof(tlsext_ecpf_hello_uncompressed));
965 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
966 sizeof(tlsext_ecpf_hello_uncompressed));
967 goto err;
968 }
969
970 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
971 FAIL("client ECPointFormats differs:\n");
972 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
973 sizeof(tlsext_ecpf_hello_uncompressed));
974 goto err;
975 }
976
977 /*
978 * Make sure we can parse the default.
979 */
980 CBB_cleanup(&cbb);
981 if (!CBB_init(&cbb, 0))
982 errx(1, "Failed to create CBB");
983 free(data);
984 data = NULL;
985
986 SSL_SESSION_free(ssl->session);
987 if ((ssl->session = SSL_SESSION_new()) == NULL)
988 errx(1, "failed to create session");
989
990 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
991 sizeof(tlsext_ecpf_hello_uncompressed));
992 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
993 FAIL("failed to parse client ECPointFormats\n");
994 goto err;
995 }
996 if (CBS_len(&cbs) != 0) {
997 FAIL("extension data remaining\n");
998 goto err;
999 }
1000
1001 if (ssl->session->tlsext_ecpointformatlist_length !=
1002 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
1003 FAIL("no tlsext_ecpointformats from client "
1004 "ECPointFormats\n");
1005 goto err;
1006 }
1007
1008 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1009 tlsext_ecpf_hello_uncompressed_val,
1010 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
1011 FAIL("client had an incorrect ECPointFormats entry\n");
1012 goto err;
1013 }
1014
1015 /*
1016 * Test with a custom order.
1017 */
1018 CBB_cleanup(&cbb);
1019 if (!CBB_init(&cbb, 0))
1020 errx(1, "Failed to create CBB");
1021 free(data);
1022 data = NULL;
1023
1024 SSL_SESSION_free(ssl->session);
1025 if ((ssl->session = SSL_SESSION_new()) == NULL)
1026 errx(1, "failed to create session");
1027
1028 if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1029 FAIL("client could not malloc\n");
1030 goto err;
1031 }
1032 ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1033 ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1034 ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1035 ssl->tlsext_ecpointformatlist_length = 3;
1036
1037 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1038 FAIL("client should need ECPointFormats with a custom "
1039 "format\n");
1040 goto err;
1041 }
1042
1043 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1044 FAIL("client failed to build ECPointFormats\n");
1045 goto err;
1046 }
1047
1048 if (!CBB_finish(&cbb, &data, &dlen))
1049 errx(1, "failed to finish CBB");
1050
1051 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1052 FAIL("got client ECPointFormats with length %zu, "
1053 "want length %zu\n", dlen,
1054 sizeof(tlsext_ecpf_hello_prefer_order));
1055 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1056 sizeof(tlsext_ecpf_hello_prefer_order));
1057 goto err;
1058 }
1059
1060 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1061 FAIL("client ECPointFormats differs:\n");
1062 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1063 sizeof(tlsext_ecpf_hello_prefer_order));
1064 goto err;
1065 }
1066
1067 /*
1068 * Make sure that we can parse this custom order.
1069 */
1070 CBB_cleanup(&cbb);
1071 if (!CBB_init(&cbb, 0))
1072 errx(1, "Failed to create CBB");
1073 free(data);
1074 data = NULL;
1075
1076 SSL_SESSION_free(ssl->session);
1077 if ((ssl->session = SSL_SESSION_new()) == NULL)
1078 errx(1, "failed to create session");
1079
1080 /* Reset the custom list so we go back to the default uncompressed. */
1081 free(ssl->tlsext_ecpointformatlist);
1082 ssl->tlsext_ecpointformatlist = NULL;
1083 ssl->tlsext_ecpointformatlist_length = 0;
1084
1085 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1086 sizeof(tlsext_ecpf_hello_prefer_order));
1087 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1088 FAIL("failed to parse client ECPointFormats\n");
1089 goto err;
1090 }
1091 if (CBS_len(&cbs) != 0) {
1092 FAIL("extension data remaining\n");
1093 goto err;
1094 }
1095
1096 if (ssl->session->tlsext_ecpointformatlist_length !=
1097 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1098 FAIL("no tlsext_ecpointformats from client "
1099 "ECPointFormats\n");
1100 goto err;
1101 }
1102
1103 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1104 tlsext_ecpf_hello_prefer_order_val,
1105 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1106 FAIL("client had an incorrect ECPointFormats entry\n");
1107 goto err;
1108 }
1109
1110
1111 failure = 0;
1112
1113 err:
1114 CBB_cleanup(&cbb);
1115 SSL_CTX_free(ssl_ctx);
1116 SSL_free(ssl);
1117 free(data);
1118
1119 return (failure);
1120}
1121
1122static int
1123test_tlsext_ecpf_server(void)
1124{
1125 uint8_t *data = NULL;
1126 SSL_CTX *ssl_ctx = NULL;
1127 SSL *ssl = NULL;
1128 const struct tls_extension_funcs *client_funcs;
1129 const struct tls_extension_funcs *server_funcs;
1130 size_t dlen;
1131 int failure, alert;
1132 CBB cbb;
1133 CBS cbs;
1134
1135 failure = 1;
1136
1137 if (!CBB_init(&cbb, 0))
1138 errx(1, "Failed to create CBB");
1139
1140 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1141 errx(1, "failed to create SSL_CTX");
1142 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1143 errx(1, "failed to create SSL");
1144
1145 if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs,
1146 &server_funcs))
1147 errx(1, "failed to fetch ecpf funcs");
1148
1149 if ((ssl->session = SSL_SESSION_new()) == NULL)
1150 errx(1, "failed to create session");
1151
1152 /* Setup the state so we can call needs. */
1153 if ((ssl->s3->hs.cipher =
1154 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1155 == NULL) {
1156 FAIL("server cannot find cipher\n");
1157 goto err;
1158 }
1159 if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1160 == NULL) {
1161 FAIL("server could not malloc\n");
1162 goto err;
1163 }
1164 ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1165 ssl->session->tlsext_ecpointformatlist_length = 1;
1166
1167 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1168 FAIL("server should need ECPointFormats now\n");
1169 goto err;
1170 }
1171
1172 /*
1173 * The server will ignore the session list and use either a custom
1174 * list or the default (uncompressed).
1175 */
1176 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1177 FAIL("server failed to build ECPointFormats\n");
1178 goto err;
1179 }
1180
1181 if (!CBB_finish(&cbb, &data, &dlen))
1182 errx(1, "failed to finish CBB");
1183
1184 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1185 FAIL("got server ECPointFormats with length %zu, "
1186 "want length %zu\n", dlen,
1187 sizeof(tlsext_ecpf_hello_uncompressed));
1188 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1189 sizeof(tlsext_ecpf_hello_uncompressed));
1190 goto err;
1191 }
1192
1193 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1194 FAIL("server ECPointFormats differs:\n");
1195 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1196 sizeof(tlsext_ecpf_hello_uncompressed));
1197 goto err;
1198 }
1199
1200 /*
1201 * Cannot parse a non-default list without at least uncompressed.
1202 */
1203 CBB_cleanup(&cbb);
1204 if (!CBB_init(&cbb, 0))
1205 errx(1, "Failed to create CBB");
1206 free(data);
1207 data = NULL;
1208
1209 SSL_SESSION_free(ssl->session);
1210 if ((ssl->session = SSL_SESSION_new()) == NULL)
1211 errx(1, "failed to create session");
1212
1213 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1214 sizeof(tlsext_ecpf_hello_prime));
1215 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1216 FAIL("must include uncompressed in server ECPointFormats\n");
1217 goto err;
1218 }
1219 if (CBS_len(&cbs) != 0) {
1220 FAIL("extension data remaining\n");
1221 goto err;
1222 }
1223
1224 /*
1225 * Test with a custom order that replaces the default uncompressed.
1226 */
1227 CBB_cleanup(&cbb);
1228 if (!CBB_init(&cbb, 0))
1229 errx(1, "Failed to create CBB");
1230 free(data);
1231 data = NULL;
1232
1233 SSL_SESSION_free(ssl->session);
1234 if ((ssl->session = SSL_SESSION_new()) == NULL)
1235 errx(1, "failed to create session");
1236
1237 /* Add a session list even though it will be ignored. */
1238 if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1239 == NULL) {
1240 FAIL("server could not malloc\n");
1241 goto err;
1242 }
1243 ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1244 ssl->session->tlsext_ecpointformatlist_length = 1;
1245
1246 /* Replace the default list with a custom one. */
1247 if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1248 FAIL("server could not malloc\n");
1249 goto err;
1250 }
1251 ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1252 ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1253 ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1254 ssl->tlsext_ecpointformatlist_length = 3;
1255
1256 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1257 FAIL("server should need ECPointFormats\n");
1258 goto err;
1259 }
1260
1261 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1262 FAIL("server failed to build ECPointFormats\n");
1263 goto err;
1264 }
1265
1266 if (!CBB_finish(&cbb, &data, &dlen))
1267 errx(1, "failed to finish CBB");
1268
1269 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1270 FAIL("got server ECPointFormats with length %zu, "
1271 "want length %zu\n", dlen,
1272 sizeof(tlsext_ecpf_hello_prefer_order));
1273 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1274 sizeof(tlsext_ecpf_hello_prefer_order));
1275 goto err;
1276 }
1277
1278 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1279 FAIL("server ECPointFormats differs:\n");
1280 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1281 sizeof(tlsext_ecpf_hello_prefer_order));
1282 goto err;
1283 }
1284
1285 /*
1286 * Should be able to parse the custom list into a session list.
1287 */
1288 CBB_cleanup(&cbb);
1289 if (!CBB_init(&cbb, 0))
1290 errx(1, "Failed to create CBB");
1291 free(data);
1292 data = NULL;
1293
1294 SSL_SESSION_free(ssl->session);
1295 if ((ssl->session = SSL_SESSION_new()) == NULL)
1296 errx(1, "failed to create session");
1297
1298 /* Reset back to the default (uncompressed) */
1299 free(ssl->tlsext_ecpointformatlist);
1300 ssl->tlsext_ecpointformatlist = NULL;
1301 ssl->tlsext_ecpointformatlist_length = 0;
1302
1303 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1304 sizeof(tlsext_ecpf_hello_prefer_order));
1305 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1306 FAIL("failed to parse server ECPointFormats\n");
1307 goto err;
1308 }
1309 if (CBS_len(&cbs) != 0) {
1310 FAIL("extension data remaining\n");
1311 goto err;
1312 }
1313
1314 if (ssl->session->tlsext_ecpointformatlist_length !=
1315 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1316 FAIL("no tlsext_ecpointformats from server "
1317 "ECPointFormats\n");
1318 goto err;
1319 }
1320
1321 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1322 tlsext_ecpf_hello_prefer_order_val,
1323 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1324 FAIL("server had an incorrect ECPointFormats entry\n");
1325 goto err;
1326 }
1327
1328 failure = 0;
1329
1330 err:
1331 CBB_cleanup(&cbb);
1332 SSL_CTX_free(ssl_ctx);
1333 SSL_free(ssl);
1334 free(data);
1335
1336 return (failure);
1337}
1338
1339/*
1340 * Renegotiation Indication - RFC 5746.
1341 */
1342
1343static unsigned char tlsext_ri_prev_client[] = {
1344 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1345 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1346};
1347
1348static unsigned char tlsext_ri_prev_server[] = {
1349 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1350 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1351};
1352
1353static unsigned char tlsext_ri_client[] = {
1354 0x10,
1355 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1356 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1357};
1358
1359static unsigned char tlsext_ri_server[] = {
1360 0x20,
1361 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1362 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1363 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1364 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1365};
1366
1367static int
1368test_tlsext_ri_client(void)
1369{
1370 unsigned char *data = NULL;
1371 SSL_CTX *ssl_ctx = NULL;
1372 SSL *ssl = NULL;
1373 const struct tls_extension_funcs *client_funcs;
1374 const struct tls_extension_funcs *server_funcs;
1375 int failure;
1376 size_t dlen;
1377 int alert;
1378 CBB cbb;
1379 CBS cbs;
1380
1381 failure = 1;
1382
1383 if (!CBB_init(&cbb, 0))
1384 errx(1, "Failed to create CBB");
1385
1386 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1387 errx(1, "failed to create SSL_CTX");
1388 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1389 errx(1, "failed to create SSL");
1390
1391 if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs,
1392 &server_funcs))
1393 errx(1, "failed to fetch ri funcs");
1394
1395 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1396 FAIL("client should not need RI\n");
1397 goto err;
1398 }
1399
1400 if (!SSL_renegotiate(ssl)) {
1401 FAIL("client failed to set renegotiate\n");
1402 goto err;
1403 }
1404
1405 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1406 FAIL("client should need RI\n");
1407 goto err;
1408 }
1409
1410 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1411 sizeof(tlsext_ri_prev_client));
1412 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1413
1414 ssl->s3->renegotiate_seen = 0;
1415
1416 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1417 FAIL("client failed to build RI\n");
1418 goto err;
1419 }
1420
1421 if (!CBB_finish(&cbb, &data, &dlen))
1422 errx(1, "failed to finish CBB");
1423
1424 if (dlen != sizeof(tlsext_ri_client)) {
1425 FAIL("got client RI with length %zu, "
1426 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1427 goto err;
1428 }
1429
1430 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1431 FAIL("client RI differs:\n");
1432 fprintf(stderr, "received:\n");
1433 hexdump(data, dlen);
1434 fprintf(stderr, "test data:\n");
1435 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1436 goto err;
1437 }
1438
1439 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1440 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1441 FAIL("failed to parse client RI\n");
1442 goto err;
1443 }
1444 if (CBS_len(&cbs) != 0) {
1445 FAIL("extension data remaining\n");
1446 goto err;
1447 }
1448
1449 if (ssl->s3->renegotiate_seen != 1) {
1450 FAIL("renegotiate seen not set\n");
1451 goto err;
1452 }
1453 if (ssl->s3->send_connection_binding != 1) {
1454 FAIL("send connection binding not set\n");
1455 goto err;
1456 }
1457
1458 memset(ssl->s3->previous_client_finished, 0,
1459 sizeof(ssl->s3->previous_client_finished));
1460
1461 ssl->s3->renegotiate_seen = 0;
1462
1463 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1464 if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1465 FAIL("parsed invalid client RI\n");
1466 goto err;
1467 }
1468
1469 if (ssl->s3->renegotiate_seen == 1) {
1470 FAIL("renegotiate seen set\n");
1471 goto err;
1472 }
1473
1474 failure = 0;
1475
1476 err:
1477 CBB_cleanup(&cbb);
1478 SSL_CTX_free(ssl_ctx);
1479 SSL_free(ssl);
1480 free(data);
1481
1482 return (failure);
1483}
1484
1485static int
1486test_tlsext_ri_server(void)
1487{
1488 unsigned char *data = NULL;
1489 SSL_CTX *ssl_ctx = NULL;
1490 SSL *ssl = NULL;
1491 const struct tls_extension_funcs *client_funcs;
1492 const struct tls_extension_funcs *server_funcs;
1493 int failure;
1494 size_t dlen;
1495 int alert;
1496 CBB cbb;
1497 CBS cbs;
1498
1499 failure = 1;
1500
1501 if (!CBB_init(&cbb, 0))
1502 errx(1, "Failed to create CBB");
1503
1504 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1505 errx(1, "failed to create SSL_CTX");
1506 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1507 errx(1, "failed to create SSL");
1508
1509 if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs,
1510 &server_funcs))
1511 errx(1, "failed to fetch ri funcs");
1512
1513 ssl->version = TLS1_2_VERSION;
1514 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1515 FAIL("server should not need RI\n");
1516 goto err;
1517 }
1518
1519 ssl->s3->send_connection_binding = 1;
1520
1521 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1522 FAIL("server should need RI\n");
1523 goto err;
1524 }
1525
1526 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1527 sizeof(tlsext_ri_prev_client));
1528 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1529
1530 memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server,
1531 sizeof(tlsext_ri_prev_server));
1532 ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1533
1534 ssl->s3->renegotiate_seen = 0;
1535
1536 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1537 FAIL("server failed to build RI\n");
1538 goto err;
1539 }
1540
1541 if (!CBB_finish(&cbb, &data, &dlen))
1542 errx(1, "failed to finish CBB");
1543
1544 if (dlen != sizeof(tlsext_ri_server)) {
1545 FAIL("got server RI with length %zu, "
1546 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1547 goto err;
1548 }
1549
1550 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1551 FAIL("server RI differs:\n");
1552 fprintf(stderr, "received:\n");
1553 hexdump(data, dlen);
1554 fprintf(stderr, "test data:\n");
1555 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1556 goto err;
1557 }
1558
1559 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1560 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1561 FAIL("failed to parse server RI\n");
1562 goto err;
1563 }
1564 if (CBS_len(&cbs) != 0) {
1565 FAIL("extension data remaining\n");
1566 goto err;
1567 }
1568
1569 if (ssl->s3->renegotiate_seen != 1) {
1570 FAIL("renegotiate seen not set\n");
1571 goto err;
1572 }
1573 if (ssl->s3->send_connection_binding != 1) {
1574 FAIL("send connection binding not set\n");
1575 goto err;
1576 }
1577
1578 memset(ssl->s3->previous_client_finished, 0,
1579 sizeof(ssl->s3->previous_client_finished));
1580 memset(ssl->s3->previous_server_finished, 0,
1581 sizeof(ssl->s3->previous_server_finished));
1582
1583 ssl->s3->renegotiate_seen = 0;
1584
1585 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1586 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1587 FAIL("parsed invalid server RI\n");
1588 goto err;
1589 }
1590
1591 if (ssl->s3->renegotiate_seen == 1) {
1592 FAIL("renegotiate seen set\n");
1593 goto err;
1594 }
1595
1596 failure = 0;
1597
1598 err:
1599 CBB_cleanup(&cbb);
1600 SSL_CTX_free(ssl_ctx);
1601 SSL_free(ssl);
1602 free(data);
1603
1604 return (failure);
1605}
1606
1607/*
1608 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1609 */
1610
1611static unsigned char tlsext_sigalgs_client[] = {
1612 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1613 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
1614 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
1615};
1616
1617static int
1618test_tlsext_sigalgs_client(void)
1619{
1620 unsigned char *data = NULL;
1621 SSL_CTX *ssl_ctx = NULL;
1622 SSL *ssl = NULL;
1623 const struct tls_extension_funcs *client_funcs;
1624 const struct tls_extension_funcs *server_funcs;
1625 int failure;
1626 size_t dlen;
1627 int alert;
1628 CBB cbb;
1629 CBS cbs;
1630
1631 failure = 1;
1632
1633 if (!CBB_init(&cbb, 0))
1634 errx(1, "Failed to create CBB");
1635
1636 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1637 errx(1, "failed to create SSL_CTX");
1638 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1639 errx(1, "failed to create SSL");
1640
1641 if (!tls_extension_funcs(TLSEXT_TYPE_signature_algorithms,
1642 &client_funcs, &server_funcs))
1643 errx(1, "failed to fetch sigalgs funcs");
1644
1645 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
1646
1647 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1648 FAIL("client should not need sigalgs\n");
1649 goto done;
1650 }
1651
1652 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
1653
1654 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1655 FAIL("client should need sigalgs\n");
1656 goto done;
1657 }
1658
1659 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1660 FAIL("client failed to build sigalgs\n");
1661 goto done;
1662 }
1663
1664 if (!CBB_finish(&cbb, &data, &dlen))
1665 errx(1, "failed to finish CBB");
1666
1667 if (dlen != sizeof(tlsext_sigalgs_client)) {
1668 FAIL("got client sigalgs length %zu, "
1669 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1670 goto done;
1671 }
1672
1673 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1674 FAIL("client SNI differs:\n");
1675 fprintf(stderr, "received:\n");
1676 hexdump(data, dlen);
1677 fprintf(stderr, "test data:\n");
1678 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1679 goto done;
1680 }
1681
1682 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1683 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1684 FAIL("failed to parse client SNI\n");
1685 goto done;
1686 }
1687 if (CBS_len(&cbs) != 0) {
1688 FAIL("extension data remaining\n");
1689 goto done;
1690 }
1691
1692 failure = 0;
1693
1694 done:
1695 CBB_cleanup(&cbb);
1696 SSL_CTX_free(ssl_ctx);
1697 SSL_free(ssl);
1698 free(data);
1699
1700 return (failure);
1701}
1702
1703#if 0
1704static int
1705test_tlsext_sigalgs_server(void)
1706{
1707 unsigned char *data = NULL;
1708 SSL_CTX *ssl_ctx = NULL;
1709 SSL *ssl = NULL;
1710 const struct tls_extension_funcs *client_funcs;
1711 const struct tls_extension_funcs *server_funcs;
1712 int failure;
1713 size_t dlen;
1714 int alert;
1715 CBB cbb;
1716 CBS cbs;
1717
1718 failure = 1;
1719
1720 if (!CBB_init(&cbb, 0))
1721 errx(1, "Failed to create CBB");
1722
1723 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1724 errx(1, "failed to create SSL_CTX");
1725 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1726 errx(1, "failed to create SSL");
1727
1728 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1729 &server_funcs))
1730 errx(1, "failed to fetch sigalgs funcs");
1731
1732 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1733 FAIL("server should not need sigalgs\n");
1734 goto done;
1735 }
1736
1737 if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1738 FAIL("server should not build sigalgs\n");
1739 goto done;
1740 }
1741
1742 if (!CBB_finish(&cbb, &data, &dlen))
1743 errx(1, "failed to finish CBB");
1744
1745 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1746 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1747 FAIL("server should not parse sigalgs\n");
1748 goto done;
1749 }
1750
1751 failure = 0;
1752
1753 done:
1754 CBB_cleanup(&cbb);
1755 SSL_CTX_free(ssl_ctx);
1756 SSL_free(ssl);
1757 free(data);
1758
1759 return (failure);
1760}
1761#endif
1762
1763/*
1764 * Server Name Indication - RFC 6066 section 3.
1765 */
1766
1767#define TEST_SNI_SERVERNAME "www.libressl.org"
1768
1769static unsigned char tlsext_sni_client[] = {
1770 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1771 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1772 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1773};
1774
1775static unsigned char tlsext_sni_server[] = {
1776};
1777
1778static int
1779test_tlsext_sni_client(void)
1780{
1781 unsigned char *data = NULL;
1782 SSL_CTX *ssl_ctx = NULL;
1783 SSL *ssl = NULL;
1784 const struct tls_extension_funcs *client_funcs;
1785 const struct tls_extension_funcs *server_funcs;
1786 int failure;
1787 size_t dlen;
1788 int alert;
1789 CBB cbb;
1790 CBS cbs;
1791
1792 failure = 1;
1793
1794 if (!CBB_init(&cbb, 0))
1795 errx(1, "Failed to create CBB");
1796
1797 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1798 errx(1, "failed to create SSL_CTX");
1799 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1800 errx(1, "failed to create SSL");
1801
1802 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1803 &server_funcs))
1804 errx(1, "failed to fetch sni funcs");
1805
1806 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1807 FAIL("client should not need SNI\n");
1808 goto err;
1809 }
1810
1811 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1812 FAIL("client failed to set server name\n");
1813 goto err;
1814 }
1815
1816 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1817 FAIL("client should need SNI\n");
1818 goto err;
1819 }
1820
1821 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1822 FAIL("client failed to build SNI\n");
1823 goto err;
1824 }
1825
1826 if (!CBB_finish(&cbb, &data, &dlen)) {
1827 FAIL("failed to finish CBB");
1828 goto err;
1829 }
1830
1831 if (dlen != sizeof(tlsext_sni_client)) {
1832 FAIL("got client SNI with length %zu, "
1833 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1834 goto err;
1835 }
1836
1837 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1838 FAIL("client SNI differs:\n");
1839 fprintf(stderr, "received:\n");
1840 hexdump(data, dlen);
1841 fprintf(stderr, "test data:\n");
1842 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1843 goto err;
1844 }
1845
1846 /*
1847 * SSL_set_tlsext_host_name() may be called with a NULL host name to
1848 * disable SNI.
1849 */
1850 if (!SSL_set_tlsext_host_name(ssl, NULL)) {
1851 FAIL("cannot set host name to NULL");
1852 goto err;
1853 }
1854
1855 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1856 FAIL("client should not need SNI\n");
1857 goto err;
1858 }
1859
1860 if ((ssl->session = SSL_SESSION_new()) == NULL) {
1861 FAIL("failed to create session");
1862 goto err;
1863 }
1864
1865 ssl->hit = 0;
1866
1867 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1868 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1869 FAIL("failed to parse client SNI\n");
1870 goto err;
1871 }
1872 if (CBS_len(&cbs) != 0) {
1873 FAIL("extension data remaining\n");
1874 goto err;
1875 }
1876
1877 if (ssl->session->tlsext_hostname == NULL) {
1878 FAIL("no tlsext_hostname from client SNI\n");
1879 goto err;
1880 }
1881
1882 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1883 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1884 strlen(TEST_SNI_SERVERNAME)) != 0) {
1885 FAIL("got tlsext_hostname `%s', want `%s'\n",
1886 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1887 goto err;
1888 }
1889
1890 ssl->hit = 1;
1891
1892 free(ssl->session->tlsext_hostname);
1893 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1894 NULL) {
1895 FAIL("failed to strdup tlsext_hostname");
1896 goto err;
1897 }
1898
1899 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1900 if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1901 FAIL("parsed client with mismatched SNI\n");
1902 goto err;
1903 }
1904
1905 failure = 0;
1906
1907 err:
1908 CBB_cleanup(&cbb);
1909 SSL_CTX_free(ssl_ctx);
1910 SSL_free(ssl);
1911 free(data);
1912
1913 return (failure);
1914}
1915
1916static int
1917test_tlsext_sni_server(void)
1918{
1919 unsigned char *data = NULL;
1920 SSL_CTX *ssl_ctx = NULL;
1921 SSL *ssl = NULL;
1922 const struct tls_extension_funcs *client_funcs;
1923 const struct tls_extension_funcs *server_funcs;
1924 int failure;
1925 size_t dlen;
1926 int alert;
1927 CBB cbb;
1928 CBS cbs;
1929
1930 failure = 1;
1931
1932 if (!CBB_init(&cbb, 0))
1933 errx(1, "Failed to create CBB");
1934
1935 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1936 errx(1, "failed to create SSL_CTX");
1937 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1938 errx(1, "failed to create SSL");
1939
1940 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1941 &server_funcs))
1942 errx(1, "failed to fetch sni funcs");
1943
1944 if ((ssl->session = SSL_SESSION_new()) == NULL)
1945 errx(1, "failed to create session");
1946
1947 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1948 FAIL("server should not need SNI\n");
1949 goto err;
1950 }
1951
1952 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1953 FAIL("client failed to set server name\n");
1954 goto err;
1955 }
1956
1957 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1958 NULL)
1959 errx(1, "failed to strdup tlsext_hostname");
1960
1961 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1962 FAIL("server should need SNI\n");
1963 goto err;
1964 }
1965
1966 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1967 FAIL("server failed to build SNI\n");
1968 goto err;
1969 }
1970
1971 if (!CBB_finish(&cbb, &data, &dlen))
1972 errx(1, "failed to finish CBB");
1973
1974 if (dlen != sizeof(tlsext_sni_server)) {
1975 FAIL("got server SNI with length %zu, "
1976 "want length %zu\n", dlen, sizeof(tlsext_sni_server));
1977 goto err;
1978 }
1979
1980 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1981 FAIL("server SNI differs:\n");
1982 fprintf(stderr, "received:\n");
1983 hexdump(data, dlen);
1984 fprintf(stderr, "test data:\n");
1985 hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
1986 goto err;
1987 }
1988
1989 free(ssl->session->tlsext_hostname);
1990 ssl->session->tlsext_hostname = NULL;
1991
1992 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
1993 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1994 FAIL("failed to parse server SNI\n");
1995 goto err;
1996 }
1997 if (CBS_len(&cbs) != 0) {
1998 FAIL("extension data remaining\n");
1999 goto err;
2000 }
2001
2002 if (ssl->session->tlsext_hostname == NULL) {
2003 FAIL("no tlsext_hostname after server SNI\n");
2004 goto err;
2005 }
2006
2007 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
2008 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
2009 strlen(TEST_SNI_SERVERNAME)) != 0) {
2010 FAIL("got tlsext_hostname `%s', want `%s'\n",
2011 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
2012 goto err;
2013 }
2014
2015 failure = 0;
2016
2017 err:
2018 CBB_cleanup(&cbb);
2019 SSL_CTX_free(ssl_ctx);
2020 SSL_free(ssl);
2021 free(data);
2022
2023 return (failure);
2024}
2025
2026
2027/*
2028 * QUIC transport parameters extension - RFC 90210 :)
2029 */
2030
2031#define TEST_QUIC_TRANSPORT_DATA "0123456789abcdef"
2032
2033static unsigned char tlsext_quic_transport_data[] = {
2034 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2035 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
2036};
2037
2038static int
2039test_tlsext_quic_transport_parameters_client(void)
2040{
2041 const SSL_QUIC_METHOD quic_method;
2042 unsigned char *data = NULL;
2043 SSL_CTX *ssl_ctx = NULL;
2044 SSL *ssl = NULL;
2045 const struct tls_extension_funcs *client_funcs;
2046 const struct tls_extension_funcs *server_funcs;
2047 int failure;
2048 size_t dlen;
2049 CBB cbb;
2050 CBS cbs;
2051 int alert;
2052 const uint8_t *out_bytes;
2053 size_t out_bytes_len;
2054
2055 failure = 1;
2056
2057 if (!CBB_init(&cbb, 0))
2058 errx(1, "Failed to create CBB");
2059
2060 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2061 errx(1, "failed to create SSL_CTX");
2062 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2063 errx(1, "failed to create SSL");
2064
2065 if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters,
2066 &client_funcs, &server_funcs))
2067 errx(1, "failed to fetch quic transport parameter funcs");
2068
2069 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2070 FAIL("client should not need QUIC\n");
2071 goto err;
2072 }
2073
2074 if (!SSL_set_quic_transport_params(ssl,
2075 TEST_QUIC_TRANSPORT_DATA, strlen(TEST_QUIC_TRANSPORT_DATA))) {
2076 FAIL("client failed to set QUIC parametes\n");
2077 goto err;
2078 }
2079
2080 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2081 FAIL("client should not need QUIC\n");
2082 goto err;
2083 }
2084
2085 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
2086 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
2087
2088 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2089 FAIL("client should not need QUIC\n");
2090 goto err;
2091 }
2092
2093 ssl->quic_method = &quic_method;
2094
2095 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2096 FAIL("client should need QUIC\n");
2097 goto err;
2098 }
2099
2100 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2101 FAIL("client failed to build QUIC\n");
2102 goto err;
2103 }
2104
2105 if (!CBB_finish(&cbb, &data, &dlen)) {
2106 FAIL("failed to finish CBB");
2107 goto err;
2108 }
2109
2110 if (dlen != sizeof(tlsext_quic_transport_data)) {
2111 FAIL("got client QUIC with length %zu, "
2112 "want length %zu\n", dlen,
2113 sizeof(tlsext_quic_transport_data));
2114 goto err;
2115 }
2116
2117 if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) {
2118 FAIL("client QUIC differs:\n");
2119 fprintf(stderr, "received:\n");
2120 hexdump(data, dlen);
2121 fprintf(stderr, "test data:\n");
2122 hexdump(tlsext_quic_transport_data,
2123 sizeof(tlsext_quic_transport_data));
2124 goto err;
2125 }
2126
2127 CBS_init(&cbs, tlsext_quic_transport_data,
2128 sizeof(tlsext_quic_transport_data));
2129
2130 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2131 FAIL("server_parse of QUIC from server failed\n");
2132 goto err;
2133 }
2134 if (CBS_len(&cbs) != 0) {
2135 FAIL("extension data remaining\n");
2136 goto err;
2137 }
2138
2139 SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len);
2140
2141 if (out_bytes_len != strlen(TEST_QUIC_TRANSPORT_DATA)) {
2142 FAIL("server_parse QUIC length differs, got %zu want %zu\n",
2143 out_bytes_len,
2144 sizeof(tlsext_quic_transport_data));
2145 goto err;
2146 }
2147
2148 if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA,
2149 out_bytes_len) != 0) {
2150 FAIL("server_parse QUIC differs from sent:\n");
2151 fprintf(stderr, "received:\n");
2152 hexdump(data, dlen);
2153 fprintf(stderr, "test data:\n");
2154 hexdump(tlsext_quic_transport_data,
2155 sizeof(tlsext_quic_transport_data));
2156 goto err;
2157 }
2158
2159 failure = 0;
2160
2161 err:
2162 CBB_cleanup(&cbb);
2163 SSL_CTX_free(ssl_ctx);
2164 SSL_free(ssl);
2165 free(data);
2166
2167 return (failure);
2168}
2169
2170static int
2171test_tlsext_quic_transport_parameters_server(void)
2172{
2173 const SSL_QUIC_METHOD quic_method;
2174 unsigned char *data = NULL;
2175 SSL_CTX *ssl_ctx = NULL;
2176 SSL *ssl = NULL;
2177 const struct tls_extension_funcs *client_funcs;
2178 const struct tls_extension_funcs *server_funcs;
2179 int failure;
2180 size_t dlen;
2181 int alert;
2182 CBB cbb;
2183 CBS cbs;
2184 const uint8_t *out_bytes;
2185 size_t out_bytes_len;
2186
2187 failure = 1;
2188
2189 if (!CBB_init(&cbb, 0))
2190 errx(1, "Failed to create CBB");
2191
2192 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2193 errx(1, "failed to create SSL_CTX");
2194 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2195 errx(1, "failed to create SSL");
2196
2197 if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters,
2198 &client_funcs, &server_funcs))
2199 errx(1, "failed to fetch quic transport parameter funcs");
2200
2201 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2202 FAIL("server should not need QUIC\n");
2203 goto err;
2204 }
2205
2206 if (!SSL_set_quic_transport_params(ssl,
2207 TEST_QUIC_TRANSPORT_DATA, strlen(TEST_QUIC_TRANSPORT_DATA))) {
2208 FAIL("server failed to set QUIC parametes\n");
2209 goto err;
2210 }
2211
2212 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) {
2213 FAIL("server should not need QUIC\n");
2214 goto err;
2215 }
2216
2217 ssl->quic_method = &quic_method;
2218
2219 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) {
2220 FAIL("server should need QUIC\n");
2221 goto err;
2222 }
2223
2224 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_EE, &cbb)) {
2225 FAIL("server failed to build QUIC\n");
2226 goto err;
2227 }
2228
2229 if (!CBB_finish(&cbb, &data, &dlen))
2230 errx(1, "failed to finish CBB");
2231
2232 if (dlen != sizeof(tlsext_quic_transport_data)) {
2233 FAIL("got server QUIC with length %zu, want length %zu\n",
2234 dlen, sizeof(tlsext_quic_transport_data));
2235 goto err;
2236 }
2237
2238 if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) {
2239 FAIL("saved server QUIC differs:\n");
2240 fprintf(stderr, "received:\n");
2241 hexdump(data, dlen);
2242 fprintf(stderr, "test data:\n");
2243 hexdump(tlsext_quic_transport_data,
2244 sizeof(tlsext_quic_transport_data));
2245 goto err;
2246 }
2247
2248 CBS_init(&cbs, tlsext_quic_transport_data,
2249 sizeof(tlsext_quic_transport_data));
2250
2251 ssl->quic_method = NULL;
2252
2253 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) {
2254 FAIL("QUIC parse should have failed!\n");
2255 goto err;
2256 }
2257
2258 ssl->quic_method = &quic_method;
2259
2260 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2261 FAIL("client_parse of QUIC from server failed\n");
2262 goto err;
2263 }
2264 if (CBS_len(&cbs) != 0) {
2265 FAIL("extension data remaining\n");
2266 goto err;
2267 }
2268
2269 SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len);
2270
2271 if (out_bytes_len != strlen(TEST_QUIC_TRANSPORT_DATA)) {
2272 FAIL("client QUIC length differs, got %zu want %zu\n",
2273 out_bytes_len,
2274 sizeof(tlsext_quic_transport_data));
2275 goto err;
2276 }
2277
2278 if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, out_bytes_len) != 0) {
2279 FAIL("client QUIC differs from sent:\n");
2280 fprintf(stderr, "received:\n");
2281 hexdump(data, dlen);
2282 fprintf(stderr, "test data:\n");
2283 hexdump(tlsext_quic_transport_data,
2284 sizeof(tlsext_quic_transport_data));
2285 goto err;
2286 }
2287
2288 failure = 0;
2289
2290 err:
2291 CBB_cleanup(&cbb);
2292 SSL_CTX_free(ssl_ctx);
2293 SSL_free(ssl);
2294 free(data);
2295
2296 return (failure);
2297}
2298
2299static unsigned char tls_ocsp_client_default[] = {
2300 0x01, 0x00, 0x00, 0x00, 0x00
2301};
2302
2303static int
2304test_tlsext_ocsp_client(void)
2305{
2306 unsigned char *data = NULL;
2307 SSL_CTX *ssl_ctx = NULL;
2308 SSL *ssl = NULL;
2309 const struct tls_extension_funcs *client_funcs;
2310 const struct tls_extension_funcs *server_funcs;
2311 size_t dlen;
2312 int failure;
2313 int alert;
2314 CBB cbb;
2315 CBS cbs;
2316
2317 failure = 1;
2318
2319 if (!CBB_init(&cbb, 0))
2320 errx(1, "Failed to create CBB");
2321
2322 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2323 errx(1, "failed to create SSL_CTX");
2324 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2325 errx(1, "failed to create SSL");
2326
2327 if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs,
2328 &server_funcs))
2329 errx(1, "failed to fetch ocsp funcs");
2330
2331 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2332 FAIL("client should not need TLSEXT_TYPE_status_request\n");
2333 goto err;
2334 }
2335 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
2336
2337 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2338 FAIL("client should need TLSEXT_TYPE_status_request\n");
2339 goto err;
2340 }
2341 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2342 FAIL("client failed to build SNI\n");
2343 goto err;
2344 }
2345 if (!CBB_finish(&cbb, &data, &dlen))
2346 errx(1, "failed to finish CBB");
2347
2348 if (dlen != sizeof(tls_ocsp_client_default)) {
2349 FAIL("got TLSEXT_TYPE_status_request client with length %zu, "
2350 "want length %zu\n", dlen,
2351 sizeof(tls_ocsp_client_default));
2352 goto err;
2353 }
2354 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
2355 FAIL("TLSEXT_TYPE_status_request client differs:\n");
2356 fprintf(stderr, "received:\n");
2357 hexdump(data, dlen);
2358 fprintf(stderr, "test data:\n");
2359 hexdump(tls_ocsp_client_default,
2360 sizeof(tls_ocsp_client_default));
2361 goto err;
2362 }
2363 CBS_init(&cbs, tls_ocsp_client_default,
2364 sizeof(tls_ocsp_client_default));
2365 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2366 FAIL("failed to parse TLSEXT_TYPE_status_request client\n");
2367 goto err;
2368 }
2369 if (CBS_len(&cbs) != 0) {
2370 FAIL("extension data remaining\n");
2371 goto err;
2372 }
2373
2374 failure = 0;
2375
2376 err:
2377 CBB_cleanup(&cbb);
2378 SSL_CTX_free(ssl_ctx);
2379 SSL_free(ssl);
2380 free(data);
2381
2382 return (failure);
2383}
2384
2385static int
2386test_tlsext_ocsp_server(void)
2387{
2388 unsigned char *data = NULL;
2389 SSL_CTX *ssl_ctx = NULL;
2390 SSL *ssl = NULL;
2391 const struct tls_extension_funcs *client_funcs;
2392 const struct tls_extension_funcs *server_funcs;
2393 size_t dlen;
2394 int failure;
2395 CBB cbb;
2396
2397 failure = 1;
2398
2399 if (!CBB_init(&cbb, 0))
2400 errx(1, "Failed to create CBB");
2401
2402 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2403 errx(1, "failed to create SSL_CTX");
2404 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2405 errx(1, "failed to create SSL");
2406
2407 if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs,
2408 &server_funcs))
2409 errx(1, "failed to fetch ocsp funcs");
2410
2411 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2412 FAIL("server should not need TLSEXT_TYPE_status_request\n");
2413 goto err;
2414 }
2415
2416 ssl->tlsext_status_expected = 1;
2417
2418 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2419 FAIL("server should need TLSEXT_TYPE_status_request\n");
2420 goto err;
2421 }
2422 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2423 FAIL("server failed to build TLSEXT_TYPE_status_request\n");
2424 goto err;
2425 }
2426
2427 if (!CBB_finish(&cbb, &data, &dlen))
2428 errx(1, "failed to finish CBB");
2429
2430 failure = 0;
2431
2432 err:
2433 CBB_cleanup(&cbb);
2434 SSL_CTX_free(ssl_ctx);
2435 SSL_free(ssl);
2436 free(data);
2437
2438 return (failure);
2439}
2440
2441/*
2442 * Session ticket - RFC 5077 since no known implementations use 4507.
2443 *
2444 * Session tickets can be length 0 (special case) to 2^16-1.
2445 *
2446 * The state is encrypted by the server so it is opaque to the client.
2447 */
2448static uint8_t tlsext_sessionticket_hello_min[1];
2449static uint8_t tlsext_sessionticket_hello_max[65535];
2450
2451static int
2452test_tlsext_sessionticket_client(void)
2453{
2454 unsigned char *data = NULL;
2455 SSL_CTX *ssl_ctx = NULL;
2456 SSL *ssl = NULL;
2457 const struct tls_extension_funcs *client_funcs;
2458 const struct tls_extension_funcs *server_funcs;
2459 int failure;
2460 CBB cbb;
2461 size_t dlen;
2462 uint8_t dummy[1234];
2463
2464 failure = 1;
2465
2466 if (!CBB_init(&cbb, 0))
2467 errx(1, "Failed to create CBB");
2468
2469 /* Create fake session tickets with random data. */
2470 arc4random_buf(tlsext_sessionticket_hello_min,
2471 sizeof(tlsext_sessionticket_hello_min));
2472 arc4random_buf(tlsext_sessionticket_hello_max,
2473 sizeof(tlsext_sessionticket_hello_max));
2474
2475 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2476 errx(1, "failed to create SSL_CTX");
2477 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2478 errx(1, "failed to create SSL");
2479
2480 if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs,
2481 &server_funcs))
2482 errx(1, "failed to fetch session ticket funcs");
2483
2484 /* Should need a ticket by default. */
2485 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2486 FAIL("client should need Sessionticket for default "
2487 "ciphers\n");
2488 goto err;
2489 }
2490
2491 /* Test disabling tickets. */
2492 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2493 FAIL("Cannot disable tickets in the TLS connection\n");
2494 goto err;
2495 }
2496 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2497 FAIL("client should not need SessionTicket if it was disabled\n");
2498 goto err;
2499 }
2500
2501 /* Test re-enabling tickets. */
2502 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2503 FAIL("Cannot re-enable tickets in the TLS connection\n");
2504 goto err;
2505 }
2506 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2507 FAIL("client should need SessionTicket if it was disabled\n");
2508 goto err;
2509 }
2510
2511 /* Since we don't have a session, we should build an empty ticket. */
2512 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2513 FAIL("Cannot build a ticket\n");
2514 goto err;
2515 }
2516 if (!CBB_finish(&cbb, &data, &dlen)) {
2517 FAIL("Cannot finish CBB\n");
2518 goto err;
2519 }
2520 if (dlen != 0) {
2521 FAIL("Expected 0 length but found %zu\n", dlen);
2522 goto err;
2523 }
2524
2525 CBB_cleanup(&cbb);
2526 if (!CBB_init(&cbb, 0))
2527 errx(1, "Failed to create CBB");
2528 free(data);
2529 data = NULL;
2530
2531 /* With a new session (but no ticket), we should still have 0 length */
2532 if ((ssl->session = SSL_SESSION_new()) == NULL)
2533 errx(1, "failed to create session");
2534 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2535 FAIL("Should still want a session ticket with a new session\n");
2536 goto err;
2537 }
2538 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2539 FAIL("Cannot build a ticket\n");
2540 goto err;
2541 }
2542 if (!CBB_finish(&cbb, &data, &dlen)) {
2543 FAIL("Cannot finish CBB\n");
2544 goto err;
2545 }
2546 if (dlen != 0) {
2547 FAIL("Expected 0 length but found %zu\n", dlen);
2548 goto err;
2549 }
2550
2551 CBB_cleanup(&cbb);
2552 if (!CBB_init(&cbb, 0))
2553 errx(1, "Failed to create CBB");
2554 free(data);
2555 data = NULL;
2556
2557 /* With a new session (and ticket), we should use that ticket */
2558 SSL_SESSION_free(ssl->session);
2559 if ((ssl->session = SSL_SESSION_new()) == NULL)
2560 errx(1, "failed to create session");
2561
2562 arc4random_buf(&dummy, sizeof(dummy));
2563 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2564 errx(1, "failed to malloc");
2565 }
2566 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2567 ssl->session->tlsext_ticklen = sizeof(dummy);
2568
2569 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2570 FAIL("Should still want a session ticket with a new session\n");
2571 goto err;
2572 }
2573 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2574 FAIL("Cannot build a ticket\n");
2575 goto err;
2576 }
2577 if (!CBB_finish(&cbb, &data, &dlen)) {
2578 FAIL("Cannot finish CBB\n");
2579 goto err;
2580 }
2581 if (dlen != sizeof(dummy)) {
2582 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2583 goto err;
2584 }
2585 if (memcmp(data, dummy, dlen) != 0) {
2586 FAIL("server SNI differs:\n");
2587 compare_data(data, dlen,
2588 dummy, sizeof(dummy));
2589 goto err;
2590 }
2591
2592 CBB_cleanup(&cbb);
2593 if (!CBB_init(&cbb, 0))
2594 errx(1, "Failed to create CBB");
2595 free(data);
2596 data = NULL;
2597 free(ssl->session->tlsext_tick);
2598 ssl->session->tlsext_tick = NULL;
2599 ssl->session->tlsext_ticklen = 0;
2600
2601 /*
2602 * Send in NULL to disable session tickets at runtime without going
2603 * through SSL_set_options().
2604 */
2605 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2606 FAIL("Could not set a NULL custom ticket\n");
2607 goto err;
2608 }
2609 /* Should not need a ticket in this case */
2610 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2611 FAIL("Should not want to use session tickets with a NULL custom\n");
2612 goto err;
2613 }
2614
2615 /*
2616 * If you want to remove the tlsext_session_ticket behavior, you have
2617 * to do it manually.
2618 */
2619 free(ssl->tlsext_session_ticket);
2620 ssl->tlsext_session_ticket = NULL;
2621
2622 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2623 FAIL("Should need a session ticket again when the custom one is removed\n");
2624 goto err;
2625 }
2626
2627 /* Test a custom session ticket (not recommended in practice) */
2628 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2629 sizeof(tlsext_sessionticket_hello_max))) {
2630 FAIL("Should be able to set a custom ticket\n");
2631 goto err;
2632 }
2633 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2634 FAIL("Should need a session ticket again when the custom one is not empty\n");
2635 goto err;
2636 }
2637 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2638 FAIL("Cannot build a ticket with a max length random payload\n");
2639 goto err;
2640 }
2641 if (!CBB_finish(&cbb, &data, &dlen)) {
2642 FAIL("Cannot finish CBB\n");
2643 goto err;
2644 }
2645 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2646 FAIL("Expected %zu length but found %zu\n",
2647 sizeof(tlsext_sessionticket_hello_max), dlen);
2648 goto err;
2649 }
2650 if (memcmp(data, tlsext_sessionticket_hello_max,
2651 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2652 FAIL("Expected to get what we passed in\n");
2653 compare_data(data, dlen,
2654 tlsext_sessionticket_hello_max,
2655 sizeof(tlsext_sessionticket_hello_max));
2656 goto err;
2657 }
2658
2659 failure = 0;
2660
2661 err:
2662 CBB_cleanup(&cbb);
2663 SSL_CTX_free(ssl_ctx);
2664 SSL_free(ssl);
2665 free(data);
2666
2667 return (failure);
2668}
2669
2670
2671static int
2672test_tlsext_sessionticket_server(void)
2673{
2674 SSL_CTX *ssl_ctx = NULL;
2675 SSL *ssl = NULL;
2676 const struct tls_extension_funcs *client_funcs;
2677 const struct tls_extension_funcs *server_funcs;
2678 int failure;
2679 uint8_t *data = NULL;
2680 size_t dlen;
2681 CBB cbb;
2682
2683 failure = 1;
2684
2685 if (!CBB_init(&cbb, 0))
2686 errx(1, "Failed to create CBB");
2687
2688 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2689 errx(1, "failed to create SSL_CTX");
2690 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2691 errx(1, "failed to create SSL");
2692
2693 if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs,
2694 &server_funcs))
2695 errx(1, "failed to fetch session ticket funcs");
2696
2697 /*
2698 * By default, should not need a session ticket since the ticket
2699 * is not yet expected.
2700 */
2701 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2702 FAIL("server should not need SessionTicket by default\n");
2703 goto err;
2704 }
2705
2706 /* Test disabling tickets. */
2707 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2708 FAIL("Cannot disable tickets in the TLS connection\n");
2709 goto err;
2710 }
2711 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2712 FAIL("server should not need SessionTicket if it was disabled\n");
2713 goto err;
2714 }
2715
2716 /* Test re-enabling tickets. */
2717 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2718 FAIL("Cannot re-enable tickets in the TLS connection\n");
2719 goto err;
2720 }
2721 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2722 FAIL("server should not need SessionTicket yet\n");
2723 goto err;
2724 }
2725
2726 /* Set expected to require it. */
2727 ssl->tlsext_ticket_expected = 1;
2728 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2729 FAIL("server should now be required for SessionTicket\n");
2730 goto err;
2731 }
2732
2733 /* server hello's session ticket should always be 0 length payload. */
2734 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2735 FAIL("Cannot build a ticket with a max length random payload\n");
2736 goto err;
2737 }
2738 if (!CBB_finish(&cbb, &data, &dlen)) {
2739 FAIL("Cannot finish CBB\n");
2740 goto err;
2741 }
2742 if (dlen != 0) {
2743 FAIL("Expected 0 length but found %zu\n", dlen);
2744 goto err;
2745 }
2746
2747 failure = 0;
2748
2749 err:
2750 CBB_cleanup(&cbb);
2751 SSL_CTX_free(ssl_ctx);
2752 SSL_free(ssl);
2753 free(data);
2754
2755 return (failure);
2756}
2757
2758#ifndef OPENSSL_NO_SRTP
2759/*
2760 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2761 */
2762
2763/* Colon separated string values */
2764const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2765const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2766
2767const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2768const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2769
2770const uint8_t tlsext_srtp_single[] = {
2771 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2772 0x00, 0x02, /* len */
2773 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2774 0x00 /* opaque srtp_mki<0..255> */
2775};
2776
2777const uint8_t tlsext_srtp_multiple[] = {
2778 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2779 0x00, 0x04, /* len */
2780 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2781 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2782 0x00 /* opaque srtp_mki<0..255> */
2783};
2784
2785const uint8_t tlsext_srtp_multiple_invalid[] = {
2786 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2787 0x00, 0x04, /* len */
2788 0x00, 0x08, /* arbitrary value not found in known profiles */
2789 0x00, 0x09, /* arbitrary value not found in known profiles */
2790 0x00 /* opaque srtp_mki<0..255> */
2791};
2792
2793const uint8_t tlsext_srtp_single_invalid[] = {
2794 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2795 0x00, 0x02, /* len */
2796 0x00, 0x08, /* arbitrary value not found in known profiles */
2797 0x00 /* opaque srtp_mki<0..255> */
2798};
2799
2800const uint8_t tlsext_srtp_multiple_one_valid[] = {
2801 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2802 0x00, 0x04, /* len */
2803 0x00, 0x08, /* arbitrary value not found in known profiles */
2804 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2805 0x00 /* opaque srtp_mki<0..255> */
2806};
2807
2808static int
2809test_tlsext_srtp_client(void)
2810{
2811 SRTP_PROTECTION_PROFILE *prof;
2812 SSL_CTX *ssl_ctx = NULL;
2813 SSL *ssl = NULL;
2814 const struct tls_extension_funcs *client_funcs;
2815 const struct tls_extension_funcs *server_funcs;
2816 uint8_t *data = NULL;
2817 CBB cbb;
2818 CBS cbs;
2819 int failure, alert;
2820 size_t dlen;
2821
2822 failure = 1;
2823
2824 if (!CBB_init(&cbb, 0))
2825 errx(1, "Failed to create CBB");
2826
2827 /* SRTP is for DTLS */
2828 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2829 errx(1, "failed to create SSL_CTX");
2830 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2831 errx(1, "failed to create SSL");
2832
2833 if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs,
2834 &server_funcs))
2835 errx(1, "failed to fetch srtp funcs");
2836
2837 /* By default, we don't need this */
2838 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2839 FAIL("client should not need SRTP by default\n");
2840 goto err;
2841 }
2842
2843 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2844 FAIL("should be able to set a single SRTP\n");
2845 goto err;
2846 }
2847 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2848 FAIL("client should need SRTP\n");
2849 goto err;
2850 }
2851
2852 /* Make sure we can build the client with a single profile. */
2853
2854 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2855 FAIL("client failed to build SRTP\n");
2856 goto err;
2857 }
2858 if (!CBB_finish(&cbb, &data, &dlen))
2859 errx(1, "failed to finish CBB");
2860
2861 if (dlen != sizeof(tlsext_srtp_single)) {
2862 FAIL("got client SRTP with length %zu, "
2863 "want length %zu\n", dlen,
2864 sizeof(tlsext_srtp_single));
2865 compare_data(data, dlen, tlsext_srtp_single,
2866 sizeof(tlsext_srtp_single));
2867 goto err;
2868 }
2869 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2870 FAIL("client SRTP differs:\n");
2871 compare_data(data, dlen, tlsext_srtp_single,
2872 sizeof(tlsext_srtp_single));
2873 goto err;
2874 }
2875
2876 CBB_cleanup(&cbb);
2877 if (!CBB_init(&cbb, 0))
2878 errx(1, "Failed to create CBB");
2879 free(data);
2880 data = NULL;
2881
2882 /* Make sure we can parse the single profile. */
2883
2884 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2885 FAIL("SRTP profile should not be set yet\n");
2886 goto err;
2887 }
2888
2889 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2890 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2891 FAIL("failed to parse SRTP\n");
2892 goto err;
2893 }
2894 if (CBS_len(&cbs) != 0) {
2895 FAIL("extension data remaining\n");
2896 goto err;
2897 }
2898
2899 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2900 FAIL("SRTP profile should be set now\n");
2901 goto err;
2902 }
2903 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2904 FAIL("SRTP profile was not set properly\n");
2905 goto err;
2906 }
2907
2908 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2909 FAIL("should send server extension when profile selected\n");
2910 goto err;
2911 }
2912
2913 /* Make sure we can build the clienthello with multiple entries. */
2914
2915 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2916 FAIL("should be able to set SRTP to multiple profiles\n");
2917 goto err;
2918 }
2919 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2920 FAIL("client should need SRTP by now\n");
2921 goto err;
2922 }
2923
2924 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2925 FAIL("client failed to build SRTP\n");
2926 goto err;
2927 }
2928 if (!CBB_finish(&cbb, &data, &dlen))
2929 errx(1, "failed to finish CBB");
2930
2931 if (dlen != sizeof(tlsext_srtp_multiple)) {
2932 FAIL("got client SRTP with length %zu, "
2933 "want length %zu\n", dlen,
2934 sizeof(tlsext_srtp_multiple));
2935 compare_data(data, dlen, tlsext_srtp_multiple,
2936 sizeof(tlsext_srtp_multiple));
2937 goto err;
2938 }
2939 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2940 FAIL("client SRTP differs:\n");
2941 compare_data(data, dlen, tlsext_srtp_multiple,
2942 sizeof(tlsext_srtp_multiple));
2943 goto err;
2944 }
2945
2946 CBB_cleanup(&cbb);
2947 if (!CBB_init(&cbb, 0))
2948 errx(1, "Failed to create CBB");
2949 free(data);
2950 data = NULL;
2951
2952 /* Make sure we can parse multiple profiles (selects server preferred) */
2953
2954 ssl->srtp_profile = NULL;
2955
2956 CBS_init(&cbs, tlsext_srtp_multiple,
2957 sizeof(tlsext_srtp_multiple));
2958 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2959 FAIL("failed to parse SRTP\n");
2960 goto err;
2961 }
2962 if (CBS_len(&cbs) != 0) {
2963 FAIL("extension data remaining\n");
2964 goto err;
2965 }
2966
2967 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2968 FAIL("SRTP profile should be set now\n");
2969 goto err;
2970 }
2971 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2972 FAIL("SRTP profile was not set properly\n");
2973 goto err;
2974 }
2975
2976 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2977 FAIL("should send server extension when profile selected\n");
2978 goto err;
2979 }
2980
2981 /*
2982 * Make sure we can parse the clienthello with multiple entries
2983 * where one is unknown.
2984 */
2985 ssl->srtp_profile = NULL;
2986
2987 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2988 sizeof(tlsext_srtp_multiple_one_valid));
2989 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2990 FAIL("failed to parse SRTP\n");
2991 goto err;
2992 }
2993 if (CBS_len(&cbs) != 0) {
2994 FAIL("extension data remaining\n");
2995 goto err;
2996 }
2997
2998 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2999 FAIL("SRTP profile should be set now\n");
3000 goto err;
3001 }
3002 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
3003 FAIL("SRTP profile was not set properly\n");
3004 goto err;
3005 }
3006
3007 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3008 FAIL("should send server extension when profile selected\n");
3009 goto err;
3010 }
3011
3012 /* Make sure we fall back to negotiated when none work. */
3013
3014 ssl->srtp_profile = NULL;
3015
3016 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
3017 sizeof(tlsext_srtp_multiple_invalid));
3018 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3019 FAIL("should be able to fall back to negotiated\n");
3020 goto err;
3021 }
3022 if (CBS_len(&cbs) != 0) {
3023 FAIL("extension data remaining\n");
3024 goto err;
3025 }
3026
3027 /* If we fallback, the server should NOT send the extension. */
3028 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
3029 FAIL("should not have selected a profile when none found\n");
3030 goto err;
3031 }
3032 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3033 FAIL("should not send server tlsext when no profile found\n");
3034 goto err;
3035 }
3036
3037 failure = 0;
3038
3039 err:
3040 CBB_cleanup(&cbb);
3041 SSL_CTX_free(ssl_ctx);
3042 SSL_free(ssl);
3043 free(data);
3044
3045 return (failure);
3046}
3047
3048static int
3049test_tlsext_srtp_server(void)
3050{
3051 const SRTP_PROTECTION_PROFILE *prof;
3052 SSL_CTX *ssl_ctx = NULL;
3053 SSL *ssl = NULL;
3054 const struct tls_extension_funcs *client_funcs;
3055 const struct tls_extension_funcs *server_funcs;
3056 uint8_t *data = NULL;
3057 CBB cbb;
3058 CBS cbs;
3059 int failure, alert;
3060 size_t dlen;
3061
3062 failure = 1;
3063
3064 if (!CBB_init(&cbb, 0))
3065 errx(1, "Failed to create CBB");
3066
3067 /* SRTP is for DTLS */
3068 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
3069 errx(1, "failed to create SSL_CTX");
3070 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3071 errx(1, "failed to create SSL");
3072
3073 if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs,
3074 &server_funcs))
3075 errx(1, "failed to fetch srtp funcs");
3076
3077 /* By default, we don't need this */
3078 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3079 FAIL("server should not need SRTP by default\n");
3080 goto err;
3081 }
3082
3083 if (srtp_find_profile_by_name(tlsext_srtp_aes128cmsha80, &prof,
3084 strlen(tlsext_srtp_aes128cmsha80))) {
3085 FAIL("should be able to find the given profile\n");
3086 goto err;
3087 }
3088 ssl->srtp_profile = prof;
3089 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3090 FAIL("server should need SRTP by now\n");
3091 goto err;
3092 }
3093
3094 /* Make sure we can build the server with a single profile. */
3095
3096 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3097 FAIL("server failed to build SRTP\n");
3098 goto err;
3099 }
3100 if (!CBB_finish(&cbb, &data, &dlen))
3101 errx(1, "failed to finish CBB");
3102
3103 if (dlen != sizeof(tlsext_srtp_single)) {
3104 FAIL("got server SRTP with length %zu, "
3105 "want length %zu\n", dlen,
3106 sizeof(tlsext_srtp_single));
3107 compare_data(data, dlen, tlsext_srtp_single,
3108 sizeof(tlsext_srtp_single));
3109 goto err;
3110 }
3111 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
3112 FAIL("server SRTP differs:\n");
3113 compare_data(data, dlen, tlsext_srtp_single,
3114 sizeof(tlsext_srtp_single));
3115 goto err;
3116 }
3117
3118 CBB_cleanup(&cbb);
3119 if (!CBB_init(&cbb, 0))
3120 errx(1, "Failed to create CBB");
3121 free(data);
3122 data = NULL;
3123
3124 /* Make sure we can parse the single profile. */
3125 ssl->srtp_profile = NULL;
3126
3127 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
3128 FAIL("SRTP profile should not be set yet\n");
3129 goto err;
3130 }
3131
3132 /* Setup the environment as if a client sent a list of profiles. */
3133 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
3134 FAIL("should be able to set multiple profiles in SRTP\n");
3135 goto err;
3136 }
3137
3138 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
3139 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3140 FAIL("failed to parse SRTP\n");
3141 goto err;
3142 }
3143 if (CBS_len(&cbs) != 0) {
3144 FAIL("extension data remaining\n");
3145 goto err;
3146 }
3147
3148 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
3149 FAIL("SRTP profile should be set now\n");
3150 goto err;
3151 }
3152 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
3153 FAIL("SRTP profile was not set properly\n");
3154 goto err;
3155 }
3156
3157 /* Make sure we cannot parse multiple profiles */
3158 ssl->srtp_profile = NULL;
3159
3160 CBS_init(&cbs, tlsext_srtp_multiple,
3161 sizeof(tlsext_srtp_multiple));
3162 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3163 FAIL("should not find multiple entries from the server\n");
3164 goto err;
3165 }
3166
3167 /* Make sure we cannot parse a server with unknown profile */
3168 ssl->srtp_profile = NULL;
3169
3170 CBS_init(&cbs, tlsext_srtp_single_invalid,
3171 sizeof(tlsext_srtp_single_invalid));
3172 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3173 FAIL("should not be able to parse this\n");
3174 goto err;
3175 }
3176
3177 failure = 0;
3178
3179 err:
3180 CBB_cleanup(&cbb);
3181 SSL_CTX_free(ssl_ctx);
3182 SSL_free(ssl);
3183 free(data);
3184
3185 return (failure);
3186}
3187#endif /* OPENSSL_NO_SRTP */
3188
3189unsigned char tlsext_clienthello_default[] = {
3190 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
3191 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
3192 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
3193 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16,
3194 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05,
3195 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
3196 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
3197};
3198
3199unsigned char tlsext_clienthello_disabled[] = {};
3200
3201static int
3202test_tlsext_clienthello_build(void)
3203{
3204 unsigned char *data = NULL;
3205 SSL_CTX *ssl_ctx = NULL;
3206 SSL *ssl = NULL;
3207 const struct tls_extension_funcs *client_funcs;
3208 const struct tls_extension_funcs *server_funcs;
3209 size_t dlen;
3210 int failure;
3211 CBB cbb;
3212
3213 failure = 1;
3214
3215 if (!CBB_init(&cbb, 0))
3216 errx(1, "failed to create CBB");
3217
3218 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
3219 FAIL("failed to create SSL_CTX");
3220 goto err;
3221 }
3222
3223 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
3224 FAIL("failed to create SSL");
3225 goto err;
3226 }
3227
3228 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3229 &server_funcs))
3230 errx(1, "failed to fetch supported versions funcs");
3231
3232 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3233 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3234
3235 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3236 FAIL("failed to build clienthello extensions\n");
3237 goto err;
3238 }
3239 if (!CBB_finish(&cbb, &data, &dlen)) {
3240 FAIL("failed to finish CBB");
3241 goto err;
3242 }
3243
3244 if (dlen != sizeof(tlsext_clienthello_default)) {
3245 FAIL("got clienthello extensions with length %zu, "
3246 "want length %zu\n", dlen,
3247 sizeof(tlsext_clienthello_default));
3248 compare_data(data, dlen, tlsext_clienthello_default,
3249 sizeof(tlsext_clienthello_default));
3250 goto err;
3251 }
3252 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
3253 FAIL("clienthello extensions differs:\n");
3254 compare_data(data, dlen, tlsext_clienthello_default,
3255 sizeof(tlsext_clienthello_default));
3256 goto err;
3257 }
3258
3259 free(data);
3260 data = NULL;
3261 CBB_cleanup(&cbb);
3262 if (!CBB_init(&cbb, 0))
3263 errx(1, "Failed to create CBB");
3264
3265 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
3266 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3267 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
3268 FAIL("failed to set cipher list\n");
3269 goto err;
3270 }
3271 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
3272 FAIL("failed to disable session tickets\n");
3273 goto err;
3274 }
3275
3276 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3277 FAIL("failed to build clienthello extensions\n");
3278 goto err;
3279 }
3280 if (!CBB_finish(&cbb, &data, &dlen)) {
3281 FAIL("failed to finish CBB");
3282 goto err;
3283 }
3284
3285 if (dlen != sizeof(tlsext_clienthello_disabled)) {
3286 FAIL("got clienthello extensions with length %zu, "
3287 "want length %zu\n", dlen,
3288 sizeof(tlsext_clienthello_disabled));
3289 compare_data(data, dlen, tlsext_clienthello_disabled,
3290 sizeof(tlsext_clienthello_disabled));
3291 goto err;
3292 }
3293 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
3294 FAIL("clienthello extensions differs:\n");
3295 compare_data(data, dlen, tlsext_clienthello_disabled,
3296 sizeof(tlsext_clienthello_disabled));
3297 goto err;
3298 }
3299
3300 failure = 0;
3301
3302 err:
3303 CBB_cleanup(&cbb);
3304 SSL_CTX_free(ssl_ctx);
3305 SSL_free(ssl);
3306 free(data);
3307
3308 return (failure);
3309}
3310
3311unsigned char tlsext_serverhello_default[] = {
3312 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
3313};
3314
3315unsigned char tlsext_serverhello_enabled[] = {
3316 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
3317 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23,
3318 0x00, 0x00,
3319};
3320
3321static int
3322test_tlsext_serverhello_build(void)
3323{
3324 unsigned char *data = NULL;
3325 SSL_CTX *ssl_ctx = NULL;
3326 SSL *ssl = NULL;
3327 size_t dlen;
3328 int failure;
3329 CBB cbb;
3330
3331 failure = 1;
3332
3333 if (!CBB_init(&cbb, 0))
3334 errx(1, "failed to create CBB");
3335
3336 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) {
3337 FAIL("failed to create SSL_CTX");
3338 goto err;
3339 }
3340 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
3341 FAIL("failed to create SSL");
3342 goto err;
3343 }
3344 if ((ssl->session = SSL_SESSION_new()) == NULL) {
3345 FAIL("failed to create session");
3346 goto err;
3347 }
3348
3349 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3350 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3351 ssl->s3->hs.cipher =
3352 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
3353
3354 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3355 FAIL("failed to build serverhello extensions\n");
3356 goto err;
3357 }
3358 if (!CBB_finish(&cbb, &data, &dlen)) {
3359 FAIL("failed to finish CBB");
3360 goto err;
3361 }
3362
3363 if (dlen != sizeof(tlsext_serverhello_default)) {
3364 FAIL("got serverhello extensions with length %zu, "
3365 "want length %zu\n", dlen,
3366 sizeof(tlsext_serverhello_default));
3367 compare_data(data, dlen, tlsext_serverhello_default,
3368 sizeof(tlsext_serverhello_default));
3369 goto err;
3370 }
3371 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
3372 FAIL("serverhello extensions differs:\n");
3373 compare_data(data, dlen, tlsext_serverhello_default,
3374 sizeof(tlsext_serverhello_default));
3375 goto err;
3376 }
3377
3378 CBB_cleanup(&cbb);
3379 free(data);
3380 data = NULL;
3381 if (!CBB_init(&cbb, 0))
3382 errx(1, "Failed to create CBB");
3383
3384 /* Turn a few things on so we get extensions... */
3385 ssl->s3->send_connection_binding = 1;
3386 ssl->s3->hs.cipher =
3387 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
3388 ssl->tlsext_status_expected = 1;
3389 ssl->tlsext_ticket_expected = 1;
3390 if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) {
3391 FAIL("malloc failed");
3392 goto err;
3393 }
3394 ssl->session->tlsext_ecpointformatlist_length = 1;
3395 ssl->session->tlsext_ecpointformatlist[0] =
3396 TLSEXT_ECPOINTFORMAT_uncompressed;
3397
3398 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3399 FAIL("failed to build serverhello extensions\n");
3400 goto err;
3401 }
3402 if (!CBB_finish(&cbb, &data, &dlen)) {
3403 FAIL("failed to finish CBB");
3404 goto err;
3405 }
3406
3407 if (dlen != sizeof(tlsext_serverhello_enabled)) {
3408 FAIL("got serverhello extensions with length %zu, "
3409 "want length %zu\n", dlen,
3410 sizeof(tlsext_serverhello_enabled));
3411 compare_data(data, dlen, tlsext_serverhello_enabled,
3412 sizeof(tlsext_serverhello_enabled));
3413 goto err;
3414 }
3415 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
3416 FAIL("serverhello extensions differs:\n");
3417 compare_data(data, dlen, tlsext_serverhello_enabled,
3418 sizeof(tlsext_serverhello_enabled));
3419 goto err;
3420 }
3421
3422 failure = 0;
3423
3424 err:
3425 CBB_cleanup(&cbb);
3426 SSL_CTX_free(ssl_ctx);
3427 SSL_free(ssl);
3428 free(data);
3429
3430 return (failure);
3431}
3432
3433const unsigned char tlsext_versions_client[] = {
3434 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
3435 0x02, 0x03, 0x01,
3436};
3437
3438const unsigned char tlsext_versions_server[] = {
3439 0x03, 0x04,
3440};
3441
3442static int
3443test_tlsext_versions_client(void)
3444{
3445 unsigned char *data = NULL;
3446 SSL_CTX *ssl_ctx = NULL;
3447 SSL *ssl = NULL;
3448 const struct tls_extension_funcs *client_funcs;
3449 const struct tls_extension_funcs *server_funcs;
3450 int failure;
3451 size_t dlen;
3452 int alert;
3453 CBB cbb;
3454 CBS cbs;
3455
3456 failure = 1;
3457
3458 if (!CBB_init(&cbb, 0))
3459 errx(1, "Failed to create CBB");
3460
3461 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3462 errx(1, "failed to create SSL_CTX");
3463 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3464 errx(1, "failed to create SSL");
3465
3466 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3467 &server_funcs))
3468 errx(1, "failed to fetch supported versions funcs");
3469
3470 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3471
3472 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3473 FAIL("client should not need versions\n");
3474 goto done;
3475 }
3476
3477 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3478
3479 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3480 FAIL("client should not need versions\n");
3481 goto done;
3482 }
3483
3484 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3485
3486 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3487 FAIL("client should need versions\n");
3488 goto done;
3489 }
3490
3491 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3492 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3493
3494 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3495 FAIL("client should have built versions\n");
3496 goto done;
3497 }
3498
3499 if (!CBB_finish(&cbb, &data, &dlen)) {
3500 FAIL("failed to finish CBB\n");
3501 goto done;
3502 }
3503
3504 if (dlen != sizeof(tlsext_versions_client)) {
3505 FAIL("got versions with length %zu, "
3506 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
3507 goto done;
3508 }
3509
3510 CBS_init(&cbs, data, dlen);
3511 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3512 FAIL("failed to parse client versions\n");
3513 goto done;
3514 }
3515 if (CBS_len(&cbs) != 0) {
3516 FAIL("extension data remaining\n");
3517 goto done;
3518 }
3519
3520 failure = 0;
3521
3522 done:
3523 CBB_cleanup(&cbb);
3524 SSL_CTX_free(ssl_ctx);
3525 SSL_free(ssl);
3526 free(data);
3527
3528 return (failure);
3529}
3530
3531static int
3532test_tlsext_versions_server(void)
3533{
3534 unsigned char *data = NULL;
3535 SSL_CTX *ssl_ctx = NULL;
3536 SSL *ssl = NULL;
3537 const struct tls_extension_funcs *client_funcs;
3538 const struct tls_extension_funcs *server_funcs;
3539 int failure;
3540 size_t dlen;
3541 int alert;
3542 CBB cbb;
3543 CBS cbs;
3544
3545 failure = 1;
3546
3547 if (!CBB_init(&cbb, 0))
3548 errx(1, "Failed to create CBB");
3549
3550 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3551 errx(1, "failed to create SSL_CTX");
3552 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3553 errx(1, "failed to create SSL");
3554
3555 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3556 &server_funcs))
3557 errx(1, "failed to fetch supported versions funcs");
3558
3559 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3560
3561 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3562 FAIL("server should not need versions\n");
3563 goto done;
3564 }
3565
3566 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3567
3568 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3569 FAIL("server should need versions\n");
3570 goto done;
3571 }
3572
3573 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3574 FAIL("server should have built versions\n");
3575 goto done;
3576 }
3577
3578 if (!CBB_finish(&cbb, &data, &dlen)) {
3579 FAIL("failed to finish CBB\n");
3580 goto done;
3581 }
3582
3583 if (dlen != sizeof(tlsext_versions_server)) {
3584 FAIL("got versions with length %zu, "
3585 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3586 goto done;
3587 }
3588
3589 CBS_init(&cbs, data, dlen);
3590 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3591 FAIL("failed to parse client versions\n");
3592 goto done;
3593 }
3594 if (CBS_len(&cbs) != 0) {
3595 FAIL("extension data remaining\n");
3596 goto done;
3597 }
3598
3599 failure = 0;
3600
3601 done:
3602 CBB_cleanup(&cbb);
3603 SSL_CTX_free(ssl_ctx);
3604 SSL_free(ssl);
3605 free(data);
3606
3607 return (failure);
3608}
3609
3610const unsigned char tlsext_keyshare_client[] = {
3611 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3612 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3613 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
3614 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
3615 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3616};
3617
3618const unsigned char tlsext_keyshare_server[] = {
3619 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3620 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3621 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3622 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3623 0x76, 0x1e, 0xe8, 0x22
3624};
3625
3626static int
3627test_tlsext_keyshare_client(void)
3628{
3629 unsigned char *data = NULL;
3630 SSL_CTX *ssl_ctx = NULL;
3631 SSL *ssl = NULL;
3632 const struct tls_extension_funcs *client_funcs;
3633 const struct tls_extension_funcs *server_funcs;
3634 int failure;
3635 size_t dlen;
3636 int alert;
3637 CBB cbb;
3638 CBS cbs;
3639
3640 failure = 1;
3641
3642 if (!CBB_init(&cbb, 0))
3643 errx(1, "Failed to create CBB");
3644
3645 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3646 errx(1, "failed to create SSL_CTX");
3647 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3648 errx(1, "failed to create SSL");
3649
3650 if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs,
3651 &server_funcs))
3652 errx(1, "failed to fetch keyshare funcs");
3653
3654 if ((ssl->s3->hs.key_share =
3655 tls_key_share_new_nid(NID_X25519)) == NULL)
3656 errx(1, "failed to create key share");
3657 if (!tls_key_share_generate(ssl->s3->hs.key_share))
3658 errx(1, "failed to generate key share");
3659
3660 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3661 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3662 FAIL("client should not need keyshare\n");
3663 goto done;
3664 }
3665
3666 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3667 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3668 FAIL("client should need keyshare\n");
3669 goto done;
3670 }
3671
3672 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3673 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3674 FAIL("client should have built keyshare\n");
3675 goto done;
3676 }
3677
3678 if (!CBB_finish(&cbb, &data, &dlen)) {
3679 FAIL("failed to finish CBB\n");
3680 goto done;
3681 }
3682
3683 if (dlen != sizeof(tlsext_keyshare_client)) {
3684 FAIL("got client keyshare with length %zu, "
3685 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
3686 goto done;
3687 }
3688
3689 (ssl)->version = TLS1_3_VERSION;
3690 CBS_init(&cbs, data, dlen);
3691
3692 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3693 FAIL("failed to parse client keyshare\n");
3694 goto done;
3695 }
3696
3697 if (CBS_len(&cbs) != 0) {
3698 FAIL("extension data remaining\n");
3699 goto done;
3700 }
3701
3702 failure = 0;
3703
3704 done:
3705 CBB_cleanup(&cbb);
3706 SSL_CTX_free(ssl_ctx);
3707 SSL_free(ssl);
3708 free(data);
3709
3710 return (failure);
3711}
3712
3713static const uint8_t bogokey[] = {
3714 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3715 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3716 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3717 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22,
3718};
3719
3720static int
3721test_tlsext_keyshare_server(void)
3722{
3723 unsigned char *data = NULL;
3724 SSL_CTX *ssl_ctx = NULL;
3725 SSL *ssl = NULL;
3726 const struct tls_extension_funcs *client_funcs;
3727 const struct tls_extension_funcs *server_funcs;
3728 int decode_error;
3729 int failure;
3730 size_t dlen, idx;
3731 int alert;
3732 CBB cbb;
3733 CBS cbs;
3734
3735 failure = 1;
3736
3737 if (!CBB_init(&cbb, 0))
3738 errx(1, "Failed to create CBB");
3739
3740 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3741 errx(1, "failed to create SSL_CTX");
3742 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3743 errx(1, "failed to create SSL");
3744
3745 if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs,
3746 &server_funcs))
3747 errx(1, "failed to fetch keyshare funcs");
3748
3749 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3750 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3751 FAIL("server should not need keyshare\n");
3752 goto done;
3753 }
3754
3755 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3756 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3757 FAIL("client should not need keyshare\n");
3758 goto done;
3759 }
3760
3761 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) {
3762 FAIL("failed to find keyshare extension\n");
3763 goto done;
3764 }
3765 ssl->s3->hs.extensions_seen |= (1 << idx);
3766
3767 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3768 FAIL("server should need keyshare\n");
3769 goto done;
3770 }
3771
3772 if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3773 FAIL("server should not have built a keyshare response\n");
3774 goto done;
3775 }
3776
3777 if ((ssl->s3->hs.key_share =
3778 tls_key_share_new_nid(NID_X25519)) == NULL) {
3779 FAIL("failed to create key share");
3780 goto done;
3781 }
3782
3783 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3784 FAIL("failed to generate key share");
3785 goto done;
3786 }
3787
3788 CBS_init(&cbs, bogokey, sizeof(bogokey));
3789
3790 if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs,
3791 &decode_error, NULL)) {
3792 FAIL("failed to load peer public key\n");
3793 goto done;
3794 }
3795
3796 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3797 FAIL("server should be able to build a keyshare response\n");
3798 goto done;
3799 }
3800
3801 if (!CBB_finish(&cbb, &data, &dlen)) {
3802 FAIL("failed to finish CBB\n");
3803 goto done;
3804 }
3805
3806 if (dlen != sizeof(tlsext_keyshare_server)) {
3807 FAIL("got server keyshare with length %zu, "
3808 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3809 goto done;
3810 }
3811
3812 tls_key_share_free(ssl->s3->hs.key_share);
3813
3814 if ((ssl->s3->hs.key_share =
3815 tls_key_share_new_nid(NID_X25519)) == NULL) {
3816 FAIL("failed to create key share");
3817 goto done;
3818 }
3819 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3820 FAIL("failed to generate key share");
3821 goto done;
3822 }
3823
3824 CBS_init(&cbs, data, dlen);
3825
3826 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3827 FAIL("failed to parse server keyshare\n");
3828 goto done;
3829 }
3830
3831 if (CBS_len(&cbs) != 0) {
3832 FAIL("extension data remaining\n");
3833 goto done;
3834 }
3835
3836 failure = 0;
3837
3838done:
3839 CBB_cleanup(&cbb);
3840 SSL_CTX_free(ssl_ctx);
3841 SSL_free(ssl);
3842 free(data);
3843
3844 return (failure);
3845}
3846
3847/* One day I hope to be the only Muppet in this codebase */
3848const uint8_t cookie[] = "\n"
3849 " (o)(o) \n"
3850 " m' 'm \n"
3851 " M -****- M \n"
3852 " 'm m' \n"
3853 " m''''''''''m \n"
3854 " M M BB \n";
3855
3856static int
3857test_tlsext_cookie_client(void)
3858{
3859 unsigned char *data = NULL;
3860 SSL_CTX *ssl_ctx = NULL;
3861 SSL *ssl = NULL;
3862 const struct tls_extension_funcs *client_funcs;
3863 const struct tls_extension_funcs *server_funcs;
3864 int failure;
3865 size_t dlen;
3866 int alert;
3867 CBB cbb;
3868 CBS cbs;
3869
3870 failure = 1;
3871
3872 if (!CBB_init(&cbb, 0))
3873 errx(1, "Failed to create CBB");
3874
3875 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3876 errx(1, "failed to create SSL_CTX");
3877 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3878 errx(1, "failed to create SSL");
3879
3880 if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs,
3881 &server_funcs))
3882 errx(1, "failed to fetch cookie funcs");
3883
3884 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3885 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3886 FAIL("client should not need cookie\n");
3887 goto done;
3888 }
3889
3890
3891 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3892 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3893 FAIL("client should not need cookie\n");
3894 goto done;
3895 }
3896
3897 /* Normally would be set by receiving a server cookie in an HRR */
3898 ssl->s3->hs.tls13.cookie = strdup(cookie);
3899 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
3900
3901 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3902 FAIL("client should need cookie\n");
3903 goto done;
3904 }
3905
3906 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3907 FAIL("client should have built a cookie response\n");
3908 goto done;
3909 }
3910
3911 if (!CBB_finish(&cbb, &data, &dlen)) {
3912 FAIL("failed to finish CBB\n");
3913 goto done;
3914 }
3915
3916 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3917 FAIL("got cookie with length %zu, "
3918 "want length %zu\n", dlen, strlen(cookie) +
3919 sizeof(uint16_t));
3920 goto done;
3921 }
3922
3923 CBS_init(&cbs, data, dlen);
3924
3925 /* Checks cookie against what's in the hs.tls13 */
3926 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3927 FAIL("failed to parse client cookie\n");
3928 goto done;
3929 }
3930
3931 if (CBS_len(&cbs) != 0) {
3932 FAIL("extension data remaining\n");
3933 goto done;
3934 }
3935
3936 failure = 0;
3937
3938 done:
3939 CBB_cleanup(&cbb);
3940 SSL_CTX_free(ssl_ctx);
3941 SSL_free(ssl);
3942 free(data);
3943
3944 return (failure);
3945}
3946
3947static int
3948test_tlsext_cookie_server(void)
3949{
3950 unsigned char *data = NULL;
3951 SSL_CTX *ssl_ctx = NULL;
3952 SSL *ssl = NULL;
3953 const struct tls_extension_funcs *client_funcs;
3954 const struct tls_extension_funcs *server_funcs;
3955 int failure;
3956 size_t dlen;
3957 int alert;
3958 CBB cbb;
3959 CBS cbs;
3960
3961 failure = 1;
3962
3963 if (!CBB_init(&cbb, 0))
3964 errx(1, "Failed to create CBB");
3965
3966 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3967 errx(1, "failed to create SSL_CTX");
3968 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3969 errx(1, "failed to create SSL");
3970
3971 if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs,
3972 &server_funcs))
3973 errx(1, "failed to fetch cookie funcs");
3974
3975 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3976 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3977 FAIL("server should not need cookie\n");
3978 goto done;
3979 }
3980
3981 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3982 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3983 FAIL("server should not need cookie\n");
3984 goto done;
3985 }
3986
3987 /* Normally would be set by server before sending HRR */
3988 ssl->s3->hs.tls13.cookie = strdup(cookie);
3989 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
3990
3991 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) {
3992 FAIL("server should need cookie\n");
3993 goto done;
3994 }
3995
3996 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) {
3997 FAIL("server should have built a cookie response\n");
3998 goto done;
3999 }
4000
4001 if (!CBB_finish(&cbb, &data, &dlen)) {
4002 FAIL("failed to finish CBB\n");
4003 goto done;
4004 }
4005
4006 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
4007 FAIL("got cookie with length %zu, "
4008 "want length %zu\n", dlen, strlen(cookie) +
4009 sizeof(uint16_t));
4010 goto done;
4011 }
4012
4013 CBS_init(&cbs, data, dlen);
4014
4015 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
4016 FAIL("client should not have parsed server cookie\n");
4017 goto done;
4018 }
4019
4020 freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len);
4021 ssl->s3->hs.tls13.cookie = NULL;
4022 ssl->s3->hs.tls13.cookie_len = 0;
4023
4024 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
4025 FAIL("failed to parse server cookie\n");
4026 goto done;
4027 }
4028
4029 if (memcmp(cookie, ssl->s3->hs.tls13.cookie,
4030 ssl->s3->hs.tls13.cookie_len) != 0) {
4031 FAIL("parsed server cookie does not match sent cookie\n");
4032 goto done;
4033 }
4034
4035 if (CBS_len(&cbs) != 0) {
4036 FAIL("extension data remaining\n");
4037 goto done;
4038 }
4039
4040 failure = 0;
4041
4042done:
4043 CBB_cleanup(&cbb);
4044 SSL_CTX_free(ssl_ctx);
4045 SSL_free(ssl);
4046 free(data);
4047
4048 return (failure);
4049}
4050
4051const uint8_t tlsext_default_psk_modes[] = {
4052 0x01, 0x01,
4053};
4054
4055const uint8_t tlsext_psk_only_mode[] = {
4056 0x01, 0x00,
4057};
4058
4059const uint8_t tlsext_psk_both_modes[] = {
4060 0x02, 0x00, 0x01,
4061};
4062
4063static int
4064test_tlsext_psk_modes_client(void)
4065{
4066 SSL_CTX *ssl_ctx = NULL;
4067 SSL *ssl = NULL;
4068 const struct tls_extension_funcs *client_funcs;
4069 const struct tls_extension_funcs *server_funcs;
4070 int failure;
4071 uint8_t *data = NULL;
4072 size_t dlen;
4073 CBB cbb;
4074 CBS cbs;
4075 int alert;
4076
4077 failure = 1;
4078
4079 if (!CBB_init(&cbb, 0))
4080 errx(1, "Failed to create CBB");
4081
4082 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
4083 errx(1, "failed to create SSL_CTX");
4084 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4085 errx(1, "failed to create SSL");
4086
4087 if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs,
4088 &server_funcs))
4089 errx(1, "failed to fetch psk funcs");
4090
4091 /* Disabled by default. */
4092 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4093 FAIL("client should not need psk kex modes by default\n");
4094 goto err;
4095 }
4096
4097 /*
4098 * Prerequisites: use_psk_dhe_ke flag is set and
4099 * our_max_tls_version >= TLSv1.3.
4100 */
4101
4102 ssl->s3->hs.tls13.use_psk_dhe_ke = 1;
4103 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
4104
4105 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4106 FAIL("client should not need psk kex modes with TLSv1.2\n");
4107 goto err;
4108 }
4109
4110 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4111 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4112
4113 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4114 FAIL("client should not need psk kex modes without "
4115 "use_psk_dhe_ke\n");
4116 goto err;
4117 }
4118
4119 ssl->s3->hs.tls13.use_psk_dhe_ke = 1;
4120 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4121
4122 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4123 FAIL("client should need psk kex modes with TLSv1.3\n");
4124 goto err;
4125 }
4126
4127 /* Make sure we can build psk modes with DHE key establishment. */
4128
4129 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
4130 FAIL("client failed to build psk kex modes\n");
4131 goto err;
4132 }
4133
4134 if (!CBB_finish(&cbb, &data, &dlen))
4135 errx(1, "failed to finish psk kex CBB");
4136
4137 if (dlen != sizeof(tlsext_default_psk_modes)) {
4138 FAIL("got client psk kex modes with length %zu, "
4139 "want length %zu\n", dlen,
4140 sizeof(tlsext_default_psk_modes));
4141 compare_data(data, dlen, tlsext_default_psk_modes,
4142 sizeof(tlsext_default_psk_modes));
4143 goto err;
4144 }
4145 if (memcmp(data, tlsext_default_psk_modes, dlen) != 0) {
4146 FAIL("client psk kex modes differ:\n");
4147 compare_data(data, dlen, tlsext_default_psk_modes,
4148 sizeof(tlsext_default_psk_modes));
4149 goto err;
4150 }
4151
4152 CBB_cleanup(&cbb);
4153 free(data);
4154 data = NULL;
4155
4156 /*
4157 * Make sure we can parse the default psk modes and that use_psk_dhe_ke
4158 * is set after parsing.
4159 */
4160
4161 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4162
4163 CBS_init(&cbs, tlsext_default_psk_modes,
4164 sizeof(tlsext_default_psk_modes));
4165 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4166 FAIL("failed to parse psk kex modes\n");
4167 goto err;
4168 }
4169 if (CBS_len(&cbs) != 0) {
4170 FAIL("extension data remaining\n");
4171 goto err;
4172 }
4173
4174 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) {
4175 FAIL("should have set use_psk_dhe_ke\n");
4176 goto err;
4177 }
4178
4179 /*
4180 * Make sure we can parse the psk-only mode and that use_psk_dhe_ke
4181 * is still not set after parsing.
4182 */
4183
4184 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4185
4186 CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode));
4187 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4188 FAIL("failed to parse psk kex modes\n");
4189 goto err;
4190 }
4191 if (CBS_len(&cbs) != 0) {
4192 FAIL("extension data remaining\n");
4193 goto err;
4194 }
4195
4196 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 0) {
4197 FAIL("should not have set use_psk_dhe_ke\n");
4198 goto err;
4199 }
4200
4201 /*
4202 * Make sure we can parse the extension indicating both modes and that
4203 * use_psk_dhe_ke is set after parsing.
4204 */
4205
4206 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4207
4208 CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes));
4209 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4210 FAIL("failed to parse psk kex modes\n");
4211 goto err;
4212 }
4213 if (CBS_len(&cbs) != 0) {
4214 FAIL("extension data remaining\n");
4215 goto err;
4216 }
4217
4218 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) {
4219 FAIL("should have set use_psk_dhe_ke\n");
4220 goto err;
4221 }
4222
4223 failure = 0;
4224
4225 err:
4226 CBB_cleanup(&cbb);
4227 SSL_CTX_free(ssl_ctx);
4228 SSL_free(ssl);
4229 free(data);
4230
4231 return failure;
4232}
4233
4234static int
4235test_tlsext_psk_modes_server(void)
4236{
4237 SSL_CTX *ssl_ctx = NULL;
4238 SSL *ssl = NULL;
4239 const struct tls_extension_funcs *client_funcs;
4240 const struct tls_extension_funcs *server_funcs;
4241 int failure;
4242
4243 failure = 1;
4244
4245 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
4246 errx(1, "failed to create SSL_CTX");
4247 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4248 errx(1, "failed to create SSL");
4249
4250 if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs,
4251 &server_funcs))
4252 errx(1, "failed to fetch psk funcs");
4253
4254 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
4255 FAIL("server should not need psk kex modes\n");
4256 goto err;
4257 }
4258
4259 failure = 0;
4260
4261 err:
4262 SSL_CTX_free(ssl_ctx);
4263 SSL_free(ssl);
4264
4265 return failure;
4266}
4267
4268struct tls_sni_test {
4269 const char *hostname;
4270 int is_ip;
4271 int valid;
4272};
4273
4274static const struct tls_sni_test tls_sni_tests[] = {
4275 {
4276 .hostname = "openbsd.org",
4277 .valid = 1,
4278 },
4279 {
4280 .hostname = "op3nbsd.org",
4281 .valid = 1,
4282 },
4283 {
4284 .hostname = "org",
4285 .valid = 1,
4286 },
4287 {
4288 .hostname = "3openbsd.com",
4289 .valid = 1,
4290 },
4291 {
4292 .hostname = "3-0penb-d.c-m",
4293 .valid = 1,
4294 },
4295 {
4296 .hostname = "a",
4297 .valid = 1,
4298 },
4299 {
4300 .hostname =
4301 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
4302 .valid = 1,
4303 },
4304 {
4305 .hostname =
4306 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4307 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4308 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4309 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4310 .valid = 1,
4311 },
4312 {
4313 .hostname = "openbsd.org.",
4314 .valid = 0,
4315 },
4316 {
4317 .hostname = "openbsd..org",
4318 .valid = 0,
4319 },
4320 {
4321 .hostname = "openbsd.org-",
4322 .valid = 0,
4323 },
4324 {
4325 .hostname =
4326 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
4327 .valid = 0,
4328 },
4329 {
4330 .hostname =
4331 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4332 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4333 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4334 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
4335 .valid = 0,
4336 },
4337 {
4338 .hostname = "-p3nbsd.org",
4339 .valid = 0,
4340 },
4341 {
4342 .hostname = "openbs-.org",
4343 .valid = 0,
4344 },
4345 {
4346 .hostname = "openbsd\n.org",
4347 .valid = 0,
4348 },
4349 {
4350 .hostname = "open_bsd.org",
4351 .valid = 0,
4352 },
4353 {
4354 .hostname = "open\178bsd.org",
4355 .valid = 0,
4356 },
4357 {
4358 .hostname = "open\255bsd.org",
4359 .valid = 0,
4360 },
4361 {
4362 .hostname = "dead::beef",
4363 .is_ip = 1,
4364 .valid = 0,
4365 },
4366 {
4367 .hostname = "192.168.0.1",
4368 .is_ip = 1,
4369 .valid = 0,
4370 },
4371};
4372
4373#define N_TLS_SNI_TESTS (sizeof(tls_sni_tests) / sizeof(*tls_sni_tests))
4374
4375static int
4376test_tlsext_is_valid_hostname(const struct tls_sni_test *tst)
4377{
4378 int failure;
4379 int is_ip;
4380 CBS cbs;
4381
4382 failure = 1;
4383
4384 CBS_init(&cbs, tst->hostname, strlen(tst->hostname));
4385 if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) {
4386 if (tst->valid) {
4387 FAIL("Valid hostname '%s' rejected\n",
4388 tst->hostname);
4389 } else {
4390 FAIL("Invalid hostname '%s' accepted\n",
4391 tst->hostname);
4392 }
4393 goto done;
4394 }
4395 if (tst->is_ip != is_ip) {
4396 if (tst->is_ip) {
4397 FAIL("Hostname '%s' is an IP literal but not "
4398 "identified as one\n", tst->hostname);
4399 } else {
4400 FAIL("Hostname '%s' is not an IP literal but is "
4401 "identified as one\n", tst->hostname);
4402 }
4403 goto done;
4404 }
4405
4406 if (tst->valid) {
4407 CBS_init(&cbs, tst->hostname,
4408 strlen(tst->hostname) + 1);
4409 if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
4410 FAIL("hostname with NUL byte accepted\n");
4411 goto done;
4412 }
4413 }
4414
4415 failure = 0;
4416
4417 done:
4418
4419 return failure;
4420}
4421
4422static int
4423test_tlsext_valid_hostnames(void)
4424{
4425 const struct tls_sni_test *tst;
4426 int failure = 0;
4427 size_t i;
4428
4429 for (i = 0; i < N_TLS_SNI_TESTS; i++) {
4430 tst = &tls_sni_tests[i];
4431 failure |= test_tlsext_is_valid_hostname(tst);
4432 }
4433
4434 return failure;
4435}
4436
4437int
4438main(int argc, char **argv)
4439{
4440 int failed = 0;
4441
4442 SSL_library_init();
4443 SSL_load_error_strings();
4444
4445 failed |= test_tlsext_alpn_client();
4446 failed |= test_tlsext_alpn_server();
4447
4448 failed |= test_tlsext_supportedgroups_client();
4449 failed |= test_tlsext_supportedgroups_server();
4450
4451 failed |= test_tlsext_ecpf_client();
4452 failed |= test_tlsext_ecpf_server();
4453
4454 failed |= test_tlsext_ri_client();
4455 failed |= test_tlsext_ri_server();
4456
4457 failed |= test_tlsext_sigalgs_client();
4458
4459 failed |= test_tlsext_sni_client();
4460 failed |= test_tlsext_sni_server();
4461
4462 failed |= test_tlsext_ocsp_client();
4463 failed |= test_tlsext_ocsp_server();
4464
4465 failed |= test_tlsext_sessionticket_client();
4466 failed |= test_tlsext_sessionticket_server();
4467
4468 failed |= test_tlsext_versions_client();
4469 failed |= test_tlsext_versions_server();
4470
4471 failed |= test_tlsext_keyshare_client();
4472 failed |= test_tlsext_keyshare_server();
4473
4474 failed |= test_tlsext_cookie_client();
4475 failed |= test_tlsext_cookie_server();
4476
4477#ifndef OPENSSL_NO_SRTP
4478 failed |= test_tlsext_srtp_client();
4479 failed |= test_tlsext_srtp_server();
4480#else
4481 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
4482#endif
4483
4484 failed |= test_tlsext_psk_modes_client();
4485 failed |= test_tlsext_psk_modes_server();
4486
4487 failed |= test_tlsext_clienthello_build();
4488 failed |= test_tlsext_serverhello_build();
4489
4490 failed |= test_tlsext_valid_hostnames();
4491
4492 failed |= test_tlsext_quic_transport_parameters_client();
4493 failed |= test_tlsext_quic_transport_parameters_server();
4494
4495 return (failed);
4496}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 22:30:42 +0000