summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/tlsext
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2023-07-15 19:29:46 +0000
committercvs2svn <admin@example.com>2023-07-15 19:29:46 +0000
commit72cc860132e5b7971e495ba621dcd0713b5dd801 (patch)
treeeb2977d6a31db45cc5481c643fa2a77238fa93bb /src/regress/lib/libssl/tlsext
parent0d87a20f1d7f7c6ae9a6cbb5bc3c2235ee3fe18a (diff)
downloadopenbsd-tb_20230715.tar.gz
openbsd-tb_20230715.tar.bz2
openbsd-tb_20230715.zip
This commit was manufactured by cvs2git to create tag 'tb_20230715'.tb_20230715
Diffstat (limited to 'src/regress/lib/libssl/tlsext')
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile10
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c4613
2 files changed, 0 insertions, 4623 deletions
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 9ff441697f..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2022/06/29 15:06:18 tb Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index e4da328c67..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,4613 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
6 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#include <err.h>
22
23#include <openssl/tls1.h>
24
25#include "ssl_local.h"
26
27#include "bytestring.h"
28#include "ssl_tlsext.h"
29
30struct tls_extension_funcs {
31 int (*needs)(SSL *s, uint16_t msg_type);
32 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
33 int (*parse)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
34};
35
36uint16_t tls_extension_type(const struct tls_extension *);
37const struct tls_extension *tls_extension_find(uint16_t, size_t *);
38const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
39 int);
40int tlsext_linearize_build_order(SSL *);
41
42static int
43tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
44 const struct tls_extension_funcs **server_funcs)
45{
46 const struct tls_extension *ext;
47 size_t idx;
48
49 if ((ext = tls_extension_find(type, &idx)) == NULL)
50 return 0;
51
52 if ((*client_funcs = tlsext_funcs(ext, 0)) == NULL)
53 return 0;
54
55 if ((*server_funcs = tlsext_funcs(ext, 1)) == NULL)
56 return 0;
57
58 return 1;
59}
60
61static void
62hexdump(const unsigned char *buf, size_t len)
63{
64 size_t i;
65
66 for (i = 1; i <= len; i++)
67 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
68
69 fprintf(stderr, "\n");
70}
71
72static void
73hexdump2(const uint16_t *buf, size_t len)
74{
75 size_t i;
76
77 for (i = 1; i <= len / 2; i++)
78 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
79
80 fprintf(stderr, "\n");
81}
82
83static void
84compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
85 size_t expect_len)
86{
87 fprintf(stderr, "received:\n");
88 hexdump(recv, recv_len);
89
90 fprintf(stderr, "test data:\n");
91 hexdump(expect, expect_len);
92}
93
94static void
95compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
96 size_t expect_len)
97{
98 fprintf(stderr, "received:\n");
99 hexdump2(recv, recv_len);
100
101 fprintf(stderr, "test data:\n");
102 hexdump2(expect, expect_len);
103}
104
105#define FAIL(msg, ...) \
106do { \
107 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
108 fprintf(stderr, msg, ##__VA_ARGS__); \
109} while(0)
110
111/*
112 * Supported Application-Layer Protocol Negotiation - RFC 7301
113 *
114 * There are already extensive unit tests for this so this just
115 * tests the state info.
116 */
117
118const uint8_t tlsext_alpn_multiple_protos_val[] = {
119 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
120 0x08, /* len */
121 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
122 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
123 0x09, /* len */
124 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
125};
126
127const uint8_t tlsext_alpn_multiple_protos[] = {
128 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
129 0x00, 0x13, /* len of all names */
130 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
131 0x08, /* len */
132 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
133 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
134 0x09, /* len */
135 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
136};
137
138const uint8_t tlsext_alpn_single_proto_val[] = {
139 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
140 0x08, /* len */
141 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
142};
143
144const uint8_t tlsext_alpn_single_proto_name[] = {
145 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
146};
147
148const uint8_t tlsext_alpn_single_proto[] = {
149 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
150 0x00, 0x09, /* len of all names */
151 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
152 0x08, /* len */
153 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
154};
155
156#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation
157
158static int
159test_tlsext_alpn_client(void)
160{
161 SSL_CTX *ssl_ctx = NULL;
162 SSL *ssl = NULL;
163 const struct tls_extension_funcs *client_funcs;
164 const struct tls_extension_funcs *server_funcs;
165 uint8_t *data = NULL;
166 CBB cbb;
167 CBS cbs;
168 int failure, alert;
169 size_t dlen;
170
171 failure = 1;
172
173 if (!CBB_init(&cbb, 0))
174 errx(1, "Failed to create CBB");
175
176 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
177 errx(1, "failed to create SSL_CTX");
178 if ((ssl = SSL_new(ssl_ctx)) == NULL)
179 errx(1, "failed to create SSL");
180
181 if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs))
182 errx(1, "failed to fetch ALPN funcs");
183
184 /* By default, we don't need this */
185 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
186 FAIL("client should not need ALPN by default\n");
187 goto err;
188 }
189
190 /*
191 * Prereqs:
192 * 1) Set s->alpn_client_proto_list
193 * - Using SSL_set_alpn_protos()
194 * 2) We have not finished or renegotiated.
195 * - s->s3->tmp.finish_md_len == 0
196 */
197 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
198 sizeof(tlsext_alpn_single_proto_val)) != 0) {
199 FAIL("should be able to set ALPN to http/1.1\n");
200 goto err;
201 }
202 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
203 FAIL("client should need ALPN by default\n");
204 goto err;
205 }
206
207 /* Make sure we can build the client with a single proto. */
208
209 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
210 FAIL("client failed to build ALPN\n");
211 goto err;
212 }
213 if (!CBB_finish(&cbb, &data, &dlen))
214 errx(1, "failed to finish CBB");
215
216 if (dlen != sizeof(tlsext_alpn_single_proto)) {
217 FAIL("got client ALPN with length %zu, "
218 "want length %zu\n", dlen,
219 sizeof(tlsext_alpn_single_proto));
220 compare_data(data, dlen, tlsext_alpn_single_proto,
221 sizeof(tlsext_alpn_single_proto));
222 goto err;
223 }
224 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
225 FAIL("client ALPN differs:\n");
226 compare_data(data, dlen, tlsext_alpn_single_proto,
227 sizeof(tlsext_alpn_single_proto));
228 goto err;
229 }
230
231 CBB_cleanup(&cbb);
232 if (!CBB_init(&cbb, 0))
233 errx(1, "Failed to create CBB");
234 free(data);
235 data = NULL;
236
237 /* Make sure we can parse the single proto. */
238
239 CBS_init(&cbs, tlsext_alpn_single_proto,
240 sizeof(tlsext_alpn_single_proto));
241 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
242 FAIL("failed to parse ALPN\n");
243 goto err;
244 }
245 if (CBS_len(&cbs) != 0) {
246 FAIL("extension data remaining\n");
247 goto err;
248 }
249
250 if (ssl->alpn_client_proto_list_len !=
251 sizeof(tlsext_alpn_single_proto_val)) {
252 FAIL("got client ALPN with length %zu, "
253 "want length %zu\n", dlen,
254 sizeof(tlsext_alpn_single_proto_val));
255 compare_data(ssl->alpn_client_proto_list,
256 ssl->alpn_client_proto_list_len,
257 tlsext_alpn_single_proto_val,
258 sizeof(tlsext_alpn_single_proto_val));
259 goto err;
260 }
261 if (memcmp(ssl->alpn_client_proto_list,
262 tlsext_alpn_single_proto_val,
263 sizeof(tlsext_alpn_single_proto_val)) != 0) {
264 FAIL("client ALPN differs:\n");
265 compare_data(data, dlen, tlsext_alpn_single_proto_val,
266 sizeof(tlsext_alpn_single_proto_val));
267 goto err;
268 }
269
270 /* Make sure we can build the clienthello with multiple entries. */
271
272 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
273 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
274 FAIL("should be able to set ALPN to http/1.1\n");
275 goto err;
276 }
277 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
278 FAIL("client should need ALPN by now\n");
279 goto err;
280 }
281
282 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
283 FAIL("client failed to build ALPN\n");
284 goto err;
285 }
286 if (!CBB_finish(&cbb, &data, &dlen))
287 errx(1, "failed to finish CBB");
288
289 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
290 FAIL("got client ALPN with length %zu, "
291 "want length %zu\n", dlen,
292 sizeof(tlsext_alpn_multiple_protos));
293 compare_data(data, dlen, tlsext_alpn_multiple_protos,
294 sizeof(tlsext_alpn_multiple_protos));
295 goto err;
296 }
297 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
298 FAIL("client ALPN differs:\n");
299 compare_data(data, dlen, tlsext_alpn_multiple_protos,
300 sizeof(tlsext_alpn_multiple_protos));
301 goto err;
302 }
303
304 /* Make sure we can parse multiple protos */
305
306 CBS_init(&cbs, tlsext_alpn_multiple_protos,
307 sizeof(tlsext_alpn_multiple_protos));
308 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
309 FAIL("failed to parse ALPN\n");
310 goto err;
311 }
312 if (CBS_len(&cbs) != 0) {
313 FAIL("extension data remaining\n");
314 goto err;
315 }
316
317 if (ssl->alpn_client_proto_list_len !=
318 sizeof(tlsext_alpn_multiple_protos_val)) {
319 FAIL("got client ALPN with length %zu, "
320 "want length %zu\n", dlen,
321 sizeof(tlsext_alpn_multiple_protos_val));
322 compare_data(ssl->alpn_client_proto_list,
323 ssl->alpn_client_proto_list_len,
324 tlsext_alpn_multiple_protos_val,
325 sizeof(tlsext_alpn_multiple_protos_val));
326 goto err;
327 }
328 if (memcmp(ssl->alpn_client_proto_list,
329 tlsext_alpn_multiple_protos_val,
330 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
331 FAIL("client ALPN differs:\n");
332 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
333 sizeof(tlsext_alpn_multiple_protos_val));
334 goto err;
335 }
336
337 /* Make sure we can remove the list and avoid ALPN */
338
339 free(ssl->alpn_client_proto_list);
340 ssl->alpn_client_proto_list = NULL;
341 ssl->alpn_client_proto_list_len = 0;
342
343 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
344 FAIL("client should need ALPN by default\n");
345 goto err;
346 }
347
348 failure = 0;
349
350 err:
351 CBB_cleanup(&cbb);
352 SSL_CTX_free(ssl_ctx);
353 SSL_free(ssl);
354 free(data);
355
356 return (failure);
357}
358
359static int
360test_tlsext_alpn_server(void)
361{
362 SSL_CTX *ssl_ctx = NULL;
363 SSL *ssl = NULL;
364 const struct tls_extension_funcs *client_funcs;
365 const struct tls_extension_funcs *server_funcs;
366 uint8_t *data = NULL;
367 CBB cbb;
368 CBS cbs;
369 int failure, alert;
370 size_t dlen;
371
372 failure = 1;
373
374 if (!CBB_init(&cbb, 0))
375 errx(1, "Failed to create CBB");
376
377 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
378 errx(1, "failed to create SSL_CTX");
379 if ((ssl = SSL_new(ssl_ctx)) == NULL)
380 errx(1, "failed to create SSL");
381
382 if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs))
383 errx(1, "failed to fetch ALPN funcs");
384
385 /* By default, ALPN isn't needed. */
386 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
387 FAIL("server should not need ALPN by default\n");
388 goto err;
389 }
390
391 /*
392 * The server has a single ALPN selection which is set by
393 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
394 *
395 * This will be a plain name and separate length.
396 */
397 if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
398 errx(1, "failed to malloc");
399 }
400 memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name,
401 sizeof(tlsext_alpn_single_proto_name));
402 ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
403
404 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
405 FAIL("server should need ALPN after a protocol is selected\n");
406 goto err;
407 }
408
409 /* Make sure we can build a server with one protocol */
410
411 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
412 FAIL("server should be able to build a response\n");
413 goto err;
414 }
415 if (!CBB_finish(&cbb, &data, &dlen))
416 errx(1, "failed to finish CBB");
417
418 if (dlen != sizeof(tlsext_alpn_single_proto)) {
419 FAIL("got client ALPN with length %zu, "
420 "want length %zu\n", dlen,
421 sizeof(tlsext_alpn_single_proto));
422 compare_data(data, dlen, tlsext_alpn_single_proto,
423 sizeof(tlsext_alpn_single_proto));
424 goto err;
425 }
426 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
427 FAIL("client ALPN differs:\n");
428 compare_data(data, dlen, tlsext_alpn_single_proto,
429 sizeof(tlsext_alpn_single_proto));
430 goto err;
431 }
432
433 CBB_cleanup(&cbb);
434 if (!CBB_init(&cbb, 0))
435 errx(1, "Failed to create CBB");
436 free(data);
437 data = NULL;
438
439 /* Make sure we can parse the single proto. */
440
441 CBS_init(&cbs, tlsext_alpn_single_proto,
442 sizeof(tlsext_alpn_single_proto));
443
444 /* Shouldn't be able to parse without requesting */
445 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
446 FAIL("Should only parse server if we requested it\n");
447 goto err;
448 }
449
450 /* Should be able to parse once requested. */
451 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
452 sizeof(tlsext_alpn_single_proto_val)) != 0) {
453 FAIL("should be able to set ALPN to http/1.1\n");
454 goto err;
455 }
456 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
457 FAIL("Should be able to parse server when we request it\n");
458 goto err;
459 }
460 if (CBS_len(&cbs) != 0) {
461 FAIL("extension data remaining\n");
462 goto err;
463 }
464
465 if (ssl->s3->alpn_selected_len !=
466 sizeof(tlsext_alpn_single_proto_name)) {
467 FAIL("got server ALPN with length %zu, "
468 "want length %zu\n", dlen,
469 sizeof(tlsext_alpn_single_proto_name));
470 compare_data(ssl->s3->alpn_selected,
471 ssl->s3->alpn_selected_len,
472 tlsext_alpn_single_proto_name,
473 sizeof(tlsext_alpn_single_proto_name));
474 goto err;
475 }
476 if (memcmp(ssl->s3->alpn_selected,
477 tlsext_alpn_single_proto_name,
478 sizeof(tlsext_alpn_single_proto_name)) != 0) {
479 FAIL("server ALPN differs:\n");
480 compare_data(ssl->s3->alpn_selected,
481 ssl->s3->alpn_selected_len,
482 tlsext_alpn_single_proto_name,
483 sizeof(tlsext_alpn_single_proto_name));
484 goto err;
485 }
486
487 /*
488 * We should NOT be able to build a server with multiple
489 * protocol names. However, the existing code did not check for this
490 * case because it is passed in as an encoded value.
491 */
492
493 /* Make sure we can remove the list and avoid ALPN */
494
495 free(ssl->s3->alpn_selected);
496 ssl->s3->alpn_selected = NULL;
497 ssl->s3->alpn_selected_len = 0;
498
499 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
500 FAIL("server should not need ALPN by default\n");
501 goto err;
502 }
503
504 failure = 0;
505
506 err:
507 CBB_cleanup(&cbb);
508 SSL_CTX_free(ssl_ctx);
509 SSL_free(ssl);
510 free(data);
511
512 return (failure);
513
514}
515
516/*
517 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
518 *
519 * This extension is only used by the client.
520 */
521
522static const uint8_t tlsext_supportedgroups_client_default[] = {
523 0x00, 0x08,
524 0x00, 0x1d, /* X25519 (29) */
525 0x00, 0x17, /* secp256r1 (23) */
526 0x00, 0x18, /* secp384r1 (24) */
527 0x00, 0x19, /* secp521r1 (25) */
528};
529
530static const uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
531 0x0018 /* tls1_ec_nid2group_id(NID_secp384r1) */
532};
533static const uint8_t tlsext_supportedgroups_client_secp384r1[] = {
534 0x00, 0x02,
535 0x00, 0x18 /* secp384r1 (24) */
536};
537
538/* Example from RFC 4492 section 5.1.1 */
539static const uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
540 0x0013, /* tls1_ec_nid2group_id(NID_X9_62_prime192v1) */
541 0x0015 /* tls1_ec_nid2group_id(NID_secp224r1) */
542};
543static const uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
544 0x00, 0x04,
545 0x00, 0x13, /* secp192r1 aka NIST P-192 */
546 0x00, 0x15 /* secp224r1 aka NIST P-224 */
547};
548
549static int
550test_tlsext_supportedgroups_client(void)
551{
552 unsigned char *data = NULL;
553 SSL_CTX *ssl_ctx = NULL;
554 SSL *ssl = NULL;
555 const struct tls_extension_funcs *client_funcs;
556 const struct tls_extension_funcs *server_funcs;
557 size_t dlen;
558 int failure, alert;
559 CBB cbb;
560 CBS cbs;
561
562 failure = 1;
563
564 if (!CBB_init(&cbb, 0))
565 errx(1, "failed to create CBB");
566
567 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
568 errx(1, "failed to create SSL_CTX");
569 if ((ssl = SSL_new(ssl_ctx)) == NULL)
570 errx(1, "failed to create SSL");
571
572 if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs,
573 &server_funcs))
574 errx(1, "failed to fetch supported groups funcs");
575
576 /*
577 * Default ciphers include EC so we need it by default.
578 */
579 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
580 FAIL("client should need Ellipticcurves for default "
581 "ciphers\n");
582 goto err;
583 }
584
585 /*
586 * Exclude cipher suites so we can test not including it.
587 */
588 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
589 FAIL("client should be able to set cipher list\n");
590 goto err;
591 }
592 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
593 FAIL("client should not need Ellipticcurves\n");
594 goto err;
595 }
596
597 /*
598 * Use libtls default for the rest of the testing
599 */
600 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
601 FAIL("client should be able to set cipher list\n");
602 goto err;
603 }
604 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
605 FAIL("client should need Ellipticcurves\n");
606 goto err;
607 }
608
609 /*
610 * Test with a session secp384r1. The default is used instead.
611 */
612 if ((ssl->session = SSL_SESSION_new()) == NULL)
613 errx(1, "failed to create session");
614
615 if ((ssl->session->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
616 == NULL) {
617 FAIL("client could not malloc\n");
618 goto err;
619 }
620 if (!tls1_ec_nid2group_id(NID_secp384r1,
621 &ssl->session->tlsext_supportedgroups[0]))
622 goto err;
623 ssl->session->tlsext_supportedgroups_length = 1;
624
625 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
626 FAIL("client should need Ellipticcurves\n");
627 goto err;
628 }
629
630 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
631 FAIL("client failed to build Ellipticcurves\n");
632 goto err;
633 }
634
635 if (!CBB_finish(&cbb, &data, &dlen))
636 errx(1, "failed to finish CBB");
637
638 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
639 FAIL("got client Ellipticcurves with length %zu, "
640 "want length %zu\n", dlen,
641 sizeof(tlsext_supportedgroups_client_default));
642 compare_data(data, dlen, tlsext_supportedgroups_client_default,
643 sizeof(tlsext_supportedgroups_client_default));
644 goto err;
645 }
646
647 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
648 FAIL("client Ellipticcurves differs:\n");
649 compare_data(data, dlen, tlsext_supportedgroups_client_default,
650 sizeof(tlsext_supportedgroups_client_default));
651 goto err;
652 }
653
654 /*
655 * Test parsing secp384r1
656 */
657 CBB_cleanup(&cbb);
658 if (!CBB_init(&cbb, 0))
659 errx(1, "Failed to create CBB");
660 free(data);
661 data = NULL;
662
663 SSL_SESSION_free(ssl->session);
664 if ((ssl->session = SSL_SESSION_new()) == NULL)
665 errx(1, "failed to create session");
666
667 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
668 sizeof(tlsext_supportedgroups_client_secp384r1));
669 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
670 FAIL("failed to parse client Ellipticcurves\n");
671 goto err;
672 }
673 if (CBS_len(&cbs) != 0) {
674 FAIL("extension data remaining\n");
675 goto err;
676 }
677
678 if (ssl->session->tlsext_supportedgroups_length !=
679 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
680 FAIL("no tlsext_ellipticcurves from client "
681 "Ellipticcurves\n");
682 goto err;
683 }
684
685 if (memcmp(ssl->session->tlsext_supportedgroups,
686 tlsext_supportedgroups_client_secp384r1_val,
687 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
688 FAIL("client had an incorrect Ellipticcurves "
689 "entry\n");
690 compare_data2(ssl->session->tlsext_supportedgroups,
691 ssl->session->tlsext_supportedgroups_length * 2,
692 tlsext_supportedgroups_client_secp384r1_val,
693 sizeof(tlsext_supportedgroups_client_secp384r1_val));
694 goto err;
695 }
696
697 /*
698 * Use a custom order.
699 */
700 CBB_cleanup(&cbb);
701 if (!CBB_init(&cbb, 0))
702 errx(1, "Failed to create CBB");
703
704 SSL_SESSION_free(ssl->session);
705 if ((ssl->session = SSL_SESSION_new()) == NULL)
706 errx(1, "failed to create session");
707
708 if ((ssl->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
709 FAIL("client could not malloc\n");
710 goto err;
711 }
712 if (!tls1_ec_nid2group_id(NID_X9_62_prime192v1,
713 &ssl->tlsext_supportedgroups[0]))
714 goto err;
715 if (!tls1_ec_nid2group_id(NID_secp224r1,
716 &ssl->tlsext_supportedgroups[1]))
717 goto err;
718 ssl->tlsext_supportedgroups_length = 2;
719
720 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
721 FAIL("client should need Ellipticcurves\n");
722 goto err;
723 }
724
725 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
726 FAIL("client failed to build Ellipticcurves\n");
727 goto err;
728 }
729
730 if (!CBB_finish(&cbb, &data, &dlen))
731 errx(1, "failed to finish CBB");
732
733 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
734 FAIL("got client Ellipticcurves with length %zu, "
735 "want length %zu\n", dlen,
736 sizeof(tlsext_supportedgroups_client_nistp192and224));
737 fprintf(stderr, "received:\n");
738 hexdump(data, dlen);
739 fprintf(stderr, "test data:\n");
740 hexdump(tlsext_supportedgroups_client_nistp192and224,
741 sizeof(tlsext_supportedgroups_client_nistp192and224));
742 goto err;
743 }
744
745 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
746 FAIL("client Ellipticcurves differs:\n");
747 fprintf(stderr, "received:\n");
748 hexdump(data, dlen);
749 fprintf(stderr, "test data:\n");
750 hexdump(tlsext_supportedgroups_client_nistp192and224,
751 sizeof(tlsext_supportedgroups_client_nistp192and224));
752 goto err;
753 }
754
755 /*
756 * Parse non-default curves to session.
757 */
758 CBB_cleanup(&cbb);
759 if (!CBB_init(&cbb, 0))
760 errx(1, "Failed to create CBB");
761 free(data);
762 data = NULL;
763
764 SSL_SESSION_free(ssl->session);
765 if ((ssl->session = SSL_SESSION_new()) == NULL)
766 errx(1, "failed to create session");
767
768 /* Reset back to the default list. */
769 free(ssl->tlsext_supportedgroups);
770 ssl->tlsext_supportedgroups = NULL;
771 ssl->tlsext_supportedgroups_length = 0;
772
773 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
774 sizeof(tlsext_supportedgroups_client_nistp192and224));
775 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
776 FAIL("failed to parse client Ellipticcurves\n");
777 goto err;
778 }
779 if (CBS_len(&cbs) != 0) {
780 FAIL("extension data remaining\n");
781 goto err;
782 }
783
784 if (ssl->session->tlsext_supportedgroups_length !=
785 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
786 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
787 goto err;
788 }
789
790 if (memcmp(ssl->session->tlsext_supportedgroups,
791 tlsext_supportedgroups_client_nistp192and224_val,
792 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
793 FAIL("client had an incorrect Ellipticcurves entry\n");
794 compare_data2(ssl->session->tlsext_supportedgroups,
795 ssl->session->tlsext_supportedgroups_length * 2,
796 tlsext_supportedgroups_client_nistp192and224_val,
797 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
798 goto err;
799 }
800
801 failure = 0;
802
803 err:
804 CBB_cleanup(&cbb);
805 SSL_CTX_free(ssl_ctx);
806 SSL_free(ssl);
807 free(data);
808
809 return (failure);
810}
811
812
813/* elliptic_curves is only used by the client so this doesn't test much. */
814static int
815test_tlsext_supportedgroups_server(void)
816{
817 SSL_CTX *ssl_ctx = NULL;
818 SSL *ssl = NULL;
819 const struct tls_extension_funcs *client_funcs;
820 const struct tls_extension_funcs *server_funcs;
821 int failure;
822
823 failure = 1;
824
825 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
826 errx(1, "failed to create SSL_CTX");
827 if ((ssl = SSL_new(ssl_ctx)) == NULL)
828 errx(1, "failed to create SSL");
829
830 if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs,
831 &server_funcs))
832 errx(1, "failed to fetch supported groups funcs");
833
834 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
835 FAIL("server should not need elliptic_curves\n");
836 goto err;
837 }
838
839 if ((ssl->session = SSL_SESSION_new()) == NULL)
840 errx(1, "failed to create session");
841
842 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
843 FAIL("server should not need elliptic_curves\n");
844 goto err;
845 }
846
847 failure = 0;
848
849 err:
850 SSL_CTX_free(ssl_ctx);
851 SSL_free(ssl);
852
853 return (failure);
854
855}
856
857/*
858 * Supported Point Formats - RFC 4492 section 5.1.2.
859 *
860 * Examples are from the RFC. Both client and server have the same build and
861 * parse but the needs differ.
862 */
863
864static const uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
865 TLSEXT_ECPOINTFORMAT_uncompressed
866};
867static const uint8_t tlsext_ecpf_hello_uncompressed[] = {
868 0x01,
869 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
870};
871
872static const uint8_t tlsext_ecpf_hello_prime[] = {
873 0x01,
874 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
875};
876
877static const uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
878 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
879 TLSEXT_ECPOINTFORMAT_uncompressed,
880 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
881};
882static const uint8_t tlsext_ecpf_hello_prefer_order[] = {
883 0x03,
884 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
885 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
886 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
887};
888
889static int
890test_tlsext_ecpf_client(void)
891{
892 uint8_t *data = NULL;
893 SSL_CTX *ssl_ctx = NULL;
894 SSL *ssl = NULL;
895 const struct tls_extension_funcs *client_funcs;
896 const struct tls_extension_funcs *server_funcs;
897 size_t dlen;
898 int failure, alert;
899 CBB cbb;
900 CBS cbs;
901
902 failure = 1;
903
904 if (!CBB_init(&cbb, 0))
905 errx(1, "Failed to create CBB");
906
907 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
908 errx(1, "failed to create SSL_CTX");
909 if ((ssl = SSL_new(ssl_ctx)) == NULL)
910 errx(1, "failed to create SSL");
911
912 if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs,
913 &server_funcs))
914 errx(1, "failed to fetch ecpf funcs");
915
916 /*
917 * Default ciphers include EC so we need it by default.
918 */
919 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
920 FAIL("client should need ECPointFormats for default "
921 "ciphers\n");
922 goto err;
923 }
924
925 /*
926 * Exclude EC cipher suites so we can test not including it.
927 */
928 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
929 FAIL("client should be able to set cipher list\n");
930 goto err;
931 }
932 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
933 FAIL("client should not need ECPointFormats\n");
934 goto err;
935 }
936
937 /*
938 * Use libtls default for the rest of the testing
939 */
940 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
941 FAIL("client should be able to set cipher list\n");
942 goto err;
943 }
944 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
945 FAIL("client should need ECPointFormats\n");
946 goto err;
947 }
948
949 /*
950 * The default ECPointFormats should only have uncompressed
951 */
952 if ((ssl->session = SSL_SESSION_new()) == NULL)
953 errx(1, "failed to create session");
954
955 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
956 FAIL("client failed to build ECPointFormats\n");
957 goto err;
958 }
959
960 if (!CBB_finish(&cbb, &data, &dlen))
961 errx(1, "failed to finish CBB");
962
963 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
964 FAIL("got client ECPointFormats with length %zu, "
965 "want length %zu\n", dlen,
966 sizeof(tlsext_ecpf_hello_uncompressed));
967 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
968 sizeof(tlsext_ecpf_hello_uncompressed));
969 goto err;
970 }
971
972 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
973 FAIL("client ECPointFormats differs:\n");
974 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
975 sizeof(tlsext_ecpf_hello_uncompressed));
976 goto err;
977 }
978
979 /*
980 * Make sure we can parse the default.
981 */
982 CBB_cleanup(&cbb);
983 if (!CBB_init(&cbb, 0))
984 errx(1, "Failed to create CBB");
985 free(data);
986 data = NULL;
987
988 SSL_SESSION_free(ssl->session);
989 if ((ssl->session = SSL_SESSION_new()) == NULL)
990 errx(1, "failed to create session");
991
992 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
993 sizeof(tlsext_ecpf_hello_uncompressed));
994 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
995 FAIL("failed to parse client ECPointFormats\n");
996 goto err;
997 }
998 if (CBS_len(&cbs) != 0) {
999 FAIL("extension data remaining\n");
1000 goto err;
1001 }
1002
1003 if (ssl->session->tlsext_ecpointformatlist_length !=
1004 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
1005 FAIL("no tlsext_ecpointformats from client "
1006 "ECPointFormats\n");
1007 goto err;
1008 }
1009
1010 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1011 tlsext_ecpf_hello_uncompressed_val,
1012 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
1013 FAIL("client had an incorrect ECPointFormats entry\n");
1014 goto err;
1015 }
1016
1017 /*
1018 * Test with a custom order.
1019 */
1020 CBB_cleanup(&cbb);
1021 if (!CBB_init(&cbb, 0))
1022 errx(1, "Failed to create CBB");
1023 free(data);
1024 data = NULL;
1025
1026 SSL_SESSION_free(ssl->session);
1027 if ((ssl->session = SSL_SESSION_new()) == NULL)
1028 errx(1, "failed to create session");
1029
1030 if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1031 FAIL("client could not malloc\n");
1032 goto err;
1033 }
1034 ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1035 ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1036 ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1037 ssl->tlsext_ecpointformatlist_length = 3;
1038
1039 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1040 FAIL("client should need ECPointFormats with a custom "
1041 "format\n");
1042 goto err;
1043 }
1044
1045 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1046 FAIL("client failed to build ECPointFormats\n");
1047 goto err;
1048 }
1049
1050 if (!CBB_finish(&cbb, &data, &dlen))
1051 errx(1, "failed to finish CBB");
1052
1053 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1054 FAIL("got client ECPointFormats with length %zu, "
1055 "want length %zu\n", dlen,
1056 sizeof(tlsext_ecpf_hello_prefer_order));
1057 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1058 sizeof(tlsext_ecpf_hello_prefer_order));
1059 goto err;
1060 }
1061
1062 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1063 FAIL("client ECPointFormats differs:\n");
1064 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1065 sizeof(tlsext_ecpf_hello_prefer_order));
1066 goto err;
1067 }
1068
1069 /*
1070 * Make sure that we can parse this custom order.
1071 */
1072 CBB_cleanup(&cbb);
1073 if (!CBB_init(&cbb, 0))
1074 errx(1, "Failed to create CBB");
1075 free(data);
1076 data = NULL;
1077
1078 SSL_SESSION_free(ssl->session);
1079 if ((ssl->session = SSL_SESSION_new()) == NULL)
1080 errx(1, "failed to create session");
1081
1082 /* Reset the custom list so we go back to the default uncompressed. */
1083 free(ssl->tlsext_ecpointformatlist);
1084 ssl->tlsext_ecpointformatlist = NULL;
1085 ssl->tlsext_ecpointformatlist_length = 0;
1086
1087 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1088 sizeof(tlsext_ecpf_hello_prefer_order));
1089 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1090 FAIL("failed to parse client ECPointFormats\n");
1091 goto err;
1092 }
1093 if (CBS_len(&cbs) != 0) {
1094 FAIL("extension data remaining\n");
1095 goto err;
1096 }
1097
1098 if (ssl->session->tlsext_ecpointformatlist_length !=
1099 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1100 FAIL("no tlsext_ecpointformats from client "
1101 "ECPointFormats\n");
1102 goto err;
1103 }
1104
1105 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1106 tlsext_ecpf_hello_prefer_order_val,
1107 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1108 FAIL("client had an incorrect ECPointFormats entry\n");
1109 goto err;
1110 }
1111
1112
1113 failure = 0;
1114
1115 err:
1116 CBB_cleanup(&cbb);
1117 SSL_CTX_free(ssl_ctx);
1118 SSL_free(ssl);
1119 free(data);
1120
1121 return (failure);
1122}
1123
1124static int
1125test_tlsext_ecpf_server(void)
1126{
1127 uint8_t *data = NULL;
1128 SSL_CTX *ssl_ctx = NULL;
1129 SSL *ssl = NULL;
1130 const struct tls_extension_funcs *client_funcs;
1131 const struct tls_extension_funcs *server_funcs;
1132 size_t dlen;
1133 int failure, alert;
1134 CBB cbb;
1135 CBS cbs;
1136
1137 failure = 1;
1138
1139 if (!CBB_init(&cbb, 0))
1140 errx(1, "Failed to create CBB");
1141
1142 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1143 errx(1, "failed to create SSL_CTX");
1144 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1145 errx(1, "failed to create SSL");
1146
1147 if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs,
1148 &server_funcs))
1149 errx(1, "failed to fetch ecpf funcs");
1150
1151 if ((ssl->session = SSL_SESSION_new()) == NULL)
1152 errx(1, "failed to create session");
1153
1154 /* Setup the state so we can call needs. */
1155 if ((ssl->s3->hs.cipher =
1156 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1157 == NULL) {
1158 FAIL("server cannot find cipher\n");
1159 goto err;
1160 }
1161 if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1162 == NULL) {
1163 FAIL("server could not malloc\n");
1164 goto err;
1165 }
1166 ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1167 ssl->session->tlsext_ecpointformatlist_length = 1;
1168
1169 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1170 FAIL("server should need ECPointFormats now\n");
1171 goto err;
1172 }
1173
1174 /*
1175 * The server will ignore the session list and use either a custom
1176 * list or the default (uncompressed).
1177 */
1178 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1179 FAIL("server failed to build ECPointFormats\n");
1180 goto err;
1181 }
1182
1183 if (!CBB_finish(&cbb, &data, &dlen))
1184 errx(1, "failed to finish CBB");
1185
1186 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1187 FAIL("got server ECPointFormats with length %zu, "
1188 "want length %zu\n", dlen,
1189 sizeof(tlsext_ecpf_hello_uncompressed));
1190 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1191 sizeof(tlsext_ecpf_hello_uncompressed));
1192 goto err;
1193 }
1194
1195 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1196 FAIL("server ECPointFormats differs:\n");
1197 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1198 sizeof(tlsext_ecpf_hello_uncompressed));
1199 goto err;
1200 }
1201
1202 /*
1203 * Cannot parse a non-default list without at least uncompressed.
1204 */
1205 CBB_cleanup(&cbb);
1206 if (!CBB_init(&cbb, 0))
1207 errx(1, "Failed to create CBB");
1208 free(data);
1209 data = NULL;
1210
1211 SSL_SESSION_free(ssl->session);
1212 if ((ssl->session = SSL_SESSION_new()) == NULL)
1213 errx(1, "failed to create session");
1214
1215 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1216 sizeof(tlsext_ecpf_hello_prime));
1217 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1218 FAIL("must include uncompressed in server ECPointFormats\n");
1219 goto err;
1220 }
1221 if (CBS_len(&cbs) != 0) {
1222 FAIL("extension data remaining\n");
1223 goto err;
1224 }
1225
1226 /*
1227 * Test with a custom order that replaces the default uncompressed.
1228 */
1229 CBB_cleanup(&cbb);
1230 if (!CBB_init(&cbb, 0))
1231 errx(1, "Failed to create CBB");
1232 free(data);
1233 data = NULL;
1234
1235 SSL_SESSION_free(ssl->session);
1236 if ((ssl->session = SSL_SESSION_new()) == NULL)
1237 errx(1, "failed to create session");
1238
1239 /* Add a session list even though it will be ignored. */
1240 if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1241 == NULL) {
1242 FAIL("server could not malloc\n");
1243 goto err;
1244 }
1245 ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1246 ssl->session->tlsext_ecpointformatlist_length = 1;
1247
1248 /* Replace the default list with a custom one. */
1249 if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1250 FAIL("server could not malloc\n");
1251 goto err;
1252 }
1253 ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1254 ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1255 ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1256 ssl->tlsext_ecpointformatlist_length = 3;
1257
1258 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1259 FAIL("server should need ECPointFormats\n");
1260 goto err;
1261 }
1262
1263 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1264 FAIL("server failed to build ECPointFormats\n");
1265 goto err;
1266 }
1267
1268 if (!CBB_finish(&cbb, &data, &dlen))
1269 errx(1, "failed to finish CBB");
1270
1271 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1272 FAIL("got server ECPointFormats with length %zu, "
1273 "want length %zu\n", dlen,
1274 sizeof(tlsext_ecpf_hello_prefer_order));
1275 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1276 sizeof(tlsext_ecpf_hello_prefer_order));
1277 goto err;
1278 }
1279
1280 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1281 FAIL("server ECPointFormats differs:\n");
1282 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1283 sizeof(tlsext_ecpf_hello_prefer_order));
1284 goto err;
1285 }
1286
1287 /*
1288 * Should be able to parse the custom list into a session list.
1289 */
1290 CBB_cleanup(&cbb);
1291 if (!CBB_init(&cbb, 0))
1292 errx(1, "Failed to create CBB");
1293 free(data);
1294 data = NULL;
1295
1296 SSL_SESSION_free(ssl->session);
1297 if ((ssl->session = SSL_SESSION_new()) == NULL)
1298 errx(1, "failed to create session");
1299
1300 /* Reset back to the default (uncompressed) */
1301 free(ssl->tlsext_ecpointformatlist);
1302 ssl->tlsext_ecpointformatlist = NULL;
1303 ssl->tlsext_ecpointformatlist_length = 0;
1304
1305 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1306 sizeof(tlsext_ecpf_hello_prefer_order));
1307 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1308 FAIL("failed to parse server ECPointFormats\n");
1309 goto err;
1310 }
1311 if (CBS_len(&cbs) != 0) {
1312 FAIL("extension data remaining\n");
1313 goto err;
1314 }
1315
1316 if (ssl->session->tlsext_ecpointformatlist_length !=
1317 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1318 FAIL("no tlsext_ecpointformats from server "
1319 "ECPointFormats\n");
1320 goto err;
1321 }
1322
1323 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1324 tlsext_ecpf_hello_prefer_order_val,
1325 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1326 FAIL("server had an incorrect ECPointFormats entry\n");
1327 goto err;
1328 }
1329
1330 failure = 0;
1331
1332 err:
1333 CBB_cleanup(&cbb);
1334 SSL_CTX_free(ssl_ctx);
1335 SSL_free(ssl);
1336 free(data);
1337
1338 return (failure);
1339}
1340
1341/*
1342 * Renegotiation Indication - RFC 5746.
1343 */
1344
1345static const unsigned char tlsext_ri_prev_client[] = {
1346 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1347 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1348};
1349
1350static const unsigned char tlsext_ri_prev_server[] = {
1351 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1352 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1353};
1354
1355static const unsigned char tlsext_ri_client[] = {
1356 0x10,
1357 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1358 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1359};
1360
1361static const unsigned char tlsext_ri_server[] = {
1362 0x20,
1363 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1364 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1365 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1366 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1367};
1368
1369static int
1370test_tlsext_ri_client(void)
1371{
1372 unsigned char *data = NULL;
1373 SSL_CTX *ssl_ctx = NULL;
1374 SSL *ssl = NULL;
1375 const struct tls_extension_funcs *client_funcs;
1376 const struct tls_extension_funcs *server_funcs;
1377 int failure;
1378 size_t dlen;
1379 int alert;
1380 CBB cbb;
1381 CBS cbs;
1382
1383 failure = 1;
1384
1385 if (!CBB_init(&cbb, 0))
1386 errx(1, "Failed to create CBB");
1387
1388 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1389 errx(1, "failed to create SSL_CTX");
1390 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1391 errx(1, "failed to create SSL");
1392
1393 if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs,
1394 &server_funcs))
1395 errx(1, "failed to fetch ri funcs");
1396
1397 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1398 FAIL("client should not need RI\n");
1399 goto err;
1400 }
1401
1402 if (!SSL_renegotiate(ssl)) {
1403 FAIL("client failed to set renegotiate\n");
1404 goto err;
1405 }
1406
1407 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1408 FAIL("client should need RI\n");
1409 goto err;
1410 }
1411
1412 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1413 sizeof(tlsext_ri_prev_client));
1414 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1415
1416 ssl->s3->renegotiate_seen = 0;
1417
1418 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1419 FAIL("client failed to build RI\n");
1420 goto err;
1421 }
1422
1423 if (!CBB_finish(&cbb, &data, &dlen))
1424 errx(1, "failed to finish CBB");
1425
1426 if (dlen != sizeof(tlsext_ri_client)) {
1427 FAIL("got client RI with length %zu, "
1428 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1429 goto err;
1430 }
1431
1432 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1433 FAIL("client RI differs:\n");
1434 fprintf(stderr, "received:\n");
1435 hexdump(data, dlen);
1436 fprintf(stderr, "test data:\n");
1437 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1438 goto err;
1439 }
1440
1441 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1442 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1443 FAIL("failed to parse client RI\n");
1444 goto err;
1445 }
1446 if (CBS_len(&cbs) != 0) {
1447 FAIL("extension data remaining\n");
1448 goto err;
1449 }
1450
1451 if (ssl->s3->renegotiate_seen != 1) {
1452 FAIL("renegotiate seen not set\n");
1453 goto err;
1454 }
1455 if (ssl->s3->send_connection_binding != 1) {
1456 FAIL("send connection binding not set\n");
1457 goto err;
1458 }
1459
1460 memset(ssl->s3->previous_client_finished, 0,
1461 sizeof(ssl->s3->previous_client_finished));
1462
1463 ssl->s3->renegotiate_seen = 0;
1464
1465 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1466 if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1467 FAIL("parsed invalid client RI\n");
1468 goto err;
1469 }
1470
1471 if (ssl->s3->renegotiate_seen == 1) {
1472 FAIL("renegotiate seen set\n");
1473 goto err;
1474 }
1475
1476 failure = 0;
1477
1478 err:
1479 CBB_cleanup(&cbb);
1480 SSL_CTX_free(ssl_ctx);
1481 SSL_free(ssl);
1482 free(data);
1483
1484 return (failure);
1485}
1486
1487static int
1488test_tlsext_ri_server(void)
1489{
1490 unsigned char *data = NULL;
1491 SSL_CTX *ssl_ctx = NULL;
1492 SSL *ssl = NULL;
1493 const struct tls_extension_funcs *client_funcs;
1494 const struct tls_extension_funcs *server_funcs;
1495 int failure;
1496 size_t dlen;
1497 int alert;
1498 CBB cbb;
1499 CBS cbs;
1500
1501 failure = 1;
1502
1503 if (!CBB_init(&cbb, 0))
1504 errx(1, "Failed to create CBB");
1505
1506 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1507 errx(1, "failed to create SSL_CTX");
1508 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1509 errx(1, "failed to create SSL");
1510
1511 if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs,
1512 &server_funcs))
1513 errx(1, "failed to fetch ri funcs");
1514
1515 ssl->version = TLS1_2_VERSION;
1516 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1517 FAIL("server should not need RI\n");
1518 goto err;
1519 }
1520
1521 ssl->s3->send_connection_binding = 1;
1522
1523 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1524 FAIL("server should need RI\n");
1525 goto err;
1526 }
1527
1528 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1529 sizeof(tlsext_ri_prev_client));
1530 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1531
1532 memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server,
1533 sizeof(tlsext_ri_prev_server));
1534 ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1535
1536 ssl->s3->renegotiate_seen = 0;
1537
1538 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1539 FAIL("server failed to build RI\n");
1540 goto err;
1541 }
1542
1543 if (!CBB_finish(&cbb, &data, &dlen))
1544 errx(1, "failed to finish CBB");
1545
1546 if (dlen != sizeof(tlsext_ri_server)) {
1547 FAIL("got server RI with length %zu, "
1548 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1549 goto err;
1550 }
1551
1552 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1553 FAIL("server RI differs:\n");
1554 fprintf(stderr, "received:\n");
1555 hexdump(data, dlen);
1556 fprintf(stderr, "test data:\n");
1557 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1558 goto err;
1559 }
1560
1561 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1562 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1563 FAIL("failed to parse server RI\n");
1564 goto err;
1565 }
1566 if (CBS_len(&cbs) != 0) {
1567 FAIL("extension data remaining\n");
1568 goto err;
1569 }
1570
1571 if (ssl->s3->renegotiate_seen != 1) {
1572 FAIL("renegotiate seen not set\n");
1573 goto err;
1574 }
1575 if (ssl->s3->send_connection_binding != 1) {
1576 FAIL("send connection binding not set\n");
1577 goto err;
1578 }
1579
1580 memset(ssl->s3->previous_client_finished, 0,
1581 sizeof(ssl->s3->previous_client_finished));
1582 memset(ssl->s3->previous_server_finished, 0,
1583 sizeof(ssl->s3->previous_server_finished));
1584
1585 ssl->s3->renegotiate_seen = 0;
1586
1587 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1588 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1589 FAIL("parsed invalid server RI\n");
1590 goto err;
1591 }
1592
1593 if (ssl->s3->renegotiate_seen == 1) {
1594 FAIL("renegotiate seen set\n");
1595 goto err;
1596 }
1597
1598 failure = 0;
1599
1600 err:
1601 CBB_cleanup(&cbb);
1602 SSL_CTX_free(ssl_ctx);
1603 SSL_free(ssl);
1604 free(data);
1605
1606 return (failure);
1607}
1608
1609/*
1610 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1611 */
1612
1613static const unsigned char tlsext_sigalgs_client[] = {
1614 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1615 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
1616 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
1617};
1618
1619static int
1620test_tlsext_sigalgs_client(void)
1621{
1622 unsigned char *data = NULL;
1623 SSL_CTX *ssl_ctx = NULL;
1624 SSL *ssl = NULL;
1625 const struct tls_extension_funcs *client_funcs;
1626 const struct tls_extension_funcs *server_funcs;
1627 int failure;
1628 size_t dlen;
1629 int alert;
1630 CBB cbb;
1631 CBS cbs;
1632
1633 failure = 1;
1634
1635 if (!CBB_init(&cbb, 0))
1636 errx(1, "Failed to create CBB");
1637
1638 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1639 errx(1, "failed to create SSL_CTX");
1640 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1641 errx(1, "failed to create SSL");
1642
1643 if (!tls_extension_funcs(TLSEXT_TYPE_signature_algorithms,
1644 &client_funcs, &server_funcs))
1645 errx(1, "failed to fetch sigalgs funcs");
1646
1647 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
1648
1649 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1650 FAIL("client should not need sigalgs\n");
1651 goto done;
1652 }
1653
1654 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
1655
1656 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1657 FAIL("client should need sigalgs\n");
1658 goto done;
1659 }
1660
1661 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1662 FAIL("client failed to build sigalgs\n");
1663 goto done;
1664 }
1665
1666 if (!CBB_finish(&cbb, &data, &dlen))
1667 errx(1, "failed to finish CBB");
1668
1669 if (dlen != sizeof(tlsext_sigalgs_client)) {
1670 FAIL("got client sigalgs length %zu, "
1671 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1672 goto done;
1673 }
1674
1675 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1676 FAIL("client SNI differs:\n");
1677 fprintf(stderr, "received:\n");
1678 hexdump(data, dlen);
1679 fprintf(stderr, "test data:\n");
1680 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1681 goto done;
1682 }
1683
1684 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1685 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1686 FAIL("failed to parse client SNI\n");
1687 goto done;
1688 }
1689 if (CBS_len(&cbs) != 0) {
1690 FAIL("extension data remaining\n");
1691 goto done;
1692 }
1693
1694 failure = 0;
1695
1696 done:
1697 CBB_cleanup(&cbb);
1698 SSL_CTX_free(ssl_ctx);
1699 SSL_free(ssl);
1700 free(data);
1701
1702 return (failure);
1703}
1704
1705#if 0
1706static int
1707test_tlsext_sigalgs_server(void)
1708{
1709 unsigned char *data = NULL;
1710 SSL_CTX *ssl_ctx = NULL;
1711 SSL *ssl = NULL;
1712 const struct tls_extension_funcs *client_funcs;
1713 const struct tls_extension_funcs *server_funcs;
1714 int failure;
1715 size_t dlen;
1716 int alert;
1717 CBB cbb;
1718 CBS cbs;
1719
1720 failure = 1;
1721
1722 if (!CBB_init(&cbb, 0))
1723 errx(1, "Failed to create CBB");
1724
1725 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1726 errx(1, "failed to create SSL_CTX");
1727 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1728 errx(1, "failed to create SSL");
1729
1730 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1731 &server_funcs))
1732 errx(1, "failed to fetch sigalgs funcs");
1733
1734 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1735 FAIL("server should not need sigalgs\n");
1736 goto done;
1737 }
1738
1739 if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1740 FAIL("server should not build sigalgs\n");
1741 goto done;
1742 }
1743
1744 if (!CBB_finish(&cbb, &data, &dlen))
1745 errx(1, "failed to finish CBB");
1746
1747 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1748 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1749 FAIL("server should not parse sigalgs\n");
1750 goto done;
1751 }
1752
1753 failure = 0;
1754
1755 done:
1756 CBB_cleanup(&cbb);
1757 SSL_CTX_free(ssl_ctx);
1758 SSL_free(ssl);
1759 free(data);
1760
1761 return (failure);
1762}
1763#endif
1764
1765/*
1766 * Server Name Indication - RFC 6066 section 3.
1767 */
1768
1769#define TEST_SNI_SERVERNAME "www.libressl.org"
1770
1771static const unsigned char tlsext_sni_client[] = {
1772 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1773 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1774 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1775};
1776
1777/* An empty array is an incomplete type and sizeof() is undefined. */
1778static const unsigned char tlsext_sni_server[] = {
1779 0x00,
1780};
1781static size_t tlsext_sni_server_len = 0;
1782
1783static int
1784test_tlsext_sni_client(void)
1785{
1786 unsigned char *data = NULL;
1787 SSL_CTX *ssl_ctx = NULL;
1788 SSL *ssl = NULL;
1789 const struct tls_extension_funcs *client_funcs;
1790 const struct tls_extension_funcs *server_funcs;
1791 int failure;
1792 size_t dlen;
1793 int alert;
1794 CBB cbb;
1795 CBS cbs;
1796
1797 failure = 1;
1798
1799 if (!CBB_init(&cbb, 0))
1800 errx(1, "Failed to create CBB");
1801
1802 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1803 errx(1, "failed to create SSL_CTX");
1804 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1805 errx(1, "failed to create SSL");
1806
1807 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1808 &server_funcs))
1809 errx(1, "failed to fetch sni funcs");
1810
1811 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1812 FAIL("client should not need SNI\n");
1813 goto err;
1814 }
1815
1816 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1817 FAIL("client failed to set server name\n");
1818 goto err;
1819 }
1820
1821 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1822 FAIL("client should need SNI\n");
1823 goto err;
1824 }
1825
1826 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1827 FAIL("client failed to build SNI\n");
1828 goto err;
1829 }
1830
1831 if (!CBB_finish(&cbb, &data, &dlen)) {
1832 FAIL("failed to finish CBB");
1833 goto err;
1834 }
1835
1836 if (dlen != sizeof(tlsext_sni_client)) {
1837 FAIL("got client SNI with length %zu, "
1838 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1839 goto err;
1840 }
1841
1842 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1843 FAIL("client SNI differs:\n");
1844 fprintf(stderr, "received:\n");
1845 hexdump(data, dlen);
1846 fprintf(stderr, "test data:\n");
1847 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1848 goto err;
1849 }
1850
1851 /*
1852 * SSL_set_tlsext_host_name() may be called with a NULL host name to
1853 * disable SNI.
1854 */
1855 if (!SSL_set_tlsext_host_name(ssl, NULL)) {
1856 FAIL("cannot set host name to NULL");
1857 goto err;
1858 }
1859
1860 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1861 FAIL("client should not need SNI\n");
1862 goto err;
1863 }
1864
1865 if ((ssl->session = SSL_SESSION_new()) == NULL) {
1866 FAIL("failed to create session");
1867 goto err;
1868 }
1869
1870 ssl->hit = 0;
1871
1872 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1873 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1874 FAIL("failed to parse client SNI\n");
1875 goto err;
1876 }
1877 if (CBS_len(&cbs) != 0) {
1878 FAIL("extension data remaining\n");
1879 goto err;
1880 }
1881
1882 if (ssl->session->tlsext_hostname == NULL) {
1883 FAIL("no tlsext_hostname from client SNI\n");
1884 goto err;
1885 }
1886
1887 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1888 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1889 strlen(TEST_SNI_SERVERNAME)) != 0) {
1890 FAIL("got tlsext_hostname `%s', want `%s'\n",
1891 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1892 goto err;
1893 }
1894
1895 ssl->hit = 1;
1896
1897 free(ssl->session->tlsext_hostname);
1898 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1899 NULL) {
1900 FAIL("failed to strdup tlsext_hostname");
1901 goto err;
1902 }
1903
1904 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1905 if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1906 FAIL("parsed client with mismatched SNI\n");
1907 goto err;
1908 }
1909
1910 failure = 0;
1911
1912 err:
1913 CBB_cleanup(&cbb);
1914 SSL_CTX_free(ssl_ctx);
1915 SSL_free(ssl);
1916 free(data);
1917
1918 return (failure);
1919}
1920
1921static int
1922test_tlsext_sni_server(void)
1923{
1924 unsigned char *data = NULL;
1925 SSL_CTX *ssl_ctx = NULL;
1926 SSL *ssl = NULL;
1927 const struct tls_extension_funcs *client_funcs;
1928 const struct tls_extension_funcs *server_funcs;
1929 int failure;
1930 size_t dlen;
1931 int alert;
1932 CBB cbb;
1933 CBS cbs;
1934
1935 failure = 1;
1936
1937 if (!CBB_init(&cbb, 0))
1938 errx(1, "Failed to create CBB");
1939
1940 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1941 errx(1, "failed to create SSL_CTX");
1942 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1943 errx(1, "failed to create SSL");
1944
1945 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1946 &server_funcs))
1947 errx(1, "failed to fetch sni funcs");
1948
1949 if ((ssl->session = SSL_SESSION_new()) == NULL)
1950 errx(1, "failed to create session");
1951
1952 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1953 FAIL("server should not need SNI\n");
1954 goto err;
1955 }
1956
1957 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1958 FAIL("client failed to set server name\n");
1959 goto err;
1960 }
1961
1962 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1963 NULL)
1964 errx(1, "failed to strdup tlsext_hostname");
1965
1966 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1967 FAIL("server should need SNI\n");
1968 goto err;
1969 }
1970
1971 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1972 FAIL("server failed to build SNI\n");
1973 goto err;
1974 }
1975
1976 if (!CBB_finish(&cbb, &data, &dlen))
1977 errx(1, "failed to finish CBB");
1978
1979 if (dlen != tlsext_sni_server_len) {
1980 FAIL("got server SNI with length %zu, "
1981 "want length %zu\n", dlen, tlsext_sni_server_len);
1982 goto err;
1983 }
1984
1985 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1986 FAIL("server SNI differs:\n");
1987 fprintf(stderr, "received:\n");
1988 hexdump(data, dlen);
1989 fprintf(stderr, "test data:\n");
1990 hexdump(tlsext_sni_server, tlsext_sni_server_len);
1991 goto err;
1992 }
1993
1994 free(ssl->session->tlsext_hostname);
1995 ssl->session->tlsext_hostname = NULL;
1996
1997 CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len);
1998 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1999 FAIL("failed to parse server SNI\n");
2000 goto err;
2001 }
2002 if (CBS_len(&cbs) != 0) {
2003 FAIL("extension data remaining\n");
2004 goto err;
2005 }
2006
2007 if (ssl->session->tlsext_hostname == NULL) {
2008 FAIL("no tlsext_hostname after server SNI\n");
2009 goto err;
2010 }
2011
2012 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
2013 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
2014 strlen(TEST_SNI_SERVERNAME)) != 0) {
2015 FAIL("got tlsext_hostname `%s', want `%s'\n",
2016 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
2017 goto err;
2018 }
2019
2020 failure = 0;
2021
2022 err:
2023 CBB_cleanup(&cbb);
2024 SSL_CTX_free(ssl_ctx);
2025 SSL_free(ssl);
2026 free(data);
2027
2028 return (failure);
2029}
2030
2031
2032/*
2033 * QUIC transport parameters extension - RFC 90210 :)
2034 */
2035
2036static const unsigned char tlsext_quic_transport_data[] = {
2037 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2038 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
2039};
2040
2041static int
2042test_tlsext_quic_transport_parameters_client(void)
2043{
2044 const SSL_QUIC_METHOD quic_method;
2045 unsigned char *data = NULL;
2046 SSL_CTX *ssl_ctx = NULL;
2047 SSL *ssl = NULL;
2048 const struct tls_extension_funcs *client_funcs;
2049 const struct tls_extension_funcs *server_funcs;
2050 int failure;
2051 size_t dlen;
2052 CBB cbb;
2053 CBS cbs;
2054 int alert;
2055 const uint8_t *out_bytes;
2056 size_t out_bytes_len;
2057
2058 failure = 1;
2059
2060 if (!CBB_init(&cbb, 0))
2061 errx(1, "Failed to create CBB");
2062
2063 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2064 errx(1, "failed to create SSL_CTX");
2065 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2066 errx(1, "failed to create SSL");
2067
2068 if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters,
2069 &client_funcs, &server_funcs))
2070 errx(1, "failed to fetch quic transport parameter funcs");
2071
2072 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2073 FAIL("client should not need QUIC\n");
2074 goto err;
2075 }
2076
2077 if (!SSL_set_quic_transport_params(ssl,
2078 tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data))) {
2079 FAIL("client failed to set QUIC parametes\n");
2080 goto err;
2081 }
2082
2083 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2084 FAIL("client should not need QUIC\n");
2085 goto err;
2086 }
2087
2088 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
2089 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
2090
2091 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2092 FAIL("client should not need QUIC\n");
2093 goto err;
2094 }
2095
2096 ssl->quic_method = &quic_method;
2097
2098 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2099 FAIL("client should need QUIC\n");
2100 goto err;
2101 }
2102
2103 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2104 FAIL("client failed to build QUIC\n");
2105 goto err;
2106 }
2107
2108 if (!CBB_finish(&cbb, &data, &dlen)) {
2109 FAIL("failed to finish CBB");
2110 goto err;
2111 }
2112
2113 if (dlen != sizeof(tlsext_quic_transport_data)) {
2114 FAIL("got client QUIC with length %zu, "
2115 "want length %zu\n", dlen,
2116 sizeof(tlsext_quic_transport_data));
2117 goto err;
2118 }
2119
2120 if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) {
2121 FAIL("client QUIC differs:\n");
2122 fprintf(stderr, "received:\n");
2123 hexdump(data, dlen);
2124 fprintf(stderr, "test data:\n");
2125 hexdump(tlsext_quic_transport_data,
2126 sizeof(tlsext_quic_transport_data));
2127 goto err;
2128 }
2129
2130 CBS_init(&cbs, tlsext_quic_transport_data,
2131 sizeof(tlsext_quic_transport_data));
2132
2133 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2134 FAIL("server_parse of QUIC from server failed\n");
2135 goto err;
2136 }
2137 if (CBS_len(&cbs) != 0) {
2138 FAIL("extension data remaining\n");
2139 goto err;
2140 }
2141
2142 SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len);
2143
2144 if (out_bytes_len != sizeof(tlsext_quic_transport_data)) {
2145 FAIL("server_parse QUIC length differs, got %zu want %zu\n",
2146 out_bytes_len,
2147 sizeof(tlsext_quic_transport_data));
2148 goto err;
2149 }
2150
2151 if (memcmp(out_bytes, tlsext_quic_transport_data,
2152 out_bytes_len) != 0) {
2153 FAIL("server_parse QUIC differs from sent:\n");
2154 fprintf(stderr, "received:\n");
2155 hexdump(data, dlen);
2156 fprintf(stderr, "test data:\n");
2157 hexdump(tlsext_quic_transport_data,
2158 sizeof(tlsext_quic_transport_data));
2159 goto err;
2160 }
2161
2162 failure = 0;
2163
2164 err:
2165 CBB_cleanup(&cbb);
2166 SSL_CTX_free(ssl_ctx);
2167 SSL_free(ssl);
2168 free(data);
2169
2170 return (failure);
2171}
2172
2173static int
2174test_tlsext_quic_transport_parameters_server(void)
2175{
2176 const SSL_QUIC_METHOD quic_method;
2177 unsigned char *data = NULL;
2178 SSL_CTX *ssl_ctx = NULL;
2179 SSL *ssl = NULL;
2180 const struct tls_extension_funcs *client_funcs;
2181 const struct tls_extension_funcs *server_funcs;
2182 int failure;
2183 size_t dlen;
2184 int alert;
2185 CBB cbb;
2186 CBS cbs;
2187 const uint8_t *out_bytes;
2188 size_t out_bytes_len;
2189
2190 failure = 1;
2191
2192 if (!CBB_init(&cbb, 0))
2193 errx(1, "Failed to create CBB");
2194
2195 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2196 errx(1, "failed to create SSL_CTX");
2197 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2198 errx(1, "failed to create SSL");
2199
2200 if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters,
2201 &client_funcs, &server_funcs))
2202 errx(1, "failed to fetch quic transport parameter funcs");
2203
2204 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2205 FAIL("server should not need QUIC\n");
2206 goto err;
2207 }
2208
2209 if (!SSL_set_quic_transport_params(ssl,
2210 tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data))) {
2211 FAIL("server failed to set QUIC parametes\n");
2212 goto err;
2213 }
2214
2215 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) {
2216 FAIL("server should not need QUIC\n");
2217 goto err;
2218 }
2219
2220 ssl->quic_method = &quic_method;
2221
2222 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) {
2223 FAIL("server should need QUIC\n");
2224 goto err;
2225 }
2226
2227 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_EE, &cbb)) {
2228 FAIL("server failed to build QUIC\n");
2229 goto err;
2230 }
2231
2232 if (!CBB_finish(&cbb, &data, &dlen))
2233 errx(1, "failed to finish CBB");
2234
2235 if (dlen != sizeof(tlsext_quic_transport_data)) {
2236 FAIL("got server QUIC with length %zu, want length %zu\n",
2237 dlen, sizeof(tlsext_quic_transport_data));
2238 goto err;
2239 }
2240
2241 if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) {
2242 FAIL("saved server QUIC differs:\n");
2243 fprintf(stderr, "received:\n");
2244 hexdump(data, dlen);
2245 fprintf(stderr, "test data:\n");
2246 hexdump(tlsext_quic_transport_data,
2247 sizeof(tlsext_quic_transport_data));
2248 goto err;
2249 }
2250
2251 CBS_init(&cbs, tlsext_quic_transport_data,
2252 sizeof(tlsext_quic_transport_data));
2253
2254 ssl->quic_method = NULL;
2255
2256 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) {
2257 FAIL("QUIC parse should have failed!\n");
2258 goto err;
2259 }
2260
2261 ssl->quic_method = &quic_method;
2262
2263 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2264 FAIL("client_parse of QUIC from server failed\n");
2265 goto err;
2266 }
2267 if (CBS_len(&cbs) != 0) {
2268 FAIL("extension data remaining\n");
2269 goto err;
2270 }
2271
2272 SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len);
2273
2274 if (out_bytes_len != sizeof(tlsext_quic_transport_data)) {
2275 FAIL("client QUIC length differs, got %zu want %zu\n",
2276 out_bytes_len,
2277 sizeof(tlsext_quic_transport_data));
2278 goto err;
2279 }
2280
2281 if (memcmp(out_bytes, tlsext_quic_transport_data, out_bytes_len) != 0) {
2282 FAIL("client QUIC differs from sent:\n");
2283 fprintf(stderr, "received:\n");
2284 hexdump(data, dlen);
2285 fprintf(stderr, "test data:\n");
2286 hexdump(tlsext_quic_transport_data,
2287 sizeof(tlsext_quic_transport_data));
2288 goto err;
2289 }
2290
2291 failure = 0;
2292
2293 err:
2294 CBB_cleanup(&cbb);
2295 SSL_CTX_free(ssl_ctx);
2296 SSL_free(ssl);
2297 free(data);
2298
2299 return (failure);
2300}
2301
2302static const unsigned char tls_ocsp_client_default[] = {
2303 0x01, 0x00, 0x00, 0x00, 0x00
2304};
2305
2306static int
2307test_tlsext_ocsp_client(void)
2308{
2309 unsigned char *data = NULL;
2310 SSL_CTX *ssl_ctx = NULL;
2311 SSL *ssl = NULL;
2312 const struct tls_extension_funcs *client_funcs;
2313 const struct tls_extension_funcs *server_funcs;
2314 size_t dlen;
2315 int failure;
2316 int alert;
2317 CBB cbb;
2318 CBS cbs;
2319
2320 failure = 1;
2321
2322 if (!CBB_init(&cbb, 0))
2323 errx(1, "Failed to create CBB");
2324
2325 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2326 errx(1, "failed to create SSL_CTX");
2327 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2328 errx(1, "failed to create SSL");
2329
2330 if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs,
2331 &server_funcs))
2332 errx(1, "failed to fetch ocsp funcs");
2333
2334 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2335 FAIL("client should not need TLSEXT_TYPE_status_request\n");
2336 goto err;
2337 }
2338 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
2339
2340 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2341 FAIL("client should need TLSEXT_TYPE_status_request\n");
2342 goto err;
2343 }
2344 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2345 FAIL("client failed to build SNI\n");
2346 goto err;
2347 }
2348 if (!CBB_finish(&cbb, &data, &dlen))
2349 errx(1, "failed to finish CBB");
2350
2351 if (dlen != sizeof(tls_ocsp_client_default)) {
2352 FAIL("got TLSEXT_TYPE_status_request client with length %zu, "
2353 "want length %zu\n", dlen,
2354 sizeof(tls_ocsp_client_default));
2355 goto err;
2356 }
2357 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
2358 FAIL("TLSEXT_TYPE_status_request client differs:\n");
2359 fprintf(stderr, "received:\n");
2360 hexdump(data, dlen);
2361 fprintf(stderr, "test data:\n");
2362 hexdump(tls_ocsp_client_default,
2363 sizeof(tls_ocsp_client_default));
2364 goto err;
2365 }
2366 CBS_init(&cbs, tls_ocsp_client_default,
2367 sizeof(tls_ocsp_client_default));
2368 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2369 FAIL("failed to parse TLSEXT_TYPE_status_request client\n");
2370 goto err;
2371 }
2372 if (CBS_len(&cbs) != 0) {
2373 FAIL("extension data remaining\n");
2374 goto err;
2375 }
2376
2377 failure = 0;
2378
2379 err:
2380 CBB_cleanup(&cbb);
2381 SSL_CTX_free(ssl_ctx);
2382 SSL_free(ssl);
2383 free(data);
2384
2385 return (failure);
2386}
2387
2388static int
2389test_tlsext_ocsp_server(void)
2390{
2391 unsigned char *data = NULL;
2392 SSL_CTX *ssl_ctx = NULL;
2393 SSL *ssl = NULL;
2394 const struct tls_extension_funcs *client_funcs;
2395 const struct tls_extension_funcs *server_funcs;
2396 size_t dlen;
2397 int failure;
2398 CBB cbb;
2399
2400 failure = 1;
2401
2402 if (!CBB_init(&cbb, 0))
2403 errx(1, "Failed to create CBB");
2404
2405 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2406 errx(1, "failed to create SSL_CTX");
2407 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2408 errx(1, "failed to create SSL");
2409
2410 if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs,
2411 &server_funcs))
2412 errx(1, "failed to fetch ocsp funcs");
2413
2414 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2415 FAIL("server should not need TLSEXT_TYPE_status_request\n");
2416 goto err;
2417 }
2418
2419 ssl->tlsext_status_expected = 1;
2420
2421 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2422 FAIL("server should need TLSEXT_TYPE_status_request\n");
2423 goto err;
2424 }
2425 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2426 FAIL("server failed to build TLSEXT_TYPE_status_request\n");
2427 goto err;
2428 }
2429
2430 if (!CBB_finish(&cbb, &data, &dlen))
2431 errx(1, "failed to finish CBB");
2432
2433 failure = 0;
2434
2435 err:
2436 CBB_cleanup(&cbb);
2437 SSL_CTX_free(ssl_ctx);
2438 SSL_free(ssl);
2439 free(data);
2440
2441 return (failure);
2442}
2443
2444/*
2445 * Session ticket - RFC 5077 since no known implementations use 4507.
2446 *
2447 * Session tickets can be length 0 (special case) to 2^16-1.
2448 *
2449 * The state is encrypted by the server so it is opaque to the client.
2450 */
2451static uint8_t tlsext_sessionticket_hello_min[1];
2452static uint8_t tlsext_sessionticket_hello_max[65535];
2453
2454static int
2455test_tlsext_sessionticket_client(void)
2456{
2457 unsigned char *data = NULL;
2458 SSL_CTX *ssl_ctx = NULL;
2459 SSL *ssl = NULL;
2460 const struct tls_extension_funcs *client_funcs;
2461 const struct tls_extension_funcs *server_funcs;
2462 int failure;
2463 CBB cbb;
2464 size_t dlen;
2465 uint8_t dummy[1234];
2466
2467 failure = 1;
2468
2469 if (!CBB_init(&cbb, 0))
2470 errx(1, "Failed to create CBB");
2471
2472 /* Create fake session tickets with random data. */
2473 arc4random_buf(tlsext_sessionticket_hello_min,
2474 sizeof(tlsext_sessionticket_hello_min));
2475 arc4random_buf(tlsext_sessionticket_hello_max,
2476 sizeof(tlsext_sessionticket_hello_max));
2477
2478 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2479 errx(1, "failed to create SSL_CTX");
2480 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2481 errx(1, "failed to create SSL");
2482
2483 if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs,
2484 &server_funcs))
2485 errx(1, "failed to fetch session ticket funcs");
2486
2487 /* Should need a ticket by default. */
2488 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2489 FAIL("client should need Sessionticket for default "
2490 "ciphers\n");
2491 goto err;
2492 }
2493
2494 /* Test disabling tickets. */
2495 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2496 FAIL("Cannot disable tickets in the TLS connection\n");
2497 goto err;
2498 }
2499 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2500 FAIL("client should not need SessionTicket if it was disabled\n");
2501 goto err;
2502 }
2503
2504 /* Test re-enabling tickets. */
2505 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2506 FAIL("Cannot re-enable tickets in the TLS connection\n");
2507 goto err;
2508 }
2509 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2510 FAIL("client should need SessionTicket if it was disabled\n");
2511 goto err;
2512 }
2513
2514 /* Since we don't have a session, we should build an empty ticket. */
2515 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2516 FAIL("Cannot build a ticket\n");
2517 goto err;
2518 }
2519 if (!CBB_finish(&cbb, &data, &dlen)) {
2520 FAIL("Cannot finish CBB\n");
2521 goto err;
2522 }
2523 if (dlen != 0) {
2524 FAIL("Expected 0 length but found %zu\n", dlen);
2525 goto err;
2526 }
2527
2528 CBB_cleanup(&cbb);
2529 if (!CBB_init(&cbb, 0))
2530 errx(1, "Failed to create CBB");
2531 free(data);
2532 data = NULL;
2533
2534 /* With a new session (but no ticket), we should still have 0 length */
2535 if ((ssl->session = SSL_SESSION_new()) == NULL)
2536 errx(1, "failed to create session");
2537 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2538 FAIL("Should still want a session ticket with a new session\n");
2539 goto err;
2540 }
2541 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2542 FAIL("Cannot build a ticket\n");
2543 goto err;
2544 }
2545 if (!CBB_finish(&cbb, &data, &dlen)) {
2546 FAIL("Cannot finish CBB\n");
2547 goto err;
2548 }
2549 if (dlen != 0) {
2550 FAIL("Expected 0 length but found %zu\n", dlen);
2551 goto err;
2552 }
2553
2554 CBB_cleanup(&cbb);
2555 if (!CBB_init(&cbb, 0))
2556 errx(1, "Failed to create CBB");
2557 free(data);
2558 data = NULL;
2559
2560 /* With a new session (and ticket), we should use that ticket */
2561 SSL_SESSION_free(ssl->session);
2562 if ((ssl->session = SSL_SESSION_new()) == NULL)
2563 errx(1, "failed to create session");
2564
2565 arc4random_buf(&dummy, sizeof(dummy));
2566 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2567 errx(1, "failed to malloc");
2568 }
2569 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2570 ssl->session->tlsext_ticklen = sizeof(dummy);
2571
2572 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2573 FAIL("Should still want a session ticket with a new session\n");
2574 goto err;
2575 }
2576 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2577 FAIL("Cannot build a ticket\n");
2578 goto err;
2579 }
2580 if (!CBB_finish(&cbb, &data, &dlen)) {
2581 FAIL("Cannot finish CBB\n");
2582 goto err;
2583 }
2584 if (dlen != sizeof(dummy)) {
2585 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2586 goto err;
2587 }
2588 if (memcmp(data, dummy, dlen) != 0) {
2589 FAIL("server SNI differs:\n");
2590 compare_data(data, dlen,
2591 dummy, sizeof(dummy));
2592 goto err;
2593 }
2594
2595 CBB_cleanup(&cbb);
2596 if (!CBB_init(&cbb, 0))
2597 errx(1, "Failed to create CBB");
2598 free(data);
2599 data = NULL;
2600 free(ssl->session->tlsext_tick);
2601 ssl->session->tlsext_tick = NULL;
2602 ssl->session->tlsext_ticklen = 0;
2603
2604 /*
2605 * Send in NULL to disable session tickets at runtime without going
2606 * through SSL_set_options().
2607 */
2608 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2609 FAIL("Could not set a NULL custom ticket\n");
2610 goto err;
2611 }
2612 /* Should not need a ticket in this case */
2613 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2614 FAIL("Should not want to use session tickets with a NULL custom\n");
2615 goto err;
2616 }
2617
2618 /*
2619 * If you want to remove the tlsext_session_ticket behavior, you have
2620 * to do it manually.
2621 */
2622 free(ssl->tlsext_session_ticket);
2623 ssl->tlsext_session_ticket = NULL;
2624
2625 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2626 FAIL("Should need a session ticket again when the custom one is removed\n");
2627 goto err;
2628 }
2629
2630 /* Test a custom session ticket (not recommended in practice) */
2631 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2632 sizeof(tlsext_sessionticket_hello_max))) {
2633 FAIL("Should be able to set a custom ticket\n");
2634 goto err;
2635 }
2636 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2637 FAIL("Should need a session ticket again when the custom one is not empty\n");
2638 goto err;
2639 }
2640 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2641 FAIL("Cannot build a ticket with a max length random payload\n");
2642 goto err;
2643 }
2644 if (!CBB_finish(&cbb, &data, &dlen)) {
2645 FAIL("Cannot finish CBB\n");
2646 goto err;
2647 }
2648 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2649 FAIL("Expected %zu length but found %zu\n",
2650 sizeof(tlsext_sessionticket_hello_max), dlen);
2651 goto err;
2652 }
2653 if (memcmp(data, tlsext_sessionticket_hello_max,
2654 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2655 FAIL("Expected to get what we passed in\n");
2656 compare_data(data, dlen,
2657 tlsext_sessionticket_hello_max,
2658 sizeof(tlsext_sessionticket_hello_max));
2659 goto err;
2660 }
2661
2662 failure = 0;
2663
2664 err:
2665 CBB_cleanup(&cbb);
2666 SSL_CTX_free(ssl_ctx);
2667 SSL_free(ssl);
2668 free(data);
2669
2670 return (failure);
2671}
2672
2673
2674static int
2675test_tlsext_sessionticket_server(void)
2676{
2677 SSL_CTX *ssl_ctx = NULL;
2678 SSL *ssl = NULL;
2679 const struct tls_extension_funcs *client_funcs;
2680 const struct tls_extension_funcs *server_funcs;
2681 int failure;
2682 uint8_t *data = NULL;
2683 size_t dlen;
2684 CBB cbb;
2685
2686 failure = 1;
2687
2688 if (!CBB_init(&cbb, 0))
2689 errx(1, "Failed to create CBB");
2690
2691 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2692 errx(1, "failed to create SSL_CTX");
2693 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2694 errx(1, "failed to create SSL");
2695
2696 if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs,
2697 &server_funcs))
2698 errx(1, "failed to fetch session ticket funcs");
2699
2700 /*
2701 * By default, should not need a session ticket since the ticket
2702 * is not yet expected.
2703 */
2704 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2705 FAIL("server should not need SessionTicket by default\n");
2706 goto err;
2707 }
2708
2709 /* Test disabling tickets. */
2710 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2711 FAIL("Cannot disable tickets in the TLS connection\n");
2712 goto err;
2713 }
2714 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2715 FAIL("server should not need SessionTicket if it was disabled\n");
2716 goto err;
2717 }
2718
2719 /* Test re-enabling tickets. */
2720 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2721 FAIL("Cannot re-enable tickets in the TLS connection\n");
2722 goto err;
2723 }
2724 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2725 FAIL("server should not need SessionTicket yet\n");
2726 goto err;
2727 }
2728
2729 /* Set expected to require it. */
2730 ssl->tlsext_ticket_expected = 1;
2731 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2732 FAIL("server should now be required for SessionTicket\n");
2733 goto err;
2734 }
2735
2736 /* server hello's session ticket should always be 0 length payload. */
2737 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2738 FAIL("Cannot build a ticket with a max length random payload\n");
2739 goto err;
2740 }
2741 if (!CBB_finish(&cbb, &data, &dlen)) {
2742 FAIL("Cannot finish CBB\n");
2743 goto err;
2744 }
2745 if (dlen != 0) {
2746 FAIL("Expected 0 length but found %zu\n", dlen);
2747 goto err;
2748 }
2749
2750 failure = 0;
2751
2752 err:
2753 CBB_cleanup(&cbb);
2754 SSL_CTX_free(ssl_ctx);
2755 SSL_free(ssl);
2756 free(data);
2757
2758 return (failure);
2759}
2760
2761#ifndef OPENSSL_NO_SRTP
2762/*
2763 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2764 */
2765
2766/* Colon separated string values */
2767const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2768const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2769
2770const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2771const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2772
2773const uint8_t tlsext_srtp_single[] = {
2774 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2775 0x00, 0x02, /* len */
2776 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2777 0x00 /* opaque srtp_mki<0..255> */
2778};
2779
2780const uint8_t tlsext_srtp_multiple[] = {
2781 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2782 0x00, 0x04, /* len */
2783 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2784 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2785 0x00 /* opaque srtp_mki<0..255> */
2786};
2787
2788const uint8_t tlsext_srtp_multiple_invalid[] = {
2789 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2790 0x00, 0x04, /* len */
2791 0x00, 0x08, /* arbitrary value not found in known profiles */
2792 0x00, 0x09, /* arbitrary value not found in known profiles */
2793 0x00 /* opaque srtp_mki<0..255> */
2794};
2795
2796const uint8_t tlsext_srtp_single_invalid[] = {
2797 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2798 0x00, 0x02, /* len */
2799 0x00, 0x08, /* arbitrary value not found in known profiles */
2800 0x00 /* opaque srtp_mki<0..255> */
2801};
2802
2803const uint8_t tlsext_srtp_multiple_one_valid[] = {
2804 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2805 0x00, 0x04, /* len */
2806 0x00, 0x08, /* arbitrary value not found in known profiles */
2807 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2808 0x00 /* opaque srtp_mki<0..255> */
2809};
2810
2811static int
2812test_tlsext_srtp_client(void)
2813{
2814 SRTP_PROTECTION_PROFILE *prof;
2815 SSL_CTX *ssl_ctx = NULL;
2816 SSL *ssl = NULL;
2817 const struct tls_extension_funcs *client_funcs;
2818 const struct tls_extension_funcs *server_funcs;
2819 uint8_t *data = NULL;
2820 CBB cbb;
2821 CBS cbs;
2822 int failure, alert;
2823 size_t dlen;
2824
2825 failure = 1;
2826
2827 if (!CBB_init(&cbb, 0))
2828 errx(1, "Failed to create CBB");
2829
2830 /* SRTP is for DTLS */
2831 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2832 errx(1, "failed to create SSL_CTX");
2833 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2834 errx(1, "failed to create SSL");
2835
2836 if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs,
2837 &server_funcs))
2838 errx(1, "failed to fetch srtp funcs");
2839
2840 /* By default, we don't need this */
2841 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2842 FAIL("client should not need SRTP by default\n");
2843 goto err;
2844 }
2845
2846 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2847 FAIL("should be able to set a single SRTP\n");
2848 goto err;
2849 }
2850 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2851 FAIL("client should need SRTP\n");
2852 goto err;
2853 }
2854
2855 /* Make sure we can build the client with a single profile. */
2856
2857 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2858 FAIL("client failed to build SRTP\n");
2859 goto err;
2860 }
2861 if (!CBB_finish(&cbb, &data, &dlen))
2862 errx(1, "failed to finish CBB");
2863
2864 if (dlen != sizeof(tlsext_srtp_single)) {
2865 FAIL("got client SRTP with length %zu, "
2866 "want length %zu\n", dlen,
2867 sizeof(tlsext_srtp_single));
2868 compare_data(data, dlen, tlsext_srtp_single,
2869 sizeof(tlsext_srtp_single));
2870 goto err;
2871 }
2872 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2873 FAIL("client SRTP differs:\n");
2874 compare_data(data, dlen, tlsext_srtp_single,
2875 sizeof(tlsext_srtp_single));
2876 goto err;
2877 }
2878
2879 CBB_cleanup(&cbb);
2880 if (!CBB_init(&cbb, 0))
2881 errx(1, "Failed to create CBB");
2882 free(data);
2883 data = NULL;
2884
2885 /* Make sure we can parse the single profile. */
2886
2887 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2888 FAIL("SRTP profile should not be set yet\n");
2889 goto err;
2890 }
2891
2892 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2893 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2894 FAIL("failed to parse SRTP\n");
2895 goto err;
2896 }
2897 if (CBS_len(&cbs) != 0) {
2898 FAIL("extension data remaining\n");
2899 goto err;
2900 }
2901
2902 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2903 FAIL("SRTP profile should be set now\n");
2904 goto err;
2905 }
2906 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2907 FAIL("SRTP profile was not set properly\n");
2908 goto err;
2909 }
2910
2911 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2912 FAIL("should send server extension when profile selected\n");
2913 goto err;
2914 }
2915
2916 /* Make sure we can build the clienthello with multiple entries. */
2917
2918 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2919 FAIL("should be able to set SRTP to multiple profiles\n");
2920 goto err;
2921 }
2922 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2923 FAIL("client should need SRTP by now\n");
2924 goto err;
2925 }
2926
2927 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2928 FAIL("client failed to build SRTP\n");
2929 goto err;
2930 }
2931 if (!CBB_finish(&cbb, &data, &dlen))
2932 errx(1, "failed to finish CBB");
2933
2934 if (dlen != sizeof(tlsext_srtp_multiple)) {
2935 FAIL("got client SRTP with length %zu, "
2936 "want length %zu\n", dlen,
2937 sizeof(tlsext_srtp_multiple));
2938 compare_data(data, dlen, tlsext_srtp_multiple,
2939 sizeof(tlsext_srtp_multiple));
2940 goto err;
2941 }
2942 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2943 FAIL("client SRTP differs:\n");
2944 compare_data(data, dlen, tlsext_srtp_multiple,
2945 sizeof(tlsext_srtp_multiple));
2946 goto err;
2947 }
2948
2949 CBB_cleanup(&cbb);
2950 if (!CBB_init(&cbb, 0))
2951 errx(1, "Failed to create CBB");
2952 free(data);
2953 data = NULL;
2954
2955 /* Make sure we can parse multiple profiles (selects server preferred) */
2956
2957 ssl->srtp_profile = NULL;
2958
2959 CBS_init(&cbs, tlsext_srtp_multiple,
2960 sizeof(tlsext_srtp_multiple));
2961 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2962 FAIL("failed to parse SRTP\n");
2963 goto err;
2964 }
2965 if (CBS_len(&cbs) != 0) {
2966 FAIL("extension data remaining\n");
2967 goto err;
2968 }
2969
2970 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2971 FAIL("SRTP profile should be set now\n");
2972 goto err;
2973 }
2974 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2975 FAIL("SRTP profile was not set properly\n");
2976 goto err;
2977 }
2978
2979 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2980 FAIL("should send server extension when profile selected\n");
2981 goto err;
2982 }
2983
2984 /*
2985 * Make sure we can parse the clienthello with multiple entries
2986 * where one is unknown.
2987 */
2988 ssl->srtp_profile = NULL;
2989
2990 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2991 sizeof(tlsext_srtp_multiple_one_valid));
2992 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2993 FAIL("failed to parse SRTP\n");
2994 goto err;
2995 }
2996 if (CBS_len(&cbs) != 0) {
2997 FAIL("extension data remaining\n");
2998 goto err;
2999 }
3000
3001 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
3002 FAIL("SRTP profile should be set now\n");
3003 goto err;
3004 }
3005 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
3006 FAIL("SRTP profile was not set properly\n");
3007 goto err;
3008 }
3009
3010 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3011 FAIL("should send server extension when profile selected\n");
3012 goto err;
3013 }
3014
3015 /* Make sure we fall back to negotiated when none work. */
3016
3017 ssl->srtp_profile = NULL;
3018
3019 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
3020 sizeof(tlsext_srtp_multiple_invalid));
3021 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3022 FAIL("should be able to fall back to negotiated\n");
3023 goto err;
3024 }
3025 if (CBS_len(&cbs) != 0) {
3026 FAIL("extension data remaining\n");
3027 goto err;
3028 }
3029
3030 /* If we fallback, the server should NOT send the extension. */
3031 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
3032 FAIL("should not have selected a profile when none found\n");
3033 goto err;
3034 }
3035 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3036 FAIL("should not send server tlsext when no profile found\n");
3037 goto err;
3038 }
3039
3040 failure = 0;
3041
3042 err:
3043 CBB_cleanup(&cbb);
3044 SSL_CTX_free(ssl_ctx);
3045 SSL_free(ssl);
3046 free(data);
3047
3048 return (failure);
3049}
3050
3051static int
3052test_tlsext_srtp_server(void)
3053{
3054 const SRTP_PROTECTION_PROFILE *prof;
3055 SSL_CTX *ssl_ctx = NULL;
3056 SSL *ssl = NULL;
3057 const struct tls_extension_funcs *client_funcs;
3058 const struct tls_extension_funcs *server_funcs;
3059 uint8_t *data = NULL;
3060 CBB cbb;
3061 CBS cbs;
3062 int failure, alert;
3063 size_t dlen;
3064
3065 failure = 1;
3066
3067 if (!CBB_init(&cbb, 0))
3068 errx(1, "Failed to create CBB");
3069
3070 /* SRTP is for DTLS */
3071 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
3072 errx(1, "failed to create SSL_CTX");
3073 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3074 errx(1, "failed to create SSL");
3075
3076 if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs,
3077 &server_funcs))
3078 errx(1, "failed to fetch srtp funcs");
3079
3080 /* By default, we don't need this */
3081 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3082 FAIL("server should not need SRTP by default\n");
3083 goto err;
3084 }
3085
3086 if (srtp_find_profile_by_name(tlsext_srtp_aes128cmsha80, &prof,
3087 strlen(tlsext_srtp_aes128cmsha80))) {
3088 FAIL("should be able to find the given profile\n");
3089 goto err;
3090 }
3091 ssl->srtp_profile = prof;
3092 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3093 FAIL("server should need SRTP by now\n");
3094 goto err;
3095 }
3096
3097 /* Make sure we can build the server with a single profile. */
3098
3099 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3100 FAIL("server failed to build SRTP\n");
3101 goto err;
3102 }
3103 if (!CBB_finish(&cbb, &data, &dlen))
3104 errx(1, "failed to finish CBB");
3105
3106 if (dlen != sizeof(tlsext_srtp_single)) {
3107 FAIL("got server SRTP with length %zu, "
3108 "want length %zu\n", dlen,
3109 sizeof(tlsext_srtp_single));
3110 compare_data(data, dlen, tlsext_srtp_single,
3111 sizeof(tlsext_srtp_single));
3112 goto err;
3113 }
3114 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
3115 FAIL("server SRTP differs:\n");
3116 compare_data(data, dlen, tlsext_srtp_single,
3117 sizeof(tlsext_srtp_single));
3118 goto err;
3119 }
3120
3121 CBB_cleanup(&cbb);
3122 if (!CBB_init(&cbb, 0))
3123 errx(1, "Failed to create CBB");
3124 free(data);
3125 data = NULL;
3126
3127 /* Make sure we can parse the single profile. */
3128 ssl->srtp_profile = NULL;
3129
3130 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
3131 FAIL("SRTP profile should not be set yet\n");
3132 goto err;
3133 }
3134
3135 /* Setup the environment as if a client sent a list of profiles. */
3136 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
3137 FAIL("should be able to set multiple profiles in SRTP\n");
3138 goto err;
3139 }
3140
3141 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
3142 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3143 FAIL("failed to parse SRTP\n");
3144 goto err;
3145 }
3146 if (CBS_len(&cbs) != 0) {
3147 FAIL("extension data remaining\n");
3148 goto err;
3149 }
3150
3151 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
3152 FAIL("SRTP profile should be set now\n");
3153 goto err;
3154 }
3155 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
3156 FAIL("SRTP profile was not set properly\n");
3157 goto err;
3158 }
3159
3160 /* Make sure we cannot parse multiple profiles */
3161 ssl->srtp_profile = NULL;
3162
3163 CBS_init(&cbs, tlsext_srtp_multiple,
3164 sizeof(tlsext_srtp_multiple));
3165 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3166 FAIL("should not find multiple entries from the server\n");
3167 goto err;
3168 }
3169
3170 /* Make sure we cannot parse a server with unknown profile */
3171 ssl->srtp_profile = NULL;
3172
3173 CBS_init(&cbs, tlsext_srtp_single_invalid,
3174 sizeof(tlsext_srtp_single_invalid));
3175 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3176 FAIL("should not be able to parse this\n");
3177 goto err;
3178 }
3179
3180 failure = 0;
3181
3182 err:
3183 CBB_cleanup(&cbb);
3184 SSL_CTX_free(ssl_ctx);
3185 SSL_free(ssl);
3186 free(data);
3187
3188 return (failure);
3189}
3190#endif /* OPENSSL_NO_SRTP */
3191
3192static const unsigned char tlsext_clienthello_default[] = {
3193 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
3194 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
3195 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
3196 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16,
3197 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05,
3198 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
3199 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
3200};
3201
3202/* An empty array is an incomplete type and sizeof() is undefined. */
3203static const unsigned char tlsext_clienthello_disabled[] = {
3204 0x00,
3205};
3206static size_t tlsext_clienthello_disabled_len = 0;
3207
3208static int
3209test_tlsext_clienthello_build(void)
3210{
3211 unsigned char *data = NULL;
3212 SSL_CTX *ssl_ctx = NULL;
3213 SSL *ssl = NULL;
3214 const struct tls_extension_funcs *client_funcs;
3215 const struct tls_extension_funcs *server_funcs;
3216 size_t dlen;
3217 int failure;
3218 CBB cbb;
3219
3220 failure = 1;
3221
3222 if (!CBB_init(&cbb, 0))
3223 errx(1, "failed to create CBB");
3224
3225 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
3226 FAIL("failed to create SSL_CTX");
3227 goto err;
3228 }
3229
3230 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
3231 FAIL("failed to create SSL");
3232 goto err;
3233 }
3234
3235 if (!tlsext_linearize_build_order(ssl)) {
3236 FAIL("failed to linearize build order");
3237 goto err;
3238 }
3239
3240 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3241 &server_funcs))
3242 errx(1, "failed to fetch supported versions funcs");
3243
3244 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3245 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3246
3247 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3248 FAIL("failed to build clienthello extensions\n");
3249 goto err;
3250 }
3251 if (!CBB_finish(&cbb, &data, &dlen)) {
3252 FAIL("failed to finish CBB");
3253 goto err;
3254 }
3255
3256 if (dlen != sizeof(tlsext_clienthello_default)) {
3257 FAIL("got clienthello extensions with length %zu, "
3258 "want length %zu\n", dlen,
3259 sizeof(tlsext_clienthello_default));
3260 compare_data(data, dlen, tlsext_clienthello_default,
3261 sizeof(tlsext_clienthello_default));
3262 goto err;
3263 }
3264 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
3265 FAIL("clienthello extensions differs:\n");
3266 compare_data(data, dlen, tlsext_clienthello_default,
3267 sizeof(tlsext_clienthello_default));
3268 goto err;
3269 }
3270
3271 free(data);
3272 data = NULL;
3273 CBB_cleanup(&cbb);
3274 if (!CBB_init(&cbb, 0))
3275 errx(1, "Failed to create CBB");
3276
3277 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
3278 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3279 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
3280 FAIL("failed to set cipher list\n");
3281 goto err;
3282 }
3283 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
3284 FAIL("failed to disable session tickets\n");
3285 goto err;
3286 }
3287
3288 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3289 FAIL("failed to build clienthello extensions\n");
3290 goto err;
3291 }
3292 if (!CBB_finish(&cbb, &data, &dlen)) {
3293 FAIL("failed to finish CBB");
3294 goto err;
3295 }
3296
3297 if (dlen != tlsext_clienthello_disabled_len) {
3298 FAIL("got clienthello extensions with length %zu, "
3299 "want length %zu\n", dlen,
3300 tlsext_clienthello_disabled_len);
3301 compare_data(data, dlen, tlsext_clienthello_disabled,
3302 tlsext_clienthello_disabled_len);
3303 goto err;
3304 }
3305 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
3306 FAIL("clienthello extensions differs:\n");
3307 compare_data(data, dlen, tlsext_clienthello_disabled,
3308 tlsext_clienthello_disabled_len);
3309 goto err;
3310 }
3311
3312 failure = 0;
3313
3314 err:
3315 CBB_cleanup(&cbb);
3316 SSL_CTX_free(ssl_ctx);
3317 SSL_free(ssl);
3318 free(data);
3319
3320 return (failure);
3321}
3322
3323unsigned char tlsext_serverhello_default[] = {
3324 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
3325};
3326
3327unsigned char tlsext_serverhello_enabled[] = {
3328 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
3329 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23,
3330 0x00, 0x00,
3331};
3332
3333static int
3334test_tlsext_serverhello_build(void)
3335{
3336 unsigned char *data = NULL;
3337 SSL_CTX *ssl_ctx = NULL;
3338 SSL *ssl = NULL;
3339 size_t dlen;
3340 int failure;
3341 CBB cbb;
3342
3343 failure = 1;
3344
3345 if (!CBB_init(&cbb, 0))
3346 errx(1, "failed to create CBB");
3347
3348 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) {
3349 FAIL("failed to create SSL_CTX");
3350 goto err;
3351 }
3352 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
3353 FAIL("failed to create SSL");
3354 goto err;
3355 }
3356 if (!tlsext_linearize_build_order(ssl)) {
3357 FAIL("failed to linearize build order");
3358 goto err;
3359 }
3360 if ((ssl->session = SSL_SESSION_new()) == NULL) {
3361 FAIL("failed to create session");
3362 goto err;
3363 }
3364
3365 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3366 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3367 ssl->s3->hs.cipher =
3368 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
3369
3370 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3371 FAIL("failed to build serverhello extensions\n");
3372 goto err;
3373 }
3374 if (!CBB_finish(&cbb, &data, &dlen)) {
3375 FAIL("failed to finish CBB");
3376 goto err;
3377 }
3378
3379 if (dlen != sizeof(tlsext_serverhello_default)) {
3380 FAIL("got serverhello extensions with length %zu, "
3381 "want length %zu\n", dlen,
3382 sizeof(tlsext_serverhello_default));
3383 compare_data(data, dlen, tlsext_serverhello_default,
3384 sizeof(tlsext_serverhello_default));
3385 goto err;
3386 }
3387 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
3388 FAIL("serverhello extensions differs:\n");
3389 compare_data(data, dlen, tlsext_serverhello_default,
3390 sizeof(tlsext_serverhello_default));
3391 goto err;
3392 }
3393
3394 CBB_cleanup(&cbb);
3395 free(data);
3396 data = NULL;
3397 if (!CBB_init(&cbb, 0))
3398 errx(1, "Failed to create CBB");
3399
3400 /* Turn a few things on so we get extensions... */
3401 ssl->s3->send_connection_binding = 1;
3402 ssl->s3->hs.cipher =
3403 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
3404 ssl->tlsext_status_expected = 1;
3405 ssl->tlsext_ticket_expected = 1;
3406 if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) {
3407 FAIL("malloc failed");
3408 goto err;
3409 }
3410 ssl->session->tlsext_ecpointformatlist_length = 1;
3411 ssl->session->tlsext_ecpointformatlist[0] =
3412 TLSEXT_ECPOINTFORMAT_uncompressed;
3413
3414 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3415 FAIL("failed to build serverhello extensions\n");
3416 goto err;
3417 }
3418 if (!CBB_finish(&cbb, &data, &dlen)) {
3419 FAIL("failed to finish CBB");
3420 goto err;
3421 }
3422
3423 if (dlen != sizeof(tlsext_serverhello_enabled)) {
3424 FAIL("got serverhello extensions with length %zu, "
3425 "want length %zu\n", dlen,
3426 sizeof(tlsext_serverhello_enabled));
3427 compare_data(data, dlen, tlsext_serverhello_enabled,
3428 sizeof(tlsext_serverhello_enabled));
3429 goto err;
3430 }
3431 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
3432 FAIL("serverhello extensions differs:\n");
3433 compare_data(data, dlen, tlsext_serverhello_enabled,
3434 sizeof(tlsext_serverhello_enabled));
3435 goto err;
3436 }
3437
3438 failure = 0;
3439
3440 err:
3441 CBB_cleanup(&cbb);
3442 SSL_CTX_free(ssl_ctx);
3443 SSL_free(ssl);
3444 free(data);
3445
3446 return (failure);
3447}
3448
3449const unsigned char tlsext_versions_client[] = {
3450 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
3451 0x02, 0x03, 0x01,
3452};
3453
3454const unsigned char tlsext_versions_server[] = {
3455 0x03, 0x04,
3456};
3457
3458static int
3459test_tlsext_versions_client(void)
3460{
3461 unsigned char *data = NULL;
3462 SSL_CTX *ssl_ctx = NULL;
3463 SSL *ssl = NULL;
3464 const struct tls_extension_funcs *client_funcs;
3465 const struct tls_extension_funcs *server_funcs;
3466 int failure;
3467 size_t dlen;
3468 int alert;
3469 CBB cbb;
3470 CBS cbs;
3471
3472 failure = 1;
3473
3474 if (!CBB_init(&cbb, 0))
3475 errx(1, "Failed to create CBB");
3476
3477 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3478 errx(1, "failed to create SSL_CTX");
3479 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3480 errx(1, "failed to create SSL");
3481
3482 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3483 &server_funcs))
3484 errx(1, "failed to fetch supported versions funcs");
3485
3486 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3487
3488 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3489 FAIL("client should not need versions\n");
3490 goto done;
3491 }
3492
3493 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3494
3495 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3496 FAIL("client should not need versions\n");
3497 goto done;
3498 }
3499
3500 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3501
3502 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3503 FAIL("client should need versions\n");
3504 goto done;
3505 }
3506
3507 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3508 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3509
3510 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3511 FAIL("client should have built versions\n");
3512 goto done;
3513 }
3514
3515 if (!CBB_finish(&cbb, &data, &dlen)) {
3516 FAIL("failed to finish CBB\n");
3517 goto done;
3518 }
3519
3520 if (dlen != sizeof(tlsext_versions_client)) {
3521 FAIL("got versions with length %zu, "
3522 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
3523 goto done;
3524 }
3525
3526 CBS_init(&cbs, data, dlen);
3527 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3528 FAIL("failed to parse client versions\n");
3529 goto done;
3530 }
3531 if (CBS_len(&cbs) != 0) {
3532 FAIL("extension data remaining\n");
3533 goto done;
3534 }
3535
3536 failure = 0;
3537
3538 done:
3539 CBB_cleanup(&cbb);
3540 SSL_CTX_free(ssl_ctx);
3541 SSL_free(ssl);
3542 free(data);
3543
3544 return (failure);
3545}
3546
3547static int
3548test_tlsext_versions_server(void)
3549{
3550 unsigned char *data = NULL;
3551 SSL_CTX *ssl_ctx = NULL;
3552 SSL *ssl = NULL;
3553 const struct tls_extension_funcs *client_funcs;
3554 const struct tls_extension_funcs *server_funcs;
3555 int failure;
3556 size_t dlen;
3557 int alert;
3558 CBB cbb;
3559 CBS cbs;
3560
3561 failure = 1;
3562
3563 if (!CBB_init(&cbb, 0))
3564 errx(1, "Failed to create CBB");
3565
3566 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3567 errx(1, "failed to create SSL_CTX");
3568 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3569 errx(1, "failed to create SSL");
3570
3571 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3572 &server_funcs))
3573 errx(1, "failed to fetch supported versions funcs");
3574
3575 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3576
3577 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3578 FAIL("server should not need versions\n");
3579 goto done;
3580 }
3581
3582 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3583
3584 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3585 FAIL("server should need versions\n");
3586 goto done;
3587 }
3588
3589 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3590 FAIL("server should have built versions\n");
3591 goto done;
3592 }
3593
3594 if (!CBB_finish(&cbb, &data, &dlen)) {
3595 FAIL("failed to finish CBB\n");
3596 goto done;
3597 }
3598
3599 if (dlen != sizeof(tlsext_versions_server)) {
3600 FAIL("got versions with length %zu, "
3601 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3602 goto done;
3603 }
3604
3605 CBS_init(&cbs, data, dlen);
3606 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3607 FAIL("failed to parse client versions\n");
3608 goto done;
3609 }
3610 if (CBS_len(&cbs) != 0) {
3611 FAIL("extension data remaining\n");
3612 goto done;
3613 }
3614
3615 failure = 0;
3616
3617 done:
3618 CBB_cleanup(&cbb);
3619 SSL_CTX_free(ssl_ctx);
3620 SSL_free(ssl);
3621 free(data);
3622
3623 return (failure);
3624}
3625
3626const unsigned char tlsext_keyshare_client[] = {
3627 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3628 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3629 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
3630 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
3631 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3632};
3633
3634const unsigned char tlsext_keyshare_server[] = {
3635 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3636 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3637 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3638 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3639 0x76, 0x1e, 0xe8, 0x22
3640};
3641
3642static int
3643test_tlsext_keyshare_client(void)
3644{
3645 unsigned char *data = NULL;
3646 SSL_CTX *ssl_ctx = NULL;
3647 SSL *ssl = NULL;
3648 const struct tls_extension_funcs *client_funcs;
3649 const struct tls_extension_funcs *server_funcs;
3650 int failure;
3651 size_t dlen;
3652 int alert;
3653 CBB cbb;
3654 CBS cbs;
3655
3656 failure = 1;
3657
3658 if (!CBB_init(&cbb, 0))
3659 errx(1, "Failed to create CBB");
3660
3661 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3662 errx(1, "failed to create SSL_CTX");
3663 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3664 errx(1, "failed to create SSL");
3665
3666 if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs,
3667 &server_funcs))
3668 errx(1, "failed to fetch keyshare funcs");
3669
3670 if ((ssl->s3->hs.key_share =
3671 tls_key_share_new_nid(NID_X25519)) == NULL)
3672 errx(1, "failed to create key share");
3673 if (!tls_key_share_generate(ssl->s3->hs.key_share))
3674 errx(1, "failed to generate key share");
3675
3676 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3677 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3678 FAIL("client should not need keyshare\n");
3679 goto done;
3680 }
3681
3682 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3683 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3684 FAIL("client should need keyshare\n");
3685 goto done;
3686 }
3687
3688 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3689 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3690 FAIL("client should have built keyshare\n");
3691 goto done;
3692 }
3693
3694 if (!CBB_finish(&cbb, &data, &dlen)) {
3695 FAIL("failed to finish CBB\n");
3696 goto done;
3697 }
3698
3699 if (dlen != sizeof(tlsext_keyshare_client)) {
3700 FAIL("got client keyshare with length %zu, "
3701 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
3702 goto done;
3703 }
3704
3705 (ssl)->version = TLS1_3_VERSION;
3706 CBS_init(&cbs, data, dlen);
3707
3708 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3709 FAIL("failed to parse client keyshare\n");
3710 goto done;
3711 }
3712
3713 if (CBS_len(&cbs) != 0) {
3714 FAIL("extension data remaining\n");
3715 goto done;
3716 }
3717
3718 failure = 0;
3719
3720 done:
3721 CBB_cleanup(&cbb);
3722 SSL_CTX_free(ssl_ctx);
3723 SSL_free(ssl);
3724 free(data);
3725
3726 return (failure);
3727}
3728
3729static const uint8_t bogokey[] = {
3730 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3731 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3732 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3733 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22,
3734};
3735
3736static int
3737test_tlsext_keyshare_server(void)
3738{
3739 unsigned char *data = NULL;
3740 SSL_CTX *ssl_ctx = NULL;
3741 SSL *ssl = NULL;
3742 const struct tls_extension_funcs *client_funcs;
3743 const struct tls_extension_funcs *server_funcs;
3744 int decode_error;
3745 int failure;
3746 size_t dlen, idx;
3747 int alert;
3748 CBB cbb;
3749 CBS cbs;
3750
3751 failure = 1;
3752
3753 if (!CBB_init(&cbb, 0))
3754 errx(1, "Failed to create CBB");
3755
3756 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3757 errx(1, "failed to create SSL_CTX");
3758 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3759 errx(1, "failed to create SSL");
3760
3761 if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs,
3762 &server_funcs))
3763 errx(1, "failed to fetch keyshare funcs");
3764
3765 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3766 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3767 FAIL("server should not need keyshare\n");
3768 goto done;
3769 }
3770
3771 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3772 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3773 FAIL("client should not need keyshare\n");
3774 goto done;
3775 }
3776
3777 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) {
3778 FAIL("failed to find keyshare extension\n");
3779 goto done;
3780 }
3781 ssl->s3->hs.extensions_seen |= (1 << idx);
3782
3783 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3784 FAIL("server should need keyshare\n");
3785 goto done;
3786 }
3787
3788 if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3789 FAIL("server should not have built a keyshare response\n");
3790 goto done;
3791 }
3792
3793 if ((ssl->s3->hs.key_share =
3794 tls_key_share_new_nid(NID_X25519)) == NULL) {
3795 FAIL("failed to create key share");
3796 goto done;
3797 }
3798
3799 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3800 FAIL("failed to generate key share");
3801 goto done;
3802 }
3803
3804 CBS_init(&cbs, bogokey, sizeof(bogokey));
3805
3806 if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs,
3807 &decode_error, NULL)) {
3808 FAIL("failed to load peer public key\n");
3809 goto done;
3810 }
3811
3812 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3813 FAIL("server should be able to build a keyshare response\n");
3814 goto done;
3815 }
3816
3817 if (!CBB_finish(&cbb, &data, &dlen)) {
3818 FAIL("failed to finish CBB\n");
3819 goto done;
3820 }
3821
3822 if (dlen != sizeof(tlsext_keyshare_server)) {
3823 FAIL("got server keyshare with length %zu, "
3824 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3825 goto done;
3826 }
3827
3828 tls_key_share_free(ssl->s3->hs.key_share);
3829
3830 if ((ssl->s3->hs.key_share =
3831 tls_key_share_new_nid(NID_X25519)) == NULL) {
3832 FAIL("failed to create key share");
3833 goto done;
3834 }
3835 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3836 FAIL("failed to generate key share");
3837 goto done;
3838 }
3839
3840 CBS_init(&cbs, data, dlen);
3841
3842 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3843 FAIL("failed to parse server keyshare\n");
3844 goto done;
3845 }
3846
3847 if (CBS_len(&cbs) != 0) {
3848 FAIL("extension data remaining\n");
3849 goto done;
3850 }
3851
3852 failure = 0;
3853
3854done:
3855 CBB_cleanup(&cbb);
3856 SSL_CTX_free(ssl_ctx);
3857 SSL_free(ssl);
3858 free(data);
3859
3860 return (failure);
3861}
3862
3863/* One day I hope to be the only Muppet in this codebase */
3864const uint8_t cookie[] = "\n"
3865 " (o)(o) \n"
3866 " m' 'm \n"
3867 " M -****- M \n"
3868 " 'm m' \n"
3869 " m''''''''''m \n"
3870 " M M BB \n";
3871
3872static int
3873test_tlsext_cookie_client(void)
3874{
3875 unsigned char *data = NULL;
3876 SSL_CTX *ssl_ctx = NULL;
3877 SSL *ssl = NULL;
3878 const struct tls_extension_funcs *client_funcs;
3879 const struct tls_extension_funcs *server_funcs;
3880 int failure;
3881 size_t dlen;
3882 int alert;
3883 CBB cbb;
3884 CBS cbs;
3885
3886 failure = 1;
3887
3888 if (!CBB_init(&cbb, 0))
3889 errx(1, "Failed to create CBB");
3890
3891 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3892 errx(1, "failed to create SSL_CTX");
3893 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3894 errx(1, "failed to create SSL");
3895
3896 if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs,
3897 &server_funcs))
3898 errx(1, "failed to fetch cookie funcs");
3899
3900 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3901 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3902 FAIL("client should not need cookie\n");
3903 goto done;
3904 }
3905
3906
3907 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3908 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3909 FAIL("client should not need cookie\n");
3910 goto done;
3911 }
3912
3913 /* Normally would be set by receiving a server cookie in an HRR */
3914 ssl->s3->hs.tls13.cookie = strdup(cookie);
3915 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
3916
3917 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3918 FAIL("client should need cookie\n");
3919 goto done;
3920 }
3921
3922 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3923 FAIL("client should have built a cookie response\n");
3924 goto done;
3925 }
3926
3927 if (!CBB_finish(&cbb, &data, &dlen)) {
3928 FAIL("failed to finish CBB\n");
3929 goto done;
3930 }
3931
3932 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3933 FAIL("got cookie with length %zu, "
3934 "want length %zu\n", dlen, strlen(cookie) +
3935 sizeof(uint16_t));
3936 goto done;
3937 }
3938
3939 CBS_init(&cbs, data, dlen);
3940
3941 /* Checks cookie against what's in the hs.tls13 */
3942 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3943 FAIL("failed to parse client cookie\n");
3944 goto done;
3945 }
3946
3947 if (CBS_len(&cbs) != 0) {
3948 FAIL("extension data remaining\n");
3949 goto done;
3950 }
3951
3952 failure = 0;
3953
3954 done:
3955 CBB_cleanup(&cbb);
3956 SSL_CTX_free(ssl_ctx);
3957 SSL_free(ssl);
3958 free(data);
3959
3960 return (failure);
3961}
3962
3963static int
3964test_tlsext_cookie_server(void)
3965{
3966 unsigned char *data = NULL;
3967 SSL_CTX *ssl_ctx = NULL;
3968 SSL *ssl = NULL;
3969 const struct tls_extension_funcs *client_funcs;
3970 const struct tls_extension_funcs *server_funcs;
3971 int failure;
3972 size_t dlen;
3973 int alert;
3974 CBB cbb;
3975 CBS cbs;
3976
3977 failure = 1;
3978
3979 if (!CBB_init(&cbb, 0))
3980 errx(1, "Failed to create CBB");
3981
3982 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3983 errx(1, "failed to create SSL_CTX");
3984 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3985 errx(1, "failed to create SSL");
3986
3987 if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs,
3988 &server_funcs))
3989 errx(1, "failed to fetch cookie funcs");
3990
3991 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3992 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3993 FAIL("server should not need cookie\n");
3994 goto done;
3995 }
3996
3997 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3998 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3999 FAIL("server should not need cookie\n");
4000 goto done;
4001 }
4002
4003 /* Normally would be set by server before sending HRR */
4004 ssl->s3->hs.tls13.cookie = strdup(cookie);
4005 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
4006
4007 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) {
4008 FAIL("server should need cookie\n");
4009 goto done;
4010 }
4011
4012 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) {
4013 FAIL("server should have built a cookie response\n");
4014 goto done;
4015 }
4016
4017 if (!CBB_finish(&cbb, &data, &dlen)) {
4018 FAIL("failed to finish CBB\n");
4019 goto done;
4020 }
4021
4022 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
4023 FAIL("got cookie with length %zu, "
4024 "want length %zu\n", dlen, strlen(cookie) +
4025 sizeof(uint16_t));
4026 goto done;
4027 }
4028
4029 CBS_init(&cbs, data, dlen);
4030
4031 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
4032 FAIL("client should not have parsed server cookie\n");
4033 goto done;
4034 }
4035
4036 freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len);
4037 ssl->s3->hs.tls13.cookie = NULL;
4038 ssl->s3->hs.tls13.cookie_len = 0;
4039
4040 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
4041 FAIL("failed to parse server cookie\n");
4042 goto done;
4043 }
4044
4045 if (memcmp(cookie, ssl->s3->hs.tls13.cookie,
4046 ssl->s3->hs.tls13.cookie_len) != 0) {
4047 FAIL("parsed server cookie does not match sent cookie\n");
4048 goto done;
4049 }
4050
4051 if (CBS_len(&cbs) != 0) {
4052 FAIL("extension data remaining\n");
4053 goto done;
4054 }
4055
4056 failure = 0;
4057
4058done:
4059 CBB_cleanup(&cbb);
4060 SSL_CTX_free(ssl_ctx);
4061 SSL_free(ssl);
4062 free(data);
4063
4064 return (failure);
4065}
4066
4067const uint8_t tlsext_default_psk_modes[] = {
4068 0x01, 0x01,
4069};
4070
4071const uint8_t tlsext_psk_only_mode[] = {
4072 0x01, 0x00,
4073};
4074
4075const uint8_t tlsext_psk_both_modes[] = {
4076 0x02, 0x00, 0x01,
4077};
4078
4079static int
4080test_tlsext_psk_modes_client(void)
4081{
4082 SSL_CTX *ssl_ctx = NULL;
4083 SSL *ssl = NULL;
4084 const struct tls_extension_funcs *client_funcs;
4085 const struct tls_extension_funcs *server_funcs;
4086 int failure;
4087 uint8_t *data = NULL;
4088 size_t dlen;
4089 CBB cbb;
4090 CBS cbs;
4091 int alert;
4092
4093 failure = 1;
4094
4095 if (!CBB_init(&cbb, 0))
4096 errx(1, "Failed to create CBB");
4097
4098 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
4099 errx(1, "failed to create SSL_CTX");
4100 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4101 errx(1, "failed to create SSL");
4102
4103 if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs,
4104 &server_funcs))
4105 errx(1, "failed to fetch psk funcs");
4106
4107 /* Disabled by default. */
4108 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4109 FAIL("client should not need psk kex modes by default\n");
4110 goto err;
4111 }
4112
4113 /*
4114 * Prerequisites: use_psk_dhe_ke flag is set and
4115 * our_max_tls_version >= TLSv1.3.
4116 */
4117
4118 ssl->s3->hs.tls13.use_psk_dhe_ke = 1;
4119 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
4120
4121 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4122 FAIL("client should not need psk kex modes with TLSv1.2\n");
4123 goto err;
4124 }
4125
4126 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4127 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4128
4129 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4130 FAIL("client should not need psk kex modes without "
4131 "use_psk_dhe_ke\n");
4132 goto err;
4133 }
4134
4135 ssl->s3->hs.tls13.use_psk_dhe_ke = 1;
4136 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4137
4138 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4139 FAIL("client should need psk kex modes with TLSv1.3\n");
4140 goto err;
4141 }
4142
4143 /* Make sure we can build psk modes with DHE key establishment. */
4144
4145 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
4146 FAIL("client failed to build psk kex modes\n");
4147 goto err;
4148 }
4149
4150 if (!CBB_finish(&cbb, &data, &dlen))
4151 errx(1, "failed to finish psk kex CBB");
4152
4153 if (dlen != sizeof(tlsext_default_psk_modes)) {
4154 FAIL("got client psk kex modes with length %zu, "
4155 "want length %zu\n", dlen,
4156 sizeof(tlsext_default_psk_modes));
4157 compare_data(data, dlen, tlsext_default_psk_modes,
4158 sizeof(tlsext_default_psk_modes));
4159 goto err;
4160 }
4161 if (memcmp(data, tlsext_default_psk_modes, dlen) != 0) {
4162 FAIL("client psk kex modes differ:\n");
4163 compare_data(data, dlen, tlsext_default_psk_modes,
4164 sizeof(tlsext_default_psk_modes));
4165 goto err;
4166 }
4167
4168 CBB_cleanup(&cbb);
4169 free(data);
4170 data = NULL;
4171
4172 /*
4173 * Make sure we can parse the default psk modes and that use_psk_dhe_ke
4174 * is set after parsing.
4175 */
4176
4177 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4178
4179 CBS_init(&cbs, tlsext_default_psk_modes,
4180 sizeof(tlsext_default_psk_modes));
4181 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4182 FAIL("failed to parse psk kex modes\n");
4183 goto err;
4184 }
4185 if (CBS_len(&cbs) != 0) {
4186 FAIL("extension data remaining\n");
4187 goto err;
4188 }
4189
4190 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) {
4191 FAIL("should have set use_psk_dhe_ke\n");
4192 goto err;
4193 }
4194
4195 /*
4196 * Make sure we can parse the psk-only mode and that use_psk_dhe_ke
4197 * is still not set after parsing.
4198 */
4199
4200 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4201
4202 CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode));
4203 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4204 FAIL("failed to parse psk kex modes\n");
4205 goto err;
4206 }
4207 if (CBS_len(&cbs) != 0) {
4208 FAIL("extension data remaining\n");
4209 goto err;
4210 }
4211
4212 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 0) {
4213 FAIL("should not have set use_psk_dhe_ke\n");
4214 goto err;
4215 }
4216
4217 /*
4218 * Make sure we can parse the extension indicating both modes and that
4219 * use_psk_dhe_ke is set after parsing.
4220 */
4221
4222 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4223
4224 CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes));
4225 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4226 FAIL("failed to parse psk kex modes\n");
4227 goto err;
4228 }
4229 if (CBS_len(&cbs) != 0) {
4230 FAIL("extension data remaining\n");
4231 goto err;
4232 }
4233
4234 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) {
4235 FAIL("should have set use_psk_dhe_ke\n");
4236 goto err;
4237 }
4238
4239 failure = 0;
4240
4241 err:
4242 CBB_cleanup(&cbb);
4243 SSL_CTX_free(ssl_ctx);
4244 SSL_free(ssl);
4245 free(data);
4246
4247 return failure;
4248}
4249
4250static int
4251test_tlsext_psk_modes_server(void)
4252{
4253 SSL_CTX *ssl_ctx = NULL;
4254 SSL *ssl = NULL;
4255 const struct tls_extension_funcs *client_funcs;
4256 const struct tls_extension_funcs *server_funcs;
4257 int failure;
4258
4259 failure = 1;
4260
4261 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
4262 errx(1, "failed to create SSL_CTX");
4263 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4264 errx(1, "failed to create SSL");
4265
4266 if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs,
4267 &server_funcs))
4268 errx(1, "failed to fetch psk funcs");
4269
4270 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
4271 FAIL("server should not need psk kex modes\n");
4272 goto err;
4273 }
4274
4275 failure = 0;
4276
4277 err:
4278 SSL_CTX_free(ssl_ctx);
4279 SSL_free(ssl);
4280
4281 return failure;
4282}
4283
4284struct tls_sni_test {
4285 const char *hostname;
4286 int is_ip;
4287 int valid;
4288};
4289
4290static const struct tls_sni_test tls_sni_tests[] = {
4291 {
4292 .hostname = "openbsd.org",
4293 .valid = 1,
4294 },
4295 {
4296 .hostname = "op3nbsd.org",
4297 .valid = 1,
4298 },
4299 {
4300 .hostname = "org",
4301 .valid = 1,
4302 },
4303 {
4304 .hostname = "3openbsd.com",
4305 .valid = 1,
4306 },
4307 {
4308 .hostname = "3-0penb-d.c-m",
4309 .valid = 1,
4310 },
4311 {
4312 .hostname = "a",
4313 .valid = 1,
4314 },
4315 {
4316 .hostname =
4317 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
4318 .valid = 1,
4319 },
4320 {
4321 .hostname =
4322 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4323 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4324 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4325 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4326 .valid = 1,
4327 },
4328 {
4329 .hostname = "openbsd.org.",
4330 .valid = 0,
4331 },
4332 {
4333 .hostname = "openbsd..org",
4334 .valid = 0,
4335 },
4336 {
4337 .hostname = "openbsd.org-",
4338 .valid = 0,
4339 },
4340 {
4341 .hostname =
4342 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
4343 .valid = 0,
4344 },
4345 {
4346 .hostname =
4347 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4348 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4349 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4350 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
4351 .valid = 0,
4352 },
4353 {
4354 .hostname = "-p3nbsd.org",
4355 .valid = 0,
4356 },
4357 {
4358 .hostname = "openbs-.org",
4359 .valid = 0,
4360 },
4361 {
4362 .hostname = "openbsd\n.org",
4363 .valid = 0,
4364 },
4365 {
4366 .hostname = "open_bsd.org",
4367 .valid = 0,
4368 },
4369 {
4370 .hostname = "open\178bsd.org",
4371 .valid = 0,
4372 },
4373 {
4374 .hostname = "open\255bsd.org",
4375 .valid = 0,
4376 },
4377 {
4378 .hostname = "dead::beef",
4379 .is_ip = 1,
4380 .valid = 0,
4381 },
4382 {
4383 .hostname = "192.168.0.1",
4384 .is_ip = 1,
4385 .valid = 0,
4386 },
4387};
4388
4389#define N_TLS_SNI_TESTS (sizeof(tls_sni_tests) / sizeof(*tls_sni_tests))
4390
4391static int
4392test_tlsext_is_valid_hostname(const struct tls_sni_test *tst)
4393{
4394 int failure;
4395 int is_ip;
4396 CBS cbs;
4397
4398 failure = 1;
4399
4400 CBS_init(&cbs, tst->hostname, strlen(tst->hostname));
4401 if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) {
4402 if (tst->valid) {
4403 FAIL("Valid hostname '%s' rejected\n",
4404 tst->hostname);
4405 } else {
4406 FAIL("Invalid hostname '%s' accepted\n",
4407 tst->hostname);
4408 }
4409 goto done;
4410 }
4411 if (tst->is_ip != is_ip) {
4412 if (tst->is_ip) {
4413 FAIL("Hostname '%s' is an IP literal but not "
4414 "identified as one\n", tst->hostname);
4415 } else {
4416 FAIL("Hostname '%s' is not an IP literal but is "
4417 "identified as one\n", tst->hostname);
4418 }
4419 goto done;
4420 }
4421
4422 if (tst->valid) {
4423 CBS_init(&cbs, tst->hostname,
4424 strlen(tst->hostname) + 1);
4425 if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
4426 FAIL("hostname with NUL byte accepted\n");
4427 goto done;
4428 }
4429 }
4430
4431 failure = 0;
4432
4433 done:
4434
4435 return failure;
4436}
4437
4438static int
4439test_tlsext_valid_hostnames(void)
4440{
4441 const struct tls_sni_test *tst;
4442 int failure = 0;
4443 size_t i;
4444
4445 for (i = 0; i < N_TLS_SNI_TESTS; i++) {
4446 tst = &tls_sni_tests[i];
4447 failure |= test_tlsext_is_valid_hostname(tst);
4448 }
4449
4450 return failure;
4451}
4452
4453#define N_TLSEXT_RANDOMIZATION_TESTS 1000
4454
4455static int
4456test_tlsext_check_extension_order(SSL *ssl)
4457{
4458 const struct tls_extension *ext;
4459 uint16_t type;
4460 size_t alpn_idx, sni_idx;
4461 size_t i;
4462
4463 if (ssl->tlsext_build_order_len == 0) {
4464 FAIL("Unexpected zero build order length");
4465 return 1;
4466 }
4467
4468 ext = ssl->tlsext_build_order[ssl->tlsext_build_order_len - 1];
4469 if ((type = tls_extension_type(ext)) != TLSEXT_TYPE_psk) {
4470 FAIL("last extension is %u, want %u\n", type, TLSEXT_TYPE_psk);
4471 return 1;
4472 }
4473
4474 if (ssl->server)
4475 return 0;
4476
4477 alpn_idx = sni_idx = ssl->tlsext_build_order_len;
4478 for (i = 0; i < ssl->tlsext_build_order_len; i++) {
4479 ext = ssl->tlsext_build_order[i];
4480 if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
4481 alpn_idx = i;
4482 if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
4483 sni_idx = i;
4484 }
4485
4486 if (alpn_idx == ssl->tlsext_build_order_len) {
4487 FAIL("could not find alpn extension\n");
4488 return 1;
4489 }
4490
4491 if (sni_idx == ssl->tlsext_build_order_len) {
4492 FAIL("could not find alpn extension\n");
4493 return 1;
4494 }
4495
4496 if (sni_idx >= alpn_idx) {
4497 FAIL("sni does not precede alpn: %zu >= %zu\n",
4498 sni_idx, alpn_idx);
4499 return 1;
4500 }
4501
4502 return 0;
4503}
4504
4505static int
4506test_tlsext_randomized_extensions(SSL *ssl)
4507{
4508 size_t i;
4509 int failed = 0;
4510
4511 for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
4512 if (!tlsext_randomize_build_order(ssl))
4513 errx(1, "failed to randomize extensions");
4514 failed |= test_tlsext_check_extension_order(ssl);
4515 }
4516
4517 return failed;
4518}
4519
4520static int
4521test_tlsext_extension_order(void)
4522{
4523 SSL_CTX *ssl_ctx = NULL;
4524 SSL *ssl = NULL;
4525 int failure;
4526
4527 failure = 0;
4528
4529 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
4530 errx(1, "failed to create SSL_CTX");
4531 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4532 errx(1, "failed to create SSL");
4533
4534 failure |= test_tlsext_randomized_extensions(ssl);
4535
4536 SSL_CTX_free(ssl_ctx);
4537 SSL_free(ssl);
4538
4539 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
4540 errx(1, "failed to create SSL_CTX");
4541 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4542 errx(1, "failed to create SSL");
4543
4544 failure |= test_tlsext_randomized_extensions(ssl);
4545
4546 SSL_CTX_free(ssl_ctx);
4547 SSL_free(ssl);
4548
4549 return failure;
4550}
4551
4552int
4553main(int argc, char **argv)
4554{
4555 int failed = 0;
4556
4557 SSL_library_init();
4558 SSL_load_error_strings();
4559
4560 failed |= test_tlsext_alpn_client();
4561 failed |= test_tlsext_alpn_server();
4562
4563 failed |= test_tlsext_supportedgroups_client();
4564 failed |= test_tlsext_supportedgroups_server();
4565
4566 failed |= test_tlsext_ecpf_client();
4567 failed |= test_tlsext_ecpf_server();
4568
4569 failed |= test_tlsext_ri_client();
4570 failed |= test_tlsext_ri_server();
4571
4572 failed |= test_tlsext_sigalgs_client();
4573
4574 failed |= test_tlsext_sni_client();
4575 failed |= test_tlsext_sni_server();
4576
4577 failed |= test_tlsext_ocsp_client();
4578 failed |= test_tlsext_ocsp_server();
4579
4580 failed |= test_tlsext_sessionticket_client();
4581 failed |= test_tlsext_sessionticket_server();
4582
4583 failed |= test_tlsext_versions_client();
4584 failed |= test_tlsext_versions_server();
4585
4586 failed |= test_tlsext_keyshare_client();
4587 failed |= test_tlsext_keyshare_server();
4588
4589 failed |= test_tlsext_cookie_client();
4590 failed |= test_tlsext_cookie_server();
4591
4592#ifndef OPENSSL_NO_SRTP
4593 failed |= test_tlsext_srtp_client();
4594 failed |= test_tlsext_srtp_server();
4595#else
4596 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
4597#endif
4598
4599 failed |= test_tlsext_psk_modes_client();
4600 failed |= test_tlsext_psk_modes_server();
4601
4602 failed |= test_tlsext_clienthello_build();
4603 failed |= test_tlsext_serverhello_build();
4604
4605 failed |= test_tlsext_valid_hostnames();
4606
4607 failed |= test_tlsext_quic_transport_parameters_client();
4608 failed |= test_tlsext_quic_transport_parameters_server();
4609
4610 failed |= test_tlsext_extension_order();
4611
4612 return (failed);
4613}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-09 19:03:10 +0000