This commit was manufactured by cvs2git to create tag 'bluhm_20191119'.bluhm_20191119

author: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
committer: cvs2svn <admin@example.com> 2019-11-19 19:57:05 +0000
commit: e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree: b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libssl/unit/cipher_list.c
parent: ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download: openbsd-bluhm_20191119.tar.gz
openbsd-bluhm_20191119.tar.bz2
openbsd-bluhm_20191119.zip
1 files changed, 0 insertions, 204 deletions
diff --git a/src/regress/lib/libssl/unit/cipher_list.c b/src/regress/lib/libssl/unit/cipher_list.c
deleted file mode 100644
index 70f547abd6..0000000000
--- a/src/regress/lib/libssl/unit/cipher_list.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*      $OpenBSD: cipher_list.c,v 1.9 2018/06/02 16:35:02 jsing Exp $   */
-/*
- * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
- * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-/*
- * Test TLS ssl bytes (aka cipher suites) to cipher list and back.
- *
- * TLSv1.0 - RFC 2246 section 7.4.1.2 (ClientHello struct)
- * TLSv1.1 - RFC 4346 section 7.4.1.2 (ClientHello struct)
- * TLSv1.2 - RFC 5246 section 7.4.1.2 (ClientHello struct)
- *
- * In all of these standards, the relevant structures are:
- *
- * uint8 CipherSuite[2];
- *
- * struct {
- *    ...
- *    CipherSuite cipher_suites<2..2^16-2>
- *    ...
- * } ClientHello;
- */
-#include <openssl/ssl.h>
-#include <stdio.h>
-#include <string.h>
-#include "ssl_locl.h"
-#include "tests.h"
-static uint8_t cipher_bytes[] = {
-        0xcc, 0xa8,     /* ECDHE-ECDSA-CHACHA20-POLY1305 */
-        0xcc, 0xa9,     /* ECDHE-RSA-CHACHA20-POLY1305 */
-        0xcc, 0xaa,     /* DHE-RSA-CHACHA20-POLY1305 */
-        0x00, 0x9c,     /* AES128-GCM-SHA256 */
-        0x00, 0x3d,     /* AES256-SHA256 */
-};
-static uint16_t cipher_values[] = {
-        0xcca8,         /* ECDHE-ECDSA-CHACHA20-POLY1305 */
-        0xcca9,         /* ECDHE-RSA-CHACHA20-POLY1305 */
-        0xccaa,         /* DHE-RSA-CHACHA20-POLY1305 */
-        0x009c,         /* AES128-GCM-SHA256 */
-        0x003d,         /* AES256-SHA256 */
-};
-#define N_CIPHERS (sizeof(cipher_bytes) / 2)
-static int
-ssl_bytes_to_list_alloc(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
-{
-        SSL_CIPHER *cipher;
-        uint16_t value;
-        CBS cbs;
-        int i;
-        CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes));
-        *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
-        CHECK(*ciphers != NULL);
-        CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
-        for (i = 0; i < sk_SSL_CIPHER_num(*ciphers); i++) {
-                cipher = sk_SSL_CIPHER_value(*ciphers, i);
-                CHECK(cipher != NULL);
-                value = SSL_CIPHER_get_value(cipher);
-                CHECK(value == cipher_values[i]);
-        }
-        return 1;
-}
-static int
-ssl_list_to_bytes_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
-{
-        CBB cbb;
-        unsigned char *buf = NULL;
-        size_t buflen, outlen;
-        int ret = 0;
-        /* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
-        CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
-        buflen = sizeof(cipher_bytes) + 2 + 2;
-        CHECK((buf = calloc(1, buflen)) != NULL);
-        CHECK(CBB_init_fixed(&cbb, buf, buflen));
-        CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
-        CHECK(CBB_finish(&cbb, NULL, &outlen));
-        CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
-        CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
-        CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
-        CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);
-        ret = 1;
-err:
-        free(buf);
-        return ret;
-}
-static int
-ssl_list_to_bytes_no_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
-{
-        CBB cbb;
-        unsigned char *buf = NULL;
-        size_t buflen, outlen;
-        int ret = 0;
-        /* Space for cipher bytes and two spare bytes */
-        CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
-        buflen = sizeof(cipher_bytes) + 2;
-        CHECK((buf = calloc(1, buflen)) != NULL);
-        buf[buflen - 2] = 0xfe;
-        buf[buflen - 1] = 0xab;
-        /* Set renegotiate so it doesn't add SCSV */
-        s->internal->renegotiate = 1;
-        CHECK(CBB_init_fixed(&cbb, buf, buflen));
-        CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
-        CHECK(CBB_finish(&cbb, NULL, &outlen));
-        CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
-        CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
-        CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);
-        ret = 1;
-err:
-        free(buf);
-        return ret;
-}
-static int
-ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
-{
-        uint8_t empty_cipher_bytes[] = {0};
-        CBS cbs;
-        sk_SSL_CIPHER_free(*ciphers);
-        /* Invalid length: CipherSuite is 2 bytes so it must be even */
-        CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes) - 1);
-        *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
-        CHECK(*ciphers == NULL);
-        /* Invalid length: cipher_suites must be at least 2 */
-        CBS_init(&cbs, empty_cipher_bytes, sizeof(empty_cipher_bytes));
-        *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
-        CHECK(*ciphers == NULL);
-        return 1;
-}
-int
-main(void)
-{
-        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        SSL_CTX *ctx = NULL;
-        SSL *s = NULL;
-        int rv = 1;
-        SSL_library_init();
-        /* Use TLSv1.2 client to get all ciphers. */
-        CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
-        CHECK_GOTO((s = SSL_new(ctx)) != NULL);
-        if (!ssl_bytes_to_list_alloc(s, &ciphers))
-                goto err;
-        if (!ssl_list_to_bytes_scsv(s, &ciphers))
-                goto err;
-        if (!ssl_list_to_bytes_no_scsv(s, &ciphers))
-                goto err;
-        if (!ssl_bytes_to_list_invalid(s, &ciphers))
-                goto err;
-        rv = 0;
-err:
-        sk_SSL_CIPHER_free(ciphers);
-        SSL_CTX_free(ctx);
-        SSL_free(s);
-        if (!rv)
-                printf("PASS %s\n", __FILE__);
-        
-        return rv;
-}
author	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
committer	cvs2svn <admin@example.com>	2019-11-19 19:57:05 +0000
commit	e9f9eb6198f1757b7c0dfef043fadf1fa8243022 (patch)
tree	b5a648f6ccaf6c1cd9915ddb45503d1fccfeba0e /src/regress/lib/libssl/unit/cipher_list.c
parent	ab72e3a6f7e8d5c71bbba034410468781d5923b6 (diff)
download	openbsd-bluhm_20191119.tar.gz openbsd-bluhm_20191119.tar.bz2 openbsd-bluhm_20191119.zip

diff --git a/src/regress/lib/libssl/unit/cipher_list.c b/src/regress/lib/libssl/unit/cipher_list.c deleted file mode 100644 index 70f547abd6..0000000000 --- a/src/regress/lib/libssl/unit/cipher_list.c +++ /dev/null
@@ -1,204 +0,0 @@
1	/* $OpenBSD: cipher_list.c,v 1.9 2018/06/02 16:35:02 jsing Exp $ */
2	/*
3	* Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
5	*
6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above
8	* copyright notice and this permission notice appear in all copies.
9	*
10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	*/
18
19	/*
20	* Test TLS ssl bytes (aka cipher suites) to cipher list and back.
21	*
22	* TLSv1.0 - RFC 2246 section 7.4.1.2 (ClientHello struct)
23	* TLSv1.1 - RFC 4346 section 7.4.1.2 (ClientHello struct)
24	* TLSv1.2 - RFC 5246 section 7.4.1.2 (ClientHello struct)
25	*
26	* In all of these standards, the relevant structures are:
27	*
28	* uint8 CipherSuite[2];
29	*
30	* struct {
31	* ...
32	* CipherSuite cipher_suites<2..2^16-2>
33	* ...
34	* } ClientHello;
35	*/
36
37	#include <openssl/ssl.h>
38
39	#include <stdio.h>
40	#include <string.h>
41
42	#include "ssl_locl.h"
43
44	#include "tests.h"
45
46	static uint8_t cipher_bytes[] = {
47	0xcc, 0xa8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
48	0xcc, 0xa9, /* ECDHE-RSA-CHACHA20-POLY1305 */
49	0xcc, 0xaa, /* DHE-RSA-CHACHA20-POLY1305 */
50	0x00, 0x9c, /* AES128-GCM-SHA256 */
51	0x00, 0x3d, /* AES256-SHA256 */
52	};
53
54	static uint16_t cipher_values[] = {
55	0xcca8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
56	0xcca9, /* ECDHE-RSA-CHACHA20-POLY1305 */
57	0xccaa, /* DHE-RSA-CHACHA20-POLY1305 */
58	0x009c, /* AES128-GCM-SHA256 */
59	0x003d, /* AES256-SHA256 */
60	};
61
62	#define N_CIPHERS (sizeof(cipher_bytes) / 2)
63
64	static int
65	ssl_bytes_to_list_alloc(SSL s, STACK_OF(SSL_CIPHER) *ciphers)
66	{
67	SSL_CIPHER *cipher;
68	uint16_t value;
69	CBS cbs;
70	int i;
71
72	CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes));
73
74	*ciphers = ssl_bytes_to_cipher_list(s, &cbs);
75	CHECK(*ciphers != NULL);
76	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
77	for (i = 0; i < sk_SSL_CIPHER_num(*ciphers); i++) {
78	cipher = sk_SSL_CIPHER_value(*ciphers, i);
79	CHECK(cipher != NULL);
80	value = SSL_CIPHER_get_value(cipher);
81	CHECK(value == cipher_values[i]);
82	}
83
84	return 1;
85	}
86
87	static int
88	ssl_list_to_bytes_scsv(SSL s, STACK_OF(SSL_CIPHER) *ciphers)
89	{
90	CBB cbb;
91	unsigned char *buf = NULL;
92	size_t buflen, outlen;
93	int ret = 0;
94
95	/* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
96	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
97	buflen = sizeof(cipher_bytes) + 2 + 2;
98	CHECK((buf = calloc(1, buflen)) != NULL);
99
100	CHECK(CBB_init_fixed(&cbb, buf, buflen));
101	CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
102	CHECK(CBB_finish(&cbb, NULL, &outlen));
103
104	CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
105	CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
106	CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
107	CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);
108
109	ret = 1;
110
111	err:
112	free(buf);
113	return ret;
114	}
115
116	static int
117	ssl_list_to_bytes_no_scsv(SSL s, STACK_OF(SSL_CIPHER) *ciphers)
118	{
119	CBB cbb;
120	unsigned char *buf = NULL;
121	size_t buflen, outlen;
122	int ret = 0;
123
124	/* Space for cipher bytes and two spare bytes */
125	CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
126	buflen = sizeof(cipher_bytes) + 2;
127	CHECK((buf = calloc(1, buflen)) != NULL);
128	buf[buflen - 2] = 0xfe;
129	buf[buflen - 1] = 0xab;
130
131	/* Set renegotiate so it doesn't add SCSV */
132	s->internal->renegotiate = 1;
133
134	CHECK(CBB_init_fixed(&cbb, buf, buflen));
135	CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
136	CHECK(CBB_finish(&cbb, NULL, &outlen));
137
138	CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
139	CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
140	CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);
141
142	ret = 1;
143
144	err:
145	free(buf);
146	return ret;
147	}
148
149	static int
150	ssl_bytes_to_list_invalid(SSL s, STACK_OF(SSL_CIPHER) *ciphers)
151	{
152	uint8_t empty_cipher_bytes[] = {0};
153	CBS cbs;
154
155	sk_SSL_CIPHER_free(*ciphers);
156
157	/* Invalid length: CipherSuite is 2 bytes so it must be even */
158	CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes) - 1);
159	*ciphers = ssl_bytes_to_cipher_list(s, &cbs);
160	CHECK(*ciphers == NULL);
161
162	/* Invalid length: cipher_suites must be at least 2 */
163	CBS_init(&cbs, empty_cipher_bytes, sizeof(empty_cipher_bytes));
164	*ciphers = ssl_bytes_to_cipher_list(s, &cbs);
165	CHECK(*ciphers == NULL);
166
167	return 1;
168	}
169
170	int
171	main(void)
172	{
173	STACK_OF(SSL_CIPHER) *ciphers = NULL;
174	SSL_CTX *ctx = NULL;
175	SSL *s = NULL;
176	int rv = 1;
177
178	SSL_library_init();
179
180	/* Use TLSv1.2 client to get all ciphers. */
181	CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
182	CHECK_GOTO((s = SSL_new(ctx)) != NULL);
183
184	if (!ssl_bytes_to_list_alloc(s, &ciphers))
185	goto err;
186	if (!ssl_list_to_bytes_scsv(s, &ciphers))
187	goto err;
188	if (!ssl_list_to_bytes_no_scsv(s, &ciphers))
189	goto err;
190	if (!ssl_bytes_to_list_invalid(s, &ciphers))
191	goto err;
192
193	rv = 0;
194
195	err:
196	sk_SSL_CIPHER_free(ciphers);
197	SSL_CTX_free(ctx);
198	SSL_free(s);
199
200	if (!rv)
201	printf("PASS %s\n", __FILE__);
202
203	return rv;
204	}