1 files changed, 191 insertions, 34 deletions
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index bda2de9bef..24215f0944 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -23,8 +23,25 @@
 #include <stdio.h>
 #include <string.h>
-#define DTLS_RANDOM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH + 2)
+#define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
-#define SSL3_RANDOM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH + 2)
+#define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2)
+#define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38)
+#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
+#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
+#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)
+static unsigned char cipher_list_dtls1[] = {
+        0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
+        0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
+        0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
+        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
+        0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
+        0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x12,
+        0xc0, 0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d,
+        0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
+        0x00, 0x09, 0x00, 0xff,
+};
 static unsigned char client_hello_dtls1[] = {
        0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -47,6 +64,19 @@ static unsigned char client_hello_dtls1[] = {
        0x23, 0x00, 0x00,
 };
+static unsigned char cipher_list_tls10[] = {
+        0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
+        0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
+        0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
+        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
+        0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
+        0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
+        0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
+        0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
+        0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
+};
 static unsigned char client_hello_tls10[] = {
        0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
        0xc3, 0x03, 0x01, 0x06, 0x6a, 0x3f, 0x0f, 0xf5,
@@ -76,6 +106,19 @@ static unsigned char client_hello_tls10[] = {
        0x00, 0x23, 0x00, 0x00,
 };
+static unsigned char cipher_list_tls11[] = {
+        0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
+        0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
+        0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
+        0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
+        0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
+        0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
+        0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
+        0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+        0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
+        0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
+};
 static unsigned char client_hello_tls11[] = {
        0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
        0xc3, 0x03, 0x02, 0x2f, 0x93, 0x9c, 0x37, 0x16,
@@ -105,6 +148,52 @@ static unsigned char client_hello_tls11[] = {
        0x00, 0x23, 0x00, 0x00,
 };
+static unsigned char cipher_list_tls12_aes[] = {
+        0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
+        0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f,
+        0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38,
+        0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0xff, 0x85,
+        0x00, 0xc4, 0x00, 0xc3, 0x00, 0x88, 0x00, 0x87,
+        0x00, 0x81, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a,
+        0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d,
+        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
+        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
+        0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,
+        0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,
+        0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,
+        0xc0, 0x31, 0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25,
+        0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0x00, 0x07,
+        0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,
+        0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
+        0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,
+        0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
+        0x00, 0xff,
+};
+static unsigned char cipher_list_tls12_chacha[] = {
+        0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0xc0, 0x30,
+        0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
+        0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b,
+        0x00, 0x6a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
+        0x00, 0xc4, 0x00, 0xc3, 0x00, 0x88, 0x00, 0x87,
+        0x00, 0x81, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a,
+        0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d,
+        0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
+        0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
+        0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,
+        0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,
+        0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,
+        0xc0, 0x31, 0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25,
+        0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c,
+        0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0x00, 0x07,
+        0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,
+        0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
+        0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,
+        0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
+        0x00, 0xff,
+};
 static unsigned char client_hello_tls12[] = {
        0x16, 0x03, 0x01, 0x01, 0x3b, 0x01, 0x00, 0x01,
        0x37, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -150,8 +239,7 @@ static unsigned char client_hello_tls12[] = {
 struct client_hello_test {
        const unsigned char *desc;
-        const unsigned char *client_hello;
+        const int protocol;
-        const size_t client_hello_len;
        const size_t random_start;
        const SSL_METHOD *(*ssl_method)(void);
        const long ssl_options;
@@ -160,84 +248,73 @@ struct client_hello_test {
 static struct client_hello_test client_hello_tests[] = {
        {
                .desc = "DTLSv1 client",
-                .client_hello = client_hello_dtls1,
+                .protocol = DTLS1_VERSION,
-                .client_hello_len = sizeof(client_hello_dtls1),
                .random_start = DTLS_RANDOM_OFFSET,
                .ssl_method = DTLSv1_client_method,
        },
        {
                .desc = "TLSv1 client",
-                .client_hello = client_hello_tls10,
+                .protocol = TLS1_VERSION,
-                .client_hello_len = sizeof(client_hello_tls10),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLSv1_client_method,
        },
        {
                .desc = "TLSv1_1 client",
-                .client_hello = client_hello_tls11,
+                .protocol = TLS1_1_VERSION,
-                .client_hello_len = sizeof(client_hello_tls11),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLSv1_1_client_method,
        },
        {
                .desc = "TLSv1_2 client",
-                .client_hello = client_hello_tls12,
+                .protocol = TLS1_2_VERSION,
-                .client_hello_len = sizeof(client_hello_tls12),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLSv1_2_client_method,
        },
        {
                .desc = "SSLv23 default",
-                .client_hello = client_hello_tls12,
+                .protocol = TLS1_2_VERSION,
-                .client_hello_len = sizeof(client_hello_tls12),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = SSLv23_client_method,
                .ssl_options = 0,
        },
        {
                .desc = "SSLv23 (no TLSv1.2)",
-                .client_hello = client_hello_tls11,
+                .protocol = TLS1_1_VERSION,
-                .client_hello_len = sizeof(client_hello_tls11),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = SSLv23_client_method,
                .ssl_options = SSL_OP_NO_TLSv1_2,
        },
        {
                .desc = "SSLv23 (no TLSv1.1)",
-                .client_hello = client_hello_tls10,
+                .protocol = TLS1_VERSION,
-                .client_hello_len = sizeof(client_hello_tls10),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = SSLv23_client_method,
                .ssl_options = SSL_OP_NO_TLSv1_1,
        },
        {
                .desc = "TLS default",
-                .client_hello = client_hello_tls12,
+                .protocol = TLS1_2_VERSION,
-                .client_hello_len = sizeof(client_hello_tls12),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLS_client_method,
                .ssl_options = 0,
        },
        {
                .desc = "TLS (no TLSv1.2)",
-                .client_hello = client_hello_tls11,
+                .protocol = TLS1_1_VERSION,
-                .client_hello_len = sizeof(client_hello_tls11),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLS_client_method,
                .ssl_options = SSL_OP_NO_TLSv1_2,
        },
        {
                .desc = "TLS (no TLSv1.1)",
-                .client_hello = client_hello_tls10,
+                .protocol = TLS1_VERSION,
-                .client_hello_len = sizeof(client_hello_tls10),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLS_client_method,
                .ssl_options = SSL_OP_NO_TLSv1_1,
        },
        {
                .desc = "TLS (no TLSv1.0, no TLSv1.1)",
-                .client_hello = client_hello_tls12,
+                .protocol = TLS1_2_VERSION,
-                .client_hello_len = sizeof(client_hello_tls12),
                .random_start = SSL3_RANDOM_OFFSET,
                .ssl_method = TLS_client_method,
                .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
@@ -258,18 +335,92 @@ hexdump(const unsigned char *buf, size_t len)
        fprintf(stderr, "\n");
 }
+static inline int
+ssl_aes_is_accelerated(void)
+{
+#if defined(__i386__) || defined(__x86_64__)
+        return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
+#else
+        return (0);
+#endif
+}
+static int
+make_client_hello(int protocol, char **out, size_t *outlen)
+{
+        size_t client_hello_len, cipher_list_len, cipher_list_offset;
+        const char *client_hello, *cipher_list;
+        char *p;
+        
+        *out = NULL;
+        *outlen = 0;
+        switch (protocol) {
+        case DTLS1_VERSION:
+                client_hello = client_hello_dtls1;
+                client_hello_len = sizeof(client_hello_dtls1);
+                cipher_list = cipher_list_dtls1;
+                cipher_list_len = sizeof(cipher_list_dtls1);
+                cipher_list_offset = DTLS_CIPHER_OFFSET;
+                break;
+        
+        case TLS1_VERSION:
+                client_hello = client_hello_tls10;
+                client_hello_len = sizeof(client_hello_tls10);
+                cipher_list = cipher_list_tls10;
+                cipher_list_len = sizeof(cipher_list_tls10);
+                cipher_list_offset = SSL3_CIPHER_OFFSET;
+                break;
+        case TLS1_1_VERSION:
+                client_hello = client_hello_tls11;
+                client_hello_len = sizeof(client_hello_tls11);
+                cipher_list = cipher_list_tls11;
+                cipher_list_len = sizeof(cipher_list_tls11);
+                cipher_list_offset = SSL3_CIPHER_OFFSET;
+                break;
+        case TLS1_2_VERSION:
+                client_hello = client_hello_tls12;
+                client_hello_len = sizeof(client_hello_tls12);
+                if (ssl_aes_is_accelerated() == 1)
+                        cipher_list = cipher_list_tls12_aes;
+                else
+                        cipher_list = cipher_list_tls12_chacha;
+                cipher_list_len = sizeof(cipher_list_tls12_chacha);
+                cipher_list_offset = SSL3_CIPHER_OFFSET;
+                break;
+        
+        default:
+                return (-1);
+        }
+        if ((p = malloc(client_hello_len)) == NULL)
+                return (-1);
+        memcpy(p, client_hello, client_hello_len);
+        memcpy(p + cipher_list_offset, cipher_list, cipher_list_len);
+        *out = p;
+        *outlen = client_hello_len;
+        return (0);
+}
 static int
 client_hello_test(int testno, struct client_hello_test *cht)
 {
        BIO *rbio = NULL, *wbio = NULL;
        SSL_CTX *ssl_ctx = NULL;
        SSL *ssl = NULL;
+        char *client_hello = NULL;
+        size_t client_hello_len;
        char *wbuf, rbuf[1];
        int ret = 1;
        size_t i;
        long len;
-        fprintf(stdout, "Test %i - %s\n", testno, cht->desc);
+        fprintf(stderr, "Test %i - %s\n", testno, cht->desc);
        /* Providing a small buf causes *_get_server_hello() to return. */
        if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {
@@ -305,25 +456,29 @@ client_hello_test(int testno, struct client_hello_test *cht)
        len = BIO_get_mem_data(wbio, &wbuf);
-        if ((size_t)len != cht->client_hello_len) {
+        if (make_client_hello(cht->protocol, &client_hello,
+            &client_hello_len) != 0)
+                goto failure;
+        if ((size_t)len != client_hello_len) {
                fprintf(stderr, "FAIL: test returned ClientHello length %li, "
-                    "want %zu\n", len, cht->client_hello_len);
+                    "want %zu\n", len, client_hello_len);
                fprintf(stderr, "received:\n");
                hexdump(wbuf, len);
                goto failure;
        }
-        /* Skip over the client random, since we expect that to differ. */
+        /* We expect the client random to differ. */
        i = cht->random_start + SSL3_RANDOM_SIZE;
-        if (memcmp(cht->client_hello, wbuf, cht->random_start) != 0 ||
+        if (memcmp(client_hello, wbuf, cht->random_start) != 0 ||
-            memcmp(&cht->client_hello[cht->random_start],
+            memcmp(&client_hello[cht->random_start],
                &wbuf[cht->random_start], SSL3_RANDOM_SIZE) == 0 ||
-            memcmp(&cht->client_hello[i], &wbuf[i], len - i) != 0) {
+            memcmp(&client_hello[i], &wbuf[i], len - i) != 0) {
                fprintf(stderr, "FAIL: ClientHello differs:\n");
                fprintf(stderr, "received:\n");
                hexdump(wbuf, len);
                fprintf(stderr, "test data:\n");
-                hexdump(cht->client_hello, cht->client_hello_len);
+                hexdump(client_hello, client_hello_len);
                fprintf(stderr, "\n");
                goto failure;
        }
@@ -340,6 +495,8 @@ failure:
        BIO_free(rbio);
        BIO_free(wbio);
+        free(client_hello);
        return (ret);
 }

diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c index bda2de9bef..24215f0944 100644 --- a/src/regress/lib/libssl/client/clienttest.c +++ b/src/regress/lib/libssl/client/clienttest.c
@@ -23,8 +23,25 @@
23	#include <stdio.h>	23	#include <stdio.h>
24	#include <string.h>	24	#include <string.h>
25		25
26	#define DTLS_RANDOM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH + 2)	26	#define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
27	#define SSL3_RANDOM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH + 2)	27	#define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2)
		28	#define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38)
		29
		30	#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
		31	#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
		32	#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)
		33
		34	static unsigned char cipher_list_dtls1[] = {
		35	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
		36	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
		37	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
		38	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
		39	0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
		40	0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x12,
		41	0xc0, 0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d,
		42	0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,
		43	0x00, 0x09, 0x00, 0xff,
		44	};
28		45
29	static unsigned char client_hello_dtls1[] = {	46	static unsigned char client_hello_dtls1[] = {
30	0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,	47	0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -47,6 +64,19 @@ static unsigned char client_hello_dtls1[] = {
47	0x23, 0x00, 0x00,	64	0x23, 0x00, 0x00,
48	};	65	};
49		66
		67	static unsigned char cipher_list_tls10[] = {
		68	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
		69	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
		70	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
		71	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
		72	0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
		73	0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
		74	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
		75	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
		76	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
		77	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
		78	};
		79
50	static unsigned char client_hello_tls10[] = {	80	static unsigned char client_hello_tls10[] = {
51	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,	81	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
52	0xc3, 0x03, 0x01, 0x06, 0x6a, 0x3f, 0x0f, 0xf5,	82	0xc3, 0x03, 0x01, 0x06, 0x6a, 0x3f, 0x0f, 0xf5,
@@ -76,6 +106,19 @@ static unsigned char client_hello_tls10[] = {
76	0x00, 0x23, 0x00, 0x00,	106	0x00, 0x23, 0x00, 0x00,
77	};	107	};
78		108
		109	static unsigned char cipher_list_tls11[] = {
		110	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,
		111	0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
		112	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,
		113	0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,
		114	0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,
		115	0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
		116	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
		117	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
		118	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
		119	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
		120	};
		121
79	static unsigned char client_hello_tls11[] = {	122	static unsigned char client_hello_tls11[] = {
80	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,	123	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
81	0xc3, 0x03, 0x02, 0x2f, 0x93, 0x9c, 0x37, 0x16,	124	0xc3, 0x03, 0x02, 0x2f, 0x93, 0x9c, 0x37, 0x16,
@@ -105,6 +148,52 @@ static unsigned char client_hello_tls11[] = {
105	0x00, 0x23, 0x00, 0x00,	148	0x00, 0x23, 0x00, 0x00,
106	};	149	};
107		150
		151	static unsigned char cipher_list_tls12_aes[] = {
		152	0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
		153	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f,
		154	0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38,
		155	0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0xff, 0x85,
		156	0x00, 0xc4, 0x00, 0xc3, 0x00, 0x88, 0x00, 0x87,
		157	0x00, 0x81, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a,
		158	0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d,
		159	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
		160	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
		161	0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,
		162	0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,
		163	0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,
		164	0xc0, 0x31, 0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25,
		165	0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c,
		166	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0x00, 0x07,
		167	0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,
		168	0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
		169	0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,
		170	0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
		171	0x00, 0xff,
		172	};
		173
		174	static unsigned char cipher_list_tls12_chacha[] = {
		175	0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0xc0, 0x30,
		176	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
		177	0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b,
		178	0x00, 0x6a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
		179	0x00, 0xc4, 0x00, 0xc3, 0x00, 0x88, 0x00, 0x87,
		180	0x00, 0x81, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a,
		181	0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d,
		182	0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
		183	0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
		184	0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,
		185	0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,
		186	0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,
		187	0xc0, 0x31, 0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25,
		188	0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c,
		189	0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0x00, 0x07,
		190	0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,
		191	0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
		192	0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,
		193	0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,
		194	0x00, 0xff,
		195	};
		196
108	static unsigned char client_hello_tls12[] = {	197	static unsigned char client_hello_tls12[] = {
109	0x16, 0x03, 0x01, 0x01, 0x3b, 0x01, 0x00, 0x01,	198	0x16, 0x03, 0x01, 0x01, 0x3b, 0x01, 0x00, 0x01,
110	0x37, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,	199	0x37, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -150,8 +239,7 @@ static unsigned char client_hello_tls12[] = {
150		239
151	struct client_hello_test {	240	struct client_hello_test {
152	const unsigned char *desc;	241	const unsigned char *desc;
153	const unsigned char *client_hello;	242	const int protocol;
154	const size_t client_hello_len;
155	const size_t random_start;	243	const size_t random_start;
156	const SSL_METHOD (ssl_method)(void);	244	const SSL_METHOD (ssl_method)(void);
157	const long ssl_options;	245	const long ssl_options;
@@ -160,84 +248,73 @@ struct client_hello_test {
160	static struct client_hello_test client_hello_tests[] = {	248	static struct client_hello_test client_hello_tests[] = {
161	{	249	{
162	.desc = "DTLSv1 client",	250	.desc = "DTLSv1 client",
163	.client_hello = client_hello_dtls1,	251	.protocol = DTLS1_VERSION,
164	.client_hello_len = sizeof(client_hello_dtls1),
165	.random_start = DTLS_RANDOM_OFFSET,	252	.random_start = DTLS_RANDOM_OFFSET,
166	.ssl_method = DTLSv1_client_method,	253	.ssl_method = DTLSv1_client_method,
167	},	254	},
168	{	255	{
169	.desc = "TLSv1 client",	256	.desc = "TLSv1 client",
170	.client_hello = client_hello_tls10,	257	.protocol = TLS1_VERSION,
171	.client_hello_len = sizeof(client_hello_tls10),
172	.random_start = SSL3_RANDOM_OFFSET,	258	.random_start = SSL3_RANDOM_OFFSET,
173	.ssl_method = TLSv1_client_method,	259	.ssl_method = TLSv1_client_method,
174	},	260	},
175	{	261	{
176	.desc = "TLSv1_1 client",	262	.desc = "TLSv1_1 client",
177	.client_hello = client_hello_tls11,	263	.protocol = TLS1_1_VERSION,
178	.client_hello_len = sizeof(client_hello_tls11),
179	.random_start = SSL3_RANDOM_OFFSET,	264	.random_start = SSL3_RANDOM_OFFSET,
180	.ssl_method = TLSv1_1_client_method,	265	.ssl_method = TLSv1_1_client_method,
181	},	266	},
182	{	267	{
183	.desc = "TLSv1_2 client",	268	.desc = "TLSv1_2 client",
184	.client_hello = client_hello_tls12,	269	.protocol = TLS1_2_VERSION,
185	.client_hello_len = sizeof(client_hello_tls12),
186	.random_start = SSL3_RANDOM_OFFSET,	270	.random_start = SSL3_RANDOM_OFFSET,
187	.ssl_method = TLSv1_2_client_method,	271	.ssl_method = TLSv1_2_client_method,
188	},	272	},
189	{	273	{
190	.desc = "SSLv23 default",	274	.desc = "SSLv23 default",
191	.client_hello = client_hello_tls12,	275	.protocol = TLS1_2_VERSION,
192	.client_hello_len = sizeof(client_hello_tls12),
193	.random_start = SSL3_RANDOM_OFFSET,	276	.random_start = SSL3_RANDOM_OFFSET,
194	.ssl_method = SSLv23_client_method,	277	.ssl_method = SSLv23_client_method,
195	.ssl_options = 0,	278	.ssl_options = 0,
196	},	279	},
197	{	280	{
198	.desc = "SSLv23 (no TLSv1.2)",	281	.desc = "SSLv23 (no TLSv1.2)",
199	.client_hello = client_hello_tls11,	282	.protocol = TLS1_1_VERSION,
200	.client_hello_len = sizeof(client_hello_tls11),
201	.random_start = SSL3_RANDOM_OFFSET,	283	.random_start = SSL3_RANDOM_OFFSET,
202	.ssl_method = SSLv23_client_method,	284	.ssl_method = SSLv23_client_method,
203	.ssl_options = SSL_OP_NO_TLSv1_2,	285	.ssl_options = SSL_OP_NO_TLSv1_2,
204	},	286	},
205	{	287	{
206	.desc = "SSLv23 (no TLSv1.1)",	288	.desc = "SSLv23 (no TLSv1.1)",
207	.client_hello = client_hello_tls10,	289	.protocol = TLS1_VERSION,
208	.client_hello_len = sizeof(client_hello_tls10),
209	.random_start = SSL3_RANDOM_OFFSET,	290	.random_start = SSL3_RANDOM_OFFSET,
210	.ssl_method = SSLv23_client_method,	291	.ssl_method = SSLv23_client_method,
211	.ssl_options = SSL_OP_NO_TLSv1_1,	292	.ssl_options = SSL_OP_NO_TLSv1_1,
212	},	293	},
213	{	294	{
214	.desc = "TLS default",	295	.desc = "TLS default",
215	.client_hello = client_hello_tls12,	296	.protocol = TLS1_2_VERSION,
216	.client_hello_len = sizeof(client_hello_tls12),
217	.random_start = SSL3_RANDOM_OFFSET,	297	.random_start = SSL3_RANDOM_OFFSET,
218	.ssl_method = TLS_client_method,	298	.ssl_method = TLS_client_method,
219	.ssl_options = 0,	299	.ssl_options = 0,
220	},	300	},
221	{	301	{
222	.desc = "TLS (no TLSv1.2)",	302	.desc = "TLS (no TLSv1.2)",
223	.client_hello = client_hello_tls11,	303	.protocol = TLS1_1_VERSION,
224	.client_hello_len = sizeof(client_hello_tls11),
225	.random_start = SSL3_RANDOM_OFFSET,	304	.random_start = SSL3_RANDOM_OFFSET,
226	.ssl_method = TLS_client_method,	305	.ssl_method = TLS_client_method,
227	.ssl_options = SSL_OP_NO_TLSv1_2,	306	.ssl_options = SSL_OP_NO_TLSv1_2,
228	},	307	},
229	{	308	{
230	.desc = "TLS (no TLSv1.1)",	309	.desc = "TLS (no TLSv1.1)",
231	.client_hello = client_hello_tls10,	310	.protocol = TLS1_VERSION,
232	.client_hello_len = sizeof(client_hello_tls10),
233	.random_start = SSL3_RANDOM_OFFSET,	311	.random_start = SSL3_RANDOM_OFFSET,
234	.ssl_method = TLS_client_method,	312	.ssl_method = TLS_client_method,
235	.ssl_options = SSL_OP_NO_TLSv1_1,	313	.ssl_options = SSL_OP_NO_TLSv1_1,
236	},	314	},
237	{	315	{
238	.desc = "TLS (no TLSv1.0, no TLSv1.1)",	316	.desc = "TLS (no TLSv1.0, no TLSv1.1)",
239	.client_hello = client_hello_tls12,	317	.protocol = TLS1_2_VERSION,
240	.client_hello_len = sizeof(client_hello_tls12),
241	.random_start = SSL3_RANDOM_OFFSET,	318	.random_start = SSL3_RANDOM_OFFSET,
242	.ssl_method = TLS_client_method,	319	.ssl_method = TLS_client_method,
243	.ssl_options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,	320	.ssl_options = SSL_OP_NO_TLSv1 \| SSL_OP_NO_TLSv1_1,
@@ -258,18 +335,92 @@ hexdump(const unsigned char *buf, size_t len)
258	fprintf(stderr, "\n");	335	fprintf(stderr, "\n");
259	}	336	}
260		337
		338	static inline int
		339	ssl_aes_is_accelerated(void)
		340	{
		341	#if defined(__i386__) \|\| defined(__x86_64__)
		342	return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
		343	#else
		344	return (0);
		345	#endif
		346	}
		347
		348	static int
		349	make_client_hello(int protocol, char *out, size_t outlen)
		350	{
		351	size_t client_hello_len, cipher_list_len, cipher_list_offset;
		352	const char client_hello, cipher_list;
		353	char *p;
		354
		355	*out = NULL;
		356	*outlen = 0;
		357
		358	switch (protocol) {
		359	case DTLS1_VERSION:
		360	client_hello = client_hello_dtls1;
		361	client_hello_len = sizeof(client_hello_dtls1);
		362	cipher_list = cipher_list_dtls1;
		363	cipher_list_len = sizeof(cipher_list_dtls1);
		364	cipher_list_offset = DTLS_CIPHER_OFFSET;
		365	break;
		366
		367	case TLS1_VERSION:
		368	client_hello = client_hello_tls10;
		369	client_hello_len = sizeof(client_hello_tls10);
		370	cipher_list = cipher_list_tls10;
		371	cipher_list_len = sizeof(cipher_list_tls10);
		372	cipher_list_offset = SSL3_CIPHER_OFFSET;
		373	break;
		374
		375	case TLS1_1_VERSION:
		376	client_hello = client_hello_tls11;
		377	client_hello_len = sizeof(client_hello_tls11);
		378	cipher_list = cipher_list_tls11;
		379	cipher_list_len = sizeof(cipher_list_tls11);
		380	cipher_list_offset = SSL3_CIPHER_OFFSET;
		381	break;
		382
		383	case TLS1_2_VERSION:
		384	client_hello = client_hello_tls12;
		385	client_hello_len = sizeof(client_hello_tls12);
		386	if (ssl_aes_is_accelerated() == 1)
		387	cipher_list = cipher_list_tls12_aes;
		388	else
		389	cipher_list = cipher_list_tls12_chacha;
		390	cipher_list_len = sizeof(cipher_list_tls12_chacha);
		391	cipher_list_offset = SSL3_CIPHER_OFFSET;
		392	break;
		393
		394	default:
		395	return (-1);
		396	}
		397
		398	if ((p = malloc(client_hello_len)) == NULL)
		399	return (-1);
		400
		401	memcpy(p, client_hello, client_hello_len);
		402	memcpy(p + cipher_list_offset, cipher_list, cipher_list_len);
		403
		404	*out = p;
		405	*outlen = client_hello_len;
		406
		407	return (0);
		408	}
		409
261	static int	410	static int
262	client_hello_test(int testno, struct client_hello_test *cht)	411	client_hello_test(int testno, struct client_hello_test *cht)
263	{	412	{
264	BIO rbio = NULL, wbio = NULL;	413	BIO rbio = NULL, wbio = NULL;
265	SSL_CTX *ssl_ctx = NULL;	414	SSL_CTX *ssl_ctx = NULL;
266	SSL *ssl = NULL;	415	SSL *ssl = NULL;
		416	char *client_hello = NULL;
		417	size_t client_hello_len;
267	char *wbuf, rbuf[1];	418	char *wbuf, rbuf[1];
268	int ret = 1;	419	int ret = 1;
269	size_t i;	420	size_t i;
270	long len;	421	long len;
271		422
272	fprintf(stdout, "Test %i - %s\n", testno, cht->desc);	423	fprintf(stderr, "Test %i - %s\n", testno, cht->desc);
273		424
274	/* Providing a small buf causes _get_server_hello() to return. /	425	/* Providing a small buf causes _get_server_hello() to return. /
275	if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {	426	if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {
@@ -305,25 +456,29 @@ client_hello_test(int testno, struct client_hello_test *cht)
305		456
306	len = BIO_get_mem_data(wbio, &wbuf);	457	len = BIO_get_mem_data(wbio, &wbuf);
307		458
308	if ((size_t)len != cht->client_hello_len) {	459	if (make_client_hello(cht->protocol, &client_hello,
		460	&client_hello_len) != 0)
		461	goto failure;
		462
		463	if ((size_t)len != client_hello_len) {
309	fprintf(stderr, "FAIL: test returned ClientHello length %li, "	464	fprintf(stderr, "FAIL: test returned ClientHello length %li, "
310	"want %zu\n", len, cht->client_hello_len);	465	"want %zu\n", len, client_hello_len);
311	fprintf(stderr, "received:\n");	466	fprintf(stderr, "received:\n");
312	hexdump(wbuf, len);	467	hexdump(wbuf, len);
313	goto failure;	468	goto failure;
314	}	469	}
315		470
316	/* Skip over the client random, since we expect that to differ. */	471	/* We expect the client random to differ. */
317	i = cht->random_start + SSL3_RANDOM_SIZE;	472	i = cht->random_start + SSL3_RANDOM_SIZE;
318	if (memcmp(cht->client_hello, wbuf, cht->random_start) != 0 \|\|	473	if (memcmp(client_hello, wbuf, cht->random_start) != 0 \|\|
319	memcmp(&cht->client_hello[cht->random_start],	474	memcmp(&client_hello[cht->random_start],
320	&wbuf[cht->random_start], SSL3_RANDOM_SIZE) == 0 \|\|	475	&wbuf[cht->random_start], SSL3_RANDOM_SIZE) == 0 \|\|
321	memcmp(&cht->client_hello[i], &wbuf[i], len - i) != 0) {	476	memcmp(&client_hello[i], &wbuf[i], len - i) != 0) {
322	fprintf(stderr, "FAIL: ClientHello differs:\n");	477	fprintf(stderr, "FAIL: ClientHello differs:\n");
323	fprintf(stderr, "received:\n");	478	fprintf(stderr, "received:\n");
324	hexdump(wbuf, len);	479	hexdump(wbuf, len);
325	fprintf(stderr, "test data:\n");	480	fprintf(stderr, "test data:\n");
326	hexdump(cht->client_hello, cht->client_hello_len);	481	hexdump(client_hello, client_hello_len);
327	fprintf(stderr, "\n");	482	fprintf(stderr, "\n");
328	goto failure;	483	goto failure;
329	}	484	}
@@ -340,6 +495,8 @@ failure:
340	BIO_free(rbio);	495	BIO_free(rbio);
341	BIO_free(wbio);	496	BIO_free(wbio);
342		497
		498	free(client_hello);
		499
343	return (ret);	500	return (ret);
344	}	501	}
345		502