summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c1153
1 files changed, 576 insertions, 577 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 4f9e6e29e2..df448924a3 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.5 2017/08/11 20:14:13 doug Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.6 2017/08/11 21:12:39 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -73,382 +73,269 @@ do { \
73} while(0) 73} while(0)
74 74
75/* 75/*
76 * Renegotiation Indication - RFC 5746. 76 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
77 *
78 * This extension is only used by the client.
77 */ 79 */
78 80
79static unsigned char tlsext_ri_prev_client[] = { 81static uint8_t tlsext_ec_clienthello_default[] = {
80 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 82 0x00, 0x06,
81 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 83 0x00, 0x1d, /* X25519 (29) */
84 0x00, 0x17, /* secp256r1 (23) */
85 0x00, 0x18 /* secp384r1 (24) */
82}; 86};
83 87
84static unsigned char tlsext_ri_prev_server[] = { 88static uint16_t tlsext_ec_clienthello_secp384r1_val[] = {
85 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 89 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */
86 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
87}; 90};
88 91static uint8_t tlsext_ec_clienthello_secp384r1[] = {
89static unsigned char tlsext_ri_clienthello[] = { 92 0x00, 0x02,
90 0x10, 93 0x00, 0x18 /* secp384r1 (24) */
91 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
92 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
93}; 94};
94 95
95static unsigned char tlsext_ri_serverhello[] = { 96/* Example from RFC 4492 section 5.1.1 */
96 0x20, 97static uint16_t tlsext_ec_clienthello_nistp192and224_val[] = {
97 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 98 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */
98 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 99 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */
99 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 100};
100 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 101static uint8_t tlsext_ec_clienthello_nistp192and224[] = {
102 0x00, 0x04,
103 0x00, 0x13, /* secp192r1 aka NIST P-192 */
104 0x00, 0x15 /* secp224r1 aka NIST P-224 */
101}; 105};
102 106
103static int 107static int
104test_tlsext_ri_clienthello(void) 108test_tlsext_ec_clienthello(void)
105{ 109{
106 unsigned char *data = NULL; 110 unsigned char *data = NULL;
107 SSL_CTX *ssl_ctx = NULL; 111 SSL_CTX *ssl_ctx = NULL;
108 SSL *ssl = NULL; 112 SSL *ssl = NULL;
109 int failure = 0;
110 size_t dlen; 113 size_t dlen;
111 int alert; 114 int failure, alert;
112 CBB cbb; 115 CBB cbb;
113 CBS cbs; 116 CBS cbs;
114 117
118 failure = 1;
119
115 CBB_init(&cbb, 0); 120 CBB_init(&cbb, 0);
116 121
117 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) 122 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
118 errx(1, "failed to create SSL_CTX"); 123 errx(1, "failed to create SSL_CTX");
119 if ((ssl = SSL_new(ssl_ctx)) == NULL) 124 if ((ssl = SSL_new(ssl_ctx)) == NULL)
120 errx(1, "failed to create SSL"); 125 errx(1, "failed to create SSL");
121 126
122 if (tlsext_ri_clienthello_needs(ssl)) { 127 /*
123 fprintf(stderr, "FAIL: clienthello should not need RI\n"); 128 * Default ciphers include EC so we need it by default.
124 failure = 1; 129 */
125 goto done; 130 if (!tlsext_ec_clienthello_needs(ssl)) {
126 } 131 FAIL("clienthello should need Ellipticcurves for default "
127 132 "ciphers\n");
128 if (!SSL_renegotiate(ssl)) { 133 goto err;
129 fprintf(stderr, "FAIL: client failed to set renegotiate\n");
130 failure = 1;
131 goto done;
132 }
133
134 if (!tlsext_ri_clienthello_needs(ssl)) {
135 fprintf(stderr, "FAIL: clienthello should need RI\n");
136 failure = 1;
137 goto done;
138 }
139
140 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
141 sizeof(tlsext_ri_prev_client));
142 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
143
144 S3I(ssl)->renegotiate_seen = 0;
145
146 if (!tlsext_ri_clienthello_build(ssl, &cbb)) {
147 fprintf(stderr, "FAIL: clienthello failed to build RI\n");
148 failure = 1;
149 goto done;
150 }
151
152 if (!CBB_finish(&cbb, &data, &dlen))
153 errx(1, "failed to finish CBB");
154
155 if (dlen != sizeof(tlsext_ri_clienthello)) {
156 fprintf(stderr, "FAIL: got clienthello RI with length %zu, "
157 "want length %zu\n", dlen, sizeof(tlsext_ri_clienthello));
158 failure = 1;
159 goto done;
160 }
161
162 if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) {
163 fprintf(stderr, "FAIL: clienthello RI differs:\n");
164 fprintf(stderr, "received:\n");
165 hexdump(data, dlen);
166 fprintf(stderr, "test data:\n");
167 hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
168 failure = 1;
169 goto done;
170 }
171
172 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
173 if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
174 fprintf(stderr, "FAIL: failed to parse clienthello RI\n");
175 failure = 1;
176 goto done;
177 } 134 }
178 135
179 if (S3I(ssl)->renegotiate_seen != 1) { 136 /*
180 fprintf(stderr, "FAIL: renegotiate seen not set\n"); 137 * Exclude cipher suites so we can test not including it.
181 failure = 1; 138 */
182 goto done; 139 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
140 FAIL("clienthello should be able to set cipher list\n");
141 goto err;
183 } 142 }
184 if (S3I(ssl)->send_connection_binding != 1) { 143 if (tlsext_ec_clienthello_needs(ssl)) {
185 fprintf(stderr, "FAIL: send connection binding not set\n"); 144 FAIL("clienthello should not need Ellipticcurves\n");
186 failure = 1; 145 goto err;
187 goto done;
188 } 146 }
189 147
190 memset(S3I(ssl)->previous_client_finished, 0, 148 /*
191 sizeof(S3I(ssl)->previous_client_finished)); 149 * Use libtls default for the rest of the testing
192 150 */
193 S3I(ssl)->renegotiate_seen = 0; 151 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
194 152 FAIL("clienthello should be able to set cipher list\n");
195 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); 153 goto err;
196 if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
197 fprintf(stderr, "FAIL: parsed invalid clienthello RI\n");
198 failure = 1;
199 goto done;
200 } 154 }
201 155 if (!tlsext_ec_clienthello_needs(ssl)) {
202 if (S3I(ssl)->renegotiate_seen == 1) { 156 FAIL("clienthello should need Ellipticcurves\n");
203 fprintf(stderr, "FAIL: renegotiate seen set\n"); 157 goto err;
204 failure = 1;
205 goto done;
206 } 158 }
207 159
208 done: 160 /*
209 CBB_cleanup(&cbb); 161 * Test with a session secp384r1. The default is used instead.
210 SSL_CTX_free(ssl_ctx); 162 */
211 SSL_free(ssl); 163 if ((ssl->session = SSL_SESSION_new()) == NULL)
212 free(data); 164 errx(1, "failed to create session");
213
214 return (failure);
215}
216
217static int
218test_tlsext_ri_serverhello(void)
219{
220 unsigned char *data = NULL;
221 SSL_CTX *ssl_ctx = NULL;
222 SSL *ssl = NULL;
223 int failure = 0;
224 size_t dlen;
225 int alert;
226 CBB cbb;
227 CBS cbs;
228
229 CBB_init(&cbb, 0);
230
231 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
232 errx(1, "failed to create SSL_CTX");
233 if ((ssl = SSL_new(ssl_ctx)) == NULL)
234 errx(1, "failed to create SSL");
235 165
236 if (tlsext_ri_serverhello_needs(ssl)) { 166 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
237 fprintf(stderr, "FAIL: serverhello should not need RI\n"); 167 == NULL) {
238 failure = 1; 168 FAIL("client could not malloc\n");
239 goto done; 169 goto err;
240 } 170 }
171 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
172 SSI(ssl)->tlsext_supportedgroups_length = 1;
241 173
242 S3I(ssl)->send_connection_binding = 1; 174 if (!tlsext_ec_clienthello_needs(ssl)) {
243 175 FAIL("clienthello should need Ellipticcurves\n");
244 if (!tlsext_ri_serverhello_needs(ssl)) { 176 goto err;
245 fprintf(stderr, "FAIL: serverhello should need RI\n");
246 failure = 1;
247 goto done;
248 } 177 }
249 178
250 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, 179 if (!tlsext_ec_clienthello_build(ssl, &cbb)) {
251 sizeof(tlsext_ri_prev_client)); 180 FAIL("clienthello failed to build Ellipticcurves\n");
252 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 181 goto err;
253
254 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
255 sizeof(tlsext_ri_prev_server));
256 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
257
258 S3I(ssl)->renegotiate_seen = 0;
259
260 if (!tlsext_ri_serverhello_build(ssl, &cbb)) {
261 fprintf(stderr, "FAIL: serverhello failed to build RI\n");
262 failure = 1;
263 goto done;
264 } 182 }
265 183
266 if (!CBB_finish(&cbb, &data, &dlen)) 184 if (!CBB_finish(&cbb, &data, &dlen))
267 errx(1, "failed to finish CBB"); 185 errx(1, "failed to finish CBB");
268 186
269 if (dlen != sizeof(tlsext_ri_serverhello)) { 187 if (dlen != sizeof(tlsext_ec_clienthello_default)) {
270 fprintf(stderr, "FAIL: got serverhello RI with length %zu, " 188 FAIL("got clienthello Ellipticcurves with length %zu, "
271 "want length %zu\n", dlen, sizeof(tlsext_ri_serverhello)); 189 "want length %zu\n", dlen,
272 failure = 1; 190 sizeof(tlsext_ec_clienthello_default));
273 goto done; 191 compare_data(data, dlen, tlsext_ec_clienthello_default,
274 } 192 sizeof(tlsext_ec_clienthello_default));
275 193 goto err;
276 if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) {
277 fprintf(stderr, "FAIL: serverhello RI differs:\n");
278 fprintf(stderr, "received:\n");
279 hexdump(data, dlen);
280 fprintf(stderr, "test data:\n");
281 hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
282 failure = 1;
283 goto done;
284 } 194 }
285 195
286 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); 196 if (memcmp(data, tlsext_ec_clienthello_default, dlen) != 0) {
287 if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) { 197 FAIL("clienthello Ellipticcurves differs:\n");
288 fprintf(stderr, "FAIL: failed to parse serverhello RI\n"); 198 compare_data(data, dlen, tlsext_ec_clienthello_default,
289 failure = 1; 199 sizeof(tlsext_ec_clienthello_default));
290 goto done; 200 goto err;
291 } 201 }
292 202
293 if (S3I(ssl)->renegotiate_seen != 1) { 203 /*
294 fprintf(stderr, "FAIL: renegotiate seen not set\n"); 204 * Test parsing secp384r1
295 failure = 1; 205 */
296 goto done; 206 CBB_cleanup(&cbb);
297 } 207 CBB_init(&cbb, 0);
298 if (S3I(ssl)->send_connection_binding != 1) { 208 free(data);
299 fprintf(stderr, "FAIL: send connection binding not set\n"); 209 data = NULL;
300 failure = 1;
301 goto done;
302 }
303 210
304 memset(S3I(ssl)->previous_client_finished, 0, 211 SSL_SESSION_free(ssl->session);
305 sizeof(S3I(ssl)->previous_client_finished)); 212 if ((ssl->session = SSL_SESSION_new()) == NULL)
306 memset(S3I(ssl)->previous_server_finished, 0, 213 errx(1, "failed to create session");
307 sizeof(S3I(ssl)->previous_server_finished));
308 214
309 S3I(ssl)->renegotiate_seen = 0; 215 CBS_init(&cbs, tlsext_ec_clienthello_secp384r1,
216 sizeof(tlsext_ec_clienthello_secp384r1));
217 if (!tlsext_ec_clienthello_parse(ssl, &cbs, &alert)) {
218 FAIL("failed to parse clienthello Ellipticcurves\n");
219 goto err;
220 }
310 221
311 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); 222 if (SSI(ssl)->tlsext_supportedgroups_length !=
312 if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) { 223 sizeof(tlsext_ec_clienthello_secp384r1_val) / sizeof(uint16_t)) {
313 fprintf(stderr, "FAIL: parsed invalid serverhello RI\n"); 224 FAIL("no tlsext_ellipticcurves from clienthello "
314 failure = 1; 225 "Ellipticcurves\n");
315 goto done; 226 goto err;
316 } 227 }
317 228
318 if (S3I(ssl)->renegotiate_seen == 1) { 229 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
319 fprintf(stderr, "FAIL: renegotiate seen set\n"); 230 tlsext_ec_clienthello_secp384r1_val,
320 failure = 1; 231 sizeof(tlsext_ec_clienthello_secp384r1_val)) != 0) {
321 goto done; 232 FAIL("clienthello had an incorrect Ellipticcurves "
233 "entry\n");
234 compare_data2(SSI(ssl)->tlsext_supportedgroups,
235 SSI(ssl)->tlsext_supportedgroups_length * 2,
236 tlsext_ec_clienthello_secp384r1_val,
237 sizeof(tlsext_ec_clienthello_secp384r1_val));
238 goto err;
322 } 239 }
323 240
324 done: 241 /*
242 * Use a custom order.
243 */
325 CBB_cleanup(&cbb); 244 CBB_cleanup(&cbb);
326 SSL_CTX_free(ssl_ctx);
327 SSL_free(ssl);
328 free(data);
329
330 return (failure);
331}
332
333/*
334 * Server Name Indication - RFC 6066, section 3.
335 */
336
337#define TEST_SNI_SERVERNAME "www.libressl.org"
338
339static unsigned char tlsext_sni_clienthello[] = {
340 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
341 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
342 0x6c, 0x2e, 0x6f, 0x72, 0x67,
343};
344
345static unsigned char tlsext_sni_serverhello[] = {
346};
347
348static int
349test_tlsext_sni_clienthello(void)
350{
351 unsigned char *data = NULL;
352 SSL_CTX *ssl_ctx = NULL;
353 SSL *ssl = NULL;
354 int failure = 0;
355 size_t dlen;
356 int alert;
357 CBB cbb;
358 CBS cbs;
359
360 CBB_init(&cbb, 0); 245 CBB_init(&cbb, 0);
361 246
362 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 247 SSL_SESSION_free(ssl->session);
363 errx(1, "failed to create SSL_CTX"); 248 if ((ssl->session = SSL_SESSION_new()) == NULL)
364 if ((ssl = SSL_new(ssl_ctx)) == NULL) 249 errx(1, "failed to create session");
365 errx(1, "failed to create SSL");
366
367 if (tlsext_sni_clienthello_needs(ssl)) {
368 fprintf(stderr, "FAIL: clienthello should not need SNI\n");
369 failure = 1;
370 goto done;
371 }
372 250
373 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) { 251 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
374 fprintf(stderr, "FAIL: client failed to set server name\n"); 252 FAIL("client could not malloc\n");
375 failure = 1; 253 goto err;
376 goto done;
377 } 254 }
255 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1);
256 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
257 ssl->internal->tlsext_supportedgroups_length = 2;
378 258
379 if (!tlsext_sni_clienthello_needs(ssl)) { 259 if (!tlsext_ec_clienthello_needs(ssl)) {
380 fprintf(stderr, "FAIL: clienthello should need SNI\n"); 260 FAIL("clienthello should need Ellipticcurves\n");
381 failure = 1; 261 goto err;
382 goto done;
383 } 262 }
384 263
385 if (!tlsext_sni_clienthello_build(ssl, &cbb)) { 264 if (!tlsext_ec_clienthello_build(ssl, &cbb)) {
386 fprintf(stderr, "FAIL: clienthello failed to build SNI\n"); 265 FAIL("clienthello failed to build Ellipticcurves\n");
387 failure = 1; 266 goto err;
388 goto done;
389 } 267 }
390 268
391 if (!CBB_finish(&cbb, &data, &dlen)) 269 if (!CBB_finish(&cbb, &data, &dlen))
392 errx(1, "failed to finish CBB"); 270 errx(1, "failed to finish CBB");
393 271
394 if (dlen != sizeof(tlsext_sni_clienthello)) { 272 if (dlen != sizeof(tlsext_ec_clienthello_nistp192and224)) {
395 fprintf(stderr, "FAIL: got clienthello SNI with length %zu, " 273 FAIL("got clienthello Ellipticcurves with length %zu, "
396 "want length %zu\n", dlen, sizeof(tlsext_sni_clienthello)); 274 "want length %zu\n", dlen,
397 failure = 1; 275 sizeof(tlsext_ec_clienthello_nistp192and224));
398 goto done; 276 fprintf(stderr, "received:\n");
277 hexdump(data, dlen);
278 fprintf(stderr, "test data:\n");
279 hexdump(tlsext_ec_clienthello_nistp192and224,
280 sizeof(tlsext_ec_clienthello_nistp192and224));
281 goto err;
399 } 282 }
400 283
401 if (memcmp(data, tlsext_sni_clienthello, dlen) != 0) { 284 if (memcmp(data, tlsext_ec_clienthello_nistp192and224, dlen) != 0) {
402 fprintf(stderr, "FAIL: clienthello SNI differs:\n"); 285 FAIL("clienthello Ellipticcurves differs:\n");
403 fprintf(stderr, "received:\n"); 286 fprintf(stderr, "received:\n");
404 hexdump(data, dlen); 287 hexdump(data, dlen);
405 fprintf(stderr, "test data:\n"); 288 fprintf(stderr, "test data:\n");
406 hexdump(tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); 289 hexdump(tlsext_ec_clienthello_nistp192and224,
407 failure = 1; 290 sizeof(tlsext_ec_clienthello_nistp192and224));
408 goto done; 291 goto err;
409 } 292 }
410 293
294 /*
295 * Parse non-default curves to session.
296 */
297 CBB_cleanup(&cbb);
298 CBB_init(&cbb, 0);
299 free(data);
300 data = NULL;
301
302 SSL_SESSION_free(ssl->session);
411 if ((ssl->session = SSL_SESSION_new()) == NULL) 303 if ((ssl->session = SSL_SESSION_new()) == NULL)
412 errx(1, "failed to create session"); 304 errx(1, "failed to create session");
413 305
414 ssl->internal->hit = 0; 306 /* Reset back to the default list. */
307 free(ssl->internal->tlsext_supportedgroups);
308 ssl->internal->tlsext_supportedgroups = NULL;
309 ssl->internal->tlsext_supportedgroups_length = 0;
415 310
416 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); 311 CBS_init(&cbs, tlsext_ec_clienthello_nistp192and224,
417 if (!tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) { 312 sizeof(tlsext_ec_clienthello_nistp192and224));
418 fprintf(stderr, "FAIL: failed to parse clienthello SNI\n"); 313 if (!tlsext_ec_clienthello_parse(ssl, &cbs, &alert)) {
419 failure = 1; 314 FAIL("failed to parse clienthello Ellipticcurves\n");
420 goto done; 315 goto err;
421 } 316 }
422 317
423 if (ssl->session->tlsext_hostname == NULL) { 318 if (SSI(ssl)->tlsext_supportedgroups_length !=
424 fprintf(stderr, "FAIL: no tlsext_hostname from clienthello SNI\n"); 319 sizeof(tlsext_ec_clienthello_nistp192and224_val) / sizeof(uint16_t)) {
425 failure = 1; 320 FAIL("no tlsext_ellipticcurves from clienthello "
426 goto done; 321 "Ellipticcurves\n");
322 goto err;
427 } 323 }
428 324
429 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || 325 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
430 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME, 326 tlsext_ec_clienthello_nistp192and224_val,
431 strlen(TEST_SNI_SERVERNAME)) != 0) { 327 sizeof(tlsext_ec_clienthello_nistp192and224_val)) != 0) {
432 fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n", 328 FAIL("clienthello had an incorrect Ellipticcurves entry\n");
433 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME); 329 compare_data2(SSI(ssl)->tlsext_supportedgroups,
434 failure = 1; 330 SSI(ssl)->tlsext_supportedgroups_length * 2,
435 goto done; 331 tlsext_ec_clienthello_nistp192and224_val,
332 sizeof(tlsext_ec_clienthello_nistp192and224_val));
333 goto err;
436 } 334 }
437 335
438 ssl->internal->hit = 1; 336 failure = 0;
439
440 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
441 NULL)
442 errx(1, "failed to strdup tlsext_hostname");
443
444 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
445 if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
446 fprintf(stderr, "FAIL: parsed clienthello with mismatched SNI\n");
447 failure = 1;
448 goto done;
449 }
450 337
451 done: 338 err:
452 CBB_cleanup(&cbb); 339 CBB_cleanup(&cbb);
453 SSL_CTX_free(ssl_ctx); 340 SSL_CTX_free(ssl_ctx);
454 SSL_free(ssl); 341 SSL_free(ssl);
@@ -457,112 +344,47 @@ test_tlsext_sni_clienthello(void)
457 return (failure); 344 return (failure);
458} 345}
459 346
347
348/* elliptic_curves is only used by the client so this doesn't test much. */
460static int 349static int
461test_tlsext_sni_serverhello(void) 350test_tlsext_ec_serverhello(void)
462{ 351{
463 unsigned char *data = NULL;
464 SSL_CTX *ssl_ctx = NULL; 352 SSL_CTX *ssl_ctx = NULL;
465 SSL *ssl = NULL; 353 SSL *ssl = NULL;
466 int failure = 0; 354 int failure;
467 size_t dlen;
468 int alert;
469 CBB cbb;
470 CBS cbs;
471 355
472 CBB_init(&cbb, 0); 356 failure = 1;
473 357
474 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 358 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
475 errx(1, "failed to create SSL_CTX"); 359 errx(1, "failed to create SSL_CTX");
476 if ((ssl = SSL_new(ssl_ctx)) == NULL) 360 if ((ssl = SSL_new(ssl_ctx)) == NULL)
477 errx(1, "failed to create SSL"); 361 errx(1, "failed to create SSL");
478 362
479 if ((ssl->session = SSL_SESSION_new()) == NULL) 363 if (tlsext_ec_serverhello_needs(ssl)) {
480 errx(1, "failed to create session"); 364 FAIL("serverhello should not need elliptic_curves\n");
481 365 goto err;
482 if (tlsext_sni_serverhello_needs(ssl)) {
483 fprintf(stderr, "FAIL: serverhello should not need SNI\n");
484 failure = 1;
485 goto done;
486 }
487
488 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
489 fprintf(stderr, "FAIL: client failed to set server name\n");
490 failure = 1;
491 goto done;
492 }
493
494 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
495 NULL)
496 errx(1, "failed to strdup tlsext_hostname");
497
498 if (!tlsext_sni_serverhello_needs(ssl)) {
499 fprintf(stderr, "FAIL: serverhello should need SNI\n");
500 failure = 1;
501 goto done;
502 }
503
504 if (!tlsext_sni_serverhello_build(ssl, &cbb)) {
505 fprintf(stderr, "FAIL: serverhello failed to build SNI\n");
506 failure = 1;
507 goto done;
508 }
509
510 if (!CBB_finish(&cbb, &data, &dlen))
511 errx(1, "failed to finish CBB");
512
513 if (dlen != sizeof(tlsext_sni_serverhello)) {
514 fprintf(stderr, "FAIL: got serverhello SNI with length %zu, "
515 "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello));
516 failure = 1;
517 goto done;
518 }
519
520 if (memcmp(data, tlsext_sni_serverhello, dlen) != 0) {
521 fprintf(stderr, "FAIL: serverhello SNI differs:\n");
522 fprintf(stderr, "received:\n");
523 hexdump(data, dlen);
524 fprintf(stderr, "test data:\n");
525 hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
526 failure = 1;
527 goto done;
528 } 366 }
529 367
530 free(ssl->session->tlsext_hostname); 368 if ((ssl->session = SSL_SESSION_new()) == NULL)
531 ssl->session->tlsext_hostname = NULL; 369 errx(1, "failed to create session");
532
533 CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
534 if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
535 fprintf(stderr, "FAIL: failed to parse serverhello SNI\n");
536 failure = 1;
537 goto done;
538 }
539 370
540 if (ssl->session->tlsext_hostname == NULL) { 371 if (tlsext_ec_serverhello_needs(ssl)) {
541 fprintf(stderr, "FAIL: no tlsext_hostname after serverhello SNI\n"); 372 FAIL("serverhello should not need elliptic_curves\n");
542 failure = 1; 373 goto err;
543 goto done;
544 } 374 }
545 375
546 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || 376 failure = 0;
547 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
548 strlen(TEST_SNI_SERVERNAME)) != 0) {
549 fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n",
550 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
551 failure = 1;
552 goto done;
553 }
554 377
555 done: 378 err:
556 CBB_cleanup(&cbb);
557 SSL_CTX_free(ssl_ctx); 379 SSL_CTX_free(ssl_ctx);
558 SSL_free(ssl); 380 SSL_free(ssl);
559 free(data);
560 381
561 return (failure); 382 return (failure);
383
562} 384}
563 385
564/* 386/*
565 * ECPointFormats - RFC 4492 section 5.1.2 (Supported Point Formats). 387 * Supported Point Formats - RFC 4492 section 5.1.2.
566 * 388 *
567 * Examples are from the RFC. Both client and server have the same build and 389 * Examples are from the RFC. Both client and server have the same build and
568 * parse but the needs differ. 390 * parse but the needs differ.
@@ -810,7 +632,6 @@ test_tlsext_ecpf_clienthello(void)
810 return (failure); 632 return (failure);
811} 633}
812 634
813
814static int 635static int
815test_tlsext_ecpf_serverhello(void) 636test_tlsext_ecpf_serverhello(void)
816{ 637{
@@ -1011,269 +832,382 @@ test_tlsext_ecpf_serverhello(void)
1011} 832}
1012 833
1013/* 834/*
1014 * ellliptic_curves - RFC 4492 section 5.1.1 (Supported Elliptic Curves). 835 * Renegotiation Indication - RFC 5746.
1015 *
1016 * This extension is only used by the client.
1017 */ 836 */
1018 837
1019static uint8_t tlsext_ec_clienthello_default[] = { 838static unsigned char tlsext_ri_prev_client[] = {
1020 0x00, 0x06, 839 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1021 0x00, 0x1d, /* X25519 (29) */ 840 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1022 0x00, 0x17, /* secp256r1 (23) */
1023 0x00, 0x18 /* secp384r1 (24) */
1024}; 841};
1025 842
1026static uint16_t tlsext_ec_clienthello_secp384r1_val[] = { 843static unsigned char tlsext_ri_prev_server[] = {
1027 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */ 844 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1028}; 845 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1029static uint8_t tlsext_ec_clienthello_secp384r1[] = {
1030 0x00, 0x02,
1031 0x00, 0x18 /* secp384r1 (24) */
1032}; 846};
1033 847
1034/* Example from RFC 4492 section 5.1.1 */ 848static unsigned char tlsext_ri_clienthello[] = {
1035static uint16_t tlsext_ec_clienthello_nistp192and224_val[] = { 849 0x10,
1036 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */ 850 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1037 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */ 851 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1038}; 852};
1039static uint8_t tlsext_ec_clienthello_nistp192and224[] = { 853
1040 0x00, 0x04, 854static unsigned char tlsext_ri_serverhello[] = {
1041 0x00, 0x13, /* secp192r1 aka NIST P-192 */ 855 0x20,
1042 0x00, 0x15 /* secp224r1 aka NIST P-224 */ 856 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
857 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
858 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
859 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1043}; 860};
1044 861
1045static int 862static int
1046test_tlsext_ec_clienthello(void) 863test_tlsext_ri_clienthello(void)
1047{ 864{
1048 unsigned char *data = NULL; 865 unsigned char *data = NULL;
1049 SSL_CTX *ssl_ctx = NULL; 866 SSL_CTX *ssl_ctx = NULL;
1050 SSL *ssl = NULL; 867 SSL *ssl = NULL;
868 int failure = 0;
1051 size_t dlen; 869 size_t dlen;
1052 int failure, alert; 870 int alert;
1053 CBB cbb; 871 CBB cbb;
1054 CBS cbs; 872 CBS cbs;
1055 873
1056 failure = 1;
1057
1058 CBB_init(&cbb, 0); 874 CBB_init(&cbb, 0);
1059 875
1060 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 876 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1061 errx(1, "failed to create SSL_CTX"); 877 errx(1, "failed to create SSL_CTX");
1062 if ((ssl = SSL_new(ssl_ctx)) == NULL) 878 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1063 errx(1, "failed to create SSL"); 879 errx(1, "failed to create SSL");
1064 880
1065 /* 881 if (tlsext_ri_clienthello_needs(ssl)) {
1066 * Default ciphers include EC so we need it by default. 882 fprintf(stderr, "FAIL: clienthello should not need RI\n");
1067 */ 883 failure = 1;
1068 if (!tlsext_ec_clienthello_needs(ssl)) { 884 goto done;
1069 FAIL("clienthello should need Ellipticcurves for default "
1070 "ciphers\n");
1071 goto err;
1072 } 885 }
1073 886
1074 /* 887 if (!SSL_renegotiate(ssl)) {
1075 * Exclude cipher suites so we can test not including it. 888 fprintf(stderr, "FAIL: client failed to set renegotiate\n");
1076 */ 889 failure = 1;
1077 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 890 goto done;
1078 FAIL("clienthello should be able to set cipher list\n");
1079 goto err;
1080 }
1081 if (tlsext_ec_clienthello_needs(ssl)) {
1082 FAIL("clienthello should not need Ellipticcurves\n");
1083 goto err;
1084 } 891 }
1085 892
1086 /* 893 if (!tlsext_ri_clienthello_needs(ssl)) {
1087 * Use libtls default for the rest of the testing 894 fprintf(stderr, "FAIL: clienthello should need RI\n");
1088 */ 895 failure = 1;
1089 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 896 goto done;
1090 FAIL("clienthello should be able to set cipher list\n");
1091 goto err;
1092 } 897 }
1093 if (!tlsext_ec_clienthello_needs(ssl)) { 898
1094 FAIL("clienthello should need Ellipticcurves\n"); 899 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1095 goto err; 900 sizeof(tlsext_ri_prev_client));
901 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
902
903 S3I(ssl)->renegotiate_seen = 0;
904
905 if (!tlsext_ri_clienthello_build(ssl, &cbb)) {
906 fprintf(stderr, "FAIL: clienthello failed to build RI\n");
907 failure = 1;
908 goto done;
1096 } 909 }
1097 910
1098 /* 911 if (!CBB_finish(&cbb, &data, &dlen))
1099 * Test with a session secp384r1. The default is used instead. 912 errx(1, "failed to finish CBB");
1100 */
1101 if ((ssl->session = SSL_SESSION_new()) == NULL)
1102 errx(1, "failed to create session");
1103 913
1104 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t))) 914 if (dlen != sizeof(tlsext_ri_clienthello)) {
1105 == NULL) { 915 fprintf(stderr, "FAIL: got clienthello RI with length %zu, "
1106 FAIL("client could not malloc\n"); 916 "want length %zu\n", dlen, sizeof(tlsext_ri_clienthello));
1107 goto err; 917 failure = 1;
918 goto done;
1108 } 919 }
1109 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
1110 SSI(ssl)->tlsext_supportedgroups_length = 1;
1111 920
1112 if (!tlsext_ec_clienthello_needs(ssl)) { 921 if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) {
1113 FAIL("clienthello should need Ellipticcurves\n"); 922 fprintf(stderr, "FAIL: clienthello RI differs:\n");
1114 goto err; 923 fprintf(stderr, "received:\n");
924 hexdump(data, dlen);
925 fprintf(stderr, "test data:\n");
926 hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
927 failure = 1;
928 goto done;
1115 } 929 }
1116 930
1117 if (!tlsext_ec_clienthello_build(ssl, &cbb)) { 931 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
1118 FAIL("clienthello failed to build Ellipticcurves\n"); 932 if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
1119 goto err; 933 fprintf(stderr, "FAIL: failed to parse clienthello RI\n");
934 failure = 1;
935 goto done;
1120 } 936 }
1121 937
1122 if (!CBB_finish(&cbb, &data, &dlen)) 938 if (S3I(ssl)->renegotiate_seen != 1) {
1123 errx(1, "failed to finish CBB"); 939 fprintf(stderr, "FAIL: renegotiate seen not set\n");
940 failure = 1;
941 goto done;
942 }
943 if (S3I(ssl)->send_connection_binding != 1) {
944 fprintf(stderr, "FAIL: send connection binding not set\n");
945 failure = 1;
946 goto done;
947 }
1124 948
1125 if (dlen != sizeof(tlsext_ec_clienthello_default)) { 949 memset(S3I(ssl)->previous_client_finished, 0,
1126 FAIL("got clienthello Ellipticcurves with length %zu, " 950 sizeof(S3I(ssl)->previous_client_finished));
1127 "want length %zu\n", dlen, 951
1128 sizeof(tlsext_ec_clienthello_default)); 952 S3I(ssl)->renegotiate_seen = 0;
1129 compare_data(data, dlen, tlsext_ec_clienthello_default, 953
1130 sizeof(tlsext_ec_clienthello_default)); 954 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello));
1131 goto err; 955 if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) {
956 fprintf(stderr, "FAIL: parsed invalid clienthello RI\n");
957 failure = 1;
958 goto done;
1132 } 959 }
1133 960
1134 if (memcmp(data, tlsext_ec_clienthello_default, dlen) != 0) { 961 if (S3I(ssl)->renegotiate_seen == 1) {
1135 FAIL("clienthello Ellipticcurves differs:\n"); 962 fprintf(stderr, "FAIL: renegotiate seen set\n");
1136 compare_data(data, dlen, tlsext_ec_clienthello_default, 963 failure = 1;
1137 sizeof(tlsext_ec_clienthello_default)); 964 goto done;
1138 goto err;
1139 } 965 }
1140 966
1141 /* 967 done:
1142 * Test parsing secp384r1
1143 */
1144 CBB_cleanup(&cbb); 968 CBB_cleanup(&cbb);
1145 CBB_init(&cbb, 0); 969 SSL_CTX_free(ssl_ctx);
970 SSL_free(ssl);
1146 free(data); 971 free(data);
1147 data = NULL;
1148 972
1149 SSL_SESSION_free(ssl->session); 973 return (failure);
1150 if ((ssl->session = SSL_SESSION_new()) == NULL) 974}
1151 errx(1, "failed to create session");
1152 975
1153 CBS_init(&cbs, tlsext_ec_clienthello_secp384r1, 976static int
1154 sizeof(tlsext_ec_clienthello_secp384r1)); 977test_tlsext_ri_serverhello(void)
1155 if (!tlsext_ec_clienthello_parse(ssl, &cbs, &alert)) { 978{
1156 FAIL("failed to parse clienthello Ellipticcurves\n"); 979 unsigned char *data = NULL;
1157 goto err; 980 SSL_CTX *ssl_ctx = NULL;
981 SSL *ssl = NULL;
982 int failure = 0;
983 size_t dlen;
984 int alert;
985 CBB cbb;
986 CBS cbs;
987
988 CBB_init(&cbb, 0);
989
990 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
991 errx(1, "failed to create SSL_CTX");
992 if ((ssl = SSL_new(ssl_ctx)) == NULL)
993 errx(1, "failed to create SSL");
994
995 if (tlsext_ri_serverhello_needs(ssl)) {
996 fprintf(stderr, "FAIL: serverhello should not need RI\n");
997 failure = 1;
998 goto done;
1158 } 999 }
1159 1000
1160 if (SSI(ssl)->tlsext_supportedgroups_length != 1001 S3I(ssl)->send_connection_binding = 1;
1161 sizeof(tlsext_ec_clienthello_secp384r1_val) / sizeof(uint16_t)) { 1002
1162 FAIL("no tlsext_ellipticcurves from clienthello " 1003 if (!tlsext_ri_serverhello_needs(ssl)) {
1163 "Ellipticcurves\n"); 1004 fprintf(stderr, "FAIL: serverhello should need RI\n");
1164 goto err; 1005 failure = 1;
1006 goto done;
1165 } 1007 }
1166 1008
1167 if (memcmp(SSI(ssl)->tlsext_supportedgroups, 1009 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1168 tlsext_ec_clienthello_secp384r1_val, 1010 sizeof(tlsext_ri_prev_client));
1169 sizeof(tlsext_ec_clienthello_secp384r1_val)) != 0) { 1011 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1170 FAIL("clienthello had an incorrect Ellipticcurves " 1012
1171 "entry\n"); 1013 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
1172 compare_data2(SSI(ssl)->tlsext_supportedgroups, 1014 sizeof(tlsext_ri_prev_server));
1173 SSI(ssl)->tlsext_supportedgroups_length * 2, 1015 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1174 tlsext_ec_clienthello_secp384r1_val, 1016
1175 sizeof(tlsext_ec_clienthello_secp384r1_val)); 1017 S3I(ssl)->renegotiate_seen = 0;
1176 goto err; 1018
1019 if (!tlsext_ri_serverhello_build(ssl, &cbb)) {
1020 fprintf(stderr, "FAIL: serverhello failed to build RI\n");
1021 failure = 1;
1022 goto done;
1177 } 1023 }
1178 1024
1179 /* 1025 if (!CBB_finish(&cbb, &data, &dlen))
1180 * Use a custom order. 1026 errx(1, "failed to finish CBB");
1181 */ 1027
1028 if (dlen != sizeof(tlsext_ri_serverhello)) {
1029 fprintf(stderr, "FAIL: got serverhello RI with length %zu, "
1030 "want length %zu\n", dlen, sizeof(tlsext_ri_serverhello));
1031 failure = 1;
1032 goto done;
1033 }
1034
1035 if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) {
1036 fprintf(stderr, "FAIL: serverhello RI differs:\n");
1037 fprintf(stderr, "received:\n");
1038 hexdump(data, dlen);
1039 fprintf(stderr, "test data:\n");
1040 hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
1041 failure = 1;
1042 goto done;
1043 }
1044
1045 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
1046 if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
1047 fprintf(stderr, "FAIL: failed to parse serverhello RI\n");
1048 failure = 1;
1049 goto done;
1050 }
1051
1052 if (S3I(ssl)->renegotiate_seen != 1) {
1053 fprintf(stderr, "FAIL: renegotiate seen not set\n");
1054 failure = 1;
1055 goto done;
1056 }
1057 if (S3I(ssl)->send_connection_binding != 1) {
1058 fprintf(stderr, "FAIL: send connection binding not set\n");
1059 failure = 1;
1060 goto done;
1061 }
1062
1063 memset(S3I(ssl)->previous_client_finished, 0,
1064 sizeof(S3I(ssl)->previous_client_finished));
1065 memset(S3I(ssl)->previous_server_finished, 0,
1066 sizeof(S3I(ssl)->previous_server_finished));
1067
1068 S3I(ssl)->renegotiate_seen = 0;
1069
1070 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello));
1071 if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) {
1072 fprintf(stderr, "FAIL: parsed invalid serverhello RI\n");
1073 failure = 1;
1074 goto done;
1075 }
1076
1077 if (S3I(ssl)->renegotiate_seen == 1) {
1078 fprintf(stderr, "FAIL: renegotiate seen set\n");
1079 failure = 1;
1080 goto done;
1081 }
1082
1083 done:
1182 CBB_cleanup(&cbb); 1084 CBB_cleanup(&cbb);
1085 SSL_CTX_free(ssl_ctx);
1086 SSL_free(ssl);
1087 free(data);
1088
1089 return (failure);
1090}
1091
1092/*
1093 * Server Name Indication - RFC 6066 section 3.
1094 */
1095
1096#define TEST_SNI_SERVERNAME "www.libressl.org"
1097
1098static unsigned char tlsext_sni_clienthello[] = {
1099 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1100 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1101 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1102};
1103
1104static unsigned char tlsext_sni_serverhello[] = {
1105};
1106
1107static int
1108test_tlsext_sni_clienthello(void)
1109{
1110 unsigned char *data = NULL;
1111 SSL_CTX *ssl_ctx = NULL;
1112 SSL *ssl = NULL;
1113 int failure = 0;
1114 size_t dlen;
1115 int alert;
1116 CBB cbb;
1117 CBS cbs;
1118
1183 CBB_init(&cbb, 0); 1119 CBB_init(&cbb, 0);
1184 1120
1185 SSL_SESSION_free(ssl->session); 1121 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1186 if ((ssl->session = SSL_SESSION_new()) == NULL) 1122 errx(1, "failed to create SSL_CTX");
1187 errx(1, "failed to create session"); 1123 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1124 errx(1, "failed to create SSL");
1188 1125
1189 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) { 1126 if (tlsext_sni_clienthello_needs(ssl)) {
1190 FAIL("client could not malloc\n"); 1127 fprintf(stderr, "FAIL: clienthello should not need SNI\n");
1191 goto err; 1128 failure = 1;
1129 goto done;
1192 } 1130 }
1193 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1);
1194 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
1195 ssl->internal->tlsext_supportedgroups_length = 2;
1196 1131
1197 if (!tlsext_ec_clienthello_needs(ssl)) { 1132 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1198 FAIL("clienthello should need Ellipticcurves\n"); 1133 fprintf(stderr, "FAIL: client failed to set server name\n");
1199 goto err; 1134 failure = 1;
1135 goto done;
1200 } 1136 }
1201 1137
1202 if (!tlsext_ec_clienthello_build(ssl, &cbb)) { 1138 if (!tlsext_sni_clienthello_needs(ssl)) {
1203 FAIL("clienthello failed to build Ellipticcurves\n"); 1139 fprintf(stderr, "FAIL: clienthello should need SNI\n");
1204 goto err; 1140 failure = 1;
1141 goto done;
1142 }
1143
1144 if (!tlsext_sni_clienthello_build(ssl, &cbb)) {
1145 fprintf(stderr, "FAIL: clienthello failed to build SNI\n");
1146 failure = 1;
1147 goto done;
1205 } 1148 }
1206 1149
1207 if (!CBB_finish(&cbb, &data, &dlen)) 1150 if (!CBB_finish(&cbb, &data, &dlen))
1208 errx(1, "failed to finish CBB"); 1151 errx(1, "failed to finish CBB");
1209 1152
1210 if (dlen != sizeof(tlsext_ec_clienthello_nistp192and224)) { 1153 if (dlen != sizeof(tlsext_sni_clienthello)) {
1211 FAIL("got clienthello Ellipticcurves with length %zu, " 1154 fprintf(stderr, "FAIL: got clienthello SNI with length %zu, "
1212 "want length %zu\n", dlen, 1155 "want length %zu\n", dlen, sizeof(tlsext_sni_clienthello));
1213 sizeof(tlsext_ec_clienthello_nistp192and224)); 1156 failure = 1;
1214 fprintf(stderr, "received:\n"); 1157 goto done;
1215 hexdump(data, dlen);
1216 fprintf(stderr, "test data:\n");
1217 hexdump(tlsext_ec_clienthello_nistp192and224,
1218 sizeof(tlsext_ec_clienthello_nistp192and224));
1219 goto err;
1220 } 1158 }
1221 1159
1222 if (memcmp(data, tlsext_ec_clienthello_nistp192and224, dlen) != 0) { 1160 if (memcmp(data, tlsext_sni_clienthello, dlen) != 0) {
1223 FAIL("clienthello Ellipticcurves differs:\n"); 1161 fprintf(stderr, "FAIL: clienthello SNI differs:\n");
1224 fprintf(stderr, "received:\n"); 1162 fprintf(stderr, "received:\n");
1225 hexdump(data, dlen); 1163 hexdump(data, dlen);
1226 fprintf(stderr, "test data:\n"); 1164 fprintf(stderr, "test data:\n");
1227 hexdump(tlsext_ec_clienthello_nistp192and224, 1165 hexdump(tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
1228 sizeof(tlsext_ec_clienthello_nistp192and224)); 1166 failure = 1;
1229 goto err; 1167 goto done;
1230 } 1168 }
1231 1169
1232 /*
1233 * Parse non-default curves to session.
1234 */
1235 CBB_cleanup(&cbb);
1236 CBB_init(&cbb, 0);
1237 free(data);
1238 data = NULL;
1239
1240 SSL_SESSION_free(ssl->session);
1241 if ((ssl->session = SSL_SESSION_new()) == NULL) 1170 if ((ssl->session = SSL_SESSION_new()) == NULL)
1242 errx(1, "failed to create session"); 1171 errx(1, "failed to create session");
1243 1172
1244 /* Reset back to the default list. */ 1173 ssl->internal->hit = 0;
1245 free(ssl->internal->tlsext_supportedgroups);
1246 ssl->internal->tlsext_supportedgroups = NULL;
1247 ssl->internal->tlsext_supportedgroups_length = 0;
1248 1174
1249 CBS_init(&cbs, tlsext_ec_clienthello_nistp192and224, 1175 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
1250 sizeof(tlsext_ec_clienthello_nistp192and224)); 1176 if (!tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
1251 if (!tlsext_ec_clienthello_parse(ssl, &cbs, &alert)) { 1177 fprintf(stderr, "FAIL: failed to parse clienthello SNI\n");
1252 FAIL("failed to parse clienthello Ellipticcurves\n"); 1178 failure = 1;
1253 goto err; 1179 goto done;
1254 } 1180 }
1255 1181
1256 if (SSI(ssl)->tlsext_supportedgroups_length != 1182 if (ssl->session->tlsext_hostname == NULL) {
1257 sizeof(tlsext_ec_clienthello_nistp192and224_val) / sizeof(uint16_t)) { 1183 fprintf(stderr, "FAIL: no tlsext_hostname from clienthello SNI\n");
1258 FAIL("no tlsext_ellipticcurves from clienthello " 1184 failure = 1;
1259 "Ellipticcurves\n"); 1185 goto done;
1260 goto err;
1261 } 1186 }
1262 1187
1263 if (memcmp(SSI(ssl)->tlsext_supportedgroups, 1188 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1264 tlsext_ec_clienthello_nistp192and224_val, 1189 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1265 sizeof(tlsext_ec_clienthello_nistp192and224_val)) != 0) { 1190 strlen(TEST_SNI_SERVERNAME)) != 0) {
1266 FAIL("clienthello had an incorrect Ellipticcurves entry\n"); 1191 fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n",
1267 compare_data2(SSI(ssl)->tlsext_supportedgroups, 1192 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1268 SSI(ssl)->tlsext_supportedgroups_length * 2, 1193 failure = 1;
1269 tlsext_ec_clienthello_nistp192and224_val, 1194 goto done;
1270 sizeof(tlsext_ec_clienthello_nistp192and224_val));
1271 goto err;
1272 } 1195 }
1273 1196
1274 failure = 0; 1197 ssl->internal->hit = 1;
1275 1198
1276 err: 1199 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1200 NULL)
1201 errx(1, "failed to strdup tlsext_hostname");
1202
1203 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello));
1204 if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) {
1205 fprintf(stderr, "FAIL: parsed clienthello with mismatched SNI\n");
1206 failure = 1;
1207 goto done;
1208 }
1209
1210 done:
1277 CBB_cleanup(&cbb); 1211 CBB_cleanup(&cbb);
1278 SSL_CTX_free(ssl_ctx); 1212 SSL_CTX_free(ssl_ctx);
1279 SSL_free(ssl); 1213 SSL_free(ssl);
@@ -1282,43 +1216,108 @@ test_tlsext_ec_clienthello(void)
1282 return (failure); 1216 return (failure);
1283} 1217}
1284 1218
1285
1286/* elliptic_curves is only used by the client so this doesn't test much. */
1287static int 1219static int
1288test_tlsext_ec_serverhello(void) 1220test_tlsext_sni_serverhello(void)
1289{ 1221{
1222 unsigned char *data = NULL;
1290 SSL_CTX *ssl_ctx = NULL; 1223 SSL_CTX *ssl_ctx = NULL;
1291 SSL *ssl = NULL; 1224 SSL *ssl = NULL;
1292 int failure; 1225 int failure = 0;
1226 size_t dlen;
1227 int alert;
1228 CBB cbb;
1229 CBS cbs;
1293 1230
1294 failure = 1; 1231 CBB_init(&cbb, 0);
1295 1232
1296 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1233 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1297 errx(1, "failed to create SSL_CTX"); 1234 errx(1, "failed to create SSL_CTX");
1298 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1235 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1299 errx(1, "failed to create SSL"); 1236 errx(1, "failed to create SSL");
1300 1237
1301 if (tlsext_ec_serverhello_needs(ssl)) {
1302 FAIL("serverhello should not need elliptic_curves\n");
1303 goto err;
1304 }
1305
1306 if ((ssl->session = SSL_SESSION_new()) == NULL) 1238 if ((ssl->session = SSL_SESSION_new()) == NULL)
1307 errx(1, "failed to create session"); 1239 errx(1, "failed to create session");
1308 1240
1309 if (tlsext_ec_serverhello_needs(ssl)) { 1241 if (tlsext_sni_serverhello_needs(ssl)) {
1310 FAIL("serverhello should not need elliptic_curves\n"); 1242 fprintf(stderr, "FAIL: serverhello should not need SNI\n");
1311 goto err; 1243 failure = 1;
1244 goto done;
1312 } 1245 }
1313 1246
1314 failure = 0; 1247 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1248 fprintf(stderr, "FAIL: client failed to set server name\n");
1249 failure = 1;
1250 goto done;
1251 }
1315 1252
1316 err: 1253 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1254 NULL)
1255 errx(1, "failed to strdup tlsext_hostname");
1256
1257 if (!tlsext_sni_serverhello_needs(ssl)) {
1258 fprintf(stderr, "FAIL: serverhello should need SNI\n");
1259 failure = 1;
1260 goto done;
1261 }
1262
1263 if (!tlsext_sni_serverhello_build(ssl, &cbb)) {
1264 fprintf(stderr, "FAIL: serverhello failed to build SNI\n");
1265 failure = 1;
1266 goto done;
1267 }
1268
1269 if (!CBB_finish(&cbb, &data, &dlen))
1270 errx(1, "failed to finish CBB");
1271
1272 if (dlen != sizeof(tlsext_sni_serverhello)) {
1273 fprintf(stderr, "FAIL: got serverhello SNI with length %zu, "
1274 "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello));
1275 failure = 1;
1276 goto done;
1277 }
1278
1279 if (memcmp(data, tlsext_sni_serverhello, dlen) != 0) {
1280 fprintf(stderr, "FAIL: serverhello SNI differs:\n");
1281 fprintf(stderr, "received:\n");
1282 hexdump(data, dlen);
1283 fprintf(stderr, "test data:\n");
1284 hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
1285 failure = 1;
1286 goto done;
1287 }
1288
1289 free(ssl->session->tlsext_hostname);
1290 ssl->session->tlsext_hostname = NULL;
1291
1292 CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
1293 if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
1294 fprintf(stderr, "FAIL: failed to parse serverhello SNI\n");
1295 failure = 1;
1296 goto done;
1297 }
1298
1299 if (ssl->session->tlsext_hostname == NULL) {
1300 fprintf(stderr, "FAIL: no tlsext_hostname after serverhello SNI\n");
1301 failure = 1;
1302 goto done;
1303 }
1304
1305 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1306 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1307 strlen(TEST_SNI_SERVERNAME)) != 0) {
1308 fprintf(stderr, "FAIL: got tlsext_hostname `%s', want `%s'\n",
1309 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1310 failure = 1;
1311 goto done;
1312 }
1313
1314 done:
1315 CBB_cleanup(&cbb);
1317 SSL_CTX_free(ssl_ctx); 1316 SSL_CTX_free(ssl_ctx);
1318 SSL_free(ssl); 1317 SSL_free(ssl);
1318 free(data);
1319 1319
1320 return (failure); 1320 return (failure);
1321
1322} 1321}
1323 1322
1324int 1323int
@@ -1328,17 +1327,17 @@ main(int argc, char **argv)
1328 1327
1329 SSL_library_init(); 1328 SSL_library_init();
1330 1329
1330 failed |= test_tlsext_ec_clienthello();
1331 failed |= test_tlsext_ec_serverhello();
1332
1333 failed |= test_tlsext_ecpf_clienthello();
1334 failed |= test_tlsext_ecpf_serverhello();
1335
1331 failed |= test_tlsext_ri_clienthello(); 1336 failed |= test_tlsext_ri_clienthello();
1332 failed |= test_tlsext_ri_serverhello(); 1337 failed |= test_tlsext_ri_serverhello();
1333 1338
1334 failed |= test_tlsext_sni_clienthello(); 1339 failed |= test_tlsext_sni_clienthello();
1335 failed |= test_tlsext_sni_serverhello(); 1340 failed |= test_tlsext_sni_serverhello();
1336 1341
1337 failed |= test_tlsext_ecpf_clienthello();
1338 failed |= test_tlsext_ecpf_serverhello();
1339
1340 failed |= test_tlsext_ec_clienthello();
1341 failed |= test_tlsext_ec_serverhello();
1342
1343 return (failed); 1342 return (failed);
1344} 1343}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 22:36:42 +0000