summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl/tlsext
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libssl/tlsext')
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile9
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c3571
2 files changed, 0 insertions, 3580 deletions
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 48b5bc1e25..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/07/16 18:18:10 jsing Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index 214b3983a0..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,3571 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.30 2019/11/10 17:32:47 beck Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <err.h>
21
22#include "ssl_locl.h"
23
24#include "bytestring.h"
25#include "ssl_tlsext.h"
26
27static void
28hexdump(const unsigned char *buf, size_t len)
29{
30 size_t i;
31
32 for (i = 1; i <= len; i++)
33 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
34
35 fprintf(stderr, "\n");
36}
37
38static void
39hexdump2(const uint16_t *buf, size_t len)
40{
41 size_t i;
42
43 for (i = 1; i <= len / 2; i++)
44 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
45
46 fprintf(stderr, "\n");
47}
48
49static void
50compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
51 size_t expect_len)
52{
53 fprintf(stderr, "received:\n");
54 hexdump(recv, recv_len);
55
56 fprintf(stderr, "test data:\n");
57 hexdump(expect, expect_len);
58}
59
60static void
61compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
62 size_t expect_len)
63{
64 fprintf(stderr, "received:\n");
65 hexdump2(recv, recv_len);
66
67 fprintf(stderr, "test data:\n");
68 hexdump2(expect, expect_len);
69}
70
71#define FAIL(msg, ...) \
72do { \
73 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
74 fprintf(stderr, msg, ##__VA_ARGS__); \
75} while(0)
76
77/*
78 * Supported Application-Layer Protocol Negotiation - RFC 7301
79 *
80 * There are already extensive unit tests for this so this just
81 * tests the state info.
82 */
83
84const uint8_t tlsext_alpn_multiple_protos_val[] = {
85 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
86 0x08, /* len */
87 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
88 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
89 0x09, /* len */
90 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
91};
92
93const uint8_t tlsext_alpn_multiple_protos[] = {
94 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
95 0x00, 0x13, /* len of all names */
96 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
97 0x08, /* len */
98 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
99 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
100 0x09, /* len */
101 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
102};
103
104const uint8_t tlsext_alpn_single_proto_val[] = {
105 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
106 0x08, /* len */
107 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
108};
109
110const uint8_t tlsext_alpn_single_proto_name[] = {
111 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
112};
113
114const uint8_t tlsext_alpn_single_proto[] = {
115 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
116 0x00, 0x09, /* len of all names */
117 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
118 0x08, /* len */
119 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
120};
121
122static int
123test_tlsext_alpn_client(void)
124{
125 SSL_CTX *ssl_ctx = NULL;
126 SSL *ssl = NULL;
127 uint8_t *data = NULL;
128 CBB cbb;
129 CBS cbs;
130 int failure, alert;
131 size_t dlen;
132
133 CBB_init(&cbb, 0);
134
135 failure = 1;
136
137 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
138 errx(1, "failed to create SSL_CTX");
139 if ((ssl = SSL_new(ssl_ctx)) == NULL)
140 errx(1, "failed to create SSL");
141
142 /* By default, we don't need this */
143 if (tlsext_alpn_client_needs(ssl)) {
144 FAIL("client should not need ALPN by default");
145 goto err;
146 }
147
148 /*
149 * Prereqs:
150 * 1) Set s->internal->alpn_client_proto_list
151 * - Using SSL_set_alpn_protos()
152 * 2) We have not finished or renegotiated.
153 * - S3I(s)->tmp.finish_md_len == 0
154 */
155 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
156 sizeof(tlsext_alpn_single_proto_val)) != 0) {
157 FAIL("should be able to set ALPN to http/1.1");
158 goto err;
159 }
160 if (!tlsext_alpn_client_needs(ssl)) {
161 FAIL("client should need ALPN by now");
162 goto err;
163 }
164
165 /* Make sure we can build the client with a single proto. */
166
167 if (!tlsext_alpn_client_build(ssl, &cbb)) {
168 FAIL("client failed to build ALPN\n");
169 goto err;
170 }
171 if (!CBB_finish(&cbb, &data, &dlen))
172 errx(1, "failed to finish CBB");
173
174 if (dlen != sizeof(tlsext_alpn_single_proto)) {
175 FAIL("got client ALPN with length %zu, "
176 "want length %zu\n", dlen,
177 sizeof(tlsext_alpn_single_proto));
178 compare_data(data, dlen, tlsext_alpn_single_proto,
179 sizeof(tlsext_alpn_single_proto));
180 goto err;
181 }
182 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
183 FAIL("client ALPN differs:\n");
184 compare_data(data, dlen, tlsext_alpn_single_proto,
185 sizeof(tlsext_alpn_single_proto));
186 goto err;
187 }
188
189 CBB_cleanup(&cbb);
190 CBB_init(&cbb, 0);
191 free(data);
192 data = NULL;
193
194 /* Make sure we can parse the single proto. */
195
196 CBS_init(&cbs, tlsext_alpn_single_proto,
197 sizeof(tlsext_alpn_single_proto));
198 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
199 FAIL("failed to parse ALPN");
200 goto err;
201 }
202 if (CBS_len(&cbs) != 0) {
203 FAIL("extension data remaining");
204 goto err;
205 }
206
207 if (ssl->internal->alpn_client_proto_list_len !=
208 sizeof(tlsext_alpn_single_proto_val)) {
209 FAIL("got client ALPN with length %zu, "
210 "want length %zu\n", dlen,
211 sizeof(tlsext_alpn_single_proto_val));
212 compare_data(ssl->internal->alpn_client_proto_list,
213 ssl->internal->alpn_client_proto_list_len,
214 tlsext_alpn_single_proto_val,
215 sizeof(tlsext_alpn_single_proto_val));
216 goto err;
217 }
218 if (memcmp(ssl->internal->alpn_client_proto_list,
219 tlsext_alpn_single_proto_val,
220 sizeof(tlsext_alpn_single_proto_val)) != 0) {
221 FAIL("client ALPN differs:\n");
222 compare_data(data, dlen, tlsext_alpn_single_proto_val,
223 sizeof(tlsext_alpn_single_proto_val));
224 goto err;
225 }
226
227 /* Make sure we can build the clienthello with multiple entries. */
228
229 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
230 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
231 FAIL("should be able to set ALPN to http/1.1");
232 goto err;
233 }
234 if (!tlsext_alpn_client_needs(ssl)) {
235 FAIL("client should need ALPN by now");
236 goto err;
237 }
238
239 if (!tlsext_alpn_client_build(ssl, &cbb)) {
240 FAIL("client failed to build ALPN\n");
241 goto err;
242 }
243 if (!CBB_finish(&cbb, &data, &dlen))
244 errx(1, "failed to finish CBB");
245
246 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
247 FAIL("got client ALPN with length %zu, "
248 "want length %zu\n", dlen,
249 sizeof(tlsext_alpn_multiple_protos));
250 compare_data(data, dlen, tlsext_alpn_multiple_protos,
251 sizeof(tlsext_alpn_multiple_protos));
252 goto err;
253 }
254 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
255 FAIL("client ALPN differs:\n");
256 compare_data(data, dlen, tlsext_alpn_multiple_protos,
257 sizeof(tlsext_alpn_multiple_protos));
258 goto err;
259 }
260
261 /* Make sure we can parse multiple protos */
262
263 CBS_init(&cbs, tlsext_alpn_multiple_protos,
264 sizeof(tlsext_alpn_multiple_protos));
265 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
266 FAIL("failed to parse ALPN");
267 goto err;
268 }
269 if (CBS_len(&cbs) != 0) {
270 FAIL("extension data remaining");
271 goto err;
272 }
273
274 if (ssl->internal->alpn_client_proto_list_len !=
275 sizeof(tlsext_alpn_multiple_protos_val)) {
276 FAIL("got client ALPN with length %zu, "
277 "want length %zu\n", dlen,
278 sizeof(tlsext_alpn_multiple_protos_val));
279 compare_data(ssl->internal->alpn_client_proto_list,
280 ssl->internal->alpn_client_proto_list_len,
281 tlsext_alpn_multiple_protos_val,
282 sizeof(tlsext_alpn_multiple_protos_val));
283 goto err;
284 }
285 if (memcmp(ssl->internal->alpn_client_proto_list,
286 tlsext_alpn_multiple_protos_val,
287 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
288 FAIL("client ALPN differs:\n");
289 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
290 sizeof(tlsext_alpn_multiple_protos_val));
291 goto err;
292 }
293
294 /* Make sure we can remove the list and avoid ALPN */
295
296 free(ssl->internal->alpn_client_proto_list);
297 ssl->internal->alpn_client_proto_list = NULL;
298 ssl->internal->alpn_client_proto_list_len = 0;
299
300 if (tlsext_alpn_client_needs(ssl)) {
301 FAIL("client should need ALPN by default");
302 goto err;
303 }
304
305 failure = 0;
306
307 err:
308 CBB_cleanup(&cbb);
309 SSL_CTX_free(ssl_ctx);
310 SSL_free(ssl);
311 free(data);
312
313 return (failure);
314}
315
316static int
317test_tlsext_alpn_server(void)
318{
319 SSL_CTX *ssl_ctx = NULL;
320 SSL *ssl = NULL;
321 uint8_t *data = NULL;
322 CBB cbb;
323 CBS cbs;
324 int failure, alert;
325 size_t dlen;
326
327 CBB_init(&cbb, 0);
328
329 failure = 1;
330
331 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
332 errx(1, "failed to create SSL_CTX");
333 if ((ssl = SSL_new(ssl_ctx)) == NULL)
334 errx(1, "failed to create SSL");
335
336 /* By default, ALPN isn't needed. */
337 if (tlsext_alpn_server_needs(ssl)) {
338 FAIL("server should not need ALPN by default\n");
339 goto err;
340 }
341
342 /*
343 * The server has a single ALPN selection which is set by
344 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
345 *
346 * This will be a plain name and separate length.
347 */
348 if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
349 errx(1, "failed to malloc");
350 }
351 memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
352 sizeof(tlsext_alpn_single_proto_name));
353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
354
355 if (!tlsext_alpn_server_needs(ssl)) {
356 FAIL("server should need ALPN after a protocol is selected\n");
357 goto err;
358 }
359
360 /* Make sure we can build a server with one protocol */
361
362 if (!tlsext_alpn_server_build(ssl, &cbb)) {
363 FAIL("server should be able to build a response");
364 goto err;
365 }
366 if (!CBB_finish(&cbb, &data, &dlen))
367 errx(1, "failed to finish CBB");
368
369 if (dlen != sizeof(tlsext_alpn_single_proto)) {
370 FAIL("got client ALPN with length %zu, "
371 "want length %zu\n", dlen,
372 sizeof(tlsext_alpn_single_proto));
373 compare_data(data, dlen, tlsext_alpn_single_proto,
374 sizeof(tlsext_alpn_single_proto));
375 goto err;
376 }
377 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
378 FAIL("client ALPN differs:\n");
379 compare_data(data, dlen, tlsext_alpn_single_proto,
380 sizeof(tlsext_alpn_single_proto));
381 goto err;
382 }
383
384 CBB_cleanup(&cbb);
385 CBB_init(&cbb, 0);
386 free(data);
387 data = NULL;
388
389 /* Make sure we can parse the single proto. */
390
391 CBS_init(&cbs, tlsext_alpn_single_proto,
392 sizeof(tlsext_alpn_single_proto));
393
394 /* Shouldn't be able to parse without requesting */
395 if (tlsext_alpn_client_parse(ssl, &cbs, &alert)) {
396 FAIL("Should only parse server if we requested it");
397 goto err;
398 }
399
400 /* Should be able to parse once requested. */
401 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
402 sizeof(tlsext_alpn_single_proto_val)) != 0) {
403 FAIL("should be able to set ALPN to http/1.1");
404 goto err;
405 }
406 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
407 FAIL("Should be able to parse server when we request it");
408 goto err;
409 }
410 if (CBS_len(&cbs) != 0) {
411 FAIL("extension data remaining");
412 goto err;
413 }
414
415 if (S3I(ssl)->alpn_selected_len !=
416 sizeof(tlsext_alpn_single_proto_name)) {
417 FAIL("got server ALPN with length %zu, "
418 "want length %zu\n", dlen,
419 sizeof(tlsext_alpn_single_proto_name));
420 compare_data(S3I(ssl)->alpn_selected,
421 S3I(ssl)->alpn_selected_len,
422 tlsext_alpn_single_proto_name,
423 sizeof(tlsext_alpn_single_proto_name));
424 goto err;
425 }
426 if (memcmp(S3I(ssl)->alpn_selected,
427 tlsext_alpn_single_proto_name,
428 sizeof(tlsext_alpn_single_proto_name)) != 0) {
429 FAIL("server ALPN differs:\n");
430 compare_data(S3I(ssl)->alpn_selected,
431 S3I(ssl)->alpn_selected_len,
432 tlsext_alpn_single_proto_name,
433 sizeof(tlsext_alpn_single_proto_name));
434 goto err;
435 }
436
437 /*
438 * We should NOT be able to build a server with multiple
439 * protocol names. However, the existing code did not check for this
440 * case because it is passed in as an encoded value.
441 */
442
443 /* Make sure we can remove the list and avoid ALPN */
444
445 free(S3I(ssl)->alpn_selected);
446 S3I(ssl)->alpn_selected = NULL;
447 S3I(ssl)->alpn_selected_len = 0;
448
449 if (tlsext_alpn_server_needs(ssl)) {
450 FAIL("server should need ALPN by default");
451 goto err;
452 }
453
454 failure = 0;
455
456 err:
457 CBB_cleanup(&cbb);
458 SSL_CTX_free(ssl_ctx);
459 SSL_free(ssl);
460 free(data);
461
462 return (failure);
463
464}
465
466/*
467 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
468 *
469 * This extension is only used by the client.
470 */
471
472static uint8_t tlsext_supportedgroups_client_default[] = {
473 0x00, 0x06,
474 0x00, 0x1d, /* X25519 (29) */
475 0x00, 0x17, /* secp256r1 (23) */
476 0x00, 0x18 /* secp384r1 (24) */
477};
478
479static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
480 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */
481};
482static uint8_t tlsext_supportedgroups_client_secp384r1[] = {
483 0x00, 0x02,
484 0x00, 0x18 /* secp384r1 (24) */
485};
486
487/* Example from RFC 4492 section 5.1.1 */
488static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
489 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */
490 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */
491};
492static uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
493 0x00, 0x04,
494 0x00, 0x13, /* secp192r1 aka NIST P-192 */
495 0x00, 0x15 /* secp224r1 aka NIST P-224 */
496};
497
498static int
499test_tlsext_supportedgroups_client(void)
500{
501 unsigned char *data = NULL;
502 SSL_CTX *ssl_ctx = NULL;
503 SSL *ssl = NULL;
504 size_t dlen;
505 int failure, alert;
506 CBB cbb;
507 CBS cbs;
508
509 failure = 1;
510
511 if (!CBB_init(&cbb, 0))
512 errx(1, "failed to create CBB");
513
514 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
515 errx(1, "failed to create SSL_CTX");
516 if ((ssl = SSL_new(ssl_ctx)) == NULL)
517 errx(1, "failed to create SSL");
518
519 /*
520 * Default ciphers include EC so we need it by default.
521 */
522 if (!tlsext_supportedgroups_client_needs(ssl)) {
523 FAIL("client should need Ellipticcurves for default "
524 "ciphers\n");
525 goto err;
526 }
527
528 /*
529 * Exclude cipher suites so we can test not including it.
530 */
531 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
532 FAIL("client should be able to set cipher list\n");
533 goto err;
534 }
535 if (tlsext_supportedgroups_client_needs(ssl)) {
536 FAIL("client should not need Ellipticcurves\n");
537 goto err;
538 }
539
540 /*
541 * Use libtls default for the rest of the testing
542 */
543 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
544 FAIL("client should be able to set cipher list\n");
545 goto err;
546 }
547 if (!tlsext_supportedgroups_client_needs(ssl)) {
548 FAIL("client should need Ellipticcurves\n");
549 goto err;
550 }
551
552 /*
553 * Test with a session secp384r1. The default is used instead.
554 */
555 if ((ssl->session = SSL_SESSION_new()) == NULL)
556 errx(1, "failed to create session");
557
558 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
559 == NULL) {
560 FAIL("client could not malloc\n");
561 goto err;
562 }
563 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
564 SSI(ssl)->tlsext_supportedgroups_length = 1;
565
566 if (!tlsext_supportedgroups_client_needs(ssl)) {
567 FAIL("client should need Ellipticcurves\n");
568 goto err;
569 }
570
571 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) {
572 FAIL("client failed to build Ellipticcurves\n");
573 goto err;
574 }
575
576 if (!CBB_finish(&cbb, &data, &dlen))
577 errx(1, "failed to finish CBB");
578
579 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
580 FAIL("got client Ellipticcurves with length %zu, "
581 "want length %zu\n", dlen,
582 sizeof(tlsext_supportedgroups_client_default));
583 compare_data(data, dlen, tlsext_supportedgroups_client_default,
584 sizeof(tlsext_supportedgroups_client_default));
585 goto err;
586 }
587
588 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
589 FAIL("client Ellipticcurves differs:\n");
590 compare_data(data, dlen, tlsext_supportedgroups_client_default,
591 sizeof(tlsext_supportedgroups_client_default));
592 goto err;
593 }
594
595 /*
596 * Test parsing secp384r1
597 */
598 CBB_cleanup(&cbb);
599 CBB_init(&cbb, 0);
600 free(data);
601 data = NULL;
602
603 SSL_SESSION_free(ssl->session);
604 if ((ssl->session = SSL_SESSION_new()) == NULL)
605 errx(1, "failed to create session");
606
607 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
608 sizeof(tlsext_supportedgroups_client_secp384r1));
609 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) {
610 FAIL("failed to parse client Ellipticcurves\n");
611 goto err;
612 }
613 if (CBS_len(&cbs) != 0) {
614 FAIL("extension data remaining");
615 goto err;
616 }
617
618 if (SSI(ssl)->tlsext_supportedgroups_length !=
619 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
620 FAIL("no tlsext_ellipticcurves from client "
621 "Ellipticcurves\n");
622 goto err;
623 }
624
625 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
626 tlsext_supportedgroups_client_secp384r1_val,
627 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
628 FAIL("client had an incorrect Ellipticcurves "
629 "entry\n");
630 compare_data2(SSI(ssl)->tlsext_supportedgroups,
631 SSI(ssl)->tlsext_supportedgroups_length * 2,
632 tlsext_supportedgroups_client_secp384r1_val,
633 sizeof(tlsext_supportedgroups_client_secp384r1_val));
634 goto err;
635 }
636
637 /*
638 * Use a custom order.
639 */
640 CBB_cleanup(&cbb);
641 CBB_init(&cbb, 0);
642
643 SSL_SESSION_free(ssl->session);
644 if ((ssl->session = SSL_SESSION_new()) == NULL)
645 errx(1, "failed to create session");
646
647 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
648 FAIL("client could not malloc\n");
649 goto err;
650 }
651 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1);
652 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
653 ssl->internal->tlsext_supportedgroups_length = 2;
654
655 if (!tlsext_supportedgroups_client_needs(ssl)) {
656 FAIL("client should need Ellipticcurves\n");
657 goto err;
658 }
659
660 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) {
661 FAIL("client failed to build Ellipticcurves\n");
662 goto err;
663 }
664
665 if (!CBB_finish(&cbb, &data, &dlen))
666 errx(1, "failed to finish CBB");
667
668 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
669 FAIL("got client Ellipticcurves with length %zu, "
670 "want length %zu\n", dlen,
671 sizeof(tlsext_supportedgroups_client_nistp192and224));
672 fprintf(stderr, "received:\n");
673 hexdump(data, dlen);
674 fprintf(stderr, "test data:\n");
675 hexdump(tlsext_supportedgroups_client_nistp192and224,
676 sizeof(tlsext_supportedgroups_client_nistp192and224));
677 goto err;
678 }
679
680 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
681 FAIL("client Ellipticcurves differs:\n");
682 fprintf(stderr, "received:\n");
683 hexdump(data, dlen);
684 fprintf(stderr, "test data:\n");
685 hexdump(tlsext_supportedgroups_client_nistp192and224,
686 sizeof(tlsext_supportedgroups_client_nistp192and224));
687 goto err;
688 }
689
690 /*
691 * Parse non-default curves to session.
692 */
693 CBB_cleanup(&cbb);
694 CBB_init(&cbb, 0);
695 free(data);
696 data = NULL;
697
698 SSL_SESSION_free(ssl->session);
699 if ((ssl->session = SSL_SESSION_new()) == NULL)
700 errx(1, "failed to create session");
701
702 /* Reset back to the default list. */
703 free(ssl->internal->tlsext_supportedgroups);
704 ssl->internal->tlsext_supportedgroups = NULL;
705 ssl->internal->tlsext_supportedgroups_length = 0;
706
707 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
708 sizeof(tlsext_supportedgroups_client_nistp192and224));
709 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) {
710 FAIL("failed to parse client Ellipticcurves\n");
711 goto err;
712 }
713 if (CBS_len(&cbs) != 0) {
714 FAIL("extension data remaining");
715 goto err;
716 }
717
718 if (SSI(ssl)->tlsext_supportedgroups_length !=
719 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
720 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
721 goto err;
722 }
723
724 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
725 tlsext_supportedgroups_client_nistp192and224_val,
726 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
727 FAIL("client had an incorrect Ellipticcurves entry\n");
728 compare_data2(SSI(ssl)->tlsext_supportedgroups,
729 SSI(ssl)->tlsext_supportedgroups_length * 2,
730 tlsext_supportedgroups_client_nistp192and224_val,
731 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
732 goto err;
733 }
734
735 failure = 0;
736
737 err:
738 CBB_cleanup(&cbb);
739 SSL_CTX_free(ssl_ctx);
740 SSL_free(ssl);
741 free(data);
742
743 return (failure);
744}
745
746
747/* elliptic_curves is only used by the client so this doesn't test much. */
748static int
749test_tlsext_supportedgroups_server(void)
750{
751 SSL_CTX *ssl_ctx = NULL;
752 SSL *ssl = NULL;
753 int failure;
754
755 failure = 1;
756
757 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
758 errx(1, "failed to create SSL_CTX");
759 if ((ssl = SSL_new(ssl_ctx)) == NULL)
760 errx(1, "failed to create SSL");
761
762 if (tlsext_supportedgroups_server_needs(ssl)) {
763 FAIL("server should not need elliptic_curves\n");
764 goto err;
765 }
766
767 if ((ssl->session = SSL_SESSION_new()) == NULL)
768 errx(1, "failed to create session");
769
770 if (tlsext_supportedgroups_server_needs(ssl)) {
771 FAIL("server should not need elliptic_curves\n");
772 goto err;
773 }
774
775 failure = 0;
776
777 err:
778 SSL_CTX_free(ssl_ctx);
779 SSL_free(ssl);
780
781 return (failure);
782
783}
784
785/*
786 * Supported Point Formats - RFC 4492 section 5.1.2.
787 *
788 * Examples are from the RFC. Both client and server have the same build and
789 * parse but the needs differ.
790 */
791
792static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
793 TLSEXT_ECPOINTFORMAT_uncompressed
794};
795static uint8_t tlsext_ecpf_hello_uncompressed[] = {
796 0x01,
797 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
798};
799
800static uint8_t tlsext_ecpf_hello_prime[] = {
801 0x01,
802 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
803};
804
805static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
806 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
807 TLSEXT_ECPOINTFORMAT_uncompressed,
808 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
809};
810static uint8_t tlsext_ecpf_hello_prefer_order[] = {
811 0x03,
812 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
813 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
814 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
815};
816
817static int
818test_tlsext_ecpf_client(void)
819{
820 uint8_t *data = NULL;
821 SSL_CTX *ssl_ctx = NULL;
822 SSL *ssl = NULL;
823 size_t dlen;
824 int failure, alert;
825 CBB cbb;
826 CBS cbs;
827
828 failure = 1;
829
830 CBB_init(&cbb, 0);
831
832 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
833 errx(1, "failed to create SSL_CTX");
834 if ((ssl = SSL_new(ssl_ctx)) == NULL)
835 errx(1, "failed to create SSL");
836
837 /*
838 * Default ciphers include EC so we need it by default.
839 */
840 if (!tlsext_ecpf_client_needs(ssl)) {
841 FAIL("client should need ECPointFormats for default "
842 "ciphers\n");
843 goto err;
844 }
845
846 /*
847 * Exclude EC cipher suites so we can test not including it.
848 */
849 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
850 FAIL("client should be able to set cipher list\n");
851 goto err;
852 }
853 if (tlsext_ecpf_client_needs(ssl)) {
854 FAIL("client should not need ECPointFormats\n");
855 goto err;
856 }
857
858 /*
859 * Use libtls default for the rest of the testing
860 */
861 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
862 FAIL("client should be able to set cipher list\n");
863 goto err;
864 }
865 if (!tlsext_ecpf_client_needs(ssl)) {
866 FAIL("client should need ECPointFormats\n");
867 goto err;
868 }
869
870 /*
871 * The default ECPointFormats should only have uncompressed
872 */
873 if ((ssl->session = SSL_SESSION_new()) == NULL)
874 errx(1, "failed to create session");
875
876 if (!tlsext_ecpf_client_build(ssl, &cbb)) {
877 FAIL("client failed to build ECPointFormats\n");
878 goto err;
879 }
880
881 if (!CBB_finish(&cbb, &data, &dlen))
882 errx(1, "failed to finish CBB");
883
884 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
885 FAIL("got client ECPointFormats with length %zu, "
886 "want length %zu\n", dlen,
887 sizeof(tlsext_ecpf_hello_uncompressed));
888 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
889 sizeof(tlsext_ecpf_hello_uncompressed));
890 goto err;
891 }
892
893 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
894 FAIL("client ECPointFormats differs:\n");
895 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
896 sizeof(tlsext_ecpf_hello_uncompressed));
897 goto err;
898 }
899
900 /*
901 * Make sure we can parse the default.
902 */
903 CBB_cleanup(&cbb);
904 CBB_init(&cbb, 0);
905 free(data);
906 data = NULL;
907
908 SSL_SESSION_free(ssl->session);
909 if ((ssl->session = SSL_SESSION_new()) == NULL)
910 errx(1, "failed to create session");
911
912 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
913 sizeof(tlsext_ecpf_hello_uncompressed));
914 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) {
915 FAIL("failed to parse client ECPointFormats\n");
916 goto err;
917 }
918 if (CBS_len(&cbs) != 0) {
919 FAIL("extension data remaining");
920 goto err;
921 }
922
923 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
924 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
925 FAIL("no tlsext_ecpointformats from client "
926 "ECPointFormats\n");
927 goto err;
928 }
929
930 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
931 tlsext_ecpf_hello_uncompressed_val,
932 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
933 FAIL("client had an incorrect ECPointFormats entry\n");
934 goto err;
935 }
936
937 /*
938 * Test with a custom order.
939 */
940 CBB_cleanup(&cbb);
941 CBB_init(&cbb, 0);
942 free(data);
943 data = NULL;
944
945 SSL_SESSION_free(ssl->session);
946 if ((ssl->session = SSL_SESSION_new()) == NULL)
947 errx(1, "failed to create session");
948
949 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
950 FAIL("client could not malloc\n");
951 goto err;
952 }
953 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
954 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
955 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
956 ssl->internal->tlsext_ecpointformatlist_length = 3;
957
958 if (!tlsext_ecpf_client_needs(ssl)) {
959 FAIL("client should need ECPointFormats with a custom "
960 "format\n");
961 goto err;
962 }
963
964 if (!tlsext_ecpf_client_build(ssl, &cbb)) {
965 FAIL("client failed to build ECPointFormats\n");
966 goto err;
967 }
968
969 if (!CBB_finish(&cbb, &data, &dlen))
970 errx(1, "failed to finish CBB");
971
972 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
973 FAIL("got client ECPointFormats with length %zu, "
974 "want length %zu\n", dlen,
975 sizeof(tlsext_ecpf_hello_prefer_order));
976 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
977 sizeof(tlsext_ecpf_hello_prefer_order));
978 goto err;
979 }
980
981 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
982 FAIL("client ECPointFormats differs:\n");
983 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
984 sizeof(tlsext_ecpf_hello_prefer_order));
985 goto err;
986 }
987
988 /*
989 * Make sure that we can parse this custom order.
990 */
991 CBB_cleanup(&cbb);
992 CBB_init(&cbb, 0);
993 free(data);
994 data = NULL;
995
996 SSL_SESSION_free(ssl->session);
997 if ((ssl->session = SSL_SESSION_new()) == NULL)
998 errx(1, "failed to create session");
999
1000 /* Reset the custom list so we go back to the default uncompressed. */
1001 free(ssl->internal->tlsext_ecpointformatlist);
1002 ssl->internal->tlsext_ecpointformatlist = NULL;
1003 ssl->internal->tlsext_ecpointformatlist_length = 0;
1004
1005 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1006 sizeof(tlsext_ecpf_hello_prefer_order));
1007 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) {
1008 FAIL("failed to parse client ECPointFormats\n");
1009 goto err;
1010 }
1011 if (CBS_len(&cbs) != 0) {
1012 FAIL("extension data remaining");
1013 goto err;
1014 }
1015
1016 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1017 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1018 FAIL("no tlsext_ecpointformats from client "
1019 "ECPointFormats\n");
1020 goto err;
1021 }
1022
1023 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1024 tlsext_ecpf_hello_prefer_order_val,
1025 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1026 FAIL("client had an incorrect ECPointFormats entry\n");
1027 goto err;
1028 }
1029
1030
1031 failure = 0;
1032
1033 err:
1034 CBB_cleanup(&cbb);
1035 SSL_CTX_free(ssl_ctx);
1036 SSL_free(ssl);
1037 free(data);
1038
1039 return (failure);
1040}
1041
1042static int
1043test_tlsext_ecpf_server(void)
1044{
1045 uint8_t *data = NULL;
1046 SSL_CTX *ssl_ctx = NULL;
1047 SSL *ssl = NULL;
1048 size_t dlen;
1049 int failure, alert;
1050 CBB cbb;
1051 CBS cbs;
1052
1053 failure = 1;
1054
1055 CBB_init(&cbb, 0);
1056
1057 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1058 errx(1, "failed to create SSL_CTX");
1059 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1060 errx(1, "failed to create SSL");
1061
1062 if ((ssl->session = SSL_SESSION_new()) == NULL)
1063 errx(1, "failed to create session");
1064
1065 /* Setup the state so we can call needs. */
1066 if ((S3I(ssl)->hs.new_cipher =
1067 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1068 == NULL) {
1069 FAIL("server cannot find cipher\n");
1070 goto err;
1071 }
1072 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1073 == NULL) {
1074 FAIL("server could not malloc\n");
1075 goto err;
1076 }
1077 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1078 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1079
1080 if (!tlsext_ecpf_server_needs(ssl)) {
1081 FAIL("server should need ECPointFormats now\n");
1082 goto err;
1083 }
1084
1085 /*
1086 * The server will ignore the session list and use either a custom
1087 * list or the default (uncompressed).
1088 */
1089 if (!tlsext_ecpf_server_build(ssl, &cbb)) {
1090 FAIL("server failed to build ECPointFormats\n");
1091 goto err;
1092 }
1093
1094 if (!CBB_finish(&cbb, &data, &dlen))
1095 errx(1, "failed to finish CBB");
1096
1097 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1098 FAIL("got server ECPointFormats with length %zu, "
1099 "want length %zu\n", dlen,
1100 sizeof(tlsext_ecpf_hello_uncompressed));
1101 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1102 sizeof(tlsext_ecpf_hello_uncompressed));
1103 goto err;
1104 }
1105
1106 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1107 FAIL("server ECPointFormats differs:\n");
1108 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1109 sizeof(tlsext_ecpf_hello_uncompressed));
1110 goto err;
1111 }
1112
1113 /*
1114 * Cannot parse a non-default list without at least uncompressed.
1115 */
1116 CBB_cleanup(&cbb);
1117 CBB_init(&cbb, 0);
1118 free(data);
1119 data = NULL;
1120
1121 SSL_SESSION_free(ssl->session);
1122 if ((ssl->session = SSL_SESSION_new()) == NULL)
1123 errx(1, "failed to create session");
1124
1125 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1126 sizeof(tlsext_ecpf_hello_prime));
1127 if (tlsext_ecpf_client_parse(ssl, &cbs, &alert)) {
1128 FAIL("must include uncompressed in server ECPointFormats\n");
1129 goto err;
1130 }
1131 if (CBS_len(&cbs) != 0) {
1132 FAIL("extension data remaining");
1133 goto err;
1134 }
1135
1136 /*
1137 * Test with a custom order that replaces the default uncompressed.
1138 */
1139 CBB_cleanup(&cbb);
1140 CBB_init(&cbb, 0);
1141 free(data);
1142 data = NULL;
1143
1144 SSL_SESSION_free(ssl->session);
1145 if ((ssl->session = SSL_SESSION_new()) == NULL)
1146 errx(1, "failed to create session");
1147
1148 /* Add a session list even though it will be ignored. */
1149 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1150 == NULL) {
1151 FAIL("server could not malloc\n");
1152 goto err;
1153 }
1154 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1155 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1156
1157 /* Replace the default list with a custom one. */
1158 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1159 FAIL("server could not malloc\n");
1160 goto err;
1161 }
1162 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1163 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1164 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1165 ssl->internal->tlsext_ecpointformatlist_length = 3;
1166
1167 if (!tlsext_ecpf_server_needs(ssl)) {
1168 FAIL("server should need ECPointFormats\n");
1169 goto err;
1170 }
1171
1172 if (!tlsext_ecpf_server_build(ssl, &cbb)) {
1173 FAIL("server failed to build ECPointFormats\n");
1174 goto err;
1175 }
1176
1177 if (!CBB_finish(&cbb, &data, &dlen))
1178 errx(1, "failed to finish CBB");
1179
1180 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1181 FAIL("got server ECPointFormats with length %zu, "
1182 "want length %zu\n", dlen,
1183 sizeof(tlsext_ecpf_hello_prefer_order));
1184 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1185 sizeof(tlsext_ecpf_hello_prefer_order));
1186 goto err;
1187 }
1188
1189 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1190 FAIL("server ECPointFormats differs:\n");
1191 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1192 sizeof(tlsext_ecpf_hello_prefer_order));
1193 goto err;
1194 }
1195
1196 /*
1197 * Should be able to parse the custom list into a session list.
1198 */
1199 CBB_cleanup(&cbb);
1200 CBB_init(&cbb, 0);
1201 free(data);
1202 data = NULL;
1203
1204 SSL_SESSION_free(ssl->session);
1205 if ((ssl->session = SSL_SESSION_new()) == NULL)
1206 errx(1, "failed to create session");
1207
1208 /* Reset back to the default (uncompressed) */
1209 free(ssl->internal->tlsext_ecpointformatlist);
1210 ssl->internal->tlsext_ecpointformatlist = NULL;
1211 ssl->internal->tlsext_ecpointformatlist_length = 0;
1212
1213 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1214 sizeof(tlsext_ecpf_hello_prefer_order));
1215 if (!tlsext_ecpf_client_parse(ssl, &cbs, &alert)) {
1216 FAIL("failed to parse server ECPointFormats\n");
1217 goto err;
1218 }
1219 if (CBS_len(&cbs) != 0) {
1220 FAIL("extension data remaining");
1221 goto err;
1222 }
1223
1224 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1225 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1226 FAIL("no tlsext_ecpointformats from server "
1227 "ECPointFormats\n");
1228 goto err;
1229 }
1230
1231 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1232 tlsext_ecpf_hello_prefer_order_val,
1233 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1234 FAIL("server had an incorrect ECPointFormats entry\n");
1235 goto err;
1236 }
1237
1238 failure = 0;
1239
1240 err:
1241 CBB_cleanup(&cbb);
1242 SSL_CTX_free(ssl_ctx);
1243 SSL_free(ssl);
1244 free(data);
1245
1246 return (failure);
1247}
1248
1249/*
1250 * Renegotiation Indication - RFC 5746.
1251 */
1252
1253static unsigned char tlsext_ri_prev_client[] = {
1254 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1255 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1256};
1257
1258static unsigned char tlsext_ri_prev_server[] = {
1259 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1260 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1261};
1262
1263static unsigned char tlsext_ri_client[] = {
1264 0x10,
1265 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1266 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1267};
1268
1269static unsigned char tlsext_ri_server[] = {
1270 0x20,
1271 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1272 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1273 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1274 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1275};
1276
1277static int
1278test_tlsext_ri_client(void)
1279{
1280 unsigned char *data = NULL;
1281 SSL_CTX *ssl_ctx = NULL;
1282 SSL *ssl = NULL;
1283 int failure;
1284 size_t dlen;
1285 int alert;
1286 CBB cbb;
1287 CBS cbs;
1288
1289 failure = 1;
1290
1291 CBB_init(&cbb, 0);
1292
1293 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1294 errx(1, "failed to create SSL_CTX");
1295 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1296 errx(1, "failed to create SSL");
1297
1298 if (tlsext_ri_client_needs(ssl)) {
1299 FAIL("client should not need RI\n");
1300 goto err;
1301 }
1302
1303 if (!SSL_renegotiate(ssl)) {
1304 FAIL("client failed to set renegotiate\n");
1305 goto err;
1306 }
1307
1308 if (!tlsext_ri_client_needs(ssl)) {
1309 FAIL("client should need RI\n");
1310 goto err;
1311 }
1312
1313 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1314 sizeof(tlsext_ri_prev_client));
1315 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1316
1317 S3I(ssl)->renegotiate_seen = 0;
1318
1319 if (!tlsext_ri_client_build(ssl, &cbb)) {
1320 FAIL("client failed to build RI\n");
1321 goto err;
1322 }
1323
1324 if (!CBB_finish(&cbb, &data, &dlen))
1325 errx(1, "failed to finish CBB");
1326
1327 if (dlen != sizeof(tlsext_ri_client)) {
1328 FAIL("got client RI with length %zu, "
1329 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1330 goto err;
1331 }
1332
1333 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1334 FAIL("client RI differs:\n");
1335 fprintf(stderr, "received:\n");
1336 hexdump(data, dlen);
1337 fprintf(stderr, "test data:\n");
1338 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1339 goto err;
1340 }
1341
1342 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1343 if (!tlsext_ri_server_parse(ssl, &cbs, &alert)) {
1344 FAIL("failed to parse client RI\n");
1345 goto err;
1346 }
1347 if (CBS_len(&cbs) != 0) {
1348 FAIL("extension data remaining");
1349 goto err;
1350 }
1351
1352 if (S3I(ssl)->renegotiate_seen != 1) {
1353 FAIL("renegotiate seen not set\n");
1354 goto err;
1355 }
1356 if (S3I(ssl)->send_connection_binding != 1) {
1357 FAIL("send connection binding not set\n");
1358 goto err;
1359 }
1360
1361 memset(S3I(ssl)->previous_client_finished, 0,
1362 sizeof(S3I(ssl)->previous_client_finished));
1363
1364 S3I(ssl)->renegotiate_seen = 0;
1365
1366 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1367 if (tlsext_ri_server_parse(ssl, &cbs, &alert)) {
1368 FAIL("parsed invalid client RI\n");
1369 failure = 1;
1370 goto err;
1371 }
1372
1373 if (S3I(ssl)->renegotiate_seen == 1) {
1374 FAIL("renegotiate seen set\n");
1375 goto err;
1376 }
1377
1378 failure = 0;
1379
1380 err:
1381 CBB_cleanup(&cbb);
1382 SSL_CTX_free(ssl_ctx);
1383 SSL_free(ssl);
1384 free(data);
1385
1386 return (failure);
1387}
1388
1389static int
1390test_tlsext_ri_server(void)
1391{
1392 unsigned char *data = NULL;
1393 SSL_CTX *ssl_ctx = NULL;
1394 SSL *ssl = NULL;
1395 int failure;
1396 size_t dlen;
1397 int alert;
1398 CBB cbb;
1399 CBS cbs;
1400
1401 failure = 1;
1402
1403 CBB_init(&cbb, 0);
1404
1405 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1406 errx(1, "failed to create SSL_CTX");
1407 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1408 errx(1, "failed to create SSL");
1409
1410 if (tlsext_ri_server_needs(ssl)) {
1411 FAIL("server should not need RI\n");
1412 goto err;
1413 }
1414
1415 S3I(ssl)->send_connection_binding = 1;
1416
1417 if (!tlsext_ri_server_needs(ssl)) {
1418 FAIL("server should need RI\n");
1419 goto err;
1420 }
1421
1422 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1423 sizeof(tlsext_ri_prev_client));
1424 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1425
1426 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
1427 sizeof(tlsext_ri_prev_server));
1428 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1429
1430 S3I(ssl)->renegotiate_seen = 0;
1431
1432 if (!tlsext_ri_server_build(ssl, &cbb)) {
1433 FAIL("server failed to build RI\n");
1434 goto err;
1435 }
1436
1437 if (!CBB_finish(&cbb, &data, &dlen))
1438 errx(1, "failed to finish CBB");
1439
1440 if (dlen != sizeof(tlsext_ri_server)) {
1441 FAIL("got server RI with length %zu, "
1442 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1443 goto err;
1444 }
1445
1446 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1447 FAIL("server RI differs:\n");
1448 fprintf(stderr, "received:\n");
1449 hexdump(data, dlen);
1450 fprintf(stderr, "test data:\n");
1451 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1452 goto err;
1453 }
1454
1455 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1456 if (!tlsext_ri_client_parse(ssl, &cbs, &alert)) {
1457 FAIL("failed to parse server RI\n");
1458 goto err;
1459 }
1460 if (CBS_len(&cbs) != 0) {
1461 FAIL("extension data remaining");
1462 goto err;
1463 }
1464
1465 if (S3I(ssl)->renegotiate_seen != 1) {
1466 FAIL("renegotiate seen not set\n");
1467 goto err;
1468 }
1469 if (S3I(ssl)->send_connection_binding != 1) {
1470 FAIL("send connection binding not set\n");
1471 goto err;
1472 }
1473
1474 memset(S3I(ssl)->previous_client_finished, 0,
1475 sizeof(S3I(ssl)->previous_client_finished));
1476 memset(S3I(ssl)->previous_server_finished, 0,
1477 sizeof(S3I(ssl)->previous_server_finished));
1478
1479 S3I(ssl)->renegotiate_seen = 0;
1480
1481 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1482 if (tlsext_ri_client_parse(ssl, &cbs, &alert)) {
1483 FAIL("parsed invalid server RI\n");
1484 goto err;
1485 }
1486
1487 if (S3I(ssl)->renegotiate_seen == 1) {
1488 FAIL("renegotiate seen set\n");
1489 goto err;
1490 }
1491
1492 failure = 0;
1493
1494 err:
1495 CBB_cleanup(&cbb);
1496 SSL_CTX_free(ssl_ctx);
1497 SSL_free(ssl);
1498 free(data);
1499
1500 return (failure);
1501}
1502
1503/*
1504 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1505 */
1506
1507static unsigned char tlsext_sigalgs_client[] = {
1508 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1509 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
1510 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
1511};
1512
1513static int
1514test_tlsext_sigalgs_client(void)
1515{
1516 unsigned char *data = NULL;
1517 SSL_CTX *ssl_ctx = NULL;
1518 SSL *ssl = NULL;
1519 int failure = 0;
1520 size_t dlen;
1521 int alert;
1522 CBB cbb;
1523 CBS cbs;
1524
1525 CBB_init(&cbb, 0);
1526
1527 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1528 errx(1, "failed to create SSL_CTX");
1529 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1530 errx(1, "failed to create SSL");
1531
1532 ssl->client_version = TLS1_1_VERSION;
1533
1534 if (tlsext_sigalgs_client_needs(ssl)) {
1535 fprintf(stderr, "FAIL: client should not need sigalgs\n");
1536 failure = 1;
1537 goto done;
1538 }
1539
1540 ssl->client_version = TLS1_2_VERSION;
1541
1542 if (!tlsext_sigalgs_client_needs(ssl)) {
1543 fprintf(stderr, "FAIL: client should need sigalgs\n");
1544 failure = 1;
1545 goto done;
1546 }
1547
1548 if (!tlsext_sigalgs_client_build(ssl, &cbb)) {
1549 fprintf(stderr, "FAIL: client failed to build sigalgs\n");
1550 failure = 1;
1551 goto done;
1552 }
1553
1554 if (!CBB_finish(&cbb, &data, &dlen))
1555 errx(1, "failed to finish CBB");
1556
1557 if (dlen != sizeof(tlsext_sigalgs_client)) {
1558 fprintf(stderr, "FAIL: got client sigalgs with length %zu, "
1559 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1560 failure = 1;
1561 goto done;
1562 }
1563
1564 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1565 fprintf(stderr, "FAIL: client SNI differs:\n");
1566 fprintf(stderr, "received:\n");
1567 hexdump(data, dlen);
1568 fprintf(stderr, "test data:\n");
1569 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1570 failure = 1;
1571 goto done;
1572 }
1573
1574 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1575 if (!tlsext_sigalgs_server_parse(ssl, &cbs, &alert)) {
1576 fprintf(stderr, "FAIL: failed to parse client SNI\n");
1577 failure = 1;
1578 goto done;
1579 }
1580 if (CBS_len(&cbs) != 0) {
1581 FAIL("extension data remaining");
1582 goto done;
1583 }
1584
1585 done:
1586 CBB_cleanup(&cbb);
1587 SSL_CTX_free(ssl_ctx);
1588 SSL_free(ssl);
1589 free(data);
1590
1591 return (failure);
1592}
1593
1594static int
1595test_tlsext_sigalgs_server(void)
1596{
1597 unsigned char *data = NULL;
1598 SSL_CTX *ssl_ctx = NULL;
1599 SSL *ssl = NULL;
1600 int failure = 0;
1601 size_t dlen;
1602 int alert;
1603 CBB cbb;
1604 CBS cbs;
1605
1606 CBB_init(&cbb, 0);
1607
1608 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1609 errx(1, "failed to create SSL_CTX");
1610 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1611 errx(1, "failed to create SSL");
1612
1613 if (tlsext_sigalgs_server_needs(ssl)) {
1614 fprintf(stderr, "FAIL: server should not need sigalgs\n");
1615 failure = 1;
1616 goto done;
1617 }
1618
1619 if (tlsext_sigalgs_server_build(ssl, &cbb)) {
1620 fprintf(stderr, "FAIL: server should not build sigalgs\n");
1621 failure = 1;
1622 goto done;
1623 }
1624
1625 if (!CBB_finish(&cbb, &data, &dlen))
1626 errx(1, "failed to finish CBB");
1627
1628 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1629 if (tlsext_sigalgs_client_parse(ssl, &cbs, &alert)) {
1630 fprintf(stderr, "FAIL: server should not parse sigalgs\n");
1631 failure = 1;
1632 goto done;
1633 }
1634
1635 done:
1636 CBB_cleanup(&cbb);
1637 SSL_CTX_free(ssl_ctx);
1638 SSL_free(ssl);
1639 free(data);
1640
1641 return (failure);
1642}
1643
1644/*
1645 * Server Name Indication - RFC 6066 section 3.
1646 */
1647
1648#define TEST_SNI_SERVERNAME "www.libressl.org"
1649
1650static unsigned char tlsext_sni_client[] = {
1651 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1652 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1653 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1654};
1655
1656static unsigned char tlsext_sni_server[] = {
1657};
1658
1659static int
1660test_tlsext_sni_client(void)
1661{
1662 unsigned char *data = NULL;
1663 SSL_CTX *ssl_ctx = NULL;
1664 SSL *ssl = NULL;
1665 int failure;
1666 size_t dlen;
1667 int alert;
1668 CBB cbb;
1669 CBS cbs;
1670
1671 failure = 1;
1672
1673 CBB_init(&cbb, 0);
1674
1675 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1676 errx(1, "failed to create SSL_CTX");
1677 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1678 errx(1, "failed to create SSL");
1679
1680 if (tlsext_sni_client_needs(ssl)) {
1681 FAIL("client should not need SNI\n");
1682 goto err;
1683 }
1684
1685 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1686 FAIL("client failed to set server name\n");
1687 goto err;
1688 }
1689
1690 if (!tlsext_sni_client_needs(ssl)) {
1691 FAIL("client should need SNI\n");
1692 goto err;
1693 }
1694
1695 if (!tlsext_sni_client_build(ssl, &cbb)) {
1696 FAIL("client failed to build SNI\n");
1697 goto err;
1698 }
1699
1700 if (!CBB_finish(&cbb, &data, &dlen))
1701 errx(1, "failed to finish CBB");
1702
1703 if (dlen != sizeof(tlsext_sni_client)) {
1704 FAIL("got client SNI with length %zu, "
1705 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1706 goto err;
1707 }
1708
1709 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1710 FAIL("client SNI differs:\n");
1711 fprintf(stderr, "received:\n");
1712 hexdump(data, dlen);
1713 fprintf(stderr, "test data:\n");
1714 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1715 goto err;
1716 }
1717
1718 if ((ssl->session = SSL_SESSION_new()) == NULL)
1719 errx(1, "failed to create session");
1720
1721 ssl->internal->hit = 0;
1722
1723 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1724 if (!tlsext_sni_server_parse(ssl, &cbs, &alert)) {
1725 FAIL("failed to parse client SNI\n");
1726 goto err;
1727 }
1728 if (CBS_len(&cbs) != 0) {
1729 FAIL("extension data remaining");
1730 goto err;
1731 }
1732
1733 if (ssl->session->tlsext_hostname == NULL) {
1734 FAIL("no tlsext_hostname from client SNI\n");
1735 goto err;
1736 }
1737
1738 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1739 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1740 strlen(TEST_SNI_SERVERNAME)) != 0) {
1741 FAIL("got tlsext_hostname `%s', want `%s'\n",
1742 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1743 goto err;
1744 }
1745
1746 ssl->internal->hit = 1;
1747
1748 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1749 NULL)
1750 errx(1, "failed to strdup tlsext_hostname");
1751
1752 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1753 if (tlsext_sni_server_parse(ssl, &cbs, &alert)) {
1754 FAIL("parsed client with mismatched SNI\n");
1755 goto err;
1756 }
1757
1758 failure = 0;
1759
1760 err:
1761 CBB_cleanup(&cbb);
1762 SSL_CTX_free(ssl_ctx);
1763 SSL_free(ssl);
1764 free(data);
1765
1766 return (failure);
1767}
1768
1769static int
1770test_tlsext_sni_server(void)
1771{
1772 unsigned char *data = NULL;
1773 SSL_CTX *ssl_ctx = NULL;
1774 SSL *ssl = NULL;
1775 int failure;
1776 size_t dlen;
1777 int alert;
1778 CBB cbb;
1779 CBS cbs;
1780
1781 failure = 1;
1782
1783 CBB_init(&cbb, 0);
1784
1785 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1786 errx(1, "failed to create SSL_CTX");
1787 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1788 errx(1, "failed to create SSL");
1789
1790 if ((ssl->session = SSL_SESSION_new()) == NULL)
1791 errx(1, "failed to create session");
1792
1793 if (tlsext_sni_server_needs(ssl)) {
1794 FAIL("server should not need SNI\n");
1795 goto err;
1796 }
1797
1798 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1799 FAIL("client failed to set server name\n");
1800 goto err;
1801 }
1802
1803 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1804 NULL)
1805 errx(1, "failed to strdup tlsext_hostname");
1806
1807 if (!tlsext_sni_server_needs(ssl)) {
1808 FAIL("server should need SNI\n");
1809 goto err;
1810 }
1811
1812 if (!tlsext_sni_server_build(ssl, &cbb)) {
1813 FAIL("server failed to build SNI\n");
1814 goto err;
1815 }
1816
1817 if (!CBB_finish(&cbb, &data, &dlen))
1818 errx(1, "failed to finish CBB");
1819
1820 if (dlen != sizeof(tlsext_sni_server)) {
1821 FAIL("got server SNI with length %zu, "
1822 "want length %zu\n", dlen, sizeof(tlsext_sni_server));
1823 goto err;
1824 }
1825
1826 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1827 FAIL("server SNI differs:\n");
1828 fprintf(stderr, "received:\n");
1829 hexdump(data, dlen);
1830 fprintf(stderr, "test data:\n");
1831 hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
1832 goto err;
1833 }
1834
1835 free(ssl->session->tlsext_hostname);
1836 ssl->session->tlsext_hostname = NULL;
1837
1838 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
1839 if (!tlsext_sni_client_parse(ssl, &cbs, &alert)) {
1840 FAIL("failed to parse server SNI\n");
1841 goto err;
1842 }
1843 if (CBS_len(&cbs) != 0) {
1844 FAIL("extension data remaining");
1845 goto err;
1846 }
1847
1848 if (ssl->session->tlsext_hostname == NULL) {
1849 FAIL("no tlsext_hostname after server SNI\n");
1850 goto err;
1851 }
1852
1853 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1854 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1855 strlen(TEST_SNI_SERVERNAME)) != 0) {
1856 FAIL("got tlsext_hostname `%s', want `%s'\n",
1857 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1858 goto err;
1859 }
1860
1861 failure = 0;
1862
1863 err:
1864 CBB_cleanup(&cbb);
1865 SSL_CTX_free(ssl_ctx);
1866 SSL_free(ssl);
1867 free(data);
1868
1869 return (failure);
1870}
1871
1872static unsigned char tls_ocsp_client_default[] = {
1873 0x01, 0x00, 0x00, 0x00, 0x00
1874};
1875
1876static int
1877test_tlsext_ocsp_client(void)
1878{
1879 unsigned char *data = NULL;
1880 SSL_CTX *ssl_ctx = NULL;
1881 SSL *ssl = NULL;
1882 size_t dlen;
1883 int failure;
1884 int alert;
1885 CBB cbb;
1886 CBS cbs;
1887
1888 failure = 1;
1889
1890 CBB_init(&cbb, 0);
1891
1892 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1893 errx(1, "failed to create SSL_CTX");
1894 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1895 errx(1, "failed to create SSL");
1896
1897 if (tlsext_ocsp_client_needs(ssl)) {
1898 FAIL("client should not need ocsp\n");
1899 goto err;
1900 }
1901 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
1902
1903 if (!tlsext_ocsp_client_needs(ssl)) {
1904 FAIL("client should need ocsp\n");
1905 goto err;
1906 }
1907 if (!tlsext_ocsp_client_build(ssl, &cbb)) {
1908 FAIL("client failed to build SNI\n");
1909 goto err;
1910 }
1911 if (!CBB_finish(&cbb, &data, &dlen))
1912 errx(1, "failed to finish CBB");
1913
1914 if (dlen != sizeof(tls_ocsp_client_default)) {
1915 FAIL("got ocsp client with length %zu, "
1916 "want length %zu\n", dlen,
1917 sizeof(tls_ocsp_client_default));
1918 goto err;
1919 }
1920 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
1921 FAIL("ocsp client differs:\n");
1922 fprintf(stderr, "received:\n");
1923 hexdump(data, dlen);
1924 fprintf(stderr, "test data:\n");
1925 hexdump(tls_ocsp_client_default,
1926 sizeof(tls_ocsp_client_default));
1927 goto err;
1928 }
1929 CBS_init(&cbs, tls_ocsp_client_default,
1930 sizeof(tls_ocsp_client_default));
1931 if (!tlsext_ocsp_server_parse(ssl, &cbs, &alert)) {
1932 FAIL("failed to parse ocsp client\n");
1933 goto err;
1934 }
1935 if (CBS_len(&cbs) != 0) {
1936 FAIL("extension data remaining");
1937 goto err;
1938 }
1939
1940 failure = 0;
1941
1942 err:
1943 CBB_cleanup(&cbb);
1944 SSL_CTX_free(ssl_ctx);
1945 SSL_free(ssl);
1946 free(data);
1947
1948 return (failure);
1949}
1950
1951static int
1952test_tlsext_ocsp_server(void)
1953{
1954 unsigned char *data = NULL;
1955 SSL_CTX *ssl_ctx = NULL;
1956 SSL *ssl = NULL;
1957 size_t dlen;
1958 int failure;
1959 CBB cbb;
1960
1961 failure = 1;
1962
1963 CBB_init(&cbb, 0);
1964
1965 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1966 errx(1, "failed to create SSL_CTX");
1967 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1968 errx(1, "failed to create SSL");
1969
1970 if (tlsext_ocsp_server_needs(ssl)) {
1971 FAIL("server should not need ocsp\n");
1972 goto err;
1973 }
1974
1975 ssl->internal->tlsext_status_expected = 1;
1976
1977 if (!tlsext_ocsp_server_needs(ssl)) {
1978 FAIL("server should need ocsp\n");
1979 goto err;
1980 }
1981 if (!tlsext_ocsp_server_build(ssl, &cbb)) {
1982 FAIL("server failed to build ocsp\n");
1983 goto err;
1984 }
1985
1986 if (!CBB_finish(&cbb, &data, &dlen))
1987 errx(1, "failed to finish CBB");
1988
1989 failure = 0;
1990
1991 err:
1992 CBB_cleanup(&cbb);
1993 SSL_CTX_free(ssl_ctx);
1994 SSL_free(ssl);
1995 free(data);
1996
1997 return (failure);
1998}
1999
2000/*
2001 * Session ticket - RFC 5077 since no known implementations use 4507.
2002 *
2003 * Session tickets can be length 0 (special case) to 2^16-1.
2004 *
2005 * The state is encrypted by the server so it is opaque to the client.
2006 */
2007static uint8_t tlsext_sessionticket_hello_min[1];
2008static uint8_t tlsext_sessionticket_hello_max[65535];
2009
2010static int
2011test_tlsext_sessionticket_client(void)
2012{
2013 unsigned char *data = NULL;
2014 SSL_CTX *ssl_ctx = NULL;
2015 SSL *ssl = NULL;
2016 int failure;
2017 CBB cbb;
2018 size_t dlen;
2019 uint8_t dummy[1234];
2020
2021 failure = 1;
2022
2023 CBB_init(&cbb, 0);
2024
2025 /* Create fake session tickets with random data. */
2026 arc4random_buf(tlsext_sessionticket_hello_min,
2027 sizeof(tlsext_sessionticket_hello_min));
2028 arc4random_buf(tlsext_sessionticket_hello_max,
2029 sizeof(tlsext_sessionticket_hello_max));
2030
2031 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2032 errx(1, "failed to create SSL_CTX");
2033 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2034 errx(1, "failed to create SSL");
2035
2036 /* Should need a ticket by default. */
2037 if (!tlsext_sessionticket_client_needs(ssl)) {
2038 FAIL("client should need Sessionticket for default "
2039 "ciphers\n");
2040 goto err;
2041 }
2042
2043 /* Test disabling tickets. */
2044 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2045 FAIL("Cannot disable tickets in the TLS connection");
2046 return 0;
2047 }
2048 if (tlsext_sessionticket_client_needs(ssl)) {
2049 FAIL("client should not need SessionTicket if it was disabled");
2050 goto err;
2051 }
2052
2053 /* Test re-enabling tickets. */
2054 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2055 FAIL("Cannot re-enable tickets in the TLS connection");
2056 return 0;
2057 }
2058 if (!tlsext_sessionticket_client_needs(ssl)) {
2059 FAIL("client should need SessionTicket if it was disabled");
2060 goto err;
2061 }
2062
2063 /* Since we don't have a session, we should build an empty ticket. */
2064 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2065 FAIL("Cannot build a ticket");
2066 goto err;
2067 }
2068 if (!CBB_finish(&cbb, &data, &dlen)) {
2069 FAIL("Cannot finish CBB");
2070 goto err;
2071 }
2072 if (dlen != 0) {
2073 FAIL("Expected 0 length but found %zu\n", dlen);
2074 goto err;
2075 }
2076
2077 CBB_cleanup(&cbb);
2078 CBB_init(&cbb, 0);
2079 free(data);
2080 data = NULL;
2081
2082 /* With a new session (but no ticket), we should still have 0 length */
2083 if ((ssl->session = SSL_SESSION_new()) == NULL)
2084 errx(1, "failed to create session");
2085 if (!tlsext_sessionticket_client_needs(ssl)) {
2086 FAIL("Should still want a session ticket with a new session");
2087 goto err;
2088 }
2089 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2090 FAIL("Cannot build a ticket");
2091 goto err;
2092 }
2093 if (!CBB_finish(&cbb, &data, &dlen)) {
2094 FAIL("Cannot finish CBB");
2095 goto err;
2096 }
2097 if (dlen != 0) {
2098 FAIL("Expected 0 length but found %zu\n", dlen);
2099 goto err;
2100 }
2101
2102 CBB_cleanup(&cbb);
2103 CBB_init(&cbb, 0);
2104 free(data);
2105 data = NULL;
2106
2107 /* With a new session (and ticket), we should use that ticket */
2108 SSL_SESSION_free(ssl->session);
2109 if ((ssl->session = SSL_SESSION_new()) == NULL)
2110 errx(1, "failed to create session");
2111
2112 arc4random_buf(&dummy, sizeof(dummy));
2113 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2114 errx(1, "failed to malloc");
2115 }
2116 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2117 ssl->session->tlsext_ticklen = sizeof(dummy);
2118
2119 if (!tlsext_sessionticket_client_needs(ssl)) {
2120 FAIL("Should still want a session ticket with a new session");
2121 goto err;
2122 }
2123 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2124 FAIL("Cannot build a ticket");
2125 goto err;
2126 }
2127 if (!CBB_finish(&cbb, &data, &dlen)) {
2128 FAIL("Cannot finish CBB");
2129 goto err;
2130 }
2131 if (dlen != sizeof(dummy)) {
2132 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2133 goto err;
2134 }
2135 if (memcmp(data, dummy, dlen) != 0) {
2136 FAIL("server SNI differs:\n");
2137 compare_data(data, dlen,
2138 dummy, sizeof(dummy));
2139 goto err;
2140 }
2141
2142 CBB_cleanup(&cbb);
2143 CBB_init(&cbb, 0);
2144 free(data);
2145 data = NULL;
2146 free(ssl->session->tlsext_tick);
2147 ssl->session->tlsext_tick = NULL;
2148 ssl->session->tlsext_ticklen = 0;
2149
2150 /*
2151 * Send in NULL to disable session tickets at runtime without going
2152 * through SSL_set_options().
2153 */
2154 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2155 FAIL("Could not set a NULL custom ticket");
2156 goto err;
2157 }
2158 /* Should not need a ticket in this case */
2159 if (tlsext_sessionticket_client_needs(ssl)) {
2160 FAIL("Should not want to use session tickets with a NULL custom");
2161 goto err;
2162 }
2163
2164 /*
2165 * If you want to remove the tlsext_session_ticket behavior, you have
2166 * to do it manually.
2167 */
2168 free(ssl->internal->tlsext_session_ticket);
2169 ssl->internal->tlsext_session_ticket = NULL;
2170
2171 if (!tlsext_sessionticket_client_needs(ssl)) {
2172 FAIL("Should need a session ticket again when the custom one is removed");
2173 goto err;
2174 }
2175
2176 /* Test a custom session ticket (not recommended in practice) */
2177 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2178 sizeof(tlsext_sessionticket_hello_max))) {
2179 FAIL("Should be able to set a custom ticket");
2180 goto err;
2181 }
2182 if (!tlsext_sessionticket_client_needs(ssl)) {
2183 FAIL("Should need a session ticket again when the custom one is not empty");
2184 goto err;
2185 }
2186 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2187 FAIL("Cannot build a ticket with a max length random payload");
2188 goto err;
2189 }
2190 if (!CBB_finish(&cbb, &data, &dlen)) {
2191 FAIL("Cannot finish CBB");
2192 goto err;
2193 }
2194 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2195 FAIL("Expected %zu length but found %zu\n",
2196 sizeof(tlsext_sessionticket_hello_max), dlen);
2197 goto err;
2198 }
2199 if (memcmp(data, tlsext_sessionticket_hello_max,
2200 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2201 FAIL("Expected to get what we passed in");
2202 compare_data(data, dlen,
2203 tlsext_sessionticket_hello_max,
2204 sizeof(tlsext_sessionticket_hello_max));
2205 goto err;
2206 }
2207
2208 failure = 0;
2209
2210 err:
2211 CBB_cleanup(&cbb);
2212 SSL_CTX_free(ssl_ctx);
2213 SSL_free(ssl);
2214 free(data);
2215
2216 return (failure);
2217}
2218
2219
2220static int
2221test_tlsext_sessionticket_server(void)
2222{
2223 SSL_CTX *ssl_ctx = NULL;
2224 SSL *ssl = NULL;
2225 int failure;
2226 uint8_t *data;
2227 size_t dlen;
2228 CBB cbb;
2229
2230 CBB_init(&cbb, 0);
2231
2232 failure = 1;
2233
2234 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2235 errx(1, "failed to create SSL_CTX");
2236 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2237 errx(1, "failed to create SSL");
2238
2239 /*
2240 * By default, should not need a session ticket since the ticket
2241 * is not yet expected.
2242 */
2243 if (tlsext_sessionticket_server_needs(ssl)) {
2244 FAIL("server should not need SessionTicket by default\n");
2245 goto err;
2246 }
2247
2248 /* Test disabling tickets. */
2249 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2250 FAIL("Cannot disable tickets in the TLS connection");
2251 return 0;
2252 }
2253 if (tlsext_sessionticket_server_needs(ssl)) {
2254 FAIL("server should not need SessionTicket if it was disabled");
2255 goto err;
2256 }
2257
2258 /* Test re-enabling tickets. */
2259 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2260 FAIL("Cannot re-enable tickets in the TLS connection");
2261 return 0;
2262 }
2263 if (tlsext_sessionticket_server_needs(ssl)) {
2264 FAIL("server should not need SessionTicket yet");
2265 goto err;
2266 }
2267
2268 /* Set expected to require it. */
2269 ssl->internal->tlsext_ticket_expected = 1;
2270 if (!tlsext_sessionticket_server_needs(ssl)) {
2271 FAIL("server should now be required for SessionTicket");
2272 goto err;
2273 }
2274
2275 /* server hello's session ticket should always be 0 length payload. */
2276 if (!tlsext_sessionticket_server_build(ssl, &cbb)) {
2277 FAIL("Cannot build a ticket with a max length random payload");
2278 goto err;
2279 }
2280 if (!CBB_finish(&cbb, &data, &dlen)) {
2281 FAIL("Cannot finish CBB");
2282 goto err;
2283 }
2284 if (dlen != 0) {
2285 FAIL("Expected 0 length but found %zu\n", dlen);
2286 goto err;
2287 }
2288
2289 failure = 0;
2290
2291 err:
2292 SSL_CTX_free(ssl_ctx);
2293 SSL_free(ssl);
2294
2295 return (failure);
2296}
2297
2298#ifndef OPENSSL_NO_SRTP
2299/*
2300 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2301 */
2302
2303/* Colon separated string values */
2304const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2305const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2306
2307const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2308const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2309
2310const uint8_t tlsext_srtp_single[] = {
2311 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2312 0x00, 0x02, /* len */
2313 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2314 0x00 /* opaque srtp_mki<0..255> */
2315};
2316
2317const uint8_t tlsext_srtp_multiple[] = {
2318 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2319 0x00, 0x04, /* len */
2320 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2321 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2322 0x00 /* opaque srtp_mki<0..255> */
2323};
2324
2325const uint8_t tlsext_srtp_multiple_invalid[] = {
2326 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2327 0x00, 0x04, /* len */
2328 0x00, 0x08, /* arbitrary value not found in known profiles */
2329 0x00, 0x09, /* arbitrary value not found in known profiles */
2330 0x00 /* opaque srtp_mki<0..255> */
2331};
2332
2333const uint8_t tlsext_srtp_single_invalid[] = {
2334 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2335 0x00, 0x02, /* len */
2336 0x00, 0x08, /* arbitrary value not found in known profiles */
2337 0x00 /* opaque srtp_mki<0..255> */
2338};
2339
2340const uint8_t tlsext_srtp_multiple_one_valid[] = {
2341 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2342 0x00, 0x04, /* len */
2343 0x00, 0x08, /* arbitrary value not found in known profiles */
2344 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2345 0x00 /* opaque srtp_mki<0..255> */
2346};
2347
2348static int
2349test_tlsext_srtp_client(void)
2350{
2351 SRTP_PROTECTION_PROFILE *prof;
2352 SSL_CTX *ssl_ctx = NULL;
2353 SSL *ssl = NULL;
2354 uint8_t *data = NULL;
2355 CBB cbb;
2356 CBS cbs;
2357 int failure, alert;
2358 size_t dlen;
2359
2360 CBB_init(&cbb, 0);
2361
2362 failure = 1;
2363
2364 /* SRTP is for DTLS */
2365 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2366 errx(1, "failed to create SSL_CTX");
2367 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2368 errx(1, "failed to create SSL");
2369
2370 /* By default, we don't need this */
2371 if (tlsext_srtp_client_needs(ssl)) {
2372 FAIL("client should not need SRTP by default\n");
2373 goto err;
2374 }
2375
2376 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2377 FAIL("should be able to set a single SRTP\n");
2378 goto err;
2379 }
2380 if (!tlsext_srtp_client_needs(ssl)) {
2381 FAIL("client should need SRTP\n");
2382 goto err;
2383 }
2384
2385 /* Make sure we can build the client with a single profile. */
2386
2387 if (!tlsext_srtp_client_build(ssl, &cbb)) {
2388 FAIL("client failed to build SRTP\n");
2389 goto err;
2390 }
2391 if (!CBB_finish(&cbb, &data, &dlen))
2392 errx(1, "failed to finish CBB");
2393
2394 if (dlen != sizeof(tlsext_srtp_single)) {
2395 FAIL("got client SRTP with length %zu, "
2396 "want length %zu\n", dlen,
2397 sizeof(tlsext_srtp_single));
2398 compare_data(data, dlen, tlsext_srtp_single,
2399 sizeof(tlsext_srtp_single));
2400 goto err;
2401 }
2402 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2403 FAIL("client SRTP differs:\n");
2404 compare_data(data, dlen, tlsext_srtp_single,
2405 sizeof(tlsext_srtp_single));
2406 goto err;
2407 }
2408
2409 CBB_cleanup(&cbb);
2410 CBB_init(&cbb, 0);
2411 free(data);
2412 data = NULL;
2413
2414 /* Make sure we can parse the single profile. */
2415
2416 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2417 FAIL("SRTP profile should not be set yet\n");
2418 goto err;
2419 }
2420
2421 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2422 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2423 FAIL("failed to parse SRTP\n");
2424 goto err;
2425 }
2426 if (CBS_len(&cbs) != 0) {
2427 FAIL("extension data remaining");
2428 goto err;
2429 }
2430
2431 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2432 FAIL("SRTP profile should be set now\n");
2433 goto err;
2434 }
2435 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2436 FAIL("SRTP profile was not set properly\n");
2437 goto err;
2438 }
2439
2440 if (!tlsext_srtp_server_needs(ssl)) {
2441 FAIL("should send server extension when profile selected\n");
2442 goto err;
2443 }
2444
2445 /* Make sure we can build the clienthello with multiple entries. */
2446
2447 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2448 FAIL("should be able to set SRTP to multiple profiles\n");
2449 goto err;
2450 }
2451 if (!tlsext_srtp_client_needs(ssl)) {
2452 FAIL("client should need SRTP by now\n");
2453 goto err;
2454 }
2455
2456 if (!tlsext_srtp_client_build(ssl, &cbb)) {
2457 FAIL("client failed to build SRTP\n");
2458 goto err;
2459 }
2460 if (!CBB_finish(&cbb, &data, &dlen))
2461 errx(1, "failed to finish CBB");
2462
2463 if (dlen != sizeof(tlsext_srtp_multiple)) {
2464 FAIL("got client SRTP with length %zu, "
2465 "want length %zu\n", dlen,
2466 sizeof(tlsext_srtp_multiple));
2467 compare_data(data, dlen, tlsext_srtp_multiple,
2468 sizeof(tlsext_srtp_multiple));
2469 goto err;
2470 }
2471 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2472 FAIL("client SRTP differs:\n");
2473 compare_data(data, dlen, tlsext_srtp_multiple,
2474 sizeof(tlsext_srtp_multiple));
2475 goto err;
2476 }
2477
2478 CBB_cleanup(&cbb);
2479 CBB_init(&cbb, 0);
2480 free(data);
2481 data = NULL;
2482
2483 /* Make sure we can parse multiple profiles (selects server preferred) */
2484
2485 ssl->internal->srtp_profile = NULL;
2486
2487 CBS_init(&cbs, tlsext_srtp_multiple,
2488 sizeof(tlsext_srtp_multiple));
2489 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2490 FAIL("failed to parse SRTP\n");
2491 goto err;
2492 }
2493 if (CBS_len(&cbs) != 0) {
2494 FAIL("extension data remaining");
2495 goto err;
2496 }
2497
2498 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2499 FAIL("SRTP profile should be set now\n");
2500 goto err;
2501 }
2502 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2503 FAIL("SRTP profile was not set properly\n");
2504 goto err;
2505 }
2506
2507 if (!tlsext_srtp_server_needs(ssl)) {
2508 FAIL("should send server extension when profile selected\n");
2509 goto err;
2510 }
2511
2512 /*
2513 * Make sure we can parse the clienthello with multiple entries
2514 * where one is unknown.
2515 */
2516 ssl->internal->srtp_profile = NULL;
2517
2518 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2519 sizeof(tlsext_srtp_multiple_one_valid));
2520 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2521 FAIL("failed to parse SRTP\n");
2522 goto err;
2523 }
2524 if (CBS_len(&cbs) != 0) {
2525 FAIL("extension data remaining");
2526 goto err;
2527 }
2528
2529 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2530 FAIL("SRTP profile should be set now\n");
2531 goto err;
2532 }
2533 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
2534 FAIL("SRTP profile was not set properly\n");
2535 goto err;
2536 }
2537
2538 if (!tlsext_srtp_server_needs(ssl)) {
2539 FAIL("should send server extension when profile selected\n");
2540 goto err;
2541 }
2542
2543 /* Make sure we fall back to negotiated when none work. */
2544
2545 ssl->internal->srtp_profile = NULL;
2546
2547 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
2548 sizeof(tlsext_srtp_multiple_invalid));
2549 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2550 FAIL("should be able to fall back to negotiated\n");
2551 goto err;
2552 }
2553 if (CBS_len(&cbs) != 0) {
2554 FAIL("extension data remaining");
2555 goto err;
2556 }
2557
2558 /* If we fallback, the server should NOT send the extension. */
2559 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2560 FAIL("should not have selected a profile when none found\n");
2561 goto err;
2562 }
2563 if (tlsext_srtp_server_needs(ssl)) {
2564 FAIL("should not send server tlsext when no profile found\n");
2565 goto err;
2566 }
2567
2568 failure = 0;
2569
2570 err:
2571 CBB_cleanup(&cbb);
2572 SSL_CTX_free(ssl_ctx);
2573 SSL_free(ssl);
2574 free(data);
2575
2576 return (failure);
2577}
2578
2579static int
2580test_tlsext_srtp_server(void)
2581{
2582 SRTP_PROTECTION_PROFILE *prof;
2583 SSL_CTX *ssl_ctx = NULL;
2584 SSL *ssl = NULL;
2585 uint8_t *data = NULL;
2586 CBB cbb;
2587 CBS cbs;
2588 int failure, alert;
2589 size_t dlen;
2590
2591 CBB_init(&cbb, 0);
2592
2593 failure = 1;
2594
2595 /* SRTP is for DTLS */
2596 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2597 errx(1, "failed to create SSL_CTX");
2598 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2599 errx(1, "failed to create SSL");
2600
2601 /* By default, we don't need this */
2602 if (tlsext_srtp_server_needs(ssl)) {
2603 FAIL("server should not need SRTP by default\n");
2604 goto err;
2605 }
2606
2607 if (srtp_find_profile_by_name((char *)tlsext_srtp_aes128cmsha80, &prof,
2608 strlen(tlsext_srtp_aes128cmsha80))) {
2609 FAIL("should be able to find the given profile\n");
2610 goto err;
2611 }
2612 ssl->internal->srtp_profile = prof;
2613 if (!tlsext_srtp_server_needs(ssl)) {
2614 FAIL("server should need SRTP by now\n");
2615 goto err;
2616 }
2617
2618 /* Make sure we can build the server with a single profile. */
2619
2620 if (!tlsext_srtp_server_build(ssl, &cbb)) {
2621 FAIL("server failed to build SRTP\n");
2622 goto err;
2623 }
2624 if (!CBB_finish(&cbb, &data, &dlen))
2625 errx(1, "failed to finish CBB");
2626
2627 if (dlen != sizeof(tlsext_srtp_single)) {
2628 FAIL("got server SRTP with length %zu, "
2629 "want length %zu\n", dlen,
2630 sizeof(tlsext_srtp_single));
2631 compare_data(data, dlen, tlsext_srtp_single,
2632 sizeof(tlsext_srtp_single));
2633 goto err;
2634 }
2635 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2636 FAIL("server SRTP differs:\n");
2637 compare_data(data, dlen, tlsext_srtp_single,
2638 sizeof(tlsext_srtp_single));
2639 goto err;
2640 }
2641
2642 CBB_cleanup(&cbb);
2643 CBB_init(&cbb, 0);
2644 free(data);
2645 data = NULL;
2646
2647 /* Make sure we can parse the single profile. */
2648 ssl->internal->srtp_profile = NULL;
2649
2650 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2651 FAIL("SRTP profile should not be set yet\n");
2652 goto err;
2653 }
2654
2655 /* Setup the environment as if a client sent a list of profiles. */
2656 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2657 FAIL("should be able to set multiple profiles in SRTP\n");
2658 goto err;
2659 }
2660
2661 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2662 if (!tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2663 FAIL("failed to parse SRTP\n");
2664 goto err;
2665 }
2666 if (CBS_len(&cbs) != 0) {
2667 FAIL("extension data remaining");
2668 goto err;
2669 }
2670
2671 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2672 FAIL("SRTP profile should be set now\n");
2673 goto err;
2674 }
2675 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2676 FAIL("SRTP profile was not set properly\n");
2677 goto err;
2678 }
2679
2680 /* Make sure we cannot parse multiple profiles */
2681 ssl->internal->srtp_profile = NULL;
2682
2683 CBS_init(&cbs, tlsext_srtp_multiple,
2684 sizeof(tlsext_srtp_multiple));
2685 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2686 FAIL("should not find multiple entries from the server\n");
2687 goto err;
2688 }
2689
2690 /* Make sure we cannot parse a server with unknown profile */
2691 ssl->internal->srtp_profile = NULL;
2692
2693 CBS_init(&cbs, tlsext_srtp_single_invalid,
2694 sizeof(tlsext_srtp_single_invalid));
2695 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2696 FAIL("should not be able to parse this\n");
2697 goto err;
2698 }
2699
2700 failure = 0;
2701
2702 err:
2703 CBB_cleanup(&cbb);
2704 SSL_CTX_free(ssl_ctx);
2705 SSL_free(ssl);
2706 free(data);
2707
2708 return (failure);
2709}
2710#endif /* OPENSSL_NO_SRTP */
2711
2712unsigned char tlsext_clienthello_default[] = {
2713 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
2714 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
2715 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
2716 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
2717 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
2718 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
2719 0x02, 0x01, 0x02, 0x03,
2720};
2721
2722unsigned char tlsext_clienthello_disabled[] = {};
2723
2724static int
2725test_tlsext_clienthello_build(void)
2726{
2727 unsigned char *data = NULL;
2728 SSL_CTX *ssl_ctx = NULL;
2729 SSL *ssl = NULL;
2730 size_t dlen;
2731 int failure;
2732 CBB cbb;
2733
2734 failure = 1;
2735
2736 if (!CBB_init(&cbb, 0))
2737 errx(1, "failed to create CBB");
2738
2739 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2740 errx(1, "failed to create SSL_CTX");
2741 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2742 errx(1, "failed to create SSL");
2743
2744 if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) {
2745 FAIL("failed to build clienthello extensions\n");
2746 goto err;
2747 }
2748 if (!CBB_finish(&cbb, &data, &dlen))
2749 errx(1, "failed to finish CBB");
2750
2751 if (dlen != sizeof(tlsext_clienthello_default)) {
2752 FAIL("got clienthello extensions with length %zu, "
2753 "want length %zu\n", dlen,
2754 sizeof(tlsext_clienthello_default));
2755 compare_data(data, dlen, tlsext_clienthello_default,
2756 sizeof(tlsext_clienthello_default));
2757 goto err;
2758 }
2759 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
2760 FAIL("clienthello extensions differs:\n");
2761 compare_data(data, dlen, tlsext_clienthello_default,
2762 sizeof(tlsext_clienthello_default));
2763 goto err;
2764 }
2765
2766 CBB_cleanup(&cbb);
2767 CBB_init(&cbb, 0);
2768
2769 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
2770 ssl->client_version = TLS1_1_VERSION;
2771 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
2772 FAIL("failed to set cipher list\n");
2773 goto err;
2774 }
2775 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2776 FAIL("failed to disable session tickets");
2777 return 0;
2778 }
2779
2780 if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) {
2781 FAIL("failed to build clienthello extensions\n");
2782 goto err;
2783 }
2784 if (!CBB_finish(&cbb, &data, &dlen))
2785 errx(1, "failed to finish CBB");
2786
2787 if (dlen != sizeof(tlsext_clienthello_disabled)) {
2788 FAIL("got clienthello extensions with length %zu, "
2789 "want length %zu\n", dlen,
2790 sizeof(tlsext_clienthello_disabled));
2791 compare_data(data, dlen, tlsext_clienthello_disabled,
2792 sizeof(tlsext_clienthello_disabled));
2793 goto err;
2794 }
2795 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
2796 FAIL("clienthello extensions differs:\n");
2797 compare_data(data, dlen, tlsext_clienthello_disabled,
2798 sizeof(tlsext_clienthello_disabled));
2799 goto err;
2800 }
2801
2802 failure = 0;
2803
2804 err:
2805 CBB_cleanup(&cbb);
2806 SSL_CTX_free(ssl_ctx);
2807 SSL_free(ssl);
2808 free(data);
2809
2810 return (failure);
2811}
2812
2813unsigned char tlsext_serverhello_default[] = {};
2814
2815unsigned char tlsext_serverhello_enabled[] = {
2816 0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
2817 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
2818 0x00, 0x00, 0x23, 0x00, 0x00,
2819};
2820
2821static int
2822test_tlsext_serverhello_build(void)
2823{
2824 unsigned char *data = NULL;
2825 SSL_CTX *ssl_ctx = NULL;
2826 SSL *ssl = NULL;
2827 size_t dlen;
2828 int failure;
2829 CBB cbb;
2830
2831 failure = 1;
2832
2833 if (!CBB_init(&cbb, 0))
2834 errx(1, "failed to create CBB");
2835
2836 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2837 errx(1, "failed to create SSL_CTX");
2838 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2839 errx(1, "failed to create SSL");
2840 if ((ssl->session = SSL_SESSION_new()) == NULL)
2841 errx(1, "failed to create session");
2842
2843 S3I(ssl)->hs.new_cipher =
2844 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
2845
2846 if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) {
2847 FAIL("failed to build serverhello extensions\n");
2848 goto err;
2849 }
2850 if (!CBB_finish(&cbb, &data, &dlen))
2851 errx(1, "failed to finish CBB");
2852
2853 if (dlen != sizeof(tlsext_serverhello_default)) {
2854 FAIL("got serverhello extensions with length %zu, "
2855 "want length %zu\n", dlen,
2856 sizeof(tlsext_serverhello_default));
2857 compare_data(data, dlen, tlsext_serverhello_default,
2858 sizeof(tlsext_serverhello_default));
2859 goto err;
2860 }
2861 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
2862 FAIL("serverhello extensions differs:\n");
2863 compare_data(data, dlen, tlsext_serverhello_default,
2864 sizeof(tlsext_serverhello_default));
2865 goto err;
2866 }
2867
2868 CBB_cleanup(&cbb);
2869 CBB_init(&cbb, 0);
2870
2871 /* Turn a few things on so we get extensions... */
2872 S3I(ssl)->send_connection_binding = 1;
2873 S3I(ssl)->hs.new_cipher =
2874 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
2875 ssl->internal->tlsext_status_expected = 1;
2876 ssl->internal->tlsext_ticket_expected = 1;
2877 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL)
2878 errx(1, "malloc failed");
2879 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
2880 SSI(ssl)->tlsext_ecpointformatlist[0] =
2881 TLSEXT_ECPOINTFORMAT_uncompressed;
2882
2883 if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) {
2884 FAIL("failed to build serverhello extensions\n");
2885 goto err;
2886 }
2887 if (!CBB_finish(&cbb, &data, &dlen))
2888 errx(1, "failed to finish CBB");
2889
2890 if (dlen != sizeof(tlsext_serverhello_enabled)) {
2891 FAIL("got serverhello extensions with length %zu, "
2892 "want length %zu\n", dlen,
2893 sizeof(tlsext_serverhello_enabled));
2894 compare_data(data, dlen, tlsext_serverhello_enabled,
2895 sizeof(tlsext_serverhello_enabled));
2896 goto err;
2897 }
2898 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
2899 FAIL("serverhello extensions differs:\n");
2900 compare_data(data, dlen, tlsext_serverhello_enabled,
2901 sizeof(tlsext_serverhello_enabled));
2902 goto err;
2903 }
2904
2905 failure = 0;
2906
2907 err:
2908 CBB_cleanup(&cbb);
2909 SSL_CTX_free(ssl_ctx);
2910 SSL_free(ssl);
2911 free(data);
2912
2913 return (failure);
2914}
2915
2916const unsigned char tlsext_versions_client[] = {
2917 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
2918 0x02, 0x03, 0x01,
2919};
2920
2921const unsigned char tlsext_versions_server[] = {
2922 0x03, 0x04,
2923};
2924
2925static int
2926test_tlsext_versions_client(void)
2927{
2928 unsigned char *data = NULL;
2929 SSL_CTX *ssl_ctx = NULL;
2930 SSL *ssl = NULL;
2931 int failure = 0;
2932 size_t dlen;
2933 int alert;
2934 CBB cbb;
2935 CBS cbs;
2936
2937 CBB_init(&cbb, 0);
2938
2939 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2940 errx(1, "failed to create SSL_CTX");
2941 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2942 errx(1, "failed to create SSL");
2943
2944 S3I(ssl)->hs_tls13.max_version = 0;
2945
2946 if (tlsext_versions_client_needs(ssl)) {
2947 FAIL("client should not need versions\n");
2948 failure = 1;
2949 goto done;
2950 }
2951
2952 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
2953
2954 if (tlsext_versions_client_needs(ssl)) {
2955 FAIL("client should not need versions\n");
2956 failure = 1;
2957 goto done;
2958 }
2959
2960 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2961
2962 if (!tlsext_versions_client_needs(ssl)) {
2963 FAIL("client should need versions\n");
2964 failure = 1;
2965 goto done;
2966 }
2967
2968 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2969 S3I(ssl)->hs_tls13.min_version = 0;
2970 if (tlsext_versions_client_build(ssl, &cbb)) {
2971 FAIL("client should not have built versions\n");
2972 failure = 1;
2973 goto done;
2974 }
2975
2976 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2977 S3I(ssl)->hs_tls13.min_version = TLS1_VERSION;
2978 if (!tlsext_versions_client_build(ssl, &cbb)) {
2979 FAIL("client should have built versions\n");
2980 failure = 1;
2981 goto done;
2982 }
2983
2984 if (!CBB_finish(&cbb, &data, &dlen)) {
2985 FAIL("failed to finish CBB");
2986 failure = 1;
2987 goto done;
2988 }
2989
2990 if (dlen != sizeof(tlsext_versions_client)) {
2991 FAIL("got versions with length %zu, "
2992 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
2993 failure = 1;
2994 goto done;
2995 }
2996
2997 CBS_init(&cbs, data, dlen);
2998 if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) {
2999 FAIL("failed to parse client versions\n");
3000 failure = 1;
3001 goto done;
3002 }
3003 if (CBS_len(&cbs) != 0) {
3004 FAIL("extension data remaining");
3005 failure = 1;
3006 goto done;
3007 }
3008 done:
3009 CBB_cleanup(&cbb);
3010 SSL_CTX_free(ssl_ctx);
3011 SSL_free(ssl);
3012 free(data);
3013
3014 return (failure);
3015}
3016
3017
3018static int
3019test_tlsext_versions_server(void)
3020{
3021 unsigned char *data = NULL;
3022 SSL_CTX *ssl_ctx = NULL;
3023 SSL *ssl = NULL;
3024 int failure = 0;
3025 size_t dlen;
3026 int alert;
3027 CBB cbb;
3028 CBS cbs;
3029
3030 CBB_init(&cbb, 0);
3031
3032 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3033 errx(1, "failed to create SSL_CTX");
3034 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3035 errx(1, "failed to create SSL");
3036
3037 ssl->version = TLS1_2_VERSION;
3038
3039 if (tlsext_versions_server_needs(ssl)) {
3040 FAIL("server should not need versions\n");
3041 failure = 1;
3042 goto done;
3043 }
3044
3045 ssl->version = TLS1_3_VERSION;
3046
3047 if (!tlsext_versions_server_needs(ssl)) {
3048 FAIL("server should need versions\n");
3049 failure = 1;
3050 goto done;
3051 }
3052
3053 if (!tlsext_versions_server_build(ssl, &cbb)) {
3054 FAIL("server should have built versions\n");
3055 failure = 1;
3056 goto done;
3057 }
3058
3059 if (!CBB_finish(&cbb, &data, &dlen)) {
3060 FAIL("failed to finish CBB");
3061 failure = 1;
3062 goto done;
3063 }
3064
3065 if (dlen != sizeof(tlsext_versions_server)) {
3066 FAIL("got versions with length %zu, "
3067 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3068 failure = 1;
3069 goto done;
3070 }
3071
3072 CBS_init(&cbs, data, dlen);
3073 if (!tlsext_versions_client_parse(ssl, &cbs, &alert)) {
3074 FAIL("failed to parse client versions\n");
3075 failure = 1;
3076 goto done;
3077 }
3078 if (CBS_len(&cbs) != 0) {
3079 FAIL("extension data remaining");
3080 failure = 1;
3081 goto done;
3082 }
3083 done:
3084 CBB_cleanup(&cbb);
3085 SSL_CTX_free(ssl_ctx);
3086 SSL_free(ssl);
3087 free(data);
3088
3089 return (failure);
3090}
3091
3092const unsigned char tlsext_keyshare_client[] = {
3093 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3094 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3095 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
3096 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
3097 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3098};
3099
3100const unsigned char tlsext_keyshare_server[] = {
3101 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3102 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3103 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3104 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3105 0x76, 0x1e, 0xe8, 0x22
3106};
3107
3108static int
3109test_tlsext_keyshare_client(void)
3110{
3111 unsigned char *data = NULL;
3112 SSL_CTX *ssl_ctx = NULL;
3113 SSL *ssl = NULL;
3114 int failure = 0;
3115 size_t dlen;
3116 int alert;
3117 CBB cbb;
3118 CBS cbs;
3119
3120 CBB_init(&cbb, 0);
3121
3122 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3123 errx(1, "failed to create SSL_CTX");
3124 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3125 errx(1, "failed to create SSL");
3126
3127 S3I(ssl)->hs_tls13.max_version = 0;
3128
3129 if (tlsext_keyshare_client_needs(ssl)) {
3130 FAIL("client should not need keyshare\n");
3131 failure = 1;
3132 goto done;
3133 }
3134
3135 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3136 if (tlsext_keyshare_client_needs(ssl)) {
3137 FAIL("client should not need keyshare\n");
3138 failure = 1;
3139 goto done;
3140 }
3141
3142 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3143 if (!tlsext_keyshare_client_needs(ssl)) {
3144 FAIL("client should need keyshare\n");
3145 failure = 1;
3146 goto done;
3147 }
3148
3149 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3150 if (!tlsext_keyshare_client_build(ssl, &cbb)) {
3151 FAIL("client should have built keyshare\n");
3152 failure = 1;
3153 goto done;
3154 }
3155
3156 if (!CBB_finish(&cbb, &data, &dlen)) {
3157 FAIL("failed to finish CBB");
3158 failure = 1;
3159 goto done;
3160 }
3161
3162 if (dlen != sizeof(tlsext_keyshare_client)) {
3163 FAIL("got client keyshare with length %zu, "
3164 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
3165 failure = 1;
3166 goto done;
3167 }
3168
3169 (ssl)->version = TLS1_3_VERSION;
3170 CBS_init(&cbs, data, dlen);
3171
3172 if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) {
3173 FAIL("failed to parse client keyshare\n");
3174 failure = 1;
3175 goto done;
3176 }
3177
3178 if (CBS_len(&cbs) != 0) {
3179 FAIL("extension data remaining");
3180 failure = 1;
3181 goto done;
3182 }
3183
3184
3185 done:
3186 CBB_cleanup(&cbb);
3187 SSL_CTX_free(ssl_ctx);
3188 SSL_free(ssl);
3189 free(data);
3190
3191 return (failure);
3192}
3193
3194static int
3195test_tlsext_keyshare_server(void)
3196{
3197 unsigned char *data = NULL;
3198 SSL_CTX *ssl_ctx = NULL;
3199 SSL *ssl = NULL;
3200 int failure = 0;
3201 size_t dlen, idx;
3202 int alert;
3203 CBB cbb;
3204 CBS cbs;
3205 uint8_t bogokey[] = {
3206 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3207 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3208 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3209 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22
3210 };
3211
3212 CBB_init(&cbb, 0);
3213
3214 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3215 errx(1, "failed to create SSL_CTX");
3216 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3217 errx(1, "failed to create SSL");
3218
3219 (ssl)->version = 0;
3220 if (tlsext_keyshare_server_needs(ssl)) {
3221 FAIL("server should not need keyshare\n");
3222 failure = 1;
3223 goto done;
3224 }
3225
3226 (ssl)->version = TLS1_2_VERSION;
3227 if (tlsext_keyshare_server_needs(ssl)) {
3228 FAIL("server should not need keyshare\n");
3229 failure = 1;
3230 goto done;
3231 }
3232
3233 ssl->version = TLS1_3_VERSION;
3234 if (tlsext_keyshare_server_needs(ssl)) {
3235 FAIL("client should not need keyshare\n");
3236 failure = 1;
3237 goto done;
3238 }
3239
3240 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL)
3241 FAIL("Can't find keyshare extension");
3242 S3I(ssl)->hs.extensions_seen |= (1 << idx);
3243
3244 if (!tlsext_keyshare_server_needs(ssl)) {
3245 FAIL("server should need keyshare");
3246 failure = 1;
3247 goto done;
3248 }
3249
3250 if (tlsext_keyshare_server_build(ssl, &cbb)) {
3251 FAIL("server should not have built a keyshare response");
3252 failure = 1;
3253 goto done;
3254 }
3255
3256 if ((S3I(ssl)->hs_tls13.x25519_peer_public =
3257 malloc(sizeof(bogokey))) == NULL)
3258 errx(1, "malloc failed");
3259 memcpy(S3I(ssl)->hs_tls13.x25519_peer_public, bogokey, sizeof(bogokey));
3260
3261 if (!tlsext_keyshare_server_build(ssl, &cbb)) {
3262 FAIL("server should be able to build a keyshare response");
3263 failure = 1;
3264 goto done;
3265 }
3266
3267 if (!CBB_finish(&cbb, &data, &dlen)) {
3268 FAIL("failed to finish CBB");
3269 failure = 1;
3270 goto done;
3271 }
3272
3273 if (dlen != sizeof(tlsext_keyshare_server)) {
3274 FAIL("got server keyshare with length %zu, "
3275 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3276 failure = 1;
3277 goto done;
3278 }
3279
3280 CBS_init(&cbs, data, dlen);
3281
3282 if (!tlsext_keyshare_client_parse(ssl, &cbs, &alert)) {
3283 FAIL("failed to parse server keyshare\n");
3284 failure = 1;
3285 goto done;
3286 }
3287
3288 if (CBS_len(&cbs) != 0) {
3289 FAIL("extension data remaining");
3290 failure = 1;
3291 goto done;
3292 }
3293
3294done:
3295 CBB_cleanup(&cbb);
3296 SSL_CTX_free(ssl_ctx);
3297 SSL_free(ssl);
3298 free(data);
3299
3300 return (failure);
3301}
3302
3303/* One day I hope to be the only Muppet in this codebase */
3304const uint8_t cookie[] = "\n"
3305 " (o)(o) \n"
3306 " m' 'm \n"
3307 " M -****- M \n"
3308 " 'm m' \n"
3309 " m''''''''''m \n"
3310 " M M BB \n";
3311
3312static int
3313test_tlsext_cookie_client(void)
3314{
3315 unsigned char *data = NULL;
3316 SSL_CTX *ssl_ctx = NULL;
3317 SSL *ssl = NULL;
3318 int failure = 0;
3319 size_t dlen;
3320 int alert;
3321 CBB cbb;
3322 CBS cbs;
3323
3324 CBB_init(&cbb, 0);
3325
3326 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3327 errx(1, "failed to create SSL_CTX");
3328 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3329 errx(1, "failed to create SSL");
3330
3331 S3I(ssl)->hs_tls13.max_version = 0;
3332 if (tlsext_cookie_client_needs(ssl)) {
3333 FAIL("client should not need cookie\n");
3334 failure = 1;
3335 goto done;
3336 }
3337
3338 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3339 if (tlsext_cookie_client_needs(ssl)) {
3340 FAIL("client should not need cookie\n");
3341 failure = 1;
3342 goto done;
3343 }
3344
3345
3346 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3347 if (tlsext_cookie_client_needs(ssl)) {
3348 FAIL("client should not need cookie\n");
3349 failure = 1;
3350 goto done;
3351 }
3352
3353 /* Normally would be set by receiving a server cookie in an HRR */
3354 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3355 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3356
3357 if (!tlsext_cookie_client_needs(ssl)) {
3358 FAIL("client should need cookie");
3359 failure = 1;
3360 goto done;
3361 }
3362
3363 if (!tlsext_cookie_client_build(ssl, &cbb)) {
3364 FAIL("client should have built a cookie response");
3365 failure = 1;
3366 goto done;
3367 }
3368
3369 if (!CBB_finish(&cbb, &data, &dlen)) {
3370 FAIL("failed to finish CBB");
3371 failure = 1;
3372 goto done;
3373 }
3374
3375 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3376 FAIL("got cookie with length %zu, "
3377 "want length %zu\n", dlen, strlen(cookie) +
3378 sizeof(uint16_t));
3379 failure = 1;
3380 goto done;
3381 }
3382
3383 CBS_init(&cbs, data, dlen);
3384
3385 /* Checks cookie against what's in the hs_tls13 */
3386 if (!tlsext_cookie_server_parse(ssl, &cbs, &alert)) {
3387 FAIL("failed to parse client cookie\n");
3388 failure = 1;
3389 goto done;
3390 }
3391
3392 if (CBS_len(&cbs) != 0) {
3393 FAIL("extension data remaining");
3394 failure = 1;
3395 goto done;
3396 }
3397
3398 done:
3399 CBB_cleanup(&cbb);
3400 SSL_CTX_free(ssl_ctx);
3401 SSL_free(ssl);
3402 free(data);
3403
3404 return (failure);
3405}
3406
3407static int
3408test_tlsext_cookie_server(void)
3409{
3410 unsigned char *data = NULL;
3411 SSL_CTX *ssl_ctx = NULL;
3412 SSL *ssl = NULL;
3413 int failure = 0;
3414 size_t dlen;
3415 int alert;
3416 CBB cbb;
3417 CBS cbs;
3418
3419 CBB_init(&cbb, 0);
3420
3421 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3422 errx(1, "failed to create SSL_CTX");
3423 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3424 errx(1, "failed to create SSL");
3425
3426 S3I(ssl)->hs_tls13.max_version = 0;
3427 if (tlsext_cookie_server_needs(ssl)) {
3428 FAIL("server should not need cookie\n");
3429 failure = 1;
3430 goto done;
3431 }
3432
3433 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3434 if (tlsext_cookie_server_needs(ssl)) {
3435 FAIL("server should not need cookie\n");
3436 failure = 1;
3437 goto done;
3438 }
3439
3440
3441 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3442 if (tlsext_cookie_server_needs(ssl)) {
3443 FAIL("server should not need cookie\n");
3444 failure = 1;
3445 goto done;
3446 }
3447
3448 /* Normally would be set by server before sending HRR */
3449 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3450 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3451
3452 if (!tlsext_cookie_server_needs(ssl)) {
3453 FAIL("server should need cookie");
3454 failure = 1;
3455 goto done;
3456 }
3457
3458 if (!tlsext_cookie_server_build(ssl, &cbb)) {
3459 FAIL("server have built a cookie response");
3460 failure = 1;
3461 goto done;
3462 }
3463
3464 if (!CBB_finish(&cbb, &data, &dlen)) {
3465 FAIL("failed to finish CBB");
3466 failure = 1;
3467 goto done;
3468 }
3469
3470 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3471 FAIL("got cookie with length %zu, "
3472 "want length %zu\n", dlen, strlen(cookie) +
3473 sizeof(uint16_t));
3474 failure = 1;
3475 goto done;
3476 }
3477
3478 CBS_init(&cbs, data, dlen);
3479
3480 if (tlsext_cookie_client_parse(ssl, &cbs, &alert)) {
3481 FAIL("client should not have parsed server cookie\n");
3482 failure = 1;
3483 goto done;
3484 }
3485
3486 freezero(S3I(ssl)->hs_tls13.cookie, S3I(ssl)->hs_tls13.cookie_len);
3487 S3I(ssl)->hs_tls13.cookie = NULL;
3488 S3I(ssl)->hs_tls13.cookie_len = 0;
3489
3490 if (!tlsext_cookie_client_parse(ssl, &cbs, &alert)) {
3491 FAIL("failed to parse server cookie\n");
3492 failure = 1;
3493 goto done;
3494 }
3495
3496 if (memcmp(cookie, S3I(ssl)->hs_tls13.cookie,
3497 S3I(ssl)->hs_tls13.cookie_len) != 0) {
3498 FAIL("parsed server cookie does not match sent cookie\n");
3499 failure = 1;
3500 goto done;
3501 }
3502
3503 if (CBS_len(&cbs) != 0) {
3504 FAIL("extension data remaining");
3505 failure = 1;
3506 goto done;
3507 }
3508
3509done:
3510 CBB_cleanup(&cbb);
3511 SSL_CTX_free(ssl_ctx);
3512 SSL_free(ssl);
3513 free(data);
3514
3515 return (failure);
3516}
3517
3518
3519int
3520main(int argc, char **argv)
3521{
3522 int failed = 0;
3523
3524 SSL_library_init();
3525 SSL_load_error_strings();
3526
3527 failed |= test_tlsext_alpn_client();
3528 failed |= test_tlsext_alpn_server();
3529
3530 failed |= test_tlsext_supportedgroups_client();
3531 failed |= test_tlsext_supportedgroups_server();
3532
3533 failed |= test_tlsext_ecpf_client();
3534 failed |= test_tlsext_ecpf_server();
3535
3536 failed |= test_tlsext_ri_client();
3537 failed |= test_tlsext_ri_server();
3538
3539 failed |= test_tlsext_sigalgs_client();
3540 failed |= test_tlsext_sigalgs_server();
3541
3542 failed |= test_tlsext_sni_client();
3543 failed |= test_tlsext_sni_server();
3544
3545 failed |= test_tlsext_ocsp_client();
3546 failed |= test_tlsext_ocsp_server();
3547
3548 failed |= test_tlsext_sessionticket_client();
3549 failed |= test_tlsext_sessionticket_server();
3550
3551 failed |= test_tlsext_versions_client();
3552 failed |= test_tlsext_versions_server();
3553
3554 failed |= test_tlsext_keyshare_client();
3555 failed |= test_tlsext_keyshare_server();
3556
3557 failed |= test_tlsext_cookie_client();
3558 failed |= test_tlsext_cookie_server();
3559
3560#ifndef OPENSSL_NO_SRTP
3561 failed |= test_tlsext_srtp_client();
3562 failed |= test_tlsext_srtp_server();
3563#else
3564 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
3565#endif
3566
3567 failed |= test_tlsext_clienthello_build();
3568 failed |= test_tlsext_serverhello_build();
3569
3570 return (failed);
3571}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 14:19:45 +0000