summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/regress/lib/libssl/Makefile36
-rw-r--r--src/regress/lib/libssl/Makefile.inc4
-rw-r--r--src/regress/lib/libssl/api/Makefile10
-rw-r--r--src/regress/lib/libssl/api/apitest.c374
-rw-r--r--src/regress/lib/libssl/asn1/Makefile11
-rw-r--r--src/regress/lib/libssl/asn1/asn1test.c478
-rw-r--r--src/regress/lib/libssl/buffer/Makefile10
-rw-r--r--src/regress/lib/libssl/buffer/buffertest.c364
-rw-r--r--src/regress/lib/libssl/bytestring/Makefile10
-rw-r--r--src/regress/lib/libssl/bytestring/bytestringtest.c968
-rw-r--r--src/regress/lib/libssl/certs/ca-int-ecdsa.crl8
-rw-r--r--src/regress/lib/libssl/certs/ca-int-ecdsa.pem13
-rw-r--r--src/regress/lib/libssl/certs/ca-int-rsa.crl11
-rw-r--r--src/regress/lib/libssl/certs/ca-int-rsa.pem22
-rw-r--r--src/regress/lib/libssl/certs/ca-root-ecdsa.pem13
-rw-r--r--src/regress/lib/libssl/certs/ca-root-rsa.pem22
-rw-r--r--src/regress/lib/libssl/certs/client1-ecdsa-chain.pem27
-rw-r--r--src/regress/lib/libssl/certs/client1-ecdsa.pem19
-rw-r--r--src/regress/lib/libssl/certs/client1-rsa-chain.pem44
-rw-r--r--src/regress/lib/libssl/certs/client1-rsa.pem50
-rw-r--r--src/regress/lib/libssl/certs/client2-ecdsa-chain.pem26
-rw-r--r--src/regress/lib/libssl/certs/client2-ecdsa.pem18
-rw-r--r--src/regress/lib/libssl/certs/client2-rsa-chain.pem44
-rw-r--r--src/regress/lib/libssl/certs/client2-rsa.pem50
-rw-r--r--src/regress/lib/libssl/certs/client3-ecdsa-chain.pem26
-rw-r--r--src/regress/lib/libssl/certs/client3-ecdsa.pem18
-rw-r--r--src/regress/lib/libssl/certs/client3-rsa-chain.pem44
-rw-r--r--src/regress/lib/libssl/certs/client3-rsa.pem50
-rwxr-xr-xsrc/regress/lib/libssl/certs/make-certs.sh263
-rw-r--r--src/regress/lib/libssl/certs/server1-ecdsa-chain.pem26
-rw-r--r--src/regress/lib/libssl/certs/server1-ecdsa.pem18
-rw-r--r--src/regress/lib/libssl/certs/server1-rsa-chain.pem44
-rw-r--r--src/regress/lib/libssl/certs/server1-rsa.pem50
-rw-r--r--src/regress/lib/libssl/certs/server2-ecdsa-chain.pem26
-rw-r--r--src/regress/lib/libssl/certs/server2-ecdsa.pem18
-rw-r--r--src/regress/lib/libssl/certs/server2-rsa-chain.pem44
-rw-r--r--src/regress/lib/libssl/certs/server2-rsa.pem50
-rw-r--r--src/regress/lib/libssl/certs/server3-ecdsa-chain.pem26
-rw-r--r--src/regress/lib/libssl/certs/server3-ecdsa.pem18
-rw-r--r--src/regress/lib/libssl/certs/server3-rsa-chain.pem44
-rw-r--r--src/regress/lib/libssl/certs/server3-rsa.pem50
-rw-r--r--src/regress/lib/libssl/ciphers/Makefile9
-rw-r--r--src/regress/lib/libssl/ciphers/cipherstest.c1209
-rw-r--r--src/regress/lib/libssl/client/Makefile9
-rw-r--r--src/regress/lib/libssl/client/clienttest.c744
-rw-r--r--src/regress/lib/libssl/dtls/Makefile21
-rw-r--r--src/regress/lib/libssl/dtls/dtlstest.c1077
-rw-r--r--src/regress/lib/libssl/exporter/Makefile10
-rw-r--r--src/regress/lib/libssl/exporter/exportertest.c667
-rw-r--r--src/regress/lib/libssl/handshake/Makefile34
-rw-r--r--src/regress/lib/libssl/handshake/handshake_table.c550
-rw-r--r--src/regress/lib/libssl/handshake/valid_handshakes_terminate.c54
-rw-r--r--src/regress/lib/libssl/interop/LICENSE15
-rw-r--r--src/regress/lib/libssl/interop/Makefile19
-rw-r--r--src/regress/lib/libssl/interop/Makefile.inc83
-rw-r--r--src/regress/lib/libssl/interop/README18
-rw-r--r--src/regress/lib/libssl/interop/botan/Makefile84
-rw-r--r--src/regress/lib/libssl/interop/botan/client.cpp228
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile98
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile159
-rw-r--r--src/regress/lib/libssl/interop/client.c285
-rw-r--r--src/regress/lib/libssl/interop/libressl/Makefile34
-rw-r--r--src/regress/lib/libssl/interop/netcat/Makefile84
-rw-r--r--src/regress/lib/libssl/interop/openssl33/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/openssl34/Makefile44
-rw-r--r--src/regress/lib/libssl/interop/server.c321
-rw-r--r--src/regress/lib/libssl/interop/session/Makefile43
-rw-r--r--src/regress/lib/libssl/interop/util.c145
-rw-r--r--src/regress/lib/libssl/interop/util.h23
-rw-r--r--src/regress/lib/libssl/interop/version/Makefile110
-rw-r--r--src/regress/lib/libssl/key_schedule/Makefile10
-rw-r--r--src/regress/lib/libssl/key_schedule/key_schedule.c317
-rw-r--r--src/regress/lib/libssl/openssl-ruby/Makefile87
-rw-r--r--src/regress/lib/libssl/pqueue/Makefile17
-rw-r--r--src/regress/lib/libssl/pqueue/expected.txt3
-rw-r--r--src/regress/lib/libssl/pqueue/pq_test.c118
-rw-r--r--src/regress/lib/libssl/quic/Makefile19
-rw-r--r--src/regress/lib/libssl/quic/quictest.c339
-rw-r--r--src/regress/lib/libssl/record/Makefile10
-rw-r--r--src/regress/lib/libssl/record/recordtest.c555
-rw-r--r--src/regress/lib/libssl/record_layer/Makefile10
-rw-r--r--src/regress/lib/libssl/record_layer/record_layer_test.c306
-rw-r--r--src/regress/lib/libssl/renegotiation/Makefile18
-rw-r--r--src/regress/lib/libssl/renegotiation/renegotiation_test.c650
-rw-r--r--src/regress/lib/libssl/rust-openssl/Cargo.toml9
-rw-r--r--src/regress/lib/libssl/rust-openssl/Makefile58
-rw-r--r--src/regress/lib/libssl/rust-openssl/config.toml6
-rw-r--r--src/regress/lib/libssl/server/Makefile18
-rw-r--r--src/regress/lib/libssl/server/servertest.c209
-rw-r--r--src/regress/lib/libssl/shutdown/Makefile18
-rw-r--r--src/regress/lib/libssl/shutdown/shutdowntest.c656
-rw-r--r--src/regress/lib/libssl/ssl/Makefile17
-rw-r--r--src/regress/lib/libssl/ssl/ssltest.c1528
-rw-r--r--src/regress/lib/libssl/ssl/testssl162
-rw-r--r--src/regress/lib/libssl/symbols/Makefile22
-rw-r--r--src/regress/lib/libssl/symbols/symbols.awk58
-rw-r--r--src/regress/lib/libssl/tls/Makefile18
-rw-r--r--src/regress/lib/libssl/tls/tlstest.c400
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile10
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c4702
-rw-r--r--src/regress/lib/libssl/tlsfuzzer/Makefile51
-rw-r--r--src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py935
-rw-r--r--src/regress/lib/libssl/tlslegacy/Makefile9
-rw-r--r--src/regress/lib/libssl/tlslegacy/tlslegacytest.c625
-rw-r--r--src/regress/lib/libssl/unit/Makefile21
-rw-r--r--src/regress/lib/libssl/unit/cipher_list.c231
-rw-r--r--src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c478
-rw-r--r--src/regress/lib/libssl/unit/ssl_methods.c267
-rw-r--r--src/regress/lib/libssl/unit/ssl_set_alpn_protos.c470
-rw-r--r--src/regress/lib/libssl/unit/ssl_verify_param.c99
-rw-r--r--src/regress/lib/libssl/unit/ssl_versions.c922
-rw-r--r--src/regress/lib/libssl/unit/tests.h44
-rw-r--r--src/regress/lib/libssl/unit/tls_ext_alpn.c442
-rw-r--r--src/regress/lib/libssl/unit/tls_prf.c182
-rw-r--r--src/regress/lib/libssl/verify/Makefile37
-rw-r--r--src/regress/lib/libssl/verify/create-libressl-test-certs.pl111
-rw-r--r--src/regress/lib/libssl/verify/verify.c373
117 files changed, 0 insertions, 25315 deletions
diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile
deleted file mode 100644
index e0813b40b3..0000000000
--- a/src/regress/lib/libssl/Makefile
+++ /dev/null
@@ -1,36 +0,0 @@
1# $OpenBSD: Makefile,v 1.58 2025/02/01 12:27:11 jsing Exp $
2
3SUBDIR += api
4SUBDIR += asn1
5SUBDIR += buffer
6SUBDIR += bytestring
7SUBDIR += ciphers
8SUBDIR += client
9SUBDIR += dtls
10SUBDIR += exporter
11SUBDIR += handshake
12SUBDIR += pqueue
13SUBDIR += quic
14SUBDIR += record
15SUBDIR += record_layer
16SUBDIR += renegotiation
17SUBDIR += server
18SUBDIR += shutdown
19SUBDIR += ssl
20SUBDIR += symbols
21SUBDIR += tls
22SUBDIR += tlsext
23SUBDIR += tlslegacy
24SUBDIR += key_schedule
25SUBDIR += unit
26SUBDIR += verify
27
28# Things that take a long time should go below here.
29SUBDIR += openssl-ruby
30SUBDIR += rust-openssl
31SUBDIR += tlsfuzzer
32SUBDIR += interop
33
34install:
35
36.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/Makefile.inc b/src/regress/lib/libssl/Makefile.inc
deleted file mode 100644
index cc8ad18394..0000000000
--- a/src/regress/lib/libssl/Makefile.inc
+++ /dev/null
@@ -1,4 +0,0 @@
1# Use this variable when the test needs internal symbols from libcrypto
2CRYPTO_INT= -Wl,-Bstatic -lcrypto -Wl,-Bdynamic
3# Use this variable when the test needs internal symbols from libssl
4SSL_INT= -Wl,-Bstatic -lssl -Wl,-Bdynamic
diff --git a/src/regress/lib/libssl/api/Makefile b/src/regress/lib/libssl/api/Makefile
deleted file mode 100644
index 7f745518eb..0000000000
--- a/src/regress/lib/libssl/api/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2023/04/14 12:38:30 tb Exp $
2
3PROG= apitest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../../libssl/certs\"
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/api/apitest.c b/src/regress/lib/libssl/api/apitest.c
deleted file mode 100644
index 37adb0c06f..0000000000
--- a/src/regress/lib/libssl/api/apitest.c
+++ /dev/null
@@ -1,374 +0,0 @@
1/* $OpenBSD: apitest.c,v 1.3 2024/09/07 16:39:29 tb Exp $ */
2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include <openssl/bio.h>
21#include <openssl/err.h>
22#include <openssl/ssl.h>
23
24#ifndef CERTSDIR
25#define CERTSDIR "."
26#endif
27
28const char *certs_path = CERTSDIR;
29
30int debug = 0;
31
32static int
33ssl_ctx_use_ca_file(SSL_CTX *ssl_ctx, const char *ca_file)
34{
35 char *ca_path = NULL;
36 int ret = 0;
37
38 if (asprintf(&ca_path, "%s/%s", certs_path, ca_file) == -1)
39 goto err;
40 if (!SSL_CTX_load_verify_locations(ssl_ctx, ca_path, NULL)) {
41 fprintf(stderr, "load_verify_locations(%s) failed\n", ca_path);
42 goto err;
43 }
44
45 ret = 1;
46
47 err:
48 free(ca_path);
49
50 return ret;
51}
52
53static int
54ssl_ctx_use_keypair(SSL_CTX *ssl_ctx, const char *chain_file,
55 const char *key_file)
56{
57 char *chain_path = NULL, *key_path = NULL;
58 int ret = 0;
59
60 if (asprintf(&chain_path, "%s/%s", certs_path, chain_file) == -1)
61 goto err;
62 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, chain_path) != 1) {
63 fprintf(stderr, "FAIL: Failed to load certificates\n");
64 goto err;
65 }
66 if (asprintf(&key_path, "%s/%s", certs_path, key_file) == -1)
67 goto err;
68 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, key_path,
69 SSL_FILETYPE_PEM) != 1) {
70 fprintf(stderr, "FAIL: Failed to load private key\n");
71 goto err;
72 }
73
74 ret = 1;
75
76 err:
77 free(chain_path);
78 free(key_path);
79
80 return ret;
81}
82
83static SSL *
84tls_client(BIO *rbio, BIO *wbio)
85{
86 SSL_CTX *ssl_ctx = NULL;
87 SSL *ssl = NULL;
88
89 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
90 errx(1, "client context");
91
92 SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
93
94 if (!ssl_ctx_use_ca_file(ssl_ctx, "ca-root-rsa.pem"))
95 goto failure;
96 if (!ssl_ctx_use_keypair(ssl_ctx, "client1-rsa-chain.pem",
97 "client1-rsa.pem"))
98 goto failure;
99
100 if ((ssl = SSL_new(ssl_ctx)) == NULL)
101 errx(1, "client ssl");
102
103 BIO_up_ref(rbio);
104 BIO_up_ref(wbio);
105
106 SSL_set_bio(ssl, rbio, wbio);
107
108 failure:
109 SSL_CTX_free(ssl_ctx);
110
111 return ssl;
112}
113
114static SSL *
115tls_server(BIO *rbio, BIO *wbio)
116{
117 SSL_CTX *ssl_ctx = NULL;
118 SSL *ssl = NULL;
119
120 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
121 errx(1, "server context");
122
123 SSL_CTX_set_dh_auto(ssl_ctx, 2);
124
125 SSL_CTX_set_verify(ssl_ctx,
126 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
127
128 if (!ssl_ctx_use_ca_file(ssl_ctx, "ca-root-rsa.pem"))
129 goto failure;
130 if (!ssl_ctx_use_keypair(ssl_ctx, "server1-rsa-chain.pem",
131 "server1-rsa.pem"))
132 goto failure;
133
134 if ((ssl = SSL_new(ssl_ctx)) == NULL)
135 errx(1, "server ssl");
136
137 BIO_up_ref(rbio);
138 BIO_up_ref(wbio);
139
140 SSL_set_bio(ssl, rbio, wbio);
141
142 failure:
143 SSL_CTX_free(ssl_ctx);
144
145 return ssl;
146}
147
148static int
149ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
150{
151 int ssl_err;
152
153 ssl_err = SSL_get_error(ssl, ssl_ret);
154
155 if (ssl_err == SSL_ERROR_WANT_READ) {
156 return 1;
157 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
158 return 1;
159 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
160 /* Yup, this is apparently a thing... */
161 } else {
162 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
163 name, desc, ssl_err, errno);
164 ERR_print_errors_fp(stderr);
165 return 0;
166 }
167
168 return 1;
169}
170
171static int
172do_connect(SSL *ssl, const char *name, int *done)
173{
174 int ssl_ret;
175
176 if ((ssl_ret = SSL_connect(ssl)) == 1) {
177 fprintf(stderr, "INFO: %s connect done\n", name);
178 *done = 1;
179 return 1;
180 }
181
182 return ssl_error(ssl, name, "connect", ssl_ret);
183}
184
185static int
186do_accept(SSL *ssl, const char *name, int *done)
187{
188 int ssl_ret;
189
190 if ((ssl_ret = SSL_accept(ssl)) == 1) {
191 fprintf(stderr, "INFO: %s accept done\n", name);
192 *done = 1;
193 return 1;
194 }
195
196 return ssl_error(ssl, name, "accept", ssl_ret);
197}
198
199typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
200
201static int
202do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
203 ssl_func server_func)
204{
205 int client_done = 0, server_done = 0;
206 int i = 0;
207
208 do {
209 if (!client_done) {
210 if (debug)
211 fprintf(stderr, "DEBUG: client loop\n");
212 if (!client_func(client, "client", &client_done))
213 return 0;
214 }
215 if (!server_done) {
216 if (debug)
217 fprintf(stderr, "DEBUG: server loop\n");
218 if (!server_func(server, "server", &server_done))
219 return 0;
220 }
221 } while (i++ < 100 && (!client_done || !server_done));
222
223 if (!client_done || !server_done)
224 fprintf(stderr, "FAIL: gave up\n");
225
226 return client_done && server_done;
227}
228
229static int
230ssl_get_peer_cert_chain_test(uint16_t tls_version)
231{
232 STACK_OF(X509) *peer_chain;
233 X509 *peer_cert;
234 BIO *client_wbio = NULL, *server_wbio = NULL;
235 SSL *client = NULL, *server = NULL;
236 int failed = 1;
237
238 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
239 goto failure;
240 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
241 goto failure;
242
243 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
244 goto failure;
245 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
246 goto failure;
247
248 if ((client = tls_client(server_wbio, client_wbio)) == NULL)
249 goto failure;
250 if (tls_version != 0) {
251 if (!SSL_set_min_proto_version(client, tls_version))
252 goto failure;
253 if (!SSL_set_max_proto_version(client, tls_version))
254 goto failure;
255 }
256
257 if ((server = tls_server(client_wbio, server_wbio)) == NULL)
258 goto failure;
259 if (tls_version != 0) {
260 if (!SSL_set_min_proto_version(server, tls_version))
261 goto failure;
262 if (!SSL_set_max_proto_version(server, tls_version))
263 goto failure;
264 }
265
266 if (!do_client_server_loop(client, do_connect, server, do_accept)) {
267 fprintf(stderr, "FAIL: client and server handshake failed\n");
268 goto failure;
269 }
270
271 if (tls_version != 0) {
272 if (SSL_version(client) != tls_version) {
273 fprintf(stderr, "FAIL: client got TLS version %x, "
274 "want %x\n", SSL_version(client), tls_version);
275 goto failure;
276 }
277 if (SSL_version(server) != tls_version) {
278 fprintf(stderr, "FAIL: server got TLS version %x, "
279 "want %x\n", SSL_version(server), tls_version);
280 goto failure;
281 }
282 }
283
284 /*
285 * Due to the wonders of API inconsistency, SSL_get_peer_cert_chain()
286 * includes the peer's leaf certificate when called by the client,
287 * however it does not when called by the server. Furthermore, the
288 * certificate returned by SSL_get_peer_certificate() has already
289 * had its reference count incremented and must be freed, where as
290 * the certificates returned from SSL_get_peer_cert_chain() must
291 * not be freed... *sigh*
292 */
293 peer_cert = SSL_get_peer_certificate(client);
294 peer_chain = SSL_get_peer_cert_chain(client);
295 X509_free(peer_cert);
296
297 if (peer_cert == NULL) {
298 fprintf(stderr, "FAIL: client got no peer cert\n");
299 goto failure;
300 }
301 if (sk_X509_num(peer_chain) != 2) {
302 fprintf(stderr, "FAIL: client got peer cert chain with %d "
303 "certificates, want 2\n", sk_X509_num(peer_chain));
304 goto failure;
305 }
306 if (X509_cmp(peer_cert, sk_X509_value(peer_chain, 0)) != 0) {
307 fprintf(stderr, "FAIL: client got peer cert chain without peer "
308 "certificate\n");
309 goto failure;
310 }
311
312 peer_cert = SSL_get_peer_certificate(server);
313 peer_chain = SSL_get_peer_cert_chain(server);
314 X509_free(peer_cert);
315
316 if (peer_cert == NULL) {
317 fprintf(stderr, "FAIL: server got no peer cert\n");
318 goto failure;
319 }
320 if (sk_X509_num(peer_chain) != 1) {
321 fprintf(stderr, "FAIL: server got peer cert chain with %d "
322 "certificates, want 1\n", sk_X509_num(peer_chain));
323 goto failure;
324 }
325 if (X509_cmp(peer_cert, sk_X509_value(peer_chain, 0)) == 0) {
326 fprintf(stderr, "FAIL: server got peer cert chain with peer "
327 "certificate\n");
328 goto failure;
329 }
330
331 fprintf(stderr, "INFO: Done!\n");
332
333 failed = 0;
334
335 failure:
336 BIO_free(client_wbio);
337 BIO_free(server_wbio);
338
339 SSL_free(client);
340 SSL_free(server);
341
342 return failed;
343}
344
345static int
346ssl_get_peer_cert_chain_tests(void)
347{
348 int failed = 0;
349
350 fprintf(stderr, "\n== Testing SSL_get_peer_cert_chain()... ==\n");
351
352 failed |= ssl_get_peer_cert_chain_test(0);
353 failed |= ssl_get_peer_cert_chain_test(TLS1_3_VERSION);
354 failed |= ssl_get_peer_cert_chain_test(TLS1_2_VERSION);
355
356 return failed;
357}
358
359int
360main(int argc, char **argv)
361{
362 int failed = 0;
363
364 if (argc > 2) {
365 fprintf(stderr, "usage: %s [certspath]\n", argv[0]);
366 exit(1);
367 }
368 if (argc == 2)
369 certs_path = argv[1];
370
371 failed |= ssl_get_peer_cert_chain_tests();
372
373 return failed;
374}
diff --git a/src/regress/lib/libssl/asn1/Makefile b/src/regress/lib/libssl/asn1/Makefile
deleted file mode 100644
index 16fca9f6ca..0000000000
--- a/src/regress/lib/libssl/asn1/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2021/06/30 18:09:46 jsing Exp $
2
3PROG= asn1test
4LDADD= -lcrypto -lssl
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6
7WARNINGS= Yes
8CFLAGS+= -DLIBRESSL_INTERNAL -Werror
9CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/asn1/asn1test.c b/src/regress/lib/libssl/asn1/asn1test.c
deleted file mode 100644
index a81c502655..0000000000
--- a/src/regress/lib/libssl/asn1/asn1test.c
+++ /dev/null
@@ -1,478 +0,0 @@
1/* $OpenBSD: asn1test.c,v 1.13 2024/07/22 14:50:45 jsing Exp $ */
2/*
3 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdlib.h>
20
21#include <openssl/bio.h>
22#include <openssl/err.h>
23#include <openssl/ssl.h>
24#include <openssl/tls1.h>
25
26#include "ssl_local.h"
27
28int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
29SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
30 long length);
31
32X509 *peer_cert;
33
34unsigned char *peer_cert_pem =
35 "-----BEGIN CERTIFICATE-----\n"
36 "MIIBcTCCARugAwIBAgIJAPYhaZJAvUuUMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n"
37 "BAoMCVRlc3QgUGVlcjAeFw0xNjEyMjYxNDQ3NDdaFw0yNjEyMjQxNDQ3NDdaMBQx\n"
38 "EjAQBgNVBAoMCVRlc3QgUGVlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCyhAdJ\n"
39 "wojHv/uKONh8MbmR2U2+VF1HQusnLfSfHPqkJfvDzLWJ41TG7QcXkx2rIJVtAFrO\n"
40 "U9yNdFYJLA/hsrbjAgMBAAGjUDBOMB0GA1UdDgQWBBS3bZOw7fvaortdsdE2TPMq\n"
41 "IRXFRzAfBgNVHSMEGDAWgBS3bZOw7fvaortdsdE2TPMqIRXFRzAMBgNVHRMEBTAD\n"
42 "AQH/MA0GCSqGSIb3DQEBBQUAA0EAHsxNS+rNUZbopeDMhVIviOfUmelDjJrT56Rc\n"
43 "VJoFN3Gc1cV8nQAHm9aJs71uksC+MN04Pzh0WqmYX9XXrnYPcg==\n"
44 "-----END CERTIFICATE-----\n";
45
46struct ssl_asn1_test {
47 SSL_SESSION session;
48 int peer_cert;
49 const unsigned char asn1[1024];
50 int asn1_len;
51};
52
53unsigned char tlsext_tick[] = {
54 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
55 0x2d, 0x30, 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37,
56 0x74, 0x68, 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c,
57 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
58 0x45, 0x2d, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35,
59 0x32, 0x39, 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68,
60 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
61 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
62 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39,
63 0x38, 0x3a, 0x20, 0x32, 0x31, 0x73, 0x74, 0x20,
64 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30,
65 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
66 0x30, 0x31, 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30,
67 0x3a, 0x20, 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d,
68 0x61, 0x79, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
69 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
70 0x2d, 0x30, 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35,
71 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
72 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45,
73 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32,
74 0x32, 0x31, 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20,
75 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31,
76 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
77 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a,
78 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
79 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
80};
81
82struct ssl_asn1_test ssl_asn1_tests[] = {
83 {
84 .session = {
85 .cipher_value = 1,
86 .ssl_version = TLS1_2_VERSION,
87 },
88 .asn1 = {
89 0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
90 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04,
91 0x00, 0xa4, 0x02, 0x04, 0x00,
92 },
93 .asn1_len = 21,
94 },
95 {
96 .session = {
97 .cipher_value = 1,
98 .ssl_version = TLS1_2_VERSION,
99 .master_key_length = 26,
100 .session_id = "0123456789",
101 .session_id_length = 10,
102 .sid_ctx = "abcdefghijklmnopqrstuvwxyz",
103 .sid_ctx_length = 26,
104 },
105 .asn1 = {
106 0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
107 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30,
108 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
109 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00,
110 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
111 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112 0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x1c, 0x04,
113 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
114 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
115 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
116 0x78, 0x79, 0x7a,
117 },
118 .asn1_len = 83,
119 },
120 {
121 .session = {
122 .cipher_value = 1,
123 .ssl_version = TLS1_2_VERSION,
124 .master_key_length = 26,
125 .session_id = "0123456789",
126 .session_id_length = 10,
127 .sid_ctx = "abcdefghijklmnopqrstuvwxyz",
128 .sid_ctx_length = 26,
129 .time = 1405266069,
130 .timeout = 5,
131 .verify_result = 42,
132 .tlsext_hostname = "libressl.openbsd.org",
133 .tlsext_tick_lifetime_hint = 0x7abbccdd,
134 .tlsext_tick = tlsext_tick,
135 .tlsext_ticklen = sizeof(tlsext_tick),
136 },
137 .peer_cert = 1,
138 .asn1 = {
139 0x30, 0x82, 0x02, 0xd1, 0x02, 0x01, 0x01, 0x02,
140 0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04,
141 0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
142 0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1,
146 0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2,
147 0x03, 0x02, 0x01, 0x05, 0xa3, 0x82, 0x01, 0x75,
148 0x30, 0x82, 0x01, 0x71, 0x30, 0x82, 0x01, 0x1b,
149 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
150 0xf6, 0x21, 0x69, 0x92, 0x40, 0xbd, 0x4b, 0x94,
151 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
152 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
153 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
154 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74,
155 0x20, 0x50, 0x65, 0x65, 0x72, 0x30, 0x1e, 0x17,
156 0x0d, 0x31, 0x36, 0x31, 0x32, 0x32, 0x36, 0x31,
157 0x34, 0x34, 0x37, 0x34, 0x37, 0x5a, 0x17, 0x0d,
158 0x32, 0x36, 0x31, 0x32, 0x32, 0x34, 0x31, 0x34,
159 0x34, 0x37, 0x34, 0x37, 0x5a, 0x30, 0x14, 0x31,
160 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
161 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50,
162 0x65, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06,
163 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
164 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30,
165 0x48, 0x02, 0x41, 0x00, 0xb2, 0x84, 0x07, 0x49,
166 0xc2, 0x88, 0xc7, 0xbf, 0xfb, 0x8a, 0x38, 0xd8,
167 0x7c, 0x31, 0xb9, 0x91, 0xd9, 0x4d, 0xbe, 0x54,
168 0x5d, 0x47, 0x42, 0xeb, 0x27, 0x2d, 0xf4, 0x9f,
169 0x1c, 0xfa, 0xa4, 0x25, 0xfb, 0xc3, 0xcc, 0xb5,
170 0x89, 0xe3, 0x54, 0xc6, 0xed, 0x07, 0x17, 0x93,
171 0x1d, 0xab, 0x20, 0x95, 0x6d, 0x00, 0x5a, 0xce,
172 0x53, 0xdc, 0x8d, 0x74, 0x56, 0x09, 0x2c, 0x0f,
173 0xe1, 0xb2, 0xb6, 0xe3, 0x02, 0x03, 0x01, 0x00,
174 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06,
175 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
176 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, 0xa2,
177 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, 0x2a,
178 0x21, 0x15, 0xc5, 0x47, 0x30, 0x1f, 0x06, 0x03,
179 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
180 0x14, 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda,
181 0xa2, 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3,
182 0x2a, 0x21, 0x15, 0xc5, 0x47, 0x30, 0x0c, 0x06,
183 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
184 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
185 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
186 0x05, 0x00, 0x03, 0x41, 0x00, 0x1e, 0xcc, 0x4d,
187 0x4b, 0xea, 0xcd, 0x51, 0x96, 0xe8, 0xa5, 0xe0,
188 0xcc, 0x85, 0x52, 0x2f, 0x88, 0xe7, 0xd4, 0x99,
189 0xe9, 0x43, 0x8c, 0x9a, 0xd3, 0xe7, 0xa4, 0x5c,
190 0x54, 0x9a, 0x05, 0x37, 0x71, 0x9c, 0xd5, 0xc5,
191 0x7c, 0x9d, 0x00, 0x07, 0x9b, 0xd6, 0x89, 0xb3,
192 0xbd, 0x6e, 0x92, 0xc0, 0xbe, 0x30, 0xdd, 0x38,
193 0x3f, 0x38, 0x74, 0x5a, 0xa9, 0x98, 0x5f, 0xd5,
194 0xd7, 0xae, 0x76, 0x0f, 0x72, 0xa4, 0x1c, 0x04,
195 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
196 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
197 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
198 0x78, 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a,
199 0xa6, 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72,
200 0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65,
201 0x6e, 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67,
202 0xa9, 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd,
203 0xaa, 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56,
204 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
205 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68,
206 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
207 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
208 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39,
209 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41,
210 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31,
211 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
212 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a,
213 0x20, 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70,
214 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34,
215 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31,
216 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20,
217 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79,
218 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
219 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
220 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68,
221 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30,
222 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
223 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31,
224 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75,
225 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
226 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
227 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35,
228 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
229 0x32, 0x30, 0x31, 0x34, 0x0a,
230 },
231 .asn1_len = 725,
232 },
233 {
234 .session = {
235 .cipher_value = 1,
236 .ssl_version = TLS1_2_VERSION,
237 .timeout = -1,
238 },
239 .asn1 = {
240 0x0,
241 },
242 .asn1_len = -1,
243 },
244 {
245 .session = {
246 .cipher_value = 1,
247 .ssl_version = TLS1_2_VERSION,
248 .time = -1,
249 },
250 .asn1 = {
251 0x0,
252 },
253 .asn1_len = -1,
254 },
255};
256
257#define N_SSL_ASN1_TESTS \
258 (sizeof(ssl_asn1_tests) / sizeof(*ssl_asn1_tests))
259
260static int
261session_strcmp(const unsigned char *o1, const unsigned char *o2, size_t len)
262{
263 if (o1 == NULL && o2 == NULL)
264 return (0);
265 if (o1 == NULL || o2 == NULL)
266 return (1);
267 return memcmp(o1, o2, len);
268}
269
270static int
271session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
272{
273 /* Compare the ASN.1 encoded values from two sessions. */
274 if (s1->ssl_version != s2->ssl_version) {
275 fprintf(stderr, "ssl_version differs: %d != %d\n",
276 s1->ssl_version, s2->ssl_version);
277 return (1);
278 }
279 if (s1->cipher_value != s2->cipher_value) {
280 fprintf(stderr, "cipher_value differs: %d != %d\n",
281 s1->cipher_value, s2->cipher_value);
282 return (1);
283 }
284
285 if (s1->master_key_length != s2->master_key_length) {
286 fprintf(stderr, "master_key_length differs: %zu != %zu\n",
287 s1->master_key_length, s2->master_key_length);
288 return (1);
289 }
290 if (session_strcmp(s1->master_key, s2->master_key,
291 s1->master_key_length) != 0) {
292 fprintf(stderr, "master_key differs\n");
293 return (1);
294 }
295
296 if (s1->session_id_length != s2->session_id_length) {
297 fprintf(stderr, "session_id_length differs: %zu != %zu\n",
298 s1->session_id_length, s2->session_id_length);
299 return (1);
300 }
301 if (session_strcmp(s1->session_id, s2->session_id,
302 s1->session_id_length) != 0) {
303 fprintf(stderr, "session_id differs\n");
304 return (1);
305 }
306
307 if (s1->sid_ctx_length != s2->sid_ctx_length) {
308 fprintf(stderr, "sid_ctx_length differs: %zu != %zu\n",
309 s1->sid_ctx_length, s2->sid_ctx_length);
310 return (1);
311 }
312 if (session_strcmp(s1->sid_ctx, s2->sid_ctx,
313 s1->sid_ctx_length) != 0) {
314 fprintf(stderr, "sid_ctx differs\n");
315 return (1);
316 }
317
318 /* d2i_SSL_SESSION uses the current time if decoding a zero value. */
319 if ((s1->time != s2->time) && s1->time != 0 && s2->time != 0) {
320 fprintf(stderr, "time differs: %lld != %lld\n",
321 (long long)s1->time, (long long)s2->time);
322 return (1);
323 }
324 /* d2i_SSL_SESSION uses a timeout of 3 if decoding a zero value. */
325 if ((s1->timeout != s2->timeout) &&
326 s1->timeout != 3 && s2->timeout != 3) {
327 fprintf(stderr, "timeout differs: %ld != %ld\n",
328 s1->timeout, s2->timeout);
329 return (1);
330 }
331
332 /* Ensure that a certificate is or is not present in both. */
333 if ((s1->peer_cert != NULL || s2->peer_cert != NULL) &&
334 (s1->peer_cert == NULL || s2->peer_cert == NULL ||
335 X509_cmp(s1->peer_cert, s2->peer_cert) != 0)) {
336 fprintf(stderr, "peer_cert differs\n");
337 return (1);
338 }
339
340 if (s1->verify_result != s2->verify_result) {
341 fprintf(stderr, "verify_result differs: %ld != %ld\n",
342 s1->verify_result, s2->verify_result);
343 return (1);
344 }
345
346 if (session_strcmp(s1->tlsext_hostname, s2->tlsext_hostname,
347 (s1->tlsext_hostname ? strlen(s1->tlsext_hostname) : 0)) != 0) {
348 fprintf(stderr, "sid_ctx differs\n");
349 return (1);
350 }
351 if (s1->tlsext_tick_lifetime_hint != s2->tlsext_tick_lifetime_hint) {
352 fprintf(stderr, "tlsext_tick_lifetime_hint differs: "
353 "%u != %u\n", s1->tlsext_tick_lifetime_hint,
354 s2->tlsext_tick_lifetime_hint);
355 return (1);
356 }
357 if (s1->tlsext_ticklen != s2->tlsext_ticklen) {
358 fprintf(stderr, "tlsext_ticklen differs: %zu != %zu\n",
359 s1->tlsext_ticklen, s2->tlsext_ticklen);
360 return (1);
361 }
362 if (session_strcmp(s1->tlsext_tick, s2->tlsext_tick,
363 s1->tlsext_ticklen) != 0) {
364 fprintf(stderr, "tlsext_tick differs\n");
365 return (1);
366 }
367
368 return (0);
369}
370
371static int
372do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
373{
374 SSL_SESSION *sp = NULL;
375 unsigned char *ap, *asn1 = NULL;
376 const unsigned char *pp;
377 int i, len, rv = 1;
378
379 if (sat->peer_cert)
380 sat->session.peer_cert = peer_cert;
381
382 len = i2d_SSL_SESSION(&sat->session, NULL);
383 if (len != sat->asn1_len) {
384 fprintf(stderr, "FAIL: test %d returned ASN1 length %d, "
385 "want %d\n", test_no, len, sat->asn1_len);
386 goto failed;
387 }
388
389 /* See if the test is expected to fail... */
390 if (sat->asn1_len == -1)
391 return (0);
392
393 if ((asn1 = malloc(len)) == NULL)
394 errx(1, "failed to allocate memory");
395
396 ap = asn1;
397 len = i2d_SSL_SESSION(&sat->session, &ap);
398
399 /* Check the length again since the code path is different. */
400 if (len != sat->asn1_len) {
401 fprintf(stderr, "FAIL: test %d returned ASN1 length %d, "
402 "want %d\n", test_no, len, sat->asn1_len);
403 goto failed;
404 }
405 /* ap should now point at the end of the buffer. */
406 if (ap - asn1 != len) {
407 fprintf(stderr, "FAIL: test %d pointer increment does not "
408 "match length (%d != %d)\n", test_no, (int)(ap - asn1), len);
409 goto failed;
410 }
411
412 if (memcmp(asn1, &sat->asn1, len) != 0) {
413 fprintf(stderr, "FAIL: test %d - encoding differs:\n", test_no);
414 fprintf(stderr, "encoding:\n");
415 for (i = 1; i <= len; i++) {
416 fprintf(stderr, " 0x%02hhx,", asn1[i - 1]);
417 if (i % 8 == 0)
418 fprintf(stderr, "\n");
419 }
420 fprintf(stderr, "\n");
421 fprintf(stderr, "test data:\n");
422 for (i = 1; i <= sat->asn1_len; i++) {
423 fprintf(stderr, " 0x%02hhx,", sat->asn1[i - 1]);
424 if (i % 8 == 0)
425 fprintf(stderr, "\n");
426 }
427 fprintf(stderr, "\n");
428 goto failed;
429 }
430
431 pp = sat->asn1;
432
433 if ((sp = d2i_SSL_SESSION(NULL, &pp, sat->asn1_len)) == NULL) {
434 fprintf(stderr, "FAIL: test %d - decoding failed\n", test_no);
435 goto failed;
436 }
437
438 if (session_cmp(sp, &sat->session) != 0) {
439 fprintf(stderr, "FAIL: test %d - decoding differs\n", test_no);
440 goto failed;
441 }
442
443 rv = 0;
444
445 failed:
446 ERR_print_errors_fp(stderr);
447 SSL_SESSION_free(sp);
448 free(asn1);
449
450 return (rv);
451}
452
453int
454main(int argc, char **argv)
455{
456 BIO *bio = NULL;
457 int failed = 0;
458 size_t i;
459
460 SSL_library_init();
461 SSL_load_error_strings();
462
463 bio = BIO_new_mem_buf(peer_cert_pem, -1);
464 if (bio == NULL)
465 errx(1, "failed to create bio");
466
467 peer_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
468 if (peer_cert == NULL)
469 errx(1, "failed to read peer cert");
470
471 for (i = 0; i < N_SSL_ASN1_TESTS; i++)
472 failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]);
473
474 X509_free(peer_cert);
475 BIO_free(bio);
476
477 return (failed);
478}
diff --git a/src/regress/lib/libssl/buffer/Makefile b/src/regress/lib/libssl/buffer/Makefile
deleted file mode 100644
index 64ed46fa90..0000000000
--- a/src/regress/lib/libssl/buffer/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2019/01/17 06:46:10 jsing Exp $
2
3PROG= buffertest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/buffer/buffertest.c b/src/regress/lib/libssl/buffer/buffertest.c
deleted file mode 100644
index 3dfad7c44f..0000000000
--- a/src/regress/lib/libssl/buffer/buffertest.c
+++ /dev/null
@@ -1,364 +0,0 @@
1/* $OpenBSD: buffertest.c,v 1.6 2022/07/22 19:34:55 jsing Exp $ */
2/*
3 * Copyright (c) 2019, 2022 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22
23#include "tls_internal.h"
24
25uint8_t testdata[] = {
26 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
27 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
28};
29
30struct read_state {
31 uint8_t *buf;
32 size_t len;
33 size_t offset;
34};
35
36static ssize_t
37read_cb(void *buf, size_t buflen, void *cb_arg)
38{
39 struct read_state *rs = cb_arg;
40 ssize_t n;
41
42 if (rs->offset > rs->len)
43 return TLS_IO_EOF;
44
45 if ((size_t)(n = buflen) > (rs->len - rs->offset))
46 n = rs->len - rs->offset;
47
48 if (n == 0)
49 return TLS_IO_WANT_POLLIN;
50
51 memcpy(buf, &rs->buf[rs->offset], n);
52 rs->offset += n;
53
54 return n;
55}
56
57struct extend_test {
58 size_t extend_len;
59 size_t read_len;
60 ssize_t want_ret;
61};
62
63const struct extend_test extend_tests[] = {
64 {
65 .extend_len = 4,
66 .read_len = 0,
67 .want_ret = TLS_IO_WANT_POLLIN,
68 },
69 {
70 .extend_len = 4,
71 .read_len = 8,
72 .want_ret = 4,
73 },
74 {
75 .extend_len = 12,
76 .read_len = 8,
77 .want_ret = TLS_IO_WANT_POLLIN,
78 },
79 {
80 .extend_len = 12,
81 .read_len = 10,
82 .want_ret = TLS_IO_WANT_POLLIN,
83 },
84 {
85 .extend_len = 12,
86 .read_len = 12,
87 .want_ret = 12,
88 },
89 {
90 .extend_len = 16,
91 .read_len = 16,
92 .want_ret = 16,
93 },
94 {
95 .extend_len = 20,
96 .read_len = 1,
97 .want_ret = TLS_IO_EOF,
98 },
99};
100
101#define N_EXTEND_TESTS (sizeof(extend_tests) / sizeof(extend_tests[0]))
102
103static int
104tls_buffer_extend_test(void)
105{
106 const struct extend_test *et;
107 struct tls_buffer *buf;
108 struct read_state rs;
109 uint8_t *data = NULL;
110 size_t i, data_len;
111 ssize_t ret;
112 CBS cbs;
113 int failed = 1;
114
115 rs.buf = testdata;
116 rs.offset = 0;
117
118 if ((buf = tls_buffer_new(0)) == NULL)
119 errx(1, "tls_buffer_new");
120
121 for (i = 0; i < N_EXTEND_TESTS; i++) {
122 et = &extend_tests[i];
123 rs.len = et->read_len;
124
125 ret = tls_buffer_extend(buf, et->extend_len, read_cb, &rs);
126 if (ret != extend_tests[i].want_ret) {
127 fprintf(stderr, "FAIL: Test %zd - extend returned %zd, "
128 "want %zd\n", i, ret, et->want_ret);
129 goto failed;
130 }
131
132 if (!tls_buffer_data(buf, &cbs)) {
133 fprintf(stderr, "FAIL: Test %zd - failed to get data\n",
134 i);
135 goto failed;
136 }
137
138 if (!CBS_mem_equal(&cbs, testdata, CBS_len(&cbs))) {
139 fprintf(stderr, "FAIL: Test %zd - extend buffer "
140 "mismatch", i);
141 goto failed;
142 }
143 }
144
145 if (!tls_buffer_finish(buf, &data, &data_len)) {
146 fprintf(stderr, "FAIL: failed to finish\n");
147 goto failed;
148 }
149
150 tls_buffer_free(buf);
151 buf = NULL;
152
153 if (data_len != sizeof(testdata)) {
154 fprintf(stderr, "FAIL: got data length %zu, want %zu\n",
155 data_len, sizeof(testdata));
156 goto failed;
157 }
158 if (memcmp(data, testdata, data_len) != 0) {
159 fprintf(stderr, "FAIL: data mismatch\n");
160 goto failed;
161 }
162
163 failed = 0;
164
165 failed:
166 tls_buffer_free(buf);
167 free(data);
168
169 return failed;
170}
171
172struct read_write_test {
173 uint8_t pattern;
174 size_t read;
175 size_t write;
176 size_t append;
177 ssize_t want;
178};
179
180const struct read_write_test read_write_tests[] = {
181 {
182 .read = 2048,
183 .want = TLS_IO_WANT_POLLIN,
184 },
185 {
186 .pattern = 0xdb,
187 .write = 2048,
188 .want = 2048,
189 },
190 {
191 .pattern = 0xbd,
192 .append = 2048,
193 .want = 1,
194 },
195 {
196 .pattern = 0xdb,
197 .read = 2048,
198 .want = 2048,
199 },
200 {
201 .pattern = 0xfe,
202 .append = 1024,
203 .want = 1,
204 },
205 {
206 .pattern = 0xbd,
207 .read = 1000,
208 .want = 1000,
209 },
210 {
211 .pattern = 0xbd,
212 .read = 1048,
213 .want = 1048,
214 },
215 {
216 .pattern = 0xdb,
217 .write = 2048,
218 .want = 2048,
219 },
220 {
221 .pattern = 0xbd,
222 .append = 1024,
223 .want = 1,
224 },
225 {
226 .pattern = 0xee,
227 .append = 4096,
228 .want = 1,
229 },
230 {
231 .pattern = 0xfe,
232 .append = 1,
233 .want = 0,
234 },
235 {
236 .pattern = 0xfe,
237 .write = 1,
238 .want = TLS_IO_FAILURE,
239 },
240 {
241 .pattern = 0xfe,
242 .read = 1024,
243 .want = 1024,
244 },
245 {
246 .pattern = 0xdb,
247 .read = 2048,
248 .want = 2048,
249 },
250 {
251 .pattern = 0xbd,
252 .read = 1024,
253 .want = 1024,
254 },
255 {
256 .pattern = 0xee,
257 .read = 1024,
258 .want = 1024,
259 },
260 {
261 .pattern = 0xee,
262 .read = 4096,
263 .want = 3072,
264 },
265 {
266 .read = 2048,
267 .want = TLS_IO_WANT_POLLIN,
268 },
269};
270
271#define N_READ_WRITE_TESTS (sizeof(read_write_tests) / sizeof(read_write_tests[0]))
272
273static int
274tls_buffer_read_write_test(void)
275{
276 const struct read_write_test *rwt;
277 struct tls_buffer *buf = NULL;
278 uint8_t *rbuf = NULL, *wbuf = NULL;
279 ssize_t n;
280 size_t i;
281 int ret;
282 int failed = 1;
283
284 if ((buf = tls_buffer_new(0)) == NULL)
285 errx(1, "tls_buffer_new");
286
287 tls_buffer_set_capacity_limit(buf, 8192);
288
289 for (i = 0; i < N_READ_WRITE_TESTS; i++) {
290 rwt = &read_write_tests[i];
291
292 if (rwt->append > 0) {
293 free(wbuf);
294 if ((wbuf = malloc(rwt->append)) == NULL)
295 errx(1, "malloc");
296 memset(wbuf, rwt->pattern, rwt->append);
297 if ((ret = tls_buffer_append(buf, wbuf, rwt->append)) !=
298 rwt->want) {
299 fprintf(stderr, "FAIL: test %zu - "
300 "tls_buffer_append() = %d, want %zu\n",
301 i, ret, rwt->want);
302 goto failed;
303 }
304 }
305
306 if (rwt->write > 0) {
307 free(wbuf);
308 if ((wbuf = malloc(rwt->write)) == NULL)
309 errx(1, "malloc");
310 memset(wbuf, rwt->pattern, rwt->write);
311 if ((n = tls_buffer_write(buf, wbuf, rwt->write)) !=
312 rwt->want) {
313 fprintf(stderr, "FAIL: test %zu - "
314 "tls_buffer_write() = %zi, want %zu\n",
315 i, n, rwt->want);
316 goto failed;
317 }
318 }
319
320 if (rwt->read > 0) {
321 free(rbuf);
322 if ((rbuf = calloc(1, rwt->read)) == NULL)
323 errx(1, "malloc");
324 if ((n = tls_buffer_read(buf, rbuf, rwt->read)) !=
325 rwt->want) {
326 fprintf(stderr, "FAIL: test %zu - "
327 "tls_buffer_read() = %zi, want %zu\n",
328 i, n, rwt->want);
329 goto failed;
330 }
331 if (rwt->want > 0) {
332 free(wbuf);
333 if ((wbuf = malloc(rwt->want)) == NULL)
334 errx(1, "malloc");
335 memset(wbuf, rwt->pattern, rwt->want);
336 if (memcmp(rbuf, wbuf, rwt->want) != 0) {
337 fprintf(stderr, "FAIL: test %zu - "
338 "read byte mismatch\n", i);
339 goto failed;
340 }
341 }
342 }
343 }
344
345 failed = 0;
346
347 failed:
348 tls_buffer_free(buf);
349 free(rbuf);
350 free(wbuf);
351
352 return failed;
353}
354
355int
356main(int argc, char **argv)
357{
358 int failed = 0;
359
360 failed |= tls_buffer_extend_test();
361 failed |= tls_buffer_read_write_test();
362
363 return failed;
364}
diff --git a/src/regress/lib/libssl/bytestring/Makefile b/src/regress/lib/libssl/bytestring/Makefile
deleted file mode 100644
index 91b3fea902..0000000000
--- a/src/regress/lib/libssl/bytestring/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2022/06/29 15:06:18 tb Exp $
2
3PROG= bytestringtest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/bytestring/bytestringtest.c b/src/regress/lib/libssl/bytestring/bytestringtest.c
deleted file mode 100644
index 36f45c4bdc..0000000000
--- a/src/regress/lib/libssl/bytestring/bytestringtest.c
+++ /dev/null
@@ -1,968 +0,0 @@
1/* $OpenBSD: bytestringtest.c,v 1.17 2023/01/01 17:43:04 miod Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/crypto.h>
22
23#include "bytestring.h"
24
25/* This is from <openssl/base.h> in boringssl */
26#define OPENSSL_U64(x) x##ULL
27
28#define PRINT_ERROR printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
29 __LINE__)
30
31#define CHECK(a) do { \
32 if (!(a)) { \
33 PRINT_ERROR; \
34 return 0; \
35 } \
36} while (0)
37
38#define CHECK_GOTO(a) do { \
39 if (!(a)) { \
40 PRINT_ERROR; \
41 goto err; \
42 } \
43} while (0)
44
45static int
46test_skip(void)
47{
48 static const uint8_t kData[] = {1, 2, 3};
49 CBS data;
50
51 CBS_init(&data, kData, sizeof(kData));
52
53 CHECK(CBS_len(&data) == 3);
54 CHECK(CBS_skip(&data, 1));
55 CHECK(CBS_len(&data) == 2);
56 CHECK(CBS_skip(&data, 2));
57 CHECK(CBS_len(&data) == 0);
58 CHECK(!CBS_skip(&data, 1));
59
60 return 1;
61}
62
63static int
64test_get_u(void)
65{
66 static const uint8_t kData[] = {
67 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
68 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
69 };
70 uint8_t u8;
71 uint16_t u16;
72 uint32_t u32;
73 uint64_t u64;
74 CBS data;
75
76 CBS_init(&data, kData, sizeof(kData));
77
78 CHECK(CBS_get_u8(&data, &u8));
79 CHECK(u8 == 1);
80 CHECK(CBS_get_u16(&data, &u16));
81 CHECK(u16 == 0x203);
82 CHECK(CBS_get_u24(&data, &u32));
83 CHECK(u32 == 0x40506);
84 CHECK(CBS_get_u32(&data, &u32));
85 CHECK(u32 == 0x708090a);
86 CHECK(CBS_get_u64(&data, &u64));
87 CHECK(u64 == 0x0b0c0d0e0f101112ULL);
88 CHECK(CBS_get_last_u8(&data, &u8));
89 CHECK(u8 == 20);
90 CHECK(CBS_get_last_u8(&data, &u8));
91 CHECK(u8 == 19);
92 CHECK(!CBS_get_u8(&data, &u8));
93 CHECK(!CBS_get_last_u8(&data, &u8));
94
95 return 1;
96}
97
98static int
99test_get_prefixed(void)
100{
101 static const uint8_t kData[] = {1, 2, 0, 2, 3, 4, 0, 0, 3, 3, 2, 1};
102 uint8_t u8;
103 uint16_t u16;
104 uint32_t u32;
105 CBS data, prefixed;
106
107 CBS_init(&data, kData, sizeof(kData));
108
109 CHECK(CBS_get_u8_length_prefixed(&data, &prefixed));
110 CHECK(CBS_len(&prefixed) == 1);
111 CHECK(CBS_get_u8(&prefixed, &u8));
112 CHECK(u8 == 2);
113 CHECK(CBS_get_u16_length_prefixed(&data, &prefixed));
114 CHECK(CBS_len(&prefixed) == 2);
115 CHECK(CBS_get_u16(&prefixed, &u16));
116 CHECK(u16 == 0x304);
117 CHECK(CBS_get_u24_length_prefixed(&data, &prefixed));
118 CHECK(CBS_len(&prefixed) == 3);
119 CHECK(CBS_get_u24(&prefixed, &u32));
120 CHECK(u32 == 0x30201);
121
122 return 1;
123}
124
125static int
126test_get_prefixed_bad(void)
127{
128 static const uint8_t kData1[] = {2, 1};
129 static const uint8_t kData2[] = {0, 2, 1};
130 static const uint8_t kData3[] = {0, 0, 2, 1};
131 CBS data, prefixed;
132
133 CBS_init(&data, kData1, sizeof(kData1));
134 CHECK(!CBS_get_u8_length_prefixed(&data, &prefixed));
135
136 CBS_init(&data, kData2, sizeof(kData2));
137 CHECK(!CBS_get_u16_length_prefixed(&data, &prefixed));
138
139 CBS_init(&data, kData3, sizeof(kData3));
140 CHECK(!CBS_get_u24_length_prefixed(&data, &prefixed));
141
142 return 1;
143}
144
145static int
146test_peek_u(void)
147{
148 static const uint8_t kData[] = {
149 1, 2, 3, 4, 5, 6, 7, 8, 9,
150 };
151 uint8_t u8;
152 uint16_t u16;
153 uint32_t u32;
154 CBS data;
155
156 CBS_init(&data, kData, sizeof(kData));
157
158 CHECK(CBS_peek_u8(&data, &u8));
159 CHECK(u8 == 1);
160 CHECK(CBS_peek_u16(&data, &u16));
161 CHECK(u16 == 0x102);
162 CHECK(CBS_peek_u24(&data, &u32));
163 CHECK(u32 == 0x10203);
164 CHECK(CBS_peek_u32(&data, &u32));
165 CHECK(u32 == 0x1020304);
166 CHECK(CBS_get_u32(&data, &u32));
167 CHECK(u32 == 0x1020304);
168 CHECK(CBS_peek_last_u8(&data, &u8));
169 CHECK(u8 == 9);
170 CHECK(CBS_peek_u32(&data, &u32));
171 CHECK(u32 == 0x5060708);
172 CHECK(CBS_get_u32(&data, &u32));
173 CHECK(u32 == 0x5060708);
174 CHECK(CBS_get_u8(&data, &u8));
175 CHECK(u8 == 9);
176 CHECK(!CBS_get_u8(&data, &u8));
177
178 return 1;
179}
180
181static int
182test_get_asn1(void)
183{
184 static const uint8_t kData1[] = {0x30, 2, 1, 2};
185 static const uint8_t kData2[] = {0x30, 3, 1, 2};
186 static const uint8_t kData3[] = {0x30, 0x80};
187 static const uint8_t kData4[] = {0x30, 0x81, 1, 1};
188 static const uint8_t kData5[4 + 0x80] = {0x30, 0x82, 0, 0x80};
189 static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1};
190 static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1};
191 static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1};
192 static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff};
193
194 CBS data, contents;
195 int present;
196 uint64_t value;
197
198 CBS_init(&data, kData1, sizeof(kData1));
199
200 CHECK(!CBS_peek_asn1_tag(&data, 0x1));
201 CHECK(CBS_peek_asn1_tag(&data, 0x30));
202
203 CHECK(CBS_get_asn1(&data, &contents, 0x30));
204 CHECK(CBS_len(&contents) == 2);
205 CHECK(memcmp(CBS_data(&contents), "\x01\x02", 2) == 0);
206
207 CBS_init(&data, kData2, sizeof(kData2));
208 /* data is truncated */
209 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
210
211 CBS_init(&data, kData3, sizeof(kData3));
212 /* zero byte length of length */
213 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
214
215 CBS_init(&data, kData4, sizeof(kData4));
216 /* long form mistakenly used. */
217 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
218
219 CBS_init(&data, kData5, sizeof(kData5));
220 /* length takes too many bytes. */
221 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
222
223 CBS_init(&data, kData1, sizeof(kData1));
224 /* wrong tag. */
225 CHECK(!CBS_get_asn1(&data, &contents, 0x31));
226
227 CBS_init(&data, NULL, 0);
228 /* peek at empty data. */
229 CHECK(!CBS_peek_asn1_tag(&data, 0x30));
230
231 CBS_init(&data, NULL, 0);
232 /* optional elements at empty data. */
233 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa0));
234 CHECK(!present);
235 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
236 0xa0));
237 CHECK(!present);
238 CHECK(CBS_len(&contents) == 0);
239 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0));
240 CHECK(CBS_len(&contents) == 0);
241 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42));
242 CHECK(value == 42);
243
244 CBS_init(&data, kData6, sizeof(kData6));
245 /* optional element. */
246 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa0));
247 CHECK(!present);
248 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa1));
249 CHECK(present);
250 CHECK(CBS_len(&contents) == 3);
251 CHECK(memcmp(CBS_data(&contents), "\x04\x01\x01", 3) == 0);
252
253 CBS_init(&data, kData6, sizeof(kData6));
254 /* optional octet string. */
255 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
256 0xa0));
257 CHECK(!present);
258 CHECK(CBS_len(&contents) == 0);
259 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
260 0xa1));
261 CHECK(present);
262 CHECK(CBS_len(&contents) == 1);
263 CHECK(CBS_data(&contents)[0] == 1);
264
265 CBS_init(&data, kData7, sizeof(kData7));
266 /* invalid optional octet string. */
267 CHECK(!CBS_get_optional_asn1_octet_string(&data, &contents, &present,
268 0xa1));
269
270 CBS_init(&data, kData8, sizeof(kData8));
271 /* optional octet string. */
272 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42));
273 CHECK(value == 42);
274 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42));
275 CHECK(value == 1);
276
277 CBS_init(&data, kData9, sizeof(kData9));
278 /* invalid optional integer. */
279 CHECK(!CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42));
280
281 return 1;
282}
283
284static int
285test_get_optional_asn1_bool(void)
286{
287 CBS data;
288 int val;
289
290 static const uint8_t kTrue[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0xff};
291 static const uint8_t kFalse[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x00};
292 static const uint8_t kInvalid[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x01};
293
294 CBS_init(&data, NULL, 0);
295 val = 2;
296 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0));
297 CHECK(val == 0);
298
299 CBS_init(&data, kTrue, sizeof(kTrue));
300 val = 2;
301 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0));
302 CHECK(val == 1);
303
304 CBS_init(&data, kFalse, sizeof(kFalse));
305 val = 2;
306 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1));
307 CHECK(val == 0);
308
309 CBS_init(&data, kInvalid, sizeof(kInvalid));
310 CHECK(!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1));
311
312 return 1;
313}
314
315static int
316test_cbb_basic(void)
317{
318 static const uint8_t kExpected[] = {
319 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
320 13, 14, 15, 16, 17, 18, 19, 20,
321 };
322 uint8_t *buf = NULL;
323 size_t buf_len;
324 int ret = 0;
325 CBB cbb;
326
327 CHECK(CBB_init(&cbb, 100));
328
329 CBB_cleanup(&cbb);
330
331 CHECK(CBB_init(&cbb, 0));
332 CHECK_GOTO(CBB_add_u8(&cbb, 1));
333 CHECK_GOTO(CBB_add_u16(&cbb, 0x203));
334 CHECK_GOTO(CBB_add_u24(&cbb, 0x40506));
335 CHECK_GOTO(CBB_add_u32(&cbb, 0x708090a));
336 CHECK_GOTO(CBB_add_bytes(&cbb, (const uint8_t*) "\x0b\x0c", 2));
337 CHECK_GOTO(CBB_add_u64(&cbb, 0xd0e0f1011121314LL));
338 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
339
340 ret = (buf_len == sizeof(kExpected)
341 && memcmp(buf, kExpected, buf_len) == 0);
342
343 if (0) {
344err:
345 CBB_cleanup(&cbb);
346 }
347 free(buf);
348 return ret;
349}
350
351static int
352test_cbb_add_space(void)
353{
354 static const uint8_t kExpected[] = {1, 2, 0, 0, 0, 0, 7, 8};
355 uint8_t *buf = NULL;
356 size_t buf_len;
357 uint8_t *data;
358 int ret = 0;
359 CBB cbb;
360
361 CHECK(CBB_init(&cbb, 100));
362
363 CHECK_GOTO(CBB_add_u16(&cbb, 0x102));
364 CHECK_GOTO(CBB_add_space(&cbb, &data, 4));
365 CHECK_GOTO(CBB_add_u16(&cbb, 0x708));
366 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
367
368 ret |= (buf_len == sizeof(kExpected)
369 && memcmp(buf, kExpected, buf_len) == 0);
370
371 memset(buf, 0xa5, buf_len);
372 CHECK(CBB_init_fixed(&cbb, buf, buf_len));
373
374 CHECK_GOTO(CBB_add_u16(&cbb, 0x102));
375 CHECK_GOTO(CBB_add_space(&cbb, &data, 4));
376 CHECK_GOTO(CBB_add_u16(&cbb, 0x708));
377 CHECK_GOTO(CBB_finish(&cbb, NULL, NULL));
378
379 ret |= (buf_len == sizeof(kExpected)
380 && memcmp(buf, kExpected, buf_len) == 0);
381
382 if (0) {
383err:
384 CBB_cleanup(&cbb);
385 }
386 free(buf);
387 return ret;
388}
389
390static int
391test_cbb_fixed(void)
392{
393 CBB cbb;
394 uint8_t buf[1];
395 uint8_t *out_buf = NULL;
396 size_t out_size;
397 int ret = 0;
398
399 CHECK(CBB_init_fixed(&cbb, NULL, 0));
400 CHECK_GOTO(!CBB_add_u8(&cbb, 1));
401 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
402 CHECK(out_buf == NULL && out_size == 0);
403
404 CHECK(CBB_init_fixed(&cbb, buf, 1));
405 CHECK_GOTO(CBB_add_u8(&cbb, 1));
406 CHECK_GOTO(!CBB_add_u8(&cbb, 2));
407 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
408
409 ret = (out_buf == buf && out_size == 1 && buf[0] == 1);
410
411 if (0) {
412err:
413 CBB_cleanup(&cbb);
414 }
415
416 return ret;
417}
418
419static int
420test_cbb_finish_child(void)
421{
422 CBB cbb, child;
423 uint8_t *out_buf = NULL;
424 size_t out_size;
425 int ret = 0;
426
427 CHECK(CBB_init(&cbb, 16));
428 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &child));
429 CHECK_GOTO(!CBB_finish(&child, &out_buf, &out_size));
430 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
431
432 ret = (out_size == 1 && out_buf[0] == 0);
433
434err:
435 free(out_buf);
436 return ret;
437}
438
439static int
440test_cbb_prefixed(void)
441{
442 static const uint8_t kExpected[] = {0, 1, 1, 0, 2, 2, 3, 0, 0, 3,
443 4, 5, 6, 5, 4, 1, 0, 1, 2};
444 CBB cbb, contents, inner_contents, inner_inner_contents;
445 uint8_t *buf = NULL;
446 size_t buf_len;
447 int ret = 0;
448
449 CHECK(CBB_init(&cbb, 0));
450 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
451 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
452 CHECK_GOTO(CBB_add_u8(&contents, 1));
453 CHECK_GOTO(CBB_add_u16_length_prefixed(&cbb, &contents));
454 CHECK_GOTO(CBB_add_u16(&contents, 0x203));
455 CHECK_GOTO(CBB_add_u24_length_prefixed(&cbb, &contents));
456 CHECK_GOTO(CBB_add_u24(&contents, 0x40506));
457 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
458 CHECK_GOTO(CBB_add_u8_length_prefixed(&contents, &inner_contents));
459 CHECK_GOTO(CBB_add_u8(&inner_contents, 1));
460 CHECK_GOTO(CBB_add_u16_length_prefixed(&inner_contents,
461 &inner_inner_contents));
462 CHECK_GOTO(CBB_add_u8(&inner_inner_contents, 2));
463 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
464
465 ret = (buf_len == sizeof(kExpected)
466 && memcmp(buf, kExpected, buf_len) == 0);
467
468 if (0) {
469err:
470 CBB_cleanup(&cbb);
471 }
472 free(buf);
473 return ret;
474}
475
476static int
477test_cbb_discard_child(void)
478{
479 static const uint8_t kExpected[] = {
480 0xaa,
481 0,
482 1, 0xbb,
483 0, 2, 0xcc, 0xcc,
484 0, 0, 3, 0xdd, 0xdd, 0xdd,
485 1, 0xff,
486 };
487 CBB cbb, contents, inner_contents, inner_inner_contents;
488 uint8_t *buf = NULL;
489 size_t buf_len;
490 int ret = 0;
491
492 CHECK(CBB_init(&cbb, 0));
493 CHECK_GOTO(CBB_add_u8(&cbb, 0xaa));
494
495 // Discarding |cbb|'s children preserves the byte written.
496 CBB_discard_child(&cbb);
497
498 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
499 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
500 CHECK_GOTO(CBB_add_u8(&contents, 0xbb));
501 CHECK_GOTO(CBB_add_u16_length_prefixed(&cbb, &contents));
502 CHECK_GOTO(CBB_add_u16(&contents, 0xcccc));
503 CHECK_GOTO(CBB_add_u24_length_prefixed(&cbb, &contents));
504 CHECK_GOTO(CBB_add_u24(&contents, 0xdddddd));
505 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
506 CHECK_GOTO(CBB_add_u8(&contents, 0xff));
507 CHECK_GOTO(CBB_add_u8_length_prefixed(&contents, &inner_contents));
508 CHECK_GOTO(CBB_add_u8(&inner_contents, 0x42));
509 CHECK_GOTO(CBB_add_u16_length_prefixed(&inner_contents,
510 &inner_inner_contents));
511 CHECK_GOTO(CBB_add_u8(&inner_inner_contents, 0x99));
512
513 // Discard everything from |inner_contents| down.
514 CBB_discard_child(&contents);
515
516 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
517
518 ret = (buf_len == sizeof(kExpected)
519 && memcmp(buf, kExpected, buf_len) == 0);
520
521 if (0) {
522err:
523 CBB_cleanup(&cbb);
524 }
525 free(buf);
526 return ret;
527}
528
529static int
530test_cbb_misuse(void)
531{
532 CBB cbb, child, contents;
533 uint8_t *buf = NULL;
534 size_t buf_len;
535 int ret = 0;
536
537 CHECK(CBB_init(&cbb, 0));
538 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &child));
539 CHECK_GOTO(CBB_add_u8(&child, 1));
540 CHECK_GOTO(CBB_add_u8(&cbb, 2));
541
542 /*
543 * Since we wrote to |cbb|, |child| is now invalid and attempts to write
544 * to it should fail.
545 */
546 CHECK_GOTO(!CBB_add_u8(&child, 1));
547 CHECK_GOTO(!CBB_add_u16(&child, 1));
548 CHECK_GOTO(!CBB_add_u24(&child, 1));
549 CHECK_GOTO(!CBB_add_u8_length_prefixed(&child, &contents));
550 CHECK_GOTO(!CBB_add_u16_length_prefixed(&child, &contents));
551 CHECK_GOTO(!CBB_add_asn1(&child, &contents, 1));
552 CHECK_GOTO(!CBB_add_bytes(&child, (const uint8_t*) "a", 1));
553 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
554
555 ret = (buf_len == 3 && memcmp(buf, "\x01\x01\x02", 3) == 0);
556
557 if (0) {
558err:
559 CBB_cleanup(&cbb);
560 }
561 free(buf);
562 return ret;
563}
564
565static int
566test_cbb_asn1(void)
567{
568 static const uint8_t kExpected[] = {0x30, 3, 1, 2, 3};
569 uint8_t *buf = NULL, *test_data = NULL;
570 size_t buf_len;
571 CBB cbb, contents, inner_contents;
572 int ret = 0;
573 int alloc = 0;
574
575 CHECK_GOTO(CBB_init(&cbb, 0));
576 alloc = 1;
577 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
578 CHECK_GOTO(CBB_add_bytes(&contents, (const uint8_t*) "\x01\x02\x03",
579 3));
580 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
581 alloc = 0;
582
583 CHECK_GOTO(buf_len == sizeof(kExpected));
584 CHECK_GOTO(memcmp(buf, kExpected, buf_len) == 0);
585
586 free(buf);
587 buf = NULL;
588
589 CHECK_GOTO(((test_data = malloc(100000)) != NULL));
590 memset(test_data, 0x42, 100000);
591
592 CHECK_GOTO(CBB_init(&cbb, 0));
593 alloc = 1;
594 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
595 CHECK_GOTO(CBB_add_bytes(&contents, test_data, 130));
596 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
597 alloc = 0;
598
599 CHECK_GOTO(buf_len == 3 + 130);
600 CHECK_GOTO(memcmp(buf, "\x30\x81\x82", 3) == 0);
601 CHECK_GOTO(memcmp(buf + 3, test_data, 130) == 0);
602
603 free(buf);
604 buf = NULL;
605
606 CHECK_GOTO(CBB_init(&cbb, 0));
607 alloc = 1;
608 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
609 CHECK_GOTO(CBB_add_bytes(&contents, test_data, 1000));
610 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
611 alloc = 0;
612
613 CHECK_GOTO(buf_len == 4 + 1000);
614 CHECK_GOTO(memcmp(buf, "\x30\x82\x03\xe8", 4) == 0);
615 CHECK_GOTO(!memcmp(buf + 4, test_data, 1000));
616
617 free(buf);
618 buf = NULL;
619
620 CHECK_GOTO(CBB_init(&cbb, 0));
621 alloc = 1;
622 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
623 CHECK_GOTO(CBB_add_asn1(&contents, &inner_contents, 0x30));
624 CHECK_GOTO(CBB_add_bytes(&inner_contents, test_data, 100000));
625 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
626 alloc = 0;
627
628 CHECK_GOTO(buf_len == 5 + 5 + 100000);
629 CHECK_GOTO(memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10)
630 == 0);
631 CHECK_GOTO(!memcmp(buf + 10, test_data, 100000));
632
633 ret = 1;
634
635 if (0) {
636err:
637 if (alloc)
638 CBB_cleanup(&cbb);
639 }
640 free(buf);
641 free(test_data);
642 return ret;
643}
644
645static int
646do_indefinite_convert(const char *name, const uint8_t *definite_expected,
647 size_t definite_len, const uint8_t *indefinite, size_t indefinite_len)
648{
649 CBS in;
650 uint8_t *out = NULL;
651 size_t out_len;
652 int ret = 0;
653
654 CBS_init(&in, indefinite, indefinite_len);
655
656 CHECK_GOTO(CBS_asn1_indefinite_to_definite(&in, &out, &out_len));
657
658 if (out == NULL) {
659
660 if (indefinite_len != definite_len ||
661 memcmp(definite_expected, indefinite, indefinite_len) != 0) {
662 PRINT_ERROR;
663 goto err;
664 }
665
666 return 1;
667 }
668
669 if (out_len != definite_len ||
670 memcmp(out, definite_expected, definite_len) != 0) {
671 PRINT_ERROR;
672 goto err;
673 }
674
675 ret = 1;
676err:
677 free(out);
678 return ret;
679}
680
681static int
682test_indefinite_convert(void)
683{
684 static const uint8_t kSimpleBER[] = {0x01, 0x01, 0x00};
685
686 /* kIndefBER contains a SEQUENCE with an indefinite length. */
687 static const uint8_t kIndefBER[] = {0x30, 0x80, 0x01, 0x01, 0x02, 0x00,
688 0x00};
689 static const uint8_t kIndefDER[] = {0x30, 0x03, 0x01, 0x01, 0x02};
690
691 /*
692 * kOctetStringBER contains an indefinite length OCTETSTRING with two
693 * parts. These parts need to be concatenated in DER form.
694 */
695 static const uint8_t kOctetStringBER[] = {0x24, 0x80, 0x04, 0x02, 0,
696 1, 0x04, 0x02, 2, 3, 0x00, 0x00};
697 static const uint8_t kOctetStringDER[] = {0x04, 0x04, 0, 1, 2, 3};
698
699 /*
700 * kNSSBER is part of a PKCS#12 message generated by NSS that uses
701 * indefinite length elements extensively.
702 */
703 static const uint8_t kNSSBER[] = {
704 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
705 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80,
706 0x04, 0x04, 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
707 0x00, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
708 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84, 0x98, 0xfc, 0x66,
709 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8, 0x8f, 0xfe, 0x1d,
710 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38, 0x62, 0xc6, 0x44,
711 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0, 0x6e, 0x10, 0x9b,
712 0xb8, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00,
713 };
714
715 static const uint8_t kNSSDER[] = {
716 0x30, 0x53, 0x02, 0x01, 0x03, 0x30, 0x13, 0x06, 0x09, 0x2a, 0x86,
717 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x06, 0x04, 0x04,
718 0x01, 0x02, 0x03, 0x04, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06,
719 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84,
720 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8,
721 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38,
722 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0,
723 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0,
724 };
725
726 CHECK(do_indefinite_convert("kSimpleBER", kSimpleBER, sizeof(kSimpleBER),
727 kSimpleBER, sizeof(kSimpleBER)));
728 CHECK(do_indefinite_convert("kIndefBER", kIndefDER, sizeof(kIndefDER),
729 kIndefBER, sizeof(kIndefBER)));
730 CHECK(do_indefinite_convert("kOctetStringBER", kOctetStringDER,
731 sizeof(kOctetStringDER), kOctetStringBER,
732 sizeof(kOctetStringBER)));
733 CHECK(do_indefinite_convert("kNSSBER", kNSSDER, sizeof(kNSSDER), kNSSBER,
734 sizeof(kNSSBER)));
735
736 return 1;
737}
738
739typedef struct {
740 uint64_t value;
741 const char *encoding;
742 size_t encoding_len;
743} ASN1_UINT64_TEST;
744
745static const ASN1_UINT64_TEST kAsn1Uint64Tests[] = {
746 {0, "\x02\x01\x00", 3},
747 {1, "\x02\x01\x01", 3},
748 {127, "\x02\x01\x7f", 3},
749 {128, "\x02\x02\x00\x80", 4},
750 {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7},
751 {OPENSSL_U64(0x0102030405060708),
752 "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10},
753 {OPENSSL_U64(0xffffffffffffffff),
754 "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11},
755};
756
757typedef struct {
758 const char *encoding;
759 size_t encoding_len;
760} ASN1_INVALID_UINT64_TEST;
761
762static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = {
763 /* Bad tag. */
764 {"\x03\x01\x00", 3},
765 /* Empty contents. */
766 {"\x02\x00", 2},
767 /* Negative number. */
768 {"\x02\x01\x80", 3},
769 /* Overflow. */
770 {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
771 /* Leading zeros. */
772 {"\x02\x02\x00\x01", 4},
773};
774
775static int
776test_asn1_uint64(void)
777{
778 CBB cbb;
779 uint8_t *out = NULL;
780 size_t i;
781 int ret = 0;
782 int alloc = 0;
783
784 for (i = 0; i < sizeof(kAsn1Uint64Tests) / sizeof(kAsn1Uint64Tests[0]);
785 i++) {
786 const ASN1_UINT64_TEST *test = &kAsn1Uint64Tests[i];
787 CBS cbs;
788 uint64_t value;
789 size_t len;
790
791 CBS_init(&cbs, (const uint8_t *)test->encoding,
792 test->encoding_len);
793
794 CHECK(CBS_get_asn1_uint64(&cbs, &value));
795 CHECK(CBS_len(&cbs) == 0);
796 CHECK(value == test->value);
797
798 CHECK(CBB_init(&cbb, 0));
799 alloc = 1;
800 CHECK_GOTO(CBB_add_asn1_uint64(&cbb, test->value));
801 CHECK_GOTO(CBB_finish(&cbb, &out, &len));
802 alloc = 0;
803
804 CHECK_GOTO(len == test->encoding_len);
805 CHECK_GOTO(memcmp(out, test->encoding, len) == 0);
806 free(out);
807 out = NULL;
808 }
809
810 for (i = 0; i < sizeof(kAsn1InvalidUint64Tests)
811 / sizeof(kAsn1InvalidUint64Tests[0]); i++) {
812 const ASN1_INVALID_UINT64_TEST *test =
813 &kAsn1InvalidUint64Tests[i];
814 CBS cbs;
815 uint64_t value;
816
817 CBS_init(&cbs, (const uint8_t *)test->encoding,
818 test->encoding_len);
819 CHECK(!CBS_get_asn1_uint64(&cbs, &value));
820 }
821
822 ret = 1;
823
824 if (0) {
825err:
826 if (alloc)
827 CBB_cleanup(&cbb);
828 }
829 free(out);
830
831 return ret;
832}
833
834static int
835test_offset(void)
836{
837 uint8_t v;
838 static const uint8_t input[] = {1, 2, 3, 4, 5};
839 CBS data;
840
841 CBS_init(&data, input, sizeof(input));
842 CHECK(sizeof(input) == 5);
843 CHECK(CBS_len(&data) == 5);
844 CHECK(CBS_offset(&data) == 0);
845 CHECK(CBS_get_u8(&data, &v));
846 CHECK(v == 1);
847 CHECK(CBS_len(&data) == 4);
848 CHECK(CBS_offset(&data) == 1);
849 CHECK(CBS_skip(&data, 2));
850 CHECK(CBS_len(&data) == 2);
851 CHECK(CBS_offset(&data) == 3);
852 CHECK(CBS_get_u8(&data, &v));
853 CHECK(v == 4);
854 CHECK(CBS_get_u8(&data, &v));
855 CHECK(v == 5);
856 CHECK(CBS_len(&data) == 0);
857 CHECK(CBS_offset(&data) == 5);
858 CHECK(!CBS_skip(&data, 1));
859
860 CBS_init(&data, input, sizeof(input));
861 CHECK(CBS_skip(&data, 2));
862 CHECK(CBS_len(&data) == 3);
863 CHECK(CBS_offset(&data) == 2);
864 CHECK(CBS_skip(&data, 3));
865 CHECK(CBS_len(&data) == 0);
866 CHECK(CBS_offset(&data) == 5);
867 CHECK(!CBS_get_u8(&data, &v));
868
869 return 1;
870}
871
872static int
873test_write_bytes(void)
874{
875 int ret = 0;
876 uint8_t v;
877 size_t len;
878 static const uint8_t input[] = {'f', 'o', 'o', 'b', 'a', 'r'};
879 CBS data;
880 uint8_t *tmp = NULL;
881
882 CHECK_GOTO((tmp = malloc(sizeof(input))) != NULL);
883 memset(tmp, 100, sizeof(input));
884
885 CBS_init(&data, input, sizeof(input));
886 CHECK_GOTO(CBS_len(&data) == 6);
887 CHECK_GOTO(CBS_offset(&data) == 0);
888 CHECK_GOTO(CBS_get_u8(&data, &v));
889 CHECK_GOTO(v == 102 /* f */);
890 CHECK_GOTO(CBS_skip(&data, 1));
891 CHECK_GOTO(!CBS_skip(&data, 15));
892 CHECK_GOTO(CBS_write_bytes(&data, tmp, sizeof(input), &len));
893 CHECK_GOTO(len == 4);
894 CHECK_GOTO(memcmp(input + 2, tmp, len) == 0);
895 CHECK_GOTO(tmp[4] == 100 && tmp[5] == 100);
896
897 ret = 1;
898
899err:
900 free(tmp);
901 return ret;
902}
903
904static int
905test_cbs_dup(void)
906{
907 CBS data, check;
908 static const uint8_t input[] = {'f', 'o', 'o', 'b', 'a', 'r'};
909
910 CBS_init(&data, input, sizeof(input));
911 CHECK(CBS_len(&data) == 6);
912 CBS_dup(&data, &check);
913 CHECK(CBS_len(&check) == 6);
914 CHECK(CBS_data(&data) == CBS_data(&check));
915 CHECK(CBS_skip(&data, 1));
916 CHECK(CBS_len(&data) == 5);
917 CHECK(CBS_len(&check) == 6);
918 CHECK(CBS_data(&data) == CBS_data(&check) + 1);
919 CHECK(CBS_skip(&check, 1));
920 CHECK(CBS_len(&data) == 5);
921 CHECK(CBS_len(&check) == 5);
922 CHECK(CBS_data(&data) == CBS_data(&check));
923 CHECK(CBS_offset(&data) == 1);
924 CHECK(CBS_offset(&check) == 1);
925
926 CBS_init(&data, input, sizeof(input));
927 CHECK(CBS_skip(&data, 5));
928 CBS_dup(&data, &check);
929 CHECK(CBS_len(&data) == 1);
930 CHECK(CBS_len(&check) == 1);
931 CHECK(CBS_data(&data) == input + 5);
932 CHECK(CBS_data(&data) == CBS_data(&check));
933 CHECK(CBS_offset(&data) == 5);
934 CHECK(CBS_offset(&check) == 5);
935
936 return 1;
937}
938
939int
940main(void)
941{
942 int failed = 0;
943
944 failed |= !test_skip();
945 failed |= !test_get_u();
946 failed |= !test_get_prefixed();
947 failed |= !test_get_prefixed_bad();
948 failed |= !test_peek_u();
949 failed |= !test_get_asn1();
950 failed |= !test_cbb_basic();
951 failed |= !test_cbb_add_space();
952 failed |= !test_cbb_fixed();
953 failed |= !test_cbb_finish_child();
954 failed |= !test_cbb_discard_child();
955 failed |= !test_cbb_misuse();
956 failed |= !test_cbb_prefixed();
957 failed |= !test_cbb_asn1();
958 failed |= !test_indefinite_convert();
959 failed |= !test_asn1_uint64();
960 failed |= !test_get_optional_asn1_bool();
961 failed |= !test_offset();
962 failed |= !test_write_bytes();
963 failed |= !test_cbs_dup();
964
965 if (!failed)
966 printf("PASS\n");
967 return failed;
968}
diff --git a/src/regress/lib/libssl/certs/ca-int-ecdsa.crl b/src/regress/lib/libssl/certs/ca-int-ecdsa.crl
deleted file mode 100644
index b904de3ef0..0000000000
--- a/src/regress/lib/libssl/certs/ca-int-ecdsa.crl
+++ /dev/null
@@ -1,8 +0,0 @@
1-----BEGIN X509 CRL-----
2MIHuMIGUMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJlU1NMIFRlc3QgSW50
3ZXJtZWRpYXRlIENBIEVDRFNBFw0yMTEyMjcxNDQwNDBaFw0yMjAxMjYxNDQwNDBa
4MDgwGgIJAOVssaaTYoH5Fw0yMTEyMjcxNDQwNDBaMBoCCQDlbLGmk2KB+xcNMjEx
5MjI3MTQ0MDQwWjAKBggqhkjOPQQDAgNJADBGAiEA9FWkenCgh+6Rz0/nuS7DaiUR
6J5imCs0Wx6TiG3YUL3oCIQDfTT+54eKAEFXeYN2oToZtHbTHh5YUici5GA/PDmOG
7Ig==
8-----END X509 CRL-----
diff --git a/src/regress/lib/libssl/certs/ca-int-ecdsa.pem b/src/regress/lib/libssl/certs/ca-int-ecdsa.pem
deleted file mode 100644
index fa1db8638a..0000000000
--- a/src/regress/lib/libssl/certs/ca-int-ecdsa.pem
+++ /dev/null
@@ -1,13 +0,0 @@
1subject= CN = LibreSSL Test Intermediate CA ECDSA
2issuer= CN = LibreSSL Test Root CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
5TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
6MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
7dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
8LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
97/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
10BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
11HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
12VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
13-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/ca-int-rsa.crl b/src/regress/lib/libssl/certs/ca-int-rsa.crl
deleted file mode 100644
index 481886ae57..0000000000
--- a/src/regress/lib/libssl/certs/ca-int-rsa.crl
+++ /dev/null
@@ -1,11 +0,0 @@
1-----BEGIN X509 CRL-----
2MIIBrDCBlTANBgkqhkiG9w0BAQsFADAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0
3IEludGVybWVkaWF0ZSBDQSBSU0EXDTIxMTIyNzE0NDAzOFoXDTIyMDEyNjE0NDAz
4OFowODAaAgkA5WyxppNigfQXDTIxMTIyNzE0NDAzN1owGgIJAOVssaaTYoH2Fw0y
5MTEyMjcxNDQwMzhaMA0GCSqGSIb3DQEBCwUAA4IBAQCGMtlhTlaOK7fK2OHXgoAf
6lDr1FQfqfNo5ZNE2+VqOvjYfgwdOgfxIsIuUoNp9/NhzO3e4KNe6P/33axwIsy7o
7RofbGYFSlHIYPEf1LyvH8z5mT2L2LAQAi+p+QMFizH6KNc74Oftygyi1bcJlN3CJ
8dP9LyvACdJSna7dEh7Snu2hy8tEDAO/RxUrryOZca0+5I4aaD8QCdFwdicDQ8U1s
9gTJ5w1gxkEWKv/J/AjCjRAVoAjE2/sUC1PPOJnZy7b0sS2Fv7zV7UAWSzO0KEYv+
10vav3UekGIgw0A5PDdWmUqCxE7aK71iy4EmlzMyVNULVcF1qX6qBQT5OpXr0Eo6WR
11-----END X509 CRL-----
diff --git a/src/regress/lib/libssl/certs/ca-int-rsa.pem b/src/regress/lib/libssl/certs/ca-int-rsa.pem
deleted file mode 100644
index b457ad6f9a..0000000000
--- a/src/regress/lib/libssl/certs/ca-int-rsa.pem
+++ /dev/null
@@ -1,22 +0,0 @@
1subject= CN = LibreSSL Test Intermediate CA RSA
2issuer= CN = LibreSSL Test Root CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
5BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
6MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
7aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
8I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
9wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
10OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
11XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
125jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
13IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
14A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
15BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
16BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
17jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
18kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
19gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
207Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
21ZgJtfcNeVMglYQ==
22-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/ca-root-ecdsa.pem b/src/regress/lib/libssl/certs/ca-root-ecdsa.pem
deleted file mode 100644
index c7862da58a..0000000000
--- a/src/regress/lib/libssl/certs/ca-root-ecdsa.pem
+++ /dev/null
@@ -1,13 +0,0 @@
1subject= CN = LibreSSL Test Root CA ECDSA
2issuer= CN = LibreSSL Test Root CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBpjCCAUygAwIBAgIJALqTupYRbYuwMAoGCCqGSM49BAMCMCYxJDAiBgNVBAMM
5G0xpYnJlU1NMIFRlc3QgUm9vdCBDQSBFQ0RTQTAeFw0yMTEyMjcxNDQwNDBaFw0z
6MTEyMjUxNDQwNDBaMCYxJDAiBgNVBAMMG0xpYnJlU1NMIFRlc3QgUm9vdCBDQSBF
7Q0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIxQjA3Gp+4irgwEumPY1/EG
8lVy6/olnAc+4elWkj0SqqdjfWanQqO8wHFY0qICKq8lHKhcyw2v9oyOsNVXZj8Kj
9YzBhMB0GA1UdDgQWBBS2+Rq3hR1xQSKm3ov88GAQVgfoDDAfBgNVHSMEGDAWgBS2
10+Rq3hR1xQSKm3ov88GAQVgfoDDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
11AwIBBjAKBggqhkjOPQQDAgNIADBFAiAqAN8RFQOAIXeJcxCHUCN1n3sUBuYF/XkS
12VnTsAEU/kwIhANNk/xjGq9O2YeLEFT1InoltVlwM5P8oa7krPnPbFnwY
13-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/ca-root-rsa.pem b/src/regress/lib/libssl/certs/ca-root-rsa.pem
deleted file mode 100644
index daf3407a93..0000000000
--- a/src/regress/lib/libssl/certs/ca-root-rsa.pem
+++ /dev/null
@@ -1,22 +0,0 @@
1subject= CN = LibreSSL Test Root CA RSA
2issuer= CN = LibreSSL Test Root CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDLjCCAhagAwIBAgIJAIuM+uV8F+LtMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
5BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
6MzExMjI1MTQ0MDM3WjAkMSIwIAYDVQQDDBlMaWJyZVNTTCBUZXN0IFJvb3QgQ0Eg
7UlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvrj8h5JmJ+7V33R
8wloqhM0nLvmidkmk1sqJaOi0GNXoMLnaut90+2TnRiFDbsblzAjTijQC6PEfaJTB
9AEFBgNSQKdhVruYTL5HHhw/XHTjxqftizvJj1FsZh2n6gkTG/QOgbaDMCx+yFF88
10wro7Br32TZF+BuDuyzVcSPJUajYT+C9bWSq9jX8Fhvl5M3IOG7olg3gAMmU+E8SY
11TaKhoJ7KGLHDEQP9NJknJusV8T72lY/TzacVDDOxEUxpuYtJ1Kayytflhs1065Ua
12PkiIReoFnhK/tRAgyxz3bc6HDDmTz4FpyGPcAsSRtEbn1n1417hzH4Neq5eioVmx
13hX1HTwIDAQABo2MwYTAdBgNVHQ4EFgQUPkv8e/SsNCqlESgB8ojoXY//FdEwHwYD
14VR0jBBgwFoAUPkv8e/SsNCqlESgB8ojoXY//FdEwDwYDVR0TAQH/BAUwAwEB/zAO
15BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAEYi6O+l7SS14myiZydm
16eP0hS8+ABWz/xqzu81W5Uxo7XD3sNfz5hkhA3S2FrBg5xpDScAzsM9Og6VRuQA7/
17StWLc2gLvLI6cZNdOCOH/O4K6IYRGR0kXG7WA4MpBiDrPXZKXI3WcUNyTHM36Un4
18ZATRkO+xMLKFpnxHCkY5U9kp8xX5boNxtQsGkWfuG+fm7GVBaQapnvN+WRY4QXKQ
19jF10CFUcIUNGG81XTEhQwpcP0b0ruZK6JBah4VG7lUHbJ6/WoYiGYXCToK09ohIX
20PuWiVTiT9LH90U58No3NfinQPbE55mJju+YNNqLU4Wk3ub5rYpp0WFmo6T9kXL/z
21fO8=
22-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client1-ecdsa-chain.pem b/src/regress/lib/libssl/certs/client1-ecdsa-chain.pem
deleted file mode 100644
index 7a6883db94..0000000000
--- a/src/regress/lib/libssl/certs/client1-ecdsa-chain.pem
+++ /dev/null
@@ -1,27 +0,0 @@
1subject= CN = LibreSSL Test Client 1 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBrTCCAVKgAwIBAgIJAOVssaaTYoH6MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM
5I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0
6NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBD
7bGllbnQgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMnRxZ9SVIjF
8eygaoub4qyo/tQlHXpQ2U66mhwKhchXD02w3viqOW0qklPSRhwV4nFKsdkVTogCg
9Y8AJokxKDU6jYDBeMB0GA1UdDgQWBBTikUU9S7ASdWw7fhaYVdDqUAyH+DAfBgNV
10HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud
11DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNJADBGAiEA+Aal+cjgT+pknsmAPbivSHY+
129clFV0Ree1c+nPbBz8cCIQCZDS2G/X8QthK7hZwV2mYhwvd6M/8kwet4u39qJYx8
13eA==
14-----END CERTIFICATE-----
15subject= CN = LibreSSL Test Intermediate CA ECDSA
16issuer= CN = LibreSSL Test Root CA ECDSA
17-----BEGIN CERTIFICATE-----
18MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
19TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
20MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
21dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
22LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
237/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
24BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
25HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
26VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
27-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client1-ecdsa.pem b/src/regress/lib/libssl/certs/client1-ecdsa.pem
deleted file mode 100644
index 7d1b2cfc00..0000000000
--- a/src/regress/lib/libssl/certs/client1-ecdsa.pem
+++ /dev/null
@@ -1,19 +0,0 @@
1subject= CN = LibreSSL Test Client 1 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBrTCCAVKgAwIBAgIJAOVssaaTYoH6MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM
5I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0
6NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBD
7bGllbnQgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMnRxZ9SVIjF
8eygaoub4qyo/tQlHXpQ2U66mhwKhchXD02w3viqOW0qklPSRhwV4nFKsdkVTogCg
9Y8AJokxKDU6jYDBeMB0GA1UdDgQWBBTikUU9S7ASdWw7fhaYVdDqUAyH+DAfBgNV
10HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud
11DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNJADBGAiEA+Aal+cjgT+pknsmAPbivSHY+
129clFV0Ree1c+nPbBz8cCIQCZDS2G/X8QthK7hZwV2mYhwvd6M/8kwet4u39qJYx8
13eA==
14-----END CERTIFICATE-----
15-----BEGIN PRIVATE KEY-----
16MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghOgzNmZV/rLf5+I5
17pnOXJ3N6W8QE5biANh/RVNNmNImhRANCAATJ0cWfUlSIxXsoGqLm+KsqP7UJR16U
18NlOupocCoXIVw9NsN74qjltKpJT0kYcFeJxSrHZFU6IAoGPACaJMSg1O
19-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/client1-rsa-chain.pem b/src/regress/lib/libssl/certs/client1-rsa-chain.pem
deleted file mode 100644
index e5267eb346..0000000000
--- a/src/regress/lib/libssl/certs/client1-rsa-chain.pem
+++ /dev/null
@@ -1,44 +0,0 @@
1subject= CN = LibreSSL Test Client 1 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoH1MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7Q2xpZW50IDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyct5
8l3L4GIzbFPszUioY0/+W9IGnQqOlBtFJQSzJtM96/UcJ/9MEkz08UUaf07CTYWy/
9Qbwl3DizPV9yymiae64oe9RBc2Hh/Z88473Q6UZvPrdoexoVb159tTdvF8IDfIER
10HEB2VAtssFvszERa04ndpDqS8tHfBcLGUCu2kZQ0FSCKbNSDLLwoQmyNgnWo8PDY
11XshJGdABaTmnhpkrhJq2zeYiUResoWo8z08iVn7vLgjRNTi9mtXr5eC4L0DfEuZB
12exaC8frQXH2rXKvojFrFwJ67QLwCOiUKbGlUQBeKS6iahgDL/dRprHqbNZFI7in4
13QiokqixjfzYSmALFqwIDAQABo2AwXjAdBgNVHQ4EFgQUNRNEZs+zkqBu6va5XyGv
14UfzSKZQwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBACmIu0ppKw1T
16hzGAoyjxK0y1ffbIDvObcwAMtXSHprMNhkdk7jyQBiXpx4ngEg1LhalUUDkp9Yt1
17qUVjyM4cphJL7ni3N/SyoUtuYWY4s8mqIhloT5adaUJ24kHJ2eFzNBLDuno5wen4
18dXKevTZPNqkkNohbVHrrFewsqS8CYw+rfiNerOJYZzSMbueWK5Pck0od05STZlAE
19/B2zesXgd3ZmRKM8jrlZS6gan1FaJOzwErccP7jWnrOeW9uLysRg0ww26/H8Q9xS
20dm0L8IXjzmE/yodk/nrt9G72mJnUITt4uHW/1ibMi4+iUR0Ff4oeqrBHQAbRawMK
21XKRzXhtI9sI=
22-----END CERTIFICATE-----
23subject= CN = LibreSSL Test Intermediate CA RSA
24issuer= CN = LibreSSL Test Root CA RSA
25-----BEGIN CERTIFICATE-----
26MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
27BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
28MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
29aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
30I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
31wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
32OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
33XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
345jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
35IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
36A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
37BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
38BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
39jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
40kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
41gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
427Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
43ZgJtfcNeVMglYQ==
44-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client1-rsa.pem b/src/regress/lib/libssl/certs/client1-rsa.pem
deleted file mode 100644
index 7e0c47cc46..0000000000
--- a/src/regress/lib/libssl/certs/client1-rsa.pem
+++ /dev/null
@@ -1,50 +0,0 @@
1subject= CN = LibreSSL Test Client 1 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoH1MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7Q2xpZW50IDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyct5
8l3L4GIzbFPszUioY0/+W9IGnQqOlBtFJQSzJtM96/UcJ/9MEkz08UUaf07CTYWy/
9Qbwl3DizPV9yymiae64oe9RBc2Hh/Z88473Q6UZvPrdoexoVb159tTdvF8IDfIER
10HEB2VAtssFvszERa04ndpDqS8tHfBcLGUCu2kZQ0FSCKbNSDLLwoQmyNgnWo8PDY
11XshJGdABaTmnhpkrhJq2zeYiUResoWo8z08iVn7vLgjRNTi9mtXr5eC4L0DfEuZB
12exaC8frQXH2rXKvojFrFwJ67QLwCOiUKbGlUQBeKS6iahgDL/dRprHqbNZFI7in4
13QiokqixjfzYSmALFqwIDAQABo2AwXjAdBgNVHQ4EFgQUNRNEZs+zkqBu6va5XyGv
14UfzSKZQwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBACmIu0ppKw1T
16hzGAoyjxK0y1ffbIDvObcwAMtXSHprMNhkdk7jyQBiXpx4ngEg1LhalUUDkp9Yt1
17qUVjyM4cphJL7ni3N/SyoUtuYWY4s8mqIhloT5adaUJ24kHJ2eFzNBLDuno5wen4
18dXKevTZPNqkkNohbVHrrFewsqS8CYw+rfiNerOJYZzSMbueWK5Pck0od05STZlAE
19/B2zesXgd3ZmRKM8jrlZS6gan1FaJOzwErccP7jWnrOeW9uLysRg0ww26/H8Q9xS
20dm0L8IXjzmE/yodk/nrt9G72mJnUITt4uHW/1ibMi4+iUR0Ff4oeqrBHQAbRawMK
21XKRzXhtI9sI=
22-----END CERTIFICATE-----
23-----BEGIN PRIVATE KEY-----
24MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJy3mXcvgYjNsU
25+zNSKhjT/5b0gadCo6UG0UlBLMm0z3r9Rwn/0wSTPTxRRp/TsJNhbL9BvCXcOLM9
26X3LKaJp7rih71EFzYeH9nzzjvdDpRm8+t2h7GhVvXn21N28XwgN8gREcQHZUC2yw
27W+zMRFrTid2kOpLy0d8FwsZQK7aRlDQVIIps1IMsvChCbI2Cdajw8NheyEkZ0AFp
28OaeGmSuEmrbN5iJRF6yhajzPTyJWfu8uCNE1OL2a1evl4LgvQN8S5kF7FoLx+tBc
29fatcq+iMWsXAnrtAvAI6JQpsaVRAF4pLqJqGAMv91Gmseps1kUjuKfhCKiSqLGN/
30NhKYAsWrAgMBAAECggEAahMtnXDv/We9mi/Z8Gz0lCwcm/azh5IiI41MJph2hzcx
31fYYkOXghRYzA8jBfv5VoQ6Q4fUN722Fqxu4vlzqZSj5oRX9z0EU52GomRcj30kgW
32Hi+nGl7BucM/7Uxwd1qjHoVyCxnPmapPvfz0YwPjgqNMARJRQJcV1x9lw6rW03rW
33qvoQKwnQ5vZRYldFnvYXRM0VUu8GdruaidWJ2Ra6FUFbEH+I77oIIoyWgXniq9jq
34h0VJNRVCLwV4rFzmMkOAz1yxvJ+4UG9/wHYsZVhJDkyos1FVf0klKipKTS7Z87Em
35aFlZ01JrM//kS/qdgohllCU8Xt1uVtvsYmJY9T6IEQKBgQD1IJzdopCI+BL7PfWf
36qSpyUOgp+8J50CnIJ42ZdBWDhPZSbBqWmqbgBlnXEyPwkKVOhHde6td9DtxRVOiE
37Zfy0gpUp4xWUxFdMKyW0+JmsmXiUJKIck6LxqfYDZUTzD2wp1/AhLGJ2M/J5e4IP
38umr6IQ4BbDfKGp2NiHEQElCmdwKBgQDSvtOy71EhewJQ9slazR+10skSBbc5Ks9W
39cy1fZKcnNB/dPenak5i8Gr04nPhhNvgAwmtDGb9hH1mwjHCUz/TaoPsbTKvtTN2N
40MxFzQEsE9F803ULOvFOppe5YEy/M2OaDLHVil1bMwbrg3pGKD4TUfy5cE2NfCDi3
41JwlKk6uDbQKBgQCLAQ9zb7hes66v4pbjD18OrGq7RBUoVq8a3bMijf2VM1UrsDnz
42pYd0CqXvnN8IkD3tpJi8rpe8Ry0QwgGI8vy2sEY+FpQqZJzMiLs9QKyEgBMsjwmP
43Avmn6SWlD0xmORyxLc7yQOUk+phJ44wBt0jqxsvWarPIXAd0NydGYdxySQKBgAWo
44B4iS8cuDQLGpngfo34QCz1DDhIJtSrlYSAx6aB4eQQiwI7mxInVSBmghlm0Ni6SB
45k11usHtL2x1o95CW8Ex566N08FxjJsMmbr54KEtOv8tscOGZnmk8QeRtR2gpHi7B
46H7lwtGy0em6UqrVY60jEzRq9jno7f0IzMwWkZwMVAoGAL9mQ8xVIaDNyhK477NvD
47ZF2AWrHHLXDeTfwdI+HTCUdeDC208kgTx4Z/AX1cN7KQtWZfKIW0bWtCDnKsIwbK
48zheDR2AjuDEbT9HWLtYgQvx5/fEc/yxJqtQk+n4CTrDY+rNeow51kziBKWFnu8Je
49m38SJSK7uNLz5ZWNgj3XIUE=
50-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/client2-ecdsa-chain.pem b/src/regress/lib/libssl/certs/client2-ecdsa-chain.pem
deleted file mode 100644
index 0cba867b7f..0000000000
--- a/src/regress/lib/libssl/certs/client2-ecdsa-chain.pem
+++ /dev/null
@@ -1,26 +0,0 @@
1subject= CN = LibreSSL Test Client 2 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBpjCCAUygAwIBAgIDEAACMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl
5U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX
6DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBDbGllbnQg
7MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL7oVxdDfyspO7ozwbv+
82QKCXR8Z1+JWKj6lLmAkN6GY/gXPYcCAtXOWRoVt5yg4YrH0eOJalah7yGjAeHLq
9EHijYDBeMB0GA1UdDgQWBBRO8eCtJ/+3xfn+3qY31gP3Ch5JvDAfBgNVHSMEGDAW
10gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
11AwIHgDAKBggqhkjOPQQDAgNIADBFAiEA10kcAL7I/Y0KVNryJGrfVa1er0uiUXxS
122GmnKWFCQKECID9PY+LK4+DNvxyn4ld47AGJZjdolx6mwLFHK8RvtLo9
13-----END CERTIFICATE-----
14subject= CN = LibreSSL Test Intermediate CA ECDSA
15issuer= CN = LibreSSL Test Root CA ECDSA
16-----BEGIN CERTIFICATE-----
17MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
18TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
19MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
20dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
21LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
227/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
23BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
24HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
25VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
26-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client2-ecdsa.pem b/src/regress/lib/libssl/certs/client2-ecdsa.pem
deleted file mode 100644
index f0576e6eb1..0000000000
--- a/src/regress/lib/libssl/certs/client2-ecdsa.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1subject= CN = LibreSSL Test Client 2 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBpjCCAUygAwIBAgIDEAACMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl
5U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX
6DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBDbGllbnQg
7MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABL7oVxdDfyspO7ozwbv+
82QKCXR8Z1+JWKj6lLmAkN6GY/gXPYcCAtXOWRoVt5yg4YrH0eOJalah7yGjAeHLq
9EHijYDBeMB0GA1UdDgQWBBRO8eCtJ/+3xfn+3qY31gP3Ch5JvDAfBgNVHSMEGDAW
10gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
11AwIHgDAKBggqhkjOPQQDAgNIADBFAiEA10kcAL7I/Y0KVNryJGrfVa1er0uiUXxS
122GmnKWFCQKECID9PY+LK4+DNvxyn4ld47AGJZjdolx6mwLFHK8RvtLo9
13-----END CERTIFICATE-----
14-----BEGIN PRIVATE KEY-----
15MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGJcFF0AYtzYr190f
16tXnGfakMTr5zk0UO1nAfVSLMW2OhRANCAAS+6FcXQ38rKTu6M8G7/tkCgl0fGdfi
17Vio+pS5gJDehmP4Fz2HAgLVzlkaFbecoOGKx9HjiWpWoe8howHhy6hB4
18-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/client2-rsa-chain.pem b/src/regress/lib/libssl/certs/client2-rsa-chain.pem
deleted file mode 100644
index bc09c2e059..0000000000
--- a/src/regress/lib/libssl/certs/client2-rsa-chain.pem
+++ /dev/null
@@ -1,44 +0,0 @@
1subject= CN = LibreSSL Test Client 2 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDLjCCAhagAwIBAgIDEAACMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp
5YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa
6Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgQ2xpZW50
7IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TPjTtVn4l/2
83g+XVWUMpxZWu1G3GJ1TY14loqG2lLcyFwHfbxPgjdeUYUXgKw2v3LKdK1xlwohi
97adKmf8ZsqgWYd+SWtvzyoEEEvWQVj5bbs2+EI9CTP4L96lqsiBYZoHxCI+TG3pY
106JOZQT2wmJEL0zeK9cmUXoaV6fQOcEtSmp6m8XWLEEyUZvVHG3OX+7FtcV0snDfz
11XrnvpRpu4zolbCC6jysufU46VoJNrrKdPlDu4PbF8PKrJl7jOSULaYHqugIeniMV
12V9enkg9t0Bb8bW5sW8/c4vwS52dlRNLHXkwGE7u9+XEVOGDJ+a01eRjVOxQwqptn
13qrWTF++D0QIDAQABo2AwXjAdBgNVHQ4EFgQUmUxF57QtRFh9JBPTMx5rUvRjj+4w
14HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO
15BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAMAvLchG7tWtNXPK3+Ie
16u+htMMPhgJCsHhEC0ssZezD3BfYHaJh7ayQwI1KWKrQOwu9z+oOGWQjoVmhBzoi2
17hmvH9vT4GFVnM5agf68USNLxQvlQiShfnqPZiy3EduwY0q+uNvvNYlHeLTp/Au7F
18SesJqWoaMr3130n8QqiO8myNjUj3GVrmBBpFogU5qxQAHkcy2AbpkATjRtfG4Jn2
19DWXR9Yd56KuvmkpdVkw+DScOXbIgXmHyutJ7qDbm6lwXLD3U5ulvbSxXW/MhJpb9
2072UjtpQbhMzcyQwCvNrKnST+QqKMisAdkOOhCdEYTj8flpCbMA5bqwBRX+t+AMeD
214lY=
22-----END CERTIFICATE-----
23subject= CN = LibreSSL Test Intermediate CA RSA
24issuer= CN = LibreSSL Test Root CA RSA
25-----BEGIN CERTIFICATE-----
26MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
27BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
28MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
29aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
30I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
31wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
32OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
33XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
345jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
35IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
36A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
37BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
38BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
39jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
40kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
41gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
427Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
43ZgJtfcNeVMglYQ==
44-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client2-rsa.pem b/src/regress/lib/libssl/certs/client2-rsa.pem
deleted file mode 100644
index b4431ce674..0000000000
--- a/src/regress/lib/libssl/certs/client2-rsa.pem
+++ /dev/null
@@ -1,50 +0,0 @@
1subject= CN = LibreSSL Test Client 2 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDLjCCAhagAwIBAgIDEAACMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp
5YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa
6Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgQ2xpZW50
7IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6TPjTtVn4l/2
83g+XVWUMpxZWu1G3GJ1TY14loqG2lLcyFwHfbxPgjdeUYUXgKw2v3LKdK1xlwohi
97adKmf8ZsqgWYd+SWtvzyoEEEvWQVj5bbs2+EI9CTP4L96lqsiBYZoHxCI+TG3pY
106JOZQT2wmJEL0zeK9cmUXoaV6fQOcEtSmp6m8XWLEEyUZvVHG3OX+7FtcV0snDfz
11XrnvpRpu4zolbCC6jysufU46VoJNrrKdPlDu4PbF8PKrJl7jOSULaYHqugIeniMV
12V9enkg9t0Bb8bW5sW8/c4vwS52dlRNLHXkwGE7u9+XEVOGDJ+a01eRjVOxQwqptn
13qrWTF++D0QIDAQABo2AwXjAdBgNVHQ4EFgQUmUxF57QtRFh9JBPTMx5rUvRjj+4w
14HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO
15BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAMAvLchG7tWtNXPK3+Ie
16u+htMMPhgJCsHhEC0ssZezD3BfYHaJh7ayQwI1KWKrQOwu9z+oOGWQjoVmhBzoi2
17hmvH9vT4GFVnM5agf68USNLxQvlQiShfnqPZiy3EduwY0q+uNvvNYlHeLTp/Au7F
18SesJqWoaMr3130n8QqiO8myNjUj3GVrmBBpFogU5qxQAHkcy2AbpkATjRtfG4Jn2
19DWXR9Yd56KuvmkpdVkw+DScOXbIgXmHyutJ7qDbm6lwXLD3U5ulvbSxXW/MhJpb9
2072UjtpQbhMzcyQwCvNrKnST+QqKMisAdkOOhCdEYTj8flpCbMA5bqwBRX+t+AMeD
214lY=
22-----END CERTIFICATE-----
23-----BEGIN PRIVATE KEY-----
24MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpM+NO1WfiX/be
25D5dVZQynFla7UbcYnVNjXiWiobaUtzIXAd9vE+CN15RhReArDa/csp0rXGXCiGLt
26p0qZ/xmyqBZh35Ja2/PKgQQS9ZBWPltuzb4Qj0JM/gv3qWqyIFhmgfEIj5Mbeljo
27k5lBPbCYkQvTN4r1yZRehpXp9A5wS1KanqbxdYsQTJRm9Ucbc5f7sW1xXSycN/Ne
28ue+lGm7jOiVsILqPKy59TjpWgk2usp0+UO7g9sXw8qsmXuM5JQtpgeq6Ah6eIxVX
2916eSD23QFvxtbmxbz9zi/BLnZ2VE0sdeTAYTu735cRU4YMn5rTV5GNU7FDCqm2eq
30tZMX74PRAgMBAAECggEAGghk06QXGLpFwLxU1H+XTf+8ZuTUX7cQXANiiCktTKS2
31vsLCwo+hfbQXKFS4lZXNkAGQcgq6gWDgSk9mkJJduAfzl7FxkRsEuBJ29fbbygTk
32CBaHpSmY6SdjBp6u/nuF4suWsLH2ZhbeXfg8H4BXenCWtVl59b4vBe5YRemswvQv
33DJzV9gVKDf7HnvcjUMBXNKNWk0cLlodKX6bRhpPbq/WNPAubA3z4Z0JZqnW9uuWa
34wTd7QPeKxVbQmz5Y5hifKMI4ML5i1+Fo6Xvcdt1TwfeHYy+iPNtB8fEu1VdH25DN
35iN5iiMOr7go8MOc4LxCZGsXqIDd6WYOg/DmCEsSiEQKBgQD78UT9ezhI7TLVmUdC
36eQd8+oi1qXykHXpMvobCJUrEulF6/iZSICcVVdH/DcvGRPv7A+90QZWGcY2Bzhtz
378C2XFLqLvSyHegSA4P57PbHjBOqowFAWntLTn/gSOb+nYKSM5XzOQq7RQctYX3EO
38jZb4GKhPOUwzy2Ugd9zNhqD8gwKBgQDs9VtAYvM2i3ylRLH/UdAu/E+oA05ydxT1
39dt4tK6R54KSZk+E/LM/k8D3p70tyiRbfky6DtGrGZSpyecCPdkNF0FJTRER1eDsb
40Au2uH6zP0nn2FUnQnL5fcIkVlclukf8pMox5fbFcoZjIWti9TURIdMTkaQVX9LKf
41Gme84UX2GwKBgQCqsJZuKbpDZjinkDZAKeFR4icW9KIWSkZekkKYbE2QpS6o5mEu
42CMyR3tfsNfuV84zITq0/lWNpd6tIg0wEK3enwQp1vA/cJWXBry2ab30CcoVNGSXp
43fWcWq22VY3yeOJKjRqNc1r671RigYeEl2/WpVoNJUWd4O9fivHJi6FBPYwKBgQDI
443B5y0K27gbex3C5J8A7ZlTTshYj8zGZuwEkK3yC30y2TpV/dDl5XgTHqV9aLixth
45f0CBkfCkpeK6UOxib2wNBM6UGJ0zOixX9D6HSABT1eVeLKN6ezOAcUMykdrCqG0z
46fc7HuT0b+TsqMp/gr1t/U8QGneNSsHCtH1PqLscAGwKBgFdecOiUhKezd6mReDYc
47cBKBN/2EBPNCSKlzuskSGoU/mC0H+2Mj1XX4fx5Wjvjp3hqKEVgs/L8Eth1KYfgF
48CaQzGAkavihH03L73to1Wj/K4XineBAKZLtXkdzWdB+kM8zkYJqmagh6h6BlXFun
49TJvYJYIK9U3kvhZtsD6w1slZ
50-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/client3-ecdsa-chain.pem b/src/regress/lib/libssl/certs/client3-ecdsa-chain.pem
deleted file mode 100644
index a389943eeb..0000000000
--- a/src/regress/lib/libssl/certs/client3-ecdsa-chain.pem
+++ /dev/null
@@ -1,26 +0,0 @@
1subject= CN = LibreSSL Test Client 3 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH7MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj
5TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0
6MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IENs
7aWVudCAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqlNqEjPuPpw3
8HaWxXbWql6f9g2HPei7RGZRfEAeNrnWT+Y4okVoqcxjeLNBA6dNl3uALWbSmDu6a
9kmBSU1aY9KNgMF4wHQYDVR0OBBYEFKxGR7LhwxXUGYyxjqBrxi5RKHamMB8GA1Ud
10IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P
11AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMFzwaCpvWiXD+zEZ/mUBdbMQq2W
12JLELD9Mv11NiBhi6AiAN/QNQjluNEUTkxCH6p9bQiOYCQ3DOnPTxrSly/RQOSQ==
13-----END CERTIFICATE-----
14subject= CN = LibreSSL Test Intermediate CA ECDSA
15issuer= CN = LibreSSL Test Root CA ECDSA
16-----BEGIN CERTIFICATE-----
17MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
18TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
19MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
20dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
21LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
227/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
23BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
24HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
25VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
26-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client3-ecdsa.pem b/src/regress/lib/libssl/certs/client3-ecdsa.pem
deleted file mode 100644
index f42528bfa2..0000000000
--- a/src/regress/lib/libssl/certs/client3-ecdsa.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1subject= CN = LibreSSL Test Client 3 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH7MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj
5TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0
6MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IENs
7aWVudCAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqlNqEjPuPpw3
8HaWxXbWql6f9g2HPei7RGZRfEAeNrnWT+Y4okVoqcxjeLNBA6dNl3uALWbSmDu6a
9kmBSU1aY9KNgMF4wHQYDVR0OBBYEFKxGR7LhwxXUGYyxjqBrxi5RKHamMB8GA1Ud
10IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P
11AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMFzwaCpvWiXD+zEZ/mUBdbMQq2W
12JLELD9Mv11NiBhi6AiAN/QNQjluNEUTkxCH6p9bQiOYCQ3DOnPTxrSly/RQOSQ==
13-----END CERTIFICATE-----
14-----BEGIN PRIVATE KEY-----
15MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgfaMOzQZ+d1yL3ToI
16VPcHtdkIVhqatu/rDcJLuJcNnQehRANCAASqU2oSM+4+nDcdpbFdtaqXp/2DYc96
17LtEZlF8QB42udZP5jiiRWipzGN4s0EDp02Xe4AtZtKYO7pqSYFJTVpj0
18-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/client3-rsa-chain.pem b/src/regress/lib/libssl/certs/client3-rsa-chain.pem
deleted file mode 100644
index 251344f934..0000000000
--- a/src/regress/lib/libssl/certs/client3-rsa-chain.pem
+++ /dev/null
@@ -1,44 +0,0 @@
1subject= CN = LibreSSL Test Client 3 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoH2MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7Q2xpZW50IDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1vW
8q3L63zPi8RJaJ07LsR05gCBYJ7FrnprqKbo7swLra3HE5WQFTxxOPkzBBnCUEaa2
9tqPtov34mrOmnYTQDBxpljx5u6AzjgMfwJZfh7CtGf893nbbP7T2f3pXAFBR0A32
10xmEvso5afyLNRvmxCsrdr2u73bETmBqFQFgGrhtBpTeGqsixgOegZzKHVF67ZjJi
11e+faM24GAtkOiPB7PfVgZFyTfe8HQsqqcMRVtjd7JxuN33k8cFIWqv5i8oqVLBME
12mLFM2WFIYNTsMtQ38eA7xieuuK6OPTp+cJKQY6jA3wUJOTRt9UE7pEjxOTumckfM
13u/ZE1+AODHkH97FptwIDAQABo2AwXjAdBgNVHQ4EFgQUz44RRa+P1oRBVI6lla3o
14VsVQq7swHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFgL5955qwHN
16vFGnAKoHhoszX3qf2h8zc5HvFfnbvZbBbsuRFW1/QGfQPGWDq8YUlb6wu8NjLjSM
17qTSYd1CvWXO1s91kr3LM5k7+9x+whOgbzWjGiprloS9pXcZ+ljTunW4o7jE7pPjZ
18opk7W2WmD7/dEDg10x0yDZnKbzea5PMpp6kLqNjtENW4SETtcnwBdi/MZ09ApuUC
19E+XWK/uKmxbIJ7Rt/Vi5H3BE74w7souq7fMwGGk7NL8Fmha78VQApKvZV/Rsfrio
20D0vVU8djTlEJyXCeqFYU2eKWhc0bfiONIFJ6Wtg/1cR6Jn12+6X36J+wW1G3ibMu
21ey+V9oVpM2U=
22-----END CERTIFICATE-----
23subject= CN = LibreSSL Test Intermediate CA RSA
24issuer= CN = LibreSSL Test Root CA RSA
25-----BEGIN CERTIFICATE-----
26MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
27BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
28MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
29aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
30I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
31wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
32OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
33XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
345jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
35IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
36A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
37BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
38BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
39jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
40kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
41gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
427Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
43ZgJtfcNeVMglYQ==
44-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client3-rsa.pem b/src/regress/lib/libssl/certs/client3-rsa.pem
deleted file mode 100644
index b825391c52..0000000000
--- a/src/regress/lib/libssl/certs/client3-rsa.pem
+++ /dev/null
@@ -1,50 +0,0 @@
1subject= CN = LibreSSL Test Client 3 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoH2MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzhaFw0zMTEyMjUxNDQwMzhaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7Q2xpZW50IDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1vW
8q3L63zPi8RJaJ07LsR05gCBYJ7FrnprqKbo7swLra3HE5WQFTxxOPkzBBnCUEaa2
9tqPtov34mrOmnYTQDBxpljx5u6AzjgMfwJZfh7CtGf893nbbP7T2f3pXAFBR0A32
10xmEvso5afyLNRvmxCsrdr2u73bETmBqFQFgGrhtBpTeGqsixgOegZzKHVF67ZjJi
11e+faM24GAtkOiPB7PfVgZFyTfe8HQsqqcMRVtjd7JxuN33k8cFIWqv5i8oqVLBME
12mLFM2WFIYNTsMtQ38eA7xieuuK6OPTp+cJKQY6jA3wUJOTRt9UE7pEjxOTumckfM
13u/ZE1+AODHkH97FptwIDAQABo2AwXjAdBgNVHQ4EFgQUz44RRa+P1oRBVI6lla3o
14VsVQq7swHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFgL5955qwHN
16vFGnAKoHhoszX3qf2h8zc5HvFfnbvZbBbsuRFW1/QGfQPGWDq8YUlb6wu8NjLjSM
17qTSYd1CvWXO1s91kr3LM5k7+9x+whOgbzWjGiprloS9pXcZ+ljTunW4o7jE7pPjZ
18opk7W2WmD7/dEDg10x0yDZnKbzea5PMpp6kLqNjtENW4SETtcnwBdi/MZ09ApuUC
19E+XWK/uKmxbIJ7Rt/Vi5H3BE74w7souq7fMwGGk7NL8Fmha78VQApKvZV/Rsfrio
20D0vVU8djTlEJyXCeqFYU2eKWhc0bfiONIFJ6Wtg/1cR6Jn12+6X36J+wW1G3ibMu
21ey+V9oVpM2U=
22-----END CERTIFICATE-----
23-----BEGIN PRIVATE KEY-----
24MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCnW9arcvrfM+Lx
25ElonTsuxHTmAIFgnsWuemuopujuzAutrccTlZAVPHE4+TMEGcJQRpra2o+2i/fia
26s6adhNAMHGmWPHm7oDOOAx/All+HsK0Z/z3edts/tPZ/elcAUFHQDfbGYS+yjlp/
27Is1G+bEKyt2va7vdsROYGoVAWAauG0GlN4aqyLGA56BnModUXrtmMmJ759ozbgYC
282Q6I8Hs99WBkXJN97wdCyqpwxFW2N3snG43feTxwUhaq/mLyipUsEwSYsUzZYUhg
291Owy1Dfx4DvGJ664ro49On5wkpBjqMDfBQk5NG31QTukSPE5O6ZyR8y79kTX4A4M
30eQf3sWm3AgMBAAECggEBAJV3HddtDsR8sHegbkegxaXeddYKDPEWMQkrTWoK2vpa
315ynEJ5a+p0cp/m8BWXqI3JSPEas36CmjLH3taCZR0QSf82SrigSZZLG19IupQJQM
32o+wN2pFuEQ1qbqMW/dBX61kmv3gYn+KV5BibWj3DDeyXlTjvvI6XcOps9QisFPs0
33BqPC7U4B3DaILeK+cLS9ONjXv4WgGi1LB8dpSR3HgT+qKs/bceCWGCcjfi3PQVJw
348Ahv8wce71rwIWxhnh6hcHq8iiGUj2CAtOA9E4qtxgQ5VkhR049pPQ0CkcrFBRT8
35wTDF5ffzSAbU9QRp/cL7k/eeEAiNQg0aL2GUHhmO/KECgYEA1PxATAFTzX6K4nM/
36yRU769vegTiblYjzUB5JL7baMUgSGgXrZ4UomtQQiYZSDhho8bDSEKM7cNzddMTo
37BFyKTvV4Won6LtF2R/JiFbUfDxhGS1+uoLXGciAFdB+NABLrmTQ0jp0N3y53UBmr
38jwMDz9BqXq+6QoM3lLUsL4V2j08CgYEAySiax4D3pkr3T6iTuEaLqW9vTV58vWUY
39sDstNA2YONYTPHUtFMpVfPgMmrraWHl3yNC2LB9W3SjJ+05oRYObUBI1oAg68u9z
40T2+jcxM3fN8HFwyFMm5gd3tygawdwGsvCjLPMJaHdtwlbg8lYfHyEl1hJRA+cnKg
41Y5hrfWtpJRkCgYEApWeBR4WAX4Z2tYZrcu5aqsEF+7TKn0bMLtxWWgfXS459AFi4
42iJyQ/CzU6vi1oNy0I37+pI0gDHZ6RcTlqv1zK/7WiPm+ob1p7lX+dn1CsaZYcRDN
43vWFtzBOyKIyYJAaNkV1Js7eknj6nyj0lTts4ipuBACfYru7Yq1RIDF/Jw2ECgYA9
44qTWwu+at0cL3ZwxI6076VA9BHxqLj8a+lpUnpJcprO1eleiIu/DyirKKZ4ZwomNG
45aju9UKn2xv8LCqDJ1iqwo7ROZtdzClVFX0oyBwz2OQNaXFsj91OYrH2QJCtGhVR5
46AtQh57KEi7zpfLkPyfNTD86sZstNl7d0cA9a9abYWQKBgQCPESj1LojjkEvGKtiD
479w+ZMaDf+mYK+RYQnjEthUMpAPI+mhm9cAl8mMJu3FaNgviOX9oB1/1XGl1Pj5od
48KWej9CF1ltoW/PcjsSTeeRFye5jvXn9BLr3w6iUl9pwyo4sVyLHgMzZpiQvGoRNy
49u80tjy6bVP3dGa5VHm36pENC4Q==
50-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/make-certs.sh b/src/regress/lib/libssl/certs/make-certs.sh
deleted file mode 100755
index c90b7c8ff3..0000000000
--- a/src/regress/lib/libssl/certs/make-certs.sh
+++ /dev/null
@@ -1,263 +0,0 @@
1#!/bin/ksh
2
3#
4# Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
5#
6# Permission to use, copy, modify, and distribute this software for any
7# purpose with or without fee is hereby granted, provided that the above
8# copyright notice and this permission notice appear in all copies.
9#
10# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17#
18
19set -e
20set -u
21set -x
22
23readonly SUBJECT="/CN=LibreSSL Test"
24
25readonly TMPDIR=$(mktemp -d)
26
27cleanup() {
28 rm -rf "${TMPDIR}"
29}
30
31trap cleanup EXIT INT
32
33reset() {
34 echo '100001' > ${TMPDIR}/certserial
35 cat /dev/null > ${TMPDIR}/certindex
36}
37
38setup() {
39 reset
40
41 cat > ${TMPDIR}/openssl.cnf <<EOF
42[ca]
43default_ca = test_ca
44
45[test_ca]
46new_certs_dir = ${TMPDIR}/
47database = ${TMPDIR}/certindex
48default_days = 365
49default_md = sha256
50policy = test_policy
51serial = ${TMPDIR}/certserial
52
53[test_policy]
54countryName = optional
55stateOrProvinceName = optional
56localityName = optional
57organizationName = optional
58organizationalUnitName = optional
59commonName = supplied
60emailAddress = optional
61
62[v3_ca_root]
63subjectKeyIdentifier = hash
64authorityKeyIdentifier = keyid:always,issuer
65basicConstraints = critical, CA:true
66keyUsage = critical, cRLSign, keyCertSign
67
68[v3_ca_int]
69subjectKeyIdentifier = hash
70authorityKeyIdentifier = keyid:always,issuer
71basicConstraints = critical, CA:true
72keyUsage = critical, cRLSign, keyCertSign
73
74[v3_other]
75subjectKeyIdentifier = hash
76authorityKeyIdentifier = keyid:always,issuer
77basicConstraints = critical, CA:false
78keyUsage = critical, digitalSignature
79
80[req]
81distinguished_name = req_distinguished_name
82
83[ req_distinguished_name ]
84EOF
85}
86
87key_type_to_args() {
88 local key_type=$1
89
90 alg=${key_type%:*}
91 param=${key_type#*:}
92
93 if [[ "${alg}" == "rsa" ]]; then
94 echo "-newkey ${key_type}";
95 elif [[ "${alg}" == "ec" ]]; then
96 echo "-newkey $alg -pkeyopt ec_paramgen_curve:${param}"
97 else
98 echo "Unknown key type ${key_type}" >&2
99 exit 1
100 fi
101}
102
103create_root() {
104 local name=$1 file=$2 key_type=$3
105
106 key_args=$(key_type_to_args "${key_type}")
107
108 openssl req -new -days 3650 -nodes ${key_args} -sha256 -x509 \
109 -subj "${SUBJECT} ${name}" -keyout "${TMPDIR}/${file}.key" \
110 -config ${TMPDIR}/openssl.cnf -extensions v3_ca_root \
111 -out "${TMPDIR}/${file}.crt"
112}
113
114create_intermediate() {
115 local name=$1 file=$2 issuer_file=$3 key_type=$4
116
117 key_args=$(key_type_to_args "${key_type}")
118
119 openssl req -new -days 3650 -nodes ${key_args} -sha256 \
120 -subj "${SUBJECT} ${name}" -keyout "${TMPDIR}/${file}.key" \
121 -out "${TMPDIR}/${file}.csr"
122 openssl x509 -req -days 3650 -CA "${TMPDIR}/${issuer_file}.crt" \
123 -CAkey "${TMPDIR}/${issuer_file}.key" -CAcreateserial \
124 -extfile ${TMPDIR}/openssl.cnf -extensions v3_ca_int \
125 -in "${TMPDIR}/${file}.csr" -out "${TMPDIR}/${file}.crt"
126}
127
128create_leaf() {
129 local name=$1 file=$2 issuer_file=$3 key_type=$4
130
131 key_args=$(key_type_to_args "${key_type}")
132
133 openssl req -new -days 3650 -nodes ${key_args} -sha256 \
134 -subj "${SUBJECT} ${name}" -keyout "${TMPDIR}/${file}.key" \
135 -out "${TMPDIR}/${file}.csr"
136 openssl x509 -req -days 3650 -CA "${TMPDIR}/${issuer_file}.crt" \
137 -CAkey "${TMPDIR}/${issuer_file}.key" -CAcreateserial -sha256 \
138 -extfile ${TMPDIR}/openssl.cnf -extensions v3_other \
139 -in "${TMPDIR}/${file}.csr" -out "${TMPDIR}/${file}.crt"
140}
141
142create_expired_leaf() {
143 local name=$1 file=$2 issuer_file=$3 key_type=$4
144
145 key_args=$(key_type_to_args "${key_type}")
146
147 openssl req -new -days 3650 -nodes ${key_args} -sha256 \
148 -subj "${SUBJECT} ${name}" -keyout "${TMPDIR}/${file}.key" \
149 -out "${TMPDIR}/${file}.csr"
150 openssl ca -batch -notext -cert "${TMPDIR}/${issuer_file}.crt" \
151 -keyfile "${TMPDIR}/${issuer_file}.key" \
152 -config ${TMPDIR}/openssl.cnf -extensions v3_other \
153 -startdate 20100101000000Z -enddate 20200101000000Z \
154 -in "${TMPDIR}/${file}.csr" -out "${TMPDIR}/${file}.crt"
155}
156
157create_revoked_leaf() {
158 local name=$1 file=$2 issuer_file=$3 key_type=$4
159
160 key_args=$(key_type_to_args "${key_type}")
161
162 openssl req -new -days 3650 -nodes ${key_args} -sha256 \
163 -subj "${SUBJECT} ${name}" -keyout "${TMPDIR}/${file}.key" \
164 -out "${TMPDIR}/${file}.csr"
165 openssl x509 -req -days 3650 -CA "${TMPDIR}/${issuer_file}.crt" \
166 -CAkey "${TMPDIR}/${issuer_file}.key" -CAcreateserial \
167 -extfile ${TMPDIR}/openssl.cnf -extensions v3_other \
168 -in "${TMPDIR}/${file}.csr" -out "${TMPDIR}/${file}.crt"
169 openssl ca -cert "${TMPDIR}/${issuer_file}.crt" \
170 -keyfile "${TMPDIR}/${issuer_file}.key" \
171 -config "${TMPDIR}/openssl.cnf" -extensions v3_other \
172 -revoke "${TMPDIR}/${file}.crt"
173 openssl ca -gencrl -cert "${TMPDIR}/${issuer_file}.crt" \
174 -keyfile "${TMPDIR}/${issuer_file}.key" \
175 -config "${TMPDIR}/openssl.cnf" -extensions v3_other \
176 -crldays 30 -out "${TMPDIR}/${issuer_file}.crl"
177}
178
179create_bundle() {
180 local bundle_file=$1
181 shift
182
183 mkdir -p $(dirname ${bundle_file})
184 cat /dev/null > ${bundle_file}
185
186 for _cert_file in $@; do
187 openssl x509 -nameopt oneline -subject -issuer \
188 -in "${TMPDIR}/${_cert_file}.crt" >> ${bundle_file}
189 done
190}
191
192create_bundle_with_key() {
193 local bundle_file=$1
194 shift
195
196 mkdir -p $(dirname ${bundle_file})
197 cat /dev/null > ${bundle_file}
198
199 for _cert_file in $@; do
200 openssl x509 -nameopt oneline -subject -issuer -noout \
201 -in "${TMPDIR}/${_cert_file}.crt" >> ${bundle_file}
202 done
203 for _cert_file in $@; do
204 cat "${TMPDIR}/${_cert_file}.crt" >> ${bundle_file}
205 done
206 for _key_file in $@; do
207 cat "${TMPDIR}/${_key_file}.key" >> ${bundle_file}
208 done
209}
210
211setup
212
213reset
214create_root "Root CA RSA" "ca-root-rsa" "rsa:2048"
215create_intermediate "Intermediate CA RSA" "ca-int-rsa" "ca-root-rsa" "rsa:2048"
216create_leaf "Server 1 RSA" "server-1-rsa" "ca-int-rsa" "rsa:2048"
217create_expired_leaf "Server 2 RSA" "server-2-rsa" "ca-int-rsa" "rsa:2048"
218create_revoked_leaf "Server 3 RSA" "server-3-rsa" "ca-int-rsa" "rsa:2048"
219create_leaf "Client 1 RSA" "client-1-rsa" "ca-int-rsa" "rsa:2048"
220create_expired_leaf "Client 2 RSA" "client-2-rsa" "ca-int-rsa" "rsa:2048"
221create_revoked_leaf "Client 3 RSA" "client-3-rsa" "ca-int-rsa" "rsa:2048"
222
223create_bundle "./ca-root-rsa.pem" "ca-root-rsa"
224create_bundle "./ca-int-rsa.pem" "ca-int-rsa"
225cp "${TMPDIR}/ca-int-rsa.crl" "./ca-int-rsa.crl"
226create_bundle_with_key "./server1-rsa.pem" "server-1-rsa"
227create_bundle "./server1-rsa-chain.pem" "server-1-rsa" "ca-int-rsa"
228create_bundle_with_key "./server2-rsa.pem" "server-2-rsa"
229create_bundle "./server2-rsa-chain.pem" "server-2-rsa" "ca-int-rsa"
230create_bundle_with_key "./server3-rsa.pem" "server-3-rsa"
231create_bundle "./server3-rsa-chain.pem" "server-3-rsa" "ca-int-rsa"
232create_bundle_with_key "./client1-rsa.pem" "client-1-rsa"
233create_bundle "./client1-rsa-chain.pem" "client-1-rsa" "ca-int-rsa"
234create_bundle_with_key "./client2-rsa.pem" "client-2-rsa"
235create_bundle "./client2-rsa-chain.pem" "client-2-rsa" "ca-int-rsa"
236create_bundle_with_key "./client3-rsa.pem" "client-3-rsa"
237create_bundle "./client3-rsa-chain.pem" "client-3-rsa" "ca-int-rsa"
238
239reset
240create_root "Root CA ECDSA" "ca-root-ecdsa" "ec:prime256v1"
241create_intermediate "Intermediate CA ECDSA" "ca-int-ecdsa" "ca-root-ecdsa" "ec:prime256v1"
242create_leaf "Server 1 ECDSA" "server-1-ecdsa" "ca-int-ecdsa" "ec:prime256v1"
243create_expired_leaf "Server 2 ECDSA" "server-2-ecdsa" "ca-int-ecdsa" "ec:prime256v1"
244create_revoked_leaf "Server 3 ECDSA" "server-3-ecdsa" "ca-int-ecdsa" "ec:prime256v1"
245create_leaf "Client 1 ECDSA" "client-1-ecdsa" "ca-int-ecdsa" "ec:prime256v1"
246create_expired_leaf "Client 2 ECDSA" "client-2-ecdsa" "ca-int-ecdsa" "ec:prime256v1"
247create_revoked_leaf "Client 3 ECDSA" "client-3-ecdsa" "ca-int-ecdsa" "ec:prime256v1"
248
249create_bundle "./ca-root-ecdsa.pem" "ca-root-ecdsa"
250create_bundle "./ca-int-ecdsa.pem" "ca-int-ecdsa"
251cp "${TMPDIR}/ca-int-ecdsa.crl" "./ca-int-ecdsa.crl"
252create_bundle_with_key "./server1-ecdsa.pem" "server-1-ecdsa"
253create_bundle "./server1-ecdsa-chain.pem" "server-1-ecdsa" "ca-int-ecdsa"
254create_bundle_with_key "./server2-ecdsa.pem" "server-2-ecdsa"
255create_bundle "./server2-ecdsa-chain.pem" "server-2-ecdsa" "ca-int-ecdsa"
256create_bundle_with_key "./server3-ecdsa.pem" "server-3-ecdsa"
257create_bundle "./server3-ecdsa-chain.pem" "server-3-ecdsa" "ca-int-ecdsa"
258create_bundle_with_key "./client1-ecdsa.pem" "client-1-ecdsa"
259create_bundle "./client1-ecdsa-chain.pem" "client-1-ecdsa" "ca-int-ecdsa"
260create_bundle_with_key "./client2-ecdsa.pem" "client-2-ecdsa"
261create_bundle "./client2-ecdsa-chain.pem" "client-2-ecdsa" "ca-int-ecdsa"
262create_bundle_with_key "./client3-ecdsa.pem" "client-3-ecdsa"
263create_bundle "./client3-ecdsa-chain.pem" "client-3-ecdsa" "ca-int-ecdsa"
diff --git a/src/regress/lib/libssl/certs/server1-ecdsa-chain.pem b/src/regress/lib/libssl/certs/server1-ecdsa-chain.pem
deleted file mode 100644
index 46add4d11c..0000000000
--- a/src/regress/lib/libssl/certs/server1-ecdsa-chain.pem
+++ /dev/null
@@ -1,26 +0,0 @@
1subject= CN = LibreSSL Test Server 1 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBqzCCAVKgAwIBAgIJAOVssaaTYoH4MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM
5I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0
6NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBT
7ZXJ2ZXIgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLCfzrwjvJ6V
8m2Jog48gtuDNYupHd8TKOCVb6J7f1/U3Owwy2//ZVTvM+9uoIC8xxUJAmN0PC+9a
9+5TkRWiD1KWjYDBeMB0GA1UdDgQWBBTo776/p89eGJwMmJRNk4k+xGVRPTAfBgNV
10HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud
11DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNHADBEAiAhHPaADQMcGea7iBRbKZWSHUAf
12fZSNIWF/nYASNBvKLgIgQXLiuWxt6/a7vxaZwgYXkhP1YfDSC5Kpktxr/3jHcAU=
13-----END CERTIFICATE-----
14subject= CN = LibreSSL Test Intermediate CA ECDSA
15issuer= CN = LibreSSL Test Root CA ECDSA
16-----BEGIN CERTIFICATE-----
17MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
18TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
19MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
20dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
21LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
227/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
23BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
24HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
25VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
26-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/server1-ecdsa.pem b/src/regress/lib/libssl/certs/server1-ecdsa.pem
deleted file mode 100644
index 541fed6efe..0000000000
--- a/src/regress/lib/libssl/certs/server1-ecdsa.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1subject= CN = LibreSSL Test Server 1 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBqzCCAVKgAwIBAgIJAOVssaaTYoH4MAoGCCqGSM49BAMCMC4xLDAqBgNVBAMM
5I0xpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTIxMTIyNzE0
6NDA0MFoXDTMxMTIyNTE0NDA0MFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBT
7ZXJ2ZXIgMSBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLCfzrwjvJ6V
8m2Jog48gtuDNYupHd8TKOCVb6J7f1/U3Owwy2//ZVTvM+9uoIC8xxUJAmN0PC+9a
9+5TkRWiD1KWjYDBeMB0GA1UdDgQWBBTo776/p89eGJwMmJRNk4k+xGVRPTAfBgNV
10HSMEGDAWgBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1Ud
11DwEB/wQEAwIHgDAKBggqhkjOPQQDAgNHADBEAiAhHPaADQMcGea7iBRbKZWSHUAf
12fZSNIWF/nYASNBvKLgIgQXLiuWxt6/a7vxaZwgYXkhP1YfDSC5Kpktxr/3jHcAU=
13-----END CERTIFICATE-----
14-----BEGIN PRIVATE KEY-----
15MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgvh2q0Zzqn18tPux2
16csqpbWDtHGialpwtx/r/0ENHeKOhRANCAASwn868I7yelZtiaIOPILbgzWLqR3fE
17yjglW+ie39f1NzsMMtv/2VU7zPvbqCAvMcVCQJjdDwvvWvuU5EVog9Sl
18-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server1-rsa-chain.pem b/src/regress/lib/libssl/certs/server1-rsa-chain.pem
deleted file mode 100644
index 57dec7b5b4..0000000000
--- a/src/regress/lib/libssl/certs/server1-rsa-chain.pem
+++ /dev/null
@@ -1,44 +0,0 @@
1subject= CN = LibreSSL Test Server 1 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoHzMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7U2VydmVyIDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvyt
8i0uA2qaFltVb8+PElYk84AnjY0WZDcGtKSMCAYTD857fO2V4S/wpJ9ZMt8kBKQ29
9D2Glkkhc/HPpb7wJcAUT++aZ/PbOtuzOHzdxheOolfZ6aw+qCSiVlcflKfMp7VPL
10swimqKpm6atl2aSqldKfmGzjhAAPiTXbzUjh9pbTfO8ykdn/6AqP7ju3+4sseMPL
11seNq1wstWRdiHm0P/BoJn4lwDe7QTSp1AxMqDTz5BiO+UjCW2oTsOFfo/hhslQf5
12qv7uPLrz/VWiEojQP5RzfcnVwplUgTvtaOkXxZeOH7VkKS1v8W506/h3RIKj0X8Y
13JDLuIPqSAPNLWGyH4wIDAQABo2AwXjAdBgNVHQ4EFgQUFJPGTfe+ULC/anJ4fCVz
14DXA0JI4wHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGP5hYyAYzlj
16YCV24ApNPb+mNEMHu1SL1MgDXJOTWZMFOvuYcibtmcVIfwpM4+UpC7cRqPRjBEqm
17NdLbJi4jGzQDNOcI7OZCCx6oKvAhjMofpb42Iq4bDuBqlhHRXvYnO30y0yRbSGXt
18GvKvkNKOSXUnY1UtcBAN5szcyFk30xQK+f/2VqJguvjsTquFV+piqFyq91ICyIeQ
191gjTn1N2/SkmYpwZdyf0HqSjyqJ0FG4xiW6T0HmX1QI651Kux49vLel7ySxzGY+6
20axnPilTYx/7pkciGk5ckLdujpXsDPhC+E2hdoee494c5NvX/uibYhigLU/gHK/ZP
21YisY8ihnPl8=
22-----END CERTIFICATE-----
23subject= CN = LibreSSL Test Intermediate CA RSA
24issuer= CN = LibreSSL Test Root CA RSA
25-----BEGIN CERTIFICATE-----
26MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
27BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
28MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
29aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
30I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
31wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
32OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
33XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
345jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
35IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
36A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
37BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
38BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
39jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
40kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
41gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
427Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
43ZgJtfcNeVMglYQ==
44-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/server1-rsa.pem b/src/regress/lib/libssl/certs/server1-rsa.pem
deleted file mode 100644
index 12e9ac9ec9..0000000000
--- a/src/regress/lib/libssl/certs/server1-rsa.pem
+++ /dev/null
@@ -1,50 +0,0 @@
1subject= CN = LibreSSL Test Server 1 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoHzMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7U2VydmVyIDEgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvyt
8i0uA2qaFltVb8+PElYk84AnjY0WZDcGtKSMCAYTD857fO2V4S/wpJ9ZMt8kBKQ29
9D2Glkkhc/HPpb7wJcAUT++aZ/PbOtuzOHzdxheOolfZ6aw+qCSiVlcflKfMp7VPL
10swimqKpm6atl2aSqldKfmGzjhAAPiTXbzUjh9pbTfO8ykdn/6AqP7ju3+4sseMPL
11seNq1wstWRdiHm0P/BoJn4lwDe7QTSp1AxMqDTz5BiO+UjCW2oTsOFfo/hhslQf5
12qv7uPLrz/VWiEojQP5RzfcnVwplUgTvtaOkXxZeOH7VkKS1v8W506/h3RIKj0X8Y
13JDLuIPqSAPNLWGyH4wIDAQABo2AwXjAdBgNVHQ4EFgQUFJPGTfe+ULC/anJ4fCVz
14DXA0JI4wHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGP5hYyAYzlj
16YCV24ApNPb+mNEMHu1SL1MgDXJOTWZMFOvuYcibtmcVIfwpM4+UpC7cRqPRjBEqm
17NdLbJi4jGzQDNOcI7OZCCx6oKvAhjMofpb42Iq4bDuBqlhHRXvYnO30y0yRbSGXt
18GvKvkNKOSXUnY1UtcBAN5szcyFk30xQK+f/2VqJguvjsTquFV+piqFyq91ICyIeQ
191gjTn1N2/SkmYpwZdyf0HqSjyqJ0FG4xiW6T0HmX1QI651Kux49vLel7ySxzGY+6
20axnPilTYx/7pkciGk5ckLdujpXsDPhC+E2hdoee494c5NvX/uibYhigLU/gHK/ZP
21YisY8ihnPl8=
22-----END CERTIFICATE-----
23-----BEGIN PRIVATE KEY-----
24MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCe/K2LS4DapoWW
251Vvz48SViTzgCeNjRZkNwa0pIwIBhMPznt87ZXhL/Ckn1ky3yQEpDb0PYaWSSFz8
26c+lvvAlwBRP75pn89s627M4fN3GF46iV9nprD6oJKJWVx+Up8yntU8uzCKaoqmbp
27q2XZpKqV0p+YbOOEAA+JNdvNSOH2ltN87zKR2f/oCo/uO7f7iyx4w8ux42rXCy1Z
28F2IebQ/8GgmfiXAN7tBNKnUDEyoNPPkGI75SMJbahOw4V+j+GGyVB/mq/u48uvP9
29VaISiNA/lHN9ydXCmVSBO+1o6RfFl44ftWQpLW/xbnTr+HdEgqPRfxgkMu4g+pIA
3080tYbIfjAgMBAAECggEBAJDm9PkW6KrfyLPPZA5mUl6EBWKgQInS/gsmsT7j9EkU
31C1A4RXcqJTkD6zKuw59h6NfU+LJTKgeoQm+o6WJ3/BYH2s3kwAZpn7/jFn4nFyWT
32d6yuR6baUPwl7CfmV3wjbtwqWmajhNoG7OMd3yc9SGhi3iibXcWKFJ7W4q04NxJ5
33txswRddLYMFUeJxPBdImlyibyUIWaYFid4O2kozTQWpyJld5SP4+YQObb6sBJuvN
34wR53eaRGb0OaUGppglGlWTahIADBjbhf0zd9YiUjvums/cjx2goHzQqt4rIj1Pid
35I3duu/kw7AsuRlvmhk02Cu4Ixr8hljbeo2L7UAP+4BkCgYEAzVq8Fqi/5IVdjl0H
36FwvS9NX3HFFzdixtI2p/jCQ721Kxpf73zvRpMG/YZL3vBt4sXT7WpJZZsKrYogL7
378s/dG7p/GpzSnvJKQfT6Ko+jnv24MEIoqMx+Smd+nJJJ0KzZRvrqzcF+wsicmKnN
38y/4t8T1DqSm4WxDyuy/uDozqCP0CgYEAxjJ9GJha40sHlY4sOTaJqapN6va/t70/
39iRj+Mt9Bm1O41PBgu+SMADGukrjL5DYp53QRGhyqb2PWmZsGYvftPZNq5b3pzKPo
408jiP9AxYDt/GLO3x/GppiywOxHD8CV19BDVqWcBkV1ATu2kkmokDbq+g94xnMBzN
41nURtfL5Hml8CgYAMeJIrnhvpOOAxoRypHaK2E7hqE9g7OP93wyPz0s9/xknbltxd
42ySIKOwCdPZuigyOWlhZa8HaJ8BYv4JaEbHM1F+JYL2XrGTPBRatbolWBdk8VPy9Q
438PpKcnaR86Bf999KHDreO/4CvkQkUUuaM9l+aQYO4+W6QhE7pPGEGLKt0QKBgCL2
44exzgm3/nF3JpfyGknkpA0bf2SUG3b8LWltkQizlEXqGpudbLbWsHWJ1nXghnCaNb
451Tx+/A3kVdIJB+pjhAVNwRjAFMNV0t0P300U9F/DV+lLHFoDx5SWdBBxQfTA+jHI
463nbwuoKwjJqN5LgiHWnkL4gby4QwQJFSpeHQiz8PAoGBAJaur4aFaSlgGAiKJX4/
47Om4AedImBgFsVKf44xx5pDwEcqLeEwRBxa0r5Sftqsrz+Ck60hR/MWCwJEBll5PV
48MJtOHBb2bINFhLOqV1WoSkSoKEhtMvFnLbWGBi5gYHC4+lYuyQqD/vu3sxe5IT9C
49PKgUgKV32Z7KBpDuFGtGmiDb
50-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server2-ecdsa-chain.pem b/src/regress/lib/libssl/certs/server2-ecdsa-chain.pem
deleted file mode 100644
index 494d2ea209..0000000000
--- a/src/regress/lib/libssl/certs/server2-ecdsa-chain.pem
+++ /dev/null
@@ -1,26 +0,0 @@
1subject= CN = LibreSSL Test Server 2 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBpjCCAUygAwIBAgIDEAABMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl
5U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX
6DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBTZXJ2ZXIg
7MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOTftmDhBMSS23a+sRO
83Zr43RUwtdJvNfKhpHKRbBLIttBkbI1wWCgufMLCJXhL6pSpCeT/C9ioFks2JMg7
9CPCjYDBeMB0GA1UdDgQWBBSCtBk04EXYNjiFaaTcJumL0BFylTAfBgNVHSMEGDAW
10gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
11AwIHgDAKBggqhkjOPQQDAgNIADBFAiEAqnQ+TRgMZRys3z3olZysrnP0d6XIdfgv
12XvlXRaM0s/QCIHdrTx/IPfJSvo0rDN08CJfbO0NBOc9PFsnDRUKsxJd4
13-----END CERTIFICATE-----
14subject= CN = LibreSSL Test Intermediate CA ECDSA
15issuer= CN = LibreSSL Test Root CA ECDSA
16-----BEGIN CERTIFICATE-----
17MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
18TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
19MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
20dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
21LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
227/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
23BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
24HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
25VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
26-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/server2-ecdsa.pem b/src/regress/lib/libssl/certs/server2-ecdsa.pem
deleted file mode 100644
index 2f49df9931..0000000000
--- a/src/regress/lib/libssl/certs/server2-ecdsa.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1subject= CN = LibreSSL Test Server 2 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBpjCCAUygAwIBAgIDEAABMAoGCCqGSM49BAMCMC4xLDAqBgNVBAMMI0xpYnJl
5U1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIEVDRFNBMB4XDTEwMDEwMTAwMDAwMFoX
6DTIwMDEwMTAwMDAwMFowJzElMCMGA1UEAwwcTGlicmVTU0wgVGVzdCBTZXJ2ZXIg
7MiBFQ0RTQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJOTftmDhBMSS23a+sRO
83Zr43RUwtdJvNfKhpHKRbBLIttBkbI1wWCgufMLCJXhL6pSpCeT/C9ioFks2JMg7
9CPCjYDBeMB0GA1UdDgQWBBSCtBk04EXYNjiFaaTcJumL0BFylTAfBgNVHSMEGDAW
10gBQXVj1v/EpXEjlCygJygatQDeTCCDAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
11AwIHgDAKBggqhkjOPQQDAgNIADBFAiEAqnQ+TRgMZRys3z3olZysrnP0d6XIdfgv
12XvlXRaM0s/QCIHdrTx/IPfJSvo0rDN08CJfbO0NBOc9PFsnDRUKsxJd4
13-----END CERTIFICATE-----
14-----BEGIN PRIVATE KEY-----
15MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgxkOt2jb6kQC1ZaUa
16MLSz0lyS0YQtqChoyAvJ7yQf3FahRANCAASTk37Zg4QTEktt2vrETt2a+N0VMLXS
17bzXyoaRykWwSyLbQZGyNcFgoLnzCwiV4S+qUqQnk/wvYqBZLNiTIOwjw
18-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server2-rsa-chain.pem b/src/regress/lib/libssl/certs/server2-rsa-chain.pem
deleted file mode 100644
index 5bb660f45e..0000000000
--- a/src/regress/lib/libssl/certs/server2-rsa-chain.pem
+++ /dev/null
@@ -1,44 +0,0 @@
1subject= CN = LibreSSL Test Server 2 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDLjCCAhagAwIBAgIDEAABMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp
5YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa
6Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgU2VydmVy
7IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu08owc3HqHu2
8+92bKDs/VCVjkGMZSVOrdAXYEKf9WQ6cGxiowjJy391szSd5bW/Yf7hbNhctr29G
98oIj0wsMfz3lxuHDYISt8uAjbjqFiZTNfBeg7PVE9aDWXqaophcq4DT2ygv9O190
1009RxTJD6PdclUtQNYZHr3c7kP2AdeBWWVPAmKISDSEkjXqc0x9LEtm7UA/0WAtKM
11NUXUb/ZNBu90j7gRpjN6VyfaqJMdoDR31s7QXivL5hr4x0M0Y1ihN1/cHA5Qjb0s
126t8w6H2b0xtvJgO5N3ZUAVclAO3MsVRqr04aAyxcJ47qOkWPbh9OqaFyZFdl7L2r
13UTLloQNkcwIDAQABo2AwXjAdBgNVHQ4EFgQUrDgWmmX6bVZt4Z7SvCSXEfJMoZQw
14HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO
15BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBANbQG/fAGsV+J+cmEIlg
169i5c44hpr3BAXn5QYMbV9OQ8M9Rq8cZx/EkwNlCfPnQph2PqN2tZNstBnlL90rNq
17pOj1Ee+ppemeJrHKFuEncytGHbgqjRLgi9n0vR5RF1I7dJvRlPugpf/FxeMC/7f2
18qDDfdMsvmu/+qWBMb+U5yPLXlibGr7nf7B3t9ZBtku5flP3OOmipIjFpLOmvu06Z
199fac0JHDRvBQCemvIbSIa8Sz6UVJ1hKTjaN+lqc7e5tgbovNqjgFiLx0lQrfBmg9
20tnNhoaEuwwyPNIVLUK3J1Q4lv/m9fX7BVmL5C56AexwtD/jupdXe2utjFx6YXrKG
21nxU=
22-----END CERTIFICATE-----
23subject= CN = LibreSSL Test Intermediate CA RSA
24issuer= CN = LibreSSL Test Root CA RSA
25-----BEGIN CERTIFICATE-----
26MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
27BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
28MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
29aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
30I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
31wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
32OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
33XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
345jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
35IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
36A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
37BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
38BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
39jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
40kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
41gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
427Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
43ZgJtfcNeVMglYQ==
44-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/server2-rsa.pem b/src/regress/lib/libssl/certs/server2-rsa.pem
deleted file mode 100644
index ed7389a430..0000000000
--- a/src/regress/lib/libssl/certs/server2-rsa.pem
+++ /dev/null
@@ -1,50 +0,0 @@
1subject= CN = LibreSSL Test Server 2 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDLjCCAhagAwIBAgIDEAABMA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNVBAMMIUxp
5YnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0xMDAxMDEwMDAwMDBa
6Fw0yMDAxMDEwMDAwMDBaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3QgU2VydmVy
7IDIgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu08owc3HqHu2
8+92bKDs/VCVjkGMZSVOrdAXYEKf9WQ6cGxiowjJy391szSd5bW/Yf7hbNhctr29G
98oIj0wsMfz3lxuHDYISt8uAjbjqFiZTNfBeg7PVE9aDWXqaophcq4DT2ygv9O190
1009RxTJD6PdclUtQNYZHr3c7kP2AdeBWWVPAmKISDSEkjXqc0x9LEtm7UA/0WAtKM
11NUXUb/ZNBu90j7gRpjN6VyfaqJMdoDR31s7QXivL5hr4x0M0Y1ihN1/cHA5Qjb0s
126t8w6H2b0xtvJgO5N3ZUAVclAO3MsVRqr04aAyxcJ47qOkWPbh9OqaFyZFdl7L2r
13UTLloQNkcwIDAQABo2AwXjAdBgNVHQ4EFgQUrDgWmmX6bVZt4Z7SvCSXEfJMoZQw
14HwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/BAIwADAO
15BgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBANbQG/fAGsV+J+cmEIlg
169i5c44hpr3BAXn5QYMbV9OQ8M9Rq8cZx/EkwNlCfPnQph2PqN2tZNstBnlL90rNq
17pOj1Ee+ppemeJrHKFuEncytGHbgqjRLgi9n0vR5RF1I7dJvRlPugpf/FxeMC/7f2
18qDDfdMsvmu/+qWBMb+U5yPLXlibGr7nf7B3t9ZBtku5flP3OOmipIjFpLOmvu06Z
199fac0JHDRvBQCemvIbSIa8Sz6UVJ1hKTjaN+lqc7e5tgbovNqjgFiLx0lQrfBmg9
20tnNhoaEuwwyPNIVLUK3J1Q4lv/m9fX7BVmL5C56AexwtD/jupdXe2utjFx6YXrKG
21nxU=
22-----END CERTIFICATE-----
23-----BEGIN PRIVATE KEY-----
24MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7TyjBzceoe7b7
253ZsoOz9UJWOQYxlJU6t0BdgQp/1ZDpwbGKjCMnLf3WzNJ3ltb9h/uFs2Fy2vb0by
26giPTCwx/PeXG4cNghK3y4CNuOoWJlM18F6Ds9UT1oNZepqimFyrgNPbKC/07X3TT
271HFMkPo91yVS1A1hkevdzuQ/YB14FZZU8CYohINISSNepzTH0sS2btQD/RYC0ow1
28RdRv9k0G73SPuBGmM3pXJ9qokx2gNHfWztBeK8vmGvjHQzRjWKE3X9wcDlCNvSzq
293zDofZvTG28mA7k3dlQBVyUA7cyxVGqvThoDLFwnjuo6RY9uH06poXJkV2XsvatR
30MuWhA2RzAgMBAAECggEAc5ApQzkkv+xkPwzAl5fGQLI4tXKOvVDj7VdVsSEUDAgZ
31hBY4uGfLvBau8/wwzLY+yr4BeGPgieaLzT9BvwmIElEsHQJZOolhkQF8mpt8nB+0
32j6U8YjYI78rlt8v3LVIJ3/6NbKbs+96vA6qEpIql+dVtb6bpApO3BEiLRhaU1+ra
33pi5YbF56S3XlUFL6H46hpNTUxOqbb6toZ/2rr1nscu4jkQhL8u/KS5Uz1Y7RW3zd
34A3U4rbxXnM8SVZrRuWsN1DRL5CpAOdGGiVhew46vAxZU8iX6rODrRaRCp+Gbnoll
35x/ubMMrBrE4WpCY5orb41FPb4U6raY9ZZzTGPuC9YQKBgQDs0LrDy8kh3V7wsIwn
366vMT9MD2Olpl6zwSyQJ0C04u+hGNur3L6intg78TSRqZ7ZKK7CspPy9JCGTYztTG
37vFbXy2vahCFlI2G3lfZj2nS2D+UNSmo2pdpBtuk/iKj67pFAlaa8C3OQ8MXjldQn
383QPANsCo276t0E9SmFcbJYJVCwKBgQDKe7sfdg0tQr9xsBeDuSxRJQOrtWeTmXm6
39zcPKRX8avWr5Ag6w4/BX/RxGZkD4brV5LaK6Qsbwl8v8aNe8Hv4yBQFdW0IMP8mB
40v4kVaNEGxoJE4fnKk1wS22TQvX5fxWPGZhOWQ1sgIqp3Dzvky0nalK7Ru0gRA4gS
41Jl0a4Sp/OQKBgQCHwuW/B53n5yPdcij3XW87Go5g2nUmhqPq1QeuBSkuLzhO+yaB
42t12QB35MDRXN9u+S6u+XdtyhzskZrgE3aZOTpM/Q9vy6IX2MpNEaz4snMJeMdgPM
43DmrAT58KSEsviAMHdoOevCXlitK3tRZqP/89e2YZp9h5hrlizWjqbCd6nwKBgQCS
44XFWqLB7iNHlFqE+W+2a5UNQSbhHscue2y71WnF1/6qNEUuRjoJ++OksR6B/Wc8/h
45Q8d4c4RxrIfab75hUNXVOiD+ZlSbng/+JYDlZNqS1zKar+1rLJFFYCjDafXLLFcu
46teI6n31jASvO28gjXX6I7ShgmctB4ReeZvSt1UxuoQKBgHQ/0fA3owx9kDRA41Hu
47a+npibal0F2JOxn0xiwgW3JcH/EkcSIvUELm8Kjl3GBxf0y9Osu0uf3cSqW9K9+z
48CRpwZmFq+q3HFN6FYHYI6oVvPKIljDhmkvw9HyexXFLRKNs1z2b7Noz2H7ysE0cb
491sAZitEjace2/eAx/wWr2dq0
50-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server3-ecdsa-chain.pem b/src/regress/lib/libssl/certs/server3-ecdsa-chain.pem
deleted file mode 100644
index 03f3373d3b..0000000000
--- a/src/regress/lib/libssl/certs/server3-ecdsa-chain.pem
+++ /dev/null
@@ -1,26 +0,0 @@
1subject= CN = LibreSSL Test Server 3 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH5MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj
5TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0
6MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IFNl
7cnZlciAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0pRqRW+PDenx
8cp+5za1pFDdECxXPXZY7LUPoXxens1lPSM2diexVMdLw1kEbVkOZ50s1X32vQnTa
9TVpovmwna6NgMF4wHQYDVR0OBBYEFCXbw+Fdv+OWDOU163ujSYbdJZx3MB8GA1Ud
10IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P
11AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMt01G90LOiCVRIcodKP1nsOg3oY
12kX8VHUPk9myD52KZAiBu32mh/fgaWsR/lbo2dyGJQHKkmHNt9Wy8hOQ9eGO91A==
13-----END CERTIFICATE-----
14subject= CN = LibreSSL Test Intermediate CA ECDSA
15issuer= CN = LibreSSL Test Root CA ECDSA
16-----BEGIN CERTIFICATE-----
17MIIBrDCCAVOgAwIBAgIJAOVssaaTYoH3MAkGByqGSM49BAEwJjEkMCIGA1UEAwwb
18TGlicmVTU0wgVGVzdCBSb290IENBIEVDRFNBMB4XDTIxMTIyNzE0NDA0MFoXDTMx
19MTIyNTE0NDA0MFowLjEsMCoGA1UEAwwjTGlicmVTU0wgVGVzdCBJbnRlcm1lZGlh
20dGUgQ0EgRUNEU0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATWRQbJh4aHPzHq
21LOAmosW/o83bTpm3Sj1VxM44StmG7c1nnFM/+gS8rp2bVSgjWZQzRtZqGVGJgzbk
227/M1m3x3o2MwYTAdBgNVHQ4EFgQUF1Y9b/xKVxI5QsoCcoGrUA3kwggwHwYDVR0j
23BBgwFoAUtvkat4UdcUEipt6L/PBgEFYH6AwwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
24HQ8BAf8EBAMCAQYwCQYHKoZIzj0EAQNIADBFAiBE4NiOdv/XRN3WWMnkE5QccvC6
25VThoIQRyBf4I97cRPQIhAK18dvwrLuOOfbhWMdkpNCddMkWZHxS7traw/8+s7OUU
26-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/server3-ecdsa.pem b/src/regress/lib/libssl/certs/server3-ecdsa.pem
deleted file mode 100644
index 98950aabbf..0000000000
--- a/src/regress/lib/libssl/certs/server3-ecdsa.pem
+++ /dev/null
@@ -1,18 +0,0 @@
1subject= CN = LibreSSL Test Server 3 ECDSA
2issuer= CN = LibreSSL Test Intermediate CA ECDSA
3-----BEGIN CERTIFICATE-----
4MIIBqjCCAVGgAwIBAgIJAOVssaaTYoH5MAkGByqGSM49BAEwLjEsMCoGA1UEAwwj
5TGlicmVTU0wgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgRUNEU0EwHhcNMjExMjI3MTQ0
6MDQwWhcNMzExMjI1MTQ0MDQwWjAnMSUwIwYDVQQDDBxMaWJyZVNTTCBUZXN0IFNl
7cnZlciAzIEVDRFNBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0pRqRW+PDenx
8cp+5za1pFDdECxXPXZY7LUPoXxens1lPSM2diexVMdLw1kEbVkOZ50s1X32vQnTa
9TVpovmwna6NgMF4wHQYDVR0OBBYEFCXbw+Fdv+OWDOU163ujSYbdJZx3MB8GA1Ud
10IwQYMBaAFBdWPW/8SlcSOULKAnKBq1AN5MIIMAwGA1UdEwEB/wQCMAAwDgYDVR0P
11AQH/BAQDAgeAMAkGByqGSM49BAEDSAAwRQIhAMt01G90LOiCVRIcodKP1nsOg3oY
12kX8VHUPk9myD52KZAiBu32mh/fgaWsR/lbo2dyGJQHKkmHNt9Wy8hOQ9eGO91A==
13-----END CERTIFICATE-----
14-----BEGIN PRIVATE KEY-----
15MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTWRMClyUOn11mX5s
16hTTIQT+3BeauAjrTvKMy5RryWtyhRANCAATSlGpFb48N6fFyn7nNrWkUN0QLFc9d
17ljstQ+hfF6ezWU9IzZ2J7FUx0vDWQRtWQ5nnSzVffa9CdNpNWmi+bCdr
18-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server3-rsa-chain.pem b/src/regress/lib/libssl/certs/server3-rsa-chain.pem
deleted file mode 100644
index e40c982894..0000000000
--- a/src/regress/lib/libssl/certs/server3-rsa-chain.pem
+++ /dev/null
@@ -1,44 +0,0 @@
1subject= CN = LibreSSL Test Server 3 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoH0MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7U2VydmVyIDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqw4
8GSS7/WAR0VYbqFTltj9Cv17m+RuztM1jiJq+MU0Gscbx59NFPt8UFevNsMzWNmAK
9qkioEMVJxXzSUDBjXjLesDt/+VTjR46z16fje3MhGmWa8lDt7hpuHwDF80dg3rZa
10kVEcgKvd6LODTucgE7l07DzMb8qAdRp1SDXIFECO0wLJewkf2CihmNukTxQhI0d+
11XPZTYe3cyMelj8KpCXCXOVXKnXI+BWnYMHC1Op4S9z90xiVBNgQ+Vmg2K9NFifzT
12ZyKIWsERq80rp1s+JmxmzA/vBRlsbj/Ec0h2kF4IavGtHwvAvdvIPV7AG/dIxwlT
13VnHZkPDuLK0H396wmwIDAQABo2AwXjAdBgNVHQ4EFgQUSuP+QN+526Pxw/LGBTqP
14WJpWGvwwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFBJ0mO7dpSN
16euxoh2DJghVfqQB4ladEroDZJkJEDuDkY3SjC+WB/lJowBVPC2QkzjTZt/J4B0Om
176irtKUC8jQ7aqMBfESu/s//GEU4kwlvlJN/Z0nLOh1YEeCwbkavFDy/X62iZ9XvJ
18gjLVVzaXKWGrgdJedHx9Di04rU9jME5qfpXZI50u8grZccpUuTTqpZBiGjFRda2j
19nJhgPBrn9/ityYaOrif8taR+QM6AETvEpJWo+I/iQ7vATmxHuq6y+0Sza5j9wGH/
20begJs9H890AiwO2bbUi1ehNj7NHZHySWNJlzBerwOQv7Zo8j+kHBop82ABsb/Xet
21kgn7bdkfKoI=
22-----END CERTIFICATE-----
23subject= CN = LibreSSL Test Intermediate CA RSA
24issuer= CN = LibreSSL Test Root CA RSA
25-----BEGIN CERTIFICATE-----
26MIIDNjCCAh6gAwIBAgIJAOVssaaTYoHyMA0GCSqGSIb3DQEBCwUAMCQxIjAgBgNV
27BAMMGUxpYnJlU1NMIFRlc3QgUm9vdCBDQSBSU0EwHhcNMjExMjI3MTQ0MDM3WhcN
28MzExMjI1MTQ0MDM3WjAsMSowKAYDVQQDDCFMaWJyZVNTTCBUZXN0IEludGVybWVk
29aWF0ZSBDQSBSU0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD151AI
30I+W9MrEP3dO0PEjg6L9E1R6+CG6u0LT3Jobc/rG2RXqKLasEaXoBWYiJoTImVxFT
31wtrY+IDDTaEV4/4RGII1fY8Js7v5NpwoEh15jCoJ6/qDjKd4y1s1M48PlWYNNRmv
32OBKRIu3Fz7scUa1RSBCp1bZeHbq/V5SzG419nDq2xpyuUrwmfBhDZTH+kUwBNGn8
33XVRFCRJQVP3qEAH02Zai2emSVj13KrhEWMtNyA8fa34GIuV23Q40RKW3jUgGBF+D
345jPNN8EZCj34nvvbjCCBs7cxZvD4F/MzGbatKpNmNOKXKibeg/xCq8B/F1uzHcl3
35IzJuViNtQ3RjQ/1pAgMBAAGjYzBhMB0GA1UdDgQWBBQ2oaFa//6a3ZNBNV0NlN3n
36A9jiZjAfBgNVHSMEGDAWgBQ+S/x79Kw0KqURKAHyiOhdj/8V0TAPBgNVHRMBAf8E
37BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAcok2oSct
38BOkm75qA8+4eUilGxTaqFPCqY8fk8MKNRKNNzaqirPaLJW62mZaxRHOn1Bw9uzL3
39jgz2PaTwA7n5GpKs3r5JLk8BdtRyeqMLmqJVJKKuu4GtJLCA8jhQm+XNA1Z324hg
40kVeBHLPpLKvQxb+0lmbRBORq/OtMirq2yK8OlF2USrfQx0jmhSvvLpWyA0hhAXRS
41gg1ds9aL57dELvk6gR7Unob+J0O2Xq3FRwz2O1k9fF86a0qrWUkxcnAjobC2BczC
427Fe5B194LgrX2U4IIrzwgJ19kmtrb1Qol2okECxomTYsbQY36sBs+LOKxSuiagu6
43ZgJtfcNeVMglYQ==
44-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/server3-rsa.pem b/src/regress/lib/libssl/certs/server3-rsa.pem
deleted file mode 100644
index 256528ae35..0000000000
--- a/src/regress/lib/libssl/certs/server3-rsa.pem
+++ /dev/null
@@ -1,50 +0,0 @@
1subject= CN = LibreSSL Test Server 3 RSA
2issuer= CN = LibreSSL Test Intermediate CA RSA
3-----BEGIN CERTIFICATE-----
4MIIDNDCCAhygAwIBAgIJAOVssaaTYoH0MA0GCSqGSIb3DQEBCwUAMCwxKjAoBgNV
5BAMMIUxpYnJlU1NMIFRlc3QgSW50ZXJtZWRpYXRlIENBIFJTQTAeFw0yMTEyMjcx
6NDQwMzdaFw0zMTEyMjUxNDQwMzdaMCUxIzAhBgNVBAMMGkxpYnJlU1NMIFRlc3Qg
7U2VydmVyIDMgUlNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqw4
8GSS7/WAR0VYbqFTltj9Cv17m+RuztM1jiJq+MU0Gscbx59NFPt8UFevNsMzWNmAK
9qkioEMVJxXzSUDBjXjLesDt/+VTjR46z16fje3MhGmWa8lDt7hpuHwDF80dg3rZa
10kVEcgKvd6LODTucgE7l07DzMb8qAdRp1SDXIFECO0wLJewkf2CihmNukTxQhI0d+
11XPZTYe3cyMelj8KpCXCXOVXKnXI+BWnYMHC1Op4S9z90xiVBNgQ+Vmg2K9NFifzT
12ZyKIWsERq80rp1s+JmxmzA/vBRlsbj/Ec0h2kF4IavGtHwvAvdvIPV7AG/dIxwlT
13VnHZkPDuLK0H396wmwIDAQABo2AwXjAdBgNVHQ4EFgQUSuP+QN+526Pxw/LGBTqP
14WJpWGvwwHwYDVR0jBBgwFoAUNqGhWv/+mt2TQTVdDZTd5wPY4mYwDAYDVR0TAQH/
15BAIwADAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAFBJ0mO7dpSN
16euxoh2DJghVfqQB4ladEroDZJkJEDuDkY3SjC+WB/lJowBVPC2QkzjTZt/J4B0Om
176irtKUC8jQ7aqMBfESu/s//GEU4kwlvlJN/Z0nLOh1YEeCwbkavFDy/X62iZ9XvJ
18gjLVVzaXKWGrgdJedHx9Di04rU9jME5qfpXZI50u8grZccpUuTTqpZBiGjFRda2j
19nJhgPBrn9/ityYaOrif8taR+QM6AETvEpJWo+I/iQ7vATmxHuq6y+0Sza5j9wGH/
20begJs9H890AiwO2bbUi1ehNj7NHZHySWNJlzBerwOQv7Zo8j+kHBop82ABsb/Xet
21kgn7bdkfKoI=
22-----END CERTIFICATE-----
23-----BEGIN PRIVATE KEY-----
24MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDKrDgZJLv9YBHR
25VhuoVOW2P0K/Xub5G7O0zWOImr4xTQaxxvHn00U+3xQV682wzNY2YAqqSKgQxUnF
26fNJQMGNeMt6wO3/5VONHjrPXp+N7cyEaZZryUO3uGm4fAMXzR2DetlqRURyAq93o
27s4NO5yATuXTsPMxvyoB1GnVINcgUQI7TAsl7CR/YKKGY26RPFCEjR35c9lNh7dzI
28x6WPwqkJcJc5Vcqdcj4FadgwcLU6nhL3P3TGJUE2BD5WaDYr00WJ/NNnIohawRGr
29zSunWz4mbGbMD+8FGWxuP8RzSHaQXghq8a0fC8C928g9XsAb90jHCVNWcdmQ8O4s
30rQff3rCbAgMBAAECggEAAoOiaoVvI5SGhA9KZosvElS0kkUuHlb+oraNjotE4r2u
314JO0Ooj/aelAiYkUUyYnXiNQ3o3qL9MSuDV1MnN3OBrvckY6rzAjZabaiklV5Bko
32hvhNtMXWPcbsKMxMqFjxVbHza6wS63G2XgWkEl2Bo10Am1Ghw51CfLFoVQ39vmqM
338xKqZBZRwRUNk/2ccNhG5crUOX9+wQJSVjZCTgevjCJVVsFX9NLsHsx7G1wtE580
34AuFb9JEe66QNrtpTbKQP61W8YiRKQHT5uAAL0X9o88d2rpjGAcpJ8214aGH5P1HH
35oUjL7mZceYuVeWvAMwLFFmPbPZuj3Ricgo1OIkKyyQKBgQDtNNXod5GzJyHOUrFR
36rijyHhS81sOeDOhTbc1Cx8eFNH/svGATAU01HqgFRZpeJPHsAVYwVizfyqp/CESk
37EFKTkMqRTat8Pkk+BtAGZD5fEBejl1fwRiBF9bTnk+u6q1WvBsQ0Bngf3v1CYGuq
38rvb57AvhkCsEMjWs1YplBLwdVwKBgQDauvNslanbFstrWVBJqxV1iEaWmN1Lr//C
39fwCFU8rH8VEvp+JJCICu7sE5Te+1TF/ASEs/bCrsW51YXjH30z3De1oFrjFVjwOU
40XFMqcaTCX5Fjxv739LmgGuO2MCrItmveQHYkpTzCl6/p/pI4I1QJN0S5a/FaBNcW
41x5tV2Ks4XQKBgHCCiBdsZ1pPbFR9moeAkQFOTU3InB5iRuwTf7F2Kue+oBK8wuEg
420+snMFDX08Flyq3DcIsaxMwdR8NbO5uJ9nDx03MaIQWcUYcvGgp+D6ttaZj5lwdr
43a7FjOrxAyCXRUKHlFrkKfH25eey66TabKKAgWv5RMGYcHqNs4ejKVyOfAoGALqUf
44tFBWYLqDtujdDljFwsLFCuieiL2HtVqQKd6sp+b2gUs0Ho8JokSYQDg2nlsjMEY6
45hdPzc2Q2Mdoknc0WptFvaTa0nqJZCRKHSc3ibPEkeDq/tPEjhNk3JmsvNI5ygnsM
46ttPmGTlv8l6vn/kouq5moYQ7fA78L4dxwOTr3qECgYBNuIf4vQq8WEkt0uSTJXom
47UQVZglJu61NVGzR//lyukQB7/HrdEMB+JYJfev0o1GxLx1RV8rTVaeDJkUJjwn/h
48qpqiLjJKF328oOuQdP3dH6AavH9r7gUOByOuxXgzZNbhtyNCrStAGOfX2xUxRZyZ
49l0+QtrqbPtB4VSfZ0j+imw==
50-----END PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/ciphers/Makefile b/src/regress/lib/libssl/ciphers/Makefile
deleted file mode 100644
index 2575db4df4..0000000000
--- a/src/regress/lib/libssl/ciphers/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2020/09/13 16:51:30 jsing Exp $
2
3PROG= cipherstest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ciphers/cipherstest.c b/src/regress/lib/libssl/ciphers/cipherstest.c
deleted file mode 100644
index 1df335f9f2..0000000000
--- a/src/regress/lib/libssl/ciphers/cipherstest.c
+++ /dev/null
@@ -1,1209 +0,0 @@
1/*
2 * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <openssl/evp.h>
18#include <openssl/objects.h>
19#include <openssl/ssl.h>
20
21#include <err.h>
22#include <stdio.h>
23#include <string.h>
24
25int ssl3_num_ciphers(void);
26const SSL_CIPHER *ssl3_get_cipher_by_index(int idx);
27
28int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str);
29
30static inline int
31ssl_aes_is_accelerated(void)
32{
33 return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0;
34}
35
36static int
37check_cipher_order(void)
38{
39 unsigned long id, prev_id = 0;
40 const SSL_CIPHER *cipher;
41 int num_ciphers;
42 int i;
43
44 num_ciphers = ssl3_num_ciphers();
45
46 for (i = 0; i < num_ciphers; i++) {
47 if ((cipher = ssl3_get_cipher_by_index(i)) == NULL) {
48 fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned "
49 "NULL\n", i);
50 return 1;
51 }
52 if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) {
53 fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by "
54 "id - cipher %d (%lx) <= cipher %d (%lx)\n",
55 i, id, i - 1, prev_id);
56 return 1;
57 }
58 prev_id = id;
59 }
60
61 return 0;
62}
63
64struct ssl_cipher_test {
65 uint16_t value;
66 int auth_nid;
67 int cipher_nid;
68 int digest_nid;
69 int handshake_digest_nid;
70 int kx_nid;
71 int strength_bits;
72 int symmetric_bits;
73 int is_aead;
74};
75
76static const struct ssl_cipher_test ssl_cipher_tests[] = {
77 {
78 .value = 0x0004,
79 .auth_nid = NID_auth_rsa,
80 .cipher_nid = NID_rc4,
81 .digest_nid = NID_md5,
82 .handshake_digest_nid = NID_sha256,
83 .kx_nid = NID_kx_rsa,
84 .strength_bits = 128,
85 .symmetric_bits = 128,
86 },
87 {
88 .value = 0x0005,
89 .auth_nid = NID_auth_rsa,
90 .cipher_nid = NID_rc4,
91 .digest_nid = NID_sha1,
92 .handshake_digest_nid = NID_sha256,
93 .kx_nid = NID_kx_rsa,
94 .strength_bits = 128,
95 .symmetric_bits = 128,
96 },
97 {
98 .value = 0x000a,
99 .auth_nid = NID_auth_rsa,
100 .cipher_nid = NID_des_ede3_cbc,
101 .digest_nid = NID_sha1,
102 .handshake_digest_nid = NID_sha256,
103 .kx_nid = NID_kx_rsa,
104 .strength_bits = 112,
105 .symmetric_bits = 168,
106 },
107 {
108 .value = 0x0016,
109 .auth_nid = NID_auth_rsa,
110 .cipher_nid = NID_des_ede3_cbc,
111 .digest_nid = NID_sha1,
112 .handshake_digest_nid = NID_sha256,
113 .kx_nid = NID_kx_dhe,
114 .strength_bits = 112,
115 .symmetric_bits = 168,
116 },
117 {
118 .value = 0x0018,
119 .auth_nid = NID_auth_null,
120 .cipher_nid = NID_rc4,
121 .digest_nid = NID_md5,
122 .handshake_digest_nid = NID_sha256,
123 .kx_nid = NID_kx_dhe,
124 .strength_bits = 128,
125 .symmetric_bits = 128,
126 },
127 {
128 .value = 0x001b,
129 .auth_nid = NID_auth_null,
130 .cipher_nid = NID_des_ede3_cbc,
131 .digest_nid = NID_sha1,
132 .handshake_digest_nid = NID_sha256,
133 .kx_nid = NID_kx_dhe,
134 .strength_bits = 112,
135 .symmetric_bits = 168,
136 },
137 {
138 .value = 0x002f,
139 .auth_nid = NID_auth_rsa,
140 .cipher_nid = NID_aes_128_cbc,
141 .digest_nid = NID_sha1,
142 .handshake_digest_nid = NID_sha256,
143 .kx_nid = NID_kx_rsa,
144 .strength_bits = 128,
145 .symmetric_bits = 128,
146 },
147 {
148 .value = 0x0033,
149 .auth_nid = NID_auth_rsa,
150 .cipher_nid = NID_aes_128_cbc,
151 .digest_nid = NID_sha1,
152 .handshake_digest_nid = NID_sha256,
153 .kx_nid = NID_kx_dhe,
154 .strength_bits = 128,
155 .symmetric_bits = 128,
156 },
157 {
158 .value = 0x0034,
159 .auth_nid = NID_auth_null,
160 .cipher_nid = NID_aes_128_cbc,
161 .digest_nid = NID_sha1,
162 .handshake_digest_nid = NID_sha256,
163 .kx_nid = NID_kx_dhe,
164 .strength_bits = 128,
165 .symmetric_bits = 128,
166 },
167 {
168 .value = 0x0035,
169 .auth_nid = NID_auth_rsa,
170 .cipher_nid = NID_aes_256_cbc,
171 .digest_nid = NID_sha1,
172 .handshake_digest_nid = NID_sha256,
173 .kx_nid = NID_kx_rsa,
174 .strength_bits = 256,
175 .symmetric_bits = 256,
176 },
177 {
178 .value = 0x0039,
179 .auth_nid = NID_auth_rsa,
180 .cipher_nid = NID_aes_256_cbc,
181 .digest_nid = NID_sha1,
182 .handshake_digest_nid = NID_sha256,
183 .kx_nid = NID_kx_dhe,
184 .strength_bits = 256,
185 .symmetric_bits = 256,
186 },
187 {
188 .value = 0x003a,
189 .auth_nid = NID_auth_null,
190 .cipher_nid = NID_aes_256_cbc,
191 .digest_nid = NID_sha1,
192 .handshake_digest_nid = NID_sha256,
193 .kx_nid = NID_kx_dhe,
194 .strength_bits = 256,
195 .symmetric_bits = 256,
196 },
197 {
198 .value = 0x003c,
199 .auth_nid = NID_auth_rsa,
200 .cipher_nid = NID_aes_128_cbc,
201 .digest_nid = NID_sha256,
202 .handshake_digest_nid = NID_sha256,
203 .kx_nid = NID_kx_rsa,
204 .strength_bits = 128,
205 .symmetric_bits = 128,
206 },
207 {
208 .value = 0x003d,
209 .auth_nid = NID_auth_rsa,
210 .cipher_nid = NID_aes_256_cbc,
211 .digest_nid = NID_sha256,
212 .handshake_digest_nid = NID_sha256,
213 .kx_nid = NID_kx_rsa,
214 .strength_bits = 256,
215 .symmetric_bits = 256,
216 },
217 {
218 .value = 0x0041,
219 .auth_nid = NID_auth_rsa,
220 .cipher_nid = NID_camellia_128_cbc,
221 .digest_nid = NID_sha1,
222 .handshake_digest_nid = NID_sha256,
223 .kx_nid = NID_kx_rsa,
224 .strength_bits = 128,
225 .symmetric_bits = 128,
226 },
227 {
228 .value = 0x0045,
229 .auth_nid = NID_auth_rsa,
230 .cipher_nid = NID_camellia_128_cbc,
231 .digest_nid = NID_sha1,
232 .handshake_digest_nid = NID_sha256,
233 .kx_nid = NID_kx_dhe,
234 .strength_bits = 128,
235 .symmetric_bits = 128,
236 },
237 {
238 .value = 0x0046,
239 .auth_nid = NID_auth_null,
240 .cipher_nid = NID_camellia_128_cbc,
241 .digest_nid = NID_sha1,
242 .handshake_digest_nid = NID_sha256,
243 .kx_nid = NID_kx_dhe,
244 .strength_bits = 128,
245 .symmetric_bits = 128,
246 },
247 {
248 .value = 0x0067,
249 .auth_nid = NID_auth_rsa,
250 .cipher_nid = NID_aes_128_cbc,
251 .digest_nid = NID_sha256,
252 .handshake_digest_nid = NID_sha256,
253 .kx_nid = NID_kx_dhe,
254 .strength_bits = 128,
255 .symmetric_bits = 128,
256 },
257 {
258 .value = 0x006b,
259 .auth_nid = NID_auth_rsa,
260 .cipher_nid = NID_aes_256_cbc,
261 .digest_nid = NID_sha256,
262 .handshake_digest_nid = NID_sha256,
263 .kx_nid = NID_kx_dhe,
264 .strength_bits = 256,
265 .symmetric_bits = 256,
266 },
267 {
268 .value = 0x006c,
269 .auth_nid = NID_auth_null,
270 .cipher_nid = NID_aes_128_cbc,
271 .digest_nid = NID_sha256,
272 .handshake_digest_nid = NID_sha256,
273 .kx_nid = NID_kx_dhe,
274 .strength_bits = 128,
275 .symmetric_bits = 128,
276 },
277 {
278 .value = 0x006d,
279 .auth_nid = NID_auth_null,
280 .cipher_nid = NID_aes_256_cbc,
281 .digest_nid = NID_sha256,
282 .handshake_digest_nid = NID_sha256,
283 .kx_nid = NID_kx_dhe,
284 .strength_bits = 256,
285 .symmetric_bits = 256,
286 },
287 {
288 .value = 0x0084,
289 .auth_nid = NID_auth_rsa,
290 .cipher_nid = NID_camellia_256_cbc,
291 .digest_nid = NID_sha1,
292 .handshake_digest_nid = NID_sha256,
293 .kx_nid = NID_kx_rsa,
294 .strength_bits = 256,
295 .symmetric_bits = 256,
296 },
297 {
298 .value = 0x0088,
299 .auth_nid = NID_auth_rsa,
300 .cipher_nid = NID_camellia_256_cbc,
301 .digest_nid = NID_sha1,
302 .handshake_digest_nid = NID_sha256,
303 .kx_nid = NID_kx_dhe,
304 .strength_bits = 256,
305 .symmetric_bits = 256,
306 },
307 {
308 .value = 0x0089,
309 .auth_nid = NID_auth_null,
310 .cipher_nid = NID_camellia_256_cbc,
311 .digest_nid = NID_sha1,
312 .handshake_digest_nid = NID_sha256,
313 .kx_nid = NID_kx_dhe,
314 .strength_bits = 256,
315 .symmetric_bits = 256,
316 },
317 {
318 .value = 0x009c,
319 .auth_nid = NID_auth_rsa,
320 .cipher_nid = NID_aes_128_gcm,
321 .digest_nid = NID_undef,
322 .handshake_digest_nid = NID_sha256,
323 .kx_nid = NID_kx_rsa,
324 .strength_bits = 128,
325 .symmetric_bits = 128,
326 .is_aead = 1,
327 },
328 {
329 .value = 0x009d,
330 .auth_nid = NID_auth_rsa,
331 .cipher_nid = NID_aes_256_gcm,
332 .digest_nid = NID_undef,
333 .handshake_digest_nid = NID_sha384,
334 .kx_nid = NID_kx_rsa,
335 .strength_bits = 256,
336 .symmetric_bits = 256,
337 .is_aead = 1,
338 },
339 {
340 .value = 0x009e,
341 .auth_nid = NID_auth_rsa,
342 .cipher_nid = NID_aes_128_gcm,
343 .digest_nid = NID_undef,
344 .handshake_digest_nid = NID_sha256,
345 .kx_nid = NID_kx_dhe,
346 .strength_bits = 128,
347 .symmetric_bits = 128,
348 .is_aead = 1,
349 },
350 {
351 .value = 0x009f,
352 .auth_nid = NID_auth_rsa,
353 .cipher_nid = NID_aes_256_gcm,
354 .digest_nid = NID_undef,
355 .handshake_digest_nid = NID_sha384,
356 .kx_nid = NID_kx_dhe,
357 .strength_bits = 256,
358 .symmetric_bits = 256,
359 .is_aead = 1,
360 },
361 {
362 .value = 0x00a6,
363 .auth_nid = NID_auth_null,
364 .cipher_nid = NID_aes_128_gcm,
365 .digest_nid = NID_undef,
366 .handshake_digest_nid = NID_sha256,
367 .kx_nid = NID_kx_dhe,
368 .strength_bits = 128,
369 .symmetric_bits = 128,
370 .is_aead = 1,
371 },
372 {
373 .value = 0x00a7,
374 .auth_nid = NID_auth_null,
375 .cipher_nid = NID_aes_256_gcm,
376 .digest_nid = NID_undef,
377 .handshake_digest_nid = NID_sha384,
378 .kx_nid = NID_kx_dhe,
379 .strength_bits = 256,
380 .symmetric_bits = 256,
381 .is_aead = 1,
382 },
383 {
384 .value = 0x00ba,
385 .auth_nid = NID_auth_rsa,
386 .cipher_nid = NID_camellia_128_cbc,
387 .digest_nid = NID_sha256,
388 .handshake_digest_nid = NID_sha256,
389 .kx_nid = NID_kx_rsa,
390 .strength_bits = 128,
391 .symmetric_bits = 128,
392 },
393 {
394 .value = 0x00be,
395 .auth_nid = NID_auth_rsa,
396 .cipher_nid = NID_camellia_128_cbc,
397 .digest_nid = NID_sha256,
398 .handshake_digest_nid = NID_sha256,
399 .kx_nid = NID_kx_dhe,
400 .strength_bits = 128,
401 .symmetric_bits = 128,
402 },
403 {
404 .value = 0x00bf,
405 .auth_nid = NID_auth_null,
406 .cipher_nid = NID_camellia_128_cbc,
407 .digest_nid = NID_sha256,
408 .handshake_digest_nid = NID_sha256,
409 .kx_nid = NID_kx_dhe,
410 .strength_bits = 128,
411 .symmetric_bits = 128,
412 },
413 {
414 .value = 0x00c0,
415 .auth_nid = NID_auth_rsa,
416 .cipher_nid = NID_camellia_256_cbc,
417 .digest_nid = NID_sha256,
418 .handshake_digest_nid = NID_sha256,
419 .kx_nid = NID_kx_rsa,
420 .strength_bits = 256,
421 .symmetric_bits = 256,
422 },
423 {
424 .value = 0x00c4,
425 .auth_nid = NID_auth_rsa,
426 .cipher_nid = NID_camellia_256_cbc,
427 .digest_nid = NID_sha256,
428 .handshake_digest_nid = NID_sha256,
429 .kx_nid = NID_kx_dhe,
430 .strength_bits = 256,
431 .symmetric_bits = 256,
432 },
433 {
434 .value = 0x00c5,
435 .auth_nid = NID_auth_null,
436 .cipher_nid = NID_camellia_256_cbc,
437 .digest_nid = NID_sha256,
438 .handshake_digest_nid = NID_sha256,
439 .kx_nid = NID_kx_dhe,
440 .strength_bits = 256,
441 .symmetric_bits = 256,
442 },
443 {
444 .value = 0x1301,
445 .auth_nid = NID_undef,
446 .cipher_nid = NID_aes_128_gcm,
447 .digest_nid = NID_undef,
448 .handshake_digest_nid = NID_sha256,
449 .kx_nid = NID_undef,
450 .strength_bits = 128,
451 .symmetric_bits = 128,
452 .is_aead = 1,
453 },
454 {
455 .value = 0x1302,
456 .auth_nid = NID_undef,
457 .cipher_nid = NID_aes_256_gcm,
458 .digest_nid = NID_undef,
459 .handshake_digest_nid = NID_sha384,
460 .kx_nid = NID_undef,
461 .strength_bits = 256,
462 .symmetric_bits = 256,
463 .is_aead = 1,
464 },
465 {
466 .value = 0x1303,
467 .auth_nid = NID_undef,
468 .cipher_nid = NID_chacha20_poly1305,
469 .digest_nid = NID_undef,
470 .handshake_digest_nid = NID_sha256,
471 .kx_nid = NID_undef,
472 .strength_bits = 256,
473 .symmetric_bits = 256,
474 .is_aead = 1,
475 },
476 {
477 .value = 0xc007,
478 .auth_nid = NID_auth_ecdsa,
479 .cipher_nid = NID_rc4,
480 .digest_nid = NID_sha1,
481 .handshake_digest_nid = NID_sha256,
482 .kx_nid = NID_kx_ecdhe,
483 .strength_bits = 128,
484 .symmetric_bits = 128,
485 },
486 {
487 .value = 0xc008,
488 .auth_nid = NID_auth_ecdsa,
489 .cipher_nid = NID_des_ede3_cbc,
490 .digest_nid = NID_sha1,
491 .handshake_digest_nid = NID_sha256,
492 .kx_nid = NID_kx_ecdhe,
493 .strength_bits = 112,
494 .symmetric_bits = 168,
495 },
496 {
497 .value = 0xc009,
498 .auth_nid = NID_auth_ecdsa,
499 .cipher_nid = NID_aes_128_cbc,
500 .digest_nid = NID_sha1,
501 .handshake_digest_nid = NID_sha256,
502 .kx_nid = NID_kx_ecdhe,
503 .strength_bits = 128,
504 .symmetric_bits = 128,
505 },
506 {
507 .value = 0xc00a,
508 .auth_nid = NID_auth_ecdsa,
509 .cipher_nid = NID_aes_256_cbc,
510 .digest_nid = NID_sha1,
511 .handshake_digest_nid = NID_sha256,
512 .kx_nid = NID_kx_ecdhe,
513 .strength_bits = 256,
514 .symmetric_bits = 256,
515 },
516 {
517 .value = 0xc011,
518 .auth_nid = NID_auth_rsa,
519 .cipher_nid = NID_rc4,
520 .digest_nid = NID_sha1,
521 .handshake_digest_nid = NID_sha256,
522 .kx_nid = NID_kx_ecdhe,
523 .strength_bits = 128,
524 .symmetric_bits = 128,
525 },
526 {
527 .value = 0xc012,
528 .auth_nid = NID_auth_rsa,
529 .cipher_nid = NID_des_ede3_cbc,
530 .digest_nid = NID_sha1,
531 .handshake_digest_nid = NID_sha256,
532 .kx_nid = NID_kx_ecdhe,
533 .strength_bits = 112,
534 .symmetric_bits = 168,
535 },
536 {
537 .value = 0xc013,
538 .auth_nid = NID_auth_rsa,
539 .cipher_nid = NID_aes_128_cbc,
540 .digest_nid = NID_sha1,
541 .handshake_digest_nid = NID_sha256,
542 .kx_nid = NID_kx_ecdhe,
543 .strength_bits = 128,
544 .symmetric_bits = 128,
545 },
546 {
547 .value = 0xc014,
548 .auth_nid = NID_auth_rsa,
549 .cipher_nid = NID_aes_256_cbc,
550 .digest_nid = NID_sha1,
551 .handshake_digest_nid = NID_sha256,
552 .kx_nid = NID_kx_ecdhe,
553 .strength_bits = 256,
554 .symmetric_bits = 256,
555 },
556 {
557 .value = 0xc016,
558 .auth_nid = NID_auth_null,
559 .cipher_nid = NID_rc4,
560 .digest_nid = NID_sha1,
561 .handshake_digest_nid = NID_sha256,
562 .kx_nid = NID_kx_ecdhe,
563 .strength_bits = 128,
564 .symmetric_bits = 128,
565 },
566 {
567 .value = 0xc017,
568 .auth_nid = NID_auth_null,
569 .cipher_nid = NID_des_ede3_cbc,
570 .digest_nid = NID_sha1,
571 .handshake_digest_nid = NID_sha256,
572 .kx_nid = NID_kx_ecdhe,
573 .strength_bits = 112,
574 .symmetric_bits = 168,
575 },
576 {
577 .value = 0xc018,
578 .auth_nid = NID_auth_null,
579 .cipher_nid = NID_aes_128_cbc,
580 .digest_nid = NID_sha1,
581 .handshake_digest_nid = NID_sha256,
582 .kx_nid = NID_kx_ecdhe,
583 .strength_bits = 128,
584 .symmetric_bits = 128,
585 },
586 {
587 .value = 0xc019,
588 .auth_nid = NID_auth_null,
589 .cipher_nid = NID_aes_256_cbc,
590 .digest_nid = NID_sha1,
591 .handshake_digest_nid = NID_sha256,
592 .kx_nid = NID_kx_ecdhe,
593 .strength_bits = 256,
594 .symmetric_bits = 256,
595 },
596 {
597 .value = 0xc023,
598 .auth_nid = NID_auth_ecdsa,
599 .cipher_nid = NID_aes_128_cbc,
600 .digest_nid = NID_sha256,
601 .handshake_digest_nid = NID_sha256,
602 .kx_nid = NID_kx_ecdhe,
603 .strength_bits = 128,
604 .symmetric_bits = 128,
605 },
606 {
607 .value = 0xc024,
608 .auth_nid = NID_auth_ecdsa,
609 .cipher_nid = NID_aes_256_cbc,
610 .digest_nid = NID_sha384,
611 .handshake_digest_nid = NID_sha384,
612 .kx_nid = NID_kx_ecdhe,
613 .strength_bits = 256,
614 .symmetric_bits = 256,
615 },
616 {
617 .value = 0xc027,
618 .auth_nid = NID_auth_rsa,
619 .cipher_nid = NID_aes_128_cbc,
620 .digest_nid = NID_sha256,
621 .handshake_digest_nid = NID_sha256,
622 .kx_nid = NID_kx_ecdhe,
623 .strength_bits = 128,
624 .symmetric_bits = 128,
625 },
626 {
627 .value = 0xc028,
628 .auth_nid = NID_auth_rsa,
629 .cipher_nid = NID_aes_256_cbc,
630 .digest_nid = NID_sha384,
631 .handshake_digest_nid = NID_sha384,
632 .kx_nid = NID_kx_ecdhe,
633 .strength_bits = 256,
634 .symmetric_bits = 256,
635 },
636 {
637 .value = 0xc02b,
638 .auth_nid = NID_auth_ecdsa,
639 .cipher_nid = NID_aes_128_gcm,
640 .digest_nid = NID_undef,
641 .handshake_digest_nid = NID_sha256,
642 .kx_nid = NID_kx_ecdhe,
643 .strength_bits = 128,
644 .symmetric_bits = 128,
645 .is_aead = 1,
646 },
647 {
648 .value = 0xc02c,
649 .auth_nid = NID_auth_ecdsa,
650 .cipher_nid = NID_aes_256_gcm,
651 .digest_nid = NID_undef,
652 .handshake_digest_nid = NID_sha384,
653 .kx_nid = NID_kx_ecdhe,
654 .strength_bits = 256,
655 .symmetric_bits = 256,
656 .is_aead = 1,
657 },
658 {
659 .value = 0xc02f,
660 .auth_nid = NID_auth_rsa,
661 .cipher_nid = NID_aes_128_gcm,
662 .digest_nid = NID_undef,
663 .handshake_digest_nid = NID_sha256,
664 .kx_nid = NID_kx_ecdhe,
665 .strength_bits = 128,
666 .symmetric_bits = 128,
667 .is_aead = 1,
668 },
669 {
670 .value = 0xc030,
671 .auth_nid = NID_auth_rsa,
672 .cipher_nid = NID_aes_256_gcm,
673 .digest_nid = NID_undef,
674 .handshake_digest_nid = NID_sha384,
675 .kx_nid = NID_kx_ecdhe,
676 .strength_bits = 256,
677 .symmetric_bits = 256,
678 .is_aead = 1,
679 },
680 {
681 .value = 0xcca8,
682 .auth_nid = NID_auth_rsa,
683 .cipher_nid = NID_chacha20_poly1305,
684 .digest_nid = NID_undef,
685 .handshake_digest_nid = NID_sha256,
686 .kx_nid = NID_kx_ecdhe,
687 .strength_bits = 256,
688 .symmetric_bits = 256,
689 .is_aead = 1,
690 },
691 {
692 .value = 0xcca9,
693 .auth_nid = NID_auth_ecdsa,
694 .cipher_nid = NID_chacha20_poly1305,
695 .digest_nid = NID_undef,
696 .handshake_digest_nid = NID_sha256,
697 .kx_nid = NID_kx_ecdhe,
698 .strength_bits = 256,
699 .symmetric_bits = 256,
700 .is_aead = 1,
701 },
702 {
703 .value = 0xccaa,
704 .auth_nid = NID_auth_rsa,
705 .cipher_nid = NID_chacha20_poly1305,
706 .digest_nid = NID_undef,
707 .handshake_digest_nid = NID_sha256,
708 .kx_nid = NID_kx_dhe,
709 .strength_bits = 256,
710 .symmetric_bits = 256,
711 .is_aead = 1,
712 },
713};
714
715#define N_SSL_CIPHER_TESTS (sizeof(ssl_cipher_tests) / sizeof(ssl_cipher_tests[0]))
716
717static int
718test_ssl_ciphers(void)
719{
720 int i, strength_bits, symmetric_bits;
721 const struct ssl_cipher_test *sct;
722 STACK_OF(SSL_CIPHER) *ciphers;
723 const SSL_CIPHER *cipher;
724 const EVP_MD *digest;
725 unsigned char buf[2];
726 const char *description;
727 char desc_buf[256];
728 SSL_CTX *ssl_ctx = NULL;
729 SSL *ssl = NULL;
730 size_t j;
731 int ret = 1;
732
733 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
734 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
735 goto failure;
736 }
737 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
738 fprintf(stderr, "SSL_new() returned NULL\n");
739 goto failure;
740 }
741 if (!SSL_set_cipher_list(ssl, "ALL")) {
742 fprintf(stderr, "SSL_set_cipher_list failed\n");
743 goto failure;
744 }
745
746 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
747 fprintf(stderr, "no ciphers\n");
748 goto failure;
749 }
750
751 if (sk_SSL_CIPHER_num(ciphers) != N_SSL_CIPHER_TESTS) {
752 fprintf(stderr, "number of ciphers mismatch (%d != %zu)\n",
753 sk_SSL_CIPHER_num(ciphers), N_SSL_CIPHER_TESTS);
754 goto failure;
755 }
756
757 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
758 uint16_t cipher_value;
759
760 cipher = sk_SSL_CIPHER_value(ciphers, i);
761 cipher_value = SSL_CIPHER_get_value(cipher);
762
763 buf[0] = cipher_value >> 8;
764 buf[1] = cipher_value & 0xff;
765
766 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) {
767 fprintf(stderr, "SSL_CIPHER_find() returned NULL for %s\n",
768 SSL_CIPHER_get_name(cipher));
769 goto failure;
770 }
771 if (SSL_CIPHER_get_value(cipher) != cipher_value) {
772 fprintf(stderr, "got cipher with value 0x%04x, want 0x%04x\n",
773 SSL_CIPHER_get_value(cipher), cipher_value);
774 goto failure;
775 }
776 if (SSL_CIPHER_get_id(cipher) != (0x03000000UL | cipher_value)) {
777 fprintf(stderr, "got cipher id 0x%08lx, want 0x%08lx\n",
778 SSL_CIPHER_get_id(cipher), (0x03000000UL | cipher_value));
779 goto failure;
780 }
781
782 sct = NULL;
783 for (j = 0; j < N_SSL_CIPHER_TESTS; j++) {
784 if (ssl_cipher_tests[j].value == cipher_value) {
785 sct = &ssl_cipher_tests[j];
786 break;
787 }
788 }
789 if (sct == NULL) {
790 fprintf(stderr, "cipher '%s' (0x%04x) not found in test "
791 "table\n", SSL_CIPHER_get_name(cipher), cipher_value);
792 goto failure;
793 }
794
795 if (SSL_CIPHER_get_auth_nid(cipher) != sct->auth_nid) {
796 fprintf(stderr, "cipher '%s' (0x%04x) - got auth nid %d, "
797 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
798 SSL_CIPHER_get_auth_nid(cipher), sct->auth_nid);
799 goto failure;
800 }
801 if (SSL_CIPHER_get_cipher_nid(cipher) != sct->cipher_nid) {
802 fprintf(stderr, "cipher '%s' (0x%04x) - got cipher nid %d, "
803 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
804 SSL_CIPHER_get_cipher_nid(cipher), sct->cipher_nid);
805 goto failure;
806 }
807 if (SSL_CIPHER_get_digest_nid(cipher) != sct->digest_nid) {
808 fprintf(stderr, "cipher '%s' (0x%04x) - got digest nid %d, "
809 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
810 SSL_CIPHER_get_digest_nid(cipher), sct->digest_nid);
811 goto failure;
812 }
813 if (SSL_CIPHER_get_kx_nid(cipher) != sct->kx_nid) {
814 fprintf(stderr, "cipher '%s' (0x%04x) - got kx nid %d, "
815 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
816 SSL_CIPHER_get_kx_nid(cipher), sct->kx_nid);
817 goto failure;
818 }
819
820 /* Having API consistency is a wonderful thing... */
821 digest = SSL_CIPHER_get_handshake_digest(cipher);
822 if (EVP_MD_nid(digest) != sct->handshake_digest_nid) {
823 fprintf(stderr, "cipher '%s' (0x%04x) - got handshake "
824 "digest nid %d, want %d\n", SSL_CIPHER_get_name(cipher),
825 cipher_value, EVP_MD_nid(digest), sct->handshake_digest_nid);
826 goto failure;
827 }
828
829 strength_bits = SSL_CIPHER_get_bits(cipher, &symmetric_bits);
830 if (strength_bits != sct->strength_bits) {
831 fprintf(stderr, "cipher '%s' (0x%04x) - got strength bits "
832 "%d, want %d\n", SSL_CIPHER_get_name(cipher),
833 cipher_value, strength_bits, sct->strength_bits);
834 goto failure;
835 }
836 if (symmetric_bits != sct->symmetric_bits) {
837 fprintf(stderr, "cipher '%s' (0x%04x) - got symmetric bits "
838 "%d, want %d\n", SSL_CIPHER_get_name(cipher),
839 cipher_value, symmetric_bits, sct->symmetric_bits);
840 goto failure;
841 }
842 if (SSL_CIPHER_is_aead(cipher) != sct->is_aead) {
843 fprintf(stderr, "cipher '%s' (0x%04x) - got is aead %d, "
844 "want %d\n", SSL_CIPHER_get_name(cipher), cipher_value,
845 SSL_CIPHER_is_aead(cipher), sct->is_aead);
846 goto failure;
847 }
848
849 if ((description = SSL_CIPHER_description(cipher, desc_buf,
850 sizeof(desc_buf))) != desc_buf) {
851 fprintf(stderr, "cipher '%s' (0x%04x) - failed to get "
852 "description\n", SSL_CIPHER_get_name(cipher), cipher_value);
853 goto failure;
854 }
855 }
856
857 ret = 0;
858
859 failure:
860 SSL_CTX_free(ssl_ctx);
861 SSL_free(ssl);
862
863 return (ret);
864}
865
866struct parse_ciphersuites_test {
867 const char *str;
868 const int want;
869 const unsigned long cids[32];
870};
871
872struct parse_ciphersuites_test parse_ciphersuites_tests[] = {
873 {
874 /* LibreSSL names. */
875 .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256",
876 .want = 1,
877 .cids = {
878 TLS1_3_CK_AES_256_GCM_SHA384,
879 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
880 TLS1_3_CK_AES_128_GCM_SHA256,
881 },
882 },
883 {
884 /* OpenSSL names. */
885 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256",
886 .want = 1,
887 .cids = {
888 TLS1_3_CK_AES_256_GCM_SHA384,
889 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
890 TLS1_3_CK_AES_128_GCM_SHA256,
891 },
892 },
893 {
894 /* Different priority order. */
895 .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
896 .want = 1,
897 .cids = {
898 TLS1_3_CK_AES_128_GCM_SHA256,
899 TLS1_3_CK_AES_256_GCM_SHA384,
900 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
901 },
902 },
903 {
904 /* Known but unsupported names. */
905 .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256",
906 .want = 1,
907 .cids = {
908 TLS1_3_CK_AES_256_GCM_SHA384,
909 },
910 },
911 {
912 /* Empty string means no TLSv1.3 ciphersuites. */
913 .str = "",
914 .want = 1,
915 .cids = { 0 },
916 },
917 {
918 .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE",
919 .want = 0,
920 },
921 {
922 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256",
923 .want = 0,
924 },
925};
926
927#define N_PARSE_CIPHERSUITES_TESTS \
928 (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests))
929
930static int
931parse_ciphersuites_test(void)
932{
933 struct parse_ciphersuites_test *pct;
934 STACK_OF(SSL_CIPHER) *ciphers = NULL;
935 SSL_CIPHER *cipher;
936 int failed = 1;
937 int j, ret;
938 size_t i;
939
940 for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) {
941 pct = &parse_ciphersuites_tests[i];
942
943 ret = ssl_parse_ciphersuites(&ciphers, pct->str);
944 if (ret != pct->want) {
945 fprintf(stderr, "FAIL: test %zu - "
946 "ssl_parse_ciphersuites returned %d, want %d\n",
947 i, ret, pct->want);
948 goto failed;
949 }
950 if (ret == 0)
951 continue;
952
953 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) {
954 cipher = sk_SSL_CIPHER_value(ciphers, j);
955 if (SSL_CIPHER_get_id(cipher) == pct->cids[j])
956 continue;
957 fprintf(stderr, "FAIL: test %zu - got cipher %d with "
958 "id %lx, want %lx\n", i, j,
959 SSL_CIPHER_get_id(cipher), pct->cids[j]);
960 goto failed;
961 }
962 if (pct->cids[j] != 0) {
963 fprintf(stderr, "FAIL: test %zu - got %d ciphers, "
964 "expected more", i, sk_SSL_CIPHER_num(ciphers));
965 goto failed;
966 }
967 }
968
969 failed = 0;
970
971 failed:
972 sk_SSL_CIPHER_free(ciphers);
973
974 return failed;
975}
976
977struct cipher_set_test {
978 int ctx_ciphersuites_first;
979 const char *ctx_ciphersuites;
980 const char *ctx_rulestr;
981 int ssl_ciphersuites_first;
982 const char *ssl_ciphersuites;
983 const char *ssl_rulestr;
984 int cids_aes_accel_fixup;
985 unsigned long cids[32];
986};
987
988struct cipher_set_test cipher_set_tests[] = {
989 {
990 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
991 .cids_aes_accel_fixup = 1,
992 .cids = {
993 TLS1_3_CK_AES_256_GCM_SHA384,
994 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
995 TLS1_3_CK_AES_128_GCM_SHA256,
996 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
997 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
998 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
999 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1000 },
1001 },
1002 {
1003 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1004 .cids_aes_accel_fixup = 1,
1005 .cids = {
1006 TLS1_3_CK_AES_256_GCM_SHA384,
1007 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1008 TLS1_3_CK_AES_128_GCM_SHA256,
1009 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1010 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1011 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1012 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1013 },
1014 },
1015 {
1016 .ctx_ciphersuites_first = 1,
1017 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1018 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1019 .cids = {
1020 TLS1_3_CK_AES_256_GCM_SHA384,
1021 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1022 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1023 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1024 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1025 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1026 },
1027 },
1028 {
1029 .ssl_ciphersuites_first = 1,
1030 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1031 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1032 .cids = {
1033 TLS1_3_CK_AES_256_GCM_SHA384,
1034 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1035 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1036 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1037 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1038 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1039 },
1040 },
1041 {
1042 .ctx_ciphersuites_first = 0,
1043 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1044 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1045 .cids = {
1046 TLS1_3_CK_AES_256_GCM_SHA384,
1047 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1048 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1049 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1050 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1051 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1052 },
1053 },
1054 {
1055 .ssl_ciphersuites_first = 0,
1056 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1057 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1058 .cids = {
1059 TLS1_3_CK_AES_256_GCM_SHA384,
1060 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1061 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1062 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1063 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1064 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1065 },
1066 },
1067 {
1068 .ssl_ciphersuites_first = 1,
1069 .ssl_ciphersuites = "",
1070 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1071 .cids = {
1072 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1073 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1074 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1075 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1076 },
1077 },
1078 {
1079 .ssl_ciphersuites_first = 0,
1080 .ssl_ciphersuites = "",
1081 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1082 .cids = {
1083 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1084 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1085 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1086 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1087 },
1088 },
1089 {
1090 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1091 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1092 .cids = {
1093 TLS1_3_CK_AES_256_GCM_SHA384,
1094 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1095 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1096 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1097 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1098 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1099 },
1100 },
1101 {
1102 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
1103 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
1104 .cids = {
1105 TLS1_3_CK_AES_256_GCM_SHA384,
1106 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
1107 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
1108 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
1109 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
1110 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
1111 },
1112 },
1113};
1114
1115#define N_CIPHER_SET_TESTS \
1116 (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests))
1117
1118static int
1119cipher_set_test(void)
1120{
1121 struct cipher_set_test *cst;
1122 STACK_OF(SSL_CIPHER) *ciphers = NULL;
1123 SSL_CIPHER *cipher;
1124 SSL_CTX *ctx = NULL;
1125 SSL *ssl = NULL;
1126 int failed = 0;
1127 size_t i;
1128 int j;
1129
1130 for (i = 0; i < N_CIPHER_SET_TESTS; i++) {
1131 cst = &cipher_set_tests[i];
1132
1133 if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) {
1134 cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256;
1135 cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384;
1136 }
1137
1138 if ((ctx = SSL_CTX_new(TLS_method())) == NULL)
1139 errx(1, "SSL_CTX_new");
1140
1141 if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) {
1142 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites))
1143 errx(1, "SSL_CTX_set_ciphersuites");
1144 }
1145 if (cst->ctx_rulestr != NULL) {
1146 if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr))
1147 errx(1, "SSL_CTX_set_cipher_list");
1148 }
1149 if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) {
1150 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites))
1151 errx(1, "SSL_CTX_set_ciphersuites");
1152 }
1153
1154 /* XXX - check SSL_CTX_get_ciphers(ctx) */
1155
1156 if ((ssl = SSL_new(ctx)) == NULL)
1157 errx(1, "SSL_new");
1158
1159 if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) {
1160 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites))
1161 errx(1, "SSL_set_ciphersuites");
1162 }
1163 if (cst->ssl_rulestr != NULL) {
1164 if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr))
1165 errx(1, "SSL_set_cipher_list");
1166 }
1167 if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) {
1168 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites))
1169 errx(1, "SSL_set_ciphersuites");
1170 }
1171
1172 ciphers = SSL_get_ciphers(ssl);
1173
1174 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) {
1175 cipher = sk_SSL_CIPHER_value(ciphers, j);
1176 if (SSL_CIPHER_get_id(cipher) == cst->cids[j])
1177 continue;
1178 fprintf(stderr, "FAIL: test %zu - got cipher %d with "
1179 "id %lx, want %lx\n", i, j,
1180 SSL_CIPHER_get_id(cipher), cst->cids[j]);
1181 failed |= 1;
1182 }
1183 if (cst->cids[j] != 0) {
1184 fprintf(stderr, "FAIL: test %zu - got %d ciphers, "
1185 "expected more", i, sk_SSL_CIPHER_num(ciphers));
1186 failed |= 1;
1187 }
1188
1189 SSL_CTX_free(ctx);
1190 SSL_free(ssl);
1191 }
1192
1193 return failed;
1194}
1195
1196int
1197main(int argc, char **argv)
1198{
1199 int failed = 0;
1200
1201 failed |= check_cipher_order();
1202
1203 failed |= test_ssl_ciphers();
1204
1205 failed |= parse_ciphersuites_test();
1206 failed |= cipher_set_test();
1207
1208 return (failed);
1209}
diff --git a/src/regress/lib/libssl/client/Makefile b/src/regress/lib/libssl/client/Makefile
deleted file mode 100644
index 7e2d7a3ecf..0000000000
--- a/src/regress/lib/libssl/client/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2024/07/20 18:37:38 tb Exp $
2
3PROG= clienttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
deleted file mode 100644
index 7e96944fce..0000000000
--- a/src/regress/lib/libssl/client/clienttest.c
+++ /dev/null
@@ -1,744 +0,0 @@
1/* $OpenBSD: clienttest.c,v 1.45 2024/08/31 12:47:24 jsing Exp $ */
2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <openssl/dtls1.h>
21#include <openssl/ssl3.h>
22
23#include <err.h>
24#include <stdio.h>
25#include <string.h>
26
27#define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
28#define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2)
29#define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38)
30
31#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
32#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
33#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)
34
35#define TLS13_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
36#define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
37#define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
38#define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
39#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 198)
40#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 112)
41
42#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
43
44int tlsext_linearize_build_order(SSL *);
45
46static const uint8_t cipher_list_dtls1[] = {
47 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
48 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
49 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
50 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08,
51 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
52};
53
54static const uint8_t client_hello_dtls1[] = {
55 0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
56 0x00, 0x00, 0x00, 0x00, 0x74, 0x01, 0x00, 0x00,
57 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58 0x68, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
59 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xc0,
63 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00,
64 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0,
65 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00,
66 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00,
67 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00,
68 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
69 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
70 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
71 0x00,
72};
73
74static const uint8_t cipher_list_dtls12_aes[] = {
75 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
76 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
77 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
78 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
79 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
80 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
81 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
82 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
83 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
84 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
85};
86
87static const uint8_t cipher_list_dtls12_chacha[] = {
88 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
89 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
90 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
91 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
92 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
93 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
94 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
95 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
96 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12,
97 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
98};
99
100static const uint8_t client_hello_dtls12[] = {
101 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00,
103 0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104 0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0,
109 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
110 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
111 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00,
112 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00,
113 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0,
114 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0,
115 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00,
116 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00,
117 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0,
118 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01,
119 0x00, 0x00, 0x34, 0x00, 0x0a, 0x00, 0x0a, 0x00,
120 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
121 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
122 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
123 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
124 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
125 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
126};
127
128static const uint8_t cipher_list_tls10[] = {
129 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
130 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
131 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
132 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
133 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
134 0x00, 0x0a, 0x00, 0xff,
135};
136
137static const uint8_t client_hello_tls10[] = {
138 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00,
139 0x6d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
140 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14,
144 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
145 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
146 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
147 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
148 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
149 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b,
150 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a,
151 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
152 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
153};
154
155static const uint8_t cipher_list_tls11[] = {
156 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
157 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
158 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
159 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
160 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
161 0x00, 0x0a, 0x00, 0xff,
162};
163
164static const uint8_t client_hello_tls11[] = {
165 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00,
166 0x6d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
167 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
170 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14,
171 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
172 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
173 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
174 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
175 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
176 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b,
177 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a,
178 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
179 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
180};
181
182static const uint8_t cipher_list_tls12_aes[] = {
183 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
184 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
185 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
186 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
187 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
188 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
189 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
190 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
191 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
192 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
193 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
194};
195
196static const uint8_t cipher_list_tls12_chacha[] = {
197 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
198 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
199 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
200 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d,
201 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
202 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
203 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
204 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
205 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
206 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08,
207 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
208};
209
210static const uint8_t client_hello_tls12[] = {
211 0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00,
212 0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
213 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
214 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
215 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
216 0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30,
217 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
218 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
219 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
220 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
221 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
222 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
223 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
224 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
225 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
226 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
227 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34,
228 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
229 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b,
230 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00,
231 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
232 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
233 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
234 0x02, 0x01, 0x02, 0x03,
235};
236
237static const uint8_t cipher_list_tls13_aes[] = {
238 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30,
239 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
240 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
241 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4,
242 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
243 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
244 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
245 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
246 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
247 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
248 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
249 0x00, 0x0a, 0x00, 0xff,
250};
251
252static const uint8_t cipher_list_tls13_chacha[] = {
253 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9,
254 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
255 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
256 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4,
257 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
258 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
259 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
260 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
261 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
262 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
263 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
264 0x00, 0x0a, 0x00, 0xff,
265};
266
267static const uint8_t client_hello_tls13[] = {
268 0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01,
269 0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
270 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
271 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
272 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
273 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
274 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
275 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
276 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
277 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03,
278 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8,
279 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
280 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f,
281 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88,
282 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35,
283 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b,
284 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09,
285 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe,
286 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
287 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
288 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
289 0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
290 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
291 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
292 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x33, 0x00,
293 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00,
294 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
295 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
296 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
297 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
298 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
299 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
300 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
301 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
302 0x03, 0x02, 0x01, 0x02, 0x03,
303};
304
305static const uint8_t cipher_list_tls13_only_aes[] = {
306 0x13, 0x02, 0x13, 0x03, 0x13, 0x01,
307};
308
309static const uint8_t cipher_list_tls13_only_chacha[] = {
310 0x13, 0x03, 0x13, 0x02, 0x13, 0x01,
311};
312
313static const uint8_t client_hello_tls13_only[] = {
314 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00,
315 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
317 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
318 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
319 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
320 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
321 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
322 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
323 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03,
324 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00,
325 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03,
326 0x04, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
327 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
328 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
329 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
330 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
331 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
332 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
333 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
334 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
335 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
336 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
337 0x01, 0x04, 0x03,
338};
339
340struct client_hello_test {
341 const char *desc;
342 const int protocol;
343 const size_t random_start;
344 const size_t session_start;
345 const size_t key_share_start;
346 const SSL_METHOD *(*ssl_method)(void);
347 const long ssl_options;
348 int connect_fails;
349};
350
351static const struct client_hello_test client_hello_tests[] = {
352 {
353 .desc = "DTLSv1 client method",
354 .protocol = DTLS1_VERSION,
355 .random_start = DTLS_RANDOM_OFFSET,
356 .ssl_method = DTLSv1_client_method,
357 .connect_fails = 1,
358 },
359 {
360 .desc = "DTLSv1.2 client method",
361 .protocol = DTLS1_2_VERSION,
362 .random_start = DTLS_RANDOM_OFFSET,
363 .ssl_method = DTLSv1_2_client_method,
364 },
365 {
366 .desc = "DTLS client method",
367 .protocol = DTLS1_2_VERSION,
368 .random_start = DTLS_RANDOM_OFFSET,
369 .ssl_method = DTLS_client_method,
370 },
371 {
372 .desc = "DTLS client method (no DTLSv1.2)",
373 .protocol = DTLS1_VERSION,
374 .random_start = DTLS_RANDOM_OFFSET,
375 .ssl_method = DTLS_client_method,
376 .ssl_options = SSL_OP_NO_DTLSv1_2,
377 .connect_fails = 1,
378 },
379 {
380 .desc = "DTLS client method (no DTLSv1.0)",
381 .protocol = DTLS1_2_VERSION,
382 .random_start = DTLS_RANDOM_OFFSET,
383 .ssl_method = DTLS_client_method,
384 .ssl_options = SSL_OP_NO_DTLSv1,
385 },
386 {
387 .desc = "TLSv1 client method",
388 .protocol = TLS1_VERSION,
389 .random_start = SSL3_RANDOM_OFFSET,
390 .ssl_method = TLSv1_client_method,
391 .connect_fails = 1,
392 },
393 {
394 .desc = "TLSv1_1 client method",
395 .protocol = TLS1_1_VERSION,
396 .random_start = SSL3_RANDOM_OFFSET,
397 .ssl_method = TLSv1_1_client_method,
398 .connect_fails = 1,
399 },
400 {
401 .desc = "TLSv1_2 client method",
402 .protocol = TLS1_2_VERSION,
403 .random_start = SSL3_RANDOM_OFFSET,
404 .ssl_method = TLSv1_2_client_method,
405 },
406 {
407 .desc = "SSLv23 default",
408 .protocol = TLS1_3_VERSION,
409 .random_start = TLS13_RANDOM_OFFSET,
410 .session_start = TLS13_SESSION_OFFSET,
411 .key_share_start = TLS13_KEY_SHARE_OFFSET,
412 .ssl_method = SSLv23_client_method,
413 .ssl_options = 0,
414 },
415 {
416 .desc = "SSLv23 default (no TLSv1.3)",
417 .protocol = TLS1_2_VERSION,
418 .random_start = SSL3_RANDOM_OFFSET,
419 .ssl_method = SSLv23_client_method,
420 .ssl_options = SSL_OP_NO_TLSv1_3,
421 },
422 {
423 .desc = "SSLv23 (no TLSv1.2)",
424 .protocol = TLS1_3_VERSION_ONLY,
425 .random_start = TLS13_RANDOM_OFFSET,
426 .session_start = TLS13_SESSION_OFFSET,
427 .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET,
428 .ssl_method = SSLv23_client_method,
429 .ssl_options = SSL_OP_NO_TLSv1_2,
430 },
431 {
432 .desc = "SSLv23 (no TLSv1.1)",
433 .protocol = TLS1_3_VERSION,
434 .random_start = TLS13_RANDOM_OFFSET,
435 .session_start = TLS13_SESSION_OFFSET,
436 .key_share_start = TLS13_KEY_SHARE_OFFSET,
437 .ssl_method = SSLv23_client_method,
438 .ssl_options = SSL_OP_NO_TLSv1_1,
439 },
440 {
441 .desc = "TLS default",
442 .protocol = TLS1_3_VERSION,
443 .random_start = TLS13_RANDOM_OFFSET,
444 .session_start = TLS13_SESSION_OFFSET,
445 .key_share_start = TLS13_KEY_SHARE_OFFSET,
446 .ssl_method = TLS_client_method,
447 .ssl_options = 0,
448 },
449 {
450 .desc = "TLS (no TLSv1.3)",
451 .protocol = TLS1_2_VERSION,
452 .random_start = SSL3_RANDOM_OFFSET,
453 .ssl_method = TLS_client_method,
454 .ssl_options = SSL_OP_NO_TLSv1_3,
455 },
456 {
457 .desc = "TLS (no TLSv1.2)",
458 .protocol = TLS1_3_VERSION_ONLY,
459 .random_start = TLS13_RANDOM_OFFSET,
460 .session_start = TLS13_SESSION_OFFSET,
461 .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET,
462 .ssl_method = TLS_client_method,
463 .ssl_options = SSL_OP_NO_TLSv1_2,
464 },
465 {
466 .desc = "TLS (no TLSv1.1)",
467 .protocol = TLS1_3_VERSION,
468 .random_start = TLS13_RANDOM_OFFSET,
469 .session_start = TLS13_SESSION_OFFSET,
470 .key_share_start = TLS13_KEY_SHARE_OFFSET,
471 .ssl_method = TLS_client_method,
472 .ssl_options = SSL_OP_NO_TLSv1_1,
473 },
474#if 0
475 /* XXX - build client hello with explicit versions extension. */
476 {
477 .desc = "TLS (no TLSv1.0, no TLSv1.1)",
478 .protocol = TLS1_3_VERSION,
479 .random_start = TLS13_RANDOM_OFFSET,
480 .session_start = TLS13_SESSION_OFFSET,
481 .key_share_start = TLS13_KEY_SHARE_OFFSET,
482 .ssl_method = TLS_client_method,
483 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
484 },
485#endif
486 {
487 .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)",
488 .protocol = TLS1_3_VERSION_ONLY,
489 .random_start = TLS13_RANDOM_OFFSET,
490 .session_start = TLS13_SESSION_OFFSET,
491 .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET,
492 .ssl_method = TLS_client_method,
493 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
494 },
495};
496
497#define N_CLIENT_HELLO_TESTS \
498 (sizeof(client_hello_tests) / sizeof(*client_hello_tests))
499
500static void
501hexdump(const uint8_t *buf, size_t len, const uint8_t *compare)
502{
503 const char *mark = "";
504 size_t i;
505
506 for (i = 1; i <= len; i++) {
507 if (compare != NULL)
508 mark = (buf[i - 1] != compare[i - 1]) ? "*" : " ";
509 fprintf(stderr, " %s0x%02hhx,%s", mark, buf[i - 1],
510 i % 8 && i != len ? "" : "\n");
511 }
512 fprintf(stderr, "\n");
513}
514
515static inline int
516ssl_aes_is_accelerated(void)
517{
518 return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0;
519}
520
521static int
522make_client_hello(int protocol, char **out, size_t *outlen)
523{
524 size_t client_hello_len, cipher_list_len, cipher_list_offset;
525 const uint8_t *client_hello, *cipher_list;
526 char *p;
527
528 *out = NULL;
529 *outlen = 0;
530
531 switch (protocol) {
532 case DTLS1_VERSION:
533 client_hello = client_hello_dtls1;
534 client_hello_len = sizeof(client_hello_dtls1);
535 cipher_list = cipher_list_dtls1;
536 cipher_list_len = sizeof(cipher_list_dtls1);
537 cipher_list_offset = DTLS_CIPHER_OFFSET;
538 break;
539
540 case DTLS1_2_VERSION:
541 client_hello = client_hello_dtls12;
542 client_hello_len = sizeof(client_hello_dtls12);
543 cipher_list = cipher_list_dtls12_chacha;
544 cipher_list_len = sizeof(cipher_list_dtls12_chacha);
545 if (ssl_aes_is_accelerated()) {
546 cipher_list = cipher_list_dtls12_aes;
547 cipher_list_len = sizeof(cipher_list_dtls12_aes);
548 }
549 cipher_list_offset = DTLS_CIPHER_OFFSET;
550 break;
551
552 case TLS1_VERSION:
553 client_hello = client_hello_tls10;
554 client_hello_len = sizeof(client_hello_tls10);
555 cipher_list = cipher_list_tls10;
556 cipher_list_len = sizeof(cipher_list_tls10);
557 cipher_list_offset = SSL3_CIPHER_OFFSET;
558 break;
559
560 case TLS1_1_VERSION:
561 client_hello = client_hello_tls11;
562 client_hello_len = sizeof(client_hello_tls11);
563 cipher_list = cipher_list_tls11;
564 cipher_list_len = sizeof(cipher_list_tls11);
565 cipher_list_offset = SSL3_CIPHER_OFFSET;
566 break;
567
568 case TLS1_2_VERSION:
569 client_hello = client_hello_tls12;
570 client_hello_len = sizeof(client_hello_tls12);
571 cipher_list = cipher_list_tls12_chacha;
572 cipher_list_len = sizeof(cipher_list_tls12_chacha);
573 if (ssl_aes_is_accelerated()) {
574 cipher_list = cipher_list_tls12_aes;
575 cipher_list_len = sizeof(cipher_list_tls12_aes);
576 }
577 cipher_list_offset = SSL3_CIPHER_OFFSET;
578 break;
579
580 case TLS1_3_VERSION:
581 client_hello = client_hello_tls13;
582 client_hello_len = sizeof(client_hello_tls13);
583 cipher_list = cipher_list_tls13_chacha;
584 cipher_list_len = sizeof(cipher_list_tls13_chacha);
585 if (ssl_aes_is_accelerated()) {
586 cipher_list = cipher_list_tls13_aes;
587 cipher_list_len = sizeof(cipher_list_tls13_aes);
588 }
589 cipher_list_offset = TLS13_CIPHER_OFFSET;
590 break;
591
592 case TLS1_3_VERSION_ONLY:
593 client_hello = client_hello_tls13_only;
594 client_hello_len = sizeof(client_hello_tls13_only);
595 cipher_list = cipher_list_tls13_only_chacha;
596 cipher_list_len = sizeof(cipher_list_tls13_only_chacha);
597 if (ssl_aes_is_accelerated()) {
598 cipher_list = cipher_list_tls13_only_aes;
599 cipher_list_len = sizeof(cipher_list_tls13_only_aes);
600 }
601 cipher_list_offset = TLS13_CIPHER_OFFSET;
602 break;
603
604 default:
605 return (-1);
606 }
607
608 if ((p = malloc(client_hello_len)) == NULL)
609 return (-1);
610
611 memcpy(p, client_hello, client_hello_len);
612 memcpy(p + cipher_list_offset, cipher_list, cipher_list_len);
613
614 *out = p;
615 *outlen = client_hello_len;
616
617 return (0);
618}
619
620static int
621client_hello_test(int testno, const struct client_hello_test *cht)
622{
623 BIO *rbio = NULL, *wbio = NULL;
624 SSL_CTX *ssl_ctx = NULL;
625 SSL *ssl = NULL;
626 char *client_hello = NULL;
627 size_t client_hello_len;
628 size_t session_len;
629 char *wbuf, rbuf[1];
630 int ret = 1;
631 long len;
632
633 fprintf(stderr, "Test %d - %s\n", testno, cht->desc);
634
635 /* Providing a small buf causes *_get_server_hello() to return. */
636 if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {
637 fprintf(stderr, "Failed to setup rbio\n");
638 goto failure;
639 }
640 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
641 fprintf(stderr, "Failed to setup wbio\n");
642 goto failure;
643 }
644
645 if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) {
646 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
647 goto failure;
648 }
649
650 SSL_CTX_set_options(ssl_ctx, cht->ssl_options);
651
652 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
653 fprintf(stderr, "SSL_new() returned NULL\n");
654 goto failure;
655 }
656
657 if (!tlsext_linearize_build_order(ssl)) {
658 fprintf(stderr, "failed to linearize build order");
659 goto failure;
660 }
661
662 BIO_up_ref(rbio);
663 BIO_up_ref(wbio);
664 SSL_set_bio(ssl, rbio, wbio);
665
666 if (SSL_connect(ssl) != 0) {
667 if (cht->connect_fails)
668 goto done;
669 fprintf(stderr, "SSL_connect() returned non-zero\n");
670 goto failure;
671 }
672
673 len = BIO_get_mem_data(wbio, &wbuf);
674
675 if (make_client_hello(cht->protocol, &client_hello,
676 &client_hello_len) != 0)
677 errx(1, "failed to make client hello");
678
679 if ((size_t)len != client_hello_len) {
680 fprintf(stderr, "FAIL: test returned ClientHello length %ld, "
681 "want %zu\n", len, client_hello_len);
682 fprintf(stderr, "received:\n");
683 hexdump(wbuf, len, NULL);
684 fprintf(stderr, "test data:\n");
685 hexdump(client_hello, client_hello_len, NULL);
686 fprintf(stderr, "\n");
687 goto failure;
688 }
689
690 /* We expect the client random to differ. */
691 if (memcmp(&client_hello[cht->random_start], &wbuf[cht->random_start],
692 SSL3_RANDOM_SIZE) == 0) {
693 fprintf(stderr, "FAIL: ClientHello has zeroed random\n");
694 goto failure;
695 }
696
697 memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE);
698
699 if (cht->session_start > 0) {
700 session_len = wbuf[cht->session_start];
701 if (session_len > 0)
702 memset(&wbuf[cht->session_start + 1], 0, session_len);
703 }
704 if (cht->key_share_start > 0)
705 memset(&wbuf[cht->key_share_start], 0, 32);
706
707 if (memcmp(client_hello, wbuf, client_hello_len) != 0) {
708 fprintf(stderr, "FAIL: ClientHello differs:\n");
709 fprintf(stderr, "received:\n");
710 hexdump(wbuf, len, client_hello);
711 fprintf(stderr, "test data:\n");
712 hexdump(client_hello, client_hello_len, wbuf);
713 fprintf(stderr, "\n");
714 goto failure;
715 }
716
717 done:
718 ret = 0;
719
720 failure:
721 SSL_CTX_free(ssl_ctx);
722 SSL_free(ssl);
723
724 BIO_free(rbio);
725 BIO_free(wbio);
726
727 free(client_hello);
728
729 return (ret);
730}
731
732int
733main(int argc, char **argv)
734{
735 int failed = 0;
736 size_t i;
737
738 SSL_library_init();
739
740 for (i = 0; i < N_CLIENT_HELLO_TESTS; i++)
741 failed |= client_hello_test(i, &client_hello_tests[i]);
742
743 return (failed);
744}
diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile
deleted file mode 100644
index b58dae61b6..0000000000
--- a/src/regress/lib/libssl/dtls/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2024/03/20 10:38:05 jsing Exp $
2
3PROG= dtlstest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libcrypto/bio
9CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
10
11REGRESS_TARGETS= \
12 regress-dtlstest
13
14# XXX(jsing): use CA root and chain
15regress-dtlstest: ${PROG}
16 ./dtlstest \
17 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
18 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
19 ${.CURDIR}/../../libssl/certs/ca-int-rsa.pem
20
21.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c
deleted file mode 100644
index a749bcf0ed..0000000000
--- a/src/regress/lib/libssl/dtls/dtlstest.c
+++ /dev/null
@@ -1,1077 +0,0 @@
1/* $OpenBSD: dtlstest.c,v 1.18 2022/11/26 16:08:56 tb Exp $ */
2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <netinet/in.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <limits.h>
23#include <poll.h>
24#include <unistd.h>
25
26#include <openssl/bio.h>
27#include <openssl/err.h>
28#include <openssl/ssl.h>
29
30#include "bio_local.h"
31#include "ssl_local.h"
32
33const char *server_ca_file;
34const char *server_cert_file;
35const char *server_key_file;
36
37char dtls_cookie[32];
38
39int debug = 0;
40
41void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
42 uint16_t epoch);
43
44static void
45hexdump(const unsigned char *buf, size_t len)
46{
47 size_t i;
48
49 for (i = 1; i <= len; i++)
50 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
51
52 if (len % 8)
53 fprintf(stderr, "\n");
54}
55
56#define BIO_C_DELAY_COUNT 1000
57#define BIO_C_DELAY_FLUSH 1001
58#define BIO_C_DELAY_PACKET 1002
59#define BIO_C_DROP_PACKET 1003
60#define BIO_C_DROP_RANDOM 1004
61
62struct bio_packet_monkey_ctx {
63 unsigned int delay_count;
64 unsigned int delay_mask;
65 unsigned int drop_rand;
66 unsigned int drop_mask;
67 uint8_t *delayed_msg;
68 size_t delayed_msg_len;
69};
70
71static int
72bio_packet_monkey_new(BIO *bio)
73{
74 struct bio_packet_monkey_ctx *ctx;
75
76 if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
77 return 0;
78
79 bio->flags = 0;
80 bio->init = 1;
81 bio->num = 0;
82 bio->ptr = ctx;
83
84 return 1;
85}
86
87static int
88bio_packet_monkey_free(BIO *bio)
89{
90 struct bio_packet_monkey_ctx *ctx;
91
92 if (bio == NULL)
93 return 1;
94
95 ctx = bio->ptr;
96 free(ctx->delayed_msg);
97 free(ctx);
98
99 return 1;
100}
101
102static int
103bio_packet_monkey_delay_flush(BIO *bio)
104{
105 struct bio_packet_monkey_ctx *ctx = bio->ptr;
106
107 if (ctx->delayed_msg == NULL)
108 return 1;
109
110 if (debug)
111 fprintf(stderr, "DEBUG: flushing delayed packet...\n");
112 if (debug > 1)
113 hexdump(ctx->delayed_msg, ctx->delayed_msg_len);
114
115 BIO_write(bio->next_bio, ctx->delayed_msg, ctx->delayed_msg_len);
116
117 free(ctx->delayed_msg);
118 ctx->delayed_msg = NULL;
119
120 return BIO_ctrl(bio->next_bio, BIO_CTRL_FLUSH, 0, NULL);
121}
122
123static long
124bio_packet_monkey_ctrl(BIO *bio, int cmd, long num, void *ptr)
125{
126 struct bio_packet_monkey_ctx *ctx;
127
128 ctx = bio->ptr;
129
130 switch (cmd) {
131 case BIO_C_DELAY_COUNT:
132 if (num < 1 || num > 31)
133 return 0;
134 ctx->delay_count = num;
135 return 1;
136
137 case BIO_C_DELAY_FLUSH:
138 return bio_packet_monkey_delay_flush(bio);
139
140 case BIO_C_DELAY_PACKET:
141 if (num < 1 || num > 31)
142 return 0;
143 ctx->delay_mask |= 1 << ((unsigned int)num - 1);
144 return 1;
145
146 case BIO_C_DROP_PACKET:
147 if (num < 1 || num > 31)
148 return 0;
149 ctx->drop_mask |= 1 << ((unsigned int)num - 1);
150 return 1;
151
152 case BIO_C_DROP_RANDOM:
153 if (num < 0 || (size_t)num > UINT_MAX)
154 return 0;
155 ctx->drop_rand = (unsigned int)num;
156 return 1;
157 }
158
159 if (bio->next_bio == NULL)
160 return 0;
161
162 return BIO_ctrl(bio->next_bio, cmd, num, ptr);
163}
164
165static int
166bio_packet_monkey_read(BIO *bio, char *out, int out_len)
167{
168 struct bio_packet_monkey_ctx *ctx = bio->ptr;
169 int ret;
170
171 if (ctx == NULL || bio->next_bio == NULL)
172 return 0;
173
174 ret = BIO_read(bio->next_bio, out, out_len);
175
176 if (ret > 0) {
177 if (debug)
178 fprintf(stderr, "DEBUG: read packet...\n");
179 if (debug > 1)
180 hexdump(out, ret);
181 }
182
183 BIO_clear_retry_flags(bio);
184 if (ret <= 0 && BIO_should_retry(bio->next_bio))
185 BIO_set_retry_read(bio);
186
187 return ret;
188}
189
190static int
191bio_packet_monkey_write(BIO *bio, const char *in, int in_len)
192{
193 struct bio_packet_monkey_ctx *ctx = bio->ptr;
194 const char *label = "writing";
195 int delay = 0, drop = 0;
196 int ret;
197
198 if (ctx == NULL || bio->next_bio == NULL)
199 return 0;
200
201 if (ctx->delayed_msg != NULL && ctx->delay_count > 0)
202 ctx->delay_count--;
203
204 if (ctx->delayed_msg != NULL && ctx->delay_count == 0) {
205 if (debug)
206 fprintf(stderr, "DEBUG: writing delayed packet...\n");
207 if (debug > 1)
208 hexdump(ctx->delayed_msg, ctx->delayed_msg_len);
209
210 ret = BIO_write(bio->next_bio, ctx->delayed_msg,
211 ctx->delayed_msg_len);
212
213 BIO_clear_retry_flags(bio);
214 if (ret <= 0 && BIO_should_retry(bio->next_bio)) {
215 BIO_set_retry_write(bio);
216 return (ret);
217 }
218
219 free(ctx->delayed_msg);
220 ctx->delayed_msg = NULL;
221 }
222
223 if (ctx->delay_mask > 0) {
224 delay = ctx->delay_mask & 1;
225 ctx->delay_mask >>= 1;
226 }
227 if (ctx->drop_rand > 0) {
228 drop = arc4random_uniform(ctx->drop_rand) == 0;
229 } else if (ctx->drop_mask > 0) {
230 drop = ctx->drop_mask & 1;
231 ctx->drop_mask >>= 1;
232 }
233
234 if (delay)
235 label = "delaying";
236 if (drop)
237 label = "dropping";
238 if (debug)
239 fprintf(stderr, "DEBUG: %s packet...\n", label);
240 if (debug > 1)
241 hexdump(in, in_len);
242
243 if (drop)
244 return in_len;
245
246 if (delay) {
247 if (ctx->delayed_msg != NULL)
248 return 0;
249 if ((ctx->delayed_msg = calloc(1, in_len)) == NULL)
250 return 0;
251 memcpy(ctx->delayed_msg, in, in_len);
252 ctx->delayed_msg_len = in_len;
253 return in_len;
254 }
255
256 ret = BIO_write(bio->next_bio, in, in_len);
257
258 BIO_clear_retry_flags(bio);
259 if (ret <= 0 && BIO_should_retry(bio->next_bio))
260 BIO_set_retry_write(bio);
261
262 return ret;
263}
264
265static int
266bio_packet_monkey_puts(BIO *bio, const char *str)
267{
268 return bio_packet_monkey_write(bio, str, strlen(str));
269}
270
271static const BIO_METHOD bio_packet_monkey = {
272 .type = BIO_TYPE_BUFFER,
273 .name = "packet monkey",
274 .bread = bio_packet_monkey_read,
275 .bwrite = bio_packet_monkey_write,
276 .bputs = bio_packet_monkey_puts,
277 .ctrl = bio_packet_monkey_ctrl,
278 .create = bio_packet_monkey_new,
279 .destroy = bio_packet_monkey_free
280};
281
282static const BIO_METHOD *
283BIO_f_packet_monkey(void)
284{
285 return &bio_packet_monkey;
286}
287
288static BIO *
289BIO_new_packet_monkey(void)
290{
291 return BIO_new(BIO_f_packet_monkey());
292}
293
294static int
295BIO_packet_monkey_delay(BIO *bio, int num, int count)
296{
297 if (!BIO_ctrl(bio, BIO_C_DELAY_COUNT, count, NULL))
298 return 0;
299
300 return BIO_ctrl(bio, BIO_C_DELAY_PACKET, num, NULL);
301}
302
303static int
304BIO_packet_monkey_delay_flush(BIO *bio)
305{
306 return BIO_ctrl(bio, BIO_C_DELAY_FLUSH, 0, NULL);
307}
308
309static int
310BIO_packet_monkey_drop(BIO *bio, int num)
311{
312 return BIO_ctrl(bio, BIO_C_DROP_PACKET, num, NULL);
313}
314
315#if 0
316static int
317BIO_packet_monkey_drop_random(BIO *bio, int num)
318{
319 return BIO_ctrl(bio, BIO_C_DROP_RANDOM, num, NULL);
320}
321#endif
322
323static int
324datagram_pair(int *client_sock, int *server_sock,
325 struct sockaddr_in *server_sin)
326{
327 struct sockaddr_in sin;
328 socklen_t sock_len;
329 int cs = -1, ss = -1;
330
331 memset(&sin, 0, sizeof(sin));
332 sin.sin_family = AF_INET;
333 sin.sin_port = 0;
334 sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
335
336 if ((ss = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
337 err(1, "server socket");
338 if (bind(ss, (struct sockaddr *)&sin, sizeof(sin)) == -1)
339 err(1, "server bind");
340 sock_len = sizeof(sin);
341 if (getsockname(ss, (struct sockaddr *)&sin, &sock_len) == -1)
342 err(1, "server getsockname");
343
344 if ((cs = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
345 err(1, "client socket");
346 if (connect(cs, (struct sockaddr *)&sin, sizeof(sin)) == -1)
347 err(1, "client connect");
348
349 *client_sock = cs;
350 *server_sock = ss;
351 memcpy(server_sin, &sin, sizeof(sin));
352
353 return 1;
354}
355
356static int
357poll_timeout(SSL *client, SSL *server)
358{
359 int client_timeout = 0, server_timeout = 0;
360 struct timeval timeout;
361
362 if (DTLSv1_get_timeout(client, &timeout))
363 client_timeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000;
364
365 if (DTLSv1_get_timeout(server, &timeout))
366 server_timeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000;
367
368 if (client_timeout < 10)
369 client_timeout = 10;
370 if (server_timeout < 10)
371 server_timeout = 10;
372
373 /* XXX */
374 if (client_timeout <= 0)
375 return server_timeout;
376 if (client_timeout > 0 && server_timeout <= 0)
377 return client_timeout;
378 if (client_timeout < server_timeout)
379 return client_timeout;
380
381 return server_timeout;
382}
383
384static int
385dtls_cookie_generate(SSL *ssl, unsigned char *cookie,
386 unsigned int *cookie_len)
387{
388 arc4random_buf(dtls_cookie, sizeof(dtls_cookie));
389 memcpy(cookie, dtls_cookie, sizeof(dtls_cookie));
390 *cookie_len = sizeof(dtls_cookie);
391
392 return 1;
393}
394
395static int
396dtls_cookie_verify(SSL *ssl, const unsigned char *cookie,
397 unsigned int cookie_len)
398{
399 return cookie_len == sizeof(dtls_cookie) &&
400 memcmp(cookie, dtls_cookie, sizeof(dtls_cookie)) == 0;
401}
402
403static void
404dtls_info_callback(const SSL *ssl, int type, int val)
405{
406 /*
407 * Squeals ahead... remove the bbio from the info callback, so we can
408 * drop specific messages. Ideally this would be an option for the SSL.
409 */
410 if (ssl->wbio == ssl->bbio)
411 ((SSL *)ssl)->wbio = BIO_pop(ssl->wbio);
412}
413
414static SSL *
415dtls_client(int sock, struct sockaddr_in *server_sin, long mtu)
416{
417 SSL_CTX *ssl_ctx = NULL;
418 SSL *ssl = NULL;
419 BIO *bio = NULL;
420
421 if ((bio = BIO_new_dgram(sock, BIO_NOCLOSE)) == NULL)
422 errx(1, "client bio");
423 if (!BIO_socket_nbio(sock, 1))
424 errx(1, "client nbio");
425 if (!BIO_ctrl_set_connected(bio, 1, server_sin))
426 errx(1, "client set connected");
427
428 if ((ssl_ctx = SSL_CTX_new(DTLS_method())) == NULL)
429 errx(1, "client context");
430
431 if ((ssl = SSL_new(ssl_ctx)) == NULL)
432 errx(1, "client ssl");
433
434 SSL_set_bio(ssl, bio, bio);
435 bio = NULL;
436
437 if (mtu > 0) {
438 SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU);
439 SSL_set_mtu(ssl, mtu);
440 }
441
442 SSL_CTX_free(ssl_ctx);
443 BIO_free(bio);
444
445 return ssl;
446}
447
448static SSL *
449dtls_server(int sock, long options, long mtu)
450{
451 SSL_CTX *ssl_ctx = NULL;
452 SSL *ssl = NULL;
453 BIO *bio = NULL;
454
455 if ((bio = BIO_new_dgram(sock, BIO_NOCLOSE)) == NULL)
456 errx(1, "server bio");
457 if (!BIO_socket_nbio(sock, 1))
458 errx(1, "server nbio");
459
460 if ((ssl_ctx = SSL_CTX_new(DTLS_method())) == NULL)
461 errx(1, "server context");
462
463 SSL_CTX_set_cookie_generate_cb(ssl_ctx, dtls_cookie_generate);
464 SSL_CTX_set_cookie_verify_cb(ssl_ctx, dtls_cookie_verify);
465 SSL_CTX_set_dh_auto(ssl_ctx, 2);
466 SSL_CTX_set_options(ssl_ctx, options);
467
468 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, server_cert_file) != 1) {
469 fprintf(stderr, "FAIL: Failed to load server certificate");
470 goto failure;
471 }
472 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
473 SSL_FILETYPE_PEM) != 1) {
474 fprintf(stderr, "FAIL: Failed to load server private key");
475 goto failure;
476 }
477
478 if ((ssl = SSL_new(ssl_ctx)) == NULL)
479 errx(1, "server ssl");
480
481 if (SSL_use_certificate_chain_file(ssl, server_cert_file) != 1) {
482 fprintf(stderr, "FAIL: Failed to load server certificate");
483 goto failure;
484 }
485 SSL_set_bio(ssl, bio, bio);
486 bio = NULL;
487
488 if (mtu > 0) {
489 SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU);
490 SSL_set_mtu(ssl, mtu);
491 }
492
493 failure:
494 SSL_CTX_free(ssl_ctx);
495 BIO_free(bio);
496
497 return ssl;
498}
499
500static int
501ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret,
502 short *events)
503{
504 int ssl_err;
505
506 ssl_err = SSL_get_error(ssl, ssl_ret);
507
508 if (ssl_err == SSL_ERROR_WANT_READ) {
509 *events = POLLIN;
510 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
511 *events = POLLOUT;
512 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
513 /* Yup, this is apparently a thing... */
514 } else {
515 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
516 name, desc, ssl_err, errno);
517 ERR_print_errors_fp(stderr);
518 return 0;
519 }
520
521 return 1;
522}
523
524static int
525do_connect(SSL *ssl, const char *name, int *done, short *events)
526{
527 int ssl_ret;
528
529 if ((ssl_ret = SSL_connect(ssl)) != 1)
530 return ssl_error(ssl, name, "connect", ssl_ret, events);
531
532 fprintf(stderr, "INFO: %s connect done\n", name);
533 *done = 1;
534
535 return 1;
536}
537
538static int
539do_connect_read(SSL *ssl, const char *name, int *done, short *events)
540{
541 uint8_t buf[2048];
542 int ssl_ret;
543 int i;
544
545 if ((ssl_ret = SSL_connect(ssl)) != 1)
546 return ssl_error(ssl, name, "connect", ssl_ret, events);
547
548 fprintf(stderr, "INFO: %s connect done\n", name);
549 *done = 1;
550
551 for (i = 0; i < 3; i++) {
552 fprintf(stderr, "INFO: %s reading after connect\n", name);
553 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) != 3) {
554 fprintf(stderr, "ERROR: %s read failed\n", name);
555 return 0;
556 }
557 }
558
559 return 1;
560}
561
562static int
563do_connect_shutdown(SSL *ssl, const char *name, int *done, short *events)
564{
565 uint8_t buf[2048];
566 int ssl_ret;
567
568 if ((ssl_ret = SSL_connect(ssl)) != 1)
569 return ssl_error(ssl, name, "connect", ssl_ret, events);
570
571 fprintf(stderr, "INFO: %s connect done\n", name);
572 *done = 1;
573
574 ssl_ret = SSL_read(ssl, buf, sizeof(buf));
575 if (SSL_get_error(ssl, ssl_ret) != SSL_ERROR_ZERO_RETURN) {
576 fprintf(stderr, "FAIL: %s did not receive close-notify\n", name);
577 return 0;
578 }
579
580 fprintf(stderr, "INFO: %s received close-notify\n", name);
581
582 return 1;
583}
584
585static int
586do_accept(SSL *ssl, const char *name, int *done, short *events)
587{
588 int ssl_ret;
589
590 if ((ssl_ret = SSL_accept(ssl)) != 1)
591 return ssl_error(ssl, name, "accept", ssl_ret, events);
592
593 fprintf(stderr, "INFO: %s accept done\n", name);
594 *done = 1;
595
596 return 1;
597}
598
599static int
600do_accept_write(SSL *ssl, const char *name, int *done, short *events)
601{
602 int ssl_ret;
603 BIO *bio;
604 int i;
605
606 if ((ssl_ret = SSL_accept(ssl)) != 1)
607 return ssl_error(ssl, name, "accept", ssl_ret, events);
608
609 fprintf(stderr, "INFO: %s accept done\n", name);
610
611 for (i = 0; i < 3; i++) {
612 fprintf(stderr, "INFO: %s writing after accept\n", name);
613 if ((ssl_ret = SSL_write(ssl, "abc", 3)) != 3) {
614 fprintf(stderr, "ERROR: %s write failed\n", name);
615 return 0;
616 }
617 }
618
619 if ((bio = SSL_get_wbio(ssl)) == NULL)
620 errx(1, "SSL has NULL bio");
621
622 /* Flush any delayed packets. */
623 BIO_packet_monkey_delay_flush(bio);
624
625 *done = 1;
626 return 1;
627}
628
629static int
630do_accept_shutdown(SSL *ssl, const char *name, int *done, short *events)
631{
632 int ssl_ret;
633 BIO *bio;
634
635 if ((ssl_ret = SSL_accept(ssl)) != 1)
636 return ssl_error(ssl, name, "accept", ssl_ret, events);
637
638 fprintf(stderr, "INFO: %s accept done\n", name);
639
640 SSL_shutdown(ssl);
641
642 if ((bio = SSL_get_wbio(ssl)) == NULL)
643 errx(1, "SSL has NULL bio");
644
645 /* Flush any delayed packets. */
646 BIO_packet_monkey_delay_flush(bio);
647
648 *done = 1;
649 return 1;
650}
651
652static int
653do_read(SSL *ssl, const char *name, int *done, short *events)
654{
655 uint8_t buf[512];
656 int ssl_ret;
657
658 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) {
659 fprintf(stderr, "INFO: %s read done\n", name);
660 if (debug > 1)
661 hexdump(buf, ssl_ret);
662 *done = 1;
663 return 1;
664 }
665
666 return ssl_error(ssl, name, "read", ssl_ret, events);
667}
668
669static int
670do_write(SSL *ssl, const char *name, int *done, short *events)
671{
672 const uint8_t buf[] = "Hello, World!\n";
673 int ssl_ret;
674
675 if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) {
676 fprintf(stderr, "INFO: %s write done\n", name);
677 *done = 1;
678 return 1;
679 }
680
681 return ssl_error(ssl, name, "write", ssl_ret, events);
682}
683
684static int
685do_shutdown(SSL *ssl, const char *name, int *done, short *events)
686{
687 int ssl_ret;
688
689 ssl_ret = SSL_shutdown(ssl);
690 if (ssl_ret == 1) {
691 fprintf(stderr, "INFO: %s shutdown done\n", name);
692 *done = 1;
693 return 1;
694 }
695 return ssl_error(ssl, name, "shutdown", ssl_ret, events);
696}
697
698typedef int (ssl_func)(SSL *ssl, const char *name, int *done, short *events);
699
700static int
701do_client_server_loop(SSL *client, ssl_func *client_func, SSL *server,
702 ssl_func *server_func, struct pollfd pfd[2])
703{
704 int client_done = 0, server_done = 0;
705 int i = 0;
706
707 pfd[0].revents = POLLIN;
708 pfd[1].revents = POLLIN;
709
710 do {
711 if (!client_done) {
712 if (debug)
713 fprintf(stderr, "DEBUG: client loop\n");
714 if (DTLSv1_handle_timeout(client) > 0)
715 fprintf(stderr, "INFO: client timeout\n");
716 if (!client_func(client, "client", &client_done,
717 &pfd[0].events))
718 return 0;
719 if (client_done)
720 pfd[0].events = 0;
721 }
722 if (!server_done) {
723 if (debug)
724 fprintf(stderr, "DEBUG: server loop\n");
725 if (DTLSv1_handle_timeout(server) > 0)
726 fprintf(stderr, "INFO: server timeout\n");
727 if (!server_func(server, "server", &server_done,
728 &pfd[1].events))
729 return 0;
730 if (server_done)
731 pfd[1].events = 0;
732 }
733 if (poll(pfd, 2, poll_timeout(client, server)) == -1)
734 err(1, "poll");
735
736 } while (i++ < 100 && (!client_done || !server_done));
737
738 if (!client_done || !server_done)
739 fprintf(stderr, "FAIL: gave up\n");
740
741 return client_done && server_done;
742}
743
744#define MAX_PACKET_DELAYS 32
745#define MAX_PACKET_DROPS 32
746
747struct dtls_delay {
748 uint8_t packet;
749 uint8_t count;
750};
751
752struct dtls_test {
753 const unsigned char *desc;
754 long mtu;
755 long ssl_options;
756 int client_bbio_off;
757 int server_bbio_off;
758 uint16_t initial_epoch;
759 int write_after_accept;
760 int shutdown_after_accept;
761 struct dtls_delay client_delays[MAX_PACKET_DELAYS];
762 struct dtls_delay server_delays[MAX_PACKET_DELAYS];
763 uint8_t client_drops[MAX_PACKET_DROPS];
764 uint8_t server_drops[MAX_PACKET_DROPS];
765};
766
767static const struct dtls_test dtls_tests[] = {
768 {
769 .desc = "DTLS without cookies",
770 .ssl_options = 0,
771 },
772 {
773 .desc = "DTLS without cookies (initial epoch 0xfffe)",
774 .ssl_options = 0,
775 .initial_epoch = 0xfffe,
776 },
777 {
778 .desc = "DTLS without cookies (initial epoch 0xffff)",
779 .ssl_options = 0,
780 .initial_epoch = 0xffff,
781 },
782 {
783 .desc = "DTLS with cookies",
784 .ssl_options = SSL_OP_COOKIE_EXCHANGE,
785 },
786 {
787 .desc = "DTLS with low MTU",
788 .mtu = 256,
789 .ssl_options = 0,
790 },
791 {
792 .desc = "DTLS with low MTU and cookies",
793 .mtu = 256,
794 .ssl_options = SSL_OP_COOKIE_EXCHANGE,
795 },
796 {
797 .desc = "DTLS with dropped server response",
798 .ssl_options = 0,
799 .server_drops = { 1 },
800 },
801 {
802 .desc = "DTLS with two dropped server responses",
803 .ssl_options = 0,
804 .server_drops = { 1, 2 },
805 },
806 {
807 .desc = "DTLS with dropped ServerHello",
808 .ssl_options = SSL_OP_NO_TICKET,
809 .server_bbio_off = 1,
810 .server_drops = { 1 },
811 },
812 {
813 .desc = "DTLS with dropped server Certificate",
814 .ssl_options = SSL_OP_NO_TICKET,
815 .server_bbio_off = 1,
816 .server_drops = { 2 },
817 },
818 {
819 .desc = "DTLS with dropped ServerKeyExchange",
820 .ssl_options = SSL_OP_NO_TICKET,
821 .server_bbio_off = 1,
822 .server_drops = { 3 },
823 },
824 {
825 .desc = "DTLS with dropped ServerHelloDone",
826 .ssl_options = SSL_OP_NO_TICKET,
827 .server_bbio_off = 1,
828 .server_drops = { 4 },
829 },
830#if 0
831 /*
832 * These two result in the server accept completing and the
833 * client looping on a timeout. Presumably the server should not
834 * complete until the client Finished is received... this due to
835 * a flaw in the DTLSv1.0 specification, which is addressed in
836 * DTLSv1.2 (see references to "last flight" in RFC 6347 section
837 * 4.2.4). Our DTLS server code still needs to support this.
838 */
839 {
840 .desc = "DTLS with dropped server CCS",
841 .ssl_options = 0,
842 .server_bbio_off = 1,
843 .server_drops = { 5 },
844 },
845 {
846 .desc = "DTLS with dropped server Finished",
847 .ssl_options = 0,
848 .server_bbio_off = 1,
849 .server_drops = { 6 },
850 },
851#endif
852 {
853 .desc = "DTLS with dropped ClientKeyExchange",
854 .ssl_options = 0,
855 .client_bbio_off = 1,
856 .client_drops = { 2 },
857 },
858 {
859 .desc = "DTLS with dropped client CCS",
860 .ssl_options = 0,
861 .client_bbio_off = 1,
862 .client_drops = { 3 },
863 },
864 {
865 .desc = "DTLS with dropped client Finished",
866 .ssl_options = 0,
867 .client_bbio_off = 1,
868 .client_drops = { 4 },
869 },
870 {
871 /* Send CCS after client Finished. */
872 .desc = "DTLS with delayed client CCS",
873 .ssl_options = 0,
874 .client_bbio_off = 1,
875 .client_delays = { { 3, 2 } },
876 },
877 {
878 /*
879 * Send CCS after server Finished - note app data will be
880 * dropped if we send the CCS after app data.
881 */
882 .desc = "DTLS with delayed server CCS",
883 .ssl_options = SSL_OP_NO_TICKET,
884 .server_bbio_off = 1,
885 .server_delays = { { 5, 2 } },
886 .write_after_accept = 1,
887 },
888 {
889 .desc = "DTLS with delayed server CCS (initial epoch 0xfffe)",
890 .ssl_options = SSL_OP_NO_TICKET,
891 .server_bbio_off = 1,
892 .initial_epoch = 0xfffe,
893 .server_delays = { { 5, 2 } },
894 .write_after_accept = 1,
895 },
896 {
897 .desc = "DTLS with delayed server CCS (initial epoch 0xffff)",
898 .ssl_options = SSL_OP_NO_TICKET,
899 .server_bbio_off = 1,
900 .initial_epoch = 0xffff,
901 .server_delays = { { 5, 2 } },
902 .write_after_accept = 1,
903 },
904 {
905 /* Send Finished after app data - this is currently buffered. */
906 .desc = "DTLS with delayed server Finished",
907 .ssl_options = SSL_OP_NO_TICKET,
908 .server_bbio_off = 1,
909 .server_delays = { { 6, 3 } },
910 .write_after_accept = 1,
911 },
912 {
913 /* Send CCS after server finished and close-notify. */
914 .desc = "DTLS with delayed server CCS (close-notify)",
915 .ssl_options = SSL_OP_NO_TICKET,
916 .server_bbio_off = 1,
917 .server_delays = { { 5, 3 } },
918 .shutdown_after_accept = 1,
919 },
920};
921
922#define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))
923
924static void
925dtlstest_packet_monkey(SSL *ssl, const struct dtls_delay delays[],
926 const uint8_t drops[])
927{
928 BIO *bio_monkey;
929 BIO *bio;
930 int i;
931
932 if ((bio_monkey = BIO_new_packet_monkey()) == NULL)
933 errx(1, "packet monkey");
934
935 for (i = 0; i < MAX_PACKET_DELAYS; i++) {
936 if (delays[i].packet == 0)
937 break;
938 if (!BIO_packet_monkey_delay(bio_monkey, delays[i].packet,
939 delays[i].count))
940 errx(1, "delay failure");
941 }
942
943 for (i = 0; i < MAX_PACKET_DROPS; i++) {
944 if (drops[i] == 0)
945 break;
946 if (!BIO_packet_monkey_drop(bio_monkey, drops[i]))
947 errx(1, "drop failure");
948 }
949
950 if ((bio = SSL_get_wbio(ssl)) == NULL)
951 errx(1, "SSL has NULL bio");
952
953 BIO_up_ref(bio);
954 bio = BIO_push(bio_monkey, bio);
955
956 SSL_set_bio(ssl, bio, bio);
957}
958
959static int
960dtlstest(const struct dtls_test *dt)
961{
962 SSL *client = NULL, *server = NULL;
963 ssl_func *connect_func, *accept_func;
964 struct sockaddr_in server_sin;
965 struct pollfd pfd[2];
966 int client_sock = -1;
967 int server_sock = -1;
968 int failed = 1;
969
970 fprintf(stderr, "\n== Testing %s... ==\n", dt->desc);
971
972 if (!datagram_pair(&client_sock, &server_sock, &server_sin))
973 goto failure;
974
975 if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL)
976 goto failure;
977
978 if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL)
979 goto failure;
980
981 tls12_record_layer_set_initial_epoch(client->rl, dt->initial_epoch);
982 tls12_record_layer_set_initial_epoch(server->rl, dt->initial_epoch);
983
984 if (dt->client_bbio_off)
985 SSL_set_info_callback(client, dtls_info_callback);
986 if (dt->server_bbio_off)
987 SSL_set_info_callback(server, dtls_info_callback);
988
989 dtlstest_packet_monkey(client, dt->client_delays, dt->client_drops);
990 dtlstest_packet_monkey(server, dt->server_delays, dt->server_drops);
991
992 pfd[0].fd = client_sock;
993 pfd[0].events = POLLOUT;
994 pfd[1].fd = server_sock;
995 pfd[1].events = POLLIN;
996
997 accept_func = do_accept;
998 connect_func = do_connect;
999
1000 if (dt->write_after_accept) {
1001 accept_func = do_accept_write;
1002 connect_func = do_connect_read;
1003 } else if (dt->shutdown_after_accept) {
1004 accept_func = do_accept_shutdown;
1005 connect_func = do_connect_shutdown;
1006 }
1007
1008 if (!do_client_server_loop(client, connect_func, server, accept_func, pfd)) {
1009 fprintf(stderr, "FAIL: client and server handshake failed\n");
1010 goto failure;
1011 }
1012
1013 if (dt->write_after_accept || dt->shutdown_after_accept)
1014 goto done;
1015
1016 pfd[0].events = POLLIN;
1017 pfd[1].events = POLLOUT;
1018
1019 if (!do_client_server_loop(client, do_read, server, do_write, pfd)) {
1020 fprintf(stderr, "FAIL: client read and server write I/O failed\n");
1021 goto failure;
1022 }
1023
1024 pfd[0].events = POLLOUT;
1025 pfd[1].events = POLLIN;
1026
1027 if (!do_client_server_loop(client, do_write, server, do_read, pfd)) {
1028 fprintf(stderr, "FAIL: client write and server read I/O failed\n");
1029 goto failure;
1030 }
1031
1032 pfd[0].events = POLLOUT;
1033 pfd[1].events = POLLOUT;
1034
1035 if (!do_client_server_loop(client, do_shutdown, server, do_shutdown, pfd)) {
1036 fprintf(stderr, "FAIL: client and server shutdown failed\n");
1037 goto failure;
1038 }
1039
1040 done:
1041 fprintf(stderr, "INFO: Done!\n");
1042
1043 failed = 0;
1044
1045 failure:
1046 if (client_sock != -1)
1047 close(client_sock);
1048 if (server_sock != -1)
1049 close(server_sock);
1050
1051 SSL_free(client);
1052 SSL_free(server);
1053
1054 return failed;
1055}
1056
1057int
1058main(int argc, char **argv)
1059{
1060 int failed = 0;
1061 size_t i;
1062
1063 if (argc != 4) {
1064 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
1065 argv[0]);
1066 exit(1);
1067 }
1068
1069 server_key_file = argv[1];
1070 server_cert_file = argv[2];
1071 server_ca_file = argv[3];
1072
1073 for (i = 0; i < N_DTLS_TESTS; i++)
1074 failed |= dtlstest(&dtls_tests[i]);
1075
1076 return failed;
1077}
diff --git a/src/regress/lib/libssl/exporter/Makefile b/src/regress/lib/libssl/exporter/Makefile
deleted file mode 100644
index caeffabb13..0000000000
--- a/src/regress/lib/libssl/exporter/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2022/11/05 21:58:24 jsing Exp $
2
3PROG= exportertest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/exporter/exportertest.c b/src/regress/lib/libssl/exporter/exportertest.c
deleted file mode 100644
index ee8dbaa909..0000000000
--- a/src/regress/lib/libssl/exporter/exportertest.c
+++ /dev/null
@@ -1,667 +0,0 @@
1/* $OpenBSD: exportertest.c,v 1.4 2024/03/01 03:46:54 tb Exp $ */
2/*
3 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/err.h>
19#include <openssl/ssl.h>
20
21#include <err.h>
22#include <stdio.h>
23#include <string.h>
24
25#include "ssl_local.h"
26
27static void
28hexdump(const unsigned char *buf, size_t len)
29{
30 size_t i;
31
32 for (i = 1; i <= len; i++)
33 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
34
35 fprintf(stderr, "\n");
36}
37
38struct exporter_test {
39 uint16_t tls_version;
40 unsigned int cipher_id;
41 const uint8_t *label;
42 size_t label_len;
43 const uint8_t context_value[64];
44 size_t context_value_len;
45 int use_context;
46 const uint8_t client_random[SSL3_RANDOM_SIZE];
47 const uint8_t server_random[SSL3_RANDOM_SIZE];
48 const uint8_t master_key[SSL_MAX_MASTER_KEY_LENGTH];
49 const uint8_t shared_key[64];
50 size_t shared_key_len;
51 const uint8_t export[64];
52 size_t export_len;
53 int want_error;
54};
55
56static const struct exporter_test exporter_tests[] = {
57 {
58 /* Valid export, no context - 32 bytes. */
59 .tls_version = TLS1_2_VERSION,
60 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
61 .label = "EXPERIMENTAL testing",
62 .label_len = 20,
63 .use_context = 0,
64 .client_random = {
65 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
66 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
67 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
68 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
69 },
70 .server_random = {
71 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
72 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
73 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
74 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
75 },
76 .master_key = {
77 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
78 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
79 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
80 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
81 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
82 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
83 },
84 .export = {
85 0x14, 0x08, 0x00, 0x9e, 0x6a, 0x67, 0x75, 0x4c,
86 0xc4, 0xf3, 0x51, 0x57, 0x2f, 0x75, 0x0b, 0xf8,
87 0x16, 0xfa, 0x61, 0x74, 0xd2, 0x12, 0x8f, 0x78,
88 0x77, 0xf9, 0x8a, 0x3e, 0x58, 0x70, 0xf3, 0xd8,
89 },
90 .export_len = 32,
91 },
92 {
93 /* Valid export, no context - 32 bytes. */
94 .tls_version = TLS1_3_VERSION,
95 .label = "EXPERIMENTAL testing",
96 .label_len = 20,
97 .use_context = 0,
98 .shared_key = {
99 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
100 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
101 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
102 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
103 },
104 .shared_key_len = 32,
105 .export = {
106 0x69, 0xf4, 0xac, 0xec, 0x80, 0x67, 0xac, 0x5c,
107 0xa6, 0x24, 0x47, 0xb1, 0x0f, 0xc8, 0xa1, 0x13,
108 0x3b, 0x91, 0x33, 0x82, 0x97, 0x0a, 0xc0, 0xbf,
109 0xac, 0x6d, 0x6b, 0x34, 0x20, 0xd3, 0x3a, 0x02,
110 },
111 .export_len = 32,
112 },
113 {
114 /* Valid export, no context - 64 bytes. */
115 .tls_version = TLS1_2_VERSION,
116 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
117 .label = "EXPERIMENTAL testing",
118 .label_len = 20,
119 .use_context = 0,
120 .client_random = {
121 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
122 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
123 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
124 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
125 },
126 .server_random = {
127 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
128 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
129 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
130 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
131 },
132 .master_key = {
133 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
134 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
135 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
136 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
137 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
138 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
139 },
140 .export = {
141 0x14, 0x08, 0x00, 0x9e, 0x6a, 0x67, 0x75, 0x4c,
142 0xc4, 0xf3, 0x51, 0x57, 0x2f, 0x75, 0x0b, 0xf8,
143 0x16, 0xfa, 0x61, 0x74, 0xd2, 0x12, 0x8f, 0x78,
144 0x77, 0xf9, 0x8a, 0x3e, 0x58, 0x70, 0xf3, 0xd8,
145 0xe8, 0xd2, 0xb7, 0xcd, 0xbc, 0x37, 0xdf, 0x16,
146 0x12, 0xf1, 0xe8, 0xb2, 0x62, 0x79, 0x91, 0x45,
147 0x77, 0xe0, 0x68, 0x6d, 0xd5, 0x31, 0x54, 0x55,
148 0x22, 0x63, 0xc0, 0x36, 0x31, 0x07, 0xda, 0x33,
149 },
150 .export_len = 64,
151 },
152 {
153 /* Valid export, no context - 64 bytes. */
154 .tls_version = TLS1_3_VERSION,
155 .label = "EXPERIMENTAL testing",
156 .label_len = 20,
157 .use_context = 0,
158 .shared_key = {
159 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
160 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
161 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
162 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
163 },
164 .shared_key_len = 32,
165 .export = {
166 0x77, 0x15, 0xe2, 0x07, 0x65, 0x64, 0x3b, 0x14,
167 0x38, 0xcb, 0x73, 0x93, 0xda, 0x70, 0xfa, 0x86,
168 0x2c, 0x34, 0xcc, 0x94, 0x52, 0xc2, 0xd3, 0xb4,
169 0x59, 0x2c, 0xc8, 0x05, 0x70, 0xfe, 0x48, 0x61,
170 0xd3, 0xea, 0x57, 0x66, 0xa9, 0x66, 0x2f, 0x4a,
171 0x35, 0xc9, 0x88, 0x86, 0x28, 0x52, 0xe3, 0x64,
172 0x5e, 0xf9, 0x28, 0x53, 0x8a, 0x3a, 0x92, 0x92,
173 0x40, 0x8c, 0x89, 0x17, 0x59, 0xd0, 0xd0, 0x82,
174 },
175 .export_len = 64,
176 },
177 {
178 /* Valid export, zero length context - 32 bytes. */
179 .tls_version = TLS1_2_VERSION,
180 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
181 .label = "EXPERIMENTAL testing",
182 .label_len = 20,
183 .context_value_len = 0,
184 .use_context = 1,
185 .client_random = {
186 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
187 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
188 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
189 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
190 },
191 .server_random = {
192 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
193 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
194 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
195 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
196 },
197 .master_key = {
198 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
199 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
200 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
201 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
202 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
203 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
204 },
205 .export = {
206 0xdb, 0xc9, 0xdf, 0x7c, 0x04, 0x39, 0xdd, 0x23,
207 0xc3, 0x68, 0xdc, 0xf3, 0x04, 0xcf, 0x4c, 0x4d,
208 0x86, 0x5b, 0xe6, 0x48, 0xc5, 0x6d, 0xe5, 0x1e,
209 0xea, 0xc5, 0xe4, 0x00, 0x27, 0x72, 0xda, 0xb6,
210 },
211 .export_len = 32,
212 },
213 {
214 /* Valid export, zero length context - 32 bytes. */
215 .tls_version = TLS1_3_VERSION,
216 .label = "EXPERIMENTAL testing",
217 .label_len = 20,
218 .context_value_len = 0,
219 .use_context = 1,
220 .shared_key = {
221 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
222 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
223 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
224 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
225 },
226 .shared_key_len = 32,
227 .export = {
228 0x69, 0xf4, 0xac, 0xec, 0x80, 0x67, 0xac, 0x5c,
229 0xa6, 0x24, 0x47, 0xb1, 0x0f, 0xc8, 0xa1, 0x13,
230 0x3b, 0x91, 0x33, 0x82, 0x97, 0x0a, 0xc0, 0xbf,
231 0xac, 0x6d, 0x6b, 0x34, 0x20, 0xd3, 0x3a, 0x02,
232 },
233 .export_len = 32,
234 },
235 {
236 /* Valid export, with context value - 32 bytes. */
237 .tls_version = TLS1_2_VERSION,
238 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
239 .label = "EXPERIMENTAL testing",
240 .label_len = 20,
241 .context_value = {
242 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
243 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
244 },
245 .context_value_len = 16,
246 .use_context = 1,
247 .client_random = {
248 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
249 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
250 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
251 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
252 },
253 .server_random = {
254 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
255 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
256 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
257 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
258 },
259 .master_key = {
260 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
261 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
262 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
263 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
264 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
265 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
266 },
267 .export = {
268 0x0e, 0xb4, 0xd1, 0x3a, 0x0e, 0x24, 0xab, 0x0d,
269 0x4c, 0x48, 0x35, 0x25, 0xf6, 0x4d, 0xa2, 0x9b,
270 0xaa, 0x1d, 0xbc, 0x54, 0x7e, 0xb0, 0x3c, 0x4b,
271 0x07, 0x04, 0x9c, 0x7c, 0x06, 0xa7, 0xea, 0x70,
272 },
273 .export_len = 32,
274 },
275 {
276 /* Valid export, with context value - 32 bytes. */
277 .tls_version = TLS1_3_VERSION,
278 .label = "EXPERIMENTAL testing",
279 .label_len = 20,
280 .context_value = {
281 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
282 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
283 },
284 .context_value_len = 16,
285 .use_context = 1,
286 .shared_key = {
287 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
288 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
289 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
290 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
291 },
292 .shared_key_len = 32,
293 .export = {
294 0x34, 0xb8, 0x00, 0x6a, 0xb2, 0x62, 0xab, 0xea,
295 0xc7, 0x2b, 0x15, 0xa0, 0x85, 0xda, 0xaa, 0xa5,
296 0x12, 0x85, 0xbf, 0x4a, 0xa4, 0x71, 0x42, 0xc8,
297 0xd4, 0xa6, 0x66, 0x18, 0xc6, 0xc9, 0x26, 0x6f,
298 },
299 .export_len = 32,
300 },
301 {
302 /* Valid export, with different label - 32 bytes. */
303 .tls_version = TLS1_2_VERSION,
304 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
305 .label = "EXPERIMENTAL more testing",
306 .label_len = 20,
307 .context_value = {
308 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
309 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
310 },
311 .context_value_len = 16,
312 .use_context = 1,
313 .client_random = {
314 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
315 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
316 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
317 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
318 },
319 .server_random = {
320 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
321 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
322 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
324 },
325 .master_key = {
326 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
327 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
328 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
329 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
330 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
331 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
332 },
333 .export = {
334 0xb0, 0xb6, 0x45, 0xdd, 0x30, 0x76, 0xf0, 0x57,
335 0x22, 0x31, 0xbb, 0x8d, 0xe1, 0xf9, 0xe3, 0xed,
336 0xae, 0x74, 0x6f, 0x40, 0x94, 0xf6, 0xc2, 0xfc,
337 0x21, 0xff, 0xf7, 0x00, 0x86, 0x54, 0xb6, 0x06,
338 },
339 .export_len = 32,
340 },
341 {
342 /* Valid export, with different label - 32 bytes. */
343 .tls_version = TLS1_3_VERSION,
344 .label = "EXPERIMENTAL more testing",
345 .label_len = 20,
346 .context_value = {
347 0xff, 0xfe, 0xfd, 0xfc, 0xfb, 0xfa, 0xf9, 0xf8,
348 0xf7, 0xf6, 0xf5, 0xf4, 0xf3, 0xf2, 0xf1, 0xf0,
349 },
350 .context_value_len = 16,
351 .use_context = 1,
352 .shared_key = {
353 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
354 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
355 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
356 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
357 },
358 .shared_key_len = 32,
359 .export = {
360 0x18, 0x4e, 0x65, 0x3c, 0x91, 0x5d, 0x6a, 0xc3,
361 0x25, 0x38, 0xbe, 0x6e, 0xca, 0x12, 0x54, 0x76,
362 0x5a, 0x84, 0xf7, 0x19, 0x44, 0x78, 0xec, 0xc0,
363 0x83, 0xf6, 0x22, 0xb8, 0x86, 0x31, 0xe9, 0x2e,
364 },
365 .export_len = 32,
366 },
367 {
368 /* Invalid - illegal label. */
369 .tls_version = TLS1_2_VERSION,
370 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
371 .label = TLS_MD_CLIENT_FINISH_CONST,
372 .label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
373 .use_context = 0,
374 .client_random = {
375 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
376 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
377 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
378 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
379 },
380 .server_random = {
381 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
382 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
383 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
384 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
385 },
386 .master_key = {
387 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
388 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
389 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
390 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
391 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
392 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
393 },
394 .export_len = 32,
395 .want_error = SSL_R_TLS_ILLEGAL_EXPORTER_LABEL,
396 },
397 {
398 /* Invalid - illegal label. */
399 .tls_version = TLS1_2_VERSION,
400 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
401 .label = TLS_MD_SERVER_FINISH_CONST,
402 .label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
403 .use_context = 0,
404 .client_random = {
405 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
406 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
407 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
408 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
409 },
410 .server_random = {
411 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
412 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
413 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
414 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
415 },
416 .master_key = {
417 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
418 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
419 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
420 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
421 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
422 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
423 },
424 .export_len = 32,
425 .want_error = SSL_R_TLS_ILLEGAL_EXPORTER_LABEL,
426 },
427 {
428 /* Invalid - illegal label. */
429 .tls_version = TLS1_2_VERSION,
430 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
431 .label = TLS_MD_KEY_EXPANSION_CONST,
432 .label_len = TLS_MD_KEY_EXPANSION_CONST_SIZE,
433 .use_context = 0,
434 .client_random = {
435 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
436 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
437 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
438 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
439 },
440 .server_random = {
441 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
442 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
443 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
444 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
445 },
446 .master_key = {
447 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
448 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
449 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
450 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
451 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
452 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
453 },
454 .export_len = 32,
455 .want_error = SSL_R_TLS_ILLEGAL_EXPORTER_LABEL,
456 },
457 {
458 /* Invalid - illegal label. */
459 .tls_version = TLS1_2_VERSION,
460 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
461 .label = TLS_MD_MASTER_SECRET_CONST,
462 .label_len = TLS_MD_MASTER_SECRET_CONST_SIZE,
463 .use_context = 0,
464 .client_random = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
466 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
467 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
468 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
469 },
470 .server_random = {
471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
472 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
473 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
474 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
475 },
476 .master_key = {
477 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
478 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
479 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
480 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
481 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
482 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
483 },
484 .export_len = 32,
485 .want_error = SSL_R_TLS_ILLEGAL_EXPORTER_LABEL,
486 },
487 {
488 /* Invalid - illegal label, split over label and seed. */
489 .tls_version = TLS1_2_VERSION,
490 .cipher_id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
491 .label = "master ",
492 .label_len = 7,
493 .use_context = 0,
494 .client_random = {
495 's', 'e', 'c', 'r', 'e', 't', 0x06, 0x07,
496 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
497 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
498 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
499 },
500 .server_random = {
501 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
502 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
503 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
504 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
505 },
506 .master_key = {
507 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
508 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
509 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
510 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
511 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
512 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
513 },
514 .export = {
515 0x40, 0x70, 0xba, 0xfa, 0xba, 0x44, 0x74, 0x93,
516 0xa2, 0x43, 0x18, 0x07, 0xa4, 0x4f, 0x3f, 0xda,
517 0x88, 0x7b, 0x0e, 0x79, 0x70, 0xcf, 0xdb, 0x91,
518 0xfc, 0x3f, 0x96, 0x78, 0x6b, 0x50, 0xe3, 0xa6,
519 },
520 .export_len = 32,
521 .want_error = SSL_R_TLS_ILLEGAL_EXPORTER_LABEL,
522 },
523};
524
525#define N_EXPORTER_TESTS (sizeof(exporter_tests) / sizeof(exporter_tests[0]))
526
527static int
528exporter_test(size_t test_no, const struct exporter_test *et)
529{
530 struct tls13_secret tls13_context = { .data = "", .len = 0 };
531 struct tls13_ctx *tls13_ctx;
532 struct tls13_secrets *tls13_secrets;
533 SSL_SESSION *ssl_session = NULL;
534 SSL_CTX *ssl_ctx = NULL;
535 SSL *ssl = NULL;
536 uint8_t export[256];
537 unsigned char id[2];
538 int err, ret;
539 int failed = 1;
540
541 memset(export, 0, sizeof(export));
542
543 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
544 fprintf(stderr, "FAIL: SSL_CTX_new\n");
545 goto failure;
546 }
547 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
548 fprintf(stderr, "FAIL: SSL_new\n");
549 goto failure;
550 }
551 if ((ssl_session = SSL_SESSION_new()) == NULL) {
552 fprintf(stderr, "FAIL: SSL_SESSION_new\n");
553 goto failure;
554 }
555
556 ssl_session->ssl_version = et->tls_version;
557
558 if (!SSL_set_session(ssl, ssl_session)) {
559 fprintf(stderr, "FAIL: SSL_set_session\n");
560 goto failure;
561 }
562
563 memcpy(ssl_session->master_key, et->master_key,
564 sizeof(ssl_session->master_key));
565 memcpy(ssl->s3->client_random, et->client_random,
566 sizeof(ssl->s3->client_random));
567 memcpy(ssl->s3->server_random, et->server_random,
568 sizeof(ssl->s3->server_random));
569
570 if (et->tls_version >= TLS1_3_VERSION) {
571 if ((tls13_ctx = tls13_ctx_new(TLS13_HS_CLIENT, ssl)) == NULL) {
572 fprintf(stderr, "FAIL: tls13_ctx_new\n");
573 goto failure;
574 }
575 ssl->tls13 = tls13_ctx;
576
577 if ((tls13_secrets = tls13_secrets_create(EVP_sha384(),
578 0)) == NULL) {
579 fprintf(stderr, "FAIL: tls13_secrets_create\n");
580 goto failure;
581 }
582 ssl->s3->hs.tls13.secrets = tls13_secrets;
583
584 if (!tls13_derive_early_secrets(tls13_secrets,
585 tls13_secrets->zeros.data, tls13_secrets->zeros.len,
586 &tls13_context)) {
587 fprintf(stderr, "FAIL: tls13_derive_early_secrets\n");
588 goto failure;
589 }
590 if (!tls13_derive_handshake_secrets(tls13_secrets, et->shared_key,
591 et->shared_key_len, &tls13_context)) {
592 fprintf(stderr, "FAIL: tls13_derive_handshake_secrets\n");
593 goto failure;
594 }
595 if (!tls13_derive_application_secrets(tls13_secrets,
596 &tls13_context)) {
597 fprintf(stderr, "FAIL: tls13_derive_early_secrets\n");
598 goto failure;
599 }
600
601 tls13_ctx->handshake_completed = 1;
602 }
603
604 ssl->s3->hs.state = SSL_ST_OK;
605 ssl->s3->hs.negotiated_tls_version = et->tls_version;
606 id[0] = (et->cipher_id >> 8) & 0xff;
607 id[1] = et->cipher_id & 0xff;
608 ssl->s3->hs.cipher = SSL_CIPHER_find(ssl, id);
609
610 ret = SSL_export_keying_material(ssl, export, et->export_len, et->label,
611 et->label_len, et->context_value, et->context_value_len,
612 et->use_context);
613
614 if (et->want_error != 0) {
615 if (ret) {
616 fprintf(stderr, "FAIL: test %zu - "
617 "SSL_export_keying_material() succeeded, want "
618 "error\n", test_no);
619 goto failure;
620 }
621
622 err = ERR_peek_error();
623 if (ERR_GET_REASON(err) != et->want_error) {
624 fprintf(stderr, "FAIL: %zu - got error reason %d, "
625 "want %d\n", test_no, ERR_GET_REASON(err),
626 et->want_error);
627 goto failure;
628 }
629 } else {
630 if (!ret) {
631 fprintf(stderr, "FAIL: test %zu - "
632 "SSL_export_keying_material() failed\n", test_no);
633 ERR_print_errors_fp(stderr);
634 goto failure;
635 }
636
637 if (memcmp(et->export, export, et->export_len) != 0) {
638 fprintf(stderr, "FAIL: test %zu\n", test_no);
639 fprintf(stderr, "Got export:\n");
640 hexdump(export, et->export_len);
641 fprintf(stderr, "Want export:\n");
642 hexdump(et->export, et->export_len);
643 goto failure;
644 }
645 }
646
647 failed = 0;
648
649 failure:
650 SSL_SESSION_free(ssl_session);
651 SSL_CTX_free(ssl_ctx);
652 SSL_free(ssl);
653
654 return failed;
655}
656
657int
658main(int argc, char **argv)
659{
660 int failed = 0;
661 size_t i;
662
663 for (i = 0; i < N_EXPORTER_TESTS; i++)
664 failed |= exporter_test(i, &exporter_tests[i]);
665
666 return (failed);
667}
diff --git a/src/regress/lib/libssl/handshake/Makefile b/src/regress/lib/libssl/handshake/Makefile
deleted file mode 100644
index 77e128929f..0000000000
--- a/src/regress/lib/libssl/handshake/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
1# $OpenBSD: Makefile,v 1.10 2022/12/02 01:09:04 tb Exp $
2
3PROGS += handshake_table
4PROGS += valid_handshakes_terminate
5
6LDADD = ${SSL_INT} -lcrypto
7DPADD = ${LIBCRYPTO} ${LIBSSL}
8WARNINGS = Yes
9CFLAGS += -DLIBRESSL_INTERNAL -Wundef -Werror
10CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
11
12print: handshake_table
13 @./handshake_table -C
14
15handshake.gv: handshake_table
16 ./handshake_table -g > $@.tmp
17 mv $@.tmp $@
18
19CLEANFILES += handshake.gv
20
21.for _FMT in png ps svg
22handshake.${_FMT}: handshake.gv
23 @if [ ! -x /usr/local/bin/dot ]; then \
24 echo "pkg_add graphviz to generate png"; \
25 false; \
26 fi
27 dot -T${_FMT} handshake.gv -o $@
28
29CLEANFILES += handshake.${_FMT}
30.endfor
31
32.PHONY: print
33
34.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/handshake/handshake_table.c b/src/regress/lib/libssl/handshake/handshake_table.c
deleted file mode 100644
index 8ebed9a73e..0000000000
--- a/src/regress/lib/libssl/handshake/handshake_table.c
+++ /dev/null
@@ -1,550 +0,0 @@
1/* $OpenBSD: handshake_table.c,v 1.18 2022/12/01 13:49:12 tb Exp $ */
2/*
3 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdint.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <unistd.h>
23
24#include "tls13_handshake.h"
25
26#define MAX_FLAGS (UINT8_MAX + 1)
27
28/*
29 * From RFC 8446:
30 *
31 * Appendix A. State Machine
32 *
33 * This appendix provides a summary of the legal state transitions for
34 * the client and server handshakes. State names (in all capitals,
35 * e.g., START) have no formal meaning but are provided for ease of
36 * comprehension. Actions which are taken only in certain circumstances
37 * are indicated in []. The notation "K_{send,recv} = foo" means "set
38 * the send/recv key to the given key".
39 *
40 * A.1. Client
41 *
42 * START <----+
43 * Send ClientHello | | Recv HelloRetryRequest
44 * [K_send = early data] | |
45 * v |
46 * / WAIT_SH ----+
47 * | | Recv ServerHello
48 * | | K_recv = handshake
49 * Can | V
50 * send | WAIT_EE
51 * early | | Recv EncryptedExtensions
52 * data | +--------+--------+
53 * | Using | | Using certificate
54 * | PSK | v
55 * | | WAIT_CERT_CR
56 * | | Recv | | Recv CertificateRequest
57 * | | Certificate | v
58 * | | | WAIT_CERT
59 * | | | | Recv Certificate
60 * | | v v
61 * | | WAIT_CV
62 * | | | Recv CertificateVerify
63 * | +> WAIT_FINISHED <+
64 * | | Recv Finished
65 * \ | [Send EndOfEarlyData]
66 * | K_send = handshake
67 * | [Send Certificate [+ CertificateVerify]]
68 * Can send | Send Finished
69 * app data --> | K_send = K_recv = application
70 * after here v
71 * CONNECTED
72 *
73 * Note that with the transitions as shown above, clients may send
74 * alerts that derive from post-ServerHello messages in the clear or
75 * with the early data keys. If clients need to send such alerts, they
76 * SHOULD first rekey to the handshake keys if possible.
77 *
78 */
79
80struct child {
81 enum tls13_message_type mt;
82 uint8_t flag;
83 uint8_t forced;
84 uint8_t illegal;
85};
86
87static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = {
88 [CLIENT_HELLO] = {
89 {
90 .mt = SERVER_HELLO_RETRY_REQUEST,
91 },
92 {
93 .mt = SERVER_HELLO,
94 .flag = WITHOUT_HRR,
95 },
96 },
97 [SERVER_HELLO_RETRY_REQUEST] = {
98 {
99 .mt = CLIENT_HELLO_RETRY,
100 },
101 },
102 [CLIENT_HELLO_RETRY] = {
103 {
104 .mt = SERVER_HELLO,
105 },
106 },
107 [SERVER_HELLO] = {
108 {
109 .mt = SERVER_ENCRYPTED_EXTENSIONS,
110 },
111 },
112 [SERVER_ENCRYPTED_EXTENSIONS] = {
113 {
114 .mt = SERVER_CERTIFICATE_REQUEST,
115 },
116 { .mt = SERVER_CERTIFICATE,
117 .flag = WITHOUT_CR,
118 },
119 {
120 .mt = SERVER_FINISHED,
121 .flag = WITH_PSK,
122 },
123 },
124 [SERVER_CERTIFICATE_REQUEST] = {
125 {
126 .mt = SERVER_CERTIFICATE,
127 },
128 },
129 [SERVER_CERTIFICATE] = {
130 {
131 .mt = SERVER_CERTIFICATE_VERIFY,
132 },
133 },
134 [SERVER_CERTIFICATE_VERIFY] = {
135 {
136 .mt = SERVER_FINISHED,
137 },
138 },
139 [SERVER_FINISHED] = {
140 {
141 .mt = CLIENT_FINISHED,
142 .forced = WITHOUT_CR | WITH_PSK,
143 },
144 {
145 .mt = CLIENT_CERTIFICATE,
146 .illegal = WITHOUT_CR | WITH_PSK,
147 },
148 },
149 [CLIENT_CERTIFICATE] = {
150 {
151 .mt = CLIENT_FINISHED,
152 },
153 {
154 .mt = CLIENT_CERTIFICATE_VERIFY,
155 .flag = WITH_CCV,
156 },
157 },
158 [CLIENT_CERTIFICATE_VERIFY] = {
159 {
160 .mt = CLIENT_FINISHED,
161 },
162 },
163 [CLIENT_FINISHED] = {
164 {
165 .mt = APPLICATION_DATA,
166 },
167 },
168 [APPLICATION_DATA] = {
169 {
170 .mt = 0,
171 },
172 },
173};
174
175const size_t stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]);
176
177void build_table(enum tls13_message_type
178 table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
179 struct child current, struct child end,
180 struct child path[], uint8_t flags, unsigned int depth);
181size_t count_handshakes(void);
182void edge(enum tls13_message_type start,
183 enum tls13_message_type end, uint8_t flag);
184const char *flag2str(uint8_t flag);
185void flag_label(uint8_t flag);
186void forced_edges(enum tls13_message_type start,
187 enum tls13_message_type end, uint8_t forced);
188int generate_graphics(void);
189void fprint_entry(FILE *stream,
190 enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES],
191 uint8_t flags);
192void fprint_flags(FILE *stream, uint8_t flags);
193const char *mt2str(enum tls13_message_type mt);
194void usage(void);
195int verify_table(enum tls13_message_type
196 table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
197
198const char *
199flag2str(uint8_t flag)
200{
201 const char *ret;
202
203 if (flag & (flag - 1))
204 errx(1, "more than one bit is set");
205
206 switch (flag) {
207 case INITIAL:
208 ret = "INITIAL";
209 break;
210 case NEGOTIATED:
211 ret = "NEGOTIATED";
212 break;
213 case WITHOUT_CR:
214 ret = "WITHOUT_CR";
215 break;
216 case WITHOUT_HRR:
217 ret = "WITHOUT_HRR";
218 break;
219 case WITH_PSK:
220 ret = "WITH_PSK";
221 break;
222 case WITH_CCV:
223 ret = "WITH_CCV";
224 break;
225 case WITH_0RTT:
226 ret = "WITH_0RTT";
227 break;
228 default:
229 ret = "UNKNOWN";
230 }
231
232 return ret;
233}
234
235const char *
236mt2str(enum tls13_message_type mt)
237{
238 const char *ret;
239
240 switch (mt) {
241 case INVALID:
242 ret = "INVALID";
243 break;
244 case CLIENT_HELLO:
245 ret = "CLIENT_HELLO";
246 break;
247 case CLIENT_HELLO_RETRY:
248 ret = "CLIENT_HELLO_RETRY";
249 break;
250 case CLIENT_END_OF_EARLY_DATA:
251 ret = "CLIENT_END_OF_EARLY_DATA";
252 break;
253 case CLIENT_CERTIFICATE:
254 ret = "CLIENT_CERTIFICATE";
255 break;
256 case CLIENT_CERTIFICATE_VERIFY:
257 ret = "CLIENT_CERTIFICATE_VERIFY";
258 break;
259 case CLIENT_FINISHED:
260 ret = "CLIENT_FINISHED";
261 break;
262 case SERVER_HELLO:
263 ret = "SERVER_HELLO";
264 break;
265 case SERVER_HELLO_RETRY_REQUEST:
266 ret = "SERVER_HELLO_RETRY_REQUEST";
267 break;
268 case SERVER_ENCRYPTED_EXTENSIONS:
269 ret = "SERVER_ENCRYPTED_EXTENSIONS";
270 break;
271 case SERVER_CERTIFICATE:
272 ret = "SERVER_CERTIFICATE";
273 break;
274 case SERVER_CERTIFICATE_VERIFY:
275 ret = "SERVER_CERTIFICATE_VERIFY";
276 break;
277 case SERVER_CERTIFICATE_REQUEST:
278 ret = "SERVER_CERTIFICATE_REQUEST";
279 break;
280 case SERVER_FINISHED:
281 ret = "SERVER_FINISHED";
282 break;
283 case APPLICATION_DATA:
284 ret = "APPLICATION_DATA";
285 break;
286 case TLS13_NUM_MESSAGE_TYPES:
287 ret = "TLS13_NUM_MESSAGE_TYPES";
288 break;
289 default:
290 ret = "UNKNOWN";
291 break;
292 }
293
294 return ret;
295}
296
297void
298fprint_flags(FILE *stream, uint8_t flags)
299{
300 int first = 1, i;
301
302 if (flags == 0) {
303 fprintf(stream, "%s", flag2str(flags));
304 return;
305 }
306
307 for (i = 0; i < 8; i++) {
308 uint8_t set = flags & (1U << i);
309
310 if (set) {
311 fprintf(stream, "%s%s", first ? "" : " | ",
312 flag2str(set));
313 first = 0;
314 }
315 }
316}
317
318void
319fprint_entry(FILE *stream,
320 enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES], uint8_t flags)
321{
322 int i;
323
324 fprintf(stream, "\t[");
325 fprint_flags(stream, flags);
326 fprintf(stream, "] = {\n");
327
328 for (i = 0; i < TLS13_NUM_MESSAGE_TYPES; i++) {
329 if (path[i] == 0)
330 break;
331 fprintf(stream, "\t\t%s,\n", mt2str(path[i]));
332 }
333 fprintf(stream, "\t},\n");
334}
335
336void
337edge(enum tls13_message_type start, enum tls13_message_type end,
338 uint8_t flag)
339{
340 printf("\t%s -> %s", mt2str(start), mt2str(end));
341 flag_label(flag);
342 printf(";\n");
343}
344
345void
346flag_label(uint8_t flag)
347{
348 if (flag)
349 printf(" [label=\"%s\"]", flag2str(flag));
350}
351
352void
353forced_edges(enum tls13_message_type start, enum tls13_message_type end,
354 uint8_t forced)
355{
356 uint8_t forced_flag, i;
357
358 if (forced == 0)
359 return;
360
361 for (i = 0; i < 8; i++) {
362 forced_flag = forced & (1U << i);
363 if (forced_flag)
364 edge(start, end, forced_flag);
365 }
366}
367
368int
369generate_graphics(void)
370{
371 enum tls13_message_type start, end;
372 unsigned int child;
373 uint8_t flag;
374 uint8_t forced;
375
376 printf("digraph G {\n");
377 printf("\t%s [shape=box];\n", mt2str(CLIENT_HELLO));
378 printf("\t%s [shape=box];\n", mt2str(APPLICATION_DATA));
379
380 for (start = CLIENT_HELLO; start < APPLICATION_DATA; start++) {
381 for (child = 0; stateinfo[start][child].mt != 0; child++) {
382 end = stateinfo[start][child].mt;
383 flag = stateinfo[start][child].flag;
384 forced = stateinfo[start][child].forced;
385
386 if (forced == 0)
387 edge(start, end, flag);
388 else
389 forced_edges(start, end, forced);
390 }
391 }
392
393 printf("}\n");
394 return 0;
395}
396
397extern enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES];
398extern size_t handshake_count;
399
400size_t
401count_handshakes(void)
402{
403 size_t ret = 0, i;
404
405 for (i = 0; i < handshake_count; i++) {
406 if (handshakes[i][0] != INVALID)
407 ret++;
408 }
409
410 return ret;
411}
412
413void
414build_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
415 struct child current, struct child end, struct child path[], uint8_t flags,
416 unsigned int depth)
417{
418 unsigned int i;
419
420 if (depth >= TLS13_NUM_MESSAGE_TYPES - 1)
421 errx(1, "recursed too deeply");
422
423 /* Record current node. */
424 path[depth++] = current;
425 flags |= current.flag;
426
427 /* If we haven't reached the end, recurse over the children. */
428 if (current.mt != end.mt) {
429 for (i = 0; stateinfo[current.mt][i].mt != 0; i++) {
430 struct child child = stateinfo[current.mt][i];
431 int forced = stateinfo[current.mt][i].forced;
432 int illegal = stateinfo[current.mt][i].illegal;
433
434 if ((forced == 0 || (forced & flags)) &&
435 (illegal == 0 || !(illegal & flags)))
436 build_table(table, child, end, path, flags,
437 depth);
438 }
439 return;
440 }
441
442 if (flags == 0)
443 errx(1, "path does not set flags");
444
445 if (table[flags][0] != 0)
446 errx(1, "path traversed twice");
447
448 for (i = 0; i < depth; i++)
449 table[flags][i] = path[i].mt;
450}
451
452int
453verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
454 int print)
455{
456 int success = 1, i;
457 size_t num_valid, num_found = 0;
458 uint8_t flags = 0;
459
460 do {
461 if (table[flags][0] == 0)
462 continue;
463
464 num_found++;
465
466 for (i = 0; i < TLS13_NUM_MESSAGE_TYPES; i++) {
467 if (table[flags][i] != handshakes[flags][i]) {
468 fprintf(stderr,
469 "incorrect entry %d of handshake ", i);
470 fprint_flags(stderr, flags);
471 fprintf(stderr, "\n");
472 success = 0;
473 }
474 }
475
476 if (print)
477 fprint_entry(stdout, table[flags], flags);
478 } while(++flags != 0);
479
480 num_valid = count_handshakes();
481 if (num_valid != num_found) {
482 fprintf(stderr,
483 "incorrect number of handshakes: want %zu, got %zu.\n",
484 num_valid, num_found);
485 success = 0;
486 }
487
488 return success;
489}
490
491void
492usage(void)
493{
494 fprintf(stderr, "usage: handshake_table [-C | -g]\n");
495 exit(1);
496}
497
498int
499main(int argc, char *argv[])
500{
501 static enum tls13_message_type
502 hs_table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES] = {
503 [INITIAL] = {
504 CLIENT_HELLO,
505 SERVER_HELLO_RETRY_REQUEST,
506 CLIENT_HELLO_RETRY,
507 SERVER_HELLO,
508 },
509 };
510 struct child start = {
511 .mt = CLIENT_HELLO,
512 };
513 struct child end = {
514 .mt = APPLICATION_DATA,
515 };
516 struct child path[TLS13_NUM_MESSAGE_TYPES] = {{0}};
517 uint8_t flags = NEGOTIATED;
518 unsigned int depth = 0;
519 int ch, graphviz = 0, print = 0;
520
521 while ((ch = getopt(argc, argv, "Cg")) != -1) {
522 switch (ch) {
523 case 'C':
524 print = 1;
525 break;
526 case 'g':
527 graphviz = 1;
528 break;
529 default:
530 usage();
531 }
532 }
533 argc -= optind;
534 argv += optind;
535
536 if (argc != 0)
537 usage();
538
539 if (graphviz && print)
540 usage();
541
542 if (graphviz)
543 return generate_graphics();
544
545 build_table(hs_table, start, end, path, flags, depth);
546 if (!verify_table(hs_table, print))
547 return 1;
548
549 return 0;
550}
diff --git a/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c b/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c
deleted file mode 100644
index 286b860a7d..0000000000
--- a/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c
+++ /dev/null
@@ -1,54 +0,0 @@
1/* $OpenBSD: valid_handshakes_terminate.c,v 1.4 2022/12/01 13:49:12 tb Exp $ */
2/*
3 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include "tls13_handshake.c"
22
23int
24main(int argc, char *argv[])
25{
26 size_t i, j;
27 int terminates;
28 int fail = 0;
29
30 for (i = 1; i < handshake_count; i++) {
31 enum tls13_message_type mt = handshakes[i][0];
32
33 if (mt == INVALID)
34 continue;
35
36 terminates = 0;
37
38 for (j = 0; j < TLS13_NUM_MESSAGE_TYPES; j++) {
39 mt = handshakes[i][j];
40 if (state_machine[mt].handshake_complete) {
41 terminates = 1;
42 break;
43 }
44 }
45
46 if (!terminates) {
47 fail = 1;
48 printf("FAIL: handshake_complete never true in "
49 "handshake %zu\n", i);
50 }
51 }
52
53 return fail;
54}
diff --git a/src/regress/lib/libssl/interop/LICENSE b/src/regress/lib/libssl/interop/LICENSE
deleted file mode 100644
index 838e7f45cc..0000000000
--- a/src/regress/lib/libssl/interop/LICENSE
+++ /dev/null
@@ -1,15 +0,0 @@
1/*
2 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
deleted file mode 100644
index bdc67f627a..0000000000
--- a/src/regress/lib/libssl/interop/Makefile
+++ /dev/null
@@ -1,19 +0,0 @@
1# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $
2
3SUBDIR = libressl openssl33 openssl34
4
5# the above binaries must have been built before we can continue
6SUBDIR += netcat
7SUBDIR += session
8SUBDIR += botan
9
10# What is below takes a long time.
11# setting REGRESS_SKIP_SLOW to "yes" in mk.conf
12# will skip the tests that do not test libressl
13# but do things like test openssl 3.x to openssl 3.y
14SUBDIR += version
15SUBDIR += cipher
16# This takes a really long time.
17SUBDIR += cert
18
19.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
deleted file mode 100644
index fa22fb8514..0000000000
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ /dev/null
@@ -1,83 +0,0 @@
1# $OpenBSD: Makefile.inc,v 1.10 2024/02/03 15:58:34 beck Exp $
2
3.PATH: ${.CURDIR}/..
4
5SRCS_client ?= client.c util.c
6SRCS_server ?= server.c util.c
7WARNINGS = yes
8CLEANFILES += *.out *.fstat
9
10.for p in ${PROGS}
11ldd-$p.out: $p
12 # programs must be linked with correct libraries
13 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ldd $p >$@
14.endfor
15
16client-self.out server-self.out: run-self-client-server
17
18run-self-client-server: client server 127.0.0.1.crt
19 # check that tls client and server work together
20 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
21 ./server >server-self.out \
22 127.0.0.1 0
23 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
24 ./client >client-self.out \
25 `sed -n 's/listen sock: //p' server-self.out`
26 # wait for server to terminate
27 -sed -n 's/listen sock: //p' server-self.out | xargs nc 2>/dev/null
28 # check that the client run successfully to the end
29 grep -q '^success$$' client-self.out
30 # client must have read server greeting
31 grep -q '^<<< greeting$$' client-self.out
32 # check that the server child run successfully to the end
33 grep -q '^success$$' server-self.out
34 # server must have read client hello
35 grep -q '^<<< hello$$' server-self.out
36
37# create certificates for TLS
38
39CLEANFILES += 127.0.0.1.{crt,key} \
40 ca.{crt,key,srl} fake-ca.{crt,key} \
41 {client,server}.{req,crt,key} \
42 {dsa,ec,rsa}.{key,req,crt} \
43 dh.param
44
45127.0.0.1.crt:
46 openssl req -batch -new \
47 -subj /L=OpenBSD/O=tls-regress/OU=server/CN=${@:R}/ \
48 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
49
50ca.crt fake-ca.crt:
51 openssl req -batch -new \
52 -subj /L=OpenBSD/O=tls-regress/OU=ca/CN=root/ \
53 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
54
55client.req server.req:
56 openssl req -batch -new \
57 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
58 -nodes -newkey rsa -keyout ${@:R}.key -out $@
59
60client.crt server.crt: ca.crt ${@:R}.req
61 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
62 -req -in ${@:R}.req -out $@
63
64dh.param:
65 openssl dhparam -out $@ 1024
66
67dsa.key:
68 openssl dsaparam -genkey -out $@ 2048
69
70ec.key:
71 openssl ecparam -genkey -name secp256r1 -out $@
72
73rsa.key:
74 openssl genrsa -out $@ 2048
75
76dsa.req ec.req rsa.req: ${@:R}.key
77 openssl req -batch -new \
78 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
79 -nodes -key ${@:R}.key -out $@
80
81dsa.crt ec.crt rsa.crt: ca.crt ${@:R}.req
82 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
83 -req -in ${@:R}.req -out $@
diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README
deleted file mode 100644
index 091e63f6fc..0000000000
--- a/src/regress/lib/libssl/interop/README
+++ /dev/null
@@ -1,18 +0,0 @@
1Test TLS interoperability between LibreSSL and OpenSSL.
2
3Implement simple SSL client and server in C. Create six binaries
4by linking them with LibreSSL or OpenSSL 1.1 or OpenSSL 3.0. This
5way API compatibility is tested.
6
7To self test each SSL library, connect client with server. Check
8that the highest available TLS version is selected. LibreSSL TLS
91.3 check has to be enabled when the feature becomes available.
10
11Connect and accept with netcat to test protocol compatibility with
12libtls. Test TLS session reuse multiple times with different library
13combinations. The cert subdir is testing all combinations of
14certificate validation. Having the three libraries, client and
15server certificates, missing or invalid CA or certificates, and
16enforcing peer certificate results in 1944 test cases. The cipher
17test establishes connections between implementations for each
18supported cipher.
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
deleted file mode 100644
index 85877d4290..0000000000
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ /dev/null
@@ -1,84 +0,0 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
2
3.include <bsd.own.mk>
4
5.if ! exists(/usr/local/bin/botan)
6regress:
7 # install botan2 from ports for interop tests
8 @echo 'Run "pkg_add botan2" to run tests against Botan 2'
9 @echo SKIPPED
10.elif (${COMPILER_VERSION:L} != "clang" && ! exists(/usr/local/bin/eg++))
11regress:
12 # on gcc-archs install g++ from ports for botan2 interop tests
13 @echo 'Run "pkg_add g++" to run tests against Botan 2 on GCC architectures'
14 @echo SKIPPED
15.else
16
17# C++11
18.if ${COMPILER_VERSION:L} != "clang" && ${CXX} == "c++"
19CXX = /usr/local/bin/eg++
20.endif
21
22LIBRARIES = libressl
23.if exists(/usr/local/bin/eopenssl33)
24LIBRARIES += openssl33
25.endif
26.if exists(/usr/local/bin/eopenssl34)
27LIBRARIES += openssl34
28.endif
29
30PROGS = client
31SRCS_client = client.cpp
32CXXFLAGS = -I/usr/local/include/botan-2 -Wall
33LDFLAGS = -L/usr/local/lib
34LDADD = -lbotan-2
35DPADD = /usr/local/lib/libbotan-2.a
36
37.for lib in ${LIBRARIES}
38
39REGRESS_TARGETS += run-client-botan-server-${lib}
40
41run-client-botan-server-${lib}: client server.crt
42 LD_LIBRARY_PATH=/usr/local/lib/e${lib} \
43 ../${lib}/server >server-${lib}.out \
44 -c server.crt -k server.key \
45 127.0.0.1 0
46 ./client >client-botan.out \
47 -C ca.crt \
48 127.0.0.1 \
49 `sed -n 's/listen sock: 127.0.0.1 //p' server-${lib}.out`
50 # check that the server child run successfully to the end
51 grep -q '^success$$' server-${lib}.out || \
52 { sleep 1; grep -q '^success$$' server-${lib}.out; }
53 # server must have read client hello
54 grep -q '^<<< hello$$' server-${lib}.out
55 # check that the client run successfully to the end
56 grep -q '^success$$' client-botan.out
57 # client must have read server greeting
58 grep -q '^<<< greeting$$' client-botan.out
59 # currently botan supports TLS 1.2, adapt later
60 grep -q ' Protocol *: TLSv1.2$$' server-${lib}.out
61
62.endfor
63
64server.key ca.key:
65 /usr/local/bin/botan keygen >$@.tmp
66 mv $@.tmp $@
67
68ca.crt: ${@:R}.key
69 /usr/local/bin/botan gen_self_signed ${@:R}.key ${@:R} >$@.tmp \
70 --organization=tls-regress --ca
71 mv $@.tmp $@
72
73server.req: ${@:R}.key
74 /usr/local/bin/botan gen_pkcs10 ${@:R}.key localhost >$@.tmp \
75 --organization=tls-regress --dns=127.0.0.1
76 mv $@.tmp $@
77
78server.crt: ca.crt ${@:R}.req
79 /usr/local/bin/botan sign_cert ca.crt ca.key ${@:R}.req >$@.tmp
80 mv $@.tmp $@
81
82.endif # exists(/usr/local/bin/botan)
83
84.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/botan/client.cpp b/src/regress/lib/libssl/interop/botan/client.cpp
deleted file mode 100644
index 2352d7bba2..0000000000
--- a/src/regress/lib/libssl/interop/botan/client.cpp
+++ /dev/null
@@ -1,228 +0,0 @@
1/* $OpenBSD: client.cpp,v 1.1 2020/09/15 01:45:16 bluhm Exp $ */
2/*
3 * Copyright (c) 2019-2020 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <unistd.h>
24
25#include <botan/tls_client.h>
26#include <botan/tls_callbacks.h>
27#include <botan/tls_session_manager.h>
28#include <botan/tls_policy.h>
29#include <botan/auto_rng.h>
30#include <botan/certstor.h>
31
32#include <iostream>
33#include <string>
34using namespace std;
35
36class Callbacks : public Botan::TLS::Callbacks {
37public:
38 Callbacks(int socket) :
39 m_socket(socket)
40 {}
41
42 void print_sockname()
43 {
44 struct sockaddr_storage ss;
45 char host[NI_MAXHOST], port[NI_MAXSERV];
46 socklen_t slen;
47
48 slen = sizeof(ss);
49 if (getsockname(m_socket, (struct sockaddr *)&ss, &slen) == -1)
50 err(1, "getsockname");
51 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
52 sizeof(host), port, sizeof(port),
53 NI_NUMERICHOST | NI_NUMERICSERV))
54 errx(1, "getnameinfo");
55 cout <<"sock: " <<host <<" " <<port <<endl <<flush;
56 }
57
58 void print_peername()
59 {
60 struct sockaddr_storage ss;
61 char host[NI_MAXHOST], port[NI_MAXSERV];
62 socklen_t slen;
63
64 slen = sizeof(ss);
65 if (getpeername(m_socket, (struct sockaddr *)&ss, &slen) == -1)
66 err(1, "getpeername");
67 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
68 sizeof(host), port, sizeof(port),
69 NI_NUMERICHOST | NI_NUMERICSERV))
70 errx(1, "getnameinfo");
71 cout <<"peer: " <<host <<" " <<port <<endl <<flush;
72 }
73
74 void tls_emit_data(const uint8_t data[], size_t size) override
75 {
76 size_t off = 0, len = size;
77
78 while (len > 0) {
79 ssize_t n;
80
81 n = send(m_socket, data + off, len, 0);
82 if (n < 0)
83 err(1, "send");
84 off += n;
85 len -= n;
86 }
87 }
88
89 void tls_record_received(uint64_t seq_no, const uint8_t data[],
90 size_t size) override
91 {
92 cout <<"<<< " <<string((const char *)data, size) <<flush;
93
94 string str("hello\n");
95 cout <<">>> " <<str <<flush;
96 m_channel->send(str);
97 m_channel->close();
98 }
99
100 void tls_alert(Botan::TLS::Alert alert) override
101 {
102 errx(1, "alert: %s", alert.type_string().c_str());
103 }
104
105 bool tls_session_established(const Botan::TLS::Session& session)
106 override
107 {
108 cout <<"established" <<endl <<flush;
109 return false;
110 }
111
112 void set_channel(Botan::TLS::Channel &channel) {
113 m_channel = &channel;
114 }
115
116protected:
117 int m_socket = -1;
118 Botan::TLS::Channel *m_channel = nullptr;
119};
120
121class Credentials : public Botan::Credentials_Manager {
122public:
123 std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(
124 const std::string &type, const std::string &context)
125 override
126 {
127 std::vector<Botan::Certificate_Store*> cs { &m_ca };
128 return cs;
129 }
130
131 void add_certificate_file(const std::string &file) {
132 Botan::X509_Certificate cert(file);
133 m_ca.add_certificate(cert);
134 }
135private:
136 Botan::Certificate_Store_In_Memory m_ca;
137};
138
139class Policy : public Botan::TLS::Strict_Policy {
140public:
141 bool require_cert_revocation_info() const override {
142 return false;
143 }
144};
145
146void __dead
147usage(void)
148{
149 fprintf(stderr, "usage: client [-C CA] host port\n");
150 exit(2);
151}
152
153int
154main(int argc, char *argv[])
155{
156 struct addrinfo hints, *res;
157 int ch, s, error;
158 char buf[256];
159 char *cafile = NULL;
160 char *host, *port;
161
162 while ((ch = getopt(argc, argv, "C:")) != -1) {
163 switch (ch) {
164 case 'C':
165 cafile = optarg;
166 break;
167 default:
168 usage();
169 }
170 }
171 argc -= optind;
172 argv += optind;
173 if (argc == 2) {
174 host = argv[0];
175 port = argv[1];
176 } else {
177 usage();
178 }
179
180 memset(&hints, 0, sizeof(hints));
181 hints.ai_family = AF_INET;
182 hints.ai_socktype = SOCK_STREAM;
183 error = getaddrinfo(host, port, &hints, &res);
184 if (error)
185 errx(1, "getaddrinfo: %s", gai_strerror(error));
186 if (res == NULL)
187 errx(1, "getaddrinfo empty");
188 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
189 if (s == -1)
190 err(1, "socket");
191 if (connect(s, res->ai_addr, res->ai_addrlen) == -1)
192 err(1, "connect");
193 freeaddrinfo(res);
194
195 {
196 Callbacks callbacks(s);
197 Botan::AutoSeeded_RNG rng;
198 Botan::TLS::Session_Manager_In_Memory session_mgr(rng);
199 Credentials creds;
200 if (cafile != NULL)
201 creds.add_certificate_file(cafile);
202 Policy policy;
203
204 callbacks.print_sockname();
205 callbacks.print_peername();
206 Botan::TLS::Client client(callbacks, session_mgr, creds,
207 policy, rng);
208 callbacks.set_channel(client);
209
210 while (!client.is_closed()) {
211 ssize_t n;
212
213 n = recv(s, buf, sizeof(buf), 0);
214 if (n < 0)
215 err(1, "recv");
216 if (n == 0)
217 errx(1, "eof");
218 client.received_data((uint8_t *)&buf, n);
219 }
220 }
221
222 if (close(s) == -1)
223 err(1, "close");
224
225 cout <<"success" <<endl;
226
227 return 0;
228}
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
deleted file mode 100644
index 74c63c86a8..0000000000
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ /dev/null
@@ -1,98 +0,0 @@
1# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 3.x. Create client and server certificates
5# that are signed by a CA and not signed by a fake CA. Try all
6# combinations with, without, and with wrong CA for client and server
7# and check the result of certificate verification.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33)
11LIBRARIES += openssl33
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif
16
17.for cca in noca ca fakeca
18.for sca in noca ca fakeca
19.for ccert in nocert cert
20.for scert in nocert cert
21.for cv in noverify verify
22.for sv in noverify verify certverify
23
24# remember when certificate verification should fail
25.if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
26 "${cv}" == noverify) && \
27 (("${sv}" == verify && "${ccert}" == nocert) || \
28 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
29 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
30 "${sv}" == noverify)
31FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
32.else
33FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
34.endif
35
36.for clib in ${LIBRARIES}
37.for slib in ${LIBRARIES}
38
39.if ("${clib}" == "libressl" || "${slib}" == "libressl")
40REGRESS_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
41.else
42# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
43SLOW_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
44.endif
45
46run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
47 127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
48 ../${clib}/client ../${slib}/server
49 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
50 ../${slib}/server >${@:S/^run/server/}.out \
51 ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
52 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
53 ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
54 127.0.0.1 0
55 ${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
56 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
57 ../${clib}/client >${@:S/^run/client/}.out \
58 ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
59 ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
60 ${cv:S/^noverify//:S/^verify/-v/} \
61 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
62.if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
63 grep '^success$$' ${@:S/^run/server/}.out || \
64 { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
65 grep '^success$$' ${@:S/^run/client/}.out
66.elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
67 ("${cv}" == verify && "${scert}" != cert)
68 grep '^verify: fail' ${@:S/^run/client/}.out ${@:S/^run/server/}.out
69.endif
70
71.endfor
72.endfor
73.endfor
74.endfor
75.endfor
76.endfor
77.endfor
78.endfor
79
80.include <bsd.own.mk>
81REGRESS_SKIP_SLOW ?= no
82.if ${REGRESS_SKIP_SLOW:L} != "yes"
83REGRESS_TARGETS += ${SLOW_TARGETS}
84.endif
85
86REGRESS_TARGETS += run-bob
87run-bob:
88 @echo Bob, be happy! Tests finished.
89
90# argument list too long for a single rm *
91
92clean: _SUBDIRUSE
93 rm -f client-*.out
94 rm -f server-*.out
95 rm -f a.out [Ee]rrs mklog *.core y.tab.h \
96 ${PROG} ${PROGS} ${OBJS} ${_LEXINTM} ${_YACCINTM} ${CLEANFILES}
97
98.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index fa7e25f9ee..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,159 +0,0 @@
1# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or 3.0. Create lists of supported ciphers
5# and pin client and server to one of the ciphers. Use server
6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33)
11LIBRARIES += openssl33
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif
16
17CLEANFILES = *.tmp *.ciphers ciphers.mk
18
19.for clib in ${LIBRARIES}
20client-${clib}.ciphers:
21 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
22 ../${clib}/client -l ALL -L >$@.tmp
23 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
24 rm $@.tmp
25.endfor
26.for slib in ${LIBRARIES}
27server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
28 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
29 ../${slib}/server -l ALL -L >$@.tmp
30 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
31 rm $@.tmp
32.endfor
33
34.for clib in ${LIBRARIES}
35.for slib in ${LIBRARIES}
36ciphers.mk: client-${clib}-server-${slib}.ciphers
37client-${clib}-server-${slib}.ciphers: \
38 client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
39 # get ciphers shared between client and server
40 sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
41 uniq -d <$@.tmp >$@
42 # we are only interested in ciphers supported by libressl
43 sort $@ client-libressl.ciphers >$@.tmp
44. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
45 "${clib}" == "openssl34" || "${slib}" == "openssl34"
46 # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
47 sed -i '/^TLS_/d' $@.tmp
48. endif
49 uniq -d <$@.tmp >$@
50 rm $@.tmp
51.endfor
52.endfor
53
54ciphers.mk:
55 rm -f $@ $@.tmp
56.for clib in ${LIBRARIES}
57.for slib in ${LIBRARIES}
58 echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
59 `cat client-${clib}-server-${slib}.ciphers`
60.endfor
61.endfor
62 mv $@.tmp $@
63
64# hack to convert generated lists into usable make variables
65.if exists(ciphers.mk)
66.include "ciphers.mk"
67.else
68regress: ciphers.mk
69 ${MAKE} -C ${.CURDIR} regress
70.endif
71
72LEVEL_libressl =
73LEVEL_openssl33 = ,@SECLEVEL=0
74LEVEL_openssl34 = ,@SECLEVEL=0
75
76.for clib in ${LIBRARIES}
77.for slib in ${LIBRARIES}
78.for cipher in ${CIPHERS_${clib}_${slib}}
79
80.if "${cipher:M*-DSS-*}" != ""
81TYPE_${cipher} = dsa
82.elif "${cipher:M*-ECDSA-*}" != ""
83TYPE_${cipher} = ec
84.elif "${cipher:M*-RSA-*}" != ""
85TYPE_${cipher} = rsa
86.else
87TYPE_${cipher} = 127.0.0.1
88.endif
89
90DHPARAM_${cipher}_${slib} =
91
92.if ("${clib}" == "libressl" || "${slib}" == "libressl")
93REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
94.else
95# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
96SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
97.endif
98run-cipher-${cipher}-client-${clib}-server-${slib} \
99client-cipher-${cipher}-client-${clib}-server-${slib}.out \
100server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
101 127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
102 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
103 ../${slib}/server >${@:S/^run/server/}.out \
104 -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
105 -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
106 127.0.0.1 0
107 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
108 ../${clib}/client >${@:S/^run/client/}.out \
109 -l ${cipher}${LEVEL_${clib}} \
110 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
111 grep -q '^success$$' ${@:S/^run/server/}.out || \
112 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
113 grep -q '^success$$' ${@:S/^run/client/}.out
114
115.if ("${clib}" == "libressl" || "${slib}" == "libressl")
116REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
117.else
118# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
119SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
120.endif
121check-cipher-${cipher}-client-${clib}-server-${slib}: \
122 client-cipher-${cipher}-client-${clib}-server-${slib}.out \
123 server-cipher-${cipher}-client-${clib}-server-${slib}.out
124.if "${cipher:C/TLS_(AES.*_GCM|CHACHA.*_POLY.*)_SHA.*/TLS1_3/}" != TLS1_3
125 # client and server 1.3 capable, not TLS 1.3 cipher
126. if "${clib}" == "libressl"
127 # libressl client may prefer chacha-poly if aes-ni is not supported
128 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/client/}.out
129. else
130 # openssl 1.1 generic client cipher
131 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
132. endif
133. if "${clib}" == "libressl"
134 # libressl client may prefer chacha-poly if aes-ni is not supported
135. if "${slib}" == "openssl33" || "${slib}" == "openssl34"
136 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
137. else
138 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
139. endif
140. else
141 # generic server cipher
142 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
143. endif
144.else
145 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
146 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
147.endif
148
149.endfor
150.endfor
151.endfor
152
153.include <bsd.own.mk>
154REGRESS_SKIP_SLOW ?= no
155.if ${REGRESS_SKIP_SLOW:L} != "yes"
156REGRESS_TARGETS += ${SLOW_TARGETS}
157.endif
158
159.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
deleted file mode 100644
index 31a960381e..0000000000
--- a/src/regress/lib/libssl/interop/client.c
+++ /dev/null
@@ -1,285 +0,0 @@
1/* $OpenBSD: client.c,v 1.11 2022/07/07 13:12:57 tb Exp $ */
2/*
3 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24#include <string.h>
25#include <unistd.h>
26
27#include <openssl/err.h>
28#include <openssl/ssl.h>
29
30#include "util.h"
31
32void __dead usage(void);
33
34void __dead
35usage(void)
36{
37 fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
38 "[-l ciphers] [-V version] host port\n");
39 exit(2);
40}
41
42int
43main(int argc, char *argv[])
44{
45 const SSL_METHOD *method;
46 SSL_CTX *ctx;
47 SSL *ssl;
48 BIO *bio;
49 SSL_SESSION *session = NULL;
50 int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
51 int version = 0;
52 char buf[256];
53 char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
54 char *host_port, *host = "127.0.0.1", *port = "0";
55
56 while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
57 switch (ch) {
58 case 'C':
59 ca = optarg;
60 break;
61 case 'c':
62 crt = optarg;
63 break;
64 case 'k':
65 key = optarg;
66 break;
67 case 'L':
68 listciphers = 1;
69 break;
70 case 'l':
71 ciphers = optarg;
72 break;
73 case 's':
74 /* multiple reueses are possible */
75 sessionreuse++;
76 break;
77 case 'V':
78 if (strcmp(optarg, "TLS1") == 0) {
79 version = TLS1_VERSION;
80 } else if (strcmp(optarg, "TLS1_1") == 0) {
81 version = TLS1_1_VERSION;
82 } else if (strcmp(optarg, "TLS1_2") == 0) {
83 version = TLS1_2_VERSION;
84#ifdef TLS1_3_VERSION
85 } else if (strcmp(optarg, "TLS1_3") == 0) {
86 version = TLS1_3_VERSION;
87#endif
88 } else {
89 errx(1, "unknown protocol version: %s", optarg);
90 }
91 break;
92 case 'v':
93 verify = 1;
94 break;
95 default:
96 usage();
97 }
98 }
99 argc -= optind;
100 argv += optind;
101 if (argc == 2) {
102 host = argv[0];
103 port = argv[1];
104 } else if (!listciphers) {
105 usage();
106 }
107 if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
108 host, port) == -1)
109 err(1, "asprintf host port");
110 if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
111 errx(1, "certificate and private key must be used together");
112
113 SSL_library_init();
114 SSL_load_error_strings();
115 print_version();
116
117 /* setup method and context */
118#if OPENSSL_VERSION_NUMBER >= 0x1010000f
119 method = TLS_client_method();
120 if (method == NULL)
121 err_ssl(1, "TLS_client_method");
122#else
123 switch (version) {
124 case TLS1_VERSION:
125 method = TLSv1_client_method();
126 break;
127 case TLS1_1_VERSION:
128 method = TLSv1_1_client_method();
129 break;
130 case TLS1_2_VERSION:
131 method = TLSv1_2_client_method();
132 break;
133#ifdef TLS1_3_VERSION
134 case TLS1_3_VERSION:
135 err(1, "TLS1_3 not supported");
136#endif
137 default:
138 method = SSLv23_client_method();
139 break;
140 }
141 if (method == NULL)
142 err_ssl(1, "SSLv23_client_method");
143#endif
144 ctx = SSL_CTX_new(method);
145 if (ctx == NULL)
146 err_ssl(1, "SSL_CTX_new");
147
148#if OPENSSL_VERSION_NUMBER >= 0x1010000f
149 if (version) {
150 if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
151 err_ssl(1, "SSL_CTX_set_min_proto_version");
152 if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
153 err_ssl(1, "SSL_CTX_set_max_proto_version");
154 }
155#endif
156
157 /* load client certificate */
158 if (crt != NULL) {
159 if (SSL_CTX_use_certificate_file(ctx, crt,
160 SSL_FILETYPE_PEM) <= 0)
161 err_ssl(1, "SSL_CTX_use_certificate_file");
162 if (SSL_CTX_use_PrivateKey_file(ctx, key,
163 SSL_FILETYPE_PEM) <= 0)
164 err_ssl(1, "SSL_CTX_use_PrivateKey_file");
165 if (SSL_CTX_check_private_key(ctx) <= 0)
166 err_ssl(1, "SSL_CTX_check_private_key");
167 }
168
169 /* verify server certificate */
170 if (ca != NULL) {
171 if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
172 err_ssl(1, "SSL_CTX_load_verify_locations");
173 }
174 SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
175 verify_callback);
176
177 if (sessionreuse) {
178 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
179 }
180
181 if (ciphers) {
182 if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
183 err_ssl(1, "SSL_CTX_set_cipher_list");
184 }
185
186 if (listciphers) {
187 STACK_OF(SSL_CIPHER) *supported_ciphers;
188
189#if OPENSSL_VERSION_NUMBER < 0x1010000f
190#define SSL_get1_supported_ciphers SSL_get_ciphers
191#endif
192 ssl = SSL_new(ctx);
193 if (ssl == NULL)
194 err_ssl(1, "SSL_new");
195 supported_ciphers = SSL_get1_supported_ciphers(ssl);
196 if (supported_ciphers == NULL)
197 err_ssl(1, "SSL_get1_supported_ciphers");
198 print_ciphers(supported_ciphers);
199
200#if OPENSSL_VERSION_NUMBER >= 0x1010000f
201 sk_SSL_CIPHER_free(supported_ciphers);
202#endif
203 return 0;
204 }
205
206 do {
207 /* setup bio for socket operations */
208 bio = BIO_new_connect(host_port);
209 if (bio == NULL)
210 err_ssl(1, "BIO_new_connect");
211
212 /* connect */
213 if (BIO_do_connect(bio) <= 0)
214 err_ssl(1, "BIO_do_connect");
215 printf("connect ");
216 print_sockname(bio);
217 printf("connect ");
218 print_peername(bio);
219
220 /* do ssl client handshake */
221 ssl = SSL_new(ctx);
222 if (ssl == NULL)
223 err_ssl(1, "SSL_new");
224 SSL_set_bio(ssl, bio, bio);
225 /* resuse session if possible */
226 if (session != NULL) {
227 if (SSL_set_session(ssl, session) <= 0)
228 err_ssl(1, "SSL_set_session");
229 }
230 if ((error = SSL_connect(ssl)) <= 0)
231 err_ssl(1, "SSL_connect %d", error);
232 printf("session %d: %s\n", sessionreuse,
233 SSL_session_reused(ssl) ? "reuse" : "new");
234 if (fflush(stdout) != 0)
235 err(1, "fflush stdout");
236
237 /* print session statistics */
238 if (sessionreuse) {
239 session = SSL_get1_session(ssl);
240 if (session == NULL)
241 err_ssl(1, "SSL1_get_session");
242 } else {
243 session = SSL_get_session(ssl);
244 if (session == NULL)
245 err_ssl(1, "SSL_get_session");
246 }
247 if (SSL_SESSION_print_fp(stdout, session) <= 0)
248 err_ssl(1, "SSL_SESSION_print_fp");
249
250 /* read server greeting and write client hello over TLS */
251 if ((error = SSL_read(ssl, buf, 9)) <= 0)
252 err_ssl(1, "SSL_read %d", error);
253 if (error != 9)
254 errx(1, "read not 9 bytes greeting: %d", error);
255 buf[9] = '\0';
256 printf("<<< %s", buf);
257 if (fflush(stdout) != 0)
258 err(1, "fflush stdout");
259 strlcpy(buf, "hello\n", sizeof(buf));
260 printf(">>> %s", buf);
261 if (fflush(stdout) != 0)
262 err(1, "fflush stdout");
263 if ((error = SSL_write(ssl, buf, 6)) <= 0)
264 err_ssl(1, "SSL_write %d", error);
265 if (error != 6)
266 errx(1, "write not 6 bytes hello: %d", error);
267
268 /* shutdown connection */
269 if ((error = SSL_shutdown(ssl)) < 0)
270 err_ssl(1, "SSL_shutdown unidirectional %d", error);
271 if (error <= 0) {
272 if ((error = SSL_shutdown(ssl)) <= 0)
273 err_ssl(1, "SSL_shutdown bidirectional %d",
274 error);
275 }
276
277 SSL_free(ssl);
278 } while (sessionreuse--);
279
280 SSL_CTX_free(ctx);
281
282 printf("success\n");
283
284 return 0;
285}
diff --git a/src/regress/lib/libssl/interop/libressl/Makefile b/src/regress/lib/libssl/interop/libressl/Makefile
deleted file mode 100644
index d8e20ca122..0000000000
--- a/src/regress/lib/libssl/interop/libressl/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
1# $OpenBSD: Makefile,v 1.9 2020/12/25 10:50:08 tb Exp $
2
3PROGS = client server
4CFLAGS += -DLIBRESSL_HAS_TLS1_3
5CPPFLAGS +=
6LDFLAGS +=
7LDADD += -lssl -lcrypto
8DPADD += ${LIBSSL} ${LIBCRYPTO}
9LD_LIBRARY_PATH =
10REGRESS_TARGETS = run-self-client-server
11.for p in ${PROGS}
12REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
13.endfor
14
15.for p in ${PROGS}
16
17run-ldd-$p: ldd-$p.out
18 # check that $p is linked with LibreSSL
19 grep -q /usr/lib/libcrypto.so ldd-$p.out
20 grep -q /usr/lib/libssl.so ldd-$p.out
21 # check that $p is not linked with OpenSSL
22 ! grep /usr/local/lib/ ldd-$p.out
23
24run-version-$p: $p-self.out
25 # check that runtime version is LibreSSL
26 grep 'SSLEAY_VERSION: LibreSSL' $p-self.out
27
28run-protocol-$p: $p-self.out
29 # check that LibreSSL protocol version is TLS 1.3
30 grep 'Protocol *: TLSv1.3' $p-self.out
31
32.endfor
33
34.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
deleted file mode 100644
index 3b8e3f95be..0000000000
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ /dev/null
@@ -1,84 +0,0 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
2
3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33)
5LIBRARIES += openssl33
6.endif
7.if exists(/usr/local/bin/eopenssl34)
8LIBRARIES += openssl34
9.endif
10
11# run netcat server and connect with test client
12
13.for clib in ${LIBRARIES}
14
15REGRESS_TARGETS += run-netcat-client-${clib}-server-nc
16REGRESS_TARGETS += run-protocol-client-${clib}
17
18run-netcat-client-${clib}-server-nc: ../${clib}/client 127.0.0.1.crt
19 echo "greeting" | \
20 nc >${@:S/^run/server/}.out \
21 -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
22 127.0.0.1 0 & \
23 for i in `jot 1000`; do fstat -p $$! >netcat.fstat; \
24 grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat.fstat && \
25 exit 0; done; exit 1
26 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
27 ../${clib}/client >${@:S/^run/client/}.out \
28 `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat.fstat`
29 # check that the client run successfully to the end
30 grep -q '^success$$' ${@:S/^run/client/}.out
31 # client must have read server greeting
32 grep -q '^<<< greeting$$' ${@:S/^run/client/}.out
33 # netstat server must have read client hello
34 grep -q '^hello$$' ${@:S/^run/server/}.out
35
36.endfor
37
38# run test server and connect with netcat client
39
40.for slib in ${LIBRARIES}
41
42REGRESS_TARGETS += run-netcat-client-nc-server-${slib}
43
44run-netcat-client-nc-server-${slib}: ../${slib}/server 127.0.0.1.crt
45 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
46 ../${slib}/server >${@:S/^run/server/}.out \
47 127.0.0.1 0
48 echo "hello" | \
49 nc >${@:S/^run/client/}.out \
50 -c -R 127.0.0.1.crt \
51 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
52 # check that the server child run successfully to the end
53 grep -q '^success$$' ${@:S/^run/server/}.out || \
54 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
55 # server must have read client hello
56 grep -q '^<<< hello$$' ${@:S/^run/server/}.out
57 # client must have read server greeting
58 grep -q '^greeting$$' ${@:S/^run/client/}.out
59
60.endfor
61
62# check the TLS protocol version in client and server logs
63
64.for clib in ${LIBRARIES}
65
66REGRESS_TARGETS += run-protocol-client-${clib}
67
68run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out
69 # check that LibTLS protocol version is TLS 1.2 or TLS 1.3
70 grep 'Protocol *: TLSv1.[23]' client-netcat-client-${clib}-server-nc.out
71
72.endfor
73
74.for slib in ${LIBRARIES}
75
76REGRESS_TARGETS += run-protocol-server-${slib}
77
78run-protocol-server-${slib}: server-netcat-client-nc-server-${slib}.out
79 # check that LibTLS protocol version is TLS 1.2 or TLS 1.3
80 grep 'Protocol *: TLSv1.[23]' server-netcat-client-nc-server-${slib}.out
81
82.endfor
83
84.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index eff61704d0..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl33)
4regress:
5 # install openssl-3.3 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl33
13LDFLAGS = -L /usr/local/lib/eopenssl33
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl33/libssl.a \
16 /usr/local/lib/eopenssl33/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl33
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.3
27 grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.3
34 grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.3 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl33)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 72246bb621..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
2
3.if ! exists(/usr/local/bin/eopenssl34)
4regress:
5 # install openssl-3.4 from ports for interop tests
6 @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
7 @echo SKIPPED
8.else
9
10PROGS = client server
11CFLAGS += -DOPENSSL_SUPPRESS_DEPRECATED
12CPPFLAGS = -I /usr/local/include/eopenssl34
13LDFLAGS = -L /usr/local/lib/eopenssl34
14LDADD = -lssl -lcrypto
15DPADD = /usr/local/lib/eopenssl34/libssl.a \
16 /usr/local/lib/eopenssl34/libcrypto.a
17LD_LIBRARY_PATH = /usr/local/lib/eopenssl34
18REGRESS_TARGETS = run-self-client-server
19.for p in ${PROGS}
20REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
21.endfor
22
23.for p in ${PROGS}
24
25run-ldd-$p: ldd-$p.out
26 # check that $p is linked with OpenSSL 3.4
27 grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
28 grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
29 # check that $p is not linked with LibreSSL
30 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
31
32run-version-$p: $p-self.out
33 # check that runtime version is OpenSSL 3.4
34 grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
35
36run-protocol-$p: $p-self.out
37 # check that OpenSSL 3.4 protocol version is TLS 1.3
38 grep 'Protocol *: TLSv1.3' $p-self.out
39
40.endfor
41
42.endif # exists(/usr/local/bin/eopenssl34)
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
deleted file mode 100644
index a634adb43b..0000000000
--- a/src/regress/lib/libssl/interop/server.c
+++ /dev/null
@@ -1,321 +0,0 @@
1/* $OpenBSD: server.c,v 1.12 2023/02/01 14:39:09 tb Exp $ */
2/*
3 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27
28#include <openssl/err.h>
29#include <openssl/ssl.h>
30
31#include "util.h"
32
33void __dead usage(void);
34
35void __dead
36usage(void)
37{
38 fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39 "[-l ciphers] [-p dhparam] [-V version] [host port]\n");
40 exit(2);
41}
42
43int
44main(int argc, char *argv[])
45{
46 const SSL_METHOD *method;
47 SSL_CTX *ctx;
48 SSL *ssl;
49 BIO *abio, *cbio;
50 SSL_SESSION *session;
51 int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
52 int version = 0;
53 char buf[256], *dhparam = NULL;
54 char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
55 char *host_port, *host = "127.0.0.1", *port = "0";
56
57 while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
58 switch (ch) {
59 case 'C':
60 ca = optarg;
61 break;
62 case 'c':
63 crt = optarg;
64 break;
65 case 'k':
66 key = optarg;
67 break;
68 case 'L':
69 listciphers = 1;
70 break;
71 case 'l':
72 ciphers = optarg;
73 break;
74 case 'p':
75 dhparam = optarg;
76 break;
77 case 's':
78 /* multiple reueses are possible */
79 sessionreuse++;
80 break;
81 case 'V':
82 if (strcmp(optarg, "TLS1") == 0) {
83 version = TLS1_VERSION;
84 } else if (strcmp(optarg, "TLS1_1") == 0) {
85 version = TLS1_1_VERSION;
86 } else if (strcmp(optarg, "TLS1_2") == 0) {
87 version = TLS1_2_VERSION;
88 } else if (strcmp(optarg, "TLS1_3") == 0) {
89 version = TLS1_3_VERSION;
90 } else {
91 errx(1, "unknown protocol version: %s", optarg);
92 }
93 break;
94 case 'v':
95 /* use twice to force client cert */
96 verify++;
97 break;
98 default:
99 usage();
100 }
101 }
102 argc -= optind;
103 argv += optind;
104 if (argc == 2) {
105 host = argv[0];
106 port = argv[1];
107 } else if (argc != 0 && !listciphers) {
108 usage();
109 }
110 if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
111 host, port) == -1)
112 err(1, "asprintf host port");
113 if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
114 errx(1, "certificate and private key must be used together");
115 if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
116 err(1, "asprintf crt");
117 if (key == NULL && asprintf(&key, "%s.key", host) == -1)
118 err(1, "asprintf key");
119
120 SSL_library_init();
121 SSL_load_error_strings();
122 print_version();
123
124 /* setup method and context */
125#if OPENSSL_VERSION_NUMBER >= 0x1010000f
126 method = TLS_server_method();
127 if (method == NULL)
128 err_ssl(1, "TLS_server_method");
129#else
130 switch (version) {
131 case TLS1_VERSION:
132 method = TLSv1_server_method();
133 break;
134 case TLS1_1_VERSION:
135 method = TLSv1_1_server_method();
136 break;
137 case TLS1_2_VERSION:
138 method = TLSv1_2_server_method();
139 break;
140#ifdef TLS1_3_VERSION
141 case TLS1_3_VERSION:
142 err(1, "TLS1_3 not supported");
143#endif
144 default:
145 method = SSLv23_server_method();
146 break;
147 }
148 if (method == NULL)
149 err_ssl(1, "SSLv23_server_method");
150#endif
151 ctx = SSL_CTX_new(method);
152 if (ctx == NULL)
153 err_ssl(1, "SSL_CTX_new");
154
155#if OPENSSL_VERSION_NUMBER >= 0x1010000f
156 if (version) {
157 if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
158 err_ssl(1, "SSL_CTX_set_min_proto_version");
159 if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
160 err_ssl(1, "SSL_CTX_set_max_proto_version");
161 }
162#endif
163
164#if OPENSSL_VERSION_NUMBER >= 0x10100000
165 /* needed to use DHE cipher with libressl */
166 if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
167 err_ssl(1, "SSL_CTX_set_dh_auto");
168#endif
169 /* needed to use ADH, EDH, DHE cipher with openssl */
170 if (dhparam != NULL) {
171 DH *dh;
172 FILE *file;
173
174 file = fopen(dhparam, "r");
175 if (file == NULL)
176 err(1, "fopen %s", dhparam);
177 dh = PEM_read_DHparams(file, NULL, NULL, NULL);
178 if (dh == NULL)
179 err_ssl(1, "PEM_read_DHparams");
180 if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
181 err_ssl(1, "SSL_CTX_set_tmp_dh");
182 fclose(file);
183 }
184
185 /* load server certificate */
186 if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
187 err_ssl(1, "SSL_CTX_use_certificate_file");
188 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
189 err_ssl(1, "SSL_CTX_use_PrivateKey_file");
190 if (SSL_CTX_check_private_key(ctx) <= 0)
191 err_ssl(1, "SSL_CTX_check_private_key");
192
193 /* request client certificate and verify it */
194 if (ca != NULL) {
195 STACK_OF(X509_NAME) *x509stack;
196
197 x509stack = SSL_load_client_CA_file(ca);
198 if (x509stack == NULL)
199 err_ssl(1, "SSL_load_client_CA_file");
200 SSL_CTX_set_client_CA_list(ctx, x509stack);
201 if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
202 err_ssl(1, "SSL_CTX_load_verify_locations");
203 }
204 SSL_CTX_set_verify(ctx,
205 verify == 0 ? SSL_VERIFY_NONE :
206 verify == 1 ? SSL_VERIFY_PEER :
207 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
208 verify_callback);
209
210 if (sessionreuse) {
211 uint32_t context;
212
213 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
214 context = arc4random();
215 if (SSL_CTX_set_session_id_context(ctx,
216 (unsigned char *)&context, sizeof(context)) <= 0)
217 err_ssl(1, "SSL_CTX_set_session_id_context");
218 }
219
220 if (ciphers) {
221 if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
222 err_ssl(1, "SSL_CTX_set_cipher_list");
223 }
224
225 if (listciphers) {
226 STACK_OF(SSL_CIPHER) *supported_ciphers;
227
228 ssl = SSL_new(ctx);
229 if (ssl == NULL)
230 err_ssl(1, "SSL_new");
231 supported_ciphers = SSL_get1_supported_ciphers(ssl);
232 if (supported_ciphers == NULL)
233 err_ssl(1, "SSL_get1_supported_ciphers");
234 print_ciphers(supported_ciphers);
235
236 sk_SSL_CIPHER_free(supported_ciphers);
237 return 0;
238 }
239
240 /* setup bio for socket operations */
241 abio = BIO_new_accept(host_port);
242 if (abio == NULL)
243 err_ssl(1, "BIO_new_accept");
244
245 /* bind, listen */
246 if (BIO_do_accept(abio) <= 0)
247 err_ssl(1, "BIO_do_accept setup");
248 printf("listen ");
249 print_sockname(abio);
250
251 /* fork to background and set timeout */
252 if (daemon(1, 1) == -1)
253 err(1, "daemon");
254 alarm(10);
255
256 do {
257 /* accept connection */
258 if (BIO_do_accept(abio) <= 0)
259 err_ssl(1, "BIO_do_accept wait");
260 cbio = BIO_pop(abio);
261 printf("accept ");
262 print_sockname(cbio);
263 printf("accept ");
264 print_peername(cbio);
265
266 /* do ssl server handshake */
267 ssl = SSL_new(ctx);
268 if (ssl == NULL)
269 err_ssl(1, "SSL_new");
270 SSL_set_bio(ssl, cbio, cbio);
271 if ((error = SSL_accept(ssl)) <= 0)
272 err_ssl(1, "SSL_accept %d", error);
273 printf("session %d: %s\n", sessionreuse,
274 SSL_session_reused(ssl) ? "reuse" : "new");
275 if (fflush(stdout) != 0)
276 err(1, "fflush stdout");
277
278
279 /* print session statistics */
280 session = SSL_get_session(ssl);
281 if (session == NULL)
282 err_ssl(1, "SSL_get_session");
283 if (SSL_SESSION_print_fp(stdout, session) <= 0)
284 err_ssl(1, "SSL_SESSION_print_fp");
285
286 /* write server greeting and read client hello over TLS */
287 strlcpy(buf, "greeting\n", sizeof(buf));
288 printf(">>> %s", buf);
289 if (fflush(stdout) != 0)
290 err(1, "fflush stdout");
291 if ((error = SSL_write(ssl, buf, 9)) <= 0)
292 err_ssl(1, "SSL_write %d", error);
293 if (error != 9)
294 errx(1, "write not 9 bytes greeting: %d", error);
295 if ((error = SSL_read(ssl, buf, 6)) <= 0)
296 err_ssl(1, "SSL_read %d", error);
297 if (error != 6)
298 errx(1, "read not 6 bytes hello: %d", error);
299 buf[6] = '\0';
300 printf("<<< %s", buf);
301 if (fflush(stdout) != 0)
302 err(1, "fflush stdout");
303
304 /* shutdown connection */
305 if ((error = SSL_shutdown(ssl)) < 0)
306 err_ssl(1, "SSL_shutdown unidirectional %d", error);
307 if (error <= 0) {
308 if ((error = SSL_shutdown(ssl)) <= 0)
309 err_ssl(1, "SSL_shutdown bidirectional %d",
310 error);
311 }
312
313 SSL_free(ssl);
314 } while (sessionreuse--);
315
316 SSL_CTX_free(ctx);
317
318 printf("success\n");
319
320 return 0;
321}
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
deleted file mode 100644
index e9a353f99e..0000000000
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
1# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $
2
3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl33)
5#LIBRARIES += openssl33
6.endif
7.if exists(/usr/local/bin/eopenssl34)
8#LIBRARIES += openssl34
9.endif
10
11run-session-client-libressl-server-libressl:
12 # TLS 1.3 needs some extra setup for session reuse
13 @echo DISABLED
14
15.for clib in ${LIBRARIES}
16.for slib in ${LIBRARIES}
17
18REGRESS_TARGETS += run-session-client-${clib}-server-${slib}
19
20run-session-client-${clib}-server-${slib}: \
21 127.0.0.1.crt ../${clib}/client ../${slib}/server
22 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
23 ../${slib}/server >${@:S/^run/server/}.out \
24 -ss \
25 127.0.0.1 0
26 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
27 ../${clib}/client >${@:S/^run/client/}.out \
28 -ss \
29 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
30 grep '^success$$' ${@:S/^run/server/}.out || \
31 { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
32 grep '^success$$' ${@:S/^run/client/}.out
33 grep '^session 2: new$$' ${@:S/^run/server/}.out
34 grep '^session 2: new$$' ${@:S/^run/client/}.out
35 grep '^session 1: reuse$$' ${@:S/^run/server/}.out
36 grep '^session 1: reuse$$' ${@:S/^run/client/}.out
37 grep '^session 0: reuse$$' ${@:S/^run/server/}.out
38 grep '^session 0: reuse$$' ${@:S/^run/client/}.out
39
40.endfor
41.endfor
42
43.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/util.c b/src/regress/lib/libssl/interop/util.c
deleted file mode 100644
index 5190e81828..0000000000
--- a/src/regress/lib/libssl/interop/util.c
+++ /dev/null
@@ -1,145 +0,0 @@
1/* $OpenBSD: util.c,v 1.3 2018/11/09 06:30:41 bluhm Exp $ */
2/*
3 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24
25#include <openssl/err.h>
26#include <openssl/ssl.h>
27#include <openssl/opensslv.h>
28#include <openssl/crypto.h>
29
30#include "util.h"
31
32void
33print_version(void)
34{
35#ifdef OPENSSL_VERSION_NUMBER
36 printf("OPENSSL_VERSION_NUMBER: %#08lx\n", OPENSSL_VERSION_NUMBER);
37#endif
38#ifdef LIBRESSL_VERSION_NUMBER
39 printf("LIBRESSL_VERSION_NUMBER: %#08lx\n", LIBRESSL_VERSION_NUMBER);
40#endif
41#ifdef LIBRESSL_VERSION_TEXT
42 printf("LIBRESSL_VERSION_TEXT: %s\n", LIBRESSL_VERSION_TEXT);
43#endif
44#if OPENSSL_VERSION_NUMBER >= 0x1010000f
45 printf("OpenSSL_version_num: %#08lx\n", OpenSSL_version_num());
46 printf("OpenSSL_version OPENSSL_VERSION: %s\n",
47 OpenSSL_version(OPENSSL_VERSION));
48 printf("OpenSSL_version OPENSSL_CFLAGS: %s\n",
49 OpenSSL_version(OPENSSL_CFLAGS));
50 printf("OpenSSL_version OPENSSL_BUILT_ON: %s\n",
51 OpenSSL_version(OPENSSL_BUILT_ON));
52 printf("OpenSSL_version OPENSSL_PLATFORM: %s\n",
53 OpenSSL_version(OPENSSL_PLATFORM));
54 printf("OpenSSL_version OPENSSL_DIR: %s\n",
55 OpenSSL_version(OPENSSL_DIR));
56 printf("OpenSSL_version OPENSSL_ENGINES_DIR: %s\n",
57 OpenSSL_version(OPENSSL_ENGINES_DIR));
58#endif
59 printf("SSLeay: %#08lx\n", SSLeay());
60 printf("SSLeay_version SSLEAY_VERSION: %s\n",
61 SSLeay_version(SSLEAY_VERSION));
62 printf("SSLeay_version SSLEAY_CFLAGS: %s\n",
63 SSLeay_version(SSLEAY_CFLAGS));
64 printf("SSLeay_version SSLEAY_BUILT_ON: %s\n",
65 SSLeay_version(SSLEAY_BUILT_ON));
66 printf("SSLeay_version SSLEAY_PLATFORM: %s\n",
67 SSLeay_version(SSLEAY_PLATFORM));
68 printf("SSLeay_version SSLEAY_DIR: %s\n",
69 SSLeay_version(SSLEAY_DIR));
70}
71
72void
73print_ciphers(STACK_OF(SSL_CIPHER) *cstack)
74{
75 const SSL_CIPHER *cipher;
76 int i;
77
78 for (i = 0; (cipher = sk_SSL_CIPHER_value(cstack, i)) != NULL; i++)
79 printf("cipher %s\n", SSL_CIPHER_get_name(cipher));
80 if (fflush(stdout) != 0)
81 err(1, "fflush stdout");
82}
83
84void
85print_sockname(BIO *bio)
86{
87 struct sockaddr_storage ss;
88 socklen_t slen;
89 char host[NI_MAXHOST], port[NI_MAXSERV];
90 int fd;
91
92 if (BIO_get_fd(bio, &fd) <= 0)
93 err_ssl(1, "BIO_get_fd");
94 slen = sizeof(ss);
95 if (getsockname(fd, (struct sockaddr *)&ss, &slen) == -1)
96 err(1, "getsockname");
97 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
98 sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))
99 errx(1, "getnameinfo");
100 printf("sock: %s %s\n", host, port);
101 if (fflush(stdout) != 0)
102 err(1, "fflush stdout");
103}
104
105void
106print_peername(BIO *bio)
107{
108 struct sockaddr_storage ss;
109 socklen_t slen;
110 char host[NI_MAXHOST], port[NI_MAXSERV];
111 int fd;
112
113 if (BIO_get_fd(bio, &fd) <= 0)
114 err_ssl(1, "BIO_get_fd");
115 slen = sizeof(ss);
116 if (getpeername(fd, (struct sockaddr *)&ss, &slen) == -1)
117 err(1, "getpeername");
118 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
119 sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))
120 errx(1, "getnameinfo");
121 printf("peer: %s %s\n", host, port);
122 if (fflush(stdout) != 0)
123 err(1, "fflush stdout");
124}
125
126void
127err_ssl(int eval, const char *fmt, ...)
128{
129 va_list ap;
130
131 ERR_print_errors_fp(stderr);
132 va_start(ap, fmt);
133 verrx(eval, fmt, ap);
134 va_end(ap);
135}
136
137int
138verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
139{
140 printf("verify: %s\n", preverify_ok ? "pass" : "fail");
141 if (fflush(stdout) != 0)
142 err(1, "fflush stdout");
143
144 return preverify_ok;
145}
diff --git a/src/regress/lib/libssl/interop/util.h b/src/regress/lib/libssl/interop/util.h
deleted file mode 100644
index 7414a037d7..0000000000
--- a/src/regress/lib/libssl/interop/util.h
+++ /dev/null
@@ -1,23 +0,0 @@
1/* $OpenBSD: util.h,v 1.3 2018/11/09 06:30:41 bluhm Exp $ */
2/*
3 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18void print_version(void);
19void print_ciphers(STACK_OF(SSL_CIPHER) *);
20void print_sockname(BIO *);
21void print_peername(BIO *);
22void err_ssl(int, const char *, ...);
23int verify_callback(int, X509_STORE_CTX *);
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
deleted file mode 100644
index 605fba252f..0000000000
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ /dev/null
@@ -1,110 +0,0 @@
1# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
5# version number. Incompatible versions must fail. Check that client
6# and server have used correct version by grepping in their session
7# print out.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl33)
11LIBRARIES += openssl33
12.endif
13.if exists(/usr/local/bin/eopenssl34)
14LIBRARIES += openssl34
15.endif
16
17VERSIONS = any TLS1_2 TLS1_3
18
19.for cver in ${VERSIONS}
20.for sver in ${VERSIONS}
21
22.if "${cver}" == any || "${sver}" == any || "${cver}" == "${sver}"
23FAIL_${cver}_${sver} =
24.else
25FAIL_${cver}_${sver} = !
26.endif
27
28.for clib in ${LIBRARIES}
29.for slib in ${LIBRARIES}
30
31.if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
32 ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
33 (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
34 (("${cver}" != any && "${sver}" != any) && \
35 ("${cver}" != TLS1 && "${sver}" != TLS1) && \
36 ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
37
38.if ("${clib}" == "libressl" || "${slib}" == "libressl")
39REGRESS_TARGETS += run-version-client-${clib}-${cver}-server-${slib}-${sver}
40.else
41# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
42SLOW_TARGETS += run-version-client-${clib}-${cver}-server-${slib}-${sver}
43.endif
44
45run-version-client-${clib}-${cver}-server-${slib}-${sver} \
46client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
47server-version-client-${clib}-${cver}-server-${slib}-${sver}.out: \
48 127.0.0.1.crt ../${clib}/client ../${slib}/server
49 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
50 ../${slib}/server >${@:S/^run/server/}.out \
51 -c 127.0.0.1.crt -k 127.0.0.1.key \
52 ${sver:Nany:S/^/-V /} \
53 127.0.0.1 0
54 ${FAIL_${cver}_${sver}} \
55 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
56 ../${clib}/client >${@:S/^run/client/}.out \
57 ${cver:Nany:S/^/-V /} \
58 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
59.if empty(${FAIL_${cver}_${sver}})
60 grep -q '^success$$' ${@:S/^run/server/}.out || \
61 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
62 grep -q '^success$$' ${@:S/^run/client/}.out
63.endif
64
65.if empty(${FAIL_${cver}_${sver}})
66
67.if ("${clib}" == "libressl" || "${slib}" == "libressl")
68REGRESS_TARGETS += check-version-client-${clib}-${cver}-server-${slib}-${sver}
69.else
70# Don't use REGRESS_SLOW_TARGETS since its handling in bsd.regress.mk is slow.
71SLOW_TARGETS += check-version-client-${clib}-${cver}-server-${slib}-${sver}
72.endif
73
74check-version-client-${clib}-${cver}-server-${slib}-${sver}: \
75 client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
76 server-version-client-${clib}-${cver}-server-${slib}-${sver}.out
77 @grep ' Protocol *: ' ${@:S/^check/client/}.out
78 @grep ' Protocol *: ' ${@:S/^check/server/}.out
79.if "${cver}" == any
80.if "${sver}" == any
81 grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/client/}.out
82 grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/server/}.out
83.else
84 grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
85 ${@:S/^check/client/}.out
86 grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
87 ${@:S/^check/server/}.out
88.endif
89.else
90 grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
91 ${@:S/^check/client/}.out
92 grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
93 ${@:S/^check/server/}.out
94.endif
95.endif
96
97.endif
98
99.endfor
100.endfor
101.endfor
102.endfor
103
104.include <bsd.own.mk>
105REGRESS_SKIP_SLOW ?= no
106.if ${REGRESS_SKIP_SLOW:L} != "yes"
107REGRESS_TARGETS += ${SLOW_TARGETS}
108.endif
109
110.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/key_schedule/Makefile b/src/regress/lib/libssl/key_schedule/Makefile
deleted file mode 100644
index a8f23a27c5..0000000000
--- a/src/regress/lib/libssl/key_schedule/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2022/06/29 15:06:18 tb Exp $
2
3PROG= key_schedule
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/key_schedule/key_schedule.c b/src/regress/lib/libssl/key_schedule/key_schedule.c
deleted file mode 100644
index cbf5ea9df7..0000000000
--- a/src/regress/lib/libssl/key_schedule/key_schedule.c
+++ /dev/null
@@ -1,317 +0,0 @@
1/* $OpenBSD: key_schedule.c,v 1.11 2024/08/23 12:56:26 anton Exp $ */
2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include "ssl_local.h"
21
22#include "bytestring.h"
23#include "ssl_tlsext.h"
24#include "tls13_internal.h"
25
26static int failures = 0;
27
28static void
29hexdump(const unsigned char *buf, size_t len)
30{
31 size_t i;
32
33 for (i = 1; i <= len; i++)
34 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
35
36 fprintf(stderr, "\n");
37}
38
39static void
40compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
41 size_t expect_len)
42{
43 fprintf(stderr, "received:\n");
44 hexdump(recv, recv_len);
45
46 fprintf(stderr, "test data:\n");
47 hexdump(expect, expect_len);
48}
49
50#define FAIL(msg, ...) \
51do { \
52 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
53 fprintf(stderr, msg, ##__VA_ARGS__); \
54 failures++; \
55} while(0)
56
57/* Hashes and secrets from test vector */
58
59uint8_t chello[] = {
60 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
61 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
62 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
63 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
64};
65const struct tls13_secret chello_hash = {
66 .data = chello,
67 .len = 32,
68};
69
70uint8_t cshello [] = {
71 0x86, 0x0c, 0x06, 0xed, 0xc0, 0x78, 0x58, 0xee,
72 0x8e, 0x78, 0xf0, 0xe7, 0x42, 0x8c, 0x58, 0xed,
73 0xd6, 0xb4, 0x3f, 0x2c, 0xa3, 0xe6, 0xe9, 0x5f,
74 0x02, 0xed, 0x06, 0x3c, 0xf0, 0xe1, 0xca, 0xd8
75};
76
77const struct tls13_secret cshello_hash = {
78 .data = cshello,
79 .len = 32,
80};
81
82const uint8_t ecdhe [] = {
83 0x8b, 0xd4, 0x05, 0x4f, 0xb5, 0x5b, 0x9d, 0x63,
84 0xfd, 0xfb, 0xac, 0xf9, 0xf0, 0x4b, 0x9f, 0x0d,
85 0x35, 0xe6, 0xd6, 0x3f, 0x53, 0x75, 0x63, 0xef,
86 0xd4, 0x62, 0x72, 0x90, 0x0f, 0x89, 0x49, 0x2d
87};
88
89uint8_t csfhello [] = {
90 0x96, 0x08, 0x10, 0x2a, 0x0f, 0x1c, 0xcc, 0x6d,
91 0xb6, 0x25, 0x0b, 0x7b, 0x7e, 0x41, 0x7b, 0x1a,
92 0x00, 0x0e, 0xaa, 0xda, 0x3d, 0xaa, 0xe4, 0x77,
93 0x7a, 0x76, 0x86, 0xc9, 0xff, 0x83, 0xdf, 0x13
94};
95
96const struct tls13_secret csfhello_hash = {
97 .data = csfhello,
98 .len = 32,
99};
100
101
102/* Expected Values */
103
104uint8_t expected_extracted_early[] = {
105 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b,
106 0x09, 0xe6, 0xcd, 0x98, 0x93, 0x68, 0x0c, 0xe2,
107 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60,
108 0xe1, 0xb2, 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
109};
110uint8_t expected_derived_early[] = {
111 0x6f, 0x26, 0x15, 0xa1, 0x08, 0xc7, 0x02, 0xc5,
112 0x67, 0x8f, 0x54, 0xfc, 0x9d, 0xba, 0xb6, 0x97,
113 0x16, 0xc0, 0x76, 0x18, 0x9c, 0x48, 0x25, 0x0c,
114 0xeb, 0xea, 0xc3, 0x57, 0x6c, 0x36, 0x11, 0xba
115};
116uint8_t expected_extracted_handshake[] = {
117 0x1d, 0xc8, 0x26, 0xe9, 0x36, 0x06, 0xaa, 0x6f,
118 0xdc, 0x0a, 0xad, 0xc1, 0x2f, 0x74, 0x1b, 0x01,
119 0x04, 0x6a, 0xa6, 0xb9, 0x9f, 0x69, 0x1e, 0xd2,
120 0x21, 0xa9, 0xf0, 0xca, 0x04, 0x3f, 0xbe, 0xac
121};
122uint8_t expected_client_handshake_traffic[] = {
123 0xb3, 0xed, 0xdb, 0x12, 0x6e, 0x06, 0x7f, 0x35,
124 0xa7, 0x80, 0xb3, 0xab, 0xf4, 0x5e, 0x2d, 0x8f,
125 0x3b, 0x1a, 0x95, 0x07, 0x38, 0xf5, 0x2e, 0x96,
126 0x00, 0x74, 0x6a, 0x0e, 0x27, 0xa5, 0x5a, 0x21
127};
128
129uint8_t expected_server_handshake_traffic[] = {
130 0xb6, 0x7b, 0x7d, 0x69, 0x0c, 0xc1, 0x6c, 0x4e,
131 0x75, 0xe5, 0x42, 0x13, 0xcb, 0x2d, 0x37, 0xb4,
132 0xe9, 0xc9, 0x12, 0xbc, 0xde, 0xd9, 0x10, 0x5d,
133 0x42, 0xbe, 0xfd, 0x59, 0xd3, 0x91, 0xad, 0x38
134};
135
136uint8_t expected_derived_handshake[] = {
137 0x43, 0xde, 0x77, 0xe0, 0xc7, 0x77, 0x13, 0x85,
138 0x9a, 0x94, 0x4d, 0xb9, 0xdb, 0x25, 0x90, 0xb5,
139 0x31, 0x90, 0xa6, 0x5b, 0x3e, 0xe2, 0xe4, 0xf1,
140 0x2d, 0xd7, 0xa0, 0xbb, 0x7c, 0xe2, 0x54, 0xb4
141};
142
143uint8_t expected_extracted_master[] = {
144 0x18, 0xdf, 0x06, 0x84, 0x3d, 0x13, 0xa0, 0x8b,
145 0xf2, 0xa4, 0x49, 0x84, 0x4c, 0x5f, 0x8a, 0x47,
146 0x80, 0x01, 0xbc, 0x4d, 0x4c, 0x62, 0x79, 0x84,
147 0xd5, 0xa4, 0x1d, 0xa8, 0xd0, 0x40, 0x29, 0x19
148};
149
150uint8_t expected_server_application_traffic[] = {
151 0xa1, 0x1a, 0xf9, 0xf0, 0x55, 0x31, 0xf8, 0x56,
152 0xad, 0x47, 0x11, 0x6b, 0x45, 0xa9, 0x50, 0x32,
153 0x82, 0x04, 0xb4, 0xf4, 0x4b, 0xfb, 0x6b, 0x3a,
154 0x4b, 0x4f, 0x1f, 0x3f, 0xcb, 0x63, 0x16, 0x43
155};
156
157uint8_t expected_server_application_traffic_updated[] = {
158 0x51, 0x92, 0x1b, 0x8a, 0xa3, 0x00, 0x19, 0x76,
159 0xeb, 0x40, 0x1d, 0x0a, 0x43, 0x19, 0xa8, 0x51,
160 0x64, 0x16, 0xa6, 0xc5, 0x60, 0x01, 0xa3, 0x57,
161 0xe5, 0xd1, 0x62, 0x03, 0x1e, 0x84, 0xf9, 0x16,
162};
163
164uint8_t expected_client_application_traffic[] = {
165 0x9e, 0x40, 0x64, 0x6c, 0xe7, 0x9a, 0x7f, 0x9d,
166 0xc0, 0x5a, 0xf8, 0x88, 0x9b, 0xce, 0x65, 0x52,
167 0x87, 0x5a, 0xfa, 0x0b, 0x06, 0xdf, 0x00, 0x87,
168 0xf7, 0x92, 0xeb, 0xb7, 0xc1, 0x75, 0x04, 0xa5,
169};
170
171uint8_t expected_client_application_traffic_updated[] = {
172 0xfc, 0xdf, 0xcc, 0x72, 0x72, 0x5a, 0xae, 0xe4,
173 0x8b, 0xf6, 0x4e, 0x4f, 0xd8, 0xb7, 0x49, 0xcd,
174 0xbd, 0xba, 0xb3, 0x9d, 0x90, 0xda, 0x0b, 0x26,
175 0xe2, 0x24, 0x5c, 0xa6, 0xea, 0x16, 0x72, 0x07,
176};
177
178uint8_t expected_exporter_master[] = {
179 0xfe, 0x22, 0xf8, 0x81, 0x17, 0x6e, 0xda, 0x18,
180 0xeb, 0x8f, 0x44, 0x52, 0x9e, 0x67, 0x92, 0xc5,
181 0x0c, 0x9a, 0x3f, 0x89, 0x45, 0x2f, 0x68, 0xd8,
182 0xae, 0x31, 0x1b, 0x43, 0x09, 0xd3, 0xcf, 0x50
183};
184
185int
186main (int argc, char **argv)
187{
188 struct tls13_secrets *secrets;
189
190 if ((secrets = tls13_secrets_create(EVP_sha256(), 0)) == NULL)
191 errx(1, "failed to create secrets");
192
193 secrets->insecure = 1; /* don't explicit_bzero when done */
194
195 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
196 FAIL("derive_handshake_secrets worked when it shouldn't\n");
197 if (tls13_derive_application_secrets(secrets,
198 &chello_hash))
199 FAIL("derive_application_secrets worked when it shouldn't\n");
200
201 if (!tls13_derive_early_secrets(secrets,
202 secrets->zeros.data, secrets->zeros.len, &chello_hash))
203 FAIL("derive_early_secrets failed\n");
204 if (tls13_derive_early_secrets(secrets,
205 secrets->zeros.data, secrets->zeros.len, &chello_hash))
206 FAIL("derive_early_secrets worked when it shouldn't(2)\n");
207
208 if (!tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
209 FAIL("derive_handshake_secrets failed\n");
210 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
211 FAIL("derive_handshake_secrets worked when it shouldn't(2)\n");
212
213 /* XXX fix hash here once test vector sorted */
214 if (!tls13_derive_application_secrets(secrets, &csfhello_hash))
215 FAIL("derive_application_secrets failed\n");
216 if (tls13_derive_application_secrets(secrets, &csfhello_hash))
217 FAIL("derive_application_secrets worked when it "
218 "shouldn't(2)\n");
219
220 fprintf(stderr, "extracted_early:\n");
221 compare_data(secrets->extracted_early.data, 32,
222 expected_extracted_early, 32);
223 if (memcmp(secrets->extracted_early.data,
224 expected_extracted_early, 32) != 0)
225 FAIL("extracted_early does not match\n");
226
227 fprintf(stderr, "derived_early:\n");
228 compare_data(secrets->derived_early.data, 32,
229 expected_derived_early, 32);
230 if (memcmp(secrets->derived_early.data,
231 expected_derived_early, 32) != 0)
232 FAIL("derived_early does not match\n");
233
234 fprintf(stderr, "extracted_handshake:\n");
235 compare_data(secrets->extracted_handshake.data, 32,
236 expected_extracted_handshake, 32);
237 if (memcmp(secrets->extracted_handshake.data,
238 expected_extracted_handshake, 32) != 0)
239 FAIL("extracted_handshake does not match\n");
240
241 fprintf(stderr, "client_handshake_traffic:\n");
242 compare_data(secrets->client_handshake_traffic.data, 32,
243 expected_client_handshake_traffic, 32);
244 if (memcmp(secrets->client_handshake_traffic.data,
245 expected_client_handshake_traffic, 32) != 0)
246 FAIL("client_handshake_traffic does not match\n");
247
248 fprintf(stderr, "server_handshake_traffic:\n");
249 compare_data(secrets->server_handshake_traffic.data, 32,
250 expected_server_handshake_traffic, 32);
251 if (memcmp(secrets->server_handshake_traffic.data,
252 expected_server_handshake_traffic, 32) != 0)
253 FAIL("server_handshake_traffic does not match\n");
254
255 fprintf(stderr, "derived_early:\n");
256 compare_data(secrets->derived_early.data, 32,
257 expected_derived_early, 32);
258 if (memcmp(secrets->derived_early.data,
259 expected_derived_early, 32) != 0)
260 FAIL("derived_early does not match\n");
261
262 fprintf(stderr, "derived_handshake:\n");
263 compare_data(secrets->derived_handshake.data, 32,
264 expected_derived_handshake, 32);
265 if (memcmp(secrets->derived_handshake.data,
266 expected_derived_handshake, 32) != 0)
267 FAIL("derived_handshake does not match\n");
268
269 fprintf(stderr, "extracted_master:\n");
270 compare_data(secrets->extracted_master.data, 32,
271 expected_extracted_master, 32);
272 if (memcmp(secrets->extracted_master.data,
273 expected_extracted_master, 32) != 0)
274 FAIL("extracted_master does not match\n");
275
276 fprintf(stderr, "server_application_traffic:\n");
277 compare_data(secrets->server_application_traffic.data, 32,
278 expected_server_application_traffic, 32);
279 if (memcmp(secrets->server_application_traffic.data,
280 expected_server_application_traffic, 32) != 0)
281 FAIL("server_application_traffic does not match\n");
282
283 fprintf(stderr, "client_application_traffic:\n");
284 compare_data(secrets->client_application_traffic.data, 32,
285 expected_client_application_traffic, 32);
286 if (memcmp(secrets->client_application_traffic.data,
287 expected_client_application_traffic, 32) != 0)
288 FAIL("server_application_traffic does not match\n");
289
290 fprintf(stderr, "exporter_master:\n");
291 compare_data(secrets->exporter_master.data, 32,
292 expected_exporter_master, 32);
293 if (memcmp(secrets->exporter_master.data,
294 expected_exporter_master, 32) != 0)
295 FAIL("exporter_master does not match\n");
296
297 tls13_update_server_traffic_secret(secrets);
298 fprintf(stderr, "server_application_traffic after update:\n");
299 compare_data(secrets->server_application_traffic.data, 32,
300 expected_server_application_traffic_updated, 32);
301 if (memcmp(secrets->server_application_traffic.data,
302 expected_server_application_traffic_updated, 32) != 0)
303 FAIL("server_application_traffic does not match after update\n");
304
305
306 tls13_update_client_traffic_secret(secrets);
307 fprintf(stderr, "client_application_traffic after update:\n");
308 compare_data(secrets->client_application_traffic.data, 32,
309 expected_client_application_traffic_updated, 32);
310 if (memcmp(secrets->client_application_traffic.data,
311 expected_client_application_traffic_updated, 32) != 0)
312 FAIL("client_application_traffic does not match after update\n");
313
314 tls13_secrets_destroy(secrets);
315
316 return failures;
317}
diff --git a/src/regress/lib/libssl/openssl-ruby/Makefile b/src/regress/lib/libssl/openssl-ruby/Makefile
deleted file mode 100644
index af8083f662..0000000000
--- a/src/regress/lib/libssl/openssl-ruby/Makefile
+++ /dev/null
@@ -1,87 +0,0 @@
1# $OpenBSD: Makefile,v 1.14 2024/08/31 11:14:58 tb Exp $
2
3OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests
4.if exists(/usr/local/bin/ruby32)
5RUBY_BINREV = 32
6.else
7RUBY_BINREV = 33
8.endif
9RUBY = ruby${RUBY_BINREV}
10
11# We work in a subdirectory of obj/ since extconf.rb generates a Makefile whose
12# name can't be customized in $PWD. An obj/Makefile in turn confuses either make
13# or bsd.*.mk. This hurts when things are in an unexpected state after a signal.
14BUILDDIR = build
15
16.if !exists(${OPENSSL_RUBY_TESTS})
17regress:
18 @echo package openssl-ruby-tests is required for this regress
19 @echo SKIPPED
20.else
21
22REGRESS_TARGETS += openssl-ruby-test
23
24openssl-ruby-test: retest
25
26_BUILDDIR_COOKIE = .builddir
27_BUILD_COOKIE = .build
28_TEST_COOKIE = .test
29
30${_BUILDDIR_COOKIE}:
31 mkdir -p ${BUILDDIR}
32 touch $@
33
34${_BUILD_COOKIE}: ${_BUILDDIR_COOKIE}
35 cd ${BUILDDIR} && \
36 ${RUBY} ${OPENSSL_RUBY_TESTS}/ext/openssl/extconf.rb && \
37 make;
38 touch $@
39
40OPENSSL_RUBY_TESTSRC = ${OPENSSL_RUBY_TESTS}/test/openssl/test_*.rb
41${_TEST_COOKIE}: ${_BUILD_COOKIE} ${_BUILDDIR_COOKIE}
42 cd ${BUILDDIR} && \
43 env SKIP_EXPECTED_FAILURES=true ${RUBY} -I. \
44 -I${OPENSSL_RUBY_TESTS}/test/openssl \
45 -I${OPENSSL_RUBY_TESTS}/lib \
46 -e 'Dir["${OPENSSL_RUBY_TESTSRC}"].each{|f| require f}' \
47 -- --no-use-color --no-show-detail-immediately
48 touch $@
49
50build: ${_BUILD_COOKIE}
51test: ${_TEST_COOKIE}
52
53_MAKE = cd ${.CURDIR} && exec ${.MAKE}
54
55rebuild:
56 rm -f ${_BUILD_COOKIE}
57 ${_MAKE} build
58
59retest:
60 rm -f ${_TEST_COOKIE}
61 ${_MAKE} test
62
63.for _t in test_client_ca
64REGRESS_TARGETS += ${_t}
65REGRESS_EXPECTED_FAILURES += ${_t}
66${_t}: ${_BUILD_COOKIE}
67 cd ${BUILDDIR} && \
68 ${RUBY} -I. -I${OPENSSL_RUBY_TESTS}/test/openssl \
69 -I${OPENSSL_RUBY_TESTS}/lib \
70 ${OPENSSL_RUBY_TESTS}/test/openssl/test_ssl.rb \
71 -n ${_t}
72.endfor
73
74CLEANFILES += ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE}
75
76. if make(clean) || make(cleandir)
77. if exists(${BUILDDIR})
78.BEGIN:
79 rm -r ${BUILDDIR}
80. endif
81. endif
82
83.PHONY: build rebuild test retest
84
85.endif
86
87.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/Makefile b/src/regress/lib/libssl/pqueue/Makefile
deleted file mode 100644
index 48c2cb7e61..0000000000
--- a/src/regress/lib/libssl/pqueue/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2016/11/04 19:45:12 jsing Exp $
2
3PROG= pq_test
4SRC= ${.CURDIR}/../../../../lib/libssl
5CFLAGS+= -I${SRC}
6
7LDADD= ${SSL_INT} -lcrypto
8DPADD= ${LIBSSL} ${LIBCRYPTO}
9WARNINGS= Yes
10CFLAGS+= -DLIBRESSL_INTERNAL -Werror
11
12REGRESS_TARGETS= regress-pq_test
13
14regress-pq_test: ${PROG}
15 ${.OBJDIR}/pq_test | cmp -s ${.CURDIR}/expected.txt /dev/stdin
16
17.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/expected.txt b/src/regress/lib/libssl/pqueue/expected.txt
deleted file mode 100644
index c59d6cd838..0000000000
--- a/src/regress/lib/libssl/pqueue/expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1item 6966726167696c69
2item 7374696365787069
3item 737570657263616c
diff --git a/src/regress/lib/libssl/pqueue/pq_test.c b/src/regress/lib/libssl/pqueue/pq_test.c
deleted file mode 100644
index a078ba5366..0000000000
--- a/src/regress/lib/libssl/pqueue/pq_test.c
+++ /dev/null
@@ -1,118 +0,0 @@
1/* crypto/pqueue/pq_test.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include "pqueue.h"
63
64/* remember to change expected.txt if you change these values */
65unsigned char prio1[8] = "supercal";
66unsigned char prio2[8] = "ifragili";
67unsigned char prio3[8] = "sticexpi";
68
69static void
70pqueue_print(pqueue pq)
71{
72 pitem *iter, *item;
73
74 iter = pqueue_iterator(pq);
75 for (item = pqueue_next(&iter); item != NULL;
76 item = pqueue_next(&iter)) {
77 printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
78 item->priority[0], item->priority[1],
79 item->priority[2], item->priority[3],
80 item->priority[4], item->priority[5],
81 item->priority[6], item->priority[7]);
82 }
83}
84
85int
86main(void)
87{
88 pitem *item;
89 pqueue pq;
90
91 pq = pqueue_new();
92
93 item = pitem_new(prio3, NULL);
94 pqueue_insert(pq, item);
95
96 item = pitem_new(prio1, NULL);
97 pqueue_insert(pq, item);
98
99 item = pitem_new(prio2, NULL);
100 pqueue_insert(pq, item);
101
102 item = pqueue_find(pq, prio1);
103 fprintf(stderr, "found %p\n", item->priority);
104
105 item = pqueue_find(pq, prio2);
106 fprintf(stderr, "found %p\n", item->priority);
107
108 item = pqueue_find(pq, prio3);
109 fprintf(stderr, "found %p\n", item ? item->priority: 0);
110
111 pqueue_print(pq);
112
113 for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
114 pitem_free(item);
115
116 pqueue_free(pq);
117 return 0;
118}
diff --git a/src/regress/lib/libssl/quic/Makefile b/src/regress/lib/libssl/quic/Makefile
deleted file mode 100644
index 55fef6b257..0000000000
--- a/src/regress/lib/libssl/quic/Makefile
+++ /dev/null
@@ -1,19 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $
2
3PROG= quictest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6
7WARNINGS= Yes
8CFLAGS+= -DLIBRESSL_INTERNAL -Werror
9
10REGRESS_TARGETS= \
11 regress-quictest
12
13regress-quictest: ${PROG}
14 ./quictest \
15 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
16 ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
17 ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
18
19.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/quic/quictest.c b/src/regress/lib/libssl/quic/quictest.c
deleted file mode 100644
index cdd4b2387c..0000000000
--- a/src/regress/lib/libssl/quic/quictest.c
+++ /dev/null
@@ -1,339 +0,0 @@
1/* $OpenBSD: quictest.c,v 1.1 2022/08/27 09:16:29 jsing Exp $ */
2/*
3 * Copyright (c) 2020, 2021, 2022 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include <openssl/bio.h>
21#include <openssl/err.h>
22#include <openssl/ssl.h>
23
24const char *server_ca_file;
25const char *server_cert_file;
26const char *server_key_file;
27
28int debug = 0;
29
30static void
31hexdump(const unsigned char *buf, size_t len)
32{
33 size_t i;
34
35 for (i = 1; i <= len; i++)
36 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
37
38 if (len % 8)
39 fprintf(stderr, "\n");
40}
41
42struct quic_data {
43 enum ssl_encryption_level_t rlevel;
44 enum ssl_encryption_level_t wlevel;
45 BIO *rbio;
46 BIO *wbio;
47};
48
49static int
50quic_set_read_secret(SSL *ssl, enum ssl_encryption_level_t level,
51 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
52{
53 struct quic_data *qd = SSL_get_app_data(ssl);
54
55 qd->rlevel = level;
56
57 return 1;
58}
59
60static int
61quic_set_write_secret(SSL *ssl, enum ssl_encryption_level_t level,
62 const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len)
63{
64 struct quic_data *qd = SSL_get_app_data(ssl);
65
66 qd->wlevel = level;
67
68 return 1;
69}
70
71static int
72quic_read_handshake_data(SSL *ssl)
73{
74 struct quic_data *qd = SSL_get_app_data(ssl);
75 uint8_t buf[2048];
76 int ret;
77
78 if ((ret = BIO_read(qd->rbio, buf, sizeof(buf))) > 0) {
79 if (debug > 1) {
80 fprintf(stderr, "== quic_read_handshake_data ==\n");
81 hexdump(buf, ret);
82 }
83 if (!SSL_provide_quic_data(ssl, qd->rlevel, buf, ret))
84 return -1;
85 }
86
87 return 1;
88}
89
90static int
91quic_add_handshake_data(SSL *ssl, enum ssl_encryption_level_t level,
92 const uint8_t *data, size_t len)
93{
94 struct quic_data *qd = SSL_get_app_data(ssl);
95 int ret;
96
97 if (debug > 1) {
98 fprintf(stderr, "== quic_add_handshake_data\n");
99 hexdump(data, len);
100 }
101
102 if ((ret = BIO_write(qd->wbio, data, len)) <= 0)
103 return 0;
104
105 return (size_t)ret == len;
106}
107
108static int
109quic_flush_flight(SSL *ssl)
110{
111 return 1;
112}
113
114static int
115quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert)
116{
117 return 1;
118}
119
120const SSL_QUIC_METHOD quic_method = {
121 .set_read_secret = quic_set_read_secret,
122 .set_write_secret = quic_set_write_secret,
123 .add_handshake_data = quic_add_handshake_data,
124 .flush_flight = quic_flush_flight,
125 .send_alert = quic_send_alert,
126};
127
128static SSL *
129quic_client(struct quic_data *data)
130{
131 SSL_CTX *ssl_ctx = NULL;
132 SSL *ssl = NULL;
133
134 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
135 errx(1, "client context");
136
137 if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
138 fprintf(stderr, "FAIL: Failed to set QUIC method\n");
139 goto failure;
140 }
141
142 if ((ssl = SSL_new(ssl_ctx)) == NULL)
143 errx(1, "client ssl");
144
145 SSL_set_connect_state(ssl);
146 SSL_set_app_data(ssl, data);
147
148 failure:
149 SSL_CTX_free(ssl_ctx);
150
151 return ssl;
152}
153
154static SSL *
155quic_server(struct quic_data *data)
156{
157 SSL_CTX *ssl_ctx = NULL;
158 SSL *ssl = NULL;
159
160 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
161 errx(1, "server context");
162
163 SSL_CTX_set_dh_auto(ssl_ctx, 2);
164
165 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
166 SSL_FILETYPE_PEM) != 1) {
167 fprintf(stderr, "FAIL: Failed to load server certificate\n");
168 goto failure;
169 }
170 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
171 SSL_FILETYPE_PEM) != 1) {
172 fprintf(stderr, "FAIL: Failed to load server private key\n");
173 goto failure;
174 }
175
176 if (!SSL_CTX_set_quic_method(ssl_ctx, &quic_method)) {
177 fprintf(stderr, "FAIL: Failed to set QUIC method\n");
178 goto failure;
179 }
180
181 if ((ssl = SSL_new(ssl_ctx)) == NULL)
182 errx(1, "server ssl");
183
184 SSL_set_accept_state(ssl);
185 SSL_set_app_data(ssl, data);
186
187 failure:
188 SSL_CTX_free(ssl_ctx);
189
190 return ssl;
191}
192
193static int
194ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
195{
196 int ssl_err;
197
198 ssl_err = SSL_get_error(ssl, ssl_ret);
199
200 if (ssl_err == SSL_ERROR_WANT_READ) {
201 if (quic_read_handshake_data(ssl) < 0)
202 return 0;
203 return 1;
204 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
205 return 1;
206 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
207 /* Yup, this is apparently a thing... */
208 } else {
209 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
210 name, desc, ssl_err, errno);
211 ERR_print_errors_fp(stderr);
212 return 0;
213 }
214
215 return 1;
216}
217
218static int
219do_handshake(SSL *ssl, const char *name, int *done)
220{
221 int ssl_ret;
222
223 if ((ssl_ret = SSL_do_handshake(ssl)) == 1) {
224 fprintf(stderr, "INFO: %s handshake done\n", name);
225 *done = 1;
226 return 1;
227 }
228
229 return ssl_error(ssl, name, "handshake", ssl_ret);
230}
231
232typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
233
234static int
235do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
236 ssl_func server_func)
237{
238 int client_done = 0, server_done = 0;
239 int i = 0;
240
241 do {
242 if (!client_done) {
243 if (debug)
244 fprintf(stderr, "DEBUG: client loop\n");
245 if (!client_func(client, "client", &client_done))
246 return 0;
247 }
248 if (!server_done) {
249 if (debug)
250 fprintf(stderr, "DEBUG: server loop\n");
251 if (!server_func(server, "server", &server_done))
252 return 0;
253 }
254 } while (i++ < 100 && (!client_done || !server_done));
255
256 if (!client_done || !server_done)
257 fprintf(stderr, "FAIL: gave up\n");
258
259 return client_done && server_done;
260}
261
262static int
263quictest(void)
264{
265 struct quic_data *client_data = NULL, *server_data = NULL;
266 BIO *client_wbio = NULL, *server_wbio = NULL;
267 SSL *client = NULL, *server = NULL;
268 int failed = 1;
269
270 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
271 goto failure;
272 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
273 goto failure;
274
275 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
276 goto failure;
277 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
278 goto failure;
279
280 if ((client_data = calloc(1, sizeof(*client_data))) == NULL)
281 goto failure;
282
283 client_data->rbio = server_wbio;
284 client_data->wbio = client_wbio;
285
286 if ((client = quic_client(client_data)) == NULL)
287 goto failure;
288
289 if ((server_data = calloc(1, sizeof(*server_data))) == NULL)
290 goto failure;
291
292 server_data->rbio = client_wbio;
293 server_data->wbio = server_wbio;
294
295 if ((server = quic_server(server_data)) == NULL)
296 goto failure;
297
298 if (!do_client_server_loop(client, do_handshake, server, do_handshake)) {
299 fprintf(stderr, "FAIL: client and server handshake failed\n");
300 ERR_print_errors_fp(stderr);
301 goto failure;
302 }
303
304 fprintf(stderr, "INFO: Done!\n");
305
306 failed = 0;
307
308 failure:
309 BIO_free(client_wbio);
310 BIO_free(server_wbio);
311
312 free(client_data);
313 free(server_data);
314
315 SSL_free(client);
316 SSL_free(server);
317
318 return failed;
319}
320
321int
322main(int argc, char **argv)
323{
324 int failed = 0;
325
326 if (argc != 4) {
327 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
328 argv[0]);
329 exit(1);
330 }
331
332 server_key_file = argv[1];
333 server_cert_file = argv[2];
334 server_ca_file = argv[3];
335
336 failed |= quictest();
337
338 return failed;
339}
diff --git a/src/regress/lib/libssl/record/Makefile b/src/regress/lib/libssl/record/Makefile
deleted file mode 100644
index f0e2bc52a8..0000000000
--- a/src/regress/lib/libssl/record/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2019/01/19 02:57:04 jsing Exp $
2
3PROG= recordtest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/record/recordtest.c b/src/regress/lib/libssl/record/recordtest.c
deleted file mode 100644
index de9bfd6935..0000000000
--- a/src/regress/lib/libssl/record/recordtest.c
+++ /dev/null
@@ -1,555 +0,0 @@
1/* $OpenBSD: recordtest.c,v 1.5 2022/06/10 22:00:15 tb Exp $ */
2/*
3 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <string.h>
20
21#include <openssl/ssl.h>
22
23#include "tls13_internal.h"
24#include "tls13_record.h"
25
26/* Valid record. */
27static uint8_t test_record_1[] = {
28 0x16, 0x03, 0x03, 0x00, 0x7a, 0x02, 0x00, 0x00,
29 0x76, 0x03, 0x03, 0x14, 0xae, 0x2b, 0x6d, 0x58,
30 0xe9, 0x79, 0x9d, 0xd4, 0x90, 0x52, 0x90, 0x13,
31 0x1c, 0x08, 0xaa, 0x3f, 0x5b, 0xfb, 0x64, 0xfe,
32 0x9a, 0xca, 0x73, 0x6d, 0x87, 0x8d, 0x8b, 0x3b,
33 0x70, 0x14, 0xa3, 0x20, 0xd7, 0x50, 0xa4, 0xe5,
34 0x17, 0x42, 0x5d, 0xce, 0xe6, 0xfe, 0x1b, 0x59,
35 0x27, 0x6b, 0xff, 0xc8, 0x40, 0xc7, 0xac, 0x16,
36 0x32, 0xe6, 0x5b, 0xd2, 0xd9, 0xd4, 0xb5, 0x3f,
37 0x8f, 0x74, 0x6e, 0x7d, 0x13, 0x02, 0x00, 0x00,
38 0x2e, 0x00, 0x33, 0x00, 0x24, 0x00, 0x1d, 0x00,
39 0x20, 0x72, 0xb0, 0xaf, 0x7f, 0xf5, 0x89, 0x0f,
40 0xcd, 0x6e, 0x45, 0xb1, 0x51, 0xa0, 0xbd, 0x1e,
41 0xee, 0x7e, 0xf1, 0xa5, 0xc5, 0xc6, 0x7e, 0x5f,
42 0x6a, 0xca, 0xc9, 0xe4, 0xae, 0xb9, 0x50, 0x76,
43 0x0a, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
44};
45
46/* Truncated record. */
47static uint8_t test_record_2[] = {
48 0x17, 0x03, 0x03, 0x41, 0x00, 0x02, 0x00, 0x00,
49};
50
51/* Oversized and truncated record. */
52static uint8_t test_record_3[] = {
53 0x17, 0x03, 0x03, 0x41, 0x01, 0x02, 0x00, 0x00,
54};
55
56static void
57hexdump(const unsigned char *buf, size_t len)
58{
59 size_t i;
60
61 for (i = 1; i <= len; i++)
62 fprintf(stderr, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
63 if (len % 8 != 0)
64 fprintf(stderr, "\n");
65}
66
67struct rw_state {
68 uint8_t *buf;
69 size_t len;
70 size_t offset;
71 uint8_t eof;
72};
73
74static ssize_t
75read_cb(void *buf, size_t buflen, void *cb_arg)
76{
77 struct rw_state *rs = cb_arg;
78 ssize_t n;
79
80 if (rs->eof)
81 return TLS13_IO_EOF;
82
83 if ((size_t)(n = buflen) > (rs->len - rs->offset))
84 n = rs->len - rs->offset;
85
86 if (n == 0)
87 return TLS13_IO_WANT_POLLIN;
88
89 memcpy(buf, &rs->buf[rs->offset], n);
90 rs->offset += n;
91
92 return n;
93}
94
95static ssize_t
96write_cb(const void *buf, size_t buflen, void *cb_arg)
97{
98 struct rw_state *ws = cb_arg;
99 ssize_t n;
100
101 if (ws->eof)
102 return TLS13_IO_EOF;
103
104 if ((size_t)(n = buflen) > (ws->len - ws->offset))
105 n = ws->len - ws->offset;
106
107 if (n == 0)
108 return TLS13_IO_WANT_POLLOUT;
109
110 memcpy(&ws->buf[ws->offset], buf, n);
111 ws->offset += n;
112
113 return n;
114}
115
116struct record_test {
117 size_t rw_len;
118 int eof;
119 ssize_t want_ret;
120};
121
122struct record_recv_test {
123 uint8_t *read_buf;
124 struct record_test rt[10];
125 uint8_t want_content_type;
126 uint8_t *want_data;
127 size_t want_len;
128};
129
130struct record_recv_test record_recv_tests[] = {
131 {
132 .read_buf = test_record_1,
133 .rt = {
134 {
135 .rw_len = sizeof(test_record_1),
136 .want_ret = sizeof(test_record_1),
137 },
138 },
139 .want_content_type = SSL3_RT_HANDSHAKE,
140 .want_data = test_record_1,
141 .want_len = sizeof(test_record_1),
142 },
143 {
144 .read_buf = test_record_1,
145 .rt = {
146 {
147 .rw_len = 0,
148 .want_ret = TLS13_IO_WANT_POLLIN,
149 },
150 {
151 .rw_len = sizeof(test_record_1),
152 .want_ret = sizeof(test_record_1),
153 },
154 },
155 .want_content_type = SSL3_RT_HANDSHAKE,
156 .want_data = test_record_1,
157 .want_len = sizeof(test_record_1),
158 },
159 {
160 .read_buf = test_record_1,
161 .rt = {
162 {
163 .rw_len = 0,
164 .want_ret = TLS13_IO_WANT_POLLIN,
165 },
166 {
167 .rw_len = 5,
168 .want_ret = TLS13_IO_WANT_POLLIN,
169 },
170 {
171 .rw_len = sizeof(test_record_1),
172 .want_ret = sizeof(test_record_1),
173 },
174 },
175 .want_content_type = SSL3_RT_HANDSHAKE,
176 .want_data = test_record_1,
177 .want_len = sizeof(test_record_1),
178 },
179 {
180 .read_buf = test_record_1,
181 .rt = {
182 {
183 .rw_len = 0,
184 .want_ret = TLS13_IO_WANT_POLLIN,
185 },
186 {
187 .rw_len = 2,
188 .want_ret = TLS13_IO_WANT_POLLIN,
189 },
190 {
191 .rw_len = 6,
192 .want_ret = TLS13_IO_WANT_POLLIN,
193 },
194 {
195 .rw_len = sizeof(test_record_1),
196 .want_ret = sizeof(test_record_1),
197 },
198 },
199 .want_content_type = SSL3_RT_HANDSHAKE,
200 .want_data = test_record_1,
201 .want_len = sizeof(test_record_1),
202 },
203 {
204 .read_buf = test_record_1,
205 .rt = {
206 {
207 .rw_len = 4,
208 .want_ret = TLS13_IO_WANT_POLLIN,
209 },
210 {
211 .eof = 1,
212 .want_ret = TLS13_IO_EOF,
213 },
214 },
215 },
216 {
217 .read_buf = test_record_1,
218 .rt = {
219 {
220 .eof = 1,
221 .want_ret = TLS13_IO_EOF,
222 },
223 },
224 },
225 {
226 .read_buf = test_record_2,
227 .rt = {
228 {
229 .rw_len = sizeof(test_record_2),
230 .want_ret = TLS13_IO_WANT_POLLIN,
231 },
232 {
233 .eof = 1,
234 .want_ret = TLS13_IO_EOF,
235 },
236 },
237 .want_content_type = SSL3_RT_APPLICATION_DATA,
238 },
239 {
240 .read_buf = test_record_3,
241 .rt = {
242 {
243 .rw_len = sizeof(test_record_3),
244 .want_ret = TLS13_IO_RECORD_OVERFLOW,
245 },
246 },
247 },
248};
249
250#define N_RECORD_RECV_TESTS (sizeof(record_recv_tests) / sizeof(record_recv_tests[0]))
251
252struct record_send_test {
253 uint8_t *data;
254 size_t data_len;
255 struct record_test rt[10];
256 uint8_t *want_data;
257 size_t want_len;
258};
259
260struct record_send_test record_send_tests[] = {
261 {
262 .data = test_record_1,
263 .data_len = sizeof(test_record_1),
264 .rt = {
265 {
266 .rw_len = sizeof(test_record_1),
267 .want_ret = sizeof(test_record_1),
268 },
269 },
270 .want_data = test_record_1,
271 .want_len = sizeof(test_record_1),
272 },
273 {
274 .data = test_record_1,
275 .data_len = sizeof(test_record_1),
276 .rt = {
277 {
278 .rw_len = 0,
279 .want_ret = TLS13_IO_WANT_POLLOUT,
280 },
281 {
282 .rw_len = sizeof(test_record_1),
283 .want_ret = sizeof(test_record_1),
284 },
285 },
286 .want_data = test_record_1,
287 .want_len = sizeof(test_record_1),
288 },
289 {
290 .data = test_record_1,
291 .data_len = sizeof(test_record_1),
292 .rt = {
293 {
294 .rw_len = 0,
295 .want_ret = TLS13_IO_WANT_POLLOUT,
296 },
297 {
298 .rw_len = 5,
299 .want_ret = TLS13_IO_WANT_POLLOUT,
300 },
301 {
302 .rw_len = sizeof(test_record_1),
303 .want_ret = sizeof(test_record_1),
304 },
305 },
306 .want_data = test_record_1,
307 .want_len = sizeof(test_record_1),
308 },
309 {
310 .data = test_record_1,
311 .data_len = sizeof(test_record_1),
312 .rt = {
313 {
314 .rw_len = 0,
315 .want_ret = TLS13_IO_WANT_POLLOUT,
316 },
317 {
318 .rw_len = 2,
319 .want_ret = TLS13_IO_WANT_POLLOUT,
320 },
321 {
322 .rw_len = 6,
323 .want_ret = TLS13_IO_WANT_POLLOUT,
324 },
325 {
326 .rw_len = sizeof(test_record_1),
327 .want_ret = sizeof(test_record_1),
328 },
329 },
330 .want_data = test_record_1,
331 .want_len = sizeof(test_record_1),
332 },
333 {
334 .data = test_record_1,
335 .data_len = sizeof(test_record_1),
336 .rt = {
337 {
338 .rw_len = 4,
339 .want_ret = TLS13_IO_WANT_POLLOUT,
340 },
341 {
342 .eof = 1,
343 .want_ret = TLS13_IO_EOF,
344 },
345 },
346 .want_data = test_record_1,
347 .want_len = 4,
348 },
349 {
350 .data = test_record_1,
351 .data_len = sizeof(test_record_1),
352 .rt = {
353 {
354 .rw_len = 0,
355 .want_ret = TLS13_IO_WANT_POLLOUT,
356 },
357 {
358 .eof = 1,
359 .want_ret = TLS13_IO_EOF,
360 },
361 },
362 .want_data = NULL,
363 .want_len = 0,
364 },
365};
366
367#define N_RECORD_SEND_TESTS (sizeof(record_send_tests) / sizeof(record_send_tests[0]))
368
369static int
370test_record_recv(size_t test_no, struct record_recv_test *rrt)
371{
372 struct tls13_record *rec;
373 struct rw_state rs;
374 int failed = 1;
375 ssize_t ret;
376 size_t i;
377 CBS cbs;
378
379 rs.buf = rrt->read_buf;
380 rs.offset = 0;
381
382 if ((rec = tls13_record_new()) == NULL)
383 errx(1, "tls13_record_new");
384
385 for (i = 0; rrt->rt[i].rw_len != 0 || rrt->rt[i].want_ret != 0; i++) {
386 rs.eof = rrt->rt[i].eof;
387 rs.len = rrt->rt[i].rw_len;
388
389 ret = tls13_record_recv(rec, read_cb, &rs);
390 if (ret != rrt->rt[i].want_ret) {
391 fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_recv "
392 "returned %zd, want %zd\n", test_no, i, ret,
393 rrt->rt[i].want_ret);
394 goto failure;
395 }
396 }
397
398 if (tls13_record_content_type(rec) != rrt->want_content_type) {
399 fprintf(stderr, "FAIL: Test %zu - got content type %u, "
400 "want %u\n", test_no, tls13_record_content_type(rec),
401 rrt->want_content_type);
402 goto failure;
403 }
404
405 tls13_record_data(rec, &cbs);
406 if (rrt->want_data == NULL) {
407 if (CBS_data(&cbs) != NULL || CBS_len(&cbs) != 0) {
408 fprintf(stderr, "FAIL: Test %zu - got CBS with data, "
409 "want NULL\n", test_no);
410 goto failure;
411 }
412 goto done;
413 }
414 if (!CBS_mem_equal(&cbs, rrt->want_data, rrt->want_len)) {
415 fprintf(stderr, "FAIL: Test %zu - data mismatch\n", test_no);
416 fprintf(stderr, "Got record data:\n");
417 hexdump(CBS_data(&cbs), CBS_len(&cbs));
418 fprintf(stderr, "Want record data:\n");
419 hexdump(rrt->want_data, rrt->want_len);
420 goto failure;
421 }
422
423 if (!tls13_record_header(rec, &cbs)) {
424 fprintf(stderr, "FAIL: Test %zu - fail to get record "
425 "header", test_no);
426 goto failure;
427 }
428 if (!CBS_mem_equal(&cbs, rrt->want_data, TLS13_RECORD_HEADER_LEN)) {
429 fprintf(stderr, "FAIL: Test %zu - header mismatch\n", test_no);
430 fprintf(stderr, "Got record header:\n");
431 hexdump(CBS_data(&cbs), CBS_len(&cbs));
432 fprintf(stderr, "Want record header:\n");
433 hexdump(rrt->want_data, rrt->want_len);
434 goto failure;
435 }
436
437 if (!tls13_record_content(rec, &cbs)) {
438 fprintf(stderr, "FAIL: Test %zu - fail to get record "
439 "content", test_no);
440 goto failure;
441 }
442 if (!CBS_mem_equal(&cbs, rrt->want_data + TLS13_RECORD_HEADER_LEN,
443 rrt->want_len - TLS13_RECORD_HEADER_LEN)) {
444 fprintf(stderr, "FAIL: Test %zu - content mismatch\n", test_no);
445 fprintf(stderr, "Got record content:\n");
446 hexdump(CBS_data(&cbs), CBS_len(&cbs));
447 fprintf(stderr, "Want record content:\n");
448 hexdump(rrt->want_data, rrt->want_len);
449 goto failure;
450 }
451
452 done:
453 failed = 0;
454
455 failure:
456 tls13_record_free(rec);
457
458 return failed;
459}
460
461static int
462test_record_send(size_t test_no, struct record_send_test *rst)
463{
464 uint8_t *data = NULL;
465 struct tls13_record *rec;
466 struct rw_state ws;
467 int failed = 1;
468 ssize_t ret;
469 size_t i;
470
471 if ((ws.buf = malloc(TLS13_RECORD_MAX_LEN)) == NULL)
472 errx(1, "malloc");
473
474 ws.offset = 0;
475
476 if ((rec = tls13_record_new()) == NULL)
477 errx(1, "tls13_record_new");
478
479 if ((data = malloc(rst->data_len)) == NULL)
480 errx(1, "malloc");
481 memcpy(data, rst->data, rst->data_len);
482
483 if (!tls13_record_set_data(rec, data, rst->data_len)) {
484 fprintf(stderr, "FAIL: Test %zu - failed to set record data\n",
485 test_no);
486 goto failure;
487 }
488 data = NULL;
489
490 for (i = 0; rst->rt[i].rw_len != 0 || rst->rt[i].want_ret != 0; i++) {
491 ws.eof = rst->rt[i].eof;
492 ws.len = rst->rt[i].rw_len;
493
494 ret = tls13_record_send(rec, write_cb, &ws);
495 if (ret != rst->rt[i].want_ret) {
496 fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_send "
497 "returned %zd, want %zd\n", test_no, i, ret,
498 rst->rt[i].want_ret);
499 goto failure;
500 }
501 }
502
503 if (rst->want_data != NULL &&
504 memcmp(ws.buf, rst->want_data, rst->want_len) != 0) {
505 fprintf(stderr, "FAIL: Test %zu - content mismatch\n", test_no);
506 fprintf(stderr, "Got record data:\n");
507 hexdump(rst->data, rst->data_len);
508 fprintf(stderr, "Want record data:\n");
509 hexdump(rst->want_data, rst->want_len);
510 goto failure;
511 }
512
513 failed = 0;
514
515 failure:
516 tls13_record_free(rec);
517 free(ws.buf);
518
519 return failed;
520}
521
522static int
523test_recv_records(void)
524{
525 int failed = 0;
526 size_t i;
527
528 for (i = 0; i < N_RECORD_RECV_TESTS; i++)
529 failed |= test_record_recv(i, &record_recv_tests[i]);
530
531 return failed;
532}
533
534static int
535test_send_records(void)
536{
537 int failed = 0;
538 size_t i;
539
540 for (i = 0; i < N_RECORD_SEND_TESTS; i++)
541 failed |= test_record_send(i, &record_send_tests[i]);
542
543 return failed;
544}
545
546int
547main(int argc, char **argv)
548{
549 int failed = 0;
550
551 failed |= test_recv_records();
552 failed |= test_send_records();
553
554 return failed;
555}
diff --git a/src/regress/lib/libssl/record_layer/Makefile b/src/regress/lib/libssl/record_layer/Makefile
deleted file mode 100644
index 66c48dd769..0000000000
--- a/src/regress/lib/libssl/record_layer/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2020/03/13 16:04:31 jsing Exp $
2
3PROG= record_layer_test
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/record_layer/record_layer_test.c b/src/regress/lib/libssl/record_layer/record_layer_test.c
deleted file mode 100644
index 2db0c10f83..0000000000
--- a/src/regress/lib/libssl/record_layer/record_layer_test.c
+++ /dev/null
@@ -1,306 +0,0 @@
1/* $OpenBSD: record_layer_test.c,v 1.6 2022/11/26 16:08:56 tb Exp $ */
2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <string.h>
20
21#include "ssl_local.h"
22#include "tls13_internal.h"
23#include "tls13_record.h"
24
25int tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl,
26 uint8_t *seq_num);
27int tls13_record_layer_inc_seq_num(uint8_t *seq_num);
28
29static void
30hexdump(const unsigned char *buf, size_t len)
31{
32 size_t i;
33
34 for (i = 1; i <= len; i++)
35 fprintf(stderr, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
36 if (len % 8 != 0)
37 fprintf(stderr, "\n");
38}
39
40struct seq_num_test {
41 uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
42 uint8_t want_num[TLS13_RECORD_SEQ_NUM_LEN];
43 int want;
44};
45
46struct seq_num_test seq_num_dtls_tests[] = {
47 {
48 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
49 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
50 .want = 1,
51 },
52 {
53 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
54 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
55 .want = 1,
56 },
57 {
58 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe},
59 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
60 .want = 1,
61 },
62 {
63 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
64 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
65 .want = 1,
66 },
67 {
68 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
69 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01},
70 .want = 1,
71 },
72 {
73 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xff},
74 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00},
75 .want = 1,
76 },
77 {
78 .seq_num = {0xab, 0xcd, 0xef, 0x00, 0xfe, 0xff, 0xff, 0xff},
79 .want_num = {0xab, 0xcd, 0xef, 0x00, 0xff, 0x00, 0x00, 0x00},
80 .want = 1,
81 },
82 {
83 .seq_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
84 .want_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
85 .want = 0,
86 },
87 {
88 .seq_num = {0x01, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff},
89 .want_num = {0x01, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00},
90 .want = 1,
91 },
92 {
93 .seq_num = {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
94 .want_num = {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
95 .want = 1,
96 },
97 {
98 .seq_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
99 .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
100 .want = 1,
101 },
102 {
103 .seq_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
104 .want_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
105 .want = 0,
106 },
107 {
108 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
109 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
110 .want = 1,
111 },
112 {
113 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
114 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
115 .want = 0,
116 },
117};
118
119#define N_SEQ_NUM_DTLS_TESTS \
120 (sizeof(seq_num_dtls_tests) / sizeof(seq_num_dtls_tests[0]))
121
122struct seq_num_test seq_num_tls_tests[] = {
123 {
124 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
125 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
126 .want = 1,
127 },
128 {
129 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
130 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
131 .want = 1,
132 },
133 {
134 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe},
135 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
136 .want = 1,
137 },
138 {
139 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
140 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
141 .want = 1,
142 },
143 {
144 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
145 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01},
146 .want = 1,
147 },
148 {
149 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xff},
150 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00},
151 .want = 1,
152 },
153 {
154 .seq_num = {0xab, 0xcd, 0xef, 0x00, 0xfe, 0xff, 0xff, 0xff},
155 .want_num = {0xab, 0xcd, 0xef, 0x00, 0xff, 0x00, 0x00, 0x00},
156 .want = 1,
157 },
158 {
159 .seq_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
160 .want_num = {0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
161 .want = 1,
162 },
163 {
164 .seq_num = {0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
165 .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
166 .want = 1,
167 },
168 {
169 .seq_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
170 .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
171 .want = 1,
172 },
173 {
174 .seq_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
175 .want_num = {0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
176 .want = 1,
177 },
178 {
179 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
180 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
181 .want = 1,
182 },
183 {
184 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
185 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
186 .want = 0,
187 },
188};
189
190#define N_SEQ_NUM_TLS_TESTS \
191 (sizeof(seq_num_tls_tests) / sizeof(seq_num_tls_tests[0]))
192
193#ifndef TLS12_RECORD_SEQ_NUM_LEN
194#define TLS12_RECORD_SEQ_NUM_LEN 8
195#endif
196
197static int
198do_seq_num_test_tls12(size_t test_no, int dtls, struct seq_num_test *snt)
199{
200 uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN];
201 struct tls12_record_layer *rl;
202 int failed = 1;
203 int ret;
204
205 if ((rl = tls12_record_layer_new()) == NULL)
206 errx(1, "tls12_record_layer_new");
207
208 if (dtls)
209 tls12_record_layer_set_version(rl, DTLS1_2_VERSION);
210
211 memcpy(seq_num, snt->seq_num, sizeof(seq_num));
212
213 if ((ret = tls12_record_layer_inc_seq_num(rl, seq_num)) != snt->want) {
214 fprintf(stderr, "FAIL: Test %zu - got return %d, want %d\n",
215 test_no, ret, snt->want);
216 goto failure;
217 }
218
219 if (memcmp(seq_num, snt->want_num, sizeof(seq_num)) != 0) {
220 fprintf(stderr, "FAIL: Test %zu - got sequence number:\n",
221 test_no);
222 hexdump(seq_num, sizeof(seq_num));
223 fprintf(stderr, "want:\n");
224 hexdump(snt->want_num, sizeof(snt->want_num));
225 goto failure;
226 }
227
228 failed = 0;
229
230 failure:
231 tls12_record_layer_free(rl);
232
233 return failed;
234}
235
236static int
237test_seq_num_tls12(void)
238{
239 int failed = 0;
240 size_t i;
241
242 fprintf(stderr, "Running TLSv1.2 sequence number tests...\n");
243 for (i = 0; i < N_SEQ_NUM_TLS_TESTS; i++)
244 failed |= do_seq_num_test_tls12(i, 0, &seq_num_tls_tests[i]);
245
246 fprintf(stderr, "Running DTLSv1.2 sequence number tests...\n");
247 for (i = 0; i < N_SEQ_NUM_DTLS_TESTS; i++)
248 failed |= do_seq_num_test_tls12(i, 1, &seq_num_dtls_tests[i]);
249
250 return failed;
251}
252
253static int
254do_seq_num_test_tls13(size_t test_no, struct seq_num_test *snt)
255{
256 uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
257 int failed = 1;
258 int ret;
259
260 memcpy(seq_num, snt->seq_num, sizeof(seq_num));
261
262 if ((ret = tls13_record_layer_inc_seq_num(seq_num)) != snt->want) {
263 fprintf(stderr, "FAIL: Test %zu - got return %d, want %d\n",
264 test_no, ret, snt->want);
265 goto failure;
266 }
267
268 if (memcmp(seq_num, snt->want_num, sizeof(seq_num)) != 0) {
269 fprintf(stderr, "FAIL: Test %zu - got sequence number:\n",
270 test_no);
271 hexdump(seq_num, sizeof(seq_num));
272 fprintf(stderr, "want:\n");
273 hexdump(snt->want_num, sizeof(snt->want_num));
274 goto failure;
275 }
276
277 failed = 0;
278
279 failure:
280 return failed;
281}
282
283static int
284test_seq_num_tls13(void)
285{
286 int failed = 0;
287 size_t i;
288
289 fprintf(stderr, "Running TLSv1.3 sequence number tests...\n");
290
291 for (i = 0; i < N_SEQ_NUM_TLS_TESTS; i++)
292 failed |= do_seq_num_test_tls13(i, &seq_num_tls_tests[i]);
293
294 return failed;
295}
296
297int
298main(int argc, char **argv)
299{
300 int failed = 0;
301
302 failed |= test_seq_num_tls12();
303 failed |= test_seq_num_tls13();
304
305 return failed;
306}
diff --git a/src/regress/lib/libssl/renegotiation/Makefile b/src/regress/lib/libssl/renegotiation/Makefile
deleted file mode 100644
index 55f323e158..0000000000
--- a/src/regress/lib/libssl/renegotiation/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2025/02/01 12:26:50 jsing Exp $
2
3PROG= renegotiation_test
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS= \
10 regress-renegotiation-test
11
12regress-renegotiation-test: ${PROG}
13 ./renegotiation_test \
14 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
15 ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
16 ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/renegotiation/renegotiation_test.c b/src/regress/lib/libssl/renegotiation/renegotiation_test.c
deleted file mode 100644
index 1c9f35237f..0000000000
--- a/src/regress/lib/libssl/renegotiation/renegotiation_test.c
+++ /dev/null
@@ -1,650 +0,0 @@
1/* $OpenBSD: renegotiation_test.c,v 1.3 2025/03/12 14:07:35 jsing Exp $ */
2/*
3 * Copyright (c) 2020,2025 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include <openssl/bio.h>
21#include <openssl/err.h>
22#include <openssl/ssl.h>
23
24const char *server_ca_file;
25const char *server_cert_file;
26const char *server_key_file;
27
28int debug = 0;
29
30int tls_client_alert;
31int tls_server_alert;
32
33static void
34hexdump(const unsigned char *buf, size_t len)
35{
36 size_t i;
37
38 for (i = 1; i <= len; i++)
39 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
40
41 if (len % 8)
42 fprintf(stderr, "\n");
43}
44
45static SSL *
46tls_client(BIO *rbio, BIO *wbio)
47{
48 SSL_CTX *ssl_ctx = NULL;
49 SSL *ssl = NULL;
50
51 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
52 errx(1, "client context");
53
54 if ((ssl = SSL_new(ssl_ctx)) == NULL)
55 errx(1, "client ssl");
56
57 BIO_up_ref(rbio);
58 BIO_up_ref(wbio);
59
60 SSL_set_bio(ssl, rbio, wbio);
61
62 SSL_CTX_free(ssl_ctx);
63
64 return ssl;
65}
66
67static SSL *
68tls_server(BIO *rbio, BIO *wbio)
69{
70 SSL_CTX *ssl_ctx = NULL;
71 SSL *ssl = NULL;
72
73 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
74 errx(1, "server context");
75
76 SSL_CTX_set_dh_auto(ssl_ctx, 2);
77
78 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
79 SSL_FILETYPE_PEM) != 1) {
80 fprintf(stderr, "FAIL: Failed to load server certificate");
81 goto failure;
82 }
83 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
84 SSL_FILETYPE_PEM) != 1) {
85 fprintf(stderr, "FAIL: Failed to load server private key");
86 goto failure;
87 }
88
89 if ((ssl = SSL_new(ssl_ctx)) == NULL)
90 errx(1, "server ssl");
91
92 BIO_up_ref(rbio);
93 BIO_up_ref(wbio);
94
95 SSL_set_bio(ssl, rbio, wbio);
96
97 failure:
98 SSL_CTX_free(ssl_ctx);
99
100 return ssl;
101}
102
103static int
104ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
105{
106 int ssl_err;
107
108 ssl_err = SSL_get_error(ssl, ssl_ret);
109
110 if (ssl_err == SSL_ERROR_WANT_READ) {
111 return 1;
112 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
113 return 1;
114 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
115 /* Yup, this is apparently a thing... */
116 } else {
117 if (tls_client_alert >> 8 == SSL3_AL_FATAL ||
118 tls_server_alert >> 8 == SSL3_AL_FATAL) {
119 ERR_clear_error();
120 return 0;
121 }
122 if (tls_client_alert >> 8 == SSL3_AL_WARNING ||
123 tls_server_alert >> 8 == SSL3_AL_WARNING) {
124 ERR_clear_error();
125 return 1;
126 }
127 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
128 name, desc, ssl_err, errno);
129 ERR_print_errors_fp(stderr);
130 return 0;
131 }
132
133 return 1;
134}
135
136static int
137do_connect(SSL *ssl, const char *name, int *done)
138{
139 int ssl_ret;
140
141 if ((ssl_ret = SSL_connect(ssl)) == 1) {
142 fprintf(stderr, "INFO: %s connect done\n", name);
143 *done = 1;
144 return 1;
145 }
146
147 return ssl_error(ssl, name, "connect", ssl_ret);
148}
149
150static int
151do_accept(SSL *ssl, const char *name, int *done)
152{
153 int ssl_ret;
154
155 if ((ssl_ret = SSL_accept(ssl)) == 1) {
156 fprintf(stderr, "INFO: %s accept done\n", name);
157 *done = 1;
158 return 1;
159 }
160
161 return ssl_error(ssl, name, "accept", ssl_ret);
162}
163
164static int
165do_read(SSL *ssl, const char *name, int *done)
166{
167 uint8_t buf[512];
168 int ssl_ret;
169
170 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) {
171 fprintf(stderr, "INFO: %s read done\n", name);
172 if (debug > 1)
173 hexdump(buf, ssl_ret);
174 *done = 1;
175 return 1;
176 }
177
178 return ssl_error(ssl, name, "read", ssl_ret);
179}
180
181static int
182do_write(SSL *ssl, const char *name, int *done)
183{
184 const uint8_t buf[] = "Hello, World!\n";
185 int ssl_ret;
186
187 if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) {
188 fprintf(stderr, "INFO: %s write done\n", name);
189 *done = 1;
190 return 1;
191 }
192
193 return ssl_error(ssl, name, "write", ssl_ret);
194}
195
196static int
197do_shutdown(SSL *ssl, const char *name, int *done)
198{
199 int ssl_ret;
200
201 ssl_ret = SSL_shutdown(ssl);
202 if (ssl_ret == 1) {
203 fprintf(stderr, "INFO: %s shutdown done\n", name);
204 *done = 1;
205 return 1;
206 }
207 return ssl_error(ssl, name, "shutdown", ssl_ret);
208}
209
210typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
211
212static int
213do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
214 ssl_func server_func)
215{
216 int client_done = 0, server_done = 0;
217 int i = 0;
218
219 do {
220 if (!client_done) {
221 if (debug)
222 fprintf(stderr, "DEBUG: client loop\n");
223 if (!client_func(client, "client", &client_done))
224 return 0;
225 }
226 if (!server_done) {
227 if (debug)
228 fprintf(stderr, "DEBUG: server loop\n");
229 if (!server_func(server, "server", &server_done))
230 return 0;
231 }
232 } while (i++ < 100 && (!client_done || !server_done));
233
234 if (!client_done || !server_done)
235 fprintf(stderr, "FAIL: gave up\n");
236
237 return client_done && server_done;
238}
239
240struct tls_reneg_test {
241 const unsigned char *desc;
242 int ssl_max_proto_version;
243 long ssl_client_options;
244 long ssl_server_options;
245 int renegotiate_client;
246 int renegotiate_server;
247 int client_ignored;
248 int want_client_alert;
249 int want_server_alert;
250 int want_failure;
251};
252
253static const struct tls_reneg_test tls_reneg_tests[] = {
254 {
255 .desc = "TLSv1.2 - Renegotiation permitted, no renegotiation",
256 .ssl_max_proto_version = TLS1_2_VERSION,
257 },
258 {
259 .desc = "TLSv1.2 - Renegotiation permitted, server initiated "
260 "renegotiation",
261 .ssl_max_proto_version = TLS1_2_VERSION,
262 .renegotiate_server = 1,
263 },
264 {
265 .desc = "TLSv1.2 - Renegotiation permitted, client initiated "
266 "renegotiation",
267 .ssl_max_proto_version = TLS1_2_VERSION,
268 .renegotiate_client = 1,
269 },
270 {
271 .desc = "TLSv1.2 - Renegotiation permitted, server and client "
272 "initiated renegotiation",
273 .ssl_max_proto_version = TLS1_2_VERSION,
274 .renegotiate_client = 1,
275 .renegotiate_server = 1,
276 },
277 {
278 .desc = "TLSv1.2 - Client renegotiation not permitted, server "
279 "initiated renegotiation",
280 .ssl_max_proto_version = TLS1_2_VERSION,
281 .ssl_server_options = SSL_OP_NO_CLIENT_RENEGOTIATION,
282 .renegotiate_server = 1,
283 .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
284 },
285 {
286 .desc = "TLSv1.2 - Client renegotiation not permitted, client "
287 "initiated renegotiation",
288 .ssl_max_proto_version = TLS1_2_VERSION,
289 .ssl_server_options = SSL_OP_NO_CLIENT_RENEGOTIATION,
290 .renegotiate_client = 1,
291 .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
292 },
293 {
294 .desc = "TLSv1.2 - Client renegotiation not permitted, client "
295 "initiated renegotiation",
296 .ssl_max_proto_version = TLS1_2_VERSION,
297 .ssl_server_options = SSL_OP_NO_RENEGOTIATION,
298 .renegotiate_client = 1,
299 .want_client_alert = SSL3_AL_FATAL << 8 | SSL_AD_NO_RENEGOTIATION,
300 },
301 {
302 .desc = "TLSv1.2 - Server renegotiation not permitted, server "
303 "initiated renegotiation",
304 .ssl_max_proto_version = TLS1_2_VERSION,
305 .ssl_client_options = SSL_OP_NO_RENEGOTIATION,
306 .renegotiate_server = 1,
307 .client_ignored = 1,
308 .want_server_alert = SSL3_AL_WARNING << 8 | SSL_AD_NO_RENEGOTIATION,
309 },
310 {
311 .desc = "TLSv1.2 - Client renegotiation permitted, client "
312 "initiated renegotiation",
313 .ssl_max_proto_version = TLS1_2_VERSION,
314 .ssl_server_options = SSL_OP_NO_RENEGOTIATION |
315 SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
316 .renegotiate_client = 1,
317 },
318 {
319 .desc = "TLSv1.2 - Client renegotiation permitted, server "
320 "initiated renegotiation",
321 .ssl_max_proto_version = TLS1_2_VERSION,
322 .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
323 .renegotiate_server = 1,
324 },
325 {
326 .desc = "TLSv1.2 - Client renegotiation permitted, client "
327 "initiated renegotiation",
328 .ssl_max_proto_version = TLS1_2_VERSION,
329 .ssl_server_options = SSL_OP_ALLOW_CLIENT_RENEGOTIATION,
330 .renegotiate_client = 1,
331 },
332 {
333 .desc = "TLSv1.2 - Client renegotiation disabled, client "
334 "initiated renegotiation",
335 .ssl_max_proto_version = TLS1_2_VERSION,
336 .ssl_client_options = SSL_OP_NO_RENEGOTIATION,
337 .renegotiate_client = 1,
338 .want_failure = 1,
339 },
340 {
341 .desc = "TLSv1.2 - Server renegotiation disabled, server "
342 "initiated renegotiation",
343 .ssl_max_proto_version = TLS1_2_VERSION,
344 .ssl_server_options = SSL_OP_NO_RENEGOTIATION,
345 .renegotiate_server = 1,
346 .want_failure = 1,
347 },
348 {
349 .desc = "TLSv1.3 - No renegotiation supported, no renegotiation",
350 .ssl_max_proto_version = TLS1_3_VERSION,
351 },
352 {
353 .desc = "TLSv1.3 - No renegotiation supported, server "
354 "initiated renegotiation",
355 .ssl_max_proto_version = TLS1_3_VERSION,
356 .renegotiate_server = 1,
357 .want_failure = 1,
358 },
359 {
360 .desc = "TLSv1.3 - No renegotiation supported, client "
361 "initiated renegotiation",
362 .ssl_max_proto_version = TLS1_3_VERSION,
363 .renegotiate_client = 1,
364 .want_failure = 1,
365 },
366};
367
368#define N_TLS_RENEG_TESTS (sizeof(tls_reneg_tests) / sizeof(*tls_reneg_tests))
369
370static void
371tls_client_info_callback(const SSL *ssl, int where, int value)
372{
373 if (where == SSL_CB_READ_ALERT) {
374 fprintf(stderr, "INFO: client read %s alert - %s\n",
375 SSL_alert_type_string_long(value),
376 SSL_alert_desc_string_long(value));
377 tls_client_alert = value;
378 }
379}
380
381static void
382tls_server_info_callback(const SSL *ssl, int where, int value)
383{
384 if (where == SSL_CB_READ_ALERT) {
385 fprintf(stderr, "INFO: server read %s alert - %s\n",
386 SSL_alert_type_string_long(value),
387 SSL_alert_desc_string_long(value));
388 tls_server_alert = value;
389 }
390}
391
392static int
393tls_check_reneg(SSL *client, SSL *server, int client_pending,
394 int server_pending, long client_num_reneg, long server_num_reneg)
395{
396 if (debug) {
397 fprintf(stderr, "DEBUG: client - pending = %d, num reneg = %ld\n",
398 SSL_renegotiate_pending(client), SSL_num_renegotiations(client));
399 fprintf(stderr, "DEBUG: server - pending = %d, num reneg = %ld\n",
400 SSL_renegotiate_pending(server), SSL_num_renegotiations(server));
401 }
402
403 if (SSL_renegotiate_pending(client) != client_pending) {
404 fprintf(stderr, "FAIL: client SSL_renegotiate_pending() = %d, want %d\n",
405 SSL_renegotiate_pending(client), client_pending);
406 return 0;
407 }
408 if (SSL_renegotiate_pending(server) != server_pending) {
409 fprintf(stderr, "FAIL: server SSL_renegotiate_pending() = %d, want %d\n",
410 SSL_renegotiate_pending(server), server_pending);
411 return 0;
412 }
413 if (SSL_num_renegotiations(client) != client_num_reneg) {
414 fprintf(stderr, "FAIL: client SSL_num_renegotiations() = %ld, want %ld\n",
415 SSL_num_renegotiations(client), client_num_reneg);
416 return 0;
417 }
418 if (SSL_num_renegotiations(server) != server_num_reneg) {
419 fprintf(stderr, "FAIL: server SSL_num_renegotiations() = %ld, want %ld\n",
420 SSL_num_renegotiations(server), server_num_reneg);
421 return 0;
422 }
423 return 1;
424}
425
426static int
427tls_reneg_test(const struct tls_reneg_test *trt)
428{
429 BIO *client_wbio = NULL, *server_wbio = NULL;
430 SSL *client = NULL, *server = NULL;
431 int failed = 1;
432
433 fprintf(stderr, "\n== Testing %s... ==\n", trt->desc);
434
435 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
436 goto failure;
437 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
438 goto failure;
439
440 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
441 goto failure;
442 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
443 goto failure;
444
445 if ((client = tls_client(server_wbio, client_wbio)) == NULL)
446 goto failure;
447
448 SSL_set_options(client, trt->ssl_client_options);
449 SSL_set_info_callback(client, tls_client_info_callback);
450
451 if ((server = tls_server(client_wbio, server_wbio)) == NULL)
452 goto failure;
453
454 SSL_set_options(server, trt->ssl_server_options);
455 SSL_set_info_callback(server, tls_server_info_callback);
456
457 if (!SSL_set_max_proto_version(server, trt->ssl_max_proto_version))
458 goto failure;
459
460 tls_client_alert = 0;
461 tls_server_alert = 0;
462
463 if (!do_client_server_loop(client, do_connect, server, do_accept)) {
464 fprintf(stderr, "FAIL: client and server handshake failed\n");
465 goto failure;
466 }
467
468 if (!do_client_server_loop(client, do_write, server, do_read)) {
469 fprintf(stderr, "FAIL: client write and server read failed\n");
470 goto failure;
471 }
472
473 if (!do_client_server_loop(client, do_read, server, do_write)) {
474 fprintf(stderr, "FAIL: client read and server write failed\n");
475 goto failure;
476 }
477
478 if (!tls_check_reneg(client, server, 0, 0, 0, 0))
479 goto failure;
480
481 if (trt->renegotiate_server) {
482 /*
483 * Trigger renegotiation from the server - this results in the
484 * server sending a HelloRequest, then waiting for the client to
485 * respond with a ClientHello.
486 */
487 if (!SSL_renegotiate(server)) {
488 if (!trt->want_failure) {
489 fprintf(stderr, "FAIL: server renegotiation failed\n");
490 goto failure;
491 }
492 goto done;
493 }
494 if (trt->want_failure) {
495 fprintf(stderr, "FAIL: server renegotiation should have failed\n");
496 goto failure;
497 }
498
499 if (!tls_check_reneg(client, server, 0, 1, 0, 0))
500 goto failure;
501
502 if (!do_client_server_loop(client, do_read, server, do_write)) {
503 fprintf(stderr, "FAIL: client read and server write failed\n");
504 goto failure;
505 }
506
507 if (!tls_check_reneg(client, server, (trt->client_ignored == 0), 1,
508 (trt->client_ignored == 0), 1))
509 goto failure;
510
511 if (!do_client_server_loop(client, do_write, server, do_read)) {
512 if (!trt->want_client_alert && !trt->want_server_alert) {
513 fprintf(stderr, "FAIL: client write and server read failed\n");
514 goto failure;
515 }
516 if (tls_client_alert != trt->want_client_alert) {
517 fprintf(stderr, "FAIL: client alert = %x, want %x\n",
518 tls_client_alert, trt->want_client_alert);
519 goto failure;
520 }
521 if (tls_server_alert != trt->want_server_alert) {
522 fprintf(stderr, "FAIL: server alert = %x, want %x\n",
523 tls_server_alert, trt->want_server_alert);
524 goto failure;
525 }
526 goto done;
527 }
528 if (tls_client_alert != trt->want_client_alert) {
529 fprintf(stderr, "FAIL: client alert = %x, want %x\n",
530 tls_client_alert, trt->want_client_alert);
531 goto failure;
532 }
533 if (tls_server_alert != trt->want_server_alert) {
534 fprintf(stderr, "FAIL: server alert = %x, want %x\n",
535 tls_server_alert, trt->want_server_alert);
536 goto failure;
537 }
538
539 if (!tls_check_reneg(client, server, 0, (trt->client_ignored != 0),
540 (trt->client_ignored == 0), 1))
541 goto failure;
542 }
543
544 SSL_clear_num_renegotiations(client);
545 SSL_clear_num_renegotiations(server);
546
547 tls_client_alert = 0;
548 tls_server_alert = 0;
549
550 if (trt->renegotiate_client) {
551 /*
552 * Trigger renegotiation from the client - this results in the
553 * client sending a ClientHello.
554 */
555 if (!SSL_renegotiate(client)) {
556 if (!trt->want_failure) {
557 fprintf(stderr, "FAIL: client renegotiation failed\n");
558 goto failure;
559 }
560 goto done;
561 }
562 if (trt->want_failure) {
563 fprintf(stderr, "FAIL: client renegotiation should have failed\n");
564 goto failure;
565 }
566
567 if (!tls_check_reneg(client, server, 1, 0, 0, 0))
568 goto failure;
569
570 if (!do_client_server_loop(client, do_read, server, do_write)) {
571 fprintf(stderr, "FAIL: client read and server write failed\n");
572 goto failure;
573 }
574
575 if (!tls_check_reneg(client, server, 1, 0, 1, 0))
576 goto failure;
577
578 if (!do_client_server_loop(client, do_write, server, do_read)) {
579 if (!trt->want_client_alert && !trt->want_server_alert) {
580 fprintf(stderr, "FAIL: client write and server read failed\n");
581 goto failure;
582 }
583 if (tls_client_alert != trt->want_client_alert) {
584 fprintf(stderr, "FAIL: client alert = %x, want %x\n",
585 tls_client_alert, trt->want_client_alert);
586 goto failure;
587 }
588 if (tls_server_alert != trt->want_server_alert) {
589 fprintf(stderr, "FAIL: server alert = %x, want %x\n",
590 tls_server_alert, trt->want_server_alert);
591 goto failure;
592 }
593 goto done;
594 }
595 if (tls_client_alert != trt->want_client_alert) {
596 fprintf(stderr, "FAIL: client alert = %x, want %x\n",
597 tls_client_alert, trt->want_client_alert);
598 goto failure;
599 }
600 if (tls_server_alert != trt->want_server_alert) {
601 fprintf(stderr, "FAIL: server alert = %x, want %x\n",
602 tls_server_alert, trt->want_server_alert);
603 goto failure;
604 }
605
606 if (!tls_check_reneg(client, server, 0, 0, 1, 0))
607 goto failure;
608 }
609
610 if (!do_client_server_loop(client, do_shutdown, server, do_shutdown)) {
611 fprintf(stderr, "FAIL: client and server shutdown failed\n");
612 goto failure;
613 }
614
615 done:
616 fprintf(stderr, "INFO: Done!\n");
617
618 failed = 0;
619
620 failure:
621 BIO_free(client_wbio);
622 BIO_free(server_wbio);
623
624 SSL_free(client);
625 SSL_free(server);
626
627 return failed;
628}
629
630int
631main(int argc, char **argv)
632{
633 int failed = 0;
634 size_t i;
635
636 if (argc != 4) {
637 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
638 argv[0]);
639 exit(1);
640 }
641
642 server_key_file = argv[1];
643 server_cert_file = argv[2];
644 server_ca_file = argv[3];
645
646 for (i = 0; i < N_TLS_RENEG_TESTS; i++)
647 failed |= tls_reneg_test(&tls_reneg_tests[i]);
648
649 return failed;
650}
diff --git a/src/regress/lib/libssl/rust-openssl/Cargo.toml b/src/regress/lib/libssl/rust-openssl/Cargo.toml
deleted file mode 100644
index 63194cb3fd..0000000000
--- a/src/regress/lib/libssl/rust-openssl/Cargo.toml
+++ /dev/null
@@ -1,9 +0,0 @@
1[workspace]
2resolver = "2"
3members = [
4 "openssl",
5 "openssl-errors",
6 "openssl-macros",
7 "openssl-sys",
8 "systest",
9]
diff --git a/src/regress/lib/libssl/rust-openssl/Makefile b/src/regress/lib/libssl/rust-openssl/Makefile
deleted file mode 100644
index dc17deee61..0000000000
--- a/src/regress/lib/libssl/rust-openssl/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2024/06/23 13:53:21 tb Exp $
2
3RUST_OPENSSL_TESTS = /usr/local/share/rust-openssl-tests
4CARGO = /usr/local/bin/cargo
5
6.if !exists(${RUST_OPENSSL_TESTS}) || !exists(${CARGO})
7regress:
8 @echo packages rust-openssl-tests and rust are required for this regress
9 @echo SKIPPED
10.else
11
12REGRESS_TARGETS += rust-openssl-test
13
14WORKSPACE_LINKS = openssl openssl-errors openssl-macros openssl-sys systest
15
16_WORKSPACE_COOKIE = .workspace
17
18${_WORKSPACE_COOKIE}:
19. if ${.CURDIR} != ${.OBJDIR}
20 cp ${.CURDIR}/Cargo.toml ${.OBJDIR}/
21. endif
22 mkdir -p .cargo
23 cp ${.CURDIR}/config.toml .cargo/
24 cd ${.OBJDIR} && ln -sf ${WORKSPACE_LINKS:S,^,${RUST_OPENSSL_TESTS}/,} .
25 touch $@
26
27CLEANFILES += Cargo.lock
28
29. if ${.CURDIR} != ${.OBJDIR}
30CLEANFILES += Cargo.toml
31. endif
32
33# Force use of base-clang on sparc64 since the build with base-gcc fails with:
34# error occurred: Command "cc" "-O0" "-ffunction-sections" "-fdata-sections" [...]
35# did not execute successfully (status code exit status: 1).
36. if "${MACHINE_ARCH}" == sparc64
37CARGO_CC=/usr/bin/clang
38. else
39CARGO_CC=cc
40. endif
41
42rust-openssl-test: ${_WORKSPACE_COOKIE}
43 cd ${.OBJDIR} && env CC=${CARGO_CC} \
44 cargo test --offline --color=never -- --color=never
45
46CLEANFILES += ${_WORKSPACE_COOKIE} ${WORKSPACE_LINKS}
47
48. if make(clean) || make(cleandir)
49. if exists(.cargo) || exists(target)
50.BEGIN:
51 rm -rf .cargo
52 rm -rf target
53. endif
54. endif
55
56.endif
57
58.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/rust-openssl/config.toml b/src/regress/lib/libssl/rust-openssl/config.toml
deleted file mode 100644
index a47474744d..0000000000
--- a/src/regress/lib/libssl/rust-openssl/config.toml
+++ /dev/null
@@ -1,6 +0,0 @@
1[net]
2 offline = true
3[source.modcargo]
4 directory = '/usr/local/share/rust-openssl-tests/modcargo-crates'
5[source.crates-io]
6 replace-with = 'modcargo'
diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile
deleted file mode 100644
index be86dbb1ad..0000000000
--- a/src/regress/lib/libssl/server/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2024/03/20 10:38:05 jsing Exp $
2
3PROG= servertest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS= \
10 regress-servertest
11
12regress-servertest: ${PROG}
13 ./servertest \
14 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
15 ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
16 ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c
deleted file mode 100644
index d572d14520..0000000000
--- a/src/regress/lib/libssl/server/servertest.c
+++ /dev/null
@@ -1,209 +0,0 @@
1/* $OpenBSD: servertest.c,v 1.9 2023/07/11 11:52:35 tb Exp $ */
2/*
3 * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <openssl/err.h>
21#include <openssl/dtls1.h>
22#include <openssl/ssl3.h>
23
24#include <err.h>
25#include <stdio.h>
26#include <string.h>
27
28const SSL_METHOD *tls_legacy_method(void);
29
30char *server_ca_file;
31char *server_cert_file;
32char *server_key_file;
33
34static unsigned char sslv2_client_hello_tls10[] = {
35 0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
36 0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
37 0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
38 0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
39 0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
40 0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
41 0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
42 0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
43 0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
44 0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
45 0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
46 0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
47 0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
48 0xc8, 0x73, 0xad, 0x9c,
49};
50
51static unsigned char sslv2_client_hello_tls12[] = {
52 0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
53 0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
54 0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
55 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
56 0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
57 0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
58 0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
59 0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
60 0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
61 0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
62 0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
63 0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
64 0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
65 0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
66 0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
67 0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
68 0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
69 0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
70 0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
71 0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
72 0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
73 0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
74 0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
75 0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
76 0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
77 0x4e, 0x7d, 0x9d, 0x9c, 0x52,
78};
79
80struct server_hello_test {
81 const unsigned char *desc;
82 unsigned char *client_hello;
83 const size_t client_hello_len;
84 const SSL_METHOD *(*ssl_method)(void);
85 const long ssl_clear_options;
86 const long ssl_set_options;
87 int accept_fails;
88};
89
90static struct server_hello_test server_hello_tests[] = {
91 {
92 .desc = "TLSv1.0 in SSLv2 record",
93 .client_hello = sslv2_client_hello_tls10,
94 .client_hello_len = sizeof(sslv2_client_hello_tls10),
95 .ssl_method = tls_legacy_method,
96 .ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
97 .ssl_set_options = 0,
98 .accept_fails = 1,
99 },
100 {
101 .desc = "TLSv1.2 in SSLv2 record",
102 .client_hello = sslv2_client_hello_tls12,
103 .client_hello_len = sizeof(sslv2_client_hello_tls12),
104 .ssl_method = tls_legacy_method,
105 .ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
106 .ssl_set_options = 0,
107 .accept_fails = 1,
108 },
109};
110
111#define N_SERVER_HELLO_TESTS \
112 (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
113
114static int
115server_hello_test(int testno, struct server_hello_test *sht)
116{
117 BIO *rbio = NULL, *wbio = NULL;
118 SSL_CTX *ssl_ctx = NULL;
119 SSL *ssl = NULL;
120 int ret = 1;
121
122 fprintf(stderr, "Test %d - %s\n", testno, sht->desc);
123
124 if ((rbio = BIO_new_mem_buf(sht->client_hello,
125 sht->client_hello_len)) == NULL) {
126 fprintf(stderr, "Failed to setup rbio\n");
127 goto failure;
128 }
129 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
130 fprintf(stderr, "Failed to setup wbio\n");
131 goto failure;
132 }
133
134 if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
135 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
136 goto failure;
137 }
138
139 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
140 SSL_FILETYPE_PEM) != 1) {
141 fprintf(stderr, "Failed to load server certificate");
142 goto failure;
143 }
144 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
145 SSL_FILETYPE_PEM) != 1) {
146 fprintf(stderr, "Failed to load server private key");
147 goto failure;
148 }
149
150 SSL_CTX_set_dh_auto(ssl_ctx, 1);
151 SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
152
153 SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
154 SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
155
156 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
157 fprintf(stderr, "SSL_new() returned NULL\n");
158 goto failure;
159 }
160
161 BIO_up_ref(rbio);
162 BIO_up_ref(wbio);
163 SSL_set_bio(ssl, rbio, wbio);
164
165 if (SSL_accept(ssl) != 0) {
166 if (sht->accept_fails)
167 goto done;
168 fprintf(stderr, "SSL_accept() returned non-zero\n");
169 ERR_print_errors_fp(stderr);
170 goto failure;
171 }
172
173 done:
174 ret = 0;
175
176 failure:
177 SSL_CTX_free(ssl_ctx);
178 SSL_free(ssl);
179
180 BIO_free(rbio);
181 BIO_free(wbio);
182
183 return (ret);
184}
185
186int
187main(int argc, char **argv)
188{
189 int failed = 0;
190 size_t i;
191
192 if (argc != 4) {
193 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
194 argv[0]);
195 exit(1);
196 }
197
198 server_key_file = argv[1];
199 server_cert_file = argv[2];
200 server_ca_file = argv[3];
201
202 SSL_library_init();
203 SSL_load_error_strings();
204
205 for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
206 failed |= server_hello_test(i, &server_hello_tests[i]);
207
208 return (failed);
209}
diff --git a/src/regress/lib/libssl/shutdown/Makefile b/src/regress/lib/libssl/shutdown/Makefile
deleted file mode 100644
index d6a9a30544..0000000000
--- a/src/regress/lib/libssl/shutdown/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $
2
3PROG= shutdowntest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS= \
10 regress-shutdowntest
11
12regress-shutdowntest: ${PROG}
13 ./shutdowntest \
14 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
15 ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
16 ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/shutdown/shutdowntest.c b/src/regress/lib/libssl/shutdown/shutdowntest.c
deleted file mode 100644
index 5b83add359..0000000000
--- a/src/regress/lib/libssl/shutdown/shutdowntest.c
+++ /dev/null
@@ -1,656 +0,0 @@
1/* $OpenBSD: shutdowntest.c,v 1.3 2024/01/30 14:46:46 jsing Exp $ */
2/*
3 * Copyright (c) 2020, 2021, 2024 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include <openssl/bio.h>
21#include <openssl/err.h>
22#include <openssl/ssl.h>
23
24const char *server_ca_file;
25const char *server_cert_file;
26const char *server_key_file;
27
28int debug = 0;
29
30static void
31hexdump(const unsigned char *buf, size_t len)
32{
33 size_t i;
34
35 for (i = 1; i <= len; i++)
36 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
37
38 if (len % 8)
39 fprintf(stderr, "\n");
40}
41
42static SSL *
43tls_client(BIO *rbio, BIO *wbio)
44{
45 SSL_CTX *ssl_ctx = NULL;
46 SSL *ssl = NULL;
47
48 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
49 errx(1, "client context");
50
51 if ((ssl = SSL_new(ssl_ctx)) == NULL)
52 errx(1, "client ssl");
53
54 BIO_up_ref(rbio);
55 BIO_up_ref(wbio);
56
57 SSL_set_bio(ssl, rbio, wbio);
58
59 SSL_CTX_free(ssl_ctx);
60
61 return ssl;
62}
63
64static SSL *
65tls_server(BIO *rbio, BIO *wbio)
66{
67 SSL_CTX *ssl_ctx = NULL;
68 SSL *ssl = NULL;
69
70 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
71 errx(1, "server context");
72
73 SSL_CTX_set_dh_auto(ssl_ctx, 2);
74
75 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
76 SSL_FILETYPE_PEM) != 1) {
77 fprintf(stderr, "FAIL: Failed to load server certificate");
78 goto failure;
79 }
80 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
81 SSL_FILETYPE_PEM) != 1) {
82 fprintf(stderr, "FAIL: Failed to load server private key");
83 goto failure;
84 }
85
86 if ((ssl = SSL_new(ssl_ctx)) == NULL)
87 errx(1, "server ssl");
88
89 BIO_up_ref(rbio);
90 BIO_up_ref(wbio);
91
92 SSL_set_bio(ssl, rbio, wbio);
93
94 failure:
95 SSL_CTX_free(ssl_ctx);
96
97 return ssl;
98}
99
100static int
101ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
102{
103 int ssl_err;
104
105 ssl_err = SSL_get_error(ssl, ssl_ret);
106
107 if (ssl_err == SSL_ERROR_WANT_READ) {
108 return 1;
109 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
110 return 1;
111 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
112 /* Yup, this is apparently a thing... */
113 return 1;
114 } else {
115 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
116 name, desc, ssl_err, errno);
117 ERR_print_errors_fp(stderr);
118 return 0;
119 }
120}
121
122static int
123do_connect(SSL *ssl, const char *name, int *done)
124{
125 int ssl_ret;
126
127 if ((ssl_ret = SSL_connect(ssl)) == 1) {
128 fprintf(stderr, "INFO: %s connect done\n", name);
129 *done = 1;
130 return 1;
131 }
132
133 return ssl_error(ssl, name, "connect", ssl_ret);
134}
135
136static int
137do_accept(SSL *ssl, const char *name, int *done)
138{
139 int ssl_ret;
140
141 if ((ssl_ret = SSL_accept(ssl)) == 1) {
142 fprintf(stderr, "INFO: %s accept done\n", name);
143 *done = 1;
144 return 1;
145 }
146
147 return ssl_error(ssl, name, "accept", ssl_ret);
148}
149
150static int
151do_read(SSL *ssl, const char *name, int *done)
152{
153 uint8_t buf[512];
154 int ssl_ret;
155
156 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) {
157 fprintf(stderr, "INFO: %s read done\n", name);
158 if (debug > 1)
159 hexdump(buf, ssl_ret);
160 *done = 1;
161 return 1;
162 }
163
164 return ssl_error(ssl, name, "read", ssl_ret);
165}
166
167static int
168do_write(SSL *ssl, const char *name, int *done)
169{
170 const uint8_t buf[] = "Hello, World!\n";
171 int ssl_ret;
172
173 if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) {
174 fprintf(stderr, "INFO: %s write done\n", name);
175 *done = 1;
176 return 1;
177 }
178
179 return ssl_error(ssl, name, "write", ssl_ret);
180}
181
182static int
183do_shutdown(SSL *ssl, const char *name, int *done)
184{
185 int ssl_ret;
186
187 ssl_ret = SSL_shutdown(ssl);
188 if (ssl_ret == 1) {
189 fprintf(stderr, "INFO: %s shutdown done\n", name);
190 *done = 1;
191 return 1;
192 }
193
194 /* The astounding EOF condition. */
195 if (ssl_ret == -1 &&
196 SSL_get_error(ssl, ssl_ret) == SSL_ERROR_SYSCALL && errno == 0) {
197 fprintf(stderr, "INFO: %s shutdown encountered EOF\n", name);
198 *done = 1;
199 return 1;
200 }
201
202 return ssl_error(ssl, name, "shutdown", ssl_ret);
203}
204
205typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
206
207static int
208do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
209 ssl_func server_func)
210{
211 int client_done = 0, server_done = 0;
212 int i = 0;
213
214 do {
215 if (!client_done) {
216 if (debug)
217 fprintf(stderr, "DEBUG: client loop\n");
218 if (!client_func(client, "client", &client_done))
219 return 0;
220 }
221 if (!server_done) {
222 if (debug)
223 fprintf(stderr, "DEBUG: server loop\n");
224 if (!server_func(server, "server", &server_done))
225 return 0;
226 }
227 } while (i++ < 100 && (!client_done || !server_done));
228
229 if (!client_done || !server_done)
230 fprintf(stderr, "FAIL: gave up\n");
231
232 return client_done && server_done;
233}
234
235static int
236do_shutdown_loop(SSL *client, SSL *server)
237{
238 int client_done = 0, server_done = 0;
239 int i = 0;
240
241 do {
242 if (!client_done) {
243 if (debug)
244 fprintf(stderr, "DEBUG: client loop\n");
245 if (!do_shutdown(client, "client", &client_done))
246 return 0;
247 if (client_done)
248 BIO_set_mem_eof_return(SSL_get_wbio(client), 0);
249 }
250 if (!server_done) {
251 if (debug)
252 fprintf(stderr, "DEBUG: server loop\n");
253 if (!do_shutdown(server, "server", &server_done))
254 return 0;
255 if (server_done)
256 BIO_set_mem_eof_return(SSL_get_wbio(server), 0);
257 }
258 } while (i++ < 100 && (!client_done || !server_done));
259
260 if (!client_done || !server_done)
261 fprintf(stderr, "FAIL: gave up\n");
262
263 return client_done && server_done;
264}
265
266static void
267ssl_msg_callback(int is_write, int version, int content_type, const void *buf,
268 size_t len, SSL *ssl, void *arg)
269{
270 const uint8_t *msg = buf;
271 int *close_notify = arg;
272
273 if (is_write || content_type != SSL3_RT_ALERT)
274 return;
275 if (len == 2 && msg[0] == SSL3_AL_WARNING && msg[1] == SSL_AD_CLOSE_NOTIFY)
276 *close_notify = 1;
277}
278
279struct shutdown_test {
280 const unsigned char *desc;
281 int client_quiet_shutdown;
282 int client_set_shutdown;
283 int want_client_shutdown;
284 int want_client_close_notify;
285 int server_quiet_shutdown;
286 int server_set_shutdown;
287 int want_server_shutdown;
288 int want_server_close_notify;
289};
290
291static const struct shutdown_test shutdown_tests[] = {
292 {
293 .desc = "bidirectional shutdown",
294 .want_client_close_notify = 1,
295 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
296 .want_server_close_notify = 1,
297 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
298 },
299 {
300 .desc = "client quiet shutdown",
301 .client_quiet_shutdown = 1,
302 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
303 .want_server_shutdown = SSL_SENT_SHUTDOWN,
304 },
305 {
306 .desc = "server quiet shutdown",
307 .server_quiet_shutdown = 1,
308 .want_client_shutdown = SSL_SENT_SHUTDOWN,
309 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
310 },
311 {
312 .desc = "both quiet shutdown",
313 .client_quiet_shutdown = 1,
314 .server_quiet_shutdown = 1,
315 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
316 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
317 },
318 {
319 .desc = "client set sent shutdown",
320 .client_set_shutdown = SSL_SENT_SHUTDOWN,
321 .want_client_close_notify = 1,
322 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
323 .want_server_shutdown = SSL_SENT_SHUTDOWN,
324 },
325 {
326 .desc = "client set received shutdown",
327 .client_set_shutdown = SSL_RECEIVED_SHUTDOWN,
328 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
329 .want_server_close_notify = 1,
330 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
331 },
332 {
333 .desc = "client set sent/received shutdown",
334 .client_set_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
335 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
336 .want_server_shutdown = SSL_SENT_SHUTDOWN,
337 },
338 {
339 .desc = "server set sent shutdown",
340 .server_set_shutdown = SSL_SENT_SHUTDOWN,
341 .want_client_shutdown = SSL_SENT_SHUTDOWN,
342 .want_server_close_notify = 1,
343 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
344 },
345 {
346 .desc = "server set received shutdown",
347 .server_set_shutdown = SSL_RECEIVED_SHUTDOWN,
348 .want_client_close_notify = 1,
349 .want_client_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
350 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
351 },
352 {
353 .desc = "server set sent/received shutdown",
354 .server_set_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
355 .want_client_shutdown = SSL_SENT_SHUTDOWN,
356 .want_server_shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN,
357 },
358};
359
360#define N_TLS_TESTS (sizeof(shutdown_tests) / sizeof(*shutdown_tests))
361
362static int
363shutdown_test(uint16_t ssl_version, const char *ssl_version_name,
364 const struct shutdown_test *st)
365{
366 BIO *client_wbio = NULL, *server_wbio = NULL;
367 SSL *client = NULL, *server = NULL;
368 int client_close_notify = 0, server_close_notify = 0;
369 int shutdown, ssl_err;
370 int failed = 1;
371
372 fprintf(stderr, "\n== Testing %s, %s... ==\n", ssl_version_name,
373 st->desc);
374
375 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
376 goto failure;
377 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
378 goto failure;
379
380 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
381 goto failure;
382 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
383 goto failure;
384
385 if ((client = tls_client(server_wbio, client_wbio)) == NULL)
386 goto failure;
387 if (!SSL_set_min_proto_version(client, ssl_version))
388 goto failure;
389 if (!SSL_set_max_proto_version(client, ssl_version))
390 goto failure;
391
392 if ((server = tls_server(client_wbio, server_wbio)) == NULL)
393 goto failure;
394 if (!SSL_set_min_proto_version(server, ssl_version))
395 goto failure;
396 if (!SSL_set_max_proto_version(server, ssl_version))
397 goto failure;
398
399 if (!do_client_server_loop(client, do_connect, server, do_accept)) {
400 fprintf(stderr, "FAIL: client and server handshake failed\n");
401 goto failure;
402 }
403
404 if (!do_client_server_loop(client, do_write, server, do_read)) {
405 fprintf(stderr, "FAIL: client write and server read I/O failed\n");
406 goto failure;
407 }
408
409 if (!do_client_server_loop(client, do_read, server, do_write)) {
410 fprintf(stderr, "FAIL: client read and server write I/O failed\n");
411 goto failure;
412 }
413
414 /* Seemingly this is the only way to find out about alerts... */
415 SSL_set_msg_callback(client, ssl_msg_callback);
416 SSL_set_msg_callback_arg(client, &client_close_notify);
417 SSL_set_msg_callback(server, ssl_msg_callback);
418 SSL_set_msg_callback_arg(server, &server_close_notify);
419
420 SSL_set_shutdown(client, st->client_set_shutdown);
421 SSL_set_shutdown(server, st->server_set_shutdown);
422
423 SSL_set_quiet_shutdown(client, st->client_quiet_shutdown);
424 SSL_set_quiet_shutdown(server, st->server_quiet_shutdown);
425
426 if (!do_shutdown_loop(client, server)) {
427 fprintf(stderr, "FAIL: client and server shutdown failed\n");
428 goto failure;
429 }
430
431 if ((shutdown = SSL_get_shutdown(client)) != st->want_client_shutdown) {
432 fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n",
433 shutdown, st->want_client_shutdown);
434 goto failure;
435 }
436 if ((shutdown = SSL_get_shutdown(server)) != st->want_server_shutdown) {
437 fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n",
438 shutdown, st->want_server_shutdown);
439 goto failure;
440 }
441
442 if (client_close_notify != st->want_client_close_notify) {
443 fprintf(stderr, "FAIL: client close notify = %d, want %d\n",
444 client_close_notify, st->want_client_close_notify);
445 goto failure;
446 }
447 if (server_close_notify != st->want_server_close_notify) {
448 fprintf(stderr, "FAIL: server close notify = %d, want %d\n",
449 server_close_notify, st->want_server_close_notify);
450 goto failure;
451 }
452
453 if (st->want_client_close_notify) {
454 if ((ssl_err = SSL_get_error(client, 0)) != SSL_ERROR_ZERO_RETURN) {
455 fprintf(stderr, "FAIL: client ssl error = %d, want %d\n",
456 ssl_err, SSL_ERROR_ZERO_RETURN);
457 goto failure;
458 }
459 }
460 if (st->want_server_close_notify) {
461 if ((ssl_err = SSL_get_error(server, 0)) != SSL_ERROR_ZERO_RETURN) {
462 fprintf(stderr, "FAIL: server ssl error = %d, want %d\n",
463 ssl_err, SSL_ERROR_ZERO_RETURN);
464 goto failure;
465 }
466 }
467
468 fprintf(stderr, "INFO: Done!\n");
469
470 failed = 0;
471
472 failure:
473 BIO_free(client_wbio);
474 BIO_free(server_wbio);
475
476 SSL_free(client);
477 SSL_free(server);
478
479 return failed;
480}
481
482static int
483shutdown_sequence_test(uint16_t ssl_version, const char *ssl_version_name)
484{
485 BIO *client_wbio = NULL, *server_wbio = NULL;
486 SSL *client = NULL, *server = NULL;
487 int shutdown, ret;
488 int failed = 1;
489
490 fprintf(stderr, "\n== Testing %s, shutdown sequence... ==\n",
491 ssl_version_name);
492
493 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
494 goto failure;
495 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
496 goto failure;
497
498 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
499 goto failure;
500 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
501 goto failure;
502
503 if ((client = tls_client(server_wbio, client_wbio)) == NULL)
504 goto failure;
505 if (!SSL_set_min_proto_version(client, ssl_version))
506 goto failure;
507 if (!SSL_set_max_proto_version(client, ssl_version))
508 goto failure;
509
510 if ((server = tls_server(client_wbio, server_wbio)) == NULL)
511 goto failure;
512 if (!SSL_set_min_proto_version(server, ssl_version))
513 goto failure;
514 if (!SSL_set_max_proto_version(server, ssl_version))
515 goto failure;
516
517 if (!do_client_server_loop(client, do_connect, server, do_accept)) {
518 fprintf(stderr, "FAIL: client and server handshake failed\n");
519 goto failure;
520 }
521
522 if (!do_client_server_loop(client, do_write, server, do_read)) {
523 fprintf(stderr, "FAIL: client write and server read I/O failed\n");
524 goto failure;
525 }
526
527 if (!do_client_server_loop(client, do_read, server, do_write)) {
528 fprintf(stderr, "FAIL: client read and server write I/O failed\n");
529 goto failure;
530 }
531
532 /*
533 * Shutdown in lock step and check return value and shutdown flags.
534 *
535 * It is not documented, however some software relies on SSL_shutdown()
536 * to only send a close-notify on the first call, then indicate that a
537 * close-notify was received on a second (or later) call.
538 */
539
540 if ((shutdown = SSL_get_shutdown(client)) != 0) {
541 fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n",
542 shutdown, 0);
543 goto failure;
544 }
545 if ((shutdown = SSL_get_shutdown(server)) != 0) {
546 fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n",
547 shutdown, 0);
548 goto failure;
549 }
550
551 if ((ret = SSL_shutdown(client)) != 0) {
552 fprintf(stderr, "FAIL: client SSL_shutdown() = %d, want %d\n",
553 ret, 0);
554 goto failure;
555 }
556 if ((shutdown = SSL_get_shutdown(client)) != SSL_SENT_SHUTDOWN) {
557 fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n",
558 shutdown, SSL_SENT_SHUTDOWN);
559 goto failure;
560 }
561
562 if ((ret = SSL_shutdown(server)) != 0) {
563 fprintf(stderr, "FAIL: server SSL_shutdown() = %d, want %d\n",
564 ret, 0);
565 goto failure;
566 }
567 if ((shutdown = SSL_get_shutdown(server)) != SSL_SENT_SHUTDOWN) {
568 fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n",
569 shutdown, SSL_SENT_SHUTDOWN);
570 goto failure;
571 }
572
573 if ((ret = SSL_shutdown(client)) != 1) {
574 fprintf(stderr, "FAIL: client SSL_shutdown() = %d, want %d\n",
575 ret, 0);
576 goto failure;
577 }
578 if ((shutdown = SSL_get_shutdown(client)) !=
579 (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) {
580 fprintf(stderr, "FAIL: client shutdown flags = %x, want %x\n",
581 shutdown, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
582 goto failure;
583 }
584
585 if ((ret = SSL_shutdown(server)) != 1) {
586 fprintf(stderr, "FAIL: server SSL_shutdown() = %d, want %d\n",
587 ret, 0);
588 goto failure;
589 }
590 if ((shutdown = SSL_get_shutdown(server)) !=
591 (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) {
592 fprintf(stderr, "FAIL: server shutdown flags = %x, want %x\n",
593 shutdown, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
594 goto failure;
595 }
596
597 fprintf(stderr, "INFO: Done!\n");
598
599 failed = 0;
600
601 failure:
602 BIO_free(client_wbio);
603 BIO_free(server_wbio);
604
605 SSL_free(client);
606 SSL_free(server);
607
608 return failed;
609}
610
611struct ssl_version {
612 uint16_t version;
613 const char *name;
614};
615
616struct ssl_version ssl_versions[] = {
617 {
618 .version = TLS1_2_VERSION,
619 .name = SSL_TXT_TLSV1_2,
620 },
621 {
622 .version = TLS1_3_VERSION,
623 .name = SSL_TXT_TLSV1_3,
624 },
625};
626
627#define N_SSL_VERSIONS (sizeof(ssl_versions) / sizeof(*ssl_versions))
628
629int
630main(int argc, char **argv)
631{
632 const struct ssl_version *sv;
633 int failed = 0;
634 size_t i, j;
635
636 if (argc != 4) {
637 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
638 argv[0]);
639 exit(1);
640 }
641
642 server_key_file = argv[1];
643 server_cert_file = argv[2];
644 server_ca_file = argv[3];
645
646 for (i = 0; i < N_SSL_VERSIONS; i++) {
647 sv = &ssl_versions[i];
648 for (j = 0; j < N_TLS_TESTS; j++) {
649 failed |= shutdown_test(sv->version, sv->name,
650 &shutdown_tests[j]);
651 }
652 failed |= shutdown_sequence_test(sv->version, sv->name);
653 }
654
655 return failed;
656}
diff --git a/src/regress/lib/libssl/ssl/Makefile b/src/regress/lib/libssl/ssl/Makefile
deleted file mode 100644
index 91abaae85e..0000000000
--- a/src/regress/lib/libssl/ssl/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2022/07/07 11:40:17 tb Exp $
2
3PROG= ssltest
4LDADD= -lcrypto -lssl
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10REGRESS_TARGETS=regress-ssltest
11
12regress-ssltest: ${PROG}
13 sh ${.CURDIR}/testssl \
14 ${.CURDIR}/../certs/server1-rsa.pem ${.CURDIR}/../certs/server1-rsa-chain.pem \
15 ${.CURDIR}/../certs/ca-root-rsa.pem
16
17.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
deleted file mode 100644
index 27adeeaf17..0000000000
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ /dev/null
@@ -1,1528 +0,0 @@
1/* $OpenBSD: ssltest.c,v 1.45 2024/03/01 03:45:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143/* XXX - USE_BIOPAIR code needs updating for BIO_n{read,write}{,0} removal. */
144/* #define USE_BIOPAIR */
145
146#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
147 on Linux and GNU platforms. */
148#include <sys/types.h>
149#include <sys/socket.h>
150
151#include <netinet/in.h>
152
153#include <assert.h>
154#include <errno.h>
155#include <limits.h>
156#include <netdb.h>
157#include <stdio.h>
158#include <stdlib.h>
159#include <string.h>
160#include <time.h>
161#include <unistd.h>
162
163#include <openssl/opensslconf.h>
164#include <openssl/bio.h>
165#include <openssl/crypto.h>
166#include <openssl/evp.h>
167#include <openssl/x509.h>
168#include <openssl/x509v3.h>
169#include <openssl/ssl.h>
170#include <openssl/err.h>
171#include <openssl/rand.h>
172#include <openssl/rsa.h>
173#include <openssl/dsa.h>
174#include <openssl/dh.h>
175#include <openssl/bn.h>
176
177#include "ssl_local.h"
178
179#define TEST_SERVER_CERT "../apps/server.pem"
180#define TEST_CLIENT_CERT "../apps/client.pem"
181
182static int verify_callback(int ok, X509_STORE_CTX *ctx);
183static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
184
185static DH *get_dh1024(void);
186static DH *get_dh1024dsa(void);
187
188static BIO *bio_err = NULL;
189static BIO *bio_stdout = NULL;
190
191static const char *alpn_client;
192static const char *alpn_server;
193static const char *alpn_expected;
194static unsigned char *alpn_selected;
195
196/*
197 * next_protos_parse parses a comma separated list of strings into a string
198 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
199 * outlen: (output) set to the length of the resulting buffer on success.
200 * err: (maybe NULL) on failure, an error message line is written to this BIO.
201 * in: a NUL terminated string like "abc,def,ghi"
202 *
203 * returns: a malloced buffer or NULL on failure.
204 */
205static unsigned char *
206next_protos_parse(unsigned short *outlen, const char *in)
207{
208 size_t i, len, start = 0;
209 unsigned char *out;
210
211 len = strlen(in);
212 if (len >= 65535)
213 return (NULL);
214
215 if ((out = malloc(strlen(in) + 1)) == NULL)
216 return (NULL);
217
218 for (i = 0; i <= len; ++i) {
219 if (i == len || in[i] == ',') {
220 if (i - start > 255) {
221 free(out);
222 return (NULL);
223 }
224 out[start] = i - start;
225 start = i + 1;
226 } else
227 out[i+1] = in[i];
228 }
229 *outlen = len + 1;
230 return (out);
231}
232
233static int
234cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
235 const unsigned char *in, unsigned int inlen, void *arg)
236{
237 unsigned char *protos;
238 unsigned short protos_len;
239
240 if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) {
241 fprintf(stderr,
242 "failed to parser ALPN server protocol string: %s\n",
243 alpn_server);
244 abort();
245 }
246
247 if (SSL_select_next_proto((unsigned char **)out, outlen, protos,
248 protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) {
249 free(protos);
250 return (SSL_TLSEXT_ERR_NOACK);
251 }
252
253 /*
254 * Make a copy of the selected protocol which will be freed in
255 * verify_alpn.
256 */
257 free(alpn_selected);
258 if ((alpn_selected = malloc(*outlen)) == NULL) {
259 fprintf(stderr, "malloc failed\n");
260 abort();
261 }
262 memcpy(alpn_selected, *out, *outlen);
263 *out = alpn_selected;
264 free(protos);
265
266 return (SSL_TLSEXT_ERR_OK);
267}
268
269static int
270verify_alpn(SSL *client, SSL *server)
271{
272 const unsigned char *client_proto, *server_proto;
273 unsigned int client_proto_len = 0, server_proto_len = 0;
274
275 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
276 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
277
278 free(alpn_selected);
279 alpn_selected = NULL;
280
281 if (client_proto_len != server_proto_len || (client_proto_len > 0 &&
282 memcmp(client_proto, server_proto, client_proto_len) != 0)) {
283 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
284 goto err;
285 }
286
287 if (client_proto_len > 0 && alpn_expected == NULL) {
288 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
289 goto err;
290 }
291
292 if (alpn_expected != NULL &&
293 (client_proto_len != strlen(alpn_expected) ||
294 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
295 BIO_printf(bio_stdout, "ALPN selected protocols not equal to "
296 "expected protocol: %s\n", alpn_expected);
297 goto err;
298 }
299
300 return (0);
301
302err:
303 BIO_printf(bio_stdout, "ALPN results: client: '");
304 BIO_write(bio_stdout, client_proto, client_proto_len);
305 BIO_printf(bio_stdout, "', server: '");
306 BIO_write(bio_stdout, server_proto, server_proto_len);
307 BIO_printf(bio_stdout, "'\n");
308 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
309 alpn_client, alpn_server);
310
311 return (-1);
312}
313
314static char *cipher = NULL;
315static int verbose = 0;
316static int debug = 0;
317
318int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
319 clock_t *c_time);
320int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
321
322static void
323sv_usage(void)
324{
325 fprintf(stderr, "usage: ssltest [args ...]\n");
326 fprintf(stderr, "\n");
327 fprintf(stderr, " -server_auth - check server certificate\n");
328 fprintf(stderr, " -client_auth - do client authentication\n");
329 fprintf(stderr, " -proxy - allow proxy certificates\n");
330 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
331 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n");
332 fprintf(stderr, " -v - more output\n");
333 fprintf(stderr, " -d - debug output\n");
334 fprintf(stderr, " -reuse - use session-id reuse\n");
335 fprintf(stderr, " -num <val> - number of connections to perform\n");
336 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n");
337 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
338 fprintf(stderr, " -no_dhe - disable DHE\n");
339 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
340 fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n");
341 fprintf(stderr, " -tls1 - use TLSv1\n");
342 fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
343 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
344 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
345 fprintf(stderr, " -cert arg - Server certificate file\n");
346 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n");
347 fprintf(stderr, " -c_cert arg - Client certificate file\n");
348 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n");
349 fprintf(stderr, " -cipher arg - The cipher list\n");
350 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
351 fprintf(stderr, " -f - Test even cases that can't work\n");
352 fprintf(stderr, " -time - measure processor time used by client and server\n");
353 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
354 " Use \"openssl ecparam -list_curves\" for all names\n" \
355 " (default is sect163r2).\n");
356 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
357 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
358 fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
359}
360
361static void
362print_details(SSL *c_ssl, const char *prefix)
363{
364 const SSL_CIPHER *ciph;
365 X509 *cert = NULL;
366 EVP_PKEY *pkey;
367
368 ciph = SSL_get_current_cipher(c_ssl);
369 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
370 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
371 SSL_CIPHER_get_name(ciph));
372
373 if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL)
374 goto out;
375 if ((pkey = X509_get0_pubkey(cert)) == NULL)
376 goto out;
377 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
378 RSA *rsa;
379
380 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
381 goto out;
382
383 BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa));
384 } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
385 DSA *dsa;
386 const BIGNUM *p;
387
388 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
389 goto out;
390
391 DSA_get0_pqg(dsa, &p, NULL, NULL);
392
393 BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p));
394 }
395
396 out:
397 /*
398 * The SSL API does not allow us to look at temporary RSA/DH keys,
399 * otherwise we should print their lengths too
400 */
401 BIO_printf(bio_stdout, "\n");
402
403 X509_free(cert);
404}
405
406int
407main(int argc, char *argv[])
408{
409 char *CApath = NULL, *CAfile = NULL;
410 int badop = 0;
411 int bio_pair = 0;
412 int force = 0;
413 int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1;
414 int client_auth = 0;
415 int server_auth = 0, i;
416 char *app_verify_arg = "Test Callback Argument";
417 char *server_cert = TEST_SERVER_CERT;
418 char *server_key = NULL;
419 char *client_cert = TEST_CLIENT_CERT;
420 char *client_key = NULL;
421 char *named_curve = NULL;
422 SSL_CTX *s_ctx = NULL;
423 SSL_CTX *c_ctx = NULL;
424 const SSL_METHOD *meth = NULL;
425 SSL *c_ssl, *s_ssl;
426 int number = 1, reuse = 0;
427 int seclevel = 0;
428 long bytes = 256L;
429 DH *dh;
430 int dhe1024dsa = 0;
431 EC_KEY *ecdh = NULL;
432 int no_dhe = 0;
433 int no_ecdhe = 0;
434 int print_time = 0;
435 clock_t s_time = 0, c_time = 0;
436
437 verbose = 0;
438 debug = 0;
439 cipher = 0;
440
441 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
442
443 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
444
445 argc--;
446 argv++;
447
448 while (argc >= 1) {
449 if (!strcmp(*argv, "-F")) {
450 fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n");
451 exit(0);
452 } else if (strcmp(*argv, "-server_auth") == 0)
453 server_auth = 1;
454 else if (strcmp(*argv, "-client_auth") == 0)
455 client_auth = 1;
456 else if (strcmp(*argv, "-v") == 0)
457 verbose = 1;
458 else if (strcmp(*argv, "-d") == 0)
459 debug = 1;
460 else if (strcmp(*argv, "-reuse") == 0)
461 reuse = 1;
462 else if (strcmp(*argv, "-dhe1024dsa") == 0) {
463 dhe1024dsa = 1;
464 } else if (strcmp(*argv, "-no_dhe") == 0)
465 no_dhe = 1;
466 else if (strcmp(*argv, "-no_ecdhe") == 0)
467 no_ecdhe = 1;
468 else if (strcmp(*argv, "-dtls1_2") == 0)
469 dtls1_2 = 1;
470 else if (strcmp(*argv, "-tls1") == 0)
471 tls1 = 1;
472 else if (strcmp(*argv, "-tls1_2") == 0)
473 tls1_2 = 1;
474 else if (strncmp(*argv, "-num", 4) == 0) {
475 if (--argc < 1)
476 goto bad;
477 number = atoi(*(++argv));
478 if (number == 0)
479 number = 1;
480 } else if (strncmp(*argv, "-seclevel", 9) == 0) {
481 if (--argc < 1)
482 goto bad;
483 seclevel = atoi(*(++argv));
484 } else if (strcmp(*argv, "-bytes") == 0) {
485 if (--argc < 1)
486 goto bad;
487 bytes = atol(*(++argv));
488 if (bytes == 0L)
489 bytes = 1L;
490 i = strlen(argv[0]);
491 if (argv[0][i - 1] == 'k')
492 bytes*=1024L;
493 if (argv[0][i - 1] == 'm')
494 bytes*=1024L*1024L;
495 } else if (strcmp(*argv, "-cert") == 0) {
496 if (--argc < 1)
497 goto bad;
498 server_cert= *(++argv);
499 } else if (strcmp(*argv, "-s_cert") == 0) {
500 if (--argc < 1)
501 goto bad;
502 server_cert= *(++argv);
503 } else if (strcmp(*argv, "-key") == 0) {
504 if (--argc < 1)
505 goto bad;
506 server_key= *(++argv);
507 } else if (strcmp(*argv, "-s_key") == 0) {
508 if (--argc < 1)
509 goto bad;
510 server_key= *(++argv);
511 } else if (strcmp(*argv, "-c_cert") == 0) {
512 if (--argc < 1)
513 goto bad;
514 client_cert= *(++argv);
515 } else if (strcmp(*argv, "-c_key") == 0) {
516 if (--argc < 1)
517 goto bad;
518 client_key= *(++argv);
519 } else if (strcmp(*argv, "-cipher") == 0) {
520 if (--argc < 1)
521 goto bad;
522 cipher= *(++argv);
523 } else if (strcmp(*argv, "-CApath") == 0) {
524 if (--argc < 1)
525 goto bad;
526 CApath= *(++argv);
527 } else if (strcmp(*argv, "-CAfile") == 0) {
528 if (--argc < 1)
529 goto bad;
530 CAfile= *(++argv);
531 } else if (strcmp(*argv, "-bio_pair") == 0) {
532 bio_pair = 1;
533 } else if (strcmp(*argv, "-f") == 0) {
534 force = 1;
535 } else if (strcmp(*argv, "-time") == 0) {
536 print_time = 1;
537 } else if (strcmp(*argv, "-named_curve") == 0) {
538 if (--argc < 1)
539 goto bad;
540 named_curve = *(++argv);
541 } else if (strcmp(*argv, "-app_verify") == 0) {
542 ;
543 } else if (strcmp(*argv, "-alpn_client") == 0) {
544 if (--argc < 1)
545 goto bad;
546 alpn_client = *(++argv);
547 } else if (strcmp(*argv, "-alpn_server") == 0) {
548 if (--argc < 1)
549 goto bad;
550 alpn_server = *(++argv);
551 } else if (strcmp(*argv, "-alpn_expected") == 0) {
552 if (--argc < 1)
553 goto bad;
554 alpn_expected = *(++argv);
555 } else {
556 fprintf(stderr, "unknown option %s\n", *argv);
557 badop = 1;
558 break;
559 }
560 argc--;
561 argv++;
562 }
563 if (badop) {
564bad:
565 sv_usage();
566 goto end;
567 }
568
569 if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
570 fprintf(stderr,
571 "This case cannot work. Use -f to perform "
572 "the test anyway (and\n-d to see what happens), "
573 "or add one of -dtls1, -tls1, -tls1_2, -reuse\n"
574 "to avoid protocol mismatch.\n");
575 exit(1);
576 }
577
578 if (print_time) {
579 if (!bio_pair) {
580 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
581 bio_pair = 1;
582 }
583 if (number < 50 && !force)
584 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
585 }
586
587/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
588
589 SSL_library_init();
590 SSL_load_error_strings();
591
592 if (dtls1_2)
593 meth = DTLSv1_2_method();
594 else if (tls1)
595 meth = TLSv1_method();
596 else if (tls1_2)
597 meth = TLSv1_2_method();
598 else
599 meth = TLS_method();
600
601 c_ctx = SSL_CTX_new(meth);
602 s_ctx = SSL_CTX_new(meth);
603 if ((c_ctx == NULL) || (s_ctx == NULL)) {
604 ERR_print_errors(bio_err);
605 goto end;
606 }
607
608 SSL_CTX_set_security_level(c_ctx, seclevel);
609 SSL_CTX_set_security_level(s_ctx, seclevel);
610
611 if (cipher != NULL) {
612 SSL_CTX_set_cipher_list(c_ctx, cipher);
613 SSL_CTX_set_cipher_list(s_ctx, cipher);
614 }
615
616 if (!no_dhe) {
617 if (dhe1024dsa) {
618 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
619 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
620 dh = get_dh1024dsa();
621 } else
622 dh = get_dh1024();
623 SSL_CTX_set_tmp_dh(s_ctx, dh);
624 DH_free(dh);
625 }
626
627 if (!no_ecdhe) {
628 int nid;
629
630 if (named_curve != NULL) {
631 nid = OBJ_sn2nid(named_curve);
632 if (nid == 0) {
633 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
634 goto end;
635 }
636 } else
637 nid = NID_X9_62_prime256v1;
638
639 ecdh = EC_KEY_new_by_curve_name(nid);
640 if (ecdh == NULL) {
641 BIO_printf(bio_err, "unable to create curve\n");
642 goto end;
643 }
644
645 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
646 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
647 EC_KEY_free(ecdh);
648 }
649
650 if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) {
651 ERR_print_errors(bio_err);
652 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
653 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
654 ERR_print_errors(bio_err);
655 goto end;
656 }
657
658 if (client_auth) {
659 SSL_CTX_use_certificate_chain_file(c_ctx, client_cert);
660 SSL_CTX_use_PrivateKey_file(c_ctx,
661 (client_key ? client_key : client_cert),
662 SSL_FILETYPE_PEM);
663 }
664
665 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
666 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
667 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
668 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
669 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
670 ERR_print_errors(bio_err);
671 /* goto end; */
672 }
673
674 if (client_auth) {
675 BIO_printf(bio_err, "client authentication\n");
676 SSL_CTX_set_verify(s_ctx,
677 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
678 verify_callback);
679 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
680 app_verify_arg);
681 }
682 if (server_auth) {
683 BIO_printf(bio_err, "server authentication\n");
684 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
685 verify_callback);
686 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
687 app_verify_arg);
688 }
689
690 {
691 int session_id_context = 0;
692 SSL_CTX_set_session_id_context(s_ctx,
693 (void *)&session_id_context, sizeof(session_id_context));
694 }
695
696 if (alpn_server != NULL)
697 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
698
699 if (alpn_client != NULL) {
700 unsigned short alpn_len;
701 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
702
703 if (alpn == NULL) {
704 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
705 goto end;
706 }
707 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
708 free(alpn);
709 }
710
711 c_ssl = SSL_new(c_ctx);
712 s_ssl = SSL_new(s_ctx);
713
714 for (i = 0; i < number; i++) {
715 if (!reuse)
716 SSL_set_session(c_ssl, NULL);
717#ifdef USE_BIOPAIR
718 if (bio_pair)
719 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time,
720 &c_time);
721 else
722#endif
723 ret = doit(s_ssl, c_ssl, bytes);
724 }
725
726 if (!verbose) {
727 print_details(c_ssl, "");
728 }
729 if ((number > 1) || (bytes > 1L))
730 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",
731 number, bytes);
732 if (print_time) {
733#ifdef CLOCKS_PER_SEC
734 /* "To determine the time in seconds, the value returned
735 * by the clock function should be divided by the value
736 * of the macro CLOCKS_PER_SEC."
737 * -- ISO/IEC 9899 */
738 BIO_printf(bio_stdout,
739 "Approximate total server time: %6.2f s\n"
740 "Approximate total client time: %6.2f s\n",
741 (double)s_time/CLOCKS_PER_SEC,
742 (double)c_time/CLOCKS_PER_SEC);
743#else
744 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
745 * -- cc on NeXTstep/OpenStep */
746 BIO_printf(bio_stdout,
747 "Approximate total server time: %6.2f units\n"
748 "Approximate total client time: %6.2f units\n",
749 (double)s_time,
750 (double)c_time);
751#endif
752 }
753
754 SSL_free(s_ssl);
755 SSL_free(c_ssl);
756
757end:
758 SSL_CTX_free(s_ctx);
759 SSL_CTX_free(c_ctx);
760 BIO_free(bio_stdout);
761
762 CRYPTO_cleanup_all_ex_data();
763 ERR_free_strings();
764 ERR_remove_thread_state(NULL);
765 EVP_cleanup();
766 BIO_free(bio_err);
767
768 exit(ret);
769 return ret;
770}
771
772#if USE_BIOPAIR
773int
774doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
775 clock_t *c_time)
776{
777 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
778 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
779 BIO *server = NULL, *server_io = NULL;
780 BIO *client = NULL, *client_io = NULL;
781 int ret = 1;
782
783 size_t bufsiz = 256; /* small buffer for testing */
784
785 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
786 goto err;
787 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
788 goto err;
789
790 s_ssl_bio = BIO_new(BIO_f_ssl());
791 if (!s_ssl_bio)
792 goto err;
793
794 c_ssl_bio = BIO_new(BIO_f_ssl());
795 if (!c_ssl_bio)
796 goto err;
797
798 SSL_set_connect_state(c_ssl);
799 SSL_set_bio(c_ssl, client, client);
800 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
801
802 SSL_set_accept_state(s_ssl);
803 SSL_set_bio(s_ssl, server, server);
804 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
805
806 do {
807 /* c_ssl_bio: SSL filter BIO
808 *
809 * client: pseudo-I/O for SSL library
810 *
811 * client_io: client's SSL communication; usually to be
812 * relayed over some I/O facility, but in this
813 * test program, we're the server, too:
814 *
815 * server_io: server's SSL communication
816 *
817 * server: pseudo-I/O for SSL library
818 *
819 * s_ssl_bio: SSL filter BIO
820 *
821 * The client and the server each employ a "BIO pair":
822 * client + client_io, server + server_io.
823 * BIO pairs are symmetric. A BIO pair behaves similar
824 * to a non-blocking socketpair (but both endpoints must
825 * be handled by the same thread).
826 * [Here we could connect client and server to the ends
827 * of a single BIO pair, but then this code would be less
828 * suitable as an example for BIO pairs in general.]
829 *
830 * Useful functions for querying the state of BIO pair endpoints:
831 *
832 * BIO_ctrl_pending(bio) number of bytes we can read now
833 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
834 * other side's read attempt
835 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
836 *
837 * ..._read_request is never more than ..._write_guarantee;
838 * it depends on the application which one you should use.
839 */
840
841 /* We have non-blocking behaviour throughout this test program, but
842 * can be sure that there is *some* progress in each iteration; so
843 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
844 * -- we just try everything in each iteration
845 */
846
847 {
848 /* CLIENT */
849
850 char cbuf[1024*8];
851 int i, r;
852 clock_t c_clock = clock();
853
854 memset(cbuf, 0, sizeof(cbuf));
855
856 if (debug)
857 if (SSL_in_init(c_ssl))
858 printf("client waiting in SSL_connect - %s\n",
859 SSL_state_string_long(c_ssl));
860
861 if (cw_num > 0) {
862 /* Write to server. */
863
864 if (cw_num > (long)sizeof cbuf)
865 i = sizeof cbuf;
866 else
867 i = (int)cw_num;
868 r = BIO_write(c_ssl_bio, cbuf, i);
869 if (r < 0) {
870 if (!BIO_should_retry(c_ssl_bio)) {
871 fprintf(stderr, "ERROR in CLIENT\n");
872 goto err;
873 }
874 /* BIO_should_retry(...) can just be ignored here.
875 * The library expects us to call BIO_write with
876 * the same arguments again, and that's what we will
877 * do in the next iteration. */
878 } else if (r == 0) {
879 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
880 goto err;
881 } else {
882 if (debug)
883 printf("client wrote %d\n", r);
884 cw_num -= r;
885
886 }
887 }
888
889 if (cr_num > 0) {
890 /* Read from server. */
891
892 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
893 if (r < 0) {
894 if (!BIO_should_retry(c_ssl_bio)) {
895 fprintf(stderr, "ERROR in CLIENT\n");
896 goto err;
897 }
898 /* Again, "BIO_should_retry" can be ignored. */
899 } else if (r == 0) {
900 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
901 goto err;
902 } else {
903 if (debug)
904 printf("client read %d\n", r);
905 cr_num -= r;
906 }
907 }
908
909 /* c_time and s_time increments will typically be very small
910 * (depending on machine speed and clock tick intervals),
911 * but sampling over a large number of connections should
912 * result in fairly accurate figures. We cannot guarantee
913 * a lot, however -- if each connection lasts for exactly
914 * one clock tick, it will be counted only for the client
915 * or only for the server or even not at all.
916 */
917 *c_time += (clock() - c_clock);
918 }
919
920 {
921 /* SERVER */
922
923 char sbuf[1024*8];
924 int i, r;
925 clock_t s_clock = clock();
926
927 memset(sbuf, 0, sizeof(sbuf));
928
929 if (debug)
930 if (SSL_in_init(s_ssl))
931 printf("server waiting in SSL_accept - %s\n",
932 SSL_state_string_long(s_ssl));
933
934 if (sw_num > 0) {
935 /* Write to client. */
936
937 if (sw_num > (long)sizeof sbuf)
938 i = sizeof sbuf;
939 else
940 i = (int)sw_num;
941 r = BIO_write(s_ssl_bio, sbuf, i);
942 if (r < 0) {
943 if (!BIO_should_retry(s_ssl_bio)) {
944 fprintf(stderr, "ERROR in SERVER\n");
945 goto err;
946 }
947 /* Ignore "BIO_should_retry". */
948 } else if (r == 0) {
949 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
950 goto err;
951 } else {
952 if (debug)
953 printf("server wrote %d\n", r);
954 sw_num -= r;
955
956 }
957 }
958
959 if (sr_num > 0) {
960 /* Read from client. */
961
962 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
963 if (r < 0) {
964 if (!BIO_should_retry(s_ssl_bio)) {
965 fprintf(stderr, "ERROR in SERVER\n");
966 goto err;
967 }
968 /* blah, blah */
969 } else if (r == 0) {
970 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
971 goto err;
972 } else {
973 if (debug)
974 printf("server read %d\n", r);
975 sr_num -= r;
976 }
977 }
978
979 *s_time += (clock() - s_clock);
980 }
981
982 {
983 /* "I/O" BETWEEN CLIENT AND SERVER. */
984
985 size_t r1, r2;
986 BIO *io1 = server_io, *io2 = client_io;
987 /* we use the non-copying interface for io1
988 * and the standard BIO_write/BIO_read interface for io2
989 */
990
991 static int prev_progress = 1;
992 int progress = 0;
993
994 /* io1 to io2 */
995 do {
996 size_t num;
997 int r;
998
999 r1 = BIO_ctrl_pending(io1);
1000 r2 = BIO_ctrl_get_write_guarantee(io2);
1001
1002 num = r1;
1003 if (r2 < num)
1004 num = r2;
1005 if (num) {
1006 char *dataptr;
1007
1008 if (INT_MAX < num) /* yeah, right */
1009 num = INT_MAX;
1010
1011 r = BIO_nread(io1, &dataptr, (int)num);
1012 assert(r > 0);
1013 assert(r <= (int)num);
1014 /* possibly r < num (non-contiguous data) */
1015 num = r;
1016 r = BIO_write(io2, dataptr, (int)num);
1017 if (r != (int)num) /* can't happen */
1018 {
1019 fprintf(stderr, "ERROR: BIO_write could not write "
1020 "BIO_ctrl_get_write_guarantee() bytes");
1021 goto err;
1022 }
1023 progress = 1;
1024
1025 if (debug)
1026 printf((io1 == client_io) ?
1027 "C->S relaying: %d bytes\n" :
1028 "S->C relaying: %d bytes\n",
1029 (int)num);
1030 }
1031 } while (r1 && r2);
1032
1033 /* io2 to io1 */
1034 {
1035 size_t num;
1036 int r;
1037
1038 r1 = BIO_ctrl_pending(io2);
1039 r2 = BIO_ctrl_get_read_request(io1);
1040 /* here we could use ..._get_write_guarantee instead of
1041 * ..._get_read_request, but by using the latter
1042 * we test restartability of the SSL implementation
1043 * more thoroughly */
1044 num = r1;
1045 if (r2 < num)
1046 num = r2;
1047 if (num) {
1048 char *dataptr;
1049
1050 if (INT_MAX < num)
1051 num = INT_MAX;
1052
1053 if (num > 1)
1054 --num; /* test restartability even more thoroughly */
1055
1056 r = BIO_nwrite0(io1, &dataptr);
1057 assert(r > 0);
1058 if (r < (int)num)
1059 num = r;
1060 r = BIO_read(io2, dataptr, (int)num);
1061 if (r != (int)num) /* can't happen */
1062 {
1063 fprintf(stderr, "ERROR: BIO_read could not read "
1064 "BIO_ctrl_pending() bytes");
1065 goto err;
1066 }
1067 progress = 1;
1068 r = BIO_nwrite(io1, &dataptr, (int)num);
1069 if (r != (int)num) /* can't happen */
1070 {
1071 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1072 "BIO_nwrite0() bytes");
1073 goto err;
1074 }
1075
1076 if (debug)
1077 printf((io2 == client_io) ?
1078 "C->S relaying: %d bytes\n" :
1079 "S->C relaying: %d bytes\n",
1080 (int)num);
1081 }
1082 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1083
1084 if (!progress && !prev_progress) {
1085 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
1086 fprintf(stderr, "ERROR: got stuck\n");
1087 goto err;
1088 }
1089 }
1090 prev_progress = progress;
1091 }
1092 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1093
1094 if (verbose)
1095 print_details(c_ssl, "DONE via BIO pair: ");
1096
1097 if (verify_alpn(c_ssl, s_ssl) < 0) {
1098 ret = 1;
1099 goto err;
1100 }
1101
1102 ret = 0;
1103
1104err:
1105 ERR_print_errors(bio_err);
1106
1107 BIO_free(server);
1108 BIO_free(server_io);
1109 BIO_free(client);
1110 BIO_free(client_io);
1111 BIO_free(s_ssl_bio);
1112 BIO_free(c_ssl_bio);
1113
1114 return ret;
1115}
1116#endif
1117
1118
1119#define W_READ 1
1120#define W_WRITE 2
1121#define C_DONE 1
1122#define S_DONE 2
1123
1124int
1125doit(SSL *s_ssl, SSL *c_ssl, long count)
1126{
1127 char cbuf[1024*8], sbuf[1024*8];
1128 long cw_num = count, cr_num = count;
1129 long sw_num = count, sr_num = count;
1130 int ret = 1;
1131 BIO *c_to_s = NULL;
1132 BIO *s_to_c = NULL;
1133 BIO *c_bio = NULL;
1134 BIO *s_bio = NULL;
1135 int c_r, c_w, s_r, s_w;
1136 int i, j;
1137 int done = 0;
1138 int c_write, s_write;
1139 int do_server = 0, do_client = 0;
1140
1141 memset(cbuf, 0, sizeof(cbuf));
1142 memset(sbuf, 0, sizeof(sbuf));
1143
1144 c_to_s = BIO_new(BIO_s_mem());
1145 s_to_c = BIO_new(BIO_s_mem());
1146 if ((s_to_c == NULL) || (c_to_s == NULL)) {
1147 ERR_print_errors(bio_err);
1148 goto err;
1149 }
1150
1151 c_bio = BIO_new(BIO_f_ssl());
1152 s_bio = BIO_new(BIO_f_ssl());
1153 if ((c_bio == NULL) || (s_bio == NULL)) {
1154 ERR_print_errors(bio_err);
1155 goto err;
1156 }
1157
1158 SSL_set_connect_state(c_ssl);
1159 SSL_set_bio(c_ssl, s_to_c, c_to_s);
1160 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
1161
1162 SSL_set_accept_state(s_ssl);
1163 SSL_set_bio(s_ssl, c_to_s, s_to_c);
1164 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
1165
1166 c_r = 0;
1167 s_r = 1;
1168 c_w = 1;
1169 s_w = 0;
1170 c_write = 1, s_write = 0;
1171
1172 /* We can always do writes */
1173 for (;;) {
1174 do_server = 0;
1175 do_client = 0;
1176
1177 i = (int)BIO_pending(s_bio);
1178 if ((i && s_r) || s_w)
1179 do_server = 1;
1180
1181 i = (int)BIO_pending(c_bio);
1182 if ((i && c_r) || c_w)
1183 do_client = 1;
1184
1185 if (do_server && debug) {
1186 if (SSL_in_init(s_ssl))
1187 printf("server waiting in SSL_accept - %s\n",
1188 SSL_state_string_long(s_ssl));
1189 }
1190
1191 if (do_client && debug) {
1192 if (SSL_in_init(c_ssl))
1193 printf("client waiting in SSL_connect - %s\n",
1194 SSL_state_string_long(c_ssl));
1195 }
1196
1197 if (!do_client && !do_server) {
1198 fprintf(stdout, "ERROR in STARTUP\n");
1199 ERR_print_errors(bio_err);
1200 goto err;
1201 }
1202
1203 if (do_client && !(done & C_DONE)) {
1204 if (c_write) {
1205 j = (cw_num > (long)sizeof(cbuf)) ?
1206 (int)sizeof(cbuf) : (int)cw_num;
1207 i = BIO_write(c_bio, cbuf, j);
1208 if (i < 0) {
1209 c_r = 0;
1210 c_w = 0;
1211 if (BIO_should_retry(c_bio)) {
1212 if (BIO_should_read(c_bio))
1213 c_r = 1;
1214 if (BIO_should_write(c_bio))
1215 c_w = 1;
1216 } else {
1217 fprintf(stderr, "ERROR in CLIENT\n");
1218 ERR_print_errors(bio_err);
1219 goto err;
1220 }
1221 } else if (i == 0) {
1222 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1223 goto err;
1224 } else {
1225 if (debug)
1226 printf("client wrote %d\n", i);
1227 /* ok */
1228 s_r = 1;
1229 c_write = 0;
1230 cw_num -= i;
1231 }
1232 } else {
1233 i = BIO_read(c_bio, cbuf, sizeof(cbuf));
1234 if (i < 0) {
1235 c_r = 0;
1236 c_w = 0;
1237 if (BIO_should_retry(c_bio)) {
1238 if (BIO_should_read(c_bio))
1239 c_r = 1;
1240 if (BIO_should_write(c_bio))
1241 c_w = 1;
1242 } else {
1243 fprintf(stderr, "ERROR in CLIENT\n");
1244 ERR_print_errors(bio_err);
1245 goto err;
1246 }
1247 } else if (i == 0) {
1248 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1249 goto err;
1250 } else {
1251 if (debug)
1252 printf("client read %d\n", i);
1253 cr_num -= i;
1254 if (sw_num > 0) {
1255 s_write = 1;
1256 s_w = 1;
1257 }
1258 if (cr_num <= 0) {
1259 s_write = 1;
1260 s_w = 1;
1261 done = S_DONE|C_DONE;
1262 }
1263 }
1264 }
1265 }
1266
1267 if (do_server && !(done & S_DONE)) {
1268 if (!s_write) {
1269 i = BIO_read(s_bio, sbuf, sizeof(cbuf));
1270 if (i < 0) {
1271 s_r = 0;
1272 s_w = 0;
1273 if (BIO_should_retry(s_bio)) {
1274 if (BIO_should_read(s_bio))
1275 s_r = 1;
1276 if (BIO_should_write(s_bio))
1277 s_w = 1;
1278 } else {
1279 fprintf(stderr, "ERROR in SERVER\n");
1280 ERR_print_errors(bio_err);
1281 goto err;
1282 }
1283 } else if (i == 0) {
1284 ERR_print_errors(bio_err);
1285 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n");
1286 goto err;
1287 } else {
1288 if (debug)
1289 printf("server read %d\n", i);
1290 sr_num -= i;
1291 if (cw_num > 0) {
1292 c_write = 1;
1293 c_w = 1;
1294 }
1295 if (sr_num <= 0) {
1296 s_write = 1;
1297 s_w = 1;
1298 c_write = 0;
1299 }
1300 }
1301 } else {
1302 j = (sw_num > (long)sizeof(sbuf)) ?
1303 (int)sizeof(sbuf) : (int)sw_num;
1304 i = BIO_write(s_bio, sbuf, j);
1305 if (i < 0) {
1306 s_r = 0;
1307 s_w = 0;
1308 if (BIO_should_retry(s_bio)) {
1309 if (BIO_should_read(s_bio))
1310 s_r = 1;
1311 if (BIO_should_write(s_bio))
1312 s_w = 1;
1313 } else {
1314 fprintf(stderr, "ERROR in SERVER\n");
1315 ERR_print_errors(bio_err);
1316 goto err;
1317 }
1318 } else if (i == 0) {
1319 ERR_print_errors(bio_err);
1320 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n");
1321 goto err;
1322 } else {
1323 if (debug)
1324 printf("server wrote %d\n", i);
1325 sw_num -= i;
1326 s_write = 0;
1327 c_r = 1;
1328 if (sw_num <= 0)
1329 done |= S_DONE;
1330 }
1331 }
1332 }
1333
1334 if ((done & S_DONE) && (done & C_DONE))
1335 break;
1336 }
1337
1338 if (verbose)
1339 print_details(c_ssl, "DONE: ");
1340
1341 if (verify_alpn(c_ssl, s_ssl) < 0) {
1342 ret = 1;
1343 goto err;
1344 }
1345
1346 ret = 0;
1347err:
1348 /* We have to set the BIO's to NULL otherwise they will be
1349 * free()ed twice. Once when th s_ssl is SSL_free()ed and
1350 * again when c_ssl is SSL_free()ed.
1351 * This is a hack required because s_ssl and c_ssl are sharing the same
1352 * BIO structure and SSL_set_bio() and SSL_free() automatically
1353 * BIO_free non NULL entries.
1354 * You should not normally do this or be required to do this */
1355 if (s_ssl != NULL) {
1356 s_ssl->rbio = NULL;
1357 s_ssl->wbio = NULL;
1358 }
1359 if (c_ssl != NULL) {
1360 c_ssl->rbio = NULL;
1361 c_ssl->wbio = NULL;
1362 }
1363
1364 BIO_free(c_to_s);
1365 BIO_free(s_to_c);
1366 BIO_free_all(c_bio);
1367 BIO_free_all(s_bio);
1368
1369 return (ret);
1370}
1371
1372static int
1373verify_callback(int ok, X509_STORE_CTX *ctx)
1374{
1375 X509 *xs;
1376 char *s, buf[256];
1377 int error, error_depth;
1378
1379 xs = X509_STORE_CTX_get_current_cert(ctx);
1380 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, sizeof buf);
1381 error = X509_STORE_CTX_get_error(ctx);
1382 error_depth = X509_STORE_CTX_get_error_depth(ctx);
1383 if (s != NULL) {
1384 if (ok)
1385 fprintf(stderr, "depth=%d %s\n", error_depth, buf);
1386 else {
1387 fprintf(stderr, "depth=%d error=%d %s\n", error_depth,
1388 error, buf);
1389 }
1390 }
1391
1392 if (ok == 0) {
1393 fprintf(stderr, "Error string: %s\n",
1394 X509_verify_cert_error_string(error));
1395 switch (error) {
1396 case X509_V_ERR_CERT_NOT_YET_VALID:
1397 case X509_V_ERR_CERT_HAS_EXPIRED:
1398 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1399 fprintf(stderr, " ... ignored.\n");
1400 ok = 1;
1401 }
1402 }
1403
1404 return (ok);
1405}
1406
1407static int
1408app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1409{
1410 X509 *xs;
1411 char *s = NULL, buf[256];
1412 const char *cb_arg = arg;
1413
1414 xs = X509_STORE_CTX_get0_cert(ctx);
1415 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1416 fprintf(stderr, "Arg is: %s\n", cb_arg);
1417 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1418 (void *)ctx, (void *)xs);
1419 if (xs)
1420 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, 256);
1421 if (s != NULL) {
1422 fprintf(stderr, "cert depth=%d %s\n",
1423 X509_STORE_CTX_get_error_depth(ctx), buf);
1424 }
1425
1426 return 1;
1427}
1428
1429/* These DH parameters have been generated as follows:
1430 * $ openssl dhparam -C -noout 1024
1431 * $ openssl dhparam -C -noout -dsaparam 1024
1432 * (The second function has been renamed to avoid name conflicts.)
1433 */
1434static DH *
1435get_dh1024(void)
1436{
1437 static unsigned char dh1024_p[] = {
1438 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A,
1439 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2,
1440 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0,
1441 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2,
1442 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C,
1443 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8,
1444 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52,
1445 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1,
1446 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1,
1447 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB,
1448 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
1449 };
1450 static unsigned char dh1024_g[] = {
1451 0x02,
1452 };
1453 DH *dh;
1454 BIGNUM *dh_p = NULL, *dh_g = NULL;
1455
1456 if ((dh = DH_new()) == NULL)
1457 return NULL;
1458
1459 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1460 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1461 if (dh_p == NULL || dh_g == NULL)
1462 goto err;
1463
1464 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
1465 goto err;
1466
1467 return dh;
1468
1469 err:
1470 BN_free(dh_p);
1471 BN_free(dh_g);
1472 DH_free(dh);
1473 return NULL;
1474}
1475
1476static DH *
1477get_dh1024dsa(void)
1478{
1479 static unsigned char dh1024_p[] = {
1480 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
1481 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
1482 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
1483 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
1484 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
1485 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
1486 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
1487 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
1488 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
1489 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
1490 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
1491 };
1492 static unsigned char dh1024_g[] = {
1493 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
1494 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
1495 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
1496 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
1497 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
1498 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
1499 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
1500 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
1501 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
1502 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
1503 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
1504 };
1505 DH *dh;
1506 BIGNUM *dh_p = NULL, *dh_g = NULL;
1507
1508 if ((dh = DH_new()) == NULL)
1509 return NULL;
1510
1511 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1512 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1513 if (dh_p == NULL || dh_g == NULL)
1514 goto err;
1515
1516 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
1517 goto err;
1518
1519 DH_set_length(dh, 160);
1520
1521 return dh;
1522
1523 err:
1524 BN_free(dh_p);
1525 BN_free(dh_g);
1526 DH_free(dh);
1527 return NULL;
1528}
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl
deleted file mode 100644
index 70db1752b7..0000000000
--- a/src/regress/lib/libssl/ssl/testssl
+++ /dev/null
@@ -1,162 +0,0 @@
1#!/bin/sh
2
3key="$1"
4cert="$2"
5CA="-CAfile $3"
6ssltest="${4-./ssltest} -key $key -cert $cert -c_key $key -c_cert $cert"
7openssl=${5-openssl}
8extra="$6"
9
10$openssl version || exit 1
11
12if $openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
13 dsa_cert=YES
14else
15 dsa_cert=NO
16fi
17
18#############################################################################
19
20echo test sslv2/sslv3
21$ssltest $extra || exit 1
22
23echo test sslv2/sslv3 with server authentication
24$ssltest -server_auth $CA $extra || exit 1
25
26echo test sslv2/sslv3 with client authentication
27$ssltest -client_auth $CA $extra || exit 1
28
29echo test sslv2/sslv3 with both client and server authentication
30$ssltest -server_auth -client_auth $CA $extra || exit 1
31
32echo test sslv2/sslv3 via BIO pair
33$ssltest $extra || exit 1
34
35if [ $dsa_cert = NO ]; then
36 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
37 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
38fi
39
40echo test sslv2/sslv3 with 1024bit DHE via BIO pair
41$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
42
43echo test sslv2/sslv3 with server authentication
44$ssltest -bio_pair -server_auth $CA $extra || exit 1
45
46echo test sslv2/sslv3 with client authentication via BIO pair
47$ssltest -bio_pair -client_auth $CA $extra || exit 1
48
49echo test sslv2/sslv3 with both client and server authentication via BIO pair
50$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
51
52echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
53$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
54
55echo "Testing ciphersuites"
56for protocol in SSLv3 TLSv1.2; do
57 echo "Testing ciphersuites for $protocol"
58 for cipher in `$openssl ciphers -v "$protocol+aRSA" |
59 awk "/ $protocol / { print \\$1 }"`; do
60 echo "Testing $cipher"
61 $ssltest -cipher $cipher -tls1_2
62 if [ $? -ne 0 ] ; then
63 echo "Failed $cipher"
64 exit 1
65 fi
66 done
67done
68for protocol in TLSv1.3; do
69 echo "Testing ciphersuites for $protocol at security level 2"
70 for cipher in `$openssl ciphers -v "$protocol" |
71 awk "/ $protocol / { print \\$1 }"`; do
72 echo "Testing $cipher"
73 $ssltest -cipher $cipher -seclevel 2
74 if [ $? -ne 0 ] ; then
75 echo "Failed $cipher"
76 exit 1
77 fi
78 done
79done
80for protocol in TLSv1.3; do
81 echo "Testing ciphersuites for $protocol at security level 3"
82 for cipher in `$openssl ciphers -v "$protocol" |
83 awk "/ $protocol / { print \\$1 }"`; do
84 echo "Testing $cipher"
85 $ssltest -cipher $cipher -seclevel 3
86 if [ $? -eq 0 ] ; then
87 echo "Failed $cipher should not have succeeded"
88 exit 1
89 fi
90 done
91done
92
93#############################################################################
94
95if $openssl no-dh; then
96 echo skipping anonymous DH tests
97else
98 echo skipping tls1 tests.
99fi
100
101#if $openssl no-rsa; then
102# echo skipping RSA tests
103#else
104# echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
105# ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
106#
107# if $openssl no-dh; then
108# echo skipping RSA+DHE tests
109# else
110# echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
111# ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
112# fi
113#fi
114
115#
116# DTLS tests
117#
118
119$ssltest -dtls1_2 $extra || exit 1
120
121echo test dtlsv1_2 with server authentication
122$ssltest -dtls1_2 -server_auth $CA $extra || exit 1
123
124echo test dtlsv1_2 with client authentication
125$ssltest -dtls1_2 -client_auth $CA $extra || exit 1
126
127echo test dtlsv1_2 with both client and server authentication
128$ssltest -dtls1_2 -server_auth -client_auth $CA $extra || exit 1
129
130echo "Testing DTLS ciphersuites"
131for protocol in SSLv3; do
132 echo "Testing ciphersuites for $protocol"
133 for cipher in `$openssl ciphers -v "RSA+$protocol" |
134 awk "/ $protocol / { print \\$1 }" |
135 grep -v RC4`; do
136 echo "Testing $cipher"
137 $ssltest -cipher $cipher -dtls1_2
138 if [ $? -ne 0 ] ; then
139 echo "Failed $cipher"
140 exit 1
141 fi
142 done
143done
144
145#
146# ALPN tests
147#
148echo "Testing ALPN..."
149$ssltest -bio_pair -alpn_client foo -alpn_server bar || exit 1
150$ssltest -bio_pair -alpn_client foo -alpn_server foo \
151 -alpn_expected foo || exit 1
152$ssltest -bio_pair -alpn_client foo,bar -alpn_server foo \
153 -alpn_expected foo || exit 1
154$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo \
155 -alpn_expected foo || exit 1
156$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo,bar \
157 -alpn_expected foo || exit 1
158$ssltest -bio_pair -alpn_client bar,foo -alpn_server bar,foo \
159 -alpn_expected bar || exit 1
160$ssltest -bio_pair -alpn_client foo,bar -alpn_server bar,foo \
161 -alpn_expected bar || exit 1
162$ssltest -bio_pair -alpn_client baz -alpn_server bar,foo || exit 1
diff --git a/src/regress/lib/libssl/symbols/Makefile b/src/regress/lib/libssl/symbols/Makefile
deleted file mode 100644
index d500dfcd0a..0000000000
--- a/src/regress/lib/libssl/symbols/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2023/07/15 23:40:46 tb Exp $
2
3PROG = symbols
4
5.include <bsd.own.mk>
6
7DPADD= ${LIBCRYPTO} ${LIBSSL}
8LDFLAGS+= -lcrypto -lssl
9LDFLAGS+= -Wl,--no-allow-shlib-undefined
10CFLAGS+= -Wno-deprecated-declarations
11
12CLEANFILES+= symbols.c symbols.c.tmp
13
14symbols.c: symbols.awk ../../../../lib/libssl/Symbols.list
15 awk -f ${.CURDIR}/symbols.awk \
16 < ${BSDSRCDIR}/lib/libssl/Symbols.list > $@.tmp && \
17 mv -f $@.tmp $@
18
19run-regress-symbols: symbols
20 ./symbols 2>/dev/null
21
22.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/symbols/symbols.awk b/src/regress/lib/libssl/symbols/symbols.awk
deleted file mode 100644
index ecbe25e393..0000000000
--- a/src/regress/lib/libssl/symbols/symbols.awk
+++ /dev/null
@@ -1,58 +0,0 @@
1# $OpenBSD: symbols.awk,v 1.4 2024/05/08 06:54:43 tb Exp $
2
3# Copyright (c) 2018,2020,2023 Theo Buehler <tb@openbsd.org>
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17# usage: awk -f symbols.awk < Symbols.list > symbols.c
18
19BEGIN {
20 printf("#include <stdio.h>\n\n")
21
22 printf("#include <openssl/dtls1.h>\n")
23 printf("#include <openssl/ssl.h>\n")
24 printf("#include <openssl/tls1.h>\n\n")
25
26 printf("#include <openssl/srtp.h>\n\n") # depends on ssl.h
27}
28
29{
30 symbols[$0] = $0
31
32 # Undefine aliases, so we don't accidentally leave them in Symbols.list.
33 printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0)
34}
35
36END {
37 printf("\nint\nmain(void)\n{\n")
38 printf("\tsize_t i;\n");
39
40 printf("\tstruct {\n")
41 printf("\t\tconst char *const name;\n")
42 printf("\t\tconst void *addr;\n")
43 printf("\t} symbols[] = {\n")
44
45 for (symbol in symbols) {
46 printf("\t\t{\n")
47 printf("\t\t\t.name = \"%s\",\n", symbol)
48 printf("\t\t\t.addr = &%s,\n", symbol)
49 printf("\t\t},\n")
50 }
51
52 printf("\t\};\n\n")
53
54 printf("\tfor (i = 0; i < sizeof(symbols) / sizeof(symbols[0]); i++)\n")
55 printf("\t\tfprintf(stderr, \"%%s: %%p\\n\", symbols[i].name, symbols[i].addr);\n")
56 printf("\n\tprintf(\"OK\\n\");\n")
57 printf("\n\treturn 0;\n}\n")
58}
diff --git a/src/regress/lib/libssl/tls/Makefile b/src/regress/lib/libssl/tls/Makefile
deleted file mode 100644
index 315ac692c3..0000000000
--- a/src/regress/lib/libssl/tls/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2024/03/20 10:38:05 jsing Exp $
2
3PROG= tlstest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS= \
10 regress-tlstest
11
12regress-tlstest: ${PROG}
13 ./tlstest \
14 ${.CURDIR}/../../libssl/certs/server1-rsa.pem \
15 ${.CURDIR}/../../libssl/certs/server1-rsa-chain.pem \
16 ${.CURDIR}/../../libssl/certs/ca-root-rsa.pem
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tls/tlstest.c b/src/regress/lib/libssl/tls/tlstest.c
deleted file mode 100644
index 8154e7576c..0000000000
--- a/src/regress/lib/libssl/tls/tlstest.c
+++ /dev/null
@@ -1,400 +0,0 @@
1/* $OpenBSD: tlstest.c,v 1.2 2023/07/02 17:21:33 beck Exp $ */
2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include <openssl/bio.h>
21#include <openssl/err.h>
22#include <openssl/ssl.h>
23
24const char *server_ca_file;
25const char *server_cert_file;
26const char *server_key_file;
27
28int debug = 0;
29
30static void
31hexdump(const unsigned char *buf, size_t len)
32{
33 size_t i;
34
35 for (i = 1; i <= len; i++)
36 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
37
38 if (len % 8)
39 fprintf(stderr, "\n");
40}
41
42static SSL *
43tls_client(BIO *rbio, BIO *wbio)
44{
45 SSL_CTX *ssl_ctx = NULL;
46 SSL *ssl = NULL;
47
48 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
49 errx(1, "client context");
50
51 if ((ssl = SSL_new(ssl_ctx)) == NULL)
52 errx(1, "client ssl");
53
54 BIO_up_ref(rbio);
55 BIO_up_ref(wbio);
56
57 SSL_set_bio(ssl, rbio, wbio);
58
59 SSL_CTX_free(ssl_ctx);
60
61 return ssl;
62}
63
64static SSL *
65tls_server(BIO *rbio, BIO *wbio)
66{
67 SSL_CTX *ssl_ctx = NULL;
68 SSL *ssl = NULL;
69
70 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
71 errx(1, "server context");
72
73 SSL_CTX_set_dh_auto(ssl_ctx, 2);
74
75 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
76 SSL_FILETYPE_PEM) != 1) {
77 fprintf(stderr, "FAIL: Failed to load server certificate");
78 goto failure;
79 }
80 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
81 SSL_FILETYPE_PEM) != 1) {
82 fprintf(stderr, "FAIL: Failed to load server private key");
83 goto failure;
84 }
85
86 if ((ssl = SSL_new(ssl_ctx)) == NULL)
87 errx(1, "server ssl");
88
89 BIO_up_ref(rbio);
90 BIO_up_ref(wbio);
91
92 SSL_set_bio(ssl, rbio, wbio);
93
94 failure:
95 SSL_CTX_free(ssl_ctx);
96
97 return ssl;
98}
99
100static int
101ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret)
102{
103 int ssl_err;
104
105 ssl_err = SSL_get_error(ssl, ssl_ret);
106
107 if (ssl_err == SSL_ERROR_WANT_READ) {
108 return 1;
109 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
110 return 1;
111 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
112 /* Yup, this is apparently a thing... */
113 } else {
114 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
115 name, desc, ssl_err, errno);
116 ERR_print_errors_fp(stderr);
117 return 0;
118 }
119
120 return 1;
121}
122
123static int
124do_connect(SSL *ssl, const char *name, int *done)
125{
126 int ssl_ret;
127
128 if ((ssl_ret = SSL_connect(ssl)) == 1) {
129 fprintf(stderr, "INFO: %s connect done\n", name);
130 *done = 1;
131 return 1;
132 }
133
134 return ssl_error(ssl, name, "connect", ssl_ret);
135}
136
137static int
138do_accept(SSL *ssl, const char *name, int *done)
139{
140 int ssl_ret;
141
142 if ((ssl_ret = SSL_accept(ssl)) == 1) {
143 fprintf(stderr, "INFO: %s accept done\n", name);
144 *done = 1;
145 return 1;
146 }
147
148 return ssl_error(ssl, name, "accept", ssl_ret);
149}
150
151static int
152do_read(SSL *ssl, const char *name, int *done)
153{
154 uint8_t buf[512];
155 int ssl_ret;
156
157 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) {
158 fprintf(stderr, "INFO: %s read done\n", name);
159 if (debug > 1)
160 hexdump(buf, ssl_ret);
161 *done = 1;
162 return 1;
163 }
164
165 return ssl_error(ssl, name, "read", ssl_ret);
166}
167
168static int
169do_write(SSL *ssl, const char *name, int *done)
170{
171 const uint8_t buf[] = "Hello, World!\n";
172 int ssl_ret;
173
174 if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) {
175 fprintf(stderr, "INFO: %s write done\n", name);
176 *done = 1;
177 return 1;
178 }
179
180 return ssl_error(ssl, name, "write", ssl_ret);
181}
182
183static int
184do_shutdown(SSL *ssl, const char *name, int *done)
185{
186 int ssl_ret;
187
188 ssl_ret = SSL_shutdown(ssl);
189 if (ssl_ret == 1) {
190 fprintf(stderr, "INFO: %s shutdown done\n", name);
191 *done = 1;
192 return 1;
193 }
194 return ssl_error(ssl, name, "shutdown", ssl_ret);
195}
196
197typedef int (*ssl_func)(SSL *ssl, const char *name, int *done);
198
199static int
200do_client_server_loop(SSL *client, ssl_func client_func, SSL *server,
201 ssl_func server_func)
202{
203 int client_done = 0, server_done = 0;
204 int i = 0;
205
206 do {
207 if (!client_done) {
208 if (debug)
209 fprintf(stderr, "DEBUG: client loop\n");
210 if (!client_func(client, "client", &client_done))
211 return 0;
212 }
213 if (!server_done) {
214 if (debug)
215 fprintf(stderr, "DEBUG: server loop\n");
216 if (!server_func(server, "server", &server_done))
217 return 0;
218 }
219 } while (i++ < 100 && (!client_done || !server_done));
220
221 if (!client_done || !server_done)
222 fprintf(stderr, "FAIL: gave up\n");
223
224 return client_done && server_done;
225}
226
227struct tls_test {
228 const unsigned char *desc;
229 const SSL_METHOD *(*client_method)(void);
230 uint16_t client_min_version;
231 uint16_t client_max_version;
232 const char *client_ciphers;
233 const SSL_METHOD *(*server_method)(void);
234 uint16_t server_min_version;
235 uint16_t server_max_version;
236 const char *server_ciphers;
237};
238
239static const struct tls_test tls_tests[] = {
240 {
241 .desc = "Default client and server",
242 },
243 {
244 .desc = "Default client and TLSv1.2 server",
245 .server_max_version = TLS1_2_VERSION,
246 },
247 {
248 .desc = "Default client and default server with ECDHE KEX",
249 .server_ciphers = "ECDHE-RSA-AES128-SHA",
250 },
251 {
252 .desc = "Default client and TLSv1.2 server with ECDHE KEX",
253 .server_max_version = TLS1_2_VERSION,
254 .server_ciphers = "ECDHE-RSA-AES128-SHA",
255 },
256 {
257 .desc = "Default client and default server with DHE KEX",
258 .server_ciphers = "DHE-RSA-AES128-SHA",
259 },
260 {
261 .desc = "Default client and TLSv1.2 server with DHE KEX",
262 .server_max_version = TLS1_2_VERSION,
263 .server_ciphers = "DHE-RSA-AES128-SHA",
264 },
265 {
266 .desc = "Default client and default server with RSA KEX",
267 .server_ciphers = "AES128-SHA",
268 },
269 {
270 .desc = "Default client and TLSv1.2 server with RSA KEX",
271 .server_max_version = TLS1_2_VERSION,
272 .server_ciphers = "AES128-SHA",
273 },
274 {
275 .desc = "TLSv1.2 client and default server",
276 .client_max_version = TLS1_2_VERSION,
277 },
278 {
279 .desc = "TLSv1.2 client and default server with ECDHE KEX",
280 .client_max_version = TLS1_2_VERSION,
281 .client_ciphers = "ECDHE-RSA-AES128-SHA",
282 },
283 {
284 .desc = "TLSv1.2 client and default server with DHE KEX",
285 .server_max_version = TLS1_2_VERSION,
286 .client_ciphers = "DHE-RSA-AES128-SHA",
287 },
288 {
289 .desc = "TLSv1.2 client and default server with RSA KEX",
290 .client_max_version = TLS1_2_VERSION,
291 .client_ciphers = "AES128-SHA",
292 },
293};
294
295#define N_TLS_TESTS (sizeof(tls_tests) / sizeof(*tls_tests))
296
297static int
298tlstest(const struct tls_test *tt)
299{
300 BIO *client_wbio = NULL, *server_wbio = NULL;
301 SSL *client = NULL, *server = NULL;
302 int failed = 1;
303
304 fprintf(stderr, "\n== Testing %s... ==\n", tt->desc);
305
306 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL)
307 goto failure;
308 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0)
309 goto failure;
310
311 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL)
312 goto failure;
313 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0)
314 goto failure;
315
316 if ((client = tls_client(server_wbio, client_wbio)) == NULL)
317 goto failure;
318 if (tt->client_min_version != 0) {
319 if (!SSL_set_min_proto_version(client, tt->client_min_version))
320 goto failure;
321 }
322 if (tt->client_max_version != 0) {
323 if (!SSL_set_max_proto_version(client, tt->client_max_version))
324 goto failure;
325 }
326 if (tt->client_ciphers != NULL) {
327 if (!SSL_set_cipher_list(client, tt->client_ciphers))
328 goto failure;
329 }
330
331 if ((server = tls_server(client_wbio, server_wbio)) == NULL)
332 goto failure;
333 if (tt->server_min_version != 0) {
334 if (!SSL_set_min_proto_version(server, tt->server_min_version))
335 goto failure;
336 }
337 if (tt->server_max_version != 0) {
338 if (!SSL_set_max_proto_version(server, tt->server_max_version))
339 goto failure;
340 }
341 if (tt->server_ciphers != NULL) {
342 if (!SSL_set_cipher_list(server, tt->server_ciphers))
343 goto failure;
344 }
345
346 if (!do_client_server_loop(client, do_connect, server, do_accept)) {
347 fprintf(stderr, "FAIL: client and server handshake failed\n");
348 goto failure;
349 }
350
351 if (!do_client_server_loop(client, do_write, server, do_read)) {
352 fprintf(stderr, "FAIL: client write and server read I/O failed\n");
353 goto failure;
354 }
355
356 if (!do_client_server_loop(client, do_read, server, do_write)) {
357 fprintf(stderr, "FAIL: client read and server write I/O failed\n");
358 goto failure;
359 }
360
361 if (!do_client_server_loop(client, do_shutdown, server, do_shutdown)) {
362 fprintf(stderr, "FAIL: client and server shutdown failed\n");
363 goto failure;
364 }
365
366 fprintf(stderr, "INFO: Done!\n");
367
368 failed = 0;
369
370 failure:
371 BIO_free(client_wbio);
372 BIO_free(server_wbio);
373
374 SSL_free(client);
375 SSL_free(server);
376
377 return failed;
378}
379
380int
381main(int argc, char **argv)
382{
383 int failed = 0;
384 size_t i;
385
386 if (argc != 4) {
387 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
388 argv[0]);
389 exit(1);
390 }
391
392 server_key_file = argv[1];
393 server_cert_file = argv[2];
394 server_ca_file = argv[3];
395
396 for (i = 0; i < N_TLS_TESTS; i++)
397 failed |= tlstest(&tls_tests[i]);
398
399 return failed;
400}
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 9ff441697f..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2022/06/29 15:06:18 tb Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index 4adf27421d..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,4702 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
6 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
7 *
8 * Permission to use, copy, modify, and distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#include <err.h>
22
23#include <openssl/tls1.h>
24
25#include "ssl_local.h"
26
27#include "bytestring.h"
28#include "ssl_tlsext.h"
29
30struct tls_extension_funcs {
31 int (*needs)(SSL *s, uint16_t msg_type);
32 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
33 int (*process)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
34};
35
36uint16_t tls_extension_type(const struct tls_extension *);
37const struct tls_extension *tls_extension_find(uint16_t, size_t *);
38const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *,
39 int);
40int tlsext_linearize_build_order(SSL *);
41
42static int
43tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
44 const struct tls_extension_funcs **server_funcs)
45{
46 const struct tls_extension *ext;
47 size_t idx;
48
49 if ((ext = tls_extension_find(type, &idx)) == NULL)
50 return 0;
51
52 if ((*client_funcs = tlsext_funcs(ext, 0)) == NULL)
53 return 0;
54
55 if ((*server_funcs = tlsext_funcs(ext, 1)) == NULL)
56 return 0;
57
58 return 1;
59}
60
61static void
62hexdump(const unsigned char *buf, size_t len)
63{
64 size_t i;
65
66 for (i = 1; i <= len; i++)
67 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
68
69 fprintf(stderr, "\n");
70}
71
72static void
73hexdump2(const uint16_t *buf, size_t len)
74{
75 size_t i;
76
77 for (i = 1; i <= len / 2; i++)
78 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
79
80 fprintf(stderr, "\n");
81}
82
83static void
84compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
85 size_t expect_len)
86{
87 fprintf(stderr, "received:\n");
88 hexdump(recv, recv_len);
89
90 fprintf(stderr, "test data:\n");
91 hexdump(expect, expect_len);
92}
93
94static void
95compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
96 size_t expect_len)
97{
98 fprintf(stderr, "received:\n");
99 hexdump2(recv, recv_len);
100
101 fprintf(stderr, "test data:\n");
102 hexdump2(expect, expect_len);
103}
104
105#define FAIL(msg, ...) \
106do { \
107 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
108 fprintf(stderr, msg, ##__VA_ARGS__); \
109} while(0)
110
111/*
112 * Supported Application-Layer Protocol Negotiation - RFC 7301
113 *
114 * There are already extensive unit tests for this so this just
115 * tests the state info.
116 */
117
118const uint8_t tlsext_alpn_multiple_protos_val[] = {
119 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
120 0x08, /* len */
121 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
122 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
123 0x09, /* len */
124 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
125};
126
127const uint8_t tlsext_alpn_multiple_protos[] = {
128 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
129 0x00, 0x13, /* len of all names */
130 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
131 0x08, /* len */
132 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
133 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
134 0x09, /* len */
135 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
136};
137
138const uint8_t tlsext_alpn_single_proto_val[] = {
139 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
140 0x08, /* len */
141 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
142};
143
144const uint8_t tlsext_alpn_single_proto_name[] = {
145 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
146};
147
148const uint8_t tlsext_alpn_single_proto[] = {
149 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
150 0x00, 0x09, /* len of all names */
151 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
152 0x08, /* len */
153 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
154};
155
156#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation
157
158static int
159test_tlsext_alpn_client(void)
160{
161 SSL_CTX *ssl_ctx = NULL;
162 SSL *ssl = NULL;
163 const struct tls_extension_funcs *client_funcs;
164 const struct tls_extension_funcs *server_funcs;
165 uint8_t *data = NULL;
166 CBB cbb;
167 CBS cbs;
168 int failure, alert;
169 size_t dlen;
170
171 failure = 1;
172
173 if (!CBB_init(&cbb, 0))
174 errx(1, "Failed to create CBB");
175
176 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
177 errx(1, "failed to create SSL_CTX");
178 if ((ssl = SSL_new(ssl_ctx)) == NULL)
179 errx(1, "failed to create SSL");
180
181 if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs))
182 errx(1, "failed to fetch ALPN funcs");
183
184 /* By default, we don't need this */
185 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
186 FAIL("client should not need ALPN by default\n");
187 goto err;
188 }
189
190 /*
191 * Prereqs:
192 * 1) Set s->alpn_client_proto_list
193 * - Using SSL_set_alpn_protos()
194 * 2) We have not finished or renegotiated.
195 * - s->s3->tmp.finish_md_len == 0
196 */
197 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
198 sizeof(tlsext_alpn_single_proto_val)) != 0) {
199 FAIL("should be able to set ALPN to http/1.1\n");
200 goto err;
201 }
202 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
203 FAIL("client should need ALPN by default\n");
204 goto err;
205 }
206
207 /* Make sure we can build the client with a single proto. */
208
209 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
210 FAIL("client failed to build ALPN\n");
211 goto err;
212 }
213 if (!CBB_finish(&cbb, &data, &dlen))
214 errx(1, "failed to finish CBB");
215
216 if (dlen != sizeof(tlsext_alpn_single_proto)) {
217 FAIL("got client ALPN with length %zu, "
218 "want length %zu\n", dlen,
219 sizeof(tlsext_alpn_single_proto));
220 compare_data(data, dlen, tlsext_alpn_single_proto,
221 sizeof(tlsext_alpn_single_proto));
222 goto err;
223 }
224 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
225 FAIL("client ALPN differs:\n");
226 compare_data(data, dlen, tlsext_alpn_single_proto,
227 sizeof(tlsext_alpn_single_proto));
228 goto err;
229 }
230
231 CBB_cleanup(&cbb);
232 if (!CBB_init(&cbb, 0))
233 errx(1, "Failed to create CBB");
234 free(data);
235 data = NULL;
236
237 /* Make sure we can parse the single proto. */
238
239 CBS_init(&cbs, tlsext_alpn_single_proto,
240 sizeof(tlsext_alpn_single_proto));
241 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
242 FAIL("failed to parse ALPN\n");
243 goto err;
244 }
245 if (CBS_len(&cbs) != 0) {
246 FAIL("extension data remaining\n");
247 goto err;
248 }
249
250 if (ssl->alpn_client_proto_list_len !=
251 sizeof(tlsext_alpn_single_proto_val)) {
252 FAIL("got client ALPN with length %zu, "
253 "want length %zu\n", dlen,
254 sizeof(tlsext_alpn_single_proto_val));
255 compare_data(ssl->alpn_client_proto_list,
256 ssl->alpn_client_proto_list_len,
257 tlsext_alpn_single_proto_val,
258 sizeof(tlsext_alpn_single_proto_val));
259 goto err;
260 }
261 if (memcmp(ssl->alpn_client_proto_list,
262 tlsext_alpn_single_proto_val,
263 sizeof(tlsext_alpn_single_proto_val)) != 0) {
264 FAIL("client ALPN differs:\n");
265 compare_data(data, dlen, tlsext_alpn_single_proto_val,
266 sizeof(tlsext_alpn_single_proto_val));
267 goto err;
268 }
269
270 /* Make sure we can build the clienthello with multiple entries. */
271
272 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
273 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
274 FAIL("should be able to set ALPN to http/1.1\n");
275 goto err;
276 }
277 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
278 FAIL("client should need ALPN by now\n");
279 goto err;
280 }
281
282 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
283 FAIL("client failed to build ALPN\n");
284 goto err;
285 }
286 if (!CBB_finish(&cbb, &data, &dlen))
287 errx(1, "failed to finish CBB");
288
289 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
290 FAIL("got client ALPN with length %zu, "
291 "want length %zu\n", dlen,
292 sizeof(tlsext_alpn_multiple_protos));
293 compare_data(data, dlen, tlsext_alpn_multiple_protos,
294 sizeof(tlsext_alpn_multiple_protos));
295 goto err;
296 }
297 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
298 FAIL("client ALPN differs:\n");
299 compare_data(data, dlen, tlsext_alpn_multiple_protos,
300 sizeof(tlsext_alpn_multiple_protos));
301 goto err;
302 }
303
304 /* Make sure we can parse multiple protos */
305
306 CBS_init(&cbs, tlsext_alpn_multiple_protos,
307 sizeof(tlsext_alpn_multiple_protos));
308 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
309 FAIL("failed to parse ALPN\n");
310 goto err;
311 }
312 if (CBS_len(&cbs) != 0) {
313 FAIL("extension data remaining\n");
314 goto err;
315 }
316
317 if (ssl->alpn_client_proto_list_len !=
318 sizeof(tlsext_alpn_multiple_protos_val)) {
319 FAIL("got client ALPN with length %zu, "
320 "want length %zu\n", dlen,
321 sizeof(tlsext_alpn_multiple_protos_val));
322 compare_data(ssl->alpn_client_proto_list,
323 ssl->alpn_client_proto_list_len,
324 tlsext_alpn_multiple_protos_val,
325 sizeof(tlsext_alpn_multiple_protos_val));
326 goto err;
327 }
328 if (memcmp(ssl->alpn_client_proto_list,
329 tlsext_alpn_multiple_protos_val,
330 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
331 FAIL("client ALPN differs:\n");
332 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
333 sizeof(tlsext_alpn_multiple_protos_val));
334 goto err;
335 }
336
337 /* Make sure we can remove the list and avoid ALPN */
338
339 free(ssl->alpn_client_proto_list);
340 ssl->alpn_client_proto_list = NULL;
341 ssl->alpn_client_proto_list_len = 0;
342
343 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
344 FAIL("client should need ALPN by default\n");
345 goto err;
346 }
347
348 failure = 0;
349
350 err:
351 CBB_cleanup(&cbb);
352 SSL_CTX_free(ssl_ctx);
353 SSL_free(ssl);
354 free(data);
355
356 return (failure);
357}
358
359static int
360test_tlsext_alpn_server(void)
361{
362 SSL_CTX *ssl_ctx = NULL;
363 SSL *ssl = NULL;
364 const struct tls_extension_funcs *client_funcs;
365 const struct tls_extension_funcs *server_funcs;
366 uint8_t *data = NULL;
367 CBB cbb;
368 CBS cbs;
369 int failure, alert;
370 size_t dlen;
371
372 failure = 1;
373
374 if (!CBB_init(&cbb, 0))
375 errx(1, "Failed to create CBB");
376
377 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
378 errx(1, "failed to create SSL_CTX");
379 if ((ssl = SSL_new(ssl_ctx)) == NULL)
380 errx(1, "failed to create SSL");
381
382 if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs))
383 errx(1, "failed to fetch ALPN funcs");
384
385 /* By default, ALPN isn't needed. */
386 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
387 FAIL("server should not need ALPN by default\n");
388 goto err;
389 }
390
391 /*
392 * The server has a single ALPN selection which is set by
393 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
394 *
395 * This will be a plain name and separate length.
396 */
397 if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
398 errx(1, "failed to malloc");
399 }
400 memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name,
401 sizeof(tlsext_alpn_single_proto_name));
402 ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
403
404 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
405 FAIL("server should need ALPN after a protocol is selected\n");
406 goto err;
407 }
408
409 /* Make sure we can build a server with one protocol */
410
411 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
412 FAIL("server should be able to build a response\n");
413 goto err;
414 }
415 if (!CBB_finish(&cbb, &data, &dlen))
416 errx(1, "failed to finish CBB");
417
418 if (dlen != sizeof(tlsext_alpn_single_proto)) {
419 FAIL("got client ALPN with length %zu, "
420 "want length %zu\n", dlen,
421 sizeof(tlsext_alpn_single_proto));
422 compare_data(data, dlen, tlsext_alpn_single_proto,
423 sizeof(tlsext_alpn_single_proto));
424 goto err;
425 }
426 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
427 FAIL("client ALPN differs:\n");
428 compare_data(data, dlen, tlsext_alpn_single_proto,
429 sizeof(tlsext_alpn_single_proto));
430 goto err;
431 }
432
433 CBB_cleanup(&cbb);
434 if (!CBB_init(&cbb, 0))
435 errx(1, "Failed to create CBB");
436 free(data);
437 data = NULL;
438
439 /* Make sure we can parse the single proto. */
440
441 CBS_init(&cbs, tlsext_alpn_single_proto,
442 sizeof(tlsext_alpn_single_proto));
443
444 /* Shouldn't be able to parse without requesting */
445 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
446 FAIL("Should only parse server if we requested it\n");
447 goto err;
448 }
449
450 /* Should be able to parse once requested. */
451 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
452 sizeof(tlsext_alpn_single_proto_val)) != 0) {
453 FAIL("should be able to set ALPN to http/1.1\n");
454 goto err;
455 }
456 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
457 FAIL("Should be able to parse server when we request it\n");
458 goto err;
459 }
460 if (CBS_len(&cbs) != 0) {
461 FAIL("extension data remaining\n");
462 goto err;
463 }
464
465 if (ssl->s3->alpn_selected_len !=
466 sizeof(tlsext_alpn_single_proto_name)) {
467 FAIL("got server ALPN with length %zu, "
468 "want length %zu\n", dlen,
469 sizeof(tlsext_alpn_single_proto_name));
470 compare_data(ssl->s3->alpn_selected,
471 ssl->s3->alpn_selected_len,
472 tlsext_alpn_single_proto_name,
473 sizeof(tlsext_alpn_single_proto_name));
474 goto err;
475 }
476 if (memcmp(ssl->s3->alpn_selected,
477 tlsext_alpn_single_proto_name,
478 sizeof(tlsext_alpn_single_proto_name)) != 0) {
479 FAIL("server ALPN differs:\n");
480 compare_data(ssl->s3->alpn_selected,
481 ssl->s3->alpn_selected_len,
482 tlsext_alpn_single_proto_name,
483 sizeof(tlsext_alpn_single_proto_name));
484 goto err;
485 }
486
487 /*
488 * We should NOT be able to build a server with multiple
489 * protocol names. However, the existing code did not check for this
490 * case because it is passed in as an encoded value.
491 */
492
493 /* Make sure we can remove the list and avoid ALPN */
494
495 free(ssl->s3->alpn_selected);
496 ssl->s3->alpn_selected = NULL;
497 ssl->s3->alpn_selected_len = 0;
498
499 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
500 FAIL("server should not need ALPN by default\n");
501 goto err;
502 }
503
504 failure = 0;
505
506 err:
507 CBB_cleanup(&cbb);
508 SSL_CTX_free(ssl_ctx);
509 SSL_free(ssl);
510 free(data);
511
512 return (failure);
513
514}
515
516/*
517 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
518 *
519 * This extension is only used by the client.
520 */
521
522static const uint8_t tlsext_supportedgroups_client_default[] = {
523 0x00, 0x08,
524 0x00, 0x1d, /* X25519 (29) */
525 0x00, 0x17, /* secp256r1 (23) */
526 0x00, 0x18, /* secp384r1 (24) */
527 0x00, 0x19, /* secp521r1 (25) */
528};
529
530static const uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
531 0x0018 /* tls1_ec_nid2group_id(NID_secp384r1) */
532};
533static const uint8_t tlsext_supportedgroups_client_secp384r1[] = {
534 0x00, 0x02,
535 0x00, 0x18 /* secp384r1 (24) */
536};
537
538/* Example from RFC 4492 section 5.1.1 */
539static const uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
540 0x0013, /* tls1_ec_nid2group_id(NID_X9_62_prime192v1) */
541 0x0015 /* tls1_ec_nid2group_id(NID_secp224r1) */
542};
543static const uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
544 0x00, 0x04,
545 0x00, 0x13, /* secp192r1 aka NIST P-192 */
546 0x00, 0x15 /* secp224r1 aka NIST P-224 */
547};
548
549static int
550test_tlsext_supportedgroups_client(void)
551{
552 unsigned char *data = NULL;
553 SSL_CTX *ssl_ctx = NULL;
554 SSL *ssl = NULL;
555 const struct tls_extension_funcs *client_funcs;
556 const struct tls_extension_funcs *server_funcs;
557 size_t dlen;
558 int failure, alert;
559 CBB cbb;
560 CBS cbs;
561
562 failure = 1;
563
564 if (!CBB_init(&cbb, 0))
565 errx(1, "failed to create CBB");
566
567 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
568 errx(1, "failed to create SSL_CTX");
569 if ((ssl = SSL_new(ssl_ctx)) == NULL)
570 errx(1, "failed to create SSL");
571
572 if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs,
573 &server_funcs))
574 errx(1, "failed to fetch supported groups funcs");
575
576 /*
577 * Default ciphers include EC so we need it by default.
578 */
579 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
580 FAIL("client should need Ellipticcurves for default "
581 "ciphers\n");
582 goto err;
583 }
584
585 /*
586 * Exclude cipher suites so we can test not including it.
587 */
588 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
589 FAIL("client should be able to set cipher list\n");
590 goto err;
591 }
592 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
593 FAIL("client should not need Ellipticcurves\n");
594 goto err;
595 }
596
597 /*
598 * Use libtls default for the rest of the testing
599 */
600 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
601 FAIL("client should be able to set cipher list\n");
602 goto err;
603 }
604 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
605 FAIL("client should need Ellipticcurves\n");
606 goto err;
607 }
608
609 /*
610 * Test with a session secp384r1. The default is used instead.
611 */
612 if ((ssl->session = SSL_SESSION_new()) == NULL)
613 errx(1, "failed to create session");
614
615 if ((ssl->session->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
616 == NULL) {
617 FAIL("client could not malloc\n");
618 goto err;
619 }
620 if (!tls1_ec_nid2group_id(NID_secp384r1,
621 &ssl->session->tlsext_supportedgroups[0]))
622 goto err;
623 ssl->session->tlsext_supportedgroups_length = 1;
624
625 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
626 FAIL("client should need Ellipticcurves\n");
627 goto err;
628 }
629
630 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
631 FAIL("client failed to build Ellipticcurves\n");
632 goto err;
633 }
634
635 if (!CBB_finish(&cbb, &data, &dlen))
636 errx(1, "failed to finish CBB");
637
638 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
639 FAIL("got client Ellipticcurves with length %zu, "
640 "want length %zu\n", dlen,
641 sizeof(tlsext_supportedgroups_client_default));
642 compare_data(data, dlen, tlsext_supportedgroups_client_default,
643 sizeof(tlsext_supportedgroups_client_default));
644 goto err;
645 }
646
647 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
648 FAIL("client Ellipticcurves differs:\n");
649 compare_data(data, dlen, tlsext_supportedgroups_client_default,
650 sizeof(tlsext_supportedgroups_client_default));
651 goto err;
652 }
653
654 /*
655 * Test parsing secp384r1
656 */
657 CBB_cleanup(&cbb);
658 if (!CBB_init(&cbb, 0))
659 errx(1, "Failed to create CBB");
660 free(data);
661 data = NULL;
662
663 SSL_SESSION_free(ssl->session);
664 if ((ssl->session = SSL_SESSION_new()) == NULL)
665 errx(1, "failed to create session");
666
667 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
668 sizeof(tlsext_supportedgroups_client_secp384r1));
669 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
670 FAIL("failed to parse client Ellipticcurves\n");
671 goto err;
672 }
673 if (CBS_len(&cbs) != 0) {
674 FAIL("extension data remaining\n");
675 goto err;
676 }
677
678 if (ssl->session->tlsext_supportedgroups_length !=
679 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
680 FAIL("no tlsext_ellipticcurves from client "
681 "Ellipticcurves\n");
682 goto err;
683 }
684
685 if (memcmp(ssl->session->tlsext_supportedgroups,
686 tlsext_supportedgroups_client_secp384r1_val,
687 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
688 FAIL("client had an incorrect Ellipticcurves "
689 "entry\n");
690 compare_data2(ssl->session->tlsext_supportedgroups,
691 ssl->session->tlsext_supportedgroups_length * 2,
692 tlsext_supportedgroups_client_secp384r1_val,
693 sizeof(tlsext_supportedgroups_client_secp384r1_val));
694 goto err;
695 }
696
697 /*
698 * Use a custom order.
699 */
700 CBB_cleanup(&cbb);
701 if (!CBB_init(&cbb, 0))
702 errx(1, "Failed to create CBB");
703
704 SSL_SESSION_free(ssl->session);
705 if ((ssl->session = SSL_SESSION_new()) == NULL)
706 errx(1, "failed to create session");
707
708 if ((ssl->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
709 FAIL("client could not malloc\n");
710 goto err;
711 }
712 if (!tls1_ec_nid2group_id(NID_X9_62_prime192v1,
713 &ssl->tlsext_supportedgroups[0]))
714 goto err;
715 if (!tls1_ec_nid2group_id(NID_secp224r1,
716 &ssl->tlsext_supportedgroups[1]))
717 goto err;
718 ssl->tlsext_supportedgroups_length = 2;
719
720 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
721 FAIL("client should need Ellipticcurves\n");
722 goto err;
723 }
724
725 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
726 FAIL("client failed to build Ellipticcurves\n");
727 goto err;
728 }
729
730 if (!CBB_finish(&cbb, &data, &dlen))
731 errx(1, "failed to finish CBB");
732
733 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
734 FAIL("got client Ellipticcurves with length %zu, "
735 "want length %zu\n", dlen,
736 sizeof(tlsext_supportedgroups_client_nistp192and224));
737 fprintf(stderr, "received:\n");
738 hexdump(data, dlen);
739 fprintf(stderr, "test data:\n");
740 hexdump(tlsext_supportedgroups_client_nistp192and224,
741 sizeof(tlsext_supportedgroups_client_nistp192and224));
742 goto err;
743 }
744
745 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
746 FAIL("client Ellipticcurves differs:\n");
747 fprintf(stderr, "received:\n");
748 hexdump(data, dlen);
749 fprintf(stderr, "test data:\n");
750 hexdump(tlsext_supportedgroups_client_nistp192and224,
751 sizeof(tlsext_supportedgroups_client_nistp192and224));
752 goto err;
753 }
754
755 /*
756 * Parse non-default curves to session.
757 */
758 CBB_cleanup(&cbb);
759 if (!CBB_init(&cbb, 0))
760 errx(1, "Failed to create CBB");
761 free(data);
762 data = NULL;
763
764 SSL_SESSION_free(ssl->session);
765 if ((ssl->session = SSL_SESSION_new()) == NULL)
766 errx(1, "failed to create session");
767
768 /* Reset back to the default list. */
769 free(ssl->tlsext_supportedgroups);
770 ssl->tlsext_supportedgroups = NULL;
771 ssl->tlsext_supportedgroups_length = 0;
772
773 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
774 sizeof(tlsext_supportedgroups_client_nistp192and224));
775 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
776 FAIL("failed to parse client Ellipticcurves\n");
777 goto err;
778 }
779 if (CBS_len(&cbs) != 0) {
780 FAIL("extension data remaining\n");
781 goto err;
782 }
783
784 if (ssl->session->tlsext_supportedgroups_length !=
785 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
786 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
787 goto err;
788 }
789
790 if (memcmp(ssl->session->tlsext_supportedgroups,
791 tlsext_supportedgroups_client_nistp192and224_val,
792 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
793 FAIL("client had an incorrect Ellipticcurves entry\n");
794 compare_data2(ssl->session->tlsext_supportedgroups,
795 ssl->session->tlsext_supportedgroups_length * 2,
796 tlsext_supportedgroups_client_nistp192and224_val,
797 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
798 goto err;
799 }
800
801 failure = 0;
802
803 err:
804 CBB_cleanup(&cbb);
805 SSL_CTX_free(ssl_ctx);
806 SSL_free(ssl);
807 free(data);
808
809 return (failure);
810}
811
812
813/* elliptic_curves is only used by the client so this doesn't test much. */
814static int
815test_tlsext_supportedgroups_server(void)
816{
817 SSL_CTX *ssl_ctx = NULL;
818 SSL *ssl = NULL;
819 const struct tls_extension_funcs *client_funcs;
820 const struct tls_extension_funcs *server_funcs;
821 int failure;
822
823 failure = 1;
824
825 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
826 errx(1, "failed to create SSL_CTX");
827 if ((ssl = SSL_new(ssl_ctx)) == NULL)
828 errx(1, "failed to create SSL");
829
830 if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs,
831 &server_funcs))
832 errx(1, "failed to fetch supported groups funcs");
833
834 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
835 FAIL("server should not need elliptic_curves\n");
836 goto err;
837 }
838
839 if ((ssl->session = SSL_SESSION_new()) == NULL)
840 errx(1, "failed to create session");
841
842 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
843 FAIL("server should not need elliptic_curves\n");
844 goto err;
845 }
846
847 failure = 0;
848
849 err:
850 SSL_CTX_free(ssl_ctx);
851 SSL_free(ssl);
852
853 return (failure);
854
855}
856
857/*
858 * Supported Point Formats - RFC 4492 section 5.1.2.
859 *
860 * Examples are from the RFC. Both client and server have the same build and
861 * parse but the needs differ.
862 */
863
864static const uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
865 TLSEXT_ECPOINTFORMAT_uncompressed
866};
867static const uint8_t tlsext_ecpf_hello_uncompressed[] = {
868 0x01,
869 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
870};
871
872static const uint8_t tlsext_ecpf_hello_prime[] = {
873 0x01,
874 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
875};
876
877static const uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
878 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
879 TLSEXT_ECPOINTFORMAT_uncompressed,
880 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
881};
882static const uint8_t tlsext_ecpf_hello_prefer_order[] = {
883 0x03,
884 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
885 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
886 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
887};
888
889static int
890test_tlsext_ecpf_client(void)
891{
892 uint8_t *data = NULL;
893 SSL_CTX *ssl_ctx = NULL;
894 SSL *ssl = NULL;
895 const struct tls_extension_funcs *client_funcs;
896 const struct tls_extension_funcs *server_funcs;
897 size_t dlen;
898 int failure, alert;
899 CBB cbb;
900 CBS cbs;
901
902 failure = 1;
903
904 if (!CBB_init(&cbb, 0))
905 errx(1, "Failed to create CBB");
906
907 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
908 errx(1, "failed to create SSL_CTX");
909 if ((ssl = SSL_new(ssl_ctx)) == NULL)
910 errx(1, "failed to create SSL");
911
912 if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs,
913 &server_funcs))
914 errx(1, "failed to fetch ecpf funcs");
915
916 /*
917 * Default ciphers include EC so we need it by default.
918 */
919 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
920 FAIL("client should need ECPointFormats for default "
921 "ciphers\n");
922 goto err;
923 }
924
925 /*
926 * Exclude EC cipher suites so we can test not including it.
927 */
928 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
929 FAIL("client should be able to set cipher list\n");
930 goto err;
931 }
932 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
933 FAIL("client should not need ECPointFormats\n");
934 goto err;
935 }
936
937 /*
938 * Use libtls default for the rest of the testing
939 */
940 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
941 FAIL("client should be able to set cipher list\n");
942 goto err;
943 }
944 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
945 FAIL("client should need ECPointFormats\n");
946 goto err;
947 }
948
949 /*
950 * The default ECPointFormats should only have uncompressed
951 */
952 if ((ssl->session = SSL_SESSION_new()) == NULL)
953 errx(1, "failed to create session");
954
955 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
956 FAIL("client failed to build ECPointFormats\n");
957 goto err;
958 }
959
960 if (!CBB_finish(&cbb, &data, &dlen))
961 errx(1, "failed to finish CBB");
962
963 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
964 FAIL("got client ECPointFormats with length %zu, "
965 "want length %zu\n", dlen,
966 sizeof(tlsext_ecpf_hello_uncompressed));
967 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
968 sizeof(tlsext_ecpf_hello_uncompressed));
969 goto err;
970 }
971
972 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
973 FAIL("client ECPointFormats differs:\n");
974 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
975 sizeof(tlsext_ecpf_hello_uncompressed));
976 goto err;
977 }
978
979 /*
980 * Make sure we can parse the default.
981 */
982 CBB_cleanup(&cbb);
983 if (!CBB_init(&cbb, 0))
984 errx(1, "Failed to create CBB");
985 free(data);
986 data = NULL;
987
988 SSL_SESSION_free(ssl->session);
989 if ((ssl->session = SSL_SESSION_new()) == NULL)
990 errx(1, "failed to create session");
991
992 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
993 sizeof(tlsext_ecpf_hello_uncompressed));
994 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
995 FAIL("failed to parse client ECPointFormats\n");
996 goto err;
997 }
998 if (CBS_len(&cbs) != 0) {
999 FAIL("extension data remaining\n");
1000 goto err;
1001 }
1002
1003 if (ssl->session->tlsext_ecpointformatlist_length !=
1004 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
1005 FAIL("no tlsext_ecpointformats from client "
1006 "ECPointFormats\n");
1007 goto err;
1008 }
1009
1010 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1011 tlsext_ecpf_hello_uncompressed_val,
1012 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
1013 FAIL("client had an incorrect ECPointFormats entry\n");
1014 goto err;
1015 }
1016
1017 /*
1018 * Test with a custom order.
1019 */
1020 CBB_cleanup(&cbb);
1021 if (!CBB_init(&cbb, 0))
1022 errx(1, "Failed to create CBB");
1023 free(data);
1024 data = NULL;
1025
1026 SSL_SESSION_free(ssl->session);
1027 if ((ssl->session = SSL_SESSION_new()) == NULL)
1028 errx(1, "failed to create session");
1029
1030 if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1031 FAIL("client could not malloc\n");
1032 goto err;
1033 }
1034 ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1035 ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1036 ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1037 ssl->tlsext_ecpointformatlist_length = 3;
1038
1039 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1040 FAIL("client should need ECPointFormats with a custom "
1041 "format\n");
1042 goto err;
1043 }
1044
1045 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1046 FAIL("client failed to build ECPointFormats\n");
1047 goto err;
1048 }
1049
1050 if (!CBB_finish(&cbb, &data, &dlen))
1051 errx(1, "failed to finish CBB");
1052
1053 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1054 FAIL("got client ECPointFormats with length %zu, "
1055 "want length %zu\n", dlen,
1056 sizeof(tlsext_ecpf_hello_prefer_order));
1057 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1058 sizeof(tlsext_ecpf_hello_prefer_order));
1059 goto err;
1060 }
1061
1062 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1063 FAIL("client ECPointFormats differs:\n");
1064 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1065 sizeof(tlsext_ecpf_hello_prefer_order));
1066 goto err;
1067 }
1068
1069 /*
1070 * Make sure that we can parse this custom order.
1071 */
1072 CBB_cleanup(&cbb);
1073 if (!CBB_init(&cbb, 0))
1074 errx(1, "Failed to create CBB");
1075 free(data);
1076 data = NULL;
1077
1078 SSL_SESSION_free(ssl->session);
1079 if ((ssl->session = SSL_SESSION_new()) == NULL)
1080 errx(1, "failed to create session");
1081
1082 /* Reset the custom list so we go back to the default uncompressed. */
1083 free(ssl->tlsext_ecpointformatlist);
1084 ssl->tlsext_ecpointformatlist = NULL;
1085 ssl->tlsext_ecpointformatlist_length = 0;
1086
1087 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1088 sizeof(tlsext_ecpf_hello_prefer_order));
1089 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1090 FAIL("failed to parse client ECPointFormats\n");
1091 goto err;
1092 }
1093 if (CBS_len(&cbs) != 0) {
1094 FAIL("extension data remaining\n");
1095 goto err;
1096 }
1097
1098 if (ssl->session->tlsext_ecpointformatlist_length !=
1099 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1100 FAIL("no tlsext_ecpointformats from client "
1101 "ECPointFormats\n");
1102 goto err;
1103 }
1104
1105 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1106 tlsext_ecpf_hello_prefer_order_val,
1107 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1108 FAIL("client had an incorrect ECPointFormats entry\n");
1109 goto err;
1110 }
1111
1112 failure = 0;
1113
1114 err:
1115 CBB_cleanup(&cbb);
1116 SSL_CTX_free(ssl_ctx);
1117 SSL_free(ssl);
1118 free(data);
1119
1120 return (failure);
1121}
1122
1123static int
1124test_tlsext_ecpf_server(void)
1125{
1126 uint8_t *data = NULL;
1127 SSL_CTX *ssl_ctx = NULL;
1128 SSL *ssl = NULL;
1129 const struct tls_extension_funcs *client_funcs;
1130 const struct tls_extension_funcs *server_funcs;
1131 size_t dlen;
1132 int failure, alert;
1133 CBB cbb;
1134 CBS cbs;
1135
1136 failure = 1;
1137
1138 if (!CBB_init(&cbb, 0))
1139 errx(1, "Failed to create CBB");
1140
1141 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1142 errx(1, "failed to create SSL_CTX");
1143 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1144 errx(1, "failed to create SSL");
1145
1146 if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs,
1147 &server_funcs))
1148 errx(1, "failed to fetch ecpf funcs");
1149
1150 if ((ssl->session = SSL_SESSION_new()) == NULL)
1151 errx(1, "failed to create session");
1152
1153 /* Setup the state so we can call needs. */
1154 if ((ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0xcca9)) == NULL) {
1155 FAIL("server cannot find cipher\n");
1156 goto err;
1157 }
1158 if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1159 == NULL) {
1160 FAIL("server could not malloc\n");
1161 goto err;
1162 }
1163 ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1164 ssl->session->tlsext_ecpointformatlist_length = 1;
1165
1166 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1167 FAIL("server should need ECPointFormats now\n");
1168 goto err;
1169 }
1170
1171 /*
1172 * The server will ignore the session list and use either a custom
1173 * list or the default (uncompressed).
1174 */
1175 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1176 FAIL("server failed to build ECPointFormats\n");
1177 goto err;
1178 }
1179
1180 if (!CBB_finish(&cbb, &data, &dlen))
1181 errx(1, "failed to finish CBB");
1182
1183 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1184 FAIL("got server ECPointFormats with length %zu, "
1185 "want length %zu\n", dlen,
1186 sizeof(tlsext_ecpf_hello_uncompressed));
1187 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1188 sizeof(tlsext_ecpf_hello_uncompressed));
1189 goto err;
1190 }
1191
1192 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1193 FAIL("server ECPointFormats differs:\n");
1194 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1195 sizeof(tlsext_ecpf_hello_uncompressed));
1196 goto err;
1197 }
1198
1199 /*
1200 * Cannot parse a non-default list without at least uncompressed.
1201 */
1202 CBB_cleanup(&cbb);
1203 if (!CBB_init(&cbb, 0))
1204 errx(1, "Failed to create CBB");
1205 free(data);
1206 data = NULL;
1207
1208 SSL_SESSION_free(ssl->session);
1209 if ((ssl->session = SSL_SESSION_new()) == NULL)
1210 errx(1, "failed to create session");
1211
1212 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1213 sizeof(tlsext_ecpf_hello_prime));
1214 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1215 FAIL("must include uncompressed in server ECPointFormats\n");
1216 goto err;
1217 }
1218 if (CBS_len(&cbs) != 0) {
1219 FAIL("extension data remaining\n");
1220 goto err;
1221 }
1222
1223 /*
1224 * Test with a custom order that replaces the default uncompressed.
1225 */
1226 CBB_cleanup(&cbb);
1227 if (!CBB_init(&cbb, 0))
1228 errx(1, "Failed to create CBB");
1229 free(data);
1230 data = NULL;
1231
1232 SSL_SESSION_free(ssl->session);
1233 if ((ssl->session = SSL_SESSION_new()) == NULL)
1234 errx(1, "failed to create session");
1235
1236 /* Add a session list even though it will be ignored. */
1237 if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1238 == NULL) {
1239 FAIL("server could not malloc\n");
1240 goto err;
1241 }
1242 ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1243 ssl->session->tlsext_ecpointformatlist_length = 1;
1244
1245 /* Replace the default list with a custom one. */
1246 if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1247 FAIL("server could not malloc\n");
1248 goto err;
1249 }
1250 ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1251 ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1252 ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1253 ssl->tlsext_ecpointformatlist_length = 3;
1254
1255 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1256 FAIL("server should need ECPointFormats\n");
1257 goto err;
1258 }
1259
1260 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1261 FAIL("server failed to build ECPointFormats\n");
1262 goto err;
1263 }
1264
1265 if (!CBB_finish(&cbb, &data, &dlen))
1266 errx(1, "failed to finish CBB");
1267
1268 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1269 FAIL("got server ECPointFormats with length %zu, "
1270 "want length %zu\n", dlen,
1271 sizeof(tlsext_ecpf_hello_prefer_order));
1272 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1273 sizeof(tlsext_ecpf_hello_prefer_order));
1274 goto err;
1275 }
1276
1277 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1278 FAIL("server ECPointFormats differs:\n");
1279 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1280 sizeof(tlsext_ecpf_hello_prefer_order));
1281 goto err;
1282 }
1283
1284 /*
1285 * Should be able to parse the custom list into a session list.
1286 */
1287 CBB_cleanup(&cbb);
1288 if (!CBB_init(&cbb, 0))
1289 errx(1, "Failed to create CBB");
1290 free(data);
1291 data = NULL;
1292
1293 SSL_SESSION_free(ssl->session);
1294 if ((ssl->session = SSL_SESSION_new()) == NULL)
1295 errx(1, "failed to create session");
1296
1297 /* Reset back to the default (uncompressed) */
1298 free(ssl->tlsext_ecpointformatlist);
1299 ssl->tlsext_ecpointformatlist = NULL;
1300 ssl->tlsext_ecpointformatlist_length = 0;
1301
1302 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1303 sizeof(tlsext_ecpf_hello_prefer_order));
1304 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1305 FAIL("failed to parse server ECPointFormats\n");
1306 goto err;
1307 }
1308 if (CBS_len(&cbs) != 0) {
1309 FAIL("extension data remaining\n");
1310 goto err;
1311 }
1312
1313 if (ssl->session->tlsext_ecpointformatlist_length !=
1314 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1315 FAIL("no tlsext_ecpointformats from server "
1316 "ECPointFormats\n");
1317 goto err;
1318 }
1319
1320 if (memcmp(ssl->session->tlsext_ecpointformatlist,
1321 tlsext_ecpf_hello_prefer_order_val,
1322 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1323 FAIL("server had an incorrect ECPointFormats entry\n");
1324 goto err;
1325 }
1326
1327 failure = 0;
1328
1329 err:
1330 CBB_cleanup(&cbb);
1331 SSL_CTX_free(ssl_ctx);
1332 SSL_free(ssl);
1333 free(data);
1334
1335 return (failure);
1336}
1337
1338/*
1339 * Renegotiation Indication - RFC 5746.
1340 */
1341
1342static const unsigned char tlsext_ri_prev_client[] = {
1343 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1344 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1345};
1346
1347static const unsigned char tlsext_ri_prev_server[] = {
1348 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1349 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1350};
1351
1352static const unsigned char tlsext_ri_client[] = {
1353 0x10,
1354 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1355 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1356};
1357
1358static const unsigned char tlsext_ri_server[] = {
1359 0x20,
1360 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1361 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1362 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1363 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1364};
1365
1366static int
1367test_tlsext_ri_client(void)
1368{
1369 unsigned char *data = NULL;
1370 SSL_CTX *ssl_ctx = NULL;
1371 SSL *ssl = NULL;
1372 const struct tls_extension_funcs *client_funcs;
1373 const struct tls_extension_funcs *server_funcs;
1374 int failure;
1375 size_t dlen;
1376 int alert;
1377 CBB cbb;
1378 CBS cbs;
1379
1380 failure = 1;
1381
1382 if (!CBB_init(&cbb, 0))
1383 errx(1, "Failed to create CBB");
1384
1385 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1386 errx(1, "failed to create SSL_CTX");
1387 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1388 errx(1, "failed to create SSL");
1389
1390 if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs,
1391 &server_funcs))
1392 errx(1, "failed to fetch ri funcs");
1393
1394 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1395 FAIL("client should not need RI\n");
1396 goto err;
1397 }
1398
1399 if (!SSL_renegotiate(ssl)) {
1400 FAIL("client failed to set renegotiate\n");
1401 goto err;
1402 }
1403
1404 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1405 FAIL("client should need RI\n");
1406 goto err;
1407 }
1408
1409 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1410 sizeof(tlsext_ri_prev_client));
1411 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1412
1413 ssl->s3->renegotiate_seen = 0;
1414
1415 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1416 FAIL("client failed to build RI\n");
1417 goto err;
1418 }
1419
1420 if (!CBB_finish(&cbb, &data, &dlen))
1421 errx(1, "failed to finish CBB");
1422
1423 if (dlen != sizeof(tlsext_ri_client)) {
1424 FAIL("got client RI with length %zu, "
1425 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1426 goto err;
1427 }
1428
1429 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1430 FAIL("client RI differs:\n");
1431 fprintf(stderr, "received:\n");
1432 hexdump(data, dlen);
1433 fprintf(stderr, "test data:\n");
1434 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1435 goto err;
1436 }
1437
1438 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1439 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1440 FAIL("failed to parse client RI\n");
1441 goto err;
1442 }
1443 if (CBS_len(&cbs) != 0) {
1444 FAIL("extension data remaining\n");
1445 goto err;
1446 }
1447
1448 if (ssl->s3->renegotiate_seen != 1) {
1449 FAIL("renegotiate seen not set\n");
1450 goto err;
1451 }
1452 if (ssl->s3->send_connection_binding != 1) {
1453 FAIL("send connection binding not set\n");
1454 goto err;
1455 }
1456
1457 memset(ssl->s3->previous_client_finished, 0,
1458 sizeof(ssl->s3->previous_client_finished));
1459
1460 ssl->s3->renegotiate_seen = 0;
1461
1462 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1463 if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1464 FAIL("parsed invalid client RI\n");
1465 goto err;
1466 }
1467
1468 if (ssl->s3->renegotiate_seen == 1) {
1469 FAIL("renegotiate seen set\n");
1470 goto err;
1471 }
1472
1473 failure = 0;
1474
1475 err:
1476 CBB_cleanup(&cbb);
1477 SSL_CTX_free(ssl_ctx);
1478 SSL_free(ssl);
1479 free(data);
1480
1481 return (failure);
1482}
1483
1484static int
1485test_tlsext_ri_server(void)
1486{
1487 unsigned char *data = NULL;
1488 SSL_CTX *ssl_ctx = NULL;
1489 SSL *ssl = NULL;
1490 const struct tls_extension_funcs *client_funcs;
1491 const struct tls_extension_funcs *server_funcs;
1492 int failure;
1493 size_t dlen;
1494 int alert;
1495 CBB cbb;
1496 CBS cbs;
1497
1498 failure = 1;
1499
1500 if (!CBB_init(&cbb, 0))
1501 errx(1, "Failed to create CBB");
1502
1503 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1504 errx(1, "failed to create SSL_CTX");
1505 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1506 errx(1, "failed to create SSL");
1507
1508 if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs,
1509 &server_funcs))
1510 errx(1, "failed to fetch ri funcs");
1511
1512 ssl->version = TLS1_2_VERSION;
1513 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1514 FAIL("server should not need RI\n");
1515 goto err;
1516 }
1517
1518 ssl->s3->send_connection_binding = 1;
1519
1520 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1521 FAIL("server should need RI\n");
1522 goto err;
1523 }
1524
1525 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1526 sizeof(tlsext_ri_prev_client));
1527 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1528
1529 memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server,
1530 sizeof(tlsext_ri_prev_server));
1531 ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1532
1533 ssl->s3->renegotiate_seen = 0;
1534
1535 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1536 FAIL("server failed to build RI\n");
1537 goto err;
1538 }
1539
1540 if (!CBB_finish(&cbb, &data, &dlen))
1541 errx(1, "failed to finish CBB");
1542
1543 if (dlen != sizeof(tlsext_ri_server)) {
1544 FAIL("got server RI with length %zu, "
1545 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1546 goto err;
1547 }
1548
1549 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1550 FAIL("server RI differs:\n");
1551 fprintf(stderr, "received:\n");
1552 hexdump(data, dlen);
1553 fprintf(stderr, "test data:\n");
1554 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1555 goto err;
1556 }
1557
1558 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1559 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1560 FAIL("failed to parse server RI\n");
1561 goto err;
1562 }
1563 if (CBS_len(&cbs) != 0) {
1564 FAIL("extension data remaining\n");
1565 goto err;
1566 }
1567
1568 if (ssl->s3->renegotiate_seen != 1) {
1569 FAIL("renegotiate seen not set\n");
1570 goto err;
1571 }
1572 if (ssl->s3->send_connection_binding != 1) {
1573 FAIL("send connection binding not set\n");
1574 goto err;
1575 }
1576
1577 memset(ssl->s3->previous_client_finished, 0,
1578 sizeof(ssl->s3->previous_client_finished));
1579 memset(ssl->s3->previous_server_finished, 0,
1580 sizeof(ssl->s3->previous_server_finished));
1581
1582 ssl->s3->renegotiate_seen = 0;
1583
1584 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1585 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1586 FAIL("parsed invalid server RI\n");
1587 goto err;
1588 }
1589
1590 if (ssl->s3->renegotiate_seen == 1) {
1591 FAIL("renegotiate seen set\n");
1592 goto err;
1593 }
1594
1595 failure = 0;
1596
1597 err:
1598 CBB_cleanup(&cbb);
1599 SSL_CTX_free(ssl_ctx);
1600 SSL_free(ssl);
1601 free(data);
1602
1603 return (failure);
1604}
1605
1606/*
1607 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1608 */
1609
1610static const unsigned char tlsext_sigalgs_client[] = {
1611 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1612 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
1613 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
1614};
1615
1616static int
1617test_tlsext_sigalgs_client(void)
1618{
1619 unsigned char *data = NULL;
1620 SSL_CTX *ssl_ctx = NULL;
1621 SSL *ssl = NULL;
1622 const struct tls_extension_funcs *client_funcs;
1623 const struct tls_extension_funcs *server_funcs;
1624 int failure;
1625 size_t dlen;
1626 int alert;
1627 CBB cbb;
1628 CBS cbs;
1629
1630 failure = 1;
1631
1632 if (!CBB_init(&cbb, 0))
1633 errx(1, "Failed to create CBB");
1634
1635 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1636 errx(1, "failed to create SSL_CTX");
1637 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1638 errx(1, "failed to create SSL");
1639
1640 if (!tls_extension_funcs(TLSEXT_TYPE_signature_algorithms,
1641 &client_funcs, &server_funcs))
1642 errx(1, "failed to fetch sigalgs funcs");
1643
1644 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
1645
1646 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1647 FAIL("client should not need sigalgs\n");
1648 goto done;
1649 }
1650
1651 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
1652
1653 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1654 FAIL("client should need sigalgs\n");
1655 goto done;
1656 }
1657
1658 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1659 FAIL("client failed to build sigalgs\n");
1660 goto done;
1661 }
1662
1663 if (!CBB_finish(&cbb, &data, &dlen))
1664 errx(1, "failed to finish CBB");
1665
1666 if (dlen != sizeof(tlsext_sigalgs_client)) {
1667 FAIL("got client sigalgs length %zu, "
1668 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1669 goto done;
1670 }
1671
1672 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1673 FAIL("client SNI differs:\n");
1674 fprintf(stderr, "received:\n");
1675 hexdump(data, dlen);
1676 fprintf(stderr, "test data:\n");
1677 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1678 goto done;
1679 }
1680
1681 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1682 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1683 FAIL("failed to parse client SNI\n");
1684 goto done;
1685 }
1686 if (CBS_len(&cbs) != 0) {
1687 FAIL("extension data remaining\n");
1688 goto done;
1689 }
1690
1691 failure = 0;
1692
1693 done:
1694 CBB_cleanup(&cbb);
1695 SSL_CTX_free(ssl_ctx);
1696 SSL_free(ssl);
1697 free(data);
1698
1699 return (failure);
1700}
1701
1702#if 0
1703static int
1704test_tlsext_sigalgs_server(void)
1705{
1706 unsigned char *data = NULL;
1707 SSL_CTX *ssl_ctx = NULL;
1708 SSL *ssl = NULL;
1709 const struct tls_extension_funcs *client_funcs;
1710 const struct tls_extension_funcs *server_funcs;
1711 int failure;
1712 size_t dlen;
1713 int alert;
1714 CBB cbb;
1715 CBS cbs;
1716
1717 failure = 1;
1718
1719 if (!CBB_init(&cbb, 0))
1720 errx(1, "Failed to create CBB");
1721
1722 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1723 errx(1, "failed to create SSL_CTX");
1724 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1725 errx(1, "failed to create SSL");
1726
1727 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1728 &server_funcs))
1729 errx(1, "failed to fetch sigalgs funcs");
1730
1731 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1732 FAIL("server should not need sigalgs\n");
1733 goto done;
1734 }
1735
1736 if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1737 FAIL("server should not build sigalgs\n");
1738 goto done;
1739 }
1740
1741 if (!CBB_finish(&cbb, &data, &dlen))
1742 errx(1, "failed to finish CBB");
1743
1744 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1745 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1746 FAIL("server should not parse sigalgs\n");
1747 goto done;
1748 }
1749
1750 failure = 0;
1751
1752 done:
1753 CBB_cleanup(&cbb);
1754 SSL_CTX_free(ssl_ctx);
1755 SSL_free(ssl);
1756 free(data);
1757
1758 return (failure);
1759}
1760#endif
1761
1762/*
1763 * Server Name Indication - RFC 6066 section 3.
1764 */
1765
1766#define TEST_SNI_SERVERNAME "www.libressl.org"
1767
1768static const unsigned char tlsext_sni_client[] = {
1769 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1770 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1771 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1772};
1773
1774/* An empty array is an incomplete type and sizeof() is undefined. */
1775static const unsigned char tlsext_sni_server[] = {
1776 0x00,
1777};
1778static size_t tlsext_sni_server_len = 0;
1779
1780static int
1781test_tlsext_sni_client(void)
1782{
1783 unsigned char *data = NULL;
1784 SSL_CTX *ssl_ctx = NULL;
1785 SSL *ssl = NULL;
1786 const struct tls_extension_funcs *client_funcs;
1787 const struct tls_extension_funcs *server_funcs;
1788 int failure;
1789 size_t dlen;
1790 int alert;
1791 CBB cbb;
1792 CBS cbs;
1793
1794 failure = 1;
1795
1796 if (!CBB_init(&cbb, 0))
1797 errx(1, "Failed to create CBB");
1798
1799 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1800 errx(1, "failed to create SSL_CTX");
1801 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1802 errx(1, "failed to create SSL");
1803
1804 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1805 &server_funcs))
1806 errx(1, "failed to fetch sni funcs");
1807
1808 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1809 FAIL("client should not need SNI\n");
1810 goto err;
1811 }
1812
1813 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1814 FAIL("client failed to set server name\n");
1815 goto err;
1816 }
1817
1818 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1819 FAIL("client should need SNI\n");
1820 goto err;
1821 }
1822
1823 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1824 FAIL("client failed to build SNI\n");
1825 goto err;
1826 }
1827
1828 if (!CBB_finish(&cbb, &data, &dlen)) {
1829 FAIL("failed to finish CBB");
1830 goto err;
1831 }
1832
1833 if (dlen != sizeof(tlsext_sni_client)) {
1834 FAIL("got client SNI with length %zu, "
1835 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1836 goto err;
1837 }
1838
1839 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1840 FAIL("client SNI differs:\n");
1841 fprintf(stderr, "received:\n");
1842 hexdump(data, dlen);
1843 fprintf(stderr, "test data:\n");
1844 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1845 goto err;
1846 }
1847
1848 /*
1849 * SSL_set_tlsext_host_name() may be called with a NULL host name to
1850 * disable SNI.
1851 */
1852 if (!SSL_set_tlsext_host_name(ssl, NULL)) {
1853 FAIL("cannot set host name to NULL");
1854 goto err;
1855 }
1856
1857 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
1858 FAIL("client should not need SNI\n");
1859 goto err;
1860 }
1861
1862 if ((ssl->session = SSL_SESSION_new()) == NULL) {
1863 FAIL("failed to create session");
1864 goto err;
1865 }
1866
1867 ssl->hit = 0;
1868
1869 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1870 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1871 FAIL("failed to parse client SNI\n");
1872 goto err;
1873 }
1874 if (CBS_len(&cbs) != 0) {
1875 FAIL("extension data remaining\n");
1876 goto err;
1877 }
1878
1879 if (ssl->session->tlsext_hostname == NULL) {
1880 FAIL("no tlsext_hostname from client SNI\n");
1881 goto err;
1882 }
1883
1884 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1885 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1886 strlen(TEST_SNI_SERVERNAME)) != 0) {
1887 FAIL("got tlsext_hostname `%s', want `%s'\n",
1888 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1889 goto err;
1890 }
1891
1892 ssl->hit = 1;
1893
1894 free(ssl->session->tlsext_hostname);
1895 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1896 NULL) {
1897 FAIL("failed to strdup tlsext_hostname");
1898 goto err;
1899 }
1900
1901 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1902 if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1903 FAIL("parsed client with mismatched SNI\n");
1904 goto err;
1905 }
1906
1907 failure = 0;
1908
1909 err:
1910 CBB_cleanup(&cbb);
1911 SSL_CTX_free(ssl_ctx);
1912 SSL_free(ssl);
1913 free(data);
1914
1915 return (failure);
1916}
1917
1918static int
1919test_tlsext_sni_server(void)
1920{
1921 unsigned char *data = NULL;
1922 SSL_CTX *ssl_ctx = NULL;
1923 SSL *ssl = NULL;
1924 const struct tls_extension_funcs *client_funcs;
1925 const struct tls_extension_funcs *server_funcs;
1926 int failure;
1927 size_t dlen;
1928 int alert;
1929 CBB cbb;
1930 CBS cbs;
1931
1932 failure = 1;
1933
1934 if (!CBB_init(&cbb, 0))
1935 errx(1, "Failed to create CBB");
1936
1937 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1938 errx(1, "failed to create SSL_CTX");
1939 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1940 errx(1, "failed to create SSL");
1941
1942 if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs,
1943 &server_funcs))
1944 errx(1, "failed to fetch sni funcs");
1945
1946 if ((ssl->session = SSL_SESSION_new()) == NULL)
1947 errx(1, "failed to create session");
1948
1949 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1950 FAIL("server should not need SNI\n");
1951 goto err;
1952 }
1953
1954 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1955 FAIL("client failed to set server name\n");
1956 goto err;
1957 }
1958
1959 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1960 NULL)
1961 errx(1, "failed to strdup tlsext_hostname");
1962
1963 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
1964 FAIL("server should need SNI\n");
1965 goto err;
1966 }
1967
1968 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1969 FAIL("server failed to build SNI\n");
1970 goto err;
1971 }
1972
1973 if (!CBB_finish(&cbb, &data, &dlen))
1974 errx(1, "failed to finish CBB");
1975
1976 if (dlen != tlsext_sni_server_len) {
1977 FAIL("got server SNI with length %zu, "
1978 "want length %zu\n", dlen, tlsext_sni_server_len);
1979 goto err;
1980 }
1981
1982 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1983 FAIL("server SNI differs:\n");
1984 fprintf(stderr, "received:\n");
1985 hexdump(data, dlen);
1986 fprintf(stderr, "test data:\n");
1987 hexdump(tlsext_sni_server, tlsext_sni_server_len);
1988 goto err;
1989 }
1990
1991 free(ssl->session->tlsext_hostname);
1992 ssl->session->tlsext_hostname = NULL;
1993
1994 CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len);
1995 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1996 FAIL("failed to parse server SNI\n");
1997 goto err;
1998 }
1999 if (CBS_len(&cbs) != 0) {
2000 FAIL("extension data remaining\n");
2001 goto err;
2002 }
2003
2004 if (ssl->session->tlsext_hostname == NULL) {
2005 FAIL("no tlsext_hostname after server SNI\n");
2006 goto err;
2007 }
2008
2009 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
2010 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
2011 strlen(TEST_SNI_SERVERNAME)) != 0) {
2012 FAIL("got tlsext_hostname `%s', want `%s'\n",
2013 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
2014 goto err;
2015 }
2016
2017 failure = 0;
2018
2019 err:
2020 CBB_cleanup(&cbb);
2021 SSL_CTX_free(ssl_ctx);
2022 SSL_free(ssl);
2023 free(data);
2024
2025 return (failure);
2026}
2027
2028
2029/*
2030 * QUIC transport parameters extension - RFC 90210 :)
2031 */
2032
2033static const unsigned char tlsext_quic_transport_data[] = {
2034 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
2035 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
2036};
2037
2038static int
2039test_tlsext_quic_transport_parameters_client(void)
2040{
2041 const SSL_QUIC_METHOD quic_method = {0};
2042 unsigned char *data = NULL;
2043 SSL_CTX *ssl_ctx = NULL;
2044 SSL *ssl = NULL;
2045 const struct tls_extension_funcs *client_funcs;
2046 const struct tls_extension_funcs *server_funcs;
2047 int failure;
2048 size_t dlen;
2049 CBB cbb;
2050 CBS cbs;
2051 int alert;
2052 const uint8_t *out_bytes;
2053 size_t out_bytes_len;
2054
2055 failure = 1;
2056
2057 if (!CBB_init(&cbb, 0))
2058 errx(1, "Failed to create CBB");
2059
2060 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2061 errx(1, "failed to create SSL_CTX");
2062 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2063 errx(1, "failed to create SSL");
2064
2065 if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters,
2066 &client_funcs, &server_funcs))
2067 errx(1, "failed to fetch quic transport parameter funcs");
2068
2069 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2070 FAIL("client should not need QUIC\n");
2071 goto err;
2072 }
2073
2074 if (!SSL_set_quic_transport_params(ssl,
2075 tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data))) {
2076 FAIL("client failed to set QUIC parameters\n");
2077 goto err;
2078 }
2079
2080 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2081 FAIL("client should not need QUIC\n");
2082 goto err;
2083 }
2084
2085 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
2086 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
2087
2088 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2089 FAIL("client should not need QUIC\n");
2090 goto err;
2091 }
2092
2093 ssl->quic_method = &quic_method;
2094
2095 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2096 FAIL("client should need QUIC\n");
2097 goto err;
2098 }
2099
2100 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2101 FAIL("client failed to build QUIC\n");
2102 goto err;
2103 }
2104
2105 if (!CBB_finish(&cbb, &data, &dlen)) {
2106 FAIL("failed to finish CBB");
2107 goto err;
2108 }
2109
2110 if (dlen != sizeof(tlsext_quic_transport_data)) {
2111 FAIL("got client QUIC with length %zu, "
2112 "want length %zu\n", dlen,
2113 sizeof(tlsext_quic_transport_data));
2114 goto err;
2115 }
2116
2117 if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) {
2118 FAIL("client QUIC differs:\n");
2119 fprintf(stderr, "received:\n");
2120 hexdump(data, dlen);
2121 fprintf(stderr, "test data:\n");
2122 hexdump(tlsext_quic_transport_data,
2123 sizeof(tlsext_quic_transport_data));
2124 goto err;
2125 }
2126
2127 CBS_init(&cbs, tlsext_quic_transport_data,
2128 sizeof(tlsext_quic_transport_data));
2129 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2130 FAIL("server_parse of QUIC from server failed\n");
2131 goto err;
2132 }
2133 if (CBS_len(&cbs) != 0) {
2134 FAIL("extension data remaining\n");
2135 goto err;
2136 }
2137
2138 SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len);
2139
2140 if (out_bytes_len != sizeof(tlsext_quic_transport_data)) {
2141 FAIL("server_parse QUIC length differs, got %zu want %zu\n",
2142 out_bytes_len,
2143 sizeof(tlsext_quic_transport_data));
2144 goto err;
2145 }
2146
2147 if (memcmp(out_bytes, tlsext_quic_transport_data,
2148 out_bytes_len) != 0) {
2149 FAIL("server_parse QUIC differs from sent:\n");
2150 fprintf(stderr, "received:\n");
2151 hexdump(data, dlen);
2152 fprintf(stderr, "test data:\n");
2153 hexdump(tlsext_quic_transport_data,
2154 sizeof(tlsext_quic_transport_data));
2155 goto err;
2156 }
2157
2158 failure = 0;
2159
2160 err:
2161 CBB_cleanup(&cbb);
2162 SSL_CTX_free(ssl_ctx);
2163 SSL_free(ssl);
2164 free(data);
2165
2166 return (failure);
2167}
2168
2169static int
2170test_tlsext_quic_transport_parameters_server(void)
2171{
2172 const SSL_QUIC_METHOD quic_method = {0};
2173 unsigned char *data = NULL;
2174 SSL_CTX *ssl_ctx = NULL;
2175 SSL *ssl = NULL;
2176 const struct tls_extension_funcs *client_funcs;
2177 const struct tls_extension_funcs *server_funcs;
2178 int failure;
2179 size_t dlen;
2180 int alert;
2181 CBB cbb;
2182 CBS cbs;
2183 const uint8_t *out_bytes;
2184 size_t out_bytes_len;
2185
2186 failure = 1;
2187
2188 if (!CBB_init(&cbb, 0))
2189 errx(1, "Failed to create CBB");
2190
2191 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2192 errx(1, "failed to create SSL_CTX");
2193 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2194 errx(1, "failed to create SSL");
2195
2196 if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters,
2197 &client_funcs, &server_funcs))
2198 errx(1, "failed to fetch quic transport parameter funcs");
2199
2200 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2201 FAIL("server should not need QUIC\n");
2202 goto err;
2203 }
2204
2205 if (!SSL_set_quic_transport_params(ssl,
2206 tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data))) {
2207 FAIL("server failed to set QUIC parametes\n");
2208 goto err;
2209 }
2210
2211 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) {
2212 FAIL("server should not need QUIC\n");
2213 goto err;
2214 }
2215
2216 ssl->quic_method = &quic_method;
2217
2218 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) {
2219 FAIL("server should need QUIC\n");
2220 goto err;
2221 }
2222
2223 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_EE, &cbb)) {
2224 FAIL("server failed to build QUIC\n");
2225 goto err;
2226 }
2227
2228 if (!CBB_finish(&cbb, &data, &dlen))
2229 errx(1, "failed to finish CBB");
2230
2231 if (dlen != sizeof(tlsext_quic_transport_data)) {
2232 FAIL("got server QUIC with length %zu, want length %zu\n",
2233 dlen, sizeof(tlsext_quic_transport_data));
2234 goto err;
2235 }
2236
2237 if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) {
2238 FAIL("saved server QUIC differs:\n");
2239 fprintf(stderr, "received:\n");
2240 hexdump(data, dlen);
2241 fprintf(stderr, "test data:\n");
2242 hexdump(tlsext_quic_transport_data,
2243 sizeof(tlsext_quic_transport_data));
2244 goto err;
2245 }
2246
2247 CBS_init(&cbs, tlsext_quic_transport_data,
2248 sizeof(tlsext_quic_transport_data));
2249
2250 ssl->quic_method = NULL;
2251
2252 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) {
2253 FAIL("QUIC parse should have failed!\n");
2254 goto err;
2255 }
2256
2257 ssl->quic_method = &quic_method;
2258
2259 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2260 FAIL("client_parse of QUIC from server failed\n");
2261 goto err;
2262 }
2263 if (CBS_len(&cbs) != 0) {
2264 FAIL("extension data remaining\n");
2265 goto err;
2266 }
2267
2268 SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len);
2269
2270 if (out_bytes_len != sizeof(tlsext_quic_transport_data)) {
2271 FAIL("client QUIC length differs, got %zu want %zu\n",
2272 out_bytes_len,
2273 sizeof(tlsext_quic_transport_data));
2274 goto err;
2275 }
2276
2277 if (memcmp(out_bytes, tlsext_quic_transport_data, out_bytes_len) != 0) {
2278 FAIL("client QUIC differs from sent:\n");
2279 fprintf(stderr, "received:\n");
2280 hexdump(data, dlen);
2281 fprintf(stderr, "test data:\n");
2282 hexdump(tlsext_quic_transport_data,
2283 sizeof(tlsext_quic_transport_data));
2284 goto err;
2285 }
2286
2287 failure = 0;
2288
2289 err:
2290 CBB_cleanup(&cbb);
2291 SSL_CTX_free(ssl_ctx);
2292 SSL_free(ssl);
2293 free(data);
2294
2295 return (failure);
2296}
2297
2298static const unsigned char tls_ocsp_client_default[] = {
2299 0x01, 0x00, 0x00, 0x00, 0x00
2300};
2301
2302static int
2303test_tlsext_ocsp_client(void)
2304{
2305 unsigned char *data = NULL;
2306 SSL_CTX *ssl_ctx = NULL;
2307 SSL *ssl = NULL;
2308 const struct tls_extension_funcs *client_funcs;
2309 const struct tls_extension_funcs *server_funcs;
2310 size_t dlen;
2311 int failure;
2312 int alert;
2313 CBB cbb;
2314 CBS cbs;
2315
2316 failure = 1;
2317
2318 if (!CBB_init(&cbb, 0))
2319 errx(1, "Failed to create CBB");
2320
2321 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2322 errx(1, "failed to create SSL_CTX");
2323 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2324 errx(1, "failed to create SSL");
2325
2326 if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs,
2327 &server_funcs))
2328 errx(1, "failed to fetch ocsp funcs");
2329
2330 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2331 FAIL("client should not need TLSEXT_TYPE_status_request\n");
2332 goto err;
2333 }
2334 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
2335
2336 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2337 FAIL("client should need TLSEXT_TYPE_status_request\n");
2338 goto err;
2339 }
2340 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2341 FAIL("client failed to build SNI\n");
2342 goto err;
2343 }
2344 if (!CBB_finish(&cbb, &data, &dlen))
2345 errx(1, "failed to finish CBB");
2346
2347 if (dlen != sizeof(tls_ocsp_client_default)) {
2348 FAIL("got TLSEXT_TYPE_status_request client with length %zu, "
2349 "want length %zu\n", dlen,
2350 sizeof(tls_ocsp_client_default));
2351 goto err;
2352 }
2353 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
2354 FAIL("TLSEXT_TYPE_status_request client differs:\n");
2355 fprintf(stderr, "received:\n");
2356 hexdump(data, dlen);
2357 fprintf(stderr, "test data:\n");
2358 hexdump(tls_ocsp_client_default,
2359 sizeof(tls_ocsp_client_default));
2360 goto err;
2361 }
2362 CBS_init(&cbs, tls_ocsp_client_default,
2363 sizeof(tls_ocsp_client_default));
2364 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2365 FAIL("failed to parse TLSEXT_TYPE_status_request client\n");
2366 goto err;
2367 }
2368 if (CBS_len(&cbs) != 0) {
2369 FAIL("extension data remaining\n");
2370 goto err;
2371 }
2372
2373 failure = 0;
2374
2375 err:
2376 CBB_cleanup(&cbb);
2377 SSL_CTX_free(ssl_ctx);
2378 SSL_free(ssl);
2379 free(data);
2380
2381 return (failure);
2382}
2383
2384static int
2385test_tlsext_ocsp_server(void)
2386{
2387 unsigned char *data = NULL;
2388 SSL_CTX *ssl_ctx = NULL;
2389 SSL *ssl = NULL;
2390 const struct tls_extension_funcs *client_funcs;
2391 const struct tls_extension_funcs *server_funcs;
2392 size_t dlen;
2393 int failure;
2394 CBB cbb;
2395
2396 failure = 1;
2397
2398 if (!CBB_init(&cbb, 0))
2399 errx(1, "Failed to create CBB");
2400
2401 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2402 errx(1, "failed to create SSL_CTX");
2403 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2404 errx(1, "failed to create SSL");
2405
2406 if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs,
2407 &server_funcs))
2408 errx(1, "failed to fetch ocsp funcs");
2409
2410 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2411 FAIL("server should not need TLSEXT_TYPE_status_request\n");
2412 goto err;
2413 }
2414
2415 ssl->tlsext_status_expected = 1;
2416
2417 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2418 FAIL("server should need TLSEXT_TYPE_status_request\n");
2419 goto err;
2420 }
2421 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2422 FAIL("server failed to build TLSEXT_TYPE_status_request\n");
2423 goto err;
2424 }
2425
2426 if (!CBB_finish(&cbb, &data, &dlen))
2427 errx(1, "failed to finish CBB");
2428
2429 failure = 0;
2430
2431 err:
2432 CBB_cleanup(&cbb);
2433 SSL_CTX_free(ssl_ctx);
2434 SSL_free(ssl);
2435 free(data);
2436
2437 return (failure);
2438}
2439
2440/*
2441 * Session ticket - RFC 5077 since no known implementations use 4507.
2442 *
2443 * Session tickets can be length 0 (special case) to 2^16-1.
2444 *
2445 * The state is encrypted by the server so it is opaque to the client.
2446 */
2447static uint8_t tlsext_sessionticket_hello_min[1];
2448static uint8_t tlsext_sessionticket_hello_max[65535];
2449
2450static int
2451test_tlsext_sessionticket_client(void)
2452{
2453 unsigned char *data = NULL;
2454 SSL_CTX *ssl_ctx = NULL;
2455 SSL *ssl = NULL;
2456 const struct tls_extension_funcs *client_funcs;
2457 const struct tls_extension_funcs *server_funcs;
2458 int failure;
2459 CBB cbb;
2460 size_t dlen;
2461 uint8_t dummy[1234];
2462
2463 failure = 1;
2464
2465 if (!CBB_init(&cbb, 0))
2466 errx(1, "Failed to create CBB");
2467
2468 /* Create fake session tickets with random data. */
2469 arc4random_buf(tlsext_sessionticket_hello_min,
2470 sizeof(tlsext_sessionticket_hello_min));
2471 arc4random_buf(tlsext_sessionticket_hello_max,
2472 sizeof(tlsext_sessionticket_hello_max));
2473
2474 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2475 errx(1, "failed to create SSL_CTX");
2476 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2477 errx(1, "failed to create SSL");
2478
2479 if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs,
2480 &server_funcs))
2481 errx(1, "failed to fetch session ticket funcs");
2482
2483 /* Should need a ticket by default. */
2484 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2485 FAIL("client should need Sessionticket for default "
2486 "ciphers\n");
2487 goto err;
2488 }
2489
2490 /* Test disabling tickets. */
2491 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2492 FAIL("Cannot disable tickets in the TLS connection\n");
2493 goto err;
2494 }
2495 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2496 FAIL("client should not need SessionTicket if it was disabled\n");
2497 goto err;
2498 }
2499
2500 /* Test re-enabling tickets. */
2501 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2502 FAIL("Cannot re-enable tickets in the TLS connection\n");
2503 goto err;
2504 }
2505 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2506 FAIL("client should need SessionTicket if it was disabled\n");
2507 goto err;
2508 }
2509
2510 /* Since we don't have a session, we should build an empty ticket. */
2511 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2512 FAIL("Cannot build a ticket\n");
2513 goto err;
2514 }
2515 if (!CBB_finish(&cbb, &data, &dlen)) {
2516 FAIL("Cannot finish CBB\n");
2517 goto err;
2518 }
2519 if (dlen != 0) {
2520 FAIL("Expected 0 length but found %zu\n", dlen);
2521 goto err;
2522 }
2523
2524 CBB_cleanup(&cbb);
2525 if (!CBB_init(&cbb, 0))
2526 errx(1, "Failed to create CBB");
2527 free(data);
2528 data = NULL;
2529
2530 /* With a new session (but no ticket), we should still have 0 length */
2531 if ((ssl->session = SSL_SESSION_new()) == NULL)
2532 errx(1, "failed to create session");
2533 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2534 FAIL("Should still want a session ticket with a new session\n");
2535 goto err;
2536 }
2537 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2538 FAIL("Cannot build a ticket\n");
2539 goto err;
2540 }
2541 if (!CBB_finish(&cbb, &data, &dlen)) {
2542 FAIL("Cannot finish CBB\n");
2543 goto err;
2544 }
2545 if (dlen != 0) {
2546 FAIL("Expected 0 length but found %zu\n", dlen);
2547 goto err;
2548 }
2549
2550 CBB_cleanup(&cbb);
2551 if (!CBB_init(&cbb, 0))
2552 errx(1, "Failed to create CBB");
2553 free(data);
2554 data = NULL;
2555
2556 /* With a new session (and ticket), we should use that ticket */
2557 SSL_SESSION_free(ssl->session);
2558 if ((ssl->session = SSL_SESSION_new()) == NULL)
2559 errx(1, "failed to create session");
2560
2561 arc4random_buf(&dummy, sizeof(dummy));
2562 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2563 errx(1, "failed to malloc");
2564 }
2565 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2566 ssl->session->tlsext_ticklen = sizeof(dummy);
2567
2568 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2569 FAIL("Should still want a session ticket with a new session\n");
2570 goto err;
2571 }
2572 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2573 FAIL("Cannot build a ticket\n");
2574 goto err;
2575 }
2576 if (!CBB_finish(&cbb, &data, &dlen)) {
2577 FAIL("Cannot finish CBB\n");
2578 goto err;
2579 }
2580 if (dlen != sizeof(dummy)) {
2581 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2582 goto err;
2583 }
2584 if (memcmp(data, dummy, dlen) != 0) {
2585 FAIL("server SNI differs:\n");
2586 compare_data(data, dlen,
2587 dummy, sizeof(dummy));
2588 goto err;
2589 }
2590
2591 CBB_cleanup(&cbb);
2592 if (!CBB_init(&cbb, 0))
2593 errx(1, "Failed to create CBB");
2594 free(data);
2595 data = NULL;
2596 free(ssl->session->tlsext_tick);
2597 ssl->session->tlsext_tick = NULL;
2598 ssl->session->tlsext_ticklen = 0;
2599
2600 /*
2601 * Send in NULL to disable session tickets at runtime without going
2602 * through SSL_set_options().
2603 */
2604 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2605 FAIL("Could not set a NULL custom ticket\n");
2606 goto err;
2607 }
2608 /* Should not need a ticket in this case */
2609 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2610 FAIL("Should not want to use session tickets with a NULL custom\n");
2611 goto err;
2612 }
2613
2614 /*
2615 * If you want to remove the tlsext_session_ticket behavior, you have
2616 * to do it manually.
2617 */
2618 free(ssl->tlsext_session_ticket);
2619 ssl->tlsext_session_ticket = NULL;
2620
2621 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2622 FAIL("Should need a session ticket again when the custom one is removed\n");
2623 goto err;
2624 }
2625
2626 /* Test a custom session ticket (not recommended in practice) */
2627 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2628 sizeof(tlsext_sessionticket_hello_max))) {
2629 FAIL("Should be able to set a custom ticket\n");
2630 goto err;
2631 }
2632 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2633 FAIL("Should need a session ticket again when the custom one is not empty\n");
2634 goto err;
2635 }
2636 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2637 FAIL("Cannot build a ticket with a max length random payload\n");
2638 goto err;
2639 }
2640 if (!CBB_finish(&cbb, &data, &dlen)) {
2641 FAIL("Cannot finish CBB\n");
2642 goto err;
2643 }
2644 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2645 FAIL("Expected %zu length but found %zu\n",
2646 sizeof(tlsext_sessionticket_hello_max), dlen);
2647 goto err;
2648 }
2649 if (memcmp(data, tlsext_sessionticket_hello_max,
2650 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2651 FAIL("Expected to get what we passed in\n");
2652 compare_data(data, dlen,
2653 tlsext_sessionticket_hello_max,
2654 sizeof(tlsext_sessionticket_hello_max));
2655 goto err;
2656 }
2657
2658 failure = 0;
2659
2660 err:
2661 CBB_cleanup(&cbb);
2662 SSL_CTX_free(ssl_ctx);
2663 SSL_free(ssl);
2664 free(data);
2665
2666 return (failure);
2667}
2668
2669
2670static int
2671test_tlsext_sessionticket_server(void)
2672{
2673 SSL_CTX *ssl_ctx = NULL;
2674 SSL *ssl = NULL;
2675 const struct tls_extension_funcs *client_funcs;
2676 const struct tls_extension_funcs *server_funcs;
2677 int failure;
2678 uint8_t *data = NULL;
2679 size_t dlen;
2680 CBB cbb;
2681
2682 failure = 1;
2683
2684 if (!CBB_init(&cbb, 0))
2685 errx(1, "Failed to create CBB");
2686
2687 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2688 errx(1, "failed to create SSL_CTX");
2689 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2690 errx(1, "failed to create SSL");
2691
2692 if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs,
2693 &server_funcs))
2694 errx(1, "failed to fetch session ticket funcs");
2695
2696 /*
2697 * By default, should not need a session ticket since the ticket
2698 * is not yet expected.
2699 */
2700 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2701 FAIL("server should not need SessionTicket by default\n");
2702 goto err;
2703 }
2704
2705 /* Test disabling tickets. */
2706 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2707 FAIL("Cannot disable tickets in the TLS connection\n");
2708 goto err;
2709 }
2710 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2711 FAIL("server should not need SessionTicket if it was disabled\n");
2712 goto err;
2713 }
2714
2715 /* Test re-enabling tickets. */
2716 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2717 FAIL("Cannot re-enable tickets in the TLS connection\n");
2718 goto err;
2719 }
2720 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2721 FAIL("server should not need SessionTicket yet\n");
2722 goto err;
2723 }
2724
2725 /* Set expected to require it. */
2726 ssl->tlsext_ticket_expected = 1;
2727 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
2728 FAIL("server should now be required for SessionTicket\n");
2729 goto err;
2730 }
2731
2732 /* server hello's session ticket should always be 0 length payload. */
2733 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2734 FAIL("Cannot build a ticket with a max length random payload\n");
2735 goto err;
2736 }
2737 if (!CBB_finish(&cbb, &data, &dlen)) {
2738 FAIL("Cannot finish CBB\n");
2739 goto err;
2740 }
2741 if (dlen != 0) {
2742 FAIL("Expected 0 length but found %zu\n", dlen);
2743 goto err;
2744 }
2745
2746 failure = 0;
2747
2748 err:
2749 CBB_cleanup(&cbb);
2750 SSL_CTX_free(ssl_ctx);
2751 SSL_free(ssl);
2752 free(data);
2753
2754 return (failure);
2755}
2756
2757#ifndef OPENSSL_NO_SRTP
2758/*
2759 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2760 */
2761
2762/* Colon separated string values */
2763const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2764const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2765
2766const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2767const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2768
2769const uint8_t tlsext_srtp_single[] = {
2770 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2771 0x00, 0x02, /* len */
2772 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2773 0x00 /* opaque srtp_mki<0..255> */
2774};
2775
2776const uint8_t tlsext_srtp_multiple[] = {
2777 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2778 0x00, 0x04, /* len */
2779 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2780 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2781 0x00 /* opaque srtp_mki<0..255> */
2782};
2783
2784const uint8_t tlsext_srtp_multiple_invalid[] = {
2785 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2786 0x00, 0x04, /* len */
2787 0x00, 0x08, /* arbitrary value not found in known profiles */
2788 0x00, 0x09, /* arbitrary value not found in known profiles */
2789 0x00 /* opaque srtp_mki<0..255> */
2790};
2791
2792const uint8_t tlsext_srtp_single_invalid[] = {
2793 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2794 0x00, 0x02, /* len */
2795 0x00, 0x08, /* arbitrary value not found in known profiles */
2796 0x00 /* opaque srtp_mki<0..255> */
2797};
2798
2799const uint8_t tlsext_srtp_multiple_one_valid[] = {
2800 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2801 0x00, 0x04, /* len */
2802 0x00, 0x08, /* arbitrary value not found in known profiles */
2803 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2804 0x00 /* opaque srtp_mki<0..255> */
2805};
2806
2807static int
2808test_tlsext_srtp_client(void)
2809{
2810 SRTP_PROTECTION_PROFILE *prof;
2811 SSL_CTX *ssl_ctx = NULL;
2812 SSL *ssl = NULL;
2813 const struct tls_extension_funcs *client_funcs;
2814 const struct tls_extension_funcs *server_funcs;
2815 uint8_t *data = NULL;
2816 CBB cbb;
2817 CBS cbs;
2818 int failure, alert;
2819 size_t dlen;
2820
2821 failure = 1;
2822
2823 if (!CBB_init(&cbb, 0))
2824 errx(1, "Failed to create CBB");
2825
2826 /* SRTP is for DTLS */
2827 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2828 errx(1, "failed to create SSL_CTX");
2829 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2830 errx(1, "failed to create SSL");
2831
2832 if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs,
2833 &server_funcs))
2834 errx(1, "failed to fetch srtp funcs");
2835
2836 /* By default, we don't need this */
2837 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2838 FAIL("client should not need SRTP by default\n");
2839 goto err;
2840 }
2841
2842 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2843 FAIL("should be able to set a single SRTP\n");
2844 goto err;
2845 }
2846 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2847 FAIL("client should need SRTP\n");
2848 goto err;
2849 }
2850
2851 /* Make sure we can build the client with a single profile. */
2852
2853 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2854 FAIL("client failed to build SRTP\n");
2855 goto err;
2856 }
2857 if (!CBB_finish(&cbb, &data, &dlen))
2858 errx(1, "failed to finish CBB");
2859
2860 if (dlen != sizeof(tlsext_srtp_single)) {
2861 FAIL("got client SRTP with length %zu, "
2862 "want length %zu\n", dlen,
2863 sizeof(tlsext_srtp_single));
2864 compare_data(data, dlen, tlsext_srtp_single,
2865 sizeof(tlsext_srtp_single));
2866 goto err;
2867 }
2868 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2869 FAIL("client SRTP differs:\n");
2870 compare_data(data, dlen, tlsext_srtp_single,
2871 sizeof(tlsext_srtp_single));
2872 goto err;
2873 }
2874
2875 CBB_cleanup(&cbb);
2876 if (!CBB_init(&cbb, 0))
2877 errx(1, "Failed to create CBB");
2878 free(data);
2879 data = NULL;
2880
2881 /* Make sure we can parse the single profile. */
2882
2883 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2884 FAIL("SRTP profile should not be set yet\n");
2885 goto err;
2886 }
2887
2888 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2889 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2890 FAIL("failed to parse SRTP\n");
2891 goto err;
2892 }
2893 if (CBS_len(&cbs) != 0) {
2894 FAIL("extension data remaining\n");
2895 goto err;
2896 }
2897
2898 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2899 FAIL("SRTP profile should be set now\n");
2900 goto err;
2901 }
2902 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2903 FAIL("SRTP profile was not set properly\n");
2904 goto err;
2905 }
2906
2907 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2908 FAIL("should send server extension when profile selected\n");
2909 goto err;
2910 }
2911
2912 /* Make sure we can build the clienthello with multiple entries. */
2913
2914 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2915 FAIL("should be able to set SRTP to multiple profiles\n");
2916 goto err;
2917 }
2918 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2919 FAIL("client should need SRTP by now\n");
2920 goto err;
2921 }
2922
2923 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2924 FAIL("client failed to build SRTP\n");
2925 goto err;
2926 }
2927 if (!CBB_finish(&cbb, &data, &dlen))
2928 errx(1, "failed to finish CBB");
2929
2930 if (dlen != sizeof(tlsext_srtp_multiple)) {
2931 FAIL("got client SRTP with length %zu, "
2932 "want length %zu\n", dlen,
2933 sizeof(tlsext_srtp_multiple));
2934 compare_data(data, dlen, tlsext_srtp_multiple,
2935 sizeof(tlsext_srtp_multiple));
2936 goto err;
2937 }
2938 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2939 FAIL("client SRTP differs:\n");
2940 compare_data(data, dlen, tlsext_srtp_multiple,
2941 sizeof(tlsext_srtp_multiple));
2942 goto err;
2943 }
2944
2945 CBB_cleanup(&cbb);
2946 if (!CBB_init(&cbb, 0))
2947 errx(1, "Failed to create CBB");
2948 free(data);
2949 data = NULL;
2950
2951 /* Make sure we can parse multiple profiles (selects server preferred) */
2952
2953 ssl->srtp_profile = NULL;
2954
2955 CBS_init(&cbs, tlsext_srtp_multiple,
2956 sizeof(tlsext_srtp_multiple));
2957 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2958 FAIL("failed to parse SRTP\n");
2959 goto err;
2960 }
2961 if (CBS_len(&cbs) != 0) {
2962 FAIL("extension data remaining\n");
2963 goto err;
2964 }
2965
2966 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2967 FAIL("SRTP profile should be set now\n");
2968 goto err;
2969 }
2970 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2971 FAIL("SRTP profile was not set properly\n");
2972 goto err;
2973 }
2974
2975 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
2976 FAIL("should send server extension when profile selected\n");
2977 goto err;
2978 }
2979
2980 /*
2981 * Make sure we can parse the clienthello with multiple entries
2982 * where one is unknown.
2983 */
2984 ssl->srtp_profile = NULL;
2985
2986 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2987 sizeof(tlsext_srtp_multiple_one_valid));
2988 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2989 FAIL("failed to parse SRTP\n");
2990 goto err;
2991 }
2992 if (CBS_len(&cbs) != 0) {
2993 FAIL("extension data remaining\n");
2994 goto err;
2995 }
2996
2997 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2998 FAIL("SRTP profile should be set now\n");
2999 goto err;
3000 }
3001 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
3002 FAIL("SRTP profile was not set properly\n");
3003 goto err;
3004 }
3005
3006 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3007 FAIL("should send server extension when profile selected\n");
3008 goto err;
3009 }
3010
3011 /* Make sure we fall back to negotiated when none work. */
3012
3013 ssl->srtp_profile = NULL;
3014
3015 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
3016 sizeof(tlsext_srtp_multiple_invalid));
3017 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3018 FAIL("should be able to fall back to negotiated\n");
3019 goto err;
3020 }
3021 if (CBS_len(&cbs) != 0) {
3022 FAIL("extension data remaining\n");
3023 goto err;
3024 }
3025
3026 /* If we fallback, the server should NOT send the extension. */
3027 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
3028 FAIL("should not have selected a profile when none found\n");
3029 goto err;
3030 }
3031 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3032 FAIL("should not send server tlsext when no profile found\n");
3033 goto err;
3034 }
3035
3036 failure = 0;
3037
3038 err:
3039 CBB_cleanup(&cbb);
3040 SSL_CTX_free(ssl_ctx);
3041 SSL_free(ssl);
3042 free(data);
3043
3044 return (failure);
3045}
3046
3047static int
3048test_tlsext_srtp_server(void)
3049{
3050 const SRTP_PROTECTION_PROFILE *prof;
3051 SSL_CTX *ssl_ctx = NULL;
3052 SSL *ssl = NULL;
3053 const struct tls_extension_funcs *client_funcs;
3054 const struct tls_extension_funcs *server_funcs;
3055 uint8_t *data = NULL;
3056 CBB cbb;
3057 CBS cbs;
3058 int failure, alert;
3059 size_t dlen;
3060
3061 failure = 1;
3062
3063 if (!CBB_init(&cbb, 0))
3064 errx(1, "Failed to create CBB");
3065
3066 /* SRTP is for DTLS */
3067 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
3068 errx(1, "failed to create SSL_CTX");
3069 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3070 errx(1, "failed to create SSL");
3071
3072 if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs,
3073 &server_funcs))
3074 errx(1, "failed to fetch srtp funcs");
3075
3076 /* By default, we don't need this */
3077 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3078 FAIL("server should not need SRTP by default\n");
3079 goto err;
3080 }
3081
3082 if (srtp_find_profile_by_name(tlsext_srtp_aes128cmsha80, &prof,
3083 strlen(tlsext_srtp_aes128cmsha80))) {
3084 FAIL("should be able to find the given profile\n");
3085 goto err;
3086 }
3087 ssl->srtp_profile = prof;
3088 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3089 FAIL("server should need SRTP by now\n");
3090 goto err;
3091 }
3092
3093 /* Make sure we can build the server with a single profile. */
3094
3095 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3096 FAIL("server failed to build SRTP\n");
3097 goto err;
3098 }
3099 if (!CBB_finish(&cbb, &data, &dlen))
3100 errx(1, "failed to finish CBB");
3101
3102 if (dlen != sizeof(tlsext_srtp_single)) {
3103 FAIL("got server SRTP with length %zu, "
3104 "want length %zu\n", dlen,
3105 sizeof(tlsext_srtp_single));
3106 compare_data(data, dlen, tlsext_srtp_single,
3107 sizeof(tlsext_srtp_single));
3108 goto err;
3109 }
3110 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
3111 FAIL("server SRTP differs:\n");
3112 compare_data(data, dlen, tlsext_srtp_single,
3113 sizeof(tlsext_srtp_single));
3114 goto err;
3115 }
3116
3117 CBB_cleanup(&cbb);
3118 if (!CBB_init(&cbb, 0))
3119 errx(1, "Failed to create CBB");
3120 free(data);
3121 data = NULL;
3122
3123 /* Make sure we can parse the single profile. */
3124 ssl->srtp_profile = NULL;
3125
3126 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
3127 FAIL("SRTP profile should not be set yet\n");
3128 goto err;
3129 }
3130
3131 /* Setup the environment as if a client sent a list of profiles. */
3132 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
3133 FAIL("should be able to set multiple profiles in SRTP\n");
3134 goto err;
3135 }
3136
3137 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
3138 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3139 FAIL("failed to parse SRTP\n");
3140 goto err;
3141 }
3142 if (CBS_len(&cbs) != 0) {
3143 FAIL("extension data remaining\n");
3144 goto err;
3145 }
3146
3147 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
3148 FAIL("SRTP profile should be set now\n");
3149 goto err;
3150 }
3151 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
3152 FAIL("SRTP profile was not set properly\n");
3153 goto err;
3154 }
3155
3156 /* Make sure we cannot parse multiple profiles */
3157 ssl->srtp_profile = NULL;
3158
3159 CBS_init(&cbs, tlsext_srtp_multiple,
3160 sizeof(tlsext_srtp_multiple));
3161 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3162 FAIL("should not find multiple entries from the server\n");
3163 goto err;
3164 }
3165
3166 /* Make sure we cannot parse a server with unknown profile */
3167 ssl->srtp_profile = NULL;
3168
3169 CBS_init(&cbs, tlsext_srtp_single_invalid,
3170 sizeof(tlsext_srtp_single_invalid));
3171 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3172 FAIL("should not be able to parse this\n");
3173 goto err;
3174 }
3175
3176 failure = 0;
3177
3178 err:
3179 CBB_cleanup(&cbb);
3180 SSL_CTX_free(ssl_ctx);
3181 SSL_free(ssl);
3182 free(data);
3183
3184 return (failure);
3185}
3186#endif /* OPENSSL_NO_SRTP */
3187
3188static const unsigned char tlsext_clienthello_default[] = {
3189 0x00, 0x34, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08,
3190 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19,
3191 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23,
3192 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16,
3193 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05,
3194 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
3195 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
3196};
3197
3198/* An empty array is an incomplete type and sizeof() is undefined. */
3199static const unsigned char tlsext_clienthello_disabled[] = {
3200 0x00,
3201};
3202static size_t tlsext_clienthello_disabled_len = 0;
3203
3204static int
3205test_tlsext_clienthello_build(void)
3206{
3207 unsigned char *data = NULL;
3208 SSL_CTX *ssl_ctx = NULL;
3209 SSL *ssl = NULL;
3210 const struct tls_extension_funcs *client_funcs;
3211 const struct tls_extension_funcs *server_funcs;
3212 size_t dlen;
3213 int failure;
3214 CBB cbb;
3215
3216 failure = 1;
3217
3218 if (!CBB_init(&cbb, 0))
3219 errx(1, "failed to create CBB");
3220
3221 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) {
3222 FAIL("failed to create SSL_CTX");
3223 goto err;
3224 }
3225
3226 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
3227 FAIL("failed to create SSL");
3228 goto err;
3229 }
3230
3231 if (!tlsext_linearize_build_order(ssl)) {
3232 FAIL("failed to linearize build order");
3233 goto err;
3234 }
3235
3236 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3237 &server_funcs))
3238 errx(1, "failed to fetch supported versions funcs");
3239
3240 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3241 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3242
3243 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3244 FAIL("failed to build clienthello extensions\n");
3245 goto err;
3246 }
3247 if (!CBB_finish(&cbb, &data, &dlen)) {
3248 FAIL("failed to finish CBB");
3249 goto err;
3250 }
3251
3252 if (dlen != sizeof(tlsext_clienthello_default)) {
3253 FAIL("got clienthello extensions with length %zu, "
3254 "want length %zu\n", dlen,
3255 sizeof(tlsext_clienthello_default));
3256 compare_data(data, dlen, tlsext_clienthello_default,
3257 sizeof(tlsext_clienthello_default));
3258 goto err;
3259 }
3260 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
3261 FAIL("clienthello extensions differs:\n");
3262 compare_data(data, dlen, tlsext_clienthello_default,
3263 sizeof(tlsext_clienthello_default));
3264 goto err;
3265 }
3266
3267 free(data);
3268 data = NULL;
3269 CBB_cleanup(&cbb);
3270 if (!CBB_init(&cbb, 0))
3271 errx(1, "Failed to create CBB");
3272
3273 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
3274 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3275 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
3276 FAIL("failed to set cipher list\n");
3277 goto err;
3278 }
3279 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
3280 FAIL("failed to disable session tickets\n");
3281 goto err;
3282 }
3283
3284 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3285 FAIL("failed to build clienthello extensions\n");
3286 goto err;
3287 }
3288 if (!CBB_finish(&cbb, &data, &dlen)) {
3289 FAIL("failed to finish CBB");
3290 goto err;
3291 }
3292
3293 if (dlen != tlsext_clienthello_disabled_len) {
3294 FAIL("got clienthello extensions with length %zu, "
3295 "want length %zu\n", dlen,
3296 tlsext_clienthello_disabled_len);
3297 compare_data(data, dlen, tlsext_clienthello_disabled,
3298 tlsext_clienthello_disabled_len);
3299 goto err;
3300 }
3301 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
3302 FAIL("clienthello extensions differs:\n");
3303 compare_data(data, dlen, tlsext_clienthello_disabled,
3304 tlsext_clienthello_disabled_len);
3305 goto err;
3306 }
3307
3308 failure = 0;
3309
3310 err:
3311 CBB_cleanup(&cbb);
3312 SSL_CTX_free(ssl_ctx);
3313 SSL_free(ssl);
3314 free(data);
3315
3316 return (failure);
3317}
3318
3319unsigned char tlsext_serverhello_default[] = {
3320 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
3321};
3322
3323unsigned char tlsext_serverhello_enabled[] = {
3324 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
3325 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23,
3326 0x00, 0x00,
3327};
3328
3329static int
3330test_tlsext_serverhello_build(void)
3331{
3332 unsigned char *data = NULL;
3333 SSL_CTX *ssl_ctx = NULL;
3334 SSL *ssl = NULL;
3335 size_t dlen;
3336 int failure;
3337 CBB cbb;
3338
3339 failure = 1;
3340
3341 if (!CBB_init(&cbb, 0))
3342 errx(1, "failed to create CBB");
3343
3344 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) {
3345 FAIL("failed to create SSL_CTX");
3346 goto err;
3347 }
3348 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
3349 FAIL("failed to create SSL");
3350 goto err;
3351 }
3352 if (!tlsext_linearize_build_order(ssl)) {
3353 FAIL("failed to linearize build order");
3354 goto err;
3355 }
3356 if ((ssl->session = SSL_SESSION_new()) == NULL) {
3357 FAIL("failed to create session");
3358 goto err;
3359 }
3360
3361 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3362 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3363 ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0x003c);
3364
3365 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3366 FAIL("failed to build serverhello extensions\n");
3367 goto err;
3368 }
3369 if (!CBB_finish(&cbb, &data, &dlen)) {
3370 FAIL("failed to finish CBB");
3371 goto err;
3372 }
3373
3374 if (dlen != sizeof(tlsext_serverhello_default)) {
3375 FAIL("got serverhello extensions with length %zu, "
3376 "want length %zu\n", dlen,
3377 sizeof(tlsext_serverhello_default));
3378 compare_data(data, dlen, tlsext_serverhello_default,
3379 sizeof(tlsext_serverhello_default));
3380 goto err;
3381 }
3382 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
3383 FAIL("serverhello extensions differs:\n");
3384 compare_data(data, dlen, tlsext_serverhello_default,
3385 sizeof(tlsext_serverhello_default));
3386 goto err;
3387 }
3388
3389 CBB_cleanup(&cbb);
3390 free(data);
3391 data = NULL;
3392 if (!CBB_init(&cbb, 0))
3393 errx(1, "Failed to create CBB");
3394
3395 /* Turn a few things on so we get extensions... */
3396 ssl->s3->send_connection_binding = 1;
3397 ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0xc027);
3398 ssl->tlsext_status_expected = 1;
3399 ssl->tlsext_ticket_expected = 1;
3400 if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) {
3401 FAIL("malloc failed");
3402 goto err;
3403 }
3404 ssl->session->tlsext_ecpointformatlist_length = 1;
3405 ssl->session->tlsext_ecpointformatlist[0] =
3406 TLSEXT_ECPOINTFORMAT_uncompressed;
3407
3408 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3409 FAIL("failed to build serverhello extensions\n");
3410 goto err;
3411 }
3412 if (!CBB_finish(&cbb, &data, &dlen)) {
3413 FAIL("failed to finish CBB");
3414 goto err;
3415 }
3416
3417 if (dlen != sizeof(tlsext_serverhello_enabled)) {
3418 FAIL("got serverhello extensions with length %zu, "
3419 "want length %zu\n", dlen,
3420 sizeof(tlsext_serverhello_enabled));
3421 compare_data(data, dlen, tlsext_serverhello_enabled,
3422 sizeof(tlsext_serverhello_enabled));
3423 goto err;
3424 }
3425 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
3426 FAIL("serverhello extensions differs:\n");
3427 compare_data(data, dlen, tlsext_serverhello_enabled,
3428 sizeof(tlsext_serverhello_enabled));
3429 goto err;
3430 }
3431
3432 failure = 0;
3433
3434 err:
3435 CBB_cleanup(&cbb);
3436 SSL_CTX_free(ssl_ctx);
3437 SSL_free(ssl);
3438 free(data);
3439
3440 return (failure);
3441}
3442
3443const unsigned char tlsext_versions_client[] = {
3444 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
3445 0x02, 0x03, 0x01,
3446};
3447
3448const unsigned char tlsext_versions_server[] = {
3449 0x03, 0x04,
3450};
3451
3452static int
3453test_tlsext_versions_client(void)
3454{
3455 unsigned char *data = NULL;
3456 SSL_CTX *ssl_ctx = NULL;
3457 SSL *ssl = NULL;
3458 const struct tls_extension_funcs *client_funcs;
3459 const struct tls_extension_funcs *server_funcs;
3460 int failure;
3461 size_t dlen;
3462 int alert;
3463 CBB cbb;
3464 CBS cbs;
3465
3466 failure = 1;
3467
3468 if (!CBB_init(&cbb, 0))
3469 errx(1, "Failed to create CBB");
3470
3471 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3472 errx(1, "failed to create SSL_CTX");
3473 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3474 errx(1, "failed to create SSL");
3475
3476 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3477 &server_funcs))
3478 errx(1, "failed to fetch supported versions funcs");
3479
3480 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3481
3482 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3483 FAIL("client should not need versions\n");
3484 goto done;
3485 }
3486
3487 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3488
3489 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3490 FAIL("client should not need versions\n");
3491 goto done;
3492 }
3493
3494 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3495
3496 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3497 FAIL("client should need versions\n");
3498 goto done;
3499 }
3500
3501 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3502 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3503
3504 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3505 FAIL("client should have built versions\n");
3506 goto done;
3507 }
3508
3509 if (!CBB_finish(&cbb, &data, &dlen)) {
3510 FAIL("failed to finish CBB\n");
3511 goto done;
3512 }
3513
3514 if (dlen != sizeof(tlsext_versions_client)) {
3515 FAIL("got versions with length %zu, "
3516 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
3517 goto done;
3518 }
3519
3520 CBS_init(&cbs, data, dlen);
3521 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3522 FAIL("failed to parse client versions\n");
3523 goto done;
3524 }
3525 if (CBS_len(&cbs) != 0) {
3526 FAIL("extension data remaining\n");
3527 goto done;
3528 }
3529
3530 failure = 0;
3531
3532 done:
3533 CBB_cleanup(&cbb);
3534 SSL_CTX_free(ssl_ctx);
3535 SSL_free(ssl);
3536 free(data);
3537
3538 return (failure);
3539}
3540
3541static int
3542test_tlsext_versions_server(void)
3543{
3544 unsigned char *data = NULL;
3545 SSL_CTX *ssl_ctx = NULL;
3546 SSL *ssl = NULL;
3547 const struct tls_extension_funcs *client_funcs;
3548 const struct tls_extension_funcs *server_funcs;
3549 int failure;
3550 size_t dlen;
3551 int alert;
3552 CBB cbb;
3553 CBS cbs;
3554
3555 failure = 1;
3556
3557 if (!CBB_init(&cbb, 0))
3558 errx(1, "Failed to create CBB");
3559
3560 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3561 errx(1, "failed to create SSL_CTX");
3562 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3563 errx(1, "failed to create SSL");
3564
3565 if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs,
3566 &server_funcs))
3567 errx(1, "failed to fetch supported versions funcs");
3568
3569 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3570
3571 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3572 FAIL("server should not need versions\n");
3573 goto done;
3574 }
3575
3576 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3577
3578 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3579 FAIL("server should need versions\n");
3580 goto done;
3581 }
3582
3583 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3584 FAIL("server should have built versions\n");
3585 goto done;
3586 }
3587
3588 if (!CBB_finish(&cbb, &data, &dlen)) {
3589 FAIL("failed to finish CBB\n");
3590 goto done;
3591 }
3592
3593 if (dlen != sizeof(tlsext_versions_server)) {
3594 FAIL("got versions with length %zu, "
3595 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3596 goto done;
3597 }
3598
3599 CBS_init(&cbs, data, dlen);
3600 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3601 FAIL("failed to parse client versions\n");
3602 goto done;
3603 }
3604 if (CBS_len(&cbs) != 0) {
3605 FAIL("extension data remaining\n");
3606 goto done;
3607 }
3608
3609 failure = 0;
3610
3611 done:
3612 CBB_cleanup(&cbb);
3613 SSL_CTX_free(ssl_ctx);
3614 SSL_free(ssl);
3615 free(data);
3616
3617 return (failure);
3618}
3619
3620const unsigned char tlsext_keyshare_client[] = {
3621 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3622 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3623 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
3624 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
3625 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3626};
3627
3628const unsigned char tlsext_keyshare_server[] = {
3629 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3630 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3631 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3632 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3633 0x76, 0x1e, 0xe8, 0x22
3634};
3635
3636static int
3637test_tlsext_keyshare_client(void)
3638{
3639 unsigned char *data = NULL;
3640 SSL_CTX *ssl_ctx = NULL;
3641 SSL *ssl = NULL;
3642 const struct tls_extension_funcs *client_funcs;
3643 const struct tls_extension_funcs *server_funcs;
3644 int failure;
3645 size_t dlen;
3646 size_t idx;
3647 int alert;
3648 CBB cbb;
3649 CBS cbs;
3650
3651 failure = 1;
3652
3653 if (!CBB_init(&cbb, 0))
3654 errx(1, "Failed to create CBB");
3655
3656 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3657 errx(1, "failed to create SSL_CTX");
3658 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3659 errx(1, "failed to create SSL");
3660
3661 if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs,
3662 &server_funcs))
3663 errx(1, "failed to fetch keyshare funcs");
3664
3665 if ((ssl->s3->hs.key_share =
3666 tls_key_share_new_nid(NID_X25519)) == NULL)
3667 errx(1, "failed to create key share");
3668 if (!tls_key_share_generate(ssl->s3->hs.key_share))
3669 errx(1, "failed to generate key share");
3670
3671 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3672 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3673 FAIL("client should not need keyshare\n");
3674 goto done;
3675 }
3676
3677 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3678 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3679 FAIL("client should need keyshare\n");
3680 goto done;
3681 }
3682
3683 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3684 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3685 FAIL("client should have built keyshare\n");
3686 goto done;
3687 }
3688
3689 if (!CBB_finish(&cbb, &data, &dlen)) {
3690 FAIL("failed to finish CBB\n");
3691 goto done;
3692 }
3693
3694 if (dlen != sizeof(tlsext_keyshare_client)) {
3695 FAIL("got client keyshare with length %zu, "
3696 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
3697 goto done;
3698 }
3699
3700 ssl->version = TLS1_3_VERSION;
3701
3702 /* Fake up the ssl enough so the key share can process */
3703 tls_key_share_free(ssl->s3->hs.key_share);
3704 ssl->session = SSL_SESSION_new();
3705 if (ssl->session == NULL) {
3706 FAIL("malloc");
3707 goto done;
3708 }
3709 memset(ssl->s3, 0, sizeof(*ssl->s3));
3710 ssl->session->tlsext_supportedgroups = calloc(4,
3711 sizeof(unsigned short));
3712 if (ssl->session->tlsext_supportedgroups == NULL) {
3713 FAIL("malloc");
3714 goto done;
3715 }
3716 ssl->session->tlsext_supportedgroups[0] = 29;
3717 ssl->session->tlsext_supportedgroups[1] = 23;
3718 ssl->session->tlsext_supportedgroups[2] = 24;
3719 ssl->session->tlsext_supportedgroups[3] = 25;
3720 ssl->session->tlsext_supportedgroups_length = 4;
3721 tls_extension_find(TLSEXT_TYPE_supported_groups, &idx);
3722 ssl->s3->hs.extensions_processed |= (1 << idx);
3723 ssl->s3->hs.extensions_seen |= (1 << idx);
3724 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3725
3726 /*
3727 * We should select the key share for group 29, when group 29
3728 * is the most preferred group
3729 */
3730 CBS_init(&cbs, data, dlen);
3731 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3732 FAIL("failed to process client keyshare\n");
3733 goto done;
3734 }
3735 if (CBS_len(&cbs) != 0) {
3736 FAIL("extension data remaining\n");
3737 goto done;
3738 }
3739 if (ssl->s3->hs.key_share == NULL) {
3740 FAIL("Did not select a key share");
3741 goto done;
3742 }
3743
3744 /*
3745 * Pretend the client did not send the supported groups extension. We
3746 * should fail to process.
3747 */
3748 ssl->s3->hs.extensions_seen = 0;
3749 tls_key_share_free(ssl->s3->hs.key_share);
3750 ssl->s3->hs.key_share = NULL;
3751 CBS_init(&cbs, data, dlen);
3752 if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3753 FAIL("Processed key share when supported groups not provided");
3754 goto done;
3755 }
3756 ssl->s3->hs.extensions_seen |= (1 << idx);
3757
3758 /*
3759 * Pretend supported groups did not get processed. We should fail to
3760 * process
3761 */
3762 ssl->s3->hs.extensions_processed = 0;
3763 ssl->s3->hs.key_share = NULL;
3764 CBS_init(&cbs, data, dlen);
3765 if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3766 FAIL("Processed key share when supported groups unprocesed");
3767 goto done;
3768 }
3769 ssl->s3->hs.extensions_processed |= (1 << idx);
3770
3771 /*
3772 * Remove group 29 by making it 0xbeef, meaning 29 has not been sent in
3773 * supported groups. This should fail to process.
3774 */
3775 ssl->session->tlsext_supportedgroups[0] = 0xbeef;
3776 ssl->s3->hs.key_share = NULL;
3777 CBS_init(&cbs, data, dlen);
3778 if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3779 FAIL("Processed key share with invalid group!");
3780 goto done;
3781 }
3782
3783 /*
3784 * Make 29 least preferred, while server supports both 29 and 25.
3785 * Client key share is for 29 but it prefers 25. We should successfully
3786 * process, but should not select this key share.
3787 */
3788 ssl->session->tlsext_supportedgroups[0] = 25;
3789 ssl->session->tlsext_supportedgroups[3] = 29;
3790 ssl->s3->hs.key_share = NULL;
3791 CBS_init(&cbs, data, dlen);
3792 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3793 FAIL("failed to process client keyshare\n");
3794 goto done;
3795 }
3796 if (CBS_len(&cbs) != 0) {
3797 FAIL("extension data remaining\n");
3798 goto done;
3799 }
3800 if (ssl->s3->hs.key_share != NULL) {
3801 FAIL("Selected a key share when I should not have!");
3802 goto done;
3803 }
3804 ssl->session->tlsext_supportedgroups[0] = 29;
3805 ssl->session->tlsext_supportedgroups[3] = 25;
3806
3807 failure = 0;
3808
3809 done:
3810 CBB_cleanup(&cbb);
3811 SSL_CTX_free(ssl_ctx);
3812 SSL_free(ssl);
3813 free(data);
3814
3815 return (failure);
3816}
3817
3818static const uint8_t bogokey[] = {
3819 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3820 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3821 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3822 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22,
3823};
3824
3825static int
3826test_tlsext_keyshare_server(void)
3827{
3828 unsigned char *data = NULL;
3829 SSL_CTX *ssl_ctx = NULL;
3830 SSL *ssl = NULL;
3831 const struct tls_extension_funcs *client_funcs;
3832 const struct tls_extension_funcs *server_funcs;
3833 int decode_error;
3834 int failure;
3835 size_t dlen, idx;
3836 int alert;
3837 CBB cbb;
3838 CBS cbs;
3839
3840 failure = 1;
3841
3842 if (!CBB_init(&cbb, 0))
3843 errx(1, "Failed to create CBB");
3844
3845 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3846 errx(1, "failed to create SSL_CTX");
3847 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3848 errx(1, "failed to create SSL");
3849
3850 if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs,
3851 &server_funcs))
3852 errx(1, "failed to fetch keyshare funcs");
3853
3854 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3855 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3856 FAIL("server should not need keyshare\n");
3857 goto done;
3858 }
3859
3860 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3861 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3862 FAIL("client should not need keyshare\n");
3863 goto done;
3864 }
3865
3866 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) {
3867 FAIL("failed to find keyshare extension\n");
3868 goto done;
3869 }
3870 ssl->s3->hs.extensions_seen |= (1 << idx);
3871
3872 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
3873 FAIL("server should need keyshare\n");
3874 goto done;
3875 }
3876
3877 if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3878 FAIL("server should not have built a keyshare response\n");
3879 goto done;
3880 }
3881
3882 if ((ssl->s3->hs.key_share =
3883 tls_key_share_new_nid(NID_X25519)) == NULL) {
3884 FAIL("failed to create key share");
3885 goto done;
3886 }
3887
3888 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3889 FAIL("failed to generate key share");
3890 goto done;
3891 }
3892
3893 CBS_init(&cbs, bogokey, sizeof(bogokey));
3894
3895 if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs,
3896 &decode_error, NULL)) {
3897 FAIL("failed to load peer public key\n");
3898 goto done;
3899 }
3900
3901 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3902 FAIL("server should be able to build a keyshare response\n");
3903 goto done;
3904 }
3905
3906 if (!CBB_finish(&cbb, &data, &dlen)) {
3907 FAIL("failed to finish CBB\n");
3908 goto done;
3909 }
3910
3911 if (dlen != sizeof(tlsext_keyshare_server)) {
3912 FAIL("got server keyshare with length %zu, "
3913 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3914 goto done;
3915 }
3916
3917 tls_key_share_free(ssl->s3->hs.key_share);
3918
3919 if ((ssl->s3->hs.key_share =
3920 tls_key_share_new_nid(NID_X25519)) == NULL) {
3921 FAIL("failed to create key share");
3922 goto done;
3923 }
3924 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3925 FAIL("failed to generate key share");
3926 goto done;
3927 }
3928
3929 CBS_init(&cbs, data, dlen);
3930
3931 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3932 FAIL("failed to parse server keyshare\n");
3933 goto done;
3934 }
3935
3936 if (CBS_len(&cbs) != 0) {
3937 FAIL("extension data remaining\n");
3938 goto done;
3939 }
3940
3941 failure = 0;
3942
3943done:
3944 CBB_cleanup(&cbb);
3945 SSL_CTX_free(ssl_ctx);
3946 SSL_free(ssl);
3947 free(data);
3948
3949 return (failure);
3950}
3951
3952/* One day I hope to be the only Muppet in this codebase */
3953const uint8_t cookie[] = "\n"
3954 " (o)(o) \n"
3955 " m' 'm \n"
3956 " M -****- M \n"
3957 " 'm m' \n"
3958 " m''''''''''m \n"
3959 " M M BB \n";
3960
3961static int
3962test_tlsext_cookie_client(void)
3963{
3964 unsigned char *data = NULL;
3965 SSL_CTX *ssl_ctx = NULL;
3966 SSL *ssl = NULL;
3967 const struct tls_extension_funcs *client_funcs;
3968 const struct tls_extension_funcs *server_funcs;
3969 int failure;
3970 size_t dlen;
3971 int alert;
3972 CBB cbb;
3973 CBS cbs;
3974
3975 failure = 1;
3976
3977 if (!CBB_init(&cbb, 0))
3978 errx(1, "Failed to create CBB");
3979
3980 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3981 errx(1, "failed to create SSL_CTX");
3982 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3983 errx(1, "failed to create SSL");
3984
3985 if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs,
3986 &server_funcs))
3987 errx(1, "failed to fetch cookie funcs");
3988
3989 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3990 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3991 FAIL("client should not need cookie\n");
3992 goto done;
3993 }
3994
3995
3996 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3997 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
3998 FAIL("client should not need cookie\n");
3999 goto done;
4000 }
4001
4002 /* Normally would be set by receiving a server cookie in an HRR */
4003 ssl->s3->hs.tls13.cookie = strdup(cookie);
4004 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
4005
4006 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4007 FAIL("client should need cookie\n");
4008 goto done;
4009 }
4010
4011 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
4012 FAIL("client should have built a cookie response\n");
4013 goto done;
4014 }
4015
4016 if (!CBB_finish(&cbb, &data, &dlen)) {
4017 FAIL("failed to finish CBB\n");
4018 goto done;
4019 }
4020
4021 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
4022 FAIL("got cookie with length %zu, "
4023 "want length %zu\n", dlen, strlen(cookie) +
4024 sizeof(uint16_t));
4025 goto done;
4026 }
4027
4028 CBS_init(&cbs, data, dlen);
4029
4030 /* Checks cookie against what's in the hs.tls13 */
4031 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4032 FAIL("failed to parse client cookie\n");
4033 goto done;
4034 }
4035
4036 if (CBS_len(&cbs) != 0) {
4037 FAIL("extension data remaining\n");
4038 goto done;
4039 }
4040
4041 failure = 0;
4042
4043 done:
4044 CBB_cleanup(&cbb);
4045 SSL_CTX_free(ssl_ctx);
4046 SSL_free(ssl);
4047 free(data);
4048
4049 return (failure);
4050}
4051
4052static int
4053test_tlsext_cookie_server(void)
4054{
4055 unsigned char *data = NULL;
4056 SSL_CTX *ssl_ctx = NULL;
4057 SSL *ssl = NULL;
4058 const struct tls_extension_funcs *client_funcs;
4059 const struct tls_extension_funcs *server_funcs;
4060 int failure;
4061 size_t dlen;
4062 int alert;
4063 CBB cbb;
4064 CBS cbs;
4065
4066 failure = 1;
4067
4068 if (!CBB_init(&cbb, 0))
4069 errx(1, "Failed to create CBB");
4070
4071 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
4072 errx(1, "failed to create SSL_CTX");
4073 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4074 errx(1, "failed to create SSL");
4075
4076 if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs,
4077 &server_funcs))
4078 errx(1, "failed to fetch cookie funcs");
4079
4080 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
4081 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
4082 FAIL("server should not need cookie\n");
4083 goto done;
4084 }
4085
4086 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4087 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
4088 FAIL("server should not need cookie\n");
4089 goto done;
4090 }
4091
4092 /* Normally would be set by server before sending HRR */
4093 ssl->s3->hs.tls13.cookie = strdup(cookie);
4094 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
4095
4096 if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) {
4097 FAIL("server should need cookie\n");
4098 goto done;
4099 }
4100
4101 if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) {
4102 FAIL("server should have built a cookie response\n");
4103 goto done;
4104 }
4105
4106 if (!CBB_finish(&cbb, &data, &dlen)) {
4107 FAIL("failed to finish CBB\n");
4108 goto done;
4109 }
4110
4111 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
4112 FAIL("got cookie with length %zu, "
4113 "want length %zu\n", dlen, strlen(cookie) +
4114 sizeof(uint16_t));
4115 goto done;
4116 }
4117
4118 CBS_init(&cbs, data, dlen);
4119
4120 if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
4121 FAIL("client should not have parsed server cookie\n");
4122 goto done;
4123 }
4124
4125 freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len);
4126 ssl->s3->hs.tls13.cookie = NULL;
4127 ssl->s3->hs.tls13.cookie_len = 0;
4128
4129 if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
4130 FAIL("failed to parse server cookie\n");
4131 goto done;
4132 }
4133
4134 if (memcmp(cookie, ssl->s3->hs.tls13.cookie,
4135 ssl->s3->hs.tls13.cookie_len) != 0) {
4136 FAIL("parsed server cookie does not match sent cookie\n");
4137 goto done;
4138 }
4139
4140 if (CBS_len(&cbs) != 0) {
4141 FAIL("extension data remaining\n");
4142 goto done;
4143 }
4144
4145 failure = 0;
4146
4147done:
4148 CBB_cleanup(&cbb);
4149 SSL_CTX_free(ssl_ctx);
4150 SSL_free(ssl);
4151 free(data);
4152
4153 return (failure);
4154}
4155
4156const uint8_t tlsext_default_psk_modes[] = {
4157 0x01, 0x01,
4158};
4159
4160const uint8_t tlsext_psk_only_mode[] = {
4161 0x01, 0x00,
4162};
4163
4164const uint8_t tlsext_psk_both_modes[] = {
4165 0x02, 0x00, 0x01,
4166};
4167
4168static int
4169test_tlsext_psk_modes_client(void)
4170{
4171 SSL_CTX *ssl_ctx = NULL;
4172 SSL *ssl = NULL;
4173 const struct tls_extension_funcs *client_funcs;
4174 const struct tls_extension_funcs *server_funcs;
4175 int failure;
4176 uint8_t *data = NULL;
4177 size_t dlen;
4178 CBB cbb;
4179 CBS cbs;
4180 int alert;
4181
4182 failure = 1;
4183
4184 if (!CBB_init(&cbb, 0))
4185 errx(1, "Failed to create CBB");
4186
4187 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
4188 errx(1, "failed to create SSL_CTX");
4189 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4190 errx(1, "failed to create SSL");
4191
4192 if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs,
4193 &server_funcs))
4194 errx(1, "failed to fetch psk funcs");
4195
4196 /* Disabled by default. */
4197 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4198 FAIL("client should not need psk kex modes by default\n");
4199 goto err;
4200 }
4201
4202 /*
4203 * Prerequisites: use_psk_dhe_ke flag is set and
4204 * our_max_tls_version >= TLSv1.3.
4205 */
4206
4207 ssl->s3->hs.tls13.use_psk_dhe_ke = 1;
4208 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
4209
4210 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4211 FAIL("client should not need psk kex modes with TLSv1.2\n");
4212 goto err;
4213 }
4214
4215 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4216 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4217
4218 if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4219 FAIL("client should not need psk kex modes without "
4220 "use_psk_dhe_ke\n");
4221 goto err;
4222 }
4223
4224 ssl->s3->hs.tls13.use_psk_dhe_ke = 1;
4225 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
4226
4227 if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
4228 FAIL("client should need psk kex modes with TLSv1.3\n");
4229 goto err;
4230 }
4231
4232 /* Make sure we can build psk modes with DHE key establishment. */
4233
4234 if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
4235 FAIL("client failed to build psk kex modes\n");
4236 goto err;
4237 }
4238
4239 if (!CBB_finish(&cbb, &data, &dlen))
4240 errx(1, "failed to finish psk kex CBB");
4241
4242 if (dlen != sizeof(tlsext_default_psk_modes)) {
4243 FAIL("got client psk kex modes with length %zu, "
4244 "want length %zu\n", dlen,
4245 sizeof(tlsext_default_psk_modes));
4246 compare_data(data, dlen, tlsext_default_psk_modes,
4247 sizeof(tlsext_default_psk_modes));
4248 goto err;
4249 }
4250 if (memcmp(data, tlsext_default_psk_modes, dlen) != 0) {
4251 FAIL("client psk kex modes differ:\n");
4252 compare_data(data, dlen, tlsext_default_psk_modes,
4253 sizeof(tlsext_default_psk_modes));
4254 goto err;
4255 }
4256
4257 CBB_cleanup(&cbb);
4258 free(data);
4259 data = NULL;
4260
4261 /*
4262 * Make sure we can parse the default psk modes and that use_psk_dhe_ke
4263 * is set after parsing.
4264 */
4265
4266 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4267
4268 CBS_init(&cbs, tlsext_default_psk_modes,
4269 sizeof(tlsext_default_psk_modes));
4270 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4271 FAIL("failed to parse psk kex modes\n");
4272 goto err;
4273 }
4274 if (CBS_len(&cbs) != 0) {
4275 FAIL("extension data remaining\n");
4276 goto err;
4277 }
4278
4279 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) {
4280 FAIL("should have set use_psk_dhe_ke\n");
4281 goto err;
4282 }
4283
4284 /*
4285 * Make sure we can parse the psk-only mode and that use_psk_dhe_ke
4286 * is still not set after parsing.
4287 */
4288
4289 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4290
4291 CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode));
4292 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4293 FAIL("failed to parse psk kex modes\n");
4294 goto err;
4295 }
4296 if (CBS_len(&cbs) != 0) {
4297 FAIL("extension data remaining\n");
4298 goto err;
4299 }
4300
4301 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 0) {
4302 FAIL("should not have set use_psk_dhe_ke\n");
4303 goto err;
4304 }
4305
4306 /*
4307 * Make sure we can parse the extension indicating both modes and that
4308 * use_psk_dhe_ke is set after parsing.
4309 */
4310
4311 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4312
4313 CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes));
4314 if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
4315 FAIL("failed to parse psk kex modes\n");
4316 goto err;
4317 }
4318 if (CBS_len(&cbs) != 0) {
4319 FAIL("extension data remaining\n");
4320 goto err;
4321 }
4322
4323 if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) {
4324 FAIL("should have set use_psk_dhe_ke\n");
4325 goto err;
4326 }
4327
4328 failure = 0;
4329
4330 err:
4331 CBB_cleanup(&cbb);
4332 SSL_CTX_free(ssl_ctx);
4333 SSL_free(ssl);
4334 free(data);
4335
4336 return failure;
4337}
4338
4339static int
4340test_tlsext_psk_modes_server(void)
4341{
4342 SSL_CTX *ssl_ctx = NULL;
4343 SSL *ssl = NULL;
4344 const struct tls_extension_funcs *client_funcs;
4345 const struct tls_extension_funcs *server_funcs;
4346 int failure;
4347
4348 failure = 1;
4349
4350 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
4351 errx(1, "failed to create SSL_CTX");
4352 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4353 errx(1, "failed to create SSL");
4354
4355 if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs,
4356 &server_funcs))
4357 errx(1, "failed to fetch psk funcs");
4358
4359 if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
4360 FAIL("server should not need psk kex modes\n");
4361 goto err;
4362 }
4363
4364 failure = 0;
4365
4366 err:
4367 SSL_CTX_free(ssl_ctx);
4368 SSL_free(ssl);
4369
4370 return failure;
4371}
4372
4373struct tls_sni_test {
4374 const char *hostname;
4375 int is_ip;
4376 int valid;
4377};
4378
4379static const struct tls_sni_test tls_sni_tests[] = {
4380 {
4381 .hostname = "openbsd.org",
4382 .valid = 1,
4383 },
4384 {
4385 .hostname = "op3nbsd.org",
4386 .valid = 1,
4387 },
4388 {
4389 .hostname = "org",
4390 .valid = 1,
4391 },
4392 {
4393 .hostname = "3openbsd.com",
4394 .valid = 1,
4395 },
4396 {
4397 .hostname = "3-0penb-d.c-m",
4398 .valid = 1,
4399 },
4400 {
4401 .hostname = "a",
4402 .valid = 1,
4403 },
4404 {
4405 .hostname =
4406 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
4407 .valid = 1,
4408 },
4409 {
4410 .hostname =
4411 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4412 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4413 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4414 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
4415 .valid = 1,
4416 },
4417 {
4418 .hostname = "openbsd.org.",
4419 .valid = 0,
4420 },
4421 {
4422 .hostname = "openbsd..org",
4423 .valid = 0,
4424 },
4425 {
4426 .hostname = "openbsd.org-",
4427 .valid = 0,
4428 },
4429 {
4430 .hostname =
4431 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
4432 .valid = 0,
4433 },
4434 {
4435 .hostname =
4436 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4437 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4438 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
4439 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
4440 .valid = 0,
4441 },
4442 {
4443 .hostname = "-p3nbsd.org",
4444 .valid = 0,
4445 },
4446 {
4447 .hostname = "openbs-.org",
4448 .valid = 0,
4449 },
4450 {
4451 .hostname = "openbsd\n.org",
4452 .valid = 0,
4453 },
4454 {
4455 .hostname = "open_bsd.org",
4456 .valid = 0,
4457 },
4458 {
4459 .hostname = "open\177bsd.org",
4460 .valid = 0,
4461 },
4462 {
4463 .hostname = "open\255bsd.org",
4464 .valid = 0,
4465 },
4466 {
4467 .hostname = "dead::beef",
4468 .is_ip = 1,
4469 .valid = 0,
4470 },
4471 {
4472 .hostname = "192.168.0.1",
4473 .is_ip = 1,
4474 .valid = 0,
4475 },
4476};
4477
4478#define N_TLS_SNI_TESTS (sizeof(tls_sni_tests) / sizeof(*tls_sni_tests))
4479
4480static int
4481test_tlsext_is_valid_hostname(const struct tls_sni_test *tst)
4482{
4483 int failure;
4484 int is_ip;
4485 CBS cbs;
4486
4487 failure = 1;
4488
4489 CBS_init(&cbs, tst->hostname, strlen(tst->hostname));
4490 if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) {
4491 if (tst->valid) {
4492 FAIL("Valid hostname '%s' rejected\n",
4493 tst->hostname);
4494 } else {
4495 FAIL("Invalid hostname '%s' accepted\n",
4496 tst->hostname);
4497 }
4498 goto done;
4499 }
4500 if (tst->is_ip != is_ip) {
4501 if (tst->is_ip) {
4502 FAIL("Hostname '%s' is an IP literal but not "
4503 "identified as one\n", tst->hostname);
4504 } else {
4505 FAIL("Hostname '%s' is not an IP literal but is "
4506 "identified as one\n", tst->hostname);
4507 }
4508 goto done;
4509 }
4510
4511 if (tst->valid) {
4512 CBS_init(&cbs, tst->hostname,
4513 strlen(tst->hostname) + 1);
4514 if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
4515 FAIL("hostname with NUL byte accepted\n");
4516 goto done;
4517 }
4518 }
4519
4520 failure = 0;
4521
4522 done:
4523
4524 return failure;
4525}
4526
4527static int
4528test_tlsext_valid_hostnames(void)
4529{
4530 const struct tls_sni_test *tst;
4531 int failure = 0;
4532 size_t i;
4533
4534 for (i = 0; i < N_TLS_SNI_TESTS; i++) {
4535 tst = &tls_sni_tests[i];
4536 failure |= test_tlsext_is_valid_hostname(tst);
4537 }
4538
4539 return failure;
4540}
4541
4542#define N_TLSEXT_RANDOMIZATION_TESTS 1000
4543
4544static int
4545test_tlsext_check_extension_order(SSL *ssl)
4546{
4547 const struct tls_extension *ext;
4548 uint16_t type;
4549 size_t alpn_idx, sni_idx;
4550 size_t i;
4551
4552 if (ssl->tlsext_build_order_len == 0) {
4553 FAIL("Unexpected zero build order length");
4554 return 1;
4555 }
4556
4557 ext = ssl->tlsext_build_order[ssl->tlsext_build_order_len - 1];
4558 if ((type = tls_extension_type(ext)) != TLSEXT_TYPE_psk) {
4559 FAIL("last extension is %u, want %u\n", type, TLSEXT_TYPE_psk);
4560 return 1;
4561 }
4562
4563 if (ssl->server)
4564 return 0;
4565
4566 alpn_idx = sni_idx = ssl->tlsext_build_order_len;
4567 for (i = 0; i < ssl->tlsext_build_order_len; i++) {
4568 ext = ssl->tlsext_build_order[i];
4569 if (tls_extension_type(ext) == TLSEXT_TYPE_alpn)
4570 alpn_idx = i;
4571 if (tls_extension_type(ext) == TLSEXT_TYPE_server_name)
4572 sni_idx = i;
4573 }
4574
4575 if (alpn_idx == ssl->tlsext_build_order_len) {
4576 FAIL("could not find alpn extension\n");
4577 return 1;
4578 }
4579
4580 if (sni_idx == ssl->tlsext_build_order_len) {
4581 FAIL("could not find alpn extension\n");
4582 return 1;
4583 }
4584
4585 if (sni_idx >= alpn_idx) {
4586 FAIL("sni does not precede alpn: %zu >= %zu\n",
4587 sni_idx, alpn_idx);
4588 return 1;
4589 }
4590
4591 return 0;
4592}
4593
4594static int
4595test_tlsext_randomized_extensions(SSL *ssl)
4596{
4597 size_t i;
4598 int failed = 0;
4599
4600 for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) {
4601 if (!tlsext_randomize_build_order(ssl))
4602 errx(1, "failed to randomize extensions");
4603 failed |= test_tlsext_check_extension_order(ssl);
4604 }
4605
4606 return failed;
4607}
4608
4609static int
4610test_tlsext_extension_order(void)
4611{
4612 SSL_CTX *ssl_ctx = NULL;
4613 SSL *ssl = NULL;
4614 int failure;
4615
4616 failure = 0;
4617
4618 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
4619 errx(1, "failed to create SSL_CTX");
4620 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4621 errx(1, "failed to create SSL");
4622
4623 failure |= test_tlsext_randomized_extensions(ssl);
4624
4625 SSL_CTX_free(ssl_ctx);
4626 SSL_free(ssl);
4627
4628 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
4629 errx(1, "failed to create SSL_CTX");
4630 if ((ssl = SSL_new(ssl_ctx)) == NULL)
4631 errx(1, "failed to create SSL");
4632
4633 failure |= test_tlsext_randomized_extensions(ssl);
4634
4635 SSL_CTX_free(ssl_ctx);
4636 SSL_free(ssl);
4637
4638 return failure;
4639}
4640
4641int
4642main(int argc, char **argv)
4643{
4644 int failed = 0;
4645
4646 SSL_library_init();
4647 SSL_load_error_strings();
4648
4649 failed |= test_tlsext_alpn_client();
4650 failed |= test_tlsext_alpn_server();
4651
4652 failed |= test_tlsext_supportedgroups_client();
4653 failed |= test_tlsext_supportedgroups_server();
4654
4655 failed |= test_tlsext_ecpf_client();
4656 failed |= test_tlsext_ecpf_server();
4657
4658 failed |= test_tlsext_ri_client();
4659 failed |= test_tlsext_ri_server();
4660
4661 failed |= test_tlsext_sigalgs_client();
4662
4663 failed |= test_tlsext_sni_client();
4664 failed |= test_tlsext_sni_server();
4665
4666 failed |= test_tlsext_ocsp_client();
4667 failed |= test_tlsext_ocsp_server();
4668
4669 failed |= test_tlsext_sessionticket_client();
4670 failed |= test_tlsext_sessionticket_server();
4671
4672 failed |= test_tlsext_versions_client();
4673 failed |= test_tlsext_versions_server();
4674
4675 failed |= test_tlsext_keyshare_client();
4676 failed |= test_tlsext_keyshare_server();
4677
4678 failed |= test_tlsext_cookie_client();
4679 failed |= test_tlsext_cookie_server();
4680
4681#ifndef OPENSSL_NO_SRTP
4682 failed |= test_tlsext_srtp_client();
4683 failed |= test_tlsext_srtp_server();
4684#else
4685 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
4686#endif
4687
4688 failed |= test_tlsext_psk_modes_client();
4689 failed |= test_tlsext_psk_modes_server();
4690
4691 failed |= test_tlsext_clienthello_build();
4692 failed |= test_tlsext_serverhello_build();
4693
4694 failed |= test_tlsext_valid_hostnames();
4695
4696 failed |= test_tlsext_quic_transport_parameters_client();
4697 failed |= test_tlsext_quic_transport_parameters_server();
4698
4699 failed |= test_tlsext_extension_order();
4700
4701 return (failed);
4702}
diff --git a/src/regress/lib/libssl/tlsfuzzer/Makefile b/src/regress/lib/libssl/tlsfuzzer/Makefile
deleted file mode 100644
index f7d17c2b96..0000000000
--- a/src/regress/lib/libssl/tlsfuzzer/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
1# $OpenBSD: Makefile,v 1.7 2024/09/17 08:47:37 tb Exp $
2
3.if !exists(/usr/local/share/tlsfuzzer)
4regress:
5 @echo package py3-tlsfuzzer is required for this regress
6 @echo SKIPPED
7.else
8
9REGRESS_TARGETS=regress-tlsfuzzer
10
11localhost.key localhost.crt:
12 openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt \
13 -subj /CN=localhost -nodes -batch
14
15certs: localhost.key localhost.crt
16
17start-server: certs
18 openssl s_server -accept 4433 -groups X25519:P-256:P-521:P-384 \
19 -key localhost.key -cert localhost.crt -www
20
21CLEANFILES += localhost.key localhost.crt
22
23PORT ?= 4433
24SLOW = -s
25TIMING = # -t
26VERBOSE = # -v
27
28regress-tlsfuzzer: certs
29 python3 ${.CURDIR}/tlsfuzzer.py ${SLOW} ${TIMING} ${VERBOSE}
30
31failing: certs
32 python3 ${.CURDIR}/tlsfuzzer.py -f ${SLOW} ${TIMING} ${VERBOSE}
33
34
35port: certs
36 python3 ${.CURDIR}/tlsfuzzer.py ${SLOW} ${TIMING} ${VERBOSE} -p ${PORT}
37
38list:
39 @python3 ${.CURDIR}/tlsfuzzer.py -l
40
41list-failing:
42 @python3 ${.CURDIR}/tlsfuzzer.py -l -f
43
44missing:
45 @python3 ${.CURDIR}/tlsfuzzer.py -m
46
47.PHONY: all certs failing list list-failing missing port start-server
48
49.endif
50
51.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
deleted file mode 100644
index 91aedad165..0000000000
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ /dev/null
@@ -1,935 +0,0 @@
1# $OpenBSD: tlsfuzzer.py,v 1.56 2024/09/18 19:12:37 tb Exp $
2#
3# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17import getopt
18import os
19import subprocess
20import sys
21from timeit import default_timer as timer
22
23tlsfuzzer_scriptdir = "/usr/local/share/tlsfuzzer/scripts/"
24
25class Test:
26 """
27 Represents a tlsfuzzer test script.
28 name: the script's name
29 args: arguments to feed to the script
30 tls12_args: override args for a TLSv1.2 server
31 tls13_args: override args for a TLSv1.3 server
32
33 XXX Add client cert support.
34 """
35 def __init__(self, name="", args=[], tls12_args=[], tls13_args=[]):
36 self.name = name
37 self.tls12_args = args
38 self.tls13_args = args
39 if tls12_args:
40 self.tls12_args = tls12_args
41 if tls13_args:
42 self.tls13_args = tls13_args
43
44 def args(self, has_tls1_3: True):
45 if has_tls1_3:
46 return self.tls13_args
47 else:
48 return self.tls12_args
49
50 def __repr__(self):
51 return "<Test: %s tls12_args: %s tls13_args: %s>" % (
52 self.name, self.tls12_args, self.tls13_args
53 )
54
55class TestGroup:
56 """ A group of Test objects to be run by TestRunner."""
57 def __init__(self, title="Tests", tests=[]):
58 self.title = title
59 self.tests = tests
60
61 def __iter__(self):
62 return iter(self.tests)
63
64# argument to pass to several tests
65tls13_unsupported_ciphers = [
66 "-e", "TLS 1.3 with ffdhe2048",
67 "-e", "TLS 1.3 with ffdhe3072",
68 "-e", "TLS 1.3 with x448",
69]
70
71def substitute_alert(want, got):
72 return f"Expected alert description \"{want}\" " \
73 + f"does not match received \"{got}\""
74
75# test-tls13-finished.py has 70 failing tests that expect a "decode_error"
76# instead of the "decrypt_error" sent by tls13_server_finished_recv().
77# Both alerts appear to be reasonable in this context, so work around this
78# in the test instead of the library.
79def generate_test_tls13_finished_args():
80 assertion = substitute_alert("decode_error", "decrypt_error");
81 paddings = [
82 ("TLS_AES_128_GCM_SHA256", 0, 1),
83 ("TLS_AES_128_GCM_SHA256", 0, 2),
84 ("TLS_AES_128_GCM_SHA256", 0, 4),
85 ("TLS_AES_128_GCM_SHA256", 0, 8),
86 ("TLS_AES_128_GCM_SHA256", 0, 16),
87 ("TLS_AES_128_GCM_SHA256", 0, 32),
88 ("TLS_AES_128_GCM_SHA256", 0, 48),
89 ("TLS_AES_128_GCM_SHA256", 0, 2**14-4-32),
90 ("TLS_AES_128_GCM_SHA256", 0, 0x20000),
91 ("TLS_AES_128_GCM_SHA256", 0, 0x30000),
92 ("TLS_AES_128_GCM_SHA256", 1, 0),
93 ("TLS_AES_128_GCM_SHA256", 2, 0),
94 ("TLS_AES_128_GCM_SHA256", 4, 0),
95 ("TLS_AES_128_GCM_SHA256", 8, 0),
96 ("TLS_AES_128_GCM_SHA256", 16, 0),
97 ("TLS_AES_128_GCM_SHA256", 32, 0),
98 ("TLS_AES_128_GCM_SHA256", 48, 0),
99 ("TLS_AES_128_GCM_SHA256", 2**14-4-32, 0),
100 ("TLS_AES_128_GCM_SHA256", 12, 0),
101 ("TLS_AES_128_GCM_SHA256", 1, 1),
102 ("TLS_AES_128_GCM_SHA256", 8, 8),
103 ("TLS_AES_256_GCM_SHA384", 0, 1),
104 ("TLS_AES_256_GCM_SHA384", 0, 2),
105 ("TLS_AES_256_GCM_SHA384", 0, 4),
106 ("TLS_AES_256_GCM_SHA384", 0, 8),
107 ("TLS_AES_256_GCM_SHA384", 0, 16),
108 ("TLS_AES_256_GCM_SHA384", 0, 32),
109 ("TLS_AES_256_GCM_SHA384", 0, 48),
110 ("TLS_AES_256_GCM_SHA384", 0, 2**14-4-48),
111 ("TLS_AES_256_GCM_SHA384", 0, 0x20000),
112 ("TLS_AES_256_GCM_SHA384", 0, 0x30000),
113 ("TLS_AES_256_GCM_SHA384", 0, 12),
114 ("TLS_AES_256_GCM_SHA384", 1, 0),
115 ("TLS_AES_256_GCM_SHA384", 2, 0),
116 ("TLS_AES_256_GCM_SHA384", 4, 0),
117 ("TLS_AES_256_GCM_SHA384", 8, 0),
118 ("TLS_AES_256_GCM_SHA384", 16, 0),
119 ("TLS_AES_256_GCM_SHA384", 32, 0),
120 ("TLS_AES_256_GCM_SHA384", 48, 0),
121 ("TLS_AES_256_GCM_SHA384", 2**14-4-48, 0),
122 ("TLS_AES_256_GCM_SHA384", 1, 1),
123 ("TLS_AES_256_GCM_SHA384", 8, 8),
124 ]
125 truncations = [
126 ("TLS_AES_128_GCM_SHA256", 0, -1),
127 ("TLS_AES_128_GCM_SHA256", 0, -2),
128 ("TLS_AES_128_GCM_SHA256", 0, -4),
129 ("TLS_AES_128_GCM_SHA256", 0, -8),
130 ("TLS_AES_128_GCM_SHA256", 0, -16),
131 ("TLS_AES_128_GCM_SHA256", 0, -32),
132 ("TLS_AES_128_GCM_SHA256", 0, 12),
133 ("TLS_AES_128_GCM_SHA256", 1, None),
134 ("TLS_AES_128_GCM_SHA256", 2, None),
135 ("TLS_AES_128_GCM_SHA256", 4, None),
136 ("TLS_AES_128_GCM_SHA256", 8, None),
137 ("TLS_AES_128_GCM_SHA256", 16, None),
138 ("TLS_AES_128_GCM_SHA256", 32, None),
139 ("TLS_AES_256_GCM_SHA384", 0, -1),
140 ("TLS_AES_256_GCM_SHA384", 0, -2),
141 ("TLS_AES_256_GCM_SHA384", 0, -4),
142 ("TLS_AES_256_GCM_SHA384", 0, -8),
143 ("TLS_AES_256_GCM_SHA384", 0, -16),
144 ("TLS_AES_256_GCM_SHA384", 0, -32),
145 ("TLS_AES_256_GCM_SHA384", 0, 12),
146 ("TLS_AES_256_GCM_SHA384", 1, None),
147 ("TLS_AES_256_GCM_SHA384", 2, None),
148 ("TLS_AES_256_GCM_SHA384", 4, None),
149 ("TLS_AES_256_GCM_SHA384", 8, None),
150 ("TLS_AES_256_GCM_SHA384", 16, None),
151 ("TLS_AES_256_GCM_SHA384", 32, None),
152 ]
153
154 args = [
155 "-x", "empty - cipher TLS_AES_128_GCM_SHA256", "-X", assertion,
156 "-x", "empty - cipher TLS_AES_256_GCM_SHA384", "-X", assertion,
157 ]
158 padding_fmt = "padding - cipher %s, pad_byte 0, pad_left %d, pad_right %d"
159 for padding in paddings:
160 args += ["-x", padding_fmt % padding, "-X", assertion]
161 truncation_fmt = "truncation - cipher %s, start %d, end %s"
162 for truncation in truncations:
163 args += ["-x", truncation_fmt % truncation, "-X", assertion]
164 return args
165
166tls13_tests = TestGroup("TLSv1.3 tests", [
167 Test("test-tls13-ccs.py"),
168 Test("test-tls13-conversation.py"),
169 Test("test-tls13-count-tickets.py"),
170 Test("test-tls13-empty-alert.py"),
171 Test("test-tls13-finished.py", generate_test_tls13_finished_args()),
172 Test("test-tls13-finished-plaintext.py"),
173 Test("test-tls13-hrr.py"),
174 Test("test-tls13-keyshare-omitted.py"),
175 Test("test-tls13-legacy-version.py"),
176 Test("test-tls13-nociphers.py"),
177 Test("test-tls13-record-padding.py"),
178 # Exclude QUIC transport parameters
179 Test("test-tls13-shuffled-extentions.py", [ "--exc", "57" ]),
180 Test("test-tls13-zero-content-type.py"),
181
182 # The skipped tests fail due to a bug in BIO_gets() which masks the retry
183 # signalled from an SSL_read() failure. Testing with httpd(8) shows we're
184 # handling these corner cases correctly since tls13_record_layer.c -r1.47.
185 Test("test-tls13-zero-length-data.py", [
186 "-e", "zero-length app data",
187 "-e", "zero-length app data with large padding",
188 "-e", "zero-length app data with padding",
189 ]),
190
191 # We don't currently handle NSTs
192 Test("test-tls13-connection-abort.py", ["-e", "After NewSessionTicket"]),
193])
194
195# Tests that take a lot of time (> ~30s on an x280)
196tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
197 # XXX: Investigate the occasional message
198 # "Got shared secret with 1 most significant bytes equal to zero."
199 Test("test-tls13-dhe-shared-secret-padding.py", tls13_unsupported_ciphers),
200
201 Test("test-tls13-invalid-ciphers.py"),
202 Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),
203
204 # Mark two tests cases as xfail for now. The tests expect an arguably
205 # correct decode_error while we send a decrypt_error (like fizz/boring).
206 Test("test-tls13-record-layer-limits.py", [
207 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256",
208 "-X", substitute_alert("decode_error", "decrypt_error"),
209 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256",
210 "-X", substitute_alert("decode_error", "decrypt_error"),
211 ]),
212 # We don't accept an empty ECPF extension since it must advertise the
213 # uncompressed point format. Exclude this extension type from the test.
214 Test(
215 "test-tls13-large-number-of-extensions.py",
216 tls13_args = ["--exc", "11"],
217 ),
218])
219
220tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [
221 # need to set up client certs to run these
222 Test("test-tls13-certificate-request.py"),
223 Test("test-tls13-certificate-verify.py"),
224 Test("test-tls13-ecdsa-in-certificate-verify.py"),
225 Test("test-tls13-eddsa-in-certificate-verify.py"),
226
227 # Test expects the server to have installed three certificates:
228 # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified
229 # to not work.
230 Test("test-tls13-ecdsa-support.py"),
231])
232
233tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
234 # Some tests fail because we fail later than the scripts expect us to.
235 # With X25519, we accept weak peer public keys and fail when we actually
236 # compute the keyshare. Other tests seem to indicate that we could be
237 # stricter about what keyshares we accept.
238 Test("test-tls13-crfg-curves.py", [
239 '-e', 'all zero x448 key share',
240 '-e', 'empty x448 key share',
241 '-e', 'sanity x448 with compression ansiX962_compressed_char2',
242 '-e', 'sanity x448 with compression ansiX962_compressed_prime',
243 '-e', 'sanity x448 with compression uncompressed',
244 '-e', 'too big x448 key share',
245 '-e', 'too small x448 key share',
246 '-e', 'x448 key share of "1"',
247 ]),
248 Test("test-tls13-ecdhe-curves.py", [
249 '-e', 'sanity - x448',
250 '-e', 'x448 - key share from other curve',
251 '-e', 'x448 - point at infinity',
252 '-e', 'x448 - right 0-padded key_share',
253 '-e', 'x448 - right-truncated key_share',
254 ]),
255
256 # The test sends records with protocol version 0x0300 instead of 0x0303
257 # and currently fails with OpenSSL and LibreSSL for this reason.
258 # We have the logic corresponding to NSS's fix for CVE-2020-25648
259 # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
260 # so should not be affected by this issue.
261 Test("test-tls13-multiple-ccs-messages.py"),
262
263 # https://github.com/openssl/openssl/issues/8369
264 Test("test-tls13-obsolete-curves.py"),
265
266 # 3 failing rsa_pss_pss tests
267 Test("test-tls13-rsa-signatures.py"),
268
269 # The failing tests all expect an ri extension. What's up with that?
270 Test("test-tls13-version-negotiation.py"),
271])
272
273tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
274 # Other test failures bugs in keyshare/tlsext negotiation?
275 Test("test-tls13-unrecognised-groups.py"), # unexpected closure
276
277 # 5 occasional failures:
278 # 'app data split, conversation with KeyUpdate msg'
279 # 'fragmented keyupdate msg'
280 # 'multiple KeyUpdate messages'
281 # 'post-handshake KeyUpdate msg with update_not_request'
282 # 'post-handshake KeyUpdate msg with update_request'
283 Test("test-tls13-keyupdate.py"),
284
285 Test("test-tls13-symetric-ciphers.py"), # unexpected message from peer
286
287 # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
288 # We send server hello, but the test expects handshake_failure
289 Test("test-tls13-pkcs-signature.py"),
290 # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512}
291 Test("test-tls13-rsapss-signatures.py"),
292])
293
294tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
295 # Tests for features we don't support
296 Test("test-tls13-0rtt-garbage.py"),
297 Test("test-tls13-ffdhe-groups.py"),
298 Test("test-tls13-ffdhe-sanity.py"),
299 Test("test-tls13-psk_dhe_ke.py"),
300 Test("test-tls13-psk_ke.py"),
301
302 # need server to react to HTTP GET for /keyupdate
303 Test("test-tls13-keyupdate-from-server.py"),
304
305 # needs an echo server
306 Test("test-tls13-lengths.py"),
307
308 # Weird test: tests servers that don't support 1.3
309 Test("test-tls13-non-support.py"),
310
311 # broken test script
312 # UnboundLocalError: local variable 'cert' referenced before assignment
313 Test("test-tls13-post-handshake-auth.py"),
314
315 # ExpectNewSessionTicket
316 Test("test-tls13-session-resumption.py"),
317
318 # Server must be configured to support only rsa_pss_rsae_sha512
319 Test("test-tls13-signature-algorithms.py"),
320])
321
322tls12_exclude_legacy_protocols = [
323 # all these have BIO_read timeouts against TLSv1.3
324 "-e", "Protocol (3, 0)",
325 "-e", "Protocol (3, 1)",
326 "-e", "Protocol (3, 2)",
327 "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
328 # the following only fail with TLSv1.3
329 "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
330 "-e", "Protocol (3, 2) in SSLv2 compatible ClientHello",
331 "-e", "Protocol (3, 3) in SSLv2 compatible ClientHello",
332 "-e", "Protocol (3, 1) with x448 group",
333 "-e", "Protocol (3, 2) with x448 group",
334 "-e", "Protocol (3, 3) with x448 group",
335 # These don't work without TLSv1.0 and TLSv1.1
336 "-e", "Protocol (3, 1) with secp256r1 group",
337 "-e", "Protocol (3, 1) with secp384r1 group",
338 "-e", "Protocol (3, 1) with secp521r1 group",
339 "-e", "Protocol (3, 1) with x25519 group",
340 "-e", "Protocol (3, 2) with secp256r1 group",
341 "-e", "Protocol (3, 2) with secp384r1 group",
342 "-e", "Protocol (3, 2) with secp521r1 group",
343 "-e", "Protocol (3, 2) with x25519 group",
344]
345
346tls12_tests = TestGroup("TLSv1.2 tests", [
347 # Tests that pass as they are.
348 Test("test-aes-gcm-nonces.py"),
349 Test("test-connection-abort.py"),
350 Test("test-conversation.py"),
351 Test("test-cve-2016-2107.py"),
352 Test("test-cve-2016-6309.py"),
353 Test("test-dhe-rsa-key-exchange.py"),
354 Test("test-early-application-data.py"),
355 Test("test-empty-extensions.py"),
356 Test("test-extensions.py"),
357 Test("test-fuzzed-MAC.py"),
358 Test("test-fuzzed-ciphertext.py"),
359 Test("test-fuzzed-finished.py"),
360 Test("test-fuzzed-padding.py"),
361 Test("test-fuzzed-plaintext.py"), # fails once in a while
362 Test("test-hello-request-by-client.py"),
363 Test("test-invalid-cipher-suites.py"),
364 Test("test-invalid-content-type.py"),
365 Test("test-invalid-session-id.py"),
366 Test("test-invalid-version.py"),
367 Test("test-large-number-of-extensions.py"),
368 Test("test-lucky13.py"),
369 Test("test-message-skipping.py"),
370 Test("test-no-heartbeat.py"),
371 Test("test-record-layer-fragmentation.py"),
372 Test("test-sslv2-connection.py"),
373 Test("test-truncating-of-finished.py"),
374 Test("test-truncating-of-kRSA-client-key-exchange.py"),
375 Test("test-unsupported-curve-fallback.py"),
376 Test("test-version-numbers.py"),
377 Test("test-zero-length-data.py"),
378
379 # Tests that need tweaking for unsupported features and ciphers.
380 Test(
381 "test-atypical-padding.py", [
382 "-e", "sanity - encrypt then MAC",
383 "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)",
384 ]
385 ),
386 Test(
387 "test-ccs.py", [
388 "-x", "two bytes long CCS",
389 "-X", substitute_alert("unexpected_message", "decode_error"),
390 ]
391 ),
392 Test(
393 "test-dhe-rsa-key-exchange-signatures.py", [
394 "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
395 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
396 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
397 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha224 signature",
398 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature",
399 ]
400 ),
401 Test("test-dhe-rsa-key-exchange-with-bad-messages.py", [
402 "-x", "invalid dh_Yc value - missing",
403 "-X", substitute_alert("decode_error", "illegal_parameter"),
404 ]),
405 Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
406 Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]),
407 Test(
408 "test-downgrade-protection.py",
409 tls12_args = ["--server-max-protocol", "TLSv1.2"],
410 tls13_args = [
411 "--server-max-protocol", "TLSv1.3",
412 "-e", "TLS 1.3 downgrade check for Protocol (3, 1)",
413 "-e", "TLS 1.3 downgrade check for Protocol (3, 2)",
414 ]
415 ),
416 Test(
417 "test-fallback-scsv.py",
418 tls13_args = [
419 "--tls-1.3",
420 "-e", "FALLBACK - hello TLSv1.1 - pos 0",
421 "-e", "FALLBACK - hello TLSv1.1 - pos 1",
422 "-e", "FALLBACK - hello TLSv1.1 - pos 2",
423 "-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 0",
424 "-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 1",
425 "-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 2",
426 "-e", "record TLSv1.1 hello TLSv1.1",
427 "-e", "sanity - TLSv1.1",
428 ]
429 ),
430
431 Test("test-invalid-compression-methods.py", [
432 "-x", "invalid compression methods",
433 "-X", substitute_alert("illegal_parameter", "decode_error"),
434 "-x", "only deflate compression method",
435 "-X", substitute_alert("illegal_parameter", "decode_error"),
436 ]),
437
438 # Skip extended_master_secret test. Since we don't support this
439 # extension, we don't notice that it was dropped.
440 Test("test-renegotiation-changed-clienthello.py", [
441 "-e", "drop extended_master_secret in renegotiation",
442 ]),
443
444 Test("test-sessionID-resumption.py", [
445 "-x", "Client Hello too long session ID",
446 "-X", substitute_alert("decode_error", "illegal_parameter"),
447 ]),
448
449 # Without --sig-algs-drop-ok, two tests fail since we do not currently
450 # implement the signature_algorithms_cert extension (although we MUST).
451 Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
452
453 Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
454
455 Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
456])
457
458tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
459 Test("test-cve-2016-7054.py"),
460 Test("test-dhe-no-shared-secret-padding.py", tls12_exclude_legacy_protocols),
461 Test("test-ecdhe-padded-shared-secret.py", tls12_exclude_legacy_protocols),
462 Test("test-ecdhe-rsa-key-share-random.py", tls12_exclude_legacy_protocols),
463 # Start at extension number 58 to avoid QUIC transport parameters (57)
464 Test("test-large-hello.py", [ "-m", "58" ]),
465])
466
467tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
468 # no shared cipher
469 Test("test-aesccm.py"),
470 # need server to set up alpn
471 Test("test-alpn-negotiation.py"),
472 # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it.
473 Test("test-bleichenbacher-timing-pregenerate.py"),
474 # many tests fail due to unexpected server_name extension
475 Test("test-bleichenbacher-workaround.py"),
476
477 # need client key and cert plus extra server setup
478 Test("test-certificate-malformed.py"),
479 Test("test-certificate-request.py"),
480 Test("test-certificate-verify-malformed-sig.py"),
481 Test("test-certificate-verify-malformed.py"),
482 Test("test-certificate-verify.py"),
483 Test("test-ecdsa-in-certificate-verify.py"),
484 Test("test-eddsa-in-certificate-verify.py"),
485 Test("test-renegotiation-disabled-client-cert.py"),
486 Test("test-rsa-pss-sigs-on-certificate-verify.py"),
487 Test("test-rsa-sigs-on-certificate-verify.py"),
488
489 # test doesn't expect session ticket
490 Test("test-client-compatibility.py"),
491 # abrupt closure
492 Test("test-client-hello-max-size.py"),
493 # unknown signature algorithms
494 Test("test-clienthello-md5.py"),
495
496 # Tests expect an illegal_parameter or a decode_error alert. Should be
497 # added to ssl3_get_client_key_exchange on kex function failure.
498 Test("test-ecdhe-rsa-key-exchange-with-bad-messages.py"),
499
500 # We send a handshake_failure due to no shared ciphers while the
501 # test expects to succeed.
502 Test("test-ecdhe-rsa-key-exchange.py"),
503
504 # no shared cipher
505 Test("test-ecdsa-sig-flexibility.py"),
506
507 # Tests expect SH but we send unexpected_message or handshake_failure
508 # 'Application data inside Client Hello'
509 # 'Application data inside Client Key Exchange'
510 # 'Application data inside Finished'
511 Test("test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py"),
512 # Tests expect SH but we send handshake_failure
513 # 'Application data before Change Cipher Spec'
514 # 'Application data before Client Key Exchange'
515 # 'Application data before Finished'
516 Test("test-interleaved-application-data-in-renegotiation.py"),
517
518 # broken test script
519 # TypeError: '<' not supported between instances of 'int' and 'NoneType'
520 Test("test-invalid-client-hello-w-record-overflow.py"),
521
522 # Lots of failures. abrupt closure
523 Test("test-invalid-client-hello.py"),
524
525 # abrupt closure
526 # 'encrypted premaster set to all zero (n)' n in 256 384 512
527 Test("test-invalid-rsa-key-exchange-messages.py"),
528
529 # test expects illegal_parameter, we send unrecognized_name (which seems
530 # correct according to rfc 6066?)
531 Test("test-invalid-server-name-extension-resumption.py"),
532 # let through some server names without sending an alert
533 # again illegal_parameter vs unrecognized_name
534 Test("test-invalid-server-name-extension.py"),
535
536 # 4 failures:
537 # 'insecure (legacy) renegotiation with GET after 2nd handshake'
538 # 'insecure (legacy) renegotiation with incomplete GET'
539 # 'secure renegotiation with GET after 2nd handshake'
540 # 'secure renegotiation with incomplete GET'
541 Test("test-legacy-renegotiation.py"),
542
543 # 1 failure (timeout): we don't send the unexpected_message alert
544 # 'duplicate change cipher spec after Finished'
545 Test("test-message-duplication.py"),
546
547 # server should send status_request
548 Test("test-ocsp-stapling.py"),
549
550 # unexpected closure
551 Test("test-openssl-3712.py"),
552
553 # failed: 3 (expect an alert, we send AD)
554 # 'try insecure (legacy) renegotiation with incomplete GET'
555 # 'try secure renegotiation with GET after 2nd CH'
556 # 'try secure renegotiation with incomplete GET'
557 Test("test-renegotiation-disabled.py"),
558
559 # 'resumption of safe session with NULL cipher'
560 # 'resumption with cipher from old CH but not selected by server'
561 Test("test-resumption-with-wrong-ciphers.py"),
562
563 # 'session resumption with empty session_id'
564 # 'session resumption with random session_id'
565 # 'session resumption with renegotiation'
566 # AssertionError: Server did not send extension(s): session_ticket
567 Test("test-session-ticket-resumption.py"),
568
569 # 5 failures:
570 # 'empty sigalgs'
571 # 'only undefined sigalgs'
572 # 'rsa_pss_pss_sha256 only'
573 # 'rsa_pss_pss_sha384 only'
574 # 'rsa_pss_pss_sha512 only'
575 Test("test-sig-algs.py"),
576
577 # 13 failures:
578 # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
579 # 'empty list of signature methods'
580 # 'tolerance n RSA or ECDSA methods' for n in 215 2355 8132 23754
581 # 'tolerance 32758 methods with sig_alg_cert'
582 # 'tolerance max 32744 number of methods with sig_alg_cert'
583 # 'tolerance max (32760) number of methods'
584 Test("test-signature-algorithms.py"),
585
586 # times out
587 Test("test-ssl-death-alert.py"),
588
589 # 17 pass, 13 fail. padding and truncation
590 Test("test-truncating-of-client-hello.py"),
591
592 # x448 tests need disabling plus x25519 corner cases need sorting out
593 Test("test-x25519.py"),
594
595 # Needs TLS 1.0 or 1.1
596 Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
597])
598
599tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
600 # protocol_version
601 Test("test-SSLv3-padding.py"),
602 # we don't do RSA key exchanges
603 Test("test-bleichenbacher-timing.py"),
604 # no encrypt-then-mac
605 Test("test-encrypt-then-mac-renegotiation.py"),
606 Test("test-encrypt-then-mac.py"),
607 # no EME support
608 Test("test-extended-master-secret-extension-with-client-cert.py"),
609 Test("test-extended-master-secret-extension.py"),
610 # no ffdhe
611 Test("test-ffdhe-expected-params.py"),
612 Test("test-ffdhe-negotiation.py"),
613 # record_size_limit/max_fragment_length extension (RFC 8449)
614 Test("test-record-size-limit.py"),
615 # expects the server to send the heartbeat extension
616 Test("test-heartbeat.py"),
617 # needs an echo server
618 Test("test-lengths.py"),
619])
620
621# These tests take a ton of time to fail against an 1.3 server,
622# so don't run them against 1.3 pending further investigation.
623legacy_tests = TestGroup("Legacy protocol tests", [
624 Test("test-sslv2-force-cipher-3des.py"),
625 Test("test-sslv2-force-cipher-non3des.py"),
626 Test("test-sslv2-force-cipher.py"),
627 Test("test-sslv2-force-export-cipher.py"),
628 Test("test-sslv2hello-protocol.py"),
629])
630
631all_groups = [
632 tls13_tests,
633 tls13_slow_tests,
634 tls13_extra_cert_tests,
635 tls13_failing_tests,
636 tls13_slow_failing_tests,
637 tls13_unsupported_tests,
638 tls12_tests,
639 tls12_slow_tests,
640 tls12_failing_tests,
641 tls12_unsupported_tests,
642 legacy_tests,
643]
644
645failing_groups = [
646 tls13_failing_tests,
647 tls13_slow_failing_tests,
648 tls12_failing_tests,
649]
650
651class TestRunner:
652 """ Runs the given tests against a server and displays stats. """
653
654 def __init__(
655 self, timing=False, verbose=False, host="localhost", port=4433,
656 use_tls1_3=True, dry_run=False, tests=[], scriptdir=tlsfuzzer_scriptdir,
657 ):
658 self.tests = []
659
660 self.dryrun = dry_run
661 self.use_tls1_3 = use_tls1_3
662 self.host = host
663 self.port = str(port)
664 self.scriptdir = scriptdir
665
666 self.stats = []
667 self.failed = []
668 self.missing = []
669
670 self.timing = timing
671 self.verbose = verbose
672
673 def add(self, title="tests", tests=[]):
674 # tests.sort(key=lambda test: test.name)
675 self.tests.append(TestGroup(title, tests))
676
677 def add_group(self, group):
678 self.tests.append(group)
679
680 def run_script(self, test):
681 script = test.name
682 args = ["-h"] + [self.host] + ["-p"] + [self.port] + test.args(self.use_tls1_3)
683
684 if self.dryrun:
685 if not self.verbose:
686 args = []
687 print(script , end=' ' if args else '')
688 print(' '.join([f"\"{arg}\"" for arg in args]))
689 return
690
691 if self.verbose:
692 print(script)
693 else:
694 print(f"{script[:68]:<72}", end=" ", flush=True)
695 start = timer()
696 scriptpath = os.path.join(self.scriptdir, script)
697 if not os.path.exists(scriptpath):
698 self.missing.append(script)
699 print("MISSING")
700 return
701 test = subprocess.run(
702 ["python3", scriptpath] + args,
703 capture_output=not self.verbose,
704 text=True,
705 )
706 end = timer()
707 self.stats.append((script, end - start))
708 if test.returncode == 0:
709 print("OK")
710 return
711 print("FAILED")
712 self.failed.append(script)
713
714 if self.verbose:
715 return
716
717 print('\n'.join(test.stdout.split("Test end\n", 1)[1:]), end="")
718
719 def run(self):
720 for group in self:
721 print(f"Running {group.title} ...")
722 for test in group:
723 self.run_script(test)
724 return not self.failed
725
726 def __iter__(self):
727 return iter(self.tests)
728
729 def __del__(self):
730 if self.timing and self.stats:
731 total = 0.0
732 for (script, time) in self.stats:
733 print(f"{round(time, 2):6.2f} {script}")
734 total += time
735 print(f"{round(total, 2):6.2f} total")
736
737 if self.failed:
738 print("Failed tests:")
739 print('\n'.join(self.failed))
740
741 if self.missing:
742 print("Missing tests (outdated package?):")
743 print('\n'.join(self.missing))
744
745class TlsServer:
746 """ Spawns an s_server listening on localhost:port if necessary. """
747
748 def __init__(self, host="localhost", port=4433):
749 self.spawn = True
750 # Check whether a server is already listening on localhost:port
751 self.spawn = subprocess.run(
752 ["nc", "-c", "-z", "-T", "noverify", host, str(port)],
753 stderr=subprocess.DEVNULL,
754 ).returncode != 0
755
756 if self.spawn:
757 self.server = subprocess.Popen(
758 [
759 "openssl",
760 "s_server",
761 "-accept",
762 str(port),
763 "-groups",
764 "X25519:P-256:P-521:P-384",
765 "-key",
766 "localhost.key",
767 "-cert",
768 "localhost.crt",
769 "-www",
770 ],
771 stdout=subprocess.DEVNULL,
772 stderr=subprocess.PIPE,
773 text=True,
774 )
775
776 # Check whether the server talks TLSv1.3
777 self.has_tls1_3 = True or subprocess.run(
778 [
779 "nc",
780 "-c",
781 "-z",
782 "-T",
783 "noverify",
784 "-T",
785 "protocols=TLSv1.3",
786 "localhost",
787 str(port),
788 ],
789 stderr=subprocess.DEVNULL,
790 ).returncode == 0
791
792 self.check()
793
794 def check(self):
795 if self.spawn and self.server.poll() is not None:
796 print(self.server.stderr.read())
797 raise RuntimeError(
798 f"openssl s_server died. Return code: {self.server.returncode}."
799 )
800 if self.spawn:
801 self.server.stderr.detach()
802
803 def __del__(self):
804 if self.spawn:
805 self.server.terminate()
806
807# Extract the arguments we pass to script
808def defaultargs(script, has_tls1_3):
809 return next(
810 (test for group in all_groups for test in group if test.name == script),
811 Test()
812 ).args(has_tls1_3)
813
814def list_or_missing(missing=True):
815 tests = [test.name for group in all_groups for test in group]
816
817 if missing:
818 scripts = {
819 f for f in os.listdir(tlsfuzzer_scriptdir) if f != "__pycache__"
820 }
821 missing = scripts - set(tests)
822 if missing:
823 print('\n'.join(sorted(missing)))
824 exit(0)
825
826 tests.sort()
827 print('\n'.join(tests))
828 exit(0)
829
830def usage():
831 print("Usage: python3 tlsfuzzer.py [-flmnstv] [-p port] [script [test...]]")
832 print(" --help help")
833 print(" -f run failing tests")
834 print(" -l list tests")
835 print(" -m list new tests after package update")
836 print(" -n do not run tests, but list the ones that would be run")
837 print(" -p port connect to this port - defaults to 4433")
838 print(" -s run slow tests")
839 print(" -t show timing stats at end")
840 print(" -v verbose output")
841 exit(0)
842
843def main():
844 failing = False
845 list = False
846 missing = False
847 dryrun = False
848 host = "localhost"
849 port = 4433
850 slow = False
851 timing = False
852 verbose = False
853
854 argv = sys.argv[1:]
855 opts, args = getopt.getopt(argv, "fh:lmnp:stv", ["help"])
856 for opt, arg in opts:
857 if opt == '--help':
858 usage()
859 elif opt == '-f':
860 failing = True
861 elif opt == '-h':
862 host = arg
863 elif opt == '-l':
864 list = True
865 elif opt == '-m':
866 missing = True
867 elif opt == '-n':
868 dryrun = True
869 elif opt == '-p':
870 port = int(arg)
871 elif opt == '-s':
872 slow = True
873 elif opt == '-t':
874 timing = True
875 elif opt == '-v':
876 verbose = True
877 else:
878 raise ValueError(f"Unknown option: {opt}")
879
880 if not os.path.exists(tlsfuzzer_scriptdir):
881 print("package py3-tlsfuzzer is required for this regress")
882 exit(1)
883
884 if list and failing:
885 failing = [test.name for group in failing_groups for test in group]
886 failing.sort()
887 print('\n'.join(failing))
888 exit(0)
889
890 if list or missing:
891 list_or_missing(missing)
892
893 tls_server = TlsServer(host, port)
894
895 tests = TestRunner(timing, verbose, host, port, tls_server.has_tls1_3, dryrun)
896
897 if args:
898 (dir, script) = os.path.split(args[0])
899 if dir and not dir == '.':
900 tests.scriptdir = dir
901
902 testargs = defaultargs(script, tls_server.has_tls1_3)
903
904 tests.verbose = True
905 tests.add("test from command line", [Test(script, testargs + args[1:])])
906
907 exit(not tests.run())
908
909 if failing:
910 if tls_server.has_tls1_3:
911 tests.add_group(tls13_failing_tests)
912 if slow:
913 tests.add_group(tls13_slow_failing_tests)
914 tests.add_group(tls12_failing_tests)
915
916 if tls_server.has_tls1_3:
917 tests.add_group(tls13_tests)
918 if slow:
919 tests.add_group(tls13_slow_tests)
920 else:
921 tests.add_group(legacy_tests)
922
923 tests.add_group(tls12_tests)
924 if slow:
925 tests.add_group(tls12_slow_tests)
926
927 success = tests.run()
928 del tests
929
930 if not success:
931 print("FAILED")
932 exit(1)
933
934if __name__ == "__main__":
935 main()
diff --git a/src/regress/lib/libssl/tlslegacy/Makefile b/src/regress/lib/libssl/tlslegacy/Makefile
deleted file mode 100644
index c39981f0b8..0000000000
--- a/src/regress/lib/libssl/tlslegacy/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2020/10/07 07:52:17 jsing Exp $
2
3PROG= tlslegacytest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlslegacy/tlslegacytest.c b/src/regress/lib/libssl/tlslegacy/tlslegacytest.c
deleted file mode 100644
index 59429d716a..0000000000
--- a/src/regress/lib/libssl/tlslegacy/tlslegacytest.c
+++ /dev/null
@@ -1,625 +0,0 @@
1/* $OpenBSD: tlslegacytest.c,v 1.7 2022/10/02 16:39:39 jsing Exp $ */
2/*
3 * Copyright (c) 2015, 2016, 2017, 2020 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <err.h>
21#include <stdio.h>
22#include <string.h>
23
24/* openssl.org:443 */
25static uint8_t tls12_server_response[] = {
26 0x16, 0x03, 0x03, 0x00, 0x3d, 0x02, 0x00, 0x00,
27 0x39, 0x03, 0x03, 0x62, 0x0c, 0x8a, 0x7e, 0x29,
28 0x60, 0xcb, 0x08, 0xd1, 0xb4, 0x95, 0x68, 0x76,
29 0xea, 0x4e, 0x0c, 0x94, 0xf2, 0x42, 0x3d, 0xd1,
30 0x7a, 0xc2, 0xfe, 0x6c, 0xb3, 0xe6, 0x12, 0x8a,
31 0x33, 0x02, 0x92, 0x00, 0xc0, 0x30, 0x00, 0x00,
32 0x11, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0b,
33 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x23,
34 0x00, 0x00,
35};
36
37/*
38 * outlook.office365.com:587 with starttls - this server response includes
39 * multiple handshake messages contained in a single TLS record.
40 */
41static uint8_t tls12_server_response_with_cert[] = {
42 0x16, 0x03, 0x03, 0x0f, 0x2b, 0x02, 0x00, 0x00,
43 0x4d, 0x03, 0x03, 0x5f, 0x7c, 0x69, 0x42, 0xe1,
44 0x19, 0xf0, 0x22, 0xfb, 0x71, 0x9a, 0xf1, 0x63,
45 0x34, 0xbb, 0x61, 0x46, 0xea, 0x5f, 0x0b, 0x5e,
46 0xb1, 0x4e, 0x37, 0x96, 0x67, 0xff, 0x83, 0xea,
47 0x0e, 0x16, 0x85, 0x20, 0x3a, 0x1b, 0x00, 0x00,
48 0x17, 0xe9, 0xac, 0xca, 0x19, 0x61, 0xaf, 0x70,
49 0x28, 0x3b, 0x18, 0xaa, 0x6c, 0xa0, 0x0f, 0x78,
50 0xd0, 0x83, 0xfc, 0x5d, 0x78, 0xf9, 0x6d, 0xdb,
51 0x16, 0x21, 0x15, 0xa2, 0xc0, 0x30, 0x00, 0x00,
52 0x05, 0xff, 0x01, 0x00, 0x01, 0x00, 0x0b, 0x00,
53 0x0d, 0x47, 0x00, 0x0d, 0x44, 0x00, 0x08, 0xaf,
54 0x30, 0x82, 0x08, 0xab, 0x30, 0x82, 0x07, 0x93,
55 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0c, 0x6d,
56 0xea, 0x0b, 0xe1, 0x97, 0x27, 0x60, 0xa1, 0x59,
57 0xb1, 0x85, 0x60, 0x30, 0x0d, 0x06, 0x09, 0x2a,
58 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
59 0x05, 0x00, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09,
60 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42,
61 0x45, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
62 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62,
63 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e,
64 0x76, 0x2d, 0x73, 0x61, 0x31, 0x3c, 0x30, 0x3a,
65 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x33, 0x47,
66 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67,
67 0x6e, 0x20, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
68 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x56,
69 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
70 0x6e, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x53,
71 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20,
72 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x30,
73 0x30, 0x38, 0x31, 0x33, 0x32, 0x33, 0x31, 0x38,
74 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30,
75 0x38, 0x31, 0x34, 0x32, 0x33, 0x31, 0x38, 0x34,
76 0x39, 0x5a, 0x30, 0x6a, 0x31, 0x0b, 0x30, 0x09,
77 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
78 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
79 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68,
80 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
81 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
82 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64,
83 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
84 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f,
85 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
86 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
87 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
88 0x03, 0x13, 0x0b, 0x6f, 0x75, 0x74, 0x6c, 0x6f,
89 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82,
90 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
91 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
92 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
93 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc9,
94 0x20, 0x3f, 0x57, 0xb9, 0xf9, 0x71, 0xaa, 0x3c,
95 0x6a, 0x0a, 0x5d, 0x3f, 0xc9, 0x8d, 0x99, 0xa5,
96 0x50, 0x26, 0x25, 0x4e, 0xdc, 0x69, 0x52, 0xb3,
97 0x33, 0x70, 0xe7, 0x72, 0xa2, 0x83, 0x92, 0x54,
98 0xd1, 0xd4, 0x86, 0x15, 0xf2, 0xc4, 0x65, 0xf8,
99 0xbc, 0xe5, 0xd2, 0x1e, 0x12, 0x25, 0x9e, 0x75,
100 0x8e, 0x77, 0xd2, 0x8e, 0x94, 0xca, 0x03, 0x4b,
101 0xf4, 0xc8, 0xca, 0xe3, 0xe3, 0x9b, 0x66, 0xa3,
102 0xa1, 0x37, 0x74, 0xcc, 0xfe, 0xc4, 0x1e, 0x64,
103 0xdc, 0xe3, 0x18, 0xba, 0xc1, 0x7b, 0x39, 0x5b,
104 0xb1, 0x47, 0xe9, 0x11, 0x92, 0xef, 0xee, 0xe6,
105 0x08, 0xcd, 0x93, 0x7b, 0x09, 0xc7, 0x39, 0xfe,
106 0xe5, 0xe2, 0x47, 0x3f, 0x68, 0x78, 0xa4, 0x17,
107 0x78, 0x13, 0xcb, 0x12, 0x38, 0x9d, 0x89, 0x2b,
108 0x1f, 0x75, 0x9b, 0x87, 0x5d, 0x53, 0xfc, 0xb0,
109 0x2a, 0xaf, 0x2d, 0x86, 0x8a, 0x76, 0x3b, 0xce,
110 0x5e, 0xae, 0x43, 0x74, 0x68, 0xc3, 0x28, 0xbf,
111 0x10, 0x2f, 0xdd, 0xd9, 0x43, 0x4b, 0x2d, 0xa6,
112 0xdc, 0x1f, 0x6d, 0x90, 0xd0, 0xce, 0x14, 0x1e,
113 0x6c, 0xdc, 0x7b, 0x06, 0xe4, 0x7b, 0xa9, 0x81,
114 0x40, 0xed, 0xde, 0x18, 0xb7, 0xdf, 0x53, 0x61,
115 0xbc, 0x18, 0x83, 0x11, 0xc7, 0xb4, 0x1b, 0x99,
116 0xef, 0x14, 0xe4, 0x63, 0x39, 0xe3, 0x5c, 0x2f,
117 0xe7, 0x89, 0x58, 0x5b, 0xda, 0x03, 0x3a, 0x39,
118 0x96, 0x8a, 0xca, 0x4f, 0xd8, 0xe3, 0x6c, 0x7f,
119 0x6e, 0xd3, 0xe7, 0x30, 0x34, 0x9c, 0xdb, 0x8b,
120 0xe8, 0x6a, 0xa6, 0x08, 0x77, 0x1d, 0x63, 0xd6,
121 0x57, 0x9d, 0xcd, 0xa7, 0x47, 0x05, 0x39, 0x96,
122 0x7b, 0xfd, 0x9a, 0x09, 0x99, 0xef, 0x49, 0xb1,
123 0x89, 0x02, 0xbe, 0x4f, 0xb8, 0xef, 0xa0, 0x04,
124 0x29, 0x74, 0xfb, 0x9a, 0x7e, 0x9d, 0xa8, 0x10,
125 0xfb, 0x7e, 0xb0, 0x6c, 0x60, 0x4f, 0x57, 0x02,
126 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x05, 0x53,
127 0x30, 0x82, 0x05, 0x4f, 0x30, 0x0e, 0x06, 0x03,
128 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04,
129 0x03, 0x02, 0x05, 0xa0, 0x30, 0x81, 0x9e, 0x06,
130 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
131 0x01, 0x04, 0x81, 0x91, 0x30, 0x81, 0x8e, 0x30,
132 0x4b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
133 0x07, 0x30, 0x02, 0x86, 0x3f, 0x68, 0x74, 0x74,
134 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x65, 0x63, 0x75,
135 0x72, 0x65, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61,
136 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f,
137 0x6d, 0x2f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74,
138 0x2f, 0x67, 0x73, 0x6f, 0x72, 0x67, 0x61, 0x6e,
139 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x76,
140 0x61, 0x6c, 0x73, 0x68, 0x61, 0x32, 0x67, 0x33,
141 0x2e, 0x63, 0x72, 0x74, 0x30, 0x3f, 0x06, 0x08,
142 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
143 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
144 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x32, 0x2e, 0x67,
145 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67,
146 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x73,
147 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
148 0x74, 0x69, 0x6f, 0x6e, 0x76, 0x61, 0x6c, 0x73,
149 0x68, 0x61, 0x32, 0x67, 0x33, 0x30, 0x56, 0x06,
150 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4f, 0x30, 0x4d,
151 0x30, 0x41, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
152 0x01, 0xa0, 0x32, 0x01, 0x14, 0x30, 0x34, 0x30,
153 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
154 0x07, 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74,
155 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
156 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73,
157 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
158 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f,
159 0x72, 0x79, 0x2f, 0x30, 0x08, 0x06, 0x06, 0x67,
160 0x81, 0x0c, 0x01, 0x02, 0x02, 0x30, 0x09, 0x06,
161 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00,
162 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04,
163 0x3f, 0x30, 0x3d, 0x30, 0x3b, 0xa0, 0x39, 0xa0,
164 0x37, 0x86, 0x35, 0x68, 0x74, 0x74, 0x70, 0x3a,
165 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x6c,
166 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e,
167 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x73, 0x6f,
168 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
169 0x69, 0x6f, 0x6e, 0x76, 0x61, 0x6c, 0x73, 0x68,
170 0x61, 0x32, 0x67, 0x33, 0x2e, 0x63, 0x72, 0x6c,
171 0x30, 0x82, 0x02, 0x10, 0x06, 0x03, 0x55, 0x1d,
172 0x11, 0x04, 0x82, 0x02, 0x07, 0x30, 0x82, 0x02,
173 0x03, 0x82, 0x0b, 0x6f, 0x75, 0x74, 0x6c, 0x6f,
174 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x16,
175 0x2a, 0x2e, 0x63, 0x6c, 0x6f, 0x2e, 0x66, 0x6f,
176 0x6f, 0x74, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x64,
177 0x6e, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d,
178 0x2a, 0x2e, 0x68, 0x6f, 0x74, 0x6d, 0x61, 0x69,
179 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x16, 0x2a,
180 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
181 0x6c, 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f,
182 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0a, 0x2a,
183 0x2e, 0x6c, 0x69, 0x76, 0x65, 0x2e, 0x63, 0x6f,
184 0x6d, 0x82, 0x16, 0x2a, 0x2e, 0x6e, 0x72, 0x62,
185 0x2e, 0x66, 0x6f, 0x6f, 0x74, 0x70, 0x72, 0x69,
186 0x6e, 0x74, 0x64, 0x6e, 0x73, 0x2e, 0x63, 0x6f,
187 0x6d, 0x82, 0x0c, 0x2a, 0x2e, 0x6f, 0x66, 0x66,
188 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
189 0x0f, 0x2a, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63,
190 0x65, 0x33, 0x36, 0x35, 0x2e, 0x63, 0x6f, 0x6d,
191 0x82, 0x0d, 0x2a, 0x2e, 0x6f, 0x75, 0x74, 0x6c,
192 0x6f, 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
193 0x17, 0x2a, 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f,
194 0x6f, 0x6b, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63,
195 0x65, 0x33, 0x36, 0x35, 0x2e, 0x63, 0x6f, 0x6d,
196 0x82, 0x1b, 0x61, 0x74, 0x74, 0x61, 0x63, 0x68,
197 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x6f, 0x75, 0x74,
198 0x6c, 0x6f, 0x6f, 0x6b, 0x2e, 0x6c, 0x69, 0x76,
199 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x1d, 0x61,
200 0x74, 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65, 0x6e,
201 0x74, 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f,
202 0x6b, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65,
203 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x20, 0x61, 0x74,
204 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65, 0x6e, 0x74,
205 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f, 0x6b,
206 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65, 0x70,
207 0x70, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x16,
208 0x61, 0x74, 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65,
209 0x6e, 0x74, 0x73, 0x2e, 0x6f, 0x66, 0x66, 0x69,
210 0x63, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x1a,
211 0x61, 0x74, 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65,
212 0x6e, 0x74, 0x73, 0x2d, 0x73, 0x64, 0x66, 0x2e,
213 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65, 0x2e, 0x6e,
214 0x65, 0x74, 0x82, 0x1d, 0x63, 0x63, 0x73, 0x2e,
215 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x2e, 0x6d, 0x69,
216 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x6f,
217 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x2e, 0x63, 0x6f,
218 0x6d, 0x82, 0x21, 0x63, 0x63, 0x73, 0x2d, 0x73,
219 0x64, 0x66, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e,
220 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
221 0x66, 0x74, 0x6f, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
222 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0b, 0x68, 0x6f,
223 0x74, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f,
224 0x6d, 0x82, 0x16, 0x6d, 0x61, 0x69, 0x6c, 0x2e,
225 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73,
226 0x2e, 0x6c, 0x69, 0x76, 0x65, 0x2e, 0x63, 0x6f,
227 0x6d, 0x82, 0x0d, 0x6f, 0x66, 0x66, 0x69, 0x63,
228 0x65, 0x33, 0x36, 0x35, 0x2e, 0x63, 0x6f, 0x6d,
229 0x82, 0x12, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f,
230 0x6b, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65,
231 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14, 0x73, 0x75,
232 0x62, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x2e,
233 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65, 0x2e, 0x63,
234 0x6f, 0x6d, 0x82, 0x18, 0x73, 0x75, 0x62, 0x73,
235 0x74, 0x72, 0x61, 0x74, 0x65, 0x2d, 0x73, 0x64,
236 0x66, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65,
237 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1d, 0x06, 0x03,
238 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
239 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
240 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
241 0x07, 0x03, 0x02, 0x30, 0x1f, 0x06, 0x03, 0x55,
242 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
243 0x68, 0x86, 0xb8, 0x7d, 0x7a, 0xd9, 0x6d, 0x49,
244 0x6b, 0x87, 0x2f, 0x18, 0x8b, 0x15, 0x34, 0x6c,
245 0xd7, 0xb4, 0x7a, 0x0e, 0x30, 0x1d, 0x06, 0x03,
246 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x8a,
247 0x7c, 0x73, 0x44, 0x70, 0xa8, 0x4d, 0x83, 0x25,
248 0x6f, 0xa6, 0x53, 0xda, 0x42, 0x52, 0x96, 0xc9,
249 0x15, 0x71, 0x21, 0x30, 0x82, 0x01, 0x7c, 0x06,
250 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79,
251 0x02, 0x04, 0x02, 0x04, 0x82, 0x01, 0x6c, 0x04,
252 0x82, 0x01, 0x68, 0x01, 0x66, 0x00, 0x76, 0x00,
253 0x22, 0x45, 0x45, 0x07, 0x59, 0x55, 0x24, 0x56,
254 0x96, 0x3f, 0xa1, 0x2f, 0xf1, 0xf7, 0x6d, 0x86,
255 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, 0x4b, 0x7f,
256 0x5d, 0xc6, 0x83, 0x5c, 0x6e, 0xe2, 0x0f, 0x02,
257 0x00, 0x00, 0x01, 0x73, 0xea, 0x1e, 0x7d, 0x2f,
258 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45,
259 0x02, 0x21, 0x00, 0xf4, 0x50, 0x8f, 0xe7, 0x38,
260 0xc9, 0x7a, 0xd1, 0xf7, 0xf7, 0x69, 0xc5, 0x05,
261 0xea, 0x8e, 0x03, 0x80, 0x2c, 0x87, 0x06, 0x03,
262 0xb6, 0x9b, 0xe6, 0xa5, 0x83, 0x2f, 0xb9, 0xaf,
263 0x7b, 0xb4, 0xac, 0x02, 0x20, 0x51, 0xa6, 0x8f,
264 0xe8, 0xe5, 0x6c, 0xa7, 0xff, 0x16, 0x01, 0x7e,
265 0x15, 0x42, 0x11, 0x31, 0xdc, 0xdc, 0xc7, 0x37,
266 0x7c, 0x64, 0x2c, 0xac, 0xdd, 0x42, 0xbb, 0x3c,
267 0x79, 0x31, 0x74, 0xcc, 0x9d, 0x00, 0x75, 0x00,
268 0x29, 0x79, 0xbe, 0xf0, 0x9e, 0x39, 0x39, 0x21,
269 0xf0, 0x56, 0x73, 0x9f, 0x63, 0xa5, 0x77, 0xe5,
270 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, 0xf8, 0xf9,
271 0x4d, 0x5d, 0x26, 0x5c, 0x25, 0x5d, 0xc7, 0x84,
272 0x00, 0x00, 0x01, 0x73, 0xea, 0x1e, 0x7a, 0xa7,
273 0x00, 0x00, 0x04, 0x03, 0x00, 0x46, 0x30, 0x44,
274 0x02, 0x20, 0x03, 0xf1, 0x19, 0xd7, 0x0f, 0x2f,
275 0xc4, 0xa9, 0x84, 0xa0, 0x33, 0xd4, 0x76, 0xa6,
276 0xee, 0xf1, 0xae, 0xe0, 0x03, 0xe7, 0xae, 0x98,
277 0x43, 0x17, 0xb0, 0x0f, 0xfb, 0x12, 0xbb, 0x13,
278 0xda, 0x34, 0x02, 0x20, 0x10, 0xe6, 0xa9, 0x1d,
279 0x8b, 0x1c, 0x64, 0xd4, 0xc9, 0xf7, 0xc0, 0x3d,
280 0x3c, 0x77, 0x49, 0xb1, 0x08, 0x3d, 0x1d, 0x5e,
281 0x34, 0xf9, 0xd9, 0x10, 0x7c, 0x74, 0x6b, 0x18,
282 0xc6, 0x5e, 0x6d, 0x07, 0x00, 0x75, 0x00, 0x55,
283 0x81, 0xd4, 0xc2, 0x16, 0x90, 0x36, 0x01, 0x4a,
284 0xea, 0x0b, 0x9b, 0x57, 0x3c, 0x53, 0xf0, 0xc0,
285 0xe4, 0x38, 0x78, 0x70, 0x25, 0x08, 0x17, 0x2f,
286 0xa3, 0xaa, 0x1d, 0x07, 0x13, 0xd3, 0x0c, 0x00,
287 0x00, 0x01, 0x73, 0xea, 0x1e, 0x7d, 0xae, 0x00,
288 0x00, 0x04, 0x03, 0x00, 0x46, 0x30, 0x44, 0x02,
289 0x20, 0x26, 0x21, 0x64, 0xdb, 0xa6, 0xe2, 0x3d,
290 0x32, 0x7d, 0x9f, 0xa8, 0xae, 0xb7, 0x29, 0xb7,
291 0x42, 0x9b, 0x49, 0xaa, 0xf5, 0xa5, 0xc0, 0x12,
292 0x01, 0xa1, 0xb6, 0xe7, 0xf2, 0x01, 0xd4, 0x2f,
293 0x45, 0x02, 0x20, 0x4e, 0x19, 0xba, 0x47, 0x75,
294 0x8b, 0x49, 0xd7, 0x4b, 0xba, 0x04, 0x62, 0xdd,
295 0xa2, 0xb7, 0x6b, 0x05, 0xd0, 0x01, 0x1f, 0x7c,
296 0x36, 0x17, 0x27, 0x29, 0xb2, 0x17, 0x1c, 0x7f,
297 0x10, 0x81, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a,
298 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
299 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x26,
300 0xf4, 0xa3, 0x77, 0x1d, 0xdc, 0x9e, 0xc4, 0x1a,
301 0x88, 0x23, 0x30, 0x8c, 0xe1, 0x14, 0xf9, 0x62,
302 0x0e, 0xbf, 0xad, 0x24, 0xc9, 0xab, 0xab, 0xd0,
303 0x68, 0x8b, 0xbc, 0xf1, 0xec, 0x1c, 0xd0, 0x96,
304 0xad, 0xf9, 0x5f, 0xdd, 0xe0, 0xee, 0xa8, 0xe0,
305 0x2c, 0x3a, 0x19, 0xa5, 0x68, 0x0c, 0x6e, 0xfe,
306 0xe6, 0x80, 0xce, 0xa3, 0x3b, 0x6c, 0x00, 0x88,
307 0x5c, 0xbf, 0x3c, 0xd8, 0x68, 0x08, 0x36, 0xb9,
308 0x9e, 0x84, 0x9b, 0x5f, 0x97, 0xfb, 0x77, 0xea,
309 0x72, 0xfb, 0x73, 0x47, 0x00, 0xb0, 0xa8, 0x7c,
310 0x64, 0x38, 0xf1, 0xcc, 0xc0, 0x29, 0x71, 0x67,
311 0x65, 0x76, 0x4c, 0x80, 0x58, 0x97, 0xc8, 0x62,
312 0x63, 0x3e, 0xf1, 0x3e, 0xc0, 0x0e, 0x48, 0x5f,
313 0x55, 0x21, 0x8f, 0x96, 0x68, 0xbd, 0x41, 0x14,
314 0x7a, 0x0b, 0x8c, 0x31, 0x5b, 0x39, 0xac, 0xa3,
315 0xa0, 0x99, 0x58, 0x24, 0xfa, 0xd9, 0x19, 0x32,
316 0x1c, 0x9f, 0x2d, 0xa9, 0xed, 0xb9, 0x97, 0xa4,
317 0x66, 0x30, 0x29, 0xd8, 0x82, 0xa2, 0xf5, 0xfc,
318 0x6d, 0x10, 0xf1, 0xac, 0x1d, 0x3f, 0xfb, 0xde,
319 0xa1, 0x0e, 0xb6, 0x84, 0x90, 0xd4, 0x55, 0x5c,
320 0x21, 0x1b, 0x1f, 0x21, 0x45, 0x92, 0xc5, 0x9a,
321 0x47, 0x05, 0x0f, 0xb8, 0x1c, 0x78, 0x6e, 0xb9,
322 0x6b, 0xa3, 0xa9, 0x8d, 0xb1, 0x59, 0xff, 0xf4,
323 0xe6, 0x71, 0x77, 0x38, 0x12, 0xfe, 0x41, 0x8f,
324 0x04, 0x92, 0x08, 0x3f, 0x32, 0x2a, 0x92, 0x5e,
325 0x0a, 0x7b, 0x7e, 0x04, 0xee, 0x24, 0x10, 0x39,
326 0xf3, 0xac, 0x5e, 0x04, 0x93, 0x91, 0xa2, 0x8f,
327 0x90, 0x04, 0x33, 0x5c, 0x5c, 0x94, 0xb3, 0x80,
328 0x2b, 0x43, 0xbf, 0xe3, 0x74, 0x64, 0x20, 0xf4,
329 0x00, 0xb2, 0x6c, 0x7b, 0xa8, 0x77, 0xfb, 0x74,
330 0x35, 0xce, 0xdd, 0xb6, 0x5f, 0x83, 0x18, 0xc4,
331 0xe7, 0x31, 0x1a, 0x8d, 0x30, 0x0d, 0xc4, 0x00,
332 0x04, 0x8f, 0x30, 0x82, 0x04, 0x8b, 0x30, 0x82,
333 0x03, 0x73, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
334 0x0e, 0x47, 0x07, 0xb1, 0x01, 0x9a, 0x0c, 0x57,
335 0xad, 0x39, 0xb3, 0xe1, 0x7d, 0xa9, 0xf9, 0x30,
336 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
337 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57,
338 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
339 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30,
340 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10,
341 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69,
342 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61,
343 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
344 0x0b, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20,
345 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03,
346 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f,
347 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20,
348 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
349 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x39, 0x30,
350 0x34, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
351 0x17, 0x0d, 0x32, 0x35, 0x30, 0x39, 0x30, 0x34,
352 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
353 0x66, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
354 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19,
355 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
356 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53,
357 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73,
358 0x61, 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55,
359 0x04, 0x03, 0x13, 0x33, 0x47, 0x6c, 0x6f, 0x62,
360 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x4f,
361 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
362 0x69, 0x6f, 0x6e, 0x20, 0x56, 0x61, 0x6c, 0x69,
363 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x43,
364 0x41, 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, 0x32,
365 0x35, 0x36, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30,
366 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
367 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
368 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
369 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
370 0xc9, 0x86, 0xa2, 0x05, 0x3e, 0xec, 0x77, 0x4d,
371 0x79, 0x42, 0x81, 0xf2, 0xc5, 0x46, 0xa9, 0xc2,
372 0x9b, 0xf9, 0x57, 0xa9, 0x48, 0xdd, 0x3c, 0x3b,
373 0xe2, 0x16, 0x47, 0x83, 0x15, 0x0c, 0x36, 0x88,
374 0x61, 0xb3, 0xc8, 0xb9, 0xd5, 0x20, 0x97, 0xb6,
375 0xfe, 0x07, 0x30, 0x01, 0x9e, 0x01, 0x3a, 0xf9,
376 0x50, 0x87, 0xa0, 0x4f, 0x60, 0xcc, 0x90, 0xf6,
377 0xdd, 0x1f, 0xa6, 0xc7, 0x55, 0x00, 0x6c, 0x54,
378 0x31, 0x5f, 0x02, 0x9a, 0xf7, 0x7f, 0x07, 0x9a,
379 0xd2, 0x22, 0x53, 0x05, 0xcd, 0x9f, 0xc7, 0xbb,
380 0x7b, 0x59, 0x3b, 0x8a, 0xb2, 0x93, 0x78, 0x0d,
381 0x43, 0x02, 0x92, 0x76, 0xa5, 0x29, 0xf8, 0x7c,
382 0x9d, 0x5c, 0x3a, 0xa2, 0xf8, 0x52, 0x72, 0x22,
383 0x45, 0x91, 0xfd, 0x90, 0x12, 0x28, 0x4d, 0x75,
384 0xe4, 0xdd, 0xaa, 0x79, 0x58, 0x68, 0x6f, 0x2a,
385 0x7e, 0x7b, 0xef, 0xd1, 0x9e, 0x7f, 0x52, 0xdc,
386 0xcb, 0x1c, 0x48, 0xe2, 0x3e, 0x4d, 0x5c, 0x47,
387 0x7a, 0xb4, 0xf1, 0xce, 0xff, 0xd9, 0x60, 0x2b,
388 0x77, 0xd1, 0x62, 0x22, 0x2d, 0xa9, 0x5a, 0x06,
389 0x16, 0xee, 0x37, 0x6a, 0x51, 0xcf, 0x8e, 0xa5,
390 0xd1, 0x6e, 0x70, 0x4a, 0xf0, 0xd8, 0x63, 0x60,
391 0x6a, 0x72, 0x55, 0xd7, 0xf1, 0x99, 0x38, 0x86,
392 0x44, 0x67, 0x18, 0xe0, 0x71, 0x8e, 0xc1, 0x40,
393 0x6d, 0x85, 0xda, 0x4b, 0xdd, 0x31, 0x73, 0xbc,
394 0x32, 0xcc, 0x6f, 0x8e, 0x7b, 0xb9, 0x8d, 0x4b,
395 0x80, 0xda, 0xb9, 0xc7, 0xc6, 0x24, 0x83, 0x5e,
396 0x32, 0xfb, 0x87, 0xe9, 0x8b, 0x61, 0x67, 0xa2,
397 0x99, 0x76, 0xdb, 0xa5, 0xaa, 0xb4, 0xe8, 0x6c,
398 0x41, 0x9f, 0x5f, 0x2a, 0xb3, 0xd5, 0x7d, 0xd7,
399 0x92, 0xc8, 0x27, 0x4b, 0xec, 0x1f, 0xda, 0x05,
400 0x6d, 0x88, 0x73, 0x8f, 0x06, 0xb2, 0x38, 0x3d,
401 0x03, 0xa2, 0xe1, 0x87, 0x86, 0x3c, 0xc6, 0xa1,
402 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
403 0x44, 0x30, 0x82, 0x01, 0x40, 0x30, 0x0e, 0x06,
404 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
405 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06,
406 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
407 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
408 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
409 0x05, 0x07, 0x03, 0x02, 0x30, 0x12, 0x06, 0x03,
410 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08,
411 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00,
412 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
413 0x16, 0x04, 0x14, 0x68, 0x86, 0xb8, 0x7d, 0x7a,
414 0xd9, 0x6d, 0x49, 0x6b, 0x87, 0x2f, 0x18, 0x8b,
415 0x15, 0x34, 0x6c, 0xd7, 0xb4, 0x7a, 0x0e, 0x30,
416 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
417 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a,
418 0x45, 0x0d, 0x97, 0xca, 0x89, 0x50, 0x2f, 0x7d,
419 0x04, 0xcd, 0x34, 0xa8, 0xff, 0xfc, 0xfd, 0x4b,
420 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
421 0x05, 0x07, 0x01, 0x01, 0x04, 0x31, 0x30, 0x2f,
422 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
423 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74,
424 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73,
425 0x70, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c,
426 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d,
427 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x72, 0x31, 0x30,
428 0x33, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2c,
429 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24,
430 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
431 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x6c, 0x6f,
432 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e,
433 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74,
434 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x47, 0x06, 0x03,
435 0x55, 0x1d, 0x20, 0x04, 0x40, 0x30, 0x3e, 0x30,
436 0x3c, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30,
437 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01,
438 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x26, 0x68,
439 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77,
440 0x77, 0x77, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61,
441 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f,
442 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69,
443 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x30, 0x0d, 0x06,
444 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
445 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
446 0x00, 0x9a, 0xb9, 0x82, 0x1c, 0xdd, 0x83, 0x83,
447 0x8b, 0x92, 0xc0, 0xc4, 0xed, 0x01, 0xad, 0x84,
448 0xfc, 0x4e, 0xee, 0x6d, 0x9c, 0x1d, 0x01, 0xfa,
449 0x52, 0x14, 0xdb, 0xd8, 0xc2, 0x10, 0x63, 0x9f,
450 0x6b, 0x39, 0x9a, 0xc7, 0x1c, 0x3c, 0xa0, 0xaa,
451 0xe3, 0x19, 0x3a, 0xfc, 0x64, 0x46, 0x2a, 0xef,
452 0x35, 0x26, 0x03, 0xf6, 0x05, 0x67, 0xfa, 0x6e,
453 0x74, 0xe1, 0x46, 0xfb, 0x40, 0xd8, 0x6f, 0xae,
454 0x2d, 0x39, 0x21, 0x74, 0x86, 0x9f, 0x00, 0x05,
455 0x1a, 0x3f, 0x2f, 0x93, 0x5b, 0xd4, 0xa4, 0x45,
456 0xbc, 0x3d, 0x0c, 0x29, 0x17, 0x5a, 0xd3, 0xfb,
457 0x68, 0xa6, 0x0f, 0xe0, 0x00, 0x68, 0x79, 0xb0,
458 0x4c, 0xb1, 0x45, 0x8b, 0xc8, 0x85, 0x8c, 0x67,
459 0x0e, 0x8c, 0x7d, 0x54, 0xf8, 0xb0, 0x75, 0xce,
460 0x0a, 0xac, 0x1d, 0xd7, 0x6b, 0x44, 0xac, 0xfe,
461 0x1b, 0xd4, 0xa6, 0x98, 0x21, 0x09, 0x3e, 0xa2,
462 0x4b, 0x33, 0xba, 0xba, 0x4b, 0x12, 0xa8, 0x6b,
463 0x57, 0x27, 0x9d, 0xfa, 0x94, 0x80, 0xb4, 0x68,
464 0x4c, 0x77, 0x60, 0xff, 0xd7, 0x29, 0x5a, 0x38,
465 0x3d, 0xce, 0x2d, 0x4b, 0x08, 0x56, 0x9f, 0x69,
466 0xcb, 0x7b, 0xd8, 0xe2, 0x36, 0xf9, 0x37, 0x69,
467 0xc5, 0xce, 0x36, 0x97, 0x1c, 0xba, 0x0d, 0x3f,
468 0x15, 0xb3, 0x65, 0xa0, 0xec, 0x74, 0x12, 0xbd,
469 0xb3, 0xad, 0xe8, 0xde, 0x9e, 0xa1, 0xec, 0xd3,
470 0xbf, 0xa9, 0xe0, 0xa5, 0x91, 0x6d, 0x83, 0x59,
471 0x12, 0x56, 0x2f, 0x13, 0xa6, 0x7e, 0x79, 0x73,
472 0xa1, 0xa3, 0x89, 0xd5, 0xe1, 0xa5, 0x8c, 0xce,
473 0x2d, 0xac, 0x8a, 0xcf, 0x62, 0x16, 0x65, 0xcd,
474 0xd9, 0xee, 0xa8, 0xb6, 0x40, 0x08, 0xb5, 0x7c,
475 0x50, 0xf9, 0x37, 0x82, 0x7a, 0xa4, 0x0b, 0x34,
476 0x66, 0xec, 0xe9, 0x97, 0x57, 0x1f, 0x8a, 0x67,
477 0x3e, 0x81, 0xbc, 0x3b, 0x35, 0xd3, 0x2a, 0x48,
478 0x0c, 0x0c, 0x00, 0x01, 0x69, 0x03, 0x00, 0x18,
479 0x61, 0x04, 0xb7, 0xa9, 0xbd, 0x74, 0x71, 0xd5,
480 0x68, 0xbf, 0xd8, 0xa6, 0x84, 0x12, 0xaf, 0x8f,
481 0xd4, 0x2c, 0xcf, 0xf9, 0x72, 0x2b, 0x8c, 0x6c,
482 0x73, 0xa3, 0x13, 0x74, 0xdb, 0x83, 0x3e, 0xa6,
483 0xf4, 0x1b, 0xee, 0xa9, 0x34, 0xe5, 0x65, 0xa7,
484 0xaf, 0xef, 0xf2, 0xac, 0xfb, 0x87, 0xb4, 0xdb,
485 0x8b, 0x05, 0x4f, 0xe8, 0x25, 0x3d, 0x32, 0x65,
486 0xda, 0x47, 0xd8, 0xd2, 0x86, 0xad, 0x9b, 0x37,
487 0xbc, 0x45, 0xef, 0xb6, 0x91, 0xa2, 0x71, 0x2f,
488 0x13, 0x68, 0xfa, 0xa7, 0x20, 0xe4, 0x8a, 0xa8,
489 0x9b, 0xbe, 0xf6, 0x7c, 0xc8, 0x16, 0xd4, 0x50,
490 0x9d, 0x63, 0xb3, 0xf4, 0x6e, 0xd3, 0x8f, 0x32,
491 0x68, 0x66, 0x04, 0x01, 0x01, 0x00, 0xaa, 0xcb,
492 0x90, 0xbd, 0x94, 0x10, 0xab, 0xfc, 0x30, 0x1d,
493 0x68, 0x1c, 0xb4, 0x21, 0xcf, 0x73, 0xa5, 0x4b,
494 0x20, 0x94, 0xde, 0x66, 0x99, 0x54, 0x3f, 0xba,
495 0x40, 0x58, 0x50, 0xe3, 0x64, 0x53, 0x90, 0x9e,
496 0xf8, 0x67, 0xcc, 0x85, 0x4a, 0xdc, 0xd8, 0xd7,
497 0xc8, 0xb5, 0xe0, 0x92, 0x02, 0x6b, 0xa8, 0x76,
498 0x67, 0xc5, 0xae, 0x12, 0x56, 0xff, 0xd1, 0xda,
499 0xc0, 0x48, 0x17, 0x99, 0xc9, 0xbe, 0x02, 0xc6,
500 0x9e, 0x5c, 0xd9, 0x44, 0x3f, 0x06, 0xbd, 0x98,
501 0xe3, 0x4d, 0x46, 0x10, 0xe8, 0x20, 0xed, 0x7b,
502 0xcd, 0x73, 0xed, 0x03, 0x6a, 0x4c, 0x49, 0xaf,
503 0xbe, 0xa3, 0xe0, 0xab, 0x9a, 0xb8, 0xf8, 0x06,
504 0x25, 0x31, 0x8d, 0x32, 0x44, 0xfd, 0xd6, 0xb0,
505 0xd4, 0x6c, 0x9a, 0x2a, 0x0f, 0xab, 0xe2, 0x13,
506 0x10, 0x6d, 0x41, 0x0b, 0x97, 0x74, 0xa0, 0x04,
507 0x16, 0x60, 0xf1, 0x8e, 0x74, 0xf3, 0x91, 0x75,
508 0x2b, 0x92, 0x2b, 0xc7, 0x5b, 0x6f, 0x1d, 0x70,
509 0xe2, 0xc6, 0x9a, 0x7d, 0x66, 0x55, 0x98, 0x01,
510 0x71, 0xb8, 0xdd, 0xf4, 0x70, 0xc9, 0x74, 0x56,
511 0xcc, 0xa5, 0x2c, 0x51, 0x70, 0x72, 0xc2, 0x44,
512 0xb9, 0x59, 0xc3, 0xc3, 0xf8, 0x29, 0x4e, 0x79,
513 0x40, 0x9b, 0x30, 0x35, 0x66, 0xb2, 0xd8, 0x7d,
514 0xfe, 0x65, 0x6b, 0xf0, 0x17, 0xa3, 0x13, 0xc7,
515 0xc7, 0xc6, 0x48, 0xb2, 0xae, 0x4f, 0x26, 0x0b,
516 0x8a, 0x40, 0xaa, 0x06, 0x65, 0x8a, 0x95, 0x00,
517 0xc4, 0xc9, 0xfd, 0x69, 0x0a, 0xa9, 0x0a, 0x18,
518 0xff, 0x95, 0x40, 0xab, 0x84, 0x75, 0xfe, 0x11,
519 0xb1, 0x6f, 0xca, 0x5e, 0xf7, 0xe4, 0x1d, 0x8d,
520 0x08, 0x1c, 0xd3, 0x95, 0xf4, 0x9b, 0x17, 0x41,
521 0xa8, 0x8f, 0x6e, 0xfa, 0x6c, 0x43, 0x60, 0x39,
522 0x0a, 0xa2, 0x7e, 0xdf, 0x3e, 0x74, 0xc2, 0xbf,
523 0xaf, 0x96, 0x96, 0xbd, 0x21, 0x4b, 0x0d, 0x00,
524 0x00, 0x1a, 0x03, 0x01, 0x02, 0x40, 0x00, 0x12,
525 0x04, 0x01, 0x05, 0x01, 0x02, 0x01, 0x04, 0x03,
526 0x05, 0x03, 0x02, 0x03, 0x02, 0x02, 0x06, 0x01,
527 0x06, 0x03, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
528};
529
530struct tlslegacy_client_test {
531 const unsigned char *desc;
532 unsigned char *server_response;
533 const size_t server_response_len;
534 const SSL_METHOD *(*ssl_method)(void);
535 int want_state;
536};
537
538static struct tlslegacy_client_test tlslegacy_client_tests[] = {
539 {
540 .desc = "TLSv1.2 legacy fallback",
541 .server_response = tls12_server_response,
542 .server_response_len = sizeof(tls12_server_response),
543 .ssl_method = TLS_client_method,
544 .want_state = SSL3_ST_CR_CERT_A,
545 },
546 {
547 .desc = "TLSv1.2 legacy fallback with server cert",
548 .server_response = tls12_server_response_with_cert,
549 .server_response_len = sizeof(tls12_server_response_with_cert),
550 .ssl_method = TLS_client_method,
551 .want_state = SSL3_ST_CR_KEY_EXCH_B,
552 },
553};
554
555#define N_TLSLEGACY_CLIENT_TESTS \
556 (sizeof(tlslegacy_client_tests) / sizeof(*tlslegacy_client_tests))
557
558static int
559tlslegacy_client_test(int testno, struct tlslegacy_client_test *tct)
560{
561 BIO *rbio = NULL, *wbio = NULL;
562 SSL_CTX *ssl_ctx = NULL;
563 SSL *ssl = NULL;
564 int ret = 1;
565
566 fprintf(stderr, "Test %d - %s\n", testno, tct->desc);
567
568 if ((rbio = BIO_new_mem_buf(tct->server_response,
569 tct->server_response_len)) == NULL) {
570 fprintf(stderr, "Failed to setup rbio\n");
571 goto failure;
572 }
573 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
574 fprintf(stderr, "Failed to setup wbio\n");
575 goto failure;
576 }
577
578 if ((ssl_ctx = SSL_CTX_new(tct->ssl_method())) == NULL) {
579 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
580 goto failure;
581 }
582
583 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
584 fprintf(stderr, "SSL_new() returned NULL\n");
585 goto failure;
586 }
587
588 BIO_up_ref(rbio);
589 BIO_up_ref(wbio);
590 SSL_set_bio(ssl, rbio, wbio);
591
592 if (SSL_connect(ssl) == 1) {
593 fprintf(stderr, "SSL_connect() succeeded\n");
594 goto failure;
595 }
596
597 if (SSL_state(ssl) != tct->want_state) {
598 fprintf(stderr, "FAIL: Got SSL state %x, want %x",
599 SSL_state(ssl), tct->want_state);
600 goto failure;
601 }
602
603 ret = 0;
604
605 failure:
606 SSL_CTX_free(ssl_ctx);
607 SSL_free(ssl);
608
609 BIO_free(rbio);
610 BIO_free(wbio);
611
612 return (ret);
613}
614
615int
616main(int argc, char **argv)
617{
618 int failed = 0;
619 size_t i;
620
621 for (i = 0; i < N_TLSLEGACY_CLIENT_TESTS; i++)
622 failed |= tlslegacy_client_test(i, &tlslegacy_client_tests[i]);
623
624 return (failed);
625}
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile
deleted file mode 100644
index 6a925069ca..0000000000
--- a/src/regress/lib/libssl/unit/Makefile
+++ /dev/null
@@ -1,21 +0,0 @@
1# $OpenBSD: Makefile,v 1.16 2023/05/24 09:15:14 tb Exp $
2
3PROGS += cipher_list
4PROGS += ssl_get_shared_ciphers
5PROGS += ssl_methods
6PROGS += ssl_set_alpn_protos
7PROGS += ssl_verify_param
8PROGS += ssl_versions
9PROGS += tls_ext_alpn
10PROGS += tls_prf
11
12WARNINGS= Yes
13LDADD = ${SSL_INT} -lcrypto
14DPADD = ${LIBSSL} ${LIBCRYPTO}
15CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
16CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\"
17CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
18
19LDADD_ssl_verify_param = ${LIBSSL} ${CRYPTO_INT}
20
21.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/unit/cipher_list.c b/src/regress/lib/libssl/unit/cipher_list.c
deleted file mode 100644
index c715f60e0b..0000000000
--- a/src/regress/lib/libssl/unit/cipher_list.c
+++ /dev/null
@@ -1,231 +0,0 @@
1/* $OpenBSD: cipher_list.c,v 1.14 2022/12/17 16:05:28 jsing Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19/*
20 * Test TLS ssl bytes (aka cipher suites) to cipher list and back.
21 *
22 * TLSv1.0 - RFC 2246 section 7.4.1.2 (ClientHello struct)
23 * TLSv1.1 - RFC 4346 section 7.4.1.2 (ClientHello struct)
24 * TLSv1.2 - RFC 5246 section 7.4.1.2 (ClientHello struct)
25 *
26 * In all of these standards, the relevant structures are:
27 *
28 * uint8 CipherSuite[2];
29 *
30 * struct {
31 * ...
32 * CipherSuite cipher_suites<2..2^16-2>
33 * ...
34 * } ClientHello;
35 */
36
37#include <openssl/ssl.h>
38
39#include <stdio.h>
40#include <string.h>
41
42#include "ssl_local.h"
43
44#include "tests.h"
45
46static uint8_t cipher_bytes[] = {
47 0xcc, 0xa8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
48 0xcc, 0xa9, /* ECDHE-RSA-CHACHA20-POLY1305 */
49 0xcc, 0xaa, /* DHE-RSA-CHACHA20-POLY1305 */
50 0x00, 0x9c, /* AES128-GCM-SHA256 */
51 0x00, 0x3d, /* AES256-SHA256 */
52};
53
54static uint8_t cipher_bytes_seclevel3[] = {
55 0xcc, 0xa8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
56 0xcc, 0xa9, /* ECDHE-RSA-CHACHA20-POLY1305 */
57 0xcc, 0xaa, /* DHE-RSA-CHACHA20-POLY1305 */
58};
59
60static uint16_t cipher_values[] = {
61 0xcca8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
62 0xcca9, /* ECDHE-RSA-CHACHA20-POLY1305 */
63 0xccaa, /* DHE-RSA-CHACHA20-POLY1305 */
64 0x009c, /* AES128-GCM-SHA256 */
65 0x003d, /* AES256-SHA256 */
66};
67
68#define N_CIPHERS (sizeof(cipher_bytes) / 2)
69
70static int
71ssl_bytes_to_list_alloc(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
72{
73 SSL_CIPHER *cipher;
74 uint16_t value;
75 CBS cbs;
76 int i;
77
78 CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes));
79
80 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
81 CHECK(*ciphers != NULL);
82 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
83 for (i = 0; i < sk_SSL_CIPHER_num(*ciphers); i++) {
84 cipher = sk_SSL_CIPHER_value(*ciphers, i);
85 CHECK(cipher != NULL);
86 value = SSL_CIPHER_get_value(cipher);
87 CHECK(value == cipher_values[i]);
88 }
89
90 return 1;
91}
92
93static int
94ssl_list_to_bytes_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers,
95 const uint8_t *cb, size_t cb_len)
96{
97 CBB cbb;
98 unsigned char *buf = NULL;
99 size_t buflen, outlen;
100 int ret = 0;
101
102 /* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
103 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
104 buflen = cb_len + 2 + 2;
105 CHECK((buf = calloc(1, buflen)) != NULL);
106
107 /* Clear renegotiate so it adds SCSV */
108 s->renegotiate = 0;
109
110 CHECK_GOTO(CBB_init_fixed(&cbb, buf, buflen));
111 CHECK_GOTO(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
112 CHECK_GOTO(CBB_finish(&cbb, NULL, &outlen));
113
114 CHECK_GOTO(outlen > 0 && outlen == cb_len + 2);
115 CHECK_GOTO(memcmp(buf, cb, cb_len) == 0);
116 CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
117 CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);
118
119 ret = 1;
120
121 err:
122 free(buf);
123 return ret;
124}
125
126static int
127ssl_list_to_bytes_no_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers,
128 const uint8_t *cb, size_t cb_len)
129{
130 CBB cbb;
131 unsigned char *buf = NULL;
132 size_t buflen, outlen;
133 int ret = 0;
134
135 /* Space for cipher bytes and two spare bytes */
136 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
137 buflen = cb_len + 2;
138 CHECK((buf = calloc(1, buflen)) != NULL);
139 buf[buflen - 2] = 0xfe;
140 buf[buflen - 1] = 0xab;
141
142 /* Set renegotiate so it doesn't add SCSV */
143 s->renegotiate = 1;
144
145 CHECK_GOTO(CBB_init_fixed(&cbb, buf, buflen));
146 CHECK_GOTO(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
147 CHECK_GOTO(CBB_finish(&cbb, NULL, &outlen));
148
149 CHECK_GOTO(outlen > 0 && outlen == cb_len);
150 CHECK_GOTO(memcmp(buf, cb, cb_len) == 0);
151 CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);
152
153 ret = 1;
154
155 err:
156 free(buf);
157 return ret;
158}
159
160static int
161ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
162{
163 uint8_t empty_cipher_bytes[] = {0};
164 CBS cbs;
165
166 sk_SSL_CIPHER_free(*ciphers);
167
168 /* Invalid length: CipherSuite is 2 bytes so it must be even */
169 CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes) - 1);
170 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
171 CHECK(*ciphers == NULL);
172
173 /* Invalid length: cipher_suites must be at least 2 */
174 CBS_init(&cbs, empty_cipher_bytes, sizeof(empty_cipher_bytes));
175 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
176 CHECK(*ciphers == NULL);
177
178 return 1;
179}
180
181int
182main(void)
183{
184 STACK_OF(SSL_CIPHER) *ciphers = NULL;
185 SSL_CTX *ctx = NULL;
186 SSL *s = NULL;
187 int rv = 1;
188
189 SSL_library_init();
190
191 /* Use TLSv1.2 client to get all ciphers. */
192 CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
193 CHECK_GOTO((s = SSL_new(ctx)) != NULL);
194 SSL_set_security_level(s, 2);
195
196 if (!ssl_bytes_to_list_alloc(s, &ciphers))
197 goto err;
198 if (!ssl_list_to_bytes_scsv(s, &ciphers, cipher_bytes,
199 sizeof(cipher_bytes)))
200 goto err;
201 if (!ssl_list_to_bytes_no_scsv(s, &ciphers, cipher_bytes,
202 sizeof(cipher_bytes)))
203 goto err;
204 if (!ssl_bytes_to_list_invalid(s, &ciphers))
205 goto err;
206
207 sk_SSL_CIPHER_free(ciphers);
208 ciphers = NULL;
209
210 SSL_set_security_level(s, 3);
211 if (!ssl_bytes_to_list_alloc(s, &ciphers))
212 goto err;
213 if (!ssl_list_to_bytes_scsv(s, &ciphers, cipher_bytes_seclevel3,
214 sizeof(cipher_bytes_seclevel3)))
215 goto err;
216 if (!ssl_list_to_bytes_no_scsv(s, &ciphers, cipher_bytes_seclevel3,
217 sizeof(cipher_bytes_seclevel3)))
218 goto err;
219
220 rv = 0;
221
222 err:
223 sk_SSL_CIPHER_free(ciphers);
224 SSL_CTX_free(ctx);
225 SSL_free(s);
226
227 if (!rv)
228 printf("PASS %s\n", __FILE__);
229
230 return rv;
231}
diff --git a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
deleted file mode 100644
index e26f614e53..0000000000
--- a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
+++ /dev/null
@@ -1,478 +0,0 @@
1/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.13 2024/08/31 12:47:24 jsing Exp $ */
2/*
3 * Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdint.h>
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22
23#include <openssl/bio.h>
24#include <openssl/crypto.h>
25#include <openssl/err.h>
26#include <openssl/ssl.h>
27
28struct peer_config {
29 const char *name;
30 int server;
31 uint16_t max_version;
32 uint16_t min_version;
33 const char *ciphers;
34};
35
36struct ssl_shared_ciphers_test_data {
37 const char *description;
38 struct peer_config client_config;
39 struct peer_config server_config;
40 const char *shared_ciphers;
41 const char *shared_ciphers_without_aesni;
42};
43
44char *server_cert;
45char *server_key;
46
47static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = {
48 {
49 .description = "TLSv1.3 defaults",
50 .client_config = {
51 .name = "client",
52 .server = 0,
53 .max_version = TLS1_3_VERSION,
54 .min_version = TLS1_3_VERSION,
55 .ciphers =
56 "TLS_AES_256_GCM_SHA384:"
57 "TLS_CHACHA20_POLY1305_SHA256:"
58 "TLS_AES_128_GCM_SHA256",
59 },
60 .server_config = {
61 .name = "server",
62 .server = 1,
63 .max_version = TLS1_3_VERSION,
64 .min_version = TLS1_3_VERSION,
65 .ciphers =
66 "TLS_AES_256_GCM_SHA384:"
67 "TLS_CHACHA20_POLY1305_SHA256:"
68 "TLS_AES_128_GCM_SHA256",
69 },
70 .shared_ciphers =
71 "TLS_AES_256_GCM_SHA384:"
72 "TLS_CHACHA20_POLY1305_SHA256:"
73 "TLS_AES_128_GCM_SHA256",
74 },
75
76 {
77 .description = "TLSv1.3, client without ChaCha",
78 .client_config = {
79 .name = "client",
80 .server = 0,
81 .max_version = TLS1_3_VERSION,
82 .min_version = TLS1_3_VERSION,
83 .ciphers =
84 "TLS_AES_256_GCM_SHA384:"
85 "TLS_AES_128_GCM_SHA256",
86 },
87 .server_config = {
88 .name = "server",
89 .server = 1,
90 .max_version = TLS1_3_VERSION,
91 .min_version = TLS1_3_VERSION,
92 .ciphers =
93 "TLS_AES_256_GCM_SHA384:"
94 "TLS_CHACHA20_POLY1305_SHA256:"
95 "TLS_AES_128_GCM_SHA256",
96 },
97 .shared_ciphers =
98 "TLS_AES_256_GCM_SHA384:"
99 "TLS_AES_128_GCM_SHA256",
100 },
101
102 {
103 .description = "TLSv1.2",
104 .client_config = {
105 .name = "client",
106 .server = 0,
107 .max_version = TLS1_2_VERSION,
108 .min_version = TLS1_2_VERSION,
109 .ciphers =
110 "ECDHE-RSA-AES256-GCM-SHA384:"
111 "ECDHE-ECDSA-AES256-GCM-SHA384:"
112 "ECDHE-RSA-AES256-SHA384:"
113 "ECDHE-ECDSA-AES256-SHA384:"
114 "ECDHE-RSA-AES256-SHA:"
115 "ECDHE-ECDSA-AES256-SHA",
116 },
117 .server_config = {
118 .name = "server",
119 .server = 1,
120 .max_version = TLS1_2_VERSION,
121 .min_version = TLS1_2_VERSION,
122 .ciphers =
123 "ECDHE-RSA-AES256-GCM-SHA384:"
124 "ECDHE-ECDSA-AES256-GCM-SHA384:"
125 "ECDHE-RSA-AES256-SHA384:"
126 "ECDHE-ECDSA-AES256-SHA384:"
127 "ECDHE-RSA-AES256-SHA:"
128 "ECDHE-ECDSA-AES256-SHA",
129 },
130 .shared_ciphers =
131 "ECDHE-RSA-AES256-GCM-SHA384:"
132 "ECDHE-ECDSA-AES256-GCM-SHA384:"
133 "ECDHE-RSA-AES256-SHA384:"
134 "ECDHE-ECDSA-AES256-SHA384:"
135 "ECDHE-RSA-AES256-SHA:"
136 "ECDHE-ECDSA-AES256-SHA",
137 },
138
139 {
140 .description = "TLSv1.2, server without ECDSA",
141 .client_config = {
142 .name = "client",
143 .server = 0,
144 .max_version = TLS1_2_VERSION,
145 .min_version = TLS1_2_VERSION,
146 .ciphers =
147 "ECDHE-RSA-AES256-GCM-SHA384:"
148 "ECDHE-ECDSA-AES256-GCM-SHA384:"
149 "ECDHE-RSA-AES256-SHA384:"
150 "ECDHE-ECDSA-AES256-SHA384:"
151 "ECDHE-RSA-AES256-SHA:"
152 "ECDHE-ECDSA-AES256-SHA",
153 },
154 .server_config = {
155 .name = "server",
156 .server = 1,
157 .max_version = TLS1_2_VERSION,
158 .min_version = TLS1_2_VERSION,
159 .ciphers =
160 "ECDHE-RSA-AES256-GCM-SHA384:"
161 "ECDHE-RSA-AES256-SHA384:"
162 "ECDHE-RSA-AES256-SHA",
163 },
164 .shared_ciphers =
165 "ECDHE-RSA-AES256-GCM-SHA384:"
166 "ECDHE-RSA-AES256-SHA384:"
167 "ECDHE-RSA-AES256-SHA",
168 },
169
170 {
171 .description = "TLSv1.3 ciphers are prepended",
172 .client_config = {
173 .name = "client",
174 .server = 0,
175 .max_version = TLS1_3_VERSION,
176 .min_version = TLS1_2_VERSION,
177 .ciphers =
178 "ECDHE-RSA-AES256-GCM-SHA384",
179 },
180 .server_config = {
181 .name = "server",
182 .server = 1,
183 .max_version = TLS1_3_VERSION,
184 .min_version = TLS1_2_VERSION,
185 .ciphers =
186 "ECDHE-RSA-AES256-GCM-SHA384",
187 },
188 .shared_ciphers =
189 "TLS_AES_256_GCM_SHA384:"
190 "TLS_CHACHA20_POLY1305_SHA256:"
191 "TLS_AES_128_GCM_SHA256:"
192 "ECDHE-RSA-AES256-GCM-SHA384",
193 .shared_ciphers_without_aesni =
194 "TLS_CHACHA20_POLY1305_SHA256:"
195 "TLS_AES_256_GCM_SHA384:"
196 "TLS_AES_128_GCM_SHA256:"
197 "ECDHE-RSA-AES256-GCM-SHA384",
198 },
199};
200
201static const size_t N_SHARED_CIPHERS_TESTS =
202 sizeof(ssl_shared_ciphers_tests) / sizeof(ssl_shared_ciphers_tests[0]);
203
204static SSL_CTX *
205peer_config_to_ssl_ctx(const struct peer_config *config)
206{
207 SSL_CTX *ctx;
208
209 if ((ctx = SSL_CTX_new(TLS_method())) == NULL) {
210 fprintf(stderr, "SSL_CTX_new(%s) failed\n", config->name);
211 goto err;
212 }
213 if (!SSL_CTX_set_max_proto_version(ctx, config->max_version)) {
214 fprintf(stderr, "max_proto_version(%s) failed\n", config->name);
215 goto err;
216 }
217 if (!SSL_CTX_set_min_proto_version(ctx, config->min_version)) {
218 fprintf(stderr, "min_proto_version(%s) failed\n", config->name);
219 goto err;
220 }
221 if (!SSL_CTX_set_cipher_list(ctx, config->ciphers)) {
222 fprintf(stderr, "set_cipher_list(%s) failed\n", config->name);
223 goto err;
224 }
225
226 if (config->server) {
227 if (!SSL_CTX_use_certificate_file(ctx, server_cert,
228 SSL_FILETYPE_PEM)) {
229 fprintf(stderr, "use_certificate_file(%s) failed\n",
230 config->name);
231 goto err;
232 }
233 if (!SSL_CTX_use_PrivateKey_file(ctx, server_key,
234 SSL_FILETYPE_PEM)) {
235 fprintf(stderr, "use_PrivateKey_file(%s) failed\n",
236 config->name);
237 goto err;
238 }
239 }
240
241 return ctx;
242
243 err:
244 SSL_CTX_free(ctx);
245 return NULL;
246}
247
248/* Connect client and server via a pair of "nonblocking" memory BIOs. */
249static int
250connect_peers(SSL *client_ssl, SSL *server_ssl, const char *description)
251{
252 BIO *client_wbio = NULL, *server_wbio = NULL;
253 int ret = 0;
254
255 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL) {
256 fprintf(stderr, "%s: failed to create client BIO\n",
257 description);
258 goto err;
259 }
260 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL) {
261 fprintf(stderr, "%s: failed to create server BIO\n",
262 description);
263 goto err;
264 }
265 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0) {
266 fprintf(stderr, "%s: failed to set client eof return\n",
267 description);
268 goto err;
269 }
270 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0) {
271 fprintf(stderr, "%s: failed to set server eof return\n",
272 description);
273 goto err;
274 }
275
276 /* Avoid double free. SSL_set_bio() takes ownership of the BIOs. */
277 BIO_up_ref(client_wbio);
278 BIO_up_ref(server_wbio);
279
280 SSL_set_bio(client_ssl, server_wbio, client_wbio);
281 SSL_set_bio(server_ssl, client_wbio, server_wbio);
282 client_wbio = NULL;
283 server_wbio = NULL;
284
285 ret = 1;
286
287 err:
288 BIO_free(client_wbio);
289 BIO_free(server_wbio);
290
291 return ret;
292}
293
294static int
295push_data_to_peer(SSL *ssl, int *ret, int (*func)(SSL *), const char *func_name,
296 const char *description)
297{
298 int ssl_err = 0;
299
300 if (*ret == 1)
301 return 1;
302
303 /*
304 * Do SSL_connect/SSL_accept/SSL_shutdown once and loop while hitting
305 * WANT_WRITE. If done or on WANT_READ hand off to peer.
306 */
307
308 do {
309 if ((*ret = func(ssl)) <= 0)
310 ssl_err = SSL_get_error(ssl, *ret);
311 } while (*ret <= 0 && ssl_err == SSL_ERROR_WANT_WRITE);
312
313 /* Ignore erroneous error - see SSL_shutdown(3)... */
314 if (func == SSL_shutdown && ssl_err == SSL_ERROR_SYSCALL)
315 return 1;
316
317 if (*ret <= 0 && ssl_err != SSL_ERROR_WANT_READ) {
318 fprintf(stderr, "%s: %s failed\n", description, func_name);
319 ERR_print_errors_fp(stderr);
320 return 0;
321 }
322
323 return 1;
324}
325
326/*
327 * Alternate between loops of SSL_connect() and SSL_accept() as long as only
328 * WANT_READ and WANT_WRITE situations are encountered. A function is repeated
329 * until WANT_READ is returned or it succeeds, then it's the other function's
330 * turn to make progress. Succeeds if SSL_connect() and SSL_accept() return 1.
331 */
332static int
333handshake(SSL *client_ssl, SSL *server_ssl, const char *description)
334{
335 int loops = 0, client_ret = 0, server_ret = 0;
336
337 while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
338 if (!push_data_to_peer(client_ssl, &client_ret, SSL_connect,
339 "SSL_connect", description))
340 return 0;
341
342 if (!push_data_to_peer(server_ssl, &server_ret, SSL_accept,
343 "SSL_accept", description))
344 return 0;
345 }
346
347 if (client_ret != 1 || server_ret != 1) {
348 fprintf(stderr, "%s: failed\n", __func__);
349 return 0;
350 }
351
352 return 1;
353}
354
355static int
356shutdown_peers(SSL *client_ssl, SSL *server_ssl, const char *description)
357{
358 int loops = 0, client_ret = 0, server_ret = 0;
359
360 while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
361 if (!push_data_to_peer(client_ssl, &client_ret, SSL_shutdown,
362 "client shutdown", description))
363 return 0;
364
365 if (!push_data_to_peer(server_ssl, &server_ret, SSL_shutdown,
366 "server shutdown", description))
367 return 0;
368 }
369
370 if (client_ret != 1 || server_ret != 1) {
371 fprintf(stderr, "%s: failed\n", __func__);
372 return 0;
373 }
374
375 return 1;
376}
377
378/* from ssl_ciph.c */
379static inline int
380ssl_aes_is_accelerated(void)
381{
382 return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0;
383}
384
385static int
386check_shared_ciphers(const struct ssl_shared_ciphers_test_data *test,
387 const char *got)
388{
389 const char *want = test->shared_ciphers;
390 int failed;
391
392 if (!ssl_aes_is_accelerated() &&
393 test->shared_ciphers_without_aesni != NULL)
394 want = test->shared_ciphers_without_aesni;
395
396 failed = strcmp(want, got);
397
398 if (failed)
399 fprintf(stderr, "%s: want \"%s\", got \"%s\"\n",
400 test->description, want, got);
401
402 return failed;
403}
404
405static int
406test_get_shared_ciphers(const struct ssl_shared_ciphers_test_data *test)
407{
408 SSL_CTX *client_ctx = NULL, *server_ctx = NULL;
409 SSL *client_ssl = NULL, *server_ssl = NULL;
410 char buf[4096];
411 int failed = 1;
412
413 if ((client_ctx = peer_config_to_ssl_ctx(&test->client_config)) == NULL)
414 goto err;
415 if ((server_ctx = peer_config_to_ssl_ctx(&test->server_config)) == NULL)
416 goto err;
417
418 if ((client_ssl = SSL_new(client_ctx)) == NULL) {
419 fprintf(stderr, "%s: failed to create client SSL\n",
420 test->description);
421 goto err;
422 }
423 if ((server_ssl = SSL_new(server_ctx)) == NULL) {
424 fprintf(stderr, "%s: failed to create server SSL\n",
425 test->description);
426 goto err;
427 }
428
429 if (!connect_peers(client_ssl, server_ssl, test->description))
430 goto err;
431
432 if (!handshake(client_ssl, server_ssl, test->description))
433 goto err;
434
435 if (SSL_get_shared_ciphers(server_ssl, buf, sizeof(buf)) == NULL) {
436 fprintf(stderr, "%s: failed to get shared ciphers\n",
437 test->description);
438 goto err;
439 }
440
441 if (!shutdown_peers(client_ssl, server_ssl, test->description))
442 goto err;
443
444 failed = check_shared_ciphers(test, buf);
445
446 err:
447 SSL_CTX_free(client_ctx);
448 SSL_CTX_free(server_ctx);
449 SSL_free(client_ssl);
450 SSL_free(server_ssl);
451
452 return failed;
453}
454
455int
456main(int argc, char **argv)
457{
458 size_t i;
459 int failed = 0;
460
461 if (asprintf(&server_cert, "%s/server1-rsa.pem", CERTSDIR) == -1) {
462 fprintf(stderr, "asprintf server_cert failed\n");
463 failed = 1;
464 goto err;
465 }
466 server_key = server_cert;
467
468 for (i = 0; i < N_SHARED_CIPHERS_TESTS; i++)
469 failed |= test_get_shared_ciphers(&ssl_shared_ciphers_tests[i]);
470
471 if (failed == 0)
472 printf("PASS %s\n", __FILE__);
473
474 err:
475 free(server_cert);
476
477 return failed;
478}
diff --git a/src/regress/lib/libssl/unit/ssl_methods.c b/src/regress/lib/libssl/unit/ssl_methods.c
deleted file mode 100644
index 0fc33a406c..0000000000
--- a/src/regress/lib/libssl/unit/ssl_methods.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* $OpenBSD: ssl_methods.c,v 1.4 2021/04/04 20:21:43 tb Exp $ */
2/*
3 * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19
20#include <openssl/ssl.h>
21
22struct ssl_method_test_data {
23 const SSL_METHOD *(*method)(void);
24 const char *name;
25 int server;
26 int dtls;
27};
28
29struct ssl_method_test_data ssl_method_tests[] = {
30 {
31 .method = SSLv23_method,
32 .name = "SSLv23_method",
33 .server = 1,
34 .dtls = 0,
35 },
36 {
37 .method = SSLv23_server_method,
38 .name = "SSLv23_server_method",
39 .server = 1,
40 .dtls = 0,
41 },
42 {
43 .method = SSLv23_client_method,
44 .name = "SSLv23_client_method",
45 .server = 0,
46 .dtls = 0,
47 },
48
49 {
50 .method = TLSv1_method,
51 .name = "TLSv1_method",
52 .server = 1,
53 .dtls = 0,
54 },
55 {
56 .method = TLSv1_server_method,
57 .name = "TLSv1_server_method",
58 .server = 1,
59 .dtls = 0,
60 },
61 {
62 .method = TLSv1_client_method,
63 .name = "TLSv1_client_method",
64 .server = 0,
65 .dtls = 0,
66 },
67
68 {
69 .method = TLSv1_1_method,
70 .name = "TLSv1_1_method",
71 .server = 1,
72 .dtls = 0,
73 },
74 {
75 .method = TLSv1_1_server_method,
76 .name = "TLSv1_1_server_method",
77 .server = 1,
78 .dtls = 0,
79 },
80 {
81 .method = TLSv1_1_client_method,
82 .name = "TLSv1_1_client_method",
83 .server = 0,
84 .dtls = 0,
85 },
86
87 {
88 .method = TLSv1_2_method,
89 .name = "TLSv1_2_method",
90 .server = 1,
91 .dtls = 0,
92 },
93 {
94 .method = TLSv1_2_server_method,
95 .name = "TLSv1_2_server_method",
96 .server = 1,
97 .dtls = 0,
98 },
99 {
100 .method = TLSv1_2_client_method,
101 .name = "TLSv1_2_client_method",
102 .server = 0,
103 .dtls = 0,
104 },
105
106 {
107 .method = TLS_method,
108 .name = "TLS_method",
109 .server = 1,
110 .dtls = 0,
111 },
112 {
113 .method = TLS_server_method,
114 .name = "TLS_server_method",
115 .server = 1,
116 .dtls = 0,
117 },
118 {
119 .method = TLS_client_method,
120 .name = "TLS_client_method",
121 .server = 0,
122 .dtls = 0,
123 },
124
125 {
126 .method = DTLSv1_method,
127 .name = "DTLSv1_method",
128 .server = 1,
129 .dtls = 1,
130 },
131 {
132 .method = DTLSv1_server_method,
133 .name = "DTLSv1_server_method",
134 .server = 1,
135 .dtls = 1,
136 },
137 {
138 .method = DTLSv1_client_method,
139 .name = "DTLSv1_client_method",
140 .server = 0,
141 .dtls = 1,
142 },
143
144 {
145 .method = DTLSv1_2_method,
146 .name = "DTLSv1_2_method",
147 .server = 1,
148 .dtls = 1,
149 },
150 {
151 .method = DTLSv1_2_server_method,
152 .name = "DTLSv1_2_server_method",
153 .server = 1,
154 .dtls = 1,
155 },
156 {
157 .method = DTLSv1_2_client_method,
158 .name = "DTLSv1_2_client_method",
159 .server = 0,
160 .dtls = 1,
161 },
162
163 {
164 .method = DTLS_method,
165 .name = "DTLS_method",
166 .server = 1,
167 .dtls = 1,
168 },
169 {
170 .method = DTLS_server_method,
171 .name = "DTLS_server_method",
172 .server = 1,
173 .dtls = 1,
174 },
175 {
176 .method = DTLS_client_method,
177 .name = "DTLS_client_method",
178 .server = 0,
179 .dtls = 1,
180 },
181};
182
183#define N_METHOD_TESTS (sizeof(ssl_method_tests) / sizeof(ssl_method_tests[0]))
184
185int test_client_or_server_method(struct ssl_method_test_data *);
186int test_dtls_method(struct ssl_method_test_data *);
187
188int
189test_client_or_server_method(struct ssl_method_test_data *testcase)
190{
191 SSL_CTX *ssl_ctx;
192 SSL *ssl = NULL;
193 int failed = 1;
194
195 if ((ssl_ctx = SSL_CTX_new(testcase->method())) == NULL) {
196 fprintf(stderr, "SSL_CTX_new returned NULL\n");
197 goto err;
198 }
199
200 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
201 fprintf(stderr, "SSL_new returned NULL\n");
202 goto err;
203 }
204
205 if (SSL_is_server(ssl) != testcase->server) {
206 fprintf(stderr, "%s: SSL_is_server: want %d, got %d\n",
207 testcase->name, testcase->server, SSL_is_server(ssl));
208 goto err;
209 }
210
211 failed = 0;
212
213 err:
214 SSL_free(ssl);
215 SSL_CTX_free(ssl_ctx);
216
217 return failed;
218}
219
220int
221test_dtls_method(struct ssl_method_test_data *testcase)
222{
223 SSL_CTX *ssl_ctx;
224 SSL *ssl = NULL;
225 int failed = 1;
226
227 if ((ssl_ctx = SSL_CTX_new(testcase->method())) == NULL) {
228 fprintf(stderr, "SSL_CTX_new returned NULL\n");
229 goto err;
230 }
231
232 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
233 fprintf(stderr, "SSL_new returned NULL\n");
234 goto err;
235 }
236
237 if (SSL_is_dtls(ssl) != testcase->dtls) {
238 fprintf(stderr, "%s: SSL_is_dtls: want %d, got %d\n",
239 testcase->name, testcase->dtls, SSL_is_dtls(ssl));
240 goto err;
241 }
242
243 failed = 0;
244
245 err:
246 SSL_free(ssl);
247 SSL_CTX_free(ssl_ctx);
248
249 return failed;
250}
251
252int
253main(int argc, char **argv)
254{
255 size_t i;
256 int failed = 0;
257
258 for (i = 0; i < N_METHOD_TESTS; i++) {
259 failed |= test_client_or_server_method(&ssl_method_tests[i]);
260 failed |= test_dtls_method(&ssl_method_tests[i]);
261 }
262
263 if (failed == 0)
264 printf("PASS %s\n", __FILE__);
265
266 return failed;
267}
diff --git a/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c b/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c
deleted file mode 100644
index d8447c8999..0000000000
--- a/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c
+++ /dev/null
@@ -1,470 +0,0 @@
1/* $OpenBSD: ssl_set_alpn_protos.c,v 1.4 2024/07/11 13:51:47 tb Exp $ */
2/*
3 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include <openssl/ssl.h>
22
23static void
24hexdump(const unsigned char *buf, size_t len)
25{
26 size_t i;
27
28 if (buf == NULL) {
29 fprintf(stderr, "(null), len %zu\n", len);
30 return;
31 }
32 for (i = 1; i <= len; i++)
33 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
34 if (len % 8)
35 fprintf(stderr, "\n");
36}
37
38struct alpn_test {
39 const char *description;
40 const uint8_t protocols[24];
41 size_t protocols_len;
42 int ret;
43};
44
45static const struct alpn_test alpn_tests[] = {
46 {
47 .description = "valid protocol list",
48 .protocols = {
49 6, 's', 'p', 'd', 'y', '/', '1',
50 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
51 },
52 .protocols_len = 16,
53 .ret = 0,
54 },
55 {
56 .description = "zero length protocol",
57 .protocols = {
58 0,
59 },
60 .protocols_len = 1,
61 .ret = 1,
62 },
63 {
64 .description = "zero length protocol at start",
65 .protocols = {
66 0,
67 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
68 6, 's', 'p', 'd', 'y', '/', '1',
69 },
70 .protocols_len = 17,
71 .ret = 1,
72 },
73 {
74 .description = "zero length protocol embedded",
75 .protocols = {
76 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
77 0,
78 6, 's', 'p', 'd', 'y', '/', '1',
79 },
80 .protocols_len = 17,
81 .ret = 1,
82 },
83 {
84 .description = "zero length protocol at end",
85 .protocols = {
86 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
87 6, 's', 'p', 'd', 'y', '/', '1',
88 0,
89 },
90 .protocols_len = 17,
91 .ret = 1,
92 },
93 {
94 .description = "protocol length too short",
95 .protocols = {
96 6, 'h', 't', 't', 'p', '/', '1', '.', '1',
97 },
98 .protocols_len = 9,
99 .ret = 1,
100 },
101 {
102 .description = "protocol length too long",
103 .protocols = {
104 8, 's', 'p', 'd', 'y', '/', '1',
105 },
106 .protocols_len = 7,
107 .ret = 1,
108 },
109};
110
111static const size_t N_ALPN_TESTS = sizeof(alpn_tests) / sizeof(alpn_tests[0]);
112
113static int
114test_ssl_set_alpn_protos(const struct alpn_test *tc)
115{
116 SSL_CTX *ctx;
117 SSL *ssl;
118 int ret;
119 int failed = 0;
120
121 if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
122 errx(1, "SSL_CTX_new");
123
124 ret = SSL_CTX_set_alpn_protos(ctx, tc->protocols, tc->protocols_len);
125 if (ret != tc->ret) {
126 warnx("%s: setting on SSL_CTX: want %d, got %d",
127 tc->description, tc->ret, ret);
128 failed = 1;
129 }
130
131 if ((ssl = SSL_new(ctx)) == NULL)
132 errx(1, "SSL_new");
133
134 ret = SSL_set_alpn_protos(ssl, tc->protocols, tc->protocols_len);
135 if (ret != tc->ret) {
136 warnx("%s: setting on SSL: want %d, got %d",
137 tc->description, tc->ret, ret);
138 failed = 1;
139 }
140
141 SSL_CTX_free(ctx);
142 SSL_free(ssl);
143
144 return failed;
145}
146
147static int
148test_ssl_set_alpn_protos_edge_cases(void)
149{
150 SSL_CTX *ctx;
151 SSL *ssl;
152 const uint8_t valid[] = {
153 6, 's', 'p', 'd', 'y', '/', '3',
154 8, 'h', 't', 't', 'p', '/', '1', '.', '1',
155 };
156 int failed = 0;
157
158 if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
159 errx(1, "SSL_CTX_new");
160
161 if (SSL_CTX_set_alpn_protos(ctx, valid, sizeof(valid)) != 0) {
162 warnx("setting valid protocols on SSL_CTX failed");
163 failed = 1;
164 }
165 if (SSL_CTX_set_alpn_protos(ctx, NULL, 0) != 0) {
166 warnx("setting 'NULL, 0' on SSL_CTX failed");
167 failed = 1;
168 }
169 if (SSL_CTX_set_alpn_protos(ctx, valid, 0) != 0) {
170 warnx("setting 'valid, 0' on SSL_CTX failed");
171 failed = 1;
172 }
173 if (SSL_CTX_set_alpn_protos(ctx, NULL, 43) != 0) {
174 warnx("setting 'NULL, 43' on SSL_CTX failed");
175 failed = 1;
176 }
177
178 if ((ssl = SSL_new(ctx)) == NULL)
179 errx(1, "SSL_new");
180
181 if (SSL_set_alpn_protos(ssl, valid, sizeof(valid)) != 0) {
182 warnx("setting valid protocols on SSL failed");
183 failed = 1;
184 }
185 if (SSL_set_alpn_protos(ssl, NULL, 0) != 0) {
186 warnx("setting 'NULL, 0' on SSL failed");
187 failed = 1;
188 }
189 if (SSL_set_alpn_protos(ssl, valid, 0) != 0) {
190 warnx("setting 'valid, 0' on SSL failed");
191 failed = 1;
192 }
193 if (SSL_set_alpn_protos(ssl, NULL, 43) != 0) {
194 warnx("setting 'NULL, 43' on SSL failed");
195 failed = 1;
196 }
197
198 SSL_CTX_free(ctx);
199 SSL_free(ssl);
200
201 return failed;
202}
203
204static const struct select_next_proto_test {
205 const unsigned char *peer_list;
206 size_t peer_list_len;
207 const unsigned char *supported_list;
208 size_t supported_list_len;
209 int want_ret;
210 const unsigned char *want_out;
211 unsigned char want_out_len; /* yes, unsigned char */
212} select_next_proto_tests[] = {
213 {
214 .peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
215 .peer_list_len = 6,
216 .supported_list = "\x01" "a",
217 .supported_list_len = 2,
218 .want_ret = OPENSSL_NPN_NEGOTIATED,
219 .want_out = "a",
220 .want_out_len = 1,
221 },
222 {
223 .peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
224 .peer_list_len = 6,
225 .supported_list = "\x02" "aa" "\x01" "b" "\x01" "c",
226 .supported_list_len = 7,
227 .want_ret = OPENSSL_NPN_NEGOTIATED,
228 .want_out = "b",
229 .want_out_len = 1,
230 },
231 {
232 /* Use peer preference. */
233 .peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
234 .peer_list_len = 6,
235 .supported_list = "\x01" "c" "\x01" "b" "\x01" "a",
236 .supported_list_len = 6,
237 .want_ret = OPENSSL_NPN_NEGOTIATED,
238 .want_out = "a",
239 .want_out_len = 1,
240 },
241 {
242 /* Again peer preference wins. */
243 .peer_list = "\x01" "a" "\x03" "bbb" "\x02" "cc",
244 .peer_list_len = 9,
245 .supported_list = "\x01" "z" "\x02" "cc" "\x03" "bbb",
246 .supported_list_len = 9,
247 .want_ret = OPENSSL_NPN_NEGOTIATED,
248 .want_out = "bbb",
249 .want_out_len = 3,
250 },
251 {
252 /* No overlap fails with first supported protocol. */
253 .peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
254 .peer_list_len = 6,
255 .supported_list = "\x01" "z" "\x01" "y",
256 .supported_list_len = 4,
257 .want_ret = OPENSSL_NPN_NO_OVERLAP,
258 .want_out = "z",
259 .want_out_len = 1,
260 },
261 {
262 /* No peer protocols fails cleanly. */
263 .peer_list = "",
264 .peer_list_len = 0,
265 .supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
266 .supported_list_len = 6,
267 .want_out = "a",
268 .want_out_len = 1,
269 .want_ret = OPENSSL_NPN_NO_OVERLAP,
270 },
271 {
272 /* NULL peer protocols fails cleanly. */
273 .peer_list = NULL,
274 .peer_list_len = 0,
275 .supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
276 .supported_list_len = 6,
277 .want_out = "a",
278 .want_out_len = 1,
279 .want_ret = OPENSSL_NPN_NO_OVERLAP,
280 },
281 {
282 /* Malformed peer protocols fails cleanly. */
283 .peer_list = "\x00",
284 .peer_list_len = 1,
285 .supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
286 .supported_list_len = 6,
287 .want_out = "a",
288 .want_out_len = 1,
289 .want_ret = OPENSSL_NPN_NO_OVERLAP,
290 },
291 {
292 /* Malformed peer protocols fails cleanly. */
293 .peer_list = "\x01" "a" "\x03" "bb",
294 .peer_list_len = 5,
295 .supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
296 .supported_list_len = 6,
297 .want_out = "a",
298 .want_out_len = 1,
299 .want_ret = OPENSSL_NPN_NO_OVERLAP,
300 },
301 {
302 /* Empty supported list fails cleanly. */
303 .peer_list = "\x01" "a",
304 .peer_list_len = 2,
305 .supported_list = "",
306 .supported_list_len = 0,
307 .want_out = NULL,
308 .want_out_len = 0,
309 .want_ret = OPENSSL_NPN_NO_OVERLAP,
310 },
311 {
312 /* NULL supported list fails cleanly. */
313 .peer_list = "\x01" "a",
314 .peer_list_len = 2,
315 .supported_list = NULL,
316 .supported_list_len = 0,
317 .want_out = NULL,
318 .want_out_len = 0,
319 .want_ret = OPENSSL_NPN_NO_OVERLAP,
320 },
321 {
322 /* Malformed supported list fails cleanly. */
323 .peer_list = "\x01" "a",
324 .peer_list_len = 2,
325 .supported_list = "\x01" "a" "\x02" "bb" "\x03" "cc" "\x04" "ddd",
326 .supported_list_len = 12,
327 .want_out = NULL,
328 .want_out_len = 0,
329 .want_ret = OPENSSL_NPN_NO_OVERLAP,
330 },
331 {
332 /* Malformed client list fails cleanly. */
333 .peer_list = "\x01" "a",
334 .peer_list_len = 2,
335 .supported_list = "\x01" "a" "\x02" "bb" "\x00" "\x03" "ddd",
336 .supported_list_len = 10,
337 .want_out = NULL,
338 .want_out_len = 0,
339 .want_ret = OPENSSL_NPN_NO_OVERLAP,
340 },
341
342 /*
343 * Some non-toy examples.
344 */
345
346 {
347 .peer_list = "\x08" "http/1.1" "\x06" "spdy/1",
348 .peer_list_len = 16,
349 .supported_list = "\x08" "http/2.0" "\x08" "http/1.1",
350 .supported_list_len = 18,
351 .want_out = "http/1.1",
352 .want_out_len = 8,
353 .want_ret = OPENSSL_NPN_NEGOTIATED,
354 },
355 {
356 .peer_list = "\x08" "http/2.0" "\x06" "spdy/1",
357 .peer_list_len = 16,
358 .supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
359 .supported_list_len = 18,
360 .want_out = "http/1.0",
361 .want_out_len = 8,
362 .want_ret = OPENSSL_NPN_NO_OVERLAP,
363 },
364 {
365 .peer_list = "\x08" "http/1.1" "\x08" "http/1.0",
366 .peer_list_len = 18,
367 .supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
368 .supported_list_len = 18,
369 .want_out = "http/1.1",
370 .want_out_len = 8,
371 .want_ret = OPENSSL_NPN_NEGOTIATED,
372 },
373 {
374 /* Peer list malformed. */
375 .peer_list = "\x08" "http/1.1" "\x07" "http/1.0",
376 .peer_list_len = 18,
377 .supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
378 .supported_list_len = 18,
379 .want_out = "http/1.0",
380 .want_out_len = 8,
381 .want_ret = OPENSSL_NPN_NO_OVERLAP,
382 },
383 {
384 /* Peer list malformed. */
385 .peer_list = "\x07" "http/1.1" "\x08" "http/1.0",
386 .peer_list_len = 18,
387 .supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
388 .supported_list_len = 18,
389 .want_out = "http/1.0",
390 .want_out_len = 8,
391 .want_ret = OPENSSL_NPN_NO_OVERLAP,
392 },
393 {
394 /* Supported list has trailing bytes. */
395 .peer_list = "\x08" "http/1.1" "\x08" "http/1.0",
396 .peer_list_len = 18,
397 .supported_list = "\x08" "http/1.0" "\x07" "http/1.1",
398 .supported_list_len = 18,
399 .want_out = NULL,
400 .want_out_len = 0,
401 .want_ret = OPENSSL_NPN_NO_OVERLAP,
402 },
403};
404
405#define N_SELECT_NEXT_PROTO_TESTS \
406 (sizeof(select_next_proto_tests) / sizeof(select_next_proto_tests[0]))
407
408static int
409select_next_proto_testcase(const struct select_next_proto_test *test)
410{
411 unsigned char *out;
412 unsigned char out_len;
413 int ret;
414 int failed = 0;
415
416 ret = SSL_select_next_proto(&out, &out_len, test->peer_list,
417 test->peer_list_len, test->supported_list, test->supported_list_len);
418
419 if (ret != test->want_ret || out_len != test->want_out_len ||
420 (out == NULL && test->want_out != NULL) ||
421 (out != NULL && test->want_out == NULL) ||
422 (out != NULL && test->want_out != NULL &&
423 memcmp(out, test->want_out, out_len) != 0)) {
424 fprintf(stderr, "FAIL: ret: %u (want %u), out_len: %u (want %u)\n",
425 ret, test->want_ret, out_len, test->want_out_len);
426 fprintf(stderr, "\ngot:\n");
427 hexdump(out, out_len);
428 fprintf(stderr, "\nwant:\n");
429 hexdump(test->want_out, test->want_out_len);
430 fprintf(stderr, "\nserver:\n");
431 hexdump(test->peer_list, test->peer_list_len);
432 fprintf(stderr, "\nclient:\n");
433 hexdump(test->supported_list, test->supported_list_len);
434 fprintf(stderr, "\n");
435 failed = 1;
436 }
437
438 return failed;
439}
440
441static int
442test_ssl_select_next_proto(void)
443{
444 size_t i;
445 int failed = 0;
446
447 for (i = 0; i < N_SELECT_NEXT_PROTO_TESTS; i++)
448 failed |= select_next_proto_testcase(&select_next_proto_tests[i]);
449
450 return failed;
451}
452
453int
454main(void)
455{
456 size_t i;
457 int failed = 0;
458
459 for (i = 0; i < N_ALPN_TESTS; i++)
460 failed |= test_ssl_set_alpn_protos(&alpn_tests[i]);
461
462 failed |= test_ssl_set_alpn_protos_edge_cases();
463
464 failed |= test_ssl_select_next_proto();
465
466 if (!failed)
467 printf("PASS %s\n", __FILE__);
468
469 return failed;
470}
diff --git a/src/regress/lib/libssl/unit/ssl_verify_param.c b/src/regress/lib/libssl/unit/ssl_verify_param.c
deleted file mode 100644
index cdb52c56a8..0000000000
--- a/src/regress/lib/libssl/unit/ssl_verify_param.c
+++ /dev/null
@@ -1,99 +0,0 @@
1/* $OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */
2
3/*
4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19#include <err.h>
20#include <stdio.h>
21
22#include <openssl/ssl.h>
23#include <openssl/x509v3.h>
24
25unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
26
27static int
28ssl_verify_param_flags_inherited(void)
29{
30 SSL_CTX *ssl_ctx = NULL;
31 SSL *ssl = NULL;
32 X509_VERIFY_PARAM *param;
33 unsigned int defaultflags = 0;
34 unsigned int newflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
35 unsigned int flags;
36 int failed = 1;
37
38 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
39 errx(1, "SSL_CTX_new");
40
41 if ((param = SSL_CTX_get0_param(ssl_ctx)) == NULL) {
42 fprintf(stderr, "FAIL: no verify param on ssl_ctx\n");
43 goto failure;
44 }
45
46 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
47 fprintf(stderr, "FAIL: SSL_CTX default hostflags, "
48 "want: %x, got: %x\n", defaultflags, flags);
49 goto failure;
50 }
51
52 X509_VERIFY_PARAM_set_hostflags(param, newflags);
53
54 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
55 fprintf(stderr, "FAIL: SSL_CTX new hostflags, "
56 "want: %x, got: %x\n", newflags, flags);
57 goto failure;
58 }
59
60 if ((ssl = SSL_new(ssl_ctx)) == NULL)
61 errx(1, "SSL_new");
62
63 if ((param = SSL_get0_param(ssl)) == NULL) {
64 fprintf(stderr, "FAIL: no verify param on ssl\n");
65 goto failure;
66 }
67
68 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
69 fprintf(stderr, "FAIL: SSL inherited hostflags, "
70 "want: %x, got: %x\n", newflags, flags);
71 goto failure;
72 }
73
74 SSL_set_hostflags(ssl, defaultflags);
75
76 if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
77 fprintf(stderr, "FAIL: SSL set hostflags, "
78 "want: %x, got: %x\n", defaultflags, flags);
79 goto failure;
80 }
81
82 failed = 0;
83
84 failure:
85 SSL_CTX_free(ssl_ctx);
86 SSL_free(ssl);
87
88 return failed;
89}
90
91int
92main(void)
93{
94 int failed = 0;
95
96 failed |= ssl_verify_param_flags_inherited();
97
98 return failed;
99}
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
deleted file mode 100644
index ebfe8d2c28..0000000000
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ /dev/null
@@ -1,922 +0,0 @@
1/* $OpenBSD: ssl_versions.c,v 1.20 2023/07/02 17:21:33 beck Exp $ */
2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include "ssl_local.h"
21
22struct version_range_test {
23 const long options;
24 const uint16_t minver;
25 const uint16_t maxver;
26 const uint16_t want_minver;
27 const uint16_t want_maxver;
28};
29
30static struct version_range_test version_range_tests[] = {
31 {
32 .options = 0,
33 .minver = TLS1_VERSION,
34 .maxver = TLS1_3_VERSION,
35 .want_minver = TLS1_2_VERSION,
36 .want_maxver = TLS1_3_VERSION,
37 },
38 {
39 .options = 0,
40 .minver = TLS1_VERSION,
41 .maxver = TLS1_2_VERSION,
42 .want_minver = TLS1_2_VERSION,
43 .want_maxver = TLS1_2_VERSION,
44 },
45 {
46 .options = SSL_OP_NO_TLSv1,
47 .minver = TLS1_VERSION,
48 .maxver = TLS1_2_VERSION,
49 .want_minver = TLS1_2_VERSION,
50 .want_maxver = TLS1_2_VERSION,
51 },
52 {
53 .options = SSL_OP_NO_TLSv1_3,
54 .minver = TLS1_VERSION,
55 .maxver = TLS1_3_VERSION,
56 .want_minver = TLS1_2_VERSION,
57 .want_maxver = TLS1_2_VERSION,
58 },
59 {
60 .options = SSL_OP_NO_TLSv1_2,
61 .minver = TLS1_VERSION,
62 .maxver = TLS1_2_VERSION,
63 .want_minver = 0,
64 .want_maxver = 0,
65 },
66 {
67 .options = SSL_OP_NO_TLSv1_1,
68 .minver = TLS1_VERSION,
69 .maxver = TLS1_2_VERSION,
70 .want_minver = TLS1_2_VERSION,
71 .want_maxver = TLS1_2_VERSION,
72 },
73 {
74 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
75 .minver = TLS1_VERSION,
76 .maxver = TLS1_2_VERSION,
77 .want_minver = TLS1_2_VERSION,
78 .want_maxver = TLS1_2_VERSION,
79 },
80 {
81 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
82 .minver = TLS1_VERSION,
83 .maxver = TLS1_2_VERSION,
84 .want_minver = 0,
85 .want_maxver = 0,
86 },
87 {
88 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
89 .minver = TLS1_VERSION,
90 .maxver = TLS1_2_VERSION,
91 .want_minver = 0,
92 .want_maxver = 0,
93 },
94 {
95 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
96 SSL_OP_NO_TLSv1_2,
97 .minver = TLS1_VERSION,
98 .maxver = TLS1_2_VERSION,
99 .want_minver = 0,
100 .want_maxver = 0,
101 },
102 {
103 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
104 SSL_OP_NO_TLSv1_2,
105 .minver = TLS1_VERSION,
106 .maxver = TLS1_3_VERSION,
107 .want_minver = TLS1_3_VERSION,
108 .want_maxver = TLS1_3_VERSION,
109 },
110 {
111 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
112 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3,
113 .minver = TLS1_VERSION,
114 .maxver = TLS1_3_VERSION,
115 .want_minver = 0,
116 .want_maxver = 0,
117 },
118 {
119 .options = 0,
120 .minver = TLS1_VERSION,
121 .maxver = TLS1_2_VERSION,
122 .want_minver = TLS1_2_VERSION,
123 .want_maxver = TLS1_2_VERSION,
124 },
125 {
126 .options = 0,
127 .minver = TLS1_1_VERSION,
128 .maxver = TLS1_2_VERSION,
129 .want_minver = TLS1_2_VERSION,
130 .want_maxver = TLS1_2_VERSION,
131 },
132 {
133 .options = 0,
134 .minver = TLS1_2_VERSION,
135 .maxver = TLS1_2_VERSION,
136 .want_minver = TLS1_2_VERSION,
137 .want_maxver = TLS1_2_VERSION,
138 },
139 {
140 .options = 0,
141 .minver = TLS1_VERSION,
142 .maxver = TLS1_3_VERSION,
143 .want_minver = TLS1_2_VERSION,
144 .want_maxver = TLS1_3_VERSION,
145 },
146 {
147 .options = 0,
148 .minver = TLS1_1_VERSION,
149 .maxver = TLS1_3_VERSION,
150 .want_minver = TLS1_2_VERSION,
151 .want_maxver = TLS1_3_VERSION,
152 },
153 {
154 .options = 0,
155 .minver = TLS1_2_VERSION,
156 .maxver = TLS1_3_VERSION,
157 .want_minver = TLS1_2_VERSION,
158 .want_maxver = TLS1_3_VERSION,
159 },
160 {
161 .options = 0,
162 .minver = TLS1_3_VERSION,
163 .maxver = TLS1_3_VERSION,
164 .want_minver = TLS1_3_VERSION,
165 .want_maxver = TLS1_3_VERSION,
166 },
167 {
168 .options = 0,
169 .minver = TLS1_VERSION,
170 .maxver = TLS1_1_VERSION,
171 .want_minver = 0,
172 .want_maxver = 0,
173 },
174 {
175 .options = 0,
176 .minver = TLS1_VERSION,
177 .maxver = TLS1_VERSION,
178 .want_minver = 0,
179 .want_maxver = 0,
180 },
181};
182
183#define N_VERSION_RANGE_TESTS \
184 (sizeof(version_range_tests) / sizeof(*version_range_tests))
185
186static int
187test_ssl_enabled_version_range(void)
188{
189 struct version_range_test *vrt;
190 uint16_t minver, maxver;
191 SSL_CTX *ssl_ctx = NULL;
192 SSL *ssl = NULL;
193 int failed = 1;
194 size_t i;
195
196 fprintf(stderr, "INFO: starting enabled version range tests...\n");
197
198 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
199 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
200 goto failure;
201 }
202 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
203 fprintf(stderr, "SSL_new() returned NULL\n");
204 goto failure;
205 }
206
207 failed = 0;
208
209 for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
210 vrt = &version_range_tests[i];
211
212 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
213 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
214 SSL_set_options(ssl, vrt->options);
215
216 minver = maxver = 0xffff;
217 ssl->min_tls_version = vrt->minver;
218 ssl->max_tls_version = vrt->maxver;
219
220 if (ssl_enabled_tls_version_range(ssl, &minver, &maxver) != 1) {
221 if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
222 fprintf(stderr, "FAIL: test %zu - failed but "
223 "wanted non-zero versions\n", i);
224 failed++;
225 }
226 continue;
227 }
228 if (minver != vrt->want_minver) {
229 fprintf(stderr, "FAIL: test %zu - got minver %x, "
230 "want %x\n", i, minver, vrt->want_minver);
231 failed++;
232 }
233 if (maxver != vrt->want_maxver) {
234 fprintf(stderr, "FAIL: test %zu - got maxver %x, "
235 "want %x\n", i, maxver, vrt->want_maxver);
236 failed++;
237 }
238 }
239
240 failure:
241 SSL_CTX_free(ssl_ctx);
242 SSL_free(ssl);
243
244 return (failed);
245}
246
247struct shared_version_test {
248 const SSL_METHOD *(*ssl_method)(void);
249 const long options;
250 const uint16_t minver;
251 const uint16_t maxver;
252 const uint16_t peerver;
253 const uint16_t want_maxver;
254};
255
256static struct shared_version_test shared_version_tests[] = {
257 {
258 .ssl_method = TLS_method,
259 .options = 0,
260 .minver = TLS1_VERSION,
261 .maxver = TLS1_2_VERSION,
262 .peerver = SSL2_VERSION,
263 .want_maxver = 0,
264 },
265 {
266 .ssl_method = TLS_method,
267 .options = 0,
268 .minver = TLS1_VERSION,
269 .maxver = TLS1_2_VERSION,
270 .peerver = SSL3_VERSION,
271 .want_maxver = 0,
272 },
273 {
274 .ssl_method = TLS_method,
275 .options = 0,
276 .minver = TLS1_VERSION,
277 .maxver = TLS1_2_VERSION,
278 .peerver = TLS1_VERSION,
279 .want_maxver = 0,
280 },
281 {
282 .ssl_method = TLS_method,
283 .options = 0,
284 .minver = TLS1_VERSION,
285 .maxver = TLS1_2_VERSION,
286 .peerver = TLS1_1_VERSION,
287 .want_maxver = 0,
288 },
289 {
290 .ssl_method = TLS_method,
291 .options = 0,
292 .minver = TLS1_VERSION,
293 .maxver = TLS1_2_VERSION,
294 .peerver = TLS1_2_VERSION,
295 .want_maxver = TLS1_2_VERSION,
296 },
297 {
298 .ssl_method = TLS_method,
299 .options = 0,
300 .minver = TLS1_VERSION,
301 .maxver = TLS1_2_VERSION,
302 .peerver = TLS1_3_VERSION,
303 .want_maxver = TLS1_2_VERSION,
304 },
305 {
306 .ssl_method = TLS_method,
307 .options = 0,
308 .minver = TLS1_VERSION,
309 .maxver = TLS1_2_VERSION,
310 .peerver = 0x7f12,
311 .want_maxver = TLS1_2_VERSION,
312 },
313 {
314 .ssl_method = TLS_method,
315 .options = SSL_OP_NO_TLSv1_2,
316 .minver = TLS1_VERSION,
317 .maxver = TLS1_2_VERSION,
318 .peerver = TLS1_2_VERSION,
319 .want_maxver = 0,
320 },
321 {
322 .ssl_method = TLS_method,
323 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
324 .minver = TLS1_VERSION,
325 .maxver = TLS1_2_VERSION,
326 .peerver = TLS1_2_VERSION,
327 .want_maxver = 0,
328 },
329 {
330 .ssl_method = TLS_method,
331 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
332 .minver = TLS1_VERSION,
333 .maxver = TLS1_2_VERSION,
334 .peerver = TLS1_2_VERSION,
335 .want_maxver = 0,
336 },
337 {
338 .ssl_method = TLS_method,
339 .options = SSL_OP_NO_TLSv1,
340 .minver = TLS1_VERSION,
341 .maxver = TLS1_2_VERSION,
342 .peerver = TLS1_1_VERSION,
343 .want_maxver = 0,
344 },
345 {
346 .ssl_method = TLS_method,
347 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
348 .minver = TLS1_VERSION,
349 .maxver = TLS1_2_VERSION,
350 .peerver = TLS1_1_VERSION,
351 .want_maxver = 0,
352 },
353 {
354 .ssl_method = TLS_method,
355 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
356 .minver = TLS1_VERSION,
357 .maxver = TLS1_2_VERSION,
358 .peerver = TLS1_1_VERSION,
359 .want_maxver = 0,
360 },
361 {
362 .ssl_method = TLS_method,
363 .options = SSL_OP_NO_TLSv1,
364 .minver = TLS1_VERSION,
365 .maxver = TLS1_2_VERSION,
366 .peerver = TLS1_VERSION,
367 .want_maxver = 0,
368 },
369 {
370 .ssl_method = TLS_method,
371 .options = 0,
372 .minver = TLS1_VERSION,
373 .maxver = TLS1_1_VERSION,
374 .peerver = TLS1_2_VERSION,
375 .want_maxver = 0,
376 },
377 {
378 .ssl_method = TLS_method,
379 .options = 0,
380 .minver = TLS1_VERSION,
381 .maxver = TLS1_VERSION,
382 .peerver = TLS1_2_VERSION,
383 .want_maxver = 0,
384 },
385 {
386 .ssl_method = TLSv1_method,
387 .options = 0,
388 .minver = TLS1_VERSION,
389 .maxver = TLS1_2_VERSION,
390 .peerver = TLS1_VERSION,
391 .want_maxver = 0,
392 },
393 {
394 .ssl_method = TLSv1_method,
395 .options = 0,
396 .minver = TLS1_1_VERSION,
397 .maxver = TLS1_2_VERSION,
398 .peerver = TLS1_VERSION,
399 .want_maxver = 0,
400 },
401 {
402 .ssl_method = TLSv1_1_method,
403 .options = 0,
404 .minver = TLS1_VERSION,
405 .maxver = TLS1_2_VERSION,
406 .peerver = TLS1_1_VERSION,
407 .want_maxver = 0,
408 },
409 {
410 .ssl_method = DTLS_method,
411 .options = 0,
412 .minver = TLS1_1_VERSION,
413 .maxver = TLS1_2_VERSION,
414 .peerver = DTLS1_VERSION,
415 .want_maxver = 0,
416 },
417 {
418 .ssl_method = DTLS_method,
419 .options = 0,
420 .minver = TLS1_1_VERSION,
421 .maxver = TLS1_2_VERSION,
422 .peerver = DTLS1_2_VERSION,
423 .want_maxver = DTLS1_2_VERSION,
424 },
425 {
426 .ssl_method = DTLS_method,
427 .options = 0,
428 .minver = TLS1_1_VERSION,
429 .maxver = TLS1_2_VERSION,
430 .peerver = 0xfefc, /* DTLSv1.3, probably. */
431 .want_maxver = DTLS1_2_VERSION,
432 },
433 {
434 .ssl_method = DTLSv1_method,
435 .options = 0,
436 .minver = TLS1_1_VERSION,
437 .maxver = TLS1_1_VERSION,
438 .peerver = DTLS1_2_VERSION,
439 .want_maxver = 0,
440 },
441 {
442 .ssl_method = DTLSv1_2_method,
443 .options = 0,
444 .minver = TLS1_2_VERSION,
445 .maxver = TLS1_2_VERSION,
446 .peerver = DTLS1_2_VERSION,
447 .want_maxver = DTLS1_2_VERSION,
448 },
449 {
450 .ssl_method = DTLSv1_method,
451 .options = 0,
452 .minver = TLS1_1_VERSION,
453 .maxver = TLS1_1_VERSION,
454 .peerver = TLS1_2_VERSION,
455 .want_maxver = 0,
456 },
457 {
458 .ssl_method = DTLS_method,
459 .options = SSL_OP_NO_DTLSv1,
460 .minver = TLS1_1_VERSION,
461 .maxver = TLS1_2_VERSION,
462 .peerver = DTLS1_VERSION,
463 .want_maxver = 0,
464 },
465 {
466 .ssl_method = DTLS_method,
467 .options = SSL_OP_NO_DTLSv1,
468 .minver = TLS1_1_VERSION,
469 .maxver = TLS1_2_VERSION,
470 .peerver = DTLS1_2_VERSION,
471 .want_maxver = DTLS1_2_VERSION,
472 },
473 {
474 .ssl_method = DTLS_method,
475 .options = SSL_OP_NO_DTLSv1_2,
476 .minver = TLS1_1_VERSION,
477 .maxver = TLS1_2_VERSION,
478 .peerver = DTLS1_2_VERSION,
479 .want_maxver = 0,
480 },
481};
482
483#define N_SHARED_VERSION_TESTS \
484 (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
485
486static int
487test_ssl_max_shared_version(void)
488{
489 struct shared_version_test *svt;
490 SSL_CTX *ssl_ctx = NULL;
491 SSL *ssl = NULL;
492 uint16_t maxver;
493 int failed = 0;
494 size_t i;
495
496 failed = 0;
497
498 fprintf(stderr, "INFO: starting max shared version tests...\n");
499
500 for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
501 svt = &shared_version_tests[i];
502
503 if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
504 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
505 failed++;
506 goto err;
507 }
508 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
509 fprintf(stderr, "SSL_new() returned NULL\n");
510 failed++;
511 goto err;
512 }
513
514 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
515 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
516 SSL_set_options(ssl, svt->options);
517
518 maxver = 0;
519 ssl->min_tls_version = svt->minver;
520 ssl->max_tls_version = svt->maxver;
521
522 if (!ssl_max_shared_version(ssl, svt->peerver, &maxver)) {
523 if (svt->want_maxver != 0) {
524 fprintf(stderr, "FAIL: test %zu - failed but "
525 "wanted non-zero shared version (peer %x)\n",
526 i, svt->peerver);
527 failed++;
528 }
529 SSL_CTX_free(ssl_ctx);
530 SSL_free(ssl);
531 ssl_ctx = NULL;
532 ssl = NULL;
533 continue;
534 }
535 if (maxver != svt->want_maxver) {
536 fprintf(stderr, "FAIL: test %zu - got shared "
537 "version %x, want %x\n", i, maxver,
538 svt->want_maxver);
539 failed++;
540 }
541
542 SSL_CTX_free(ssl_ctx);
543 SSL_free(ssl);
544 ssl_ctx = NULL;
545 ssl = NULL;
546 }
547
548 err:
549 SSL_CTX_free(ssl_ctx);
550 SSL_free(ssl);
551
552 return (failed);
553}
554
555struct min_max_version_test {
556 const SSL_METHOD *(*ssl_method)(void);
557 const uint16_t minver;
558 const uint16_t maxver;
559 const uint16_t want_minver;
560 const uint16_t want_maxver;
561 const int want_min_fail;
562 const int want_max_fail;
563};
564
565static struct min_max_version_test min_max_version_tests[] = {
566 {
567 .ssl_method = TLS_method,
568 .minver = 0,
569 .maxver = 0,
570 .want_minver = 0,
571 .want_maxver = 0,
572 },
573 {
574 .ssl_method = TLS_method,
575 .minver = TLS1_VERSION,
576 .maxver = 0,
577 .want_minver = TLS1_VERSION,
578 .want_maxver = 0,
579 },
580 {
581 .ssl_method = TLS_method,
582 .minver = 0,
583 .maxver = TLS1_2_VERSION,
584 .want_minver = 0,
585 .want_maxver = TLS1_2_VERSION,
586 },
587 {
588 .ssl_method = TLS_method,
589 .minver = 0,
590 .maxver = TLS1_3_VERSION,
591 .want_minver = 0,
592 .want_maxver = TLS1_3_VERSION,
593 },
594 {
595 .ssl_method = TLS_method,
596 .minver = TLS1_VERSION,
597 .maxver = TLS1_2_VERSION,
598 .want_minver = TLS1_VERSION,
599 .want_maxver = TLS1_2_VERSION,
600 },
601 {
602 .ssl_method = TLS_method,
603 .minver = TLS1_1_VERSION,
604 .maxver = 0,
605 .want_minver = TLS1_1_VERSION,
606 .want_maxver = 0,
607 },
608 {
609 .ssl_method = TLS_method,
610 .minver = TLS1_2_VERSION,
611 .maxver = 0,
612 .want_minver = TLS1_2_VERSION,
613 .want_maxver = 0,
614 },
615 {
616 .ssl_method = TLS_method,
617 .minver = 0x0300,
618 .maxver = 0,
619 .want_minver = TLS1_VERSION,
620 .want_maxver = 0,
621 },
622 {
623 .ssl_method = TLS_method,
624 .minver = 0x0305,
625 .maxver = 0,
626 .want_min_fail = 1,
627 },
628 {
629 .ssl_method = TLS_method,
630 .minver = 0,
631 .maxver = 0x0305,
632 .want_minver = 0,
633 .want_maxver = TLS1_3_VERSION,
634 },
635 {
636 .ssl_method = TLS_method,
637 .minver = 0,
638 .maxver = TLS1_1_VERSION,
639 .want_minver = 0,
640 .want_maxver = TLS1_1_VERSION,
641 },
642 {
643 .ssl_method = TLS_method,
644 .minver = 0,
645 .maxver = TLS1_VERSION,
646 .want_minver = 0,
647 .want_maxver = TLS1_VERSION,
648 },
649 {
650 .ssl_method = TLS_method,
651 .minver = 0,
652 .maxver = 0x0300,
653 .want_max_fail = 1,
654 },
655 {
656 .ssl_method = TLS_method,
657 .minver = TLS1_2_VERSION,
658 .maxver = TLS1_1_VERSION,
659 .want_minver = TLS1_2_VERSION,
660 .want_maxver = 0,
661 .want_max_fail = 1,
662 },
663 {
664 .ssl_method = TLSv1_1_method,
665 .minver = 0,
666 .maxver = 0,
667 .want_minver = 0,
668 .want_maxver = 0,
669 },
670 {
671 .ssl_method = TLSv1_1_method,
672 .minver = TLS1_VERSION,
673 .maxver = TLS1_2_VERSION,
674 .want_minver = TLS1_1_VERSION,
675 .want_maxver = TLS1_1_VERSION,
676 },
677 {
678 .ssl_method = TLSv1_1_method,
679 .minver = TLS1_2_VERSION,
680 .maxver = 0,
681 .want_minver = 0,
682 .want_maxver = 0,
683 .want_min_fail = 1,
684 },
685 {
686 .ssl_method = TLSv1_1_method,
687 .minver = 0,
688 .maxver = TLS1_VERSION,
689 .want_minver = 0,
690 .want_maxver = 0,
691 .want_max_fail = 1,
692 },
693 {
694 .ssl_method = DTLS_method,
695 .minver = 0,
696 .maxver = 0,
697 .want_minver = 0,
698 .want_maxver = 0,
699 },
700 {
701 .ssl_method = DTLS_method,
702 .minver = 0,
703 .maxver = DTLS1_VERSION,
704 .want_minver = 0,
705 .want_maxver = DTLS1_VERSION,
706 },
707 {
708 .ssl_method = DTLS_method,
709 .minver = DTLS1_VERSION,
710 .maxver = 0,
711 .want_minver = DTLS1_VERSION,
712 .want_maxver = 0,
713 },
714 {
715 .ssl_method = DTLS_method,
716 .minver = DTLS1_VERSION,
717 .maxver = DTLS1_2_VERSION,
718 .want_minver = DTLS1_VERSION,
719 .want_maxver = DTLS1_2_VERSION,
720 },
721 {
722 .ssl_method = DTLSv1_method,
723 .minver = 0,
724 .maxver = 0,
725 .want_minver = 0,
726 .want_maxver = 0,
727 },
728 {
729 .ssl_method = DTLSv1_method,
730 .minver = DTLS1_VERSION,
731 .maxver = 0,
732 .want_minver = DTLS1_VERSION,
733 .want_maxver = 0,
734 },
735 {
736 .ssl_method = DTLSv1_method,
737 .minver = 0,
738 .maxver = DTLS1_VERSION,
739 .want_minver = 0,
740 .want_maxver = DTLS1_VERSION,
741 },
742 {
743 .ssl_method = DTLSv1_method,
744 .minver = 0,
745 .maxver = DTLS1_2_VERSION,
746 .want_minver = 0,
747 .want_maxver = DTLS1_VERSION,
748 },
749 {
750 .ssl_method = DTLSv1_method,
751 .minver = TLS1_VERSION,
752 .maxver = TLS1_2_VERSION,
753 .want_minver = 0,
754 .want_maxver = 0,
755 .want_min_fail = 1,
756 .want_max_fail = 1,
757 },
758};
759
760#define N_MIN_MAX_VERSION_TESTS \
761 (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
762
763static int
764test_ssl_min_max_version(void)
765{
766 struct min_max_version_test *mmvt;
767 SSL_CTX *ssl_ctx = NULL;
768 SSL *ssl = NULL;
769 int failed = 0;
770 size_t i;
771
772 failed = 0;
773
774 fprintf(stderr, "INFO: starting min max version tests...\n");
775
776 for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
777 mmvt = &min_max_version_tests[i];
778
779 if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
780 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
781 return 1;
782 }
783
784 if (!SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver)) {
785 if (!mmvt->want_min_fail) {
786 fprintf(stderr, "FAIL: test %zu - failed to set "
787 "SSL_CTX min version\n", i);
788 failed++;
789 }
790 goto next;
791 }
792 if (!SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver)) {
793 if (!mmvt->want_max_fail) {
794 fprintf(stderr, "FAIL: test %zu - failed to set "
795 "SSL_CTX min version\n", i);
796 failed++;
797 }
798 goto next;
799 }
800
801 if (mmvt->want_min_fail) {
802 fprintf(stderr, "FAIL: test %zu - successfully set "
803 "SSL_CTX min version, should have failed\n", i);
804 failed++;
805 goto next;
806 }
807 if (mmvt->want_max_fail) {
808 fprintf(stderr, "FAIL: test %zu - successfully set "
809 "SSL_CTX max version, should have failed\n", i);
810 failed++;
811 goto next;
812 }
813
814 if (SSL_CTX_get_min_proto_version(ssl_ctx) != mmvt->want_minver) {
815 fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
816 "version 0x%x, want 0x%x\n", i,
817 SSL_CTX_get_min_proto_version(ssl_ctx), mmvt->want_minver);
818 failed++;
819 goto next;
820 }
821 if (SSL_CTX_get_max_proto_version(ssl_ctx) != mmvt->want_maxver) {
822 fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
823 "version 0x%x, want 0x%x\n", i,
824 SSL_CTX_get_max_proto_version(ssl_ctx), mmvt->want_maxver);
825 failed++;
826 goto next;
827 }
828
829 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
830 fprintf(stderr, "SSL_new() returned NULL\n");
831 return 1;
832 }
833
834 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
835 fprintf(stderr, "FAIL: test %zu - initial SSL min "
836 "version 0x%x, want 0x%x\n", i,
837 SSL_get_min_proto_version(ssl), mmvt->want_minver);
838 failed++;
839 goto next;
840 }
841 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
842 fprintf(stderr, "FAIL: test %zu - initial SSL max "
843 "version 0x%x, want 0x%x\n", i,
844 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
845 failed++;
846 goto next;
847 }
848
849 if (!SSL_set_min_proto_version(ssl, mmvt->minver)) {
850 if (mmvt->want_min_fail) {
851 fprintf(stderr, "FAIL: test %zu - failed to set "
852 "SSL min version\n", i);
853 failed++;
854 }
855 goto next;
856 }
857 if (!SSL_set_max_proto_version(ssl, mmvt->maxver)) {
858 if (mmvt->want_max_fail) {
859 fprintf(stderr, "FAIL: test %zu - failed to set "
860 "SSL min version\n", i);
861 failed++;
862 }
863 goto next;
864 }
865
866 if (mmvt->want_min_fail) {
867 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
868 "min version, should have failed\n", i);
869 failed++;
870 goto next;
871 }
872 if (mmvt->want_max_fail) {
873 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
874 "max version, should have failed\n", i);
875 failed++;
876 goto next;
877 }
878
879 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
880 fprintf(stderr, "FAIL: test %zu - got SSL min "
881 "version 0x%x, want 0x%x\n", i,
882 SSL_get_min_proto_version(ssl), mmvt->want_minver);
883 failed++;
884 goto next;
885 }
886 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
887 fprintf(stderr, "FAIL: test %zu - got SSL max "
888 "version 0x%x, want 0x%x\n", i,
889 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
890 failed++;
891 goto next;
892 }
893
894 next:
895 SSL_CTX_free(ssl_ctx);
896 SSL_free(ssl);
897
898 ssl_ctx = NULL;
899 ssl = NULL;
900 }
901
902 return (failed);
903}
904
905int
906main(int argc, char **argv)
907{
908 int failed = 0;
909
910 SSL_library_init();
911
912 /* XXX - Test ssl_supported_version_range() */
913
914 failed |= test_ssl_enabled_version_range();
915 failed |= test_ssl_max_shared_version();
916 failed |= test_ssl_min_max_version();
917
918 if (failed == 0)
919 printf("PASS %s\n", __FILE__);
920
921 return (failed);
922}
diff --git a/src/regress/lib/libssl/unit/tests.h b/src/regress/lib/libssl/unit/tests.h
deleted file mode 100644
index 287816946a..0000000000
--- a/src/regress/lib/libssl/unit/tests.h
+++ /dev/null
@@ -1,44 +0,0 @@
1/* $OpenBSD: tests.h,v 1.1 2015/06/27 23:35:52 doug Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef LIBRESSL_REGRESS_TESTS_H__
19#define LIBRESSL_REGRESS_TESTS_H__ 1
20
21/* Ugly macros that are useful for regression tests. */
22
23#define SKIP(a) do { \
24 printf("Skipping test in %s [%s:%d]\n", __func__, __FILE__, \
25 __LINE__); \
26} while (0)
27
28#define CHECK(a) do { \
29 if (!(a)) { \
30 printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
31 __LINE__); \
32 return 0; \
33 } \
34} while (0)
35
36#define CHECK_GOTO(a) do { \
37 if (!(a)) { \
38 printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
39 __LINE__); \
40 goto err; \
41 } \
42} while (0)
43
44#endif /* LIBRESSL_REGRESS_TESTS_H__ */
diff --git a/src/regress/lib/libssl/unit/tls_ext_alpn.c b/src/regress/lib/libssl/unit/tls_ext_alpn.c
deleted file mode 100644
index d00f3efb5f..0000000000
--- a/src/regress/lib/libssl/unit/tls_ext_alpn.c
+++ /dev/null
@@ -1,442 +0,0 @@
1/* $OpenBSD: tls_ext_alpn.c,v 1.9 2022/11/26 16:08:57 tb Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Test TLS extension Application-Layer Protocol Negotiation (RFC 7301).
20 */
21#include <stdio.h>
22#include <openssl/ssl.h>
23
24#include "ssl_local.h"
25#include "ssl_tlsext.h"
26
27#include "tests.h"
28
29/*
30 * In the ProtocolNameList, ProtocolNames must not include empty strings and
31 * byte strings must not be truncated.
32 *
33 * This uses some of the IANA approved protocol names from:
34 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
35 */
36
37/* Valid for client and server since it only has one name. */
38static uint8_t proto_single[] = {
39 /* Extension extensions<0..2^16-1> -- All TLS extensions */
40 0x00, 0x0f, /* len */
41 /* ExtensionType extension_type */
42 0x00, 0x10, /* ALPN */
43 /* opaque extension_data<0..2^16-1> */
44 0x00, 0x0b, /* len */
45 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
46 0x00, 0x09, /* len of all names */
47 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
48 0x08, /* len */
49 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
50};
51
52/* Valid for client, but NOT server. Server must have exactly one name. */
53static uint8_t proto_multiple1[] = {
54 /* Extension extensions<0..2^16-1> -- All TLS extensions */
55 0x00, 0x19, /* len */
56 /* ExtensionType extension_type */
57 0x00, 0x10, /* ALPN */
58 /* opaque extension_data<0..2^16-1> */
59 0x00, 0x15, /* len */
60 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
61 0x00, 0x13, /* len of all names */
62 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
63 0x08, /* len */
64 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
65 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
66 0x09, /* len */
67 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
68};
69
70/* Valid for client, but NOT server. Server must have exactly one name. */
71static uint8_t proto_multiple2[] = {
72 /* Extension extensions<0..2^16-1> -- All TLS extensions */
73 0x00, 0x1c, /* len */
74 /* ExtensionType extension_type */
75 0x00, 0x10, /* ALPN */
76 /* opaque extension_data<0..2^16-1> */
77 0x00, 0x18, /* len */
78 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
79 0x00, 0x16, /* len of all names */
80 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
81 0x08, /* len */
82 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
83 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
84 0x02, /* len */
85 0x68, 0x32,
86 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
87 0x09, /* len */
88 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
89};
90
91/* Valid for client, but NOT server. Server must have exactly one name. */
92static uint8_t proto_multiple3[] = {
93 /* Extension extensions<0..2^16-1> -- All TLS extensions */
94 0x00, 0x20, /* len */
95 /* ExtensionType extension_type */
96 0x00, 0x10, /* ALPN */
97 /* opaque extension_data<0..2^16-1> */
98 0x00, 0x1c, /* len */
99 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
100 0x00, 0x1a, /* len of all names */
101 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
102 0x08, /* len */
103 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
104 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
105 0x02, /* len */
106 0x68, 0x32,
107 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
108 0x09, /* len */
109 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e,
110 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
111 0x03, /* len */
112 0x68, 0x32, 0x63
113};
114
115static uint8_t proto_empty[] = {
116 /* Extension extensions<0..2^16-1> -- All TLS extensions. */
117 0x00, 0x00, /* none present. */
118};
119
120/* Invalid for both client and server. Length is wrong. */
121static uint8_t proto_invalid_len1[] = {
122 /* Extension extensions<0..2^16-1> -- All TLS extensions */
123 0x00, 0x0a, /* len */
124 /* ExtensionType extension_type */
125 0x00, 0x10, /* ALPN */
126 /* opaque extension_data<0..2^16-1> */
127 0x00, 0x06, /* len */
128 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
129 0x00, 0x04, /* len of all names */
130 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
131 0x04, /* XXX len too large */
132 0x68, 0x32, 0x63
133};
134static uint8_t proto_invalid_len2[] = {
135 /* Extension extensions<0..2^16-1> -- All TLS extensions */
136 0x00, 0x0a, /* len */
137 /* ExtensionType extension_type */
138 0x00, 0x10, /* ALPN */
139 /* opaque extension_data<0..2^16-1> */
140 0x00, 0x06, /* len */
141 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
142 0x00, 0x04, /* len of all names */
143 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
144 0x02, /* XXX len too small */
145 0x68, 0x32, 0x63
146};
147static uint8_t proto_invalid_len3[] = {
148 /* Extension extensions<0..2^16-1> -- All TLS extensions */
149 0x00, 0x0a, /* len */
150 /* ExtensionType extension_type */
151 0x00, 0x10, /* ALPN */
152 /* opaque extension_data<0..2^16-1> */
153 0x00, 0x06, /* len */
154 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
155 0x00, 0x03, /* XXX len too small */
156 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
157 0x03, /* len */
158 0x68, 0x32, 0x63
159};
160static uint8_t proto_invalid_len4[] = {
161 /* Extension extensions<0..2^16-1> -- All TLS extensions */
162 0x00, 0x0a, /* len */
163 /* ExtensionType extension_type */
164 0x00, 0x10, /* ALPN */
165 /* opaque extension_data<0..2^16-1> */
166 0x00, 0x06, /* len */
167 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
168 0x00, 0x06, /* XXX len too large */
169 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
170 0x03, /* len */
171 0x68, 0x32, 0x63
172};
173static uint8_t proto_invalid_len5[] = {
174 /* Extension extensions<0..2^16-1> -- All TLS extensions */
175 0x00, 0x0a, /* len */
176 /* ExtensionType extension_type */
177 0x00, 0x10, /* ALPN */
178 /* opaque extension_data<0..2^16-1> */
179 0x01, 0x08, /* XXX len too large */
180 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
181 0x00, 0x04, /* len */
182 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
183 0x03, /* len */
184 0x68, 0x32, 0x63
185};
186static uint8_t proto_invalid_len6[] = {
187 /* Extension extensions<0..2^16-1> -- All TLS extensions */
188 0x00, 0x0a, /* len */
189 /* ExtensionType extension_type */
190 0x00, 0x10, /* ALPN */
191 /* opaque extension_data<0..2^16-1> */
192 0x00, 0x05, /* XXX len too small */
193 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
194 0x00, 0x04, /* len */
195 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
196 0x03, /* len */
197 0x68, 0x32, 0x63
198};
199static uint8_t proto_invalid_len7[] = {
200 /* Extension extensions<0..2^16-1> -- All TLS extensions */
201 0x00, 0x06, /* XXX len too small */
202 /* ExtensionType extension_type */
203 0x00, 0x10, /* ALPN */
204 /* opaque extension_data<0..2^16-1> */
205 0x00, 0x06, /* len */
206 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
207 0x00, 0x04, /* len */
208 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
209 0x03, /* len */
210 0x68, 0x32, 0x63
211};
212static uint8_t proto_invalid_len8[] = {
213 /* Extension extensions<0..2^16-1> -- All TLS extensions */
214 0x00, 0x0b, /* XXX len too large */
215 /* ExtensionType extension_type */
216 0x00, 0x10, /* ALPN */
217 /* opaque extension_data<0..2^16-1> */
218 0x00, 0x06, /* len */
219 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
220 0x00, 0x04, /* len */
221 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
222 0x03, /* len */
223 0x68, 0x32, 0x63
224};
225
226/* Invalid for client and server since it is missing data. */
227static uint8_t proto_invalid_missing1[] = {
228 /* Extension extensions<0..2^16-1> -- All TLS extensions */
229 0x00, 0x0a, /* len */
230 /* ExtensionType extension_type */
231 0x00, 0x10, /* ALPN */
232 /* opaque extension_data<0..2^16-1> */
233 0x00, 0x06, /* len */
234 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
235 0x00, 0x04, /* len of all names */
236 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
237 /* XXX missing */
238};
239static uint8_t proto_invalid_missing2[] = {
240 /* Extension extensions<0..2^16-1> -- All TLS extensions */
241 0x00, 0x0a, /* len */
242 /* ExtensionType extension_type */
243 0x00, 0x10, /* ALPN */
244 /* opaque extension_data<0..2^16-1> */
245 0x00, 0x00, /* XXX missing name list */
246 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
247};
248static uint8_t proto_invalid_missing3[] = {
249 /* Extension extensions<0..2^16-1> -- All TLS extensions */
250 0x00, 0x0a, /* len */
251 /* ExtensionType extension_type */
252 0x00, 0x10, /* ALPN */
253 /* opaque extension_data<0..2^16-1> */
254 0x00, 0x02, /* XXX size is sufficient but missing data for name list */
255 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
256};
257static uint8_t proto_invalid_missing4[] = {
258 /* Extension extensions<0..2^16-1> -- All TLS extensions */
259 0x00, 0x0a, /* len */
260 /* ExtensionType extension_type */
261 0x00, 0x10, /* ALPN */
262 /* opaque extension_data<0..2^16-1> */
263 /* XXX missing */
264};
265static uint8_t proto_invalid_missing5[] = {
266 /* Extension extensions<0..2^16-1> -- All TLS extensions */
267 0x00, 0x1c, /* len */
268 /* ExtensionType extension_type */
269 0x00, 0x10, /* ALPN */
270 /* opaque extension_data<0..2^16-1> */
271 0x00, 0x18, /* len */
272 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
273 0x00, 0x16, /* len of all names */
274 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
275 0x08, /* len */
276 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
277 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
278 0x02, /* len */
279 0x68, 0x32,
280 /* XXX missing name */
281};
282static uint8_t proto_invalid_missing6[] = {
283 /* Extension extensions<0..2^16-1> -- All TLS extensions */
284 0x00, 0x07, /* len */
285 /* ExtensionType extension_type */
286 0x00, 0x10, /* ALPN */
287 /* opaque extension_data<0..2^16-1> */
288 0x00, 0x03, /* len */
289 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
290 0x00, 0x01, /* XXX len must be at least 2 */
291 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
292 0x00, /* XXX len cannot be 0 */
293};
294static uint8_t proto_invalid_missing7[] = {
295 /* Extension extensions<0..2^16-1> -- All TLS extensions */
296 0x00, 0x07, /* len */
297 /* ExtensionType extension_type */
298 0x00, 0x10, /* ALPN */
299 /* opaque extension_data<0..2^16-1> */
300 0x00, 0x03, /* len */
301 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
302 0x00, 0x02, /* XXX len is at least 2 but not correct. */
303 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
304 0x00, /* XXX len cannot be 0 */
305};
306static uint8_t proto_invalid_missing8[] = {
307 /* Extension extensions<0..2^16-1> -- All TLS extensions */
308 0x00, 0x01, /* len */
309 /* ExtensionType extension_type */
310 0x00, /* XXX need a 2 byte type */
311};
312static uint8_t proto_invalid_missing9[] = {
313 /* Extension extensions<0..2^16-1> -- All TLS extensions */
314 0x0a, /* XXX need a 2 byte len */
315};
316
317
318#define CHECK_BOTH(c_val, s_val, proto) do { \
319 { \
320 CBS cbs; \
321 int al; \
322 \
323 CBS_init(&cbs, proto, sizeof(proto)); \
324 CHECK(c_val == tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)); \
325 CBS_init(&cbs, proto, sizeof(proto)); \
326 CHECK(s_val == tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)); \
327 } \
328} while (0)
329
330static int dummy_alpn_cb(SSL *ssl, const unsigned char **out,
331 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
332 void *arg);
333
334static int
335check_valid_alpn(SSL *s)
336{
337 const uint8_t str[] = {
338 0x08, /* len */
339 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
340 };
341
342 /* Setup in order to test ALPN. */
343 CHECK(! SSL_set_alpn_protos(s, str, 9));
344 SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);
345
346 /* Prerequisites to test these. */
347 CHECK(s->alpn_client_proto_list != NULL);
348 CHECK(s->ctx->alpn_select_cb != NULL);
349 //CHECK(s->s3->tmp.finish_md_len == 0);
350
351 CHECK_BOTH(1, 1, proto_single);
352 CHECK_BOTH(1, 1, proto_empty);
353
354 /* Multiple protocol names are only valid for client */
355 CHECK_BOTH(1, 0, proto_multiple1);
356 CHECK_BOTH(1, 0, proto_multiple2);
357 CHECK_BOTH(1, 0, proto_multiple3);
358
359 return 1;
360}
361
362/*
363 * Some of the IANA approved IDs from:
364 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
365 */
366static int
367check_invalid_alpn(SSL *s)
368{
369 const uint8_t str[] = {
370 0x08, /* len */
371 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
372 };
373
374 /* Setup in order to test ALPN. */
375 CHECK(! SSL_set_alpn_protos(s, str, 9));
376 SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);
377
378 /* Prerequisites to test these. */
379 CHECK(s->alpn_client_proto_list != NULL);
380 CHECK(s->ctx->alpn_select_cb != NULL);
381 //CHECK(s->s3->tmp.finish_md_len == 0);
382
383 /* None of these are valid for client or server */
384 CHECK_BOTH(0, 0, proto_invalid_len1);
385 CHECK_BOTH(0, 0, proto_invalid_len2);
386 CHECK_BOTH(0, 0, proto_invalid_len3);
387 CHECK_BOTH(0, 0, proto_invalid_len4);
388 CHECK_BOTH(0, 0, proto_invalid_len5);
389 CHECK_BOTH(0, 0, proto_invalid_len6);
390 CHECK_BOTH(0, 0, proto_invalid_len7);
391 CHECK_BOTH(0, 0, proto_invalid_len8);
392 CHECK_BOTH(0, 0, proto_invalid_missing1);
393 CHECK_BOTH(0, 0, proto_invalid_missing2);
394 CHECK_BOTH(0, 0, proto_invalid_missing3);
395 CHECK_BOTH(0, 0, proto_invalid_missing4);
396 CHECK_BOTH(0, 0, proto_invalid_missing5);
397 CHECK_BOTH(0, 0, proto_invalid_missing6);
398 CHECK_BOTH(0, 0, proto_invalid_missing7);
399 CHECK_BOTH(0, 0, proto_invalid_missing8);
400 CHECK_BOTH(0, 0, proto_invalid_missing9);
401
402 return 1;
403}
404
405int
406dummy_alpn_cb(SSL *ssl __attribute__((unused)), const unsigned char **out,
407 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
408 void *arg __attribute__((unused)))
409{
410 *out = in;
411 *outlen = (unsigned char)inlen;
412
413 return 0;
414}
415
416int
417main(void)
418{
419 SSL_CTX *ctx = NULL;
420 SSL *s = NULL;
421 int rv = 1;
422
423 SSL_library_init();
424
425 CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
426 CHECK_GOTO((s = SSL_new(ctx)) != NULL);
427
428 if (!check_valid_alpn(s))
429 goto err;
430 if (!check_invalid_alpn(s))
431 goto err;
432
433 rv = 0;
434
435err:
436 SSL_CTX_free(ctx);
437 SSL_free(s);
438
439 if (!rv)
440 printf("PASS %s\n", __FILE__);
441 return rv;
442}
diff --git a/src/regress/lib/libssl/unit/tls_prf.c b/src/regress/lib/libssl/unit/tls_prf.c
deleted file mode 100644
index 8cb17cb057..0000000000
--- a/src/regress/lib/libssl/unit/tls_prf.c
+++ /dev/null
@@ -1,182 +0,0 @@
1/* $OpenBSD: tls_prf.c,v 1.11 2024/07/16 14:38:59 jsing Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include "ssl_local.h"
21
22int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
23 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
24 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
25 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
26
27#define TLS_PRF_OUT_LEN 128
28
29struct tls_prf_test {
30 const unsigned char *desc;
31 const SSL_METHOD *(*ssl_method)(void);
32 const uint16_t cipher_value;
33 const unsigned char out[TLS_PRF_OUT_LEN];
34};
35
36static const struct tls_prf_test tls_prf_tests[] = {
37 {
38 .desc = "SHA256",
39 .ssl_method = TLSv1_2_method,
40 .cipher_value = 0x0033,
41 .out = {
42 0x37, 0xa7, 0x06, 0x71, 0x6e, 0x19, 0x19, 0xda,
43 0x23, 0x8c, 0xcc, 0xb4, 0x2f, 0x31, 0x64, 0x9d,
44 0x05, 0x29, 0x1c, 0x33, 0x7e, 0x09, 0x1b, 0x0c,
45 0x0e, 0x23, 0xc1, 0xb0, 0x40, 0xcc, 0x31, 0xf7,
46 0x55, 0x66, 0x68, 0xd9, 0xa8, 0xae, 0x74, 0x75,
47 0xf3, 0x46, 0xe9, 0x3a, 0x54, 0x9d, 0xe0, 0x8b,
48 0x7e, 0x6c, 0x63, 0x1c, 0xfa, 0x2f, 0xfd, 0xc9,
49 0xd3, 0xf1, 0xd3, 0xfe, 0x7b, 0x9e, 0x14, 0x95,
50 0xb5, 0xd0, 0xad, 0x9b, 0xee, 0x78, 0x8c, 0x83,
51 0x18, 0x58, 0x7e, 0xa2, 0x23, 0xc1, 0x8b, 0x62,
52 0x94, 0x12, 0xcb, 0xb6, 0x60, 0x69, 0x32, 0xfe,
53 0x98, 0x0e, 0x93, 0xb0, 0x8e, 0x5c, 0xfb, 0x6e,
54 0xdb, 0x9a, 0xc2, 0x9f, 0x8c, 0x5c, 0x43, 0x19,
55 0xeb, 0x4a, 0x52, 0xad, 0x62, 0x2b, 0xdd, 0x9f,
56 0xa3, 0x74, 0xa6, 0x96, 0x61, 0x4d, 0x98, 0x40,
57 0x63, 0xa6, 0xd4, 0xbb, 0x17, 0x11, 0x75, 0xed,
58 },
59 },
60 {
61 .desc = "SHA384",
62 .ssl_method = TLSv1_2_method,
63 .cipher_value = 0x009d,
64 .out = {
65 0x00, 0x93, 0xc3, 0xfd, 0xa7, 0xbb, 0xdc, 0x5b,
66 0x13, 0x3a, 0xe6, 0x8b, 0x1b, 0xac, 0xf3, 0xfb,
67 0x3c, 0x9a, 0x78, 0xf6, 0x19, 0xf0, 0x13, 0x0f,
68 0x0d, 0x01, 0x9d, 0xdf, 0x0a, 0x28, 0x38, 0xce,
69 0x1a, 0x9b, 0x43, 0xbe, 0x56, 0x12, 0xa7, 0x16,
70 0x58, 0xe1, 0x8a, 0xe4, 0xc5, 0xbb, 0x10, 0x4c,
71 0x3a, 0xf3, 0x7f, 0xd3, 0xdb, 0xe4, 0xe0, 0x3d,
72 0xcc, 0x83, 0xca, 0xf0, 0xf9, 0x69, 0xcc, 0x70,
73 0x83, 0x32, 0xf6, 0xfc, 0x81, 0x80, 0x02, 0xe8,
74 0x31, 0x1e, 0x7c, 0x3b, 0x34, 0xf7, 0x34, 0xd1,
75 0xcf, 0x2a, 0xc4, 0x36, 0x2f, 0xe9, 0xaa, 0x7f,
76 0x6d, 0x1f, 0x5e, 0x0e, 0x39, 0x05, 0x15, 0xe1,
77 0xa2, 0x9a, 0x4d, 0x97, 0x8c, 0x62, 0x46, 0xf1,
78 0x87, 0x65, 0xd8, 0xe9, 0x14, 0x11, 0xa6, 0x48,
79 0xd7, 0x0e, 0x6e, 0x70, 0xad, 0xfb, 0x3f, 0x36,
80 0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
81 },
82 },
83};
84
85#define N_TLS_PRF_TESTS \
86 (sizeof(tls_prf_tests) / sizeof(*tls_prf_tests))
87
88#define TLS_PRF_SEED1 "tls prf seed 1"
89#define TLS_PRF_SEED2 "tls prf seed 2"
90#define TLS_PRF_SEED3 "tls prf seed 3"
91#define TLS_PRF_SEED4 "tls prf seed 4"
92#define TLS_PRF_SEED5 "tls prf seed 5"
93#define TLS_PRF_SECRET "tls prf secretz"
94
95static void
96hexdump(const unsigned char *buf, size_t len)
97{
98 size_t i;
99
100 for (i = 1; i <= len; i++)
101 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
102
103 fprintf(stderr, "\n");
104}
105
106static int
107do_tls_prf_test(int test_no, const struct tls_prf_test *tpt)
108{
109 unsigned char *out = NULL;
110 const SSL_CIPHER *cipher;
111 SSL_CTX *ssl_ctx = NULL;
112 SSL *ssl = NULL;
113 int failure = 1;
114 int len;
115
116 fprintf(stderr, "Test %d - %s\n", test_no, tpt->desc);
117
118 if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL)
119 errx(1, "failed to allocate out");
120
121 if ((ssl_ctx = SSL_CTX_new(tpt->ssl_method())) == NULL)
122 errx(1, "failed to create SSL context");
123 if ((ssl = SSL_new(ssl_ctx)) == NULL)
124 errx(1, "failed to create SSL context");
125
126 if ((cipher = ssl3_get_cipher_by_value(tpt->cipher_value)) == NULL) {
127 fprintf(stderr, "FAIL: no cipher %hx\n", tpt->cipher_value);
128 goto failure;
129 }
130
131 ssl->s3->hs.cipher = cipher;
132
133 for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
134 memset(out, 'A', TLS_PRF_OUT_LEN);
135
136 if (tls1_PRF(ssl, TLS_PRF_SECRET, sizeof(TLS_PRF_SECRET),
137 TLS_PRF_SEED1, sizeof(TLS_PRF_SEED1), TLS_PRF_SEED2,
138 sizeof(TLS_PRF_SEED2), TLS_PRF_SEED3, sizeof(TLS_PRF_SEED3),
139 TLS_PRF_SEED4, sizeof(TLS_PRF_SEED4), TLS_PRF_SEED5,
140 sizeof(TLS_PRF_SEED5), out, len) != 1) {
141 fprintf(stderr, "FAIL: tls_PRF failed for len %d\n",
142 len);
143 goto failure;
144 }
145
146 if (memcmp(out, tpt->out, len) != 0) {
147 fprintf(stderr, "FAIL: tls_PRF output differs for "
148 "len %d\n", len);
149 fprintf(stderr, "output:\n");
150 hexdump(out, TLS_PRF_OUT_LEN);
151 fprintf(stderr, "test data:\n");
152 hexdump(tpt->out, TLS_PRF_OUT_LEN);
153 fprintf(stderr, "\n");
154 goto failure;
155 }
156 }
157
158 failure = 0;
159
160 failure:
161 SSL_free(ssl);
162 SSL_CTX_free(ssl_ctx);
163
164 free(out);
165
166 return failure;
167}
168
169int
170main(int argc, char **argv)
171{
172 int failed = 0;
173 size_t i;
174
175 SSL_library_init();
176 SSL_load_error_strings();
177
178 for (i = 0; i < N_TLS_PRF_TESTS; i++)
179 failed |= do_tls_prf_test(i, &tls_prf_tests[i]);
180
181 return failed;
182}
diff --git a/src/regress/lib/libssl/verify/Makefile b/src/regress/lib/libssl/verify/Makefile
deleted file mode 100644
index 515b22e07a..0000000000
--- a/src/regress/lib/libssl/verify/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
1# $OpenBSD: Makefile,v 1.1.1.1 2021/08/30 17:27:45 tb Exp $
2
3.if !(make(clean) || make(cleandir) || make(obj))
4. if !exists(/usr/local/libdata/perl5/site_perl/IO/Socket/SSL.pm)
5regress:
6 @echo "missing package p5-IO-Socket-SSL"
7 @echo SKIPPED
8. endif
9.endif
10PROGS += verify
11
12.for p in ${PROGS}
13REGRESS_TARGETS += run-$p
14.endfor
15
16LDADD = -lcrypto -lssl
17DPADD = ${LIBCRYPTO} ${LIBSSL}
18WARNINGS = Yes
19CFLAGS += -DLIBRESSL_INTERNAL -Wundef -Werror
20
21PERL ?= perl
22
23REGRESS_SETUP_ONCE += create-libressl-test-certs
24create-libressl-test-certs: create-libressl-test-certs.pl
25 ${PERL} ${.CURDIR}/$@.pl
26
27
28CLEANFILES += *.pem *.key
29
30.for p in ${PROGS}
31run-$p: $p
32 ./$p
33
34.PHONY: run-$p
35.endfor
36
37.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/verify/create-libressl-test-certs.pl b/src/regress/lib/libssl/verify/create-libressl-test-certs.pl
deleted file mode 100644
index f38494966e..0000000000
--- a/src/regress/lib/libssl/verify/create-libressl-test-certs.pl
+++ /dev/null
@@ -1,111 +0,0 @@
1#!/usr/bin/perl
2
3# Copyright (c) 2021 Steffen Ullrich <sullr@cpan.org>
4# Public Domain
5
6use strict;
7use warnings;
8use IO::Socket::SSL::Utils;
9
10# primitive CA - ROOT
11my @ca = cert(
12 CA => 1,
13 subject => { CN => 'ROOT' }
14);
15out('caR.pem', pem(crt => $ca[0]));
16out('caR.key', pem(key => $ca[1]));
17
18# server certificate where SAN contains in-label wildcards, which a
19# client MAY choose to accept as per RFC 6125 section 6.4.3.
20my @leafcert = cert(
21 issuer => \@ca,
22 purpose => 'server',
23 subject => { CN => 'server.local' },
24 subjectAltNames => [
25 [ DNS => 'bar.server.local' ],
26 [ DNS => 'www*.server.local'],
27 [ DNS => '*.www.server.local'],
28 [ DNS => 'foo.server.local' ],
29 [ DNS => 'server.local' ],
30 ]
31);
32out('server-unusual-wildcard.pem', pem(@leafcert));
33
34@leafcert = cert(
35 issuer => \@ca,
36 purpose => 'server',
37 subject => { CN => 'server.local' },
38 subjectAltNames => [
39 [ DNS => 'bar.server.local' ],
40 [ DNS => '*.www.server.local'],
41 [ DNS => 'foo.server.local' ],
42 [ DNS => 'server.local' ],
43 ]
44);
45out('server-common-wildcard.pem', pem(@leafcert));
46
47# alternative CA - OLD_ROOT
48my @caO = cert(
49 CA => 1,
50 subject => { CN => 'OLD_ROOT' }
51);
52out('caO.pem', pem(crt => $caO[0]));
53out('caO.key', pem(key => $caO[1]));
54
55# alternative ROOT CA, signed by OLD_ROOT, same key as other ROOT CA
56my @caX = cert(
57 issuer => \@caO,
58 CA => 1,
59 subject => { CN => 'ROOT' },
60 key => $ca[1],
61);
62out('caX.pem', pem(crt => $caX[0]));
63out('caX.key', pem(key => $caX[1]));
64
65# subCA below ROOT
66my @subcaR = cert(
67 issuer => \@ca,
68 CA => 1,
69 subject => { CN => 'SubCA.of.ROOT' }
70);
71out('subcaR.pem', pem(crt => $subcaR[0]));
72out('subcaR.key', pem(key => $subcaR[1]));
73out('chainSX.pem', pem($subcaR[0]), pem($caX[0]));
74
75@leafcert = cert(
76 issuer => \@subcaR,
77 purpose => 'server',
78 subject => { CN => 'server.subca.local' },
79 subjectAltNames => [
80 [ DNS => 'server.subca.local' ],
81 ]
82);
83out('server-subca.pem', pem(@leafcert));
84out('server-subca-chainSX.pem', pem(@leafcert, $subcaR[0], $caX[0]));
85out('server-subca-chainS.pem', pem(@leafcert, $subcaR[0]));
86
87
88sub cert { CERT_create(not_after => 10*365*86400+time(), @_) }
89sub pem {
90 my @default = qw(crt key);
91 my %m = (key => \&PEM_key2string, crt => \&PEM_cert2string);
92 my $result = '';
93 while (my $f = shift(@_)) {
94 my $v;
95 if ($f =~m{^(key|crt)$}) {
96 $v = shift(@_);
97 } else {
98 $v = $f;
99 $f = shift(@default) || 'crt';
100 }
101 $f = $m{$f} || die "wrong key $f";
102 $result .= $f->($v);
103 }
104 return $result;
105}
106
107sub out {
108 my $file = shift;
109 open(my $fh,'>',"$file") or die "failed to create $file: $!";
110 print $fh @_
111}
diff --git a/src/regress/lib/libssl/verify/verify.c b/src/regress/lib/libssl/verify/verify.c
deleted file mode 100644
index 8784396a79..0000000000
--- a/src/regress/lib/libssl/verify/verify.c
+++ /dev/null
@@ -1,373 +0,0 @@
1/* $OpenBSD: verify.c,v 1.1.1.1 2021/08/30 17:27:45 tb Exp $ */
2/*
3 * Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* Based on https://github.com/noxxi/libressl-tests */
19
20#include <stdint.h>
21#include <stdio.h>
22#include <stdlib.h>
23#include <string.h>
24
25#include <openssl/bio.h>
26#include <openssl/crypto.h>
27#include <openssl/err.h>
28#include <openssl/x509_vfy.h>
29#include <openssl/ssl.h>
30
31struct peer_config {
32 const char *name;
33 int server;
34 const char *cert;
35 const char *key;
36 const char *ca_file;
37};
38
39struct ssl_wildcard_test_data {
40 const char *description;
41 struct peer_config client_config;
42 struct peer_config server_config;
43 long verify_result;
44};
45
46static const struct ssl_wildcard_test_data ssl_wildcard_tests[] = {
47 {
48 .description = "unusual wildcard cert, no CA given to client",
49 .client_config = {
50 .name = "client",
51 .server = 0,
52 .cert = NULL,
53 .ca_file = NULL,
54 },
55 .server_config = {
56 .name = "server",
57 .server = 1,
58 .cert = "server-unusual-wildcard.pem",
59 .key = "server-unusual-wildcard.pem",
60 },
61 /* OpenSSL returns X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE */
62 .verify_result = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
63 },
64
65 {
66 .description = "unusual wildcard cert, CA given to client",
67 .client_config = {
68 .name = "client",
69 .server = 0,
70 .cert = NULL,
71 .ca_file = "caR.pem",
72 },
73 .server_config = {
74 .name = "server",
75 .server = 1,
76 .cert = "server-unusual-wildcard.pem",
77 .key = "server-unusual-wildcard.pem",
78 },
79 .verify_result = X509_V_OK,
80 },
81
82 {
83 .description = "common wildcard cert, no CA given to client",
84 .client_config = {
85 .name = "client",
86 .server = 0,
87 .cert = NULL,
88 .ca_file = NULL,
89 },
90 .server_config = {
91 .name = "server",
92 .server = 1,
93 .cert = "server-common-wildcard.pem",
94 .key = "server-common-wildcard.pem",
95 },
96 /* OpenSSL returns X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE */
97 .verify_result = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
98 },
99
100 {
101 .description = "common wildcard cert, CA given to client",
102 .client_config = {
103 .name = "client",
104 .server = 0,
105 .cert = NULL,
106 .ca_file = "caR.pem",
107 },
108 .server_config = {
109 .name = "server",
110 .server = 1,
111 .cert = "server-common-wildcard.pem",
112 .key = "server-common-wildcard.pem",
113 },
114 .verify_result = X509_V_OK,
115 },
116
117 {
118 .description = "server sends all chain certificates",
119 .client_config = {
120 .name = "client",
121 .server = 0,
122 .cert = NULL,
123 .ca_file = "caR.pem",
124 },
125 .server_config = {
126 .name = "server",
127 .server = 1,
128 .cert = "server-subca-chainS.pem",
129 .key = "server-subca-chainS.pem",
130 .ca_file = "subcaR.pem"
131 },
132 .verify_result = X509_V_OK,
133 },
134};
135
136static const size_t N_SSL_WILDCARD_TESTS =
137 sizeof(ssl_wildcard_tests) / sizeof(ssl_wildcard_tests[0]);
138
139static SSL_CTX *
140peer_config_to_ssl_ctx(const struct peer_config *config)
141{
142 SSL_CTX *ctx;
143
144 if ((ctx = SSL_CTX_new(TLS_method())) == NULL) {
145 fprintf(stderr, "SSL_CTX_new(%s) failed\n", config->name);
146 goto err;
147 }
148
149 if (config->server) {
150 if (!SSL_CTX_use_certificate_file(ctx, config->cert,
151 SSL_FILETYPE_PEM)) {
152 fprintf(stderr, "use_certificate_file(%s) failed\n",
153 config->name);
154 goto err;
155 }
156 if (config->key != NULL && !SSL_CTX_use_PrivateKey_file(ctx,
157 config->key, SSL_FILETYPE_PEM)) {
158 fprintf(stderr, "use_PrivateKey_file(%s) failed\n",
159 config->name);
160 goto err;
161 }
162 }
163
164 if (config->ca_file != NULL) {
165 if (!SSL_CTX_load_verify_locations(ctx, config->ca_file, NULL)) {
166 fprintf(stderr, "load_verify_locations(%s) failed\n",
167 config->name);
168 goto err;
169 }
170 }
171
172 return ctx;
173
174 err:
175 SSL_CTX_free(ctx);
176 return NULL;
177}
178
179/* Connect client and server via a pair of "nonblocking" memory BIOs. */
180static int
181connect_peers(SSL *client_ssl, SSL *server_ssl, const char *description)
182{
183 BIO *client_wbio = NULL, *server_wbio = NULL;
184 int ret = 0;
185
186 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL) {
187 fprintf(stderr, "%s: failed to create client BIO\n",
188 description);
189 goto err;
190 }
191 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL) {
192 fprintf(stderr, "%s: failed to create server BIO\n",
193 description);
194 goto err;
195 }
196 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0) {
197 fprintf(stderr, "%s: failed to set client eof return\n",
198 description);
199 goto err;
200 }
201 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0) {
202 fprintf(stderr, "%s: failed to set server eof return\n",
203 description);
204 goto err;
205 }
206
207 /* Avoid double free. SSL_set_bio() takes ownership of the BIOs. */
208 BIO_up_ref(client_wbio);
209 BIO_up_ref(server_wbio);
210
211 SSL_set_bio(client_ssl, server_wbio, client_wbio);
212 SSL_set_bio(server_ssl, client_wbio, server_wbio);
213 client_wbio = NULL;
214 server_wbio = NULL;
215
216 ret = 1;
217
218 err:
219 BIO_free(client_wbio);
220 BIO_free(server_wbio);
221
222 return ret;
223}
224
225static int
226push_data_to_peer(SSL *ssl, int *ret, int (*func)(SSL *), const char *func_name,
227 const char *description)
228{
229 int ssl_err = 0;
230
231 if (*ret == 1)
232 return 1;
233
234 /*
235 * Do SSL_connect/SSL_accept/SSL_shutdown once and loop while hitting
236 * WANT_WRITE. If done or on WANT_READ hand off to peer.
237 */
238
239 do {
240 if ((*ret = func(ssl)) <= 0)
241 ssl_err = SSL_get_error(ssl, *ret);
242 } while (*ret <= 0 && ssl_err == SSL_ERROR_WANT_WRITE);
243
244 /* Ignore erroneous error - see SSL_shutdown(3)... */
245 if (func == SSL_shutdown && ssl_err == SSL_ERROR_SYSCALL)
246 return 1;
247
248 if (*ret <= 0 && ssl_err != SSL_ERROR_WANT_READ) {
249 fprintf(stderr, "%s: %s failed\n", description, func_name);
250 ERR_print_errors_fp(stderr);
251 return 0;
252 }
253
254 return 1;
255}
256
257/*
258 * Alternate between loops of SSL_connect() and SSL_accept() as long as only
259 * WANT_READ and WANT_WRITE situations are encountered. A function is repeated
260 * until WANT_READ is returned or it succeeds, then it's the other function's
261 * turn to make progress. Succeeds if SSL_connect() and SSL_accept() return 1.
262 */
263static int
264handshake(SSL *client_ssl, SSL *server_ssl, const char *description)
265{
266 int loops = 0, client_ret = 0, server_ret = 0;
267
268 while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
269 if (!push_data_to_peer(client_ssl, &client_ret, SSL_connect,
270 "SSL_connect", description))
271 return 0;
272
273 if (!push_data_to_peer(server_ssl, &server_ret, SSL_accept,
274 "SSL_accept", description))
275 return 0;
276 }
277
278 if (client_ret != 1 || server_ret != 1) {
279 fprintf(stderr, "%s: failed\n", __func__);
280 return 0;
281 }
282
283 return 1;
284}
285
286static int
287shutdown_peers(SSL *client_ssl, SSL *server_ssl, const char *description)
288{
289 int loops = 0, client_ret = 0, server_ret = 0;
290
291 while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
292 if (!push_data_to_peer(client_ssl, &client_ret, SSL_shutdown,
293 "client shutdown", description))
294 return 0;
295
296 if (!push_data_to_peer(server_ssl, &server_ret, SSL_shutdown,
297 "server shutdown", description))
298 return 0;
299 }
300
301 if (client_ret != 1 || server_ret != 1) {
302 fprintf(stderr, "%s: failed\n", __func__);
303 return 0;
304 }
305
306 return 1;
307}
308
309static int
310test_ssl_wildcards(const struct ssl_wildcard_test_data *test)
311{
312 SSL_CTX *client_ctx = NULL, *server_ctx = NULL;
313 SSL *client_ssl = NULL, *server_ssl = NULL;
314 long verify_result;
315 int failed = 1;
316
317 if ((client_ctx = peer_config_to_ssl_ctx(&test->client_config)) == NULL)
318 goto err;
319 if ((server_ctx = peer_config_to_ssl_ctx(&test->server_config)) == NULL)
320 goto err;
321
322 if ((client_ssl = SSL_new(client_ctx)) == NULL) {
323 fprintf(stderr, "%s: failed to create client SSL\n",
324 test->description);
325 goto err;
326 }
327 if ((server_ssl = SSL_new(server_ctx)) == NULL) {
328 fprintf(stderr, "%s: failed to create server SSL\n",
329 test->description);
330 goto err;
331 }
332
333 if (!connect_peers(client_ssl, server_ssl, test->description))
334 goto err;
335
336 if (!handshake(client_ssl, server_ssl, test->description))
337 goto err;
338
339 verify_result = SSL_get_verify_result(client_ssl);
340
341 if (test->verify_result == verify_result) {
342 failed = 0;
343 fprintf(stderr, "%s: ok\n", test->description);
344 } else
345 fprintf(stderr, "%s: verify_result: want %ld, got %ld\n",
346 test->description, test->verify_result, verify_result);
347
348 if (!shutdown_peers(client_ssl, server_ssl, test->description))
349 goto err;
350
351 err:
352 SSL_CTX_free(client_ctx);
353 SSL_CTX_free(server_ctx);
354 SSL_free(client_ssl);
355 SSL_free(server_ssl);
356
357 return failed;
358}
359
360int
361main(int argc, char **argv)
362{
363 size_t i;
364 int failed = 0;
365
366 for (i = 0; i < N_SSL_WILDCARD_TESTS; i++)
367 failed |= test_ssl_wildcards(&ssl_wildcard_tests[i]);
368
369 if (failed == 0)
370 printf("PASS %s\n", __FILE__);
371
372 return failed;
373}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-04 09:08:07 +0000