summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libssl')
-rw-r--r--src/regress/lib/libssl/Makefile22
-rw-r--r--src/regress/lib/libssl/Makefile.inc2
-rw-r--r--src/regress/lib/libssl/asn1/Makefile10
-rw-r--r--src/regress/lib/libssl/asn1/asn1test.c478
-rw-r--r--src/regress/lib/libssl/buffer/Makefile10
-rw-r--r--src/regress/lib/libssl/buffer/buffertest.c156
-rw-r--r--src/regress/lib/libssl/bytestring/Makefile9
-rw-r--r--src/regress/lib/libssl/bytestring/bytestringtest.c876
-rw-r--r--src/regress/lib/libssl/certs/ca.pem45
-rw-r--r--src/regress/lib/libssl/certs/client.pem51
-rw-r--r--src/regress/lib/libssl/certs/server.pem51
-rw-r--r--src/regress/lib/libssl/ciphers/Makefile9
-rw-r--r--src/regress/lib/libssl/ciphers/cipherstest.c175
-rw-r--r--src/regress/lib/libssl/client/Makefile9
-rw-r--r--src/regress/lib/libssl/client/clienttest.c446
-rw-r--r--src/regress/lib/libssl/handshake/Makefile45
-rw-r--r--src/regress/lib/libssl/handshake/handshake_table.c516
-rw-r--r--src/regress/lib/libssl/handshake/valid_handshakes_terminate.c57
-rw-r--r--src/regress/lib/libssl/interop/LICENSE15
-rw-r--r--src/regress/lib/libssl/interop/Makefile10
-rw-r--r--src/regress/lib/libssl/interop/Makefile.inc91
-rw-r--r--src/regress/lib/libssl/interop/README22
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile84
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile175
-rw-r--r--src/regress/lib/libssl/interop/client.c232
-rw-r--r--src/regress/lib/libssl/interop/libressl/Makefile37
-rw-r--r--src/regress/lib/libssl/interop/netcat/Makefile90
-rw-r--r--src/regress/lib/libssl/interop/openssl/Makefile43
-rw-r--r--src/regress/lib/libssl/interop/openssl11/Makefile43
-rw-r--r--src/regress/lib/libssl/interop/server.c279
-rw-r--r--src/regress/lib/libssl/interop/session/Makefile45
-rw-r--r--src/regress/lib/libssl/interop/util.c145
-rw-r--r--src/regress/lib/libssl/interop/util.h23
-rw-r--r--src/regress/lib/libssl/key_schedule/Makefile9
-rw-r--r--src/regress/lib/libssl/key_schedule/key_schedule.c317
-rw-r--r--src/regress/lib/libssl/pqueue/Makefile17
-rw-r--r--src/regress/lib/libssl/pqueue/expected.txt3
-rw-r--r--src/regress/lib/libssl/pqueue/pq_test.c118
-rw-r--r--src/regress/lib/libssl/record/Makefile10
-rw-r--r--src/regress/lib/libssl/record/recordtest.c554
-rw-r--r--src/regress/lib/libssl/server/Makefile18
-rw-r--r--src/regress/lib/libssl/server/servertest.c200
-rw-r--r--src/regress/lib/libssl/ssl/Makefile16
-rw-r--r--src/regress/lib/libssl/ssl/ssltest.c1988
-rw-r--r--src/regress/lib/libssl/ssl/testssl138
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile9
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c3571
-rw-r--r--src/regress/lib/libssl/unit/Makefile24
-rw-r--r--src/regress/lib/libssl/unit/cipher_list.c204
-rw-r--r--src/regress/lib/libssl/unit/ssl_versions.c797
-rw-r--r--src/regress/lib/libssl/unit/tests.h44
-rw-r--r--src/regress/lib/libssl/unit/tls_ext_alpn.c442
-rw-r--r--src/regress/lib/libssl/unit/tls_prf.c251
53 files changed, 0 insertions, 13031 deletions
diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile
deleted file mode 100644
index 0096a9fd87..0000000000
--- a/src/regress/lib/libssl/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
1# $OpenBSD: Makefile,v 1.35 2019/01/20 06:50:26 tb Exp $
2
3SUBDIR += asn1
4SUBDIR += buffer
5SUBDIR += bytestring
6SUBDIR += ciphers
7SUBDIR += client
8SUBDIR += handshake
9SUBDIR += pqueue
10SUBDIR += record
11SUBDIR += server
12SUBDIR += ssl
13SUBDIR += tlsext
14SUBDIR += key_schedule
15SUBDIR += unit
16
17# Things that take a long time should go below here.
18SUBDIR += interop
19
20install:
21
22.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/Makefile.inc b/src/regress/lib/libssl/Makefile.inc
deleted file mode 100644
index a8880845e9..0000000000
--- a/src/regress/lib/libssl/Makefile.inc
+++ /dev/null
@@ -1,2 +0,0 @@
1# Use this variable when the test needs internal symbols from libssl
2SSL_INT= -Wl,-Bstatic -lssl -Wl,-Bdynamic
diff --git a/src/regress/lib/libssl/asn1/Makefile b/src/regress/lib/libssl/asn1/Makefile
deleted file mode 100644
index f4a57933e2..0000000000
--- a/src/regress/lib/libssl/asn1/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2014/07/13 16:03:54 jsing Exp $
2
3PROG= asn1test
4LDADD= -lcrypto -lssl
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6
7WARNINGS= Yes
8CFLAGS+= -DLIBRESSL_INTERNAL -Werror
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/asn1/asn1test.c b/src/regress/lib/libssl/asn1/asn1test.c
deleted file mode 100644
index 69be086724..0000000000
--- a/src/regress/lib/libssl/asn1/asn1test.c
+++ /dev/null
@@ -1,478 +0,0 @@
1/* $OpenBSD: asn1test.c,v 1.6 2016/12/26 15:31:38 jsing Exp $ */
2/*
3 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdlib.h>
20
21#include <openssl/bio.h>
22#include <openssl/err.h>
23#include <openssl/ssl.h>
24#include <openssl/tls1.h>
25
26int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
27SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
28 long length);
29
30X509 *peer_cert;
31
32unsigned char *peer_cert_pem =
33 "-----BEGIN CERTIFICATE-----\n"
34 "MIIBcTCCARugAwIBAgIJAPYhaZJAvUuUMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n"
35 "BAoMCVRlc3QgUGVlcjAeFw0xNjEyMjYxNDQ3NDdaFw0yNjEyMjQxNDQ3NDdaMBQx\n"
36 "EjAQBgNVBAoMCVRlc3QgUGVlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCyhAdJ\n"
37 "wojHv/uKONh8MbmR2U2+VF1HQusnLfSfHPqkJfvDzLWJ41TG7QcXkx2rIJVtAFrO\n"
38 "U9yNdFYJLA/hsrbjAgMBAAGjUDBOMB0GA1UdDgQWBBS3bZOw7fvaortdsdE2TPMq\n"
39 "IRXFRzAfBgNVHSMEGDAWgBS3bZOw7fvaortdsdE2TPMqIRXFRzAMBgNVHRMEBTAD\n"
40 "AQH/MA0GCSqGSIb3DQEBBQUAA0EAHsxNS+rNUZbopeDMhVIviOfUmelDjJrT56Rc\n"
41 "VJoFN3Gc1cV8nQAHm9aJs71uksC+MN04Pzh0WqmYX9XXrnYPcg==\n"
42 "-----END CERTIFICATE-----\n";
43
44struct ssl_asn1_test {
45 SSL_SESSION session;
46 int peer_cert;
47 const unsigned char asn1[1024];
48 int asn1_len;
49};
50
51unsigned char tlsext_tick[] = {
52 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
53 0x2d, 0x30, 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37,
54 0x74, 0x68, 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c,
55 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
56 0x45, 0x2d, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35,
57 0x32, 0x39, 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68,
58 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
59 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
60 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39,
61 0x38, 0x3a, 0x20, 0x32, 0x31, 0x73, 0x74, 0x20,
62 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30,
63 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
64 0x30, 0x31, 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30,
65 0x3a, 0x20, 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d,
66 0x61, 0x79, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
67 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
68 0x2d, 0x30, 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35,
69 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
70 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45,
71 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32,
72 0x32, 0x31, 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20,
73 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31,
74 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
75 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a,
76 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
77 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
78};
79
80struct ssl_asn1_test ssl_asn1_tests[] = {
81 {
82 .session = {
83 .cipher_id = 0x03000000L | 1,
84 .ssl_version = TLS1_2_VERSION,
85 },
86 .asn1 = {
87 0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
88 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04,
89 0x00, 0xa4, 0x02, 0x04, 0x00,
90 },
91 .asn1_len = 21,
92 },
93 {
94 .session = {
95 .cipher_id = 0x03000000L | 1,
96 .ssl_version = TLS1_2_VERSION,
97 .master_key_length = 26,
98 .session_id = "0123456789",
99 .session_id_length = 10,
100 .sid_ctx = "abcdefghijklmnopqrstuvwxyz",
101 .sid_ctx_length = 26,
102 },
103 .asn1 = {
104 0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
105 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30,
106 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
107 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
109 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
110 0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x1c, 0x04,
111 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
112 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
113 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
114 0x78, 0x79, 0x7a,
115 },
116 .asn1_len = 83,
117 },
118 {
119 .session = {
120 .cipher_id = 0x03000000L | 1,
121 .ssl_version = TLS1_2_VERSION,
122 .master_key_length = 26,
123 .session_id = "0123456789",
124 .session_id_length = 10,
125 .sid_ctx = "abcdefghijklmnopqrstuvwxyz",
126 .sid_ctx_length = 26,
127 .time = 1405266069,
128 .timeout = 5,
129 .verify_result = 42,
130 .tlsext_hostname = "libressl.openbsd.org",
131 .tlsext_tick_lifetime_hint = 0x7abbccdd,
132 .tlsext_tick = tlsext_tick,
133 .tlsext_ticklen = sizeof(tlsext_tick),
134 },
135 .peer_cert = 1,
136 .asn1 = {
137 0x30, 0x82, 0x02, 0xd1, 0x02, 0x01, 0x01, 0x02,
138 0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04,
139 0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
140 0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00,
141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1,
144 0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2,
145 0x03, 0x02, 0x01, 0x05, 0xa3, 0x82, 0x01, 0x75,
146 0x30, 0x82, 0x01, 0x71, 0x30, 0x82, 0x01, 0x1b,
147 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
148 0xf6, 0x21, 0x69, 0x92, 0x40, 0xbd, 0x4b, 0x94,
149 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
150 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
151 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
152 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74,
153 0x20, 0x50, 0x65, 0x65, 0x72, 0x30, 0x1e, 0x17,
154 0x0d, 0x31, 0x36, 0x31, 0x32, 0x32, 0x36, 0x31,
155 0x34, 0x34, 0x37, 0x34, 0x37, 0x5a, 0x17, 0x0d,
156 0x32, 0x36, 0x31, 0x32, 0x32, 0x34, 0x31, 0x34,
157 0x34, 0x37, 0x34, 0x37, 0x5a, 0x30, 0x14, 0x31,
158 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
159 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50,
160 0x65, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06,
161 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
162 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30,
163 0x48, 0x02, 0x41, 0x00, 0xb2, 0x84, 0x07, 0x49,
164 0xc2, 0x88, 0xc7, 0xbf, 0xfb, 0x8a, 0x38, 0xd8,
165 0x7c, 0x31, 0xb9, 0x91, 0xd9, 0x4d, 0xbe, 0x54,
166 0x5d, 0x47, 0x42, 0xeb, 0x27, 0x2d, 0xf4, 0x9f,
167 0x1c, 0xfa, 0xa4, 0x25, 0xfb, 0xc3, 0xcc, 0xb5,
168 0x89, 0xe3, 0x54, 0xc6, 0xed, 0x07, 0x17, 0x93,
169 0x1d, 0xab, 0x20, 0x95, 0x6d, 0x00, 0x5a, 0xce,
170 0x53, 0xdc, 0x8d, 0x74, 0x56, 0x09, 0x2c, 0x0f,
171 0xe1, 0xb2, 0xb6, 0xe3, 0x02, 0x03, 0x01, 0x00,
172 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06,
173 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
174 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, 0xa2,
175 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, 0x2a,
176 0x21, 0x15, 0xc5, 0x47, 0x30, 0x1f, 0x06, 0x03,
177 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
178 0x14, 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda,
179 0xa2, 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3,
180 0x2a, 0x21, 0x15, 0xc5, 0x47, 0x30, 0x0c, 0x06,
181 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
182 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
183 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
184 0x05, 0x00, 0x03, 0x41, 0x00, 0x1e, 0xcc, 0x4d,
185 0x4b, 0xea, 0xcd, 0x51, 0x96, 0xe8, 0xa5, 0xe0,
186 0xcc, 0x85, 0x52, 0x2f, 0x88, 0xe7, 0xd4, 0x99,
187 0xe9, 0x43, 0x8c, 0x9a, 0xd3, 0xe7, 0xa4, 0x5c,
188 0x54, 0x9a, 0x05, 0x37, 0x71, 0x9c, 0xd5, 0xc5,
189 0x7c, 0x9d, 0x00, 0x07, 0x9b, 0xd6, 0x89, 0xb3,
190 0xbd, 0x6e, 0x92, 0xc0, 0xbe, 0x30, 0xdd, 0x38,
191 0x3f, 0x38, 0x74, 0x5a, 0xa9, 0x98, 0x5f, 0xd5,
192 0xd7, 0xae, 0x76, 0x0f, 0x72, 0xa4, 0x1c, 0x04,
193 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
194 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
195 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
196 0x78, 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a,
197 0xa6, 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72,
198 0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65,
199 0x6e, 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67,
200 0xa9, 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd,
201 0xaa, 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56,
202 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
203 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68,
204 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
205 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
206 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39,
207 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41,
208 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31,
209 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
210 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a,
211 0x20, 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70,
212 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34,
213 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31,
214 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20,
215 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79,
216 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
217 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
218 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68,
219 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30,
220 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
221 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31,
222 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75,
223 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
224 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
225 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35,
226 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
227 0x32, 0x30, 0x31, 0x34, 0x0a,
228 },
229 .asn1_len = 725,
230 },
231 {
232 .session = {
233 .cipher_id = 0x03000000L | 1,
234 .ssl_version = TLS1_2_VERSION,
235 .timeout = -1,
236 },
237 .asn1 = {
238 0x0,
239 },
240 .asn1_len = -1,
241 },
242 {
243 .session = {
244 .cipher_id = 0x03000000L | 1,
245 .ssl_version = TLS1_2_VERSION,
246 .time = -1,
247 },
248 .asn1 = {
249 0x0,
250 },
251 .asn1_len = -1,
252 },
253};
254
255#define N_SSL_ASN1_TESTS \
256 (sizeof(ssl_asn1_tests) / sizeof(*ssl_asn1_tests))
257
258static int
259session_strcmp(const unsigned char *o1, const unsigned char *o2, size_t len)
260{
261 if (o1 == NULL && o2 == NULL)
262 return (0);
263 if (o1 == NULL || o2 == NULL)
264 return (1);
265 return memcmp(o1, o2, len);
266}
267
268static int
269session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
270{
271 /* Compare the ASN.1 encoded values from two sessions. */
272 if (s1->ssl_version != s2->ssl_version) {
273 fprintf(stderr, "ssl_version differs: %i != %i\n",
274 s1->ssl_version, s2->ssl_version);
275 return (1);
276 }
277 if (s1->cipher_id != s2->cipher_id) {
278 fprintf(stderr, "cipher_id differs: %li != %li\n",
279 s1->cipher_id, s2->cipher_id);
280 return (1);
281 }
282
283 if (s1->master_key_length != s2->master_key_length) {
284 fprintf(stderr, "master_key_length differs: %i != %i\n",
285 s1->master_key_length, s2->master_key_length);
286 return (1);
287 }
288 if (session_strcmp(s1->master_key, s2->master_key,
289 s1->master_key_length) != 0) {
290 fprintf(stderr, "master_key differs\n");
291 return (1);
292 }
293
294 if (s1->session_id_length != s2->session_id_length) {
295 fprintf(stderr, "session_id_length differs: %i != %i\n",
296 s1->session_id_length, s2->session_id_length);
297 return (1);
298 }
299 if (session_strcmp(s1->session_id, s2->session_id,
300 s1->session_id_length) != 0) {
301 fprintf(stderr, "session_id differs\n");
302 return (1);
303 }
304
305 if (s1->sid_ctx_length != s2->sid_ctx_length) {
306 fprintf(stderr, "sid_ctx_length differs: %i != %i\n",
307 s1->sid_ctx_length, s2->sid_ctx_length);
308 return (1);
309 }
310 if (session_strcmp(s1->sid_ctx, s2->sid_ctx,
311 s1->sid_ctx_length) != 0) {
312 fprintf(stderr, "sid_ctx differs\n");
313 return (1);
314 }
315
316 /* d2i_SSL_SESSION uses the current time if decoding a zero value. */
317 if ((s1->time != s2->time) && s1->time != 0 && s2->time != 0) {
318 fprintf(stderr, "time differs: %lli != %lli\n",
319 (long long)s1->time, (long long)s2->time);
320 return (1);
321 }
322 /* d2i_SSL_SESSION uses a timeout of 3 if decoding a zero value. */
323 if ((s1->timeout != s2->timeout) &&
324 s1->timeout != 3 && s2->timeout != 3) {
325 fprintf(stderr, "timeout differs: %li != %li\n",
326 s1->timeout, s2->timeout);
327 return (1);
328 }
329
330 /* Ensure that a certificate is or is not present in both. */
331 if ((s1->peer != NULL || s2->peer != NULL) &&
332 (s1->peer == NULL || s2->peer == NULL ||
333 X509_cmp(s1->peer, s2->peer) != 0)) {
334 fprintf(stderr, "peer differs\n");
335 return (1);
336 }
337
338 if (s1->verify_result != s2->verify_result) {
339 fprintf(stderr, "verify_result differs: %li != %li\n",
340 s1->verify_result, s2->verify_result);
341 return (1);
342 }
343
344 if (session_strcmp(s1->tlsext_hostname, s2->tlsext_hostname,
345 (s1->tlsext_hostname ? strlen(s1->tlsext_hostname) : 0)) != 0) {
346 fprintf(stderr, "sid_ctx differs\n");
347 return (1);
348 }
349 if (s1->tlsext_tick_lifetime_hint != s2->tlsext_tick_lifetime_hint) {
350 fprintf(stderr, "tlsext_tick_lifetime_hint differs: "
351 "%li != %li\n", s1->tlsext_tick_lifetime_hint,
352 s2->tlsext_tick_lifetime_hint);
353 return (1);
354 }
355 if (s1->tlsext_ticklen != s2->tlsext_ticklen) {
356 fprintf(stderr, "tlsext_ticklen differs: %zu != %zu\n",
357 s1->tlsext_ticklen, s2->tlsext_ticklen);
358 return (1);
359 }
360 if (session_strcmp(s1->tlsext_tick, s2->tlsext_tick,
361 s1->tlsext_ticklen) != 0) {
362 fprintf(stderr, "tlsext_tick differs\n");
363 return (1);
364 }
365
366 return (0);
367}
368
369static int
370do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
371{
372 SSL_SESSION session, *sp = NULL;
373 unsigned char *ap, *asn1 = NULL;
374 const unsigned char *pp;
375 int i, len, rv = 1;
376
377 if (sat->peer_cert)
378 sat->session.peer = peer_cert;
379
380 len = i2d_SSL_SESSION(&sat->session, NULL);
381 if (len != sat->asn1_len) {
382 fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
383 "want %i\n", test_no, len, sat->asn1_len);
384 goto failed;
385 }
386
387 /* See if the test is expected to fail... */
388 if (sat->asn1_len == -1)
389 return (0);
390
391 if ((asn1 = malloc(len)) == NULL)
392 errx(1, "failed to allocate memory");
393
394 ap = asn1;
395 len = i2d_SSL_SESSION(&sat->session, &ap);
396
397 /* Check the length again since the code path is different. */
398 if (len != sat->asn1_len) {
399 fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
400 "want %i\n", test_no, len, sat->asn1_len);
401 goto failed;
402 }
403 /* ap should now point at the end of the buffer. */
404 if (ap - asn1 != len) {
405 fprintf(stderr, "FAIL: test %i pointer increment does not "
406 "match length (%i != %i)\n", test_no, (int)(ap - asn1), len);
407 goto failed;
408 }
409
410 if (memcmp(asn1, &sat->asn1, len) != 0) {
411 fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no);
412 fprintf(stderr, "encoding:\n");
413 for (i = 1; i <= len; i++) {
414 fprintf(stderr, " 0x%02hhx,", asn1[i - 1]);
415 if (i % 8 == 0)
416 fprintf(stderr, "\n");
417 }
418 fprintf(stderr, "\n");
419 fprintf(stderr, "test data:\n");
420 for (i = 1; i <= sat->asn1_len; i++) {
421 fprintf(stderr, " 0x%02hhx,", sat->asn1[i - 1]);
422 if (i % 8 == 0)
423 fprintf(stderr, "\n");
424 }
425 fprintf(stderr, "\n");
426 goto failed;
427 }
428
429 sp = &session;
430 memset(sp, 0, sizeof(*sp));
431 pp = sat->asn1;
432
433 if ((sp = d2i_SSL_SESSION(&sp, &pp, sat->asn1_len)) == NULL) {
434 fprintf(stderr, "FAIL: test %i - decoding failed\n", test_no);
435 goto failed;
436 }
437
438 if (session_cmp(sp, &sat->session) != 0) {
439 fprintf(stderr, "FAIL: test %i - decoding differs\n", test_no);
440 goto failed;
441 }
442
443 rv = 0;
444
445failed:
446 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
447
448 free(asn1);
449
450 return (rv);
451}
452
453int
454main(int argc, char **argv)
455{
456 BIO *bio = NULL;
457 int failed = 0;
458 size_t i;
459
460 SSL_library_init();
461 SSL_load_error_strings();
462
463 bio = BIO_new_mem_buf(peer_cert_pem, -1);
464 if (bio == NULL)
465 errx(1, "failed to create bio");
466
467 peer_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
468 if (peer_cert == NULL)
469 errx(1, "failed to read peer cert");
470
471 for (i = 0; i < N_SSL_ASN1_TESTS; i++)
472 failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]);
473
474 X509_free(peer_cert);
475 BIO_free(bio);
476
477 return (failed);
478}
diff --git a/src/regress/lib/libssl/buffer/Makefile b/src/regress/lib/libssl/buffer/Makefile
deleted file mode 100644
index 64ed46fa90..0000000000
--- a/src/regress/lib/libssl/buffer/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2019/01/17 06:46:10 jsing Exp $
2
3PROG= buffertest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/buffer/buffertest.c b/src/regress/lib/libssl/buffer/buffertest.c
deleted file mode 100644
index e627865e35..0000000000
--- a/src/regress/lib/libssl/buffer/buffertest.c
+++ /dev/null
@@ -1,156 +0,0 @@
1/*
2 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <err.h>
18#include <string.h>
19
20#include "tls13_internal.h"
21
22uint8_t testdata[] = {
23 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
24 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
25};
26
27struct read_state {
28 uint8_t *buf;
29 size_t len;
30 size_t offset;
31};
32
33static ssize_t
34read_cb(void *buf, size_t buflen, void *cb_arg)
35{
36 struct read_state *rs = cb_arg;
37 ssize_t n;
38
39 if (rs->offset > rs->len)
40 return TLS13_IO_EOF;
41
42 if ((size_t)(n = buflen) > (rs->len - rs->offset))
43 n = rs->len - rs->offset;
44
45 if (n == 0)
46 return TLS13_IO_WANT_POLLIN;
47
48 memcpy(buf, &rs->buf[rs->offset], n);
49 rs->offset += n;
50
51 return n;
52}
53
54struct extend_test {
55 size_t extend_len;
56 size_t read_len;
57 ssize_t want_ret;
58};
59
60struct extend_test extend_tests[] = {
61 {
62 .extend_len = 4,
63 .read_len = 0,
64 .want_ret = TLS13_IO_WANT_POLLIN,
65 },
66 {
67 .extend_len = 4,
68 .read_len = 8,
69 .want_ret = 4,
70 },
71 {
72 .extend_len = 12,
73 .read_len = 8,
74 .want_ret = TLS13_IO_WANT_POLLIN,
75 },
76 {
77 .extend_len = 12,
78 .read_len = 10,
79 .want_ret = TLS13_IO_WANT_POLLIN,
80 },
81 {
82 .extend_len = 12,
83 .read_len = 12,
84 .want_ret = 12,
85 },
86 {
87 .extend_len = 16,
88 .read_len = 16,
89 .want_ret = 16,
90 },
91 {
92 .extend_len = 20,
93 .read_len = 1,
94 .want_ret = TLS13_IO_EOF,
95 },
96};
97
98#define N_EXTEND_TESTS (sizeof(extend_tests) / sizeof(extend_tests[0]))
99
100int
101main(int argc, char **argv)
102{
103 struct tls13_buffer *buf;
104 struct extend_test *et;
105 struct read_state rs;
106 uint8_t *data;
107 size_t i, data_len;
108 ssize_t ret;
109 CBS cbs;
110
111 rs.buf = testdata;
112 rs.offset = 0;
113
114 if ((buf = tls13_buffer_new(0)) == NULL)
115 errx(1, "tls13_buffer_new");
116
117 for (i = 0; i < N_EXTEND_TESTS; i++) {
118 et = &extend_tests[i];
119 rs.len = et->read_len;
120
121 ret = tls13_buffer_extend(buf, et->extend_len, read_cb, &rs);
122 if (ret != extend_tests[i].want_ret) {
123 fprintf(stderr, "FAIL: Test %zi - extend returned %zi, "
124 "want %zi\n", i, ret, et->want_ret);
125 return 1;
126 }
127
128 tls13_buffer_cbs(buf, &cbs);
129
130 if (!CBS_mem_equal(&cbs, testdata, CBS_len(&cbs))) {
131 fprintf(stderr, "FAIL: Test %zi - extend buffer "
132 "mismatch", i);
133 return 1;
134 }
135 }
136
137 if (!tls13_buffer_finish(buf, &data, &data_len)) {
138 fprintf(stderr, "FAIL: failed to finish\n");
139 return 1;
140 }
141
142 tls13_buffer_free(buf);
143
144 if (data_len != sizeof(testdata)) {
145 fprintf(stderr, "FAIL: got data length %zu, want %zu\n",
146 data_len, sizeof(testdata));
147 return 1;
148 }
149 if (memcmp(data, testdata, data_len) != 0) {
150 fprintf(stderr, "FAIL: data mismatch\n");
151 return 1;
152 }
153 free(data);
154
155 return 0;
156}
diff --git a/src/regress/lib/libssl/bytestring/Makefile b/src/regress/lib/libssl/bytestring/Makefile
deleted file mode 100644
index 162c81d255..0000000000
--- a/src/regress/lib/libssl/bytestring/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2016/11/04 17:51:54 guenther Exp $
2
3PROG= bytestringtest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/bytestring/bytestringtest.c b/src/regress/lib/libssl/bytestring/bytestringtest.c
deleted file mode 100644
index 0e9f5f47e5..0000000000
--- a/src/regress/lib/libssl/bytestring/bytestringtest.c
+++ /dev/null
@@ -1,876 +0,0 @@
1/* $OpenBSD: bytestringtest.c,v 1.12 2018/08/16 18:40:19 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/crypto.h>
22
23#include "bytestring.h"
24
25/* This is from <openssl/base.h> in boringssl */
26#define OPENSSL_U64(x) x##ULL
27
28#define PRINT_ERROR printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
29 __LINE__)
30
31#define CHECK(a) do { \
32 if (!(a)) { \
33 PRINT_ERROR; \
34 return 0; \
35 } \
36} while (0)
37
38#define CHECK_GOTO(a) do { \
39 if (!(a)) { \
40 PRINT_ERROR; \
41 goto err; \
42 } \
43} while (0)
44
45static int
46test_skip(void)
47{
48 static const uint8_t kData[] = {1, 2, 3};
49 CBS data;
50
51 CBS_init(&data, kData, sizeof(kData));
52
53 CHECK(CBS_len(&data) == 3);
54 CHECK(CBS_skip(&data, 1));
55 CHECK(CBS_len(&data) == 2);
56 CHECK(CBS_skip(&data, 2));
57 CHECK(CBS_len(&data) == 0);
58 CHECK(!CBS_skip(&data, 1));
59
60 return 1;
61}
62
63static int
64test_get_u(void)
65{
66 static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
67 uint8_t u8;
68 uint16_t u16;
69 uint32_t u32;
70 CBS data;
71
72 CBS_init(&data, kData, sizeof(kData));
73
74 CHECK(CBS_get_u8(&data, &u8));
75 CHECK(u8 == 1);
76 CHECK(CBS_get_u16(&data, &u16));
77 CHECK(u16 == 0x203);
78 CHECK(CBS_get_u24(&data, &u32));
79 CHECK(u32 == 0x40506);
80 CHECK(CBS_get_u32(&data, &u32));
81 CHECK(u32 == 0x708090a);
82 CHECK(!CBS_get_u8(&data, &u8));
83
84 return 1;
85}
86
87static int
88test_get_prefixed(void)
89{
90 static const uint8_t kData[] = {1, 2, 0, 2, 3, 4, 0, 0, 3, 3, 2, 1};
91 uint8_t u8;
92 uint16_t u16;
93 uint32_t u32;
94 CBS data, prefixed;
95
96 CBS_init(&data, kData, sizeof(kData));
97
98 CHECK(CBS_get_u8_length_prefixed(&data, &prefixed));
99 CHECK(CBS_len(&prefixed) == 1);
100 CHECK(CBS_get_u8(&prefixed, &u8));
101 CHECK(u8 == 2);
102 CHECK(CBS_get_u16_length_prefixed(&data, &prefixed));
103 CHECK(CBS_len(&prefixed) == 2);
104 CHECK(CBS_get_u16(&prefixed, &u16));
105 CHECK(u16 == 0x304);
106 CHECK(CBS_get_u24_length_prefixed(&data, &prefixed));
107 CHECK(CBS_len(&prefixed) == 3);
108 CHECK(CBS_get_u24(&prefixed, &u32));
109 CHECK(u32 == 0x30201);
110
111 return 1;
112}
113
114static int
115test_get_prefixed_bad(void)
116{
117 static const uint8_t kData1[] = {2, 1};
118 static const uint8_t kData2[] = {0, 2, 1};
119 static const uint8_t kData3[] = {0, 0, 2, 1};
120 CBS data, prefixed;
121
122 CBS_init(&data, kData1, sizeof(kData1));
123 CHECK(!CBS_get_u8_length_prefixed(&data, &prefixed));
124
125 CBS_init(&data, kData2, sizeof(kData2));
126 CHECK(!CBS_get_u16_length_prefixed(&data, &prefixed));
127
128 CBS_init(&data, kData3, sizeof(kData3));
129 CHECK(!CBS_get_u24_length_prefixed(&data, &prefixed));
130
131 return 1;
132}
133
134static int
135test_get_asn1(void)
136{
137 static const uint8_t kData1[] = {0x30, 2, 1, 2};
138 static const uint8_t kData2[] = {0x30, 3, 1, 2};
139 static const uint8_t kData3[] = {0x30, 0x80};
140 static const uint8_t kData4[] = {0x30, 0x81, 1, 1};
141 static const uint8_t kData5[4 + 0x80] = {0x30, 0x82, 0, 0x80};
142 static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1};
143 static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1};
144 static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1};
145 static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff};
146
147 CBS data, contents;
148 int present;
149 uint64_t value;
150
151 CBS_init(&data, kData1, sizeof(kData1));
152
153 CHECK(!CBS_peek_asn1_tag(&data, 0x1));
154 CHECK(CBS_peek_asn1_tag(&data, 0x30));
155
156 CHECK(CBS_get_asn1(&data, &contents, 0x30));
157 CHECK(CBS_len(&contents) == 2);
158 CHECK(memcmp(CBS_data(&contents), "\x01\x02", 2) == 0);
159
160 CBS_init(&data, kData2, sizeof(kData2));
161 /* data is truncated */
162 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
163
164 CBS_init(&data, kData3, sizeof(kData3));
165 /* zero byte length of length */
166 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
167
168 CBS_init(&data, kData4, sizeof(kData4));
169 /* long form mistakenly used. */
170 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
171
172 CBS_init(&data, kData5, sizeof(kData5));
173 /* length takes too many bytes. */
174 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
175
176 CBS_init(&data, kData1, sizeof(kData1));
177 /* wrong tag. */
178 CHECK(!CBS_get_asn1(&data, &contents, 0x31));
179
180 CBS_init(&data, NULL, 0);
181 /* peek at empty data. */
182 CHECK(!CBS_peek_asn1_tag(&data, 0x30));
183
184 CBS_init(&data, NULL, 0);
185 /* optional elements at empty data. */
186 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa0));
187 CHECK(!present);
188 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
189 0xa0));
190 CHECK(!present);
191 CHECK(CBS_len(&contents) == 0);
192 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0));
193 CHECK(CBS_len(&contents) == 0);
194 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42));
195 CHECK(value == 42);
196
197 CBS_init(&data, kData6, sizeof(kData6));
198 /* optional element. */
199 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa0));
200 CHECK(!present);
201 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa1));
202 CHECK(present);
203 CHECK(CBS_len(&contents) == 3);
204 CHECK(memcmp(CBS_data(&contents), "\x04\x01\x01", 3) == 0);
205
206 CBS_init(&data, kData6, sizeof(kData6));
207 /* optional octet string. */
208 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
209 0xa0));
210 CHECK(!present);
211 CHECK(CBS_len(&contents) == 0);
212 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
213 0xa1));
214 CHECK(present);
215 CHECK(CBS_len(&contents) == 1);
216 CHECK(CBS_data(&contents)[0] == 1);
217
218 CBS_init(&data, kData7, sizeof(kData7));
219 /* invalid optional octet string. */
220 CHECK(!CBS_get_optional_asn1_octet_string(&data, &contents, &present,
221 0xa1));
222
223 CBS_init(&data, kData8, sizeof(kData8));
224 /* optional octet string. */
225 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42));
226 CHECK(value == 42);
227 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42));
228 CHECK(value == 1);
229
230 CBS_init(&data, kData9, sizeof(kData9));
231 /* invalid optional integer. */
232 CHECK(!CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42));
233
234 return 1;
235}
236
237static int
238test_get_optional_asn1_bool(void)
239{
240 CBS data;
241 int val;
242
243 static const uint8_t kTrue[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0xff};
244 static const uint8_t kFalse[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x00};
245 static const uint8_t kInvalid[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x01};
246
247 CBS_init(&data, NULL, 0);
248 val = 2;
249 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0));
250 CHECK(val == 0);
251
252 CBS_init(&data, kTrue, sizeof(kTrue));
253 val = 2;
254 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0));
255 CHECK(val == 1);
256
257 CBS_init(&data, kFalse, sizeof(kFalse));
258 val = 2;
259 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1));
260 CHECK(val == 0);
261
262 CBS_init(&data, kInvalid, sizeof(kInvalid));
263 CHECK(!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1));
264
265 return 1;
266}
267
268static int
269test_cbb_basic(void)
270{
271 static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
272 uint8_t *buf = NULL;
273 size_t buf_len;
274 int ret = 0;
275 CBB cbb;
276
277 CHECK(CBB_init(&cbb, 100));
278
279 CBB_cleanup(&cbb);
280
281 CHECK(CBB_init(&cbb, 0));
282 CHECK_GOTO(CBB_add_u8(&cbb, 1));
283 CHECK_GOTO(CBB_add_u16(&cbb, 0x203));
284 CHECK_GOTO(CBB_add_u24(&cbb, 0x40506));
285 CHECK_GOTO(CBB_add_u32(&cbb, 0x708090a));
286 CHECK_GOTO(CBB_add_bytes(&cbb, (const uint8_t*) "\x0b\x0c", 2));
287 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
288
289 ret = (buf_len == sizeof(kExpected)
290 && memcmp(buf, kExpected, buf_len) == 0);
291
292 if (0) {
293err:
294 CBB_cleanup(&cbb);
295 }
296 free(buf);
297 return ret;
298}
299
300static int
301test_cbb_fixed(void)
302{
303 CBB cbb;
304 uint8_t buf[1];
305 uint8_t *out_buf = NULL;
306 size_t out_size;
307 int ret = 0;
308
309 CHECK(CBB_init_fixed(&cbb, NULL, 0));
310 CHECK_GOTO(!CBB_add_u8(&cbb, 1));
311 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
312 CHECK(out_buf == NULL && out_size == 0);
313
314 CHECK(CBB_init_fixed(&cbb, buf, 1));
315 CHECK_GOTO(CBB_add_u8(&cbb, 1));
316 CHECK_GOTO(!CBB_add_u8(&cbb, 2));
317 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
318
319 ret = (out_buf == buf && out_size == 1 && buf[0] == 1);
320
321 if (0) {
322err:
323 CBB_cleanup(&cbb);
324 }
325
326 return ret;
327}
328
329static int
330test_cbb_finish_child(void)
331{
332 CBB cbb, child;
333 uint8_t *out_buf = NULL;
334 size_t out_size;
335 int ret = 0;
336
337 CHECK(CBB_init(&cbb, 16));
338 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &child));
339 CHECK_GOTO(!CBB_finish(&child, &out_buf, &out_size));
340 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
341
342 ret = (out_size == 1 && out_buf[0] == 0);
343
344err:
345 free(out_buf);
346 return ret;
347}
348
349static int
350test_cbb_prefixed(void)
351{
352 static const uint8_t kExpected[] = {0, 1, 1, 0, 2, 2, 3, 0, 0, 3,
353 4, 5, 6, 5, 4, 1, 0, 1, 2};
354 CBB cbb, contents, inner_contents, inner_inner_contents;
355 uint8_t *buf = NULL;
356 size_t buf_len;
357 int ret = 0;
358
359 CHECK(CBB_init(&cbb, 0));
360 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
361 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
362 CHECK_GOTO(CBB_add_u8(&contents, 1));
363 CHECK_GOTO(CBB_add_u16_length_prefixed(&cbb, &contents));
364 CHECK_GOTO(CBB_add_u16(&contents, 0x203));
365 CHECK_GOTO(CBB_add_u24_length_prefixed(&cbb, &contents));
366 CHECK_GOTO(CBB_add_u24(&contents, 0x40506));
367 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
368 CHECK_GOTO(CBB_add_u8_length_prefixed(&contents, &inner_contents));
369 CHECK_GOTO(CBB_add_u8(&inner_contents, 1));
370 CHECK_GOTO(CBB_add_u16_length_prefixed(&inner_contents,
371 &inner_inner_contents));
372 CHECK_GOTO(CBB_add_u8(&inner_inner_contents, 2));
373 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
374
375 ret = (buf_len == sizeof(kExpected)
376 && memcmp(buf, kExpected, buf_len) == 0);
377
378 if (0) {
379err:
380 CBB_cleanup(&cbb);
381 }
382 free(buf);
383 return ret;
384}
385
386static int
387test_cbb_discard_child(void)
388{
389 static const uint8_t kExpected[] = {
390 0xaa,
391 0,
392 1, 0xbb,
393 0, 2, 0xcc, 0xcc,
394 0, 0, 3, 0xdd, 0xdd, 0xdd,
395 1, 0xff,
396 };
397 CBB cbb, contents, inner_contents, inner_inner_contents;
398 uint8_t *buf = NULL;
399 size_t buf_len;
400 int ret = 0;
401
402 CHECK(CBB_init(&cbb, 0));
403 CHECK_GOTO(CBB_add_u8(&cbb, 0xaa));
404
405 // Discarding |cbb|'s children preserves the byte written.
406 CBB_discard_child(&cbb);
407
408 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
409 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
410 CHECK_GOTO(CBB_add_u8(&contents, 0xbb));
411 CHECK_GOTO(CBB_add_u16_length_prefixed(&cbb, &contents));
412 CHECK_GOTO(CBB_add_u16(&contents, 0xcccc));
413 CHECK_GOTO(CBB_add_u24_length_prefixed(&cbb, &contents));
414 CHECK_GOTO(CBB_add_u24(&contents, 0xdddddd));
415 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
416 CHECK_GOTO(CBB_add_u8(&contents, 0xff));
417 CHECK_GOTO(CBB_add_u8_length_prefixed(&contents, &inner_contents));
418 CHECK_GOTO(CBB_add_u8(&inner_contents, 0x42));
419 CHECK_GOTO(CBB_add_u16_length_prefixed(&inner_contents,
420 &inner_inner_contents));
421 CHECK_GOTO(CBB_add_u8(&inner_inner_contents, 0x99));
422
423 // Discard everything from |inner_contents| down.
424 CBB_discard_child(&contents);
425
426 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
427
428 ret = (buf_len == sizeof(kExpected)
429 && memcmp(buf, kExpected, buf_len) == 0);
430
431 if (0) {
432err:
433 CBB_cleanup(&cbb);
434 }
435 free(buf);
436 return ret;
437}
438
439static int
440test_cbb_misuse(void)
441{
442 CBB cbb, child, contents;
443 uint8_t *buf = NULL;
444 size_t buf_len;
445 int ret = 0;
446
447 CHECK(CBB_init(&cbb, 0));
448 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &child));
449 CHECK_GOTO(CBB_add_u8(&child, 1));
450 CHECK_GOTO(CBB_add_u8(&cbb, 2));
451
452 /*
453 * Since we wrote to |cbb|, |child| is now invalid and attempts to write
454 * to it should fail.
455 */
456 CHECK_GOTO(!CBB_add_u8(&child, 1));
457 CHECK_GOTO(!CBB_add_u16(&child, 1));
458 CHECK_GOTO(!CBB_add_u24(&child, 1));
459 CHECK_GOTO(!CBB_add_u8_length_prefixed(&child, &contents));
460 CHECK_GOTO(!CBB_add_u16_length_prefixed(&child, &contents));
461 CHECK_GOTO(!CBB_add_asn1(&child, &contents, 1));
462 CHECK_GOTO(!CBB_add_bytes(&child, (const uint8_t*) "a", 1));
463 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
464
465 ret = (buf_len == 3 && memcmp(buf, "\x01\x01\x02", 3) == 0);
466
467 if (0) {
468err:
469 CBB_cleanup(&cbb);
470 }
471 free(buf);
472 return ret;
473}
474
475static int
476test_cbb_asn1(void)
477{
478 static const uint8_t kExpected[] = {0x30, 3, 1, 2, 3};
479 uint8_t *buf = NULL, *test_data = NULL;
480 size_t buf_len;
481 CBB cbb, contents, inner_contents;
482 int ret = 0;
483 int alloc = 0;
484
485 CHECK_GOTO(CBB_init(&cbb, 0));
486 alloc = 1;
487 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
488 CHECK_GOTO(CBB_add_bytes(&contents, (const uint8_t*) "\x01\x02\x03",
489 3));
490 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
491 alloc = 0;
492
493 CHECK_GOTO(buf_len == sizeof(kExpected));
494 CHECK_GOTO(memcmp(buf, kExpected, buf_len) == 0);
495
496 free(buf);
497 buf = NULL;
498
499 CHECK_GOTO(((test_data = malloc(100000)) != NULL));
500 memset(test_data, 0x42, 100000);
501
502 CHECK_GOTO(CBB_init(&cbb, 0));
503 alloc = 1;
504 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
505 CHECK_GOTO(CBB_add_bytes(&contents, test_data, 130));
506 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
507 alloc = 0;
508
509 CHECK_GOTO(buf_len == 3 + 130);
510 CHECK_GOTO(memcmp(buf, "\x30\x81\x82", 3) == 0);
511 CHECK_GOTO(memcmp(buf + 3, test_data, 130) == 0);
512
513 free(buf);
514 buf = NULL;
515
516 CHECK_GOTO(CBB_init(&cbb, 0));
517 alloc = 1;
518 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
519 CHECK_GOTO(CBB_add_bytes(&contents, test_data, 1000));
520 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
521 alloc = 0;
522
523 CHECK_GOTO(buf_len == 4 + 1000);
524 CHECK_GOTO(memcmp(buf, "\x30\x82\x03\xe8", 4) == 0);
525 CHECK_GOTO(!memcmp(buf + 4, test_data, 1000));
526
527 free(buf);
528 buf = NULL;
529
530 CHECK_GOTO(CBB_init(&cbb, 0));
531 alloc = 1;
532 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
533 CHECK_GOTO(CBB_add_asn1(&contents, &inner_contents, 0x30));
534 CHECK_GOTO(CBB_add_bytes(&inner_contents, test_data, 100000));
535 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
536 alloc = 0;
537
538 CHECK_GOTO(buf_len == 5 + 5 + 100000);
539 CHECK_GOTO(memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10)
540 == 0);
541 CHECK_GOTO(!memcmp(buf + 10, test_data, 100000));
542
543 ret = 1;
544
545 if (0) {
546err:
547 if (alloc)
548 CBB_cleanup(&cbb);
549 }
550 free(buf);
551 free(test_data);
552 return ret;
553}
554
555static int
556do_indefinite_convert(const char *name, const uint8_t *definite_expected,
557 size_t definite_len, const uint8_t *indefinite, size_t indefinite_len)
558{
559 CBS in;
560 uint8_t *out = NULL;
561 size_t out_len;
562 int ret = 0;
563
564 CBS_init(&in, indefinite, indefinite_len);
565
566 CHECK_GOTO(CBS_asn1_indefinite_to_definite(&in, &out, &out_len));
567
568 if (out == NULL) {
569
570 if (indefinite_len != definite_len ||
571 memcmp(definite_expected, indefinite, indefinite_len) != 0) {
572 PRINT_ERROR;
573 goto err;
574 }
575
576 return 1;
577 }
578
579 if (out_len != definite_len ||
580 memcmp(out, definite_expected, definite_len) != 0) {
581 PRINT_ERROR;
582 goto err;
583 }
584
585 ret = 1;
586err:
587 free(out);
588 return ret;
589}
590
591static int
592test_indefinite_convert(void)
593{
594 static const uint8_t kSimpleBER[] = {0x01, 0x01, 0x00};
595
596 /* kIndefBER contains a SEQUENCE with an indefinite length. */
597 static const uint8_t kIndefBER[] = {0x30, 0x80, 0x01, 0x01, 0x02, 0x00,
598 0x00};
599 static const uint8_t kIndefDER[] = {0x30, 0x03, 0x01, 0x01, 0x02};
600
601 /*
602 * kOctetStringBER contains an indefinite length OCTETSTRING with two
603 * parts. These parts need to be concatenated in DER form.
604 */
605 static const uint8_t kOctetStringBER[] = {0x24, 0x80, 0x04, 0x02, 0,
606 1, 0x04, 0x02, 2, 3, 0x00, 0x00};
607 static const uint8_t kOctetStringDER[] = {0x04, 0x04, 0, 1, 2, 3};
608
609 /*
610 * kNSSBER is part of a PKCS#12 message generated by NSS that uses
611 * indefinite length elements extensively.
612 */
613 static const uint8_t kNSSBER[] = {
614 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
615 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80,
616 0x04, 0x04, 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
617 0x00, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
618 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84, 0x98, 0xfc, 0x66,
619 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8, 0x8f, 0xfe, 0x1d,
620 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38, 0x62, 0xc6, 0x44,
621 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0, 0x6e, 0x10, 0x9b,
622 0xb8, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00,
623 };
624
625 static const uint8_t kNSSDER[] = {
626 0x30, 0x53, 0x02, 0x01, 0x03, 0x30, 0x13, 0x06, 0x09, 0x2a, 0x86,
627 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x06, 0x04, 0x04,
628 0x01, 0x02, 0x03, 0x04, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06,
629 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84,
630 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8,
631 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38,
632 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0,
633 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0,
634 };
635
636 CHECK(do_indefinite_convert("kSimpleBER", kSimpleBER, sizeof(kSimpleBER),
637 kSimpleBER, sizeof(kSimpleBER)));
638 CHECK(do_indefinite_convert("kIndefBER", kIndefDER, sizeof(kIndefDER),
639 kIndefBER, sizeof(kIndefBER)));
640 CHECK(do_indefinite_convert("kOctetStringBER", kOctetStringDER,
641 sizeof(kOctetStringDER), kOctetStringBER,
642 sizeof(kOctetStringBER)));
643 CHECK(do_indefinite_convert("kNSSBER", kNSSDER, sizeof(kNSSDER), kNSSBER,
644 sizeof(kNSSBER)));
645
646 return 1;
647}
648
649typedef struct {
650 uint64_t value;
651 const char *encoding;
652 size_t encoding_len;
653} ASN1_UINT64_TEST;
654
655static const ASN1_UINT64_TEST kAsn1Uint64Tests[] = {
656 {0, "\x02\x01\x00", 3},
657 {1, "\x02\x01\x01", 3},
658 {127, "\x02\x01\x7f", 3},
659 {128, "\x02\x02\x00\x80", 4},
660 {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7},
661 {OPENSSL_U64(0x0102030405060708),
662 "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10},
663 {OPENSSL_U64(0xffffffffffffffff),
664 "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11},
665};
666
667typedef struct {
668 const char *encoding;
669 size_t encoding_len;
670} ASN1_INVALID_UINT64_TEST;
671
672static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = {
673 /* Bad tag. */
674 {"\x03\x01\x00", 3},
675 /* Empty contents. */
676 {"\x02\x00", 2},
677 /* Negative number. */
678 {"\x02\x01\x80", 3},
679 /* Overflow. */
680 {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
681 /* Leading zeros. */
682 {"\x02\x02\x00\x01", 4},
683};
684
685static int
686test_asn1_uint64(void)
687{
688 CBB cbb;
689 uint8_t *out = NULL;
690 size_t i;
691 int ret = 0;
692 int alloc = 0;
693
694 for (i = 0; i < sizeof(kAsn1Uint64Tests) / sizeof(kAsn1Uint64Tests[0]);
695 i++) {
696 const ASN1_UINT64_TEST *test = &kAsn1Uint64Tests[i];
697 CBS cbs;
698 uint64_t value;
699 size_t len;
700
701 CBS_init(&cbs, (const uint8_t *)test->encoding,
702 test->encoding_len);
703
704 CHECK(CBS_get_asn1_uint64(&cbs, &value));
705 CHECK(CBS_len(&cbs) == 0);
706 CHECK(value == test->value);
707
708 CHECK(CBB_init(&cbb, 0));
709 alloc = 1;
710 CHECK_GOTO(CBB_add_asn1_uint64(&cbb, test->value));
711 CHECK_GOTO(CBB_finish(&cbb, &out, &len));
712 alloc = 0;
713
714 CHECK_GOTO(len == test->encoding_len);
715 CHECK_GOTO(memcmp(out, test->encoding, len) == 0);
716 free(out);
717 out = NULL;
718 }
719
720 for (i = 0; i < sizeof(kAsn1InvalidUint64Tests)
721 / sizeof(kAsn1InvalidUint64Tests[0]); i++) {
722 const ASN1_INVALID_UINT64_TEST *test =
723 &kAsn1InvalidUint64Tests[i];
724 CBS cbs;
725 uint64_t value;
726
727 CBS_init(&cbs, (const uint8_t *)test->encoding,
728 test->encoding_len);
729 CHECK(!CBS_get_asn1_uint64(&cbs, &value));
730 }
731
732 ret = 1;
733
734 if (0) {
735err:
736 if (alloc)
737 CBB_cleanup(&cbb);
738 }
739 free(out);
740
741 return ret;
742}
743
744static int
745test_offset(void)
746{
747 uint8_t v;
748 static const uint8_t input[] = {1, 2, 3, 4, 5};
749 CBS data;
750
751 CBS_init(&data, input, sizeof(input));
752 CHECK(sizeof(input) == 5);
753 CHECK(CBS_len(&data) == 5);
754 CHECK(CBS_offset(&data) == 0);
755 CHECK(CBS_get_u8(&data, &v));
756 CHECK(v == 1);
757 CHECK(CBS_len(&data) == 4);
758 CHECK(CBS_offset(&data) == 1);
759 CHECK(CBS_skip(&data, 2));
760 CHECK(CBS_len(&data) == 2);
761 CHECK(CBS_offset(&data) == 3);
762 CHECK(CBS_get_u8(&data, &v));
763 CHECK(v == 4);
764 CHECK(CBS_get_u8(&data, &v));
765 CHECK(v == 5);
766 CHECK(CBS_len(&data) == 0);
767 CHECK(CBS_offset(&data) == 5);
768 CHECK(!CBS_skip(&data, 1));
769
770 CBS_init(&data, input, sizeof(input));
771 CHECK(CBS_skip(&data, 2));
772 CHECK(CBS_len(&data) == 3);
773 CHECK(CBS_offset(&data) == 2);
774 CHECK(CBS_skip(&data, 3));
775 CHECK(CBS_len(&data) == 0);
776 CHECK(CBS_offset(&data) == 5);
777 CHECK(!CBS_get_u8(&data, &v));
778
779 return 1;
780}
781
782static int
783test_write_bytes(void)
784{
785 int ret = 0;
786 uint8_t v;
787 size_t len;
788 static const uint8_t input[] = {'f', 'o', 'o', 'b', 'a', 'r'};
789 CBS data;
790 char *tmp = NULL;
791
792 CHECK_GOTO((tmp = malloc(sizeof(input))) != NULL);
793 memset(tmp, 100, sizeof(input));
794
795 CBS_init(&data, input, sizeof(input));
796 CHECK_GOTO(CBS_len(&data) == 6);
797 CHECK_GOTO(CBS_offset(&data) == 0);
798 CHECK_GOTO(CBS_get_u8(&data, &v));
799 CHECK_GOTO(v == 102 /* f */);
800 CHECK_GOTO(CBS_skip(&data, 1));
801 CHECK_GOTO(!CBS_skip(&data, 15));
802 CHECK_GOTO(CBS_write_bytes(&data, tmp, sizeof(input), &len));
803 CHECK_GOTO(len == 4);
804 CHECK_GOTO(memcmp(input + 2, tmp, len) == 0);
805 CHECK_GOTO(tmp[4] == 100 && tmp[5] == 100);
806
807 ret = 1;
808
809err:
810 free(tmp);
811 return ret;
812}
813
814static int
815test_cbs_dup(void)
816{
817 CBS data, check;
818 static const uint8_t input[] = {'f', 'o', 'o', 'b', 'a', 'r'};
819
820 CBS_init(&data, input, sizeof(input));
821 CHECK(CBS_len(&data) == 6);
822 CBS_dup(&data, &check);
823 CHECK(CBS_len(&check) == 6);
824 CHECK(CBS_data(&data) == CBS_data(&check));
825 CHECK(CBS_skip(&data, 1));
826 CHECK(CBS_len(&data) == 5);
827 CHECK(CBS_len(&check) == 6);
828 CHECK(CBS_data(&data) == CBS_data(&check) + 1);
829 CHECK(CBS_skip(&check, 1));
830 CHECK(CBS_len(&data) == 5);
831 CHECK(CBS_len(&check) == 5);
832 CHECK(CBS_data(&data) == CBS_data(&check));
833 CHECK(CBS_offset(&data) == 1);
834 CHECK(CBS_offset(&check) == 1);
835
836 CBS_init(&data, input, sizeof(input));
837 CHECK(CBS_skip(&data, 5));
838 CBS_dup(&data, &check);
839 CHECK(CBS_len(&data) == 1);
840 CHECK(CBS_len(&check) == 1);
841 CHECK(CBS_data(&data) == input + 5);
842 CHECK(CBS_data(&data) == CBS_data(&check));
843 CHECK(CBS_offset(&data) == 5);
844 CHECK(CBS_offset(&check) == 5);
845
846 return 1;
847}
848
849int
850main(void)
851{
852 int failed = 0;
853
854 failed |= !test_skip();
855 failed |= !test_get_u();
856 failed |= !test_get_prefixed();
857 failed |= !test_get_prefixed_bad();
858 failed |= !test_get_asn1();
859 failed |= !test_cbb_basic();
860 failed |= !test_cbb_fixed();
861 failed |= !test_cbb_finish_child();
862 failed |= !test_cbb_discard_child();
863 failed |= !test_cbb_misuse();
864 failed |= !test_cbb_prefixed();
865 failed |= !test_cbb_asn1();
866 failed |= !test_indefinite_convert();
867 failed |= !test_asn1_uint64();
868 failed |= !test_get_optional_asn1_bool();
869 failed |= !test_offset();
870 failed |= !test_write_bytes();
871 failed |= !test_cbs_dup();
872
873 if (!failed)
874 printf("PASS\n");
875 return failed;
876}
diff --git a/src/regress/lib/libssl/certs/ca.pem b/src/regress/lib/libssl/certs/ca.pem
deleted file mode 100644
index 07f9b3fddb..0000000000
--- a/src/regress/lib/libssl/certs/ca.pem
+++ /dev/null
@@ -1,45 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIDtjCCAp6gAwIBAgIJAJz/hGfwYXLrMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
3BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
4VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
5QTAeFw0xNDA1MjQxNDQ1MTFaFw0yNDA1MjExNDQ1MTFaMGgxCzAJBgNVBAYTAlVL
6MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
7VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
8DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
9vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
10q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
11juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
12R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
1377WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
14AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
15FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
16BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCPfqm4KbYtXEB8aP1RdUH2BkPSjyau
17WQLMGfKNF/zkUQue0REgdJ4wVR06NTTlOCsfHC6b68vgz2QFC1mM8ZANgDiyr4M1
186gjvP0eZQVxokJ3EMzjDMFRHIiFrZZAFr7aGq8dxoruuehovqyehuJRakAe0oNUb
194ZTKrGuTKh9Mwti9721XNFByjeTFL2dlH6ulz7qyfI+lrTi+pNsUchuVYE8a1TP3
20OEiG6whsyPU1YoTlemC1mvW0ixtj8Tcem0KyotCUyOmJlwyWj0bA43sCI6z/OVqJ
21tVvwgfqrOeVNk9nN2JslCsttnwstwqUfDoEXFoScej2CT0QezFGPTN21
22-----END CERTIFICATE-----
23-----BEGIN CERTIFICATE-----
24MIIDvjCCAqagAwIBAgIJAPrXr2k7uM/OMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
25BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
26VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
27QTAeFw0xNDA1MjQxNDQ1MTFaFw0yNDA1MDExNDQ1MTFaMHAxCzAJBgNVBAYTAlVL
28MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
29VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
30IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
31W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
32IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
33GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
34ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
35ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
36VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
37VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
38BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAAIwwR8jyFN6qYGIRAKi
39ahyeHd26hNPC4RiCvjz6dytuvDUqfMTUZcjBy6Ez1Wsfs1/PC8u3IDpOTwZSz72K
40ACQzPpmXREWkO5nx8I+W+94yJsbklhsTxDlZj3X2oJCQ7qO4hdIpYESWfMchYra9
415e55SMBXeGDp+uRILt+6UfOXCGaXaoYqyrzQROJAiGy1x96A/5sU6ZU3KdKN1JLM
42XTZ268ihubCMRVScHnpYUjRDoGrhnQM7007ybVfRUGNXDs+ENqjGfyxc5ScR+Un4
43UQtOd4zD2g9wrdXvlDiqxci6W7IOEPVP6qHG2GIh+T2zpO3GOAuZCe5cjLiCDATs
44hNw=
45-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client.pem b/src/regress/lib/libssl/certs/client.pem
deleted file mode 100644
index ce4bf49ce6..0000000000
--- a/src/regress/lib/libssl/certs/client.pem
+++ /dev/null
@@ -1,51 +0,0 @@
1subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
2issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
3-----BEGIN CERTIFICATE-----
4MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
5BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
6VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
7ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMVoXDTI0MDQwMTE0NDUxMVowZDELMAkG
8A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
9RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
10ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
11+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
12lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
13nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
14x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
15bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
16AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG
17+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
18AQUFAAOCAQEAJzA4KTjkjXGSC4He63yX9Br0DneGBzjAwc1H6f72uqnCs8m7jgkE
19PQJFdTzQUKh97QPUuayZ2gl8XHagg+iWGy60Kw37gQ0+lumCN2sllvifhHU9R03H
20bWtS4kue+yQjMbrzf3zWygMDgwvFOUAIgBpH9qGc+CdNu97INTYd0Mvz51vLlxRn
21sC5aBYCWaZFnw3lWYxf9eVFRy9U+DkYFqX0LpmbDtcKP7AZGE6ZwSzaim+Cnoz1u
22Cgn+QmpFXgJKMFIZ82iSZISn+JkCCGxctZX1lMvai4Wi8Y0HxW9FTFZ6KBNwwE4B
23zjbN/ehBkgLlW/DWfi44DvwUHmuU6QP3cw==
24-----END CERTIFICATE-----
25-----BEGIN RSA PRIVATE KEY-----
26MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
27wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
28agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
29mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
30MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
31HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
32p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
33KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
341uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
35L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
36LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
37Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
38/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
391oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
401ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
41NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
42zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
43mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
445SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
45u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
46HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
47tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
48SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
49kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
501Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
51-----END RSA PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server.pem b/src/regress/lib/libssl/certs/server.pem
deleted file mode 100644
index 7412490f51..0000000000
--- a/src/regress/lib/libssl/certs/server.pem
+++ /dev/null
@@ -1,51 +0,0 @@
1subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
2issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
3-----BEGIN CERTIFICATE-----
4MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eUMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
5BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
6VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
7ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMloXDTI0MDQwMTE0NDUxMlowZDELMAkG
8A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
9RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
10ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
11KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
12R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
13vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
14TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
1541NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
16AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG
17+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
18AQUFAAOCAQEADfy8VrY5er5ebYLyiC1il5kVOuJHSf8aN5SciJz/VcifA1+Hl2Bu
19CfuizhP/kUdB9PTSj8ep9sL+5PBFl7CZJDO6Sxs5+qJe15XvLBP8UEdvc779plL6
20StUMJT0aU/MaqUZZCldC3G4CcbwzOzKSD5YzvxxIGspxBWRduZKKMOju/4aqK76p
21dwA/VGCve9mjft3LIrb0gSaPi5KmdGtpAjzW3H1+63DSqxCYb1oiPtUZBs4STwjh
22WPRmAEVR4RPCETM3Sth4C+bE0QMCGY12ctcbzhj7Xgo7LcSpqviq6JD8SPuU7ISL
23hy4NcnBBHJr9OV9WTLpmS9V9Vg6QmOpxQw==
24-----END CERTIFICATE-----
25-----BEGIN RSA PRIVATE KEY-----
26MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
27h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
28tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
29D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
30uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
31qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
32zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
33r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
34AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
355s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
36W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
37674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
38utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
39BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
404qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
41WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
42bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
436ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
444UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
45WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
46n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
47JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
48OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
49xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
50UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
51-----END RSA PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/ciphers/Makefile b/src/regress/lib/libssl/ciphers/Makefile
deleted file mode 100644
index c9a58a5e09..0000000000
--- a/src/regress/lib/libssl/ciphers/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2015/02/06 08:48:39 jsing Exp $
2
3PROG= cipherstest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ciphers/cipherstest.c b/src/regress/lib/libssl/ciphers/cipherstest.c
deleted file mode 100644
index d76fbfc8c0..0000000000
--- a/src/regress/lib/libssl/ciphers/cipherstest.c
+++ /dev/null
@@ -1,175 +0,0 @@
1/*
2 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <openssl/ssl.h>
18
19#include <err.h>
20#include <stdio.h>
21#include <string.h>
22
23static int
24get_put_test(const char *name, const SSL_METHOD *method)
25{
26 STACK_OF(SSL_CIPHER) *ciphers;
27 const SSL_CIPHER *cipher;
28 unsigned char buf[2];
29 SSL_CTX *ssl_ctx = NULL;
30 SSL *ssl = NULL;
31 int ret = 1;
32 int i, len;
33
34 if ((len = method->put_cipher_by_char(NULL, NULL)) != 2) {
35 fprintf(stderr,
36 "%s: put_cipher_by_char() returned len %i (want 2)\n",
37 name, len);
38 return (1);
39 }
40
41 if ((ssl_ctx = SSL_CTX_new(method)) == NULL) {
42 fprintf(stderr, "%s: SSL_CTX_new() returned NULL\n", name);
43 goto failure;
44 }
45 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
46 fprintf(stderr, "%s: SSL_new() returned NULL\n", name);
47 goto failure;
48 }
49
50 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
51 fprintf(stderr, "%s: no ciphers\n", name);
52 goto failure;
53 }
54
55 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
56 cipher = sk_SSL_CIPHER_value(ciphers, i);
57 if ((len = method->put_cipher_by_char(cipher, buf)) != 2) {
58 fprintf(stderr,
59 "%s: put_cipher_by_char() returned len %i for %s "
60 "(want 2)\n",
61 name, len, SSL_CIPHER_get_name(cipher));
62 goto failure;
63 }
64 if ((cipher = method->get_cipher_by_char(buf)) == NULL) {
65 fprintf(stderr,
66 "%s: get_cipher_by_char() returned NULL for %s\n",
67 name, SSL_CIPHER_get_name(cipher));
68 goto failure;
69 }
70 }
71
72 ret = 0;
73
74failure:
75 SSL_CTX_free(ssl_ctx);
76 SSL_free(ssl);
77
78 return (ret);
79}
80
81static int
82cipher_get_put_tests(void)
83{
84 int failed = 0;
85
86 failed |= get_put_test("SSLv23", SSLv23_method());
87 failed |= get_put_test("SSLv23_client", SSLv23_client_method());
88 failed |= get_put_test("SSLv23_server", SSLv23_server_method());
89
90 failed |= get_put_test("TLSv1", TLSv1_method());
91 failed |= get_put_test("TLSv1_client", TLSv1_client_method());
92 failed |= get_put_test("TLSv1_server", TLSv1_server_method());
93
94 failed |= get_put_test("TLSv1_1", TLSv1_1_method());
95 failed |= get_put_test("TLSv1_1_client", TLSv1_1_client_method());
96 failed |= get_put_test("TLSv1_1_server", TLSv1_1_server_method());
97
98 failed |= get_put_test("TLSv1_2", TLSv1_2_method());
99 failed |= get_put_test("TLSv1_2_client", TLSv1_2_client_method());
100 failed |= get_put_test("TLSv1_2_server", TLSv1_2_server_method());
101
102 failed |= get_put_test("DTLSv1", DTLSv1_method());
103 failed |= get_put_test("DTLSv1_client", DTLSv1_client_method());
104 failed |= get_put_test("DTLSv1_server", DTLSv1_server_method());
105
106 return failed;
107}
108
109static int
110cipher_get_by_value_tests(void)
111{
112 STACK_OF(SSL_CIPHER) *ciphers;
113 const SSL_CIPHER *cipher;
114 SSL_CTX *ssl_ctx = NULL;
115 SSL *ssl = NULL;
116 unsigned long id;
117 uint16_t value;
118 int ret = 1;
119 int i;
120
121 if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
122 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
123 goto failure;
124 }
125 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
126 fprintf(stderr, "SSL_new() returned NULL\n");
127 goto failure;
128 }
129
130 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
131 fprintf(stderr, "no ciphers\n");
132 goto failure;
133 }
134
135 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
136 cipher = sk_SSL_CIPHER_value(ciphers, i);
137
138 id = SSL_CIPHER_get_id(cipher);
139 if (SSL_CIPHER_get_by_id(id) == NULL) {
140 fprintf(stderr, "SSL_CIPHER_get_by_id() failed "
141 "for %s (0x%lx)\n", SSL_CIPHER_get_name(cipher),
142 id);
143 goto failure;
144 }
145
146 value = SSL_CIPHER_get_value(cipher);
147 if (SSL_CIPHER_get_by_value(value) == NULL) {
148 fprintf(stderr, "SSL_CIPHER_get_by_value() failed "
149 "for %s (0x%04hx)\n", SSL_CIPHER_get_name(cipher),
150 value);
151 goto failure;
152 }
153 }
154
155 ret = 0;
156
157failure:
158 SSL_CTX_free(ssl_ctx);
159 SSL_free(ssl);
160
161 return (ret);
162}
163
164int
165main(int argc, char **argv)
166{
167 int failed = 0;
168
169 SSL_library_init();
170
171 failed |= cipher_get_put_tests();
172 failed |= cipher_get_by_value_tests();
173
174 return (failed);
175}
diff --git a/src/regress/lib/libssl/client/Makefile b/src/regress/lib/libssl/client/Makefile
deleted file mode 100644
index 4f99f0e97c..0000000000
--- a/src/regress/lib/libssl/client/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2015/09/01 17:02:18 jsing Exp $
2
3PROG= clienttest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
deleted file mode 100644
index 6b8ea7d8bd..0000000000
--- a/src/regress/lib/libssl/client/clienttest.c
+++ /dev/null
@@ -1,446 +0,0 @@
1/*
2 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <openssl/ssl.h>
18
19#include <openssl/dtls1.h>
20#include <openssl/ssl3.h>
21
22#include <err.h>
23#include <stdio.h>
24#include <string.h>
25
26#define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
27#define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2)
28#define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38)
29
30#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
31#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
32#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)
33
34static unsigned char cipher_list_dtls1[] = {
35 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
36 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
37 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
38 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08,
39 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
40};
41
42static unsigned char client_hello_dtls1[] = {
43 0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
44 0x00, 0x00, 0x00, 0x00, 0x60, 0x01, 0x00, 0x00,
45 0x54, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
46 0x54, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
47 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
48 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
49 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
50 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xc0,
51 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00,
52 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0,
53 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00,
54 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00,
55 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00,
56 0x04, 0x00, 0x23, 0x00, 0x00,
57};
58
59static unsigned char cipher_list_tls10[] = {
60 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
61 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
62 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
63 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
64 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
65 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
66};
67
68static unsigned char client_hello_tls10[] = {
69 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00,
70 0x6d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
71 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
73 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
74 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14,
75 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
76 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
77 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
78 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
79 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
80 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x16,
81 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
82 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,
83 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
84};
85
86static unsigned char cipher_list_tls11[] = {
87 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
88 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
89 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
90 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
91 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
92 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
93};
94
95static unsigned char client_hello_tls11[] = {
96 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00,
97 0x6d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
100 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14,
102 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
103 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
104 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
105 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
106 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
107 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x16,
108 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
109 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17,
110 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
111};
112
113static unsigned char cipher_list_tls12_aes[] = {
114 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
115 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
116 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
117 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
118 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
119 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
120 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
121 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
122 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
123 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
124 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
125 0x00, 0x0a, 0x00, 0xff,
126};
127
128static unsigned char cipher_list_tls12_chacha[] = {
129 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
130 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
131 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
132 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
133 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
134 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
135 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
136 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
137 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
138 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
139 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
140 0x00, 0x0a, 0x00, 0xff,
141};
142
143static unsigned char client_hello_tls12[] = {
144 0x16, 0x03, 0x01, 0x00, 0xbb, 0x01, 0x00, 0x00,
145 0xb7, 0x03, 0x03, 0x2b, 0x39, 0xcc, 0x56, 0xfc,
146 0xc4, 0x98, 0x8e, 0xfc, 0x22, 0x89, 0xc5, 0x1e,
147 0xa9, 0x88, 0xbd, 0x6e, 0xd8, 0xd1, 0xd6, 0xc1,
148 0xc3, 0x12, 0xe8, 0xe0, 0x1e, 0xfa, 0xa8, 0x21,
149 0xd9, 0x2d, 0x4d, 0x00, 0x00, 0x5c, 0xc0, 0x30,
150 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
151 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
152 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
153 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
154 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
155 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
156 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
157 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
158 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
159 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
160 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
161 0x00, 0xff, 0x01, 0x00, 0x00, 0x32, 0x00, 0x0b,
162 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08,
163 0x00, 0x06, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
164 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18,
165 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
166 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
167 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
168};
169
170struct client_hello_test {
171 const unsigned char *desc;
172 const int protocol;
173 const size_t random_start;
174 const SSL_METHOD *(*ssl_method)(void);
175 const long ssl_options;
176};
177
178static struct client_hello_test client_hello_tests[] = {
179 {
180 .desc = "DTLSv1 client",
181 .protocol = DTLS1_VERSION,
182 .random_start = DTLS_RANDOM_OFFSET,
183 .ssl_method = DTLSv1_client_method,
184 },
185 {
186 .desc = "TLSv1 client",
187 .protocol = TLS1_VERSION,
188 .random_start = SSL3_RANDOM_OFFSET,
189 .ssl_method = TLSv1_client_method,
190 },
191 {
192 .desc = "TLSv1_1 client",
193 .protocol = TLS1_1_VERSION,
194 .random_start = SSL3_RANDOM_OFFSET,
195 .ssl_method = TLSv1_1_client_method,
196 },
197 {
198 .desc = "TLSv1_2 client",
199 .protocol = TLS1_2_VERSION,
200 .random_start = SSL3_RANDOM_OFFSET,
201 .ssl_method = TLSv1_2_client_method,
202 },
203 {
204 .desc = "SSLv23 default",
205 .protocol = TLS1_2_VERSION,
206 .random_start = SSL3_RANDOM_OFFSET,
207 .ssl_method = SSLv23_client_method,
208 .ssl_options = 0,
209 },
210 {
211 .desc = "SSLv23 (no TLSv1.2)",
212 .protocol = TLS1_1_VERSION,
213 .random_start = SSL3_RANDOM_OFFSET,
214 .ssl_method = SSLv23_client_method,
215 .ssl_options = SSL_OP_NO_TLSv1_2,
216 },
217 {
218 .desc = "SSLv23 (no TLSv1.1)",
219 .protocol = TLS1_VERSION,
220 .random_start = SSL3_RANDOM_OFFSET,
221 .ssl_method = SSLv23_client_method,
222 .ssl_options = SSL_OP_NO_TLSv1_1,
223 },
224 {
225 .desc = "TLS default",
226 .protocol = TLS1_2_VERSION,
227 .random_start = SSL3_RANDOM_OFFSET,
228 .ssl_method = TLS_client_method,
229 .ssl_options = 0,
230 },
231 {
232 .desc = "TLS (no TLSv1.2)",
233 .protocol = TLS1_1_VERSION,
234 .random_start = SSL3_RANDOM_OFFSET,
235 .ssl_method = TLS_client_method,
236 .ssl_options = SSL_OP_NO_TLSv1_2,
237 },
238 {
239 .desc = "TLS (no TLSv1.1)",
240 .protocol = TLS1_VERSION,
241 .random_start = SSL3_RANDOM_OFFSET,
242 .ssl_method = TLS_client_method,
243 .ssl_options = SSL_OP_NO_TLSv1_1,
244 },
245 {
246 .desc = "TLS (no TLSv1.0, no TLSv1.1)",
247 .protocol = TLS1_2_VERSION,
248 .random_start = SSL3_RANDOM_OFFSET,
249 .ssl_method = TLS_client_method,
250 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
251 },
252};
253
254#define N_CLIENT_HELLO_TESTS \
255 (sizeof(client_hello_tests) / sizeof(*client_hello_tests))
256
257static void
258hexdump(const unsigned char *buf, size_t len)
259{
260 size_t i;
261
262 for (i = 1; i <= len; i++)
263 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
264
265 fprintf(stderr, "\n");
266}
267
268static inline int
269ssl_aes_is_accelerated(void)
270{
271#if defined(__i386__) || defined(__x86_64__)
272 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
273#else
274 return (0);
275#endif
276}
277
278static int
279make_client_hello(int protocol, char **out, size_t *outlen)
280{
281 size_t client_hello_len, cipher_list_len, cipher_list_offset;
282 const char *client_hello, *cipher_list;
283 char *p;
284
285 *out = NULL;
286 *outlen = 0;
287
288 switch (protocol) {
289 case DTLS1_VERSION:
290 client_hello = client_hello_dtls1;
291 client_hello_len = sizeof(client_hello_dtls1);
292 cipher_list = cipher_list_dtls1;
293 cipher_list_len = sizeof(cipher_list_dtls1);
294 cipher_list_offset = DTLS_CIPHER_OFFSET;
295 break;
296
297 case TLS1_VERSION:
298 client_hello = client_hello_tls10;
299 client_hello_len = sizeof(client_hello_tls10);
300 cipher_list = cipher_list_tls10;
301 cipher_list_len = sizeof(cipher_list_tls10);
302 cipher_list_offset = SSL3_CIPHER_OFFSET;
303 break;
304
305 case TLS1_1_VERSION:
306 client_hello = client_hello_tls11;
307 client_hello_len = sizeof(client_hello_tls11);
308 cipher_list = cipher_list_tls11;
309 cipher_list_len = sizeof(cipher_list_tls11);
310 cipher_list_offset = SSL3_CIPHER_OFFSET;
311 break;
312
313 case TLS1_2_VERSION:
314 client_hello = client_hello_tls12;
315 client_hello_len = sizeof(client_hello_tls12);
316 if (ssl_aes_is_accelerated() == 1)
317 cipher_list = cipher_list_tls12_aes;
318 else
319 cipher_list = cipher_list_tls12_chacha;
320 cipher_list_len = sizeof(cipher_list_tls12_chacha);
321 cipher_list_offset = SSL3_CIPHER_OFFSET;
322 break;
323
324 default:
325 return (-1);
326 }
327
328 if ((p = malloc(client_hello_len)) == NULL)
329 return (-1);
330
331 memcpy(p, client_hello, client_hello_len);
332 memcpy(p + cipher_list_offset, cipher_list, cipher_list_len);
333
334 *out = p;
335 *outlen = client_hello_len;
336
337 return (0);
338}
339
340static int
341client_hello_test(int testno, struct client_hello_test *cht)
342{
343 BIO *rbio = NULL, *wbio = NULL;
344 SSL_CTX *ssl_ctx = NULL;
345 SSL *ssl = NULL;
346 char *client_hello = NULL;
347 size_t client_hello_len;
348 char *wbuf, rbuf[1];
349 int ret = 1;
350 size_t i;
351 long len;
352
353 fprintf(stderr, "Test %i - %s\n", testno, cht->desc);
354
355 /* Providing a small buf causes *_get_server_hello() to return. */
356 if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {
357 fprintf(stderr, "Failed to setup rbio\n");
358 goto failure;
359 }
360 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
361 fprintf(stderr, "Failed to setup wbio\n");
362 goto failure;
363 }
364
365 if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) {
366 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
367 goto failure;
368 }
369
370 SSL_CTX_set_options(ssl_ctx, cht->ssl_options);
371
372 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
373 fprintf(stderr, "SSL_new() returned NULL\n");
374 goto failure;
375 }
376
377 rbio->references = 2;
378 wbio->references = 2;
379
380 SSL_set_bio(ssl, rbio, wbio);
381
382 if (SSL_connect(ssl) != 0) {
383 fprintf(stderr, "SSL_connect() returned non-zero\n");
384 goto failure;
385 }
386
387 len = BIO_get_mem_data(wbio, &wbuf);
388
389 if (make_client_hello(cht->protocol, &client_hello,
390 &client_hello_len) != 0)
391 goto failure;
392
393 if ((size_t)len != client_hello_len) {
394 fprintf(stderr, "FAIL: test returned ClientHello length %li, "
395 "want %zu\n", len, client_hello_len);
396 fprintf(stderr, "received:\n");
397 hexdump(wbuf, len);
398 goto failure;
399 }
400
401 /* We expect the client random to differ. */
402 i = cht->random_start + SSL3_RANDOM_SIZE;
403 if (memcmp(client_hello, wbuf, cht->random_start) != 0 ||
404 memcmp(&client_hello[cht->random_start],
405 &wbuf[cht->random_start], SSL3_RANDOM_SIZE) == 0 ||
406 memcmp(&client_hello[i], &wbuf[i], len - i) != 0) {
407 fprintf(stderr, "FAIL: ClientHello differs:\n");
408 fprintf(stderr, "received:\n");
409 memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE);
410 hexdump(wbuf, len);
411 fprintf(stderr, "test data:\n");
412 hexdump(client_hello, client_hello_len);
413 fprintf(stderr, "\n");
414 goto failure;
415 }
416
417 ret = 0;
418
419failure:
420 SSL_CTX_free(ssl_ctx);
421 SSL_free(ssl);
422
423 rbio->references = 1;
424 wbio->references = 1;
425
426 BIO_free(rbio);
427 BIO_free(wbio);
428
429 free(client_hello);
430
431 return (ret);
432}
433
434int
435main(int argc, char **argv)
436{
437 int failed = 0;
438 size_t i;
439
440 SSL_library_init();
441
442 for (i = 0; i < N_CLIENT_HELLO_TESTS; i++)
443 failed |= client_hello_test(i, &client_hello_tests[i]);
444
445 return (failed);
446}
diff --git a/src/regress/lib/libssl/handshake/Makefile b/src/regress/lib/libssl/handshake/Makefile
deleted file mode 100644
index 626bf4767a..0000000000
--- a/src/regress/lib/libssl/handshake/Makefile
+++ /dev/null
@@ -1,45 +0,0 @@
1# $OpenBSD: Makefile,v 1.7 2019/11/06 10:28:58 tb Exp $
2
3PROGS += handshake_table
4PROGS += valid_handshakes_terminate
5
6.for p in ${PROGS}
7REGRESS_TARGETS += run-$p
8.endfor
9
10LDADD = ${SSL_INT} -lcrypto
11DPADD = ${LIBCRYPTO} ${LIBSSL}
12WARNINGS = Yes
13CFLAGS += -DLIBRESSL_INTERNAL -Wundef -Werror -I${BSDSRCDIR}/lib/libssl
14
15print: handshake_table
16 @./handshake_table -C
17
18handshake.gv: handshake_table
19 ./handshake_table -g > $@.tmp
20 mv $@.tmp $@
21
22CLEANFILES += handshake.gv
23
24.for _FMT in png ps svg
25handshake.${_FMT}: handshake.gv
26 @if [ ! -x /usr/local/bin/dot ]; then \
27 echo "pkg_add graphviz to generate png"; \
28 false; \
29 fi
30 dot -T${_FMT} handshake.gv -o $@
31
32CLEANFILES += handshake.${_FMT}
33.endfor
34
35.for p in ${PROGS}
36run-$p: $p
37 @echo '\n======== $@ ========'
38 ./$p
39
40.PHONY: run-$p
41.endfor
42
43.PHONY: print
44
45.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/handshake/handshake_table.c b/src/regress/lib/libssl/handshake/handshake_table.c
deleted file mode 100644
index 494f72fd27..0000000000
--- a/src/regress/lib/libssl/handshake/handshake_table.c
+++ /dev/null
@@ -1,516 +0,0 @@
1/* $OpenBSD: handshake_table.c,v 1.11 2019/04/05 20:25:25 tb Exp $ */
2/*
3 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdint.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <unistd.h>
23
24#include "tls13_handshake.h"
25
26/*
27 * From RFC 8446:
28 *
29 * Appendix A. State Machine
30 *
31 * This appendix provides a summary of the legal state transitions for
32 * the client and server handshakes. State names (in all capitals,
33 * e.g., START) have no formal meaning but are provided for ease of
34 * comprehension. Actions which are taken only in certain circumstances
35 * are indicated in []. The notation "K_{send,recv} = foo" means "set
36 * the send/recv key to the given key".
37 *
38 * A.1. Client
39 *
40 * START <----+
41 * Send ClientHello | | Recv HelloRetryRequest
42 * [K_send = early data] | |
43 * v |
44 * / WAIT_SH ----+
45 * | | Recv ServerHello
46 * | | K_recv = handshake
47 * Can | V
48 * send | WAIT_EE
49 * early | | Recv EncryptedExtensions
50 * data | +--------+--------+
51 * | Using | | Using certificate
52 * | PSK | v
53 * | | WAIT_CERT_CR
54 * | | Recv | | Recv CertificateRequest
55 * | | Certificate | v
56 * | | | WAIT_CERT
57 * | | | | Recv Certificate
58 * | | v v
59 * | | WAIT_CV
60 * | | | Recv CertificateVerify
61 * | +> WAIT_FINISHED <+
62 * | | Recv Finished
63 * \ | [Send EndOfEarlyData]
64 * | K_send = handshake
65 * | [Send Certificate [+ CertificateVerify]]
66 * Can send | Send Finished
67 * app data --> | K_send = K_recv = application
68 * after here v
69 * CONNECTED
70 *
71 * Note that with the transitions as shown above, clients may send
72 * alerts that derive from post-ServerHello messages in the clear or
73 * with the early data keys. If clients need to send such alerts, they
74 * SHOULD first rekey to the handshake keys if possible.
75 *
76 */
77
78struct child {
79 enum tls13_message_type mt;
80 uint8_t flag;
81 uint8_t forced;
82 uint8_t illegal;
83};
84
85#define DEFAULT 0x00
86
87static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = {
88 [CLIENT_HELLO] = {
89 {SERVER_HELLO, DEFAULT, 0, 0},
90 },
91 [SERVER_HELLO] = {
92 {SERVER_ENCRYPTED_EXTENSIONS, DEFAULT, 0, 0},
93 {CLIENT_HELLO_RETRY, WITH_HRR, 0, 0},
94 },
95 [CLIENT_HELLO_RETRY] = {
96 {SERVER_HELLO_RETRY, DEFAULT, 0, 0},
97 },
98 [SERVER_HELLO_RETRY] = {
99 {SERVER_ENCRYPTED_EXTENSIONS, DEFAULT, 0, 0},
100 },
101 [SERVER_ENCRYPTED_EXTENSIONS] = {
102 {SERVER_CERTIFICATE_REQUEST, DEFAULT, 0, 0},
103 {SERVER_CERTIFICATE, WITHOUT_CR, 0, 0},
104 {SERVER_FINISHED, WITH_PSK, 0, 0},
105 },
106 [SERVER_CERTIFICATE_REQUEST] = {
107 {SERVER_CERTIFICATE, DEFAULT, 0, 0},
108 },
109 [SERVER_CERTIFICATE] = {
110 {SERVER_CERTIFICATE_VERIFY, DEFAULT, 0, 0},
111 },
112 [SERVER_CERTIFICATE_VERIFY] = {
113 {SERVER_FINISHED, DEFAULT, 0, 0},
114 },
115 [SERVER_FINISHED] = {
116 {CLIENT_FINISHED, DEFAULT, WITHOUT_CR | WITH_PSK, 0},
117 {CLIENT_CERTIFICATE, DEFAULT, 0, WITHOUT_CR | WITH_PSK},
118 },
119 [CLIENT_CERTIFICATE] = {
120 {CLIENT_FINISHED, DEFAULT, 0, 0},
121 {CLIENT_CERTIFICATE_VERIFY, WITH_CCV, 0, 0},
122 },
123 [CLIENT_CERTIFICATE_VERIFY] = {
124 {CLIENT_FINISHED, DEFAULT, 0, 0},
125 },
126 [CLIENT_FINISHED] = {
127 {APPLICATION_DATA, DEFAULT, 0, 0},
128 },
129 [APPLICATION_DATA] = {
130 {0, DEFAULT, 0, 0},
131 },
132};
133
134const size_t stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]);
135
136void build_table(enum tls13_message_type
137 table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
138 struct child current, struct child end,
139 struct child path[], uint8_t flags, unsigned int depth);
140size_t count_handshakes(void);
141void edge(enum tls13_message_type start,
142 enum tls13_message_type end, uint8_t flag);
143const char *flag2str(uint8_t flag);
144void flag_label(uint8_t flag);
145void forced_edges(enum tls13_message_type start,
146 enum tls13_message_type end, uint8_t forced);
147int generate_graphics(void);
148void fprint_entry(FILE *stream,
149 enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES],
150 uint8_t flags);
151void fprint_flags(FILE *stream, uint8_t flags);
152const char *mt2str(enum tls13_message_type mt);
153__dead void usage(void);
154int verify_table(enum tls13_message_type
155 table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES], int print);
156
157const char *
158flag2str(uint8_t flag)
159{
160 const char *ret;
161
162 if (flag & (flag - 1))
163 errx(1, "more than one bit is set");
164
165 switch (flag) {
166 case INITIAL:
167 ret = "INITIAL";
168 break;
169 case NEGOTIATED:
170 ret = "NEGOTIATED";
171 break;
172 case WITHOUT_CR:
173 ret = "WITHOUT_CR";
174 break;
175 case WITH_HRR:
176 ret = "WITH_HRR";
177 break;
178 case WITH_PSK:
179 ret = "WITH_PSK";
180 break;
181 case WITH_CCV:
182 ret = "WITH_CCV";
183 break;
184 case WITH_0RTT:
185 ret = "WITH_0RTT";
186 break;
187 default:
188 ret = "UNKNOWN";
189 }
190
191 return ret;
192}
193
194const char *
195mt2str(enum tls13_message_type mt)
196{
197 const char *ret;
198
199 switch (mt) {
200 case INVALID:
201 ret = "INVALID";
202 break;
203 case CLIENT_HELLO:
204 ret = "CLIENT_HELLO";
205 break;
206 case CLIENT_HELLO_RETRY:
207 ret = "CLIENT_HELLO_RETRY";
208 break;
209 case CLIENT_END_OF_EARLY_DATA:
210 ret = "CLIENT_END_OF_EARLY_DATA";
211 break;
212 case CLIENT_CERTIFICATE:
213 ret = "CLIENT_CERTIFICATE";
214 break;
215 case CLIENT_CERTIFICATE_VERIFY:
216 ret = "CLIENT_CERTIFICATE_VERIFY";
217 break;
218 case CLIENT_FINISHED:
219 ret = "CLIENT_FINISHED";
220 break;
221 case CLIENT_KEY_UPDATE:
222 ret = "CLIENT_KEY_UPDATE";
223 break;
224 case SERVER_HELLO:
225 ret = "SERVER_HELLO";
226 break;
227 case SERVER_HELLO_RETRY:
228 ret = "SERVER_HELLO_RETRY";
229 break;
230 case SERVER_NEW_SESSION_TICKET:
231 ret = "SERVER_NEW_SESSION_TICKET";
232 break;
233 case SERVER_ENCRYPTED_EXTENSIONS:
234 ret = "SERVER_ENCRYPTED_EXTENSIONS";
235 break;
236 case SERVER_CERTIFICATE:
237 ret = "SERVER_CERTIFICATE";
238 break;
239 case SERVER_CERTIFICATE_VERIFY:
240 ret = "SERVER_CERTIFICATE_VERIFY";
241 break;
242 case SERVER_CERTIFICATE_REQUEST:
243 ret = "SERVER_CERTIFICATE_REQUEST";
244 break;
245 case SERVER_FINISHED:
246 ret = "SERVER_FINISHED";
247 break;
248 case APPLICATION_DATA:
249 ret = "APPLICATION_DATA";
250 break;
251 case TLS13_NUM_MESSAGE_TYPES:
252 ret = "TLS13_NUM_MESSAGE_TYPES";
253 break;
254 default:
255 ret = "UNKNOWN";
256 break;
257 }
258
259 return ret;
260}
261
262void
263fprint_flags(FILE *stream, uint8_t flags)
264{
265 int first = 1, i;
266
267 if (flags == 0) {
268 fprintf(stream, "%s", flag2str(flags));
269 return;
270 }
271
272 for (i = 0; i < 8; i++) {
273 uint8_t set = flags & (1U << i);
274
275 if (set) {
276 fprintf(stream, "%s%s", first ? "" : " | ",
277 flag2str(set));
278 first = 0;
279 }
280 }
281}
282
283void
284fprint_entry(FILE *stream,
285 enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES], uint8_t flags)
286{
287 int i;
288
289 fprintf(stream, "\t[");
290 fprint_flags(stream, flags);
291 fprintf(stream, "] = {\n");
292
293 for (i = 0; i < TLS13_NUM_MESSAGE_TYPES; i++) {
294 if (path[i] == 0)
295 break;
296 fprintf(stream, "\t\t%s,\n", mt2str(path[i]));
297 }
298 fprintf(stream, "\t},\n");
299}
300
301void
302edge(enum tls13_message_type start, enum tls13_message_type end,
303 uint8_t flag)
304{
305 printf("\t%s -> %s", mt2str(start), mt2str(end));
306 flag_label(flag);
307 printf(";\n");
308}
309
310void
311flag_label(uint8_t flag)
312{
313 if (flag)
314 printf(" [label=\"%s\"]", flag2str(flag));
315}
316
317void
318forced_edges(enum tls13_message_type start, enum tls13_message_type end,
319 uint8_t forced)
320{
321 uint8_t forced_flag, i;
322
323 if (forced == 0)
324 return;
325
326 for (i = 0; i < 8; i++) {
327 forced_flag = forced & (1U << i);
328 if (forced_flag)
329 edge(start, end, forced_flag);
330 }
331}
332
333int
334generate_graphics(void)
335{
336 enum tls13_message_type start, end;
337 unsigned int child;
338 uint8_t flag;
339 uint8_t forced;
340
341 printf("digraph G {\n");
342 printf("\t%s [shape=box];\n", mt2str(CLIENT_HELLO));
343 printf("\t%s [shape=box];\n", mt2str(APPLICATION_DATA));
344
345 for (start = CLIENT_HELLO; start < APPLICATION_DATA; start++) {
346 for (child = 0; stateinfo[start][child].mt != 0; child++) {
347 end = stateinfo[start][child].mt;
348 flag = stateinfo[start][child].flag;
349 forced = stateinfo[start][child].forced;
350
351 if (forced == 0)
352 edge(start, end, flag);
353 else
354 forced_edges(start, end, forced);
355 }
356 }
357
358 printf("}\n");
359 return 0;
360}
361
362extern enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES];
363extern size_t handshake_count;
364
365size_t
366count_handshakes(void)
367{
368 size_t ret = 0, i;
369
370 for (i = 0; i < handshake_count; i++) {
371 if (handshakes[i][0] != INVALID)
372 ret++;
373 }
374
375 return ret;
376}
377
378void
379build_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
380 struct child current, struct child end, struct child path[], uint8_t flags,
381 unsigned int depth)
382{
383 unsigned int i;
384
385 if (depth >= TLS13_NUM_MESSAGE_TYPES - 1)
386 errx(1, "recursed too deeply");
387
388 /* Record current node. */
389 path[depth++] = current;
390 flags |= current.flag;
391
392 /* If we haven't reached the end, recurse over the children. */
393 if (current.mt != end.mt) {
394 for (i = 0; stateinfo[current.mt][i].mt != 0; i++) {
395 struct child child = stateinfo[current.mt][i];
396 int forced = stateinfo[current.mt][i].forced;
397 int illegal = stateinfo[current.mt][i].illegal;
398
399 if ((forced == 0 || (forced & flags)) &&
400 (illegal == 0 || !(illegal & flags)))
401 build_table(table, child, end, path, flags,
402 depth);
403 }
404 return;
405 }
406
407 if (flags == 0)
408 errx(1, "path does not set flags");
409
410 if (table[flags][0] != 0)
411 errx(1, "path traversed twice");
412
413 for (i = 0; i < depth; i++)
414 table[flags][i] = path[i].mt;
415}
416
417int
418verify_table(enum tls13_message_type table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES],
419 int print)
420{
421 int success = 1, i;
422 size_t num_valid, num_found = 0;
423 uint8_t flags = 0;
424
425 do {
426 if (table[flags][0] == 0)
427 continue;
428
429 num_found++;
430
431 for (i = 0; i < TLS13_NUM_MESSAGE_TYPES; i++) {
432 if (table[flags][i] != handshakes[flags][i]) {
433 fprintf(stderr,
434 "incorrect entry %d of handshake ", i);
435 fprint_flags(stderr, flags);
436 fprintf(stderr, "\n");
437 success = 0;
438 }
439 }
440
441 if (print)
442 fprint_entry(stdout, table[flags], flags);
443 } while(++flags != 0);
444
445 num_valid = count_handshakes();
446 if (num_valid != num_found) {
447 fprintf(stderr,
448 "incorrect number of handshakes: want %zu, got %zu.\n",
449 num_valid, num_found);
450 success = 0;
451 }
452
453 return success;
454}
455
456__dead void
457usage(void)
458{
459 fprintf(stderr, "usage: handshake_table [-C | -g]\n");
460 exit(1);
461}
462
463int
464main(int argc, char *argv[])
465{
466 static enum tls13_message_type
467 hs_table[UINT8_MAX][TLS13_NUM_MESSAGE_TYPES] = {
468 [INITIAL] = {
469 CLIENT_HELLO,
470 SERVER_HELLO,
471 },
472 };
473 struct child start = {
474 CLIENT_HELLO, DEFAULT, 0, 0,
475 };
476 struct child end = {
477 APPLICATION_DATA, DEFAULT, 0, 0,
478 };
479 struct child path[TLS13_NUM_MESSAGE_TYPES] = {{0}};
480 uint8_t flags = NEGOTIATED;
481 unsigned int depth = 0;
482 int ch, graphviz = 0, print = 0;
483
484 while ((ch = getopt(argc, argv, "Cg")) != -1) {
485 switch (ch) {
486 case 'C':
487 print = 1;
488 break;
489 case 'g':
490 graphviz = 1;
491 break;
492 default:
493 usage();
494 }
495 }
496 argc -= optind;
497 argv += optind;
498
499 if (argc != 0)
500 usage();
501
502 if (graphviz && print)
503 usage();
504
505 if (graphviz)
506 return generate_graphics();
507
508 build_table(hs_table, start, end, path, flags, depth);
509 if (!verify_table(hs_table, print))
510 return 1;
511
512 if (!print)
513 printf("SUCCESS\n");
514
515 return 0;
516}
diff --git a/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c b/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c
deleted file mode 100644
index 5f0e4f2c18..0000000000
--- a/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* $OpenBSD: valid_handshakes_terminate.c,v 1.3 2019/04/05 20:25:42 tb Exp $ */
2/*
3 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include "tls13_handshake.c"
22
23int
24main(int argc, char *argv[])
25{
26 size_t i, j;
27 int terminates;
28 int fail = 0;
29
30 for (i = 1; i < handshake_count; i++) {
31 enum tls13_message_type mt = handshakes[i][0];
32
33 if (mt == INVALID)
34 continue;
35
36 terminates = 0;
37
38 for (j = 0; j < TLS13_NUM_MESSAGE_TYPES; j++) {
39 mt = handshakes[i][j];
40 if (state_machine[mt].handshake_complete) {
41 terminates = 1;
42 break;
43 }
44 }
45
46 if (!terminates) {
47 fail = 1;
48 printf("FAIL: handshake_complete never true in "
49 "handshake %zu\n", i);
50 }
51 }
52
53 if (!fail)
54 printf("SUCCESS\n");
55
56 return fail;
57}
diff --git a/src/regress/lib/libssl/interop/LICENSE b/src/regress/lib/libssl/interop/LICENSE
deleted file mode 100644
index 838e7f45cc..0000000000
--- a/src/regress/lib/libssl/interop/LICENSE
+++ /dev/null
@@ -1,15 +0,0 @@
1/*
2 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
deleted file mode 100644
index 36b233c189..0000000000
--- a/src/regress/lib/libssl/interop/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2019/02/21 23:06:33 bluhm Exp $
2
3SUBDIR = libressl openssl openssl11
4# the above binaries must have been built before we can continue
5SUBDIR += netcat
6SUBDIR += session
7SUBDIR += cipher
8SUBDIR += cert
9
10.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
deleted file mode 100644
index dfe1424949..0000000000
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ /dev/null
@@ -1,91 +0,0 @@
1# $OpenBSD: Makefile.inc,v 1.6 2019/02/21 23:06:33 bluhm Exp $
2
3.PATH: ${.CURDIR}/..
4
5SRCS_client = client.c util.c
6SRCS_server = server.c util.c
7WARNINGS = yes
8CLEANFILES += *.out *.fstat
9
10.for p in ${PROGS}
11ldd-$p.out: $p
12 # programs must be linked with correct libraries
13 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ldd $p >$@
14.endfor
15
16client-self.out server-self.out: run-self-client-server
17
18run-self-client-server: client server 127.0.0.1.crt
19 @echo '\n======== $@ ========'
20 # check that tls client and server work together
21 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
22 ./server >server-self.out \
23 127.0.0.1 0
24 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
25 ./client >client-self.out \
26 `sed -n 's/listen sock: //p' server-self.out`
27 # check that the client run successfully to the end
28 grep -q '^success$$' client-self.out
29 # client must have read server greeting
30 grep -q '^<<< greeting$$' client-self.out
31 # check that the server child run successfully to the end
32 grep -q '^success$$' server-self.out
33 # server must have read client hello
34 grep -q '^<<< hello$$' server-self.out
35
36# create certificates for TLS
37
38CLEANFILES += 127.0.0.1.{crt,key} \
39 ca.{crt,key,srl} fake-ca.{crt,key} \
40 {client,server}.{req,crt,key} \
41 {dsa,ec,gost,rsa}.{key,req,crt} \
42 dh.param
43
44127.0.0.1.crt:
45 openssl req -batch -new \
46 -subj /L=OpenBSD/O=tls-regress/OU=server/CN=127.0.0.1/ \
47 -nodes -newkey rsa -keyout 127.0.0.1.key -x509 -out $@
48
49ca.crt fake-ca.crt:
50 openssl req -batch -new \
51 -subj /L=OpenBSD/O=tls-regress/OU=ca/CN=root/ \
52 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
53
54client.req server.req:
55 openssl req -batch -new \
56 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
57 -nodes -newkey rsa -keyout ${@:R}.key -out $@
58
59client.crt server.crt: ca.crt ${@:R}.req
60 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
61 -req -in ${@:R}.req -out $@
62
63dh.param:
64 openssl dhparam -out $@ 1024
65
66dsa.key:
67 openssl dsaparam -genkey -out $@ 2048
68
69ec.key:
70 openssl ecparam -genkey -name secp256r1 -out $@
71
72gost.key:
73 openssl genpkey -algorithm gost2001 \
74 -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
75
76rsa.key:
77 openssl genrsa -out $@ 2048
78
79dsa.req ec.req rsa.req: ${@:R}.key
80 openssl req -batch -new \
81 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
82 -nodes -key ${@:R}.key -out $@
83
84gost.req: ${@:R}.key
85 openssl req -batch -new -md_gost94 \
86 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
87 -nodes -key ${@:R}.key -out $@
88
89dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
90 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
91 -req -in ${@:R}.req -out $@
diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README
deleted file mode 100644
index 54910e554d..0000000000
--- a/src/regress/lib/libssl/interop/README
+++ /dev/null
@@ -1,22 +0,0 @@
1Test TLS interoperability between LibreSSL and OpenSSL.
2
3Implement simple SSL client and server in C. Create six binaries
4by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1. This
5way API compatibility is tested.
6
7To self test each SSL library, connect client with server. Check
8that the highest available TLS version is selected. LibreSSL TLS
91.3 check has to be enabled when the feature becomes available.
10
11Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As
12soon as LibreSSL supports TLS 1.3, it should be used automatically
13when netcat is communicating with OpenSSL 1.1.
14
15Connect and accept with netcat to test protocol compatibility with
16libtls. Test TLS session reuse multiple times with different library
17combinations. The cert subdir is testing all combinations of
18certificate validation. Having the three libraries, client and
19server certificates, missing or invalid CA or certificates, and
20enforcing peer certificate results in 1944 test cases. The cipher
21test establishes connections between implementations for each
22supported cipher.
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
deleted file mode 100644
index 11bc4aa2ab..0000000000
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ /dev/null
@@ -1,84 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2019/02/21 23:06:33 bluhm Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create client and server certificates
5# that are signed by a CA and not signed by a fake CA. Try all
6# combinations with, without, and with wrong CA for client and server
7# and check the result of certificate verification.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl)
11LIBRARIES += openssl
12.endif
13.if exists(/usr/local/bin/eopenssl11)
14LIBRARIES += openssl11
15.endif
16
17.for cca in noca ca fakeca
18.for sca in noca ca fakeca
19.for ccert in nocert cert
20.for scert in nocert cert
21.for cv in noverify verify
22.for sv in noverify verify certverify
23
24# remember when certificate verification should fail
25.if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
26 "${cv}" == noverify) && \
27 (("${sv}" == verify && "${ccert}" == nocert) || \
28 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
29 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
30 "${sv}" == noverify)
31FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
32.else
33FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
34.endif
35
36.for clib in ${LIBRARIES}
37.for slib in ${LIBRARIES}
38
39REGRESS_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
40
41run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
42 127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
43 ../${clib}/client ../${slib}/server
44 @echo '\n======== $@ ========'
45 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
46 ../${slib}/server >${@:S/^run/server/}.out \
47 ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
48 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
49 ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
50 127.0.0.1 0
51 ${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
52 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
53 ../${clib}/client >${@:S/^run/client/}.out \
54 ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
55 ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
56 ${cv:S/^noverify//:S/^verify/-v/} \
57 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
58.if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
59 grep '^success$$' ${@:S/^run/server/}.out || \
60 { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
61 grep '^success$$' ${@:S/^run/client/}.out
62.elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
63 ("${cv}" == verify && "${scert}" != cert)
64 grep '^verify: fail' ${@:S/^run/client/}.out ${@:S/^run/server/}.out
65.endif
66
67.endfor
68.endfor
69.endfor
70.endfor
71.endfor
72.endfor
73.endfor
74.endfor
75
76# argument list too long for a single rm *
77
78clean: _SUBDIRUSE
79 rm -f client-*.out
80 rm -f server-*.out
81 rm -f a.out [Ee]rrs mklog *.core y.tab.h \
82 ${PROG} ${PROGS} ${OBJS} ${_LEXINTM} ${_YACCINTM} ${CLEANFILES}
83
84.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index 3f43ce804e..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,175 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2019/03/28 22:24:13 bluhm Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers
5# and pin client and server to one of the ciphers. Use server
6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out.
8
9check-cipher-ADH-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
10check-cipher-ADH-AES128-SHA-client-openssl11-server-openssl11 \
11check-cipher-ADH-AES128-SHA256-client-openssl11-server-openssl11 \
12check-cipher-ADH-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
13check-cipher-ADH-AES256-SHA-client-openssl11-server-openssl11 \
14check-cipher-ADH-AES256-SHA256-client-openssl11-server-openssl11 \
15check-cipher-ADH-CAMELLIA128-SHA-client-openssl11-server-openssl11 \
16check-cipher-ADH-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \
17check-cipher-ADH-CAMELLIA256-SHA-client-openssl11-server-openssl11 \
18check-cipher-ADH-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \
19check-cipher-AECDH-AES128-SHA-client-openssl11-server-openssl11 \
20check-cipher-AECDH-AES256-SHA-client-openssl11-server-openssl11 \
21check-cipher-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
22check-cipher-AES128-SHA-client-openssl11-server-openssl11 \
23check-cipher-AES128-SHA256-client-openssl11-server-openssl11 \
24check-cipher-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
25check-cipher-AES256-SHA-client-openssl11-server-openssl11 \
26check-cipher-AES256-SHA256-client-openssl11-server-openssl11 \
27check-cipher-CAMELLIA128-SHA-client-openssl11-server-openssl11 \
28check-cipher-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \
29check-cipher-CAMELLIA256-SHA-client-openssl11-server-openssl11 \
30check-cipher-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \
31check-cipher-DHE-RSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
32check-cipher-DHE-RSA-AES128-SHA-client-openssl11-server-openssl11 \
33check-cipher-DHE-RSA-AES128-SHA256-client-openssl11-server-openssl11 \
34check-cipher-DHE-RSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
35check-cipher-DHE-RSA-AES256-SHA-client-openssl11-server-openssl11 \
36check-cipher-DHE-RSA-AES256-SHA256-client-openssl11-server-openssl11 \
37check-cipher-DHE-RSA-CAMELLIA128-SHA-client-openssl11-server-openssl11 \
38check-cipher-DHE-RSA-CAMELLIA128-SHA256-client-openssl11-server-openssl11 \
39check-cipher-DHE-RSA-CAMELLIA256-SHA-client-openssl11-server-openssl11 \
40check-cipher-DHE-RSA-CAMELLIA256-SHA256-client-openssl11-server-openssl11 \
41check-cipher-DHE-RSA-CHACHA20-POLY1305-client-openssl11-server-openssl11 \
42check-cipher-ECDHE-ECDSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
43check-cipher-ECDHE-ECDSA-AES128-SHA-client-openssl11-server-openssl11 \
44check-cipher-ECDHE-ECDSA-AES128-SHA256-client-openssl11-server-openssl11 \
45check-cipher-ECDHE-ECDSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
46check-cipher-ECDHE-ECDSA-AES256-SHA-client-openssl11-server-openssl11 \
47check-cipher-ECDHE-ECDSA-AES256-SHA384-client-openssl11-server-openssl11 \
48check-cipher-ECDHE-ECDSA-CHACHA20-POLY1305-client-openssl11-server-openssl11 \
49check-cipher-ECDHE-RSA-AES128-GCM-SHA256-client-openssl11-server-openssl11 \
50check-cipher-ECDHE-RSA-AES128-SHA-client-openssl11-server-openssl11 \
51check-cipher-ECDHE-RSA-AES128-SHA256-client-openssl11-server-openssl11 \
52check-cipher-ECDHE-RSA-AES256-GCM-SHA384-client-openssl11-server-openssl11 \
53check-cipher-ECDHE-RSA-AES256-SHA-client-openssl11-server-openssl11 \
54check-cipher-ECDHE-RSA-AES256-SHA384-client-openssl11-server-openssl11 \
55check-cipher-ECDHE-RSA-CHACHA20-POLY1305-client-openssl11-server-openssl11:
56 # openssl11 always prints TLS_AES_256_GCM_SHA384 as cipher in out file
57 @echo DISABLED
58
59LIBRARIES = libressl
60.if exists(/usr/local/bin/eopenssl)
61LIBRARIES += openssl
62.endif
63.if exists(/usr/local/bin/eopenssl11)
64LIBRARIES += openssl11
65.endif
66
67CLEANFILES = *.tmp *.ciphers ciphers.mk
68
69.for clib in ${LIBRARIES}
70client-${clib}.ciphers:
71 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
72 ../${clib}/client -l ALL -L >$@.tmp
73 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
74 rm $@.tmp
75.endfor
76.for slib in ${LIBRARIES}
77server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
78 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
79 ../${slib}/server -l ALL -L >$@.tmp
80 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
81 rm $@.tmp
82.endfor
83
84.for clib in ${LIBRARIES}
85.for slib in ${LIBRARIES}
86ciphers.mk: client-${clib}-server-${slib}.ciphers
87client-${clib}-server-${slib}.ciphers: \
88 client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
89 # get ciphers shared between client and server
90 sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
91 uniq -d <$@.tmp >$@
92 # we are only interested in ciphers supported by libressl
93 sort $@ client-libressl.ciphers >$@.tmp
94 uniq -d <$@.tmp >$@
95 rm $@.tmp
96.endfor
97.endfor
98
99ciphers.mk:
100 rm -f $@ $@.tmp
101.for clib in ${LIBRARIES}
102.for slib in ${LIBRARIES}
103 echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
104 `cat client-${clib}-server-${slib}.ciphers`
105.endfor
106.endfor
107 mv $@.tmp $@
108
109# hack to convert generated lists into usable make variables
110.if exists(ciphers.mk)
111.include "ciphers.mk"
112.else
113regress: ciphers.mk
114 ${MAKE} -C ${.CURDIR} regress
115.endif
116
117LEVEL_libressl =
118LEVEL_openssl =
119LEVEL_openssl11 = ,@SECLEVEL=0
120
121.for clib in ${LIBRARIES}
122.for slib in ${LIBRARIES}
123.for cipher in ${CIPHERS_${clib}_${slib}}
124
125.if "${cipher:M*-DSS-*}" != ""
126TYPE_${cipher} = dsa
127.elif "${cipher:M*-ECDSA-*}" != ""
128TYPE_${cipher} = ec
129.elif "${cipher:M*-GOST89-*}" != ""
130TYPE_${cipher} = gost
131.elif "${cipher:M*-RSA-*}" != ""
132TYPE_${cipher} = rsa
133.else
134TYPE_${cipher} = 127.0.0.1
135.endif
136
137.if "${slib}" == "openssl" && \
138 "${cipher:MADH-*}${cipher:MEDH-*}${cipher:MDHE-*}" != ""
139DHPARAM_${cipher}_${slib} = -p dh.param
140.else
141DHPARAM_${cipher}_${slib} =
142.endif
143
144REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
145run-cipher-${cipher}-client-${clib}-server-${slib} \
146client-cipher-${cipher}-client-${clib}-server-${slib}.out \
147server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
148 127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
149 @echo '\n======== $@ ========'
150 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
151 ../${slib}/server >${@:S/^run/server/}.out \
152 -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
153 -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
154 127.0.0.1 0
155 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
156 ../${clib}/client >${@:S/^run/client/}.out \
157 -l ${cipher}${LEVEL_${clib}} \
158 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
159 grep -q '^success$$' ${@:S/^run/server/}.out || \
160 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
161 grep -q '^success$$' ${@:S/^run/client/}.out
162
163REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
164check-cipher-${cipher}-client-${clib}-server-${slib}: \
165 client-cipher-${cipher}-client-${clib}-server-${slib}.out \
166 server-cipher-${cipher}-client-${clib}-server-${slib}.out
167 @echo '\n======== $@ ========'
168 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
169 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
170
171.endfor
172.endfor
173.endfor
174
175.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
deleted file mode 100644
index 27ad9a0ade..0000000000
--- a/src/regress/lib/libssl/interop/client.c
+++ /dev/null
@@ -1,232 +0,0 @@
1/* $OpenBSD: client.c,v 1.8 2019/03/21 17:52:26 bluhm Exp $ */
2/*
3 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24#include <string.h>
25#include <unistd.h>
26
27#include <openssl/err.h>
28#include <openssl/ssl.h>
29
30#include "util.h"
31
32void __dead usage(void);
33
34void __dead
35usage(void)
36{
37 fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
38 "[-l ciphers] host port\n");
39 exit(2);
40}
41
42int
43main(int argc, char *argv[])
44{
45 const SSL_METHOD *method;
46 SSL_CTX *ctx;
47 SSL *ssl;
48 BIO *bio;
49 SSL_SESSION *session = NULL;
50 int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
51 char buf[256];
52 char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
53 char *host_port, *host = "127.0.0.1", *port = "0";
54
55
56 while ((ch = getopt(argc, argv, "C:c:k:Ll:sv")) != -1) {
57 switch (ch) {
58 case 'C':
59 ca = optarg;
60 break;
61 case 'c':
62 crt = optarg;
63 break;
64 case 'k':
65 key = optarg;
66 break;
67 case 'L':
68 listciphers = 1;
69 break;
70 case 'l':
71 ciphers = optarg;
72 break;
73 case 's':
74 /* multiple reueses are possible */
75 sessionreuse++;
76 break;
77 case 'v':
78 verify = 1;
79 break;
80 default:
81 usage();
82 }
83 }
84 argc -= optind;
85 argv += optind;
86 if (argc == 2) {
87 host = argv[0];
88 port = argv[1];
89 } else if (!listciphers) {
90 usage();
91 }
92 if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
93 host, port) == -1)
94 err(1, "asprintf host port");
95 if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
96 errx(1, "certificate and private key must be used together");
97
98 SSL_library_init();
99 SSL_load_error_strings();
100 print_version();
101
102 /* setup method and context */
103#if OPENSSL_VERSION_NUMBER >= 0x1010000f
104 method = TLS_client_method();
105 if (method == NULL)
106 err_ssl(1, "TLS_client_method");
107#else
108 method = SSLv23_client_method();
109 if (method == NULL)
110 err_ssl(1, "SSLv23_client_method");
111#endif
112 ctx = SSL_CTX_new(method);
113 if (ctx == NULL)
114 err_ssl(1, "SSL_CTX_new");
115
116 /* load client certificate */
117 if (crt != NULL) {
118 if (SSL_CTX_use_certificate_file(ctx, crt,
119 SSL_FILETYPE_PEM) <= 0)
120 err_ssl(1, "SSL_CTX_use_certificate_file");
121 if (SSL_CTX_use_PrivateKey_file(ctx, key,
122 SSL_FILETYPE_PEM) <= 0)
123 err_ssl(1, "SSL_CTX_use_PrivateKey_file");
124 if (SSL_CTX_check_private_key(ctx) <= 0)
125 err_ssl(1, "SSL_CTX_check_private_key");
126 }
127
128 /* verify server certificate */
129 if (ca != NULL) {
130 if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
131 err_ssl(1, "SSL_CTX_load_verify_locations");
132 }
133 SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
134 verify_callback);
135
136 if (sessionreuse) {
137 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
138 }
139
140 if (ciphers) {
141 if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
142 err_ssl(1, "SSL_CTX_set_cipher_list");
143 }
144
145 if (listciphers) {
146 ssl = SSL_new(ctx);
147 if (ssl == NULL)
148 err_ssl(1, "SSL_new");
149 print_ciphers(SSL_get_ciphers(ssl));
150 return 0;
151 }
152
153 do {
154 /* setup bio for socket operations */
155 bio = BIO_new_connect(host_port);
156 if (bio == NULL)
157 err_ssl(1, "BIO_new_connect");
158
159 /* connect */
160 if (BIO_do_connect(bio) <= 0)
161 err_ssl(1, "BIO_do_connect");
162 printf("connect ");
163 print_sockname(bio);
164 printf("connect ");
165 print_peername(bio);
166
167 /* do ssl client handshake */
168 ssl = SSL_new(ctx);
169 if (ssl == NULL)
170 err_ssl(1, "SSL_new");
171 SSL_set_bio(ssl, bio, bio);
172 /* resuse session if possible */
173 if (session != NULL) {
174 if (SSL_set_session(ssl, session) <= 0)
175 err_ssl(1, "SSL_set_session");
176 }
177 if ((error = SSL_connect(ssl)) <= 0)
178 err_ssl(1, "SSL_connect %d", error);
179 printf("session %d: %s\n", sessionreuse,
180 SSL_session_reused(ssl) ? "reuse" : "new");
181 if (fflush(stdout) != 0)
182 err(1, "fflush stdout");
183
184 /* print session statistics */
185 if (sessionreuse) {
186 session = SSL_get1_session(ssl);
187 if (session == NULL)
188 err_ssl(1, "SSL1_get_session");
189 } else {
190 session = SSL_get_session(ssl);
191 if (session == NULL)
192 err_ssl(1, "SSL_get_session");
193 }
194 if (SSL_SESSION_print_fp(stdout, session) <= 0)
195 err_ssl(1, "SSL_SESSION_print_fp");
196
197 /* read server greeting and write client hello over TLS */
198 if ((error = SSL_read(ssl, buf, 9)) <= 0)
199 err_ssl(1, "SSL_read %d", error);
200 if (error != 9)
201 errx(1, "read not 9 bytes greeting: %d", error);
202 buf[9] = '\0';
203 printf("<<< %s", buf);
204 if (fflush(stdout) != 0)
205 err(1, "fflush stdout");
206 strlcpy(buf, "hello\n", sizeof(buf));
207 printf(">>> %s", buf);
208 if (fflush(stdout) != 0)
209 err(1, "fflush stdout");
210 if ((error = SSL_write(ssl, buf, 6)) <= 0)
211 err_ssl(1, "SSL_write %d", error);
212 if (error != 6)
213 errx(1, "write not 6 bytes hello: %d", error);
214
215 /* shutdown connection */
216 if ((error = SSL_shutdown(ssl)) < 0)
217 err_ssl(1, "SSL_shutdown unidirectional %d", error);
218 if (error <= 0) {
219 if ((error = SSL_shutdown(ssl)) <= 0)
220 err_ssl(1, "SSL_shutdown bidirectional %d",
221 error);
222 }
223
224 SSL_free(ssl);
225 } while (sessionreuse--);
226
227 SSL_CTX_free(ctx);
228
229 printf("success\n");
230
231 return 0;
232}
diff --git a/src/regress/lib/libssl/interop/libressl/Makefile b/src/regress/lib/libssl/interop/libressl/Makefile
deleted file mode 100644
index 868c3c146f..0000000000
--- a/src/regress/lib/libssl/interop/libressl/Makefile
+++ /dev/null
@@ -1,37 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
2
3PROGS = client server
4CPPFLAGS =
5LDFLAGS =
6LDADD = -lssl -lcrypto
7DPADD = ${LIBSSL} ${LIBCRYPTO}
8LD_LIBRARY_PATH =
9REGRESS_TARGETS = run-self-client-server
10.for p in ${PROGS}
11REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
12.endfor
13
14.for p in ${PROGS}
15
16run-ldd-$p: ldd-$p.out
17 @echo '\n======== $@ ========'
18 # check that $p is linked with LibreSSL
19 grep -q /usr/lib/libcrypto.so ldd-$p.out
20 grep -q /usr/lib/libssl.so ldd-$p.out
21 # check that $p is not linked with OpenSSL
22 ! grep /usr/local/lib/ ldd-$p.out
23
24run-version-$p: $p-self.out
25 @echo '\n======== $@ ========'
26 # check that runtime version is LibreSSL
27 grep 'SSLEAY_VERSION: LibreSSL' $p-self.out
28
29run-protocol-$p: $p-self.out
30 @echo '\n======== $@ ========'
31 # check that LibreSSL protocol version is TLS 1.2
32 # XXX adapt when LibreSSL supports TLS 1.3
33 grep 'Protocol *: TLSv1.2' $p-self.out
34
35.endfor
36
37.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
deleted file mode 100644
index 80f49c52f0..0000000000
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ /dev/null
@@ -1,90 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2018/11/11 07:39:35 bluhm Exp $
2
3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl)
5LIBRARIES += openssl
6.endif
7.if exists(/usr/local/bin/eopenssl11)
8LIBRARIES += openssl11
9.endif
10
11# run netcat server and connect with test client
12
13.for clib in ${LIBRARIES}
14
15REGRESS_TARGETS += run-netcat-client-${clib}-server-nc
16REGRESS_TARGETS += run-protocol-client-${clib}
17
18run-netcat-client-${clib}-server-nc: ../${clib}/client 127.0.0.1.crt
19 @echo '\n======== $@ ========'
20 echo "greeting" | \
21 nc >${@:S/^run/server/}.out \
22 -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
23 127.0.0.1 0 & \
24 for i in `jot 1000`; do fstat -p $$! >netcat.fstat; \
25 grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat.fstat && \
26 exit 0; done; exit 1
27 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
28 ../${clib}/client >${@:S/^run/client/}.out \
29 `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat.fstat`
30 # check that the client run successfully to the end
31 grep -q '^success$$' ${@:S/^run/client/}.out
32 # client must have read server greeting
33 grep -q '^<<< greeting$$' ${@:S/^run/client/}.out
34 # netstat server must have read client hello
35 grep -q '^hello$$' ${@:S/^run/server/}.out
36
37.endfor
38
39# run test server and connect with netcat client
40
41.for slib in ${LIBRARIES}
42
43REGRESS_TARGETS += run-netcat-client-nc-server-${slib}
44
45run-netcat-client-nc-server-${slib}: ../${slib}/server 127.0.0.1.crt
46 @echo '\n======== $@ ========'
47 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
48 ../${slib}/server >${@:S/^run/server/}.out \
49 127.0.0.1 0
50 echo "hello" | \
51 nc >${@:S/^run/client/}.out \
52 -c -R 127.0.0.1.crt \
53 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
54 # check that the server child run successfully to the end
55 grep -q '^success$$' ${@:S/^run/server/}.out || \
56 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
57 # server must have read client hello
58 grep -q '^<<< hello$$' ${@:S/^run/server/}.out
59 # client must have read server greeting
60 grep -q '^greeting$$' ${@:S/^run/client/}.out
61
62.endfor
63
64# check the TLS protocol version in client and server logs
65
66.for clib in ${LIBRARIES}
67
68REGRESS_TARGETS += run-protocol-client-${clib}
69
70run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out
71 @echo '\n======== $@ ========'
72 # check that LibTLS protocol version is TLS 1.2
73 # XXX adapt when LibreSSL supports TLS 1.3
74 grep 'Protocol *: TLSv1.2' client-netcat-client-${clib}-server-nc.out
75
76.endfor
77
78.for slib in ${LIBRARIES}
79
80REGRESS_TARGETS += run-protocol-server-${slib}
81
82run-protocol-server-${slib}: server-netcat-client-nc-server-${slib}.out
83 @echo '\n======== $@ ========'
84 # check that LibTLS protocol version is TLS 1.2
85 # XXX adapt when LibreSSL supports TLS 1.3
86 grep 'Protocol *: TLSv1.2' server-netcat-client-nc-server-${slib}.out
87
88.endfor
89
90.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl/Makefile b/src/regress/lib/libssl/interop/openssl/Makefile
deleted file mode 100644
index adc93e5ad5..0000000000
--- a/src/regress/lib/libssl/interop/openssl/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2018/11/11 00:15:04 bluhm Exp $
2
3.if ! exists(/usr/local/bin/eopenssl)
4regress:
5 # install openssl-1.0.2 from ports for interop tests
6 @echo SKIPPED
7.endif
8
9PROGS = client server
10CPPFLAGS = -I /usr/local/include/eopenssl
11LDFLAGS = -L /usr/local/lib/eopenssl
12LDADD = -lssl -lcrypto
13DPADD = /usr/local/lib/eopenssl/libssl.a \
14 /usr/local/lib/eopenssl/libcrypto.a
15LD_LIBRARY_PATH = /usr/local/lib/eopenssl
16REGRESS_TARGETS = run-self-client-server
17.for p in ${PROGS}
18REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
19.endfor
20
21.for p in ${PROGS}
22
23run-ldd-$p: ldd-$p.out
24 @echo '\n======== $@ ========'
25 # check that $p is linked with OpenSSL
26 grep -q /usr/local/lib/eopenssl/libcrypto.so ldd-$p.out
27 grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out
28 # check that $p is not linked with LibreSSL
29 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
30
31run-version-$p: $p-self.out
32 @echo '\n======== $@ ========'
33 # check that runtime version is OpenSSL 1.0.2
34 grep 'SSLEAY_VERSION: OpenSSL 1.0.2' $p-self.out
35
36run-protocol-$p: $p-self.out
37 @echo '\n======== $@ ========'
38 # check that OpenSSL 1.0.2 protocol version is TLS 1.2
39 grep 'Protocol *: TLSv1.2' $p-self.out
40
41.endfor
42
43.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile
deleted file mode 100644
index 3ea1ef35da..0000000000
--- a/src/regress/lib/libssl/interop/openssl11/Makefile
+++ /dev/null
@@ -1,43 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
2
3.if ! exists(/usr/local/bin/eopenssl11)
4regress:
5 # install openssl-1.1 from ports for interop tests
6 @echo SKIPPED
7.endif
8
9PROGS = client server
10CPPFLAGS = -I /usr/local/include/eopenssl11
11LDFLAGS = -L /usr/local/lib/eopenssl11
12LDADD = -lssl -lcrypto
13DPADD = /usr/local/lib/eopenssl11/libssl.a \
14 /usr/local/lib/eopenssl11/libcrypto.a
15LD_LIBRARY_PATH = /usr/local/lib/eopenssl11
16REGRESS_TARGETS = run-self-client-server
17.for p in ${PROGS}
18REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
19.endfor
20
21.for p in ${PROGS}
22
23run-ldd-$p: ldd-$p.out
24 @echo '\n======== $@ ========'
25 # check that $p is linked with OpenSSL 1.1
26 grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out
27 grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
28 # check that $p is not linked with LibreSSL
29 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
30
31run-version-$p: $p-self.out
32 @echo '\n======== $@ ========'
33 # check that runtime version is OpenSSL 1.1
34 grep 'SSLEAY_VERSION: OpenSSL 1.1' $p-self.out
35
36run-protocol-$p: $p-self.out
37 @echo '\n======== $@ ========'
38 # check that OpenSSL 1.1 protocol version is TLS 1.3
39 grep 'Protocol *: TLSv1.3' $p-self.out
40
41.endfor
42
43.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
deleted file mode 100644
index 6723817498..0000000000
--- a/src/regress/lib/libssl/interop/server.c
+++ /dev/null
@@ -1,279 +0,0 @@
1/* $OpenBSD: server.c,v 1.8 2019/03/21 17:52:26 bluhm Exp $ */
2/*
3 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27
28#include <openssl/err.h>
29#include <openssl/ssl.h>
30
31#include "util.h"
32
33void __dead usage(void);
34
35void __dead
36usage(void)
37{
38 fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39 "[-l ciphers] [-p dhparam] [host port]\n");
40 exit(2);
41}
42
43int
44main(int argc, char *argv[])
45{
46 const SSL_METHOD *method;
47 SSL_CTX *ctx;
48 SSL *ssl;
49 BIO *abio, *cbio;
50 SSL_SESSION *session;
51 int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
52 char buf[256], *dhparam = NULL;
53 char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
54 char *host_port, *host = "127.0.0.1", *port = "0";
55
56 while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sv")) != -1) {
57 switch (ch) {
58 case 'C':
59 ca = optarg;
60 break;
61 case 'c':
62 crt = optarg;
63 break;
64 case 'k':
65 key = optarg;
66 break;
67 case 'L':
68 listciphers = 1;
69 break;
70 case 'l':
71 ciphers = optarg;
72 break;
73 case 'p':
74 dhparam = optarg;
75 break;
76 case 's':
77 /* multiple reueses are possible */
78 sessionreuse++;
79 break;
80 case 'v':
81 /* use twice to force client cert */
82 verify++;
83 break;
84 default:
85 usage();
86 }
87 }
88 argc -= optind;
89 argv += optind;
90 if (argc == 2) {
91 host = argv[0];
92 port = argv[1];
93 } else if (argc != 0 && !listciphers) {
94 usage();
95 }
96 if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
97 host, port) == -1)
98 err(1, "asprintf host port");
99 if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
100 errx(1, "certificate and private key must be used together");
101 if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
102 err(1, "asprintf crt");
103 if (key == NULL && asprintf(&key, "%s.key", host) == -1)
104 err(1, "asprintf key");
105
106 SSL_library_init();
107 SSL_load_error_strings();
108 print_version();
109
110 /* setup method and context */
111#if OPENSSL_VERSION_NUMBER >= 0x1010000f
112 method = TLS_server_method();
113 if (method == NULL)
114 err_ssl(1, "TLS_server_method");
115#else
116 method = SSLv23_server_method();
117 if (method == NULL)
118 err_ssl(1, "SSLv23_server_method");
119#endif
120 ctx = SSL_CTX_new(method);
121 if (ctx == NULL)
122 err_ssl(1, "SSL_CTX_new");
123
124#if OPENSSL_VERSION_NUMBER >= 0x10100000
125 /* needed to use DHE cipher with libressl */
126 if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
127 err_ssl(1, "SSL_CTX_set_dh_auto");
128#endif
129 /* needed to use ADH, EDH, DHE cipher with openssl */
130 if (dhparam != NULL) {
131 DH *dh;
132 FILE *file;
133
134 file = fopen(dhparam, "r");
135 if (file == NULL)
136 err(1, "fopen %s", dhparam);
137 dh = PEM_read_DHparams(file, NULL, NULL, NULL);
138 if (dh == NULL)
139 err_ssl(1, "PEM_read_DHparams");
140 if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
141 err_ssl(1, "SSL_CTX_set_tmp_dh");
142 fclose(file);
143 }
144
145 /* needed when linking with OpenSSL 1.0.2p */
146 if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
147 err_ssl(1, "SSL_CTX_set_ecdh_auto");
148
149 /* load server certificate */
150 if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
151 err_ssl(1, "SSL_CTX_use_certificate_file");
152 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
153 err_ssl(1, "SSL_CTX_use_PrivateKey_file");
154 if (SSL_CTX_check_private_key(ctx) <= 0)
155 err_ssl(1, "SSL_CTX_check_private_key");
156
157 /* request client certificate and verify it */
158 if (ca != NULL) {
159 STACK_OF(X509_NAME) *x509stack;
160
161 x509stack = SSL_load_client_CA_file(ca);
162 if (x509stack == NULL)
163 err_ssl(1, "SSL_load_client_CA_file");
164 SSL_CTX_set_client_CA_list(ctx, x509stack);
165 if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
166 err_ssl(1, "SSL_CTX_load_verify_locations");
167 }
168 SSL_CTX_set_verify(ctx,
169 verify == 0 ? SSL_VERIFY_NONE :
170 verify == 1 ? SSL_VERIFY_PEER :
171 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
172 verify_callback);
173
174 if (sessionreuse) {
175 uint32_t context;
176
177 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
178 context = arc4random();
179 if (SSL_CTX_set_session_id_context(ctx,
180 (unsigned char *)&context, sizeof(context)) <= 0)
181 err_ssl(1, "SSL_CTX_set_session_id_context");
182 }
183
184 if (ciphers) {
185 if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
186 err_ssl(1, "SSL_CTX_set_cipher_list");
187 }
188
189 if (listciphers) {
190 ssl = SSL_new(ctx);
191 if (ssl == NULL)
192 err_ssl(1, "SSL_new");
193 print_ciphers(SSL_get_ciphers(ssl));
194 return 0;
195 }
196
197 /* setup bio for socket operations */
198 abio = BIO_new_accept(host_port);
199 if (abio == NULL)
200 err_ssl(1, "BIO_new_accept");
201
202 /* bind, listen */
203 if (BIO_do_accept(abio) <= 0)
204 err_ssl(1, "BIO_do_accept setup");
205 printf("listen ");
206 print_sockname(abio);
207
208 /* fork to background and set timeout */
209 if (daemon(1, 1) == -1)
210 err(1, "daemon");
211 if ((int)alarm(10) == -1)
212 err(1, "alarm");
213
214 do {
215 /* accept connection */
216 if (BIO_do_accept(abio) <= 0)
217 err_ssl(1, "BIO_do_accept wait");
218 cbio = BIO_pop(abio);
219 printf("accept ");
220 print_sockname(cbio);
221 printf("accept ");
222 print_peername(cbio);
223
224 /* do ssl server handshake */
225 ssl = SSL_new(ctx);
226 if (ssl == NULL)
227 err_ssl(1, "SSL_new");
228 SSL_set_bio(ssl, cbio, cbio);
229 if ((error = SSL_accept(ssl)) <= 0)
230 err_ssl(1, "SSL_accept %d", error);
231 printf("session %d: %s\n", sessionreuse,
232 SSL_session_reused(ssl) ? "reuse" : "new");
233 if (fflush(stdout) != 0)
234 err(1, "fflush stdout");
235
236
237 /* print session statistics */
238 session = SSL_get_session(ssl);
239 if (session == NULL)
240 err_ssl(1, "SSL_get_session");
241 if (SSL_SESSION_print_fp(stdout, session) <= 0)
242 err_ssl(1, "SSL_SESSION_print_fp");
243
244 /* write server greeting and read client hello over TLS */
245 strlcpy(buf, "greeting\n", sizeof(buf));
246 printf(">>> %s", buf);
247 if (fflush(stdout) != 0)
248 err(1, "fflush stdout");
249 if ((error = SSL_write(ssl, buf, 9)) <= 0)
250 err_ssl(1, "SSL_write %d", error);
251 if (error != 9)
252 errx(1, "write not 9 bytes greeting: %d", error);
253 if ((error = SSL_read(ssl, buf, 6)) <= 0)
254 err_ssl(1, "SSL_read %d", error);
255 if (error != 6)
256 errx(1, "read not 6 bytes hello: %d", error);
257 buf[6] = '\0';
258 printf("<<< %s", buf);
259 if (fflush(stdout) != 0)
260 err(1, "fflush stdout");
261
262 /* shutdown connection */
263 if ((error = SSL_shutdown(ssl)) < 0)
264 err_ssl(1, "SSL_shutdown unidirectional %d", error);
265 if (error <= 0) {
266 if ((error = SSL_shutdown(ssl)) <= 0)
267 err_ssl(1, "SSL_shutdown bidirectional %d",
268 error);
269 }
270
271 SSL_free(ssl);
272 } while (sessionreuse--);
273
274 SSL_CTX_free(ctx);
275
276 printf("success\n");
277
278 return 0;
279}
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
deleted file mode 100644
index c82440d785..0000000000
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ /dev/null
@@ -1,45 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2018/11/11 07:39:35 bluhm Exp $
2
3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl)
5LIBRARIES += openssl
6.endif
7.if exists(/usr/local/bin/eopenssl11)
8LIBRARIES += openssl11
9.endif
10
11run-session-client-openssl11-server-openssl11:
12 @echo '\n======== $@ ========'
13 # TLS 1.3 needs some extra setup for session reuse
14 @echo DISABLED
15
16.for clib in ${LIBRARIES}
17.for slib in ${LIBRARIES}
18
19REGRESS_TARGETS += run-session-client-${clib}-server-${slib}
20
21run-session-client-${clib}-server-${slib}: \
22 127.0.0.1.crt ../${clib}/client ../${slib}/server
23 @echo '\n======== $@ ========'
24 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
25 ../${slib}/server >${@:S/^run/server/}.out \
26 -ss \
27 127.0.0.1 0
28 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
29 ../${clib}/client >${@:S/^run/client/}.out \
30 -ss \
31 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
32 grep '^success$$' ${@:S/^run/server/}.out || \
33 { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
34 grep '^success$$' ${@:S/^run/client/}.out
35 grep '^session 2: new$$' ${@:S/^run/server/}.out
36 grep '^session 2: new$$' ${@:S/^run/client/}.out
37 grep '^session 1: reuse$$' ${@:S/^run/server/}.out
38 grep '^session 1: reuse$$' ${@:S/^run/client/}.out
39 grep '^session 0: reuse$$' ${@:S/^run/server/}.out
40 grep '^session 0: reuse$$' ${@:S/^run/client/}.out
41
42.endfor
43.endfor
44
45.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/util.c b/src/regress/lib/libssl/interop/util.c
deleted file mode 100644
index 5190e81828..0000000000
--- a/src/regress/lib/libssl/interop/util.c
+++ /dev/null
@@ -1,145 +0,0 @@
1/* $OpenBSD: util.c,v 1.3 2018/11/09 06:30:41 bluhm Exp $ */
2/*
3 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24
25#include <openssl/err.h>
26#include <openssl/ssl.h>
27#include <openssl/opensslv.h>
28#include <openssl/crypto.h>
29
30#include "util.h"
31
32void
33print_version(void)
34{
35#ifdef OPENSSL_VERSION_NUMBER
36 printf("OPENSSL_VERSION_NUMBER: %#08lx\n", OPENSSL_VERSION_NUMBER);
37#endif
38#ifdef LIBRESSL_VERSION_NUMBER
39 printf("LIBRESSL_VERSION_NUMBER: %#08lx\n", LIBRESSL_VERSION_NUMBER);
40#endif
41#ifdef LIBRESSL_VERSION_TEXT
42 printf("LIBRESSL_VERSION_TEXT: %s\n", LIBRESSL_VERSION_TEXT);
43#endif
44#if OPENSSL_VERSION_NUMBER >= 0x1010000f
45 printf("OpenSSL_version_num: %#08lx\n", OpenSSL_version_num());
46 printf("OpenSSL_version OPENSSL_VERSION: %s\n",
47 OpenSSL_version(OPENSSL_VERSION));
48 printf("OpenSSL_version OPENSSL_CFLAGS: %s\n",
49 OpenSSL_version(OPENSSL_CFLAGS));
50 printf("OpenSSL_version OPENSSL_BUILT_ON: %s\n",
51 OpenSSL_version(OPENSSL_BUILT_ON));
52 printf("OpenSSL_version OPENSSL_PLATFORM: %s\n",
53 OpenSSL_version(OPENSSL_PLATFORM));
54 printf("OpenSSL_version OPENSSL_DIR: %s\n",
55 OpenSSL_version(OPENSSL_DIR));
56 printf("OpenSSL_version OPENSSL_ENGINES_DIR: %s\n",
57 OpenSSL_version(OPENSSL_ENGINES_DIR));
58#endif
59 printf("SSLeay: %#08lx\n", SSLeay());
60 printf("SSLeay_version SSLEAY_VERSION: %s\n",
61 SSLeay_version(SSLEAY_VERSION));
62 printf("SSLeay_version SSLEAY_CFLAGS: %s\n",
63 SSLeay_version(SSLEAY_CFLAGS));
64 printf("SSLeay_version SSLEAY_BUILT_ON: %s\n",
65 SSLeay_version(SSLEAY_BUILT_ON));
66 printf("SSLeay_version SSLEAY_PLATFORM: %s\n",
67 SSLeay_version(SSLEAY_PLATFORM));
68 printf("SSLeay_version SSLEAY_DIR: %s\n",
69 SSLeay_version(SSLEAY_DIR));
70}
71
72void
73print_ciphers(STACK_OF(SSL_CIPHER) *cstack)
74{
75 const SSL_CIPHER *cipher;
76 int i;
77
78 for (i = 0; (cipher = sk_SSL_CIPHER_value(cstack, i)) != NULL; i++)
79 printf("cipher %s\n", SSL_CIPHER_get_name(cipher));
80 if (fflush(stdout) != 0)
81 err(1, "fflush stdout");
82}
83
84void
85print_sockname(BIO *bio)
86{
87 struct sockaddr_storage ss;
88 socklen_t slen;
89 char host[NI_MAXHOST], port[NI_MAXSERV];
90 int fd;
91
92 if (BIO_get_fd(bio, &fd) <= 0)
93 err_ssl(1, "BIO_get_fd");
94 slen = sizeof(ss);
95 if (getsockname(fd, (struct sockaddr *)&ss, &slen) == -1)
96 err(1, "getsockname");
97 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
98 sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))
99 errx(1, "getnameinfo");
100 printf("sock: %s %s\n", host, port);
101 if (fflush(stdout) != 0)
102 err(1, "fflush stdout");
103}
104
105void
106print_peername(BIO *bio)
107{
108 struct sockaddr_storage ss;
109 socklen_t slen;
110 char host[NI_MAXHOST], port[NI_MAXSERV];
111 int fd;
112
113 if (BIO_get_fd(bio, &fd) <= 0)
114 err_ssl(1, "BIO_get_fd");
115 slen = sizeof(ss);
116 if (getpeername(fd, (struct sockaddr *)&ss, &slen) == -1)
117 err(1, "getpeername");
118 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
119 sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))
120 errx(1, "getnameinfo");
121 printf("peer: %s %s\n", host, port);
122 if (fflush(stdout) != 0)
123 err(1, "fflush stdout");
124}
125
126void
127err_ssl(int eval, const char *fmt, ...)
128{
129 va_list ap;
130
131 ERR_print_errors_fp(stderr);
132 va_start(ap, fmt);
133 verrx(eval, fmt, ap);
134 va_end(ap);
135}
136
137int
138verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
139{
140 printf("verify: %s\n", preverify_ok ? "pass" : "fail");
141 if (fflush(stdout) != 0)
142 err(1, "fflush stdout");
143
144 return preverify_ok;
145}
diff --git a/src/regress/lib/libssl/interop/util.h b/src/regress/lib/libssl/interop/util.h
deleted file mode 100644
index 7414a037d7..0000000000
--- a/src/regress/lib/libssl/interop/util.h
+++ /dev/null
@@ -1,23 +0,0 @@
1/* $OpenBSD: util.h,v 1.3 2018/11/09 06:30:41 bluhm Exp $ */
2/*
3 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18void print_version(void);
19void print_ciphers(STACK_OF(SSL_CIPHER) *);
20void print_sockname(BIO *);
21void print_peername(BIO *);
22void err_ssl(int, const char *, ...);
23int verify_callback(int, X509_STORE_CTX *);
diff --git a/src/regress/lib/libssl/key_schedule/Makefile b/src/regress/lib/libssl/key_schedule/Makefile
deleted file mode 100644
index 24e12b7c36..0000000000
--- a/src/regress/lib/libssl/key_schedule/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/11/07 19:43:12 beck Exp $
2
3PROG= key_schedule
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/key_schedule/key_schedule.c b/src/regress/lib/libssl/key_schedule/key_schedule.c
deleted file mode 100644
index 2746bb593d..0000000000
--- a/src/regress/lib/libssl/key_schedule/key_schedule.c
+++ /dev/null
@@ -1,317 +0,0 @@
1/* $OpenBSD: key_schedule.c,v 1.9 2019/11/18 02:09:58 beck Exp $ */
2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include "ssl_locl.h"
21
22#include "bytestring.h"
23#include "ssl_tlsext.h"
24#include "tls13_internal.h"
25
26static int failures = 0;
27
28static void
29hexdump(const unsigned char *buf, size_t len)
30{
31 size_t i;
32
33 for (i = 1; i <= len; i++)
34 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
35
36 fprintf(stderr, "\n");
37}
38
39static void
40compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
41 size_t expect_len)
42{
43 fprintf(stderr, "received:\n");
44 hexdump(recv, recv_len);
45
46 fprintf(stderr, "test data:\n");
47 hexdump(expect, expect_len);
48}
49
50#define FAIL(msg, ...) \
51do { \
52 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
53 fprintf(stderr, msg, ##__VA_ARGS__); \
54 failures++; \
55} while(0)
56
57/* Hashes and secrets from test vector */
58
59uint8_t chello[] = {
60 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
61 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
62 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
63 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
64};
65const struct tls13_secret chello_hash = {
66 .data = chello,
67 .len = 32,
68};
69
70uint8_t cshello [] = {
71 0x86, 0x0c, 0x06, 0xed, 0xc0, 0x78, 0x58, 0xee,
72 0x8e, 0x78, 0xf0, 0xe7, 0x42, 0x8c, 0x58, 0xed,
73 0xd6, 0xb4, 0x3f, 0x2c, 0xa3, 0xe6, 0xe9, 0x5f,
74 0x02, 0xed, 0x06, 0x3c, 0xf0, 0xe1, 0xca, 0xd8
75};
76
77const struct tls13_secret cshello_hash = {
78 .data = cshello,
79 .len = 32,
80};
81
82const uint8_t ecdhe [] = {
83 0x8b, 0xd4, 0x05, 0x4f, 0xb5, 0x5b, 0x9d, 0x63,
84 0xfd, 0xfb, 0xac, 0xf9, 0xf0, 0x4b, 0x9f, 0x0d,
85 0x35, 0xe6, 0xd6, 0x3f, 0x53, 0x75, 0x63, 0xef,
86 0xd4, 0x62, 0x72, 0x90, 0x0f, 0x89, 0x49, 0x2d
87};
88
89uint8_t csfhello [] = {
90 0x96, 0x08, 0x10, 0x2a, 0x0f, 0x1c, 0xcc, 0x6d,
91 0xb6, 0x25, 0x0b, 0x7b, 0x7e, 0x41, 0x7b, 0x1a,
92 0x00, 0x0e, 0xaa, 0xda, 0x3d, 0xaa, 0xe4, 0x77,
93 0x7a, 0x76, 0x86, 0xc9, 0xff, 0x83, 0xdf, 0x13
94};
95
96const struct tls13_secret csfhello_hash = {
97 .data = csfhello,
98 .len = 32,
99};
100
101
102/* Expected Values */
103
104uint8_t expected_extracted_early[] = {
105 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b,
106 0x09, 0xe6, 0xcd, 0x98, 0x93, 0x68, 0x0c, 0xe2,
107 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60,
108 0xe1, 0xb2, 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
109};
110uint8_t expected_derived_early[] = {
111 0x6f, 0x26, 0x15, 0xa1, 0x08, 0xc7, 0x02, 0xc5,
112 0x67, 0x8f, 0x54, 0xfc, 0x9d, 0xba, 0xb6, 0x97,
113 0x16, 0xc0, 0x76, 0x18, 0x9c, 0x48, 0x25, 0x0c,
114 0xeb, 0xea, 0xc3, 0x57, 0x6c, 0x36, 0x11, 0xba
115};
116uint8_t expected_extracted_handshake[] = {
117 0x1d, 0xc8, 0x26, 0xe9, 0x36, 0x06, 0xaa, 0x6f,
118 0xdc, 0x0a, 0xad, 0xc1, 0x2f, 0x74, 0x1b, 0x01,
119 0x04, 0x6a, 0xa6, 0xb9, 0x9f, 0x69, 0x1e, 0xd2,
120 0x21, 0xa9, 0xf0, 0xca, 0x04, 0x3f, 0xbe, 0xac
121};
122uint8_t expected_client_handshake_traffic[] = {
123 0xb3, 0xed, 0xdb, 0x12, 0x6e, 0x06, 0x7f, 0x35,
124 0xa7, 0x80, 0xb3, 0xab, 0xf4, 0x5e, 0x2d, 0x8f,
125 0x3b, 0x1a, 0x95, 0x07, 0x38, 0xf5, 0x2e, 0x96,
126 0x00, 0x74, 0x6a, 0x0e, 0x27, 0xa5, 0x5a, 0x21
127};
128
129uint8_t expected_server_handshake_traffic[] = {
130 0xb6, 0x7b, 0x7d, 0x69, 0x0c, 0xc1, 0x6c, 0x4e,
131 0x75, 0xe5, 0x42, 0x13, 0xcb, 0x2d, 0x37, 0xb4,
132 0xe9, 0xc9, 0x12, 0xbc, 0xde, 0xd9, 0x10, 0x5d,
133 0x42, 0xbe, 0xfd, 0x59, 0xd3, 0x91, 0xad, 0x38
134};
135
136uint8_t expected_derived_handshake[] = {
137 0x43, 0xde, 0x77, 0xe0, 0xc7, 0x77, 0x13, 0x85,
138 0x9a, 0x94, 0x4d, 0xb9, 0xdb, 0x25, 0x90, 0xb5,
139 0x31, 0x90, 0xa6, 0x5b, 0x3e, 0xe2, 0xe4, 0xf1,
140 0x2d, 0xd7, 0xa0, 0xbb, 0x7c, 0xe2, 0x54, 0xb4
141};
142
143uint8_t expected_extracted_master[] = {
144 0x18, 0xdf, 0x06, 0x84, 0x3d, 0x13, 0xa0, 0x8b,
145 0xf2, 0xa4, 0x49, 0x84, 0x4c, 0x5f, 0x8a, 0x47,
146 0x80, 0x01, 0xbc, 0x4d, 0x4c, 0x62, 0x79, 0x84,
147 0xd5, 0xa4, 0x1d, 0xa8, 0xd0, 0x40, 0x29, 0x19
148};
149
150uint8_t expected_server_application_traffic[] = {
151 0xa1, 0x1a, 0xf9, 0xf0, 0x55, 0x31, 0xf8, 0x56,
152 0xad, 0x47, 0x11, 0x6b, 0x45, 0xa9, 0x50, 0x32,
153 0x82, 0x04, 0xb4, 0xf4, 0x4b, 0xfb, 0x6b, 0x3a,
154 0x4b, 0x4f, 0x1f, 0x3f, 0xcb, 0x63, 0x16, 0x43
155};
156
157uint8_t expected_server_application_traffic_updated[] = {
158 0x51, 0x92, 0x1b, 0x8a, 0xa3, 0x00, 0x19, 0x76,
159 0xeb, 0x40, 0x1d, 0x0a, 0x43, 0x19, 0xa8, 0x51,
160 0x64, 0x16, 0xa6, 0xc5, 0x60, 0x01, 0xa3, 0x57,
161 0xe5, 0xd1, 0x62, 0x03, 0x1e, 0x84, 0xf9, 0x16,
162};
163
164uint8_t expected_client_application_traffic[] = {
165 0x9e, 0x40, 0x64, 0x6c, 0xe7, 0x9a, 0x7f, 0x9d,
166 0xc0, 0x5a, 0xf8, 0x88, 0x9b, 0xce, 0x65, 0x52,
167 0x87, 0x5a, 0xfa, 0x0b, 0x06, 0xdf, 0x00, 0x87,
168 0xf7, 0x92, 0xeb, 0xb7, 0xc1, 0x75, 0x04, 0xa5,
169};
170
171uint8_t expected_client_application_traffic_updated[] = {
172 0xfc, 0xdf, 0xcc, 0x72, 0x72, 0x5a, 0xae, 0xe4,
173 0x8b, 0xf6, 0x4e, 0x4f, 0xd8, 0xb7, 0x49, 0xcd,
174 0xbd, 0xba, 0xb3, 0x9d, 0x90, 0xda, 0x0b, 0x26,
175 0xe2, 0x24, 0x5c, 0xa6, 0xea, 0x16, 0x72, 0x07,
176};
177
178uint8_t expected_exporter_master[] = {
179 0xfe, 0x22, 0xf8, 0x81, 0x17, 0x6e, 0xda, 0x18,
180 0xeb, 0x8f, 0x44, 0x52, 0x9e, 0x67, 0x92, 0xc5,
181 0x0c, 0x9a, 0x3f, 0x89, 0x45, 0x2f, 0x68, 0xd8,
182 0xae, 0x31, 0x1b, 0x43, 0x09, 0xd3, 0xcf, 0x50
183};
184
185int
186main (int argc, char **argv)
187{
188 struct tls13_secrets *secrets;
189
190 if ((secrets = tls13_secrets_create(EVP_sha256(), 0)) == NULL)
191 errx(1,"failed to create secrets\n");
192
193 secrets->insecure = 1; /* don't explicit_bzero when done */
194
195 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
196 FAIL("derive_handshake_secrets worked when it shouldn't\n");
197 if (tls13_derive_application_secrets(secrets,
198 &chello_hash))
199 FAIL("derive_application_secrets worked when it shouldn't\n");
200
201 if (!tls13_derive_early_secrets(secrets,
202 secrets->zeros.data, secrets->zeros.len, &chello_hash))
203 FAIL("derive_early_secrets failed\n");
204 if (tls13_derive_early_secrets(secrets,
205 secrets->zeros.data, secrets->zeros.len, &chello_hash))
206 FAIL("derive_early_secrets worked when it shouldn't(2)\n");
207
208 if (!tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
209 FAIL("derive_handshake_secrets failed\n");
210 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
211 FAIL("derive_handshake_secrets worked when it shouldn't(2)\n");
212
213 /* XXX fix hash here once test vector sorted */
214 if (!tls13_derive_application_secrets(secrets, &csfhello_hash))
215 FAIL("derive_application_secrets failed\n");
216 if (tls13_derive_application_secrets(secrets, &csfhello_hash))
217 FAIL("derive_application_secrets worked when it "
218 "shouldn't(2)\n");
219
220 fprintf(stderr, "extracted_early:\n");
221 compare_data(secrets->extracted_early.data, 32,
222 expected_extracted_early, 32);
223 if (memcmp(secrets->extracted_early.data,
224 expected_extracted_early, 32) != 0)
225 FAIL("extracted_early does not match\n");
226
227 fprintf(stderr, "derived_early:\n");
228 compare_data(secrets->derived_early.data, 32,
229 expected_derived_early, 32);
230 if (memcmp(secrets->derived_early.data,
231 expected_derived_early, 32) != 0)
232 FAIL("derived_early does not match\n");
233
234 fprintf(stderr, "extracted_handshake:\n");
235 compare_data(secrets->extracted_handshake.data, 32,
236 expected_extracted_handshake, 32);
237 if (memcmp(secrets->extracted_handshake.data,
238 expected_extracted_handshake, 32) != 0)
239 FAIL("extracted_handshake does not match\n");
240
241 fprintf(stderr, "client_handshake_traffic:\n");
242 compare_data(secrets->client_handshake_traffic.data, 32,
243 expected_client_handshake_traffic, 32);
244 if (memcmp(secrets->client_handshake_traffic.data,
245 expected_client_handshake_traffic, 32) != 0)
246 FAIL("client_handshake_traffic does not match\n");
247
248 fprintf(stderr, "server_handshake_traffic:\n");
249 compare_data(secrets->server_handshake_traffic.data, 32,
250 expected_server_handshake_traffic, 32);
251 if (memcmp(secrets->server_handshake_traffic.data,
252 expected_server_handshake_traffic, 32) != 0)
253 FAIL("server_handshake_traffic does not match\n");
254
255 fprintf(stderr, "derived_early:\n");
256 compare_data(secrets->derived_early.data, 32,
257 expected_derived_early, 32);
258 if (memcmp(secrets->derived_early.data,
259 expected_derived_early, 32) != 0)
260 FAIL("derived_early does not match\n");
261
262 fprintf(stderr, "derived_handshake:\n");
263 compare_data(secrets->derived_handshake.data, 32,
264 expected_derived_handshake, 32);
265 if (memcmp(secrets->derived_handshake.data,
266 expected_derived_handshake, 32) != 0)
267 FAIL("derived_handshake does not match\n");
268
269 fprintf(stderr, "extracted_master:\n");
270 compare_data(secrets->extracted_master.data, 32,
271 expected_extracted_master, 32);
272 if (memcmp(secrets->extracted_master.data,
273 expected_extracted_master, 32) != 0)
274 FAIL("extracted_master does not match\n");
275
276 fprintf(stderr, "server_application_traffic:\n");
277 compare_data(secrets->server_application_traffic.data, 32,
278 expected_server_application_traffic, 32);
279 if (memcmp(secrets->server_application_traffic.data,
280 expected_server_application_traffic, 32) != 0)
281 FAIL("server_application_traffic does not match\n");
282
283 fprintf(stderr, "client_application_traffic:\n");
284 compare_data(secrets->client_application_traffic.data, 32,
285 expected_client_application_traffic, 32);
286 if (memcmp(secrets->client_application_traffic.data,
287 expected_client_application_traffic, 32) != 0)
288 FAIL("server_application_traffic does not match\n");
289
290 fprintf(stderr, "exporter_master:\n");
291 compare_data(secrets->exporter_master.data, 32,
292 expected_exporter_master, 32);
293 if (memcmp(secrets->exporter_master.data,
294 expected_exporter_master, 32) != 0)
295 FAIL("exporter_master does not match\n");
296
297 tls13_update_server_traffic_secret(secrets);
298 fprintf(stderr, "server_application_traffic after update:\n");
299 compare_data(secrets->server_application_traffic.data, 32,
300 expected_server_application_traffic_updated, 32);
301 if (memcmp(secrets->server_application_traffic.data,
302 expected_server_application_traffic_updated, 32) != 0)
303 FAIL("server_application_traffic does not match after update\n");
304
305
306 tls13_update_client_traffic_secret(secrets);
307 fprintf(stderr, "client_application_traffic after update:\n");
308 compare_data(secrets->client_application_traffic.data, 32,
309 expected_client_application_traffic_updated, 32);
310 if (memcmp(secrets->client_application_traffic.data,
311 expected_client_application_traffic_updated, 32) != 0)
312 FAIL("client_application_traffic does not match after update\n");
313
314 tls13_secrets_destroy(secrets);
315
316 return failures;
317}
diff --git a/src/regress/lib/libssl/pqueue/Makefile b/src/regress/lib/libssl/pqueue/Makefile
deleted file mode 100644
index 48c2cb7e61..0000000000
--- a/src/regress/lib/libssl/pqueue/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2016/11/04 19:45:12 jsing Exp $
2
3PROG= pq_test
4SRC= ${.CURDIR}/../../../../lib/libssl
5CFLAGS+= -I${SRC}
6
7LDADD= ${SSL_INT} -lcrypto
8DPADD= ${LIBSSL} ${LIBCRYPTO}
9WARNINGS= Yes
10CFLAGS+= -DLIBRESSL_INTERNAL -Werror
11
12REGRESS_TARGETS= regress-pq_test
13
14regress-pq_test: ${PROG}
15 ${.OBJDIR}/pq_test | cmp -s ${.CURDIR}/expected.txt /dev/stdin
16
17.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/expected.txt b/src/regress/lib/libssl/pqueue/expected.txt
deleted file mode 100644
index c59d6cd838..0000000000
--- a/src/regress/lib/libssl/pqueue/expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1item 6966726167696c69
2item 7374696365787069
3item 737570657263616c
diff --git a/src/regress/lib/libssl/pqueue/pq_test.c b/src/regress/lib/libssl/pqueue/pq_test.c
deleted file mode 100644
index a078ba5366..0000000000
--- a/src/regress/lib/libssl/pqueue/pq_test.c
+++ /dev/null
@@ -1,118 +0,0 @@
1/* crypto/pqueue/pq_test.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include "pqueue.h"
63
64/* remember to change expected.txt if you change these values */
65unsigned char prio1[8] = "supercal";
66unsigned char prio2[8] = "ifragili";
67unsigned char prio3[8] = "sticexpi";
68
69static void
70pqueue_print(pqueue pq)
71{
72 pitem *iter, *item;
73
74 iter = pqueue_iterator(pq);
75 for (item = pqueue_next(&iter); item != NULL;
76 item = pqueue_next(&iter)) {
77 printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
78 item->priority[0], item->priority[1],
79 item->priority[2], item->priority[3],
80 item->priority[4], item->priority[5],
81 item->priority[6], item->priority[7]);
82 }
83}
84
85int
86main(void)
87{
88 pitem *item;
89 pqueue pq;
90
91 pq = pqueue_new();
92
93 item = pitem_new(prio3, NULL);
94 pqueue_insert(pq, item);
95
96 item = pitem_new(prio1, NULL);
97 pqueue_insert(pq, item);
98
99 item = pitem_new(prio2, NULL);
100 pqueue_insert(pq, item);
101
102 item = pqueue_find(pq, prio1);
103 fprintf(stderr, "found %p\n", item->priority);
104
105 item = pqueue_find(pq, prio2);
106 fprintf(stderr, "found %p\n", item->priority);
107
108 item = pqueue_find(pq, prio3);
109 fprintf(stderr, "found %p\n", item ? item->priority: 0);
110
111 pqueue_print(pq);
112
113 for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
114 pitem_free(item);
115
116 pqueue_free(pq);
117 return 0;
118}
diff --git a/src/regress/lib/libssl/record/Makefile b/src/regress/lib/libssl/record/Makefile
deleted file mode 100644
index f0e2bc52a8..0000000000
--- a/src/regress/lib/libssl/record/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2019/01/19 02:57:04 jsing Exp $
2
3PROG= recordtest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/record/recordtest.c b/src/regress/lib/libssl/record/recordtest.c
deleted file mode 100644
index 42bba88c1b..0000000000
--- a/src/regress/lib/libssl/record/recordtest.c
+++ /dev/null
@@ -1,554 +0,0 @@
1/*
2 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <err.h>
18#include <string.h>
19
20#include <openssl/ssl.h>
21
22#include "tls13_internal.h"
23#include "tls13_record.h"
24
25/* Valid record. */
26static uint8_t test_record_1[] = {
27 0x16, 0x03, 0x03, 0x00, 0x7a, 0x02, 0x00, 0x00,
28 0x76, 0x03, 0x03, 0x14, 0xae, 0x2b, 0x6d, 0x58,
29 0xe9, 0x79, 0x9d, 0xd4, 0x90, 0x52, 0x90, 0x13,
30 0x1c, 0x08, 0xaa, 0x3f, 0x5b, 0xfb, 0x64, 0xfe,
31 0x9a, 0xca, 0x73, 0x6d, 0x87, 0x8d, 0x8b, 0x3b,
32 0x70, 0x14, 0xa3, 0x20, 0xd7, 0x50, 0xa4, 0xe5,
33 0x17, 0x42, 0x5d, 0xce, 0xe6, 0xfe, 0x1b, 0x59,
34 0x27, 0x6b, 0xff, 0xc8, 0x40, 0xc7, 0xac, 0x16,
35 0x32, 0xe6, 0x5b, 0xd2, 0xd9, 0xd4, 0xb5, 0x3f,
36 0x8f, 0x74, 0x6e, 0x7d, 0x13, 0x02, 0x00, 0x00,
37 0x2e, 0x00, 0x33, 0x00, 0x24, 0x00, 0x1d, 0x00,
38 0x20, 0x72, 0xb0, 0xaf, 0x7f, 0xf5, 0x89, 0x0f,
39 0xcd, 0x6e, 0x45, 0xb1, 0x51, 0xa0, 0xbd, 0x1e,
40 0xee, 0x7e, 0xf1, 0xa5, 0xc5, 0xc6, 0x7e, 0x5f,
41 0x6a, 0xca, 0xc9, 0xe4, 0xae, 0xb9, 0x50, 0x76,
42 0x0a, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
43};
44
45/* Truncated record. */
46static uint8_t test_record_2[] = {
47 0x17, 0x03, 0x03, 0x41, 0x00, 0x02, 0x00, 0x00,
48};
49
50/* Oversized and truncated record. */
51static uint8_t test_record_3[] = {
52 0x17, 0x03, 0x03, 0x41, 0x01, 0x02, 0x00, 0x00,
53};
54
55static void
56hexdump(const unsigned char *buf, size_t len)
57{
58 size_t i;
59
60 for (i = 1; i <= len; i++)
61 fprintf(stderr, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
62 if (len % 8 != 0)
63 fprintf(stderr, "\n");
64}
65
66struct rw_state {
67 uint8_t *buf;
68 size_t len;
69 size_t offset;
70 uint8_t eof;
71};
72
73static ssize_t
74read_cb(void *buf, size_t buflen, void *cb_arg)
75{
76 struct rw_state *rs = cb_arg;
77 ssize_t n;
78
79 if (rs->eof)
80 return TLS13_IO_EOF;
81
82 if ((size_t)(n = buflen) > (rs->len - rs->offset))
83 n = rs->len - rs->offset;
84
85 if (n == 0)
86 return TLS13_IO_WANT_POLLIN;
87
88 memcpy(buf, &rs->buf[rs->offset], n);
89 rs->offset += n;
90
91 return n;
92}
93
94static ssize_t
95write_cb(const void *buf, size_t buflen, void *cb_arg)
96{
97 struct rw_state *ws = cb_arg;
98 ssize_t n;
99
100 if (ws->eof)
101 return TLS13_IO_EOF;
102
103 if ((size_t)(n = buflen) > (ws->len - ws->offset))
104 n = ws->len - ws->offset;
105
106 if (n == 0)
107 return TLS13_IO_WANT_POLLOUT;
108
109 memcpy(&ws->buf[ws->offset], buf, n);
110 ws->offset += n;
111
112 return n;
113}
114
115struct record_test {
116 size_t rw_len;
117 int eof;
118 ssize_t want_ret;
119};
120
121struct record_recv_test {
122 uint8_t *read_buf;
123 struct record_test rt[10];
124 uint8_t want_content_type;
125 uint8_t *want_data;
126 size_t want_len;
127};
128
129struct record_recv_test record_recv_tests[] = {
130 {
131 .read_buf = test_record_1,
132 .rt = {
133 {
134 .rw_len = sizeof(test_record_1),
135 .want_ret = sizeof(test_record_1),
136 },
137 },
138 .want_content_type = SSL3_RT_HANDSHAKE,
139 .want_data = test_record_1,
140 .want_len = sizeof(test_record_1),
141 },
142 {
143 .read_buf = test_record_1,
144 .rt = {
145 {
146 .rw_len = 0,
147 .want_ret = TLS13_IO_WANT_POLLIN,
148 },
149 {
150 .rw_len = sizeof(test_record_1),
151 .want_ret = sizeof(test_record_1),
152 },
153 },
154 .want_content_type = SSL3_RT_HANDSHAKE,
155 .want_data = test_record_1,
156 .want_len = sizeof(test_record_1),
157 },
158 {
159 .read_buf = test_record_1,
160 .rt = {
161 {
162 .rw_len = 0,
163 .want_ret = TLS13_IO_WANT_POLLIN,
164 },
165 {
166 .rw_len = 5,
167 .want_ret = TLS13_IO_WANT_POLLIN,
168 },
169 {
170 .rw_len = sizeof(test_record_1),
171 .want_ret = sizeof(test_record_1),
172 },
173 },
174 .want_content_type = SSL3_RT_HANDSHAKE,
175 .want_data = test_record_1,
176 .want_len = sizeof(test_record_1),
177 },
178 {
179 .read_buf = test_record_1,
180 .rt = {
181 {
182 .rw_len = 0,
183 .want_ret = TLS13_IO_WANT_POLLIN,
184 },
185 {
186 .rw_len = 2,
187 .want_ret = TLS13_IO_WANT_POLLIN,
188 },
189 {
190 .rw_len = 6,
191 .want_ret = TLS13_IO_WANT_POLLIN,
192 },
193 {
194 .rw_len = sizeof(test_record_1),
195 .want_ret = sizeof(test_record_1),
196 },
197 },
198 .want_content_type = SSL3_RT_HANDSHAKE,
199 .want_data = test_record_1,
200 .want_len = sizeof(test_record_1),
201 },
202 {
203 .read_buf = test_record_1,
204 .rt = {
205 {
206 .rw_len = 4,
207 .want_ret = TLS13_IO_WANT_POLLIN,
208 },
209 {
210 .eof = 1,
211 .want_ret = TLS13_IO_EOF,
212 },
213 },
214 },
215 {
216 .read_buf = test_record_1,
217 .rt = {
218 {
219 .eof = 1,
220 .want_ret = TLS13_IO_EOF,
221 },
222 },
223 },
224 {
225 .read_buf = test_record_2,
226 .rt = {
227 {
228 .rw_len = sizeof(test_record_2),
229 .want_ret = TLS13_IO_WANT_POLLIN,
230 },
231 {
232 .eof = 1,
233 .want_ret = TLS13_IO_EOF,
234 },
235 },
236 .want_content_type = SSL3_RT_APPLICATION_DATA,
237 },
238 {
239 .read_buf = test_record_3,
240 .rt = {
241 {
242 .rw_len = sizeof(test_record_3),
243 .want_ret = TLS13_IO_FAILURE,
244 },
245 },
246 },
247};
248
249#define N_RECORD_RECV_TESTS (sizeof(record_recv_tests) / sizeof(record_recv_tests[0]))
250
251struct record_send_test {
252 uint8_t *data;
253 size_t data_len;
254 struct record_test rt[10];
255 uint8_t *want_data;
256 size_t want_len;
257};
258
259struct record_send_test record_send_tests[] = {
260 {
261 .data = test_record_1,
262 .data_len = sizeof(test_record_1),
263 .rt = {
264 {
265 .rw_len = sizeof(test_record_1),
266 .want_ret = sizeof(test_record_1),
267 },
268 },
269 .want_data = test_record_1,
270 .want_len = sizeof(test_record_1),
271 },
272 {
273 .data = test_record_1,
274 .data_len = sizeof(test_record_1),
275 .rt = {
276 {
277 .rw_len = 0,
278 .want_ret = TLS13_IO_WANT_POLLOUT,
279 },
280 {
281 .rw_len = sizeof(test_record_1),
282 .want_ret = sizeof(test_record_1),
283 },
284 },
285 .want_data = test_record_1,
286 .want_len = sizeof(test_record_1),
287 },
288 {
289 .data = test_record_1,
290 .data_len = sizeof(test_record_1),
291 .rt = {
292 {
293 .rw_len = 0,
294 .want_ret = TLS13_IO_WANT_POLLOUT,
295 },
296 {
297 .rw_len = 5,
298 .want_ret = TLS13_IO_WANT_POLLOUT,
299 },
300 {
301 .rw_len = sizeof(test_record_1),
302 .want_ret = sizeof(test_record_1),
303 },
304 },
305 .want_data = test_record_1,
306 .want_len = sizeof(test_record_1),
307 },
308 {
309 .data = test_record_1,
310 .data_len = sizeof(test_record_1),
311 .rt = {
312 {
313 .rw_len = 0,
314 .want_ret = TLS13_IO_WANT_POLLOUT,
315 },
316 {
317 .rw_len = 2,
318 .want_ret = TLS13_IO_WANT_POLLOUT,
319 },
320 {
321 .rw_len = 6,
322 .want_ret = TLS13_IO_WANT_POLLOUT,
323 },
324 {
325 .rw_len = sizeof(test_record_1),
326 .want_ret = sizeof(test_record_1),
327 },
328 },
329 .want_data = test_record_1,
330 .want_len = sizeof(test_record_1),
331 },
332 {
333 .data = test_record_1,
334 .data_len = sizeof(test_record_1),
335 .rt = {
336 {
337 .rw_len = 4,
338 .want_ret = TLS13_IO_WANT_POLLOUT,
339 },
340 {
341 .eof = 1,
342 .want_ret = TLS13_IO_EOF,
343 },
344 },
345 .want_data = test_record_1,
346 .want_len = 4,
347 },
348 {
349 .data = test_record_1,
350 .data_len = sizeof(test_record_1),
351 .rt = {
352 {
353 .rw_len = 0,
354 .want_ret = TLS13_IO_WANT_POLLOUT,
355 },
356 {
357 .eof = 1,
358 .want_ret = TLS13_IO_EOF,
359 },
360 },
361 .want_data = NULL,
362 .want_len = 0,
363 },
364};
365
366#define N_RECORD_SEND_TESTS (sizeof(record_send_tests) / sizeof(record_send_tests[0]))
367
368static int
369test_record_recv(size_t test_no, struct record_recv_test *rrt)
370{
371 struct tls13_record *rec;
372 struct rw_state rs;
373 int failed = 1;
374 ssize_t ret;
375 size_t i;
376 CBS cbs;
377
378 rs.buf = rrt->read_buf;
379 rs.offset = 0;
380
381 if ((rec = tls13_record_new()) == NULL)
382 errx(1, "tls13_record_new");
383
384 for (i = 0; rrt->rt[i].rw_len != 0 || rrt->rt[i].want_ret != 0; i++) {
385 rs.eof = rrt->rt[i].eof;
386 rs.len = rrt->rt[i].rw_len;
387
388 ret = tls13_record_recv(rec, read_cb, &rs);
389 if (ret != rrt->rt[i].want_ret) {
390 fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_recv "
391 "returned %zi, want %zi\n", test_no, i, ret,
392 rrt->rt[i].want_ret);
393 goto failure;
394 }
395 }
396
397 if (tls13_record_content_type(rec) != rrt->want_content_type) {
398 fprintf(stderr, "FAIL: Test %zu - got content type %u, "
399 "want %u\n", test_no, tls13_record_content_type(rec),
400 rrt->want_content_type);
401 goto failure;
402 }
403
404 tls13_record_data(rec, &cbs);
405 if (rrt->want_data == NULL) {
406 if (CBS_data(&cbs) != NULL || CBS_len(&cbs) != 0) {
407 fprintf(stderr, "FAIL: Test %zu - got CBS with data, "
408 "want NULL\n", test_no);
409 goto failure;
410 }
411 goto done;
412 }
413 if (!CBS_mem_equal(&cbs, rrt->want_data, rrt->want_len)) {
414 fprintf(stderr, "FAIL: Test %zu - data mismatch\n", test_no);
415 fprintf(stderr, "Got record data:\n");
416 hexdump(CBS_data(&cbs), CBS_len(&cbs));
417 fprintf(stderr, "Want record data:\n");
418 hexdump(rrt->want_data, rrt->want_len);
419 goto failure;
420 }
421
422 if (!tls13_record_header(rec, &cbs)) {
423 fprintf(stderr, "FAIL: Test %zu - fail to get record "
424 "header", test_no);
425 goto failure;
426 }
427 if (!CBS_mem_equal(&cbs, rrt->want_data, TLS13_RECORD_HEADER_LEN)) {
428 fprintf(stderr, "FAIL: Test %zu - header mismatch\n", test_no);
429 fprintf(stderr, "Got record header:\n");
430 hexdump(CBS_data(&cbs), CBS_len(&cbs));
431 fprintf(stderr, "Want record header:\n");
432 hexdump(rrt->want_data, rrt->want_len);
433 goto failure;
434 }
435
436 if (!tls13_record_content(rec, &cbs)) {
437 fprintf(stderr, "FAIL: Test %zu - fail to get record "
438 "content", test_no);
439 goto failure;
440 }
441 if (!CBS_mem_equal(&cbs, rrt->want_data + TLS13_RECORD_HEADER_LEN,
442 rrt->want_len - TLS13_RECORD_HEADER_LEN)) {
443 fprintf(stderr, "FAIL: Test %zu - content mismatch\n", test_no);
444 fprintf(stderr, "Got record content:\n");
445 hexdump(CBS_data(&cbs), CBS_len(&cbs));
446 fprintf(stderr, "Want record content:\n");
447 hexdump(rrt->want_data, rrt->want_len);
448 goto failure;
449 }
450
451 done:
452 failed = 0;
453
454 failure:
455 tls13_record_free(rec);
456
457 return failed;
458}
459
460static int
461test_record_send(size_t test_no, struct record_send_test *rst)
462{
463 uint8_t *data = NULL;
464 struct tls13_record *rec;
465 struct rw_state ws;
466 int failed = 1;
467 ssize_t ret;
468 size_t i;
469
470 if ((ws.buf = malloc(TLS13_RECORD_MAX_LEN)) == NULL)
471 errx(1, "malloc");
472
473 ws.offset = 0;
474
475 if ((rec = tls13_record_new()) == NULL)
476 errx(1, "tls13_record_new");
477
478 if ((data = malloc(rst->data_len)) == NULL)
479 errx(1, "malloc");
480 memcpy(data, rst->data, rst->data_len);
481
482 if (!tls13_record_set_data(rec, data, rst->data_len)) {
483 fprintf(stderr, "FAIL: Test %zu - failed to set record data\n",
484 test_no);
485 goto failure;
486 }
487 data = NULL;
488
489 for (i = 0; rst->rt[i].rw_len != 0 || rst->rt[i].want_ret != 0; i++) {
490 ws.eof = rst->rt[i].eof;
491 ws.len = rst->rt[i].rw_len;
492
493 ret = tls13_record_send(rec, write_cb, &ws);
494 if (ret != rst->rt[i].want_ret) {
495 fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_send "
496 "returned %zi, want %zi\n", test_no, i, ret,
497 rst->rt[i].want_ret);
498 goto failure;
499 }
500 }
501
502 if (rst->want_data != NULL &&
503 memcmp(ws.buf, rst->want_data, rst->want_len) != 0) {
504 fprintf(stderr, "FAIL: Test %zu - content mismatch\n", test_no);
505 fprintf(stderr, "Got record data:\n");
506 hexdump(rst->data, rst->data_len);
507 fprintf(stderr, "Want record data:\n");
508 hexdump(rst->want_data, rst->want_len);
509 goto failure;
510 }
511
512 failed = 0;
513
514 failure:
515 tls13_record_free(rec);
516 free(ws.buf);
517
518 return failed;
519}
520
521static int
522test_recv_records(void)
523{
524 int failed = 0;
525 size_t i;
526
527 for (i = 0; i < N_RECORD_RECV_TESTS; i++)
528 failed |= test_record_recv(i, &record_recv_tests[i]);
529
530 return failed;
531}
532
533static int
534test_send_records(void)
535{
536 int failed = 0;
537 size_t i;
538
539 for (i = 0; i < N_RECORD_SEND_TESTS; i++)
540 failed |= test_record_send(i, &record_send_tests[i]);
541
542 return failed;
543}
544
545int
546main(int argc, char **argv)
547{
548 int failed = 0;
549
550 failed |= test_recv_records();
551 failed |= test_send_records();
552
553 return failed;
554}
diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile
deleted file mode 100644
index 705190d076..0000000000
--- a/src/regress/lib/libssl/server/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/03/05 14:15:53 jsing Exp $
2
3PROG= servertest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS= \
10 regress-servertest
11
12regress-servertest: ${PROG}
13 ./servertest \
14 ${.CURDIR}/../../libssl/certs/server.pem \
15 ${.CURDIR}/../../libssl/certs/server.pem \
16 ${.CURDIR}/../../libssl/certs/ca.pem
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c
deleted file mode 100644
index 32578599e5..0000000000
--- a/src/regress/lib/libssl/server/servertest.c
+++ /dev/null
@@ -1,200 +0,0 @@
1/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */
2/*
3 * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <openssl/err.h>
21#include <openssl/dtls1.h>
22#include <openssl/ssl3.h>
23
24#include <err.h>
25#include <stdio.h>
26#include <string.h>
27
28char *server_ca_file;
29char *server_cert_file;
30char *server_key_file;
31
32static unsigned char sslv2_client_hello_tls10[] = {
33 0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
34 0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
35 0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
36 0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
37 0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
38 0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
39 0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
40 0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
41 0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
42 0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
43 0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
44 0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
45 0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
46 0xc8, 0x73, 0xad, 0x9c,
47};
48
49static unsigned char sslv2_client_hello_tls12[] = {
50 0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
51 0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
52 0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
53 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
54 0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
55 0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
56 0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
57 0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
58 0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
59 0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
60 0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
61 0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
62 0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
63 0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
64 0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
65 0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
66 0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
67 0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
68 0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
69 0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
70 0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
71 0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
72 0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
73 0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
74 0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
75 0x4e, 0x7d, 0x9d, 0x9c, 0x52,
76};
77
78struct server_hello_test {
79 const unsigned char *desc;
80 unsigned char *client_hello;
81 const size_t client_hello_len;
82 const SSL_METHOD *(*ssl_method)(void);
83 const long ssl_options;
84};
85
86static struct server_hello_test server_hello_tests[] = {
87 {
88 .desc = "TLSv1.0 in SSLv2 record",
89 .client_hello = sslv2_client_hello_tls10,
90 .client_hello_len = sizeof(sslv2_client_hello_tls10),
91 .ssl_method = TLS_server_method,
92 .ssl_options = 0,
93 },
94 {
95 .desc = "TLSv1.2 in SSLv2 record",
96 .client_hello = sslv2_client_hello_tls12,
97 .client_hello_len = sizeof(sslv2_client_hello_tls12),
98 .ssl_method = TLS_server_method,
99 .ssl_options = 0,
100 },
101};
102
103#define N_SERVER_HELLO_TESTS \
104 (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
105
106static int
107server_hello_test(int testno, struct server_hello_test *sht)
108{
109 BIO *rbio = NULL, *wbio = NULL;
110 SSL_CTX *ssl_ctx = NULL;
111 SSL *ssl = NULL;
112 int ret = 1;
113
114 fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
115
116 if ((rbio = BIO_new_mem_buf(sht->client_hello,
117 sht->client_hello_len)) == NULL) {
118 fprintf(stderr, "Failed to setup rbio\n");
119 goto failure;
120 }
121 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
122 fprintf(stderr, "Failed to setup wbio\n");
123 goto failure;
124 }
125
126 if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
127 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
128 goto failure;
129 }
130
131 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
132 SSL_FILETYPE_PEM) != 1) {
133 fprintf(stderr, "Failed to load server certificate");
134 goto failure;
135 }
136 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
137 SSL_FILETYPE_PEM) != 1) {
138 fprintf(stderr, "Failed to load server private key");
139 goto failure;
140 }
141
142 SSL_CTX_set_dh_auto(ssl_ctx, 1);
143 SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
144 SSL_CTX_set_options(ssl_ctx, sht->ssl_options);
145
146 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
147 fprintf(stderr, "SSL_new() returned NULL\n");
148 goto failure;
149 }
150
151 rbio->references = 2;
152 wbio->references = 2;
153
154 SSL_set_bio(ssl, rbio, wbio);
155
156 if (SSL_accept(ssl) != 0) {
157 fprintf(stderr, "SSL_accept() returned non-zero\n");
158 ERR_print_errors_fp(stderr);
159 goto failure;
160 }
161
162 ret = 0;
163
164 failure:
165 SSL_CTX_free(ssl_ctx);
166 SSL_free(ssl);
167
168 rbio->references = 1;
169 wbio->references = 1;
170
171 BIO_free(rbio);
172 BIO_free(wbio);
173
174 return (ret);
175}
176
177int
178main(int argc, char **argv)
179{
180 int failed = 0;
181 size_t i;
182
183 if (argc != 4) {
184 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
185 argv[0]);
186 exit(1);
187 }
188
189 server_key_file = argv[1];
190 server_cert_file = argv[2];
191 server_ca_file = argv[3];
192
193 SSL_library_init();
194 SSL_load_error_strings();
195
196 for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
197 failed |= server_hello_test(i, &server_hello_tests[i]);
198
199 return (failed);
200}
diff --git a/src/regress/lib/libssl/ssl/Makefile b/src/regress/lib/libssl/ssl/Makefile
deleted file mode 100644
index 581341c310..0000000000
--- a/src/regress/lib/libssl/ssl/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= ssltest
4LDADD= -lcrypto -lssl
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS=regress-ssltest
10
11regress-ssltest: ${PROG}
12 sh ${.CURDIR}/testssl \
13 ${.CURDIR}/../certs/server.pem ${.CURDIR}/../certs/server.pem \
14 ${.CURDIR}/../certs/ca.pem
15
16.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
deleted file mode 100644
index 0c9a03c84b..0000000000
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ /dev/null
@@ -1,1988 +0,0 @@
1/* ssl/ssltest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
144 on Linux and GNU platforms. */
145#include <sys/types.h>
146#include <sys/param.h>
147#include <sys/socket.h>
148
149#include <netinet/in.h>
150
151#include <assert.h>
152#include <errno.h>
153#include <limits.h>
154#include <netdb.h>
155#include <stdio.h>
156#include <stdlib.h>
157#include <string.h>
158#include <time.h>
159#include <unistd.h>
160
161#include <ctype.h>
162
163#include <openssl/opensslconf.h>
164#include <openssl/bio.h>
165#include <openssl/crypto.h>
166#include <openssl/evp.h>
167#include <openssl/x509.h>
168#include <openssl/x509v3.h>
169#include <openssl/ssl.h>
170#ifndef OPENSSL_NO_ENGINE
171#include <openssl/engine.h>
172#endif
173#include <openssl/err.h>
174#include <openssl/rand.h>
175#include <openssl/rsa.h>
176#include <openssl/dsa.h>
177#include <openssl/dh.h>
178#include <openssl/bn.h>
179
180#define TEST_SERVER_CERT "../apps/server.pem"
181#define TEST_CLIENT_CERT "../apps/client.pem"
182
183static int verify_callback(int ok, X509_STORE_CTX *ctx);
184static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
185static void free_tmp_rsa(void);
186static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
187#define APP_CALLBACK_STRING "Test Callback Argument"
188struct app_verify_arg {
189 char *string;
190 int app_verify;
191 int allow_proxy_certs;
192 char *proxy_auth;
193 char *proxy_cond;
194};
195
196static DH *get_dh1024(void);
197static DH *get_dh1024dsa(void);
198
199static BIO *bio_err = NULL;
200static BIO *bio_stdout = NULL;
201
202static const char *alpn_client;
203static const char *alpn_server;
204static const char *alpn_expected;
205static unsigned char *alpn_selected;
206
207/*
208 * next_protos_parse parses a comma separated list of strings into a string
209 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
210 * outlen: (output) set to the length of the resulting buffer on success.
211 * err: (maybe NULL) on failure, an error message line is written to this BIO.
212 * in: a NUL terminated string like "abc,def,ghi"
213 *
214 * returns: a malloced buffer or NULL on failure.
215 */
216static unsigned char *
217next_protos_parse(unsigned short *outlen, const char *in)
218{
219 size_t i, len, start = 0;
220 unsigned char *out;
221
222 len = strlen(in);
223 if (len >= 65535)
224 return (NULL);
225
226 if ((out = malloc(strlen(in) + 1)) == NULL)
227 return (NULL);
228
229 for (i = 0; i <= len; ++i) {
230 if (i == len || in[i] == ',') {
231 if (i - start > 255) {
232 free(out);
233 return (NULL);
234 }
235 out[start] = i - start;
236 start = i + 1;
237 } else
238 out[i+1] = in[i];
239 }
240 *outlen = len + 1;
241 return (out);
242}
243
244static int
245cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
246 const unsigned char *in, unsigned int inlen, void *arg)
247{
248 unsigned char *protos;
249 unsigned short protos_len;
250
251 if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) {
252 fprintf(stderr,
253 "failed to parser ALPN server protocol string: %s\n",
254 alpn_server);
255 abort();
256 }
257
258 if (SSL_select_next_proto((unsigned char **)out, outlen, protos,
259 protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) {
260 free(protos);
261 return (SSL_TLSEXT_ERR_NOACK);
262 }
263
264 /*
265 * Make a copy of the selected protocol which will be freed in
266 * verify_alpn.
267 */
268 if ((alpn_selected = malloc(*outlen)) == NULL) {
269 fprintf(stderr, "malloc failed\n");
270 abort();
271 }
272 memcpy(alpn_selected, *out, *outlen);
273 *out = alpn_selected;
274 free(protos);
275
276 return (SSL_TLSEXT_ERR_OK);
277}
278
279static int
280verify_alpn(SSL *client, SSL *server)
281{
282 const unsigned char *client_proto, *server_proto;
283 unsigned int client_proto_len = 0, server_proto_len = 0;
284
285 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
286 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
287
288 free(alpn_selected);
289 alpn_selected = NULL;
290
291 if (client_proto_len != server_proto_len ||
292 memcmp(client_proto, server_proto, client_proto_len) != 0) {
293 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
294 goto err;
295 }
296
297 if (client_proto_len > 0 && alpn_expected == NULL) {
298 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
299 goto err;
300 }
301
302 if (alpn_expected != NULL &&
303 (client_proto_len != strlen(alpn_expected) ||
304 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
305 BIO_printf(bio_stdout, "ALPN selected protocols not equal to "
306 "expected protocol: %s\n", alpn_expected);
307 goto err;
308 }
309
310 return (0);
311
312err:
313 BIO_printf(bio_stdout, "ALPN results: client: '");
314 BIO_write(bio_stdout, client_proto, client_proto_len);
315 BIO_printf(bio_stdout, "', server: '");
316 BIO_write(bio_stdout, server_proto, server_proto_len);
317 BIO_printf(bio_stdout, "'\n");
318 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
319 alpn_client, alpn_server);
320
321 return (-1);
322}
323
324static char *cipher = NULL;
325static int verbose = 0;
326static int debug = 0;
327
328int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
329 clock_t *c_time);
330int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
331static int do_test_cipherlist(void);
332
333static void
334sv_usage(void)
335{
336 fprintf(stderr, "usage: ssltest [args ...]\n");
337 fprintf(stderr, "\n");
338 fprintf(stderr, " -server_auth - check server certificate\n");
339 fprintf(stderr, " -client_auth - do client authentication\n");
340 fprintf(stderr, " -proxy - allow proxy certificates\n");
341 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
342 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n");
343 fprintf(stderr, " -v - more output\n");
344 fprintf(stderr, " -d - debug output\n");
345 fprintf(stderr, " -reuse - use session-id reuse\n");
346 fprintf(stderr, " -num <val> - number of connections to perform\n");
347 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n");
348 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
349 fprintf(stderr, " -no_dhe - disable DHE\n");
350 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
351 fprintf(stderr, " -dtls1 - use DTLSv1\n");
352 fprintf(stderr, " -tls1 - use TLSv1\n");
353 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
354 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
355 fprintf(stderr, " -cert arg - Server certificate file\n");
356 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n");
357 fprintf(stderr, " -c_cert arg - Client certificate file\n");
358 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n");
359 fprintf(stderr, " -cipher arg - The cipher list\n");
360 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
361 fprintf(stderr, " -f - Test even cases that can't work\n");
362 fprintf(stderr, " -time - measure processor time used by client and server\n");
363 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
364 " Use \"openssl ecparam -list_curves\" for all names\n" \
365 " (default is sect163r2).\n");
366 fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n");
367 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
368 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
369 fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
370}
371
372static void
373print_details(SSL *c_ssl, const char *prefix)
374{
375 const SSL_CIPHER *ciph;
376 X509 *cert;
377
378 ciph = SSL_get_current_cipher(c_ssl);
379 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
380 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
381 SSL_CIPHER_get_name(ciph));
382 cert = SSL_get_peer_certificate(c_ssl);
383 if (cert != NULL) {
384 EVP_PKEY *pkey = X509_get_pubkey(cert);
385 if (pkey != NULL) {
386 if (pkey->type == EVP_PKEY_RSA &&
387 pkey->pkey.rsa != NULL &&
388 pkey->pkey.rsa->n != NULL) {
389 BIO_printf(bio_stdout, ", %d bit RSA",
390 BN_num_bits(pkey->pkey.rsa->n));
391 } else if (pkey->type == EVP_PKEY_DSA &&
392 pkey->pkey.dsa != NULL &&
393 pkey->pkey.dsa->p != NULL) {
394 BIO_printf(bio_stdout, ", %d bit DSA",
395 BN_num_bits(pkey->pkey.dsa->p));
396 }
397 EVP_PKEY_free(pkey);
398 }
399 X509_free(cert);
400 }
401 /* The SSL API does not allow us to look at temporary RSA/DH keys,
402 * otherwise we should print their lengths too */
403 BIO_printf(bio_stdout, "\n");
404}
405
406int
407main(int argc, char *argv[])
408{
409 char *CApath = NULL, *CAfile = NULL;
410 int badop = 0;
411 int bio_pair = 0;
412 int force = 0;
413 int tls1 = 0, dtls1 = 0, ret = 1;
414 int client_auth = 0;
415 int server_auth = 0, i;
416 struct app_verify_arg app_verify_arg =
417 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
418 char *server_cert = TEST_SERVER_CERT;
419 char *server_key = NULL;
420 char *client_cert = TEST_CLIENT_CERT;
421 char *client_key = NULL;
422 char *named_curve = NULL;
423 SSL_CTX *s_ctx = NULL;
424 SSL_CTX *c_ctx = NULL;
425 const SSL_METHOD *meth = NULL;
426 SSL *c_ssl, *s_ssl;
427 int number = 1, reuse = 0;
428 long bytes = 256L;
429 DH *dh;
430 int dhe1024dsa = 0;
431 EC_KEY *ecdh = NULL;
432 int no_dhe = 0;
433 int no_ecdhe = 0;
434 int print_time = 0;
435 clock_t s_time = 0, c_time = 0;
436 int test_cipherlist = 0;
437
438 verbose = 0;
439 debug = 0;
440 cipher = 0;
441
442 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
443
444 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
445
446 argc--;
447 argv++;
448
449 while (argc >= 1) {
450 if (!strcmp(*argv, "-F")) {
451 fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n");
452 exit(0);
453 } else if (strcmp(*argv, "-server_auth") == 0)
454 server_auth = 1;
455 else if (strcmp(*argv, "-client_auth") == 0)
456 client_auth = 1;
457 else if (strcmp(*argv, "-proxy_auth") == 0) {
458 if (--argc < 1)
459 goto bad;
460 app_verify_arg.proxy_auth= *(++argv);
461 } else if (strcmp(*argv, "-proxy_cond") == 0) {
462 if (--argc < 1)
463 goto bad;
464 app_verify_arg.proxy_cond= *(++argv);
465 } else if (strcmp(*argv, "-v") == 0)
466 verbose = 1;
467 else if (strcmp(*argv, "-d") == 0)
468 debug = 1;
469 else if (strcmp(*argv, "-reuse") == 0)
470 reuse = 1;
471 else if (strcmp(*argv, "-dhe1024dsa") == 0) {
472 dhe1024dsa = 1;
473 } else if (strcmp(*argv, "-no_dhe") == 0)
474 no_dhe = 1;
475 else if (strcmp(*argv, "-no_ecdhe") == 0)
476 no_ecdhe = 1;
477 else if (strcmp(*argv, "-dtls1") == 0)
478 dtls1 = 1;
479 else if (strcmp(*argv, "-tls1") == 0)
480 tls1 = 1;
481 else if (strncmp(*argv, "-num", 4) == 0) {
482 if (--argc < 1)
483 goto bad;
484 number = atoi(*(++argv));
485 if (number == 0)
486 number = 1;
487 } else if (strcmp(*argv, "-bytes") == 0) {
488 if (--argc < 1)
489 goto bad;
490 bytes = atol(*(++argv));
491 if (bytes == 0L)
492 bytes = 1L;
493 i = strlen(argv[0]);
494 if (argv[0][i - 1] == 'k')
495 bytes*=1024L;
496 if (argv[0][i - 1] == 'm')
497 bytes*=1024L*1024L;
498 } else if (strcmp(*argv, "-cert") == 0) {
499 if (--argc < 1)
500 goto bad;
501 server_cert= *(++argv);
502 } else if (strcmp(*argv, "-s_cert") == 0) {
503 if (--argc < 1)
504 goto bad;
505 server_cert= *(++argv);
506 } else if (strcmp(*argv, "-key") == 0) {
507 if (--argc < 1)
508 goto bad;
509 server_key= *(++argv);
510 } else if (strcmp(*argv, "-s_key") == 0) {
511 if (--argc < 1)
512 goto bad;
513 server_key= *(++argv);
514 } else if (strcmp(*argv, "-c_cert") == 0) {
515 if (--argc < 1)
516 goto bad;
517 client_cert= *(++argv);
518 } else if (strcmp(*argv, "-c_key") == 0) {
519 if (--argc < 1)
520 goto bad;
521 client_key= *(++argv);
522 } else if (strcmp(*argv, "-cipher") == 0) {
523 if (--argc < 1)
524 goto bad;
525 cipher= *(++argv);
526 } else if (strcmp(*argv, "-CApath") == 0) {
527 if (--argc < 1)
528 goto bad;
529 CApath= *(++argv);
530 } else if (strcmp(*argv, "-CAfile") == 0) {
531 if (--argc < 1)
532 goto bad;
533 CAfile= *(++argv);
534 } else if (strcmp(*argv, "-bio_pair") == 0) {
535 bio_pair = 1;
536 } else if (strcmp(*argv, "-f") == 0) {
537 force = 1;
538 } else if (strcmp(*argv, "-time") == 0) {
539 print_time = 1;
540 } else if (strcmp(*argv, "-named_curve") == 0) {
541 if (--argc < 1)
542 goto bad;
543 named_curve = *(++argv);
544 } else if (strcmp(*argv, "-app_verify") == 0) {
545 app_verify_arg.app_verify = 1;
546 } else if (strcmp(*argv, "-proxy") == 0) {
547 app_verify_arg.allow_proxy_certs = 1;
548 } else if (strcmp(*argv, "-test_cipherlist") == 0) {
549 test_cipherlist = 1;
550 } else if (strcmp(*argv, "-alpn_client") == 0) {
551 if (--argc < 1)
552 goto bad;
553 alpn_client = *(++argv);
554 } else if (strcmp(*argv, "-alpn_server") == 0) {
555 if (--argc < 1)
556 goto bad;
557 alpn_server = *(++argv);
558 } else if (strcmp(*argv, "-alpn_expected") == 0) {
559 if (--argc < 1)
560 goto bad;
561 alpn_expected = *(++argv);
562 } else {
563 fprintf(stderr, "unknown option %s\n", *argv);
564 badop = 1;
565 break;
566 }
567 argc--;
568 argv++;
569 }
570 if (badop) {
571bad:
572 sv_usage();
573 goto end;
574 }
575
576 if (test_cipherlist == 1) {
577 /* ensure that the cipher list are correctly sorted and exit */
578 if (do_test_cipherlist() == 0)
579 exit(1);
580 ret = 0;
581 goto end;
582 }
583
584 if (!dtls1 && !tls1 &&
585 number > 1 && !reuse && !force) {
586 fprintf(stderr,
587 "This case cannot work. Use -f to perform "
588 "the test anyway (and\n-d to see what happens), "
589 "or add one of -dtls1, -tls1, -reuse\n"
590 "to avoid protocol mismatch.\n");
591 exit(1);
592 }
593
594 if (print_time) {
595 if (!bio_pair) {
596 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
597 bio_pair = 1;
598 }
599 if (number < 50 && !force)
600 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
601 }
602
603/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
604
605 SSL_library_init();
606 SSL_load_error_strings();
607
608 if (dtls1)
609 meth = DTLSv1_method();
610 else if (tls1)
611 meth = TLSv1_method();
612 else
613 meth = SSLv23_method();
614
615 c_ctx = SSL_CTX_new(meth);
616 s_ctx = SSL_CTX_new(meth);
617 if ((c_ctx == NULL) || (s_ctx == NULL)) {
618 ERR_print_errors(bio_err);
619 goto end;
620 }
621
622 if (cipher != NULL) {
623 SSL_CTX_set_cipher_list(c_ctx, cipher);
624 SSL_CTX_set_cipher_list(s_ctx, cipher);
625 }
626
627 if (!no_dhe) {
628 if (dhe1024dsa) {
629 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
630 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
631 dh = get_dh1024dsa();
632 } else
633 dh = get_dh1024();
634 SSL_CTX_set_tmp_dh(s_ctx, dh);
635 DH_free(dh);
636 }
637
638 if (!no_ecdhe) {
639 int nid;
640
641 if (named_curve != NULL) {
642 nid = OBJ_sn2nid(named_curve);
643 if (nid == 0) {
644 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
645 goto end;
646 }
647 } else
648 nid = NID_X9_62_prime256v1;
649
650 ecdh = EC_KEY_new_by_curve_name(nid);
651 if (ecdh == NULL) {
652 BIO_printf(bio_err, "unable to create curve\n");
653 goto end;
654 }
655
656 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
657 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
658 EC_KEY_free(ecdh);
659 }
660
661 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
662
663 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert,
664 SSL_FILETYPE_PEM)) {
665 ERR_print_errors(bio_err);
666 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
667 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
668 ERR_print_errors(bio_err);
669 goto end;
670 }
671
672 if (client_auth) {
673 SSL_CTX_use_certificate_file(c_ctx, client_cert,
674 SSL_FILETYPE_PEM);
675 SSL_CTX_use_PrivateKey_file(c_ctx,
676 (client_key ? client_key : client_cert),
677 SSL_FILETYPE_PEM);
678 }
679
680 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
681 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
682 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
683 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
684 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
685 ERR_print_errors(bio_err);
686 /* goto end; */
687 }
688
689 if (client_auth) {
690 BIO_printf(bio_err, "client authentication\n");
691 SSL_CTX_set_verify(s_ctx,
692 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
693 verify_callback);
694 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
695 &app_verify_arg);
696 }
697 if (server_auth) {
698 BIO_printf(bio_err, "server authentication\n");
699 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
700 verify_callback);
701 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
702 &app_verify_arg);
703 }
704
705 {
706 int session_id_context = 0;
707 SSL_CTX_set_session_id_context(s_ctx,
708 (void *)&session_id_context, sizeof(session_id_context));
709 }
710
711 if (alpn_server != NULL)
712 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
713
714 if (alpn_client != NULL) {
715 unsigned short alpn_len;
716 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
717
718 if (alpn == NULL) {
719 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
720 goto end;
721 }
722 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
723 free(alpn);
724 }
725
726 c_ssl = SSL_new(c_ctx);
727 s_ssl = SSL_new(s_ctx);
728
729 for (i = 0; i < number; i++) {
730 if (!reuse)
731 SSL_set_session(c_ssl, NULL);
732 if (bio_pair)
733 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time,
734 &c_time);
735 else
736 ret = doit(s_ssl, c_ssl, bytes);
737 }
738
739 if (!verbose) {
740 print_details(c_ssl, "");
741 }
742 if ((number > 1) || (bytes > 1L))
743 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",
744 number, bytes);
745 if (print_time) {
746#ifdef CLOCKS_PER_SEC
747 /* "To determine the time in seconds, the value returned
748 * by the clock function should be divided by the value
749 * of the macro CLOCKS_PER_SEC."
750 * -- ISO/IEC 9899 */
751 BIO_printf(bio_stdout,
752 "Approximate total server time: %6.2f s\n"
753 "Approximate total client time: %6.2f s\n",
754 (double)s_time/CLOCKS_PER_SEC,
755 (double)c_time/CLOCKS_PER_SEC);
756#else
757 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
758 * -- cc on NeXTstep/OpenStep */
759 BIO_printf(bio_stdout,
760 "Approximate total server time: %6.2f units\n"
761 "Approximate total client time: %6.2f units\n",
762 (double)s_time,
763 (double)c_time);
764#endif
765 }
766
767 SSL_free(s_ssl);
768 SSL_free(c_ssl);
769
770end:
771 SSL_CTX_free(s_ctx);
772 SSL_CTX_free(c_ctx);
773 BIO_free(bio_stdout);
774
775 free_tmp_rsa();
776#ifndef OPENSSL_NO_ENGINE
777 ENGINE_cleanup();
778#endif
779 CRYPTO_cleanup_all_ex_data();
780 ERR_free_strings();
781 ERR_remove_thread_state(NULL);
782 EVP_cleanup();
783 CRYPTO_mem_leaks(bio_err);
784 BIO_free(bio_err);
785
786 exit(ret);
787 return ret;
788}
789
790int
791doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
792 clock_t *c_time)
793{
794 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
795 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
796 BIO *server = NULL, *server_io = NULL;
797 BIO *client = NULL, *client_io = NULL;
798 int ret = 1;
799
800 size_t bufsiz = 256; /* small buffer for testing */
801
802 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
803 goto err;
804 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
805 goto err;
806
807 s_ssl_bio = BIO_new(BIO_f_ssl());
808 if (!s_ssl_bio)
809 goto err;
810
811 c_ssl_bio = BIO_new(BIO_f_ssl());
812 if (!c_ssl_bio)
813 goto err;
814
815 SSL_set_connect_state(c_ssl);
816 SSL_set_bio(c_ssl, client, client);
817 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
818
819 SSL_set_accept_state(s_ssl);
820 SSL_set_bio(s_ssl, server, server);
821 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
822
823 do {
824 /* c_ssl_bio: SSL filter BIO
825 *
826 * client: pseudo-I/O for SSL library
827 *
828 * client_io: client's SSL communication; usually to be
829 * relayed over some I/O facility, but in this
830 * test program, we're the server, too:
831 *
832 * server_io: server's SSL communication
833 *
834 * server: pseudo-I/O for SSL library
835 *
836 * s_ssl_bio: SSL filter BIO
837 *
838 * The client and the server each employ a "BIO pair":
839 * client + client_io, server + server_io.
840 * BIO pairs are symmetric. A BIO pair behaves similar
841 * to a non-blocking socketpair (but both endpoints must
842 * be handled by the same thread).
843 * [Here we could connect client and server to the ends
844 * of a single BIO pair, but then this code would be less
845 * suitable as an example for BIO pairs in general.]
846 *
847 * Useful functions for querying the state of BIO pair endpoints:
848 *
849 * BIO_ctrl_pending(bio) number of bytes we can read now
850 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
851 * other side's read attempt
852 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
853 *
854 * ..._read_request is never more than ..._write_guarantee;
855 * it depends on the application which one you should use.
856 */
857
858 /* We have non-blocking behaviour throughout this test program, but
859 * can be sure that there is *some* progress in each iteration; so
860 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
861 * -- we just try everything in each iteration
862 */
863
864 {
865 /* CLIENT */
866
867 char cbuf[1024*8];
868 int i, r;
869 clock_t c_clock = clock();
870
871 memset(cbuf, 0, sizeof(cbuf));
872
873 if (debug)
874 if (SSL_in_init(c_ssl))
875 printf("client waiting in SSL_connect - %s\n",
876 SSL_state_string_long(c_ssl));
877
878 if (cw_num > 0) {
879 /* Write to server. */
880
881 if (cw_num > (long)sizeof cbuf)
882 i = sizeof cbuf;
883 else
884 i = (int)cw_num;
885 r = BIO_write(c_ssl_bio, cbuf, i);
886 if (r < 0) {
887 if (!BIO_should_retry(c_ssl_bio)) {
888 fprintf(stderr, "ERROR in CLIENT\n");
889 goto err;
890 }
891 /* BIO_should_retry(...) can just be ignored here.
892 * The library expects us to call BIO_write with
893 * the same arguments again, and that's what we will
894 * do in the next iteration. */
895 } else if (r == 0) {
896 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
897 goto err;
898 } else {
899 if (debug)
900 printf("client wrote %d\n", r);
901 cw_num -= r;
902
903 }
904 }
905
906 if (cr_num > 0) {
907 /* Read from server. */
908
909 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
910 if (r < 0) {
911 if (!BIO_should_retry(c_ssl_bio)) {
912 fprintf(stderr, "ERROR in CLIENT\n");
913 goto err;
914 }
915 /* Again, "BIO_should_retry" can be ignored. */
916 } else if (r == 0) {
917 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
918 goto err;
919 } else {
920 if (debug)
921 printf("client read %d\n", r);
922 cr_num -= r;
923 }
924 }
925
926 /* c_time and s_time increments will typically be very small
927 * (depending on machine speed and clock tick intervals),
928 * but sampling over a large number of connections should
929 * result in fairly accurate figures. We cannot guarantee
930 * a lot, however -- if each connection lasts for exactly
931 * one clock tick, it will be counted only for the client
932 * or only for the server or even not at all.
933 */
934 *c_time += (clock() - c_clock);
935 }
936
937 {
938 /* SERVER */
939
940 char sbuf[1024*8];
941 int i, r;
942 clock_t s_clock = clock();
943
944 memset(sbuf, 0, sizeof(sbuf));
945
946 if (debug)
947 if (SSL_in_init(s_ssl))
948 printf("server waiting in SSL_accept - %s\n",
949 SSL_state_string_long(s_ssl));
950
951 if (sw_num > 0) {
952 /* Write to client. */
953
954 if (sw_num > (long)sizeof sbuf)
955 i = sizeof sbuf;
956 else
957 i = (int)sw_num;
958 r = BIO_write(s_ssl_bio, sbuf, i);
959 if (r < 0) {
960 if (!BIO_should_retry(s_ssl_bio)) {
961 fprintf(stderr, "ERROR in SERVER\n");
962 goto err;
963 }
964 /* Ignore "BIO_should_retry". */
965 } else if (r == 0) {
966 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
967 goto err;
968 } else {
969 if (debug)
970 printf("server wrote %d\n", r);
971 sw_num -= r;
972
973 }
974 }
975
976 if (sr_num > 0) {
977 /* Read from client. */
978
979 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
980 if (r < 0) {
981 if (!BIO_should_retry(s_ssl_bio)) {
982 fprintf(stderr, "ERROR in SERVER\n");
983 goto err;
984 }
985 /* blah, blah */
986 } else if (r == 0) {
987 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
988 goto err;
989 } else {
990 if (debug)
991 printf("server read %d\n", r);
992 sr_num -= r;
993 }
994 }
995
996 *s_time += (clock() - s_clock);
997 }
998
999 {
1000 /* "I/O" BETWEEN CLIENT AND SERVER. */
1001
1002 size_t r1, r2;
1003 BIO *io1 = server_io, *io2 = client_io;
1004 /* we use the non-copying interface for io1
1005 * and the standard BIO_write/BIO_read interface for io2
1006 */
1007
1008 static int prev_progress = 1;
1009 int progress = 0;
1010
1011 /* io1 to io2 */
1012 do {
1013 size_t num;
1014 int r;
1015
1016 r1 = BIO_ctrl_pending(io1);
1017 r2 = BIO_ctrl_get_write_guarantee(io2);
1018
1019 num = r1;
1020 if (r2 < num)
1021 num = r2;
1022 if (num) {
1023 char *dataptr;
1024
1025 if (INT_MAX < num) /* yeah, right */
1026 num = INT_MAX;
1027
1028 r = BIO_nread(io1, &dataptr, (int)num);
1029 assert(r > 0);
1030 assert(r <= (int)num);
1031 /* possibly r < num (non-contiguous data) */
1032 num = r;
1033 r = BIO_write(io2, dataptr, (int)num);
1034 if (r != (int)num) /* can't happen */
1035 {
1036 fprintf(stderr, "ERROR: BIO_write could not write "
1037 "BIO_ctrl_get_write_guarantee() bytes");
1038 goto err;
1039 }
1040 progress = 1;
1041
1042 if (debug)
1043 printf((io1 == client_io) ?
1044 "C->S relaying: %d bytes\n" :
1045 "S->C relaying: %d bytes\n",
1046 (int)num);
1047 }
1048 } while (r1 && r2);
1049
1050 /* io2 to io1 */
1051 {
1052 size_t num;
1053 int r;
1054
1055 r1 = BIO_ctrl_pending(io2);
1056 r2 = BIO_ctrl_get_read_request(io1);
1057 /* here we could use ..._get_write_guarantee instead of
1058 * ..._get_read_request, but by using the latter
1059 * we test restartability of the SSL implementation
1060 * more thoroughly */
1061 num = r1;
1062 if (r2 < num)
1063 num = r2;
1064 if (num) {
1065 char *dataptr;
1066
1067 if (INT_MAX < num)
1068 num = INT_MAX;
1069
1070 if (num > 1)
1071 --num; /* test restartability even more thoroughly */
1072
1073 r = BIO_nwrite0(io1, &dataptr);
1074 assert(r > 0);
1075 if (r < (int)num)
1076 num = r;
1077 r = BIO_read(io2, dataptr, (int)num);
1078 if (r != (int)num) /* can't happen */
1079 {
1080 fprintf(stderr, "ERROR: BIO_read could not read "
1081 "BIO_ctrl_pending() bytes");
1082 goto err;
1083 }
1084 progress = 1;
1085 r = BIO_nwrite(io1, &dataptr, (int)num);
1086 if (r != (int)num) /* can't happen */
1087 {
1088 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1089 "BIO_nwrite0() bytes");
1090 goto err;
1091 }
1092
1093 if (debug)
1094 printf((io2 == client_io) ?
1095 "C->S relaying: %d bytes\n" :
1096 "S->C relaying: %d bytes\n",
1097 (int)num);
1098 }
1099 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1100
1101 if (!progress && !prev_progress) {
1102 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
1103 fprintf(stderr, "ERROR: got stuck\n");
1104 goto err;
1105 }
1106 }
1107 prev_progress = progress;
1108 }
1109 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1110
1111 if (verbose)
1112 print_details(c_ssl, "DONE via BIO pair: ");
1113
1114 if (verify_alpn(c_ssl, s_ssl) < 0) {
1115 ret = 1;
1116 goto err;
1117 }
1118
1119 ret = 0;
1120
1121err:
1122 ERR_print_errors(bio_err);
1123
1124 BIO_free(server);
1125 BIO_free(server_io);
1126 BIO_free(client);
1127 BIO_free(client_io);
1128 BIO_free(s_ssl_bio);
1129 BIO_free(c_ssl_bio);
1130
1131 return ret;
1132}
1133
1134
1135#define W_READ 1
1136#define W_WRITE 2
1137#define C_DONE 1
1138#define S_DONE 2
1139
1140int
1141doit(SSL *s_ssl, SSL *c_ssl, long count)
1142{
1143 char cbuf[1024*8], sbuf[1024*8];
1144 long cw_num = count, cr_num = count;
1145 long sw_num = count, sr_num = count;
1146 int ret = 1;
1147 BIO *c_to_s = NULL;
1148 BIO *s_to_c = NULL;
1149 BIO *c_bio = NULL;
1150 BIO *s_bio = NULL;
1151 int c_r, c_w, s_r, s_w;
1152 int i, j;
1153 int done = 0;
1154 int c_write, s_write;
1155 int do_server = 0, do_client = 0;
1156
1157 memset(cbuf, 0, sizeof(cbuf));
1158 memset(sbuf, 0, sizeof(sbuf));
1159
1160 c_to_s = BIO_new(BIO_s_mem());
1161 s_to_c = BIO_new(BIO_s_mem());
1162 if ((s_to_c == NULL) || (c_to_s == NULL)) {
1163 ERR_print_errors(bio_err);
1164 goto err;
1165 }
1166
1167 c_bio = BIO_new(BIO_f_ssl());
1168 s_bio = BIO_new(BIO_f_ssl());
1169 if ((c_bio == NULL) || (s_bio == NULL)) {
1170 ERR_print_errors(bio_err);
1171 goto err;
1172 }
1173
1174 SSL_set_connect_state(c_ssl);
1175 SSL_set_bio(c_ssl, s_to_c, c_to_s);
1176 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
1177
1178 SSL_set_accept_state(s_ssl);
1179 SSL_set_bio(s_ssl, c_to_s, s_to_c);
1180 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
1181
1182 c_r = 0;
1183 s_r = 1;
1184 c_w = 1;
1185 s_w = 0;
1186 c_write = 1, s_write = 0;
1187
1188 /* We can always do writes */
1189 for (;;) {
1190 do_server = 0;
1191 do_client = 0;
1192
1193 i = (int)BIO_pending(s_bio);
1194 if ((i && s_r) || s_w)
1195 do_server = 1;
1196
1197 i = (int)BIO_pending(c_bio);
1198 if ((i && c_r) || c_w)
1199 do_client = 1;
1200
1201 if (do_server && debug) {
1202 if (SSL_in_init(s_ssl))
1203 printf("server waiting in SSL_accept - %s\n",
1204 SSL_state_string_long(s_ssl));
1205 }
1206
1207 if (do_client && debug) {
1208 if (SSL_in_init(c_ssl))
1209 printf("client waiting in SSL_connect - %s\n",
1210 SSL_state_string_long(c_ssl));
1211 }
1212
1213 if (!do_client && !do_server) {
1214 fprintf(stdout, "ERROR in STARTUP\n");
1215 ERR_print_errors(bio_err);
1216 goto err;
1217 }
1218
1219 if (do_client && !(done & C_DONE)) {
1220 if (c_write) {
1221 j = (cw_num > (long)sizeof(cbuf)) ?
1222 (int)sizeof(cbuf) : (int)cw_num;
1223 i = BIO_write(c_bio, cbuf, j);
1224 if (i < 0) {
1225 c_r = 0;
1226 c_w = 0;
1227 if (BIO_should_retry(c_bio)) {
1228 if (BIO_should_read(c_bio))
1229 c_r = 1;
1230 if (BIO_should_write(c_bio))
1231 c_w = 1;
1232 } else {
1233 fprintf(stderr, "ERROR in CLIENT\n");
1234 ERR_print_errors(bio_err);
1235 goto err;
1236 }
1237 } else if (i == 0) {
1238 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1239 goto err;
1240 } else {
1241 if (debug)
1242 printf("client wrote %d\n", i);
1243 /* ok */
1244 s_r = 1;
1245 c_write = 0;
1246 cw_num -= i;
1247 }
1248 } else {
1249 i = BIO_read(c_bio, cbuf, sizeof(cbuf));
1250 if (i < 0) {
1251 c_r = 0;
1252 c_w = 0;
1253 if (BIO_should_retry(c_bio)) {
1254 if (BIO_should_read(c_bio))
1255 c_r = 1;
1256 if (BIO_should_write(c_bio))
1257 c_w = 1;
1258 } else {
1259 fprintf(stderr, "ERROR in CLIENT\n");
1260 ERR_print_errors(bio_err);
1261 goto err;
1262 }
1263 } else if (i == 0) {
1264 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1265 goto err;
1266 } else {
1267 if (debug)
1268 printf("client read %d\n", i);
1269 cr_num -= i;
1270 if (sw_num > 0) {
1271 s_write = 1;
1272 s_w = 1;
1273 }
1274 if (cr_num <= 0) {
1275 s_write = 1;
1276 s_w = 1;
1277 done = S_DONE|C_DONE;
1278 }
1279 }
1280 }
1281 }
1282
1283 if (do_server && !(done & S_DONE)) {
1284 if (!s_write) {
1285 i = BIO_read(s_bio, sbuf, sizeof(cbuf));
1286 if (i < 0) {
1287 s_r = 0;
1288 s_w = 0;
1289 if (BIO_should_retry(s_bio)) {
1290 if (BIO_should_read(s_bio))
1291 s_r = 1;
1292 if (BIO_should_write(s_bio))
1293 s_w = 1;
1294 } else {
1295 fprintf(stderr, "ERROR in SERVER\n");
1296 ERR_print_errors(bio_err);
1297 goto err;
1298 }
1299 } else if (i == 0) {
1300 ERR_print_errors(bio_err);
1301 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n");
1302 goto err;
1303 } else {
1304 if (debug)
1305 printf("server read %d\n", i);
1306 sr_num -= i;
1307 if (cw_num > 0) {
1308 c_write = 1;
1309 c_w = 1;
1310 }
1311 if (sr_num <= 0) {
1312 s_write = 1;
1313 s_w = 1;
1314 c_write = 0;
1315 }
1316 }
1317 } else {
1318 j = (sw_num > (long)sizeof(sbuf)) ?
1319 (int)sizeof(sbuf) : (int)sw_num;
1320 i = BIO_write(s_bio, sbuf, j);
1321 if (i < 0) {
1322 s_r = 0;
1323 s_w = 0;
1324 if (BIO_should_retry(s_bio)) {
1325 if (BIO_should_read(s_bio))
1326 s_r = 1;
1327 if (BIO_should_write(s_bio))
1328 s_w = 1;
1329 } else {
1330 fprintf(stderr, "ERROR in SERVER\n");
1331 ERR_print_errors(bio_err);
1332 goto err;
1333 }
1334 } else if (i == 0) {
1335 ERR_print_errors(bio_err);
1336 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n");
1337 goto err;
1338 } else {
1339 if (debug)
1340 printf("server wrote %d\n", i);
1341 sw_num -= i;
1342 s_write = 0;
1343 c_r = 1;
1344 if (sw_num <= 0)
1345 done |= S_DONE;
1346 }
1347 }
1348 }
1349
1350 if ((done & S_DONE) && (done & C_DONE))
1351 break;
1352 }
1353
1354 if (verbose)
1355 print_details(c_ssl, "DONE: ");
1356
1357 if (verify_alpn(c_ssl, s_ssl) < 0) {
1358 ret = 1;
1359 goto err;
1360 }
1361
1362 ret = 0;
1363err:
1364 /* We have to set the BIO's to NULL otherwise they will be
1365 * free()ed twice. Once when th s_ssl is SSL_free()ed and
1366 * again when c_ssl is SSL_free()ed.
1367 * This is a hack required because s_ssl and c_ssl are sharing the same
1368 * BIO structure and SSL_set_bio() and SSL_free() automatically
1369 * BIO_free non NULL entries.
1370 * You should not normally do this or be required to do this */
1371 if (s_ssl != NULL) {
1372 s_ssl->rbio = NULL;
1373 s_ssl->wbio = NULL;
1374 }
1375 if (c_ssl != NULL) {
1376 c_ssl->rbio = NULL;
1377 c_ssl->wbio = NULL;
1378 }
1379
1380 BIO_free(c_to_s);
1381 BIO_free(s_to_c);
1382 BIO_free_all(c_bio);
1383 BIO_free_all(s_bio);
1384
1385 return (ret);
1386}
1387
1388static int
1389get_proxy_auth_ex_data_idx(void)
1390{
1391 static volatile int idx = -1;
1392 if (idx < 0) {
1393 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1394 if (idx < 0) {
1395 idx = X509_STORE_CTX_get_ex_new_index(0,
1396 "SSLtest for verify callback", NULL, NULL, NULL);
1397 }
1398 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1399 }
1400 return idx;
1401}
1402
1403static int
1404verify_callback(int ok, X509_STORE_CTX *ctx)
1405{
1406 char *s, buf[256];
1407
1408 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
1409 sizeof buf);
1410 if (s != NULL) {
1411 if (ok)
1412 fprintf(stderr, "depth=%d %s\n",
1413 ctx->error_depth, buf);
1414 else {
1415 fprintf(stderr, "depth=%d error=%d %s\n",
1416 ctx->error_depth, ctx->error, buf);
1417 }
1418 }
1419
1420 if (ok == 0) {
1421 fprintf(stderr, "Error string: %s\n",
1422 X509_verify_cert_error_string(ctx->error));
1423 switch (ctx->error) {
1424 case X509_V_ERR_CERT_NOT_YET_VALID:
1425 case X509_V_ERR_CERT_HAS_EXPIRED:
1426 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1427 fprintf(stderr, " ... ignored.\n");
1428 ok = 1;
1429 }
1430 }
1431
1432 if (ok == 1) {
1433 X509 *xs = ctx->current_cert;
1434#if 0
1435 X509 *xi = ctx->current_issuer;
1436#endif
1437
1438 if (xs->ex_flags & EXFLAG_PROXY) {
1439 unsigned int *letters =
1440 X509_STORE_CTX_get_ex_data(ctx,
1441 get_proxy_auth_ex_data_idx());
1442
1443 if (letters) {
1444 int found_any = 0;
1445 int i;
1446 PROXY_CERT_INFO_EXTENSION *pci =
1447 X509_get_ext_d2i(xs, NID_proxyCertInfo,
1448 NULL, NULL);
1449
1450 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
1451 case NID_Independent:
1452 /* Completely meaningless in this
1453 program, as there's no way to
1454 grant explicit rights to a
1455 specific PrC. Basically, using
1456 id-ppl-Independent is the perfect
1457 way to grant no rights at all. */
1458 fprintf(stderr, " Independent proxy certificate");
1459 for (i = 0; i < 26; i++)
1460 letters[i] = 0;
1461 break;
1462 case NID_id_ppl_inheritAll:
1463 /* This is basically a NOP, we
1464 simply let the current rights
1465 stand as they are. */
1466 fprintf(stderr, " Proxy certificate inherits all");
1467 break;
1468 default:
1469 s = (char *)
1470 pci->proxyPolicy->policy->data;
1471 i = pci->proxyPolicy->policy->length;
1472
1473 /* The algorithm works as follows:
1474 it is assumed that previous
1475 iterations or the initial granted
1476 rights has already set some elements
1477 of `letters'. What we need to do is
1478 to clear those that weren't granted
1479 by the current PrC as well. The
1480 easiest way to do this is to add 1
1481 to all the elements whose letters
1482 are given with the current policy.
1483 That way, all elements that are set
1484 by the current policy and were
1485 already set by earlier policies and
1486 through the original grant of rights
1487 will get the value 2 or higher.
1488 The last thing to do is to sweep
1489 through `letters' and keep the
1490 elements having the value 2 as set,
1491 and clear all the others. */
1492
1493 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1494 while (i-- > 0) {
1495 int c = *s++;
1496 if (isascii(c) && isalpha(c)) {
1497 if (islower(c))
1498 c = toupper(c);
1499 letters[c - 'A']++;
1500 }
1501 }
1502 for (i = 0; i < 26; i++)
1503 if (letters[i] < 2)
1504 letters[i] = 0;
1505 else
1506 letters[i] = 1;
1507 }
1508
1509 found_any = 0;
1510 fprintf(stderr, ", resulting proxy rights = ");
1511 for (i = 0; i < 26; i++)
1512 if (letters[i]) {
1513 fprintf(stderr, "%c", i + 'A');
1514 found_any = 1;
1515 }
1516 if (!found_any)
1517 fprintf(stderr, "none");
1518 fprintf(stderr, "\n");
1519
1520 PROXY_CERT_INFO_EXTENSION_free(pci);
1521 }
1522 }
1523 }
1524
1525 return (ok);
1526}
1527
1528static void
1529process_proxy_debug(int indent, const char *format, ...)
1530{
1531 static const char indentation[] =
1532 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1533 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1534 char my_format[256];
1535 va_list args;
1536
1537 (void) snprintf(my_format, sizeof(my_format), "%*.*s %s",
1538 indent, indent, indentation, format);
1539
1540 va_start(args, format);
1541 vfprintf(stderr, my_format, args);
1542 va_end(args);
1543}
1544/* Priority levels:
1545 0 [!]var, ()
1546 1 & ^
1547 2 |
1548*/
1549static int process_proxy_cond_adders(unsigned int letters[26],
1550 const char *cond, const char **cond_end, int *pos, int indent);
1551
1552static int
1553process_proxy_cond_val(unsigned int letters[26], const char *cond,
1554 const char **cond_end, int *pos, int indent)
1555{
1556 int c;
1557 int ok = 1;
1558 int negate = 0;
1559
1560 while (isspace((int)*cond)) {
1561 cond++;
1562 (*pos)++;
1563 }
1564 c = *cond;
1565
1566 if (debug)
1567 process_proxy_debug(indent,
1568 "Start process_proxy_cond_val at position %d: %s\n",
1569 *pos, cond);
1570
1571 while (c == '!') {
1572 negate = !negate;
1573 cond++;
1574 (*pos)++;
1575 while (isspace((int)*cond)) {
1576 cond++;
1577 (*pos)++;
1578 }
1579 c = *cond;
1580 }
1581
1582 if (c == '(') {
1583 cond++;
1584 (*pos)++;
1585 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
1586 indent + 1);
1587 cond = *cond_end;
1588 if (ok < 0)
1589 goto end;
1590 while (isspace((int)*cond)) {
1591 cond++;
1592 (*pos)++;
1593 }
1594 c = *cond;
1595 if (c != ')') {
1596 fprintf(stderr,
1597 "Weird condition character in position %d: "
1598 "%c\n", *pos, c);
1599 ok = -1;
1600 goto end;
1601 }
1602 cond++;
1603 (*pos)++;
1604 } else if (isascii(c) && isalpha(c)) {
1605 if (islower(c))
1606 c = toupper(c);
1607 ok = letters[c - 'A'];
1608 cond++;
1609 (*pos)++;
1610 } else {
1611 fprintf(stderr,
1612 "Weird condition character in position %d: "
1613 "%c\n", *pos, c);
1614 ok = -1;
1615 goto end;
1616 }
1617end:
1618 *cond_end = cond;
1619 if (ok >= 0 && negate)
1620 ok = !ok;
1621
1622 if (debug)
1623 process_proxy_debug(indent,
1624 "End process_proxy_cond_val at position %d: %s, returning %d\n",
1625 *pos, cond, ok);
1626
1627 return ok;
1628}
1629
1630static int
1631process_proxy_cond_multipliers(unsigned int letters[26], const char *cond,
1632 const char **cond_end, int *pos, int indent)
1633{
1634 int ok;
1635 char c;
1636
1637 if (debug)
1638 process_proxy_debug(indent,
1639 "Start process_proxy_cond_multipliers at position %d: %s\n",
1640 *pos, cond);
1641
1642 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
1643 cond = *cond_end;
1644 if (ok < 0)
1645 goto end;
1646
1647 while (ok >= 0) {
1648 while (isspace((int)*cond)) {
1649 cond++;
1650 (*pos)++;
1651 }
1652 c = *cond;
1653
1654 switch (c) {
1655 case '&':
1656 case '^':
1657 {
1658 int save_ok = ok;
1659
1660 cond++;
1661 (*pos)++;
1662 ok = process_proxy_cond_val(letters,
1663 cond, cond_end, pos, indent + 1);
1664 cond = *cond_end;
1665 if (ok < 0)
1666 break;
1667
1668 switch (c) {
1669 case '&':
1670 ok &= save_ok;
1671 break;
1672 case '^':
1673 ok ^= save_ok;
1674 break;
1675 default:
1676 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1677 " STOPPING\n");
1678 exit(1);
1679 }
1680 }
1681 break;
1682 default:
1683 goto end;
1684 }
1685 }
1686end:
1687 if (debug)
1688 process_proxy_debug(indent,
1689 "End process_proxy_cond_multipliers at position %d: %s, "
1690 "returning %d\n",
1691 *pos, cond, ok);
1692
1693 *cond_end = cond;
1694 return ok;
1695}
1696
1697static int
1698process_proxy_cond_adders(unsigned int letters[26], const char *cond,
1699 const char **cond_end, int *pos, int indent)
1700{
1701 int ok;
1702 char c;
1703
1704 if (debug)
1705 process_proxy_debug(indent,
1706 "Start process_proxy_cond_adders at position %d: %s\n",
1707 *pos, cond);
1708
1709 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
1710 indent + 1);
1711 cond = *cond_end;
1712 if (ok < 0)
1713 goto end;
1714
1715 while (ok >= 0) {
1716 while (isspace((int)*cond)) {
1717 cond++;
1718 (*pos)++;
1719 }
1720 c = *cond;
1721
1722 switch (c) {
1723 case '|':
1724 {
1725 int save_ok = ok;
1726
1727 cond++;
1728 (*pos)++;
1729 ok = process_proxy_cond_multipliers(letters,
1730 cond, cond_end, pos, indent + 1);
1731 cond = *cond_end;
1732 if (ok < 0)
1733 break;
1734
1735 switch (c) {
1736 case '|':
1737 ok |= save_ok;
1738 break;
1739 default:
1740 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1741 " STOPPING\n");
1742 exit(1);
1743 }
1744 }
1745 break;
1746 default:
1747 goto end;
1748 }
1749 }
1750end:
1751 if (debug)
1752 process_proxy_debug(indent,
1753 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
1754 *pos, cond, ok);
1755
1756 *cond_end = cond;
1757 return ok;
1758}
1759
1760static int
1761process_proxy_cond(unsigned int letters[26], const char *cond,
1762 const char **cond_end)
1763{
1764 int pos = 1;
1765 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
1766}
1767
1768static int
1769app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1770{
1771 int ok = 1;
1772 struct app_verify_arg *cb_arg = arg;
1773 unsigned int letters[26]; /* only used with proxy_auth */
1774
1775 if (cb_arg->app_verify) {
1776 char *s = NULL, buf[256];
1777
1778 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1779 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1780 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1781 (void *)ctx, (void *)ctx->cert);
1782 if (ctx->cert)
1783 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
1784 if (s != NULL) {
1785 fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
1786 }
1787 return (1);
1788 }
1789 if (cb_arg->proxy_auth) {
1790 int found_any = 0, i;
1791 char *sp;
1792
1793 for (i = 0; i < 26; i++)
1794 letters[i] = 0;
1795 for (sp = cb_arg->proxy_auth; *sp; sp++) {
1796 int c = *sp;
1797 if (isascii(c) && isalpha(c)) {
1798 if (islower(c))
1799 c = toupper(c);
1800 letters[c - 'A'] = 1;
1801 }
1802 }
1803
1804 fprintf(stderr, " Initial proxy rights = ");
1805 for (i = 0; i < 26; i++)
1806 if (letters[i]) {
1807 fprintf(stderr, "%c", i + 'A');
1808 found_any = 1;
1809 }
1810 if (!found_any)
1811 fprintf(stderr, "none");
1812 fprintf(stderr, "\n");
1813
1814 X509_STORE_CTX_set_ex_data(ctx,
1815 get_proxy_auth_ex_data_idx(), letters);
1816 }
1817 if (cb_arg->allow_proxy_certs) {
1818 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
1819 }
1820
1821 ok = X509_verify_cert(ctx);
1822
1823 if (cb_arg->proxy_auth) {
1824 if (ok > 0) {
1825 const char *cond_end = NULL;
1826
1827 ok = process_proxy_cond(letters,
1828 cb_arg->proxy_cond, &cond_end);
1829
1830 if (ok < 0)
1831 exit(3);
1832 if (*cond_end) {
1833 fprintf(stderr, "Stopped processing condition before it's end.\n");
1834 ok = 0;
1835 }
1836 if (!ok)
1837 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
1838 cb_arg->proxy_cond);
1839 else
1840 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
1841 cb_arg->proxy_cond);
1842 }
1843 }
1844 return (ok);
1845}
1846
1847static RSA *rsa_tmp = NULL;
1848
1849static RSA *
1850tmp_rsa_cb(SSL *s, int is_export, int keylength)
1851{
1852 BIGNUM *bn = NULL;
1853 if (rsa_tmp == NULL) {
1854 bn = BN_new();
1855 rsa_tmp = RSA_new();
1856 if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
1857 BIO_printf(bio_err, "Memory error...");
1858 goto end;
1859 }
1860 BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
1861 (void)BIO_flush(bio_err);
1862 if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
1863 BIO_printf(bio_err, "Error generating key.");
1864 RSA_free(rsa_tmp);
1865 rsa_tmp = NULL;
1866 }
1867end:
1868 BIO_printf(bio_err, "\n");
1869 (void)BIO_flush(bio_err);
1870 }
1871 if (bn)
1872 BN_free(bn);
1873 return (rsa_tmp);
1874}
1875
1876static void
1877free_tmp_rsa(void)
1878{
1879 if (rsa_tmp != NULL) {
1880 RSA_free(rsa_tmp);
1881 rsa_tmp = NULL;
1882 }
1883}
1884
1885/* These DH parameters have been generated as follows:
1886 * $ openssl dhparam -C -noout 1024
1887 * $ openssl dhparam -C -noout -dsaparam 1024
1888 * (The second function has been renamed to avoid name conflicts.)
1889 */
1890static DH *
1891get_dh1024()
1892{
1893 static unsigned char dh1024_p[] = {
1894 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A,
1895 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2,
1896 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0,
1897 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2,
1898 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C,
1899 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8,
1900 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52,
1901 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1,
1902 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1,
1903 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB,
1904 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
1905 };
1906 static unsigned char dh1024_g[] = {
1907 0x02,
1908 };
1909 DH *dh;
1910
1911 if ((dh = DH_new()) == NULL)
1912 return (NULL);
1913 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1914 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1915 if ((dh->p == NULL) || (dh->g == NULL)) {
1916 DH_free(dh);
1917 return (NULL);
1918 }
1919 return (dh);
1920}
1921
1922static DH *
1923get_dh1024dsa()
1924{
1925 static unsigned char dh1024_p[] = {
1926 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
1927 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
1928 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
1929 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
1930 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
1931 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
1932 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
1933 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
1934 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
1935 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
1936 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
1937 };
1938 static unsigned char dh1024_g[] = {
1939 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
1940 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
1941 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
1942 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
1943 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
1944 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
1945 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
1946 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
1947 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
1948 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
1949 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
1950 };
1951 DH *dh;
1952
1953 if ((dh = DH_new()) == NULL)
1954 return (NULL);
1955 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1956 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1957 if ((dh->p == NULL) || (dh->g == NULL)) {
1958 DH_free(dh);
1959 return (NULL);
1960 }
1961 dh->length = 160;
1962 return (dh);
1963}
1964
1965static int
1966do_test_cipherlist(void)
1967{
1968 int i = 0;
1969 const SSL_METHOD *meth;
1970 const SSL_CIPHER *ci, *tci = NULL;
1971
1972 fprintf(stderr, "testing TLSv1 cipher list order: ");
1973 meth = TLSv1_method();
1974 tci = NULL;
1975 while ((ci = meth->get_cipher(i++)) != NULL) {
1976 if (tci != NULL) {
1977 if (ci->id >= tci->id) {
1978 fprintf(stderr,
1979 "failed %lx vs. %lx\n", ci->id, tci->id);
1980 return 0;
1981 }
1982 }
1983 tci = ci;
1984 }
1985 fprintf(stderr, "ok\n");
1986
1987 return 1;
1988}
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl
deleted file mode 100644
index 3563d13607..0000000000
--- a/src/regress/lib/libssl/ssl/testssl
+++ /dev/null
@@ -1,138 +0,0 @@
1#!/bin/sh
2
3key="$1"
4cert="$2"
5CA="-CAfile $3"
6ssltest="${4-./ssltest} -key $key -cert $cert -c_key $key -c_cert $cert"
7openssl=${5-openssl}
8extra="$6"
9
10$openssl version || exit 1
11
12if $openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
13 dsa_cert=YES
14else
15 dsa_cert=NO
16fi
17
18#############################################################################
19
20echo test sslv2/sslv3
21$ssltest $extra || exit 1
22
23echo test sslv2/sslv3 with server authentication
24$ssltest -server_auth $CA $extra || exit 1
25
26echo test sslv2/sslv3 with client authentication
27$ssltest -client_auth $CA $extra || exit 1
28
29echo test sslv2/sslv3 with both client and server authentication
30$ssltest -server_auth -client_auth $CA $extra || exit 1
31
32echo test sslv2/sslv3 via BIO pair
33$ssltest $extra || exit 1
34
35if [ $dsa_cert = NO ]; then
36 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
37 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
38fi
39
40echo test sslv2/sslv3 with 1024bit DHE via BIO pair
41$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
42
43echo test sslv2/sslv3 with server authentication
44$ssltest -bio_pair -server_auth $CA $extra || exit 1
45
46echo test sslv2/sslv3 with client authentication via BIO pair
47$ssltest -bio_pair -client_auth $CA $extra || exit 1
48
49echo test sslv2/sslv3 with both client and server authentication via BIO pair
50$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
51
52echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
53$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
54
55echo "Testing ciphersuites"
56for protocol in TLSv1.2; do
57 echo "Testing ciphersuites for $protocol"
58 for cipher in `$openssl ciphers "$protocol+aRSA" | tr ':' ' '`; do
59 echo "Testing $cipher"
60 $ssltest -cipher $cipher
61 if [ $? -ne 0 ] ; then
62 echo "Failed $cipher"
63 exit 1
64 fi
65 done
66done
67
68#############################################################################
69
70if $openssl no-dh; then
71 echo skipping anonymous DH tests
72else
73 echo test tls1 with 1024bit anonymous DH, multiple handshakes
74 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
75fi
76
77#if $openssl no-rsa; then
78# echo skipping RSA tests
79#else
80# echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
81# ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
82#
83# if $openssl no-dh; then
84# echo skipping RSA+DHE tests
85# else
86# echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
87# ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
88# fi
89#fi
90
91#
92# DTLS tests
93#
94
95echo test dtlsv1
96$ssltest -dtls1 $extra || exit 1
97
98echo test dtlsv1 with server authentication
99$ssltest -dtls1 -server_auth $CA $extra || exit 1
100
101echo test dtlsv1 with client authentication
102$ssltest -dtls1 -client_auth $CA $extra || exit 1
103
104echo test dtlsv1 with both client and server authentication
105$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
106
107echo "Testing DTLS ciphersuites"
108for protocol in SSLv3; do
109 echo "Testing ciphersuites for $protocol"
110 for cipher in `$openssl ciphers "RSA+$protocol" | tr ':' '\n' |
111 grep -v RC4`; do
112 echo "Testing $cipher"
113 $ssltest -cipher $cipher -dtls1
114 if [ $? -ne 0 ] ; then
115 echo "Failed $cipher"
116 exit 1
117 fi
118 done
119done
120
121#
122# ALPN tests
123#
124echo "Testing ALPN..."
125$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
126$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
127 -alpn_expected foo || exit 1
128$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
129 -alpn_expected foo || exit 1
130$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
131 -alpn_expected foo || exit 1
132$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
133 -alpn_expected foo || exit 1
134$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
135 -alpn_expected bar || exit 1
136$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
137 -alpn_expected bar || exit 1
138$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 48b5bc1e25..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/07/16 18:18:10 jsing Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index 214b3983a0..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,3571 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.30 2019/11/10 17:32:47 beck Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <err.h>
21
22#include "ssl_locl.h"
23
24#include "bytestring.h"
25#include "ssl_tlsext.h"
26
27static void
28hexdump(const unsigned char *buf, size_t len)
29{
30 size_t i;
31
32 for (i = 1; i <= len; i++)
33 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
34
35 fprintf(stderr, "\n");
36}
37
38static void
39hexdump2(const uint16_t *buf, size_t len)
40{
41 size_t i;
42
43 for (i = 1; i <= len / 2; i++)
44 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
45
46 fprintf(stderr, "\n");
47}
48
49static void
50compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
51 size_t expect_len)
52{
53 fprintf(stderr, "received:\n");
54 hexdump(recv, recv_len);
55
56 fprintf(stderr, "test data:\n");
57 hexdump(expect, expect_len);
58}
59
60static void
61compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
62 size_t expect_len)
63{
64 fprintf(stderr, "received:\n");
65 hexdump2(recv, recv_len);
66
67 fprintf(stderr, "test data:\n");
68 hexdump2(expect, expect_len);
69}
70
71#define FAIL(msg, ...) \
72do { \
73 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
74 fprintf(stderr, msg, ##__VA_ARGS__); \
75} while(0)
76
77/*
78 * Supported Application-Layer Protocol Negotiation - RFC 7301
79 *
80 * There are already extensive unit tests for this so this just
81 * tests the state info.
82 */
83
84const uint8_t tlsext_alpn_multiple_protos_val[] = {
85 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
86 0x08, /* len */
87 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
88 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
89 0x09, /* len */
90 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
91};
92
93const uint8_t tlsext_alpn_multiple_protos[] = {
94 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
95 0x00, 0x13, /* len of all names */
96 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
97 0x08, /* len */
98 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
99 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
100 0x09, /* len */
101 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
102};
103
104const uint8_t tlsext_alpn_single_proto_val[] = {
105 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
106 0x08, /* len */
107 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
108};
109
110const uint8_t tlsext_alpn_single_proto_name[] = {
111 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
112};
113
114const uint8_t tlsext_alpn_single_proto[] = {
115 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
116 0x00, 0x09, /* len of all names */
117 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
118 0x08, /* len */
119 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
120};
121
122static int
123test_tlsext_alpn_client(void)
124{
125 SSL_CTX *ssl_ctx = NULL;
126 SSL *ssl = NULL;
127 uint8_t *data = NULL;
128 CBB cbb;
129 CBS cbs;
130 int failure, alert;
131 size_t dlen;
132
133 CBB_init(&cbb, 0);
134
135 failure = 1;
136
137 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
138 errx(1, "failed to create SSL_CTX");
139 if ((ssl = SSL_new(ssl_ctx)) == NULL)
140 errx(1, "failed to create SSL");
141
142 /* By default, we don't need this */
143 if (tlsext_alpn_client_needs(ssl)) {
144 FAIL("client should not need ALPN by default");
145 goto err;
146 }
147
148 /*
149 * Prereqs:
150 * 1) Set s->internal->alpn_client_proto_list
151 * - Using SSL_set_alpn_protos()
152 * 2) We have not finished or renegotiated.
153 * - S3I(s)->tmp.finish_md_len == 0
154 */
155 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
156 sizeof(tlsext_alpn_single_proto_val)) != 0) {
157 FAIL("should be able to set ALPN to http/1.1");
158 goto err;
159 }
160 if (!tlsext_alpn_client_needs(ssl)) {
161 FAIL("client should need ALPN by now");
162 goto err;
163 }
164
165 /* Make sure we can build the client with a single proto. */
166
167 if (!tlsext_alpn_client_build(ssl, &cbb)) {
168 FAIL("client failed to build ALPN\n");
169 goto err;
170 }
171 if (!CBB_finish(&cbb, &data, &dlen))
172 errx(1, "failed to finish CBB");
173
174 if (dlen != sizeof(tlsext_alpn_single_proto)) {
175 FAIL("got client ALPN with length %zu, "
176 "want length %zu\n", dlen,
177 sizeof(tlsext_alpn_single_proto));
178 compare_data(data, dlen, tlsext_alpn_single_proto,
179 sizeof(tlsext_alpn_single_proto));
180 goto err;
181 }
182 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
183 FAIL("client ALPN differs:\n");
184 compare_data(data, dlen, tlsext_alpn_single_proto,
185 sizeof(tlsext_alpn_single_proto));
186 goto err;
187 }
188
189 CBB_cleanup(&cbb);
190 CBB_init(&cbb, 0);
191 free(data);
192 data = NULL;
193
194 /* Make sure we can parse the single proto. */
195
196 CBS_init(&cbs, tlsext_alpn_single_proto,
197 sizeof(tlsext_alpn_single_proto));
198 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
199 FAIL("failed to parse ALPN");
200 goto err;
201 }
202 if (CBS_len(&cbs) != 0) {
203 FAIL("extension data remaining");
204 goto err;
205 }
206
207 if (ssl->internal->alpn_client_proto_list_len !=
208 sizeof(tlsext_alpn_single_proto_val)) {
209 FAIL("got client ALPN with length %zu, "
210 "want length %zu\n", dlen,
211 sizeof(tlsext_alpn_single_proto_val));
212 compare_data(ssl->internal->alpn_client_proto_list,
213 ssl->internal->alpn_client_proto_list_len,
214 tlsext_alpn_single_proto_val,
215 sizeof(tlsext_alpn_single_proto_val));
216 goto err;
217 }
218 if (memcmp(ssl->internal->alpn_client_proto_list,
219 tlsext_alpn_single_proto_val,
220 sizeof(tlsext_alpn_single_proto_val)) != 0) {
221 FAIL("client ALPN differs:\n");
222 compare_data(data, dlen, tlsext_alpn_single_proto_val,
223 sizeof(tlsext_alpn_single_proto_val));
224 goto err;
225 }
226
227 /* Make sure we can build the clienthello with multiple entries. */
228
229 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
230 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
231 FAIL("should be able to set ALPN to http/1.1");
232 goto err;
233 }
234 if (!tlsext_alpn_client_needs(ssl)) {
235 FAIL("client should need ALPN by now");
236 goto err;
237 }
238
239 if (!tlsext_alpn_client_build(ssl, &cbb)) {
240 FAIL("client failed to build ALPN\n");
241 goto err;
242 }
243 if (!CBB_finish(&cbb, &data, &dlen))
244 errx(1, "failed to finish CBB");
245
246 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
247 FAIL("got client ALPN with length %zu, "
248 "want length %zu\n", dlen,
249 sizeof(tlsext_alpn_multiple_protos));
250 compare_data(data, dlen, tlsext_alpn_multiple_protos,
251 sizeof(tlsext_alpn_multiple_protos));
252 goto err;
253 }
254 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
255 FAIL("client ALPN differs:\n");
256 compare_data(data, dlen, tlsext_alpn_multiple_protos,
257 sizeof(tlsext_alpn_multiple_protos));
258 goto err;
259 }
260
261 /* Make sure we can parse multiple protos */
262
263 CBS_init(&cbs, tlsext_alpn_multiple_protos,
264 sizeof(tlsext_alpn_multiple_protos));
265 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
266 FAIL("failed to parse ALPN");
267 goto err;
268 }
269 if (CBS_len(&cbs) != 0) {
270 FAIL("extension data remaining");
271 goto err;
272 }
273
274 if (ssl->internal->alpn_client_proto_list_len !=
275 sizeof(tlsext_alpn_multiple_protos_val)) {
276 FAIL("got client ALPN with length %zu, "
277 "want length %zu\n", dlen,
278 sizeof(tlsext_alpn_multiple_protos_val));
279 compare_data(ssl->internal->alpn_client_proto_list,
280 ssl->internal->alpn_client_proto_list_len,
281 tlsext_alpn_multiple_protos_val,
282 sizeof(tlsext_alpn_multiple_protos_val));
283 goto err;
284 }
285 if (memcmp(ssl->internal->alpn_client_proto_list,
286 tlsext_alpn_multiple_protos_val,
287 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
288 FAIL("client ALPN differs:\n");
289 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
290 sizeof(tlsext_alpn_multiple_protos_val));
291 goto err;
292 }
293
294 /* Make sure we can remove the list and avoid ALPN */
295
296 free(ssl->internal->alpn_client_proto_list);
297 ssl->internal->alpn_client_proto_list = NULL;
298 ssl->internal->alpn_client_proto_list_len = 0;
299
300 if (tlsext_alpn_client_needs(ssl)) {
301 FAIL("client should need ALPN by default");
302 goto err;
303 }
304
305 failure = 0;
306
307 err:
308 CBB_cleanup(&cbb);
309 SSL_CTX_free(ssl_ctx);
310 SSL_free(ssl);
311 free(data);
312
313 return (failure);
314}
315
316static int
317test_tlsext_alpn_server(void)
318{
319 SSL_CTX *ssl_ctx = NULL;
320 SSL *ssl = NULL;
321 uint8_t *data = NULL;
322 CBB cbb;
323 CBS cbs;
324 int failure, alert;
325 size_t dlen;
326
327 CBB_init(&cbb, 0);
328
329 failure = 1;
330
331 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
332 errx(1, "failed to create SSL_CTX");
333 if ((ssl = SSL_new(ssl_ctx)) == NULL)
334 errx(1, "failed to create SSL");
335
336 /* By default, ALPN isn't needed. */
337 if (tlsext_alpn_server_needs(ssl)) {
338 FAIL("server should not need ALPN by default\n");
339 goto err;
340 }
341
342 /*
343 * The server has a single ALPN selection which is set by
344 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
345 *
346 * This will be a plain name and separate length.
347 */
348 if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
349 errx(1, "failed to malloc");
350 }
351 memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
352 sizeof(tlsext_alpn_single_proto_name));
353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
354
355 if (!tlsext_alpn_server_needs(ssl)) {
356 FAIL("server should need ALPN after a protocol is selected\n");
357 goto err;
358 }
359
360 /* Make sure we can build a server with one protocol */
361
362 if (!tlsext_alpn_server_build(ssl, &cbb)) {
363 FAIL("server should be able to build a response");
364 goto err;
365 }
366 if (!CBB_finish(&cbb, &data, &dlen))
367 errx(1, "failed to finish CBB");
368
369 if (dlen != sizeof(tlsext_alpn_single_proto)) {
370 FAIL("got client ALPN with length %zu, "
371 "want length %zu\n", dlen,
372 sizeof(tlsext_alpn_single_proto));
373 compare_data(data, dlen, tlsext_alpn_single_proto,
374 sizeof(tlsext_alpn_single_proto));
375 goto err;
376 }
377 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
378 FAIL("client ALPN differs:\n");
379 compare_data(data, dlen, tlsext_alpn_single_proto,
380 sizeof(tlsext_alpn_single_proto));
381 goto err;
382 }
383
384 CBB_cleanup(&cbb);
385 CBB_init(&cbb, 0);
386 free(data);
387 data = NULL;
388
389 /* Make sure we can parse the single proto. */
390
391 CBS_init(&cbs, tlsext_alpn_single_proto,
392 sizeof(tlsext_alpn_single_proto));
393
394 /* Shouldn't be able to parse without requesting */
395 if (tlsext_alpn_client_parse(ssl, &cbs, &alert)) {
396 FAIL("Should only parse server if we requested it");
397 goto err;
398 }
399
400 /* Should be able to parse once requested. */
401 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
402 sizeof(tlsext_alpn_single_proto_val)) != 0) {
403 FAIL("should be able to set ALPN to http/1.1");
404 goto err;
405 }
406 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
407 FAIL("Should be able to parse server when we request it");
408 goto err;
409 }
410 if (CBS_len(&cbs) != 0) {
411 FAIL("extension data remaining");
412 goto err;
413 }
414
415 if (S3I(ssl)->alpn_selected_len !=
416 sizeof(tlsext_alpn_single_proto_name)) {
417 FAIL("got server ALPN with length %zu, "
418 "want length %zu\n", dlen,
419 sizeof(tlsext_alpn_single_proto_name));
420 compare_data(S3I(ssl)->alpn_selected,
421 S3I(ssl)->alpn_selected_len,
422 tlsext_alpn_single_proto_name,
423 sizeof(tlsext_alpn_single_proto_name));
424 goto err;
425 }
426 if (memcmp(S3I(ssl)->alpn_selected,
427 tlsext_alpn_single_proto_name,
428 sizeof(tlsext_alpn_single_proto_name)) != 0) {
429 FAIL("server ALPN differs:\n");
430 compare_data(S3I(ssl)->alpn_selected,
431 S3I(ssl)->alpn_selected_len,
432 tlsext_alpn_single_proto_name,
433 sizeof(tlsext_alpn_single_proto_name));
434 goto err;
435 }
436
437 /*
438 * We should NOT be able to build a server with multiple
439 * protocol names. However, the existing code did not check for this
440 * case because it is passed in as an encoded value.
441 */
442
443 /* Make sure we can remove the list and avoid ALPN */
444
445 free(S3I(ssl)->alpn_selected);
446 S3I(ssl)->alpn_selected = NULL;
447 S3I(ssl)->alpn_selected_len = 0;
448
449 if (tlsext_alpn_server_needs(ssl)) {
450 FAIL("server should need ALPN by default");
451 goto err;
452 }
453
454 failure = 0;
455
456 err:
457 CBB_cleanup(&cbb);
458 SSL_CTX_free(ssl_ctx);
459 SSL_free(ssl);
460 free(data);
461
462 return (failure);
463
464}
465
466/*
467 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
468 *
469 * This extension is only used by the client.
470 */
471
472static uint8_t tlsext_supportedgroups_client_default[] = {
473 0x00, 0x06,
474 0x00, 0x1d, /* X25519 (29) */
475 0x00, 0x17, /* secp256r1 (23) */
476 0x00, 0x18 /* secp384r1 (24) */
477};
478
479static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
480 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */
481};
482static uint8_t tlsext_supportedgroups_client_secp384r1[] = {
483 0x00, 0x02,
484 0x00, 0x18 /* secp384r1 (24) */
485};
486
487/* Example from RFC 4492 section 5.1.1 */
488static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
489 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */
490 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */
491};
492static uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
493 0x00, 0x04,
494 0x00, 0x13, /* secp192r1 aka NIST P-192 */
495 0x00, 0x15 /* secp224r1 aka NIST P-224 */
496};
497
498static int
499test_tlsext_supportedgroups_client(void)
500{
501 unsigned char *data = NULL;
502 SSL_CTX *ssl_ctx = NULL;
503 SSL *ssl = NULL;
504 size_t dlen;
505 int failure, alert;
506 CBB cbb;
507 CBS cbs;
508
509 failure = 1;
510
511 if (!CBB_init(&cbb, 0))
512 errx(1, "failed to create CBB");
513
514 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
515 errx(1, "failed to create SSL_CTX");
516 if ((ssl = SSL_new(ssl_ctx)) == NULL)
517 errx(1, "failed to create SSL");
518
519 /*
520 * Default ciphers include EC so we need it by default.
521 */
522 if (!tlsext_supportedgroups_client_needs(ssl)) {
523 FAIL("client should need Ellipticcurves for default "
524 "ciphers\n");
525 goto err;
526 }
527
528 /*
529 * Exclude cipher suites so we can test not including it.
530 */
531 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
532 FAIL("client should be able to set cipher list\n");
533 goto err;
534 }
535 if (tlsext_supportedgroups_client_needs(ssl)) {
536 FAIL("client should not need Ellipticcurves\n");
537 goto err;
538 }
539
540 /*
541 * Use libtls default for the rest of the testing
542 */
543 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
544 FAIL("client should be able to set cipher list\n");
545 goto err;
546 }
547 if (!tlsext_supportedgroups_client_needs(ssl)) {
548 FAIL("client should need Ellipticcurves\n");
549 goto err;
550 }
551
552 /*
553 * Test with a session secp384r1. The default is used instead.
554 */
555 if ((ssl->session = SSL_SESSION_new()) == NULL)
556 errx(1, "failed to create session");
557
558 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
559 == NULL) {
560 FAIL("client could not malloc\n");
561 goto err;
562 }
563 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
564 SSI(ssl)->tlsext_supportedgroups_length = 1;
565
566 if (!tlsext_supportedgroups_client_needs(ssl)) {
567 FAIL("client should need Ellipticcurves\n");
568 goto err;
569 }
570
571 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) {
572 FAIL("client failed to build Ellipticcurves\n");
573 goto err;
574 }
575
576 if (!CBB_finish(&cbb, &data, &dlen))
577 errx(1, "failed to finish CBB");
578
579 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
580 FAIL("got client Ellipticcurves with length %zu, "
581 "want length %zu\n", dlen,
582 sizeof(tlsext_supportedgroups_client_default));
583 compare_data(data, dlen, tlsext_supportedgroups_client_default,
584 sizeof(tlsext_supportedgroups_client_default));
585 goto err;
586 }
587
588 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
589 FAIL("client Ellipticcurves differs:\n");
590 compare_data(data, dlen, tlsext_supportedgroups_client_default,
591 sizeof(tlsext_supportedgroups_client_default));
592 goto err;
593 }
594
595 /*
596 * Test parsing secp384r1
597 */
598 CBB_cleanup(&cbb);
599 CBB_init(&cbb, 0);
600 free(data);
601 data = NULL;
602
603 SSL_SESSION_free(ssl->session);
604 if ((ssl->session = SSL_SESSION_new()) == NULL)
605 errx(1, "failed to create session");
606
607 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
608 sizeof(tlsext_supportedgroups_client_secp384r1));
609 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) {
610 FAIL("failed to parse client Ellipticcurves\n");
611 goto err;
612 }
613 if (CBS_len(&cbs) != 0) {
614 FAIL("extension data remaining");
615 goto err;
616 }
617
618 if (SSI(ssl)->tlsext_supportedgroups_length !=
619 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
620 FAIL("no tlsext_ellipticcurves from client "
621 "Ellipticcurves\n");
622 goto err;
623 }
624
625 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
626 tlsext_supportedgroups_client_secp384r1_val,
627 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
628 FAIL("client had an incorrect Ellipticcurves "
629 "entry\n");
630 compare_data2(SSI(ssl)->tlsext_supportedgroups,
631 SSI(ssl)->tlsext_supportedgroups_length * 2,
632 tlsext_supportedgroups_client_secp384r1_val,
633 sizeof(tlsext_supportedgroups_client_secp384r1_val));
634 goto err;
635 }
636
637 /*
638 * Use a custom order.
639 */
640 CBB_cleanup(&cbb);
641 CBB_init(&cbb, 0);
642
643 SSL_SESSION_free(ssl->session);
644 if ((ssl->session = SSL_SESSION_new()) == NULL)
645 errx(1, "failed to create session");
646
647 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
648 FAIL("client could not malloc\n");
649 goto err;
650 }
651 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1);
652 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
653 ssl->internal->tlsext_supportedgroups_length = 2;
654
655 if (!tlsext_supportedgroups_client_needs(ssl)) {
656 FAIL("client should need Ellipticcurves\n");
657 goto err;
658 }
659
660 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) {
661 FAIL("client failed to build Ellipticcurves\n");
662 goto err;
663 }
664
665 if (!CBB_finish(&cbb, &data, &dlen))
666 errx(1, "failed to finish CBB");
667
668 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
669 FAIL("got client Ellipticcurves with length %zu, "
670 "want length %zu\n", dlen,
671 sizeof(tlsext_supportedgroups_client_nistp192and224));
672 fprintf(stderr, "received:\n");
673 hexdump(data, dlen);
674 fprintf(stderr, "test data:\n");
675 hexdump(tlsext_supportedgroups_client_nistp192and224,
676 sizeof(tlsext_supportedgroups_client_nistp192and224));
677 goto err;
678 }
679
680 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
681 FAIL("client Ellipticcurves differs:\n");
682 fprintf(stderr, "received:\n");
683 hexdump(data, dlen);
684 fprintf(stderr, "test data:\n");
685 hexdump(tlsext_supportedgroups_client_nistp192and224,
686 sizeof(tlsext_supportedgroups_client_nistp192and224));
687 goto err;
688 }
689
690 /*
691 * Parse non-default curves to session.
692 */
693 CBB_cleanup(&cbb);
694 CBB_init(&cbb, 0);
695 free(data);
696 data = NULL;
697
698 SSL_SESSION_free(ssl->session);
699 if ((ssl->session = SSL_SESSION_new()) == NULL)
700 errx(1, "failed to create session");
701
702 /* Reset back to the default list. */
703 free(ssl->internal->tlsext_supportedgroups);
704 ssl->internal->tlsext_supportedgroups = NULL;
705 ssl->internal->tlsext_supportedgroups_length = 0;
706
707 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
708 sizeof(tlsext_supportedgroups_client_nistp192and224));
709 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) {
710 FAIL("failed to parse client Ellipticcurves\n");
711 goto err;
712 }
713 if (CBS_len(&cbs) != 0) {
714 FAIL("extension data remaining");
715 goto err;
716 }
717
718 if (SSI(ssl)->tlsext_supportedgroups_length !=
719 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
720 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
721 goto err;
722 }
723
724 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
725 tlsext_supportedgroups_client_nistp192and224_val,
726 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
727 FAIL("client had an incorrect Ellipticcurves entry\n");
728 compare_data2(SSI(ssl)->tlsext_supportedgroups,
729 SSI(ssl)->tlsext_supportedgroups_length * 2,
730 tlsext_supportedgroups_client_nistp192and224_val,
731 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
732 goto err;
733 }
734
735 failure = 0;
736
737 err:
738 CBB_cleanup(&cbb);
739 SSL_CTX_free(ssl_ctx);
740 SSL_free(ssl);
741 free(data);
742
743 return (failure);
744}
745
746
747/* elliptic_curves is only used by the client so this doesn't test much. */
748static int
749test_tlsext_supportedgroups_server(void)
750{
751 SSL_CTX *ssl_ctx = NULL;
752 SSL *ssl = NULL;
753 int failure;
754
755 failure = 1;
756
757 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
758 errx(1, "failed to create SSL_CTX");
759 if ((ssl = SSL_new(ssl_ctx)) == NULL)
760 errx(1, "failed to create SSL");
761
762 if (tlsext_supportedgroups_server_needs(ssl)) {
763 FAIL("server should not need elliptic_curves\n");
764 goto err;
765 }
766
767 if ((ssl->session = SSL_SESSION_new()) == NULL)
768 errx(1, "failed to create session");
769
770 if (tlsext_supportedgroups_server_needs(ssl)) {
771 FAIL("server should not need elliptic_curves\n");
772 goto err;
773 }
774
775 failure = 0;
776
777 err:
778 SSL_CTX_free(ssl_ctx);
779 SSL_free(ssl);
780
781 return (failure);
782
783}
784
785/*
786 * Supported Point Formats - RFC 4492 section 5.1.2.
787 *
788 * Examples are from the RFC. Both client and server have the same build and
789 * parse but the needs differ.
790 */
791
792static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
793 TLSEXT_ECPOINTFORMAT_uncompressed
794};
795static uint8_t tlsext_ecpf_hello_uncompressed[] = {
796 0x01,
797 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
798};
799
800static uint8_t tlsext_ecpf_hello_prime[] = {
801 0x01,
802 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
803};
804
805static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
806 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
807 TLSEXT_ECPOINTFORMAT_uncompressed,
808 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
809};
810static uint8_t tlsext_ecpf_hello_prefer_order[] = {
811 0x03,
812 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
813 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
814 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
815};
816
817static int
818test_tlsext_ecpf_client(void)
819{
820 uint8_t *data = NULL;
821 SSL_CTX *ssl_ctx = NULL;
822 SSL *ssl = NULL;
823 size_t dlen;
824 int failure, alert;
825 CBB cbb;
826 CBS cbs;
827
828 failure = 1;
829
830 CBB_init(&cbb, 0);
831
832 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
833 errx(1, "failed to create SSL_CTX");
834 if ((ssl = SSL_new(ssl_ctx)) == NULL)
835 errx(1, "failed to create SSL");
836
837 /*
838 * Default ciphers include EC so we need it by default.
839 */
840 if (!tlsext_ecpf_client_needs(ssl)) {
841 FAIL("client should need ECPointFormats for default "
842 "ciphers\n");
843 goto err;
844 }
845
846 /*
847 * Exclude EC cipher suites so we can test not including it.
848 */
849 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
850 FAIL("client should be able to set cipher list\n");
851 goto err;
852 }
853 if (tlsext_ecpf_client_needs(ssl)) {
854 FAIL("client should not need ECPointFormats\n");
855 goto err;
856 }
857
858 /*
859 * Use libtls default for the rest of the testing
860 */
861 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
862 FAIL("client should be able to set cipher list\n");
863 goto err;
864 }
865 if (!tlsext_ecpf_client_needs(ssl)) {
866 FAIL("client should need ECPointFormats\n");
867 goto err;
868 }
869
870 /*
871 * The default ECPointFormats should only have uncompressed
872 */
873 if ((ssl->session = SSL_SESSION_new()) == NULL)
874 errx(1, "failed to create session");
875
876 if (!tlsext_ecpf_client_build(ssl, &cbb)) {
877 FAIL("client failed to build ECPointFormats\n");
878 goto err;
879 }
880
881 if (!CBB_finish(&cbb, &data, &dlen))
882 errx(1, "failed to finish CBB");
883
884 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
885 FAIL("got client ECPointFormats with length %zu, "
886 "want length %zu\n", dlen,
887 sizeof(tlsext_ecpf_hello_uncompressed));
888 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
889 sizeof(tlsext_ecpf_hello_uncompressed));
890 goto err;
891 }
892
893 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
894 FAIL("client ECPointFormats differs:\n");
895 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
896 sizeof(tlsext_ecpf_hello_uncompressed));
897 goto err;
898 }
899
900 /*
901 * Make sure we can parse the default.
902 */
903 CBB_cleanup(&cbb);
904 CBB_init(&cbb, 0);
905 free(data);
906 data = NULL;
907
908 SSL_SESSION_free(ssl->session);
909 if ((ssl->session = SSL_SESSION_new()) == NULL)
910 errx(1, "failed to create session");
911
912 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
913 sizeof(tlsext_ecpf_hello_uncompressed));
914 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) {
915 FAIL("failed to parse client ECPointFormats\n");
916 goto err;
917 }
918 if (CBS_len(&cbs) != 0) {
919 FAIL("extension data remaining");
920 goto err;
921 }
922
923 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
924 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
925 FAIL("no tlsext_ecpointformats from client "
926 "ECPointFormats\n");
927 goto err;
928 }
929
930 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
931 tlsext_ecpf_hello_uncompressed_val,
932 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
933 FAIL("client had an incorrect ECPointFormats entry\n");
934 goto err;
935 }
936
937 /*
938 * Test with a custom order.
939 */
940 CBB_cleanup(&cbb);
941 CBB_init(&cbb, 0);
942 free(data);
943 data = NULL;
944
945 SSL_SESSION_free(ssl->session);
946 if ((ssl->session = SSL_SESSION_new()) == NULL)
947 errx(1, "failed to create session");
948
949 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
950 FAIL("client could not malloc\n");
951 goto err;
952 }
953 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
954 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
955 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
956 ssl->internal->tlsext_ecpointformatlist_length = 3;
957
958 if (!tlsext_ecpf_client_needs(ssl)) {
959 FAIL("client should need ECPointFormats with a custom "
960 "format\n");
961 goto err;
962 }
963
964 if (!tlsext_ecpf_client_build(ssl, &cbb)) {
965 FAIL("client failed to build ECPointFormats\n");
966 goto err;
967 }
968
969 if (!CBB_finish(&cbb, &data, &dlen))
970 errx(1, "failed to finish CBB");
971
972 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
973 FAIL("got client ECPointFormats with length %zu, "
974 "want length %zu\n", dlen,
975 sizeof(tlsext_ecpf_hello_prefer_order));
976 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
977 sizeof(tlsext_ecpf_hello_prefer_order));
978 goto err;
979 }
980
981 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
982 FAIL("client ECPointFormats differs:\n");
983 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
984 sizeof(tlsext_ecpf_hello_prefer_order));
985 goto err;
986 }
987
988 /*
989 * Make sure that we can parse this custom order.
990 */
991 CBB_cleanup(&cbb);
992 CBB_init(&cbb, 0);
993 free(data);
994 data = NULL;
995
996 SSL_SESSION_free(ssl->session);
997 if ((ssl->session = SSL_SESSION_new()) == NULL)
998 errx(1, "failed to create session");
999
1000 /* Reset the custom list so we go back to the default uncompressed. */
1001 free(ssl->internal->tlsext_ecpointformatlist);
1002 ssl->internal->tlsext_ecpointformatlist = NULL;
1003 ssl->internal->tlsext_ecpointformatlist_length = 0;
1004
1005 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1006 sizeof(tlsext_ecpf_hello_prefer_order));
1007 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) {
1008 FAIL("failed to parse client ECPointFormats\n");
1009 goto err;
1010 }
1011 if (CBS_len(&cbs) != 0) {
1012 FAIL("extension data remaining");
1013 goto err;
1014 }
1015
1016 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1017 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1018 FAIL("no tlsext_ecpointformats from client "
1019 "ECPointFormats\n");
1020 goto err;
1021 }
1022
1023 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1024 tlsext_ecpf_hello_prefer_order_val,
1025 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1026 FAIL("client had an incorrect ECPointFormats entry\n");
1027 goto err;
1028 }
1029
1030
1031 failure = 0;
1032
1033 err:
1034 CBB_cleanup(&cbb);
1035 SSL_CTX_free(ssl_ctx);
1036 SSL_free(ssl);
1037 free(data);
1038
1039 return (failure);
1040}
1041
1042static int
1043test_tlsext_ecpf_server(void)
1044{
1045 uint8_t *data = NULL;
1046 SSL_CTX *ssl_ctx = NULL;
1047 SSL *ssl = NULL;
1048 size_t dlen;
1049 int failure, alert;
1050 CBB cbb;
1051 CBS cbs;
1052
1053 failure = 1;
1054
1055 CBB_init(&cbb, 0);
1056
1057 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1058 errx(1, "failed to create SSL_CTX");
1059 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1060 errx(1, "failed to create SSL");
1061
1062 if ((ssl->session = SSL_SESSION_new()) == NULL)
1063 errx(1, "failed to create session");
1064
1065 /* Setup the state so we can call needs. */
1066 if ((S3I(ssl)->hs.new_cipher =
1067 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1068 == NULL) {
1069 FAIL("server cannot find cipher\n");
1070 goto err;
1071 }
1072 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1073 == NULL) {
1074 FAIL("server could not malloc\n");
1075 goto err;
1076 }
1077 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1078 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1079
1080 if (!tlsext_ecpf_server_needs(ssl)) {
1081 FAIL("server should need ECPointFormats now\n");
1082 goto err;
1083 }
1084
1085 /*
1086 * The server will ignore the session list and use either a custom
1087 * list or the default (uncompressed).
1088 */
1089 if (!tlsext_ecpf_server_build(ssl, &cbb)) {
1090 FAIL("server failed to build ECPointFormats\n");
1091 goto err;
1092 }
1093
1094 if (!CBB_finish(&cbb, &data, &dlen))
1095 errx(1, "failed to finish CBB");
1096
1097 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1098 FAIL("got server ECPointFormats with length %zu, "
1099 "want length %zu\n", dlen,
1100 sizeof(tlsext_ecpf_hello_uncompressed));
1101 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1102 sizeof(tlsext_ecpf_hello_uncompressed));
1103 goto err;
1104 }
1105
1106 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1107 FAIL("server ECPointFormats differs:\n");
1108 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1109 sizeof(tlsext_ecpf_hello_uncompressed));
1110 goto err;
1111 }
1112
1113 /*
1114 * Cannot parse a non-default list without at least uncompressed.
1115 */
1116 CBB_cleanup(&cbb);
1117 CBB_init(&cbb, 0);
1118 free(data);
1119 data = NULL;
1120
1121 SSL_SESSION_free(ssl->session);
1122 if ((ssl->session = SSL_SESSION_new()) == NULL)
1123 errx(1, "failed to create session");
1124
1125 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1126 sizeof(tlsext_ecpf_hello_prime));
1127 if (tlsext_ecpf_client_parse(ssl, &cbs, &alert)) {
1128 FAIL("must include uncompressed in server ECPointFormats\n");
1129 goto err;
1130 }
1131 if (CBS_len(&cbs) != 0) {
1132 FAIL("extension data remaining");
1133 goto err;
1134 }
1135
1136 /*
1137 * Test with a custom order that replaces the default uncompressed.
1138 */
1139 CBB_cleanup(&cbb);
1140 CBB_init(&cbb, 0);
1141 free(data);
1142 data = NULL;
1143
1144 SSL_SESSION_free(ssl->session);
1145 if ((ssl->session = SSL_SESSION_new()) == NULL)
1146 errx(1, "failed to create session");
1147
1148 /* Add a session list even though it will be ignored. */
1149 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1150 == NULL) {
1151 FAIL("server could not malloc\n");
1152 goto err;
1153 }
1154 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1155 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1156
1157 /* Replace the default list with a custom one. */
1158 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1159 FAIL("server could not malloc\n");
1160 goto err;
1161 }
1162 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1163 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1164 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1165 ssl->internal->tlsext_ecpointformatlist_length = 3;
1166
1167 if (!tlsext_ecpf_server_needs(ssl)) {
1168 FAIL("server should need ECPointFormats\n");
1169 goto err;
1170 }
1171
1172 if (!tlsext_ecpf_server_build(ssl, &cbb)) {
1173 FAIL("server failed to build ECPointFormats\n");
1174 goto err;
1175 }
1176
1177 if (!CBB_finish(&cbb, &data, &dlen))
1178 errx(1, "failed to finish CBB");
1179
1180 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1181 FAIL("got server ECPointFormats with length %zu, "
1182 "want length %zu\n", dlen,
1183 sizeof(tlsext_ecpf_hello_prefer_order));
1184 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1185 sizeof(tlsext_ecpf_hello_prefer_order));
1186 goto err;
1187 }
1188
1189 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1190 FAIL("server ECPointFormats differs:\n");
1191 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1192 sizeof(tlsext_ecpf_hello_prefer_order));
1193 goto err;
1194 }
1195
1196 /*
1197 * Should be able to parse the custom list into a session list.
1198 */
1199 CBB_cleanup(&cbb);
1200 CBB_init(&cbb, 0);
1201 free(data);
1202 data = NULL;
1203
1204 SSL_SESSION_free(ssl->session);
1205 if ((ssl->session = SSL_SESSION_new()) == NULL)
1206 errx(1, "failed to create session");
1207
1208 /* Reset back to the default (uncompressed) */
1209 free(ssl->internal->tlsext_ecpointformatlist);
1210 ssl->internal->tlsext_ecpointformatlist = NULL;
1211 ssl->internal->tlsext_ecpointformatlist_length = 0;
1212
1213 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1214 sizeof(tlsext_ecpf_hello_prefer_order));
1215 if (!tlsext_ecpf_client_parse(ssl, &cbs, &alert)) {
1216 FAIL("failed to parse server ECPointFormats\n");
1217 goto err;
1218 }
1219 if (CBS_len(&cbs) != 0) {
1220 FAIL("extension data remaining");
1221 goto err;
1222 }
1223
1224 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1225 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1226 FAIL("no tlsext_ecpointformats from server "
1227 "ECPointFormats\n");
1228 goto err;
1229 }
1230
1231 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1232 tlsext_ecpf_hello_prefer_order_val,
1233 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1234 FAIL("server had an incorrect ECPointFormats entry\n");
1235 goto err;
1236 }
1237
1238 failure = 0;
1239
1240 err:
1241 CBB_cleanup(&cbb);
1242 SSL_CTX_free(ssl_ctx);
1243 SSL_free(ssl);
1244 free(data);
1245
1246 return (failure);
1247}
1248
1249/*
1250 * Renegotiation Indication - RFC 5746.
1251 */
1252
1253static unsigned char tlsext_ri_prev_client[] = {
1254 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1255 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1256};
1257
1258static unsigned char tlsext_ri_prev_server[] = {
1259 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1260 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1261};
1262
1263static unsigned char tlsext_ri_client[] = {
1264 0x10,
1265 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1266 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1267};
1268
1269static unsigned char tlsext_ri_server[] = {
1270 0x20,
1271 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1272 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1273 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1274 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1275};
1276
1277static int
1278test_tlsext_ri_client(void)
1279{
1280 unsigned char *data = NULL;
1281 SSL_CTX *ssl_ctx = NULL;
1282 SSL *ssl = NULL;
1283 int failure;
1284 size_t dlen;
1285 int alert;
1286 CBB cbb;
1287 CBS cbs;
1288
1289 failure = 1;
1290
1291 CBB_init(&cbb, 0);
1292
1293 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1294 errx(1, "failed to create SSL_CTX");
1295 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1296 errx(1, "failed to create SSL");
1297
1298 if (tlsext_ri_client_needs(ssl)) {
1299 FAIL("client should not need RI\n");
1300 goto err;
1301 }
1302
1303 if (!SSL_renegotiate(ssl)) {
1304 FAIL("client failed to set renegotiate\n");
1305 goto err;
1306 }
1307
1308 if (!tlsext_ri_client_needs(ssl)) {
1309 FAIL("client should need RI\n");
1310 goto err;
1311 }
1312
1313 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1314 sizeof(tlsext_ri_prev_client));
1315 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1316
1317 S3I(ssl)->renegotiate_seen = 0;
1318
1319 if (!tlsext_ri_client_build(ssl, &cbb)) {
1320 FAIL("client failed to build RI\n");
1321 goto err;
1322 }
1323
1324 if (!CBB_finish(&cbb, &data, &dlen))
1325 errx(1, "failed to finish CBB");
1326
1327 if (dlen != sizeof(tlsext_ri_client)) {
1328 FAIL("got client RI with length %zu, "
1329 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1330 goto err;
1331 }
1332
1333 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1334 FAIL("client RI differs:\n");
1335 fprintf(stderr, "received:\n");
1336 hexdump(data, dlen);
1337 fprintf(stderr, "test data:\n");
1338 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1339 goto err;
1340 }
1341
1342 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1343 if (!tlsext_ri_server_parse(ssl, &cbs, &alert)) {
1344 FAIL("failed to parse client RI\n");
1345 goto err;
1346 }
1347 if (CBS_len(&cbs) != 0) {
1348 FAIL("extension data remaining");
1349 goto err;
1350 }
1351
1352 if (S3I(ssl)->renegotiate_seen != 1) {
1353 FAIL("renegotiate seen not set\n");
1354 goto err;
1355 }
1356 if (S3I(ssl)->send_connection_binding != 1) {
1357 FAIL("send connection binding not set\n");
1358 goto err;
1359 }
1360
1361 memset(S3I(ssl)->previous_client_finished, 0,
1362 sizeof(S3I(ssl)->previous_client_finished));
1363
1364 S3I(ssl)->renegotiate_seen = 0;
1365
1366 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1367 if (tlsext_ri_server_parse(ssl, &cbs, &alert)) {
1368 FAIL("parsed invalid client RI\n");
1369 failure = 1;
1370 goto err;
1371 }
1372
1373 if (S3I(ssl)->renegotiate_seen == 1) {
1374 FAIL("renegotiate seen set\n");
1375 goto err;
1376 }
1377
1378 failure = 0;
1379
1380 err:
1381 CBB_cleanup(&cbb);
1382 SSL_CTX_free(ssl_ctx);
1383 SSL_free(ssl);
1384 free(data);
1385
1386 return (failure);
1387}
1388
1389static int
1390test_tlsext_ri_server(void)
1391{
1392 unsigned char *data = NULL;
1393 SSL_CTX *ssl_ctx = NULL;
1394 SSL *ssl = NULL;
1395 int failure;
1396 size_t dlen;
1397 int alert;
1398 CBB cbb;
1399 CBS cbs;
1400
1401 failure = 1;
1402
1403 CBB_init(&cbb, 0);
1404
1405 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1406 errx(1, "failed to create SSL_CTX");
1407 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1408 errx(1, "failed to create SSL");
1409
1410 if (tlsext_ri_server_needs(ssl)) {
1411 FAIL("server should not need RI\n");
1412 goto err;
1413 }
1414
1415 S3I(ssl)->send_connection_binding = 1;
1416
1417 if (!tlsext_ri_server_needs(ssl)) {
1418 FAIL("server should need RI\n");
1419 goto err;
1420 }
1421
1422 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1423 sizeof(tlsext_ri_prev_client));
1424 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1425
1426 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
1427 sizeof(tlsext_ri_prev_server));
1428 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1429
1430 S3I(ssl)->renegotiate_seen = 0;
1431
1432 if (!tlsext_ri_server_build(ssl, &cbb)) {
1433 FAIL("server failed to build RI\n");
1434 goto err;
1435 }
1436
1437 if (!CBB_finish(&cbb, &data, &dlen))
1438 errx(1, "failed to finish CBB");
1439
1440 if (dlen != sizeof(tlsext_ri_server)) {
1441 FAIL("got server RI with length %zu, "
1442 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1443 goto err;
1444 }
1445
1446 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1447 FAIL("server RI differs:\n");
1448 fprintf(stderr, "received:\n");
1449 hexdump(data, dlen);
1450 fprintf(stderr, "test data:\n");
1451 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1452 goto err;
1453 }
1454
1455 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1456 if (!tlsext_ri_client_parse(ssl, &cbs, &alert)) {
1457 FAIL("failed to parse server RI\n");
1458 goto err;
1459 }
1460 if (CBS_len(&cbs) != 0) {
1461 FAIL("extension data remaining");
1462 goto err;
1463 }
1464
1465 if (S3I(ssl)->renegotiate_seen != 1) {
1466 FAIL("renegotiate seen not set\n");
1467 goto err;
1468 }
1469 if (S3I(ssl)->send_connection_binding != 1) {
1470 FAIL("send connection binding not set\n");
1471 goto err;
1472 }
1473
1474 memset(S3I(ssl)->previous_client_finished, 0,
1475 sizeof(S3I(ssl)->previous_client_finished));
1476 memset(S3I(ssl)->previous_server_finished, 0,
1477 sizeof(S3I(ssl)->previous_server_finished));
1478
1479 S3I(ssl)->renegotiate_seen = 0;
1480
1481 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1482 if (tlsext_ri_client_parse(ssl, &cbs, &alert)) {
1483 FAIL("parsed invalid server RI\n");
1484 goto err;
1485 }
1486
1487 if (S3I(ssl)->renegotiate_seen == 1) {
1488 FAIL("renegotiate seen set\n");
1489 goto err;
1490 }
1491
1492 failure = 0;
1493
1494 err:
1495 CBB_cleanup(&cbb);
1496 SSL_CTX_free(ssl_ctx);
1497 SSL_free(ssl);
1498 free(data);
1499
1500 return (failure);
1501}
1502
1503/*
1504 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1505 */
1506
1507static unsigned char tlsext_sigalgs_client[] = {
1508 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1509 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
1510 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
1511};
1512
1513static int
1514test_tlsext_sigalgs_client(void)
1515{
1516 unsigned char *data = NULL;
1517 SSL_CTX *ssl_ctx = NULL;
1518 SSL *ssl = NULL;
1519 int failure = 0;
1520 size_t dlen;
1521 int alert;
1522 CBB cbb;
1523 CBS cbs;
1524
1525 CBB_init(&cbb, 0);
1526
1527 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1528 errx(1, "failed to create SSL_CTX");
1529 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1530 errx(1, "failed to create SSL");
1531
1532 ssl->client_version = TLS1_1_VERSION;
1533
1534 if (tlsext_sigalgs_client_needs(ssl)) {
1535 fprintf(stderr, "FAIL: client should not need sigalgs\n");
1536 failure = 1;
1537 goto done;
1538 }
1539
1540 ssl->client_version = TLS1_2_VERSION;
1541
1542 if (!tlsext_sigalgs_client_needs(ssl)) {
1543 fprintf(stderr, "FAIL: client should need sigalgs\n");
1544 failure = 1;
1545 goto done;
1546 }
1547
1548 if (!tlsext_sigalgs_client_build(ssl, &cbb)) {
1549 fprintf(stderr, "FAIL: client failed to build sigalgs\n");
1550 failure = 1;
1551 goto done;
1552 }
1553
1554 if (!CBB_finish(&cbb, &data, &dlen))
1555 errx(1, "failed to finish CBB");
1556
1557 if (dlen != sizeof(tlsext_sigalgs_client)) {
1558 fprintf(stderr, "FAIL: got client sigalgs with length %zu, "
1559 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1560 failure = 1;
1561 goto done;
1562 }
1563
1564 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1565 fprintf(stderr, "FAIL: client SNI differs:\n");
1566 fprintf(stderr, "received:\n");
1567 hexdump(data, dlen);
1568 fprintf(stderr, "test data:\n");
1569 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1570 failure = 1;
1571 goto done;
1572 }
1573
1574 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1575 if (!tlsext_sigalgs_server_parse(ssl, &cbs, &alert)) {
1576 fprintf(stderr, "FAIL: failed to parse client SNI\n");
1577 failure = 1;
1578 goto done;
1579 }
1580 if (CBS_len(&cbs) != 0) {
1581 FAIL("extension data remaining");
1582 goto done;
1583 }
1584
1585 done:
1586 CBB_cleanup(&cbb);
1587 SSL_CTX_free(ssl_ctx);
1588 SSL_free(ssl);
1589 free(data);
1590
1591 return (failure);
1592}
1593
1594static int
1595test_tlsext_sigalgs_server(void)
1596{
1597 unsigned char *data = NULL;
1598 SSL_CTX *ssl_ctx = NULL;
1599 SSL *ssl = NULL;
1600 int failure = 0;
1601 size_t dlen;
1602 int alert;
1603 CBB cbb;
1604 CBS cbs;
1605
1606 CBB_init(&cbb, 0);
1607
1608 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1609 errx(1, "failed to create SSL_CTX");
1610 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1611 errx(1, "failed to create SSL");
1612
1613 if (tlsext_sigalgs_server_needs(ssl)) {
1614 fprintf(stderr, "FAIL: server should not need sigalgs\n");
1615 failure = 1;
1616 goto done;
1617 }
1618
1619 if (tlsext_sigalgs_server_build(ssl, &cbb)) {
1620 fprintf(stderr, "FAIL: server should not build sigalgs\n");
1621 failure = 1;
1622 goto done;
1623 }
1624
1625 if (!CBB_finish(&cbb, &data, &dlen))
1626 errx(1, "failed to finish CBB");
1627
1628 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1629 if (tlsext_sigalgs_client_parse(ssl, &cbs, &alert)) {
1630 fprintf(stderr, "FAIL: server should not parse sigalgs\n");
1631 failure = 1;
1632 goto done;
1633 }
1634
1635 done:
1636 CBB_cleanup(&cbb);
1637 SSL_CTX_free(ssl_ctx);
1638 SSL_free(ssl);
1639 free(data);
1640
1641 return (failure);
1642}
1643
1644/*
1645 * Server Name Indication - RFC 6066 section 3.
1646 */
1647
1648#define TEST_SNI_SERVERNAME "www.libressl.org"
1649
1650static unsigned char tlsext_sni_client[] = {
1651 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1652 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1653 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1654};
1655
1656static unsigned char tlsext_sni_server[] = {
1657};
1658
1659static int
1660test_tlsext_sni_client(void)
1661{
1662 unsigned char *data = NULL;
1663 SSL_CTX *ssl_ctx = NULL;
1664 SSL *ssl = NULL;
1665 int failure;
1666 size_t dlen;
1667 int alert;
1668 CBB cbb;
1669 CBS cbs;
1670
1671 failure = 1;
1672
1673 CBB_init(&cbb, 0);
1674
1675 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1676 errx(1, "failed to create SSL_CTX");
1677 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1678 errx(1, "failed to create SSL");
1679
1680 if (tlsext_sni_client_needs(ssl)) {
1681 FAIL("client should not need SNI\n");
1682 goto err;
1683 }
1684
1685 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1686 FAIL("client failed to set server name\n");
1687 goto err;
1688 }
1689
1690 if (!tlsext_sni_client_needs(ssl)) {
1691 FAIL("client should need SNI\n");
1692 goto err;
1693 }
1694
1695 if (!tlsext_sni_client_build(ssl, &cbb)) {
1696 FAIL("client failed to build SNI\n");
1697 goto err;
1698 }
1699
1700 if (!CBB_finish(&cbb, &data, &dlen))
1701 errx(1, "failed to finish CBB");
1702
1703 if (dlen != sizeof(tlsext_sni_client)) {
1704 FAIL("got client SNI with length %zu, "
1705 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1706 goto err;
1707 }
1708
1709 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1710 FAIL("client SNI differs:\n");
1711 fprintf(stderr, "received:\n");
1712 hexdump(data, dlen);
1713 fprintf(stderr, "test data:\n");
1714 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1715 goto err;
1716 }
1717
1718 if ((ssl->session = SSL_SESSION_new()) == NULL)
1719 errx(1, "failed to create session");
1720
1721 ssl->internal->hit = 0;
1722
1723 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1724 if (!tlsext_sni_server_parse(ssl, &cbs, &alert)) {
1725 FAIL("failed to parse client SNI\n");
1726 goto err;
1727 }
1728 if (CBS_len(&cbs) != 0) {
1729 FAIL("extension data remaining");
1730 goto err;
1731 }
1732
1733 if (ssl->session->tlsext_hostname == NULL) {
1734 FAIL("no tlsext_hostname from client SNI\n");
1735 goto err;
1736 }
1737
1738 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1739 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1740 strlen(TEST_SNI_SERVERNAME)) != 0) {
1741 FAIL("got tlsext_hostname `%s', want `%s'\n",
1742 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1743 goto err;
1744 }
1745
1746 ssl->internal->hit = 1;
1747
1748 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1749 NULL)
1750 errx(1, "failed to strdup tlsext_hostname");
1751
1752 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1753 if (tlsext_sni_server_parse(ssl, &cbs, &alert)) {
1754 FAIL("parsed client with mismatched SNI\n");
1755 goto err;
1756 }
1757
1758 failure = 0;
1759
1760 err:
1761 CBB_cleanup(&cbb);
1762 SSL_CTX_free(ssl_ctx);
1763 SSL_free(ssl);
1764 free(data);
1765
1766 return (failure);
1767}
1768
1769static int
1770test_tlsext_sni_server(void)
1771{
1772 unsigned char *data = NULL;
1773 SSL_CTX *ssl_ctx = NULL;
1774 SSL *ssl = NULL;
1775 int failure;
1776 size_t dlen;
1777 int alert;
1778 CBB cbb;
1779 CBS cbs;
1780
1781 failure = 1;
1782
1783 CBB_init(&cbb, 0);
1784
1785 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1786 errx(1, "failed to create SSL_CTX");
1787 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1788 errx(1, "failed to create SSL");
1789
1790 if ((ssl->session = SSL_SESSION_new()) == NULL)
1791 errx(1, "failed to create session");
1792
1793 if (tlsext_sni_server_needs(ssl)) {
1794 FAIL("server should not need SNI\n");
1795 goto err;
1796 }
1797
1798 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1799 FAIL("client failed to set server name\n");
1800 goto err;
1801 }
1802
1803 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1804 NULL)
1805 errx(1, "failed to strdup tlsext_hostname");
1806
1807 if (!tlsext_sni_server_needs(ssl)) {
1808 FAIL("server should need SNI\n");
1809 goto err;
1810 }
1811
1812 if (!tlsext_sni_server_build(ssl, &cbb)) {
1813 FAIL("server failed to build SNI\n");
1814 goto err;
1815 }
1816
1817 if (!CBB_finish(&cbb, &data, &dlen))
1818 errx(1, "failed to finish CBB");
1819
1820 if (dlen != sizeof(tlsext_sni_server)) {
1821 FAIL("got server SNI with length %zu, "
1822 "want length %zu\n", dlen, sizeof(tlsext_sni_server));
1823 goto err;
1824 }
1825
1826 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1827 FAIL("server SNI differs:\n");
1828 fprintf(stderr, "received:\n");
1829 hexdump(data, dlen);
1830 fprintf(stderr, "test data:\n");
1831 hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
1832 goto err;
1833 }
1834
1835 free(ssl->session->tlsext_hostname);
1836 ssl->session->tlsext_hostname = NULL;
1837
1838 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
1839 if (!tlsext_sni_client_parse(ssl, &cbs, &alert)) {
1840 FAIL("failed to parse server SNI\n");
1841 goto err;
1842 }
1843 if (CBS_len(&cbs) != 0) {
1844 FAIL("extension data remaining");
1845 goto err;
1846 }
1847
1848 if (ssl->session->tlsext_hostname == NULL) {
1849 FAIL("no tlsext_hostname after server SNI\n");
1850 goto err;
1851 }
1852
1853 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1854 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1855 strlen(TEST_SNI_SERVERNAME)) != 0) {
1856 FAIL("got tlsext_hostname `%s', want `%s'\n",
1857 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1858 goto err;
1859 }
1860
1861 failure = 0;
1862
1863 err:
1864 CBB_cleanup(&cbb);
1865 SSL_CTX_free(ssl_ctx);
1866 SSL_free(ssl);
1867 free(data);
1868
1869 return (failure);
1870}
1871
1872static unsigned char tls_ocsp_client_default[] = {
1873 0x01, 0x00, 0x00, 0x00, 0x00
1874};
1875
1876static int
1877test_tlsext_ocsp_client(void)
1878{
1879 unsigned char *data = NULL;
1880 SSL_CTX *ssl_ctx = NULL;
1881 SSL *ssl = NULL;
1882 size_t dlen;
1883 int failure;
1884 int alert;
1885 CBB cbb;
1886 CBS cbs;
1887
1888 failure = 1;
1889
1890 CBB_init(&cbb, 0);
1891
1892 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1893 errx(1, "failed to create SSL_CTX");
1894 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1895 errx(1, "failed to create SSL");
1896
1897 if (tlsext_ocsp_client_needs(ssl)) {
1898 FAIL("client should not need ocsp\n");
1899 goto err;
1900 }
1901 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
1902
1903 if (!tlsext_ocsp_client_needs(ssl)) {
1904 FAIL("client should need ocsp\n");
1905 goto err;
1906 }
1907 if (!tlsext_ocsp_client_build(ssl, &cbb)) {
1908 FAIL("client failed to build SNI\n");
1909 goto err;
1910 }
1911 if (!CBB_finish(&cbb, &data, &dlen))
1912 errx(1, "failed to finish CBB");
1913
1914 if (dlen != sizeof(tls_ocsp_client_default)) {
1915 FAIL("got ocsp client with length %zu, "
1916 "want length %zu\n", dlen,
1917 sizeof(tls_ocsp_client_default));
1918 goto err;
1919 }
1920 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
1921 FAIL("ocsp client differs:\n");
1922 fprintf(stderr, "received:\n");
1923 hexdump(data, dlen);
1924 fprintf(stderr, "test data:\n");
1925 hexdump(tls_ocsp_client_default,
1926 sizeof(tls_ocsp_client_default));
1927 goto err;
1928 }
1929 CBS_init(&cbs, tls_ocsp_client_default,
1930 sizeof(tls_ocsp_client_default));
1931 if (!tlsext_ocsp_server_parse(ssl, &cbs, &alert)) {
1932 FAIL("failed to parse ocsp client\n");
1933 goto err;
1934 }
1935 if (CBS_len(&cbs) != 0) {
1936 FAIL("extension data remaining");
1937 goto err;
1938 }
1939
1940 failure = 0;
1941
1942 err:
1943 CBB_cleanup(&cbb);
1944 SSL_CTX_free(ssl_ctx);
1945 SSL_free(ssl);
1946 free(data);
1947
1948 return (failure);
1949}
1950
1951static int
1952test_tlsext_ocsp_server(void)
1953{
1954 unsigned char *data = NULL;
1955 SSL_CTX *ssl_ctx = NULL;
1956 SSL *ssl = NULL;
1957 size_t dlen;
1958 int failure;
1959 CBB cbb;
1960
1961 failure = 1;
1962
1963 CBB_init(&cbb, 0);
1964
1965 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1966 errx(1, "failed to create SSL_CTX");
1967 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1968 errx(1, "failed to create SSL");
1969
1970 if (tlsext_ocsp_server_needs(ssl)) {
1971 FAIL("server should not need ocsp\n");
1972 goto err;
1973 }
1974
1975 ssl->internal->tlsext_status_expected = 1;
1976
1977 if (!tlsext_ocsp_server_needs(ssl)) {
1978 FAIL("server should need ocsp\n");
1979 goto err;
1980 }
1981 if (!tlsext_ocsp_server_build(ssl, &cbb)) {
1982 FAIL("server failed to build ocsp\n");
1983 goto err;
1984 }
1985
1986 if (!CBB_finish(&cbb, &data, &dlen))
1987 errx(1, "failed to finish CBB");
1988
1989 failure = 0;
1990
1991 err:
1992 CBB_cleanup(&cbb);
1993 SSL_CTX_free(ssl_ctx);
1994 SSL_free(ssl);
1995 free(data);
1996
1997 return (failure);
1998}
1999
2000/*
2001 * Session ticket - RFC 5077 since no known implementations use 4507.
2002 *
2003 * Session tickets can be length 0 (special case) to 2^16-1.
2004 *
2005 * The state is encrypted by the server so it is opaque to the client.
2006 */
2007static uint8_t tlsext_sessionticket_hello_min[1];
2008static uint8_t tlsext_sessionticket_hello_max[65535];
2009
2010static int
2011test_tlsext_sessionticket_client(void)
2012{
2013 unsigned char *data = NULL;
2014 SSL_CTX *ssl_ctx = NULL;
2015 SSL *ssl = NULL;
2016 int failure;
2017 CBB cbb;
2018 size_t dlen;
2019 uint8_t dummy[1234];
2020
2021 failure = 1;
2022
2023 CBB_init(&cbb, 0);
2024
2025 /* Create fake session tickets with random data. */
2026 arc4random_buf(tlsext_sessionticket_hello_min,
2027 sizeof(tlsext_sessionticket_hello_min));
2028 arc4random_buf(tlsext_sessionticket_hello_max,
2029 sizeof(tlsext_sessionticket_hello_max));
2030
2031 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2032 errx(1, "failed to create SSL_CTX");
2033 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2034 errx(1, "failed to create SSL");
2035
2036 /* Should need a ticket by default. */
2037 if (!tlsext_sessionticket_client_needs(ssl)) {
2038 FAIL("client should need Sessionticket for default "
2039 "ciphers\n");
2040 goto err;
2041 }
2042
2043 /* Test disabling tickets. */
2044 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2045 FAIL("Cannot disable tickets in the TLS connection");
2046 return 0;
2047 }
2048 if (tlsext_sessionticket_client_needs(ssl)) {
2049 FAIL("client should not need SessionTicket if it was disabled");
2050 goto err;
2051 }
2052
2053 /* Test re-enabling tickets. */
2054 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2055 FAIL("Cannot re-enable tickets in the TLS connection");
2056 return 0;
2057 }
2058 if (!tlsext_sessionticket_client_needs(ssl)) {
2059 FAIL("client should need SessionTicket if it was disabled");
2060 goto err;
2061 }
2062
2063 /* Since we don't have a session, we should build an empty ticket. */
2064 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2065 FAIL("Cannot build a ticket");
2066 goto err;
2067 }
2068 if (!CBB_finish(&cbb, &data, &dlen)) {
2069 FAIL("Cannot finish CBB");
2070 goto err;
2071 }
2072 if (dlen != 0) {
2073 FAIL("Expected 0 length but found %zu\n", dlen);
2074 goto err;
2075 }
2076
2077 CBB_cleanup(&cbb);
2078 CBB_init(&cbb, 0);
2079 free(data);
2080 data = NULL;
2081
2082 /* With a new session (but no ticket), we should still have 0 length */
2083 if ((ssl->session = SSL_SESSION_new()) == NULL)
2084 errx(1, "failed to create session");
2085 if (!tlsext_sessionticket_client_needs(ssl)) {
2086 FAIL("Should still want a session ticket with a new session");
2087 goto err;
2088 }
2089 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2090 FAIL("Cannot build a ticket");
2091 goto err;
2092 }
2093 if (!CBB_finish(&cbb, &data, &dlen)) {
2094 FAIL("Cannot finish CBB");
2095 goto err;
2096 }
2097 if (dlen != 0) {
2098 FAIL("Expected 0 length but found %zu\n", dlen);
2099 goto err;
2100 }
2101
2102 CBB_cleanup(&cbb);
2103 CBB_init(&cbb, 0);
2104 free(data);
2105 data = NULL;
2106
2107 /* With a new session (and ticket), we should use that ticket */
2108 SSL_SESSION_free(ssl->session);
2109 if ((ssl->session = SSL_SESSION_new()) == NULL)
2110 errx(1, "failed to create session");
2111
2112 arc4random_buf(&dummy, sizeof(dummy));
2113 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2114 errx(1, "failed to malloc");
2115 }
2116 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2117 ssl->session->tlsext_ticklen = sizeof(dummy);
2118
2119 if (!tlsext_sessionticket_client_needs(ssl)) {
2120 FAIL("Should still want a session ticket with a new session");
2121 goto err;
2122 }
2123 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2124 FAIL("Cannot build a ticket");
2125 goto err;
2126 }
2127 if (!CBB_finish(&cbb, &data, &dlen)) {
2128 FAIL("Cannot finish CBB");
2129 goto err;
2130 }
2131 if (dlen != sizeof(dummy)) {
2132 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2133 goto err;
2134 }
2135 if (memcmp(data, dummy, dlen) != 0) {
2136 FAIL("server SNI differs:\n");
2137 compare_data(data, dlen,
2138 dummy, sizeof(dummy));
2139 goto err;
2140 }
2141
2142 CBB_cleanup(&cbb);
2143 CBB_init(&cbb, 0);
2144 free(data);
2145 data = NULL;
2146 free(ssl->session->tlsext_tick);
2147 ssl->session->tlsext_tick = NULL;
2148 ssl->session->tlsext_ticklen = 0;
2149
2150 /*
2151 * Send in NULL to disable session tickets at runtime without going
2152 * through SSL_set_options().
2153 */
2154 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2155 FAIL("Could not set a NULL custom ticket");
2156 goto err;
2157 }
2158 /* Should not need a ticket in this case */
2159 if (tlsext_sessionticket_client_needs(ssl)) {
2160 FAIL("Should not want to use session tickets with a NULL custom");
2161 goto err;
2162 }
2163
2164 /*
2165 * If you want to remove the tlsext_session_ticket behavior, you have
2166 * to do it manually.
2167 */
2168 free(ssl->internal->tlsext_session_ticket);
2169 ssl->internal->tlsext_session_ticket = NULL;
2170
2171 if (!tlsext_sessionticket_client_needs(ssl)) {
2172 FAIL("Should need a session ticket again when the custom one is removed");
2173 goto err;
2174 }
2175
2176 /* Test a custom session ticket (not recommended in practice) */
2177 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2178 sizeof(tlsext_sessionticket_hello_max))) {
2179 FAIL("Should be able to set a custom ticket");
2180 goto err;
2181 }
2182 if (!tlsext_sessionticket_client_needs(ssl)) {
2183 FAIL("Should need a session ticket again when the custom one is not empty");
2184 goto err;
2185 }
2186 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2187 FAIL("Cannot build a ticket with a max length random payload");
2188 goto err;
2189 }
2190 if (!CBB_finish(&cbb, &data, &dlen)) {
2191 FAIL("Cannot finish CBB");
2192 goto err;
2193 }
2194 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2195 FAIL("Expected %zu length but found %zu\n",
2196 sizeof(tlsext_sessionticket_hello_max), dlen);
2197 goto err;
2198 }
2199 if (memcmp(data, tlsext_sessionticket_hello_max,
2200 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2201 FAIL("Expected to get what we passed in");
2202 compare_data(data, dlen,
2203 tlsext_sessionticket_hello_max,
2204 sizeof(tlsext_sessionticket_hello_max));
2205 goto err;
2206 }
2207
2208 failure = 0;
2209
2210 err:
2211 CBB_cleanup(&cbb);
2212 SSL_CTX_free(ssl_ctx);
2213 SSL_free(ssl);
2214 free(data);
2215
2216 return (failure);
2217}
2218
2219
2220static int
2221test_tlsext_sessionticket_server(void)
2222{
2223 SSL_CTX *ssl_ctx = NULL;
2224 SSL *ssl = NULL;
2225 int failure;
2226 uint8_t *data;
2227 size_t dlen;
2228 CBB cbb;
2229
2230 CBB_init(&cbb, 0);
2231
2232 failure = 1;
2233
2234 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2235 errx(1, "failed to create SSL_CTX");
2236 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2237 errx(1, "failed to create SSL");
2238
2239 /*
2240 * By default, should not need a session ticket since the ticket
2241 * is not yet expected.
2242 */
2243 if (tlsext_sessionticket_server_needs(ssl)) {
2244 FAIL("server should not need SessionTicket by default\n");
2245 goto err;
2246 }
2247
2248 /* Test disabling tickets. */
2249 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2250 FAIL("Cannot disable tickets in the TLS connection");
2251 return 0;
2252 }
2253 if (tlsext_sessionticket_server_needs(ssl)) {
2254 FAIL("server should not need SessionTicket if it was disabled");
2255 goto err;
2256 }
2257
2258 /* Test re-enabling tickets. */
2259 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2260 FAIL("Cannot re-enable tickets in the TLS connection");
2261 return 0;
2262 }
2263 if (tlsext_sessionticket_server_needs(ssl)) {
2264 FAIL("server should not need SessionTicket yet");
2265 goto err;
2266 }
2267
2268 /* Set expected to require it. */
2269 ssl->internal->tlsext_ticket_expected = 1;
2270 if (!tlsext_sessionticket_server_needs(ssl)) {
2271 FAIL("server should now be required for SessionTicket");
2272 goto err;
2273 }
2274
2275 /* server hello's session ticket should always be 0 length payload. */
2276 if (!tlsext_sessionticket_server_build(ssl, &cbb)) {
2277 FAIL("Cannot build a ticket with a max length random payload");
2278 goto err;
2279 }
2280 if (!CBB_finish(&cbb, &data, &dlen)) {
2281 FAIL("Cannot finish CBB");
2282 goto err;
2283 }
2284 if (dlen != 0) {
2285 FAIL("Expected 0 length but found %zu\n", dlen);
2286 goto err;
2287 }
2288
2289 failure = 0;
2290
2291 err:
2292 SSL_CTX_free(ssl_ctx);
2293 SSL_free(ssl);
2294
2295 return (failure);
2296}
2297
2298#ifndef OPENSSL_NO_SRTP
2299/*
2300 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2301 */
2302
2303/* Colon separated string values */
2304const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2305const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2306
2307const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2308const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2309
2310const uint8_t tlsext_srtp_single[] = {
2311 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2312 0x00, 0x02, /* len */
2313 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2314 0x00 /* opaque srtp_mki<0..255> */
2315};
2316
2317const uint8_t tlsext_srtp_multiple[] = {
2318 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2319 0x00, 0x04, /* len */
2320 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2321 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2322 0x00 /* opaque srtp_mki<0..255> */
2323};
2324
2325const uint8_t tlsext_srtp_multiple_invalid[] = {
2326 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2327 0x00, 0x04, /* len */
2328 0x00, 0x08, /* arbitrary value not found in known profiles */
2329 0x00, 0x09, /* arbitrary value not found in known profiles */
2330 0x00 /* opaque srtp_mki<0..255> */
2331};
2332
2333const uint8_t tlsext_srtp_single_invalid[] = {
2334 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2335 0x00, 0x02, /* len */
2336 0x00, 0x08, /* arbitrary value not found in known profiles */
2337 0x00 /* opaque srtp_mki<0..255> */
2338};
2339
2340const uint8_t tlsext_srtp_multiple_one_valid[] = {
2341 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2342 0x00, 0x04, /* len */
2343 0x00, 0x08, /* arbitrary value not found in known profiles */
2344 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2345 0x00 /* opaque srtp_mki<0..255> */
2346};
2347
2348static int
2349test_tlsext_srtp_client(void)
2350{
2351 SRTP_PROTECTION_PROFILE *prof;
2352 SSL_CTX *ssl_ctx = NULL;
2353 SSL *ssl = NULL;
2354 uint8_t *data = NULL;
2355 CBB cbb;
2356 CBS cbs;
2357 int failure, alert;
2358 size_t dlen;
2359
2360 CBB_init(&cbb, 0);
2361
2362 failure = 1;
2363
2364 /* SRTP is for DTLS */
2365 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2366 errx(1, "failed to create SSL_CTX");
2367 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2368 errx(1, "failed to create SSL");
2369
2370 /* By default, we don't need this */
2371 if (tlsext_srtp_client_needs(ssl)) {
2372 FAIL("client should not need SRTP by default\n");
2373 goto err;
2374 }
2375
2376 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2377 FAIL("should be able to set a single SRTP\n");
2378 goto err;
2379 }
2380 if (!tlsext_srtp_client_needs(ssl)) {
2381 FAIL("client should need SRTP\n");
2382 goto err;
2383 }
2384
2385 /* Make sure we can build the client with a single profile. */
2386
2387 if (!tlsext_srtp_client_build(ssl, &cbb)) {
2388 FAIL("client failed to build SRTP\n");
2389 goto err;
2390 }
2391 if (!CBB_finish(&cbb, &data, &dlen))
2392 errx(1, "failed to finish CBB");
2393
2394 if (dlen != sizeof(tlsext_srtp_single)) {
2395 FAIL("got client SRTP with length %zu, "
2396 "want length %zu\n", dlen,
2397 sizeof(tlsext_srtp_single));
2398 compare_data(data, dlen, tlsext_srtp_single,
2399 sizeof(tlsext_srtp_single));
2400 goto err;
2401 }
2402 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2403 FAIL("client SRTP differs:\n");
2404 compare_data(data, dlen, tlsext_srtp_single,
2405 sizeof(tlsext_srtp_single));
2406 goto err;
2407 }
2408
2409 CBB_cleanup(&cbb);
2410 CBB_init(&cbb, 0);
2411 free(data);
2412 data = NULL;
2413
2414 /* Make sure we can parse the single profile. */
2415
2416 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2417 FAIL("SRTP profile should not be set yet\n");
2418 goto err;
2419 }
2420
2421 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2422 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2423 FAIL("failed to parse SRTP\n");
2424 goto err;
2425 }
2426 if (CBS_len(&cbs) != 0) {
2427 FAIL("extension data remaining");
2428 goto err;
2429 }
2430
2431 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2432 FAIL("SRTP profile should be set now\n");
2433 goto err;
2434 }
2435 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2436 FAIL("SRTP profile was not set properly\n");
2437 goto err;
2438 }
2439
2440 if (!tlsext_srtp_server_needs(ssl)) {
2441 FAIL("should send server extension when profile selected\n");
2442 goto err;
2443 }
2444
2445 /* Make sure we can build the clienthello with multiple entries. */
2446
2447 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2448 FAIL("should be able to set SRTP to multiple profiles\n");
2449 goto err;
2450 }
2451 if (!tlsext_srtp_client_needs(ssl)) {
2452 FAIL("client should need SRTP by now\n");
2453 goto err;
2454 }
2455
2456 if (!tlsext_srtp_client_build(ssl, &cbb)) {
2457 FAIL("client failed to build SRTP\n");
2458 goto err;
2459 }
2460 if (!CBB_finish(&cbb, &data, &dlen))
2461 errx(1, "failed to finish CBB");
2462
2463 if (dlen != sizeof(tlsext_srtp_multiple)) {
2464 FAIL("got client SRTP with length %zu, "
2465 "want length %zu\n", dlen,
2466 sizeof(tlsext_srtp_multiple));
2467 compare_data(data, dlen, tlsext_srtp_multiple,
2468 sizeof(tlsext_srtp_multiple));
2469 goto err;
2470 }
2471 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2472 FAIL("client SRTP differs:\n");
2473 compare_data(data, dlen, tlsext_srtp_multiple,
2474 sizeof(tlsext_srtp_multiple));
2475 goto err;
2476 }
2477
2478 CBB_cleanup(&cbb);
2479 CBB_init(&cbb, 0);
2480 free(data);
2481 data = NULL;
2482
2483 /* Make sure we can parse multiple profiles (selects server preferred) */
2484
2485 ssl->internal->srtp_profile = NULL;
2486
2487 CBS_init(&cbs, tlsext_srtp_multiple,
2488 sizeof(tlsext_srtp_multiple));
2489 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2490 FAIL("failed to parse SRTP\n");
2491 goto err;
2492 }
2493 if (CBS_len(&cbs) != 0) {
2494 FAIL("extension data remaining");
2495 goto err;
2496 }
2497
2498 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2499 FAIL("SRTP profile should be set now\n");
2500 goto err;
2501 }
2502 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2503 FAIL("SRTP profile was not set properly\n");
2504 goto err;
2505 }
2506
2507 if (!tlsext_srtp_server_needs(ssl)) {
2508 FAIL("should send server extension when profile selected\n");
2509 goto err;
2510 }
2511
2512 /*
2513 * Make sure we can parse the clienthello with multiple entries
2514 * where one is unknown.
2515 */
2516 ssl->internal->srtp_profile = NULL;
2517
2518 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2519 sizeof(tlsext_srtp_multiple_one_valid));
2520 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2521 FAIL("failed to parse SRTP\n");
2522 goto err;
2523 }
2524 if (CBS_len(&cbs) != 0) {
2525 FAIL("extension data remaining");
2526 goto err;
2527 }
2528
2529 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2530 FAIL("SRTP profile should be set now\n");
2531 goto err;
2532 }
2533 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
2534 FAIL("SRTP profile was not set properly\n");
2535 goto err;
2536 }
2537
2538 if (!tlsext_srtp_server_needs(ssl)) {
2539 FAIL("should send server extension when profile selected\n");
2540 goto err;
2541 }
2542
2543 /* Make sure we fall back to negotiated when none work. */
2544
2545 ssl->internal->srtp_profile = NULL;
2546
2547 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
2548 sizeof(tlsext_srtp_multiple_invalid));
2549 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2550 FAIL("should be able to fall back to negotiated\n");
2551 goto err;
2552 }
2553 if (CBS_len(&cbs) != 0) {
2554 FAIL("extension data remaining");
2555 goto err;
2556 }
2557
2558 /* If we fallback, the server should NOT send the extension. */
2559 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2560 FAIL("should not have selected a profile when none found\n");
2561 goto err;
2562 }
2563 if (tlsext_srtp_server_needs(ssl)) {
2564 FAIL("should not send server tlsext when no profile found\n");
2565 goto err;
2566 }
2567
2568 failure = 0;
2569
2570 err:
2571 CBB_cleanup(&cbb);
2572 SSL_CTX_free(ssl_ctx);
2573 SSL_free(ssl);
2574 free(data);
2575
2576 return (failure);
2577}
2578
2579static int
2580test_tlsext_srtp_server(void)
2581{
2582 SRTP_PROTECTION_PROFILE *prof;
2583 SSL_CTX *ssl_ctx = NULL;
2584 SSL *ssl = NULL;
2585 uint8_t *data = NULL;
2586 CBB cbb;
2587 CBS cbs;
2588 int failure, alert;
2589 size_t dlen;
2590
2591 CBB_init(&cbb, 0);
2592
2593 failure = 1;
2594
2595 /* SRTP is for DTLS */
2596 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2597 errx(1, "failed to create SSL_CTX");
2598 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2599 errx(1, "failed to create SSL");
2600
2601 /* By default, we don't need this */
2602 if (tlsext_srtp_server_needs(ssl)) {
2603 FAIL("server should not need SRTP by default\n");
2604 goto err;
2605 }
2606
2607 if (srtp_find_profile_by_name((char *)tlsext_srtp_aes128cmsha80, &prof,
2608 strlen(tlsext_srtp_aes128cmsha80))) {
2609 FAIL("should be able to find the given profile\n");
2610 goto err;
2611 }
2612 ssl->internal->srtp_profile = prof;
2613 if (!tlsext_srtp_server_needs(ssl)) {
2614 FAIL("server should need SRTP by now\n");
2615 goto err;
2616 }
2617
2618 /* Make sure we can build the server with a single profile. */
2619
2620 if (!tlsext_srtp_server_build(ssl, &cbb)) {
2621 FAIL("server failed to build SRTP\n");
2622 goto err;
2623 }
2624 if (!CBB_finish(&cbb, &data, &dlen))
2625 errx(1, "failed to finish CBB");
2626
2627 if (dlen != sizeof(tlsext_srtp_single)) {
2628 FAIL("got server SRTP with length %zu, "
2629 "want length %zu\n", dlen,
2630 sizeof(tlsext_srtp_single));
2631 compare_data(data, dlen, tlsext_srtp_single,
2632 sizeof(tlsext_srtp_single));
2633 goto err;
2634 }
2635 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2636 FAIL("server SRTP differs:\n");
2637 compare_data(data, dlen, tlsext_srtp_single,
2638 sizeof(tlsext_srtp_single));
2639 goto err;
2640 }
2641
2642 CBB_cleanup(&cbb);
2643 CBB_init(&cbb, 0);
2644 free(data);
2645 data = NULL;
2646
2647 /* Make sure we can parse the single profile. */
2648 ssl->internal->srtp_profile = NULL;
2649
2650 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2651 FAIL("SRTP profile should not be set yet\n");
2652 goto err;
2653 }
2654
2655 /* Setup the environment as if a client sent a list of profiles. */
2656 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2657 FAIL("should be able to set multiple profiles in SRTP\n");
2658 goto err;
2659 }
2660
2661 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2662 if (!tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2663 FAIL("failed to parse SRTP\n");
2664 goto err;
2665 }
2666 if (CBS_len(&cbs) != 0) {
2667 FAIL("extension data remaining");
2668 goto err;
2669 }
2670
2671 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2672 FAIL("SRTP profile should be set now\n");
2673 goto err;
2674 }
2675 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2676 FAIL("SRTP profile was not set properly\n");
2677 goto err;
2678 }
2679
2680 /* Make sure we cannot parse multiple profiles */
2681 ssl->internal->srtp_profile = NULL;
2682
2683 CBS_init(&cbs, tlsext_srtp_multiple,
2684 sizeof(tlsext_srtp_multiple));
2685 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2686 FAIL("should not find multiple entries from the server\n");
2687 goto err;
2688 }
2689
2690 /* Make sure we cannot parse a server with unknown profile */
2691 ssl->internal->srtp_profile = NULL;
2692
2693 CBS_init(&cbs, tlsext_srtp_single_invalid,
2694 sizeof(tlsext_srtp_single_invalid));
2695 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2696 FAIL("should not be able to parse this\n");
2697 goto err;
2698 }
2699
2700 failure = 0;
2701
2702 err:
2703 CBB_cleanup(&cbb);
2704 SSL_CTX_free(ssl_ctx);
2705 SSL_free(ssl);
2706 free(data);
2707
2708 return (failure);
2709}
2710#endif /* OPENSSL_NO_SRTP */
2711
2712unsigned char tlsext_clienthello_default[] = {
2713 0x00, 0x32, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
2714 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x1d,
2715 0x00, 0x17, 0x00, 0x18, 0x00, 0x23, 0x00, 0x00,
2716 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06,
2717 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01,
2718 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03,
2719 0x02, 0x01, 0x02, 0x03,
2720};
2721
2722unsigned char tlsext_clienthello_disabled[] = {};
2723
2724static int
2725test_tlsext_clienthello_build(void)
2726{
2727 unsigned char *data = NULL;
2728 SSL_CTX *ssl_ctx = NULL;
2729 SSL *ssl = NULL;
2730 size_t dlen;
2731 int failure;
2732 CBB cbb;
2733
2734 failure = 1;
2735
2736 if (!CBB_init(&cbb, 0))
2737 errx(1, "failed to create CBB");
2738
2739 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2740 errx(1, "failed to create SSL_CTX");
2741 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2742 errx(1, "failed to create SSL");
2743
2744 if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) {
2745 FAIL("failed to build clienthello extensions\n");
2746 goto err;
2747 }
2748 if (!CBB_finish(&cbb, &data, &dlen))
2749 errx(1, "failed to finish CBB");
2750
2751 if (dlen != sizeof(tlsext_clienthello_default)) {
2752 FAIL("got clienthello extensions with length %zu, "
2753 "want length %zu\n", dlen,
2754 sizeof(tlsext_clienthello_default));
2755 compare_data(data, dlen, tlsext_clienthello_default,
2756 sizeof(tlsext_clienthello_default));
2757 goto err;
2758 }
2759 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
2760 FAIL("clienthello extensions differs:\n");
2761 compare_data(data, dlen, tlsext_clienthello_default,
2762 sizeof(tlsext_clienthello_default));
2763 goto err;
2764 }
2765
2766 CBB_cleanup(&cbb);
2767 CBB_init(&cbb, 0);
2768
2769 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
2770 ssl->client_version = TLS1_1_VERSION;
2771 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
2772 FAIL("failed to set cipher list\n");
2773 goto err;
2774 }
2775 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2776 FAIL("failed to disable session tickets");
2777 return 0;
2778 }
2779
2780 if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) {
2781 FAIL("failed to build clienthello extensions\n");
2782 goto err;
2783 }
2784 if (!CBB_finish(&cbb, &data, &dlen))
2785 errx(1, "failed to finish CBB");
2786
2787 if (dlen != sizeof(tlsext_clienthello_disabled)) {
2788 FAIL("got clienthello extensions with length %zu, "
2789 "want length %zu\n", dlen,
2790 sizeof(tlsext_clienthello_disabled));
2791 compare_data(data, dlen, tlsext_clienthello_disabled,
2792 sizeof(tlsext_clienthello_disabled));
2793 goto err;
2794 }
2795 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
2796 FAIL("clienthello extensions differs:\n");
2797 compare_data(data, dlen, tlsext_clienthello_disabled,
2798 sizeof(tlsext_clienthello_disabled));
2799 goto err;
2800 }
2801
2802 failure = 0;
2803
2804 err:
2805 CBB_cleanup(&cbb);
2806 SSL_CTX_free(ssl_ctx);
2807 SSL_free(ssl);
2808 free(data);
2809
2810 return (failure);
2811}
2812
2813unsigned char tlsext_serverhello_default[] = {};
2814
2815unsigned char tlsext_serverhello_enabled[] = {
2816 0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
2817 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
2818 0x00, 0x00, 0x23, 0x00, 0x00,
2819};
2820
2821static int
2822test_tlsext_serverhello_build(void)
2823{
2824 unsigned char *data = NULL;
2825 SSL_CTX *ssl_ctx = NULL;
2826 SSL *ssl = NULL;
2827 size_t dlen;
2828 int failure;
2829 CBB cbb;
2830
2831 failure = 1;
2832
2833 if (!CBB_init(&cbb, 0))
2834 errx(1, "failed to create CBB");
2835
2836 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2837 errx(1, "failed to create SSL_CTX");
2838 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2839 errx(1, "failed to create SSL");
2840 if ((ssl->session = SSL_SESSION_new()) == NULL)
2841 errx(1, "failed to create session");
2842
2843 S3I(ssl)->hs.new_cipher =
2844 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
2845
2846 if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) {
2847 FAIL("failed to build serverhello extensions\n");
2848 goto err;
2849 }
2850 if (!CBB_finish(&cbb, &data, &dlen))
2851 errx(1, "failed to finish CBB");
2852
2853 if (dlen != sizeof(tlsext_serverhello_default)) {
2854 FAIL("got serverhello extensions with length %zu, "
2855 "want length %zu\n", dlen,
2856 sizeof(tlsext_serverhello_default));
2857 compare_data(data, dlen, tlsext_serverhello_default,
2858 sizeof(tlsext_serverhello_default));
2859 goto err;
2860 }
2861 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
2862 FAIL("serverhello extensions differs:\n");
2863 compare_data(data, dlen, tlsext_serverhello_default,
2864 sizeof(tlsext_serverhello_default));
2865 goto err;
2866 }
2867
2868 CBB_cleanup(&cbb);
2869 CBB_init(&cbb, 0);
2870
2871 /* Turn a few things on so we get extensions... */
2872 S3I(ssl)->send_connection_binding = 1;
2873 S3I(ssl)->hs.new_cipher =
2874 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
2875 ssl->internal->tlsext_status_expected = 1;
2876 ssl->internal->tlsext_ticket_expected = 1;
2877 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL)
2878 errx(1, "malloc failed");
2879 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
2880 SSI(ssl)->tlsext_ecpointformatlist[0] =
2881 TLSEXT_ECPOINTFORMAT_uncompressed;
2882
2883 if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) {
2884 FAIL("failed to build serverhello extensions\n");
2885 goto err;
2886 }
2887 if (!CBB_finish(&cbb, &data, &dlen))
2888 errx(1, "failed to finish CBB");
2889
2890 if (dlen != sizeof(tlsext_serverhello_enabled)) {
2891 FAIL("got serverhello extensions with length %zu, "
2892 "want length %zu\n", dlen,
2893 sizeof(tlsext_serverhello_enabled));
2894 compare_data(data, dlen, tlsext_serverhello_enabled,
2895 sizeof(tlsext_serverhello_enabled));
2896 goto err;
2897 }
2898 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
2899 FAIL("serverhello extensions differs:\n");
2900 compare_data(data, dlen, tlsext_serverhello_enabled,
2901 sizeof(tlsext_serverhello_enabled));
2902 goto err;
2903 }
2904
2905 failure = 0;
2906
2907 err:
2908 CBB_cleanup(&cbb);
2909 SSL_CTX_free(ssl_ctx);
2910 SSL_free(ssl);
2911 free(data);
2912
2913 return (failure);
2914}
2915
2916const unsigned char tlsext_versions_client[] = {
2917 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
2918 0x02, 0x03, 0x01,
2919};
2920
2921const unsigned char tlsext_versions_server[] = {
2922 0x03, 0x04,
2923};
2924
2925static int
2926test_tlsext_versions_client(void)
2927{
2928 unsigned char *data = NULL;
2929 SSL_CTX *ssl_ctx = NULL;
2930 SSL *ssl = NULL;
2931 int failure = 0;
2932 size_t dlen;
2933 int alert;
2934 CBB cbb;
2935 CBS cbs;
2936
2937 CBB_init(&cbb, 0);
2938
2939 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2940 errx(1, "failed to create SSL_CTX");
2941 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2942 errx(1, "failed to create SSL");
2943
2944 S3I(ssl)->hs_tls13.max_version = 0;
2945
2946 if (tlsext_versions_client_needs(ssl)) {
2947 FAIL("client should not need versions\n");
2948 failure = 1;
2949 goto done;
2950 }
2951
2952 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
2953
2954 if (tlsext_versions_client_needs(ssl)) {
2955 FAIL("client should not need versions\n");
2956 failure = 1;
2957 goto done;
2958 }
2959
2960 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2961
2962 if (!tlsext_versions_client_needs(ssl)) {
2963 FAIL("client should need versions\n");
2964 failure = 1;
2965 goto done;
2966 }
2967
2968 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2969 S3I(ssl)->hs_tls13.min_version = 0;
2970 if (tlsext_versions_client_build(ssl, &cbb)) {
2971 FAIL("client should not have built versions\n");
2972 failure = 1;
2973 goto done;
2974 }
2975
2976 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2977 S3I(ssl)->hs_tls13.min_version = TLS1_VERSION;
2978 if (!tlsext_versions_client_build(ssl, &cbb)) {
2979 FAIL("client should have built versions\n");
2980 failure = 1;
2981 goto done;
2982 }
2983
2984 if (!CBB_finish(&cbb, &data, &dlen)) {
2985 FAIL("failed to finish CBB");
2986 failure = 1;
2987 goto done;
2988 }
2989
2990 if (dlen != sizeof(tlsext_versions_client)) {
2991 FAIL("got versions with length %zu, "
2992 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
2993 failure = 1;
2994 goto done;
2995 }
2996
2997 CBS_init(&cbs, data, dlen);
2998 if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) {
2999 FAIL("failed to parse client versions\n");
3000 failure = 1;
3001 goto done;
3002 }
3003 if (CBS_len(&cbs) != 0) {
3004 FAIL("extension data remaining");
3005 failure = 1;
3006 goto done;
3007 }
3008 done:
3009 CBB_cleanup(&cbb);
3010 SSL_CTX_free(ssl_ctx);
3011 SSL_free(ssl);
3012 free(data);
3013
3014 return (failure);
3015}
3016
3017
3018static int
3019test_tlsext_versions_server(void)
3020{
3021 unsigned char *data = NULL;
3022 SSL_CTX *ssl_ctx = NULL;
3023 SSL *ssl = NULL;
3024 int failure = 0;
3025 size_t dlen;
3026 int alert;
3027 CBB cbb;
3028 CBS cbs;
3029
3030 CBB_init(&cbb, 0);
3031
3032 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3033 errx(1, "failed to create SSL_CTX");
3034 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3035 errx(1, "failed to create SSL");
3036
3037 ssl->version = TLS1_2_VERSION;
3038
3039 if (tlsext_versions_server_needs(ssl)) {
3040 FAIL("server should not need versions\n");
3041 failure = 1;
3042 goto done;
3043 }
3044
3045 ssl->version = TLS1_3_VERSION;
3046
3047 if (!tlsext_versions_server_needs(ssl)) {
3048 FAIL("server should need versions\n");
3049 failure = 1;
3050 goto done;
3051 }
3052
3053 if (!tlsext_versions_server_build(ssl, &cbb)) {
3054 FAIL("server should have built versions\n");
3055 failure = 1;
3056 goto done;
3057 }
3058
3059 if (!CBB_finish(&cbb, &data, &dlen)) {
3060 FAIL("failed to finish CBB");
3061 failure = 1;
3062 goto done;
3063 }
3064
3065 if (dlen != sizeof(tlsext_versions_server)) {
3066 FAIL("got versions with length %zu, "
3067 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3068 failure = 1;
3069 goto done;
3070 }
3071
3072 CBS_init(&cbs, data, dlen);
3073 if (!tlsext_versions_client_parse(ssl, &cbs, &alert)) {
3074 FAIL("failed to parse client versions\n");
3075 failure = 1;
3076 goto done;
3077 }
3078 if (CBS_len(&cbs) != 0) {
3079 FAIL("extension data remaining");
3080 failure = 1;
3081 goto done;
3082 }
3083 done:
3084 CBB_cleanup(&cbb);
3085 SSL_CTX_free(ssl_ctx);
3086 SSL_free(ssl);
3087 free(data);
3088
3089 return (failure);
3090}
3091
3092const unsigned char tlsext_keyshare_client[] = {
3093 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3094 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3095 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
3096 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
3097 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3098};
3099
3100const unsigned char tlsext_keyshare_server[] = {
3101 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3102 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3103 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3104 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3105 0x76, 0x1e, 0xe8, 0x22
3106};
3107
3108static int
3109test_tlsext_keyshare_client(void)
3110{
3111 unsigned char *data = NULL;
3112 SSL_CTX *ssl_ctx = NULL;
3113 SSL *ssl = NULL;
3114 int failure = 0;
3115 size_t dlen;
3116 int alert;
3117 CBB cbb;
3118 CBS cbs;
3119
3120 CBB_init(&cbb, 0);
3121
3122 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3123 errx(1, "failed to create SSL_CTX");
3124 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3125 errx(1, "failed to create SSL");
3126
3127 S3I(ssl)->hs_tls13.max_version = 0;
3128
3129 if (tlsext_keyshare_client_needs(ssl)) {
3130 FAIL("client should not need keyshare\n");
3131 failure = 1;
3132 goto done;
3133 }
3134
3135 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3136 if (tlsext_keyshare_client_needs(ssl)) {
3137 FAIL("client should not need keyshare\n");
3138 failure = 1;
3139 goto done;
3140 }
3141
3142 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3143 if (!tlsext_keyshare_client_needs(ssl)) {
3144 FAIL("client should need keyshare\n");
3145 failure = 1;
3146 goto done;
3147 }
3148
3149 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3150 if (!tlsext_keyshare_client_build(ssl, &cbb)) {
3151 FAIL("client should have built keyshare\n");
3152 failure = 1;
3153 goto done;
3154 }
3155
3156 if (!CBB_finish(&cbb, &data, &dlen)) {
3157 FAIL("failed to finish CBB");
3158 failure = 1;
3159 goto done;
3160 }
3161
3162 if (dlen != sizeof(tlsext_keyshare_client)) {
3163 FAIL("got client keyshare with length %zu, "
3164 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
3165 failure = 1;
3166 goto done;
3167 }
3168
3169 (ssl)->version = TLS1_3_VERSION;
3170 CBS_init(&cbs, data, dlen);
3171
3172 if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) {
3173 FAIL("failed to parse client keyshare\n");
3174 failure = 1;
3175 goto done;
3176 }
3177
3178 if (CBS_len(&cbs) != 0) {
3179 FAIL("extension data remaining");
3180 failure = 1;
3181 goto done;
3182 }
3183
3184
3185 done:
3186 CBB_cleanup(&cbb);
3187 SSL_CTX_free(ssl_ctx);
3188 SSL_free(ssl);
3189 free(data);
3190
3191 return (failure);
3192}
3193
3194static int
3195test_tlsext_keyshare_server(void)
3196{
3197 unsigned char *data = NULL;
3198 SSL_CTX *ssl_ctx = NULL;
3199 SSL *ssl = NULL;
3200 int failure = 0;
3201 size_t dlen, idx;
3202 int alert;
3203 CBB cbb;
3204 CBS cbs;
3205 uint8_t bogokey[] = {
3206 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3207 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3208 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3209 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22
3210 };
3211
3212 CBB_init(&cbb, 0);
3213
3214 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3215 errx(1, "failed to create SSL_CTX");
3216 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3217 errx(1, "failed to create SSL");
3218
3219 (ssl)->version = 0;
3220 if (tlsext_keyshare_server_needs(ssl)) {
3221 FAIL("server should not need keyshare\n");
3222 failure = 1;
3223 goto done;
3224 }
3225
3226 (ssl)->version = TLS1_2_VERSION;
3227 if (tlsext_keyshare_server_needs(ssl)) {
3228 FAIL("server should not need keyshare\n");
3229 failure = 1;
3230 goto done;
3231 }
3232
3233 ssl->version = TLS1_3_VERSION;
3234 if (tlsext_keyshare_server_needs(ssl)) {
3235 FAIL("client should not need keyshare\n");
3236 failure = 1;
3237 goto done;
3238 }
3239
3240 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL)
3241 FAIL("Can't find keyshare extension");
3242 S3I(ssl)->hs.extensions_seen |= (1 << idx);
3243
3244 if (!tlsext_keyshare_server_needs(ssl)) {
3245 FAIL("server should need keyshare");
3246 failure = 1;
3247 goto done;
3248 }
3249
3250 if (tlsext_keyshare_server_build(ssl, &cbb)) {
3251 FAIL("server should not have built a keyshare response");
3252 failure = 1;
3253 goto done;
3254 }
3255
3256 if ((S3I(ssl)->hs_tls13.x25519_peer_public =
3257 malloc(sizeof(bogokey))) == NULL)
3258 errx(1, "malloc failed");
3259 memcpy(S3I(ssl)->hs_tls13.x25519_peer_public, bogokey, sizeof(bogokey));
3260
3261 if (!tlsext_keyshare_server_build(ssl, &cbb)) {
3262 FAIL("server should be able to build a keyshare response");
3263 failure = 1;
3264 goto done;
3265 }
3266
3267 if (!CBB_finish(&cbb, &data, &dlen)) {
3268 FAIL("failed to finish CBB");
3269 failure = 1;
3270 goto done;
3271 }
3272
3273 if (dlen != sizeof(tlsext_keyshare_server)) {
3274 FAIL("got server keyshare with length %zu, "
3275 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3276 failure = 1;
3277 goto done;
3278 }
3279
3280 CBS_init(&cbs, data, dlen);
3281
3282 if (!tlsext_keyshare_client_parse(ssl, &cbs, &alert)) {
3283 FAIL("failed to parse server keyshare\n");
3284 failure = 1;
3285 goto done;
3286 }
3287
3288 if (CBS_len(&cbs) != 0) {
3289 FAIL("extension data remaining");
3290 failure = 1;
3291 goto done;
3292 }
3293
3294done:
3295 CBB_cleanup(&cbb);
3296 SSL_CTX_free(ssl_ctx);
3297 SSL_free(ssl);
3298 free(data);
3299
3300 return (failure);
3301}
3302
3303/* One day I hope to be the only Muppet in this codebase */
3304const uint8_t cookie[] = "\n"
3305 " (o)(o) \n"
3306 " m' 'm \n"
3307 " M -****- M \n"
3308 " 'm m' \n"
3309 " m''''''''''m \n"
3310 " M M BB \n";
3311
3312static int
3313test_tlsext_cookie_client(void)
3314{
3315 unsigned char *data = NULL;
3316 SSL_CTX *ssl_ctx = NULL;
3317 SSL *ssl = NULL;
3318 int failure = 0;
3319 size_t dlen;
3320 int alert;
3321 CBB cbb;
3322 CBS cbs;
3323
3324 CBB_init(&cbb, 0);
3325
3326 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3327 errx(1, "failed to create SSL_CTX");
3328 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3329 errx(1, "failed to create SSL");
3330
3331 S3I(ssl)->hs_tls13.max_version = 0;
3332 if (tlsext_cookie_client_needs(ssl)) {
3333 FAIL("client should not need cookie\n");
3334 failure = 1;
3335 goto done;
3336 }
3337
3338 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3339 if (tlsext_cookie_client_needs(ssl)) {
3340 FAIL("client should not need cookie\n");
3341 failure = 1;
3342 goto done;
3343 }
3344
3345
3346 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3347 if (tlsext_cookie_client_needs(ssl)) {
3348 FAIL("client should not need cookie\n");
3349 failure = 1;
3350 goto done;
3351 }
3352
3353 /* Normally would be set by receiving a server cookie in an HRR */
3354 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3355 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3356
3357 if (!tlsext_cookie_client_needs(ssl)) {
3358 FAIL("client should need cookie");
3359 failure = 1;
3360 goto done;
3361 }
3362
3363 if (!tlsext_cookie_client_build(ssl, &cbb)) {
3364 FAIL("client should have built a cookie response");
3365 failure = 1;
3366 goto done;
3367 }
3368
3369 if (!CBB_finish(&cbb, &data, &dlen)) {
3370 FAIL("failed to finish CBB");
3371 failure = 1;
3372 goto done;
3373 }
3374
3375 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3376 FAIL("got cookie with length %zu, "
3377 "want length %zu\n", dlen, strlen(cookie) +
3378 sizeof(uint16_t));
3379 failure = 1;
3380 goto done;
3381 }
3382
3383 CBS_init(&cbs, data, dlen);
3384
3385 /* Checks cookie against what's in the hs_tls13 */
3386 if (!tlsext_cookie_server_parse(ssl, &cbs, &alert)) {
3387 FAIL("failed to parse client cookie\n");
3388 failure = 1;
3389 goto done;
3390 }
3391
3392 if (CBS_len(&cbs) != 0) {
3393 FAIL("extension data remaining");
3394 failure = 1;
3395 goto done;
3396 }
3397
3398 done:
3399 CBB_cleanup(&cbb);
3400 SSL_CTX_free(ssl_ctx);
3401 SSL_free(ssl);
3402 free(data);
3403
3404 return (failure);
3405}
3406
3407static int
3408test_tlsext_cookie_server(void)
3409{
3410 unsigned char *data = NULL;
3411 SSL_CTX *ssl_ctx = NULL;
3412 SSL *ssl = NULL;
3413 int failure = 0;
3414 size_t dlen;
3415 int alert;
3416 CBB cbb;
3417 CBS cbs;
3418
3419 CBB_init(&cbb, 0);
3420
3421 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3422 errx(1, "failed to create SSL_CTX");
3423 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3424 errx(1, "failed to create SSL");
3425
3426 S3I(ssl)->hs_tls13.max_version = 0;
3427 if (tlsext_cookie_server_needs(ssl)) {
3428 FAIL("server should not need cookie\n");
3429 failure = 1;
3430 goto done;
3431 }
3432
3433 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3434 if (tlsext_cookie_server_needs(ssl)) {
3435 FAIL("server should not need cookie\n");
3436 failure = 1;
3437 goto done;
3438 }
3439
3440
3441 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3442 if (tlsext_cookie_server_needs(ssl)) {
3443 FAIL("server should not need cookie\n");
3444 failure = 1;
3445 goto done;
3446 }
3447
3448 /* Normally would be set by server before sending HRR */
3449 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3450 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3451
3452 if (!tlsext_cookie_server_needs(ssl)) {
3453 FAIL("server should need cookie");
3454 failure = 1;
3455 goto done;
3456 }
3457
3458 if (!tlsext_cookie_server_build(ssl, &cbb)) {
3459 FAIL("server have built a cookie response");
3460 failure = 1;
3461 goto done;
3462 }
3463
3464 if (!CBB_finish(&cbb, &data, &dlen)) {
3465 FAIL("failed to finish CBB");
3466 failure = 1;
3467 goto done;
3468 }
3469
3470 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3471 FAIL("got cookie with length %zu, "
3472 "want length %zu\n", dlen, strlen(cookie) +
3473 sizeof(uint16_t));
3474 failure = 1;
3475 goto done;
3476 }
3477
3478 CBS_init(&cbs, data, dlen);
3479
3480 if (tlsext_cookie_client_parse(ssl, &cbs, &alert)) {
3481 FAIL("client should not have parsed server cookie\n");
3482 failure = 1;
3483 goto done;
3484 }
3485
3486 freezero(S3I(ssl)->hs_tls13.cookie, S3I(ssl)->hs_tls13.cookie_len);
3487 S3I(ssl)->hs_tls13.cookie = NULL;
3488 S3I(ssl)->hs_tls13.cookie_len = 0;
3489
3490 if (!tlsext_cookie_client_parse(ssl, &cbs, &alert)) {
3491 FAIL("failed to parse server cookie\n");
3492 failure = 1;
3493 goto done;
3494 }
3495
3496 if (memcmp(cookie, S3I(ssl)->hs_tls13.cookie,
3497 S3I(ssl)->hs_tls13.cookie_len) != 0) {
3498 FAIL("parsed server cookie does not match sent cookie\n");
3499 failure = 1;
3500 goto done;
3501 }
3502
3503 if (CBS_len(&cbs) != 0) {
3504 FAIL("extension data remaining");
3505 failure = 1;
3506 goto done;
3507 }
3508
3509done:
3510 CBB_cleanup(&cbb);
3511 SSL_CTX_free(ssl_ctx);
3512 SSL_free(ssl);
3513 free(data);
3514
3515 return (failure);
3516}
3517
3518
3519int
3520main(int argc, char **argv)
3521{
3522 int failed = 0;
3523
3524 SSL_library_init();
3525 SSL_load_error_strings();
3526
3527 failed |= test_tlsext_alpn_client();
3528 failed |= test_tlsext_alpn_server();
3529
3530 failed |= test_tlsext_supportedgroups_client();
3531 failed |= test_tlsext_supportedgroups_server();
3532
3533 failed |= test_tlsext_ecpf_client();
3534 failed |= test_tlsext_ecpf_server();
3535
3536 failed |= test_tlsext_ri_client();
3537 failed |= test_tlsext_ri_server();
3538
3539 failed |= test_tlsext_sigalgs_client();
3540 failed |= test_tlsext_sigalgs_server();
3541
3542 failed |= test_tlsext_sni_client();
3543 failed |= test_tlsext_sni_server();
3544
3545 failed |= test_tlsext_ocsp_client();
3546 failed |= test_tlsext_ocsp_server();
3547
3548 failed |= test_tlsext_sessionticket_client();
3549 failed |= test_tlsext_sessionticket_server();
3550
3551 failed |= test_tlsext_versions_client();
3552 failed |= test_tlsext_versions_server();
3553
3554 failed |= test_tlsext_keyshare_client();
3555 failed |= test_tlsext_keyshare_server();
3556
3557 failed |= test_tlsext_cookie_client();
3558 failed |= test_tlsext_cookie_server();
3559
3560#ifndef OPENSSL_NO_SRTP
3561 failed |= test_tlsext_srtp_client();
3562 failed |= test_tlsext_srtp_server();
3563#else
3564 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
3565#endif
3566
3567 failed |= test_tlsext_clienthello_build();
3568 failed |= test_tlsext_serverhello_build();
3569
3570 return (failed);
3571}
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile
deleted file mode 100644
index 6b8a397c07..0000000000
--- a/src/regress/lib/libssl/unit/Makefile
+++ /dev/null
@@ -1,24 +0,0 @@
1# $OpenBSD: Makefile,v 1.9 2017/03/10 15:06:15 jsing Exp $
2
3TEST_CASES+= cipher_list
4TEST_CASES+= ssl_versions
5TEST_CASES+= tls_ext_alpn
6TEST_CASES+= tls_prf
7
8REGRESS_TARGETS= all_tests
9
10WARNINGS= Yes
11LDLIBS= ${SSL_INT} -lcrypto
12CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
13CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
14
15CLEANFILES+= ${TEST_CASES}
16
17all_tests: ${TEST_CASES}
18 @for test in $>; do \
19 ./$$test; \
20 done
21
22${TEST_CASES}: ${LIBSSL} ${LIBCRYPTO}
23
24.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/unit/cipher_list.c b/src/regress/lib/libssl/unit/cipher_list.c
deleted file mode 100644
index 70f547abd6..0000000000
--- a/src/regress/lib/libssl/unit/cipher_list.c
+++ /dev/null
@@ -1,204 +0,0 @@
1/* $OpenBSD: cipher_list.c,v 1.9 2018/06/02 16:35:02 jsing Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19/*
20 * Test TLS ssl bytes (aka cipher suites) to cipher list and back.
21 *
22 * TLSv1.0 - RFC 2246 section 7.4.1.2 (ClientHello struct)
23 * TLSv1.1 - RFC 4346 section 7.4.1.2 (ClientHello struct)
24 * TLSv1.2 - RFC 5246 section 7.4.1.2 (ClientHello struct)
25 *
26 * In all of these standards, the relevant structures are:
27 *
28 * uint8 CipherSuite[2];
29 *
30 * struct {
31 * ...
32 * CipherSuite cipher_suites<2..2^16-2>
33 * ...
34 * } ClientHello;
35 */
36
37#include <openssl/ssl.h>
38
39#include <stdio.h>
40#include <string.h>
41
42#include "ssl_locl.h"
43
44#include "tests.h"
45
46static uint8_t cipher_bytes[] = {
47 0xcc, 0xa8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
48 0xcc, 0xa9, /* ECDHE-RSA-CHACHA20-POLY1305 */
49 0xcc, 0xaa, /* DHE-RSA-CHACHA20-POLY1305 */
50 0x00, 0x9c, /* AES128-GCM-SHA256 */
51 0x00, 0x3d, /* AES256-SHA256 */
52};
53
54static uint16_t cipher_values[] = {
55 0xcca8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
56 0xcca9, /* ECDHE-RSA-CHACHA20-POLY1305 */
57 0xccaa, /* DHE-RSA-CHACHA20-POLY1305 */
58 0x009c, /* AES128-GCM-SHA256 */
59 0x003d, /* AES256-SHA256 */
60};
61
62#define N_CIPHERS (sizeof(cipher_bytes) / 2)
63
64static int
65ssl_bytes_to_list_alloc(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
66{
67 SSL_CIPHER *cipher;
68 uint16_t value;
69 CBS cbs;
70 int i;
71
72 CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes));
73
74 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
75 CHECK(*ciphers != NULL);
76 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
77 for (i = 0; i < sk_SSL_CIPHER_num(*ciphers); i++) {
78 cipher = sk_SSL_CIPHER_value(*ciphers, i);
79 CHECK(cipher != NULL);
80 value = SSL_CIPHER_get_value(cipher);
81 CHECK(value == cipher_values[i]);
82 }
83
84 return 1;
85}
86
87static int
88ssl_list_to_bytes_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
89{
90 CBB cbb;
91 unsigned char *buf = NULL;
92 size_t buflen, outlen;
93 int ret = 0;
94
95 /* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
96 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
97 buflen = sizeof(cipher_bytes) + 2 + 2;
98 CHECK((buf = calloc(1, buflen)) != NULL);
99
100 CHECK(CBB_init_fixed(&cbb, buf, buflen));
101 CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
102 CHECK(CBB_finish(&cbb, NULL, &outlen));
103
104 CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
105 CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
106 CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
107 CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);
108
109 ret = 1;
110
111err:
112 free(buf);
113 return ret;
114}
115
116static int
117ssl_list_to_bytes_no_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
118{
119 CBB cbb;
120 unsigned char *buf = NULL;
121 size_t buflen, outlen;
122 int ret = 0;
123
124 /* Space for cipher bytes and two spare bytes */
125 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
126 buflen = sizeof(cipher_bytes) + 2;
127 CHECK((buf = calloc(1, buflen)) != NULL);
128 buf[buflen - 2] = 0xfe;
129 buf[buflen - 1] = 0xab;
130
131 /* Set renegotiate so it doesn't add SCSV */
132 s->internal->renegotiate = 1;
133
134 CHECK(CBB_init_fixed(&cbb, buf, buflen));
135 CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
136 CHECK(CBB_finish(&cbb, NULL, &outlen));
137
138 CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
139 CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
140 CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);
141
142 ret = 1;
143
144err:
145 free(buf);
146 return ret;
147}
148
149static int
150ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
151{
152 uint8_t empty_cipher_bytes[] = {0};
153 CBS cbs;
154
155 sk_SSL_CIPHER_free(*ciphers);
156
157 /* Invalid length: CipherSuite is 2 bytes so it must be even */
158 CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes) - 1);
159 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
160 CHECK(*ciphers == NULL);
161
162 /* Invalid length: cipher_suites must be at least 2 */
163 CBS_init(&cbs, empty_cipher_bytes, sizeof(empty_cipher_bytes));
164 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
165 CHECK(*ciphers == NULL);
166
167 return 1;
168}
169
170int
171main(void)
172{
173 STACK_OF(SSL_CIPHER) *ciphers = NULL;
174 SSL_CTX *ctx = NULL;
175 SSL *s = NULL;
176 int rv = 1;
177
178 SSL_library_init();
179
180 /* Use TLSv1.2 client to get all ciphers. */
181 CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
182 CHECK_GOTO((s = SSL_new(ctx)) != NULL);
183
184 if (!ssl_bytes_to_list_alloc(s, &ciphers))
185 goto err;
186 if (!ssl_list_to_bytes_scsv(s, &ciphers))
187 goto err;
188 if (!ssl_list_to_bytes_no_scsv(s, &ciphers))
189 goto err;
190 if (!ssl_bytes_to_list_invalid(s, &ciphers))
191 goto err;
192
193 rv = 0;
194
195err:
196 sk_SSL_CIPHER_free(ciphers);
197 SSL_CTX_free(ctx);
198 SSL_free(s);
199
200 if (!rv)
201 printf("PASS %s\n", __FILE__);
202
203 return rv;
204}
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
deleted file mode 100644
index ec16576ee9..0000000000
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ /dev/null
@@ -1,797 +0,0 @@
1/* $OpenBSD: ssl_versions.c,v 1.7 2019/04/04 15:47:15 jsing Exp $ */
2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include "ssl_locl.h"
21
22struct version_range_test {
23 const long options;
24 const uint16_t minver;
25 const uint16_t maxver;
26 const uint16_t want_minver;
27 const uint16_t want_maxver;
28};
29
30static struct version_range_test version_range_tests[] = {
31 {
32 .options = 0,
33 .minver = TLS1_VERSION,
34 .maxver = TLS1_3_VERSION,
35 .want_minver = TLS1_VERSION,
36 .want_maxver = TLS1_3_VERSION,
37 },
38 {
39 .options = 0,
40 .minver = TLS1_VERSION,
41 .maxver = TLS1_2_VERSION,
42 .want_minver = TLS1_VERSION,
43 .want_maxver = TLS1_2_VERSION,
44 },
45 {
46 .options = SSL_OP_NO_TLSv1,
47 .minver = TLS1_VERSION,
48 .maxver = TLS1_2_VERSION,
49 .want_minver = TLS1_1_VERSION,
50 .want_maxver = TLS1_2_VERSION,
51 },
52 {
53 .options = SSL_OP_NO_TLSv1_3,
54 .minver = TLS1_VERSION,
55 .maxver = TLS1_3_VERSION,
56 .want_minver = TLS1_VERSION,
57 .want_maxver = TLS1_2_VERSION,
58 },
59 {
60 .options = SSL_OP_NO_TLSv1_2,
61 .minver = TLS1_VERSION,
62 .maxver = TLS1_2_VERSION,
63 .want_minver = TLS1_VERSION,
64 .want_maxver = TLS1_1_VERSION,
65 },
66 {
67 .options = SSL_OP_NO_TLSv1_1,
68 .minver = TLS1_VERSION,
69 .maxver = TLS1_2_VERSION,
70 .want_minver = TLS1_VERSION,
71 .want_maxver = TLS1_VERSION,
72 },
73 {
74 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
75 .minver = TLS1_VERSION,
76 .maxver = TLS1_2_VERSION,
77 .want_minver = TLS1_2_VERSION,
78 .want_maxver = TLS1_2_VERSION,
79 },
80 {
81 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
82 .minver = TLS1_VERSION,
83 .maxver = TLS1_2_VERSION,
84 .want_minver = TLS1_VERSION,
85 .want_maxver = TLS1_VERSION,
86 },
87 {
88 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
89 .minver = TLS1_VERSION,
90 .maxver = TLS1_2_VERSION,
91 .want_minver = TLS1_1_VERSION,
92 .want_maxver = TLS1_1_VERSION,
93 },
94 {
95 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
96 SSL_OP_NO_TLSv1_2,
97 .minver = TLS1_VERSION,
98 .maxver = TLS1_2_VERSION,
99 .want_minver = 0,
100 .want_maxver = 0,
101 },
102 {
103 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
104 SSL_OP_NO_TLSv1_2,
105 .minver = TLS1_VERSION,
106 .maxver = TLS1_3_VERSION,
107 .want_minver = TLS1_3_VERSION,
108 .want_maxver = TLS1_3_VERSION,
109 },
110 {
111 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
112 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3,
113 .minver = TLS1_VERSION,
114 .maxver = TLS1_3_VERSION,
115 .want_minver = 0,
116 .want_maxver = 0,
117 },
118 {
119 .options = 0,
120 .minver = TLS1_VERSION,
121 .maxver = TLS1_2_VERSION,
122 .want_minver = TLS1_VERSION,
123 .want_maxver = TLS1_2_VERSION,
124 },
125 {
126 .options = 0,
127 .minver = TLS1_1_VERSION,
128 .maxver = TLS1_2_VERSION,
129 .want_minver = TLS1_1_VERSION,
130 .want_maxver = TLS1_2_VERSION,
131 },
132 {
133 .options = 0,
134 .minver = TLS1_2_VERSION,
135 .maxver = TLS1_2_VERSION,
136 .want_minver = TLS1_2_VERSION,
137 .want_maxver = TLS1_2_VERSION,
138 },
139 {
140 .options = 0,
141 .minver = TLS1_VERSION,
142 .maxver = TLS1_3_VERSION,
143 .want_minver = TLS1_VERSION,
144 .want_maxver = TLS1_3_VERSION,
145 },
146 {
147 .options = 0,
148 .minver = TLS1_1_VERSION,
149 .maxver = TLS1_3_VERSION,
150 .want_minver = TLS1_1_VERSION,
151 .want_maxver = TLS1_3_VERSION,
152 },
153 {
154 .options = 0,
155 .minver = TLS1_2_VERSION,
156 .maxver = TLS1_3_VERSION,
157 .want_minver = TLS1_2_VERSION,
158 .want_maxver = TLS1_3_VERSION,
159 },
160 {
161 .options = 0,
162 .minver = TLS1_3_VERSION,
163 .maxver = TLS1_3_VERSION,
164 .want_minver = TLS1_3_VERSION,
165 .want_maxver = TLS1_3_VERSION,
166 },
167 {
168 .options = 0,
169 .minver = TLS1_VERSION,
170 .maxver = TLS1_1_VERSION,
171 .want_minver = TLS1_VERSION,
172 .want_maxver = TLS1_1_VERSION,
173 },
174 {
175 .options = 0,
176 .minver = TLS1_VERSION,
177 .maxver = TLS1_VERSION,
178 .want_minver = TLS1_VERSION,
179 .want_maxver = TLS1_VERSION,
180 },
181};
182
183#define N_VERSION_RANGE_TESTS \
184 (sizeof(version_range_tests) / sizeof(*version_range_tests))
185
186static int
187test_ssl_enabled_version_range(void)
188{
189 struct version_range_test *vrt;
190 uint16_t minver, maxver;
191 SSL_CTX *ssl_ctx = NULL;
192 SSL *ssl = NULL;
193 int failed = 1;
194 size_t i;
195
196 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
197 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
198 goto failure;
199 }
200 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
201 fprintf(stderr, "SSL_new() returned NULL\n");
202 goto failure;
203 }
204
205 failed = 0;
206
207 for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
208 vrt = &version_range_tests[i];
209
210 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
211 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
212 SSL_set_options(ssl, vrt->options);
213
214 minver = maxver = 0xffff;
215 ssl->internal->min_version = vrt->minver;
216 ssl->internal->max_version = vrt->maxver;
217
218 if (ssl_enabled_version_range(ssl, &minver, &maxver) != 1) {
219 if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
220 fprintf(stderr, "FAIL: test %zu - failed but "
221 "wanted non-zero versions\n", i);
222 failed++;
223 }
224 continue;
225 }
226 if (minver != vrt->want_minver) {
227 fprintf(stderr, "FAIL: test %zu - got minver %x, "
228 "want %x\n", i, minver, vrt->want_minver);
229 failed++;
230 }
231 if (maxver != vrt->want_maxver) {
232 fprintf(stderr, "FAIL: test %zu - got maxver %x, "
233 "want %x\n", i, maxver, vrt->want_maxver);
234 failed++;
235 }
236 }
237
238 failure:
239 SSL_CTX_free(ssl_ctx);
240 SSL_free(ssl);
241
242 return (failed);
243}
244
245struct shared_version_test {
246 const SSL_METHOD *(*ssl_method)(void);
247 const long options;
248 const uint16_t minver;
249 const uint16_t maxver;
250 const uint16_t peerver;
251 const uint16_t want_maxver;
252};
253
254static struct shared_version_test shared_version_tests[] = {
255 {
256 .ssl_method = TLS_method,
257 .options = 0,
258 .minver = TLS1_VERSION,
259 .maxver = TLS1_2_VERSION,
260 .peerver = SSL2_VERSION,
261 .want_maxver = 0,
262 },
263 {
264 .ssl_method = TLS_method,
265 .options = 0,
266 .minver = TLS1_VERSION,
267 .maxver = TLS1_2_VERSION,
268 .peerver = SSL3_VERSION,
269 .want_maxver = 0,
270 },
271 {
272 .ssl_method = TLS_method,
273 .options = 0,
274 .minver = TLS1_VERSION,
275 .maxver = TLS1_2_VERSION,
276 .peerver = TLS1_VERSION,
277 .want_maxver = TLS1_VERSION,
278 },
279 {
280 .ssl_method = TLS_method,
281 .options = 0,
282 .minver = TLS1_VERSION,
283 .maxver = TLS1_2_VERSION,
284 .peerver = TLS1_1_VERSION,
285 .want_maxver = TLS1_1_VERSION,
286 },
287 {
288 .ssl_method = TLS_method,
289 .options = 0,
290 .minver = TLS1_VERSION,
291 .maxver = TLS1_2_VERSION,
292 .peerver = TLS1_2_VERSION,
293 .want_maxver = TLS1_2_VERSION,
294 },
295 {
296 .ssl_method = TLS_method,
297 .options = 0,
298 .minver = TLS1_VERSION,
299 .maxver = TLS1_2_VERSION,
300 .peerver = TLS1_3_VERSION,
301 .want_maxver = TLS1_2_VERSION,
302 },
303 {
304 .ssl_method = TLS_method,
305 .options = 0,
306 .minver = TLS1_VERSION,
307 .maxver = TLS1_2_VERSION,
308 .peerver = 0x7f12,
309 .want_maxver = TLS1_2_VERSION,
310 },
311 {
312 .ssl_method = TLS_method,
313 .options = SSL_OP_NO_TLSv1_2,
314 .minver = TLS1_VERSION,
315 .maxver = TLS1_2_VERSION,
316 .peerver = TLS1_2_VERSION,
317 .want_maxver = TLS1_1_VERSION,
318 },
319 {
320 .ssl_method = TLS_method,
321 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
322 .minver = TLS1_VERSION,
323 .maxver = TLS1_2_VERSION,
324 .peerver = TLS1_2_VERSION,
325 .want_maxver = TLS1_VERSION,
326 },
327 {
328 .ssl_method = TLS_method,
329 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
330 .minver = TLS1_VERSION,
331 .maxver = TLS1_2_VERSION,
332 .peerver = TLS1_2_VERSION,
333 .want_maxver = 0,
334 },
335 {
336 .ssl_method = TLS_method,
337 .options = SSL_OP_NO_TLSv1,
338 .minver = TLS1_VERSION,
339 .maxver = TLS1_2_VERSION,
340 .peerver = TLS1_1_VERSION,
341 .want_maxver = TLS1_1_VERSION,
342 },
343 {
344 .ssl_method = TLS_method,
345 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
346 .minver = TLS1_VERSION,
347 .maxver = TLS1_2_VERSION,
348 .peerver = TLS1_1_VERSION,
349 .want_maxver = 0,
350 },
351 {
352 .ssl_method = TLS_method,
353 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
354 .minver = TLS1_VERSION,
355 .maxver = TLS1_2_VERSION,
356 .peerver = TLS1_1_VERSION,
357 .want_maxver = TLS1_VERSION,
358 },
359 {
360 .ssl_method = TLS_method,
361 .options = SSL_OP_NO_TLSv1,
362 .minver = TLS1_VERSION,
363 .maxver = TLS1_2_VERSION,
364 .peerver = TLS1_VERSION,
365 .want_maxver = 0,
366 },
367 {
368 .ssl_method = TLS_method,
369 .options = 0,
370 .minver = TLS1_VERSION,
371 .maxver = TLS1_1_VERSION,
372 .peerver = TLS1_2_VERSION,
373 .want_maxver = TLS1_1_VERSION,
374 },
375 {
376 .ssl_method = TLS_method,
377 .options = 0,
378 .minver = TLS1_VERSION,
379 .maxver = TLS1_VERSION,
380 .peerver = TLS1_2_VERSION,
381 .want_maxver = TLS1_VERSION,
382 },
383 {
384 .ssl_method = TLSv1_method,
385 .options = 0,
386 .minver = TLS1_VERSION,
387 .maxver = TLS1_2_VERSION,
388 .peerver = TLS1_VERSION,
389 .want_maxver = TLS1_VERSION,
390 },
391 {
392 .ssl_method = TLSv1_method,
393 .options = 0,
394 .minver = TLS1_1_VERSION,
395 .maxver = TLS1_2_VERSION,
396 .peerver = TLS1_VERSION,
397 .want_maxver = 0,
398 },
399 {
400 .ssl_method = TLSv1_1_method,
401 .options = 0,
402 .minver = TLS1_VERSION,
403 .maxver = TLS1_2_VERSION,
404 .peerver = TLS1_1_VERSION,
405 .want_maxver = TLS1_1_VERSION,
406 },
407 {
408 .ssl_method = DTLSv1_method,
409 .options = 0,
410 .minver = TLS1_VERSION,
411 .maxver = TLS1_2_VERSION,
412 .peerver = DTLS1_VERSION,
413 .want_maxver = DTLS1_VERSION,
414 },
415 {
416 .ssl_method = DTLSv1_method,
417 .options = 0,
418 .minver = TLS1_VERSION,
419 .maxver = TLS1_2_VERSION,
420 .peerver = TLS1_2_VERSION,
421 .want_maxver = 0,
422 },
423};
424
425#define N_SHARED_VERSION_TESTS \
426 (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
427
428static int
429test_ssl_max_shared_version(void)
430{
431 struct shared_version_test *svt;
432 SSL_CTX *ssl_ctx = NULL;
433 SSL *ssl = NULL;
434 uint16_t maxver;
435 int failed = 0;
436 size_t i;
437
438 failed = 0;
439
440 for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
441 svt = &shared_version_tests[i];
442
443 if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
444 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
445 return 1;
446 }
447 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
448 fprintf(stderr, "SSL_new() returned NULL\n");
449 return 1;
450 }
451
452 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
453 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
454 SSL_set_options(ssl, svt->options);
455
456 maxver = 0;
457 ssl->internal->min_version = svt->minver;
458 ssl->internal->max_version = svt->maxver;
459
460 if (ssl_max_shared_version(ssl, svt->peerver, &maxver) != 1) {
461 if (svt->want_maxver != 0) {
462 fprintf(stderr, "FAIL: test %zu - failed but "
463 "wanted non-zero shared version\n", i);
464 failed++;
465 }
466 continue;
467 }
468 if (maxver != svt->want_maxver) {
469 fprintf(stderr, "FAIL: test %zu - got shared "
470 "version %x, want %x\n", i, maxver,
471 svt->want_maxver);
472 failed++;
473 }
474
475 SSL_CTX_free(ssl_ctx);
476 SSL_free(ssl);
477 }
478
479 return (failed);
480}
481
482struct min_max_version_test {
483 const SSL_METHOD *(*ssl_method)(void);
484 const uint16_t minver;
485 const uint16_t maxver;
486 const uint16_t want_minver;
487 const uint16_t want_maxver;
488};
489
490static struct min_max_version_test min_max_version_tests[] = {
491 {
492 .ssl_method = TLS_method,
493 .minver = 0,
494 .maxver = 0,
495 .want_minver = TLS1_VERSION,
496 .want_maxver = TLS1_2_VERSION,
497 },
498 {
499 .ssl_method = TLS_method,
500 .minver = TLS1_VERSION,
501 .maxver = 0,
502 .want_minver = TLS1_VERSION,
503 .want_maxver = TLS1_2_VERSION,
504 },
505 {
506 .ssl_method = TLS_method,
507 .minver = 0,
508 .maxver = TLS1_2_VERSION,
509 .want_minver = TLS1_VERSION,
510 .want_maxver = TLS1_2_VERSION,
511 },
512 {
513 .ssl_method = TLS_method,
514 .minver = 0,
515 .maxver = TLS1_3_VERSION,
516 .want_minver = TLS1_VERSION,
517 .want_maxver = TLS1_2_VERSION,
518 },
519 {
520 .ssl_method = TLS_method,
521 .minver = TLS1_VERSION,
522 .maxver = TLS1_2_VERSION,
523 .want_minver = TLS1_VERSION,
524 .want_maxver = TLS1_2_VERSION,
525 },
526 {
527 .ssl_method = TLS_method,
528 .minver = TLS1_1_VERSION,
529 .maxver = 0,
530 .want_minver = TLS1_1_VERSION,
531 .want_maxver = TLS1_2_VERSION,
532 },
533 {
534 .ssl_method = TLS_method,
535 .minver = TLS1_2_VERSION,
536 .maxver = 0,
537 .want_minver = TLS1_2_VERSION,
538 .want_maxver = TLS1_2_VERSION,
539 },
540 {
541 .ssl_method = TLS_method,
542 .minver = 0x0300,
543 .maxver = 0,
544 .want_minver = TLS1_VERSION,
545 .want_maxver = TLS1_2_VERSION,
546 },
547 {
548 .ssl_method = TLS_method,
549 .minver = 0x0305,
550 .maxver = 0,
551 .want_minver = 0,
552 .want_maxver = 0,
553 },
554 {
555 .ssl_method = TLS_method,
556 .minver = 0,
557 .maxver = 0x0305,
558 .want_minver = TLS1_VERSION,
559 .want_maxver = TLS1_2_VERSION,
560 },
561 {
562 .ssl_method = TLS_method,
563 .minver = 0,
564 .maxver = TLS1_1_VERSION,
565 .want_minver = TLS1_VERSION,
566 .want_maxver = TLS1_1_VERSION,
567 },
568 {
569 .ssl_method = TLS_method,
570 .minver = 0,
571 .maxver = TLS1_VERSION,
572 .want_minver = TLS1_VERSION,
573 .want_maxver = TLS1_VERSION,
574 },
575 {
576 .ssl_method = TLS_method,
577 .minver = 0,
578 .maxver = 0x0300,
579 .want_minver = 0,
580 .want_maxver = 0,
581 },
582 {
583 .ssl_method = TLS_method,
584 .minver = TLS1_2_VERSION,
585 .maxver = TLS1_1_VERSION,
586 .want_minver = TLS1_2_VERSION,
587 .want_maxver = 0,
588 },
589 {
590 .ssl_method = TLSv1_1_method,
591 .minver = 0,
592 .maxver = 0,
593 .want_minver = TLS1_1_VERSION,
594 .want_maxver = TLS1_1_VERSION,
595 },
596 {
597 .ssl_method = TLSv1_1_method,
598 .minver = TLS1_VERSION,
599 .maxver = TLS1_2_VERSION,
600 .want_minver = TLS1_1_VERSION,
601 .want_maxver = TLS1_1_VERSION,
602 },
603 {
604 .ssl_method = TLSv1_1_method,
605 .minver = TLS1_2_VERSION,
606 .maxver = 0,
607 .want_minver = 0,
608 .want_maxver = 0,
609 },
610 {
611 .ssl_method = TLSv1_1_method,
612 .minver = 0,
613 .maxver = TLS1_VERSION,
614 .want_minver = 0,
615 .want_maxver = 0,
616 },
617 {
618 .ssl_method = DTLSv1_method,
619 .minver = 0,
620 .maxver = 0,
621 .want_minver = DTLS1_VERSION,
622 .want_maxver = DTLS1_VERSION,
623 },
624 {
625 .ssl_method = DTLSv1_method,
626 .minver = DTLS1_VERSION,
627 .maxver = 0,
628 .want_minver = DTLS1_VERSION,
629 .want_maxver = DTLS1_VERSION,
630 },
631 {
632 .ssl_method = DTLSv1_method,
633 .minver = 0,
634 .maxver = DTLS1_VERSION,
635 .want_minver = DTLS1_VERSION,
636 .want_maxver = DTLS1_VERSION,
637 },
638 {
639 .ssl_method = DTLSv1_method,
640 .minver = TLS1_VERSION,
641 .maxver = TLS1_2_VERSION,
642 .want_minver = 0,
643 .want_maxver = 0,
644 },
645};
646
647#define N_MIN_MAX_VERSION_TESTS \
648 (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
649
650static int
651test_ssl_min_max_version(void)
652{
653 struct min_max_version_test *mmvt;
654 SSL_CTX *ssl_ctx = NULL;
655 SSL *ssl = NULL;
656 int failed = 0;
657 size_t i;
658
659 failed = 0;
660
661 for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
662 mmvt = &min_max_version_tests[i];
663
664 if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
665 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
666 return 1;
667 }
668
669 if (SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver) != 1) {
670 if (mmvt->want_minver != 0) {
671 fprintf(stderr, "FAIL: test %zu - failed to set "
672 "SSL_CTX min version\n", i);
673 failed++;
674 }
675 goto next;
676 }
677 if (SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver) != 1) {
678 if (mmvt->want_maxver != 0) {
679 fprintf(stderr, "FAIL: test %zu - failed to set "
680 "SSL_CTX min version\n", i);
681 failed++;
682 }
683 goto next;
684 }
685
686 if (mmvt->want_minver == 0) {
687 fprintf(stderr, "FAIL: test %zu - successfully set "
688 "SSL_CTX min version, should have failed\n", i);
689 goto next;
690 }
691 if (mmvt->want_maxver == 0) {
692 fprintf(stderr, "FAIL: test %zu - successfully set "
693 "SSL_CTX max version, should have failed\n", i);
694 goto next;
695 }
696
697 if (SSL_CTX_get_min_proto_version(ssl_ctx) != mmvt->want_minver) {
698 fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
699 "version 0x%x, want 0x%x\n", i,
700 SSL_CTX_get_min_proto_version(ssl_ctx), mmvt->want_minver);
701 goto next;
702 }
703 if (SSL_CTX_get_max_proto_version(ssl_ctx) != mmvt->want_maxver) {
704 fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
705 "version 0x%x, want 0x%x\n", i,
706 SSL_CTX_get_max_proto_version(ssl_ctx), mmvt->want_maxver);
707 goto next;
708 }
709
710 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
711 fprintf(stderr, "SSL_new() returned NULL\n");
712 return 1;
713 }
714
715 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
716 fprintf(stderr, "FAIL: test %zu - initial SSL min "
717 "version 0x%x, want 0x%x\n", i,
718 SSL_get_min_proto_version(ssl), mmvt->want_minver);
719 goto next;
720 }
721 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
722 fprintf(stderr, "FAIL: test %zu - initial SSL max "
723 "version 0x%x, want 0x%x\n", i,
724 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
725 goto next;
726 }
727
728 if (SSL_set_min_proto_version(ssl, mmvt->minver) != 1) {
729 if (mmvt->want_minver != 0) {
730 fprintf(stderr, "FAIL: test %zu - failed to set "
731 "SSL min version\n", i);
732 failed++;
733 }
734 goto next;
735 }
736 if (SSL_set_max_proto_version(ssl, mmvt->maxver) != 1) {
737 if (mmvt->want_maxver != 0) {
738 fprintf(stderr, "FAIL: test %zu - failed to set "
739 "SSL min version\n", i);
740 failed++;
741 }
742 goto next;
743 }
744
745 if (mmvt->want_minver == 0) {
746 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
747 "min version, should have failed\n", i);
748 goto next;
749 }
750 if (mmvt->want_maxver == 0) {
751 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
752 "max version, should have failed\n", i);
753 goto next;
754 }
755
756 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
757 fprintf(stderr, "FAIL: test %zu - got SSL min "
758 "version 0x%x, want 0x%x\n", i,
759 SSL_get_min_proto_version(ssl), mmvt->want_minver);
760 goto next;
761 }
762 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
763 fprintf(stderr, "FAIL: test %zu - got SSL max "
764 "version 0x%x, want 0x%x\n", i,
765 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
766 goto next;
767 }
768
769 next:
770 SSL_CTX_free(ssl_ctx);
771 SSL_free(ssl);
772
773 ssl_ctx = NULL;
774 ssl = NULL;
775 }
776
777 return (failed);
778}
779
780int
781main(int argc, char **argv)
782{
783 int failed = 0;
784
785 SSL_library_init();
786
787 /* XXX - Test ssl_supported_version_range() */
788
789 failed |= test_ssl_enabled_version_range();
790 failed |= test_ssl_max_shared_version();
791 failed |= test_ssl_min_max_version();
792
793 if (failed == 0)
794 printf("PASS %s\n", __FILE__);
795
796 return (failed);
797}
diff --git a/src/regress/lib/libssl/unit/tests.h b/src/regress/lib/libssl/unit/tests.h
deleted file mode 100644
index 287816946a..0000000000
--- a/src/regress/lib/libssl/unit/tests.h
+++ /dev/null
@@ -1,44 +0,0 @@
1/* $OpenBSD: tests.h,v 1.1 2015/06/27 23:35:52 doug Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef LIBRESSL_REGRESS_TESTS_H__
19#define LIBRESSL_REGRESS_TESTS_H__ 1
20
21/* Ugly macros that are useful for regression tests. */
22
23#define SKIP(a) do { \
24 printf("Skipping test in %s [%s:%d]\n", __func__, __FILE__, \
25 __LINE__); \
26} while (0)
27
28#define CHECK(a) do { \
29 if (!(a)) { \
30 printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
31 __LINE__); \
32 return 0; \
33 } \
34} while (0)
35
36#define CHECK_GOTO(a) do { \
37 if (!(a)) { \
38 printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
39 __LINE__); \
40 goto err; \
41 } \
42} while (0)
43
44#endif /* LIBRESSL_REGRESS_TESTS_H__ */
diff --git a/src/regress/lib/libssl/unit/tls_ext_alpn.c b/src/regress/lib/libssl/unit/tls_ext_alpn.c
deleted file mode 100644
index 63e5f247c8..0000000000
--- a/src/regress/lib/libssl/unit/tls_ext_alpn.c
+++ /dev/null
@@ -1,442 +0,0 @@
1/* $OpenBSD: tls_ext_alpn.c,v 1.6 2019/01/18 00:55:15 jsing Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Test TLS extension Application-Layer Protocol Negotiation (RFC 7301).
20 */
21#include <stdio.h>
22#include <openssl/ssl.h>
23
24#include "ssl_locl.h"
25#include "ssl_tlsext.h"
26
27#include "tests.h"
28
29/*
30 * In the ProtocolNameList, ProtocolNames must not include empty strings and
31 * byte strings must not be truncated.
32 *
33 * This uses some of the IANA approved protocol names from:
34 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
35 */
36
37/* Valid for client and server since it only has one name. */
38static uint8_t proto_single[] = {
39 /* Extension extensions<0..2^16-1> -- All TLS extensions */
40 0x00, 0x0f, /* len */
41 /* ExtensionType extension_type */
42 0x00, 0x10, /* ALPN */
43 /* opaque extension_data<0..2^16-1> */
44 0x00, 0x0b, /* len */
45 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
46 0x00, 0x09, /* len of all names */
47 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
48 0x08, /* len */
49 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
50};
51
52/* Valid for client, but NOT server. Server must have exactly one name. */
53static uint8_t proto_multiple1[] = {
54 /* Extension extensions<0..2^16-1> -- All TLS extensions */
55 0x00, 0x19, /* len */
56 /* ExtensionType extension_type */
57 0x00, 0x10, /* ALPN */
58 /* opaque extension_data<0..2^16-1> */
59 0x00, 0x15, /* len */
60 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
61 0x00, 0x13, /* len of all names */
62 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
63 0x08, /* len */
64 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
65 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
66 0x09, /* len */
67 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
68};
69
70/* Valid for client, but NOT server. Server must have exactly one name. */
71static uint8_t proto_multiple2[] = {
72 /* Extension extensions<0..2^16-1> -- All TLS extensions */
73 0x00, 0x1c, /* len */
74 /* ExtensionType extension_type */
75 0x00, 0x10, /* ALPN */
76 /* opaque extension_data<0..2^16-1> */
77 0x00, 0x18, /* len */
78 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
79 0x00, 0x16, /* len of all names */
80 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
81 0x08, /* len */
82 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
83 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
84 0x02, /* len */
85 0x68, 0x32,
86 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
87 0x09, /* len */
88 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
89};
90
91/* Valid for client, but NOT server. Server must have exactly one name. */
92static uint8_t proto_multiple3[] = {
93 /* Extension extensions<0..2^16-1> -- All TLS extensions */
94 0x00, 0x20, /* len */
95 /* ExtensionType extension_type */
96 0x00, 0x10, /* ALPN */
97 /* opaque extension_data<0..2^16-1> */
98 0x00, 0x1c, /* len */
99 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
100 0x00, 0x1a, /* len of all names */
101 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
102 0x08, /* len */
103 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
104 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
105 0x02, /* len */
106 0x68, 0x32,
107 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
108 0x09, /* len */
109 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e,
110 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
111 0x03, /* len */
112 0x68, 0x32, 0x63
113};
114
115static uint8_t proto_empty[] = {
116 /* Extension extensions<0..2^16-1> -- All TLS extensions. */
117 0x00, 0x00, /* none present. */
118};
119
120/* Invalid for both client and server. Length is wrong. */
121static uint8_t proto_invalid_len1[] = {
122 /* Extension extensions<0..2^16-1> -- All TLS extensions */
123 0x00, 0x0a, /* len */
124 /* ExtensionType extension_type */
125 0x00, 0x10, /* ALPN */
126 /* opaque extension_data<0..2^16-1> */
127 0x00, 0x06, /* len */
128 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
129 0x00, 0x04, /* len of all names */
130 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
131 0x04, /* XXX len too large */
132 0x68, 0x32, 0x63
133};
134static uint8_t proto_invalid_len2[] = {
135 /* Extension extensions<0..2^16-1> -- All TLS extensions */
136 0x00, 0x0a, /* len */
137 /* ExtensionType extension_type */
138 0x00, 0x10, /* ALPN */
139 /* opaque extension_data<0..2^16-1> */
140 0x00, 0x06, /* len */
141 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
142 0x00, 0x04, /* len of all names */
143 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
144 0x02, /* XXX len too small */
145 0x68, 0x32, 0x63
146};
147static uint8_t proto_invalid_len3[] = {
148 /* Extension extensions<0..2^16-1> -- All TLS extensions */
149 0x00, 0x0a, /* len */
150 /* ExtensionType extension_type */
151 0x00, 0x10, /* ALPN */
152 /* opaque extension_data<0..2^16-1> */
153 0x00, 0x06, /* len */
154 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
155 0x00, 0x03, /* XXX len too small */
156 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
157 0x03, /* len */
158 0x68, 0x32, 0x63
159};
160static uint8_t proto_invalid_len4[] = {
161 /* Extension extensions<0..2^16-1> -- All TLS extensions */
162 0x00, 0x0a, /* len */
163 /* ExtensionType extension_type */
164 0x00, 0x10, /* ALPN */
165 /* opaque extension_data<0..2^16-1> */
166 0x00, 0x06, /* len */
167 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
168 0x00, 0x06, /* XXX len too large */
169 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
170 0x03, /* len */
171 0x68, 0x32, 0x63
172};
173static uint8_t proto_invalid_len5[] = {
174 /* Extension extensions<0..2^16-1> -- All TLS extensions */
175 0x00, 0x0a, /* len */
176 /* ExtensionType extension_type */
177 0x00, 0x10, /* ALPN */
178 /* opaque extension_data<0..2^16-1> */
179 0x01, 0x08, /* XXX len too large */
180 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
181 0x00, 0x04, /* len */
182 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
183 0x03, /* len */
184 0x68, 0x32, 0x63
185};
186static uint8_t proto_invalid_len6[] = {
187 /* Extension extensions<0..2^16-1> -- All TLS extensions */
188 0x00, 0x0a, /* len */
189 /* ExtensionType extension_type */
190 0x00, 0x10, /* ALPN */
191 /* opaque extension_data<0..2^16-1> */
192 0x00, 0x05, /* XXX len too small */
193 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
194 0x00, 0x04, /* len */
195 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
196 0x03, /* len */
197 0x68, 0x32, 0x63
198};
199static uint8_t proto_invalid_len7[] = {
200 /* Extension extensions<0..2^16-1> -- All TLS extensions */
201 0x00, 0x06, /* XXX len too small */
202 /* ExtensionType extension_type */
203 0x00, 0x10, /* ALPN */
204 /* opaque extension_data<0..2^16-1> */
205 0x00, 0x06, /* len */
206 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
207 0x00, 0x04, /* len */
208 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
209 0x03, /* len */
210 0x68, 0x32, 0x63
211};
212static uint8_t proto_invalid_len8[] = {
213 /* Extension extensions<0..2^16-1> -- All TLS extensions */
214 0x00, 0x0b, /* XXX len too large */
215 /* ExtensionType extension_type */
216 0x00, 0x10, /* ALPN */
217 /* opaque extension_data<0..2^16-1> */
218 0x00, 0x06, /* len */
219 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
220 0x00, 0x04, /* len */
221 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
222 0x03, /* len */
223 0x68, 0x32, 0x63
224};
225
226/* Invalid for client and server since it is missing data. */
227static uint8_t proto_invalid_missing1[] = {
228 /* Extension extensions<0..2^16-1> -- All TLS extensions */
229 0x00, 0x0a, /* len */
230 /* ExtensionType extension_type */
231 0x00, 0x10, /* ALPN */
232 /* opaque extension_data<0..2^16-1> */
233 0x00, 0x06, /* len */
234 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
235 0x00, 0x04, /* len of all names */
236 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
237 /* XXX missing */
238};
239static uint8_t proto_invalid_missing2[] = {
240 /* Extension extensions<0..2^16-1> -- All TLS extensions */
241 0x00, 0x0a, /* len */
242 /* ExtensionType extension_type */
243 0x00, 0x10, /* ALPN */
244 /* opaque extension_data<0..2^16-1> */
245 0x00, 0x00, /* XXX missing name list */
246 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
247};
248static uint8_t proto_invalid_missing3[] = {
249 /* Extension extensions<0..2^16-1> -- All TLS extensions */
250 0x00, 0x0a, /* len */
251 /* ExtensionType extension_type */
252 0x00, 0x10, /* ALPN */
253 /* opaque extension_data<0..2^16-1> */
254 0x00, 0x02, /* XXX size is sufficient but missing data for name list */
255 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
256};
257static uint8_t proto_invalid_missing4[] = {
258 /* Extension extensions<0..2^16-1> -- All TLS extensions */
259 0x00, 0x0a, /* len */
260 /* ExtensionType extension_type */
261 0x00, 0x10, /* ALPN */
262 /* opaque extension_data<0..2^16-1> */
263 /* XXX missing */
264};
265static uint8_t proto_invalid_missing5[] = {
266 /* Extension extensions<0..2^16-1> -- All TLS extensions */
267 0x00, 0x1c, /* len */
268 /* ExtensionType extension_type */
269 0x00, 0x10, /* ALPN */
270 /* opaque extension_data<0..2^16-1> */
271 0x00, 0x18, /* len */
272 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
273 0x00, 0x16, /* len of all names */
274 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
275 0x08, /* len */
276 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
277 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
278 0x02, /* len */
279 0x68, 0x32,
280 /* XXX missing name */
281};
282static uint8_t proto_invalid_missing6[] = {
283 /* Extension extensions<0..2^16-1> -- All TLS extensions */
284 0x00, 0x07, /* len */
285 /* ExtensionType extension_type */
286 0x00, 0x10, /* ALPN */
287 /* opaque extension_data<0..2^16-1> */
288 0x00, 0x03, /* len */
289 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
290 0x00, 0x01, /* XXX len must be at least 2 */
291 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
292 0x00, /* XXX len cannot be 0 */
293};
294static uint8_t proto_invalid_missing7[] = {
295 /* Extension extensions<0..2^16-1> -- All TLS extensions */
296 0x00, 0x07, /* len */
297 /* ExtensionType extension_type */
298 0x00, 0x10, /* ALPN */
299 /* opaque extension_data<0..2^16-1> */
300 0x00, 0x03, /* len */
301 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
302 0x00, 0x02, /* XXX len is at least 2 but not correct. */
303 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
304 0x00, /* XXX len cannot be 0 */
305};
306static uint8_t proto_invalid_missing8[] = {
307 /* Extension extensions<0..2^16-1> -- All TLS extensions */
308 0x00, 0x01, /* len */
309 /* ExtensionType extension_type */
310 0x00, /* XXX need a 2 byte type */
311};
312static uint8_t proto_invalid_missing9[] = {
313 /* Extension extensions<0..2^16-1> -- All TLS extensions */
314 0x0a, /* XXX need a 2 byte len */
315};
316
317
318#define CHECK_BOTH(c_val, s_val, proto) do { \
319 { \
320 CBS cbs; \
321 int al; \
322 \
323 CBS_init(&cbs, proto, sizeof(proto)); \
324 CHECK(c_val == tlsext_server_parse(s, &cbs, &al, SSL_TLSEXT_MSG_CH)); \
325 CBS_init(&cbs, proto, sizeof(proto)); \
326 CHECK(s_val == tlsext_client_parse(s, &cbs, &al, SSL_TLSEXT_MSG_SH)); \
327 } \
328} while (0)
329
330static int dummy_alpn_cb(SSL *ssl, const unsigned char **out,
331 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
332 void *arg);
333
334static int
335check_valid_alpn(SSL *s)
336{
337 const uint8_t str[] = {
338 0x08, /* len */
339 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
340 };
341
342 /* Setup in order to test ALPN. */
343 CHECK(! SSL_set_alpn_protos(s, str, 9));
344 SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);
345
346 /* Prerequisites to test these. */
347 CHECK(s->internal->alpn_client_proto_list != NULL);
348 CHECK(s->ctx->internal->alpn_select_cb != NULL);
349 //CHECK(s->s3->tmp.finish_md_len == 0);
350
351 CHECK_BOTH(1, 1, proto_single);
352 CHECK_BOTH(1, 1, proto_empty);
353
354 /* Multiple protocol names are only valid for client */
355 CHECK_BOTH(1, 0, proto_multiple1);
356 CHECK_BOTH(1, 0, proto_multiple2);
357 CHECK_BOTH(1, 0, proto_multiple3);
358
359 return 1;
360}
361
362/*
363 * Some of the IANA approved IDs from:
364 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
365 */
366static int
367check_invalid_alpn(SSL *s)
368{
369 const uint8_t str[] = {
370 0x08, /* len */
371 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
372 };
373
374 /* Setup in order to test ALPN. */
375 CHECK(! SSL_set_alpn_protos(s, str, 9));
376 SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);
377
378 /* Prerequisites to test these. */
379 CHECK(s->internal->alpn_client_proto_list != NULL);
380 CHECK(s->ctx->internal->alpn_select_cb != NULL);
381 //CHECK(s->s3->tmp.finish_md_len == 0);
382
383 /* None of these are valid for client or server */
384 CHECK_BOTH(0, 0, proto_invalid_len1);
385 CHECK_BOTH(0, 0, proto_invalid_len2);
386 CHECK_BOTH(0, 0, proto_invalid_len3);
387 CHECK_BOTH(0, 0, proto_invalid_len4);
388 CHECK_BOTH(0, 0, proto_invalid_len5);
389 CHECK_BOTH(0, 0, proto_invalid_len6);
390 CHECK_BOTH(0, 0, proto_invalid_len7);
391 CHECK_BOTH(0, 0, proto_invalid_len8);
392 CHECK_BOTH(0, 0, proto_invalid_missing1);
393 CHECK_BOTH(0, 0, proto_invalid_missing2);
394 CHECK_BOTH(0, 0, proto_invalid_missing3);
395 CHECK_BOTH(0, 0, proto_invalid_missing4);
396 CHECK_BOTH(0, 0, proto_invalid_missing5);
397 CHECK_BOTH(0, 0, proto_invalid_missing6);
398 CHECK_BOTH(0, 0, proto_invalid_missing7);
399 CHECK_BOTH(0, 0, proto_invalid_missing8);
400 CHECK_BOTH(0, 0, proto_invalid_missing9);
401
402 return 1;
403}
404
405int
406dummy_alpn_cb(SSL *ssl __attribute__((unused)), const unsigned char **out,
407 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
408 void *arg __attribute__((unused)))
409{
410 *out = in;
411 *outlen = (unsigned char)inlen;
412
413 return 0;
414}
415
416int
417main(void)
418{
419 SSL_CTX *ctx = NULL;
420 SSL *s = NULL;
421 int rv = 1;
422
423 SSL_library_init();
424
425 CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
426 CHECK_GOTO((s = SSL_new(ctx)) != NULL);
427
428 if (!check_valid_alpn(s))
429 goto err;
430 if (!check_invalid_alpn(s))
431 goto err;
432
433 rv = 0;
434
435err:
436 SSL_CTX_free(ctx);
437 SSL_free(s);
438
439 if (!rv)
440 printf("PASS %s\n", __FILE__);
441 return rv;
442}
diff --git a/src/regress/lib/libssl/unit/tls_prf.c b/src/regress/lib/libssl/unit/tls_prf.c
deleted file mode 100644
index 2eacb12af3..0000000000
--- a/src/regress/lib/libssl/unit/tls_prf.c
+++ /dev/null
@@ -1,251 +0,0 @@
1/* $OpenBSD: tls_prf.c,v 1.4 2017/05/06 22:24:58 beck Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include "ssl_locl.h"
21
22int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
23 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
24 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
25 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
26
27#define TLS_PRF_OUT_LEN 128
28
29struct tls_prf_test {
30 const unsigned char *desc;
31 const SSL_METHOD *(*ssl_method)(void);
32 const uint16_t cipher_value;
33 const unsigned char out[TLS_PRF_OUT_LEN];
34};
35
36static struct tls_prf_test tls_prf_tests[] = {
37 {
38 .desc = "MD5+SHA1",
39 .ssl_method = TLSv1_method,
40 .cipher_value = 0x0033,
41 .out = {
42 0x03, 0xa1, 0xc1, 0x7d, 0x2c, 0xa5, 0x3d, 0xe8,
43 0x9d, 0x59, 0x5e, 0x30, 0xf5, 0x71, 0xbb, 0x96,
44 0xde, 0x5c, 0x8e, 0xdc, 0x25, 0x8a, 0x7c, 0x05,
45 0x9f, 0x7d, 0x35, 0x29, 0x45, 0xae, 0x56, 0xad,
46 0x9f, 0x57, 0x15, 0x5c, 0xdb, 0x83, 0x3a, 0xac,
47 0x19, 0xa8, 0x2b, 0x40, 0x72, 0x38, 0x1e, 0xed,
48 0xf3, 0x25, 0xde, 0x84, 0x84, 0xd8, 0xd1, 0xfc,
49 0x31, 0x85, 0x81, 0x12, 0x55, 0x4d, 0x12, 0xb5,
50 0xed, 0x78, 0x5e, 0xba, 0xc8, 0xec, 0x8d, 0x28,
51 0xa1, 0x21, 0x1e, 0x6e, 0x07, 0xf1, 0xfc, 0xf5,
52 0xbf, 0xe4, 0x8e, 0x8e, 0x97, 0x15, 0x93, 0x85,
53 0x75, 0xdd, 0x87, 0x09, 0xd0, 0x4e, 0xe5, 0xd5,
54 0x9e, 0x1f, 0xd6, 0x1c, 0x3b, 0xe9, 0xad, 0xba,
55 0xe0, 0x16, 0x56, 0x62, 0x90, 0xd6, 0x82, 0x84,
56 0xec, 0x8a, 0x22, 0xbe, 0xdc, 0x6a, 0x5e, 0x05,
57 0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66,
58 },
59 },
60 {
61 .desc = "GOST94",
62 .ssl_method = TLSv1_2_method,
63 .cipher_value = 0x0081,
64 .out = {
65 0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
66 0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
67 0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
68 0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
69 0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
70 0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
71 0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
72 0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
73 0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
74 0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
75 0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
76 0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
77 0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
78 0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
79 0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
80 0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
81 },
82 },
83 {
84 .desc = "SHA256 (via TLSv1.2)",
85 .ssl_method = TLSv1_2_method,
86 .cipher_value = 0x0033,
87 .out = {
88 0x37, 0xa7, 0x06, 0x71, 0x6e, 0x19, 0x19, 0xda,
89 0x23, 0x8c, 0xcc, 0xb4, 0x2f, 0x31, 0x64, 0x9d,
90 0x05, 0x29, 0x1c, 0x33, 0x7e, 0x09, 0x1b, 0x0c,
91 0x0e, 0x23, 0xc1, 0xb0, 0x40, 0xcc, 0x31, 0xf7,
92 0x55, 0x66, 0x68, 0xd9, 0xa8, 0xae, 0x74, 0x75,
93 0xf3, 0x46, 0xe9, 0x3a, 0x54, 0x9d, 0xe0, 0x8b,
94 0x7e, 0x6c, 0x63, 0x1c, 0xfa, 0x2f, 0xfd, 0xc9,
95 0xd3, 0xf1, 0xd3, 0xfe, 0x7b, 0x9e, 0x14, 0x95,
96 0xb5, 0xd0, 0xad, 0x9b, 0xee, 0x78, 0x8c, 0x83,
97 0x18, 0x58, 0x7e, 0xa2, 0x23, 0xc1, 0x8b, 0x62,
98 0x94, 0x12, 0xcb, 0xb6, 0x60, 0x69, 0x32, 0xfe,
99 0x98, 0x0e, 0x93, 0xb0, 0x8e, 0x5c, 0xfb, 0x6e,
100 0xdb, 0x9a, 0xc2, 0x9f, 0x8c, 0x5c, 0x43, 0x19,
101 0xeb, 0x4a, 0x52, 0xad, 0x62, 0x2b, 0xdd, 0x9f,
102 0xa3, 0x74, 0xa6, 0x96, 0x61, 0x4d, 0x98, 0x40,
103 0x63, 0xa6, 0xd4, 0xbb, 0x17, 0x11, 0x75, 0xed,
104 },
105 },
106 {
107 .desc = "SHA384",
108 .ssl_method = TLSv1_2_method,
109 .cipher_value = 0x009d,
110 .out = {
111 0x00, 0x93, 0xc3, 0xfd, 0xa7, 0xbb, 0xdc, 0x5b,
112 0x13, 0x3a, 0xe6, 0x8b, 0x1b, 0xac, 0xf3, 0xfb,
113 0x3c, 0x9a, 0x78, 0xf6, 0x19, 0xf0, 0x13, 0x0f,
114 0x0d, 0x01, 0x9d, 0xdf, 0x0a, 0x28, 0x38, 0xce,
115 0x1a, 0x9b, 0x43, 0xbe, 0x56, 0x12, 0xa7, 0x16,
116 0x58, 0xe1, 0x8a, 0xe4, 0xc5, 0xbb, 0x10, 0x4c,
117 0x3a, 0xf3, 0x7f, 0xd3, 0xdb, 0xe4, 0xe0, 0x3d,
118 0xcc, 0x83, 0xca, 0xf0, 0xf9, 0x69, 0xcc, 0x70,
119 0x83, 0x32, 0xf6, 0xfc, 0x81, 0x80, 0x02, 0xe8,
120 0x31, 0x1e, 0x7c, 0x3b, 0x34, 0xf7, 0x34, 0xd1,
121 0xcf, 0x2a, 0xc4, 0x36, 0x2f, 0xe9, 0xaa, 0x7f,
122 0x6d, 0x1f, 0x5e, 0x0e, 0x39, 0x05, 0x15, 0xe1,
123 0xa2, 0x9a, 0x4d, 0x97, 0x8c, 0x62, 0x46, 0xf1,
124 0x87, 0x65, 0xd8, 0xe9, 0x14, 0x11, 0xa6, 0x48,
125 0xd7, 0x0e, 0x6e, 0x70, 0xad, 0xfb, 0x3f, 0x36,
126 0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
127 },
128 },
129 {
130 .desc = "STREEBOG256",
131 .ssl_method = TLSv1_2_method,
132 .cipher_value = 0xff87,
133 .out = {
134 0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
135 0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
136 0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
137 0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
138 0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
139 0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
140 0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
141 0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
142 0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
143 0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
144 0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
145 0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
146 0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
147 0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
148 0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
149 0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
150 },
151 },
152};
153
154#define N_TLS_PRF_TESTS \
155 (sizeof(tls_prf_tests) / sizeof(*tls_prf_tests))
156
157#define TLS_PRF_SEED1 "tls prf seed 1"
158#define TLS_PRF_SEED2 "tls prf seed 2"
159#define TLS_PRF_SEED3 "tls prf seed 3"
160#define TLS_PRF_SEED4 "tls prf seed 4"
161#define TLS_PRF_SEED5 "tls prf seed 5"
162#define TLS_PRF_SECRET "tls prf secretz"
163
164static void
165hexdump(const unsigned char *buf, size_t len)
166{
167 size_t i;
168
169 for (i = 1; i <= len; i++)
170 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
171
172 fprintf(stderr, "\n");
173}
174
175static int
176do_tls_prf_test(int test_no, struct tls_prf_test *tpt)
177{
178 unsigned char *out = NULL;
179 const SSL_CIPHER *cipher;
180 SSL_CTX *ssl_ctx = NULL;
181 SSL *ssl = NULL;
182 int failure = 1;
183 int len;
184
185 fprintf(stderr, "Test %i - %s\n", test_no, tpt->desc);
186
187 if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL)
188 errx(1, "failed to allocate out");
189
190 if ((ssl_ctx = SSL_CTX_new(tpt->ssl_method())) == NULL)
191 errx(1, "failed to create SSL context");
192 if ((ssl = SSL_new(ssl_ctx)) == NULL)
193 errx(1, "failed to create SSL context");
194
195 if ((cipher = ssl3_get_cipher_by_value(tpt->cipher_value)) == NULL) {
196 fprintf(stderr, "FAIL: no cipher %hx\n", tpt->cipher_value);
197 goto failure;
198 }
199
200 S3I(ssl)->hs.new_cipher = cipher;
201
202 for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
203 memset(out, 'A', TLS_PRF_OUT_LEN);
204
205 if (tls1_PRF(ssl, TLS_PRF_SECRET, sizeof(TLS_PRF_SECRET),
206 TLS_PRF_SEED1, sizeof(TLS_PRF_SEED1), TLS_PRF_SEED2,
207 sizeof(TLS_PRF_SEED2), TLS_PRF_SEED3, sizeof(TLS_PRF_SEED3),
208 TLS_PRF_SEED4, sizeof(TLS_PRF_SEED4), TLS_PRF_SEED5,
209 sizeof(TLS_PRF_SEED5), out, len) != 1) {
210 fprintf(stderr, "FAIL: tls_PRF failed for len %i\n",
211 len);
212 goto failure;
213 }
214
215 if (memcmp(out, tpt->out, len) != 0) {
216 fprintf(stderr, "FAIL: tls_PRF output differs for "
217 "len %i\n", len);
218 fprintf(stderr, "output:\n");
219 hexdump(out, TLS_PRF_OUT_LEN);
220 fprintf(stderr, "test data:\n");
221 hexdump(tpt->out, TLS_PRF_OUT_LEN);
222 fprintf(stderr, "\n");
223 goto failure;
224 }
225 }
226
227 failure = 0;
228
229 failure:
230 SSL_free(ssl);
231 SSL_CTX_free(ssl_ctx);
232
233 free(out);
234
235 return failure;
236}
237
238int
239main(int argc, char **argv)
240{
241 int failed = 0;
242 size_t i;
243
244 SSL_library_init();
245 SSL_load_error_strings();
246
247 for (i = 0; i < N_TLS_PRF_TESTS; i++)
248 failed |= do_tls_prf_test(i, &tls_prf_tests[i]);
249
250 return failed;
251}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-27 10:24:40 +0000