summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libssl')
-rw-r--r--src/regress/lib/libssl/Makefile27
-rw-r--r--src/regress/lib/libssl/Makefile.inc2
-rw-r--r--src/regress/lib/libssl/asn1/Makefile11
-rw-r--r--src/regress/lib/libssl/asn1/asn1test.c478
-rw-r--r--src/regress/lib/libssl/buffer/Makefile10
-rw-r--r--src/regress/lib/libssl/buffer/buffertest.c156
-rw-r--r--src/regress/lib/libssl/bytestring/Makefile9
-rw-r--r--src/regress/lib/libssl/bytestring/bytestringtest.c916
-rw-r--r--src/regress/lib/libssl/certs/ca.pem45
-rw-r--r--src/regress/lib/libssl/certs/client.pem51
-rw-r--r--src/regress/lib/libssl/certs/server.pem51
-rw-r--r--src/regress/lib/libssl/ciphers/Makefile9
-rw-r--r--src/regress/lib/libssl/ciphers/cipherstest.c531
-rw-r--r--src/regress/lib/libssl/client/Makefile9
-rw-r--r--src/regress/lib/libssl/client/clienttest.c740
-rw-r--r--src/regress/lib/libssl/dtls/Makefile19
-rw-r--r--src/regress/lib/libssl/dtls/dtlstest.c1072
-rw-r--r--src/regress/lib/libssl/handshake/Makefile44
-rw-r--r--src/regress/lib/libssl/handshake/handshake_table.c514
-rw-r--r--src/regress/lib/libssl/handshake/valid_handshakes_terminate.c57
-rw-r--r--src/regress/lib/libssl/interop/LICENSE15
-rw-r--r--src/regress/lib/libssl/interop/Makefile19
-rw-r--r--src/regress/lib/libssl/interop/Makefile.inc90
-rw-r--r--src/regress/lib/libssl/interop/README22
-rw-r--r--src/regress/lib/libssl/interop/botan/Makefile82
-rw-r--r--src/regress/lib/libssl/interop/botan/client.cpp228
-rw-r--r--src/regress/lib/libssl/interop/cert/Makefile87
-rw-r--r--src/regress/lib/libssl/interop/cipher/Makefile170
-rw-r--r--src/regress/lib/libssl/interop/client.c273
-rw-r--r--src/regress/lib/libssl/interop/libressl/Makefile34
-rw-r--r--src/regress/lib/libssl/interop/netcat/Makefile84
-rw-r--r--src/regress/lib/libssl/interop/openssl/Makefile42
-rw-r--r--src/regress/lib/libssl/interop/openssl11/Makefile42
-rw-r--r--src/regress/lib/libssl/interop/server.c320
-rw-r--r--src/regress/lib/libssl/interop/session/Makefile46
-rw-r--r--src/regress/lib/libssl/interop/util.c145
-rw-r--r--src/regress/lib/libssl/interop/util.h23
-rw-r--r--src/regress/lib/libssl/interop/version/Makefile103
-rw-r--r--src/regress/lib/libssl/key_schedule/Makefile9
-rw-r--r--src/regress/lib/libssl/key_schedule/key_schedule.c317
-rw-r--r--src/regress/lib/libssl/openssl-ruby/Makefile72
-rw-r--r--src/regress/lib/libssl/pqueue/Makefile17
-rw-r--r--src/regress/lib/libssl/pqueue/expected.txt3
-rw-r--r--src/regress/lib/libssl/pqueue/pq_test.c118
-rw-r--r--src/regress/lib/libssl/record/Makefile10
-rw-r--r--src/regress/lib/libssl/record/recordtest.c555
-rw-r--r--src/regress/lib/libssl/record_layer/Makefile10
-rw-r--r--src/regress/lib/libssl/record_layer/record_layer_test.c306
-rw-r--r--src/regress/lib/libssl/server/Makefile18
-rw-r--r--src/regress/lib/libssl/server/servertest.c209
-rw-r--r--src/regress/lib/libssl/ssl/Makefile16
-rw-r--r--src/regress/lib/libssl/ssl/ssltest.c1911
-rw-r--r--src/regress/lib/libssl/ssl/testssl152
-rw-r--r--src/regress/lib/libssl/tlsext/Makefile9
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c3650
-rw-r--r--src/regress/lib/libssl/tlsfuzzer/Makefile47
-rw-r--r--src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py876
-rw-r--r--src/regress/lib/libssl/tlslegacy/Makefile9
-rw-r--r--src/regress/lib/libssl/tlslegacy/tlslegacytest.c633
-rw-r--r--src/regress/lib/libssl/unit/Makefile27
-rw-r--r--src/regress/lib/libssl/unit/cipher_list.c204
-rw-r--r--src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c482
-rw-r--r--src/regress/lib/libssl/unit/ssl_methods.c267
-rw-r--r--src/regress/lib/libssl/unit/ssl_versions.c910
-rw-r--r--src/regress/lib/libssl/unit/tests.h44
-rw-r--r--src/regress/lib/libssl/unit/tls_ext_alpn.c442
-rw-r--r--src/regress/lib/libssl/unit/tls_prf.c251
67 files changed, 0 insertions, 18150 deletions
diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile
deleted file mode 100644
index 1df48f2525..0000000000
--- a/src/regress/lib/libssl/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
1# $OpenBSD: Makefile,v 1.43 2021/05/03 18:31:40 tb Exp $
2
3SUBDIR += asn1
4SUBDIR += buffer
5SUBDIR += bytestring
6SUBDIR += ciphers
7SUBDIR += client
8SUBDIR += dtls
9SUBDIR += handshake
10SUBDIR += pqueue
11SUBDIR += record
12SUBDIR += record_layer
13SUBDIR += server
14SUBDIR += ssl
15SUBDIR += tlsext
16SUBDIR += tlslegacy
17SUBDIR += key_schedule
18SUBDIR += unit
19
20# Things that take a long time should go below here.
21SUBDIR += openssl-ruby
22SUBDIR += tlsfuzzer
23SUBDIR += interop
24
25install:
26
27.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/Makefile.inc b/src/regress/lib/libssl/Makefile.inc
deleted file mode 100644
index a8880845e9..0000000000
--- a/src/regress/lib/libssl/Makefile.inc
+++ /dev/null
@@ -1,2 +0,0 @@
1# Use this variable when the test needs internal symbols from libssl
2SSL_INT= -Wl,-Bstatic -lssl -Wl,-Bdynamic
diff --git a/src/regress/lib/libssl/asn1/Makefile b/src/regress/lib/libssl/asn1/Makefile
deleted file mode 100644
index 16fca9f6ca..0000000000
--- a/src/regress/lib/libssl/asn1/Makefile
+++ /dev/null
@@ -1,11 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2021/06/30 18:09:46 jsing Exp $
2
3PROG= asn1test
4LDADD= -lcrypto -lssl
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6
7WARNINGS= Yes
8CFLAGS+= -DLIBRESSL_INTERNAL -Werror
9CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
10
11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/asn1/asn1test.c b/src/regress/lib/libssl/asn1/asn1test.c
deleted file mode 100644
index 18a9713878..0000000000
--- a/src/regress/lib/libssl/asn1/asn1test.c
+++ /dev/null
@@ -1,478 +0,0 @@
1/* $OpenBSD: asn1test.c,v 1.8 2021/06/30 18:09:46 jsing Exp $ */
2/*
3 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdlib.h>
20
21#include <openssl/bio.h>
22#include <openssl/err.h>
23#include <openssl/ssl.h>
24#include <openssl/tls1.h>
25
26#include "ssl_locl.h"
27
28int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
29SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
30 long length);
31
32X509 *peer_cert;
33
34unsigned char *peer_cert_pem =
35 "-----BEGIN CERTIFICATE-----\n"
36 "MIIBcTCCARugAwIBAgIJAPYhaZJAvUuUMA0GCSqGSIb3DQEBBQUAMBQxEjAQBgNV\n"
37 "BAoMCVRlc3QgUGVlcjAeFw0xNjEyMjYxNDQ3NDdaFw0yNjEyMjQxNDQ3NDdaMBQx\n"
38 "EjAQBgNVBAoMCVRlc3QgUGVlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCyhAdJ\n"
39 "wojHv/uKONh8MbmR2U2+VF1HQusnLfSfHPqkJfvDzLWJ41TG7QcXkx2rIJVtAFrO\n"
40 "U9yNdFYJLA/hsrbjAgMBAAGjUDBOMB0GA1UdDgQWBBS3bZOw7fvaortdsdE2TPMq\n"
41 "IRXFRzAfBgNVHSMEGDAWgBS3bZOw7fvaortdsdE2TPMqIRXFRzAMBgNVHRMEBTAD\n"
42 "AQH/MA0GCSqGSIb3DQEBBQUAA0EAHsxNS+rNUZbopeDMhVIviOfUmelDjJrT56Rc\n"
43 "VJoFN3Gc1cV8nQAHm9aJs71uksC+MN04Pzh0WqmYX9XXrnYPcg==\n"
44 "-----END CERTIFICATE-----\n";
45
46struct ssl_asn1_test {
47 SSL_SESSION session;
48 int peer_cert;
49 const unsigned char asn1[1024];
50 int asn1_len;
51};
52
53unsigned char tlsext_tick[] = {
54 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
55 0x2d, 0x30, 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37,
56 0x74, 0x68, 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c,
57 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
58 0x45, 0x2d, 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35,
59 0x32, 0x39, 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68,
60 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
61 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
62 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39,
63 0x38, 0x3a, 0x20, 0x32, 0x31, 0x73, 0x74, 0x20,
64 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30,
65 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
66 0x30, 0x31, 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30,
67 0x3a, 0x20, 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d,
68 0x61, 0x79, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
69 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
70 0x2d, 0x30, 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35,
71 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
72 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45,
73 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32,
74 0x32, 0x31, 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20,
75 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31,
76 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
77 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a,
78 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e,
79 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
80};
81
82struct ssl_asn1_test ssl_asn1_tests[] = {
83 {
84 .session = {
85 .cipher_id = 0x03000000L | 1,
86 .ssl_version = TLS1_2_VERSION,
87 },
88 .asn1 = {
89 0x30, 0x13, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
90 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x00, 0x04,
91 0x00, 0xa4, 0x02, 0x04, 0x00,
92 },
93 .asn1_len = 21,
94 },
95 {
96 .session = {
97 .cipher_id = 0x03000000L | 1,
98 .ssl_version = TLS1_2_VERSION,
99 .master_key_length = 26,
100 .session_id = "0123456789",
101 .session_id_length = 10,
102 .sid_ctx = "abcdefghijklmnopqrstuvwxyz",
103 .sid_ctx_length = 26,
104 },
105 .asn1 = {
106 0x30, 0x51, 0x02, 0x01, 0x01, 0x02, 0x02, 0x03,
107 0x03, 0x04, 0x02, 0x00, 0x01, 0x04, 0x0a, 0x30,
108 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
109 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00, 0x00, 0x00,
110 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
111 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
112 0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x1c, 0x04,
113 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
114 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
115 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
116 0x78, 0x79, 0x7a,
117 },
118 .asn1_len = 83,
119 },
120 {
121 .session = {
122 .cipher_id = 0x03000000L | 1,
123 .ssl_version = TLS1_2_VERSION,
124 .master_key_length = 26,
125 .session_id = "0123456789",
126 .session_id_length = 10,
127 .sid_ctx = "abcdefghijklmnopqrstuvwxyz",
128 .sid_ctx_length = 26,
129 .time = 1405266069,
130 .timeout = 5,
131 .verify_result = 42,
132 .tlsext_hostname = "libressl.openbsd.org",
133 .tlsext_tick_lifetime_hint = 0x7abbccdd,
134 .tlsext_tick = tlsext_tick,
135 .tlsext_ticklen = sizeof(tlsext_tick),
136 },
137 .peer_cert = 1,
138 .asn1 = {
139 0x30, 0x82, 0x02, 0xd1, 0x02, 0x01, 0x01, 0x02,
140 0x02, 0x03, 0x03, 0x04, 0x02, 0x00, 0x01, 0x04,
141 0x0a, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
142 0x37, 0x38, 0x39, 0x04, 0x1a, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa1,
146 0x06, 0x02, 0x04, 0x53, 0xc2, 0xa8, 0x95, 0xa2,
147 0x03, 0x02, 0x01, 0x05, 0xa3, 0x82, 0x01, 0x75,
148 0x30, 0x82, 0x01, 0x71, 0x30, 0x82, 0x01, 0x1b,
149 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
150 0xf6, 0x21, 0x69, 0x92, 0x40, 0xbd, 0x4b, 0x94,
151 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
152 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30,
153 0x14, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55,
154 0x04, 0x0a, 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74,
155 0x20, 0x50, 0x65, 0x65, 0x72, 0x30, 0x1e, 0x17,
156 0x0d, 0x31, 0x36, 0x31, 0x32, 0x32, 0x36, 0x31,
157 0x34, 0x34, 0x37, 0x34, 0x37, 0x5a, 0x17, 0x0d,
158 0x32, 0x36, 0x31, 0x32, 0x32, 0x34, 0x31, 0x34,
159 0x34, 0x37, 0x34, 0x37, 0x5a, 0x30, 0x14, 0x31,
160 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
161 0x0c, 0x09, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50,
162 0x65, 0x65, 0x72, 0x30, 0x5c, 0x30, 0x0d, 0x06,
163 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
164 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30,
165 0x48, 0x02, 0x41, 0x00, 0xb2, 0x84, 0x07, 0x49,
166 0xc2, 0x88, 0xc7, 0xbf, 0xfb, 0x8a, 0x38, 0xd8,
167 0x7c, 0x31, 0xb9, 0x91, 0xd9, 0x4d, 0xbe, 0x54,
168 0x5d, 0x47, 0x42, 0xeb, 0x27, 0x2d, 0xf4, 0x9f,
169 0x1c, 0xfa, 0xa4, 0x25, 0xfb, 0xc3, 0xcc, 0xb5,
170 0x89, 0xe3, 0x54, 0xc6, 0xed, 0x07, 0x17, 0x93,
171 0x1d, 0xab, 0x20, 0x95, 0x6d, 0x00, 0x5a, 0xce,
172 0x53, 0xdc, 0x8d, 0x74, 0x56, 0x09, 0x2c, 0x0f,
173 0xe1, 0xb2, 0xb6, 0xe3, 0x02, 0x03, 0x01, 0x00,
174 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x1d, 0x06,
175 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14,
176 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda, 0xa2,
177 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3, 0x2a,
178 0x21, 0x15, 0xc5, 0x47, 0x30, 0x1f, 0x06, 0x03,
179 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
180 0x14, 0xb7, 0x6d, 0x93, 0xb0, 0xed, 0xfb, 0xda,
181 0xa2, 0xbb, 0x5d, 0xb1, 0xd1, 0x36, 0x4c, 0xf3,
182 0x2a, 0x21, 0x15, 0xc5, 0x47, 0x30, 0x0c, 0x06,
183 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03,
184 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a,
185 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
186 0x05, 0x00, 0x03, 0x41, 0x00, 0x1e, 0xcc, 0x4d,
187 0x4b, 0xea, 0xcd, 0x51, 0x96, 0xe8, 0xa5, 0xe0,
188 0xcc, 0x85, 0x52, 0x2f, 0x88, 0xe7, 0xd4, 0x99,
189 0xe9, 0x43, 0x8c, 0x9a, 0xd3, 0xe7, 0xa4, 0x5c,
190 0x54, 0x9a, 0x05, 0x37, 0x71, 0x9c, 0xd5, 0xc5,
191 0x7c, 0x9d, 0x00, 0x07, 0x9b, 0xd6, 0x89, 0xb3,
192 0xbd, 0x6e, 0x92, 0xc0, 0xbe, 0x30, 0xdd, 0x38,
193 0x3f, 0x38, 0x74, 0x5a, 0xa9, 0x98, 0x5f, 0xd5,
194 0xd7, 0xae, 0x76, 0x0f, 0x72, 0xa4, 0x1c, 0x04,
195 0x1a, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
196 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
197 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
198 0x78, 0x79, 0x7a, 0xa5, 0x03, 0x02, 0x01, 0x2a,
199 0xa6, 0x16, 0x04, 0x14, 0x6c, 0x69, 0x62, 0x72,
200 0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x70, 0x65,
201 0x6e, 0x62, 0x73, 0x64, 0x2e, 0x6f, 0x72, 0x67,
202 0xa9, 0x06, 0x02, 0x04, 0x7a, 0xbb, 0xcc, 0xdd,
203 0xaa, 0x81, 0xd2, 0x04, 0x81, 0xcf, 0x43, 0x56,
204 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
205 0x31, 0x36, 0x30, 0x3a, 0x20, 0x37, 0x74, 0x68,
206 0x20, 0x41, 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32,
207 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d,
208 0x32, 0x30, 0x31, 0x30, 0x2d, 0x35, 0x32, 0x39,
209 0x38, 0x3a, 0x20, 0x38, 0x74, 0x68, 0x20, 0x41,
210 0x70, 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31,
211 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30,
212 0x31, 0x34, 0x2d, 0x30, 0x31, 0x39, 0x38, 0x3a,
213 0x20, 0x32, 0x31, 0x73, 0x74, 0x20, 0x41, 0x70,
214 0x72, 0x69, 0x6c, 0x20, 0x32, 0x30, 0x31, 0x34,
215 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31,
216 0x34, 0x2d, 0x33, 0x34, 0x37, 0x30, 0x3a, 0x20,
217 0x33, 0x30, 0x74, 0x68, 0x20, 0x4d, 0x61, 0x79,
218 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a, 0x43, 0x56,
219 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34, 0x2d, 0x30,
220 0x31, 0x39, 0x35, 0x3a, 0x20, 0x35, 0x74, 0x68,
221 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20, 0x32, 0x30,
222 0x31, 0x34, 0x0a, 0x43, 0x56, 0x45, 0x2d, 0x32,
223 0x30, 0x31, 0x34, 0x2d, 0x30, 0x32, 0x32, 0x31,
224 0x3a, 0x20, 0x35, 0x74, 0x68, 0x20, 0x4a, 0x75,
225 0x6e, 0x65, 0x20, 0x32, 0x30, 0x31, 0x34, 0x0a,
226 0x43, 0x56, 0x45, 0x2d, 0x32, 0x30, 0x31, 0x34,
227 0x2d, 0x30, 0x32, 0x32, 0x34, 0x3a, 0x20, 0x35,
228 0x74, 0x68, 0x20, 0x4a, 0x75, 0x6e, 0x65, 0x20,
229 0x32, 0x30, 0x31, 0x34, 0x0a,
230 },
231 .asn1_len = 725,
232 },
233 {
234 .session = {
235 .cipher_id = 0x03000000L | 1,
236 .ssl_version = TLS1_2_VERSION,
237 .timeout = -1,
238 },
239 .asn1 = {
240 0x0,
241 },
242 .asn1_len = -1,
243 },
244 {
245 .session = {
246 .cipher_id = 0x03000000L | 1,
247 .ssl_version = TLS1_2_VERSION,
248 .time = -1,
249 },
250 .asn1 = {
251 0x0,
252 },
253 .asn1_len = -1,
254 },
255};
256
257#define N_SSL_ASN1_TESTS \
258 (sizeof(ssl_asn1_tests) / sizeof(*ssl_asn1_tests))
259
260static int
261session_strcmp(const unsigned char *o1, const unsigned char *o2, size_t len)
262{
263 if (o1 == NULL && o2 == NULL)
264 return (0);
265 if (o1 == NULL || o2 == NULL)
266 return (1);
267 return memcmp(o1, o2, len);
268}
269
270static int
271session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
272{
273 /* Compare the ASN.1 encoded values from two sessions. */
274 if (s1->ssl_version != s2->ssl_version) {
275 fprintf(stderr, "ssl_version differs: %i != %i\n",
276 s1->ssl_version, s2->ssl_version);
277 return (1);
278 }
279 if (s1->cipher_id != s2->cipher_id) {
280 fprintf(stderr, "cipher_id differs: %li != %li\n",
281 s1->cipher_id, s2->cipher_id);
282 return (1);
283 }
284
285 if (s1->master_key_length != s2->master_key_length) {
286 fprintf(stderr, "master_key_length differs: %i != %i\n",
287 s1->master_key_length, s2->master_key_length);
288 return (1);
289 }
290 if (session_strcmp(s1->master_key, s2->master_key,
291 s1->master_key_length) != 0) {
292 fprintf(stderr, "master_key differs\n");
293 return (1);
294 }
295
296 if (s1->session_id_length != s2->session_id_length) {
297 fprintf(stderr, "session_id_length differs: %i != %i\n",
298 s1->session_id_length, s2->session_id_length);
299 return (1);
300 }
301 if (session_strcmp(s1->session_id, s2->session_id,
302 s1->session_id_length) != 0) {
303 fprintf(stderr, "session_id differs\n");
304 return (1);
305 }
306
307 if (s1->sid_ctx_length != s2->sid_ctx_length) {
308 fprintf(stderr, "sid_ctx_length differs: %i != %i\n",
309 s1->sid_ctx_length, s2->sid_ctx_length);
310 return (1);
311 }
312 if (session_strcmp(s1->sid_ctx, s2->sid_ctx,
313 s1->sid_ctx_length) != 0) {
314 fprintf(stderr, "sid_ctx differs\n");
315 return (1);
316 }
317
318 /* d2i_SSL_SESSION uses the current time if decoding a zero value. */
319 if ((s1->time != s2->time) && s1->time != 0 && s2->time != 0) {
320 fprintf(stderr, "time differs: %lli != %lli\n",
321 (long long)s1->time, (long long)s2->time);
322 return (1);
323 }
324 /* d2i_SSL_SESSION uses a timeout of 3 if decoding a zero value. */
325 if ((s1->timeout != s2->timeout) &&
326 s1->timeout != 3 && s2->timeout != 3) {
327 fprintf(stderr, "timeout differs: %li != %li\n",
328 s1->timeout, s2->timeout);
329 return (1);
330 }
331
332 /* Ensure that a certificate is or is not present in both. */
333 if ((s1->peer != NULL || s2->peer != NULL) &&
334 (s1->peer == NULL || s2->peer == NULL ||
335 X509_cmp(s1->peer, s2->peer) != 0)) {
336 fprintf(stderr, "peer differs\n");
337 return (1);
338 }
339
340 if (s1->verify_result != s2->verify_result) {
341 fprintf(stderr, "verify_result differs: %li != %li\n",
342 s1->verify_result, s2->verify_result);
343 return (1);
344 }
345
346 if (session_strcmp(s1->tlsext_hostname, s2->tlsext_hostname,
347 (s1->tlsext_hostname ? strlen(s1->tlsext_hostname) : 0)) != 0) {
348 fprintf(stderr, "sid_ctx differs\n");
349 return (1);
350 }
351 if (s1->tlsext_tick_lifetime_hint != s2->tlsext_tick_lifetime_hint) {
352 fprintf(stderr, "tlsext_tick_lifetime_hint differs: "
353 "%li != %li\n", s1->tlsext_tick_lifetime_hint,
354 s2->tlsext_tick_lifetime_hint);
355 return (1);
356 }
357 if (s1->tlsext_ticklen != s2->tlsext_ticklen) {
358 fprintf(stderr, "tlsext_ticklen differs: %zu != %zu\n",
359 s1->tlsext_ticklen, s2->tlsext_ticklen);
360 return (1);
361 }
362 if (session_strcmp(s1->tlsext_tick, s2->tlsext_tick,
363 s1->tlsext_ticklen) != 0) {
364 fprintf(stderr, "tlsext_tick differs\n");
365 return (1);
366 }
367
368 return (0);
369}
370
371static int
372do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
373{
374 SSL_SESSION *sp = NULL;
375 unsigned char *ap, *asn1 = NULL;
376 const unsigned char *pp;
377 int i, len, rv = 1;
378
379 if (sat->peer_cert)
380 sat->session.peer = peer_cert;
381
382 len = i2d_SSL_SESSION(&sat->session, NULL);
383 if (len != sat->asn1_len) {
384 fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
385 "want %i\n", test_no, len, sat->asn1_len);
386 goto failed;
387 }
388
389 /* See if the test is expected to fail... */
390 if (sat->asn1_len == -1)
391 return (0);
392
393 if ((asn1 = malloc(len)) == NULL)
394 errx(1, "failed to allocate memory");
395
396 ap = asn1;
397 len = i2d_SSL_SESSION(&sat->session, &ap);
398
399 /* Check the length again since the code path is different. */
400 if (len != sat->asn1_len) {
401 fprintf(stderr, "FAIL: test %i returned ASN1 length %i, "
402 "want %i\n", test_no, len, sat->asn1_len);
403 goto failed;
404 }
405 /* ap should now point at the end of the buffer. */
406 if (ap - asn1 != len) {
407 fprintf(stderr, "FAIL: test %i pointer increment does not "
408 "match length (%i != %i)\n", test_no, (int)(ap - asn1), len);
409 goto failed;
410 }
411
412 if (memcmp(asn1, &sat->asn1, len) != 0) {
413 fprintf(stderr, "FAIL: test %i - encoding differs:\n", test_no);
414 fprintf(stderr, "encoding:\n");
415 for (i = 1; i <= len; i++) {
416 fprintf(stderr, " 0x%02hhx,", asn1[i - 1]);
417 if (i % 8 == 0)
418 fprintf(stderr, "\n");
419 }
420 fprintf(stderr, "\n");
421 fprintf(stderr, "test data:\n");
422 for (i = 1; i <= sat->asn1_len; i++) {
423 fprintf(stderr, " 0x%02hhx,", sat->asn1[i - 1]);
424 if (i % 8 == 0)
425 fprintf(stderr, "\n");
426 }
427 fprintf(stderr, "\n");
428 goto failed;
429 }
430
431 pp = sat->asn1;
432
433 if ((sp = d2i_SSL_SESSION(NULL, &pp, sat->asn1_len)) == NULL) {
434 fprintf(stderr, "FAIL: test %i - decoding failed\n", test_no);
435 goto failed;
436 }
437
438 if (session_cmp(sp, &sat->session) != 0) {
439 fprintf(stderr, "FAIL: test %i - decoding differs\n", test_no);
440 goto failed;
441 }
442
443 rv = 0;
444
445 failed:
446 ERR_print_errors_fp(stderr);
447 SSL_SESSION_free(sp);
448 free(asn1);
449
450 return (rv);
451}
452
453int
454main(int argc, char **argv)
455{
456 BIO *bio = NULL;
457 int failed = 0;
458 size_t i;
459
460 SSL_library_init();
461 SSL_load_error_strings();
462
463 bio = BIO_new_mem_buf(peer_cert_pem, -1);
464 if (bio == NULL)
465 errx(1, "failed to create bio");
466
467 peer_cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
468 if (peer_cert == NULL)
469 errx(1, "failed to read peer cert");
470
471 for (i = 0; i < N_SSL_ASN1_TESTS; i++)
472 failed += do_ssl_asn1_test(i, &ssl_asn1_tests[i]);
473
474 X509_free(peer_cert);
475 BIO_free(bio);
476
477 return (failed);
478}
diff --git a/src/regress/lib/libssl/buffer/Makefile b/src/regress/lib/libssl/buffer/Makefile
deleted file mode 100644
index 64ed46fa90..0000000000
--- a/src/regress/lib/libssl/buffer/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2019/01/17 06:46:10 jsing Exp $
2
3PROG= buffertest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/buffer/buffertest.c b/src/regress/lib/libssl/buffer/buffertest.c
deleted file mode 100644
index e627865e35..0000000000
--- a/src/regress/lib/libssl/buffer/buffertest.c
+++ /dev/null
@@ -1,156 +0,0 @@
1/*
2 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <err.h>
18#include <string.h>
19
20#include "tls13_internal.h"
21
22uint8_t testdata[] = {
23 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
24 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
25};
26
27struct read_state {
28 uint8_t *buf;
29 size_t len;
30 size_t offset;
31};
32
33static ssize_t
34read_cb(void *buf, size_t buflen, void *cb_arg)
35{
36 struct read_state *rs = cb_arg;
37 ssize_t n;
38
39 if (rs->offset > rs->len)
40 return TLS13_IO_EOF;
41
42 if ((size_t)(n = buflen) > (rs->len - rs->offset))
43 n = rs->len - rs->offset;
44
45 if (n == 0)
46 return TLS13_IO_WANT_POLLIN;
47
48 memcpy(buf, &rs->buf[rs->offset], n);
49 rs->offset += n;
50
51 return n;
52}
53
54struct extend_test {
55 size_t extend_len;
56 size_t read_len;
57 ssize_t want_ret;
58};
59
60struct extend_test extend_tests[] = {
61 {
62 .extend_len = 4,
63 .read_len = 0,
64 .want_ret = TLS13_IO_WANT_POLLIN,
65 },
66 {
67 .extend_len = 4,
68 .read_len = 8,
69 .want_ret = 4,
70 },
71 {
72 .extend_len = 12,
73 .read_len = 8,
74 .want_ret = TLS13_IO_WANT_POLLIN,
75 },
76 {
77 .extend_len = 12,
78 .read_len = 10,
79 .want_ret = TLS13_IO_WANT_POLLIN,
80 },
81 {
82 .extend_len = 12,
83 .read_len = 12,
84 .want_ret = 12,
85 },
86 {
87 .extend_len = 16,
88 .read_len = 16,
89 .want_ret = 16,
90 },
91 {
92 .extend_len = 20,
93 .read_len = 1,
94 .want_ret = TLS13_IO_EOF,
95 },
96};
97
98#define N_EXTEND_TESTS (sizeof(extend_tests) / sizeof(extend_tests[0]))
99
100int
101main(int argc, char **argv)
102{
103 struct tls13_buffer *buf;
104 struct extend_test *et;
105 struct read_state rs;
106 uint8_t *data;
107 size_t i, data_len;
108 ssize_t ret;
109 CBS cbs;
110
111 rs.buf = testdata;
112 rs.offset = 0;
113
114 if ((buf = tls13_buffer_new(0)) == NULL)
115 errx(1, "tls13_buffer_new");
116
117 for (i = 0; i < N_EXTEND_TESTS; i++) {
118 et = &extend_tests[i];
119 rs.len = et->read_len;
120
121 ret = tls13_buffer_extend(buf, et->extend_len, read_cb, &rs);
122 if (ret != extend_tests[i].want_ret) {
123 fprintf(stderr, "FAIL: Test %zi - extend returned %zi, "
124 "want %zi\n", i, ret, et->want_ret);
125 return 1;
126 }
127
128 tls13_buffer_cbs(buf, &cbs);
129
130 if (!CBS_mem_equal(&cbs, testdata, CBS_len(&cbs))) {
131 fprintf(stderr, "FAIL: Test %zi - extend buffer "
132 "mismatch", i);
133 return 1;
134 }
135 }
136
137 if (!tls13_buffer_finish(buf, &data, &data_len)) {
138 fprintf(stderr, "FAIL: failed to finish\n");
139 return 1;
140 }
141
142 tls13_buffer_free(buf);
143
144 if (data_len != sizeof(testdata)) {
145 fprintf(stderr, "FAIL: got data length %zu, want %zu\n",
146 data_len, sizeof(testdata));
147 return 1;
148 }
149 if (memcmp(data, testdata, data_len) != 0) {
150 fprintf(stderr, "FAIL: data mismatch\n");
151 return 1;
152 }
153 free(data);
154
155 return 0;
156}
diff --git a/src/regress/lib/libssl/bytestring/Makefile b/src/regress/lib/libssl/bytestring/Makefile
deleted file mode 100644
index 162c81d255..0000000000
--- a/src/regress/lib/libssl/bytestring/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2016/11/04 17:51:54 guenther Exp $
2
3PROG= bytestringtest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/bytestring/bytestringtest.c b/src/regress/lib/libssl/bytestring/bytestringtest.c
deleted file mode 100644
index 040667ede9..0000000000
--- a/src/regress/lib/libssl/bytestring/bytestringtest.c
+++ /dev/null
@@ -1,916 +0,0 @@
1/* $OpenBSD: bytestringtest.c,v 1.14 2021/04/04 19:55:46 tb Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20
21#include <openssl/crypto.h>
22
23#include "bytestring.h"
24
25/* This is from <openssl/base.h> in boringssl */
26#define OPENSSL_U64(x) x##ULL
27
28#define PRINT_ERROR printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
29 __LINE__)
30
31#define CHECK(a) do { \
32 if (!(a)) { \
33 PRINT_ERROR; \
34 return 0; \
35 } \
36} while (0)
37
38#define CHECK_GOTO(a) do { \
39 if (!(a)) { \
40 PRINT_ERROR; \
41 goto err; \
42 } \
43} while (0)
44
45static int
46test_skip(void)
47{
48 static const uint8_t kData[] = {1, 2, 3};
49 CBS data;
50
51 CBS_init(&data, kData, sizeof(kData));
52
53 CHECK(CBS_len(&data) == 3);
54 CHECK(CBS_skip(&data, 1));
55 CHECK(CBS_len(&data) == 2);
56 CHECK(CBS_skip(&data, 2));
57 CHECK(CBS_len(&data) == 0);
58 CHECK(!CBS_skip(&data, 1));
59
60 return 1;
61}
62
63static int
64test_get_u(void)
65{
66 static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
67 uint8_t u8;
68 uint16_t u16;
69 uint32_t u32;
70 CBS data;
71
72 CBS_init(&data, kData, sizeof(kData));
73
74 CHECK(CBS_get_u8(&data, &u8));
75 CHECK(u8 == 1);
76 CHECK(CBS_get_u16(&data, &u16));
77 CHECK(u16 == 0x203);
78 CHECK(CBS_get_u24(&data, &u32));
79 CHECK(u32 == 0x40506);
80 CHECK(CBS_get_u32(&data, &u32));
81 CHECK(u32 == 0x708090a);
82 CHECK(!CBS_get_u8(&data, &u8));
83
84 return 1;
85}
86
87static int
88test_get_prefixed(void)
89{
90 static const uint8_t kData[] = {1, 2, 0, 2, 3, 4, 0, 0, 3, 3, 2, 1};
91 uint8_t u8;
92 uint16_t u16;
93 uint32_t u32;
94 CBS data, prefixed;
95
96 CBS_init(&data, kData, sizeof(kData));
97
98 CHECK(CBS_get_u8_length_prefixed(&data, &prefixed));
99 CHECK(CBS_len(&prefixed) == 1);
100 CHECK(CBS_get_u8(&prefixed, &u8));
101 CHECK(u8 == 2);
102 CHECK(CBS_get_u16_length_prefixed(&data, &prefixed));
103 CHECK(CBS_len(&prefixed) == 2);
104 CHECK(CBS_get_u16(&prefixed, &u16));
105 CHECK(u16 == 0x304);
106 CHECK(CBS_get_u24_length_prefixed(&data, &prefixed));
107 CHECK(CBS_len(&prefixed) == 3);
108 CHECK(CBS_get_u24(&prefixed, &u32));
109 CHECK(u32 == 0x30201);
110
111 return 1;
112}
113
114static int
115test_get_prefixed_bad(void)
116{
117 static const uint8_t kData1[] = {2, 1};
118 static const uint8_t kData2[] = {0, 2, 1};
119 static const uint8_t kData3[] = {0, 0, 2, 1};
120 CBS data, prefixed;
121
122 CBS_init(&data, kData1, sizeof(kData1));
123 CHECK(!CBS_get_u8_length_prefixed(&data, &prefixed));
124
125 CBS_init(&data, kData2, sizeof(kData2));
126 CHECK(!CBS_get_u16_length_prefixed(&data, &prefixed));
127
128 CBS_init(&data, kData3, sizeof(kData3));
129 CHECK(!CBS_get_u24_length_prefixed(&data, &prefixed));
130
131 return 1;
132}
133
134static int
135test_get_asn1(void)
136{
137 static const uint8_t kData1[] = {0x30, 2, 1, 2};
138 static const uint8_t kData2[] = {0x30, 3, 1, 2};
139 static const uint8_t kData3[] = {0x30, 0x80};
140 static const uint8_t kData4[] = {0x30, 0x81, 1, 1};
141 static const uint8_t kData5[4 + 0x80] = {0x30, 0x82, 0, 0x80};
142 static const uint8_t kData6[] = {0xa1, 3, 0x4, 1, 1};
143 static const uint8_t kData7[] = {0xa1, 3, 0x4, 2, 1};
144 static const uint8_t kData8[] = {0xa1, 3, 0x2, 1, 1};
145 static const uint8_t kData9[] = {0xa1, 3, 0x2, 1, 0xff};
146
147 CBS data, contents;
148 int present;
149 uint64_t value;
150
151 CBS_init(&data, kData1, sizeof(kData1));
152
153 CHECK(!CBS_peek_asn1_tag(&data, 0x1));
154 CHECK(CBS_peek_asn1_tag(&data, 0x30));
155
156 CHECK(CBS_get_asn1(&data, &contents, 0x30));
157 CHECK(CBS_len(&contents) == 2);
158 CHECK(memcmp(CBS_data(&contents), "\x01\x02", 2) == 0);
159
160 CBS_init(&data, kData2, sizeof(kData2));
161 /* data is truncated */
162 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
163
164 CBS_init(&data, kData3, sizeof(kData3));
165 /* zero byte length of length */
166 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
167
168 CBS_init(&data, kData4, sizeof(kData4));
169 /* long form mistakenly used. */
170 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
171
172 CBS_init(&data, kData5, sizeof(kData5));
173 /* length takes too many bytes. */
174 CHECK(!CBS_get_asn1(&data, &contents, 0x30));
175
176 CBS_init(&data, kData1, sizeof(kData1));
177 /* wrong tag. */
178 CHECK(!CBS_get_asn1(&data, &contents, 0x31));
179
180 CBS_init(&data, NULL, 0);
181 /* peek at empty data. */
182 CHECK(!CBS_peek_asn1_tag(&data, 0x30));
183
184 CBS_init(&data, NULL, 0);
185 /* optional elements at empty data. */
186 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa0));
187 CHECK(!present);
188 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
189 0xa0));
190 CHECK(!present);
191 CHECK(CBS_len(&contents) == 0);
192 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, NULL, 0xa0));
193 CHECK(CBS_len(&contents) == 0);
194 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42));
195 CHECK(value == 42);
196
197 CBS_init(&data, kData6, sizeof(kData6));
198 /* optional element. */
199 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa0));
200 CHECK(!present);
201 CHECK(CBS_get_optional_asn1(&data, &contents, &present, 0xa1));
202 CHECK(present);
203 CHECK(CBS_len(&contents) == 3);
204 CHECK(memcmp(CBS_data(&contents), "\x04\x01\x01", 3) == 0);
205
206 CBS_init(&data, kData6, sizeof(kData6));
207 /* optional octet string. */
208 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
209 0xa0));
210 CHECK(!present);
211 CHECK(CBS_len(&contents) == 0);
212 CHECK(CBS_get_optional_asn1_octet_string(&data, &contents, &present,
213 0xa1));
214 CHECK(present);
215 CHECK(CBS_len(&contents) == 1);
216 CHECK(CBS_data(&contents)[0] == 1);
217
218 CBS_init(&data, kData7, sizeof(kData7));
219 /* invalid optional octet string. */
220 CHECK(!CBS_get_optional_asn1_octet_string(&data, &contents, &present,
221 0xa1));
222
223 CBS_init(&data, kData8, sizeof(kData8));
224 /* optional octet string. */
225 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa0, 42));
226 CHECK(value == 42);
227 CHECK(CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42));
228 CHECK(value == 1);
229
230 CBS_init(&data, kData9, sizeof(kData9));
231 /* invalid optional integer. */
232 CHECK(!CBS_get_optional_asn1_uint64(&data, &value, 0xa1, 42));
233
234 return 1;
235}
236
237static int
238test_get_optional_asn1_bool(void)
239{
240 CBS data;
241 int val;
242
243 static const uint8_t kTrue[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0xff};
244 static const uint8_t kFalse[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x00};
245 static const uint8_t kInvalid[] = {0x0a, 3, CBS_ASN1_BOOLEAN, 1, 0x01};
246
247 CBS_init(&data, NULL, 0);
248 val = 2;
249 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0));
250 CHECK(val == 0);
251
252 CBS_init(&data, kTrue, sizeof(kTrue));
253 val = 2;
254 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 0));
255 CHECK(val == 1);
256
257 CBS_init(&data, kFalse, sizeof(kFalse));
258 val = 2;
259 CHECK(CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1));
260 CHECK(val == 0);
261
262 CBS_init(&data, kInvalid, sizeof(kInvalid));
263 CHECK(!CBS_get_optional_asn1_bool(&data, &val, 0x0a, 1));
264
265 return 1;
266}
267
268static int
269test_cbb_basic(void)
270{
271 static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
272 uint8_t *buf = NULL;
273 size_t buf_len;
274 int ret = 0;
275 CBB cbb;
276
277 CHECK(CBB_init(&cbb, 100));
278
279 CBB_cleanup(&cbb);
280
281 CHECK(CBB_init(&cbb, 0));
282 CHECK_GOTO(CBB_add_u8(&cbb, 1));
283 CHECK_GOTO(CBB_add_u16(&cbb, 0x203));
284 CHECK_GOTO(CBB_add_u24(&cbb, 0x40506));
285 CHECK_GOTO(CBB_add_u32(&cbb, 0x708090a));
286 CHECK_GOTO(CBB_add_bytes(&cbb, (const uint8_t*) "\x0b\x0c", 2));
287 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
288
289 ret = (buf_len == sizeof(kExpected)
290 && memcmp(buf, kExpected, buf_len) == 0);
291
292 if (0) {
293err:
294 CBB_cleanup(&cbb);
295 }
296 free(buf);
297 return ret;
298}
299
300static int
301test_cbb_add_space(void)
302{
303 static const uint8_t kExpected[] = {1, 2, 0, 0, 0, 0, 7, 8};
304 uint8_t *buf = NULL;
305 size_t buf_len;
306 uint8_t *data;
307 int ret = 0;
308 CBB cbb;
309
310 CHECK(CBB_init(&cbb, 100));
311
312 CHECK_GOTO(CBB_add_u16(&cbb, 0x102));
313 CHECK_GOTO(CBB_add_space(&cbb, &data, 4));
314 CHECK_GOTO(CBB_add_u16(&cbb, 0x708));
315 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
316
317 ret |= (buf_len == sizeof(kExpected)
318 && memcmp(buf, kExpected, buf_len) == 0);
319
320 memset(buf, 0xa5, buf_len);
321 CHECK(CBB_init_fixed(&cbb, buf, buf_len));
322
323 CHECK_GOTO(CBB_add_u16(&cbb, 0x102));
324 CHECK_GOTO(CBB_add_space(&cbb, &data, 4));
325 CHECK_GOTO(CBB_add_u16(&cbb, 0x708));
326 CHECK_GOTO(CBB_finish(&cbb, NULL, NULL));
327
328 ret |= (buf_len == sizeof(kExpected)
329 && memcmp(buf, kExpected, buf_len) == 0);
330
331 if (0) {
332err:
333 CBB_cleanup(&cbb);
334 }
335 free(buf);
336 return ret;
337}
338
339static int
340test_cbb_fixed(void)
341{
342 CBB cbb;
343 uint8_t buf[1];
344 uint8_t *out_buf = NULL;
345 size_t out_size;
346 int ret = 0;
347
348 CHECK(CBB_init_fixed(&cbb, NULL, 0));
349 CHECK_GOTO(!CBB_add_u8(&cbb, 1));
350 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
351 CHECK(out_buf == NULL && out_size == 0);
352
353 CHECK(CBB_init_fixed(&cbb, buf, 1));
354 CHECK_GOTO(CBB_add_u8(&cbb, 1));
355 CHECK_GOTO(!CBB_add_u8(&cbb, 2));
356 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
357
358 ret = (out_buf == buf && out_size == 1 && buf[0] == 1);
359
360 if (0) {
361err:
362 CBB_cleanup(&cbb);
363 }
364
365 return ret;
366}
367
368static int
369test_cbb_finish_child(void)
370{
371 CBB cbb, child;
372 uint8_t *out_buf = NULL;
373 size_t out_size;
374 int ret = 0;
375
376 CHECK(CBB_init(&cbb, 16));
377 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &child));
378 CHECK_GOTO(!CBB_finish(&child, &out_buf, &out_size));
379 CHECK_GOTO(CBB_finish(&cbb, &out_buf, &out_size));
380
381 ret = (out_size == 1 && out_buf[0] == 0);
382
383err:
384 free(out_buf);
385 return ret;
386}
387
388static int
389test_cbb_prefixed(void)
390{
391 static const uint8_t kExpected[] = {0, 1, 1, 0, 2, 2, 3, 0, 0, 3,
392 4, 5, 6, 5, 4, 1, 0, 1, 2};
393 CBB cbb, contents, inner_contents, inner_inner_contents;
394 uint8_t *buf = NULL;
395 size_t buf_len;
396 int ret = 0;
397
398 CHECK(CBB_init(&cbb, 0));
399 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
400 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
401 CHECK_GOTO(CBB_add_u8(&contents, 1));
402 CHECK_GOTO(CBB_add_u16_length_prefixed(&cbb, &contents));
403 CHECK_GOTO(CBB_add_u16(&contents, 0x203));
404 CHECK_GOTO(CBB_add_u24_length_prefixed(&cbb, &contents));
405 CHECK_GOTO(CBB_add_u24(&contents, 0x40506));
406 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
407 CHECK_GOTO(CBB_add_u8_length_prefixed(&contents, &inner_contents));
408 CHECK_GOTO(CBB_add_u8(&inner_contents, 1));
409 CHECK_GOTO(CBB_add_u16_length_prefixed(&inner_contents,
410 &inner_inner_contents));
411 CHECK_GOTO(CBB_add_u8(&inner_inner_contents, 2));
412 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
413
414 ret = (buf_len == sizeof(kExpected)
415 && memcmp(buf, kExpected, buf_len) == 0);
416
417 if (0) {
418err:
419 CBB_cleanup(&cbb);
420 }
421 free(buf);
422 return ret;
423}
424
425static int
426test_cbb_discard_child(void)
427{
428 static const uint8_t kExpected[] = {
429 0xaa,
430 0,
431 1, 0xbb,
432 0, 2, 0xcc, 0xcc,
433 0, 0, 3, 0xdd, 0xdd, 0xdd,
434 1, 0xff,
435 };
436 CBB cbb, contents, inner_contents, inner_inner_contents;
437 uint8_t *buf = NULL;
438 size_t buf_len;
439 int ret = 0;
440
441 CHECK(CBB_init(&cbb, 0));
442 CHECK_GOTO(CBB_add_u8(&cbb, 0xaa));
443
444 // Discarding |cbb|'s children preserves the byte written.
445 CBB_discard_child(&cbb);
446
447 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
448 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
449 CHECK_GOTO(CBB_add_u8(&contents, 0xbb));
450 CHECK_GOTO(CBB_add_u16_length_prefixed(&cbb, &contents));
451 CHECK_GOTO(CBB_add_u16(&contents, 0xcccc));
452 CHECK_GOTO(CBB_add_u24_length_prefixed(&cbb, &contents));
453 CHECK_GOTO(CBB_add_u24(&contents, 0xdddddd));
454 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &contents));
455 CHECK_GOTO(CBB_add_u8(&contents, 0xff));
456 CHECK_GOTO(CBB_add_u8_length_prefixed(&contents, &inner_contents));
457 CHECK_GOTO(CBB_add_u8(&inner_contents, 0x42));
458 CHECK_GOTO(CBB_add_u16_length_prefixed(&inner_contents,
459 &inner_inner_contents));
460 CHECK_GOTO(CBB_add_u8(&inner_inner_contents, 0x99));
461
462 // Discard everything from |inner_contents| down.
463 CBB_discard_child(&contents);
464
465 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
466
467 ret = (buf_len == sizeof(kExpected)
468 && memcmp(buf, kExpected, buf_len) == 0);
469
470 if (0) {
471err:
472 CBB_cleanup(&cbb);
473 }
474 free(buf);
475 return ret;
476}
477
478static int
479test_cbb_misuse(void)
480{
481 CBB cbb, child, contents;
482 uint8_t *buf = NULL;
483 size_t buf_len;
484 int ret = 0;
485
486 CHECK(CBB_init(&cbb, 0));
487 CHECK_GOTO(CBB_add_u8_length_prefixed(&cbb, &child));
488 CHECK_GOTO(CBB_add_u8(&child, 1));
489 CHECK_GOTO(CBB_add_u8(&cbb, 2));
490
491 /*
492 * Since we wrote to |cbb|, |child| is now invalid and attempts to write
493 * to it should fail.
494 */
495 CHECK_GOTO(!CBB_add_u8(&child, 1));
496 CHECK_GOTO(!CBB_add_u16(&child, 1));
497 CHECK_GOTO(!CBB_add_u24(&child, 1));
498 CHECK_GOTO(!CBB_add_u8_length_prefixed(&child, &contents));
499 CHECK_GOTO(!CBB_add_u16_length_prefixed(&child, &contents));
500 CHECK_GOTO(!CBB_add_asn1(&child, &contents, 1));
501 CHECK_GOTO(!CBB_add_bytes(&child, (const uint8_t*) "a", 1));
502 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
503
504 ret = (buf_len == 3 && memcmp(buf, "\x01\x01\x02", 3) == 0);
505
506 if (0) {
507err:
508 CBB_cleanup(&cbb);
509 }
510 free(buf);
511 return ret;
512}
513
514static int
515test_cbb_asn1(void)
516{
517 static const uint8_t kExpected[] = {0x30, 3, 1, 2, 3};
518 uint8_t *buf = NULL, *test_data = NULL;
519 size_t buf_len;
520 CBB cbb, contents, inner_contents;
521 int ret = 0;
522 int alloc = 0;
523
524 CHECK_GOTO(CBB_init(&cbb, 0));
525 alloc = 1;
526 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
527 CHECK_GOTO(CBB_add_bytes(&contents, (const uint8_t*) "\x01\x02\x03",
528 3));
529 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
530 alloc = 0;
531
532 CHECK_GOTO(buf_len == sizeof(kExpected));
533 CHECK_GOTO(memcmp(buf, kExpected, buf_len) == 0);
534
535 free(buf);
536 buf = NULL;
537
538 CHECK_GOTO(((test_data = malloc(100000)) != NULL));
539 memset(test_data, 0x42, 100000);
540
541 CHECK_GOTO(CBB_init(&cbb, 0));
542 alloc = 1;
543 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
544 CHECK_GOTO(CBB_add_bytes(&contents, test_data, 130));
545 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
546 alloc = 0;
547
548 CHECK_GOTO(buf_len == 3 + 130);
549 CHECK_GOTO(memcmp(buf, "\x30\x81\x82", 3) == 0);
550 CHECK_GOTO(memcmp(buf + 3, test_data, 130) == 0);
551
552 free(buf);
553 buf = NULL;
554
555 CHECK_GOTO(CBB_init(&cbb, 0));
556 alloc = 1;
557 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
558 CHECK_GOTO(CBB_add_bytes(&contents, test_data, 1000));
559 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
560 alloc = 0;
561
562 CHECK_GOTO(buf_len == 4 + 1000);
563 CHECK_GOTO(memcmp(buf, "\x30\x82\x03\xe8", 4) == 0);
564 CHECK_GOTO(!memcmp(buf + 4, test_data, 1000));
565
566 free(buf);
567 buf = NULL;
568
569 CHECK_GOTO(CBB_init(&cbb, 0));
570 alloc = 1;
571 CHECK_GOTO(CBB_add_asn1(&cbb, &contents, 0x30));
572 CHECK_GOTO(CBB_add_asn1(&contents, &inner_contents, 0x30));
573 CHECK_GOTO(CBB_add_bytes(&inner_contents, test_data, 100000));
574 CHECK_GOTO(CBB_finish(&cbb, &buf, &buf_len));
575 alloc = 0;
576
577 CHECK_GOTO(buf_len == 5 + 5 + 100000);
578 CHECK_GOTO(memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10)
579 == 0);
580 CHECK_GOTO(!memcmp(buf + 10, test_data, 100000));
581
582 ret = 1;
583
584 if (0) {
585err:
586 if (alloc)
587 CBB_cleanup(&cbb);
588 }
589 free(buf);
590 free(test_data);
591 return ret;
592}
593
594static int
595do_indefinite_convert(const char *name, const uint8_t *definite_expected,
596 size_t definite_len, const uint8_t *indefinite, size_t indefinite_len)
597{
598 CBS in;
599 uint8_t *out = NULL;
600 size_t out_len;
601 int ret = 0;
602
603 CBS_init(&in, indefinite, indefinite_len);
604
605 CHECK_GOTO(CBS_asn1_indefinite_to_definite(&in, &out, &out_len));
606
607 if (out == NULL) {
608
609 if (indefinite_len != definite_len ||
610 memcmp(definite_expected, indefinite, indefinite_len) != 0) {
611 PRINT_ERROR;
612 goto err;
613 }
614
615 return 1;
616 }
617
618 if (out_len != definite_len ||
619 memcmp(out, definite_expected, definite_len) != 0) {
620 PRINT_ERROR;
621 goto err;
622 }
623
624 ret = 1;
625err:
626 free(out);
627 return ret;
628}
629
630static int
631test_indefinite_convert(void)
632{
633 static const uint8_t kSimpleBER[] = {0x01, 0x01, 0x00};
634
635 /* kIndefBER contains a SEQUENCE with an indefinite length. */
636 static const uint8_t kIndefBER[] = {0x30, 0x80, 0x01, 0x01, 0x02, 0x00,
637 0x00};
638 static const uint8_t kIndefDER[] = {0x30, 0x03, 0x01, 0x01, 0x02};
639
640 /*
641 * kOctetStringBER contains an indefinite length OCTETSTRING with two
642 * parts. These parts need to be concatenated in DER form.
643 */
644 static const uint8_t kOctetStringBER[] = {0x24, 0x80, 0x04, 0x02, 0,
645 1, 0x04, 0x02, 2, 3, 0x00, 0x00};
646 static const uint8_t kOctetStringDER[] = {0x04, 0x04, 0, 1, 2, 3};
647
648 /*
649 * kNSSBER is part of a PKCS#12 message generated by NSS that uses
650 * indefinite length elements extensively.
651 */
652 static const uint8_t kNSSBER[] = {
653 0x30, 0x80, 0x02, 0x01, 0x03, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
654 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, 0x24, 0x80,
655 0x04, 0x04, 0x01, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00,
656 0x00, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e,
657 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84, 0x98, 0xfc, 0x66,
658 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8, 0x8f, 0xfe, 0x1d,
659 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38, 0x62, 0xc6, 0x44,
660 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0, 0x6e, 0x10, 0x9b,
661 0xb8, 0x02, 0x02, 0x07, 0xd0, 0x00, 0x00,
662 };
663
664 static const uint8_t kNSSDER[] = {
665 0x30, 0x53, 0x02, 0x01, 0x03, 0x30, 0x13, 0x06, 0x09, 0x2a, 0x86,
666 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x06, 0x04, 0x04,
667 0x01, 0x02, 0x03, 0x04, 0x30, 0x39, 0x30, 0x21, 0x30, 0x09, 0x06,
668 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x84,
669 0x98, 0xfc, 0x66, 0x33, 0xee, 0xba, 0xe7, 0x90, 0xc1, 0xb6, 0xe8,
670 0x8f, 0xfe, 0x1d, 0xc5, 0xa5, 0x97, 0x93, 0x3e, 0x04, 0x10, 0x38,
671 0x62, 0xc6, 0x44, 0x12, 0xd5, 0x30, 0x00, 0xf8, 0xf2, 0x1b, 0xf0,
672 0x6e, 0x10, 0x9b, 0xb8, 0x02, 0x02, 0x07, 0xd0,
673 };
674
675 CHECK(do_indefinite_convert("kSimpleBER", kSimpleBER, sizeof(kSimpleBER),
676 kSimpleBER, sizeof(kSimpleBER)));
677 CHECK(do_indefinite_convert("kIndefBER", kIndefDER, sizeof(kIndefDER),
678 kIndefBER, sizeof(kIndefBER)));
679 CHECK(do_indefinite_convert("kOctetStringBER", kOctetStringDER,
680 sizeof(kOctetStringDER), kOctetStringBER,
681 sizeof(kOctetStringBER)));
682 CHECK(do_indefinite_convert("kNSSBER", kNSSDER, sizeof(kNSSDER), kNSSBER,
683 sizeof(kNSSBER)));
684
685 return 1;
686}
687
688typedef struct {
689 uint64_t value;
690 const char *encoding;
691 size_t encoding_len;
692} ASN1_UINT64_TEST;
693
694static const ASN1_UINT64_TEST kAsn1Uint64Tests[] = {
695 {0, "\x02\x01\x00", 3},
696 {1, "\x02\x01\x01", 3},
697 {127, "\x02\x01\x7f", 3},
698 {128, "\x02\x02\x00\x80", 4},
699 {0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7},
700 {OPENSSL_U64(0x0102030405060708),
701 "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08", 10},
702 {OPENSSL_U64(0xffffffffffffffff),
703 "\x02\x09\x00\xff\xff\xff\xff\xff\xff\xff\xff", 11},
704};
705
706typedef struct {
707 const char *encoding;
708 size_t encoding_len;
709} ASN1_INVALID_UINT64_TEST;
710
711static const ASN1_INVALID_UINT64_TEST kAsn1InvalidUint64Tests[] = {
712 /* Bad tag. */
713 {"\x03\x01\x00", 3},
714 /* Empty contents. */
715 {"\x02\x00", 2},
716 /* Negative number. */
717 {"\x02\x01\x80", 3},
718 /* Overflow. */
719 {"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
720 /* Leading zeros. */
721 {"\x02\x02\x00\x01", 4},
722};
723
724static int
725test_asn1_uint64(void)
726{
727 CBB cbb;
728 uint8_t *out = NULL;
729 size_t i;
730 int ret = 0;
731 int alloc = 0;
732
733 for (i = 0; i < sizeof(kAsn1Uint64Tests) / sizeof(kAsn1Uint64Tests[0]);
734 i++) {
735 const ASN1_UINT64_TEST *test = &kAsn1Uint64Tests[i];
736 CBS cbs;
737 uint64_t value;
738 size_t len;
739
740 CBS_init(&cbs, (const uint8_t *)test->encoding,
741 test->encoding_len);
742
743 CHECK(CBS_get_asn1_uint64(&cbs, &value));
744 CHECK(CBS_len(&cbs) == 0);
745 CHECK(value == test->value);
746
747 CHECK(CBB_init(&cbb, 0));
748 alloc = 1;
749 CHECK_GOTO(CBB_add_asn1_uint64(&cbb, test->value));
750 CHECK_GOTO(CBB_finish(&cbb, &out, &len));
751 alloc = 0;
752
753 CHECK_GOTO(len == test->encoding_len);
754 CHECK_GOTO(memcmp(out, test->encoding, len) == 0);
755 free(out);
756 out = NULL;
757 }
758
759 for (i = 0; i < sizeof(kAsn1InvalidUint64Tests)
760 / sizeof(kAsn1InvalidUint64Tests[0]); i++) {
761 const ASN1_INVALID_UINT64_TEST *test =
762 &kAsn1InvalidUint64Tests[i];
763 CBS cbs;
764 uint64_t value;
765
766 CBS_init(&cbs, (const uint8_t *)test->encoding,
767 test->encoding_len);
768 CHECK(!CBS_get_asn1_uint64(&cbs, &value));
769 }
770
771 ret = 1;
772
773 if (0) {
774err:
775 if (alloc)
776 CBB_cleanup(&cbb);
777 }
778 free(out);
779
780 return ret;
781}
782
783static int
784test_offset(void)
785{
786 uint8_t v;
787 static const uint8_t input[] = {1, 2, 3, 4, 5};
788 CBS data;
789
790 CBS_init(&data, input, sizeof(input));
791 CHECK(sizeof(input) == 5);
792 CHECK(CBS_len(&data) == 5);
793 CHECK(CBS_offset(&data) == 0);
794 CHECK(CBS_get_u8(&data, &v));
795 CHECK(v == 1);
796 CHECK(CBS_len(&data) == 4);
797 CHECK(CBS_offset(&data) == 1);
798 CHECK(CBS_skip(&data, 2));
799 CHECK(CBS_len(&data) == 2);
800 CHECK(CBS_offset(&data) == 3);
801 CHECK(CBS_get_u8(&data, &v));
802 CHECK(v == 4);
803 CHECK(CBS_get_u8(&data, &v));
804 CHECK(v == 5);
805 CHECK(CBS_len(&data) == 0);
806 CHECK(CBS_offset(&data) == 5);
807 CHECK(!CBS_skip(&data, 1));
808
809 CBS_init(&data, input, sizeof(input));
810 CHECK(CBS_skip(&data, 2));
811 CHECK(CBS_len(&data) == 3);
812 CHECK(CBS_offset(&data) == 2);
813 CHECK(CBS_skip(&data, 3));
814 CHECK(CBS_len(&data) == 0);
815 CHECK(CBS_offset(&data) == 5);
816 CHECK(!CBS_get_u8(&data, &v));
817
818 return 1;
819}
820
821static int
822test_write_bytes(void)
823{
824 int ret = 0;
825 uint8_t v;
826 size_t len;
827 static const uint8_t input[] = {'f', 'o', 'o', 'b', 'a', 'r'};
828 CBS data;
829 uint8_t *tmp = NULL;
830
831 CHECK_GOTO((tmp = malloc(sizeof(input))) != NULL);
832 memset(tmp, 100, sizeof(input));
833
834 CBS_init(&data, input, sizeof(input));
835 CHECK_GOTO(CBS_len(&data) == 6);
836 CHECK_GOTO(CBS_offset(&data) == 0);
837 CHECK_GOTO(CBS_get_u8(&data, &v));
838 CHECK_GOTO(v == 102 /* f */);
839 CHECK_GOTO(CBS_skip(&data, 1));
840 CHECK_GOTO(!CBS_skip(&data, 15));
841 CHECK_GOTO(CBS_write_bytes(&data, tmp, sizeof(input), &len));
842 CHECK_GOTO(len == 4);
843 CHECK_GOTO(memcmp(input + 2, tmp, len) == 0);
844 CHECK_GOTO(tmp[4] == 100 && tmp[5] == 100);
845
846 ret = 1;
847
848err:
849 free(tmp);
850 return ret;
851}
852
853static int
854test_cbs_dup(void)
855{
856 CBS data, check;
857 static const uint8_t input[] = {'f', 'o', 'o', 'b', 'a', 'r'};
858
859 CBS_init(&data, input, sizeof(input));
860 CHECK(CBS_len(&data) == 6);
861 CBS_dup(&data, &check);
862 CHECK(CBS_len(&check) == 6);
863 CHECK(CBS_data(&data) == CBS_data(&check));
864 CHECK(CBS_skip(&data, 1));
865 CHECK(CBS_len(&data) == 5);
866 CHECK(CBS_len(&check) == 6);
867 CHECK(CBS_data(&data) == CBS_data(&check) + 1);
868 CHECK(CBS_skip(&check, 1));
869 CHECK(CBS_len(&data) == 5);
870 CHECK(CBS_len(&check) == 5);
871 CHECK(CBS_data(&data) == CBS_data(&check));
872 CHECK(CBS_offset(&data) == 1);
873 CHECK(CBS_offset(&check) == 1);
874
875 CBS_init(&data, input, sizeof(input));
876 CHECK(CBS_skip(&data, 5));
877 CBS_dup(&data, &check);
878 CHECK(CBS_len(&data) == 1);
879 CHECK(CBS_len(&check) == 1);
880 CHECK(CBS_data(&data) == input + 5);
881 CHECK(CBS_data(&data) == CBS_data(&check));
882 CHECK(CBS_offset(&data) == 5);
883 CHECK(CBS_offset(&check) == 5);
884
885 return 1;
886}
887
888int
889main(void)
890{
891 int failed = 0;
892
893 failed |= !test_skip();
894 failed |= !test_get_u();
895 failed |= !test_get_prefixed();
896 failed |= !test_get_prefixed_bad();
897 failed |= !test_get_asn1();
898 failed |= !test_cbb_basic();
899 failed |= !test_cbb_add_space();
900 failed |= !test_cbb_fixed();
901 failed |= !test_cbb_finish_child();
902 failed |= !test_cbb_discard_child();
903 failed |= !test_cbb_misuse();
904 failed |= !test_cbb_prefixed();
905 failed |= !test_cbb_asn1();
906 failed |= !test_indefinite_convert();
907 failed |= !test_asn1_uint64();
908 failed |= !test_get_optional_asn1_bool();
909 failed |= !test_offset();
910 failed |= !test_write_bytes();
911 failed |= !test_cbs_dup();
912
913 if (!failed)
914 printf("PASS\n");
915 return failed;
916}
diff --git a/src/regress/lib/libssl/certs/ca.pem b/src/regress/lib/libssl/certs/ca.pem
deleted file mode 100644
index 07f9b3fddb..0000000000
--- a/src/regress/lib/libssl/certs/ca.pem
+++ /dev/null
@@ -1,45 +0,0 @@
1-----BEGIN CERTIFICATE-----
2MIIDtjCCAp6gAwIBAgIJAJz/hGfwYXLrMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
3BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
4VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
5QTAeFw0xNDA1MjQxNDQ1MTFaFw0yNDA1MjExNDQ1MTFaMGgxCzAJBgNVBAYTAlVL
6MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
7VVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBDQTCCASIw
8DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMaarigKGOra5Mc/LrhOkcmHzDs
9vkYL7dfaaht8fLBKRTYwzSBvO9x54koTWjq7HkbaxkYAg3HnDTkNCyzkGKNdM89H
10q/PtGIFFlceQIOat3Kjd05Iw3PtLEWTDjT6FMA9Mkjk/XbpmycqRIwNKtgICoFsG
11juIpc4P31kxK7i3ri+JnlyvVmRZjJxrheJB0qHGXilrOVDPOliDn//jXbcyzXemu
12R8KgAeQM4IIs9jYHJOgHrTItIpwa9wNTEp9KCGkO6xr20NkKyDp6XRyd+hmnUB7r
1377WTptvKPFFTjTDFqEtcif9U2kVkCfn2mSRO8noCbVH++fuR8LMWlD99gt8CAwEA
14AaNjMGEwHQYDVR0OBBYEFIwZD9dCMXcFBuHTsZ/rOft4cTpFMB8GA1UdIwQYMBaA
15FIwZD9dCMXcFBuHTsZ/rOft4cTpFMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
16BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQCPfqm4KbYtXEB8aP1RdUH2BkPSjyau
17WQLMGfKNF/zkUQue0REgdJ4wVR06NTTlOCsfHC6b68vgz2QFC1mM8ZANgDiyr4M1
186gjvP0eZQVxokJ3EMzjDMFRHIiFrZZAFr7aGq8dxoruuehovqyehuJRakAe0oNUb
194ZTKrGuTKh9Mwti9721XNFByjeTFL2dlH6ulz7qyfI+lrTi+pNsUchuVYE8a1TP3
20OEiG6whsyPU1YoTlemC1mvW0ixtj8Tcem0KyotCUyOmJlwyWj0bA43sCI6z/OVqJ
21tVvwgfqrOeVNk9nN2JslCsttnwstwqUfDoEXFoScej2CT0QezFGPTN21
22-----END CERTIFICATE-----
23-----BEGIN CERTIFICATE-----
24MIIDvjCCAqagAwIBAgIJAPrXr2k7uM/OMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
25BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
26VElORyBQVVJQT1NFUyBPTkxZMR0wGwYDVQQDDBRPcGVuU1NMIFRlc3QgUm9vdCBD
27QTAeFw0xNDA1MjQxNDQ1MTFaFw0yNDA1MDExNDQ1MTFaMHAxCzAJBgNVBAYTAlVL
28MRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVTVElORyBQ
29VVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJtZWRpYXRl
30IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsErw75CmLYD6pkrG
31W/YhAl/K8L5wJYxDjqu2FghxjD8K308W3EHq4uBxEwR1OHXaM1+6ZZw7/r2I37VL
32IdurBEAIEUdbzx0so74FPawgz5EW2CTqoJnK8F71/vo5Kj1VPwW46CxwxUR3cfvJ
33GNXND2ip0TcyTSPLROXOyQakcVfIGJmdSa1wHKi+c2gMA4emADudZUOYLrg80gr2
34ldePm07ynbVsKKzCcStw8MdmoW9Qt3fLnPJn2TFUUBNWj+4kvL+88edWCVQXKNds
35ysD/CDrH4W/hjyPDStVsM6XpiNU0+L2ZY6fcj3OP8d0goOx45xotMn9m8hNkCGsr
36VXx9IwIDAQABo2MwYTAdBgNVHQ4EFgQUNsNsiOeV/rC97M4+PYarIYGH2towHwYD
37VR0jBBgwFoAUjBkP10IxdwUG4dOxn+s5+3hxOkUwDwYDVR0TAQH/BAUwAwEB/zAO
38BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAAIwwR8jyFN6qYGIRAKi
39ahyeHd26hNPC4RiCvjz6dytuvDUqfMTUZcjBy6Ez1Wsfs1/PC8u3IDpOTwZSz72K
40ACQzPpmXREWkO5nx8I+W+94yJsbklhsTxDlZj3X2oJCQ7qO4hdIpYESWfMchYra9
415e55SMBXeGDp+uRILt+6UfOXCGaXaoYqyrzQROJAiGy1x96A/5sU6ZU3KdKN1JLM
42XTZ268ihubCMRVScHnpYUjRDoGrhnQM7007ybVfRUGNXDs+ENqjGfyxc5ScR+Un4
43UQtOd4zD2g9wrdXvlDiqxci6W7IOEPVP6qHG2GIh+T2zpO3GOAuZCe5cjLiCDATs
44hNw=
45-----END CERTIFICATE-----
diff --git a/src/regress/lib/libssl/certs/client.pem b/src/regress/lib/libssl/certs/client.pem
deleted file mode 100644
index ce4bf49ce6..0000000000
--- a/src/regress/lib/libssl/certs/client.pem
+++ /dev/null
@@ -1,51 +0,0 @@
1subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Client Cert
2issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
3-----BEGIN CERTIFICATE-----
4MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eTMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
5BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
6VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
7ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMVoXDTI0MDQwMTE0NDUxMVowZDELMAkG
8A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
9RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgQ2xpZW50IENlcnQw
10ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ranbHRLcLVqN+0BzcZpY
11+yOLqxzDWT1LD9eW1stC4NzXX9/DCtSIVyN7YIHdGLrIPr64IDdXXaMRzgZ2rOKs
12lmHCAiFpO/ja99gGCJRxH0xwQatqAULfJVHeUhs7OEGOZc2nWifjqKvGfNTilP7D
13nwi69ipQFq9oS19FmhwVHk2wg7KZGHI1qDyG04UrfCZMRitvS9+UVhPpIPjuiBi2
14x3/FZIpL5gXJvvFK6xHY63oq2asyzBATntBgnP4qJFWWcvRx24wF1PnZabxuVoL2
15bPnQ/KvONDrw3IdqkKhYNTul7jEcu3OlcZIMw+7DiaKJLAzKb/bBF5gm/pwW6As9
16AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG
17+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
18AQUFAAOCAQEAJzA4KTjkjXGSC4He63yX9Br0DneGBzjAwc1H6f72uqnCs8m7jgkE
19PQJFdTzQUKh97QPUuayZ2gl8XHagg+iWGy60Kw37gQ0+lumCN2sllvifhHU9R03H
20bWtS4kue+yQjMbrzf3zWygMDgwvFOUAIgBpH9qGc+CdNu97INTYd0Mvz51vLlxRn
21sC5aBYCWaZFnw3lWYxf9eVFRy9U+DkYFqX0LpmbDtcKP7AZGE6ZwSzaim+Cnoz1u
22Cgn+QmpFXgJKMFIZ82iSZISn+JkCCGxctZX1lMvai4Wi8Y0HxW9FTFZ6KBNwwE4B
23zjbN/ehBkgLlW/DWfi44DvwUHmuU6QP3cw==
24-----END CERTIFICATE-----
25-----BEGIN RSA PRIVATE KEY-----
26MIIEpQIBAAKCAQEAtK2p2x0S3C1ajftAc3GaWPsji6scw1k9Sw/XltbLQuDc11/f
27wwrUiFcje2CB3Ri6yD6+uCA3V12jEc4GdqzirJZhwgIhaTv42vfYBgiUcR9McEGr
28agFC3yVR3lIbOzhBjmXNp1on46irxnzU4pT+w58IuvYqUBavaEtfRZocFR5NsIOy
29mRhyNag8htOFK3wmTEYrb0vflFYT6SD47ogYtsd/xWSKS+YFyb7xSusR2Ot6Ktmr
30MswQE57QYJz+KiRVlnL0cduMBdT52Wm8blaC9mz50PyrzjQ68NyHapCoWDU7pe4x
31HLtzpXGSDMPuw4miiSwMym/2wReYJv6cFugLPQIDAQABAoIBAAZOyc9MhIwLSU4L
32p4RgQvM4UVVe8/Id+3XTZ8NsXExJbWxXfIhiqGjaIfL8u4vsgRjcl+v1s/jo2/iT
33KMab4o4D8gXD7UavQVDjtjb/ta79WL3SjRl2Uc9YjjMkyq6WmDNQeo2NKDdafCTB
341uzSJtLNipB8Z53ELPuHJhxX9QMHrMnuha49riQgXZ7buP9iQrHJFhImBjSzbxJx
35L+TI6rkyLSf9Wi0Pd3L27Ob3QWNfNRYNSeTE+08eSRChkur5W0RuXAcuAICdQlCl
36LBvWO/LmmvbzCqiDcgy/TliSb6CGGwgiNG7LJZmlkYNj8laGwalNlYZs3UrVv6NO
37Br2loAECgYEA2kvCvPGj0Dg/6g7WhXDvAkEbcaL1tSeCxBbNH+6HS2UWMWvyTtCn
38/bbD519QIdkvayy1QjEf32GV/UjUVmlULMLBcDy0DGjtL3+XpIhLKWDNxN1v1/ai
391oz23ZJCOgnk6K4qtFtlRS1XtynjA+rBetvYvLP9SKeFrnpzCgaA2r0CgYEA0+KX
401ACXDTNH5ySX3kMjSS9xdINf+OOw4CvPHFwbtc9aqk2HePlEsBTz5I/W3rKwXva3
41NqZ/bRqVVeZB/hHKFywgdUQk2Uc5z/S7Lw70/w1HubNTXGU06Ngb6zOFAo/o/TwZ
42zTP1BMIKSOB6PAZPS3l+aLO4FRIRotfFhgRHOoECgYEAmiZbqt8cJaJDB/5YYDzC
43mp3tSk6gIb936Q6M5VqkMYp9pIKsxhk0N8aDCnTU+kIK6SzWBpr3/d9Ecmqmfyq7
445SvWO3KyVf0WWK9KH0abhOm2BKm2HBQvI0DB5u8sUx2/hsvOnjPYDISbZ11t0MtK
45u35Zy89yMYcSsIYJjG/ROCUCgYEAgI2P9G5PNxEP5OtMwOsW84Y3Xat/hPAQFlI+
46HES+AzbFGWJkeT8zL2nm95tVkFP1sggZ7Kxjz3w7cpx7GX0NkbWSE9O+T51pNASV
47tN1sQ3p5M+/a+cnlqgfEGJVvc7iAcXQPa3LEi5h2yPR49QYXAgG6cifn3dDSpmwn
48SUI7PQECgYEApGCIIpSRPLAEHTGmP87RBL1smurhwmy2s/pghkvUkWehtxg0sGHh
49kuaqDWcskogv+QC0sVdytiLSz8G0DwcEcsHK1Fkyb8A+ayiw6jWJDo2m9+IF4Fww
501Te6jFPYDESnbhq7+TLGgHGhtwcu5cnb4vSuYXGXKupZGzoLOBbv1Zw=
51-----END RSA PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/certs/server.pem b/src/regress/lib/libssl/certs/server.pem
deleted file mode 100644
index 7412490f51..0000000000
--- a/src/regress/lib/libssl/certs/server.pem
+++ /dev/null
@@ -1,51 +0,0 @@
1subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
2issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
3-----BEGIN CERTIFICATE-----
4MIIDpTCCAo2gAwIBAgIJAPYm3GvOr5eUMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
5BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
6VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
7ZWRpYXRlIENBMB4XDTE0MDUyNDE0NDUxMloXDTI0MDQwMTE0NDUxMlowZDELMAkG
8A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
9RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
10ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
11KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
12R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
13vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
14TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
1541NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
16AgMBAAGjTjBMMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCwGCWCGSAGG
17+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
18AQUFAAOCAQEADfy8VrY5er5ebYLyiC1il5kVOuJHSf8aN5SciJz/VcifA1+Hl2Bu
19CfuizhP/kUdB9PTSj8ep9sL+5PBFl7CZJDO6Sxs5+qJe15XvLBP8UEdvc779plL6
20StUMJT0aU/MaqUZZCldC3G4CcbwzOzKSD5YzvxxIGspxBWRduZKKMOju/4aqK76p
21dwA/VGCve9mjft3LIrb0gSaPi5KmdGtpAjzW3H1+63DSqxCYb1oiPtUZBs4STwjh
22WPRmAEVR4RPCETM3Sth4C+bE0QMCGY12ctcbzhj7Xgo7LcSpqviq6JD8SPuU7ISL
23hy4NcnBBHJr9OV9WTLpmS9V9Vg6QmOpxQw==
24-----END CERTIFICATE-----
25-----BEGIN RSA PRIVATE KEY-----
26MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
27h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
28tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
29D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
30uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
31qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
32zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
33r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
34AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
355s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
36W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
37674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
38utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
39BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
404qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
41WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
42bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
436ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
444UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
45WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
46n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
47JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
48OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
49xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
50UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
51-----END RSA PRIVATE KEY-----
diff --git a/src/regress/lib/libssl/ciphers/Makefile b/src/regress/lib/libssl/ciphers/Makefile
deleted file mode 100644
index 2575db4df4..0000000000
--- a/src/regress/lib/libssl/ciphers/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2020/09/13 16:51:30 jsing Exp $
2
3PROG= cipherstest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ciphers/cipherstest.c b/src/regress/lib/libssl/ciphers/cipherstest.c
deleted file mode 100644
index c43939d4d5..0000000000
--- a/src/regress/lib/libssl/ciphers/cipherstest.c
+++ /dev/null
@@ -1,531 +0,0 @@
1/*
2 * Copyright (c) 2015, 2020 Joel Sing <jsing@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17#include <openssl/ssl.h>
18
19#include <err.h>
20#include <stdio.h>
21#include <string.h>
22
23int ssl3_num_ciphers(void);
24const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
25
26int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str);
27
28static inline int
29ssl_aes_is_accelerated(void)
30{
31#if defined(__i386__) || defined(__x86_64__)
32 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
33#else
34 return (0);
35#endif
36}
37
38static int
39check_cipher_order(void)
40{
41 unsigned long id, prev_id = 0;
42 const SSL_CIPHER *cipher;
43 int num_ciphers;
44 int i;
45
46 num_ciphers = ssl3_num_ciphers();
47
48 for (i = 1; i <= num_ciphers; i++) {
49 /*
50 * For some reason, ssl3_get_cipher() returns ciphers in
51 * reverse order.
52 */
53 if ((cipher = ssl3_get_cipher(num_ciphers - i)) == NULL) {
54 fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned "
55 "NULL\n", i);
56 return 1;
57 }
58 if ((id = SSL_CIPHER_get_id(cipher)) <= prev_id) {
59 fprintf(stderr, "FAIL: ssl3_ciphers is not sorted by "
60 "id - cipher %d (%lx) <= cipher %d (%lx)\n",
61 i, id, i - 1, prev_id);
62 return 1;
63 }
64 prev_id = id;
65 }
66
67 return 0;
68}
69
70static int
71cipher_find_test(void)
72{
73 STACK_OF(SSL_CIPHER) *ciphers;
74 const SSL_CIPHER *cipher;
75 unsigned char buf[2];
76 SSL_CTX *ssl_ctx = NULL;
77 SSL *ssl = NULL;
78 int ret = 1;
79 int i;
80
81 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
82 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
83 goto failure;
84 }
85 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
86 fprintf(stderr, "SSL_new() returned NULL\n");
87 goto failure;
88 }
89 if (!SSL_set_cipher_list(ssl, "ALL")) {
90 fprintf(stderr, "SSL_set_cipher_list failed\n");
91 goto failure;
92 }
93
94 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
95 fprintf(stderr, "no ciphers\n");
96 goto failure;
97 }
98
99 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
100 uint16_t cipher_value;
101
102 cipher = sk_SSL_CIPHER_value(ciphers, i);
103 cipher_value = SSL_CIPHER_get_value(cipher);
104
105 buf[0] = cipher_value >> 8;
106 buf[1] = cipher_value & 0xff;
107
108 if ((cipher = SSL_CIPHER_find(ssl, buf)) == NULL) {
109 fprintf(stderr,
110 "SSL_CIPHER_find() returned NULL for %s\n",
111 SSL_CIPHER_get_name(cipher));
112 goto failure;
113 }
114
115 if (SSL_CIPHER_get_value(cipher) != cipher_value) {
116 fprintf(stderr,
117 "got cipher with value 0x%x, want 0x%x\n",
118 SSL_CIPHER_get_value(cipher), cipher_value);
119 goto failure;
120 }
121 }
122
123 ret = 0;
124
125 failure:
126 SSL_CTX_free(ssl_ctx);
127 SSL_free(ssl);
128
129 return (ret);
130}
131
132static int
133cipher_get_by_value_tests(void)
134{
135 STACK_OF(SSL_CIPHER) *ciphers;
136 const SSL_CIPHER *cipher;
137 SSL_CTX *ssl_ctx = NULL;
138 SSL *ssl = NULL;
139 unsigned long id;
140 uint16_t value;
141 int ret = 1;
142 int i;
143
144 if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
145 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
146 goto failure;
147 }
148 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
149 fprintf(stderr, "SSL_new() returned NULL\n");
150 goto failure;
151 }
152
153 if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
154 fprintf(stderr, "no ciphers\n");
155 goto failure;
156 }
157
158 for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
159 cipher = sk_SSL_CIPHER_value(ciphers, i);
160
161 id = SSL_CIPHER_get_id(cipher);
162 if (SSL_CIPHER_get_by_id(id) == NULL) {
163 fprintf(stderr, "SSL_CIPHER_get_by_id() failed "
164 "for %s (0x%lx)\n", SSL_CIPHER_get_name(cipher),
165 id);
166 goto failure;
167 }
168
169 value = SSL_CIPHER_get_value(cipher);
170 if (SSL_CIPHER_get_by_value(value) == NULL) {
171 fprintf(stderr, "SSL_CIPHER_get_by_value() failed "
172 "for %s (0x%04hx)\n", SSL_CIPHER_get_name(cipher),
173 value);
174 goto failure;
175 }
176 }
177
178 ret = 0;
179
180 failure:
181 SSL_CTX_free(ssl_ctx);
182 SSL_free(ssl);
183
184 return (ret);
185}
186
187struct parse_ciphersuites_test {
188 const char *str;
189 const int want;
190 const unsigned long cids[32];
191};
192
193struct parse_ciphersuites_test parse_ciphersuites_tests[] = {
194 {
195 /* LibreSSL names. */
196 .str = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256",
197 .want = 1,
198 .cids = {
199 TLS1_3_CK_AES_256_GCM_SHA384,
200 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
201 TLS1_3_CK_AES_128_GCM_SHA256,
202 },
203 },
204 {
205 /* OpenSSL names. */
206 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256",
207 .want = 1,
208 .cids = {
209 TLS1_3_CK_AES_256_GCM_SHA384,
210 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
211 TLS1_3_CK_AES_128_GCM_SHA256,
212 },
213 },
214 {
215 /* Different priority order. */
216 .str = "AEAD-AES128-GCM-SHA256:AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
217 .want = 1,
218 .cids = {
219 TLS1_3_CK_AES_128_GCM_SHA256,
220 TLS1_3_CK_AES_256_GCM_SHA384,
221 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
222 },
223 },
224 {
225 /* Known but unsupported names. */
226 .str = "AEAD-AES256-GCM-SHA384:AEAD-AES128-CCM-SHA256:AEAD-AES128-CCM-8-SHA256",
227 .want = 1,
228 .cids = {
229 TLS1_3_CK_AES_256_GCM_SHA384,
230 },
231 },
232 {
233 /* Empty string means no TLSv1.3 ciphersuites. */
234 .str = "",
235 .want = 1,
236 .cids = { 0 },
237 },
238 {
239 .str = "TLS_CHACHA20_POLY1305_SHA256:TLS_NOT_A_CIPHERSUITE",
240 .want = 0,
241 },
242 {
243 .str = "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256",
244 .want = 0,
245 },
246};
247
248#define N_PARSE_CIPHERSUITES_TESTS \
249 (sizeof(parse_ciphersuites_tests) / sizeof(*parse_ciphersuites_tests))
250
251static int
252parse_ciphersuites_test(void)
253{
254 struct parse_ciphersuites_test *pct;
255 STACK_OF(SSL_CIPHER) *ciphers = NULL;
256 SSL_CIPHER *cipher;
257 int failed = 1;
258 int j, ret;
259 size_t i;
260
261 for (i = 0; i < N_PARSE_CIPHERSUITES_TESTS; i++) {
262 pct = &parse_ciphersuites_tests[i];
263
264 ret = ssl_parse_ciphersuites(&ciphers, pct->str);
265 if (ret != pct->want) {
266 fprintf(stderr, "FAIL: test %zu - "
267 "ssl_parse_ciphersuites returned %d, want %d\n",
268 i, ret, pct->want);
269 goto failed;
270 }
271 if (ret == 0)
272 continue;
273
274 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) {
275 cipher = sk_SSL_CIPHER_value(ciphers, j);
276 if (SSL_CIPHER_get_id(cipher) == pct->cids[j])
277 continue;
278 fprintf(stderr, "FAIL: test %zu - got cipher %d with "
279 "id %lx, want %lx\n", i, j,
280 SSL_CIPHER_get_id(cipher), pct->cids[j]);
281 goto failed;
282 }
283 if (pct->cids[j] != 0) {
284 fprintf(stderr, "FAIL: test %zu - got %d ciphers, "
285 "expected more", i, sk_SSL_CIPHER_num(ciphers));
286 goto failed;
287 }
288 }
289
290 failed = 0;
291
292 failed:
293 sk_SSL_CIPHER_free(ciphers);
294
295 return failed;
296}
297
298struct cipher_set_test {
299 int ctx_ciphersuites_first;
300 const char *ctx_ciphersuites;
301 const char *ctx_rulestr;
302 int ssl_ciphersuites_first;
303 const char *ssl_ciphersuites;
304 const char *ssl_rulestr;
305 int cids_aes_accel_fixup;
306 unsigned long cids[32];
307};
308
309struct cipher_set_test cipher_set_tests[] = {
310 {
311 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
312 .cids_aes_accel_fixup = 1,
313 .cids = {
314 TLS1_3_CK_AES_256_GCM_SHA384,
315 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
316 TLS1_3_CK_AES_128_GCM_SHA256,
317 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
318 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
319 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
320 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
321 },
322 },
323 {
324 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
325 .cids_aes_accel_fixup = 1,
326 .cids = {
327 TLS1_3_CK_AES_256_GCM_SHA384,
328 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
329 TLS1_3_CK_AES_128_GCM_SHA256,
330 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
331 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
332 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
333 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
334 },
335 },
336 {
337 .ctx_ciphersuites_first = 1,
338 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
339 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
340 .cids = {
341 TLS1_3_CK_AES_256_GCM_SHA384,
342 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
343 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
344 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
345 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
346 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
347 },
348 },
349 {
350 .ssl_ciphersuites_first = 1,
351 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
352 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
353 .cids = {
354 TLS1_3_CK_AES_256_GCM_SHA384,
355 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
356 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
357 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
358 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
359 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
360 },
361 },
362 {
363 .ctx_ciphersuites_first = 0,
364 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
365 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
366 .cids = {
367 TLS1_3_CK_AES_256_GCM_SHA384,
368 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
369 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
370 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
371 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
372 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
373 },
374 },
375 {
376 .ssl_ciphersuites_first = 0,
377 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
378 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
379 .cids = {
380 TLS1_3_CK_AES_256_GCM_SHA384,
381 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
382 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
383 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
384 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
385 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
386 },
387 },
388 {
389 .ssl_ciphersuites_first = 1,
390 .ssl_ciphersuites = "",
391 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
392 .cids = {
393 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
394 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
395 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
396 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
397 },
398 },
399 {
400 .ssl_ciphersuites_first = 0,
401 .ssl_ciphersuites = "",
402 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
403 .cids = {
404 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
405 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
406 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
407 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
408 },
409 },
410 {
411 .ctx_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
412 .ssl_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
413 .cids = {
414 TLS1_3_CK_AES_256_GCM_SHA384,
415 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
416 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
417 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
418 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
419 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
420 },
421 },
422 {
423 .ctx_rulestr = "TLSv1.2+ECDHE+AEAD+AES",
424 .ssl_ciphersuites = "AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256",
425 .cids = {
426 TLS1_3_CK_AES_256_GCM_SHA384,
427 TLS1_3_CK_CHACHA20_POLY1305_SHA256,
428 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
429 TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
430 TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
431 TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
432 },
433 },
434};
435
436#define N_CIPHER_SET_TESTS \
437 (sizeof(cipher_set_tests) / sizeof(*cipher_set_tests))
438
439static int
440cipher_set_test(void)
441{
442 struct cipher_set_test *cst;
443 STACK_OF(SSL_CIPHER) *ciphers = NULL;
444 SSL_CIPHER *cipher;
445 SSL_CTX *ctx = NULL;
446 SSL *ssl = NULL;
447 int failed = 0;
448 size_t i;
449 int j;
450
451 for (i = 0; i < N_CIPHER_SET_TESTS; i++) {
452 cst = &cipher_set_tests[i];
453
454 if (!ssl_aes_is_accelerated() && cst->cids_aes_accel_fixup) {
455 cst->cids[0] = TLS1_3_CK_CHACHA20_POLY1305_SHA256;
456 cst->cids[1] = TLS1_3_CK_AES_256_GCM_SHA384;
457 }
458
459 if ((ctx = SSL_CTX_new(TLS_method())) == NULL)
460 errx(1, "SSL_CTX_new");
461
462 if (cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) {
463 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites))
464 errx(1, "SSL_CTX_set_ciphersuites");
465 }
466 if (cst->ctx_rulestr != NULL) {
467 if (!SSL_CTX_set_cipher_list(ctx, cst->ctx_rulestr))
468 errx(1, "SSL_CTX_set_cipher_list");
469 }
470 if (!cst->ctx_ciphersuites_first && cst->ctx_ciphersuites != NULL) {
471 if (!SSL_CTX_set_ciphersuites(ctx, cst->ctx_ciphersuites))
472 errx(1, "SSL_CTX_set_ciphersuites");
473 }
474
475 /* XXX - check SSL_CTX_get_ciphers(ctx) */
476
477 if ((ssl = SSL_new(ctx)) == NULL)
478 errx(1, "SSL_new");
479
480 if (cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) {
481 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites))
482 errx(1, "SSL_set_ciphersuites");
483 }
484 if (cst->ssl_rulestr != NULL) {
485 if (!SSL_set_cipher_list(ssl, cst->ssl_rulestr))
486 errx(1, "SSL_set_cipher_list");
487 }
488 if (!cst->ssl_ciphersuites_first && cst->ssl_ciphersuites != NULL) {
489 if (!SSL_set_ciphersuites(ssl, cst->ssl_ciphersuites))
490 errx(1, "SSL_set_ciphersuites");
491 }
492
493 ciphers = SSL_get_ciphers(ssl);
494
495 for (j = 0; j < sk_SSL_CIPHER_num(ciphers); j++) {
496 cipher = sk_SSL_CIPHER_value(ciphers, j);
497 if (SSL_CIPHER_get_id(cipher) == cst->cids[j])
498 continue;
499 fprintf(stderr, "FAIL: test %zu - got cipher %d with "
500 "id %lx, want %lx\n", i, j,
501 SSL_CIPHER_get_id(cipher), cst->cids[j]);
502 failed |= 1;
503 }
504 if (cst->cids[j] != 0) {
505 fprintf(stderr, "FAIL: test %zu - got %d ciphers, "
506 "expected more", i, sk_SSL_CIPHER_num(ciphers));
507 failed |= 1;
508 }
509
510 SSL_CTX_free(ctx);
511 SSL_free(ssl);
512 }
513
514 return failed;
515}
516
517int
518main(int argc, char **argv)
519{
520 int failed = 0;
521
522 failed |= check_cipher_order();
523
524 failed |= cipher_find_test();
525 failed |= cipher_get_by_value_tests();
526
527 failed |= parse_ciphersuites_test();
528 failed |= cipher_set_test();
529
530 return (failed);
531}
diff --git a/src/regress/lib/libssl/client/Makefile b/src/regress/lib/libssl/client/Makefile
deleted file mode 100644
index 4f99f0e97c..0000000000
--- a/src/regress/lib/libssl/client/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2015/09/01 17:02:18 jsing Exp $
2
3PROG= clienttest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
deleted file mode 100644
index 2efe676a9d..0000000000
--- a/src/regress/lib/libssl/client/clienttest.c
+++ /dev/null
@@ -1,740 +0,0 @@
1/* $OpenBSD: clienttest.c,v 1.33 2021/06/27 17:13:23 jsing Exp $ */
2/*
3 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <openssl/dtls1.h>
21#include <openssl/ssl3.h>
22
23#include <err.h>
24#include <stdio.h>
25#include <string.h>
26
27#define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
28#define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2)
29#define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38)
30
31#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
32#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)
33#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)
34
35#define TLS13_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)
36#define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
37#define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
38#define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
39#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 194)
40#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 98)
41
42#define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
43
44static const uint8_t cipher_list_dtls1[] = {
45 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
46 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
47 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
48 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08,
49 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
50};
51
52static const uint8_t client_hello_dtls1[] = {
53 0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
54 0x00, 0x00, 0x00, 0x00, 0x74, 0x01, 0x00, 0x00,
55 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
56 0x68, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
57 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
60 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xc0,
61 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00,
62 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0,
63 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00,
64 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00,
65 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00,
66 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
67 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
68 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00,
69 0x00,
70};
71
72static const uint8_t cipher_list_dtls12_aes[] = {
73 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
74 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
75 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
76 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
77 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
78 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
79 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
80 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
81 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
82 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
83 0x00, 0x0a, 0x00, 0xff
84};
85
86static const uint8_t cipher_list_dtls12_chacha[] = {
87 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
88 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
89 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
90 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
91 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
92 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
93 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
94 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
95 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
96 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
97 0x00, 0x0a, 0x00, 0xff,
98};
99
100static const uint8_t client_hello_dtls12[] = {
101 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
102 0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00,
103 0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104 0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
105 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
107 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
108 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0,
109 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
110 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
111 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff,
112 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00,
113 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00,
114 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0,
115 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00,
116 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00,
117 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00,
118 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00,
119 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00,
120 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00,
121 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00,
122 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00,
123 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
124 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
125 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
126 0x01, 0x02, 0x03,
127};
128
129static const uint8_t cipher_list_tls10[] = {
130 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
131 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
132 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
133 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
134 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
135 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
136};
137
138static const uint8_t client_hello_tls10[] = {
139 0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00,
140 0x6f, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
141 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
142 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
143 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
144 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14,
145 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
146 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
147 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
148 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
149 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
150 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18,
151 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
152 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
153 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
154};
155
156static const uint8_t cipher_list_tls11[] = {
157 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
158 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
159 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45,
160 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
161 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,
162 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
163};
164
165static const uint8_t client_hello_tls11[] = {
166 0x16, 0x03, 0x01, 0x00, 0x73, 0x01, 0x00, 0x00,
167 0x6f, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00,
168 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
169 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
170 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
171 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0xc0, 0x14,
172 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88,
173 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
174 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f,
175 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
176 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
177 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x18,
178 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a,
179 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17,
180 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00,
181};
182
183static const uint8_t cipher_list_tls12_aes[] = {
184 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
185 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
186 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
187 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
188 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
189 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
190 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
191 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
192 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
193 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
194 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
195 0x00, 0x0a, 0x00, 0xff,
196};
197
198static const uint8_t cipher_list_tls12_chacha[] = {
199 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
200 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
201 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
202 0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
203 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
204 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
205 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
206 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
207 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
208 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05,
209 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
210 0x00, 0x0a, 0x00, 0xff,
211};
212
213static const uint8_t client_hello_tls12[] = {
214 0x16, 0x03, 0x01, 0x00, 0xbd, 0x01, 0x00, 0x00,
215 0xb9, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
216 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
217 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
218 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
219 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0xc0, 0x30,
220 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
221 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
222 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
223 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
224 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
225 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
226 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
227 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
228 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
229 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
230 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
231 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00, 0x0b,
232 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a,
233 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18,
234 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d,
235 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06, 0x01,
236 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05, 0x03,
237 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02, 0x01,
238 0x02, 0x03,
239};
240
241static const uint8_t cipher_list_tls13_aes[] = {
242 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30,
243 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
244 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
245 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff, 0x85,
246 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
247 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
248 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
249 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
250 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
251 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
252 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
253 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
254 0x00, 0xff
255};
256
257static const uint8_t cipher_list_tls13_chacha[] = {
258 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9,
259 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c,
260 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
261 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85,
262 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d,
263 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,
264 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,
265 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67,
266 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c,
267 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41,
268 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04,
269 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a,
270 0x00, 0xff,
271};
272
273static const uint8_t client_hello_tls13[] = {
274 0x16, 0x03, 0x01, 0x01, 0x1a, 0x01, 0x00, 0x01,
275 0x16, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
276 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
277 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
278 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
279 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
280 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
281 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
282 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
283 0x00, 0x00, 0x00, 0x00, 0x00, 0x62, 0x13, 0x03,
284 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8,
285 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28,
286 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f,
287 0x00, 0x6b, 0x00, 0x39, 0xff, 0x85, 0x00, 0xc4,
288 0x00, 0x88, 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d,
289 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
290 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
291 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33,
292 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c,
293 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11,
294 0xc0, 0x07, 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12,
295 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff,
296 0x01, 0x00, 0x00, 0x6b, 0x00, 0x2b, 0x00, 0x09,
297 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 0x02, 0x03,
298 0x01, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00,
299 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
300 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
301 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
302 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
303 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
304 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
305 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
306 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00,
307 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
308 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
309 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
310};
311
312static const uint8_t cipher_list_tls13_only_aes[] = {
313 0x13, 0x02, 0x13, 0x03, 0x13, 0x01,
314};
315
316static const uint8_t cipher_list_tls13_only_chacha[] = {
317 0x13, 0x03, 0x13, 0x02, 0x13, 0x01,
318};
319
320static const uint8_t client_hello_tls13_only[] = {
321 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00,
322 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
323 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
324 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
325 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
326 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
327 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
328 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
329 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
330 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03,
331 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00,
332 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03,
333 0x04, 0x00, 0x33, 0x00, 0x26, 0x00, 0x24, 0x00,
334 0x1d, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00,
335 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
338 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01,
339 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
340 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
341 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
342 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
343 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
344 0x01, 0x04, 0x03,
345};
346
347struct client_hello_test {
348 const char *desc;
349 const int protocol;
350 const size_t random_start;
351 const size_t session_start;
352 const size_t key_share_start;
353 const SSL_METHOD *(*ssl_method)(void);
354 const long ssl_options;
355};
356
357static const struct client_hello_test client_hello_tests[] = {
358 {
359 .desc = "DTLSv1 client method",
360 .protocol = DTLS1_VERSION,
361 .random_start = DTLS_RANDOM_OFFSET,
362 .ssl_method = DTLSv1_client_method,
363 },
364 {
365 .desc = "DTLSv1.2 client method",
366 .protocol = DTLS1_2_VERSION,
367 .random_start = DTLS_RANDOM_OFFSET,
368 .ssl_method = DTLSv1_2_client_method,
369 },
370 {
371 .desc = "DTLS client method",
372 .protocol = DTLS1_2_VERSION,
373 .random_start = DTLS_RANDOM_OFFSET,
374 .ssl_method = DTLS_client_method,
375 },
376 {
377 .desc = "DTLS client method (no DTLSv1.2)",
378 .protocol = DTLS1_VERSION,
379 .random_start = DTLS_RANDOM_OFFSET,
380 .ssl_method = DTLS_client_method,
381 .ssl_options = SSL_OP_NO_DTLSv1_2,
382 },
383 {
384 .desc = "DTLS client method (no DTLSv1.0)",
385 .protocol = DTLS1_2_VERSION,
386 .random_start = DTLS_RANDOM_OFFSET,
387 .ssl_method = DTLS_client_method,
388 .ssl_options = SSL_OP_NO_DTLSv1,
389 },
390 {
391 .desc = "TLSv1 client method",
392 .protocol = TLS1_VERSION,
393 .random_start = SSL3_RANDOM_OFFSET,
394 .ssl_method = TLSv1_client_method,
395 },
396 {
397 .desc = "TLSv1_1 client method",
398 .protocol = TLS1_1_VERSION,
399 .random_start = SSL3_RANDOM_OFFSET,
400 .ssl_method = TLSv1_1_client_method,
401 },
402 {
403 .desc = "TLSv1_2 client method",
404 .protocol = TLS1_2_VERSION,
405 .random_start = SSL3_RANDOM_OFFSET,
406 .ssl_method = TLSv1_2_client_method,
407 },
408 {
409 .desc = "SSLv23 default",
410 .protocol = TLS1_3_VERSION,
411 .random_start = TLS13_RANDOM_OFFSET,
412 .session_start = TLS13_SESSION_OFFSET,
413 .key_share_start = TLS13_KEY_SHARE_OFFSET,
414 .ssl_method = SSLv23_client_method,
415 .ssl_options = 0,
416 },
417 {
418 .desc = "SSLv23 default (no TLSv1.3)",
419 .protocol = TLS1_2_VERSION,
420 .random_start = SSL3_RANDOM_OFFSET,
421 .ssl_method = SSLv23_client_method,
422 .ssl_options = SSL_OP_NO_TLSv1_3,
423 },
424 {
425 .desc = "SSLv23 (no TLSv1.2)",
426 .protocol = TLS1_1_VERSION,
427 .random_start = SSL3_RANDOM_OFFSET,
428 .ssl_method = SSLv23_client_method,
429 .ssl_options = SSL_OP_NO_TLSv1_2,
430 },
431 {
432 .desc = "SSLv23 (no TLSv1.1)",
433 .protocol = TLS1_VERSION,
434 .random_start = SSL3_RANDOM_OFFSET,
435 .ssl_method = SSLv23_client_method,
436 .ssl_options = SSL_OP_NO_TLSv1_1,
437 },
438 {
439 .desc = "TLS default",
440 .protocol = TLS1_3_VERSION,
441 .random_start = TLS13_RANDOM_OFFSET,
442 .session_start = TLS13_SESSION_OFFSET,
443 .key_share_start = TLS13_KEY_SHARE_OFFSET,
444 .ssl_method = TLS_client_method,
445 .ssl_options = 0,
446 },
447 {
448 .desc = "TLS (no TLSv1.3)",
449 .protocol = TLS1_2_VERSION,
450 .random_start = SSL3_RANDOM_OFFSET,
451 .ssl_method = TLS_client_method,
452 .ssl_options = SSL_OP_NO_TLSv1_3,
453 },
454 {
455 .desc = "TLS (no TLSv1.2)",
456 .protocol = TLS1_1_VERSION,
457 .random_start = SSL3_RANDOM_OFFSET,
458 .ssl_method = TLS_client_method,
459 .ssl_options = SSL_OP_NO_TLSv1_2,
460 },
461 {
462 .desc = "TLS (no TLSv1.1)",
463 .protocol = TLS1_VERSION,
464 .random_start = SSL3_RANDOM_OFFSET,
465 .ssl_method = TLS_client_method,
466 .ssl_options = SSL_OP_NO_TLSv1_1,
467 },
468#if 0
469 /* XXX - build client hello with explicit versions extension. */
470 {
471 .desc = "TLS (no TLSv1.0, no TLSv1.1)",
472 .protocol = TLS1_3_VERSION,
473 .random_start = TLS13_RANDOM_OFFSET,
474 .session_start = TLS13_SESSION_OFFSET,
475 .key_share_start = TLS13_KEY_SHARE_OFFSET,
476 .ssl_method = TLS_client_method,
477 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
478 },
479#endif
480 {
481 .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)",
482 .protocol = TLS1_3_VERSION_ONLY,
483 .random_start = TLS13_RANDOM_OFFSET,
484 .session_start = TLS13_SESSION_OFFSET,
485 .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET,
486 .ssl_method = TLS_client_method,
487 .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
488 },
489};
490
491#define N_CLIENT_HELLO_TESTS \
492 (sizeof(client_hello_tests) / sizeof(*client_hello_tests))
493
494static void
495hexdump(const uint8_t *buf, size_t len, const uint8_t *compare)
496{
497 const char *mark = "";
498 size_t i;
499
500 for (i = 1; i <= len; i++) {
501 if (compare != NULL)
502 mark = (buf[i - 1] != compare[i - 1]) ? "*" : " ";
503 fprintf(stderr, " %s0x%02hhx,%s", mark, buf[i - 1],
504 i % 8 && i != len ? "" : "\n");
505 }
506 fprintf(stderr, "\n");
507}
508
509static inline int
510ssl_aes_is_accelerated(void)
511{
512#if defined(__i386__) || defined(__x86_64__)
513 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
514#else
515 return (0);
516#endif
517}
518
519static int
520make_client_hello(int protocol, char **out, size_t *outlen)
521{
522 size_t client_hello_len, cipher_list_len, cipher_list_offset;
523 const uint8_t *client_hello, *cipher_list;
524 char *p;
525
526 *out = NULL;
527 *outlen = 0;
528
529 switch (protocol) {
530 case DTLS1_VERSION:
531 client_hello = client_hello_dtls1;
532 client_hello_len = sizeof(client_hello_dtls1);
533 cipher_list = cipher_list_dtls1;
534 cipher_list_len = sizeof(cipher_list_dtls1);
535 cipher_list_offset = DTLS_CIPHER_OFFSET;
536 break;
537
538 case DTLS1_2_VERSION:
539 client_hello = client_hello_dtls12;
540 client_hello_len = sizeof(client_hello_dtls12);
541 cipher_list = cipher_list_dtls12_chacha;
542 cipher_list_len = sizeof(cipher_list_dtls12_chacha);
543 if (ssl_aes_is_accelerated()) {
544 cipher_list = cipher_list_dtls12_aes;
545 cipher_list_len = sizeof(cipher_list_dtls12_aes);
546 }
547 cipher_list_offset = DTLS_CIPHER_OFFSET;
548 break;
549
550 case TLS1_VERSION:
551 client_hello = client_hello_tls10;
552 client_hello_len = sizeof(client_hello_tls10);
553 cipher_list = cipher_list_tls10;
554 cipher_list_len = sizeof(cipher_list_tls10);
555 cipher_list_offset = SSL3_CIPHER_OFFSET;
556 break;
557
558 case TLS1_1_VERSION:
559 client_hello = client_hello_tls11;
560 client_hello_len = sizeof(client_hello_tls11);
561 cipher_list = cipher_list_tls11;
562 cipher_list_len = sizeof(cipher_list_tls11);
563 cipher_list_offset = SSL3_CIPHER_OFFSET;
564 break;
565
566 case TLS1_2_VERSION:
567 client_hello = client_hello_tls12;
568 client_hello_len = sizeof(client_hello_tls12);
569 cipher_list = cipher_list_tls12_chacha;
570 cipher_list_len = sizeof(cipher_list_tls12_chacha);
571 if (ssl_aes_is_accelerated()) {
572 cipher_list = cipher_list_tls12_aes;
573 cipher_list_len = sizeof(cipher_list_tls12_aes);
574 }
575 cipher_list_offset = SSL3_CIPHER_OFFSET;
576 break;
577
578 case TLS1_3_VERSION:
579 client_hello = client_hello_tls13;
580 client_hello_len = sizeof(client_hello_tls13);
581 cipher_list = cipher_list_tls13_chacha;
582 cipher_list_len = sizeof(cipher_list_tls13_chacha);
583 if (ssl_aes_is_accelerated()) {
584 cipher_list = cipher_list_tls13_aes;
585 cipher_list_len = sizeof(cipher_list_tls13_aes);
586 }
587 cipher_list_offset = TLS13_CIPHER_OFFSET;
588 break;
589
590 case TLS1_3_VERSION_ONLY:
591 client_hello = client_hello_tls13_only;
592 client_hello_len = sizeof(client_hello_tls13_only);
593 cipher_list = cipher_list_tls13_only_chacha;
594 cipher_list_len = sizeof(cipher_list_tls13_only_chacha);
595 if (ssl_aes_is_accelerated()) {
596 cipher_list = cipher_list_tls13_only_aes;
597 cipher_list_len = sizeof(cipher_list_tls13_only_aes);
598 }
599 cipher_list_offset = TLS13_CIPHER_OFFSET;
600 break;
601
602 default:
603 return (-1);
604 }
605
606 if ((p = malloc(client_hello_len)) == NULL)
607 return (-1);
608
609 memcpy(p, client_hello, client_hello_len);
610 memcpy(p + cipher_list_offset, cipher_list, cipher_list_len);
611
612 *out = p;
613 *outlen = client_hello_len;
614
615 return (0);
616}
617
618static int
619client_hello_test(int testno, const struct client_hello_test *cht)
620{
621 BIO *rbio = NULL, *wbio = NULL;
622 SSL_CTX *ssl_ctx = NULL;
623 SSL *ssl = NULL;
624 char *client_hello = NULL;
625 size_t client_hello_len;
626 size_t session_len;
627 char *wbuf, rbuf[1];
628 int ret = 1;
629 long len;
630
631 fprintf(stderr, "Test %i - %s\n", testno, cht->desc);
632
633 /* Providing a small buf causes *_get_server_hello() to return. */
634 if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {
635 fprintf(stderr, "Failed to setup rbio\n");
636 goto failure;
637 }
638 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
639 fprintf(stderr, "Failed to setup wbio\n");
640 goto failure;
641 }
642
643 if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) {
644 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
645 goto failure;
646 }
647
648 SSL_CTX_set_options(ssl_ctx, cht->ssl_options);
649
650 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
651 fprintf(stderr, "SSL_new() returned NULL\n");
652 goto failure;
653 }
654
655 rbio->references = 2;
656 wbio->references = 2;
657
658 SSL_set_bio(ssl, rbio, wbio);
659
660 if (SSL_connect(ssl) != 0) {
661 fprintf(stderr, "SSL_connect() returned non-zero\n");
662 goto failure;
663 }
664
665 len = BIO_get_mem_data(wbio, &wbuf);
666
667 if (make_client_hello(cht->protocol, &client_hello,
668 &client_hello_len) != 0)
669 errx(1, "failed to make client hello");
670
671 if ((size_t)len != client_hello_len) {
672 fprintf(stderr, "FAIL: test returned ClientHello length %li, "
673 "want %zu\n", len, client_hello_len);
674 fprintf(stderr, "received:\n");
675 hexdump(wbuf, len, NULL);
676 fprintf(stderr, "test data:\n");
677 hexdump(client_hello, client_hello_len, NULL);
678 fprintf(stderr, "\n");
679 goto failure;
680 }
681
682 /* We expect the client random to differ. */
683 if (memcmp(&client_hello[cht->random_start], &wbuf[cht->random_start],
684 SSL3_RANDOM_SIZE) == 0) {
685 fprintf(stderr, "FAIL: ClientHello has zeroed random\n");
686 goto failure;
687 }
688
689 memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE);
690
691 if (cht->session_start > 0) {
692 session_len = wbuf[cht->session_start];
693 if (session_len > 0)
694 memset(&wbuf[cht->session_start + 1], 0, session_len);
695 }
696 if (cht->key_share_start > 0)
697 memset(&wbuf[cht->key_share_start], 0, 32);
698
699 if (memcmp(client_hello, wbuf, client_hello_len) != 0) {
700 fprintf(stderr, "FAIL: ClientHello differs:\n");
701 fprintf(stderr, "received:\n");
702 hexdump(wbuf, len, client_hello);
703 fprintf(stderr, "test data:\n");
704 hexdump(client_hello, client_hello_len, wbuf);
705 fprintf(stderr, "\n");
706 goto failure;
707 }
708
709 ret = 0;
710
711 failure:
712 SSL_CTX_free(ssl_ctx);
713 SSL_free(ssl);
714
715 if (rbio != NULL)
716 rbio->references = 1;
717 if (wbio != NULL)
718 wbio->references = 1;
719
720 BIO_free(rbio);
721 BIO_free(wbio);
722
723 free(client_hello);
724
725 return (ret);
726}
727
728int
729main(int argc, char **argv)
730{
731 int failed = 0;
732 size_t i;
733
734 SSL_library_init();
735
736 for (i = 0; i < N_CLIENT_HELLO_TESTS; i++)
737 failed |= client_hello_test(i, &client_hello_tests[i]);
738
739 return (failed);
740}
diff --git a/src/regress/lib/libssl/dtls/Makefile b/src/regress/lib/libssl/dtls/Makefile
deleted file mode 100644
index 79ca4077d3..0000000000
--- a/src/regress/lib/libssl/dtls/Makefile
+++ /dev/null
@@ -1,19 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2021/06/19 17:11:34 jsing Exp $
2
3PROG= dtlstest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10REGRESS_TARGETS= \
11 regress-dtlstest
12
13regress-dtlstest: ${PROG}
14 ./dtlstest \
15 ${.CURDIR}/../../libssl/certs/server.pem \
16 ${.CURDIR}/../../libssl/certs/server.pem \
17 ${.CURDIR}/../../libssl/certs/ca.pem
18
19.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/dtls/dtlstest.c b/src/regress/lib/libssl/dtls/dtlstest.c
deleted file mode 100644
index 08424c1a4b..0000000000
--- a/src/regress/lib/libssl/dtls/dtlstest.c
+++ /dev/null
@@ -1,1072 +0,0 @@
1/* $OpenBSD: dtlstest.c,v 1.14 2021/06/19 18:28:51 tb Exp $ */
2/*
3 * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <netinet/in.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <limits.h>
23#include <poll.h>
24#include <unistd.h>
25
26#include <openssl/bio.h>
27#include <openssl/err.h>
28#include <openssl/ssl.h>
29
30#include "ssl_locl.h"
31
32const char *server_ca_file;
33const char *server_cert_file;
34const char *server_key_file;
35
36char dtls_cookie[32];
37
38int debug = 0;
39
40void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
41 uint16_t epoch);
42
43static void
44hexdump(const unsigned char *buf, size_t len)
45{
46 size_t i;
47
48 for (i = 1; i <= len; i++)
49 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
50
51 if (len % 8)
52 fprintf(stderr, "\n");
53}
54
55#define BIO_C_DELAY_COUNT 1000
56#define BIO_C_DELAY_FLUSH 1001
57#define BIO_C_DELAY_PACKET 1002
58#define BIO_C_DROP_PACKET 1003
59#define BIO_C_DROP_RANDOM 1004
60
61struct bio_packet_monkey_ctx {
62 unsigned int delay_count;
63 unsigned int delay_mask;
64 unsigned int drop_rand;
65 unsigned int drop_mask;
66 uint8_t *delayed_msg;
67 size_t delayed_msg_len;
68};
69
70static int
71bio_packet_monkey_new(BIO *bio)
72{
73 struct bio_packet_monkey_ctx *ctx;
74
75 if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
76 return 0;
77
78 bio->flags = 0;
79 bio->init = 1;
80 bio->num = 0;
81 bio->ptr = ctx;
82
83 return 1;
84}
85
86static int
87bio_packet_monkey_free(BIO *bio)
88{
89 struct bio_packet_monkey_ctx *ctx;
90
91 if (bio == NULL)
92 return 1;
93
94 ctx = bio->ptr;
95 free(ctx->delayed_msg);
96 free(ctx);
97
98 return 1;
99}
100
101static int
102bio_packet_monkey_delay_flush(BIO *bio)
103{
104 struct bio_packet_monkey_ctx *ctx = bio->ptr;
105
106 if (ctx->delayed_msg == NULL)
107 return 1;
108
109 if (debug)
110 fprintf(stderr, "DEBUG: flushing delayed packet...\n");
111 if (debug > 1)
112 hexdump(ctx->delayed_msg, ctx->delayed_msg_len);
113
114 BIO_write(bio->next_bio, ctx->delayed_msg, ctx->delayed_msg_len);
115
116 free(ctx->delayed_msg);
117 ctx->delayed_msg = NULL;
118
119 return BIO_ctrl(bio->next_bio, BIO_CTRL_FLUSH, 0, NULL);
120}
121
122static long
123bio_packet_monkey_ctrl(BIO *bio, int cmd, long num, void *ptr)
124{
125 struct bio_packet_monkey_ctx *ctx;
126
127 ctx = bio->ptr;
128
129 switch (cmd) {
130 case BIO_C_DELAY_COUNT:
131 if (num < 1 || num > 31)
132 return 0;
133 ctx->delay_count = num;
134 return 1;
135
136 case BIO_C_DELAY_FLUSH:
137 return bio_packet_monkey_delay_flush(bio);
138
139 case BIO_C_DELAY_PACKET:
140 if (num < 1 || num > 31)
141 return 0;
142 ctx->delay_mask |= 1 << ((unsigned int)num - 1);
143 return 1;
144
145 case BIO_C_DROP_PACKET:
146 if (num < 1 || num > 31)
147 return 0;
148 ctx->drop_mask |= 1 << ((unsigned int)num - 1);
149 return 1;
150
151 case BIO_C_DROP_RANDOM:
152 if (num < 0 || (size_t)num > UINT_MAX)
153 return 0;
154 ctx->drop_rand = (unsigned int)num;
155 return 1;
156 }
157
158 if (bio->next_bio == NULL)
159 return 0;
160
161 return BIO_ctrl(bio->next_bio, cmd, num, ptr);
162}
163
164static int
165bio_packet_monkey_read(BIO *bio, char *out, int out_len)
166{
167 struct bio_packet_monkey_ctx *ctx = bio->ptr;
168 int ret;
169
170 if (ctx == NULL || bio->next_bio == NULL)
171 return 0;
172
173 ret = BIO_read(bio->next_bio, out, out_len);
174
175 if (ret > 0) {
176 if (debug)
177 fprintf(stderr, "DEBUG: read packet...\n");
178 if (debug > 1)
179 hexdump(out, ret);
180 }
181
182 BIO_clear_retry_flags(bio);
183 if (ret <= 0 && BIO_should_retry(bio->next_bio))
184 BIO_set_retry_read(bio);
185
186 return ret;
187}
188
189static int
190bio_packet_monkey_write(BIO *bio, const char *in, int in_len)
191{
192 struct bio_packet_monkey_ctx *ctx = bio->ptr;
193 const char *label = "writing";
194 int delay = 0, drop = 0;
195 int ret;
196
197 if (ctx == NULL || bio->next_bio == NULL)
198 return 0;
199
200 if (ctx->delayed_msg != NULL && ctx->delay_count > 0)
201 ctx->delay_count--;
202
203 if (ctx->delayed_msg != NULL && ctx->delay_count == 0) {
204 if (debug)
205 fprintf(stderr, "DEBUG: writing delayed packet...\n");
206 if (debug > 1)
207 hexdump(ctx->delayed_msg, ctx->delayed_msg_len);
208
209 ret = BIO_write(bio->next_bio, ctx->delayed_msg,
210 ctx->delayed_msg_len);
211
212 BIO_clear_retry_flags(bio);
213 if (ret <= 0 && BIO_should_retry(bio->next_bio)) {
214 BIO_set_retry_write(bio);
215 return (ret);
216 }
217
218 free(ctx->delayed_msg);
219 ctx->delayed_msg = NULL;
220 }
221
222 if (ctx->delay_mask > 0) {
223 delay = ctx->delay_mask & 1;
224 ctx->delay_mask >>= 1;
225 }
226 if (ctx->drop_rand > 0) {
227 drop = arc4random_uniform(ctx->drop_rand) == 0;
228 } else if (ctx->drop_mask > 0) {
229 drop = ctx->drop_mask & 1;
230 ctx->drop_mask >>= 1;
231 }
232
233 if (delay)
234 label = "delaying";
235 if (drop)
236 label = "dropping";
237 if (debug)
238 fprintf(stderr, "DEBUG: %s packet...\n", label);
239 if (debug > 1)
240 hexdump(in, in_len);
241
242 if (drop)
243 return in_len;
244
245 if (delay) {
246 if (ctx->delayed_msg != NULL)
247 return 0;
248 if ((ctx->delayed_msg = calloc(1, in_len)) == NULL)
249 return 0;
250 memcpy(ctx->delayed_msg, in, in_len);
251 ctx->delayed_msg_len = in_len;
252 return in_len;
253 }
254
255 ret = BIO_write(bio->next_bio, in, in_len);
256
257 BIO_clear_retry_flags(bio);
258 if (ret <= 0 && BIO_should_retry(bio->next_bio))
259 BIO_set_retry_write(bio);
260
261 return ret;
262}
263
264static int
265bio_packet_monkey_puts(BIO *bio, const char *str)
266{
267 return bio_packet_monkey_write(bio, str, strlen(str));
268}
269
270static const BIO_METHOD bio_packet_monkey = {
271 .type = BIO_TYPE_BUFFER,
272 .name = "packet monkey",
273 .bread = bio_packet_monkey_read,
274 .bwrite = bio_packet_monkey_write,
275 .bputs = bio_packet_monkey_puts,
276 .ctrl = bio_packet_monkey_ctrl,
277 .create = bio_packet_monkey_new,
278 .destroy = bio_packet_monkey_free
279};
280
281static const BIO_METHOD *
282BIO_f_packet_monkey(void)
283{
284 return &bio_packet_monkey;
285}
286
287static BIO *
288BIO_new_packet_monkey(void)
289{
290 return BIO_new(BIO_f_packet_monkey());
291}
292
293static int
294BIO_packet_monkey_delay(BIO *bio, int num, int count)
295{
296 if (!BIO_ctrl(bio, BIO_C_DELAY_COUNT, count, NULL))
297 return 0;
298
299 return BIO_ctrl(bio, BIO_C_DELAY_PACKET, num, NULL);
300}
301
302static int
303BIO_packet_monkey_delay_flush(BIO *bio)
304{
305 return BIO_ctrl(bio, BIO_C_DELAY_FLUSH, 0, NULL);
306}
307
308static int
309BIO_packet_monkey_drop(BIO *bio, int num)
310{
311 return BIO_ctrl(bio, BIO_C_DROP_PACKET, num, NULL);
312}
313
314#if 0
315static int
316BIO_packet_monkey_drop_random(BIO *bio, int num)
317{
318 return BIO_ctrl(bio, BIO_C_DROP_RANDOM, num, NULL);
319}
320#endif
321
322static int
323datagram_pair(int *client_sock, int *server_sock,
324 struct sockaddr_in *server_sin)
325{
326 struct sockaddr_in sin;
327 socklen_t sock_len;
328 int cs = -1, ss = -1;
329
330 memset(&sin, 0, sizeof(sin));
331 sin.sin_family = AF_INET;
332 sin.sin_port = 0;
333 sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
334
335 if ((ss = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
336 err(1, "server socket");
337 if (bind(ss, (struct sockaddr *)&sin, sizeof(sin)) == -1)
338 err(1, "server bind");
339 sock_len = sizeof(sin);
340 if (getsockname(ss, (struct sockaddr *)&sin, &sock_len) == -1)
341 err(1, "server getsockname");
342
343 if ((cs = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1)
344 err(1, "client socket");
345 if (connect(cs, (struct sockaddr *)&sin, sizeof(sin)) == -1)
346 err(1, "client connect");
347
348 *client_sock = cs;
349 *server_sock = ss;
350 memcpy(server_sin, &sin, sizeof(sin));
351
352 return 1;
353}
354
355static int
356poll_timeout(SSL *client, SSL *server)
357{
358 int client_timeout = 0, server_timeout = 0;
359 struct timeval timeout;
360
361 if (DTLSv1_get_timeout(client, &timeout))
362 client_timeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000;
363
364 if (DTLSv1_get_timeout(server, &timeout))
365 server_timeout = timeout.tv_sec * 1000 + timeout.tv_usec / 1000;
366
367 if (client_timeout <= 0)
368 return server_timeout;
369 if (client_timeout > 0 && server_timeout <= 0)
370 return client_timeout;
371 if (client_timeout < server_timeout)
372 return client_timeout;
373
374 return server_timeout;
375}
376
377static int
378dtls_cookie_generate(SSL *ssl, unsigned char *cookie,
379 unsigned int *cookie_len)
380{
381 arc4random_buf(dtls_cookie, sizeof(dtls_cookie));
382 memcpy(cookie, dtls_cookie, sizeof(dtls_cookie));
383 *cookie_len = sizeof(dtls_cookie);
384
385 return 1;
386}
387
388static int
389dtls_cookie_verify(SSL *ssl, const unsigned char *cookie,
390 unsigned int cookie_len)
391{
392 return cookie_len == sizeof(dtls_cookie) &&
393 memcmp(cookie, dtls_cookie, sizeof(dtls_cookie)) == 0;
394}
395
396static void
397dtls_info_callback(const SSL *ssl, int type, int val)
398{
399 /*
400 * Squeals ahead... remove the bbio from the info callback, so we can
401 * drop specific messages. Ideally this would be an option for the SSL.
402 */
403 if (ssl->wbio == ssl->bbio)
404 ((SSL *)ssl)->wbio = BIO_pop(ssl->wbio);
405}
406
407static SSL *
408dtls_client(int sock, struct sockaddr_in *server_sin, long mtu)
409{
410 SSL_CTX *ssl_ctx = NULL;
411 SSL *ssl = NULL;
412 BIO *bio = NULL;
413
414 if ((bio = BIO_new_dgram(sock, BIO_NOCLOSE)) == NULL)
415 errx(1, "client bio");
416 if (!BIO_socket_nbio(sock, 1))
417 errx(1, "client nbio");
418 if (!BIO_ctrl_set_connected(bio, 1, server_sin))
419 errx(1, "client set connected");
420
421 if ((ssl_ctx = SSL_CTX_new(DTLS_method())) == NULL)
422 errx(1, "client context");
423
424 if ((ssl = SSL_new(ssl_ctx)) == NULL)
425 errx(1, "client ssl");
426
427 SSL_set_bio(ssl, bio, bio);
428 bio = NULL;
429
430 if (mtu > 0) {
431 SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU);
432 SSL_set_mtu(ssl, mtu);
433 }
434
435 SSL_CTX_free(ssl_ctx);
436 BIO_free(bio);
437
438 return ssl;
439}
440
441static SSL *
442dtls_server(int sock, long options, long mtu)
443{
444 SSL_CTX *ssl_ctx = NULL;
445 SSL *ssl = NULL;
446 BIO *bio = NULL;
447
448 if ((bio = BIO_new_dgram(sock, BIO_NOCLOSE)) == NULL)
449 errx(1, "server bio");
450 if (!BIO_socket_nbio(sock, 1))
451 errx(1, "server nbio");
452
453 if ((ssl_ctx = SSL_CTX_new(DTLS_method())) == NULL)
454 errx(1, "server context");
455
456 SSL_CTX_set_cookie_generate_cb(ssl_ctx, dtls_cookie_generate);
457 SSL_CTX_set_cookie_verify_cb(ssl_ctx, dtls_cookie_verify);
458 SSL_CTX_set_dh_auto(ssl_ctx, 2);
459 SSL_CTX_set_options(ssl_ctx, options);
460
461 if (SSL_CTX_use_certificate_chain_file(ssl_ctx, server_cert_file) != 1) {
462 fprintf(stderr, "FAIL: Failed to load server certificate");
463 goto failure;
464 }
465 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
466 SSL_FILETYPE_PEM) != 1) {
467 fprintf(stderr, "FAIL: Failed to load server private key");
468 goto failure;
469 }
470
471 if ((ssl = SSL_new(ssl_ctx)) == NULL)
472 errx(1, "server ssl");
473
474 if (SSL_use_certificate_chain_file(ssl, server_cert_file) != 1) {
475 fprintf(stderr, "FAIL: Failed to load server certificate");
476 goto failure;
477 }
478 SSL_set_bio(ssl, bio, bio);
479 bio = NULL;
480
481 if (mtu > 0) {
482 SSL_set_options(ssl, SSL_OP_NO_QUERY_MTU);
483 SSL_set_mtu(ssl, mtu);
484 }
485
486 failure:
487 SSL_CTX_free(ssl_ctx);
488 BIO_free(bio);
489
490 return ssl;
491}
492
493static int
494ssl_error(SSL *ssl, const char *name, const char *desc, int ssl_ret,
495 short *events)
496{
497 int ssl_err;
498
499 ssl_err = SSL_get_error(ssl, ssl_ret);
500
501 if (ssl_err == SSL_ERROR_WANT_READ) {
502 *events = POLLIN;
503 } else if (ssl_err == SSL_ERROR_WANT_WRITE) {
504 *events = POLLOUT;
505 } else if (ssl_err == SSL_ERROR_SYSCALL && errno == 0) {
506 /* Yup, this is apparently a thing... */
507 } else {
508 fprintf(stderr, "FAIL: %s %s failed - ssl err = %d, errno = %d\n",
509 name, desc, ssl_err, errno);
510 ERR_print_errors_fp(stderr);
511 return 0;
512 }
513
514 return 1;
515}
516
517static int
518do_connect(SSL *ssl, const char *name, int *done, short *events)
519{
520 int ssl_ret;
521
522 if ((ssl_ret = SSL_connect(ssl)) != 1)
523 return ssl_error(ssl, name, "connect", ssl_ret, events);
524
525 fprintf(stderr, "INFO: %s connect done\n", name);
526 *done = 1;
527
528 return 1;
529}
530
531static int
532do_connect_read(SSL *ssl, const char *name, int *done, short *events)
533{
534 uint8_t buf[2048];
535 int ssl_ret;
536 int i;
537
538 if ((ssl_ret = SSL_connect(ssl)) != 1)
539 return ssl_error(ssl, name, "connect", ssl_ret, events);
540
541 fprintf(stderr, "INFO: %s connect done\n", name);
542 *done = 1;
543
544 for (i = 0; i < 3; i++) {
545 fprintf(stderr, "INFO: %s reading after connect\n", name);
546 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) != 3) {
547 fprintf(stderr, "ERROR: %s read failed\n", name);
548 return 0;
549 }
550 }
551
552 return 1;
553}
554
555static int
556do_connect_shutdown(SSL *ssl, const char *name, int *done, short *events)
557{
558 uint8_t buf[2048];
559 int ssl_ret;
560
561 if ((ssl_ret = SSL_connect(ssl)) != 1)
562 return ssl_error(ssl, name, "connect", ssl_ret, events);
563
564 fprintf(stderr, "INFO: %s connect done\n", name);
565 *done = 1;
566
567 ssl_ret = SSL_read(ssl, buf, sizeof(buf));
568 if (SSL_get_error(ssl, ssl_ret) != SSL_ERROR_ZERO_RETURN) {
569 fprintf(stderr, "FAIL: %s did not receive close-notify\n", name);
570 return 0;
571 }
572
573 fprintf(stderr, "INFO: %s received close-notify\n", name);
574
575 return 1;
576}
577
578static int
579do_accept(SSL *ssl, const char *name, int *done, short *events)
580{
581 int ssl_ret;
582
583 if ((ssl_ret = SSL_accept(ssl)) != 1)
584 return ssl_error(ssl, name, "accept", ssl_ret, events);
585
586 fprintf(stderr, "INFO: %s accept done\n", name);
587 *done = 1;
588
589 return 1;
590}
591
592static int
593do_accept_write(SSL *ssl, const char *name, int *done, short *events)
594{
595 int ssl_ret;
596 BIO *bio;
597 int i;
598
599 if ((ssl_ret = SSL_accept(ssl)) != 1)
600 return ssl_error(ssl, name, "accept", ssl_ret, events);
601
602 fprintf(stderr, "INFO: %s accept done\n", name);
603
604 for (i = 0; i < 3; i++) {
605 fprintf(stderr, "INFO: %s writing after accept\n", name);
606 if ((ssl_ret = SSL_write(ssl, "abc", 3)) != 3) {
607 fprintf(stderr, "ERROR: %s write failed\n", name);
608 return 0;
609 }
610 }
611
612 if ((bio = SSL_get_wbio(ssl)) == NULL)
613 errx(1, "SSL has NULL bio");
614
615 /* Flush any delayed packets. */
616 BIO_packet_monkey_delay_flush(bio);
617
618 *done = 1;
619 return 1;
620}
621
622static int
623do_accept_shutdown(SSL *ssl, const char *name, int *done, short *events)
624{
625 int ssl_ret;
626 BIO *bio;
627
628 if ((ssl_ret = SSL_accept(ssl)) != 1)
629 return ssl_error(ssl, name, "accept", ssl_ret, events);
630
631 fprintf(stderr, "INFO: %s accept done\n", name);
632
633 SSL_shutdown(ssl);
634
635 if ((bio = SSL_get_wbio(ssl)) == NULL)
636 errx(1, "SSL has NULL bio");
637
638 /* Flush any delayed packets. */
639 BIO_packet_monkey_delay_flush(bio);
640
641 *done = 1;
642 return 1;
643}
644
645static int
646do_read(SSL *ssl, const char *name, int *done, short *events)
647{
648 uint8_t buf[512];
649 int ssl_ret;
650
651 if ((ssl_ret = SSL_read(ssl, buf, sizeof(buf))) > 0) {
652 fprintf(stderr, "INFO: %s read done\n", name);
653 if (debug > 1)
654 hexdump(buf, ssl_ret);
655 *done = 1;
656 return 1;
657 }
658
659 return ssl_error(ssl, name, "read", ssl_ret, events);
660}
661
662static int
663do_write(SSL *ssl, const char *name, int *done, short *events)
664{
665 const uint8_t buf[] = "Hello, World!\n";
666 int ssl_ret;
667
668 if ((ssl_ret = SSL_write(ssl, buf, sizeof(buf))) > 0) {
669 fprintf(stderr, "INFO: %s write done\n", name);
670 *done = 1;
671 return 1;
672 }
673
674 return ssl_error(ssl, name, "write", ssl_ret, events);
675}
676
677static int
678do_shutdown(SSL *ssl, const char *name, int *done, short *events)
679{
680 int ssl_ret;
681
682 ssl_ret = SSL_shutdown(ssl);
683 if (ssl_ret == 1) {
684 fprintf(stderr, "INFO: %s shutdown done\n", name);
685 *done = 1;
686 return 1;
687 }
688 return ssl_error(ssl, name, "shutdown", ssl_ret, events);
689}
690
691typedef int (ssl_func)(SSL *ssl, const char *name, int *done, short *events);
692
693static int
694do_client_server_loop(SSL *client, ssl_func *client_func, SSL *server,
695 ssl_func *server_func, struct pollfd pfd[2])
696{
697 int client_done = 0, server_done = 0;
698 int i = 0;
699
700 pfd[0].revents = POLLIN;
701 pfd[1].revents = POLLIN;
702
703 do {
704 if (!client_done) {
705 if (debug)
706 fprintf(stderr, "DEBUG: client loop\n");
707 if (DTLSv1_handle_timeout(client) > 0)
708 fprintf(stderr, "INFO: client timeout\n");
709 if (!client_func(client, "client", &client_done,
710 &pfd[0].events))
711 return 0;
712 if (client_done)
713 pfd[0].events = 0;
714 }
715 if (!server_done) {
716 if (debug)
717 fprintf(stderr, "DEBUG: server loop\n");
718 if (DTLSv1_handle_timeout(server) > 0)
719 fprintf(stderr, "INFO: server timeout\n");
720 if (!server_func(server, "server", &server_done,
721 &pfd[1].events))
722 return 0;
723 if (server_done)
724 pfd[1].events = 0;
725 }
726 if (poll(pfd, 2, poll_timeout(client, server)) == -1)
727 err(1, "poll");
728
729 } while (i++ < 100 && (!client_done || !server_done));
730
731 if (!client_done || !server_done)
732 fprintf(stderr, "FAIL: gave up\n");
733
734 return client_done && server_done;
735}
736
737#define MAX_PACKET_DELAYS 32
738#define MAX_PACKET_DROPS 32
739
740struct dtls_delay {
741 uint8_t packet;
742 uint8_t count;
743};
744
745struct dtls_test {
746 const unsigned char *desc;
747 long mtu;
748 long ssl_options;
749 int client_bbio_off;
750 int server_bbio_off;
751 uint16_t initial_epoch;
752 int write_after_accept;
753 int shutdown_after_accept;
754 struct dtls_delay client_delays[MAX_PACKET_DELAYS];
755 struct dtls_delay server_delays[MAX_PACKET_DELAYS];
756 uint8_t client_drops[MAX_PACKET_DROPS];
757 uint8_t server_drops[MAX_PACKET_DROPS];
758};
759
760static const struct dtls_test dtls_tests[] = {
761 {
762 .desc = "DTLS without cookies",
763 .ssl_options = 0,
764 },
765 {
766 .desc = "DTLS without cookies (initial epoch 0xfffe)",
767 .ssl_options = 0,
768 .initial_epoch = 0xfffe,
769 },
770 {
771 .desc = "DTLS without cookies (initial epoch 0xffff)",
772 .ssl_options = 0,
773 .initial_epoch = 0xffff,
774 },
775 {
776 .desc = "DTLS with cookies",
777 .ssl_options = SSL_OP_COOKIE_EXCHANGE,
778 },
779 {
780 .desc = "DTLS with low MTU",
781 .mtu = 256,
782 .ssl_options = 0,
783 },
784 {
785 .desc = "DTLS with low MTU and cookies",
786 .mtu = 256,
787 .ssl_options = SSL_OP_COOKIE_EXCHANGE,
788 },
789 {
790 .desc = "DTLS with dropped server response",
791 .ssl_options = 0,
792 .server_drops = { 1 },
793 },
794 {
795 .desc = "DTLS with two dropped server responses",
796 .ssl_options = 0,
797 .server_drops = { 1, 2 },
798 },
799 {
800 .desc = "DTLS with dropped ServerHello",
801 .ssl_options = SSL_OP_NO_TICKET,
802 .server_bbio_off = 1,
803 .server_drops = { 1 },
804 },
805 {
806 .desc = "DTLS with dropped server Certificate",
807 .ssl_options = SSL_OP_NO_TICKET,
808 .server_bbio_off = 1,
809 .server_drops = { 2 },
810 },
811 {
812 .desc = "DTLS with dropped ServerKeyExchange",
813 .ssl_options = SSL_OP_NO_TICKET,
814 .server_bbio_off = 1,
815 .server_drops = { 3 },
816 },
817 {
818 .desc = "DTLS with dropped ServerHelloDone",
819 .ssl_options = SSL_OP_NO_TICKET,
820 .server_bbio_off = 1,
821 .server_drops = { 4 },
822 },
823#if 0
824 /*
825 * These two result in the server accept completing and the
826 * client looping on a timeout. Presumably the server should not
827 * complete until the client Finished is received... this due to
828 * a flaw in the DTLSv1.0 specification, which is addressed in
829 * DTLSv1.2 (see references to "last flight" in RFC 6347 section
830 * 4.2.4). Our DTLS server code still needs to support this.
831 */
832 {
833 .desc = "DTLS with dropped server CCS",
834 .ssl_options = 0,
835 .server_bbio_off = 1,
836 .server_drops = { 5 },
837 },
838 {
839 .desc = "DTLS with dropped server Finished",
840 .ssl_options = 0,
841 .server_bbio_off = 1,
842 .server_drops = { 6 },
843 },
844#endif
845 {
846 .desc = "DTLS with dropped ClientKeyExchange",
847 .ssl_options = 0,
848 .client_bbio_off = 1,
849 .client_drops = { 2 },
850 },
851 {
852 .desc = "DTLS with dropped client CCS",
853 .ssl_options = 0,
854 .client_bbio_off = 1,
855 .client_drops = { 3 },
856 },
857 {
858 .desc = "DTLS with dropped client Finished",
859 .ssl_options = 0,
860 .client_bbio_off = 1,
861 .client_drops = { 4 },
862 },
863 {
864 /* Send CCS after client Finished. */
865 .desc = "DTLS with delayed client CCS",
866 .ssl_options = 0,
867 .client_bbio_off = 1,
868 .client_delays = { { 3, 2 } },
869 },
870 {
871 /*
872 * Send CCS after server Finished - note app data will be
873 * dropped if we send the CCS after app data.
874 */
875 .desc = "DTLS with delayed server CCS",
876 .ssl_options = SSL_OP_NO_TICKET,
877 .server_bbio_off = 1,
878 .server_delays = { { 5, 2 } },
879 .write_after_accept = 1,
880 },
881 {
882 .desc = "DTLS with delayed server CCS (initial epoch 0xfffe)",
883 .ssl_options = SSL_OP_NO_TICKET,
884 .server_bbio_off = 1,
885 .initial_epoch = 0xfffe,
886 .server_delays = { { 5, 2 } },
887 .write_after_accept = 1,
888 },
889 {
890 .desc = "DTLS with delayed server CCS (initial epoch 0xffff)",
891 .ssl_options = SSL_OP_NO_TICKET,
892 .server_bbio_off = 1,
893 .initial_epoch = 0xffff,
894 .server_delays = { { 5, 2 } },
895 .write_after_accept = 1,
896 },
897 {
898 /* Send Finished after app data - this is currently buffered. */
899 .desc = "DTLS with delayed server Finished",
900 .ssl_options = SSL_OP_NO_TICKET,
901 .server_bbio_off = 1,
902 .server_delays = { { 6, 3 } },
903 .write_after_accept = 1,
904 },
905 {
906 /* Send CCS after server finished and close-notify. */
907 .desc = "DTLS with delayed server CCS (close-notify)",
908 .ssl_options = SSL_OP_NO_TICKET,
909 .server_bbio_off = 1,
910 .server_delays = { { 5, 3 } },
911 .shutdown_after_accept = 1,
912 },
913};
914
915#define N_DTLS_TESTS (sizeof(dtls_tests) / sizeof(*dtls_tests))
916
917static void
918dtlstest_packet_monkey(SSL *ssl, const struct dtls_delay delays[],
919 const uint8_t drops[])
920{
921 BIO *bio_monkey;
922 BIO *bio;
923 int i;
924
925 if ((bio_monkey = BIO_new_packet_monkey()) == NULL)
926 errx(1, "packet monkey");
927
928 for (i = 0; i < MAX_PACKET_DELAYS; i++) {
929 if (delays[i].packet == 0)
930 break;
931 if (!BIO_packet_monkey_delay(bio_monkey, delays[i].packet,
932 delays[i].count))
933 errx(1, "delay failure");
934 }
935
936 for (i = 0; i < MAX_PACKET_DROPS; i++) {
937 if (drops[i] == 0)
938 break;
939 if (!BIO_packet_monkey_drop(bio_monkey, drops[i]))
940 errx(1, "drop failure");
941 }
942
943 if ((bio = SSL_get_wbio(ssl)) == NULL)
944 errx(1, "SSL has NULL bio");
945
946 BIO_up_ref(bio);
947 bio = BIO_push(bio_monkey, bio);
948
949 SSL_set_bio(ssl, bio, bio);
950}
951
952static int
953dtlstest(const struct dtls_test *dt)
954{
955 SSL *client = NULL, *server = NULL;
956 ssl_func *connect_func, *accept_func;
957 struct sockaddr_in server_sin;
958 struct pollfd pfd[2];
959 int client_sock = -1;
960 int server_sock = -1;
961 int failed = 1;
962
963 fprintf(stderr, "\n== Testing %s... ==\n", dt->desc);
964
965 if (!datagram_pair(&client_sock, &server_sock, &server_sin))
966 goto failure;
967
968 if ((client = dtls_client(client_sock, &server_sin, dt->mtu)) == NULL)
969 goto failure;
970
971 if ((server = dtls_server(server_sock, dt->ssl_options, dt->mtu)) == NULL)
972 goto failure;
973
974 tls12_record_layer_set_initial_epoch(client->internal->rl,
975 dt->initial_epoch);
976 tls12_record_layer_set_initial_epoch(server->internal->rl,
977 dt->initial_epoch);
978
979 if (dt->client_bbio_off)
980 SSL_set_info_callback(client, dtls_info_callback);
981 if (dt->server_bbio_off)
982 SSL_set_info_callback(server, dtls_info_callback);
983
984 dtlstest_packet_monkey(client, dt->client_delays, dt->client_drops);
985 dtlstest_packet_monkey(server, dt->server_delays, dt->server_drops);
986
987 pfd[0].fd = client_sock;
988 pfd[0].events = POLLOUT;
989 pfd[1].fd = server_sock;
990 pfd[1].events = POLLIN;
991
992 accept_func = do_accept;
993 connect_func = do_connect;
994
995 if (dt->write_after_accept) {
996 accept_func = do_accept_write;
997 connect_func = do_connect_read;
998 } else if (dt->shutdown_after_accept) {
999 accept_func = do_accept_shutdown;
1000 connect_func = do_connect_shutdown;
1001 }
1002
1003 if (!do_client_server_loop(client, connect_func, server, accept_func, pfd)) {
1004 fprintf(stderr, "FAIL: client and server handshake failed\n");
1005 goto failure;
1006 }
1007
1008 if (dt->write_after_accept || dt->shutdown_after_accept)
1009 goto done;
1010
1011 pfd[0].events = POLLIN;
1012 pfd[1].events = POLLOUT;
1013
1014 if (!do_client_server_loop(client, do_read, server, do_write, pfd)) {
1015 fprintf(stderr, "FAIL: client read and server write I/O failed\n");
1016 goto failure;
1017 }
1018
1019 pfd[0].events = POLLOUT;
1020 pfd[1].events = POLLIN;
1021
1022 if (!do_client_server_loop(client, do_write, server, do_read, pfd)) {
1023 fprintf(stderr, "FAIL: client write and server read I/O failed\n");
1024 goto failure;
1025 }
1026
1027 pfd[0].events = POLLOUT;
1028 pfd[1].events = POLLOUT;
1029
1030 if (!do_client_server_loop(client, do_shutdown, server, do_shutdown, pfd)) {
1031 fprintf(stderr, "FAIL: client and server shutdown failed\n");
1032 goto failure;
1033 }
1034
1035 done:
1036 fprintf(stderr, "INFO: Done!\n");
1037
1038 failed = 0;
1039
1040 failure:
1041 if (client_sock != -1)
1042 close(client_sock);
1043 if (server_sock != -1)
1044 close(server_sock);
1045
1046 SSL_free(client);
1047 SSL_free(server);
1048
1049 return failed;
1050}
1051
1052int
1053main(int argc, char **argv)
1054{
1055 int failed = 0;
1056 size_t i;
1057
1058 if (argc != 4) {
1059 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
1060 argv[0]);
1061 exit(1);
1062 }
1063
1064 server_key_file = argv[1];
1065 server_cert_file = argv[2];
1066 server_ca_file = argv[3];
1067
1068 for (i = 0; i < N_DTLS_TESTS; i++)
1069 failed |= dtlstest(&dtls_tests[i]);
1070
1071 return failed;
1072}
diff --git a/src/regress/lib/libssl/handshake/Makefile b/src/regress/lib/libssl/handshake/Makefile
deleted file mode 100644
index aa0f70bd3b..0000000000
--- a/src/regress/lib/libssl/handshake/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
1# $OpenBSD: Makefile,v 1.8 2020/12/17 00:51:11 bluhm Exp $
2
3PROGS += handshake_table
4PROGS += valid_handshakes_terminate
5
6.for p in ${PROGS}
7REGRESS_TARGETS += run-$p
8.endfor
9
10LDADD = ${SSL_INT} -lcrypto
11DPADD = ${LIBCRYPTO} ${LIBSSL}
12WARNINGS = Yes
13CFLAGS += -DLIBRESSL_INTERNAL -Wundef -Werror -I${BSDSRCDIR}/lib/libssl
14
15print: handshake_table
16 @./handshake_table -C
17
18handshake.gv: handshake_table
19 ./handshake_table -g > $@.tmp
20 mv $@.tmp $@
21
22CLEANFILES += handshake.gv
23
24.for _FMT in png ps svg
25handshake.${_FMT}: handshake.gv
26 @if [ ! -x /usr/local/bin/dot ]; then \
27 echo "pkg_add graphviz to generate png"; \
28 false; \
29 fi
30 dot -T${_FMT} handshake.gv -o $@
31
32CLEANFILES += handshake.${_FMT}
33.endfor
34
35.for p in ${PROGS}
36run-$p: $p
37 ./$p
38
39.PHONY: run-$p
40.endfor
41
42.PHONY: print
43
44.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/handshake/handshake_table.c b/src/regress/lib/libssl/handshake/handshake_table.c
deleted file mode 100644
index 88777f6fa8..0000000000
--- a/src/regress/lib/libssl/handshake/handshake_table.c
+++ /dev/null
@@ -1,514 +0,0 @@
1/* $OpenBSD: handshake_table.c,v 1.15 2020/05/14 18:04:19 tb Exp $ */
2/*
3 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdint.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <unistd.h>
23
24#include "tls13_handshake.h"
25
26#define MAX_FLAGS (UINT8_MAX + 1)
27
28/*
29 * From RFC 8446:
30 *
31 * Appendix A. State Machine
32 *
33 * This appendix provides a summary of the legal state transitions for
34 * the client and server handshakes. State names (in all capitals,
35 * e.g., START) have no formal meaning but are provided for ease of
36 * comprehension. Actions which are taken only in certain circumstances
37 * are indicated in []. The notation "K_{send,recv} = foo" means "set
38 * the send/recv key to the given key".
39 *
40 * A.1. Client
41 *
42 * START <----+
43 * Send ClientHello | | Recv HelloRetryRequest
44 * [K_send = early data] | |
45 * v |
46 * / WAIT_SH ----+
47 * | | Recv ServerHello
48 * | | K_recv = handshake
49 * Can | V
50 * send | WAIT_EE
51 * early | | Recv EncryptedExtensions
52 * data | +--------+--------+
53 * | Using | | Using certificate
54 * | PSK | v
55 * | | WAIT_CERT_CR
56 * | | Recv | | Recv CertificateRequest
57 * | | Certificate | v
58 * | | | WAIT_CERT
59 * | | | | Recv Certificate
60 * | | v v
61 * | | WAIT_CV
62 * | | | Recv CertificateVerify
63 * | +> WAIT_FINISHED <+
64 * | | Recv Finished
65 * \ | [Send EndOfEarlyData]
66 * | K_send = handshake
67 * | [Send Certificate [+ CertificateVerify]]
68 * Can send | Send Finished
69 * app data --> | K_send = K_recv = application
70 * after here v
71 * CONNECTED
72 *
73 * Note that with the transitions as shown above, clients may send
74 * alerts that derive from post-ServerHello messages in the clear or
75 * with the early data keys. If clients need to send such alerts, they
76 * SHOULD first rekey to the handshake keys if possible.
77 *
78 */
79
80struct child {
81 enum tls13_message_type mt;
82 uint8_t flag;
83 uint8_t forced;
84 uint8_t illegal;
85};
86
87#define DEFAULT 0x00
88
89static struct child stateinfo[][TLS13_NUM_MESSAGE_TYPES] = {
90 [CLIENT_HELLO] = {
91 {SERVER_HELLO_RETRY_REQUEST, DEFAULT, 0, 0},
92 {SERVER_HELLO, WITHOUT_HRR, 0, 0},
93 },
94 [SERVER_HELLO_RETRY_REQUEST] = {
95 {CLIENT_HELLO_RETRY, DEFAULT, 0, 0},
96 },
97 [CLIENT_HELLO_RETRY] = {
98 {SERVER_HELLO, DEFAULT, 0, 0},
99 },
100 [SERVER_HELLO] = {
101 {SERVER_ENCRYPTED_EXTENSIONS, DEFAULT, 0, 0},
102 },
103 [SERVER_ENCRYPTED_EXTENSIONS] = {
104 {SERVER_CERTIFICATE_REQUEST, DEFAULT, 0, 0},
105 {SERVER_CERTIFICATE, WITHOUT_CR, 0, 0},
106 {SERVER_FINISHED, WITH_PSK, 0, 0},
107 },
108 [SERVER_CERTIFICATE_REQUEST] = {
109 {SERVER_CERTIFICATE, DEFAULT, 0, 0},
110 },
111 [SERVER_CERTIFICATE] = {
112 {SERVER_CERTIFICATE_VERIFY, DEFAULT, 0, 0},
113 },
114 [SERVER_CERTIFICATE_VERIFY] = {
115 {SERVER_FINISHED, DEFAULT, 0, 0},
116 },
117 [SERVER_FINISHED] = {
118 {CLIENT_FINISHED, DEFAULT, WITHOUT_CR | WITH_PSK, 0},
119 {CLIENT_CERTIFICATE, DEFAULT, 0, WITHOUT_CR | WITH_PSK},
120 },
121 [CLIENT_CERTIFICATE] = {
122 {CLIENT_FINISHED, DEFAULT, 0, 0},
123 {CLIENT_CERTIFICATE_VERIFY, WITH_CCV, 0, 0},
124 },
125 [CLIENT_CERTIFICATE_VERIFY] = {
126 {CLIENT_FINISHED, DEFAULT, 0, 0},
127 },
128 [CLIENT_FINISHED] = {
129 {APPLICATION_DATA, DEFAULT, 0, 0},
130 },
131 [APPLICATION_DATA] = {
132 {0, DEFAULT, 0, 0},
133 },
134};
135
136const size_t stateinfo_count = sizeof(stateinfo) / sizeof(stateinfo[0]);
137
138void build_table(enum tls13_message_type
139 table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
140 struct child current, struct child end,
141 struct child path[], uint8_t flags, unsigned int depth);
142size_t count_handshakes(void);
143void edge(enum tls13_message_type start,
144 enum tls13_message_type end, uint8_t flag);
145const char *flag2str(uint8_t flag);
146void flag_label(uint8_t flag);
147void forced_edges(enum tls13_message_type start,
148 enum tls13_message_type end, uint8_t forced);
149int generate_graphics(void);
150void fprint_entry(FILE *stream,
151 enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES],
152 uint8_t flags);
153void fprint_flags(FILE *stream, uint8_t flags);
154const char *mt2str(enum tls13_message_type mt);
155__dead void usage(void);
156int verify_table(enum tls13_message_type
157 table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print);
158
159const char *
160flag2str(uint8_t flag)
161{
162 const char *ret;
163
164 if (flag & (flag - 1))
165 errx(1, "more than one bit is set");
166
167 switch (flag) {
168 case INITIAL:
169 ret = "INITIAL";
170 break;
171 case NEGOTIATED:
172 ret = "NEGOTIATED";
173 break;
174 case WITHOUT_CR:
175 ret = "WITHOUT_CR";
176 break;
177 case WITHOUT_HRR:
178 ret = "WITHOUT_HRR";
179 break;
180 case WITH_PSK:
181 ret = "WITH_PSK";
182 break;
183 case WITH_CCV:
184 ret = "WITH_CCV";
185 break;
186 case WITH_0RTT:
187 ret = "WITH_0RTT";
188 break;
189 default:
190 ret = "UNKNOWN";
191 }
192
193 return ret;
194}
195
196const char *
197mt2str(enum tls13_message_type mt)
198{
199 const char *ret;
200
201 switch (mt) {
202 case INVALID:
203 ret = "INVALID";
204 break;
205 case CLIENT_HELLO:
206 ret = "CLIENT_HELLO";
207 break;
208 case CLIENT_HELLO_RETRY:
209 ret = "CLIENT_HELLO_RETRY";
210 break;
211 case CLIENT_END_OF_EARLY_DATA:
212 ret = "CLIENT_END_OF_EARLY_DATA";
213 break;
214 case CLIENT_CERTIFICATE:
215 ret = "CLIENT_CERTIFICATE";
216 break;
217 case CLIENT_CERTIFICATE_VERIFY:
218 ret = "CLIENT_CERTIFICATE_VERIFY";
219 break;
220 case CLIENT_FINISHED:
221 ret = "CLIENT_FINISHED";
222 break;
223 case SERVER_HELLO:
224 ret = "SERVER_HELLO";
225 break;
226 case SERVER_HELLO_RETRY_REQUEST:
227 ret = "SERVER_HELLO_RETRY_REQUEST";
228 break;
229 case SERVER_ENCRYPTED_EXTENSIONS:
230 ret = "SERVER_ENCRYPTED_EXTENSIONS";
231 break;
232 case SERVER_CERTIFICATE:
233 ret = "SERVER_CERTIFICATE";
234 break;
235 case SERVER_CERTIFICATE_VERIFY:
236 ret = "SERVER_CERTIFICATE_VERIFY";
237 break;
238 case SERVER_CERTIFICATE_REQUEST:
239 ret = "SERVER_CERTIFICATE_REQUEST";
240 break;
241 case SERVER_FINISHED:
242 ret = "SERVER_FINISHED";
243 break;
244 case APPLICATION_DATA:
245 ret = "APPLICATION_DATA";
246 break;
247 case TLS13_NUM_MESSAGE_TYPES:
248 ret = "TLS13_NUM_MESSAGE_TYPES";
249 break;
250 default:
251 ret = "UNKNOWN";
252 break;
253 }
254
255 return ret;
256}
257
258void
259fprint_flags(FILE *stream, uint8_t flags)
260{
261 int first = 1, i;
262
263 if (flags == 0) {
264 fprintf(stream, "%s", flag2str(flags));
265 return;
266 }
267
268 for (i = 0; i < 8; i++) {
269 uint8_t set = flags & (1U << i);
270
271 if (set) {
272 fprintf(stream, "%s%s", first ? "" : " | ",
273 flag2str(set));
274 first = 0;
275 }
276 }
277}
278
279void
280fprint_entry(FILE *stream,
281 enum tls13_message_type path[TLS13_NUM_MESSAGE_TYPES], uint8_t flags)
282{
283 int i;
284
285 fprintf(stream, "\t[");
286 fprint_flags(stream, flags);
287 fprintf(stream, "] = {\n");
288
289 for (i = 0; i < TLS13_NUM_MESSAGE_TYPES; i++) {
290 if (path[i] == 0)
291 break;
292 fprintf(stream, "\t\t%s,\n", mt2str(path[i]));
293 }
294 fprintf(stream, "\t},\n");
295}
296
297void
298edge(enum tls13_message_type start, enum tls13_message_type end,
299 uint8_t flag)
300{
301 printf("\t%s -> %s", mt2str(start), mt2str(end));
302 flag_label(flag);
303 printf(";\n");
304}
305
306void
307flag_label(uint8_t flag)
308{
309 if (flag)
310 printf(" [label=\"%s\"]", flag2str(flag));
311}
312
313void
314forced_edges(enum tls13_message_type start, enum tls13_message_type end,
315 uint8_t forced)
316{
317 uint8_t forced_flag, i;
318
319 if (forced == 0)
320 return;
321
322 for (i = 0; i < 8; i++) {
323 forced_flag = forced & (1U << i);
324 if (forced_flag)
325 edge(start, end, forced_flag);
326 }
327}
328
329int
330generate_graphics(void)
331{
332 enum tls13_message_type start, end;
333 unsigned int child;
334 uint8_t flag;
335 uint8_t forced;
336
337 printf("digraph G {\n");
338 printf("\t%s [shape=box];\n", mt2str(CLIENT_HELLO));
339 printf("\t%s [shape=box];\n", mt2str(APPLICATION_DATA));
340
341 for (start = CLIENT_HELLO; start < APPLICATION_DATA; start++) {
342 for (child = 0; stateinfo[start][child].mt != 0; child++) {
343 end = stateinfo[start][child].mt;
344 flag = stateinfo[start][child].flag;
345 forced = stateinfo[start][child].forced;
346
347 if (forced == 0)
348 edge(start, end, flag);
349 else
350 forced_edges(start, end, forced);
351 }
352 }
353
354 printf("}\n");
355 return 0;
356}
357
358extern enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES];
359extern size_t handshake_count;
360
361size_t
362count_handshakes(void)
363{
364 size_t ret = 0, i;
365
366 for (i = 0; i < handshake_count; i++) {
367 if (handshakes[i][0] != INVALID)
368 ret++;
369 }
370
371 return ret;
372}
373
374void
375build_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
376 struct child current, struct child end, struct child path[], uint8_t flags,
377 unsigned int depth)
378{
379 unsigned int i;
380
381 if (depth >= TLS13_NUM_MESSAGE_TYPES - 1)
382 errx(1, "recursed too deeply");
383
384 /* Record current node. */
385 path[depth++] = current;
386 flags |= current.flag;
387
388 /* If we haven't reached the end, recurse over the children. */
389 if (current.mt != end.mt) {
390 for (i = 0; stateinfo[current.mt][i].mt != 0; i++) {
391 struct child child = stateinfo[current.mt][i];
392 int forced = stateinfo[current.mt][i].forced;
393 int illegal = stateinfo[current.mt][i].illegal;
394
395 if ((forced == 0 || (forced & flags)) &&
396 (illegal == 0 || !(illegal & flags)))
397 build_table(table, child, end, path, flags,
398 depth);
399 }
400 return;
401 }
402
403 if (flags == 0)
404 errx(1, "path does not set flags");
405
406 if (table[flags][0] != 0)
407 errx(1, "path traversed twice");
408
409 for (i = 0; i < depth; i++)
410 table[flags][i] = path[i].mt;
411}
412
413int
414verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES],
415 int print)
416{
417 int success = 1, i;
418 size_t num_valid, num_found = 0;
419 uint8_t flags = 0;
420
421 do {
422 if (table[flags][0] == 0)
423 continue;
424
425 num_found++;
426
427 for (i = 0; i < TLS13_NUM_MESSAGE_TYPES; i++) {
428 if (table[flags][i] != handshakes[flags][i]) {
429 fprintf(stderr,
430 "incorrect entry %d of handshake ", i);
431 fprint_flags(stderr, flags);
432 fprintf(stderr, "\n");
433 success = 0;
434 }
435 }
436
437 if (print)
438 fprint_entry(stdout, table[flags], flags);
439 } while(++flags != 0);
440
441 num_valid = count_handshakes();
442 if (num_valid != num_found) {
443 fprintf(stderr,
444 "incorrect number of handshakes: want %zu, got %zu.\n",
445 num_valid, num_found);
446 success = 0;
447 }
448
449 return success;
450}
451
452__dead void
453usage(void)
454{
455 fprintf(stderr, "usage: handshake_table [-C | -g]\n");
456 exit(1);
457}
458
459int
460main(int argc, char *argv[])
461{
462 static enum tls13_message_type
463 hs_table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES] = {
464 [INITIAL] = {
465 CLIENT_HELLO,
466 SERVER_HELLO_RETRY_REQUEST,
467 CLIENT_HELLO_RETRY,
468 SERVER_HELLO,
469 },
470 };
471 struct child start = {
472 CLIENT_HELLO, DEFAULT, 0, 0,
473 };
474 struct child end = {
475 APPLICATION_DATA, DEFAULT, 0, 0,
476 };
477 struct child path[TLS13_NUM_MESSAGE_TYPES] = {{0}};
478 uint8_t flags = NEGOTIATED;
479 unsigned int depth = 0;
480 int ch, graphviz = 0, print = 0;
481
482 while ((ch = getopt(argc, argv, "Cg")) != -1) {
483 switch (ch) {
484 case 'C':
485 print = 1;
486 break;
487 case 'g':
488 graphviz = 1;
489 break;
490 default:
491 usage();
492 }
493 }
494 argc -= optind;
495 argv += optind;
496
497 if (argc != 0)
498 usage();
499
500 if (graphviz && print)
501 usage();
502
503 if (graphviz)
504 return generate_graphics();
505
506 build_table(hs_table, start, end, path, flags, depth);
507 if (!verify_table(hs_table, print))
508 return 1;
509
510 if (!print)
511 printf("SUCCESS\n");
512
513 return 0;
514}
diff --git a/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c b/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c
deleted file mode 100644
index 5f0e4f2c18..0000000000
--- a/src/regress/lib/libssl/handshake/valid_handshakes_terminate.c
+++ /dev/null
@@ -1,57 +0,0 @@
1/* $OpenBSD: valid_handshakes_terminate.c,v 1.3 2019/04/05 20:25:42 tb Exp $ */
2/*
3 * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <stdio.h>
20
21#include "tls13_handshake.c"
22
23int
24main(int argc, char *argv[])
25{
26 size_t i, j;
27 int terminates;
28 int fail = 0;
29
30 for (i = 1; i < handshake_count; i++) {
31 enum tls13_message_type mt = handshakes[i][0];
32
33 if (mt == INVALID)
34 continue;
35
36 terminates = 0;
37
38 for (j = 0; j < TLS13_NUM_MESSAGE_TYPES; j++) {
39 mt = handshakes[i][j];
40 if (state_machine[mt].handshake_complete) {
41 terminates = 1;
42 break;
43 }
44 }
45
46 if (!terminates) {
47 fail = 1;
48 printf("FAIL: handshake_complete never true in "
49 "handshake %zu\n", i);
50 }
51 }
52
53 if (!fail)
54 printf("SUCCESS\n");
55
56 return fail;
57}
diff --git a/src/regress/lib/libssl/interop/LICENSE b/src/regress/lib/libssl/interop/LICENSE
deleted file mode 100644
index 838e7f45cc..0000000000
--- a/src/regress/lib/libssl/interop/LICENSE
+++ /dev/null
@@ -1,15 +0,0 @@
1/*
2 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
deleted file mode 100644
index aa9c3adf56..0000000000
--- a/src/regress/lib/libssl/interop/Makefile
+++ /dev/null
@@ -1,19 +0,0 @@
1# $OpenBSD: Makefile,v 1.13 2020/09/21 15:13:24 beck Exp $
2
3SUBDIR = libressl openssl openssl11
4
5# the above binaries must have been built before we can continue
6SUBDIR += netcat
7SUBDIR += session
8SUBDIR += botan
9
10# What is below takes a long time.
11# setting REGRESS_SKIP_SLOW to "yes" in mk.conf
12# will skip the tests that do not test libressl
13# but do things like test openssl to openssl11
14SUBDIR += version
15SUBDIR += cipher
16# This takes a really long time.
17SUBDIR += cert
18
19.include <bsd.subdir.mk>
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
deleted file mode 100644
index ed5fe26147..0000000000
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ /dev/null
@@ -1,90 +0,0 @@
1# $OpenBSD: Makefile.inc,v 1.8 2020/12/17 00:51:11 bluhm Exp $
2
3.PATH: ${.CURDIR}/..
4
5SRCS_client ?= client.c util.c
6SRCS_server ?= server.c util.c
7WARNINGS = yes
8CLEANFILES += *.out *.fstat
9
10.for p in ${PROGS}
11ldd-$p.out: $p
12 # programs must be linked with correct libraries
13 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ldd $p >$@
14.endfor
15
16client-self.out server-self.out: run-self-client-server
17
18run-self-client-server: client server 127.0.0.1.crt
19 # check that tls client and server work together
20 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
21 ./server >server-self.out \
22 127.0.0.1 0
23 LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
24 ./client >client-self.out \
25 `sed -n 's/listen sock: //p' server-self.out`
26 # check that the client run successfully to the end
27 grep -q '^success$$' client-self.out
28 # client must have read server greeting
29 grep -q '^<<< greeting$$' client-self.out
30 # check that the server child run successfully to the end
31 grep -q '^success$$' server-self.out
32 # server must have read client hello
33 grep -q '^<<< hello$$' server-self.out
34
35# create certificates for TLS
36
37CLEANFILES += 127.0.0.1.{crt,key} \
38 ca.{crt,key,srl} fake-ca.{crt,key} \
39 {client,server}.{req,crt,key} \
40 {dsa,ec,gost,rsa}.{key,req,crt} \
41 dh.param
42
43127.0.0.1.crt:
44 openssl req -batch -new \
45 -subj /L=OpenBSD/O=tls-regress/OU=server/CN=${@:R}/ \
46 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
47
48ca.crt fake-ca.crt:
49 openssl req -batch -new \
50 -subj /L=OpenBSD/O=tls-regress/OU=ca/CN=root/ \
51 -nodes -newkey rsa -keyout ${@:R}.key -x509 -out $@
52
53client.req server.req:
54 openssl req -batch -new \
55 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
56 -nodes -newkey rsa -keyout ${@:R}.key -out $@
57
58client.crt server.crt: ca.crt ${@:R}.req
59 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
60 -req -in ${@:R}.req -out $@
61
62dh.param:
63 openssl dhparam -out $@ 1024
64
65dsa.key:
66 openssl dsaparam -genkey -out $@ 2048
67
68ec.key:
69 openssl ecparam -genkey -name secp256r1 -out $@
70
71gost.key:
72 openssl genpkey -algorithm gost2001 \
73 -pkeyopt paramset:A -pkeyopt dgst:md_gost94 -out $@
74
75rsa.key:
76 openssl genrsa -out $@ 2048
77
78dsa.req ec.req rsa.req: ${@:R}.key
79 openssl req -batch -new \
80 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
81 -nodes -key ${@:R}.key -out $@
82
83gost.req: ${@:R}.key
84 openssl req -batch -new -md_gost94 \
85 -subj /L=OpenBSD/O=tls-regress/OU=${@:R}/CN=localhost/ \
86 -nodes -key ${@:R}.key -out $@
87
88dsa.crt ec.crt gost.crt rsa.crt: ca.crt ${@:R}.req
89 openssl x509 -CAcreateserial -CAkey ca.key -CA ca.crt \
90 -req -in ${@:R}.req -out $@
diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README
deleted file mode 100644
index 54910e554d..0000000000
--- a/src/regress/lib/libssl/interop/README
+++ /dev/null
@@ -1,22 +0,0 @@
1Test TLS interoperability between LibreSSL and OpenSSL.
2
3Implement simple SSL client and server in C. Create six binaries
4by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1. This
5way API compatibility is tested.
6
7To self test each SSL library, connect client with server. Check
8that the highest available TLS version is selected. LibreSSL TLS
91.3 check has to be enabled when the feature becomes available.
10
11Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used. As
12soon as LibreSSL supports TLS 1.3, it should be used automatically
13when netcat is communicating with OpenSSL 1.1.
14
15Connect and accept with netcat to test protocol compatibility with
16libtls. Test TLS session reuse multiple times with different library
17combinations. The cert subdir is testing all combinations of
18certificate validation. Having the three libraries, client and
19server certificates, missing or invalid CA or certificates, and
20enforcing peer certificate results in 1944 test cases. The cipher
21test establishes connections between implementations for each
22supported cipher.
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
deleted file mode 100644
index a162ee9e17..0000000000
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ /dev/null
@@ -1,82 +0,0 @@
1# $OpenBSD: Makefile,v 1.4 2020/12/17 00:51:11 bluhm Exp $
2
3.include <bsd.own.mk>
4
5.if ! exists(/usr/local/bin/botan)
6regress:
7 # install botan2 from ports for interop tests
8 @echo SKIPPED
9.elif (${COMPILER_VERSION:L} != "clang" && ! exists(/usr/local/bin/eg++))
10regress:
11 # on gcc-archs install g++ from ports for botan2 interop tests
12 @echo SKIPPED
13.else
14
15# C++11
16.if ${COMPILER_VERSION:L} != "clang" && ${CXX} == "c++"
17CXX = /usr/local/bin/eg++
18.endif
19
20LIBRARIES = libressl
21.if exists(/usr/local/bin/eopenssl)
22LIBRARIES += openssl
23.endif
24.if exists(/usr/local/bin/eopenssl11)
25LIBRARIES += openssl11
26.endif
27
28PROGS = client
29SRCS_client = client.cpp
30CXXFLAGS = -I/usr/local/include/botan-2 -Wall
31LDFLAGS = -L/usr/local/lib
32LDADD = -lbotan-2
33DPADD = /usr/local/lib/libbotan-2.a
34
35.for lib in ${LIBRARIES}
36
37REGRESS_TARGETS += run-client-botan-server-${lib}
38
39run-client-botan-server-${lib}: client server.crt
40 LD_LIBRARY_PATH=/usr/local/lib/e${lib} \
41 ../${lib}/server >server-${lib}.out \
42 -c server.crt -k server.key \
43 127.0.0.1 0
44 ./client >client-botan.out \
45 -C ca.crt \
46 127.0.0.1 \
47 `sed -n 's/listen sock: 127.0.0.1 //p' server-${lib}.out`
48 # check that the server child run successfully to the end
49 grep -q '^success$$' server-${lib}.out || \
50 { sleep 1; grep -q '^success$$' server-${lib}.out; }
51 # server must have read client hello
52 grep -q '^<<< hello$$' server-${lib}.out
53 # check that the client run successfully to the end
54 grep -q '^success$$' client-botan.out
55 # client must have read server greeting
56 grep -q '^<<< greeting$$' client-botan.out
57 # currently botan supports TLS 1.2, adapt later
58 grep -q ' Protocol *: TLSv1.2$$' server-${lib}.out
59
60.endfor
61
62server.key ca.key:
63 /usr/local/bin/botan keygen >$@.tmp
64 mv $@.tmp $@
65
66ca.crt: ${@:R}.key
67 /usr/local/bin/botan gen_self_signed ${@:R}.key ${@:R} >$@.tmp \
68 --organization=tls-regress --ca
69 mv $@.tmp $@
70
71server.req: ${@:R}.key
72 /usr/local/bin/botan gen_pkcs10 ${@:R}.key localhost >$@.tmp \
73 --organization=tls-regress --dns=127.0.0.1
74 mv $@.tmp $@
75
76server.crt: ca.crt ${@:R}.req
77 /usr/local/bin/botan sign_cert ca.crt ca.key ${@:R}.req >$@.tmp
78 mv $@.tmp $@
79
80.endif # exists(/usr/local/bin/botan)
81
82.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/botan/client.cpp b/src/regress/lib/libssl/interop/botan/client.cpp
deleted file mode 100644
index 2352d7bba2..0000000000
--- a/src/regress/lib/libssl/interop/botan/client.cpp
+++ /dev/null
@@ -1,228 +0,0 @@
1/* $OpenBSD: client.cpp,v 1.1 2020/09/15 01:45:16 bluhm Exp $ */
2/*
3 * Copyright (c) 2019-2020 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <unistd.h>
24
25#include <botan/tls_client.h>
26#include <botan/tls_callbacks.h>
27#include <botan/tls_session_manager.h>
28#include <botan/tls_policy.h>
29#include <botan/auto_rng.h>
30#include <botan/certstor.h>
31
32#include <iostream>
33#include <string>
34using namespace std;
35
36class Callbacks : public Botan::TLS::Callbacks {
37public:
38 Callbacks(int socket) :
39 m_socket(socket)
40 {}
41
42 void print_sockname()
43 {
44 struct sockaddr_storage ss;
45 char host[NI_MAXHOST], port[NI_MAXSERV];
46 socklen_t slen;
47
48 slen = sizeof(ss);
49 if (getsockname(m_socket, (struct sockaddr *)&ss, &slen) == -1)
50 err(1, "getsockname");
51 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
52 sizeof(host), port, sizeof(port),
53 NI_NUMERICHOST | NI_NUMERICSERV))
54 errx(1, "getnameinfo");
55 cout <<"sock: " <<host <<" " <<port <<endl <<flush;
56 }
57
58 void print_peername()
59 {
60 struct sockaddr_storage ss;
61 char host[NI_MAXHOST], port[NI_MAXSERV];
62 socklen_t slen;
63
64 slen = sizeof(ss);
65 if (getpeername(m_socket, (struct sockaddr *)&ss, &slen) == -1)
66 err(1, "getpeername");
67 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
68 sizeof(host), port, sizeof(port),
69 NI_NUMERICHOST | NI_NUMERICSERV))
70 errx(1, "getnameinfo");
71 cout <<"peer: " <<host <<" " <<port <<endl <<flush;
72 }
73
74 void tls_emit_data(const uint8_t data[], size_t size) override
75 {
76 size_t off = 0, len = size;
77
78 while (len > 0) {
79 ssize_t n;
80
81 n = send(m_socket, data + off, len, 0);
82 if (n < 0)
83 err(1, "send");
84 off += n;
85 len -= n;
86 }
87 }
88
89 void tls_record_received(uint64_t seq_no, const uint8_t data[],
90 size_t size) override
91 {
92 cout <<"<<< " <<string((const char *)data, size) <<flush;
93
94 string str("hello\n");
95 cout <<">>> " <<str <<flush;
96 m_channel->send(str);
97 m_channel->close();
98 }
99
100 void tls_alert(Botan::TLS::Alert alert) override
101 {
102 errx(1, "alert: %s", alert.type_string().c_str());
103 }
104
105 bool tls_session_established(const Botan::TLS::Session& session)
106 override
107 {
108 cout <<"established" <<endl <<flush;
109 return false;
110 }
111
112 void set_channel(Botan::TLS::Channel &channel) {
113 m_channel = &channel;
114 }
115
116protected:
117 int m_socket = -1;
118 Botan::TLS::Channel *m_channel = nullptr;
119};
120
121class Credentials : public Botan::Credentials_Manager {
122public:
123 std::vector<Botan::Certificate_Store*> trusted_certificate_authorities(
124 const std::string &type, const std::string &context)
125 override
126 {
127 std::vector<Botan::Certificate_Store*> cs { &m_ca };
128 return cs;
129 }
130
131 void add_certificate_file(const std::string &file) {
132 Botan::X509_Certificate cert(file);
133 m_ca.add_certificate(cert);
134 }
135private:
136 Botan::Certificate_Store_In_Memory m_ca;
137};
138
139class Policy : public Botan::TLS::Strict_Policy {
140public:
141 bool require_cert_revocation_info() const override {
142 return false;
143 }
144};
145
146void __dead
147usage(void)
148{
149 fprintf(stderr, "usage: client [-C CA] host port\n");
150 exit(2);
151}
152
153int
154main(int argc, char *argv[])
155{
156 struct addrinfo hints, *res;
157 int ch, s, error;
158 char buf[256];
159 char *cafile = NULL;
160 char *host, *port;
161
162 while ((ch = getopt(argc, argv, "C:")) != -1) {
163 switch (ch) {
164 case 'C':
165 cafile = optarg;
166 break;
167 default:
168 usage();
169 }
170 }
171 argc -= optind;
172 argv += optind;
173 if (argc == 2) {
174 host = argv[0];
175 port = argv[1];
176 } else {
177 usage();
178 }
179
180 memset(&hints, 0, sizeof(hints));
181 hints.ai_family = AF_INET;
182 hints.ai_socktype = SOCK_STREAM;
183 error = getaddrinfo(host, port, &hints, &res);
184 if (error)
185 errx(1, "getaddrinfo: %s", gai_strerror(error));
186 if (res == NULL)
187 errx(1, "getaddrinfo empty");
188 s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
189 if (s == -1)
190 err(1, "socket");
191 if (connect(s, res->ai_addr, res->ai_addrlen) == -1)
192 err(1, "connect");
193 freeaddrinfo(res);
194
195 {
196 Callbacks callbacks(s);
197 Botan::AutoSeeded_RNG rng;
198 Botan::TLS::Session_Manager_In_Memory session_mgr(rng);
199 Credentials creds;
200 if (cafile != NULL)
201 creds.add_certificate_file(cafile);
202 Policy policy;
203
204 callbacks.print_sockname();
205 callbacks.print_peername();
206 Botan::TLS::Client client(callbacks, session_mgr, creds,
207 policy, rng);
208 callbacks.set_channel(client);
209
210 while (!client.is_closed()) {
211 ssize_t n;
212
213 n = recv(s, buf, sizeof(buf), 0);
214 if (n < 0)
215 err(1, "recv");
216 if (n == 0)
217 errx(1, "eof");
218 client.received_data((uint8_t *)&buf, n);
219 }
220 }
221
222 if (close(s) == -1)
223 err(1, "close");
224
225 cout <<"success" <<endl;
226
227 return 0;
228}
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
deleted file mode 100644
index a8ea88aaa3..0000000000
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ /dev/null
@@ -1,87 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2020/12/17 00:51:11 bluhm Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create client and server certificates
5# that are signed by a CA and not signed by a fake CA. Try all
6# combinations with, without, and with wrong CA for client and server
7# and check the result of certificate verification.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl)
11LIBRARIES += openssl
12.endif
13.if exists(/usr/local/bin/eopenssl11)
14LIBRARIES += openssl11
15.endif
16
17.for cca in noca ca fakeca
18.for sca in noca ca fakeca
19.for ccert in nocert cert
20.for scert in nocert cert
21.for cv in noverify verify
22.for sv in noverify verify certverify
23
24# remember when certificate verification should fail
25.if (("${cv}" == verify && "${cca}" == ca && "${scert}" == cert) || \
26 "${cv}" == noverify) && \
27 (("${sv}" == verify && "${ccert}" == nocert) || \
28 ("${sv}" == verify && "${sca}" == ca && "${ccert}" == cert) || \
29 ("${sv}" == certverify && "${sca}" == ca && "${ccert}" == cert) || \
30 "${sv}" == noverify)
31FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
32.else
33FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
34.endif
35
36.for clib in ${LIBRARIES}
37.for slib in ${LIBRARIES}
38
39.if ("${clib}" == "libressl" || "${slib}" == "libressl")
40REGRESS_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
41.else
42REGRESS_SLOW_TARGETS += run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
43.endif
44
45run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
46 127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
47 ../${clib}/client ../${slib}/server
48 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
49 ../${slib}/server >${@:S/^run/server/}.out \
50 ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
51 ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
52 ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
53 127.0.0.1 0
54 ${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
55 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
56 ../${clib}/client >${@:S/^run/client/}.out \
57 ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
58 ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
59 ${cv:S/^noverify//:S/^verify/-v/} \
60 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
61.if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
62 grep '^success$$' ${@:S/^run/server/}.out || \
63 { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
64 grep '^success$$' ${@:S/^run/client/}.out
65.elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
66 ("${cv}" == verify && "${scert}" != cert)
67 grep '^verify: fail' ${@:S/^run/client/}.out ${@:S/^run/server/}.out
68.endif
69
70.endfor
71.endfor
72.endfor
73.endfor
74.endfor
75.endfor
76.endfor
77.endfor
78
79# argument list too long for a single rm *
80
81clean: _SUBDIRUSE
82 rm -f client-*.out
83 rm -f server-*.out
84 rm -f a.out [Ee]rrs mklog *.core y.tab.h \
85 ${PROG} ${PROGS} ${OBJS} ${_LEXINTM} ${_YACCINTM} ${CLEANFILES}
86
87.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
deleted file mode 100644
index c88309962d..0000000000
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ /dev/null
@@ -1,170 +0,0 @@
1# $OpenBSD: Makefile,v 1.7 2020/12/17 00:51:11 bluhm Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Create lists of supported ciphers
5# and pin client and server to one of the ciphers. Use server
6# certificate with compatible type. Check that client and server
7# have used correct cipher by grepping in their session print out.
8
9run-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
10run-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl \
11client-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
12client-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
13server-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl.out \
14server-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl.out \
15check-cipher-GOST2001-GOST89-GOST89-client-libressl-server-libressl \
16check-cipher-GOST2012256-GOST89-GOST89-client-libressl-server-libressl:
17 # gost does not work with libressl TLS 1.3 right now
18 @echo DISABLED
19
20LIBRARIES = libressl
21.if exists(/usr/local/bin/eopenssl)
22LIBRARIES += openssl
23.endif
24.if exists(/usr/local/bin/eopenssl11)
25LIBRARIES += openssl11
26.endif
27
28CLEANFILES = *.tmp *.ciphers ciphers.mk
29
30.for clib in ${LIBRARIES}
31client-${clib}.ciphers:
32 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
33 ../${clib}/client -l ALL -L >$@.tmp
34 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
35 rm $@.tmp
36.endfor
37.for slib in ${LIBRARIES}
38server-${slib}.ciphers: 127.0.0.1.crt dsa.crt ec.crt rsa.crt
39 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
40 ../${slib}/server -l ALL -L >$@.tmp
41 sed -n 's/^cipher //p' <$@.tmp | sort -u >$@
42 rm $@.tmp
43.endfor
44
45.for clib in ${LIBRARIES}
46.for slib in ${LIBRARIES}
47ciphers.mk: client-${clib}-server-${slib}.ciphers
48client-${clib}-server-${slib}.ciphers: \
49 client-${clib}.ciphers server-${slib}.ciphers client-libressl.ciphers
50 # get ciphers shared between client and server
51 sort client-${clib}.ciphers server-${slib}.ciphers >$@.tmp
52 uniq -d <$@.tmp >$@
53 # we are only interested in ciphers supported by libressl
54 sort $@ client-libressl.ciphers >$@.tmp
55 uniq -d <$@.tmp >$@
56 rm $@.tmp
57.endfor
58.endfor
59
60ciphers.mk:
61 rm -f $@ $@.tmp
62.for clib in ${LIBRARIES}
63.for slib in ${LIBRARIES}
64 echo 'CIPHERS_${clib}_${slib} =' >>$@.tmp \
65 `cat client-${clib}-server-${slib}.ciphers`
66.endfor
67.endfor
68 mv $@.tmp $@
69
70# hack to convert generated lists into usable make variables
71.if exists(ciphers.mk)
72.include "ciphers.mk"
73.else
74regress: ciphers.mk
75 ${MAKE} -C ${.CURDIR} regress
76.endif
77
78LEVEL_libressl =
79LEVEL_openssl =
80LEVEL_openssl11 = ,@SECLEVEL=0
81
82.for clib in ${LIBRARIES}
83.for slib in ${LIBRARIES}
84.for cipher in ${CIPHERS_${clib}_${slib}}
85
86.if "${cipher:M*-DSS-*}" != ""
87TYPE_${cipher} = dsa
88.elif "${cipher:M*-ECDSA-*}" != ""
89TYPE_${cipher} = ec
90.elif "${cipher:M*-GOST89-*}" != ""
91TYPE_${cipher} = gost
92.elif "${cipher:M*-RSA-*}" != ""
93TYPE_${cipher} = rsa
94.else
95TYPE_${cipher} = 127.0.0.1
96.endif
97
98.if "${slib}" == "openssl" && \
99 "${cipher:MADH-*}${cipher:MEDH-*}${cipher:MDHE-*}" != ""
100DHPARAM_${cipher}_${slib} = -p dh.param
101.else
102DHPARAM_${cipher}_${slib} =
103.endif
104
105.if ("${clib}" == "libressl" || "${slib}" == "libressl")
106REGRESS_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
107.else
108REGRESS_SLOW_TARGETS += run-cipher-${cipher}-client-${clib}-server-${slib}
109.endif
110run-cipher-${cipher}-client-${clib}-server-${slib} \
111client-cipher-${cipher}-client-${clib}-server-${slib}.out \
112server-cipher-${cipher}-client-${clib}-server-${slib}.out: dh.param \
113 127.0.0.1.crt ${TYPE_${cipher}}.crt ../${clib}/client ../${slib}/server
114 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
115 ../${slib}/server >${@:S/^run/server/}.out \
116 -c ${TYPE_${cipher}}.crt -k ${TYPE_${cipher}}.key \
117 -l ${cipher}${LEVEL_${slib}} ${DHPARAM_${cipher}_${slib}} \
118 127.0.0.1 0
119 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
120 ../${clib}/client >${@:S/^run/client/}.out \
121 -l ${cipher}${LEVEL_${clib}} \
122 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
123 grep -q '^success$$' ${@:S/^run/server/}.out || \
124 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
125 grep -q '^success$$' ${@:S/^run/client/}.out
126
127.if ("${clib}" == "libressl" || "${slib}" == "libressl")
128REGRESS_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
129.else
130REGRESS_SLOW_TARGETS += check-cipher-${cipher}-client-${clib}-server-${slib}
131.endif
132check-cipher-${cipher}-client-${clib}-server-${slib}: \
133 client-cipher-${cipher}-client-${clib}-server-${slib}.out \
134 server-cipher-${cipher}-client-${clib}-server-${slib}.out
135.if "${clib}" != "openssl" && "${slib}" != "openssl" && \
136 "${cipher:C/AEAD-(AES.*-GCM|CHACHA.*-POLY.*)-SHA.*/TLS1_3/}" != TLS1_3
137 # client and server 1.3 capable, not TLS 1.3 cipher
138. if "${clib}" == "libressl"
139 # libressl client may prefer chacha-poly if aes-ni is not supported
140 egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/client/}.out
141. else
142 # openssl 1.1 generic client cipher
143 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/client/}.out
144. endif
145. if "${clib}" == "libressl"
146 # libressl client may prefer chacha-poly if aes-ni is not supported
147. if "${slib}" == "openssl11"
148 egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
149. else
150 egrep -q ' Cipher *: AEAD-(AES256-GCM-SHA384|CHACHA20-POLY1305-SHA256)$$' ${@:S/^check/server/}.out
151. endif
152. else
153. if "${slib}" == "openssl11"
154 # openssl 1.1 generic server cipher
155 grep -q ' Cipher *: TLS_AES_256_GCM_SHA384$$' ${@:S/^check/server/}.out
156. else
157 # libressl generic server cipher
158 grep -q ' Cipher *: AEAD-AES256-GCM-SHA384$$' ${@:S/^check/server/}.out
159. endif
160. endif
161.else
162 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/client/}.out
163 grep -q ' Cipher *: ${cipher}$$' ${@:S/^check/server/}.out
164.endif
165
166.endfor
167.endfor
168.endfor
169
170.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
deleted file mode 100644
index a8e66c2876..0000000000
--- a/src/regress/lib/libssl/interop/client.c
+++ /dev/null
@@ -1,273 +0,0 @@
1/* $OpenBSD: client.c,v 1.10 2020/09/14 00:51:04 bluhm Exp $ */
2/*
3 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24#include <string.h>
25#include <unistd.h>
26
27#include <openssl/err.h>
28#include <openssl/ssl.h>
29
30#include "util.h"
31
32void __dead usage(void);
33
34void __dead
35usage(void)
36{
37 fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
38 "[-l ciphers] [-V version] host port\n");
39 exit(2);
40}
41
42int
43main(int argc, char *argv[])
44{
45 const SSL_METHOD *method;
46 SSL_CTX *ctx;
47 SSL *ssl;
48 BIO *bio;
49 SSL_SESSION *session = NULL;
50 int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
51 int version = 0;
52 char buf[256];
53 char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
54 char *host_port, *host = "127.0.0.1", *port = "0";
55
56 while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
57 switch (ch) {
58 case 'C':
59 ca = optarg;
60 break;
61 case 'c':
62 crt = optarg;
63 break;
64 case 'k':
65 key = optarg;
66 break;
67 case 'L':
68 listciphers = 1;
69 break;
70 case 'l':
71 ciphers = optarg;
72 break;
73 case 's':
74 /* multiple reueses are possible */
75 sessionreuse++;
76 break;
77 case 'V':
78 if (strcmp(optarg, "TLS1") == 0) {
79 version = TLS1_VERSION;
80 } else if (strcmp(optarg, "TLS1_1") == 0) {
81 version = TLS1_1_VERSION;
82 } else if (strcmp(optarg, "TLS1_2") == 0) {
83 version = TLS1_2_VERSION;
84#ifdef TLS1_3_VERSION
85 } else if (strcmp(optarg, "TLS1_3") == 0) {
86 version = TLS1_3_VERSION;
87#endif
88 } else {
89 errx(1, "unknown protocol version: %s", optarg);
90 }
91 break;
92 case 'v':
93 verify = 1;
94 break;
95 default:
96 usage();
97 }
98 }
99 argc -= optind;
100 argv += optind;
101 if (argc == 2) {
102 host = argv[0];
103 port = argv[1];
104 } else if (!listciphers) {
105 usage();
106 }
107 if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
108 host, port) == -1)
109 err(1, "asprintf host port");
110 if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
111 errx(1, "certificate and private key must be used together");
112
113 SSL_library_init();
114 SSL_load_error_strings();
115 print_version();
116
117 /* setup method and context */
118#if OPENSSL_VERSION_NUMBER >= 0x1010000f
119 method = TLS_client_method();
120 if (method == NULL)
121 err_ssl(1, "TLS_client_method");
122#else
123 switch (version) {
124 case TLS1_VERSION:
125 method = TLSv1_client_method();
126 break;
127 case TLS1_1_VERSION:
128 method = TLSv1_1_client_method();
129 break;
130 case TLS1_2_VERSION:
131 method = TLSv1_2_client_method();
132 break;
133#ifdef TLS1_3_VERSION
134 case TLS1_3_VERSION:
135 err(1, "TLS1_3 not supported");
136#endif
137 default:
138 method = SSLv23_client_method();
139 break;
140 }
141 if (method == NULL)
142 err_ssl(1, "SSLv23_client_method");
143#endif
144 ctx = SSL_CTX_new(method);
145 if (ctx == NULL)
146 err_ssl(1, "SSL_CTX_new");
147
148#if OPENSSL_VERSION_NUMBER >= 0x1010000f
149 if (version) {
150 if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
151 err_ssl(1, "SSL_CTX_set_min_proto_version");
152 if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
153 err_ssl(1, "SSL_CTX_set_max_proto_version");
154 }
155#endif
156
157 /* load client certificate */
158 if (crt != NULL) {
159 if (SSL_CTX_use_certificate_file(ctx, crt,
160 SSL_FILETYPE_PEM) <= 0)
161 err_ssl(1, "SSL_CTX_use_certificate_file");
162 if (SSL_CTX_use_PrivateKey_file(ctx, key,
163 SSL_FILETYPE_PEM) <= 0)
164 err_ssl(1, "SSL_CTX_use_PrivateKey_file");
165 if (SSL_CTX_check_private_key(ctx) <= 0)
166 err_ssl(1, "SSL_CTX_check_private_key");
167 }
168
169 /* verify server certificate */
170 if (ca != NULL) {
171 if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
172 err_ssl(1, "SSL_CTX_load_verify_locations");
173 }
174 SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
175 verify_callback);
176
177 if (sessionreuse) {
178 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
179 }
180
181 if (ciphers) {
182 if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
183 err_ssl(1, "SSL_CTX_set_cipher_list");
184 }
185
186 if (listciphers) {
187 ssl = SSL_new(ctx);
188 if (ssl == NULL)
189 err_ssl(1, "SSL_new");
190 print_ciphers(SSL_get_ciphers(ssl));
191 return 0;
192 }
193
194 do {
195 /* setup bio for socket operations */
196 bio = BIO_new_connect(host_port);
197 if (bio == NULL)
198 err_ssl(1, "BIO_new_connect");
199
200 /* connect */
201 if (BIO_do_connect(bio) <= 0)
202 err_ssl(1, "BIO_do_connect");
203 printf("connect ");
204 print_sockname(bio);
205 printf("connect ");
206 print_peername(bio);
207
208 /* do ssl client handshake */
209 ssl = SSL_new(ctx);
210 if (ssl == NULL)
211 err_ssl(1, "SSL_new");
212 SSL_set_bio(ssl, bio, bio);
213 /* resuse session if possible */
214 if (session != NULL) {
215 if (SSL_set_session(ssl, session) <= 0)
216 err_ssl(1, "SSL_set_session");
217 }
218 if ((error = SSL_connect(ssl)) <= 0)
219 err_ssl(1, "SSL_connect %d", error);
220 printf("session %d: %s\n", sessionreuse,
221 SSL_session_reused(ssl) ? "reuse" : "new");
222 if (fflush(stdout) != 0)
223 err(1, "fflush stdout");
224
225 /* print session statistics */
226 if (sessionreuse) {
227 session = SSL_get1_session(ssl);
228 if (session == NULL)
229 err_ssl(1, "SSL1_get_session");
230 } else {
231 session = SSL_get_session(ssl);
232 if (session == NULL)
233 err_ssl(1, "SSL_get_session");
234 }
235 if (SSL_SESSION_print_fp(stdout, session) <= 0)
236 err_ssl(1, "SSL_SESSION_print_fp");
237
238 /* read server greeting and write client hello over TLS */
239 if ((error = SSL_read(ssl, buf, 9)) <= 0)
240 err_ssl(1, "SSL_read %d", error);
241 if (error != 9)
242 errx(1, "read not 9 bytes greeting: %d", error);
243 buf[9] = '\0';
244 printf("<<< %s", buf);
245 if (fflush(stdout) != 0)
246 err(1, "fflush stdout");
247 strlcpy(buf, "hello\n", sizeof(buf));
248 printf(">>> %s", buf);
249 if (fflush(stdout) != 0)
250 err(1, "fflush stdout");
251 if ((error = SSL_write(ssl, buf, 6)) <= 0)
252 err_ssl(1, "SSL_write %d", error);
253 if (error != 6)
254 errx(1, "write not 6 bytes hello: %d", error);
255
256 /* shutdown connection */
257 if ((error = SSL_shutdown(ssl)) < 0)
258 err_ssl(1, "SSL_shutdown unidirectional %d", error);
259 if (error <= 0) {
260 if ((error = SSL_shutdown(ssl)) <= 0)
261 err_ssl(1, "SSL_shutdown bidirectional %d",
262 error);
263 }
264
265 SSL_free(ssl);
266 } while (sessionreuse--);
267
268 SSL_CTX_free(ctx);
269
270 printf("success\n");
271
272 return 0;
273}
diff --git a/src/regress/lib/libssl/interop/libressl/Makefile b/src/regress/lib/libssl/interop/libressl/Makefile
deleted file mode 100644
index d8e20ca122..0000000000
--- a/src/regress/lib/libssl/interop/libressl/Makefile
+++ /dev/null
@@ -1,34 +0,0 @@
1# $OpenBSD: Makefile,v 1.9 2020/12/25 10:50:08 tb Exp $
2
3PROGS = client server
4CFLAGS += -DLIBRESSL_HAS_TLS1_3
5CPPFLAGS +=
6LDFLAGS +=
7LDADD += -lssl -lcrypto
8DPADD += ${LIBSSL} ${LIBCRYPTO}
9LD_LIBRARY_PATH =
10REGRESS_TARGETS = run-self-client-server
11.for p in ${PROGS}
12REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
13.endfor
14
15.for p in ${PROGS}
16
17run-ldd-$p: ldd-$p.out
18 # check that $p is linked with LibreSSL
19 grep -q /usr/lib/libcrypto.so ldd-$p.out
20 grep -q /usr/lib/libssl.so ldd-$p.out
21 # check that $p is not linked with OpenSSL
22 ! grep /usr/local/lib/ ldd-$p.out
23
24run-version-$p: $p-self.out
25 # check that runtime version is LibreSSL
26 grep 'SSLEAY_VERSION: LibreSSL' $p-self.out
27
28run-protocol-$p: $p-self.out
29 # check that LibreSSL protocol version is TLS 1.3
30 grep 'Protocol *: TLSv1.3' $p-self.out
31
32.endfor
33
34.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
deleted file mode 100644
index f337d4aae8..0000000000
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ /dev/null
@@ -1,84 +0,0 @@
1# $OpenBSD: Makefile,v 1.5 2020/12/17 00:51:11 bluhm Exp $
2
3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl)
5LIBRARIES += openssl
6.endif
7.if exists(/usr/local/bin/eopenssl11)
8LIBRARIES += openssl11
9.endif
10
11# run netcat server and connect with test client
12
13.for clib in ${LIBRARIES}
14
15REGRESS_TARGETS += run-netcat-client-${clib}-server-nc
16REGRESS_TARGETS += run-protocol-client-${clib}
17
18run-netcat-client-${clib}-server-nc: ../${clib}/client 127.0.0.1.crt
19 echo "greeting" | \
20 nc >${@:S/^run/server/}.out \
21 -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
22 127.0.0.1 0 & \
23 for i in `jot 1000`; do fstat -p $$! >netcat.fstat; \
24 grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat.fstat && \
25 exit 0; done; exit 1
26 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
27 ../${clib}/client >${@:S/^run/client/}.out \
28 `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat.fstat`
29 # check that the client run successfully to the end
30 grep -q '^success$$' ${@:S/^run/client/}.out
31 # client must have read server greeting
32 grep -q '^<<< greeting$$' ${@:S/^run/client/}.out
33 # netstat server must have read client hello
34 grep -q '^hello$$' ${@:S/^run/server/}.out
35
36.endfor
37
38# run test server and connect with netcat client
39
40.for slib in ${LIBRARIES}
41
42REGRESS_TARGETS += run-netcat-client-nc-server-${slib}
43
44run-netcat-client-nc-server-${slib}: ../${slib}/server 127.0.0.1.crt
45 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
46 ../${slib}/server >${@:S/^run/server/}.out \
47 127.0.0.1 0
48 echo "hello" | \
49 nc >${@:S/^run/client/}.out \
50 -c -R 127.0.0.1.crt \
51 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
52 # check that the server child run successfully to the end
53 grep -q '^success$$' ${@:S/^run/server/}.out || \
54 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
55 # server must have read client hello
56 grep -q '^<<< hello$$' ${@:S/^run/server/}.out
57 # client must have read server greeting
58 grep -q '^greeting$$' ${@:S/^run/client/}.out
59
60.endfor
61
62# check the TLS protocol version in client and server logs
63
64.for clib in ${LIBRARIES}
65
66REGRESS_TARGETS += run-protocol-client-${clib}
67
68run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out
69 # check that LibTLS protocol version is TLS 1.2 or TLS 1.3
70 grep 'Protocol *: TLSv1.[23]' client-netcat-client-${clib}-server-nc.out
71
72.endfor
73
74.for slib in ${LIBRARIES}
75
76REGRESS_TARGETS += run-protocol-server-${slib}
77
78run-protocol-server-${slib}: server-netcat-client-nc-server-${slib}.out
79 # check that LibTLS protocol version is TLS 1.2 or TLS 1.3
80 grep 'Protocol *: TLSv1.[23]' server-netcat-client-nc-server-${slib}.out
81
82.endfor
83
84.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl/Makefile b/src/regress/lib/libssl/interop/openssl/Makefile
deleted file mode 100644
index 181d35aa02..0000000000
--- a/src/regress/lib/libssl/interop/openssl/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
1# $OpenBSD: Makefile,v 1.8 2020/12/17 00:51:11 bluhm Exp $
2
3.if ! exists(/usr/local/bin/eopenssl)
4regress:
5 # install openssl-1.0.2 from ports for interop tests
6 @echo SKIPPED
7.else
8
9PROGS = client server
10CPPFLAGS = -I /usr/local/include/eopenssl
11LDFLAGS = -L /usr/local/lib/eopenssl
12LDADD = -lssl -lcrypto
13DPADD = /usr/local/lib/eopenssl/libssl.a \
14 /usr/local/lib/eopenssl/libcrypto.a
15LD_LIBRARY_PATH = /usr/local/lib/eopenssl
16REGRESS_TARGETS = run-self-client-server
17.for p in ${PROGS}
18REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
19.endfor
20
21.for p in ${PROGS}
22
23run-ldd-$p: ldd-$p.out
24 # check that $p is linked with OpenSSL
25 grep -q /usr/local/lib/eopenssl/libcrypto.so ldd-$p.out
26 grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out
27 # check that $p is not linked with LibreSSL
28 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
29
30run-version-$p: $p-self.out
31 # check that runtime version is OpenSSL 1.0.2
32 grep 'SSLEAY_VERSION: OpenSSL 1.0.2' $p-self.out
33
34run-protocol-$p: $p-self.out
35 # check that OpenSSL 1.0.2 protocol version is TLS 1.2
36 grep 'Protocol *: TLSv1.2' $p-self.out
37
38.endfor
39
40.endif # exists(/usr/local/bin/eopenssl)
41
42.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile
deleted file mode 100644
index 32fd611ae4..0000000000
--- a/src/regress/lib/libssl/interop/openssl11/Makefile
+++ /dev/null
@@ -1,42 +0,0 @@
1# $OpenBSD: Makefile,v 1.7 2020/12/17 00:51:11 bluhm Exp $
2
3.if ! exists(/usr/local/bin/eopenssl11)
4regress:
5 # install openssl-1.1 from ports for interop tests
6 @echo SKIPPED
7.else
8
9PROGS = client server
10CPPFLAGS = -I /usr/local/include/eopenssl11
11LDFLAGS = -L /usr/local/lib/eopenssl11
12LDADD = -lssl -lcrypto
13DPADD = /usr/local/lib/eopenssl11/libssl.a \
14 /usr/local/lib/eopenssl11/libcrypto.a
15LD_LIBRARY_PATH = /usr/local/lib/eopenssl11
16REGRESS_TARGETS = run-self-client-server
17.for p in ${PROGS}
18REGRESS_TARGETS += run-ldd-$p run-version-$p run-protocol-$p
19.endfor
20
21.for p in ${PROGS}
22
23run-ldd-$p: ldd-$p.out
24 # check that $p is linked with OpenSSL 1.1
25 grep -q /usr/local/lib/eopenssl11/libcrypto.so ldd-$p.out
26 grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
27 # check that $p is not linked with LibreSSL
28 ! grep -v libc.so ldd-$p.out | grep /usr/lib/
29
30run-version-$p: $p-self.out
31 # check that runtime version is OpenSSL 1.1
32 grep 'SSLEAY_VERSION: OpenSSL 1.1' $p-self.out
33
34run-protocol-$p: $p-self.out
35 # check that OpenSSL 1.1 protocol version is TLS 1.3
36 grep 'Protocol *: TLSv1.3' $p-self.out
37
38.endfor
39
40.endif # exists(/usr/local/bin/eopenssl11)
41
42.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
deleted file mode 100644
index 68e277a87b..0000000000
--- a/src/regress/lib/libssl/interop/server.c
+++ /dev/null
@@ -1,320 +0,0 @@
1/* $OpenBSD: server.c,v 1.10 2021/07/06 11:50:34 bluhm Exp $ */
2/*
3 * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24#include <stdlib.h>
25#include <string.h>
26#include <unistd.h>
27
28#include <openssl/err.h>
29#include <openssl/ssl.h>
30
31#include "util.h"
32
33void __dead usage(void);
34
35void __dead
36usage(void)
37{
38 fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39 "[-l ciphers] [-p dhparam] [-V version] [host port]\n");
40 exit(2);
41}
42
43int
44main(int argc, char *argv[])
45{
46 const SSL_METHOD *method;
47 SSL_CTX *ctx;
48 SSL *ssl;
49 BIO *abio, *cbio;
50 SSL_SESSION *session;
51 int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
52 int version = 0;
53 char buf[256], *dhparam = NULL;
54 char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
55 char *host_port, *host = "127.0.0.1", *port = "0";
56
57 while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
58 switch (ch) {
59 case 'C':
60 ca = optarg;
61 break;
62 case 'c':
63 crt = optarg;
64 break;
65 case 'k':
66 key = optarg;
67 break;
68 case 'L':
69 listciphers = 1;
70 break;
71 case 'l':
72 ciphers = optarg;
73 break;
74 case 'p':
75 dhparam = optarg;
76 break;
77 case 's':
78 /* multiple reueses are possible */
79 sessionreuse++;
80 break;
81 case 'V':
82 if (strcmp(optarg, "TLS1") == 0) {
83 version = TLS1_VERSION;
84 } else if (strcmp(optarg, "TLS1_1") == 0) {
85 version = TLS1_1_VERSION;
86 } else if (strcmp(optarg, "TLS1_2") == 0) {
87 version = TLS1_2_VERSION;
88#ifdef TLS1_3_VERSION
89 } else if (strcmp(optarg, "TLS1_3") == 0) {
90 version = TLS1_3_VERSION;
91#endif
92 } else {
93 errx(1, "unknown protocol version: %s", optarg);
94 }
95 break;
96 case 'v':
97 /* use twice to force client cert */
98 verify++;
99 break;
100 default:
101 usage();
102 }
103 }
104 argc -= optind;
105 argv += optind;
106 if (argc == 2) {
107 host = argv[0];
108 port = argv[1];
109 } else if (argc != 0 && !listciphers) {
110 usage();
111 }
112 if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
113 host, port) == -1)
114 err(1, "asprintf host port");
115 if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
116 errx(1, "certificate and private key must be used together");
117 if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
118 err(1, "asprintf crt");
119 if (key == NULL && asprintf(&key, "%s.key", host) == -1)
120 err(1, "asprintf key");
121
122 SSL_library_init();
123 SSL_load_error_strings();
124 print_version();
125
126 /* setup method and context */
127#if OPENSSL_VERSION_NUMBER >= 0x1010000f
128 method = TLS_server_method();
129 if (method == NULL)
130 err_ssl(1, "TLS_server_method");
131#else
132 switch (version) {
133 case TLS1_VERSION:
134 method = TLSv1_server_method();
135 break;
136 case TLS1_1_VERSION:
137 method = TLSv1_1_server_method();
138 break;
139 case TLS1_2_VERSION:
140 method = TLSv1_2_server_method();
141 break;
142#ifdef TLS1_3_VERSION
143 case TLS1_3_VERSION:
144 err(1, "TLS1_3 not supported");
145#endif
146 default:
147 method = SSLv23_server_method();
148 break;
149 }
150 if (method == NULL)
151 err_ssl(1, "SSLv23_server_method");
152#endif
153 ctx = SSL_CTX_new(method);
154 if (ctx == NULL)
155 err_ssl(1, "SSL_CTX_new");
156
157#if OPENSSL_VERSION_NUMBER >= 0x1010000f
158 if (version) {
159 if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
160 err_ssl(1, "SSL_CTX_set_min_proto_version");
161 if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
162 err_ssl(1, "SSL_CTX_set_max_proto_version");
163 }
164#endif
165
166#if OPENSSL_VERSION_NUMBER >= 0x10100000
167 /* needed to use DHE cipher with libressl */
168 if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
169 err_ssl(1, "SSL_CTX_set_dh_auto");
170#endif
171 /* needed to use ADH, EDH, DHE cipher with openssl */
172 if (dhparam != NULL) {
173 DH *dh;
174 FILE *file;
175
176 file = fopen(dhparam, "r");
177 if (file == NULL)
178 err(1, "fopen %s", dhparam);
179 dh = PEM_read_DHparams(file, NULL, NULL, NULL);
180 if (dh == NULL)
181 err_ssl(1, "PEM_read_DHparams");
182 if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
183 err_ssl(1, "SSL_CTX_set_tmp_dh");
184 fclose(file);
185 }
186
187 /* needed when linking with OpenSSL 1.0.2p */
188 if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
189 err_ssl(1, "SSL_CTX_set_ecdh_auto");
190
191 /* load server certificate */
192 if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
193 err_ssl(1, "SSL_CTX_use_certificate_file");
194 if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
195 err_ssl(1, "SSL_CTX_use_PrivateKey_file");
196 if (SSL_CTX_check_private_key(ctx) <= 0)
197 err_ssl(1, "SSL_CTX_check_private_key");
198
199 /* request client certificate and verify it */
200 if (ca != NULL) {
201 STACK_OF(X509_NAME) *x509stack;
202
203 x509stack = SSL_load_client_CA_file(ca);
204 if (x509stack == NULL)
205 err_ssl(1, "SSL_load_client_CA_file");
206 SSL_CTX_set_client_CA_list(ctx, x509stack);
207 if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
208 err_ssl(1, "SSL_CTX_load_verify_locations");
209 }
210 SSL_CTX_set_verify(ctx,
211 verify == 0 ? SSL_VERIFY_NONE :
212 verify == 1 ? SSL_VERIFY_PEER :
213 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
214 verify_callback);
215
216 if (sessionreuse) {
217 uint32_t context;
218
219 SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
220 context = arc4random();
221 if (SSL_CTX_set_session_id_context(ctx,
222 (unsigned char *)&context, sizeof(context)) <= 0)
223 err_ssl(1, "SSL_CTX_set_session_id_context");
224 }
225
226 if (ciphers) {
227 if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
228 err_ssl(1, "SSL_CTX_set_cipher_list");
229 }
230
231 if (listciphers) {
232 ssl = SSL_new(ctx);
233 if (ssl == NULL)
234 err_ssl(1, "SSL_new");
235 print_ciphers(SSL_get_ciphers(ssl));
236 return 0;
237 }
238
239 /* setup bio for socket operations */
240 abio = BIO_new_accept(host_port);
241 if (abio == NULL)
242 err_ssl(1, "BIO_new_accept");
243
244 /* bind, listen */
245 if (BIO_do_accept(abio) <= 0)
246 err_ssl(1, "BIO_do_accept setup");
247 printf("listen ");
248 print_sockname(abio);
249
250 /* fork to background and set timeout */
251 if (daemon(1, 1) == -1)
252 err(1, "daemon");
253 alarm(10);
254
255 do {
256 /* accept connection */
257 if (BIO_do_accept(abio) <= 0)
258 err_ssl(1, "BIO_do_accept wait");
259 cbio = BIO_pop(abio);
260 printf("accept ");
261 print_sockname(cbio);
262 printf("accept ");
263 print_peername(cbio);
264
265 /* do ssl server handshake */
266 ssl = SSL_new(ctx);
267 if (ssl == NULL)
268 err_ssl(1, "SSL_new");
269 SSL_set_bio(ssl, cbio, cbio);
270 if ((error = SSL_accept(ssl)) <= 0)
271 err_ssl(1, "SSL_accept %d", error);
272 printf("session %d: %s\n", sessionreuse,
273 SSL_session_reused(ssl) ? "reuse" : "new");
274 if (fflush(stdout) != 0)
275 err(1, "fflush stdout");
276
277
278 /* print session statistics */
279 session = SSL_get_session(ssl);
280 if (session == NULL)
281 err_ssl(1, "SSL_get_session");
282 if (SSL_SESSION_print_fp(stdout, session) <= 0)
283 err_ssl(1, "SSL_SESSION_print_fp");
284
285 /* write server greeting and read client hello over TLS */
286 strlcpy(buf, "greeting\n", sizeof(buf));
287 printf(">>> %s", buf);
288 if (fflush(stdout) != 0)
289 err(1, "fflush stdout");
290 if ((error = SSL_write(ssl, buf, 9)) <= 0)
291 err_ssl(1, "SSL_write %d", error);
292 if (error != 9)
293 errx(1, "write not 9 bytes greeting: %d", error);
294 if ((error = SSL_read(ssl, buf, 6)) <= 0)
295 err_ssl(1, "SSL_read %d", error);
296 if (error != 6)
297 errx(1, "read not 6 bytes hello: %d", error);
298 buf[6] = '\0';
299 printf("<<< %s", buf);
300 if (fflush(stdout) != 0)
301 err(1, "fflush stdout");
302
303 /* shutdown connection */
304 if ((error = SSL_shutdown(ssl)) < 0)
305 err_ssl(1, "SSL_shutdown unidirectional %d", error);
306 if (error <= 0) {
307 if ((error = SSL_shutdown(ssl)) <= 0)
308 err_ssl(1, "SSL_shutdown bidirectional %d",
309 error);
310 }
311
312 SSL_free(ssl);
313 } while (sessionreuse--);
314
315 SSL_CTX_free(ctx);
316
317 printf("success\n");
318
319 return 0;
320}
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
deleted file mode 100644
index 12d3eb2af7..0000000000
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ /dev/null
@@ -1,46 +0,0 @@
1# $OpenBSD: Makefile,v 1.6 2020/12/17 00:51:11 bluhm Exp $
2
3LIBRARIES = libressl
4.if exists(/usr/local/bin/eopenssl)
5LIBRARIES += openssl
6.endif
7.if exists(/usr/local/bin/eopenssl11)
8LIBRARIES += openssl11
9.endif
10
11run-session-client-libressl-server-libressl \
12run-session-client-libressl-server-openssl11 \
13run-session-client-openssl11-server-libressl \
14run-session-client-openssl11-server-openssl11:
15 # TLS 1.3 needs some extra setup for session reuse
16 @echo DISABLED
17
18.for clib in ${LIBRARIES}
19.for slib in ${LIBRARIES}
20
21REGRESS_TARGETS += run-session-client-${clib}-server-${slib}
22
23run-session-client-${clib}-server-${slib}: \
24 127.0.0.1.crt ../${clib}/client ../${slib}/server
25 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
26 ../${slib}/server >${@:S/^run/server/}.out \
27 -ss \
28 127.0.0.1 0
29 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
30 ../${clib}/client >${@:S/^run/client/}.out \
31 -ss \
32 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
33 grep '^success$$' ${@:S/^run/server/}.out || \
34 { sleep 1; grep '^success$$' ${@:S/^run/server/}.out; }
35 grep '^success$$' ${@:S/^run/client/}.out
36 grep '^session 2: new$$' ${@:S/^run/server/}.out
37 grep '^session 2: new$$' ${@:S/^run/client/}.out
38 grep '^session 1: reuse$$' ${@:S/^run/server/}.out
39 grep '^session 1: reuse$$' ${@:S/^run/client/}.out
40 grep '^session 0: reuse$$' ${@:S/^run/server/}.out
41 grep '^session 0: reuse$$' ${@:S/^run/client/}.out
42
43.endfor
44.endfor
45
46.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/util.c b/src/regress/lib/libssl/interop/util.c
deleted file mode 100644
index 5190e81828..0000000000
--- a/src/regress/lib/libssl/interop/util.c
+++ /dev/null
@@ -1,145 +0,0 @@
1/* $OpenBSD: util.c,v 1.3 2018/11/09 06:30:41 bluhm Exp $ */
2/*
3 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <sys/types.h>
19#include <sys/socket.h>
20
21#include <err.h>
22#include <netdb.h>
23#include <stdio.h>
24
25#include <openssl/err.h>
26#include <openssl/ssl.h>
27#include <openssl/opensslv.h>
28#include <openssl/crypto.h>
29
30#include "util.h"
31
32void
33print_version(void)
34{
35#ifdef OPENSSL_VERSION_NUMBER
36 printf("OPENSSL_VERSION_NUMBER: %#08lx\n", OPENSSL_VERSION_NUMBER);
37#endif
38#ifdef LIBRESSL_VERSION_NUMBER
39 printf("LIBRESSL_VERSION_NUMBER: %#08lx\n", LIBRESSL_VERSION_NUMBER);
40#endif
41#ifdef LIBRESSL_VERSION_TEXT
42 printf("LIBRESSL_VERSION_TEXT: %s\n", LIBRESSL_VERSION_TEXT);
43#endif
44#if OPENSSL_VERSION_NUMBER >= 0x1010000f
45 printf("OpenSSL_version_num: %#08lx\n", OpenSSL_version_num());
46 printf("OpenSSL_version OPENSSL_VERSION: %s\n",
47 OpenSSL_version(OPENSSL_VERSION));
48 printf("OpenSSL_version OPENSSL_CFLAGS: %s\n",
49 OpenSSL_version(OPENSSL_CFLAGS));
50 printf("OpenSSL_version OPENSSL_BUILT_ON: %s\n",
51 OpenSSL_version(OPENSSL_BUILT_ON));
52 printf("OpenSSL_version OPENSSL_PLATFORM: %s\n",
53 OpenSSL_version(OPENSSL_PLATFORM));
54 printf("OpenSSL_version OPENSSL_DIR: %s\n",
55 OpenSSL_version(OPENSSL_DIR));
56 printf("OpenSSL_version OPENSSL_ENGINES_DIR: %s\n",
57 OpenSSL_version(OPENSSL_ENGINES_DIR));
58#endif
59 printf("SSLeay: %#08lx\n", SSLeay());
60 printf("SSLeay_version SSLEAY_VERSION: %s\n",
61 SSLeay_version(SSLEAY_VERSION));
62 printf("SSLeay_version SSLEAY_CFLAGS: %s\n",
63 SSLeay_version(SSLEAY_CFLAGS));
64 printf("SSLeay_version SSLEAY_BUILT_ON: %s\n",
65 SSLeay_version(SSLEAY_BUILT_ON));
66 printf("SSLeay_version SSLEAY_PLATFORM: %s\n",
67 SSLeay_version(SSLEAY_PLATFORM));
68 printf("SSLeay_version SSLEAY_DIR: %s\n",
69 SSLeay_version(SSLEAY_DIR));
70}
71
72void
73print_ciphers(STACK_OF(SSL_CIPHER) *cstack)
74{
75 const SSL_CIPHER *cipher;
76 int i;
77
78 for (i = 0; (cipher = sk_SSL_CIPHER_value(cstack, i)) != NULL; i++)
79 printf("cipher %s\n", SSL_CIPHER_get_name(cipher));
80 if (fflush(stdout) != 0)
81 err(1, "fflush stdout");
82}
83
84void
85print_sockname(BIO *bio)
86{
87 struct sockaddr_storage ss;
88 socklen_t slen;
89 char host[NI_MAXHOST], port[NI_MAXSERV];
90 int fd;
91
92 if (BIO_get_fd(bio, &fd) <= 0)
93 err_ssl(1, "BIO_get_fd");
94 slen = sizeof(ss);
95 if (getsockname(fd, (struct sockaddr *)&ss, &slen) == -1)
96 err(1, "getsockname");
97 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
98 sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))
99 errx(1, "getnameinfo");
100 printf("sock: %s %s\n", host, port);
101 if (fflush(stdout) != 0)
102 err(1, "fflush stdout");
103}
104
105void
106print_peername(BIO *bio)
107{
108 struct sockaddr_storage ss;
109 socklen_t slen;
110 char host[NI_MAXHOST], port[NI_MAXSERV];
111 int fd;
112
113 if (BIO_get_fd(bio, &fd) <= 0)
114 err_ssl(1, "BIO_get_fd");
115 slen = sizeof(ss);
116 if (getpeername(fd, (struct sockaddr *)&ss, &slen) == -1)
117 err(1, "getpeername");
118 if (getnameinfo((struct sockaddr *)&ss, ss.ss_len, host,
119 sizeof(host), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV))
120 errx(1, "getnameinfo");
121 printf("peer: %s %s\n", host, port);
122 if (fflush(stdout) != 0)
123 err(1, "fflush stdout");
124}
125
126void
127err_ssl(int eval, const char *fmt, ...)
128{
129 va_list ap;
130
131 ERR_print_errors_fp(stderr);
132 va_start(ap, fmt);
133 verrx(eval, fmt, ap);
134 va_end(ap);
135}
136
137int
138verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
139{
140 printf("verify: %s\n", preverify_ok ? "pass" : "fail");
141 if (fflush(stdout) != 0)
142 err(1, "fflush stdout");
143
144 return preverify_ok;
145}
diff --git a/src/regress/lib/libssl/interop/util.h b/src/regress/lib/libssl/interop/util.h
deleted file mode 100644
index 7414a037d7..0000000000
--- a/src/regress/lib/libssl/interop/util.h
+++ /dev/null
@@ -1,23 +0,0 @@
1/* $OpenBSD: util.h,v 1.3 2018/11/09 06:30:41 bluhm Exp $ */
2/*
3 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18void print_version(void);
19void print_ciphers(STACK_OF(SSL_CIPHER) *);
20void print_sockname(BIO *);
21void print_peername(BIO *);
22void err_ssl(int, const char *, ...);
23int verify_callback(int, X509_STORE_CTX *);
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
deleted file mode 100644
index 7ac86ccbeb..0000000000
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ /dev/null
@@ -1,103 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2020/12/17 00:51:12 bluhm Exp $
2
3# Connect a client to a server. Both can be current libressl, or
4# openssl 1.0.2, or openssl 1.1. Pin client or server to a fixed TLS
5# version number. Incompatible versions must fail. Check that client
6# and server have used correct version by grepping in their session
7# print out.
8
9LIBRARIES = libressl
10.if exists(/usr/local/bin/eopenssl)
11LIBRARIES += openssl
12.endif
13.if exists(/usr/local/bin/eopenssl11)
14LIBRARIES += openssl11
15.endif
16
17VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3
18
19.for cver in ${VERSIONS}
20.for sver in ${VERSIONS}
21
22.if "${cver}" == any || "${sver}" == any || "${cver}" == "${sver}"
23FAIL_${cver}_${sver} =
24.else
25FAIL_${cver}_${sver} = !
26.endif
27
28.for clib in ${LIBRARIES}
29.for slib in ${LIBRARIES}
30
31.if ("${clib}" != openssl && "${slib}" != openssl) || \
32 ("${cver}" != TLS1_3 && "${sver}" != TLS1_3)
33
34.if ("${clib}" == "libressl" || "${slib}" == "libressl")
35REGRESS_TARGETS += run-version-client-${clib}-${cver}-server-${slib}-${sver}
36.else
37REGRESS_SLOW_TARGETS += run-version-client-${clib}-${cver}-server-${slib}-${sver}
38.endif
39
40run-version-client-${clib}-${cver}-server-${slib}-${sver} \
41client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
42server-version-client-${clib}-${cver}-server-${slib}-${sver}.out: \
43 127.0.0.1.crt ../${clib}/client ../${slib}/server
44 LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
45 ../${slib}/server >${@:S/^run/server/}.out \
46 -c 127.0.0.1.crt -k 127.0.0.1.key \
47 ${sver:Nany:S/^/-V /} \
48 127.0.0.1 0
49 ${FAIL_${cver}_${sver}} \
50 LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
51 ../${clib}/client >${@:S/^run/client/}.out \
52 ${cver:Nany:S/^/-V /} \
53 `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
54.if empty(${FAIL_${cver}_${sver}})
55 grep -q '^success$$' ${@:S/^run/server/}.out || \
56 { sleep 1; grep -q '^success$$' ${@:S/^run/server/}.out; }
57 grep -q '^success$$' ${@:S/^run/client/}.out
58.endif
59
60.if empty(${FAIL_${cver}_${sver}})
61
62.if ("${clib}" == "libressl" || "${slib}" == "libressl")
63REGRESS_TARGETS += check-version-client-${clib}-${cver}-server-${slib}-${sver}
64.else
65REGRESS_SLOW_TARGETS += check-version-client-${clib}-${cver}-server-${slib}-${sver}
66.endif
67
68check-version-client-${clib}-${cver}-server-${slib}-${sver}: \
69 client-version-client-${clib}-${cver}-server-${slib}-${sver}.out \
70 server-version-client-${clib}-${cver}-server-${slib}-${sver}.out
71 @grep ' Protocol *: ' ${@:S/^check/client/}.out
72 @grep ' Protocol *: ' ${@:S/^check/server/}.out
73.if "${cver}" == any
74.if "${sver}" == any
75.if "${clib}" == openssl || "${slib}" == openssl
76 grep -q ' Protocol *: TLSv1.2$$' ${@:S/^check/client/}.out
77 grep -q ' Protocol *: TLSv1.2$$' ${@:S/^check/server/}.out
78.else
79 grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/client/}.out
80 grep -q ' Protocol *: TLSv1.3$$' ${@:S/^check/server/}.out
81.endif
82.else
83 grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
84 ${@:S/^check/client/}.out
85 grep -q ' Protocol *: ${sver:S/TLS/TLSv/:S/_/./}$$' \
86 ${@:S/^check/server/}.out
87.endif
88.else
89 grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
90 ${@:S/^check/client/}.out
91 grep -q ' Protocol *: ${cver:S/TLS/TLSv/:S/_/./}$$' \
92 ${@:S/^check/server/}.out
93.endif
94.endif
95
96.endif
97
98.endfor
99.endfor
100.endfor
101.endfor
102
103.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/key_schedule/Makefile b/src/regress/lib/libssl/key_schedule/Makefile
deleted file mode 100644
index 24e12b7c36..0000000000
--- a/src/regress/lib/libssl/key_schedule/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2018/11/07 19:43:12 beck Exp $
2
3PROG= key_schedule
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/key_schedule/key_schedule.c b/src/regress/lib/libssl/key_schedule/key_schedule.c
deleted file mode 100644
index 2746bb593d..0000000000
--- a/src/regress/lib/libssl/key_schedule/key_schedule.c
+++ /dev/null
@@ -1,317 +0,0 @@
1/* $OpenBSD: key_schedule.c,v 1.9 2019/11/18 02:09:58 beck Exp $ */
2/*
3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include "ssl_locl.h"
21
22#include "bytestring.h"
23#include "ssl_tlsext.h"
24#include "tls13_internal.h"
25
26static int failures = 0;
27
28static void
29hexdump(const unsigned char *buf, size_t len)
30{
31 size_t i;
32
33 for (i = 1; i <= len; i++)
34 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
35
36 fprintf(stderr, "\n");
37}
38
39static void
40compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
41 size_t expect_len)
42{
43 fprintf(stderr, "received:\n");
44 hexdump(recv, recv_len);
45
46 fprintf(stderr, "test data:\n");
47 hexdump(expect, expect_len);
48}
49
50#define FAIL(msg, ...) \
51do { \
52 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
53 fprintf(stderr, msg, ##__VA_ARGS__); \
54 failures++; \
55} while(0)
56
57/* Hashes and secrets from test vector */
58
59uint8_t chello[] = {
60 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14,
61 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,
62 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c,
63 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55
64};
65const struct tls13_secret chello_hash = {
66 .data = chello,
67 .len = 32,
68};
69
70uint8_t cshello [] = {
71 0x86, 0x0c, 0x06, 0xed, 0xc0, 0x78, 0x58, 0xee,
72 0x8e, 0x78, 0xf0, 0xe7, 0x42, 0x8c, 0x58, 0xed,
73 0xd6, 0xb4, 0x3f, 0x2c, 0xa3, 0xe6, 0xe9, 0x5f,
74 0x02, 0xed, 0x06, 0x3c, 0xf0, 0xe1, 0xca, 0xd8
75};
76
77const struct tls13_secret cshello_hash = {
78 .data = cshello,
79 .len = 32,
80};
81
82const uint8_t ecdhe [] = {
83 0x8b, 0xd4, 0x05, 0x4f, 0xb5, 0x5b, 0x9d, 0x63,
84 0xfd, 0xfb, 0xac, 0xf9, 0xf0, 0x4b, 0x9f, 0x0d,
85 0x35, 0xe6, 0xd6, 0x3f, 0x53, 0x75, 0x63, 0xef,
86 0xd4, 0x62, 0x72, 0x90, 0x0f, 0x89, 0x49, 0x2d
87};
88
89uint8_t csfhello [] = {
90 0x96, 0x08, 0x10, 0x2a, 0x0f, 0x1c, 0xcc, 0x6d,
91 0xb6, 0x25, 0x0b, 0x7b, 0x7e, 0x41, 0x7b, 0x1a,
92 0x00, 0x0e, 0xaa, 0xda, 0x3d, 0xaa, 0xe4, 0x77,
93 0x7a, 0x76, 0x86, 0xc9, 0xff, 0x83, 0xdf, 0x13
94};
95
96const struct tls13_secret csfhello_hash = {
97 .data = csfhello,
98 .len = 32,
99};
100
101
102/* Expected Values */
103
104uint8_t expected_extracted_early[] = {
105 0x33, 0xad, 0x0a, 0x1c, 0x60, 0x7e, 0xc0, 0x3b,
106 0x09, 0xe6, 0xcd, 0x98, 0x93, 0x68, 0x0c, 0xe2,
107 0x10, 0xad, 0xf3, 0x00, 0xaa, 0x1f, 0x26, 0x60,
108 0xe1, 0xb2, 0x2e, 0x10, 0xf1, 0x70, 0xf9, 0x2a
109};
110uint8_t expected_derived_early[] = {
111 0x6f, 0x26, 0x15, 0xa1, 0x08, 0xc7, 0x02, 0xc5,
112 0x67, 0x8f, 0x54, 0xfc, 0x9d, 0xba, 0xb6, 0x97,
113 0x16, 0xc0, 0x76, 0x18, 0x9c, 0x48, 0x25, 0x0c,
114 0xeb, 0xea, 0xc3, 0x57, 0x6c, 0x36, 0x11, 0xba
115};
116uint8_t expected_extracted_handshake[] = {
117 0x1d, 0xc8, 0x26, 0xe9, 0x36, 0x06, 0xaa, 0x6f,
118 0xdc, 0x0a, 0xad, 0xc1, 0x2f, 0x74, 0x1b, 0x01,
119 0x04, 0x6a, 0xa6, 0xb9, 0x9f, 0x69, 0x1e, 0xd2,
120 0x21, 0xa9, 0xf0, 0xca, 0x04, 0x3f, 0xbe, 0xac
121};
122uint8_t expected_client_handshake_traffic[] = {
123 0xb3, 0xed, 0xdb, 0x12, 0x6e, 0x06, 0x7f, 0x35,
124 0xa7, 0x80, 0xb3, 0xab, 0xf4, 0x5e, 0x2d, 0x8f,
125 0x3b, 0x1a, 0x95, 0x07, 0x38, 0xf5, 0x2e, 0x96,
126 0x00, 0x74, 0x6a, 0x0e, 0x27, 0xa5, 0x5a, 0x21
127};
128
129uint8_t expected_server_handshake_traffic[] = {
130 0xb6, 0x7b, 0x7d, 0x69, 0x0c, 0xc1, 0x6c, 0x4e,
131 0x75, 0xe5, 0x42, 0x13, 0xcb, 0x2d, 0x37, 0xb4,
132 0xe9, 0xc9, 0x12, 0xbc, 0xde, 0xd9, 0x10, 0x5d,
133 0x42, 0xbe, 0xfd, 0x59, 0xd3, 0x91, 0xad, 0x38
134};
135
136uint8_t expected_derived_handshake[] = {
137 0x43, 0xde, 0x77, 0xe0, 0xc7, 0x77, 0x13, 0x85,
138 0x9a, 0x94, 0x4d, 0xb9, 0xdb, 0x25, 0x90, 0xb5,
139 0x31, 0x90, 0xa6, 0x5b, 0x3e, 0xe2, 0xe4, 0xf1,
140 0x2d, 0xd7, 0xa0, 0xbb, 0x7c, 0xe2, 0x54, 0xb4
141};
142
143uint8_t expected_extracted_master[] = {
144 0x18, 0xdf, 0x06, 0x84, 0x3d, 0x13, 0xa0, 0x8b,
145 0xf2, 0xa4, 0x49, 0x84, 0x4c, 0x5f, 0x8a, 0x47,
146 0x80, 0x01, 0xbc, 0x4d, 0x4c, 0x62, 0x79, 0x84,
147 0xd5, 0xa4, 0x1d, 0xa8, 0xd0, 0x40, 0x29, 0x19
148};
149
150uint8_t expected_server_application_traffic[] = {
151 0xa1, 0x1a, 0xf9, 0xf0, 0x55, 0x31, 0xf8, 0x56,
152 0xad, 0x47, 0x11, 0x6b, 0x45, 0xa9, 0x50, 0x32,
153 0x82, 0x04, 0xb4, 0xf4, 0x4b, 0xfb, 0x6b, 0x3a,
154 0x4b, 0x4f, 0x1f, 0x3f, 0xcb, 0x63, 0x16, 0x43
155};
156
157uint8_t expected_server_application_traffic_updated[] = {
158 0x51, 0x92, 0x1b, 0x8a, 0xa3, 0x00, 0x19, 0x76,
159 0xeb, 0x40, 0x1d, 0x0a, 0x43, 0x19, 0xa8, 0x51,
160 0x64, 0x16, 0xa6, 0xc5, 0x60, 0x01, 0xa3, 0x57,
161 0xe5, 0xd1, 0x62, 0x03, 0x1e, 0x84, 0xf9, 0x16,
162};
163
164uint8_t expected_client_application_traffic[] = {
165 0x9e, 0x40, 0x64, 0x6c, 0xe7, 0x9a, 0x7f, 0x9d,
166 0xc0, 0x5a, 0xf8, 0x88, 0x9b, 0xce, 0x65, 0x52,
167 0x87, 0x5a, 0xfa, 0x0b, 0x06, 0xdf, 0x00, 0x87,
168 0xf7, 0x92, 0xeb, 0xb7, 0xc1, 0x75, 0x04, 0xa5,
169};
170
171uint8_t expected_client_application_traffic_updated[] = {
172 0xfc, 0xdf, 0xcc, 0x72, 0x72, 0x5a, 0xae, 0xe4,
173 0x8b, 0xf6, 0x4e, 0x4f, 0xd8, 0xb7, 0x49, 0xcd,
174 0xbd, 0xba, 0xb3, 0x9d, 0x90, 0xda, 0x0b, 0x26,
175 0xe2, 0x24, 0x5c, 0xa6, 0xea, 0x16, 0x72, 0x07,
176};
177
178uint8_t expected_exporter_master[] = {
179 0xfe, 0x22, 0xf8, 0x81, 0x17, 0x6e, 0xda, 0x18,
180 0xeb, 0x8f, 0x44, 0x52, 0x9e, 0x67, 0x92, 0xc5,
181 0x0c, 0x9a, 0x3f, 0x89, 0x45, 0x2f, 0x68, 0xd8,
182 0xae, 0x31, 0x1b, 0x43, 0x09, 0xd3, 0xcf, 0x50
183};
184
185int
186main (int argc, char **argv)
187{
188 struct tls13_secrets *secrets;
189
190 if ((secrets = tls13_secrets_create(EVP_sha256(), 0)) == NULL)
191 errx(1,"failed to create secrets\n");
192
193 secrets->insecure = 1; /* don't explicit_bzero when done */
194
195 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
196 FAIL("derive_handshake_secrets worked when it shouldn't\n");
197 if (tls13_derive_application_secrets(secrets,
198 &chello_hash))
199 FAIL("derive_application_secrets worked when it shouldn't\n");
200
201 if (!tls13_derive_early_secrets(secrets,
202 secrets->zeros.data, secrets->zeros.len, &chello_hash))
203 FAIL("derive_early_secrets failed\n");
204 if (tls13_derive_early_secrets(secrets,
205 secrets->zeros.data, secrets->zeros.len, &chello_hash))
206 FAIL("derive_early_secrets worked when it shouldn't(2)\n");
207
208 if (!tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
209 FAIL("derive_handshake_secrets failed\n");
210 if (tls13_derive_handshake_secrets(secrets, ecdhe, 32, &cshello_hash))
211 FAIL("derive_handshake_secrets worked when it shouldn't(2)\n");
212
213 /* XXX fix hash here once test vector sorted */
214 if (!tls13_derive_application_secrets(secrets, &csfhello_hash))
215 FAIL("derive_application_secrets failed\n");
216 if (tls13_derive_application_secrets(secrets, &csfhello_hash))
217 FAIL("derive_application_secrets worked when it "
218 "shouldn't(2)\n");
219
220 fprintf(stderr, "extracted_early:\n");
221 compare_data(secrets->extracted_early.data, 32,
222 expected_extracted_early, 32);
223 if (memcmp(secrets->extracted_early.data,
224 expected_extracted_early, 32) != 0)
225 FAIL("extracted_early does not match\n");
226
227 fprintf(stderr, "derived_early:\n");
228 compare_data(secrets->derived_early.data, 32,
229 expected_derived_early, 32);
230 if (memcmp(secrets->derived_early.data,
231 expected_derived_early, 32) != 0)
232 FAIL("derived_early does not match\n");
233
234 fprintf(stderr, "extracted_handshake:\n");
235 compare_data(secrets->extracted_handshake.data, 32,
236 expected_extracted_handshake, 32);
237 if (memcmp(secrets->extracted_handshake.data,
238 expected_extracted_handshake, 32) != 0)
239 FAIL("extracted_handshake does not match\n");
240
241 fprintf(stderr, "client_handshake_traffic:\n");
242 compare_data(secrets->client_handshake_traffic.data, 32,
243 expected_client_handshake_traffic, 32);
244 if (memcmp(secrets->client_handshake_traffic.data,
245 expected_client_handshake_traffic, 32) != 0)
246 FAIL("client_handshake_traffic does not match\n");
247
248 fprintf(stderr, "server_handshake_traffic:\n");
249 compare_data(secrets->server_handshake_traffic.data, 32,
250 expected_server_handshake_traffic, 32);
251 if (memcmp(secrets->server_handshake_traffic.data,
252 expected_server_handshake_traffic, 32) != 0)
253 FAIL("server_handshake_traffic does not match\n");
254
255 fprintf(stderr, "derived_early:\n");
256 compare_data(secrets->derived_early.data, 32,
257 expected_derived_early, 32);
258 if (memcmp(secrets->derived_early.data,
259 expected_derived_early, 32) != 0)
260 FAIL("derived_early does not match\n");
261
262 fprintf(stderr, "derived_handshake:\n");
263 compare_data(secrets->derived_handshake.data, 32,
264 expected_derived_handshake, 32);
265 if (memcmp(secrets->derived_handshake.data,
266 expected_derived_handshake, 32) != 0)
267 FAIL("derived_handshake does not match\n");
268
269 fprintf(stderr, "extracted_master:\n");
270 compare_data(secrets->extracted_master.data, 32,
271 expected_extracted_master, 32);
272 if (memcmp(secrets->extracted_master.data,
273 expected_extracted_master, 32) != 0)
274 FAIL("extracted_master does not match\n");
275
276 fprintf(stderr, "server_application_traffic:\n");
277 compare_data(secrets->server_application_traffic.data, 32,
278 expected_server_application_traffic, 32);
279 if (memcmp(secrets->server_application_traffic.data,
280 expected_server_application_traffic, 32) != 0)
281 FAIL("server_application_traffic does not match\n");
282
283 fprintf(stderr, "client_application_traffic:\n");
284 compare_data(secrets->client_application_traffic.data, 32,
285 expected_client_application_traffic, 32);
286 if (memcmp(secrets->client_application_traffic.data,
287 expected_client_application_traffic, 32) != 0)
288 FAIL("server_application_traffic does not match\n");
289
290 fprintf(stderr, "exporter_master:\n");
291 compare_data(secrets->exporter_master.data, 32,
292 expected_exporter_master, 32);
293 if (memcmp(secrets->exporter_master.data,
294 expected_exporter_master, 32) != 0)
295 FAIL("exporter_master does not match\n");
296
297 tls13_update_server_traffic_secret(secrets);
298 fprintf(stderr, "server_application_traffic after update:\n");
299 compare_data(secrets->server_application_traffic.data, 32,
300 expected_server_application_traffic_updated, 32);
301 if (memcmp(secrets->server_application_traffic.data,
302 expected_server_application_traffic_updated, 32) != 0)
303 FAIL("server_application_traffic does not match after update\n");
304
305
306 tls13_update_client_traffic_secret(secrets);
307 fprintf(stderr, "client_application_traffic after update:\n");
308 compare_data(secrets->client_application_traffic.data, 32,
309 expected_client_application_traffic_updated, 32);
310 if (memcmp(secrets->client_application_traffic.data,
311 expected_client_application_traffic_updated, 32) != 0)
312 FAIL("client_application_traffic does not match after update\n");
313
314 tls13_secrets_destroy(secrets);
315
316 return failures;
317}
diff --git a/src/regress/lib/libssl/openssl-ruby/Makefile b/src/regress/lib/libssl/openssl-ruby/Makefile
deleted file mode 100644
index 7a897157d1..0000000000
--- a/src/regress/lib/libssl/openssl-ruby/Makefile
+++ /dev/null
@@ -1,72 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2021/05/03 18:21:00 tb Exp $
2
3OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests
4RUBY_BINREV = 27
5RUBY = ruby${RUBY_BINREV}
6
7# We work in a subdirectory of obj/ since extconf.rb generates a Makefile whose
8# name can't be customized in $PWD. An obj/Makefile in turn confuses either make
9# or bsd.*.mk. This hurts when things are in an unexpected state after a signal.
10BUILDDIR = build
11
12.if !exists(${OPENSSL_RUBY_TESTS})
13regress:
14 @echo package openssl-ruby-tests is required for this regress
15 @echo SKIPPED
16.else
17
18REGRESS_TARGETS += openssl-ruby-test
19REGRESS_EXPECTED_FAILURES += openssl-ruby-test
20
21openssl-ruby-test: retest
22
23_BUILDDIR_COOKIE = .builddir
24_BUILD_COOKIE = .build
25_TEST_COOKIE = .test
26
27${_BUILDDIR_COOKIE}:
28 mkdir -p ${BUILDDIR}
29 touch $@
30
31${_BUILD_COOKIE}: ${_BUILDDIR_COOKIE}
32 cd ${BUILDDIR} && \
33 ${RUBY} ${OPENSSL_RUBY_TESTS}/ext/openssl/extconf.rb && \
34 make;
35 touch $@
36
37OPENSSL_RUBY_TESTSRC = ${OPENSSL_RUBY_TESTS}/test/openssl/test_*.rb
38${_TEST_COOKIE}: ${_BUILD_COOKIE} ${_BUILDDIR_COOKIE}
39 cd ${BUILDDIR} && \
40 ${RUBY} -I. -I${OPENSSL_RUBY_TESTS}/test/openssl \
41 -I${OPENSSL_RUBY_TESTS}/lib \
42 -e 'Dir["${OPENSSL_RUBY_TESTSRC}"].each{|f| require f}' \
43 -- --no-use-color --no-show-detail-immediately
44 touch $@
45
46build: ${_BUILD_COOKIE}
47test: ${_TEST_COOKIE}
48
49_MAKE = cd ${.CURDIR} && exec ${.MAKE}
50
51rebuild:
52 rm -f ${_BUILD_COOKIE}
53 ${_MAKE} build
54
55retest:
56 rm -f ${_TEST_COOKIE}
57 ${_MAKE} test
58
59CLEANFILES += ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE}
60
61. if make(clean) || make(cleandir)
62. if exists(${BUILDDIR})
63.BEGIN:
64 rm -r ${BUILDDIR}
65. endif
66. endif
67
68.PHONY: build rebuild test retest
69
70.endif
71
72.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/Makefile b/src/regress/lib/libssl/pqueue/Makefile
deleted file mode 100644
index 48c2cb7e61..0000000000
--- a/src/regress/lib/libssl/pqueue/Makefile
+++ /dev/null
@@ -1,17 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2016/11/04 19:45:12 jsing Exp $
2
3PROG= pq_test
4SRC= ${.CURDIR}/../../../../lib/libssl
5CFLAGS+= -I${SRC}
6
7LDADD= ${SSL_INT} -lcrypto
8DPADD= ${LIBSSL} ${LIBCRYPTO}
9WARNINGS= Yes
10CFLAGS+= -DLIBRESSL_INTERNAL -Werror
11
12REGRESS_TARGETS= regress-pq_test
13
14regress-pq_test: ${PROG}
15 ${.OBJDIR}/pq_test | cmp -s ${.CURDIR}/expected.txt /dev/stdin
16
17.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/pqueue/expected.txt b/src/regress/lib/libssl/pqueue/expected.txt
deleted file mode 100644
index c59d6cd838..0000000000
--- a/src/regress/lib/libssl/pqueue/expected.txt
+++ /dev/null
@@ -1,3 +0,0 @@
1item 6966726167696c69
2item 7374696365787069
3item 737570657263616c
diff --git a/src/regress/lib/libssl/pqueue/pq_test.c b/src/regress/lib/libssl/pqueue/pq_test.c
deleted file mode 100644
index a078ba5366..0000000000
--- a/src/regress/lib/libssl/pqueue/pq_test.c
+++ /dev/null
@@ -1,118 +0,0 @@
1/* crypto/pqueue/pq_test.c */
2/*
3 * DTLS implementation written by Nagendra Modadugu
4 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * openssl-core@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62#include "pqueue.h"
63
64/* remember to change expected.txt if you change these values */
65unsigned char prio1[8] = "supercal";
66unsigned char prio2[8] = "ifragili";
67unsigned char prio3[8] = "sticexpi";
68
69static void
70pqueue_print(pqueue pq)
71{
72 pitem *iter, *item;
73
74 iter = pqueue_iterator(pq);
75 for (item = pqueue_next(&iter); item != NULL;
76 item = pqueue_next(&iter)) {
77 printf("item\t%02x%02x%02x%02x%02x%02x%02x%02x\n",
78 item->priority[0], item->priority[1],
79 item->priority[2], item->priority[3],
80 item->priority[4], item->priority[5],
81 item->priority[6], item->priority[7]);
82 }
83}
84
85int
86main(void)
87{
88 pitem *item;
89 pqueue pq;
90
91 pq = pqueue_new();
92
93 item = pitem_new(prio3, NULL);
94 pqueue_insert(pq, item);
95
96 item = pitem_new(prio1, NULL);
97 pqueue_insert(pq, item);
98
99 item = pitem_new(prio2, NULL);
100 pqueue_insert(pq, item);
101
102 item = pqueue_find(pq, prio1);
103 fprintf(stderr, "found %p\n", item->priority);
104
105 item = pqueue_find(pq, prio2);
106 fprintf(stderr, "found %p\n", item->priority);
107
108 item = pqueue_find(pq, prio3);
109 fprintf(stderr, "found %p\n", item ? item->priority: 0);
110
111 pqueue_print(pq);
112
113 for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
114 pitem_free(item);
115
116 pqueue_free(pq);
117 return 0;
118}
diff --git a/src/regress/lib/libssl/record/Makefile b/src/regress/lib/libssl/record/Makefile
deleted file mode 100644
index f0e2bc52a8..0000000000
--- a/src/regress/lib/libssl/record/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2019/01/19 02:57:04 jsing Exp $
2
3PROG= recordtest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/record/recordtest.c b/src/regress/lib/libssl/record/recordtest.c
deleted file mode 100644
index c345a68c15..0000000000
--- a/src/regress/lib/libssl/record/recordtest.c
+++ /dev/null
@@ -1,555 +0,0 @@
1/* $OpenBSD: recordtest.c,v 1.4 2020/05/11 18:08:37 jsing Exp $ */
2/*
3 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <string.h>
20
21#include <openssl/ssl.h>
22
23#include "tls13_internal.h"
24#include "tls13_record.h"
25
26/* Valid record. */
27static uint8_t test_record_1[] = {
28 0x16, 0x03, 0x03, 0x00, 0x7a, 0x02, 0x00, 0x00,
29 0x76, 0x03, 0x03, 0x14, 0xae, 0x2b, 0x6d, 0x58,
30 0xe9, 0x79, 0x9d, 0xd4, 0x90, 0x52, 0x90, 0x13,
31 0x1c, 0x08, 0xaa, 0x3f, 0x5b, 0xfb, 0x64, 0xfe,
32 0x9a, 0xca, 0x73, 0x6d, 0x87, 0x8d, 0x8b, 0x3b,
33 0x70, 0x14, 0xa3, 0x20, 0xd7, 0x50, 0xa4, 0xe5,
34 0x17, 0x42, 0x5d, 0xce, 0xe6, 0xfe, 0x1b, 0x59,
35 0x27, 0x6b, 0xff, 0xc8, 0x40, 0xc7, 0xac, 0x16,
36 0x32, 0xe6, 0x5b, 0xd2, 0xd9, 0xd4, 0xb5, 0x3f,
37 0x8f, 0x74, 0x6e, 0x7d, 0x13, 0x02, 0x00, 0x00,
38 0x2e, 0x00, 0x33, 0x00, 0x24, 0x00, 0x1d, 0x00,
39 0x20, 0x72, 0xb0, 0xaf, 0x7f, 0xf5, 0x89, 0x0f,
40 0xcd, 0x6e, 0x45, 0xb1, 0x51, 0xa0, 0xbd, 0x1e,
41 0xee, 0x7e, 0xf1, 0xa5, 0xc5, 0xc6, 0x7e, 0x5f,
42 0x6a, 0xca, 0xc9, 0xe4, 0xae, 0xb9, 0x50, 0x76,
43 0x0a, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
44};
45
46/* Truncated record. */
47static uint8_t test_record_2[] = {
48 0x17, 0x03, 0x03, 0x41, 0x00, 0x02, 0x00, 0x00,
49};
50
51/* Oversized and truncated record. */
52static uint8_t test_record_3[] = {
53 0x17, 0x03, 0x03, 0x41, 0x01, 0x02, 0x00, 0x00,
54};
55
56static void
57hexdump(const unsigned char *buf, size_t len)
58{
59 size_t i;
60
61 for (i = 1; i <= len; i++)
62 fprintf(stderr, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
63 if (len % 8 != 0)
64 fprintf(stderr, "\n");
65}
66
67struct rw_state {
68 uint8_t *buf;
69 size_t len;
70 size_t offset;
71 uint8_t eof;
72};
73
74static ssize_t
75read_cb(void *buf, size_t buflen, void *cb_arg)
76{
77 struct rw_state *rs = cb_arg;
78 ssize_t n;
79
80 if (rs->eof)
81 return TLS13_IO_EOF;
82
83 if ((size_t)(n = buflen) > (rs->len - rs->offset))
84 n = rs->len - rs->offset;
85
86 if (n == 0)
87 return TLS13_IO_WANT_POLLIN;
88
89 memcpy(buf, &rs->buf[rs->offset], n);
90 rs->offset += n;
91
92 return n;
93}
94
95static ssize_t
96write_cb(const void *buf, size_t buflen, void *cb_arg)
97{
98 struct rw_state *ws = cb_arg;
99 ssize_t n;
100
101 if (ws->eof)
102 return TLS13_IO_EOF;
103
104 if ((size_t)(n = buflen) > (ws->len - ws->offset))
105 n = ws->len - ws->offset;
106
107 if (n == 0)
108 return TLS13_IO_WANT_POLLOUT;
109
110 memcpy(&ws->buf[ws->offset], buf, n);
111 ws->offset += n;
112
113 return n;
114}
115
116struct record_test {
117 size_t rw_len;
118 int eof;
119 ssize_t want_ret;
120};
121
122struct record_recv_test {
123 uint8_t *read_buf;
124 struct record_test rt[10];
125 uint8_t want_content_type;
126 uint8_t *want_data;
127 size_t want_len;
128};
129
130struct record_recv_test record_recv_tests[] = {
131 {
132 .read_buf = test_record_1,
133 .rt = {
134 {
135 .rw_len = sizeof(test_record_1),
136 .want_ret = sizeof(test_record_1),
137 },
138 },
139 .want_content_type = SSL3_RT_HANDSHAKE,
140 .want_data = test_record_1,
141 .want_len = sizeof(test_record_1),
142 },
143 {
144 .read_buf = test_record_1,
145 .rt = {
146 {
147 .rw_len = 0,
148 .want_ret = TLS13_IO_WANT_POLLIN,
149 },
150 {
151 .rw_len = sizeof(test_record_1),
152 .want_ret = sizeof(test_record_1),
153 },
154 },
155 .want_content_type = SSL3_RT_HANDSHAKE,
156 .want_data = test_record_1,
157 .want_len = sizeof(test_record_1),
158 },
159 {
160 .read_buf = test_record_1,
161 .rt = {
162 {
163 .rw_len = 0,
164 .want_ret = TLS13_IO_WANT_POLLIN,
165 },
166 {
167 .rw_len = 5,
168 .want_ret = TLS13_IO_WANT_POLLIN,
169 },
170 {
171 .rw_len = sizeof(test_record_1),
172 .want_ret = sizeof(test_record_1),
173 },
174 },
175 .want_content_type = SSL3_RT_HANDSHAKE,
176 .want_data = test_record_1,
177 .want_len = sizeof(test_record_1),
178 },
179 {
180 .read_buf = test_record_1,
181 .rt = {
182 {
183 .rw_len = 0,
184 .want_ret = TLS13_IO_WANT_POLLIN,
185 },
186 {
187 .rw_len = 2,
188 .want_ret = TLS13_IO_WANT_POLLIN,
189 },
190 {
191 .rw_len = 6,
192 .want_ret = TLS13_IO_WANT_POLLIN,
193 },
194 {
195 .rw_len = sizeof(test_record_1),
196 .want_ret = sizeof(test_record_1),
197 },
198 },
199 .want_content_type = SSL3_RT_HANDSHAKE,
200 .want_data = test_record_1,
201 .want_len = sizeof(test_record_1),
202 },
203 {
204 .read_buf = test_record_1,
205 .rt = {
206 {
207 .rw_len = 4,
208 .want_ret = TLS13_IO_WANT_POLLIN,
209 },
210 {
211 .eof = 1,
212 .want_ret = TLS13_IO_EOF,
213 },
214 },
215 },
216 {
217 .read_buf = test_record_1,
218 .rt = {
219 {
220 .eof = 1,
221 .want_ret = TLS13_IO_EOF,
222 },
223 },
224 },
225 {
226 .read_buf = test_record_2,
227 .rt = {
228 {
229 .rw_len = sizeof(test_record_2),
230 .want_ret = TLS13_IO_WANT_POLLIN,
231 },
232 {
233 .eof = 1,
234 .want_ret = TLS13_IO_EOF,
235 },
236 },
237 .want_content_type = SSL3_RT_APPLICATION_DATA,
238 },
239 {
240 .read_buf = test_record_3,
241 .rt = {
242 {
243 .rw_len = sizeof(test_record_3),
244 .want_ret = TLS13_IO_RECORD_OVERFLOW,
245 },
246 },
247 },
248};
249
250#define N_RECORD_RECV_TESTS (sizeof(record_recv_tests) / sizeof(record_recv_tests[0]))
251
252struct record_send_test {
253 uint8_t *data;
254 size_t data_len;
255 struct record_test rt[10];
256 uint8_t *want_data;
257 size_t want_len;
258};
259
260struct record_send_test record_send_tests[] = {
261 {
262 .data = test_record_1,
263 .data_len = sizeof(test_record_1),
264 .rt = {
265 {
266 .rw_len = sizeof(test_record_1),
267 .want_ret = sizeof(test_record_1),
268 },
269 },
270 .want_data = test_record_1,
271 .want_len = sizeof(test_record_1),
272 },
273 {
274 .data = test_record_1,
275 .data_len = sizeof(test_record_1),
276 .rt = {
277 {
278 .rw_len = 0,
279 .want_ret = TLS13_IO_WANT_POLLOUT,
280 },
281 {
282 .rw_len = sizeof(test_record_1),
283 .want_ret = sizeof(test_record_1),
284 },
285 },
286 .want_data = test_record_1,
287 .want_len = sizeof(test_record_1),
288 },
289 {
290 .data = test_record_1,
291 .data_len = sizeof(test_record_1),
292 .rt = {
293 {
294 .rw_len = 0,
295 .want_ret = TLS13_IO_WANT_POLLOUT,
296 },
297 {
298 .rw_len = 5,
299 .want_ret = TLS13_IO_WANT_POLLOUT,
300 },
301 {
302 .rw_len = sizeof(test_record_1),
303 .want_ret = sizeof(test_record_1),
304 },
305 },
306 .want_data = test_record_1,
307 .want_len = sizeof(test_record_1),
308 },
309 {
310 .data = test_record_1,
311 .data_len = sizeof(test_record_1),
312 .rt = {
313 {
314 .rw_len = 0,
315 .want_ret = TLS13_IO_WANT_POLLOUT,
316 },
317 {
318 .rw_len = 2,
319 .want_ret = TLS13_IO_WANT_POLLOUT,
320 },
321 {
322 .rw_len = 6,
323 .want_ret = TLS13_IO_WANT_POLLOUT,
324 },
325 {
326 .rw_len = sizeof(test_record_1),
327 .want_ret = sizeof(test_record_1),
328 },
329 },
330 .want_data = test_record_1,
331 .want_len = sizeof(test_record_1),
332 },
333 {
334 .data = test_record_1,
335 .data_len = sizeof(test_record_1),
336 .rt = {
337 {
338 .rw_len = 4,
339 .want_ret = TLS13_IO_WANT_POLLOUT,
340 },
341 {
342 .eof = 1,
343 .want_ret = TLS13_IO_EOF,
344 },
345 },
346 .want_data = test_record_1,
347 .want_len = 4,
348 },
349 {
350 .data = test_record_1,
351 .data_len = sizeof(test_record_1),
352 .rt = {
353 {
354 .rw_len = 0,
355 .want_ret = TLS13_IO_WANT_POLLOUT,
356 },
357 {
358 .eof = 1,
359 .want_ret = TLS13_IO_EOF,
360 },
361 },
362 .want_data = NULL,
363 .want_len = 0,
364 },
365};
366
367#define N_RECORD_SEND_TESTS (sizeof(record_send_tests) / sizeof(record_send_tests[0]))
368
369static int
370test_record_recv(size_t test_no, struct record_recv_test *rrt)
371{
372 struct tls13_record *rec;
373 struct rw_state rs;
374 int failed = 1;
375 ssize_t ret;
376 size_t i;
377 CBS cbs;
378
379 rs.buf = rrt->read_buf;
380 rs.offset = 0;
381
382 if ((rec = tls13_record_new()) == NULL)
383 errx(1, "tls13_record_new");
384
385 for (i = 0; rrt->rt[i].rw_len != 0 || rrt->rt[i].want_ret != 0; i++) {
386 rs.eof = rrt->rt[i].eof;
387 rs.len = rrt->rt[i].rw_len;
388
389 ret = tls13_record_recv(rec, read_cb, &rs);
390 if (ret != rrt->rt[i].want_ret) {
391 fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_recv "
392 "returned %zi, want %zi\n", test_no, i, ret,
393 rrt->rt[i].want_ret);
394 goto failure;
395 }
396 }
397
398 if (tls13_record_content_type(rec) != rrt->want_content_type) {
399 fprintf(stderr, "FAIL: Test %zu - got content type %u, "
400 "want %u\n", test_no, tls13_record_content_type(rec),
401 rrt->want_content_type);
402 goto failure;
403 }
404
405 tls13_record_data(rec, &cbs);
406 if (rrt->want_data == NULL) {
407 if (CBS_data(&cbs) != NULL || CBS_len(&cbs) != 0) {
408 fprintf(stderr, "FAIL: Test %zu - got CBS with data, "
409 "want NULL\n", test_no);
410 goto failure;
411 }
412 goto done;
413 }
414 if (!CBS_mem_equal(&cbs, rrt->want_data, rrt->want_len)) {
415 fprintf(stderr, "FAIL: Test %zu - data mismatch\n", test_no);
416 fprintf(stderr, "Got record data:\n");
417 hexdump(CBS_data(&cbs), CBS_len(&cbs));
418 fprintf(stderr, "Want record data:\n");
419 hexdump(rrt->want_data, rrt->want_len);
420 goto failure;
421 }
422
423 if (!tls13_record_header(rec, &cbs)) {
424 fprintf(stderr, "FAIL: Test %zu - fail to get record "
425 "header", test_no);
426 goto failure;
427 }
428 if (!CBS_mem_equal(&cbs, rrt->want_data, TLS13_RECORD_HEADER_LEN)) {
429 fprintf(stderr, "FAIL: Test %zu - header mismatch\n", test_no);
430 fprintf(stderr, "Got record header:\n");
431 hexdump(CBS_data(&cbs), CBS_len(&cbs));
432 fprintf(stderr, "Want record header:\n");
433 hexdump(rrt->want_data, rrt->want_len);
434 goto failure;
435 }
436
437 if (!tls13_record_content(rec, &cbs)) {
438 fprintf(stderr, "FAIL: Test %zu - fail to get record "
439 "content", test_no);
440 goto failure;
441 }
442 if (!CBS_mem_equal(&cbs, rrt->want_data + TLS13_RECORD_HEADER_LEN,
443 rrt->want_len - TLS13_RECORD_HEADER_LEN)) {
444 fprintf(stderr, "FAIL: Test %zu - content mismatch\n", test_no);
445 fprintf(stderr, "Got record content:\n");
446 hexdump(CBS_data(&cbs), CBS_len(&cbs));
447 fprintf(stderr, "Want record content:\n");
448 hexdump(rrt->want_data, rrt->want_len);
449 goto failure;
450 }
451
452 done:
453 failed = 0;
454
455 failure:
456 tls13_record_free(rec);
457
458 return failed;
459}
460
461static int
462test_record_send(size_t test_no, struct record_send_test *rst)
463{
464 uint8_t *data = NULL;
465 struct tls13_record *rec;
466 struct rw_state ws;
467 int failed = 1;
468 ssize_t ret;
469 size_t i;
470
471 if ((ws.buf = malloc(TLS13_RECORD_MAX_LEN)) == NULL)
472 errx(1, "malloc");
473
474 ws.offset = 0;
475
476 if ((rec = tls13_record_new()) == NULL)
477 errx(1, "tls13_record_new");
478
479 if ((data = malloc(rst->data_len)) == NULL)
480 errx(1, "malloc");
481 memcpy(data, rst->data, rst->data_len);
482
483 if (!tls13_record_set_data(rec, data, rst->data_len)) {
484 fprintf(stderr, "FAIL: Test %zu - failed to set record data\n",
485 test_no);
486 goto failure;
487 }
488 data = NULL;
489
490 for (i = 0; rst->rt[i].rw_len != 0 || rst->rt[i].want_ret != 0; i++) {
491 ws.eof = rst->rt[i].eof;
492 ws.len = rst->rt[i].rw_len;
493
494 ret = tls13_record_send(rec, write_cb, &ws);
495 if (ret != rst->rt[i].want_ret) {
496 fprintf(stderr, "FAIL: Test %zu/%zu - tls_record_send "
497 "returned %zi, want %zi\n", test_no, i, ret,
498 rst->rt[i].want_ret);
499 goto failure;
500 }
501 }
502
503 if (rst->want_data != NULL &&
504 memcmp(ws.buf, rst->want_data, rst->want_len) != 0) {
505 fprintf(stderr, "FAIL: Test %zu - content mismatch\n", test_no);
506 fprintf(stderr, "Got record data:\n");
507 hexdump(rst->data, rst->data_len);
508 fprintf(stderr, "Want record data:\n");
509 hexdump(rst->want_data, rst->want_len);
510 goto failure;
511 }
512
513 failed = 0;
514
515 failure:
516 tls13_record_free(rec);
517 free(ws.buf);
518
519 return failed;
520}
521
522static int
523test_recv_records(void)
524{
525 int failed = 0;
526 size_t i;
527
528 for (i = 0; i < N_RECORD_RECV_TESTS; i++)
529 failed |= test_record_recv(i, &record_recv_tests[i]);
530
531 return failed;
532}
533
534static int
535test_send_records(void)
536{
537 int failed = 0;
538 size_t i;
539
540 for (i = 0; i < N_RECORD_SEND_TESTS; i++)
541 failed |= test_record_send(i, &record_send_tests[i]);
542
543 return failed;
544}
545
546int
547main(int argc, char **argv)
548{
549 int failed = 0;
550
551 failed |= test_recv_records();
552 failed |= test_send_records();
553
554 return failed;
555}
diff --git a/src/regress/lib/libssl/record_layer/Makefile b/src/regress/lib/libssl/record_layer/Makefile
deleted file mode 100644
index 66c48dd769..0000000000
--- a/src/regress/lib/libssl/record_layer/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2020/03/13 16:04:31 jsing Exp $
2
3PROG= record_layer_test
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
8CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
9
10.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/record_layer/record_layer_test.c b/src/regress/lib/libssl/record_layer/record_layer_test.c
deleted file mode 100644
index 4e75ba4a25..0000000000
--- a/src/regress/lib/libssl/record_layer/record_layer_test.c
+++ /dev/null
@@ -1,306 +0,0 @@
1/* $OpenBSD: record_layer_test.c,v 1.4 2021/03/29 16:22:02 jsing Exp $ */
2/*
3 * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19#include <string.h>
20
21#include "ssl_locl.h"
22#include "tls13_internal.h"
23#include "tls13_record.h"
24
25int tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl,
26 uint8_t *seq_num);
27int tls13_record_layer_inc_seq_num(uint8_t *seq_num);
28
29static void
30hexdump(const unsigned char *buf, size_t len)
31{
32 size_t i;
33
34 for (i = 1; i <= len; i++)
35 fprintf(stderr, " 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\n");
36 if (len % 8 != 0)
37 fprintf(stderr, "\n");
38}
39
40struct seq_num_test {
41 uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
42 uint8_t want_num[TLS13_RECORD_SEQ_NUM_LEN];
43 int want;
44};
45
46struct seq_num_test seq_num_dtls_tests[] = {
47 {
48 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
49 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
50 .want = 1,
51 },
52 {
53 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
54 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
55 .want = 1,
56 },
57 {
58 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe},
59 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
60 .want = 1,
61 },
62 {
63 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
64 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
65 .want = 1,
66 },
67 {
68 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
69 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01},
70 .want = 1,
71 },
72 {
73 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xff},
74 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00},
75 .want = 1,
76 },
77 {
78 .seq_num = {0xab, 0xcd, 0xef, 0x00, 0xfe, 0xff, 0xff, 0xff},
79 .want_num = {0xab, 0xcd, 0xef, 0x00, 0xff, 0x00, 0x00, 0x00},
80 .want = 1,
81 },
82 {
83 .seq_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
84 .want_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
85 .want = 0,
86 },
87 {
88 .seq_num = {0x01, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff},
89 .want_num = {0x01, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00},
90 .want = 1,
91 },
92 {
93 .seq_num = {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
94 .want_num = {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
95 .want = 1,
96 },
97 {
98 .seq_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
99 .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
100 .want = 1,
101 },
102 {
103 .seq_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
104 .want_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
105 .want = 0,
106 },
107 {
108 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
109 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
110 .want = 1,
111 },
112 {
113 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
114 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
115 .want = 0,
116 },
117};
118
119#define N_SEQ_NUM_DTLS_TESTS \
120 (sizeof(seq_num_dtls_tests) / sizeof(seq_num_dtls_tests[0]))
121
122struct seq_num_test seq_num_tls_tests[] = {
123 {
124 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
125 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
126 .want = 1,
127 },
128 {
129 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
130 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02},
131 .want = 1,
132 },
133 {
134 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfe},
135 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
136 .want = 1,
137 },
138 {
139 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
140 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
141 .want = 1,
142 },
143 {
144 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00},
145 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01},
146 .want = 1,
147 },
148 {
149 .seq_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xff},
150 .want_num = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00},
151 .want = 1,
152 },
153 {
154 .seq_num = {0xab, 0xcd, 0xef, 0x00, 0xfe, 0xff, 0xff, 0xff},
155 .want_num = {0xab, 0xcd, 0xef, 0x00, 0xff, 0x00, 0x00, 0x00},
156 .want = 1,
157 },
158 {
159 .seq_num = {0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
160 .want_num = {0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
161 .want = 1,
162 },
163 {
164 .seq_num = {0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
165 .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
166 .want = 1,
167 },
168 {
169 .seq_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
170 .want_num = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
171 .want = 1,
172 },
173 {
174 .seq_num = {0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
175 .want_num = {0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
176 .want = 1,
177 },
178 {
179 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
180 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
181 .want = 1,
182 },
183 {
184 .seq_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
185 .want_num = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
186 .want = 0,
187 },
188};
189
190#define N_SEQ_NUM_TLS_TESTS \
191 (sizeof(seq_num_tls_tests) / sizeof(seq_num_tls_tests[0]))
192
193#ifndef TLS12_RECORD_SEQ_NUM_LEN
194#define TLS12_RECORD_SEQ_NUM_LEN 8
195#endif
196
197static int
198do_seq_num_test_tls12(size_t test_no, int dtls, struct seq_num_test *snt)
199{
200 uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN];
201 struct tls12_record_layer *rl;
202 int failed = 1;
203 int ret;
204
205 if ((rl = tls12_record_layer_new()) == NULL)
206 errx(1, "tls12_record_layer_new");
207
208 if (dtls)
209 tls12_record_layer_set_version(rl, DTLS1_2_VERSION);
210
211 memcpy(seq_num, snt->seq_num, sizeof(seq_num));
212
213 if ((ret = tls12_record_layer_inc_seq_num(rl, seq_num)) != snt->want) {
214 fprintf(stderr, "FAIL: Test %zu - got return %i, want %i\n",
215 test_no, ret, snt->want);
216 goto failure;
217 }
218
219 if (memcmp(seq_num, snt->want_num, sizeof(seq_num)) != 0) {
220 fprintf(stderr, "FAIL: Test %zu - got sequence number:\n",
221 test_no);
222 hexdump(seq_num, sizeof(seq_num));
223 fprintf(stderr, "want:\n");
224 hexdump(snt->want_num, sizeof(snt->want_num));
225 goto failure;
226 }
227
228 failed = 0;
229
230 failure:
231 tls12_record_layer_free(rl);
232
233 return failed;
234}
235
236static int
237test_seq_num_tls12(void)
238{
239 int failed = 0;
240 size_t i;
241
242 fprintf(stderr, "Running TLSv1.2 sequence number tests...\n");
243 for (i = 0; i < N_SEQ_NUM_TLS_TESTS; i++)
244 failed |= do_seq_num_test_tls12(i, 0, &seq_num_tls_tests[i]);
245
246 fprintf(stderr, "Running DTLSv1.2 sequence number tests...\n");
247 for (i = 0; i < N_SEQ_NUM_DTLS_TESTS; i++)
248 failed |= do_seq_num_test_tls12(i, 1, &seq_num_dtls_tests[i]);
249
250 return failed;
251}
252
253static int
254do_seq_num_test_tls13(size_t test_no, struct seq_num_test *snt)
255{
256 uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
257 int failed = 1;
258 int ret;
259
260 memcpy(seq_num, snt->seq_num, sizeof(seq_num));
261
262 if ((ret = tls13_record_layer_inc_seq_num(seq_num)) != snt->want) {
263 fprintf(stderr, "FAIL: Test %zu - got return %i, want %i\n",
264 test_no, ret, snt->want);
265 goto failure;
266 }
267
268 if (memcmp(seq_num, snt->want_num, sizeof(seq_num)) != 0) {
269 fprintf(stderr, "FAIL: Test %zu - got sequence number:\n",
270 test_no);
271 hexdump(seq_num, sizeof(seq_num));
272 fprintf(stderr, "want:\n");
273 hexdump(snt->want_num, sizeof(snt->want_num));
274 goto failure;
275 }
276
277 failed = 0;
278
279 failure:
280 return failed;
281}
282
283static int
284test_seq_num_tls13(void)
285{
286 int failed = 0;
287 size_t i;
288
289 fprintf(stderr, "Running TLSv1.3 sequence number tests...\n");
290
291 for (i = 0; i < N_SEQ_NUM_TLS_TESTS; i++)
292 failed |= do_seq_num_test_tls13(i, &seq_num_tls_tests[i]);
293
294 return failed;
295}
296
297int
298main(int argc, char **argv)
299{
300 int failed = 0;
301
302 failed |= test_seq_num_tls12();
303 failed |= test_seq_num_tls13();
304
305 return failed;
306}
diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile
deleted file mode 100644
index 0621a5f243..0000000000
--- a/src/regress/lib/libssl/server/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2020/05/11 18:18:21 jsing Exp $
2
3PROG= servertest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS= \
10 regress-servertest
11
12regress-servertest: ${PROG}
13 ./servertest \
14 ${.CURDIR}/../../libssl/certs/server.pem \
15 ${.CURDIR}/../../libssl/certs/server.pem \
16 ${.CURDIR}/../../libssl/certs/ca.pem
17
18.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c
deleted file mode 100644
index a71c5f8c66..0000000000
--- a/src/regress/lib/libssl/server/servertest.c
+++ /dev/null
@@ -1,209 +0,0 @@
1/* $OpenBSD: servertest.c,v 1.5 2021/01/22 15:56:17 tb Exp $ */
2/*
3 * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <openssl/err.h>
21#include <openssl/dtls1.h>
22#include <openssl/ssl3.h>
23
24#include <err.h>
25#include <stdio.h>
26#include <string.h>
27
28const SSL_METHOD *tls_legacy_method(void);
29
30char *server_ca_file;
31char *server_cert_file;
32char *server_key_file;
33
34static unsigned char sslv2_client_hello_tls10[] = {
35 0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
36 0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
37 0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
38 0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
39 0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
40 0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
41 0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
42 0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
43 0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
44 0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
45 0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
46 0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
47 0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
48 0xc8, 0x73, 0xad, 0x9c,
49};
50
51static unsigned char sslv2_client_hello_tls12[] = {
52 0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
53 0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
54 0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
55 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
56 0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
57 0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
58 0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
59 0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
60 0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
61 0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
62 0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
63 0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
64 0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
65 0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
66 0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
67 0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
68 0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
69 0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
70 0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
71 0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
72 0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
73 0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
74 0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
75 0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
76 0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
77 0x4e, 0x7d, 0x9d, 0x9c, 0x52,
78};
79
80struct server_hello_test {
81 const unsigned char *desc;
82 unsigned char *client_hello;
83 const size_t client_hello_len;
84 const SSL_METHOD *(*ssl_method)(void);
85 const long ssl_clear_options;
86 const long ssl_set_options;
87};
88
89static struct server_hello_test server_hello_tests[] = {
90 {
91 .desc = "TLSv1.0 in SSLv2 record",
92 .client_hello = sslv2_client_hello_tls10,
93 .client_hello_len = sizeof(sslv2_client_hello_tls10),
94 .ssl_method = tls_legacy_method,
95 .ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
96 .ssl_set_options = 0,
97 },
98 {
99 .desc = "TLSv1.2 in SSLv2 record",
100 .client_hello = sslv2_client_hello_tls12,
101 .client_hello_len = sizeof(sslv2_client_hello_tls12),
102 .ssl_method = tls_legacy_method,
103 .ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
104 .ssl_set_options = 0,
105 },
106};
107
108#define N_SERVER_HELLO_TESTS \
109 (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
110
111static int
112server_hello_test(int testno, struct server_hello_test *sht)
113{
114 BIO *rbio = NULL, *wbio = NULL;
115 SSL_CTX *ssl_ctx = NULL;
116 SSL *ssl = NULL;
117 int ret = 1;
118
119 fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
120
121 if ((rbio = BIO_new_mem_buf(sht->client_hello,
122 sht->client_hello_len)) == NULL) {
123 fprintf(stderr, "Failed to setup rbio\n");
124 goto failure;
125 }
126 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
127 fprintf(stderr, "Failed to setup wbio\n");
128 goto failure;
129 }
130
131 if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
132 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
133 goto failure;
134 }
135
136 if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
137 SSL_FILETYPE_PEM) != 1) {
138 fprintf(stderr, "Failed to load server certificate");
139 goto failure;
140 }
141 if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
142 SSL_FILETYPE_PEM) != 1) {
143 fprintf(stderr, "Failed to load server private key");
144 goto failure;
145 }
146
147 SSL_CTX_set_dh_auto(ssl_ctx, 1);
148 SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
149
150 SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
151 SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
152
153 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
154 fprintf(stderr, "SSL_new() returned NULL\n");
155 goto failure;
156 }
157
158 rbio->references = 2;
159 wbio->references = 2;
160
161 SSL_set_bio(ssl, rbio, wbio);
162
163 if (SSL_accept(ssl) != 0) {
164 fprintf(stderr, "SSL_accept() returned non-zero\n");
165 ERR_print_errors_fp(stderr);
166 goto failure;
167 }
168
169 ret = 0;
170
171 failure:
172 SSL_CTX_free(ssl_ctx);
173 SSL_free(ssl);
174
175 if (rbio != NULL)
176 rbio->references = 1;
177 if (wbio != NULL)
178 wbio->references = 1;
179
180 BIO_free(rbio);
181 BIO_free(wbio);
182
183 return (ret);
184}
185
186int
187main(int argc, char **argv)
188{
189 int failed = 0;
190 size_t i;
191
192 if (argc != 4) {
193 fprintf(stderr, "usage: %s keyfile certfile cafile\n",
194 argv[0]);
195 exit(1);
196 }
197
198 server_key_file = argv[1];
199 server_cert_file = argv[2];
200 server_ca_file = argv[3];
201
202 SSL_library_init();
203 SSL_load_error_strings();
204
205 for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
206 failed |= server_hello_test(i, &server_hello_tests[i]);
207
208 return (failed);
209}
diff --git a/src/regress/lib/libssl/ssl/Makefile b/src/regress/lib/libssl/ssl/Makefile
deleted file mode 100644
index 581341c310..0000000000
--- a/src/regress/lib/libssl/ssl/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:53 jsing Exp $
2
3PROG= ssltest
4LDADD= -lcrypto -lssl
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9REGRESS_TARGETS=regress-ssltest
10
11regress-ssltest: ${PROG}
12 sh ${.CURDIR}/testssl \
13 ${.CURDIR}/../certs/server.pem ${.CURDIR}/../certs/server.pem \
14 ${.CURDIR}/../certs/ca.pem
15
16.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
deleted file mode 100644
index 97caf523ac..0000000000
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ /dev/null
@@ -1,1911 +0,0 @@
1/* ssl/ssltest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116/* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
144 on Linux and GNU platforms. */
145#include <sys/types.h>
146#include <sys/param.h>
147#include <sys/socket.h>
148
149#include <netinet/in.h>
150
151#include <assert.h>
152#include <errno.h>
153#include <limits.h>
154#include <netdb.h>
155#include <stdio.h>
156#include <stdlib.h>
157#include <string.h>
158#include <time.h>
159#include <unistd.h>
160
161#include <ctype.h>
162
163#include <openssl/opensslconf.h>
164#include <openssl/bio.h>
165#include <openssl/crypto.h>
166#include <openssl/evp.h>
167#include <openssl/x509.h>
168#include <openssl/x509v3.h>
169#include <openssl/ssl.h>
170#ifndef OPENSSL_NO_ENGINE
171#include <openssl/engine.h>
172#endif
173#include <openssl/err.h>
174#include <openssl/rand.h>
175#include <openssl/rsa.h>
176#include <openssl/dsa.h>
177#include <openssl/dh.h>
178#include <openssl/bn.h>
179
180#define TEST_SERVER_CERT "../apps/server.pem"
181#define TEST_CLIENT_CERT "../apps/client.pem"
182
183static int verify_callback(int ok, X509_STORE_CTX *ctx);
184static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
185#define APP_CALLBACK_STRING "Test Callback Argument"
186struct app_verify_arg {
187 char *string;
188 int app_verify;
189 int allow_proxy_certs;
190 char *proxy_auth;
191 char *proxy_cond;
192};
193
194static DH *get_dh1024(void);
195static DH *get_dh1024dsa(void);
196
197static BIO *bio_err = NULL;
198static BIO *bio_stdout = NULL;
199
200static const char *alpn_client;
201static const char *alpn_server;
202static const char *alpn_expected;
203static unsigned char *alpn_selected;
204
205/*
206 * next_protos_parse parses a comma separated list of strings into a string
207 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
208 * outlen: (output) set to the length of the resulting buffer on success.
209 * err: (maybe NULL) on failure, an error message line is written to this BIO.
210 * in: a NUL terminated string like "abc,def,ghi"
211 *
212 * returns: a malloced buffer or NULL on failure.
213 */
214static unsigned char *
215next_protos_parse(unsigned short *outlen, const char *in)
216{
217 size_t i, len, start = 0;
218 unsigned char *out;
219
220 len = strlen(in);
221 if (len >= 65535)
222 return (NULL);
223
224 if ((out = malloc(strlen(in) + 1)) == NULL)
225 return (NULL);
226
227 for (i = 0; i <= len; ++i) {
228 if (i == len || in[i] == ',') {
229 if (i - start > 255) {
230 free(out);
231 return (NULL);
232 }
233 out[start] = i - start;
234 start = i + 1;
235 } else
236 out[i+1] = in[i];
237 }
238 *outlen = len + 1;
239 return (out);
240}
241
242static int
243cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
244 const unsigned char *in, unsigned int inlen, void *arg)
245{
246 unsigned char *protos;
247 unsigned short protos_len;
248
249 if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) {
250 fprintf(stderr,
251 "failed to parser ALPN server protocol string: %s\n",
252 alpn_server);
253 abort();
254 }
255
256 if (SSL_select_next_proto((unsigned char **)out, outlen, protos,
257 protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) {
258 free(protos);
259 return (SSL_TLSEXT_ERR_NOACK);
260 }
261
262 /*
263 * Make a copy of the selected protocol which will be freed in
264 * verify_alpn.
265 */
266 if ((alpn_selected = malloc(*outlen)) == NULL) {
267 fprintf(stderr, "malloc failed\n");
268 abort();
269 }
270 memcpy(alpn_selected, *out, *outlen);
271 *out = alpn_selected;
272 free(protos);
273
274 return (SSL_TLSEXT_ERR_OK);
275}
276
277static int
278verify_alpn(SSL *client, SSL *server)
279{
280 const unsigned char *client_proto, *server_proto;
281 unsigned int client_proto_len = 0, server_proto_len = 0;
282
283 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
284 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
285
286 free(alpn_selected);
287 alpn_selected = NULL;
288
289 if (client_proto_len != server_proto_len ||
290 memcmp(client_proto, server_proto, client_proto_len) != 0) {
291 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
292 goto err;
293 }
294
295 if (client_proto_len > 0 && alpn_expected == NULL) {
296 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
297 goto err;
298 }
299
300 if (alpn_expected != NULL &&
301 (client_proto_len != strlen(alpn_expected) ||
302 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
303 BIO_printf(bio_stdout, "ALPN selected protocols not equal to "
304 "expected protocol: %s\n", alpn_expected);
305 goto err;
306 }
307
308 return (0);
309
310err:
311 BIO_printf(bio_stdout, "ALPN results: client: '");
312 BIO_write(bio_stdout, client_proto, client_proto_len);
313 BIO_printf(bio_stdout, "', server: '");
314 BIO_write(bio_stdout, server_proto, server_proto_len);
315 BIO_printf(bio_stdout, "'\n");
316 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
317 alpn_client, alpn_server);
318
319 return (-1);
320}
321
322static char *cipher = NULL;
323static int verbose = 0;
324static int debug = 0;
325
326int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
327 clock_t *c_time);
328int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
329
330static void
331sv_usage(void)
332{
333 fprintf(stderr, "usage: ssltest [args ...]\n");
334 fprintf(stderr, "\n");
335 fprintf(stderr, " -server_auth - check server certificate\n");
336 fprintf(stderr, " -client_auth - do client authentication\n");
337 fprintf(stderr, " -proxy - allow proxy certificates\n");
338 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
339 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n");
340 fprintf(stderr, " -v - more output\n");
341 fprintf(stderr, " -d - debug output\n");
342 fprintf(stderr, " -reuse - use session-id reuse\n");
343 fprintf(stderr, " -num <val> - number of connections to perform\n");
344 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n");
345 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
346 fprintf(stderr, " -no_dhe - disable DHE\n");
347 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
348 fprintf(stderr, " -dtls1 - use DTLSv1\n");
349 fprintf(stderr, " -tls1 - use TLSv1\n");
350 fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
351 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
352 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
353 fprintf(stderr, " -cert arg - Server certificate file\n");
354 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n");
355 fprintf(stderr, " -c_cert arg - Client certificate file\n");
356 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n");
357 fprintf(stderr, " -cipher arg - The cipher list\n");
358 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
359 fprintf(stderr, " -f - Test even cases that can't work\n");
360 fprintf(stderr, " -time - measure processor time used by client and server\n");
361 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
362 " Use \"openssl ecparam -list_curves\" for all names\n" \
363 " (default is sect163r2).\n");
364 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
365 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
366 fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
367}
368
369static void
370print_details(SSL *c_ssl, const char *prefix)
371{
372 const SSL_CIPHER *ciph;
373 X509 *cert;
374
375 ciph = SSL_get_current_cipher(c_ssl);
376 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
377 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
378 SSL_CIPHER_get_name(ciph));
379 cert = SSL_get_peer_certificate(c_ssl);
380 if (cert != NULL) {
381 EVP_PKEY *pkey = X509_get_pubkey(cert);
382 if (pkey != NULL) {
383 if (pkey->type == EVP_PKEY_RSA &&
384 pkey->pkey.rsa != NULL &&
385 pkey->pkey.rsa->n != NULL) {
386 BIO_printf(bio_stdout, ", %d bit RSA",
387 BN_num_bits(pkey->pkey.rsa->n));
388 } else if (pkey->type == EVP_PKEY_DSA &&
389 pkey->pkey.dsa != NULL &&
390 pkey->pkey.dsa->p != NULL) {
391 BIO_printf(bio_stdout, ", %d bit DSA",
392 BN_num_bits(pkey->pkey.dsa->p));
393 }
394 EVP_PKEY_free(pkey);
395 }
396 X509_free(cert);
397 }
398 /* The SSL API does not allow us to look at temporary RSA/DH keys,
399 * otherwise we should print their lengths too */
400 BIO_printf(bio_stdout, "\n");
401}
402
403int
404main(int argc, char *argv[])
405{
406 char *CApath = NULL, *CAfile = NULL;
407 int badop = 0;
408 int bio_pair = 0;
409 int force = 0;
410 int tls1 = 0, tls1_2 = 0, dtls1 = 0, ret = 1;
411 int client_auth = 0;
412 int server_auth = 0, i;
413 struct app_verify_arg app_verify_arg =
414 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
415 char *server_cert = TEST_SERVER_CERT;
416 char *server_key = NULL;
417 char *client_cert = TEST_CLIENT_CERT;
418 char *client_key = NULL;
419 char *named_curve = NULL;
420 SSL_CTX *s_ctx = NULL;
421 SSL_CTX *c_ctx = NULL;
422 const SSL_METHOD *meth = NULL;
423 SSL *c_ssl, *s_ssl;
424 int number = 1, reuse = 0;
425 long bytes = 256L;
426 DH *dh;
427 int dhe1024dsa = 0;
428 EC_KEY *ecdh = NULL;
429 int no_dhe = 0;
430 int no_ecdhe = 0;
431 int print_time = 0;
432 clock_t s_time = 0, c_time = 0;
433
434 verbose = 0;
435 debug = 0;
436 cipher = 0;
437
438 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
439
440 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
441
442 argc--;
443 argv++;
444
445 while (argc >= 1) {
446 if (!strcmp(*argv, "-F")) {
447 fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n");
448 exit(0);
449 } else if (strcmp(*argv, "-server_auth") == 0)
450 server_auth = 1;
451 else if (strcmp(*argv, "-client_auth") == 0)
452 client_auth = 1;
453 else if (strcmp(*argv, "-proxy_auth") == 0) {
454 if (--argc < 1)
455 goto bad;
456 app_verify_arg.proxy_auth= *(++argv);
457 } else if (strcmp(*argv, "-proxy_cond") == 0) {
458 if (--argc < 1)
459 goto bad;
460 app_verify_arg.proxy_cond= *(++argv);
461 } else if (strcmp(*argv, "-v") == 0)
462 verbose = 1;
463 else if (strcmp(*argv, "-d") == 0)
464 debug = 1;
465 else if (strcmp(*argv, "-reuse") == 0)
466 reuse = 1;
467 else if (strcmp(*argv, "-dhe1024dsa") == 0) {
468 dhe1024dsa = 1;
469 } else if (strcmp(*argv, "-no_dhe") == 0)
470 no_dhe = 1;
471 else if (strcmp(*argv, "-no_ecdhe") == 0)
472 no_ecdhe = 1;
473 else if (strcmp(*argv, "-dtls1") == 0)
474 dtls1 = 1;
475 else if (strcmp(*argv, "-tls1") == 0)
476 tls1 = 1;
477 else if (strcmp(*argv, "-tls1_2") == 0)
478 tls1_2 = 1;
479 else if (strncmp(*argv, "-num", 4) == 0) {
480 if (--argc < 1)
481 goto bad;
482 number = atoi(*(++argv));
483 if (number == 0)
484 number = 1;
485 } else if (strcmp(*argv, "-bytes") == 0) {
486 if (--argc < 1)
487 goto bad;
488 bytes = atol(*(++argv));
489 if (bytes == 0L)
490 bytes = 1L;
491 i = strlen(argv[0]);
492 if (argv[0][i - 1] == 'k')
493 bytes*=1024L;
494 if (argv[0][i - 1] == 'm')
495 bytes*=1024L*1024L;
496 } else if (strcmp(*argv, "-cert") == 0) {
497 if (--argc < 1)
498 goto bad;
499 server_cert= *(++argv);
500 } else if (strcmp(*argv, "-s_cert") == 0) {
501 if (--argc < 1)
502 goto bad;
503 server_cert= *(++argv);
504 } else if (strcmp(*argv, "-key") == 0) {
505 if (--argc < 1)
506 goto bad;
507 server_key= *(++argv);
508 } else if (strcmp(*argv, "-s_key") == 0) {
509 if (--argc < 1)
510 goto bad;
511 server_key= *(++argv);
512 } else if (strcmp(*argv, "-c_cert") == 0) {
513 if (--argc < 1)
514 goto bad;
515 client_cert= *(++argv);
516 } else if (strcmp(*argv, "-c_key") == 0) {
517 if (--argc < 1)
518 goto bad;
519 client_key= *(++argv);
520 } else if (strcmp(*argv, "-cipher") == 0) {
521 if (--argc < 1)
522 goto bad;
523 cipher= *(++argv);
524 } else if (strcmp(*argv, "-CApath") == 0) {
525 if (--argc < 1)
526 goto bad;
527 CApath= *(++argv);
528 } else if (strcmp(*argv, "-CAfile") == 0) {
529 if (--argc < 1)
530 goto bad;
531 CAfile= *(++argv);
532 } else if (strcmp(*argv, "-bio_pair") == 0) {
533 bio_pair = 1;
534 } else if (strcmp(*argv, "-f") == 0) {
535 force = 1;
536 } else if (strcmp(*argv, "-time") == 0) {
537 print_time = 1;
538 } else if (strcmp(*argv, "-named_curve") == 0) {
539 if (--argc < 1)
540 goto bad;
541 named_curve = *(++argv);
542 } else if (strcmp(*argv, "-app_verify") == 0) {
543 app_verify_arg.app_verify = 1;
544 } else if (strcmp(*argv, "-proxy") == 0) {
545 app_verify_arg.allow_proxy_certs = 1;
546 } else if (strcmp(*argv, "-alpn_client") == 0) {
547 if (--argc < 1)
548 goto bad;
549 alpn_client = *(++argv);
550 } else if (strcmp(*argv, "-alpn_server") == 0) {
551 if (--argc < 1)
552 goto bad;
553 alpn_server = *(++argv);
554 } else if (strcmp(*argv, "-alpn_expected") == 0) {
555 if (--argc < 1)
556 goto bad;
557 alpn_expected = *(++argv);
558 } else {
559 fprintf(stderr, "unknown option %s\n", *argv);
560 badop = 1;
561 break;
562 }
563 argc--;
564 argv++;
565 }
566 if (badop) {
567bad:
568 sv_usage();
569 goto end;
570 }
571
572 if (!dtls1 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
573 fprintf(stderr,
574 "This case cannot work. Use -f to perform "
575 "the test anyway (and\n-d to see what happens), "
576 "or add one of -dtls1, -tls1, -tls1_2, -reuse\n"
577 "to avoid protocol mismatch.\n");
578 exit(1);
579 }
580
581 if (print_time) {
582 if (!bio_pair) {
583 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
584 bio_pair = 1;
585 }
586 if (number < 50 && !force)
587 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
588 }
589
590/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
591
592 SSL_library_init();
593 SSL_load_error_strings();
594
595 if (dtls1)
596 meth = DTLSv1_method();
597 else if (tls1)
598 meth = TLSv1_method();
599 else if (tls1_2)
600 meth = TLSv1_2_method();
601 else
602 meth = TLS_method();
603
604 c_ctx = SSL_CTX_new(meth);
605 s_ctx = SSL_CTX_new(meth);
606 if ((c_ctx == NULL) || (s_ctx == NULL)) {
607 ERR_print_errors(bio_err);
608 goto end;
609 }
610
611 if (cipher != NULL) {
612 SSL_CTX_set_cipher_list(c_ctx, cipher);
613 SSL_CTX_set_cipher_list(s_ctx, cipher);
614 }
615
616 if (!no_dhe) {
617 if (dhe1024dsa) {
618 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
619 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
620 dh = get_dh1024dsa();
621 } else
622 dh = get_dh1024();
623 SSL_CTX_set_tmp_dh(s_ctx, dh);
624 DH_free(dh);
625 }
626
627 if (!no_ecdhe) {
628 int nid;
629
630 if (named_curve != NULL) {
631 nid = OBJ_sn2nid(named_curve);
632 if (nid == 0) {
633 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
634 goto end;
635 }
636 } else
637 nid = NID_X9_62_prime256v1;
638
639 ecdh = EC_KEY_new_by_curve_name(nid);
640 if (ecdh == NULL) {
641 BIO_printf(bio_err, "unable to create curve\n");
642 goto end;
643 }
644
645 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
646 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
647 EC_KEY_free(ecdh);
648 }
649
650 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert,
651 SSL_FILETYPE_PEM)) {
652 ERR_print_errors(bio_err);
653 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
654 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
655 ERR_print_errors(bio_err);
656 goto end;
657 }
658
659 if (client_auth) {
660 SSL_CTX_use_certificate_file(c_ctx, client_cert,
661 SSL_FILETYPE_PEM);
662 SSL_CTX_use_PrivateKey_file(c_ctx,
663 (client_key ? client_key : client_cert),
664 SSL_FILETYPE_PEM);
665 }
666
667 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
668 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
669 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
670 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
671 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
672 ERR_print_errors(bio_err);
673 /* goto end; */
674 }
675
676 if (client_auth) {
677 BIO_printf(bio_err, "client authentication\n");
678 SSL_CTX_set_verify(s_ctx,
679 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
680 verify_callback);
681 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
682 &app_verify_arg);
683 }
684 if (server_auth) {
685 BIO_printf(bio_err, "server authentication\n");
686 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
687 verify_callback);
688 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
689 &app_verify_arg);
690 }
691
692 {
693 int session_id_context = 0;
694 SSL_CTX_set_session_id_context(s_ctx,
695 (void *)&session_id_context, sizeof(session_id_context));
696 }
697
698 if (alpn_server != NULL)
699 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
700
701 if (alpn_client != NULL) {
702 unsigned short alpn_len;
703 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
704
705 if (alpn == NULL) {
706 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
707 goto end;
708 }
709 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
710 free(alpn);
711 }
712
713 c_ssl = SSL_new(c_ctx);
714 s_ssl = SSL_new(s_ctx);
715
716 for (i = 0; i < number; i++) {
717 if (!reuse)
718 SSL_set_session(c_ssl, NULL);
719 if (bio_pair)
720 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time,
721 &c_time);
722 else
723 ret = doit(s_ssl, c_ssl, bytes);
724 }
725
726 if (!verbose) {
727 print_details(c_ssl, "");
728 }
729 if ((number > 1) || (bytes > 1L))
730 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",
731 number, bytes);
732 if (print_time) {
733#ifdef CLOCKS_PER_SEC
734 /* "To determine the time in seconds, the value returned
735 * by the clock function should be divided by the value
736 * of the macro CLOCKS_PER_SEC."
737 * -- ISO/IEC 9899 */
738 BIO_printf(bio_stdout,
739 "Approximate total server time: %6.2f s\n"
740 "Approximate total client time: %6.2f s\n",
741 (double)s_time/CLOCKS_PER_SEC,
742 (double)c_time/CLOCKS_PER_SEC);
743#else
744 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
745 * -- cc on NeXTstep/OpenStep */
746 BIO_printf(bio_stdout,
747 "Approximate total server time: %6.2f units\n"
748 "Approximate total client time: %6.2f units\n",
749 (double)s_time,
750 (double)c_time);
751#endif
752 }
753
754 SSL_free(s_ssl);
755 SSL_free(c_ssl);
756
757end:
758 SSL_CTX_free(s_ctx);
759 SSL_CTX_free(c_ctx);
760 BIO_free(bio_stdout);
761
762#ifndef OPENSSL_NO_ENGINE
763 ENGINE_cleanup();
764#endif
765 CRYPTO_cleanup_all_ex_data();
766 ERR_free_strings();
767 ERR_remove_thread_state(NULL);
768 EVP_cleanup();
769 CRYPTO_mem_leaks(bio_err);
770 BIO_free(bio_err);
771
772 exit(ret);
773 return ret;
774}
775
776int
777doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
778 clock_t *c_time)
779{
780 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
781 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
782 BIO *server = NULL, *server_io = NULL;
783 BIO *client = NULL, *client_io = NULL;
784 int ret = 1;
785
786 size_t bufsiz = 256; /* small buffer for testing */
787
788 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
789 goto err;
790 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
791 goto err;
792
793 s_ssl_bio = BIO_new(BIO_f_ssl());
794 if (!s_ssl_bio)
795 goto err;
796
797 c_ssl_bio = BIO_new(BIO_f_ssl());
798 if (!c_ssl_bio)
799 goto err;
800
801 SSL_set_connect_state(c_ssl);
802 SSL_set_bio(c_ssl, client, client);
803 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
804
805 SSL_set_accept_state(s_ssl);
806 SSL_set_bio(s_ssl, server, server);
807 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
808
809 do {
810 /* c_ssl_bio: SSL filter BIO
811 *
812 * client: pseudo-I/O for SSL library
813 *
814 * client_io: client's SSL communication; usually to be
815 * relayed over some I/O facility, but in this
816 * test program, we're the server, too:
817 *
818 * server_io: server's SSL communication
819 *
820 * server: pseudo-I/O for SSL library
821 *
822 * s_ssl_bio: SSL filter BIO
823 *
824 * The client and the server each employ a "BIO pair":
825 * client + client_io, server + server_io.
826 * BIO pairs are symmetric. A BIO pair behaves similar
827 * to a non-blocking socketpair (but both endpoints must
828 * be handled by the same thread).
829 * [Here we could connect client and server to the ends
830 * of a single BIO pair, but then this code would be less
831 * suitable as an example for BIO pairs in general.]
832 *
833 * Useful functions for querying the state of BIO pair endpoints:
834 *
835 * BIO_ctrl_pending(bio) number of bytes we can read now
836 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
837 * other side's read attempt
838 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
839 *
840 * ..._read_request is never more than ..._write_guarantee;
841 * it depends on the application which one you should use.
842 */
843
844 /* We have non-blocking behaviour throughout this test program, but
845 * can be sure that there is *some* progress in each iteration; so
846 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
847 * -- we just try everything in each iteration
848 */
849
850 {
851 /* CLIENT */
852
853 char cbuf[1024*8];
854 int i, r;
855 clock_t c_clock = clock();
856
857 memset(cbuf, 0, sizeof(cbuf));
858
859 if (debug)
860 if (SSL_in_init(c_ssl))
861 printf("client waiting in SSL_connect - %s\n",
862 SSL_state_string_long(c_ssl));
863
864 if (cw_num > 0) {
865 /* Write to server. */
866
867 if (cw_num > (long)sizeof cbuf)
868 i = sizeof cbuf;
869 else
870 i = (int)cw_num;
871 r = BIO_write(c_ssl_bio, cbuf, i);
872 if (r < 0) {
873 if (!BIO_should_retry(c_ssl_bio)) {
874 fprintf(stderr, "ERROR in CLIENT\n");
875 goto err;
876 }
877 /* BIO_should_retry(...) can just be ignored here.
878 * The library expects us to call BIO_write with
879 * the same arguments again, and that's what we will
880 * do in the next iteration. */
881 } else if (r == 0) {
882 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
883 goto err;
884 } else {
885 if (debug)
886 printf("client wrote %d\n", r);
887 cw_num -= r;
888
889 }
890 }
891
892 if (cr_num > 0) {
893 /* Read from server. */
894
895 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
896 if (r < 0) {
897 if (!BIO_should_retry(c_ssl_bio)) {
898 fprintf(stderr, "ERROR in CLIENT\n");
899 goto err;
900 }
901 /* Again, "BIO_should_retry" can be ignored. */
902 } else if (r == 0) {
903 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
904 goto err;
905 } else {
906 if (debug)
907 printf("client read %d\n", r);
908 cr_num -= r;
909 }
910 }
911
912 /* c_time and s_time increments will typically be very small
913 * (depending on machine speed and clock tick intervals),
914 * but sampling over a large number of connections should
915 * result in fairly accurate figures. We cannot guarantee
916 * a lot, however -- if each connection lasts for exactly
917 * one clock tick, it will be counted only for the client
918 * or only for the server or even not at all.
919 */
920 *c_time += (clock() - c_clock);
921 }
922
923 {
924 /* SERVER */
925
926 char sbuf[1024*8];
927 int i, r;
928 clock_t s_clock = clock();
929
930 memset(sbuf, 0, sizeof(sbuf));
931
932 if (debug)
933 if (SSL_in_init(s_ssl))
934 printf("server waiting in SSL_accept - %s\n",
935 SSL_state_string_long(s_ssl));
936
937 if (sw_num > 0) {
938 /* Write to client. */
939
940 if (sw_num > (long)sizeof sbuf)
941 i = sizeof sbuf;
942 else
943 i = (int)sw_num;
944 r = BIO_write(s_ssl_bio, sbuf, i);
945 if (r < 0) {
946 if (!BIO_should_retry(s_ssl_bio)) {
947 fprintf(stderr, "ERROR in SERVER\n");
948 goto err;
949 }
950 /* Ignore "BIO_should_retry". */
951 } else if (r == 0) {
952 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
953 goto err;
954 } else {
955 if (debug)
956 printf("server wrote %d\n", r);
957 sw_num -= r;
958
959 }
960 }
961
962 if (sr_num > 0) {
963 /* Read from client. */
964
965 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
966 if (r < 0) {
967 if (!BIO_should_retry(s_ssl_bio)) {
968 fprintf(stderr, "ERROR in SERVER\n");
969 goto err;
970 }
971 /* blah, blah */
972 } else if (r == 0) {
973 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
974 goto err;
975 } else {
976 if (debug)
977 printf("server read %d\n", r);
978 sr_num -= r;
979 }
980 }
981
982 *s_time += (clock() - s_clock);
983 }
984
985 {
986 /* "I/O" BETWEEN CLIENT AND SERVER. */
987
988 size_t r1, r2;
989 BIO *io1 = server_io, *io2 = client_io;
990 /* we use the non-copying interface for io1
991 * and the standard BIO_write/BIO_read interface for io2
992 */
993
994 static int prev_progress = 1;
995 int progress = 0;
996
997 /* io1 to io2 */
998 do {
999 size_t num;
1000 int r;
1001
1002 r1 = BIO_ctrl_pending(io1);
1003 r2 = BIO_ctrl_get_write_guarantee(io2);
1004
1005 num = r1;
1006 if (r2 < num)
1007 num = r2;
1008 if (num) {
1009 char *dataptr;
1010
1011 if (INT_MAX < num) /* yeah, right */
1012 num = INT_MAX;
1013
1014 r = BIO_nread(io1, &dataptr, (int)num);
1015 assert(r > 0);
1016 assert(r <= (int)num);
1017 /* possibly r < num (non-contiguous data) */
1018 num = r;
1019 r = BIO_write(io2, dataptr, (int)num);
1020 if (r != (int)num) /* can't happen */
1021 {
1022 fprintf(stderr, "ERROR: BIO_write could not write "
1023 "BIO_ctrl_get_write_guarantee() bytes");
1024 goto err;
1025 }
1026 progress = 1;
1027
1028 if (debug)
1029 printf((io1 == client_io) ?
1030 "C->S relaying: %d bytes\n" :
1031 "S->C relaying: %d bytes\n",
1032 (int)num);
1033 }
1034 } while (r1 && r2);
1035
1036 /* io2 to io1 */
1037 {
1038 size_t num;
1039 int r;
1040
1041 r1 = BIO_ctrl_pending(io2);
1042 r2 = BIO_ctrl_get_read_request(io1);
1043 /* here we could use ..._get_write_guarantee instead of
1044 * ..._get_read_request, but by using the latter
1045 * we test restartability of the SSL implementation
1046 * more thoroughly */
1047 num = r1;
1048 if (r2 < num)
1049 num = r2;
1050 if (num) {
1051 char *dataptr;
1052
1053 if (INT_MAX < num)
1054 num = INT_MAX;
1055
1056 if (num > 1)
1057 --num; /* test restartability even more thoroughly */
1058
1059 r = BIO_nwrite0(io1, &dataptr);
1060 assert(r > 0);
1061 if (r < (int)num)
1062 num = r;
1063 r = BIO_read(io2, dataptr, (int)num);
1064 if (r != (int)num) /* can't happen */
1065 {
1066 fprintf(stderr, "ERROR: BIO_read could not read "
1067 "BIO_ctrl_pending() bytes");
1068 goto err;
1069 }
1070 progress = 1;
1071 r = BIO_nwrite(io1, &dataptr, (int)num);
1072 if (r != (int)num) /* can't happen */
1073 {
1074 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1075 "BIO_nwrite0() bytes");
1076 goto err;
1077 }
1078
1079 if (debug)
1080 printf((io2 == client_io) ?
1081 "C->S relaying: %d bytes\n" :
1082 "S->C relaying: %d bytes\n",
1083 (int)num);
1084 }
1085 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1086
1087 if (!progress && !prev_progress) {
1088 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
1089 fprintf(stderr, "ERROR: got stuck\n");
1090 goto err;
1091 }
1092 }
1093 prev_progress = progress;
1094 }
1095 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1096
1097 if (verbose)
1098 print_details(c_ssl, "DONE via BIO pair: ");
1099
1100 if (verify_alpn(c_ssl, s_ssl) < 0) {
1101 ret = 1;
1102 goto err;
1103 }
1104
1105 ret = 0;
1106
1107err:
1108 ERR_print_errors(bio_err);
1109
1110 BIO_free(server);
1111 BIO_free(server_io);
1112 BIO_free(client);
1113 BIO_free(client_io);
1114 BIO_free(s_ssl_bio);
1115 BIO_free(c_ssl_bio);
1116
1117 return ret;
1118}
1119
1120
1121#define W_READ 1
1122#define W_WRITE 2
1123#define C_DONE 1
1124#define S_DONE 2
1125
1126int
1127doit(SSL *s_ssl, SSL *c_ssl, long count)
1128{
1129 char cbuf[1024*8], sbuf[1024*8];
1130 long cw_num = count, cr_num = count;
1131 long sw_num = count, sr_num = count;
1132 int ret = 1;
1133 BIO *c_to_s = NULL;
1134 BIO *s_to_c = NULL;
1135 BIO *c_bio = NULL;
1136 BIO *s_bio = NULL;
1137 int c_r, c_w, s_r, s_w;
1138 int i, j;
1139 int done = 0;
1140 int c_write, s_write;
1141 int do_server = 0, do_client = 0;
1142
1143 memset(cbuf, 0, sizeof(cbuf));
1144 memset(sbuf, 0, sizeof(sbuf));
1145
1146 c_to_s = BIO_new(BIO_s_mem());
1147 s_to_c = BIO_new(BIO_s_mem());
1148 if ((s_to_c == NULL) || (c_to_s == NULL)) {
1149 ERR_print_errors(bio_err);
1150 goto err;
1151 }
1152
1153 c_bio = BIO_new(BIO_f_ssl());
1154 s_bio = BIO_new(BIO_f_ssl());
1155 if ((c_bio == NULL) || (s_bio == NULL)) {
1156 ERR_print_errors(bio_err);
1157 goto err;
1158 }
1159
1160 SSL_set_connect_state(c_ssl);
1161 SSL_set_bio(c_ssl, s_to_c, c_to_s);
1162 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
1163
1164 SSL_set_accept_state(s_ssl);
1165 SSL_set_bio(s_ssl, c_to_s, s_to_c);
1166 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
1167
1168 c_r = 0;
1169 s_r = 1;
1170 c_w = 1;
1171 s_w = 0;
1172 c_write = 1, s_write = 0;
1173
1174 /* We can always do writes */
1175 for (;;) {
1176 do_server = 0;
1177 do_client = 0;
1178
1179 i = (int)BIO_pending(s_bio);
1180 if ((i && s_r) || s_w)
1181 do_server = 1;
1182
1183 i = (int)BIO_pending(c_bio);
1184 if ((i && c_r) || c_w)
1185 do_client = 1;
1186
1187 if (do_server && debug) {
1188 if (SSL_in_init(s_ssl))
1189 printf("server waiting in SSL_accept - %s\n",
1190 SSL_state_string_long(s_ssl));
1191 }
1192
1193 if (do_client && debug) {
1194 if (SSL_in_init(c_ssl))
1195 printf("client waiting in SSL_connect - %s\n",
1196 SSL_state_string_long(c_ssl));
1197 }
1198
1199 if (!do_client && !do_server) {
1200 fprintf(stdout, "ERROR in STARTUP\n");
1201 ERR_print_errors(bio_err);
1202 goto err;
1203 }
1204
1205 if (do_client && !(done & C_DONE)) {
1206 if (c_write) {
1207 j = (cw_num > (long)sizeof(cbuf)) ?
1208 (int)sizeof(cbuf) : (int)cw_num;
1209 i = BIO_write(c_bio, cbuf, j);
1210 if (i < 0) {
1211 c_r = 0;
1212 c_w = 0;
1213 if (BIO_should_retry(c_bio)) {
1214 if (BIO_should_read(c_bio))
1215 c_r = 1;
1216 if (BIO_should_write(c_bio))
1217 c_w = 1;
1218 } else {
1219 fprintf(stderr, "ERROR in CLIENT\n");
1220 ERR_print_errors(bio_err);
1221 goto err;
1222 }
1223 } else if (i == 0) {
1224 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1225 goto err;
1226 } else {
1227 if (debug)
1228 printf("client wrote %d\n", i);
1229 /* ok */
1230 s_r = 1;
1231 c_write = 0;
1232 cw_num -= i;
1233 }
1234 } else {
1235 i = BIO_read(c_bio, cbuf, sizeof(cbuf));
1236 if (i < 0) {
1237 c_r = 0;
1238 c_w = 0;
1239 if (BIO_should_retry(c_bio)) {
1240 if (BIO_should_read(c_bio))
1241 c_r = 1;
1242 if (BIO_should_write(c_bio))
1243 c_w = 1;
1244 } else {
1245 fprintf(stderr, "ERROR in CLIENT\n");
1246 ERR_print_errors(bio_err);
1247 goto err;
1248 }
1249 } else if (i == 0) {
1250 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1251 goto err;
1252 } else {
1253 if (debug)
1254 printf("client read %d\n", i);
1255 cr_num -= i;
1256 if (sw_num > 0) {
1257 s_write = 1;
1258 s_w = 1;
1259 }
1260 if (cr_num <= 0) {
1261 s_write = 1;
1262 s_w = 1;
1263 done = S_DONE|C_DONE;
1264 }
1265 }
1266 }
1267 }
1268
1269 if (do_server && !(done & S_DONE)) {
1270 if (!s_write) {
1271 i = BIO_read(s_bio, sbuf, sizeof(cbuf));
1272 if (i < 0) {
1273 s_r = 0;
1274 s_w = 0;
1275 if (BIO_should_retry(s_bio)) {
1276 if (BIO_should_read(s_bio))
1277 s_r = 1;
1278 if (BIO_should_write(s_bio))
1279 s_w = 1;
1280 } else {
1281 fprintf(stderr, "ERROR in SERVER\n");
1282 ERR_print_errors(bio_err);
1283 goto err;
1284 }
1285 } else if (i == 0) {
1286 ERR_print_errors(bio_err);
1287 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n");
1288 goto err;
1289 } else {
1290 if (debug)
1291 printf("server read %d\n", i);
1292 sr_num -= i;
1293 if (cw_num > 0) {
1294 c_write = 1;
1295 c_w = 1;
1296 }
1297 if (sr_num <= 0) {
1298 s_write = 1;
1299 s_w = 1;
1300 c_write = 0;
1301 }
1302 }
1303 } else {
1304 j = (sw_num > (long)sizeof(sbuf)) ?
1305 (int)sizeof(sbuf) : (int)sw_num;
1306 i = BIO_write(s_bio, sbuf, j);
1307 if (i < 0) {
1308 s_r = 0;
1309 s_w = 0;
1310 if (BIO_should_retry(s_bio)) {
1311 if (BIO_should_read(s_bio))
1312 s_r = 1;
1313 if (BIO_should_write(s_bio))
1314 s_w = 1;
1315 } else {
1316 fprintf(stderr, "ERROR in SERVER\n");
1317 ERR_print_errors(bio_err);
1318 goto err;
1319 }
1320 } else if (i == 0) {
1321 ERR_print_errors(bio_err);
1322 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n");
1323 goto err;
1324 } else {
1325 if (debug)
1326 printf("server wrote %d\n", i);
1327 sw_num -= i;
1328 s_write = 0;
1329 c_r = 1;
1330 if (sw_num <= 0)
1331 done |= S_DONE;
1332 }
1333 }
1334 }
1335
1336 if ((done & S_DONE) && (done & C_DONE))
1337 break;
1338 }
1339
1340 if (verbose)
1341 print_details(c_ssl, "DONE: ");
1342
1343 if (verify_alpn(c_ssl, s_ssl) < 0) {
1344 ret = 1;
1345 goto err;
1346 }
1347
1348 ret = 0;
1349err:
1350 /* We have to set the BIO's to NULL otherwise they will be
1351 * free()ed twice. Once when th s_ssl is SSL_free()ed and
1352 * again when c_ssl is SSL_free()ed.
1353 * This is a hack required because s_ssl and c_ssl are sharing the same
1354 * BIO structure and SSL_set_bio() and SSL_free() automatically
1355 * BIO_free non NULL entries.
1356 * You should not normally do this or be required to do this */
1357 if (s_ssl != NULL) {
1358 s_ssl->rbio = NULL;
1359 s_ssl->wbio = NULL;
1360 }
1361 if (c_ssl != NULL) {
1362 c_ssl->rbio = NULL;
1363 c_ssl->wbio = NULL;
1364 }
1365
1366 BIO_free(c_to_s);
1367 BIO_free(s_to_c);
1368 BIO_free_all(c_bio);
1369 BIO_free_all(s_bio);
1370
1371 return (ret);
1372}
1373
1374static int
1375get_proxy_auth_ex_data_idx(void)
1376{
1377 static volatile int idx = -1;
1378 if (idx < 0) {
1379 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1380 if (idx < 0) {
1381 idx = X509_STORE_CTX_get_ex_new_index(0,
1382 "SSLtest for verify callback", NULL, NULL, NULL);
1383 }
1384 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1385 }
1386 return idx;
1387}
1388
1389static int
1390verify_callback(int ok, X509_STORE_CTX *ctx)
1391{
1392 char *s, buf[256];
1393
1394 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
1395 sizeof buf);
1396 if (s != NULL) {
1397 if (ok)
1398 fprintf(stderr, "depth=%d %s\n",
1399 ctx->error_depth, buf);
1400 else {
1401 fprintf(stderr, "depth=%d error=%d %s\n",
1402 ctx->error_depth, ctx->error, buf);
1403 }
1404 }
1405
1406 if (ok == 0) {
1407 fprintf(stderr, "Error string: %s\n",
1408 X509_verify_cert_error_string(ctx->error));
1409 switch (ctx->error) {
1410 case X509_V_ERR_CERT_NOT_YET_VALID:
1411 case X509_V_ERR_CERT_HAS_EXPIRED:
1412 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1413 fprintf(stderr, " ... ignored.\n");
1414 ok = 1;
1415 }
1416 }
1417
1418 if (ok == 1) {
1419 X509 *xs = ctx->current_cert;
1420#if 0
1421 X509 *xi = ctx->current_issuer;
1422#endif
1423
1424 if (xs->ex_flags & EXFLAG_PROXY) {
1425 unsigned int *letters =
1426 X509_STORE_CTX_get_ex_data(ctx,
1427 get_proxy_auth_ex_data_idx());
1428
1429 if (letters) {
1430 int found_any = 0;
1431 int i;
1432 PROXY_CERT_INFO_EXTENSION *pci =
1433 X509_get_ext_d2i(xs, NID_proxyCertInfo,
1434 NULL, NULL);
1435
1436 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
1437 case NID_Independent:
1438 /* Completely meaningless in this
1439 program, as there's no way to
1440 grant explicit rights to a
1441 specific PrC. Basically, using
1442 id-ppl-Independent is the perfect
1443 way to grant no rights at all. */
1444 fprintf(stderr, " Independent proxy certificate");
1445 for (i = 0; i < 26; i++)
1446 letters[i] = 0;
1447 break;
1448 case NID_id_ppl_inheritAll:
1449 /* This is basically a NOP, we
1450 simply let the current rights
1451 stand as they are. */
1452 fprintf(stderr, " Proxy certificate inherits all");
1453 break;
1454 default:
1455 s = (char *)
1456 pci->proxyPolicy->policy->data;
1457 i = pci->proxyPolicy->policy->length;
1458
1459 /* The algorithm works as follows:
1460 it is assumed that previous
1461 iterations or the initial granted
1462 rights has already set some elements
1463 of `letters'. What we need to do is
1464 to clear those that weren't granted
1465 by the current PrC as well. The
1466 easiest way to do this is to add 1
1467 to all the elements whose letters
1468 are given with the current policy.
1469 That way, all elements that are set
1470 by the current policy and were
1471 already set by earlier policies and
1472 through the original grant of rights
1473 will get the value 2 or higher.
1474 The last thing to do is to sweep
1475 through `letters' and keep the
1476 elements having the value 2 as set,
1477 and clear all the others. */
1478
1479 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1480 while (i-- > 0) {
1481 int c = *s++;
1482 if (isascii(c) && isalpha(c)) {
1483 if (islower(c))
1484 c = toupper(c);
1485 letters[c - 'A']++;
1486 }
1487 }
1488 for (i = 0; i < 26; i++)
1489 if (letters[i] < 2)
1490 letters[i] = 0;
1491 else
1492 letters[i] = 1;
1493 }
1494
1495 found_any = 0;
1496 fprintf(stderr, ", resulting proxy rights = ");
1497 for (i = 0; i < 26; i++)
1498 if (letters[i]) {
1499 fprintf(stderr, "%c", i + 'A');
1500 found_any = 1;
1501 }
1502 if (!found_any)
1503 fprintf(stderr, "none");
1504 fprintf(stderr, "\n");
1505
1506 PROXY_CERT_INFO_EXTENSION_free(pci);
1507 }
1508 }
1509 }
1510
1511 return (ok);
1512}
1513
1514static void
1515process_proxy_debug(int indent, const char *format, ...)
1516{
1517 static const char indentation[] =
1518 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1519 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1520 char my_format[256];
1521 va_list args;
1522
1523 (void) snprintf(my_format, sizeof(my_format), "%*.*s %s",
1524 indent, indent, indentation, format);
1525
1526 va_start(args, format);
1527 vfprintf(stderr, my_format, args);
1528 va_end(args);
1529}
1530/* Priority levels:
1531 0 [!]var, ()
1532 1 & ^
1533 2 |
1534*/
1535static int process_proxy_cond_adders(unsigned int letters[26],
1536 const char *cond, const char **cond_end, int *pos, int indent);
1537
1538static int
1539process_proxy_cond_val(unsigned int letters[26], const char *cond,
1540 const char **cond_end, int *pos, int indent)
1541{
1542 int c;
1543 int ok = 1;
1544 int negate = 0;
1545
1546 while (isspace((int)*cond)) {
1547 cond++;
1548 (*pos)++;
1549 }
1550 c = *cond;
1551
1552 if (debug)
1553 process_proxy_debug(indent,
1554 "Start process_proxy_cond_val at position %d: %s\n",
1555 *pos, cond);
1556
1557 while (c == '!') {
1558 negate = !negate;
1559 cond++;
1560 (*pos)++;
1561 while (isspace((int)*cond)) {
1562 cond++;
1563 (*pos)++;
1564 }
1565 c = *cond;
1566 }
1567
1568 if (c == '(') {
1569 cond++;
1570 (*pos)++;
1571 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
1572 indent + 1);
1573 cond = *cond_end;
1574 if (ok < 0)
1575 goto end;
1576 while (isspace((int)*cond)) {
1577 cond++;
1578 (*pos)++;
1579 }
1580 c = *cond;
1581 if (c != ')') {
1582 fprintf(stderr,
1583 "Weird condition character in position %d: "
1584 "%c\n", *pos, c);
1585 ok = -1;
1586 goto end;
1587 }
1588 cond++;
1589 (*pos)++;
1590 } else if (isascii(c) && isalpha(c)) {
1591 if (islower(c))
1592 c = toupper(c);
1593 ok = letters[c - 'A'];
1594 cond++;
1595 (*pos)++;
1596 } else {
1597 fprintf(stderr,
1598 "Weird condition character in position %d: "
1599 "%c\n", *pos, c);
1600 ok = -1;
1601 goto end;
1602 }
1603end:
1604 *cond_end = cond;
1605 if (ok >= 0 && negate)
1606 ok = !ok;
1607
1608 if (debug)
1609 process_proxy_debug(indent,
1610 "End process_proxy_cond_val at position %d: %s, returning %d\n",
1611 *pos, cond, ok);
1612
1613 return ok;
1614}
1615
1616static int
1617process_proxy_cond_multipliers(unsigned int letters[26], const char *cond,
1618 const char **cond_end, int *pos, int indent)
1619{
1620 int ok;
1621 char c;
1622
1623 if (debug)
1624 process_proxy_debug(indent,
1625 "Start process_proxy_cond_multipliers at position %d: %s\n",
1626 *pos, cond);
1627
1628 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
1629 cond = *cond_end;
1630 if (ok < 0)
1631 goto end;
1632
1633 while (ok >= 0) {
1634 while (isspace((int)*cond)) {
1635 cond++;
1636 (*pos)++;
1637 }
1638 c = *cond;
1639
1640 switch (c) {
1641 case '&':
1642 case '^':
1643 {
1644 int save_ok = ok;
1645
1646 cond++;
1647 (*pos)++;
1648 ok = process_proxy_cond_val(letters,
1649 cond, cond_end, pos, indent + 1);
1650 cond = *cond_end;
1651 if (ok < 0)
1652 break;
1653
1654 switch (c) {
1655 case '&':
1656 ok &= save_ok;
1657 break;
1658 case '^':
1659 ok ^= save_ok;
1660 break;
1661 default:
1662 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1663 " STOPPING\n");
1664 exit(1);
1665 }
1666 }
1667 break;
1668 default:
1669 goto end;
1670 }
1671 }
1672end:
1673 if (debug)
1674 process_proxy_debug(indent,
1675 "End process_proxy_cond_multipliers at position %d: %s, "
1676 "returning %d\n",
1677 *pos, cond, ok);
1678
1679 *cond_end = cond;
1680 return ok;
1681}
1682
1683static int
1684process_proxy_cond_adders(unsigned int letters[26], const char *cond,
1685 const char **cond_end, int *pos, int indent)
1686{
1687 int ok;
1688 char c;
1689
1690 if (debug)
1691 process_proxy_debug(indent,
1692 "Start process_proxy_cond_adders at position %d: %s\n",
1693 *pos, cond);
1694
1695 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
1696 indent + 1);
1697 cond = *cond_end;
1698 if (ok < 0)
1699 goto end;
1700
1701 while (ok >= 0) {
1702 while (isspace((int)*cond)) {
1703 cond++;
1704 (*pos)++;
1705 }
1706 c = *cond;
1707
1708 switch (c) {
1709 case '|':
1710 {
1711 int save_ok = ok;
1712
1713 cond++;
1714 (*pos)++;
1715 ok = process_proxy_cond_multipliers(letters,
1716 cond, cond_end, pos, indent + 1);
1717 cond = *cond_end;
1718 if (ok < 0)
1719 break;
1720
1721 switch (c) {
1722 case '|':
1723 ok |= save_ok;
1724 break;
1725 default:
1726 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1727 " STOPPING\n");
1728 exit(1);
1729 }
1730 }
1731 break;
1732 default:
1733 goto end;
1734 }
1735 }
1736end:
1737 if (debug)
1738 process_proxy_debug(indent,
1739 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
1740 *pos, cond, ok);
1741
1742 *cond_end = cond;
1743 return ok;
1744}
1745
1746static int
1747process_proxy_cond(unsigned int letters[26], const char *cond,
1748 const char **cond_end)
1749{
1750 int pos = 1;
1751 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
1752}
1753
1754static int
1755app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1756{
1757 int ok = 1;
1758 struct app_verify_arg *cb_arg = arg;
1759 unsigned int letters[26]; /* only used with proxy_auth */
1760
1761 if (cb_arg->app_verify) {
1762 char *s = NULL, buf[256];
1763
1764 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1765 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1766 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1767 (void *)ctx, (void *)ctx->cert);
1768 if (ctx->cert)
1769 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
1770 if (s != NULL) {
1771 fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
1772 }
1773 return (1);
1774 }
1775 if (cb_arg->proxy_auth) {
1776 int found_any = 0, i;
1777 char *sp;
1778
1779 for (i = 0; i < 26; i++)
1780 letters[i] = 0;
1781 for (sp = cb_arg->proxy_auth; *sp; sp++) {
1782 int c = *sp;
1783 if (isascii(c) && isalpha(c)) {
1784 if (islower(c))
1785 c = toupper(c);
1786 letters[c - 'A'] = 1;
1787 }
1788 }
1789
1790 fprintf(stderr, " Initial proxy rights = ");
1791 for (i = 0; i < 26; i++)
1792 if (letters[i]) {
1793 fprintf(stderr, "%c", i + 'A');
1794 found_any = 1;
1795 }
1796 if (!found_any)
1797 fprintf(stderr, "none");
1798 fprintf(stderr, "\n");
1799
1800 X509_STORE_CTX_set_ex_data(ctx,
1801 get_proxy_auth_ex_data_idx(), letters);
1802 }
1803 if (cb_arg->allow_proxy_certs) {
1804 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
1805 }
1806
1807 ok = X509_verify_cert(ctx);
1808
1809 if (cb_arg->proxy_auth) {
1810 if (ok > 0) {
1811 const char *cond_end = NULL;
1812
1813 ok = process_proxy_cond(letters,
1814 cb_arg->proxy_cond, &cond_end);
1815
1816 if (ok < 0)
1817 exit(3);
1818 if (*cond_end) {
1819 fprintf(stderr, "Stopped processing condition before it's end.\n");
1820 ok = 0;
1821 }
1822 if (!ok)
1823 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
1824 cb_arg->proxy_cond);
1825 else
1826 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
1827 cb_arg->proxy_cond);
1828 }
1829 }
1830 return (ok);
1831}
1832
1833/* These DH parameters have been generated as follows:
1834 * $ openssl dhparam -C -noout 1024
1835 * $ openssl dhparam -C -noout -dsaparam 1024
1836 * (The second function has been renamed to avoid name conflicts.)
1837 */
1838static DH *
1839get_dh1024()
1840{
1841 static unsigned char dh1024_p[] = {
1842 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A,
1843 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2,
1844 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0,
1845 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2,
1846 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C,
1847 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8,
1848 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52,
1849 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1,
1850 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1,
1851 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB,
1852 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
1853 };
1854 static unsigned char dh1024_g[] = {
1855 0x02,
1856 };
1857 DH *dh;
1858
1859 if ((dh = DH_new()) == NULL)
1860 return (NULL);
1861 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1862 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1863 if ((dh->p == NULL) || (dh->g == NULL)) {
1864 DH_free(dh);
1865 return (NULL);
1866 }
1867 return (dh);
1868}
1869
1870static DH *
1871get_dh1024dsa()
1872{
1873 static unsigned char dh1024_p[] = {
1874 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
1875 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
1876 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
1877 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
1878 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
1879 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
1880 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
1881 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
1882 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
1883 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
1884 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
1885 };
1886 static unsigned char dh1024_g[] = {
1887 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
1888 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
1889 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
1890 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
1891 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
1892 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
1893 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
1894 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
1895 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
1896 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
1897 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
1898 };
1899 DH *dh;
1900
1901 if ((dh = DH_new()) == NULL)
1902 return (NULL);
1903 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1904 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1905 if ((dh->p == NULL) || (dh->g == NULL)) {
1906 DH_free(dh);
1907 return (NULL);
1908 }
1909 dh->length = 160;
1910 return (dh);
1911}
diff --git a/src/regress/lib/libssl/ssl/testssl b/src/regress/lib/libssl/ssl/testssl
deleted file mode 100644
index fe633e8797..0000000000
--- a/src/regress/lib/libssl/ssl/testssl
+++ /dev/null
@@ -1,152 +0,0 @@
1#!/bin/sh
2
3key="$1"
4cert="$2"
5CA="-CAfile $3"
6ssltest="${4-./ssltest} -key $key -cert $cert -c_key $key -c_cert $cert"
7openssl=${5-openssl}
8extra="$6"
9
10$openssl version || exit 1
11
12if $openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
13 dsa_cert=YES
14else
15 dsa_cert=NO
16fi
17
18#############################################################################
19
20echo test sslv2/sslv3
21$ssltest $extra || exit 1
22
23echo test sslv2/sslv3 with server authentication
24$ssltest -server_auth $CA $extra || exit 1
25
26echo test sslv2/sslv3 with client authentication
27$ssltest -client_auth $CA $extra || exit 1
28
29echo test sslv2/sslv3 with both client and server authentication
30$ssltest -server_auth -client_auth $CA $extra || exit 1
31
32echo test sslv2/sslv3 via BIO pair
33$ssltest $extra || exit 1
34
35if [ $dsa_cert = NO ]; then
36 echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
37 $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
38fi
39
40echo test sslv2/sslv3 with 1024bit DHE via BIO pair
41$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
42
43echo test sslv2/sslv3 with server authentication
44$ssltest -bio_pair -server_auth $CA $extra || exit 1
45
46echo test sslv2/sslv3 with client authentication via BIO pair
47$ssltest -bio_pair -client_auth $CA $extra || exit 1
48
49echo test sslv2/sslv3 with both client and server authentication via BIO pair
50$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
51
52echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
53$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
54
55echo "Testing ciphersuites"
56for protocol in SSLv3 TLSv1.2; do
57 echo "Testing ciphersuites for $protocol"
58 for cipher in `$openssl ciphers -v "$protocol+aRSA" |
59 awk "/ $protocol / { print \\$1 }"`; do
60 echo "Testing $cipher"
61 $ssltest -cipher $cipher -tls1_2
62 if [ $? -ne 0 ] ; then
63 echo "Failed $cipher"
64 exit 1
65 fi
66 done
67done
68for protocol in TLSv1.3; do
69 echo "Testing ciphersuites for $protocol"
70 for cipher in `$openssl ciphers -v "$protocol" |
71 awk "/ $protocol / { print \\$1 }"`; do
72 echo "Testing $cipher"
73 $ssltest -cipher $cipher
74 if [ $? -ne 0 ] ; then
75 echo "Failed $cipher"
76 exit 1
77 fi
78 done
79done
80
81#############################################################################
82
83if $openssl no-dh; then
84 echo skipping anonymous DH tests
85else
86 echo test tls1 with 1024bit anonymous DH, multiple handshakes
87 $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
88fi
89
90#if $openssl no-rsa; then
91# echo skipping RSA tests
92#else
93# echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
94# ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
95#
96# if $openssl no-dh; then
97# echo skipping RSA+DHE tests
98# else
99# echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
100# ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
101# fi
102#fi
103
104#
105# DTLS tests
106#
107
108echo test dtlsv1
109$ssltest -dtls1 $extra || exit 1
110
111echo test dtlsv1 with server authentication
112$ssltest -dtls1 -server_auth $CA $extra || exit 1
113
114echo test dtlsv1 with client authentication
115$ssltest -dtls1 -client_auth $CA $extra || exit 1
116
117echo test dtlsv1 with both client and server authentication
118$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
119
120echo "Testing DTLS ciphersuites"
121for protocol in SSLv3; do
122 echo "Testing ciphersuites for $protocol"
123 for cipher in `$openssl ciphers -v "RSA+$protocol" |
124 awk "/ $protocol / { print \\$1 }" |
125 grep -v RC4`; do
126 echo "Testing $cipher"
127 $ssltest -cipher $cipher -dtls1
128 if [ $? -ne 0 ] ; then
129 echo "Failed $cipher"
130 exit 1
131 fi
132 done
133done
134
135#
136# ALPN tests
137#
138echo "Testing ALPN..."
139$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
140$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
141 -alpn_expected foo || exit 1
142$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
143 -alpn_expected foo || exit 1
144$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
145 -alpn_expected foo || exit 1
146$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
147 -alpn_expected foo || exit 1
148$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
149 -alpn_expected bar || exit 1
150$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
151 -alpn_expected bar || exit 1
152$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
diff --git a/src/regress/lib/libssl/tlsext/Makefile b/src/regress/lib/libssl/tlsext/Makefile
deleted file mode 100644
index 48b5bc1e25..0000000000
--- a/src/regress/lib/libssl/tlsext/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2017/07/16 18:18:10 jsing Exp $
2
3PROG= tlsexttest
4LDADD= ${SSL_INT} -lcrypto
5DPADD= ${LIBCRYPTO} ${LIBSSL}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Wundef -Werror -I$(BSDSRCDIR)/lib/libssl
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
deleted file mode 100644
index 4d7d22de8e..0000000000
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ /dev/null
@@ -1,3650 +0,0 @@
1/* $OpenBSD: tlsexttest.c,v 1.49 2021/03/24 21:36:26 tb Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <err.h>
21
22#include "ssl_locl.h"
23
24#include "bytestring.h"
25#include "ssl_tlsext.h"
26
27static void
28hexdump(const unsigned char *buf, size_t len)
29{
30 size_t i;
31
32 for (i = 1; i <= len; i++)
33 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
34
35 fprintf(stderr, "\n");
36}
37
38static void
39hexdump2(const uint16_t *buf, size_t len)
40{
41 size_t i;
42
43 for (i = 1; i <= len / 2; i++)
44 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n");
45
46 fprintf(stderr, "\n");
47}
48
49static void
50compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
51 size_t expect_len)
52{
53 fprintf(stderr, "received:\n");
54 hexdump(recv, recv_len);
55
56 fprintf(stderr, "test data:\n");
57 hexdump(expect, expect_len);
58}
59
60static void
61compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect,
62 size_t expect_len)
63{
64 fprintf(stderr, "received:\n");
65 hexdump2(recv, recv_len);
66
67 fprintf(stderr, "test data:\n");
68 hexdump2(expect, expect_len);
69}
70
71#define FAIL(msg, ...) \
72do { \
73 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
74 fprintf(stderr, msg, ##__VA_ARGS__); \
75} while(0)
76
77/*
78 * Supported Application-Layer Protocol Negotiation - RFC 7301
79 *
80 * There are already extensive unit tests for this so this just
81 * tests the state info.
82 */
83
84const uint8_t tlsext_alpn_multiple_protos_val[] = {
85 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
86 0x08, /* len */
87 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
88 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
89 0x09, /* len */
90 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
91};
92
93const uint8_t tlsext_alpn_multiple_protos[] = {
94 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
95 0x00, 0x13, /* len of all names */
96 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
97 0x08, /* len */
98 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
99 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
100 0x09, /* len */
101 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
102};
103
104const uint8_t tlsext_alpn_single_proto_val[] = {
105 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
106 0x08, /* len */
107 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
108};
109
110const uint8_t tlsext_alpn_single_proto_name[] = {
111 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
112};
113
114const uint8_t tlsext_alpn_single_proto[] = {
115 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
116 0x00, 0x09, /* len of all names */
117 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
118 0x08, /* len */
119 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
120};
121
122static int
123test_tlsext_alpn_client(void)
124{
125 SSL_CTX *ssl_ctx = NULL;
126 SSL *ssl = NULL;
127 uint8_t *data = NULL;
128 CBB cbb;
129 CBS cbs;
130 int failure, alert;
131 size_t dlen;
132
133 CBB_init(&cbb, 0);
134
135 failure = 1;
136
137 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
138 errx(1, "failed to create SSL_CTX");
139 if ((ssl = SSL_new(ssl_ctx)) == NULL)
140 errx(1, "failed to create SSL");
141
142 /* By default, we don't need this */
143 if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
144 FAIL("client should not need ALPN by default\n");
145 goto err;
146 }
147
148 /*
149 * Prereqs:
150 * 1) Set s->internal->alpn_client_proto_list
151 * - Using SSL_set_alpn_protos()
152 * 2) We have not finished or renegotiated.
153 * - S3I(s)->tmp.finish_md_len == 0
154 */
155 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
156 sizeof(tlsext_alpn_single_proto_val)) != 0) {
157 FAIL("should be able to set ALPN to http/1.1\n");
158 goto err;
159 }
160 if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
161 FAIL("client should need ALPN by now\n");
162 goto err;
163 }
164
165 /* Make sure we can build the client with a single proto. */
166
167 if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
168 FAIL("client failed to build ALPN\n");
169 goto err;
170 }
171 if (!CBB_finish(&cbb, &data, &dlen))
172 errx(1, "failed to finish CBB");
173
174 if (dlen != sizeof(tlsext_alpn_single_proto)) {
175 FAIL("got client ALPN with length %zu, "
176 "want length %zu\n", dlen,
177 sizeof(tlsext_alpn_single_proto));
178 compare_data(data, dlen, tlsext_alpn_single_proto,
179 sizeof(tlsext_alpn_single_proto));
180 goto err;
181 }
182 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
183 FAIL("client ALPN differs:\n");
184 compare_data(data, dlen, tlsext_alpn_single_proto,
185 sizeof(tlsext_alpn_single_proto));
186 goto err;
187 }
188
189 CBB_cleanup(&cbb);
190 CBB_init(&cbb, 0);
191 free(data);
192 data = NULL;
193
194 /* Make sure we can parse the single proto. */
195
196 CBS_init(&cbs, tlsext_alpn_single_proto,
197 sizeof(tlsext_alpn_single_proto));
198 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
199 FAIL("failed to parse ALPN\n");
200 goto err;
201 }
202 if (CBS_len(&cbs) != 0) {
203 FAIL("extension data remaining\n");
204 goto err;
205 }
206
207 if (ssl->internal->alpn_client_proto_list_len !=
208 sizeof(tlsext_alpn_single_proto_val)) {
209 FAIL("got client ALPN with length %zu, "
210 "want length %zu\n", dlen,
211 sizeof(tlsext_alpn_single_proto_val));
212 compare_data(ssl->internal->alpn_client_proto_list,
213 ssl->internal->alpn_client_proto_list_len,
214 tlsext_alpn_single_proto_val,
215 sizeof(tlsext_alpn_single_proto_val));
216 goto err;
217 }
218 if (memcmp(ssl->internal->alpn_client_proto_list,
219 tlsext_alpn_single_proto_val,
220 sizeof(tlsext_alpn_single_proto_val)) != 0) {
221 FAIL("client ALPN differs:\n");
222 compare_data(data, dlen, tlsext_alpn_single_proto_val,
223 sizeof(tlsext_alpn_single_proto_val));
224 goto err;
225 }
226
227 /* Make sure we can build the clienthello with multiple entries. */
228
229 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
230 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
231 FAIL("should be able to set ALPN to http/1.1\n");
232 goto err;
233 }
234 if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
235 FAIL("client should need ALPN by now\n");
236 goto err;
237 }
238
239 if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
240 FAIL("client failed to build ALPN\n");
241 goto err;
242 }
243 if (!CBB_finish(&cbb, &data, &dlen))
244 errx(1, "failed to finish CBB");
245
246 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
247 FAIL("got client ALPN with length %zu, "
248 "want length %zu\n", dlen,
249 sizeof(tlsext_alpn_multiple_protos));
250 compare_data(data, dlen, tlsext_alpn_multiple_protos,
251 sizeof(tlsext_alpn_multiple_protos));
252 goto err;
253 }
254 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
255 FAIL("client ALPN differs:\n");
256 compare_data(data, dlen, tlsext_alpn_multiple_protos,
257 sizeof(tlsext_alpn_multiple_protos));
258 goto err;
259 }
260
261 /* Make sure we can parse multiple protos */
262
263 CBS_init(&cbs, tlsext_alpn_multiple_protos,
264 sizeof(tlsext_alpn_multiple_protos));
265 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
266 FAIL("failed to parse ALPN\n");
267 goto err;
268 }
269 if (CBS_len(&cbs) != 0) {
270 FAIL("extension data remaining\n");
271 goto err;
272 }
273
274 if (ssl->internal->alpn_client_proto_list_len !=
275 sizeof(tlsext_alpn_multiple_protos_val)) {
276 FAIL("got client ALPN with length %zu, "
277 "want length %zu\n", dlen,
278 sizeof(tlsext_alpn_multiple_protos_val));
279 compare_data(ssl->internal->alpn_client_proto_list,
280 ssl->internal->alpn_client_proto_list_len,
281 tlsext_alpn_multiple_protos_val,
282 sizeof(tlsext_alpn_multiple_protos_val));
283 goto err;
284 }
285 if (memcmp(ssl->internal->alpn_client_proto_list,
286 tlsext_alpn_multiple_protos_val,
287 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
288 FAIL("client ALPN differs:\n");
289 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
290 sizeof(tlsext_alpn_multiple_protos_val));
291 goto err;
292 }
293
294 /* Make sure we can remove the list and avoid ALPN */
295
296 free(ssl->internal->alpn_client_proto_list);
297 ssl->internal->alpn_client_proto_list = NULL;
298 ssl->internal->alpn_client_proto_list_len = 0;
299
300 if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
301 FAIL("client should need ALPN by default\n");
302 goto err;
303 }
304
305 failure = 0;
306
307 err:
308 CBB_cleanup(&cbb);
309 SSL_CTX_free(ssl_ctx);
310 SSL_free(ssl);
311 free(data);
312
313 return (failure);
314}
315
316static int
317test_tlsext_alpn_server(void)
318{
319 SSL_CTX *ssl_ctx = NULL;
320 SSL *ssl = NULL;
321 uint8_t *data = NULL;
322 CBB cbb;
323 CBS cbs;
324 int failure, alert;
325 size_t dlen;
326
327 CBB_init(&cbb, 0);
328
329 failure = 1;
330
331 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
332 errx(1, "failed to create SSL_CTX");
333 if ((ssl = SSL_new(ssl_ctx)) == NULL)
334 errx(1, "failed to create SSL");
335
336 /* By default, ALPN isn't needed. */
337 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
338 FAIL("server should not need ALPN by default\n");
339 goto err;
340 }
341
342 /*
343 * The server has a single ALPN selection which is set by
344 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
345 *
346 * This will be a plain name and separate length.
347 */
348 if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
349 errx(1, "failed to malloc");
350 }
351 memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
352 sizeof(tlsext_alpn_single_proto_name));
353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
354
355 if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
356 FAIL("server should need ALPN after a protocol is selected\n");
357 goto err;
358 }
359
360 /* Make sure we can build a server with one protocol */
361
362 if (!tlsext_alpn_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
363 FAIL("server should be able to build a response\n");
364 goto err;
365 }
366 if (!CBB_finish(&cbb, &data, &dlen))
367 errx(1, "failed to finish CBB");
368
369 if (dlen != sizeof(tlsext_alpn_single_proto)) {
370 FAIL("got client ALPN with length %zu, "
371 "want length %zu\n", dlen,
372 sizeof(tlsext_alpn_single_proto));
373 compare_data(data, dlen, tlsext_alpn_single_proto,
374 sizeof(tlsext_alpn_single_proto));
375 goto err;
376 }
377 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
378 FAIL("client ALPN differs:\n");
379 compare_data(data, dlen, tlsext_alpn_single_proto,
380 sizeof(tlsext_alpn_single_proto));
381 goto err;
382 }
383
384 CBB_cleanup(&cbb);
385 CBB_init(&cbb, 0);
386 free(data);
387 data = NULL;
388
389 /* Make sure we can parse the single proto. */
390
391 CBS_init(&cbs, tlsext_alpn_single_proto,
392 sizeof(tlsext_alpn_single_proto));
393
394 /* Shouldn't be able to parse without requesting */
395 if (tlsext_alpn_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
396 FAIL("Should only parse server if we requested it\n");
397 goto err;
398 }
399
400 /* Should be able to parse once requested. */
401 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
402 sizeof(tlsext_alpn_single_proto_val)) != 0) {
403 FAIL("should be able to set ALPN to http/1.1\n");
404 goto err;
405 }
406 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
407 FAIL("Should be able to parse server when we request it\n");
408 goto err;
409 }
410 if (CBS_len(&cbs) != 0) {
411 FAIL("extension data remaining\n");
412 goto err;
413 }
414
415 if (S3I(ssl)->alpn_selected_len !=
416 sizeof(tlsext_alpn_single_proto_name)) {
417 FAIL("got server ALPN with length %zu, "
418 "want length %zu\n", dlen,
419 sizeof(tlsext_alpn_single_proto_name));
420 compare_data(S3I(ssl)->alpn_selected,
421 S3I(ssl)->alpn_selected_len,
422 tlsext_alpn_single_proto_name,
423 sizeof(tlsext_alpn_single_proto_name));
424 goto err;
425 }
426 if (memcmp(S3I(ssl)->alpn_selected,
427 tlsext_alpn_single_proto_name,
428 sizeof(tlsext_alpn_single_proto_name)) != 0) {
429 FAIL("server ALPN differs:\n");
430 compare_data(S3I(ssl)->alpn_selected,
431 S3I(ssl)->alpn_selected_len,
432 tlsext_alpn_single_proto_name,
433 sizeof(tlsext_alpn_single_proto_name));
434 goto err;
435 }
436
437 /*
438 * We should NOT be able to build a server with multiple
439 * protocol names. However, the existing code did not check for this
440 * case because it is passed in as an encoded value.
441 */
442
443 /* Make sure we can remove the list and avoid ALPN */
444
445 free(S3I(ssl)->alpn_selected);
446 S3I(ssl)->alpn_selected = NULL;
447 S3I(ssl)->alpn_selected_len = 0;
448
449 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
450 FAIL("server should need ALPN by default\n");
451 goto err;
452 }
453
454 failure = 0;
455
456 err:
457 CBB_cleanup(&cbb);
458 SSL_CTX_free(ssl_ctx);
459 SSL_free(ssl);
460 free(data);
461
462 return (failure);
463
464}
465
466/*
467 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
468 *
469 * This extension is only used by the client.
470 */
471
472static uint8_t tlsext_supportedgroups_client_default[] = {
473 0x00, 0x08,
474 0x00, 0x1d, /* X25519 (29) */
475 0x00, 0x17, /* secp256r1 (23) */
476 0x00, 0x18, /* secp384r1 (24) */
477 0x00, 0x19, /* secp521r1 (25) */
478};
479
480static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
481 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */
482};
483static uint8_t tlsext_supportedgroups_client_secp384r1[] = {
484 0x00, 0x02,
485 0x00, 0x18 /* secp384r1 (24) */
486};
487
488/* Example from RFC 4492 section 5.1.1 */
489static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
490 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */
491 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */
492};
493static uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
494 0x00, 0x04,
495 0x00, 0x13, /* secp192r1 aka NIST P-192 */
496 0x00, 0x15 /* secp224r1 aka NIST P-224 */
497};
498
499static int
500test_tlsext_supportedgroups_client(void)
501{
502 unsigned char *data = NULL;
503 SSL_CTX *ssl_ctx = NULL;
504 SSL *ssl = NULL;
505 size_t dlen;
506 int failure, alert;
507 CBB cbb;
508 CBS cbs;
509
510 failure = 1;
511
512 if (!CBB_init(&cbb, 0))
513 errx(1, "failed to create CBB");
514
515 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
516 errx(1, "failed to create SSL_CTX");
517 if ((ssl = SSL_new(ssl_ctx)) == NULL)
518 errx(1, "failed to create SSL");
519
520 /*
521 * Default ciphers include EC so we need it by default.
522 */
523 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
524 FAIL("client should need Ellipticcurves for default "
525 "ciphers\n");
526 goto err;
527 }
528
529 /*
530 * Exclude cipher suites so we can test not including it.
531 */
532 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
533 FAIL("client should be able to set cipher list\n");
534 goto err;
535 }
536 if (tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
537 FAIL("client should not need Ellipticcurves\n");
538 goto err;
539 }
540
541 /*
542 * Use libtls default for the rest of the testing
543 */
544 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
545 FAIL("client should be able to set cipher list\n");
546 goto err;
547 }
548 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
549 FAIL("client should need Ellipticcurves\n");
550 goto err;
551 }
552
553 /*
554 * Test with a session secp384r1. The default is used instead.
555 */
556 if ((ssl->session = SSL_SESSION_new()) == NULL)
557 errx(1, "failed to create session");
558
559 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t)))
560 == NULL) {
561 FAIL("client could not malloc\n");
562 goto err;
563 }
564 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
565 SSI(ssl)->tlsext_supportedgroups_length = 1;
566
567 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
568 FAIL("client should need Ellipticcurves\n");
569 goto err;
570 }
571
572 if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
573 FAIL("client failed to build Ellipticcurves\n");
574 goto err;
575 }
576
577 if (!CBB_finish(&cbb, &data, &dlen))
578 errx(1, "failed to finish CBB");
579
580 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
581 FAIL("got client Ellipticcurves with length %zu, "
582 "want length %zu\n", dlen,
583 sizeof(tlsext_supportedgroups_client_default));
584 compare_data(data, dlen, tlsext_supportedgroups_client_default,
585 sizeof(tlsext_supportedgroups_client_default));
586 goto err;
587 }
588
589 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
590 FAIL("client Ellipticcurves differs:\n");
591 compare_data(data, dlen, tlsext_supportedgroups_client_default,
592 sizeof(tlsext_supportedgroups_client_default));
593 goto err;
594 }
595
596 /*
597 * Test parsing secp384r1
598 */
599 CBB_cleanup(&cbb);
600 CBB_init(&cbb, 0);
601 free(data);
602 data = NULL;
603
604 SSL_SESSION_free(ssl->session);
605 if ((ssl->session = SSL_SESSION_new()) == NULL)
606 errx(1, "failed to create session");
607
608 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
609 sizeof(tlsext_supportedgroups_client_secp384r1));
610 if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
611 FAIL("failed to parse client Ellipticcurves\n");
612 goto err;
613 }
614 if (CBS_len(&cbs) != 0) {
615 FAIL("extension data remaining\n");
616 goto err;
617 }
618
619 if (SSI(ssl)->tlsext_supportedgroups_length !=
620 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
621 FAIL("no tlsext_ellipticcurves from client "
622 "Ellipticcurves\n");
623 goto err;
624 }
625
626 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
627 tlsext_supportedgroups_client_secp384r1_val,
628 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
629 FAIL("client had an incorrect Ellipticcurves "
630 "entry\n");
631 compare_data2(SSI(ssl)->tlsext_supportedgroups,
632 SSI(ssl)->tlsext_supportedgroups_length * 2,
633 tlsext_supportedgroups_client_secp384r1_val,
634 sizeof(tlsext_supportedgroups_client_secp384r1_val));
635 goto err;
636 }
637
638 /*
639 * Use a custom order.
640 */
641 CBB_cleanup(&cbb);
642 CBB_init(&cbb, 0);
643
644 SSL_SESSION_free(ssl->session);
645 if ((ssl->session = SSL_SESSION_new()) == NULL)
646 errx(1, "failed to create session");
647
648 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) {
649 FAIL("client could not malloc\n");
650 goto err;
651 }
652 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1);
653 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
654 ssl->internal->tlsext_supportedgroups_length = 2;
655
656 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
657 FAIL("client should need Ellipticcurves\n");
658 goto err;
659 }
660
661 if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
662 FAIL("client failed to build Ellipticcurves\n");
663 goto err;
664 }
665
666 if (!CBB_finish(&cbb, &data, &dlen))
667 errx(1, "failed to finish CBB");
668
669 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
670 FAIL("got client Ellipticcurves with length %zu, "
671 "want length %zu\n", dlen,
672 sizeof(tlsext_supportedgroups_client_nistp192and224));
673 fprintf(stderr, "received:\n");
674 hexdump(data, dlen);
675 fprintf(stderr, "test data:\n");
676 hexdump(tlsext_supportedgroups_client_nistp192and224,
677 sizeof(tlsext_supportedgroups_client_nistp192and224));
678 goto err;
679 }
680
681 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
682 FAIL("client Ellipticcurves differs:\n");
683 fprintf(stderr, "received:\n");
684 hexdump(data, dlen);
685 fprintf(stderr, "test data:\n");
686 hexdump(tlsext_supportedgroups_client_nistp192and224,
687 sizeof(tlsext_supportedgroups_client_nistp192and224));
688 goto err;
689 }
690
691 /*
692 * Parse non-default curves to session.
693 */
694 CBB_cleanup(&cbb);
695 CBB_init(&cbb, 0);
696 free(data);
697 data = NULL;
698
699 SSL_SESSION_free(ssl->session);
700 if ((ssl->session = SSL_SESSION_new()) == NULL)
701 errx(1, "failed to create session");
702
703 /* Reset back to the default list. */
704 free(ssl->internal->tlsext_supportedgroups);
705 ssl->internal->tlsext_supportedgroups = NULL;
706 ssl->internal->tlsext_supportedgroups_length = 0;
707
708 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
709 sizeof(tlsext_supportedgroups_client_nistp192and224));
710 if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
711 FAIL("failed to parse client Ellipticcurves\n");
712 goto err;
713 }
714 if (CBS_len(&cbs) != 0) {
715 FAIL("extension data remaining\n");
716 goto err;
717 }
718
719 if (SSI(ssl)->tlsext_supportedgroups_length !=
720 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
721 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
722 goto err;
723 }
724
725 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
726 tlsext_supportedgroups_client_nistp192and224_val,
727 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
728 FAIL("client had an incorrect Ellipticcurves entry\n");
729 compare_data2(SSI(ssl)->tlsext_supportedgroups,
730 SSI(ssl)->tlsext_supportedgroups_length * 2,
731 tlsext_supportedgroups_client_nistp192and224_val,
732 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
733 goto err;
734 }
735
736 failure = 0;
737
738 err:
739 CBB_cleanup(&cbb);
740 SSL_CTX_free(ssl_ctx);
741 SSL_free(ssl);
742 free(data);
743
744 return (failure);
745}
746
747
748/* elliptic_curves is only used by the client so this doesn't test much. */
749static int
750test_tlsext_supportedgroups_server(void)
751{
752 SSL_CTX *ssl_ctx = NULL;
753 SSL *ssl = NULL;
754 int failure;
755
756 failure = 1;
757
758 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
759 errx(1, "failed to create SSL_CTX");
760 if ((ssl = SSL_new(ssl_ctx)) == NULL)
761 errx(1, "failed to create SSL");
762
763 if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
764 FAIL("server should not need elliptic_curves\n");
765 goto err;
766 }
767
768 if ((ssl->session = SSL_SESSION_new()) == NULL)
769 errx(1, "failed to create session");
770
771 if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
772 FAIL("server should not need elliptic_curves\n");
773 goto err;
774 }
775
776 failure = 0;
777
778 err:
779 SSL_CTX_free(ssl_ctx);
780 SSL_free(ssl);
781
782 return (failure);
783
784}
785
786/*
787 * Supported Point Formats - RFC 4492 section 5.1.2.
788 *
789 * Examples are from the RFC. Both client and server have the same build and
790 * parse but the needs differ.
791 */
792
793static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
794 TLSEXT_ECPOINTFORMAT_uncompressed
795};
796static uint8_t tlsext_ecpf_hello_uncompressed[] = {
797 0x01,
798 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
799};
800
801static uint8_t tlsext_ecpf_hello_prime[] = {
802 0x01,
803 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
804};
805
806static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
807 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
808 TLSEXT_ECPOINTFORMAT_uncompressed,
809 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
810};
811static uint8_t tlsext_ecpf_hello_prefer_order[] = {
812 0x03,
813 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
814 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
815 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
816};
817
818static int
819test_tlsext_ecpf_client(void)
820{
821 uint8_t *data = NULL;
822 SSL_CTX *ssl_ctx = NULL;
823 SSL *ssl = NULL;
824 size_t dlen;
825 int failure, alert;
826 CBB cbb;
827 CBS cbs;
828
829 failure = 1;
830
831 CBB_init(&cbb, 0);
832
833 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
834 errx(1, "failed to create SSL_CTX");
835 if ((ssl = SSL_new(ssl_ctx)) == NULL)
836 errx(1, "failed to create SSL");
837
838 /*
839 * Default ciphers include EC so we need it by default.
840 */
841 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
842 FAIL("client should need ECPointFormats for default "
843 "ciphers\n");
844 goto err;
845 }
846
847 /*
848 * Exclude EC cipher suites so we can test not including it.
849 */
850 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
851 FAIL("client should be able to set cipher list\n");
852 goto err;
853 }
854 if (tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
855 FAIL("client should not need ECPointFormats\n");
856 goto err;
857 }
858
859 /*
860 * Use libtls default for the rest of the testing
861 */
862 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
863 FAIL("client should be able to set cipher list\n");
864 goto err;
865 }
866 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
867 FAIL("client should need ECPointFormats\n");
868 goto err;
869 }
870
871 /*
872 * The default ECPointFormats should only have uncompressed
873 */
874 if ((ssl->session = SSL_SESSION_new()) == NULL)
875 errx(1, "failed to create session");
876
877 if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
878 FAIL("client failed to build ECPointFormats\n");
879 goto err;
880 }
881
882 if (!CBB_finish(&cbb, &data, &dlen))
883 errx(1, "failed to finish CBB");
884
885 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
886 FAIL("got client ECPointFormats with length %zu, "
887 "want length %zu\n", dlen,
888 sizeof(tlsext_ecpf_hello_uncompressed));
889 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
890 sizeof(tlsext_ecpf_hello_uncompressed));
891 goto err;
892 }
893
894 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
895 FAIL("client ECPointFormats differs:\n");
896 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
897 sizeof(tlsext_ecpf_hello_uncompressed));
898 goto err;
899 }
900
901 /*
902 * Make sure we can parse the default.
903 */
904 CBB_cleanup(&cbb);
905 CBB_init(&cbb, 0);
906 free(data);
907 data = NULL;
908
909 SSL_SESSION_free(ssl->session);
910 if ((ssl->session = SSL_SESSION_new()) == NULL)
911 errx(1, "failed to create session");
912
913 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
914 sizeof(tlsext_ecpf_hello_uncompressed));
915 if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
916 FAIL("failed to parse client ECPointFormats\n");
917 goto err;
918 }
919 if (CBS_len(&cbs) != 0) {
920 FAIL("extension data remaining\n");
921 goto err;
922 }
923
924 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
925 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
926 FAIL("no tlsext_ecpointformats from client "
927 "ECPointFormats\n");
928 goto err;
929 }
930
931 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
932 tlsext_ecpf_hello_uncompressed_val,
933 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
934 FAIL("client had an incorrect ECPointFormats entry\n");
935 goto err;
936 }
937
938 /*
939 * Test with a custom order.
940 */
941 CBB_cleanup(&cbb);
942 CBB_init(&cbb, 0);
943 free(data);
944 data = NULL;
945
946 SSL_SESSION_free(ssl->session);
947 if ((ssl->session = SSL_SESSION_new()) == NULL)
948 errx(1, "failed to create session");
949
950 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
951 FAIL("client could not malloc\n");
952 goto err;
953 }
954 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
955 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
956 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
957 ssl->internal->tlsext_ecpointformatlist_length = 3;
958
959 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
960 FAIL("client should need ECPointFormats with a custom "
961 "format\n");
962 goto err;
963 }
964
965 if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
966 FAIL("client failed to build ECPointFormats\n");
967 goto err;
968 }
969
970 if (!CBB_finish(&cbb, &data, &dlen))
971 errx(1, "failed to finish CBB");
972
973 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
974 FAIL("got client ECPointFormats with length %zu, "
975 "want length %zu\n", dlen,
976 sizeof(tlsext_ecpf_hello_prefer_order));
977 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
978 sizeof(tlsext_ecpf_hello_prefer_order));
979 goto err;
980 }
981
982 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
983 FAIL("client ECPointFormats differs:\n");
984 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
985 sizeof(tlsext_ecpf_hello_prefer_order));
986 goto err;
987 }
988
989 /*
990 * Make sure that we can parse this custom order.
991 */
992 CBB_cleanup(&cbb);
993 CBB_init(&cbb, 0);
994 free(data);
995 data = NULL;
996
997 SSL_SESSION_free(ssl->session);
998 if ((ssl->session = SSL_SESSION_new()) == NULL)
999 errx(1, "failed to create session");
1000
1001 /* Reset the custom list so we go back to the default uncompressed. */
1002 free(ssl->internal->tlsext_ecpointformatlist);
1003 ssl->internal->tlsext_ecpointformatlist = NULL;
1004 ssl->internal->tlsext_ecpointformatlist_length = 0;
1005
1006 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1007 sizeof(tlsext_ecpf_hello_prefer_order));
1008 if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1009 FAIL("failed to parse client ECPointFormats\n");
1010 goto err;
1011 }
1012 if (CBS_len(&cbs) != 0) {
1013 FAIL("extension data remaining\n");
1014 goto err;
1015 }
1016
1017 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1018 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1019 FAIL("no tlsext_ecpointformats from client "
1020 "ECPointFormats\n");
1021 goto err;
1022 }
1023
1024 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1025 tlsext_ecpf_hello_prefer_order_val,
1026 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1027 FAIL("client had an incorrect ECPointFormats entry\n");
1028 goto err;
1029 }
1030
1031
1032 failure = 0;
1033
1034 err:
1035 CBB_cleanup(&cbb);
1036 SSL_CTX_free(ssl_ctx);
1037 SSL_free(ssl);
1038 free(data);
1039
1040 return (failure);
1041}
1042
1043static int
1044test_tlsext_ecpf_server(void)
1045{
1046 uint8_t *data = NULL;
1047 SSL_CTX *ssl_ctx = NULL;
1048 SSL *ssl = NULL;
1049 size_t dlen;
1050 int failure, alert;
1051 CBB cbb;
1052 CBS cbs;
1053
1054 failure = 1;
1055
1056 CBB_init(&cbb, 0);
1057
1058 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1059 errx(1, "failed to create SSL_CTX");
1060 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1061 errx(1, "failed to create SSL");
1062
1063 if ((ssl->session = SSL_SESSION_new()) == NULL)
1064 errx(1, "failed to create session");
1065
1066 /* Setup the state so we can call needs. */
1067 if ((S3I(ssl)->hs.cipher =
1068 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1069 == NULL) {
1070 FAIL("server cannot find cipher\n");
1071 goto err;
1072 }
1073 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1074 == NULL) {
1075 FAIL("server could not malloc\n");
1076 goto err;
1077 }
1078 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1079 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1080
1081 if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1082 FAIL("server should need ECPointFormats now\n");
1083 goto err;
1084 }
1085
1086 /*
1087 * The server will ignore the session list and use either a custom
1088 * list or the default (uncompressed).
1089 */
1090 if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1091 FAIL("server failed to build ECPointFormats\n");
1092 goto err;
1093 }
1094
1095 if (!CBB_finish(&cbb, &data, &dlen))
1096 errx(1, "failed to finish CBB");
1097
1098 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1099 FAIL("got server ECPointFormats with length %zu, "
1100 "want length %zu\n", dlen,
1101 sizeof(tlsext_ecpf_hello_uncompressed));
1102 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1103 sizeof(tlsext_ecpf_hello_uncompressed));
1104 goto err;
1105 }
1106
1107 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1108 FAIL("server ECPointFormats differs:\n");
1109 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1110 sizeof(tlsext_ecpf_hello_uncompressed));
1111 goto err;
1112 }
1113
1114 /*
1115 * Cannot parse a non-default list without at least uncompressed.
1116 */
1117 CBB_cleanup(&cbb);
1118 CBB_init(&cbb, 0);
1119 free(data);
1120 data = NULL;
1121
1122 SSL_SESSION_free(ssl->session);
1123 if ((ssl->session = SSL_SESSION_new()) == NULL)
1124 errx(1, "failed to create session");
1125
1126 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1127 sizeof(tlsext_ecpf_hello_prime));
1128 if (tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1129 FAIL("must include uncompressed in server ECPointFormats\n");
1130 goto err;
1131 }
1132 if (CBS_len(&cbs) != 0) {
1133 FAIL("extension data remaining\n");
1134 goto err;
1135 }
1136
1137 /*
1138 * Test with a custom order that replaces the default uncompressed.
1139 */
1140 CBB_cleanup(&cbb);
1141 CBB_init(&cbb, 0);
1142 free(data);
1143 data = NULL;
1144
1145 SSL_SESSION_free(ssl->session);
1146 if ((ssl->session = SSL_SESSION_new()) == NULL)
1147 errx(1, "failed to create session");
1148
1149 /* Add a session list even though it will be ignored. */
1150 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
1151 == NULL) {
1152 FAIL("server could not malloc\n");
1153 goto err;
1154 }
1155 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1156 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1157
1158 /* Replace the default list with a custom one. */
1159 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
1160 FAIL("server could not malloc\n");
1161 goto err;
1162 }
1163 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1164 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
1165 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1166 ssl->internal->tlsext_ecpointformatlist_length = 3;
1167
1168 if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1169 FAIL("server should need ECPointFormats\n");
1170 goto err;
1171 }
1172
1173 if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1174 FAIL("server failed to build ECPointFormats\n");
1175 goto err;
1176 }
1177
1178 if (!CBB_finish(&cbb, &data, &dlen))
1179 errx(1, "failed to finish CBB");
1180
1181 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1182 FAIL("got server ECPointFormats with length %zu, "
1183 "want length %zu\n", dlen,
1184 sizeof(tlsext_ecpf_hello_prefer_order));
1185 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1186 sizeof(tlsext_ecpf_hello_prefer_order));
1187 goto err;
1188 }
1189
1190 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1191 FAIL("server ECPointFormats differs:\n");
1192 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1193 sizeof(tlsext_ecpf_hello_prefer_order));
1194 goto err;
1195 }
1196
1197 /*
1198 * Should be able to parse the custom list into a session list.
1199 */
1200 CBB_cleanup(&cbb);
1201 CBB_init(&cbb, 0);
1202 free(data);
1203 data = NULL;
1204
1205 SSL_SESSION_free(ssl->session);
1206 if ((ssl->session = SSL_SESSION_new()) == NULL)
1207 errx(1, "failed to create session");
1208
1209 /* Reset back to the default (uncompressed) */
1210 free(ssl->internal->tlsext_ecpointformatlist);
1211 ssl->internal->tlsext_ecpointformatlist = NULL;
1212 ssl->internal->tlsext_ecpointformatlist_length = 0;
1213
1214 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1215 sizeof(tlsext_ecpf_hello_prefer_order));
1216 if (!tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1217 FAIL("failed to parse server ECPointFormats\n");
1218 goto err;
1219 }
1220 if (CBS_len(&cbs) != 0) {
1221 FAIL("extension data remaining\n");
1222 goto err;
1223 }
1224
1225 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1226 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1227 FAIL("no tlsext_ecpointformats from server "
1228 "ECPointFormats\n");
1229 goto err;
1230 }
1231
1232 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1233 tlsext_ecpf_hello_prefer_order_val,
1234 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1235 FAIL("server had an incorrect ECPointFormats entry\n");
1236 goto err;
1237 }
1238
1239 failure = 0;
1240
1241 err:
1242 CBB_cleanup(&cbb);
1243 SSL_CTX_free(ssl_ctx);
1244 SSL_free(ssl);
1245 free(data);
1246
1247 return (failure);
1248}
1249
1250/*
1251 * Renegotiation Indication - RFC 5746.
1252 */
1253
1254static unsigned char tlsext_ri_prev_client[] = {
1255 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1256 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1257};
1258
1259static unsigned char tlsext_ri_prev_server[] = {
1260 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1261 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1262};
1263
1264static unsigned char tlsext_ri_client[] = {
1265 0x10,
1266 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1267 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1268};
1269
1270static unsigned char tlsext_ri_server[] = {
1271 0x20,
1272 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1273 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1274 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88,
1275 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1276};
1277
1278static int
1279test_tlsext_ri_client(void)
1280{
1281 unsigned char *data = NULL;
1282 SSL_CTX *ssl_ctx = NULL;
1283 SSL *ssl = NULL;
1284 int failure;
1285 size_t dlen;
1286 int alert;
1287 CBB cbb;
1288 CBS cbs;
1289
1290 failure = 1;
1291
1292 CBB_init(&cbb, 0);
1293
1294 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL)
1295 errx(1, "failed to create SSL_CTX");
1296 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1297 errx(1, "failed to create SSL");
1298
1299 if (tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1300 FAIL("client should not need RI\n");
1301 goto err;
1302 }
1303
1304 if (!SSL_renegotiate(ssl)) {
1305 FAIL("client failed to set renegotiate\n");
1306 goto err;
1307 }
1308
1309 if (!tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1310 FAIL("client should need RI\n");
1311 goto err;
1312 }
1313
1314 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1315 sizeof(tlsext_ri_prev_client));
1316 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1317
1318 S3I(ssl)->renegotiate_seen = 0;
1319
1320 if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1321 FAIL("client failed to build RI\n");
1322 goto err;
1323 }
1324
1325 if (!CBB_finish(&cbb, &data, &dlen))
1326 errx(1, "failed to finish CBB");
1327
1328 if (dlen != sizeof(tlsext_ri_client)) {
1329 FAIL("got client RI with length %zu, "
1330 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1331 goto err;
1332 }
1333
1334 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1335 FAIL("client RI differs:\n");
1336 fprintf(stderr, "received:\n");
1337 hexdump(data, dlen);
1338 fprintf(stderr, "test data:\n");
1339 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1340 goto err;
1341 }
1342
1343 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1344 if (!tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1345 FAIL("failed to parse client RI\n");
1346 goto err;
1347 }
1348 if (CBS_len(&cbs) != 0) {
1349 FAIL("extension data remaining\n");
1350 goto err;
1351 }
1352
1353 if (S3I(ssl)->renegotiate_seen != 1) {
1354 FAIL("renegotiate seen not set\n");
1355 goto err;
1356 }
1357 if (S3I(ssl)->send_connection_binding != 1) {
1358 FAIL("send connection binding not set\n");
1359 goto err;
1360 }
1361
1362 memset(S3I(ssl)->previous_client_finished, 0,
1363 sizeof(S3I(ssl)->previous_client_finished));
1364
1365 S3I(ssl)->renegotiate_seen = 0;
1366
1367 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1368 if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1369 FAIL("parsed invalid client RI\n");
1370 failure = 1;
1371 goto err;
1372 }
1373
1374 if (S3I(ssl)->renegotiate_seen == 1) {
1375 FAIL("renegotiate seen set\n");
1376 goto err;
1377 }
1378
1379 failure = 0;
1380
1381 err:
1382 CBB_cleanup(&cbb);
1383 SSL_CTX_free(ssl_ctx);
1384 SSL_free(ssl);
1385 free(data);
1386
1387 return (failure);
1388}
1389
1390static int
1391test_tlsext_ri_server(void)
1392{
1393 unsigned char *data = NULL;
1394 SSL_CTX *ssl_ctx = NULL;
1395 SSL *ssl = NULL;
1396 int failure;
1397 size_t dlen;
1398 int alert;
1399 CBB cbb;
1400 CBS cbs;
1401
1402 failure = 1;
1403
1404 CBB_init(&cbb, 0);
1405
1406 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1407 errx(1, "failed to create SSL_CTX");
1408 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1409 errx(1, "failed to create SSL");
1410
1411 ssl->version = TLS1_2_VERSION;
1412 if (tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1413 FAIL("server should not need RI\n");
1414 goto err;
1415 }
1416
1417 S3I(ssl)->send_connection_binding = 1;
1418
1419 if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1420 FAIL("server should need RI\n");
1421 goto err;
1422 }
1423
1424 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
1425 sizeof(tlsext_ri_prev_client));
1426 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1427
1428 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
1429 sizeof(tlsext_ri_prev_server));
1430 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1431
1432 S3I(ssl)->renegotiate_seen = 0;
1433
1434 if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1435 FAIL("server failed to build RI\n");
1436 goto err;
1437 }
1438
1439 if (!CBB_finish(&cbb, &data, &dlen))
1440 errx(1, "failed to finish CBB");
1441
1442 if (dlen != sizeof(tlsext_ri_server)) {
1443 FAIL("got server RI with length %zu, "
1444 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1445 goto err;
1446 }
1447
1448 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1449 FAIL("server RI differs:\n");
1450 fprintf(stderr, "received:\n");
1451 hexdump(data, dlen);
1452 fprintf(stderr, "test data:\n");
1453 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1454 goto err;
1455 }
1456
1457 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1458 if (!tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1459 FAIL("failed to parse server RI\n");
1460 goto err;
1461 }
1462 if (CBS_len(&cbs) != 0) {
1463 FAIL("extension data remaining\n");
1464 goto err;
1465 }
1466
1467 if (S3I(ssl)->renegotiate_seen != 1) {
1468 FAIL("renegotiate seen not set\n");
1469 goto err;
1470 }
1471 if (S3I(ssl)->send_connection_binding != 1) {
1472 FAIL("send connection binding not set\n");
1473 goto err;
1474 }
1475
1476 memset(S3I(ssl)->previous_client_finished, 0,
1477 sizeof(S3I(ssl)->previous_client_finished));
1478 memset(S3I(ssl)->previous_server_finished, 0,
1479 sizeof(S3I(ssl)->previous_server_finished));
1480
1481 S3I(ssl)->renegotiate_seen = 0;
1482
1483 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1484 if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1485 FAIL("parsed invalid server RI\n");
1486 goto err;
1487 }
1488
1489 if (S3I(ssl)->renegotiate_seen == 1) {
1490 FAIL("renegotiate seen set\n");
1491 goto err;
1492 }
1493
1494 failure = 0;
1495
1496 err:
1497 CBB_cleanup(&cbb);
1498 SSL_CTX_free(ssl_ctx);
1499 SSL_free(ssl);
1500 free(data);
1501
1502 return (failure);
1503}
1504
1505/*
1506 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1507 */
1508
1509static unsigned char tlsext_sigalgs_client[] = {
1510 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03,
1511 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04,
1512 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
1513};
1514
1515static int
1516test_tlsext_sigalgs_client(void)
1517{
1518 unsigned char *data = NULL;
1519 SSL_CTX *ssl_ctx = NULL;
1520 SSL *ssl = NULL;
1521 int failure = 0;
1522 size_t dlen;
1523 int alert;
1524 CBB cbb;
1525 CBS cbs;
1526
1527 CBB_init(&cbb, 0);
1528
1529 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1530 errx(1, "failed to create SSL_CTX");
1531 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1532 errx(1, "failed to create SSL");
1533
1534 S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION;
1535
1536 if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1537 fprintf(stderr, "FAIL: client should not need sigalgs\n");
1538 failure = 1;
1539 goto done;
1540 }
1541
1542 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
1543
1544 if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1545 fprintf(stderr, "FAIL: client should need sigalgs\n");
1546 failure = 1;
1547 goto done;
1548 }
1549
1550 if (!tlsext_sigalgs_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1551 fprintf(stderr, "FAIL: client failed to build sigalgs\n");
1552 failure = 1;
1553 goto done;
1554 }
1555
1556 if (!CBB_finish(&cbb, &data, &dlen))
1557 errx(1, "failed to finish CBB");
1558
1559 if (dlen != sizeof(tlsext_sigalgs_client)) {
1560 fprintf(stderr, "FAIL: got client sigalgs with length %zu, "
1561 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1562 failure = 1;
1563 goto done;
1564 }
1565
1566 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1567 fprintf(stderr, "FAIL: client SNI differs:\n");
1568 fprintf(stderr, "received:\n");
1569 hexdump(data, dlen);
1570 fprintf(stderr, "test data:\n");
1571 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1572 failure = 1;
1573 goto done;
1574 }
1575
1576 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1577 if (!tlsext_sigalgs_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1578 fprintf(stderr, "FAIL: failed to parse client SNI\n");
1579 failure = 1;
1580 goto done;
1581 }
1582 if (CBS_len(&cbs) != 0) {
1583 FAIL("extension data remaining\n");
1584 goto done;
1585 }
1586
1587 done:
1588 CBB_cleanup(&cbb);
1589 SSL_CTX_free(ssl_ctx);
1590 SSL_free(ssl);
1591 free(data);
1592
1593 return (failure);
1594}
1595
1596#if 0
1597static int
1598test_tlsext_sigalgs_server(void)
1599{
1600 unsigned char *data = NULL;
1601 SSL_CTX *ssl_ctx = NULL;
1602 SSL *ssl = NULL;
1603 int failure = 0;
1604 size_t dlen;
1605 int alert;
1606 CBB cbb;
1607 CBS cbs;
1608
1609 CBB_init(&cbb, 0);
1610
1611 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1612 errx(1, "failed to create SSL_CTX");
1613 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1614 errx(1, "failed to create SSL");
1615
1616 if (tlsext_sigalgs_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1617 fprintf(stderr, "FAIL: server should not need sigalgs\n");
1618 failure = 1;
1619 goto done;
1620 }
1621
1622 if (tlsext_sigalgs_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1623 fprintf(stderr, "FAIL: server should not build sigalgs\n");
1624 failure = 1;
1625 goto done;
1626 }
1627
1628 if (!CBB_finish(&cbb, &data, &dlen))
1629 errx(1, "failed to finish CBB");
1630
1631 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1632 if (tlsext_sigalgs_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1633 fprintf(stderr, "FAIL: server should not parse sigalgs\n");
1634 failure = 1;
1635 goto done;
1636 }
1637
1638 done:
1639 CBB_cleanup(&cbb);
1640 SSL_CTX_free(ssl_ctx);
1641 SSL_free(ssl);
1642 free(data);
1643
1644 return (failure);
1645}
1646#endif
1647
1648/*
1649 * Server Name Indication - RFC 6066 section 3.
1650 */
1651
1652#define TEST_SNI_SERVERNAME "www.libressl.org"
1653
1654static unsigned char tlsext_sni_client[] = {
1655 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1656 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1657 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1658};
1659
1660static unsigned char tlsext_sni_server[] = {
1661};
1662
1663static int
1664test_tlsext_sni_client(void)
1665{
1666 unsigned char *data = NULL;
1667 SSL_CTX *ssl_ctx = NULL;
1668 SSL *ssl = NULL;
1669 int failure;
1670 size_t dlen;
1671 int alert;
1672 CBB cbb;
1673 CBS cbs;
1674
1675 failure = 1;
1676
1677 CBB_init(&cbb, 0);
1678
1679 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1680 errx(1, "failed to create SSL_CTX");
1681 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1682 errx(1, "failed to create SSL");
1683
1684 if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1685 FAIL("client should not need SNI\n");
1686 goto err;
1687 }
1688
1689 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1690 FAIL("client failed to set server name\n");
1691 goto err;
1692 }
1693
1694 if (!tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1695 FAIL("client should need SNI\n");
1696 goto err;
1697 }
1698
1699 if (!tlsext_sni_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1700 FAIL("client failed to build SNI\n");
1701 goto err;
1702 }
1703
1704 if (!CBB_finish(&cbb, &data, &dlen))
1705 errx(1, "failed to finish CBB");
1706
1707 if (dlen != sizeof(tlsext_sni_client)) {
1708 FAIL("got client SNI with length %zu, "
1709 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1710 goto err;
1711 }
1712
1713 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1714 FAIL("client SNI differs:\n");
1715 fprintf(stderr, "received:\n");
1716 hexdump(data, dlen);
1717 fprintf(stderr, "test data:\n");
1718 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1719 goto err;
1720 }
1721
1722 if ((ssl->session = SSL_SESSION_new()) == NULL)
1723 errx(1, "failed to create session");
1724
1725 ssl->internal->hit = 0;
1726
1727 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1728 if (!tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1729 FAIL("failed to parse client SNI\n");
1730 goto err;
1731 }
1732 if (CBS_len(&cbs) != 0) {
1733 FAIL("extension data remaining\n");
1734 goto err;
1735 }
1736
1737 if (ssl->session->tlsext_hostname == NULL) {
1738 FAIL("no tlsext_hostname from client SNI\n");
1739 goto err;
1740 }
1741
1742 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1743 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1744 strlen(TEST_SNI_SERVERNAME)) != 0) {
1745 FAIL("got tlsext_hostname `%s', want `%s'\n",
1746 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1747 goto err;
1748 }
1749
1750 ssl->internal->hit = 1;
1751
1752 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) ==
1753 NULL)
1754 errx(1, "failed to strdup tlsext_hostname");
1755
1756 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1757 if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1758 FAIL("parsed client with mismatched SNI\n");
1759 goto err;
1760 }
1761
1762 failure = 0;
1763
1764 err:
1765 CBB_cleanup(&cbb);
1766 SSL_CTX_free(ssl_ctx);
1767 SSL_free(ssl);
1768 free(data);
1769
1770 return (failure);
1771}
1772
1773static int
1774test_tlsext_sni_server(void)
1775{
1776 unsigned char *data = NULL;
1777 SSL_CTX *ssl_ctx = NULL;
1778 SSL *ssl = NULL;
1779 int failure;
1780 size_t dlen;
1781 int alert;
1782 CBB cbb;
1783 CBS cbs;
1784
1785 failure = 1;
1786
1787 CBB_init(&cbb, 0);
1788
1789 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
1790 errx(1, "failed to create SSL_CTX");
1791 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1792 errx(1, "failed to create SSL");
1793
1794 if ((ssl->session = SSL_SESSION_new()) == NULL)
1795 errx(1, "failed to create session");
1796
1797 if (tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1798 FAIL("server should not need SNI\n");
1799 goto err;
1800 }
1801
1802 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) {
1803 FAIL("client failed to set server name\n");
1804 goto err;
1805 }
1806
1807 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) ==
1808 NULL)
1809 errx(1, "failed to strdup tlsext_hostname");
1810
1811 if (!tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1812 FAIL("server should need SNI\n");
1813 goto err;
1814 }
1815
1816 if (!tlsext_sni_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1817 FAIL("server failed to build SNI\n");
1818 goto err;
1819 }
1820
1821 if (!CBB_finish(&cbb, &data, &dlen))
1822 errx(1, "failed to finish CBB");
1823
1824 if (dlen != sizeof(tlsext_sni_server)) {
1825 FAIL("got server SNI with length %zu, "
1826 "want length %zu\n", dlen, sizeof(tlsext_sni_server));
1827 goto err;
1828 }
1829
1830 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1831 FAIL("server SNI differs:\n");
1832 fprintf(stderr, "received:\n");
1833 hexdump(data, dlen);
1834 fprintf(stderr, "test data:\n");
1835 hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
1836 goto err;
1837 }
1838
1839 free(ssl->session->tlsext_hostname);
1840 ssl->session->tlsext_hostname = NULL;
1841
1842 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
1843 if (!tlsext_sni_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1844 FAIL("failed to parse server SNI\n");
1845 goto err;
1846 }
1847 if (CBS_len(&cbs) != 0) {
1848 FAIL("extension data remaining\n");
1849 goto err;
1850 }
1851
1852 if (ssl->session->tlsext_hostname == NULL) {
1853 FAIL("no tlsext_hostname after server SNI\n");
1854 goto err;
1855 }
1856
1857 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) ||
1858 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME,
1859 strlen(TEST_SNI_SERVERNAME)) != 0) {
1860 FAIL("got tlsext_hostname `%s', want `%s'\n",
1861 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME);
1862 goto err;
1863 }
1864
1865 failure = 0;
1866
1867 err:
1868 CBB_cleanup(&cbb);
1869 SSL_CTX_free(ssl_ctx);
1870 SSL_free(ssl);
1871 free(data);
1872
1873 return (failure);
1874}
1875
1876static unsigned char tls_ocsp_client_default[] = {
1877 0x01, 0x00, 0x00, 0x00, 0x00
1878};
1879
1880static int
1881test_tlsext_ocsp_client(void)
1882{
1883 unsigned char *data = NULL;
1884 SSL_CTX *ssl_ctx = NULL;
1885 SSL *ssl = NULL;
1886 size_t dlen;
1887 int failure;
1888 int alert;
1889 CBB cbb;
1890 CBS cbs;
1891
1892 failure = 1;
1893
1894 CBB_init(&cbb, 0);
1895
1896 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1897 errx(1, "failed to create SSL_CTX");
1898 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1899 errx(1, "failed to create SSL");
1900
1901 if (tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1902 FAIL("client should not need ocsp\n");
1903 goto err;
1904 }
1905 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
1906
1907 if (!tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1908 FAIL("client should need ocsp\n");
1909 goto err;
1910 }
1911 if (!tlsext_ocsp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1912 FAIL("client failed to build SNI\n");
1913 goto err;
1914 }
1915 if (!CBB_finish(&cbb, &data, &dlen))
1916 errx(1, "failed to finish CBB");
1917
1918 if (dlen != sizeof(tls_ocsp_client_default)) {
1919 FAIL("got ocsp client with length %zu, "
1920 "want length %zu\n", dlen,
1921 sizeof(tls_ocsp_client_default));
1922 goto err;
1923 }
1924 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
1925 FAIL("ocsp client differs:\n");
1926 fprintf(stderr, "received:\n");
1927 hexdump(data, dlen);
1928 fprintf(stderr, "test data:\n");
1929 hexdump(tls_ocsp_client_default,
1930 sizeof(tls_ocsp_client_default));
1931 goto err;
1932 }
1933 CBS_init(&cbs, tls_ocsp_client_default,
1934 sizeof(tls_ocsp_client_default));
1935 if (!tlsext_ocsp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1936 FAIL("failed to parse ocsp client\n");
1937 goto err;
1938 }
1939 if (CBS_len(&cbs) != 0) {
1940 FAIL("extension data remaining\n");
1941 goto err;
1942 }
1943
1944 failure = 0;
1945
1946 err:
1947 CBB_cleanup(&cbb);
1948 SSL_CTX_free(ssl_ctx);
1949 SSL_free(ssl);
1950 free(data);
1951
1952 return (failure);
1953}
1954
1955static int
1956test_tlsext_ocsp_server(void)
1957{
1958 unsigned char *data = NULL;
1959 SSL_CTX *ssl_ctx = NULL;
1960 SSL *ssl = NULL;
1961 size_t dlen;
1962 int failure;
1963 CBB cbb;
1964
1965 failure = 1;
1966
1967 CBB_init(&cbb, 0);
1968
1969 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
1970 errx(1, "failed to create SSL_CTX");
1971 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1972 errx(1, "failed to create SSL");
1973
1974 if (tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1975 FAIL("server should not need ocsp\n");
1976 goto err;
1977 }
1978
1979 ssl->internal->tlsext_status_expected = 1;
1980
1981 if (!tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1982 FAIL("server should need ocsp\n");
1983 goto err;
1984 }
1985 if (!tlsext_ocsp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1986 FAIL("server failed to build ocsp\n");
1987 goto err;
1988 }
1989
1990 if (!CBB_finish(&cbb, &data, &dlen))
1991 errx(1, "failed to finish CBB");
1992
1993 failure = 0;
1994
1995 err:
1996 CBB_cleanup(&cbb);
1997 SSL_CTX_free(ssl_ctx);
1998 SSL_free(ssl);
1999 free(data);
2000
2001 return (failure);
2002}
2003
2004/*
2005 * Session ticket - RFC 5077 since no known implementations use 4507.
2006 *
2007 * Session tickets can be length 0 (special case) to 2^16-1.
2008 *
2009 * The state is encrypted by the server so it is opaque to the client.
2010 */
2011static uint8_t tlsext_sessionticket_hello_min[1];
2012static uint8_t tlsext_sessionticket_hello_max[65535];
2013
2014static int
2015test_tlsext_sessionticket_client(void)
2016{
2017 unsigned char *data = NULL;
2018 SSL_CTX *ssl_ctx = NULL;
2019 SSL *ssl = NULL;
2020 int failure;
2021 CBB cbb;
2022 size_t dlen;
2023 uint8_t dummy[1234];
2024
2025 failure = 1;
2026
2027 CBB_init(&cbb, 0);
2028
2029 /* Create fake session tickets with random data. */
2030 arc4random_buf(tlsext_sessionticket_hello_min,
2031 sizeof(tlsext_sessionticket_hello_min));
2032 arc4random_buf(tlsext_sessionticket_hello_max,
2033 sizeof(tlsext_sessionticket_hello_max));
2034
2035 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2036 errx(1, "failed to create SSL_CTX");
2037 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2038 errx(1, "failed to create SSL");
2039
2040 /* Should need a ticket by default. */
2041 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2042 FAIL("client should need Sessionticket for default "
2043 "ciphers\n");
2044 goto err;
2045 }
2046
2047 /* Test disabling tickets. */
2048 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2049 FAIL("Cannot disable tickets in the TLS connection\n");
2050 return 0;
2051 }
2052 if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2053 FAIL("client should not need SessionTicket if it was disabled\n");
2054 goto err;
2055 }
2056
2057 /* Test re-enabling tickets. */
2058 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2059 FAIL("Cannot re-enable tickets in the TLS connection\n");
2060 return 0;
2061 }
2062 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2063 FAIL("client should need SessionTicket if it was disabled\n");
2064 goto err;
2065 }
2066
2067 /* Since we don't have a session, we should build an empty ticket. */
2068 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2069 FAIL("Cannot build a ticket\n");
2070 goto err;
2071 }
2072 if (!CBB_finish(&cbb, &data, &dlen)) {
2073 FAIL("Cannot finish CBB\n");
2074 goto err;
2075 }
2076 if (dlen != 0) {
2077 FAIL("Expected 0 length but found %zu\n", dlen);
2078 goto err;
2079 }
2080
2081 CBB_cleanup(&cbb);
2082 CBB_init(&cbb, 0);
2083 free(data);
2084 data = NULL;
2085
2086 /* With a new session (but no ticket), we should still have 0 length */
2087 if ((ssl->session = SSL_SESSION_new()) == NULL)
2088 errx(1, "failed to create session");
2089 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2090 FAIL("Should still want a session ticket with a new session\n");
2091 goto err;
2092 }
2093 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2094 FAIL("Cannot build a ticket\n");
2095 goto err;
2096 }
2097 if (!CBB_finish(&cbb, &data, &dlen)) {
2098 FAIL("Cannot finish CBB\n");
2099 goto err;
2100 }
2101 if (dlen != 0) {
2102 FAIL("Expected 0 length but found %zu\n", dlen);
2103 goto err;
2104 }
2105
2106 CBB_cleanup(&cbb);
2107 CBB_init(&cbb, 0);
2108 free(data);
2109 data = NULL;
2110
2111 /* With a new session (and ticket), we should use that ticket */
2112 SSL_SESSION_free(ssl->session);
2113 if ((ssl->session = SSL_SESSION_new()) == NULL)
2114 errx(1, "failed to create session");
2115
2116 arc4random_buf(&dummy, sizeof(dummy));
2117 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) {
2118 errx(1, "failed to malloc");
2119 }
2120 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2121 ssl->session->tlsext_ticklen = sizeof(dummy);
2122
2123 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2124 FAIL("Should still want a session ticket with a new session\n");
2125 goto err;
2126 }
2127 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2128 FAIL("Cannot build a ticket\n");
2129 goto err;
2130 }
2131 if (!CBB_finish(&cbb, &data, &dlen)) {
2132 FAIL("Cannot finish CBB\n");
2133 goto err;
2134 }
2135 if (dlen != sizeof(dummy)) {
2136 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen);
2137 goto err;
2138 }
2139 if (memcmp(data, dummy, dlen) != 0) {
2140 FAIL("server SNI differs:\n");
2141 compare_data(data, dlen,
2142 dummy, sizeof(dummy));
2143 goto err;
2144 }
2145
2146 CBB_cleanup(&cbb);
2147 CBB_init(&cbb, 0);
2148 free(data);
2149 data = NULL;
2150 free(ssl->session->tlsext_tick);
2151 ssl->session->tlsext_tick = NULL;
2152 ssl->session->tlsext_ticklen = 0;
2153
2154 /*
2155 * Send in NULL to disable session tickets at runtime without going
2156 * through SSL_set_options().
2157 */
2158 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) {
2159 FAIL("Could not set a NULL custom ticket\n");
2160 goto err;
2161 }
2162 /* Should not need a ticket in this case */
2163 if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2164 FAIL("Should not want to use session tickets with a NULL custom\n");
2165 goto err;
2166 }
2167
2168 /*
2169 * If you want to remove the tlsext_session_ticket behavior, you have
2170 * to do it manually.
2171 */
2172 free(ssl->internal->tlsext_session_ticket);
2173 ssl->internal->tlsext_session_ticket = NULL;
2174
2175 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2176 FAIL("Should need a session ticket again when the custom one is removed\n");
2177 goto err;
2178 }
2179
2180 /* Test a custom session ticket (not recommended in practice) */
2181 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max,
2182 sizeof(tlsext_sessionticket_hello_max))) {
2183 FAIL("Should be able to set a custom ticket\n");
2184 goto err;
2185 }
2186 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2187 FAIL("Should need a session ticket again when the custom one is not empty\n");
2188 goto err;
2189 }
2190 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2191 FAIL("Cannot build a ticket with a max length random payload\n");
2192 goto err;
2193 }
2194 if (!CBB_finish(&cbb, &data, &dlen)) {
2195 FAIL("Cannot finish CBB\n");
2196 goto err;
2197 }
2198 if (dlen != sizeof(tlsext_sessionticket_hello_max)) {
2199 FAIL("Expected %zu length but found %zu\n",
2200 sizeof(tlsext_sessionticket_hello_max), dlen);
2201 goto err;
2202 }
2203 if (memcmp(data, tlsext_sessionticket_hello_max,
2204 sizeof(tlsext_sessionticket_hello_max)) != 0) {
2205 FAIL("Expected to get what we passed in\n");
2206 compare_data(data, dlen,
2207 tlsext_sessionticket_hello_max,
2208 sizeof(tlsext_sessionticket_hello_max));
2209 goto err;
2210 }
2211
2212 failure = 0;
2213
2214 err:
2215 CBB_cleanup(&cbb);
2216 SSL_CTX_free(ssl_ctx);
2217 SSL_free(ssl);
2218 free(data);
2219
2220 return (failure);
2221}
2222
2223
2224static int
2225test_tlsext_sessionticket_server(void)
2226{
2227 SSL_CTX *ssl_ctx = NULL;
2228 SSL *ssl = NULL;
2229 int failure;
2230 uint8_t *data;
2231 size_t dlen;
2232 CBB cbb;
2233
2234 CBB_init(&cbb, 0);
2235
2236 failure = 1;
2237
2238 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2239 errx(1, "failed to create SSL_CTX");
2240 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2241 errx(1, "failed to create SSL");
2242
2243 /*
2244 * By default, should not need a session ticket since the ticket
2245 * is not yet expected.
2246 */
2247 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2248 FAIL("server should not need SessionTicket by default\n");
2249 goto err;
2250 }
2251
2252 /* Test disabling tickets. */
2253 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2254 FAIL("Cannot disable tickets in the TLS connection\n");
2255 return 0;
2256 }
2257 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2258 FAIL("server should not need SessionTicket if it was disabled\n");
2259 goto err;
2260 }
2261
2262 /* Test re-enabling tickets. */
2263 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) {
2264 FAIL("Cannot re-enable tickets in the TLS connection\n");
2265 return 0;
2266 }
2267 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2268 FAIL("server should not need SessionTicket yet\n");
2269 goto err;
2270 }
2271
2272 /* Set expected to require it. */
2273 ssl->internal->tlsext_ticket_expected = 1;
2274 if (!tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2275 FAIL("server should now be required for SessionTicket\n");
2276 goto err;
2277 }
2278
2279 /* server hello's session ticket should always be 0 length payload. */
2280 if (!tlsext_sessionticket_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2281 FAIL("Cannot build a ticket with a max length random payload\n");
2282 goto err;
2283 }
2284 if (!CBB_finish(&cbb, &data, &dlen)) {
2285 FAIL("Cannot finish CBB\n");
2286 goto err;
2287 }
2288 if (dlen != 0) {
2289 FAIL("Expected 0 length but found %zu\n", dlen);
2290 goto err;
2291 }
2292
2293 failure = 0;
2294
2295 err:
2296 SSL_CTX_free(ssl_ctx);
2297 SSL_free(ssl);
2298
2299 return (failure);
2300}
2301
2302#ifndef OPENSSL_NO_SRTP
2303/*
2304 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1)
2305 */
2306
2307/* Colon separated string values */
2308const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80";
2309const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32";
2310
2311const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80";
2312const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32";
2313
2314const uint8_t tlsext_srtp_single[] = {
2315 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2316 0x00, 0x02, /* len */
2317 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2318 0x00 /* opaque srtp_mki<0..255> */
2319};
2320
2321const uint8_t tlsext_srtp_multiple[] = {
2322 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2323 0x00, 0x04, /* len */
2324 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */
2325 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2326 0x00 /* opaque srtp_mki<0..255> */
2327};
2328
2329const uint8_t tlsext_srtp_multiple_invalid[] = {
2330 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2331 0x00, 0x04, /* len */
2332 0x00, 0x08, /* arbitrary value not found in known profiles */
2333 0x00, 0x09, /* arbitrary value not found in known profiles */
2334 0x00 /* opaque srtp_mki<0..255> */
2335};
2336
2337const uint8_t tlsext_srtp_single_invalid[] = {
2338 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2339 0x00, 0x02, /* len */
2340 0x00, 0x08, /* arbitrary value not found in known profiles */
2341 0x00 /* opaque srtp_mki<0..255> */
2342};
2343
2344const uint8_t tlsext_srtp_multiple_one_valid[] = {
2345 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */
2346 0x00, 0x04, /* len */
2347 0x00, 0x08, /* arbitrary value not found in known profiles */
2348 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */
2349 0x00 /* opaque srtp_mki<0..255> */
2350};
2351
2352static int
2353test_tlsext_srtp_client(void)
2354{
2355 SRTP_PROTECTION_PROFILE *prof;
2356 SSL_CTX *ssl_ctx = NULL;
2357 SSL *ssl = NULL;
2358 uint8_t *data = NULL;
2359 CBB cbb;
2360 CBS cbs;
2361 int failure, alert;
2362 size_t dlen;
2363
2364 CBB_init(&cbb, 0);
2365
2366 failure = 1;
2367
2368 /* SRTP is for DTLS */
2369 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2370 errx(1, "failed to create SSL_CTX");
2371 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2372 errx(1, "failed to create SSL");
2373
2374 /* By default, we don't need this */
2375 if (tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2376 FAIL("client should not need SRTP by default\n");
2377 goto err;
2378 }
2379
2380 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) {
2381 FAIL("should be able to set a single SRTP\n");
2382 goto err;
2383 }
2384 if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2385 FAIL("client should need SRTP\n");
2386 goto err;
2387 }
2388
2389 /* Make sure we can build the client with a single profile. */
2390
2391 if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2392 FAIL("client failed to build SRTP\n");
2393 goto err;
2394 }
2395 if (!CBB_finish(&cbb, &data, &dlen))
2396 errx(1, "failed to finish CBB");
2397
2398 if (dlen != sizeof(tlsext_srtp_single)) {
2399 FAIL("got client SRTP with length %zu, "
2400 "want length %zu\n", dlen,
2401 sizeof(tlsext_srtp_single));
2402 compare_data(data, dlen, tlsext_srtp_single,
2403 sizeof(tlsext_srtp_single));
2404 goto err;
2405 }
2406 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2407 FAIL("client SRTP differs:\n");
2408 compare_data(data, dlen, tlsext_srtp_single,
2409 sizeof(tlsext_srtp_single));
2410 goto err;
2411 }
2412
2413 CBB_cleanup(&cbb);
2414 CBB_init(&cbb, 0);
2415 free(data);
2416 data = NULL;
2417
2418 /* Make sure we can parse the single profile. */
2419
2420 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2421 FAIL("SRTP profile should not be set yet\n");
2422 goto err;
2423 }
2424
2425 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2426 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2427 FAIL("failed to parse SRTP\n");
2428 goto err;
2429 }
2430 if (CBS_len(&cbs) != 0) {
2431 FAIL("extension data remaining\n");
2432 goto err;
2433 }
2434
2435 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2436 FAIL("SRTP profile should be set now\n");
2437 goto err;
2438 }
2439 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2440 FAIL("SRTP profile was not set properly\n");
2441 goto err;
2442 }
2443
2444 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2445 FAIL("should send server extension when profile selected\n");
2446 goto err;
2447 }
2448
2449 /* Make sure we can build the clienthello with multiple entries. */
2450
2451 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2452 FAIL("should be able to set SRTP to multiple profiles\n");
2453 goto err;
2454 }
2455 if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2456 FAIL("client should need SRTP by now\n");
2457 goto err;
2458 }
2459
2460 if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2461 FAIL("client failed to build SRTP\n");
2462 goto err;
2463 }
2464 if (!CBB_finish(&cbb, &data, &dlen))
2465 errx(1, "failed to finish CBB");
2466
2467 if (dlen != sizeof(tlsext_srtp_multiple)) {
2468 FAIL("got client SRTP with length %zu, "
2469 "want length %zu\n", dlen,
2470 sizeof(tlsext_srtp_multiple));
2471 compare_data(data, dlen, tlsext_srtp_multiple,
2472 sizeof(tlsext_srtp_multiple));
2473 goto err;
2474 }
2475 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2476 FAIL("client SRTP differs:\n");
2477 compare_data(data, dlen, tlsext_srtp_multiple,
2478 sizeof(tlsext_srtp_multiple));
2479 goto err;
2480 }
2481
2482 CBB_cleanup(&cbb);
2483 CBB_init(&cbb, 0);
2484 free(data);
2485 data = NULL;
2486
2487 /* Make sure we can parse multiple profiles (selects server preferred) */
2488
2489 ssl->internal->srtp_profile = NULL;
2490
2491 CBS_init(&cbs, tlsext_srtp_multiple,
2492 sizeof(tlsext_srtp_multiple));
2493 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2494 FAIL("failed to parse SRTP\n");
2495 goto err;
2496 }
2497 if (CBS_len(&cbs) != 0) {
2498 FAIL("extension data remaining\n");
2499 goto err;
2500 }
2501
2502 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2503 FAIL("SRTP profile should be set now\n");
2504 goto err;
2505 }
2506 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2507 FAIL("SRTP profile was not set properly\n");
2508 goto err;
2509 }
2510
2511 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2512 FAIL("should send server extension when profile selected\n");
2513 goto err;
2514 }
2515
2516 /*
2517 * Make sure we can parse the clienthello with multiple entries
2518 * where one is unknown.
2519 */
2520 ssl->internal->srtp_profile = NULL;
2521
2522 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2523 sizeof(tlsext_srtp_multiple_one_valid));
2524 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2525 FAIL("failed to parse SRTP\n");
2526 goto err;
2527 }
2528 if (CBS_len(&cbs) != 0) {
2529 FAIL("extension data remaining\n");
2530 goto err;
2531 }
2532
2533 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2534 FAIL("SRTP profile should be set now\n");
2535 goto err;
2536 }
2537 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) {
2538 FAIL("SRTP profile was not set properly\n");
2539 goto err;
2540 }
2541
2542 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2543 FAIL("should send server extension when profile selected\n");
2544 goto err;
2545 }
2546
2547 /* Make sure we fall back to negotiated when none work. */
2548
2549 ssl->internal->srtp_profile = NULL;
2550
2551 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
2552 sizeof(tlsext_srtp_multiple_invalid));
2553 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2554 FAIL("should be able to fall back to negotiated\n");
2555 goto err;
2556 }
2557 if (CBS_len(&cbs) != 0) {
2558 FAIL("extension data remaining\n");
2559 goto err;
2560 }
2561
2562 /* If we fallback, the server should NOT send the extension. */
2563 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2564 FAIL("should not have selected a profile when none found\n");
2565 goto err;
2566 }
2567 if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2568 FAIL("should not send server tlsext when no profile found\n");
2569 goto err;
2570 }
2571
2572 failure = 0;
2573
2574 err:
2575 CBB_cleanup(&cbb);
2576 SSL_CTX_free(ssl_ctx);
2577 SSL_free(ssl);
2578 free(data);
2579
2580 return (failure);
2581}
2582
2583static int
2584test_tlsext_srtp_server(void)
2585{
2586 const SRTP_PROTECTION_PROFILE *prof;
2587 SSL_CTX *ssl_ctx = NULL;
2588 SSL *ssl = NULL;
2589 uint8_t *data = NULL;
2590 CBB cbb;
2591 CBS cbs;
2592 int failure, alert;
2593 size_t dlen;
2594
2595 CBB_init(&cbb, 0);
2596
2597 failure = 1;
2598
2599 /* SRTP is for DTLS */
2600 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
2601 errx(1, "failed to create SSL_CTX");
2602 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2603 errx(1, "failed to create SSL");
2604
2605 /* By default, we don't need this */
2606 if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2607 FAIL("server should not need SRTP by default\n");
2608 goto err;
2609 }
2610
2611 if (srtp_find_profile_by_name(tlsext_srtp_aes128cmsha80, &prof,
2612 strlen(tlsext_srtp_aes128cmsha80))) {
2613 FAIL("should be able to find the given profile\n");
2614 goto err;
2615 }
2616 ssl->internal->srtp_profile = prof;
2617 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2618 FAIL("server should need SRTP by now\n");
2619 goto err;
2620 }
2621
2622 /* Make sure we can build the server with a single profile. */
2623
2624 if (!tlsext_srtp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2625 FAIL("server failed to build SRTP\n");
2626 goto err;
2627 }
2628 if (!CBB_finish(&cbb, &data, &dlen))
2629 errx(1, "failed to finish CBB");
2630
2631 if (dlen != sizeof(tlsext_srtp_single)) {
2632 FAIL("got server SRTP with length %zu, "
2633 "want length %zu\n", dlen,
2634 sizeof(tlsext_srtp_single));
2635 compare_data(data, dlen, tlsext_srtp_single,
2636 sizeof(tlsext_srtp_single));
2637 goto err;
2638 }
2639 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2640 FAIL("server SRTP differs:\n");
2641 compare_data(data, dlen, tlsext_srtp_single,
2642 sizeof(tlsext_srtp_single));
2643 goto err;
2644 }
2645
2646 CBB_cleanup(&cbb);
2647 CBB_init(&cbb, 0);
2648 free(data);
2649 data = NULL;
2650
2651 /* Make sure we can parse the single profile. */
2652 ssl->internal->srtp_profile = NULL;
2653
2654 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
2655 FAIL("SRTP profile should not be set yet\n");
2656 goto err;
2657 }
2658
2659 /* Setup the environment as if a client sent a list of profiles. */
2660 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) {
2661 FAIL("should be able to set multiple profiles in SRTP\n");
2662 goto err;
2663 }
2664
2665 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2666 if (!tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2667 FAIL("failed to parse SRTP\n");
2668 goto err;
2669 }
2670 if (CBS_len(&cbs) != 0) {
2671 FAIL("extension data remaining\n");
2672 goto err;
2673 }
2674
2675 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2676 FAIL("SRTP profile should be set now\n");
2677 goto err;
2678 }
2679 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) {
2680 FAIL("SRTP profile was not set properly\n");
2681 goto err;
2682 }
2683
2684 /* Make sure we cannot parse multiple profiles */
2685 ssl->internal->srtp_profile = NULL;
2686
2687 CBS_init(&cbs, tlsext_srtp_multiple,
2688 sizeof(tlsext_srtp_multiple));
2689 if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2690 FAIL("should not find multiple entries from the server\n");
2691 goto err;
2692 }
2693
2694 /* Make sure we cannot parse a server with unknown profile */
2695 ssl->internal->srtp_profile = NULL;
2696
2697 CBS_init(&cbs, tlsext_srtp_single_invalid,
2698 sizeof(tlsext_srtp_single_invalid));
2699 if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2700 FAIL("should not be able to parse this\n");
2701 goto err;
2702 }
2703
2704 failure = 0;
2705
2706 err:
2707 CBB_cleanup(&cbb);
2708 SSL_CTX_free(ssl_ctx);
2709 SSL_free(ssl);
2710 free(data);
2711
2712 return (failure);
2713}
2714#endif /* OPENSSL_NO_SRTP */
2715
2716unsigned char tlsext_clienthello_default[] = {
2717 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
2718 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
2719 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
2720 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16,
2721 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05,
2722 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01,
2723 0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
2724};
2725
2726unsigned char tlsext_clienthello_disabled[] = {};
2727
2728static int
2729test_tlsext_clienthello_build(void)
2730{
2731 unsigned char *data = NULL;
2732 SSL_CTX *ssl_ctx = NULL;
2733 SSL *ssl = NULL;
2734 size_t dlen;
2735 int failure;
2736 CBB cbb;
2737
2738 failure = 1;
2739
2740 if (!CBB_init(&cbb, 0))
2741 errx(1, "failed to create CBB");
2742
2743 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2744 errx(1, "failed to create SSL_CTX");
2745 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2746 errx(1, "failed to create SSL");
2747
2748 S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION;
2749 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
2750
2751 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2752 FAIL("failed to build clienthello extensions\n");
2753 goto err;
2754 }
2755 if (!CBB_finish(&cbb, &data, &dlen))
2756 errx(1, "failed to finish CBB");
2757
2758 if (dlen != sizeof(tlsext_clienthello_default)) {
2759 FAIL("got clienthello extensions with length %zu, "
2760 "want length %zu\n", dlen,
2761 sizeof(tlsext_clienthello_default));
2762 compare_data(data, dlen, tlsext_clienthello_default,
2763 sizeof(tlsext_clienthello_default));
2764 goto err;
2765 }
2766 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) {
2767 FAIL("clienthello extensions differs:\n");
2768 compare_data(data, dlen, tlsext_clienthello_default,
2769 sizeof(tlsext_clienthello_default));
2770 goto err;
2771 }
2772
2773 CBB_cleanup(&cbb);
2774 CBB_init(&cbb, 0);
2775
2776 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
2777 S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION;
2778 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
2779 FAIL("failed to set cipher list\n");
2780 goto err;
2781 }
2782 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) {
2783 FAIL("failed to disable session tickets\n");
2784 return 0;
2785 }
2786
2787 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2788 FAIL("failed to build clienthello extensions\n");
2789 goto err;
2790 }
2791 if (!CBB_finish(&cbb, &data, &dlen))
2792 errx(1, "failed to finish CBB");
2793
2794 if (dlen != sizeof(tlsext_clienthello_disabled)) {
2795 FAIL("got clienthello extensions with length %zu, "
2796 "want length %zu\n", dlen,
2797 sizeof(tlsext_clienthello_disabled));
2798 compare_data(data, dlen, tlsext_clienthello_disabled,
2799 sizeof(tlsext_clienthello_disabled));
2800 goto err;
2801 }
2802 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
2803 FAIL("clienthello extensions differs:\n");
2804 compare_data(data, dlen, tlsext_clienthello_disabled,
2805 sizeof(tlsext_clienthello_disabled));
2806 goto err;
2807 }
2808
2809 failure = 0;
2810
2811 err:
2812 CBB_cleanup(&cbb);
2813 SSL_CTX_free(ssl_ctx);
2814 SSL_free(ssl);
2815 free(data);
2816
2817 return (failure);
2818}
2819
2820unsigned char tlsext_serverhello_default[] = {
2821 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
2822};
2823
2824unsigned char tlsext_serverhello_enabled[] = {
2825 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04,
2826 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23,
2827 0x00, 0x00,
2828};
2829
2830static int
2831test_tlsext_serverhello_build(void)
2832{
2833 unsigned char *data = NULL;
2834 SSL_CTX *ssl_ctx = NULL;
2835 SSL *ssl = NULL;
2836 size_t dlen;
2837 int failure;
2838 CBB cbb;
2839
2840 failure = 1;
2841
2842 if (!CBB_init(&cbb, 0))
2843 errx(1, "failed to create CBB");
2844
2845 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
2846 errx(1, "failed to create SSL_CTX");
2847 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2848 errx(1, "failed to create SSL");
2849 if ((ssl->session = SSL_SESSION_new()) == NULL)
2850 errx(1, "failed to create session");
2851
2852 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
2853 S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION;
2854 S3I(ssl)->hs.cipher =
2855 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
2856
2857 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2858 FAIL("failed to build serverhello extensions\n");
2859 goto err;
2860 }
2861 if (!CBB_finish(&cbb, &data, &dlen))
2862 errx(1, "failed to finish CBB");
2863
2864 if (dlen != sizeof(tlsext_serverhello_default)) {
2865 FAIL("got serverhello extensions with length %zu, "
2866 "want length %zu\n", dlen,
2867 sizeof(tlsext_serverhello_default));
2868 compare_data(data, dlen, tlsext_serverhello_default,
2869 sizeof(tlsext_serverhello_default));
2870 goto err;
2871 }
2872 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
2873 FAIL("serverhello extensions differs:\n");
2874 compare_data(data, dlen, tlsext_serverhello_default,
2875 sizeof(tlsext_serverhello_default));
2876 goto err;
2877 }
2878
2879 CBB_cleanup(&cbb);
2880 CBB_init(&cbb, 0);
2881
2882 /* Turn a few things on so we get extensions... */
2883 S3I(ssl)->send_connection_binding = 1;
2884 S3I(ssl)->hs.cipher =
2885 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
2886 ssl->internal->tlsext_status_expected = 1;
2887 ssl->internal->tlsext_ticket_expected = 1;
2888 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL)
2889 errx(1, "malloc failed");
2890 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
2891 SSI(ssl)->tlsext_ecpointformatlist[0] =
2892 TLSEXT_ECPOINTFORMAT_uncompressed;
2893
2894 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2895 FAIL("failed to build serverhello extensions\n");
2896 goto err;
2897 }
2898 if (!CBB_finish(&cbb, &data, &dlen))
2899 errx(1, "failed to finish CBB");
2900
2901 if (dlen != sizeof(tlsext_serverhello_enabled)) {
2902 FAIL("got serverhello extensions with length %zu, "
2903 "want length %zu\n", dlen,
2904 sizeof(tlsext_serverhello_enabled));
2905 compare_data(data, dlen, tlsext_serverhello_enabled,
2906 sizeof(tlsext_serverhello_enabled));
2907 goto err;
2908 }
2909 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) {
2910 FAIL("serverhello extensions differs:\n");
2911 compare_data(data, dlen, tlsext_serverhello_enabled,
2912 sizeof(tlsext_serverhello_enabled));
2913 goto err;
2914 }
2915
2916 failure = 0;
2917
2918 err:
2919 CBB_cleanup(&cbb);
2920 SSL_CTX_free(ssl_ctx);
2921 SSL_free(ssl);
2922 free(data);
2923
2924 return (failure);
2925}
2926
2927const unsigned char tlsext_versions_client[] = {
2928 0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
2929 0x02, 0x03, 0x01,
2930};
2931
2932const unsigned char tlsext_versions_server[] = {
2933 0x03, 0x04,
2934};
2935
2936static int
2937test_tlsext_versions_client(void)
2938{
2939 unsigned char *data = NULL;
2940 SSL_CTX *ssl_ctx = NULL;
2941 SSL *ssl = NULL;
2942 int failure = 0;
2943 size_t dlen;
2944 int alert;
2945 CBB cbb;
2946 CBS cbs;
2947
2948 CBB_init(&cbb, 0);
2949
2950 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
2951 errx(1, "failed to create SSL_CTX");
2952 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2953 errx(1, "failed to create SSL");
2954
2955 S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION;
2956
2957 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2958 FAIL("client should not need versions\n");
2959 failure = 1;
2960 goto done;
2961 }
2962
2963 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
2964
2965 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2966 FAIL("client should not need versions\n");
2967 failure = 1;
2968 goto done;
2969 }
2970
2971 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
2972
2973 if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2974 FAIL("client should need versions\n");
2975 failure = 1;
2976 goto done;
2977 }
2978
2979 S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION;
2980 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
2981
2982 if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2983 FAIL("client should have built versions\n");
2984 failure = 1;
2985 goto done;
2986 }
2987
2988 if (!CBB_finish(&cbb, &data, &dlen)) {
2989 FAIL("failed to finish CBB\n");
2990 failure = 1;
2991 goto done;
2992 }
2993
2994 if (dlen != sizeof(tlsext_versions_client)) {
2995 FAIL("got versions with length %zu, "
2996 "want length %zu\n", dlen, sizeof(tlsext_versions_client));
2997 failure = 1;
2998 goto done;
2999 }
3000
3001 CBS_init(&cbs, data, dlen);
3002 if (!tlsext_versions_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3003 FAIL("failed to parse client versions\n");
3004 failure = 1;
3005 goto done;
3006 }
3007 if (CBS_len(&cbs) != 0) {
3008 FAIL("extension data remaining\n");
3009 failure = 1;
3010 goto done;
3011 }
3012 done:
3013 CBB_cleanup(&cbb);
3014 SSL_CTX_free(ssl_ctx);
3015 SSL_free(ssl);
3016 free(data);
3017
3018 return (failure);
3019}
3020
3021
3022static int
3023test_tlsext_versions_server(void)
3024{
3025 unsigned char *data = NULL;
3026 SSL_CTX *ssl_ctx = NULL;
3027 SSL *ssl = NULL;
3028 int failure = 0;
3029 size_t dlen;
3030 int alert;
3031 CBB cbb;
3032 CBS cbs;
3033
3034 CBB_init(&cbb, 0);
3035
3036 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3037 errx(1, "failed to create SSL_CTX");
3038 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3039 errx(1, "failed to create SSL");
3040
3041 S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION;
3042
3043 if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3044 FAIL("server should not need versions\n");
3045 failure = 1;
3046 goto done;
3047 }
3048
3049 S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION;
3050
3051 if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3052 FAIL("server should need versions\n");
3053 failure = 1;
3054 goto done;
3055 }
3056
3057 if (!tlsext_versions_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3058 FAIL("server should have built versions\n");
3059 failure = 1;
3060 goto done;
3061 }
3062
3063 if (!CBB_finish(&cbb, &data, &dlen)) {
3064 FAIL("failed to finish CBB\n");
3065 failure = 1;
3066 goto done;
3067 }
3068
3069 if (dlen != sizeof(tlsext_versions_server)) {
3070 FAIL("got versions with length %zu, "
3071 "want length %zu\n", dlen, sizeof(tlsext_versions_server));
3072 failure = 1;
3073 goto done;
3074 }
3075
3076 CBS_init(&cbs, data, dlen);
3077 if (!tlsext_versions_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3078 FAIL("failed to parse client versions\n");
3079 failure = 1;
3080 goto done;
3081 }
3082 if (CBS_len(&cbs) != 0) {
3083 FAIL("extension data remaining\n");
3084 failure = 1;
3085 goto done;
3086 }
3087 done:
3088 CBB_cleanup(&cbb);
3089 SSL_CTX_free(ssl_ctx);
3090 SSL_free(ssl);
3091 free(data);
3092
3093 return (failure);
3094}
3095
3096const unsigned char tlsext_keyshare_client[] = {
3097 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
3098 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
3099 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
3100 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
3101 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
3102};
3103
3104const unsigned char tlsext_keyshare_server[] = {
3105 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9,
3106 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c,
3107 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11,
3108 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51,
3109 0x76, 0x1e, 0xe8, 0x22
3110};
3111
3112static int
3113test_tlsext_keyshare_client(void)
3114{
3115 unsigned char *data = NULL;
3116 SSL_CTX *ssl_ctx = NULL;
3117 SSL *ssl = NULL;
3118 int failure = 0;
3119 size_t dlen;
3120 int alert;
3121 CBB cbb;
3122 CBS cbs;
3123
3124 CBB_init(&cbb, 0);
3125
3126 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3127 errx(1, "failed to create SSL_CTX");
3128 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3129 errx(1, "failed to create SSL");
3130
3131 if ((S3I(ssl)->hs.tls13.key_share =
3132 tls13_key_share_new_nid(NID_X25519)) == NULL)
3133 errx(1, "failed to create key share");
3134 if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share))
3135 errx(1, "failed to generate key share");
3136
3137 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
3138 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3139 FAIL("client should not need keyshare\n");
3140 failure = 1;
3141 goto done;
3142 }
3143
3144 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
3145 if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3146 FAIL("client should need keyshare\n");
3147 failure = 1;
3148 goto done;
3149 }
3150
3151 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
3152 if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3153 FAIL("client should have built keyshare\n");
3154 failure = 1;
3155 goto done;
3156 }
3157
3158 if (!CBB_finish(&cbb, &data, &dlen)) {
3159 FAIL("failed to finish CBB\n");
3160 failure = 1;
3161 goto done;
3162 }
3163
3164 if (dlen != sizeof(tlsext_keyshare_client)) {
3165 FAIL("got client keyshare with length %zu, "
3166 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
3167 failure = 1;
3168 goto done;
3169 }
3170
3171 (ssl)->version = TLS1_3_VERSION;
3172 CBS_init(&cbs, data, dlen);
3173
3174 if (!tlsext_keyshare_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3175 FAIL("failed to parse client keyshare\n");
3176 failure = 1;
3177 goto done;
3178 }
3179
3180 if (CBS_len(&cbs) != 0) {
3181 FAIL("extension data remaining\n");
3182 failure = 1;
3183 goto done;
3184 }
3185
3186
3187 done:
3188 CBB_cleanup(&cbb);
3189 SSL_CTX_free(ssl_ctx);
3190 SSL_free(ssl);
3191 free(data);
3192
3193 return (failure);
3194}
3195
3196static int
3197test_tlsext_keyshare_server(void)
3198{
3199 unsigned char *data = NULL;
3200 SSL_CTX *ssl_ctx = NULL;
3201 SSL *ssl = NULL;
3202 int failure = 0;
3203 size_t dlen, idx;
3204 int alert;
3205 CBB cbb;
3206 CBS cbs;
3207 uint8_t bogokey[] = {
3208 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3,
3209 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99,
3210 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6,
3211 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22,
3212 };
3213
3214 CBB_init(&cbb, 0);
3215
3216 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3217 errx(1, "failed to create SSL_CTX");
3218 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3219 errx(1, "failed to create SSL");
3220
3221 S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION;
3222 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3223 FAIL("server should not need keyshare\n");
3224 failure = 1;
3225 goto done;
3226 }
3227
3228 S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION;
3229 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3230 FAIL("client should not need keyshare\n");
3231 failure = 1;
3232 goto done;
3233 }
3234
3235 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) {
3236 FAIL("failed to find keyshare extension\n");
3237 failure = 1;
3238 goto done;
3239 }
3240 S3I(ssl)->hs.extensions_seen |= (1 << idx);
3241
3242 if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3243 FAIL("server should need keyshare\n");
3244 failure = 1;
3245 goto done;
3246 }
3247
3248 if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3249 FAIL("server should not have built a keyshare response\n");
3250 failure = 1;
3251 goto done;
3252 }
3253
3254 if ((S3I(ssl)->hs.tls13.key_share =
3255 tls13_key_share_new_nid(NID_X25519)) == NULL)
3256 errx(1, "failed to create key share");
3257 if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share))
3258 errx(1, "failed to generate key share");
3259
3260 CBS_init(&cbs, bogokey, sizeof(bogokey));
3261 if (!tls13_key_share_peer_public(S3I(ssl)->hs.tls13.key_share,
3262 0x001d, &cbs)) {
3263 FAIL("failed to load peer public key\n");
3264 failure = 1;
3265 goto done;
3266 }
3267
3268 if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3269 FAIL("server should be able to build a keyshare response\n");
3270 failure = 1;
3271 goto done;
3272 }
3273
3274 if (!CBB_finish(&cbb, &data, &dlen)) {
3275 FAIL("failed to finish CBB\n");
3276 failure = 1;
3277 goto done;
3278 }
3279
3280 if (dlen != sizeof(tlsext_keyshare_server)) {
3281 FAIL("got server keyshare with length %zu, "
3282 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server));
3283 failure = 1;
3284 goto done;
3285 }
3286
3287 if ((S3I(ssl)->hs.tls13.key_share =
3288 tls13_key_share_new_nid(NID_X25519)) == NULL)
3289 errx(1, "failed to create key share");
3290 if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share))
3291 errx(1, "failed to generate key share");
3292
3293 CBS_init(&cbs, data, dlen);
3294
3295 if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3296 FAIL("failed to parse server keyshare\n");
3297 failure = 1;
3298 goto done;
3299 }
3300
3301 if (CBS_len(&cbs) != 0) {
3302 FAIL("extension data remaining\n");
3303 failure = 1;
3304 goto done;
3305 }
3306
3307done:
3308 CBB_cleanup(&cbb);
3309 SSL_CTX_free(ssl_ctx);
3310 SSL_free(ssl);
3311 free(data);
3312
3313 return (failure);
3314}
3315
3316/* One day I hope to be the only Muppet in this codebase */
3317const uint8_t cookie[] = "\n"
3318 " (o)(o) \n"
3319 " m' 'm \n"
3320 " M -****- M \n"
3321 " 'm m' \n"
3322 " m''''''''''m \n"
3323 " M M BB \n";
3324
3325static int
3326test_tlsext_cookie_client(void)
3327{
3328 unsigned char *data = NULL;
3329 SSL_CTX *ssl_ctx = NULL;
3330 SSL *ssl = NULL;
3331 int failure = 0;
3332 size_t dlen;
3333 int alert;
3334 CBB cbb;
3335 CBS cbs;
3336
3337 CBB_init(&cbb, 0);
3338
3339 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3340 errx(1, "failed to create SSL_CTX");
3341 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3342 errx(1, "failed to create SSL");
3343
3344 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
3345 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3346 FAIL("client should not need cookie\n");
3347 failure = 1;
3348 goto done;
3349 }
3350
3351
3352 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
3353 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3354 FAIL("client should not need cookie\n");
3355 failure = 1;
3356 goto done;
3357 }
3358
3359 /* Normally would be set by receiving a server cookie in an HRR */
3360 S3I(ssl)->hs.tls13.cookie = strdup(cookie);
3361 S3I(ssl)->hs.tls13.cookie_len = strlen(cookie);
3362
3363 if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3364 FAIL("client should need cookie\n");
3365 failure = 1;
3366 goto done;
3367 }
3368
3369 if (!tlsext_cookie_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3370 FAIL("client should have built a cookie response\n");
3371 failure = 1;
3372 goto done;
3373 }
3374
3375 if (!CBB_finish(&cbb, &data, &dlen)) {
3376 FAIL("failed to finish CBB\n");
3377 failure = 1;
3378 goto done;
3379 }
3380
3381 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3382 FAIL("got cookie with length %zu, "
3383 "want length %zu\n", dlen, strlen(cookie) +
3384 sizeof(uint16_t));
3385 failure = 1;
3386 goto done;
3387 }
3388
3389 CBS_init(&cbs, data, dlen);
3390
3391 /* Checks cookie against what's in the hs.tls13 */
3392 if (!tlsext_cookie_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3393 FAIL("failed to parse client cookie\n");
3394 failure = 1;
3395 goto done;
3396 }
3397
3398 if (CBS_len(&cbs) != 0) {
3399 FAIL("extension data remaining\n");
3400 failure = 1;
3401 goto done;
3402 }
3403
3404 done:
3405 CBB_cleanup(&cbb);
3406 SSL_CTX_free(ssl_ctx);
3407 SSL_free(ssl);
3408 free(data);
3409
3410 return (failure);
3411}
3412
3413static int
3414test_tlsext_cookie_server(void)
3415{
3416 unsigned char *data = NULL;
3417 SSL_CTX *ssl_ctx = NULL;
3418 SSL *ssl = NULL;
3419 int failure = 0;
3420 size_t dlen;
3421 int alert;
3422 CBB cbb;
3423 CBS cbs;
3424
3425 CBB_init(&cbb, 0);
3426
3427 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
3428 errx(1, "failed to create SSL_CTX");
3429 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3430 errx(1, "failed to create SSL");
3431
3432 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
3433 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3434 FAIL("server should not need cookie\n");
3435 failure = 1;
3436 goto done;
3437 }
3438
3439 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
3440 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3441 FAIL("server should not need cookie\n");
3442 failure = 1;
3443 goto done;
3444 }
3445
3446 /* Normally would be set by server before sending HRR */
3447 S3I(ssl)->hs.tls13.cookie = strdup(cookie);
3448 S3I(ssl)->hs.tls13.cookie_len = strlen(cookie);
3449
3450 if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) {
3451 FAIL("server should need cookie\n");
3452 failure = 1;
3453 goto done;
3454 }
3455
3456 if (!tlsext_cookie_server_build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) {
3457 FAIL("server should have built a cookie response\n");
3458 failure = 1;
3459 goto done;
3460 }
3461
3462 if (!CBB_finish(&cbb, &data, &dlen)) {
3463 FAIL("failed to finish CBB\n");
3464 failure = 1;
3465 goto done;
3466 }
3467
3468 if (dlen != strlen(cookie) + sizeof(uint16_t)) {
3469 FAIL("got cookie with length %zu, "
3470 "want length %zu\n", dlen, strlen(cookie) +
3471 sizeof(uint16_t));
3472 failure = 1;
3473 goto done;
3474 }
3475
3476 CBS_init(&cbs, data, dlen);
3477
3478 if (tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3479 FAIL("client should not have parsed server cookie\n");
3480 failure = 1;
3481 goto done;
3482 }
3483
3484 freezero(S3I(ssl)->hs.tls13.cookie, S3I(ssl)->hs.tls13.cookie_len);
3485 S3I(ssl)->hs.tls13.cookie = NULL;
3486 S3I(ssl)->hs.tls13.cookie_len = 0;
3487
3488 if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3489 FAIL("failed to parse server cookie\n");
3490 failure = 1;
3491 goto done;
3492 }
3493
3494 if (memcmp(cookie, S3I(ssl)->hs.tls13.cookie,
3495 S3I(ssl)->hs.tls13.cookie_len) != 0) {
3496 FAIL("parsed server cookie does not match sent cookie\n");
3497 failure = 1;
3498 goto done;
3499 }
3500
3501 if (CBS_len(&cbs) != 0) {
3502 FAIL("extension data remaining\n");
3503 failure = 1;
3504 goto done;
3505 }
3506
3507done:
3508 CBB_cleanup(&cbb);
3509 SSL_CTX_free(ssl_ctx);
3510 SSL_free(ssl);
3511 free(data);
3512
3513 return (failure);
3514}
3515
3516unsigned char *valid_hostnames[] = {
3517 "openbsd.org",
3518 "op3nbsd.org",
3519 "org",
3520 "3openbsd.com",
3521 "3-0penb-d.c-m",
3522 "a",
3523 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
3524 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
3525 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
3526 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
3527 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
3528 NULL,
3529};
3530
3531static int
3532test_tlsext_valid_hostnames(void)
3533{
3534 int i, failure = 0;
3535
3536 for (i = 0; valid_hostnames[i] != NULL; i++) {
3537 CBS cbs;
3538 CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
3539 if (!tlsext_sni_is_valid_hostname(&cbs)) {
3540 FAIL("Valid hostname '%s' rejected\n",
3541 valid_hostnames[i]);
3542 failure = 1;
3543 goto done;
3544 }
3545 }
3546 done:
3547 return failure;
3548}
3549
3550unsigned char *invalid_hostnames[] = {
3551 "openbsd.org.",
3552 "openbsd..org",
3553 "openbsd.org-",
3554 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
3555 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
3556 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
3557 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
3558 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
3559 "-p3nbsd.org",
3560 "openbs-.org",
3561 "openbsd\n.org",
3562 "open_bsd.org",
3563 "open\178bsd.org",
3564 "open\255bsd.org",
3565 NULL,
3566};
3567
3568static int
3569test_tlsext_invalid_hostnames(void)
3570{
3571 int i, failure = 0;
3572 CBS cbs;
3573
3574 for (i = 0; invalid_hostnames[i] != NULL; i++) {
3575 CBS_init(&cbs, invalid_hostnames[i],
3576 strlen(invalid_hostnames[i]));
3577 if (tlsext_sni_is_valid_hostname(&cbs)) {
3578 FAIL("Invalid hostname '%s' accepted\n",
3579 invalid_hostnames[i]);
3580 failure = 1;
3581 goto done;
3582 }
3583 }
3584 CBS_init(&cbs, valid_hostnames[0],
3585 strlen(valid_hostnames[0]) + 1);
3586 if (tlsext_sni_is_valid_hostname(&cbs)) {
3587 FAIL("hostname with NUL byte accepted\n");
3588 failure = 1;
3589 goto done;
3590 }
3591 done:
3592 return failure;
3593}
3594
3595
3596int
3597main(int argc, char **argv)
3598{
3599 int failed = 0;
3600
3601 SSL_library_init();
3602 SSL_load_error_strings();
3603
3604 failed |= test_tlsext_alpn_client();
3605 failed |= test_tlsext_alpn_server();
3606
3607 failed |= test_tlsext_supportedgroups_client();
3608 failed |= test_tlsext_supportedgroups_server();
3609
3610 failed |= test_tlsext_ecpf_client();
3611 failed |= test_tlsext_ecpf_server();
3612
3613 failed |= test_tlsext_ri_client();
3614 failed |= test_tlsext_ri_server();
3615
3616 failed |= test_tlsext_sigalgs_client();
3617
3618 failed |= test_tlsext_sni_client();
3619 failed |= test_tlsext_sni_server();
3620
3621 failed |= test_tlsext_ocsp_client();
3622 failed |= test_tlsext_ocsp_server();
3623
3624 failed |= test_tlsext_sessionticket_client();
3625 failed |= test_tlsext_sessionticket_server();
3626
3627 failed |= test_tlsext_versions_client();
3628 failed |= test_tlsext_versions_server();
3629
3630 failed |= test_tlsext_keyshare_client();
3631 failed |= test_tlsext_keyshare_server();
3632
3633 failed |= test_tlsext_cookie_client();
3634 failed |= test_tlsext_cookie_server();
3635
3636#ifndef OPENSSL_NO_SRTP
3637 failed |= test_tlsext_srtp_client();
3638 failed |= test_tlsext_srtp_server();
3639#else
3640 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
3641#endif
3642
3643 failed |= test_tlsext_clienthello_build();
3644 failed |= test_tlsext_serverhello_build();
3645
3646 failed |= test_tlsext_valid_hostnames();
3647 failed |= test_tlsext_invalid_hostnames();
3648
3649 return (failed);
3650}
diff --git a/src/regress/lib/libssl/tlsfuzzer/Makefile b/src/regress/lib/libssl/tlsfuzzer/Makefile
deleted file mode 100644
index 64c5970a27..0000000000
--- a/src/regress/lib/libssl/tlsfuzzer/Makefile
+++ /dev/null
@@ -1,47 +0,0 @@
1# $OpenBSD: Makefile,v 1.2 2020/05/23 17:33:51 tb Exp $
2
3.if !exists(/usr/local/share/tlsfuzzer)
4regress:
5 @echo package py3-tlsfuzzer is required for this regress
6 @echo SKIPPED
7.else
8
9REGRESS_TARGETS=regress-tlsfuzzer
10
11localhost.key localhost.crt:
12 openssl req -x509 -newkey rsa -keyout localhost.key -out localhost.crt \
13 -subj /CN=localhost -nodes -batch
14
15certs: localhost.key localhost.crt
16
17CLEANFILES += localhost.key localhost.crt
18
19PORT ?= 4433
20SLOW = -s
21TIMING = # -t
22VERBOSE = # -v
23
24regress-tlsfuzzer: certs
25 python3 ${.CURDIR}/tlsfuzzer.py ${SLOW} ${TIMING} ${VERBOSE}
26
27failing: certs
28 python3 ${.CURDIR}/tlsfuzzer.py -f ${SLOW} ${TIMING} ${VERBOSE}
29
30
31port: certs
32 python3 ${.CURDIR}/tlsfuzzer.py ${SLOW} ${TIMING} ${VERBOSE} -p ${PORT}
33
34list:
35 @python3 ${.CURDIR}/tlsfuzzer.py -l
36
37list-failing:
38 @python3 ${.CURDIR}/tlsfuzzer.py -l -f
39
40missing:
41 @python3 ${.CURDIR}/tlsfuzzer.py -m
42
43.PHONY: all certs failing list list-failing missing port
44
45.endif
46
47.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
deleted file mode 100644
index 846252f1c2..0000000000
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ /dev/null
@@ -1,876 +0,0 @@
1# $OpenBSD: tlsfuzzer.py,v 1.40 2021/08/11 19:45:08 tb Exp $
2#
3# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16
17import getopt
18import os
19import subprocess
20import sys
21from timeit import default_timer as timer
22
23tlsfuzzer_scriptdir = "/usr/local/share/tlsfuzzer/scripts/"
24
25class Test:
26 """
27 Represents a tlsfuzzer test script.
28 name: the script's name
29 args: arguments to feed to the script
30 tls12_args: override args for a TLSv1.2 server
31 tls13_args: override args for a TLSv1.3 server
32
33 XXX Add client cert support.
34 """
35 def __init__(self, name="", args=[], tls12_args=[], tls13_args=[]):
36 self.name = name
37 self.tls12_args = args
38 self.tls13_args = args
39 if tls12_args:
40 self.tls12_args = tls12_args
41 if tls13_args:
42 self.tls13_args = tls13_args
43
44 def args(self, has_tls1_3: True):
45 if has_tls1_3:
46 return self.tls13_args
47 else:
48 return self.tls12_args
49
50 def __repr__(self):
51 return "<Test: %s tls12_args: %s tls13_args: %s>" % (
52 self.name, self.tls12_args, tls13_args
53 )
54
55class TestGroup:
56 """ A group of Test objects to be run by TestRunner."""
57 def __init__(self, title="Tests", tests=[]):
58 self.title = title
59 self.tests = tests
60
61 def __iter__(self):
62 return iter(self.tests)
63
64# argument to pass to several tests
65tls13_unsupported_ciphers = [
66 "-e", "TLS 1.3 with ffdhe2048",
67 "-e", "TLS 1.3 with ffdhe3072",
68 "-e", "TLS 1.3 with x448",
69]
70
71def substitute_alert(want, got):
72 return f"Expected alert description \"{want}\" " \
73 + f"does not match received \"{got}\""
74
75# test-tls13-finished.py has 70 failing tests that expect a "decode_error"
76# instead of the "decrypt_error" sent by tls13_server_finished_recv().
77# Both alerts appear to be reasonable in this context, so work around this
78# in the test instead of the library.
79def generate_test_tls13_finished_args():
80 assertion = substitute_alert("decode_error", "decrypt_error");
81 paddings = [
82 ("TLS_AES_128_GCM_SHA256", 0, 1),
83 ("TLS_AES_128_GCM_SHA256", 0, 2),
84 ("TLS_AES_128_GCM_SHA256", 0, 4),
85 ("TLS_AES_128_GCM_SHA256", 0, 8),
86 ("TLS_AES_128_GCM_SHA256", 0, 16),
87 ("TLS_AES_128_GCM_SHA256", 0, 32),
88 ("TLS_AES_128_GCM_SHA256", 0, 48),
89 ("TLS_AES_128_GCM_SHA256", 0, 2**14-4-32),
90 ("TLS_AES_128_GCM_SHA256", 0, 0x20000),
91 ("TLS_AES_128_GCM_SHA256", 0, 0x30000),
92 ("TLS_AES_128_GCM_SHA256", 1, 0),
93 ("TLS_AES_128_GCM_SHA256", 2, 0),
94 ("TLS_AES_128_GCM_SHA256", 4, 0),
95 ("TLS_AES_128_GCM_SHA256", 8, 0),
96 ("TLS_AES_128_GCM_SHA256", 16, 0),
97 ("TLS_AES_128_GCM_SHA256", 32, 0),
98 ("TLS_AES_128_GCM_SHA256", 48, 0),
99 ("TLS_AES_128_GCM_SHA256", 2**14-4-32, 0),
100 ("TLS_AES_128_GCM_SHA256", 12, 0),
101 ("TLS_AES_128_GCM_SHA256", 1, 1),
102 ("TLS_AES_128_GCM_SHA256", 8, 8),
103 ("TLS_AES_256_GCM_SHA384", 0, 1),
104 ("TLS_AES_256_GCM_SHA384", 0, 2),
105 ("TLS_AES_256_GCM_SHA384", 0, 4),
106 ("TLS_AES_256_GCM_SHA384", 0, 8),
107 ("TLS_AES_256_GCM_SHA384", 0, 16),
108 ("TLS_AES_256_GCM_SHA384", 0, 32),
109 ("TLS_AES_256_GCM_SHA384", 0, 48),
110 ("TLS_AES_256_GCM_SHA384", 0, 2**14-4-48),
111 ("TLS_AES_256_GCM_SHA384", 0, 0x20000),
112 ("TLS_AES_256_GCM_SHA384", 0, 0x30000),
113 ("TLS_AES_256_GCM_SHA384", 0, 12),
114 ("TLS_AES_256_GCM_SHA384", 1, 0),
115 ("TLS_AES_256_GCM_SHA384", 2, 0),
116 ("TLS_AES_256_GCM_SHA384", 4, 0),
117 ("TLS_AES_256_GCM_SHA384", 8, 0),
118 ("TLS_AES_256_GCM_SHA384", 16, 0),
119 ("TLS_AES_256_GCM_SHA384", 32, 0),
120 ("TLS_AES_256_GCM_SHA384", 48, 0),
121 ("TLS_AES_256_GCM_SHA384", 2**14-4-48, 0),
122 ("TLS_AES_256_GCM_SHA384", 1, 1),
123 ("TLS_AES_256_GCM_SHA384", 8, 8),
124 ]
125 truncations = [
126 ("TLS_AES_128_GCM_SHA256", 0, -1),
127 ("TLS_AES_128_GCM_SHA256", 0, -2),
128 ("TLS_AES_128_GCM_SHA256", 0, -4),
129 ("TLS_AES_128_GCM_SHA256", 0, -8),
130 ("TLS_AES_128_GCM_SHA256", 0, -16),
131 ("TLS_AES_128_GCM_SHA256", 0, -32),
132 ("TLS_AES_128_GCM_SHA256", 0, 12),
133 ("TLS_AES_128_GCM_SHA256", 1, None),
134 ("TLS_AES_128_GCM_SHA256", 2, None),
135 ("TLS_AES_128_GCM_SHA256", 4, None),
136 ("TLS_AES_128_GCM_SHA256", 8, None),
137 ("TLS_AES_128_GCM_SHA256", 16, None),
138 ("TLS_AES_128_GCM_SHA256", 32, None),
139 ("TLS_AES_256_GCM_SHA384", 0, -1),
140 ("TLS_AES_256_GCM_SHA384", 0, -2),
141 ("TLS_AES_256_GCM_SHA384", 0, -4),
142 ("TLS_AES_256_GCM_SHA384", 0, -8),
143 ("TLS_AES_256_GCM_SHA384", 0, -16),
144 ("TLS_AES_256_GCM_SHA384", 0, -32),
145 ("TLS_AES_256_GCM_SHA384", 0, 12),
146 ("TLS_AES_256_GCM_SHA384", 1, None),
147 ("TLS_AES_256_GCM_SHA384", 2, None),
148 ("TLS_AES_256_GCM_SHA384", 4, None),
149 ("TLS_AES_256_GCM_SHA384", 8, None),
150 ("TLS_AES_256_GCM_SHA384", 16, None),
151 ("TLS_AES_256_GCM_SHA384", 32, None),
152 ]
153
154 args = [
155 "-x", "empty - cipher TLS_AES_128_GCM_SHA256", "-X", assertion,
156 "-x", "empty - cipher TLS_AES_256_GCM_SHA384", "-X", assertion,
157 ]
158 padding_fmt = "padding - cipher %s, pad_byte 0, pad_left %d, pad_right %d"
159 for padding in paddings:
160 args += ["-x", padding_fmt % padding, "-X", assertion]
161 truncation_fmt = "truncation - cipher %s, start %d, end %s"
162 for truncation in truncations:
163 args += ["-x", truncation_fmt % truncation, "-X", assertion]
164 return args
165
166tls13_tests = TestGroup("TLSv1.3 tests", [
167 Test("test-tls13-ccs.py"),
168 Test("test-tls13-conversation.py"),
169 Test("test-tls13-count-tickets.py"),
170 Test("test-tls13-empty-alert.py"),
171 Test("test-tls13-finished.py", generate_test_tls13_finished_args()),
172 Test("test-tls13-finished-plaintext.py"),
173 Test("test-tls13-hrr.py"),
174 Test("test-tls13-keyshare-omitted.py"),
175 Test("test-tls13-legacy-version.py"),
176 Test("test-tls13-nociphers.py"),
177 Test("test-tls13-record-padding.py"),
178 Test("test-tls13-shuffled-extentions.py"),
179 Test("test-tls13-zero-content-type.py"),
180
181 # The skipped tests fail due to a bug in BIO_gets() which masks the retry
182 # signalled from an SSL_read() failure. Testing with httpd(8) shows we're
183 # handling these corner cases correctly since tls13_record_layer.c -r1.47.
184 Test("test-tls13-zero-length-data.py", [
185 "-e", "zero-length app data",
186 "-e", "zero-length app data with large padding",
187 "-e", "zero-length app data with padding",
188 ]),
189])
190
191# Tests that take a lot of time (> ~30s on an x280)
192tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
193 # XXX: Investigate the occasional message
194 # "Got shared secret with 1 most significant bytes equal to zero."
195 Test("test-tls13-dhe-shared-secret-padding.py", tls13_unsupported_ciphers),
196
197 Test("test-tls13-invalid-ciphers.py"),
198 Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),
199
200 # Mark two tests cases as xfail for now. The tests expect an arguably
201 # correct decode_error while we send a decrypt_error (like fizz/boring).
202 Test("test-tls13-record-layer-limits.py", [
203 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256",
204 "-X", substitute_alert("decode_error", "decrypt_error"),
205 "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256",
206 "-X", substitute_alert("decode_error", "decrypt_error"),
207 ]),
208 # We don't accept an empty ECPF extension since it must advertise the
209 # uncompressed point format. Exclude this extension type from the test.
210 Test(
211 "test-tls13-large-number-of-extensions.py",
212 tls13_args = ["--exc", "11"],
213 ),
214])
215
216tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [
217 # need to set up client certs to run these
218 Test("test-tls13-certificate-request.py"),
219 Test("test-tls13-certificate-verify.py"),
220 Test("test-tls13-ecdsa-in-certificate-verify.py"),
221 Test("test-tls13-eddsa-in-certificate-verify.py"),
222
223 # Test expects the server to have installed three certificates:
224 # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified
225 # to not work.
226 Test("test-tls13-ecdsa-support.py"),
227])
228
229tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
230 # Some tests fail because we fail later than the scripts expect us to.
231 # With X25519, we accept weak peer public keys and fail when we actually
232 # compute the keyshare. Other tests seem to indicate that we could be
233 # stricter about what keyshares we accept.
234 Test("test-tls13-crfg-curves.py", [
235 '-e', 'all zero x448 key share',
236 '-e', 'empty x448 key share',
237 '-e', 'sanity x448 with compression ansiX962_compressed_char2',
238 '-e', 'sanity x448 with compression ansiX962_compressed_prime',
239 '-e', 'sanity x448 with compression uncompressed',
240 '-e', 'too big x448 key share',
241 '-e', 'too small x448 key share',
242 '-e', 'x448 key share of "1"',
243 ]),
244 Test("test-tls13-ecdhe-curves.py", [
245 '-e', 'sanity - x448',
246 '-e', 'x448 - key share from other curve',
247 '-e', 'x448 - point at infinity',
248 '-e', 'x448 - right 0-padded key_share',
249 '-e', 'x448 - right-truncated key_share',
250 ]),
251
252 # The test sends records with protocol version 0x0300 instead of 0x0303
253 # and currently fails with OpenSSL and LibreSSL for this reason.
254 # We have the logic corresponding to NSS's fix for CVE-2020-25648
255 # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
256 # so should not be affected by this issue.
257 Test("test-tls13-multiple-ccs-messages.py"),
258
259 # https://github.com/openssl/openssl/issues/8369
260 Test("test-tls13-obsolete-curves.py"),
261
262 # 3 failing rsa_pss_pss tests
263 Test("test-tls13-rsa-signatures.py"),
264
265 # The failing tests all expect an ri extension. What's up with that?
266 Test("test-tls13-version-negotiation.py"),
267])
268
269tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
270 # Other test failures bugs in keyshare/tlsext negotiation?
271 Test("test-tls13-unrecognised-groups.py"), # unexpected closure
272
273 # 5 occasional failures:
274 # 'app data split, conversation with KeyUpdate msg'
275 # 'fragmented keyupdate msg'
276 # 'multiple KeyUpdate messages'
277 # 'post-handshake KeyUpdate msg with update_not_request'
278 # 'post-handshake KeyUpdate msg with update_request'
279 Test("test-tls13-keyupdate.py"),
280
281 Test("test-tls13-symetric-ciphers.py"), # unexpected message from peer
282
283 # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
284 # We send server hello, but the test expects handshake_failure
285 Test("test-tls13-pkcs-signature.py"),
286 # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512}
287 Test("test-tls13-rsapss-signatures.py"),
288])
289
290tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
291 # Tests for features we don't support
292 Test("test-tls13-0rtt-garbage.py"),
293 Test("test-tls13-ffdhe-groups.py"),
294 Test("test-tls13-ffdhe-sanity.py"),
295 Test("test-tls13-psk_dhe_ke.py"),
296 Test("test-tls13-psk_ke.py"),
297
298 # need server to react to HTTP GET for /keyupdate
299 Test("test-tls13-keyupdate-from-server.py"),
300
301 # Weird test: tests servers that don't support 1.3
302 Test("test-tls13-non-support.py"),
303
304 # broken test script
305 # UnboundLocalError: local variable 'cert' referenced before assignment
306 Test("test-tls13-post-handshake-auth.py"),
307
308 # ExpectNewSessionTicket
309 Test("test-tls13-session-resumption.py"),
310
311 # Server must be configured to support only rsa_pss_rsae_sha512
312 Test("test-tls13-signature-algorithms.py"),
313])
314
315tls12_exclude_legacy_protocols = [
316 # all these have BIO_read timeouts against TLSv1.3
317 "-e", "Protocol (3, 0)",
318 "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
319 # the following only fail with TLSv1.3
320 "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
321 "-e", "Protocol (3, 2) in SSLv2 compatible ClientHello",
322 "-e", "Protocol (3, 3) in SSLv2 compatible ClientHello",
323 "-e", "Protocol (3, 1) with x448 group",
324 "-e", "Protocol (3, 2) with x448 group",
325 "-e", "Protocol (3, 3) with x448 group",
326]
327
328tls12_tests = TestGroup("TLSv1.2 tests", [
329 # Tests that pass as they are.
330 Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
331 Test("test-aes-gcm-nonces.py"),
332 Test("test-chacha20.py"),
333 Test("test-conversation.py"),
334 Test("test-cve-2016-2107.py"),
335 Test("test-cve-2016-6309.py"),
336 Test("test-dhe-rsa-key-exchange.py"),
337 Test("test-dhe-rsa-key-exchange-with-bad-messages.py"),
338 Test("test-early-application-data.py"),
339 Test("test-empty-extensions.py"),
340 Test("test-fuzzed-MAC.py"),
341 Test("test-fuzzed-ciphertext.py"),
342 Test("test-fuzzed-finished.py"),
343 Test("test-fuzzed-padding.py"),
344 Test("test-fuzzed-plaintext.py"), # fails once in a while
345 Test("test-hello-request-by-client.py"),
346 Test("test-invalid-cipher-suites.py"),
347 Test("test-invalid-content-type.py"),
348 Test("test-invalid-session-id.py"),
349 Test("test-invalid-version.py"),
350 Test("test-lucky13.py"),
351 Test("test-message-skipping.py"),
352 Test("test-no-heartbeat.py"),
353 Test("test-record-layer-fragmentation.py"),
354 Test("test-sessionID-resumption.py"),
355 Test("test-sslv2-connection.py"),
356 Test("test-truncating-of-finished.py"),
357 Test("test-truncating-of-kRSA-client-key-exchange.py"),
358 Test("test-unsupported-curve-fallback.py"),
359 Test("test-version-numbers.py"),
360 Test("test-zero-length-data.py"),
361
362 # Tests that need tweaking for unsupported features and ciphers.
363 Test(
364 "test-atypical-padding.py", [
365 "-e", "sanity - encrypt then MAC",
366 "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)",
367 ]
368 ),
369 Test(
370 "test-dhe-rsa-key-exchange-signatures.py", [
371 "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
372 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
373 "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
374 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 sha224 signature",
375 "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature",
376 ]
377 ),
378 Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
379 Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.0"]),
380 Test(
381 "test-downgrade-protection.py",
382 tls12_args = ["--server-max-protocol", "TLSv1.2"],
383 tls13_args = ["--server-max-protocol", "TLSv1.3"],
384 ),
385 Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ),
386
387 Test("test-invalid-compression-methods.py", [
388 "-x", "invalid compression methods",
389 "-X", substitute_alert("illegal_parameter", "decode_error"),
390 "-x", "only deflate compression method",
391 "-X", substitute_alert("illegal_parameter", "decode_error"),
392 ]),
393
394 # Skip extended_master_secret test. Since we don't support this
395 # extension, we don't notice that it was dropped.
396 Test("test-renegotiation-changed-clienthello.py", [
397 "-e", "drop extended_master_secret in renegotiation",
398 ]),
399
400 # Without --sig-algs-drop-ok, two tests fail since we do not currently
401 # implement the signature_algorithms_cert extension (although we MUST).
402 Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
403
404 Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
405])
406
407tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
408 Test("test-cve-2016-7054.py"),
409 Test("test-dhe-no-shared-secret-padding.py", tls12_exclude_legacy_protocols),
410 Test("test-ecdhe-padded-shared-secret.py", tls12_exclude_legacy_protocols),
411 Test("test-ecdhe-rsa-key-share-random.py", tls12_exclude_legacy_protocols),
412 Test("test-large-hello.py"),
413])
414
415tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
416 # no shared cipher
417 Test("test-aesccm.py"),
418 # need server to set up alpn
419 Test("test-alpn-negotiation.py"),
420 # many tests fail due to unexpected server_name extension
421 Test("test-bleichenbacher-workaround.py"),
422
423 # need client key and cert plus extra server setup
424 Test("test-certificate-malformed.py"),
425 Test("test-certificate-request.py"),
426 Test("test-certificate-verify-malformed-sig.py"),
427 Test("test-certificate-verify-malformed.py"),
428 Test("test-certificate-verify.py"),
429 Test("test-ecdsa-in-certificate-verify.py"),
430 Test("test-eddsa-in-certificate-verify.py"),
431 Test("test-renegotiation-disabled-client-cert.py"),
432 Test("test-rsa-pss-sigs-on-certificate-verify.py"),
433 Test("test-rsa-sigs-on-certificate-verify.py"),
434
435 # test doesn't expect session ticket
436 Test("test-client-compatibility.py"),
437 # abrupt closure
438 Test("test-client-hello-max-size.py"),
439 # unknown signature algorithms
440 Test("test-clienthello-md5.py"),
441
442 # Tests expect an illegal_parameter or a decode_error alert. Should be
443 # added to ssl3_get_client_key_exchange on kex function failure.
444 Test("test-ecdhe-rsa-key-exchange-with-bad-messages.py"),
445
446 # We send a handshake_failure due to no shared ciphers while the
447 # test expects to succeed.
448 Test("test-ecdhe-rsa-key-exchange.py"),
449
450 # no shared cipher
451 Test("test-ecdsa-sig-flexibility.py"),
452
453 # 29 succeed, 263 fail:
454 # 'n extensions', 'n extensions last empty' n in 4086, 4096, 8192, 16383
455 # 'fuzz ext length to n' n in [0..255] with the exception of 41...
456 Test("test-extensions.py"),
457
458 # Tests expect SH but we send unexpected_message or handshake_failure
459 # 'Application data inside Client Hello'
460 # 'Application data inside Client Key Exchange'
461 # 'Application data inside Finished'
462 Test("test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py"),
463 # Tests expect SH but we send handshake_failure
464 # 'Application data before Change Cipher Spec'
465 # 'Application data before Client Key Exchange'
466 # 'Application data before Finished'
467 Test("test-interleaved-application-data-in-renegotiation.py"),
468
469 # broken test script
470 # TypeError: '<' not supported between instances of 'int' and 'NoneType'
471 Test("test-invalid-client-hello-w-record-overflow.py"),
472
473 # Lots of failures. abrupt closure
474 Test("test-invalid-client-hello.py"),
475
476 # abrupt closure
477 # 'encrypted premaster set to all zero (n)' n in 256 384 512
478 Test("test-invalid-rsa-key-exchange-messages.py"),
479
480 # test expects illegal_parameter, we send unrecognized_name (which seems
481 # correct according to rfc 6066?)
482 Test("test-invalid-server-name-extension-resumption.py"),
483 # let through some server names without sending an alert
484 # again illegal_parameter vs unrecognized_name
485 Test("test-invalid-server-name-extension.py"),
486
487 # 14 pass
488 # 7 fail
489 # 'n extensions', n in 4095, 4096, 4097, 8191, 8192, 8193, 16383,
490 Test("test-large-number-of-extensions.py"),
491
492 # 4 failures:
493 # 'insecure (legacy) renegotiation with GET after 2nd handshake'
494 # 'insecure (legacy) renegotiation with incomplete GET'
495 # 'secure renegotiation with GET after 2nd handshake'
496 # 'secure renegotiation with incomplete GET'
497 Test("test-legacy-renegotiation.py"),
498
499 # 1 failure (timeout): we don't send the unexpected_message alert
500 # 'duplicate change cipher spec after Finished'
501 Test("test-message-duplication.py"),
502
503 # server should send status_request
504 Test("test-ocsp-stapling.py"),
505
506 # unexpected closure
507 Test("test-openssl-3712.py"),
508
509 # failed: 3 (expect an alert, we send AD)
510 # 'try insecure (legacy) renegotiation with incomplete GET'
511 # 'try secure renegotiation with GET after 2nd CH'
512 # 'try secure renegotiation with incomplete GET'
513 Test("test-renegotiation-disabled.py"),
514
515 # 'resumption of safe session with NULL cipher'
516 # 'resumption with cipher from old CH but not selected by server'
517 Test("test-resumption-with-wrong-ciphers.py"),
518
519 # 5 failures:
520 # 'empty sigalgs'
521 # 'only undefined sigalgs'
522 # 'rsa_pss_pss_sha256 only'
523 # 'rsa_pss_pss_sha384 only'
524 # 'rsa_pss_pss_sha512 only'
525 Test("test-sig-algs.py"),
526
527 # 13 failures:
528 # 'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
529 # 'empty list of signature methods'
530 # 'tolerance n RSA or ECDSA methods' for n in 215 2355 8132 23754
531 # 'tolerance 32758 methods with sig_alg_cert'
532 # 'tolerance max 32744 number of methods with sig_alg_cert'
533 # 'tolerance max (32760) number of methods'
534 Test("test-signature-algorithms.py"),
535
536 # times out
537 Test("test-ssl-death-alert.py"),
538
539 # 17 pass, 13 fail. padding and truncation
540 Test("test-truncating-of-client-hello.py"),
541
542 # x448 tests need disabling plus x25519 corner cases need sorting out
543 Test("test-x25519.py"),
544])
545
546tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
547 # protocol_version
548 Test("test-SSLv3-padding.py"),
549 # we don't do RSA key exchanges
550 Test("test-bleichenbacher-timing.py"),
551 # no encrypt-then-mac
552 Test("test-encrypt-then-mac-renegotiation.py"),
553 Test("test-encrypt-then-mac.py"),
554 # no EME support
555 Test("test-extended-master-secret-extension-with-client-cert.py"),
556 Test("test-extended-master-secret-extension.py"),
557 # no ffdhe
558 Test("test-ffdhe-expected-params.py"),
559 Test("test-ffdhe-negotiation.py"),
560 # record_size_limit/max_fragment_length extension (RFC 8449)
561 Test("test-record-size-limit.py"),
562 # expects the server to send the heartbeat extension
563 Test("test-heartbeat.py"),
564])
565
566# These tests take a ton of time to fail against an 1.3 server,
567# so don't run them against 1.3 pending further investigation.
568legacy_tests = TestGroup("Legacy protocol tests", [
569 Test("test-sslv2-force-cipher-3des.py"),
570 Test("test-sslv2-force-cipher-non3des.py"),
571 Test("test-sslv2-force-cipher.py"),
572 Test("test-sslv2-force-export-cipher.py"),
573 Test("test-sslv2hello-protocol.py"),
574])
575
576all_groups = [
577 tls13_tests,
578 tls13_slow_tests,
579 tls13_extra_cert_tests,
580 tls13_failing_tests,
581 tls13_slow_failing_tests,
582 tls13_unsupported_tests,
583 tls12_tests,
584 tls12_slow_tests,
585 tls12_failing_tests,
586 tls12_unsupported_tests,
587 legacy_tests,
588]
589
590failing_groups = [
591 tls13_failing_tests,
592 tls13_slow_failing_tests,
593 tls12_failing_tests,
594]
595
596class TestRunner:
597 """ Runs the given tests troups against a server and displays stats. """
598
599 def __init__(
600 self, timing=False, verbose=False, port=4433, use_tls1_3=True,
601 dry_run=False, tests=[], scriptdir=tlsfuzzer_scriptdir,
602 ):
603 self.tests = []
604
605 self.dryrun = dry_run
606 self.use_tls1_3 = use_tls1_3
607 self.port = str(port)
608 self.scriptdir = scriptdir
609
610 self.stats = []
611 self.failed = []
612 self.missing = []
613
614 self.timing = timing
615 self.verbose = verbose
616
617 def add(self, title="tests", tests=[]):
618 # tests.sort(key=lambda test: test.name)
619 self.tests.append(TestGroup(title, tests))
620
621 def add_group(self, group):
622 self.tests.append(group)
623
624 def run_script(self, test):
625 script = test.name
626 args = ["-p"] + [self.port] + test.args(self.use_tls1_3)
627
628 if self.dryrun:
629 if not self.verbose:
630 args = []
631 print(script , end=' ' if args else '')
632 print(' '.join([f"\"{arg}\"" for arg in args]))
633 return
634
635 if self.verbose:
636 print(script)
637 else:
638 print(f"{script[:68]:<72}", end=" ", flush=True)
639 start = timer()
640 scriptpath = os.path.join(self.scriptdir, script)
641 if not os.path.exists(scriptpath):
642 self.missing.append(script)
643 print("MISSING")
644 return
645 test = subprocess.run(
646 ["python3", scriptpath] + args,
647 capture_output=not self.verbose,
648 text=True,
649 )
650 end = timer()
651 self.stats.append((script, end - start))
652 if test.returncode == 0:
653 print("OK")
654 return
655 print("FAILED")
656 self.failed.append(script)
657
658 if self.verbose:
659 return
660
661 print('\n'.join(test.stdout.split("Test end\n", 1)[1:]), end="")
662
663 def run(self):
664 for group in self:
665 print(f"Running {group.title} ...")
666 for test in group:
667 self.run_script(test)
668 return not self.failed
669
670 def __iter__(self):
671 return iter(self.tests)
672
673 def __del__(self):
674 if self.timing and self.stats:
675 total = 0.0
676 for (script, time) in self.stats:
677 print(f"{round(time, 2):6.2f} {script}")
678 total += time
679 print(f"{round(total, 2):6.2f} total")
680
681 if self.failed:
682 print("Failed tests:")
683 print('\n'.join(self.failed))
684
685 if self.missing:
686 print("Missing tests (outdated package?):")
687 print('\n'.join(self.missing))
688
689class TlsServer:
690 """ Spawns an s_server listening on localhost:port if necessary. """
691
692 def __init__(self, port=4433):
693 self.spawn = True
694 # Check whether a server is already listening on localhost:port
695 self.spawn = subprocess.run(
696 ["nc", "-c", "-z", "-T", "noverify", "localhost", str(port)],
697 stderr=subprocess.DEVNULL,
698 ).returncode != 0
699
700 if self.spawn:
701 self.server = subprocess.Popen(
702 [
703 "openssl",
704 "s_server",
705 "-accept",
706 str(port),
707 "-groups",
708 "X25519:P-256:P-521:P-384",
709 "-key",
710 "localhost.key",
711 "-cert",
712 "localhost.crt",
713 "-www",
714 ],
715 stdout=subprocess.DEVNULL,
716 stderr=subprocess.PIPE,
717 text=True,
718 )
719
720 # Check whether the server talks TLSv1.3
721 self.has_tls1_3 = True or subprocess.run(
722 [
723 "nc",
724 "-c",
725 "-z",
726 "-T",
727 "noverify",
728 "-T",
729 "protocols=TLSv1.3",
730 "localhost",
731 str(port),
732 ],
733 stderr=subprocess.DEVNULL,
734 ).returncode == 0
735
736 self.check()
737
738 def check(self):
739 if self.spawn and self.server.poll() is not None:
740 print(self.server.stderr.read())
741 raise RuntimeError(
742 f"openssl s_server died. Return code: {self.server.returncode}."
743 )
744 if self.spawn:
745 self.server.stderr.detach()
746
747 def __del__(self):
748 if self.spawn:
749 self.server.terminate()
750
751# Extract the arguments we pass to script
752def defaultargs(script, has_tls1_3):
753 return next(
754 (test for group in all_groups for test in group if test.name == script),
755 Test()
756 ).args(has_tls1_3)
757
758def list_or_missing(missing=True):
759 tests = [test.name for group in all_groups for test in group]
760
761 if missing:
762 scripts = {
763 f for f in os.listdir(tlsfuzzer_scriptdir) if f != "__pycache__"
764 }
765 missing = scripts - set(tests)
766 if missing:
767 print('\n'.join(sorted(missing)))
768 exit(0)
769
770 tests.sort()
771 print('\n'.join(tests))
772 exit(0)
773
774def usage():
775 print("Usage: python3 tlsfuzzer.py [-lmnstv] [-p port] [script [test...]]")
776 print(" --help help")
777 print(" -f run failing tests")
778 print(" -l list tests")
779 print(" -m list new tests after package update")
780 print(" -n do not run tests, but list the ones that would be run")
781 print(" -p port connect to this port - defaults to 4433")
782 print(" -s run slow tests")
783 print(" -t show timing stats at end")
784 print(" -v verbose output")
785 exit(0)
786
787def main():
788 failing = False
789 list = False
790 missing = False
791 dryrun = False
792 port = 4433
793 slow = False
794 timing = False
795 verbose = False
796
797 argv = sys.argv[1:]
798 opts, args = getopt.getopt(argv, "flmnp:stv", ["help"])
799 for opt, arg in opts:
800 if opt == '--help':
801 usage()
802 elif opt == '-f':
803 failing = True
804 elif opt == '-l':
805 list = True
806 elif opt == '-m':
807 missing = True
808 elif opt == '-n':
809 dryrun = True
810 elif opt == '-p':
811 port = int(arg)
812 elif opt == '-s':
813 slow = True
814 elif opt == '-t':
815 timing = True
816 elif opt == '-v':
817 verbose = True
818 else:
819 raise ValueError(f"Unknown option: {opt}")
820
821 if not os.path.exists(tlsfuzzer_scriptdir):
822 print("package py3-tlsfuzzer is required for this regress")
823 exit(1)
824
825 if list and failing:
826 failing = [test.name for group in failing_groups for test in group]
827 failing.sort()
828 print('\n'.join(failing))
829 exit(0)
830
831 if list or missing:
832 list_or_missing(missing)
833
834 tls_server = TlsServer(port)
835
836 tests = TestRunner(timing, verbose, port, tls_server.has_tls1_3, dryrun)
837
838 if args:
839 (dir, script) = os.path.split(args[0])
840 if dir and not dir == '.':
841 tests.scriptdir = dir
842
843 testargs = defaultargs(script, tls_server.has_tls1_3)
844
845 tests.verbose = True
846 tests.add("test from command line", [Test(script, testargs + args[1:])])
847
848 exit(not tests.run())
849
850 if failing:
851 if tls_server.has_tls1_3:
852 tests.add_group(tls13_failing_tests)
853 if slow:
854 tests.add_group(tls13_slow_failing_tests)
855 tests.add_group(tls12_failing_tests)
856
857 if tls_server.has_tls1_3:
858 tests.add_group(tls13_tests)
859 if slow:
860 tests.add_group(tls13_slow_tests)
861 else:
862 tests.add_group(legacy_tests)
863
864 tests.add_group(tls12_tests)
865 if slow:
866 tests.add_group(tls12_slow_tests)
867
868 success = tests.run()
869 del tests
870
871 if not success:
872 print("FAILED")
873 exit(1)
874
875if __name__ == "__main__":
876 main()
diff --git a/src/regress/lib/libssl/tlslegacy/Makefile b/src/regress/lib/libssl/tlslegacy/Makefile
deleted file mode 100644
index c39981f0b8..0000000000
--- a/src/regress/lib/libssl/tlslegacy/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
1# $OpenBSD: Makefile,v 1.1 2020/10/07 07:52:17 jsing Exp $
2
3PROG= tlslegacytest
4LDADD= -lssl -lcrypto
5DPADD= ${LIBSSL} ${LIBCRYPTO}
6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror
8
9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/tlslegacy/tlslegacytest.c b/src/regress/lib/libssl/tlslegacy/tlslegacytest.c
deleted file mode 100644
index 70d89f8e75..0000000000
--- a/src/regress/lib/libssl/tlslegacy/tlslegacytest.c
+++ /dev/null
@@ -1,633 +0,0 @@
1/* $OpenBSD: tlslegacytest.c,v 1.2 2020/10/07 17:39:43 tb Exp $ */
2/*
3 * Copyright (c) 2015, 2016, 2017, 2020 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include <openssl/err.h>
21#include <openssl/dtls1.h>
22#include <openssl/ssl3.h>
23
24#include <err.h>
25#include <stdio.h>
26#include <string.h>
27
28/* openssl.org:443 */
29static uint8_t tls12_server_response[] = {
30 0x16, 0x03, 0x03, 0x00, 0x3d, 0x02, 0x00, 0x00,
31 0x39, 0x03, 0x03, 0x62, 0x0c, 0x8a, 0x7e, 0x29,
32 0x60, 0xcb, 0x08, 0xd1, 0xb4, 0x95, 0x68, 0x76,
33 0xea, 0x4e, 0x0c, 0x94, 0xf2, 0x42, 0x3d, 0xd1,
34 0x7a, 0xc2, 0xfe, 0x6c, 0xb3, 0xe6, 0x12, 0x8a,
35 0x33, 0x02, 0x92, 0x00, 0xc0, 0x30, 0x00, 0x00,
36 0x11, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0b,
37 0x00, 0x04, 0x03, 0x00, 0x01, 0x02, 0x00, 0x23,
38 0x00, 0x00,
39};
40
41/*
42 * outlook.office365.com:587 with starttls - this server response includes
43 * multiple handshake messages contained in a single TLS record.
44 */
45static uint8_t tls12_server_response_with_cert[] = {
46 0x16, 0x03, 0x03, 0x0f, 0x2b, 0x02, 0x00, 0x00,
47 0x4d, 0x03, 0x03, 0x5f, 0x7c, 0x69, 0x42, 0xe1,
48 0x19, 0xf0, 0x22, 0xfb, 0x71, 0x9a, 0xf1, 0x63,
49 0x34, 0xbb, 0x61, 0x46, 0xea, 0x5f, 0x0b, 0x5e,
50 0xb1, 0x4e, 0x37, 0x96, 0x67, 0xff, 0x83, 0xea,
51 0x0e, 0x16, 0x85, 0x20, 0x3a, 0x1b, 0x00, 0x00,
52 0x17, 0xe9, 0xac, 0xca, 0x19, 0x61, 0xaf, 0x70,
53 0x28, 0x3b, 0x18, 0xaa, 0x6c, 0xa0, 0x0f, 0x78,
54 0xd0, 0x83, 0xfc, 0x5d, 0x78, 0xf9, 0x6d, 0xdb,
55 0x16, 0x21, 0x15, 0xa2, 0xc0, 0x30, 0x00, 0x00,
56 0x05, 0xff, 0x01, 0x00, 0x01, 0x00, 0x0b, 0x00,
57 0x0d, 0x47, 0x00, 0x0d, 0x44, 0x00, 0x08, 0xaf,
58 0x30, 0x82, 0x08, 0xab, 0x30, 0x82, 0x07, 0x93,
59 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x0c, 0x6d,
60 0xea, 0x0b, 0xe1, 0x97, 0x27, 0x60, 0xa1, 0x59,
61 0xb1, 0x85, 0x60, 0x30, 0x0d, 0x06, 0x09, 0x2a,
62 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
63 0x05, 0x00, 0x30, 0x66, 0x31, 0x0b, 0x30, 0x09,
64 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x42,
65 0x45, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
66 0x04, 0x0a, 0x13, 0x10, 0x47, 0x6c, 0x6f, 0x62,
67 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x6e,
68 0x76, 0x2d, 0x73, 0x61, 0x31, 0x3c, 0x30, 0x3a,
69 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x33, 0x47,
70 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67,
71 0x6e, 0x20, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69,
72 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x56,
73 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f,
74 0x6e, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x53,
75 0x48, 0x41, 0x32, 0x35, 0x36, 0x20, 0x2d, 0x20,
76 0x47, 0x33, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x30,
77 0x30, 0x38, 0x31, 0x33, 0x32, 0x33, 0x31, 0x38,
78 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30,
79 0x38, 0x31, 0x34, 0x32, 0x33, 0x31, 0x38, 0x34,
80 0x39, 0x5a, 0x30, 0x6a, 0x31, 0x0b, 0x30, 0x09,
81 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
82 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55,
83 0x04, 0x08, 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68,
84 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10,
85 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13,
86 0x07, 0x52, 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64,
87 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
88 0x0a, 0x13, 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f,
89 0x73, 0x6f, 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72,
90 0x70, 0x6f, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e,
91 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
92 0x03, 0x13, 0x0b, 0x6f, 0x75, 0x74, 0x6c, 0x6f,
93 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82,
94 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
95 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05,
96 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82,
97 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc9,
98 0x20, 0x3f, 0x57, 0xb9, 0xf9, 0x71, 0xaa, 0x3c,
99 0x6a, 0x0a, 0x5d, 0x3f, 0xc9, 0x8d, 0x99, 0xa5,
100 0x50, 0x26, 0x25, 0x4e, 0xdc, 0x69, 0x52, 0xb3,
101 0x33, 0x70, 0xe7, 0x72, 0xa2, 0x83, 0x92, 0x54,
102 0xd1, 0xd4, 0x86, 0x15, 0xf2, 0xc4, 0x65, 0xf8,
103 0xbc, 0xe5, 0xd2, 0x1e, 0x12, 0x25, 0x9e, 0x75,
104 0x8e, 0x77, 0xd2, 0x8e, 0x94, 0xca, 0x03, 0x4b,
105 0xf4, 0xc8, 0xca, 0xe3, 0xe3, 0x9b, 0x66, 0xa3,
106 0xa1, 0x37, 0x74, 0xcc, 0xfe, 0xc4, 0x1e, 0x64,
107 0xdc, 0xe3, 0x18, 0xba, 0xc1, 0x7b, 0x39, 0x5b,
108 0xb1, 0x47, 0xe9, 0x11, 0x92, 0xef, 0xee, 0xe6,
109 0x08, 0xcd, 0x93, 0x7b, 0x09, 0xc7, 0x39, 0xfe,
110 0xe5, 0xe2, 0x47, 0x3f, 0x68, 0x78, 0xa4, 0x17,
111 0x78, 0x13, 0xcb, 0x12, 0x38, 0x9d, 0x89, 0x2b,
112 0x1f, 0x75, 0x9b, 0x87, 0x5d, 0x53, 0xfc, 0xb0,
113 0x2a, 0xaf, 0x2d, 0x86, 0x8a, 0x76, 0x3b, 0xce,
114 0x5e, 0xae, 0x43, 0x74, 0x68, 0xc3, 0x28, 0xbf,
115 0x10, 0x2f, 0xdd, 0xd9, 0x43, 0x4b, 0x2d, 0xa6,
116 0xdc, 0x1f, 0x6d, 0x90, 0xd0, 0xce, 0x14, 0x1e,
117 0x6c, 0xdc, 0x7b, 0x06, 0xe4, 0x7b, 0xa9, 0x81,
118 0x40, 0xed, 0xde, 0x18, 0xb7, 0xdf, 0x53, 0x61,
119 0xbc, 0x18, 0x83, 0x11, 0xc7, 0xb4, 0x1b, 0x99,
120 0xef, 0x14, 0xe4, 0x63, 0x39, 0xe3, 0x5c, 0x2f,
121 0xe7, 0x89, 0x58, 0x5b, 0xda, 0x03, 0x3a, 0x39,
122 0x96, 0x8a, 0xca, 0x4f, 0xd8, 0xe3, 0x6c, 0x7f,
123 0x6e, 0xd3, 0xe7, 0x30, 0x34, 0x9c, 0xdb, 0x8b,
124 0xe8, 0x6a, 0xa6, 0x08, 0x77, 0x1d, 0x63, 0xd6,
125 0x57, 0x9d, 0xcd, 0xa7, 0x47, 0x05, 0x39, 0x96,
126 0x7b, 0xfd, 0x9a, 0x09, 0x99, 0xef, 0x49, 0xb1,
127 0x89, 0x02, 0xbe, 0x4f, 0xb8, 0xef, 0xa0, 0x04,
128 0x29, 0x74, 0xfb, 0x9a, 0x7e, 0x9d, 0xa8, 0x10,
129 0xfb, 0x7e, 0xb0, 0x6c, 0x60, 0x4f, 0x57, 0x02,
130 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x05, 0x53,
131 0x30, 0x82, 0x05, 0x4f, 0x30, 0x0e, 0x06, 0x03,
132 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04,
133 0x03, 0x02, 0x05, 0xa0, 0x30, 0x81, 0x9e, 0x06,
134 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
135 0x01, 0x04, 0x81, 0x91, 0x30, 0x81, 0x8e, 0x30,
136 0x4b, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
137 0x07, 0x30, 0x02, 0x86, 0x3f, 0x68, 0x74, 0x74,
138 0x70, 0x3a, 0x2f, 0x2f, 0x73, 0x65, 0x63, 0x75,
139 0x72, 0x65, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61,
140 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f,
141 0x6d, 0x2f, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74,
142 0x2f, 0x67, 0x73, 0x6f, 0x72, 0x67, 0x61, 0x6e,
143 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x76,
144 0x61, 0x6c, 0x73, 0x68, 0x61, 0x32, 0x67, 0x33,
145 0x2e, 0x63, 0x72, 0x74, 0x30, 0x3f, 0x06, 0x08,
146 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01,
147 0x86, 0x33, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
148 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x32, 0x2e, 0x67,
149 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67,
150 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x73,
151 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61,
152 0x74, 0x69, 0x6f, 0x6e, 0x76, 0x61, 0x6c, 0x73,
153 0x68, 0x61, 0x32, 0x67, 0x33, 0x30, 0x56, 0x06,
154 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4f, 0x30, 0x4d,
155 0x30, 0x41, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
156 0x01, 0xa0, 0x32, 0x01, 0x14, 0x30, 0x34, 0x30,
157 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
158 0x07, 0x02, 0x01, 0x16, 0x26, 0x68, 0x74, 0x74,
159 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
160 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x73,
161 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
162 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f,
163 0x72, 0x79, 0x2f, 0x30, 0x08, 0x06, 0x06, 0x67,
164 0x81, 0x0c, 0x01, 0x02, 0x02, 0x30, 0x09, 0x06,
165 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00,
166 0x30, 0x46, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04,
167 0x3f, 0x30, 0x3d, 0x30, 0x3b, 0xa0, 0x39, 0xa0,
168 0x37, 0x86, 0x35, 0x68, 0x74, 0x74, 0x70, 0x3a,
169 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x6c,
170 0x6f, 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e,
171 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x73, 0x6f,
172 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
173 0x69, 0x6f, 0x6e, 0x76, 0x61, 0x6c, 0x73, 0x68,
174 0x61, 0x32, 0x67, 0x33, 0x2e, 0x63, 0x72, 0x6c,
175 0x30, 0x82, 0x02, 0x10, 0x06, 0x03, 0x55, 0x1d,
176 0x11, 0x04, 0x82, 0x02, 0x07, 0x30, 0x82, 0x02,
177 0x03, 0x82, 0x0b, 0x6f, 0x75, 0x74, 0x6c, 0x6f,
178 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x16,
179 0x2a, 0x2e, 0x63, 0x6c, 0x6f, 0x2e, 0x66, 0x6f,
180 0x6f, 0x74, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x64,
181 0x6e, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0d,
182 0x2a, 0x2e, 0x68, 0x6f, 0x74, 0x6d, 0x61, 0x69,
183 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x16, 0x2a,
184 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61,
185 0x6c, 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f,
186 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0a, 0x2a,
187 0x2e, 0x6c, 0x69, 0x76, 0x65, 0x2e, 0x63, 0x6f,
188 0x6d, 0x82, 0x16, 0x2a, 0x2e, 0x6e, 0x72, 0x62,
189 0x2e, 0x66, 0x6f, 0x6f, 0x74, 0x70, 0x72, 0x69,
190 0x6e, 0x74, 0x64, 0x6e, 0x73, 0x2e, 0x63, 0x6f,
191 0x6d, 0x82, 0x0c, 0x2a, 0x2e, 0x6f, 0x66, 0x66,
192 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
193 0x0f, 0x2a, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63,
194 0x65, 0x33, 0x36, 0x35, 0x2e, 0x63, 0x6f, 0x6d,
195 0x82, 0x0d, 0x2a, 0x2e, 0x6f, 0x75, 0x74, 0x6c,
196 0x6f, 0x6f, 0x6b, 0x2e, 0x63, 0x6f, 0x6d, 0x82,
197 0x17, 0x2a, 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f,
198 0x6f, 0x6b, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63,
199 0x65, 0x33, 0x36, 0x35, 0x2e, 0x63, 0x6f, 0x6d,
200 0x82, 0x1b, 0x61, 0x74, 0x74, 0x61, 0x63, 0x68,
201 0x6d, 0x65, 0x6e, 0x74, 0x2e, 0x6f, 0x75, 0x74,
202 0x6c, 0x6f, 0x6f, 0x6b, 0x2e, 0x6c, 0x69, 0x76,
203 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x1d, 0x61,
204 0x74, 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65, 0x6e,
205 0x74, 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f,
206 0x6b, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65,
207 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x20, 0x61, 0x74,
208 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65, 0x6e, 0x74,
209 0x2e, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f, 0x6b,
210 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65, 0x70,
211 0x70, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x16,
212 0x61, 0x74, 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65,
213 0x6e, 0x74, 0x73, 0x2e, 0x6f, 0x66, 0x66, 0x69,
214 0x63, 0x65, 0x2e, 0x6e, 0x65, 0x74, 0x82, 0x1a,
215 0x61, 0x74, 0x74, 0x61, 0x63, 0x68, 0x6d, 0x65,
216 0x6e, 0x74, 0x73, 0x2d, 0x73, 0x64, 0x66, 0x2e,
217 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65, 0x2e, 0x6e,
218 0x65, 0x74, 0x82, 0x1d, 0x63, 0x63, 0x73, 0x2e,
219 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x2e, 0x6d, 0x69,
220 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x6f,
221 0x6e, 0x6c, 0x69, 0x6e, 0x65, 0x2e, 0x63, 0x6f,
222 0x6d, 0x82, 0x21, 0x63, 0x63, 0x73, 0x2d, 0x73,
223 0x64, 0x66, 0x2e, 0x6c, 0x6f, 0x67, 0x69, 0x6e,
224 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f,
225 0x66, 0x74, 0x6f, 0x6e, 0x6c, 0x69, 0x6e, 0x65,
226 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x0b, 0x68, 0x6f,
227 0x74, 0x6d, 0x61, 0x69, 0x6c, 0x2e, 0x63, 0x6f,
228 0x6d, 0x82, 0x16, 0x6d, 0x61, 0x69, 0x6c, 0x2e,
229 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73,
230 0x2e, 0x6c, 0x69, 0x76, 0x65, 0x2e, 0x63, 0x6f,
231 0x6d, 0x82, 0x0d, 0x6f, 0x66, 0x66, 0x69, 0x63,
232 0x65, 0x33, 0x36, 0x35, 0x2e, 0x63, 0x6f, 0x6d,
233 0x82, 0x12, 0x6f, 0x75, 0x74, 0x6c, 0x6f, 0x6f,
234 0x6b, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65,
235 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14, 0x73, 0x75,
236 0x62, 0x73, 0x74, 0x72, 0x61, 0x74, 0x65, 0x2e,
237 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65, 0x2e, 0x63,
238 0x6f, 0x6d, 0x82, 0x18, 0x73, 0x75, 0x62, 0x73,
239 0x74, 0x72, 0x61, 0x74, 0x65, 0x2d, 0x73, 0x64,
240 0x66, 0x2e, 0x6f, 0x66, 0x66, 0x69, 0x63, 0x65,
241 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1d, 0x06, 0x03,
242 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06,
243 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
244 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
245 0x07, 0x03, 0x02, 0x30, 0x1f, 0x06, 0x03, 0x55,
246 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
247 0x68, 0x86, 0xb8, 0x7d, 0x7a, 0xd9, 0x6d, 0x49,
248 0x6b, 0x87, 0x2f, 0x18, 0x8b, 0x15, 0x34, 0x6c,
249 0xd7, 0xb4, 0x7a, 0x0e, 0x30, 0x1d, 0x06, 0x03,
250 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x8a,
251 0x7c, 0x73, 0x44, 0x70, 0xa8, 0x4d, 0x83, 0x25,
252 0x6f, 0xa6, 0x53, 0xda, 0x42, 0x52, 0x96, 0xc9,
253 0x15, 0x71, 0x21, 0x30, 0x82, 0x01, 0x7c, 0x06,
254 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79,
255 0x02, 0x04, 0x02, 0x04, 0x82, 0x01, 0x6c, 0x04,
256 0x82, 0x01, 0x68, 0x01, 0x66, 0x00, 0x76, 0x00,
257 0x22, 0x45, 0x45, 0x07, 0x59, 0x55, 0x24, 0x56,
258 0x96, 0x3f, 0xa1, 0x2f, 0xf1, 0xf7, 0x6d, 0x86,
259 0xe0, 0x23, 0x26, 0x63, 0xad, 0xc0, 0x4b, 0x7f,
260 0x5d, 0xc6, 0x83, 0x5c, 0x6e, 0xe2, 0x0f, 0x02,
261 0x00, 0x00, 0x01, 0x73, 0xea, 0x1e, 0x7d, 0x2f,
262 0x00, 0x00, 0x04, 0x03, 0x00, 0x47, 0x30, 0x45,
263 0x02, 0x21, 0x00, 0xf4, 0x50, 0x8f, 0xe7, 0x38,
264 0xc9, 0x7a, 0xd1, 0xf7, 0xf7, 0x69, 0xc5, 0x05,
265 0xea, 0x8e, 0x03, 0x80, 0x2c, 0x87, 0x06, 0x03,
266 0xb6, 0x9b, 0xe6, 0xa5, 0x83, 0x2f, 0xb9, 0xaf,
267 0x7b, 0xb4, 0xac, 0x02, 0x20, 0x51, 0xa6, 0x8f,
268 0xe8, 0xe5, 0x6c, 0xa7, 0xff, 0x16, 0x01, 0x7e,
269 0x15, 0x42, 0x11, 0x31, 0xdc, 0xdc, 0xc7, 0x37,
270 0x7c, 0x64, 0x2c, 0xac, 0xdd, 0x42, 0xbb, 0x3c,
271 0x79, 0x31, 0x74, 0xcc, 0x9d, 0x00, 0x75, 0x00,
272 0x29, 0x79, 0xbe, 0xf0, 0x9e, 0x39, 0x39, 0x21,
273 0xf0, 0x56, 0x73, 0x9f, 0x63, 0xa5, 0x77, 0xe5,
274 0xbe, 0x57, 0x7d, 0x9c, 0x60, 0x0a, 0xf8, 0xf9,
275 0x4d, 0x5d, 0x26, 0x5c, 0x25, 0x5d, 0xc7, 0x84,
276 0x00, 0x00, 0x01, 0x73, 0xea, 0x1e, 0x7a, 0xa7,
277 0x00, 0x00, 0x04, 0x03, 0x00, 0x46, 0x30, 0x44,
278 0x02, 0x20, 0x03, 0xf1, 0x19, 0xd7, 0x0f, 0x2f,
279 0xc4, 0xa9, 0x84, 0xa0, 0x33, 0xd4, 0x76, 0xa6,
280 0xee, 0xf1, 0xae, 0xe0, 0x03, 0xe7, 0xae, 0x98,
281 0x43, 0x17, 0xb0, 0x0f, 0xfb, 0x12, 0xbb, 0x13,
282 0xda, 0x34, 0x02, 0x20, 0x10, 0xe6, 0xa9, 0x1d,
283 0x8b, 0x1c, 0x64, 0xd4, 0xc9, 0xf7, 0xc0, 0x3d,
284 0x3c, 0x77, 0x49, 0xb1, 0x08, 0x3d, 0x1d, 0x5e,
285 0x34, 0xf9, 0xd9, 0x10, 0x7c, 0x74, 0x6b, 0x18,
286 0xc6, 0x5e, 0x6d, 0x07, 0x00, 0x75, 0x00, 0x55,
287 0x81, 0xd4, 0xc2, 0x16, 0x90, 0x36, 0x01, 0x4a,
288 0xea, 0x0b, 0x9b, 0x57, 0x3c, 0x53, 0xf0, 0xc0,
289 0xe4, 0x38, 0x78, 0x70, 0x25, 0x08, 0x17, 0x2f,
290 0xa3, 0xaa, 0x1d, 0x07, 0x13, 0xd3, 0x0c, 0x00,
291 0x00, 0x01, 0x73, 0xea, 0x1e, 0x7d, 0xae, 0x00,
292 0x00, 0x04, 0x03, 0x00, 0x46, 0x30, 0x44, 0x02,
293 0x20, 0x26, 0x21, 0x64, 0xdb, 0xa6, 0xe2, 0x3d,
294 0x32, 0x7d, 0x9f, 0xa8, 0xae, 0xb7, 0x29, 0xb7,
295 0x42, 0x9b, 0x49, 0xaa, 0xf5, 0xa5, 0xc0, 0x12,
296 0x01, 0xa1, 0xb6, 0xe7, 0xf2, 0x01, 0xd4, 0x2f,
297 0x45, 0x02, 0x20, 0x4e, 0x19, 0xba, 0x47, 0x75,
298 0x8b, 0x49, 0xd7, 0x4b, 0xba, 0x04, 0x62, 0xdd,
299 0xa2, 0xb7, 0x6b, 0x05, 0xd0, 0x01, 0x1f, 0x7c,
300 0x36, 0x17, 0x27, 0x29, 0xb2, 0x17, 0x1c, 0x7f,
301 0x10, 0x81, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a,
302 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b,
303 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x26,
304 0xf4, 0xa3, 0x77, 0x1d, 0xdc, 0x9e, 0xc4, 0x1a,
305 0x88, 0x23, 0x30, 0x8c, 0xe1, 0x14, 0xf9, 0x62,
306 0x0e, 0xbf, 0xad, 0x24, 0xc9, 0xab, 0xab, 0xd0,
307 0x68, 0x8b, 0xbc, 0xf1, 0xec, 0x1c, 0xd0, 0x96,
308 0xad, 0xf9, 0x5f, 0xdd, 0xe0, 0xee, 0xa8, 0xe0,
309 0x2c, 0x3a, 0x19, 0xa5, 0x68, 0x0c, 0x6e, 0xfe,
310 0xe6, 0x80, 0xce, 0xa3, 0x3b, 0x6c, 0x00, 0x88,
311 0x5c, 0xbf, 0x3c, 0xd8, 0x68, 0x08, 0x36, 0xb9,
312 0x9e, 0x84, 0x9b, 0x5f, 0x97, 0xfb, 0x77, 0xea,
313 0x72, 0xfb, 0x73, 0x47, 0x00, 0xb0, 0xa8, 0x7c,
314 0x64, 0x38, 0xf1, 0xcc, 0xc0, 0x29, 0x71, 0x67,
315 0x65, 0x76, 0x4c, 0x80, 0x58, 0x97, 0xc8, 0x62,
316 0x63, 0x3e, 0xf1, 0x3e, 0xc0, 0x0e, 0x48, 0x5f,
317 0x55, 0x21, 0x8f, 0x96, 0x68, 0xbd, 0x41, 0x14,
318 0x7a, 0x0b, 0x8c, 0x31, 0x5b, 0x39, 0xac, 0xa3,
319 0xa0, 0x99, 0x58, 0x24, 0xfa, 0xd9, 0x19, 0x32,
320 0x1c, 0x9f, 0x2d, 0xa9, 0xed, 0xb9, 0x97, 0xa4,
321 0x66, 0x30, 0x29, 0xd8, 0x82, 0xa2, 0xf5, 0xfc,
322 0x6d, 0x10, 0xf1, 0xac, 0x1d, 0x3f, 0xfb, 0xde,
323 0xa1, 0x0e, 0xb6, 0x84, 0x90, 0xd4, 0x55, 0x5c,
324 0x21, 0x1b, 0x1f, 0x21, 0x45, 0x92, 0xc5, 0x9a,
325 0x47, 0x05, 0x0f, 0xb8, 0x1c, 0x78, 0x6e, 0xb9,
326 0x6b, 0xa3, 0xa9, 0x8d, 0xb1, 0x59, 0xff, 0xf4,
327 0xe6, 0x71, 0x77, 0x38, 0x12, 0xfe, 0x41, 0x8f,
328 0x04, 0x92, 0x08, 0x3f, 0x32, 0x2a, 0x92, 0x5e,
329 0x0a, 0x7b, 0x7e, 0x04, 0xee, 0x24, 0x10, 0x39,
330 0xf3, 0xac, 0x5e, 0x04, 0x93, 0x91, 0xa2, 0x8f,
331 0x90, 0x04, 0x33, 0x5c, 0x5c, 0x94, 0xb3, 0x80,
332 0x2b, 0x43, 0xbf, 0xe3, 0x74, 0x64, 0x20, 0xf4,
333 0x00, 0xb2, 0x6c, 0x7b, 0xa8, 0x77, 0xfb, 0x74,
334 0x35, 0xce, 0xdd, 0xb6, 0x5f, 0x83, 0x18, 0xc4,
335 0xe7, 0x31, 0x1a, 0x8d, 0x30, 0x0d, 0xc4, 0x00,
336 0x04, 0x8f, 0x30, 0x82, 0x04, 0x8b, 0x30, 0x82,
337 0x03, 0x73, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
338 0x0e, 0x47, 0x07, 0xb1, 0x01, 0x9a, 0x0c, 0x57,
339 0xad, 0x39, 0xb3, 0xe1, 0x7d, 0xa9, 0xf9, 0x30,
340 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
341 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x57,
342 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
343 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19, 0x30,
344 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x10,
345 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x69,
346 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73, 0x61,
347 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
348 0x0b, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20,
349 0x43, 0x41, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03,
350 0x55, 0x04, 0x03, 0x13, 0x12, 0x47, 0x6c, 0x6f,
351 0x62, 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20,
352 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x30,
353 0x1e, 0x17, 0x0d, 0x31, 0x35, 0x30, 0x39, 0x30,
354 0x34, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
355 0x17, 0x0d, 0x32, 0x35, 0x30, 0x39, 0x30, 0x34,
356 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x30,
357 0x66, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
358 0x04, 0x06, 0x13, 0x02, 0x42, 0x45, 0x31, 0x19,
359 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13,
360 0x10, 0x47, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53,
361 0x69, 0x67, 0x6e, 0x20, 0x6e, 0x76, 0x2d, 0x73,
362 0x61, 0x31, 0x3c, 0x30, 0x3a, 0x06, 0x03, 0x55,
363 0x04, 0x03, 0x13, 0x33, 0x47, 0x6c, 0x6f, 0x62,
364 0x61, 0x6c, 0x53, 0x69, 0x67, 0x6e, 0x20, 0x4f,
365 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74,
366 0x69, 0x6f, 0x6e, 0x20, 0x56, 0x61, 0x6c, 0x69,
367 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x43,
368 0x41, 0x20, 0x2d, 0x20, 0x53, 0x48, 0x41, 0x32,
369 0x35, 0x36, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30,
370 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a,
371 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
372 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
373 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00,
374 0xc9, 0x86, 0xa2, 0x05, 0x3e, 0xec, 0x77, 0x4d,
375 0x79, 0x42, 0x81, 0xf2, 0xc5, 0x46, 0xa9, 0xc2,
376 0x9b, 0xf9, 0x57, 0xa9, 0x48, 0xdd, 0x3c, 0x3b,
377 0xe2, 0x16, 0x47, 0x83, 0x15, 0x0c, 0x36, 0x88,
378 0x61, 0xb3, 0xc8, 0xb9, 0xd5, 0x20, 0x97, 0xb6,
379 0xfe, 0x07, 0x30, 0x01, 0x9e, 0x01, 0x3a, 0xf9,
380 0x50, 0x87, 0xa0, 0x4f, 0x60, 0xcc, 0x90, 0xf6,
381 0xdd, 0x1f, 0xa6, 0xc7, 0x55, 0x00, 0x6c, 0x54,
382 0x31, 0x5f, 0x02, 0x9a, 0xf7, 0x7f, 0x07, 0x9a,
383 0xd2, 0x22, 0x53, 0x05, 0xcd, 0x9f, 0xc7, 0xbb,
384 0x7b, 0x59, 0x3b, 0x8a, 0xb2, 0x93, 0x78, 0x0d,
385 0x43, 0x02, 0x92, 0x76, 0xa5, 0x29, 0xf8, 0x7c,
386 0x9d, 0x5c, 0x3a, 0xa2, 0xf8, 0x52, 0x72, 0x22,
387 0x45, 0x91, 0xfd, 0x90, 0x12, 0x28, 0x4d, 0x75,
388 0xe4, 0xdd, 0xaa, 0x79, 0x58, 0x68, 0x6f, 0x2a,
389 0x7e, 0x7b, 0xef, 0xd1, 0x9e, 0x7f, 0x52, 0xdc,
390 0xcb, 0x1c, 0x48, 0xe2, 0x3e, 0x4d, 0x5c, 0x47,
391 0x7a, 0xb4, 0xf1, 0xce, 0xff, 0xd9, 0x60, 0x2b,
392 0x77, 0xd1, 0x62, 0x22, 0x2d, 0xa9, 0x5a, 0x06,
393 0x16, 0xee, 0x37, 0x6a, 0x51, 0xcf, 0x8e, 0xa5,
394 0xd1, 0x6e, 0x70, 0x4a, 0xf0, 0xd8, 0x63, 0x60,
395 0x6a, 0x72, 0x55, 0xd7, 0xf1, 0x99, 0x38, 0x86,
396 0x44, 0x67, 0x18, 0xe0, 0x71, 0x8e, 0xc1, 0x40,
397 0x6d, 0x85, 0xda, 0x4b, 0xdd, 0x31, 0x73, 0xbc,
398 0x32, 0xcc, 0x6f, 0x8e, 0x7b, 0xb9, 0x8d, 0x4b,
399 0x80, 0xda, 0xb9, 0xc7, 0xc6, 0x24, 0x83, 0x5e,
400 0x32, 0xfb, 0x87, 0xe9, 0x8b, 0x61, 0x67, 0xa2,
401 0x99, 0x76, 0xdb, 0xa5, 0xaa, 0xb4, 0xe8, 0x6c,
402 0x41, 0x9f, 0x5f, 0x2a, 0xb3, 0xd5, 0x7d, 0xd7,
403 0x92, 0xc8, 0x27, 0x4b, 0xec, 0x1f, 0xda, 0x05,
404 0x6d, 0x88, 0x73, 0x8f, 0x06, 0xb2, 0x38, 0x3d,
405 0x03, 0xa2, 0xe1, 0x87, 0x86, 0x3c, 0xc6, 0xa1,
406 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01,
407 0x44, 0x30, 0x82, 0x01, 0x40, 0x30, 0x0e, 0x06,
408 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04,
409 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06,
410 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14,
411 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
412 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
413 0x05, 0x07, 0x03, 0x02, 0x30, 0x12, 0x06, 0x03,
414 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08,
415 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00,
416 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
417 0x16, 0x04, 0x14, 0x68, 0x86, 0xb8, 0x7d, 0x7a,
418 0xd9, 0x6d, 0x49, 0x6b, 0x87, 0x2f, 0x18, 0x8b,
419 0x15, 0x34, 0x6c, 0xd7, 0xb4, 0x7a, 0x0e, 0x30,
420 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
421 0x30, 0x16, 0x80, 0x14, 0x60, 0x7b, 0x66, 0x1a,
422 0x45, 0x0d, 0x97, 0xca, 0x89, 0x50, 0x2f, 0x7d,
423 0x04, 0xcd, 0x34, 0xa8, 0xff, 0xfc, 0xfd, 0x4b,
424 0x30, 0x3d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
425 0x05, 0x07, 0x01, 0x01, 0x04, 0x31, 0x30, 0x2f,
426 0x30, 0x2d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05,
427 0x05, 0x07, 0x30, 0x01, 0x86, 0x21, 0x68, 0x74,
428 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73,
429 0x70, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c,
430 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f, 0x6d,
431 0x2f, 0x72, 0x6f, 0x6f, 0x74, 0x72, 0x31, 0x30,
432 0x33, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x2c,
433 0x30, 0x2a, 0x30, 0x28, 0xa0, 0x26, 0xa0, 0x24,
434 0x86, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f,
435 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x67, 0x6c, 0x6f,
436 0x62, 0x61, 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e,
437 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x6f, 0x6f, 0x74,
438 0x2e, 0x63, 0x72, 0x6c, 0x30, 0x47, 0x06, 0x03,
439 0x55, 0x1d, 0x20, 0x04, 0x40, 0x30, 0x3e, 0x30,
440 0x3c, 0x06, 0x04, 0x55, 0x1d, 0x20, 0x00, 0x30,
441 0x34, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01,
442 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x26, 0x68,
443 0x74, 0x74, 0x70, 0x73, 0x3a, 0x2f, 0x2f, 0x77,
444 0x77, 0x77, 0x2e, 0x67, 0x6c, 0x6f, 0x62, 0x61,
445 0x6c, 0x73, 0x69, 0x67, 0x6e, 0x2e, 0x63, 0x6f,
446 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69,
447 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x30, 0x0d, 0x06,
448 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,
449 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
450 0x00, 0x9a, 0xb9, 0x82, 0x1c, 0xdd, 0x83, 0x83,
451 0x8b, 0x92, 0xc0, 0xc4, 0xed, 0x01, 0xad, 0x84,
452 0xfc, 0x4e, 0xee, 0x6d, 0x9c, 0x1d, 0x01, 0xfa,
453 0x52, 0x14, 0xdb, 0xd8, 0xc2, 0x10, 0x63, 0x9f,
454 0x6b, 0x39, 0x9a, 0xc7, 0x1c, 0x3c, 0xa0, 0xaa,
455 0xe3, 0x19, 0x3a, 0xfc, 0x64, 0x46, 0x2a, 0xef,
456 0x35, 0x26, 0x03, 0xf6, 0x05, 0x67, 0xfa, 0x6e,
457 0x74, 0xe1, 0x46, 0xfb, 0x40, 0xd8, 0x6f, 0xae,
458 0x2d, 0x39, 0x21, 0x74, 0x86, 0x9f, 0x00, 0x05,
459 0x1a, 0x3f, 0x2f, 0x93, 0x5b, 0xd4, 0xa4, 0x45,
460 0xbc, 0x3d, 0x0c, 0x29, 0x17, 0x5a, 0xd3, 0xfb,
461 0x68, 0xa6, 0x0f, 0xe0, 0x00, 0x68, 0x79, 0xb0,
462 0x4c, 0xb1, 0x45, 0x8b, 0xc8, 0x85, 0x8c, 0x67,
463 0x0e, 0x8c, 0x7d, 0x54, 0xf8, 0xb0, 0x75, 0xce,
464 0x0a, 0xac, 0x1d, 0xd7, 0x6b, 0x44, 0xac, 0xfe,
465 0x1b, 0xd4, 0xa6, 0x98, 0x21, 0x09, 0x3e, 0xa2,
466 0x4b, 0x33, 0xba, 0xba, 0x4b, 0x12, 0xa8, 0x6b,
467 0x57, 0x27, 0x9d, 0xfa, 0x94, 0x80, 0xb4, 0x68,
468 0x4c, 0x77, 0x60, 0xff, 0xd7, 0x29, 0x5a, 0x38,
469 0x3d, 0xce, 0x2d, 0x4b, 0x08, 0x56, 0x9f, 0x69,
470 0xcb, 0x7b, 0xd8, 0xe2, 0x36, 0xf9, 0x37, 0x69,
471 0xc5, 0xce, 0x36, 0x97, 0x1c, 0xba, 0x0d, 0x3f,
472 0x15, 0xb3, 0x65, 0xa0, 0xec, 0x74, 0x12, 0xbd,
473 0xb3, 0xad, 0xe8, 0xde, 0x9e, 0xa1, 0xec, 0xd3,
474 0xbf, 0xa9, 0xe0, 0xa5, 0x91, 0x6d, 0x83, 0x59,
475 0x12, 0x56, 0x2f, 0x13, 0xa6, 0x7e, 0x79, 0x73,
476 0xa1, 0xa3, 0x89, 0xd5, 0xe1, 0xa5, 0x8c, 0xce,
477 0x2d, 0xac, 0x8a, 0xcf, 0x62, 0x16, 0x65, 0xcd,
478 0xd9, 0xee, 0xa8, 0xb6, 0x40, 0x08, 0xb5, 0x7c,
479 0x50, 0xf9, 0x37, 0x82, 0x7a, 0xa4, 0x0b, 0x34,
480 0x66, 0xec, 0xe9, 0x97, 0x57, 0x1f, 0x8a, 0x67,
481 0x3e, 0x81, 0xbc, 0x3b, 0x35, 0xd3, 0x2a, 0x48,
482 0x0c, 0x0c, 0x00, 0x01, 0x69, 0x03, 0x00, 0x18,
483 0x61, 0x04, 0xb7, 0xa9, 0xbd, 0x74, 0x71, 0xd5,
484 0x68, 0xbf, 0xd8, 0xa6, 0x84, 0x12, 0xaf, 0x8f,
485 0xd4, 0x2c, 0xcf, 0xf9, 0x72, 0x2b, 0x8c, 0x6c,
486 0x73, 0xa3, 0x13, 0x74, 0xdb, 0x83, 0x3e, 0xa6,
487 0xf4, 0x1b, 0xee, 0xa9, 0x34, 0xe5, 0x65, 0xa7,
488 0xaf, 0xef, 0xf2, 0xac, 0xfb, 0x87, 0xb4, 0xdb,
489 0x8b, 0x05, 0x4f, 0xe8, 0x25, 0x3d, 0x32, 0x65,
490 0xda, 0x47, 0xd8, 0xd2, 0x86, 0xad, 0x9b, 0x37,
491 0xbc, 0x45, 0xef, 0xb6, 0x91, 0xa2, 0x71, 0x2f,
492 0x13, 0x68, 0xfa, 0xa7, 0x20, 0xe4, 0x8a, 0xa8,
493 0x9b, 0xbe, 0xf6, 0x7c, 0xc8, 0x16, 0xd4, 0x50,
494 0x9d, 0x63, 0xb3, 0xf4, 0x6e, 0xd3, 0x8f, 0x32,
495 0x68, 0x66, 0x04, 0x01, 0x01, 0x00, 0xaa, 0xcb,
496 0x90, 0xbd, 0x94, 0x10, 0xab, 0xfc, 0x30, 0x1d,
497 0x68, 0x1c, 0xb4, 0x21, 0xcf, 0x73, 0xa5, 0x4b,
498 0x20, 0x94, 0xde, 0x66, 0x99, 0x54, 0x3f, 0xba,
499 0x40, 0x58, 0x50, 0xe3, 0x64, 0x53, 0x90, 0x9e,
500 0xf8, 0x67, 0xcc, 0x85, 0x4a, 0xdc, 0xd8, 0xd7,
501 0xc8, 0xb5, 0xe0, 0x92, 0x02, 0x6b, 0xa8, 0x76,
502 0x67, 0xc5, 0xae, 0x12, 0x56, 0xff, 0xd1, 0xda,
503 0xc0, 0x48, 0x17, 0x99, 0xc9, 0xbe, 0x02, 0xc6,
504 0x9e, 0x5c, 0xd9, 0x44, 0x3f, 0x06, 0xbd, 0x98,
505 0xe3, 0x4d, 0x46, 0x10, 0xe8, 0x20, 0xed, 0x7b,
506 0xcd, 0x73, 0xed, 0x03, 0x6a, 0x4c, 0x49, 0xaf,
507 0xbe, 0xa3, 0xe0, 0xab, 0x9a, 0xb8, 0xf8, 0x06,
508 0x25, 0x31, 0x8d, 0x32, 0x44, 0xfd, 0xd6, 0xb0,
509 0xd4, 0x6c, 0x9a, 0x2a, 0x0f, 0xab, 0xe2, 0x13,
510 0x10, 0x6d, 0x41, 0x0b, 0x97, 0x74, 0xa0, 0x04,
511 0x16, 0x60, 0xf1, 0x8e, 0x74, 0xf3, 0x91, 0x75,
512 0x2b, 0x92, 0x2b, 0xc7, 0x5b, 0x6f, 0x1d, 0x70,
513 0xe2, 0xc6, 0x9a, 0x7d, 0x66, 0x55, 0x98, 0x01,
514 0x71, 0xb8, 0xdd, 0xf4, 0x70, 0xc9, 0x74, 0x56,
515 0xcc, 0xa5, 0x2c, 0x51, 0x70, 0x72, 0xc2, 0x44,
516 0xb9, 0x59, 0xc3, 0xc3, 0xf8, 0x29, 0x4e, 0x79,
517 0x40, 0x9b, 0x30, 0x35, 0x66, 0xb2, 0xd8, 0x7d,
518 0xfe, 0x65, 0x6b, 0xf0, 0x17, 0xa3, 0x13, 0xc7,
519 0xc7, 0xc6, 0x48, 0xb2, 0xae, 0x4f, 0x26, 0x0b,
520 0x8a, 0x40, 0xaa, 0x06, 0x65, 0x8a, 0x95, 0x00,
521 0xc4, 0xc9, 0xfd, 0x69, 0x0a, 0xa9, 0x0a, 0x18,
522 0xff, 0x95, 0x40, 0xab, 0x84, 0x75, 0xfe, 0x11,
523 0xb1, 0x6f, 0xca, 0x5e, 0xf7, 0xe4, 0x1d, 0x8d,
524 0x08, 0x1c, 0xd3, 0x95, 0xf4, 0x9b, 0x17, 0x41,
525 0xa8, 0x8f, 0x6e, 0xfa, 0x6c, 0x43, 0x60, 0x39,
526 0x0a, 0xa2, 0x7e, 0xdf, 0x3e, 0x74, 0xc2, 0xbf,
527 0xaf, 0x96, 0x96, 0xbd, 0x21, 0x4b, 0x0d, 0x00,
528 0x00, 0x1a, 0x03, 0x01, 0x02, 0x40, 0x00, 0x12,
529 0x04, 0x01, 0x05, 0x01, 0x02, 0x01, 0x04, 0x03,
530 0x05, 0x03, 0x02, 0x03, 0x02, 0x02, 0x06, 0x01,
531 0x06, 0x03, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00,
532};
533
534struct tlslegacy_client_test {
535 const unsigned char *desc;
536 unsigned char *server_response;
537 const size_t server_response_len;
538 const SSL_METHOD *(*ssl_method)(void);
539 int want_state;
540};
541
542static struct tlslegacy_client_test tlslegacy_client_tests[] = {
543 {
544 .desc = "TLSv1.2 legacy fallback",
545 .server_response = tls12_server_response,
546 .server_response_len = sizeof(tls12_server_response),
547 .ssl_method = TLS_client_method,
548 .want_state = SSL3_ST_CR_CERT_A,
549 },
550 {
551 .desc = "TLSv1.2 legacy fallback with server cert",
552 .server_response = tls12_server_response_with_cert,
553 .server_response_len = sizeof(tls12_server_response_with_cert),
554 .ssl_method = TLS_client_method,
555 .want_state = SSL3_ST_CR_KEY_EXCH_B,
556 },
557};
558
559#define N_TLSLEGACY_CLIENT_TESTS \
560 (sizeof(tlslegacy_client_tests) / sizeof(*tlslegacy_client_tests))
561
562static int
563tlslegacy_client_test(int testno, struct tlslegacy_client_test *tct)
564{
565 BIO *rbio = NULL, *wbio = NULL;
566 SSL_CTX *ssl_ctx = NULL;
567 SSL *ssl = NULL;
568 int ret = 1;
569
570 fprintf(stderr, "Test %i - %s\n", testno, tct->desc);
571
572 if ((rbio = BIO_new_mem_buf(tct->server_response,
573 tct->server_response_len)) == NULL) {
574 fprintf(stderr, "Failed to setup rbio\n");
575 goto failure;
576 }
577 if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
578 fprintf(stderr, "Failed to setup wbio\n");
579 goto failure;
580 }
581
582 if ((ssl_ctx = SSL_CTX_new(tct->ssl_method())) == NULL) {
583 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
584 goto failure;
585 }
586
587 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
588 fprintf(stderr, "SSL_new() returned NULL\n");
589 goto failure;
590 }
591
592 rbio->references = 2;
593 wbio->references = 2;
594
595 SSL_set_bio(ssl, rbio, wbio);
596
597 if (SSL_connect(ssl) == 1) {
598 fprintf(stderr, "SSL_connect() succeeded\n");
599 goto failure;
600 }
601
602 if (SSL_state(ssl) != tct->want_state) {
603 fprintf(stderr, "FAIL: Got SSL state %x, want %x",
604 SSL_state(ssl), tct->want_state);
605 goto failure;
606 }
607
608 ret = 0;
609
610 failure:
611 SSL_CTX_free(ssl_ctx);
612 SSL_free(ssl);
613
614 rbio->references = 1;
615 wbio->references = 1;
616
617 BIO_free(rbio);
618 BIO_free(wbio);
619
620 return (ret);
621}
622
623int
624main(int argc, char **argv)
625{
626 int failed = 0;
627 size_t i;
628
629 for (i = 0; i < N_TLSLEGACY_CLIENT_TESTS; i++)
630 failed |= tlslegacy_client_test(i, &tlslegacy_client_tests[i]);
631
632 return (failed);
633}
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile
deleted file mode 100644
index a1935bbd88..0000000000
--- a/src/regress/lib/libssl/unit/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
1# $OpenBSD: Makefile,v 1.12 2021/05/03 23:42:04 inoguchi Exp $
2
3TEST_CASES+= cipher_list
4TEST_CASES+= ssl_get_shared_ciphers
5TEST_CASES+= ssl_methods
6TEST_CASES+= ssl_versions
7TEST_CASES+= tls_ext_alpn
8TEST_CASES+= tls_prf
9
10REGRESS_TARGETS= all_tests
11
12WARNINGS= Yes
13LDLIBS= ${SSL_INT} -lcrypto
14CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
15CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\"
16CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
17
18CLEANFILES+= ${TEST_CASES}
19
20all_tests: ${TEST_CASES}
21 @for test in $>; do \
22 ./$$test; \
23 done
24
25${TEST_CASES}: ${LIBSSL} ${LIBCRYPTO}
26
27.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/unit/cipher_list.c b/src/regress/lib/libssl/unit/cipher_list.c
deleted file mode 100644
index 9a5d978140..0000000000
--- a/src/regress/lib/libssl/unit/cipher_list.c
+++ /dev/null
@@ -1,204 +0,0 @@
1/* $OpenBSD: cipher_list.c,v 1.10 2021/01/09 12:39:22 tb Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19/*
20 * Test TLS ssl bytes (aka cipher suites) to cipher list and back.
21 *
22 * TLSv1.0 - RFC 2246 section 7.4.1.2 (ClientHello struct)
23 * TLSv1.1 - RFC 4346 section 7.4.1.2 (ClientHello struct)
24 * TLSv1.2 - RFC 5246 section 7.4.1.2 (ClientHello struct)
25 *
26 * In all of these standards, the relevant structures are:
27 *
28 * uint8 CipherSuite[2];
29 *
30 * struct {
31 * ...
32 * CipherSuite cipher_suites<2..2^16-2>
33 * ...
34 * } ClientHello;
35 */
36
37#include <openssl/ssl.h>
38
39#include <stdio.h>
40#include <string.h>
41
42#include "ssl_locl.h"
43
44#include "tests.h"
45
46static uint8_t cipher_bytes[] = {
47 0xcc, 0xa8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
48 0xcc, 0xa9, /* ECDHE-RSA-CHACHA20-POLY1305 */
49 0xcc, 0xaa, /* DHE-RSA-CHACHA20-POLY1305 */
50 0x00, 0x9c, /* AES128-GCM-SHA256 */
51 0x00, 0x3d, /* AES256-SHA256 */
52};
53
54static uint16_t cipher_values[] = {
55 0xcca8, /* ECDHE-ECDSA-CHACHA20-POLY1305 */
56 0xcca9, /* ECDHE-RSA-CHACHA20-POLY1305 */
57 0xccaa, /* DHE-RSA-CHACHA20-POLY1305 */
58 0x009c, /* AES128-GCM-SHA256 */
59 0x003d, /* AES256-SHA256 */
60};
61
62#define N_CIPHERS (sizeof(cipher_bytes) / 2)
63
64static int
65ssl_bytes_to_list_alloc(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
66{
67 SSL_CIPHER *cipher;
68 uint16_t value;
69 CBS cbs;
70 int i;
71
72 CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes));
73
74 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
75 CHECK(*ciphers != NULL);
76 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
77 for (i = 0; i < sk_SSL_CIPHER_num(*ciphers); i++) {
78 cipher = sk_SSL_CIPHER_value(*ciphers, i);
79 CHECK(cipher != NULL);
80 value = SSL_CIPHER_get_value(cipher);
81 CHECK(value == cipher_values[i]);
82 }
83
84 return 1;
85}
86
87static int
88ssl_list_to_bytes_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
89{
90 CBB cbb;
91 unsigned char *buf = NULL;
92 size_t buflen, outlen;
93 int ret = 0;
94
95 /* Space for cipher bytes, plus reneg SCSV and two spare bytes. */
96 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
97 buflen = sizeof(cipher_bytes) + 2 + 2;
98 CHECK((buf = calloc(1, buflen)) != NULL);
99
100 CHECK(CBB_init_fixed(&cbb, buf, buflen));
101 CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
102 CHECK(CBB_finish(&cbb, NULL, &outlen));
103
104 CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
105 CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
106 CHECK_GOTO(buf[buflen - 4] == 0x00 && buf[buflen - 3] == 0xff);
107 CHECK_GOTO(buf[buflen - 2] == 0x00 && buf[buflen - 1] == 0x00);
108
109 ret = 1;
110
111err:
112 free(buf);
113 return ret;
114}
115
116static int
117ssl_list_to_bytes_no_scsv(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
118{
119 CBB cbb;
120 unsigned char *buf = NULL;
121 size_t buflen, outlen;
122 int ret = 0;
123
124 /* Space for cipher bytes and two spare bytes */
125 CHECK(sk_SSL_CIPHER_num(*ciphers) == N_CIPHERS);
126 buflen = sizeof(cipher_bytes) + 2;
127 CHECK((buf = calloc(1, buflen)) != NULL);
128 buf[buflen - 2] = 0xfe;
129 buf[buflen - 1] = 0xab;
130
131 /* Set renegotiate so it doesn't add SCSV */
132 s->internal->renegotiate = 1;
133
134 CHECK(CBB_init_fixed(&cbb, buf, buflen));
135 CHECK(ssl_cipher_list_to_bytes(s, *ciphers, &cbb));
136 CHECK(CBB_finish(&cbb, NULL, &outlen));
137
138 CHECK_GOTO(outlen > 0 && outlen == buflen - 2);
139 CHECK_GOTO(memcmp(buf, cipher_bytes, sizeof(cipher_bytes)) == 0);
140 CHECK_GOTO(buf[buflen - 2] == 0xfe && buf[buflen - 1] == 0xab);
141
142 ret = 1;
143
144err:
145 free(buf);
146 return ret;
147}
148
149static int
150ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
151{
152 uint8_t empty_cipher_bytes[] = {0};
153 CBS cbs;
154
155 sk_SSL_CIPHER_free(*ciphers);
156
157 /* Invalid length: CipherSuite is 2 bytes so it must be even */
158 CBS_init(&cbs, cipher_bytes, sizeof(cipher_bytes) - 1);
159 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
160 CHECK(*ciphers == NULL);
161
162 /* Invalid length: cipher_suites must be at least 2 */
163 CBS_init(&cbs, empty_cipher_bytes, sizeof(empty_cipher_bytes));
164 *ciphers = ssl_bytes_to_cipher_list(s, &cbs);
165 CHECK(*ciphers == NULL);
166
167 return 1;
168}
169
170int
171main(void)
172{
173 STACK_OF(SSL_CIPHER) *ciphers = NULL;
174 SSL_CTX *ctx = NULL;
175 SSL *s = NULL;
176 int rv = 1;
177
178 SSL_library_init();
179
180 /* Use TLSv1.2 client to get all ciphers. */
181 CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
182 CHECK_GOTO((s = SSL_new(ctx)) != NULL);
183
184 if (!ssl_bytes_to_list_alloc(s, &ciphers))
185 goto err;
186 if (!ssl_list_to_bytes_scsv(s, &ciphers))
187 goto err;
188 if (!ssl_list_to_bytes_no_scsv(s, &ciphers))
189 goto err;
190 if (!ssl_bytes_to_list_invalid(s, &ciphers))
191 goto err;
192
193 rv = 0;
194
195err:
196 sk_SSL_CIPHER_free(ciphers);
197 SSL_CTX_free(ctx);
198 SSL_free(s);
199
200 if (!rv)
201 printf("PASS %s\n", __FILE__);
202
203 return rv;
204}
diff --git a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
deleted file mode 100644
index 212ea99f30..0000000000
--- a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
+++ /dev/null
@@ -1,482 +0,0 @@
1/* $OpenBSD: ssl_get_shared_ciphers.c,v 1.10 2021/05/04 18:20:05 tb Exp $ */
2/*
3 * Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdint.h>
19#include <stdio.h>
20#include <stdlib.h>
21#include <string.h>
22
23#include <openssl/bio.h>
24#include <openssl/crypto.h>
25#include <openssl/err.h>
26#include <openssl/ssl.h>
27
28struct peer_config {
29 const char *name;
30 int server;
31 uint16_t max_version;
32 uint16_t min_version;
33 const char *ciphers;
34};
35
36struct ssl_shared_ciphers_test_data {
37 const char *description;
38 struct peer_config client_config;
39 struct peer_config server_config;
40 const char *shared_ciphers;
41 const char *shared_ciphers_without_aesni;
42};
43
44char *server_cert;
45char *server_key;
46
47static const struct ssl_shared_ciphers_test_data ssl_shared_ciphers_tests[] = {
48 {
49 .description = "TLSv1.3 defaults",
50 .client_config = {
51 .name = "client",
52 .server = 0,
53 .max_version = TLS1_3_VERSION,
54 .min_version = TLS1_3_VERSION,
55 .ciphers =
56 "AEAD-AES256-GCM-SHA384:"
57 "AEAD-CHACHA20-POLY1305-SHA256:"
58 "AEAD-AES128-GCM-SHA256",
59 },
60 .server_config = {
61 .name = "server",
62 .server = 1,
63 .max_version = TLS1_3_VERSION,
64 .min_version = TLS1_3_VERSION,
65 .ciphers =
66 "AEAD-AES256-GCM-SHA384:"
67 "AEAD-CHACHA20-POLY1305-SHA256:"
68 "AEAD-AES128-GCM-SHA256",
69 },
70 .shared_ciphers =
71 "AEAD-AES256-GCM-SHA384:"
72 "AEAD-CHACHA20-POLY1305-SHA256:"
73 "AEAD-AES128-GCM-SHA256",
74 },
75
76 {
77 .description = "TLSv1.3, client without ChaCha",
78 .client_config = {
79 .name = "client",
80 .server = 0,
81 .max_version = TLS1_3_VERSION,
82 .min_version = TLS1_3_VERSION,
83 .ciphers =
84 "AEAD-AES256-GCM-SHA384:"
85 "AEAD-AES128-GCM-SHA256",
86 },
87 .server_config = {
88 .name = "server",
89 .server = 1,
90 .max_version = TLS1_3_VERSION,
91 .min_version = TLS1_3_VERSION,
92 .ciphers =
93 "AEAD-AES256-GCM-SHA384:"
94 "AEAD-CHACHA20-POLY1305-SHA256:"
95 "AEAD-AES128-GCM-SHA256",
96 },
97 .shared_ciphers =
98 "AEAD-AES256-GCM-SHA384:"
99 "AEAD-AES128-GCM-SHA256",
100 },
101
102 {
103 .description = "TLSv1.2",
104 .client_config = {
105 .name = "client",
106 .server = 0,
107 .max_version = TLS1_2_VERSION,
108 .min_version = TLS1_2_VERSION,
109 .ciphers =
110 "ECDHE-RSA-AES256-GCM-SHA384:"
111 "ECDHE-ECDSA-AES256-GCM-SHA384:"
112 "ECDHE-RSA-AES256-SHA384:"
113 "ECDHE-ECDSA-AES256-SHA384:"
114 "ECDHE-RSA-AES256-SHA:"
115 "ECDHE-ECDSA-AES256-SHA",
116 },
117 .server_config = {
118 .name = "server",
119 .server = 1,
120 .max_version = TLS1_2_VERSION,
121 .min_version = TLS1_2_VERSION,
122 .ciphers =
123 "ECDHE-RSA-AES256-GCM-SHA384:"
124 "ECDHE-ECDSA-AES256-GCM-SHA384:"
125 "ECDHE-RSA-AES256-SHA384:"
126 "ECDHE-ECDSA-AES256-SHA384:"
127 "ECDHE-RSA-AES256-SHA:"
128 "ECDHE-ECDSA-AES256-SHA",
129 },
130 .shared_ciphers =
131 "ECDHE-RSA-AES256-GCM-SHA384:"
132 "ECDHE-ECDSA-AES256-GCM-SHA384:"
133 "ECDHE-RSA-AES256-SHA384:"
134 "ECDHE-ECDSA-AES256-SHA384:"
135 "ECDHE-RSA-AES256-SHA:"
136 "ECDHE-ECDSA-AES256-SHA",
137 },
138
139 {
140 .description = "TLSv1.2, server without ECDSA",
141 .client_config = {
142 .name = "client",
143 .server = 0,
144 .max_version = TLS1_2_VERSION,
145 .min_version = TLS1_2_VERSION,
146 .ciphers =
147 "ECDHE-RSA-AES256-GCM-SHA384:"
148 "ECDHE-ECDSA-AES256-GCM-SHA384:"
149 "ECDHE-RSA-AES256-SHA384:"
150 "ECDHE-ECDSA-AES256-SHA384:"
151 "ECDHE-RSA-AES256-SHA:"
152 "ECDHE-ECDSA-AES256-SHA",
153 },
154 .server_config = {
155 .name = "server",
156 .server = 1,
157 .max_version = TLS1_2_VERSION,
158 .min_version = TLS1_2_VERSION,
159 .ciphers =
160 "ECDHE-RSA-AES256-GCM-SHA384:"
161 "ECDHE-RSA-AES256-SHA384:"
162 "ECDHE-RSA-AES256-SHA",
163 },
164 .shared_ciphers =
165 "ECDHE-RSA-AES256-GCM-SHA384:"
166 "ECDHE-RSA-AES256-SHA384:"
167 "ECDHE-RSA-AES256-SHA",
168 },
169
170 {
171 .description = "TLSv1.3 ciphers are prepended",
172 .client_config = {
173 .name = "client",
174 .server = 0,
175 .max_version = TLS1_3_VERSION,
176 .min_version = TLS1_2_VERSION,
177 .ciphers =
178 "ECDHE-RSA-AES256-GCM-SHA384",
179 },
180 .server_config = {
181 .name = "server",
182 .server = 1,
183 .max_version = TLS1_3_VERSION,
184 .min_version = TLS1_2_VERSION,
185 .ciphers =
186 "ECDHE-RSA-AES256-GCM-SHA384",
187 },
188 .shared_ciphers =
189 "AEAD-AES256-GCM-SHA384:"
190 "AEAD-CHACHA20-POLY1305-SHA256:"
191 "AEAD-AES128-GCM-SHA256:"
192 "ECDHE-RSA-AES256-GCM-SHA384",
193 .shared_ciphers_without_aesni =
194 "AEAD-CHACHA20-POLY1305-SHA256:"
195 "AEAD-AES256-GCM-SHA384:"
196 "AEAD-AES128-GCM-SHA256:"
197 "ECDHE-RSA-AES256-GCM-SHA384",
198 },
199};
200
201static const size_t N_SHARED_CIPHERS_TESTS =
202 sizeof(ssl_shared_ciphers_tests) / sizeof(ssl_shared_ciphers_tests[0]);
203
204static SSL_CTX *
205peer_config_to_ssl_ctx(const struct peer_config *config)
206{
207 SSL_CTX *ctx;
208
209 if ((ctx = SSL_CTX_new(TLS_method())) == NULL) {
210 fprintf(stderr, "SSL_CTX_new(%s) failed\n", config->name);
211 goto err;
212 }
213 if (!SSL_CTX_set_max_proto_version(ctx, config->max_version)) {
214 fprintf(stderr, "max_proto_version(%s) failed\n", config->name);
215 goto err;
216 }
217 if (!SSL_CTX_set_min_proto_version(ctx, config->min_version)) {
218 fprintf(stderr, "min_proto_version(%s) failed\n", config->name);
219 goto err;
220 }
221 if (!SSL_CTX_set_cipher_list(ctx, config->ciphers)) {
222 fprintf(stderr, "set_cipher_list(%s) failed\n", config->name);
223 goto err;
224 }
225
226 if (config->server) {
227 if (!SSL_CTX_use_certificate_file(ctx, server_cert,
228 SSL_FILETYPE_PEM)) {
229 fprintf(stderr, "use_certificate_file(%s) failed\n",
230 config->name);
231 goto err;
232 }
233 if (!SSL_CTX_use_PrivateKey_file(ctx, server_key,
234 SSL_FILETYPE_PEM)) {
235 fprintf(stderr, "use_PrivateKey_file(%s) failed\n",
236 config->name);
237 goto err;
238 }
239 }
240
241 return ctx;
242
243 err:
244 SSL_CTX_free(ctx);
245 return NULL;
246}
247
248/* Connect client and server via a pair of "nonblocking" memory BIOs. */
249static int
250connect_peers(SSL *client_ssl, SSL *server_ssl, const char *description)
251{
252 BIO *client_wbio = NULL, *server_wbio = NULL;
253 int ret = 0;
254
255 if ((client_wbio = BIO_new(BIO_s_mem())) == NULL) {
256 fprintf(stderr, "%s: failed to create client BIO\n",
257 description);
258 goto err;
259 }
260 if ((server_wbio = BIO_new(BIO_s_mem())) == NULL) {
261 fprintf(stderr, "%s: failed to create server BIO\n",
262 description);
263 goto err;
264 }
265 if (BIO_set_mem_eof_return(client_wbio, -1) <= 0) {
266 fprintf(stderr, "%s: failed to set client eof return\n",
267 description);
268 goto err;
269 }
270 if (BIO_set_mem_eof_return(server_wbio, -1) <= 0) {
271 fprintf(stderr, "%s: failed to set server eof return\n",
272 description);
273 goto err;
274 }
275
276 /* Avoid double free. SSL_set_bio() takes ownership of the BIOs. */
277 BIO_up_ref(client_wbio);
278 BIO_up_ref(server_wbio);
279
280 SSL_set_bio(client_ssl, server_wbio, client_wbio);
281 SSL_set_bio(server_ssl, client_wbio, server_wbio);
282 client_wbio = NULL;
283 server_wbio = NULL;
284
285 ret = 1;
286
287 err:
288 BIO_free(client_wbio);
289 BIO_free(server_wbio);
290
291 return ret;
292}
293
294static int
295push_data_to_peer(SSL *ssl, int *ret, int (*func)(SSL *), const char *func_name,
296 const char *description)
297{
298 int ssl_err = 0;
299
300 if (*ret == 1)
301 return 1;
302
303 /*
304 * Do SSL_connect/SSL_accept/SSL_shutdown once and loop while hitting
305 * WANT_WRITE. If done or on WANT_READ hand off to peer.
306 */
307
308 do {
309 if ((*ret = func(ssl)) <= 0)
310 ssl_err = SSL_get_error(ssl, *ret);
311 } while (*ret <= 0 && ssl_err == SSL_ERROR_WANT_WRITE);
312
313 /* Ignore erroneous error - see SSL_shutdown(3)... */
314 if (func == SSL_shutdown && ssl_err == SSL_ERROR_SYSCALL)
315 return 1;
316
317 if (*ret <= 0 && ssl_err != SSL_ERROR_WANT_READ) {
318 fprintf(stderr, "%s: %s failed\n", description, func_name);
319 ERR_print_errors_fp(stderr);
320 return 0;
321 }
322
323 return 1;
324}
325
326/*
327 * Alternate between loops of SSL_connect() and SSL_accept() as long as only
328 * WANT_READ and WANT_WRITE situations are encountered. A function is repeated
329 * until WANT_READ is returned or it succeeds, then it's the other function's
330 * turn to make progress. Succeeds if SSL_connect() and SSL_accept() return 1.
331 */
332static int
333handshake(SSL *client_ssl, SSL *server_ssl, const char *description)
334{
335 int loops = 0, client_ret = 0, server_ret = 0;
336
337 while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
338 if (!push_data_to_peer(client_ssl, &client_ret, SSL_connect,
339 "SSL_connect", description))
340 return 0;
341
342 if (!push_data_to_peer(server_ssl, &server_ret, SSL_accept,
343 "SSL_accept", description))
344 return 0;
345 }
346
347 if (client_ret != 1 || server_ret != 1) {
348 fprintf(stderr, "%s: failed\n", __func__);
349 return 0;
350 }
351
352 return 1;
353}
354
355static int
356shutdown_peers(SSL *client_ssl, SSL *server_ssl, const char *description)
357{
358 int loops = 0, client_ret = 0, server_ret = 0;
359
360 while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
361 if (!push_data_to_peer(client_ssl, &client_ret, SSL_shutdown,
362 "client shutdown", description))
363 return 0;
364
365 if (!push_data_to_peer(server_ssl, &server_ret, SSL_shutdown,
366 "server shutdown", description))
367 return 0;
368 }
369
370 if (client_ret != 1 || server_ret != 1) {
371 fprintf(stderr, "%s: failed\n", __func__);
372 return 0;
373 }
374
375 return 1;
376}
377
378/* from ssl_ciph.c */
379static inline int
380ssl_aes_is_accelerated(void)
381{
382#if defined(__i386__) || defined(__x86_64__)
383 return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);
384#else
385 return (0);
386#endif
387}
388
389static int
390check_shared_ciphers(const struct ssl_shared_ciphers_test_data *test,
391 const char *got)
392{
393 const char *want = test->shared_ciphers;
394 int failed;
395
396 if (!ssl_aes_is_accelerated() &&
397 test->shared_ciphers_without_aesni != NULL)
398 want = test->shared_ciphers_without_aesni;
399
400 failed = strcmp(want, got);
401
402 if (failed)
403 fprintf(stderr, "%s: want \"%s\", got \"%s\"\n",
404 test->description, want, got);
405
406 return failed;
407}
408
409static int
410test_get_shared_ciphers(const struct ssl_shared_ciphers_test_data *test)
411{
412 SSL_CTX *client_ctx = NULL, *server_ctx = NULL;
413 SSL *client_ssl = NULL, *server_ssl = NULL;
414 char buf[4096];
415 int failed = 1;
416
417 if ((client_ctx = peer_config_to_ssl_ctx(&test->client_config)) == NULL)
418 goto err;
419 if ((server_ctx = peer_config_to_ssl_ctx(&test->server_config)) == NULL)
420 goto err;
421
422 if ((client_ssl = SSL_new(client_ctx)) == NULL) {
423 fprintf(stderr, "%s: failed to create client SSL\n",
424 test->description);
425 goto err;
426 }
427 if ((server_ssl = SSL_new(server_ctx)) == NULL) {
428 fprintf(stderr, "%s: failed to create server SSL\n",
429 test->description);
430 goto err;
431 }
432
433 if (!connect_peers(client_ssl, server_ssl, test->description))
434 goto err;
435
436 if (!handshake(client_ssl, server_ssl, test->description))
437 goto err;
438
439 if (SSL_get_shared_ciphers(server_ssl, buf, sizeof(buf)) == NULL) {
440 fprintf(stderr, "%s: failed to get shared ciphers\n",
441 test->description);
442 goto err;
443 }
444
445 if (!shutdown_peers(client_ssl, server_ssl, test->description))
446 goto err;
447
448 failed = check_shared_ciphers(test, buf);
449
450 err:
451 SSL_CTX_free(client_ctx);
452 SSL_CTX_free(server_ctx);
453 SSL_free(client_ssl);
454 SSL_free(server_ssl);
455
456 return failed;
457}
458
459int
460main(int argc, char **argv)
461{
462 size_t i;
463 int failed = 0;
464
465 if (asprintf(&server_cert, "%s/server.pem", CERTSDIR) == -1) {
466 fprintf(stderr, "asprintf server_cert failed\n");
467 failed = 1;
468 goto err;
469 }
470 server_key = server_cert;
471
472 for (i = 0; i < N_SHARED_CIPHERS_TESTS; i++)
473 failed |= test_get_shared_ciphers(&ssl_shared_ciphers_tests[i]);
474
475 if (failed == 0)
476 printf("PASS %s\n", __FILE__);
477
478 err:
479 free(server_cert);
480
481 return failed;
482}
diff --git a/src/regress/lib/libssl/unit/ssl_methods.c b/src/regress/lib/libssl/unit/ssl_methods.c
deleted file mode 100644
index 0fc33a406c..0000000000
--- a/src/regress/lib/libssl/unit/ssl_methods.c
+++ /dev/null
@@ -1,267 +0,0 @@
1/* $OpenBSD: ssl_methods.c,v 1.4 2021/04/04 20:21:43 tb Exp $ */
2/*
3 * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdio.h>
19
20#include <openssl/ssl.h>
21
22struct ssl_method_test_data {
23 const SSL_METHOD *(*method)(void);
24 const char *name;
25 int server;
26 int dtls;
27};
28
29struct ssl_method_test_data ssl_method_tests[] = {
30 {
31 .method = SSLv23_method,
32 .name = "SSLv23_method",
33 .server = 1,
34 .dtls = 0,
35 },
36 {
37 .method = SSLv23_server_method,
38 .name = "SSLv23_server_method",
39 .server = 1,
40 .dtls = 0,
41 },
42 {
43 .method = SSLv23_client_method,
44 .name = "SSLv23_client_method",
45 .server = 0,
46 .dtls = 0,
47 },
48
49 {
50 .method = TLSv1_method,
51 .name = "TLSv1_method",
52 .server = 1,
53 .dtls = 0,
54 },
55 {
56 .method = TLSv1_server_method,
57 .name = "TLSv1_server_method",
58 .server = 1,
59 .dtls = 0,
60 },
61 {
62 .method = TLSv1_client_method,
63 .name = "TLSv1_client_method",
64 .server = 0,
65 .dtls = 0,
66 },
67
68 {
69 .method = TLSv1_1_method,
70 .name = "TLSv1_1_method",
71 .server = 1,
72 .dtls = 0,
73 },
74 {
75 .method = TLSv1_1_server_method,
76 .name = "TLSv1_1_server_method",
77 .server = 1,
78 .dtls = 0,
79 },
80 {
81 .method = TLSv1_1_client_method,
82 .name = "TLSv1_1_client_method",
83 .server = 0,
84 .dtls = 0,
85 },
86
87 {
88 .method = TLSv1_2_method,
89 .name = "TLSv1_2_method",
90 .server = 1,
91 .dtls = 0,
92 },
93 {
94 .method = TLSv1_2_server_method,
95 .name = "TLSv1_2_server_method",
96 .server = 1,
97 .dtls = 0,
98 },
99 {
100 .method = TLSv1_2_client_method,
101 .name = "TLSv1_2_client_method",
102 .server = 0,
103 .dtls = 0,
104 },
105
106 {
107 .method = TLS_method,
108 .name = "TLS_method",
109 .server = 1,
110 .dtls = 0,
111 },
112 {
113 .method = TLS_server_method,
114 .name = "TLS_server_method",
115 .server = 1,
116 .dtls = 0,
117 },
118 {
119 .method = TLS_client_method,
120 .name = "TLS_client_method",
121 .server = 0,
122 .dtls = 0,
123 },
124
125 {
126 .method = DTLSv1_method,
127 .name = "DTLSv1_method",
128 .server = 1,
129 .dtls = 1,
130 },
131 {
132 .method = DTLSv1_server_method,
133 .name = "DTLSv1_server_method",
134 .server = 1,
135 .dtls = 1,
136 },
137 {
138 .method = DTLSv1_client_method,
139 .name = "DTLSv1_client_method",
140 .server = 0,
141 .dtls = 1,
142 },
143
144 {
145 .method = DTLSv1_2_method,
146 .name = "DTLSv1_2_method",
147 .server = 1,
148 .dtls = 1,
149 },
150 {
151 .method = DTLSv1_2_server_method,
152 .name = "DTLSv1_2_server_method",
153 .server = 1,
154 .dtls = 1,
155 },
156 {
157 .method = DTLSv1_2_client_method,
158 .name = "DTLSv1_2_client_method",
159 .server = 0,
160 .dtls = 1,
161 },
162
163 {
164 .method = DTLS_method,
165 .name = "DTLS_method",
166 .server = 1,
167 .dtls = 1,
168 },
169 {
170 .method = DTLS_server_method,
171 .name = "DTLS_server_method",
172 .server = 1,
173 .dtls = 1,
174 },
175 {
176 .method = DTLS_client_method,
177 .name = "DTLS_client_method",
178 .server = 0,
179 .dtls = 1,
180 },
181};
182
183#define N_METHOD_TESTS (sizeof(ssl_method_tests) / sizeof(ssl_method_tests[0]))
184
185int test_client_or_server_method(struct ssl_method_test_data *);
186int test_dtls_method(struct ssl_method_test_data *);
187
188int
189test_client_or_server_method(struct ssl_method_test_data *testcase)
190{
191 SSL_CTX *ssl_ctx;
192 SSL *ssl = NULL;
193 int failed = 1;
194
195 if ((ssl_ctx = SSL_CTX_new(testcase->method())) == NULL) {
196 fprintf(stderr, "SSL_CTX_new returned NULL\n");
197 goto err;
198 }
199
200 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
201 fprintf(stderr, "SSL_new returned NULL\n");
202 goto err;
203 }
204
205 if (SSL_is_server(ssl) != testcase->server) {
206 fprintf(stderr, "%s: SSL_is_server: want %d, got %d\n",
207 testcase->name, testcase->server, SSL_is_server(ssl));
208 goto err;
209 }
210
211 failed = 0;
212
213 err:
214 SSL_free(ssl);
215 SSL_CTX_free(ssl_ctx);
216
217 return failed;
218}
219
220int
221test_dtls_method(struct ssl_method_test_data *testcase)
222{
223 SSL_CTX *ssl_ctx;
224 SSL *ssl = NULL;
225 int failed = 1;
226
227 if ((ssl_ctx = SSL_CTX_new(testcase->method())) == NULL) {
228 fprintf(stderr, "SSL_CTX_new returned NULL\n");
229 goto err;
230 }
231
232 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
233 fprintf(stderr, "SSL_new returned NULL\n");
234 goto err;
235 }
236
237 if (SSL_is_dtls(ssl) != testcase->dtls) {
238 fprintf(stderr, "%s: SSL_is_dtls: want %d, got %d\n",
239 testcase->name, testcase->dtls, SSL_is_dtls(ssl));
240 goto err;
241 }
242
243 failed = 0;
244
245 err:
246 SSL_free(ssl);
247 SSL_CTX_free(ssl_ctx);
248
249 return failed;
250}
251
252int
253main(int argc, char **argv)
254{
255 size_t i;
256 int failed = 0;
257
258 for (i = 0; i < N_METHOD_TESTS; i++) {
259 failed |= test_client_or_server_method(&ssl_method_tests[i]);
260 failed |= test_dtls_method(&ssl_method_tests[i]);
261 }
262
263 if (failed == 0)
264 printf("PASS %s\n", __FILE__);
265
266 return failed;
267}
diff --git a/src/regress/lib/libssl/unit/ssl_versions.c b/src/regress/lib/libssl/unit/ssl_versions.c
deleted file mode 100644
index 2ca72157ab..0000000000
--- a/src/regress/lib/libssl/unit/ssl_versions.c
+++ /dev/null
@@ -1,910 +0,0 @@
1/* $OpenBSD: ssl_versions.c,v 1.15 2021/06/27 16:54:55 jsing Exp $ */
2/*
3 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <openssl/ssl.h>
19
20#include "ssl_locl.h"
21
22struct version_range_test {
23 const long options;
24 const uint16_t minver;
25 const uint16_t maxver;
26 const uint16_t want_minver;
27 const uint16_t want_maxver;
28};
29
30static struct version_range_test version_range_tests[] = {
31 {
32 .options = 0,
33 .minver = TLS1_VERSION,
34 .maxver = TLS1_3_VERSION,
35 .want_minver = TLS1_VERSION,
36 .want_maxver = TLS1_3_VERSION,
37 },
38 {
39 .options = 0,
40 .minver = TLS1_VERSION,
41 .maxver = TLS1_2_VERSION,
42 .want_minver = TLS1_VERSION,
43 .want_maxver = TLS1_2_VERSION,
44 },
45 {
46 .options = SSL_OP_NO_TLSv1,
47 .minver = TLS1_VERSION,
48 .maxver = TLS1_2_VERSION,
49 .want_minver = TLS1_1_VERSION,
50 .want_maxver = TLS1_2_VERSION,
51 },
52 {
53 .options = SSL_OP_NO_TLSv1_3,
54 .minver = TLS1_VERSION,
55 .maxver = TLS1_3_VERSION,
56 .want_minver = TLS1_VERSION,
57 .want_maxver = TLS1_2_VERSION,
58 },
59 {
60 .options = SSL_OP_NO_TLSv1_2,
61 .minver = TLS1_VERSION,
62 .maxver = TLS1_2_VERSION,
63 .want_minver = TLS1_VERSION,
64 .want_maxver = TLS1_1_VERSION,
65 },
66 {
67 .options = SSL_OP_NO_TLSv1_1,
68 .minver = TLS1_VERSION,
69 .maxver = TLS1_2_VERSION,
70 .want_minver = TLS1_VERSION,
71 .want_maxver = TLS1_VERSION,
72 },
73 {
74 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
75 .minver = TLS1_VERSION,
76 .maxver = TLS1_2_VERSION,
77 .want_minver = TLS1_2_VERSION,
78 .want_maxver = TLS1_2_VERSION,
79 },
80 {
81 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
82 .minver = TLS1_VERSION,
83 .maxver = TLS1_2_VERSION,
84 .want_minver = TLS1_VERSION,
85 .want_maxver = TLS1_VERSION,
86 },
87 {
88 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
89 .minver = TLS1_VERSION,
90 .maxver = TLS1_2_VERSION,
91 .want_minver = TLS1_1_VERSION,
92 .want_maxver = TLS1_1_VERSION,
93 },
94 {
95 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
96 SSL_OP_NO_TLSv1_2,
97 .minver = TLS1_VERSION,
98 .maxver = TLS1_2_VERSION,
99 .want_minver = 0,
100 .want_maxver = 0,
101 },
102 {
103 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
104 SSL_OP_NO_TLSv1_2,
105 .minver = TLS1_VERSION,
106 .maxver = TLS1_3_VERSION,
107 .want_minver = TLS1_3_VERSION,
108 .want_maxver = TLS1_3_VERSION,
109 },
110 {
111 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
112 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3,
113 .minver = TLS1_VERSION,
114 .maxver = TLS1_3_VERSION,
115 .want_minver = 0,
116 .want_maxver = 0,
117 },
118 {
119 .options = 0,
120 .minver = TLS1_VERSION,
121 .maxver = TLS1_2_VERSION,
122 .want_minver = TLS1_VERSION,
123 .want_maxver = TLS1_2_VERSION,
124 },
125 {
126 .options = 0,
127 .minver = TLS1_1_VERSION,
128 .maxver = TLS1_2_VERSION,
129 .want_minver = TLS1_1_VERSION,
130 .want_maxver = TLS1_2_VERSION,
131 },
132 {
133 .options = 0,
134 .minver = TLS1_2_VERSION,
135 .maxver = TLS1_2_VERSION,
136 .want_minver = TLS1_2_VERSION,
137 .want_maxver = TLS1_2_VERSION,
138 },
139 {
140 .options = 0,
141 .minver = TLS1_VERSION,
142 .maxver = TLS1_3_VERSION,
143 .want_minver = TLS1_VERSION,
144 .want_maxver = TLS1_3_VERSION,
145 },
146 {
147 .options = 0,
148 .minver = TLS1_1_VERSION,
149 .maxver = TLS1_3_VERSION,
150 .want_minver = TLS1_1_VERSION,
151 .want_maxver = TLS1_3_VERSION,
152 },
153 {
154 .options = 0,
155 .minver = TLS1_2_VERSION,
156 .maxver = TLS1_3_VERSION,
157 .want_minver = TLS1_2_VERSION,
158 .want_maxver = TLS1_3_VERSION,
159 },
160 {
161 .options = 0,
162 .minver = TLS1_3_VERSION,
163 .maxver = TLS1_3_VERSION,
164 .want_minver = TLS1_3_VERSION,
165 .want_maxver = TLS1_3_VERSION,
166 },
167 {
168 .options = 0,
169 .minver = TLS1_VERSION,
170 .maxver = TLS1_1_VERSION,
171 .want_minver = TLS1_VERSION,
172 .want_maxver = TLS1_1_VERSION,
173 },
174 {
175 .options = 0,
176 .minver = TLS1_VERSION,
177 .maxver = TLS1_VERSION,
178 .want_minver = TLS1_VERSION,
179 .want_maxver = TLS1_VERSION,
180 },
181};
182
183#define N_VERSION_RANGE_TESTS \
184 (sizeof(version_range_tests) / sizeof(*version_range_tests))
185
186static int
187test_ssl_enabled_version_range(void)
188{
189 struct version_range_test *vrt;
190 uint16_t minver, maxver;
191 SSL_CTX *ssl_ctx = NULL;
192 SSL *ssl = NULL;
193 int failed = 1;
194 size_t i;
195
196 fprintf(stderr, "INFO: starting enabled version range tests...\n");
197
198 if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL) {
199 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
200 goto failure;
201 }
202 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
203 fprintf(stderr, "SSL_new() returned NULL\n");
204 goto failure;
205 }
206
207 failed = 0;
208
209 for (i = 0; i < N_VERSION_RANGE_TESTS; i++) {
210 vrt = &version_range_tests[i];
211
212 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
213 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
214 SSL_set_options(ssl, vrt->options);
215
216 minver = maxver = 0xffff;
217 ssl->internal->min_tls_version = vrt->minver;
218 ssl->internal->max_tls_version = vrt->maxver;
219
220 if (ssl_enabled_tls_version_range(ssl, &minver, &maxver) != 1) {
221 if (vrt->want_minver != 0 || vrt->want_maxver != 0) {
222 fprintf(stderr, "FAIL: test %zu - failed but "
223 "wanted non-zero versions\n", i);
224 failed++;
225 }
226 continue;
227 }
228 if (minver != vrt->want_minver) {
229 fprintf(stderr, "FAIL: test %zu - got minver %x, "
230 "want %x\n", i, minver, vrt->want_minver);
231 failed++;
232 }
233 if (maxver != vrt->want_maxver) {
234 fprintf(stderr, "FAIL: test %zu - got maxver %x, "
235 "want %x\n", i, maxver, vrt->want_maxver);
236 failed++;
237 }
238 }
239
240 failure:
241 SSL_CTX_free(ssl_ctx);
242 SSL_free(ssl);
243
244 return (failed);
245}
246
247struct shared_version_test {
248 const SSL_METHOD *(*ssl_method)(void);
249 const long options;
250 const uint16_t minver;
251 const uint16_t maxver;
252 const uint16_t peerver;
253 const uint16_t want_maxver;
254};
255
256static struct shared_version_test shared_version_tests[] = {
257 {
258 .ssl_method = TLS_method,
259 .options = 0,
260 .minver = TLS1_VERSION,
261 .maxver = TLS1_2_VERSION,
262 .peerver = SSL2_VERSION,
263 .want_maxver = 0,
264 },
265 {
266 .ssl_method = TLS_method,
267 .options = 0,
268 .minver = TLS1_VERSION,
269 .maxver = TLS1_2_VERSION,
270 .peerver = SSL3_VERSION,
271 .want_maxver = 0,
272 },
273 {
274 .ssl_method = TLS_method,
275 .options = 0,
276 .minver = TLS1_VERSION,
277 .maxver = TLS1_2_VERSION,
278 .peerver = TLS1_VERSION,
279 .want_maxver = TLS1_VERSION,
280 },
281 {
282 .ssl_method = TLS_method,
283 .options = 0,
284 .minver = TLS1_VERSION,
285 .maxver = TLS1_2_VERSION,
286 .peerver = TLS1_1_VERSION,
287 .want_maxver = TLS1_1_VERSION,
288 },
289 {
290 .ssl_method = TLS_method,
291 .options = 0,
292 .minver = TLS1_VERSION,
293 .maxver = TLS1_2_VERSION,
294 .peerver = TLS1_2_VERSION,
295 .want_maxver = TLS1_2_VERSION,
296 },
297 {
298 .ssl_method = TLS_method,
299 .options = 0,
300 .minver = TLS1_VERSION,
301 .maxver = TLS1_2_VERSION,
302 .peerver = TLS1_3_VERSION,
303 .want_maxver = TLS1_2_VERSION,
304 },
305 {
306 .ssl_method = TLS_method,
307 .options = 0,
308 .minver = TLS1_VERSION,
309 .maxver = TLS1_2_VERSION,
310 .peerver = 0x7f12,
311 .want_maxver = TLS1_2_VERSION,
312 },
313 {
314 .ssl_method = TLS_method,
315 .options = SSL_OP_NO_TLSv1_2,
316 .minver = TLS1_VERSION,
317 .maxver = TLS1_2_VERSION,
318 .peerver = TLS1_2_VERSION,
319 .want_maxver = TLS1_1_VERSION,
320 },
321 {
322 .ssl_method = TLS_method,
323 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
324 .minver = TLS1_VERSION,
325 .maxver = TLS1_2_VERSION,
326 .peerver = TLS1_2_VERSION,
327 .want_maxver = TLS1_VERSION,
328 },
329 {
330 .ssl_method = TLS_method,
331 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
332 .minver = TLS1_VERSION,
333 .maxver = TLS1_2_VERSION,
334 .peerver = TLS1_2_VERSION,
335 .want_maxver = 0,
336 },
337 {
338 .ssl_method = TLS_method,
339 .options = SSL_OP_NO_TLSv1,
340 .minver = TLS1_VERSION,
341 .maxver = TLS1_2_VERSION,
342 .peerver = TLS1_1_VERSION,
343 .want_maxver = TLS1_1_VERSION,
344 },
345 {
346 .ssl_method = TLS_method,
347 .options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
348 .minver = TLS1_VERSION,
349 .maxver = TLS1_2_VERSION,
350 .peerver = TLS1_1_VERSION,
351 .want_maxver = 0,
352 },
353 {
354 .ssl_method = TLS_method,
355 .options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
356 .minver = TLS1_VERSION,
357 .maxver = TLS1_2_VERSION,
358 .peerver = TLS1_1_VERSION,
359 .want_maxver = TLS1_VERSION,
360 },
361 {
362 .ssl_method = TLS_method,
363 .options = SSL_OP_NO_TLSv1,
364 .minver = TLS1_VERSION,
365 .maxver = TLS1_2_VERSION,
366 .peerver = TLS1_VERSION,
367 .want_maxver = 0,
368 },
369 {
370 .ssl_method = TLS_method,
371 .options = 0,
372 .minver = TLS1_VERSION,
373 .maxver = TLS1_1_VERSION,
374 .peerver = TLS1_2_VERSION,
375 .want_maxver = TLS1_1_VERSION,
376 },
377 {
378 .ssl_method = TLS_method,
379 .options = 0,
380 .minver = TLS1_VERSION,
381 .maxver = TLS1_VERSION,
382 .peerver = TLS1_2_VERSION,
383 .want_maxver = TLS1_VERSION,
384 },
385 {
386 .ssl_method = TLSv1_method,
387 .options = 0,
388 .minver = TLS1_VERSION,
389 .maxver = TLS1_2_VERSION,
390 .peerver = TLS1_VERSION,
391 .want_maxver = TLS1_VERSION,
392 },
393 {
394 .ssl_method = TLSv1_method,
395 .options = 0,
396 .minver = TLS1_1_VERSION,
397 .maxver = TLS1_2_VERSION,
398 .peerver = TLS1_VERSION,
399 .want_maxver = 0,
400 },
401 {
402 .ssl_method = TLSv1_1_method,
403 .options = 0,
404 .minver = TLS1_VERSION,
405 .maxver = TLS1_2_VERSION,
406 .peerver = TLS1_1_VERSION,
407 .want_maxver = TLS1_1_VERSION,
408 },
409 {
410 .ssl_method = DTLS_method,
411 .options = 0,
412 .minver = TLS1_1_VERSION,
413 .maxver = TLS1_2_VERSION,
414 .peerver = DTLS1_VERSION,
415 .want_maxver = DTLS1_VERSION,
416 },
417 {
418 .ssl_method = DTLS_method,
419 .options = 0,
420 .minver = TLS1_1_VERSION,
421 .maxver = TLS1_2_VERSION,
422 .peerver = DTLS1_2_VERSION,
423 .want_maxver = DTLS1_2_VERSION,
424 },
425 {
426 .ssl_method = DTLS_method,
427 .options = 0,
428 .minver = TLS1_1_VERSION,
429 .maxver = TLS1_2_VERSION,
430 .peerver = 0xfefc, /* DTLSv1.3, probably. */
431 .want_maxver = DTLS1_2_VERSION,
432 },
433 {
434 .ssl_method = DTLSv1_method,
435 .options = 0,
436 .minver = TLS1_1_VERSION,
437 .maxver = TLS1_1_VERSION,
438 .peerver = DTLS1_2_VERSION,
439 .want_maxver = DTLS1_VERSION,
440 },
441 {
442 .ssl_method = DTLSv1_2_method,
443 .options = 0,
444 .minver = TLS1_2_VERSION,
445 .maxver = TLS1_2_VERSION,
446 .peerver = DTLS1_2_VERSION,
447 .want_maxver = DTLS1_2_VERSION,
448 },
449 {
450 .ssl_method = DTLSv1_method,
451 .options = 0,
452 .minver = TLS1_1_VERSION,
453 .maxver = TLS1_1_VERSION,
454 .peerver = TLS1_2_VERSION,
455 .want_maxver = 0,
456 },
457 {
458 .ssl_method = DTLS_method,
459 .options = SSL_OP_NO_DTLSv1,
460 .minver = TLS1_1_VERSION,
461 .maxver = TLS1_2_VERSION,
462 .peerver = DTLS1_VERSION,
463 .want_maxver = 0,
464 },
465 {
466 .ssl_method = DTLS_method,
467 .options = SSL_OP_NO_DTLSv1,
468 .minver = TLS1_1_VERSION,
469 .maxver = TLS1_2_VERSION,
470 .peerver = DTLS1_2_VERSION,
471 .want_maxver = DTLS1_2_VERSION,
472 },
473 {
474 .ssl_method = DTLS_method,
475 .options = SSL_OP_NO_DTLSv1_2,
476 .minver = TLS1_1_VERSION,
477 .maxver = TLS1_2_VERSION,
478 .peerver = DTLS1_2_VERSION,
479 .want_maxver = DTLS1_VERSION,
480 },
481};
482
483#define N_SHARED_VERSION_TESTS \
484 (sizeof(shared_version_tests) / sizeof(*shared_version_tests))
485
486static int
487test_ssl_max_shared_version(void)
488{
489 struct shared_version_test *svt;
490 SSL_CTX *ssl_ctx = NULL;
491 SSL *ssl = NULL;
492 uint16_t maxver;
493 int failed = 0;
494 size_t i;
495
496 failed = 0;
497
498 fprintf(stderr, "INFO: starting max shared version tests...\n");
499
500 for (i = 0; i < N_SHARED_VERSION_TESTS; i++) {
501 svt = &shared_version_tests[i];
502
503 if ((ssl_ctx = SSL_CTX_new(svt->ssl_method())) == NULL) {
504 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
505 return 1;
506 }
507 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
508 fprintf(stderr, "SSL_new() returned NULL\n");
509 return 1;
510 }
511
512 SSL_clear_options(ssl, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
513 SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3);
514 SSL_set_options(ssl, svt->options);
515
516 maxver = 0;
517 ssl->internal->min_tls_version = svt->minver;
518 ssl->internal->max_tls_version = svt->maxver;
519
520 if (!ssl_max_shared_version(ssl, svt->peerver, &maxver)) {
521 if (svt->want_maxver != 0) {
522 fprintf(stderr, "FAIL: test %zu - failed but "
523 "wanted non-zero shared version (peer %x)\n",
524 i, svt->peerver);
525 failed++;
526 }
527 continue;
528 }
529 if (maxver != svt->want_maxver) {
530 fprintf(stderr, "FAIL: test %zu - got shared "
531 "version %x, want %x\n", i, maxver,
532 svt->want_maxver);
533 failed++;
534 }
535
536 SSL_CTX_free(ssl_ctx);
537 SSL_free(ssl);
538 }
539
540 return (failed);
541}
542
543struct min_max_version_test {
544 const SSL_METHOD *(*ssl_method)(void);
545 const uint16_t minver;
546 const uint16_t maxver;
547 const uint16_t want_minver;
548 const uint16_t want_maxver;
549 const int want_min_fail;
550 const int want_max_fail;
551};
552
553static struct min_max_version_test min_max_version_tests[] = {
554 {
555 .ssl_method = TLS_method,
556 .minver = 0,
557 .maxver = 0,
558 .want_minver = 0,
559 .want_maxver = 0,
560 },
561 {
562 .ssl_method = TLS_method,
563 .minver = TLS1_VERSION,
564 .maxver = 0,
565 .want_minver = TLS1_VERSION,
566 .want_maxver = 0,
567 },
568 {
569 .ssl_method = TLS_method,
570 .minver = 0,
571 .maxver = TLS1_2_VERSION,
572 .want_minver = 0,
573 .want_maxver = TLS1_2_VERSION,
574 },
575 {
576 .ssl_method = TLS_method,
577 .minver = 0,
578 .maxver = TLS1_3_VERSION,
579 .want_minver = 0,
580 .want_maxver = TLS1_3_VERSION,
581 },
582 {
583 .ssl_method = TLS_method,
584 .minver = TLS1_VERSION,
585 .maxver = TLS1_2_VERSION,
586 .want_minver = TLS1_VERSION,
587 .want_maxver = TLS1_2_VERSION,
588 },
589 {
590 .ssl_method = TLS_method,
591 .minver = TLS1_1_VERSION,
592 .maxver = 0,
593 .want_minver = TLS1_1_VERSION,
594 .want_maxver = 0,
595 },
596 {
597 .ssl_method = TLS_method,
598 .minver = TLS1_2_VERSION,
599 .maxver = 0,
600 .want_minver = TLS1_2_VERSION,
601 .want_maxver = 0,
602 },
603 {
604 .ssl_method = TLS_method,
605 .minver = 0x0300,
606 .maxver = 0,
607 .want_minver = TLS1_VERSION,
608 .want_maxver = 0,
609 },
610 {
611 .ssl_method = TLS_method,
612 .minver = 0x0305,
613 .maxver = 0,
614 .want_min_fail = 1,
615 },
616 {
617 .ssl_method = TLS_method,
618 .minver = 0,
619 .maxver = 0x0305,
620 .want_minver = 0,
621 .want_maxver = TLS1_3_VERSION,
622 },
623 {
624 .ssl_method = TLS_method,
625 .minver = 0,
626 .maxver = TLS1_1_VERSION,
627 .want_minver = 0,
628 .want_maxver = TLS1_1_VERSION,
629 },
630 {
631 .ssl_method = TLS_method,
632 .minver = 0,
633 .maxver = TLS1_VERSION,
634 .want_minver = 0,
635 .want_maxver = TLS1_VERSION,
636 },
637 {
638 .ssl_method = TLS_method,
639 .minver = 0,
640 .maxver = 0x0300,
641 .want_max_fail = 1,
642 },
643 {
644 .ssl_method = TLS_method,
645 .minver = TLS1_2_VERSION,
646 .maxver = TLS1_1_VERSION,
647 .want_minver = TLS1_2_VERSION,
648 .want_maxver = 0,
649 .want_max_fail = 1,
650 },
651 {
652 .ssl_method = TLSv1_1_method,
653 .minver = 0,
654 .maxver = 0,
655 .want_minver = 0,
656 .want_maxver = 0,
657 },
658 {
659 .ssl_method = TLSv1_1_method,
660 .minver = TLS1_VERSION,
661 .maxver = TLS1_2_VERSION,
662 .want_minver = TLS1_1_VERSION,
663 .want_maxver = TLS1_1_VERSION,
664 },
665 {
666 .ssl_method = TLSv1_1_method,
667 .minver = TLS1_2_VERSION,
668 .maxver = 0,
669 .want_minver = 0,
670 .want_maxver = 0,
671 .want_min_fail = 1,
672 },
673 {
674 .ssl_method = TLSv1_1_method,
675 .minver = 0,
676 .maxver = TLS1_VERSION,
677 .want_minver = 0,
678 .want_maxver = 0,
679 .want_max_fail = 1,
680 },
681 {
682 .ssl_method = DTLS_method,
683 .minver = 0,
684 .maxver = 0,
685 .want_minver = 0,
686 .want_maxver = 0,
687 },
688 {
689 .ssl_method = DTLS_method,
690 .minver = 0,
691 .maxver = DTLS1_VERSION,
692 .want_minver = 0,
693 .want_maxver = DTLS1_VERSION,
694 },
695 {
696 .ssl_method = DTLS_method,
697 .minver = DTLS1_VERSION,
698 .maxver = 0,
699 .want_minver = DTLS1_VERSION,
700 .want_maxver = 0,
701 },
702 {
703 .ssl_method = DTLS_method,
704 .minver = DTLS1_VERSION,
705 .maxver = DTLS1_2_VERSION,
706 .want_minver = DTLS1_VERSION,
707 .want_maxver = DTLS1_2_VERSION,
708 },
709 {
710 .ssl_method = DTLSv1_method,
711 .minver = 0,
712 .maxver = 0,
713 .want_minver = 0,
714 .want_maxver = 0,
715 },
716 {
717 .ssl_method = DTLSv1_method,
718 .minver = DTLS1_VERSION,
719 .maxver = 0,
720 .want_minver = DTLS1_VERSION,
721 .want_maxver = 0,
722 },
723 {
724 .ssl_method = DTLSv1_method,
725 .minver = 0,
726 .maxver = DTLS1_VERSION,
727 .want_minver = 0,
728 .want_maxver = DTLS1_VERSION,
729 },
730 {
731 .ssl_method = DTLSv1_method,
732 .minver = 0,
733 .maxver = DTLS1_2_VERSION,
734 .want_minver = 0,
735 .want_maxver = DTLS1_VERSION,
736 },
737 {
738 .ssl_method = DTLSv1_method,
739 .minver = TLS1_VERSION,
740 .maxver = TLS1_2_VERSION,
741 .want_minver = 0,
742 .want_maxver = 0,
743 .want_min_fail = 1,
744 .want_max_fail = 1,
745 },
746};
747
748#define N_MIN_MAX_VERSION_TESTS \
749 (sizeof(min_max_version_tests) / sizeof(*min_max_version_tests))
750
751static int
752test_ssl_min_max_version(void)
753{
754 struct min_max_version_test *mmvt;
755 SSL_CTX *ssl_ctx = NULL;
756 SSL *ssl = NULL;
757 int failed = 0;
758 size_t i;
759
760 failed = 0;
761
762 fprintf(stderr, "INFO: starting min max version tests...\n");
763
764 for (i = 0; i < N_MIN_MAX_VERSION_TESTS; i++) {
765 mmvt = &min_max_version_tests[i];
766
767 if ((ssl_ctx = SSL_CTX_new(mmvt->ssl_method())) == NULL) {
768 fprintf(stderr, "SSL_CTX_new() returned NULL\n");
769 return 1;
770 }
771
772 if (!SSL_CTX_set_min_proto_version(ssl_ctx, mmvt->minver)) {
773 if (!mmvt->want_min_fail) {
774 fprintf(stderr, "FAIL: test %zu - failed to set "
775 "SSL_CTX min version\n", i);
776 failed++;
777 }
778 goto next;
779 }
780 if (!SSL_CTX_set_max_proto_version(ssl_ctx, mmvt->maxver)) {
781 if (!mmvt->want_max_fail) {
782 fprintf(stderr, "FAIL: test %zu - failed to set "
783 "SSL_CTX min version\n", i);
784 failed++;
785 }
786 goto next;
787 }
788
789 if (mmvt->want_min_fail) {
790 fprintf(stderr, "FAIL: test %zu - successfully set "
791 "SSL_CTX min version, should have failed\n", i);
792 failed++;
793 goto next;
794 }
795 if (mmvt->want_max_fail) {
796 fprintf(stderr, "FAIL: test %zu - successfully set "
797 "SSL_CTX max version, should have failed\n", i);
798 failed++;
799 goto next;
800 }
801
802 if (SSL_CTX_get_min_proto_version(ssl_ctx) != mmvt->want_minver) {
803 fprintf(stderr, "FAIL: test %zu - got SSL_CTX min "
804 "version 0x%x, want 0x%x\n", i,
805 SSL_CTX_get_min_proto_version(ssl_ctx), mmvt->want_minver);
806 failed++;
807 goto next;
808 }
809 if (SSL_CTX_get_max_proto_version(ssl_ctx) != mmvt->want_maxver) {
810 fprintf(stderr, "FAIL: test %zu - got SSL_CTX max "
811 "version 0x%x, want 0x%x\n", i,
812 SSL_CTX_get_max_proto_version(ssl_ctx), mmvt->want_maxver);
813 failed++;
814 goto next;
815 }
816
817 if ((ssl = SSL_new(ssl_ctx)) == NULL) {
818 fprintf(stderr, "SSL_new() returned NULL\n");
819 return 1;
820 }
821
822 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
823 fprintf(stderr, "FAIL: test %zu - initial SSL min "
824 "version 0x%x, want 0x%x\n", i,
825 SSL_get_min_proto_version(ssl), mmvt->want_minver);
826 failed++;
827 goto next;
828 }
829 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
830 fprintf(stderr, "FAIL: test %zu - initial SSL max "
831 "version 0x%x, want 0x%x\n", i,
832 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
833 failed++;
834 goto next;
835 }
836
837 if (!SSL_set_min_proto_version(ssl, mmvt->minver)) {
838 if (mmvt->want_min_fail) {
839 fprintf(stderr, "FAIL: test %zu - failed to set "
840 "SSL min version\n", i);
841 failed++;
842 }
843 goto next;
844 }
845 if (!SSL_set_max_proto_version(ssl, mmvt->maxver)) {
846 if (mmvt->want_max_fail) {
847 fprintf(stderr, "FAIL: test %zu - failed to set "
848 "SSL min version\n", i);
849 failed++;
850 }
851 goto next;
852 }
853
854 if (mmvt->want_min_fail) {
855 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
856 "min version, should have failed\n", i);
857 failed++;
858 goto next;
859 }
860 if (mmvt->want_max_fail) {
861 fprintf(stderr, "FAIL: test %zu - successfully set SSL "
862 "max version, should have failed\n", i);
863 failed++;
864 goto next;
865 }
866
867 if (SSL_get_min_proto_version(ssl) != mmvt->want_minver) {
868 fprintf(stderr, "FAIL: test %zu - got SSL min "
869 "version 0x%x, want 0x%x\n", i,
870 SSL_get_min_proto_version(ssl), mmvt->want_minver);
871 failed++;
872 goto next;
873 }
874 if (SSL_get_max_proto_version(ssl) != mmvt->want_maxver) {
875 fprintf(stderr, "FAIL: test %zu - got SSL max "
876 "version 0x%x, want 0x%x\n", i,
877 SSL_get_max_proto_version(ssl), mmvt->want_maxver);
878 failed++;
879 goto next;
880 }
881
882 next:
883 SSL_CTX_free(ssl_ctx);
884 SSL_free(ssl);
885
886 ssl_ctx = NULL;
887 ssl = NULL;
888 }
889
890 return (failed);
891}
892
893int
894main(int argc, char **argv)
895{
896 int failed = 0;
897
898 SSL_library_init();
899
900 /* XXX - Test ssl_supported_version_range() */
901
902 failed |= test_ssl_enabled_version_range();
903 failed |= test_ssl_max_shared_version();
904 failed |= test_ssl_min_max_version();
905
906 if (failed == 0)
907 printf("PASS %s\n", __FILE__);
908
909 return (failed);
910}
diff --git a/src/regress/lib/libssl/unit/tests.h b/src/regress/lib/libssl/unit/tests.h
deleted file mode 100644
index 287816946a..0000000000
--- a/src/regress/lib/libssl/unit/tests.h
+++ /dev/null
@@ -1,44 +0,0 @@
1/* $OpenBSD: tests.h,v 1.1 2015/06/27 23:35:52 doug Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef LIBRESSL_REGRESS_TESTS_H__
19#define LIBRESSL_REGRESS_TESTS_H__ 1
20
21/* Ugly macros that are useful for regression tests. */
22
23#define SKIP(a) do { \
24 printf("Skipping test in %s [%s:%d]\n", __func__, __FILE__, \
25 __LINE__); \
26} while (0)
27
28#define CHECK(a) do { \
29 if (!(a)) { \
30 printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
31 __LINE__); \
32 return 0; \
33 } \
34} while (0)
35
36#define CHECK_GOTO(a) do { \
37 if (!(a)) { \
38 printf("Error in %s [%s:%d]\n", __func__, __FILE__, \
39 __LINE__); \
40 goto err; \
41 } \
42} while (0)
43
44#endif /* LIBRESSL_REGRESS_TESTS_H__ */
diff --git a/src/regress/lib/libssl/unit/tls_ext_alpn.c b/src/regress/lib/libssl/unit/tls_ext_alpn.c
deleted file mode 100644
index 378929aa5b..0000000000
--- a/src/regress/lib/libssl/unit/tls_ext_alpn.c
+++ /dev/null
@@ -1,442 +0,0 @@
1/* $OpenBSD: tls_ext_alpn.c,v 1.7 2020/07/03 04:14:10 tb Exp $ */
2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/*
19 * Test TLS extension Application-Layer Protocol Negotiation (RFC 7301).
20 */
21#include <stdio.h>
22#include <openssl/ssl.h>
23
24#include "ssl_locl.h"
25#include "ssl_tlsext.h"
26
27#include "tests.h"
28
29/*
30 * In the ProtocolNameList, ProtocolNames must not include empty strings and
31 * byte strings must not be truncated.
32 *
33 * This uses some of the IANA approved protocol names from:
34 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
35 */
36
37/* Valid for client and server since it only has one name. */
38static uint8_t proto_single[] = {
39 /* Extension extensions<0..2^16-1> -- All TLS extensions */
40 0x00, 0x0f, /* len */
41 /* ExtensionType extension_type */
42 0x00, 0x10, /* ALPN */
43 /* opaque extension_data<0..2^16-1> */
44 0x00, 0x0b, /* len */
45 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
46 0x00, 0x09, /* len of all names */
47 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
48 0x08, /* len */
49 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
50};
51
52/* Valid for client, but NOT server. Server must have exactly one name. */
53static uint8_t proto_multiple1[] = {
54 /* Extension extensions<0..2^16-1> -- All TLS extensions */
55 0x00, 0x19, /* len */
56 /* ExtensionType extension_type */
57 0x00, 0x10, /* ALPN */
58 /* opaque extension_data<0..2^16-1> */
59 0x00, 0x15, /* len */
60 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
61 0x00, 0x13, /* len of all names */
62 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
63 0x08, /* len */
64 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
65 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
66 0x09, /* len */
67 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
68};
69
70/* Valid for client, but NOT server. Server must have exactly one name. */
71static uint8_t proto_multiple2[] = {
72 /* Extension extensions<0..2^16-1> -- All TLS extensions */
73 0x00, 0x1c, /* len */
74 /* ExtensionType extension_type */
75 0x00, 0x10, /* ALPN */
76 /* opaque extension_data<0..2^16-1> */
77 0x00, 0x18, /* len */
78 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
79 0x00, 0x16, /* len of all names */
80 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
81 0x08, /* len */
82 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
83 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
84 0x02, /* len */
85 0x68, 0x32,
86 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
87 0x09, /* len */
88 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
89};
90
91/* Valid for client, but NOT server. Server must have exactly one name. */
92static uint8_t proto_multiple3[] = {
93 /* Extension extensions<0..2^16-1> -- All TLS extensions */
94 0x00, 0x20, /* len */
95 /* ExtensionType extension_type */
96 0x00, 0x10, /* ALPN */
97 /* opaque extension_data<0..2^16-1> */
98 0x00, 0x1c, /* len */
99 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
100 0x00, 0x1a, /* len of all names */
101 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
102 0x08, /* len */
103 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
104 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
105 0x02, /* len */
106 0x68, 0x32,
107 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
108 0x09, /* len */
109 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e,
110 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
111 0x03, /* len */
112 0x68, 0x32, 0x63
113};
114
115static uint8_t proto_empty[] = {
116 /* Extension extensions<0..2^16-1> -- All TLS extensions. */
117 0x00, 0x00, /* none present. */
118};
119
120/* Invalid for both client and server. Length is wrong. */
121static uint8_t proto_invalid_len1[] = {
122 /* Extension extensions<0..2^16-1> -- All TLS extensions */
123 0x00, 0x0a, /* len */
124 /* ExtensionType extension_type */
125 0x00, 0x10, /* ALPN */
126 /* opaque extension_data<0..2^16-1> */
127 0x00, 0x06, /* len */
128 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
129 0x00, 0x04, /* len of all names */
130 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
131 0x04, /* XXX len too large */
132 0x68, 0x32, 0x63
133};
134static uint8_t proto_invalid_len2[] = {
135 /* Extension extensions<0..2^16-1> -- All TLS extensions */
136 0x00, 0x0a, /* len */
137 /* ExtensionType extension_type */
138 0x00, 0x10, /* ALPN */
139 /* opaque extension_data<0..2^16-1> */
140 0x00, 0x06, /* len */
141 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
142 0x00, 0x04, /* len of all names */
143 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
144 0x02, /* XXX len too small */
145 0x68, 0x32, 0x63
146};
147static uint8_t proto_invalid_len3[] = {
148 /* Extension extensions<0..2^16-1> -- All TLS extensions */
149 0x00, 0x0a, /* len */
150 /* ExtensionType extension_type */
151 0x00, 0x10, /* ALPN */
152 /* opaque extension_data<0..2^16-1> */
153 0x00, 0x06, /* len */
154 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
155 0x00, 0x03, /* XXX len too small */
156 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
157 0x03, /* len */
158 0x68, 0x32, 0x63
159};
160static uint8_t proto_invalid_len4[] = {
161 /* Extension extensions<0..2^16-1> -- All TLS extensions */
162 0x00, 0x0a, /* len */
163 /* ExtensionType extension_type */
164 0x00, 0x10, /* ALPN */
165 /* opaque extension_data<0..2^16-1> */
166 0x00, 0x06, /* len */
167 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
168 0x00, 0x06, /* XXX len too large */
169 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
170 0x03, /* len */
171 0x68, 0x32, 0x63
172};
173static uint8_t proto_invalid_len5[] = {
174 /* Extension extensions<0..2^16-1> -- All TLS extensions */
175 0x00, 0x0a, /* len */
176 /* ExtensionType extension_type */
177 0x00, 0x10, /* ALPN */
178 /* opaque extension_data<0..2^16-1> */
179 0x01, 0x08, /* XXX len too large */
180 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
181 0x00, 0x04, /* len */
182 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
183 0x03, /* len */
184 0x68, 0x32, 0x63
185};
186static uint8_t proto_invalid_len6[] = {
187 /* Extension extensions<0..2^16-1> -- All TLS extensions */
188 0x00, 0x0a, /* len */
189 /* ExtensionType extension_type */
190 0x00, 0x10, /* ALPN */
191 /* opaque extension_data<0..2^16-1> */
192 0x00, 0x05, /* XXX len too small */
193 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
194 0x00, 0x04, /* len */
195 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
196 0x03, /* len */
197 0x68, 0x32, 0x63
198};
199static uint8_t proto_invalid_len7[] = {
200 /* Extension extensions<0..2^16-1> -- All TLS extensions */
201 0x00, 0x06, /* XXX len too small */
202 /* ExtensionType extension_type */
203 0x00, 0x10, /* ALPN */
204 /* opaque extension_data<0..2^16-1> */
205 0x00, 0x06, /* len */
206 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
207 0x00, 0x04, /* len */
208 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
209 0x03, /* len */
210 0x68, 0x32, 0x63
211};
212static uint8_t proto_invalid_len8[] = {
213 /* Extension extensions<0..2^16-1> -- All TLS extensions */
214 0x00, 0x0b, /* XXX len too large */
215 /* ExtensionType extension_type */
216 0x00, 0x10, /* ALPN */
217 /* opaque extension_data<0..2^16-1> */
218 0x00, 0x06, /* len */
219 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
220 0x00, 0x04, /* len */
221 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
222 0x03, /* len */
223 0x68, 0x32, 0x63
224};
225
226/* Invalid for client and server since it is missing data. */
227static uint8_t proto_invalid_missing1[] = {
228 /* Extension extensions<0..2^16-1> -- All TLS extensions */
229 0x00, 0x0a, /* len */
230 /* ExtensionType extension_type */
231 0x00, 0x10, /* ALPN */
232 /* opaque extension_data<0..2^16-1> */
233 0x00, 0x06, /* len */
234 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
235 0x00, 0x04, /* len of all names */
236 /* opaque ProtocolName<1..2^8-1> -- 'h2c' */
237 /* XXX missing */
238};
239static uint8_t proto_invalid_missing2[] = {
240 /* Extension extensions<0..2^16-1> -- All TLS extensions */
241 0x00, 0x0a, /* len */
242 /* ExtensionType extension_type */
243 0x00, 0x10, /* ALPN */
244 /* opaque extension_data<0..2^16-1> */
245 0x00, 0x00, /* XXX missing name list */
246 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
247};
248static uint8_t proto_invalid_missing3[] = {
249 /* Extension extensions<0..2^16-1> -- All TLS extensions */
250 0x00, 0x0a, /* len */
251 /* ExtensionType extension_type */
252 0x00, 0x10, /* ALPN */
253 /* opaque extension_data<0..2^16-1> */
254 0x00, 0x02, /* XXX size is sufficient but missing data for name list */
255 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
256};
257static uint8_t proto_invalid_missing4[] = {
258 /* Extension extensions<0..2^16-1> -- All TLS extensions */
259 0x00, 0x0a, /* len */
260 /* ExtensionType extension_type */
261 0x00, 0x10, /* ALPN */
262 /* opaque extension_data<0..2^16-1> */
263 /* XXX missing */
264};
265static uint8_t proto_invalid_missing5[] = {
266 /* Extension extensions<0..2^16-1> -- All TLS extensions */
267 0x00, 0x1c, /* len */
268 /* ExtensionType extension_type */
269 0x00, 0x10, /* ALPN */
270 /* opaque extension_data<0..2^16-1> */
271 0x00, 0x18, /* len */
272 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
273 0x00, 0x16, /* len of all names */
274 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
275 0x08, /* len */
276 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
277 /* opaque ProtocolName<1..2^8-1> -- 'h2' */
278 0x02, /* len */
279 0x68, 0x32,
280 /* XXX missing name */
281};
282static uint8_t proto_invalid_missing6[] = {
283 /* Extension extensions<0..2^16-1> -- All TLS extensions */
284 0x00, 0x07, /* len */
285 /* ExtensionType extension_type */
286 0x00, 0x10, /* ALPN */
287 /* opaque extension_data<0..2^16-1> */
288 0x00, 0x03, /* len */
289 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
290 0x00, 0x01, /* XXX len must be at least 2 */
291 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
292 0x00, /* XXX len cannot be 0 */
293};
294static uint8_t proto_invalid_missing7[] = {
295 /* Extension extensions<0..2^16-1> -- All TLS extensions */
296 0x00, 0x07, /* len */
297 /* ExtensionType extension_type */
298 0x00, 0x10, /* ALPN */
299 /* opaque extension_data<0..2^16-1> */
300 0x00, 0x03, /* len */
301 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
302 0x00, 0x02, /* XXX len is at least 2 but not correct. */
303 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
304 0x00, /* XXX len cannot be 0 */
305};
306static uint8_t proto_invalid_missing8[] = {
307 /* Extension extensions<0..2^16-1> -- All TLS extensions */
308 0x00, 0x01, /* len */
309 /* ExtensionType extension_type */
310 0x00, /* XXX need a 2 byte type */
311};
312static uint8_t proto_invalid_missing9[] = {
313 /* Extension extensions<0..2^16-1> -- All TLS extensions */
314 0x0a, /* XXX need a 2 byte len */
315};
316
317
318#define CHECK_BOTH(c_val, s_val, proto) do { \
319 { \
320 CBS cbs; \
321 int al; \
322 \
323 CBS_init(&cbs, proto, sizeof(proto)); \
324 CHECK(c_val == tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)); \
325 CBS_init(&cbs, proto, sizeof(proto)); \
326 CHECK(s_val == tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)); \
327 } \
328} while (0)
329
330static int dummy_alpn_cb(SSL *ssl, const unsigned char **out,
331 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
332 void *arg);
333
334static int
335check_valid_alpn(SSL *s)
336{
337 const uint8_t str[] = {
338 0x08, /* len */
339 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
340 };
341
342 /* Setup in order to test ALPN. */
343 CHECK(! SSL_set_alpn_protos(s, str, 9));
344 SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);
345
346 /* Prerequisites to test these. */
347 CHECK(s->internal->alpn_client_proto_list != NULL);
348 CHECK(s->ctx->internal->alpn_select_cb != NULL);
349 //CHECK(s->s3->tmp.finish_md_len == 0);
350
351 CHECK_BOTH(1, 1, proto_single);
352 CHECK_BOTH(1, 1, proto_empty);
353
354 /* Multiple protocol names are only valid for client */
355 CHECK_BOTH(1, 0, proto_multiple1);
356 CHECK_BOTH(1, 0, proto_multiple2);
357 CHECK_BOTH(1, 0, proto_multiple3);
358
359 return 1;
360}
361
362/*
363 * Some of the IANA approved IDs from:
364 * http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
365 */
366static int
367check_invalid_alpn(SSL *s)
368{
369 const uint8_t str[] = {
370 0x08, /* len */
371 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* http/1.1 */
372 };
373
374 /* Setup in order to test ALPN. */
375 CHECK(! SSL_set_alpn_protos(s, str, 9));
376 SSL_CTX_set_alpn_select_cb(s->ctx, dummy_alpn_cb, NULL);
377
378 /* Prerequisites to test these. */
379 CHECK(s->internal->alpn_client_proto_list != NULL);
380 CHECK(s->ctx->internal->alpn_select_cb != NULL);
381 //CHECK(s->s3->tmp.finish_md_len == 0);
382
383 /* None of these are valid for client or server */
384 CHECK_BOTH(0, 0, proto_invalid_len1);
385 CHECK_BOTH(0, 0, proto_invalid_len2);
386 CHECK_BOTH(0, 0, proto_invalid_len3);
387 CHECK_BOTH(0, 0, proto_invalid_len4);
388 CHECK_BOTH(0, 0, proto_invalid_len5);
389 CHECK_BOTH(0, 0, proto_invalid_len6);
390 CHECK_BOTH(0, 0, proto_invalid_len7);
391 CHECK_BOTH(0, 0, proto_invalid_len8);
392 CHECK_BOTH(0, 0, proto_invalid_missing1);
393 CHECK_BOTH(0, 0, proto_invalid_missing2);
394 CHECK_BOTH(0, 0, proto_invalid_missing3);
395 CHECK_BOTH(0, 0, proto_invalid_missing4);
396 CHECK_BOTH(0, 0, proto_invalid_missing5);
397 CHECK_BOTH(0, 0, proto_invalid_missing6);
398 CHECK_BOTH(0, 0, proto_invalid_missing7);
399 CHECK_BOTH(0, 0, proto_invalid_missing8);
400 CHECK_BOTH(0, 0, proto_invalid_missing9);
401
402 return 1;
403}
404
405int
406dummy_alpn_cb(SSL *ssl __attribute__((unused)), const unsigned char **out,
407 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
408 void *arg __attribute__((unused)))
409{
410 *out = in;
411 *outlen = (unsigned char)inlen;
412
413 return 0;
414}
415
416int
417main(void)
418{
419 SSL_CTX *ctx = NULL;
420 SSL *s = NULL;
421 int rv = 1;
422
423 SSL_library_init();
424
425 CHECK_GOTO((ctx = SSL_CTX_new(TLSv1_2_client_method())) != NULL);
426 CHECK_GOTO((s = SSL_new(ctx)) != NULL);
427
428 if (!check_valid_alpn(s))
429 goto err;
430 if (!check_invalid_alpn(s))
431 goto err;
432
433 rv = 0;
434
435err:
436 SSL_CTX_free(ctx);
437 SSL_free(s);
438
439 if (!rv)
440 printf("PASS %s\n", __FILE__);
441 return rv;
442}
diff --git a/src/regress/lib/libssl/unit/tls_prf.c b/src/regress/lib/libssl/unit/tls_prf.c
deleted file mode 100644
index 9e8f5b4053..0000000000
--- a/src/regress/lib/libssl/unit/tls_prf.c
+++ /dev/null
@@ -1,251 +0,0 @@
1/* $OpenBSD: tls_prf.c,v 1.5 2021/03/24 19:02:35 jsing Exp $ */
2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <err.h>
19
20#include "ssl_locl.h"
21
22int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
23 const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
24 const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
25 const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
26
27#define TLS_PRF_OUT_LEN 128
28
29struct tls_prf_test {
30 const unsigned char *desc;
31 const SSL_METHOD *(*ssl_method)(void);
32 const uint16_t cipher_value;
33 const unsigned char out[TLS_PRF_OUT_LEN];
34};
35
36static struct tls_prf_test tls_prf_tests[] = {
37 {
38 .desc = "MD5+SHA1",
39 .ssl_method = TLSv1_method,
40 .cipher_value = 0x0033,
41 .out = {
42 0x03, 0xa1, 0xc1, 0x7d, 0x2c, 0xa5, 0x3d, 0xe8,
43 0x9d, 0x59, 0x5e, 0x30, 0xf5, 0x71, 0xbb, 0x96,
44 0xde, 0x5c, 0x8e, 0xdc, 0x25, 0x8a, 0x7c, 0x05,
45 0x9f, 0x7d, 0x35, 0x29, 0x45, 0xae, 0x56, 0xad,
46 0x9f, 0x57, 0x15, 0x5c, 0xdb, 0x83, 0x3a, 0xac,
47 0x19, 0xa8, 0x2b, 0x40, 0x72, 0x38, 0x1e, 0xed,
48 0xf3, 0x25, 0xde, 0x84, 0x84, 0xd8, 0xd1, 0xfc,
49 0x31, 0x85, 0x81, 0x12, 0x55, 0x4d, 0x12, 0xb5,
50 0xed, 0x78, 0x5e, 0xba, 0xc8, 0xec, 0x8d, 0x28,
51 0xa1, 0x21, 0x1e, 0x6e, 0x07, 0xf1, 0xfc, 0xf5,
52 0xbf, 0xe4, 0x8e, 0x8e, 0x97, 0x15, 0x93, 0x85,
53 0x75, 0xdd, 0x87, 0x09, 0xd0, 0x4e, 0xe5, 0xd5,
54 0x9e, 0x1f, 0xd6, 0x1c, 0x3b, 0xe9, 0xad, 0xba,
55 0xe0, 0x16, 0x56, 0x62, 0x90, 0xd6, 0x82, 0x84,
56 0xec, 0x8a, 0x22, 0xbe, 0xdc, 0x6a, 0x5e, 0x05,
57 0x12, 0x44, 0xec, 0x60, 0x61, 0xd1, 0x8a, 0x66,
58 },
59 },
60 {
61 .desc = "GOST94",
62 .ssl_method = TLSv1_2_method,
63 .cipher_value = 0x0081,
64 .out = {
65 0xcc, 0xd4, 0x89, 0x5f, 0x52, 0x08, 0x9b, 0xc7,
66 0xf9, 0xb5, 0x83, 0x58, 0xe8, 0xc7, 0x71, 0x49,
67 0x39, 0x99, 0x1f, 0x14, 0x8f, 0x85, 0xbe, 0x64,
68 0xee, 0x40, 0x5c, 0xe7, 0x5f, 0x68, 0xaf, 0xf2,
69 0xcd, 0x3a, 0x94, 0x52, 0x33, 0x53, 0x46, 0x7d,
70 0xb6, 0xc5, 0xe1, 0xb8, 0xa4, 0x04, 0x69, 0x91,
71 0x0a, 0x9c, 0x88, 0x86, 0xd9, 0x60, 0x63, 0xdd,
72 0xd8, 0xe7, 0x2e, 0xee, 0xce, 0xe2, 0x20, 0xd8,
73 0x9a, 0xfa, 0x9c, 0x63, 0x0c, 0x9c, 0xa1, 0x76,
74 0xed, 0x78, 0x9a, 0x84, 0x70, 0xb4, 0xd1, 0x51,
75 0x1f, 0xde, 0x44, 0xe8, 0x90, 0x21, 0x3f, 0xeb,
76 0x05, 0xf4, 0x77, 0x59, 0xf3, 0xad, 0xdd, 0x34,
77 0x3d, 0x3a, 0x7c, 0xd0, 0x59, 0x40, 0xe1, 0x3f,
78 0x04, 0x4b, 0x8b, 0xd6, 0x95, 0x46, 0xb4, 0x9e,
79 0x4c, 0x2d, 0xf7, 0xee, 0xbd, 0xbc, 0xcb, 0x5c,
80 0x3a, 0x36, 0x0c, 0xd0, 0x27, 0xcb, 0x45, 0x06,
81 },
82 },
83 {
84 .desc = "SHA256 (via TLSv1.2)",
85 .ssl_method = TLSv1_2_method,
86 .cipher_value = 0x0033,
87 .out = {
88 0x37, 0xa7, 0x06, 0x71, 0x6e, 0x19, 0x19, 0xda,
89 0x23, 0x8c, 0xcc, 0xb4, 0x2f, 0x31, 0x64, 0x9d,
90 0x05, 0x29, 0x1c, 0x33, 0x7e, 0x09, 0x1b, 0x0c,
91 0x0e, 0x23, 0xc1, 0xb0, 0x40, 0xcc, 0x31, 0xf7,
92 0x55, 0x66, 0x68, 0xd9, 0xa8, 0xae, 0x74, 0x75,
93 0xf3, 0x46, 0xe9, 0x3a, 0x54, 0x9d, 0xe0, 0x8b,
94 0x7e, 0x6c, 0x63, 0x1c, 0xfa, 0x2f, 0xfd, 0xc9,
95 0xd3, 0xf1, 0xd3, 0xfe, 0x7b, 0x9e, 0x14, 0x95,
96 0xb5, 0xd0, 0xad, 0x9b, 0xee, 0x78, 0x8c, 0x83,
97 0x18, 0x58, 0x7e, 0xa2, 0x23, 0xc1, 0x8b, 0x62,
98 0x94, 0x12, 0xcb, 0xb6, 0x60, 0x69, 0x32, 0xfe,
99 0x98, 0x0e, 0x93, 0xb0, 0x8e, 0x5c, 0xfb, 0x6e,
100 0xdb, 0x9a, 0xc2, 0x9f, 0x8c, 0x5c, 0x43, 0x19,
101 0xeb, 0x4a, 0x52, 0xad, 0x62, 0x2b, 0xdd, 0x9f,
102 0xa3, 0x74, 0xa6, 0x96, 0x61, 0x4d, 0x98, 0x40,
103 0x63, 0xa6, 0xd4, 0xbb, 0x17, 0x11, 0x75, 0xed,
104 },
105 },
106 {
107 .desc = "SHA384",
108 .ssl_method = TLSv1_2_method,
109 .cipher_value = 0x009d,
110 .out = {
111 0x00, 0x93, 0xc3, 0xfd, 0xa7, 0xbb, 0xdc, 0x5b,
112 0x13, 0x3a, 0xe6, 0x8b, 0x1b, 0xac, 0xf3, 0xfb,
113 0x3c, 0x9a, 0x78, 0xf6, 0x19, 0xf0, 0x13, 0x0f,
114 0x0d, 0x01, 0x9d, 0xdf, 0x0a, 0x28, 0x38, 0xce,
115 0x1a, 0x9b, 0x43, 0xbe, 0x56, 0x12, 0xa7, 0x16,
116 0x58, 0xe1, 0x8a, 0xe4, 0xc5, 0xbb, 0x10, 0x4c,
117 0x3a, 0xf3, 0x7f, 0xd3, 0xdb, 0xe4, 0xe0, 0x3d,
118 0xcc, 0x83, 0xca, 0xf0, 0xf9, 0x69, 0xcc, 0x70,
119 0x83, 0x32, 0xf6, 0xfc, 0x81, 0x80, 0x02, 0xe8,
120 0x31, 0x1e, 0x7c, 0x3b, 0x34, 0xf7, 0x34, 0xd1,
121 0xcf, 0x2a, 0xc4, 0x36, 0x2f, 0xe9, 0xaa, 0x7f,
122 0x6d, 0x1f, 0x5e, 0x0e, 0x39, 0x05, 0x15, 0xe1,
123 0xa2, 0x9a, 0x4d, 0x97, 0x8c, 0x62, 0x46, 0xf1,
124 0x87, 0x65, 0xd8, 0xe9, 0x14, 0x11, 0xa6, 0x48,
125 0xd7, 0x0e, 0x6e, 0x70, 0xad, 0xfb, 0x3f, 0x36,
126 0x05, 0x76, 0x4b, 0xe4, 0x28, 0x50, 0x4a, 0xf2,
127 },
128 },
129 {
130 .desc = "STREEBOG256",
131 .ssl_method = TLSv1_2_method,
132 .cipher_value = 0xff87,
133 .out = {
134 0x3e, 0x13, 0xb9, 0xeb, 0x85, 0x8c, 0xb4, 0x21,
135 0x23, 0x40, 0x9b, 0x73, 0x04, 0x56, 0xe2, 0xff,
136 0xce, 0x52, 0x1f, 0x82, 0x7f, 0x17, 0x5b, 0x80,
137 0x23, 0x71, 0xca, 0x30, 0xdf, 0xfc, 0xdc, 0x2d,
138 0xc0, 0xfc, 0x5d, 0x23, 0x5a, 0x54, 0x7f, 0xae,
139 0xf5, 0x7d, 0x52, 0x1e, 0x86, 0x95, 0xe1, 0x2d,
140 0x28, 0xe7, 0xbe, 0xd7, 0xd0, 0xbf, 0xa9, 0x96,
141 0x13, 0xd0, 0x9c, 0x0c, 0x1c, 0x16, 0x05, 0xbb,
142 0x26, 0xd7, 0x30, 0x39, 0xb9, 0x53, 0x28, 0x98,
143 0x4f, 0x1b, 0x83, 0xc3, 0xce, 0x1c, 0x7c, 0x34,
144 0xa2, 0xc4, 0x7a, 0x54, 0x16, 0xc6, 0xa7, 0x9e,
145 0xed, 0x4b, 0x7b, 0x83, 0xa6, 0xae, 0xe2, 0x5b,
146 0x96, 0xf5, 0x6c, 0xad, 0x1f, 0xa3, 0x83, 0xb2,
147 0x84, 0x32, 0xed, 0xe3, 0x2c, 0xf6, 0xd4, 0x73,
148 0x30, 0xef, 0x9d, 0xbe, 0xe7, 0x23, 0x9a, 0xbf,
149 0x4d, 0x1c, 0xe7, 0xef, 0x3d, 0xea, 0x46, 0xe2,
150 },
151 },
152};
153
154#define N_TLS_PRF_TESTS \
155 (sizeof(tls_prf_tests) / sizeof(*tls_prf_tests))
156
157#define TLS_PRF_SEED1 "tls prf seed 1"
158#define TLS_PRF_SEED2 "tls prf seed 2"
159#define TLS_PRF_SEED3 "tls prf seed 3"
160#define TLS_PRF_SEED4 "tls prf seed 4"
161#define TLS_PRF_SEED5 "tls prf seed 5"
162#define TLS_PRF_SECRET "tls prf secretz"
163
164static void
165hexdump(const unsigned char *buf, size_t len)
166{
167 size_t i;
168
169 for (i = 1; i <= len; i++)
170 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
171
172 fprintf(stderr, "\n");
173}
174
175static int
176do_tls_prf_test(int test_no, struct tls_prf_test *tpt)
177{
178 unsigned char *out = NULL;
179 const SSL_CIPHER *cipher;
180 SSL_CTX *ssl_ctx = NULL;
181 SSL *ssl = NULL;
182 int failure = 1;
183 int len;
184
185 fprintf(stderr, "Test %i - %s\n", test_no, tpt->desc);
186
187 if ((out = malloc(TLS_PRF_OUT_LEN)) == NULL)
188 errx(1, "failed to allocate out");
189
190 if ((ssl_ctx = SSL_CTX_new(tpt->ssl_method())) == NULL)
191 errx(1, "failed to create SSL context");
192 if ((ssl = SSL_new(ssl_ctx)) == NULL)
193 errx(1, "failed to create SSL context");
194
195 if ((cipher = ssl3_get_cipher_by_value(tpt->cipher_value)) == NULL) {
196 fprintf(stderr, "FAIL: no cipher %hx\n", tpt->cipher_value);
197 goto failure;
198 }
199
200 S3I(ssl)->hs.cipher = cipher;
201
202 for (len = 1; len <= TLS_PRF_OUT_LEN; len++) {
203 memset(out, 'A', TLS_PRF_OUT_LEN);
204
205 if (tls1_PRF(ssl, TLS_PRF_SECRET, sizeof(TLS_PRF_SECRET),
206 TLS_PRF_SEED1, sizeof(TLS_PRF_SEED1), TLS_PRF_SEED2,
207 sizeof(TLS_PRF_SEED2), TLS_PRF_SEED3, sizeof(TLS_PRF_SEED3),
208 TLS_PRF_SEED4, sizeof(TLS_PRF_SEED4), TLS_PRF_SEED5,
209 sizeof(TLS_PRF_SEED5), out, len) != 1) {
210 fprintf(stderr, "FAIL: tls_PRF failed for len %i\n",
211 len);
212 goto failure;
213 }
214
215 if (memcmp(out, tpt->out, len) != 0) {
216 fprintf(stderr, "FAIL: tls_PRF output differs for "
217 "len %i\n", len);
218 fprintf(stderr, "output:\n");
219 hexdump(out, TLS_PRF_OUT_LEN);
220 fprintf(stderr, "test data:\n");
221 hexdump(tpt->out, TLS_PRF_OUT_LEN);
222 fprintf(stderr, "\n");
223 goto failure;
224 }
225 }
226
227 failure = 0;
228
229 failure:
230 SSL_free(ssl);
231 SSL_CTX_free(ssl_ctx);
232
233 free(out);
234
235 return failure;
236}
237
238int
239main(int argc, char **argv)
240{
241 int failed = 0;
242 size_t i;
243
244 SSL_library_init();
245 SSL_load_error_strings();
246
247 for (i = 0; i < N_TLS_PRF_TESTS; i++)
248 failed |= do_tls_prf_test(i, &tls_prf_tests[i]);
249
250 return failed;
251}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-02-09 19:13:05 +0000