1 files changed, 470 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 792ccfe706..5a7a34c56c 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.3 2017/07/24 17:42:14 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.4 2017/08/11 05:06:34 doug Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 *
@@ -33,6 +33,23 @@ hexdump(const unsigned char *buf, size_t len)
        fprintf(stderr, "\n");
 }
+static void
+compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect,
+    size_t expect_len)
+{
+        fprintf(stderr, "received:\n");
+        hexdump(recv, recv_len);
+        fprintf(stderr, "test data:\n");
+        hexdump(expect, expect_len);
+}
+#define FAIL(msg, ...)                                          \
+do {                                                            \
+        fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__);  \
+        fprintf(stderr, msg, ##__VA_ARGS__);                    \
+} while(0)
 /*
 * Renegotiation Indication - RFC 5746.
 */
@@ -522,6 +539,455 @@ test_tlsext_sni_serverhello(void)
        return (failure);
 }
+/*
+ * ECPointFormats - RFC 4492 section 5.1.2 (Supported Point Formats).
+ *
+ * Examples are from the RFC.  Both client and server have the same build and
+ * parse but the needs differ.
+ */
+static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
+        TLSEXT_ECPOINTFORMAT_uncompressed
+};
+static uint8_t tlsext_ecpf_hello_uncompressed[] = {
+        0x01,
+        0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
+};
+static uint8_t tlsext_ecpf_hello_prime[] = {
+        0x01,
+        0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
+};
+static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
+        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
+        TLSEXT_ECPOINTFORMAT_uncompressed,
+        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
+};
+static uint8_t tlsext_ecpf_hello_prefer_order[] = {
+        0x03,
+        0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
+        0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
+        0x02  /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
+};
+static int
+test_tlsext_ecpf_clienthello(void)
+{
+        uint8_t *data = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        size_t dlen;
+        int failure, alert;
+        CBB cbb;
+        CBS cbs;
+        failure = 1;
+        CBB_init(&cbb, 0);
+        if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        /*
+         * Default ciphers include EC so we need it by default.
+         */
+        if (!tlsext_ecpf_clienthello_needs(ssl)) {
+                FAIL("clienthello should need ECPointFormats for default "
+                    "ciphers\n");
+                goto err;
+        }
+        /*
+         * Exclude EC cipher suites so we can test not including it.
+         */
+        if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
+                FAIL("clienthello should be able to set cipher list\n");
+                goto err;
+        }
+        if (tlsext_ecpf_clienthello_needs(ssl)) {
+                FAIL("clienthello should not need ECPointFormats\n");
+                goto err;
+        }
+        /*
+         * Use libtls default for the rest of the testing
+         */
+        if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
+                FAIL("clienthello should be able to set cipher list\n");
+                goto err;
+        }
+        if (!tlsext_ecpf_clienthello_needs(ssl)) {
+                FAIL("clienthello should need ECPointFormats\n");
+                goto err;
+        }
+        /*
+         * The default ECPointFormats should only have uncompressed
+         */
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) {
+                FAIL("clienthello failed to build ECPointFormats\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
+                FAIL("got clienthello ECPointFormats with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_ecpf_hello_uncompressed));
+                compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
+                    sizeof(tlsext_ecpf_hello_uncompressed));
+                goto err;
+        }
+        if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
+                FAIL("clienthello ECPointFormats differs:\n");
+                compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
+                    sizeof(tlsext_ecpf_hello_uncompressed));
+                goto err;
+        }
+        /*
+         * Make sure we can parse the default.
+         */
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        SSL_SESSION_free(ssl->session);
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
+            sizeof(tlsext_ecpf_hello_uncompressed));
+        if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse clienthello ECPointFormats\n");
+                goto err;
+        }
+        if (SSI(ssl)->tlsext_ecpointformatlist_length !=
+            sizeof(tlsext_ecpf_hello_uncompressed_val)) {
+                FAIL("no tlsext_ecpointformats from clienthello "
+                    "ECPointFormats\n");
+                goto err;
+        }
+        if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
+            tlsext_ecpf_hello_uncompressed_val,
+            sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
+                FAIL("clienthello had an incorrect ECPointFormats entry\n");
+                goto err;
+        }
+        /*
+         * Test with a custom order.
+         */
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        SSL_SESSION_free(ssl->session);
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
+                FAIL("client could not malloc\n");
+                goto err;
+        }
+        ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
+        ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+        ssl->internal->tlsext_ecpointformatlist_length = 3;
+        if (!tlsext_ecpf_clienthello_needs(ssl)) {
+                FAIL("clienthello should need ECPointFormats with a custom "
+                    "format\n");
+                goto err;
+        }
+        if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) {
+                FAIL("clienthello failed to build ECPointFormats\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
+                FAIL("got clienthello ECPointFormats with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_ecpf_hello_prefer_order));
+                compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
+                    sizeof(tlsext_ecpf_hello_prefer_order));
+                goto err;
+        }
+        if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
+                FAIL("clienthello ECPointFormats differs:\n");
+                compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
+                    sizeof(tlsext_ecpf_hello_prefer_order));
+                goto err;
+        }
+        /*
+         * Make sure that we can parse this custom order.
+         */
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        SSL_SESSION_free(ssl->session);
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        /* Reset the custom list so we go back to the default uncompressed. */
+        free(ssl->internal->tlsext_ecpointformatlist);
+        ssl->internal->tlsext_ecpointformatlist = NULL;
+        ssl->internal->tlsext_ecpointformatlist_length = 0;
+        CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
+            sizeof(tlsext_ecpf_hello_prefer_order));
+        if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse clienthello ECPointFormats\n");
+                goto err;
+        }
+        if (SSI(ssl)->tlsext_ecpointformatlist_length !=
+            sizeof(tlsext_ecpf_hello_prefer_order_val)) {
+                FAIL("no tlsext_ecpointformats from clienthello "
+                    "ECPointFormats\n");
+                goto err;
+        }
+        if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
+            tlsext_ecpf_hello_prefer_order_val,
+            sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
+                FAIL("clienthello had an incorrect ECPointFormats entry\n");
+                goto err;
+        }
+        failure = 0;
+ err:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+static int
+test_tlsext_ecpf_serverhello(void)
+{
+        uint8_t *data = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        size_t dlen;
+        int failure, alert;
+        CBB cbb;
+        CBS cbs;
+        failure = 1;
+        CBB_init(&cbb, 0);
+        if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        /* Setup the state so we can call needs. */
+        if ((S3I(ssl)->hs.new_cipher =
+            ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
+            == NULL) {
+                FAIL("serverhello cannot find cipher\n");
+                goto err;
+        }
+        if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
+            == NULL) {
+                FAIL("server could not malloc\n");
+                goto err;
+        }
+        SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        SSI(ssl)->tlsext_ecpointformatlist_length = 1;
+        if (!tlsext_ecpf_serverhello_needs(ssl)) {
+                FAIL("serverhello should need ECPointFormats now\n");
+                goto err;
+        }
+        /*
+         * The server will ignore the session list and use either a custom
+         * list or the default (uncompressed).
+         */
+        if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) {
+                FAIL("serverhello failed to build ECPointFormats\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
+                FAIL("got serverhello ECPointFormats with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_ecpf_hello_uncompressed));
+                compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
+                    sizeof(tlsext_ecpf_hello_uncompressed));
+                goto err;
+        }
+        if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
+                FAIL("serverhello ECPointFormats differs:\n");
+                compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
+                    sizeof(tlsext_ecpf_hello_uncompressed));
+                goto err;
+        }
+        /*
+         * Cannot parse a non-default list without at least uncompressed.
+         */
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        SSL_SESSION_free(ssl->session);
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        CBS_init(&cbs, tlsext_ecpf_hello_prime,
+            sizeof(tlsext_ecpf_hello_prime));
+        if (tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("must include uncompressed in serverhello ECPointFormats\n");
+                goto err;
+        }
+        /*
+         * Test with a custom order that replaces the default uncompressed.
+         */
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        SSL_SESSION_free(ssl->session);
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        /* Add a session list even though it will be ignored. */
+        if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
+            == NULL) {
+                FAIL("server could not malloc\n");
+                goto err;
+        }
+        SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+        SSI(ssl)->tlsext_ecpointformatlist_length = 1;
+        /* Replace the default list with a custom one. */
+        if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
+                FAIL("server could not malloc\n");
+                goto err;
+        }
+        ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
+        ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+        ssl->internal->tlsext_ecpointformatlist_length = 3;
+        if (!tlsext_ecpf_serverhello_needs(ssl)) {
+                FAIL("serverhello should need ECPointFormats\n");
+                goto err;
+        }
+        if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) {
+                FAIL("serverhello failed to build ECPointFormats\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
+                FAIL("got serverhello ECPointFormats with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_ecpf_hello_prefer_order));
+                compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
+                    sizeof(tlsext_ecpf_hello_prefer_order));
+                goto err;
+        }
+        if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
+                FAIL("serverhello ECPointFormats differs:\n");
+                compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
+                    sizeof(tlsext_ecpf_hello_prefer_order));
+                goto err;
+        }
+        /*
+         * Should be able to parse the custom list into a session list.
+         */
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        SSL_SESSION_free(ssl->session);
+        if ((ssl->session = SSL_SESSION_new()) == NULL)
+                errx(1, "failed to create session");
+        /* Reset back to the default (uncompressed) */
+        free(ssl->internal->tlsext_ecpointformatlist);
+        ssl->internal->tlsext_ecpointformatlist = NULL;
+        ssl->internal->tlsext_ecpointformatlist_length = 0;
+        CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
+            sizeof(tlsext_ecpf_hello_prefer_order));
+        if (!tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse serverhello ECPointFormats\n");
+                goto err;
+        }
+        if (SSI(ssl)->tlsext_ecpointformatlist_length !=
+            sizeof(tlsext_ecpf_hello_prefer_order_val)) {
+                FAIL("no tlsext_ecpointformats from serverhello "
+                    "ECPointFormats\n");
+                goto err;
+        }
+        if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
+            tlsext_ecpf_hello_prefer_order_val,
+            sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
+                FAIL("serverhello had an incorrect ECPointFormats entry\n");
+                goto err;
+        }
+        failure = 0;
+ err:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
 int
 main(int argc, char **argv)
 {
@@ -535,5 +1001,8 @@ main(int argc, char **argv)
        failed |= test_tlsext_sni_clienthello();
        failed |= test_tlsext_sni_serverhello();
+        failed |= test_tlsext_ecpf_clienthello();
+        failed |= test_tlsext_ecpf_serverhello();
        return (failed);
 }

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 792ccfe706..5a7a34c56c 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.3 2017/07/24 17:42:14 jsing Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.4 2017/08/11 05:06:34 doug Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -33,6 +33,23 @@ hexdump(const unsigned char *buf, size_t len)
33	fprintf(stderr, "\n");	33	fprintf(stderr, "\n");
34	}	34	}
35		35
		36	static void
		37	compare_data(const uint8_t recv, size_t recv_len, const uint8_t expect,
		38	size_t expect_len)
		39	{
		40	fprintf(stderr, "received:\n");
		41	hexdump(recv, recv_len);
		42
		43	fprintf(stderr, "test data:\n");
		44	hexdump(expect, expect_len);
		45	}
		46
		47	#define FAIL(msg, ...) \
		48	do { \
		49	fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
		50	fprintf(stderr, msg, ##__VA_ARGS__); \
		51	} while(0)
		52
36	/*	53	/*
37	* Renegotiation Indication - RFC 5746.	54	* Renegotiation Indication - RFC 5746.
38	*/	55	*/
@@ -522,6 +539,455 @@ test_tlsext_sni_serverhello(void)
522	return (failure);	539	return (failure);
523	}	540	}
524		541
		542	/*
		543	* ECPointFormats - RFC 4492 section 5.1.2 (Supported Point Formats).
		544	*
		545	* Examples are from the RFC. Both client and server have the same build and
		546	* parse but the needs differ.
		547	*/
		548
		549	static uint8_t tlsext_ecpf_hello_uncompressed_val[] = {
		550	TLSEXT_ECPOINTFORMAT_uncompressed
		551	};
		552	static uint8_t tlsext_ecpf_hello_uncompressed[] = {
		553	0x01,
		554	0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */
		555	};
		556
		557	static uint8_t tlsext_ecpf_hello_prime[] = {
		558	0x01,
		559	0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
		560	};
		561
		562	static uint8_t tlsext_ecpf_hello_prefer_order_val[] = {
		563	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
		564	TLSEXT_ECPOINTFORMAT_uncompressed,
		565	TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
		566	};
		567	static uint8_t tlsext_ecpf_hello_prefer_order[] = {
		568	0x03,
		569	0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */
		570	0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */
		571	0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */
		572	};
		573
		574	static int
		575	test_tlsext_ecpf_clienthello(void)
		576	{
		577	uint8_t *data = NULL;
		578	SSL_CTX *ssl_ctx = NULL;
		579	SSL *ssl = NULL;
		580	size_t dlen;
		581	int failure, alert;
		582	CBB cbb;
		583	CBS cbs;
		584
		585	failure = 1;
		586
		587	CBB_init(&cbb, 0);
		588
		589	if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
		590	errx(1, "failed to create SSL_CTX");
		591	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		592	errx(1, "failed to create SSL");
		593
		594	/*
		595	* Default ciphers include EC so we need it by default.
		596	*/
		597	if (!tlsext_ecpf_clienthello_needs(ssl)) {
		598	FAIL("clienthello should need ECPointFormats for default "
		599	"ciphers\n");
		600	goto err;
		601	}
		602
		603	/*
		604	* Exclude EC cipher suites so we can test not including it.
		605	*/
		606	if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
		607	FAIL("clienthello should be able to set cipher list\n");
		608	goto err;
		609	}
		610	if (tlsext_ecpf_clienthello_needs(ssl)) {
		611	FAIL("clienthello should not need ECPointFormats\n");
		612	goto err;
		613	}
		614
		615	/*
		616	* Use libtls default for the rest of the testing
		617	*/
		618	if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
		619	FAIL("clienthello should be able to set cipher list\n");
		620	goto err;
		621	}
		622	if (!tlsext_ecpf_clienthello_needs(ssl)) {
		623	FAIL("clienthello should need ECPointFormats\n");
		624	goto err;
		625	}
		626
		627	/*
		628	* The default ECPointFormats should only have uncompressed
		629	*/
		630	if ((ssl->session = SSL_SESSION_new()) == NULL)
		631	errx(1, "failed to create session");
		632
		633	if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) {
		634	FAIL("clienthello failed to build ECPointFormats\n");
		635	goto err;
		636	}
		637
		638	if (!CBB_finish(&cbb, &data, &dlen))
		639	errx(1, "failed to finish CBB");
		640
		641	if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
		642	FAIL("got clienthello ECPointFormats with length %zu, "
		643	"want length %zu\n", dlen,
		644	sizeof(tlsext_ecpf_hello_uncompressed));
		645	compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
		646	sizeof(tlsext_ecpf_hello_uncompressed));
		647	goto err;
		648	}
		649
		650	if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
		651	FAIL("clienthello ECPointFormats differs:\n");
		652	compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
		653	sizeof(tlsext_ecpf_hello_uncompressed));
		654	goto err;
		655	}
		656
		657	/*
		658	* Make sure we can parse the default.
		659	*/
		660	CBB_cleanup(&cbb);
		661	CBB_init(&cbb, 0);
		662	free(data);
		663	data = NULL;
		664
		665	SSL_SESSION_free(ssl->session);
		666	if ((ssl->session = SSL_SESSION_new()) == NULL)
		667	errx(1, "failed to create session");
		668
		669	CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
		670	sizeof(tlsext_ecpf_hello_uncompressed));
		671	if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) {
		672	FAIL("failed to parse clienthello ECPointFormats\n");
		673	goto err;
		674	}
		675
		676	if (SSI(ssl)->tlsext_ecpointformatlist_length !=
		677	sizeof(tlsext_ecpf_hello_uncompressed_val)) {
		678	FAIL("no tlsext_ecpointformats from clienthello "
		679	"ECPointFormats\n");
		680	goto err;
		681	}
		682
		683	if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
		684	tlsext_ecpf_hello_uncompressed_val,
		685	sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
		686	FAIL("clienthello had an incorrect ECPointFormats entry\n");
		687	goto err;
		688	}
		689
		690	/*
		691	* Test with a custom order.
		692	*/
		693	CBB_cleanup(&cbb);
		694	CBB_init(&cbb, 0);
		695	free(data);
		696	data = NULL;
		697
		698	SSL_SESSION_free(ssl->session);
		699	if ((ssl->session = SSL_SESSION_new()) == NULL)
		700	errx(1, "failed to create session");
		701
		702	if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
		703	FAIL("client could not malloc\n");
		704	goto err;
		705	}
		706	ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
		707	ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
		708	ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
		709	ssl->internal->tlsext_ecpointformatlist_length = 3;
		710
		711	if (!tlsext_ecpf_clienthello_needs(ssl)) {
		712	FAIL("clienthello should need ECPointFormats with a custom "
		713	"format\n");
		714	goto err;
		715	}
		716
		717	if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) {
		718	FAIL("clienthello failed to build ECPointFormats\n");
		719	goto err;
		720	}
		721
		722	if (!CBB_finish(&cbb, &data, &dlen))
		723	errx(1, "failed to finish CBB");
		724
		725	if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
		726	FAIL("got clienthello ECPointFormats with length %zu, "
		727	"want length %zu\n", dlen,
		728	sizeof(tlsext_ecpf_hello_prefer_order));
		729	compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
		730	sizeof(tlsext_ecpf_hello_prefer_order));
		731	goto err;
		732	}
		733
		734	if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
		735	FAIL("clienthello ECPointFormats differs:\n");
		736	compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
		737	sizeof(tlsext_ecpf_hello_prefer_order));
		738	goto err;
		739	}
		740
		741	/*
		742	* Make sure that we can parse this custom order.
		743	*/
		744	CBB_cleanup(&cbb);
		745	CBB_init(&cbb, 0);
		746	free(data);
		747	data = NULL;
		748
		749	SSL_SESSION_free(ssl->session);
		750	if ((ssl->session = SSL_SESSION_new()) == NULL)
		751	errx(1, "failed to create session");
		752
		753	/* Reset the custom list so we go back to the default uncompressed. */
		754	free(ssl->internal->tlsext_ecpointformatlist);
		755	ssl->internal->tlsext_ecpointformatlist = NULL;
		756	ssl->internal->tlsext_ecpointformatlist_length = 0;
		757
		758	CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
		759	sizeof(tlsext_ecpf_hello_prefer_order));
		760	if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) {
		761	FAIL("failed to parse clienthello ECPointFormats\n");
		762	goto err;
		763	}
		764
		765	if (SSI(ssl)->tlsext_ecpointformatlist_length !=
		766	sizeof(tlsext_ecpf_hello_prefer_order_val)) {
		767	FAIL("no tlsext_ecpointformats from clienthello "
		768	"ECPointFormats\n");
		769	goto err;
		770	}
		771
		772	if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
		773	tlsext_ecpf_hello_prefer_order_val,
		774	sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
		775	FAIL("clienthello had an incorrect ECPointFormats entry\n");
		776	goto err;
		777	}
		778
		779
		780	failure = 0;
		781
		782	err:
		783	CBB_cleanup(&cbb);
		784	SSL_CTX_free(ssl_ctx);
		785	SSL_free(ssl);
		786	free(data);
		787
		788	return (failure);
		789	}
		790
		791
		792	static int
		793	test_tlsext_ecpf_serverhello(void)
		794	{
		795	uint8_t *data = NULL;
		796	SSL_CTX *ssl_ctx = NULL;
		797	SSL *ssl = NULL;
		798	size_t dlen;
		799	int failure, alert;
		800	CBB cbb;
		801	CBS cbs;
		802
		803	failure = 1;
		804
		805	CBB_init(&cbb, 0);
		806
		807	if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
		808	errx(1, "failed to create SSL_CTX");
		809	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		810	errx(1, "failed to create SSL");
		811
		812	if ((ssl->session = SSL_SESSION_new()) == NULL)
		813	errx(1, "failed to create session");
		814
		815	/* Setup the state so we can call needs. */
		816	if ((S3I(ssl)->hs.new_cipher =
		817	ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
		818	== NULL) {
		819	FAIL("serverhello cannot find cipher\n");
		820	goto err;
		821	}
		822	if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
		823	== NULL) {
		824	FAIL("server could not malloc\n");
		825	goto err;
		826	}
		827	SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
		828	SSI(ssl)->tlsext_ecpointformatlist_length = 1;
		829
		830	if (!tlsext_ecpf_serverhello_needs(ssl)) {
		831	FAIL("serverhello should need ECPointFormats now\n");
		832	goto err;
		833	}
		834
		835	/*
		836	* The server will ignore the session list and use either a custom
		837	* list or the default (uncompressed).
		838	*/
		839	if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) {
		840	FAIL("serverhello failed to build ECPointFormats\n");
		841	goto err;
		842	}
		843
		844	if (!CBB_finish(&cbb, &data, &dlen))
		845	errx(1, "failed to finish CBB");
		846
		847	if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
		848	FAIL("got serverhello ECPointFormats with length %zu, "
		849	"want length %zu\n", dlen,
		850	sizeof(tlsext_ecpf_hello_uncompressed));
		851	compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
		852	sizeof(tlsext_ecpf_hello_uncompressed));
		853	goto err;
		854	}
		855
		856	if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
		857	FAIL("serverhello ECPointFormats differs:\n");
		858	compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
		859	sizeof(tlsext_ecpf_hello_uncompressed));
		860	goto err;
		861	}
		862
		863	/*
		864	* Cannot parse a non-default list without at least uncompressed.
		865	*/
		866	CBB_cleanup(&cbb);
		867	CBB_init(&cbb, 0);
		868	free(data);
		869	data = NULL;
		870
		871	SSL_SESSION_free(ssl->session);
		872	if ((ssl->session = SSL_SESSION_new()) == NULL)
		873	errx(1, "failed to create session");
		874
		875	CBS_init(&cbs, tlsext_ecpf_hello_prime,
		876	sizeof(tlsext_ecpf_hello_prime));
		877	if (tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) {
		878	FAIL("must include uncompressed in serverhello ECPointFormats\n");
		879	goto err;
		880	}
		881
		882	/*
		883	* Test with a custom order that replaces the default uncompressed.
		884	*/
		885	CBB_cleanup(&cbb);
		886	CBB_init(&cbb, 0);
		887	free(data);
		888	data = NULL;
		889
		890	SSL_SESSION_free(ssl->session);
		891	if ((ssl->session = SSL_SESSION_new()) == NULL)
		892	errx(1, "failed to create session");
		893
		894	/* Add a session list even though it will be ignored. */
		895	if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
		896	== NULL) {
		897	FAIL("server could not malloc\n");
		898	goto err;
		899	}
		900	SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
		901	SSI(ssl)->tlsext_ecpointformatlist_length = 1;
		902
		903	/* Replace the default list with a custom one. */
		904	if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) {
		905	FAIL("server could not malloc\n");
		906	goto err;
		907	}
		908	ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
		909	ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed;
		910	ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
		911	ssl->internal->tlsext_ecpointformatlist_length = 3;
		912
		913	if (!tlsext_ecpf_serverhello_needs(ssl)) {
		914	FAIL("serverhello should need ECPointFormats\n");
		915	goto err;
		916	}
		917
		918	if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) {
		919	FAIL("serverhello failed to build ECPointFormats\n");
		920	goto err;
		921	}
		922
		923	if (!CBB_finish(&cbb, &data, &dlen))
		924	errx(1, "failed to finish CBB");
		925
		926	if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
		927	FAIL("got serverhello ECPointFormats with length %zu, "
		928	"want length %zu\n", dlen,
		929	sizeof(tlsext_ecpf_hello_prefer_order));
		930	compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
		931	sizeof(tlsext_ecpf_hello_prefer_order));
		932	goto err;
		933	}
		934
		935	if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
		936	FAIL("serverhello ECPointFormats differs:\n");
		937	compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
		938	sizeof(tlsext_ecpf_hello_prefer_order));
		939	goto err;
		940	}
		941
		942	/*
		943	* Should be able to parse the custom list into a session list.
		944	*/
		945	CBB_cleanup(&cbb);
		946	CBB_init(&cbb, 0);
		947	free(data);
		948	data = NULL;
		949
		950	SSL_SESSION_free(ssl->session);
		951	if ((ssl->session = SSL_SESSION_new()) == NULL)
		952	errx(1, "failed to create session");
		953
		954	/* Reset back to the default (uncompressed) */
		955	free(ssl->internal->tlsext_ecpointformatlist);
		956	ssl->internal->tlsext_ecpointformatlist = NULL;
		957	ssl->internal->tlsext_ecpointformatlist_length = 0;
		958
		959	CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
		960	sizeof(tlsext_ecpf_hello_prefer_order));
		961	if (!tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) {
		962	FAIL("failed to parse serverhello ECPointFormats\n");
		963	goto err;
		964	}
		965
		966	if (SSI(ssl)->tlsext_ecpointformatlist_length !=
		967	sizeof(tlsext_ecpf_hello_prefer_order_val)) {
		968	FAIL("no tlsext_ecpointformats from serverhello "
		969	"ECPointFormats\n");
		970	goto err;
		971	}
		972
		973	if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
		974	tlsext_ecpf_hello_prefer_order_val,
		975	sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
		976	FAIL("serverhello had an incorrect ECPointFormats entry\n");
		977	goto err;
		978	}
		979
		980	failure = 0;
		981
		982	err:
		983	CBB_cleanup(&cbb);
		984	SSL_CTX_free(ssl_ctx);
		985	SSL_free(ssl);
		986	free(data);
		987
		988	return (failure);
		989	}
		990
525	int	991	int
526	main(int argc, char **argv)	992	main(int argc, char **argv)
527	{	993	{
@@ -535,5 +1001,8 @@ main(int argc, char **argv)
535	failed \|= test_tlsext_sni_clienthello();	1001	failed \|= test_tlsext_sni_clienthello();
536	failed \|= test_tlsext_sni_serverhello();	1002	failed \|= test_tlsext_sni_serverhello();
537		1003
		1004	failed \|= test_tlsext_ecpf_clienthello();
		1005	failed \|= test_tlsext_ecpf_serverhello();
		1006
538	return (failed);	1007	return (failed);
539	}	1008	}