1 files changed, 381 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 950588ba47..30bbed9d8d 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.12 2017/08/12 23:39:24 beck Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.13 2017/08/26 20:23:46 doug Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -74,6 +74,383 @@ do {								\
 } while(0)
 /*
+ * Supported Application-Layer Protocol Negotiation - RFC 7301
+ *
+ * There are already extensive unit tests for this so this just
+ * tests the state info.
+ */
+const uint8_t tlsext_alpn_multiple_protos_val[] = {
+        /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
+        0x08, /* len */
+        0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
+        /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
+        0x09, /* len */
+        0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
+};
+const uint8_t tlsext_alpn_multiple_protos[] = {
+        /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
+        0x00, 0x13, /* len of all names */
+        /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
+        0x08, /* len */
+        0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
+        /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
+        0x09, /* len */
+        0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
+};
+const uint8_t tlsext_alpn_single_proto_val[] = {
+        /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
+        0x08, /* len */
+        0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
+};
+const uint8_t tlsext_alpn_single_proto_name[] = {
+        0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
+};
+const uint8_t tlsext_alpn_single_proto[] = {
+        /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
+        0x00, 0x09, /* len of all names */
+        /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
+        0x08, /* len */
+        0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
+};
+static int
+test_tlsext_alpn_clienthello(void)
+{
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        uint8_t *data = NULL;
+        CBB cbb;
+        CBS cbs;
+        int failure, alert;
+        size_t dlen;
+        CBB_init(&cbb, 0);
+        failure = 1;
+        if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        /* By default, we don't need this */
+        if (tlsext_alpn_clienthello_needs(ssl)) {
+                FAIL("clienthello should not need ALPN by default");
+                goto err;
+        }
+        /*
+         * Prereqs:
+         * 1) Set s->internal->alpn_client_proto_list
+         *    - Using SSL_set_alpn_protos()
+         * 2) We have not finished or renegotiated.
+         *    - S3I(s)->tmp.finish_md_len == 0
+         */
+        if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
+            sizeof(tlsext_alpn_single_proto_val)) != 0) {
+                FAIL("should be able to set ALPN to http/1.1");
+                goto err;
+        }
+        if (!tlsext_alpn_clienthello_needs(ssl)) {
+                FAIL("clienthello should need ALPN by now");
+                goto err;
+        }
+        /* Make sure we can build the clienthello with a single proto. */
+        if (!tlsext_alpn_clienthello_build(ssl, &cbb)) {
+                FAIL("clienthello failed to build ALPN\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_alpn_single_proto)) {
+                FAIL("got clienthello ALPN with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_alpn_single_proto));
+                compare_data(data, dlen, tlsext_alpn_single_proto,
+                    sizeof(tlsext_alpn_single_proto));
+                goto err;
+        }
+        if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
+                FAIL("clienthello ALPN differs:\n");
+                compare_data(data, dlen, tlsext_alpn_single_proto,
+                    sizeof(tlsext_alpn_single_proto));
+                goto err;
+        }
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        /* Make sure we can parse the single proto. */
+        CBS_init(&cbs, tlsext_alpn_single_proto,
+            sizeof(tlsext_alpn_single_proto));
+        if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse ALPN");
+                goto err;
+        }
+        if (ssl->internal->alpn_client_proto_list_len !=
+            sizeof(tlsext_alpn_single_proto_val)) {
+                FAIL("got clienthello ALPN with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_alpn_single_proto_val));
+                compare_data(ssl->internal->alpn_client_proto_list,
+                    ssl->internal->alpn_client_proto_list_len,
+                    tlsext_alpn_single_proto_val,
+                    sizeof(tlsext_alpn_single_proto_val));
+                goto err;
+        }
+        if (memcmp(ssl->internal->alpn_client_proto_list,
+            tlsext_alpn_single_proto_val,
+            sizeof(tlsext_alpn_single_proto_val)) != 0) {
+                FAIL("clienthello ALPN differs:\n");
+                compare_data(data, dlen, tlsext_alpn_single_proto_val,
+                    sizeof(tlsext_alpn_single_proto_val));
+                goto err;
+        }
+        /* Make sure we can build the clienthello with multiple entries. */
+        if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
+            sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
+                FAIL("should be able to set ALPN to http/1.1");
+                goto err;
+        }
+        if (!tlsext_alpn_clienthello_needs(ssl)) {
+                FAIL("clienthello should need ALPN by now");
+                goto err;
+        }
+        if (!tlsext_alpn_clienthello_build(ssl, &cbb)) {
+                FAIL("clienthello failed to build ALPN\n");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
+                FAIL("got clienthello ALPN with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_alpn_multiple_protos));
+                compare_data(data, dlen, tlsext_alpn_multiple_protos,
+                    sizeof(tlsext_alpn_multiple_protos));
+                goto err;
+        }
+        if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
+                FAIL("clienthello ALPN differs:\n");
+                compare_data(data, dlen, tlsext_alpn_multiple_protos,
+                    sizeof(tlsext_alpn_multiple_protos));
+                goto err;
+        }
+        /* Make sure we can parse multiple protos */
+        CBS_init(&cbs, tlsext_alpn_multiple_protos,
+            sizeof(tlsext_alpn_multiple_protos));
+        if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse ALPN");
+                goto err;
+        }
+        if (ssl->internal->alpn_client_proto_list_len !=
+            sizeof(tlsext_alpn_multiple_protos_val)) {
+                FAIL("got clienthello ALPN with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_alpn_multiple_protos_val));
+                compare_data(ssl->internal->alpn_client_proto_list,
+                    ssl->internal->alpn_client_proto_list_len,
+                    tlsext_alpn_multiple_protos_val,
+                    sizeof(tlsext_alpn_multiple_protos_val));
+                goto err;
+        }
+        if (memcmp(ssl->internal->alpn_client_proto_list,
+            tlsext_alpn_multiple_protos_val,
+            sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
+                FAIL("clienthello ALPN differs:\n");
+                compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
+                    sizeof(tlsext_alpn_multiple_protos_val));
+                goto err;
+        }
+        /* Make sure we can remove the list and avoid ALPN */
+        free(ssl->internal->alpn_client_proto_list);
+        ssl->internal->alpn_client_proto_list = NULL;
+        ssl->internal->alpn_client_proto_list_len = 0;
+        if (tlsext_alpn_clienthello_needs(ssl)) {
+                FAIL("clienthello should need ALPN by default");
+                goto err;
+        }
+        failure = 0;
+ err:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+static int
+test_tlsext_alpn_serverhello(void)
+{
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        uint8_t *data = NULL;
+        CBB cbb;
+        CBS cbs;
+        int failure, alert;
+        size_t dlen;
+        CBB_init(&cbb, 0);
+        failure = 1;
+        if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        /* By default, ALPN isn't needed. */
+        if (tlsext_alpn_serverhello_needs(ssl)) {
+                FAIL("serverhello should not need ALPN by default\n");
+                goto err;
+        }
+        /*
+         * The server has a single ALPN selection which is set by
+         * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
+         *
+         * This will be a plain name and separate length.
+         */
+        if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
+                errx(1, "failed to malloc");
+        }
+        memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
+            sizeof(tlsext_alpn_single_proto_name));
+        S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
+        if (!tlsext_alpn_serverhello_needs(ssl)) {
+                FAIL("serverhello should need ALPN after a protocol is selected\n");
+                goto err;
+        }
+        /* Make sure we can build a serverhello with one protocol */
+        if (!tlsext_alpn_serverhello_build(ssl, &cbb)) {
+                FAIL("serverhello should be able to build a response");
+                goto err;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen))
+                errx(1, "failed to finish CBB");
+        if (dlen != sizeof(tlsext_alpn_single_proto)) {
+                FAIL("got clienthello ALPN with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_alpn_single_proto));
+                compare_data(data, dlen, tlsext_alpn_single_proto,
+                    sizeof(tlsext_alpn_single_proto));
+                goto err;
+        }
+        if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
+                FAIL("clienthello ALPN differs:\n");
+                compare_data(data, dlen, tlsext_alpn_single_proto,
+                    sizeof(tlsext_alpn_single_proto));
+                goto err;
+        }
+        CBB_cleanup(&cbb);
+        CBB_init(&cbb, 0);
+        free(data);
+        data = NULL;
+        /* Make sure we can parse the single proto. */
+        CBS_init(&cbs, tlsext_alpn_single_proto,
+            sizeof(tlsext_alpn_single_proto));
+        /* Shouldn't be able to parse without requesting */
+        if (tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("Should only parse serverhello if we requested it");
+                goto err;
+        }
+        /* Should be able to parse once requested. */
+        if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
+            sizeof(tlsext_alpn_single_proto_val)) != 0) {
+                FAIL("should be able to set ALPN to http/1.1");
+                goto err;
+        }
+        if (!tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) {
+                FAIL("Should be able to parse serverhello when we request it");
+                goto err;
+        }
+        if (S3I(ssl)->alpn_selected_len !=
+            sizeof(tlsext_alpn_single_proto_name)) {
+                FAIL("got serverhello ALPN with length %zu, "
+                    "want length %zu\n", dlen,
+                    sizeof(tlsext_alpn_single_proto_name));
+                compare_data(S3I(ssl)->alpn_selected,
+                    S3I(ssl)->alpn_selected_len,
+                    tlsext_alpn_single_proto_name,
+                    sizeof(tlsext_alpn_single_proto_name));
+                goto err;
+        }
+        if (memcmp(S3I(ssl)->alpn_selected,
+            tlsext_alpn_single_proto_name,
+            sizeof(tlsext_alpn_single_proto_name)) != 0) {
+                FAIL("serverhello ALPN differs:\n");
+                compare_data(S3I(ssl)->alpn_selected,
+                    S3I(ssl)->alpn_selected_len,
+                    tlsext_alpn_single_proto_name,
+                    sizeof(tlsext_alpn_single_proto_name));
+                goto err;
+        }
+        /*
+         * We should NOT be able to build a serverhello with multiple
+         * protocol names.  However, the existing code did not check for this
+         * case because it is passed in as an encoded value.
+         */
+        /* Make sure we can remove the list and avoid ALPN */
+        free(S3I(ssl)->alpn_selected);
+        S3I(ssl)->alpn_selected = NULL;
+        S3I(ssl)->alpn_selected_len = 0;
+        if (tlsext_alpn_serverhello_needs(ssl)) {
+                FAIL("serverhello should need ALPN by default");
+                goto err;
+        }
+        failure = 0;
+ err:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+/*
 * Supported Elliptic Curves - RFC 4492 section 5.1.1.
 *
 * This extension is only used by the client.
@@ -1886,6 +2263,9 @@ main(int argc, char **argv)
        SSL_library_init();
+        failed |= test_tlsext_alpn_clienthello();
+        failed |= test_tlsext_alpn_serverhello();
        failed |= test_tlsext_ec_clienthello();
        failed |= test_tlsext_ec_serverhello();

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 950588ba47..30bbed9d8d 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.12 2017/08/12 23:39:24 beck Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.13 2017/08/26 20:23:46 doug Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -74,6 +74,383 @@ do { \
74	} while(0)	74	} while(0)
75		75
76	/*	76	/*
		77	* Supported Application-Layer Protocol Negotiation - RFC 7301
		78	*
		79	* There are already extensive unit tests for this so this just
		80	* tests the state info.
		81	*/
		82
		83	const uint8_t tlsext_alpn_multiple_protos_val[] = {
		84	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
		85	0x08, /* len */
		86	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
		87	/* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
		88	0x09, /* len */
		89	0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
		90	};
		91
		92	const uint8_t tlsext_alpn_multiple_protos[] = {
		93	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
		94	0x00, 0x13, /* len of all names */
		95	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
		96	0x08, /* len */
		97	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
		98	/* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */
		99	0x09, /* len */
		100	0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e
		101	};
		102
		103	const uint8_t tlsext_alpn_single_proto_val[] = {
		104	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
		105	0x08, /* len */
		106	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
		107	};
		108
		109	const uint8_t tlsext_alpn_single_proto_name[] = {
		110	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */
		111	};
		112
		113	const uint8_t tlsext_alpn_single_proto[] = {
		114	/* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */
		115	0x00, 0x09, /* len of all names */
		116	/* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */
		117	0x08, /* len */
		118	0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31
		119	};
		120
		121	static int
		122	test_tlsext_alpn_clienthello(void)
		123	{
		124	SSL_CTX *ssl_ctx = NULL;
		125	SSL *ssl = NULL;
		126	uint8_t *data = NULL;
		127	CBB cbb;
		128	CBS cbs;
		129	int failure, alert;
		130	size_t dlen;
		131
		132	CBB_init(&cbb, 0);
		133
		134	failure = 1;
		135
		136	if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
		137	errx(1, "failed to create SSL_CTX");
		138	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		139	errx(1, "failed to create SSL");
		140
		141	/* By default, we don't need this */
		142	if (tlsext_alpn_clienthello_needs(ssl)) {
		143	FAIL("clienthello should not need ALPN by default");
		144	goto err;
		145	}
		146
		147	/*
		148	* Prereqs:
		149	* 1) Set s->internal->alpn_client_proto_list
		150	* - Using SSL_set_alpn_protos()
		151	* 2) We have not finished or renegotiated.
		152	* - S3I(s)->tmp.finish_md_len == 0
		153	*/
		154	if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
		155	sizeof(tlsext_alpn_single_proto_val)) != 0) {
		156	FAIL("should be able to set ALPN to http/1.1");
		157	goto err;
		158	}
		159	if (!tlsext_alpn_clienthello_needs(ssl)) {
		160	FAIL("clienthello should need ALPN by now");
		161	goto err;
		162	}
		163
		164	/* Make sure we can build the clienthello with a single proto. */
		165
		166	if (!tlsext_alpn_clienthello_build(ssl, &cbb)) {
		167	FAIL("clienthello failed to build ALPN\n");
		168	goto err;
		169	}
		170	if (!CBB_finish(&cbb, &data, &dlen))
		171	errx(1, "failed to finish CBB");
		172
		173	if (dlen != sizeof(tlsext_alpn_single_proto)) {
		174	FAIL("got clienthello ALPN with length %zu, "
		175	"want length %zu\n", dlen,
		176	sizeof(tlsext_alpn_single_proto));
		177	compare_data(data, dlen, tlsext_alpn_single_proto,
		178	sizeof(tlsext_alpn_single_proto));
		179	goto err;
		180	}
		181	if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
		182	FAIL("clienthello ALPN differs:\n");
		183	compare_data(data, dlen, tlsext_alpn_single_proto,
		184	sizeof(tlsext_alpn_single_proto));
		185	goto err;
		186	}
		187
		188	CBB_cleanup(&cbb);
		189	CBB_init(&cbb, 0);
		190	free(data);
		191	data = NULL;
		192
		193	/* Make sure we can parse the single proto. */
		194
		195	CBS_init(&cbs, tlsext_alpn_single_proto,
		196	sizeof(tlsext_alpn_single_proto));
		197	if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) {
		198	FAIL("failed to parse ALPN");
		199	goto err;
		200	}
		201
		202	if (ssl->internal->alpn_client_proto_list_len !=
		203	sizeof(tlsext_alpn_single_proto_val)) {
		204	FAIL("got clienthello ALPN with length %zu, "
		205	"want length %zu\n", dlen,
		206	sizeof(tlsext_alpn_single_proto_val));
		207	compare_data(ssl->internal->alpn_client_proto_list,
		208	ssl->internal->alpn_client_proto_list_len,
		209	tlsext_alpn_single_proto_val,
		210	sizeof(tlsext_alpn_single_proto_val));
		211	goto err;
		212	}
		213	if (memcmp(ssl->internal->alpn_client_proto_list,
		214	tlsext_alpn_single_proto_val,
		215	sizeof(tlsext_alpn_single_proto_val)) != 0) {
		216	FAIL("clienthello ALPN differs:\n");
		217	compare_data(data, dlen, tlsext_alpn_single_proto_val,
		218	sizeof(tlsext_alpn_single_proto_val));
		219	goto err;
		220	}
		221
		222	/* Make sure we can build the clienthello with multiple entries. */
		223
		224	if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val,
		225	sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
		226	FAIL("should be able to set ALPN to http/1.1");
		227	goto err;
		228	}
		229	if (!tlsext_alpn_clienthello_needs(ssl)) {
		230	FAIL("clienthello should need ALPN by now");
		231	goto err;
		232	}
		233
		234	if (!tlsext_alpn_clienthello_build(ssl, &cbb)) {
		235	FAIL("clienthello failed to build ALPN\n");
		236	goto err;
		237	}
		238	if (!CBB_finish(&cbb, &data, &dlen))
		239	errx(1, "failed to finish CBB");
		240
		241	if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
		242	FAIL("got clienthello ALPN with length %zu, "
		243	"want length %zu\n", dlen,
		244	sizeof(tlsext_alpn_multiple_protos));
		245	compare_data(data, dlen, tlsext_alpn_multiple_protos,
		246	sizeof(tlsext_alpn_multiple_protos));
		247	goto err;
		248	}
		249	if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
		250	FAIL("clienthello ALPN differs:\n");
		251	compare_data(data, dlen, tlsext_alpn_multiple_protos,
		252	sizeof(tlsext_alpn_multiple_protos));
		253	goto err;
		254	}
		255
		256	/* Make sure we can parse multiple protos */
		257
		258	CBS_init(&cbs, tlsext_alpn_multiple_protos,
		259	sizeof(tlsext_alpn_multiple_protos));
		260	if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) {
		261	FAIL("failed to parse ALPN");
		262	goto err;
		263	}
		264
		265	if (ssl->internal->alpn_client_proto_list_len !=
		266	sizeof(tlsext_alpn_multiple_protos_val)) {
		267	FAIL("got clienthello ALPN with length %zu, "
		268	"want length %zu\n", dlen,
		269	sizeof(tlsext_alpn_multiple_protos_val));
		270	compare_data(ssl->internal->alpn_client_proto_list,
		271	ssl->internal->alpn_client_proto_list_len,
		272	tlsext_alpn_multiple_protos_val,
		273	sizeof(tlsext_alpn_multiple_protos_val));
		274	goto err;
		275	}
		276	if (memcmp(ssl->internal->alpn_client_proto_list,
		277	tlsext_alpn_multiple_protos_val,
		278	sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
		279	FAIL("clienthello ALPN differs:\n");
		280	compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
		281	sizeof(tlsext_alpn_multiple_protos_val));
		282	goto err;
		283	}
		284
		285	/* Make sure we can remove the list and avoid ALPN */
		286
		287	free(ssl->internal->alpn_client_proto_list);
		288	ssl->internal->alpn_client_proto_list = NULL;
		289	ssl->internal->alpn_client_proto_list_len = 0;
		290
		291	if (tlsext_alpn_clienthello_needs(ssl)) {
		292	FAIL("clienthello should need ALPN by default");
		293	goto err;
		294	}
		295
		296	failure = 0;
		297
		298	err:
		299	CBB_cleanup(&cbb);
		300	SSL_CTX_free(ssl_ctx);
		301	SSL_free(ssl);
		302	free(data);
		303
		304	return (failure);
		305	}
		306
		307	static int
		308	test_tlsext_alpn_serverhello(void)
		309	{
		310	SSL_CTX *ssl_ctx = NULL;
		311	SSL *ssl = NULL;
		312	uint8_t *data = NULL;
		313	CBB cbb;
		314	CBS cbs;
		315	int failure, alert;
		316	size_t dlen;
		317
		318	CBB_init(&cbb, 0);
		319
		320	failure = 1;
		321
		322	if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
		323	errx(1, "failed to create SSL_CTX");
		324	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		325	errx(1, "failed to create SSL");
		326
		327	/* By default, ALPN isn't needed. */
		328	if (tlsext_alpn_serverhello_needs(ssl)) {
		329	FAIL("serverhello should not need ALPN by default\n");
		330	goto err;
		331	}
		332
		333	/*
		334	* The server has a single ALPN selection which is set by
		335	* SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto().
		336	*
		337	* This will be a plain name and separate length.
		338	*/
		339	if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
		340	errx(1, "failed to malloc");
		341	}
		342	memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
		343	sizeof(tlsext_alpn_single_proto_name));
		344	S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
		345
		346	if (!tlsext_alpn_serverhello_needs(ssl)) {
		347	FAIL("serverhello should need ALPN after a protocol is selected\n");
		348	goto err;
		349	}
		350
		351	/* Make sure we can build a serverhello with one protocol */
		352
		353	if (!tlsext_alpn_serverhello_build(ssl, &cbb)) {
		354	FAIL("serverhello should be able to build a response");
		355	goto err;
		356	}
		357	if (!CBB_finish(&cbb, &data, &dlen))
		358	errx(1, "failed to finish CBB");
		359
		360	if (dlen != sizeof(tlsext_alpn_single_proto)) {
		361	FAIL("got clienthello ALPN with length %zu, "
		362	"want length %zu\n", dlen,
		363	sizeof(tlsext_alpn_single_proto));
		364	compare_data(data, dlen, tlsext_alpn_single_proto,
		365	sizeof(tlsext_alpn_single_proto));
		366	goto err;
		367	}
		368	if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
		369	FAIL("clienthello ALPN differs:\n");
		370	compare_data(data, dlen, tlsext_alpn_single_proto,
		371	sizeof(tlsext_alpn_single_proto));
		372	goto err;
		373	}
		374
		375	CBB_cleanup(&cbb);
		376	CBB_init(&cbb, 0);
		377	free(data);
		378	data = NULL;
		379
		380	/* Make sure we can parse the single proto. */
		381
		382	CBS_init(&cbs, tlsext_alpn_single_proto,
		383	sizeof(tlsext_alpn_single_proto));
		384
		385	/* Shouldn't be able to parse without requesting */
		386	if (tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) {
		387	FAIL("Should only parse serverhello if we requested it");
		388	goto err;
		389	}
		390
		391	/* Should be able to parse once requested. */
		392	if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
		393	sizeof(tlsext_alpn_single_proto_val)) != 0) {
		394	FAIL("should be able to set ALPN to http/1.1");
		395	goto err;
		396	}
		397	if (!tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) {
		398	FAIL("Should be able to parse serverhello when we request it");
		399	goto err;
		400	}
		401
		402	if (S3I(ssl)->alpn_selected_len !=
		403	sizeof(tlsext_alpn_single_proto_name)) {
		404	FAIL("got serverhello ALPN with length %zu, "
		405	"want length %zu\n", dlen,
		406	sizeof(tlsext_alpn_single_proto_name));
		407	compare_data(S3I(ssl)->alpn_selected,
		408	S3I(ssl)->alpn_selected_len,
		409	tlsext_alpn_single_proto_name,
		410	sizeof(tlsext_alpn_single_proto_name));
		411	goto err;
		412	}
		413	if (memcmp(S3I(ssl)->alpn_selected,
		414	tlsext_alpn_single_proto_name,
		415	sizeof(tlsext_alpn_single_proto_name)) != 0) {
		416	FAIL("serverhello ALPN differs:\n");
		417	compare_data(S3I(ssl)->alpn_selected,
		418	S3I(ssl)->alpn_selected_len,
		419	tlsext_alpn_single_proto_name,
		420	sizeof(tlsext_alpn_single_proto_name));
		421	goto err;
		422	}
		423
		424	/*
		425	* We should NOT be able to build a serverhello with multiple
		426	* protocol names. However, the existing code did not check for this
		427	* case because it is passed in as an encoded value.
		428	*/
		429
		430	/* Make sure we can remove the list and avoid ALPN */
		431
		432	free(S3I(ssl)->alpn_selected);
		433	S3I(ssl)->alpn_selected = NULL;
		434	S3I(ssl)->alpn_selected_len = 0;
		435
		436	if (tlsext_alpn_serverhello_needs(ssl)) {
		437	FAIL("serverhello should need ALPN by default");
		438	goto err;
		439	}
		440
		441	failure = 0;
		442
		443	err:
		444	CBB_cleanup(&cbb);
		445	SSL_CTX_free(ssl_ctx);
		446	SSL_free(ssl);
		447	free(data);
		448
		449	return (failure);
		450
		451	}
		452
		453	/*
77	* Supported Elliptic Curves - RFC 4492 section 5.1.1.	454	* Supported Elliptic Curves - RFC 4492 section 5.1.1.
78	*	455	*
79	* This extension is only used by the client.	456	* This extension is only used by the client.
@@ -1886,6 +2263,9 @@ main(int argc, char **argv)
1886		2263
1887	SSL_library_init();	2264	SSL_library_init();
1888		2265
		2266	failed \|= test_tlsext_alpn_clienthello();
		2267	failed \|= test_tlsext_alpn_serverhello();
		2268
1889	failed \|= test_tlsext_ec_clienthello();	2269	failed \|= test_tlsext_ec_clienthello();
1890	failed \|= test_tlsext_ec_serverhello();	2270	failed \|= test_tlsext_ec_serverhello();
1891		2271