1 files changed, 192 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 04403118af..7a9f7d9be7 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,7 +1,8 @@
-/* $OpenBSD: tlsexttest.c,v 1.21 2019/01/18 00:55:15 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.22 2019/01/18 12:09:52 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
+ * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -2934,6 +2935,192 @@ test_tlsext_serverhello_build(void)
        return (failure);
 }
+static unsigned char tlsext_versions_client[] = {
+        0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
+        0x02, 0x03, 0x01,
+};
+static int
+test_tlsext_versions_client(void)
+{
+        unsigned char *data = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        int failure = 0;
+        size_t dlen;
+        int alert;
+        CBB cbb;
+        CBS cbs;
+        CBB_init(&cbb, 0);
+        if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        S3I(ssl)->hs_tls13.max_version = 0;
+        if (tlsext_versions_client_needs(ssl)) {
+                FAIL("client should not need versions\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
+        if (tlsext_versions_client_needs(ssl)) {
+                FAIL("client should not need versions\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
+        if (!tlsext_versions_client_needs(ssl)) {
+                FAIL("client should need versions\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
+        S3I(ssl)->hs_tls13.min_version = 0;
+        if (tlsext_versions_client_build(ssl, &cbb)) {
+                FAIL("client should not have built versions\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
+        S3I(ssl)->hs_tls13.min_version = TLS1_VERSION;
+        if (!tlsext_versions_client_build(ssl, &cbb)) {
+                FAIL("client should have built versions\n");
+                failure = 1;
+                goto done;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen)) {
+                FAIL("failed to finish CBB");
+                failure = 1;
+                goto done;
+        }
+        if (dlen != sizeof(tlsext_versions_client)) {
+                FAIL("got versions with length %zu, "
+                    "want length %zu\n", dlen, (size_t) sizeof(tlsext_versions_client));
+                failure = 1;
+                goto done;
+        }
+        CBS_init(&cbs, tlsext_versions_client, sizeof(tlsext_versions_client));
+        if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse client versions\n");
+                failure = 1;
+                goto done;
+        }
+        if (CBS_len(&cbs) != 0) {
+                FAIL("extension data remaining");
+                failure = 1;
+                goto done;
+        }
+ done:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
+static unsigned char tlsext_keyshare_client[] = {
+        0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
+        0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
+        0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
+        0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
+        0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
+};
+static int
+test_tlsext_keyshare_client(void)
+{
+        unsigned char *data = NULL;
+        SSL_CTX *ssl_ctx = NULL;
+        SSL *ssl = NULL;
+        int failure = 0;
+        size_t dlen;
+        int alert;
+        CBB cbb;
+        CBS cbs;
+        CBB_init(&cbb, 0);
+        if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
+                errx(1, "failed to create SSL_CTX");
+        if ((ssl = SSL_new(ssl_ctx)) == NULL)
+                errx(1, "failed to create SSL");
+        S3I(ssl)->hs_tls13.max_version = 0;
+        if (tlsext_keyshare_client_needs(ssl)) {
+                FAIL("client should not need keyshare\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
+        if (tlsext_keyshare_client_needs(ssl)) {
+                FAIL("client should not need keyshare\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
+        if (!tlsext_keyshare_client_needs(ssl)) {
+                FAIL("client should need keyshare\n");
+                failure = 1;
+                goto done;
+        }
+        S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
+        if (!tlsext_keyshare_client_build(ssl, &cbb)) {
+                FAIL("client should have built keyshare\n");
+                failure = 1;
+                goto done;
+        }
+        if (!CBB_finish(&cbb, &data, &dlen)) {
+                FAIL("failed to finish CBB");
+                failure = 1;
+                goto done;
+        }
+        if (dlen != sizeof(tlsext_keyshare_client)) {
+                FAIL("got client sigalgs with length %zu, "
+                    "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
+                failure = 1;
+                goto done;
+        }
+        CBS_init(&cbs, tlsext_keyshare_client, sizeof(tlsext_keyshare_client));
+        if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) {
+                FAIL("failed to parse client keyshare\n");
+                failure = 1;
+                goto done;
+        }
+        if (CBS_len(&cbs) != 0) {
+                FAIL("extension data remaining");
+                failure = 1;
+                goto done;
+        }
+ done:
+        CBB_cleanup(&cbb);
+        SSL_CTX_free(ssl_ctx);
+        SSL_free(ssl);
+        free(data);
+        return (failure);
+}
 int
 main(int argc, char **argv)
 {
@@ -2966,6 +3153,10 @@ main(int argc, char **argv)
        failed |= test_tlsext_sessionticket_client();
        failed |= test_tlsext_sessionticket_server();
+        failed |= test_tlsext_versions_client();
+        failed |= test_tlsext_keyshare_client();
 #ifndef OPENSSL_NO_SRTP
        failed |= test_tlsext_srtp_client();
        failed |= test_tlsext_srtp_server();

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 04403118af..7a9f7d9be7 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,7 +1,8 @@
1	/* $OpenBSD: tlsexttest.c,v 1.21 2019/01/18 00:55:15 jsing Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.22 2019/01/18 12:09:52 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
		5	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
5	*	6	*
6	* Permission to use, copy, modify, and distribute this software for any	7	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above	8	* purpose with or without fee is hereby granted, provided that the above
@@ -2934,6 +2935,192 @@ test_tlsext_serverhello_build(void)
2934	return (failure);	2935	return (failure);
2935	}	2936	}
2936		2937
		2938	static unsigned char tlsext_versions_client[] = {
		2939	0x08, 0x03, 0x04, 0x03, 0x03, 0x03,
		2940	0x02, 0x03, 0x01,
		2941	};
		2942
		2943	static int
		2944	test_tlsext_versions_client(void)
		2945	{
		2946	unsigned char *data = NULL;
		2947	SSL_CTX *ssl_ctx = NULL;
		2948	SSL *ssl = NULL;
		2949	int failure = 0;
		2950	size_t dlen;
		2951	int alert;
		2952	CBB cbb;
		2953	CBS cbs;
		2954
		2955	CBB_init(&cbb, 0);
		2956
		2957	if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
		2958	errx(1, "failed to create SSL_CTX");
		2959	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		2960	errx(1, "failed to create SSL");
		2961
		2962	S3I(ssl)->hs_tls13.max_version = 0;
		2963
		2964	if (tlsext_versions_client_needs(ssl)) {
		2965	FAIL("client should not need versions\n");
		2966	failure = 1;
		2967	goto done;
		2968	}
		2969
		2970	S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
		2971
		2972	if (tlsext_versions_client_needs(ssl)) {
		2973	FAIL("client should not need versions\n");
		2974	failure = 1;
		2975	goto done;
		2976	}
		2977
		2978	S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
		2979
		2980	if (!tlsext_versions_client_needs(ssl)) {
		2981	FAIL("client should need versions\n");
		2982	failure = 1;
		2983	goto done;
		2984	}
		2985
		2986	S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
		2987	S3I(ssl)->hs_tls13.min_version = 0;
		2988	if (tlsext_versions_client_build(ssl, &cbb)) {
		2989	FAIL("client should not have built versions\n");
		2990	failure = 1;
		2991	goto done;
		2992	}
		2993
		2994	S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
		2995	S3I(ssl)->hs_tls13.min_version = TLS1_VERSION;
		2996	if (!tlsext_versions_client_build(ssl, &cbb)) {
		2997	FAIL("client should have built versions\n");
		2998	failure = 1;
		2999	goto done;
		3000	}
		3001
		3002	if (!CBB_finish(&cbb, &data, &dlen)) {
		3003	FAIL("failed to finish CBB");
		3004	failure = 1;
		3005	goto done;
		3006	}
		3007
		3008	if (dlen != sizeof(tlsext_versions_client)) {
		3009	FAIL("got versions with length %zu, "
		3010	"want length %zu\n", dlen, (size_t) sizeof(tlsext_versions_client));
		3011	failure = 1;
		3012	goto done;
		3013	}
		3014
		3015	CBS_init(&cbs, tlsext_versions_client, sizeof(tlsext_versions_client));
		3016	if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) {
		3017	FAIL("failed to parse client versions\n");
		3018	failure = 1;
		3019	goto done;
		3020	}
		3021	if (CBS_len(&cbs) != 0) {
		3022	FAIL("extension data remaining");
		3023	failure = 1;
		3024	goto done;
		3025	}
		3026	done:
		3027	CBB_cleanup(&cbb);
		3028	SSL_CTX_free(ssl_ctx);
		3029	SSL_free(ssl);
		3030	free(data);
		3031
		3032	return (failure);
		3033	}
		3034
		3035	static unsigned char tlsext_keyshare_client[] = {
		3036	0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83,
		3037	0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70,
		3038	0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8,
		3039	0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57,
		3040	0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b,
		3041	};
		3042
		3043	static int
		3044	test_tlsext_keyshare_client(void)
		3045	{
		3046	unsigned char *data = NULL;
		3047	SSL_CTX *ssl_ctx = NULL;
		3048	SSL *ssl = NULL;
		3049	int failure = 0;
		3050	size_t dlen;
		3051	int alert;
		3052	CBB cbb;
		3053	CBS cbs;
		3054
		3055	CBB_init(&cbb, 0);
		3056
		3057	if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
		3058	errx(1, "failed to create SSL_CTX");
		3059	if ((ssl = SSL_new(ssl_ctx)) == NULL)
		3060	errx(1, "failed to create SSL");
		3061
		3062	S3I(ssl)->hs_tls13.max_version = 0;
		3063
		3064	if (tlsext_keyshare_client_needs(ssl)) {
		3065	FAIL("client should not need keyshare\n");
		3066	failure = 1;
		3067	goto done;
		3068	}
		3069
		3070	S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
		3071	if (tlsext_keyshare_client_needs(ssl)) {
		3072	FAIL("client should not need keyshare\n");
		3073	failure = 1;
		3074	goto done;
		3075	}
		3076
		3077	S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
		3078	if (!tlsext_keyshare_client_needs(ssl)) {
		3079	FAIL("client should need keyshare\n");
		3080	failure = 1;
		3081	goto done;
		3082	}
		3083
		3084	S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
		3085	if (!tlsext_keyshare_client_build(ssl, &cbb)) {
		3086	FAIL("client should have built keyshare\n");
		3087	failure = 1;
		3088	goto done;
		3089	}
		3090
		3091	if (!CBB_finish(&cbb, &data, &dlen)) {
		3092	FAIL("failed to finish CBB");
		3093	failure = 1;
		3094	goto done;
		3095	}
		3096
		3097	if (dlen != sizeof(tlsext_keyshare_client)) {
		3098	FAIL("got client sigalgs with length %zu, "
		3099	"want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
		3100	failure = 1;
		3101	goto done;
		3102	}
		3103
		3104	CBS_init(&cbs, tlsext_keyshare_client, sizeof(tlsext_keyshare_client));
		3105	if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) {
		3106	FAIL("failed to parse client keyshare\n");
		3107	failure = 1;
		3108	goto done;
		3109	}
		3110	if (CBS_len(&cbs) != 0) {
		3111	FAIL("extension data remaining");
		3112	failure = 1;
		3113	goto done;
		3114	}
		3115	done:
		3116	CBB_cleanup(&cbb);
		3117	SSL_CTX_free(ssl_ctx);
		3118	SSL_free(ssl);
		3119	free(data);
		3120
		3121	return (failure);
		3122	}
		3123
2937	int	3124	int
2938	main(int argc, char **argv)	3125	main(int argc, char **argv)
2939	{	3126	{
@@ -2966,6 +3153,10 @@ main(int argc, char **argv)
2966	failed \|= test_tlsext_sessionticket_client();	3153	failed \|= test_tlsext_sessionticket_client();
2967	failed \|= test_tlsext_sessionticket_server();	3154	failed \|= test_tlsext_sessionticket_server();
2968		3155
		3156	failed \|= test_tlsext_versions_client();
		3157
		3158	failed \|= test_tlsext_keyshare_client();
		3159
2969	#ifndef OPENSSL_NO_SRTP	3160	#ifndef OPENSSL_NO_SRTP
2970	failed \|= test_tlsext_srtp_client();	3161	failed \|= test_tlsext_srtp_client();
2971	failed \|= test_tlsext_srtp_server();	3162	failed \|= test_tlsext_srtp_server();