1*a75d20e9Sjsing /* $OpenBSD: clienttest.c,v 1.45 2024/08/31 12:47:24 jsing Exp $ */ 212237f1aSjsing /* 312237f1aSjsing * Copyright (c) 2015 Joel Sing <jsing@openbsd.org> 412237f1aSjsing * 512237f1aSjsing * Permission to use, copy, modify, and distribute this software for any 612237f1aSjsing * purpose with or without fee is hereby granted, provided that the above 712237f1aSjsing * copyright notice and this permission notice appear in all copies. 812237f1aSjsing * 912237f1aSjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 1012237f1aSjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 1112237f1aSjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 1212237f1aSjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 1312237f1aSjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 1412237f1aSjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 1512237f1aSjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 1612237f1aSjsing */ 1712237f1aSjsing 1812237f1aSjsing #include <openssl/ssl.h> 1912237f1aSjsing 2012237f1aSjsing #include <openssl/dtls1.h> 2112237f1aSjsing #include <openssl/ssl3.h> 2212237f1aSjsing 2312237f1aSjsing #include <err.h> 2412237f1aSjsing #include <stdio.h> 2512237f1aSjsing #include <string.h> 2612237f1aSjsing 2765ec708bSjsing #define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH) 2865ec708bSjsing #define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2) 2965ec708bSjsing #define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38) 3065ec708bSjsing 3165ec708bSjsing #define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) 3265ec708bSjsing #define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2) 3365ec708bSjsing #define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37) 3465ec708bSjsing 35c17c0b56Sjsing #define TLS13_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH) 36c17c0b56Sjsing #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2) 37c17c0b56Sjsing #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34) 38c17c0b56Sjsing #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69) 39b348069dStb #define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 198) 40b348069dStb #define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 112) 41c17c0b56Sjsing 42c17c0b56Sjsing #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000) 43c17c0b56Sjsing 44dc5a472fStb int tlsext_linearize_build_order(SSL *); 45dc5a472fStb 465d0fde75Sjsing static const uint8_t cipher_list_dtls1[] = { 47814614a5Sjsing 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 48814614a5Sjsing 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 49814614a5Sjsing 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 503ebd83e8Sjsing 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 5149341aafSjsing 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 5265ec708bSjsing }; 5312237f1aSjsing 545d0fde75Sjsing static const uint8_t client_hello_dtls1[] = { 5512237f1aSjsing 0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 564d1c7580Sjsing 0x00, 0x00, 0x00, 0x00, 0x74, 0x01, 0x00, 0x00, 574d1c7580Sjsing 0x68, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 584d1c7580Sjsing 0x68, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 5949341aafSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6049341aafSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6149341aafSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 6249341aafSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x26, 0xc0, 63814614a5Sjsing 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 64814614a5Sjsing 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 65814614a5Sjsing 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 663ebd83e8Sjsing 0x2f, 0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 6749341aafSjsing 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 684d1c7580Sjsing 0x18, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 694d1c7580Sjsing 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 704d1c7580Sjsing 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 714d1c7580Sjsing 0x00, 7212237f1aSjsing }; 7312237f1aSjsing 74865abbcbSjsing static const uint8_t cipher_list_dtls12_aes[] = { 75865abbcbSjsing 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 76865abbcbSjsing 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 77865abbcbSjsing 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 78689a9b7eSbeck 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 79689a9b7eSbeck 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 80689a9b7eSbeck 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 81689a9b7eSbeck 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 82689a9b7eSbeck 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 83689a9b7eSbeck 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 84689a9b7eSbeck 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 85865abbcbSjsing }; 86865abbcbSjsing 87865abbcbSjsing static const uint8_t cipher_list_dtls12_chacha[] = { 88865abbcbSjsing 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 89865abbcbSjsing 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 90865abbcbSjsing 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 91689a9b7eSbeck 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 92689a9b7eSbeck 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 93689a9b7eSbeck 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 94689a9b7eSbeck 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 95689a9b7eSbeck 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 96689a9b7eSbeck 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 97689a9b7eSbeck 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 98865abbcbSjsing }; 99865abbcbSjsing 100865abbcbSjsing static const uint8_t client_hello_dtls12[] = { 101865abbcbSjsing 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 102689a9b7eSbeck 0x00, 0x00, 0x00, 0x00, 0xba, 0x01, 0x00, 0x00, 103689a9b7eSbeck 0xae, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 104689a9b7eSbeck 0xae, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 105865abbcbSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 106865abbcbSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 107865abbcbSjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 108689a9b7eSbeck 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50, 0xc0, 109865abbcbSjsing 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 110865abbcbSjsing 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 111689a9b7eSbeck 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 112689a9b7eSbeck 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 113689a9b7eSbeck 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 114689a9b7eSbeck 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 115689a9b7eSbeck 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 116689a9b7eSbeck 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 117689a9b7eSbeck 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x12, 0xc0, 118689a9b7eSbeck 0x08, 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 0x01, 119b348069dStb 0x00, 0x00, 0x34, 0x00, 0x0a, 0x00, 0x0a, 0x00, 120b348069dStb 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 121b348069dStb 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 122689a9b7eSbeck 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 123689a9b7eSbeck 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 124689a9b7eSbeck 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 125689a9b7eSbeck 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 126865abbcbSjsing }; 127865abbcbSjsing 1285d0fde75Sjsing static const uint8_t cipher_list_tls10[] = { 129814614a5Sjsing 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 130814614a5Sjsing 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 131814614a5Sjsing 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 1323ebd83e8Sjsing 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 133c68c490cStb 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 134c68c490cStb 0x00, 0x0a, 0x00, 0xff, 13565ec708bSjsing }; 13665ec708bSjsing 1375d0fde75Sjsing static const uint8_t client_hello_tls10[] = { 138c68c490cStb 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00, 139c68c490cStb 0x6d, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 140e3d3a880Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 141e3d3a880Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 142e3d3a880Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 143c68c490cStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14, 14464de4177Stb 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 14564015f14Sjsing 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 14664015f14Sjsing 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 14764015f14Sjsing 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 148c68c490cStb 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 149c68c490cStb 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b, 150c68c490cStb 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 151c68c490cStb 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 152c68c490cStb 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 15312237f1aSjsing }; 15412237f1aSjsing 1555d0fde75Sjsing static const uint8_t cipher_list_tls11[] = { 156814614a5Sjsing 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 157814614a5Sjsing 0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 158814614a5Sjsing 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 1593ebd83e8Sjsing 0x00, 0x2f, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 160c68c490cStb 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 161c68c490cStb 0x00, 0x0a, 0x00, 0xff, 16265ec708bSjsing }; 16365ec708bSjsing 1645d0fde75Sjsing static const uint8_t client_hello_tls11[] = { 165c68c490cStb 0x16, 0x03, 0x01, 0x00, 0x71, 0x01, 0x00, 0x00, 166c68c490cStb 0x6d, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 167e3d3a880Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 168e3d3a880Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 169e3d3a880Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 170c68c490cStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x2c, 0xc0, 0x14, 171814614a5Sjsing 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85, 0x00, 0x88, 172814614a5Sjsing 0x00, 0x81, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13, 173814614a5Sjsing 0xc0, 0x09, 0x00, 0x33, 0x00, 0x45, 0x00, 0x2f, 1743ebd83e8Sjsing 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 0x00, 0x05, 175c68c490cStb 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x0a, 176c68c490cStb 0x00, 0xff, 0x01, 0x00, 0x00, 0x18, 0x00, 0x0b, 177c68c490cStb 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0a, 178c68c490cStb 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 179c68c490cStb 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 18012237f1aSjsing }; 18112237f1aSjsing 1825d0fde75Sjsing static const uint8_t cipher_list_tls12_aes[] = { 18365ec708bSjsing 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 184814614a5Sjsing 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 185814614a5Sjsing 0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 186689a9b7eSbeck 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 187689a9b7eSbeck 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 188689a9b7eSbeck 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 189689a9b7eSbeck 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 190689a9b7eSbeck 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 191689a9b7eSbeck 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 192689a9b7eSbeck 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 193689a9b7eSbeck 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 19465ec708bSjsing }; 19565ec708bSjsing 1965d0fde75Sjsing static const uint8_t cipher_list_tls12_chacha[] = { 197bb4b5974Sjsing 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 198bb4b5974Sjsing 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 199bb4b5974Sjsing 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 200689a9b7eSbeck 0x00, 0xc4, 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 201689a9b7eSbeck 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 202689a9b7eSbeck 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 203689a9b7eSbeck 0xc0, 0x09, 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 204689a9b7eSbeck 0x00, 0xbe, 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 205689a9b7eSbeck 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 206689a9b7eSbeck 0xc0, 0x07, 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 207689a9b7eSbeck 0x00, 0x16, 0x00, 0x0a, 0x00, 0xff, 208bb4b5974Sjsing }; 209bb4b5974Sjsing 2105d0fde75Sjsing static const uint8_t client_hello_tls12[] = { 211689a9b7eSbeck 0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00, 212689a9b7eSbeck 0xb3, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 213621a66e6Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 214621a66e6Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 215621a66e6Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 216689a9b7eSbeck 0x00, 0x00, 0x00, 0x00, 0x00, 0x56, 0xc0, 0x30, 2173e29903bSbeck 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 2183e29903bSbeck 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 219689a9b7eSbeck 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4, 220689a9b7eSbeck 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 221689a9b7eSbeck 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 222689a9b7eSbeck 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 223689a9b7eSbeck 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 224689a9b7eSbeck 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 225689a9b7eSbeck 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 226689a9b7eSbeck 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 227689a9b7eSbeck 0x00, 0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 228b348069dStb 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 229b348069dStb 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b, 230b348069dStb 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 231689a9b7eSbeck 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 232689a9b7eSbeck 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 233689a9b7eSbeck 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 234689a9b7eSbeck 0x02, 0x01, 0x02, 0x03, 23512237f1aSjsing }; 23612237f1aSjsing 237c17c0b56Sjsing static const uint8_t cipher_list_tls13_aes[] = { 238c17c0b56Sjsing 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 0xc0, 0x30, 239c17c0b56Sjsing 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 240c17c0b56Sjsing 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 241689a9b7eSbeck 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0x00, 0xc4, 242689a9b7eSbeck 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 243689a9b7eSbeck 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 244689a9b7eSbeck 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 245689a9b7eSbeck 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 246689a9b7eSbeck 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 247689a9b7eSbeck 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 248689a9b7eSbeck 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 249689a9b7eSbeck 0x00, 0x0a, 0x00, 0xff, 250c17c0b56Sjsing }; 251c17c0b56Sjsing 252c17c0b56Sjsing static const uint8_t cipher_list_tls13_chacha[] = { 253c17c0b56Sjsing 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 254c17c0b56Sjsing 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 255c17c0b56Sjsing 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 256689a9b7eSbeck 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 257689a9b7eSbeck 0x00, 0x88, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 258689a9b7eSbeck 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 259689a9b7eSbeck 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 260689a9b7eSbeck 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 261689a9b7eSbeck 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 262689a9b7eSbeck 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 263689a9b7eSbeck 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 264689a9b7eSbeck 0x00, 0x0a, 0x00, 0xff, 265c17c0b56Sjsing }; 266c17c0b56Sjsing 267c17c0b56Sjsing static const uint8_t client_hello_tls13[] = { 268689a9b7eSbeck 0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01, 269689a9b7eSbeck 0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 270c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 271c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 272c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 273c17c0b56Sjsing 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 274c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 275c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 276c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 277689a9b7eSbeck 0x00, 0x00, 0x00, 0x00, 0x00, 0x5c, 0x13, 0x03, 278c17c0b56Sjsing 0x13, 0x02, 0x13, 0x01, 0xcc, 0xa9, 0xcc, 0xa8, 279c17c0b56Sjsing 0xcc, 0xaa, 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 280c17c0b56Sjsing 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 281689a9b7eSbeck 0x00, 0x6b, 0x00, 0x39, 0x00, 0xc4, 0x00, 0x88, 282689a9b7eSbeck 0x00, 0x81, 0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 283689a9b7eSbeck 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 284689a9b7eSbeck 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 285689a9b7eSbeck 0x00, 0x9e, 0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 286689a9b7eSbeck 0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 287689a9b7eSbeck 0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07, 288689a9b7eSbeck 0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 289689a9b7eSbeck 0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b, 290689a9b7eSbeck 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00, 291689a9b7eSbeck 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 292b348069dStb 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x33, 0x00, 293b348069dStb 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00, 294b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 295b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 296b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 297b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 298b348069dStb 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 299689a9b7eSbeck 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 300689a9b7eSbeck 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 301689a9b7eSbeck 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 302689a9b7eSbeck 0x03, 0x02, 0x01, 0x02, 0x03, 303c17c0b56Sjsing }; 304c17c0b56Sjsing 305c17c0b56Sjsing static const uint8_t cipher_list_tls13_only_aes[] = { 306c17c0b56Sjsing 0x13, 0x02, 0x13, 0x03, 0x13, 0x01, 307c17c0b56Sjsing }; 308c17c0b56Sjsing 309c17c0b56Sjsing static const uint8_t cipher_list_tls13_only_chacha[] = { 310c17c0b56Sjsing 0x13, 0x03, 0x13, 0x02, 0x13, 0x01, 311c17c0b56Sjsing }; 312c17c0b56Sjsing 313c17c0b56Sjsing static const uint8_t client_hello_tls13_only[] = { 314c17c0b56Sjsing 0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00, 315c17c0b56Sjsing 0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 316c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 317c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 318c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 319c17c0b56Sjsing 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 320c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 321c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 322c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 323c17c0b56Sjsing 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03, 324c17c0b56Sjsing 0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00, 325c17c0b56Sjsing 0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 326b348069dStb 0x04, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 327c17c0b56Sjsing 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 328b348069dStb 0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 329b348069dStb 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 330b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 331b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 332b348069dStb 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 333b348069dStb 0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 334c17c0b56Sjsing 0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 335c17c0b56Sjsing 0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 336c17c0b56Sjsing 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 337c17c0b56Sjsing 0x01, 0x04, 0x03, 338c17c0b56Sjsing }; 339c17c0b56Sjsing 34012237f1aSjsing struct client_hello_test { 341865abbcbSjsing const char *desc; 34265ec708bSjsing const int protocol; 34312237f1aSjsing const size_t random_start; 344c17c0b56Sjsing const size_t session_start; 345c17c0b56Sjsing const size_t key_share_start; 34612237f1aSjsing const SSL_METHOD *(*ssl_method)(void); 34712237f1aSjsing const long ssl_options; 3482decde2cStb int connect_fails; 34912237f1aSjsing }; 35012237f1aSjsing 351c17c0b56Sjsing static const struct client_hello_test client_hello_tests[] = { 35212237f1aSjsing { 353865abbcbSjsing .desc = "DTLSv1 client method", 35465ec708bSjsing .protocol = DTLS1_VERSION, 35512237f1aSjsing .random_start = DTLS_RANDOM_OFFSET, 35612237f1aSjsing .ssl_method = DTLSv1_client_method, 3572decde2cStb .connect_fails = 1, 35812237f1aSjsing }, 35912237f1aSjsing { 360865abbcbSjsing .desc = "DTLSv1.2 client method", 361865abbcbSjsing .protocol = DTLS1_2_VERSION, 362865abbcbSjsing .random_start = DTLS_RANDOM_OFFSET, 363865abbcbSjsing .ssl_method = DTLSv1_2_client_method, 364865abbcbSjsing }, 365865abbcbSjsing { 366865abbcbSjsing .desc = "DTLS client method", 367865abbcbSjsing .protocol = DTLS1_2_VERSION, 368865abbcbSjsing .random_start = DTLS_RANDOM_OFFSET, 369865abbcbSjsing .ssl_method = DTLS_client_method, 370865abbcbSjsing }, 371865abbcbSjsing { 372865abbcbSjsing .desc = "DTLS client method (no DTLSv1.2)", 373865abbcbSjsing .protocol = DTLS1_VERSION, 374865abbcbSjsing .random_start = DTLS_RANDOM_OFFSET, 375865abbcbSjsing .ssl_method = DTLS_client_method, 376865abbcbSjsing .ssl_options = SSL_OP_NO_DTLSv1_2, 3772decde2cStb .connect_fails = 1, 378865abbcbSjsing }, 379865abbcbSjsing { 380865abbcbSjsing .desc = "DTLS client method (no DTLSv1.0)", 381865abbcbSjsing .protocol = DTLS1_2_VERSION, 382865abbcbSjsing .random_start = DTLS_RANDOM_OFFSET, 383865abbcbSjsing .ssl_method = DTLS_client_method, 384865abbcbSjsing .ssl_options = SSL_OP_NO_DTLSv1, 385865abbcbSjsing }, 386865abbcbSjsing { 387865abbcbSjsing .desc = "TLSv1 client method", 38865ec708bSjsing .protocol = TLS1_VERSION, 38912237f1aSjsing .random_start = SSL3_RANDOM_OFFSET, 39012237f1aSjsing .ssl_method = TLSv1_client_method, 3912decde2cStb .connect_fails = 1, 39212237f1aSjsing }, 39312237f1aSjsing { 394865abbcbSjsing .desc = "TLSv1_1 client method", 39565ec708bSjsing .protocol = TLS1_1_VERSION, 39612237f1aSjsing .random_start = SSL3_RANDOM_OFFSET, 39712237f1aSjsing .ssl_method = TLSv1_1_client_method, 3982decde2cStb .connect_fails = 1, 39912237f1aSjsing }, 40012237f1aSjsing { 401865abbcbSjsing .desc = "TLSv1_2 client method", 40265ec708bSjsing .protocol = TLS1_2_VERSION, 40312237f1aSjsing .random_start = SSL3_RANDOM_OFFSET, 40412237f1aSjsing .ssl_method = TLSv1_2_client_method, 40512237f1aSjsing }, 40612237f1aSjsing { 40712237f1aSjsing .desc = "SSLv23 default", 408a7a6ad09Sjsing .protocol = TLS1_3_VERSION, 409c17c0b56Sjsing .random_start = TLS13_RANDOM_OFFSET, 410c17c0b56Sjsing .session_start = TLS13_SESSION_OFFSET, 411c17c0b56Sjsing .key_share_start = TLS13_KEY_SHARE_OFFSET, 41212237f1aSjsing .ssl_method = SSLv23_client_method, 41312237f1aSjsing .ssl_options = 0, 41412237f1aSjsing }, 415a7a6ad09Sjsing { 416a7a6ad09Sjsing .desc = "SSLv23 default (no TLSv1.3)", 417a7a6ad09Sjsing .protocol = TLS1_2_VERSION, 418a7a6ad09Sjsing .random_start = SSL3_RANDOM_OFFSET, 419a7a6ad09Sjsing .ssl_method = SSLv23_client_method, 420a7a6ad09Sjsing .ssl_options = SSL_OP_NO_TLSv1_3, 421a7a6ad09Sjsing }, 42212237f1aSjsing { 42312237f1aSjsing .desc = "SSLv23 (no TLSv1.2)", 4242decde2cStb .protocol = TLS1_3_VERSION_ONLY, 4252decde2cStb .random_start = TLS13_RANDOM_OFFSET, 4262decde2cStb .session_start = TLS13_SESSION_OFFSET, 4272decde2cStb .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET, 42812237f1aSjsing .ssl_method = SSLv23_client_method, 42912237f1aSjsing .ssl_options = SSL_OP_NO_TLSv1_2, 43012237f1aSjsing }, 43112237f1aSjsing { 43212237f1aSjsing .desc = "SSLv23 (no TLSv1.1)", 4332decde2cStb .protocol = TLS1_3_VERSION, 4342decde2cStb .random_start = TLS13_RANDOM_OFFSET, 4352decde2cStb .session_start = TLS13_SESSION_OFFSET, 4362decde2cStb .key_share_start = TLS13_KEY_SHARE_OFFSET, 43712237f1aSjsing .ssl_method = SSLv23_client_method, 43812237f1aSjsing .ssl_options = SSL_OP_NO_TLSv1_1, 43912237f1aSjsing }, 44012237f1aSjsing { 44112237f1aSjsing .desc = "TLS default", 442a7a6ad09Sjsing .protocol = TLS1_3_VERSION, 443c17c0b56Sjsing .random_start = TLS13_RANDOM_OFFSET, 444c17c0b56Sjsing .session_start = TLS13_SESSION_OFFSET, 445c17c0b56Sjsing .key_share_start = TLS13_KEY_SHARE_OFFSET, 44612237f1aSjsing .ssl_method = TLS_client_method, 44712237f1aSjsing .ssl_options = 0, 44812237f1aSjsing }, 449a7a6ad09Sjsing { 450a7a6ad09Sjsing .desc = "TLS (no TLSv1.3)", 451a7a6ad09Sjsing .protocol = TLS1_2_VERSION, 452a7a6ad09Sjsing .random_start = SSL3_RANDOM_OFFSET, 453a7a6ad09Sjsing .ssl_method = TLS_client_method, 454a7a6ad09Sjsing .ssl_options = SSL_OP_NO_TLSv1_3, 455a7a6ad09Sjsing }, 45612237f1aSjsing { 45712237f1aSjsing .desc = "TLS (no TLSv1.2)", 4582decde2cStb .protocol = TLS1_3_VERSION_ONLY, 4592decde2cStb .random_start = TLS13_RANDOM_OFFSET, 4602decde2cStb .session_start = TLS13_SESSION_OFFSET, 4612decde2cStb .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET, 46212237f1aSjsing .ssl_method = TLS_client_method, 46312237f1aSjsing .ssl_options = SSL_OP_NO_TLSv1_2, 46412237f1aSjsing }, 46512237f1aSjsing { 46612237f1aSjsing .desc = "TLS (no TLSv1.1)", 4672decde2cStb .protocol = TLS1_3_VERSION, 4682decde2cStb .random_start = TLS13_RANDOM_OFFSET, 4692decde2cStb .session_start = TLS13_SESSION_OFFSET, 4702decde2cStb .key_share_start = TLS13_KEY_SHARE_OFFSET, 47112237f1aSjsing .ssl_method = TLS_client_method, 47212237f1aSjsing .ssl_options = SSL_OP_NO_TLSv1_1, 47312237f1aSjsing }, 474a7a6ad09Sjsing #if 0 475c17c0b56Sjsing /* XXX - build client hello with explicit versions extension. */ 47612237f1aSjsing { 47712237f1aSjsing .desc = "TLS (no TLSv1.0, no TLSv1.1)", 478a7a6ad09Sjsing .protocol = TLS1_3_VERSION, 479c17c0b56Sjsing .random_start = TLS13_RANDOM_OFFSET, 480c17c0b56Sjsing .session_start = TLS13_SESSION_OFFSET, 481c17c0b56Sjsing .key_share_start = TLS13_KEY_SHARE_OFFSET, 48212237f1aSjsing .ssl_method = TLS_client_method, 48312237f1aSjsing .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1, 48412237f1aSjsing }, 485a7a6ad09Sjsing #endif 486a7a6ad09Sjsing { 487a7a6ad09Sjsing .desc = "TLS (no TLSv1.0, no TLSv1.1, no TLSv1.2)", 488c17c0b56Sjsing .protocol = TLS1_3_VERSION_ONLY, 489c17c0b56Sjsing .random_start = TLS13_RANDOM_OFFSET, 490c17c0b56Sjsing .session_start = TLS13_SESSION_OFFSET, 491c17c0b56Sjsing .key_share_start = TLS13_ONLY_KEY_SHARE_OFFSET, 492a7a6ad09Sjsing .ssl_method = TLS_client_method, 493a7a6ad09Sjsing .ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2, 494a7a6ad09Sjsing }, 49512237f1aSjsing }; 49612237f1aSjsing 49712237f1aSjsing #define N_CLIENT_HELLO_TESTS \ 49812237f1aSjsing (sizeof(client_hello_tests) / sizeof(*client_hello_tests)) 49912237f1aSjsing 50012237f1aSjsing static void 50159dbf68fSjsing hexdump(const uint8_t *buf, size_t len, const uint8_t *compare) 50212237f1aSjsing { 50359dbf68fSjsing const char *mark = ""; 50412237f1aSjsing size_t i; 50512237f1aSjsing 50659dbf68fSjsing for (i = 1; i <= len; i++) { 50759dbf68fSjsing if (compare != NULL) 50859dbf68fSjsing mark = (buf[i - 1] != compare[i - 1]) ? "*" : " "; 50959dbf68fSjsing fprintf(stderr, " %s0x%02hhx,%s", mark, buf[i - 1], 51059dbf68fSjsing i % 8 && i != len ? "" : "\n"); 51159dbf68fSjsing } 51212237f1aSjsing fprintf(stderr, "\n"); 51312237f1aSjsing } 51412237f1aSjsing 51565ec708bSjsing static inline int 51665ec708bSjsing ssl_aes_is_accelerated(void) 51765ec708bSjsing { 518*a75d20e9Sjsing return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0; 51965ec708bSjsing } 52065ec708bSjsing 52165ec708bSjsing static int 52265ec708bSjsing make_client_hello(int protocol, char **out, size_t *outlen) 52365ec708bSjsing { 52465ec708bSjsing size_t client_hello_len, cipher_list_len, cipher_list_offset; 5255d0fde75Sjsing const uint8_t *client_hello, *cipher_list; 52665ec708bSjsing char *p; 52765ec708bSjsing 52865ec708bSjsing *out = NULL; 52965ec708bSjsing *outlen = 0; 53065ec708bSjsing 53165ec708bSjsing switch (protocol) { 53265ec708bSjsing case DTLS1_VERSION: 53365ec708bSjsing client_hello = client_hello_dtls1; 53465ec708bSjsing client_hello_len = sizeof(client_hello_dtls1); 53565ec708bSjsing cipher_list = cipher_list_dtls1; 53665ec708bSjsing cipher_list_len = sizeof(cipher_list_dtls1); 53765ec708bSjsing cipher_list_offset = DTLS_CIPHER_OFFSET; 53865ec708bSjsing break; 53965ec708bSjsing 540865abbcbSjsing case DTLS1_2_VERSION: 541865abbcbSjsing client_hello = client_hello_dtls12; 542865abbcbSjsing client_hello_len = sizeof(client_hello_dtls12); 543865abbcbSjsing cipher_list = cipher_list_dtls12_chacha; 544865abbcbSjsing cipher_list_len = sizeof(cipher_list_dtls12_chacha); 545865abbcbSjsing if (ssl_aes_is_accelerated()) { 546865abbcbSjsing cipher_list = cipher_list_dtls12_aes; 547865abbcbSjsing cipher_list_len = sizeof(cipher_list_dtls12_aes); 548865abbcbSjsing } 549865abbcbSjsing cipher_list_offset = DTLS_CIPHER_OFFSET; 550865abbcbSjsing break; 551865abbcbSjsing 55265ec708bSjsing case TLS1_VERSION: 55365ec708bSjsing client_hello = client_hello_tls10; 55465ec708bSjsing client_hello_len = sizeof(client_hello_tls10); 55565ec708bSjsing cipher_list = cipher_list_tls10; 55665ec708bSjsing cipher_list_len = sizeof(cipher_list_tls10); 55765ec708bSjsing cipher_list_offset = SSL3_CIPHER_OFFSET; 55865ec708bSjsing break; 55965ec708bSjsing 56065ec708bSjsing case TLS1_1_VERSION: 56165ec708bSjsing client_hello = client_hello_tls11; 56265ec708bSjsing client_hello_len = sizeof(client_hello_tls11); 56365ec708bSjsing cipher_list = cipher_list_tls11; 56465ec708bSjsing cipher_list_len = sizeof(cipher_list_tls11); 56565ec708bSjsing cipher_list_offset = SSL3_CIPHER_OFFSET; 56665ec708bSjsing break; 56765ec708bSjsing 56865ec708bSjsing case TLS1_2_VERSION: 56965ec708bSjsing client_hello = client_hello_tls12; 57065ec708bSjsing client_hello_len = sizeof(client_hello_tls12); 57165ec708bSjsing cipher_list = cipher_list_tls12_chacha; 57265ec708bSjsing cipher_list_len = sizeof(cipher_list_tls12_chacha); 573159b0cbcSjsing if (ssl_aes_is_accelerated()) { 574159b0cbcSjsing cipher_list = cipher_list_tls12_aes; 575159b0cbcSjsing cipher_list_len = sizeof(cipher_list_tls12_aes); 576159b0cbcSjsing } 57765ec708bSjsing cipher_list_offset = SSL3_CIPHER_OFFSET; 57865ec708bSjsing break; 57965ec708bSjsing 580c17c0b56Sjsing case TLS1_3_VERSION: 581c17c0b56Sjsing client_hello = client_hello_tls13; 582c17c0b56Sjsing client_hello_len = sizeof(client_hello_tls13); 583c17c0b56Sjsing cipher_list = cipher_list_tls13_chacha; 584c17c0b56Sjsing cipher_list_len = sizeof(cipher_list_tls13_chacha); 585c17c0b56Sjsing if (ssl_aes_is_accelerated()) { 586c17c0b56Sjsing cipher_list = cipher_list_tls13_aes; 587c17c0b56Sjsing cipher_list_len = sizeof(cipher_list_tls13_aes); 588c17c0b56Sjsing } 589c17c0b56Sjsing cipher_list_offset = TLS13_CIPHER_OFFSET; 590c17c0b56Sjsing break; 591c17c0b56Sjsing 592c17c0b56Sjsing case TLS1_3_VERSION_ONLY: 593c17c0b56Sjsing client_hello = client_hello_tls13_only; 594c17c0b56Sjsing client_hello_len = sizeof(client_hello_tls13_only); 595c17c0b56Sjsing cipher_list = cipher_list_tls13_only_chacha; 596c17c0b56Sjsing cipher_list_len = sizeof(cipher_list_tls13_only_chacha); 597c17c0b56Sjsing if (ssl_aes_is_accelerated()) { 598c17c0b56Sjsing cipher_list = cipher_list_tls13_only_aes; 599c17c0b56Sjsing cipher_list_len = sizeof(cipher_list_tls13_only_aes); 600c17c0b56Sjsing } 601c17c0b56Sjsing cipher_list_offset = TLS13_CIPHER_OFFSET; 602c17c0b56Sjsing break; 603c17c0b56Sjsing 60465ec708bSjsing default: 60565ec708bSjsing return (-1); 60665ec708bSjsing } 60765ec708bSjsing 60865ec708bSjsing if ((p = malloc(client_hello_len)) == NULL) 60965ec708bSjsing return (-1); 61065ec708bSjsing 61165ec708bSjsing memcpy(p, client_hello, client_hello_len); 61265ec708bSjsing memcpy(p + cipher_list_offset, cipher_list, cipher_list_len); 61365ec708bSjsing 61465ec708bSjsing *out = p; 61565ec708bSjsing *outlen = client_hello_len; 61665ec708bSjsing 61765ec708bSjsing return (0); 61865ec708bSjsing } 61965ec708bSjsing 62012237f1aSjsing static int 6215d0fde75Sjsing client_hello_test(int testno, const struct client_hello_test *cht) 62212237f1aSjsing { 62312237f1aSjsing BIO *rbio = NULL, *wbio = NULL; 62412237f1aSjsing SSL_CTX *ssl_ctx = NULL; 62512237f1aSjsing SSL *ssl = NULL; 62665ec708bSjsing char *client_hello = NULL; 62765ec708bSjsing size_t client_hello_len; 628c17c0b56Sjsing size_t session_len; 62912237f1aSjsing char *wbuf, rbuf[1]; 63012237f1aSjsing int ret = 1; 63112237f1aSjsing long len; 63212237f1aSjsing 633c0a6a244Stb fprintf(stderr, "Test %d - %s\n", testno, cht->desc); 63412237f1aSjsing 63512237f1aSjsing /* Providing a small buf causes *_get_server_hello() to return. */ 63612237f1aSjsing if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) { 63712237f1aSjsing fprintf(stderr, "Failed to setup rbio\n"); 63812237f1aSjsing goto failure; 63912237f1aSjsing } 64012237f1aSjsing if ((wbio = BIO_new(BIO_s_mem())) == NULL) { 64112237f1aSjsing fprintf(stderr, "Failed to setup wbio\n"); 64212237f1aSjsing goto failure; 64312237f1aSjsing } 64412237f1aSjsing 64512237f1aSjsing if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) { 64612237f1aSjsing fprintf(stderr, "SSL_CTX_new() returned NULL\n"); 64712237f1aSjsing goto failure; 64812237f1aSjsing } 64912237f1aSjsing 65012237f1aSjsing SSL_CTX_set_options(ssl_ctx, cht->ssl_options); 65112237f1aSjsing 65212237f1aSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) { 65312237f1aSjsing fprintf(stderr, "SSL_new() returned NULL\n"); 65412237f1aSjsing goto failure; 65512237f1aSjsing } 65612237f1aSjsing 657dc5a472fStb if (!tlsext_linearize_build_order(ssl)) { 658dc5a472fStb fprintf(stderr, "failed to linearize build order"); 659dc5a472fStb goto failure; 660dc5a472fStb } 661dc5a472fStb 66233d8b74dStb BIO_up_ref(rbio); 66333d8b74dStb BIO_up_ref(wbio); 66412237f1aSjsing SSL_set_bio(ssl, rbio, wbio); 66512237f1aSjsing 66612237f1aSjsing if (SSL_connect(ssl) != 0) { 6672decde2cStb if (cht->connect_fails) 6682decde2cStb goto done; 66912237f1aSjsing fprintf(stderr, "SSL_connect() returned non-zero\n"); 67012237f1aSjsing goto failure; 67112237f1aSjsing } 67212237f1aSjsing 67312237f1aSjsing len = BIO_get_mem_data(wbio, &wbuf); 67412237f1aSjsing 67565ec708bSjsing if (make_client_hello(cht->protocol, &client_hello, 67665ec708bSjsing &client_hello_len) != 0) 677e5196d4cSjsing errx(1, "failed to make client hello"); 67865ec708bSjsing 67965ec708bSjsing if ((size_t)len != client_hello_len) { 680c0a6a244Stb fprintf(stderr, "FAIL: test returned ClientHello length %ld, " 68165ec708bSjsing "want %zu\n", len, client_hello_len); 68212237f1aSjsing fprintf(stderr, "received:\n"); 68359dbf68fSjsing hexdump(wbuf, len, NULL); 6840b99520dSjsing fprintf(stderr, "test data:\n"); 68559dbf68fSjsing hexdump(client_hello, client_hello_len, NULL); 6860b99520dSjsing fprintf(stderr, "\n"); 68712237f1aSjsing goto failure; 68812237f1aSjsing } 68912237f1aSjsing 69065ec708bSjsing /* We expect the client random to differ. */ 6913476108aSjsing if (memcmp(&client_hello[cht->random_start], &wbuf[cht->random_start], 6923476108aSjsing SSL3_RANDOM_SIZE) == 0) { 6933476108aSjsing fprintf(stderr, "FAIL: ClientHello has zeroed random\n"); 6943476108aSjsing goto failure; 6953476108aSjsing } 6963476108aSjsing 6973476108aSjsing memset(&wbuf[cht->random_start], 0, SSL3_RANDOM_SIZE); 6983476108aSjsing 699c17c0b56Sjsing if (cht->session_start > 0) { 700c17c0b56Sjsing session_len = wbuf[cht->session_start]; 701c17c0b56Sjsing if (session_len > 0) 702c17c0b56Sjsing memset(&wbuf[cht->session_start + 1], 0, session_len); 703c17c0b56Sjsing } 704c17c0b56Sjsing if (cht->key_share_start > 0) 705c17c0b56Sjsing memset(&wbuf[cht->key_share_start], 0, 32); 706c17c0b56Sjsing 7073476108aSjsing if (memcmp(client_hello, wbuf, client_hello_len) != 0) { 70812237f1aSjsing fprintf(stderr, "FAIL: ClientHello differs:\n"); 70912237f1aSjsing fprintf(stderr, "received:\n"); 71059dbf68fSjsing hexdump(wbuf, len, client_hello); 71112237f1aSjsing fprintf(stderr, "test data:\n"); 71259dbf68fSjsing hexdump(client_hello, client_hello_len, wbuf); 71312237f1aSjsing fprintf(stderr, "\n"); 71412237f1aSjsing goto failure; 71512237f1aSjsing } 71612237f1aSjsing 7172decde2cStb done: 71812237f1aSjsing ret = 0; 71912237f1aSjsing 72012237f1aSjsing failure: 72112237f1aSjsing SSL_CTX_free(ssl_ctx); 72212237f1aSjsing SSL_free(ssl); 72312237f1aSjsing 72412237f1aSjsing BIO_free(rbio); 72512237f1aSjsing BIO_free(wbio); 72612237f1aSjsing 727d5572187Stb free(client_hello); 72865ec708bSjsing 72912237f1aSjsing return (ret); 73012237f1aSjsing } 73112237f1aSjsing 73212237f1aSjsing int 73312237f1aSjsing main(int argc, char **argv) 73412237f1aSjsing { 73512237f1aSjsing int failed = 0; 73612237f1aSjsing size_t i; 73712237f1aSjsing 73812237f1aSjsing SSL_library_init(); 73912237f1aSjsing 74012237f1aSjsing for (i = 0; i < N_CLIENT_HELLO_TESTS; i++) 74112237f1aSjsing failed |= client_hello_test(i, &client_hello_tests[i]); 74212237f1aSjsing 74312237f1aSjsing return (failed); 74412237f1aSjsing } 745