1*9b9a8f8cStb /* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */ 29e5cc899Sjsing /* 39e5cc899Sjsing * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 4d662984cSjsing * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 58c287c71Sbeck * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 64c94b8b6Stb * Copyright (c) 2022 Theo Buehler <tb@openbsd.org> 79e5cc899Sjsing * 89e5cc899Sjsing * Permission to use, copy, modify, and distribute this software for any 99e5cc899Sjsing * purpose with or without fee is hereby granted, provided that the above 109e5cc899Sjsing * copyright notice and this permission notice appear in all copies. 119e5cc899Sjsing * 129e5cc899Sjsing * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 139e5cc899Sjsing * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 149e5cc899Sjsing * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 159e5cc899Sjsing * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 169e5cc899Sjsing * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 179e5cc899Sjsing * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 189e5cc899Sjsing * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 199e5cc899Sjsing */ 209e5cc899Sjsing 219e5cc899Sjsing #include <err.h> 229e5cc899Sjsing 23e3ef6fffStb #include <openssl/tls1.h> 24e3ef6fffStb 25c9675a23Stb #include "ssl_local.h" 269e5cc899Sjsing 279e5cc899Sjsing #include "bytestring.h" 289e5cc899Sjsing #include "ssl_tlsext.h" 299e5cc899Sjsing 30e3ef6fffStb struct tls_extension_funcs { 31e3ef6fffStb int (*needs)(SSL *s, uint16_t msg_type); 32e3ef6fffStb int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); 33c8946a7fSjsing int (*process)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); 34e3ef6fffStb }; 35e3ef6fffStb 36f313d342Stb uint16_t tls_extension_type(const struct tls_extension *); 37e3ef6fffStb const struct tls_extension *tls_extension_find(uint16_t, size_t *); 38e3ef6fffStb const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *, 39e3ef6fffStb int); 40dc5a472fStb int tlsext_linearize_build_order(SSL *); 41e3ef6fffStb 4227d3e8adStb static int 4327d3e8adStb tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs, 4427d3e8adStb const struct tls_extension_funcs **server_funcs) 45e3ef6fffStb { 46e3ef6fffStb const struct tls_extension *ext; 47e3ef6fffStb size_t idx; 48e3ef6fffStb 49e3ef6fffStb if ((ext = tls_extension_find(type, &idx)) == NULL) 50e3ef6fffStb return 0; 51e3ef6fffStb 5227d3e8adStb if ((*client_funcs = tlsext_funcs(ext, 0)) == NULL) 53e3ef6fffStb return 0; 54e3ef6fffStb 5527d3e8adStb if ((*server_funcs = tlsext_funcs(ext, 1)) == NULL) 56e3ef6fffStb return 0; 57e3ef6fffStb 5827d3e8adStb return 1; 59e3ef6fffStb } 60e3ef6fffStb 619e5cc899Sjsing static void 629e5cc899Sjsing hexdump(const unsigned char *buf, size_t len) 639e5cc899Sjsing { 649e5cc899Sjsing size_t i; 659e5cc899Sjsing 669e5cc899Sjsing for (i = 1; i <= len; i++) 679e5cc899Sjsing fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); 689e5cc899Sjsing 699e5cc899Sjsing fprintf(stderr, "\n"); 709e5cc899Sjsing } 719e5cc899Sjsing 726a5d314dSdoug static void 73e6762581Sdoug hexdump2(const uint16_t *buf, size_t len) 74e6762581Sdoug { 75e6762581Sdoug size_t i; 76e6762581Sdoug 77e6762581Sdoug for (i = 1; i <= len / 2; i++) 78e6762581Sdoug fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n"); 79e6762581Sdoug 80e6762581Sdoug fprintf(stderr, "\n"); 81e6762581Sdoug } 82e6762581Sdoug 83e6762581Sdoug static void 846a5d314dSdoug compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect, 856a5d314dSdoug size_t expect_len) 866a5d314dSdoug { 876a5d314dSdoug fprintf(stderr, "received:\n"); 886a5d314dSdoug hexdump(recv, recv_len); 896a5d314dSdoug 906a5d314dSdoug fprintf(stderr, "test data:\n"); 916a5d314dSdoug hexdump(expect, expect_len); 926a5d314dSdoug } 936a5d314dSdoug 94e6762581Sdoug static void 95e6762581Sdoug compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect, 96e6762581Sdoug size_t expect_len) 97e6762581Sdoug { 98e6762581Sdoug fprintf(stderr, "received:\n"); 99e6762581Sdoug hexdump2(recv, recv_len); 100e6762581Sdoug 101e6762581Sdoug fprintf(stderr, "test data:\n"); 102e6762581Sdoug hexdump2(expect, expect_len); 103e6762581Sdoug } 104e6762581Sdoug 1056a5d314dSdoug #define FAIL(msg, ...) \ 1066a5d314dSdoug do { \ 1076a5d314dSdoug fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \ 1086a5d314dSdoug fprintf(stderr, msg, ##__VA_ARGS__); \ 1096a5d314dSdoug } while(0) 1106a5d314dSdoug 1115a5873bbSjsing /* 112f5443466Sdoug * Supported Application-Layer Protocol Negotiation - RFC 7301 113f5443466Sdoug * 114f5443466Sdoug * There are already extensive unit tests for this so this just 115f5443466Sdoug * tests the state info. 116f5443466Sdoug */ 117f5443466Sdoug 118f5443466Sdoug const uint8_t tlsext_alpn_multiple_protos_val[] = { 119f5443466Sdoug /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 120f5443466Sdoug 0x08, /* len */ 121f5443466Sdoug 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 122f5443466Sdoug /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */ 123f5443466Sdoug 0x09, /* len */ 124f5443466Sdoug 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e 125f5443466Sdoug }; 126f5443466Sdoug 127f5443466Sdoug const uint8_t tlsext_alpn_multiple_protos[] = { 128f5443466Sdoug /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */ 129f5443466Sdoug 0x00, 0x13, /* len of all names */ 130f5443466Sdoug /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 131f5443466Sdoug 0x08, /* len */ 132f5443466Sdoug 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 133f5443466Sdoug /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */ 134f5443466Sdoug 0x09, /* len */ 135f5443466Sdoug 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e 136f5443466Sdoug }; 137f5443466Sdoug 138f5443466Sdoug const uint8_t tlsext_alpn_single_proto_val[] = { 139f5443466Sdoug /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 140f5443466Sdoug 0x08, /* len */ 141f5443466Sdoug 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 142f5443466Sdoug }; 143f5443466Sdoug 144f5443466Sdoug const uint8_t tlsext_alpn_single_proto_name[] = { 145f5443466Sdoug 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */ 146f5443466Sdoug }; 147f5443466Sdoug 148f5443466Sdoug const uint8_t tlsext_alpn_single_proto[] = { 149f5443466Sdoug /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */ 150f5443466Sdoug 0x00, 0x09, /* len of all names */ 151f5443466Sdoug /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 152f5443466Sdoug 0x08, /* len */ 153f5443466Sdoug 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 154f5443466Sdoug }; 155f5443466Sdoug 156e3ef6fffStb #define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation 157e3ef6fffStb 158f5443466Sdoug static int 159cd527692Sjsing test_tlsext_alpn_client(void) 160f5443466Sdoug { 161f5443466Sdoug SSL_CTX *ssl_ctx = NULL; 162f5443466Sdoug SSL *ssl = NULL; 16327d3e8adStb const struct tls_extension_funcs *client_funcs; 16427d3e8adStb const struct tls_extension_funcs *server_funcs; 165f5443466Sdoug uint8_t *data = NULL; 166f5443466Sdoug CBB cbb; 167f5443466Sdoug CBS cbs; 168f5443466Sdoug int failure, alert; 169f5443466Sdoug size_t dlen; 170f5443466Sdoug 17112e31becStb failure = 1; 17212e31becStb 17368934fd7Stb if (!CBB_init(&cbb, 0)) 17468934fd7Stb errx(1, "Failed to create CBB"); 175f5443466Sdoug 176f5443466Sdoug if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 177f5443466Sdoug errx(1, "failed to create SSL_CTX"); 178f5443466Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 179f5443466Sdoug errx(1, "failed to create SSL"); 180f5443466Sdoug 18127d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs)) 18227d3e8adStb errx(1, "failed to fetch ALPN funcs"); 18327d3e8adStb 184f5443466Sdoug /* By default, we don't need this */ 18527d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 1862628ace5Stb FAIL("client should not need ALPN by default\n"); 187f5443466Sdoug goto err; 188f5443466Sdoug } 189f5443466Sdoug 190f5443466Sdoug /* 191f5443466Sdoug * Prereqs: 1921ce7ecd4Sjsing * 1) Set s->alpn_client_proto_list 193f5443466Sdoug * - Using SSL_set_alpn_protos() 194f5443466Sdoug * 2) We have not finished or renegotiated. 195f315d677Sjsing * - s->s3->tmp.finish_md_len == 0 196f5443466Sdoug */ 197f5443466Sdoug if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, 198f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)) != 0) { 1992628ace5Stb FAIL("should be able to set ALPN to http/1.1\n"); 200f5443466Sdoug goto err; 201f5443466Sdoug } 20227d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 203e3ef6fffStb FAIL("client should need ALPN by default\n"); 204f5443466Sdoug goto err; 205f5443466Sdoug } 206f5443466Sdoug 207cd527692Sjsing /* Make sure we can build the client with a single proto. */ 208f5443466Sdoug 20927d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 210cd527692Sjsing FAIL("client failed to build ALPN\n"); 211f5443466Sdoug goto err; 212f5443466Sdoug } 213f5443466Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 214d5ad68e5Stb errx(1, "failed to finish CBB"); 215f5443466Sdoug 216f5443466Sdoug if (dlen != sizeof(tlsext_alpn_single_proto)) { 217cd527692Sjsing FAIL("got client ALPN with length %zu, " 218f5443466Sdoug "want length %zu\n", dlen, 219f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 220f5443466Sdoug compare_data(data, dlen, tlsext_alpn_single_proto, 221f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 222f5443466Sdoug goto err; 223f5443466Sdoug } 224f5443466Sdoug if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { 225cd527692Sjsing FAIL("client ALPN differs:\n"); 226f5443466Sdoug compare_data(data, dlen, tlsext_alpn_single_proto, 227f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 228f5443466Sdoug goto err; 229f5443466Sdoug } 230f5443466Sdoug 231f5443466Sdoug CBB_cleanup(&cbb); 23268934fd7Stb if (!CBB_init(&cbb, 0)) 23368934fd7Stb errx(1, "Failed to create CBB"); 234f5443466Sdoug free(data); 235f5443466Sdoug data = NULL; 236f5443466Sdoug 237f5443466Sdoug /* Make sure we can parse the single proto. */ 238f5443466Sdoug 239f5443466Sdoug CBS_init(&cbs, tlsext_alpn_single_proto, 240f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 241c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2422628ace5Stb FAIL("failed to parse ALPN\n"); 243f5443466Sdoug goto err; 244f5443466Sdoug } 245239d31d9Sjsing if (CBS_len(&cbs) != 0) { 2462628ace5Stb FAIL("extension data remaining\n"); 247239d31d9Sjsing goto err; 248239d31d9Sjsing } 249f5443466Sdoug 2501ce7ecd4Sjsing if (ssl->alpn_client_proto_list_len != 251f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)) { 252cd527692Sjsing FAIL("got client ALPN with length %zu, " 253f5443466Sdoug "want length %zu\n", dlen, 254f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)); 2551ce7ecd4Sjsing compare_data(ssl->alpn_client_proto_list, 2561ce7ecd4Sjsing ssl->alpn_client_proto_list_len, 257f5443466Sdoug tlsext_alpn_single_proto_val, 258f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)); 259f5443466Sdoug goto err; 260f5443466Sdoug } 2611ce7ecd4Sjsing if (memcmp(ssl->alpn_client_proto_list, 262f5443466Sdoug tlsext_alpn_single_proto_val, 263f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)) != 0) { 264cd527692Sjsing FAIL("client ALPN differs:\n"); 265f5443466Sdoug compare_data(data, dlen, tlsext_alpn_single_proto_val, 266f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)); 267f5443466Sdoug goto err; 268f5443466Sdoug } 269f5443466Sdoug 270f5443466Sdoug /* Make sure we can build the clienthello with multiple entries. */ 271f5443466Sdoug 272f5443466Sdoug if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val, 273f5443466Sdoug sizeof(tlsext_alpn_multiple_protos_val)) != 0) { 2742628ace5Stb FAIL("should be able to set ALPN to http/1.1\n"); 275f5443466Sdoug goto err; 276f5443466Sdoug } 27727d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2782628ace5Stb FAIL("client should need ALPN by now\n"); 279f5443466Sdoug goto err; 280f5443466Sdoug } 281f5443466Sdoug 28227d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 283cd527692Sjsing FAIL("client failed to build ALPN\n"); 284f5443466Sdoug goto err; 285f5443466Sdoug } 286f5443466Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 287d5ad68e5Stb errx(1, "failed to finish CBB"); 288f5443466Sdoug 289f5443466Sdoug if (dlen != sizeof(tlsext_alpn_multiple_protos)) { 290cd527692Sjsing FAIL("got client ALPN with length %zu, " 291f5443466Sdoug "want length %zu\n", dlen, 292f5443466Sdoug sizeof(tlsext_alpn_multiple_protos)); 293f5443466Sdoug compare_data(data, dlen, tlsext_alpn_multiple_protos, 294f5443466Sdoug sizeof(tlsext_alpn_multiple_protos)); 295f5443466Sdoug goto err; 296f5443466Sdoug } 297f5443466Sdoug if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) { 298cd527692Sjsing FAIL("client ALPN differs:\n"); 299f5443466Sdoug compare_data(data, dlen, tlsext_alpn_multiple_protos, 300f5443466Sdoug sizeof(tlsext_alpn_multiple_protos)); 301f5443466Sdoug goto err; 302f5443466Sdoug } 303f5443466Sdoug 304f5443466Sdoug /* Make sure we can parse multiple protos */ 305f5443466Sdoug 306f5443466Sdoug CBS_init(&cbs, tlsext_alpn_multiple_protos, 307f5443466Sdoug sizeof(tlsext_alpn_multiple_protos)); 308c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3092628ace5Stb FAIL("failed to parse ALPN\n"); 310f5443466Sdoug goto err; 311f5443466Sdoug } 312239d31d9Sjsing if (CBS_len(&cbs) != 0) { 3132628ace5Stb FAIL("extension data remaining\n"); 314239d31d9Sjsing goto err; 315239d31d9Sjsing } 316f5443466Sdoug 3171ce7ecd4Sjsing if (ssl->alpn_client_proto_list_len != 318f5443466Sdoug sizeof(tlsext_alpn_multiple_protos_val)) { 319cd527692Sjsing FAIL("got client ALPN with length %zu, " 320f5443466Sdoug "want length %zu\n", dlen, 321f5443466Sdoug sizeof(tlsext_alpn_multiple_protos_val)); 3221ce7ecd4Sjsing compare_data(ssl->alpn_client_proto_list, 3231ce7ecd4Sjsing ssl->alpn_client_proto_list_len, 324f5443466Sdoug tlsext_alpn_multiple_protos_val, 325f5443466Sdoug sizeof(tlsext_alpn_multiple_protos_val)); 326f5443466Sdoug goto err; 327f5443466Sdoug } 3281ce7ecd4Sjsing if (memcmp(ssl->alpn_client_proto_list, 329f5443466Sdoug tlsext_alpn_multiple_protos_val, 330f5443466Sdoug sizeof(tlsext_alpn_multiple_protos_val)) != 0) { 331cd527692Sjsing FAIL("client ALPN differs:\n"); 332f5443466Sdoug compare_data(data, dlen, tlsext_alpn_multiple_protos_val, 333f5443466Sdoug sizeof(tlsext_alpn_multiple_protos_val)); 334f5443466Sdoug goto err; 335f5443466Sdoug } 336f5443466Sdoug 337f5443466Sdoug /* Make sure we can remove the list and avoid ALPN */ 338f5443466Sdoug 3391ce7ecd4Sjsing free(ssl->alpn_client_proto_list); 3401ce7ecd4Sjsing ssl->alpn_client_proto_list = NULL; 3411ce7ecd4Sjsing ssl->alpn_client_proto_list_len = 0; 342f5443466Sdoug 34327d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 3442628ace5Stb FAIL("client should need ALPN by default\n"); 345f5443466Sdoug goto err; 346f5443466Sdoug } 347f5443466Sdoug 348f5443466Sdoug failure = 0; 349f5443466Sdoug 350f5443466Sdoug err: 351f5443466Sdoug CBB_cleanup(&cbb); 352f5443466Sdoug SSL_CTX_free(ssl_ctx); 353f5443466Sdoug SSL_free(ssl); 354f5443466Sdoug free(data); 355f5443466Sdoug 356f5443466Sdoug return (failure); 357f5443466Sdoug } 358f5443466Sdoug 359f5443466Sdoug static int 360cd527692Sjsing test_tlsext_alpn_server(void) 361f5443466Sdoug { 362f5443466Sdoug SSL_CTX *ssl_ctx = NULL; 363f5443466Sdoug SSL *ssl = NULL; 36427d3e8adStb const struct tls_extension_funcs *client_funcs; 36527d3e8adStb const struct tls_extension_funcs *server_funcs; 366f5443466Sdoug uint8_t *data = NULL; 367f5443466Sdoug CBB cbb; 368f5443466Sdoug CBS cbs; 369f5443466Sdoug int failure, alert; 370f5443466Sdoug size_t dlen; 371f5443466Sdoug 37212e31becStb failure = 1; 37312e31becStb 37468934fd7Stb if (!CBB_init(&cbb, 0)) 37568934fd7Stb errx(1, "Failed to create CBB"); 376f5443466Sdoug 377f5443466Sdoug if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 378f5443466Sdoug errx(1, "failed to create SSL_CTX"); 379f5443466Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 380f5443466Sdoug errx(1, "failed to create SSL"); 381f5443466Sdoug 38227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_alpn, &client_funcs, &server_funcs)) 38327d3e8adStb errx(1, "failed to fetch ALPN funcs"); 38427d3e8adStb 385f5443466Sdoug /* By default, ALPN isn't needed. */ 38627d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 387cd527692Sjsing FAIL("server should not need ALPN by default\n"); 388f5443466Sdoug goto err; 389f5443466Sdoug } 390f5443466Sdoug 391f5443466Sdoug /* 392f5443466Sdoug * The server has a single ALPN selection which is set by 393f5443466Sdoug * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto(). 394f5443466Sdoug * 395f5443466Sdoug * This will be a plain name and separate length. 396f5443466Sdoug */ 397f315d677Sjsing if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { 398f5443466Sdoug errx(1, "failed to malloc"); 399f5443466Sdoug } 400f315d677Sjsing memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name, 401f5443466Sdoug sizeof(tlsext_alpn_single_proto_name)); 402f315d677Sjsing ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); 403f5443466Sdoug 40427d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 405cd527692Sjsing FAIL("server should need ALPN after a protocol is selected\n"); 406f5443466Sdoug goto err; 407f5443466Sdoug } 408f5443466Sdoug 409cd527692Sjsing /* Make sure we can build a server with one protocol */ 410f5443466Sdoug 41127d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 4122628ace5Stb FAIL("server should be able to build a response\n"); 413f5443466Sdoug goto err; 414f5443466Sdoug } 415f5443466Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 416d5ad68e5Stb errx(1, "failed to finish CBB"); 417f5443466Sdoug 418f5443466Sdoug if (dlen != sizeof(tlsext_alpn_single_proto)) { 419cd527692Sjsing FAIL("got client ALPN with length %zu, " 420f5443466Sdoug "want length %zu\n", dlen, 421f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 422f5443466Sdoug compare_data(data, dlen, tlsext_alpn_single_proto, 423f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 424f5443466Sdoug goto err; 425f5443466Sdoug } 426f5443466Sdoug if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { 427cd527692Sjsing FAIL("client ALPN differs:\n"); 428f5443466Sdoug compare_data(data, dlen, tlsext_alpn_single_proto, 429f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 430f5443466Sdoug goto err; 431f5443466Sdoug } 432f5443466Sdoug 433f5443466Sdoug CBB_cleanup(&cbb); 43468934fd7Stb if (!CBB_init(&cbb, 0)) 43568934fd7Stb errx(1, "Failed to create CBB"); 436f5443466Sdoug free(data); 437f5443466Sdoug data = NULL; 438f5443466Sdoug 439f5443466Sdoug /* Make sure we can parse the single proto. */ 440f5443466Sdoug 441f5443466Sdoug CBS_init(&cbs, tlsext_alpn_single_proto, 442f5443466Sdoug sizeof(tlsext_alpn_single_proto)); 443f5443466Sdoug 444f5443466Sdoug /* Shouldn't be able to parse without requesting */ 445c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 4462628ace5Stb FAIL("Should only parse server if we requested it\n"); 447f5443466Sdoug goto err; 448f5443466Sdoug } 449f5443466Sdoug 450f5443466Sdoug /* Should be able to parse once requested. */ 451f5443466Sdoug if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, 452f5443466Sdoug sizeof(tlsext_alpn_single_proto_val)) != 0) { 4532628ace5Stb FAIL("should be able to set ALPN to http/1.1\n"); 454f5443466Sdoug goto err; 455f5443466Sdoug } 456c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 4572628ace5Stb FAIL("Should be able to parse server when we request it\n"); 458f5443466Sdoug goto err; 459f5443466Sdoug } 460239d31d9Sjsing if (CBS_len(&cbs) != 0) { 4612628ace5Stb FAIL("extension data remaining\n"); 462239d31d9Sjsing goto err; 463239d31d9Sjsing } 464f5443466Sdoug 465f315d677Sjsing if (ssl->s3->alpn_selected_len != 466f5443466Sdoug sizeof(tlsext_alpn_single_proto_name)) { 467cd527692Sjsing FAIL("got server ALPN with length %zu, " 468f5443466Sdoug "want length %zu\n", dlen, 469f5443466Sdoug sizeof(tlsext_alpn_single_proto_name)); 470f315d677Sjsing compare_data(ssl->s3->alpn_selected, 471f315d677Sjsing ssl->s3->alpn_selected_len, 472f5443466Sdoug tlsext_alpn_single_proto_name, 473f5443466Sdoug sizeof(tlsext_alpn_single_proto_name)); 474f5443466Sdoug goto err; 475f5443466Sdoug } 476f315d677Sjsing if (memcmp(ssl->s3->alpn_selected, 477f5443466Sdoug tlsext_alpn_single_proto_name, 478f5443466Sdoug sizeof(tlsext_alpn_single_proto_name)) != 0) { 479cd527692Sjsing FAIL("server ALPN differs:\n"); 480f315d677Sjsing compare_data(ssl->s3->alpn_selected, 481f315d677Sjsing ssl->s3->alpn_selected_len, 482f5443466Sdoug tlsext_alpn_single_proto_name, 483f5443466Sdoug sizeof(tlsext_alpn_single_proto_name)); 484f5443466Sdoug goto err; 485f5443466Sdoug } 486f5443466Sdoug 487f5443466Sdoug /* 488cd527692Sjsing * We should NOT be able to build a server with multiple 489f5443466Sdoug * protocol names. However, the existing code did not check for this 490f5443466Sdoug * case because it is passed in as an encoded value. 491f5443466Sdoug */ 492f5443466Sdoug 493f5443466Sdoug /* Make sure we can remove the list and avoid ALPN */ 494f5443466Sdoug 495f315d677Sjsing free(ssl->s3->alpn_selected); 496f315d677Sjsing ssl->s3->alpn_selected = NULL; 497f315d677Sjsing ssl->s3->alpn_selected_len = 0; 498f5443466Sdoug 49927d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 50077ebe953Stb FAIL("server should not need ALPN by default\n"); 501f5443466Sdoug goto err; 502f5443466Sdoug } 503f5443466Sdoug 504f5443466Sdoug failure = 0; 505f5443466Sdoug 506f5443466Sdoug err: 507f5443466Sdoug CBB_cleanup(&cbb); 508f5443466Sdoug SSL_CTX_free(ssl_ctx); 509f5443466Sdoug SSL_free(ssl); 510f5443466Sdoug free(data); 511f5443466Sdoug 512f5443466Sdoug return (failure); 513f5443466Sdoug 514f5443466Sdoug } 515f5443466Sdoug 516f5443466Sdoug /* 517f6b55ceaSjsing * Supported Elliptic Curves - RFC 4492 section 5.1.1. 518e6762581Sdoug * 519e6762581Sdoug * This extension is only used by the client. 520e6762581Sdoug */ 521e6762581Sdoug 5223fb21974Stb static const uint8_t tlsext_supportedgroups_client_default[] = { 523b824c93cSjsing 0x00, 0x08, 524e6762581Sdoug 0x00, 0x1d, /* X25519 (29) */ 525e6762581Sdoug 0x00, 0x17, /* secp256r1 (23) */ 526b824c93cSjsing 0x00, 0x18, /* secp384r1 (24) */ 527b824c93cSjsing 0x00, 0x19, /* secp521r1 (25) */ 528e6762581Sdoug }; 529e6762581Sdoug 5303fb21974Stb static const uint16_t tlsext_supportedgroups_client_secp384r1_val[] = { 5313b5a06eeStb 0x0018 /* tls1_ec_nid2group_id(NID_secp384r1) */ 532e6762581Sdoug }; 5333fb21974Stb static const uint8_t tlsext_supportedgroups_client_secp384r1[] = { 534e6762581Sdoug 0x00, 0x02, 535e6762581Sdoug 0x00, 0x18 /* secp384r1 (24) */ 536e6762581Sdoug }; 537e6762581Sdoug 538e6762581Sdoug /* Example from RFC 4492 section 5.1.1 */ 5393fb21974Stb static const uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = { 5403b5a06eeStb 0x0013, /* tls1_ec_nid2group_id(NID_X9_62_prime192v1) */ 5413b5a06eeStb 0x0015 /* tls1_ec_nid2group_id(NID_secp224r1) */ 542e6762581Sdoug }; 5433fb21974Stb static const uint8_t tlsext_supportedgroups_client_nistp192and224[] = { 544e6762581Sdoug 0x00, 0x04, 545e6762581Sdoug 0x00, 0x13, /* secp192r1 aka NIST P-192 */ 546e6762581Sdoug 0x00, 0x15 /* secp224r1 aka NIST P-224 */ 547e6762581Sdoug }; 548e6762581Sdoug 549e6762581Sdoug static int 550cd527692Sjsing test_tlsext_supportedgroups_client(void) 551e6762581Sdoug { 552e6762581Sdoug unsigned char *data = NULL; 553e6762581Sdoug SSL_CTX *ssl_ctx = NULL; 554e6762581Sdoug SSL *ssl = NULL; 55527d3e8adStb const struct tls_extension_funcs *client_funcs; 55627d3e8adStb const struct tls_extension_funcs *server_funcs; 557e6762581Sdoug size_t dlen; 558e6762581Sdoug int failure, alert; 559e6762581Sdoug CBB cbb; 560e6762581Sdoug CBS cbs; 561e6762581Sdoug 562e6762581Sdoug failure = 1; 563e6762581Sdoug 5644c0a1651Sbeck if (!CBB_init(&cbb, 0)) 5654c0a1651Sbeck errx(1, "failed to create CBB"); 566e6762581Sdoug 567e6762581Sdoug if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 568e6762581Sdoug errx(1, "failed to create SSL_CTX"); 569e6762581Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 570e6762581Sdoug errx(1, "failed to create SSL"); 571e6762581Sdoug 57227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs, 57327d3e8adStb &server_funcs)) 57427d3e8adStb errx(1, "failed to fetch supported groups funcs"); 57527d3e8adStb 576e6762581Sdoug /* 577e6762581Sdoug * Default ciphers include EC so we need it by default. 578e6762581Sdoug */ 57927d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 580cd527692Sjsing FAIL("client should need Ellipticcurves for default " 581e6762581Sdoug "ciphers\n"); 582e6762581Sdoug goto err; 583e6762581Sdoug } 584e6762581Sdoug 585e6762581Sdoug /* 586e6762581Sdoug * Exclude cipher suites so we can test not including it. 587e6762581Sdoug */ 588e6762581Sdoug if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 589cd527692Sjsing FAIL("client should be able to set cipher list\n"); 590e6762581Sdoug goto err; 591e6762581Sdoug } 59227d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 593cd527692Sjsing FAIL("client should not need Ellipticcurves\n"); 594e6762581Sdoug goto err; 595e6762581Sdoug } 596e6762581Sdoug 597e6762581Sdoug /* 598e6762581Sdoug * Use libtls default for the rest of the testing 599e6762581Sdoug */ 600e6762581Sdoug if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 601cd527692Sjsing FAIL("client should be able to set cipher list\n"); 602e6762581Sdoug goto err; 603e6762581Sdoug } 60427d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 605cd527692Sjsing FAIL("client should need Ellipticcurves\n"); 606e6762581Sdoug goto err; 607e6762581Sdoug } 608e6762581Sdoug 609e6762581Sdoug /* 610e6762581Sdoug * Test with a session secp384r1. The default is used instead. 611e6762581Sdoug */ 612e6762581Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 613e6762581Sdoug errx(1, "failed to create session"); 614e6762581Sdoug 615736ebdd8Sjsing if ((ssl->session->tlsext_supportedgroups = malloc(sizeof(uint16_t))) 616e6762581Sdoug == NULL) { 617e6762581Sdoug FAIL("client could not malloc\n"); 618e6762581Sdoug goto err; 619e6762581Sdoug } 6203b5a06eeStb if (!tls1_ec_nid2group_id(NID_secp384r1, 6213b5a06eeStb &ssl->session->tlsext_supportedgroups[0])) 6223b5a06eeStb goto err; 623736ebdd8Sjsing ssl->session->tlsext_supportedgroups_length = 1; 624e6762581Sdoug 62527d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 626cd527692Sjsing FAIL("client should need Ellipticcurves\n"); 627e6762581Sdoug goto err; 628e6762581Sdoug } 629e6762581Sdoug 63027d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 631cd527692Sjsing FAIL("client failed to build Ellipticcurves\n"); 632e6762581Sdoug goto err; 633e6762581Sdoug } 634e6762581Sdoug 635e6762581Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 636d5ad68e5Stb errx(1, "failed to finish CBB"); 637e6762581Sdoug 638cd527692Sjsing if (dlen != sizeof(tlsext_supportedgroups_client_default)) { 639cd527692Sjsing FAIL("got client Ellipticcurves with length %zu, " 640e6762581Sdoug "want length %zu\n", dlen, 641cd527692Sjsing sizeof(tlsext_supportedgroups_client_default)); 642cd527692Sjsing compare_data(data, dlen, tlsext_supportedgroups_client_default, 643cd527692Sjsing sizeof(tlsext_supportedgroups_client_default)); 644e6762581Sdoug goto err; 645e6762581Sdoug } 646e6762581Sdoug 647cd527692Sjsing if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) { 648cd527692Sjsing FAIL("client Ellipticcurves differs:\n"); 649cd527692Sjsing compare_data(data, dlen, tlsext_supportedgroups_client_default, 650cd527692Sjsing sizeof(tlsext_supportedgroups_client_default)); 651e6762581Sdoug goto err; 652e6762581Sdoug } 653e6762581Sdoug 654e6762581Sdoug /* 655e6762581Sdoug * Test parsing secp384r1 656e6762581Sdoug */ 657e6762581Sdoug CBB_cleanup(&cbb); 65868934fd7Stb if (!CBB_init(&cbb, 0)) 65968934fd7Stb errx(1, "Failed to create CBB"); 660e6762581Sdoug free(data); 661e6762581Sdoug data = NULL; 662e6762581Sdoug 663e6762581Sdoug SSL_SESSION_free(ssl->session); 664e6762581Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 665e6762581Sdoug errx(1, "failed to create session"); 666e6762581Sdoug 667cd527692Sjsing CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, 668cd527692Sjsing sizeof(tlsext_supportedgroups_client_secp384r1)); 669c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 670cd527692Sjsing FAIL("failed to parse client Ellipticcurves\n"); 671e6762581Sdoug goto err; 672e6762581Sdoug } 673239d31d9Sjsing if (CBS_len(&cbs) != 0) { 6742628ace5Stb FAIL("extension data remaining\n"); 675239d31d9Sjsing goto err; 676239d31d9Sjsing } 677e6762581Sdoug 678736ebdd8Sjsing if (ssl->session->tlsext_supportedgroups_length != 679cd527692Sjsing sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) { 680cd527692Sjsing FAIL("no tlsext_ellipticcurves from client " 681e6762581Sdoug "Ellipticcurves\n"); 682e6762581Sdoug goto err; 683e6762581Sdoug } 684e6762581Sdoug 685736ebdd8Sjsing if (memcmp(ssl->session->tlsext_supportedgroups, 686cd527692Sjsing tlsext_supportedgroups_client_secp384r1_val, 687cd527692Sjsing sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) { 688cd527692Sjsing FAIL("client had an incorrect Ellipticcurves " 689e6762581Sdoug "entry\n"); 690736ebdd8Sjsing compare_data2(ssl->session->tlsext_supportedgroups, 691736ebdd8Sjsing ssl->session->tlsext_supportedgroups_length * 2, 692cd527692Sjsing tlsext_supportedgroups_client_secp384r1_val, 693cd527692Sjsing sizeof(tlsext_supportedgroups_client_secp384r1_val)); 694e6762581Sdoug goto err; 695e6762581Sdoug } 696e6762581Sdoug 697e6762581Sdoug /* 698e6762581Sdoug * Use a custom order. 699e6762581Sdoug */ 700e6762581Sdoug CBB_cleanup(&cbb); 70168934fd7Stb if (!CBB_init(&cbb, 0)) 70268934fd7Stb errx(1, "Failed to create CBB"); 703e6762581Sdoug 704e6762581Sdoug SSL_SESSION_free(ssl->session); 705e6762581Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 706e6762581Sdoug errx(1, "failed to create session"); 707e6762581Sdoug 7081ce7ecd4Sjsing if ((ssl->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) { 709e6762581Sdoug FAIL("client could not malloc\n"); 710e6762581Sdoug goto err; 711e6762581Sdoug } 7123b5a06eeStb if (!tls1_ec_nid2group_id(NID_X9_62_prime192v1, 7131ce7ecd4Sjsing &ssl->tlsext_supportedgroups[0])) 7143b5a06eeStb goto err; 7153b5a06eeStb if (!tls1_ec_nid2group_id(NID_secp224r1, 7161ce7ecd4Sjsing &ssl->tlsext_supportedgroups[1])) 7173b5a06eeStb goto err; 7181ce7ecd4Sjsing ssl->tlsext_supportedgroups_length = 2; 719e6762581Sdoug 72027d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 721cd527692Sjsing FAIL("client should need Ellipticcurves\n"); 722e6762581Sdoug goto err; 723e6762581Sdoug } 724e6762581Sdoug 72527d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 726cd527692Sjsing FAIL("client failed to build Ellipticcurves\n"); 727e6762581Sdoug goto err; 728e6762581Sdoug } 729e6762581Sdoug 730e6762581Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 731d5ad68e5Stb errx(1, "failed to finish CBB"); 732e6762581Sdoug 733cd527692Sjsing if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) { 734cd527692Sjsing FAIL("got client Ellipticcurves with length %zu, " 735e6762581Sdoug "want length %zu\n", dlen, 736cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224)); 737e6762581Sdoug fprintf(stderr, "received:\n"); 738e6762581Sdoug hexdump(data, dlen); 739e6762581Sdoug fprintf(stderr, "test data:\n"); 740cd527692Sjsing hexdump(tlsext_supportedgroups_client_nistp192and224, 741cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224)); 742e6762581Sdoug goto err; 743e6762581Sdoug } 744e6762581Sdoug 745cd527692Sjsing if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) { 746cd527692Sjsing FAIL("client Ellipticcurves differs:\n"); 747e6762581Sdoug fprintf(stderr, "received:\n"); 748e6762581Sdoug hexdump(data, dlen); 749e6762581Sdoug fprintf(stderr, "test data:\n"); 750cd527692Sjsing hexdump(tlsext_supportedgroups_client_nistp192and224, 751cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224)); 752e6762581Sdoug goto err; 753e6762581Sdoug } 754e6762581Sdoug 755e6762581Sdoug /* 756e6762581Sdoug * Parse non-default curves to session. 757e6762581Sdoug */ 758e6762581Sdoug CBB_cleanup(&cbb); 75968934fd7Stb if (!CBB_init(&cbb, 0)) 76068934fd7Stb errx(1, "Failed to create CBB"); 761e6762581Sdoug free(data); 762e6762581Sdoug data = NULL; 763e6762581Sdoug 764e6762581Sdoug SSL_SESSION_free(ssl->session); 765e6762581Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 766e6762581Sdoug errx(1, "failed to create session"); 767e6762581Sdoug 768e6762581Sdoug /* Reset back to the default list. */ 7691ce7ecd4Sjsing free(ssl->tlsext_supportedgroups); 7701ce7ecd4Sjsing ssl->tlsext_supportedgroups = NULL; 7711ce7ecd4Sjsing ssl->tlsext_supportedgroups_length = 0; 772e6762581Sdoug 773cd527692Sjsing CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, 774cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224)); 775c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 776cd527692Sjsing FAIL("failed to parse client Ellipticcurves\n"); 777e6762581Sdoug goto err; 778e6762581Sdoug } 779239d31d9Sjsing if (CBS_len(&cbs) != 0) { 7802628ace5Stb FAIL("extension data remaining\n"); 781239d31d9Sjsing goto err; 782239d31d9Sjsing } 783e6762581Sdoug 784736ebdd8Sjsing if (ssl->session->tlsext_supportedgroups_length != 785cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) { 786cd527692Sjsing FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n"); 787e6762581Sdoug goto err; 788e6762581Sdoug } 789e6762581Sdoug 790736ebdd8Sjsing if (memcmp(ssl->session->tlsext_supportedgroups, 791cd527692Sjsing tlsext_supportedgroups_client_nistp192and224_val, 792cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) { 793cd527692Sjsing FAIL("client had an incorrect Ellipticcurves entry\n"); 794736ebdd8Sjsing compare_data2(ssl->session->tlsext_supportedgroups, 795736ebdd8Sjsing ssl->session->tlsext_supportedgroups_length * 2, 796cd527692Sjsing tlsext_supportedgroups_client_nistp192and224_val, 797cd527692Sjsing sizeof(tlsext_supportedgroups_client_nistp192and224_val)); 798e6762581Sdoug goto err; 799e6762581Sdoug } 800e6762581Sdoug 801e6762581Sdoug failure = 0; 802e6762581Sdoug 803e6762581Sdoug err: 804e6762581Sdoug CBB_cleanup(&cbb); 805e6762581Sdoug SSL_CTX_free(ssl_ctx); 806e6762581Sdoug SSL_free(ssl); 807e6762581Sdoug free(data); 808e6762581Sdoug 809e6762581Sdoug return (failure); 810e6762581Sdoug } 811e6762581Sdoug 812e6762581Sdoug 813e6762581Sdoug /* elliptic_curves is only used by the client so this doesn't test much. */ 814e6762581Sdoug static int 815cd527692Sjsing test_tlsext_supportedgroups_server(void) 816e6762581Sdoug { 817e6762581Sdoug SSL_CTX *ssl_ctx = NULL; 818e6762581Sdoug SSL *ssl = NULL; 81927d3e8adStb const struct tls_extension_funcs *client_funcs; 82027d3e8adStb const struct tls_extension_funcs *server_funcs; 821e6762581Sdoug int failure; 822e6762581Sdoug 823e6762581Sdoug failure = 1; 824e6762581Sdoug 825e6762581Sdoug if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 826e6762581Sdoug errx(1, "failed to create SSL_CTX"); 827e6762581Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 828e6762581Sdoug errx(1, "failed to create SSL"); 829e6762581Sdoug 83027d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_supported_groups, &client_funcs, 83127d3e8adStb &server_funcs)) 83227d3e8adStb errx(1, "failed to fetch supported groups funcs"); 83327d3e8adStb 83427d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 835cd527692Sjsing FAIL("server should not need elliptic_curves\n"); 836e6762581Sdoug goto err; 837e6762581Sdoug } 838e6762581Sdoug 839e6762581Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 840e6762581Sdoug errx(1, "failed to create session"); 841e6762581Sdoug 84227d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 843cd527692Sjsing FAIL("server should not need elliptic_curves\n"); 844e6762581Sdoug goto err; 845e6762581Sdoug } 846e6762581Sdoug 847e6762581Sdoug failure = 0; 848e6762581Sdoug 849e6762581Sdoug err: 850e6762581Sdoug SSL_CTX_free(ssl_ctx); 851e6762581Sdoug SSL_free(ssl); 852e6762581Sdoug 853e6762581Sdoug return (failure); 854e6762581Sdoug 855e6762581Sdoug } 856e6762581Sdoug 857f6b55ceaSjsing /* 858f6b55ceaSjsing * Supported Point Formats - RFC 4492 section 5.1.2. 859f6b55ceaSjsing * 860f6b55ceaSjsing * Examples are from the RFC. Both client and server have the same build and 861f6b55ceaSjsing * parse but the needs differ. 862f6b55ceaSjsing */ 863f6b55ceaSjsing 8643fb21974Stb static const uint8_t tlsext_ecpf_hello_uncompressed_val[] = { 865f6b55ceaSjsing TLSEXT_ECPOINTFORMAT_uncompressed 866f6b55ceaSjsing }; 8673fb21974Stb static const uint8_t tlsext_ecpf_hello_uncompressed[] = { 868f6b55ceaSjsing 0x01, 869f6b55ceaSjsing 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */ 870f6b55ceaSjsing }; 871f6b55ceaSjsing 8723fb21974Stb static const uint8_t tlsext_ecpf_hello_prime[] = { 873f6b55ceaSjsing 0x01, 874f6b55ceaSjsing 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */ 875f6b55ceaSjsing }; 876f6b55ceaSjsing 8773fb21974Stb static const uint8_t tlsext_ecpf_hello_prefer_order_val[] = { 878f6b55ceaSjsing TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime, 879f6b55ceaSjsing TLSEXT_ECPOINTFORMAT_uncompressed, 880f6b55ceaSjsing TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 881f6b55ceaSjsing }; 8823fb21974Stb static const uint8_t tlsext_ecpf_hello_prefer_order[] = { 883f6b55ceaSjsing 0x03, 884f6b55ceaSjsing 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */ 885f6b55ceaSjsing 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */ 886f6b55ceaSjsing 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */ 887f6b55ceaSjsing }; 888f6b55ceaSjsing 889f6b55ceaSjsing static int 890cd527692Sjsing test_tlsext_ecpf_client(void) 891f6b55ceaSjsing { 892f6b55ceaSjsing uint8_t *data = NULL; 893f6b55ceaSjsing SSL_CTX *ssl_ctx = NULL; 894f6b55ceaSjsing SSL *ssl = NULL; 89527d3e8adStb const struct tls_extension_funcs *client_funcs; 89627d3e8adStb const struct tls_extension_funcs *server_funcs; 897f6b55ceaSjsing size_t dlen; 898f6b55ceaSjsing int failure, alert; 899f6b55ceaSjsing CBB cbb; 900f6b55ceaSjsing CBS cbs; 901f6b55ceaSjsing 902f6b55ceaSjsing failure = 1; 903f6b55ceaSjsing 90468934fd7Stb if (!CBB_init(&cbb, 0)) 90568934fd7Stb errx(1, "Failed to create CBB"); 906f6b55ceaSjsing 907f6b55ceaSjsing if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 908f6b55ceaSjsing errx(1, "failed to create SSL_CTX"); 909f6b55ceaSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 910f6b55ceaSjsing errx(1, "failed to create SSL"); 911f6b55ceaSjsing 91227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs, 91327d3e8adStb &server_funcs)) 91427d3e8adStb errx(1, "failed to fetch ecpf funcs"); 91527d3e8adStb 916f6b55ceaSjsing /* 917f6b55ceaSjsing * Default ciphers include EC so we need it by default. 918f6b55ceaSjsing */ 91927d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 920cd527692Sjsing FAIL("client should need ECPointFormats for default " 921f6b55ceaSjsing "ciphers\n"); 922f6b55ceaSjsing goto err; 923f6b55ceaSjsing } 924f6b55ceaSjsing 925f6b55ceaSjsing /* 926f6b55ceaSjsing * Exclude EC cipher suites so we can test not including it. 927f6b55ceaSjsing */ 928f6b55ceaSjsing if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) { 929cd527692Sjsing FAIL("client should be able to set cipher list\n"); 930f6b55ceaSjsing goto err; 931f6b55ceaSjsing } 93227d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 933cd527692Sjsing FAIL("client should not need ECPointFormats\n"); 934f6b55ceaSjsing goto err; 935f6b55ceaSjsing } 936f6b55ceaSjsing 937f6b55ceaSjsing /* 938f6b55ceaSjsing * Use libtls default for the rest of the testing 939f6b55ceaSjsing */ 940f6b55ceaSjsing if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 941cd527692Sjsing FAIL("client should be able to set cipher list\n"); 942f6b55ceaSjsing goto err; 943f6b55ceaSjsing } 94427d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 945cd527692Sjsing FAIL("client should need ECPointFormats\n"); 946f6b55ceaSjsing goto err; 947f6b55ceaSjsing } 948f6b55ceaSjsing 949f6b55ceaSjsing /* 950f6b55ceaSjsing * The default ECPointFormats should only have uncompressed 951f6b55ceaSjsing */ 952f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 953f6b55ceaSjsing errx(1, "failed to create session"); 954f6b55ceaSjsing 95527d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 956cd527692Sjsing FAIL("client failed to build ECPointFormats\n"); 957f6b55ceaSjsing goto err; 958f6b55ceaSjsing } 959f6b55ceaSjsing 960f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 961d5ad68e5Stb errx(1, "failed to finish CBB"); 962f6b55ceaSjsing 963f6b55ceaSjsing if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { 964cd527692Sjsing FAIL("got client ECPointFormats with length %zu, " 965f6b55ceaSjsing "want length %zu\n", dlen, 966f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 967f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 968f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 969f6b55ceaSjsing goto err; 970f6b55ceaSjsing } 971f6b55ceaSjsing 972f6b55ceaSjsing if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { 973cd527692Sjsing FAIL("client ECPointFormats differs:\n"); 974f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 975f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 976f6b55ceaSjsing goto err; 977f6b55ceaSjsing } 978f6b55ceaSjsing 979f6b55ceaSjsing /* 980f6b55ceaSjsing * Make sure we can parse the default. 981f6b55ceaSjsing */ 982f6b55ceaSjsing CBB_cleanup(&cbb); 98368934fd7Stb if (!CBB_init(&cbb, 0)) 98468934fd7Stb errx(1, "Failed to create CBB"); 985f6b55ceaSjsing free(data); 986f6b55ceaSjsing data = NULL; 987f6b55ceaSjsing 988f6b55ceaSjsing SSL_SESSION_free(ssl->session); 989f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 990f6b55ceaSjsing errx(1, "failed to create session"); 991f6b55ceaSjsing 992f6b55ceaSjsing CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, 993f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 994c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 995cd527692Sjsing FAIL("failed to parse client ECPointFormats\n"); 996f6b55ceaSjsing goto err; 997f6b55ceaSjsing } 998239d31d9Sjsing if (CBS_len(&cbs) != 0) { 9992628ace5Stb FAIL("extension data remaining\n"); 1000239d31d9Sjsing goto err; 1001239d31d9Sjsing } 1002f6b55ceaSjsing 1003736ebdd8Sjsing if (ssl->session->tlsext_ecpointformatlist_length != 1004f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed_val)) { 1005cd527692Sjsing FAIL("no tlsext_ecpointformats from client " 1006f6b55ceaSjsing "ECPointFormats\n"); 1007f6b55ceaSjsing goto err; 1008f6b55ceaSjsing } 1009f6b55ceaSjsing 1010736ebdd8Sjsing if (memcmp(ssl->session->tlsext_ecpointformatlist, 1011f6b55ceaSjsing tlsext_ecpf_hello_uncompressed_val, 1012f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) { 1013cd527692Sjsing FAIL("client had an incorrect ECPointFormats entry\n"); 1014f6b55ceaSjsing goto err; 1015f6b55ceaSjsing } 1016f6b55ceaSjsing 1017f6b55ceaSjsing /* 1018f6b55ceaSjsing * Test with a custom order. 1019f6b55ceaSjsing */ 1020f6b55ceaSjsing CBB_cleanup(&cbb); 102168934fd7Stb if (!CBB_init(&cbb, 0)) 102268934fd7Stb errx(1, "Failed to create CBB"); 1023f6b55ceaSjsing free(data); 1024f6b55ceaSjsing data = NULL; 1025f6b55ceaSjsing 1026f6b55ceaSjsing SSL_SESSION_free(ssl->session); 1027f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1028f6b55ceaSjsing errx(1, "failed to create session"); 1029f6b55ceaSjsing 10301ce7ecd4Sjsing if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) { 1031f6b55ceaSjsing FAIL("client could not malloc\n"); 1032f6b55ceaSjsing goto err; 1033f6b55ceaSjsing } 10341ce7ecd4Sjsing ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 10351ce7ecd4Sjsing ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed; 10361ce7ecd4Sjsing ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 10371ce7ecd4Sjsing ssl->tlsext_ecpointformatlist_length = 3; 1038f6b55ceaSjsing 103927d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 1040cd527692Sjsing FAIL("client should need ECPointFormats with a custom " 1041f6b55ceaSjsing "format\n"); 1042f6b55ceaSjsing goto err; 1043f6b55ceaSjsing } 1044f6b55ceaSjsing 104527d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1046cd527692Sjsing FAIL("client failed to build ECPointFormats\n"); 1047f6b55ceaSjsing goto err; 1048f6b55ceaSjsing } 1049f6b55ceaSjsing 1050f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1051d5ad68e5Stb errx(1, "failed to finish CBB"); 1052f6b55ceaSjsing 1053f6b55ceaSjsing if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { 1054cd527692Sjsing FAIL("got client ECPointFormats with length %zu, " 1055f6b55ceaSjsing "want length %zu\n", dlen, 1056f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1057f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1058f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1059f6b55ceaSjsing goto err; 1060f6b55ceaSjsing } 1061f6b55ceaSjsing 1062f6b55ceaSjsing if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { 1063cd527692Sjsing FAIL("client ECPointFormats differs:\n"); 1064f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1065f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1066f6b55ceaSjsing goto err; 1067f6b55ceaSjsing } 1068f6b55ceaSjsing 1069f6b55ceaSjsing /* 1070f6b55ceaSjsing * Make sure that we can parse this custom order. 1071f6b55ceaSjsing */ 1072f6b55ceaSjsing CBB_cleanup(&cbb); 107368934fd7Stb if (!CBB_init(&cbb, 0)) 107468934fd7Stb errx(1, "Failed to create CBB"); 1075f6b55ceaSjsing free(data); 1076f6b55ceaSjsing data = NULL; 1077f6b55ceaSjsing 1078f6b55ceaSjsing SSL_SESSION_free(ssl->session); 1079f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1080f6b55ceaSjsing errx(1, "failed to create session"); 1081f6b55ceaSjsing 1082f6b55ceaSjsing /* Reset the custom list so we go back to the default uncompressed. */ 10831ce7ecd4Sjsing free(ssl->tlsext_ecpointformatlist); 10841ce7ecd4Sjsing ssl->tlsext_ecpointformatlist = NULL; 10851ce7ecd4Sjsing ssl->tlsext_ecpointformatlist_length = 0; 1086f6b55ceaSjsing 1087f6b55ceaSjsing CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1088f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1089c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1090cd527692Sjsing FAIL("failed to parse client ECPointFormats\n"); 1091f6b55ceaSjsing goto err; 1092f6b55ceaSjsing } 1093239d31d9Sjsing if (CBS_len(&cbs) != 0) { 10942628ace5Stb FAIL("extension data remaining\n"); 1095239d31d9Sjsing goto err; 1096239d31d9Sjsing } 1097f6b55ceaSjsing 1098736ebdd8Sjsing if (ssl->session->tlsext_ecpointformatlist_length != 1099f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1100cd527692Sjsing FAIL("no tlsext_ecpointformats from client " 1101f6b55ceaSjsing "ECPointFormats\n"); 1102f6b55ceaSjsing goto err; 1103f6b55ceaSjsing } 1104f6b55ceaSjsing 1105736ebdd8Sjsing if (memcmp(ssl->session->tlsext_ecpointformatlist, 1106f6b55ceaSjsing tlsext_ecpf_hello_prefer_order_val, 1107f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { 1108cd527692Sjsing FAIL("client had an incorrect ECPointFormats entry\n"); 1109f6b55ceaSjsing goto err; 1110f6b55ceaSjsing } 1111f6b55ceaSjsing 1112f6b55ceaSjsing failure = 0; 1113f6b55ceaSjsing 1114f6b55ceaSjsing err: 1115f6b55ceaSjsing CBB_cleanup(&cbb); 1116f6b55ceaSjsing SSL_CTX_free(ssl_ctx); 1117f6b55ceaSjsing SSL_free(ssl); 1118f6b55ceaSjsing free(data); 1119f6b55ceaSjsing 1120f6b55ceaSjsing return (failure); 1121f6b55ceaSjsing } 1122f6b55ceaSjsing 1123f6b55ceaSjsing static int 1124cd527692Sjsing test_tlsext_ecpf_server(void) 1125f6b55ceaSjsing { 1126f6b55ceaSjsing uint8_t *data = NULL; 1127f6b55ceaSjsing SSL_CTX *ssl_ctx = NULL; 1128f6b55ceaSjsing SSL *ssl = NULL; 112927d3e8adStb const struct tls_extension_funcs *client_funcs; 113027d3e8adStb const struct tls_extension_funcs *server_funcs; 1131f6b55ceaSjsing size_t dlen; 1132f6b55ceaSjsing int failure, alert; 1133f6b55ceaSjsing CBB cbb; 1134f6b55ceaSjsing CBS cbs; 1135f6b55ceaSjsing 1136f6b55ceaSjsing failure = 1; 1137f6b55ceaSjsing 113868934fd7Stb if (!CBB_init(&cbb, 0)) 113968934fd7Stb errx(1, "Failed to create CBB"); 1140f6b55ceaSjsing 1141f6b55ceaSjsing if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1142f6b55ceaSjsing errx(1, "failed to create SSL_CTX"); 1143f6b55ceaSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1144f6b55ceaSjsing errx(1, "failed to create SSL"); 1145f6b55ceaSjsing 114627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_ec_point_formats, &client_funcs, 114727d3e8adStb &server_funcs)) 114827d3e8adStb errx(1, "failed to fetch ecpf funcs"); 114927d3e8adStb 1150f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1151f6b55ceaSjsing errx(1, "failed to create session"); 1152f6b55ceaSjsing 1153f6b55ceaSjsing /* Setup the state so we can call needs. */ 11540fe48b23Sjsing if ((ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0xcca9)) == NULL) { 1155cd527692Sjsing FAIL("server cannot find cipher\n"); 1156f6b55ceaSjsing goto err; 1157f6b55ceaSjsing } 1158736ebdd8Sjsing if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) 1159f6b55ceaSjsing == NULL) { 1160f6b55ceaSjsing FAIL("server could not malloc\n"); 1161f6b55ceaSjsing goto err; 1162f6b55ceaSjsing } 1163736ebdd8Sjsing ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1164736ebdd8Sjsing ssl->session->tlsext_ecpointformatlist_length = 1; 1165f6b55ceaSjsing 116627d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 1167cd527692Sjsing FAIL("server should need ECPointFormats now\n"); 1168f6b55ceaSjsing goto err; 1169f6b55ceaSjsing } 1170f6b55ceaSjsing 1171f6b55ceaSjsing /* 1172f6b55ceaSjsing * The server will ignore the session list and use either a custom 1173f6b55ceaSjsing * list or the default (uncompressed). 1174f6b55ceaSjsing */ 117527d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1176cd527692Sjsing FAIL("server failed to build ECPointFormats\n"); 1177f6b55ceaSjsing goto err; 1178f6b55ceaSjsing } 1179f6b55ceaSjsing 1180f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1181d5ad68e5Stb errx(1, "failed to finish CBB"); 1182f6b55ceaSjsing 1183f6b55ceaSjsing if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { 1184cd527692Sjsing FAIL("got server ECPointFormats with length %zu, " 1185f6b55ceaSjsing "want length %zu\n", dlen, 1186f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 1187f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 1188f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 1189f6b55ceaSjsing goto err; 1190f6b55ceaSjsing } 1191f6b55ceaSjsing 1192f6b55ceaSjsing if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { 1193cd527692Sjsing FAIL("server ECPointFormats differs:\n"); 1194f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 1195f6b55ceaSjsing sizeof(tlsext_ecpf_hello_uncompressed)); 1196f6b55ceaSjsing goto err; 1197f6b55ceaSjsing } 1198f6b55ceaSjsing 1199f6b55ceaSjsing /* 1200f6b55ceaSjsing * Cannot parse a non-default list without at least uncompressed. 1201f6b55ceaSjsing */ 1202f6b55ceaSjsing CBB_cleanup(&cbb); 120368934fd7Stb if (!CBB_init(&cbb, 0)) 120468934fd7Stb errx(1, "Failed to create CBB"); 1205f6b55ceaSjsing free(data); 1206f6b55ceaSjsing data = NULL; 1207f6b55ceaSjsing 1208f6b55ceaSjsing SSL_SESSION_free(ssl->session); 1209f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1210f6b55ceaSjsing errx(1, "failed to create session"); 1211f6b55ceaSjsing 1212f6b55ceaSjsing CBS_init(&cbs, tlsext_ecpf_hello_prime, 1213f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prime)); 1214c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1215cd527692Sjsing FAIL("must include uncompressed in server ECPointFormats\n"); 1216f6b55ceaSjsing goto err; 1217f6b55ceaSjsing } 1218239d31d9Sjsing if (CBS_len(&cbs) != 0) { 12192628ace5Stb FAIL("extension data remaining\n"); 1220239d31d9Sjsing goto err; 1221239d31d9Sjsing } 1222f6b55ceaSjsing 1223f6b55ceaSjsing /* 1224f6b55ceaSjsing * Test with a custom order that replaces the default uncompressed. 1225f6b55ceaSjsing */ 1226f6b55ceaSjsing CBB_cleanup(&cbb); 122768934fd7Stb if (!CBB_init(&cbb, 0)) 122868934fd7Stb errx(1, "Failed to create CBB"); 1229f6b55ceaSjsing free(data); 1230f6b55ceaSjsing data = NULL; 1231f6b55ceaSjsing 1232f6b55ceaSjsing SSL_SESSION_free(ssl->session); 1233f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1234f6b55ceaSjsing errx(1, "failed to create session"); 1235f6b55ceaSjsing 1236f6b55ceaSjsing /* Add a session list even though it will be ignored. */ 1237736ebdd8Sjsing if ((ssl->session->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) 1238f6b55ceaSjsing == NULL) { 1239f6b55ceaSjsing FAIL("server could not malloc\n"); 1240f6b55ceaSjsing goto err; 1241f6b55ceaSjsing } 1242736ebdd8Sjsing ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1243736ebdd8Sjsing ssl->session->tlsext_ecpointformatlist_length = 1; 1244f6b55ceaSjsing 1245f6b55ceaSjsing /* Replace the default list with a custom one. */ 12461ce7ecd4Sjsing if ((ssl->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) { 1247f6b55ceaSjsing FAIL("server could not malloc\n"); 1248f6b55ceaSjsing goto err; 1249f6b55ceaSjsing } 12501ce7ecd4Sjsing ssl->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 12511ce7ecd4Sjsing ssl->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed; 12521ce7ecd4Sjsing ssl->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 12531ce7ecd4Sjsing ssl->tlsext_ecpointformatlist_length = 3; 1254f6b55ceaSjsing 125527d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 1256cd527692Sjsing FAIL("server should need ECPointFormats\n"); 1257f6b55ceaSjsing goto err; 1258f6b55ceaSjsing } 1259f6b55ceaSjsing 126027d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1261cd527692Sjsing FAIL("server failed to build ECPointFormats\n"); 1262f6b55ceaSjsing goto err; 1263f6b55ceaSjsing } 1264f6b55ceaSjsing 1265f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1266d5ad68e5Stb errx(1, "failed to finish CBB"); 1267f6b55ceaSjsing 1268f6b55ceaSjsing if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { 1269cd527692Sjsing FAIL("got server ECPointFormats with length %zu, " 1270f6b55ceaSjsing "want length %zu\n", dlen, 1271f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1272f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1273f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1274f6b55ceaSjsing goto err; 1275f6b55ceaSjsing } 1276f6b55ceaSjsing 1277f6b55ceaSjsing if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { 1278cd527692Sjsing FAIL("server ECPointFormats differs:\n"); 1279f6b55ceaSjsing compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1280f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1281f6b55ceaSjsing goto err; 1282f6b55ceaSjsing } 1283f6b55ceaSjsing 1284f6b55ceaSjsing /* 1285f6b55ceaSjsing * Should be able to parse the custom list into a session list. 1286f6b55ceaSjsing */ 1287f6b55ceaSjsing CBB_cleanup(&cbb); 128868934fd7Stb if (!CBB_init(&cbb, 0)) 128968934fd7Stb errx(1, "Failed to create CBB"); 1290f6b55ceaSjsing free(data); 1291f6b55ceaSjsing data = NULL; 1292f6b55ceaSjsing 1293f6b55ceaSjsing SSL_SESSION_free(ssl->session); 1294f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1295f6b55ceaSjsing errx(1, "failed to create session"); 1296f6b55ceaSjsing 1297f6b55ceaSjsing /* Reset back to the default (uncompressed) */ 12981ce7ecd4Sjsing free(ssl->tlsext_ecpointformatlist); 12991ce7ecd4Sjsing ssl->tlsext_ecpointformatlist = NULL; 13001ce7ecd4Sjsing ssl->tlsext_ecpointformatlist_length = 0; 1301f6b55ceaSjsing 1302f6b55ceaSjsing CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1303f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order)); 1304c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1305cd527692Sjsing FAIL("failed to parse server ECPointFormats\n"); 1306f6b55ceaSjsing goto err; 1307f6b55ceaSjsing } 1308239d31d9Sjsing if (CBS_len(&cbs) != 0) { 13092628ace5Stb FAIL("extension data remaining\n"); 1310239d31d9Sjsing goto err; 1311239d31d9Sjsing } 1312f6b55ceaSjsing 1313736ebdd8Sjsing if (ssl->session->tlsext_ecpointformatlist_length != 1314f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1315cd527692Sjsing FAIL("no tlsext_ecpointformats from server " 1316f6b55ceaSjsing "ECPointFormats\n"); 1317f6b55ceaSjsing goto err; 1318f6b55ceaSjsing } 1319f6b55ceaSjsing 1320736ebdd8Sjsing if (memcmp(ssl->session->tlsext_ecpointformatlist, 1321f6b55ceaSjsing tlsext_ecpf_hello_prefer_order_val, 1322f6b55ceaSjsing sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { 1323cd527692Sjsing FAIL("server had an incorrect ECPointFormats entry\n"); 1324f6b55ceaSjsing goto err; 1325f6b55ceaSjsing } 1326f6b55ceaSjsing 1327f6b55ceaSjsing failure = 0; 1328f6b55ceaSjsing 1329f6b55ceaSjsing err: 1330f6b55ceaSjsing CBB_cleanup(&cbb); 1331f6b55ceaSjsing SSL_CTX_free(ssl_ctx); 1332f6b55ceaSjsing SSL_free(ssl); 1333f6b55ceaSjsing free(data); 1334f6b55ceaSjsing 1335f6b55ceaSjsing return (failure); 1336f6b55ceaSjsing } 1337f6b55ceaSjsing 1338f6b55ceaSjsing /* 1339f6b55ceaSjsing * Renegotiation Indication - RFC 5746. 1340f6b55ceaSjsing */ 1341f6b55ceaSjsing 13423fb21974Stb static const unsigned char tlsext_ri_prev_client[] = { 1343f6b55ceaSjsing 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1344f6b55ceaSjsing 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1345f6b55ceaSjsing }; 1346f6b55ceaSjsing 13473fb21974Stb static const unsigned char tlsext_ri_prev_server[] = { 1348f6b55ceaSjsing 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 1349f6b55ceaSjsing 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 1350f6b55ceaSjsing }; 1351f6b55ceaSjsing 13523fb21974Stb static const unsigned char tlsext_ri_client[] = { 1353f6b55ceaSjsing 0x10, 1354f6b55ceaSjsing 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1355f6b55ceaSjsing 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1356f6b55ceaSjsing }; 1357f6b55ceaSjsing 13583fb21974Stb static const unsigned char tlsext_ri_server[] = { 1359f6b55ceaSjsing 0x20, 1360f6b55ceaSjsing 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1361f6b55ceaSjsing 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1362f6b55ceaSjsing 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 1363f6b55ceaSjsing 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 1364f6b55ceaSjsing }; 1365f6b55ceaSjsing 1366f6b55ceaSjsing static int 1367cd527692Sjsing test_tlsext_ri_client(void) 1368f6b55ceaSjsing { 1369f6b55ceaSjsing unsigned char *data = NULL; 1370f6b55ceaSjsing SSL_CTX *ssl_ctx = NULL; 1371f6b55ceaSjsing SSL *ssl = NULL; 137227d3e8adStb const struct tls_extension_funcs *client_funcs; 137327d3e8adStb const struct tls_extension_funcs *server_funcs; 1374b0642daaSjsing int failure; 1375f6b55ceaSjsing size_t dlen; 1376f6b55ceaSjsing int alert; 1377f6b55ceaSjsing CBB cbb; 1378f6b55ceaSjsing CBS cbs; 1379f6b55ceaSjsing 1380b0642daaSjsing failure = 1; 1381b0642daaSjsing 138268934fd7Stb if (!CBB_init(&cbb, 0)) 138368934fd7Stb errx(1, "Failed to create CBB"); 1384f6b55ceaSjsing 1385f6b55ceaSjsing if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) 1386f6b55ceaSjsing errx(1, "failed to create SSL_CTX"); 1387f6b55ceaSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1388f6b55ceaSjsing errx(1, "failed to create SSL"); 1389f6b55ceaSjsing 139027d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs, 139127d3e8adStb &server_funcs)) 139227d3e8adStb errx(1, "failed to fetch ri funcs"); 139327d3e8adStb 139427d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 1395cd527692Sjsing FAIL("client should not need RI\n"); 1396b0642daaSjsing goto err; 1397f6b55ceaSjsing } 1398f6b55ceaSjsing 1399f6b55ceaSjsing if (!SSL_renegotiate(ssl)) { 1400b0642daaSjsing FAIL("client failed to set renegotiate\n"); 1401b0642daaSjsing goto err; 1402f6b55ceaSjsing } 1403f6b55ceaSjsing 140427d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 1405cd527692Sjsing FAIL("client should need RI\n"); 1406b0642daaSjsing goto err; 1407f6b55ceaSjsing } 1408f6b55ceaSjsing 1409f315d677Sjsing memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client, 1410f6b55ceaSjsing sizeof(tlsext_ri_prev_client)); 1411f315d677Sjsing ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 1412f6b55ceaSjsing 1413f315d677Sjsing ssl->s3->renegotiate_seen = 0; 1414f6b55ceaSjsing 141527d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1416cd527692Sjsing FAIL("client failed to build RI\n"); 1417b0642daaSjsing goto err; 1418f6b55ceaSjsing } 1419f6b55ceaSjsing 1420f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1421d5ad68e5Stb errx(1, "failed to finish CBB"); 1422f6b55ceaSjsing 1423cd527692Sjsing if (dlen != sizeof(tlsext_ri_client)) { 1424cd527692Sjsing FAIL("got client RI with length %zu, " 1425cd527692Sjsing "want length %zu\n", dlen, sizeof(tlsext_ri_client)); 1426b0642daaSjsing goto err; 1427f6b55ceaSjsing } 1428f6b55ceaSjsing 1429cd527692Sjsing if (memcmp(data, tlsext_ri_client, dlen) != 0) { 1430cd527692Sjsing FAIL("client RI differs:\n"); 1431f6b55ceaSjsing fprintf(stderr, "received:\n"); 1432f6b55ceaSjsing hexdump(data, dlen); 1433f6b55ceaSjsing fprintf(stderr, "test data:\n"); 1434cd527692Sjsing hexdump(tlsext_ri_client, sizeof(tlsext_ri_client)); 1435b0642daaSjsing goto err; 1436f6b55ceaSjsing } 1437f6b55ceaSjsing 1438cd527692Sjsing CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1439c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1440cd527692Sjsing FAIL("failed to parse client RI\n"); 1441b0642daaSjsing goto err; 1442f6b55ceaSjsing } 1443239d31d9Sjsing if (CBS_len(&cbs) != 0) { 14442628ace5Stb FAIL("extension data remaining\n"); 1445239d31d9Sjsing goto err; 1446239d31d9Sjsing } 1447f6b55ceaSjsing 1448f315d677Sjsing if (ssl->s3->renegotiate_seen != 1) { 1449b0642daaSjsing FAIL("renegotiate seen not set\n"); 1450b0642daaSjsing goto err; 1451f6b55ceaSjsing } 1452f315d677Sjsing if (ssl->s3->send_connection_binding != 1) { 1453b0642daaSjsing FAIL("send connection binding not set\n"); 1454b0642daaSjsing goto err; 1455f6b55ceaSjsing } 1456f6b55ceaSjsing 1457f315d677Sjsing memset(ssl->s3->previous_client_finished, 0, 1458f315d677Sjsing sizeof(ssl->s3->previous_client_finished)); 1459f6b55ceaSjsing 1460f315d677Sjsing ssl->s3->renegotiate_seen = 0; 1461f6b55ceaSjsing 1462cd527692Sjsing CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1463c8946a7fSjsing if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1464cd527692Sjsing FAIL("parsed invalid client RI\n"); 1465b0642daaSjsing goto err; 1466f6b55ceaSjsing } 1467f6b55ceaSjsing 1468f315d677Sjsing if (ssl->s3->renegotiate_seen == 1) { 1469b0642daaSjsing FAIL("renegotiate seen set\n"); 1470b0642daaSjsing goto err; 1471f6b55ceaSjsing } 1472f6b55ceaSjsing 1473b0642daaSjsing failure = 0; 1474b0642daaSjsing 1475b0642daaSjsing err: 1476f6b55ceaSjsing CBB_cleanup(&cbb); 1477f6b55ceaSjsing SSL_CTX_free(ssl_ctx); 1478f6b55ceaSjsing SSL_free(ssl); 1479f6b55ceaSjsing free(data); 1480f6b55ceaSjsing 1481f6b55ceaSjsing return (failure); 1482f6b55ceaSjsing } 1483f6b55ceaSjsing 1484f6b55ceaSjsing static int 1485cd527692Sjsing test_tlsext_ri_server(void) 1486f6b55ceaSjsing { 1487f6b55ceaSjsing unsigned char *data = NULL; 1488f6b55ceaSjsing SSL_CTX *ssl_ctx = NULL; 1489f6b55ceaSjsing SSL *ssl = NULL; 149027d3e8adStb const struct tls_extension_funcs *client_funcs; 149127d3e8adStb const struct tls_extension_funcs *server_funcs; 1492b0642daaSjsing int failure; 1493f6b55ceaSjsing size_t dlen; 1494f6b55ceaSjsing int alert; 1495f6b55ceaSjsing CBB cbb; 1496f6b55ceaSjsing CBS cbs; 1497f6b55ceaSjsing 1498b0642daaSjsing failure = 1; 1499b0642daaSjsing 150068934fd7Stb if (!CBB_init(&cbb, 0)) 150168934fd7Stb errx(1, "Failed to create CBB"); 1502f6b55ceaSjsing 1503f6b55ceaSjsing if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1504f6b55ceaSjsing errx(1, "failed to create SSL_CTX"); 1505f6b55ceaSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1506f6b55ceaSjsing errx(1, "failed to create SSL"); 1507f6b55ceaSjsing 150827d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_renegotiate, &client_funcs, 150927d3e8adStb &server_funcs)) 151027d3e8adStb errx(1, "failed to fetch ri funcs"); 151127d3e8adStb 151293105f9cSjsing ssl->version = TLS1_2_VERSION; 151327d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 1514cd527692Sjsing FAIL("server should not need RI\n"); 1515b0642daaSjsing goto err; 1516f6b55ceaSjsing } 1517f6b55ceaSjsing 1518f315d677Sjsing ssl->s3->send_connection_binding = 1; 1519f6b55ceaSjsing 152027d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 1521cd527692Sjsing FAIL("server should need RI\n"); 1522b0642daaSjsing goto err; 1523f6b55ceaSjsing } 1524f6b55ceaSjsing 1525f315d677Sjsing memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client, 1526f6b55ceaSjsing sizeof(tlsext_ri_prev_client)); 1527f315d677Sjsing ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 1528f6b55ceaSjsing 1529f315d677Sjsing memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server, 1530f6b55ceaSjsing sizeof(tlsext_ri_prev_server)); 1531f315d677Sjsing ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server); 1532f6b55ceaSjsing 1533f315d677Sjsing ssl->s3->renegotiate_seen = 0; 1534f6b55ceaSjsing 153527d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1536cd527692Sjsing FAIL("server failed to build RI\n"); 1537b0642daaSjsing goto err; 1538f6b55ceaSjsing } 1539f6b55ceaSjsing 1540f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1541d5ad68e5Stb errx(1, "failed to finish CBB"); 1542f6b55ceaSjsing 1543cd527692Sjsing if (dlen != sizeof(tlsext_ri_server)) { 1544cd527692Sjsing FAIL("got server RI with length %zu, " 1545cd527692Sjsing "want length %zu\n", dlen, sizeof(tlsext_ri_server)); 1546b0642daaSjsing goto err; 1547f6b55ceaSjsing } 1548f6b55ceaSjsing 1549cd527692Sjsing if (memcmp(data, tlsext_ri_server, dlen) != 0) { 1550cd527692Sjsing FAIL("server RI differs:\n"); 1551f6b55ceaSjsing fprintf(stderr, "received:\n"); 1552f6b55ceaSjsing hexdump(data, dlen); 1553f6b55ceaSjsing fprintf(stderr, "test data:\n"); 1554cd527692Sjsing hexdump(tlsext_ri_server, sizeof(tlsext_ri_server)); 1555b0642daaSjsing goto err; 1556f6b55ceaSjsing } 1557f6b55ceaSjsing 1558cd527692Sjsing CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1559c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1560cd527692Sjsing FAIL("failed to parse server RI\n"); 1561b0642daaSjsing goto err; 1562f6b55ceaSjsing } 1563239d31d9Sjsing if (CBS_len(&cbs) != 0) { 15642628ace5Stb FAIL("extension data remaining\n"); 1565239d31d9Sjsing goto err; 1566239d31d9Sjsing } 1567f6b55ceaSjsing 1568f315d677Sjsing if (ssl->s3->renegotiate_seen != 1) { 1569b0642daaSjsing FAIL("renegotiate seen not set\n"); 1570b0642daaSjsing goto err; 1571f6b55ceaSjsing } 1572f315d677Sjsing if (ssl->s3->send_connection_binding != 1) { 1573b0642daaSjsing FAIL("send connection binding not set\n"); 1574b0642daaSjsing goto err; 1575f6b55ceaSjsing } 1576f6b55ceaSjsing 1577f315d677Sjsing memset(ssl->s3->previous_client_finished, 0, 1578f315d677Sjsing sizeof(ssl->s3->previous_client_finished)); 1579f315d677Sjsing memset(ssl->s3->previous_server_finished, 0, 1580f315d677Sjsing sizeof(ssl->s3->previous_server_finished)); 1581f6b55ceaSjsing 1582f315d677Sjsing ssl->s3->renegotiate_seen = 0; 1583f6b55ceaSjsing 1584cd527692Sjsing CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1585c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1586cd527692Sjsing FAIL("parsed invalid server RI\n"); 1587b0642daaSjsing goto err; 1588f6b55ceaSjsing } 1589f6b55ceaSjsing 1590f315d677Sjsing if (ssl->s3->renegotiate_seen == 1) { 1591b0642daaSjsing FAIL("renegotiate seen set\n"); 1592b0642daaSjsing goto err; 1593f6b55ceaSjsing } 1594f6b55ceaSjsing 1595b0642daaSjsing failure = 0; 1596b0642daaSjsing 1597b0642daaSjsing err: 1598f6b55ceaSjsing CBB_cleanup(&cbb); 1599f6b55ceaSjsing SSL_CTX_free(ssl_ctx); 1600f6b55ceaSjsing SSL_free(ssl); 1601f6b55ceaSjsing free(data); 1602f6b55ceaSjsing 1603f6b55ceaSjsing return (failure); 1604f6b55ceaSjsing } 1605f6b55ceaSjsing 1606f6b55ceaSjsing /* 1607c0ed19ddSjsing * Signature Algorithms - RFC 5246 section 7.4.1.4.1. 1608c0ed19ddSjsing */ 1609c0ed19ddSjsing 16103fb21974Stb static const unsigned char tlsext_sigalgs_client[] = { 1611dec63d9fSbeck 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 1612dec63d9fSbeck 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 1613dec63d9fSbeck 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 1614c0ed19ddSjsing }; 1615c0ed19ddSjsing 1616c0ed19ddSjsing static int 1617cd527692Sjsing test_tlsext_sigalgs_client(void) 1618c0ed19ddSjsing { 1619c0ed19ddSjsing unsigned char *data = NULL; 1620c0ed19ddSjsing SSL_CTX *ssl_ctx = NULL; 1621c0ed19ddSjsing SSL *ssl = NULL; 162227d3e8adStb const struct tls_extension_funcs *client_funcs; 162327d3e8adStb const struct tls_extension_funcs *server_funcs; 162412e31becStb int failure; 1625c0ed19ddSjsing size_t dlen; 1626c0ed19ddSjsing int alert; 1627c0ed19ddSjsing CBB cbb; 1628c0ed19ddSjsing CBS cbs; 1629c0ed19ddSjsing 163012e31becStb failure = 1; 163112e31becStb 163268934fd7Stb if (!CBB_init(&cbb, 0)) 163368934fd7Stb errx(1, "Failed to create CBB"); 1634c0ed19ddSjsing 1635c0ed19ddSjsing if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 1636c0ed19ddSjsing errx(1, "failed to create SSL_CTX"); 1637c0ed19ddSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1638c0ed19ddSjsing errx(1, "failed to create SSL"); 1639c0ed19ddSjsing 164027d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_signature_algorithms, 164127d3e8adStb &client_funcs, &server_funcs)) 164227d3e8adStb errx(1, "failed to fetch sigalgs funcs"); 164327d3e8adStb 1644f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; 1645c0ed19ddSjsing 164627d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 164733d66f96Stb FAIL("client should not need sigalgs\n"); 1648c0ed19ddSjsing goto done; 1649c0ed19ddSjsing } 1650c0ed19ddSjsing 1651f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 1652c0ed19ddSjsing 165327d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 165433d66f96Stb FAIL("client should need sigalgs\n"); 1655c0ed19ddSjsing goto done; 1656c0ed19ddSjsing } 1657c0ed19ddSjsing 165827d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 165933d66f96Stb FAIL("client failed to build sigalgs\n"); 1660c0ed19ddSjsing goto done; 1661c0ed19ddSjsing } 1662c0ed19ddSjsing 1663c0ed19ddSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1664d5ad68e5Stb errx(1, "failed to finish CBB"); 1665c0ed19ddSjsing 1666cd527692Sjsing if (dlen != sizeof(tlsext_sigalgs_client)) { 166733d66f96Stb FAIL("got client sigalgs length %zu, " 1668cd527692Sjsing "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); 1669c0ed19ddSjsing goto done; 1670c0ed19ddSjsing } 1671c0ed19ddSjsing 1672cd527692Sjsing if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) { 167333d66f96Stb FAIL("client SNI differs:\n"); 1674c0ed19ddSjsing fprintf(stderr, "received:\n"); 1675c0ed19ddSjsing hexdump(data, dlen); 1676c0ed19ddSjsing fprintf(stderr, "test data:\n"); 1677cd527692Sjsing hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1678c0ed19ddSjsing goto done; 1679c0ed19ddSjsing } 1680c0ed19ddSjsing 1681cd527692Sjsing CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1682c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 168333d66f96Stb FAIL("failed to parse client SNI\n"); 1684c0ed19ddSjsing goto done; 1685c0ed19ddSjsing } 1686239d31d9Sjsing if (CBS_len(&cbs) != 0) { 16872628ace5Stb FAIL("extension data remaining\n"); 1688239d31d9Sjsing goto done; 1689239d31d9Sjsing } 1690c0ed19ddSjsing 169112e31becStb failure = 0; 169212e31becStb 1693c0ed19ddSjsing done: 1694c0ed19ddSjsing CBB_cleanup(&cbb); 1695c0ed19ddSjsing SSL_CTX_free(ssl_ctx); 1696c0ed19ddSjsing SSL_free(ssl); 1697c0ed19ddSjsing free(data); 1698c0ed19ddSjsing 1699c0ed19ddSjsing return (failure); 1700c0ed19ddSjsing } 1701c0ed19ddSjsing 1702546a02b9Sbeck #if 0 1703c0ed19ddSjsing static int 1704cd527692Sjsing test_tlsext_sigalgs_server(void) 1705c0ed19ddSjsing { 1706c0ed19ddSjsing unsigned char *data = NULL; 1707c0ed19ddSjsing SSL_CTX *ssl_ctx = NULL; 1708c0ed19ddSjsing SSL *ssl = NULL; 170927d3e8adStb const struct tls_extension_funcs *client_funcs; 171027d3e8adStb const struct tls_extension_funcs *server_funcs; 171112e31becStb int failure; 1712c0ed19ddSjsing size_t dlen; 1713c0ed19ddSjsing int alert; 1714c0ed19ddSjsing CBB cbb; 1715c0ed19ddSjsing CBS cbs; 1716c0ed19ddSjsing 171712e31becStb failure = 1; 171812e31becStb 171968934fd7Stb if (!CBB_init(&cbb, 0)) 172068934fd7Stb errx(1, "Failed to create CBB"); 1721c0ed19ddSjsing 1722c0ed19ddSjsing if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1723c0ed19ddSjsing errx(1, "failed to create SSL_CTX"); 1724c0ed19ddSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1725c0ed19ddSjsing errx(1, "failed to create SSL"); 1726c0ed19ddSjsing 172727d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs, 172827d3e8adStb &server_funcs)) 172927d3e8adStb errx(1, "failed to fetch sigalgs funcs"); 173027d3e8adStb 173127d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 173233d66f96Stb FAIL("server should not need sigalgs\n"); 1733c0ed19ddSjsing goto done; 1734c0ed19ddSjsing } 1735c0ed19ddSjsing 173627d3e8adStb if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 173733d66f96Stb FAIL("server should not build sigalgs\n"); 1738c0ed19ddSjsing goto done; 1739c0ed19ddSjsing } 1740c0ed19ddSjsing 1741c0ed19ddSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1742d5ad68e5Stb errx(1, "failed to finish CBB"); 1743c0ed19ddSjsing 1744cd527692Sjsing CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1745c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 174633d66f96Stb FAIL("server should not parse sigalgs\n"); 1747c0ed19ddSjsing goto done; 1748c0ed19ddSjsing } 1749c0ed19ddSjsing 175012e31becStb failure = 0; 175112e31becStb 1752c0ed19ddSjsing done: 1753c0ed19ddSjsing CBB_cleanup(&cbb); 1754c0ed19ddSjsing SSL_CTX_free(ssl_ctx); 1755c0ed19ddSjsing SSL_free(ssl); 1756c0ed19ddSjsing free(data); 1757c0ed19ddSjsing 1758c0ed19ddSjsing return (failure); 1759c0ed19ddSjsing } 1760546a02b9Sbeck #endif 1761c0ed19ddSjsing 1762c0ed19ddSjsing /* 1763f6b55ceaSjsing * Server Name Indication - RFC 6066 section 3. 1764f6b55ceaSjsing */ 1765f6b55ceaSjsing 1766f6b55ceaSjsing #define TEST_SNI_SERVERNAME "www.libressl.org" 1767f6b55ceaSjsing 17683fb21974Stb static const unsigned char tlsext_sni_client[] = { 1769f6b55ceaSjsing 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77, 1770f6b55ceaSjsing 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73, 1771f6b55ceaSjsing 0x6c, 0x2e, 0x6f, 0x72, 0x67, 1772f6b55ceaSjsing }; 1773f6b55ceaSjsing 17741964a63aStb /* An empty array is an incomplete type and sizeof() is undefined. */ 17753fb21974Stb static const unsigned char tlsext_sni_server[] = { 17761964a63aStb 0x00, 1777f6b55ceaSjsing }; 17781964a63aStb static size_t tlsext_sni_server_len = 0; 1779f6b55ceaSjsing 1780f6b55ceaSjsing static int 1781cd527692Sjsing test_tlsext_sni_client(void) 1782f6b55ceaSjsing { 1783f6b55ceaSjsing unsigned char *data = NULL; 1784f6b55ceaSjsing SSL_CTX *ssl_ctx = NULL; 1785f6b55ceaSjsing SSL *ssl = NULL; 178627d3e8adStb const struct tls_extension_funcs *client_funcs; 178727d3e8adStb const struct tls_extension_funcs *server_funcs; 1788b0642daaSjsing int failure; 1789f6b55ceaSjsing size_t dlen; 1790f6b55ceaSjsing int alert; 1791f6b55ceaSjsing CBB cbb; 1792f6b55ceaSjsing CBS cbs; 1793f6b55ceaSjsing 1794b0642daaSjsing failure = 1; 1795b0642daaSjsing 17962e25cc2dStb if (!CBB_init(&cbb, 0)) 17972e25cc2dStb errx(1, "Failed to create CBB"); 17982e25cc2dStb 1799f6b55ceaSjsing if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 1800f6b55ceaSjsing errx(1, "failed to create SSL_CTX"); 1801f6b55ceaSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1802f6b55ceaSjsing errx(1, "failed to create SSL"); 1803f6b55ceaSjsing 180427d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs, 180527d3e8adStb &server_funcs)) 180627d3e8adStb errx(1, "failed to fetch sni funcs"); 180727d3e8adStb 180827d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 1809cd527692Sjsing FAIL("client should not need SNI\n"); 1810b0642daaSjsing goto err; 1811f6b55ceaSjsing } 1812f6b55ceaSjsing 1813f6b55ceaSjsing if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) { 1814b0642daaSjsing FAIL("client failed to set server name\n"); 1815b0642daaSjsing goto err; 1816f6b55ceaSjsing } 1817f6b55ceaSjsing 181827d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 1819cd527692Sjsing FAIL("client should need SNI\n"); 1820b0642daaSjsing goto err; 1821f6b55ceaSjsing } 1822f6b55ceaSjsing 182327d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1824cd527692Sjsing FAIL("client failed to build SNI\n"); 1825b0642daaSjsing goto err; 1826f6b55ceaSjsing } 1827f6b55ceaSjsing 18286cba937dSbeck if (!CBB_finish(&cbb, &data, &dlen)) { 18296cba937dSbeck FAIL("failed to finish CBB"); 18306cba937dSbeck goto err; 18316cba937dSbeck } 1832f6b55ceaSjsing 1833cd527692Sjsing if (dlen != sizeof(tlsext_sni_client)) { 1834cd527692Sjsing FAIL("got client SNI with length %zu, " 1835cd527692Sjsing "want length %zu\n", dlen, sizeof(tlsext_sni_client)); 1836b0642daaSjsing goto err; 1837f6b55ceaSjsing } 1838f6b55ceaSjsing 1839cd527692Sjsing if (memcmp(data, tlsext_sni_client, dlen) != 0) { 1840cd527692Sjsing FAIL("client SNI differs:\n"); 1841f6b55ceaSjsing fprintf(stderr, "received:\n"); 1842f6b55ceaSjsing hexdump(data, dlen); 1843f6b55ceaSjsing fprintf(stderr, "test data:\n"); 1844cd527692Sjsing hexdump(tlsext_sni_client, sizeof(tlsext_sni_client)); 1845b0642daaSjsing goto err; 1846f6b55ceaSjsing } 1847f6b55ceaSjsing 184873c65e27Sjsing /* 184973c65e27Sjsing * SSL_set_tlsext_host_name() may be called with a NULL host name to 185073c65e27Sjsing * disable SNI. 185173c65e27Sjsing */ 185273c65e27Sjsing if (!SSL_set_tlsext_host_name(ssl, NULL)) { 185373c65e27Sjsing FAIL("cannot set host name to NULL"); 185473c65e27Sjsing goto err; 185573c65e27Sjsing } 185673c65e27Sjsing 185727d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 185873c65e27Sjsing FAIL("client should not need SNI\n"); 185973c65e27Sjsing goto err; 186073c65e27Sjsing } 186173c65e27Sjsing 18626cba937dSbeck if ((ssl->session = SSL_SESSION_new()) == NULL) { 18636cba937dSbeck FAIL("failed to create session"); 18646cba937dSbeck goto err; 18656cba937dSbeck } 1866f6b55ceaSjsing 18671ce7ecd4Sjsing ssl->hit = 0; 1868f6b55ceaSjsing 1869cd527692Sjsing CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1870c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1871cd527692Sjsing FAIL("failed to parse client SNI\n"); 1872b0642daaSjsing goto err; 1873f6b55ceaSjsing } 1874239d31d9Sjsing if (CBS_len(&cbs) != 0) { 18752628ace5Stb FAIL("extension data remaining\n"); 1876239d31d9Sjsing goto err; 1877239d31d9Sjsing } 1878f6b55ceaSjsing 1879f6b55ceaSjsing if (ssl->session->tlsext_hostname == NULL) { 1880cd527692Sjsing FAIL("no tlsext_hostname from client SNI\n"); 1881b0642daaSjsing goto err; 1882f6b55ceaSjsing } 1883f6b55ceaSjsing 1884f6b55ceaSjsing if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || 1885f6b55ceaSjsing strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME, 1886f6b55ceaSjsing strlen(TEST_SNI_SERVERNAME)) != 0) { 1887b0642daaSjsing FAIL("got tlsext_hostname `%s', want `%s'\n", 1888f6b55ceaSjsing ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME); 1889b0642daaSjsing goto err; 1890f6b55ceaSjsing } 1891f6b55ceaSjsing 18921ce7ecd4Sjsing ssl->hit = 1; 1893f6b55ceaSjsing 18946cba937dSbeck free(ssl->session->tlsext_hostname); 1895f6b55ceaSjsing if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == 18966cba937dSbeck NULL) { 18976cba937dSbeck FAIL("failed to strdup tlsext_hostname"); 18986cba937dSbeck goto err; 18996cba937dSbeck } 1900f6b55ceaSjsing 1901cd527692Sjsing CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1902c8946a7fSjsing if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1903cd527692Sjsing FAIL("parsed client with mismatched SNI\n"); 1904b0642daaSjsing goto err; 1905f6b55ceaSjsing } 1906f6b55ceaSjsing 1907b0642daaSjsing failure = 0; 1908b0642daaSjsing 1909b0642daaSjsing err: 1910f6b55ceaSjsing CBB_cleanup(&cbb); 1911f6b55ceaSjsing SSL_CTX_free(ssl_ctx); 1912f6b55ceaSjsing SSL_free(ssl); 1913f6b55ceaSjsing free(data); 1914f6b55ceaSjsing 1915f6b55ceaSjsing return (failure); 1916f6b55ceaSjsing } 1917f6b55ceaSjsing 1918f6b55ceaSjsing static int 1919cd527692Sjsing test_tlsext_sni_server(void) 1920f6b55ceaSjsing { 1921f6b55ceaSjsing unsigned char *data = NULL; 1922f6b55ceaSjsing SSL_CTX *ssl_ctx = NULL; 1923f6b55ceaSjsing SSL *ssl = NULL; 192427d3e8adStb const struct tls_extension_funcs *client_funcs; 192527d3e8adStb const struct tls_extension_funcs *server_funcs; 1926b0642daaSjsing int failure; 1927f6b55ceaSjsing size_t dlen; 1928f6b55ceaSjsing int alert; 1929f6b55ceaSjsing CBB cbb; 1930f6b55ceaSjsing CBS cbs; 1931f6b55ceaSjsing 1932b0642daaSjsing failure = 1; 1933b0642daaSjsing 193468934fd7Stb if (!CBB_init(&cbb, 0)) 193568934fd7Stb errx(1, "Failed to create CBB"); 1936f6b55ceaSjsing 1937f6b55ceaSjsing if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1938f6b55ceaSjsing errx(1, "failed to create SSL_CTX"); 1939f6b55ceaSjsing if ((ssl = SSL_new(ssl_ctx)) == NULL) 1940f6b55ceaSjsing errx(1, "failed to create SSL"); 1941f6b55ceaSjsing 194227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_server_name, &client_funcs, 194327d3e8adStb &server_funcs)) 194427d3e8adStb errx(1, "failed to fetch sni funcs"); 194527d3e8adStb 1946f6b55ceaSjsing if ((ssl->session = SSL_SESSION_new()) == NULL) 1947f6b55ceaSjsing errx(1, "failed to create session"); 1948f6b55ceaSjsing 194927d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 1950cd527692Sjsing FAIL("server should not need SNI\n"); 1951b0642daaSjsing goto err; 1952f6b55ceaSjsing } 1953f6b55ceaSjsing 1954f6b55ceaSjsing if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) { 1955b0642daaSjsing FAIL("client failed to set server name\n"); 1956b0642daaSjsing goto err; 1957f6b55ceaSjsing } 1958f6b55ceaSjsing 1959f6b55ceaSjsing if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) == 1960f6b55ceaSjsing NULL) 1961f6b55ceaSjsing errx(1, "failed to strdup tlsext_hostname"); 1962f6b55ceaSjsing 196327d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 1964cd527692Sjsing FAIL("server should need SNI\n"); 1965b0642daaSjsing goto err; 1966f6b55ceaSjsing } 1967f6b55ceaSjsing 196827d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1969cd527692Sjsing FAIL("server failed to build SNI\n"); 1970b0642daaSjsing goto err; 1971f6b55ceaSjsing } 1972f6b55ceaSjsing 1973f6b55ceaSjsing if (!CBB_finish(&cbb, &data, &dlen)) 1974d5ad68e5Stb errx(1, "failed to finish CBB"); 1975f6b55ceaSjsing 19761964a63aStb if (dlen != tlsext_sni_server_len) { 1977cd527692Sjsing FAIL("got server SNI with length %zu, " 19781964a63aStb "want length %zu\n", dlen, tlsext_sni_server_len); 1979b0642daaSjsing goto err; 1980f6b55ceaSjsing } 1981f6b55ceaSjsing 1982cd527692Sjsing if (memcmp(data, tlsext_sni_server, dlen) != 0) { 1983cd527692Sjsing FAIL("server SNI differs:\n"); 1984f6b55ceaSjsing fprintf(stderr, "received:\n"); 1985f6b55ceaSjsing hexdump(data, dlen); 1986f6b55ceaSjsing fprintf(stderr, "test data:\n"); 19871964a63aStb hexdump(tlsext_sni_server, tlsext_sni_server_len); 1988b0642daaSjsing goto err; 1989f6b55ceaSjsing } 1990f6b55ceaSjsing 1991f6b55ceaSjsing free(ssl->session->tlsext_hostname); 1992f6b55ceaSjsing ssl->session->tlsext_hostname = NULL; 1993f6b55ceaSjsing 19941964a63aStb CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len); 1995c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1996cd527692Sjsing FAIL("failed to parse server SNI\n"); 1997b0642daaSjsing goto err; 1998f6b55ceaSjsing } 1999239d31d9Sjsing if (CBS_len(&cbs) != 0) { 20002628ace5Stb FAIL("extension data remaining\n"); 2001239d31d9Sjsing goto err; 2002239d31d9Sjsing } 2003f6b55ceaSjsing 2004f6b55ceaSjsing if (ssl->session->tlsext_hostname == NULL) { 2005cd527692Sjsing FAIL("no tlsext_hostname after server SNI\n"); 2006b0642daaSjsing goto err; 2007f6b55ceaSjsing } 2008f6b55ceaSjsing 2009f6b55ceaSjsing if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || 2010f6b55ceaSjsing strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME, 2011f6b55ceaSjsing strlen(TEST_SNI_SERVERNAME)) != 0) { 2012b0642daaSjsing FAIL("got tlsext_hostname `%s', want `%s'\n", 2013f6b55ceaSjsing ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME); 2014b0642daaSjsing goto err; 2015f6b55ceaSjsing } 2016f6b55ceaSjsing 2017b0642daaSjsing failure = 0; 2018b0642daaSjsing 2019b0642daaSjsing err: 2020f6b55ceaSjsing CBB_cleanup(&cbb); 2021f6b55ceaSjsing SSL_CTX_free(ssl_ctx); 2022f6b55ceaSjsing SSL_free(ssl); 2023f6b55ceaSjsing free(data); 2024f6b55ceaSjsing 2025f6b55ceaSjsing return (failure); 2026f6b55ceaSjsing } 2027f6b55ceaSjsing 20288385bbf8Sbeck 20298385bbf8Sbeck /* 203042c3ded1Sjsing * QUIC transport parameters extension - RFC 90210 :) 20318385bbf8Sbeck */ 20328385bbf8Sbeck 20337e13f709Stb static const unsigned char tlsext_quic_transport_data[] = { 203442c3ded1Sjsing 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 203542c3ded1Sjsing 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 20368385bbf8Sbeck }; 20378385bbf8Sbeck 20388385bbf8Sbeck static int 20398385bbf8Sbeck test_tlsext_quic_transport_parameters_client(void) 20408385bbf8Sbeck { 20413fb97fedStb const SSL_QUIC_METHOD quic_method = {0}; 20428385bbf8Sbeck unsigned char *data = NULL; 20438385bbf8Sbeck SSL_CTX *ssl_ctx = NULL; 20448385bbf8Sbeck SSL *ssl = NULL; 204527d3e8adStb const struct tls_extension_funcs *client_funcs; 204627d3e8adStb const struct tls_extension_funcs *server_funcs; 20478385bbf8Sbeck int failure; 20488385bbf8Sbeck size_t dlen; 20498385bbf8Sbeck CBB cbb; 20508385bbf8Sbeck CBS cbs; 20518385bbf8Sbeck int alert; 20528385bbf8Sbeck const uint8_t *out_bytes; 20538385bbf8Sbeck size_t out_bytes_len; 20548385bbf8Sbeck 20558385bbf8Sbeck failure = 1; 20568385bbf8Sbeck 20572e25cc2dStb if (!CBB_init(&cbb, 0)) 20582e25cc2dStb errx(1, "Failed to create CBB"); 20592e25cc2dStb 20608385bbf8Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 20618385bbf8Sbeck errx(1, "failed to create SSL_CTX"); 20628385bbf8Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 20638385bbf8Sbeck errx(1, "failed to create SSL"); 20648385bbf8Sbeck 206527d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters, 206627d3e8adStb &client_funcs, &server_funcs)) 206727d3e8adStb errx(1, "failed to fetch quic transport parameter funcs"); 206827d3e8adStb 206927d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 20708385bbf8Sbeck FAIL("client should not need QUIC\n"); 20718385bbf8Sbeck goto err; 20728385bbf8Sbeck } 20738385bbf8Sbeck 20748385bbf8Sbeck if (!SSL_set_quic_transport_params(ssl, 20757e13f709Stb tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data))) { 2076*9b9a8f8cStb FAIL("client failed to set QUIC parameters\n"); 20778385bbf8Sbeck goto err; 20788385bbf8Sbeck } 20798385bbf8Sbeck 208027d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 20818385bbf8Sbeck FAIL("client should not need QUIC\n"); 20828385bbf8Sbeck goto err; 20838385bbf8Sbeck } 20848385bbf8Sbeck 20858385bbf8Sbeck ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 20868385bbf8Sbeck ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; 20878385bbf8Sbeck 208827d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 20898385bbf8Sbeck FAIL("client should not need QUIC\n"); 20908385bbf8Sbeck goto err; 20918385bbf8Sbeck } 20928385bbf8Sbeck 2093a8826516Sjsing ssl->quic_method = &quic_method; 209442c3ded1Sjsing 209527d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 209642c3ded1Sjsing FAIL("client should need QUIC\n"); 209742c3ded1Sjsing goto err; 209842c3ded1Sjsing } 209942c3ded1Sjsing 210027d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 21018385bbf8Sbeck FAIL("client failed to build QUIC\n"); 21028385bbf8Sbeck goto err; 21038385bbf8Sbeck } 21048385bbf8Sbeck 21058385bbf8Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 21068385bbf8Sbeck FAIL("failed to finish CBB"); 21078385bbf8Sbeck goto err; 21088385bbf8Sbeck } 21098385bbf8Sbeck 21108385bbf8Sbeck if (dlen != sizeof(tlsext_quic_transport_data)) { 21118385bbf8Sbeck FAIL("got client QUIC with length %zu, " 21128385bbf8Sbeck "want length %zu\n", dlen, 21138385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 21148385bbf8Sbeck goto err; 21158385bbf8Sbeck } 21168385bbf8Sbeck 21178385bbf8Sbeck if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) { 21188385bbf8Sbeck FAIL("client QUIC differs:\n"); 21198385bbf8Sbeck fprintf(stderr, "received:\n"); 21208385bbf8Sbeck hexdump(data, dlen); 21218385bbf8Sbeck fprintf(stderr, "test data:\n"); 21228385bbf8Sbeck hexdump(tlsext_quic_transport_data, 21238385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 21248385bbf8Sbeck goto err; 21258385bbf8Sbeck } 21268385bbf8Sbeck 21278385bbf8Sbeck CBS_init(&cbs, tlsext_quic_transport_data, 21288385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 2129c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 21308385bbf8Sbeck FAIL("server_parse of QUIC from server failed\n"); 21318385bbf8Sbeck goto err; 21328385bbf8Sbeck } 21338385bbf8Sbeck if (CBS_len(&cbs) != 0) { 21348385bbf8Sbeck FAIL("extension data remaining\n"); 21358385bbf8Sbeck goto err; 21368385bbf8Sbeck } 21378385bbf8Sbeck 21388385bbf8Sbeck SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len); 21398385bbf8Sbeck 21407e13f709Stb if (out_bytes_len != sizeof(tlsext_quic_transport_data)) { 21418385bbf8Sbeck FAIL("server_parse QUIC length differs, got %zu want %zu\n", 21428385bbf8Sbeck out_bytes_len, 21438385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 21448385bbf8Sbeck goto err; 21458385bbf8Sbeck } 21468385bbf8Sbeck 21477e13f709Stb if (memcmp(out_bytes, tlsext_quic_transport_data, 21488385bbf8Sbeck out_bytes_len) != 0) { 21498385bbf8Sbeck FAIL("server_parse QUIC differs from sent:\n"); 21508385bbf8Sbeck fprintf(stderr, "received:\n"); 21518385bbf8Sbeck hexdump(data, dlen); 21528385bbf8Sbeck fprintf(stderr, "test data:\n"); 21538385bbf8Sbeck hexdump(tlsext_quic_transport_data, 21548385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 21558385bbf8Sbeck goto err; 21568385bbf8Sbeck } 21578385bbf8Sbeck 21588385bbf8Sbeck failure = 0; 21598385bbf8Sbeck 21608385bbf8Sbeck err: 21618385bbf8Sbeck CBB_cleanup(&cbb); 21628385bbf8Sbeck SSL_CTX_free(ssl_ctx); 21638385bbf8Sbeck SSL_free(ssl); 21648385bbf8Sbeck free(data); 21658385bbf8Sbeck 21668385bbf8Sbeck return (failure); 21678385bbf8Sbeck } 21688385bbf8Sbeck 21698385bbf8Sbeck static int 21708385bbf8Sbeck test_tlsext_quic_transport_parameters_server(void) 21718385bbf8Sbeck { 21723fb97fedStb const SSL_QUIC_METHOD quic_method = {0}; 21738385bbf8Sbeck unsigned char *data = NULL; 21748385bbf8Sbeck SSL_CTX *ssl_ctx = NULL; 21758385bbf8Sbeck SSL *ssl = NULL; 217627d3e8adStb const struct tls_extension_funcs *client_funcs; 217727d3e8adStb const struct tls_extension_funcs *server_funcs; 21788385bbf8Sbeck int failure; 21798385bbf8Sbeck size_t dlen; 21808385bbf8Sbeck int alert; 21818385bbf8Sbeck CBB cbb; 21828385bbf8Sbeck CBS cbs; 21838385bbf8Sbeck const uint8_t *out_bytes; 21848385bbf8Sbeck size_t out_bytes_len; 21858385bbf8Sbeck 21868385bbf8Sbeck failure = 1; 21878385bbf8Sbeck 218868934fd7Stb if (!CBB_init(&cbb, 0)) 218968934fd7Stb errx(1, "Failed to create CBB"); 21908385bbf8Sbeck 21918385bbf8Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 21928385bbf8Sbeck errx(1, "failed to create SSL_CTX"); 21938385bbf8Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 21948385bbf8Sbeck errx(1, "failed to create SSL"); 21958385bbf8Sbeck 219627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_quic_transport_parameters, 219727d3e8adStb &client_funcs, &server_funcs)) 219827d3e8adStb errx(1, "failed to fetch quic transport parameter funcs"); 219927d3e8adStb 220027d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 22018385bbf8Sbeck FAIL("server should not need QUIC\n"); 22028385bbf8Sbeck goto err; 22038385bbf8Sbeck } 22048385bbf8Sbeck 22058385bbf8Sbeck if (!SSL_set_quic_transport_params(ssl, 22067e13f709Stb tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data))) { 22078385bbf8Sbeck FAIL("server failed to set QUIC parametes\n"); 22088385bbf8Sbeck goto err; 22098385bbf8Sbeck } 22108385bbf8Sbeck 221127d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) { 221242c3ded1Sjsing FAIL("server should not need QUIC\n"); 221342c3ded1Sjsing goto err; 221442c3ded1Sjsing } 221542c3ded1Sjsing 2216a8826516Sjsing ssl->quic_method = &quic_method; 221742c3ded1Sjsing 221827d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_EE)) { 22198385bbf8Sbeck FAIL("server should need QUIC\n"); 22208385bbf8Sbeck goto err; 22218385bbf8Sbeck } 22228385bbf8Sbeck 222327d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_EE, &cbb)) { 22248385bbf8Sbeck FAIL("server failed to build QUIC\n"); 22258385bbf8Sbeck goto err; 22268385bbf8Sbeck } 22278385bbf8Sbeck 22288385bbf8Sbeck if (!CBB_finish(&cbb, &data, &dlen)) 22298385bbf8Sbeck errx(1, "failed to finish CBB"); 22308385bbf8Sbeck 22318385bbf8Sbeck if (dlen != sizeof(tlsext_quic_transport_data)) { 223242c3ded1Sjsing FAIL("got server QUIC with length %zu, want length %zu\n", 223342c3ded1Sjsing dlen, sizeof(tlsext_quic_transport_data)); 22348385bbf8Sbeck goto err; 22358385bbf8Sbeck } 22368385bbf8Sbeck 22378385bbf8Sbeck if (memcmp(data, tlsext_quic_transport_data, dlen) != 0) { 22388385bbf8Sbeck FAIL("saved server QUIC differs:\n"); 22398385bbf8Sbeck fprintf(stderr, "received:\n"); 22408385bbf8Sbeck hexdump(data, dlen); 22418385bbf8Sbeck fprintf(stderr, "test data:\n"); 22428385bbf8Sbeck hexdump(tlsext_quic_transport_data, 22438385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 22448385bbf8Sbeck goto err; 22458385bbf8Sbeck } 22468385bbf8Sbeck 22478385bbf8Sbeck CBS_init(&cbs, tlsext_quic_transport_data, 22488385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 22498385bbf8Sbeck 225042c3ded1Sjsing ssl->quic_method = NULL; 225142c3ded1Sjsing 2252c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) { 22538385bbf8Sbeck FAIL("QUIC parse should have failed!\n"); 22548385bbf8Sbeck goto err; 22558385bbf8Sbeck } 22568385bbf8Sbeck 2257a8826516Sjsing ssl->quic_method = &quic_method; 22588385bbf8Sbeck 2259c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 22608385bbf8Sbeck FAIL("client_parse of QUIC from server failed\n"); 22618385bbf8Sbeck goto err; 22628385bbf8Sbeck } 22638385bbf8Sbeck if (CBS_len(&cbs) != 0) { 22648385bbf8Sbeck FAIL("extension data remaining\n"); 22658385bbf8Sbeck goto err; 22668385bbf8Sbeck } 22678385bbf8Sbeck 22688385bbf8Sbeck SSL_get_peer_quic_transport_params(ssl, &out_bytes, &out_bytes_len); 22698385bbf8Sbeck 22707e13f709Stb if (out_bytes_len != sizeof(tlsext_quic_transport_data)) { 22718385bbf8Sbeck FAIL("client QUIC length differs, got %zu want %zu\n", 22728385bbf8Sbeck out_bytes_len, 22738385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 22748385bbf8Sbeck goto err; 22758385bbf8Sbeck } 22768385bbf8Sbeck 22777e13f709Stb if (memcmp(out_bytes, tlsext_quic_transport_data, out_bytes_len) != 0) { 22788385bbf8Sbeck FAIL("client QUIC differs from sent:\n"); 22798385bbf8Sbeck fprintf(stderr, "received:\n"); 22808385bbf8Sbeck hexdump(data, dlen); 22818385bbf8Sbeck fprintf(stderr, "test data:\n"); 22828385bbf8Sbeck hexdump(tlsext_quic_transport_data, 22838385bbf8Sbeck sizeof(tlsext_quic_transport_data)); 22848385bbf8Sbeck goto err; 22858385bbf8Sbeck } 22868385bbf8Sbeck 22878385bbf8Sbeck failure = 0; 22888385bbf8Sbeck 22898385bbf8Sbeck err: 22908385bbf8Sbeck CBB_cleanup(&cbb); 22918385bbf8Sbeck SSL_CTX_free(ssl_ctx); 22928385bbf8Sbeck SSL_free(ssl); 22938385bbf8Sbeck free(data); 22948385bbf8Sbeck 22958385bbf8Sbeck return (failure); 22968385bbf8Sbeck } 22978385bbf8Sbeck 22983fb21974Stb static const unsigned char tls_ocsp_client_default[] = { 229940963ed1Sbeck 0x01, 0x00, 0x00, 0x00, 0x00 230040963ed1Sbeck }; 230140963ed1Sbeck 230240963ed1Sbeck static int 2303cd527692Sjsing test_tlsext_ocsp_client(void) 230440963ed1Sbeck { 230540963ed1Sbeck unsigned char *data = NULL; 230640963ed1Sbeck SSL_CTX *ssl_ctx = NULL; 230740963ed1Sbeck SSL *ssl = NULL; 230827d3e8adStb const struct tls_extension_funcs *client_funcs; 230927d3e8adStb const struct tls_extension_funcs *server_funcs; 231040963ed1Sbeck size_t dlen; 231140963ed1Sbeck int failure; 231240963ed1Sbeck int alert; 231340963ed1Sbeck CBB cbb; 231440963ed1Sbeck CBS cbs; 231540963ed1Sbeck 231640963ed1Sbeck failure = 1; 231740963ed1Sbeck 231868934fd7Stb if (!CBB_init(&cbb, 0)) 231968934fd7Stb errx(1, "Failed to create CBB"); 232040963ed1Sbeck 232140963ed1Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 232240963ed1Sbeck errx(1, "failed to create SSL_CTX"); 232340963ed1Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 232440963ed1Sbeck errx(1, "failed to create SSL"); 232540963ed1Sbeck 232627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs, 232727d3e8adStb &server_funcs)) 232827d3e8adStb errx(1, "failed to fetch ocsp funcs"); 232927d3e8adStb 233027d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2331e3ef6fffStb FAIL("client should not need TLSEXT_TYPE_status_request\n"); 233240963ed1Sbeck goto err; 233340963ed1Sbeck } 233440963ed1Sbeck SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); 233540963ed1Sbeck 233627d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2337e3ef6fffStb FAIL("client should need TLSEXT_TYPE_status_request\n"); 233840963ed1Sbeck goto err; 233940963ed1Sbeck } 234027d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2341cd527692Sjsing FAIL("client failed to build SNI\n"); 234240963ed1Sbeck goto err; 234340963ed1Sbeck } 234440963ed1Sbeck if (!CBB_finish(&cbb, &data, &dlen)) 2345d5ad68e5Stb errx(1, "failed to finish CBB"); 234640963ed1Sbeck 2347cd527692Sjsing if (dlen != sizeof(tls_ocsp_client_default)) { 2348e3ef6fffStb FAIL("got TLSEXT_TYPE_status_request client with length %zu, " 234940963ed1Sbeck "want length %zu\n", dlen, 2350cd527692Sjsing sizeof(tls_ocsp_client_default)); 235140963ed1Sbeck goto err; 235240963ed1Sbeck } 2353cd527692Sjsing if (memcmp(data, tls_ocsp_client_default, dlen) != 0) { 2354e3ef6fffStb FAIL("TLSEXT_TYPE_status_request client differs:\n"); 235540963ed1Sbeck fprintf(stderr, "received:\n"); 235640963ed1Sbeck hexdump(data, dlen); 235740963ed1Sbeck fprintf(stderr, "test data:\n"); 2358cd527692Sjsing hexdump(tls_ocsp_client_default, 2359cd527692Sjsing sizeof(tls_ocsp_client_default)); 236040963ed1Sbeck goto err; 236140963ed1Sbeck } 2362cd527692Sjsing CBS_init(&cbs, tls_ocsp_client_default, 2363cd527692Sjsing sizeof(tls_ocsp_client_default)); 2364c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2365e3ef6fffStb FAIL("failed to parse TLSEXT_TYPE_status_request client\n"); 236640963ed1Sbeck goto err; 236740963ed1Sbeck } 2368239d31d9Sjsing if (CBS_len(&cbs) != 0) { 23692628ace5Stb FAIL("extension data remaining\n"); 2370239d31d9Sjsing goto err; 2371239d31d9Sjsing } 237240963ed1Sbeck 237340963ed1Sbeck failure = 0; 237440963ed1Sbeck 237540963ed1Sbeck err: 237640963ed1Sbeck CBB_cleanup(&cbb); 237740963ed1Sbeck SSL_CTX_free(ssl_ctx); 237840963ed1Sbeck SSL_free(ssl); 237940963ed1Sbeck free(data); 238040963ed1Sbeck 238140963ed1Sbeck return (failure); 238240963ed1Sbeck } 238340963ed1Sbeck 238440963ed1Sbeck static int 2385cd527692Sjsing test_tlsext_ocsp_server(void) 238640963ed1Sbeck { 238740963ed1Sbeck unsigned char *data = NULL; 238840963ed1Sbeck SSL_CTX *ssl_ctx = NULL; 238940963ed1Sbeck SSL *ssl = NULL; 239027d3e8adStb const struct tls_extension_funcs *client_funcs; 239127d3e8adStb const struct tls_extension_funcs *server_funcs; 239240963ed1Sbeck size_t dlen; 239340963ed1Sbeck int failure; 239440963ed1Sbeck CBB cbb; 239540963ed1Sbeck 239640963ed1Sbeck failure = 1; 239740963ed1Sbeck 239868934fd7Stb if (!CBB_init(&cbb, 0)) 239968934fd7Stb errx(1, "Failed to create CBB"); 240040963ed1Sbeck 240140963ed1Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 240240963ed1Sbeck errx(1, "failed to create SSL_CTX"); 240340963ed1Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 240440963ed1Sbeck errx(1, "failed to create SSL"); 240540963ed1Sbeck 240627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_status_request, &client_funcs, 240727d3e8adStb &server_funcs)) 240827d3e8adStb errx(1, "failed to fetch ocsp funcs"); 240927d3e8adStb 241027d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 2411e3ef6fffStb FAIL("server should not need TLSEXT_TYPE_status_request\n"); 241240963ed1Sbeck goto err; 241340963ed1Sbeck } 241440963ed1Sbeck 24151ce7ecd4Sjsing ssl->tlsext_status_expected = 1; 241640963ed1Sbeck 241727d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 2418e3ef6fffStb FAIL("server should need TLSEXT_TYPE_status_request\n"); 241940963ed1Sbeck goto err; 242040963ed1Sbeck } 242127d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 2422e3ef6fffStb FAIL("server failed to build TLSEXT_TYPE_status_request\n"); 242340963ed1Sbeck goto err; 242440963ed1Sbeck } 242540963ed1Sbeck 242640963ed1Sbeck if (!CBB_finish(&cbb, &data, &dlen)) 2427d5ad68e5Stb errx(1, "failed to finish CBB"); 242840963ed1Sbeck 242940963ed1Sbeck failure = 0; 243040963ed1Sbeck 243140963ed1Sbeck err: 243240963ed1Sbeck CBB_cleanup(&cbb); 243340963ed1Sbeck SSL_CTX_free(ssl_ctx); 243440963ed1Sbeck SSL_free(ssl); 243540963ed1Sbeck free(data); 243640963ed1Sbeck 243740963ed1Sbeck return (failure); 243840963ed1Sbeck } 243940963ed1Sbeck 2440babaaee1Sdoug /* 2441babaaee1Sdoug * Session ticket - RFC 5077 since no known implementations use 4507. 2442babaaee1Sdoug * 2443babaaee1Sdoug * Session tickets can be length 0 (special case) to 2^16-1. 2444babaaee1Sdoug * 2445babaaee1Sdoug * The state is encrypted by the server so it is opaque to the client. 2446babaaee1Sdoug */ 2447babaaee1Sdoug static uint8_t tlsext_sessionticket_hello_min[1]; 2448babaaee1Sdoug static uint8_t tlsext_sessionticket_hello_max[65535]; 2449babaaee1Sdoug 2450babaaee1Sdoug static int 2451cd527692Sjsing test_tlsext_sessionticket_client(void) 2452babaaee1Sdoug { 2453babaaee1Sdoug unsigned char *data = NULL; 2454babaaee1Sdoug SSL_CTX *ssl_ctx = NULL; 2455babaaee1Sdoug SSL *ssl = NULL; 245627d3e8adStb const struct tls_extension_funcs *client_funcs; 245727d3e8adStb const struct tls_extension_funcs *server_funcs; 2458babaaee1Sdoug int failure; 2459babaaee1Sdoug CBB cbb; 2460babaaee1Sdoug size_t dlen; 2461babaaee1Sdoug uint8_t dummy[1234]; 2462babaaee1Sdoug 2463babaaee1Sdoug failure = 1; 2464babaaee1Sdoug 246568934fd7Stb if (!CBB_init(&cbb, 0)) 246668934fd7Stb errx(1, "Failed to create CBB"); 2467babaaee1Sdoug 2468babaaee1Sdoug /* Create fake session tickets with random data. */ 2469babaaee1Sdoug arc4random_buf(tlsext_sessionticket_hello_min, 2470babaaee1Sdoug sizeof(tlsext_sessionticket_hello_min)); 2471babaaee1Sdoug arc4random_buf(tlsext_sessionticket_hello_max, 2472babaaee1Sdoug sizeof(tlsext_sessionticket_hello_max)); 2473babaaee1Sdoug 2474babaaee1Sdoug if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 2475babaaee1Sdoug errx(1, "failed to create SSL_CTX"); 2476babaaee1Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 2477babaaee1Sdoug errx(1, "failed to create SSL"); 2478babaaee1Sdoug 247927d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs, 248027d3e8adStb &server_funcs)) 248127d3e8adStb errx(1, "failed to fetch session ticket funcs"); 248227d3e8adStb 2483babaaee1Sdoug /* Should need a ticket by default. */ 248427d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2485cd527692Sjsing FAIL("client should need Sessionticket for default " 2486babaaee1Sdoug "ciphers\n"); 2487babaaee1Sdoug goto err; 2488babaaee1Sdoug } 2489babaaee1Sdoug 2490babaaee1Sdoug /* Test disabling tickets. */ 2491babaaee1Sdoug if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { 24922628ace5Stb FAIL("Cannot disable tickets in the TLS connection\n"); 24938142aafaStb goto err; 2494babaaee1Sdoug } 249527d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 24962628ace5Stb FAIL("client should not need SessionTicket if it was disabled\n"); 2497babaaee1Sdoug goto err; 2498babaaee1Sdoug } 2499babaaee1Sdoug 2500babaaee1Sdoug /* Test re-enabling tickets. */ 2501babaaee1Sdoug if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { 25022628ace5Stb FAIL("Cannot re-enable tickets in the TLS connection\n"); 2503eb636853Stb goto err; 2504babaaee1Sdoug } 250527d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 25062628ace5Stb FAIL("client should need SessionTicket if it was disabled\n"); 2507babaaee1Sdoug goto err; 2508babaaee1Sdoug } 2509babaaee1Sdoug 2510babaaee1Sdoug /* Since we don't have a session, we should build an empty ticket. */ 251127d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 25122628ace5Stb FAIL("Cannot build a ticket\n"); 2513babaaee1Sdoug goto err; 2514babaaee1Sdoug } 2515babaaee1Sdoug if (!CBB_finish(&cbb, &data, &dlen)) { 25162628ace5Stb FAIL("Cannot finish CBB\n"); 2517babaaee1Sdoug goto err; 2518babaaee1Sdoug } 2519babaaee1Sdoug if (dlen != 0) { 2520babaaee1Sdoug FAIL("Expected 0 length but found %zu\n", dlen); 2521babaaee1Sdoug goto err; 2522babaaee1Sdoug } 2523babaaee1Sdoug 2524babaaee1Sdoug CBB_cleanup(&cbb); 252568934fd7Stb if (!CBB_init(&cbb, 0)) 252668934fd7Stb errx(1, "Failed to create CBB"); 2527babaaee1Sdoug free(data); 2528babaaee1Sdoug data = NULL; 2529babaaee1Sdoug 2530babaaee1Sdoug /* With a new session (but no ticket), we should still have 0 length */ 2531babaaee1Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 2532babaaee1Sdoug errx(1, "failed to create session"); 253327d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 25342628ace5Stb FAIL("Should still want a session ticket with a new session\n"); 2535babaaee1Sdoug goto err; 2536babaaee1Sdoug } 253727d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 25382628ace5Stb FAIL("Cannot build a ticket\n"); 2539babaaee1Sdoug goto err; 2540babaaee1Sdoug } 2541babaaee1Sdoug if (!CBB_finish(&cbb, &data, &dlen)) { 25422628ace5Stb FAIL("Cannot finish CBB\n"); 2543babaaee1Sdoug goto err; 2544babaaee1Sdoug } 2545babaaee1Sdoug if (dlen != 0) { 2546babaaee1Sdoug FAIL("Expected 0 length but found %zu\n", dlen); 2547babaaee1Sdoug goto err; 2548babaaee1Sdoug } 2549babaaee1Sdoug 2550babaaee1Sdoug CBB_cleanup(&cbb); 255168934fd7Stb if (!CBB_init(&cbb, 0)) 255268934fd7Stb errx(1, "Failed to create CBB"); 2553babaaee1Sdoug free(data); 2554babaaee1Sdoug data = NULL; 2555babaaee1Sdoug 2556babaaee1Sdoug /* With a new session (and ticket), we should use that ticket */ 2557babaaee1Sdoug SSL_SESSION_free(ssl->session); 2558babaaee1Sdoug if ((ssl->session = SSL_SESSION_new()) == NULL) 2559babaaee1Sdoug errx(1, "failed to create session"); 2560babaaee1Sdoug 2561babaaee1Sdoug arc4random_buf(&dummy, sizeof(dummy)); 2562babaaee1Sdoug if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) { 2563babaaee1Sdoug errx(1, "failed to malloc"); 2564babaaee1Sdoug } 2565babaaee1Sdoug memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); 2566babaaee1Sdoug ssl->session->tlsext_ticklen = sizeof(dummy); 2567babaaee1Sdoug 256827d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 25692628ace5Stb FAIL("Should still want a session ticket with a new session\n"); 2570babaaee1Sdoug goto err; 2571babaaee1Sdoug } 257227d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 25732628ace5Stb FAIL("Cannot build a ticket\n"); 2574babaaee1Sdoug goto err; 2575babaaee1Sdoug } 2576babaaee1Sdoug if (!CBB_finish(&cbb, &data, &dlen)) { 25772628ace5Stb FAIL("Cannot finish CBB\n"); 2578babaaee1Sdoug goto err; 2579babaaee1Sdoug } 2580babaaee1Sdoug if (dlen != sizeof(dummy)) { 2581babaaee1Sdoug FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen); 2582babaaee1Sdoug goto err; 2583babaaee1Sdoug } 2584babaaee1Sdoug if (memcmp(data, dummy, dlen) != 0) { 2585cd527692Sjsing FAIL("server SNI differs:\n"); 2586babaaee1Sdoug compare_data(data, dlen, 2587babaaee1Sdoug dummy, sizeof(dummy)); 2588babaaee1Sdoug goto err; 2589babaaee1Sdoug } 2590babaaee1Sdoug 2591babaaee1Sdoug CBB_cleanup(&cbb); 259268934fd7Stb if (!CBB_init(&cbb, 0)) 259368934fd7Stb errx(1, "Failed to create CBB"); 2594babaaee1Sdoug free(data); 2595babaaee1Sdoug data = NULL; 2596babaaee1Sdoug free(ssl->session->tlsext_tick); 2597babaaee1Sdoug ssl->session->tlsext_tick = NULL; 2598babaaee1Sdoug ssl->session->tlsext_ticklen = 0; 2599babaaee1Sdoug 2600babaaee1Sdoug /* 2601babaaee1Sdoug * Send in NULL to disable session tickets at runtime without going 2602babaaee1Sdoug * through SSL_set_options(). 2603babaaee1Sdoug */ 2604babaaee1Sdoug if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) { 26052628ace5Stb FAIL("Could not set a NULL custom ticket\n"); 2606babaaee1Sdoug goto err; 2607babaaee1Sdoug } 2608babaaee1Sdoug /* Should not need a ticket in this case */ 260927d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 26102628ace5Stb FAIL("Should not want to use session tickets with a NULL custom\n"); 2611babaaee1Sdoug goto err; 2612babaaee1Sdoug } 2613babaaee1Sdoug 2614babaaee1Sdoug /* 2615babaaee1Sdoug * If you want to remove the tlsext_session_ticket behavior, you have 2616babaaee1Sdoug * to do it manually. 2617babaaee1Sdoug */ 26181ce7ecd4Sjsing free(ssl->tlsext_session_ticket); 26191ce7ecd4Sjsing ssl->tlsext_session_ticket = NULL; 2620babaaee1Sdoug 262127d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 26222628ace5Stb FAIL("Should need a session ticket again when the custom one is removed\n"); 2623babaaee1Sdoug goto err; 2624babaaee1Sdoug } 2625babaaee1Sdoug 2626babaaee1Sdoug /* Test a custom session ticket (not recommended in practice) */ 2627babaaee1Sdoug if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max, 2628babaaee1Sdoug sizeof(tlsext_sessionticket_hello_max))) { 26292628ace5Stb FAIL("Should be able to set a custom ticket\n"); 2630babaaee1Sdoug goto err; 2631babaaee1Sdoug } 263227d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 26332628ace5Stb FAIL("Should need a session ticket again when the custom one is not empty\n"); 2634babaaee1Sdoug goto err; 2635babaaee1Sdoug } 263627d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 26372628ace5Stb FAIL("Cannot build a ticket with a max length random payload\n"); 2638babaaee1Sdoug goto err; 2639babaaee1Sdoug } 2640babaaee1Sdoug if (!CBB_finish(&cbb, &data, &dlen)) { 26412628ace5Stb FAIL("Cannot finish CBB\n"); 2642babaaee1Sdoug goto err; 2643babaaee1Sdoug } 2644babaaee1Sdoug if (dlen != sizeof(tlsext_sessionticket_hello_max)) { 2645babaaee1Sdoug FAIL("Expected %zu length but found %zu\n", 2646babaaee1Sdoug sizeof(tlsext_sessionticket_hello_max), dlen); 2647babaaee1Sdoug goto err; 2648babaaee1Sdoug } 2649babaaee1Sdoug if (memcmp(data, tlsext_sessionticket_hello_max, 2650babaaee1Sdoug sizeof(tlsext_sessionticket_hello_max)) != 0) { 26512628ace5Stb FAIL("Expected to get what we passed in\n"); 2652babaaee1Sdoug compare_data(data, dlen, 2653babaaee1Sdoug tlsext_sessionticket_hello_max, 2654babaaee1Sdoug sizeof(tlsext_sessionticket_hello_max)); 2655babaaee1Sdoug goto err; 2656babaaee1Sdoug } 2657babaaee1Sdoug 2658babaaee1Sdoug failure = 0; 2659babaaee1Sdoug 2660babaaee1Sdoug err: 2661babaaee1Sdoug CBB_cleanup(&cbb); 2662babaaee1Sdoug SSL_CTX_free(ssl_ctx); 2663babaaee1Sdoug SSL_free(ssl); 2664babaaee1Sdoug free(data); 2665babaaee1Sdoug 2666babaaee1Sdoug return (failure); 2667babaaee1Sdoug } 2668babaaee1Sdoug 2669babaaee1Sdoug 2670babaaee1Sdoug static int 2671cd527692Sjsing test_tlsext_sessionticket_server(void) 2672babaaee1Sdoug { 2673babaaee1Sdoug SSL_CTX *ssl_ctx = NULL; 2674babaaee1Sdoug SSL *ssl = NULL; 267527d3e8adStb const struct tls_extension_funcs *client_funcs; 267627d3e8adStb const struct tls_extension_funcs *server_funcs; 2677babaaee1Sdoug int failure; 2678bb675266Stb uint8_t *data = NULL; 2679babaaee1Sdoug size_t dlen; 2680babaaee1Sdoug CBB cbb; 2681babaaee1Sdoug 268212e31becStb failure = 1; 268312e31becStb 268468934fd7Stb if (!CBB_init(&cbb, 0)) 268568934fd7Stb errx(1, "Failed to create CBB"); 2686babaaee1Sdoug 2687babaaee1Sdoug if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 2688babaaee1Sdoug errx(1, "failed to create SSL_CTX"); 2689babaaee1Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 2690babaaee1Sdoug errx(1, "failed to create SSL"); 2691babaaee1Sdoug 269227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_session_ticket, &client_funcs, 269327d3e8adStb &server_funcs)) 269427d3e8adStb errx(1, "failed to fetch session ticket funcs"); 269527d3e8adStb 2696babaaee1Sdoug /* 2697babaaee1Sdoug * By default, should not need a session ticket since the ticket 2698babaaee1Sdoug * is not yet expected. 2699babaaee1Sdoug */ 270027d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 2701cd527692Sjsing FAIL("server should not need SessionTicket by default\n"); 2702babaaee1Sdoug goto err; 2703babaaee1Sdoug } 2704babaaee1Sdoug 2705babaaee1Sdoug /* Test disabling tickets. */ 2706babaaee1Sdoug if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { 27072628ace5Stb FAIL("Cannot disable tickets in the TLS connection\n"); 27086cba937dSbeck goto err; 2709babaaee1Sdoug } 271027d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 27112628ace5Stb FAIL("server should not need SessionTicket if it was disabled\n"); 2712babaaee1Sdoug goto err; 2713babaaee1Sdoug } 2714babaaee1Sdoug 2715babaaee1Sdoug /* Test re-enabling tickets. */ 2716babaaee1Sdoug if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { 27172628ace5Stb FAIL("Cannot re-enable tickets in the TLS connection\n"); 27186cba937dSbeck goto err; 2719babaaee1Sdoug } 272027d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 27212628ace5Stb FAIL("server should not need SessionTicket yet\n"); 2722babaaee1Sdoug goto err; 2723babaaee1Sdoug } 2724babaaee1Sdoug 2725babaaee1Sdoug /* Set expected to require it. */ 27261ce7ecd4Sjsing ssl->tlsext_ticket_expected = 1; 272727d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 27282628ace5Stb FAIL("server should now be required for SessionTicket\n"); 2729babaaee1Sdoug goto err; 2730babaaee1Sdoug } 2731babaaee1Sdoug 2732babaaee1Sdoug /* server hello's session ticket should always be 0 length payload. */ 273327d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 27342628ace5Stb FAIL("Cannot build a ticket with a max length random payload\n"); 2735babaaee1Sdoug goto err; 2736babaaee1Sdoug } 2737babaaee1Sdoug if (!CBB_finish(&cbb, &data, &dlen)) { 27382628ace5Stb FAIL("Cannot finish CBB\n"); 2739babaaee1Sdoug goto err; 2740babaaee1Sdoug } 2741babaaee1Sdoug if (dlen != 0) { 2742babaaee1Sdoug FAIL("Expected 0 length but found %zu\n", dlen); 2743babaaee1Sdoug goto err; 2744babaaee1Sdoug } 2745babaaee1Sdoug 2746babaaee1Sdoug failure = 0; 2747babaaee1Sdoug 2748babaaee1Sdoug err: 27496cba937dSbeck CBB_cleanup(&cbb); 2750babaaee1Sdoug SSL_CTX_free(ssl_ctx); 2751babaaee1Sdoug SSL_free(ssl); 2752bb675266Stb free(data); 2753babaaee1Sdoug 2754babaaee1Sdoug return (failure); 2755babaaee1Sdoug } 2756babaaee1Sdoug 2757e7660786Sdoug #ifndef OPENSSL_NO_SRTP 2758e7660786Sdoug /* 2759e7660786Sdoug * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1) 2760e7660786Sdoug */ 2761e7660786Sdoug 2762e7660786Sdoug /* Colon separated string values */ 2763e7660786Sdoug const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80"; 2764e7660786Sdoug const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"; 2765e7660786Sdoug 2766e7660786Sdoug const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80"; 2767e7660786Sdoug const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32"; 2768e7660786Sdoug 2769e7660786Sdoug const uint8_t tlsext_srtp_single[] = { 2770e7660786Sdoug /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2771e7660786Sdoug 0x00, 0x02, /* len */ 2772e7660786Sdoug 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */ 2773e7660786Sdoug 0x00 /* opaque srtp_mki<0..255> */ 2774e7660786Sdoug }; 2775e7660786Sdoug 2776e7660786Sdoug const uint8_t tlsext_srtp_multiple[] = { 2777e7660786Sdoug /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2778e7660786Sdoug 0x00, 0x04, /* len */ 2779e7660786Sdoug 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */ 2780e7660786Sdoug 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */ 2781e7660786Sdoug 0x00 /* opaque srtp_mki<0..255> */ 2782e7660786Sdoug }; 2783e7660786Sdoug 2784e7660786Sdoug const uint8_t tlsext_srtp_multiple_invalid[] = { 2785e7660786Sdoug /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2786e7660786Sdoug 0x00, 0x04, /* len */ 2787e7660786Sdoug 0x00, 0x08, /* arbitrary value not found in known profiles */ 2788e7660786Sdoug 0x00, 0x09, /* arbitrary value not found in known profiles */ 2789e7660786Sdoug 0x00 /* opaque srtp_mki<0..255> */ 2790e7660786Sdoug }; 2791e7660786Sdoug 2792e7660786Sdoug const uint8_t tlsext_srtp_single_invalid[] = { 2793e7660786Sdoug /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2794e7660786Sdoug 0x00, 0x02, /* len */ 2795e7660786Sdoug 0x00, 0x08, /* arbitrary value not found in known profiles */ 2796e7660786Sdoug 0x00 /* opaque srtp_mki<0..255> */ 2797e7660786Sdoug }; 2798e7660786Sdoug 2799e7660786Sdoug const uint8_t tlsext_srtp_multiple_one_valid[] = { 2800e7660786Sdoug /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2801e7660786Sdoug 0x00, 0x04, /* len */ 2802e7660786Sdoug 0x00, 0x08, /* arbitrary value not found in known profiles */ 2803e7660786Sdoug 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */ 2804e7660786Sdoug 0x00 /* opaque srtp_mki<0..255> */ 2805e7660786Sdoug }; 2806e7660786Sdoug 2807e7660786Sdoug static int 2808cd527692Sjsing test_tlsext_srtp_client(void) 2809e7660786Sdoug { 2810e7660786Sdoug SRTP_PROTECTION_PROFILE *prof; 2811e7660786Sdoug SSL_CTX *ssl_ctx = NULL; 2812e7660786Sdoug SSL *ssl = NULL; 281327d3e8adStb const struct tls_extension_funcs *client_funcs; 281427d3e8adStb const struct tls_extension_funcs *server_funcs; 2815e7660786Sdoug uint8_t *data = NULL; 2816e7660786Sdoug CBB cbb; 2817e7660786Sdoug CBS cbs; 2818e7660786Sdoug int failure, alert; 2819e7660786Sdoug size_t dlen; 2820e7660786Sdoug 282112e31becStb failure = 1; 282212e31becStb 282368934fd7Stb if (!CBB_init(&cbb, 0)) 282468934fd7Stb errx(1, "Failed to create CBB"); 2825e7660786Sdoug 2826e7660786Sdoug /* SRTP is for DTLS */ 2827e7660786Sdoug if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) 2828e7660786Sdoug errx(1, "failed to create SSL_CTX"); 2829e7660786Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 2830e7660786Sdoug errx(1, "failed to create SSL"); 2831e7660786Sdoug 283227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs, 283327d3e8adStb &server_funcs)) 283427d3e8adStb errx(1, "failed to fetch srtp funcs"); 283527d3e8adStb 2836e7660786Sdoug /* By default, we don't need this */ 283727d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2838cd527692Sjsing FAIL("client should not need SRTP by default\n"); 2839e7660786Sdoug goto err; 2840e7660786Sdoug } 2841e7660786Sdoug 2842e7660786Sdoug if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) { 2843e7660786Sdoug FAIL("should be able to set a single SRTP\n"); 2844e7660786Sdoug goto err; 2845e7660786Sdoug } 284627d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2847cd527692Sjsing FAIL("client should need SRTP\n"); 2848e7660786Sdoug goto err; 2849e7660786Sdoug } 2850e7660786Sdoug 2851cd527692Sjsing /* Make sure we can build the client with a single profile. */ 2852e7660786Sdoug 285327d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2854cd527692Sjsing FAIL("client failed to build SRTP\n"); 2855e7660786Sdoug goto err; 2856e7660786Sdoug } 2857e7660786Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 2858d5ad68e5Stb errx(1, "failed to finish CBB"); 2859e7660786Sdoug 2860e7660786Sdoug if (dlen != sizeof(tlsext_srtp_single)) { 2861cd527692Sjsing FAIL("got client SRTP with length %zu, " 2862e7660786Sdoug "want length %zu\n", dlen, 2863e7660786Sdoug sizeof(tlsext_srtp_single)); 2864e7660786Sdoug compare_data(data, dlen, tlsext_srtp_single, 2865e7660786Sdoug sizeof(tlsext_srtp_single)); 2866e7660786Sdoug goto err; 2867e7660786Sdoug } 2868e7660786Sdoug if (memcmp(data, tlsext_srtp_single, dlen) != 0) { 2869cd527692Sjsing FAIL("client SRTP differs:\n"); 2870e7660786Sdoug compare_data(data, dlen, tlsext_srtp_single, 2871e7660786Sdoug sizeof(tlsext_srtp_single)); 2872e7660786Sdoug goto err; 2873e7660786Sdoug } 2874e7660786Sdoug 2875e7660786Sdoug CBB_cleanup(&cbb); 287668934fd7Stb if (!CBB_init(&cbb, 0)) 287768934fd7Stb errx(1, "Failed to create CBB"); 2878e7660786Sdoug free(data); 2879e7660786Sdoug data = NULL; 2880e7660786Sdoug 2881e7660786Sdoug /* Make sure we can parse the single profile. */ 2882e7660786Sdoug 2883e7660786Sdoug if (SSL_get_selected_srtp_profile(ssl) != NULL) { 2884e7660786Sdoug FAIL("SRTP profile should not be set yet\n"); 2885e7660786Sdoug goto err; 2886e7660786Sdoug } 2887e7660786Sdoug 2888e7660786Sdoug CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2889c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2890e7660786Sdoug FAIL("failed to parse SRTP\n"); 2891e7660786Sdoug goto err; 2892e7660786Sdoug } 2893239d31d9Sjsing if (CBS_len(&cbs) != 0) { 28942628ace5Stb FAIL("extension data remaining\n"); 2895239d31d9Sjsing goto err; 2896239d31d9Sjsing } 2897e7660786Sdoug 2898e7660786Sdoug if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2899e7660786Sdoug FAIL("SRTP profile should be set now\n"); 2900e7660786Sdoug goto err; 2901e7660786Sdoug } 2902e7660786Sdoug if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) { 2903e7660786Sdoug FAIL("SRTP profile was not set properly\n"); 2904e7660786Sdoug goto err; 2905e7660786Sdoug } 2906e7660786Sdoug 290727d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2908e7660786Sdoug FAIL("should send server extension when profile selected\n"); 2909e7660786Sdoug goto err; 2910e7660786Sdoug } 2911e7660786Sdoug 2912e7660786Sdoug /* Make sure we can build the clienthello with multiple entries. */ 2913e7660786Sdoug 2914e7660786Sdoug if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) { 2915e7660786Sdoug FAIL("should be able to set SRTP to multiple profiles\n"); 2916e7660786Sdoug goto err; 2917e7660786Sdoug } 291827d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2919cd527692Sjsing FAIL("client should need SRTP by now\n"); 2920e7660786Sdoug goto err; 2921e7660786Sdoug } 2922e7660786Sdoug 292327d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2924cd527692Sjsing FAIL("client failed to build SRTP\n"); 2925e7660786Sdoug goto err; 2926e7660786Sdoug } 2927e7660786Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 2928d5ad68e5Stb errx(1, "failed to finish CBB"); 2929e7660786Sdoug 2930e7660786Sdoug if (dlen != sizeof(tlsext_srtp_multiple)) { 2931cd527692Sjsing FAIL("got client SRTP with length %zu, " 2932e7660786Sdoug "want length %zu\n", dlen, 2933e7660786Sdoug sizeof(tlsext_srtp_multiple)); 2934e7660786Sdoug compare_data(data, dlen, tlsext_srtp_multiple, 2935e7660786Sdoug sizeof(tlsext_srtp_multiple)); 2936e7660786Sdoug goto err; 2937e7660786Sdoug } 2938e7660786Sdoug if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) { 2939cd527692Sjsing FAIL("client SRTP differs:\n"); 2940e7660786Sdoug compare_data(data, dlen, tlsext_srtp_multiple, 2941e7660786Sdoug sizeof(tlsext_srtp_multiple)); 2942e7660786Sdoug goto err; 2943e7660786Sdoug } 2944e7660786Sdoug 2945e7660786Sdoug CBB_cleanup(&cbb); 294668934fd7Stb if (!CBB_init(&cbb, 0)) 294768934fd7Stb errx(1, "Failed to create CBB"); 2948e7660786Sdoug free(data); 2949e7660786Sdoug data = NULL; 2950e7660786Sdoug 2951e7660786Sdoug /* Make sure we can parse multiple profiles (selects server preferred) */ 2952e7660786Sdoug 29531ce7ecd4Sjsing ssl->srtp_profile = NULL; 2954e7660786Sdoug 2955e7660786Sdoug CBS_init(&cbs, tlsext_srtp_multiple, 2956e7660786Sdoug sizeof(tlsext_srtp_multiple)); 2957c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2958e7660786Sdoug FAIL("failed to parse SRTP\n"); 2959e7660786Sdoug goto err; 2960e7660786Sdoug } 2961239d31d9Sjsing if (CBS_len(&cbs) != 0) { 29622628ace5Stb FAIL("extension data remaining\n"); 2963239d31d9Sjsing goto err; 2964239d31d9Sjsing } 2965e7660786Sdoug 2966e7660786Sdoug if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2967e7660786Sdoug FAIL("SRTP profile should be set now\n"); 2968e7660786Sdoug goto err; 2969e7660786Sdoug } 2970e7660786Sdoug if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) { 2971e7660786Sdoug FAIL("SRTP profile was not set properly\n"); 2972e7660786Sdoug goto err; 2973e7660786Sdoug } 2974e7660786Sdoug 297527d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 2976e7660786Sdoug FAIL("should send server extension when profile selected\n"); 2977e7660786Sdoug goto err; 2978e7660786Sdoug } 2979e7660786Sdoug 2980e7660786Sdoug /* 2981e7660786Sdoug * Make sure we can parse the clienthello with multiple entries 2982e7660786Sdoug * where one is unknown. 2983e7660786Sdoug */ 29841ce7ecd4Sjsing ssl->srtp_profile = NULL; 2985e7660786Sdoug 2986e7660786Sdoug CBS_init(&cbs, tlsext_srtp_multiple_one_valid, 2987e7660786Sdoug sizeof(tlsext_srtp_multiple_one_valid)); 2988c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2989e7660786Sdoug FAIL("failed to parse SRTP\n"); 2990e7660786Sdoug goto err; 2991e7660786Sdoug } 2992239d31d9Sjsing if (CBS_len(&cbs) != 0) { 29932628ace5Stb FAIL("extension data remaining\n"); 2994239d31d9Sjsing goto err; 2995239d31d9Sjsing } 2996e7660786Sdoug 2997e7660786Sdoug if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2998e7660786Sdoug FAIL("SRTP profile should be set now\n"); 2999e7660786Sdoug goto err; 3000e7660786Sdoug } 3001e7660786Sdoug if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) { 3002e7660786Sdoug FAIL("SRTP profile was not set properly\n"); 3003e7660786Sdoug goto err; 3004e7660786Sdoug } 3005e7660786Sdoug 300627d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 3007e7660786Sdoug FAIL("should send server extension when profile selected\n"); 3008e7660786Sdoug goto err; 3009e7660786Sdoug } 3010e7660786Sdoug 3011e7660786Sdoug /* Make sure we fall back to negotiated when none work. */ 3012e7660786Sdoug 30131ce7ecd4Sjsing ssl->srtp_profile = NULL; 3014e7660786Sdoug 3015e7660786Sdoug CBS_init(&cbs, tlsext_srtp_multiple_invalid, 3016e7660786Sdoug sizeof(tlsext_srtp_multiple_invalid)); 3017c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3018e7660786Sdoug FAIL("should be able to fall back to negotiated\n"); 3019e7660786Sdoug goto err; 3020e7660786Sdoug } 3021239d31d9Sjsing if (CBS_len(&cbs) != 0) { 30222628ace5Stb FAIL("extension data remaining\n"); 3023239d31d9Sjsing goto err; 3024239d31d9Sjsing } 3025e7660786Sdoug 3026e7660786Sdoug /* If we fallback, the server should NOT send the extension. */ 3027e7660786Sdoug if (SSL_get_selected_srtp_profile(ssl) != NULL) { 3028e7660786Sdoug FAIL("should not have selected a profile when none found\n"); 3029e7660786Sdoug goto err; 3030e7660786Sdoug } 303127d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 3032e7660786Sdoug FAIL("should not send server tlsext when no profile found\n"); 3033e7660786Sdoug goto err; 3034e7660786Sdoug } 3035e7660786Sdoug 3036e7660786Sdoug failure = 0; 3037e7660786Sdoug 3038e7660786Sdoug err: 3039e7660786Sdoug CBB_cleanup(&cbb); 3040e7660786Sdoug SSL_CTX_free(ssl_ctx); 3041e7660786Sdoug SSL_free(ssl); 3042e7660786Sdoug free(data); 3043e7660786Sdoug 3044e7660786Sdoug return (failure); 3045e7660786Sdoug } 3046e7660786Sdoug 3047e7660786Sdoug static int 3048cd527692Sjsing test_tlsext_srtp_server(void) 3049e7660786Sdoug { 3050843bb035Sjsing const SRTP_PROTECTION_PROFILE *prof; 3051e7660786Sdoug SSL_CTX *ssl_ctx = NULL; 3052e7660786Sdoug SSL *ssl = NULL; 305327d3e8adStb const struct tls_extension_funcs *client_funcs; 305427d3e8adStb const struct tls_extension_funcs *server_funcs; 3055e7660786Sdoug uint8_t *data = NULL; 3056e7660786Sdoug CBB cbb; 3057e7660786Sdoug CBS cbs; 3058e7660786Sdoug int failure, alert; 3059e7660786Sdoug size_t dlen; 3060e7660786Sdoug 306112e31becStb failure = 1; 306212e31becStb 306368934fd7Stb if (!CBB_init(&cbb, 0)) 306468934fd7Stb errx(1, "Failed to create CBB"); 3065e7660786Sdoug 3066e7660786Sdoug /* SRTP is for DTLS */ 3067e7660786Sdoug if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) 3068e7660786Sdoug errx(1, "failed to create SSL_CTX"); 3069e7660786Sdoug if ((ssl = SSL_new(ssl_ctx)) == NULL) 3070e7660786Sdoug errx(1, "failed to create SSL"); 3071e7660786Sdoug 307227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_use_srtp, &client_funcs, 307327d3e8adStb &server_funcs)) 307427d3e8adStb errx(1, "failed to fetch srtp funcs"); 307527d3e8adStb 3076e7660786Sdoug /* By default, we don't need this */ 307727d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 3078cd527692Sjsing FAIL("server should not need SRTP by default\n"); 3079e7660786Sdoug goto err; 3080e7660786Sdoug } 3081e7660786Sdoug 3082b6f34f93Stb if (srtp_find_profile_by_name(tlsext_srtp_aes128cmsha80, &prof, 3083e7660786Sdoug strlen(tlsext_srtp_aes128cmsha80))) { 3084e7660786Sdoug FAIL("should be able to find the given profile\n"); 3085e7660786Sdoug goto err; 3086e7660786Sdoug } 30871ce7ecd4Sjsing ssl->srtp_profile = prof; 308827d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 3089cd527692Sjsing FAIL("server should need SRTP by now\n"); 3090e7660786Sdoug goto err; 3091e7660786Sdoug } 3092e7660786Sdoug 3093cd527692Sjsing /* Make sure we can build the server with a single profile. */ 3094e7660786Sdoug 309527d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 3096cd527692Sjsing FAIL("server failed to build SRTP\n"); 3097e7660786Sdoug goto err; 3098e7660786Sdoug } 3099e7660786Sdoug if (!CBB_finish(&cbb, &data, &dlen)) 3100d5ad68e5Stb errx(1, "failed to finish CBB"); 3101e7660786Sdoug 3102e7660786Sdoug if (dlen != sizeof(tlsext_srtp_single)) { 3103cd527692Sjsing FAIL("got server SRTP with length %zu, " 3104e7660786Sdoug "want length %zu\n", dlen, 3105e7660786Sdoug sizeof(tlsext_srtp_single)); 3106e7660786Sdoug compare_data(data, dlen, tlsext_srtp_single, 3107e7660786Sdoug sizeof(tlsext_srtp_single)); 3108e7660786Sdoug goto err; 3109e7660786Sdoug } 3110e7660786Sdoug if (memcmp(data, tlsext_srtp_single, dlen) != 0) { 3111cd527692Sjsing FAIL("server SRTP differs:\n"); 3112e7660786Sdoug compare_data(data, dlen, tlsext_srtp_single, 3113e7660786Sdoug sizeof(tlsext_srtp_single)); 3114e7660786Sdoug goto err; 3115e7660786Sdoug } 3116e7660786Sdoug 3117e7660786Sdoug CBB_cleanup(&cbb); 311868934fd7Stb if (!CBB_init(&cbb, 0)) 311968934fd7Stb errx(1, "Failed to create CBB"); 3120e7660786Sdoug free(data); 3121e7660786Sdoug data = NULL; 3122e7660786Sdoug 3123e7660786Sdoug /* Make sure we can parse the single profile. */ 31241ce7ecd4Sjsing ssl->srtp_profile = NULL; 3125e7660786Sdoug 3126e7660786Sdoug if (SSL_get_selected_srtp_profile(ssl) != NULL) { 3127e7660786Sdoug FAIL("SRTP profile should not be set yet\n"); 3128e7660786Sdoug goto err; 3129e7660786Sdoug } 3130e7660786Sdoug 3131e7660786Sdoug /* Setup the environment as if a client sent a list of profiles. */ 3132e7660786Sdoug if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) { 3133e7660786Sdoug FAIL("should be able to set multiple profiles in SRTP\n"); 3134e7660786Sdoug goto err; 3135e7660786Sdoug } 3136e7660786Sdoug 3137e7660786Sdoug CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 3138c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3139e7660786Sdoug FAIL("failed to parse SRTP\n"); 3140e7660786Sdoug goto err; 3141e7660786Sdoug } 3142239d31d9Sjsing if (CBS_len(&cbs) != 0) { 31432628ace5Stb FAIL("extension data remaining\n"); 3144239d31d9Sjsing goto err; 3145239d31d9Sjsing } 3146e7660786Sdoug 3147e7660786Sdoug if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 3148e7660786Sdoug FAIL("SRTP profile should be set now\n"); 3149e7660786Sdoug goto err; 3150e7660786Sdoug } 3151e7660786Sdoug if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) { 3152e7660786Sdoug FAIL("SRTP profile was not set properly\n"); 3153e7660786Sdoug goto err; 3154e7660786Sdoug } 3155e7660786Sdoug 3156e7660786Sdoug /* Make sure we cannot parse multiple profiles */ 31571ce7ecd4Sjsing ssl->srtp_profile = NULL; 3158e7660786Sdoug 3159e7660786Sdoug CBS_init(&cbs, tlsext_srtp_multiple, 3160e7660786Sdoug sizeof(tlsext_srtp_multiple)); 3161c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3162e7660786Sdoug FAIL("should not find multiple entries from the server\n"); 3163e7660786Sdoug goto err; 3164e7660786Sdoug } 3165e7660786Sdoug 3166cd527692Sjsing /* Make sure we cannot parse a server with unknown profile */ 31671ce7ecd4Sjsing ssl->srtp_profile = NULL; 3168e7660786Sdoug 3169e7660786Sdoug CBS_init(&cbs, tlsext_srtp_single_invalid, 3170e7660786Sdoug sizeof(tlsext_srtp_single_invalid)); 3171c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3172e7660786Sdoug FAIL("should not be able to parse this\n"); 3173e7660786Sdoug goto err; 3174e7660786Sdoug } 3175e7660786Sdoug 3176e7660786Sdoug failure = 0; 3177e7660786Sdoug 3178e7660786Sdoug err: 3179e7660786Sdoug CBB_cleanup(&cbb); 3180e7660786Sdoug SSL_CTX_free(ssl_ctx); 3181e7660786Sdoug SSL_free(ssl); 3182e7660786Sdoug free(data); 3183e7660786Sdoug 3184e7660786Sdoug return (failure); 3185e7660786Sdoug } 3186e7660786Sdoug #endif /* OPENSSL_NO_SRTP */ 3187e7660786Sdoug 31881964a63aStb static const unsigned char tlsext_clienthello_default[] = { 31892f980399Sbeck 0x00, 0x34, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 31902f980399Sbeck 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 31912f980399Sbeck 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 3192b824c93cSjsing 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 3193b824c93cSjsing 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 3194b824c93cSjsing 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 3195b824c93cSjsing 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 319606f20acaSjsing }; 319706f20acaSjsing 31981964a63aStb /* An empty array is an incomplete type and sizeof() is undefined. */ 31991964a63aStb static const unsigned char tlsext_clienthello_disabled[] = { 32001964a63aStb 0x00, 32011964a63aStb }; 32021964a63aStb static size_t tlsext_clienthello_disabled_len = 0; 320306f20acaSjsing 320406f20acaSjsing static int 320506f20acaSjsing test_tlsext_clienthello_build(void) 320606f20acaSjsing { 320706f20acaSjsing unsigned char *data = NULL; 320806f20acaSjsing SSL_CTX *ssl_ctx = NULL; 320906f20acaSjsing SSL *ssl = NULL; 321027d3e8adStb const struct tls_extension_funcs *client_funcs; 321127d3e8adStb const struct tls_extension_funcs *server_funcs; 321206f20acaSjsing size_t dlen; 321306f20acaSjsing int failure; 321406f20acaSjsing CBB cbb; 321506f20acaSjsing 321606f20acaSjsing failure = 1; 321706f20acaSjsing 321806f20acaSjsing if (!CBB_init(&cbb, 0)) 321906f20acaSjsing errx(1, "failed to create CBB"); 322006f20acaSjsing 32216cba937dSbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { 32226cba937dSbeck FAIL("failed to create SSL_CTX"); 32236cba937dSbeck goto err; 32246cba937dSbeck } 32256cba937dSbeck 32266cba937dSbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) { 32276cba937dSbeck FAIL("failed to create SSL"); 32286cba937dSbeck goto err; 32296cba937dSbeck } 323006f20acaSjsing 3231dc5a472fStb if (!tlsext_linearize_build_order(ssl)) { 3232dc5a472fStb FAIL("failed to linearize build order"); 3233dc5a472fStb goto err; 3234dc5a472fStb } 3235dc5a472fStb 323627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, 323727d3e8adStb &server_funcs)) 323827d3e8adStb errx(1, "failed to fetch supported versions funcs"); 323927d3e8adStb 3240f315d677Sjsing ssl->s3->hs.our_min_tls_version = TLS1_VERSION; 3241f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 324255d16e52Sjsing 3243bf54ddd2Stb if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 324406f20acaSjsing FAIL("failed to build clienthello extensions\n"); 324506f20acaSjsing goto err; 324606f20acaSjsing } 32476cba937dSbeck if (!CBB_finish(&cbb, &data, &dlen)) { 32486cba937dSbeck FAIL("failed to finish CBB"); 32496cba937dSbeck goto err; 32506cba937dSbeck } 325106f20acaSjsing 325206f20acaSjsing if (dlen != sizeof(tlsext_clienthello_default)) { 325306f20acaSjsing FAIL("got clienthello extensions with length %zu, " 325406f20acaSjsing "want length %zu\n", dlen, 325506f20acaSjsing sizeof(tlsext_clienthello_default)); 325606f20acaSjsing compare_data(data, dlen, tlsext_clienthello_default, 325706f20acaSjsing sizeof(tlsext_clienthello_default)); 325806f20acaSjsing goto err; 325906f20acaSjsing } 326006f20acaSjsing if (memcmp(data, tlsext_clienthello_default, dlen) != 0) { 326106f20acaSjsing FAIL("clienthello extensions differs:\n"); 326206f20acaSjsing compare_data(data, dlen, tlsext_clienthello_default, 326306f20acaSjsing sizeof(tlsext_clienthello_default)); 326406f20acaSjsing goto err; 326506f20acaSjsing } 326606f20acaSjsing 3267bb675266Stb free(data); 3268bb675266Stb data = NULL; 326906f20acaSjsing CBB_cleanup(&cbb); 327068934fd7Stb if (!CBB_init(&cbb, 0)) 327168934fd7Stb errx(1, "Failed to create CBB"); 327206f20acaSjsing 327306f20acaSjsing /* Switch to TLSv1.1, disable EC ciphers and session tickets. */ 3274f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; 327506f20acaSjsing if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 327606f20acaSjsing FAIL("failed to set cipher list\n"); 327706f20acaSjsing goto err; 327806f20acaSjsing } 327906f20acaSjsing if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { 32802628ace5Stb FAIL("failed to disable session tickets\n"); 32816cba937dSbeck goto err; 328206f20acaSjsing } 328306f20acaSjsing 3284bf54ddd2Stb if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 328506f20acaSjsing FAIL("failed to build clienthello extensions\n"); 328606f20acaSjsing goto err; 328706f20acaSjsing } 32886cba937dSbeck if (!CBB_finish(&cbb, &data, &dlen)) { 32896cba937dSbeck FAIL("failed to finish CBB"); 32906cba937dSbeck goto err; 32916cba937dSbeck } 329206f20acaSjsing 32931964a63aStb if (dlen != tlsext_clienthello_disabled_len) { 329406f20acaSjsing FAIL("got clienthello extensions with length %zu, " 329506f20acaSjsing "want length %zu\n", dlen, 32961964a63aStb tlsext_clienthello_disabled_len); 329706f20acaSjsing compare_data(data, dlen, tlsext_clienthello_disabled, 32981964a63aStb tlsext_clienthello_disabled_len); 329906f20acaSjsing goto err; 330006f20acaSjsing } 330106f20acaSjsing if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) { 330206f20acaSjsing FAIL("clienthello extensions differs:\n"); 330306f20acaSjsing compare_data(data, dlen, tlsext_clienthello_disabled, 33041964a63aStb tlsext_clienthello_disabled_len); 330506f20acaSjsing goto err; 330606f20acaSjsing } 330706f20acaSjsing 330806f20acaSjsing failure = 0; 330906f20acaSjsing 331006f20acaSjsing err: 331106f20acaSjsing CBB_cleanup(&cbb); 331206f20acaSjsing SSL_CTX_free(ssl_ctx); 331306f20acaSjsing SSL_free(ssl); 331406f20acaSjsing free(data); 331506f20acaSjsing 331606f20acaSjsing return (failure); 331706f20acaSjsing } 331806f20acaSjsing 331993105f9cSjsing unsigned char tlsext_serverhello_default[] = { 332093105f9cSjsing 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 332193105f9cSjsing }; 332206f20acaSjsing 332306f20acaSjsing unsigned char tlsext_serverhello_enabled[] = { 332493105f9cSjsing 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 332593105f9cSjsing 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 332693105f9cSjsing 0x00, 0x00, 332706f20acaSjsing }; 332806f20acaSjsing 332906f20acaSjsing static int 333006f20acaSjsing test_tlsext_serverhello_build(void) 333106f20acaSjsing { 333206f20acaSjsing unsigned char *data = NULL; 333306f20acaSjsing SSL_CTX *ssl_ctx = NULL; 333406f20acaSjsing SSL *ssl = NULL; 333506f20acaSjsing size_t dlen; 333606f20acaSjsing int failure; 333706f20acaSjsing CBB cbb; 333806f20acaSjsing 333906f20acaSjsing failure = 1; 334006f20acaSjsing 334106f20acaSjsing if (!CBB_init(&cbb, 0)) 334206f20acaSjsing errx(1, "failed to create CBB"); 334306f20acaSjsing 33446cba937dSbeck if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) { 33456cba937dSbeck FAIL("failed to create SSL_CTX"); 33466cba937dSbeck goto err; 33476cba937dSbeck } 33486cba937dSbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) { 33496cba937dSbeck FAIL("failed to create SSL"); 33506cba937dSbeck goto err; 33516cba937dSbeck } 3352dc5a472fStb if (!tlsext_linearize_build_order(ssl)) { 3353dc5a472fStb FAIL("failed to linearize build order"); 3354dc5a472fStb goto err; 3355dc5a472fStb } 33566cba937dSbeck if ((ssl->session = SSL_SESSION_new()) == NULL) { 33576cba937dSbeck FAIL("failed to create session"); 33586cba937dSbeck goto err; 33596cba937dSbeck } 336006f20acaSjsing 3361f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 3362f315d677Sjsing ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; 33630fe48b23Sjsing ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0x003c); 3364770503efSjsing 3365bf54ddd2Stb if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 336606f20acaSjsing FAIL("failed to build serverhello extensions\n"); 336706f20acaSjsing goto err; 336806f20acaSjsing } 33696cba937dSbeck if (!CBB_finish(&cbb, &data, &dlen)) { 33706cba937dSbeck FAIL("failed to finish CBB"); 33716cba937dSbeck goto err; 33726cba937dSbeck } 337306f20acaSjsing 337406f20acaSjsing if (dlen != sizeof(tlsext_serverhello_default)) { 337506f20acaSjsing FAIL("got serverhello extensions with length %zu, " 337606f20acaSjsing "want length %zu\n", dlen, 337706f20acaSjsing sizeof(tlsext_serverhello_default)); 337806f20acaSjsing compare_data(data, dlen, tlsext_serverhello_default, 337906f20acaSjsing sizeof(tlsext_serverhello_default)); 338006f20acaSjsing goto err; 338106f20acaSjsing } 338206f20acaSjsing if (memcmp(data, tlsext_serverhello_default, dlen) != 0) { 338306f20acaSjsing FAIL("serverhello extensions differs:\n"); 338406f20acaSjsing compare_data(data, dlen, tlsext_serverhello_default, 338506f20acaSjsing sizeof(tlsext_serverhello_default)); 338606f20acaSjsing goto err; 338706f20acaSjsing } 338806f20acaSjsing 338906f20acaSjsing CBB_cleanup(&cbb); 3390bb675266Stb free(data); 3391bb675266Stb data = NULL; 339268934fd7Stb if (!CBB_init(&cbb, 0)) 339368934fd7Stb errx(1, "Failed to create CBB"); 339406f20acaSjsing 339506f20acaSjsing /* Turn a few things on so we get extensions... */ 3396f315d677Sjsing ssl->s3->send_connection_binding = 1; 33970fe48b23Sjsing ssl->s3->hs.cipher = ssl3_get_cipher_by_value(0xc027); 33981ce7ecd4Sjsing ssl->tlsext_status_expected = 1; 33991ce7ecd4Sjsing ssl->tlsext_ticket_expected = 1; 34006cba937dSbeck if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) { 34016cba937dSbeck FAIL("malloc failed"); 34026cba937dSbeck goto err; 34036cba937dSbeck } 3404736ebdd8Sjsing ssl->session->tlsext_ecpointformatlist_length = 1; 3405736ebdd8Sjsing ssl->session->tlsext_ecpointformatlist[0] = 3406770503efSjsing TLSEXT_ECPOINTFORMAT_uncompressed; 340706f20acaSjsing 3408bf54ddd2Stb if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 340906f20acaSjsing FAIL("failed to build serverhello extensions\n"); 341006f20acaSjsing goto err; 341106f20acaSjsing } 34126cba937dSbeck if (!CBB_finish(&cbb, &data, &dlen)) { 34136cba937dSbeck FAIL("failed to finish CBB"); 34146cba937dSbeck goto err; 34156cba937dSbeck } 341606f20acaSjsing 341706f20acaSjsing if (dlen != sizeof(tlsext_serverhello_enabled)) { 341806f20acaSjsing FAIL("got serverhello extensions with length %zu, " 341906f20acaSjsing "want length %zu\n", dlen, 342006f20acaSjsing sizeof(tlsext_serverhello_enabled)); 342106f20acaSjsing compare_data(data, dlen, tlsext_serverhello_enabled, 342206f20acaSjsing sizeof(tlsext_serverhello_enabled)); 342306f20acaSjsing goto err; 342406f20acaSjsing } 342506f20acaSjsing if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) { 342606f20acaSjsing FAIL("serverhello extensions differs:\n"); 342706f20acaSjsing compare_data(data, dlen, tlsext_serverhello_enabled, 342806f20acaSjsing sizeof(tlsext_serverhello_enabled)); 342906f20acaSjsing goto err; 343006f20acaSjsing } 343106f20acaSjsing 343206f20acaSjsing failure = 0; 343306f20acaSjsing 343406f20acaSjsing err: 343506f20acaSjsing CBB_cleanup(&cbb); 343606f20acaSjsing SSL_CTX_free(ssl_ctx); 343706f20acaSjsing SSL_free(ssl); 343806f20acaSjsing free(data); 343906f20acaSjsing 344006f20acaSjsing return (failure); 344106f20acaSjsing } 344206f20acaSjsing 34431a4ee2c6Sbeck const unsigned char tlsext_versions_client[] = { 34448c287c71Sbeck 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 34458c287c71Sbeck 0x02, 0x03, 0x01, 34468c287c71Sbeck }; 34478c287c71Sbeck 34481a4ee2c6Sbeck const unsigned char tlsext_versions_server[] = { 34491a4ee2c6Sbeck 0x03, 0x04, 34501a4ee2c6Sbeck }; 34511a4ee2c6Sbeck 34528c287c71Sbeck static int 34538c287c71Sbeck test_tlsext_versions_client(void) 34548c287c71Sbeck { 34558c287c71Sbeck unsigned char *data = NULL; 34568c287c71Sbeck SSL_CTX *ssl_ctx = NULL; 34578c287c71Sbeck SSL *ssl = NULL; 345827d3e8adStb const struct tls_extension_funcs *client_funcs; 345927d3e8adStb const struct tls_extension_funcs *server_funcs; 346012e31becStb int failure; 34618c287c71Sbeck size_t dlen; 34628c287c71Sbeck int alert; 34638c287c71Sbeck CBB cbb; 34648c287c71Sbeck CBS cbs; 34658c287c71Sbeck 346612e31becStb failure = 1; 346712e31becStb 346868934fd7Stb if (!CBB_init(&cbb, 0)) 346968934fd7Stb errx(1, "Failed to create CBB"); 34708c287c71Sbeck 34718c287c71Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 34728c287c71Sbeck errx(1, "failed to create SSL_CTX"); 34738c287c71Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 34748c287c71Sbeck errx(1, "failed to create SSL"); 34758c287c71Sbeck 347627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, 347727d3e8adStb &server_funcs)) 347827d3e8adStb errx(1, "failed to fetch supported versions funcs"); 347927d3e8adStb 3480f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; 34818c287c71Sbeck 348227d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 34838c287c71Sbeck FAIL("client should not need versions\n"); 34848c287c71Sbeck goto done; 34858c287c71Sbeck } 34868c287c71Sbeck 3487f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 34888c287c71Sbeck 348927d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 34908c287c71Sbeck FAIL("client should not need versions\n"); 34918c287c71Sbeck goto done; 34928c287c71Sbeck } 34938c287c71Sbeck 3494f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 34958c287c71Sbeck 349627d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 34978c287c71Sbeck FAIL("client should need versions\n"); 34988c287c71Sbeck goto done; 34998c287c71Sbeck } 35008c287c71Sbeck 3501f315d677Sjsing ssl->s3->hs.our_min_tls_version = TLS1_VERSION; 3502f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 35038c287c71Sbeck 350427d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 35058c287c71Sbeck FAIL("client should have built versions\n"); 35068c287c71Sbeck goto done; 35078c287c71Sbeck } 35088c287c71Sbeck 35098c287c71Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 35102628ace5Stb FAIL("failed to finish CBB\n"); 35118c287c71Sbeck goto done; 35128c287c71Sbeck } 35138c287c71Sbeck 35148c287c71Sbeck if (dlen != sizeof(tlsext_versions_client)) { 35158c287c71Sbeck FAIL("got versions with length %zu, " 35161a4ee2c6Sbeck "want length %zu\n", dlen, sizeof(tlsext_versions_client)); 35178c287c71Sbeck goto done; 35188c287c71Sbeck } 35198c287c71Sbeck 35201a4ee2c6Sbeck CBS_init(&cbs, data, dlen); 3521c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 35228c287c71Sbeck FAIL("failed to parse client versions\n"); 35238c287c71Sbeck goto done; 35248c287c71Sbeck } 35258c287c71Sbeck if (CBS_len(&cbs) != 0) { 35262628ace5Stb FAIL("extension data remaining\n"); 35278c287c71Sbeck goto done; 35288c287c71Sbeck } 352912e31becStb 353012e31becStb failure = 0; 353112e31becStb 35328c287c71Sbeck done: 35338c287c71Sbeck CBB_cleanup(&cbb); 35348c287c71Sbeck SSL_CTX_free(ssl_ctx); 35358c287c71Sbeck SSL_free(ssl); 35368c287c71Sbeck free(data); 35378c287c71Sbeck 35388c287c71Sbeck return (failure); 35398c287c71Sbeck } 35408c287c71Sbeck 35411a4ee2c6Sbeck static int 35421a4ee2c6Sbeck test_tlsext_versions_server(void) 35431a4ee2c6Sbeck { 35441a4ee2c6Sbeck unsigned char *data = NULL; 35451a4ee2c6Sbeck SSL_CTX *ssl_ctx = NULL; 35461a4ee2c6Sbeck SSL *ssl = NULL; 354727d3e8adStb const struct tls_extension_funcs *client_funcs; 354827d3e8adStb const struct tls_extension_funcs *server_funcs; 354912e31becStb int failure; 35501a4ee2c6Sbeck size_t dlen; 35511a4ee2c6Sbeck int alert; 35521a4ee2c6Sbeck CBB cbb; 35531a4ee2c6Sbeck CBS cbs; 35541a4ee2c6Sbeck 355512e31becStb failure = 1; 355612e31becStb 355768934fd7Stb if (!CBB_init(&cbb, 0)) 355868934fd7Stb errx(1, "Failed to create CBB"); 35591a4ee2c6Sbeck 35601a4ee2c6Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 35611a4ee2c6Sbeck errx(1, "failed to create SSL_CTX"); 35621a4ee2c6Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 35631a4ee2c6Sbeck errx(1, "failed to create SSL"); 35641a4ee2c6Sbeck 356527d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_supported_versions, &client_funcs, 356627d3e8adStb &server_funcs)) 356727d3e8adStb errx(1, "failed to fetch supported versions funcs"); 356827d3e8adStb 3569f315d677Sjsing ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; 35701a4ee2c6Sbeck 357127d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 35721a4ee2c6Sbeck FAIL("server should not need versions\n"); 35731a4ee2c6Sbeck goto done; 35741a4ee2c6Sbeck } 35751a4ee2c6Sbeck 3576f315d677Sjsing ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; 35771a4ee2c6Sbeck 357827d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 35791a4ee2c6Sbeck FAIL("server should need versions\n"); 35801a4ee2c6Sbeck goto done; 35811a4ee2c6Sbeck } 35821a4ee2c6Sbeck 358327d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 35841a4ee2c6Sbeck FAIL("server should have built versions\n"); 35851a4ee2c6Sbeck goto done; 35861a4ee2c6Sbeck } 35871a4ee2c6Sbeck 35881a4ee2c6Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 35892628ace5Stb FAIL("failed to finish CBB\n"); 35901a4ee2c6Sbeck goto done; 35911a4ee2c6Sbeck } 35921a4ee2c6Sbeck 35931a4ee2c6Sbeck if (dlen != sizeof(tlsext_versions_server)) { 35941a4ee2c6Sbeck FAIL("got versions with length %zu, " 35951a4ee2c6Sbeck "want length %zu\n", dlen, sizeof(tlsext_versions_server)); 35961a4ee2c6Sbeck goto done; 35971a4ee2c6Sbeck } 35981a4ee2c6Sbeck 35991a4ee2c6Sbeck CBS_init(&cbs, data, dlen); 3600c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 36011a4ee2c6Sbeck FAIL("failed to parse client versions\n"); 36021a4ee2c6Sbeck goto done; 36031a4ee2c6Sbeck } 36041a4ee2c6Sbeck if (CBS_len(&cbs) != 0) { 36052628ace5Stb FAIL("extension data remaining\n"); 36061a4ee2c6Sbeck goto done; 36071a4ee2c6Sbeck } 360812e31becStb 360912e31becStb failure = 0; 361012e31becStb 36111a4ee2c6Sbeck done: 36121a4ee2c6Sbeck CBB_cleanup(&cbb); 36131a4ee2c6Sbeck SSL_CTX_free(ssl_ctx); 36141a4ee2c6Sbeck SSL_free(ssl); 36151a4ee2c6Sbeck free(data); 36161a4ee2c6Sbeck 36171a4ee2c6Sbeck return (failure); 36181a4ee2c6Sbeck } 36191a4ee2c6Sbeck 36201a4ee2c6Sbeck const unsigned char tlsext_keyshare_client[] = { 36218c287c71Sbeck 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83, 36228c287c71Sbeck 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70, 36238c287c71Sbeck 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8, 36248c287c71Sbeck 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57, 36258c287c71Sbeck 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b, 36268c287c71Sbeck }; 36278c287c71Sbeck 36281a4ee2c6Sbeck const unsigned char tlsext_keyshare_server[] = { 36291a4ee2c6Sbeck 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9, 36301a4ee2c6Sbeck 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c, 36311a4ee2c6Sbeck 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11, 36321a4ee2c6Sbeck 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51, 36331a4ee2c6Sbeck 0x76, 0x1e, 0xe8, 0x22 36341a4ee2c6Sbeck }; 36351a4ee2c6Sbeck 36368c287c71Sbeck static int 36378c287c71Sbeck test_tlsext_keyshare_client(void) 36388c287c71Sbeck { 36398c287c71Sbeck unsigned char *data = NULL; 36408c287c71Sbeck SSL_CTX *ssl_ctx = NULL; 36418c287c71Sbeck SSL *ssl = NULL; 364227d3e8adStb const struct tls_extension_funcs *client_funcs; 364327d3e8adStb const struct tls_extension_funcs *server_funcs; 364412e31becStb int failure; 36458c287c71Sbeck size_t dlen; 3646be89428cSbeck size_t idx; 36478c287c71Sbeck int alert; 36488c287c71Sbeck CBB cbb; 36498c287c71Sbeck CBS cbs; 36508c287c71Sbeck 365112e31becStb failure = 1; 365212e31becStb 365368934fd7Stb if (!CBB_init(&cbb, 0)) 365468934fd7Stb errx(1, "Failed to create CBB"); 36558c287c71Sbeck 36568c287c71Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 36578c287c71Sbeck errx(1, "failed to create SSL_CTX"); 36588c287c71Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 36598c287c71Sbeck errx(1, "failed to create SSL"); 36608c287c71Sbeck 366127d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs, 366227d3e8adStb &server_funcs)) 366327d3e8adStb errx(1, "failed to fetch keyshare funcs"); 366427d3e8adStb 3665f315d677Sjsing if ((ssl->s3->hs.key_share = 36665fa2da97Sjsing tls_key_share_new_nid(NID_X25519)) == NULL) 366792c589bbSjsing errx(1, "failed to create key share"); 3668f315d677Sjsing if (!tls_key_share_generate(ssl->s3->hs.key_share)) 366992c589bbSjsing errx(1, "failed to generate key share"); 367092c589bbSjsing 3671f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 367227d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 36738c287c71Sbeck FAIL("client should not need keyshare\n"); 36748c287c71Sbeck goto done; 36758c287c71Sbeck } 36768c287c71Sbeck 3677f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 367827d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 36798c287c71Sbeck FAIL("client should need keyshare\n"); 36808c287c71Sbeck goto done; 36818c287c71Sbeck } 36828c287c71Sbeck 3683f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 368427d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 36858c287c71Sbeck FAIL("client should have built keyshare\n"); 36868c287c71Sbeck goto done; 36878c287c71Sbeck } 36888c287c71Sbeck 36898c287c71Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 36902628ace5Stb FAIL("failed to finish CBB\n"); 36918c287c71Sbeck goto done; 36928c287c71Sbeck } 36938c287c71Sbeck 36948c287c71Sbeck if (dlen != sizeof(tlsext_keyshare_client)) { 3695dec63d9fSbeck FAIL("got client keyshare with length %zu, " 36968c287c71Sbeck "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client)); 36978c287c71Sbeck goto done; 36988c287c71Sbeck } 36998c287c71Sbeck 3700be89428cSbeck ssl->version = TLS1_3_VERSION; 37011a4ee2c6Sbeck 3702be89428cSbeck /* Fake up the ssl enough so the key share can process */ 370306e8da34Sbeck tls_key_share_free(ssl->s3->hs.key_share); 3704be89428cSbeck ssl->session = SSL_SESSION_new(); 37050e01298eSbeck if (ssl->session == NULL) { 37060e01298eSbeck FAIL("malloc"); 37070e01298eSbeck goto done; 37080e01298eSbeck } 370906e8da34Sbeck memset(ssl->s3, 0, sizeof(*ssl->s3)); 3710be89428cSbeck ssl->session->tlsext_supportedgroups = calloc(4, 3711be89428cSbeck sizeof(unsigned short)); 37120e01298eSbeck if (ssl->session->tlsext_supportedgroups == NULL) { 3713be89428cSbeck FAIL("malloc"); 37148c287c71Sbeck goto done; 37158c287c71Sbeck } 3716be89428cSbeck ssl->session->tlsext_supportedgroups[0] = 29; 3717be89428cSbeck ssl->session->tlsext_supportedgroups[1] = 23; 3718be89428cSbeck ssl->session->tlsext_supportedgroups[2] = 24; 3719be89428cSbeck ssl->session->tlsext_supportedgroups[3] = 25; 3720be89428cSbeck ssl->session->tlsext_supportedgroups_length = 4; 3721be89428cSbeck tls_extension_find(TLSEXT_TYPE_supported_groups, &idx); 3722be89428cSbeck ssl->s3->hs.extensions_processed |= (1 << idx); 3723be89428cSbeck ssl->s3->hs.extensions_seen |= (1 << idx); 3724be89428cSbeck ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 37251a4ee2c6Sbeck 3726be89428cSbeck /* 3727be89428cSbeck * We should select the key share for group 29, when group 29 3728be89428cSbeck * is the most preferred group 3729be89428cSbeck */ 3730be89428cSbeck CBS_init(&cbs, data, dlen); 3731be89428cSbeck if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3732be89428cSbeck FAIL("failed to process client keyshare\n"); 3733be89428cSbeck goto done; 3734be89428cSbeck } 37358c287c71Sbeck if (CBS_len(&cbs) != 0) { 37362628ace5Stb FAIL("extension data remaining\n"); 37378c287c71Sbeck goto done; 37388c287c71Sbeck } 3739be89428cSbeck if (ssl->s3->hs.key_share == NULL) { 3740be89428cSbeck FAIL("Did not select a key share"); 3741be89428cSbeck goto done; 3742be89428cSbeck } 3743be89428cSbeck 3744be89428cSbeck /* 3745be89428cSbeck * Pretend the client did not send the supported groups extension. We 3746be89428cSbeck * should fail to process. 3747be89428cSbeck */ 3748be89428cSbeck ssl->s3->hs.extensions_seen = 0; 374906e8da34Sbeck tls_key_share_free(ssl->s3->hs.key_share); 3750be89428cSbeck ssl->s3->hs.key_share = NULL; 3751be89428cSbeck CBS_init(&cbs, data, dlen); 3752be89428cSbeck if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3753be89428cSbeck FAIL("Processed key share when supported groups not provided"); 3754be89428cSbeck goto done; 3755be89428cSbeck } 3756be89428cSbeck ssl->s3->hs.extensions_seen |= (1 << idx); 3757be89428cSbeck 3758be89428cSbeck /* 3759be89428cSbeck * Pretend supported groups did not get processed. We should fail to 3760be89428cSbeck * process 3761be89428cSbeck */ 3762be89428cSbeck ssl->s3->hs.extensions_processed = 0; 3763be89428cSbeck ssl->s3->hs.key_share = NULL; 3764be89428cSbeck CBS_init(&cbs, data, dlen); 3765be89428cSbeck if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3766be89428cSbeck FAIL("Processed key share when supported groups unprocesed"); 3767be89428cSbeck goto done; 3768be89428cSbeck } 3769be89428cSbeck ssl->s3->hs.extensions_processed |= (1 << idx); 3770be89428cSbeck 3771be89428cSbeck /* 3772be89428cSbeck * Remove group 29 by making it 0xbeef, meaning 29 has not been sent in 3773be89428cSbeck * supported groups. This should fail to process. 3774be89428cSbeck */ 3775be89428cSbeck ssl->session->tlsext_supportedgroups[0] = 0xbeef; 3776be89428cSbeck ssl->s3->hs.key_share = NULL; 3777be89428cSbeck CBS_init(&cbs, data, dlen); 3778be89428cSbeck if (server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3779be89428cSbeck FAIL("Processed key share with invalid group!"); 3780be89428cSbeck goto done; 3781be89428cSbeck } 3782be89428cSbeck 3783be89428cSbeck /* 3784be89428cSbeck * Make 29 least preferred, while server supports both 29 and 25. 3785be89428cSbeck * Client key share is for 29 but it prefers 25. We should successfully 3786be89428cSbeck * process, but should not select this key share. 3787be89428cSbeck */ 3788be89428cSbeck ssl->session->tlsext_supportedgroups[0] = 25; 3789be89428cSbeck ssl->session->tlsext_supportedgroups[3] = 29; 3790be89428cSbeck ssl->s3->hs.key_share = NULL; 3791be89428cSbeck CBS_init(&cbs, data, dlen); 3792be89428cSbeck if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3793be89428cSbeck FAIL("failed to process client keyshare\n"); 3794be89428cSbeck goto done; 3795be89428cSbeck } 3796be89428cSbeck if (CBS_len(&cbs) != 0) { 3797be89428cSbeck FAIL("extension data remaining\n"); 3798be89428cSbeck goto done; 3799be89428cSbeck } 3800be89428cSbeck if (ssl->s3->hs.key_share != NULL) { 3801be89428cSbeck FAIL("Selected a key share when I should not have!"); 3802be89428cSbeck goto done; 3803be89428cSbeck } 3804be89428cSbeck ssl->session->tlsext_supportedgroups[0] = 29; 3805be89428cSbeck ssl->session->tlsext_supportedgroups[3] = 25; 38061a4ee2c6Sbeck 380712e31becStb failure = 0; 38081a4ee2c6Sbeck 38098c287c71Sbeck done: 38108c287c71Sbeck CBB_cleanup(&cbb); 38118c287c71Sbeck SSL_CTX_free(ssl_ctx); 38128c287c71Sbeck SSL_free(ssl); 38138c287c71Sbeck free(data); 38148c287c71Sbeck 38158c287c71Sbeck return (failure); 38168c287c71Sbeck } 38178c287c71Sbeck 3818f254e59bStb static const uint8_t bogokey[] = { 3819f254e59bStb 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3, 3820f254e59bStb 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99, 3821f254e59bStb 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6, 3822f254e59bStb 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, 3823f254e59bStb }; 3824f254e59bStb 38251a4ee2c6Sbeck static int 38261a4ee2c6Sbeck test_tlsext_keyshare_server(void) 38271a4ee2c6Sbeck { 38281a4ee2c6Sbeck unsigned char *data = NULL; 38291a4ee2c6Sbeck SSL_CTX *ssl_ctx = NULL; 38301a4ee2c6Sbeck SSL *ssl = NULL; 383127d3e8adStb const struct tls_extension_funcs *client_funcs; 383227d3e8adStb const struct tls_extension_funcs *server_funcs; 3833816aef0bSjsing int decode_error; 383412e31becStb int failure; 38351a4ee2c6Sbeck size_t dlen, idx; 38361a4ee2c6Sbeck int alert; 38371a4ee2c6Sbeck CBB cbb; 38381a4ee2c6Sbeck CBS cbs; 38391a4ee2c6Sbeck 384012e31becStb failure = 1; 384112e31becStb 38422e25cc2dStb if (!CBB_init(&cbb, 0)) 38432e25cc2dStb errx(1, "Failed to create CBB"); 38442e25cc2dStb 38451a4ee2c6Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 38461a4ee2c6Sbeck errx(1, "failed to create SSL_CTX"); 38471a4ee2c6Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 38481a4ee2c6Sbeck errx(1, "failed to create SSL"); 38491a4ee2c6Sbeck 385027d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_key_share, &client_funcs, 385127d3e8adStb &server_funcs)) 385227d3e8adStb errx(1, "failed to fetch keyshare funcs"); 385327d3e8adStb 3854f315d677Sjsing ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; 385527d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 38561a4ee2c6Sbeck FAIL("server should not need keyshare\n"); 38571a4ee2c6Sbeck goto done; 38581a4ee2c6Sbeck } 38591a4ee2c6Sbeck 3860f315d677Sjsing ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; 386127d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 38621a4ee2c6Sbeck FAIL("client should not need keyshare\n"); 38631a4ee2c6Sbeck goto done; 38641a4ee2c6Sbeck } 38651a4ee2c6Sbeck 386692c589bbSjsing if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) { 38672628ace5Stb FAIL("failed to find keyshare extension\n"); 386892c589bbSjsing goto done; 386992c589bbSjsing } 3870f315d677Sjsing ssl->s3->hs.extensions_seen |= (1 << idx); 38711a4ee2c6Sbeck 387227d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 38732628ace5Stb FAIL("server should need keyshare\n"); 38741a4ee2c6Sbeck goto done; 38751a4ee2c6Sbeck } 38761a4ee2c6Sbeck 387727d3e8adStb if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 38782628ace5Stb FAIL("server should not have built a keyshare response\n"); 38791a4ee2c6Sbeck goto done; 38801a4ee2c6Sbeck } 38811a4ee2c6Sbeck 3882f315d677Sjsing if ((ssl->s3->hs.key_share = 38835fa2da97Sjsing tls_key_share_new_nid(NID_X25519)) == NULL) { 38846cba937dSbeck FAIL("failed to create key share"); 38856cba937dSbeck goto done; 38866cba937dSbeck } 38876cba937dSbeck 3888f315d677Sjsing if (!tls_key_share_generate(ssl->s3->hs.key_share)) { 38896cba937dSbeck FAIL("failed to generate key share"); 38906cba937dSbeck goto done; 38916cba937dSbeck } 389292c589bbSjsing 389392c589bbSjsing CBS_init(&cbs, bogokey, sizeof(bogokey)); 38946cba937dSbeck 3895f315d677Sjsing if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs, 3896816aef0bSjsing &decode_error, NULL)) { 38972628ace5Stb FAIL("failed to load peer public key\n"); 389892c589bbSjsing goto done; 389992c589bbSjsing } 390089c7562dSjsing 390127d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 39022628ace5Stb FAIL("server should be able to build a keyshare response\n"); 39031a4ee2c6Sbeck goto done; 39041a4ee2c6Sbeck } 39051a4ee2c6Sbeck 39061a4ee2c6Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 39072628ace5Stb FAIL("failed to finish CBB\n"); 39081a4ee2c6Sbeck goto done; 39091a4ee2c6Sbeck } 39101a4ee2c6Sbeck 39111a4ee2c6Sbeck if (dlen != sizeof(tlsext_keyshare_server)) { 39121a4ee2c6Sbeck FAIL("got server keyshare with length %zu, " 39131a4ee2c6Sbeck "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); 39141a4ee2c6Sbeck goto done; 39151a4ee2c6Sbeck } 39161a4ee2c6Sbeck 3917bb675266Stb tls_key_share_free(ssl->s3->hs.key_share); 3918bb675266Stb 3919f315d677Sjsing if ((ssl->s3->hs.key_share = 39205fa2da97Sjsing tls_key_share_new_nid(NID_X25519)) == NULL) { 39216cba937dSbeck FAIL("failed to create key share"); 39226cba937dSbeck goto done; 39236cba937dSbeck } 3924f315d677Sjsing if (!tls_key_share_generate(ssl->s3->hs.key_share)) { 39256cba937dSbeck FAIL("failed to generate key share"); 39266cba937dSbeck goto done; 39276cba937dSbeck } 392878e2db9eSjsing 39291a4ee2c6Sbeck CBS_init(&cbs, data, dlen); 39301a4ee2c6Sbeck 3931c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 39321a4ee2c6Sbeck FAIL("failed to parse server keyshare\n"); 39331a4ee2c6Sbeck goto done; 39341a4ee2c6Sbeck } 39351a4ee2c6Sbeck 39361a4ee2c6Sbeck if (CBS_len(&cbs) != 0) { 39372628ace5Stb FAIL("extension data remaining\n"); 39381a4ee2c6Sbeck goto done; 39391a4ee2c6Sbeck } 39401a4ee2c6Sbeck 39416cba937dSbeck failure = 0; 394212e31becStb 39431a4ee2c6Sbeck done: 39441a4ee2c6Sbeck CBB_cleanup(&cbb); 39451a4ee2c6Sbeck SSL_CTX_free(ssl_ctx); 39461a4ee2c6Sbeck SSL_free(ssl); 39471a4ee2c6Sbeck free(data); 39481a4ee2c6Sbeck 39491a4ee2c6Sbeck return (failure); 39501a4ee2c6Sbeck } 39511a4ee2c6Sbeck 39521a4ee2c6Sbeck /* One day I hope to be the only Muppet in this codebase */ 39531a4ee2c6Sbeck const uint8_t cookie[] = "\n" 3954b39c7a54Sbeck " (o)(o) \n" 3955b39c7a54Sbeck " m' 'm \n" 3956b39c7a54Sbeck " M -****- M \n" 3957b39c7a54Sbeck " 'm m' \n" 3958b39c7a54Sbeck " m''''''''''m \n" 3959b39c7a54Sbeck " M M BB \n"; 39601a4ee2c6Sbeck 39611a4ee2c6Sbeck static int 39621a4ee2c6Sbeck test_tlsext_cookie_client(void) 39631a4ee2c6Sbeck { 39641a4ee2c6Sbeck unsigned char *data = NULL; 39651a4ee2c6Sbeck SSL_CTX *ssl_ctx = NULL; 39661a4ee2c6Sbeck SSL *ssl = NULL; 396727d3e8adStb const struct tls_extension_funcs *client_funcs; 396827d3e8adStb const struct tls_extension_funcs *server_funcs; 396912e31becStb int failure; 39701a4ee2c6Sbeck size_t dlen; 39711a4ee2c6Sbeck int alert; 39721a4ee2c6Sbeck CBB cbb; 39731a4ee2c6Sbeck CBS cbs; 39741a4ee2c6Sbeck 397512e31becStb failure = 1; 397612e31becStb 397768934fd7Stb if (!CBB_init(&cbb, 0)) 397868934fd7Stb errx(1, "Failed to create CBB"); 39791a4ee2c6Sbeck 39801a4ee2c6Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 39811a4ee2c6Sbeck errx(1, "failed to create SSL_CTX"); 39821a4ee2c6Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 39831a4ee2c6Sbeck errx(1, "failed to create SSL"); 39841a4ee2c6Sbeck 398527d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs, 398627d3e8adStb &server_funcs)) 398727d3e8adStb errx(1, "failed to fetch cookie funcs"); 398827d3e8adStb 3989f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 399027d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 39911a4ee2c6Sbeck FAIL("client should not need cookie\n"); 39921a4ee2c6Sbeck goto done; 39931a4ee2c6Sbeck } 39941a4ee2c6Sbeck 39951a4ee2c6Sbeck 3996f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 399727d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 39981a4ee2c6Sbeck FAIL("client should not need cookie\n"); 39991a4ee2c6Sbeck goto done; 40001a4ee2c6Sbeck } 40011a4ee2c6Sbeck 40021a4ee2c6Sbeck /* Normally would be set by receiving a server cookie in an HRR */ 4003f315d677Sjsing ssl->s3->hs.tls13.cookie = strdup(cookie); 4004f315d677Sjsing ssl->s3->hs.tls13.cookie_len = strlen(cookie); 40051a4ee2c6Sbeck 400627d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 40072628ace5Stb FAIL("client should need cookie\n"); 40081a4ee2c6Sbeck goto done; 40091a4ee2c6Sbeck } 40101a4ee2c6Sbeck 401127d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 40122628ace5Stb FAIL("client should have built a cookie response\n"); 40131a4ee2c6Sbeck goto done; 40141a4ee2c6Sbeck } 40151a4ee2c6Sbeck 40161a4ee2c6Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 40172628ace5Stb FAIL("failed to finish CBB\n"); 40181a4ee2c6Sbeck goto done; 40191a4ee2c6Sbeck } 40201a4ee2c6Sbeck 40211a4ee2c6Sbeck if (dlen != strlen(cookie) + sizeof(uint16_t)) { 40221a4ee2c6Sbeck FAIL("got cookie with length %zu, " 40231a4ee2c6Sbeck "want length %zu\n", dlen, strlen(cookie) + 40241a4ee2c6Sbeck sizeof(uint16_t)); 40251a4ee2c6Sbeck goto done; 40261a4ee2c6Sbeck } 40271a4ee2c6Sbeck 40281a4ee2c6Sbeck CBS_init(&cbs, data, dlen); 40291a4ee2c6Sbeck 40300f32bcb3Sjsing /* Checks cookie against what's in the hs.tls13 */ 4031c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 40321a4ee2c6Sbeck FAIL("failed to parse client cookie\n"); 40331a4ee2c6Sbeck goto done; 40341a4ee2c6Sbeck } 40351a4ee2c6Sbeck 40361a4ee2c6Sbeck if (CBS_len(&cbs) != 0) { 40372628ace5Stb FAIL("extension data remaining\n"); 40381a4ee2c6Sbeck goto done; 40391a4ee2c6Sbeck } 40401a4ee2c6Sbeck 404112e31becStb failure = 0; 404212e31becStb 40431a4ee2c6Sbeck done: 40441a4ee2c6Sbeck CBB_cleanup(&cbb); 40451a4ee2c6Sbeck SSL_CTX_free(ssl_ctx); 40461a4ee2c6Sbeck SSL_free(ssl); 40471a4ee2c6Sbeck free(data); 40481a4ee2c6Sbeck 40491a4ee2c6Sbeck return (failure); 40501a4ee2c6Sbeck } 40511a4ee2c6Sbeck 40521a4ee2c6Sbeck static int 40531a4ee2c6Sbeck test_tlsext_cookie_server(void) 40541a4ee2c6Sbeck { 40551a4ee2c6Sbeck unsigned char *data = NULL; 40561a4ee2c6Sbeck SSL_CTX *ssl_ctx = NULL; 40571a4ee2c6Sbeck SSL *ssl = NULL; 405827d3e8adStb const struct tls_extension_funcs *client_funcs; 405927d3e8adStb const struct tls_extension_funcs *server_funcs; 406012e31becStb int failure; 40611a4ee2c6Sbeck size_t dlen; 40621a4ee2c6Sbeck int alert; 40631a4ee2c6Sbeck CBB cbb; 40641a4ee2c6Sbeck CBS cbs; 40651a4ee2c6Sbeck 406612e31becStb failure = 1; 406712e31becStb 406868934fd7Stb if (!CBB_init(&cbb, 0)) 406968934fd7Stb errx(1, "Failed to create CBB"); 40701a4ee2c6Sbeck 40711a4ee2c6Sbeck if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 40721a4ee2c6Sbeck errx(1, "failed to create SSL_CTX"); 40731a4ee2c6Sbeck if ((ssl = SSL_new(ssl_ctx)) == NULL) 40741a4ee2c6Sbeck errx(1, "failed to create SSL"); 40751a4ee2c6Sbeck 407627d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_cookie, &client_funcs, 407727d3e8adStb &server_funcs)) 407827d3e8adStb errx(1, "failed to fetch cookie funcs"); 407927d3e8adStb 4080f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 408127d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 40821a4ee2c6Sbeck FAIL("server should not need cookie\n"); 40831a4ee2c6Sbeck goto done; 40841a4ee2c6Sbeck } 40851a4ee2c6Sbeck 4086f315d677Sjsing ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 408727d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 40881a4ee2c6Sbeck FAIL("server should not need cookie\n"); 40891a4ee2c6Sbeck goto done; 40901a4ee2c6Sbeck } 40911a4ee2c6Sbeck 40921a4ee2c6Sbeck /* Normally would be set by server before sending HRR */ 4093f315d677Sjsing ssl->s3->hs.tls13.cookie = strdup(cookie); 4094f315d677Sjsing ssl->s3->hs.tls13.cookie_len = strlen(cookie); 40951a4ee2c6Sbeck 409627d3e8adStb if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) { 40972628ace5Stb FAIL("server should need cookie\n"); 40981a4ee2c6Sbeck goto done; 40991a4ee2c6Sbeck } 41001a4ee2c6Sbeck 410127d3e8adStb if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) { 41022a70c749Stb FAIL("server should have built a cookie response\n"); 41031a4ee2c6Sbeck goto done; 41041a4ee2c6Sbeck } 41051a4ee2c6Sbeck 41061a4ee2c6Sbeck if (!CBB_finish(&cbb, &data, &dlen)) { 41072628ace5Stb FAIL("failed to finish CBB\n"); 41081a4ee2c6Sbeck goto done; 41091a4ee2c6Sbeck } 41101a4ee2c6Sbeck 41111a4ee2c6Sbeck if (dlen != strlen(cookie) + sizeof(uint16_t)) { 41121a4ee2c6Sbeck FAIL("got cookie with length %zu, " 41131a4ee2c6Sbeck "want length %zu\n", dlen, strlen(cookie) + 41141a4ee2c6Sbeck sizeof(uint16_t)); 41151a4ee2c6Sbeck goto done; 41161a4ee2c6Sbeck } 41171a4ee2c6Sbeck 41181a4ee2c6Sbeck CBS_init(&cbs, data, dlen); 41191a4ee2c6Sbeck 4120c8946a7fSjsing if (client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 41211a4ee2c6Sbeck FAIL("client should not have parsed server cookie\n"); 41221a4ee2c6Sbeck goto done; 41231a4ee2c6Sbeck } 41241a4ee2c6Sbeck 4125f315d677Sjsing freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len); 4126f315d677Sjsing ssl->s3->hs.tls13.cookie = NULL; 4127f315d677Sjsing ssl->s3->hs.tls13.cookie_len = 0; 41281a4ee2c6Sbeck 4129c8946a7fSjsing if (!client_funcs->process(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 41301a4ee2c6Sbeck FAIL("failed to parse server cookie\n"); 41311a4ee2c6Sbeck goto done; 41321a4ee2c6Sbeck } 41331a4ee2c6Sbeck 4134f315d677Sjsing if (memcmp(cookie, ssl->s3->hs.tls13.cookie, 4135f315d677Sjsing ssl->s3->hs.tls13.cookie_len) != 0) { 41361a4ee2c6Sbeck FAIL("parsed server cookie does not match sent cookie\n"); 41371a4ee2c6Sbeck goto done; 41381a4ee2c6Sbeck } 41391a4ee2c6Sbeck 41401a4ee2c6Sbeck if (CBS_len(&cbs) != 0) { 41412628ace5Stb FAIL("extension data remaining\n"); 41421a4ee2c6Sbeck goto done; 41431a4ee2c6Sbeck } 41441a4ee2c6Sbeck 414512e31becStb failure = 0; 414612e31becStb 41471a4ee2c6Sbeck done: 41481a4ee2c6Sbeck CBB_cleanup(&cbb); 41491a4ee2c6Sbeck SSL_CTX_free(ssl_ctx); 41501a4ee2c6Sbeck SSL_free(ssl); 41511a4ee2c6Sbeck free(data); 41521a4ee2c6Sbeck 41531a4ee2c6Sbeck return (failure); 41541a4ee2c6Sbeck } 41551a4ee2c6Sbeck 41564c94b8b6Stb const uint8_t tlsext_default_psk_modes[] = { 41574c94b8b6Stb 0x01, 0x01, 41584c94b8b6Stb }; 41594c94b8b6Stb 41604c94b8b6Stb const uint8_t tlsext_psk_only_mode[] = { 41614c94b8b6Stb 0x01, 0x00, 41624c94b8b6Stb }; 41634c94b8b6Stb 41644c94b8b6Stb const uint8_t tlsext_psk_both_modes[] = { 41654c94b8b6Stb 0x02, 0x00, 0x01, 41664c94b8b6Stb }; 41674c94b8b6Stb 41684c94b8b6Stb static int 41694c94b8b6Stb test_tlsext_psk_modes_client(void) 41704c94b8b6Stb { 41714c94b8b6Stb SSL_CTX *ssl_ctx = NULL; 41724c94b8b6Stb SSL *ssl = NULL; 417327d3e8adStb const struct tls_extension_funcs *client_funcs; 417427d3e8adStb const struct tls_extension_funcs *server_funcs; 41754c94b8b6Stb int failure; 41764c94b8b6Stb uint8_t *data = NULL; 41774c94b8b6Stb size_t dlen; 41784c94b8b6Stb CBB cbb; 41794c94b8b6Stb CBS cbs; 41804c94b8b6Stb int alert; 41814c94b8b6Stb 418212e31becStb failure = 1; 418312e31becStb 418468934fd7Stb if (!CBB_init(&cbb, 0)) 418568934fd7Stb errx(1, "Failed to create CBB"); 41864c94b8b6Stb 41874c94b8b6Stb if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 41884c94b8b6Stb errx(1, "failed to create SSL_CTX"); 41894c94b8b6Stb if ((ssl = SSL_new(ssl_ctx)) == NULL) 41904c94b8b6Stb errx(1, "failed to create SSL"); 41914c94b8b6Stb 419227d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs, 419327d3e8adStb &server_funcs)) 419427d3e8adStb errx(1, "failed to fetch psk funcs"); 419527d3e8adStb 41964c94b8b6Stb /* Disabled by default. */ 419727d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 41984c94b8b6Stb FAIL("client should not need psk kex modes by default\n"); 41994c94b8b6Stb goto err; 42004c94b8b6Stb } 42014c94b8b6Stb 42024c94b8b6Stb /* 42034c94b8b6Stb * Prerequisites: use_psk_dhe_ke flag is set and 42044c94b8b6Stb * our_max_tls_version >= TLSv1.3. 42054c94b8b6Stb */ 42064c94b8b6Stb 42074c94b8b6Stb ssl->s3->hs.tls13.use_psk_dhe_ke = 1; 42084c94b8b6Stb ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; 42094c94b8b6Stb 421027d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 42114c94b8b6Stb FAIL("client should not need psk kex modes with TLSv1.2\n"); 42124c94b8b6Stb goto err; 42134c94b8b6Stb } 42144c94b8b6Stb 42154c94b8b6Stb ssl->s3->hs.tls13.use_psk_dhe_ke = 0; 42164c94b8b6Stb ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 42174c94b8b6Stb 421827d3e8adStb if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 42194c94b8b6Stb FAIL("client should not need psk kex modes without " 42204c94b8b6Stb "use_psk_dhe_ke\n"); 42214c94b8b6Stb goto err; 42224c94b8b6Stb } 42234c94b8b6Stb 42244c94b8b6Stb ssl->s3->hs.tls13.use_psk_dhe_ke = 1; 42254c94b8b6Stb ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; 42264c94b8b6Stb 422727d3e8adStb if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { 42284c94b8b6Stb FAIL("client should need psk kex modes with TLSv1.3\n"); 42294c94b8b6Stb goto err; 42304c94b8b6Stb } 42314c94b8b6Stb 4232ea52e959Stb /* Make sure we can build psk modes with DHE key establishment. */ 42334c94b8b6Stb 423427d3e8adStb if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 42354c94b8b6Stb FAIL("client failed to build psk kex modes\n"); 42364c94b8b6Stb goto err; 42374c94b8b6Stb } 42384c94b8b6Stb 42394c94b8b6Stb if (!CBB_finish(&cbb, &data, &dlen)) 42404c94b8b6Stb errx(1, "failed to finish psk kex CBB"); 42414c94b8b6Stb 42424c94b8b6Stb if (dlen != sizeof(tlsext_default_psk_modes)) { 42434c94b8b6Stb FAIL("got client psk kex modes with length %zu, " 42444c94b8b6Stb "want length %zu\n", dlen, 42454c94b8b6Stb sizeof(tlsext_default_psk_modes)); 42464c94b8b6Stb compare_data(data, dlen, tlsext_default_psk_modes, 42474c94b8b6Stb sizeof(tlsext_default_psk_modes)); 42484c94b8b6Stb goto err; 42494c94b8b6Stb } 42504c94b8b6Stb if (memcmp(data, tlsext_default_psk_modes, dlen) != 0) { 42514c94b8b6Stb FAIL("client psk kex modes differ:\n"); 42524c94b8b6Stb compare_data(data, dlen, tlsext_default_psk_modes, 42534c94b8b6Stb sizeof(tlsext_default_psk_modes)); 42544c94b8b6Stb goto err; 42554c94b8b6Stb } 42564c94b8b6Stb 42574c94b8b6Stb CBB_cleanup(&cbb); 42584c94b8b6Stb free(data); 42594c94b8b6Stb data = NULL; 42604c94b8b6Stb 42614c94b8b6Stb /* 42624c94b8b6Stb * Make sure we can parse the default psk modes and that use_psk_dhe_ke 42634c94b8b6Stb * is set after parsing. 42644c94b8b6Stb */ 42654c94b8b6Stb 42664c94b8b6Stb ssl->s3->hs.tls13.use_psk_dhe_ke = 0; 42674c94b8b6Stb 42684c94b8b6Stb CBS_init(&cbs, tlsext_default_psk_modes, 42694c94b8b6Stb sizeof(tlsext_default_psk_modes)); 4270c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 42714c94b8b6Stb FAIL("failed to parse psk kex modes\n"); 42724c94b8b6Stb goto err; 42734c94b8b6Stb } 42744c94b8b6Stb if (CBS_len(&cbs) != 0) { 42754c94b8b6Stb FAIL("extension data remaining\n"); 42764c94b8b6Stb goto err; 42774c94b8b6Stb } 42784c94b8b6Stb 42794c94b8b6Stb if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) { 42804c94b8b6Stb FAIL("should have set use_psk_dhe_ke\n"); 42814c94b8b6Stb goto err; 42824c94b8b6Stb } 42834c94b8b6Stb 42844c94b8b6Stb /* 42854c94b8b6Stb * Make sure we can parse the psk-only mode and that use_psk_dhe_ke 42864c94b8b6Stb * is still not set after parsing. 42874c94b8b6Stb */ 42884c94b8b6Stb 42894c94b8b6Stb ssl->s3->hs.tls13.use_psk_dhe_ke = 0; 42904c94b8b6Stb 42914c94b8b6Stb CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode)); 4292c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 42934c94b8b6Stb FAIL("failed to parse psk kex modes\n"); 42944c94b8b6Stb goto err; 42954c94b8b6Stb } 42964c94b8b6Stb if (CBS_len(&cbs) != 0) { 42974c94b8b6Stb FAIL("extension data remaining\n"); 42984c94b8b6Stb goto err; 42994c94b8b6Stb } 43004c94b8b6Stb 43014c94b8b6Stb if (ssl->s3->hs.tls13.use_psk_dhe_ke != 0) { 43024c94b8b6Stb FAIL("should not have set use_psk_dhe_ke\n"); 43034c94b8b6Stb goto err; 43044c94b8b6Stb } 43054c94b8b6Stb 43064c94b8b6Stb /* 43074c94b8b6Stb * Make sure we can parse the extension indicating both modes and that 43084c94b8b6Stb * use_psk_dhe_ke is set after parsing. 43094c94b8b6Stb */ 43104c94b8b6Stb 43114c94b8b6Stb ssl->s3->hs.tls13.use_psk_dhe_ke = 0; 43124c94b8b6Stb 43134c94b8b6Stb CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes)); 4314c8946a7fSjsing if (!server_funcs->process(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 43154c94b8b6Stb FAIL("failed to parse psk kex modes\n"); 43164c94b8b6Stb goto err; 43174c94b8b6Stb } 43184c94b8b6Stb if (CBS_len(&cbs) != 0) { 43194c94b8b6Stb FAIL("extension data remaining\n"); 43204c94b8b6Stb goto err; 43214c94b8b6Stb } 43224c94b8b6Stb 43234c94b8b6Stb if (ssl->s3->hs.tls13.use_psk_dhe_ke != 1) { 43244c94b8b6Stb FAIL("should have set use_psk_dhe_ke\n"); 43254c94b8b6Stb goto err; 43264c94b8b6Stb } 43274c94b8b6Stb 43284c94b8b6Stb failure = 0; 432912e31becStb 43304c94b8b6Stb err: 43314c94b8b6Stb CBB_cleanup(&cbb); 43324c94b8b6Stb SSL_CTX_free(ssl_ctx); 43334c94b8b6Stb SSL_free(ssl); 43344c94b8b6Stb free(data); 43354c94b8b6Stb 43364c94b8b6Stb return failure; 43374c94b8b6Stb } 43384c94b8b6Stb 43394c94b8b6Stb static int 43404c94b8b6Stb test_tlsext_psk_modes_server(void) 43414c94b8b6Stb { 43424c94b8b6Stb SSL_CTX *ssl_ctx = NULL; 43434c94b8b6Stb SSL *ssl = NULL; 434427d3e8adStb const struct tls_extension_funcs *client_funcs; 434527d3e8adStb const struct tls_extension_funcs *server_funcs; 43464c94b8b6Stb int failure; 43474c94b8b6Stb 43484c94b8b6Stb failure = 1; 43494c94b8b6Stb 43504c94b8b6Stb if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 43514c94b8b6Stb errx(1, "failed to create SSL_CTX"); 43524c94b8b6Stb if ((ssl = SSL_new(ssl_ctx)) == NULL) 43534c94b8b6Stb errx(1, "failed to create SSL"); 43544c94b8b6Stb 435527d3e8adStb if (!tls_extension_funcs(TLSEXT_TYPE_psk_kex_modes, &client_funcs, 435627d3e8adStb &server_funcs)) 435727d3e8adStb errx(1, "failed to fetch psk funcs"); 435827d3e8adStb 435927d3e8adStb if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { 4360ea52e959Stb FAIL("server should not need psk kex modes\n"); 43614c94b8b6Stb goto err; 43624c94b8b6Stb } 43634c94b8b6Stb 43644c94b8b6Stb failure = 0; 436512e31becStb 43664c94b8b6Stb err: 43674c94b8b6Stb SSL_CTX_free(ssl_ctx); 43684c94b8b6Stb SSL_free(ssl); 43694c94b8b6Stb 43704c94b8b6Stb return failure; 43714c94b8b6Stb } 43724c94b8b6Stb 4373de7df9d2Sjsing struct tls_sni_test { 4374de7df9d2Sjsing const char *hostname; 4375de7df9d2Sjsing int is_ip; 4376de7df9d2Sjsing int valid; 4377de7df9d2Sjsing }; 4378de7df9d2Sjsing 4379de7df9d2Sjsing static const struct tls_sni_test tls_sni_tests[] = { 4380de7df9d2Sjsing { 4381de7df9d2Sjsing .hostname = "openbsd.org", 4382de7df9d2Sjsing .valid = 1, 4383de7df9d2Sjsing }, 4384de7df9d2Sjsing { 4385de7df9d2Sjsing .hostname = "op3nbsd.org", 4386de7df9d2Sjsing .valid = 1, 4387de7df9d2Sjsing }, 4388de7df9d2Sjsing { 4389de7df9d2Sjsing .hostname = "org", 4390de7df9d2Sjsing .valid = 1, 4391de7df9d2Sjsing }, 4392de7df9d2Sjsing { 4393de7df9d2Sjsing .hostname = "3openbsd.com", 4394de7df9d2Sjsing .valid = 1, 4395de7df9d2Sjsing }, 4396de7df9d2Sjsing { 4397de7df9d2Sjsing .hostname = "3-0penb-d.c-m", 4398de7df9d2Sjsing .valid = 1, 4399de7df9d2Sjsing }, 4400de7df9d2Sjsing { 4401de7df9d2Sjsing .hostname = "a", 4402de7df9d2Sjsing .valid = 1, 4403de7df9d2Sjsing }, 4404de7df9d2Sjsing { 4405de7df9d2Sjsing .hostname = 440619d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", 4407de7df9d2Sjsing .valid = 1, 4408de7df9d2Sjsing }, 4409de7df9d2Sjsing { 4410de7df9d2Sjsing .hostname = 441119d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 441219d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 441319d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 441419d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 4415de7df9d2Sjsing .valid = 1, 4416de7df9d2Sjsing }, 4417011e454bStb { 4418de7df9d2Sjsing .hostname = "openbsd.org.", 4419de7df9d2Sjsing .valid = 0, 4420de7df9d2Sjsing }, 4421de7df9d2Sjsing { 4422de7df9d2Sjsing .hostname = "openbsd..org", 4423de7df9d2Sjsing .valid = 0, 4424de7df9d2Sjsing }, 4425de7df9d2Sjsing { 4426de7df9d2Sjsing .hostname = "openbsd.org-", 4427de7df9d2Sjsing .valid = 0, 4428de7df9d2Sjsing }, 4429de7df9d2Sjsing { 4430de7df9d2Sjsing .hostname = 443119d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", 4432de7df9d2Sjsing .valid = 0, 4433de7df9d2Sjsing }, 4434de7df9d2Sjsing { 4435de7df9d2Sjsing .hostname = 443619d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 443719d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 443819d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 443919d72426Sbeck "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", 4440de7df9d2Sjsing .valid = 0, 4441de7df9d2Sjsing }, 4442de7df9d2Sjsing { 4443de7df9d2Sjsing .hostname = "-p3nbsd.org", 4444de7df9d2Sjsing .valid = 0, 4445de7df9d2Sjsing }, 4446de7df9d2Sjsing { 4447de7df9d2Sjsing .hostname = "openbs-.org", 4448de7df9d2Sjsing .valid = 0, 4449de7df9d2Sjsing }, 4450de7df9d2Sjsing { 4451de7df9d2Sjsing .hostname = "openbsd\n.org", 4452de7df9d2Sjsing .valid = 0, 4453de7df9d2Sjsing }, 4454de7df9d2Sjsing { 4455de7df9d2Sjsing .hostname = "open_bsd.org", 4456de7df9d2Sjsing .valid = 0, 4457de7df9d2Sjsing }, 4458de7df9d2Sjsing { 4459a6c5be2dStb .hostname = "open\177bsd.org", 4460de7df9d2Sjsing .valid = 0, 4461de7df9d2Sjsing }, 4462de7df9d2Sjsing { 4463de7df9d2Sjsing .hostname = "open\255bsd.org", 4464de7df9d2Sjsing .valid = 0, 4465de7df9d2Sjsing }, 4466de7df9d2Sjsing { 4467de7df9d2Sjsing .hostname = "dead::beef", 4468de7df9d2Sjsing .is_ip = 1, 4469de7df9d2Sjsing .valid = 0, 4470de7df9d2Sjsing }, 4471de7df9d2Sjsing { 4472de7df9d2Sjsing .hostname = "192.168.0.1", 4473de7df9d2Sjsing .is_ip = 1, 4474de7df9d2Sjsing .valid = 0, 4475de7df9d2Sjsing }, 447619d72426Sbeck }; 447719d72426Sbeck 4478de7df9d2Sjsing #define N_TLS_SNI_TESTS (sizeof(tls_sni_tests) / sizeof(*tls_sni_tests)) 4479de7df9d2Sjsing 448019d72426Sbeck static int 4481de7df9d2Sjsing test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) 4482011e454bStb { 448312e31becStb int failure; 4484de7df9d2Sjsing int is_ip; 448519d72426Sbeck CBS cbs; 4486011e454bStb 448712e31becStb failure = 1; 448812e31becStb 4489de7df9d2Sjsing CBS_init(&cbs, tst->hostname, strlen(tst->hostname)); 4490de7df9d2Sjsing if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) { 4491de7df9d2Sjsing if (tst->valid) { 4492de7df9d2Sjsing FAIL("Valid hostname '%s' rejected\n", 4493de7df9d2Sjsing tst->hostname); 4494de7df9d2Sjsing } else { 4495011e454bStb FAIL("Invalid hostname '%s' accepted\n", 4496de7df9d2Sjsing tst->hostname); 4497de7df9d2Sjsing } 449819d72426Sbeck goto done; 449919d72426Sbeck } 4500de7df9d2Sjsing if (tst->is_ip != is_ip) { 4501de7df9d2Sjsing if (tst->is_ip) { 4502de7df9d2Sjsing FAIL("Hostname '%s' is an IP literal but not " 4503de7df9d2Sjsing "identified as one\n", tst->hostname); 4504de7df9d2Sjsing } else { 4505de7df9d2Sjsing FAIL("Hostname '%s' is not an IP literal but is " 4506de7df9d2Sjsing "identified as one\n", tst->hostname); 450719d72426Sbeck } 4508de7df9d2Sjsing goto done; 4509de7df9d2Sjsing } 4510de7df9d2Sjsing 4511de7df9d2Sjsing if (tst->valid) { 4512de7df9d2Sjsing CBS_init(&cbs, tst->hostname, 4513de7df9d2Sjsing strlen(tst->hostname) + 1); 4514de7df9d2Sjsing if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { 45152628ace5Stb FAIL("hostname with NUL byte accepted\n"); 451619d72426Sbeck goto done; 451719d72426Sbeck } 4518de7df9d2Sjsing } 451912e31becStb 452012e31becStb failure = 0; 452112e31becStb 452219d72426Sbeck done: 452312e31becStb 452419d72426Sbeck return failure; 452519d72426Sbeck } 452619d72426Sbeck 4527de7df9d2Sjsing static int 4528de7df9d2Sjsing test_tlsext_valid_hostnames(void) 4529de7df9d2Sjsing { 4530de7df9d2Sjsing const struct tls_sni_test *tst; 4531de7df9d2Sjsing int failure = 0; 4532de7df9d2Sjsing size_t i; 4533de7df9d2Sjsing 4534de7df9d2Sjsing for (i = 0; i < N_TLS_SNI_TESTS; i++) { 4535de7df9d2Sjsing tst = &tls_sni_tests[i]; 4536de7df9d2Sjsing failure |= test_tlsext_is_valid_hostname(tst); 4537de7df9d2Sjsing } 4538de7df9d2Sjsing 4539de7df9d2Sjsing return failure; 4540de7df9d2Sjsing } 45411a4ee2c6Sbeck 4542f313d342Stb #define N_TLSEXT_RANDOMIZATION_TESTS 1000 4543f313d342Stb 4544f313d342Stb static int 4545f313d342Stb test_tlsext_check_extension_order(SSL *ssl) 4546f313d342Stb { 4547f313d342Stb const struct tls_extension *ext; 4548f313d342Stb uint16_t type; 4549f313d342Stb size_t alpn_idx, sni_idx; 4550f313d342Stb size_t i; 4551f313d342Stb 4552f313d342Stb if (ssl->tlsext_build_order_len == 0) { 4553f313d342Stb FAIL("Unexpected zero build order length"); 4554f313d342Stb return 1; 4555f313d342Stb } 4556f313d342Stb 4557f313d342Stb ext = ssl->tlsext_build_order[ssl->tlsext_build_order_len - 1]; 4558f313d342Stb if ((type = tls_extension_type(ext)) != TLSEXT_TYPE_psk) { 4559f313d342Stb FAIL("last extension is %u, want %u\n", type, TLSEXT_TYPE_psk); 4560f313d342Stb return 1; 4561f313d342Stb } 4562f313d342Stb 4563f313d342Stb if (ssl->server) 4564f313d342Stb return 0; 4565f313d342Stb 4566f313d342Stb alpn_idx = sni_idx = ssl->tlsext_build_order_len; 4567f313d342Stb for (i = 0; i < ssl->tlsext_build_order_len; i++) { 4568f313d342Stb ext = ssl->tlsext_build_order[i]; 4569f313d342Stb if (tls_extension_type(ext) == TLSEXT_TYPE_alpn) 4570f313d342Stb alpn_idx = i; 4571f313d342Stb if (tls_extension_type(ext) == TLSEXT_TYPE_server_name) 4572f313d342Stb sni_idx = i; 4573f313d342Stb } 4574f313d342Stb 4575f313d342Stb if (alpn_idx == ssl->tlsext_build_order_len) { 4576f313d342Stb FAIL("could not find alpn extension\n"); 4577f313d342Stb return 1; 4578f313d342Stb } 4579f313d342Stb 4580f313d342Stb if (sni_idx == ssl->tlsext_build_order_len) { 4581f313d342Stb FAIL("could not find alpn extension\n"); 4582f313d342Stb return 1; 4583f313d342Stb } 4584f313d342Stb 4585f313d342Stb if (sni_idx >= alpn_idx) { 4586f313d342Stb FAIL("sni does not precede alpn: %zu >= %zu\n", 4587f313d342Stb sni_idx, alpn_idx); 4588f313d342Stb return 1; 4589f313d342Stb } 4590f313d342Stb 4591f313d342Stb return 0; 4592f313d342Stb } 4593f313d342Stb 4594f313d342Stb static int 4595f313d342Stb test_tlsext_randomized_extensions(SSL *ssl) 4596f313d342Stb { 4597f313d342Stb size_t i; 4598f313d342Stb int failed = 0; 4599f313d342Stb 4600f313d342Stb for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) { 4601f313d342Stb if (!tlsext_randomize_build_order(ssl)) 4602f313d342Stb errx(1, "failed to randomize extensions"); 4603f313d342Stb failed |= test_tlsext_check_extension_order(ssl); 4604f313d342Stb } 4605f313d342Stb 4606f313d342Stb return failed; 4607f313d342Stb } 4608f313d342Stb 4609f313d342Stb static int 4610f313d342Stb test_tlsext_extension_order(void) 4611f313d342Stb { 4612f313d342Stb SSL_CTX *ssl_ctx = NULL; 4613f313d342Stb SSL *ssl = NULL; 4614f313d342Stb int failure; 4615f313d342Stb 4616f313d342Stb failure = 0; 4617f313d342Stb 4618f313d342Stb if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 4619f313d342Stb errx(1, "failed to create SSL_CTX"); 4620f313d342Stb if ((ssl = SSL_new(ssl_ctx)) == NULL) 4621f313d342Stb errx(1, "failed to create SSL"); 4622f313d342Stb 4623f313d342Stb failure |= test_tlsext_randomized_extensions(ssl); 4624f313d342Stb 4625f313d342Stb SSL_CTX_free(ssl_ctx); 4626f313d342Stb SSL_free(ssl); 4627f313d342Stb 4628f313d342Stb if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 4629f313d342Stb errx(1, "failed to create SSL_CTX"); 4630f313d342Stb if ((ssl = SSL_new(ssl_ctx)) == NULL) 4631f313d342Stb errx(1, "failed to create SSL"); 4632f313d342Stb 4633f313d342Stb failure |= test_tlsext_randomized_extensions(ssl); 4634f313d342Stb 4635f313d342Stb SSL_CTX_free(ssl_ctx); 4636f313d342Stb SSL_free(ssl); 4637f313d342Stb 4638f313d342Stb return failure; 4639f313d342Stb } 4640f313d342Stb 46419e5cc899Sjsing int 46429e5cc899Sjsing main(int argc, char **argv) 46439e5cc899Sjsing { 46449e5cc899Sjsing int failed = 0; 46459e5cc899Sjsing 46469e5cc899Sjsing SSL_library_init(); 464706f20acaSjsing SSL_load_error_strings(); 46489e5cc899Sjsing 4649cd527692Sjsing failed |= test_tlsext_alpn_client(); 4650cd527692Sjsing failed |= test_tlsext_alpn_server(); 4651f5443466Sdoug 4652cd527692Sjsing failed |= test_tlsext_supportedgroups_client(); 4653cd527692Sjsing failed |= test_tlsext_supportedgroups_server(); 4654f6b55ceaSjsing 4655cd527692Sjsing failed |= test_tlsext_ecpf_client(); 4656cd527692Sjsing failed |= test_tlsext_ecpf_server(); 4657f6b55ceaSjsing 4658cd527692Sjsing failed |= test_tlsext_ri_client(); 4659cd527692Sjsing failed |= test_tlsext_ri_server(); 46605a5873bbSjsing 4661cd527692Sjsing failed |= test_tlsext_sigalgs_client(); 4662c0ed19ddSjsing 4663cd527692Sjsing failed |= test_tlsext_sni_client(); 4664cd527692Sjsing failed |= test_tlsext_sni_server(); 46659e5cc899Sjsing 4666cd527692Sjsing failed |= test_tlsext_ocsp_client(); 4667cd527692Sjsing failed |= test_tlsext_ocsp_server(); 466840963ed1Sbeck 4669cd527692Sjsing failed |= test_tlsext_sessionticket_client(); 4670cd527692Sjsing failed |= test_tlsext_sessionticket_server(); 4671babaaee1Sdoug 46728c287c71Sbeck failed |= test_tlsext_versions_client(); 46731a4ee2c6Sbeck failed |= test_tlsext_versions_server(); 46748c287c71Sbeck 46758c287c71Sbeck failed |= test_tlsext_keyshare_client(); 46761a4ee2c6Sbeck failed |= test_tlsext_keyshare_server(); 46771a4ee2c6Sbeck 46781a4ee2c6Sbeck failed |= test_tlsext_cookie_client(); 46791a4ee2c6Sbeck failed |= test_tlsext_cookie_server(); 46808c287c71Sbeck 4681e7660786Sdoug #ifndef OPENSSL_NO_SRTP 4682cd527692Sjsing failed |= test_tlsext_srtp_client(); 4683cd527692Sjsing failed |= test_tlsext_srtp_server(); 4684e7660786Sdoug #else 4685e7660786Sdoug fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n"); 4686e7660786Sdoug #endif 4687e7660786Sdoug 4688955716e4Stb failed |= test_tlsext_psk_modes_client(); 4689955716e4Stb failed |= test_tlsext_psk_modes_server(); 4690955716e4Stb 469106f20acaSjsing failed |= test_tlsext_clienthello_build(); 469206f20acaSjsing failed |= test_tlsext_serverhello_build(); 469306f20acaSjsing 469419d72426Sbeck failed |= test_tlsext_valid_hostnames(); 469519d72426Sbeck 46968385bbf8Sbeck failed |= test_tlsext_quic_transport_parameters_client(); 46978385bbf8Sbeck failed |= test_tlsext_quic_transport_parameters_server(); 46988385bbf8Sbeck 4699f313d342Stb failed |= test_tlsext_extension_order(); 4700f313d342Stb 47019e5cc899Sjsing return (failed); 47029e5cc899Sjsing } 4703