1 /* $OpenBSD: tlsexttest.c,v 1.43 2020/08/09 16:26:57 jsing Exp $ */ 2 /* 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 5 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <err.h> 21 22 #include "ssl_locl.h" 23 24 #include "bytestring.h" 25 #include "ssl_tlsext.h" 26 27 static void 28 hexdump(const unsigned char *buf, size_t len) 29 { 30 size_t i; 31 32 for (i = 1; i <= len; i++) 33 fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n"); 34 35 fprintf(stderr, "\n"); 36 } 37 38 static void 39 hexdump2(const uint16_t *buf, size_t len) 40 { 41 size_t i; 42 43 for (i = 1; i <= len / 2; i++) 44 fprintf(stderr, " 0x%04hx,%s", buf[i - 1], i % 8 ? "" : "\n"); 45 46 fprintf(stderr, "\n"); 47 } 48 49 static void 50 compare_data(const uint8_t *recv, size_t recv_len, const uint8_t *expect, 51 size_t expect_len) 52 { 53 fprintf(stderr, "received:\n"); 54 hexdump(recv, recv_len); 55 56 fprintf(stderr, "test data:\n"); 57 hexdump(expect, expect_len); 58 } 59 60 static void 61 compare_data2(const uint16_t *recv, size_t recv_len, const uint16_t *expect, 62 size_t expect_len) 63 { 64 fprintf(stderr, "received:\n"); 65 hexdump2(recv, recv_len); 66 67 fprintf(stderr, "test data:\n"); 68 hexdump2(expect, expect_len); 69 } 70 71 #define FAIL(msg, ...) \ 72 do { \ 73 fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \ 74 fprintf(stderr, msg, ##__VA_ARGS__); \ 75 } while(0) 76 77 /* 78 * Supported Application-Layer Protocol Negotiation - RFC 7301 79 * 80 * There are already extensive unit tests for this so this just 81 * tests the state info. 82 */ 83 84 const uint8_t tlsext_alpn_multiple_protos_val[] = { 85 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 86 0x08, /* len */ 87 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 88 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */ 89 0x09, /* len */ 90 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e 91 }; 92 93 const uint8_t tlsext_alpn_multiple_protos[] = { 94 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */ 95 0x00, 0x13, /* len of all names */ 96 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 97 0x08, /* len */ 98 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 99 /* opaque ProtocolName<1..2^8-1> -- 'stun.nat' */ 100 0x09, /* len */ 101 0x73, 0x74, 0x75, 0x6e, 0x2e, 0x74, 0x75, 0x72, 0x6e 102 }; 103 104 const uint8_t tlsext_alpn_single_proto_val[] = { 105 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 106 0x08, /* len */ 107 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 108 }; 109 110 const uint8_t tlsext_alpn_single_proto_name[] = { 111 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 /* 'http/1.1' */ 112 }; 113 114 const uint8_t tlsext_alpn_single_proto[] = { 115 /* ProtocolName protocol_name_list<2..2^16-1> -- ALPN names */ 116 0x00, 0x09, /* len of all names */ 117 /* opaque ProtocolName<1..2^8-1> -- 'http/1.1' */ 118 0x08, /* len */ 119 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 120 }; 121 122 static int 123 test_tlsext_alpn_client(void) 124 { 125 SSL_CTX *ssl_ctx = NULL; 126 SSL *ssl = NULL; 127 uint8_t *data = NULL; 128 CBB cbb; 129 CBS cbs; 130 int failure, alert; 131 size_t dlen; 132 133 CBB_init(&cbb, 0); 134 135 failure = 1; 136 137 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 138 errx(1, "failed to create SSL_CTX"); 139 if ((ssl = SSL_new(ssl_ctx)) == NULL) 140 errx(1, "failed to create SSL"); 141 142 /* By default, we don't need this */ 143 if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 144 FAIL("client should not need ALPN by default\n"); 145 goto err; 146 } 147 148 /* 149 * Prereqs: 150 * 1) Set s->internal->alpn_client_proto_list 151 * - Using SSL_set_alpn_protos() 152 * 2) We have not finished or renegotiated. 153 * - S3I(s)->tmp.finish_md_len == 0 154 */ 155 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, 156 sizeof(tlsext_alpn_single_proto_val)) != 0) { 157 FAIL("should be able to set ALPN to http/1.1\n"); 158 goto err; 159 } 160 if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 161 FAIL("client should need ALPN by now\n"); 162 goto err; 163 } 164 165 /* Make sure we can build the client with a single proto. */ 166 167 if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 168 FAIL("client failed to build ALPN\n"); 169 goto err; 170 } 171 if (!CBB_finish(&cbb, &data, &dlen)) 172 errx(1, "failed to finish CBB"); 173 174 if (dlen != sizeof(tlsext_alpn_single_proto)) { 175 FAIL("got client ALPN with length %zu, " 176 "want length %zu\n", dlen, 177 sizeof(tlsext_alpn_single_proto)); 178 compare_data(data, dlen, tlsext_alpn_single_proto, 179 sizeof(tlsext_alpn_single_proto)); 180 goto err; 181 } 182 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { 183 FAIL("client ALPN differs:\n"); 184 compare_data(data, dlen, tlsext_alpn_single_proto, 185 sizeof(tlsext_alpn_single_proto)); 186 goto err; 187 } 188 189 CBB_cleanup(&cbb); 190 CBB_init(&cbb, 0); 191 free(data); 192 data = NULL; 193 194 /* Make sure we can parse the single proto. */ 195 196 CBS_init(&cbs, tlsext_alpn_single_proto, 197 sizeof(tlsext_alpn_single_proto)); 198 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 199 FAIL("failed to parse ALPN\n"); 200 goto err; 201 } 202 if (CBS_len(&cbs) != 0) { 203 FAIL("extension data remaining\n"); 204 goto err; 205 } 206 207 if (ssl->internal->alpn_client_proto_list_len != 208 sizeof(tlsext_alpn_single_proto_val)) { 209 FAIL("got client ALPN with length %zu, " 210 "want length %zu\n", dlen, 211 sizeof(tlsext_alpn_single_proto_val)); 212 compare_data(ssl->internal->alpn_client_proto_list, 213 ssl->internal->alpn_client_proto_list_len, 214 tlsext_alpn_single_proto_val, 215 sizeof(tlsext_alpn_single_proto_val)); 216 goto err; 217 } 218 if (memcmp(ssl->internal->alpn_client_proto_list, 219 tlsext_alpn_single_proto_val, 220 sizeof(tlsext_alpn_single_proto_val)) != 0) { 221 FAIL("client ALPN differs:\n"); 222 compare_data(data, dlen, tlsext_alpn_single_proto_val, 223 sizeof(tlsext_alpn_single_proto_val)); 224 goto err; 225 } 226 227 /* Make sure we can build the clienthello with multiple entries. */ 228 229 if (SSL_set_alpn_protos(ssl, tlsext_alpn_multiple_protos_val, 230 sizeof(tlsext_alpn_multiple_protos_val)) != 0) { 231 FAIL("should be able to set ALPN to http/1.1\n"); 232 goto err; 233 } 234 if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 235 FAIL("client should need ALPN by now\n"); 236 goto err; 237 } 238 239 if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 240 FAIL("client failed to build ALPN\n"); 241 goto err; 242 } 243 if (!CBB_finish(&cbb, &data, &dlen)) 244 errx(1, "failed to finish CBB"); 245 246 if (dlen != sizeof(tlsext_alpn_multiple_protos)) { 247 FAIL("got client ALPN with length %zu, " 248 "want length %zu\n", dlen, 249 sizeof(tlsext_alpn_multiple_protos)); 250 compare_data(data, dlen, tlsext_alpn_multiple_protos, 251 sizeof(tlsext_alpn_multiple_protos)); 252 goto err; 253 } 254 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) { 255 FAIL("client ALPN differs:\n"); 256 compare_data(data, dlen, tlsext_alpn_multiple_protos, 257 sizeof(tlsext_alpn_multiple_protos)); 258 goto err; 259 } 260 261 /* Make sure we can parse multiple protos */ 262 263 CBS_init(&cbs, tlsext_alpn_multiple_protos, 264 sizeof(tlsext_alpn_multiple_protos)); 265 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 266 FAIL("failed to parse ALPN\n"); 267 goto err; 268 } 269 if (CBS_len(&cbs) != 0) { 270 FAIL("extension data remaining\n"); 271 goto err; 272 } 273 274 if (ssl->internal->alpn_client_proto_list_len != 275 sizeof(tlsext_alpn_multiple_protos_val)) { 276 FAIL("got client ALPN with length %zu, " 277 "want length %zu\n", dlen, 278 sizeof(tlsext_alpn_multiple_protos_val)); 279 compare_data(ssl->internal->alpn_client_proto_list, 280 ssl->internal->alpn_client_proto_list_len, 281 tlsext_alpn_multiple_protos_val, 282 sizeof(tlsext_alpn_multiple_protos_val)); 283 goto err; 284 } 285 if (memcmp(ssl->internal->alpn_client_proto_list, 286 tlsext_alpn_multiple_protos_val, 287 sizeof(tlsext_alpn_multiple_protos_val)) != 0) { 288 FAIL("client ALPN differs:\n"); 289 compare_data(data, dlen, tlsext_alpn_multiple_protos_val, 290 sizeof(tlsext_alpn_multiple_protos_val)); 291 goto err; 292 } 293 294 /* Make sure we can remove the list and avoid ALPN */ 295 296 free(ssl->internal->alpn_client_proto_list); 297 ssl->internal->alpn_client_proto_list = NULL; 298 ssl->internal->alpn_client_proto_list_len = 0; 299 300 if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 301 FAIL("client should need ALPN by default\n"); 302 goto err; 303 } 304 305 failure = 0; 306 307 err: 308 CBB_cleanup(&cbb); 309 SSL_CTX_free(ssl_ctx); 310 SSL_free(ssl); 311 free(data); 312 313 return (failure); 314 } 315 316 static int 317 test_tlsext_alpn_server(void) 318 { 319 SSL_CTX *ssl_ctx = NULL; 320 SSL *ssl = NULL; 321 uint8_t *data = NULL; 322 CBB cbb; 323 CBS cbs; 324 int failure, alert; 325 size_t dlen; 326 327 CBB_init(&cbb, 0); 328 329 failure = 1; 330 331 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 332 errx(1, "failed to create SSL_CTX"); 333 if ((ssl = SSL_new(ssl_ctx)) == NULL) 334 errx(1, "failed to create SSL"); 335 336 /* By default, ALPN isn't needed. */ 337 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 338 FAIL("server should not need ALPN by default\n"); 339 goto err; 340 } 341 342 /* 343 * The server has a single ALPN selection which is set by 344 * SSL_CTX_set_alpn_select_cb() and calls SSL_select_next_proto(). 345 * 346 * This will be a plain name and separate length. 347 */ 348 if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { 349 errx(1, "failed to malloc"); 350 } 351 memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name, 352 sizeof(tlsext_alpn_single_proto_name)); 353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); 354 355 if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 356 FAIL("server should need ALPN after a protocol is selected\n"); 357 goto err; 358 } 359 360 /* Make sure we can build a server with one protocol */ 361 362 if (!tlsext_alpn_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 363 FAIL("server should be able to build a response\n"); 364 goto err; 365 } 366 if (!CBB_finish(&cbb, &data, &dlen)) 367 errx(1, "failed to finish CBB"); 368 369 if (dlen != sizeof(tlsext_alpn_single_proto)) { 370 FAIL("got client ALPN with length %zu, " 371 "want length %zu\n", dlen, 372 sizeof(tlsext_alpn_single_proto)); 373 compare_data(data, dlen, tlsext_alpn_single_proto, 374 sizeof(tlsext_alpn_single_proto)); 375 goto err; 376 } 377 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { 378 FAIL("client ALPN differs:\n"); 379 compare_data(data, dlen, tlsext_alpn_single_proto, 380 sizeof(tlsext_alpn_single_proto)); 381 goto err; 382 } 383 384 CBB_cleanup(&cbb); 385 CBB_init(&cbb, 0); 386 free(data); 387 data = NULL; 388 389 /* Make sure we can parse the single proto. */ 390 391 CBS_init(&cbs, tlsext_alpn_single_proto, 392 sizeof(tlsext_alpn_single_proto)); 393 394 /* Shouldn't be able to parse without requesting */ 395 if (tlsext_alpn_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 396 FAIL("Should only parse server if we requested it\n"); 397 goto err; 398 } 399 400 /* Should be able to parse once requested. */ 401 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, 402 sizeof(tlsext_alpn_single_proto_val)) != 0) { 403 FAIL("should be able to set ALPN to http/1.1\n"); 404 goto err; 405 } 406 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 407 FAIL("Should be able to parse server when we request it\n"); 408 goto err; 409 } 410 if (CBS_len(&cbs) != 0) { 411 FAIL("extension data remaining\n"); 412 goto err; 413 } 414 415 if (S3I(ssl)->alpn_selected_len != 416 sizeof(tlsext_alpn_single_proto_name)) { 417 FAIL("got server ALPN with length %zu, " 418 "want length %zu\n", dlen, 419 sizeof(tlsext_alpn_single_proto_name)); 420 compare_data(S3I(ssl)->alpn_selected, 421 S3I(ssl)->alpn_selected_len, 422 tlsext_alpn_single_proto_name, 423 sizeof(tlsext_alpn_single_proto_name)); 424 goto err; 425 } 426 if (memcmp(S3I(ssl)->alpn_selected, 427 tlsext_alpn_single_proto_name, 428 sizeof(tlsext_alpn_single_proto_name)) != 0) { 429 FAIL("server ALPN differs:\n"); 430 compare_data(S3I(ssl)->alpn_selected, 431 S3I(ssl)->alpn_selected_len, 432 tlsext_alpn_single_proto_name, 433 sizeof(tlsext_alpn_single_proto_name)); 434 goto err; 435 } 436 437 /* 438 * We should NOT be able to build a server with multiple 439 * protocol names. However, the existing code did not check for this 440 * case because it is passed in as an encoded value. 441 */ 442 443 /* Make sure we can remove the list and avoid ALPN */ 444 445 free(S3I(ssl)->alpn_selected); 446 S3I(ssl)->alpn_selected = NULL; 447 S3I(ssl)->alpn_selected_len = 0; 448 449 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 450 FAIL("server should need ALPN by default\n"); 451 goto err; 452 } 453 454 failure = 0; 455 456 err: 457 CBB_cleanup(&cbb); 458 SSL_CTX_free(ssl_ctx); 459 SSL_free(ssl); 460 free(data); 461 462 return (failure); 463 464 } 465 466 /* 467 * Supported Elliptic Curves - RFC 4492 section 5.1.1. 468 * 469 * This extension is only used by the client. 470 */ 471 472 static uint8_t tlsext_supportedgroups_client_default[] = { 473 0x00, 0x08, 474 0x00, 0x1d, /* X25519 (29) */ 475 0x00, 0x17, /* secp256r1 (23) */ 476 0x00, 0x18, /* secp384r1 (24) */ 477 0x00, 0x19, /* secp521r1 (25) */ 478 }; 479 480 static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = { 481 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */ 482 }; 483 static uint8_t tlsext_supportedgroups_client_secp384r1[] = { 484 0x00, 0x02, 485 0x00, 0x18 /* secp384r1 (24) */ 486 }; 487 488 /* Example from RFC 4492 section 5.1.1 */ 489 static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = { 490 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */ 491 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */ 492 }; 493 static uint8_t tlsext_supportedgroups_client_nistp192and224[] = { 494 0x00, 0x04, 495 0x00, 0x13, /* secp192r1 aka NIST P-192 */ 496 0x00, 0x15 /* secp224r1 aka NIST P-224 */ 497 }; 498 499 static int 500 test_tlsext_supportedgroups_client(void) 501 { 502 unsigned char *data = NULL; 503 SSL_CTX *ssl_ctx = NULL; 504 SSL *ssl = NULL; 505 size_t dlen; 506 int failure, alert; 507 CBB cbb; 508 CBS cbs; 509 510 failure = 1; 511 512 if (!CBB_init(&cbb, 0)) 513 errx(1, "failed to create CBB"); 514 515 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 516 errx(1, "failed to create SSL_CTX"); 517 if ((ssl = SSL_new(ssl_ctx)) == NULL) 518 errx(1, "failed to create SSL"); 519 520 /* 521 * Default ciphers include EC so we need it by default. 522 */ 523 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 524 FAIL("client should need Ellipticcurves for default " 525 "ciphers\n"); 526 goto err; 527 } 528 529 /* 530 * Exclude cipher suites so we can test not including it. 531 */ 532 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 533 FAIL("client should be able to set cipher list\n"); 534 goto err; 535 } 536 if (tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 537 FAIL("client should not need Ellipticcurves\n"); 538 goto err; 539 } 540 541 /* 542 * Use libtls default for the rest of the testing 543 */ 544 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 545 FAIL("client should be able to set cipher list\n"); 546 goto err; 547 } 548 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 549 FAIL("client should need Ellipticcurves\n"); 550 goto err; 551 } 552 553 /* 554 * Test with a session secp384r1. The default is used instead. 555 */ 556 if ((ssl->session = SSL_SESSION_new()) == NULL) 557 errx(1, "failed to create session"); 558 559 if ((SSI(ssl)->tlsext_supportedgroups = malloc(sizeof(uint16_t))) 560 == NULL) { 561 FAIL("client could not malloc\n"); 562 goto err; 563 } 564 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1); 565 SSI(ssl)->tlsext_supportedgroups_length = 1; 566 567 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 568 FAIL("client should need Ellipticcurves\n"); 569 goto err; 570 } 571 572 if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 573 FAIL("client failed to build Ellipticcurves\n"); 574 goto err; 575 } 576 577 if (!CBB_finish(&cbb, &data, &dlen)) 578 errx(1, "failed to finish CBB"); 579 580 if (dlen != sizeof(tlsext_supportedgroups_client_default)) { 581 FAIL("got client Ellipticcurves with length %zu, " 582 "want length %zu\n", dlen, 583 sizeof(tlsext_supportedgroups_client_default)); 584 compare_data(data, dlen, tlsext_supportedgroups_client_default, 585 sizeof(tlsext_supportedgroups_client_default)); 586 goto err; 587 } 588 589 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) { 590 FAIL("client Ellipticcurves differs:\n"); 591 compare_data(data, dlen, tlsext_supportedgroups_client_default, 592 sizeof(tlsext_supportedgroups_client_default)); 593 goto err; 594 } 595 596 /* 597 * Test parsing secp384r1 598 */ 599 CBB_cleanup(&cbb); 600 CBB_init(&cbb, 0); 601 free(data); 602 data = NULL; 603 604 SSL_SESSION_free(ssl->session); 605 if ((ssl->session = SSL_SESSION_new()) == NULL) 606 errx(1, "failed to create session"); 607 608 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, 609 sizeof(tlsext_supportedgroups_client_secp384r1)); 610 if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 611 FAIL("failed to parse client Ellipticcurves\n"); 612 goto err; 613 } 614 if (CBS_len(&cbs) != 0) { 615 FAIL("extension data remaining\n"); 616 goto err; 617 } 618 619 if (SSI(ssl)->tlsext_supportedgroups_length != 620 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) { 621 FAIL("no tlsext_ellipticcurves from client " 622 "Ellipticcurves\n"); 623 goto err; 624 } 625 626 if (memcmp(SSI(ssl)->tlsext_supportedgroups, 627 tlsext_supportedgroups_client_secp384r1_val, 628 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) { 629 FAIL("client had an incorrect Ellipticcurves " 630 "entry\n"); 631 compare_data2(SSI(ssl)->tlsext_supportedgroups, 632 SSI(ssl)->tlsext_supportedgroups_length * 2, 633 tlsext_supportedgroups_client_secp384r1_val, 634 sizeof(tlsext_supportedgroups_client_secp384r1_val)); 635 goto err; 636 } 637 638 /* 639 * Use a custom order. 640 */ 641 CBB_cleanup(&cbb); 642 CBB_init(&cbb, 0); 643 644 SSL_SESSION_free(ssl->session); 645 if ((ssl->session = SSL_SESSION_new()) == NULL) 646 errx(1, "failed to create session"); 647 648 if ((ssl->internal->tlsext_supportedgroups = malloc(sizeof(uint16_t) * 2)) == NULL) { 649 FAIL("client could not malloc\n"); 650 goto err; 651 } 652 ssl->internal->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_X9_62_prime192v1); 653 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1); 654 ssl->internal->tlsext_supportedgroups_length = 2; 655 656 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 657 FAIL("client should need Ellipticcurves\n"); 658 goto err; 659 } 660 661 if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 662 FAIL("client failed to build Ellipticcurves\n"); 663 goto err; 664 } 665 666 if (!CBB_finish(&cbb, &data, &dlen)) 667 errx(1, "failed to finish CBB"); 668 669 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) { 670 FAIL("got client Ellipticcurves with length %zu, " 671 "want length %zu\n", dlen, 672 sizeof(tlsext_supportedgroups_client_nistp192and224)); 673 fprintf(stderr, "received:\n"); 674 hexdump(data, dlen); 675 fprintf(stderr, "test data:\n"); 676 hexdump(tlsext_supportedgroups_client_nistp192and224, 677 sizeof(tlsext_supportedgroups_client_nistp192and224)); 678 goto err; 679 } 680 681 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) { 682 FAIL("client Ellipticcurves differs:\n"); 683 fprintf(stderr, "received:\n"); 684 hexdump(data, dlen); 685 fprintf(stderr, "test data:\n"); 686 hexdump(tlsext_supportedgroups_client_nistp192and224, 687 sizeof(tlsext_supportedgroups_client_nistp192and224)); 688 goto err; 689 } 690 691 /* 692 * Parse non-default curves to session. 693 */ 694 CBB_cleanup(&cbb); 695 CBB_init(&cbb, 0); 696 free(data); 697 data = NULL; 698 699 SSL_SESSION_free(ssl->session); 700 if ((ssl->session = SSL_SESSION_new()) == NULL) 701 errx(1, "failed to create session"); 702 703 /* Reset back to the default list. */ 704 free(ssl->internal->tlsext_supportedgroups); 705 ssl->internal->tlsext_supportedgroups = NULL; 706 ssl->internal->tlsext_supportedgroups_length = 0; 707 708 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, 709 sizeof(tlsext_supportedgroups_client_nistp192and224)); 710 if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 711 FAIL("failed to parse client Ellipticcurves\n"); 712 goto err; 713 } 714 if (CBS_len(&cbs) != 0) { 715 FAIL("extension data remaining\n"); 716 goto err; 717 } 718 719 if (SSI(ssl)->tlsext_supportedgroups_length != 720 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) { 721 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n"); 722 goto err; 723 } 724 725 if (memcmp(SSI(ssl)->tlsext_supportedgroups, 726 tlsext_supportedgroups_client_nistp192and224_val, 727 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) { 728 FAIL("client had an incorrect Ellipticcurves entry\n"); 729 compare_data2(SSI(ssl)->tlsext_supportedgroups, 730 SSI(ssl)->tlsext_supportedgroups_length * 2, 731 tlsext_supportedgroups_client_nistp192and224_val, 732 sizeof(tlsext_supportedgroups_client_nistp192and224_val)); 733 goto err; 734 } 735 736 failure = 0; 737 738 err: 739 CBB_cleanup(&cbb); 740 SSL_CTX_free(ssl_ctx); 741 SSL_free(ssl); 742 free(data); 743 744 return (failure); 745 } 746 747 748 /* elliptic_curves is only used by the client so this doesn't test much. */ 749 static int 750 test_tlsext_supportedgroups_server(void) 751 { 752 SSL_CTX *ssl_ctx = NULL; 753 SSL *ssl = NULL; 754 int failure; 755 756 failure = 1; 757 758 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 759 errx(1, "failed to create SSL_CTX"); 760 if ((ssl = SSL_new(ssl_ctx)) == NULL) 761 errx(1, "failed to create SSL"); 762 763 if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 764 FAIL("server should not need elliptic_curves\n"); 765 goto err; 766 } 767 768 if ((ssl->session = SSL_SESSION_new()) == NULL) 769 errx(1, "failed to create session"); 770 771 if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 772 FAIL("server should not need elliptic_curves\n"); 773 goto err; 774 } 775 776 failure = 0; 777 778 err: 779 SSL_CTX_free(ssl_ctx); 780 SSL_free(ssl); 781 782 return (failure); 783 784 } 785 786 /* 787 * Supported Point Formats - RFC 4492 section 5.1.2. 788 * 789 * Examples are from the RFC. Both client and server have the same build and 790 * parse but the needs differ. 791 */ 792 793 static uint8_t tlsext_ecpf_hello_uncompressed_val[] = { 794 TLSEXT_ECPOINTFORMAT_uncompressed 795 }; 796 static uint8_t tlsext_ecpf_hello_uncompressed[] = { 797 0x01, 798 0x00 /* TLSEXT_ECPOINTFORMAT_uncompressed */ 799 }; 800 801 static uint8_t tlsext_ecpf_hello_prime[] = { 802 0x01, 803 0x01 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */ 804 }; 805 806 static uint8_t tlsext_ecpf_hello_prefer_order_val[] = { 807 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime, 808 TLSEXT_ECPOINTFORMAT_uncompressed, 809 TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 810 }; 811 static uint8_t tlsext_ecpf_hello_prefer_order[] = { 812 0x03, 813 0x01, /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime */ 814 0x00, /* TLSEXT_ECPOINTFORMAT_uncompressed */ 815 0x02 /* TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 */ 816 }; 817 818 static int 819 test_tlsext_ecpf_client(void) 820 { 821 uint8_t *data = NULL; 822 SSL_CTX *ssl_ctx = NULL; 823 SSL *ssl = NULL; 824 size_t dlen; 825 int failure, alert; 826 CBB cbb; 827 CBS cbs; 828 829 failure = 1; 830 831 CBB_init(&cbb, 0); 832 833 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 834 errx(1, "failed to create SSL_CTX"); 835 if ((ssl = SSL_new(ssl_ctx)) == NULL) 836 errx(1, "failed to create SSL"); 837 838 /* 839 * Default ciphers include EC so we need it by default. 840 */ 841 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 842 FAIL("client should need ECPointFormats for default " 843 "ciphers\n"); 844 goto err; 845 } 846 847 /* 848 * Exclude EC cipher suites so we can test not including it. 849 */ 850 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) { 851 FAIL("client should be able to set cipher list\n"); 852 goto err; 853 } 854 if (tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 855 FAIL("client should not need ECPointFormats\n"); 856 goto err; 857 } 858 859 /* 860 * Use libtls default for the rest of the testing 861 */ 862 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 863 FAIL("client should be able to set cipher list\n"); 864 goto err; 865 } 866 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 867 FAIL("client should need ECPointFormats\n"); 868 goto err; 869 } 870 871 /* 872 * The default ECPointFormats should only have uncompressed 873 */ 874 if ((ssl->session = SSL_SESSION_new()) == NULL) 875 errx(1, "failed to create session"); 876 877 if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 878 FAIL("client failed to build ECPointFormats\n"); 879 goto err; 880 } 881 882 if (!CBB_finish(&cbb, &data, &dlen)) 883 errx(1, "failed to finish CBB"); 884 885 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { 886 FAIL("got client ECPointFormats with length %zu, " 887 "want length %zu\n", dlen, 888 sizeof(tlsext_ecpf_hello_uncompressed)); 889 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 890 sizeof(tlsext_ecpf_hello_uncompressed)); 891 goto err; 892 } 893 894 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { 895 FAIL("client ECPointFormats differs:\n"); 896 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 897 sizeof(tlsext_ecpf_hello_uncompressed)); 898 goto err; 899 } 900 901 /* 902 * Make sure we can parse the default. 903 */ 904 CBB_cleanup(&cbb); 905 CBB_init(&cbb, 0); 906 free(data); 907 data = NULL; 908 909 SSL_SESSION_free(ssl->session); 910 if ((ssl->session = SSL_SESSION_new()) == NULL) 911 errx(1, "failed to create session"); 912 913 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, 914 sizeof(tlsext_ecpf_hello_uncompressed)); 915 if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 916 FAIL("failed to parse client ECPointFormats\n"); 917 goto err; 918 } 919 if (CBS_len(&cbs) != 0) { 920 FAIL("extension data remaining\n"); 921 goto err; 922 } 923 924 if (SSI(ssl)->tlsext_ecpointformatlist_length != 925 sizeof(tlsext_ecpf_hello_uncompressed_val)) { 926 FAIL("no tlsext_ecpointformats from client " 927 "ECPointFormats\n"); 928 goto err; 929 } 930 931 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, 932 tlsext_ecpf_hello_uncompressed_val, 933 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) { 934 FAIL("client had an incorrect ECPointFormats entry\n"); 935 goto err; 936 } 937 938 /* 939 * Test with a custom order. 940 */ 941 CBB_cleanup(&cbb); 942 CBB_init(&cbb, 0); 943 free(data); 944 data = NULL; 945 946 SSL_SESSION_free(ssl->session); 947 if ((ssl->session = SSL_SESSION_new()) == NULL) 948 errx(1, "failed to create session"); 949 950 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) { 951 FAIL("client could not malloc\n"); 952 goto err; 953 } 954 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 955 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed; 956 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 957 ssl->internal->tlsext_ecpointformatlist_length = 3; 958 959 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 960 FAIL("client should need ECPointFormats with a custom " 961 "format\n"); 962 goto err; 963 } 964 965 if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 966 FAIL("client failed to build ECPointFormats\n"); 967 goto err; 968 } 969 970 if (!CBB_finish(&cbb, &data, &dlen)) 971 errx(1, "failed to finish CBB"); 972 973 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { 974 FAIL("got client ECPointFormats with length %zu, " 975 "want length %zu\n", dlen, 976 sizeof(tlsext_ecpf_hello_prefer_order)); 977 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 978 sizeof(tlsext_ecpf_hello_prefer_order)); 979 goto err; 980 } 981 982 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { 983 FAIL("client ECPointFormats differs:\n"); 984 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 985 sizeof(tlsext_ecpf_hello_prefer_order)); 986 goto err; 987 } 988 989 /* 990 * Make sure that we can parse this custom order. 991 */ 992 CBB_cleanup(&cbb); 993 CBB_init(&cbb, 0); 994 free(data); 995 data = NULL; 996 997 SSL_SESSION_free(ssl->session); 998 if ((ssl->session = SSL_SESSION_new()) == NULL) 999 errx(1, "failed to create session"); 1000 1001 /* Reset the custom list so we go back to the default uncompressed. */ 1002 free(ssl->internal->tlsext_ecpointformatlist); 1003 ssl->internal->tlsext_ecpointformatlist = NULL; 1004 ssl->internal->tlsext_ecpointformatlist_length = 0; 1005 1006 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1007 sizeof(tlsext_ecpf_hello_prefer_order)); 1008 if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1009 FAIL("failed to parse client ECPointFormats\n"); 1010 goto err; 1011 } 1012 if (CBS_len(&cbs) != 0) { 1013 FAIL("extension data remaining\n"); 1014 goto err; 1015 } 1016 1017 if (SSI(ssl)->tlsext_ecpointformatlist_length != 1018 sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1019 FAIL("no tlsext_ecpointformats from client " 1020 "ECPointFormats\n"); 1021 goto err; 1022 } 1023 1024 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, 1025 tlsext_ecpf_hello_prefer_order_val, 1026 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { 1027 FAIL("client had an incorrect ECPointFormats entry\n"); 1028 goto err; 1029 } 1030 1031 1032 failure = 0; 1033 1034 err: 1035 CBB_cleanup(&cbb); 1036 SSL_CTX_free(ssl_ctx); 1037 SSL_free(ssl); 1038 free(data); 1039 1040 return (failure); 1041 } 1042 1043 static int 1044 test_tlsext_ecpf_server(void) 1045 { 1046 uint8_t *data = NULL; 1047 SSL_CTX *ssl_ctx = NULL; 1048 SSL *ssl = NULL; 1049 size_t dlen; 1050 int failure, alert; 1051 CBB cbb; 1052 CBS cbs; 1053 1054 failure = 1; 1055 1056 CBB_init(&cbb, 0); 1057 1058 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1059 errx(1, "failed to create SSL_CTX"); 1060 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1061 errx(1, "failed to create SSL"); 1062 1063 if ((ssl->session = SSL_SESSION_new()) == NULL) 1064 errx(1, "failed to create session"); 1065 1066 /* Setup the state so we can call needs. */ 1067 if ((S3I(ssl)->hs.new_cipher = 1068 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305)) 1069 == NULL) { 1070 FAIL("server cannot find cipher\n"); 1071 goto err; 1072 } 1073 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) 1074 == NULL) { 1075 FAIL("server could not malloc\n"); 1076 goto err; 1077 } 1078 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1079 SSI(ssl)->tlsext_ecpointformatlist_length = 1; 1080 1081 if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1082 FAIL("server should need ECPointFormats now\n"); 1083 goto err; 1084 } 1085 1086 /* 1087 * The server will ignore the session list and use either a custom 1088 * list or the default (uncompressed). 1089 */ 1090 if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1091 FAIL("server failed to build ECPointFormats\n"); 1092 goto err; 1093 } 1094 1095 if (!CBB_finish(&cbb, &data, &dlen)) 1096 errx(1, "failed to finish CBB"); 1097 1098 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { 1099 FAIL("got server ECPointFormats with length %zu, " 1100 "want length %zu\n", dlen, 1101 sizeof(tlsext_ecpf_hello_uncompressed)); 1102 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 1103 sizeof(tlsext_ecpf_hello_uncompressed)); 1104 goto err; 1105 } 1106 1107 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { 1108 FAIL("server ECPointFormats differs:\n"); 1109 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 1110 sizeof(tlsext_ecpf_hello_uncompressed)); 1111 goto err; 1112 } 1113 1114 /* 1115 * Cannot parse a non-default list without at least uncompressed. 1116 */ 1117 CBB_cleanup(&cbb); 1118 CBB_init(&cbb, 0); 1119 free(data); 1120 data = NULL; 1121 1122 SSL_SESSION_free(ssl->session); 1123 if ((ssl->session = SSL_SESSION_new()) == NULL) 1124 errx(1, "failed to create session"); 1125 1126 CBS_init(&cbs, tlsext_ecpf_hello_prime, 1127 sizeof(tlsext_ecpf_hello_prime)); 1128 if (tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1129 FAIL("must include uncompressed in server ECPointFormats\n"); 1130 goto err; 1131 } 1132 if (CBS_len(&cbs) != 0) { 1133 FAIL("extension data remaining\n"); 1134 goto err; 1135 } 1136 1137 /* 1138 * Test with a custom order that replaces the default uncompressed. 1139 */ 1140 CBB_cleanup(&cbb); 1141 CBB_init(&cbb, 0); 1142 free(data); 1143 data = NULL; 1144 1145 SSL_SESSION_free(ssl->session); 1146 if ((ssl->session = SSL_SESSION_new()) == NULL) 1147 errx(1, "failed to create session"); 1148 1149 /* Add a session list even though it will be ignored. */ 1150 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) 1151 == NULL) { 1152 FAIL("server could not malloc\n"); 1153 goto err; 1154 } 1155 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1156 SSI(ssl)->tlsext_ecpointformatlist_length = 1; 1157 1158 /* Replace the default list with a custom one. */ 1159 if ((ssl->internal->tlsext_ecpointformatlist = malloc(sizeof(uint8_t) * 3)) == NULL) { 1160 FAIL("server could not malloc\n"); 1161 goto err; 1162 } 1163 ssl->internal->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1164 ssl->internal->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_uncompressed; 1165 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1166 ssl->internal->tlsext_ecpointformatlist_length = 3; 1167 1168 if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1169 FAIL("server should need ECPointFormats\n"); 1170 goto err; 1171 } 1172 1173 if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1174 FAIL("server failed to build ECPointFormats\n"); 1175 goto err; 1176 } 1177 1178 if (!CBB_finish(&cbb, &data, &dlen)) 1179 errx(1, "failed to finish CBB"); 1180 1181 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { 1182 FAIL("got server ECPointFormats with length %zu, " 1183 "want length %zu\n", dlen, 1184 sizeof(tlsext_ecpf_hello_prefer_order)); 1185 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1186 sizeof(tlsext_ecpf_hello_prefer_order)); 1187 goto err; 1188 } 1189 1190 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { 1191 FAIL("server ECPointFormats differs:\n"); 1192 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1193 sizeof(tlsext_ecpf_hello_prefer_order)); 1194 goto err; 1195 } 1196 1197 /* 1198 * Should be able to parse the custom list into a session list. 1199 */ 1200 CBB_cleanup(&cbb); 1201 CBB_init(&cbb, 0); 1202 free(data); 1203 data = NULL; 1204 1205 SSL_SESSION_free(ssl->session); 1206 if ((ssl->session = SSL_SESSION_new()) == NULL) 1207 errx(1, "failed to create session"); 1208 1209 /* Reset back to the default (uncompressed) */ 1210 free(ssl->internal->tlsext_ecpointformatlist); 1211 ssl->internal->tlsext_ecpointformatlist = NULL; 1212 ssl->internal->tlsext_ecpointformatlist_length = 0; 1213 1214 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1215 sizeof(tlsext_ecpf_hello_prefer_order)); 1216 if (!tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1217 FAIL("failed to parse server ECPointFormats\n"); 1218 goto err; 1219 } 1220 if (CBS_len(&cbs) != 0) { 1221 FAIL("extension data remaining\n"); 1222 goto err; 1223 } 1224 1225 if (SSI(ssl)->tlsext_ecpointformatlist_length != 1226 sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1227 FAIL("no tlsext_ecpointformats from server " 1228 "ECPointFormats\n"); 1229 goto err; 1230 } 1231 1232 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, 1233 tlsext_ecpf_hello_prefer_order_val, 1234 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { 1235 FAIL("server had an incorrect ECPointFormats entry\n"); 1236 goto err; 1237 } 1238 1239 failure = 0; 1240 1241 err: 1242 CBB_cleanup(&cbb); 1243 SSL_CTX_free(ssl_ctx); 1244 SSL_free(ssl); 1245 free(data); 1246 1247 return (failure); 1248 } 1249 1250 /* 1251 * Renegotiation Indication - RFC 5746. 1252 */ 1253 1254 static unsigned char tlsext_ri_prev_client[] = { 1255 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1256 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1257 }; 1258 1259 static unsigned char tlsext_ri_prev_server[] = { 1260 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 1261 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 1262 }; 1263 1264 static unsigned char tlsext_ri_client[] = { 1265 0x10, 1266 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1267 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1268 }; 1269 1270 static unsigned char tlsext_ri_server[] = { 1271 0x20, 1272 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1273 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1274 0xff, 0xee, 0xdd, 0xcc, 0xbb, 0xaa, 0x99, 0x88, 1275 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 1276 }; 1277 1278 static int 1279 test_tlsext_ri_client(void) 1280 { 1281 unsigned char *data = NULL; 1282 SSL_CTX *ssl_ctx = NULL; 1283 SSL *ssl = NULL; 1284 int failure; 1285 size_t dlen; 1286 int alert; 1287 CBB cbb; 1288 CBS cbs; 1289 1290 failure = 1; 1291 1292 CBB_init(&cbb, 0); 1293 1294 if ((ssl_ctx = SSL_CTX_new(TLSv1_2_client_method())) == NULL) 1295 errx(1, "failed to create SSL_CTX"); 1296 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1297 errx(1, "failed to create SSL"); 1298 1299 if (tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1300 FAIL("client should not need RI\n"); 1301 goto err; 1302 } 1303 1304 if (!SSL_renegotiate(ssl)) { 1305 FAIL("client failed to set renegotiate\n"); 1306 goto err; 1307 } 1308 1309 if (!tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1310 FAIL("client should need RI\n"); 1311 goto err; 1312 } 1313 1314 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, 1315 sizeof(tlsext_ri_prev_client)); 1316 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 1317 1318 S3I(ssl)->renegotiate_seen = 0; 1319 1320 if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1321 FAIL("client failed to build RI\n"); 1322 goto err; 1323 } 1324 1325 if (!CBB_finish(&cbb, &data, &dlen)) 1326 errx(1, "failed to finish CBB"); 1327 1328 if (dlen != sizeof(tlsext_ri_client)) { 1329 FAIL("got client RI with length %zu, " 1330 "want length %zu\n", dlen, sizeof(tlsext_ri_client)); 1331 goto err; 1332 } 1333 1334 if (memcmp(data, tlsext_ri_client, dlen) != 0) { 1335 FAIL("client RI differs:\n"); 1336 fprintf(stderr, "received:\n"); 1337 hexdump(data, dlen); 1338 fprintf(stderr, "test data:\n"); 1339 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client)); 1340 goto err; 1341 } 1342 1343 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1344 if (!tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1345 FAIL("failed to parse client RI\n"); 1346 goto err; 1347 } 1348 if (CBS_len(&cbs) != 0) { 1349 FAIL("extension data remaining\n"); 1350 goto err; 1351 } 1352 1353 if (S3I(ssl)->renegotiate_seen != 1) { 1354 FAIL("renegotiate seen not set\n"); 1355 goto err; 1356 } 1357 if (S3I(ssl)->send_connection_binding != 1) { 1358 FAIL("send connection binding not set\n"); 1359 goto err; 1360 } 1361 1362 memset(S3I(ssl)->previous_client_finished, 0, 1363 sizeof(S3I(ssl)->previous_client_finished)); 1364 1365 S3I(ssl)->renegotiate_seen = 0; 1366 1367 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1368 if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1369 FAIL("parsed invalid client RI\n"); 1370 failure = 1; 1371 goto err; 1372 } 1373 1374 if (S3I(ssl)->renegotiate_seen == 1) { 1375 FAIL("renegotiate seen set\n"); 1376 goto err; 1377 } 1378 1379 failure = 0; 1380 1381 err: 1382 CBB_cleanup(&cbb); 1383 SSL_CTX_free(ssl_ctx); 1384 SSL_free(ssl); 1385 free(data); 1386 1387 return (failure); 1388 } 1389 1390 static int 1391 test_tlsext_ri_server(void) 1392 { 1393 unsigned char *data = NULL; 1394 SSL_CTX *ssl_ctx = NULL; 1395 SSL *ssl = NULL; 1396 int failure; 1397 size_t dlen; 1398 int alert; 1399 CBB cbb; 1400 CBS cbs; 1401 1402 failure = 1; 1403 1404 CBB_init(&cbb, 0); 1405 1406 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1407 errx(1, "failed to create SSL_CTX"); 1408 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1409 errx(1, "failed to create SSL"); 1410 1411 ssl->version = TLS1_2_VERSION; 1412 if (tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1413 FAIL("server should not need RI\n"); 1414 goto err; 1415 } 1416 1417 S3I(ssl)->send_connection_binding = 1; 1418 1419 if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1420 FAIL("server should need RI\n"); 1421 goto err; 1422 } 1423 1424 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, 1425 sizeof(tlsext_ri_prev_client)); 1426 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 1427 1428 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server, 1429 sizeof(tlsext_ri_prev_server)); 1430 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server); 1431 1432 S3I(ssl)->renegotiate_seen = 0; 1433 1434 if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1435 FAIL("server failed to build RI\n"); 1436 goto err; 1437 } 1438 1439 if (!CBB_finish(&cbb, &data, &dlen)) 1440 errx(1, "failed to finish CBB"); 1441 1442 if (dlen != sizeof(tlsext_ri_server)) { 1443 FAIL("got server RI with length %zu, " 1444 "want length %zu\n", dlen, sizeof(tlsext_ri_server)); 1445 goto err; 1446 } 1447 1448 if (memcmp(data, tlsext_ri_server, dlen) != 0) { 1449 FAIL("server RI differs:\n"); 1450 fprintf(stderr, "received:\n"); 1451 hexdump(data, dlen); 1452 fprintf(stderr, "test data:\n"); 1453 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server)); 1454 goto err; 1455 } 1456 1457 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1458 if (!tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1459 FAIL("failed to parse server RI\n"); 1460 goto err; 1461 } 1462 if (CBS_len(&cbs) != 0) { 1463 FAIL("extension data remaining\n"); 1464 goto err; 1465 } 1466 1467 if (S3I(ssl)->renegotiate_seen != 1) { 1468 FAIL("renegotiate seen not set\n"); 1469 goto err; 1470 } 1471 if (S3I(ssl)->send_connection_binding != 1) { 1472 FAIL("send connection binding not set\n"); 1473 goto err; 1474 } 1475 1476 memset(S3I(ssl)->previous_client_finished, 0, 1477 sizeof(S3I(ssl)->previous_client_finished)); 1478 memset(S3I(ssl)->previous_server_finished, 0, 1479 sizeof(S3I(ssl)->previous_server_finished)); 1480 1481 S3I(ssl)->renegotiate_seen = 0; 1482 1483 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1484 if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1485 FAIL("parsed invalid server RI\n"); 1486 goto err; 1487 } 1488 1489 if (S3I(ssl)->renegotiate_seen == 1) { 1490 FAIL("renegotiate seen set\n"); 1491 goto err; 1492 } 1493 1494 failure = 0; 1495 1496 err: 1497 CBB_cleanup(&cbb); 1498 SSL_CTX_free(ssl_ctx); 1499 SSL_free(ssl); 1500 free(data); 1501 1502 return (failure); 1503 } 1504 1505 /* 1506 * Signature Algorithms - RFC 5246 section 7.4.1.4.1. 1507 */ 1508 1509 static unsigned char tlsext_sigalgs_client[] = { 1510 0x00, 0x16, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 1511 0x08, 0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 1512 0x04, 0x01, 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 1513 }; 1514 1515 static int 1516 test_tlsext_sigalgs_client(void) 1517 { 1518 unsigned char *data = NULL; 1519 SSL_CTX *ssl_ctx = NULL; 1520 SSL *ssl = NULL; 1521 int failure = 0; 1522 size_t dlen; 1523 int alert; 1524 CBB cbb; 1525 CBS cbs; 1526 1527 CBB_init(&cbb, 0); 1528 1529 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 1530 errx(1, "failed to create SSL_CTX"); 1531 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1532 errx(1, "failed to create SSL"); 1533 1534 ssl->client_version = TLS1_1_VERSION; 1535 1536 if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1537 fprintf(stderr, "FAIL: client should not need sigalgs\n"); 1538 failure = 1; 1539 goto done; 1540 } 1541 1542 ssl->client_version = TLS1_2_VERSION; 1543 1544 if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1545 fprintf(stderr, "FAIL: client should need sigalgs\n"); 1546 failure = 1; 1547 goto done; 1548 } 1549 1550 if (!tlsext_sigalgs_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1551 fprintf(stderr, "FAIL: client failed to build sigalgs\n"); 1552 failure = 1; 1553 goto done; 1554 } 1555 1556 if (!CBB_finish(&cbb, &data, &dlen)) 1557 errx(1, "failed to finish CBB"); 1558 1559 if (dlen != sizeof(tlsext_sigalgs_client)) { 1560 fprintf(stderr, "FAIL: got client sigalgs with length %zu, " 1561 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); 1562 failure = 1; 1563 goto done; 1564 } 1565 1566 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) { 1567 fprintf(stderr, "FAIL: client SNI differs:\n"); 1568 fprintf(stderr, "received:\n"); 1569 hexdump(data, dlen); 1570 fprintf(stderr, "test data:\n"); 1571 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1572 failure = 1; 1573 goto done; 1574 } 1575 1576 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1577 if (!tlsext_sigalgs_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1578 fprintf(stderr, "FAIL: failed to parse client SNI\n"); 1579 failure = 1; 1580 goto done; 1581 } 1582 if (CBS_len(&cbs) != 0) { 1583 FAIL("extension data remaining\n"); 1584 goto done; 1585 } 1586 1587 done: 1588 CBB_cleanup(&cbb); 1589 SSL_CTX_free(ssl_ctx); 1590 SSL_free(ssl); 1591 free(data); 1592 1593 return (failure); 1594 } 1595 1596 #if 0 1597 static int 1598 test_tlsext_sigalgs_server(void) 1599 { 1600 unsigned char *data = NULL; 1601 SSL_CTX *ssl_ctx = NULL; 1602 SSL *ssl = NULL; 1603 int failure = 0; 1604 size_t dlen; 1605 int alert; 1606 CBB cbb; 1607 CBS cbs; 1608 1609 CBB_init(&cbb, 0); 1610 1611 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1612 errx(1, "failed to create SSL_CTX"); 1613 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1614 errx(1, "failed to create SSL"); 1615 1616 if (tlsext_sigalgs_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1617 fprintf(stderr, "FAIL: server should not need sigalgs\n"); 1618 failure = 1; 1619 goto done; 1620 } 1621 1622 if (tlsext_sigalgs_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1623 fprintf(stderr, "FAIL: server should not build sigalgs\n"); 1624 failure = 1; 1625 goto done; 1626 } 1627 1628 if (!CBB_finish(&cbb, &data, &dlen)) 1629 errx(1, "failed to finish CBB"); 1630 1631 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1632 if (tlsext_sigalgs_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1633 fprintf(stderr, "FAIL: server should not parse sigalgs\n"); 1634 failure = 1; 1635 goto done; 1636 } 1637 1638 done: 1639 CBB_cleanup(&cbb); 1640 SSL_CTX_free(ssl_ctx); 1641 SSL_free(ssl); 1642 free(data); 1643 1644 return (failure); 1645 } 1646 #endif 1647 1648 /* 1649 * Server Name Indication - RFC 6066 section 3. 1650 */ 1651 1652 #define TEST_SNI_SERVERNAME "www.libressl.org" 1653 1654 static unsigned char tlsext_sni_client[] = { 1655 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77, 1656 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73, 1657 0x6c, 0x2e, 0x6f, 0x72, 0x67, 1658 }; 1659 1660 static unsigned char tlsext_sni_server[] = { 1661 }; 1662 1663 static int 1664 test_tlsext_sni_client(void) 1665 { 1666 unsigned char *data = NULL; 1667 SSL_CTX *ssl_ctx = NULL; 1668 SSL *ssl = NULL; 1669 int failure; 1670 size_t dlen; 1671 int alert; 1672 CBB cbb; 1673 CBS cbs; 1674 1675 failure = 1; 1676 1677 CBB_init(&cbb, 0); 1678 1679 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 1680 errx(1, "failed to create SSL_CTX"); 1681 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1682 errx(1, "failed to create SSL"); 1683 1684 if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1685 FAIL("client should not need SNI\n"); 1686 goto err; 1687 } 1688 1689 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) { 1690 FAIL("client failed to set server name\n"); 1691 goto err; 1692 } 1693 1694 if (!tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1695 FAIL("client should need SNI\n"); 1696 goto err; 1697 } 1698 1699 if (!tlsext_sni_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1700 FAIL("client failed to build SNI\n"); 1701 goto err; 1702 } 1703 1704 if (!CBB_finish(&cbb, &data, &dlen)) 1705 errx(1, "failed to finish CBB"); 1706 1707 if (dlen != sizeof(tlsext_sni_client)) { 1708 FAIL("got client SNI with length %zu, " 1709 "want length %zu\n", dlen, sizeof(tlsext_sni_client)); 1710 goto err; 1711 } 1712 1713 if (memcmp(data, tlsext_sni_client, dlen) != 0) { 1714 FAIL("client SNI differs:\n"); 1715 fprintf(stderr, "received:\n"); 1716 hexdump(data, dlen); 1717 fprintf(stderr, "test data:\n"); 1718 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client)); 1719 goto err; 1720 } 1721 1722 if ((ssl->session = SSL_SESSION_new()) == NULL) 1723 errx(1, "failed to create session"); 1724 1725 ssl->internal->hit = 0; 1726 1727 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1728 if (!tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1729 FAIL("failed to parse client SNI\n"); 1730 goto err; 1731 } 1732 if (CBS_len(&cbs) != 0) { 1733 FAIL("extension data remaining\n"); 1734 goto err; 1735 } 1736 1737 if (ssl->session->tlsext_hostname == NULL) { 1738 FAIL("no tlsext_hostname from client SNI\n"); 1739 goto err; 1740 } 1741 1742 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || 1743 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME, 1744 strlen(TEST_SNI_SERVERNAME)) != 0) { 1745 FAIL("got tlsext_hostname `%s', want `%s'\n", 1746 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME); 1747 goto err; 1748 } 1749 1750 ssl->internal->hit = 1; 1751 1752 if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == 1753 NULL) 1754 errx(1, "failed to strdup tlsext_hostname"); 1755 1756 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1757 if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1758 FAIL("parsed client with mismatched SNI\n"); 1759 goto err; 1760 } 1761 1762 failure = 0; 1763 1764 err: 1765 CBB_cleanup(&cbb); 1766 SSL_CTX_free(ssl_ctx); 1767 SSL_free(ssl); 1768 free(data); 1769 1770 return (failure); 1771 } 1772 1773 static int 1774 test_tlsext_sni_server(void) 1775 { 1776 unsigned char *data = NULL; 1777 SSL_CTX *ssl_ctx = NULL; 1778 SSL *ssl = NULL; 1779 int failure; 1780 size_t dlen; 1781 int alert; 1782 CBB cbb; 1783 CBS cbs; 1784 1785 failure = 1; 1786 1787 CBB_init(&cbb, 0); 1788 1789 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 1790 errx(1, "failed to create SSL_CTX"); 1791 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1792 errx(1, "failed to create SSL"); 1793 1794 if ((ssl->session = SSL_SESSION_new()) == NULL) 1795 errx(1, "failed to create session"); 1796 1797 if (tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1798 FAIL("server should not need SNI\n"); 1799 goto err; 1800 } 1801 1802 if (!SSL_set_tlsext_host_name(ssl, TEST_SNI_SERVERNAME)) { 1803 FAIL("client failed to set server name\n"); 1804 goto err; 1805 } 1806 1807 if ((ssl->session->tlsext_hostname = strdup(TEST_SNI_SERVERNAME)) == 1808 NULL) 1809 errx(1, "failed to strdup tlsext_hostname"); 1810 1811 if (!tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1812 FAIL("server should need SNI\n"); 1813 goto err; 1814 } 1815 1816 if (!tlsext_sni_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1817 FAIL("server failed to build SNI\n"); 1818 goto err; 1819 } 1820 1821 if (!CBB_finish(&cbb, &data, &dlen)) 1822 errx(1, "failed to finish CBB"); 1823 1824 if (dlen != sizeof(tlsext_sni_server)) { 1825 FAIL("got server SNI with length %zu, " 1826 "want length %zu\n", dlen, sizeof(tlsext_sni_server)); 1827 goto err; 1828 } 1829 1830 if (memcmp(data, tlsext_sni_server, dlen) != 0) { 1831 FAIL("server SNI differs:\n"); 1832 fprintf(stderr, "received:\n"); 1833 hexdump(data, dlen); 1834 fprintf(stderr, "test data:\n"); 1835 hexdump(tlsext_sni_server, sizeof(tlsext_sni_server)); 1836 goto err; 1837 } 1838 1839 free(ssl->session->tlsext_hostname); 1840 ssl->session->tlsext_hostname = NULL; 1841 1842 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server)); 1843 if (!tlsext_sni_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1844 FAIL("failed to parse server SNI\n"); 1845 goto err; 1846 } 1847 if (CBS_len(&cbs) != 0) { 1848 FAIL("extension data remaining\n"); 1849 goto err; 1850 } 1851 1852 if (ssl->session->tlsext_hostname == NULL) { 1853 FAIL("no tlsext_hostname after server SNI\n"); 1854 goto err; 1855 } 1856 1857 if (strlen(ssl->session->tlsext_hostname) != strlen(TEST_SNI_SERVERNAME) || 1858 strncmp(ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME, 1859 strlen(TEST_SNI_SERVERNAME)) != 0) { 1860 FAIL("got tlsext_hostname `%s', want `%s'\n", 1861 ssl->session->tlsext_hostname, TEST_SNI_SERVERNAME); 1862 goto err; 1863 } 1864 1865 failure = 0; 1866 1867 err: 1868 CBB_cleanup(&cbb); 1869 SSL_CTX_free(ssl_ctx); 1870 SSL_free(ssl); 1871 free(data); 1872 1873 return (failure); 1874 } 1875 1876 static unsigned char tls_ocsp_client_default[] = { 1877 0x01, 0x00, 0x00, 0x00, 0x00 1878 }; 1879 1880 static int 1881 test_tlsext_ocsp_client(void) 1882 { 1883 unsigned char *data = NULL; 1884 SSL_CTX *ssl_ctx = NULL; 1885 SSL *ssl = NULL; 1886 size_t dlen; 1887 int failure; 1888 int alert; 1889 CBB cbb; 1890 CBS cbs; 1891 1892 failure = 1; 1893 1894 CBB_init(&cbb, 0); 1895 1896 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 1897 errx(1, "failed to create SSL_CTX"); 1898 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1899 errx(1, "failed to create SSL"); 1900 1901 if (tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1902 FAIL("client should not need ocsp\n"); 1903 goto err; 1904 } 1905 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); 1906 1907 if (!tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1908 FAIL("client should need ocsp\n"); 1909 goto err; 1910 } 1911 if (!tlsext_ocsp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1912 FAIL("client failed to build SNI\n"); 1913 goto err; 1914 } 1915 if (!CBB_finish(&cbb, &data, &dlen)) 1916 errx(1, "failed to finish CBB"); 1917 1918 if (dlen != sizeof(tls_ocsp_client_default)) { 1919 FAIL("got ocsp client with length %zu, " 1920 "want length %zu\n", dlen, 1921 sizeof(tls_ocsp_client_default)); 1922 goto err; 1923 } 1924 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) { 1925 FAIL("ocsp client differs:\n"); 1926 fprintf(stderr, "received:\n"); 1927 hexdump(data, dlen); 1928 fprintf(stderr, "test data:\n"); 1929 hexdump(tls_ocsp_client_default, 1930 sizeof(tls_ocsp_client_default)); 1931 goto err; 1932 } 1933 CBS_init(&cbs, tls_ocsp_client_default, 1934 sizeof(tls_ocsp_client_default)); 1935 if (!tlsext_ocsp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1936 FAIL("failed to parse ocsp client\n"); 1937 goto err; 1938 } 1939 if (CBS_len(&cbs) != 0) { 1940 FAIL("extension data remaining\n"); 1941 goto err; 1942 } 1943 1944 failure = 0; 1945 1946 err: 1947 CBB_cleanup(&cbb); 1948 SSL_CTX_free(ssl_ctx); 1949 SSL_free(ssl); 1950 free(data); 1951 1952 return (failure); 1953 } 1954 1955 static int 1956 test_tlsext_ocsp_server(void) 1957 { 1958 unsigned char *data = NULL; 1959 SSL_CTX *ssl_ctx = NULL; 1960 SSL *ssl = NULL; 1961 size_t dlen; 1962 int failure; 1963 CBB cbb; 1964 1965 failure = 1; 1966 1967 CBB_init(&cbb, 0); 1968 1969 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 1970 errx(1, "failed to create SSL_CTX"); 1971 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1972 errx(1, "failed to create SSL"); 1973 1974 if (tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1975 FAIL("server should not need ocsp\n"); 1976 goto err; 1977 } 1978 1979 ssl->internal->tlsext_status_expected = 1; 1980 1981 if (!tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1982 FAIL("server should need ocsp\n"); 1983 goto err; 1984 } 1985 if (!tlsext_ocsp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1986 FAIL("server failed to build ocsp\n"); 1987 goto err; 1988 } 1989 1990 if (!CBB_finish(&cbb, &data, &dlen)) 1991 errx(1, "failed to finish CBB"); 1992 1993 failure = 0; 1994 1995 err: 1996 CBB_cleanup(&cbb); 1997 SSL_CTX_free(ssl_ctx); 1998 SSL_free(ssl); 1999 free(data); 2000 2001 return (failure); 2002 } 2003 2004 /* 2005 * Session ticket - RFC 5077 since no known implementations use 4507. 2006 * 2007 * Session tickets can be length 0 (special case) to 2^16-1. 2008 * 2009 * The state is encrypted by the server so it is opaque to the client. 2010 */ 2011 static uint8_t tlsext_sessionticket_hello_min[1]; 2012 static uint8_t tlsext_sessionticket_hello_max[65535]; 2013 2014 static int 2015 test_tlsext_sessionticket_client(void) 2016 { 2017 unsigned char *data = NULL; 2018 SSL_CTX *ssl_ctx = NULL; 2019 SSL *ssl = NULL; 2020 int failure; 2021 CBB cbb; 2022 size_t dlen; 2023 uint8_t dummy[1234]; 2024 2025 failure = 1; 2026 2027 CBB_init(&cbb, 0); 2028 2029 /* Create fake session tickets with random data. */ 2030 arc4random_buf(tlsext_sessionticket_hello_min, 2031 sizeof(tlsext_sessionticket_hello_min)); 2032 arc4random_buf(tlsext_sessionticket_hello_max, 2033 sizeof(tlsext_sessionticket_hello_max)); 2034 2035 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 2036 errx(1, "failed to create SSL_CTX"); 2037 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2038 errx(1, "failed to create SSL"); 2039 2040 /* Should need a ticket by default. */ 2041 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2042 FAIL("client should need Sessionticket for default " 2043 "ciphers\n"); 2044 goto err; 2045 } 2046 2047 /* Test disabling tickets. */ 2048 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { 2049 FAIL("Cannot disable tickets in the TLS connection\n"); 2050 return 0; 2051 } 2052 if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2053 FAIL("client should not need SessionTicket if it was disabled\n"); 2054 goto err; 2055 } 2056 2057 /* Test re-enabling tickets. */ 2058 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { 2059 FAIL("Cannot re-enable tickets in the TLS connection\n"); 2060 return 0; 2061 } 2062 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2063 FAIL("client should need SessionTicket if it was disabled\n"); 2064 goto err; 2065 } 2066 2067 /* Since we don't have a session, we should build an empty ticket. */ 2068 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2069 FAIL("Cannot build a ticket\n"); 2070 goto err; 2071 } 2072 if (!CBB_finish(&cbb, &data, &dlen)) { 2073 FAIL("Cannot finish CBB\n"); 2074 goto err; 2075 } 2076 if (dlen != 0) { 2077 FAIL("Expected 0 length but found %zu\n", dlen); 2078 goto err; 2079 } 2080 2081 CBB_cleanup(&cbb); 2082 CBB_init(&cbb, 0); 2083 free(data); 2084 data = NULL; 2085 2086 /* With a new session (but no ticket), we should still have 0 length */ 2087 if ((ssl->session = SSL_SESSION_new()) == NULL) 2088 errx(1, "failed to create session"); 2089 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2090 FAIL("Should still want a session ticket with a new session\n"); 2091 goto err; 2092 } 2093 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2094 FAIL("Cannot build a ticket\n"); 2095 goto err; 2096 } 2097 if (!CBB_finish(&cbb, &data, &dlen)) { 2098 FAIL("Cannot finish CBB\n"); 2099 goto err; 2100 } 2101 if (dlen != 0) { 2102 FAIL("Expected 0 length but found %zu\n", dlen); 2103 goto err; 2104 } 2105 2106 CBB_cleanup(&cbb); 2107 CBB_init(&cbb, 0); 2108 free(data); 2109 data = NULL; 2110 2111 /* With a new session (and ticket), we should use that ticket */ 2112 SSL_SESSION_free(ssl->session); 2113 if ((ssl->session = SSL_SESSION_new()) == NULL) 2114 errx(1, "failed to create session"); 2115 2116 arc4random_buf(&dummy, sizeof(dummy)); 2117 if ((ssl->session->tlsext_tick = malloc(sizeof(dummy))) == NULL) { 2118 errx(1, "failed to malloc"); 2119 } 2120 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); 2121 ssl->session->tlsext_ticklen = sizeof(dummy); 2122 2123 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2124 FAIL("Should still want a session ticket with a new session\n"); 2125 goto err; 2126 } 2127 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2128 FAIL("Cannot build a ticket\n"); 2129 goto err; 2130 } 2131 if (!CBB_finish(&cbb, &data, &dlen)) { 2132 FAIL("Cannot finish CBB\n"); 2133 goto err; 2134 } 2135 if (dlen != sizeof(dummy)) { 2136 FAIL("Expected %zu length but found %zu\n", sizeof(dummy), dlen); 2137 goto err; 2138 } 2139 if (memcmp(data, dummy, dlen) != 0) { 2140 FAIL("server SNI differs:\n"); 2141 compare_data(data, dlen, 2142 dummy, sizeof(dummy)); 2143 goto err; 2144 } 2145 2146 CBB_cleanup(&cbb); 2147 CBB_init(&cbb, 0); 2148 free(data); 2149 data = NULL; 2150 free(ssl->session->tlsext_tick); 2151 ssl->session->tlsext_tick = NULL; 2152 ssl->session->tlsext_ticklen = 0; 2153 2154 /* 2155 * Send in NULL to disable session tickets at runtime without going 2156 * through SSL_set_options(). 2157 */ 2158 if (!SSL_set_session_ticket_ext(ssl, NULL, 0)) { 2159 FAIL("Could not set a NULL custom ticket\n"); 2160 goto err; 2161 } 2162 /* Should not need a ticket in this case */ 2163 if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2164 FAIL("Should not want to use session tickets with a NULL custom\n"); 2165 goto err; 2166 } 2167 2168 /* 2169 * If you want to remove the tlsext_session_ticket behavior, you have 2170 * to do it manually. 2171 */ 2172 free(ssl->internal->tlsext_session_ticket); 2173 ssl->internal->tlsext_session_ticket = NULL; 2174 2175 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2176 FAIL("Should need a session ticket again when the custom one is removed\n"); 2177 goto err; 2178 } 2179 2180 /* Test a custom session ticket (not recommended in practice) */ 2181 if (!SSL_set_session_ticket_ext(ssl, tlsext_sessionticket_hello_max, 2182 sizeof(tlsext_sessionticket_hello_max))) { 2183 FAIL("Should be able to set a custom ticket\n"); 2184 goto err; 2185 } 2186 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2187 FAIL("Should need a session ticket again when the custom one is not empty\n"); 2188 goto err; 2189 } 2190 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2191 FAIL("Cannot build a ticket with a max length random payload\n"); 2192 goto err; 2193 } 2194 if (!CBB_finish(&cbb, &data, &dlen)) { 2195 FAIL("Cannot finish CBB\n"); 2196 goto err; 2197 } 2198 if (dlen != sizeof(tlsext_sessionticket_hello_max)) { 2199 FAIL("Expected %zu length but found %zu\n", 2200 sizeof(tlsext_sessionticket_hello_max), dlen); 2201 goto err; 2202 } 2203 if (memcmp(data, tlsext_sessionticket_hello_max, 2204 sizeof(tlsext_sessionticket_hello_max)) != 0) { 2205 FAIL("Expected to get what we passed in\n"); 2206 compare_data(data, dlen, 2207 tlsext_sessionticket_hello_max, 2208 sizeof(tlsext_sessionticket_hello_max)); 2209 goto err; 2210 } 2211 2212 failure = 0; 2213 2214 err: 2215 CBB_cleanup(&cbb); 2216 SSL_CTX_free(ssl_ctx); 2217 SSL_free(ssl); 2218 free(data); 2219 2220 return (failure); 2221 } 2222 2223 2224 static int 2225 test_tlsext_sessionticket_server(void) 2226 { 2227 SSL_CTX *ssl_ctx = NULL; 2228 SSL *ssl = NULL; 2229 int failure; 2230 uint8_t *data; 2231 size_t dlen; 2232 CBB cbb; 2233 2234 CBB_init(&cbb, 0); 2235 2236 failure = 1; 2237 2238 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 2239 errx(1, "failed to create SSL_CTX"); 2240 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2241 errx(1, "failed to create SSL"); 2242 2243 /* 2244 * By default, should not need a session ticket since the ticket 2245 * is not yet expected. 2246 */ 2247 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 2248 FAIL("server should not need SessionTicket by default\n"); 2249 goto err; 2250 } 2251 2252 /* Test disabling tickets. */ 2253 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { 2254 FAIL("Cannot disable tickets in the TLS connection\n"); 2255 return 0; 2256 } 2257 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 2258 FAIL("server should not need SessionTicket if it was disabled\n"); 2259 goto err; 2260 } 2261 2262 /* Test re-enabling tickets. */ 2263 if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { 2264 FAIL("Cannot re-enable tickets in the TLS connection\n"); 2265 return 0; 2266 } 2267 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 2268 FAIL("server should not need SessionTicket yet\n"); 2269 goto err; 2270 } 2271 2272 /* Set expected to require it. */ 2273 ssl->internal->tlsext_ticket_expected = 1; 2274 if (!tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 2275 FAIL("server should now be required for SessionTicket\n"); 2276 goto err; 2277 } 2278 2279 /* server hello's session ticket should always be 0 length payload. */ 2280 if (!tlsext_sessionticket_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 2281 FAIL("Cannot build a ticket with a max length random payload\n"); 2282 goto err; 2283 } 2284 if (!CBB_finish(&cbb, &data, &dlen)) { 2285 FAIL("Cannot finish CBB\n"); 2286 goto err; 2287 } 2288 if (dlen != 0) { 2289 FAIL("Expected 0 length but found %zu\n", dlen); 2290 goto err; 2291 } 2292 2293 failure = 0; 2294 2295 err: 2296 SSL_CTX_free(ssl_ctx); 2297 SSL_free(ssl); 2298 2299 return (failure); 2300 } 2301 2302 #ifndef OPENSSL_NO_SRTP 2303 /* 2304 * Supported Secure Real-time Transport Protocol (RFC 5764 section 4.1.1) 2305 */ 2306 2307 /* Colon separated string values */ 2308 const char *tlsext_srtp_single_profile = "SRTP_AES128_CM_SHA1_80"; 2309 const char *tlsext_srtp_multiple_profiles = "SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"; 2310 2311 const char *tlsext_srtp_aes128cmsha80 = "SRTP_AES128_CM_SHA1_80"; 2312 const char *tlsext_srtp_aes128cmsha32 = "SRTP_AES128_CM_SHA1_32"; 2313 2314 const uint8_t tlsext_srtp_single[] = { 2315 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2316 0x00, 0x02, /* len */ 2317 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */ 2318 0x00 /* opaque srtp_mki<0..255> */ 2319 }; 2320 2321 const uint8_t tlsext_srtp_multiple[] = { 2322 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2323 0x00, 0x04, /* len */ 2324 0x00, 0x01, /* SRTP_AES128_CM_SHA1_80 */ 2325 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */ 2326 0x00 /* opaque srtp_mki<0..255> */ 2327 }; 2328 2329 const uint8_t tlsext_srtp_multiple_invalid[] = { 2330 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2331 0x00, 0x04, /* len */ 2332 0x00, 0x08, /* arbitrary value not found in known profiles */ 2333 0x00, 0x09, /* arbitrary value not found in known profiles */ 2334 0x00 /* opaque srtp_mki<0..255> */ 2335 }; 2336 2337 const uint8_t tlsext_srtp_single_invalid[] = { 2338 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2339 0x00, 0x02, /* len */ 2340 0x00, 0x08, /* arbitrary value not found in known profiles */ 2341 0x00 /* opaque srtp_mki<0..255> */ 2342 }; 2343 2344 const uint8_t tlsext_srtp_multiple_one_valid[] = { 2345 /* SRTPProtectionProfile SRTPProtectionProfiles<2..2^16-1> */ 2346 0x00, 0x04, /* len */ 2347 0x00, 0x08, /* arbitrary value not found in known profiles */ 2348 0x00, 0x02, /* SRTP_AES128_CM_SHA1_32 */ 2349 0x00 /* opaque srtp_mki<0..255> */ 2350 }; 2351 2352 static int 2353 test_tlsext_srtp_client(void) 2354 { 2355 SRTP_PROTECTION_PROFILE *prof; 2356 SSL_CTX *ssl_ctx = NULL; 2357 SSL *ssl = NULL; 2358 uint8_t *data = NULL; 2359 CBB cbb; 2360 CBS cbs; 2361 int failure, alert; 2362 size_t dlen; 2363 2364 CBB_init(&cbb, 0); 2365 2366 failure = 1; 2367 2368 /* SRTP is for DTLS */ 2369 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) 2370 errx(1, "failed to create SSL_CTX"); 2371 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2372 errx(1, "failed to create SSL"); 2373 2374 /* By default, we don't need this */ 2375 if (tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2376 FAIL("client should not need SRTP by default\n"); 2377 goto err; 2378 } 2379 2380 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_single_profile) != 0) { 2381 FAIL("should be able to set a single SRTP\n"); 2382 goto err; 2383 } 2384 if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2385 FAIL("client should need SRTP\n"); 2386 goto err; 2387 } 2388 2389 /* Make sure we can build the client with a single profile. */ 2390 2391 if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2392 FAIL("client failed to build SRTP\n"); 2393 goto err; 2394 } 2395 if (!CBB_finish(&cbb, &data, &dlen)) 2396 errx(1, "failed to finish CBB"); 2397 2398 if (dlen != sizeof(tlsext_srtp_single)) { 2399 FAIL("got client SRTP with length %zu, " 2400 "want length %zu\n", dlen, 2401 sizeof(tlsext_srtp_single)); 2402 compare_data(data, dlen, tlsext_srtp_single, 2403 sizeof(tlsext_srtp_single)); 2404 goto err; 2405 } 2406 if (memcmp(data, tlsext_srtp_single, dlen) != 0) { 2407 FAIL("client SRTP differs:\n"); 2408 compare_data(data, dlen, tlsext_srtp_single, 2409 sizeof(tlsext_srtp_single)); 2410 goto err; 2411 } 2412 2413 CBB_cleanup(&cbb); 2414 CBB_init(&cbb, 0); 2415 free(data); 2416 data = NULL; 2417 2418 /* Make sure we can parse the single profile. */ 2419 2420 if (SSL_get_selected_srtp_profile(ssl) != NULL) { 2421 FAIL("SRTP profile should not be set yet\n"); 2422 goto err; 2423 } 2424 2425 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2426 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2427 FAIL("failed to parse SRTP\n"); 2428 goto err; 2429 } 2430 if (CBS_len(&cbs) != 0) { 2431 FAIL("extension data remaining\n"); 2432 goto err; 2433 } 2434 2435 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2436 FAIL("SRTP profile should be set now\n"); 2437 goto err; 2438 } 2439 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) { 2440 FAIL("SRTP profile was not set properly\n"); 2441 goto err; 2442 } 2443 2444 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2445 FAIL("should send server extension when profile selected\n"); 2446 goto err; 2447 } 2448 2449 /* Make sure we can build the clienthello with multiple entries. */ 2450 2451 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) { 2452 FAIL("should be able to set SRTP to multiple profiles\n"); 2453 goto err; 2454 } 2455 if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2456 FAIL("client should need SRTP by now\n"); 2457 goto err; 2458 } 2459 2460 if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2461 FAIL("client failed to build SRTP\n"); 2462 goto err; 2463 } 2464 if (!CBB_finish(&cbb, &data, &dlen)) 2465 errx(1, "failed to finish CBB"); 2466 2467 if (dlen != sizeof(tlsext_srtp_multiple)) { 2468 FAIL("got client SRTP with length %zu, " 2469 "want length %zu\n", dlen, 2470 sizeof(tlsext_srtp_multiple)); 2471 compare_data(data, dlen, tlsext_srtp_multiple, 2472 sizeof(tlsext_srtp_multiple)); 2473 goto err; 2474 } 2475 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) { 2476 FAIL("client SRTP differs:\n"); 2477 compare_data(data, dlen, tlsext_srtp_multiple, 2478 sizeof(tlsext_srtp_multiple)); 2479 goto err; 2480 } 2481 2482 CBB_cleanup(&cbb); 2483 CBB_init(&cbb, 0); 2484 free(data); 2485 data = NULL; 2486 2487 /* Make sure we can parse multiple profiles (selects server preferred) */ 2488 2489 ssl->internal->srtp_profile = NULL; 2490 2491 CBS_init(&cbs, tlsext_srtp_multiple, 2492 sizeof(tlsext_srtp_multiple)); 2493 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2494 FAIL("failed to parse SRTP\n"); 2495 goto err; 2496 } 2497 if (CBS_len(&cbs) != 0) { 2498 FAIL("extension data remaining\n"); 2499 goto err; 2500 } 2501 2502 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2503 FAIL("SRTP profile should be set now\n"); 2504 goto err; 2505 } 2506 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) { 2507 FAIL("SRTP profile was not set properly\n"); 2508 goto err; 2509 } 2510 2511 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2512 FAIL("should send server extension when profile selected\n"); 2513 goto err; 2514 } 2515 2516 /* 2517 * Make sure we can parse the clienthello with multiple entries 2518 * where one is unknown. 2519 */ 2520 ssl->internal->srtp_profile = NULL; 2521 2522 CBS_init(&cbs, tlsext_srtp_multiple_one_valid, 2523 sizeof(tlsext_srtp_multiple_one_valid)); 2524 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2525 FAIL("failed to parse SRTP\n"); 2526 goto err; 2527 } 2528 if (CBS_len(&cbs) != 0) { 2529 FAIL("extension data remaining\n"); 2530 goto err; 2531 } 2532 2533 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2534 FAIL("SRTP profile should be set now\n"); 2535 goto err; 2536 } 2537 if (strcmp(prof->name, tlsext_srtp_aes128cmsha32) != 0) { 2538 FAIL("SRTP profile was not set properly\n"); 2539 goto err; 2540 } 2541 2542 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2543 FAIL("should send server extension when profile selected\n"); 2544 goto err; 2545 } 2546 2547 /* Make sure we fall back to negotiated when none work. */ 2548 2549 ssl->internal->srtp_profile = NULL; 2550 2551 CBS_init(&cbs, tlsext_srtp_multiple_invalid, 2552 sizeof(tlsext_srtp_multiple_invalid)); 2553 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2554 FAIL("should be able to fall back to negotiated\n"); 2555 goto err; 2556 } 2557 if (CBS_len(&cbs) != 0) { 2558 FAIL("extension data remaining\n"); 2559 goto err; 2560 } 2561 2562 /* If we fallback, the server should NOT send the extension. */ 2563 if (SSL_get_selected_srtp_profile(ssl) != NULL) { 2564 FAIL("should not have selected a profile when none found\n"); 2565 goto err; 2566 } 2567 if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2568 FAIL("should not send server tlsext when no profile found\n"); 2569 goto err; 2570 } 2571 2572 failure = 0; 2573 2574 err: 2575 CBB_cleanup(&cbb); 2576 SSL_CTX_free(ssl_ctx); 2577 SSL_free(ssl); 2578 free(data); 2579 2580 return (failure); 2581 } 2582 2583 static int 2584 test_tlsext_srtp_server(void) 2585 { 2586 SRTP_PROTECTION_PROFILE *prof; 2587 SSL_CTX *ssl_ctx = NULL; 2588 SSL *ssl = NULL; 2589 uint8_t *data = NULL; 2590 CBB cbb; 2591 CBS cbs; 2592 int failure, alert; 2593 size_t dlen; 2594 2595 CBB_init(&cbb, 0); 2596 2597 failure = 1; 2598 2599 /* SRTP is for DTLS */ 2600 if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) 2601 errx(1, "failed to create SSL_CTX"); 2602 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2603 errx(1, "failed to create SSL"); 2604 2605 /* By default, we don't need this */ 2606 if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 2607 FAIL("server should not need SRTP by default\n"); 2608 goto err; 2609 } 2610 2611 if (srtp_find_profile_by_name((char *)tlsext_srtp_aes128cmsha80, &prof, 2612 strlen(tlsext_srtp_aes128cmsha80))) { 2613 FAIL("should be able to find the given profile\n"); 2614 goto err; 2615 } 2616 ssl->internal->srtp_profile = prof; 2617 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 2618 FAIL("server should need SRTP by now\n"); 2619 goto err; 2620 } 2621 2622 /* Make sure we can build the server with a single profile. */ 2623 2624 if (!tlsext_srtp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 2625 FAIL("server failed to build SRTP\n"); 2626 goto err; 2627 } 2628 if (!CBB_finish(&cbb, &data, &dlen)) 2629 errx(1, "failed to finish CBB"); 2630 2631 if (dlen != sizeof(tlsext_srtp_single)) { 2632 FAIL("got server SRTP with length %zu, " 2633 "want length %zu\n", dlen, 2634 sizeof(tlsext_srtp_single)); 2635 compare_data(data, dlen, tlsext_srtp_single, 2636 sizeof(tlsext_srtp_single)); 2637 goto err; 2638 } 2639 if (memcmp(data, tlsext_srtp_single, dlen) != 0) { 2640 FAIL("server SRTP differs:\n"); 2641 compare_data(data, dlen, tlsext_srtp_single, 2642 sizeof(tlsext_srtp_single)); 2643 goto err; 2644 } 2645 2646 CBB_cleanup(&cbb); 2647 CBB_init(&cbb, 0); 2648 free(data); 2649 data = NULL; 2650 2651 /* Make sure we can parse the single profile. */ 2652 ssl->internal->srtp_profile = NULL; 2653 2654 if (SSL_get_selected_srtp_profile(ssl) != NULL) { 2655 FAIL("SRTP profile should not be set yet\n"); 2656 goto err; 2657 } 2658 2659 /* Setup the environment as if a client sent a list of profiles. */ 2660 if (SSL_set_tlsext_use_srtp(ssl, tlsext_srtp_multiple_profiles) != 0) { 2661 FAIL("should be able to set multiple profiles in SRTP\n"); 2662 goto err; 2663 } 2664 2665 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2666 if (!tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 2667 FAIL("failed to parse SRTP\n"); 2668 goto err; 2669 } 2670 if (CBS_len(&cbs) != 0) { 2671 FAIL("extension data remaining\n"); 2672 goto err; 2673 } 2674 2675 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2676 FAIL("SRTP profile should be set now\n"); 2677 goto err; 2678 } 2679 if (strcmp(prof->name, tlsext_srtp_aes128cmsha80) != 0) { 2680 FAIL("SRTP profile was not set properly\n"); 2681 goto err; 2682 } 2683 2684 /* Make sure we cannot parse multiple profiles */ 2685 ssl->internal->srtp_profile = NULL; 2686 2687 CBS_init(&cbs, tlsext_srtp_multiple, 2688 sizeof(tlsext_srtp_multiple)); 2689 if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 2690 FAIL("should not find multiple entries from the server\n"); 2691 goto err; 2692 } 2693 2694 /* Make sure we cannot parse a server with unknown profile */ 2695 ssl->internal->srtp_profile = NULL; 2696 2697 CBS_init(&cbs, tlsext_srtp_single_invalid, 2698 sizeof(tlsext_srtp_single_invalid)); 2699 if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 2700 FAIL("should not be able to parse this\n"); 2701 goto err; 2702 } 2703 2704 failure = 0; 2705 2706 err: 2707 CBB_cleanup(&cbb); 2708 SSL_CTX_free(ssl_ctx); 2709 SSL_free(ssl); 2710 free(data); 2711 2712 return (failure); 2713 } 2714 #endif /* OPENSSL_NO_SRTP */ 2715 2716 unsigned char tlsext_clienthello_default[] = { 2717 0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 2718 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 2719 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23, 2720 0x00, 0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 2721 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 2722 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 2723 0x04, 0x03, 0x02, 0x01, 0x02, 0x03, 2724 }; 2725 2726 unsigned char tlsext_clienthello_disabled[] = {}; 2727 2728 static int 2729 test_tlsext_clienthello_build(void) 2730 { 2731 unsigned char *data = NULL; 2732 SSL_CTX *ssl_ctx = NULL; 2733 SSL *ssl = NULL; 2734 size_t dlen; 2735 int failure; 2736 CBB cbb; 2737 2738 failure = 1; 2739 2740 if (!CBB_init(&cbb, 0)) 2741 errx(1, "failed to create CBB"); 2742 2743 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 2744 errx(1, "failed to create SSL_CTX"); 2745 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2746 errx(1, "failed to create SSL"); 2747 2748 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2749 FAIL("failed to build clienthello extensions\n"); 2750 goto err; 2751 } 2752 if (!CBB_finish(&cbb, &data, &dlen)) 2753 errx(1, "failed to finish CBB"); 2754 2755 if (dlen != sizeof(tlsext_clienthello_default)) { 2756 FAIL("got clienthello extensions with length %zu, " 2757 "want length %zu\n", dlen, 2758 sizeof(tlsext_clienthello_default)); 2759 compare_data(data, dlen, tlsext_clienthello_default, 2760 sizeof(tlsext_clienthello_default)); 2761 goto err; 2762 } 2763 if (memcmp(data, tlsext_clienthello_default, dlen) != 0) { 2764 FAIL("clienthello extensions differs:\n"); 2765 compare_data(data, dlen, tlsext_clienthello_default, 2766 sizeof(tlsext_clienthello_default)); 2767 goto err; 2768 } 2769 2770 CBB_cleanup(&cbb); 2771 CBB_init(&cbb, 0); 2772 2773 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */ 2774 ssl->client_version = TLS1_1_VERSION; 2775 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 2776 FAIL("failed to set cipher list\n"); 2777 goto err; 2778 } 2779 if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { 2780 FAIL("failed to disable session tickets\n"); 2781 return 0; 2782 } 2783 2784 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2785 FAIL("failed to build clienthello extensions\n"); 2786 goto err; 2787 } 2788 if (!CBB_finish(&cbb, &data, &dlen)) 2789 errx(1, "failed to finish CBB"); 2790 2791 if (dlen != sizeof(tlsext_clienthello_disabled)) { 2792 FAIL("got clienthello extensions with length %zu, " 2793 "want length %zu\n", dlen, 2794 sizeof(tlsext_clienthello_disabled)); 2795 compare_data(data, dlen, tlsext_clienthello_disabled, 2796 sizeof(tlsext_clienthello_disabled)); 2797 goto err; 2798 } 2799 if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) { 2800 FAIL("clienthello extensions differs:\n"); 2801 compare_data(data, dlen, tlsext_clienthello_disabled, 2802 sizeof(tlsext_clienthello_disabled)); 2803 goto err; 2804 } 2805 2806 failure = 0; 2807 2808 err: 2809 CBB_cleanup(&cbb); 2810 SSL_CTX_free(ssl_ctx); 2811 SSL_free(ssl); 2812 free(data); 2813 2814 return (failure); 2815 } 2816 2817 unsigned char tlsext_serverhello_default[] = { 2818 0x00, 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 2819 }; 2820 2821 unsigned char tlsext_serverhello_enabled[] = { 2822 0x00, 0x10, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 2823 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 2824 0x00, 0x00, 2825 }; 2826 2827 static int 2828 test_tlsext_serverhello_build(void) 2829 { 2830 unsigned char *data = NULL; 2831 SSL_CTX *ssl_ctx = NULL; 2832 SSL *ssl = NULL; 2833 size_t dlen; 2834 int failure; 2835 CBB cbb; 2836 2837 failure = 1; 2838 2839 if (!CBB_init(&cbb, 0)) 2840 errx(1, "failed to create CBB"); 2841 2842 if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) 2843 errx(1, "failed to create SSL_CTX"); 2844 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2845 errx(1, "failed to create SSL"); 2846 if ((ssl->session = SSL_SESSION_new()) == NULL) 2847 errx(1, "failed to create session"); 2848 2849 S3I(ssl)->hs.new_cipher = 2850 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); 2851 2852 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 2853 FAIL("failed to build serverhello extensions\n"); 2854 goto err; 2855 } 2856 if (!CBB_finish(&cbb, &data, &dlen)) 2857 errx(1, "failed to finish CBB"); 2858 2859 if (dlen != sizeof(tlsext_serverhello_default)) { 2860 FAIL("got serverhello extensions with length %zu, " 2861 "want length %zu\n", dlen, 2862 sizeof(tlsext_serverhello_default)); 2863 compare_data(data, dlen, tlsext_serverhello_default, 2864 sizeof(tlsext_serverhello_default)); 2865 goto err; 2866 } 2867 if (memcmp(data, tlsext_serverhello_default, dlen) != 0) { 2868 FAIL("serverhello extensions differs:\n"); 2869 compare_data(data, dlen, tlsext_serverhello_default, 2870 sizeof(tlsext_serverhello_default)); 2871 goto err; 2872 } 2873 2874 CBB_cleanup(&cbb); 2875 CBB_init(&cbb, 0); 2876 2877 /* Turn a few things on so we get extensions... */ 2878 S3I(ssl)->send_connection_binding = 1; 2879 S3I(ssl)->hs.new_cipher = 2880 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); 2881 ssl->internal->tlsext_status_expected = 1; 2882 ssl->internal->tlsext_ticket_expected = 1; 2883 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(1)) == NULL) 2884 errx(1, "malloc failed"); 2885 SSI(ssl)->tlsext_ecpointformatlist_length = 1; 2886 SSI(ssl)->tlsext_ecpointformatlist[0] = 2887 TLSEXT_ECPOINTFORMAT_uncompressed; 2888 2889 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 2890 FAIL("failed to build serverhello extensions\n"); 2891 goto err; 2892 } 2893 if (!CBB_finish(&cbb, &data, &dlen)) 2894 errx(1, "failed to finish CBB"); 2895 2896 if (dlen != sizeof(tlsext_serverhello_enabled)) { 2897 FAIL("got serverhello extensions with length %zu, " 2898 "want length %zu\n", dlen, 2899 sizeof(tlsext_serverhello_enabled)); 2900 compare_data(data, dlen, tlsext_serverhello_enabled, 2901 sizeof(tlsext_serverhello_enabled)); 2902 goto err; 2903 } 2904 if (memcmp(data, tlsext_serverhello_enabled, dlen) != 0) { 2905 FAIL("serverhello extensions differs:\n"); 2906 compare_data(data, dlen, tlsext_serverhello_enabled, 2907 sizeof(tlsext_serverhello_enabled)); 2908 goto err; 2909 } 2910 2911 failure = 0; 2912 2913 err: 2914 CBB_cleanup(&cbb); 2915 SSL_CTX_free(ssl_ctx); 2916 SSL_free(ssl); 2917 free(data); 2918 2919 return (failure); 2920 } 2921 2922 const unsigned char tlsext_versions_client[] = { 2923 0x08, 0x03, 0x04, 0x03, 0x03, 0x03, 2924 0x02, 0x03, 0x01, 2925 }; 2926 2927 const unsigned char tlsext_versions_server[] = { 2928 0x03, 0x04, 2929 }; 2930 2931 static int 2932 test_tlsext_versions_client(void) 2933 { 2934 unsigned char *data = NULL; 2935 SSL_CTX *ssl_ctx = NULL; 2936 SSL *ssl = NULL; 2937 int failure = 0; 2938 size_t dlen; 2939 int alert; 2940 CBB cbb; 2941 CBS cbs; 2942 2943 CBB_init(&cbb, 0); 2944 2945 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 2946 errx(1, "failed to create SSL_CTX"); 2947 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2948 errx(1, "failed to create SSL"); 2949 2950 S3I(ssl)->hs_tls13.max_version = 0; 2951 2952 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2953 FAIL("client should not need versions\n"); 2954 failure = 1; 2955 goto done; 2956 } 2957 2958 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 2959 2960 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2961 FAIL("client should not need versions\n"); 2962 failure = 1; 2963 goto done; 2964 } 2965 2966 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 2967 2968 if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 2969 FAIL("client should need versions\n"); 2970 failure = 1; 2971 goto done; 2972 } 2973 2974 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 2975 S3I(ssl)->hs_tls13.min_version = 0; 2976 if (tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2977 FAIL("client should not have built versions\n"); 2978 failure = 1; 2979 goto done; 2980 } 2981 2982 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 2983 S3I(ssl)->hs_tls13.min_version = TLS1_VERSION; 2984 if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2985 FAIL("client should have built versions\n"); 2986 failure = 1; 2987 goto done; 2988 } 2989 2990 if (!CBB_finish(&cbb, &data, &dlen)) { 2991 FAIL("failed to finish CBB\n"); 2992 failure = 1; 2993 goto done; 2994 } 2995 2996 if (dlen != sizeof(tlsext_versions_client)) { 2997 FAIL("got versions with length %zu, " 2998 "want length %zu\n", dlen, sizeof(tlsext_versions_client)); 2999 failure = 1; 3000 goto done; 3001 } 3002 3003 CBS_init(&cbs, data, dlen); 3004 if (!tlsext_versions_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3005 FAIL("failed to parse client versions\n"); 3006 failure = 1; 3007 goto done; 3008 } 3009 if (CBS_len(&cbs) != 0) { 3010 FAIL("extension data remaining\n"); 3011 failure = 1; 3012 goto done; 3013 } 3014 done: 3015 CBB_cleanup(&cbb); 3016 SSL_CTX_free(ssl_ctx); 3017 SSL_free(ssl); 3018 free(data); 3019 3020 return (failure); 3021 } 3022 3023 3024 static int 3025 test_tlsext_versions_server(void) 3026 { 3027 unsigned char *data = NULL; 3028 SSL_CTX *ssl_ctx = NULL; 3029 SSL *ssl = NULL; 3030 int failure = 0; 3031 size_t dlen; 3032 int alert; 3033 CBB cbb; 3034 CBS cbs; 3035 3036 CBB_init(&cbb, 0); 3037 3038 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 3039 errx(1, "failed to create SSL_CTX"); 3040 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3041 errx(1, "failed to create SSL"); 3042 3043 ssl->version = TLS1_2_VERSION; 3044 3045 if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3046 FAIL("server should not need versions\n"); 3047 failure = 1; 3048 goto done; 3049 } 3050 3051 ssl->version = TLS1_3_VERSION; 3052 3053 if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3054 FAIL("server should need versions\n"); 3055 failure = 1; 3056 goto done; 3057 } 3058 3059 if (!tlsext_versions_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 3060 FAIL("server should have built versions\n"); 3061 failure = 1; 3062 goto done; 3063 } 3064 3065 if (!CBB_finish(&cbb, &data, &dlen)) { 3066 FAIL("failed to finish CBB\n"); 3067 failure = 1; 3068 goto done; 3069 } 3070 3071 if (dlen != sizeof(tlsext_versions_server)) { 3072 FAIL("got versions with length %zu, " 3073 "want length %zu\n", dlen, sizeof(tlsext_versions_server)); 3074 failure = 1; 3075 goto done; 3076 } 3077 3078 CBS_init(&cbs, data, dlen); 3079 if (!tlsext_versions_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3080 FAIL("failed to parse client versions\n"); 3081 failure = 1; 3082 goto done; 3083 } 3084 if (CBS_len(&cbs) != 0) { 3085 FAIL("extension data remaining\n"); 3086 failure = 1; 3087 goto done; 3088 } 3089 done: 3090 CBB_cleanup(&cbb); 3091 SSL_CTX_free(ssl_ctx); 3092 SSL_free(ssl); 3093 free(data); 3094 3095 return (failure); 3096 } 3097 3098 const unsigned char tlsext_keyshare_client[] = { 3099 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0xba, 0x83, 3100 0x2e, 0x4a, 0x18, 0xbe, 0x96, 0xd2, 0x71, 0x70, 3101 0x18, 0x04, 0xf9, 0x9d, 0x76, 0x98, 0xef, 0xe8, 3102 0x4f, 0x8b, 0x85, 0x41, 0xa4, 0xd9, 0x61, 0x57, 3103 0xad, 0x5b, 0xa4, 0xe9, 0x8b, 0x6b, 3104 }; 3105 3106 const unsigned char tlsext_keyshare_server[] = { 3107 0x00, 0x1d, 0x00, 0x20, 0xe5, 0xe8, 0x5a, 0xb9, 3108 0x7e, 0x12, 0x62, 0xe3, 0xd8, 0x7f, 0x6e, 0x3c, 3109 0xec, 0xa6, 0x8b, 0x99, 0x45, 0x77, 0x8e, 0x11, 3110 0xb3, 0xb9, 0x12, 0xb6, 0xbe, 0x35, 0xca, 0x51, 3111 0x76, 0x1e, 0xe8, 0x22 3112 }; 3113 3114 static int 3115 test_tlsext_keyshare_client(void) 3116 { 3117 unsigned char *data = NULL; 3118 SSL_CTX *ssl_ctx = NULL; 3119 SSL *ssl = NULL; 3120 int failure = 0; 3121 size_t dlen; 3122 int alert; 3123 CBB cbb; 3124 CBS cbs; 3125 3126 CBB_init(&cbb, 0); 3127 3128 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 3129 errx(1, "failed to create SSL_CTX"); 3130 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3131 errx(1, "failed to create SSL"); 3132 3133 if ((S3I(ssl)->hs_tls13.key_share = 3134 tls13_key_share_new_nid(NID_X25519)) == NULL) 3135 errx(1, "failed to create key share"); 3136 if (!tls13_key_share_generate(S3I(ssl)->hs_tls13.key_share)) 3137 errx(1, "failed to generate key share"); 3138 3139 S3I(ssl)->hs_tls13.max_version = 0; 3140 3141 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3142 FAIL("client should not need keyshare\n"); 3143 failure = 1; 3144 goto done; 3145 } 3146 3147 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 3148 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3149 FAIL("client should not need keyshare\n"); 3150 failure = 1; 3151 goto done; 3152 } 3153 3154 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3155 if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3156 FAIL("client should need keyshare\n"); 3157 failure = 1; 3158 goto done; 3159 } 3160 3161 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3162 if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 3163 FAIL("client should have built keyshare\n"); 3164 failure = 1; 3165 goto done; 3166 } 3167 3168 if (!CBB_finish(&cbb, &data, &dlen)) { 3169 FAIL("failed to finish CBB\n"); 3170 failure = 1; 3171 goto done; 3172 } 3173 3174 if (dlen != sizeof(tlsext_keyshare_client)) { 3175 FAIL("got client keyshare with length %zu, " 3176 "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client)); 3177 failure = 1; 3178 goto done; 3179 } 3180 3181 (ssl)->version = TLS1_3_VERSION; 3182 CBS_init(&cbs, data, dlen); 3183 3184 if (!tlsext_keyshare_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3185 FAIL("failed to parse client keyshare\n"); 3186 failure = 1; 3187 goto done; 3188 } 3189 3190 if (CBS_len(&cbs) != 0) { 3191 FAIL("extension data remaining\n"); 3192 failure = 1; 3193 goto done; 3194 } 3195 3196 3197 done: 3198 CBB_cleanup(&cbb); 3199 SSL_CTX_free(ssl_ctx); 3200 SSL_free(ssl); 3201 free(data); 3202 3203 return (failure); 3204 } 3205 3206 static int 3207 test_tlsext_keyshare_server(void) 3208 { 3209 unsigned char *data = NULL; 3210 SSL_CTX *ssl_ctx = NULL; 3211 SSL *ssl = NULL; 3212 int failure = 0; 3213 size_t dlen, idx; 3214 int alert; 3215 CBB cbb; 3216 CBS cbs; 3217 uint8_t bogokey[] = { 3218 0xe5, 0xe8, 0x5a, 0xb9, 0x7e, 0x12, 0x62, 0xe3, 3219 0xd8, 0x7f, 0x6e, 0x3c, 0xec, 0xa6, 0x8b, 0x99, 3220 0x45, 0x77, 0x8e, 0x11, 0xb3, 0xb9, 0x12, 0xb6, 3221 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, 3222 }; 3223 3224 CBB_init(&cbb, 0); 3225 3226 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 3227 errx(1, "failed to create SSL_CTX"); 3228 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3229 errx(1, "failed to create SSL"); 3230 3231 (ssl)->version = 0; 3232 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3233 FAIL("server should not need keyshare\n"); 3234 failure = 1; 3235 goto done; 3236 } 3237 3238 (ssl)->version = TLS1_2_VERSION; 3239 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3240 FAIL("server should not need keyshare\n"); 3241 failure = 1; 3242 goto done; 3243 } 3244 3245 ssl->version = TLS1_3_VERSION; 3246 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3247 FAIL("client should not need keyshare\n"); 3248 failure = 1; 3249 goto done; 3250 } 3251 3252 if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) { 3253 FAIL("failed to find keyshare extension\n"); 3254 failure = 1; 3255 goto done; 3256 } 3257 S3I(ssl)->hs.extensions_seen |= (1 << idx); 3258 3259 if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3260 FAIL("server should need keyshare\n"); 3261 failure = 1; 3262 goto done; 3263 } 3264 3265 if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 3266 FAIL("server should not have built a keyshare response\n"); 3267 failure = 1; 3268 goto done; 3269 } 3270 3271 if ((S3I(ssl)->hs_tls13.key_share = 3272 tls13_key_share_new_nid(NID_X25519)) == NULL) 3273 errx(1, "failed to create key share"); 3274 if (!tls13_key_share_generate(S3I(ssl)->hs_tls13.key_share)) 3275 errx(1, "failed to generate key share"); 3276 3277 CBS_init(&cbs, bogokey, sizeof(bogokey)); 3278 if (!tls13_key_share_peer_public(S3I(ssl)->hs_tls13.key_share, 3279 0x001d, &cbs)) { 3280 FAIL("failed to load peer public key\n"); 3281 failure = 1; 3282 goto done; 3283 } 3284 3285 if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 3286 FAIL("server should be able to build a keyshare response\n"); 3287 failure = 1; 3288 goto done; 3289 } 3290 3291 if (!CBB_finish(&cbb, &data, &dlen)) { 3292 FAIL("failed to finish CBB\n"); 3293 failure = 1; 3294 goto done; 3295 } 3296 3297 if (dlen != sizeof(tlsext_keyshare_server)) { 3298 FAIL("got server keyshare with length %zu, " 3299 "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); 3300 failure = 1; 3301 goto done; 3302 } 3303 3304 if ((S3I(ssl)->hs_tls13.key_share = 3305 tls13_key_share_new_nid(NID_X25519)) == NULL) 3306 errx(1, "failed to create key share"); 3307 if (!tls13_key_share_generate(S3I(ssl)->hs_tls13.key_share)) 3308 errx(1, "failed to generate key share"); 3309 3310 CBS_init(&cbs, data, dlen); 3311 3312 if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3313 FAIL("failed to parse server keyshare\n"); 3314 failure = 1; 3315 goto done; 3316 } 3317 3318 if (CBS_len(&cbs) != 0) { 3319 FAIL("extension data remaining\n"); 3320 failure = 1; 3321 goto done; 3322 } 3323 3324 done: 3325 CBB_cleanup(&cbb); 3326 SSL_CTX_free(ssl_ctx); 3327 SSL_free(ssl); 3328 free(data); 3329 3330 return (failure); 3331 } 3332 3333 /* One day I hope to be the only Muppet in this codebase */ 3334 const uint8_t cookie[] = "\n" 3335 " (o)(o) \n" 3336 " m' 'm \n" 3337 " M -****- M \n" 3338 " 'm m' \n" 3339 " m''''''''''m \n" 3340 " M M BB \n"; 3341 3342 static int 3343 test_tlsext_cookie_client(void) 3344 { 3345 unsigned char *data = NULL; 3346 SSL_CTX *ssl_ctx = NULL; 3347 SSL *ssl = NULL; 3348 int failure = 0; 3349 size_t dlen; 3350 int alert; 3351 CBB cbb; 3352 CBS cbs; 3353 3354 CBB_init(&cbb, 0); 3355 3356 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 3357 errx(1, "failed to create SSL_CTX"); 3358 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3359 errx(1, "failed to create SSL"); 3360 3361 S3I(ssl)->hs_tls13.max_version = 0; 3362 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3363 FAIL("client should not need cookie\n"); 3364 failure = 1; 3365 goto done; 3366 } 3367 3368 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 3369 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3370 FAIL("client should not need cookie\n"); 3371 failure = 1; 3372 goto done; 3373 } 3374 3375 3376 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3377 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3378 FAIL("client should not need cookie\n"); 3379 failure = 1; 3380 goto done; 3381 } 3382 3383 /* Normally would be set by receiving a server cookie in an HRR */ 3384 S3I(ssl)->hs_tls13.cookie = strdup(cookie); 3385 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie); 3386 3387 if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3388 FAIL("client should need cookie\n"); 3389 failure = 1; 3390 goto done; 3391 } 3392 3393 if (!tlsext_cookie_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 3394 FAIL("client should have built a cookie response\n"); 3395 failure = 1; 3396 goto done; 3397 } 3398 3399 if (!CBB_finish(&cbb, &data, &dlen)) { 3400 FAIL("failed to finish CBB\n"); 3401 failure = 1; 3402 goto done; 3403 } 3404 3405 if (dlen != strlen(cookie) + sizeof(uint16_t)) { 3406 FAIL("got cookie with length %zu, " 3407 "want length %zu\n", dlen, strlen(cookie) + 3408 sizeof(uint16_t)); 3409 failure = 1; 3410 goto done; 3411 } 3412 3413 CBS_init(&cbs, data, dlen); 3414 3415 /* Checks cookie against what's in the hs_tls13 */ 3416 if (!tlsext_cookie_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3417 FAIL("failed to parse client cookie\n"); 3418 failure = 1; 3419 goto done; 3420 } 3421 3422 if (CBS_len(&cbs) != 0) { 3423 FAIL("extension data remaining\n"); 3424 failure = 1; 3425 goto done; 3426 } 3427 3428 done: 3429 CBB_cleanup(&cbb); 3430 SSL_CTX_free(ssl_ctx); 3431 SSL_free(ssl); 3432 free(data); 3433 3434 return (failure); 3435 } 3436 3437 static int 3438 test_tlsext_cookie_server(void) 3439 { 3440 unsigned char *data = NULL; 3441 SSL_CTX *ssl_ctx = NULL; 3442 SSL *ssl = NULL; 3443 int failure = 0; 3444 size_t dlen; 3445 int alert; 3446 CBB cbb; 3447 CBS cbs; 3448 3449 CBB_init(&cbb, 0); 3450 3451 if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) 3452 errx(1, "failed to create SSL_CTX"); 3453 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3454 errx(1, "failed to create SSL"); 3455 3456 S3I(ssl)->hs_tls13.max_version = 0; 3457 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3458 FAIL("server should not need cookie\n"); 3459 failure = 1; 3460 goto done; 3461 } 3462 3463 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 3464 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3465 FAIL("server should not need cookie\n"); 3466 failure = 1; 3467 goto done; 3468 } 3469 3470 3471 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3472 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3473 FAIL("server should not need cookie\n"); 3474 failure = 1; 3475 goto done; 3476 } 3477 3478 /* Normally would be set by server before sending HRR */ 3479 S3I(ssl)->hs_tls13.cookie = strdup(cookie); 3480 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie); 3481 3482 if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3483 FAIL("server should need cookie\n"); 3484 failure = 1; 3485 goto done; 3486 } 3487 3488 if (!tlsext_cookie_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 3489 FAIL("server have built a cookie response\n"); 3490 failure = 1; 3491 goto done; 3492 } 3493 3494 if (!CBB_finish(&cbb, &data, &dlen)) { 3495 FAIL("failed to finish CBB\n"); 3496 failure = 1; 3497 goto done; 3498 } 3499 3500 if (dlen != strlen(cookie) + sizeof(uint16_t)) { 3501 FAIL("got cookie with length %zu, " 3502 "want length %zu\n", dlen, strlen(cookie) + 3503 sizeof(uint16_t)); 3504 failure = 1; 3505 goto done; 3506 } 3507 3508 CBS_init(&cbs, data, dlen); 3509 3510 if (tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3511 FAIL("client should not have parsed server cookie\n"); 3512 failure = 1; 3513 goto done; 3514 } 3515 3516 freezero(S3I(ssl)->hs_tls13.cookie, S3I(ssl)->hs_tls13.cookie_len); 3517 S3I(ssl)->hs_tls13.cookie = NULL; 3518 S3I(ssl)->hs_tls13.cookie_len = 0; 3519 3520 if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3521 FAIL("failed to parse server cookie\n"); 3522 failure = 1; 3523 goto done; 3524 } 3525 3526 if (memcmp(cookie, S3I(ssl)->hs_tls13.cookie, 3527 S3I(ssl)->hs_tls13.cookie_len) != 0) { 3528 FAIL("parsed server cookie does not match sent cookie\n"); 3529 failure = 1; 3530 goto done; 3531 } 3532 3533 if (CBS_len(&cbs) != 0) { 3534 FAIL("extension data remaining\n"); 3535 failure = 1; 3536 goto done; 3537 } 3538 3539 done: 3540 CBB_cleanup(&cbb); 3541 SSL_CTX_free(ssl_ctx); 3542 SSL_free(ssl); 3543 free(data); 3544 3545 return (failure); 3546 } 3547 3548 unsigned char *valid_hostnames[] = { 3549 "openbsd.org", 3550 "op3nbsd.org", 3551 "org", 3552 "3openbsd.com", 3553 "3-0penb-d.c-m", 3554 "a", 3555 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", 3556 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 3557 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 3558 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 3559 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 3560 NULL, 3561 }; 3562 3563 static int 3564 test_tlsext_valid_hostnames(void) 3565 { 3566 int i, failure = 0; 3567 3568 for (i = 0; valid_hostnames[i] != NULL; i++) { 3569 CBS cbs; 3570 CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i])); 3571 if (!tlsext_sni_is_valid_hostname(&cbs)) { 3572 FAIL("Valid hostname '%s' rejected\n", 3573 valid_hostnames[i]); 3574 failure = 1; 3575 goto done; 3576 } 3577 } 3578 done: 3579 return failure; 3580 } 3581 3582 unsigned char *invalid_hostnames[] = { 3583 "openbsd.org.", 3584 "openbsd..org", 3585 "openbsd.org-", 3586 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com", 3587 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 3588 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 3589 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa." 3590 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a", 3591 "-p3nbsd.org", 3592 "openbs-.org", 3593 "openbsd\n.org", 3594 "open_bsd.org", 3595 "open\178bsd.org", 3596 "open\255bsd.org", 3597 NULL, 3598 }; 3599 3600 static int 3601 test_tlsext_invalid_hostnames(void) 3602 { 3603 int i, failure = 0; 3604 CBS cbs; 3605 3606 for (i = 0; invalid_hostnames[i] != NULL; i++) { 3607 CBS_init(&cbs, invalid_hostnames[i], 3608 strlen(invalid_hostnames[i])); 3609 if (tlsext_sni_is_valid_hostname(&cbs)) { 3610 FAIL("Invalid hostname '%s' accepted\n", 3611 invalid_hostnames[i]); 3612 failure = 1; 3613 goto done; 3614 } 3615 } 3616 CBS_init(&cbs, valid_hostnames[0], 3617 strlen(valid_hostnames[0]) + 1); 3618 if (tlsext_sni_is_valid_hostname(&cbs)) { 3619 FAIL("hostname with NUL byte accepted\n"); 3620 failure = 1; 3621 goto done; 3622 } 3623 done: 3624 return failure; 3625 } 3626 3627 3628 int 3629 main(int argc, char **argv) 3630 { 3631 int failed = 0; 3632 3633 SSL_library_init(); 3634 SSL_load_error_strings(); 3635 3636 failed |= test_tlsext_alpn_client(); 3637 failed |= test_tlsext_alpn_server(); 3638 3639 failed |= test_tlsext_supportedgroups_client(); 3640 failed |= test_tlsext_supportedgroups_server(); 3641 3642 failed |= test_tlsext_ecpf_client(); 3643 failed |= test_tlsext_ecpf_server(); 3644 3645 failed |= test_tlsext_ri_client(); 3646 failed |= test_tlsext_ri_server(); 3647 3648 failed |= test_tlsext_sigalgs_client(); 3649 3650 failed |= test_tlsext_sni_client(); 3651 failed |= test_tlsext_sni_server(); 3652 3653 failed |= test_tlsext_ocsp_client(); 3654 failed |= test_tlsext_ocsp_server(); 3655 3656 failed |= test_tlsext_sessionticket_client(); 3657 failed |= test_tlsext_sessionticket_server(); 3658 3659 failed |= test_tlsext_versions_client(); 3660 failed |= test_tlsext_versions_server(); 3661 3662 failed |= test_tlsext_keyshare_client(); 3663 failed |= test_tlsext_keyshare_server(); 3664 3665 failed |= test_tlsext_cookie_client(); 3666 failed |= test_tlsext_cookie_server(); 3667 3668 #ifndef OPENSSL_NO_SRTP 3669 failed |= test_tlsext_srtp_client(); 3670 failed |= test_tlsext_srtp_server(); 3671 #else 3672 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n"); 3673 #endif 3674 3675 failed |= test_tlsext_clienthello_build(); 3676 failed |= test_tlsext_serverhello_build(); 3677 3678 failed |= test_tlsext_valid_hostnames(); 3679 failed |= test_tlsext_invalid_hostnames(); 3680 3681 return (failed); 3682 } 3683