Add an initial TLS client regress, which currently covers ClientHello

message generation.

3 files changed, 369 insertions, 1 deletions

diff --git a/regress/lib/libssl/Makefile b/regress/lib/libssl/Makefile
index 7c2d92e3400..79232bcf392 100644
--- a/regress/lib/libssl/Makefile
+++ b/regress/lib/libssl/Makefile
@@ -1,9 +1,10 @@
-#	$OpenBSD: Makefile,v 1.22 2015/06/28 00:08:27 doug Exp $
+#	$OpenBSD: Makefile,v 1.23 2015/09/01 17:02:17 jsing Exp $
 
 SUBDIR= \
 	asn1 \
 	bytestring \
 	ciphers \
+	client \
 	ssl \
 	unit
 
diff --git a/regress/lib/libssl/client/Makefile b/regress/lib/libssl/client/Makefile
new file mode 100644
index 00000000000..4f99f0e97cd
--- /dev/null
+++ b/regress/lib/libssl/client/Makefile
@@ -0,0 +1,9 @@
+#	$OpenBSD: Makefile,v 1.1 2015/09/01 17:02:18 jsing Exp $
+
+PROG=	clienttest
+LDADD=	-lssl -lcrypto
+DPADD=	${LIBSSL} ${LIBCRYPTO}
+WARNINGS=	Yes
+CFLAGS+=	-DLIBRESSL_INTERNAL -Werror
+
+.include <bsd.regress.mk>
diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c
new file mode 100644
index 00000000000..bda2de9bef7
--- /dev/null
+++ b/regress/lib/libssl/client/clienttest.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/ssl.h>
+
+#include <openssl/dtls1.h>
+#include <openssl/ssl3.h>
+
+#include <err.h>
+#include <stdio.h>
+#include <string.h>
+
+#define DTLS_RANDOM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH + 2)
+#define SSL3_RANDOM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH + 2)
+
+static unsigned char client_hello_dtls1[] = {
+	0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x7e, 0x01, 0x00, 0x00,
+	0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x72, 0xfe, 0xff, 0xc3, 0xd6, 0x19, 0xf8, 0x5d,
+	0x6a, 0xe3, 0x6d, 0x16, 0x4a, 0xf7, 0x8f, 0x8e,
+	0x4a, 0x12, 0x87, 0xcf, 0x07, 0x99, 0xa7, 0x92,
+	0x40, 0xbd, 0x06, 0x9f, 0xe9, 0xd2, 0x68, 0x84,
+	0xff, 0x6f, 0xe8, 0x00, 0x00, 0x00, 0x44, 0xc0,
+	0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff,
+	0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0,
+	0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0,
+	0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32, 0x00,
+	0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00,
+	0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x12, 0xc0,
+	0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0,
+	0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00,
+	0x09, 0x00, 0xff, 0x01, 0x00, 0x00, 0x04, 0x00,
+	0x23, 0x00, 0x00,
+};
+
+static unsigned char client_hello_tls10[] = {
+	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
+	0xc3, 0x03, 0x01, 0x06, 0x6a, 0x3f, 0x0f, 0xf5,
+	0x19, 0x64, 0x2d, 0xfd, 0xb1, 0x4a, 0x91, 0xcd,
+	0x65, 0x37, 0xf8, 0x51, 0x92, 0xf9, 0xbf, 0xe9,
+	0x46, 0x41, 0x2e, 0x0a, 0x4d, 0xb1, 0xa8, 0x0c,
+	0x88, 0xec, 0x03, 0x00, 0x00, 0x50, 0xc0, 0x14,
+	0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
+	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0, 0x0f,
+	0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0x33, 0x00, 0x32, 0x00, 0x45,
+	0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x2f,
+	0x00, 0x41, 0x00, 0x07, 0xc0, 0x11, 0xc0, 0x07,
+	0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04,
+	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13,
+	0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15,
+	0x00, 0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00,
+	0x00, 0x4a, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00,
+	0x01, 0x02, 0x00, 0x0a, 0x00, 0x3a, 0x00, 0x38,
+	0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x1c,
+	0x00, 0x0b, 0x00, 0x0c, 0x00, 0x1b, 0x00, 0x18,
+	0x00, 0x09, 0x00, 0x0a, 0x00, 0x1a, 0x00, 0x16,
+	0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,
+	0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,
+	0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,
+	0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,
+	0x00, 0x23, 0x00, 0x00,
+};
+
+static unsigned char client_hello_tls11[] = {
+	0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,
+	0xc3, 0x03, 0x02, 0x2f, 0x93, 0x9c, 0x37, 0x16,
+	0x88, 0x53, 0xa1, 0xba, 0xb2, 0x36, 0xc9, 0xdf,
+	0xa4, 0x5f, 0x80, 0x6a, 0x8b, 0xfe, 0x00, 0x52,
+	0xd3, 0xd2, 0x68, 0x2a, 0xae, 0xca, 0x72, 0xae,
+	0x70, 0x77, 0x84, 0x00, 0x00, 0x50, 0xc0, 0x14,
+	0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,
+	0x00, 0x88, 0x00, 0x87, 0x00, 0x81, 0xc0, 0x0f,
+	0xc0, 0x05, 0x00, 0x35, 0x00, 0x84, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0x33, 0x00, 0x32, 0x00, 0x45,
+	0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x2f,
+	0x00, 0x41, 0x00, 0x07, 0xc0, 0x11, 0xc0, 0x07,
+	0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05, 0x00, 0x04,
+	0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13,
+	0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15,
+	0x00, 0x12, 0x00, 0x09, 0x00, 0xff, 0x01, 0x00,
+	0x00, 0x4a, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00,
+	0x01, 0x02, 0x00, 0x0a, 0x00, 0x3a, 0x00, 0x38,
+	0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19, 0x00, 0x1c,
+	0x00, 0x0b, 0x00, 0x0c, 0x00, 0x1b, 0x00, 0x18,
+	0x00, 0x09, 0x00, 0x0a, 0x00, 0x1a, 0x00, 0x16,
+	0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,
+	0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,
+	0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,
+	0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,
+	0x00, 0x23, 0x00, 0x00,
+};
+
+static unsigned char client_hello_tls12[] = {
+	0x16, 0x03, 0x01, 0x01, 0x3b, 0x01, 0x00, 0x01,
+	0x37, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x9a, 0xcc, 0x14,
+	0xcc, 0x13, 0xcc, 0x15, 0xc0, 0x30, 0xc0, 0x2c,
+	0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14, 0xc0, 0x0a,
+	0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x6a,
+	0x00, 0x39, 0x00, 0x38, 0xff, 0x85, 0x00, 0xc4,
+	0x00, 0xc3, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,
+	0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a, 0xc0, 0x26,
+	0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d, 0x00, 0x3d,
+	0x00, 0x35, 0x00, 0xc0, 0x00, 0x84, 0xc0, 0x2f,
+	0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x13,
+	0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e, 0x00, 0x67,
+	0x00, 0x40, 0x00, 0x33, 0x00, 0x32, 0x00, 0xbe,
+	0x00, 0xbd, 0x00, 0x45, 0x00, 0x44, 0xc0, 0x31,
+	0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25, 0xc0, 0x0e,
+	0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
+	0x00, 0xba, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,
+	0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,
+	0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,
+	0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,
+	0x01, 0x00, 0x00, 0x74, 0x00, 0x0b, 0x00, 0x04,
+	0x03, 0x00, 0x01, 0x02, 0x00, 0x0a, 0x00, 0x3a,
+	0x00, 0x38, 0x00, 0x0e, 0x00, 0x0d, 0x00, 0x19,
+	0x00, 0x1c, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x1b,
+	0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x1a,
+	0x00, 0x16, 0x00, 0x17, 0x00, 0x08, 0x00, 0x06,
+	0x00, 0x07, 0x00, 0x14, 0x00, 0x15, 0x00, 0x04,
+	0x00, 0x05, 0x00, 0x12, 0x00, 0x13, 0x00, 0x01,
+	0x00, 0x02, 0x00, 0x03, 0x00, 0x0f, 0x00, 0x10,
+	0x00, 0x11, 0x00, 0x23, 0x00, 0x00, 0x00, 0x0d,
+	0x00, 0x26, 0x00, 0x24, 0x06, 0x01, 0x06, 0x02,
+	0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x02,
+	0x05, 0x03, 0x04, 0x01, 0x04, 0x02, 0x04, 0x03,
+	0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x02,
+	0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
+};
+
+struct client_hello_test {
+	const unsigned char *desc;
+	const unsigned char *client_hello;
+	const size_t client_hello_len;
+	const size_t random_start;
+	const SSL_METHOD *(*ssl_method)(void);
+	const long ssl_options;
+};
+
+static struct client_hello_test client_hello_tests[] = {
+	{
+		.desc = "DTLSv1 client",
+		.client_hello = client_hello_dtls1,
+		.client_hello_len = sizeof(client_hello_dtls1),
+		.random_start = DTLS_RANDOM_OFFSET,
+		.ssl_method = DTLSv1_client_method,
+	},
+	{
+		.desc = "TLSv1 client",
+		.client_hello = client_hello_tls10,
+		.client_hello_len = sizeof(client_hello_tls10),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLSv1_client_method,
+	},
+	{
+		.desc = "TLSv1_1 client",
+		.client_hello = client_hello_tls11,
+		.client_hello_len = sizeof(client_hello_tls11),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLSv1_1_client_method,
+	},
+	{
+		.desc = "TLSv1_2 client",
+		.client_hello = client_hello_tls12,
+		.client_hello_len = sizeof(client_hello_tls12),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLSv1_2_client_method,
+	},
+	{
+		.desc = "SSLv23 default",
+		.client_hello = client_hello_tls12,
+		.client_hello_len = sizeof(client_hello_tls12),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = SSLv23_client_method,
+		.ssl_options = 0,
+	},
+	{
+		.desc = "SSLv23 (no TLSv1.2)",
+		.client_hello = client_hello_tls11,
+		.client_hello_len = sizeof(client_hello_tls11),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = SSLv23_client_method,
+		.ssl_options = SSL_OP_NO_TLSv1_2,
+	},
+	{
+		.desc = "SSLv23 (no TLSv1.1)",
+		.client_hello = client_hello_tls10,
+		.client_hello_len = sizeof(client_hello_tls10),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = SSLv23_client_method,
+		.ssl_options = SSL_OP_NO_TLSv1_1,
+	},
+	{
+		.desc = "TLS default",
+		.client_hello = client_hello_tls12,
+		.client_hello_len = sizeof(client_hello_tls12),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLS_client_method,
+		.ssl_options = 0,
+	},
+	{
+		.desc = "TLS (no TLSv1.2)",
+		.client_hello = client_hello_tls11,
+		.client_hello_len = sizeof(client_hello_tls11),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLS_client_method,
+		.ssl_options = SSL_OP_NO_TLSv1_2,
+	},
+	{
+		.desc = "TLS (no TLSv1.1)",
+		.client_hello = client_hello_tls10,
+		.client_hello_len = sizeof(client_hello_tls10),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLS_client_method,
+		.ssl_options = SSL_OP_NO_TLSv1_1,
+	},
+	{
+		.desc = "TLS (no TLSv1.0, no TLSv1.1)",
+		.client_hello = client_hello_tls12,
+		.client_hello_len = sizeof(client_hello_tls12),
+		.random_start = SSL3_RANDOM_OFFSET,
+		.ssl_method = TLS_client_method,
+		.ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
+	},
+};
+
+#define N_CLIENT_HELLO_TESTS \
+    (sizeof(client_hello_tests) / sizeof(*client_hello_tests))
+
+static void
+hexdump(const unsigned char *buf, size_t len)
+{
+	size_t i;
+
+	for (i = 1; i <= len; i++)
+		fprintf(stderr, " 0x%02hhx,%s", buf[i - 1], i % 8 ? "" : "\n");
+
+	fprintf(stderr, "\n");
+}
+
+static int
+client_hello_test(int testno, struct client_hello_test *cht)
+{
+	BIO *rbio = NULL, *wbio = NULL;
+	SSL_CTX *ssl_ctx = NULL;
+	SSL *ssl = NULL;
+	char *wbuf, rbuf[1];
+	int ret = 1;
+	size_t i;
+	long len;
+
+	fprintf(stdout, "Test %i - %s\n", testno, cht->desc);
+
+	/* Providing a small buf causes *_get_server_hello() to return. */
+	if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {
+		fprintf(stderr, "Failed to setup rbio\n");
+		goto failure;
+	}
+	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
+		fprintf(stderr, "Failed to setup wbio\n");
+		goto failure;
+	}
+
+	if ((ssl_ctx = SSL_CTX_new(cht->ssl_method())) == NULL) {
+		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
+		goto failure;
+	}
+
+	SSL_CTX_set_options(ssl_ctx, cht->ssl_options);
+
+	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
+		fprintf(stderr, "SSL_new() returned NULL\n");
+		goto failure;
+	}
+
+	rbio->references = 2;
+	wbio->references = 2;
+
+	SSL_set_bio(ssl, rbio, wbio);
+	
+	if (SSL_connect(ssl) != 0) {
+		fprintf(stderr, "SSL_connect() returned non-zero\n");
+		goto failure;
+	}
+
+	len = BIO_get_mem_data(wbio, &wbuf);
+
+	if ((size_t)len != cht->client_hello_len) {
+		fprintf(stderr, "FAIL: test returned ClientHello length %li, "
+		    "want %zu\n", len, cht->client_hello_len);
+		fprintf(stderr, "received:\n");
+		hexdump(wbuf, len);
+		goto failure;
+	}
+
+	/* Skip over the client random, since we expect that to differ. */
+	i = cht->random_start + SSL3_RANDOM_SIZE;
+	if (memcmp(cht->client_hello, wbuf, cht->random_start) != 0 ||
+	    memcmp(&cht->client_hello[cht->random_start],
+		&wbuf[cht->random_start], SSL3_RANDOM_SIZE) == 0 ||
+	    memcmp(&cht->client_hello[i], &wbuf[i], len - i) != 0) {
+		fprintf(stderr, "FAIL: ClientHello differs:\n");
+		fprintf(stderr, "received:\n");
+		hexdump(wbuf, len);
+		fprintf(stderr, "test data:\n");
+		hexdump(cht->client_hello, cht->client_hello_len);
+		fprintf(stderr, "\n");
+		goto failure;
+	}
+	
+	ret = 0;
+
+failure:
+	SSL_CTX_free(ssl_ctx);
+	SSL_free(ssl);
+
+	rbio->references = 1;
+	wbio->references = 1;
+
+	BIO_free(rbio);
+	BIO_free(wbio);
+
+	return (ret);
+}
+
+int
+main(int argc, char **argv)
+{
+	int failed = 0;
+	size_t i;
+
+	SSL_library_init();
+
+	for (i = 0; i < N_CLIENT_HELLO_TESTS; i++)
+		failed |= client_hello_test(i, &client_hello_tests[i]);
+
+	return (failed);
+}