src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2015-09-13 20:23:49 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2015-09-13 20:23:49 +0000
commit	3c465bd67e63b367ff9ed503cab86474a59eec40 (patch)
tree	9cfbe12441ea91b430b0e0e35a2afe121ac6a393 /regress/lib
parent	793153a8ea145903e543d9211fc86feea31a2d70 (diff)

Revise regression test so that it works correctly with AES taking priority

if hardware acceleration is available.

Diffstat (limited to 'regress/lib')

-rw-r--r--

regress/lib/libssl/client/clienttest.c

225

1 files changed, 191 insertions, 34 deletions

diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c
index bda2de9bef7..24215f0944f 100644
--- a/regress/lib/libssl/client/clienttest.c
+++ b/regress/lib/libssl/client/clienttest.c

@@ -23,8 +23,25 @@

#include <stdio.h>

#include <string.h>

-#define DTLS_RANDOM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH + 2)

-#define SSL3_RANDOM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH + 2)

+#define DTLS_HM_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)

+#define DTLS_RANDOM_OFFSET (DTLS_HM_OFFSET + 2)

+#define DTLS_CIPHER_OFFSET (DTLS_HM_OFFSET + 38)

+#define SSL3_HM_OFFSET (SSL3_RT_HEADER_LENGTH + SSL3_HM_HEADER_LENGTH)

+#define SSL3_RANDOM_OFFSET (SSL3_HM_OFFSET + 2)

+#define SSL3_CIPHER_OFFSET (SSL3_HM_OFFSET + 37)

+static unsigned char cipher_list_dtls1[] = {

+ 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,

+ 0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,

+ 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,

+ 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,

+ 0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,

+ 0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x12,

+ 0xc0, 0x08, 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d,

+ 0xc0, 0x03, 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12,

+ 0x00, 0x09, 0x00, 0xff,

+};

static unsigned char client_hello_dtls1[] = {

0x16, 0xfe, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00,

@@ -47,6 +64,19 @@ static unsigned char client_hello_dtls1[] = {

0x23, 0x00, 0x00,

};

+static unsigned char cipher_list_tls10[] = {

+ 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,

+ 0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,

+ 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,

+ 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,

+ 0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,

+ 0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,

+ 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,

+ 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,

+ 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,

+ 0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,

+};

static unsigned char client_hello_tls10[] = {

0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,

0xc3, 0x03, 0x01, 0x06, 0x6a, 0x3f, 0x0f, 0xf5,

@@ -76,6 +106,19 @@ static unsigned char client_hello_tls10[] = {

0x00, 0x23, 0x00, 0x00,

};

+static unsigned char cipher_list_tls11[] = {

+ 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0x00, 0x38,

+ 0xff, 0x85, 0x00, 0x88, 0x00, 0x87, 0x00, 0x81,

+ 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x35, 0x00, 0x84,

+ 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x33, 0x00, 0x32,

+ 0x00, 0x45, 0x00, 0x44, 0xc0, 0x0e, 0xc0, 0x04,

+ 0x00, 0x2f, 0x00, 0x41, 0x00, 0x07, 0xc0, 0x11,

+ 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02, 0x00, 0x05,

+ 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,

+ 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03, 0x00, 0x0a,

+ 0x00, 0x15, 0x00, 0x12, 0x00, 0x09, 0x00, 0xff,

+};

static unsigned char client_hello_tls11[] = {

0x16, 0x03, 0x01, 0x00, 0xc7, 0x01, 0x00, 0x00,

0xc3, 0x03, 0x02, 0x2f, 0x93, 0x9c, 0x37, 0x16,

@@ -105,6 +148,52 @@ static unsigned char client_hello_tls11[] = {

0x00, 0x23, 0x00, 0x00,

};

+static unsigned char cipher_list_tls12_aes[] = {

+ 0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,

+ 0xc0, 0x14, 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f,

+ 0x00, 0x6b, 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38,

+ 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0xff, 0x85,

+ 0x00, 0xc4, 0x00, 0xc3, 0x00, 0x88, 0x00, 0x87,

+ 0x00, 0x81, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a,

+ 0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d,

+ 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,

+ 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,

+ 0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,

+ 0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,

+ 0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,

+ 0xc0, 0x31, 0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25,

+ 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c,

+ 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0x00, 0x07,

+ 0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,

+ 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,

+ 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,

+ 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,

+ 0x00, 0xff,

+};

+static unsigned char cipher_list_tls12_chacha[] = {

+ 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0xc0, 0x30,

+ 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,

+ 0xc0, 0x0a, 0x00, 0xa3, 0x00, 0x9f, 0x00, 0x6b,

+ 0x00, 0x6a, 0x00, 0x39, 0x00, 0x38, 0xff, 0x85,

+ 0x00, 0xc4, 0x00, 0xc3, 0x00, 0x88, 0x00, 0x87,

+ 0x00, 0x81, 0xc0, 0x32, 0xc0, 0x2e, 0xc0, 0x2a,

+ 0xc0, 0x26, 0xc0, 0x0f, 0xc0, 0x05, 0x00, 0x9d,

+ 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00, 0x84,

+ 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0, 0x23,

+ 0xc0, 0x13, 0xc0, 0x09, 0x00, 0xa2, 0x00, 0x9e,

+ 0x00, 0x67, 0x00, 0x40, 0x00, 0x33, 0x00, 0x32,

+ 0x00, 0xbe, 0x00, 0xbd, 0x00, 0x45, 0x00, 0x44,

+ 0xc0, 0x31, 0xc0, 0x2d, 0xc0, 0x29, 0xc0, 0x25,

+ 0xc0, 0x0e, 0xc0, 0x04, 0x00, 0x9c, 0x00, 0x3c,

+ 0x00, 0x2f, 0x00, 0xba, 0x00, 0x41, 0x00, 0x07,

+ 0xc0, 0x11, 0xc0, 0x07, 0xc0, 0x0c, 0xc0, 0x02,

+ 0x00, 0x05, 0x00, 0x04, 0xc0, 0x12, 0xc0, 0x08,

+ 0x00, 0x16, 0x00, 0x13, 0xc0, 0x0d, 0xc0, 0x03,

+ 0x00, 0x0a, 0x00, 0x15, 0x00, 0x12, 0x00, 0x09,

+ 0x00, 0xff,

+};

static unsigned char client_hello_tls12[] = {

0x16, 0x03, 0x01, 0x01, 0x3b, 0x01, 0x00, 0x01,

0x37, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,

@@ -150,8 +239,7 @@ static unsigned char client_hello_tls12[] = {

struct client_hello_test {

const unsigned char *desc;

- const unsigned char *client_hello;

- const size_t client_hello_len;

+ const int protocol;

const size_t random_start;

const SSL_METHOD *(*ssl_method)(void);

const long ssl_options;

@@ -160,84 +248,73 @@ struct client_hello_test {

static struct client_hello_test client_hello_tests[] = {

{

.desc = "DTLSv1 client",

- .client_hello = client_hello_dtls1,

- .client_hello_len = sizeof(client_hello_dtls1),

+ .protocol = DTLS1_VERSION,

.random_start = DTLS_RANDOM_OFFSET,

.ssl_method = DTLSv1_client_method,

{

.desc = "TLSv1 client",

- .client_hello = client_hello_tls10,

- .client_hello_len = sizeof(client_hello_tls10),

+ .protocol = TLS1_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLSv1_client_method,

{

.desc = "TLSv1_1 client",

- .client_hello = client_hello_tls11,

- .client_hello_len = sizeof(client_hello_tls11),

+ .protocol = TLS1_1_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLSv1_1_client_method,

{

.desc = "TLSv1_2 client",

- .client_hello = client_hello_tls12,

- .client_hello_len = sizeof(client_hello_tls12),

+ .protocol = TLS1_2_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLSv1_2_client_method,

{

.desc = "SSLv23 default",

- .client_hello = client_hello_tls12,

- .client_hello_len = sizeof(client_hello_tls12),

+ .protocol = TLS1_2_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = SSLv23_client_method,

.ssl_options = 0,

{

.desc = "SSLv23 (no TLSv1.2)",

- .client_hello = client_hello_tls11,

- .client_hello_len = sizeof(client_hello_tls11),

+ .protocol = TLS1_1_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = SSLv23_client_method,

.ssl_options = SSL_OP_NO_TLSv1_2,

{

.desc = "SSLv23 (no TLSv1.1)",

- .client_hello = client_hello_tls10,

- .client_hello_len = sizeof(client_hello_tls10),

+ .protocol = TLS1_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = SSLv23_client_method,

.ssl_options = SSL_OP_NO_TLSv1_1,

{

.desc = "TLS default",

- .client_hello = client_hello_tls12,

- .client_hello_len = sizeof(client_hello_tls12),

+ .protocol = TLS1_2_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLS_client_method,

.ssl_options = 0,

{

.desc = "TLS (no TLSv1.2)",

- .client_hello = client_hello_tls11,

- .client_hello_len = sizeof(client_hello_tls11),

+ .protocol = TLS1_1_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLS_client_method,

.ssl_options = SSL_OP_NO_TLSv1_2,

{

.desc = "TLS (no TLSv1.1)",

- .client_hello = client_hello_tls10,

- .client_hello_len = sizeof(client_hello_tls10),

+ .protocol = TLS1_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLS_client_method,

.ssl_options = SSL_OP_NO_TLSv1_1,

{

.desc = "TLS (no TLSv1.0, no TLSv1.1)",

- .client_hello = client_hello_tls12,

- .client_hello_len = sizeof(client_hello_tls12),

+ .protocol = TLS1_2_VERSION,

.random_start = SSL3_RANDOM_OFFSET,

.ssl_method = TLS_client_method,

.ssl_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,

@@ -258,18 +335,92 @@ hexdump(const unsigned char *buf, size_t len)

fprintf(stderr, "\n");

}

+static inline int

+ssl_aes_is_accelerated(void)

+#if defined(__i386__) || defined(__x86_64__)

+ return ((OPENSSL_cpu_caps() & (1ULL << 57)) != 0);

+#else

+ return (0);

+#endif

+static int

+make_client_hello(int protocol, char **out, size_t *outlen)

+ size_t client_hello_len, cipher_list_len, cipher_list_offset;

+ const char *client_hello, *cipher_list;

+ char *p;

+ *out = NULL;

+ *outlen = 0;

+ switch (protocol) {

+ case DTLS1_VERSION:

+ client_hello = client_hello_dtls1;

+ client_hello_len = sizeof(client_hello_dtls1);

+ cipher_list = cipher_list_dtls1;

+ cipher_list_len = sizeof(cipher_list_dtls1);

+ cipher_list_offset = DTLS_CIPHER_OFFSET;

+ break;

+ case TLS1_VERSION:

+ client_hello = client_hello_tls10;

+ client_hello_len = sizeof(client_hello_tls10);

+ cipher_list = cipher_list_tls10;

+ cipher_list_len = sizeof(cipher_list_tls10);

+ cipher_list_offset = SSL3_CIPHER_OFFSET;

+ break;

+ case TLS1_1_VERSION:

+ client_hello = client_hello_tls11;

+ client_hello_len = sizeof(client_hello_tls11);

+ cipher_list = cipher_list_tls11;

+ cipher_list_len = sizeof(cipher_list_tls11);

+ cipher_list_offset = SSL3_CIPHER_OFFSET;

+ break;

+ case TLS1_2_VERSION:

+ client_hello = client_hello_tls12;

+ client_hello_len = sizeof(client_hello_tls12);

+ if (ssl_aes_is_accelerated() == 1)

+ cipher_list = cipher_list_tls12_aes;

+ else

+ cipher_list = cipher_list_tls12_chacha;

+ cipher_list_len = sizeof(cipher_list_tls12_chacha);

+ cipher_list_offset = SSL3_CIPHER_OFFSET;

+ break;

+ default:

+ return (-1);

+ }

+ if ((p = malloc(client_hello_len)) == NULL)

+ return (-1);

+ memcpy(p, client_hello, client_hello_len);

+ memcpy(p + cipher_list_offset, cipher_list, cipher_list_len);

+ *out = p;

+ *outlen = client_hello_len;

+ return (0);

static int

client_hello_test(int testno, struct client_hello_test *cht)

{

BIO *rbio = NULL, *wbio = NULL;

SSL_CTX *ssl_ctx = NULL;

SSL *ssl = NULL;

+ char *client_hello = NULL;

+ size_t client_hello_len;

char *wbuf, rbuf[1];

int ret = 1;

size_t i;

long len;

- fprintf(stdout, "Test %i - %s\n", testno, cht->desc);

+ fprintf(stderr, "Test %i - %s\n", testno, cht->desc);

/* Providing a small buf causes *_get_server_hello() to return. */

if ((rbio = BIO_new_mem_buf(rbuf, sizeof(rbuf))) == NULL) {

@@ -305,25 +456,29 @@ client_hello_test(int testno, struct client_hello_test *cht)

len = BIO_get_mem_data(wbio, &wbuf);

- if ((size_t)len != cht->client_hello_len) {

+ if (make_client_hello(cht->protocol, &client_hello,

+ &client_hello_len) != 0)

+ goto failure;

+ if ((size_t)len != client_hello_len) {

fprintf(stderr, "FAIL: test returned ClientHello length %li, "

- "want %zu\n", len, cht->client_hello_len);

+ "want %zu\n", len, client_hello_len);

fprintf(stderr, "received:\n");

hexdump(wbuf, len);

goto failure;

}

- /* Skip over the client random, since we expect that to differ. */

+ /* We expect the client random to differ. */

i = cht->random_start + SSL3_RANDOM_SIZE;

- if (memcmp(cht->client_hello, wbuf, cht->random_start) != 0 ||

- memcmp(&cht->client_hello[cht->random_start],

+ if (memcmp(client_hello, wbuf, cht->random_start) != 0 ||

+ memcmp(&client_hello[cht->random_start],

&wbuf[cht->random_start], SSL3_RANDOM_SIZE) == 0 ||

- memcmp(&cht->client_hello[i], &wbuf[i], len - i) != 0) {

+ memcmp(&client_hello[i], &wbuf[i], len - i) != 0) {

fprintf(stderr, "FAIL: ClientHello differs:\n");

fprintf(stderr, "received:\n");

hexdump(wbuf, len);

fprintf(stderr, "test data:\n");

- hexdump(cht->client_hello, cht->client_hello_len);

+ hexdump(client_hello, client_hello_len);

fprintf(stderr, "\n");

goto failure;

}

@@ -340,6 +495,8 @@ failure:

BIO_free(rbio);

BIO_free(wbio);

+ free(client_hello);

return (ret);

}