From: jsing <jsing@openbsd.org>
Date: Sun, 27 Jun 2021 16:55:46 +0000 (+0000)
Subject: Add test coverage for DTLSv1.2 client hellos.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=865abbcb146f359460308c3bd02279852e66cc3b;p=openbsd

Add test coverage for DTLSv1.2 client hellos.
---

diff --git a/regress/lib/libssl/client/clienttest.c b/regress/lib/libssl/client/clienttest.c
index 2770e9559c7..e797811e01f 100644
--- a/regress/lib/libssl/client/clienttest.c
+++ b/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: clienttest.c,v 1.31 2021/06/27 16:40:25 jsing Exp $ */
+/*	$OpenBSD: clienttest.c,v 1.32 2021/06/27 16:55:46 jsing Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  *
@@ -60,6 +60,63 @@ static const uint8_t client_hello_dtls1[] = {
 	0x00,
 };
 
+static const uint8_t cipher_list_dtls12_aes[] = {
+	0xc0, 0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24,
+	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b,
+	0x00, 0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa,
+	0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
+	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
+	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
+	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
+	0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
+	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
+	0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x0a, 0x00, 0xff
+};
+
+static const uint8_t cipher_list_dtls12_chacha[] = {
+	0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x30,
+	0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x14,
+	0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00, 0x39,
+	0xff, 0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81,
+	0x00, 0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0,
+	0x00, 0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27,
+	0xc0, 0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e,
+	0x00, 0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45,
+	0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba,
+	0x00, 0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
+	0x00, 0x0a, 0x00, 0xff,
+};
+
+static const uint8_t client_hello_dtls12[] = {
+	0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0xbe, 0x01, 0x00, 0x00,
+	0xb2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0xb2, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x54, 0xc0,
+	0x30, 0xc0, 0x2c, 0xc0, 0x28, 0xc0, 0x24, 0xc0,
+	0x14, 0xc0, 0x0a, 0x00, 0x9f, 0x00, 0x6b, 0x00,
+	0x39, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xff,
+	0x85, 0x00, 0xc4, 0x00, 0x88, 0x00, 0x81, 0x00,
+	0x9d, 0x00, 0x3d, 0x00, 0x35, 0x00, 0xc0, 0x00,
+	0x84, 0xc0, 0x2f, 0xc0, 0x2b, 0xc0, 0x27, 0xc0,
+	0x23, 0xc0, 0x13, 0xc0, 0x09, 0x00, 0x9e, 0x00,
+	0x67, 0x00, 0x33, 0x00, 0xbe, 0x00, 0x45, 0x00,
+	0x9c, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0xba, 0x00,
+	0x41, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16, 0x00,
+	0x0a, 0x00, 0xff, 0x01, 0x00, 0x00, 0x34, 0x00,
+	0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00,
+	0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00, 0x17, 0x00,
+	0x18, 0x00, 0x19, 0x00, 0x23, 0x00, 0x00, 0x00,
+	0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
+	0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
+	0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
+	0x01, 0x02, 0x03,
+};
+
 static const uint8_t cipher_list_tls10[] = {
 	0xc0, 0x14, 0xc0, 0x0a, 0x00, 0x39, 0xff, 0x85,
 	0x00, 0x88, 0x00, 0x81, 0x00, 0x35, 0x00, 0x84,
@@ -173,34 +230,60 @@ static const uint8_t client_hello_tls12[] = {
 };
 
 struct client_hello_test {
-	const uint8_t *desc;
+	const char *desc;
 	const int protocol;
 	const size_t random_start;
 	const SSL_METHOD *(*ssl_method)(void);
 	const long ssl_options;
 };
 
-static const struct client_hello_test client_hello_tests[] = {
+static struct client_hello_test client_hello_tests[] = {
 	{
-		.desc = "DTLSv1 client",
+		.desc = "DTLSv1 client method",
 		.protocol = DTLS1_VERSION,
 		.random_start = DTLS_RANDOM_OFFSET,
 		.ssl_method = DTLSv1_client_method,
 	},
 	{
-		.desc = "TLSv1 client",
+		.desc = "DTLSv1.2 client method",
+		.protocol = DTLS1_2_VERSION,
+		.random_start = DTLS_RANDOM_OFFSET,
+		.ssl_method = DTLSv1_2_client_method,
+	},
+	{
+		.desc = "DTLS client method",
+		.protocol = DTLS1_2_VERSION,
+		.random_start = DTLS_RANDOM_OFFSET,
+		.ssl_method = DTLS_client_method,
+	},
+	{
+		.desc = "DTLS client method (no DTLSv1.2)",
+		.protocol = DTLS1_VERSION,
+		.random_start = DTLS_RANDOM_OFFSET,
+		.ssl_method = DTLS_client_method,
+		.ssl_options = SSL_OP_NO_DTLSv1_2,
+	},
+	{
+		.desc = "DTLS client method (no DTLSv1.0)",
+		.protocol = DTLS1_2_VERSION,
+		.random_start = DTLS_RANDOM_OFFSET,
+		.ssl_method = DTLS_client_method,
+		.ssl_options = SSL_OP_NO_DTLSv1,
+	},
+	{
+		.desc = "TLSv1 client method",
 		.protocol = TLS1_VERSION,
 		.random_start = SSL3_RANDOM_OFFSET,
 		.ssl_method = TLSv1_client_method,
 	},
 	{
-		.desc = "TLSv1_1 client",
+		.desc = "TLSv1_1 client method",
 		.protocol = TLS1_1_VERSION,
 		.random_start = SSL3_RANDOM_OFFSET,
 		.ssl_method = TLSv1_1_client_method,
 	},
 	{
-		.desc = "TLSv1_2 client",
+		.desc = "TLSv1_2 client method",
 		.protocol = TLS1_2_VERSION,
 		.random_start = SSL3_RANDOM_OFFSET,
 		.ssl_method = TLSv1_2_client_method,
@@ -332,6 +415,18 @@ make_client_hello(int protocol, char **out, size_t *outlen)
 		cipher_list_offset = DTLS_CIPHER_OFFSET;
 		break;
 
+	case DTLS1_2_VERSION:
+		client_hello = client_hello_dtls12;
+		client_hello_len = sizeof(client_hello_dtls12);
+		cipher_list = cipher_list_dtls12_chacha;
+		cipher_list_len = sizeof(cipher_list_dtls12_chacha);
+		if (ssl_aes_is_accelerated()) {
+			cipher_list = cipher_list_dtls12_aes;
+			cipher_list_len = sizeof(cipher_list_dtls12_aes);
+		}
+		cipher_list_offset = DTLS_CIPHER_OFFSET;
+		break;
+
 	case TLS1_VERSION:
 		client_hello = client_hello_tls10;
 		client_hello_len = sizeof(client_hello_tls10);