-/* $OpenBSD: tlsexttest.c,v 1.69 2022/08/05 16:51:11 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.70 2022/08/05 17:03:33 tb Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
int failure, alert;
size_t dlen;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
- failure = 1;
-
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
int failure, alert;
size_t dlen;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
- failure = 1;
-
if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
FAIL("parsed invalid client RI\n");
- failure = 1;
goto err;
}
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
fprintf(stderr, "FAIL: client should not need sigalgs\n");
- failure = 1;
goto done;
}
if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
fprintf(stderr, "FAIL: client should need sigalgsn");
- failure = 1;
goto done;
}
if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
fprintf(stderr, "FAIL: client failed to build sigalgsn");
- failure = 1;
goto done;
}
if (dlen != sizeof(tlsext_sigalgs_client)) {
fprintf(stderr, "FAIL: got client sigalgs length %zu, "
"want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
- failure = 1;
goto done;
}
hexdump(data, dlen);
fprintf(stderr, "test data:\n");
hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
- failure = 1;
goto done;
}
CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
fprintf(stderr, "FAIL: failed to parse client SNI\n");
- failure = 1;
goto done;
}
if (CBS_len(&cbs) != 0) {
goto done;
}
+ failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
fprintf(stderr, "FAIL: server should not need sigalgs\n");
- failure = 1;
goto done;
}
if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
fprintf(stderr, "FAIL: server should not build sigalgs\n");
- failure = 1;
goto done;
}
CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
fprintf(stderr, "FAIL: server should not parse sigalgs\n");
- failure = 1;
goto done;
}
+ failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
failure = 1;
-
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
size_t dlen;
CBB cbb;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
- failure = 1;
-
if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
int failure, alert;
size_t dlen;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
- failure = 1;
-
/* SRTP is for DTLS */
if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
int failure, alert;
size_t dlen;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
- failure = 1;
-
/* SRTP is for DTLS */
if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need versions\n");
- failure = 1;
goto done;
}
if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need versions\n");
- failure = 1;
goto done;
}
if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should need versions\n");
- failure = 1;
goto done;
}
if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("client should have built versions\n");
- failure = 1;
goto done;
}
if (!CBB_finish(&cbb, &data, &dlen)) {
FAIL("failed to finish CBB\n");
- failure = 1;
goto done;
}
if (dlen != sizeof(tlsext_versions_client)) {
FAIL("got versions with length %zu, "
"want length %zu\n", dlen, sizeof(tlsext_versions_client));
- failure = 1;
goto done;
}
CBS_init(&cbs, data, dlen);
if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
FAIL("failed to parse client versions\n");
- failure = 1;
goto done;
}
if (CBS_len(&cbs) != 0) {
FAIL("extension data remaining\n");
- failure = 1;
goto done;
}
+
+ failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need versions\n");
- failure = 1;
goto done;
}
if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should need versions\n");
- failure = 1;
goto done;
}
if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
FAIL("server should have built versions\n");
- failure = 1;
goto done;
}
if (!CBB_finish(&cbb, &data, &dlen)) {
FAIL("failed to finish CBB\n");
- failure = 1;
goto done;
}
if (dlen != sizeof(tlsext_versions_server)) {
FAIL("got versions with length %zu, "
"want length %zu\n", dlen, sizeof(tlsext_versions_server));
- failure = 1;
goto done;
}
CBS_init(&cbs, data, dlen);
if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("failed to parse client versions\n");
- failure = 1;
goto done;
}
if (CBS_len(&cbs) != 0) {
FAIL("extension data remaining\n");
- failure = 1;
goto done;
}
+
+ failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need keyshare\n");
- failure = 1;
goto done;
}
ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should need keyshare\n");
- failure = 1;
goto done;
}
ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("client should have built keyshare\n");
- failure = 1;
goto done;
}
if (!CBB_finish(&cbb, &data, &dlen)) {
FAIL("failed to finish CBB\n");
- failure = 1;
goto done;
}
if (dlen != sizeof(tlsext_keyshare_client)) {
FAIL("got client keyshare with length %zu, "
"want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client));
- failure = 1;
goto done;
}
if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
FAIL("failed to parse client keyshare\n");
- failure = 1;
goto done;
}
if (CBS_len(&cbs) != 0) {
FAIL("extension data remaining\n");
- failure = 1;
goto done;
}
+ failure = 0;
done:
CBB_cleanup(&cbb);
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
int decode_error;
- int failure = 1;
+ int failure;
size_t dlen, idx;
int alert;
CBB cbb;
0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22,
};
+ failure = 1;
+
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
}
failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need cookie\n");
- failure = 1;
goto done;
}
ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need cookie\n");
- failure = 1;
goto done;
}
if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should need cookie\n");
- failure = 1;
goto done;
}
if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("client should have built a cookie response\n");
- failure = 1;
goto done;
}
if (!CBB_finish(&cbb, &data, &dlen)) {
FAIL("failed to finish CBB\n");
- failure = 1;
goto done;
}
FAIL("got cookie with length %zu, "
"want length %zu\n", dlen, strlen(cookie) +
sizeof(uint16_t));
- failure = 1;
goto done;
}
/* Checks cookie against what's in the hs.tls13 */
if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
FAIL("failed to parse client cookie\n");
- failure = 1;
goto done;
}
if (CBS_len(&cbs) != 0) {
FAIL("extension data remaining\n");
- failure = 1;
goto done;
}
+ failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
SSL *ssl = NULL;
const struct tls_extension_funcs *client_funcs;
const struct tls_extension_funcs *server_funcs;
- int failure = 0;
+ int failure;
size_t dlen;
int alert;
CBB cbb;
CBS cbs;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need cookie\n");
- failure = 1;
goto done;
}
ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need cookie\n");
- failure = 1;
goto done;
}
if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) {
FAIL("server should need cookie\n");
- failure = 1;
goto done;
}
if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) {
FAIL("server should have built a cookie response\n");
- failure = 1;
goto done;
}
if (!CBB_finish(&cbb, &data, &dlen)) {
FAIL("failed to finish CBB\n");
- failure = 1;
goto done;
}
FAIL("got cookie with length %zu, "
"want length %zu\n", dlen, strlen(cookie) +
sizeof(uint16_t));
- failure = 1;
goto done;
}
if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("client should not have parsed server cookie\n");
- failure = 1;
goto done;
}
if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("failed to parse server cookie\n");
- failure = 1;
goto done;
}
if (memcmp(cookie, ssl->s3->hs.tls13.cookie,
ssl->s3->hs.tls13.cookie_len) != 0) {
FAIL("parsed server cookie does not match sent cookie\n");
- failure = 1;
goto done;
}
if (CBS_len(&cbs) != 0) {
FAIL("extension data remaining\n");
- failure = 1;
goto done;
}
+ failure = 0;
+
done:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
CBS cbs;
int alert;
+ failure = 1;
+
if (!CBB_init(&cbb, 0))
errx(1, "Failed to create CBB");
- failure = 1;
-
if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL)
errx(1, "failed to create SSL_CTX");
if ((ssl = SSL_new(ssl_ctx)) == NULL)
}
failure = 0;
+
err:
CBB_cleanup(&cbb);
SSL_CTX_free(ssl_ctx);
}
failure = 0;
+
err:
SSL_CTX_free(ssl_ctx);
SSL_free(ssl);
static int
test_tlsext_is_valid_hostname(const struct tls_sni_test *tst)
{
- int failure = 0;
+ int failure;
int is_ip;
CBS cbs;
+ failure = 1;
+
CBS_init(&cbs, tst->hostname, strlen(tst->hostname));
if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) {
if (tst->valid) {
FAIL("Invalid hostname '%s' accepted\n",
tst->hostname);
}
- failure = 1;
goto done;
}
if (tst->is_ip != is_ip) {
FAIL("Hostname '%s' is not an IP literal but is "
"identified as one\n", tst->hostname);
}
- failure = 1;
goto done;
}
strlen(tst->hostname) + 1);
if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
FAIL("hostname with NUL byte accepted\n");
- failure = 1;
goto done;
}
}
+
+ failure = 0;
+
done:
+
return failure;
}
projects / openbsd / commitdiff