From: jsing Date: Sat, 5 Feb 2022 14:54:40 +0000 (+0000) Subject: Revise for S3I removal. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f315d67787e96bb02bdf8522576396ead264c78c;p=openbsd Revise for S3I removal. --- diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 69460740383..03ce7a95e94 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.58 2022/01/11 18:29:10 jsing Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.59 2022/02/05 14:54:40 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -150,7 +150,7 @@ test_tlsext_alpn_client(void) * 1) Set s->internal->alpn_client_proto_list * - Using SSL_set_alpn_protos() * 2) We have not finished or renegotiated. - * - S3I(s)->tmp.finish_md_len == 0 + * - s->s3->tmp.finish_md_len == 0 */ if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, sizeof(tlsext_alpn_single_proto_val)) != 0) { @@ -345,12 +345,12 @@ test_tlsext_alpn_server(void) * * This will be a plain name and separate length. */ - if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { + if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { errx(1, "failed to malloc"); } - memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name, + memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)); - S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); + ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ALPN after a protocol is selected\n"); @@ -412,23 +412,23 @@ test_tlsext_alpn_server(void) goto err; } - if (S3I(ssl)->alpn_selected_len != + if (ssl->s3->alpn_selected_len != sizeof(tlsext_alpn_single_proto_name)) { FAIL("got server ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_single_proto_name)); - compare_data(S3I(ssl)->alpn_selected, - S3I(ssl)->alpn_selected_len, + compare_data(ssl->s3->alpn_selected, + ssl->s3->alpn_selected_len, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)); goto err; } - if (memcmp(S3I(ssl)->alpn_selected, + if (memcmp(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)) != 0) { FAIL("server ALPN differs:\n"); - compare_data(S3I(ssl)->alpn_selected, - S3I(ssl)->alpn_selected_len, + compare_data(ssl->s3->alpn_selected, + ssl->s3->alpn_selected_len, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)); goto err; @@ -442,9 +442,9 @@ test_tlsext_alpn_server(void) /* Make sure we can remove the list and avoid ALPN */ - free(S3I(ssl)->alpn_selected); - S3I(ssl)->alpn_selected = NULL; - S3I(ssl)->alpn_selected_len = 0; + free(ssl->s3->alpn_selected); + ssl->s3->alpn_selected = NULL; + ssl->s3->alpn_selected_len = 0; if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ALPN by default\n"); @@ -1064,7 +1064,7 @@ test_tlsext_ecpf_server(void) errx(1, "failed to create session"); /* Setup the state so we can call needs. */ - if ((S3I(ssl)->hs.cipher = + if ((ssl->s3->hs.cipher = ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305)) == NULL) { FAIL("server cannot find cipher\n"); @@ -1311,11 +1311,11 @@ test_tlsext_ri_client(void) goto err; } - memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, + memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client, sizeof(tlsext_ri_prev_client)); - S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); + ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build RI\n"); @@ -1350,19 +1350,19 @@ test_tlsext_ri_client(void) goto err; } - if (S3I(ssl)->renegotiate_seen != 1) { + if (ssl->s3->renegotiate_seen != 1) { FAIL("renegotiate seen not set\n"); goto err; } - if (S3I(ssl)->send_connection_binding != 1) { + if (ssl->s3->send_connection_binding != 1) { FAIL("send connection binding not set\n"); goto err; } - memset(S3I(ssl)->previous_client_finished, 0, - sizeof(S3I(ssl)->previous_client_finished)); + memset(ssl->s3->previous_client_finished, 0, + sizeof(ssl->s3->previous_client_finished)); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { @@ -1371,7 +1371,7 @@ test_tlsext_ri_client(void) goto err; } - if (S3I(ssl)->renegotiate_seen == 1) { + if (ssl->s3->renegotiate_seen == 1) { FAIL("renegotiate seen set\n"); goto err; } @@ -1414,22 +1414,22 @@ test_tlsext_ri_server(void) goto err; } - S3I(ssl)->send_connection_binding = 1; + ssl->s3->send_connection_binding = 1; if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need RI\n"); goto err; } - memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, + memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client, sizeof(tlsext_ri_prev_client)); - S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); + ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client); - memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server, + memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server, sizeof(tlsext_ri_prev_server)); - S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server); + ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build RI\n"); @@ -1464,21 +1464,21 @@ test_tlsext_ri_server(void) goto err; } - if (S3I(ssl)->renegotiate_seen != 1) { + if (ssl->s3->renegotiate_seen != 1) { FAIL("renegotiate seen not set\n"); goto err; } - if (S3I(ssl)->send_connection_binding != 1) { + if (ssl->s3->send_connection_binding != 1) { FAIL("send connection binding not set\n"); goto err; } - memset(S3I(ssl)->previous_client_finished, 0, - sizeof(S3I(ssl)->previous_client_finished)); - memset(S3I(ssl)->previous_server_finished, 0, - sizeof(S3I(ssl)->previous_server_finished)); + memset(ssl->s3->previous_client_finished, 0, + sizeof(ssl->s3->previous_client_finished)); + memset(ssl->s3->previous_server_finished, 0, + sizeof(ssl->s3->previous_server_finished)); - S3I(ssl)->renegotiate_seen = 0; + ssl->s3->renegotiate_seen = 0; CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { @@ -1486,7 +1486,7 @@ test_tlsext_ri_server(void) goto err; } - if (S3I(ssl)->renegotiate_seen == 1) { + if (ssl->s3->renegotiate_seen == 1) { FAIL("renegotiate seen set\n"); goto err; } @@ -1531,7 +1531,7 @@ test_tlsext_sigalgs_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { fprintf(stderr, "FAIL: client should not need sigalgs\n"); @@ -1539,7 +1539,7 @@ test_tlsext_sigalgs_client(void) goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { fprintf(stderr, "FAIL: client should need sigalgs\n"); @@ -2773,8 +2773,8 @@ test_tlsext_clienthello_build(void) goto err; } - S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_min_tls_version = TLS1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("failed to build clienthello extensions\n"); @@ -2804,7 +2804,7 @@ test_tlsext_clienthello_build(void) CBB_init(&cbb, 0); /* Switch to TLSv1.1, disable EC ciphers and session tickets. */ - S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { FAIL("failed to set cipher list\n"); goto err; @@ -2887,9 +2887,9 @@ test_tlsext_serverhello_build(void) goto err; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; - S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; - S3I(ssl)->hs.cipher = + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; + ssl->s3->hs.cipher = ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { @@ -2920,8 +2920,8 @@ test_tlsext_serverhello_build(void) CBB_init(&cbb, 0); /* Turn a few things on so we get extensions... */ - S3I(ssl)->send_connection_binding = 1; - S3I(ssl)->hs.cipher = + ssl->s3->send_connection_binding = 1; + ssl->s3->hs.cipher = ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); ssl->internal->tlsext_status_expected = 1; ssl->internal->tlsext_ticket_expected = 1; @@ -2996,7 +2996,7 @@ test_tlsext_versions_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need versions\n"); @@ -3004,7 +3004,7 @@ test_tlsext_versions_client(void) goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need versions\n"); @@ -3012,7 +3012,7 @@ test_tlsext_versions_client(void) goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need versions\n"); @@ -3020,8 +3020,8 @@ test_tlsext_versions_client(void) goto done; } - S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_min_tls_version = TLS1_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built versions\n"); @@ -3082,7 +3082,7 @@ test_tlsext_versions_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need versions\n"); @@ -3090,7 +3090,7 @@ test_tlsext_versions_server(void) goto done; } - S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need versions\n"); @@ -3172,27 +3172,27 @@ test_tlsext_keyshare_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if ((S3I(ssl)->hs.key_share = + if ((ssl->s3->hs.key_share = tls_key_share_new_nid(NID_X25519)) == NULL) errx(1, "failed to create key share"); - if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) + if (!tls_key_share_generate(ssl->s3->hs.key_share)) errx(1, "failed to generate key share"); - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need keyshare\n"); failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need keyshare\n"); failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built keyshare\n"); failure = 1; @@ -3263,13 +3263,13 @@ test_tlsext_keyshare_server(void) CBB_init(&cbb, 0); - S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need keyshare\n"); goto done; } - S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; + ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("client should not need keyshare\n"); goto done; @@ -3279,7 +3279,7 @@ test_tlsext_keyshare_server(void) FAIL("failed to find keyshare extension\n"); goto done; } - S3I(ssl)->hs.extensions_seen |= (1 << idx); + ssl->s3->hs.extensions_seen |= (1 << idx); if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need keyshare\n"); @@ -3291,20 +3291,20 @@ test_tlsext_keyshare_server(void) goto done; } - if ((S3I(ssl)->hs.key_share = + if ((ssl->s3->hs.key_share = tls_key_share_new_nid(NID_X25519)) == NULL) { FAIL("failed to create key share"); goto done; } - if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) { + if (!tls_key_share_generate(ssl->s3->hs.key_share)) { FAIL("failed to generate key share"); goto done; } CBS_init(&cbs, bogokey, sizeof(bogokey)); - if (!tls_key_share_peer_public(S3I(ssl)->hs.key_share, &cbs, + if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs, &decode_error, NULL)) { FAIL("failed to load peer public key\n"); goto done; @@ -3326,12 +3326,12 @@ test_tlsext_keyshare_server(void) goto done; } - if ((S3I(ssl)->hs.key_share = + if ((ssl->s3->hs.key_share = tls_key_share_new_nid(NID_X25519)) == NULL) { FAIL("failed to create key share"); goto done; } - if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) { + if (!tls_key_share_generate(ssl->s3->hs.key_share)) { FAIL("failed to generate key share"); goto done; } @@ -3386,7 +3386,7 @@ test_tlsext_cookie_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need cookie\n"); failure = 1; @@ -3394,7 +3394,7 @@ test_tlsext_cookie_client(void) } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need cookie\n"); failure = 1; @@ -3402,8 +3402,8 @@ test_tlsext_cookie_client(void) } /* Normally would be set by receiving a server cookie in an HRR */ - S3I(ssl)->hs.tls13.cookie = strdup(cookie); - S3I(ssl)->hs.tls13.cookie_len = strlen(cookie); + ssl->s3->hs.tls13.cookie = strdup(cookie); + ssl->s3->hs.tls13.cookie_len = strlen(cookie); if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need cookie\n"); @@ -3474,14 +3474,14 @@ test_tlsext_cookie_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need cookie\n"); failure = 1; goto done; } - S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; + ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need cookie\n"); failure = 1; @@ -3489,8 +3489,8 @@ test_tlsext_cookie_server(void) } /* Normally would be set by server before sending HRR */ - S3I(ssl)->hs.tls13.cookie = strdup(cookie); - S3I(ssl)->hs.tls13.cookie_len = strlen(cookie); + ssl->s3->hs.tls13.cookie = strdup(cookie); + ssl->s3->hs.tls13.cookie_len = strlen(cookie); if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) { FAIL("server should need cookie\n"); @@ -3526,9 +3526,9 @@ test_tlsext_cookie_server(void) goto done; } - freezero(S3I(ssl)->hs.tls13.cookie, S3I(ssl)->hs.tls13.cookie_len); - S3I(ssl)->hs.tls13.cookie = NULL; - S3I(ssl)->hs.tls13.cookie_len = 0; + freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len); + ssl->s3->hs.tls13.cookie = NULL; + ssl->s3->hs.tls13.cookie_len = 0; if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server cookie\n"); @@ -3536,8 +3536,8 @@ test_tlsext_cookie_server(void) goto done; } - if (memcmp(cookie, S3I(ssl)->hs.tls13.cookie, - S3I(ssl)->hs.tls13.cookie_len) != 0) { + if (memcmp(cookie, ssl->s3->hs.tls13.cookie, + ssl->s3->hs.tls13.cookie_len) != 0) { FAIL("parsed server cookie does not match sent cookie\n"); failure = 1; goto done;