From 6cba937dcc0b029f99e14d10a198f87328f2f4db Mon Sep 17 00:00:00 2001 From: beck Date: Tue, 26 Oct 2021 14:34:02 +0000 Subject: [PATCH] Free memory on text exit to make asan quieter ok tb@ --- regress/lib/libssl/tlsext/tlsexttest.c | 136 +++++++++++++++---------- 1 file changed, 83 insertions(+), 53 deletions(-) diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 3fefeb9fa6b..1dc4ca4aa82 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.50 2021/10/26 06:24:47 jsing Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.51 2021/10/26 14:34:02 beck Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -1674,13 +1674,14 @@ test_tlsext_sni_client(void) failure = 1; - CBB_init(&cbb, 0); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + CBB_init(&cbb, 0); + if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SNI\n"); goto err; @@ -1701,8 +1702,10 @@ test_tlsext_sni_client(void) goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_sni_client)) { FAIL("got client SNI with length %zu, " @@ -1719,8 +1722,10 @@ test_tlsext_sni_client(void) goto err; } - if ((ssl->session = SSL_SESSION_new()) == NULL) - errx(1, "failed to create session"); + if ((ssl->session = SSL_SESSION_new()) == NULL) { + FAIL("failed to create session"); + goto err; + } ssl->internal->hit = 0; @@ -1749,9 +1754,12 @@ test_tlsext_sni_client(void) ssl->internal->hit = 1; + free(ssl->session->tlsext_hostname); if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == - NULL) - errx(1, "failed to strdup tlsext_hostname"); + NULL) { + FAIL("failed to strdup tlsext_hostname"); + goto err; + } CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { @@ -2252,7 +2260,7 @@ test_tlsext_sessionticket_server(void) /* Test disabling tickets. */ if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { FAIL("Cannot disable tickets in the TLS connection\n"); - return 0; + goto err; } if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket if it was disabled\n"); @@ -2262,7 +2270,7 @@ test_tlsext_sessionticket_server(void) /* Test re-enabling tickets. */ if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { FAIL("Cannot re-enable tickets in the TLS connection\n"); - return 0; + goto err; } if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket yet\n"); @@ -2293,6 +2301,7 @@ test_tlsext_sessionticket_server(void) failure = 0; err: + CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); SSL_free(ssl); @@ -2740,10 +2749,15 @@ test_tlsext_clienthello_build(void) if (!CBB_init(&cbb, 0)) errx(1, "failed to create CBB"); - if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) - errx(1, "failed to create SSL_CTX"); - if ((ssl = SSL_new(ssl_ctx)) == NULL) - errx(1, "failed to create SSL"); + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { + FAIL("failed to create SSL_CTX"); + goto err; + } + + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + FAIL("failed to create SSL"); + goto err; + } S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; @@ -2752,8 +2766,10 @@ test_tlsext_clienthello_build(void) FAIL("failed to build clienthello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_clienthello_default)) { FAIL("got clienthello extensions with length %zu, " @@ -2781,15 +2797,17 @@ test_tlsext_clienthello_build(void) } if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { FAIL("failed to disable session tickets\n"); - return 0; + goto err; } if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("failed to build clienthello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_clienthello_disabled)) { FAIL("got clienthello extensions with length %zu, " @@ -2842,12 +2860,18 @@ test_tlsext_serverhello_build(void) if (!CBB_init(&cbb, 0)) errx(1, "failed to create CBB"); - if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) - errx(1, "failed to create SSL_CTX"); - if ((ssl = SSL_new(ssl_ctx)) == NULL) - errx(1, "failed to create SSL"); - if ((ssl->session = SSL_SESSION_new()) == NULL) - errx(1, "failed to create session"); + if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) { + FAIL("failed to create SSL_CTX"); + goto err; + } + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + FAIL("failed to create SSL"); + goto err; + } + if ((ssl->session = SSL_SESSION_new()) == NULL) { + FAIL("failed to create session"); + goto err; + } S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; @@ -2858,8 +2882,10 @@ test_tlsext_serverhello_build(void) FAIL("failed to build serverhello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_serverhello_default)) { FAIL("got serverhello extensions with length %zu, " @@ -2885,8 +2911,10 @@ test_tlsext_serverhello_build(void) ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); ssl->internal->tlsext_status_expected = 1; ssl->internal->tlsext_ticket_expected = 1; - if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) - errx(1, "malloc failed"); + if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) { + FAIL("malloc failed"); + goto err; + } ssl->session->tlsext_ecpointformatlist_length = 1; ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; @@ -2895,8 +2923,10 @@ test_tlsext_serverhello_build(void) FAIL("failed to build serverhello extensions\n"); goto err; } - if (!CBB_finish(&cbb, &data, &dlen)) - errx(1, "failed to finish CBB"); + if (!CBB_finish(&cbb, &data, &dlen)) { + FAIL("failed to finish CBB"); + goto err; + } if (dlen != sizeof(tlsext_serverhello_enabled)) { FAIL("got serverhello extensions with length %zu, " @@ -3199,7 +3229,7 @@ test_tlsext_keyshare_server(void) unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; - int failure = 0; + int failure = 1; size_t dlen, idx; int alert; CBB cbb; @@ -3211,99 +3241,99 @@ test_tlsext_keyshare_server(void) 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, }; - CBB_init(&cbb, 0); - if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) errx(1, "failed to create SSL_CTX"); if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); + CBB_init(&cbb, 0); + S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need keyshare\n"); - failure = 1; goto done; } S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("client should not need keyshare\n"); - failure = 1; goto done; } if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) { FAIL("failed to find keyshare extension\n"); - failure = 1; goto done; } S3I(ssl)->hs.extensions_seen |= (1 << idx); if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need keyshare\n"); - failure = 1; goto done; } if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should not have built a keyshare response\n"); - failure = 1; goto done; } if ((S3I(ssl)->hs.tls13.key_share = - tls13_key_share_new_nid(NID_X25519)) == NULL) - errx(1, "failed to create key share"); - if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) - errx(1, "failed to generate key share"); + tls13_key_share_new_nid(NID_X25519)) == NULL) { + FAIL("failed to create key share"); + goto done; + } + + if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) { + FAIL("failed to generate key share"); + goto done; + } CBS_init(&cbs, bogokey, sizeof(bogokey)); + if (!tls13_key_share_peer_public(S3I(ssl)->hs.tls13.key_share, 0x001d, &cbs)) { FAIL("failed to load peer public key\n"); - failure = 1; goto done; } if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should be able to build a keyshare response\n"); - failure = 1; goto done; } if (!CBB_finish(&cbb, &data, &dlen)) { FAIL("failed to finish CBB\n"); - failure = 1; goto done; } if (dlen != sizeof(tlsext_keyshare_server)) { FAIL("got server keyshare with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); - failure = 1; goto done; } if ((S3I(ssl)->hs.tls13.key_share = - tls13_key_share_new_nid(NID_X25519)) == NULL) - errx(1, "failed to create key share"); - if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) - errx(1, "failed to generate key share"); + tls13_key_share_new_nid(NID_X25519)) == NULL) { + FAIL("failed to create key share"); + goto done; + } + if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) { + FAIL("failed to generate key share"); + goto done; + } CBS_init(&cbs, data, dlen); if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server keyshare\n"); - failure = 1; goto done; } if (CBS_len(&cbs) != 0) { FAIL("extension data remaining\n"); - failure = 1; goto done; } + failure = 0; done: CBB_cleanup(&cbb); SSL_CTX_free(ssl_ctx); -- 2.20.1