diff options
| author | beck <> | 2021-10-26 14:34:02 +0000 |
|---|---|---|
| committer | beck <> | 2021-10-26 14:34:02 +0000 |
| commit | 58f0e9a0a11f944d9048084865ec2ca3c7b6b76c (patch) | |
| tree | ff4e9bb85a31f023442a15be987673f60d4aaad0 | |
| parent | fc6251316e7e29195a4a03ea15c06dd55939cebb (diff) | |
| download | openbsd-58f0e9a0a11f944d9048084865ec2ca3c7b6b76c.tar.gz openbsd-58f0e9a0a11f944d9048084865ec2ca3c7b6b76c.tar.bz2 openbsd-58f0e9a0a11f944d9048084865ec2ca3c7b6b76c.zip | |
Free memory on text exit to make asan quieter
ok tb@
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 136 |
1 files changed, 83 insertions, 53 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 3fefeb9fa6..1dc4ca4aa8 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.50 2021/10/26 06:24:47 jsing Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.51 2021/10/26 14:34:02 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -1674,13 +1674,14 @@ test_tlsext_sni_client(void) | |||
| 1674 | 1674 | ||
| 1675 | failure = 1; | 1675 | failure = 1; |
| 1676 | 1676 | ||
| 1677 | CBB_init(&cbb, 0); | ||
| 1678 | 1677 | ||
| 1679 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 1678 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
| 1680 | errx(1, "failed to create SSL_CTX"); | 1679 | errx(1, "failed to create SSL_CTX"); |
| 1681 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 1680 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| 1682 | errx(1, "failed to create SSL"); | 1681 | errx(1, "failed to create SSL"); |
| 1683 | 1682 | ||
| 1683 | CBB_init(&cbb, 0); | ||
| 1684 | |||
| 1684 | if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { | 1685 | if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 1685 | FAIL("client should not need SNI\n"); | 1686 | FAIL("client should not need SNI\n"); |
| 1686 | goto err; | 1687 | goto err; |
| @@ -1701,8 +1702,10 @@ test_tlsext_sni_client(void) | |||
| 1701 | goto err; | 1702 | goto err; |
| 1702 | } | 1703 | } |
| 1703 | 1704 | ||
| 1704 | if (!CBB_finish(&cbb, &data, &dlen)) | 1705 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 1705 | errx(1, "failed to finish CBB"); | 1706 | FAIL("failed to finish CBB"); |
| 1707 | goto err; | ||
| 1708 | } | ||
| 1706 | 1709 | ||
| 1707 | if (dlen != sizeof(tlsext_sni_client)) { | 1710 | if (dlen != sizeof(tlsext_sni_client)) { |
| 1708 | FAIL("got client SNI with length %zu, " | 1711 | FAIL("got client SNI with length %zu, " |
| @@ -1719,8 +1722,10 @@ test_tlsext_sni_client(void) | |||
| 1719 | goto err; | 1722 | goto err; |
| 1720 | } | 1723 | } |
| 1721 | 1724 | ||
| 1722 | if ((ssl->session = SSL_SESSION_new()) == NULL) | 1725 | if ((ssl->session = SSL_SESSION_new()) == NULL) { |
| 1723 | errx(1, "failed to create session"); | 1726 | FAIL("failed to create session"); |
| 1727 | goto err; | ||
| 1728 | } | ||
| 1724 | 1729 | ||
| 1725 | ssl->internal->hit = 0; | 1730 | ssl->internal->hit = 0; |
| 1726 | 1731 | ||
| @@ -1749,9 +1754,12 @@ test_tlsext_sni_client(void) | |||
| 1749 | 1754 | ||
| 1750 | ssl->internal->hit = 1; | 1755 | ssl->internal->hit = 1; |
| 1751 | 1756 | ||
| 1757 | free(ssl->session->tlsext_hostname); | ||
| 1752 | if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == | 1758 | if ((ssl->session->tlsext_hostname = strdup("notthesame.libressl.org")) == |
| 1753 | NULL) | 1759 | NULL) { |
| 1754 | errx(1, "failed to strdup tlsext_hostname"); | 1760 | FAIL("failed to strdup tlsext_hostname"); |
| 1761 | goto err; | ||
| 1762 | } | ||
| 1755 | 1763 | ||
| 1756 | CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); | 1764 | CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); |
| 1757 | if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { | 1765 | if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { |
| @@ -2252,7 +2260,7 @@ test_tlsext_sessionticket_server(void) | |||
| 2252 | /* Test disabling tickets. */ | 2260 | /* Test disabling tickets. */ |
| 2253 | if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { | 2261 | if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { |
| 2254 | FAIL("Cannot disable tickets in the TLS connection\n"); | 2262 | FAIL("Cannot disable tickets in the TLS connection\n"); |
| 2255 | return 0; | 2263 | goto err; |
| 2256 | } | 2264 | } |
| 2257 | if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | 2265 | if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 2258 | FAIL("server should not need SessionTicket if it was disabled\n"); | 2266 | FAIL("server should not need SessionTicket if it was disabled\n"); |
| @@ -2262,7 +2270,7 @@ test_tlsext_sessionticket_server(void) | |||
| 2262 | /* Test re-enabling tickets. */ | 2270 | /* Test re-enabling tickets. */ |
| 2263 | if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { | 2271 | if ((SSL_clear_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) != 0) { |
| 2264 | FAIL("Cannot re-enable tickets in the TLS connection\n"); | 2272 | FAIL("Cannot re-enable tickets in the TLS connection\n"); |
| 2265 | return 0; | 2273 | goto err; |
| 2266 | } | 2274 | } |
| 2267 | if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | 2275 | if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 2268 | FAIL("server should not need SessionTicket yet\n"); | 2276 | FAIL("server should not need SessionTicket yet\n"); |
| @@ -2293,6 +2301,7 @@ test_tlsext_sessionticket_server(void) | |||
| 2293 | failure = 0; | 2301 | failure = 0; |
| 2294 | 2302 | ||
| 2295 | err: | 2303 | err: |
| 2304 | CBB_cleanup(&cbb); | ||
| 2296 | SSL_CTX_free(ssl_ctx); | 2305 | SSL_CTX_free(ssl_ctx); |
| 2297 | SSL_free(ssl); | 2306 | SSL_free(ssl); |
| 2298 | 2307 | ||
| @@ -2740,10 +2749,15 @@ test_tlsext_clienthello_build(void) | |||
| 2740 | if (!CBB_init(&cbb, 0)) | 2749 | if (!CBB_init(&cbb, 0)) |
| 2741 | errx(1, "failed to create CBB"); | 2750 | errx(1, "failed to create CBB"); |
| 2742 | 2751 | ||
| 2743 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 2752 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) { |
| 2744 | errx(1, "failed to create SSL_CTX"); | 2753 | FAIL("failed to create SSL_CTX"); |
| 2745 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 2754 | goto err; |
| 2746 | errx(1, "failed to create SSL"); | 2755 | } |
| 2756 | |||
| 2757 | if ((ssl = SSL_new(ssl_ctx)) == NULL) { | ||
| 2758 | FAIL("failed to create SSL"); | ||
| 2759 | goto err; | ||
| 2760 | } | ||
| 2747 | 2761 | ||
| 2748 | S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; | 2762 | S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; |
| 2749 | S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; | 2763 | S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; |
| @@ -2752,8 +2766,10 @@ test_tlsext_clienthello_build(void) | |||
| 2752 | FAIL("failed to build clienthello extensions\n"); | 2766 | FAIL("failed to build clienthello extensions\n"); |
| 2753 | goto err; | 2767 | goto err; |
| 2754 | } | 2768 | } |
| 2755 | if (!CBB_finish(&cbb, &data, &dlen)) | 2769 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 2756 | errx(1, "failed to finish CBB"); | 2770 | FAIL("failed to finish CBB"); |
| 2771 | goto err; | ||
| 2772 | } | ||
| 2757 | 2773 | ||
| 2758 | if (dlen != sizeof(tlsext_clienthello_default)) { | 2774 | if (dlen != sizeof(tlsext_clienthello_default)) { |
| 2759 | FAIL("got clienthello extensions with length %zu, " | 2775 | FAIL("got clienthello extensions with length %zu, " |
| @@ -2781,15 +2797,17 @@ test_tlsext_clienthello_build(void) | |||
| 2781 | } | 2797 | } |
| 2782 | if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { | 2798 | if ((SSL_set_options(ssl, SSL_OP_NO_TICKET) & SSL_OP_NO_TICKET) == 0) { |
| 2783 | FAIL("failed to disable session tickets\n"); | 2799 | FAIL("failed to disable session tickets\n"); |
| 2784 | return 0; | 2800 | goto err; |
| 2785 | } | 2801 | } |
| 2786 | 2802 | ||
| 2787 | if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { | 2803 | if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { |
| 2788 | FAIL("failed to build clienthello extensions\n"); | 2804 | FAIL("failed to build clienthello extensions\n"); |
| 2789 | goto err; | 2805 | goto err; |
| 2790 | } | 2806 | } |
| 2791 | if (!CBB_finish(&cbb, &data, &dlen)) | 2807 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 2792 | errx(1, "failed to finish CBB"); | 2808 | FAIL("failed to finish CBB"); |
| 2809 | goto err; | ||
| 2810 | } | ||
| 2793 | 2811 | ||
| 2794 | if (dlen != sizeof(tlsext_clienthello_disabled)) { | 2812 | if (dlen != sizeof(tlsext_clienthello_disabled)) { |
| 2795 | FAIL("got clienthello extensions with length %zu, " | 2813 | FAIL("got clienthello extensions with length %zu, " |
| @@ -2842,12 +2860,18 @@ test_tlsext_serverhello_build(void) | |||
| 2842 | if (!CBB_init(&cbb, 0)) | 2860 | if (!CBB_init(&cbb, 0)) |
| 2843 | errx(1, "failed to create CBB"); | 2861 | errx(1, "failed to create CBB"); |
| 2844 | 2862 | ||
| 2845 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) | 2863 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) { |
| 2846 | errx(1, "failed to create SSL_CTX"); | 2864 | FAIL("failed to create SSL_CTX"); |
| 2847 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 2865 | goto err; |
| 2848 | errx(1, "failed to create SSL"); | 2866 | } |
| 2849 | if ((ssl->session = SSL_SESSION_new()) == NULL) | 2867 | if ((ssl = SSL_new(ssl_ctx)) == NULL) { |
| 2850 | errx(1, "failed to create session"); | 2868 | FAIL("failed to create SSL"); |
| 2869 | goto err; | ||
| 2870 | } | ||
| 2871 | if ((ssl->session = SSL_SESSION_new()) == NULL) { | ||
| 2872 | FAIL("failed to create session"); | ||
| 2873 | goto err; | ||
| 2874 | } | ||
| 2851 | 2875 | ||
| 2852 | S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; | 2876 | S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; |
| 2853 | S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; | 2877 | S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; |
| @@ -2858,8 +2882,10 @@ test_tlsext_serverhello_build(void) | |||
| 2858 | FAIL("failed to build serverhello extensions\n"); | 2882 | FAIL("failed to build serverhello extensions\n"); |
| 2859 | goto err; | 2883 | goto err; |
| 2860 | } | 2884 | } |
| 2861 | if (!CBB_finish(&cbb, &data, &dlen)) | 2885 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 2862 | errx(1, "failed to finish CBB"); | 2886 | FAIL("failed to finish CBB"); |
| 2887 | goto err; | ||
| 2888 | } | ||
| 2863 | 2889 | ||
| 2864 | if (dlen != sizeof(tlsext_serverhello_default)) { | 2890 | if (dlen != sizeof(tlsext_serverhello_default)) { |
| 2865 | FAIL("got serverhello extensions with length %zu, " | 2891 | FAIL("got serverhello extensions with length %zu, " |
| @@ -2885,8 +2911,10 @@ test_tlsext_serverhello_build(void) | |||
| 2885 | ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); | 2911 | ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); |
| 2886 | ssl->internal->tlsext_status_expected = 1; | 2912 | ssl->internal->tlsext_status_expected = 1; |
| 2887 | ssl->internal->tlsext_ticket_expected = 1; | 2913 | ssl->internal->tlsext_ticket_expected = 1; |
| 2888 | if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) | 2914 | if ((ssl->session->tlsext_ecpointformatlist = malloc(1)) == NULL) { |
| 2889 | errx(1, "malloc failed"); | 2915 | FAIL("malloc failed"); |
| 2916 | goto err; | ||
| 2917 | } | ||
| 2890 | ssl->session->tlsext_ecpointformatlist_length = 1; | 2918 | ssl->session->tlsext_ecpointformatlist_length = 1; |
| 2891 | ssl->session->tlsext_ecpointformatlist[0] = | 2919 | ssl->session->tlsext_ecpointformatlist[0] = |
| 2892 | TLSEXT_ECPOINTFORMAT_uncompressed; | 2920 | TLSEXT_ECPOINTFORMAT_uncompressed; |
| @@ -2895,8 +2923,10 @@ test_tlsext_serverhello_build(void) | |||
| 2895 | FAIL("failed to build serverhello extensions\n"); | 2923 | FAIL("failed to build serverhello extensions\n"); |
| 2896 | goto err; | 2924 | goto err; |
| 2897 | } | 2925 | } |
| 2898 | if (!CBB_finish(&cbb, &data, &dlen)) | 2926 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 2899 | errx(1, "failed to finish CBB"); | 2927 | FAIL("failed to finish CBB"); |
| 2928 | goto err; | ||
| 2929 | } | ||
| 2900 | 2930 | ||
| 2901 | if (dlen != sizeof(tlsext_serverhello_enabled)) { | 2931 | if (dlen != sizeof(tlsext_serverhello_enabled)) { |
| 2902 | FAIL("got serverhello extensions with length %zu, " | 2932 | FAIL("got serverhello extensions with length %zu, " |
| @@ -3199,7 +3229,7 @@ test_tlsext_keyshare_server(void) | |||
| 3199 | unsigned char *data = NULL; | 3229 | unsigned char *data = NULL; |
| 3200 | SSL_CTX *ssl_ctx = NULL; | 3230 | SSL_CTX *ssl_ctx = NULL; |
| 3201 | SSL *ssl = NULL; | 3231 | SSL *ssl = NULL; |
| 3202 | int failure = 0; | 3232 | int failure = 1; |
| 3203 | size_t dlen, idx; | 3233 | size_t dlen, idx; |
| 3204 | int alert; | 3234 | int alert; |
| 3205 | CBB cbb; | 3235 | CBB cbb; |
| @@ -3211,99 +3241,99 @@ test_tlsext_keyshare_server(void) | |||
| 3211 | 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, | 3241 | 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, |
| 3212 | }; | 3242 | }; |
| 3213 | 3243 | ||
| 3214 | CBB_init(&cbb, 0); | ||
| 3215 | |||
| 3216 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 3244 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
| 3217 | errx(1, "failed to create SSL_CTX"); | 3245 | errx(1, "failed to create SSL_CTX"); |
| 3218 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 3246 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| 3219 | errx(1, "failed to create SSL"); | 3247 | errx(1, "failed to create SSL"); |
| 3220 | 3248 | ||
| 3249 | CBB_init(&cbb, 0); | ||
| 3250 | |||
| 3221 | S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; | 3251 | S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; |
| 3222 | if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3252 | if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3223 | FAIL("server should not need keyshare\n"); | 3253 | FAIL("server should not need keyshare\n"); |
| 3224 | failure = 1; | ||
| 3225 | goto done; | 3254 | goto done; |
| 3226 | } | 3255 | } |
| 3227 | 3256 | ||
| 3228 | S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; | 3257 | S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; |
| 3229 | if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3258 | if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3230 | FAIL("client should not need keyshare\n"); | 3259 | FAIL("client should not need keyshare\n"); |
| 3231 | failure = 1; | ||
| 3232 | goto done; | 3260 | goto done; |
| 3233 | } | 3261 | } |
| 3234 | 3262 | ||
| 3235 | if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) { | 3263 | if (tls_extension_find(TLSEXT_TYPE_key_share, &idx) == NULL) { |
| 3236 | FAIL("failed to find keyshare extension\n"); | 3264 | FAIL("failed to find keyshare extension\n"); |
| 3237 | failure = 1; | ||
| 3238 | goto done; | 3265 | goto done; |
| 3239 | } | 3266 | } |
| 3240 | S3I(ssl)->hs.extensions_seen |= (1 << idx); | 3267 | S3I(ssl)->hs.extensions_seen |= (1 << idx); |
| 3241 | 3268 | ||
| 3242 | if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3269 | if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3243 | FAIL("server should need keyshare\n"); | 3270 | FAIL("server should need keyshare\n"); |
| 3244 | failure = 1; | ||
| 3245 | goto done; | 3271 | goto done; |
| 3246 | } | 3272 | } |
| 3247 | 3273 | ||
| 3248 | if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { | 3274 | if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { |
| 3249 | FAIL("server should not have built a keyshare response\n"); | 3275 | FAIL("server should not have built a keyshare response\n"); |
| 3250 | failure = 1; | ||
| 3251 | goto done; | 3276 | goto done; |
| 3252 | } | 3277 | } |
| 3253 | 3278 | ||
| 3254 | if ((S3I(ssl)->hs.tls13.key_share = | 3279 | if ((S3I(ssl)->hs.tls13.key_share = |
| 3255 | tls13_key_share_new_nid(NID_X25519)) == NULL) | 3280 | tls13_key_share_new_nid(NID_X25519)) == NULL) { |
| 3256 | errx(1, "failed to create key share"); | 3281 | FAIL("failed to create key share"); |
| 3257 | if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) | 3282 | goto done; |
| 3258 | errx(1, "failed to generate key share"); | 3283 | } |
| 3284 | |||
| 3285 | if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) { | ||
| 3286 | FAIL("failed to generate key share"); | ||
| 3287 | goto done; | ||
| 3288 | } | ||
| 3259 | 3289 | ||
| 3260 | CBS_init(&cbs, bogokey, sizeof(bogokey)); | 3290 | CBS_init(&cbs, bogokey, sizeof(bogokey)); |
| 3291 | |||
| 3261 | if (!tls13_key_share_peer_public(S3I(ssl)->hs.tls13.key_share, | 3292 | if (!tls13_key_share_peer_public(S3I(ssl)->hs.tls13.key_share, |
| 3262 | 0x001d, &cbs)) { | 3293 | 0x001d, &cbs)) { |
| 3263 | FAIL("failed to load peer public key\n"); | 3294 | FAIL("failed to load peer public key\n"); |
| 3264 | failure = 1; | ||
| 3265 | goto done; | 3295 | goto done; |
| 3266 | } | 3296 | } |
| 3267 | 3297 | ||
| 3268 | if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { | 3298 | if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { |
| 3269 | FAIL("server should be able to build a keyshare response\n"); | 3299 | FAIL("server should be able to build a keyshare response\n"); |
| 3270 | failure = 1; | ||
| 3271 | goto done; | 3300 | goto done; |
| 3272 | } | 3301 | } |
| 3273 | 3302 | ||
| 3274 | if (!CBB_finish(&cbb, &data, &dlen)) { | 3303 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 3275 | FAIL("failed to finish CBB\n"); | 3304 | FAIL("failed to finish CBB\n"); |
| 3276 | failure = 1; | ||
| 3277 | goto done; | 3305 | goto done; |
| 3278 | } | 3306 | } |
| 3279 | 3307 | ||
| 3280 | if (dlen != sizeof(tlsext_keyshare_server)) { | 3308 | if (dlen != sizeof(tlsext_keyshare_server)) { |
| 3281 | FAIL("got server keyshare with length %zu, " | 3309 | FAIL("got server keyshare with length %zu, " |
| 3282 | "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); | 3310 | "want length %zu\n", dlen, sizeof(tlsext_keyshare_server)); |
| 3283 | failure = 1; | ||
| 3284 | goto done; | 3311 | goto done; |
| 3285 | } | 3312 | } |
| 3286 | 3313 | ||
| 3287 | if ((S3I(ssl)->hs.tls13.key_share = | 3314 | if ((S3I(ssl)->hs.tls13.key_share = |
| 3288 | tls13_key_share_new_nid(NID_X25519)) == NULL) | 3315 | tls13_key_share_new_nid(NID_X25519)) == NULL) { |
| 3289 | errx(1, "failed to create key share"); | 3316 | FAIL("failed to create key share"); |
| 3290 | if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) | 3317 | goto done; |
| 3291 | errx(1, "failed to generate key share"); | 3318 | } |
| 3319 | if (!tls13_key_share_generate(S3I(ssl)->hs.tls13.key_share)) { | ||
| 3320 | FAIL("failed to generate key share"); | ||
| 3321 | goto done; | ||
| 3322 | } | ||
| 3292 | 3323 | ||
| 3293 | CBS_init(&cbs, data, dlen); | 3324 | CBS_init(&cbs, data, dlen); |
| 3294 | 3325 | ||
| 3295 | if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | 3326 | if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { |
| 3296 | FAIL("failed to parse server keyshare\n"); | 3327 | FAIL("failed to parse server keyshare\n"); |
| 3297 | failure = 1; | ||
| 3298 | goto done; | 3328 | goto done; |
| 3299 | } | 3329 | } |
| 3300 | 3330 | ||
| 3301 | if (CBS_len(&cbs) != 0) { | 3331 | if (CBS_len(&cbs) != 0) { |
| 3302 | FAIL("extension data remaining\n"); | 3332 | FAIL("extension data remaining\n"); |
| 3303 | failure = 1; | ||
| 3304 | goto done; | 3333 | goto done; |
| 3305 | } | 3334 | } |
| 3306 | 3335 | ||
| 3336 | failure = 0; | ||
| 3307 | done: | 3337 | done: |
| 3308 | CBB_cleanup(&cbb); | 3338 | CBB_cleanup(&cbb); |
| 3309 | SSL_CTX_free(ssl_ctx); | 3339 | SSL_CTX_free(ssl_ctx); |