diff options
| author | tb <> | 2022-08-05 17:03:33 +0000 |
|---|---|---|
| committer | tb <> | 2022-08-05 17:03:33 +0000 |
| commit | cdd75704cf29bd0de2355410fc1a2933ad782c5c (patch) | |
| tree | 052201e018f5113cb971ac1752e3f8bc6628f511 /src | |
| parent | 0cfc18ae7ef868d7c88cd35b213e43f420798188 (diff) | |
| download | openbsd-cdd75704cf29bd0de2355410fc1a2933ad782c5c.tar.gz openbsd-cdd75704cf29bd0de2355410fc1a2933ad782c5c.tar.bz2 openbsd-cdd75704cf29bd0de2355410fc1a2933ad782c5c.zip | |
Consistently initialize failure to 1 at the top of the function and
clear it right before the done label.
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 138 |
1 files changed, 62 insertions, 76 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 7522085f5a..918d9c51fe 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.69 2022/08/05 16:51:11 tb Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.70 2022/08/05 17:03:33 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -166,11 +166,11 @@ test_tlsext_alpn_client(void) | |||
| 166 | int failure, alert; | 166 | int failure, alert; |
| 167 | size_t dlen; | 167 | size_t dlen; |
| 168 | 168 | ||
| 169 | failure = 1; | ||
| 170 | |||
| 169 | if (!CBB_init(&cbb, 0)) | 171 | if (!CBB_init(&cbb, 0)) |
| 170 | errx(1, "Failed to create CBB"); | 172 | errx(1, "Failed to create CBB"); |
| 171 | 173 | ||
| 172 | failure = 1; | ||
| 173 | |||
| 174 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 174 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
| 175 | errx(1, "failed to create SSL_CTX"); | 175 | errx(1, "failed to create SSL_CTX"); |
| 176 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 176 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| @@ -367,11 +367,11 @@ test_tlsext_alpn_server(void) | |||
| 367 | int failure, alert; | 367 | int failure, alert; |
| 368 | size_t dlen; | 368 | size_t dlen; |
| 369 | 369 | ||
| 370 | failure = 1; | ||
| 371 | |||
| 370 | if (!CBB_init(&cbb, 0)) | 372 | if (!CBB_init(&cbb, 0)) |
| 371 | errx(1, "Failed to create CBB"); | 373 | errx(1, "Failed to create CBB"); |
| 372 | 374 | ||
| 373 | failure = 1; | ||
| 374 | |||
| 375 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) | 375 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) |
| 376 | errx(1, "failed to create SSL_CTX"); | 376 | errx(1, "failed to create SSL_CTX"); |
| 377 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 377 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| @@ -1463,7 +1463,6 @@ test_tlsext_ri_client(void) | |||
| 1463 | CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); | 1463 | CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); |
| 1464 | if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { | 1464 | if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { |
| 1465 | FAIL("parsed invalid client RI\n"); | 1465 | FAIL("parsed invalid client RI\n"); |
| 1466 | failure = 1; | ||
| 1467 | goto err; | 1466 | goto err; |
| 1468 | } | 1467 | } |
| 1469 | 1468 | ||
| @@ -1623,12 +1622,14 @@ test_tlsext_sigalgs_client(void) | |||
| 1623 | SSL *ssl = NULL; | 1622 | SSL *ssl = NULL; |
| 1624 | const struct tls_extension_funcs *client_funcs; | 1623 | const struct tls_extension_funcs *client_funcs; |
| 1625 | const struct tls_extension_funcs *server_funcs; | 1624 | const struct tls_extension_funcs *server_funcs; |
| 1626 | int failure = 0; | 1625 | int failure; |
| 1627 | size_t dlen; | 1626 | size_t dlen; |
| 1628 | int alert; | 1627 | int alert; |
| 1629 | CBB cbb; | 1628 | CBB cbb; |
| 1630 | CBS cbs; | 1629 | CBS cbs; |
| 1631 | 1630 | ||
| 1631 | failure = 1; | ||
| 1632 | |||
| 1632 | if (!CBB_init(&cbb, 0)) | 1633 | if (!CBB_init(&cbb, 0)) |
| 1633 | errx(1, "Failed to create CBB"); | 1634 | errx(1, "Failed to create CBB"); |
| 1634 | 1635 | ||
| @@ -1645,7 +1646,6 @@ test_tlsext_sigalgs_client(void) | |||
| 1645 | 1646 | ||
| 1646 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 1647 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 1647 | fprintf(stderr, "FAIL: client should not need sigalgs\n"); | 1648 | fprintf(stderr, "FAIL: client should not need sigalgs\n"); |
| 1648 | failure = 1; | ||
| 1649 | goto done; | 1649 | goto done; |
| 1650 | } | 1650 | } |
| 1651 | 1651 | ||
| @@ -1653,13 +1653,11 @@ test_tlsext_sigalgs_client(void) | |||
| 1653 | 1653 | ||
| 1654 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 1654 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 1655 | fprintf(stderr, "FAIL: client should need sigalgsn"); | 1655 | fprintf(stderr, "FAIL: client should need sigalgsn"); |
| 1656 | failure = 1; | ||
| 1657 | goto done; | 1656 | goto done; |
| 1658 | } | 1657 | } |
| 1659 | 1658 | ||
| 1660 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { | 1659 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { |
| 1661 | fprintf(stderr, "FAIL: client failed to build sigalgsn"); | 1660 | fprintf(stderr, "FAIL: client failed to build sigalgsn"); |
| 1662 | failure = 1; | ||
| 1663 | goto done; | 1661 | goto done; |
| 1664 | } | 1662 | } |
| 1665 | 1663 | ||
| @@ -1669,7 +1667,6 @@ test_tlsext_sigalgs_client(void) | |||
| 1669 | if (dlen != sizeof(tlsext_sigalgs_client)) { | 1667 | if (dlen != sizeof(tlsext_sigalgs_client)) { |
| 1670 | fprintf(stderr, "FAIL: got client sigalgs length %zu, " | 1668 | fprintf(stderr, "FAIL: got client sigalgs length %zu, " |
| 1671 | "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); | 1669 | "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); |
| 1672 | failure = 1; | ||
| 1673 | goto done; | 1670 | goto done; |
| 1674 | } | 1671 | } |
| 1675 | 1672 | ||
| @@ -1679,14 +1676,12 @@ test_tlsext_sigalgs_client(void) | |||
| 1679 | hexdump(data, dlen); | 1676 | hexdump(data, dlen); |
| 1680 | fprintf(stderr, "test data:\n"); | 1677 | fprintf(stderr, "test data:\n"); |
| 1681 | hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); | 1678 | hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); |
| 1682 | failure = 1; | ||
| 1683 | goto done; | 1679 | goto done; |
| 1684 | } | 1680 | } |
| 1685 | 1681 | ||
| 1686 | CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); | 1682 | CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); |
| 1687 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { | 1683 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { |
| 1688 | fprintf(stderr, "FAIL: failed to parse client SNI\n"); | 1684 | fprintf(stderr, "FAIL: failed to parse client SNI\n"); |
| 1689 | failure = 1; | ||
| 1690 | goto done; | 1685 | goto done; |
| 1691 | } | 1686 | } |
| 1692 | if (CBS_len(&cbs) != 0) { | 1687 | if (CBS_len(&cbs) != 0) { |
| @@ -1694,6 +1689,8 @@ test_tlsext_sigalgs_client(void) | |||
| 1694 | goto done; | 1689 | goto done; |
| 1695 | } | 1690 | } |
| 1696 | 1691 | ||
| 1692 | failure = 0; | ||
| 1693 | |||
| 1697 | done: | 1694 | done: |
| 1698 | CBB_cleanup(&cbb); | 1695 | CBB_cleanup(&cbb); |
| 1699 | SSL_CTX_free(ssl_ctx); | 1696 | SSL_CTX_free(ssl_ctx); |
| @@ -1712,12 +1709,14 @@ test_tlsext_sigalgs_server(void) | |||
| 1712 | SSL *ssl = NULL; | 1709 | SSL *ssl = NULL; |
| 1713 | const struct tls_extension_funcs *client_funcs; | 1710 | const struct tls_extension_funcs *client_funcs; |
| 1714 | const struct tls_extension_funcs *server_funcs; | 1711 | const struct tls_extension_funcs *server_funcs; |
| 1715 | int failure = 0; | 1712 | int failure; |
| 1716 | size_t dlen; | 1713 | size_t dlen; |
| 1717 | int alert; | 1714 | int alert; |
| 1718 | CBB cbb; | 1715 | CBB cbb; |
| 1719 | CBS cbs; | 1716 | CBS cbs; |
| 1720 | 1717 | ||
| 1718 | failure = 1; | ||
| 1719 | |||
| 1721 | if (!CBB_init(&cbb, 0)) | 1720 | if (!CBB_init(&cbb, 0)) |
| 1722 | errx(1, "Failed to create CBB"); | 1721 | errx(1, "Failed to create CBB"); |
| 1723 | 1722 | ||
| @@ -1732,13 +1731,11 @@ test_tlsext_sigalgs_server(void) | |||
| 1732 | 1731 | ||
| 1733 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { | 1732 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 1734 | fprintf(stderr, "FAIL: server should not need sigalgs\n"); | 1733 | fprintf(stderr, "FAIL: server should not need sigalgs\n"); |
| 1735 | failure = 1; | ||
| 1736 | goto done; | 1734 | goto done; |
| 1737 | } | 1735 | } |
| 1738 | 1736 | ||
| 1739 | if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { | 1737 | if (server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { |
| 1740 | fprintf(stderr, "FAIL: server should not build sigalgs\n"); | 1738 | fprintf(stderr, "FAIL: server should not build sigalgs\n"); |
| 1741 | failure = 1; | ||
| 1742 | goto done; | 1739 | goto done; |
| 1743 | } | 1740 | } |
| 1744 | 1741 | ||
| @@ -1748,10 +1745,11 @@ test_tlsext_sigalgs_server(void) | |||
| 1748 | CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); | 1745 | CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); |
| 1749 | if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | 1746 | if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { |
| 1750 | fprintf(stderr, "FAIL: server should not parse sigalgs\n"); | 1747 | fprintf(stderr, "FAIL: server should not parse sigalgs\n"); |
| 1751 | failure = 1; | ||
| 1752 | goto done; | 1748 | goto done; |
| 1753 | } | 1749 | } |
| 1754 | 1750 | ||
| 1751 | failure = 0; | ||
| 1752 | |||
| 1755 | done: | 1753 | done: |
| 1756 | CBB_cleanup(&cbb); | 1754 | CBB_cleanup(&cbb); |
| 1757 | SSL_CTX_free(ssl_ctx); | 1755 | SSL_CTX_free(ssl_ctx); |
| @@ -1793,7 +1791,6 @@ test_tlsext_sni_client(void) | |||
| 1793 | 1791 | ||
| 1794 | failure = 1; | 1792 | failure = 1; |
| 1795 | 1793 | ||
| 1796 | |||
| 1797 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 1794 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
| 1798 | errx(1, "failed to create SSL_CTX"); | 1795 | errx(1, "failed to create SSL_CTX"); |
| 1799 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 1796 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| @@ -2681,11 +2678,11 @@ test_tlsext_sessionticket_server(void) | |||
| 2681 | size_t dlen; | 2678 | size_t dlen; |
| 2682 | CBB cbb; | 2679 | CBB cbb; |
| 2683 | 2680 | ||
| 2681 | failure = 1; | ||
| 2682 | |||
| 2684 | if (!CBB_init(&cbb, 0)) | 2683 | if (!CBB_init(&cbb, 0)) |
| 2685 | errx(1, "Failed to create CBB"); | 2684 | errx(1, "Failed to create CBB"); |
| 2686 | 2685 | ||
| 2687 | failure = 1; | ||
| 2688 | |||
| 2689 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) | 2686 | if ((ssl_ctx = SSL_CTX_new(TLS_server_method())) == NULL) |
| 2690 | errx(1, "failed to create SSL_CTX"); | 2687 | errx(1, "failed to create SSL_CTX"); |
| 2691 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 2688 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| @@ -2820,11 +2817,11 @@ test_tlsext_srtp_client(void) | |||
| 2820 | int failure, alert; | 2817 | int failure, alert; |
| 2821 | size_t dlen; | 2818 | size_t dlen; |
| 2822 | 2819 | ||
| 2820 | failure = 1; | ||
| 2821 | |||
| 2823 | if (!CBB_init(&cbb, 0)) | 2822 | if (!CBB_init(&cbb, 0)) |
| 2824 | errx(1, "Failed to create CBB"); | 2823 | errx(1, "Failed to create CBB"); |
| 2825 | 2824 | ||
| 2826 | failure = 1; | ||
| 2827 | |||
| 2828 | /* SRTP is for DTLS */ | 2825 | /* SRTP is for DTLS */ |
| 2829 | if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) | 2826 | if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) |
| 2830 | errx(1, "failed to create SSL_CTX"); | 2827 | errx(1, "failed to create SSL_CTX"); |
| @@ -3060,11 +3057,11 @@ test_tlsext_srtp_server(void) | |||
| 3060 | int failure, alert; | 3057 | int failure, alert; |
| 3061 | size_t dlen; | 3058 | size_t dlen; |
| 3062 | 3059 | ||
| 3060 | failure = 1; | ||
| 3061 | |||
| 3063 | if (!CBB_init(&cbb, 0)) | 3062 | if (!CBB_init(&cbb, 0)) |
| 3064 | errx(1, "Failed to create CBB"); | 3063 | errx(1, "Failed to create CBB"); |
| 3065 | 3064 | ||
| 3066 | failure = 1; | ||
| 3067 | |||
| 3068 | /* SRTP is for DTLS */ | 3065 | /* SRTP is for DTLS */ |
| 3069 | if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) | 3066 | if ((ssl_ctx = SSL_CTX_new(DTLSv1_client_method())) == NULL) |
| 3070 | errx(1, "failed to create SSL_CTX"); | 3067 | errx(1, "failed to create SSL_CTX"); |
| @@ -3448,12 +3445,14 @@ test_tlsext_versions_client(void) | |||
| 3448 | SSL *ssl = NULL; | 3445 | SSL *ssl = NULL; |
| 3449 | const struct tls_extension_funcs *client_funcs; | 3446 | const struct tls_extension_funcs *client_funcs; |
| 3450 | const struct tls_extension_funcs *server_funcs; | 3447 | const struct tls_extension_funcs *server_funcs; |
| 3451 | int failure = 0; | 3448 | int failure; |
| 3452 | size_t dlen; | 3449 | size_t dlen; |
| 3453 | int alert; | 3450 | int alert; |
| 3454 | CBB cbb; | 3451 | CBB cbb; |
| 3455 | CBS cbs; | 3452 | CBS cbs; |
| 3456 | 3453 | ||
| 3454 | failure = 1; | ||
| 3455 | |||
| 3457 | if (!CBB_init(&cbb, 0)) | 3456 | if (!CBB_init(&cbb, 0)) |
| 3458 | errx(1, "Failed to create CBB"); | 3457 | errx(1, "Failed to create CBB"); |
| 3459 | 3458 | ||
| @@ -3470,7 +3469,6 @@ test_tlsext_versions_client(void) | |||
| 3470 | 3469 | ||
| 3471 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3470 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3472 | FAIL("client should not need versions\n"); | 3471 | FAIL("client should not need versions\n"); |
| 3473 | failure = 1; | ||
| 3474 | goto done; | 3472 | goto done; |
| 3475 | } | 3473 | } |
| 3476 | 3474 | ||
| @@ -3478,7 +3476,6 @@ test_tlsext_versions_client(void) | |||
| 3478 | 3476 | ||
| 3479 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3477 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3480 | FAIL("client should not need versions\n"); | 3478 | FAIL("client should not need versions\n"); |
| 3481 | failure = 1; | ||
| 3482 | goto done; | 3479 | goto done; |
| 3483 | } | 3480 | } |
| 3484 | 3481 | ||
| @@ -3486,7 +3483,6 @@ test_tlsext_versions_client(void) | |||
| 3486 | 3483 | ||
| 3487 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3484 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3488 | FAIL("client should need versions\n"); | 3485 | FAIL("client should need versions\n"); |
| 3489 | failure = 1; | ||
| 3490 | goto done; | 3486 | goto done; |
| 3491 | } | 3487 | } |
| 3492 | 3488 | ||
| @@ -3495,34 +3491,32 @@ test_tlsext_versions_client(void) | |||
| 3495 | 3491 | ||
| 3496 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { | 3492 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { |
| 3497 | FAIL("client should have built versions\n"); | 3493 | FAIL("client should have built versions\n"); |
| 3498 | failure = 1; | ||
| 3499 | goto done; | 3494 | goto done; |
| 3500 | } | 3495 | } |
| 3501 | 3496 | ||
| 3502 | if (!CBB_finish(&cbb, &data, &dlen)) { | 3497 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 3503 | FAIL("failed to finish CBB\n"); | 3498 | FAIL("failed to finish CBB\n"); |
| 3504 | failure = 1; | ||
| 3505 | goto done; | 3499 | goto done; |
| 3506 | } | 3500 | } |
| 3507 | 3501 | ||
| 3508 | if (dlen != sizeof(tlsext_versions_client)) { | 3502 | if (dlen != sizeof(tlsext_versions_client)) { |
| 3509 | FAIL("got versions with length %zu, " | 3503 | FAIL("got versions with length %zu, " |
| 3510 | "want length %zu\n", dlen, sizeof(tlsext_versions_client)); | 3504 | "want length %zu\n", dlen, sizeof(tlsext_versions_client)); |
| 3511 | failure = 1; | ||
| 3512 | goto done; | 3505 | goto done; |
| 3513 | } | 3506 | } |
| 3514 | 3507 | ||
| 3515 | CBS_init(&cbs, data, dlen); | 3508 | CBS_init(&cbs, data, dlen); |
| 3516 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { | 3509 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { |
| 3517 | FAIL("failed to parse client versions\n"); | 3510 | FAIL("failed to parse client versions\n"); |
| 3518 | failure = 1; | ||
| 3519 | goto done; | 3511 | goto done; |
| 3520 | } | 3512 | } |
| 3521 | if (CBS_len(&cbs) != 0) { | 3513 | if (CBS_len(&cbs) != 0) { |
| 3522 | FAIL("extension data remaining\n"); | 3514 | FAIL("extension data remaining\n"); |
| 3523 | failure = 1; | ||
| 3524 | goto done; | 3515 | goto done; |
| 3525 | } | 3516 | } |
| 3517 | |||
| 3518 | failure = 0; | ||
| 3519 | |||
| 3526 | done: | 3520 | done: |
| 3527 | CBB_cleanup(&cbb); | 3521 | CBB_cleanup(&cbb); |
| 3528 | SSL_CTX_free(ssl_ctx); | 3522 | SSL_CTX_free(ssl_ctx); |
| @@ -3540,12 +3534,14 @@ test_tlsext_versions_server(void) | |||
| 3540 | SSL *ssl = NULL; | 3534 | SSL *ssl = NULL; |
| 3541 | const struct tls_extension_funcs *client_funcs; | 3535 | const struct tls_extension_funcs *client_funcs; |
| 3542 | const struct tls_extension_funcs *server_funcs; | 3536 | const struct tls_extension_funcs *server_funcs; |
| 3543 | int failure = 0; | 3537 | int failure; |
| 3544 | size_t dlen; | 3538 | size_t dlen; |
| 3545 | int alert; | 3539 | int alert; |
| 3546 | CBB cbb; | 3540 | CBB cbb; |
| 3547 | CBS cbs; | 3541 | CBS cbs; |
| 3548 | 3542 | ||
| 3543 | failure = 1; | ||
| 3544 | |||
| 3549 | if (!CBB_init(&cbb, 0)) | 3545 | if (!CBB_init(&cbb, 0)) |
| 3550 | errx(1, "Failed to create CBB"); | 3546 | errx(1, "Failed to create CBB"); |
| 3551 | 3547 | ||
| @@ -3562,7 +3558,6 @@ test_tlsext_versions_server(void) | |||
| 3562 | 3558 | ||
| 3563 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3559 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3564 | FAIL("server should not need versions\n"); | 3560 | FAIL("server should not need versions\n"); |
| 3565 | failure = 1; | ||
| 3566 | goto done; | 3561 | goto done; |
| 3567 | } | 3562 | } |
| 3568 | 3563 | ||
| @@ -3570,40 +3565,37 @@ test_tlsext_versions_server(void) | |||
| 3570 | 3565 | ||
| 3571 | if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3566 | if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3572 | FAIL("server should need versions\n"); | 3567 | FAIL("server should need versions\n"); |
| 3573 | failure = 1; | ||
| 3574 | goto done; | 3568 | goto done; |
| 3575 | } | 3569 | } |
| 3576 | 3570 | ||
| 3577 | if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { | 3571 | if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { |
| 3578 | FAIL("server should have built versions\n"); | 3572 | FAIL("server should have built versions\n"); |
| 3579 | failure = 1; | ||
| 3580 | goto done; | 3573 | goto done; |
| 3581 | } | 3574 | } |
| 3582 | 3575 | ||
| 3583 | if (!CBB_finish(&cbb, &data, &dlen)) { | 3576 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 3584 | FAIL("failed to finish CBB\n"); | 3577 | FAIL("failed to finish CBB\n"); |
| 3585 | failure = 1; | ||
| 3586 | goto done; | 3578 | goto done; |
| 3587 | } | 3579 | } |
| 3588 | 3580 | ||
| 3589 | if (dlen != sizeof(tlsext_versions_server)) { | 3581 | if (dlen != sizeof(tlsext_versions_server)) { |
| 3590 | FAIL("got versions with length %zu, " | 3582 | FAIL("got versions with length %zu, " |
| 3591 | "want length %zu\n", dlen, sizeof(tlsext_versions_server)); | 3583 | "want length %zu\n", dlen, sizeof(tlsext_versions_server)); |
| 3592 | failure = 1; | ||
| 3593 | goto done; | 3584 | goto done; |
| 3594 | } | 3585 | } |
| 3595 | 3586 | ||
| 3596 | CBS_init(&cbs, data, dlen); | 3587 | CBS_init(&cbs, data, dlen); |
| 3597 | if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | 3588 | if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { |
| 3598 | FAIL("failed to parse client versions\n"); | 3589 | FAIL("failed to parse client versions\n"); |
| 3599 | failure = 1; | ||
| 3600 | goto done; | 3590 | goto done; |
| 3601 | } | 3591 | } |
| 3602 | if (CBS_len(&cbs) != 0) { | 3592 | if (CBS_len(&cbs) != 0) { |
| 3603 | FAIL("extension data remaining\n"); | 3593 | FAIL("extension data remaining\n"); |
| 3604 | failure = 1; | ||
| 3605 | goto done; | 3594 | goto done; |
| 3606 | } | 3595 | } |
| 3596 | |||
| 3597 | failure = 0; | ||
| 3598 | |||
| 3607 | done: | 3599 | done: |
| 3608 | CBB_cleanup(&cbb); | 3600 | CBB_cleanup(&cbb); |
| 3609 | SSL_CTX_free(ssl_ctx); | 3601 | SSL_CTX_free(ssl_ctx); |
| @@ -3637,12 +3629,14 @@ test_tlsext_keyshare_client(void) | |||
| 3637 | SSL *ssl = NULL; | 3629 | SSL *ssl = NULL; |
| 3638 | const struct tls_extension_funcs *client_funcs; | 3630 | const struct tls_extension_funcs *client_funcs; |
| 3639 | const struct tls_extension_funcs *server_funcs; | 3631 | const struct tls_extension_funcs *server_funcs; |
| 3640 | int failure = 0; | 3632 | int failure; |
| 3641 | size_t dlen; | 3633 | size_t dlen; |
| 3642 | int alert; | 3634 | int alert; |
| 3643 | CBB cbb; | 3635 | CBB cbb; |
| 3644 | CBS cbs; | 3636 | CBS cbs; |
| 3645 | 3637 | ||
| 3638 | failure = 1; | ||
| 3639 | |||
| 3646 | if (!CBB_init(&cbb, 0)) | 3640 | if (!CBB_init(&cbb, 0)) |
| 3647 | errx(1, "Failed to create CBB"); | 3641 | errx(1, "Failed to create CBB"); |
| 3648 | 3642 | ||
| @@ -3664,34 +3658,29 @@ test_tlsext_keyshare_client(void) | |||
| 3664 | ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; | 3658 | ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; |
| 3665 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3659 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3666 | FAIL("client should not need keyshare\n"); | 3660 | FAIL("client should not need keyshare\n"); |
| 3667 | failure = 1; | ||
| 3668 | goto done; | 3661 | goto done; |
| 3669 | } | 3662 | } |
| 3670 | 3663 | ||
| 3671 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; | 3664 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; |
| 3672 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3665 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3673 | FAIL("client should need keyshare\n"); | 3666 | FAIL("client should need keyshare\n"); |
| 3674 | failure = 1; | ||
| 3675 | goto done; | 3667 | goto done; |
| 3676 | } | 3668 | } |
| 3677 | 3669 | ||
| 3678 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; | 3670 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; |
| 3679 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { | 3671 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { |
| 3680 | FAIL("client should have built keyshare\n"); | 3672 | FAIL("client should have built keyshare\n"); |
| 3681 | failure = 1; | ||
| 3682 | goto done; | 3673 | goto done; |
| 3683 | } | 3674 | } |
| 3684 | 3675 | ||
| 3685 | if (!CBB_finish(&cbb, &data, &dlen)) { | 3676 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 3686 | FAIL("failed to finish CBB\n"); | 3677 | FAIL("failed to finish CBB\n"); |
| 3687 | failure = 1; | ||
| 3688 | goto done; | 3678 | goto done; |
| 3689 | } | 3679 | } |
| 3690 | 3680 | ||
| 3691 | if (dlen != sizeof(tlsext_keyshare_client)) { | 3681 | if (dlen != sizeof(tlsext_keyshare_client)) { |
| 3692 | FAIL("got client keyshare with length %zu, " | 3682 | FAIL("got client keyshare with length %zu, " |
| 3693 | "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client)); | 3683 | "want length %zu\n", dlen, (size_t) sizeof(tlsext_keyshare_client)); |
| 3694 | failure = 1; | ||
| 3695 | goto done; | 3684 | goto done; |
| 3696 | } | 3685 | } |
| 3697 | 3686 | ||
| @@ -3700,16 +3689,15 @@ test_tlsext_keyshare_client(void) | |||
| 3700 | 3689 | ||
| 3701 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { | 3690 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { |
| 3702 | FAIL("failed to parse client keyshare\n"); | 3691 | FAIL("failed to parse client keyshare\n"); |
| 3703 | failure = 1; | ||
| 3704 | goto done; | 3692 | goto done; |
| 3705 | } | 3693 | } |
| 3706 | 3694 | ||
| 3707 | if (CBS_len(&cbs) != 0) { | 3695 | if (CBS_len(&cbs) != 0) { |
| 3708 | FAIL("extension data remaining\n"); | 3696 | FAIL("extension data remaining\n"); |
| 3709 | failure = 1; | ||
| 3710 | goto done; | 3697 | goto done; |
| 3711 | } | 3698 | } |
| 3712 | 3699 | ||
| 3700 | failure = 0; | ||
| 3713 | 3701 | ||
| 3714 | done: | 3702 | done: |
| 3715 | CBB_cleanup(&cbb); | 3703 | CBB_cleanup(&cbb); |
| @@ -3729,7 +3717,7 @@ test_tlsext_keyshare_server(void) | |||
| 3729 | const struct tls_extension_funcs *client_funcs; | 3717 | const struct tls_extension_funcs *client_funcs; |
| 3730 | const struct tls_extension_funcs *server_funcs; | 3718 | const struct tls_extension_funcs *server_funcs; |
| 3731 | int decode_error; | 3719 | int decode_error; |
| 3732 | int failure = 1; | 3720 | int failure; |
| 3733 | size_t dlen, idx; | 3721 | size_t dlen, idx; |
| 3734 | int alert; | 3722 | int alert; |
| 3735 | CBB cbb; | 3723 | CBB cbb; |
| @@ -3741,6 +3729,8 @@ test_tlsext_keyshare_server(void) | |||
| 3741 | 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, | 3729 | 0xbe, 0x35, 0xca, 0x51, 0x76, 0x1e, 0xe8, 0x22, |
| 3742 | }; | 3730 | }; |
| 3743 | 3731 | ||
| 3732 | failure = 1; | ||
| 3733 | |||
| 3744 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 3734 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
| 3745 | errx(1, "failed to create SSL_CTX"); | 3735 | errx(1, "failed to create SSL_CTX"); |
| 3746 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 3736 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| @@ -3841,6 +3831,7 @@ test_tlsext_keyshare_server(void) | |||
| 3841 | } | 3831 | } |
| 3842 | 3832 | ||
| 3843 | failure = 0; | 3833 | failure = 0; |
| 3834 | |||
| 3844 | done: | 3835 | done: |
| 3845 | CBB_cleanup(&cbb); | 3836 | CBB_cleanup(&cbb); |
| 3846 | SSL_CTX_free(ssl_ctx); | 3837 | SSL_CTX_free(ssl_ctx); |
| @@ -3867,12 +3858,14 @@ test_tlsext_cookie_client(void) | |||
| 3867 | SSL *ssl = NULL; | 3858 | SSL *ssl = NULL; |
| 3868 | const struct tls_extension_funcs *client_funcs; | 3859 | const struct tls_extension_funcs *client_funcs; |
| 3869 | const struct tls_extension_funcs *server_funcs; | 3860 | const struct tls_extension_funcs *server_funcs; |
| 3870 | int failure = 0; | 3861 | int failure; |
| 3871 | size_t dlen; | 3862 | size_t dlen; |
| 3872 | int alert; | 3863 | int alert; |
| 3873 | CBB cbb; | 3864 | CBB cbb; |
| 3874 | CBS cbs; | 3865 | CBS cbs; |
| 3875 | 3866 | ||
| 3867 | failure = 1; | ||
| 3868 | |||
| 3876 | if (!CBB_init(&cbb, 0)) | 3869 | if (!CBB_init(&cbb, 0)) |
| 3877 | errx(1, "Failed to create CBB"); | 3870 | errx(1, "Failed to create CBB"); |
| 3878 | 3871 | ||
| @@ -3888,7 +3881,6 @@ test_tlsext_cookie_client(void) | |||
| 3888 | ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; | 3881 | ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; |
| 3889 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3882 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3890 | FAIL("client should not need cookie\n"); | 3883 | FAIL("client should not need cookie\n"); |
| 3891 | failure = 1; | ||
| 3892 | goto done; | 3884 | goto done; |
| 3893 | } | 3885 | } |
| 3894 | 3886 | ||
| @@ -3896,7 +3888,6 @@ test_tlsext_cookie_client(void) | |||
| 3896 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; | 3888 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; |
| 3897 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3889 | if (client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3898 | FAIL("client should not need cookie\n"); | 3890 | FAIL("client should not need cookie\n"); |
| 3899 | failure = 1; | ||
| 3900 | goto done; | 3891 | goto done; |
| 3901 | } | 3892 | } |
| 3902 | 3893 | ||
| @@ -3906,19 +3897,16 @@ test_tlsext_cookie_client(void) | |||
| 3906 | 3897 | ||
| 3907 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { | 3898 | if (!client_funcs->needs(ssl, SSL_TLSEXT_MSG_CH)) { |
| 3908 | FAIL("client should need cookie\n"); | 3899 | FAIL("client should need cookie\n"); |
| 3909 | failure = 1; | ||
| 3910 | goto done; | 3900 | goto done; |
| 3911 | } | 3901 | } |
| 3912 | 3902 | ||
| 3913 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { | 3903 | if (!client_funcs->build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { |
| 3914 | FAIL("client should have built a cookie response\n"); | 3904 | FAIL("client should have built a cookie response\n"); |
| 3915 | failure = 1; | ||
| 3916 | goto done; | 3905 | goto done; |
| 3917 | } | 3906 | } |
| 3918 | 3907 | ||
| 3919 | if (!CBB_finish(&cbb, &data, &dlen)) { | 3908 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 3920 | FAIL("failed to finish CBB\n"); | 3909 | FAIL("failed to finish CBB\n"); |
| 3921 | failure = 1; | ||
| 3922 | goto done; | 3910 | goto done; |
| 3923 | } | 3911 | } |
| 3924 | 3912 | ||
| @@ -3926,7 +3914,6 @@ test_tlsext_cookie_client(void) | |||
| 3926 | FAIL("got cookie with length %zu, " | 3914 | FAIL("got cookie with length %zu, " |
| 3927 | "want length %zu\n", dlen, strlen(cookie) + | 3915 | "want length %zu\n", dlen, strlen(cookie) + |
| 3928 | sizeof(uint16_t)); | 3916 | sizeof(uint16_t)); |
| 3929 | failure = 1; | ||
| 3930 | goto done; | 3917 | goto done; |
| 3931 | } | 3918 | } |
| 3932 | 3919 | ||
| @@ -3935,16 +3922,16 @@ test_tlsext_cookie_client(void) | |||
| 3935 | /* Checks cookie against what's in the hs.tls13 */ | 3922 | /* Checks cookie against what's in the hs.tls13 */ |
| 3936 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { | 3923 | if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { |
| 3937 | FAIL("failed to parse client cookie\n"); | 3924 | FAIL("failed to parse client cookie\n"); |
| 3938 | failure = 1; | ||
| 3939 | goto done; | 3925 | goto done; |
| 3940 | } | 3926 | } |
| 3941 | 3927 | ||
| 3942 | if (CBS_len(&cbs) != 0) { | 3928 | if (CBS_len(&cbs) != 0) { |
| 3943 | FAIL("extension data remaining\n"); | 3929 | FAIL("extension data remaining\n"); |
| 3944 | failure = 1; | ||
| 3945 | goto done; | 3930 | goto done; |
| 3946 | } | 3931 | } |
| 3947 | 3932 | ||
| 3933 | failure = 0; | ||
| 3934 | |||
| 3948 | done: | 3935 | done: |
| 3949 | CBB_cleanup(&cbb); | 3936 | CBB_cleanup(&cbb); |
| 3950 | SSL_CTX_free(ssl_ctx); | 3937 | SSL_CTX_free(ssl_ctx); |
| @@ -3962,12 +3949,14 @@ test_tlsext_cookie_server(void) | |||
| 3962 | SSL *ssl = NULL; | 3949 | SSL *ssl = NULL; |
| 3963 | const struct tls_extension_funcs *client_funcs; | 3950 | const struct tls_extension_funcs *client_funcs; |
| 3964 | const struct tls_extension_funcs *server_funcs; | 3951 | const struct tls_extension_funcs *server_funcs; |
| 3965 | int failure = 0; | 3952 | int failure; |
| 3966 | size_t dlen; | 3953 | size_t dlen; |
| 3967 | int alert; | 3954 | int alert; |
| 3968 | CBB cbb; | 3955 | CBB cbb; |
| 3969 | CBS cbs; | 3956 | CBS cbs; |
| 3970 | 3957 | ||
| 3958 | failure = 1; | ||
| 3959 | |||
| 3971 | if (!CBB_init(&cbb, 0)) | 3960 | if (!CBB_init(&cbb, 0)) |
| 3972 | errx(1, "Failed to create CBB"); | 3961 | errx(1, "Failed to create CBB"); |
| 3973 | 3962 | ||
| @@ -3983,14 +3972,12 @@ test_tlsext_cookie_server(void) | |||
| 3983 | ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; | 3972 | ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; |
| 3984 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3973 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3985 | FAIL("server should not need cookie\n"); | 3974 | FAIL("server should not need cookie\n"); |
| 3986 | failure = 1; | ||
| 3987 | goto done; | 3975 | goto done; |
| 3988 | } | 3976 | } |
| 3989 | 3977 | ||
| 3990 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; | 3978 | ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; |
| 3991 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { | 3979 | if (server_funcs->needs(ssl, SSL_TLSEXT_MSG_SH)) { |
| 3992 | FAIL("server should not need cookie\n"); | 3980 | FAIL("server should not need cookie\n"); |
| 3993 | failure = 1; | ||
| 3994 | goto done; | 3981 | goto done; |
| 3995 | } | 3982 | } |
| 3996 | 3983 | ||
| @@ -4000,19 +3987,16 @@ test_tlsext_cookie_server(void) | |||
| 4000 | 3987 | ||
| 4001 | if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) { | 3988 | if (!server_funcs->needs(ssl, SSL_TLSEXT_MSG_HRR)) { |
| 4002 | FAIL("server should need cookie\n"); | 3989 | FAIL("server should need cookie\n"); |
| 4003 | failure = 1; | ||
| 4004 | goto done; | 3990 | goto done; |
| 4005 | } | 3991 | } |
| 4006 | 3992 | ||
| 4007 | if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) { | 3993 | if (!server_funcs->build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) { |
| 4008 | FAIL("server should have built a cookie response\n"); | 3994 | FAIL("server should have built a cookie response\n"); |
| 4009 | failure = 1; | ||
| 4010 | goto done; | 3995 | goto done; |
| 4011 | } | 3996 | } |
| 4012 | 3997 | ||
| 4013 | if (!CBB_finish(&cbb, &data, &dlen)) { | 3998 | if (!CBB_finish(&cbb, &data, &dlen)) { |
| 4014 | FAIL("failed to finish CBB\n"); | 3999 | FAIL("failed to finish CBB\n"); |
| 4015 | failure = 1; | ||
| 4016 | goto done; | 4000 | goto done; |
| 4017 | } | 4001 | } |
| 4018 | 4002 | ||
| @@ -4020,7 +4004,6 @@ test_tlsext_cookie_server(void) | |||
| 4020 | FAIL("got cookie with length %zu, " | 4004 | FAIL("got cookie with length %zu, " |
| 4021 | "want length %zu\n", dlen, strlen(cookie) + | 4005 | "want length %zu\n", dlen, strlen(cookie) + |
| 4022 | sizeof(uint16_t)); | 4006 | sizeof(uint16_t)); |
| 4023 | failure = 1; | ||
| 4024 | goto done; | 4007 | goto done; |
| 4025 | } | 4008 | } |
| 4026 | 4009 | ||
| @@ -4028,7 +4011,6 @@ test_tlsext_cookie_server(void) | |||
| 4028 | 4011 | ||
| 4029 | if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | 4012 | if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { |
| 4030 | FAIL("client should not have parsed server cookie\n"); | 4013 | FAIL("client should not have parsed server cookie\n"); |
| 4031 | failure = 1; | ||
| 4032 | goto done; | 4014 | goto done; |
| 4033 | } | 4015 | } |
| 4034 | 4016 | ||
| @@ -4038,23 +4020,22 @@ test_tlsext_cookie_server(void) | |||
| 4038 | 4020 | ||
| 4039 | if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { | 4021 | if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { |
| 4040 | FAIL("failed to parse server cookie\n"); | 4022 | FAIL("failed to parse server cookie\n"); |
| 4041 | failure = 1; | ||
| 4042 | goto done; | 4023 | goto done; |
| 4043 | } | 4024 | } |
| 4044 | 4025 | ||
| 4045 | if (memcmp(cookie, ssl->s3->hs.tls13.cookie, | 4026 | if (memcmp(cookie, ssl->s3->hs.tls13.cookie, |
| 4046 | ssl->s3->hs.tls13.cookie_len) != 0) { | 4027 | ssl->s3->hs.tls13.cookie_len) != 0) { |
| 4047 | FAIL("parsed server cookie does not match sent cookie\n"); | 4028 | FAIL("parsed server cookie does not match sent cookie\n"); |
| 4048 | failure = 1; | ||
| 4049 | goto done; | 4029 | goto done; |
| 4050 | } | 4030 | } |
| 4051 | 4031 | ||
| 4052 | if (CBS_len(&cbs) != 0) { | 4032 | if (CBS_len(&cbs) != 0) { |
| 4053 | FAIL("extension data remaining\n"); | 4033 | FAIL("extension data remaining\n"); |
| 4054 | failure = 1; | ||
| 4055 | goto done; | 4034 | goto done; |
| 4056 | } | 4035 | } |
| 4057 | 4036 | ||
| 4037 | failure = 0; | ||
| 4038 | |||
| 4058 | done: | 4039 | done: |
| 4059 | CBB_cleanup(&cbb); | 4040 | CBB_cleanup(&cbb); |
| 4060 | SSL_CTX_free(ssl_ctx); | 4041 | SSL_CTX_free(ssl_ctx); |
| @@ -4090,11 +4071,11 @@ test_tlsext_psk_modes_client(void) | |||
| 4090 | CBS cbs; | 4071 | CBS cbs; |
| 4091 | int alert; | 4072 | int alert; |
| 4092 | 4073 | ||
| 4074 | failure = 1; | ||
| 4075 | |||
| 4093 | if (!CBB_init(&cbb, 0)) | 4076 | if (!CBB_init(&cbb, 0)) |
| 4094 | errx(1, "Failed to create CBB"); | 4077 | errx(1, "Failed to create CBB"); |
| 4095 | 4078 | ||
| 4096 | failure = 1; | ||
| 4097 | |||
| 4098 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) | 4079 | if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) == NULL) |
| 4099 | errx(1, "failed to create SSL_CTX"); | 4080 | errx(1, "failed to create SSL_CTX"); |
| 4100 | if ((ssl = SSL_new(ssl_ctx)) == NULL) | 4081 | if ((ssl = SSL_new(ssl_ctx)) == NULL) |
| @@ -4237,6 +4218,7 @@ test_tlsext_psk_modes_client(void) | |||
| 4237 | } | 4218 | } |
| 4238 | 4219 | ||
| 4239 | failure = 0; | 4220 | failure = 0; |
| 4221 | |||
| 4240 | err: | 4222 | err: |
| 4241 | CBB_cleanup(&cbb); | 4223 | CBB_cleanup(&cbb); |
| 4242 | SSL_CTX_free(ssl_ctx); | 4224 | SSL_CTX_free(ssl_ctx); |
| @@ -4272,6 +4254,7 @@ test_tlsext_psk_modes_server(void) | |||
| 4272 | } | 4254 | } |
| 4273 | 4255 | ||
| 4274 | failure = 0; | 4256 | failure = 0; |
| 4257 | |||
| 4275 | err: | 4258 | err: |
| 4276 | SSL_CTX_free(ssl_ctx); | 4259 | SSL_CTX_free(ssl_ctx); |
| 4277 | SSL_free(ssl); | 4260 | SSL_free(ssl); |
| @@ -4389,10 +4372,12 @@ static const struct tls_sni_test tls_sni_tests[] = { | |||
| 4389 | static int | 4372 | static int |
| 4390 | test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) | 4373 | test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) |
| 4391 | { | 4374 | { |
| 4392 | int failure = 0; | 4375 | int failure; |
| 4393 | int is_ip; | 4376 | int is_ip; |
| 4394 | CBS cbs; | 4377 | CBS cbs; |
| 4395 | 4378 | ||
| 4379 | failure = 1; | ||
| 4380 | |||
| 4396 | CBS_init(&cbs, tst->hostname, strlen(tst->hostname)); | 4381 | CBS_init(&cbs, tst->hostname, strlen(tst->hostname)); |
| 4397 | if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) { | 4382 | if (tlsext_sni_is_valid_hostname(&cbs, &is_ip) != tst->valid) { |
| 4398 | if (tst->valid) { | 4383 | if (tst->valid) { |
| @@ -4402,7 +4387,6 @@ test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) | |||
| 4402 | FAIL("Invalid hostname '%s' accepted\n", | 4387 | FAIL("Invalid hostname '%s' accepted\n", |
| 4403 | tst->hostname); | 4388 | tst->hostname); |
| 4404 | } | 4389 | } |
| 4405 | failure = 1; | ||
| 4406 | goto done; | 4390 | goto done; |
| 4407 | } | 4391 | } |
| 4408 | if (tst->is_ip != is_ip) { | 4392 | if (tst->is_ip != is_ip) { |
| @@ -4413,7 +4397,6 @@ test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) | |||
| 4413 | FAIL("Hostname '%s' is not an IP literal but is " | 4397 | FAIL("Hostname '%s' is not an IP literal but is " |
| 4414 | "identified as one\n", tst->hostname); | 4398 | "identified as one\n", tst->hostname); |
| 4415 | } | 4399 | } |
| 4416 | failure = 1; | ||
| 4417 | goto done; | 4400 | goto done; |
| 4418 | } | 4401 | } |
| 4419 | 4402 | ||
| @@ -4422,11 +4405,14 @@ test_tlsext_is_valid_hostname(const struct tls_sni_test *tst) | |||
| 4422 | strlen(tst->hostname) + 1); | 4405 | strlen(tst->hostname) + 1); |
| 4423 | if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { | 4406 | if (tlsext_sni_is_valid_hostname(&cbs, &is_ip)) { |
| 4424 | FAIL("hostname with NUL byte accepted\n"); | 4407 | FAIL("hostname with NUL byte accepted\n"); |
| 4425 | failure = 1; | ||
| 4426 | goto done; | 4408 | goto done; |
| 4427 | } | 4409 | } |
| 4428 | } | 4410 | } |
| 4411 | |||
| 4412 | failure = 0; | ||
| 4413 | |||
| 4429 | done: | 4414 | done: |
| 4415 | |||
| 4430 | return failure; | 4416 | return failure; |
| 4431 | } | 4417 | } |
| 4432 | 4418 | ||