summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c84
1 files changed, 82 insertions, 2 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 1b2820d78b..63c64e9411 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.15 2017/08/27 02:58:04 doug Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.16 2017/08/29 17:24:59 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -198,6 +198,10 @@ test_tlsext_alpn_clienthello(void)
198 FAIL("failed to parse ALPN"); 198 FAIL("failed to parse ALPN");
199 goto err; 199 goto err;
200 } 200 }
201 if (CBS_len(&cbs) != 0) {
202 FAIL("extension data remaining");
203 goto err;
204 }
201 205
202 if (ssl->internal->alpn_client_proto_list_len != 206 if (ssl->internal->alpn_client_proto_list_len !=
203 sizeof(tlsext_alpn_single_proto_val)) { 207 sizeof(tlsext_alpn_single_proto_val)) {
@@ -261,6 +265,10 @@ test_tlsext_alpn_clienthello(void)
261 FAIL("failed to parse ALPN"); 265 FAIL("failed to parse ALPN");
262 goto err; 266 goto err;
263 } 267 }
268 if (CBS_len(&cbs) != 0) {
269 FAIL("extension data remaining");
270 goto err;
271 }
264 272
265 if (ssl->internal->alpn_client_proto_list_len != 273 if (ssl->internal->alpn_client_proto_list_len !=
266 sizeof(tlsext_alpn_multiple_protos_val)) { 274 sizeof(tlsext_alpn_multiple_protos_val)) {
@@ -398,6 +406,10 @@ test_tlsext_alpn_serverhello(void)
398 FAIL("Should be able to parse serverhello when we request it"); 406 FAIL("Should be able to parse serverhello when we request it");
399 goto err; 407 goto err;
400 } 408 }
409 if (CBS_len(&cbs) != 0) {
410 FAIL("extension data remaining");
411 goto err;
412 }
401 413
402 if (S3I(ssl)->alpn_selected_len != 414 if (S3I(ssl)->alpn_selected_len !=
403 sizeof(tlsext_alpn_single_proto_name)) { 415 sizeof(tlsext_alpn_single_proto_name)) {
@@ -597,6 +609,10 @@ test_tlsext_ec_clienthello(void)
597 FAIL("failed to parse clienthello Ellipticcurves\n"); 609 FAIL("failed to parse clienthello Ellipticcurves\n");
598 goto err; 610 goto err;
599 } 611 }
612 if (CBS_len(&cbs) != 0) {
613 FAIL("extension data remaining");
614 goto err;
615 }
600 616
601 if (SSI(ssl)->tlsext_supportedgroups_length != 617 if (SSI(ssl)->tlsext_supportedgroups_length !=
602 sizeof(tlsext_ec_clienthello_secp384r1_val) / sizeof(uint16_t)) { 618 sizeof(tlsext_ec_clienthello_secp384r1_val) / sizeof(uint16_t)) {
@@ -693,6 +709,10 @@ test_tlsext_ec_clienthello(void)
693 FAIL("failed to parse clienthello Ellipticcurves\n"); 709 FAIL("failed to parse clienthello Ellipticcurves\n");
694 goto err; 710 goto err;
695 } 711 }
712 if (CBS_len(&cbs) != 0) {
713 FAIL("extension data remaining");
714 goto err;
715 }
696 716
697 if (SSI(ssl)->tlsext_supportedgroups_length != 717 if (SSI(ssl)->tlsext_supportedgroups_length !=
698 sizeof(tlsext_ec_clienthello_nistp192and224_val) / sizeof(uint16_t)) { 718 sizeof(tlsext_ec_clienthello_nistp192and224_val) / sizeof(uint16_t)) {
@@ -895,6 +915,10 @@ test_tlsext_ecpf_clienthello(void)
895 FAIL("failed to parse clienthello ECPointFormats\n"); 915 FAIL("failed to parse clienthello ECPointFormats\n");
896 goto err; 916 goto err;
897 } 917 }
918 if (CBS_len(&cbs) != 0) {
919 FAIL("extension data remaining");
920 goto err;
921 }
898 922
899 if (SSI(ssl)->tlsext_ecpointformatlist_length != 923 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
900 sizeof(tlsext_ecpf_hello_uncompressed_val)) { 924 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
@@ -984,6 +1008,10 @@ test_tlsext_ecpf_clienthello(void)
984 FAIL("failed to parse clienthello ECPointFormats\n"); 1008 FAIL("failed to parse clienthello ECPointFormats\n");
985 goto err; 1009 goto err;
986 } 1010 }
1011 if (CBS_len(&cbs) != 0) {
1012 FAIL("extension data remaining");
1013 goto err;
1014 }
987 1015
988 if (SSI(ssl)->tlsext_ecpointformatlist_length != 1016 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
989 sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1017 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
@@ -1100,6 +1128,10 @@ test_tlsext_ecpf_serverhello(void)
1100 FAIL("must include uncompressed in serverhello ECPointFormats\n"); 1128 FAIL("must include uncompressed in serverhello ECPointFormats\n");
1101 goto err; 1129 goto err;
1102 } 1130 }
1131 if (CBS_len(&cbs) != 0) {
1132 FAIL("extension data remaining");
1133 goto err;
1134 }
1103 1135
1104 /* 1136 /*
1105 * Test with a custom order that replaces the default uncompressed. 1137 * Test with a custom order that replaces the default uncompressed.
@@ -1184,6 +1216,10 @@ test_tlsext_ecpf_serverhello(void)
1184 FAIL("failed to parse serverhello ECPointFormats\n"); 1216 FAIL("failed to parse serverhello ECPointFormats\n");
1185 goto err; 1217 goto err;
1186 } 1218 }
1219 if (CBS_len(&cbs) != 0) {
1220 FAIL("extension data remaining");
1221 goto err;
1222 }
1187 1223
1188 if (SSI(ssl)->tlsext_ecpointformatlist_length != 1224 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1189 sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1225 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
@@ -1308,6 +1344,10 @@ test_tlsext_ri_clienthello(void)
1308 FAIL("failed to parse clienthello RI\n"); 1344 FAIL("failed to parse clienthello RI\n");
1309 goto err; 1345 goto err;
1310 } 1346 }
1347 if (CBS_len(&cbs) != 0) {
1348 FAIL("extension data remaining");
1349 goto err;
1350 }
1311 1351
1312 if (S3I(ssl)->renegotiate_seen != 1) { 1352 if (S3I(ssl)->renegotiate_seen != 1) {
1313 FAIL("renegotiate seen not set\n"); 1353 FAIL("renegotiate seen not set\n");
@@ -1417,6 +1457,10 @@ test_tlsext_ri_serverhello(void)
1417 FAIL("failed to parse serverhello RI\n"); 1457 FAIL("failed to parse serverhello RI\n");
1418 goto err; 1458 goto err;
1419 } 1459 }
1460 if (CBS_len(&cbs) != 0) {
1461 FAIL("extension data remaining");
1462 goto err;
1463 }
1420 1464
1421 if (S3I(ssl)->renegotiate_seen != 1) { 1465 if (S3I(ssl)->renegotiate_seen != 1) {
1422 FAIL("renegotiate seen not set\n"); 1466 FAIL("renegotiate seen not set\n");
@@ -1534,6 +1578,10 @@ test_tlsext_sigalgs_clienthello(void)
1534 failure = 1; 1578 failure = 1;
1535 goto done; 1579 goto done;
1536 } 1580 }
1581 if (CBS_len(&cbs) != 0) {
1582 FAIL("extension data remaining");
1583 goto done;
1584 }
1537 1585
1538 if (ssl->cert->pkeys[SSL_PKEY_RSA_SIGN].digest != EVP_sha512()) { 1586 if (ssl->cert->pkeys[SSL_PKEY_RSA_SIGN].digest != EVP_sha512()) {
1539 fprintf(stderr, "FAIL: RSA sign digest mismatch\n"); 1587 fprintf(stderr, "FAIL: RSA sign digest mismatch\n");
@@ -1601,7 +1649,7 @@ test_tlsext_sigalgs_serverhello(void)
1601 1649
1602 CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); 1650 CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello));
1603 if (tlsext_sigalgs_serverhello_parse(ssl, &cbs, &alert)) { 1651 if (tlsext_sigalgs_serverhello_parse(ssl, &cbs, &alert)) {
1604 fprintf(stderr, "FAIL: failed to parse serverhello sigalgs\n"); 1652 fprintf(stderr, "FAIL: serverhello should not parse sigalgs\n");
1605 failure = 1; 1653 failure = 1;
1606 goto done; 1654 goto done;
1607 } 1655 }
@@ -1699,6 +1747,10 @@ test_tlsext_sni_clienthello(void)
1699 FAIL("failed to parse clienthello SNI\n"); 1747 FAIL("failed to parse clienthello SNI\n");
1700 goto err; 1748 goto err;
1701 } 1749 }
1750 if (CBS_len(&cbs) != 0) {
1751 FAIL("extension data remaining");
1752 goto err;
1753 }
1702 1754
1703 if (ssl->session->tlsext_hostname == NULL) { 1755 if (ssl->session->tlsext_hostname == NULL) {
1704 FAIL("no tlsext_hostname from clienthello SNI\n"); 1756 FAIL("no tlsext_hostname from clienthello SNI\n");
@@ -1810,6 +1862,10 @@ test_tlsext_sni_serverhello(void)
1810 FAIL("failed to parse serverhello SNI\n"); 1862 FAIL("failed to parse serverhello SNI\n");
1811 goto err; 1863 goto err;
1812 } 1864 }
1865 if (CBS_len(&cbs) != 0) {
1866 FAIL("extension data remaining");
1867 goto err;
1868 }
1813 1869
1814 if (ssl->session->tlsext_hostname == NULL) { 1870 if (ssl->session->tlsext_hostname == NULL) {
1815 FAIL("no tlsext_hostname after serverhello SNI\n"); 1871 FAIL("no tlsext_hostname after serverhello SNI\n");
@@ -1898,6 +1954,10 @@ test_tlsext_ocsp_clienthello(void)
1898 FAIL("failed to parse ocsp clienthello\n"); 1954 FAIL("failed to parse ocsp clienthello\n");
1899 goto err; 1955 goto err;
1900 } 1956 }
1957 if (CBS_len(&cbs) != 0) {
1958 FAIL("extension data remaining");
1959 goto err;
1960 }
1901 1961
1902 failure = 0; 1962 failure = 0;
1903 1963
@@ -2385,6 +2445,10 @@ test_tlsext_srtp_clienthello(void)
2385 FAIL("failed to parse SRTP\n"); 2445 FAIL("failed to parse SRTP\n");
2386 goto err; 2446 goto err;
2387 } 2447 }
2448 if (CBS_len(&cbs) != 0) {
2449 FAIL("extension data remaining");
2450 goto err;
2451 }
2388 2452
2389 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2453 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2390 FAIL("SRTP profile should be set now\n"); 2454 FAIL("SRTP profile should be set now\n");
@@ -2448,6 +2512,10 @@ test_tlsext_srtp_clienthello(void)
2448 FAIL("failed to parse SRTP\n"); 2512 FAIL("failed to parse SRTP\n");
2449 goto err; 2513 goto err;
2450 } 2514 }
2515 if (CBS_len(&cbs) != 0) {
2516 FAIL("extension data remaining");
2517 goto err;
2518 }
2451 2519
2452 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2520 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2453 FAIL("SRTP profile should be set now\n"); 2521 FAIL("SRTP profile should be set now\n");
@@ -2475,6 +2543,10 @@ test_tlsext_srtp_clienthello(void)
2475 FAIL("failed to parse SRTP\n"); 2543 FAIL("failed to parse SRTP\n");
2476 goto err; 2544 goto err;
2477 } 2545 }
2546 if (CBS_len(&cbs) != 0) {
2547 FAIL("extension data remaining");
2548 goto err;
2549 }
2478 2550
2479 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2551 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2480 FAIL("SRTP profile should be set now\n"); 2552 FAIL("SRTP profile should be set now\n");
@@ -2500,6 +2572,10 @@ test_tlsext_srtp_clienthello(void)
2500 FAIL("should be able to fall back to negotiated\n"); 2572 FAIL("should be able to fall back to negotiated\n");
2501 goto err; 2573 goto err;
2502 } 2574 }
2575 if (CBS_len(&cbs) != 0) {
2576 FAIL("extension data remaining");
2577 goto err;
2578 }
2503 2579
2504 /* If we fallback, the server should NOT send the extension. */ 2580 /* If we fallback, the server should NOT send the extension. */
2505 if (SSL_get_selected_srtp_profile(ssl) != NULL) { 2581 if (SSL_get_selected_srtp_profile(ssl) != NULL) {
@@ -2609,6 +2685,10 @@ test_tlsext_srtp_serverhello(void)
2609 FAIL("failed to parse SRTP\n"); 2685 FAIL("failed to parse SRTP\n");
2610 goto err; 2686 goto err;
2611 } 2687 }
2688 if (CBS_len(&cbs) != 0) {
2689 FAIL("extension data remaining");
2690 goto err;
2691 }
2612 2692
2613 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) { 2693 if ((prof = SSL_get_selected_srtp_profile(ssl)) == NULL) {
2614 FAIL("SRTP profile should be set now\n"); 2694 FAIL("SRTP profile should be set now\n");
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-28 21:11:46 +0000