1 files changed, 50 insertions, 33 deletions
diff --git a/src/regress/lib/libcrypto/x509/constraints.c b/src/regress/lib/libcrypto/x509/constraints.c
index 8f7017dd7e..933c4f47c8 100644
--- a/src/regress/lib/libcrypto/x509/constraints.c
+++ b/src/regress/lib/libcrypto/x509/constraints.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: constraints.c,v 1.12 2022/10/30 13:27:15 kn Exp $     */
+/*      $OpenBSD: constraints.c,v 1.13 2022/11/11 12:02:34 beck Exp $   */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -23,11 +23,10 @@
 #include <openssl/x509v3.h>
 #include "x509_internal.h"
+#define FAIL(msg, ...)                                                  \
-#define FAIL(msg, ...)                                          \
+do {                                                                    \
-do {                                                            \
+        fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__);          \
-        fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__);  \
+        fprintf(stderr, msg, ##__VA_ARGS__);                            \
-        fprintf(stderr, msg, ##__VA_ARGS__);                    \
 } while(0)
 unsigned char *valid_hostnames[] = {
@@ -168,15 +167,16 @@ test_valid_hostnames(void)
        int i, failure = 0;
        for (i = 0; valid_hostnames[i] != NULL; i++) {
-                if (!x509_constraints_valid_host(valid_hostnames[i],
+                CBS cbs;
-                        strlen(valid_hostnames[i]))) {
+                CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
+                if (!x509_constraints_valid_host(&cbs)) {
                        FAIL("Valid hostname '%s' rejected\n",
                            valid_hostnames[i]);
                        failure = 1;
                        goto done;
                }
-                if (!x509_constraints_valid_sandns(valid_hostnames[i],
+                CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
-                        strlen(valid_hostnames[i]))) {
+                if (!x509_constraints_valid_sandns(&cbs)) {
                        FAIL("Valid sandns '%s' rejected\n",
                            valid_hostnames[i]);
                        failure = 1;
@@ -192,8 +192,10 @@ test_valid_sandns_names(void)
 {
        int i, failure = 0;
        for (i = 0; valid_sandns_names[i] != NULL; i++) {
-                if (!x509_constraints_valid_sandns(valid_sandns_names[i],
+                CBS cbs;
-                        strlen(valid_sandns_names[i]))) {
+                CBS_init(&cbs, valid_sandns_names[i],
+                    strlen(valid_sandns_names[i]));
+                if (!x509_constraints_valid_sandns(&cbs)) {
                        FAIL("Valid dnsname '%s' rejected\n",
                            valid_sandns_names[i]);
                        failure = 1;
@@ -209,8 +211,10 @@ test_valid_domain_constraints(void)
 {
        int i, failure = 0;
        for (i = 0; valid_domain_constraints[i] != NULL; i++) {
-                if (!x509_constraints_valid_domain_constraint(valid_domain_constraints[i],
+                CBS cbs;
-                    strlen(valid_domain_constraints[i]))) {
+                CBS_init(&cbs, valid_domain_constraints[i],
+                    strlen(valid_domain_constraints[i]));
+                if (!x509_constraints_valid_domain_constraint(&cbs)) {
                        FAIL("Valid dnsname '%s' rejected\n",
                            valid_domain_constraints[i]);
                        failure = 1;
@@ -227,8 +231,10 @@ test_valid_mbox_names(void)
        struct x509_constraints_name name = {0};
        int i, failure = 0;
        for (i = 0; valid_mbox_names[i] != NULL; i++) {
-                if (!x509_constraints_parse_mailbox(valid_mbox_names[i],
+                CBS cbs;
-                    strlen(valid_mbox_names[i]), &name)) {
+                CBS_init(&cbs, valid_mbox_names[i],
+                    strlen(valid_mbox_names[i]));
+                if (!x509_constraints_parse_mailbox(&cbs, &name)) {
                        FAIL("Valid mailbox name '%s' rejected\n",
                            valid_mbox_names[i]);
                        failure = 1;
@@ -250,22 +256,25 @@ test_invalid_hostnames(void)
        char *nulhost = "www.openbsd.org\0";
        for (i = 0; invalid_hostnames[i] != NULL; i++) {
-                if (x509_constraints_valid_host(invalid_hostnames[i],
+                CBS cbs;
-                    strlen(invalid_hostnames[i]))) {
+                CBS_init(&cbs, invalid_hostnames[i],
+                    strlen(invalid_hostnames[i]));
+                if (x509_constraints_valid_host(&cbs)) {
                        FAIL("Invalid hostname '%s' accepted\n",
                            invalid_hostnames[i]);
                        failure = 1;
                        goto done;
                }
        }
-        if (x509_constraints_valid_host(nulhost,
+        CBS cbs;
-            strlen(nulhost) + 1)) {
+        CBS_init(&cbs, nulhost, strlen(nulhost) + 1);
+        if (x509_constraints_valid_host(&cbs)) {
                FAIL("hostname with NUL byte accepted\n");
                failure = 1;
                goto done;
        }
-        if (x509_constraints_valid_sandns(nulhost,
+        CBS_init(&cbs, nulhost, strlen(nulhost) + 1);
-            strlen(nulhost) + 1)) {
+        if (x509_constraints_valid_sandns(&cbs)) {
                FAIL("sandns with NUL byte accepted\n");
                failure = 1;
                goto done;
@@ -279,8 +288,10 @@ test_invalid_sandns_names(void)
 {
        int i, failure = 0;
        for (i = 0; invalid_sandns_names[i] != NULL; i++) {
-                if (x509_constraints_valid_sandns(invalid_sandns_names[i],
+                CBS cbs;
-                    strlen(invalid_sandns_names[i]))) {
+                CBS_init(&cbs, invalid_sandns_names[i],
+                    strlen(invalid_sandns_names[i]));
+                if (x509_constraints_valid_sandns(&cbs)) {
                        FAIL("Valid dnsname '%s' rejected\n",
                            invalid_sandns_names[i]);
                        failure = 1;
@@ -297,8 +308,10 @@ test_invalid_mbox_names(void)
        int i, failure = 0;
        struct x509_constraints_name name = {0};
        for (i = 0; invalid_mbox_names[i] != NULL; i++) {
-                if (x509_constraints_parse_mailbox(invalid_mbox_names[i],
+                CBS cbs;
-                    strlen(invalid_mbox_names[i]), &name)) {
+                CBS_init(&cbs, invalid_mbox_names[i],
+                    strlen(invalid_mbox_names[i]));
+                if (x509_constraints_parse_mailbox(&cbs, &name)) {
                        FAIL("invalid mailbox name '%s' accepted\n",
                            invalid_mbox_names[i]);
                        failure = 1;
@@ -318,8 +331,10 @@ test_invalid_domain_constraints(void)
 {
        int i, failure = 0;
        for (i = 0; invalid_domain_constraints[i] != NULL; i++) {
-                if (x509_constraints_valid_domain_constraint(invalid_domain_constraints[i],
+                CBS cbs;
-                    strlen(invalid_domain_constraints[i]))) {
+                CBS_init(&cbs, invalid_domain_constraints[i],
+                    strlen(invalid_domain_constraints[i]));
+                if (x509_constraints_valid_domain_constraint(&cbs)) {
                        FAIL("invalid dnsname '%s' accepted\n",
                            invalid_domain_constraints[i]);
                        failure = 1;
@@ -333,12 +348,12 @@ test_invalid_domain_constraints(void)
 static int
 test_invalid_uri(void)
 {
-        int j, failure=0;
+        int j, failure = 0;
        char *hostpart = NULL;
        for (j = 0; invaliduri[j] != NULL; j++) {
                if (x509_constraints_uri_host(invaliduri[j],
-                        strlen(invaliduri[j]), &hostpart) != 0) {
+                    strlen(invaliduri[j]), &hostpart) != 0) {
                        FAIL("invalid URI '%s' accepted\n",
                            invaliduri[j]);
                        failure = 1;
@@ -355,8 +370,10 @@ test_invalid_uri(void)
 static int
 test_constraints1(void)
 {
-        char *c; size_t cl;
+        char *c;
-        char *d; size_t dl;
+        size_t cl;
+        char *d;
+        size_t dl;
        int failure = 0;
        int error = 0;
        int i, j;
@@ -450,7 +467,7 @@ test_constraints1(void)
                        char *hostpart = NULL;
                        error = 0;
                        if (!x509_constraints_uri_host(noauthority[j],
-                                strlen(noauthority[j]), &hostpart)) {
+                            strlen(noauthority[j]), &hostpart)) {
                                FAIL("name '%s' should parse as a URI",
                                    noauthority[j]);
                                failure = 1;

diff --git a/src/regress/lib/libcrypto/x509/constraints.c b/src/regress/lib/libcrypto/x509/constraints.c index 8f7017dd7e..933c4f47c8 100644 --- a/src/regress/lib/libcrypto/x509/constraints.c +++ b/src/regress/lib/libcrypto/x509/constraints.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: constraints.c,v 1.12 2022/10/30 13:27:15 kn Exp $ */	1	/* $OpenBSD: constraints.c,v 1.13 2022/11/11 12:02:34 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -23,11 +23,10 @@
23	#include <openssl/x509v3.h>	23	#include <openssl/x509v3.h>
24	#include "x509_internal.h"	24	#include "x509_internal.h"
25		25
26		26	#define FAIL(msg, ...) \
27	#define FAIL(msg, ...) \	27	do { \
28	do { \	28	fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \
29	fprintf(stderr, "[%s:%d] FAIL: ", __FILE__, __LINE__); \	29	fprintf(stderr, msg, ##__VA_ARGS__); \
30	fprintf(stderr, msg, ##__VA_ARGS__); \
31	} while(0)	30	} while(0)
32		31
33	unsigned char *valid_hostnames[] = {	32	unsigned char *valid_hostnames[] = {
@@ -168,15 +167,16 @@ test_valid_hostnames(void)
168	int i, failure = 0;	167	int i, failure = 0;
169		168
170	for (i = 0; valid_hostnames[i] != NULL; i++) {	169	for (i = 0; valid_hostnames[i] != NULL; i++) {
171	if (!x509_constraints_valid_host(valid_hostnames[i],	170	CBS cbs;
172	strlen(valid_hostnames[i]))) {	171	CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
		172	if (!x509_constraints_valid_host(&cbs)) {
173	FAIL("Valid hostname '%s' rejected\n",	173	FAIL("Valid hostname '%s' rejected\n",
174	valid_hostnames[i]);	174	valid_hostnames[i]);
175	failure = 1;	175	failure = 1;
176	goto done;	176	goto done;
177	}	177	}
178	if (!x509_constraints_valid_sandns(valid_hostnames[i],	178	CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
179	strlen(valid_hostnames[i]))) {	179	if (!x509_constraints_valid_sandns(&cbs)) {
180	FAIL("Valid sandns '%s' rejected\n",	180	FAIL("Valid sandns '%s' rejected\n",
181	valid_hostnames[i]);	181	valid_hostnames[i]);
182	failure = 1;	182	failure = 1;
@@ -192,8 +192,10 @@ test_valid_sandns_names(void)
192	{	192	{
193	int i, failure = 0;	193	int i, failure = 0;
194	for (i = 0; valid_sandns_names[i] != NULL; i++) {	194	for (i = 0; valid_sandns_names[i] != NULL; i++) {
195	if (!x509_constraints_valid_sandns(valid_sandns_names[i],	195	CBS cbs;
196	strlen(valid_sandns_names[i]))) {	196	CBS_init(&cbs, valid_sandns_names[i],
		197	strlen(valid_sandns_names[i]));
		198	if (!x509_constraints_valid_sandns(&cbs)) {
197	FAIL("Valid dnsname '%s' rejected\n",	199	FAIL("Valid dnsname '%s' rejected\n",
198	valid_sandns_names[i]);	200	valid_sandns_names[i]);
199	failure = 1;	201	failure = 1;
@@ -209,8 +211,10 @@ test_valid_domain_constraints(void)
209	{	211	{
210	int i, failure = 0;	212	int i, failure = 0;
211	for (i = 0; valid_domain_constraints[i] != NULL; i++) {	213	for (i = 0; valid_domain_constraints[i] != NULL; i++) {
212	if (!x509_constraints_valid_domain_constraint(valid_domain_constraints[i],	214	CBS cbs;
213	strlen(valid_domain_constraints[i]))) {	215	CBS_init(&cbs, valid_domain_constraints[i],
		216	strlen(valid_domain_constraints[i]));
		217	if (!x509_constraints_valid_domain_constraint(&cbs)) {
214	FAIL("Valid dnsname '%s' rejected\n",	218	FAIL("Valid dnsname '%s' rejected\n",
215	valid_domain_constraints[i]);	219	valid_domain_constraints[i]);
216	failure = 1;	220	failure = 1;
@@ -227,8 +231,10 @@ test_valid_mbox_names(void)
227	struct x509_constraints_name name = {0};	231	struct x509_constraints_name name = {0};
228	int i, failure = 0;	232	int i, failure = 0;
229	for (i = 0; valid_mbox_names[i] != NULL; i++) {	233	for (i = 0; valid_mbox_names[i] != NULL; i++) {
230	if (!x509_constraints_parse_mailbox(valid_mbox_names[i],	234	CBS cbs;
231	strlen(valid_mbox_names[i]), &name)) {	235	CBS_init(&cbs, valid_mbox_names[i],
		236	strlen(valid_mbox_names[i]));
		237	if (!x509_constraints_parse_mailbox(&cbs, &name)) {
232	FAIL("Valid mailbox name '%s' rejected\n",	238	FAIL("Valid mailbox name '%s' rejected\n",
233	valid_mbox_names[i]);	239	valid_mbox_names[i]);
234	failure = 1;	240	failure = 1;
@@ -250,22 +256,25 @@ test_invalid_hostnames(void)
250	char *nulhost = "www.openbsd.org\0";	256	char *nulhost = "www.openbsd.org\0";
251		257
252	for (i = 0; invalid_hostnames[i] != NULL; i++) {	258	for (i = 0; invalid_hostnames[i] != NULL; i++) {
253	if (x509_constraints_valid_host(invalid_hostnames[i],	259	CBS cbs;
254	strlen(invalid_hostnames[i]))) {	260	CBS_init(&cbs, invalid_hostnames[i],
		261	strlen(invalid_hostnames[i]));
		262	if (x509_constraints_valid_host(&cbs)) {
255	FAIL("Invalid hostname '%s' accepted\n",	263	FAIL("Invalid hostname '%s' accepted\n",
256	invalid_hostnames[i]);	264	invalid_hostnames[i]);
257	failure = 1;	265	failure = 1;
258	goto done;	266	goto done;
259	}	267	}
260	}	268	}
261	if (x509_constraints_valid_host(nulhost,	269	CBS cbs;
262	strlen(nulhost) + 1)) {	270	CBS_init(&cbs, nulhost, strlen(nulhost) + 1);
		271	if (x509_constraints_valid_host(&cbs)) {
263	FAIL("hostname with NUL byte accepted\n");	272	FAIL("hostname with NUL byte accepted\n");
264	failure = 1;	273	failure = 1;
265	goto done;	274	goto done;
266	}	275	}
267	if (x509_constraints_valid_sandns(nulhost,	276	CBS_init(&cbs, nulhost, strlen(nulhost) + 1);
268	strlen(nulhost) + 1)) {	277	if (x509_constraints_valid_sandns(&cbs)) {
269	FAIL("sandns with NUL byte accepted\n");	278	FAIL("sandns with NUL byte accepted\n");
270	failure = 1;	279	failure = 1;
271	goto done;	280	goto done;
@@ -279,8 +288,10 @@ test_invalid_sandns_names(void)
279	{	288	{
280	int i, failure = 0;	289	int i, failure = 0;
281	for (i = 0; invalid_sandns_names[i] != NULL; i++) {	290	for (i = 0; invalid_sandns_names[i] != NULL; i++) {
282	if (x509_constraints_valid_sandns(invalid_sandns_names[i],	291	CBS cbs;
283	strlen(invalid_sandns_names[i]))) {	292	CBS_init(&cbs, invalid_sandns_names[i],
		293	strlen(invalid_sandns_names[i]));
		294	if (x509_constraints_valid_sandns(&cbs)) {
284	FAIL("Valid dnsname '%s' rejected\n",	295	FAIL("Valid dnsname '%s' rejected\n",
285	invalid_sandns_names[i]);	296	invalid_sandns_names[i]);
286	failure = 1;	297	failure = 1;
@@ -297,8 +308,10 @@ test_invalid_mbox_names(void)
297	int i, failure = 0;	308	int i, failure = 0;
298	struct x509_constraints_name name = {0};	309	struct x509_constraints_name name = {0};
299	for (i = 0; invalid_mbox_names[i] != NULL; i++) {	310	for (i = 0; invalid_mbox_names[i] != NULL; i++) {
300	if (x509_constraints_parse_mailbox(invalid_mbox_names[i],	311	CBS cbs;
301	strlen(invalid_mbox_names[i]), &name)) {	312	CBS_init(&cbs, invalid_mbox_names[i],
		313	strlen(invalid_mbox_names[i]));
		314	if (x509_constraints_parse_mailbox(&cbs, &name)) {
302	FAIL("invalid mailbox name '%s' accepted\n",	315	FAIL("invalid mailbox name '%s' accepted\n",
303	invalid_mbox_names[i]);	316	invalid_mbox_names[i]);
304	failure = 1;	317	failure = 1;
@@ -318,8 +331,10 @@ test_invalid_domain_constraints(void)
318	{	331	{
319	int i, failure = 0;	332	int i, failure = 0;
320	for (i = 0; invalid_domain_constraints[i] != NULL; i++) {	333	for (i = 0; invalid_domain_constraints[i] != NULL; i++) {
321	if (x509_constraints_valid_domain_constraint(invalid_domain_constraints[i],	334	CBS cbs;
322	strlen(invalid_domain_constraints[i]))) {	335	CBS_init(&cbs, invalid_domain_constraints[i],
		336	strlen(invalid_domain_constraints[i]));
		337	if (x509_constraints_valid_domain_constraint(&cbs)) {
323	FAIL("invalid dnsname '%s' accepted\n",	338	FAIL("invalid dnsname '%s' accepted\n",
324	invalid_domain_constraints[i]);	339	invalid_domain_constraints[i]);
325	failure = 1;	340	failure = 1;
@@ -333,12 +348,12 @@ test_invalid_domain_constraints(void)
333	static int	348	static int
334	test_invalid_uri(void)	349	test_invalid_uri(void)
335	{	350	{
336	int j, failure=0;	351	int j, failure = 0;
337	char *hostpart = NULL;	352	char *hostpart = NULL;
338		353
339	for (j = 0; invaliduri[j] != NULL; j++) {	354	for (j = 0; invaliduri[j] != NULL; j++) {
340	if (x509_constraints_uri_host(invaliduri[j],	355	if (x509_constraints_uri_host(invaliduri[j],
341	strlen(invaliduri[j]), &hostpart) != 0) {	356	strlen(invaliduri[j]), &hostpart) != 0) {
342	FAIL("invalid URI '%s' accepted\n",	357	FAIL("invalid URI '%s' accepted\n",
343	invaliduri[j]);	358	invaliduri[j]);
344	failure = 1;	359	failure = 1;
@@ -355,8 +370,10 @@ test_invalid_uri(void)
355	static int	370	static int
356	test_constraints1(void)	371	test_constraints1(void)
357	{	372	{
358	char *c; size_t cl;	373	char *c;
359	char *d; size_t dl;	374	size_t cl;
		375	char *d;
		376	size_t dl;
360	int failure = 0;	377	int failure = 0;
361	int error = 0;	378	int error = 0;
362	int i, j;	379	int i, j;
@@ -450,7 +467,7 @@ test_constraints1(void)
450	char *hostpart = NULL;	467	char *hostpart = NULL;
451	error = 0;	468	error = 0;
452	if (!x509_constraints_uri_host(noauthority[j],	469	if (!x509_constraints_uri_host(noauthority[j],
453	strlen(noauthority[j]), &hostpart)) {	470	strlen(noauthority[j]), &hostpart)) {
454	FAIL("name '%s' should parse as a URI",	471	FAIL("name '%s' should parse as a URI",
455	noauthority[j]);	472	noauthority[j]);
456	failure = 1;	473	failure = 1;