diff options
Diffstat (limited to 'src/regress/lib/libssl/tlsext/tlsexttest.c')
| -rw-r--r-- | src/regress/lib/libssl/tlsext/tlsexttest.c | 41 |
1 files changed, 8 insertions, 33 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 4adf27421d..68584998ce 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tlsexttest.c,v 1.92 2024/09/11 15:04:16 tb Exp $ */ | 1 | /* $OpenBSD: tlsexttest.c,v 1.94 2025/05/03 08:37:28 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> | 4 | * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> |
| @@ -3740,6 +3740,11 @@ test_tlsext_keyshare_client(void) | |||
| 3740 | FAIL("Did not select a key share"); | 3740 | FAIL("Did not select a key share"); |
| 3741 | goto done; | 3741 | goto done; |
| 3742 | } | 3742 | } |
| 3743 | if (tls_key_share_group(ssl->s3->hs.key_share) != 29) { | ||
| 3744 | FAIL("wrong key share group: got %d, expected 29\n", | ||
| 3745 | tls_key_share_group(ssl->s3->hs.key_share)); | ||
| 3746 | goto done; | ||
| 3747 | } | ||
| 3743 | 3748 | ||
| 3744 | /* | 3749 | /* |
| 3745 | * Pretend the client did not send the supported groups extension. We | 3750 | * Pretend the client did not send the supported groups extension. We |
| @@ -4542,12 +4547,10 @@ test_tlsext_valid_hostnames(void) | |||
| 4542 | #define N_TLSEXT_RANDOMIZATION_TESTS 1000 | 4547 | #define N_TLSEXT_RANDOMIZATION_TESTS 1000 |
| 4543 | 4548 | ||
| 4544 | static int | 4549 | static int |
| 4545 | test_tlsext_check_extension_order(SSL *ssl) | 4550 | test_tlsext_check_psk_is_last_extension(SSL *ssl) |
| 4546 | { | 4551 | { |
| 4547 | const struct tls_extension *ext; | 4552 | const struct tls_extension *ext; |
| 4548 | uint16_t type; | 4553 | uint16_t type; |
| 4549 | size_t alpn_idx, sni_idx; | ||
| 4550 | size_t i; | ||
| 4551 | 4554 | ||
| 4552 | if (ssl->tlsext_build_order_len == 0) { | 4555 | if (ssl->tlsext_build_order_len == 0) { |
| 4553 | FAIL("Unexpected zero build order length"); | 4556 | FAIL("Unexpected zero build order length"); |
| @@ -4560,34 +4563,6 @@ test_tlsext_check_extension_order(SSL *ssl) | |||
| 4560 | return 1; | 4563 | return 1; |
| 4561 | } | 4564 | } |
| 4562 | 4565 | ||
| 4563 | if (ssl->server) | ||
| 4564 | return 0; | ||
| 4565 | |||
| 4566 | alpn_idx = sni_idx = ssl->tlsext_build_order_len; | ||
| 4567 | for (i = 0; i < ssl->tlsext_build_order_len; i++) { | ||
| 4568 | ext = ssl->tlsext_build_order[i]; | ||
| 4569 | if (tls_extension_type(ext) == TLSEXT_TYPE_alpn) | ||
| 4570 | alpn_idx = i; | ||
| 4571 | if (tls_extension_type(ext) == TLSEXT_TYPE_server_name) | ||
| 4572 | sni_idx = i; | ||
| 4573 | } | ||
| 4574 | |||
| 4575 | if (alpn_idx == ssl->tlsext_build_order_len) { | ||
| 4576 | FAIL("could not find alpn extension\n"); | ||
| 4577 | return 1; | ||
| 4578 | } | ||
| 4579 | |||
| 4580 | if (sni_idx == ssl->tlsext_build_order_len) { | ||
| 4581 | FAIL("could not find alpn extension\n"); | ||
| 4582 | return 1; | ||
| 4583 | } | ||
| 4584 | |||
| 4585 | if (sni_idx >= alpn_idx) { | ||
| 4586 | FAIL("sni does not precede alpn: %zu >= %zu\n", | ||
| 4587 | sni_idx, alpn_idx); | ||
| 4588 | return 1; | ||
| 4589 | } | ||
| 4590 | |||
| 4591 | return 0; | 4566 | return 0; |
| 4592 | } | 4567 | } |
| 4593 | 4568 | ||
| @@ -4600,7 +4575,7 @@ test_tlsext_randomized_extensions(SSL *ssl) | |||
| 4600 | for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) { | 4575 | for (i = 0; i < N_TLSEXT_RANDOMIZATION_TESTS; i++) { |
| 4601 | if (!tlsext_randomize_build_order(ssl)) | 4576 | if (!tlsext_randomize_build_order(ssl)) |
| 4602 | errx(1, "failed to randomize extensions"); | 4577 | errx(1, "failed to randomize extensions"); |
| 4603 | failed |= test_tlsext_check_extension_order(ssl); | 4578 | failed |= test_tlsext_check_psk_is_last_extension(ssl); |
| 4604 | } | 4579 | } |
| 4605 | 4580 | ||
| 4606 | return failed; | 4581 | return failed; |