1 files changed, 79 insertions, 1 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 3d03c2c0d3..5cf39e63ae 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.36 2020/05/11 18:20:01 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.37 2020/05/23 17:13:24 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -3544,6 +3544,81 @@ done:
        return (failure);
 }
+unsigned char *valid_hostnames[] = {
+        "openbsd.org",
+        "op3nbsd.org",
+        "org",
+        "3openbsd.com",
+        "3-0penb-d.c-m",
+        "a",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+        NULL,
+};
+static int
+test_tlsext_valid_hostnames(void) {
+        int i, failure = 0;
+        for (i = 0; valid_hostnames[i] != NULL; i++) {
+                CBS cbs;
+                CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
+                if (!tlsext_sni_is_valid_hostname(&cbs)) {
+                        fprintf(stderr, "FAIL: %s\n", valid_hostnames[i]);
+                        FAIL("Valid hostname rejected");
+                        failure = 1;
+                        goto done;
+                }
+        }
+ done:
+        return failure;
+}
+unsigned char *invalid_hostnames[] = {
+        "openbsd.org.",
+        "openbsd..org",
+        "openbsd.org-",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
+        "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
+        "-p3nbsd.org",
+        "openbs-.org",
+        "openbsd\n.org",
+        "open_bsd.org",
+        "open\178bsd.org",
+        "open\255bsd.org",
+        NULL,
+};
+static int
+test_tlsext_invalid_hostnames(void) {
+        int i, failure = 0;
+        CBS cbs;
+        for (i = 0; invalid_hostnames[i] != NULL; i++) {
+                CBS_init(&cbs, invalid_hostnames[i],
+                    strlen(invalid_hostnames[i]));
+                if (tlsext_sni_is_valid_hostname(&cbs)) {
+                        fprintf(stderr, "%s\n", invalid_hostnames[i]);
+                        FAIL("Invalid hostname accepted");
+                        failure = 1;
+                        goto done;
+                }
+        }
+        CBS_init(&cbs, valid_hostnames[0],
+            strlen(valid_hostnames[0]) + 1);
+        if (tlsext_sni_is_valid_hostname(&cbs)) {
+                FAIL("hostname with NUL byte accepted");
+                failure = 1;
+                goto done;
+        }
+ done:
+        return failure;
+}
 int
 main(int argc, char **argv)
@@ -3595,5 +3670,8 @@ main(int argc, char **argv)
        failed |= test_tlsext_clienthello_build();
        failed |= test_tlsext_serverhello_build();
+        failed |= test_tlsext_valid_hostnames();
+        failed |= test_tlsext_invalid_hostnames();
        return (failed);
 }

diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c index 3d03c2c0d3..5cf39e63ae 100644 --- a/src/regress/lib/libssl/tlsext/tlsexttest.c +++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tlsexttest.c,v 1.36 2020/05/11 18:20:01 jsing Exp $ */	1	/* $OpenBSD: tlsexttest.c,v 1.37 2020/05/23 17:13:24 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -3544,6 +3544,81 @@ done:
3544	return (failure);	3544	return (failure);
3545	}	3545	}
3546		3546
		3547	unsigned char *valid_hostnames[] = {
		3548	"openbsd.org",
		3549	"op3nbsd.org",
		3550	"org",
		3551	"3openbsd.com",
		3552	"3-0penb-d.c-m",
		3553	"a",
		3554	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
		3555	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
		3556	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
		3557	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
		3558	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
		3559	NULL,
		3560	};
		3561
		3562	static int
		3563	test_tlsext_valid_hostnames(void) {
		3564	int i, failure = 0;
		3565	for (i = 0; valid_hostnames[i] != NULL; i++) {
		3566	CBS cbs;
		3567	CBS_init(&cbs, valid_hostnames[i], strlen(valid_hostnames[i]));
		3568	if (!tlsext_sni_is_valid_hostname(&cbs)) {
		3569	fprintf(stderr, "FAIL: %s\n", valid_hostnames[i]);
		3570	FAIL("Valid hostname rejected");
		3571	failure = 1;
		3572	goto done;
		3573	}
		3574	}
		3575	done:
		3576	return failure;
		3577	}
		3578
		3579	unsigned char *invalid_hostnames[] = {
		3580	"openbsd.org.",
		3581	"openbsd..org",
		3582	"openbsd.org-",
		3583	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com",
		3584	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
		3585	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
		3586	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa."
		3587	"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a",
		3588	"-p3nbsd.org",
		3589	"openbs-.org",
		3590	"openbsd\n.org",
		3591	"open_bsd.org",
		3592	"open\178bsd.org",
		3593	"open\255bsd.org",
		3594	NULL,
		3595	};
		3596
		3597	static int
		3598	test_tlsext_invalid_hostnames(void) {
		3599	int i, failure = 0;
		3600	CBS cbs;
		3601	for (i = 0; invalid_hostnames[i] != NULL; i++) {
		3602	CBS_init(&cbs, invalid_hostnames[i],
		3603	strlen(invalid_hostnames[i]));
		3604	if (tlsext_sni_is_valid_hostname(&cbs)) {
		3605	fprintf(stderr, "%s\n", invalid_hostnames[i]);
		3606	FAIL("Invalid hostname accepted");
		3607	failure = 1;
		3608	goto done;
		3609	}
		3610	}
		3611	CBS_init(&cbs, valid_hostnames[0],
		3612	strlen(valid_hostnames[0]) + 1);
		3613	if (tlsext_sni_is_valid_hostname(&cbs)) {
		3614	FAIL("hostname with NUL byte accepted");
		3615	failure = 1;
		3616	goto done;
		3617	}
		3618	done:
		3619	return failure;
		3620	}
		3621
3547		3622
3548	int	3623	int
3549	main(int argc, char **argv)	3624	main(int argc, char **argv)
@@ -3595,5 +3670,8 @@ main(int argc, char **argv)
3595	failed \|= test_tlsext_clienthello_build();	3670	failed \|= test_tlsext_clienthello_build();
3596	failed \|= test_tlsext_serverhello_build();	3671	failed \|= test_tlsext_serverhello_build();
3597		3672
		3673	failed \|= test_tlsext_valid_hostnames();
		3674	failed \|= test_tlsext_invalid_hostnames();
		3675
3598	return (failed);	3676	return (failed);
3599	}	3677	}