1 files changed, 117 insertions, 69 deletions
diff --git a/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c b/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c
index e32cf83f30..87dd4d9e5a 100644
--- a/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c
+++ b/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssl_set_alpn_protos.c,v 1.1 2022/07/20 14:50:03 tb Exp $ */
+/*      $OpenBSD: ssl_set_alpn_protos.c,v 1.2 2022/07/21 03:59:04 tb Exp $ */
 /*
 * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
 *
@@ -20,34 +20,124 @@
 #include <openssl/ssl.h>
-static const uint8_t valid[] = {
+struct alpn_test {
-        6, 's', 'p', 'd', 'y', '/', '1',
+        const char *description;
-        8, 'h', 't', 't', 'p', '/', '1', '.', '1',
+        const uint8_t protocols[24];
+        size_t protocols_len;
+        int ret;
 };
-static const uint8_t invalid_len1[] = {
+static const struct alpn_test alpn_tests[] = {
-        0,
+        {
+                .description = "valid protocol list",
+                .protocols = {
+                        6, 's', 'p', 'd', 'y', '/', '1',
+                        8, 'h', 't', 't', 'p', '/', '1', '.', '1',
+                },
+                .protocols_len = 16,
+                .ret = 0,
+        },
+        {
+                .description = "zero length protocol",
+                .protocols = {
+                        0,
+                },
+                .protocols_len = 1,
+                .ret = 1,
+        },
+        {
+                .description = "zero length protocol at start",
+                .protocols = {
+                        0,
+                        8, 'h', 't', 't', 'p', '/', '1', '.', '1',
+                        6, 's', 'p', 'd', 'y', '/', '1',
+                },
+                .protocols_len = 17,
+                .ret = 1,
+        },
+        {
+                .description = "zero length protocol embedded",
+                .protocols = {
+                        8, 'h', 't', 't', 'p', '/', '1', '.', '1',
+                        0,
+                        6, 's', 'p', 'd', 'y', '/', '1',
+                },
+                .protocols_len = 17,
+                .ret = 1,
+        },
+        {
+                .description = "zero length protocol at end",
+                .protocols = {
+                        8, 'h', 't', 't', 'p', '/', '1', '.', '1',
+                        6, 's', 'p', 'd', 'y', '/', '1',
+                        0,
+                },
+                .protocols_len = 17,
+                .ret = 1,
+        },
+        {
+                .description = "protocol length too short",
+                .protocols = {
+                        6, 'h', 't', 't', 'p', '/', '1', '.', '1',
+                },
+                .protocols_len = 9,
+                .ret = 1,
+        },
+        {
+                .description = "protocol length too long",
+                .protocols = {
+                        8, 's', 'p', 'd', 'y', '/', '1',
+                },
+                .protocols_len = 7,
+                .ret = 1,
+        },
 };
-static const uint8_t invalid_contains_len0_proto[] = {
+static const size_t N_ALPN_TESTS = sizeof(alpn_tests) / sizeof(alpn_tests[0]);
-        8, 'h', 't', 't', 'p', '/', '1', '.', '1',
-        0,
-        6, 's', 'p', 'd', 'y', '/', '1',
-};
-static const uint8_t invalid_proto_len_too_short[] = {
+static int
-        6, 'h', 't', 't', 'p', '/', '1', '.', '1',
+test_ssl_set_alpn_protos(const struct alpn_test *tc)
-};
+{
+        SSL_CTX *ctx;
+        SSL *ssl;
+        int ret;
+        int failed = 0;
-static const uint8_t invalid_proto_len_too_long[] = {
+        if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
-        8, 's', 'p', 'd', 'y', '/', '1',
+                errx(1, "SSL_CTX_new");
-};
+        ret = SSL_CTX_set_alpn_protos(ctx, tc->protocols, tc->protocols_len);
+        if (ret != tc->ret) {
+                warnx("%s: setting on SSL_CTX: want %d, got %d",
+                    tc->description, tc->ret, ret);
+                failed = 1;
+        }
+        if ((ssl = SSL_new(ctx)) == NULL)
+                errx(1, "SSL_new");
+        ret = SSL_set_alpn_protos(ssl, tc->protocols, tc->protocols_len);
+        if (ret != tc->ret) {
+                warnx("%s: setting on SSL: want %d, got %d",
+                    tc->description, tc->ret, ret);
+                failed = 1;
+        }
+        SSL_CTX_free(ctx);
+        SSL_free(ssl);
+        return failed;
+}
 static int
-test_ssl_set_alpn_protos(void)
+test_ssl_set_alpn_protos_edge_cases(void)
 {
        SSL_CTX *ctx;
-        SSL *ssl = NULL;
+        SSL *ssl;
+        const uint8_t valid[] = {
+                6, 's', 'p', 'd', 'y', '/', '3',
+                8, 'h', 't', 't', 'p', '/', '1', '.', '1',
+        };
        int failed = 0;
        if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
@@ -57,7 +147,6 @@ test_ssl_set_alpn_protos(void)
                warnx("setting valid protocols on SSL_CTX failed");
                failed = 1;
        }
        if (SSL_CTX_set_alpn_protos(ctx, NULL, 0) != 0) {
                warnx("setting 'NULL, 0' on SSL_CTX failed");
                failed = 1;
@@ -67,31 +156,7 @@ test_ssl_set_alpn_protos(void)
                failed = 1;
        }
        if (SSL_CTX_set_alpn_protos(ctx, NULL, 43) != 0) {
-                warnx("setting 'valid, 43' on SSL_CTX failed");
+                warnx("setting 'NULL, 43' on SSL_CTX failed");
-                failed = 1;
-        }
-        if (SSL_CTX_set_alpn_protos(ctx, invalid_len1, sizeof(invalid_len1))
-            != 1) {
-                warnx("setting invalid_len1 on SSL_CTX succeeded");
-                failed = 1;
-        }
-        if (SSL_CTX_set_alpn_protos(ctx, invalid_contains_len0_proto,
-            sizeof(invalid_contains_len0_proto)) != 1) {
-                warnx("setting invalid_contains_len0_proto on SSL_CTX "
-                    "succeeded");
-                failed = 1;
-        }
-        if (SSL_CTX_set_alpn_protos(ctx, invalid_proto_len_too_short,
-            sizeof(invalid_proto_len_too_short)) != 1) {
-                warnx("setting invalid_proto_len_too_short on SSL_CTX "
-                    "succeeded");
-                failed = 1;
-        }
-        if (SSL_CTX_set_alpn_protos(ctx, invalid_proto_len_too_long,
-            sizeof(invalid_proto_len_too_long)) != 1) {
-                warnx("setting invalid_proto_len_too_long on SSL_CTX "
-                    "succeeded");
                failed = 1;
        }
@@ -111,28 +176,7 @@ test_ssl_set_alpn_protos(void)
                failed = 1;
        }
        if (SSL_set_alpn_protos(ssl, NULL, 43) != 0) {
-                warnx("setting 'valid, 43' on SSL failed");
+                warnx("setting 'NULL, 43' on SSL failed");
-                failed = 1;
-        }
-        if (SSL_set_alpn_protos(ssl, invalid_len1, sizeof(invalid_len1))
-            != 1) {
-                warnx("setting invalid_len1 on SSL succeeded");
-                failed = 1;
-        }
-        if (SSL_set_alpn_protos(ssl, invalid_contains_len0_proto,
-            sizeof(invalid_contains_len0_proto)) != 1) {
-                warnx("setting invalid_contains_len0_proto on SSL succeeded");
-                failed = 1;
-        }
-        if (SSL_set_alpn_protos(ssl, invalid_proto_len_too_short,
-            sizeof(invalid_proto_len_too_short)) != 1) {
-                warnx("setting invalid_proto_len_too_short on SSL succeeded");
-                failed = 1;
-        }
-        if (SSL_set_alpn_protos(ssl, invalid_proto_len_too_long,
-            sizeof(invalid_proto_len_too_long)) != 1) {
-                warnx("setting invalid_proto_len_too_long on SSL succeeded");
                failed = 1;
        }
@@ -145,9 +189,13 @@ test_ssl_set_alpn_protos(void)
 int
 main(void)
 {
-        int failed;
+        size_t i;
+        int failed = 0;
+        for (i = 0; i < N_ALPN_TESTS; i++)
+                failed |= test_ssl_set_alpn_protos(&alpn_tests[i]);
-        failed = test_ssl_set_alpn_protos();
+        failed |= test_ssl_set_alpn_protos_edge_cases();
        if (!failed)
                printf("PASS %s\n", __FILE__);

diff --git a/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c b/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c index e32cf83f30..87dd4d9e5a 100644 --- a/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c +++ b/src/regress/lib/libssl/unit/ssl_set_alpn_protos.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_set_alpn_protos.c,v 1.1 2022/07/20 14:50:03 tb Exp $ */	1	/* $OpenBSD: ssl_set_alpn_protos.c,v 1.2 2022/07/21 03:59:04 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>	3	* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
4	*	4	*
@@ -20,34 +20,124 @@
20		20
21	#include <openssl/ssl.h>	21	#include <openssl/ssl.h>
22		22
23	static const uint8_t valid[] = {	23	struct alpn_test {
24	6, 's', 'p', 'd', 'y', '/', '1',	24	const char *description;
25	8, 'h', 't', 't', 'p', '/', '1', '.', '1',	25	const uint8_t protocols[24];
		26	size_t protocols_len;
		27	int ret;
26	};	28	};
27		29
28	static const uint8_t invalid_len1[] = {	30	static const struct alpn_test alpn_tests[] = {
29	0,	31	{
		32	.description = "valid protocol list",
		33	.protocols = {
		34	6, 's', 'p', 'd', 'y', '/', '1',
		35	8, 'h', 't', 't', 'p', '/', '1', '.', '1',
		36	},
		37	.protocols_len = 16,
		38	.ret = 0,
		39	},
		40	{
		41	.description = "zero length protocol",
		42	.protocols = {
		43	0,
		44	},
		45	.protocols_len = 1,
		46	.ret = 1,
		47	},
		48	{
		49	.description = "zero length protocol at start",
		50	.protocols = {
		51	0,
		52	8, 'h', 't', 't', 'p', '/', '1', '.', '1',
		53	6, 's', 'p', 'd', 'y', '/', '1',
		54	},
		55	.protocols_len = 17,
		56	.ret = 1,
		57	},
		58	{
		59	.description = "zero length protocol embedded",
		60	.protocols = {
		61	8, 'h', 't', 't', 'p', '/', '1', '.', '1',
		62	0,
		63	6, 's', 'p', 'd', 'y', '/', '1',
		64	},
		65	.protocols_len = 17,
		66	.ret = 1,
		67	},
		68	{
		69	.description = "zero length protocol at end",
		70	.protocols = {
		71	8, 'h', 't', 't', 'p', '/', '1', '.', '1',
		72	6, 's', 'p', 'd', 'y', '/', '1',
		73	0,
		74	},
		75	.protocols_len = 17,
		76	.ret = 1,
		77	},
		78	{
		79	.description = "protocol length too short",
		80	.protocols = {
		81	6, 'h', 't', 't', 'p', '/', '1', '.', '1',
		82	},
		83	.protocols_len = 9,
		84	.ret = 1,
		85	},
		86	{
		87	.description = "protocol length too long",
		88	.protocols = {
		89	8, 's', 'p', 'd', 'y', '/', '1',
		90	},
		91	.protocols_len = 7,
		92	.ret = 1,
		93	},
30	};	94	};
31		95
32	static const uint8_t invalid_contains_len0_proto[] = {	96	static const size_t N_ALPN_TESTS = sizeof(alpn_tests) / sizeof(alpn_tests[0]);
33	8, 'h', 't', 't', 'p', '/', '1', '.', '1',
34	0,
35	6, 's', 'p', 'd', 'y', '/', '1',
36	};
37		97
38	static const uint8_t invalid_proto_len_too_short[] = {	98	static int
39	6, 'h', 't', 't', 'p', '/', '1', '.', '1',	99	test_ssl_set_alpn_protos(const struct alpn_test *tc)
40	};	100	{
		101	SSL_CTX *ctx;
		102	SSL *ssl;
		103	int ret;
		104	int failed = 0;
41		105
42	static const uint8_t invalid_proto_len_too_long[] = {	106	if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
43	8, 's', 'p', 'd', 'y', '/', '1',	107	errx(1, "SSL_CTX_new");
44	};	108
		109	ret = SSL_CTX_set_alpn_protos(ctx, tc->protocols, tc->protocols_len);
		110	if (ret != tc->ret) {
		111	warnx("%s: setting on SSL_CTX: want %d, got %d",
		112	tc->description, tc->ret, ret);
		113	failed = 1;
		114	}
		115
		116	if ((ssl = SSL_new(ctx)) == NULL)
		117	errx(1, "SSL_new");
		118
		119	ret = SSL_set_alpn_protos(ssl, tc->protocols, tc->protocols_len);
		120	if (ret != tc->ret) {
		121	warnx("%s: setting on SSL: want %d, got %d",
		122	tc->description, tc->ret, ret);
		123	failed = 1;
		124	}
		125
		126	SSL_CTX_free(ctx);
		127	SSL_free(ssl);
		128
		129	return failed;
		130	}
45		131
46	static int	132	static int
47	test_ssl_set_alpn_protos(void)	133	test_ssl_set_alpn_protos_edge_cases(void)
48	{	134	{
49	SSL_CTX *ctx;	135	SSL_CTX *ctx;
50	SSL *ssl = NULL;	136	SSL *ssl;
		137	const uint8_t valid[] = {
		138	6, 's', 'p', 'd', 'y', '/', '3',
		139	8, 'h', 't', 't', 'p', '/', '1', '.', '1',
		140	};
51	int failed = 0;	141	int failed = 0;
52		142
53	if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)	143	if ((ctx = SSL_CTX_new(TLS_client_method())) == NULL)
@@ -57,7 +147,6 @@ test_ssl_set_alpn_protos(void)
57	warnx("setting valid protocols on SSL_CTX failed");	147	warnx("setting valid protocols on SSL_CTX failed");
58	failed = 1;	148	failed = 1;
59	}	149	}
60
61	if (SSL_CTX_set_alpn_protos(ctx, NULL, 0) != 0) {	150	if (SSL_CTX_set_alpn_protos(ctx, NULL, 0) != 0) {
62	warnx("setting 'NULL, 0' on SSL_CTX failed");	151	warnx("setting 'NULL, 0' on SSL_CTX failed");
63	failed = 1;	152	failed = 1;
@@ -67,31 +156,7 @@ test_ssl_set_alpn_protos(void)
67	failed = 1;	156	failed = 1;
68	}	157	}
69	if (SSL_CTX_set_alpn_protos(ctx, NULL, 43) != 0) {	158	if (SSL_CTX_set_alpn_protos(ctx, NULL, 43) != 0) {
70	warnx("setting 'valid, 43' on SSL_CTX failed");	159	warnx("setting 'NULL, 43' on SSL_CTX failed");
71	failed = 1;
72	}
73
74	if (SSL_CTX_set_alpn_protos(ctx, invalid_len1, sizeof(invalid_len1))
75	!= 1) {
76	warnx("setting invalid_len1 on SSL_CTX succeeded");
77	failed = 1;
78	}
79	if (SSL_CTX_set_alpn_protos(ctx, invalid_contains_len0_proto,
80	sizeof(invalid_contains_len0_proto)) != 1) {
81	warnx("setting invalid_contains_len0_proto on SSL_CTX "
82	"succeeded");
83	failed = 1;
84	}
85	if (SSL_CTX_set_alpn_protos(ctx, invalid_proto_len_too_short,
86	sizeof(invalid_proto_len_too_short)) != 1) {
87	warnx("setting invalid_proto_len_too_short on SSL_CTX "
88	"succeeded");
89	failed = 1;
90	}
91	if (SSL_CTX_set_alpn_protos(ctx, invalid_proto_len_too_long,
92	sizeof(invalid_proto_len_too_long)) != 1) {
93	warnx("setting invalid_proto_len_too_long on SSL_CTX "
94	"succeeded");
95	failed = 1;	160	failed = 1;
96	}	161	}
97		162
@@ -111,28 +176,7 @@ test_ssl_set_alpn_protos(void)
111	failed = 1;	176	failed = 1;
112	}	177	}
113	if (SSL_set_alpn_protos(ssl, NULL, 43) != 0) {	178	if (SSL_set_alpn_protos(ssl, NULL, 43) != 0) {
114	warnx("setting 'valid, 43' on SSL failed");	179	warnx("setting 'NULL, 43' on SSL failed");
115	failed = 1;
116	}
117
118	if (SSL_set_alpn_protos(ssl, invalid_len1, sizeof(invalid_len1))
119	!= 1) {
120	warnx("setting invalid_len1 on SSL succeeded");
121	failed = 1;
122	}
123	if (SSL_set_alpn_protos(ssl, invalid_contains_len0_proto,
124	sizeof(invalid_contains_len0_proto)) != 1) {
125	warnx("setting invalid_contains_len0_proto on SSL succeeded");
126	failed = 1;
127	}
128	if (SSL_set_alpn_protos(ssl, invalid_proto_len_too_short,
129	sizeof(invalid_proto_len_too_short)) != 1) {
130	warnx("setting invalid_proto_len_too_short on SSL succeeded");
131	failed = 1;
132	}
133	if (SSL_set_alpn_protos(ssl, invalid_proto_len_too_long,
134	sizeof(invalid_proto_len_too_long)) != 1) {
135	warnx("setting invalid_proto_len_too_long on SSL succeeded");
136	failed = 1;	180	failed = 1;
137	}	181	}
138		182
@@ -145,9 +189,13 @@ test_ssl_set_alpn_protos(void)
145	int	189	int
146	main(void)	190	main(void)
147	{	191	{
148	int failed;	192	size_t i;
		193	int failed = 0;
		194
		195	for (i = 0; i < N_ALPN_TESTS; i++)
		196	failed \|= test_ssl_set_alpn_protos(&alpn_tests[i]);
149		197
150	failed = test_ssl_set_alpn_protos();	198	failed \|= test_ssl_set_alpn_protos_edge_cases();
151		199
152	if (!failed)	200	if (!failed)
153	printf("PASS %s\n", __FILE__);	201	printf("PASS %s\n", __FILE__);