Convert ssl_bytes_to_cipher_list to CBS.

Link in the new 'unit' regress and expand the invalid tests to include
some that would fail before the CBS conversion.

input + ok miod@ jsing@

2 files changed, 19 insertions, 3 deletions

diff --git a/regress/lib/libssl/Makefile b/regress/lib/libssl/Makefile
index 4d64dc39660..7c2d92e3400 100644
--- a/regress/lib/libssl/Makefile
+++ b/regress/lib/libssl/Makefile
@@ -1,10 +1,11 @@
-#	$OpenBSD: Makefile,v 1.21 2015/02/06 09:36:16 doug Exp $
+#	$OpenBSD: Makefile,v 1.22 2015/06/28 00:08:27 doug Exp $
 
 SUBDIR= \
 	asn1 \
 	bytestring \
 	ciphers \
-	ssl
+	ssl \
+	unit
 
 install:
 
diff --git a/regress/lib/libssl/unit/cipher_list.c b/regress/lib/libssl/unit/cipher_list.c
index b5130077710..1c829f369c3 100644
--- a/regress/lib/libssl/unit/cipher_list.c
+++ b/regress/lib/libssl/unit/cipher_list.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cipher_list.c,v 1.1 2015/06/27 23:35:52 doug Exp $	*/
+/*	$OpenBSD: cipher_list.c,v 1.2 2015/06/28 00:08:27 doug Exp $	*/
 /*
  * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
@@ -146,6 +146,8 @@ err:
 static int
 ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
 {
+	uint8_t empty_cipher_bytes[] = { };
+
 	sk_SSL_CIPHER_free(*ciphers);
 
 	/* Invalid length: CipherSuite is 2 bytes so it must be even */
@@ -153,6 +155,19 @@ ssl_bytes_to_list_invalid(SSL *s, STACK_OF(SSL_CIPHER) **ciphers)
 	    sizeof(cipher_bytes) - 1);
 	CHECK(*ciphers == NULL);
 
+	/* Invalid length: cipher_suites must be at least 2 */
+	*ciphers = ssl_bytes_to_cipher_list(s, empty_cipher_bytes,
+	    sizeof(empty_cipher_bytes));
+	CHECK(*ciphers == NULL);
+
+	/* Invalid length: cipher_suites must be at most 2^16-2 */
+	*ciphers = ssl_bytes_to_cipher_list(s, cipher_bytes, 0x10000);
+	CHECK(*ciphers == NULL);
+
+	/* Invalid len: prototype is signed, but it shouldn't accept len < 0 */
+	*ciphers = ssl_bytes_to_cipher_list(s, cipher_bytes, -2);
+	CHECK(*ciphers == NULL);
+
 	return 1;
 }