summaryrefslogtreecommitdiff
path: root/regress/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'regress/lib/libssl')
-rw-r--r--regress/lib/libssl/tlsext/tlsexttest.c162
1 files changed, 81 insertions, 81 deletions
diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c
index 69460740383..03ce7a95e94 100644
--- a/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.58 2022/01/11 18:29:10 jsing Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.59 2022/02/05 14:54:40 jsing Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -150,7 +150,7 @@ test_tlsext_alpn_client(void)
* 1) Set s->internal->alpn_client_proto_list
* - Using SSL_set_alpn_protos()
* 2) We have not finished or renegotiated.
- * - S3I(s)->tmp.finish_md_len == 0
+ * - s->s3->tmp.finish_md_len == 0
*/
if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
sizeof(tlsext_alpn_single_proto_val)) != 0) {
@@ -345,12 +345,12 @@ test_tlsext_alpn_server(void)
*
* This will be a plain name and separate length.
*/
- if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
+ if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
errx(1, "failed to malloc");
}
- memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name,
+ memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name,
sizeof(tlsext_alpn_single_proto_name));
- S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
+ ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should need ALPN after a protocol is selected\n");
@@ -412,23 +412,23 @@ test_tlsext_alpn_server(void)
goto err;
}
- if (S3I(ssl)->alpn_selected_len !=
+ if (ssl->s3->alpn_selected_len !=
sizeof(tlsext_alpn_single_proto_name)) {
FAIL("got server ALPN with length %zu, "
"want length %zu\n", dlen,
sizeof(tlsext_alpn_single_proto_name));
- compare_data(S3I(ssl)->alpn_selected,
- S3I(ssl)->alpn_selected_len,
+ compare_data(ssl->s3->alpn_selected,
+ ssl->s3->alpn_selected_len,
tlsext_alpn_single_proto_name,
sizeof(tlsext_alpn_single_proto_name));
goto err;
}
- if (memcmp(S3I(ssl)->alpn_selected,
+ if (memcmp(ssl->s3->alpn_selected,
tlsext_alpn_single_proto_name,
sizeof(tlsext_alpn_single_proto_name)) != 0) {
FAIL("server ALPN differs:\n");
- compare_data(S3I(ssl)->alpn_selected,
- S3I(ssl)->alpn_selected_len,
+ compare_data(ssl->s3->alpn_selected,
+ ssl->s3->alpn_selected_len,
tlsext_alpn_single_proto_name,
sizeof(tlsext_alpn_single_proto_name));
goto err;
@@ -442,9 +442,9 @@ test_tlsext_alpn_server(void)
/* Make sure we can remove the list and avoid ALPN */
- free(S3I(ssl)->alpn_selected);
- S3I(ssl)->alpn_selected = NULL;
- S3I(ssl)->alpn_selected_len = 0;
+ free(ssl->s3->alpn_selected);
+ ssl->s3->alpn_selected = NULL;
+ ssl->s3->alpn_selected_len = 0;
if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should need ALPN by default\n");
@@ -1064,7 +1064,7 @@ test_tlsext_ecpf_server(void)
errx(1, "failed to create session");
/* Setup the state so we can call needs. */
- if ((S3I(ssl)->hs.cipher =
+ if ((ssl->s3->hs.cipher =
ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
== NULL) {
FAIL("server cannot find cipher\n");
@@ -1311,11 +1311,11 @@ test_tlsext_ri_client(void)
goto err;
}
- memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
+ memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
sizeof(tlsext_ri_prev_client));
- S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
+ ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
- S3I(ssl)->renegotiate_seen = 0;
+ ssl->s3->renegotiate_seen = 0;
if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("client failed to build RI\n");
@@ -1350,19 +1350,19 @@ test_tlsext_ri_client(void)
goto err;
}
- if (S3I(ssl)->renegotiate_seen != 1) {
+ if (ssl->s3->renegotiate_seen != 1) {
FAIL("renegotiate seen not set\n");
goto err;
}
- if (S3I(ssl)->send_connection_binding != 1) {
+ if (ssl->s3->send_connection_binding != 1) {
FAIL("send connection binding not set\n");
goto err;
}
- memset(S3I(ssl)->previous_client_finished, 0,
- sizeof(S3I(ssl)->previous_client_finished));
+ memset(ssl->s3->previous_client_finished, 0,
+ sizeof(ssl->s3->previous_client_finished));
- S3I(ssl)->renegotiate_seen = 0;
+ ssl->s3->renegotiate_seen = 0;
CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
@@ -1371,7 +1371,7 @@ test_tlsext_ri_client(void)
goto err;
}
- if (S3I(ssl)->renegotiate_seen == 1) {
+ if (ssl->s3->renegotiate_seen == 1) {
FAIL("renegotiate seen set\n");
goto err;
}
@@ -1414,22 +1414,22 @@ test_tlsext_ri_server(void)
goto err;
}
- S3I(ssl)->send_connection_binding = 1;
+ ssl->s3->send_connection_binding = 1;
if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should need RI\n");
goto err;
}
- memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client,
+ memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
sizeof(tlsext_ri_prev_client));
- S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
+ ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
- memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server,
+ memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server,
sizeof(tlsext_ri_prev_server));
- S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
+ ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
- S3I(ssl)->renegotiate_seen = 0;
+ ssl->s3->renegotiate_seen = 0;
if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
FAIL("server failed to build RI\n");
@@ -1464,21 +1464,21 @@ test_tlsext_ri_server(void)
goto err;
}
- if (S3I(ssl)->renegotiate_seen != 1) {
+ if (ssl->s3->renegotiate_seen != 1) {
FAIL("renegotiate seen not set\n");
goto err;
}
- if (S3I(ssl)->send_connection_binding != 1) {
+ if (ssl->s3->send_connection_binding != 1) {
FAIL("send connection binding not set\n");
goto err;
}
- memset(S3I(ssl)->previous_client_finished, 0,
- sizeof(S3I(ssl)->previous_client_finished));
- memset(S3I(ssl)->previous_server_finished, 0,
- sizeof(S3I(ssl)->previous_server_finished));
+ memset(ssl->s3->previous_client_finished, 0,
+ sizeof(ssl->s3->previous_client_finished));
+ memset(ssl->s3->previous_server_finished, 0,
+ sizeof(ssl->s3->previous_server_finished));
- S3I(ssl)->renegotiate_seen = 0;
+ ssl->s3->renegotiate_seen = 0;
CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
@@ -1486,7 +1486,7 @@ test_tlsext_ri_server(void)
goto err;
}
- if (S3I(ssl)->renegotiate_seen == 1) {
+ if (ssl->s3->renegotiate_seen == 1) {
FAIL("renegotiate seen set\n");
goto err;
}
@@ -1531,7 +1531,7 @@ test_tlsext_sigalgs_client(void)
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
- S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
fprintf(stderr, "FAIL: client should not need sigalgs\n");
@@ -1539,7 +1539,7 @@ test_tlsext_sigalgs_client(void)
goto done;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
fprintf(stderr, "FAIL: client should need sigalgs\n");
@@ -2773,8 +2773,8 @@ test_tlsext_clienthello_build(void)
goto err;
}
- S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION;
- S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("failed to build clienthello extensions\n");
@@ -2804,7 +2804,7 @@ test_tlsext_clienthello_build(void)
CBB_init(&cbb, 0);
/* Switch to TLSv1.1, disable EC ciphers and session tickets. */
- S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
FAIL("failed to set cipher list\n");
goto err;
@@ -2887,9 +2887,9 @@ test_tlsext_serverhello_build(void)
goto err;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
- S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION;
- S3I(ssl)->hs.cipher =
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.cipher =
ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
@@ -2920,8 +2920,8 @@ test_tlsext_serverhello_build(void)
CBB_init(&cbb, 0);
/* Turn a few things on so we get extensions... */
- S3I(ssl)->send_connection_binding = 1;
- S3I(ssl)->hs.cipher =
+ ssl->s3->send_connection_binding = 1;
+ ssl->s3->hs.cipher =
ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
ssl->internal->tlsext_status_expected = 1;
ssl->internal->tlsext_ticket_expected = 1;
@@ -2996,7 +2996,7 @@ test_tlsext_versions_client(void)
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
- S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need versions\n");
@@ -3004,7 +3004,7 @@ test_tlsext_versions_client(void)
goto done;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need versions\n");
@@ -3012,7 +3012,7 @@ test_tlsext_versions_client(void)
goto done;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should need versions\n");
@@ -3020,8 +3020,8 @@ test_tlsext_versions_client(void)
goto done;
}
- S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION;
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("client should have built versions\n");
@@ -3082,7 +3082,7 @@ test_tlsext_versions_server(void)
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
- S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need versions\n");
@@ -3090,7 +3090,7 @@ test_tlsext_versions_server(void)
goto done;
}
- S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should need versions\n");
@@ -3172,27 +3172,27 @@ test_tlsext_keyshare_client(void)
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
- if ((S3I(ssl)->hs.key_share =
+ if ((ssl->s3->hs.key_share =
tls_key_share_new_nid(NID_X25519)) == NULL)
errx(1, "failed to create key share");
- if (!tls_key_share_generate(S3I(ssl)->hs.key_share))
+ if (!tls_key_share_generate(ssl->s3->hs.key_share))
errx(1, "failed to generate key share");
- S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need keyshare\n");
failure = 1;
goto done;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should need keyshare\n");
failure = 1;
goto done;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
FAIL("client should have built keyshare\n");
failure = 1;
@@ -3263,13 +3263,13 @@ test_tlsext_keyshare_server(void)
CBB_init(&cbb, 0);
- S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need keyshare\n");
goto done;
}
- S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("client should not need keyshare\n");
goto done;
@@ -3279,7 +3279,7 @@ test_tlsext_keyshare_server(void)
FAIL("failed to find keyshare extension\n");
goto done;
}
- S3I(ssl)->hs.extensions_seen |= (1 << idx);
+ ssl->s3->hs.extensions_seen |= (1 << idx);
if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should need keyshare\n");
@@ -3291,20 +3291,20 @@ test_tlsext_keyshare_server(void)
goto done;
}
- if ((S3I(ssl)->hs.key_share =
+ if ((ssl->s3->hs.key_share =
tls_key_share_new_nid(NID_X25519)) == NULL) {
FAIL("failed to create key share");
goto done;
}
- if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) {
+ if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
FAIL("failed to generate key share");
goto done;
}
CBS_init(&cbs, bogokey, sizeof(bogokey));
- if (!tls_key_share_peer_public(S3I(ssl)->hs.key_share, &cbs,
+ if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs,
&decode_error, NULL)) {
FAIL("failed to load peer public key\n");
goto done;
@@ -3326,12 +3326,12 @@ test_tlsext_keyshare_server(void)
goto done;
}
- if ((S3I(ssl)->hs.key_share =
+ if ((ssl->s3->hs.key_share =
tls_key_share_new_nid(NID_X25519)) == NULL) {
FAIL("failed to create key share");
goto done;
}
- if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) {
+ if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
FAIL("failed to generate key share");
goto done;
}
@@ -3386,7 +3386,7 @@ test_tlsext_cookie_client(void)
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
- S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need cookie\n");
failure = 1;
@@ -3394,7 +3394,7 @@ test_tlsext_cookie_client(void)
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should not need cookie\n");
failure = 1;
@@ -3402,8 +3402,8 @@ test_tlsext_cookie_client(void)
}
/* Normally would be set by receiving a server cookie in an HRR */
- S3I(ssl)->hs.tls13.cookie = strdup(cookie);
- S3I(ssl)->hs.tls13.cookie_len = strlen(cookie);
+ ssl->s3->hs.tls13.cookie = strdup(cookie);
+ ssl->s3->hs.tls13.cookie_len = strlen(cookie);
if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
FAIL("client should need cookie\n");
@@ -3474,14 +3474,14 @@ test_tlsext_cookie_server(void)
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "failed to create SSL");
- S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need cookie\n");
failure = 1;
goto done;
}
- S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION;
+ ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
FAIL("server should not need cookie\n");
failure = 1;
@@ -3489,8 +3489,8 @@ test_tlsext_cookie_server(void)
}
/* Normally would be set by server before sending HRR */
- S3I(ssl)->hs.tls13.cookie = strdup(cookie);
- S3I(ssl)->hs.tls13.cookie_len = strlen(cookie);
+ ssl->s3->hs.tls13.cookie = strdup(cookie);
+ ssl->s3->hs.tls13.cookie_len = strlen(cookie);
if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) {
FAIL("server should need cookie\n");
@@ -3526,9 +3526,9 @@ test_tlsext_cookie_server(void)
goto done;
}
- freezero(S3I(ssl)->hs.tls13.cookie, S3I(ssl)->hs.tls13.cookie_len);
- S3I(ssl)->hs.tls13.cookie = NULL;
- S3I(ssl)->hs.tls13.cookie_len = 0;
+ freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len);
+ ssl->s3->hs.tls13.cookie = NULL;
+ ssl->s3->hs.tls13.cookie_len = 0;
if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("failed to parse server cookie\n");
@@ -3536,8 +3536,8 @@ test_tlsext_cookie_server(void)
goto done;
}
- if (memcmp(cookie, S3I(ssl)->hs.tls13.cookie,
- S3I(ssl)->hs.tls13.cookie_len) != 0) {
+ if (memcmp(cookie, ssl->s3->hs.tls13.cookie,
+ ssl->s3->hs.tls13.cookie_len) != 0) {
FAIL("parsed server cookie does not match sent cookie\n");
failure = 1;
goto done;