Skip to content

Commit 31ddc5b

Browse files
move long_sni regression test
1 parent bc7768c commit 31ddc5b

1 file changed

Lines changed: 30 additions & 54 deletions

File tree

tests/api.c

Lines changed: 30 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -7920,17 +7920,37 @@ static int test_wolfSSL_UseSNI_params(void)
79207920
ExpectNotNull(ssl);
79217921

79227922
/* invalid [ctx|ssl] */
7923-
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
7924-
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
7923+
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, WOLFSSL_SNI_HOST_NAME,
7924+
"ctx", 3));
7925+
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, WOLFSSL_SNI_HOST_NAME,
7926+
"ssl", 3));
79257927
/* invalid type */
79267928
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, (byte)-1, "ctx", 3));
79277929
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, (byte)-1, "ssl", 3));
79287930
/* invalid data */
7929-
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
7930-
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
7931+
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME,
7932+
NULL, 3));
7933+
ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, WOLFSSL_SNI_HOST_NAME,
7934+
NULL, 3));
7935+
/* invalid length */
7936+
if (EXPECT_SUCCESS()) {
7937+
/* 300 chars > WOLFSSL_HOST_NAME_MAX (256) */
7938+
char longName[300];
7939+
7940+
XMEMSET(longName, 'a', sizeof(longName) - 1);
7941+
longName[sizeof(longName) - 1] = '\0';
7942+
7943+
/* host name >= WOLFSSL_HOST_NAME_MAX */
7944+
ExpectIntEQ(BAD_LENGTH_E, wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME,
7945+
longName, (word16)XSTRLEN(longName)));
7946+
ExpectIntEQ(BAD_LENGTH_E, wolfSSL_UseSNI( ssl, WOLFSSL_SNI_HOST_NAME,
7947+
longName, (word16)XSTRLEN(longName)));
7948+
}
79317949
/* success case */
7932-
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
7933-
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
7950+
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME,
7951+
"ctx", 3));
7952+
ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, WOLFSSL_SNI_HOST_NAME,
7953+
"ssl", 3));
79347954

79357955
wolfSSL_free(ssl);
79367956
wolfSSL_CTX_free(ctx);
@@ -14490,7 +14510,10 @@ static int test_wolfSSL_Tls13_ECH_bad_configs_ex(int hrr, int sniCb)
1449014510
}
1449114511

1449214512
ExpectIntNE(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
14493-
ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0);
14513+
ExpectIntEQ(wolfSSL_GetEchStatus(test_ctx.c_ssl),
14514+
WOLFSSL_ECH_STATUS_REJECTED);
14515+
ExpectIntEQ(wolfSSL_GetEchStatus(test_ctx.s_ssl),
14516+
WOLFSSL_ECH_STATUS_ACCEPTED);
1449414517

1449514518
test_ssl_memio_cleanup(&test_ctx);
1449614519

@@ -15184,52 +15207,6 @@ static int test_wolfSSL_Tls13_ECH_disable_conn(void)
1518415207
return EXPECT_RESULT();
1518515208
}
1518615209

15187-
/* Regression test: an inner SNI hostname >= MAX_PUBLIC_NAME_SZ (256) bytes
15188-
* must not cause a stack-buffer-overflow in TLSX_EchRestoreSNI. Before the
15189-
* fix, the truncated copy omitted the NUL terminator and XSTRLEN read past
15190-
* the buffer. */
15191-
static int test_wolfSSL_Tls13_ECH_long_SNI(void)
15192-
{
15193-
EXPECT_DECLS;
15194-
#if !defined(NO_WOLFSSL_CLIENT)
15195-
test_ssl_memio_ctx test_ctx;
15196-
/* 300 chars > MAX_PUBLIC_NAME_SZ (256) to exercise truncation */
15197-
char longName[300];
15198-
15199-
XMEMSET(longName, 'a', sizeof(longName) - 1);
15200-
longName[sizeof(longName) - 1] = '\0';
15201-
15202-
XMEMSET(&test_ctx, 0, sizeof(test_ctx));
15203-
15204-
test_ctx.s_cb.method = wolfTLSv1_3_server_method;
15205-
test_ctx.c_cb.method = wolfTLSv1_3_client_method;
15206-
15207-
test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready;
15208-
test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready;
15209-
15210-
ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
15211-
15212-
/* Set ECH configs on the client */
15213-
ExpectIntEQ(wolfSSL_SetEchConfigs(test_ctx.c_ssl, echCbTestConfigs,
15214-
echCbTestConfigsLen), WOLFSSL_SUCCESS);
15215-
15216-
/* Try to set the over-long SNI as the inner hostname -- after the fix, this
15217-
* is expected to fail.
15218-
*/
15219-
ExpectIntEQ(wolfSSL_UseSNI(test_ctx.c_ssl, WOLFSSL_SNI_HOST_NAME,
15220-
longName, (word16)XSTRLEN(longName)), BAD_LENGTH_E);
15221-
15222-
/* Before the fix, the handshake would trigger TLSX_EchChangeSNI /
15223-
* TLSX_EchRestoreSNI, which would then stack-buffer-overflow in XSTRLEN.
15224-
*/
15225-
(void)test_ssl_memio_do_handshake(&test_ctx, 10, NULL);
15226-
15227-
test_ssl_memio_cleanup(&test_ctx);
15228-
#endif /* !NO_WOLFSSL_CLIENT */
15229-
15230-
return EXPECT_RESULT();
15231-
}
15232-
1523315210
static int ech_seek_extensions(byte* buf, word16* innerExtLen)
1523415211
{
1523515212
word16 idx;
@@ -35357,7 +35334,6 @@ TEST_CASE testCases[] = {
3535735334
TEST_DECL(test_wolfSSL_Tls13_ECH_GREASE),
3535835335
TEST_DECL(test_wolfSSL_Tls13_ECH_wire_sni),
3535935336
TEST_DECL(test_wolfSSL_Tls13_ECH_disable_conn),
35360-
TEST_DECL(test_wolfSSL_Tls13_ECH_long_SNI),
3536135337
TEST_DECL(test_wolfSSL_Tls13_ECH_HRR_rejection),
3536235338
TEST_DECL(test_wolfSSL_Tls13_ECH_ch2_no_ech),
3536335339
TEST_DECL(test_wolfSSL_Tls13_ECH_ch2_decrypt_error),

0 commit comments

Comments
 (0)