Skip to content

Commit f3ad1a7

Browse files
lrstewartlrstewart
authored
Remove deprecated methods for cert_req extensions (aws#2094)
1 parent 460b4fa commit f3ad1a7

5 files changed

+14
-135
lines changed

tests/unit/s2n_server_signature_algorithms_extension_test.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,9 @@ int main(int argc, char **argv)
4040
EXPECT_NOT_NULL(server_conn = s2n_connection_new(S2N_SERVER));
4141

4242
struct s2n_stuffer io;
43-
s2n_stuffer_alloc(&io, s2n_extensions_server_signature_algorithms_size(server_conn));
44-
EXPECT_SUCCESS(s2n_server_signature_algorithms_extension.send(server_conn, &io));
43+
EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&io, 0));
4544

45+
EXPECT_SUCCESS(s2n_server_signature_algorithms_extension.send(server_conn, &io));
4646
EXPECT_SUCCESS(s2n_server_signature_algorithms_extension.recv(client_conn, &io));
4747
EXPECT_EQUAL(s2n_stuffer_data_available(&io), 0);
4848

tests/unit/s2n_tls13_cert_request_extensions_test.c

+5-105
Original file line numberDiff line numberDiff line change
@@ -32,71 +32,7 @@ int main(int argc, char **argv)
3232
BEGIN_TEST();
3333
EXPECT_SUCCESS(s2n_enable_tls13());
3434

35-
/* Test client fails to parse certificate request with no extensions */
36-
{
37-
struct s2n_connection *client_conn;
38-
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
39-
client_conn->actual_protocol_version = S2N_TLS13;
40-
41-
/* Write 0 length request context https://tools.ietf.org/html/rfc8446#section-4.3.2 */
42-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
43-
/* write total extension length */
44-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, 0));
45-
46-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_MISSING_EXTENSION);
47-
48-
EXPECT_SUCCESS(s2n_connection_free(client_conn));
49-
}
50-
51-
/* Test client fails to parse certificate request with wrong extension type */
52-
{
53-
struct s2n_connection *client_conn;
54-
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
55-
client_conn->actual_protocol_version = S2N_TLS13;
56-
57-
/* Write supported versions extension instead */
58-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
59-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, s2n_extensions_server_supported_versions_size(client_conn)));
60-
EXPECT_SUCCESS(s2n_extensions_server_supported_versions_send(client_conn, &client_conn->handshake.io));
61-
62-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_BAD_MESSAGE);
63-
64-
EXPECT_SUCCESS(s2n_connection_free(client_conn));
65-
}
66-
67-
/* Test extension size greater than actual fails */
68-
{
69-
struct s2n_connection *client_conn;
70-
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
71-
client_conn->actual_protocol_version = S2N_TLS13;
72-
73-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
74-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, s2n_extensions_server_signature_algorithms_size(client_conn) + 3));
75-
EXPECT_SUCCESS(s2n_extensions_server_signature_algorithms_send(client_conn, &client_conn->handshake.io));
76-
77-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_BAD_MESSAGE);
78-
79-
EXPECT_SUCCESS(s2n_connection_free(client_conn));
80-
}
81-
82-
/* Test extension size smaller than actual fails */
83-
{
84-
struct s2n_connection *client_conn;
85-
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
86-
client_conn->actual_protocol_version = S2N_TLS13;
87-
88-
/* Extension size read inside of parsing the extension will be greater than data available
89-
* as overall extension size written here is smaller than was actually written */
90-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
91-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, s2n_extensions_server_signature_algorithms_size(client_conn) - 4));
92-
EXPECT_SUCCESS(s2n_extensions_server_signature_algorithms_send(client_conn, &client_conn->handshake.io));
93-
94-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_BAD_MESSAGE);
95-
96-
EXPECT_SUCCESS(s2n_connection_free(client_conn));
97-
}
98-
99-
/* Test correct extension (sig_alg) */
35+
/* Test correct required extension (sig_alg) sent and received */
10036
{
10137
struct s2n_connection *conn;
10238
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
@@ -110,53 +46,17 @@ int main(int argc, char **argv)
11046
EXPECT_SUCCESS(s2n_connection_free(conn));
11147
}
11248

113-
/* Test correct extension (sig alg) with wrong length */
114-
{
115-
struct s2n_connection *client_conn;
116-
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
117-
client_conn->actual_protocol_version = S2N_TLS13;
118-
119-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
120-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, s2n_extensions_server_signature_algorithms_size(client_conn)));
121-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, TLS_EXTENSION_SIGNATURE_ALGORITHMS));
122-
/* From s2n_extensions_server_signature_algorithms_send() */
123-
uint16_t total_size = s2n_extensions_server_signature_algorithms_size(client_conn);
124-
uint16_t extension_size = total_size - 4;
125-
/* Subtract further to make the extension_size smaller than it actually is */
126-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, extension_size - 4));
127-
EXPECT_SUCCESS(s2n_send_supported_sig_scheme_list(client_conn, &client_conn->handshake.io));
128-
129-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_BAD_MESSAGE);
130-
131-
/* Test again with extension size larger than it actually is */
132-
EXPECT_SUCCESS(s2n_stuffer_wipe(&client_conn->handshake.io));
133-
EXPECT_TRUE(s2n_stuffer_data_available(&client_conn->handshake.io) == 0);
134-
135-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
136-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, s2n_extensions_server_signature_algorithms_size(client_conn)));
137-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, TLS_EXTENSION_SIGNATURE_ALGORITHMS));
138-
total_size = s2n_extensions_server_signature_algorithms_size(client_conn);
139-
extension_size = total_size - 4;
140-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, extension_size + 4));
141-
EXPECT_SUCCESS(s2n_send_supported_sig_scheme_list(client_conn, &client_conn->handshake.io));
142-
143-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_BAD_MESSAGE);
144-
145-
EXPECT_SUCCESS(s2n_connection_free(client_conn));
146-
}
147-
148-
/* Test two of the same extension */
49+
/* Test client fails to parse certificate request with no extensions */
14950
{
15051
struct s2n_connection *client_conn;
15152
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
15253
client_conn->actual_protocol_version = S2N_TLS13;
15354

55+
/* Write 0 length request context https://tools.ietf.org/html/rfc8446#section-4.3.2 */
15456
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
155-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, 2 * s2n_extensions_server_signature_algorithms_size(client_conn)));
156-
EXPECT_SUCCESS(s2n_extensions_server_signature_algorithms_send(client_conn, &client_conn->handshake.io));
157-
EXPECT_SUCCESS(s2n_extensions_server_signature_algorithms_send(client_conn, &client_conn->handshake.io));
57+
EXPECT_SUCCESS(s2n_extension_list_send(S2N_EXTENSION_LIST_EMPTY, client_conn, &client_conn->handshake.io));
15858

159-
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_DUPLICATE_EXTENSION);
59+
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_MISSING_EXTENSION);
16060

16161
EXPECT_SUCCESS(s2n_connection_free(client_conn));
16262
}

tests/unit/s2n_tls13_cert_request_test.c

+5-3
Original file line numberDiff line numberDiff line change
@@ -82,10 +82,12 @@ int main(int argc, char **argv)
8282
EXPECT_NOT_NULL(client_conn = s2n_connection_new(S2N_CLIENT));
8383
client_conn->actual_protocol_version = S2N_TLS13;
8484

85-
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 2));
86-
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&client_conn->handshake.io, s2n_extensions_server_signature_algorithms_size(client_conn)));
87-
EXPECT_SUCCESS(s2n_extensions_server_signature_algorithms_send(client_conn, &client_conn->handshake.io));
85+
/* Request context correct */
86+
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 0));
87+
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_MISSING_EXTENSION);
8888

89+
/* Request context incorrect */
90+
EXPECT_SUCCESS(s2n_stuffer_write_uint8(&client_conn->handshake.io, 2));
8991
EXPECT_FAILURE_WITH_ERRNO(s2n_tls13_cert_req_recv(client_conn), S2N_ERR_BAD_MESSAGE);
9092

9193
EXPECT_SUCCESS(s2n_connection_free(client_conn));

tls/extensions/s2n_server_signature_algorithms.c

+2-18
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,12 @@
1717
#include <stdint.h>
1818

1919
#include "tls/extensions/s2n_client_signature_algorithms.h"
20+
#include "tls/s2n_connection.h"
2021
#include "tls/s2n_tls.h"
2122
#include "tls/s2n_tls_parameters.h"
2223
#include "tls/s2n_signature_algorithms.h"
2324

25+
#include "stuffer/s2n_stuffer.h"
2426
#include "utils/s2n_safety.h"
2527

2628
static int s2n_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
@@ -38,21 +40,3 @@ static int s2n_signature_algorithms_recv(struct s2n_connection *conn, struct s2n
3840
{
3941
return s2n_recv_supported_sig_scheme_list(extension, &conn->handshake_params.server_sig_hash_algs);
4042
}
41-
42-
/* Old-style extension functions -- remove after extensions refactor is complete */
43-
44-
int s2n_extensions_server_signature_algorithms_size(struct s2n_connection *conn)
45-
{
46-
/* extra 6 = 2 from extension type, 2 from extension size, 2 from list length */
47-
return s2n_supported_sig_scheme_list_size(conn) + 6;
48-
}
49-
50-
int s2n_extensions_server_signature_algorithms_send(struct s2n_connection *conn, struct s2n_stuffer *out)
51-
{
52-
return s2n_extension_send(&s2n_server_signature_algorithms_extension, conn, out);
53-
}
54-
55-
int s2n_extensions_server_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
56-
{
57-
return s2n_extension_recv(&s2n_server_signature_algorithms_extension, conn, extension);
58-
}

tls/extensions/s2n_server_signature_algorithms.h

-7
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,5 @@
1616
#pragma once
1717

1818
#include "tls/extensions/s2n_extension_type.h"
19-
#include "tls/s2n_connection.h"
20-
#include "stuffer/s2n_stuffer.h"
2119

2220
extern const s2n_extension_type s2n_server_signature_algorithms_extension;
23-
24-
/* Old-style extension functions -- remove after extensions refactor is complete */
25-
int s2n_extensions_server_signature_algorithms_send(struct s2n_connection *conn, struct s2n_stuffer *out);
26-
int s2n_extensions_server_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension);
27-
int s2n_extensions_server_signature_algorithms_size(struct s2n_connection *conn);

0 commit comments

Comments
 (0)