summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorjsing <>2022-02-05 14:54:40 +0000
committerjsing <>2022-02-05 14:54:40 +0000
commitc7cd75e51d33708442e984b9b2e0ef9c09472ae7 (patch)
tree0a57be1fc82f0a94b3555e1f474b9ff338849105 /src
parent83e485da0e6d59ae7baf4be882b7d2a569774e84 (diff)
downloadopenbsd-c7cd75e51d33708442e984b9b2e0ef9c09472ae7.tar.gz
openbsd-c7cd75e51d33708442e984b9b2e0ef9c09472ae7.tar.bz2
openbsd-c7cd75e51d33708442e984b9b2e0ef9c09472ae7.zip
Revise for S3I removal.
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c162
1 files changed, 81 insertions, 81 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 6946074038..03ce7a95e9 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.58 2022/01/11 18:29:10 jsing Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.59 2022/02/05 14:54:40 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -150,7 +150,7 @@ test_tlsext_alpn_client(void)
150 * 1) Set s->internal->alpn_client_proto_list 150 * 1) Set s->internal->alpn_client_proto_list
151 * - Using SSL_set_alpn_protos() 151 * - Using SSL_set_alpn_protos()
152 * 2) We have not finished or renegotiated. 152 * 2) We have not finished or renegotiated.
153 * - S3I(s)->tmp.finish_md_len == 0 153 * - s->s3->tmp.finish_md_len == 0
154 */ 154 */
155 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val, 155 if (SSL_set_alpn_protos(ssl, tlsext_alpn_single_proto_val,
156 sizeof(tlsext_alpn_single_proto_val)) != 0) { 156 sizeof(tlsext_alpn_single_proto_val)) != 0) {
@@ -345,12 +345,12 @@ test_tlsext_alpn_server(void)
345 * 345 *
346 * This will be a plain name and separate length. 346 * This will be a plain name and separate length.
347 */ 347 */
348 if ((S3I(ssl)->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) { 348 if ((ssl->s3->alpn_selected = malloc(sizeof(tlsext_alpn_single_proto_name))) == NULL) {
349 errx(1, "failed to malloc"); 349 errx(1, "failed to malloc");
350 } 350 }
351 memcpy(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name, 351 memcpy(ssl->s3->alpn_selected, tlsext_alpn_single_proto_name,
352 sizeof(tlsext_alpn_single_proto_name)); 352 sizeof(tlsext_alpn_single_proto_name));
353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); 353 ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
354 354
355 if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 355 if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
356 FAIL("server should need ALPN after a protocol is selected\n"); 356 FAIL("server should need ALPN after a protocol is selected\n");
@@ -412,23 +412,23 @@ test_tlsext_alpn_server(void)
412 goto err; 412 goto err;
413 } 413 }
414 414
415 if (S3I(ssl)->alpn_selected_len != 415 if (ssl->s3->alpn_selected_len !=
416 sizeof(tlsext_alpn_single_proto_name)) { 416 sizeof(tlsext_alpn_single_proto_name)) {
417 FAIL("got server ALPN with length %zu, " 417 FAIL("got server ALPN with length %zu, "
418 "want length %zu\n", dlen, 418 "want length %zu\n", dlen,
419 sizeof(tlsext_alpn_single_proto_name)); 419 sizeof(tlsext_alpn_single_proto_name));
420 compare_data(S3I(ssl)->alpn_selected, 420 compare_data(ssl->s3->alpn_selected,
421 S3I(ssl)->alpn_selected_len, 421 ssl->s3->alpn_selected_len,
422 tlsext_alpn_single_proto_name, 422 tlsext_alpn_single_proto_name,
423 sizeof(tlsext_alpn_single_proto_name)); 423 sizeof(tlsext_alpn_single_proto_name));
424 goto err; 424 goto err;
425 } 425 }
426 if (memcmp(S3I(ssl)->alpn_selected, 426 if (memcmp(ssl->s3->alpn_selected,
427 tlsext_alpn_single_proto_name, 427 tlsext_alpn_single_proto_name,
428 sizeof(tlsext_alpn_single_proto_name)) != 0) { 428 sizeof(tlsext_alpn_single_proto_name)) != 0) {
429 FAIL("server ALPN differs:\n"); 429 FAIL("server ALPN differs:\n");
430 compare_data(S3I(ssl)->alpn_selected, 430 compare_data(ssl->s3->alpn_selected,
431 S3I(ssl)->alpn_selected_len, 431 ssl->s3->alpn_selected_len,
432 tlsext_alpn_single_proto_name, 432 tlsext_alpn_single_proto_name,
433 sizeof(tlsext_alpn_single_proto_name)); 433 sizeof(tlsext_alpn_single_proto_name));
434 goto err; 434 goto err;
@@ -442,9 +442,9 @@ test_tlsext_alpn_server(void)
442 442
443 /* Make sure we can remove the list and avoid ALPN */ 443 /* Make sure we can remove the list and avoid ALPN */
444 444
445 free(S3I(ssl)->alpn_selected); 445 free(ssl->s3->alpn_selected);
446 S3I(ssl)->alpn_selected = NULL; 446 ssl->s3->alpn_selected = NULL;
447 S3I(ssl)->alpn_selected_len = 0; 447 ssl->s3->alpn_selected_len = 0;
448 448
449 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 449 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
450 FAIL("server should need ALPN by default\n"); 450 FAIL("server should need ALPN by default\n");
@@ -1064,7 +1064,7 @@ test_tlsext_ecpf_server(void)
1064 errx(1, "failed to create session"); 1064 errx(1, "failed to create session");
1065 1065
1066 /* Setup the state so we can call needs. */ 1066 /* Setup the state so we can call needs. */
1067 if ((S3I(ssl)->hs.cipher = 1067 if ((ssl->s3->hs.cipher =
1068 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305)) 1068 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1069 == NULL) { 1069 == NULL) {
1070 FAIL("server cannot find cipher\n"); 1070 FAIL("server cannot find cipher\n");
@@ -1311,11 +1311,11 @@ test_tlsext_ri_client(void)
1311 goto err; 1311 goto err;
1312 } 1312 }
1313 1313
1314 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, 1314 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1315 sizeof(tlsext_ri_prev_client)); 1315 sizeof(tlsext_ri_prev_client));
1316 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 1316 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1317 1317
1318 S3I(ssl)->renegotiate_seen = 0; 1318 ssl->s3->renegotiate_seen = 0;
1319 1319
1320 if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 1320 if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1321 FAIL("client failed to build RI\n"); 1321 FAIL("client failed to build RI\n");
@@ -1350,19 +1350,19 @@ test_tlsext_ri_client(void)
1350 goto err; 1350 goto err;
1351 } 1351 }
1352 1352
1353 if (S3I(ssl)->renegotiate_seen != 1) { 1353 if (ssl->s3->renegotiate_seen != 1) {
1354 FAIL("renegotiate seen not set\n"); 1354 FAIL("renegotiate seen not set\n");
1355 goto err; 1355 goto err;
1356 } 1356 }
1357 if (S3I(ssl)->send_connection_binding != 1) { 1357 if (ssl->s3->send_connection_binding != 1) {
1358 FAIL("send connection binding not set\n"); 1358 FAIL("send connection binding not set\n");
1359 goto err; 1359 goto err;
1360 } 1360 }
1361 1361
1362 memset(S3I(ssl)->previous_client_finished, 0, 1362 memset(ssl->s3->previous_client_finished, 0,
1363 sizeof(S3I(ssl)->previous_client_finished)); 1363 sizeof(ssl->s3->previous_client_finished));
1364 1364
1365 S3I(ssl)->renegotiate_seen = 0; 1365 ssl->s3->renegotiate_seen = 0;
1366 1366
1367 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1367 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1368 if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1368 if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
@@ -1371,7 +1371,7 @@ test_tlsext_ri_client(void)
1371 goto err; 1371 goto err;
1372 } 1372 }
1373 1373
1374 if (S3I(ssl)->renegotiate_seen == 1) { 1374 if (ssl->s3->renegotiate_seen == 1) {
1375 FAIL("renegotiate seen set\n"); 1375 FAIL("renegotiate seen set\n");
1376 goto err; 1376 goto err;
1377 } 1377 }
@@ -1414,22 +1414,22 @@ test_tlsext_ri_server(void)
1414 goto err; 1414 goto err;
1415 } 1415 }
1416 1416
1417 S3I(ssl)->send_connection_binding = 1; 1417 ssl->s3->send_connection_binding = 1;
1418 1418
1419 if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 1419 if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1420 FAIL("server should need RI\n"); 1420 FAIL("server should need RI\n");
1421 goto err; 1421 goto err;
1422 } 1422 }
1423 1423
1424 memcpy(S3I(ssl)->previous_client_finished, tlsext_ri_prev_client, 1424 memcpy(ssl->s3->previous_client_finished, tlsext_ri_prev_client,
1425 sizeof(tlsext_ri_prev_client)); 1425 sizeof(tlsext_ri_prev_client));
1426 S3I(ssl)->previous_client_finished_len = sizeof(tlsext_ri_prev_client); 1426 ssl->s3->previous_client_finished_len = sizeof(tlsext_ri_prev_client);
1427 1427
1428 memcpy(S3I(ssl)->previous_server_finished, tlsext_ri_prev_server, 1428 memcpy(ssl->s3->previous_server_finished, tlsext_ri_prev_server,
1429 sizeof(tlsext_ri_prev_server)); 1429 sizeof(tlsext_ri_prev_server));
1430 S3I(ssl)->previous_server_finished_len = sizeof(tlsext_ri_prev_server); 1430 ssl->s3->previous_server_finished_len = sizeof(tlsext_ri_prev_server);
1431 1431
1432 S3I(ssl)->renegotiate_seen = 0; 1432 ssl->s3->renegotiate_seen = 0;
1433 1433
1434 if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 1434 if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1435 FAIL("server failed to build RI\n"); 1435 FAIL("server failed to build RI\n");
@@ -1464,21 +1464,21 @@ test_tlsext_ri_server(void)
1464 goto err; 1464 goto err;
1465 } 1465 }
1466 1466
1467 if (S3I(ssl)->renegotiate_seen != 1) { 1467 if (ssl->s3->renegotiate_seen != 1) {
1468 FAIL("renegotiate seen not set\n"); 1468 FAIL("renegotiate seen not set\n");
1469 goto err; 1469 goto err;
1470 } 1470 }
1471 if (S3I(ssl)->send_connection_binding != 1) { 1471 if (ssl->s3->send_connection_binding != 1) {
1472 FAIL("send connection binding not set\n"); 1472 FAIL("send connection binding not set\n");
1473 goto err; 1473 goto err;
1474 } 1474 }
1475 1475
1476 memset(S3I(ssl)->previous_client_finished, 0, 1476 memset(ssl->s3->previous_client_finished, 0,
1477 sizeof(S3I(ssl)->previous_client_finished)); 1477 sizeof(ssl->s3->previous_client_finished));
1478 memset(S3I(ssl)->previous_server_finished, 0, 1478 memset(ssl->s3->previous_server_finished, 0,
1479 sizeof(S3I(ssl)->previous_server_finished)); 1479 sizeof(ssl->s3->previous_server_finished));
1480 1480
1481 S3I(ssl)->renegotiate_seen = 0; 1481 ssl->s3->renegotiate_seen = 0;
1482 1482
1483 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1483 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1484 if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1484 if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
@@ -1486,7 +1486,7 @@ test_tlsext_ri_server(void)
1486 goto err; 1486 goto err;
1487 } 1487 }
1488 1488
1489 if (S3I(ssl)->renegotiate_seen == 1) { 1489 if (ssl->s3->renegotiate_seen == 1) {
1490 FAIL("renegotiate seen set\n"); 1490 FAIL("renegotiate seen set\n");
1491 goto err; 1491 goto err;
1492 } 1492 }
@@ -1531,7 +1531,7 @@ test_tlsext_sigalgs_client(void)
1531 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1531 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1532 errx(1, "failed to create SSL"); 1532 errx(1, "failed to create SSL");
1533 1533
1534 S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; 1534 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
1535 1535
1536 if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1536 if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1537 fprintf(stderr, "FAIL: client should not need sigalgs\n"); 1537 fprintf(stderr, "FAIL: client should not need sigalgs\n");
@@ -1539,7 +1539,7 @@ test_tlsext_sigalgs_client(void)
1539 goto done; 1539 goto done;
1540 } 1540 }
1541 1541
1542 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; 1542 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
1543 1543
1544 if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 1544 if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1545 fprintf(stderr, "FAIL: client should need sigalgs\n"); 1545 fprintf(stderr, "FAIL: client should need sigalgs\n");
@@ -2773,8 +2773,8 @@ test_tlsext_clienthello_build(void)
2773 goto err; 2773 goto err;
2774 } 2774 }
2775 2775
2776 S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; 2776 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
2777 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; 2777 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
2778 2778
2779 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 2779 if (!tlsext_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2780 FAIL("failed to build clienthello extensions\n"); 2780 FAIL("failed to build clienthello extensions\n");
@@ -2804,7 +2804,7 @@ test_tlsext_clienthello_build(void)
2804 CBB_init(&cbb, 0); 2804 CBB_init(&cbb, 0);
2805 2805
2806 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */ 2806 /* Switch to TLSv1.1, disable EC ciphers and session tickets. */
2807 S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; 2807 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
2808 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 2808 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
2809 FAIL("failed to set cipher list\n"); 2809 FAIL("failed to set cipher list\n");
2810 goto err; 2810 goto err;
@@ -2887,9 +2887,9 @@ test_tlsext_serverhello_build(void)
2887 goto err; 2887 goto err;
2888 } 2888 }
2889 2889
2890 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 2890 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
2891 S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; 2891 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
2892 S3I(ssl)->hs.cipher = 2892 ssl->s3->hs.cipher =
2893 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); 2893 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
2894 2894
2895 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { 2895 if (!tlsext_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
@@ -2920,8 +2920,8 @@ test_tlsext_serverhello_build(void)
2920 CBB_init(&cbb, 0); 2920 CBB_init(&cbb, 0);
2921 2921
2922 /* Turn a few things on so we get extensions... */ 2922 /* Turn a few things on so we get extensions... */
2923 S3I(ssl)->send_connection_binding = 1; 2923 ssl->s3->send_connection_binding = 1;
2924 S3I(ssl)->hs.cipher = 2924 ssl->s3->hs.cipher =
2925 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256); 2925 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256);
2926 ssl->internal->tlsext_status_expected = 1; 2926 ssl->internal->tlsext_status_expected = 1;
2927 ssl->internal->tlsext_ticket_expected = 1; 2927 ssl->internal->tlsext_ticket_expected = 1;
@@ -2996,7 +2996,7 @@ test_tlsext_versions_client(void)
2996 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2996 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2997 errx(1, "failed to create SSL"); 2997 errx(1, "failed to create SSL");
2998 2998
2999 S3I(ssl)->hs.our_max_tls_version = TLS1_1_VERSION; 2999 ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION;
3000 3000
3001 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3001 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3002 FAIL("client should not need versions\n"); 3002 FAIL("client should not need versions\n");
@@ -3004,7 +3004,7 @@ test_tlsext_versions_client(void)
3004 goto done; 3004 goto done;
3005 } 3005 }
3006 3006
3007 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; 3007 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3008 3008
3009 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3009 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3010 FAIL("client should not need versions\n"); 3010 FAIL("client should not need versions\n");
@@ -3012,7 +3012,7 @@ test_tlsext_versions_client(void)
3012 goto done; 3012 goto done;
3013 } 3013 }
3014 3014
3015 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 3015 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3016 3016
3017 if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3017 if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3018 FAIL("client should need versions\n"); 3018 FAIL("client should need versions\n");
@@ -3020,8 +3020,8 @@ test_tlsext_versions_client(void)
3020 goto done; 3020 goto done;
3021 } 3021 }
3022 3022
3023 S3I(ssl)->hs.our_min_tls_version = TLS1_VERSION; 3023 ssl->s3->hs.our_min_tls_version = TLS1_VERSION;
3024 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 3024 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3025 3025
3026 if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 3026 if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3027 FAIL("client should have built versions\n"); 3027 FAIL("client should have built versions\n");
@@ -3082,7 +3082,7 @@ test_tlsext_versions_server(void)
3082 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3082 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3083 errx(1, "failed to create SSL"); 3083 errx(1, "failed to create SSL");
3084 3084
3085 S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; 3085 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3086 3086
3087 if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3087 if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3088 FAIL("server should not need versions\n"); 3088 FAIL("server should not need versions\n");
@@ -3090,7 +3090,7 @@ test_tlsext_versions_server(void)
3090 goto done; 3090 goto done;
3091 } 3091 }
3092 3092
3093 S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; 3093 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3094 3094
3095 if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3095 if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3096 FAIL("server should need versions\n"); 3096 FAIL("server should need versions\n");
@@ -3172,27 +3172,27 @@ test_tlsext_keyshare_client(void)
3172 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3172 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3173 errx(1, "failed to create SSL"); 3173 errx(1, "failed to create SSL");
3174 3174
3175 if ((S3I(ssl)->hs.key_share = 3175 if ((ssl->s3->hs.key_share =
3176 tls_key_share_new_nid(NID_X25519)) == NULL) 3176 tls_key_share_new_nid(NID_X25519)) == NULL)
3177 errx(1, "failed to create key share"); 3177 errx(1, "failed to create key share");
3178 if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) 3178 if (!tls_key_share_generate(ssl->s3->hs.key_share))
3179 errx(1, "failed to generate key share"); 3179 errx(1, "failed to generate key share");
3180 3180
3181 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; 3181 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3182 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3182 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3183 FAIL("client should not need keyshare\n"); 3183 FAIL("client should not need keyshare\n");
3184 failure = 1; 3184 failure = 1;
3185 goto done; 3185 goto done;
3186 } 3186 }
3187 3187
3188 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 3188 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3189 if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3189 if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3190 FAIL("client should need keyshare\n"); 3190 FAIL("client should need keyshare\n");
3191 failure = 1; 3191 failure = 1;
3192 goto done; 3192 goto done;
3193 } 3193 }
3194 3194
3195 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 3195 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3196 if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { 3196 if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3197 FAIL("client should have built keyshare\n"); 3197 FAIL("client should have built keyshare\n");
3198 failure = 1; 3198 failure = 1;
@@ -3263,13 +3263,13 @@ test_tlsext_keyshare_server(void)
3263 3263
3264 CBB_init(&cbb, 0); 3264 CBB_init(&cbb, 0);
3265 3265
3266 S3I(ssl)->hs.negotiated_tls_version = TLS1_2_VERSION; 3266 ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION;
3267 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3267 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3268 FAIL("server should not need keyshare\n"); 3268 FAIL("server should not need keyshare\n");
3269 goto done; 3269 goto done;
3270 } 3270 }
3271 3271
3272 S3I(ssl)->hs.negotiated_tls_version = TLS1_3_VERSION; 3272 ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION;
3273 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3273 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3274 FAIL("client should not need keyshare\n"); 3274 FAIL("client should not need keyshare\n");
3275 goto done; 3275 goto done;
@@ -3279,7 +3279,7 @@ test_tlsext_keyshare_server(void)
3279 FAIL("failed to find keyshare extension\n"); 3279 FAIL("failed to find keyshare extension\n");
3280 goto done; 3280 goto done;
3281 } 3281 }
3282 S3I(ssl)->hs.extensions_seen |= (1 << idx); 3282 ssl->s3->hs.extensions_seen |= (1 << idx);
3283 3283
3284 if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3284 if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3285 FAIL("server should need keyshare\n"); 3285 FAIL("server should need keyshare\n");
@@ -3291,20 +3291,20 @@ test_tlsext_keyshare_server(void)
3291 goto done; 3291 goto done;
3292 } 3292 }
3293 3293
3294 if ((S3I(ssl)->hs.key_share = 3294 if ((ssl->s3->hs.key_share =
3295 tls_key_share_new_nid(NID_X25519)) == NULL) { 3295 tls_key_share_new_nid(NID_X25519)) == NULL) {
3296 FAIL("failed to create key share"); 3296 FAIL("failed to create key share");
3297 goto done; 3297 goto done;
3298 } 3298 }
3299 3299
3300 if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) { 3300 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3301 FAIL("failed to generate key share"); 3301 FAIL("failed to generate key share");
3302 goto done; 3302 goto done;
3303 } 3303 }
3304 3304
3305 CBS_init(&cbs, bogokey, sizeof(bogokey)); 3305 CBS_init(&cbs, bogokey, sizeof(bogokey));
3306 3306
3307 if (!tls_key_share_peer_public(S3I(ssl)->hs.key_share, &cbs, 3307 if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs,
3308 &decode_error, NULL)) { 3308 &decode_error, NULL)) {
3309 FAIL("failed to load peer public key\n"); 3309 FAIL("failed to load peer public key\n");
3310 goto done; 3310 goto done;
@@ -3326,12 +3326,12 @@ test_tlsext_keyshare_server(void)
3326 goto done; 3326 goto done;
3327 } 3327 }
3328 3328
3329 if ((S3I(ssl)->hs.key_share = 3329 if ((ssl->s3->hs.key_share =
3330 tls_key_share_new_nid(NID_X25519)) == NULL) { 3330 tls_key_share_new_nid(NID_X25519)) == NULL) {
3331 FAIL("failed to create key share"); 3331 FAIL("failed to create key share");
3332 goto done; 3332 goto done;
3333 } 3333 }
3334 if (!tls_key_share_generate(S3I(ssl)->hs.key_share)) { 3334 if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
3335 FAIL("failed to generate key share"); 3335 FAIL("failed to generate key share");
3336 goto done; 3336 goto done;
3337 } 3337 }
@@ -3386,7 +3386,7 @@ test_tlsext_cookie_client(void)
3386 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3386 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3387 errx(1, "failed to create SSL"); 3387 errx(1, "failed to create SSL");
3388 3388
3389 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; 3389 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3390 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3390 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3391 FAIL("client should not need cookie\n"); 3391 FAIL("client should not need cookie\n");
3392 failure = 1; 3392 failure = 1;
@@ -3394,7 +3394,7 @@ test_tlsext_cookie_client(void)
3394 } 3394 }
3395 3395
3396 3396
3397 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 3397 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3398 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3398 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3399 FAIL("client should not need cookie\n"); 3399 FAIL("client should not need cookie\n");
3400 failure = 1; 3400 failure = 1;
@@ -3402,8 +3402,8 @@ test_tlsext_cookie_client(void)
3402 } 3402 }
3403 3403
3404 /* Normally would be set by receiving a server cookie in an HRR */ 3404 /* Normally would be set by receiving a server cookie in an HRR */
3405 S3I(ssl)->hs.tls13.cookie = strdup(cookie); 3405 ssl->s3->hs.tls13.cookie = strdup(cookie);
3406 S3I(ssl)->hs.tls13.cookie_len = strlen(cookie); 3406 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
3407 3407
3408 if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { 3408 if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3409 FAIL("client should need cookie\n"); 3409 FAIL("client should need cookie\n");
@@ -3474,14 +3474,14 @@ test_tlsext_cookie_server(void)
3474 if ((ssl = SSL_new(ssl_ctx)) == NULL) 3474 if ((ssl = SSL_new(ssl_ctx)) == NULL)
3475 errx(1, "failed to create SSL"); 3475 errx(1, "failed to create SSL");
3476 3476
3477 S3I(ssl)->hs.our_max_tls_version = TLS1_2_VERSION; 3477 ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
3478 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3478 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3479 FAIL("server should not need cookie\n"); 3479 FAIL("server should not need cookie\n");
3480 failure = 1; 3480 failure = 1;
3481 goto done; 3481 goto done;
3482 } 3482 }
3483 3483
3484 S3I(ssl)->hs.our_max_tls_version = TLS1_3_VERSION; 3484 ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION;
3485 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { 3485 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3486 FAIL("server should not need cookie\n"); 3486 FAIL("server should not need cookie\n");
3487 failure = 1; 3487 failure = 1;
@@ -3489,8 +3489,8 @@ test_tlsext_cookie_server(void)
3489 } 3489 }
3490 3490
3491 /* Normally would be set by server before sending HRR */ 3491 /* Normally would be set by server before sending HRR */
3492 S3I(ssl)->hs.tls13.cookie = strdup(cookie); 3492 ssl->s3->hs.tls13.cookie = strdup(cookie);
3493 S3I(ssl)->hs.tls13.cookie_len = strlen(cookie); 3493 ssl->s3->hs.tls13.cookie_len = strlen(cookie);
3494 3494
3495 if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) { 3495 if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) {
3496 FAIL("server should need cookie\n"); 3496 FAIL("server should need cookie\n");
@@ -3526,9 +3526,9 @@ test_tlsext_cookie_server(void)
3526 goto done; 3526 goto done;
3527 } 3527 }
3528 3528
3529 freezero(S3I(ssl)->hs.tls13.cookie, S3I(ssl)->hs.tls13.cookie_len); 3529 freezero(ssl->s3->hs.tls13.cookie, ssl->s3->hs.tls13.cookie_len);
3530 S3I(ssl)->hs.tls13.cookie = NULL; 3530 ssl->s3->hs.tls13.cookie = NULL;
3531 S3I(ssl)->hs.tls13.cookie_len = 0; 3531 ssl->s3->hs.tls13.cookie_len = 0;
3532 3532
3533 if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3533 if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3534 FAIL("failed to parse server cookie\n"); 3534 FAIL("failed to parse server cookie\n");
@@ -3536,8 +3536,8 @@ test_tlsext_cookie_server(void)
3536 goto done; 3536 goto done;
3537 } 3537 }
3538 3538
3539 if (memcmp(cookie, S3I(ssl)->hs.tls13.cookie, 3539 if (memcmp(cookie, ssl->s3->hs.tls13.cookie,
3540 S3I(ssl)->hs.tls13.cookie_len) != 0) { 3540 ssl->s3->hs.tls13.cookie_len) != 0) {
3541 FAIL("parsed server cookie does not match sent cookie\n"); 3541 FAIL("parsed server cookie does not match sent cookie\n");
3542 failure = 1; 3542 failure = 1;
3543 goto done; 3543 goto done;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-23 04:28:14 +0000