summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2020-07-03 04:58:41 +0000
committertb <>2020-07-03 04:58:41 +0000
commitcd5634636b770a86f012e00c043170eca4b9bbe2 (patch)
tree48d937e54a94b8b974937bb48cd25d9c2916b254 /src
parent0bfb0ca4cf5c93e1c9f105fdbdcd8825c432e4f1 (diff)
downloadopenbsd-cd5634636b770a86f012e00c043170eca4b9bbe2.tar.gz
openbsd-cd5634636b770a86f012e00c043170eca4b9bbe2.tar.bz2
openbsd-cd5634636b770a86f012e00c043170eca4b9bbe2.zip
tlsexttest: pass message type to the extension functions
ok beck jsing
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c288
1 files changed, 144 insertions, 144 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 46c16a85c4..90294592cf 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.41 2020/07/03 04:13:41 tb Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.42 2020/07/03 04:58:41 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -140,7 +140,7 @@ test_tlsext_alpn_client(void)
140 errx(1, "failed to create SSL"); 140 errx(1, "failed to create SSL");
141 141
142 /* By default, we don't need this */ 142 /* By default, we don't need this */
143 if (tlsext_alpn_client_needs(ssl)) { 143 if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
144 FAIL("client should not need ALPN by default\n"); 144 FAIL("client should not need ALPN by default\n");
145 goto err; 145 goto err;
146 } 146 }
@@ -157,14 +157,14 @@ test_tlsext_alpn_client(void)
157 FAIL("should be able to set ALPN to http/1.1\n"); 157 FAIL("should be able to set ALPN to http/1.1\n");
158 goto err; 158 goto err;
159 } 159 }
160 if (!tlsext_alpn_client_needs(ssl)) { 160 if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
161 FAIL("client should need ALPN by now\n"); 161 FAIL("client should need ALPN by now\n");
162 goto err; 162 goto err;
163 } 163 }
164 164
165 /* Make sure we can build the client with a single proto. */ 165 /* Make sure we can build the client with a single proto. */
166 166
167 if (!tlsext_alpn_client_build(ssl, &cbb)) { 167 if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
168 FAIL("client failed to build ALPN\n"); 168 FAIL("client failed to build ALPN\n");
169 goto err; 169 goto err;
170 } 170 }
@@ -195,7 +195,7 @@ test_tlsext_alpn_client(void)
195 195
196 CBS_init(&cbs, tlsext_alpn_single_proto, 196 CBS_init(&cbs, tlsext_alpn_single_proto,
197 sizeof(tlsext_alpn_single_proto)); 197 sizeof(tlsext_alpn_single_proto));
198 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) { 198 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
199 FAIL("failed to parse ALPN\n"); 199 FAIL("failed to parse ALPN\n");
200 goto err; 200 goto err;
201 } 201 }
@@ -231,12 +231,12 @@ test_tlsext_alpn_client(void)
231 FAIL("should be able to set ALPN to http/1.1\n"); 231 FAIL("should be able to set ALPN to http/1.1\n");
232 goto err; 232 goto err;
233 } 233 }
234 if (!tlsext_alpn_client_needs(ssl)) { 234 if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
235 FAIL("client should need ALPN by now\n"); 235 FAIL("client should need ALPN by now\n");
236 goto err; 236 goto err;
237 } 237 }
238 238
239 if (!tlsext_alpn_client_build(ssl, &cbb)) { 239 if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
240 FAIL("client failed to build ALPN\n"); 240 FAIL("client failed to build ALPN\n");
241 goto err; 241 goto err;
242 } 242 }
@@ -262,7 +262,7 @@ test_tlsext_alpn_client(void)
262 262
263 CBS_init(&cbs, tlsext_alpn_multiple_protos, 263 CBS_init(&cbs, tlsext_alpn_multiple_protos,
264 sizeof(tlsext_alpn_multiple_protos)); 264 sizeof(tlsext_alpn_multiple_protos));
265 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) { 265 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
266 FAIL("failed to parse ALPN\n"); 266 FAIL("failed to parse ALPN\n");
267 goto err; 267 goto err;
268 } 268 }
@@ -297,7 +297,7 @@ test_tlsext_alpn_client(void)
297 ssl->internal->alpn_client_proto_list = NULL; 297 ssl->internal->alpn_client_proto_list = NULL;
298 ssl->internal->alpn_client_proto_list_len = 0; 298 ssl->internal->alpn_client_proto_list_len = 0;
299 299
300 if (tlsext_alpn_client_needs(ssl)) { 300 if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
301 FAIL("client should need ALPN by default\n"); 301 FAIL("client should need ALPN by default\n");
302 goto err; 302 goto err;
303 } 303 }
@@ -334,7 +334,7 @@ test_tlsext_alpn_server(void)
334 errx(1, "failed to create SSL"); 334 errx(1, "failed to create SSL");
335 335
336 /* By default, ALPN isn't needed. */ 336 /* By default, ALPN isn't needed. */
337 if (tlsext_alpn_server_needs(ssl)) { 337 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
338 FAIL("server should not need ALPN by default\n"); 338 FAIL("server should not need ALPN by default\n");
339 goto err; 339 goto err;
340 } 340 }
@@ -352,14 +352,14 @@ test_tlsext_alpn_server(void)
352 sizeof(tlsext_alpn_single_proto_name)); 352 sizeof(tlsext_alpn_single_proto_name));
353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); 353 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
354 354
355 if (!tlsext_alpn_server_needs(ssl)) { 355 if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
356 FAIL("server should need ALPN after a protocol is selected\n"); 356 FAIL("server should need ALPN after a protocol is selected\n");
357 goto err; 357 goto err;
358 } 358 }
359 359
360 /* Make sure we can build a server with one protocol */ 360 /* Make sure we can build a server with one protocol */
361 361
362 if (!tlsext_alpn_server_build(ssl, &cbb)) { 362 if (!tlsext_alpn_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
363 FAIL("server should be able to build a response\n"); 363 FAIL("server should be able to build a response\n");
364 goto err; 364 goto err;
365 } 365 }
@@ -392,7 +392,7 @@ test_tlsext_alpn_server(void)
392 sizeof(tlsext_alpn_single_proto)); 392 sizeof(tlsext_alpn_single_proto));
393 393
394 /* Shouldn't be able to parse without requesting */ 394 /* Shouldn't be able to parse without requesting */
395 if (tlsext_alpn_client_parse(ssl, &cbs, &alert)) { 395 if (tlsext_alpn_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
396 FAIL("Should only parse server if we requested it\n"); 396 FAIL("Should only parse server if we requested it\n");
397 goto err; 397 goto err;
398 } 398 }
@@ -403,7 +403,7 @@ test_tlsext_alpn_server(void)
403 FAIL("should be able to set ALPN to http/1.1\n"); 403 FAIL("should be able to set ALPN to http/1.1\n");
404 goto err; 404 goto err;
405 } 405 }
406 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) { 406 if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
407 FAIL("Should be able to parse server when we request it\n"); 407 FAIL("Should be able to parse server when we request it\n");
408 goto err; 408 goto err;
409 } 409 }
@@ -446,7 +446,7 @@ test_tlsext_alpn_server(void)
446 S3I(ssl)->alpn_selected = NULL; 446 S3I(ssl)->alpn_selected = NULL;
447 S3I(ssl)->alpn_selected_len = 0; 447 S3I(ssl)->alpn_selected_len = 0;
448 448
449 if (tlsext_alpn_server_needs(ssl)) { 449 if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
450 FAIL("server should need ALPN by default\n"); 450 FAIL("server should need ALPN by default\n");
451 goto err; 451 goto err;
452 } 452 }
@@ -519,7 +519,7 @@ test_tlsext_supportedgroups_client(void)
519 /* 519 /*
520 * Default ciphers include EC so we need it by default. 520 * Default ciphers include EC so we need it by default.
521 */ 521 */
522 if (!tlsext_supportedgroups_client_needs(ssl)) { 522 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
523 FAIL("client should need Ellipticcurves for default " 523 FAIL("client should need Ellipticcurves for default "
524 "ciphers\n"); 524 "ciphers\n");
525 goto err; 525 goto err;
@@ -532,7 +532,7 @@ test_tlsext_supportedgroups_client(void)
532 FAIL("client should be able to set cipher list\n"); 532 FAIL("client should be able to set cipher list\n");
533 goto err; 533 goto err;
534 } 534 }
535 if (tlsext_supportedgroups_client_needs(ssl)) { 535 if (tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
536 FAIL("client should not need Ellipticcurves\n"); 536 FAIL("client should not need Ellipticcurves\n");
537 goto err; 537 goto err;
538 } 538 }
@@ -544,7 +544,7 @@ test_tlsext_supportedgroups_client(void)
544 FAIL("client should be able to set cipher list\n"); 544 FAIL("client should be able to set cipher list\n");
545 goto err; 545 goto err;
546 } 546 }
547 if (!tlsext_supportedgroups_client_needs(ssl)) { 547 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
548 FAIL("client should need Ellipticcurves\n"); 548 FAIL("client should need Ellipticcurves\n");
549 goto err; 549 goto err;
550 } 550 }
@@ -563,12 +563,12 @@ test_tlsext_supportedgroups_client(void)
563 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1); 563 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
564 SSI(ssl)->tlsext_supportedgroups_length = 1; 564 SSI(ssl)->tlsext_supportedgroups_length = 1;
565 565
566 if (!tlsext_supportedgroups_client_needs(ssl)) { 566 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
567 FAIL("client should need Ellipticcurves\n"); 567 FAIL("client should need Ellipticcurves\n");
568 goto err; 568 goto err;
569 } 569 }
570 570
571 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) { 571 if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
572 FAIL("client failed to build Ellipticcurves\n"); 572 FAIL("client failed to build Ellipticcurves\n");
573 goto err; 573 goto err;
574 } 574 }
@@ -606,7 +606,7 @@ test_tlsext_supportedgroups_client(void)
606 606
607 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, 607 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
608 sizeof(tlsext_supportedgroups_client_secp384r1)); 608 sizeof(tlsext_supportedgroups_client_secp384r1));
609 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) { 609 if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
610 FAIL("failed to parse client Ellipticcurves\n"); 610 FAIL("failed to parse client Ellipticcurves\n");
611 goto err; 611 goto err;
612 } 612 }
@@ -652,12 +652,12 @@ test_tlsext_supportedgroups_client(void)
652 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1); 652 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
653 ssl->internal->tlsext_supportedgroups_length = 2; 653 ssl->internal->tlsext_supportedgroups_length = 2;
654 654
655 if (!tlsext_supportedgroups_client_needs(ssl)) { 655 if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
656 FAIL("client should need Ellipticcurves\n"); 656 FAIL("client should need Ellipticcurves\n");
657 goto err; 657 goto err;
658 } 658 }
659 659
660 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) { 660 if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
661 FAIL("client failed to build Ellipticcurves\n"); 661 FAIL("client failed to build Ellipticcurves\n");
662 goto err; 662 goto err;
663 } 663 }
@@ -706,7 +706,7 @@ test_tlsext_supportedgroups_client(void)
706 706
707 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, 707 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
708 sizeof(tlsext_supportedgroups_client_nistp192and224)); 708 sizeof(tlsext_supportedgroups_client_nistp192and224));
709 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) { 709 if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
710 FAIL("failed to parse client Ellipticcurves\n"); 710 FAIL("failed to parse client Ellipticcurves\n");
711 goto err; 711 goto err;
712 } 712 }
@@ -759,7 +759,7 @@ test_tlsext_supportedgroups_server(void)
759 if ((ssl = SSL_new(ssl_ctx)) == NULL) 759 if ((ssl = SSL_new(ssl_ctx)) == NULL)
760 errx(1, "failed to create SSL"); 760 errx(1, "failed to create SSL");
761 761
762 if (tlsext_supportedgroups_server_needs(ssl)) { 762 if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
763 FAIL("server should not need elliptic_curves\n"); 763 FAIL("server should not need elliptic_curves\n");
764 goto err; 764 goto err;
765 } 765 }
@@ -767,7 +767,7 @@ test_tlsext_supportedgroups_server(void)
767 if ((ssl->session = SSL_SESSION_new()) == NULL) 767 if ((ssl->session = SSL_SESSION_new()) == NULL)
768 errx(1, "failed to create session"); 768 errx(1, "failed to create session");
769 769
770 if (tlsext_supportedgroups_server_needs(ssl)) { 770 if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
771 FAIL("server should not need elliptic_curves\n"); 771 FAIL("server should not need elliptic_curves\n");
772 goto err; 772 goto err;
773 } 773 }
@@ -837,7 +837,7 @@ test_tlsext_ecpf_client(void)
837 /* 837 /*
838 * Default ciphers include EC so we need it by default. 838 * Default ciphers include EC so we need it by default.
839 */ 839 */
840 if (!tlsext_ecpf_client_needs(ssl)) { 840 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
841 FAIL("client should need ECPointFormats for default " 841 FAIL("client should need ECPointFormats for default "
842 "ciphers\n"); 842 "ciphers\n");
843 goto err; 843 goto err;
@@ -850,7 +850,7 @@ test_tlsext_ecpf_client(void)
850 FAIL("client should be able to set cipher list\n"); 850 FAIL("client should be able to set cipher list\n");
851 goto err; 851 goto err;
852 } 852 }
853 if (tlsext_ecpf_client_needs(ssl)) { 853 if (tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
854 FAIL("client should not need ECPointFormats\n"); 854 FAIL("client should not need ECPointFormats\n");
855 goto err; 855 goto err;
856 } 856 }
@@ -862,7 +862,7 @@ test_tlsext_ecpf_client(void)
862 FAIL("client should be able to set cipher list\n"); 862 FAIL("client should be able to set cipher list\n");
863 goto err; 863 goto err;
864 } 864 }
865 if (!tlsext_ecpf_client_needs(ssl)) { 865 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
866 FAIL("client should need ECPointFormats\n"); 866 FAIL("client should need ECPointFormats\n");
867 goto err; 867 goto err;
868 } 868 }
@@ -873,7 +873,7 @@ test_tlsext_ecpf_client(void)
873 if ((ssl->session = SSL_SESSION_new()) == NULL) 873 if ((ssl->session = SSL_SESSION_new()) == NULL)
874 errx(1, "failed to create session"); 874 errx(1, "failed to create session");
875 875
876 if (!tlsext_ecpf_client_build(ssl, &cbb)) { 876 if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
877 FAIL("client failed to build ECPointFormats\n"); 877 FAIL("client failed to build ECPointFormats\n");
878 goto err; 878 goto err;
879 } 879 }
@@ -911,7 +911,7 @@ test_tlsext_ecpf_client(void)
911 911
912 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, 912 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
913 sizeof(tlsext_ecpf_hello_uncompressed)); 913 sizeof(tlsext_ecpf_hello_uncompressed));
914 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) { 914 if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
915 FAIL("failed to parse client ECPointFormats\n"); 915 FAIL("failed to parse client ECPointFormats\n");
916 goto err; 916 goto err;
917 } 917 }
@@ -955,13 +955,13 @@ test_tlsext_ecpf_client(void)
955 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 955 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
956 ssl->internal->tlsext_ecpointformatlist_length = 3; 956 ssl->internal->tlsext_ecpointformatlist_length = 3;
957 957
958 if (!tlsext_ecpf_client_needs(ssl)) { 958 if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
959 FAIL("client should need ECPointFormats with a custom " 959 FAIL("client should need ECPointFormats with a custom "
960 "format\n"); 960 "format\n");
961 goto err; 961 goto err;
962 } 962 }
963 963
964 if (!tlsext_ecpf_client_build(ssl, &cbb)) { 964 if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
965 FAIL("client failed to build ECPointFormats\n"); 965 FAIL("client failed to build ECPointFormats\n");
966 goto err; 966 goto err;
967 } 967 }
@@ -1004,7 +1004,7 @@ test_tlsext_ecpf_client(void)
1004 1004
1005 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1005 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1006 sizeof(tlsext_ecpf_hello_prefer_order)); 1006 sizeof(tlsext_ecpf_hello_prefer_order));
1007 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) { 1007 if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1008 FAIL("failed to parse client ECPointFormats\n"); 1008 FAIL("failed to parse client ECPointFormats\n");
1009 goto err; 1009 goto err;
1010 } 1010 }
@@ -1077,7 +1077,7 @@ test_tlsext_ecpf_server(void)
1077 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1077 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1078 SSI(ssl)->tlsext_ecpointformatlist_length = 1; 1078 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1079 1079
1080 if (!tlsext_ecpf_server_needs(ssl)) { 1080 if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1081 FAIL("server should need ECPointFormats now\n"); 1081 FAIL("server should need ECPointFormats now\n");
1082 goto err; 1082 goto err;
1083 } 1083 }
@@ -1086,7 +1086,7 @@ test_tlsext_ecpf_server(void)
1086 * The server will ignore the session list and use either a custom 1086 * The server will ignore the session list and use either a custom
1087 * list or the default (uncompressed). 1087 * list or the default (uncompressed).
1088 */ 1088 */
1089 if (!tlsext_ecpf_server_build(ssl, &cbb)) { 1089 if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1090 FAIL("server failed to build ECPointFormats\n"); 1090 FAIL("server failed to build ECPointFormats\n");
1091 goto err; 1091 goto err;
1092 } 1092 }
@@ -1124,7 +1124,7 @@ test_tlsext_ecpf_server(void)
1124 1124
1125 CBS_init(&cbs, tlsext_ecpf_hello_prime, 1125 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1126 sizeof(tlsext_ecpf_hello_prime)); 1126 sizeof(tlsext_ecpf_hello_prime));
1127 if (tlsext_ecpf_client_parse(ssl, &cbs, &alert)) { 1127 if (tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1128 FAIL("must include uncompressed in server ECPointFormats\n"); 1128 FAIL("must include uncompressed in server ECPointFormats\n");
1129 goto err; 1129 goto err;
1130 } 1130 }
@@ -1164,12 +1164,12 @@ test_tlsext_ecpf_server(void)
1164 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1164 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1165 ssl->internal->tlsext_ecpointformatlist_length = 3; 1165 ssl->internal->tlsext_ecpointformatlist_length = 3;
1166 1166
1167 if (!tlsext_ecpf_server_needs(ssl)) { 1167 if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1168 FAIL("server should need ECPointFormats\n"); 1168 FAIL("server should need ECPointFormats\n");
1169 goto err; 1169 goto err;
1170 } 1170 }
1171 1171
1172 if (!tlsext_ecpf_server_build(ssl, &cbb)) { 1172 if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1173 FAIL("server failed to build ECPointFormats\n"); 1173 FAIL("server failed to build ECPointFormats\n");
1174 goto err; 1174 goto err;
1175 } 1175 }
@@ -1212,7 +1212,7 @@ test_tlsext_ecpf_server(void)
1212 1212
1213 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1213 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1214 sizeof(tlsext_ecpf_hello_prefer_order)); 1214 sizeof(tlsext_ecpf_hello_prefer_order));
1215 if (!tlsext_ecpf_client_parse(ssl, &cbs, &alert)) { 1215 if (!tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1216 FAIL("failed to parse server ECPointFormats\n"); 1216 FAIL("failed to parse server ECPointFormats\n");
1217 goto err; 1217 goto err;
1218 } 1218 }
@@ -1295,7 +1295,7 @@ test_tlsext_ri_client(void)
1295 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1295 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1296 errx(1, "failed to create SSL"); 1296 errx(1, "failed to create SSL");
1297 1297
1298 if (tlsext_ri_client_needs(ssl)) { 1298 if (tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1299 FAIL("client should not need RI\n"); 1299 FAIL("client should not need RI\n");
1300 goto err; 1300 goto err;
1301 } 1301 }
@@ -1305,7 +1305,7 @@ test_tlsext_ri_client(void)
1305 goto err; 1305 goto err;
1306 } 1306 }
1307 1307
1308 if (!tlsext_ri_client_needs(ssl)) { 1308 if (!tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1309 FAIL("client should need RI\n"); 1309 FAIL("client should need RI\n");
1310 goto err; 1310 goto err;
1311 } 1311 }
@@ -1316,7 +1316,7 @@ test_tlsext_ri_client(void)
1316 1316
1317 S3I(ssl)->renegotiate_seen = 0; 1317 S3I(ssl)->renegotiate_seen = 0;
1318 1318
1319 if (!tlsext_ri_client_build(ssl, &cbb)) { 1319 if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1320 FAIL("client failed to build RI\n"); 1320 FAIL("client failed to build RI\n");
1321 goto err; 1321 goto err;
1322 } 1322 }
@@ -1340,7 +1340,7 @@ test_tlsext_ri_client(void)
1340 } 1340 }
1341 1341
1342 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1342 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1343 if (!tlsext_ri_server_parse(ssl, &cbs, &alert)) { 1343 if (!tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1344 FAIL("failed to parse client RI\n"); 1344 FAIL("failed to parse client RI\n");
1345 goto err; 1345 goto err;
1346 } 1346 }
@@ -1364,7 +1364,7 @@ test_tlsext_ri_client(void)
1364 S3I(ssl)->renegotiate_seen = 0; 1364 S3I(ssl)->renegotiate_seen = 0;
1365 1365
1366 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1366 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1367 if (tlsext_ri_server_parse(ssl, &cbs, &alert)) { 1367 if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1368 FAIL("parsed invalid client RI\n"); 1368 FAIL("parsed invalid client RI\n");
1369 failure = 1; 1369 failure = 1;
1370 goto err; 1370 goto err;
@@ -1408,14 +1408,14 @@ test_tlsext_ri_server(void)
1408 errx(1, "failed to create SSL"); 1408 errx(1, "failed to create SSL");
1409 1409
1410 ssl->version = TLS1_2_VERSION; 1410 ssl->version = TLS1_2_VERSION;
1411 if (tlsext_ri_server_needs(ssl)) { 1411 if (tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1412 FAIL("server should not need RI\n"); 1412 FAIL("server should not need RI\n");
1413 goto err; 1413 goto err;
1414 } 1414 }
1415 1415
1416 S3I(ssl)->send_connection_binding = 1; 1416 S3I(ssl)->send_connection_binding = 1;
1417 1417
1418 if (!tlsext_ri_server_needs(ssl)) { 1418 if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1419 FAIL("server should need RI\n"); 1419 FAIL("server should need RI\n");
1420 goto err; 1420 goto err;
1421 } 1421 }
@@ -1430,7 +1430,7 @@ test_tlsext_ri_server(void)
1430 1430
1431 S3I(ssl)->renegotiate_seen = 0; 1431 S3I(ssl)->renegotiate_seen = 0;
1432 1432
1433 if (!tlsext_ri_server_build(ssl, &cbb)) { 1433 if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1434 FAIL("server failed to build RI\n"); 1434 FAIL("server failed to build RI\n");
1435 goto err; 1435 goto err;
1436 } 1436 }
@@ -1454,7 +1454,7 @@ test_tlsext_ri_server(void)
1454 } 1454 }
1455 1455
1456 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1456 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1457 if (!tlsext_ri_client_parse(ssl, &cbs, &alert)) { 1457 if (!tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1458 FAIL("failed to parse server RI\n"); 1458 FAIL("failed to parse server RI\n");
1459 goto err; 1459 goto err;
1460 } 1460 }
@@ -1480,7 +1480,7 @@ test_tlsext_ri_server(void)
1480 S3I(ssl)->renegotiate_seen = 0; 1480 S3I(ssl)->renegotiate_seen = 0;
1481 1481
1482 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1482 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1483 if (tlsext_ri_client_parse(ssl, &cbs, &alert)) { 1483 if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1484 FAIL("parsed invalid server RI\n"); 1484 FAIL("parsed invalid server RI\n");
1485 goto err; 1485 goto err;
1486 } 1486 }
@@ -1532,7 +1532,7 @@ test_tlsext_sigalgs_client(void)
1532 1532
1533 ssl->client_version = TLS1_1_VERSION; 1533 ssl->client_version = TLS1_1_VERSION;
1534 1534
1535 if (tlsext_sigalgs_client_needs(ssl)) { 1535 if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1536 fprintf(stderr, "FAIL: client should not need sigalgs\n"); 1536 fprintf(stderr, "FAIL: client should not need sigalgs\n");
1537 failure = 1; 1537 failure = 1;
1538 goto done; 1538 goto done;
@@ -1540,13 +1540,13 @@ test_tlsext_sigalgs_client(void)
1540 1540
1541 ssl->client_version = TLS1_2_VERSION; 1541 ssl->client_version = TLS1_2_VERSION;
1542 1542
1543 if (!tlsext_sigalgs_client_needs(ssl)) { 1543 if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1544 fprintf(stderr, "FAIL: client should need sigalgs\n"); 1544 fprintf(stderr, "FAIL: client should need sigalgs\n");
1545 failure = 1; 1545 failure = 1;
1546 goto done; 1546 goto done;
1547 } 1547 }
1548 1548
1549 if (!tlsext_sigalgs_client_build(ssl, &cbb)) { 1549 if (!tlsext_sigalgs_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1550 fprintf(stderr, "FAIL: client failed to build sigalgs\n"); 1550 fprintf(stderr, "FAIL: client failed to build sigalgs\n");
1551 failure = 1; 1551 failure = 1;
1552 goto done; 1552 goto done;
@@ -1573,7 +1573,7 @@ test_tlsext_sigalgs_client(void)
1573 } 1573 }
1574 1574
1575 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1575 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1576 if (!tlsext_sigalgs_server_parse(ssl, &cbs, &alert)) { 1576 if (!tlsext_sigalgs_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1577 fprintf(stderr, "FAIL: failed to parse client SNI\n"); 1577 fprintf(stderr, "FAIL: failed to parse client SNI\n");
1578 failure = 1; 1578 failure = 1;
1579 goto done; 1579 goto done;
@@ -1612,13 +1612,13 @@ test_tlsext_sigalgs_server(void)
1612 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1612 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1613 errx(1, "failed to create SSL"); 1613 errx(1, "failed to create SSL");
1614 1614
1615 if (tlsext_sigalgs_server_needs(ssl)) { 1615 if (tlsext_sigalgs_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1616 fprintf(stderr, "FAIL: server should not need sigalgs\n"); 1616 fprintf(stderr, "FAIL: server should not need sigalgs\n");
1617 failure = 1; 1617 failure = 1;
1618 goto done; 1618 goto done;
1619 } 1619 }
1620 1620
1621 if (tlsext_sigalgs_server_build(ssl, &cbb)) { 1621 if (tlsext_sigalgs_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1622 fprintf(stderr, "FAIL: server should not build sigalgs\n"); 1622 fprintf(stderr, "FAIL: server should not build sigalgs\n");
1623 failure = 1; 1623 failure = 1;
1624 goto done; 1624 goto done;
@@ -1628,7 +1628,7 @@ test_tlsext_sigalgs_server(void)
1628 errx(1, "failed to finish CBB"); 1628 errx(1, "failed to finish CBB");
1629 1629
1630 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1630 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1631 if (tlsext_sigalgs_client_parse(ssl, &cbs, &alert)) { 1631 if (tlsext_sigalgs_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1632 fprintf(stderr, "FAIL: server should not parse sigalgs\n"); 1632 fprintf(stderr, "FAIL: server should not parse sigalgs\n");
1633 failure = 1; 1633 failure = 1;
1634 goto done; 1634 goto done;
@@ -1680,7 +1680,7 @@ test_tlsext_sni_client(void)
1680 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1680 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1681 errx(1, "failed to create SSL"); 1681 errx(1, "failed to create SSL");
1682 1682
1683 if (tlsext_sni_client_needs(ssl)) { 1683 if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1684 FAIL("client should not need SNI\n"); 1684 FAIL("client should not need SNI\n");
1685 goto err; 1685 goto err;
1686 } 1686 }
@@ -1690,12 +1690,12 @@ test_tlsext_sni_client(void)
1690 goto err; 1690 goto err;
1691 } 1691 }
1692 1692
1693 if (!tlsext_sni_client_needs(ssl)) { 1693 if (!tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1694 FAIL("client should need SNI\n"); 1694 FAIL("client should need SNI\n");
1695 goto err; 1695 goto err;
1696 } 1696 }
1697 1697
1698 if (!tlsext_sni_client_build(ssl, &cbb)) { 1698 if (!tlsext_sni_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1699 FAIL("client failed to build SNI\n"); 1699 FAIL("client failed to build SNI\n");
1700 goto err; 1700 goto err;
1701 } 1701 }
@@ -1724,7 +1724,7 @@ test_tlsext_sni_client(void)
1724 ssl->internal->hit = 0; 1724 ssl->internal->hit = 0;
1725 1725
1726 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1726 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1727 if (!tlsext_sni_server_parse(ssl, &cbs, &alert)) { 1727 if (!tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1728 FAIL("failed to parse client SNI\n"); 1728 FAIL("failed to parse client SNI\n");
1729 goto err; 1729 goto err;
1730 } 1730 }
@@ -1753,7 +1753,7 @@ test_tlsext_sni_client(void)
1753 errx(1, "failed to strdup tlsext_hostname"); 1753 errx(1, "failed to strdup tlsext_hostname");
1754 1754
1755 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1755 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1756 if (tlsext_sni_server_parse(ssl, &cbs, &alert)) { 1756 if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1757 FAIL("parsed client with mismatched SNI\n"); 1757 FAIL("parsed client with mismatched SNI\n");
1758 goto err; 1758 goto err;
1759 } 1759 }
@@ -1793,7 +1793,7 @@ test_tlsext_sni_server(void)
1793 if ((ssl->session = SSL_SESSION_new()) == NULL) 1793 if ((ssl->session = SSL_SESSION_new()) == NULL)
1794 errx(1, "failed to create session"); 1794 errx(1, "failed to create session");
1795 1795
1796 if (tlsext_sni_server_needs(ssl)) { 1796 if (tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1797 FAIL("server should not need SNI\n"); 1797 FAIL("server should not need SNI\n");
1798 goto err; 1798 goto err;
1799 } 1799 }
@@ -1807,12 +1807,12 @@ test_tlsext_sni_server(void)
1807 NULL) 1807 NULL)
1808 errx(1, "failed to strdup tlsext_hostname"); 1808 errx(1, "failed to strdup tlsext_hostname");
1809 1809
1810 if (!tlsext_sni_server_needs(ssl)) { 1810 if (!tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1811 FAIL("server should need SNI\n"); 1811 FAIL("server should need SNI\n");
1812 goto err; 1812 goto err;
1813 } 1813 }
1814 1814
1815 if (!tlsext_sni_server_build(ssl, &cbb)) { 1815 if (!tlsext_sni_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1816 FAIL("server failed to build SNI\n"); 1816 FAIL("server failed to build SNI\n");
1817 goto err; 1817 goto err;
1818 } 1818 }
@@ -1839,7 +1839,7 @@ test_tlsext_sni_server(void)
1839 ssl->session->tlsext_hostname = NULL; 1839 ssl->session->tlsext_hostname = NULL;
1840 1840
1841 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server)); 1841 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
1842 if (!tlsext_sni_client_parse(ssl, &cbs, &alert)) { 1842 if (!tlsext_sni_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
1843 FAIL("failed to parse server SNI\n"); 1843 FAIL("failed to parse server SNI\n");
1844 goto err; 1844 goto err;
1845 } 1845 }
@@ -1897,17 +1897,17 @@ test_tlsext_ocsp_client(void)
1897 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1897 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1898 errx(1, "failed to create SSL"); 1898 errx(1, "failed to create SSL");
1899 1899
1900 if (tlsext_ocsp_client_needs(ssl)) { 1900 if (tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1901 FAIL("client should not need ocsp\n"); 1901 FAIL("client should not need ocsp\n");
1902 goto err; 1902 goto err;
1903 } 1903 }
1904 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); 1904 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
1905 1905
1906 if (!tlsext_ocsp_client_needs(ssl)) { 1906 if (!tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
1907 FAIL("client should need ocsp\n"); 1907 FAIL("client should need ocsp\n");
1908 goto err; 1908 goto err;
1909 } 1909 }
1910 if (!tlsext_ocsp_client_build(ssl, &cbb)) { 1910 if (!tlsext_ocsp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
1911 FAIL("client failed to build SNI\n"); 1911 FAIL("client failed to build SNI\n");
1912 goto err; 1912 goto err;
1913 } 1913 }
@@ -1931,7 +1931,7 @@ test_tlsext_ocsp_client(void)
1931 } 1931 }
1932 CBS_init(&cbs, tls_ocsp_client_default, 1932 CBS_init(&cbs, tls_ocsp_client_default,
1933 sizeof(tls_ocsp_client_default)); 1933 sizeof(tls_ocsp_client_default));
1934 if (!tlsext_ocsp_server_parse(ssl, &cbs, &alert)) { 1934 if (!tlsext_ocsp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
1935 FAIL("failed to parse ocsp client\n"); 1935 FAIL("failed to parse ocsp client\n");
1936 goto err; 1936 goto err;
1937 } 1937 }
@@ -1970,18 +1970,18 @@ test_tlsext_ocsp_server(void)
1970 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1970 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1971 errx(1, "failed to create SSL"); 1971 errx(1, "failed to create SSL");
1972 1972
1973 if (tlsext_ocsp_server_needs(ssl)) { 1973 if (tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1974 FAIL("server should not need ocsp\n"); 1974 FAIL("server should not need ocsp\n");
1975 goto err; 1975 goto err;
1976 } 1976 }
1977 1977
1978 ssl->internal->tlsext_status_expected = 1; 1978 ssl->internal->tlsext_status_expected = 1;
1979 1979
1980 if (!tlsext_ocsp_server_needs(ssl)) { 1980 if (!tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
1981 FAIL("server should need ocsp\n"); 1981 FAIL("server should need ocsp\n");
1982 goto err; 1982 goto err;
1983 } 1983 }
1984 if (!tlsext_ocsp_server_build(ssl, &cbb)) { 1984 if (!tlsext_ocsp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
1985 FAIL("server failed to build ocsp\n"); 1985 FAIL("server failed to build ocsp\n");
1986 goto err; 1986 goto err;
1987 } 1987 }
@@ -2037,7 +2037,7 @@ test_tlsext_sessionticket_client(void)
2037 errx(1, "failed to create SSL"); 2037 errx(1, "failed to create SSL");
2038 2038
2039 /* Should need a ticket by default. */ 2039 /* Should need a ticket by default. */
2040 if (!tlsext_sessionticket_client_needs(ssl)) { 2040 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2041 FAIL("client should need Sessionticket for default " 2041 FAIL("client should need Sessionticket for default "
2042 "ciphers\n"); 2042 "ciphers\n");
2043 goto err; 2043 goto err;
@@ -2048,7 +2048,7 @@ test_tlsext_sessionticket_client(void)
2048 FAIL("Cannot disable tickets in the TLS connection\n"); 2048 FAIL("Cannot disable tickets in the TLS connection\n");
2049 return 0; 2049 return 0;
2050 } 2050 }
2051 if (tlsext_sessionticket_client_needs(ssl)) { 2051 if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2052 FAIL("client should not need SessionTicket if it was disabled\n"); 2052 FAIL("client should not need SessionTicket if it was disabled\n");
2053 goto err; 2053 goto err;
2054 } 2054 }
@@ -2058,13 +2058,13 @@ test_tlsext_sessionticket_client(void)
2058 FAIL("Cannot re-enable tickets in the TLS connection\n"); 2058 FAIL("Cannot re-enable tickets in the TLS connection\n");
2059 return 0; 2059 return 0;
2060 } 2060 }
2061 if (!tlsext_sessionticket_client_needs(ssl)) { 2061 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2062 FAIL("client should need SessionTicket if it was disabled\n"); 2062 FAIL("client should need SessionTicket if it was disabled\n");
2063 goto err; 2063 goto err;
2064 } 2064 }
2065 2065
2066 /* Since we don't have a session, we should build an empty ticket. */ 2066 /* Since we don't have a session, we should build an empty ticket. */
2067 if (!tlsext_sessionticket_client_build(ssl, &cbb)) { 2067 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2068 FAIL("Cannot build a ticket\n"); 2068 FAIL("Cannot build a ticket\n");
2069 goto err; 2069 goto err;
2070 } 2070 }
@@ -2085,11 +2085,11 @@ test_tlsext_sessionticket_client(void)
2085 /* With a new session (but no ticket), we should still have 0 length */ 2085 /* With a new session (but no ticket), we should still have 0 length */
2086 if ((ssl->session = SSL_SESSION_new()) == NULL) 2086 if ((ssl->session = SSL_SESSION_new()) == NULL)
2087 errx(1, "failed to create session"); 2087 errx(1, "failed to create session");
2088 if (!tlsext_sessionticket_client_needs(ssl)) { 2088 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2089 FAIL("Should still want a session ticket with a new session\n"); 2089 FAIL("Should still want a session ticket with a new session\n");
2090 goto err; 2090 goto err;
2091 } 2091 }
2092 if (!tlsext_sessionticket_client_build(ssl, &cbb)) { 2092 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2093 FAIL("Cannot build a ticket\n"); 2093 FAIL("Cannot build a ticket\n");
2094 goto err; 2094 goto err;
2095 } 2095 }
@@ -2119,11 +2119,11 @@ test_tlsext_sessionticket_client(void)
2119 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); 2119 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2120 ssl->session->tlsext_ticklen = sizeof(dummy); 2120 ssl->session->tlsext_ticklen = sizeof(dummy);
2121 2121
2122 if (!tlsext_sessionticket_client_needs(ssl)) { 2122 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2123 FAIL("Should still want a session ticket with a new session\n"); 2123 FAIL("Should still want a session ticket with a new session\n");
2124 goto err; 2124 goto err;
2125 } 2125 }
2126 if (!tlsext_sessionticket_client_build(ssl, &cbb)) { 2126 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2127 FAIL("Cannot build a ticket\n"); 2127 FAIL("Cannot build a ticket\n");
2128 goto err; 2128 goto err;
2129 } 2129 }
@@ -2159,7 +2159,7 @@ test_tlsext_sessionticket_client(void)
2159 goto err; 2159 goto err;
2160 } 2160 }
2161 /* Should not need a ticket in this case */ 2161 /* Should not need a ticket in this case */
2162 if (tlsext_sessionticket_client_needs(ssl)) { 2162 if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2163 FAIL("Should not want to use session tickets with a NULL custom\n"); 2163 FAIL("Should not want to use session tickets with a NULL custom\n");
2164 goto err; 2164 goto err;
2165 } 2165 }
@@ -2171,7 +2171,7 @@ test_tlsext_sessionticket_client(void)
2171 free(ssl->internal->tlsext_session_ticket); 2171 free(ssl->internal->tlsext_session_ticket);
2172 ssl->internal->tlsext_session_ticket = NULL; 2172 ssl->internal->tlsext_session_ticket = NULL;
2173 2173
2174 if (!tlsext_sessionticket_client_needs(ssl)) { 2174 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2175 FAIL("Should need a session ticket again when the custom one is removed\n"); 2175 FAIL("Should need a session ticket again when the custom one is removed\n");
2176 goto err; 2176 goto err;
2177 } 2177 }
@@ -2182,11 +2182,11 @@ test_tlsext_sessionticket_client(void)
2182 FAIL("Should be able to set a custom ticket\n"); 2182 FAIL("Should be able to set a custom ticket\n");
2183 goto err; 2183 goto err;
2184 } 2184 }
2185 if (!tlsext_sessionticket_client_needs(ssl)) { 2185 if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2186 FAIL("Should need a session ticket again when the custom one is not empty\n"); 2186 FAIL("Should need a session ticket again when the custom one is not empty\n");
2187 goto err; 2187 goto err;
2188 } 2188 }
2189 if (!tlsext_sessionticket_client_build(ssl, &cbb)) { 2189 if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2190 FAIL("Cannot build a ticket with a max length random payload\n"); 2190 FAIL("Cannot build a ticket with a max length random payload\n");
2191 goto err; 2191 goto err;
2192 } 2192 }
@@ -2243,7 +2243,7 @@ test_tlsext_sessionticket_server(void)
2243 * By default, should not need a session ticket since the ticket 2243 * By default, should not need a session ticket since the ticket
2244 * is not yet expected. 2244 * is not yet expected.
2245 */ 2245 */
2246 if (tlsext_sessionticket_server_needs(ssl)) { 2246 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2247 FAIL("server should not need SessionTicket by default\n"); 2247 FAIL("server should not need SessionTicket by default\n");
2248 goto err; 2248 goto err;
2249 } 2249 }
@@ -2253,7 +2253,7 @@ test_tlsext_sessionticket_server(void)
2253 FAIL("Cannot disable tickets in the TLS connection\n"); 2253 FAIL("Cannot disable tickets in the TLS connection\n");
2254 return 0; 2254 return 0;
2255 } 2255 }
2256 if (tlsext_sessionticket_server_needs(ssl)) { 2256 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2257 FAIL("server should not need SessionTicket if it was disabled\n"); 2257 FAIL("server should not need SessionTicket if it was disabled\n");
2258 goto err; 2258 goto err;
2259 } 2259 }
@@ -2263,20 +2263,20 @@ test_tlsext_sessionticket_server(void)
2263 FAIL("Cannot re-enable tickets in the TLS connection\n"); 2263 FAIL("Cannot re-enable tickets in the TLS connection\n");
2264 return 0; 2264 return 0;
2265 } 2265 }
2266 if (tlsext_sessionticket_server_needs(ssl)) { 2266 if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2267 FAIL("server should not need SessionTicket yet\n"); 2267 FAIL("server should not need SessionTicket yet\n");
2268 goto err; 2268 goto err;
2269 } 2269 }
2270 2270
2271 /* Set expected to require it. */ 2271 /* Set expected to require it. */
2272 ssl->internal->tlsext_ticket_expected = 1; 2272 ssl->internal->tlsext_ticket_expected = 1;
2273 if (!tlsext_sessionticket_server_needs(ssl)) { 2273 if (!tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2274 FAIL("server should now be required for SessionTicket\n"); 2274 FAIL("server should now be required for SessionTicket\n");
2275 goto err; 2275 goto err;
2276 } 2276 }
2277 2277
2278 /* server hello's session ticket should always be 0 length payload. */ 2278 /* server hello's session ticket should always be 0 length payload. */
2279 if (!tlsext_sessionticket_server_build(ssl, &cbb)) { 2279 if (!tlsext_sessionticket_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2280 FAIL("Cannot build a ticket with a max length random payload\n"); 2280 FAIL("Cannot build a ticket with a max length random payload\n");
2281 goto err; 2281 goto err;
2282 } 2282 }
@@ -2371,7 +2371,7 @@ test_tlsext_srtp_client(void)
2371 errx(1, "failed to create SSL"); 2371 errx(1, "failed to create SSL");
2372 2372
2373 /* By default, we don't need this */ 2373 /* By default, we don't need this */
2374 if (tlsext_srtp_client_needs(ssl)) { 2374 if (tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2375 FAIL("client should not need SRTP by default\n"); 2375 FAIL("client should not need SRTP by default\n");
2376 goto err; 2376 goto err;
2377 } 2377 }
@@ -2380,14 +2380,14 @@ test_tlsext_srtp_client(void)
2380 FAIL("should be able to set a single SRTP\n"); 2380 FAIL("should be able to set a single SRTP\n");
2381 goto err; 2381 goto err;
2382 } 2382 }
2383 if (!tlsext_srtp_client_needs(ssl)) { 2383 if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2384 FAIL("client should need SRTP\n"); 2384 FAIL("client should need SRTP\n");
2385 goto err; 2385 goto err;
2386 } 2386 }
2387 2387
2388 /* Make sure we can build the client with a single profile. */ 2388 /* Make sure we can build the client with a single profile. */
2389 2389
2390 if (!tlsext_srtp_client_build(ssl, &cbb)) { 2390 if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2391 FAIL("client failed to build SRTP\n"); 2391 FAIL("client failed to build SRTP\n");
2392 goto err; 2392 goto err;
2393 } 2393 }
@@ -2422,7 +2422,7 @@ test_tlsext_srtp_client(void)
2422 } 2422 }
2423 2423
2424 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2424 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2425 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { 2425 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2426 FAIL("failed to parse SRTP\n"); 2426 FAIL("failed to parse SRTP\n");
2427 goto err; 2427 goto err;
2428 } 2428 }
@@ -2440,7 +2440,7 @@ test_tlsext_srtp_client(void)
2440 goto err; 2440 goto err;
2441 } 2441 }
2442 2442
2443 if (!tlsext_srtp_server_needs(ssl)) { 2443 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2444 FAIL("should send server extension when profile selected\n"); 2444 FAIL("should send server extension when profile selected\n");
2445 goto err; 2445 goto err;
2446 } 2446 }
@@ -2451,12 +2451,12 @@ test_tlsext_srtp_client(void)
2451 FAIL("should be able to set SRTP to multiple profiles\n"); 2451 FAIL("should be able to set SRTP to multiple profiles\n");
2452 goto err; 2452 goto err;
2453 } 2453 }
2454 if (!tlsext_srtp_client_needs(ssl)) { 2454 if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2455 FAIL("client should need SRTP by now\n"); 2455 FAIL("client should need SRTP by now\n");
2456 goto err; 2456 goto err;
2457 } 2457 }
2458 2458
2459 if (!tlsext_srtp_client_build(ssl, &cbb)) { 2459 if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2460 FAIL("client failed to build SRTP\n"); 2460 FAIL("client failed to build SRTP\n");
2461 goto err; 2461 goto err;
2462 } 2462 }
@@ -2489,7 +2489,7 @@ test_tlsext_srtp_client(void)
2489 2489
2490 CBS_init(&cbs, tlsext_srtp_multiple, 2490 CBS_init(&cbs, tlsext_srtp_multiple,
2491 sizeof(tlsext_srtp_multiple)); 2491 sizeof(tlsext_srtp_multiple));
2492 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { 2492 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2493 FAIL("failed to parse SRTP\n"); 2493 FAIL("failed to parse SRTP\n");
2494 goto err; 2494 goto err;
2495 } 2495 }
@@ -2507,7 +2507,7 @@ test_tlsext_srtp_client(void)
2507 goto err; 2507 goto err;
2508 } 2508 }
2509 2509
2510 if (!tlsext_srtp_server_needs(ssl)) { 2510 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2511 FAIL("should send server extension when profile selected\n"); 2511 FAIL("should send server extension when profile selected\n");
2512 goto err; 2512 goto err;
2513 } 2513 }
@@ -2520,7 +2520,7 @@ test_tlsext_srtp_client(void)
2520 2520
2521 CBS_init(&cbs, tlsext_srtp_multiple_one_valid, 2521 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2522 sizeof(tlsext_srtp_multiple_one_valid)); 2522 sizeof(tlsext_srtp_multiple_one_valid));
2523 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { 2523 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2524 FAIL("failed to parse SRTP\n"); 2524 FAIL("failed to parse SRTP\n");
2525 goto err; 2525 goto err;
2526 } 2526 }
@@ -2538,7 +2538,7 @@ test_tlsext_srtp_client(void)
2538 goto err; 2538 goto err;
2539 } 2539 }
2540 2540
2541 if (!tlsext_srtp_server_needs(ssl)) { 2541 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2542 FAIL("should send server extension when profile selected\n"); 2542 FAIL("should send server extension when profile selected\n");
2543 goto err; 2543 goto err;
2544 } 2544 }
@@ -2549,7 +2549,7 @@ test_tlsext_srtp_client(void)
2549 2549
2550 CBS_init(&cbs, tlsext_srtp_multiple_invalid, 2550 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
2551 sizeof(tlsext_srtp_multiple_invalid)); 2551 sizeof(tlsext_srtp_multiple_invalid));
2552 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { 2552 if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
2553 FAIL("should be able to fall back to negotiated\n"); 2553 FAIL("should be able to fall back to negotiated\n");
2554 goto err; 2554 goto err;
2555 } 2555 }
@@ -2563,7 +2563,7 @@ test_tlsext_srtp_client(void)
2563 FAIL("should not have selected a profile when none found\n"); 2563 FAIL("should not have selected a profile when none found\n");
2564 goto err; 2564 goto err;
2565 } 2565 }
2566 if (tlsext_srtp_server_needs(ssl)) { 2566 if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2567 FAIL("should not send server tlsext when no profile found\n"); 2567 FAIL("should not send server tlsext when no profile found\n");
2568 goto err; 2568 goto err;
2569 } 2569 }
@@ -2602,7 +2602,7 @@ test_tlsext_srtp_server(void)
2602 errx(1, "failed to create SSL"); 2602 errx(1, "failed to create SSL");
2603 2603
2604 /* By default, we don't need this */ 2604 /* By default, we don't need this */
2605 if (tlsext_srtp_server_needs(ssl)) { 2605 if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2606 FAIL("server should not need SRTP by default\n"); 2606 FAIL("server should not need SRTP by default\n");
2607 goto err; 2607 goto err;
2608 } 2608 }
@@ -2613,14 +2613,14 @@ test_tlsext_srtp_server(void)
2613 goto err; 2613 goto err;
2614 } 2614 }
2615 ssl->internal->srtp_profile = prof; 2615 ssl->internal->srtp_profile = prof;
2616 if (!tlsext_srtp_server_needs(ssl)) { 2616 if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
2617 FAIL("server should need SRTP by now\n"); 2617 FAIL("server should need SRTP by now\n");
2618 goto err; 2618 goto err;
2619 } 2619 }
2620 2620
2621 /* Make sure we can build the server with a single profile. */ 2621 /* Make sure we can build the server with a single profile. */
2622 2622
2623 if (!tlsext_srtp_server_build(ssl, &cbb)) { 2623 if (!tlsext_srtp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
2624 FAIL("server failed to build SRTP\n"); 2624 FAIL("server failed to build SRTP\n");
2625 goto err; 2625 goto err;
2626 } 2626 }
@@ -2662,7 +2662,7 @@ test_tlsext_srtp_server(void)
2662 } 2662 }
2663 2663
2664 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2664 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2665 if (!tlsext_srtp_client_parse(ssl, &cbs, &alert)) { 2665 if (!tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2666 FAIL("failed to parse SRTP\n"); 2666 FAIL("failed to parse SRTP\n");
2667 goto err; 2667 goto err;
2668 } 2668 }
@@ -2685,7 +2685,7 @@ test_tlsext_srtp_server(void)
2685 2685
2686 CBS_init(&cbs, tlsext_srtp_multiple, 2686 CBS_init(&cbs, tlsext_srtp_multiple,
2687 sizeof(tlsext_srtp_multiple)); 2687 sizeof(tlsext_srtp_multiple));
2688 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) { 2688 if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2689 FAIL("should not find multiple entries from the server\n"); 2689 FAIL("should not find multiple entries from the server\n");
2690 goto err; 2690 goto err;
2691 } 2691 }
@@ -2695,7 +2695,7 @@ test_tlsext_srtp_server(void)
2695 2695
2696 CBS_init(&cbs, tlsext_srtp_single_invalid, 2696 CBS_init(&cbs, tlsext_srtp_single_invalid,
2697 sizeof(tlsext_srtp_single_invalid)); 2697 sizeof(tlsext_srtp_single_invalid));
2698 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) { 2698 if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
2699 FAIL("should not be able to parse this\n"); 2699 FAIL("should not be able to parse this\n");
2700 goto err; 2700 goto err;
2701 } 2701 }
@@ -2948,7 +2948,7 @@ test_tlsext_versions_client(void)
2948 2948
2949 S3I(ssl)->hs_tls13.max_version = 0; 2949 S3I(ssl)->hs_tls13.max_version = 0;
2950 2950
2951 if (tlsext_versions_client_needs(ssl)) { 2951 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2952 FAIL("client should not need versions\n"); 2952 FAIL("client should not need versions\n");
2953 failure = 1; 2953 failure = 1;
2954 goto done; 2954 goto done;
@@ -2956,7 +2956,7 @@ test_tlsext_versions_client(void)
2956 2956
2957 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 2957 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
2958 2958
2959 if (tlsext_versions_client_needs(ssl)) { 2959 if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2960 FAIL("client should not need versions\n"); 2960 FAIL("client should not need versions\n");
2961 failure = 1; 2961 failure = 1;
2962 goto done; 2962 goto done;
@@ -2964,7 +2964,7 @@ test_tlsext_versions_client(void)
2964 2964
2965 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 2965 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2966 2966
2967 if (!tlsext_versions_client_needs(ssl)) { 2967 if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
2968 FAIL("client should need versions\n"); 2968 FAIL("client should need versions\n");
2969 failure = 1; 2969 failure = 1;
2970 goto done; 2970 goto done;
@@ -2972,7 +2972,7 @@ test_tlsext_versions_client(void)
2972 2972
2973 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 2973 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2974 S3I(ssl)->hs_tls13.min_version = 0; 2974 S3I(ssl)->hs_tls13.min_version = 0;
2975 if (tlsext_versions_client_build(ssl, &cbb)) { 2975 if (tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2976 FAIL("client should not have built versions\n"); 2976 FAIL("client should not have built versions\n");
2977 failure = 1; 2977 failure = 1;
2978 goto done; 2978 goto done;
@@ -2980,7 +2980,7 @@ test_tlsext_versions_client(void)
2980 2980
2981 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 2981 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
2982 S3I(ssl)->hs_tls13.min_version = TLS1_VERSION; 2982 S3I(ssl)->hs_tls13.min_version = TLS1_VERSION;
2983 if (!tlsext_versions_client_build(ssl, &cbb)) { 2983 if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
2984 FAIL("client should have built versions\n"); 2984 FAIL("client should have built versions\n");
2985 failure = 1; 2985 failure = 1;
2986 goto done; 2986 goto done;
@@ -3000,7 +3000,7 @@ test_tlsext_versions_client(void)
3000 } 3000 }
3001 3001
3002 CBS_init(&cbs, data, dlen); 3002 CBS_init(&cbs, data, dlen);
3003 if (!tlsext_versions_server_parse(ssl, &cbs, &alert)) { 3003 if (!tlsext_versions_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3004 FAIL("failed to parse client versions\n"); 3004 FAIL("failed to parse client versions\n");
3005 failure = 1; 3005 failure = 1;
3006 goto done; 3006 goto done;
@@ -3041,7 +3041,7 @@ test_tlsext_versions_server(void)
3041 3041
3042 ssl->version = TLS1_2_VERSION; 3042 ssl->version = TLS1_2_VERSION;
3043 3043
3044 if (tlsext_versions_server_needs(ssl)) { 3044 if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3045 FAIL("server should not need versions\n"); 3045 FAIL("server should not need versions\n");
3046 failure = 1; 3046 failure = 1;
3047 goto done; 3047 goto done;
@@ -3049,13 +3049,13 @@ test_tlsext_versions_server(void)
3049 3049
3050 ssl->version = TLS1_3_VERSION; 3050 ssl->version = TLS1_3_VERSION;
3051 3051
3052 if (!tlsext_versions_server_needs(ssl)) { 3052 if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3053 FAIL("server should need versions\n"); 3053 FAIL("server should need versions\n");
3054 failure = 1; 3054 failure = 1;
3055 goto done; 3055 goto done;
3056 } 3056 }
3057 3057
3058 if (!tlsext_versions_server_build(ssl, &cbb)) { 3058 if (!tlsext_versions_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3059 FAIL("server should have built versions\n"); 3059 FAIL("server should have built versions\n");
3060 failure = 1; 3060 failure = 1;
3061 goto done; 3061 goto done;
@@ -3075,7 +3075,7 @@ test_tlsext_versions_server(void)
3075 } 3075 }
3076 3076
3077 CBS_init(&cbs, data, dlen); 3077 CBS_init(&cbs, data, dlen);
3078 if (!tlsext_versions_client_parse(ssl, &cbs, &alert)) { 3078 if (!tlsext_versions_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3079 FAIL("failed to parse client versions\n"); 3079 FAIL("failed to parse client versions\n");
3080 failure = 1; 3080 failure = 1;
3081 goto done; 3081 goto done;
@@ -3137,28 +3137,28 @@ test_tlsext_keyshare_client(void)
3137 3137
3138 S3I(ssl)->hs_tls13.max_version = 0; 3138 S3I(ssl)->hs_tls13.max_version = 0;
3139 3139
3140 if (tlsext_keyshare_client_needs(ssl)) { 3140 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3141 FAIL("client should not need keyshare\n"); 3141 FAIL("client should not need keyshare\n");
3142 failure = 1; 3142 failure = 1;
3143 goto done; 3143 goto done;
3144 } 3144 }
3145 3145
3146 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 3146 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3147 if (tlsext_keyshare_client_needs(ssl)) { 3147 if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3148 FAIL("client should not need keyshare\n"); 3148 FAIL("client should not need keyshare\n");
3149 failure = 1; 3149 failure = 1;
3150 goto done; 3150 goto done;
3151 } 3151 }
3152 3152
3153 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3153 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3154 if (!tlsext_keyshare_client_needs(ssl)) { 3154 if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3155 FAIL("client should need keyshare\n"); 3155 FAIL("client should need keyshare\n");
3156 failure = 1; 3156 failure = 1;
3157 goto done; 3157 goto done;
3158 } 3158 }
3159 3159
3160 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3160 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3161 if (!tlsext_keyshare_client_build(ssl, &cbb)) { 3161 if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3162 FAIL("client should have built keyshare\n"); 3162 FAIL("client should have built keyshare\n");
3163 failure = 1; 3163 failure = 1;
3164 goto done; 3164 goto done;
@@ -3180,7 +3180,7 @@ test_tlsext_keyshare_client(void)
3180 (ssl)->version = TLS1_3_VERSION; 3180 (ssl)->version = TLS1_3_VERSION;
3181 CBS_init(&cbs, data, dlen); 3181 CBS_init(&cbs, data, dlen);
3182 3182
3183 if (!tlsext_keyshare_server_parse(ssl, &cbs, &alert)) { 3183 if (!tlsext_keyshare_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3184 FAIL("failed to parse client keyshare\n"); 3184 FAIL("failed to parse client keyshare\n");
3185 failure = 1; 3185 failure = 1;
3186 goto done; 3186 goto done;
@@ -3228,21 +3228,21 @@ test_tlsext_keyshare_server(void)
3228 errx(1, "failed to create SSL"); 3228 errx(1, "failed to create SSL");
3229 3229
3230 (ssl)->version = 0; 3230 (ssl)->version = 0;
3231 if (tlsext_keyshare_server_needs(ssl)) { 3231 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3232 FAIL("server should not need keyshare\n"); 3232 FAIL("server should not need keyshare\n");
3233 failure = 1; 3233 failure = 1;
3234 goto done; 3234 goto done;
3235 } 3235 }
3236 3236
3237 (ssl)->version = TLS1_2_VERSION; 3237 (ssl)->version = TLS1_2_VERSION;
3238 if (tlsext_keyshare_server_needs(ssl)) { 3238 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3239 FAIL("server should not need keyshare\n"); 3239 FAIL("server should not need keyshare\n");
3240 failure = 1; 3240 failure = 1;
3241 goto done; 3241 goto done;
3242 } 3242 }
3243 3243
3244 ssl->version = TLS1_3_VERSION; 3244 ssl->version = TLS1_3_VERSION;
3245 if (tlsext_keyshare_server_needs(ssl)) { 3245 if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3246 FAIL("client should not need keyshare\n"); 3246 FAIL("client should not need keyshare\n");
3247 failure = 1; 3247 failure = 1;
3248 goto done; 3248 goto done;
@@ -3255,13 +3255,13 @@ test_tlsext_keyshare_server(void)
3255 } 3255 }
3256 S3I(ssl)->hs.extensions_seen |= (1 << idx); 3256 S3I(ssl)->hs.extensions_seen |= (1 << idx);
3257 3257
3258 if (!tlsext_keyshare_server_needs(ssl)) { 3258 if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3259 FAIL("server should need keyshare\n"); 3259 FAIL("server should need keyshare\n");
3260 failure = 1; 3260 failure = 1;
3261 goto done; 3261 goto done;
3262 } 3262 }
3263 3263
3264 if (tlsext_keyshare_server_build(ssl, &cbb)) { 3264 if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3265 FAIL("server should not have built a keyshare response\n"); 3265 FAIL("server should not have built a keyshare response\n");
3266 failure = 1; 3266 failure = 1;
3267 goto done; 3267 goto done;
@@ -3281,7 +3281,7 @@ test_tlsext_keyshare_server(void)
3281 goto done; 3281 goto done;
3282 } 3282 }
3283 3283
3284 if (!tlsext_keyshare_server_build(ssl, &cbb)) { 3284 if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3285 FAIL("server should be able to build a keyshare response\n"); 3285 FAIL("server should be able to build a keyshare response\n");
3286 failure = 1; 3286 failure = 1;
3287 goto done; 3287 goto done;
@@ -3308,7 +3308,7 @@ test_tlsext_keyshare_server(void)
3308 3308
3309 CBS_init(&cbs, data, dlen); 3309 CBS_init(&cbs, data, dlen);
3310 3310
3311 if (!tlsext_keyshare_client_parse(ssl, &cbs, &alert)) { 3311 if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3312 FAIL("failed to parse server keyshare\n"); 3312 FAIL("failed to parse server keyshare\n");
3313 failure = 1; 3313 failure = 1;
3314 goto done; 3314 goto done;
@@ -3358,14 +3358,14 @@ test_tlsext_cookie_client(void)
3358 errx(1, "failed to create SSL"); 3358 errx(1, "failed to create SSL");
3359 3359
3360 S3I(ssl)->hs_tls13.max_version = 0; 3360 S3I(ssl)->hs_tls13.max_version = 0;
3361 if (tlsext_cookie_client_needs(ssl)) { 3361 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3362 FAIL("client should not need cookie\n"); 3362 FAIL("client should not need cookie\n");
3363 failure = 1; 3363 failure = 1;
3364 goto done; 3364 goto done;
3365 } 3365 }
3366 3366
3367 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 3367 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3368 if (tlsext_cookie_client_needs(ssl)) { 3368 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3369 FAIL("client should not need cookie\n"); 3369 FAIL("client should not need cookie\n");
3370 failure = 1; 3370 failure = 1;
3371 goto done; 3371 goto done;
@@ -3373,7 +3373,7 @@ test_tlsext_cookie_client(void)
3373 3373
3374 3374
3375 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3375 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3376 if (tlsext_cookie_client_needs(ssl)) { 3376 if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3377 FAIL("client should not need cookie\n"); 3377 FAIL("client should not need cookie\n");
3378 failure = 1; 3378 failure = 1;
3379 goto done; 3379 goto done;
@@ -3383,13 +3383,13 @@ test_tlsext_cookie_client(void)
3383 S3I(ssl)->hs_tls13.cookie = strdup(cookie); 3383 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3384 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie); 3384 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3385 3385
3386 if (!tlsext_cookie_client_needs(ssl)) { 3386 if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) {
3387 FAIL("client should need cookie\n"); 3387 FAIL("client should need cookie\n");
3388 failure = 1; 3388 failure = 1;
3389 goto done; 3389 goto done;
3390 } 3390 }
3391 3391
3392 if (!tlsext_cookie_client_build(ssl, &cbb)) { 3392 if (!tlsext_cookie_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) {
3393 FAIL("client should have built a cookie response\n"); 3393 FAIL("client should have built a cookie response\n");
3394 failure = 1; 3394 failure = 1;
3395 goto done; 3395 goto done;
@@ -3412,7 +3412,7 @@ test_tlsext_cookie_client(void)
3412 CBS_init(&cbs, data, dlen); 3412 CBS_init(&cbs, data, dlen);
3413 3413
3414 /* Checks cookie against what's in the hs_tls13 */ 3414 /* Checks cookie against what's in the hs_tls13 */
3415 if (!tlsext_cookie_server_parse(ssl, &cbs, &alert)) { 3415 if (!tlsext_cookie_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) {
3416 FAIL("failed to parse client cookie\n"); 3416 FAIL("failed to parse client cookie\n");
3417 failure = 1; 3417 failure = 1;
3418 goto done; 3418 goto done;
@@ -3453,14 +3453,14 @@ test_tlsext_cookie_server(void)
3453 errx(1, "failed to create SSL"); 3453 errx(1, "failed to create SSL");
3454 3454
3455 S3I(ssl)->hs_tls13.max_version = 0; 3455 S3I(ssl)->hs_tls13.max_version = 0;
3456 if (tlsext_cookie_server_needs(ssl)) { 3456 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3457 FAIL("server should not need cookie\n"); 3457 FAIL("server should not need cookie\n");
3458 failure = 1; 3458 failure = 1;
3459 goto done; 3459 goto done;
3460 } 3460 }
3461 3461
3462 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION; 3462 S3I(ssl)->hs_tls13.max_version = TLS1_2_VERSION;
3463 if (tlsext_cookie_server_needs(ssl)) { 3463 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3464 FAIL("server should not need cookie\n"); 3464 FAIL("server should not need cookie\n");
3465 failure = 1; 3465 failure = 1;
3466 goto done; 3466 goto done;
@@ -3468,7 +3468,7 @@ test_tlsext_cookie_server(void)
3468 3468
3469 3469
3470 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION; 3470 S3I(ssl)->hs_tls13.max_version = TLS1_3_VERSION;
3471 if (tlsext_cookie_server_needs(ssl)) { 3471 if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3472 FAIL("server should not need cookie\n"); 3472 FAIL("server should not need cookie\n");
3473 failure = 1; 3473 failure = 1;
3474 goto done; 3474 goto done;
@@ -3478,13 +3478,13 @@ test_tlsext_cookie_server(void)
3478 S3I(ssl)->hs_tls13.cookie = strdup(cookie); 3478 S3I(ssl)->hs_tls13.cookie = strdup(cookie);
3479 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie); 3479 S3I(ssl)->hs_tls13.cookie_len = strlen(cookie);
3480 3480
3481 if (!tlsext_cookie_server_needs(ssl)) { 3481 if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) {
3482 FAIL("server should need cookie\n"); 3482 FAIL("server should need cookie\n");
3483 failure = 1; 3483 failure = 1;
3484 goto done; 3484 goto done;
3485 } 3485 }
3486 3486
3487 if (!tlsext_cookie_server_build(ssl, &cbb)) { 3487 if (!tlsext_cookie_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) {
3488 FAIL("server have built a cookie response\n"); 3488 FAIL("server have built a cookie response\n");
3489 failure = 1; 3489 failure = 1;
3490 goto done; 3490 goto done;
@@ -3506,7 +3506,7 @@ test_tlsext_cookie_server(void)
3506 3506
3507 CBS_init(&cbs, data, dlen); 3507 CBS_init(&cbs, data, dlen);
3508 3508
3509 if (tlsext_cookie_client_parse(ssl, &cbs, &alert)) { 3509 if (tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3510 FAIL("client should not have parsed server cookie\n"); 3510 FAIL("client should not have parsed server cookie\n");
3511 failure = 1; 3511 failure = 1;
3512 goto done; 3512 goto done;
@@ -3516,7 +3516,7 @@ test_tlsext_cookie_server(void)
3516 S3I(ssl)->hs_tls13.cookie = NULL; 3516 S3I(ssl)->hs_tls13.cookie = NULL;
3517 S3I(ssl)->hs_tls13.cookie_len = 0; 3517 S3I(ssl)->hs_tls13.cookie_len = 0;
3518 3518
3519 if (!tlsext_cookie_client_parse(ssl, &cbs, &alert)) { 3519 if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
3520 FAIL("failed to parse server cookie\n"); 3520 FAIL("failed to parse server cookie\n");
3521 failure = 1; 3521 failure = 1;
3522 goto done; 3522 goto done;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-20 21:25:36 +0000