summaryrefslogtreecommitdiff
path: root/src/regress/lib/libssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/regress/lib/libssl')
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c151
1 files changed, 108 insertions, 43 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 778fd07297..6c544cf6ae 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.83 2023/12/13 06:00:28 tb Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.84 2024/03/25 04:06:41 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -27,10 +27,17 @@
27#include "bytestring.h" 27#include "bytestring.h"
28#include "ssl_tlsext.h" 28#include "ssl_tlsext.h"
29 29
30struct tlsext_data {
31 CBS alpn;
32};
33
30struct tls_extension_funcs { 34struct tls_extension_funcs {
31 int (*needs)(SSL *s, uint16_t msg_type); 35 int (*needs)(SSL *s, uint16_t msg_type);
32 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); 36 int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
33 int (*parse)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); 37 int (*parse)(SSL *s, struct tlsext_data *td, uint16_t msg_type,
38 CBS *cbs, int *alert);
39 int (*process)(SSL *s, struct tlsext_data *td, uint16_t msg_type,
40 int *alert);
34}; 41};
35 42
36uint16_t tls_extension_type(const struct tls_extension *); 43uint16_t tls_extension_type(const struct tls_extension *);
@@ -58,6 +65,25 @@ tls_extension_funcs(int type, const struct tls_extension_funcs **client_funcs,
58 return 1; 65 return 1;
59} 66}
60 67
68static int
69tls_extension_parse(const struct tls_extension_funcs *tlsext_funcs, SSL *ssl,
70 uint16_t msg_type, CBS *cbs, int *alert)
71{
72 struct tlsext_data td;
73
74 memset(&td, 0, sizeof(td));
75
76 if (!tlsext_funcs->parse(ssl, &td, msg_type, cbs, alert))
77 return 0;
78
79 if (tlsext_funcs->process != NULL) {
80 if (!tlsext_funcs->process(ssl, &td, msg_type, alert))
81 return 0;
82 }
83
84 return 1;
85}
86
61static void 87static void
62hexdump(const unsigned char *buf, size_t len) 88hexdump(const unsigned char *buf, size_t len)
63{ 89{
@@ -238,7 +264,8 @@ test_tlsext_alpn_client(void)
238 264
239 CBS_init(&cbs, tlsext_alpn_single_proto, 265 CBS_init(&cbs, tlsext_alpn_single_proto,
240 sizeof(tlsext_alpn_single_proto)); 266 sizeof(tlsext_alpn_single_proto));
241 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 267 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
268 &cbs, &alert)) {
242 FAIL("failed to parse ALPN\n"); 269 FAIL("failed to parse ALPN\n");
243 goto err; 270 goto err;
244 } 271 }
@@ -305,7 +332,8 @@ test_tlsext_alpn_client(void)
305 332
306 CBS_init(&cbs, tlsext_alpn_multiple_protos, 333 CBS_init(&cbs, tlsext_alpn_multiple_protos,
307 sizeof(tlsext_alpn_multiple_protos)); 334 sizeof(tlsext_alpn_multiple_protos));
308 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 335 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
336 &cbs, &alert)) {
309 FAIL("failed to parse ALPN\n"); 337 FAIL("failed to parse ALPN\n");
310 goto err; 338 goto err;
311 } 339 }
@@ -442,7 +470,8 @@ test_tlsext_alpn_server(void)
442 sizeof(tlsext_alpn_single_proto)); 470 sizeof(tlsext_alpn_single_proto));
443 471
444 /* Shouldn't be able to parse without requesting */ 472 /* Shouldn't be able to parse without requesting */
445 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 473 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
474 &cbs, &alert)) {
446 FAIL("Should only parse server if we requested it\n"); 475 FAIL("Should only parse server if we requested it\n");
447 goto err; 476 goto err;
448 } 477 }
@@ -453,7 +482,8 @@ test_tlsext_alpn_server(void)
453 FAIL("should be able to set ALPN to http/1.1\n"); 482 FAIL("should be able to set ALPN to http/1.1\n");
454 goto err; 483 goto err;
455 } 484 }
456 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 485 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
486 &cbs, &alert)) {
457 FAIL("Should be able to parse server when we request it\n"); 487 FAIL("Should be able to parse server when we request it\n");
458 goto err; 488 goto err;
459 } 489 }
@@ -666,7 +696,8 @@ test_tlsext_supportedgroups_client(void)
666 696
667 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, 697 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
668 sizeof(tlsext_supportedgroups_client_secp384r1)); 698 sizeof(tlsext_supportedgroups_client_secp384r1));
669 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 699 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
700 &cbs, &alert)) {
670 FAIL("failed to parse client Ellipticcurves\n"); 701 FAIL("failed to parse client Ellipticcurves\n");
671 goto err; 702 goto err;
672 } 703 }
@@ -772,7 +803,8 @@ test_tlsext_supportedgroups_client(void)
772 803
773 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, 804 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
774 sizeof(tlsext_supportedgroups_client_nistp192and224)); 805 sizeof(tlsext_supportedgroups_client_nistp192and224));
775 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 806 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
807 &cbs, &alert)) {
776 FAIL("failed to parse client Ellipticcurves\n"); 808 FAIL("failed to parse client Ellipticcurves\n");
777 goto err; 809 goto err;
778 } 810 }
@@ -991,7 +1023,8 @@ test_tlsext_ecpf_client(void)
991 1023
992 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, 1024 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
993 sizeof(tlsext_ecpf_hello_uncompressed)); 1025 sizeof(tlsext_ecpf_hello_uncompressed));
994 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1026 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1027 &cbs, &alert)) {
995 FAIL("failed to parse client ECPointFormats\n"); 1028 FAIL("failed to parse client ECPointFormats\n");
996 goto err; 1029 goto err;
997 } 1030 }
@@ -1086,7 +1119,8 @@ test_tlsext_ecpf_client(void)
1086 1119
1087 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1120 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1088 sizeof(tlsext_ecpf_hello_prefer_order)); 1121 sizeof(tlsext_ecpf_hello_prefer_order));
1089 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1122 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1123 &cbs, &alert)) {
1090 FAIL("failed to parse client ECPointFormats\n"); 1124 FAIL("failed to parse client ECPointFormats\n");
1091 goto err; 1125 goto err;
1092 } 1126 }
@@ -1214,7 +1248,8 @@ test_tlsext_ecpf_server(void)
1214 1248
1215 CBS_init(&cbs, tlsext_ecpf_hello_prime, 1249 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1216 sizeof(tlsext_ecpf_hello_prime)); 1250 sizeof(tlsext_ecpf_hello_prime));
1217 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1251 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
1252 &cbs, &alert)) {
1218 FAIL("must include uncompressed in server ECPointFormats\n"); 1253 FAIL("must include uncompressed in server ECPointFormats\n");
1219 goto err; 1254 goto err;
1220 } 1255 }
@@ -1304,7 +1339,8 @@ test_tlsext_ecpf_server(void)
1304 1339
1305 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1340 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1306 sizeof(tlsext_ecpf_hello_prefer_order)); 1341 sizeof(tlsext_ecpf_hello_prefer_order));
1307 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1342 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
1343 &cbs, &alert)) {
1308 FAIL("failed to parse server ECPointFormats\n"); 1344 FAIL("failed to parse server ECPointFormats\n");
1309 goto err; 1345 goto err;
1310 } 1346 }
@@ -1439,7 +1475,8 @@ test_tlsext_ri_client(void)
1439 } 1475 }
1440 1476
1441 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1477 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1442 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1478 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1479 &cbs, &alert)) {
1443 FAIL("failed to parse client RI\n"); 1480 FAIL("failed to parse client RI\n");
1444 goto err; 1481 goto err;
1445 } 1482 }
@@ -1463,7 +1500,8 @@ test_tlsext_ri_client(void)
1463 ssl->s3->renegotiate_seen = 0; 1500 ssl->s3->renegotiate_seen = 0;
1464 1501
1465 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); 1502 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1466 if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1503 if (tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1504 &cbs, &alert)) {
1467 FAIL("parsed invalid client RI\n"); 1505 FAIL("parsed invalid client RI\n");
1468 goto err; 1506 goto err;
1469 } 1507 }
@@ -1559,7 +1597,8 @@ test_tlsext_ri_server(void)
1559 } 1597 }
1560 1598
1561 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1599 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1562 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1600 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
1601 &cbs, &alert)) {
1563 FAIL("failed to parse server RI\n"); 1602 FAIL("failed to parse server RI\n");
1564 goto err; 1603 goto err;
1565 } 1604 }
@@ -1585,7 +1624,8 @@ test_tlsext_ri_server(void)
1585 ssl->s3->renegotiate_seen = 0; 1624 ssl->s3->renegotiate_seen = 0;
1586 1625
1587 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); 1626 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1588 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1627 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
1628 &cbs, &alert)) {
1589 FAIL("parsed invalid server RI\n"); 1629 FAIL("parsed invalid server RI\n");
1590 goto err; 1630 goto err;
1591 } 1631 }
@@ -1682,7 +1722,8 @@ test_tlsext_sigalgs_client(void)
1682 } 1722 }
1683 1723
1684 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1724 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1685 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1725 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1726 &cbs, &alert)) {
1686 FAIL("failed to parse client SNI\n"); 1727 FAIL("failed to parse client SNI\n");
1687 goto done; 1728 goto done;
1688 } 1729 }
@@ -1745,7 +1786,8 @@ test_tlsext_sigalgs_server(void)
1745 errx(1, "failed to finish CBB"); 1786 errx(1, "failed to finish CBB");
1746 1787
1747 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); 1788 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1748 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 1789 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
1790 &cbs, &alert)) {
1749 FAIL("server should not parse sigalgs\n"); 1791 FAIL("server should not parse sigalgs\n");
1750 goto done; 1792 goto done;
1751 } 1793 }
@@ -1870,7 +1912,8 @@ test_tlsext_sni_client(void)
1870 ssl->hit = 0; 1912 ssl->hit = 0;
1871 1913
1872 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1914 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1873 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1915 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1916 &cbs, &alert)) {
1874 FAIL("failed to parse client SNI\n"); 1917 FAIL("failed to parse client SNI\n");
1875 goto err; 1918 goto err;
1876 } 1919 }
@@ -1902,7 +1945,8 @@ test_tlsext_sni_client(void)
1902 } 1945 }
1903 1946
1904 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); 1947 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1905 if (server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 1948 if (tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
1949 &cbs, &alert)) {
1906 FAIL("parsed client with mismatched SNI\n"); 1950 FAIL("parsed client with mismatched SNI\n");
1907 goto err; 1951 goto err;
1908 } 1952 }
@@ -1995,7 +2039,8 @@ test_tlsext_sni_server(void)
1995 ssl->session->tlsext_hostname = NULL; 2039 ssl->session->tlsext_hostname = NULL;
1996 2040
1997 CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len); 2041 CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len);
1998 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 2042 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
2043 &cbs, &alert)) {
1999 FAIL("failed to parse server SNI\n"); 2044 FAIL("failed to parse server SNI\n");
2000 goto err; 2045 goto err;
2001 } 2046 }
@@ -2129,8 +2174,8 @@ test_tlsext_quic_transport_parameters_client(void)
2129 2174
2130 CBS_init(&cbs, tlsext_quic_transport_data, 2175 CBS_init(&cbs, tlsext_quic_transport_data,
2131 sizeof(tlsext_quic_transport_data)); 2176 sizeof(tlsext_quic_transport_data));
2132 2177 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_SH,
2133 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 2178 &cbs, &alert)) {
2134 FAIL("server_parse of QUIC from server failed\n"); 2179 FAIL("server_parse of QUIC from server failed\n");
2135 goto err; 2180 goto err;
2136 } 2181 }
@@ -2253,14 +2298,16 @@ test_tlsext_quic_transport_parameters_server(void)
2253 2298
2254 ssl->quic_method = NULL; 2299 ssl->quic_method = NULL;
2255 2300
2256 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) { 2301 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_EE,
2302 &cbs, &alert)) {
2257 FAIL("QUIC parse should have failed!\n"); 2303 FAIL("QUIC parse should have failed!\n");
2258 goto err; 2304 goto err;
2259 } 2305 }
2260 2306
2261 ssl->quic_method = &quic_method; 2307 ssl->quic_method = &quic_method;
2262 2308
2263 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 2309 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
2310 &cbs, &alert)) {
2264 FAIL("client_parse of QUIC from server failed\n"); 2311 FAIL("client_parse of QUIC from server failed\n");
2265 goto err; 2312 goto err;
2266 } 2313 }
@@ -2365,7 +2412,8 @@ test_tlsext_ocsp_client(void)
2365 } 2412 }
2366 CBS_init(&cbs, tls_ocsp_client_default, 2413 CBS_init(&cbs, tls_ocsp_client_default,
2367 sizeof(tls_ocsp_client_default)); 2414 sizeof(tls_ocsp_client_default));
2368 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2415 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
2416 &cbs, &alert)) {
2369 FAIL("failed to parse TLSEXT_TYPE_status_request client\n"); 2417 FAIL("failed to parse TLSEXT_TYPE_status_request client\n");
2370 goto err; 2418 goto err;
2371 } 2419 }
@@ -2890,7 +2938,8 @@ test_tlsext_srtp_client(void)
2890 } 2938 }
2891 2939
2892 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2940 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2893 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 2941 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
2942 &cbs, &alert)) {
2894 FAIL("failed to parse SRTP\n"); 2943 FAIL("failed to parse SRTP\n");
2895 goto err; 2944 goto err;
2896 } 2945 }
@@ -2958,7 +3007,8 @@ test_tlsext_srtp_client(void)
2958 3007
2959 CBS_init(&cbs, tlsext_srtp_multiple, 3008 CBS_init(&cbs, tlsext_srtp_multiple,
2960 sizeof(tlsext_srtp_multiple)); 3009 sizeof(tlsext_srtp_multiple));
2961 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3010 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
3011 &cbs, &alert)) {
2962 FAIL("failed to parse SRTP\n"); 3012 FAIL("failed to parse SRTP\n");
2963 goto err; 3013 goto err;
2964 } 3014 }
@@ -2989,7 +3039,8 @@ test_tlsext_srtp_client(void)
2989 3039
2990 CBS_init(&cbs, tlsext_srtp_multiple_one_valid, 3040 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2991 sizeof(tlsext_srtp_multiple_one_valid)); 3041 sizeof(tlsext_srtp_multiple_one_valid));
2992 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3042 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
3043 &cbs, &alert)) {
2993 FAIL("failed to parse SRTP\n"); 3044 FAIL("failed to parse SRTP\n");
2994 goto err; 3045 goto err;
2995 } 3046 }
@@ -3018,7 +3069,8 @@ test_tlsext_srtp_client(void)
3018 3069
3019 CBS_init(&cbs, tlsext_srtp_multiple_invalid, 3070 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
3020 sizeof(tlsext_srtp_multiple_invalid)); 3071 sizeof(tlsext_srtp_multiple_invalid));
3021 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3072 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
3073 &cbs, &alert)) {
3022 FAIL("should be able to fall back to negotiated\n"); 3074 FAIL("should be able to fall back to negotiated\n");
3023 goto err; 3075 goto err;
3024 } 3076 }
@@ -3139,7 +3191,8 @@ test_tlsext_srtp_server(void)
3139 } 3191 }
3140 3192
3141 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 3193 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
3142 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3194 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
3195 &cbs, &alert)) {
3143 FAIL("failed to parse SRTP\n"); 3196 FAIL("failed to parse SRTP\n");
3144 goto err; 3197 goto err;
3145 } 3198 }
@@ -3162,7 +3215,8 @@ test_tlsext_srtp_server(void)
3162 3215
3163 CBS_init(&cbs, tlsext_srtp_multiple, 3216 CBS_init(&cbs, tlsext_srtp_multiple,
3164 sizeof(tlsext_srtp_multiple)); 3217 sizeof(tlsext_srtp_multiple));
3165 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3218 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
3219 &cbs, &alert)) {
3166 FAIL("should not find multiple entries from the server\n"); 3220 FAIL("should not find multiple entries from the server\n");
3167 goto err; 3221 goto err;
3168 } 3222 }
@@ -3172,7 +3226,8 @@ test_tlsext_srtp_server(void)
3172 3226
3173 CBS_init(&cbs, tlsext_srtp_single_invalid, 3227 CBS_init(&cbs, tlsext_srtp_single_invalid,
3174 sizeof(tlsext_srtp_single_invalid)); 3228 sizeof(tlsext_srtp_single_invalid));
3175 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3229 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
3230 &cbs, &alert)) {
3176 FAIL("should not be able to parse this\n"); 3231 FAIL("should not be able to parse this\n");
3177 goto err; 3232 goto err;
3178 } 3233 }
@@ -3524,7 +3579,8 @@ test_tlsext_versions_client(void)
3524 } 3579 }
3525 3580
3526 CBS_init(&cbs, data, dlen); 3581 CBS_init(&cbs, data, dlen);
3527 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3582 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
3583 &cbs, &alert)) {
3528 FAIL("failed to parse client versions\n"); 3584 FAIL("failed to parse client versions\n");
3529 goto done; 3585 goto done;
3530 } 3586 }
@@ -3603,7 +3659,8 @@ test_tlsext_versions_server(void)
3603 } 3659 }
3604 3660
3605 CBS_init(&cbs, data, dlen); 3661 CBS_init(&cbs, data, dlen);
3606 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3662 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
3663 &cbs, &alert)) {
3607 FAIL("failed to parse client versions\n"); 3664 FAIL("failed to parse client versions\n");
3608 goto done; 3665 goto done;
3609 } 3666 }
@@ -3705,7 +3762,8 @@ test_tlsext_keyshare_client(void)
3705 (ssl)->version = TLS1_3_VERSION; 3762 (ssl)->version = TLS1_3_VERSION;
3706 CBS_init(&cbs, data, dlen); 3763 CBS_init(&cbs, data, dlen);
3707 3764
3708 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 3765 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
3766 &cbs, &alert)) {
3709 FAIL("failed to parse client keyshare\n"); 3767 FAIL("failed to parse client keyshare\n");
3710 goto done; 3768 goto done;
3711 } 3769 }
@@ -3839,7 +3897,8 @@ test_tlsext_keyshare_server(void)
3839 3897
3840 CBS_init(&cbs, data, dlen); 3898 CBS_init(&cbs, data, dlen);
3841 3899
3842 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 3900 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
3901 &cbs, &alert)) {
3843 FAIL("failed to parse server keyshare\n"); 3902 FAIL("failed to parse server keyshare\n");
3844 goto done; 3903 goto done;
3845 } 3904 }
@@ -3939,7 +3998,8 @@ test_tlsext_cookie_client(void)
3939 CBS_init(&cbs, data, dlen); 3998 CBS_init(&cbs, data, dlen);
3940 3999
3941 /* Checks cookie against what's in the hs.tls13 */ 4000 /* Checks cookie against what's in the hs.tls13 */
3942 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 4001 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
4002 &cbs, &alert)) {
3943 FAIL("failed to parse client cookie\n"); 4003 FAIL("failed to parse client cookie\n");
3944 goto done; 4004 goto done;
3945 } 4005 }
@@ -4028,7 +4088,8 @@ test_tlsext_cookie_server(void)
4028 4088
4029 CBS_init(&cbs, data, dlen); 4089 CBS_init(&cbs, data, dlen);
4030 4090
4031 if (client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 4091 if (tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
4092 &cbs, &alert)) {
4032 FAIL("client should not have parsed server cookie\n"); 4093 FAIL("client should not have parsed server cookie\n");
4033 goto done; 4094 goto done;
4034 } 4095 }
@@ -4037,7 +4098,8 @@ test_tlsext_cookie_server(void)
4037 ssl->s3->hs.tls13.cookie = NULL; 4098 ssl->s3->hs.tls13.cookie = NULL;
4038 ssl->s3->hs.tls13.cookie_len = 0; 4099 ssl->s3->hs.tls13.cookie_len = 0;
4039 4100
4040 if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { 4101 if (!tls_extension_parse(client_funcs, ssl, SSL_TLSEXT_MSG_SH,
4102 &cbs, &alert)) {
4041 FAIL("failed to parse server cookie\n"); 4103 FAIL("failed to parse server cookie\n");
4042 goto done; 4104 goto done;
4043 } 4105 }
@@ -4178,7 +4240,8 @@ test_tlsext_psk_modes_client(void)
4178 4240
4179 CBS_init(&cbs, tlsext_default_psk_modes, 4241 CBS_init(&cbs, tlsext_default_psk_modes,
4180 sizeof(tlsext_default_psk_modes)); 4242 sizeof(tlsext_default_psk_modes));
4181 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 4243 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
4244 &cbs, &alert)) {
4182 FAIL("failed to parse psk kex modes\n"); 4245 FAIL("failed to parse psk kex modes\n");
4183 goto err; 4246 goto err;
4184 } 4247 }
@@ -4200,7 +4263,8 @@ test_tlsext_psk_modes_client(void)
4200 ssl->s3->hs.tls13.use_psk_dhe_ke = 0; 4263 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4201 4264
4202 CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode)); 4265 CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode));
4203 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 4266 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
4267 &cbs, &alert)) {
4204 FAIL("failed to parse psk kex modes\n"); 4268 FAIL("failed to parse psk kex modes\n");
4205 goto err; 4269 goto err;
4206 } 4270 }
@@ -4222,7 +4286,8 @@ test_tlsext_psk_modes_client(void)
4222 ssl->s3->hs.tls13.use_psk_dhe_ke = 0; 4286 ssl->s3->hs.tls13.use_psk_dhe_ke = 0;
4223 4287
4224 CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes)); 4288 CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes));
4225 if (!server_funcs->parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { 4289 if (!tls_extension_parse(server_funcs, ssl, SSL_TLSEXT_MSG_CH,
4290 &cbs, &alert)) {
4226 FAIL("failed to parse psk kex modes\n"); 4291 FAIL("failed to parse psk kex modes\n");
4227 goto err; 4292 goto err;
4228 } 4293 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 16:23:45 +0000