summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/tlsext/tlsexttest.c751
-rw-r--r--src/regress/lib/libssl/unit/tls_ext_alpn.c6
2 files changed, 378 insertions, 379 deletions
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 4953c7bf24..04403118af 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tlsexttest.c,v 1.20 2018/11/10 08:10:31 beck Exp $ */ 1/* $OpenBSD: tlsexttest.c,v 1.21 2019/01/18 00:55:15 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> 4 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -119,7 +119,7 @@ const uint8_t tlsext_alpn_single_proto[] = {
119}; 119};
120 120
121static int 121static int
122test_tlsext_alpn_clienthello(void) 122test_tlsext_alpn_client(void)
123{ 123{
124 SSL_CTX *ssl_ctx = NULL; 124 SSL_CTX *ssl_ctx = NULL;
125 SSL *ssl = NULL; 125 SSL *ssl = NULL;
@@ -139,8 +139,8 @@ test_tlsext_alpn_clienthello(void)
139 errx(1, "failed to create SSL"); 139 errx(1, "failed to create SSL");
140 140
141 /* By default, we don't need this */ 141 /* By default, we don't need this */
142 if (tlsext_alpn_clienthello_needs(ssl)) { 142 if (tlsext_alpn_client_needs(ssl)) {
143 FAIL("clienthello should not need ALPN by default"); 143 FAIL("client should not need ALPN by default");
144 goto err; 144 goto err;
145 } 145 }
146 146
@@ -156,22 +156,22 @@ test_tlsext_alpn_clienthello(void)
156 FAIL("should be able to set ALPN to http/1.1"); 156 FAIL("should be able to set ALPN to http/1.1");
157 goto err; 157 goto err;
158 } 158 }
159 if (!tlsext_alpn_clienthello_needs(ssl)) { 159 if (!tlsext_alpn_client_needs(ssl)) {
160 FAIL("clienthello should need ALPN by now"); 160 FAIL("client should need ALPN by now");
161 goto err; 161 goto err;
162 } 162 }
163 163
164 /* Make sure we can build the clienthello with a single proto. */ 164 /* Make sure we can build the client with a single proto. */
165 165
166 if (!tlsext_alpn_clienthello_build(ssl, &cbb)) { 166 if (!tlsext_alpn_client_build(ssl, &cbb)) {
167 FAIL("clienthello failed to build ALPN\n"); 167 FAIL("client failed to build ALPN\n");
168 goto err; 168 goto err;
169 } 169 }
170 if (!CBB_finish(&cbb, &data, &dlen)) 170 if (!CBB_finish(&cbb, &data, &dlen))
171 errx(1, "failed to finish CBB"); 171 errx(1, "failed to finish CBB");
172 172
173 if (dlen != sizeof(tlsext_alpn_single_proto)) { 173 if (dlen != sizeof(tlsext_alpn_single_proto)) {
174 FAIL("got clienthello ALPN with length %zu, " 174 FAIL("got client ALPN with length %zu, "
175 "want length %zu\n", dlen, 175 "want length %zu\n", dlen,
176 sizeof(tlsext_alpn_single_proto)); 176 sizeof(tlsext_alpn_single_proto));
177 compare_data(data, dlen, tlsext_alpn_single_proto, 177 compare_data(data, dlen, tlsext_alpn_single_proto,
@@ -179,7 +179,7 @@ test_tlsext_alpn_clienthello(void)
179 goto err; 179 goto err;
180 } 180 }
181 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { 181 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
182 FAIL("clienthello ALPN differs:\n"); 182 FAIL("client ALPN differs:\n");
183 compare_data(data, dlen, tlsext_alpn_single_proto, 183 compare_data(data, dlen, tlsext_alpn_single_proto,
184 sizeof(tlsext_alpn_single_proto)); 184 sizeof(tlsext_alpn_single_proto));
185 goto err; 185 goto err;
@@ -194,7 +194,7 @@ test_tlsext_alpn_clienthello(void)
194 194
195 CBS_init(&cbs, tlsext_alpn_single_proto, 195 CBS_init(&cbs, tlsext_alpn_single_proto,
196 sizeof(tlsext_alpn_single_proto)); 196 sizeof(tlsext_alpn_single_proto));
197 if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) { 197 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
198 FAIL("failed to parse ALPN"); 198 FAIL("failed to parse ALPN");
199 goto err; 199 goto err;
200 } 200 }
@@ -205,7 +205,7 @@ test_tlsext_alpn_clienthello(void)
205 205
206 if (ssl->internal->alpn_client_proto_list_len != 206 if (ssl->internal->alpn_client_proto_list_len !=
207 sizeof(tlsext_alpn_single_proto_val)) { 207 sizeof(tlsext_alpn_single_proto_val)) {
208 FAIL("got clienthello ALPN with length %zu, " 208 FAIL("got client ALPN with length %zu, "
209 "want length %zu\n", dlen, 209 "want length %zu\n", dlen,
210 sizeof(tlsext_alpn_single_proto_val)); 210 sizeof(tlsext_alpn_single_proto_val));
211 compare_data(ssl->internal->alpn_client_proto_list, 211 compare_data(ssl->internal->alpn_client_proto_list,
@@ -217,7 +217,7 @@ test_tlsext_alpn_clienthello(void)
217 if (memcmp(ssl->internal->alpn_client_proto_list, 217 if (memcmp(ssl->internal->alpn_client_proto_list,
218 tlsext_alpn_single_proto_val, 218 tlsext_alpn_single_proto_val,
219 sizeof(tlsext_alpn_single_proto_val)) != 0) { 219 sizeof(tlsext_alpn_single_proto_val)) != 0) {
220 FAIL("clienthello ALPN differs:\n"); 220 FAIL("client ALPN differs:\n");
221 compare_data(data, dlen, tlsext_alpn_single_proto_val, 221 compare_data(data, dlen, tlsext_alpn_single_proto_val,
222 sizeof(tlsext_alpn_single_proto_val)); 222 sizeof(tlsext_alpn_single_proto_val));
223 goto err; 223 goto err;
@@ -230,20 +230,20 @@ test_tlsext_alpn_clienthello(void)
230 FAIL("should be able to set ALPN to http/1.1"); 230 FAIL("should be able to set ALPN to http/1.1");
231 goto err; 231 goto err;
232 } 232 }
233 if (!tlsext_alpn_clienthello_needs(ssl)) { 233 if (!tlsext_alpn_client_needs(ssl)) {
234 FAIL("clienthello should need ALPN by now"); 234 FAIL("client should need ALPN by now");
235 goto err; 235 goto err;
236 } 236 }
237 237
238 if (!tlsext_alpn_clienthello_build(ssl, &cbb)) { 238 if (!tlsext_alpn_client_build(ssl, &cbb)) {
239 FAIL("clienthello failed to build ALPN\n"); 239 FAIL("client failed to build ALPN\n");
240 goto err; 240 goto err;
241 } 241 }
242 if (!CBB_finish(&cbb, &data, &dlen)) 242 if (!CBB_finish(&cbb, &data, &dlen))
243 errx(1, "failed to finish CBB"); 243 errx(1, "failed to finish CBB");
244 244
245 if (dlen != sizeof(tlsext_alpn_multiple_protos)) { 245 if (dlen != sizeof(tlsext_alpn_multiple_protos)) {
246 FAIL("got clienthello ALPN with length %zu, " 246 FAIL("got client ALPN with length %zu, "
247 "want length %zu\n", dlen, 247 "want length %zu\n", dlen,
248 sizeof(tlsext_alpn_multiple_protos)); 248 sizeof(tlsext_alpn_multiple_protos));
249 compare_data(data, dlen, tlsext_alpn_multiple_protos, 249 compare_data(data, dlen, tlsext_alpn_multiple_protos,
@@ -251,7 +251,7 @@ test_tlsext_alpn_clienthello(void)
251 goto err; 251 goto err;
252 } 252 }
253 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) { 253 if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) {
254 FAIL("clienthello ALPN differs:\n"); 254 FAIL("client ALPN differs:\n");
255 compare_data(data, dlen, tlsext_alpn_multiple_protos, 255 compare_data(data, dlen, tlsext_alpn_multiple_protos,
256 sizeof(tlsext_alpn_multiple_protos)); 256 sizeof(tlsext_alpn_multiple_protos));
257 goto err; 257 goto err;
@@ -261,7 +261,7 @@ test_tlsext_alpn_clienthello(void)
261 261
262 CBS_init(&cbs, tlsext_alpn_multiple_protos, 262 CBS_init(&cbs, tlsext_alpn_multiple_protos,
263 sizeof(tlsext_alpn_multiple_protos)); 263 sizeof(tlsext_alpn_multiple_protos));
264 if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) { 264 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
265 FAIL("failed to parse ALPN"); 265 FAIL("failed to parse ALPN");
266 goto err; 266 goto err;
267 } 267 }
@@ -272,7 +272,7 @@ test_tlsext_alpn_clienthello(void)
272 272
273 if (ssl->internal->alpn_client_proto_list_len != 273 if (ssl->internal->alpn_client_proto_list_len !=
274 sizeof(tlsext_alpn_multiple_protos_val)) { 274 sizeof(tlsext_alpn_multiple_protos_val)) {
275 FAIL("got clienthello ALPN with length %zu, " 275 FAIL("got client ALPN with length %zu, "
276 "want length %zu\n", dlen, 276 "want length %zu\n", dlen,
277 sizeof(tlsext_alpn_multiple_protos_val)); 277 sizeof(tlsext_alpn_multiple_protos_val));
278 compare_data(ssl->internal->alpn_client_proto_list, 278 compare_data(ssl->internal->alpn_client_proto_list,
@@ -284,7 +284,7 @@ test_tlsext_alpn_clienthello(void)
284 if (memcmp(ssl->internal->alpn_client_proto_list, 284 if (memcmp(ssl->internal->alpn_client_proto_list,
285 tlsext_alpn_multiple_protos_val, 285 tlsext_alpn_multiple_protos_val,
286 sizeof(tlsext_alpn_multiple_protos_val)) != 0) { 286 sizeof(tlsext_alpn_multiple_protos_val)) != 0) {
287 FAIL("clienthello ALPN differs:\n"); 287 FAIL("client ALPN differs:\n");
288 compare_data(data, dlen, tlsext_alpn_multiple_protos_val, 288 compare_data(data, dlen, tlsext_alpn_multiple_protos_val,
289 sizeof(tlsext_alpn_multiple_protos_val)); 289 sizeof(tlsext_alpn_multiple_protos_val));
290 goto err; 290 goto err;
@@ -296,8 +296,8 @@ test_tlsext_alpn_clienthello(void)
296 ssl->internal->alpn_client_proto_list = NULL; 296 ssl->internal->alpn_client_proto_list = NULL;
297 ssl->internal->alpn_client_proto_list_len = 0; 297 ssl->internal->alpn_client_proto_list_len = 0;
298 298
299 if (tlsext_alpn_clienthello_needs(ssl)) { 299 if (tlsext_alpn_client_needs(ssl)) {
300 FAIL("clienthello should need ALPN by default"); 300 FAIL("client should need ALPN by default");
301 goto err; 301 goto err;
302 } 302 }
303 303
@@ -313,7 +313,7 @@ test_tlsext_alpn_clienthello(void)
313} 313}
314 314
315static int 315static int
316test_tlsext_alpn_serverhello(void) 316test_tlsext_alpn_server(void)
317{ 317{
318 SSL_CTX *ssl_ctx = NULL; 318 SSL_CTX *ssl_ctx = NULL;
319 SSL *ssl = NULL; 319 SSL *ssl = NULL;
@@ -333,8 +333,8 @@ test_tlsext_alpn_serverhello(void)
333 errx(1, "failed to create SSL"); 333 errx(1, "failed to create SSL");
334 334
335 /* By default, ALPN isn't needed. */ 335 /* By default, ALPN isn't needed. */
336 if (tlsext_alpn_serverhello_needs(ssl)) { 336 if (tlsext_alpn_server_needs(ssl)) {
337 FAIL("serverhello should not need ALPN by default\n"); 337 FAIL("server should not need ALPN by default\n");
338 goto err; 338 goto err;
339 } 339 }
340 340
@@ -351,22 +351,22 @@ test_tlsext_alpn_serverhello(void)
351 sizeof(tlsext_alpn_single_proto_name)); 351 sizeof(tlsext_alpn_single_proto_name));
352 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); 352 S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name);
353 353
354 if (!tlsext_alpn_serverhello_needs(ssl)) { 354 if (!tlsext_alpn_server_needs(ssl)) {
355 FAIL("serverhello should need ALPN after a protocol is selected\n"); 355 FAIL("server should need ALPN after a protocol is selected\n");
356 goto err; 356 goto err;
357 } 357 }
358 358
359 /* Make sure we can build a serverhello with one protocol */ 359 /* Make sure we can build a server with one protocol */
360 360
361 if (!tlsext_alpn_serverhello_build(ssl, &cbb)) { 361 if (!tlsext_alpn_server_build(ssl, &cbb)) {
362 FAIL("serverhello should be able to build a response"); 362 FAIL("server should be able to build a response");
363 goto err; 363 goto err;
364 } 364 }
365 if (!CBB_finish(&cbb, &data, &dlen)) 365 if (!CBB_finish(&cbb, &data, &dlen))
366 errx(1, "failed to finish CBB"); 366 errx(1, "failed to finish CBB");
367 367
368 if (dlen != sizeof(tlsext_alpn_single_proto)) { 368 if (dlen != sizeof(tlsext_alpn_single_proto)) {
369 FAIL("got clienthello ALPN with length %zu, " 369 FAIL("got client ALPN with length %zu, "
370 "want length %zu\n", dlen, 370 "want length %zu\n", dlen,
371 sizeof(tlsext_alpn_single_proto)); 371 sizeof(tlsext_alpn_single_proto));
372 compare_data(data, dlen, tlsext_alpn_single_proto, 372 compare_data(data, dlen, tlsext_alpn_single_proto,
@@ -374,7 +374,7 @@ test_tlsext_alpn_serverhello(void)
374 goto err; 374 goto err;
375 } 375 }
376 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { 376 if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) {
377 FAIL("clienthello ALPN differs:\n"); 377 FAIL("client ALPN differs:\n");
378 compare_data(data, dlen, tlsext_alpn_single_proto, 378 compare_data(data, dlen, tlsext_alpn_single_proto,
379 sizeof(tlsext_alpn_single_proto)); 379 sizeof(tlsext_alpn_single_proto));
380 goto err; 380 goto err;
@@ -391,8 +391,8 @@ test_tlsext_alpn_serverhello(void)
391 sizeof(tlsext_alpn_single_proto)); 391 sizeof(tlsext_alpn_single_proto));
392 392
393 /* Shouldn't be able to parse without requesting */ 393 /* Shouldn't be able to parse without requesting */
394 if (tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) { 394 if (tlsext_alpn_client_parse(ssl, &cbs, &alert)) {
395 FAIL("Should only parse serverhello if we requested it"); 395 FAIL("Should only parse server if we requested it");
396 goto err; 396 goto err;
397 } 397 }
398 398
@@ -402,8 +402,8 @@ test_tlsext_alpn_serverhello(void)
402 FAIL("should be able to set ALPN to http/1.1"); 402 FAIL("should be able to set ALPN to http/1.1");
403 goto err; 403 goto err;
404 } 404 }
405 if (!tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) { 405 if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) {
406 FAIL("Should be able to parse serverhello when we request it"); 406 FAIL("Should be able to parse server when we request it");
407 goto err; 407 goto err;
408 } 408 }
409 if (CBS_len(&cbs) != 0) { 409 if (CBS_len(&cbs) != 0) {
@@ -413,7 +413,7 @@ test_tlsext_alpn_serverhello(void)
413 413
414 if (S3I(ssl)->alpn_selected_len != 414 if (S3I(ssl)->alpn_selected_len !=
415 sizeof(tlsext_alpn_single_proto_name)) { 415 sizeof(tlsext_alpn_single_proto_name)) {
416 FAIL("got serverhello ALPN with length %zu, " 416 FAIL("got server ALPN with length %zu, "
417 "want length %zu\n", dlen, 417 "want length %zu\n", dlen,
418 sizeof(tlsext_alpn_single_proto_name)); 418 sizeof(tlsext_alpn_single_proto_name));
419 compare_data(S3I(ssl)->alpn_selected, 419 compare_data(S3I(ssl)->alpn_selected,
@@ -425,7 +425,7 @@ test_tlsext_alpn_serverhello(void)
425 if (memcmp(S3I(ssl)->alpn_selected, 425 if (memcmp(S3I(ssl)->alpn_selected,
426 tlsext_alpn_single_proto_name, 426 tlsext_alpn_single_proto_name,
427 sizeof(tlsext_alpn_single_proto_name)) != 0) { 427 sizeof(tlsext_alpn_single_proto_name)) != 0) {
428 FAIL("serverhello ALPN differs:\n"); 428 FAIL("server ALPN differs:\n");
429 compare_data(S3I(ssl)->alpn_selected, 429 compare_data(S3I(ssl)->alpn_selected,
430 S3I(ssl)->alpn_selected_len, 430 S3I(ssl)->alpn_selected_len,
431 tlsext_alpn_single_proto_name, 431 tlsext_alpn_single_proto_name,
@@ -434,7 +434,7 @@ test_tlsext_alpn_serverhello(void)
434 } 434 }
435 435
436 /* 436 /*
437 * We should NOT be able to build a serverhello with multiple 437 * We should NOT be able to build a server with multiple
438 * protocol names. However, the existing code did not check for this 438 * protocol names. However, the existing code did not check for this
439 * case because it is passed in as an encoded value. 439 * case because it is passed in as an encoded value.
440 */ 440 */
@@ -445,8 +445,8 @@ test_tlsext_alpn_serverhello(void)
445 S3I(ssl)->alpn_selected = NULL; 445 S3I(ssl)->alpn_selected = NULL;
446 S3I(ssl)->alpn_selected_len = 0; 446 S3I(ssl)->alpn_selected_len = 0;
447 447
448 if (tlsext_alpn_serverhello_needs(ssl)) { 448 if (tlsext_alpn_server_needs(ssl)) {
449 FAIL("serverhello should need ALPN by default"); 449 FAIL("server should need ALPN by default");
450 goto err; 450 goto err;
451 } 451 }
452 452
@@ -468,34 +468,34 @@ test_tlsext_alpn_serverhello(void)
468 * This extension is only used by the client. 468 * This extension is only used by the client.
469 */ 469 */
470 470
471static uint8_t tlsext_supportedgroups_clienthello_default[] = { 471static uint8_t tlsext_supportedgroups_client_default[] = {
472 0x00, 0x06, 472 0x00, 0x06,
473 0x00, 0x1d, /* X25519 (29) */ 473 0x00, 0x1d, /* X25519 (29) */
474 0x00, 0x17, /* secp256r1 (23) */ 474 0x00, 0x17, /* secp256r1 (23) */
475 0x00, 0x18 /* secp384r1 (24) */ 475 0x00, 0x18 /* secp384r1 (24) */
476}; 476};
477 477
478static uint16_t tlsext_supportedgroups_clienthello_secp384r1_val[] = { 478static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = {
479 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */ 479 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */
480}; 480};
481static uint8_t tlsext_supportedgroups_clienthello_secp384r1[] = { 481static uint8_t tlsext_supportedgroups_client_secp384r1[] = {
482 0x00, 0x02, 482 0x00, 0x02,
483 0x00, 0x18 /* secp384r1 (24) */ 483 0x00, 0x18 /* secp384r1 (24) */
484}; 484};
485 485
486/* Example from RFC 4492 section 5.1.1 */ 486/* Example from RFC 4492 section 5.1.1 */
487static uint16_t tlsext_supportedgroups_clienthello_nistp192and224_val[] = { 487static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = {
488 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */ 488 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */
489 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */ 489 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */
490}; 490};
491static uint8_t tlsext_supportedgroups_clienthello_nistp192and224[] = { 491static uint8_t tlsext_supportedgroups_client_nistp192and224[] = {
492 0x00, 0x04, 492 0x00, 0x04,
493 0x00, 0x13, /* secp192r1 aka NIST P-192 */ 493 0x00, 0x13, /* secp192r1 aka NIST P-192 */
494 0x00, 0x15 /* secp224r1 aka NIST P-224 */ 494 0x00, 0x15 /* secp224r1 aka NIST P-224 */
495}; 495};
496 496
497static int 497static int
498test_tlsext_supportedgroups_clienthello(void) 498test_tlsext_supportedgroups_client(void)
499{ 499{
500 unsigned char *data = NULL; 500 unsigned char *data = NULL;
501 SSL_CTX *ssl_ctx = NULL; 501 SSL_CTX *ssl_ctx = NULL;
@@ -518,8 +518,8 @@ test_tlsext_supportedgroups_clienthello(void)
518 /* 518 /*
519 * Default ciphers include EC so we need it by default. 519 * Default ciphers include EC so we need it by default.
520 */ 520 */
521 if (!tlsext_supportedgroups_clienthello_needs(ssl)) { 521 if (!tlsext_supportedgroups_client_needs(ssl)) {
522 FAIL("clienthello should need Ellipticcurves for default " 522 FAIL("client should need Ellipticcurves for default "
523 "ciphers\n"); 523 "ciphers\n");
524 goto err; 524 goto err;
525 } 525 }
@@ -528,11 +528,11 @@ test_tlsext_supportedgroups_clienthello(void)
528 * Exclude cipher suites so we can test not including it. 528 * Exclude cipher suites so we can test not including it.
529 */ 529 */
530 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { 530 if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) {
531 FAIL("clienthello should be able to set cipher list\n"); 531 FAIL("client should be able to set cipher list\n");
532 goto err; 532 goto err;
533 } 533 }
534 if (tlsext_supportedgroups_clienthello_needs(ssl)) { 534 if (tlsext_supportedgroups_client_needs(ssl)) {
535 FAIL("clienthello should not need Ellipticcurves\n"); 535 FAIL("client should not need Ellipticcurves\n");
536 goto err; 536 goto err;
537 } 537 }
538 538
@@ -540,11 +540,11 @@ test_tlsext_supportedgroups_clienthello(void)
540 * Use libtls default for the rest of the testing 540 * Use libtls default for the rest of the testing
541 */ 541 */
542 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 542 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
543 FAIL("clienthello should be able to set cipher list\n"); 543 FAIL("client should be able to set cipher list\n");
544 goto err; 544 goto err;
545 } 545 }
546 if (!tlsext_supportedgroups_clienthello_needs(ssl)) { 546 if (!tlsext_supportedgroups_client_needs(ssl)) {
547 FAIL("clienthello should need Ellipticcurves\n"); 547 FAIL("client should need Ellipticcurves\n");
548 goto err; 548 goto err;
549 } 549 }
550 550
@@ -562,32 +562,32 @@ test_tlsext_supportedgroups_clienthello(void)
562 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1); 562 SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1);
563 SSI(ssl)->tlsext_supportedgroups_length = 1; 563 SSI(ssl)->tlsext_supportedgroups_length = 1;
564 564
565 if (!tlsext_supportedgroups_clienthello_needs(ssl)) { 565 if (!tlsext_supportedgroups_client_needs(ssl)) {
566 FAIL("clienthello should need Ellipticcurves\n"); 566 FAIL("client should need Ellipticcurves\n");
567 goto err; 567 goto err;
568 } 568 }
569 569
570 if (!tlsext_supportedgroups_clienthello_build(ssl, &cbb)) { 570 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) {
571 FAIL("clienthello failed to build Ellipticcurves\n"); 571 FAIL("client failed to build Ellipticcurves\n");
572 goto err; 572 goto err;
573 } 573 }
574 574
575 if (!CBB_finish(&cbb, &data, &dlen)) 575 if (!CBB_finish(&cbb, &data, &dlen))
576 errx(1, "failed to finish CBB"); 576 errx(1, "failed to finish CBB");
577 577
578 if (dlen != sizeof(tlsext_supportedgroups_clienthello_default)) { 578 if (dlen != sizeof(tlsext_supportedgroups_client_default)) {
579 FAIL("got clienthello Ellipticcurves with length %zu, " 579 FAIL("got client Ellipticcurves with length %zu, "
580 "want length %zu\n", dlen, 580 "want length %zu\n", dlen,
581 sizeof(tlsext_supportedgroups_clienthello_default)); 581 sizeof(tlsext_supportedgroups_client_default));
582 compare_data(data, dlen, tlsext_supportedgroups_clienthello_default, 582 compare_data(data, dlen, tlsext_supportedgroups_client_default,
583 sizeof(tlsext_supportedgroups_clienthello_default)); 583 sizeof(tlsext_supportedgroups_client_default));
584 goto err; 584 goto err;
585 } 585 }
586 586
587 if (memcmp(data, tlsext_supportedgroups_clienthello_default, dlen) != 0) { 587 if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) {
588 FAIL("clienthello Ellipticcurves differs:\n"); 588 FAIL("client Ellipticcurves differs:\n");
589 compare_data(data, dlen, tlsext_supportedgroups_clienthello_default, 589 compare_data(data, dlen, tlsext_supportedgroups_client_default,
590 sizeof(tlsext_supportedgroups_clienthello_default)); 590 sizeof(tlsext_supportedgroups_client_default));
591 goto err; 591 goto err;
592 } 592 }
593 593
@@ -603,10 +603,10 @@ test_tlsext_supportedgroups_clienthello(void)
603 if ((ssl->session = SSL_SESSION_new()) == NULL) 603 if ((ssl->session = SSL_SESSION_new()) == NULL)
604 errx(1, "failed to create session"); 604 errx(1, "failed to create session");
605 605
606 CBS_init(&cbs, tlsext_supportedgroups_clienthello_secp384r1, 606 CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1,
607 sizeof(tlsext_supportedgroups_clienthello_secp384r1)); 607 sizeof(tlsext_supportedgroups_client_secp384r1));
608 if (!tlsext_supportedgroups_clienthello_parse(ssl, &cbs, &alert)) { 608 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) {
609 FAIL("failed to parse clienthello Ellipticcurves\n"); 609 FAIL("failed to parse client Ellipticcurves\n");
610 goto err; 610 goto err;
611 } 611 }
612 if (CBS_len(&cbs) != 0) { 612 if (CBS_len(&cbs) != 0) {
@@ -615,21 +615,21 @@ test_tlsext_supportedgroups_clienthello(void)
615 } 615 }
616 616
617 if (SSI(ssl)->tlsext_supportedgroups_length != 617 if (SSI(ssl)->tlsext_supportedgroups_length !=
618 sizeof(tlsext_supportedgroups_clienthello_secp384r1_val) / sizeof(uint16_t)) { 618 sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) {
619 FAIL("no tlsext_ellipticcurves from clienthello " 619 FAIL("no tlsext_ellipticcurves from client "
620 "Ellipticcurves\n"); 620 "Ellipticcurves\n");
621 goto err; 621 goto err;
622 } 622 }
623 623
624 if (memcmp(SSI(ssl)->tlsext_supportedgroups, 624 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
625 tlsext_supportedgroups_clienthello_secp384r1_val, 625 tlsext_supportedgroups_client_secp384r1_val,
626 sizeof(tlsext_supportedgroups_clienthello_secp384r1_val)) != 0) { 626 sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) {
627 FAIL("clienthello had an incorrect Ellipticcurves " 627 FAIL("client had an incorrect Ellipticcurves "
628 "entry\n"); 628 "entry\n");
629 compare_data2(SSI(ssl)->tlsext_supportedgroups, 629 compare_data2(SSI(ssl)->tlsext_supportedgroups,
630 SSI(ssl)->tlsext_supportedgroups_length * 2, 630 SSI(ssl)->tlsext_supportedgroups_length * 2,
631 tlsext_supportedgroups_clienthello_secp384r1_val, 631 tlsext_supportedgroups_client_secp384r1_val,
632 sizeof(tlsext_supportedgroups_clienthello_secp384r1_val)); 632 sizeof(tlsext_supportedgroups_client_secp384r1_val));
633 goto err; 633 goto err;
634 } 634 }
635 635
@@ -651,38 +651,38 @@ test_tlsext_supportedgroups_clienthello(void)
651 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1); 651 ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1);
652 ssl->internal->tlsext_supportedgroups_length = 2; 652 ssl->internal->tlsext_supportedgroups_length = 2;
653 653
654 if (!tlsext_supportedgroups_clienthello_needs(ssl)) { 654 if (!tlsext_supportedgroups_client_needs(ssl)) {
655 FAIL("clienthello should need Ellipticcurves\n"); 655 FAIL("client should need Ellipticcurves\n");
656 goto err; 656 goto err;
657 } 657 }
658 658
659 if (!tlsext_supportedgroups_clienthello_build(ssl, &cbb)) { 659 if (!tlsext_supportedgroups_client_build(ssl, &cbb)) {
660 FAIL("clienthello failed to build Ellipticcurves\n"); 660 FAIL("client failed to build Ellipticcurves\n");
661 goto err; 661 goto err;
662 } 662 }
663 663
664 if (!CBB_finish(&cbb, &data, &dlen)) 664 if (!CBB_finish(&cbb, &data, &dlen))
665 errx(1, "failed to finish CBB"); 665 errx(1, "failed to finish CBB");
666 666
667 if (dlen != sizeof(tlsext_supportedgroups_clienthello_nistp192and224)) { 667 if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) {
668 FAIL("got clienthello Ellipticcurves with length %zu, " 668 FAIL("got client Ellipticcurves with length %zu, "
669 "want length %zu\n", dlen, 669 "want length %zu\n", dlen,
670 sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); 670 sizeof(tlsext_supportedgroups_client_nistp192and224));
671 fprintf(stderr, "received:\n"); 671 fprintf(stderr, "received:\n");
672 hexdump(data, dlen); 672 hexdump(data, dlen);
673 fprintf(stderr, "test data:\n"); 673 fprintf(stderr, "test data:\n");
674 hexdump(tlsext_supportedgroups_clienthello_nistp192and224, 674 hexdump(tlsext_supportedgroups_client_nistp192and224,
675 sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); 675 sizeof(tlsext_supportedgroups_client_nistp192and224));
676 goto err; 676 goto err;
677 } 677 }
678 678
679 if (memcmp(data, tlsext_supportedgroups_clienthello_nistp192and224, dlen) != 0) { 679 if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) {
680 FAIL("clienthello Ellipticcurves differs:\n"); 680 FAIL("client Ellipticcurves differs:\n");
681 fprintf(stderr, "received:\n"); 681 fprintf(stderr, "received:\n");
682 hexdump(data, dlen); 682 hexdump(data, dlen);
683 fprintf(stderr, "test data:\n"); 683 fprintf(stderr, "test data:\n");
684 hexdump(tlsext_supportedgroups_clienthello_nistp192and224, 684 hexdump(tlsext_supportedgroups_client_nistp192and224,
685 sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); 685 sizeof(tlsext_supportedgroups_client_nistp192and224));
686 goto err; 686 goto err;
687 } 687 }
688 688
@@ -703,10 +703,10 @@ test_tlsext_supportedgroups_clienthello(void)
703 ssl->internal->tlsext_supportedgroups = NULL; 703 ssl->internal->tlsext_supportedgroups = NULL;
704 ssl->internal->tlsext_supportedgroups_length = 0; 704 ssl->internal->tlsext_supportedgroups_length = 0;
705 705
706 CBS_init(&cbs, tlsext_supportedgroups_clienthello_nistp192and224, 706 CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224,
707 sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); 707 sizeof(tlsext_supportedgroups_client_nistp192and224));
708 if (!tlsext_supportedgroups_clienthello_parse(ssl, &cbs, &alert)) { 708 if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) {
709 FAIL("failed to parse clienthello Ellipticcurves\n"); 709 FAIL("failed to parse client Ellipticcurves\n");
710 goto err; 710 goto err;
711 } 711 }
712 if (CBS_len(&cbs) != 0) { 712 if (CBS_len(&cbs) != 0) {
@@ -715,20 +715,19 @@ test_tlsext_supportedgroups_clienthello(void)
715 } 715 }
716 716
717 if (SSI(ssl)->tlsext_supportedgroups_length != 717 if (SSI(ssl)->tlsext_supportedgroups_length !=
718 sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val) / sizeof(uint16_t)) { 718 sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) {
719 FAIL("no tlsext_ellipticcurves from clienthello " 719 FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n");
720 "Ellipticcurves\n");
721 goto err; 720 goto err;
722 } 721 }
723 722
724 if (memcmp(SSI(ssl)->tlsext_supportedgroups, 723 if (memcmp(SSI(ssl)->tlsext_supportedgroups,
725 tlsext_supportedgroups_clienthello_nistp192and224_val, 724 tlsext_supportedgroups_client_nistp192and224_val,
726 sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val)) != 0) { 725 sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) {
727 FAIL("clienthello had an incorrect Ellipticcurves entry\n"); 726 FAIL("client had an incorrect Ellipticcurves entry\n");
728 compare_data2(SSI(ssl)->tlsext_supportedgroups, 727 compare_data2(SSI(ssl)->tlsext_supportedgroups,
729 SSI(ssl)->tlsext_supportedgroups_length * 2, 728 SSI(ssl)->tlsext_supportedgroups_length * 2,
730 tlsext_supportedgroups_clienthello_nistp192and224_val, 729 tlsext_supportedgroups_client_nistp192and224_val,
731 sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val)); 730 sizeof(tlsext_supportedgroups_client_nistp192and224_val));
732 goto err; 731 goto err;
733 } 732 }
734 733
@@ -746,7 +745,7 @@ test_tlsext_supportedgroups_clienthello(void)
746 745
747/* elliptic_curves is only used by the client so this doesn't test much. */ 746/* elliptic_curves is only used by the client so this doesn't test much. */
748static int 747static int
749test_tlsext_supportedgroups_serverhello(void) 748test_tlsext_supportedgroups_server(void)
750{ 749{
751 SSL_CTX *ssl_ctx = NULL; 750 SSL_CTX *ssl_ctx = NULL;
752 SSL *ssl = NULL; 751 SSL *ssl = NULL;
@@ -759,16 +758,16 @@ test_tlsext_supportedgroups_serverhello(void)
759 if ((ssl = SSL_new(ssl_ctx)) == NULL) 758 if ((ssl = SSL_new(ssl_ctx)) == NULL)
760 errx(1, "failed to create SSL"); 759 errx(1, "failed to create SSL");
761 760
762 if (tlsext_supportedgroups_serverhello_needs(ssl)) { 761 if (tlsext_supportedgroups_server_needs(ssl)) {
763 FAIL("serverhello should not need elliptic_curves\n"); 762 FAIL("server should not need elliptic_curves\n");
764 goto err; 763 goto err;
765 } 764 }
766 765
767 if ((ssl->session = SSL_SESSION_new()) == NULL) 766 if ((ssl->session = SSL_SESSION_new()) == NULL)
768 errx(1, "failed to create session"); 767 errx(1, "failed to create session");
769 768
770 if (tlsext_supportedgroups_serverhello_needs(ssl)) { 769 if (tlsext_supportedgroups_server_needs(ssl)) {
771 FAIL("serverhello should not need elliptic_curves\n"); 770 FAIL("server should not need elliptic_curves\n");
772 goto err; 771 goto err;
773 } 772 }
774 773
@@ -815,7 +814,7 @@ static uint8_t tlsext_ecpf_hello_prefer_order[] = {
815}; 814};
816 815
817static int 816static int
818test_tlsext_ecpf_clienthello(void) 817test_tlsext_ecpf_client(void)
819{ 818{
820 uint8_t *data = NULL; 819 uint8_t *data = NULL;
821 SSL_CTX *ssl_ctx = NULL; 820 SSL_CTX *ssl_ctx = NULL;
@@ -837,8 +836,8 @@ test_tlsext_ecpf_clienthello(void)
837 /* 836 /*
838 * Default ciphers include EC so we need it by default. 837 * Default ciphers include EC so we need it by default.
839 */ 838 */
840 if (!tlsext_ecpf_clienthello_needs(ssl)) { 839 if (!tlsext_ecpf_client_needs(ssl)) {
841 FAIL("clienthello should need ECPointFormats for default " 840 FAIL("client should need ECPointFormats for default "
842 "ciphers\n"); 841 "ciphers\n");
843 goto err; 842 goto err;
844 } 843 }
@@ -847,11 +846,11 @@ test_tlsext_ecpf_clienthello(void)
847 * Exclude EC cipher suites so we can test not including it. 846 * Exclude EC cipher suites so we can test not including it.
848 */ 847 */
849 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) { 848 if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) {
850 FAIL("clienthello should be able to set cipher list\n"); 849 FAIL("client should be able to set cipher list\n");
851 goto err; 850 goto err;
852 } 851 }
853 if (tlsext_ecpf_clienthello_needs(ssl)) { 852 if (tlsext_ecpf_client_needs(ssl)) {
854 FAIL("clienthello should not need ECPointFormats\n"); 853 FAIL("client should not need ECPointFormats\n");
855 goto err; 854 goto err;
856 } 855 }
857 856
@@ -859,11 +858,11 @@ test_tlsext_ecpf_clienthello(void)
859 * Use libtls default for the rest of the testing 858 * Use libtls default for the rest of the testing
860 */ 859 */
861 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { 860 if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) {
862 FAIL("clienthello should be able to set cipher list\n"); 861 FAIL("client should be able to set cipher list\n");
863 goto err; 862 goto err;
864 } 863 }
865 if (!tlsext_ecpf_clienthello_needs(ssl)) { 864 if (!tlsext_ecpf_client_needs(ssl)) {
866 FAIL("clienthello should need ECPointFormats\n"); 865 FAIL("client should need ECPointFormats\n");
867 goto err; 866 goto err;
868 } 867 }
869 868
@@ -873,8 +872,8 @@ test_tlsext_ecpf_clienthello(void)
873 if ((ssl->session = SSL_SESSION_new()) == NULL) 872 if ((ssl->session = SSL_SESSION_new()) == NULL)
874 errx(1, "failed to create session"); 873 errx(1, "failed to create session");
875 874
876 if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) { 875 if (!tlsext_ecpf_client_build(ssl, &cbb)) {
877 FAIL("clienthello failed to build ECPointFormats\n"); 876 FAIL("client failed to build ECPointFormats\n");
878 goto err; 877 goto err;
879 } 878 }
880 879
@@ -882,7 +881,7 @@ test_tlsext_ecpf_clienthello(void)
882 errx(1, "failed to finish CBB"); 881 errx(1, "failed to finish CBB");
883 882
884 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { 883 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
885 FAIL("got clienthello ECPointFormats with length %zu, " 884 FAIL("got client ECPointFormats with length %zu, "
886 "want length %zu\n", dlen, 885 "want length %zu\n", dlen,
887 sizeof(tlsext_ecpf_hello_uncompressed)); 886 sizeof(tlsext_ecpf_hello_uncompressed));
888 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 887 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
@@ -891,7 +890,7 @@ test_tlsext_ecpf_clienthello(void)
891 } 890 }
892 891
893 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { 892 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
894 FAIL("clienthello ECPointFormats differs:\n"); 893 FAIL("client ECPointFormats differs:\n");
895 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 894 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
896 sizeof(tlsext_ecpf_hello_uncompressed)); 895 sizeof(tlsext_ecpf_hello_uncompressed));
897 goto err; 896 goto err;
@@ -911,8 +910,8 @@ test_tlsext_ecpf_clienthello(void)
911 910
912 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, 911 CBS_init(&cbs, tlsext_ecpf_hello_uncompressed,
913 sizeof(tlsext_ecpf_hello_uncompressed)); 912 sizeof(tlsext_ecpf_hello_uncompressed));
914 if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) { 913 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) {
915 FAIL("failed to parse clienthello ECPointFormats\n"); 914 FAIL("failed to parse client ECPointFormats\n");
916 goto err; 915 goto err;
917 } 916 }
918 if (CBS_len(&cbs) != 0) { 917 if (CBS_len(&cbs) != 0) {
@@ -922,7 +921,7 @@ test_tlsext_ecpf_clienthello(void)
922 921
923 if (SSI(ssl)->tlsext_ecpointformatlist_length != 922 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
924 sizeof(tlsext_ecpf_hello_uncompressed_val)) { 923 sizeof(tlsext_ecpf_hello_uncompressed_val)) {
925 FAIL("no tlsext_ecpointformats from clienthello " 924 FAIL("no tlsext_ecpointformats from client "
926 "ECPointFormats\n"); 925 "ECPointFormats\n");
927 goto err; 926 goto err;
928 } 927 }
@@ -930,7 +929,7 @@ test_tlsext_ecpf_clienthello(void)
930 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, 929 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
931 tlsext_ecpf_hello_uncompressed_val, 930 tlsext_ecpf_hello_uncompressed_val,
932 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) { 931 sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) {
933 FAIL("clienthello had an incorrect ECPointFormats entry\n"); 932 FAIL("client had an incorrect ECPointFormats entry\n");
934 goto err; 933 goto err;
935 } 934 }
936 935
@@ -955,14 +954,14 @@ test_tlsext_ecpf_clienthello(void)
955 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 954 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
956 ssl->internal->tlsext_ecpointformatlist_length = 3; 955 ssl->internal->tlsext_ecpointformatlist_length = 3;
957 956
958 if (!tlsext_ecpf_clienthello_needs(ssl)) { 957 if (!tlsext_ecpf_client_needs(ssl)) {
959 FAIL("clienthello should need ECPointFormats with a custom " 958 FAIL("client should need ECPointFormats with a custom "
960 "format\n"); 959 "format\n");
961 goto err; 960 goto err;
962 } 961 }
963 962
964 if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) { 963 if (!tlsext_ecpf_client_build(ssl, &cbb)) {
965 FAIL("clienthello failed to build ECPointFormats\n"); 964 FAIL("client failed to build ECPointFormats\n");
966 goto err; 965 goto err;
967 } 966 }
968 967
@@ -970,7 +969,7 @@ test_tlsext_ecpf_clienthello(void)
970 errx(1, "failed to finish CBB"); 969 errx(1, "failed to finish CBB");
971 970
972 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { 971 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
973 FAIL("got clienthello ECPointFormats with length %zu, " 972 FAIL("got client ECPointFormats with length %zu, "
974 "want length %zu\n", dlen, 973 "want length %zu\n", dlen,
975 sizeof(tlsext_ecpf_hello_prefer_order)); 974 sizeof(tlsext_ecpf_hello_prefer_order));
976 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 975 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
@@ -979,7 +978,7 @@ test_tlsext_ecpf_clienthello(void)
979 } 978 }
980 979
981 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { 980 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
982 FAIL("clienthello ECPointFormats differs:\n"); 981 FAIL("client ECPointFormats differs:\n");
983 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 982 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
984 sizeof(tlsext_ecpf_hello_prefer_order)); 983 sizeof(tlsext_ecpf_hello_prefer_order));
985 goto err; 984 goto err;
@@ -1004,8 +1003,8 @@ test_tlsext_ecpf_clienthello(void)
1004 1003
1005 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1004 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1006 sizeof(tlsext_ecpf_hello_prefer_order)); 1005 sizeof(tlsext_ecpf_hello_prefer_order));
1007 if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) { 1006 if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) {
1008 FAIL("failed to parse clienthello ECPointFormats\n"); 1007 FAIL("failed to parse client ECPointFormats\n");
1009 goto err; 1008 goto err;
1010 } 1009 }
1011 if (CBS_len(&cbs) != 0) { 1010 if (CBS_len(&cbs) != 0) {
@@ -1015,7 +1014,7 @@ test_tlsext_ecpf_clienthello(void)
1015 1014
1016 if (SSI(ssl)->tlsext_ecpointformatlist_length != 1015 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1017 sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1016 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1018 FAIL("no tlsext_ecpointformats from clienthello " 1017 FAIL("no tlsext_ecpointformats from client "
1019 "ECPointFormats\n"); 1018 "ECPointFormats\n");
1020 goto err; 1019 goto err;
1021 } 1020 }
@@ -1023,7 +1022,7 @@ test_tlsext_ecpf_clienthello(void)
1023 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, 1022 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1024 tlsext_ecpf_hello_prefer_order_val, 1023 tlsext_ecpf_hello_prefer_order_val,
1025 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { 1024 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1026 FAIL("clienthello had an incorrect ECPointFormats entry\n"); 1025 FAIL("client had an incorrect ECPointFormats entry\n");
1027 goto err; 1026 goto err;
1028 } 1027 }
1029 1028
@@ -1040,7 +1039,7 @@ test_tlsext_ecpf_clienthello(void)
1040} 1039}
1041 1040
1042static int 1041static int
1043test_tlsext_ecpf_serverhello(void) 1042test_tlsext_ecpf_server(void)
1044{ 1043{
1045 uint8_t *data = NULL; 1044 uint8_t *data = NULL;
1046 SSL_CTX *ssl_ctx = NULL; 1045 SSL_CTX *ssl_ctx = NULL;
@@ -1066,7 +1065,7 @@ test_tlsext_ecpf_serverhello(void)
1066 if ((S3I(ssl)->hs.new_cipher = 1065 if ((S3I(ssl)->hs.new_cipher =
1067 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305)) 1066 ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305))
1068 == NULL) { 1067 == NULL) {
1069 FAIL("serverhello cannot find cipher\n"); 1068 FAIL("server cannot find cipher\n");
1070 goto err; 1069 goto err;
1071 } 1070 }
1072 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) 1071 if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t)))
@@ -1077,8 +1076,8 @@ test_tlsext_ecpf_serverhello(void)
1077 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; 1076 SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
1078 SSI(ssl)->tlsext_ecpointformatlist_length = 1; 1077 SSI(ssl)->tlsext_ecpointformatlist_length = 1;
1079 1078
1080 if (!tlsext_ecpf_serverhello_needs(ssl)) { 1079 if (!tlsext_ecpf_server_needs(ssl)) {
1081 FAIL("serverhello should need ECPointFormats now\n"); 1080 FAIL("server should need ECPointFormats now\n");
1082 goto err; 1081 goto err;
1083 } 1082 }
1084 1083
@@ -1086,8 +1085,8 @@ test_tlsext_ecpf_serverhello(void)
1086 * The server will ignore the session list and use either a custom 1085 * The server will ignore the session list and use either a custom
1087 * list or the default (uncompressed). 1086 * list or the default (uncompressed).
1088 */ 1087 */
1089 if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) { 1088 if (!tlsext_ecpf_server_build(ssl, &cbb)) {
1090 FAIL("serverhello failed to build ECPointFormats\n"); 1089 FAIL("server failed to build ECPointFormats\n");
1091 goto err; 1090 goto err;
1092 } 1091 }
1093 1092
@@ -1095,7 +1094,7 @@ test_tlsext_ecpf_serverhello(void)
1095 errx(1, "failed to finish CBB"); 1094 errx(1, "failed to finish CBB");
1096 1095
1097 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { 1096 if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) {
1098 FAIL("got serverhello ECPointFormats with length %zu, " 1097 FAIL("got server ECPointFormats with length %zu, "
1099 "want length %zu\n", dlen, 1098 "want length %zu\n", dlen,
1100 sizeof(tlsext_ecpf_hello_uncompressed)); 1099 sizeof(tlsext_ecpf_hello_uncompressed));
1101 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 1100 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
@@ -1104,7 +1103,7 @@ test_tlsext_ecpf_serverhello(void)
1104 } 1103 }
1105 1104
1106 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { 1105 if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) {
1107 FAIL("serverhello ECPointFormats differs:\n"); 1106 FAIL("server ECPointFormats differs:\n");
1108 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, 1107 compare_data(data, dlen, tlsext_ecpf_hello_uncompressed,
1109 sizeof(tlsext_ecpf_hello_uncompressed)); 1108 sizeof(tlsext_ecpf_hello_uncompressed));
1110 goto err; 1109 goto err;
@@ -1124,8 +1123,8 @@ test_tlsext_ecpf_serverhello(void)
1124 1123
1125 CBS_init(&cbs, tlsext_ecpf_hello_prime, 1124 CBS_init(&cbs, tlsext_ecpf_hello_prime,
1126 sizeof(tlsext_ecpf_hello_prime)); 1125 sizeof(tlsext_ecpf_hello_prime));
1127 if (tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) { 1126 if (tlsext_ecpf_client_parse(ssl, &cbs, &alert)) {
1128 FAIL("must include uncompressed in serverhello ECPointFormats\n"); 1127 FAIL("must include uncompressed in server ECPointFormats\n");
1129 goto err; 1128 goto err;
1130 } 1129 }
1131 if (CBS_len(&cbs) != 0) { 1130 if (CBS_len(&cbs) != 0) {
@@ -1164,13 +1163,13 @@ test_tlsext_ecpf_serverhello(void)
1164 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; 1163 ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
1165 ssl->internal->tlsext_ecpointformatlist_length = 3; 1164 ssl->internal->tlsext_ecpointformatlist_length = 3;
1166 1165
1167 if (!tlsext_ecpf_serverhello_needs(ssl)) { 1166 if (!tlsext_ecpf_server_needs(ssl)) {
1168 FAIL("serverhello should need ECPointFormats\n"); 1167 FAIL("server should need ECPointFormats\n");
1169 goto err; 1168 goto err;
1170 } 1169 }
1171 1170
1172 if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) { 1171 if (!tlsext_ecpf_server_build(ssl, &cbb)) {
1173 FAIL("serverhello failed to build ECPointFormats\n"); 1172 FAIL("server failed to build ECPointFormats\n");
1174 goto err; 1173 goto err;
1175 } 1174 }
1176 1175
@@ -1178,7 +1177,7 @@ test_tlsext_ecpf_serverhello(void)
1178 errx(1, "failed to finish CBB"); 1177 errx(1, "failed to finish CBB");
1179 1178
1180 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { 1179 if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) {
1181 FAIL("got serverhello ECPointFormats with length %zu, " 1180 FAIL("got server ECPointFormats with length %zu, "
1182 "want length %zu\n", dlen, 1181 "want length %zu\n", dlen,
1183 sizeof(tlsext_ecpf_hello_prefer_order)); 1182 sizeof(tlsext_ecpf_hello_prefer_order));
1184 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1183 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
@@ -1187,7 +1186,7 @@ test_tlsext_ecpf_serverhello(void)
1187 } 1186 }
1188 1187
1189 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { 1188 if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) {
1190 FAIL("serverhello ECPointFormats differs:\n"); 1189 FAIL("server ECPointFormats differs:\n");
1191 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, 1190 compare_data(data, dlen, tlsext_ecpf_hello_prefer_order,
1192 sizeof(tlsext_ecpf_hello_prefer_order)); 1191 sizeof(tlsext_ecpf_hello_prefer_order));
1193 goto err; 1192 goto err;
@@ -1212,8 +1211,8 @@ test_tlsext_ecpf_serverhello(void)
1212 1211
1213 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, 1212 CBS_init(&cbs, tlsext_ecpf_hello_prefer_order,
1214 sizeof(tlsext_ecpf_hello_prefer_order)); 1213 sizeof(tlsext_ecpf_hello_prefer_order));
1215 if (!tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) { 1214 if (!tlsext_ecpf_client_parse(ssl, &cbs, &alert)) {
1216 FAIL("failed to parse serverhello ECPointFormats\n"); 1215 FAIL("failed to parse server ECPointFormats\n");
1217 goto err; 1216 goto err;
1218 } 1217 }
1219 if (CBS_len(&cbs) != 0) { 1218 if (CBS_len(&cbs) != 0) {
@@ -1223,7 +1222,7 @@ test_tlsext_ecpf_serverhello(void)
1223 1222
1224 if (SSI(ssl)->tlsext_ecpointformatlist_length != 1223 if (SSI(ssl)->tlsext_ecpointformatlist_length !=
1225 sizeof(tlsext_ecpf_hello_prefer_order_val)) { 1224 sizeof(tlsext_ecpf_hello_prefer_order_val)) {
1226 FAIL("no tlsext_ecpointformats from serverhello " 1225 FAIL("no tlsext_ecpointformats from server "
1227 "ECPointFormats\n"); 1226 "ECPointFormats\n");
1228 goto err; 1227 goto err;
1229 } 1228 }
@@ -1231,7 +1230,7 @@ test_tlsext_ecpf_serverhello(void)
1231 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, 1230 if (memcmp(SSI(ssl)->tlsext_ecpointformatlist,
1232 tlsext_ecpf_hello_prefer_order_val, 1231 tlsext_ecpf_hello_prefer_order_val,
1233 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { 1232 sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) {
1234 FAIL("serverhello had an incorrect ECPointFormats entry\n"); 1233 FAIL("server had an incorrect ECPointFormats entry\n");
1235 goto err; 1234 goto err;
1236 } 1235 }
1237 1236
@@ -1260,13 +1259,13 @@ static unsigned char tlsext_ri_prev_server[] = {
1260 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, 1259 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00,
1261}; 1260};
1262 1261
1263static unsigned char tlsext_ri_clienthello[] = { 1262static unsigned char tlsext_ri_client[] = {
1264 0x10, 1263 0x10,
1265 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1264 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1266 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1265 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
1267}; 1266};
1268 1267
1269static unsigned char tlsext_ri_serverhello[] = { 1268static unsigned char tlsext_ri_server[] = {
1270 0x20, 1269 0x20,
1271 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 1270 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
1272 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 1271 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
@@ -1275,7 +1274,7 @@ static unsigned char tlsext_ri_serverhello[] = {
1275}; 1274};
1276 1275
1277static int 1276static int
1278test_tlsext_ri_clienthello(void) 1277test_tlsext_ri_client(void)
1279{ 1278{
1280 unsigned char *data = NULL; 1279 unsigned char *data = NULL;
1281 SSL_CTX *ssl_ctx = NULL; 1280 SSL_CTX *ssl_ctx = NULL;
@@ -1295,8 +1294,8 @@ test_tlsext_ri_clienthello(void)
1295 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1294 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1296 errx(1, "failed to create SSL"); 1295 errx(1, "failed to create SSL");
1297 1296
1298 if (tlsext_ri_clienthello_needs(ssl)) { 1297 if (tlsext_ri_client_needs(ssl)) {
1299 FAIL("clienthello should not need RI\n"); 1298 FAIL("client should not need RI\n");
1300 goto err; 1299 goto err;
1301 } 1300 }
1302 1301
@@ -1305,8 +1304,8 @@ test_tlsext_ri_clienthello(void)
1305 goto err; 1304 goto err;
1306 } 1305 }
1307 1306
1308 if (!tlsext_ri_clienthello_needs(ssl)) { 1307 if (!tlsext_ri_client_needs(ssl)) {
1309 FAIL("clienthello should need RI\n"); 1308 FAIL("client should need RI\n");
1310 goto err; 1309 goto err;
1311 } 1310 }
1312 1311
@@ -1316,32 +1315,32 @@ test_tlsext_ri_clienthello(void)
1316 1315
1317 S3I(ssl)->renegotiate_seen = 0; 1316 S3I(ssl)->renegotiate_seen = 0;
1318 1317
1319 if (!tlsext_ri_clienthello_build(ssl, &cbb)) { 1318 if (!tlsext_ri_client_build(ssl, &cbb)) {
1320 FAIL("clienthello failed to build RI\n"); 1319 FAIL("client failed to build RI\n");
1321 goto err; 1320 goto err;
1322 } 1321 }
1323 1322
1324 if (!CBB_finish(&cbb, &data, &dlen)) 1323 if (!CBB_finish(&cbb, &data, &dlen))
1325 errx(1, "failed to finish CBB"); 1324 errx(1, "failed to finish CBB");
1326 1325
1327 if (dlen != sizeof(tlsext_ri_clienthello)) { 1326 if (dlen != sizeof(tlsext_ri_client)) {
1328 FAIL("got clienthello RI with length %zu, " 1327 FAIL("got client RI with length %zu, "
1329 "want length %zu\n", dlen, sizeof(tlsext_ri_clienthello)); 1328 "want length %zu\n", dlen, sizeof(tlsext_ri_client));
1330 goto err; 1329 goto err;
1331 } 1330 }
1332 1331
1333 if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) { 1332 if (memcmp(data, tlsext_ri_client, dlen) != 0) {
1334 FAIL("clienthello RI differs:\n"); 1333 FAIL("client RI differs:\n");
1335 fprintf(stderr, "received:\n"); 1334 fprintf(stderr, "received:\n");
1336 hexdump(data, dlen); 1335 hexdump(data, dlen);
1337 fprintf(stderr, "test data:\n"); 1336 fprintf(stderr, "test data:\n");
1338 hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); 1337 hexdump(tlsext_ri_client, sizeof(tlsext_ri_client));
1339 goto err; 1338 goto err;
1340 } 1339 }
1341 1340
1342 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); 1341 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1343 if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) { 1342 if (!tlsext_ri_server_parse(ssl, &cbs, &alert)) {
1344 FAIL("failed to parse clienthello RI\n"); 1343 FAIL("failed to parse client RI\n");
1345 goto err; 1344 goto err;
1346 } 1345 }
1347 if (CBS_len(&cbs) != 0) { 1346 if (CBS_len(&cbs) != 0) {
@@ -1363,9 +1362,9 @@ test_tlsext_ri_clienthello(void)
1363 1362
1364 S3I(ssl)->renegotiate_seen = 0; 1363 S3I(ssl)->renegotiate_seen = 0;
1365 1364
1366 CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); 1365 CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client));
1367 if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) { 1366 if (tlsext_ri_server_parse(ssl, &cbs, &alert)) {
1368 FAIL("parsed invalid clienthello RI\n"); 1367 FAIL("parsed invalid client RI\n");
1369 failure = 1; 1368 failure = 1;
1370 goto err; 1369 goto err;
1371 } 1370 }
@@ -1387,7 +1386,7 @@ test_tlsext_ri_clienthello(void)
1387} 1386}
1388 1387
1389static int 1388static int
1390test_tlsext_ri_serverhello(void) 1389test_tlsext_ri_server(void)
1391{ 1390{
1392 unsigned char *data = NULL; 1391 unsigned char *data = NULL;
1393 SSL_CTX *ssl_ctx = NULL; 1392 SSL_CTX *ssl_ctx = NULL;
@@ -1407,15 +1406,15 @@ test_tlsext_ri_serverhello(void)
1407 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1406 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1408 errx(1, "failed to create SSL"); 1407 errx(1, "failed to create SSL");
1409 1408
1410 if (tlsext_ri_serverhello_needs(ssl)) { 1409 if (tlsext_ri_server_needs(ssl)) {
1411 FAIL("serverhello should not need RI\n"); 1410 FAIL("server should not need RI\n");
1412 goto err; 1411 goto err;
1413 } 1412 }
1414 1413
1415 S3I(ssl)->send_connection_binding = 1; 1414 S3I(ssl)->send_connection_binding = 1;
1416 1415
1417 if (!tlsext_ri_serverhello_needs(ssl)) { 1416 if (!tlsext_ri_server_needs(ssl)) {
1418 FAIL("serverhello should need RI\n"); 1417 FAIL("server should need RI\n");
1419 goto err; 1418 goto err;
1420 } 1419 }
1421 1420
@@ -1429,32 +1428,32 @@ test_tlsext_ri_serverhello(void)
1429 1428
1430 S3I(ssl)->renegotiate_seen = 0; 1429 S3I(ssl)->renegotiate_seen = 0;
1431 1430
1432 if (!tlsext_ri_serverhello_build(ssl, &cbb)) { 1431 if (!tlsext_ri_server_build(ssl, &cbb)) {
1433 FAIL("serverhello failed to build RI\n"); 1432 FAIL("server failed to build RI\n");
1434 goto err; 1433 goto err;
1435 } 1434 }
1436 1435
1437 if (!CBB_finish(&cbb, &data, &dlen)) 1436 if (!CBB_finish(&cbb, &data, &dlen))
1438 errx(1, "failed to finish CBB"); 1437 errx(1, "failed to finish CBB");
1439 1438
1440 if (dlen != sizeof(tlsext_ri_serverhello)) { 1439 if (dlen != sizeof(tlsext_ri_server)) {
1441 FAIL("got serverhello RI with length %zu, " 1440 FAIL("got server RI with length %zu, "
1442 "want length %zu\n", dlen, sizeof(tlsext_ri_serverhello)); 1441 "want length %zu\n", dlen, sizeof(tlsext_ri_server));
1443 goto err; 1442 goto err;
1444 } 1443 }
1445 1444
1446 if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) { 1445 if (memcmp(data, tlsext_ri_server, dlen) != 0) {
1447 FAIL("serverhello RI differs:\n"); 1446 FAIL("server RI differs:\n");
1448 fprintf(stderr, "received:\n"); 1447 fprintf(stderr, "received:\n");
1449 hexdump(data, dlen); 1448 hexdump(data, dlen);
1450 fprintf(stderr, "test data:\n"); 1449 fprintf(stderr, "test data:\n");
1451 hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); 1450 hexdump(tlsext_ri_server, sizeof(tlsext_ri_server));
1452 goto err; 1451 goto err;
1453 } 1452 }
1454 1453
1455 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); 1454 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1456 if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) { 1455 if (!tlsext_ri_client_parse(ssl, &cbs, &alert)) {
1457 FAIL("failed to parse serverhello RI\n"); 1456 FAIL("failed to parse server RI\n");
1458 goto err; 1457 goto err;
1459 } 1458 }
1460 if (CBS_len(&cbs) != 0) { 1459 if (CBS_len(&cbs) != 0) {
@@ -1478,9 +1477,9 @@ test_tlsext_ri_serverhello(void)
1478 1477
1479 S3I(ssl)->renegotiate_seen = 0; 1478 S3I(ssl)->renegotiate_seen = 0;
1480 1479
1481 CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); 1480 CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server));
1482 if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) { 1481 if (tlsext_ri_client_parse(ssl, &cbs, &alert)) {
1483 FAIL("parsed invalid serverhello RI\n"); 1482 FAIL("parsed invalid server RI\n");
1484 goto err; 1483 goto err;
1485 } 1484 }
1486 1485
@@ -1504,7 +1503,7 @@ test_tlsext_ri_serverhello(void)
1504 * Signature Algorithms - RFC 5246 section 7.4.1.4.1. 1503 * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
1505 */ 1504 */
1506 1505
1507static unsigned char tlsext_sigalgs_clienthello[] = { 1506static unsigned char tlsext_sigalgs_client[] = {
1508 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 1507 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef,
1509 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, 1508 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03,
1510 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, 1509 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03,
@@ -1512,7 +1511,7 @@ static unsigned char tlsext_sigalgs_clienthello[] = {
1512}; 1511};
1513 1512
1514static int 1513static int
1515test_tlsext_sigalgs_clienthello(void) 1514test_tlsext_sigalgs_client(void)
1516{ 1515{
1517 unsigned char *data = NULL; 1516 unsigned char *data = NULL;
1518 SSL_CTX *ssl_ctx = NULL; 1517 SSL_CTX *ssl_ctx = NULL;
@@ -1532,22 +1531,22 @@ test_tlsext_sigalgs_clienthello(void)
1532 1531
1533 ssl->client_version = TLS1_1_VERSION; 1532 ssl->client_version = TLS1_1_VERSION;
1534 1533
1535 if (tlsext_sigalgs_clienthello_needs(ssl)) { 1534 if (tlsext_sigalgs_client_needs(ssl)) {
1536 fprintf(stderr, "FAIL: clienthello should not need sigalgs\n"); 1535 fprintf(stderr, "FAIL: client should not need sigalgs\n");
1537 failure = 1; 1536 failure = 1;
1538 goto done; 1537 goto done;
1539 } 1538 }
1540 1539
1541 ssl->client_version = TLS1_2_VERSION; 1540 ssl->client_version = TLS1_2_VERSION;
1542 1541
1543 if (!tlsext_sigalgs_clienthello_needs(ssl)) { 1542 if (!tlsext_sigalgs_client_needs(ssl)) {
1544 fprintf(stderr, "FAIL: clienthello should need sigalgs\n"); 1543 fprintf(stderr, "FAIL: client should need sigalgs\n");
1545 failure = 1; 1544 failure = 1;
1546 goto done; 1545 goto done;
1547 } 1546 }
1548 1547
1549 if (!tlsext_sigalgs_clienthello_build(ssl, &cbb)) { 1548 if (!tlsext_sigalgs_client_build(ssl, &cbb)) {
1550 fprintf(stderr, "FAIL: clienthello failed to build sigalgs\n"); 1549 fprintf(stderr, "FAIL: client failed to build sigalgs\n");
1551 failure = 1; 1550 failure = 1;
1552 goto done; 1551 goto done;
1553 } 1552 }
@@ -1555,26 +1554,26 @@ test_tlsext_sigalgs_clienthello(void)
1555 if (!CBB_finish(&cbb, &data, &dlen)) 1554 if (!CBB_finish(&cbb, &data, &dlen))
1556 errx(1, "failed to finish CBB"); 1555 errx(1, "failed to finish CBB");
1557 1556
1558 if (dlen != sizeof(tlsext_sigalgs_clienthello)) { 1557 if (dlen != sizeof(tlsext_sigalgs_client)) {
1559 fprintf(stderr, "FAIL: got clienthello sigalgs with length %zu, " 1558 fprintf(stderr, "FAIL: got client sigalgs with length %zu, "
1560 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_clienthello)); 1559 "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client));
1561 failure = 1; 1560 failure = 1;
1562 goto done; 1561 goto done;
1563 } 1562 }
1564 1563
1565 if (memcmp(data, tlsext_sigalgs_clienthello, dlen) != 0) { 1564 if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) {
1566 fprintf(stderr, "FAIL: clienthello SNI differs:\n"); 1565 fprintf(stderr, "FAIL: client SNI differs:\n");
1567 fprintf(stderr, "received:\n"); 1566 fprintf(stderr, "received:\n");
1568 hexdump(data, dlen); 1567 hexdump(data, dlen);
1569 fprintf(stderr, "test data:\n"); 1568 fprintf(stderr, "test data:\n");
1570 hexdump(tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); 1569 hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1571 failure = 1; 1570 failure = 1;
1572 goto done; 1571 goto done;
1573 } 1572 }
1574 1573
1575 CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); 1574 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1576 if (!tlsext_sigalgs_clienthello_parse(ssl, &cbs, &alert)) { 1575 if (!tlsext_sigalgs_server_parse(ssl, &cbs, &alert)) {
1577 fprintf(stderr, "FAIL: failed to parse clienthello SNI\n"); 1576 fprintf(stderr, "FAIL: failed to parse client SNI\n");
1578 failure = 1; 1577 failure = 1;
1579 goto done; 1578 goto done;
1580 } 1579 }
@@ -1614,7 +1613,7 @@ test_tlsext_sigalgs_clienthello(void)
1614} 1613}
1615 1614
1616static int 1615static int
1617test_tlsext_sigalgs_serverhello(void) 1616test_tlsext_sigalgs_server(void)
1618{ 1617{
1619 unsigned char *data = NULL; 1618 unsigned char *data = NULL;
1620 SSL_CTX *ssl_ctx = NULL; 1619 SSL_CTX *ssl_ctx = NULL;
@@ -1632,14 +1631,14 @@ test_tlsext_sigalgs_serverhello(void)
1632 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1631 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1633 errx(1, "failed to create SSL"); 1632 errx(1, "failed to create SSL");
1634 1633
1635 if (tlsext_sigalgs_serverhello_needs(ssl)) { 1634 if (tlsext_sigalgs_server_needs(ssl)) {
1636 fprintf(stderr, "FAIL: serverhello should not need sigalgs\n"); 1635 fprintf(stderr, "FAIL: server should not need sigalgs\n");
1637 failure = 1; 1636 failure = 1;
1638 goto done; 1637 goto done;
1639 } 1638 }
1640 1639
1641 if (tlsext_sigalgs_serverhello_build(ssl, &cbb)) { 1640 if (tlsext_sigalgs_server_build(ssl, &cbb)) {
1642 fprintf(stderr, "FAIL: serverhello should not build sigalgs\n"); 1641 fprintf(stderr, "FAIL: server should not build sigalgs\n");
1643 failure = 1; 1642 failure = 1;
1644 goto done; 1643 goto done;
1645 } 1644 }
@@ -1647,9 +1646,9 @@ test_tlsext_sigalgs_serverhello(void)
1647 if (!CBB_finish(&cbb, &data, &dlen)) 1646 if (!CBB_finish(&cbb, &data, &dlen))
1648 errx(1, "failed to finish CBB"); 1647 errx(1, "failed to finish CBB");
1649 1648
1650 CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); 1649 CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client));
1651 if (tlsext_sigalgs_serverhello_parse(ssl, &cbs, &alert)) { 1650 if (tlsext_sigalgs_client_parse(ssl, &cbs, &alert)) {
1652 fprintf(stderr, "FAIL: serverhello should not parse sigalgs\n"); 1651 fprintf(stderr, "FAIL: server should not parse sigalgs\n");
1653 failure = 1; 1652 failure = 1;
1654 goto done; 1653 goto done;
1655 } 1654 }
@@ -1669,17 +1668,17 @@ test_tlsext_sigalgs_serverhello(void)
1669 1668
1670#define TEST_SNI_SERVERNAME "www.libressl.org" 1669#define TEST_SNI_SERVERNAME "www.libressl.org"
1671 1670
1672static unsigned char tlsext_sni_clienthello[] = { 1671static unsigned char tlsext_sni_client[] = {
1673 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77, 1672 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77,
1674 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73, 1673 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73,
1675 0x6c, 0x2e, 0x6f, 0x72, 0x67, 1674 0x6c, 0x2e, 0x6f, 0x72, 0x67,
1676}; 1675};
1677 1676
1678static unsigned char tlsext_sni_serverhello[] = { 1677static unsigned char tlsext_sni_server[] = {
1679}; 1678};
1680 1679
1681static int 1680static int
1682test_tlsext_sni_clienthello(void) 1681test_tlsext_sni_client(void)
1683{ 1682{
1684 unsigned char *data = NULL; 1683 unsigned char *data = NULL;
1685 SSL_CTX *ssl_ctx = NULL; 1684 SSL_CTX *ssl_ctx = NULL;
@@ -1699,8 +1698,8 @@ test_tlsext_sni_clienthello(void)
1699 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1698 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1700 errx(1, "failed to create SSL"); 1699 errx(1, "failed to create SSL");
1701 1700
1702 if (tlsext_sni_clienthello_needs(ssl)) { 1701 if (tlsext_sni_client_needs(ssl)) {
1703 FAIL("clienthello should not need SNI\n"); 1702 FAIL("client should not need SNI\n");
1704 goto err; 1703 goto err;
1705 } 1704 }
1706 1705
@@ -1709,31 +1708,31 @@ test_tlsext_sni_clienthello(void)
1709 goto err; 1708 goto err;
1710 } 1709 }
1711 1710
1712 if (!tlsext_sni_clienthello_needs(ssl)) { 1711 if (!tlsext_sni_client_needs(ssl)) {
1713 FAIL("clienthello should need SNI\n"); 1712 FAIL("client should need SNI\n");
1714 goto err; 1713 goto err;
1715 } 1714 }
1716 1715
1717 if (!tlsext_sni_clienthello_build(ssl, &cbb)) { 1716 if (!tlsext_sni_client_build(ssl, &cbb)) {
1718 FAIL("clienthello failed to build SNI\n"); 1717 FAIL("client failed to build SNI\n");
1719 goto err; 1718 goto err;
1720 } 1719 }
1721 1720
1722 if (!CBB_finish(&cbb, &data, &dlen)) 1721 if (!CBB_finish(&cbb, &data, &dlen))
1723 errx(1, "failed to finish CBB"); 1722 errx(1, "failed to finish CBB");
1724 1723
1725 if (dlen != sizeof(tlsext_sni_clienthello)) { 1724 if (dlen != sizeof(tlsext_sni_client)) {
1726 FAIL("got clienthello SNI with length %zu, " 1725 FAIL("got client SNI with length %zu, "
1727 "want length %zu\n", dlen, sizeof(tlsext_sni_clienthello)); 1726 "want length %zu\n", dlen, sizeof(tlsext_sni_client));
1728 goto err; 1727 goto err;
1729 } 1728 }
1730 1729
1731 if (memcmp(data, tlsext_sni_clienthello, dlen) != 0) { 1730 if (memcmp(data, tlsext_sni_client, dlen) != 0) {
1732 FAIL("clienthello SNI differs:\n"); 1731 FAIL("client SNI differs:\n");
1733 fprintf(stderr, "received:\n"); 1732 fprintf(stderr, "received:\n");
1734 hexdump(data, dlen); 1733 hexdump(data, dlen);
1735 fprintf(stderr, "test data:\n"); 1734 fprintf(stderr, "test data:\n");
1736 hexdump(tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); 1735 hexdump(tlsext_sni_client, sizeof(tlsext_sni_client));
1737 goto err; 1736 goto err;
1738 } 1737 }
1739 1738
@@ -1742,9 +1741,9 @@ test_tlsext_sni_clienthello(void)
1742 1741
1743 ssl->internal->hit = 0; 1742 ssl->internal->hit = 0;
1744 1743
1745 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); 1744 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1746 if (!tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) { 1745 if (!tlsext_sni_server_parse(ssl, &cbs, &alert)) {
1747 FAIL("failed to parse clienthello SNI\n"); 1746 FAIL("failed to parse client SNI\n");
1748 goto err; 1747 goto err;
1749 } 1748 }
1750 if (CBS_len(&cbs) != 0) { 1749 if (CBS_len(&cbs) != 0) {
@@ -1753,7 +1752,7 @@ test_tlsext_sni_clienthello(void)
1753 } 1752 }
1754 1753
1755 if (ssl->session->tlsext_hostname == NULL) { 1754 if (ssl->session->tlsext_hostname == NULL) {
1756 FAIL("no tlsext_hostname from clienthello SNI\n"); 1755 FAIL("no tlsext_hostname from client SNI\n");
1757 goto err; 1756 goto err;
1758 } 1757 }
1759 1758
@@ -1771,9 +1770,9 @@ test_tlsext_sni_clienthello(void)
1771 NULL) 1770 NULL)
1772 errx(1, "failed to strdup tlsext_hostname"); 1771 errx(1, "failed to strdup tlsext_hostname");
1773 1772
1774 CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); 1773 CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client));
1775 if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) { 1774 if (tlsext_sni_server_parse(ssl, &cbs, &alert)) {
1776 FAIL("parsed clienthello with mismatched SNI\n"); 1775 FAIL("parsed client with mismatched SNI\n");
1777 goto err; 1776 goto err;
1778 } 1777 }
1779 1778
@@ -1789,7 +1788,7 @@ test_tlsext_sni_clienthello(void)
1789} 1788}
1790 1789
1791static int 1790static int
1792test_tlsext_sni_serverhello(void) 1791test_tlsext_sni_server(void)
1793{ 1792{
1794 unsigned char *data = NULL; 1793 unsigned char *data = NULL;
1795 SSL_CTX *ssl_ctx = NULL; 1794 SSL_CTX *ssl_ctx = NULL;
@@ -1812,8 +1811,8 @@ test_tlsext_sni_serverhello(void)
1812 if ((ssl->session = SSL_SESSION_new()) == NULL) 1811 if ((ssl->session = SSL_SESSION_new()) == NULL)
1813 errx(1, "failed to create session"); 1812 errx(1, "failed to create session");
1814 1813
1815 if (tlsext_sni_serverhello_needs(ssl)) { 1814 if (tlsext_sni_server_needs(ssl)) {
1816 FAIL("serverhello should not need SNI\n"); 1815 FAIL("server should not need SNI\n");
1817 goto err; 1816 goto err;
1818 } 1817 }
1819 1818
@@ -1826,40 +1825,40 @@ test_tlsext_sni_serverhello(void)
1826 NULL) 1825 NULL)
1827 errx(1, "failed to strdup tlsext_hostname"); 1826 errx(1, "failed to strdup tlsext_hostname");
1828 1827
1829 if (!tlsext_sni_serverhello_needs(ssl)) { 1828 if (!tlsext_sni_server_needs(ssl)) {
1830 FAIL("serverhello should need SNI\n"); 1829 FAIL("server should need SNI\n");
1831 goto err; 1830 goto err;
1832 } 1831 }
1833 1832
1834 if (!tlsext_sni_serverhello_build(ssl, &cbb)) { 1833 if (!tlsext_sni_server_build(ssl, &cbb)) {
1835 FAIL("serverhello failed to build SNI\n"); 1834 FAIL("server failed to build SNI\n");
1836 goto err; 1835 goto err;
1837 } 1836 }
1838 1837
1839 if (!CBB_finish(&cbb, &data, &dlen)) 1838 if (!CBB_finish(&cbb, &data, &dlen))
1840 errx(1, "failed to finish CBB"); 1839 errx(1, "failed to finish CBB");
1841 1840
1842 if (dlen != sizeof(tlsext_sni_serverhello)) { 1841 if (dlen != sizeof(tlsext_sni_server)) {
1843 FAIL("got serverhello SNI with length %zu, " 1842 FAIL("got server SNI with length %zu, "
1844 "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello)); 1843 "want length %zu\n", dlen, sizeof(tlsext_sni_server));
1845 goto err; 1844 goto err;
1846 } 1845 }
1847 1846
1848 if (memcmp(data, tlsext_sni_serverhello, dlen) != 0) { 1847 if (memcmp(data, tlsext_sni_server, dlen) != 0) {
1849 FAIL("serverhello SNI differs:\n"); 1848 FAIL("server SNI differs:\n");
1850 fprintf(stderr, "received:\n"); 1849 fprintf(stderr, "received:\n");
1851 hexdump(data, dlen); 1850 hexdump(data, dlen);
1852 fprintf(stderr, "test data:\n"); 1851 fprintf(stderr, "test data:\n");
1853 hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello)); 1852 hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
1854 goto err; 1853 goto err;
1855 } 1854 }
1856 1855
1857 free(ssl->session->tlsext_hostname); 1856 free(ssl->session->tlsext_hostname);
1858 ssl->session->tlsext_hostname = NULL; 1857 ssl->session->tlsext_hostname = NULL;
1859 1858
1860 CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello)); 1859 CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
1861 if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) { 1860 if (!tlsext_sni_client_parse(ssl, &cbs, &alert)) {
1862 FAIL("failed to parse serverhello SNI\n"); 1861 FAIL("failed to parse server SNI\n");
1863 goto err; 1862 goto err;
1864 } 1863 }
1865 if (CBS_len(&cbs) != 0) { 1864 if (CBS_len(&cbs) != 0) {
@@ -1868,7 +1867,7 @@ test_tlsext_sni_serverhello(void)
1868 } 1867 }
1869 1868
1870 if (ssl->session->tlsext_hostname == NULL) { 1869 if (ssl->session->tlsext_hostname == NULL) {
1871 FAIL("no tlsext_hostname after serverhello SNI\n"); 1870 FAIL("no tlsext_hostname after server SNI\n");
1872 goto err; 1871 goto err;
1873 } 1872 }
1874 1873
@@ -1891,12 +1890,12 @@ test_tlsext_sni_serverhello(void)
1891 return (failure); 1890 return (failure);
1892} 1891}
1893 1892
1894static unsigned char tls_ocsp_clienthello_default[] = { 1893static unsigned char tls_ocsp_client_default[] = {
1895 0x01, 0x00, 0x00, 0x00, 0x00 1894 0x01, 0x00, 0x00, 0x00, 0x00
1896}; 1895};
1897 1896
1898static int 1897static int
1899test_tlsext_ocsp_clienthello(void) 1898test_tlsext_ocsp_client(void)
1900{ 1899{
1901 unsigned char *data = NULL; 1900 unsigned char *data = NULL;
1902 SSL_CTX *ssl_ctx = NULL; 1901 SSL_CTX *ssl_ctx = NULL;
@@ -1916,42 +1915,42 @@ test_tlsext_ocsp_clienthello(void)
1916 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1915 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1917 errx(1, "failed to create SSL"); 1916 errx(1, "failed to create SSL");
1918 1917
1919 if (tlsext_ocsp_clienthello_needs(ssl)) { 1918 if (tlsext_ocsp_client_needs(ssl)) {
1920 FAIL("clienthello should not need ocsp\n"); 1919 FAIL("client should not need ocsp\n");
1921 goto err; 1920 goto err;
1922 } 1921 }
1923 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); 1922 SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp);
1924 1923
1925 if (!tlsext_ocsp_clienthello_needs(ssl)) { 1924 if (!tlsext_ocsp_client_needs(ssl)) {
1926 FAIL("clienthello should need ocsp\n"); 1925 FAIL("client should need ocsp\n");
1927 goto err; 1926 goto err;
1928 } 1927 }
1929 if (!tlsext_ocsp_clienthello_build(ssl, &cbb)) { 1928 if (!tlsext_ocsp_client_build(ssl, &cbb)) {
1930 FAIL("clienthello failed to build SNI\n"); 1929 FAIL("client failed to build SNI\n");
1931 goto err; 1930 goto err;
1932 } 1931 }
1933 if (!CBB_finish(&cbb, &data, &dlen)) 1932 if (!CBB_finish(&cbb, &data, &dlen))
1934 errx(1, "failed to finish CBB"); 1933 errx(1, "failed to finish CBB");
1935 1934
1936 if (dlen != sizeof(tls_ocsp_clienthello_default)) { 1935 if (dlen != sizeof(tls_ocsp_client_default)) {
1937 FAIL("got ocsp clienthello with length %zu, " 1936 FAIL("got ocsp client with length %zu, "
1938 "want length %zu\n", dlen, 1937 "want length %zu\n", dlen,
1939 sizeof(tls_ocsp_clienthello_default)); 1938 sizeof(tls_ocsp_client_default));
1940 goto err; 1939 goto err;
1941 } 1940 }
1942 if (memcmp(data, tls_ocsp_clienthello_default, dlen) != 0) { 1941 if (memcmp(data, tls_ocsp_client_default, dlen) != 0) {
1943 FAIL("ocsp clienthello differs:\n"); 1942 FAIL("ocsp client differs:\n");
1944 fprintf(stderr, "received:\n"); 1943 fprintf(stderr, "received:\n");
1945 hexdump(data, dlen); 1944 hexdump(data, dlen);
1946 fprintf(stderr, "test data:\n"); 1945 fprintf(stderr, "test data:\n");
1947 hexdump(tls_ocsp_clienthello_default, 1946 hexdump(tls_ocsp_client_default,
1948 sizeof(tls_ocsp_clienthello_default)); 1947 sizeof(tls_ocsp_client_default));
1949 goto err; 1948 goto err;
1950 } 1949 }
1951 CBS_init(&cbs, tls_ocsp_clienthello_default, 1950 CBS_init(&cbs, tls_ocsp_client_default,
1952 sizeof(tls_ocsp_clienthello_default)); 1951 sizeof(tls_ocsp_client_default));
1953 if (!tlsext_ocsp_clienthello_parse(ssl, &cbs, &alert)) { 1952 if (!tlsext_ocsp_server_parse(ssl, &cbs, &alert)) {
1954 FAIL("failed to parse ocsp clienthello\n"); 1953 FAIL("failed to parse ocsp client\n");
1955 goto err; 1954 goto err;
1956 } 1955 }
1957 if (CBS_len(&cbs) != 0) { 1956 if (CBS_len(&cbs) != 0) {
@@ -1971,7 +1970,7 @@ test_tlsext_ocsp_clienthello(void)
1971} 1970}
1972 1971
1973static int 1972static int
1974test_tlsext_ocsp_serverhello(void) 1973test_tlsext_ocsp_server(void)
1975{ 1974{
1976 unsigned char *data = NULL; 1975 unsigned char *data = NULL;
1977 SSL_CTX *ssl_ctx = NULL; 1976 SSL_CTX *ssl_ctx = NULL;
@@ -1989,19 +1988,19 @@ test_tlsext_ocsp_serverhello(void)
1989 if ((ssl = SSL_new(ssl_ctx)) == NULL) 1988 if ((ssl = SSL_new(ssl_ctx)) == NULL)
1990 errx(1, "failed to create SSL"); 1989 errx(1, "failed to create SSL");
1991 1990
1992 if (tlsext_ocsp_serverhello_needs(ssl)) { 1991 if (tlsext_ocsp_server_needs(ssl)) {
1993 FAIL("serverhello should not need ocsp\n"); 1992 FAIL("server should not need ocsp\n");
1994 goto err; 1993 goto err;
1995 } 1994 }
1996 1995
1997 ssl->internal->tlsext_status_expected = 1; 1996 ssl->internal->tlsext_status_expected = 1;
1998 1997
1999 if (!tlsext_ocsp_serverhello_needs(ssl)) { 1998 if (!tlsext_ocsp_server_needs(ssl)) {
2000 FAIL("serverhello should need ocsp\n"); 1999 FAIL("server should need ocsp\n");
2001 goto err; 2000 goto err;
2002 } 2001 }
2003 if (!tlsext_ocsp_serverhello_build(ssl, &cbb)) { 2002 if (!tlsext_ocsp_server_build(ssl, &cbb)) {
2004 FAIL("serverhello failed to build ocsp\n"); 2003 FAIL("server failed to build ocsp\n");
2005 goto err; 2004 goto err;
2006 } 2005 }
2007 2006
@@ -2030,7 +2029,7 @@ static uint8_t tlsext_sessionticket_hello_min[1];
2030static uint8_t tlsext_sessionticket_hello_max[65535]; 2029static uint8_t tlsext_sessionticket_hello_max[65535];
2031 2030
2032static int 2031static int
2033test_tlsext_sessionticket_clienthello(void) 2032test_tlsext_sessionticket_client(void)
2034{ 2033{
2035 unsigned char *data = NULL; 2034 unsigned char *data = NULL;
2036 SSL_CTX *ssl_ctx = NULL; 2035 SSL_CTX *ssl_ctx = NULL;
@@ -2056,8 +2055,8 @@ test_tlsext_sessionticket_clienthello(void)
2056 errx(1, "failed to create SSL"); 2055 errx(1, "failed to create SSL");
2057 2056
2058 /* Should need a ticket by default. */ 2057 /* Should need a ticket by default. */
2059 if (!tlsext_sessionticket_clienthello_needs(ssl)) { 2058 if (!tlsext_sessionticket_client_needs(ssl)) {
2060 FAIL("clienthello should need Sessionticket for default " 2059 FAIL("client should need Sessionticket for default "
2061 "ciphers\n"); 2060 "ciphers\n");
2062 goto err; 2061 goto err;
2063 } 2062 }
@@ -2067,8 +2066,8 @@ test_tlsext_sessionticket_clienthello(void)
2067 FAIL("Cannot disable tickets in the TLS connection"); 2066 FAIL("Cannot disable tickets in the TLS connection");
2068 return 0; 2067 return 0;
2069 } 2068 }
2070 if (tlsext_sessionticket_clienthello_needs(ssl)) { 2069 if (tlsext_sessionticket_client_needs(ssl)) {
2071 FAIL("clienthello should not need SessionTicket if it was disabled"); 2070 FAIL("client should not need SessionTicket if it was disabled");
2072 goto err; 2071 goto err;
2073 } 2072 }
2074 2073
@@ -2077,13 +2076,13 @@ test_tlsext_sessionticket_clienthello(void)
2077 FAIL("Cannot re-enable tickets in the TLS connection"); 2076 FAIL("Cannot re-enable tickets in the TLS connection");
2078 return 0; 2077 return 0;
2079 } 2078 }
2080 if (!tlsext_sessionticket_clienthello_needs(ssl)) { 2079 if (!tlsext_sessionticket_client_needs(ssl)) {
2081 FAIL("clienthello should need SessionTicket if it was disabled"); 2080 FAIL("client should need SessionTicket if it was disabled");
2082 goto err; 2081 goto err;
2083 } 2082 }
2084 2083
2085 /* Since we don't have a session, we should build an empty ticket. */ 2084 /* Since we don't have a session, we should build an empty ticket. */
2086 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { 2085 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2087 FAIL("Cannot build a ticket"); 2086 FAIL("Cannot build a ticket");
2088 goto err; 2087 goto err;
2089 } 2088 }
@@ -2104,11 +2103,11 @@ test_tlsext_sessionticket_clienthello(void)
2104 /* With a new session (but no ticket), we should still have 0 length */ 2103 /* With a new session (but no ticket), we should still have 0 length */
2105 if ((ssl->session = SSL_SESSION_new()) == NULL) 2104 if ((ssl->session = SSL_SESSION_new()) == NULL)
2106 errx(1, "failed to create session"); 2105 errx(1, "failed to create session");
2107 if (!tlsext_sessionticket_clienthello_needs(ssl)) { 2106 if (!tlsext_sessionticket_client_needs(ssl)) {
2108 FAIL("Should still want a session ticket with a new session"); 2107 FAIL("Should still want a session ticket with a new session");
2109 goto err; 2108 goto err;
2110 } 2109 }
2111 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { 2110 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2112 FAIL("Cannot build a ticket"); 2111 FAIL("Cannot build a ticket");
2113 goto err; 2112 goto err;
2114 } 2113 }
@@ -2138,11 +2137,11 @@ test_tlsext_sessionticket_clienthello(void)
2138 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); 2137 memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy));
2139 ssl->session->tlsext_ticklen = sizeof(dummy); 2138 ssl->session->tlsext_ticklen = sizeof(dummy);
2140 2139
2141 if (!tlsext_sessionticket_clienthello_needs(ssl)) { 2140 if (!tlsext_sessionticket_client_needs(ssl)) {
2142 FAIL("Should still want a session ticket with a new session"); 2141 FAIL("Should still want a session ticket with a new session");
2143 goto err; 2142 goto err;
2144 } 2143 }
2145 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { 2144 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2146 FAIL("Cannot build a ticket"); 2145 FAIL("Cannot build a ticket");
2147 goto err; 2146 goto err;
2148 } 2147 }
@@ -2155,7 +2154,7 @@ test_tlsext_sessionticket_clienthello(void)
2155 goto err; 2154 goto err;
2156 } 2155 }
2157 if (memcmp(data, dummy, dlen) != 0) { 2156 if (memcmp(data, dummy, dlen) != 0) {
2158 FAIL("serverhello SNI differs:\n"); 2157 FAIL("server SNI differs:\n");
2159 compare_data(data, dlen, 2158 compare_data(data, dlen,
2160 dummy, sizeof(dummy)); 2159 dummy, sizeof(dummy));
2161 goto err; 2160 goto err;
@@ -2178,7 +2177,7 @@ test_tlsext_sessionticket_clienthello(void)
2178 goto err; 2177 goto err;
2179 } 2178 }
2180 /* Should not need a ticket in this case */ 2179 /* Should not need a ticket in this case */
2181 if (tlsext_sessionticket_clienthello_needs(ssl)) { 2180 if (tlsext_sessionticket_client_needs(ssl)) {
2182 FAIL("Should not want to use session tickets with a NULL custom"); 2181 FAIL("Should not want to use session tickets with a NULL custom");
2183 goto err; 2182 goto err;
2184 } 2183 }
@@ -2190,7 +2189,7 @@ test_tlsext_sessionticket_clienthello(void)
2190 free(ssl->internal->tlsext_session_ticket); 2189 free(ssl->internal->tlsext_session_ticket);
2191 ssl->internal->tlsext_session_ticket = NULL; 2190 ssl->internal->tlsext_session_ticket = NULL;
2192 2191
2193 if (!tlsext_sessionticket_clienthello_needs(ssl)) { 2192 if (!tlsext_sessionticket_client_needs(ssl)) {
2194 FAIL("Should need a session ticket again when the custom one is removed"); 2193 FAIL("Should need a session ticket again when the custom one is removed");
2195 goto err; 2194 goto err;
2196 } 2195 }
@@ -2201,11 +2200,11 @@ test_tlsext_sessionticket_clienthello(void)
2201 FAIL("Should be able to set a custom ticket"); 2200 FAIL("Should be able to set a custom ticket");
2202 goto err; 2201 goto err;
2203 } 2202 }
2204 if (!tlsext_sessionticket_clienthello_needs(ssl)) { 2203 if (!tlsext_sessionticket_client_needs(ssl)) {
2205 FAIL("Should need a session ticket again when the custom one is not empty"); 2204 FAIL("Should need a session ticket again when the custom one is not empty");
2206 goto err; 2205 goto err;
2207 } 2206 }
2208 if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { 2207 if (!tlsext_sessionticket_client_build(ssl, &cbb)) {
2209 FAIL("Cannot build a ticket with a max length random payload"); 2208 FAIL("Cannot build a ticket with a max length random payload");
2210 goto err; 2209 goto err;
2211 } 2210 }
@@ -2240,7 +2239,7 @@ test_tlsext_sessionticket_clienthello(void)
2240 2239
2241 2240
2242static int 2241static int
2243test_tlsext_sessionticket_serverhello(void) 2242test_tlsext_sessionticket_server(void)
2244{ 2243{
2245 SSL_CTX *ssl_ctx = NULL; 2244 SSL_CTX *ssl_ctx = NULL;
2246 SSL *ssl = NULL; 2245 SSL *ssl = NULL;
@@ -2262,8 +2261,8 @@ test_tlsext_sessionticket_serverhello(void)
2262 * By default, should not need a session ticket since the ticket 2261 * By default, should not need a session ticket since the ticket
2263 * is not yet expected. 2262 * is not yet expected.
2264 */ 2263 */
2265 if (tlsext_sessionticket_serverhello_needs(ssl)) { 2264 if (tlsext_sessionticket_server_needs(ssl)) {
2266 FAIL("serverhello should not need SessionTicket by default\n"); 2265 FAIL("server should not need SessionTicket by default\n");
2267 goto err; 2266 goto err;
2268 } 2267 }
2269 2268
@@ -2272,8 +2271,8 @@ test_tlsext_sessionticket_serverhello(void)
2272 FAIL("Cannot disable tickets in the TLS connection"); 2271 FAIL("Cannot disable tickets in the TLS connection");
2273 return 0; 2272 return 0;
2274 } 2273 }
2275 if (tlsext_sessionticket_serverhello_needs(ssl)) { 2274 if (tlsext_sessionticket_server_needs(ssl)) {
2276 FAIL("serverhello should not need SessionTicket if it was disabled"); 2275 FAIL("server should not need SessionTicket if it was disabled");
2277 goto err; 2276 goto err;
2278 } 2277 }
2279 2278
@@ -2282,20 +2281,20 @@ test_tlsext_sessionticket_serverhello(void)
2282 FAIL("Cannot re-enable tickets in the TLS connection"); 2281 FAIL("Cannot re-enable tickets in the TLS connection");
2283 return 0; 2282 return 0;
2284 } 2283 }
2285 if (tlsext_sessionticket_serverhello_needs(ssl)) { 2284 if (tlsext_sessionticket_server_needs(ssl)) {
2286 FAIL("serverhello should not need SessionTicket yet"); 2285 FAIL("server should not need SessionTicket yet");
2287 goto err; 2286 goto err;
2288 } 2287 }
2289 2288
2290 /* Set expected to require it. */ 2289 /* Set expected to require it. */
2291 ssl->internal->tlsext_ticket_expected = 1; 2290 ssl->internal->tlsext_ticket_expected = 1;
2292 if (!tlsext_sessionticket_serverhello_needs(ssl)) { 2291 if (!tlsext_sessionticket_server_needs(ssl)) {
2293 FAIL("serverhello should now be required for SessionTicket"); 2292 FAIL("server should now be required for SessionTicket");
2294 goto err; 2293 goto err;
2295 } 2294 }
2296 2295
2297 /* server hello's session ticket should always be 0 length payload. */ 2296 /* server hello's session ticket should always be 0 length payload. */
2298 if (!tlsext_sessionticket_serverhello_build(ssl, &cbb)) { 2297 if (!tlsext_sessionticket_server_build(ssl, &cbb)) {
2299 FAIL("Cannot build a ticket with a max length random payload"); 2298 FAIL("Cannot build a ticket with a max length random payload");
2300 goto err; 2299 goto err;
2301 } 2300 }
@@ -2368,7 +2367,7 @@ const uint8_t tlsext_srtp_multiple_one_valid[] = {
2368}; 2367};
2369 2368
2370static int 2369static int
2371test_tlsext_srtp_clienthello(void) 2370test_tlsext_srtp_client(void)
2372{ 2371{
2373 SRTP_PROTECTION_PROFILE *prof; 2372 SRTP_PROTECTION_PROFILE *prof;
2374 SSL_CTX *ssl_ctx = NULL; 2373 SSL_CTX *ssl_ctx = NULL;
@@ -2390,8 +2389,8 @@ test_tlsext_srtp_clienthello(void)
2390 errx(1, "failed to create SSL"); 2389 errx(1, "failed to create SSL");
2391 2390
2392 /* By default, we don't need this */ 2391 /* By default, we don't need this */
2393 if (tlsext_srtp_clienthello_needs(ssl)) { 2392 if (tlsext_srtp_client_needs(ssl)) {
2394 FAIL("clienthello should not need SRTP by default\n"); 2393 FAIL("client should not need SRTP by default\n");
2395 goto err; 2394 goto err;
2396 } 2395 }
2397 2396
@@ -2399,22 +2398,22 @@ test_tlsext_srtp_clienthello(void)
2399 FAIL("should be able to set a single SRTP\n"); 2398 FAIL("should be able to set a single SRTP\n");
2400 goto err; 2399 goto err;
2401 } 2400 }
2402 if (!tlsext_srtp_clienthello_needs(ssl)) { 2401 if (!tlsext_srtp_client_needs(ssl)) {
2403 FAIL("clienthello should need SRTP\n"); 2402 FAIL("client should need SRTP\n");
2404 goto err; 2403 goto err;
2405 } 2404 }
2406 2405
2407 /* Make sure we can build the clienthello with a single profile. */ 2406 /* Make sure we can build the client with a single profile. */
2408 2407
2409 if (!tlsext_srtp_clienthello_build(ssl, &cbb)) { 2408 if (!tlsext_srtp_client_build(ssl, &cbb)) {
2410 FAIL("clienthello failed to build SRTP\n"); 2409 FAIL("client failed to build SRTP\n");
2411 goto err; 2410 goto err;
2412 } 2411 }
2413 if (!CBB_finish(&cbb, &data, &dlen)) 2412 if (!CBB_finish(&cbb, &data, &dlen))
2414 errx(1, "failed to finish CBB"); 2413 errx(1, "failed to finish CBB");
2415 2414
2416 if (dlen != sizeof(tlsext_srtp_single)) { 2415 if (dlen != sizeof(tlsext_srtp_single)) {
2417 FAIL("got clienthello SRTP with length %zu, " 2416 FAIL("got client SRTP with length %zu, "
2418 "want length %zu\n", dlen, 2417 "want length %zu\n", dlen,
2419 sizeof(tlsext_srtp_single)); 2418 sizeof(tlsext_srtp_single));
2420 compare_data(data, dlen, tlsext_srtp_single, 2419 compare_data(data, dlen, tlsext_srtp_single,
@@ -2422,7 +2421,7 @@ test_tlsext_srtp_clienthello(void)
2422 goto err; 2421 goto err;
2423 } 2422 }
2424 if (memcmp(data, tlsext_srtp_single, dlen) != 0) { 2423 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2425 FAIL("clienthello SRTP differs:\n"); 2424 FAIL("client SRTP differs:\n");
2426 compare_data(data, dlen, tlsext_srtp_single, 2425 compare_data(data, dlen, tlsext_srtp_single,
2427 sizeof(tlsext_srtp_single)); 2426 sizeof(tlsext_srtp_single));
2428 goto err; 2427 goto err;
@@ -2441,7 +2440,7 @@ test_tlsext_srtp_clienthello(void)
2441 } 2440 }
2442 2441
2443 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2442 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2444 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { 2443 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2445 FAIL("failed to parse SRTP\n"); 2444 FAIL("failed to parse SRTP\n");
2446 goto err; 2445 goto err;
2447 } 2446 }
@@ -2459,7 +2458,7 @@ test_tlsext_srtp_clienthello(void)
2459 goto err; 2458 goto err;
2460 } 2459 }
2461 2460
2462 if (!tlsext_srtp_serverhello_needs(ssl)) { 2461 if (!tlsext_srtp_server_needs(ssl)) {
2463 FAIL("should send server extension when profile selected\n"); 2462 FAIL("should send server extension when profile selected\n");
2464 goto err; 2463 goto err;
2465 } 2464 }
@@ -2470,20 +2469,20 @@ test_tlsext_srtp_clienthello(void)
2470 FAIL("should be able to set SRTP to multiple profiles\n"); 2469 FAIL("should be able to set SRTP to multiple profiles\n");
2471 goto err; 2470 goto err;
2472 } 2471 }
2473 if (!tlsext_srtp_clienthello_needs(ssl)) { 2472 if (!tlsext_srtp_client_needs(ssl)) {
2474 FAIL("clienthello should need SRTP by now\n"); 2473 FAIL("client should need SRTP by now\n");
2475 goto err; 2474 goto err;
2476 } 2475 }
2477 2476
2478 if (!tlsext_srtp_clienthello_build(ssl, &cbb)) { 2477 if (!tlsext_srtp_client_build(ssl, &cbb)) {
2479 FAIL("clienthello failed to build SRTP\n"); 2478 FAIL("client failed to build SRTP\n");
2480 goto err; 2479 goto err;
2481 } 2480 }
2482 if (!CBB_finish(&cbb, &data, &dlen)) 2481 if (!CBB_finish(&cbb, &data, &dlen))
2483 errx(1, "failed to finish CBB"); 2482 errx(1, "failed to finish CBB");
2484 2483
2485 if (dlen != sizeof(tlsext_srtp_multiple)) { 2484 if (dlen != sizeof(tlsext_srtp_multiple)) {
2486 FAIL("got clienthello SRTP with length %zu, " 2485 FAIL("got client SRTP with length %zu, "
2487 "want length %zu\n", dlen, 2486 "want length %zu\n", dlen,
2488 sizeof(tlsext_srtp_multiple)); 2487 sizeof(tlsext_srtp_multiple));
2489 compare_data(data, dlen, tlsext_srtp_multiple, 2488 compare_data(data, dlen, tlsext_srtp_multiple,
@@ -2491,7 +2490,7 @@ test_tlsext_srtp_clienthello(void)
2491 goto err; 2490 goto err;
2492 } 2491 }
2493 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) { 2492 if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) {
2494 FAIL("clienthello SRTP differs:\n"); 2493 FAIL("client SRTP differs:\n");
2495 compare_data(data, dlen, tlsext_srtp_multiple, 2494 compare_data(data, dlen, tlsext_srtp_multiple,
2496 sizeof(tlsext_srtp_multiple)); 2495 sizeof(tlsext_srtp_multiple));
2497 goto err; 2496 goto err;
@@ -2508,7 +2507,7 @@ test_tlsext_srtp_clienthello(void)
2508 2507
2509 CBS_init(&cbs, tlsext_srtp_multiple, 2508 CBS_init(&cbs, tlsext_srtp_multiple,
2510 sizeof(tlsext_srtp_multiple)); 2509 sizeof(tlsext_srtp_multiple));
2511 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { 2510 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2512 FAIL("failed to parse SRTP\n"); 2511 FAIL("failed to parse SRTP\n");
2513 goto err; 2512 goto err;
2514 } 2513 }
@@ -2526,7 +2525,7 @@ test_tlsext_srtp_clienthello(void)
2526 goto err; 2525 goto err;
2527 } 2526 }
2528 2527
2529 if (!tlsext_srtp_serverhello_needs(ssl)) { 2528 if (!tlsext_srtp_server_needs(ssl)) {
2530 FAIL("should send server extension when profile selected\n"); 2529 FAIL("should send server extension when profile selected\n");
2531 goto err; 2530 goto err;
2532 } 2531 }
@@ -2539,7 +2538,7 @@ test_tlsext_srtp_clienthello(void)
2539 2538
2540 CBS_init(&cbs, tlsext_srtp_multiple_one_valid, 2539 CBS_init(&cbs, tlsext_srtp_multiple_one_valid,
2541 sizeof(tlsext_srtp_multiple_one_valid)); 2540 sizeof(tlsext_srtp_multiple_one_valid));
2542 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { 2541 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2543 FAIL("failed to parse SRTP\n"); 2542 FAIL("failed to parse SRTP\n");
2544 goto err; 2543 goto err;
2545 } 2544 }
@@ -2557,7 +2556,7 @@ test_tlsext_srtp_clienthello(void)
2557 goto err; 2556 goto err;
2558 } 2557 }
2559 2558
2560 if (!tlsext_srtp_serverhello_needs(ssl)) { 2559 if (!tlsext_srtp_server_needs(ssl)) {
2561 FAIL("should send server extension when profile selected\n"); 2560 FAIL("should send server extension when profile selected\n");
2562 goto err; 2561 goto err;
2563 } 2562 }
@@ -2568,7 +2567,7 @@ test_tlsext_srtp_clienthello(void)
2568 2567
2569 CBS_init(&cbs, tlsext_srtp_multiple_invalid, 2568 CBS_init(&cbs, tlsext_srtp_multiple_invalid,
2570 sizeof(tlsext_srtp_multiple_invalid)); 2569 sizeof(tlsext_srtp_multiple_invalid));
2571 if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { 2570 if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) {
2572 FAIL("should be able to fall back to negotiated\n"); 2571 FAIL("should be able to fall back to negotiated\n");
2573 goto err; 2572 goto err;
2574 } 2573 }
@@ -2582,7 +2581,7 @@ test_tlsext_srtp_clienthello(void)
2582 FAIL("should not have selected a profile when none found\n"); 2581 FAIL("should not have selected a profile when none found\n");
2583 goto err; 2582 goto err;
2584 } 2583 }
2585 if (tlsext_srtp_serverhello_needs(ssl)) { 2584 if (tlsext_srtp_server_needs(ssl)) {
2586 FAIL("should not send server tlsext when no profile found\n"); 2585 FAIL("should not send server tlsext when no profile found\n");
2587 goto err; 2586 goto err;
2588 } 2587 }
@@ -2599,7 +2598,7 @@ test_tlsext_srtp_clienthello(void)
2599} 2598}
2600 2599
2601static int 2600static int
2602test_tlsext_srtp_serverhello(void) 2601test_tlsext_srtp_server(void)
2603{ 2602{
2604 SRTP_PROTECTION_PROFILE *prof; 2603 SRTP_PROTECTION_PROFILE *prof;
2605 SSL_CTX *ssl_ctx = NULL; 2604 SSL_CTX *ssl_ctx = NULL;
@@ -2621,8 +2620,8 @@ test_tlsext_srtp_serverhello(void)
2621 errx(1, "failed to create SSL"); 2620 errx(1, "failed to create SSL");
2622 2621
2623 /* By default, we don't need this */ 2622 /* By default, we don't need this */
2624 if (tlsext_srtp_serverhello_needs(ssl)) { 2623 if (tlsext_srtp_server_needs(ssl)) {
2625 FAIL("serverhello should not need SRTP by default\n"); 2624 FAIL("server should not need SRTP by default\n");
2626 goto err; 2625 goto err;
2627 } 2626 }
2628 2627
@@ -2632,22 +2631,22 @@ test_tlsext_srtp_serverhello(void)
2632 goto err; 2631 goto err;
2633 } 2632 }
2634 ssl->internal->srtp_profile = prof; 2633 ssl->internal->srtp_profile = prof;
2635 if (!tlsext_srtp_serverhello_needs(ssl)) { 2634 if (!tlsext_srtp_server_needs(ssl)) {
2636 FAIL("serverhello should need SRTP by now\n"); 2635 FAIL("server should need SRTP by now\n");
2637 goto err; 2636 goto err;
2638 } 2637 }
2639 2638
2640 /* Make sure we can build the serverhello with a single profile. */ 2639 /* Make sure we can build the server with a single profile. */
2641 2640
2642 if (!tlsext_srtp_serverhello_build(ssl, &cbb)) { 2641 if (!tlsext_srtp_server_build(ssl, &cbb)) {
2643 FAIL("serverhello failed to build SRTP\n"); 2642 FAIL("server failed to build SRTP\n");
2644 goto err; 2643 goto err;
2645 } 2644 }
2646 if (!CBB_finish(&cbb, &data, &dlen)) 2645 if (!CBB_finish(&cbb, &data, &dlen))
2647 errx(1, "failed to finish CBB"); 2646 errx(1, "failed to finish CBB");
2648 2647
2649 if (dlen != sizeof(tlsext_srtp_single)) { 2648 if (dlen != sizeof(tlsext_srtp_single)) {
2650 FAIL("got serverhello SRTP with length %zu, " 2649 FAIL("got server SRTP with length %zu, "
2651 "want length %zu\n", dlen, 2650 "want length %zu\n", dlen,
2652 sizeof(tlsext_srtp_single)); 2651 sizeof(tlsext_srtp_single));
2653 compare_data(data, dlen, tlsext_srtp_single, 2652 compare_data(data, dlen, tlsext_srtp_single,
@@ -2655,7 +2654,7 @@ test_tlsext_srtp_serverhello(void)
2655 goto err; 2654 goto err;
2656 } 2655 }
2657 if (memcmp(data, tlsext_srtp_single, dlen) != 0) { 2656 if (memcmp(data, tlsext_srtp_single, dlen) != 0) {
2658 FAIL("serverhello SRTP differs:\n"); 2657 FAIL("server SRTP differs:\n");
2659 compare_data(data, dlen, tlsext_srtp_single, 2658 compare_data(data, dlen, tlsext_srtp_single,
2660 sizeof(tlsext_srtp_single)); 2659 sizeof(tlsext_srtp_single));
2661 goto err; 2660 goto err;
@@ -2681,7 +2680,7 @@ test_tlsext_srtp_serverhello(void)
2681 } 2680 }
2682 2681
2683 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); 2682 CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single));
2684 if (!tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) { 2683 if (!tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2685 FAIL("failed to parse SRTP\n"); 2684 FAIL("failed to parse SRTP\n");
2686 goto err; 2685 goto err;
2687 } 2686 }
@@ -2704,17 +2703,17 @@ test_tlsext_srtp_serverhello(void)
2704 2703
2705 CBS_init(&cbs, tlsext_srtp_multiple, 2704 CBS_init(&cbs, tlsext_srtp_multiple,
2706 sizeof(tlsext_srtp_multiple)); 2705 sizeof(tlsext_srtp_multiple));
2707 if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) { 2706 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2708 FAIL("should not find multiple entries from the server\n"); 2707 FAIL("should not find multiple entries from the server\n");
2709 goto err; 2708 goto err;
2710 } 2709 }
2711 2710
2712 /* Make sure we cannot parse a serverhello with unknown profile */ 2711 /* Make sure we cannot parse a server with unknown profile */
2713 ssl->internal->srtp_profile = NULL; 2712 ssl->internal->srtp_profile = NULL;
2714 2713
2715 CBS_init(&cbs, tlsext_srtp_single_invalid, 2714 CBS_init(&cbs, tlsext_srtp_single_invalid,
2716 sizeof(tlsext_srtp_single_invalid)); 2715 sizeof(tlsext_srtp_single_invalid));
2717 if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) { 2716 if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) {
2718 FAIL("should not be able to parse this\n"); 2717 FAIL("should not be able to parse this\n");
2719 goto err; 2718 goto err;
2720 } 2719 }
@@ -2763,7 +2762,7 @@ test_tlsext_clienthello_build(void)
2763 if ((ssl = SSL_new(ssl_ctx)) == NULL) 2762 if ((ssl = SSL_new(ssl_ctx)) == NULL)
2764 errx(1, "failed to create SSL"); 2763 errx(1, "failed to create SSL");
2765 2764
2766 if (!tlsext_clienthello_build(ssl, &cbb)) { 2765 if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) {
2767 FAIL("failed to build clienthello extensions\n"); 2766 FAIL("failed to build clienthello extensions\n");
2768 goto err; 2767 goto err;
2769 } 2768 }
@@ -2799,7 +2798,7 @@ test_tlsext_clienthello_build(void)
2799 return 0; 2798 return 0;
2800 } 2799 }
2801 2800
2802 if (!tlsext_clienthello_build(ssl, &cbb)) { 2801 if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) {
2803 FAIL("failed to build clienthello extensions\n"); 2802 FAIL("failed to build clienthello extensions\n");
2804 goto err; 2803 goto err;
2805 } 2804 }
@@ -2865,7 +2864,7 @@ test_tlsext_serverhello_build(void)
2865 S3I(ssl)->hs.new_cipher = 2864 S3I(ssl)->hs.new_cipher =
2866 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); 2865 ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256);
2867 2866
2868 if (!tlsext_serverhello_build(ssl, &cbb)) { 2867 if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) {
2869 FAIL("failed to build serverhello extensions\n"); 2868 FAIL("failed to build serverhello extensions\n");
2870 goto err; 2869 goto err;
2871 } 2870 }
@@ -2902,7 +2901,7 @@ test_tlsext_serverhello_build(void)
2902 SSI(ssl)->tlsext_ecpointformatlist[0] = 2901 SSI(ssl)->tlsext_ecpointformatlist[0] =
2903 TLSEXT_ECPOINTFORMAT_uncompressed; 2902 TLSEXT_ECPOINTFORMAT_uncompressed;
2904 2903
2905 if (!tlsext_serverhello_build(ssl, &cbb)) { 2904 if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) {
2906 FAIL("failed to build serverhello extensions\n"); 2905 FAIL("failed to build serverhello extensions\n");
2907 goto err; 2906 goto err;
2908 } 2907 }
@@ -2943,33 +2942,33 @@ main(int argc, char **argv)
2943 SSL_library_init(); 2942 SSL_library_init();
2944 SSL_load_error_strings(); 2943 SSL_load_error_strings();
2945 2944
2946 failed |= test_tlsext_alpn_clienthello(); 2945 failed |= test_tlsext_alpn_client();
2947 failed |= test_tlsext_alpn_serverhello(); 2946 failed |= test_tlsext_alpn_server();
2948 2947
2949 failed |= test_tlsext_supportedgroups_clienthello(); 2948 failed |= test_tlsext_supportedgroups_client();
2950 failed |= test_tlsext_supportedgroups_serverhello(); 2949 failed |= test_tlsext_supportedgroups_server();
2951 2950
2952 failed |= test_tlsext_ecpf_clienthello(); 2951 failed |= test_tlsext_ecpf_client();
2953 failed |= test_tlsext_ecpf_serverhello(); 2952 failed |= test_tlsext_ecpf_server();
2954 2953
2955 failed |= test_tlsext_ri_clienthello(); 2954 failed |= test_tlsext_ri_client();
2956 failed |= test_tlsext_ri_serverhello(); 2955 failed |= test_tlsext_ri_server();
2957 2956
2958 failed |= test_tlsext_sigalgs_clienthello(); 2957 failed |= test_tlsext_sigalgs_client();
2959 failed |= test_tlsext_sigalgs_serverhello(); 2958 failed |= test_tlsext_sigalgs_server();
2960 2959
2961 failed |= test_tlsext_sni_clienthello(); 2960 failed |= test_tlsext_sni_client();
2962 failed |= test_tlsext_sni_serverhello(); 2961 failed |= test_tlsext_sni_server();
2963 2962
2964 failed |= test_tlsext_ocsp_clienthello(); 2963 failed |= test_tlsext_ocsp_client();
2965 failed |= test_tlsext_ocsp_serverhello(); 2964 failed |= test_tlsext_ocsp_server();
2966 2965
2967 failed |= test_tlsext_sessionticket_clienthello(); 2966 failed |= test_tlsext_sessionticket_client();
2968 failed |= test_tlsext_sessionticket_serverhello(); 2967 failed |= test_tlsext_sessionticket_server();
2969 2968
2970#ifndef OPENSSL_NO_SRTP 2969#ifndef OPENSSL_NO_SRTP
2971 failed |= test_tlsext_srtp_clienthello(); 2970 failed |= test_tlsext_srtp_client();
2972 failed |= test_tlsext_srtp_serverhello(); 2971 failed |= test_tlsext_srtp_server();
2973#else 2972#else
2974 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n"); 2973 fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n");
2975#endif 2974#endif
diff --git a/src/regress/lib/libssl/unit/tls_ext_alpn.c b/src/regress/lib/libssl/unit/tls_ext_alpn.c
index 7dec1bfc51..63e5f247c8 100644
--- a/src/regress/lib/libssl/unit/tls_ext_alpn.c
+++ b/src/regress/lib/libssl/unit/tls_ext_alpn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_ext_alpn.c,v 1.5 2018/02/08 11:31:00 jsing Exp $ */ 1/* $OpenBSD: tls_ext_alpn.c,v 1.6 2019/01/18 00:55:15 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org> 3 * Copyright (c) 2015 Doug Hogan <doug@openbsd.org>
4 * 4 *
@@ -321,9 +321,9 @@ static uint8_t proto_invalid_missing9[] = {
321 int al; \ 321 int al; \
322 \ 322 \
323 CBS_init(&cbs, proto, sizeof(proto)); \ 323 CBS_init(&cbs, proto, sizeof(proto)); \
324 CHECK(c_val == tlsext_clienthello_parse(s, &cbs, &al)); \ 324 CHECK(c_val == tlsext_server_parse(s, &cbs, &al, SSL_TLSEXT_MSG_CH)); \
325 CBS_init(&cbs, proto, sizeof(proto)); \ 325 CBS_init(&cbs, proto, sizeof(proto)); \
326 CHECK(s_val == tlsext_serverhello_parse(s, &cbs, &al)); \ 326 CHECK(s_val == tlsext_client_parse(s, &cbs, &al, SSL_TLSEXT_MSG_SH)); \
327 } \ 327 } \
328} while (0) 328} while (0)
329 329
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-30 04:57:47 +0000