From e3ef6fffcb5d2cdaa2164d1a67e8dd37ed1ef99c Mon Sep 17 00:00:00 2001 From: tb Date: Thu, 4 Aug 2022 09:28:31 +0000 Subject: [PATCH] Add some glue to fetch the tlsext functions from the tls_extensions[] table rather than calling the functions directly. --- regress/lib/libssl/tlsext/tlsexttest.c | 630 +++++++++++++++++-------- 1 file changed, 440 insertions(+), 190 deletions(-) diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 1a707a8404b..3e90eab3846 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.66 2022/07/17 14:57:05 jsing Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.67 2022/08/04 09:28:31 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -20,11 +20,119 @@ #include +#include + #include "ssl_locl.h" #include "bytestring.h" #include "ssl_tlsext.h" +struct tls_extension_funcs { + int (*needs)(SSL *s, uint16_t msg_type); + int (*build)(SSL *s, uint16_t msg_type, CBB *cbb); + int (*parse)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert); +}; + +const struct tls_extension *tls_extension_find(uint16_t, size_t *); +const struct tls_extension_funcs *tlsext_funcs(const struct tls_extension *, + int); + +static const struct tls_extension_funcs * +tls_extension_funcs(int type, int is_server) +{ + const struct tls_extension *ext; + size_t idx; + + if ((ext = tls_extension_find(type, &idx)) == NULL) + return NULL; + + return tlsext_funcs(ext, is_server); +} + +static const struct tls_extension_funcs * +tls_extension_client_funcs(int type) +{ + int is_server = 0; + + return tls_extension_funcs(type, is_server); +} + +static const struct tls_extension_funcs * +tls_extension_server_funcs(int type) +{ + int is_server = 1; + + return tls_extension_funcs(type, is_server); +} + +static int +tls_extension_client_needs(int type, SSL *s, uint16_t msg_type) +{ + const struct tls_extension_funcs *funcs; + + if ((funcs = tls_extension_client_funcs(type)) == NULL) + return 0; + + return funcs->needs(s, msg_type); +} + +static int +tls_extension_client_build(int type, SSL *s, uint16_t msg_type, CBB *cbb) +{ + const struct tls_extension_funcs *funcs; + + if ((funcs = tls_extension_client_funcs(type)) == NULL) + return 0; + + return funcs->build(s, msg_type, cbb); +} + +static int +tls_extension_client_parse(int type, SSL *s, uint16_t msg_type, CBS *cbs, + int *alert) +{ + const struct tls_extension_funcs *funcs; + + if ((funcs = tls_extension_client_funcs(type)) == NULL) + return 0; + + return funcs->parse(s, msg_type, cbs, alert); +} + +static int +tls_extension_server_needs(int type, SSL *s, uint16_t msg_type) +{ + const struct tls_extension_funcs *funcs; + + if ((funcs = tls_extension_server_funcs(type)) == NULL) + return 0; + + return funcs->needs(s, msg_type); +} + +static int +tls_extension_server_build(int type, SSL *s, uint16_t msg_type, CBB *cbb) +{ + const struct tls_extension_funcs *funcs; + + if ((funcs = tls_extension_server_funcs(type)) == NULL) + return 0; + + return funcs->build(s, msg_type, cbb); +} + +static int +tls_extension_server_parse(int type, SSL *s, uint16_t msg_type, CBS *cbs, + int *alert) +{ + const struct tls_extension_funcs *funcs; + + if ((funcs = tls_extension_server_funcs(type)) == NULL) + return 0; + + return funcs->parse(s, msg_type, cbs, alert); +} + static void hexdump(const unsigned char *buf, size_t len) { @@ -120,6 +228,8 @@ const uint8_t tlsext_alpn_single_proto[] = { 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31 }; +#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation + static int test_tlsext_alpn_client(void) { @@ -141,7 +251,8 @@ test_tlsext_alpn_client(void) errx(1, "failed to create SSL"); /* By default, we don't need this */ - if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need ALPN by default\n"); goto err; } @@ -158,14 +269,16 @@ test_tlsext_alpn_client(void) FAIL("should be able to set ALPN to http/1.1\n"); goto err; } - if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should need ALPN by now\n"); + if (!tls_extension_client_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH)) { + FAIL("client should need ALPN by default\n"); goto err; } /* Make sure we can build the client with a single proto. */ - if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ALPN\n"); goto err; } @@ -196,7 +309,8 @@ test_tlsext_alpn_client(void) CBS_init(&cbs, tlsext_alpn_single_proto, sizeof(tlsext_alpn_single_proto)); - if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse ALPN\n"); goto err; } @@ -232,12 +346,14 @@ test_tlsext_alpn_client(void) FAIL("should be able to set ALPN to http/1.1\n"); goto err; } - if (!tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need ALPN by now\n"); goto err; } - if (!tlsext_alpn_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ALPN\n"); goto err; } @@ -263,7 +379,8 @@ test_tlsext_alpn_client(void) CBS_init(&cbs, tlsext_alpn_multiple_protos, sizeof(tlsext_alpn_multiple_protos)); - if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse ALPN\n"); goto err; } @@ -298,7 +415,8 @@ test_tlsext_alpn_client(void) ssl->internal->alpn_client_proto_list = NULL; ssl->internal->alpn_client_proto_list_len = 0; - if (tlsext_alpn_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need ALPN by default\n"); goto err; } @@ -335,7 +453,8 @@ test_tlsext_alpn_server(void) errx(1, "failed to create SSL"); /* By default, ALPN isn't needed. */ - if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need ALPN by default\n"); goto err; } @@ -353,14 +472,16 @@ test_tlsext_alpn_server(void) sizeof(tlsext_alpn_single_proto_name)); ssl->s3->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); - if (!tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need ALPN after a protocol is selected\n"); goto err; } /* Make sure we can build a server with one protocol */ - if (!tlsext_alpn_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should be able to build a response\n"); goto err; } @@ -393,7 +514,8 @@ test_tlsext_alpn_server(void) sizeof(tlsext_alpn_single_proto)); /* Shouldn't be able to parse without requesting */ - if (tlsext_alpn_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_alpn, ssl, SSL_TLSEXT_MSG_SH, + &cbs, &alert)) { FAIL("Should only parse server if we requested it\n"); goto err; } @@ -404,7 +526,8 @@ test_tlsext_alpn_server(void) FAIL("should be able to set ALPN to http/1.1\n"); goto err; } - if (!tlsext_alpn_server_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("Should be able to parse server when we request it\n"); goto err; } @@ -447,7 +570,8 @@ test_tlsext_alpn_server(void) ssl->s3->alpn_selected = NULL; ssl->s3->alpn_selected_len = 0; - if (tlsext_alpn_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_alpn, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need ALPN by default\n"); goto err; } @@ -521,7 +645,8 @@ test_tlsext_supportedgroups_client(void) /* * Default ciphers include EC so we need it by default. */ - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves for default " "ciphers\n"); goto err; @@ -534,7 +659,8 @@ test_tlsext_supportedgroups_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need Ellipticcurves\n"); goto err; } @@ -546,7 +672,8 @@ test_tlsext_supportedgroups_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves\n"); goto err; } @@ -567,12 +694,14 @@ test_tlsext_supportedgroups_client(void) goto err; ssl->session->tlsext_supportedgroups_length = 1; - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves\n"); goto err; } - if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build Ellipticcurves\n"); goto err; } @@ -610,7 +739,8 @@ test_tlsext_supportedgroups_client(void) CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, sizeof(tlsext_supportedgroups_client_secp384r1)); - if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client Ellipticcurves\n"); goto err; } @@ -660,12 +790,14 @@ test_tlsext_supportedgroups_client(void) goto err; ssl->internal->tlsext_supportedgroups_length = 2; - if (!tlsext_supportedgroups_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need Ellipticcurves\n"); goto err; } - if (!tlsext_supportedgroups_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build Ellipticcurves\n"); goto err; } @@ -714,7 +846,8 @@ test_tlsext_supportedgroups_client(void) CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, sizeof(tlsext_supportedgroups_client_nistp192and224)); - if (!tlsext_supportedgroups_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client Ellipticcurves\n"); goto err; } @@ -767,7 +900,8 @@ test_tlsext_supportedgroups_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need elliptic_curves\n"); goto err; } @@ -775,7 +909,8 @@ test_tlsext_supportedgroups_server(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (tlsext_supportedgroups_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_supported_groups, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need elliptic_curves\n"); goto err; } @@ -845,7 +980,8 @@ test_tlsext_ecpf_client(void) /* * Default ciphers include EC so we need it by default. */ - if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need ECPointFormats for default " "ciphers\n"); goto err; @@ -858,7 +994,8 @@ test_tlsext_ecpf_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need ECPointFormats\n"); goto err; } @@ -870,7 +1007,8 @@ test_tlsext_ecpf_client(void) FAIL("client should be able to set cipher list\n"); goto err; } - if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need ECPointFormats\n"); goto err; } @@ -881,7 +1019,8 @@ test_tlsext_ecpf_client(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ECPointFormats\n"); goto err; } @@ -919,7 +1058,8 @@ test_tlsext_ecpf_client(void) CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, sizeof(tlsext_ecpf_hello_uncompressed)); - if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client ECPointFormats\n"); goto err; } @@ -963,13 +1103,15 @@ test_tlsext_ecpf_client(void) ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; ssl->internal->tlsext_ecpointformatlist_length = 3; - if (!tlsext_ecpf_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need ECPointFormats with a custom " "format\n"); goto err; } - if (!tlsext_ecpf_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build ECPointFormats\n"); goto err; } @@ -1012,7 +1154,8 @@ test_tlsext_ecpf_client(void) CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); - if (!tlsext_ecpf_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client ECPointFormats\n"); goto err; } @@ -1085,7 +1228,7 @@ test_tlsext_ecpf_server(void) ssl->session->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; ssl->session->tlsext_ecpointformatlist_length = 1; - if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_ec_point_formats, ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ECPointFormats now\n"); goto err; } @@ -1094,7 +1237,8 @@ test_tlsext_ecpf_server(void) * The server will ignore the session list and use either a custom * list or the default (uncompressed). */ - if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build ECPointFormats\n"); goto err; } @@ -1132,7 +1276,8 @@ test_tlsext_ecpf_server(void) CBS_init(&cbs, tlsext_ecpf_hello_prime, sizeof(tlsext_ecpf_hello_prime)); - if (tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("must include uncompressed in server ECPointFormats\n"); goto err; } @@ -1172,12 +1317,13 @@ test_tlsext_ecpf_server(void) ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; ssl->internal->tlsext_ecpointformatlist_length = 3; - if (!tlsext_ecpf_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_ec_point_formats, ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should need ECPointFormats\n"); goto err; } - if (!tlsext_ecpf_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build ECPointFormats\n"); goto err; } @@ -1220,7 +1366,8 @@ test_tlsext_ecpf_server(void) CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); - if (!tlsext_ecpf_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_ec_point_formats, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server ECPointFormats\n"); goto err; } @@ -1303,7 +1450,8 @@ test_tlsext_ri_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need RI\n"); goto err; } @@ -1313,7 +1461,8 @@ test_tlsext_ri_client(void) goto err; } - if (!tlsext_ri_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need RI\n"); goto err; } @@ -1324,7 +1473,8 @@ test_tlsext_ri_client(void) ssl->s3->renegotiate_seen = 0; - if (!tlsext_ri_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build RI\n"); goto err; } @@ -1348,7 +1498,8 @@ test_tlsext_ri_client(void) } CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); - if (!tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client RI\n"); goto err; } @@ -1372,7 +1523,8 @@ test_tlsext_ri_client(void) ssl->s3->renegotiate_seen = 0; CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); - if (tlsext_ri_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (tls_extension_server_parse(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("parsed invalid client RI\n"); failure = 1; goto err; @@ -1416,14 +1568,16 @@ test_tlsext_ri_server(void) errx(1, "failed to create SSL"); ssl->version = TLS1_2_VERSION; - if (tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need RI\n"); goto err; } ssl->s3->send_connection_binding = 1; - if (!tlsext_ri_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need RI\n"); goto err; } @@ -1438,7 +1592,8 @@ test_tlsext_ri_server(void) ssl->s3->renegotiate_seen = 0; - if (!tlsext_ri_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build RI\n"); goto err; } @@ -1462,7 +1617,8 @@ test_tlsext_ri_server(void) } CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); - if (!tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server RI\n"); goto err; } @@ -1488,7 +1644,8 @@ test_tlsext_ri_server(void) ssl->s3->renegotiate_seen = 0; CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); - if (tlsext_ri_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_renegotiate, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("parsed invalid server RI\n"); goto err; } @@ -1540,7 +1697,8 @@ test_tlsext_sigalgs_client(void) ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; - if (tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_signature_algorithms, ssl, + SSL_TLSEXT_MSG_CH)) { fprintf(stderr, "FAIL: client should not need sigalgs\n"); failure = 1; goto done; @@ -1548,14 +1706,16 @@ test_tlsext_sigalgs_client(void) ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (!tlsext_sigalgs_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - fprintf(stderr, "FAIL: client should need sigalgs\n"); + if (!tls_extension_client_needs(TLSEXT_TYPE_signature_algorithms, ssl, + SSL_TLSEXT_MSG_CH)) { + fprintf(stderr, "FAIL: client should need sigalgsn"); failure = 1; goto done; } - if (!tlsext_sigalgs_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { - fprintf(stderr, "FAIL: client failed to build sigalgs\n"); + if (!tls_extension_client_build(TLSEXT_TYPE_signature_algorithms, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { + fprintf(stderr, "FAIL: client failed to build sigalgsn"); failure = 1; goto done; } @@ -1564,7 +1724,7 @@ test_tlsext_sigalgs_client(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_sigalgs_client)) { - fprintf(stderr, "FAIL: got client sigalgs with length %zu, " + fprintf(stderr, "FAIL: got client sigalgs length %zu, " "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); failure = 1; goto done; @@ -1581,7 +1741,8 @@ test_tlsext_sigalgs_client(void) } CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); - if (!tlsext_sigalgs_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_signature_algorithms, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { fprintf(stderr, "FAIL: failed to parse client SNI\n"); failure = 1; goto done; @@ -1620,13 +1781,13 @@ test_tlsext_sigalgs_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_sigalgs_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(sigalgs, ssl, SSL_TLSEXT_MSG_SH)) { fprintf(stderr, "FAIL: server should not need sigalgs\n"); failure = 1; goto done; } - if (tlsext_sigalgs_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (tls_extension_server_build(sigalgs, ssl, SSL_TLSEXT_MSG_SH, &cbb)) { fprintf(stderr, "FAIL: server should not build sigalgs\n"); failure = 1; goto done; @@ -1636,7 +1797,8 @@ test_tlsext_sigalgs_server(void) errx(1, "failed to finish CBB"); CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); - if (tlsext_sigalgs_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(sigalgs, ssl, SSL_TLSEXT_MSG_SH, &cbs, + &alert)) { fprintf(stderr, "FAIL: server should not parse sigalgs\n"); failure = 1; goto done; @@ -1689,7 +1851,8 @@ test_tlsext_sni_client(void) CBB_init(&cbb, 0); - if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SNI\n"); goto err; } @@ -1699,12 +1862,14 @@ test_tlsext_sni_client(void) goto err; } - if (!tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need SNI\n"); goto err; } - if (!tlsext_sni_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SNI\n"); goto err; } @@ -1738,7 +1903,8 @@ test_tlsext_sni_client(void) goto err; } - if (tlsext_sni_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SNI\n"); goto err; } @@ -1751,7 +1917,8 @@ test_tlsext_sni_client(void) ssl->internal->hit = 0; CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); - if (!tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client SNI\n"); goto err; } @@ -1783,7 +1950,8 @@ test_tlsext_sni_client(void) } CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); - if (tlsext_sni_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (tls_extension_server_parse(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("parsed client with mismatched SNI\n"); goto err; } @@ -1823,7 +1991,8 @@ test_tlsext_sni_server(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SNI\n"); goto err; } @@ -1837,12 +2006,14 @@ test_tlsext_sni_server(void) NULL) errx(1, "failed to strdup tlsext_hostname"); - if (!tlsext_sni_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need SNI\n"); goto err; } - if (!tlsext_sni_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build SNI\n"); goto err; } @@ -1869,7 +2040,8 @@ test_tlsext_sni_server(void) ssl->session->tlsext_hostname = NULL; CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server)); - if (!tlsext_sni_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_server_name, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server SNI\n"); goto err; } @@ -1937,8 +2109,8 @@ test_tlsext_quic_transport_parameters_client(void) CBB_init(&cbb, 0); - if (tlsext_quic_transport_parameters_client_needs(ssl, - SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need QUIC\n"); goto err; } @@ -1949,8 +2121,8 @@ test_tlsext_quic_transport_parameters_client(void) goto err; } - if (tlsext_quic_transport_parameters_client_needs(ssl, - SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need QUIC\n"); goto err; } @@ -1958,22 +2130,22 @@ test_tlsext_quic_transport_parameters_client(void) ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; - if (tlsext_quic_transport_parameters_client_needs(ssl, - SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should not need QUIC\n"); goto err; } ssl->quic_method = ssl->method; /* XXX */ - if (!tlsext_quic_transport_parameters_client_needs(ssl, - SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_CH)) { FAIL("client should need QUIC\n"); goto err; } - if (!tlsext_quic_transport_parameters_client_build(ssl, - SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build QUIC\n"); goto err; } @@ -2003,8 +2175,8 @@ test_tlsext_quic_transport_parameters_client(void) CBS_init(&cbs, tlsext_quic_transport_data, sizeof(tlsext_quic_transport_data)); - if (!tlsext_quic_transport_parameters_server_parse(ssl, - SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("server_parse of QUIC from server failed\n"); goto err; } @@ -2067,8 +2239,8 @@ test_tlsext_quic_transport_parameters_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_quic_transport_parameters_server_needs(ssl, - SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_SH)) { FAIL("server should not need QUIC\n"); goto err; } @@ -2079,22 +2251,22 @@ test_tlsext_quic_transport_parameters_server(void) goto err; } - if (tlsext_quic_transport_parameters_server_needs(ssl, - SSL_TLSEXT_MSG_EE)) { + if (tls_extension_server_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_EE)) { FAIL("server should not need QUIC\n"); goto err; } ssl->quic_method = ssl->method; /* XXX */ - if (!tlsext_quic_transport_parameters_server_needs(ssl, - SSL_TLSEXT_MSG_EE)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_EE)) { FAIL("server should need QUIC\n"); goto err; } - if (!tlsext_quic_transport_parameters_server_build(ssl, - SSL_TLSEXT_MSG_EE, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_EE, &cbb)) { FAIL("server failed to build QUIC\n"); goto err; } @@ -2123,16 +2295,16 @@ test_tlsext_quic_transport_parameters_server(void) ssl->quic_method = NULL; - if (tlsext_quic_transport_parameters_client_parse(ssl, - SSL_TLSEXT_MSG_EE, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_EE, &cbs, &alert)) { FAIL("QUIC parse should have failed!\n"); goto err; } ssl->quic_method = ssl->method; /* XXX */ - if (!tlsext_quic_transport_parameters_client_parse(ssl, - SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_quic_transport_parameters, + ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("client_parse of QUIC from server failed\n"); goto err; } @@ -2150,8 +2322,7 @@ test_tlsext_quic_transport_parameters_server(void) goto err; } - if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, - out_bytes_len) != 0) { + if (memcmp(out_bytes, TEST_QUIC_TRANSPORT_DATA, out_bytes_len) != 0) { FAIL("client QUIC differs from sent:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); @@ -2197,17 +2368,20 @@ test_tlsext_ocsp_client(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should not need ocsp\n"); + if (tls_extension_client_needs(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_CH)) { + FAIL("client should not need TLSEXT_TYPE_status_request\n"); goto err; } SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); - if (!tlsext_ocsp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { - FAIL("client should need ocsp\n"); + if (!tls_extension_client_needs(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_CH)) { + FAIL("client should need TLSEXT_TYPE_status_request\n"); goto err; } - if (!tlsext_ocsp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SNI\n"); goto err; } @@ -2215,13 +2389,13 @@ test_tlsext_ocsp_client(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tls_ocsp_client_default)) { - FAIL("got ocsp client with length %zu, " + FAIL("got TLSEXT_TYPE_status_request client with length %zu, " "want length %zu\n", dlen, sizeof(tls_ocsp_client_default)); goto err; } if (memcmp(data, tls_ocsp_client_default, dlen) != 0) { - FAIL("ocsp client differs:\n"); + FAIL("TLSEXT_TYPE_status_request client differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); @@ -2231,8 +2405,9 @@ test_tlsext_ocsp_client(void) } CBS_init(&cbs, tls_ocsp_client_default, sizeof(tls_ocsp_client_default)); - if (!tlsext_ocsp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { - FAIL("failed to parse ocsp client\n"); + if (!tls_extension_server_parse(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + FAIL("failed to parse TLSEXT_TYPE_status_request client\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -2270,19 +2445,22 @@ test_tlsext_ocsp_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { - FAIL("server should not need ocsp\n"); + if (tls_extension_server_needs(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_SH)) { + FAIL("server should not need TLSEXT_TYPE_status_request\n"); goto err; } ssl->internal->tlsext_status_expected = 1; - if (!tlsext_ocsp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { - FAIL("server should need ocsp\n"); + if (!tls_extension_server_needs(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_SH)) { + FAIL("server should need TLSEXT_TYPE_status_request\n"); goto err; } - if (!tlsext_ocsp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { - FAIL("server failed to build ocsp\n"); + if (!tls_extension_server_build(TLSEXT_TYPE_status_request, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { + FAIL("server failed to build TLSEXT_TYPE_status_request\n"); goto err; } @@ -2337,7 +2515,8 @@ test_tlsext_sessionticket_client(void) errx(1, "failed to create SSL"); /* Should need a ticket by default. */ - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need Sessionticket for default " "ciphers\n"); goto err; @@ -2348,7 +2527,8 @@ test_tlsext_sessionticket_client(void) FAIL("Cannot disable tickets in the TLS connection\n"); goto err; } - if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SessionTicket if it was disabled\n"); goto err; } @@ -2358,13 +2538,15 @@ test_tlsext_sessionticket_client(void) FAIL("Cannot re-enable tickets in the TLS connection\n"); goto err; } - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need SessionTicket if it was disabled\n"); goto err; } /* Since we don't have a session, we should build an empty ticket. */ - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket\n"); goto err; } @@ -2385,11 +2567,13 @@ test_tlsext_sessionticket_client(void) /* With a new session (but no ticket), we should still have 0 length */ if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("Should still want a session ticket with a new session\n"); goto err; } - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket\n"); goto err; } @@ -2419,11 +2603,13 @@ test_tlsext_sessionticket_client(void) memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); ssl->session->tlsext_ticklen = sizeof(dummy); - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("Should still want a session ticket with a new session\n"); goto err; } - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket\n"); goto err; } @@ -2459,7 +2645,8 @@ test_tlsext_sessionticket_client(void) goto err; } /* Should not need a ticket in this case */ - if (tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("Should not want to use session tickets with a NULL custom\n"); goto err; } @@ -2471,7 +2658,8 @@ test_tlsext_sessionticket_client(void) free(ssl->internal->tlsext_session_ticket); ssl->internal->tlsext_session_ticket = NULL; - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("Should need a session ticket again when the custom one is removed\n"); goto err; } @@ -2482,11 +2670,13 @@ test_tlsext_sessionticket_client(void) FAIL("Should be able to set a custom ticket\n"); goto err; } - if (!tlsext_sessionticket_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("Should need a session ticket again when the custom one is not empty\n"); goto err; } - if (!tlsext_sessionticket_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("Cannot build a ticket with a max length random payload\n"); goto err; } @@ -2543,7 +2733,8 @@ test_tlsext_sessionticket_server(void) * By default, should not need a session ticket since the ticket * is not yet expected. */ - if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket by default\n"); goto err; } @@ -2553,7 +2744,8 @@ test_tlsext_sessionticket_server(void) FAIL("Cannot disable tickets in the TLS connection\n"); goto err; } - if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket if it was disabled\n"); goto err; } @@ -2563,20 +2755,23 @@ test_tlsext_sessionticket_server(void) FAIL("Cannot re-enable tickets in the TLS connection\n"); goto err; } - if (tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SessionTicket yet\n"); goto err; } /* Set expected to require it. */ ssl->internal->tlsext_ticket_expected = 1; - if (!tlsext_sessionticket_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should now be required for SessionTicket\n"); goto err; } /* server hello's session ticket should always be 0 length payload. */ - if (!tlsext_sessionticket_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_session_ticket, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("Cannot build a ticket with a max length random payload\n"); goto err; } @@ -2673,7 +2868,8 @@ test_tlsext_srtp_client(void) errx(1, "failed to create SSL"); /* By default, we don't need this */ - if (tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need SRTP by default\n"); goto err; } @@ -2682,14 +2878,16 @@ test_tlsext_srtp_client(void) FAIL("should be able to set a single SRTP\n"); goto err; } - if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need SRTP\n"); goto err; } /* Make sure we can build the client with a single profile. */ - if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SRTP\n"); goto err; } @@ -2724,7 +2922,8 @@ test_tlsext_srtp_client(void) } CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2742,7 +2941,8 @@ test_tlsext_srtp_client(void) goto err; } - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2753,12 +2953,14 @@ test_tlsext_srtp_client(void) FAIL("should be able to set SRTP to multiple profiles\n"); goto err; } - if (!tlsext_srtp_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need SRTP by now\n"); goto err; } - if (!tlsext_srtp_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build SRTP\n"); goto err; } @@ -2791,7 +2993,8 @@ test_tlsext_srtp_client(void) CBS_init(&cbs, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2809,7 +3012,8 @@ test_tlsext_srtp_client(void) goto err; } - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2822,7 +3026,8 @@ test_tlsext_srtp_client(void) CBS_init(&cbs, tlsext_srtp_multiple_one_valid, sizeof(tlsext_srtp_multiple_one_valid)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2840,7 +3045,8 @@ test_tlsext_srtp_client(void) goto err; } - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2851,7 +3057,8 @@ test_tlsext_srtp_client(void) CBS_init(&cbs, tlsext_srtp_multiple_invalid, sizeof(tlsext_srtp_multiple_invalid)); - if (!tlsext_srtp_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("should be able to fall back to negotiated\n"); goto err; } @@ -2865,7 +3072,8 @@ test_tlsext_srtp_client(void) FAIL("should not have selected a profile when none found\n"); goto err; } - if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("should not send server tlsext when no profile found\n"); goto err; } @@ -2904,7 +3112,8 @@ test_tlsext_srtp_server(void) errx(1, "failed to create SSL"); /* By default, we don't need this */ - if (tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need SRTP by default\n"); goto err; } @@ -2915,14 +3124,16 @@ test_tlsext_srtp_server(void) goto err; } ssl->internal->srtp_profile = prof; - if (!tlsext_srtp_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need SRTP by now\n"); goto err; } /* Make sure we can build the server with a single profile. */ - if (!tlsext_srtp_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server failed to build SRTP\n"); goto err; } @@ -2964,7 +3175,8 @@ test_tlsext_srtp_server(void) } CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); - if (!tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2987,7 +3199,8 @@ test_tlsext_srtp_server(void) CBS_init(&cbs, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); - if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("should not find multiple entries from the server\n"); goto err; } @@ -2997,7 +3210,8 @@ test_tlsext_srtp_server(void) CBS_init(&cbs, tlsext_srtp_single_invalid, sizeof(tlsext_srtp_single_invalid)); - if (tlsext_srtp_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_use_srtp, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("should not be able to parse this\n"); goto err; } @@ -3280,7 +3494,8 @@ test_tlsext_versions_client(void) ssl->s3->hs.our_max_tls_version = TLS1_1_VERSION; - if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need versions\n"); failure = 1; goto done; @@ -3288,7 +3503,8 @@ test_tlsext_versions_client(void) ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need versions\n"); failure = 1; goto done; @@ -3296,7 +3512,8 @@ test_tlsext_versions_client(void) ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_versions_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need versions\n"); failure = 1; goto done; @@ -3305,7 +3522,8 @@ test_tlsext_versions_client(void) ssl->s3->hs.our_min_tls_version = TLS1_VERSION; ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_versions_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built versions\n"); failure = 1; goto done; @@ -3325,7 +3543,8 @@ test_tlsext_versions_client(void) } CBS_init(&cbs, data, dlen); - if (!tlsext_versions_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client versions\n"); failure = 1; goto done; @@ -3365,7 +3584,8 @@ test_tlsext_versions_server(void) ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; - if (tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need versions\n"); failure = 1; goto done; @@ -3373,13 +3593,15 @@ test_tlsext_versions_server(void) ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; - if (!tlsext_versions_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need versions\n"); failure = 1; goto done; } - if (!tlsext_versions_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should have built versions\n"); failure = 1; goto done; @@ -3399,7 +3621,8 @@ test_tlsext_versions_server(void) } CBS_init(&cbs, data, dlen); - if (!tlsext_versions_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_supported_versions, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse client versions\n"); failure = 1; goto done; @@ -3460,21 +3683,24 @@ test_tlsext_keyshare_client(void) errx(1, "failed to generate key share"); ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need keyshare\n"); failure = 1; goto done; } ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_keyshare_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need keyshare\n"); failure = 1; goto done; } ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_keyshare_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built keyshare\n"); failure = 1; goto done; @@ -3496,7 +3722,8 @@ test_tlsext_keyshare_client(void) (ssl)->version = TLS1_3_VERSION; CBS_init(&cbs, data, dlen); - if (!tlsext_keyshare_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client keyshare\n"); failure = 1; goto done; @@ -3545,13 +3772,15 @@ test_tlsext_keyshare_server(void) CBB_init(&cbb, 0); ssl->s3->hs.negotiated_tls_version = TLS1_2_VERSION; - if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need keyshare\n"); goto done; } ssl->s3->hs.negotiated_tls_version = TLS1_3_VERSION; - if (tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("client should not need keyshare\n"); goto done; } @@ -3562,12 +3791,14 @@ test_tlsext_keyshare_server(void) } ssl->s3->hs.extensions_seen |= (1 << idx); - if (!tlsext_keyshare_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should need keyshare\n"); goto done; } - if (tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (tls_extension_server_build(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should not have built a keyshare response\n"); goto done; } @@ -3591,7 +3822,8 @@ test_tlsext_keyshare_server(void) goto done; } - if (!tlsext_keyshare_server_build(ssl, SSL_TLSEXT_MSG_SH, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_SH, &cbb)) { FAIL("server should be able to build a keyshare response\n"); goto done; } @@ -3621,7 +3853,8 @@ test_tlsext_keyshare_server(void) CBS_init(&cbs, data, dlen); - if (!tlsext_keyshare_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_key_share, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server keyshare\n"); goto done; } @@ -3670,7 +3903,8 @@ test_tlsext_cookie_client(void) errx(1, "failed to create SSL"); ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need cookie\n"); failure = 1; goto done; @@ -3678,7 +3912,8 @@ test_tlsext_cookie_client(void) ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need cookie\n"); failure = 1; goto done; @@ -3688,13 +3923,15 @@ test_tlsext_cookie_client(void) ssl->s3->hs.tls13.cookie = strdup(cookie); ssl->s3->hs.tls13.cookie_len = strlen(cookie); - if (!tlsext_cookie_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need cookie\n"); failure = 1; goto done; } - if (!tlsext_cookie_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client should have built a cookie response\n"); failure = 1; goto done; @@ -3717,7 +3954,8 @@ test_tlsext_cookie_client(void) CBS_init(&cbs, data, dlen); /* Checks cookie against what's in the hs.tls13 */ - if (!tlsext_cookie_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse client cookie\n"); failure = 1; goto done; @@ -3758,14 +3996,16 @@ test_tlsext_cookie_server(void) errx(1, "failed to create SSL"); ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need cookie\n"); failure = 1; goto done; } ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need cookie\n"); failure = 1; goto done; @@ -3775,13 +4015,15 @@ test_tlsext_cookie_server(void) ssl->s3->hs.tls13.cookie = strdup(cookie); ssl->s3->hs.tls13.cookie_len = strlen(cookie); - if (!tlsext_cookie_server_needs(ssl, SSL_TLSEXT_MSG_HRR)) { + if (!tls_extension_server_needs(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_HRR)) { FAIL("server should need cookie\n"); failure = 1; goto done; } - if (!tlsext_cookie_server_build(ssl, SSL_TLSEXT_MSG_HRR, &cbb)) { + if (!tls_extension_server_build(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_HRR, &cbb)) { FAIL("server should have built a cookie response\n"); failure = 1; goto done; @@ -3803,7 +4045,8 @@ test_tlsext_cookie_server(void) CBS_init(&cbs, data, dlen); - if (tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (tls_extension_client_parse(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("client should not have parsed server cookie\n"); failure = 1; goto done; @@ -3813,7 +4056,8 @@ test_tlsext_cookie_server(void) ssl->s3->hs.tls13.cookie = NULL; ssl->s3->hs.tls13.cookie_len = 0; - if (!tlsext_cookie_client_parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) { + if (!tls_extension_client_parse(TLSEXT_TYPE_cookie, ssl, + SSL_TLSEXT_MSG_SH, &cbs, &alert)) { FAIL("failed to parse server cookie\n"); failure = 1; goto done; @@ -3875,7 +4119,8 @@ test_tlsext_psk_modes_client(void) errx(1, "failed to create SSL"); /* Disabled by default. */ - if (tlsext_psk_kex_modes_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need psk kex modes by default\n"); goto err; } @@ -3888,7 +4133,8 @@ test_tlsext_psk_modes_client(void) ssl->s3->hs.tls13.use_psk_dhe_ke = 1; ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION; - if (tlsext_psk_kex_modes_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need psk kex modes with TLSv1.2\n"); goto err; } @@ -3896,7 +4142,8 @@ test_tlsext_psk_modes_client(void) ssl->s3->hs.tls13.use_psk_dhe_ke = 0; ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (tlsext_psk_kex_modes_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (tls_extension_client_needs(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should not need psk kex modes without " "use_psk_dhe_ke\n"); goto err; @@ -3905,14 +4152,16 @@ test_tlsext_psk_modes_client(void) ssl->s3->hs.tls13.use_psk_dhe_ke = 1; ssl->s3->hs.our_max_tls_version = TLS1_3_VERSION; - if (!tlsext_psk_kex_modes_client_needs(ssl, SSL_TLSEXT_MSG_CH)) { + if (!tls_extension_client_needs(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH)) { FAIL("client should need psk kex modes with TLSv1.3\n"); goto err; } /* Make sure we can build psk modes with DHE key establishment. */ - if (!tlsext_psk_kex_modes_client_build(ssl, SSL_TLSEXT_MSG_CH, &cbb)) { + if (!tls_extension_client_build(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH, &cbb)) { FAIL("client failed to build psk kex modes\n"); goto err; } @@ -3948,8 +4197,8 @@ test_tlsext_psk_modes_client(void) CBS_init(&cbs, tlsext_default_psk_modes, sizeof(tlsext_default_psk_modes)); - if (!tlsext_psk_kex_modes_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, - &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse psk kex modes\n"); goto err; } @@ -3971,8 +4220,8 @@ test_tlsext_psk_modes_client(void) ssl->s3->hs.tls13.use_psk_dhe_ke = 0; CBS_init(&cbs, tlsext_psk_only_mode, sizeof(tlsext_psk_only_mode)); - if (!tlsext_psk_kex_modes_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, - &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse psk kex modes\n"); goto err; } @@ -3994,8 +4243,8 @@ test_tlsext_psk_modes_client(void) ssl->s3->hs.tls13.use_psk_dhe_ke = 0; CBS_init(&cbs, tlsext_psk_both_modes, sizeof(tlsext_psk_both_modes)); - if (!tlsext_psk_kex_modes_server_parse(ssl, SSL_TLSEXT_MSG_CH, &cbs, - &alert)) { + if (!tls_extension_server_parse(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_CH, &cbs, &alert)) { FAIL("failed to parse psk kex modes\n"); goto err; } @@ -4033,7 +4282,8 @@ test_tlsext_psk_modes_server(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_psk_kex_modes_server_needs(ssl, SSL_TLSEXT_MSG_SH)) { + if (tls_extension_server_needs(TLSEXT_TYPE_psk_kex_modes, ssl, + SSL_TLSEXT_MSG_SH)) { FAIL("server should not need psk kex modes\n"); goto err; } -- 2.20.1