diff options
author | Joel Sing <jsing@cvs.openbsd.org> | 2019-01-18 00:55:16 +0000 |
---|---|---|
committer | Joel Sing <jsing@cvs.openbsd.org> | 2019-01-18 00:55:16 +0000 |
commit | 7963999d9480b795bdba04b48ee4c049812d3251 (patch) | |
tree | bcef71ddeca5ba6f553eb02fb009182eeec0e6c8 | |
parent | 77008d3173ade3f5e8a941a1422432ae13bd08ee (diff) |
Update regress following TLS extension renaming.
-rw-r--r-- | regress/lib/libssl/tlsext/tlsexttest.c | 751 | ||||
-rw-r--r-- | regress/lib/libssl/unit/tls_ext_alpn.c | 6 |
2 files changed, 378 insertions, 379 deletions
diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index 4953c7bf245..04403118afc 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.20 2018/11/10 08:10:31 beck Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.21 2019/01/18 00:55:15 jsing Exp $ */ /* * Copyright (c) 2017 Joel Sing <jsing@openbsd.org> * Copyright (c) 2017 Doug Hogan <doug@openbsd.org> @@ -119,7 +119,7 @@ const uint8_t tlsext_alpn_single_proto[] = { }; static int -test_tlsext_alpn_clienthello(void) +test_tlsext_alpn_client(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -139,8 +139,8 @@ test_tlsext_alpn_clienthello(void) errx(1, "failed to create SSL"); /* By default, we don't need this */ - if (tlsext_alpn_clienthello_needs(ssl)) { - FAIL("clienthello should not need ALPN by default"); + if (tlsext_alpn_client_needs(ssl)) { + FAIL("client should not need ALPN by default"); goto err; } @@ -156,22 +156,22 @@ test_tlsext_alpn_clienthello(void) FAIL("should be able to set ALPN to http/1.1"); goto err; } - if (!tlsext_alpn_clienthello_needs(ssl)) { - FAIL("clienthello should need ALPN by now"); + if (!tlsext_alpn_client_needs(ssl)) { + FAIL("client should need ALPN by now"); goto err; } - /* Make sure we can build the clienthello with a single proto. */ + /* Make sure we can build the client with a single proto. */ - if (!tlsext_alpn_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build ALPN\n"); + if (!tlsext_alpn_client_build(ssl, &cbb)) { + FAIL("client failed to build ALPN\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_alpn_single_proto)) { - FAIL("got clienthello ALPN with length %zu, " + FAIL("got client ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_single_proto)); compare_data(data, dlen, tlsext_alpn_single_proto, @@ -179,7 +179,7 @@ test_tlsext_alpn_clienthello(void) goto err; } if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { - FAIL("clienthello ALPN differs:\n"); + FAIL("client ALPN differs:\n"); compare_data(data, dlen, tlsext_alpn_single_proto, sizeof(tlsext_alpn_single_proto)); goto err; @@ -194,7 +194,7 @@ test_tlsext_alpn_clienthello(void) CBS_init(&cbs, tlsext_alpn_single_proto, sizeof(tlsext_alpn_single_proto)); - if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) { + if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) { FAIL("failed to parse ALPN"); goto err; } @@ -205,7 +205,7 @@ test_tlsext_alpn_clienthello(void) if (ssl->internal->alpn_client_proto_list_len != sizeof(tlsext_alpn_single_proto_val)) { - FAIL("got clienthello ALPN with length %zu, " + FAIL("got client ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_single_proto_val)); compare_data(ssl->internal->alpn_client_proto_list, @@ -217,7 +217,7 @@ test_tlsext_alpn_clienthello(void) if (memcmp(ssl->internal->alpn_client_proto_list, tlsext_alpn_single_proto_val, sizeof(tlsext_alpn_single_proto_val)) != 0) { - FAIL("clienthello ALPN differs:\n"); + FAIL("client ALPN differs:\n"); compare_data(data, dlen, tlsext_alpn_single_proto_val, sizeof(tlsext_alpn_single_proto_val)); goto err; @@ -230,20 +230,20 @@ test_tlsext_alpn_clienthello(void) FAIL("should be able to set ALPN to http/1.1"); goto err; } - if (!tlsext_alpn_clienthello_needs(ssl)) { - FAIL("clienthello should need ALPN by now"); + if (!tlsext_alpn_client_needs(ssl)) { + FAIL("client should need ALPN by now"); goto err; } - if (!tlsext_alpn_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build ALPN\n"); + if (!tlsext_alpn_client_build(ssl, &cbb)) { + FAIL("client failed to build ALPN\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_alpn_multiple_protos)) { - FAIL("got clienthello ALPN with length %zu, " + FAIL("got client ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_multiple_protos)); compare_data(data, dlen, tlsext_alpn_multiple_protos, @@ -251,7 +251,7 @@ test_tlsext_alpn_clienthello(void) goto err; } if (memcmp(data, tlsext_alpn_multiple_protos, dlen) != 0) { - FAIL("clienthello ALPN differs:\n"); + FAIL("client ALPN differs:\n"); compare_data(data, dlen, tlsext_alpn_multiple_protos, sizeof(tlsext_alpn_multiple_protos)); goto err; @@ -261,7 +261,7 @@ test_tlsext_alpn_clienthello(void) CBS_init(&cbs, tlsext_alpn_multiple_protos, sizeof(tlsext_alpn_multiple_protos)); - if (!tlsext_alpn_clienthello_parse(ssl, &cbs, &alert)) { + if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) { FAIL("failed to parse ALPN"); goto err; } @@ -272,7 +272,7 @@ test_tlsext_alpn_clienthello(void) if (ssl->internal->alpn_client_proto_list_len != sizeof(tlsext_alpn_multiple_protos_val)) { - FAIL("got clienthello ALPN with length %zu, " + FAIL("got client ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_multiple_protos_val)); compare_data(ssl->internal->alpn_client_proto_list, @@ -284,7 +284,7 @@ test_tlsext_alpn_clienthello(void) if (memcmp(ssl->internal->alpn_client_proto_list, tlsext_alpn_multiple_protos_val, sizeof(tlsext_alpn_multiple_protos_val)) != 0) { - FAIL("clienthello ALPN differs:\n"); + FAIL("client ALPN differs:\n"); compare_data(data, dlen, tlsext_alpn_multiple_protos_val, sizeof(tlsext_alpn_multiple_protos_val)); goto err; @@ -296,8 +296,8 @@ test_tlsext_alpn_clienthello(void) ssl->internal->alpn_client_proto_list = NULL; ssl->internal->alpn_client_proto_list_len = 0; - if (tlsext_alpn_clienthello_needs(ssl)) { - FAIL("clienthello should need ALPN by default"); + if (tlsext_alpn_client_needs(ssl)) { + FAIL("client should need ALPN by default"); goto err; } @@ -313,7 +313,7 @@ test_tlsext_alpn_clienthello(void) } static int -test_tlsext_alpn_serverhello(void) +test_tlsext_alpn_server(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -333,8 +333,8 @@ test_tlsext_alpn_serverhello(void) errx(1, "failed to create SSL"); /* By default, ALPN isn't needed. */ - if (tlsext_alpn_serverhello_needs(ssl)) { - FAIL("serverhello should not need ALPN by default\n"); + if (tlsext_alpn_server_needs(ssl)) { + FAIL("server should not need ALPN by default\n"); goto err; } @@ -351,22 +351,22 @@ test_tlsext_alpn_serverhello(void) sizeof(tlsext_alpn_single_proto_name)); S3I(ssl)->alpn_selected_len = sizeof(tlsext_alpn_single_proto_name); - if (!tlsext_alpn_serverhello_needs(ssl)) { - FAIL("serverhello should need ALPN after a protocol is selected\n"); + if (!tlsext_alpn_server_needs(ssl)) { + FAIL("server should need ALPN after a protocol is selected\n"); goto err; } - /* Make sure we can build a serverhello with one protocol */ + /* Make sure we can build a server with one protocol */ - if (!tlsext_alpn_serverhello_build(ssl, &cbb)) { - FAIL("serverhello should be able to build a response"); + if (!tlsext_alpn_server_build(ssl, &cbb)) { + FAIL("server should be able to build a response"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_alpn_single_proto)) { - FAIL("got clienthello ALPN with length %zu, " + FAIL("got client ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_single_proto)); compare_data(data, dlen, tlsext_alpn_single_proto, @@ -374,7 +374,7 @@ test_tlsext_alpn_serverhello(void) goto err; } if (memcmp(data, tlsext_alpn_single_proto, dlen) != 0) { - FAIL("clienthello ALPN differs:\n"); + FAIL("client ALPN differs:\n"); compare_data(data, dlen, tlsext_alpn_single_proto, sizeof(tlsext_alpn_single_proto)); goto err; @@ -391,8 +391,8 @@ test_tlsext_alpn_serverhello(void) sizeof(tlsext_alpn_single_proto)); /* Shouldn't be able to parse without requesting */ - if (tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("Should only parse serverhello if we requested it"); + if (tlsext_alpn_client_parse(ssl, &cbs, &alert)) { + FAIL("Should only parse server if we requested it"); goto err; } @@ -402,8 +402,8 @@ test_tlsext_alpn_serverhello(void) FAIL("should be able to set ALPN to http/1.1"); goto err; } - if (!tlsext_alpn_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("Should be able to parse serverhello when we request it"); + if (!tlsext_alpn_server_parse(ssl, &cbs, &alert)) { + FAIL("Should be able to parse server when we request it"); goto err; } if (CBS_len(&cbs) != 0) { @@ -413,7 +413,7 @@ test_tlsext_alpn_serverhello(void) if (S3I(ssl)->alpn_selected_len != sizeof(tlsext_alpn_single_proto_name)) { - FAIL("got serverhello ALPN with length %zu, " + FAIL("got server ALPN with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_alpn_single_proto_name)); compare_data(S3I(ssl)->alpn_selected, @@ -425,7 +425,7 @@ test_tlsext_alpn_serverhello(void) if (memcmp(S3I(ssl)->alpn_selected, tlsext_alpn_single_proto_name, sizeof(tlsext_alpn_single_proto_name)) != 0) { - FAIL("serverhello ALPN differs:\n"); + FAIL("server ALPN differs:\n"); compare_data(S3I(ssl)->alpn_selected, S3I(ssl)->alpn_selected_len, tlsext_alpn_single_proto_name, @@ -434,7 +434,7 @@ test_tlsext_alpn_serverhello(void) } /* - * We should NOT be able to build a serverhello with multiple + * We should NOT be able to build a server with multiple * protocol names. However, the existing code did not check for this * case because it is passed in as an encoded value. */ @@ -445,8 +445,8 @@ test_tlsext_alpn_serverhello(void) S3I(ssl)->alpn_selected = NULL; S3I(ssl)->alpn_selected_len = 0; - if (tlsext_alpn_serverhello_needs(ssl)) { - FAIL("serverhello should need ALPN by default"); + if (tlsext_alpn_server_needs(ssl)) { + FAIL("server should need ALPN by default"); goto err; } @@ -468,34 +468,34 @@ test_tlsext_alpn_serverhello(void) * This extension is only used by the client. */ -static uint8_t tlsext_supportedgroups_clienthello_default[] = { +static uint8_t tlsext_supportedgroups_client_default[] = { 0x00, 0x06, 0x00, 0x1d, /* X25519 (29) */ 0x00, 0x17, /* secp256r1 (23) */ 0x00, 0x18 /* secp384r1 (24) */ }; -static uint16_t tlsext_supportedgroups_clienthello_secp384r1_val[] = { +static uint16_t tlsext_supportedgroups_client_secp384r1_val[] = { 0x0018 /* tls1_ec_nid2curve_id(NID_secp384r1) */ }; -static uint8_t tlsext_supportedgroups_clienthello_secp384r1[] = { +static uint8_t tlsext_supportedgroups_client_secp384r1[] = { 0x00, 0x02, 0x00, 0x18 /* secp384r1 (24) */ }; /* Example from RFC 4492 section 5.1.1 */ -static uint16_t tlsext_supportedgroups_clienthello_nistp192and224_val[] = { +static uint16_t tlsext_supportedgroups_client_nistp192and224_val[] = { 0x0013, /* tls1_ec_nid2curve_id(NID_X9_62_prime192v1) */ 0x0015 /* tls1_ec_nid2curve_id(NID_secp224r1) */ }; -static uint8_t tlsext_supportedgroups_clienthello_nistp192and224[] = { +static uint8_t tlsext_supportedgroups_client_nistp192and224[] = { 0x00, 0x04, 0x00, 0x13, /* secp192r1 aka NIST P-192 */ 0x00, 0x15 /* secp224r1 aka NIST P-224 */ }; static int -test_tlsext_supportedgroups_clienthello(void) +test_tlsext_supportedgroups_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -518,8 +518,8 @@ test_tlsext_supportedgroups_clienthello(void) /* * Default ciphers include EC so we need it by default. */ - if (!tlsext_supportedgroups_clienthello_needs(ssl)) { - FAIL("clienthello should need Ellipticcurves for default " + if (!tlsext_supportedgroups_client_needs(ssl)) { + FAIL("client should need Ellipticcurves for default " "ciphers\n"); goto err; } @@ -528,11 +528,11 @@ test_tlsext_supportedgroups_clienthello(void) * Exclude cipher suites so we can test not including it. */ if (!SSL_set_cipher_list(ssl, "TLSv1.2:!ECDHE:!ECDSA")) { - FAIL("clienthello should be able to set cipher list\n"); + FAIL("client should be able to set cipher list\n"); goto err; } - if (tlsext_supportedgroups_clienthello_needs(ssl)) { - FAIL("clienthello should not need Ellipticcurves\n"); + if (tlsext_supportedgroups_client_needs(ssl)) { + FAIL("client should not need Ellipticcurves\n"); goto err; } @@ -540,11 +540,11 @@ test_tlsext_supportedgroups_clienthello(void) * Use libtls default for the rest of the testing */ if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { - FAIL("clienthello should be able to set cipher list\n"); + FAIL("client should be able to set cipher list\n"); goto err; } - if (!tlsext_supportedgroups_clienthello_needs(ssl)) { - FAIL("clienthello should need Ellipticcurves\n"); + if (!tlsext_supportedgroups_client_needs(ssl)) { + FAIL("client should need Ellipticcurves\n"); goto err; } @@ -562,32 +562,32 @@ test_tlsext_supportedgroups_clienthello(void) SSI(ssl)->tlsext_supportedgroups[0] = tls1_ec_nid2curve_id(NID_secp384r1); SSI(ssl)->tlsext_supportedgroups_length = 1; - if (!tlsext_supportedgroups_clienthello_needs(ssl)) { - FAIL("clienthello should need Ellipticcurves\n"); + if (!tlsext_supportedgroups_client_needs(ssl)) { + FAIL("client should need Ellipticcurves\n"); goto err; } - if (!tlsext_supportedgroups_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build Ellipticcurves\n"); + if (!tlsext_supportedgroups_client_build(ssl, &cbb)) { + FAIL("client failed to build Ellipticcurves\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_supportedgroups_clienthello_default)) { - FAIL("got clienthello Ellipticcurves with length %zu, " + if (dlen != sizeof(tlsext_supportedgroups_client_default)) { + FAIL("got client Ellipticcurves with length %zu, " "want length %zu\n", dlen, - sizeof(tlsext_supportedgroups_clienthello_default)); - compare_data(data, dlen, tlsext_supportedgroups_clienthello_default, - sizeof(tlsext_supportedgroups_clienthello_default)); + sizeof(tlsext_supportedgroups_client_default)); + compare_data(data, dlen, tlsext_supportedgroups_client_default, + sizeof(tlsext_supportedgroups_client_default)); goto err; } - if (memcmp(data, tlsext_supportedgroups_clienthello_default, dlen) != 0) { - FAIL("clienthello Ellipticcurves differs:\n"); - compare_data(data, dlen, tlsext_supportedgroups_clienthello_default, - sizeof(tlsext_supportedgroups_clienthello_default)); + if (memcmp(data, tlsext_supportedgroups_client_default, dlen) != 0) { + FAIL("client Ellipticcurves differs:\n"); + compare_data(data, dlen, tlsext_supportedgroups_client_default, + sizeof(tlsext_supportedgroups_client_default)); goto err; } @@ -603,10 +603,10 @@ test_tlsext_supportedgroups_clienthello(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - CBS_init(&cbs, tlsext_supportedgroups_clienthello_secp384r1, - sizeof(tlsext_supportedgroups_clienthello_secp384r1)); - if (!tlsext_supportedgroups_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse clienthello Ellipticcurves\n"); + CBS_init(&cbs, tlsext_supportedgroups_client_secp384r1, + sizeof(tlsext_supportedgroups_client_secp384r1)); + if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse client Ellipticcurves\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -615,21 +615,21 @@ test_tlsext_supportedgroups_clienthello(void) } if (SSI(ssl)->tlsext_supportedgroups_length != - sizeof(tlsext_supportedgroups_clienthello_secp384r1_val) / sizeof(uint16_t)) { - FAIL("no tlsext_ellipticcurves from clienthello " + sizeof(tlsext_supportedgroups_client_secp384r1_val) / sizeof(uint16_t)) { + FAIL("no tlsext_ellipticcurves from client " "Ellipticcurves\n"); goto err; } if (memcmp(SSI(ssl)->tlsext_supportedgroups, - tlsext_supportedgroups_clienthello_secp384r1_val, - sizeof(tlsext_supportedgroups_clienthello_secp384r1_val)) != 0) { - FAIL("clienthello had an incorrect Ellipticcurves " + tlsext_supportedgroups_client_secp384r1_val, + sizeof(tlsext_supportedgroups_client_secp384r1_val)) != 0) { + FAIL("client had an incorrect Ellipticcurves " "entry\n"); compare_data2(SSI(ssl)->tlsext_supportedgroups, SSI(ssl)->tlsext_supportedgroups_length * 2, - tlsext_supportedgroups_clienthello_secp384r1_val, - sizeof(tlsext_supportedgroups_clienthello_secp384r1_val)); + tlsext_supportedgroups_client_secp384r1_val, + sizeof(tlsext_supportedgroups_client_secp384r1_val)); goto err; } @@ -651,38 +651,38 @@ test_tlsext_supportedgroups_clienthello(void) ssl->internal->tlsext_supportedgroups[1] = tls1_ec_nid2curve_id(NID_secp224r1); ssl->internal->tlsext_supportedgroups_length = 2; - if (!tlsext_supportedgroups_clienthello_needs(ssl)) { - FAIL("clienthello should need Ellipticcurves\n"); + if (!tlsext_supportedgroups_client_needs(ssl)) { + FAIL("client should need Ellipticcurves\n"); goto err; } - if (!tlsext_supportedgroups_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build Ellipticcurves\n"); + if (!tlsext_supportedgroups_client_build(ssl, &cbb)) { + FAIL("client failed to build Ellipticcurves\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_supportedgroups_clienthello_nistp192and224)) { - FAIL("got clienthello Ellipticcurves with length %zu, " + if (dlen != sizeof(tlsext_supportedgroups_client_nistp192and224)) { + FAIL("got client Ellipticcurves with length %zu, " "want length %zu\n", dlen, - sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); + sizeof(tlsext_supportedgroups_client_nistp192and224)); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_supportedgroups_clienthello_nistp192and224, - sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); + hexdump(tlsext_supportedgroups_client_nistp192and224, + sizeof(tlsext_supportedgroups_client_nistp192and224)); goto err; } - if (memcmp(data, tlsext_supportedgroups_clienthello_nistp192and224, dlen) != 0) { - FAIL("clienthello Ellipticcurves differs:\n"); + if (memcmp(data, tlsext_supportedgroups_client_nistp192and224, dlen) != 0) { + FAIL("client Ellipticcurves differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_supportedgroups_clienthello_nistp192and224, - sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); + hexdump(tlsext_supportedgroups_client_nistp192and224, + sizeof(tlsext_supportedgroups_client_nistp192and224)); goto err; } @@ -703,10 +703,10 @@ test_tlsext_supportedgroups_clienthello(void) ssl->internal->tlsext_supportedgroups = NULL; ssl->internal->tlsext_supportedgroups_length = 0; - CBS_init(&cbs, tlsext_supportedgroups_clienthello_nistp192and224, - sizeof(tlsext_supportedgroups_clienthello_nistp192and224)); - if (!tlsext_supportedgroups_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse clienthello Ellipticcurves\n"); + CBS_init(&cbs, tlsext_supportedgroups_client_nistp192and224, + sizeof(tlsext_supportedgroups_client_nistp192and224)); + if (!tlsext_supportedgroups_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse client Ellipticcurves\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -715,20 +715,19 @@ test_tlsext_supportedgroups_clienthello(void) } if (SSI(ssl)->tlsext_supportedgroups_length != - sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val) / sizeof(uint16_t)) { - FAIL("no tlsext_ellipticcurves from clienthello " - "Ellipticcurves\n"); + sizeof(tlsext_supportedgroups_client_nistp192and224_val) / sizeof(uint16_t)) { + FAIL("no tlsext_ellipticcurves from client Ellipticcurves\n"); goto err; } if (memcmp(SSI(ssl)->tlsext_supportedgroups, - tlsext_supportedgroups_clienthello_nistp192and224_val, - sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val)) != 0) { - FAIL("clienthello had an incorrect Ellipticcurves entry\n"); + tlsext_supportedgroups_client_nistp192and224_val, + sizeof(tlsext_supportedgroups_client_nistp192and224_val)) != 0) { + FAIL("client had an incorrect Ellipticcurves entry\n"); compare_data2(SSI(ssl)->tlsext_supportedgroups, SSI(ssl)->tlsext_supportedgroups_length * 2, - tlsext_supportedgroups_clienthello_nistp192and224_val, - sizeof(tlsext_supportedgroups_clienthello_nistp192and224_val)); + tlsext_supportedgroups_client_nistp192and224_val, + sizeof(tlsext_supportedgroups_client_nistp192and224_val)); goto err; } @@ -746,7 +745,7 @@ test_tlsext_supportedgroups_clienthello(void) /* elliptic_curves is only used by the client so this doesn't test much. */ static int -test_tlsext_supportedgroups_serverhello(void) +test_tlsext_supportedgroups_server(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -759,16 +758,16 @@ test_tlsext_supportedgroups_serverhello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_supportedgroups_serverhello_needs(ssl)) { - FAIL("serverhello should not need elliptic_curves\n"); + if (tlsext_supportedgroups_server_needs(ssl)) { + FAIL("server should not need elliptic_curves\n"); goto err; } if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (tlsext_supportedgroups_serverhello_needs(ssl)) { - FAIL("serverhello should not need elliptic_curves\n"); + if (tlsext_supportedgroups_server_needs(ssl)) { + FAIL("server should not need elliptic_curves\n"); goto err; } @@ -815,7 +814,7 @@ static uint8_t tlsext_ecpf_hello_prefer_order[] = { }; static int -test_tlsext_ecpf_clienthello(void) +test_tlsext_ecpf_client(void) { uint8_t *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -837,8 +836,8 @@ test_tlsext_ecpf_clienthello(void) /* * Default ciphers include EC so we need it by default. */ - if (!tlsext_ecpf_clienthello_needs(ssl)) { - FAIL("clienthello should need ECPointFormats for default " + if (!tlsext_ecpf_client_needs(ssl)) { + FAIL("client should need ECPointFormats for default " "ciphers\n"); goto err; } @@ -847,11 +846,11 @@ test_tlsext_ecpf_clienthello(void) * Exclude EC cipher suites so we can test not including it. */ if (!SSL_set_cipher_list(ssl, "ALL:!ECDHE:!ECDH")) { - FAIL("clienthello should be able to set cipher list\n"); + FAIL("client should be able to set cipher list\n"); goto err; } - if (tlsext_ecpf_clienthello_needs(ssl)) { - FAIL("clienthello should not need ECPointFormats\n"); + if (tlsext_ecpf_client_needs(ssl)) { + FAIL("client should not need ECPointFormats\n"); goto err; } @@ -859,11 +858,11 @@ test_tlsext_ecpf_clienthello(void) * Use libtls default for the rest of the testing */ if (!SSL_set_cipher_list(ssl, "TLSv1.2+AEAD+ECDHE")) { - FAIL("clienthello should be able to set cipher list\n"); + FAIL("client should be able to set cipher list\n"); goto err; } - if (!tlsext_ecpf_clienthello_needs(ssl)) { - FAIL("clienthello should need ECPointFormats\n"); + if (!tlsext_ecpf_client_needs(ssl)) { + FAIL("client should need ECPointFormats\n"); goto err; } @@ -873,8 +872,8 @@ test_tlsext_ecpf_clienthello(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build ECPointFormats\n"); + if (!tlsext_ecpf_client_build(ssl, &cbb)) { + FAIL("client failed to build ECPointFormats\n"); goto err; } @@ -882,7 +881,7 @@ test_tlsext_ecpf_clienthello(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { - FAIL("got clienthello ECPointFormats with length %zu, " + FAIL("got client ECPointFormats with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_ecpf_hello_uncompressed)); compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, @@ -891,7 +890,7 @@ test_tlsext_ecpf_clienthello(void) } if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { - FAIL("clienthello ECPointFormats differs:\n"); + FAIL("client ECPointFormats differs:\n"); compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, sizeof(tlsext_ecpf_hello_uncompressed)); goto err; @@ -911,8 +910,8 @@ test_tlsext_ecpf_clienthello(void) CBS_init(&cbs, tlsext_ecpf_hello_uncompressed, sizeof(tlsext_ecpf_hello_uncompressed)); - if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse clienthello ECPointFormats\n"); + if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse client ECPointFormats\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -922,7 +921,7 @@ test_tlsext_ecpf_clienthello(void) if (SSI(ssl)->tlsext_ecpointformatlist_length != sizeof(tlsext_ecpf_hello_uncompressed_val)) { - FAIL("no tlsext_ecpointformats from clienthello " + FAIL("no tlsext_ecpointformats from client " "ECPointFormats\n"); goto err; } @@ -930,7 +929,7 @@ test_tlsext_ecpf_clienthello(void) if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, tlsext_ecpf_hello_uncompressed_val, sizeof(tlsext_ecpf_hello_uncompressed_val)) != 0) { - FAIL("clienthello had an incorrect ECPointFormats entry\n"); + FAIL("client had an incorrect ECPointFormats entry\n"); goto err; } @@ -955,14 +954,14 @@ test_tlsext_ecpf_clienthello(void) ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; ssl->internal->tlsext_ecpointformatlist_length = 3; - if (!tlsext_ecpf_clienthello_needs(ssl)) { - FAIL("clienthello should need ECPointFormats with a custom " + if (!tlsext_ecpf_client_needs(ssl)) { + FAIL("client should need ECPointFormats with a custom " "format\n"); goto err; } - if (!tlsext_ecpf_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build ECPointFormats\n"); + if (!tlsext_ecpf_client_build(ssl, &cbb)) { + FAIL("client failed to build ECPointFormats\n"); goto err; } @@ -970,7 +969,7 @@ test_tlsext_ecpf_clienthello(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { - FAIL("got clienthello ECPointFormats with length %zu, " + FAIL("got client ECPointFormats with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_ecpf_hello_prefer_order)); compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, @@ -979,7 +978,7 @@ test_tlsext_ecpf_clienthello(void) } if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { - FAIL("clienthello ECPointFormats differs:\n"); + FAIL("client ECPointFormats differs:\n"); compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); goto err; @@ -1004,8 +1003,8 @@ test_tlsext_ecpf_clienthello(void) CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); - if (!tlsext_ecpf_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse clienthello ECPointFormats\n"); + if (!tlsext_ecpf_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse client ECPointFormats\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1015,7 +1014,7 @@ test_tlsext_ecpf_clienthello(void) if (SSI(ssl)->tlsext_ecpointformatlist_length != sizeof(tlsext_ecpf_hello_prefer_order_val)) { - FAIL("no tlsext_ecpointformats from clienthello " + FAIL("no tlsext_ecpointformats from client " "ECPointFormats\n"); goto err; } @@ -1023,7 +1022,7 @@ test_tlsext_ecpf_clienthello(void) if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, tlsext_ecpf_hello_prefer_order_val, sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { - FAIL("clienthello had an incorrect ECPointFormats entry\n"); + FAIL("client had an incorrect ECPointFormats entry\n"); goto err; } @@ -1040,7 +1039,7 @@ test_tlsext_ecpf_clienthello(void) } static int -test_tlsext_ecpf_serverhello(void) +test_tlsext_ecpf_server(void) { uint8_t *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1066,7 +1065,7 @@ test_tlsext_ecpf_serverhello(void) if ((S3I(ssl)->hs.new_cipher = ssl3_get_cipher_by_id(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305)) == NULL) { - FAIL("serverhello cannot find cipher\n"); + FAIL("server cannot find cipher\n"); goto err; } if ((SSI(ssl)->tlsext_ecpointformatlist = malloc(sizeof(uint8_t))) @@ -1077,8 +1076,8 @@ test_tlsext_ecpf_serverhello(void) SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime; SSI(ssl)->tlsext_ecpointformatlist_length = 1; - if (!tlsext_ecpf_serverhello_needs(ssl)) { - FAIL("serverhello should need ECPointFormats now\n"); + if (!tlsext_ecpf_server_needs(ssl)) { + FAIL("server should need ECPointFormats now\n"); goto err; } @@ -1086,8 +1085,8 @@ test_tlsext_ecpf_serverhello(void) * The server will ignore the session list and use either a custom * list or the default (uncompressed). */ - if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) { - FAIL("serverhello failed to build ECPointFormats\n"); + if (!tlsext_ecpf_server_build(ssl, &cbb)) { + FAIL("server failed to build ECPointFormats\n"); goto err; } @@ -1095,7 +1094,7 @@ test_tlsext_ecpf_serverhello(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_ecpf_hello_uncompressed)) { - FAIL("got serverhello ECPointFormats with length %zu, " + FAIL("got server ECPointFormats with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_ecpf_hello_uncompressed)); compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, @@ -1104,7 +1103,7 @@ test_tlsext_ecpf_serverhello(void) } if (memcmp(data, tlsext_ecpf_hello_uncompressed, dlen) != 0) { - FAIL("serverhello ECPointFormats differs:\n"); + FAIL("server ECPointFormats differs:\n"); compare_data(data, dlen, tlsext_ecpf_hello_uncompressed, sizeof(tlsext_ecpf_hello_uncompressed)); goto err; @@ -1124,8 +1123,8 @@ test_tlsext_ecpf_serverhello(void) CBS_init(&cbs, tlsext_ecpf_hello_prime, sizeof(tlsext_ecpf_hello_prime)); - if (tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("must include uncompressed in serverhello ECPointFormats\n"); + if (tlsext_ecpf_client_parse(ssl, &cbs, &alert)) { + FAIL("must include uncompressed in server ECPointFormats\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1164,13 +1163,13 @@ test_tlsext_ecpf_serverhello(void) ssl->internal->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2; ssl->internal->tlsext_ecpointformatlist_length = 3; - if (!tlsext_ecpf_serverhello_needs(ssl)) { - FAIL("serverhello should need ECPointFormats\n"); + if (!tlsext_ecpf_server_needs(ssl)) { + FAIL("server should need ECPointFormats\n"); goto err; } - if (!tlsext_ecpf_serverhello_build(ssl, &cbb)) { - FAIL("serverhello failed to build ECPointFormats\n"); + if (!tlsext_ecpf_server_build(ssl, &cbb)) { + FAIL("server failed to build ECPointFormats\n"); goto err; } @@ -1178,7 +1177,7 @@ test_tlsext_ecpf_serverhello(void) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_ecpf_hello_prefer_order)) { - FAIL("got serverhello ECPointFormats with length %zu, " + FAIL("got server ECPointFormats with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_ecpf_hello_prefer_order)); compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, @@ -1187,7 +1186,7 @@ test_tlsext_ecpf_serverhello(void) } if (memcmp(data, tlsext_ecpf_hello_prefer_order, dlen) != 0) { - FAIL("serverhello ECPointFormats differs:\n"); + FAIL("server ECPointFormats differs:\n"); compare_data(data, dlen, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); goto err; @@ -1212,8 +1211,8 @@ test_tlsext_ecpf_serverhello(void) CBS_init(&cbs, tlsext_ecpf_hello_prefer_order, sizeof(tlsext_ecpf_hello_prefer_order)); - if (!tlsext_ecpf_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse serverhello ECPointFormats\n"); + if (!tlsext_ecpf_client_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse server ECPointFormats\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1223,7 +1222,7 @@ test_tlsext_ecpf_serverhello(void) if (SSI(ssl)->tlsext_ecpointformatlist_length != sizeof(tlsext_ecpf_hello_prefer_order_val)) { - FAIL("no tlsext_ecpointformats from serverhello " + FAIL("no tlsext_ecpointformats from server " "ECPointFormats\n"); goto err; } @@ -1231,7 +1230,7 @@ test_tlsext_ecpf_serverhello(void) if (memcmp(SSI(ssl)->tlsext_ecpointformatlist, tlsext_ecpf_hello_prefer_order_val, sizeof(tlsext_ecpf_hello_prefer_order_val)) != 0) { - FAIL("serverhello had an incorrect ECPointFormats entry\n"); + FAIL("server had an incorrect ECPointFormats entry\n"); goto err; } @@ -1260,13 +1259,13 @@ static unsigned char tlsext_ri_prev_server[] = { 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 0x00, }; -static unsigned char tlsext_ri_clienthello[] = { +static unsigned char tlsext_ri_client[] = { 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, }; -static unsigned char tlsext_ri_serverhello[] = { +static unsigned char tlsext_ri_server[] = { 0x20, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, @@ -1275,7 +1274,7 @@ static unsigned char tlsext_ri_serverhello[] = { }; static int -test_tlsext_ri_clienthello(void) +test_tlsext_ri_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1295,8 +1294,8 @@ test_tlsext_ri_clienthello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ri_clienthello_needs(ssl)) { - FAIL("clienthello should not need RI\n"); + if (tlsext_ri_client_needs(ssl)) { + FAIL("client should not need RI\n"); goto err; } @@ -1305,8 +1304,8 @@ test_tlsext_ri_clienthello(void) goto err; } - if (!tlsext_ri_clienthello_needs(ssl)) { - FAIL("clienthello should need RI\n"); + if (!tlsext_ri_client_needs(ssl)) { + FAIL("client should need RI\n"); goto err; } @@ -1316,32 +1315,32 @@ test_tlsext_ri_clienthello(void) S3I(ssl)->renegotiate_seen = 0; - if (!tlsext_ri_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build RI\n"); + if (!tlsext_ri_client_build(ssl, &cbb)) { + FAIL("client failed to build RI\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_ri_clienthello)) { - FAIL("got clienthello RI with length %zu, " - "want length %zu\n", dlen, sizeof(tlsext_ri_clienthello)); + if (dlen != sizeof(tlsext_ri_client)) { + FAIL("got client RI with length %zu, " + "want length %zu\n", dlen, sizeof(tlsext_ri_client)); goto err; } - if (memcmp(data, tlsext_ri_clienthello, dlen) != 0) { - FAIL("clienthello RI differs:\n"); + if (memcmp(data, tlsext_ri_client, dlen) != 0) { + FAIL("client RI differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); + hexdump(tlsext_ri_client, sizeof(tlsext_ri_client)); goto err; } - CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); - if (!tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse clienthello RI\n"); + CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); + if (!tlsext_ri_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse client RI\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1363,9 +1362,9 @@ test_tlsext_ri_clienthello(void) S3I(ssl)->renegotiate_seen = 0; - CBS_init(&cbs, tlsext_ri_clienthello, sizeof(tlsext_ri_clienthello)); - if (tlsext_ri_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("parsed invalid clienthello RI\n"); + CBS_init(&cbs, tlsext_ri_client, sizeof(tlsext_ri_client)); + if (tlsext_ri_server_parse(ssl, &cbs, &alert)) { + FAIL("parsed invalid client RI\n"); failure = 1; goto err; } @@ -1387,7 +1386,7 @@ test_tlsext_ri_clienthello(void) } static int -test_tlsext_ri_serverhello(void) +test_tlsext_ri_server(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1407,15 +1406,15 @@ test_tlsext_ri_serverhello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ri_serverhello_needs(ssl)) { - FAIL("serverhello should not need RI\n"); + if (tlsext_ri_server_needs(ssl)) { + FAIL("server should not need RI\n"); goto err; } S3I(ssl)->send_connection_binding = 1; - if (!tlsext_ri_serverhello_needs(ssl)) { - FAIL("serverhello should need RI\n"); + if (!tlsext_ri_server_needs(ssl)) { + FAIL("server should need RI\n"); goto err; } @@ -1429,32 +1428,32 @@ test_tlsext_ri_serverhello(void) S3I(ssl)->renegotiate_seen = 0; - if (!tlsext_ri_serverhello_build(ssl, &cbb)) { - FAIL("serverhello failed to build RI\n"); + if (!tlsext_ri_server_build(ssl, &cbb)) { + FAIL("server failed to build RI\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_ri_serverhello)) { - FAIL("got serverhello RI with length %zu, " - "want length %zu\n", dlen, sizeof(tlsext_ri_serverhello)); + if (dlen != sizeof(tlsext_ri_server)) { + FAIL("got server RI with length %zu, " + "want length %zu\n", dlen, sizeof(tlsext_ri_server)); goto err; } - if (memcmp(data, tlsext_ri_serverhello, dlen) != 0) { - FAIL("serverhello RI differs:\n"); + if (memcmp(data, tlsext_ri_server, dlen) != 0) { + FAIL("server RI differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); + hexdump(tlsext_ri_server, sizeof(tlsext_ri_server)); goto err; } - CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); - if (!tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse serverhello RI\n"); + CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); + if (!tlsext_ri_client_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse server RI\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1478,9 +1477,9 @@ test_tlsext_ri_serverhello(void) S3I(ssl)->renegotiate_seen = 0; - CBS_init(&cbs, tlsext_ri_serverhello, sizeof(tlsext_ri_serverhello)); - if (tlsext_ri_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("parsed invalid serverhello RI\n"); + CBS_init(&cbs, tlsext_ri_server, sizeof(tlsext_ri_server)); + if (tlsext_ri_client_parse(ssl, &cbs, &alert)) { + FAIL("parsed invalid server RI\n"); goto err; } @@ -1504,7 +1503,7 @@ test_tlsext_ri_serverhello(void) * Signature Algorithms - RFC 5246 section 7.4.1.4.1. */ -static unsigned char tlsext_sigalgs_clienthello[] = { +static unsigned char tlsext_sigalgs_client[] = { 0x00, 0x1a, 0x06, 0x01, 0x06, 0x03, 0xef, 0xef, 0x05, 0x01, 0x05, 0x03, 0x04, 0x01, 0x04, 0x03, 0xee, 0xee, 0xed, 0xed, 0x03, 0x01, 0x03, 0x03, @@ -1512,7 +1511,7 @@ static unsigned char tlsext_sigalgs_clienthello[] = { }; static int -test_tlsext_sigalgs_clienthello(void) +test_tlsext_sigalgs_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1532,22 +1531,22 @@ test_tlsext_sigalgs_clienthello(void) ssl->client_version = TLS1_1_VERSION; - if (tlsext_sigalgs_clienthello_needs(ssl)) { - fprintf(stderr, "FAIL: clienthello should not need sigalgs\n"); + if (tlsext_sigalgs_client_needs(ssl)) { + fprintf(stderr, "FAIL: client should not need sigalgs\n"); failure = 1; goto done; } ssl->client_version = TLS1_2_VERSION; - if (!tlsext_sigalgs_clienthello_needs(ssl)) { - fprintf(stderr, "FAIL: clienthello should need sigalgs\n"); + if (!tlsext_sigalgs_client_needs(ssl)) { + fprintf(stderr, "FAIL: client should need sigalgs\n"); failure = 1; goto done; } - if (!tlsext_sigalgs_clienthello_build(ssl, &cbb)) { - fprintf(stderr, "FAIL: clienthello failed to build sigalgs\n"); + if (!tlsext_sigalgs_client_build(ssl, &cbb)) { + fprintf(stderr, "FAIL: client failed to build sigalgs\n"); failure = 1; goto done; } @@ -1555,26 +1554,26 @@ test_tlsext_sigalgs_clienthello(void) if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_sigalgs_clienthello)) { - fprintf(stderr, "FAIL: got clienthello sigalgs with length %zu, " - "want length %zu\n", dlen, sizeof(tlsext_sigalgs_clienthello)); + if (dlen != sizeof(tlsext_sigalgs_client)) { + fprintf(stderr, "FAIL: got client sigalgs with length %zu, " + "want length %zu\n", dlen, sizeof(tlsext_sigalgs_client)); failure = 1; goto done; } - if (memcmp(data, tlsext_sigalgs_clienthello, dlen) != 0) { - fprintf(stderr, "FAIL: clienthello SNI differs:\n"); + if (memcmp(data, tlsext_sigalgs_client, dlen) != 0) { + fprintf(stderr, "FAIL: client SNI differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); + hexdump(tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); failure = 1; goto done; } - CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); - if (!tlsext_sigalgs_clienthello_parse(ssl, &cbs, &alert)) { - fprintf(stderr, "FAIL: failed to parse clienthello SNI\n"); + CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); + if (!tlsext_sigalgs_server_parse(ssl, &cbs, &alert)) { + fprintf(stderr, "FAIL: failed to parse client SNI\n"); failure = 1; goto done; } @@ -1614,7 +1613,7 @@ test_tlsext_sigalgs_clienthello(void) } static int -test_tlsext_sigalgs_serverhello(void) +test_tlsext_sigalgs_server(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1632,14 +1631,14 @@ test_tlsext_sigalgs_serverhello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_sigalgs_serverhello_needs(ssl)) { - fprintf(stderr, "FAIL: serverhello should not need sigalgs\n"); + if (tlsext_sigalgs_server_needs(ssl)) { + fprintf(stderr, "FAIL: server should not need sigalgs\n"); failure = 1; goto done; } - if (tlsext_sigalgs_serverhello_build(ssl, &cbb)) { - fprintf(stderr, "FAIL: serverhello should not build sigalgs\n"); + if (tlsext_sigalgs_server_build(ssl, &cbb)) { + fprintf(stderr, "FAIL: server should not build sigalgs\n"); failure = 1; goto done; } @@ -1647,9 +1646,9 @@ test_tlsext_sigalgs_serverhello(void) if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - CBS_init(&cbs, tlsext_sigalgs_clienthello, sizeof(tlsext_sigalgs_clienthello)); - if (tlsext_sigalgs_serverhello_parse(ssl, &cbs, &alert)) { - fprintf(stderr, "FAIL: serverhello should not parse sigalgs\n"); + CBS_init(&cbs, tlsext_sigalgs_client, sizeof(tlsext_sigalgs_client)); + if (tlsext_sigalgs_client_parse(ssl, &cbs, &alert)) { + fprintf(stderr, "FAIL: server should not parse sigalgs\n"); failure = 1; goto done; } @@ -1669,17 +1668,17 @@ test_tlsext_sigalgs_serverhello(void) #define TEST_SNI_SERVERNAME "www.libressl.org" -static unsigned char tlsext_sni_clienthello[] = { +static unsigned char tlsext_sni_client[] = { 0x00, 0x13, 0x00, 0x00, 0x10, 0x77, 0x77, 0x77, 0x2e, 0x6c, 0x69, 0x62, 0x72, 0x65, 0x73, 0x73, 0x6c, 0x2e, 0x6f, 0x72, 0x67, }; -static unsigned char tlsext_sni_serverhello[] = { +static unsigned char tlsext_sni_server[] = { }; static int -test_tlsext_sni_clienthello(void) +test_tlsext_sni_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1699,8 +1698,8 @@ test_tlsext_sni_clienthello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_sni_clienthello_needs(ssl)) { - FAIL("clienthello should not need SNI\n"); + if (tlsext_sni_client_needs(ssl)) { + FAIL("client should not need SNI\n"); goto err; } @@ -1709,31 +1708,31 @@ test_tlsext_sni_clienthello(void) goto err; } - if (!tlsext_sni_clienthello_needs(ssl)) { - FAIL("clienthello should need SNI\n"); + if (!tlsext_sni_client_needs(ssl)) { + FAIL("client should need SNI\n"); goto err; } - if (!tlsext_sni_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build SNI\n"); + if (!tlsext_sni_client_build(ssl, &cbb)) { + FAIL("client failed to build SNI\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_sni_clienthello)) { - FAIL("got clienthello SNI with length %zu, " - "want length %zu\n", dlen, sizeof(tlsext_sni_clienthello)); + if (dlen != sizeof(tlsext_sni_client)) { + FAIL("got client SNI with length %zu, " + "want length %zu\n", dlen, sizeof(tlsext_sni_client)); goto err; } - if (memcmp(data, tlsext_sni_clienthello, dlen) != 0) { - FAIL("clienthello SNI differs:\n"); + if (memcmp(data, tlsext_sni_client, dlen) != 0) { + FAIL("client SNI differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); + hexdump(tlsext_sni_client, sizeof(tlsext_sni_client)); goto err; } @@ -1742,9 +1741,9 @@ test_tlsext_sni_clienthello(void) ssl->internal->hit = 0; - CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); - if (!tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse clienthello SNI\n"); + CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); + if (!tlsext_sni_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse client SNI\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1753,7 +1752,7 @@ test_tlsext_sni_clienthello(void) } if (ssl->session->tlsext_hostname == NULL) { - FAIL("no tlsext_hostname from clienthello SNI\n"); + FAIL("no tlsext_hostname from client SNI\n"); goto err; } @@ -1771,9 +1770,9 @@ test_tlsext_sni_clienthello(void) NULL) errx(1, "failed to strdup tlsext_hostname"); - CBS_init(&cbs, tlsext_sni_clienthello, sizeof(tlsext_sni_clienthello)); - if (tlsext_sni_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("parsed clienthello with mismatched SNI\n"); + CBS_init(&cbs, tlsext_sni_client, sizeof(tlsext_sni_client)); + if (tlsext_sni_server_parse(ssl, &cbs, &alert)) { + FAIL("parsed client with mismatched SNI\n"); goto err; } @@ -1789,7 +1788,7 @@ test_tlsext_sni_clienthello(void) } static int -test_tlsext_sni_serverhello(void) +test_tlsext_sni_server(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1812,8 +1811,8 @@ test_tlsext_sni_serverhello(void) if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (tlsext_sni_serverhello_needs(ssl)) { - FAIL("serverhello should not need SNI\n"); + if (tlsext_sni_server_needs(ssl)) { + FAIL("server should not need SNI\n"); goto err; } @@ -1826,40 +1825,40 @@ test_tlsext_sni_serverhello(void) NULL) errx(1, "failed to strdup tlsext_hostname"); - if (!tlsext_sni_serverhello_needs(ssl)) { - FAIL("serverhello should need SNI\n"); + if (!tlsext_sni_server_needs(ssl)) { + FAIL("server should need SNI\n"); goto err; } - if (!tlsext_sni_serverhello_build(ssl, &cbb)) { - FAIL("serverhello failed to build SNI\n"); + if (!tlsext_sni_server_build(ssl, &cbb)) { + FAIL("server failed to build SNI\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tlsext_sni_serverhello)) { - FAIL("got serverhello SNI with length %zu, " - "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello)); + if (dlen != sizeof(tlsext_sni_server)) { + FAIL("got server SNI with length %zu, " + "want length %zu\n", dlen, sizeof(tlsext_sni_server)); goto err; } - if (memcmp(data, tlsext_sni_serverhello, dlen) != 0) { - FAIL("serverhello SNI differs:\n"); + if (memcmp(data, tlsext_sni_server, dlen) != 0) { + FAIL("server SNI differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello)); + hexdump(tlsext_sni_server, sizeof(tlsext_sni_server)); goto err; } free(ssl->session->tlsext_hostname); ssl->session->tlsext_hostname = NULL; - CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello)); - if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse serverhello SNI\n"); + CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server)); + if (!tlsext_sni_client_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse server SNI\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1868,7 +1867,7 @@ test_tlsext_sni_serverhello(void) } if (ssl->session->tlsext_hostname == NULL) { - FAIL("no tlsext_hostname after serverhello SNI\n"); + FAIL("no tlsext_hostname after server SNI\n"); goto err; } @@ -1891,12 +1890,12 @@ test_tlsext_sni_serverhello(void) return (failure); } -static unsigned char tls_ocsp_clienthello_default[] = { +static unsigned char tls_ocsp_client_default[] = { 0x01, 0x00, 0x00, 0x00, 0x00 }; static int -test_tlsext_ocsp_clienthello(void) +test_tlsext_ocsp_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1916,42 +1915,42 @@ test_tlsext_ocsp_clienthello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ocsp_clienthello_needs(ssl)) { - FAIL("clienthello should not need ocsp\n"); + if (tlsext_ocsp_client_needs(ssl)) { + FAIL("client should not need ocsp\n"); goto err; } SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); - if (!tlsext_ocsp_clienthello_needs(ssl)) { - FAIL("clienthello should need ocsp\n"); + if (!tlsext_ocsp_client_needs(ssl)) { + FAIL("client should need ocsp\n"); goto err; } - if (!tlsext_ocsp_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build SNI\n"); + if (!tlsext_ocsp_client_build(ssl, &cbb)) { + FAIL("client failed to build SNI\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); - if (dlen != sizeof(tls_ocsp_clienthello_default)) { - FAIL("got ocsp clienthello with length %zu, " + if (dlen != sizeof(tls_ocsp_client_default)) { + FAIL("got ocsp client with length %zu, " "want length %zu\n", dlen, - sizeof(tls_ocsp_clienthello_default)); + sizeof(tls_ocsp_client_default)); goto err; } - if (memcmp(data, tls_ocsp_clienthello_default, dlen) != 0) { - FAIL("ocsp clienthello differs:\n"); + if (memcmp(data, tls_ocsp_client_default, dlen) != 0) { + FAIL("ocsp client differs:\n"); fprintf(stderr, "received:\n"); hexdump(data, dlen); fprintf(stderr, "test data:\n"); - hexdump(tls_ocsp_clienthello_default, - sizeof(tls_ocsp_clienthello_default)); + hexdump(tls_ocsp_client_default, + sizeof(tls_ocsp_client_default)); goto err; } - CBS_init(&cbs, tls_ocsp_clienthello_default, - sizeof(tls_ocsp_clienthello_default)); - if (!tlsext_ocsp_clienthello_parse(ssl, &cbs, &alert)) { - FAIL("failed to parse ocsp clienthello\n"); + CBS_init(&cbs, tls_ocsp_client_default, + sizeof(tls_ocsp_client_default)); + if (!tlsext_ocsp_server_parse(ssl, &cbs, &alert)) { + FAIL("failed to parse ocsp client\n"); goto err; } if (CBS_len(&cbs) != 0) { @@ -1971,7 +1970,7 @@ test_tlsext_ocsp_clienthello(void) } static int -test_tlsext_ocsp_serverhello(void) +test_tlsext_ocsp_server(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -1989,19 +1988,19 @@ test_tlsext_ocsp_serverhello(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (tlsext_ocsp_serverhello_needs(ssl)) { - FAIL("serverhello should not need ocsp\n"); + if (tlsext_ocsp_server_needs(ssl)) { + FAIL("server should not need ocsp\n"); goto err; } ssl->internal->tlsext_status_expected = 1; - if (!tlsext_ocsp_serverhello_needs(ssl)) { - FAIL("serverhello should need ocsp\n"); + if (!tlsext_ocsp_server_needs(ssl)) { + FAIL("server should need ocsp\n"); goto err; } - if (!tlsext_ocsp_serverhello_build(ssl, &cbb)) { - FAIL("serverhello failed to build ocsp\n"); + if (!tlsext_ocsp_server_build(ssl, &cbb)) { + FAIL("server failed to build ocsp\n"); goto err; } @@ -2030,7 +2029,7 @@ static uint8_t tlsext_sessionticket_hello_min[1]; static uint8_t tlsext_sessionticket_hello_max[65535]; static int -test_tlsext_sessionticket_clienthello(void) +test_tlsext_sessionticket_client(void) { unsigned char *data = NULL; SSL_CTX *ssl_ctx = NULL; @@ -2056,8 +2055,8 @@ test_tlsext_sessionticket_clienthello(void) errx(1, "failed to create SSL"); /* Should need a ticket by default. */ - if (!tlsext_sessionticket_clienthello_needs(ssl)) { - FAIL("clienthello should need Sessionticket for default " + if (!tlsext_sessionticket_client_needs(ssl)) { + FAIL("client should need Sessionticket for default " "ciphers\n"); goto err; } @@ -2067,8 +2066,8 @@ test_tlsext_sessionticket_clienthello(void) FAIL("Cannot disable tickets in the TLS connection"); return 0; } - if (tlsext_sessionticket_clienthello_needs(ssl)) { - FAIL("clienthello should not need SessionTicket if it was disabled"); + if (tlsext_sessionticket_client_needs(ssl)) { + FAIL("client should not need SessionTicket if it was disabled"); goto err; } @@ -2077,13 +2076,13 @@ test_tlsext_sessionticket_clienthello(void) FAIL("Cannot re-enable tickets in the TLS connection"); return 0; } - if (!tlsext_sessionticket_clienthello_needs(ssl)) { - FAIL("clienthello should need SessionTicket if it was disabled"); + if (!tlsext_sessionticket_client_needs(ssl)) { + FAIL("client should need SessionTicket if it was disabled"); goto err; } /* Since we don't have a session, we should build an empty ticket. */ - if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { + if (!tlsext_sessionticket_client_build(ssl, &cbb)) { FAIL("Cannot build a ticket"); goto err; } @@ -2104,11 +2103,11 @@ test_tlsext_sessionticket_clienthello(void) /* With a new session (but no ticket), we should still have 0 length */ if ((ssl->session = SSL_SESSION_new()) == NULL) errx(1, "failed to create session"); - if (!tlsext_sessionticket_clienthello_needs(ssl)) { + if (!tlsext_sessionticket_client_needs(ssl)) { FAIL("Should still want a session ticket with a new session"); goto err; } - if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { + if (!tlsext_sessionticket_client_build(ssl, &cbb)) { FAIL("Cannot build a ticket"); goto err; } @@ -2138,11 +2137,11 @@ test_tlsext_sessionticket_clienthello(void) memcpy(ssl->session->tlsext_tick, dummy, sizeof(dummy)); ssl->session->tlsext_ticklen = sizeof(dummy); - if (!tlsext_sessionticket_clienthello_needs(ssl)) { + if (!tlsext_sessionticket_client_needs(ssl)) { FAIL("Should still want a session ticket with a new session"); goto err; } - if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { + if (!tlsext_sessionticket_client_build(ssl, &cbb)) { FAIL("Cannot build a ticket"); goto err; } @@ -2155,7 +2154,7 @@ test_tlsext_sessionticket_clienthello(void) goto err; } if (memcmp(data, dummy, dlen) != 0) { - FAIL("serverhello SNI differs:\n"); + FAIL("server SNI differs:\n"); compare_data(data, dlen, dummy, sizeof(dummy)); goto err; @@ -2178,7 +2177,7 @@ test_tlsext_sessionticket_clienthello(void) goto err; } /* Should not need a ticket in this case */ - if (tlsext_sessionticket_clienthello_needs(ssl)) { + if (tlsext_sessionticket_client_needs(ssl)) { FAIL("Should not want to use session tickets with a NULL custom"); goto err; } @@ -2190,7 +2189,7 @@ test_tlsext_sessionticket_clienthello(void) free(ssl->internal->tlsext_session_ticket); ssl->internal->tlsext_session_ticket = NULL; - if (!tlsext_sessionticket_clienthello_needs(ssl)) { + if (!tlsext_sessionticket_client_needs(ssl)) { FAIL("Should need a session ticket again when the custom one is removed"); goto err; } @@ -2201,11 +2200,11 @@ test_tlsext_sessionticket_clienthello(void) FAIL("Should be able to set a custom ticket"); goto err; } - if (!tlsext_sessionticket_clienthello_needs(ssl)) { + if (!tlsext_sessionticket_client_needs(ssl)) { FAIL("Should need a session ticket again when the custom one is not empty"); goto err; } - if (!tlsext_sessionticket_clienthello_build(ssl, &cbb)) { + if (!tlsext_sessionticket_client_build(ssl, &cbb)) { FAIL("Cannot build a ticket with a max length random payload"); goto err; } @@ -2240,7 +2239,7 @@ test_tlsext_sessionticket_clienthello(void) static int -test_tlsext_sessionticket_serverhello(void) +test_tlsext_sessionticket_server(void) { SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; @@ -2262,8 +2261,8 @@ test_tlsext_sessionticket_serverhello(void) * By default, should not need a session ticket since the ticket * is not yet expected. */ - if (tlsext_sessionticket_serverhello_needs(ssl)) { - FAIL("serverhello should not need SessionTicket by default\n"); + if (tlsext_sessionticket_server_needs(ssl)) { + FAIL("server should not need SessionTicket by default\n"); goto err; } @@ -2272,8 +2271,8 @@ test_tlsext_sessionticket_serverhello(void) FAIL("Cannot disable tickets in the TLS connection"); return 0; } - if (tlsext_sessionticket_serverhello_needs(ssl)) { - FAIL("serverhello should not need SessionTicket if it was disabled"); + if (tlsext_sessionticket_server_needs(ssl)) { + FAIL("server should not need SessionTicket if it was disabled"); goto err; } @@ -2282,20 +2281,20 @@ test_tlsext_sessionticket_serverhello(void) FAIL("Cannot re-enable tickets in the TLS connection"); return 0; } - if (tlsext_sessionticket_serverhello_needs(ssl)) { - FAIL("serverhello should not need SessionTicket yet"); + if (tlsext_sessionticket_server_needs(ssl)) { + FAIL("server should not need SessionTicket yet"); goto err; } /* Set expected to require it. */ ssl->internal->tlsext_ticket_expected = 1; - if (!tlsext_sessionticket_serverhello_needs(ssl)) { - FAIL("serverhello should now be required for SessionTicket"); + if (!tlsext_sessionticket_server_needs(ssl)) { + FAIL("server should now be required for SessionTicket"); goto err; } /* server hello's session ticket should always be 0 length payload. */ - if (!tlsext_sessionticket_serverhello_build(ssl, &cbb)) { + if (!tlsext_sessionticket_server_build(ssl, &cbb)) { FAIL("Cannot build a ticket with a max length random payload"); goto err; } @@ -2368,7 +2367,7 @@ const uint8_t tlsext_srtp_multiple_one_valid[] = { }; static int -test_tlsext_srtp_clienthello(void) +test_tlsext_srtp_client(void) { SRTP_PROTECTION_PROFILE *prof; SSL_CTX *ssl_ctx = NULL; @@ -2390,8 +2389,8 @@ test_tlsext_srtp_clienthello(void) errx(1, "failed to create SSL"); /* By default, we don't need this */ - if (tlsext_srtp_clienthello_needs(ssl)) { - FAIL("clienthello should not need SRTP by default\n"); + if (tlsext_srtp_client_needs(ssl)) { + FAIL("client should not need SRTP by default\n"); goto err; } @@ -2399,22 +2398,22 @@ test_tlsext_srtp_clienthello(void) FAIL("should be able to set a single SRTP\n"); goto err; } - if (!tlsext_srtp_clienthello_needs(ssl)) { - FAIL("clienthello should need SRTP\n"); + if (!tlsext_srtp_client_needs(ssl)) { + FAIL("client should need SRTP\n"); goto err; } - /* Make sure we can build the clienthello with a single profile. */ + /* Make sure we can build the client with a single profile. */ - if (!tlsext_srtp_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build SRTP\n"); + if (!tlsext_srtp_client_build(ssl, &cbb)) { + FAIL("client failed to build SRTP\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_srtp_single)) { - FAIL("got clienthello SRTP with length %zu, " + FAIL("got client SRTP with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_srtp_single)); compare_data(data, dlen, tlsext_srtp_single, @@ -2422,7 +2421,7 @@ test_tlsext_srtp_clienthello(void) goto err; } if (memcmp(data, tlsext_srtp_single, dlen) != 0) { - FAIL("clienthello SRTP differs:\n"); + FAIL("client SRTP differs:\n"); compare_data(data, dlen, tlsext_srtp_single, sizeof(tlsext_srtp_single)); goto err; @@ -2441,7 +2440,7 @@ test_tlsext_srtp_clienthello(void) } CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); - if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { + if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2459,7 +2458,7 @@ test_tlsext_srtp_clienthello(void) goto err; } - if (!tlsext_srtp_serverhello_needs(ssl)) { + if (!tlsext_srtp_server_needs(ssl)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2470,20 +2469,20 @@ test_tlsext_srtp_clienthello(void) FAIL("should be able to set SRTP to multiple profiles\n"); goto err; } - if (!tlsext_srtp_clienthello_needs(ssl)) { - FAIL("clienthello should need SRTP by now\n"); + if (!tlsext_srtp_client_needs(ssl)) { + FAIL("client should need SRTP by now\n"); goto err; } - if (!tlsext_srtp_clienthello_build(ssl, &cbb)) { - FAIL("clienthello failed to build SRTP\n"); + if (!tlsext_srtp_client_build(ssl, &cbb)) { + FAIL("client failed to build SRTP\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_srtp_multiple)) { - FAIL("got clienthello SRTP with length %zu, " + FAIL("got client SRTP with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_srtp_multiple)); compare_data(data, dlen, tlsext_srtp_multiple, @@ -2491,7 +2490,7 @@ test_tlsext_srtp_clienthello(void) goto err; } if (memcmp(data, tlsext_srtp_multiple, dlen) != 0) { - FAIL("clienthello SRTP differs:\n"); + FAIL("client SRTP differs:\n"); compare_data(data, dlen, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); goto err; @@ -2508,7 +2507,7 @@ test_tlsext_srtp_clienthello(void) CBS_init(&cbs, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); - if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { + if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2526,7 +2525,7 @@ test_tlsext_srtp_clienthello(void) goto err; } - if (!tlsext_srtp_serverhello_needs(ssl)) { + if (!tlsext_srtp_server_needs(ssl)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2539,7 +2538,7 @@ test_tlsext_srtp_clienthello(void) CBS_init(&cbs, tlsext_srtp_multiple_one_valid, sizeof(tlsext_srtp_multiple_one_valid)); - if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { + if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2557,7 +2556,7 @@ test_tlsext_srtp_clienthello(void) goto err; } - if (!tlsext_srtp_serverhello_needs(ssl)) { + if (!tlsext_srtp_server_needs(ssl)) { FAIL("should send server extension when profile selected\n"); goto err; } @@ -2568,7 +2567,7 @@ test_tlsext_srtp_clienthello(void) CBS_init(&cbs, tlsext_srtp_multiple_invalid, sizeof(tlsext_srtp_multiple_invalid)); - if (!tlsext_srtp_clienthello_parse(ssl, &cbs, &alert)) { + if (!tlsext_srtp_server_parse(ssl, &cbs, &alert)) { FAIL("should be able to fall back to negotiated\n"); goto err; } @@ -2582,7 +2581,7 @@ test_tlsext_srtp_clienthello(void) FAIL("should not have selected a profile when none found\n"); goto err; } - if (tlsext_srtp_serverhello_needs(ssl)) { + if (tlsext_srtp_server_needs(ssl)) { FAIL("should not send server tlsext when no profile found\n"); goto err; } @@ -2599,7 +2598,7 @@ test_tlsext_srtp_clienthello(void) } static int -test_tlsext_srtp_serverhello(void) +test_tlsext_srtp_server(void) { SRTP_PROTECTION_PROFILE *prof; SSL_CTX *ssl_ctx = NULL; @@ -2621,8 +2620,8 @@ test_tlsext_srtp_serverhello(void) errx(1, "failed to create SSL"); /* By default, we don't need this */ - if (tlsext_srtp_serverhello_needs(ssl)) { - FAIL("serverhello should not need SRTP by default\n"); + if (tlsext_srtp_server_needs(ssl)) { + FAIL("server should not need SRTP by default\n"); goto err; } @@ -2632,22 +2631,22 @@ test_tlsext_srtp_serverhello(void) goto err; } ssl->internal->srtp_profile = prof; - if (!tlsext_srtp_serverhello_needs(ssl)) { - FAIL("serverhello should need SRTP by now\n"); + if (!tlsext_srtp_server_needs(ssl)) { + FAIL("server should need SRTP by now\n"); goto err; } - /* Make sure we can build the serverhello with a single profile. */ + /* Make sure we can build the server with a single profile. */ - if (!tlsext_srtp_serverhello_build(ssl, &cbb)) { - FAIL("serverhello failed to build SRTP\n"); + if (!tlsext_srtp_server_build(ssl, &cbb)) { + FAIL("server failed to build SRTP\n"); goto err; } if (!CBB_finish(&cbb, &data, &dlen)) errx(1, "failed to finish CBB"); if (dlen != sizeof(tlsext_srtp_single)) { - FAIL("got serverhello SRTP with length %zu, " + FAIL("got server SRTP with length %zu, " "want length %zu\n", dlen, sizeof(tlsext_srtp_single)); compare_data(data, dlen, tlsext_srtp_single, @@ -2655,7 +2654,7 @@ test_tlsext_srtp_serverhello(void) goto err; } if (memcmp(data, tlsext_srtp_single, dlen) != 0) { - FAIL("serverhello SRTP differs:\n"); + FAIL("server SRTP differs:\n"); compare_data(data, dlen, tlsext_srtp_single, sizeof(tlsext_srtp_single)); goto err; @@ -2681,7 +2680,7 @@ test_tlsext_srtp_serverhello(void) } CBS_init(&cbs, tlsext_srtp_single, sizeof(tlsext_srtp_single)); - if (!tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) { + if (!tlsext_srtp_client_parse(ssl, &cbs, &alert)) { FAIL("failed to parse SRTP\n"); goto err; } @@ -2704,17 +2703,17 @@ test_tlsext_srtp_serverhello(void) CBS_init(&cbs, tlsext_srtp_multiple, sizeof(tlsext_srtp_multiple)); - if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) { + if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) { FAIL("should not find multiple entries from the server\n"); goto err; } - /* Make sure we cannot parse a serverhello with unknown profile */ + /* Make sure we cannot parse a server with unknown profile */ ssl->internal->srtp_profile = NULL; CBS_init(&cbs, tlsext_srtp_single_invalid, sizeof(tlsext_srtp_single_invalid)); - if (tlsext_srtp_serverhello_parse(ssl, &cbs, &alert)) { + if (tlsext_srtp_client_parse(ssl, &cbs, &alert)) { FAIL("should not be able to parse this\n"); goto err; } @@ -2763,7 +2762,7 @@ test_tlsext_clienthello_build(void) if ((ssl = SSL_new(ssl_ctx)) == NULL) errx(1, "failed to create SSL"); - if (!tlsext_clienthello_build(ssl, &cbb)) { + if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) { FAIL("failed to build clienthello extensions\n"); goto err; } @@ -2799,7 +2798,7 @@ test_tlsext_clienthello_build(void) return 0; } - if (!tlsext_clienthello_build(ssl, &cbb)) { + if (!tlsext_client_build(ssl, &cbb, SSL_TLSEXT_MSG_CH)) { FAIL("failed to build clienthello extensions\n"); goto err; } @@ -2865,7 +2864,7 @@ test_tlsext_serverhello_build(void) S3I(ssl)->hs.new_cipher = ssl3_get_cipher_by_id(TLS1_CK_RSA_WITH_AES_128_SHA256); - if (!tlsext_serverhello_build(ssl, &cbb)) { + if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) { FAIL("failed to build serverhello extensions\n"); goto err; } @@ -2902,7 +2901,7 @@ test_tlsext_serverhello_build(void) SSI(ssl)->tlsext_ecpointformatlist[0] = TLSEXT_ECPOINTFORMAT_uncompressed; - if (!tlsext_serverhello_build(ssl, &cbb)) { + if (!tlsext_server_build(ssl, &cbb, SSL_TLSEXT_MSG_SH)) { FAIL("failed to build serverhello extensions\n"); goto err; } @@ -2943,33 +2942,33 @@ main(int argc, char **argv) SSL_library_init(); SSL_load_error_strings(); - failed |= test_tlsext_alpn_clienthello(); - failed |= test_tlsext_alpn_serverhello(); + failed |= test_tlsext_alpn_client(); + failed |= test_tlsext_alpn_server(); - failed |= test_tlsext_supportedgroups_clienthello(); - failed |= test_tlsext_supportedgroups_serverhello(); + failed |= test_tlsext_supportedgroups_client(); + failed |= test_tlsext_supportedgroups_server(); - failed |= test_tlsext_ecpf_clienthello(); - failed |= test_tlsext_ecpf_serverhello(); + failed |= test_tlsext_ecpf_client(); + failed |= test_tlsext_ecpf_server(); - failed |= test_tlsext_ri_clienthello(); - failed |= test_tlsext_ri_serverhello(); + failed |= test_tlsext_ri_client(); + failed |= test_tlsext_ri_server(); - failed |= test_tlsext_sigalgs_clienthello(); - failed |= test_tlsext_sigalgs_serverhello(); + failed |= test_tlsext_sigalgs_client(); + failed |= test_tlsext_sigalgs_server(); - failed |= test_tlsext_sni_clienthello(); - failed |= test_tlsext_sni_serverhello(); + failed |= test_tlsext_sni_client(); + failed |= test_tlsext_sni_server(); - failed |= test_tlsext_ocsp_clienthello(); - failed |= test_tlsext_ocsp_serverhello(); + failed |= test_tlsext_ocsp_client(); + failed |= test_tlsext_ocsp_server(); - failed |= test_tlsext_sessionticket_clienthello(); - failed |= test_tlsext_sessionticket_serverhello(); + failed |= test_tlsext_sessionticket_client(); + failed |= test_tlsext_sessionticket_server(); #ifndef OPENSSL_NO_SRTP - failed |= test_tlsext_srtp_clienthello(); - failed |= test_tlsext_srtp_serverhello(); + failed |= test_tlsext_srtp_client(); + failed |= test_tlsext_srtp_server(); #else fprintf(stderr, "Skipping SRTP tests due to OPENSSL_NO_SRTP\n"); #endif diff --git a/regress/lib/libssl/unit/tls_ext_alpn.c b/regress/lib/libssl/unit/tls_ext_alpn.c index 7dec1bfc51f..63e5f247c80 100644 --- a/regress/lib/libssl/unit/tls_ext_alpn.c +++ b/regress/lib/libssl/unit/tls_ext_alpn.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_ext_alpn.c,v 1.5 2018/02/08 11:31:00 jsing Exp $ */ +/* $OpenBSD: tls_ext_alpn.c,v 1.6 2019/01/18 00:55:15 jsing Exp $ */ /* * Copyright (c) 2015 Doug Hogan <doug@openbsd.org> * @@ -321,9 +321,9 @@ static uint8_t proto_invalid_missing9[] = { int al; \ \ CBS_init(&cbs, proto, sizeof(proto)); \ - CHECK(c_val == tlsext_clienthello_parse(s, &cbs, &al)); \ + CHECK(c_val == tlsext_server_parse(s, &cbs, &al, SSL_TLSEXT_MSG_CH)); \ CBS_init(&cbs, proto, sizeof(proto)); \ - CHECK(s_val == tlsext_serverhello_parse(s, &cbs, &al)); \ + CHECK(s_val == tlsext_client_parse(s, &cbs, &al, SSL_TLSEXT_MSG_SH)); \ } \ } while (0) |