static BIO *bio_err=NULL;
static BIO *bio_stdout=NULL;
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Note that this code assumes that this is only a one element list: */
static const char NEXT_PROTO_STRING[] = "\x09testproto";
int npn_client = 0;
/* This set based on extension callbacks */
int custom_ext_error = 0;
+/* Not IETF assigned supplemental data types */
+#define CUSTOM_SUPP_DATA_TYPE_0 100
+#define CUSTOM_SUPP_DATA_TYPE_1 101
+#define CUSTOM_SUPP_DATA_TYPE_2 102
+
+const char supp_data_0_string[] = "00000";
+
+int suppdata = 0;
+int suppdata_error = 0;
+
static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
const unsigned char* in, unsigned short inlen,
int* al, void* arg)
return 1; /* Send "defg" */
}
+static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char **out,
+ unsigned short *outlen, void *arg)
+ {
+ *out = (const unsigned char*)supp_data_0_string;
+ *outlen = strlen(supp_data_0_string);
+ if (arg != s)
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+ {
+ if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
+ suppdata_error = 1;
+ if (inlen != strlen(supp_data_0_string))
+ suppdata_error = 1;
+ if (memcmp(in, supp_data_0_string, inlen) != 0)
+ suppdata_error = 1;
+ if (arg != s)
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char **out,
+ unsigned short *outlen, void *arg)
+ {
+ return -1;
+ }
+
+static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+ {
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+ {
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+ {
+ if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
+ suppdata_error = 1;
+ if (inlen != strlen(supp_data_0_string))
+ suppdata_error = 1;
+ if (memcmp(in, supp_data_0_string, inlen) != 0)
+ suppdata_error = 1;
+ if (arg != s)
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char **out,
+ unsigned short *outlen, void *arg)
+ {
+ *out = (const unsigned char*)supp_data_0_string;
+ *outlen = strlen(supp_data_0_string);
+ if (arg != s)
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+ {
+ suppdata_error = 1;
+ return 1;
+ }
+
+static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char **out,
+ unsigned short *outlen, void *arg)
+ {
+ return -1;
+ }
+
+static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+ {
+ suppdata_error = 1;
+ return 1;
+ }
static char *cipher=NULL;
static int verbose=0;
" (default is sect163r2).\n");
#endif
fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr," -npn_client - have client side offer NPN\n");
fprintf(stderr," -npn_server - have server side offer NPN\n");
fprintf(stderr," -npn_server_reject - have server reject NPN\n");
fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n");
fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
+ fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n");
}
static void print_details(SSL *c_ssl, const char *prefix)
{
test_cipherlist = 1;
}
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv,"-npn_client") == 0)
{
npn_client = 1;
if (--argc < 1) goto bad;
alpn_expected = *(++argv);
}
+ else if (strcmp(*argv,"-suppdata") == 0)
+ {
+ suppdata = 1;
+ }
else
{
fprintf(stderr,"unknown option %s\n",*argv);
}
#endif
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (npn_client)
{
SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
c_ssl=SSL_new(c_ctx);
s_ssl=SSL_new(s_ctx);
+ if (suppdata)
+ {
+ /* TEST CASES */
+ /* client and server both send and receive, verify
+ * additional arg passed back */
+ SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0,
+ supp_data_0_srv_first_cb,
+ supp_data_0_srv_second_cb, s_ssl);
+ SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0,
+ supp_data_0_cli_first_cb,
+ supp_data_0_cli_second_cb, c_ssl);
+
+ /* -1 response from sending server/client doesn't
+ * receive, -1 response from sending client/server
+ * doesn't receive */
+ SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1,
+ supp_data_1_srv_first_cb,
+ supp_data_1_srv_second_cb, NULL);
+ SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1,
+ supp_data_1_cli_first_cb,
+ supp_data_1_cli_second_cb, NULL);
+
+ /* null sending server/client doesn't receive, null
+ sending client/server doesn't receive */
+ SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2,
+ /*supp_data_2_srv_first_cb*/NULL,
+ supp_data_2_srv_second_cb, NULL);
+ SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2,
+ supp_data_2_cli_first_cb,
+ /*supp_data_2_cli_second_cb*/NULL,
+ NULL);
+
+ /* alerts set to non-zero and zero return values not tested */
+ }
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx)
{
if (verbose)
print_details(c_ssl, "DONE via BIO pair: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
if (verbose)
print_details(c_ssl, "DONE: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
goto err;
}
#endif
+ if (suppdata_error < 0)
+ {
+ ret = 1;
+ goto err;
+ }
if (verify_serverinfo() < 0)
{
ret = 1;