unsigned int server_application_secret_count;
};
+
+static unsigned char serverinfov1[] = {
+ 0xff, 0xff, /* Dummy extension type */
+ 0x00, 0x01, /* Extension length is 1 byte */
+ 0xff /* Dummy extension data */
+};
+
+static unsigned char serverinfov2[] = {
+ 0x00, 0x00, 0x00,
+ (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
+ 0xff, 0xff, /* Dummy extension type */
+ 0x00, 0x01, /* Extension length is 1 byte */
+ 0xff /* Dummy extension data */
+};
+
static void client_keylog_callback(const SSL *ssl, const char *line)
{
int line_length = strlen(line);
{
int *ctr = arg;
const unsigned char *p;
+ int *exts;
/* We only configure two ciphers, but the SCSV is added automatically. */
#ifdef OPENSSL_NO_EC
const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
0x2c, 0x00, 0xff};
#endif
+ const int expected_extensions[] = {
+#ifndef OPENSSL_NO_EC
+ 11, 10,
+#endif
+ 35, 13, 22, 23};
size_t len;
/* Make sure we can defer processing and get called back. */
|| !TEST_size_t_eq(SSL_early_get0_compression_methods(s, &p), 1)
|| !TEST_int_eq(*p, 0))
return 0;
+ if (!SSL_early_get1_extensions_present(s, &exts, &len))
+ return 0;
+ if (len != OSSL_NELEM(expected_extensions) ||
+ memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
+ printf("Early callback expected ClientHello extensions mismatch\n");
+ OPENSSL_free(exts);
+ return 0;
+ }
+ OPENSSL_free(exts);
return 1;
}
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- SSL_SESSION *sess;
+ SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- SSL_SESSION *sess;
+ SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
- SSL_SESSION *sess;
+ SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
static int clntparsenewcb = 0;
static int srvaddnewcb = 0;
static int srvparsenewcb = 0;
+static int snicb = 0;
#define TEST_EXT_TYPE1 0xff00
return 1;
}
+
+static int sni_cb(SSL *s, int *al, void *arg)
+{
+ SSL_CTX *ctx = (SSL_CTX *)arg;
+
+ if (SSL_set_SSL_CTX(s, ctx) == NULL) {
+ *al = SSL_AD_INTERNAL_ERROR;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ snicb++;
+ return SSL_TLSEXT_ERR_OK;
+}
+
/*
* Custom call back tests.
* Test 0: Old style callbacks in TLSv1.2
* Test 1: New style callbacks in TLSv1.2
- * Test 2: New style callbacks in TLSv1.3. Extensions in CH and EE
- * Test 3: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
+ * Test 2: New style callbacks in TLSv1.2 with SNI
+ * Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
+ * Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
*/
static int test_custom_exts(int tst)
{
- SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
static int server = 1;
/* Reset callback counters */
clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
+ snicb = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(), &sctx,
&cctx, cert, privkey)))
goto end;
- if (tst < 2) {
+ if (tst == 2
+ && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL, &sctx2,
+ NULL, cert, privkey)))
+ goto end;
+
+
+ if (tst < 3) {
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
+ if (sctx2 != NULL)
+ SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
}
- if (tst == 3) {
+ if (tst == 4) {
context = SSL_EXT_CLIENT_HELLO
| SSL_EXT_TLS1_2_SERVER_HELLO
| SSL_EXT_TLS1_3_SERVER_HELLO
new_add_cb, new_free_cb,
&server, new_parse_cb, &server)))
goto end;
+ if (sctx2 != NULL
+ && !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
+ context, new_add_cb,
+ new_free_cb, &server,
+ new_parse_cb, &server)))
+ goto end;
}
/* Should not be able to add duplicates */
new_parse_cb, &server)))
goto end;
+ if (tst == 2) {
+ /* Set up SNI */
+ if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
+ || !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
+ goto end;
+ }
+
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
|| srvaddoldcb != 1
|| srvparseoldcb != 1)
goto end;
- } else if (tst == 1 || tst == 2) {
+ } else if (tst == 1 || tst == 2 || tst == 3) {
if (clntaddnewcb != 1
|| clntparsenewcb != 1
|| srvaddnewcb != 1
- || srvparsenewcb != 1)
+ || srvparsenewcb != 1
+ || (tst != 2 && snicb != 0)
+ || (tst == 2 && snicb != 1))
goto end;
} else {
if (clntaddnewcb != 1
SSL_free(clientssl);
serverssl = clientssl = NULL;
+ if (tst == 3) {
+ /* We don't bother with the resumption aspects for this test */
+ testresult = 1;
+ goto end;
+ }
+
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sess))
|| srvaddoldcb != 1
|| srvparseoldcb != 1)
goto end;
- } else if (tst == 1 || tst == 2) {
+ } else if (tst == 1 || tst == 2 || tst == 3) {
if (clntaddnewcb != 2
|| clntparsenewcb != 2
|| srvaddnewcb != 2
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
+ SSL_CTX_free(sctx2);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
+/*
+ * Test loading of serverinfo data in various formats. test_sslmessages actually
+ * tests to make sure the extensions appear in the handshake
+ */
+static int test_serverinfo(int tst)
+{
+ unsigned int version;
+ unsigned char *sibuf;
+ size_t sibuflen;
+ int ret, expected, testresult = 0;
+ SSL_CTX *ctx;
+
+ ctx = SSL_CTX_new(TLS_method());
+ if (!TEST_ptr(ctx))
+ goto end;
+
+ if ((tst & 0x01) == 0x01)
+ version = SSL_SERVERINFOV2;
+ else
+ version = SSL_SERVERINFOV1;
+
+ if ((tst & 0x02) == 0x02) {
+ sibuf = serverinfov2;
+ sibuflen = sizeof(serverinfov2);
+ expected = (version == SSL_SERVERINFOV2);
+ } else {
+ sibuf = serverinfov1;
+ sibuflen = sizeof(serverinfov1);
+ expected = (version == SSL_SERVERINFOV1);
+ }
+
+ if ((tst & 0x04) == 0x04) {
+ ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
+ } else {
+ ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
+
+ /*
+ * The version variable is irrelevant in this case - it's what is in the
+ * buffer that matters
+ */
+ if ((tst & 0x02) == 0x02)
+ expected = 0;
+ else
+ expected = 1;
+ }
+
+ if (!TEST_true(ret == expected))
+ goto end;
+
+ testresult = 1;
+
+ end:
+ SSL_CTX_free(ctx);
+
+ return testresult;
+}
+
int test_main(int argc, char *argv[])
{
int testresult = 1;
# endif
#endif
#ifndef OPENSSL_NO_TLS1_3
- ADD_ALL_TESTS(test_custom_exts, 4);
+ ADD_ALL_TESTS(test_custom_exts, 5);
#else
- ADD_ALL_TESTS(test_custom_exts, 2);
+ ADD_ALL_TESTS(test_custom_exts, 3);
#endif
+ ADD_ALL_TESTS(test_serverinfo, 8);
testresult = run_tests(argv[0]);