X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fssltest.c;h=5e2fed8e727c25de29f5ee1b7cee37ca358efe83;hp=cb764395cf4695d3aa4e40fc42aec513144e9dd8;hb=4fcdd66fff5fea0cfa1055c6680a76a4303f28a2;hpb=a898936218bc279b5d7cdf76d58a25e7a2d419cb diff --git a/ssl/ssltest.c b/ssl/ssltest.c index cb764395cf..5e2fed8e72 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -295,7 +295,7 @@ static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) static BIO *bio_err=NULL; static BIO *bio_stdout=NULL; -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG /* Note that this code assumes that this is only a one element list: */ static const char NEXT_PROTO_STRING[] = "\x09testproto"; int npn_client = 0; @@ -521,6 +521,16 @@ int custom_ext = 0; /* This set based on extension callbacks */ int custom_ext_error = 0; +/* Not IETF assigned supplemental data types */ +#define CUSTOM_SUPP_DATA_TYPE_0 100 +#define CUSTOM_SUPP_DATA_TYPE_1 101 +#define CUSTOM_SUPP_DATA_TYPE_2 102 + +const char supp_data_0_string[] = "00000"; + +int suppdata = 0; +int suppdata_error = 0; + static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, const unsigned char* in, unsigned short inlen, int* al, void* arg) @@ -726,6 +736,109 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, return 1; /* Send "defg" */ } +static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + *out = (const unsigned char*)supp_data_0_string; + *outlen = strlen(supp_data_0_string); + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) + suppdata_error = 1; + if (inlen != strlen(supp_data_0_string)) + suppdata_error = 1; + if (memcmp(in, supp_data_0_string, inlen) != 0) + suppdata_error = 1; + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + return -1; + } + +static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } + +static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } + +static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) + suppdata_error = 1; + if (inlen != strlen(supp_data_0_string)) + suppdata_error = 1; + if (memcmp(in, supp_data_0_string, inlen) != 0) + suppdata_error = 1; + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + *out = (const unsigned char*)supp_data_0_string; + *outlen = strlen(supp_data_0_string); + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } + +static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + return -1; + } + +static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } static char *cipher=NULL; static int verbose=0; @@ -801,7 +914,7 @@ static void sv_usage(void) " (default is sect163r2).\n"); #endif fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG fprintf(stderr," -npn_client - have client side offer NPN\n"); fprintf(stderr," -npn_server - have server side offer NPN\n"); fprintf(stderr," -npn_server_reject - have server reject NPN\n"); @@ -813,6 +926,7 @@ static void sv_usage(void) fprintf(stderr," -alpn_client - have client side offer ALPN\n"); fprintf(stderr," -alpn_server - have server side offer ALPN\n"); fprintf(stderr," -alpn_expected - the ALPN protocol that should be negotiated\n"); + fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -1211,7 +1325,7 @@ int main(int argc, char *argv[]) { test_cipherlist = 1; } -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-npn_client") == 0) { npn_client = 1; @@ -1257,6 +1371,10 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; alpn_expected = *(++argv); } + else if (strcmp(*argv,"-suppdata") == 0) + { + suppdata = 1; + } else { fprintf(stderr,"unknown option %s\n",*argv); @@ -1562,7 +1680,7 @@ bad: } #endif -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (npn_client) { SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL); @@ -1646,6 +1764,40 @@ bad: c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); + if (suppdata) + { + /* TEST CASES */ + /* client and server both send and receive, verify + * additional arg passed back */ + SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0, + supp_data_0_srv_first_cb, + supp_data_0_srv_second_cb, s_ssl); + SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0, + supp_data_0_cli_first_cb, + supp_data_0_cli_second_cb, c_ssl); + + /* -1 response from sending server/client doesn't + * receive, -1 response from sending client/server + * doesn't receive */ + SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1, + supp_data_1_srv_first_cb, + supp_data_1_srv_second_cb, NULL); + SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1, + supp_data_1_cli_first_cb, + supp_data_1_cli_second_cb, NULL); + + /* null sending server/client doesn't receive, null + sending client/server doesn't receive */ + SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2, + /*supp_data_2_srv_first_cb*/NULL, + supp_data_2_srv_second_cb, NULL); + SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2, + supp_data_2_cli_first_cb, + /*supp_data_2_cli_second_cb*/NULL, + NULL); + + /* alerts set to non-zero and zero return values not tested */ + } #ifndef OPENSSL_NO_KRB5 if (c_ssl && c_ssl->kssl_ctx) { @@ -2093,7 +2245,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (verbose) print_details(c_ssl, "DONE via BIO pair: "); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (verify_npn(c_ssl, s_ssl) < 0) { ret = 1; @@ -2412,13 +2564,18 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (verbose) print_details(c_ssl, "DONE: "); -#ifndef OPENSSL_NO_NPN +#ifndef OPENSSL_NO_NEXTPROTONEG if (verify_npn(c_ssl, s_ssl) < 0) { ret = 1; goto err; } #endif + if (suppdata_error < 0) + { + ret = 1; + goto err; + } if (verify_serverinfo() < 0) { ret = 1;