diff options
author | Scott Deboy <sdeboy@secondstryke.com> | 2013-06-18 14:34:38 -0700 |
---|---|---|
committer | Scott Deboy <sdeboy@secondstryke.com> | 2014-02-08 16:12:15 -0800 |
commit | 038bec784e528ce273169f178c35991fbc3bea92 (patch) | |
tree | be8a71c2c534db29ea7ee31f1207be9b976b0698 /ssl/ssltest.c | |
parent | f407eec799f1f5d271b809875f016f680935567b (diff) |
Add callbacks supporting generation and retrieval of supplemental data entries, facilitating RFC 5878 (TLS auth extensions)
Removed prior audit proof logic - audit proof support was implemented using the generic TLS extension API
Tests exercising the new supplemental data registration and callback api can be found in ssltest.c.
Implemented changes to s_server and s_client to exercise supplemental data callbacks via the -auth argument, as well as additional flags to exercise supplemental data being sent only during renegotiation.
(cherry picked from commit 36086186a9b90cdad0d2cd0a598a10f03f8f4bcc)
Conflicts:
Configure
apps/s_client.c
apps/s_server.c
ssl/ssl.h
ssl/ssl3.h
ssl/ssltest.c
Diffstat (limited to 'ssl/ssltest.c')
-rw-r--r-- | ssl/ssltest.c | 141 |
1 files changed, 140 insertions, 1 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c126eb627b..3755e06905 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -446,6 +446,16 @@ int custom_ext = 0; /* This set based on extension callbacks */ int custom_ext_error = 0; +/*Not IETF assigned supplemental data types*/ +#define CUSTOM_SUPP_DATA_TYPE_0 100 +#define CUSTOM_SUPP_DATA_TYPE_1 101 +#define CUSTOM_SUPP_DATA_TYPE_2 102 + +const char supp_data_0_string[] = "00000"; + +int suppdata = 0; +int suppdata_error = 0; + static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, const unsigned char* in, unsigned short inlen, int* al, void* arg) @@ -651,6 +661,109 @@ static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, return 1; /* Send "defg" */ } +static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + *out = (const unsigned char*)supp_data_0_string; + *outlen = strlen(supp_data_0_string); + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) + suppdata_error = 1; + if (inlen != strlen(supp_data_0_string)) + suppdata_error = 1; + if (memcmp(in, supp_data_0_string, inlen) != 0) + suppdata_error = 1; + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + return -1; + } + +static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } + +static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } + +static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) + suppdata_error = 1; + if (inlen != strlen(supp_data_0_string)) + suppdata_error = 1; + if (memcmp(in, supp_data_0_string, inlen) != 0) + suppdata_error = 1; + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + *out = (const unsigned char*)supp_data_0_string; + *outlen = strlen(supp_data_0_string); + if (arg != s) + suppdata_error = 1; + return 1; + } + +static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } + +static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, + const unsigned char **out, + unsigned short *outlen, void *arg) + { + return -1; + } + +static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) + { + suppdata_error = 1; + return 1; + } static char *cipher=NULL; static int verbose=0; @@ -738,6 +851,7 @@ static void sv_usage(void) fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n"); fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n"); fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n"); + fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -1241,6 +1355,10 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; alpn_expected = *(++argv); } + else if (strcmp(*argv,"-suppdata") == 0) + { + suppdata = 1; + } else { fprintf(stderr,"unknown option %s\n",*argv); @@ -1647,6 +1765,23 @@ bad: c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); + if (suppdata) + { + //TEST CASES + //client and server both send and receive, verify additional arg passed back + SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0, supp_data_0_srv_first_cb, supp_data_0_srv_second_cb, s_ssl); + SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0, supp_data_0_cli_first_cb, supp_data_0_cli_second_cb, c_ssl); + + //-1 response from sending server/client doesn't receive, -1 response from sending client/server doesn't receive + SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1, supp_data_1_srv_first_cb, supp_data_1_srv_second_cb, NULL); + SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1, supp_data_1_cli_first_cb, supp_data_1_cli_second_cb, NULL); + + //null sending server/client doesn't receive, null sending client/server doesn't receive + SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2, /*supp_data_2_srv_first_cb*/NULL, supp_data_2_srv_second_cb, NULL); + SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2, supp_data_2_cli_first_cb, /*supp_data_2_cli_second_cb*/NULL, NULL); + + //alerts set to non-zero and zero return values not tested + } #ifndef OPENSSL_NO_KRB5 if (c_ssl && c_ssl->kssl_ctx) { @@ -2411,7 +2546,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (verbose) print_details(c_ssl, "DONE: "); - + if (suppdata_error < 0) + { + ret = 1; + goto err; + } if (verify_serverinfo() < 0) { ret = 1; |