diff options
author | Bodo Möller <bodo@openssl.org> | 2007-09-21 06:54:24 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2007-09-21 06:54:24 +0000 |
commit | 761772d7e19145fa9afb2a0c830ead69a33f3fa5 (patch) | |
tree | f6fbfed11e54a5286025bf235889cca1cb87d503 /ssl/ssltest.c | |
parent | 54ef01b54bd64fdf5820d3860f4c458a9c2fa4f0 (diff) |
Implement the Opaque PRF Input TLS extension
(draft-rescorla-tls-opaque-prf-input-00.txt), and do some cleanups and
bugfixes on the way. In particular, this fixes the buffer bounds
checks in ssl_add_clienthello_tlsext() and in ssl_add_serverhello_tlsext().
Note that the opaque PRF Input TLS extension is not compiled by default;
see CHANGES.
Diffstat (limited to 'ssl/ssltest.c')
-rw-r--r-- | ssl/ssltest.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0be921f7f2..83a571d69b 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -422,6 +422,25 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) } } +#ifdef TLSEXT_TYPE_opaque_prf_input +struct cb_info_st { void *input; size_t len; int ret; }; +struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ +struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ +struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ +struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ + +int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) + { + struct cb_info_st *arg = arg_; + + if (arg == NULL) + return 1; + + if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) + return 0; + return arg->ret; + } +#endif int main(int argc, char *argv[]) { @@ -836,6 +855,13 @@ bad: SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); #endif +#ifdef TLSEXT_TYPE_opaque_prf_input + SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); + SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */ + SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ +#endif + if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); |