Merge pull request #943 from lolzballs/master

Add wrapper for SSL_CTX_set_psk_server_callback
author: Steven Fackler <[email protected]> 2018-06-17 15:47:00 -0700
committer: GitHub <[email protected]> 2018-06-17 15:47:00 -0700
commit: 6440ee04ef21e2e08e11017776f0d1543f5ce6bc (patch)
tree: 956606e02b949da9387730dba36523f0ff2745a2 /openssl/src/ssl/test.rs
parent: Merge pull request #946 from sfackler/libressl-accessors (diff)
parent: Disable TLSv1.3 for psk_ciphers test (diff)
download: rust-openssl-6440ee04ef21e2e08e11017776f0d1543f5ce6bc.tar.xz
rust-openssl-6440ee04ef21e2e08e11017776f0d1543f5ce6bc.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs
index e516e151..05938af4 100644
--- a/openssl/src/ssl/test.rs
+++ b/openssl/src/ssl/test.rs
@@ -1568,3 +1568,52 @@ fn stateless() {
     send(client_stream.get_mut(), server_stream.get_mut());
     hs(server_stream.handshake()).unwrap();
 }
+
+#[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
+#[test]
+fn psk_ciphers() {
+    const CIPHER: &'static str = "PSK-AES128-CBC-SHA";
+    const PSK: &[u8] = b"thisisaverysecurekey";
+    const CLIENT_IDENT: &[u8] = b"thisisaclient";
+    static CLIENT_CALLED: AtomicBool = ATOMIC_BOOL_INIT;
+    static SERVER_CALLED: AtomicBool = ATOMIC_BOOL_INIT;
+
+    let listener = TcpListener::bind("127.0.0.1:0").unwrap();
+    let port = listener.local_addr().unwrap().port();
+
+    thread::spawn(move || {
+        let stream = listener.accept().unwrap().0;
+        let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+        ctx.set_cipher_list(CIPHER).unwrap();
+        ctx.set_psk_server_callback(move |_, identity, psk| {
+            assert!(identity.unwrap_or(&[]) == CLIENT_IDENT);
+            psk[..PSK.len()].copy_from_slice(&PSK);
+            SERVER_CALLED.store(true, Ordering::SeqCst);
+            Ok(PSK.len())
+        });
+        let ssl = Ssl::new(&ctx.build()).unwrap();
+        ssl.accept(stream).unwrap();
+    });
+
+    let stream = TcpStream::connect(("127.0.0.1", port)).unwrap();
+    let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
+    // TLS 1.3 has no DH suites, and openssl isn't happy if the max version has no suites :(
+    #[cfg(ossl111)]
+    {
+        ctx.set_options(super::SslOptions {
+            bits: ::ffi::SSL_OP_NO_TLSv1_3,
+        });
+    }
+    ctx.set_cipher_list(CIPHER).unwrap();
+    ctx.set_psk_client_callback(move |_, _, identity, psk| {
+        identity[..CLIENT_IDENT.len()].copy_from_slice(&CLIENT_IDENT);
+        identity[CLIENT_IDENT.len()] = 0;
+        psk[..PSK.len()].copy_from_slice(&PSK);
+        CLIENT_CALLED.store(true, Ordering::SeqCst);
+        Ok(PSK.len())
+    });
+    let ssl = Ssl::new(&ctx.build()).unwrap();
+    ssl.connect(stream).unwrap();
+
+    assert!(CLIENT_CALLED.load(Ordering::SeqCst) && SERVER_CALLED.load(Ordering::SeqCst));
+}
author	Steven Fackler <[email protected]>	2018-06-17 15:47:00 -0700
committer	GitHub <[email protected]>	2018-06-17 15:47:00 -0700
commit	6440ee04ef21e2e08e11017776f0d1543f5ce6bc (patch)
tree	956606e02b949da9387730dba36523f0ff2745a2 /openssl/src/ssl/test.rs
parent	Merge pull request #946 from sfackler/libressl-accessors (diff)
parent	Disable TLSv1.3 for psk_ciphers test (diff)
download	rust-openssl-6440ee04ef21e2e08e11017776f0d1543f5ce6bc.tar.xz rust-openssl-6440ee04ef21e2e08e11017776f0d1543f5ce6bc.zip