From 41676bfd86edd39a51f2b893cfe450dfcdb45964 Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@google.com>
Date: Tue, 12 Jan 2021 16:10:46 -0500
Subject: [PATCH] Test that ALPS can be deferred to the ALPN callback.

This wasn't the cause of the bug, but I noticed we never tested it, so
fill that in.

Change-Id: Ib38bc08309e69f43c1995ba2a387643c0a7bae99
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44984
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
---
 ssl/test/runner/runner.go | 32 ++++++++++++++++++++++++++++++++
 ssl/test/test_config.cc   | 30 +++++++++++++++++++++++-------
 ssl/test/test_config.h    |  1 +
 3 files changed, 56 insertions(+), 7 deletions(-)

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index 6f1f0ab64..5dacff407 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -7008,6 +7008,38 @@ func addExtensionTests() {
 				},
 			})
 
+			// Test that the server can defer its ALPS configuration to the ALPN
+			// selection callback.
+			testCases = append(testCases, testCase{
+				testType: serverTest,
+				name:     "ALPS-Basic-Server-Defer-" + ver.name,
+				config: Config{
+					MaxVersion:          ver.version,
+					NextProtos:          []string{"proto"},
+					ApplicationSettings: map[string][]byte{"proto": []byte("runner1")},
+				},
+				resumeConfig: &Config{
+					MaxVersion:          ver.version,
+					NextProtos:          []string{"proto"},
+					ApplicationSettings: map[string][]byte{"proto": []byte("runner2")},
+				},
+				resumeSession: true,
+				expectations: connectionExpectations{
+					peerApplicationSettings: []byte("shim1"),
+				},
+				resumeExpectations: &connectionExpectations{
+					peerApplicationSettings: []byte("shim2"),
+				},
+				flags: []string{
+					"-select-alpn", "proto",
+					"-defer-alps",
+					"-on-initial-application-settings", "proto,shim1",
+					"-on-initial-expect-peer-application-settings", "runner1",
+					"-on-resume-application-settings", "proto,shim2",
+					"-on-resume-expect-peer-application-settings", "runner2",
+				},
+			})
+
 			// Test the client and server correctly handle empty settings.
 			testCases = append(testCases, testCase{
 				testType: clientTest,
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index e321ff3a7..eb863ebf3 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -74,6 +74,7 @@ const Flag<bool> kBoolFlags[] = {
     {"-expect-session-miss", &TestConfig::expect_session_miss},
     {"-decline-alpn", &TestConfig::decline_alpn},
     {"-select-empty-alpn", &TestConfig::select_empty_alpn},
+    {"-defer-alps", &TestConfig::defer_alps},
     {"-expect-extended-master-secret",
      &TestConfig::expect_extended_master_secret},
     {"-enable-ocsp-stapling", &TestConfig::enable_ocsp_stapling},
@@ -675,6 +676,19 @@ static int AlpnSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *outlen,
     exit(1);
   }
 
+  if (config->defer_alps) {
+    for (const auto &pair : config->application_settings) {
+      if (!SSL_add_application_settings(
+              ssl, reinterpret_cast<const uint8_t *>(pair.first.data()),
+              pair.first.size(),
+              reinterpret_cast<const uint8_t *>(pair.second.data()),
+              pair.second.size())) {
+        fprintf(stderr, "error configuring ALPS.\n");
+        exit(1);
+      }
+    }
+  }
+
   assert(config->select_alpn.empty() || !config->select_empty_alpn);
   *out = (const uint8_t *)config->select_alpn.data();
   *outlen = config->select_alpn.size();
@@ -1606,13 +1620,15 @@ bssl::UniquePtr<SSL> TestConfig::NewSSL(
           advertise_alpn.size()) != 0) {
     return nullptr;
   }
-  for (const auto &pair : application_settings) {
-    if (!SSL_add_application_settings(
-            ssl.get(), reinterpret_cast<const uint8_t *>(pair.first.data()),
-            pair.first.size(),
-            reinterpret_cast<const uint8_t *>(pair.second.data()),
-            pair.second.size())) {
-      return nullptr;
+  if (!defer_alps) {
+    for (const auto &pair : application_settings) {
+      if (!SSL_add_application_settings(
+              ssl.get(), reinterpret_cast<const uint8_t *>(pair.first.data()),
+              pair.first.size(),
+              reinterpret_cast<const uint8_t *>(pair.second.data()),
+              pair.second.size())) {
+        return nullptr;
+      }
     }
   }
   if (!psk.empty()) {
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index 93aab2450..67cab951c 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -69,6 +69,7 @@ struct TestConfig {
   std::string select_alpn;
   bool decline_alpn = false;
   bool select_empty_alpn = false;
+  bool defer_alps = false;
   std::vector<std::pair<std::string, std::string>> application_settings;
   std::unique_ptr<std::string> expect_peer_application_settings;
   std::string quic_transport_params;