X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=ssl%2Fssltest.c;h=efcd6686b8bace67c445693c4363c45c0eb51a4c;hb=b948ee27b0206a392bfd7340779b29ed9375e197;hp=5e2fed8e727c25de29f5ee1b7cee37ca358efe83;hpb=2911575c6e790541e495927a60121d7546a66962;p=openssl.git diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 5e2fed8e72..efcd6686b8 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -521,16 +521,6 @@ int custom_ext = 0; /* This set based on extension callbacks */ int custom_ext_error = 0; -/* Not IETF assigned supplemental data types */ -#define CUSTOM_SUPP_DATA_TYPE_0 100 -#define CUSTOM_SUPP_DATA_TYPE_1 101 -#define CUSTOM_SUPP_DATA_TYPE_2 102 - -const char supp_data_0_string[] = "00000"; - -int suppdata = 0; -int suppdata_error = 0; - static int serverinfo_cli_cb(SSL* s, unsigned short ext_type, const unsigned char* in, unsigned short inlen, int* al, void* arg) @@ -564,7 +554,7 @@ static int verify_serverinfo() static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_0) custom_ext_error = 1; @@ -576,13 +566,12 @@ static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type, unsigned short inlen, int *al, void *arg) { - custom_ext_error = 1; /* Shouldn't be called */ - return 0; + return 1; } static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -596,13 +585,12 @@ static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type, unsigned short inlen, int *al, void *arg) { - custom_ext_error = 1; /* Shouldn't be called */ - return 0; + return 1; } static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_2) custom_ext_error = 1; @@ -625,7 +613,7 @@ static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { if (ext_type != CUSTOM_EXT_TYPE_3) custom_ext_error = 1; @@ -648,28 +636,27 @@ static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type, return 1; } - +/* custom_ext_0_cli_first_cb returns -1 - the server won't receive a callback for this extension */ static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type, const unsigned char *in, unsigned short inlen, int *al, void *arg) { - custom_ext_error = 1; - return 0; /* Shouldn't be called */ + return 1; } +/* 'generate' callbacks are always called, even if the 'receive' callback isn't called */ static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { - custom_ext_error = 1; - return 0; /* Shouldn't be called */ + return -1; /* Don't send an extension */ } static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) + const unsigned char *in, + unsigned short inlen, int *al, + void *arg) { if (ext_type != CUSTOM_EXT_TYPE_1) custom_ext_error = 1; @@ -683,7 +670,7 @@ static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { return -1; /* Don't send an extension */ } @@ -705,7 +692,7 @@ static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { *out = NULL; *outlen = 0; @@ -729,117 +716,13 @@ static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type, static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type, const unsigned char **out, - unsigned short *outlen, void *arg) + unsigned short *outlen, int *al, void *arg) { *out = (const unsigned char*)custom_ext_srv_string; *outlen = strlen(custom_ext_srv_string); return 1; /* Send "defg" */ } -static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, void *arg) - { - *out = (const unsigned char*)supp_data_0_string; - *outlen = strlen(supp_data_0_string); - if (arg != s) - suppdata_error = 1; - return 1; - } - -static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) - suppdata_error = 1; - if (inlen != strlen(supp_data_0_string)) - suppdata_error = 1; - if (memcmp(in, supp_data_0_string, inlen) != 0) - suppdata_error = 1; - if (arg != s) - suppdata_error = 1; - return 1; - } - -static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, void *arg) - { - return -1; - } - -static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - suppdata_error = 1; - return 1; - } - -static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - suppdata_error = 1; - return 1; - } - -static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0) - suppdata_error = 1; - if (inlen != strlen(supp_data_0_string)) - suppdata_error = 1; - if (memcmp(in, supp_data_0_string, inlen) != 0) - suppdata_error = 1; - if (arg != s) - suppdata_error = 1; - return 1; - } - -static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, void *arg) - { - *out = (const unsigned char*)supp_data_0_string; - *outlen = strlen(supp_data_0_string); - if (arg != s) - suppdata_error = 1; - return 1; - } - -static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - suppdata_error = 1; - return 1; - } - -static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type, - const unsigned char **out, - unsigned short *outlen, void *arg) - { - return -1; - } - -static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type, - const unsigned char *in, - unsigned short inlen, int *al, - void *arg) - { - suppdata_error = 1; - return 1; - } - static char *cipher=NULL; static int verbose=0; static int debug=0; @@ -926,7 +809,6 @@ static void sv_usage(void) fprintf(stderr," -alpn_client - have client side offer ALPN\n"); fprintf(stderr," -alpn_server - have server side offer ALPN\n"); fprintf(stderr," -alpn_expected - the ALPN protocol that should be negotiated\n"); - fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n"); } static void print_details(SSL *c_ssl, const char *prefix) @@ -1371,10 +1253,6 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; alpn_expected = *(++argv); } - else if (strcmp(*argv,"-suppdata") == 0) - { - suppdata = 1; - } else { fprintf(stderr,"unknown option %s\n",*argv); @@ -1510,6 +1388,11 @@ bad: ERR_print_errors(bio_err); goto end; } + /* Since we will use low security ciphersuites and keys for + * testing set security level to zero. + */ + SSL_CTX_set_security_level(c_ctx, 0); + SSL_CTX_set_security_level(s_ctx, 0); if (cipher != NULL) { @@ -1764,40 +1647,6 @@ bad: c_ssl=SSL_new(c_ctx); s_ssl=SSL_new(s_ctx); - if (suppdata) - { - /* TEST CASES */ - /* client and server both send and receive, verify - * additional arg passed back */ - SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0, - supp_data_0_srv_first_cb, - supp_data_0_srv_second_cb, s_ssl); - SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0, - supp_data_0_cli_first_cb, - supp_data_0_cli_second_cb, c_ssl); - - /* -1 response from sending server/client doesn't - * receive, -1 response from sending client/server - * doesn't receive */ - SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1, - supp_data_1_srv_first_cb, - supp_data_1_srv_second_cb, NULL); - SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1, - supp_data_1_cli_first_cb, - supp_data_1_cli_second_cb, NULL); - - /* null sending server/client doesn't receive, null - sending client/server doesn't receive */ - SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2, - /*supp_data_2_srv_first_cb*/NULL, - supp_data_2_srv_second_cb, NULL); - SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2, - supp_data_2_cli_first_cb, - /*supp_data_2_cli_second_cb*/NULL, - NULL); - - /* alerts set to non-zero and zero return values not tested */ - } #ifndef OPENSSL_NO_KRB5 if (c_ssl && c_ssl->kssl_ctx) { @@ -2299,7 +2148,8 @@ end: int doit(SSL *s_ssl, SSL *c_ssl, long count) { - MS_STATIC char cbuf[1024*8],sbuf[1024*8]; + char *cbuf=NULL,*sbuf=NULL; + long bufsiz; long cw_num=count,cr_num=count; long sw_num=count,sr_num=count; int ret=1; @@ -2312,9 +2162,15 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) int done=0; int c_write,s_write; int do_server=0,do_client=0; + int max_frag = 5*1024; + + bufsiz = count>40*1024 ? 40*1024 : count; + + if ((cbuf = OPENSSL_malloc(bufsiz))==NULL) goto err; + if ((sbuf = OPENSSL_malloc(bufsiz))==NULL) goto err; - memset(cbuf,0,sizeof(cbuf)); - memset(sbuf,0,sizeof(sbuf)); + memset(cbuf,0,bufsiz); + memset(sbuf,0,bufsiz); c_to_s=BIO_new(BIO_s_mem()); s_to_c=BIO_new(BIO_s_mem()); @@ -2334,10 +2190,12 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) SSL_set_connect_state(c_ssl); SSL_set_bio(c_ssl,s_to_c,c_to_s); + SSL_set_max_send_fragment(c_ssl,max_frag); BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); SSL_set_accept_state(s_ssl); SSL_set_bio(s_ssl,c_to_s,s_to_c); + SSL_set_max_send_fragment(s_ssl,max_frag); BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); c_r=0; s_r=1; @@ -2388,8 +2246,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) { if (c_write) { - j = (cw_num > (long)sizeof(cbuf)) ? - (int)sizeof(cbuf) : (int)cw_num; + j = (cw_num > bufsiz) ? + (int)bufsiz : (int)cw_num; i=BIO_write(c_bio,cbuf,j); if (i < 0) { @@ -2422,11 +2280,13 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) s_r=1; c_write=0; cw_num-=i; + if (max_frag>1029) + SSL_set_max_send_fragment(c_ssl,max_frag-=5); } } else { - i=BIO_read(c_bio,cbuf,sizeof(cbuf)); + i=BIO_read(c_bio,cbuf,bufsiz); if (i < 0) { c_r=0; @@ -2474,7 +2334,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) { if (!s_write) { - i=BIO_read(s_bio,sbuf,sizeof(cbuf)); + i=BIO_read(s_bio,sbuf,bufsiz); if (i < 0) { s_r=0; @@ -2519,8 +2379,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) } else { - j = (sw_num > (long)sizeof(sbuf)) ? - (int)sizeof(sbuf) : (int)sw_num; + j = (sw_num > bufsiz) ? + (int)bufsiz : (int)sw_num; i=BIO_write(s_bio,sbuf,j); if (i < 0) { @@ -2555,6 +2415,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) c_r=1; if (sw_num <= 0) done|=S_DONE; + if (max_frag>1029) + SSL_set_max_send_fragment(s_ssl,max_frag-=5); } } } @@ -2571,11 +2433,6 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) goto err; } #endif - if (suppdata_error < 0) - { - ret = 1; - goto err; - } if (verify_serverinfo() < 0) { ret = 1; @@ -2610,6 +2467,10 @@ err: if (s_to_c != NULL) BIO_free(s_to_c); if (c_bio != NULL) BIO_free_all(c_bio); if (s_bio != NULL) BIO_free_all(s_bio); + + if (cbuf) OPENSSL_free(cbuf); + if (sbuf) OPENSSL_free(sbuf); + return(ret); }