X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=test%2Fssltest_old.c;h=d45b2786d31bfc55790dfcd6095bdf73333a95d3;hb=50e09788d54c5b700c39a53725c3d51b21cf536e;hp=9e3bb7a83d4891593ffa9dfd70b2a015ba54ae54;hpb=b99fe5f4927b305bae88daac2484c284fe749329;p=openssl.git diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 9e3bb7a83d..d45b2786d3 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1,14 +1,22 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* + * DH low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include "e_os.h" + /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #ifndef _BSD_SOURCE # define _BSD_SOURCE 1 @@ -25,10 +33,7 @@ #include #include -#include - -#define USE_SOCKETS -#include "e_os.h" +#include "internal/nelem.h" #ifdef OPENSSL_SYS_VMS /* @@ -60,6 +65,7 @@ #ifndef OPENSSL_NO_CT # include #endif +#include /* * Or gethostname won't be declared properly @@ -72,9 +78,12 @@ #ifdef OPENSSL_SYS_WINDOWS # include #else -# include OPENSSL_UNISTD +# include #endif +DEFINE_STACK_OF(SSL_COMP) +DEFINE_STACK_OF_STRING() + static SSL_CTX *s_ctx = NULL; static SSL_CTX *s_ctx2 = NULL; @@ -282,7 +291,7 @@ static unsigned char *next_protos_parse(size_t *outlen, OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; @@ -424,7 +433,7 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, return 1; } -static int verify_serverinfo() +static int verify_serverinfo(void) { if (serverinfo_sct != serverinfo_sct_seen) return -1; @@ -613,6 +622,7 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, } static char *cipher = NULL; +static char *ciphersuites = NULL; static int verbose = 0; static int debug = 0; @@ -672,7 +682,8 @@ static void sv_usage(void) fprintf(stderr, " -c_cert arg - Client certificate file\n"); fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n"); + fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n"); fprintf(stderr, " -bio_pair - Use BIO pairs\n"); fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n"); fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); @@ -718,6 +729,8 @@ static void sv_usage(void) fprintf(stderr, " -client_sess_in - Read the client session from a file\n"); fprintf(stderr, " -should_reuse - The expected state of reusing the session\n"); fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n"); + fprintf(stderr, " -provider - Load the given provider into the library context\n"); + fprintf(stderr, " -config - Load the given config file into the library context\n"); } static void print_key_details(BIO *out, EVP_PKEY *key) @@ -778,7 +791,7 @@ static void print_details(SSL *c_ssl, const char *prefix) } X509_free(cert); } - if (SSL_get_server_tmp_key(c_ssl, &pkey)) { + if (SSL_get_peer_tmp_key(c_ssl, &pkey)) { BIO_puts(bio_stdout, ", temp key: "); print_key_details(bio_stdout, pkey); EVP_PKEY_free(pkey); @@ -883,7 +896,6 @@ int main(int argc, char *argv[]) int server_auth = 0, i; struct app_verify_arg app_verify_arg = { APP_CALLBACK_STRING, 0 }; - char *p; SSL_CTX *c_ctx = NULL; const SSL_METHOD *meth = NULL; SSL *c_ssl, *s_ssl; @@ -916,18 +928,14 @@ int main(int argc, char *argv[]) SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL; STACK_OF(OPENSSL_STRING) *conf_args = NULL; char *arg = NULL, *argn = NULL; + const char *provider = NULL, *config = NULL; + OSSL_PROVIDER *thisprov = NULL, *defctxnull = NULL; + OPENSSL_CTX *libctx = NULL; verbose = 0; debug = 0; - cipher = 0; bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - p = getenv("OPENSSL_DEBUG_MEMORY"); - if (p != NULL && strcmp(p, "on") == 0) - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -1047,6 +1055,10 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; cipher = *(++argv); + } else if (strcmp(*argv, "-ciphersuites") == 0) { + if (--argc < 1) + goto bad; + ciphersuites = *(++argv); } else if (strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; @@ -1180,6 +1192,14 @@ int main(int argc, char *argv[]) should_reuse = !!atoi(*(++argv)); } else if (strcmp(*argv, "-no_ticket") == 0) { no_ticket = 1; + } else if (strcmp(*argv, "-provider") == 0) { + if (--argc < 1) + goto bad; + provider = *(++argv); + } else if (strcmp(*argv, "-config") == 0) { + if (--argc < 1) + goto bad; + config = *(++argv); } else { int rv; arg = argv[0]; @@ -1326,23 +1346,47 @@ int main(int argc, char *argv[]) } else if (tls1_2) { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; + } else { + min_version = 0; + max_version = 0; } #endif #ifndef OPENSSL_NO_DTLS - if (dtls || dtls1 || dtls12) + if (dtls || dtls1 || dtls12) { meth = DTLS_method(); - if (dtls1) { - min_version = DTLS1_VERSION; - max_version = DTLS1_VERSION; - } else if (dtls12) { - min_version = DTLS1_2_VERSION; - max_version = DTLS1_2_VERSION; + if (dtls1) { + min_version = DTLS1_VERSION; + max_version = DTLS1_VERSION; + } else if (dtls12) { + min_version = DTLS1_2_VERSION; + max_version = DTLS1_2_VERSION; + } else { + min_version = 0; + max_version = 0; + } } #endif - c_ctx = SSL_CTX_new(meth); - s_ctx = SSL_CTX_new(meth); - s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */ + if (provider != NULL) { + defctxnull = OSSL_PROVIDER_load(NULL, "null"); + if (defctxnull == NULL) + goto end; + libctx = OPENSSL_CTX_new(); + if (libctx == NULL) + goto end; + + if (config != NULL + && !OPENSSL_CTX_load_config(libctx, config)) + goto end; + + thisprov = OSSL_PROVIDER_load(libctx, provider); + if (thisprov == NULL) + goto end; + } + + c_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth); + s_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth); + s_ctx2 = SSL_CTX_new_with_libctx(libctx, NULL, meth); /* no SSL_CTX_dup! */ if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) { ERR_print_errors(bio_err); goto end; @@ -1371,9 +1415,58 @@ int main(int argc, char *argv[]) goto end; if (cipher != NULL) { - if (!SSL_CTX_set_cipher_list(c_ctx, cipher) - || !SSL_CTX_set_cipher_list(s_ctx, cipher) - || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + if (strcmp(cipher, "") == 0) { + if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) { + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) { + ERR_clear_error(); + } else { + ERR_print_errors(bio_err); + goto end; + } + } else { + /* Should have failed when clearing all TLSv1.2 ciphers. */ + fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n"); + goto end; + } + + if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) { + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) { + ERR_clear_error(); + } else { + ERR_print_errors(bio_err); + goto end; + } + } else { + /* Should have failed when clearing all TLSv1.2 ciphers. */ + fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n"); + goto end; + } + + if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) { + ERR_clear_error(); + } else { + ERR_print_errors(bio_err); + goto end; + } + } else { + /* Should have failed when clearing all TLSv1.2 ciphers. */ + fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n"); + goto end; + } + } else { + if (!SSL_CTX_set_cipher_list(c_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx, cipher) + || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) { + ERR_print_errors(bio_err); + goto end; + } + } + } + if (ciphersuites != NULL) { + if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) { ERR_print_errors(bio_err); goto end; } @@ -1432,12 +1525,15 @@ int main(int argc, char *argv[]) (void)no_dhe; #endif - if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(s_ctx)) || - (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(s_ctx2)) || - (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || - (!SSL_CTX_set_default_verify_paths(c_ctx))) { + if (!(SSL_CTX_load_verify_file(s_ctx, CAfile) + || SSL_CTX_load_verify_dir(s_ctx, CApath)) + || !SSL_CTX_set_default_verify_paths(s_ctx) + || !(SSL_CTX_load_verify_file(s_ctx2, CAfile) + || SSL_CTX_load_verify_dir(s_ctx2, CApath)) + || !SSL_CTX_set_default_verify_paths(s_ctx2) + || !(SSL_CTX_load_verify_file(c_ctx, CAfile) + || SSL_CTX_load_verify_dir(c_ctx, CApath)) + || !SSL_CTX_set_default_verify_paths(c_ctx)) { ERR_print_errors(bio_err); } @@ -1472,9 +1568,9 @@ int main(int argc, char *argv[]) { int session_id_context = 0; if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof session_id_context) || + sizeof(session_id_context)) || !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof session_id_context)) { + sizeof(session_id_context))) { ERR_print_errors(bio_err); goto end; } @@ -1797,10 +1893,10 @@ int main(int argc, char *argv[]) SSL_SESSION_free(server_sess); SSL_SESSION_free(client_sess); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = EXIT_FAILURE; -#endif + OSSL_PROVIDER_unload(defctxnull); + OSSL_PROVIDER_unload(thisprov); + OPENSSL_CTX_free(libctx); + BIO_free(bio_err); EXIT(ret); } @@ -1817,7 +1913,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, int err_in_client = 0; int err_in_server = 0; - acpt = BIO_new_accept("0"); + acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0" + : "[::1]:0"); if (acpt == NULL) goto err; BIO_set_accept_ip_family(acpt, family); @@ -1916,8 +2013,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -1995,8 +2092,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2178,8 +2275,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -2257,8 +2354,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2751,7 +2848,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), - buf, sizeof buf); + buf, sizeof(buf)); if (s != NULL) { if (ok) printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); @@ -2816,7 +2913,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) * $ openssl dhparam -C -noout -dsaparam 1024 * (The third function has been renamed to avoid name conflicts.) */ -static DH *get_dh512() +static DH *get_dh512(void) { static unsigned char dh512_p[] = { 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, @@ -2850,7 +2947,7 @@ static DH *get_dh512() return dh; } -static DH *get_dh1024() +static DH *get_dh1024(void) { static unsigned char dh1024_p[] = { 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, @@ -2894,7 +2991,7 @@ static DH *get_dh1024() return dh; } -static DH *get_dh1024dsa() +static DH *get_dh1024dsa(void) { static unsigned char dh1024_p[] = { 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,