* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
* err: (maybe NULL) on failure, an error message line is written to this BIO.
- * in: a NUL termianted string like "abc,def,ghi"
+ * in: a NUL terminated string like "abc,def,ghi"
*
* returns: a malloced buffer or NULL on failure.
*/
/* This set based on extension callbacks */
int custom_ext_error = 0;
-/* Not IETF assigned supplemental data types */
-#define CUSTOM_SUPP_DATA_TYPE_0 100
-#define CUSTOM_SUPP_DATA_TYPE_1 101
-#define CUSTOM_SUPP_DATA_TYPE_2 102
-
-const char supp_data_0_string[] = "00000";
-
-int suppdata = 0;
-int suppdata_error = 0;
-
-static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
- const unsigned char* in, unsigned short inlen,
- int* al, void* arg)
+static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
+ const unsigned char *in, size_t inlen,
+ int *al, void *arg)
{
if (ext_type == SCT_EXT_TYPE)
serverinfo_sct_seen++;
* 3 - ClientHello with "abc", "defg" response
*/
-static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_0)
custom_ext_error = 1;
- return -1; /* Don't send an extension */
+ return 0; /* Don't send an extension */
}
-static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
- custom_ext_error = 1; /* Shouldn't be called */
- return 0;
+ return 1;
}
-static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1;
return 1; /* Send "abc" */
}
-static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
- custom_ext_error = 1; /* Shouldn't be called */
- return 0;
+ return 1;
}
-static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1;
return 1; /* Send "abc" */
}
-static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
return 1;
}
-static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1;
return 1; /* Send "abc" */
}
-static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
return 1;
}
-
-static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
+/* custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback for this extension */
+static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
custom_ext_error = 1;
- return 0; /* Shouldn't be called */
+ return 1;
}
-static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
+/* 'add' callbacks are only called if the 'parse' callback is called */
+static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
+ /* Error: should not have been called */
custom_ext_error = 1;
- return 0; /* Shouldn't be called */
+ return 0; /* Don't send an extension */
}
-static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
+static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
+ const unsigned char *in,
+ size_t inlen, int *al,
+ void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1;
return 1;
}
-static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
- return -1; /* Don't send an extension */
+ return 0; /* Don't send an extension */
}
-static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
return 1;
}
-static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
*out = NULL;
*outlen = 0;
return 1; /* Send empty extension */
}
-static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
return 1;
}
-static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
*out = (const unsigned char*)custom_ext_srv_string;
*outlen = strlen(custom_ext_srv_string);
return 1; /* Send "defg" */
}
-static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char **out,
- unsigned short *outlen, void *arg)
- {
- *out = (const unsigned char*)supp_data_0_string;
- *outlen = strlen(supp_data_0_string);
- if (arg != s)
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
- {
- if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
- suppdata_error = 1;
- if (inlen != strlen(supp_data_0_string))
- suppdata_error = 1;
- if (memcmp(in, supp_data_0_string, inlen) != 0)
- suppdata_error = 1;
- if (arg != s)
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char **out,
- unsigned short *outlen, void *arg)
- {
- return -1;
- }
-
-static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
- {
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
- {
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
- {
- if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
- suppdata_error = 1;
- if (inlen != strlen(supp_data_0_string))
- suppdata_error = 1;
- if (memcmp(in, supp_data_0_string, inlen) != 0)
- suppdata_error = 1;
- if (arg != s)
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char **out,
- unsigned short *outlen, void *arg)
- {
- *out = (const unsigned char*)supp_data_0_string;
- *outlen = strlen(supp_data_0_string);
- if (arg != s)
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
- {
- suppdata_error = 1;
- return 1;
- }
-
-static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char **out,
- unsigned short *outlen, void *arg)
- {
- return -1;
- }
-
-static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
- {
- suppdata_error = 1;
- return 1;
- }
-
static char *cipher=NULL;
static int verbose=0;
static int debug=0;
fprintf(stderr," -client_auth - do client authentication\n");
fprintf(stderr," -proxy - allow proxy certificates\n");
fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
- fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
+ fprintf(stderr," -proxy_cond <val> - expression to test proxy policy rights\n");
fprintf(stderr," -v - more output\n");
fprintf(stderr," -d - debug output\n");
fprintf(stderr," -reuse - use session-id reuse\n");
#ifndef OPENSSL_NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr," -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
" Use \"openssl ecparam -list_curves\" for all names\n" \
" (default is sect163r2).\n");
#endif
- fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
+ fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
+ " When this option is requested, the cipherlist\n"
+ " tests are run instead of handshake tests.\n");
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr," -npn_client - have client side offer NPN\n");
fprintf(stderr," -npn_server - have server side offer NPN\n");
fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n");
fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
- fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n");
+ }
+
+static void print_key_details(BIO *out, EVP_PKEY *key)
+ {
+ int keyid = EVP_PKEY_id(key);
+#ifndef OPENSSL_NO_EC
+ if (keyid == EVP_PKEY_EC)
+ {
+ EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+ int nid;
+ const char *cname;
+ nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+ EC_KEY_free(ec);
+ cname = EC_curve_nid2nist(nid);
+ if (!cname)
+ cname = OBJ_nid2sn(nid);
+ BIO_printf(out, "%d bits EC (%s)",
+ EVP_PKEY_bits(key), cname);
+ }
+ else
+#endif
+ {
+ const char *algname;
+ switch (keyid)
+ {
+ case EVP_PKEY_RSA:
+ algname = "RSA";
+ break;
+ case EVP_PKEY_DSA:
+ algname = "DSA";
+ break;
+ case EVP_PKEY_DH:
+ algname = "DH";
+ break;
+ default:
+ algname = OBJ_nid2sn(keyid);
+ break;
+ }
+ BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
+ }
}
static void print_details(SSL *c_ssl, const char *prefix)
{
const SSL_CIPHER *ciph;
+ int mdnid;
X509 *cert;
+ EVP_PKEY *pkey;
ciph=SSL_get_current_cipher(c_ssl);
BIO_printf(bio_stdout,"%s%s, cipher %s %s",
cert=SSL_get_peer_certificate(c_ssl);
if (cert != NULL)
{
- EVP_PKEY *pkey = X509_get_pubkey(cert);
+ pkey = X509_get_pubkey(cert);
if (pkey != NULL)
{
- if (0)
- ;
-#ifndef OPENSSL_NO_RSA
- else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
- && pkey->pkey.rsa->n != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit RSA",
- BN_num_bits(pkey->pkey.rsa->n));
- }
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
- && pkey->pkey.dsa->p != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit DSA",
- BN_num_bits(pkey->pkey.dsa->p));
- }
-#endif
+ BIO_puts(bio_stdout, ", ");
+ print_key_details(bio_stdout, pkey);
EVP_PKEY_free(pkey);
}
X509_free(cert);
}
- /* The SSL API does not allow us to look at temporary RSA/DH keys,
- * otherwise we should print their lengths too */
+ if (SSL_get_server_tmp_key(c_ssl, &pkey))
+ {
+ BIO_puts(bio_stdout, ", temp key: ");
+ print_key_details(bio_stdout, pkey);
+ EVP_PKEY_free(pkey);
+ }
+ if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
+ BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
BIO_printf(bio_stdout,"\n");
}
#ifdef OPENSSL_FIPS
int fips_mode=0;
#endif
+ int no_protocol = 0;
+
+ SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
+ STACK_OF(OPENSSL_STRING) *conf_args = NULL;
+ const char *arg = NULL, *argn = NULL;
verbose = 0;
debug = 0;
bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+ s_cctx = SSL_CONF_CTX_new();
+ c_cctx = SSL_CONF_CTX_new();
+
+ if (!s_cctx || !c_cctx)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ SSL_CONF_CTX_set_flags(s_cctx,
+ SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_SERVER);
+ if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_"))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ SSL_CONF_CTX_set_flags(c_cctx,
+ SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_CLIENT);
+ if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_"))
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
argc--;
argv++;
#ifdef OPENSSL_FIPS
fips_mode=1;
#else
- fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+ fprintf(stderr,"not compiled with FIPS support, so exiting without running.\n");
EXIT(0);
#endif
}
}
#endif
else if (strcmp(*argv,"-ssl2") == 0)
- ssl2=1;
+ {
+#ifdef OPENSSL_NO_SSL2
+ no_protocol = 1;
+#endif
+ ssl2 = 1;
+ }
else if (strcmp(*argv,"-tls1") == 0)
- tls1=1;
+ {
+#ifdef OPENSSL_NO_TLS1
+ no_protocol = 1;
+#endif
+ tls1 = 1;
+ }
else if (strcmp(*argv,"-ssl3") == 0)
- ssl3=1;
+ {
+#ifdef OPENSSL_NO_SSL3_METHOD
+ no_protocol = 1;
+#endif
+ ssl3 = 1;
+ }
else if (strncmp(*argv,"-num",4) == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
alpn_expected = *(++argv);
}
- else if (strcmp(*argv,"-suppdata") == 0)
- {
- suppdata = 1;
- }
else
{
- fprintf(stderr,"unknown option %s\n",*argv);
- badop=1;
+ int rv;
+ arg = argv[0];
+ argn = argv[1];
+ /* Try to process command using SSL_CONF */
+ rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
+ /* If not processed try server */
+ if (rv == 0)
+ rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
+ /* Recognised: store it for later use */
+ if (rv > 0)
+ {
+ if (rv == 1)
+ argn = NULL;
+ if (!conf_args)
+ {
+ conf_args = sk_OPENSSL_STRING_new_null();
+ if (!conf_args)
+ goto end;
+ }
+ if (!sk_OPENSSL_STRING_push(conf_args, arg))
+ goto end;
+ if (!sk_OPENSSL_STRING_push(conf_args, argn))
+ goto end;
+ continue;
+ }
+ if (rv == -3)
+ BIO_printf(bio_err, "Missing argument for %s\n",
+ arg);
+ else if (rv < 0)
+ BIO_printf(bio_err, "Error with command %s\n",
+ arg);
+ else if (rv == 0)
+ BIO_printf(bio_err,"unknown option %s\n", arg);
+ badop = 1;
break;
}
argc--;
goto end;
}
+ /*
+ * test_cipherlist prevails over protocol switch: we test the cipherlist
+ * for all enabled protocols.
+ */
if (test_cipherlist == 1)
{
/* ensure that the cipher list are correctly sorted and exit */
+ fprintf(stdout, "Testing cipherlist order only. Ignoring all "
+ "other options.\n");
if (do_test_cipherlist() == 0)
EXIT(1);
ret = 0;
goto end;
}
+ if (ssl2 + ssl3 + tls1 > 1)
+ {
+ fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
+ "be requested.\n");
+ EXIT(1);
+ }
+
+ /*
+ * Testing was requested for a compiled-out protocol (e.g. SSLv2).
+ * Ideally, we would error out, but the generic test wrapper can't know
+ * when to expect failure. So we do nothing and return success.
+ */
+ if (no_protocol)
+ {
+ fprintf(stderr, "Testing was requested for a disabled protocol. "
+ "Skipping tests.\n");
+ ret = 0;
+ goto end;
+ }
+
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
{
fprintf(stderr, "This case cannot work. Use -f to perform "
}
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available.
+ * (Otherwise we exit early.)
+ * However the compiler doesn't know this, so we ifdef. */
+#ifndef OPENSSL_NO_SSL2
if (ssl2)
meth=SSLv2_method();
- else
- if (tls1)
- meth=TLSv1_method();
else
+#endif
+#ifndef OPENSSL_NO_SSL3
if (ssl3)
meth=SSLv3_method();
else
- meth=SSLv23_method();
-#else
-#ifdef OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_TLS1
if (tls1)
meth=TLSv1_method();
else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
- meth=SSLv2_method();
-#endif
#endif
+ meth=SSLv23_method();
c_ctx=SSL_CTX_new(meth);
s_ctx=SSL_CTX_new(meth);
ERR_print_errors(bio_err);
goto end;
}
+ /* Since we will use low security ciphersuites and keys for
+ * testing set security level to zero.
+ */
+ SSL_CTX_set_security_level(c_ctx, 0);
+ SSL_CTX_set_security_level(s_ctx, 0);
if (cipher != NULL)
{
SSL_CTX_set_cipher_list(s_ctx,cipher);
}
+ /* Process SSL_CONF arguments */
+ SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
+ SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
+
+ for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2)
+ {
+ int rv;
+ arg = sk_OPENSSL_STRING_value(conf_args, i);
+ argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
+ rv = SSL_CONF_cmd(c_cctx, arg, argn);
+ /* If not recognised use server context */
+ if (rv == -2)
+ rv = SSL_CONF_cmd(s_cctx, arg, argn);
+ if (rv <= 0)
+ {
+ BIO_printf(bio_err, "Error processing %s %s\n",
+ arg, argn ? argn : "");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx))
+ {
+ BIO_puts(bio_err, "Error finishing context\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
#ifndef OPENSSL_NO_DH
if (!no_dhe)
{
#endif
if (serverinfo_sct)
- SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL,
- serverinfo_cli_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL);
if (serverinfo_tack)
- SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL,
- serverinfo_cli_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL);
if (serverinfo_file)
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
if (custom_ext)
{
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_0,
- custom_ext_0_cli_first_cb,
- custom_ext_0_cli_second_cb, NULL);
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_1,
- custom_ext_1_cli_first_cb,
- custom_ext_1_cli_second_cb, NULL);
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_2,
- custom_ext_2_cli_first_cb,
- custom_ext_2_cli_second_cb, NULL);
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_3,
- custom_ext_3_cli_first_cb,
- custom_ext_3_cli_second_cb, NULL);
-
-
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_0,
- custom_ext_0_srv_first_cb,
- custom_ext_0_srv_second_cb, NULL);
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_1,
- custom_ext_1_srv_first_cb,
- custom_ext_1_srv_second_cb, NULL);
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_2,
- custom_ext_2_srv_first_cb,
- custom_ext_2_srv_second_cb, NULL);
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_3,
- custom_ext_3_srv_first_cb,
- custom_ext_3_srv_second_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_cli_add_cb,
+ NULL, NULL,
+ custom_ext_0_cli_parse_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_cli_add_cb,
+ NULL, NULL,
+ custom_ext_1_cli_parse_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_cli_add_cb,
+ NULL, NULL,
+ custom_ext_2_cli_parse_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_cli_add_cb,
+ NULL, NULL,
+ custom_ext_3_cli_parse_cb, NULL);
+
+
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_srv_add_cb,
+ NULL, NULL,
+ custom_ext_0_srv_parse_cb, NULL);
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_srv_add_cb,
+ NULL, NULL,
+ custom_ext_1_srv_parse_cb, NULL);
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_srv_add_cb,
+ NULL, NULL,
+ custom_ext_2_srv_parse_cb, NULL);
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_srv_add_cb,
+ NULL, NULL,
+ custom_ext_3_srv_parse_cb, NULL);
}
if (alpn_server)
c_ssl=SSL_new(c_ctx);
s_ssl=SSL_new(s_ctx);
- if (suppdata)
- {
- /* TEST CASES */
- /* client and server both send and receive, verify
- * additional arg passed back */
- SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0,
- supp_data_0_srv_first_cb,
- supp_data_0_srv_second_cb, s_ssl);
- SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0,
- supp_data_0_cli_first_cb,
- supp_data_0_cli_second_cb, c_ssl);
-
- /* -1 response from sending server/client doesn't
- * receive, -1 response from sending client/server
- * doesn't receive */
- SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1,
- supp_data_1_srv_first_cb,
- supp_data_1_srv_second_cb, NULL);
- SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1,
- supp_data_1_cli_first_cb,
- supp_data_1_cli_second_cb, NULL);
-
- /* null sending server/client doesn't receive, null
- sending client/server doesn't receive */
- SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2,
- /*supp_data_2_srv_first_cb*/NULL,
- supp_data_2_srv_second_cb, NULL);
- SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2,
- supp_data_2_cli_first_cb,
- /*supp_data_2_cli_second_cb*/NULL,
- NULL);
-
- /* alerts set to non-zero and zero return values not tested */
- }
#ifndef OPENSSL_NO_KRB5
if (c_ssl && c_ssl->kssl_ctx)
{
if (s_ctx != NULL) SSL_CTX_free(s_ctx);
if (c_ctx != NULL) SSL_CTX_free(c_ctx);
+ if (s_cctx)
+ SSL_CONF_CTX_free(s_cctx);
+ if (c_cctx)
+ SSL_CONF_CTX_free(c_cctx);
+ sk_OPENSSL_STRING_free(conf_args);
+
if (bio_stdout != NULL) BIO_free(bio_stdout);
#ifndef OPENSSL_NO_RSA
#endif
if (verify_serverinfo() < 0)
{
+ fprintf(stderr, "Server info verify error\n");
ret = 1;
goto err;
}
if (custom_ext_error)
{
+ fprintf(stderr, "Custom extension error\n");
ret = 1;
goto err;
}
int doit(SSL *s_ssl, SSL *c_ssl, long count)
{
- MS_STATIC char cbuf[1024*8],sbuf[1024*8];
+ char *cbuf=NULL,*sbuf=NULL;
+ long bufsiz;
long cw_num=count,cr_num=count;
long sw_num=count,sr_num=count;
int ret=1;
int done=0;
int c_write,s_write;
int do_server=0,do_client=0;
+ int max_frag = 5*1024;
+
+ bufsiz = count>40*1024 ? 40*1024 : count;
- memset(cbuf,0,sizeof(cbuf));
- memset(sbuf,0,sizeof(sbuf));
+ if ((cbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
+ if ((sbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
+
+ memset(cbuf,0,bufsiz);
+ memset(sbuf,0,bufsiz);
c_to_s=BIO_new(BIO_s_mem());
s_to_c=BIO_new(BIO_s_mem());
SSL_set_connect_state(c_ssl);
SSL_set_bio(c_ssl,s_to_c,c_to_s);
+ SSL_set_max_send_fragment(c_ssl,max_frag);
BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
SSL_set_accept_state(s_ssl);
SSL_set_bio(s_ssl,c_to_s,s_to_c);
+ SSL_set_max_send_fragment(s_ssl,max_frag);
BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
c_r=0; s_r=1;
{
if (c_write)
{
- j = (cw_num > (long)sizeof(cbuf)) ?
- (int)sizeof(cbuf) : (int)cw_num;
+ j = (cw_num > bufsiz) ?
+ (int)bufsiz : (int)cw_num;
i=BIO_write(c_bio,cbuf,j);
if (i < 0)
{
s_r=1;
c_write=0;
cw_num-=i;
+ if (max_frag>1029)
+ SSL_set_max_send_fragment(c_ssl,max_frag-=5);
}
}
else
{
- i=BIO_read(c_bio,cbuf,sizeof(cbuf));
+ i=BIO_read(c_bio,cbuf,bufsiz);
if (i < 0)
{
c_r=0;
{
if (!s_write)
{
- i=BIO_read(s_bio,sbuf,sizeof(cbuf));
+ i=BIO_read(s_bio,sbuf,bufsiz);
if (i < 0)
{
s_r=0;
}
else
{
- j = (sw_num > (long)sizeof(sbuf)) ?
- (int)sizeof(sbuf) : (int)sw_num;
+ j = (sw_num > bufsiz) ?
+ (int)bufsiz : (int)sw_num;
i=BIO_write(s_bio,sbuf,j);
if (i < 0)
{
c_r=1;
if (sw_num <= 0)
done|=S_DONE;
+ if (max_frag>1029)
+ SSL_set_max_send_fragment(s_ssl,max_frag-=5);
}
}
}
goto err;
}
#endif
- if (suppdata_error < 0)
- {
- ret = 1;
- goto err;
- }
if (verify_serverinfo() < 0)
{
+ fprintf(stderr, "Server info verify error\n");
ret = 1;
goto err;
}
if (custom_ext_error)
{
+ fprintf(stderr, "Custom extension error\n");
ret = 1;
goto err;
}
if (s_to_c != NULL) BIO_free(s_to_c);
if (c_bio != NULL) BIO_free_all(c_bio);
if (s_bio != NULL) BIO_free_all(s_bio);
+
+ if (cbuf) OPENSSL_free(cbuf);
+ if (sbuf) OPENSSL_free(sbuf);
+
return(ret);
}
projects / openssl.git / blobdiff