static BIO *bio_err=NULL;
static BIO *bio_stdout=NULL;
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
/* Note that this code assumes that this is only a one element list: */
static const char NEXT_PROTO_STRING[] = "\x09testproto";
int npn_client = 0;
/* This set based on extension callbacks */
int custom_ext_error = 0;
-static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
- const unsigned char* in, unsigned short inlen,
- int* al, void* arg)
+static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
+ const unsigned char *in, size_t inlen,
+ int *al, void *arg)
{
if (ext_type == SCT_EXT_TYPE)
serverinfo_sct_seen++;
* 3 - ClientHello with "abc", "defg" response
*/
-static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_0)
custom_ext_error = 1;
- return -1; /* Don't send an extension */
+ return 0; /* Don't send an extension */
}
-static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
- custom_ext_error = 1; /* Shouldn't be called */
- return 0;
+ return 1;
}
-static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1;
return 1; /* Send "abc" */
}
-static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
- custom_ext_error = 1; /* Shouldn't be called */
- return 0;
+ return 1;
}
-static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1;
return 1; /* Send "abc" */
}
-static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
return 1;
}
-static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1;
return 1; /* Send "abc" */
}
-static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
return 1;
}
-
-static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
+/* custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback for this extension */
+static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
custom_ext_error = 1;
- return 0; /* Shouldn't be called */
+ return 1;
}
-static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
+/* 'add' callbacks are only called if the 'parse' callback is called */
+static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
+ /* Error: should not have been called */
custom_ext_error = 1;
- return 0; /* Shouldn't be called */
+ return 0; /* Don't send an extension */
}
-static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
- const unsigned char *in,
- unsigned short inlen, int *al,
- void *arg)
+static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
+ const unsigned char *in,
+ size_t inlen, int *al,
+ void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1;
return 1;
}
-static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
- return -1; /* Don't send an extension */
+ return 0; /* Don't send an extension */
}
-static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
return 1;
}
-static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
*out = NULL;
*outlen = 0;
return 1; /* Send empty extension */
}
-static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
- unsigned short inlen, int *al,
+ size_t inlen, int *al,
void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
return 1;
}
-static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
+static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
- unsigned short *outlen, void *arg)
+ size_t *outlen, int *al, void *arg)
{
*out = (const unsigned char*)custom_ext_srv_string;
*outlen = strlen(custom_ext_srv_string);
return 1; /* Send "defg" */
}
-
static char *cipher=NULL;
static int verbose=0;
static int debug=0;
" (default is sect163r2).\n");
#endif
fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr," -npn_client - have client side offer NPN\n");
fprintf(stderr," -npn_server - have server side offer NPN\n");
fprintf(stderr," -npn_server_reject - have server reject NPN\n");
{
test_cipherlist = 1;
}
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv,"-npn_client") == 0)
{
npn_client = 1;
ERR_print_errors(bio_err);
goto end;
}
+ /* Since we will use low security ciphersuites and keys for
+ * testing set security level to zero.
+ */
+ SSL_CTX_set_security_level(c_ctx, 0);
+ SSL_CTX_set_security_level(s_ctx, 0);
if (cipher != NULL)
{
}
#endif
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (npn_client)
{
SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
#endif
if (serverinfo_sct)
- SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL,
- serverinfo_cli_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL);
if (serverinfo_tack)
- SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL,
- serverinfo_cli_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
+ NULL, NULL, NULL,
+ serverinfo_cli_parse_cb, NULL);
if (serverinfo_file)
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
if (custom_ext)
{
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_0,
- custom_ext_0_cli_first_cb,
- custom_ext_0_cli_second_cb, NULL);
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_1,
- custom_ext_1_cli_first_cb,
- custom_ext_1_cli_second_cb, NULL);
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_2,
- custom_ext_2_cli_first_cb,
- custom_ext_2_cli_second_cb, NULL);
- SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_3,
- custom_ext_3_cli_first_cb,
- custom_ext_3_cli_second_cb, NULL);
-
-
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_0,
- custom_ext_0_srv_first_cb,
- custom_ext_0_srv_second_cb, NULL);
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_1,
- custom_ext_1_srv_first_cb,
- custom_ext_1_srv_second_cb, NULL);
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_2,
- custom_ext_2_srv_first_cb,
- custom_ext_2_srv_second_cb, NULL);
- SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_3,
- custom_ext_3_srv_first_cb,
- custom_ext_3_srv_second_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_cli_add_cb,
+ NULL, NULL,
+ custom_ext_0_cli_parse_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_cli_add_cb,
+ NULL, NULL,
+ custom_ext_1_cli_parse_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_cli_add_cb,
+ NULL, NULL,
+ custom_ext_2_cli_parse_cb, NULL);
+ SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_cli_add_cb,
+ NULL, NULL,
+ custom_ext_3_cli_parse_cb, NULL);
+
+
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_srv_add_cb,
+ NULL, NULL,
+ custom_ext_0_srv_parse_cb, NULL);
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_srv_add_cb,
+ NULL, NULL,
+ custom_ext_1_srv_parse_cb, NULL);
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_srv_add_cb,
+ NULL, NULL,
+ custom_ext_2_srv_parse_cb, NULL);
+ SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_srv_add_cb,
+ NULL, NULL,
+ custom_ext_3_srv_parse_cb, NULL);
}
if (alpn_server)
if (verbose)
print_details(c_ssl, "DONE via BIO pair: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
#endif
if (verify_serverinfo() < 0)
{
+ fprintf(stderr, "Server info verify error\n");
ret = 1;
goto err;
}
if (custom_ext_error)
{
+ fprintf(stderr, "Custom extension error\n");
ret = 1;
goto err;
}
int doit(SSL *s_ssl, SSL *c_ssl, long count)
{
- MS_STATIC char cbuf[1024*8],sbuf[1024*8];
+ char *cbuf=NULL,*sbuf=NULL;
+ long bufsiz;
long cw_num=count,cr_num=count;
long sw_num=count,sr_num=count;
int ret=1;
int done=0;
int c_write,s_write;
int do_server=0,do_client=0;
+ int max_frag = 5*1024;
+
+ bufsiz = count>40*1024 ? 40*1024 : count;
- memset(cbuf,0,sizeof(cbuf));
- memset(sbuf,0,sizeof(sbuf));
+ if ((cbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
+ if ((sbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
+
+ memset(cbuf,0,bufsiz);
+ memset(sbuf,0,bufsiz);
c_to_s=BIO_new(BIO_s_mem());
s_to_c=BIO_new(BIO_s_mem());
SSL_set_connect_state(c_ssl);
SSL_set_bio(c_ssl,s_to_c,c_to_s);
+ SSL_set_max_send_fragment(c_ssl,max_frag);
BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
SSL_set_accept_state(s_ssl);
SSL_set_bio(s_ssl,c_to_s,s_to_c);
+ SSL_set_max_send_fragment(s_ssl,max_frag);
BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
c_r=0; s_r=1;
{
if (c_write)
{
- j = (cw_num > (long)sizeof(cbuf)) ?
- (int)sizeof(cbuf) : (int)cw_num;
+ j = (cw_num > bufsiz) ?
+ (int)bufsiz : (int)cw_num;
i=BIO_write(c_bio,cbuf,j);
if (i < 0)
{
s_r=1;
c_write=0;
cw_num-=i;
+ if (max_frag>1029)
+ SSL_set_max_send_fragment(c_ssl,max_frag-=5);
}
}
else
{
- i=BIO_read(c_bio,cbuf,sizeof(cbuf));
+ i=BIO_read(c_bio,cbuf,bufsiz);
if (i < 0)
{
c_r=0;
{
if (!s_write)
{
- i=BIO_read(s_bio,sbuf,sizeof(cbuf));
+ i=BIO_read(s_bio,sbuf,bufsiz);
if (i < 0)
{
s_r=0;
}
else
{
- j = (sw_num > (long)sizeof(sbuf)) ?
- (int)sizeof(sbuf) : (int)sw_num;
+ j = (sw_num > bufsiz) ?
+ (int)bufsiz : (int)sw_num;
i=BIO_write(s_bio,sbuf,j);
if (i < 0)
{
c_r=1;
if (sw_num <= 0)
done|=S_DONE;
+ if (max_frag>1029)
+ SSL_set_max_send_fragment(s_ssl,max_frag-=5);
}
}
}
if (verbose)
print_details(c_ssl, "DONE: ");
-#ifndef OPENSSL_NO_NPN
+#ifndef OPENSSL_NO_NEXTPROTONEG
if (verify_npn(c_ssl, s_ssl) < 0)
{
ret = 1;
#endif
if (verify_serverinfo() < 0)
{
+ fprintf(stderr, "Server info verify error\n");
ret = 1;
goto err;
}
if (custom_ext_error)
{
+ fprintf(stderr, "Custom extension error\n");
ret = 1;
goto err;
}
if (s_to_c != NULL) BIO_free(s_to_c);
if (c_bio != NULL) BIO_free_all(c_bio);
if (s_bio != NULL) BIO_free_all(s_bio);
+
+ if (cbuf) OPENSSL_free(cbuf);
+ if (sbuf) OPENSSL_free(sbuf);
+
return(ret);
}