* https://www.openssl.org/source/license.html
*/
+/*
+ * DH low level APIs are deprecated for public use, but still ok for
+ * internal use.
+ */
+#include "internal/deprecated.h"
+
#include "e_os.h"
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
#ifndef OPENSSL_NO_CT
# include <openssl/ct.h>
#endif
+#include <openssl/provider.h>
/*
* Or gethostname won't be declared properly
#ifdef OPENSSL_SYS_WINDOWS
# include <winsock.h>
#else
-# include OPENSSL_UNISTD
+# include <unistd.h>
#endif
static SSL_CTX *s_ctx = NULL;
fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
+ fprintf(stderr, " -provider <name> - Load the given provider into the library context\n");
}
static void print_key_details(BIO *out, EVP_PKEY *key)
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
{ APP_CALLBACK_STRING, 0 };
- char *p;
SSL_CTX *c_ctx = NULL;
const SSL_METHOD *meth = NULL;
SSL *c_ssl, *s_ssl;
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
char *arg = NULL, *argn = NULL;
+ const char *provider = NULL, *config = NULL;
+ OSSL_PROVIDER *thisprov = NULL, *defctxnull = NULL;
+ OPENSSL_CTX *libctx = NULL;
verbose = 0;
debug = 0;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- p = getenv("OPENSSL_DEBUG_MEMORY");
- if (p != NULL && strcmp(p, "on") == 0)
- CRYPTO_set_mem_debug(1);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
s_cctx = SSL_CONF_CTX_new();
should_reuse = !!atoi(*(++argv));
} else if (strcmp(*argv, "-no_ticket") == 0) {
no_ticket = 1;
+ } else if (strcmp(*argv, "-provider") == 0) {
+ if (--argc < 1)
+ goto bad;
+ provider = *(++argv);
} else {
int rv;
arg = argv[0];
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
} else {
- min_version = SSL3_VERSION;
- max_version = TLS_MAX_VERSION;
+ min_version = 0;
+ max_version = 0;
}
#endif
#ifndef OPENSSL_NO_DTLS
min_version = DTLS1_2_VERSION;
max_version = DTLS1_2_VERSION;
} else {
- min_version = DTLS_MIN_VERSION;
- max_version = DTLS_MAX_VERSION;
+ min_version = 0;
+ max_version = 0;
}
}
#endif
- c_ctx = SSL_CTX_new(meth);
- s_ctx = SSL_CTX_new(meth);
- s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
+ if (provider != NULL) {
+ defctxnull = OSSL_PROVIDER_load(NULL, "null");
+ if (defctxnull == NULL)
+ goto end;
+ libctx = OPENSSL_CTX_new();
+ if (libctx == NULL)
+ goto end;
+
+ thisprov = OSSL_PROVIDER_load(libctx, provider);
+ if (thisprov == NULL)
+ goto end;
+ }
+
+ c_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
+ s_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
+ s_ctx2 = SSL_CTX_new_with_libctx(libctx, NULL, meth); /* no SSL_CTX_dup! */
if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
ERR_print_errors(bio_err);
goto end;
goto end;
if (cipher != NULL) {
- if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
- || !SSL_CTX_set_cipher_list(s_ctx, cipher)
- || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
- ERR_print_errors(bio_err);
- goto end;
+ if (strcmp(cipher, "") == 0) {
+ if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+ ERR_clear_error();
+ } else {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /* Should have failed when clearing all TLSv1.2 ciphers. */
+ fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+ goto end;
+ }
+
+ if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+ ERR_clear_error();
+ } else {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /* Should have failed when clearing all TLSv1.2 ciphers. */
+ fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+ goto end;
+ }
+
+ if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+ ERR_clear_error();
+ } else {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /* Should have failed when clearing all TLSv1.2 ciphers. */
+ fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+ goto end;
+ }
+ } else {
+ if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
+ || !SSL_CTX_set_cipher_list(s_ctx, cipher)
+ || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
}
}
if (ciphersuites != NULL) {
(void)no_dhe;
#endif
- if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
- (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
- (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
- (!SSL_CTX_set_default_verify_paths(c_ctx))) {
+ if (!(SSL_CTX_load_verify_file(s_ctx, CAfile)
+ || SSL_CTX_load_verify_dir(s_ctx, CApath))
+ || !SSL_CTX_set_default_verify_paths(s_ctx)
+ || !(SSL_CTX_load_verify_file(s_ctx2, CAfile)
+ || SSL_CTX_load_verify_dir(s_ctx2, CApath))
+ || !SSL_CTX_set_default_verify_paths(s_ctx2)
+ || !(SSL_CTX_load_verify_file(c_ctx, CAfile)
+ || SSL_CTX_load_verify_dir(c_ctx, CApath))
+ || !SSL_CTX_set_default_verify_paths(c_ctx)) {
ERR_print_errors(bio_err);
}
SSL_SESSION_free(server_sess);
SSL_SESSION_free(client_sess);
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- if (CRYPTO_mem_leaks(bio_err) <= 0)
- ret = EXIT_FAILURE;
-#endif
+ OSSL_PROVIDER_unload(defctxnull);
+ OSSL_PROVIDER_unload(thisprov);
+ OPENSSL_CTX_free(libctx);
+
BIO_free(bio_err);
EXIT(ret);
}