static const char *alpn_server;
static const char *alpn_expected;
static unsigned char *alpn_selected;
+static const char *server_min_proto;
+static const char *server_max_proto;
+static const char *client_min_proto;
+static const char *client_max_proto;
+static const char *should_negotiate;
/*-
* next_protos_parse parses a comma separated list of strings into a string
#endif
fprintf(stderr, " -tls1 - use TLSv1\n");
#ifndef OPENSSL_NO_DTLS
+ fprintf(stderr, " -dtls - use DTLS\n");
fprintf(stderr, " -dtls1 - use DTLSv1\n");
fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
#endif
fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr,
" -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
+ fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
+ fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
+ fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
+ fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
+ fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
}
static void print_key_details(BIO *out, EVP_PKEY *key)
}
}
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+ struct protocol_versions {
+ const char *name;
+ int version;
+ };
+ static const struct protocol_versions versions[] = {
+ {"ssl3", SSL3_VERSION},
+ {"tls1", TLS1_VERSION},
+ {"tls1.1", TLS1_1_VERSION},
+ {"tls1.2", TLS1_2_VERSION},
+ {"dtls1", DTLS1_VERSION},
+ {"dtls1.2", DTLS1_2_VERSION}};
+ size_t i;
+ size_t n = OSSL_NELEM(versions);
+
+ for (i = 0; i < n; i++)
+ if (strcmp(versions[i].name, value) == 0)
+ return versions[i].version;
+ return -1;
+}
+
+/*
+ * set_protocol_version - Sets protocol version minimum or maximum
+ *
+ * Returns 0 on failure and 1 on success
+ */
+static int set_protocol_version(const char *version, SSL *ssl, int setting)
+{
+ if (version != NULL) {
+ int ver = protocol_from_string(version);
+ if (ver < 0) {
+ BIO_printf(bio_err, "Error parsing: %s\n", version);
+ return 0;
+ }
+ return SSL_ctrl(ssl, setting, ver, NULL);
+ }
+ return 1;
+}
+
int main(int argc, char *argv[])
{
char *CApath = NULL, *CAfile = NULL;
int badop = 0;
int bio_pair = 0;
int force = 0;
- int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
+ int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };
+ char *p;
#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
- const char *arg = NULL, *argn = NULL;
+ char *arg = NULL, *argn = NULL;
verbose = 0;
debug = 0;
CRYPTO_set_locking_callback(lock_dbg_cb);
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
- && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- } else {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
+ p = getenv("OPENSSL_DEBUG_MEMORY");
+ if (p != NULL && strcmp(p, "on") == 0)
+ CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
no_protocol = 1;
#endif
dtls12 = 1;
+ } else if (strcmp(*argv, "-dtls") == 0) {
+#ifdef OPENSSL_NO_DTLS
+ no_protocol = 1;
+#endif
+ dtls = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
if (--argc < 1)
goto bad;
alpn_expected = *(++argv);
+ } else if (strcmp(*argv, "-server_min_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_min_proto = *(++argv);
+ } else if (strcmp(*argv, "-server_max_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_max_proto = *(++argv);
+ } else if (strcmp(*argv, "-client_min_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ client_min_proto = *(++argv);
+ } else if (strcmp(*argv, "-client_max_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ client_max_proto = *(++argv);
+ } else if (strcmp(*argv, "-should_negotiate") == 0) {
+ if (--argc < 1)
+ goto bad;
+ should_negotiate = *(++argv);
} else {
int rv;
arg = argv[0];
goto end;
}
- if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
- fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
+ if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
goto end;
}
- if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
+ if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
+ "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
meth = DTLSv1_method();
else if (dtls12)
meth = DTLSv1_2_method();
+ else if (dtls)
+ meth = DTLS_method();
else
#endif
if (tls1)
c_ssl = SSL_new(c_ctx);
s_ssl = SSL_new(s_ctx);
+ if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+
BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
for (i = 0; i < number; i++) {
if (!reuse) {
if (ret) break;
}
+ if (should_negotiate && ret == 0 &&
+ strcmp(should_negotiate, "fail-server") != 0 &&
+ strcmp(should_negotiate, "fail-client") != 0) {
+ int version = protocol_from_string(should_negotiate);
+ if (version < 0) {
+ BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
+ ret = 1;
+ goto err;
+ }
+ if (SSL_version(c_ssl) != version) {
+ BIO_printf(bio_err, "Unxpected version negotiated. "
+ "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
+ ret = 1;
+ goto err;
+ }
+ }
+
if (!verbose) {
print_details(c_ssl, "");
}
#endif
}
+ err:
SSL_free(s_ssl);
SSL_free(c_ssl);
ERR_free_strings();
ERR_remove_thread_state(NULL);
EVP_cleanup();
+#ifdef CRYPTO_MDEBUG
CRYPTO_mem_leaks(bio_err);
+#endif
BIO_free(bio_err);
EXIT(ret);
}
BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
int ret = 1;
+ int err_in_client = 0;
+ int err_in_server = 0;
size_t bufsiz = 256; /* small buffer for testing */
if (r < 0) {
if (!BIO_should_retry(c_ssl_bio)) {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
goto err;
}
/*
if (r < 0) {
if (!BIO_should_retry(c_ssl_bio)) {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
goto err;
}
/*
if (r < 0) {
if (!BIO_should_retry(s_ssl_bio)) {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
goto err;
}
/* Ignore "BIO_should_retry". */
if (r < 0) {
if (!BIO_should_retry(s_ssl_bio)) {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
goto err;
}
/* blah, blah */
BIO_free(s_ssl_bio);
BIO_free(c_ssl_bio);
+ if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+ ret = (err_in_client != 0) ? 0 : 1;
+ else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+ ret = (err_in_server != 0) ? 0 : 1;
+
return ret;
}
int c_write, s_write;
int do_server = 0, do_client = 0;
int max_frag = 5 * 1024;
+ int err_in_client = 0;
+ int err_in_server = 0;
bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
c_w = 1;
} else {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
ERR_print_errors(bio_err);
goto err;
}
c_w = 1;
} else {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
ERR_print_errors(bio_err);
goto err;
}
s_w = 1;
} else {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
ERR_print_errors(bio_err);
goto err;
}
s_w = 1;
} else {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
ERR_print_errors(bio_err);
goto err;
}
OPENSSL_free(cbuf);
OPENSSL_free(sbuf);
+ if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+ ret = (err_in_client != 0) ? 0 : 1;
+ else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+ ret = (err_in_server != 0) ? 0 : 1;
+
return (ret);
}