-/* ssl/ssltest.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define COMP_ZLIB 1
static int verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-static void free_tmp_rsa(void);
-#endif
static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
#define APP_CALLBACK_STRING "Test Callback Argument"
struct app_verify_arg {
static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
{
SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
- return BUF_strdup((char *)srp_client_arg->srppassin);
+ return OPENSSL_strdup((char *)srp_client_arg->srppassin);
}
/* SRP server */
static const char *alpn_server;
static const char *alpn_expected;
static unsigned char *alpn_selected;
+static const char *server_min_proto;
+static const char *server_max_proto;
+static const char *client_min_proto;
+static const char *client_max_proto;
+static const char *should_negotiate;
/*-
* next_protos_parse parses a comma separated list of strings into a string
fprintf(stderr, " -srpuser user - SRP username to use\n");
fprintf(stderr, " -srppass arg - password for 'user'\n");
#endif
-#ifndef OPENSSL_NO_SSL3_METHOD
+#ifndef OPENSSL_NO_SSL3
fprintf(stderr, " -ssl3 - use SSLv3\n");
#endif
+#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
+#endif
#ifndef OPENSSL_NO_DTLS
+ fprintf(stderr, " -dtls - use DTLS\n");
+#ifndef OPENSSL_NO_DTLS1
fprintf(stderr, " -dtls1 - use DTLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
+#endif
#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr,
" -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
+ fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
+ fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
+ fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
+ fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
+ fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
}
static void print_key_details(BIO *out, EVP_PKEY *key)
}
}
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+ struct protocol_versions {
+ const char *name;
+ int version;
+ };
+ static const struct protocol_versions versions[] = {
+ {"ssl3", SSL3_VERSION},
+ {"tls1", TLS1_VERSION},
+ {"tls1.1", TLS1_1_VERSION},
+ {"tls1.2", TLS1_2_VERSION},
+ {"dtls1", DTLS1_VERSION},
+ {"dtls1.2", DTLS1_2_VERSION}};
+ size_t i;
+ size_t n = OSSL_NELEM(versions);
+
+ for (i = 0; i < n; i++)
+ if (strcmp(versions[i].name, value) == 0)
+ return versions[i].version;
+ return -1;
+}
+
+/*
+ * set_protocol_version - Sets protocol version minimum or maximum
+ *
+ * Returns 0 on failure and 1 on success
+ */
+static int set_protocol_version(const char *version, SSL *ssl, int setting)
+{
+ if (version != NULL) {
+ int ver = protocol_from_string(version);
+ if (ver < 0) {
+ BIO_printf(bio_err, "Error parsing: %s\n", version);
+ return 0;
+ }
+ return SSL_ctrl(ssl, setting, ver, NULL);
+ }
+ return 1;
+}
+
int main(int argc, char *argv[])
{
char *CApath = NULL, *CAfile = NULL;
int badop = 0;
int bio_pair = 0;
int force = 0;
- int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
+ int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };
+ char *p;
#ifndef OPENSSL_NO_EC
char *named_curve = NULL;
#endif
#ifdef OPENSSL_FIPS
int fips_mode = 0;
#endif
- int no_protocol = 0;
+ int no_protocol;
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
- const char *arg = NULL, *argn = NULL;
+ char *arg = NULL, *argn = NULL;
verbose = 0;
debug = 0;
CRYPTO_set_locking_callback(lock_dbg_cb);
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
- && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- } else {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
+ p = getenv("OPENSSL_DEBUG_MEMORY");
+ if (p != NULL && strcmp(p, "on") == 0)
+ CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
RAND_seed(rnd_seed, sizeof rnd_seed);
else if (strcmp(*argv, "-tls1") == 0) {
tls1 = 1;
} else if (strcmp(*argv, "-ssl3") == 0) {
-#ifdef OPENSSL_NO_SSL3_METHOD
- no_protocol = 1;
-#endif
ssl3 = 1;
} else if (strcmp(*argv, "-dtls1") == 0) {
-#ifdef OPENSSL_NO_DTLS
- no_protocol = 1;
-#endif
dtls1 = 1;
} else if (strcmp(*argv, "-dtls12") == 0) {
-#ifdef OPENSSL_NO_DTLS
- no_protocol = 1;
-#endif
dtls12 = 1;
+ } else if (strcmp(*argv, "-dtls") == 0) {
+ dtls = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
if (--argc < 1)
goto bad;
alpn_expected = *(++argv);
+ } else if (strcmp(*argv, "-server_min_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_min_proto = *(++argv);
+ } else if (strcmp(*argv, "-server_max_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_max_proto = *(++argv);
+ } else if (strcmp(*argv, "-client_min_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ client_min_proto = *(++argv);
+ } else if (strcmp(*argv, "-client_max_proto") == 0) {
+ if (--argc < 1)
+ goto bad;
+ client_max_proto = *(++argv);
+ } else if (strcmp(*argv, "-should_negotiate") == 0) {
+ if (--argc < 1)
+ goto bad;
+ should_negotiate = *(++argv);
} else {
int rv;
arg = argv[0];
goto end;
}
- if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
- fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
+ if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
+ fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
+#ifdef OPENSSL_NO_SSL3
+ if (ssl3)
+ no_protocol = 1;
+ else
+#endif
+#ifdef OPENSSL_NO_TLS1
+ if (tls1)
+ no_protocol = 1;
+ else
+#endif
+#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
+ if (dtls1)
+ no_protocol = 1;
+ else
+#endif
+#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
+ if (dtls12)
+ no_protocol = 1;
+ else
+#endif
+ no_protocol = 0;
+
/*
* Testing was requested for a compiled-out protocol (e.g. SSLv3).
* Ideally, we would error out, but the generic test wrapper can't know
goto end;
}
- if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
+ if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
- "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
+ "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
* (Otherwise we exit early.) However the compiler doesn't know this, so
* we ifdef.
*/
-#ifndef OPENSSL_NO_SSL3
- if (ssl3)
- meth = SSLv3_method();
- else
-#endif
#ifndef OPENSSL_NO_DTLS
+#ifndef OPENSSL_NO_DTLS1
if (dtls1)
meth = DTLSv1_method();
- else if (dtls12)
+ else
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+ if (dtls12)
meth = DTLSv1_2_method();
else
#endif
+ if (dtls)
+ meth = DTLS_method();
+ else
+#endif
+#ifndef OPENSSL_NO_SSL3
+ if (ssl3)
+ meth = SSLv3_method();
+ else
+#endif
+#ifndef OPENSSL_NO_TLS1
if (tls1)
meth = TLSv1_method();
else
+#endif
meth = TLS_method();
c_ctx = SSL_CTX_new(meth);
(void)no_ecdhe;
#endif
-#ifndef OPENSSL_NO_RSA
- SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
-#endif
-
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
c_ssl = SSL_new(c_ctx);
s_ssl = SSL_new(s_ctx);
+ if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+
BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
for (i = 0; i < number; i++) {
if (!reuse) {
if (ret) break;
}
+ if (should_negotiate && ret == 0 &&
+ strcmp(should_negotiate, "fail-server") != 0 &&
+ strcmp(should_negotiate, "fail-client") != 0) {
+ int version = protocol_from_string(should_negotiate);
+ if (version < 0) {
+ BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
+ ret = 1;
+ goto err;
+ }
+ if (SSL_version(c_ssl) != version) {
+ BIO_printf(bio_err, "Unxpected version negotiated. "
+ "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
+ ret = 1;
+ goto err;
+ }
+ }
+
if (!verbose) {
print_details(c_ssl, "");
}
#endif
}
+ err:
SSL_free(s_ssl);
SSL_free(c_ssl);
BIO_free(bio_stdout);
-#ifndef OPENSSL_NO_RSA
- free_tmp_rsa();
-#endif
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif
+ CONF_modules_unload(1);
CRYPTO_cleanup_all_ex_data();
ERR_free_strings();
ERR_remove_thread_state(NULL);
EVP_cleanup();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
CRYPTO_mem_leaks(bio_err);
+#endif
BIO_free(bio_err);
EXIT(ret);
}
BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
int ret = 1;
+ int err_in_client = 0;
+ int err_in_server = 0;
size_t bufsiz = 256; /* small buffer for testing */
if (r < 0) {
if (!BIO_should_retry(c_ssl_bio)) {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
goto err;
}
/*
if (r < 0) {
if (!BIO_should_retry(c_ssl_bio)) {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
goto err;
}
/*
if (r < 0) {
if (!BIO_should_retry(s_ssl_bio)) {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
goto err;
}
/* Ignore "BIO_should_retry". */
if (r < 0) {
if (!BIO_should_retry(s_ssl_bio)) {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
goto err;
}
/* blah, blah */
BIO_free(s_ssl_bio);
BIO_free(c_ssl_bio);
+ if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+ ret = (err_in_client != 0) ? 0 : 1;
+ else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+ ret = (err_in_server != 0) ? 0 : 1;
+
return ret;
}
int c_write, s_write;
int do_server = 0, do_client = 0;
int max_frag = 5 * 1024;
+ int err_in_client = 0;
+ int err_in_server = 0;
bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
c_w = 1;
} else {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
ERR_print_errors(bio_err);
goto err;
}
c_w = 1;
} else {
fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
ERR_print_errors(bio_err);
goto err;
}
s_w = 1;
} else {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
ERR_print_errors(bio_err);
goto err;
}
s_w = 1;
} else {
fprintf(stderr, "ERROR in SERVER\n");
+ err_in_server = 1;
ERR_print_errors(bio_err);
goto err;
}
OPENSSL_free(cbuf);
OPENSSL_free(sbuf);
+ if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
+ ret = (err_in_client != 0) ? 0 : 1;
+ else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
+ ret = (err_in_server != 0) ? 0 : 1;
+
return (ret);
}
return (ok);
}
-#ifndef OPENSSL_NO_RSA
-static RSA *rsa_tmp = NULL;
-
-static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
-{
- BIGNUM *bn = NULL;
- if (rsa_tmp == NULL) {
- bn = BN_new();
- rsa_tmp = RSA_new();
- if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
- BIO_printf(bio_err, "Memory error...");
- goto end;
- }
- printf("Generating temp (%d bit) RSA key...", keylength);
- if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
- BIO_printf(bio_err, "Error generating key.");
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- end:
- printf("\n");
- }
- BN_free(bn);
- return (rsa_tmp);
-}
-
-static void free_tmp_rsa(void)
-{
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
-}
-#endif
-
#ifndef OPENSSL_NO_DH
/*-
* These DH parameters have been generated as follows:
static int do_test_cipherlist(void)
{
+#if !defined(OPENSSL_NO_SSL3) || !defined(OPENSSL_NO_TLS1)
int i = 0;
const SSL_METHOD *meth;
const SSL_CIPHER *ci, *tci = NULL;
+#endif
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_method();
tci = ci;
}
#endif
+#ifndef OPENSSL_NO_TLS1
meth = TLSv1_method();
tci = NULL;
while ((ci = meth->get_cipher(i++)) != NULL) {
}
tci = ci;
}
+#endif
return 1;
}
projects / openssl.git / blobdiff