-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
+
/* ====================================================================
* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
* ECC cipher suite support in OpenSSL originally developed by
*/
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
-#define _BSD_SOURCE 1
-#define _DEFAULT_SOURCE 1
+#ifndef _BSD_SOURCE
+# define _BSD_SOURCE 1
+#endif
+#ifndef _DEFAULT_SOURCE
+# define _DEFAULT_SOURCE 1
+#endif
#include <assert.h>
#include <errno.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-# include <openssl/engine.h>
-#endif
#include <openssl/err.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/ct.h>
#endif
-#include "internal/threads.h"
#include "../ssl/ssl_locl.h"
/*
struct app_verify_arg {
char *string;
int app_verify;
- int allow_proxy_certs;
- char *proxy_auth;
- char *proxy_cond;
};
#ifndef OPENSSL_NO_DH
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
-static int do_test_cipherlist(void);
static void sv_usage(void)
{
#endif
fprintf(stderr, " -server_auth - check server certificate\n");
fprintf(stderr, " -client_auth - do client authentication\n");
- fprintf(stderr, " -proxy - allow proxy certificates\n");
- fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
- fprintf(stderr,
- " -proxy_cond <val> - expression to test proxy policy rights\n");
fprintf(stderr, " -v - more output\n");
fprintf(stderr, " -d - debug output\n");
fprintf(stderr, " -reuse - use session-id reuse\n");
fprintf(stderr,
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
- fprintf(stderr,
- " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
- " When this option is requested, the cipherlist\n"
- " tests are run instead of handshake tests.\n");
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr, " -npn_client - have client side offer NPN\n");
fprintf(stderr, " -npn_server - have server side offer NPN\n");
SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
cert = SSL_get_peer_certificate(c_ssl);
if (cert != NULL) {
- pkey = X509_get_pubkey(cert);
- if (pkey != NULL) {
+ EVP_PKEY* pubkey = X509_get0_pubkey(cert);
+
+ if (pubkey != NULL) {
BIO_puts(bio_stdout, ", ");
- print_key_details(bio_stdout, pkey);
- EVP_PKEY_free(pkey);
+ print_key_details(bio_stdout, pubkey);
}
X509_free(cert);
}
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
- { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
+ { APP_CALLBACK_STRING, 0 };
char *p;
SSL_CTX *c_ctx = NULL;
const SSL_METHOD *meth = NULL;
COMP_METHOD *cm = NULL;
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
#endif
- int test_cipherlist = 0;
#ifdef OPENSSL_FIPS
int fips_mode = 0;
#endif
server_auth = 1;
else if (strcmp(*argv, "-client_auth") == 0)
client_auth = 1;
- else if (strcmp(*argv, "-proxy_auth") == 0) {
- if (--argc < 1)
- goto bad;
- app_verify_arg.proxy_auth = *(++argv);
- } else if (strcmp(*argv, "-proxy_cond") == 0) {
- if (--argc < 1)
- goto bad;
- app_verify_arg.proxy_cond = *(++argv);
- } else if (strcmp(*argv, "-v") == 0)
+ else if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-d") == 0)
debug = 1;
#endif
else if (strcmp(*argv, "-app_verify") == 0) {
app_verify_arg.app_verify = 1;
- } else if (strcmp(*argv, "-proxy") == 0) {
- app_verify_arg.allow_proxy_certs = 1;
- } else if (strcmp(*argv, "-test_cipherlist") == 0) {
- test_cipherlist = 1;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
- else if (strcmp(*argv, "-npn_client") == 0) {
+ else if (strcmp(*argv, "-npn_client") == 0) {
npn_client = 1;
} else if (strcmp(*argv, "-npn_server") == 0) {
npn_server = 1;
goto end;
}
- /*
- * test_cipherlist prevails over protocol switch: we test the cipherlist
- * for all enabled protocols.
- */
- if (test_cipherlist == 1) {
- /*
- * ensure that the cipher list are correctly sorted and exit
- */
- fprintf(stdout, "Testing cipherlist order only. Ignoring all "
- "other options.\n");
- if (do_test_cipherlist() == 0)
- EXIT(1);
- ret = 0;
- goto end;
- }
-
if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
goto err;
}
+# ifndef OPENSSL_NO_NEXTPROTONEG
end:
+# endif
ret = 0;
err:
goto err;
}
+#ifndef OPENSSL_NO_NEXTPROTONEG
end:
+#endif
ret = 0;
err:
return (ret);
}
-static CRYPTO_ONCE proxy_auth_ex_data_once = CRYPTO_ONCE_STATIC_INIT;
-static volatile int proxy_auth_ex_data_idx = -1;
-
-static void do_get_proxy_auth_ex_data_idx(void)
-{
- proxy_auth_ex_data_idx = X509_STORE_CTX_get_ex_new_index(0,
- "SSLtest for verify callback",
- NULL, NULL, NULL);
-}
-
-static int get_proxy_auth_ex_data_idx(void)
-{
- CRYPTO_THREAD_run_once(&proxy_auth_ex_data_once,
- do_get_proxy_auth_ex_data_idx);
- return proxy_auth_ex_data_idx;
-}
-
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
char *s, buf[256];
- s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
- sizeof buf);
+ s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
+ buf, sizeof buf);
if (s != NULL) {
if (ok)
- printf("depth=%d %s\n", ctx->error_depth, buf);
+ printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
else {
fprintf(stderr, "depth=%d error=%d %s\n",
- ctx->error_depth, ctx->error, buf);
+ X509_STORE_CTX_get_error_depth(ctx),
+ X509_STORE_CTX_get_error(ctx), buf);
}
}
if (ok == 0) {
- switch (ctx->error) {
+ int i = X509_STORE_CTX_get_error(ctx);
+
+ switch (i) {
default:
fprintf(stderr, "Error string: %s\n",
- X509_verify_cert_error_string(ctx->error));
+ X509_verify_cert_error_string(i));
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
ok = 1;
- }
- }
-
- if (ok == 1) {
- X509 *xs = ctx->current_cert;
- if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
- unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
- get_proxy_auth_ex_data_idx
- ());
-
- if (letters) {
- int found_any = 0;
- int i;
- PROXY_CERT_INFO_EXTENSION *pci =
- X509_get_ext_d2i(xs, NID_proxyCertInfo,
- NULL, NULL);
-
- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
- case NID_Independent:
- /*
- * Completely meaningless in this program, as there's no
- * way to grant explicit rights to a specific PrC.
- * Basically, using id-ppl-Independent is the perfect way
- * to grant no rights at all.
- */
- fprintf(stderr, " Independent proxy certificate");
- for (i = 0; i < 26; i++)
- letters[i] = 0;
- break;
- case NID_id_ppl_inheritAll:
- /*
- * This is basically a NOP, we simply let the current
- * rights stand as they are.
- */
- fprintf(stderr, " Proxy certificate inherits all");
- break;
- default:
- s = (char *)
- pci->proxyPolicy->policy->data;
- i = pci->proxyPolicy->policy->length;
-
- /*
- * The algorithm works as follows: it is assumed that
- * previous iterations or the initial granted rights has
- * already set some elements of `letters'. What we need
- * to do is to clear those that weren't granted by the
- * current PrC as well. The easiest way to do this is to
- * add 1 to all the elements whose letters are given with
- * the current policy. That way, all elements that are
- * set by the current policy and were already set by
- * earlier policies and through the original grant of
- * rights will get the value 2 or higher. The last thing
- * to do is to sweep through `letters' and keep the
- * elements having the value 2 as set, and clear all the
- * others.
- */
-
- printf(" Certificate proxy rights = %*.*s", i,
- i, s);
- while (i-- > 0) {
- int c = *s++;
- if (isascii(c) && isalpha(c)) {
- if (islower(c))
- c = toupper(c);
- letters[c - 'A']++;
- }
- }
- for (i = 0; i < 26; i++)
- if (letters[i] < 2)
- letters[i] = 0;
- else
- letters[i] = 1;
- }
-
- found_any = 0;
- printf(", resulting proxy rights = ");
- for (i = 0; i < 26; i++)
- if (letters[i]) {
- printf("%c", i + 'A');
- found_any = 1;
- }
- if (!found_any)
- printf("none");
- printf("\n");
-
- PROXY_CERT_INFO_EXTENSION_free(pci);
- }
- }
- }
-
- return (ok);
-}
-
-static void process_proxy_debug(int indent, const char *format, ...)
-{
- /* That's 80 > */
- static const char indentation[] =
- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
- char my_format[256];
- va_list args;
-
- BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
- indent, indent, indentation, format);
-
- va_start(args, format);
- vfprintf(stderr, my_format, args);
- va_end(args);
-}
-
-/*-
- * Priority levels:
- * 0 [!]var, ()
- * 1 & ^
- * 2 |
- */
-static int process_proxy_cond_adders(unsigned int letters[26],
- const char *cond, const char **cond_end,
- int *pos, int indent);
-static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
- const char **cond_end, int *pos, int indent)
-{
- int c;
- int ok = 1;
- int negate = 0;
-
- while (isspace((int)*cond)) {
- cond++;
- (*pos)++;
- }
- c = *cond;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_val at position %d: %s\n",
- *pos, cond);
-
- while (c == '!') {
- negate = !negate;
- cond++;
- (*pos)++;
- while (isspace((int)*cond)) {
- cond++;
- (*pos)++;
- }
- c = *cond;
- }
-
- if (c == '(') {
- cond++;
- (*pos)++;
- ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
- while (isspace((int)*cond)) {
- cond++;
- (*pos)++;
- }
- c = *cond;
- if (c != ')') {
- fprintf(stderr,
- "Weird condition character in position %d: "
- "%c\n", *pos, c);
- ok = -1;
- goto end;
- }
- cond++;
- (*pos)++;
- } else if (isascii(c) && isalpha(c)) {
- if (islower(c))
- c = toupper(c);
- ok = letters[c - 'A'];
- cond++;
- (*pos)++;
- } else {
- fprintf(stderr,
- "Weird condition character in position %d: " "%c\n", *pos, c);
- ok = -1;
- goto end;
- }
- end:
- *cond_end = cond;
- if (ok >= 0 && negate)
- ok = !ok;
-
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_val at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- return ok;
-}
-
-static int process_proxy_cond_multipliers(unsigned int letters[26],
- const char *cond,
- const char **cond_end, int *pos,
- int indent)
-{
- int ok;
- char c;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_multipliers at position %d: %s\n",
- *pos, cond);
-
- ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
-
- while (ok >= 0) {
- while (isspace((int)*cond)) {
- cond++;
- (*pos)++;
- }
- c = *cond;
-
- switch (c) {
- case '&':
- case '^':
- {
- int save_ok = ok;
-
- cond++;
- (*pos)++;
- ok = process_proxy_cond_val(letters,
- cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- break;
-
- switch (c) {
- case '&':
- ok &= save_ok;
- break;
- case '^':
- ok ^= save_ok;
- break;
- default:
- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
- " STOPPING\n");
- EXIT(1);
- }
- }
- break;
- default:
- goto end;
- }
- }
- end:
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- *cond_end = cond;
- return ok;
-}
-
-static int process_proxy_cond_adders(unsigned int letters[26],
- const char *cond, const char **cond_end,
- int *pos, int indent)
-{
- int ok;
- char c;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_adders at position %d: %s\n",
- *pos, cond);
-
- ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
-
- while (ok >= 0) {
- while (isspace((int)*cond)) {
- cond++;
- (*pos)++;
- }
- c = *cond;
-
- switch (c) {
- case '|':
- {
- int save_ok = ok;
-
- cond++;
- (*pos)++;
- ok = process_proxy_cond_multipliers(letters,
- cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- break;
-
- switch (c) {
- case '|':
- ok |= save_ok;
- break;
- default:
- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
- " STOPPING\n");
- EXIT(1);
- }
- }
break;
- default:
- goto end;
}
}
- end:
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_adders at position %d: %s, returning %d\n",
- *pos, cond, ok);
- *cond_end = cond;
- return ok;
-}
-
-static int process_proxy_cond(unsigned int letters[26],
- const char *cond, const char **cond_end)
-{
- int pos = 1;
- return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
+ return (ok);
}
static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
{
int ok = 1;
struct app_verify_arg *cb_arg = arg;
- unsigned int letters[26]; /* only used with proxy_auth */
if (cb_arg->app_verify) {
char *s = NULL, buf[256];
+ X509 *c = X509_STORE_CTX_get0_cert(ctx);
printf("In app_verify_callback, allowing cert. ");
printf("Arg is: %s\n", cb_arg->string);
printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
- (void *)ctx, (void *)ctx->cert);
- if (ctx->cert)
- s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
+ (void *)ctx, (void *)c);
+ if (c)
+ s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
if (s != NULL) {
- printf("cert depth=%d %s\n", ctx->error_depth, buf);
+ printf("cert depth=%d %s\n",
+ X509_STORE_CTX_get_error_depth(ctx), buf);
}
return (1);
}
- if (cb_arg->proxy_auth) {
- int found_any = 0, i;
- char *sp;
-
- for (i = 0; i < 26; i++)
- letters[i] = 0;
- for (sp = cb_arg->proxy_auth; *sp; sp++) {
- int c = *sp;
- if (isascii(c) && isalpha(c)) {
- if (islower(c))
- c = toupper(c);
- letters[c - 'A'] = 1;
- }
- }
- printf(" Initial proxy rights = ");
- for (i = 0; i < 26; i++)
- if (letters[i]) {
- printf("%c", i + 'A');
- found_any = 1;
- }
- if (!found_any)
- printf("none");
- printf("\n");
-
- X509_STORE_CTX_set_ex_data(ctx,
- get_proxy_auth_ex_data_idx(), letters);
- }
- if (cb_arg->allow_proxy_certs) {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
- }
ok = X509_verify_cert(ctx);
- if (cb_arg->proxy_auth) {
- if (ok > 0) {
- const char *cond_end = NULL;
-
- ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
-
- if (ok < 0)
- EXIT(3);
- if (*cond_end) {
- fprintf(stderr,
- "Stopped processing condition before it's end.\n");
- ok = 0;
- }
- if (!ok)
- fprintf(stderr,
- "Proxy rights check with condition '%s' invalid\n",
- cb_arg->proxy_cond);
- else
- printf("Proxy rights check with condition '%s' ok\n",
- cb_arg->proxy_cond);
- }
- }
return (ok);
}
0x02,
};
DH *dh;
+ BIGNUM *p, *g;
if ((dh = DH_new()) == NULL)
return (NULL);
- dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
+ BN_free(p);
+ BN_free(g);
return (NULL);
}
return (dh);
0x02,
};
DH *dh;
+ BIGNUM *p, *g;
if ((dh = DH_new()) == NULL)
return (NULL);
- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
- dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+ g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+ if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
+ BN_free(p);
+ BN_free(g);
return (NULL);
}
return (dh);
0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
};
DH *dh;
+ BIGNUM *p, *g;
if ((dh = DH_new()) == NULL)
return (NULL);
- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
- dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
+ p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+ g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+ if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
DH_free(dh);
+ BN_free(p);
+ BN_free(g);
return (NULL);
}
- dh->length = 160;
+ DH_set_length(dh, 160);
return (dh);
}
#endif
return psk_len;
}
#endif
-
-static int do_test_cipherlist(void)
-{
-#ifndef OPENSSL_NO_TLS
- int i = 0;
- const SSL_METHOD *meth;
- const SSL_CIPHER *ci, *tci = NULL;
-
- /*
- * This is required because ssltest "cheats" and uses internal headers to
- * call functions, thus avoiding auto-init
- */
- OPENSSL_init_crypto(0, NULL);
- OPENSSL_init_ssl(0, NULL);
-
- meth = TLS_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL) {
- if (tci != NULL)
- if (ci->id >= tci->id) {
- fprintf(stderr, "testing SSLv3 cipher list order: ");
- fprintf(stderr, "failed %x vs. %x\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
-#endif
-
- return 1;
-}
projects / openssl.git / blobdiff