X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fssltest_old.c;h=7d31d368c76bf9acd1ee03daff25ad27e7b4281b;hp=acadb669d2eb353dd3bf543b85b6fe67696fcfa4;hb=9e381e8a018592a2a42e83df402e1ef921469e9f;hpb=f367ac2b2664df272aa1903c7650f0c64f539d28 diff --git a/test/ssltest_old.c b/test/ssltest_old.c index acadb669d2..7d31d368c7 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -9,6 +9,8 @@ * https://www.openssl.org/source/license.html */ +#include "e_os.h" + /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #ifndef _BSD_SOURCE # define _BSD_SOURCE 1 @@ -25,8 +27,7 @@ #include #include -#define USE_SOCKETS -#include "e_os.h" +#include "internal/nelem.h" #ifdef OPENSSL_SYS_VMS /* @@ -280,7 +281,7 @@ static unsigned char *next_protos_parse(size_t *outlen, OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; @@ -611,10 +612,9 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, } static char *cipher = NULL; +static char *ciphersuites = NULL; static int verbose = 0; static int debug = 0; -static const char rnd_seed[] = - "string to make the random number generator think it has randomness"; int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long bytes, clock_t *s_time, clock_t *c_time); @@ -672,7 +672,8 @@ static void sv_usage(void) fprintf(stderr, " -c_cert arg - Client certificate file\n"); fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n"); + fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n"); fprintf(stderr, " -bio_pair - Use BIO pairs\n"); fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n"); fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); @@ -877,7 +878,8 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -918,7 +920,6 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; - cipher = 0; bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); @@ -927,8 +928,6 @@ int main(int argc, char *argv[]) CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); - bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -1048,6 +1047,10 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; cipher = *(++argv); + } else if (strcmp(*argv, "-ciphersuites") == 0) { + if (--argc < 1) + goto bad; + ciphersuites = *(++argv); } else if (strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; @@ -1264,7 +1267,7 @@ int main(int argc, char *argv[]) if (no_protocol) { fprintf(stderr, "Testing was requested for a disabled protocol. " "Skipping tests.\n"); - ret = 0; + ret = EXIT_SUCCESS; goto end; } @@ -1379,6 +1382,14 @@ int main(int argc, char *argv[]) goto end; } } + if (ciphersuites != NULL) { + if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) { + ERR_print_errors(bio_err); + goto end; + } + } #ifndef OPENSSL_NO_CT if (ct_validation && @@ -1473,9 +1484,9 @@ int main(int argc, char *argv[]) { int session_id_context = 0; if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof session_id_context) || + sizeof(session_id_context)) || !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof session_id_context)) { + sizeof(session_id_context))) { ERR_print_errors(bio_err); goto end; } @@ -1491,7 +1502,7 @@ int main(int argc, char *argv[]) * if PSK is not compiled in and psk key is given, do nothing and * exit successfully */ - ret = 0; + ret = EXIT_SUCCESS; goto end; } #ifndef OPENSSL_NO_PSK @@ -1710,26 +1721,26 @@ int main(int argc, char *argv[]) #else case BIO_IPV4: case BIO_IPV6: - ret = 1; + ret = EXIT_FAILURE; goto err; #endif } - if (ret) break; + if (ret != EXIT_SUCCESS) break; } - if (should_negotiate && ret == 0 && + if (should_negotiate && ret == EXIT_SUCCESS && strcmp(should_negotiate, "fail-server") != 0 && strcmp(should_negotiate, "fail-client") != 0) { int version = protocol_from_string(should_negotiate); if (version < 0) { BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); - ret = 1; + ret = EXIT_FAILURE; goto err; } if (SSL_version(c_ssl) != version) { BIO_printf(bio_err, "Unexpected version negotiated. " "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); - ret = 1; + ret = EXIT_FAILURE; goto err; } } @@ -1740,20 +1751,20 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "Unexpected session reuse state. " "Expected: %d, server: %d, client: %d\n", should_reuse, SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); - ret = 1; + ret = EXIT_FAILURE; goto err; } } if (server_sess_out != NULL) { if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) { - ret = 1; + ret = EXIT_FAILURE; goto err; } } if (client_sess_out != NULL) { if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) { - ret = 1; + ret = EXIT_FAILURE; goto err; } } @@ -1800,7 +1811,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 1; + ret = EXIT_FAILURE; #endif BIO_free(bio_err); EXIT(ret); @@ -1814,7 +1825,7 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *acpt = NULL, *server = NULL, *client = NULL; char addr_str[40]; - int ret = 1; + int ret = EXIT_FAILURE; int err_in_client = 0; int err_in_server = 0; @@ -1917,8 +1928,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -1996,8 +2007,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2047,35 +2058,26 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (verbose) print_details(c_ssl, "DONE via TCP connect: "); # ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto end; - } # endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; - goto err; - } - if (verify_alpn(c_ssl, s_ssl) < 0) { - ret = 1; goto err; } - if (verify_servername(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_alpn(c_ssl, s_ssl) < 0 + || verify_servername(c_ssl, s_ssl) < 0) goto err; - } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } # ifndef OPENSSL_NO_NEXTPROTONEG end: # endif - ret = 0; + ret = EXIT_SUCCESS; err: ERR_print_errors(bio_err); @@ -2087,9 +2089,9 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, BIO_free(c_ssl_bio); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; return ret; } @@ -2101,7 +2103,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; - int ret = 1; + int ret = EXIT_FAILURE; int err_in_client = 0; int err_in_server = 0; @@ -2156,7 +2158,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, * Useful functions for querying the state of BIO pair endpoints: * * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill * other side's read attempt * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now * @@ -2188,8 +2190,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -2267,8 +2269,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2430,35 +2432,26 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (verbose) print_details(c_ssl, "DONE via BIO pair: "); #ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto end; - } #endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; - goto err; - } - if (verify_alpn(c_ssl, s_ssl) < 0) { - ret = 1; goto err; } - if (verify_servername(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_alpn(c_ssl, s_ssl) < 0 + || verify_servername(c_ssl, s_ssl) < 0) goto err; - } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } #ifndef OPENSSL_NO_NEXTPROTONEG end: #endif - ret = 0; + ret = EXIT_SUCCESS; err: ERR_print_errors(bio_err); @@ -2471,9 +2464,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, BIO_free(c_ssl_bio); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; return ret; } @@ -2489,7 +2482,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) long bufsiz; long cw_num = count, cr_num = count; long sw_num = count, sr_num = count; - int ret = 1; + int ret = EXIT_FAILURE; BIO *c_to_s = NULL; BIO *s_to_c = NULL; BIO *c_bio = NULL; @@ -2737,22 +2730,18 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (verbose) print_details(c_ssl, "DONE: "); #ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto err; - } #endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; goto err; } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } - ret = 0; + ret = EXIT_SUCCESS; err: BIO_free(c_to_s); BIO_free(s_to_c); @@ -2762,11 +2751,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) OPENSSL_free(sbuf); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; - return (ret); + return ret; } static int verify_callback(int ok, X509_STORE_CTX *ctx) @@ -2774,7 +2763,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), - buf, sizeof buf); + buf, sizeof(buf)); if (s != NULL) { if (ok) printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); @@ -2801,7 +2790,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) } } - return (ok); + return ok; } static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) @@ -2823,12 +2812,12 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) printf("cert depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); } - return (1); + return 1; } ok = X509_verify_cert(ctx); - return (ok); + return ok; } #ifndef OPENSSL_NO_DH @@ -2861,16 +2850,16 @@ static DH *get_dh512() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } - return (dh); + return dh; } static DH *get_dh1024() @@ -2905,16 +2894,16 @@ static DH *get_dh1024() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } - return (dh); + return dh; } static DH *get_dh1024dsa() @@ -2969,17 +2958,17 @@ static DH *get_dh1024dsa() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } DH_set_length(dh, 160); - return (dh); + return dh; } #endif