X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fssltest_old.c;h=e974f6c15d3800e7852db318eaca68793d4b3ee5;hp=00fb1a88c7a3efbd097785a87e514cb3ce39a209;hb=7d79d13a564d5c065318aa47f4cd511eece449e8;hpb=ea1ecd9831cfe8de9dbeafdfec344b8c944c9b84 diff --git a/test/ssltest_old.c b/test/ssltest_old.c index 00fb1a88c7..e974f6c15d 100644 --- a/test/ssltest_old.c +++ b/test/ssltest_old.c @@ -1,5 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved + * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,37 +9,7 @@ * https://www.openssl.org/source/license.html */ -/* ==================================================================== - * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by - * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. - */ -/* ==================================================================== - * Copyright 2005 Nokia. All rights reserved. - * - * The portions of the attached software ("Contribution") is developed by - * Nokia Corporation and is licensed pursuant to the OpenSSL open source - * license. - * - * The Contribution, originally written by Mika Kousa and Pasi Eronen of - * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites - * support (see RFC 4279) to OpenSSL. - * - * No patent licenses or other rights except those expressly stated in - * the OpenSSL open source license shall be deemed granted or received - * expressly, by implication, estoppel, or otherwise. - * - * No assurances are provided by Nokia that the Contribution does not - * infringe the patent or other intellectual property rights of any third - * party or that the license provides you with all the necessary rights - * to make use of the Contribution. - * - * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN - * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA - * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY - * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR - * OTHERWISE. - */ +#include "e_os.h" /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #ifndef _BSD_SOURCE @@ -55,8 +27,7 @@ #include #include -#define USE_SOCKETS -#include "e_os.h" +#include "internal/nelem.h" #ifdef OPENSSL_SYS_VMS /* @@ -285,7 +256,6 @@ static int verify_servername(SSL *client, SSL *server) * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. - * err: (maybe NULL) on failure, an error message line is written to this BIO. * in: a NUL terminated string like "abc,def,ghi" * * returns: a malloced buffer or NULL on failure. @@ -311,7 +281,7 @@ static unsigned char *next_protos_parse(size_t *outlen, OPENSSL_free(out); return NULL; } - out[start] = i - start; + out[start] = (unsigned char)(i - start); start = i + 1; } else out[i + 1] = in[i]; @@ -453,7 +423,7 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, return 1; } -static int verify_serverinfo() +static int verify_serverinfo(void) { if (serverinfo_sct != serverinfo_sct_seen) return -1; @@ -642,10 +612,9 @@ static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, } static char *cipher = NULL; +static char *ciphersuites = NULL; static int verbose = 0; static int debug = 0; -static const char rnd_seed[] = - "string to make the random number generator think it has entropy"; int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long bytes, clock_t *s_time, clock_t *c_time); @@ -703,7 +672,8 @@ static void sv_usage(void) fprintf(stderr, " -c_cert arg - Client certificate file\n"); fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n"); + fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n"); fprintf(stderr, " -bio_pair - Use BIO pairs\n"); fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n"); fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n"); @@ -908,7 +878,8 @@ int main(int argc, char *argv[]) int badop = 0; enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM; int force = 0; - int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1; + int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0; + int ret = EXIT_FAILURE; int client_auth = 0; int server_auth = 0, i; struct app_verify_arg app_verify_arg = @@ -949,7 +920,6 @@ int main(int argc, char *argv[]) verbose = 0; debug = 0; - cipher = 0; bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); @@ -958,8 +928,6 @@ int main(int argc, char *argv[]) CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - RAND_seed(rnd_seed, sizeof rnd_seed); - bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT); s_cctx = SSL_CONF_CTX_new(); @@ -1079,6 +1047,10 @@ int main(int argc, char *argv[]) if (--argc < 1) goto bad; cipher = *(++argv); + } else if (strcmp(*argv, "-ciphersuites") == 0) { + if (--argc < 1) + goto bad; + ciphersuites = *(++argv); } else if (strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; @@ -1295,7 +1267,7 @@ int main(int argc, char *argv[]) if (no_protocol) { fprintf(stderr, "Testing was requested for a disabled protocol. " "Skipping tests.\n"); - ret = 0; + ret = EXIT_SUCCESS; goto end; } @@ -1358,17 +1330,24 @@ int main(int argc, char *argv[]) } else if (tls1_2) { min_version = TLS1_2_VERSION; max_version = TLS1_2_VERSION; + } else { + min_version = SSL3_VERSION; + max_version = TLS_MAX_VERSION; } #endif #ifndef OPENSSL_NO_DTLS - if (dtls || dtls1 || dtls12) + if (dtls || dtls1 || dtls12) { meth = DTLS_method(); - if (dtls1) { - min_version = DTLS1_VERSION; - max_version = DTLS1_VERSION; - } else if (dtls12) { - min_version = DTLS1_2_VERSION; - max_version = DTLS1_2_VERSION; + if (dtls1) { + min_version = DTLS1_VERSION; + max_version = DTLS1_VERSION; + } else if (dtls12) { + min_version = DTLS1_2_VERSION; + max_version = DTLS1_2_VERSION; + } else { + min_version = DTLS_MIN_VERSION; + max_version = DTLS_MAX_VERSION; + } } #endif @@ -1410,6 +1389,14 @@ int main(int argc, char *argv[]) goto end; } } + if (ciphersuites != NULL) { + if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites) + || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) { + ERR_print_errors(bio_err); + goto end; + } + } #ifndef OPENSSL_NO_CT if (ct_validation && @@ -1504,9 +1491,9 @@ int main(int argc, char *argv[]) { int session_id_context = 0; if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, - sizeof session_id_context) || + sizeof(session_id_context)) || !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context, - sizeof session_id_context)) { + sizeof(session_id_context))) { ERR_print_errors(bio_err); goto end; } @@ -1522,7 +1509,7 @@ int main(int argc, char *argv[]) * if PSK is not compiled in and psk key is given, do nothing and * exit successfully */ - ret = 0; + ret = EXIT_SUCCESS; goto end; } #ifndef OPENSSL_NO_PSK @@ -1741,26 +1728,26 @@ int main(int argc, char *argv[]) #else case BIO_IPV4: case BIO_IPV6: - ret = 1; + ret = EXIT_FAILURE; goto err; #endif } - if (ret) break; + if (ret != EXIT_SUCCESS) break; } - if (should_negotiate && ret == 0 && + if (should_negotiate && ret == EXIT_SUCCESS && strcmp(should_negotiate, "fail-server") != 0 && strcmp(should_negotiate, "fail-client") != 0) { int version = protocol_from_string(should_negotiate); if (version < 0) { BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); - ret = 1; + ret = EXIT_FAILURE; goto err; } if (SSL_version(c_ssl) != version) { - BIO_printf(bio_err, "Unxpected version negotiated. " + BIO_printf(bio_err, "Unexpected version negotiated. " "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); - ret = 1; + ret = EXIT_FAILURE; goto err; } } @@ -1771,20 +1758,20 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "Unexpected session reuse state. " "Expected: %d, server: %d, client: %d\n", should_reuse, SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); - ret = 1; + ret = EXIT_FAILURE; goto err; } } if (server_sess_out != NULL) { if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) { - ret = 1; + ret = EXIT_FAILURE; goto err; } } if (client_sess_out != NULL) { if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) { - ret = 1; + ret = EXIT_FAILURE; goto err; } } @@ -1831,7 +1818,7 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (CRYPTO_mem_leaks(bio_err) <= 0) - ret = 1; + ret = EXIT_FAILURE; #endif BIO_free(bio_err); EXIT(ret); @@ -1845,11 +1832,12 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *acpt = NULL, *server = NULL, *client = NULL; char addr_str[40]; - int ret = 1; + int ret = EXIT_FAILURE; int err_in_client = 0; int err_in_server = 0; - acpt = BIO_new_accept("0"); + acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0" + : "[::1]:0"); if (acpt == NULL) goto err; BIO_set_accept_ip_family(acpt, family); @@ -1948,8 +1936,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -2027,8 +2015,8 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2078,35 +2066,26 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, if (verbose) print_details(c_ssl, "DONE via TCP connect: "); # ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto end; - } # endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; - goto err; - } - if (verify_alpn(c_ssl, s_ssl) < 0) { - ret = 1; goto err; } - if (verify_servername(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_alpn(c_ssl, s_ssl) < 0 + || verify_servername(c_ssl, s_ssl) < 0) goto err; - } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } # ifndef OPENSSL_NO_NEXTPROTONEG end: # endif - ret = 0; + ret = EXIT_SUCCESS; err: ERR_print_errors(bio_err); @@ -2118,9 +2097,9 @@ int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count, BIO_free(c_ssl_bio); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; return ret; } @@ -2132,7 +2111,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, long cw_num = count, cr_num = count, sw_num = count, sr_num = count; BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; - int ret = 1; + int ret = EXIT_FAILURE; int err_in_client = 0; int err_in_server = 0; @@ -2187,7 +2166,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, * Useful functions for querying the state of BIO pair endpoints: * * BIO_ctrl_pending(bio) number of bytes we can read now - * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil + * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill * other side's read attempt * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now * @@ -2219,8 +2198,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (cw_num > 0) { /* Write to server. */ - if (cw_num > (long)sizeof cbuf) - i = sizeof cbuf; + if (cw_num > (long)sizeof(cbuf)) + i = sizeof(cbuf); else i = (int)cw_num; r = BIO_write(c_ssl_bio, cbuf, i); @@ -2298,8 +2277,8 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (sw_num > 0) { /* Write to client. */ - if (sw_num > (long)sizeof sbuf) - i = sizeof sbuf; + if (sw_num > (long)sizeof(sbuf)) + i = sizeof(sbuf); else i = (int)sw_num; r = BIO_write(s_ssl_bio, sbuf, i); @@ -2461,35 +2440,26 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, if (verbose) print_details(c_ssl, "DONE via BIO pair: "); #ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto end; - } #endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; - goto err; - } - if (verify_alpn(c_ssl, s_ssl) < 0) { - ret = 1; goto err; } - if (verify_servername(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_alpn(c_ssl, s_ssl) < 0 + || verify_servername(c_ssl, s_ssl) < 0) goto err; - } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } #ifndef OPENSSL_NO_NEXTPROTONEG end: #endif - ret = 0; + ret = EXIT_SUCCESS; err: ERR_print_errors(bio_err); @@ -2502,9 +2472,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, BIO_free(c_ssl_bio); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; return ret; } @@ -2520,7 +2490,7 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) long bufsiz; long cw_num = count, cr_num = count; long sw_num = count, sr_num = count; - int ret = 1; + int ret = EXIT_FAILURE; BIO *c_to_s = NULL; BIO *s_to_c = NULL; BIO *c_bio = NULL; @@ -2768,22 +2738,18 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (verbose) print_details(c_ssl, "DONE: "); #ifndef OPENSSL_NO_NEXTPROTONEG - if (verify_npn(c_ssl, s_ssl) < 0) { - ret = 1; + if (verify_npn(c_ssl, s_ssl) < 0) goto err; - } #endif if (verify_serverinfo() < 0) { fprintf(stderr, "Server info verify error\n"); - ret = 1; goto err; } if (custom_ext_error) { fprintf(stderr, "Custom extension error\n"); - ret = 1; goto err; } - ret = 0; + ret = EXIT_SUCCESS; err: BIO_free(c_to_s); BIO_free(s_to_c); @@ -2793,11 +2759,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) OPENSSL_free(sbuf); if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0) - ret = (err_in_client != 0) ? 0 : 1; + ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE; else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0) - ret = (err_in_server != 0) ? 0 : 1; + ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE; - return (ret); + return ret; } static int verify_callback(int ok, X509_STORE_CTX *ctx) @@ -2805,7 +2771,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) char *s, buf[256]; s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), - buf, sizeof buf); + buf, sizeof(buf)); if (s != NULL) { if (ok) printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); @@ -2832,7 +2798,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx) } } - return (ok); + return ok; } static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) @@ -2854,12 +2820,12 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) printf("cert depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf); } - return (1); + return 1; } ok = X509_verify_cert(ctx); - return (ok); + return ok; } #ifndef OPENSSL_NO_DH @@ -2870,7 +2836,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) * $ openssl dhparam -C -noout -dsaparam 1024 * (The third function has been renamed to avoid name conflicts.) */ -static DH *get_dh512() +static DH *get_dh512(void) { static unsigned char dh512_p[] = { 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, @@ -2892,19 +2858,19 @@ static DH *get_dh512() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } - return (dh); + return dh; } -static DH *get_dh1024() +static DH *get_dh1024(void) { static unsigned char dh1024_p[] = { 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, @@ -2936,19 +2902,19 @@ static DH *get_dh1024() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } - return (dh); + return dh; } -static DH *get_dh1024dsa() +static DH *get_dh1024dsa(void) { static unsigned char dh1024_p[] = { 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, @@ -3000,17 +2966,17 @@ static DH *get_dh1024dsa() BIGNUM *p, *g; if ((dh = DH_new()) == NULL) - return (NULL); + return NULL; p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) { DH_free(dh); BN_free(p); BN_free(g); - return (NULL); + return NULL; } DH_set_length(dh, 160); - return (dh); + return dh; } #endif