Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(793)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/ssl/ssltest.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/ssl/ssl_txt.c ('k') | openssl/ssl/t1_clnt.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* ssl/ssltest.c */ 1 /* ssl/ssltest.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
106 * This product includes cryptographic software written by Eric Young 106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim 107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com). 108 * Hudson (tjh@cryptsoft.com).
109 * 109 *
110 */ 110 */
111 /* ==================================================================== 111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
116 142
117 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly 143 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
118 on Linux and GNU platforms. */ 144 on Linux and GNU platforms. */
119 145
120 #include <assert.h> 146 #include <assert.h>
121 #include <errno.h> 147 #include <errno.h>
122 #include <limits.h> 148 #include <limits.h>
123 #include <stdio.h> 149 #include <stdio.h>
124 #include <stdlib.h> 150 #include <stdlib.h>
125 #include <string.h> 151 #include <string.h>
126 #include <time.h> 152 #include <time.h>
127 153
128 #define USE_SOCKETS 154 #define USE_SOCKETS
129 #include "e_os.h" 155 #include "e_os.h"
130 156
157 #ifdef OPENSSL_SYS_VMS
131 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on 158 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
132 VMS (at least with DECompHP C). */ 159 VMS (at least with DECompHP C). */
160 #endif
161
133 #include <ctype.h> 162 #include <ctype.h>
134 163
135 #include <openssl/bio.h> 164 #include <openssl/bio.h>
136 #include <openssl/crypto.h> 165 #include <openssl/crypto.h>
137 #include <openssl/evp.h> 166 #include <openssl/evp.h>
138 #include <openssl/x509.h> 167 #include <openssl/x509.h>
139 #include <openssl/x509v3.h> 168 #include <openssl/x509v3.h>
140 #include <openssl/ssl.h> 169 #include <openssl/ssl.h>
141 #ifndef OPENSSL_NO_ENGINE 170 #ifndef OPENSSL_NO_ENGINE
142 #include <openssl/engine.h> 171 #include <openssl/engine.h>
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
200 char *proxy_auth; 229 char *proxy_auth;
201 char *proxy_cond; 230 char *proxy_cond;
202 }; 231 };
203 232
204 #ifndef OPENSSL_NO_DH 233 #ifndef OPENSSL_NO_DH
205 static DH *get_dh512(void); 234 static DH *get_dh512(void);
206 static DH *get_dh1024(void); 235 static DH *get_dh1024(void);
207 static DH *get_dh1024dsa(void); 236 static DH *get_dh1024dsa(void);
208 #endif 237 #endif
209 238
239
240 static char *psk_key=NULL; /* by default PSK is not used */
241 #ifndef OPENSSL_NO_PSK
242 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi ty,
243 unsigned int max_identity_len, unsigned char *psk,
244 unsigned int max_psk_len);
245 static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
246 unsigned int max_psk_len);
247 #endif
248
210 static BIO *bio_err=NULL; 249 static BIO *bio_err=NULL;
211 static BIO *bio_stdout=NULL; 250 static BIO *bio_stdout=NULL;
212 251
213 static char *cipher=NULL; 252 static char *cipher=NULL;
214 static int verbose=0; 253 static int verbose=0;
215 static int debug=0; 254 static int debug=0;
216 #if 0 255 #if 0
217 /* Not used yet. */ 256 /* Not used yet. */
218 #ifdef FIONBIO 257 #ifdef FIONBIO
219 static int s_nbio=0; 258 static int s_nbio=0;
220 #endif 259 #endif
221 #endif 260 #endif
222 261
223 static const char rnd_seed[] = "string to make the random number generator think it has entropy"; 262 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
224 263
225 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_tim e); 264 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_tim e);
226 int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 265 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
227 static int do_test_cipherlist(void); 266 static int do_test_cipherlist(void);
228 static void sv_usage(void) 267 static void sv_usage(void)
229 { 268 {
230 fprintf(stderr,"usage: ssltest [args ...]\n"); 269 fprintf(stderr,"usage: ssltest [args ...]\n");
231 fprintf(stderr,"\n"); 270 fprintf(stderr,"\n");
232 #ifdef OPENSSL_FIPS
233 fprintf(stderr,"-F - run test in FIPS mode\n");
234 #endif
235 fprintf(stderr," -server_auth - check server certificate\n"); 271 fprintf(stderr," -server_auth - check server certificate\n");
236 fprintf(stderr," -client_auth - do client authentication\n"); 272 fprintf(stderr," -client_auth - do client authentication\n");
237 fprintf(stderr," -proxy - allow proxy certificates\n"); 273 fprintf(stderr," -proxy - allow proxy certificates\n");
238 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n"); 274 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
239 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rig hts\n"); 275 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rig hts\n");
240 fprintf(stderr," -v - more output\n"); 276 fprintf(stderr," -v - more output\n");
241 fprintf(stderr," -d - debug output\n"); 277 fprintf(stderr," -d - debug output\n");
242 fprintf(stderr," -reuse - use session-id reuse\n"); 278 fprintf(stderr," -reuse - use session-id reuse\n");
243 fprintf(stderr," -num <val> - number of connections to perform\n"); 279 fprintf(stderr," -num <val> - number of connections to perform\n");
244 fprintf(stderr," -bytes <val> - number of bytes to swap between client/ server\n"); 280 fprintf(stderr," -bytes <val> - number of bytes to swap between client/ server\n");
245 #ifndef OPENSSL_NO_DH 281 #ifndef OPENSSL_NO_DH
246 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n "); 282 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n ");
247 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime ) for DHE\n"); 283 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime ) for DHE\n");
248 fprintf(stderr," -no_dhe - disable DHE\n"); 284 fprintf(stderr," -no_dhe - disable DHE\n");
249 #endif 285 #endif
250 #ifndef OPENSSL_NO_ECDH 286 #ifndef OPENSSL_NO_ECDH
251 fprintf(stderr," -no_ecdhe - disable ECDHE\n"); 287 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
252 #endif 288 #endif
289 #ifndef OPENSSL_NO_PSK
290 fprintf(stderr," -psk arg - PSK in hex (without 0x)\n");
291 #endif
253 #ifndef OPENSSL_NO_SSL2 292 #ifndef OPENSSL_NO_SSL2
254 fprintf(stderr," -ssl2 - use SSLv2\n"); 293 fprintf(stderr," -ssl2 - use SSLv2\n");
255 #endif 294 #endif
256 #ifndef OPENSSL_NO_SSL3 295 #ifndef OPENSSL_NO_SSL3
257 fprintf(stderr," -ssl3 - use SSLv3\n"); 296 fprintf(stderr," -ssl3 - use SSLv3\n");
258 #endif 297 #endif
259 #ifndef OPENSSL_NO_TLS1 298 #ifndef OPENSSL_NO_TLS1
260 fprintf(stderr," -tls1 - use TLSv1\n"); 299 fprintf(stderr," -tls1 - use TLSv1\n");
261 #endif 300 #endif
262 fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); 301 fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
263 fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); 302 fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
264 fprintf(stderr," -cert arg - Server certificate file\n"); 303 fprintf(stderr," -cert arg - Server certificate file\n");
265 fprintf(stderr," -key arg - Server key file (default: same as -cert )\n"); 304 fprintf(stderr," -key arg - Server key file (default: same as -cert )\n");
266 fprintf(stderr," -c_cert arg - Client certificate file\n"); 305 fprintf(stderr," -c_cert arg - Client certificate file\n");
267 fprintf(stderr," -c_key arg - Client key file (default: same as -c_ce rt)\n"); 306 fprintf(stderr," -c_key arg - Client key file (default: same as -c_ce rt)\n");
268 fprintf(stderr," -cipher arg - The cipher list\n"); 307 fprintf(stderr," -cipher arg - The cipher list\n");
269 fprintf(stderr," -bio_pair - Use BIO pairs\n"); 308 fprintf(stderr," -bio_pair - Use BIO pairs\n");
270 fprintf(stderr," -f - Test even cases that can't work\n"); 309 fprintf(stderr," -f - Test even cases that can't work\n");
271 fprintf(stderr," -time - measure processor time used by client a nd server\n"); 310 fprintf(stderr," -time - measure processor time used by client a nd server\n");
272 fprintf(stderr," -zlib - use zlib compression\n"); 311 fprintf(stderr," -zlib - use zlib compression\n");
273 fprintf(stderr," -rle - use rle compression\n"); 312 fprintf(stderr," -rle - use rle compression\n");
274 #ifndef OPENSSL_NO_ECDH 313 #ifndef OPENSSL_NO_ECDH
275 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephe meral ECDH keys.\n" \ 314 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephe meral ECDH keys.\n" \
276 " Use \"openssl ecparam -list_curves\" fo r all names\n" \ 315 " Use \"openssl ecparam -list_curves\" fo r all names\n" \
277 " (default is sect163r2).\n"); 316 " (default is sect163r2).\n");
278 #endif 317 #endif
279 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); 318 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
280 » fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for str ong ciphers\n"); 319 » fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n");
320 » fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n");
321 » fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for stro ng ciphers\n");
281 } 322 }
282 323
283 static void print_details(SSL *c_ssl, const char *prefix) 324 static void print_details(SSL *c_ssl, const char *prefix)
284 { 325 {
285 » SSL_CIPHER *ciph; 326 » const SSL_CIPHER *ciph;
286 X509 *cert; 327 X509 *cert;
287 328
288 ciph=SSL_get_current_cipher(c_ssl); 329 ciph=SSL_get_current_cipher(c_ssl);
289 BIO_printf(bio_stdout,"%s%s, cipher %s %s", 330 BIO_printf(bio_stdout,"%s%s, cipher %s %s",
290 prefix, 331 prefix,
291 SSL_get_version(c_ssl), 332 SSL_get_version(c_ssl),
292 SSL_CIPHER_get_version(ciph), 333 SSL_CIPHER_get_version(ciph),
293 SSL_CIPHER_get_name(ciph)); 334 SSL_CIPHER_get_name(ciph));
294 cert=SSL_get_peer_certificate(c_ssl); 335 cert=SSL_get_peer_certificate(c_ssl);
295 if (cert != NULL) 336 if (cert != NULL)
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after
380 421
381 err: 422 err:
382 if (errstr) 423 if (errstr)
383 { 424 {
384 /* we cannot use bio_err here */ 425 /* we cannot use bio_err here */
385 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", 426 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
386 errstr, mode, type, file, line); 427 errstr, mode, type, file, line);
387 } 428 }
388 } 429 }
389 430
431 #ifdef TLSEXT_TYPE_opaque_prf_input
432 struct cb_info_st { void *input; size_t len; int ret; };
433 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
434 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
435 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
436 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
437
438 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
439 {
440 struct cb_info_st *arg = arg_;
441
442 if (arg == NULL)
443 return 1;
444
445 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
446 return 0;
447 return arg->ret;
448 }
449 #endif
450 int ssl_mode = 0;
451 int c_small_records=0;
452 int s_small_records=0;
453 int cutthrough = 0;
390 454
391 int main(int argc, char *argv[]) 455 int main(int argc, char *argv[])
392 { 456 {
393 char *CApath=NULL,*CAfile=NULL; 457 char *CApath=NULL,*CAfile=NULL;
394 int badop=0; 458 int badop=0;
395 int bio_pair=0; 459 int bio_pair=0;
396 int force=0; 460 int force=0;
397 int tls1=0,ssl2=0,ssl3=0,ret=1; 461 int tls1=0,ssl2=0,ssl3=0,ret=1;
398 int client_auth=0; 462 int client_auth=0;
399 int server_auth=0,i; 463 int server_auth=0,i;
400 struct app_verify_arg app_verify_arg = 464 struct app_verify_arg app_verify_arg =
401 { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; 465 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
402 char *server_cert=TEST_SERVER_CERT; 466 char *server_cert=TEST_SERVER_CERT;
403 char *server_key=NULL; 467 char *server_key=NULL;
404 char *client_cert=TEST_CLIENT_CERT; 468 char *client_cert=TEST_CLIENT_CERT;
405 char *client_key=NULL; 469 char *client_key=NULL;
406 #ifndef OPENSSL_NO_ECDH 470 #ifndef OPENSSL_NO_ECDH
407 char *named_curve = NULL; 471 char *named_curve = NULL;
408 #endif 472 #endif
409 SSL_CTX *s_ctx=NULL; 473 SSL_CTX *s_ctx=NULL;
410 SSL_CTX *c_ctx=NULL; 474 SSL_CTX *c_ctx=NULL;
411 » SSL_METHOD *meth=NULL; 475 » const SSL_METHOD *meth=NULL;
412 SSL *c_ssl,*s_ssl; 476 SSL *c_ssl,*s_ssl;
413 int number=1,reuse=0; 477 int number=1,reuse=0;
414 long bytes=256L; 478 long bytes=256L;
415 #ifndef OPENSSL_NO_DH 479 #ifndef OPENSSL_NO_DH
416 DH *dh; 480 DH *dh;
417 » int dhe1024 = 1, dhe1024dsa = 0; 481 » int dhe1024 = 0, dhe1024dsa = 0;
418 #endif 482 #endif
419 #ifndef OPENSSL_NO_ECDH 483 #ifndef OPENSSL_NO_ECDH
420 EC_KEY *ecdh = NULL; 484 EC_KEY *ecdh = NULL;
421 #endif 485 #endif
422 int no_dhe = 0; 486 int no_dhe = 0;
423 int no_ecdhe = 0; 487 int no_ecdhe = 0;
488 int no_psk = 0;
424 int print_time = 0; 489 int print_time = 0;
425 clock_t s_time = 0, c_time = 0; 490 clock_t s_time = 0, c_time = 0;
426 int comp = 0; 491 int comp = 0;
427 #ifndef OPENSSL_NO_COMP 492 #ifndef OPENSSL_NO_COMP
428 COMP_METHOD *cm = NULL; 493 COMP_METHOD *cm = NULL;
429 #endif 494 #endif
430 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; 495 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
431 int test_cipherlist = 0; 496 int test_cipherlist = 0;
432 #ifdef OPENSSL_FIPS
433 int fips_mode=0;
434 #endif
435 int ssl_mode = 0;
436 int cutthrough = 0;
437 497
438 verbose = 0; 498 verbose = 0;
439 debug = 0; 499 debug = 0;
440 cipher = 0; 500 cipher = 0;
441 501
442 » bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);» 502 » bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);»
443 503
444 CRYPTO_set_locking_callback(lock_dbg_cb); 504 CRYPTO_set_locking_callback(lock_dbg_cb);
445 505
446 /* enable memory leak checking unless explicitly disabled */ 506 /* enable memory leak checking unless explicitly disabled */
447 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("O PENSSL_DEBUG_MEMORY"), "off")))) 507 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("O PENSSL_DEBUG_MEMORY"), "off"))))
448 { 508 {
449 CRYPTO_malloc_debug_init(); 509 CRYPTO_malloc_debug_init();
450 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); 510 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
451 } 511 }
452 else 512 else
453 { 513 {
454 /* OPENSSL_DEBUG_MEMORY=off */ 514 /* OPENSSL_DEBUG_MEMORY=off */
455 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); 515 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
456 } 516 }
457 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 517 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
458 518
459 RAND_seed(rnd_seed, sizeof rnd_seed); 519 RAND_seed(rnd_seed, sizeof rnd_seed);
460 520
461 » bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); 521 » bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
462 522
463 argc--; 523 argc--;
464 argv++; 524 argv++;
465 525
466 while (argc >= 1) 526 while (argc >= 1)
467 { 527 {
468 » » if(!strcmp(*argv,"-F")) 528 » » if» (strcmp(*argv,"-server_auth") == 0)
469 » » » {
470 #ifdef OPENSSL_FIPS
471 » » » fips_mode=1;
472 #else
473 » » » fprintf(stderr,"not compiled with FIPS support, so exitt ing without running.\n");
474 » » » EXIT(0);
475 #endif
476 » » » }
477 » » else if»(strcmp(*argv,"-server_auth") == 0)
478 server_auth=1; 529 server_auth=1;
479 else if (strcmp(*argv,"-client_auth") == 0) 530 else if (strcmp(*argv,"-client_auth") == 0)
480 client_auth=1; 531 client_auth=1;
481 else if (strcmp(*argv,"-proxy_auth") == 0) 532 else if (strcmp(*argv,"-proxy_auth") == 0)
482 { 533 {
483 if (--argc < 1) goto bad; 534 if (--argc < 1) goto bad;
484 app_verify_arg.proxy_auth= *(++argv); 535 app_verify_arg.proxy_auth= *(++argv);
485 } 536 }
486 else if (strcmp(*argv,"-proxy_cond") == 0) 537 else if (strcmp(*argv,"-proxy_cond") == 0)
487 { 538 {
(...skipping 19 matching lines...) Expand all
507 #ifndef OPENSSL_NO_DH 558 #ifndef OPENSSL_NO_DH
508 dhe1024dsa=1; 559 dhe1024dsa=1;
509 #else 560 #else
510 fprintf(stderr,"ignoring -dhe1024, since I'm compiled wi thout DH\n"); 561 fprintf(stderr,"ignoring -dhe1024, since I'm compiled wi thout DH\n");
511 #endif 562 #endif
512 } 563 }
513 else if (strcmp(*argv,"-no_dhe") == 0) 564 else if (strcmp(*argv,"-no_dhe") == 0)
514 no_dhe=1; 565 no_dhe=1;
515 else if (strcmp(*argv,"-no_ecdhe") == 0) 566 else if (strcmp(*argv,"-no_ecdhe") == 0)
516 no_ecdhe=1; 567 no_ecdhe=1;
568 else if (strcmp(*argv,"-psk") == 0)
569 {
570 if (--argc < 1) goto bad;
571 psk_key=*(++argv);
572 #ifndef OPENSSL_NO_PSK
573 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen( psk_key))
574 {
575 BIO_printf(bio_err,"Not a hex number '%s'\n",*ar gv);
576 goto bad;
577 }
578 #else
579 no_psk=1;
580 #endif
581 }
517 else if (strcmp(*argv,"-ssl2") == 0) 582 else if (strcmp(*argv,"-ssl2") == 0)
518 ssl2=1; 583 ssl2=1;
519 else if (strcmp(*argv,"-tls1") == 0) 584 else if (strcmp(*argv,"-tls1") == 0)
520 tls1=1; 585 tls1=1;
521 else if (strcmp(*argv,"-ssl3") == 0) 586 else if (strcmp(*argv,"-ssl3") == 0)
522 ssl3=1; 587 ssl3=1;
523 else if (strncmp(*argv,"-num",4) == 0) 588 else if (strncmp(*argv,"-num",4) == 0)
524 { 589 {
525 if (--argc < 1) goto bad; 590 if (--argc < 1) goto bad;
526 number= atoi(*(++argv)); 591 number= atoi(*(++argv));
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after
615 app_verify_arg.app_verify = 1; 680 app_verify_arg.app_verify = 1;
616 } 681 }
617 else if (strcmp(*argv,"-proxy") == 0) 682 else if (strcmp(*argv,"-proxy") == 0)
618 { 683 {
619 app_verify_arg.allow_proxy_certs = 1; 684 app_verify_arg.allow_proxy_certs = 1;
620 } 685 }
621 else if (strcmp(*argv,"-test_cipherlist") == 0) 686 else if (strcmp(*argv,"-test_cipherlist") == 0)
622 { 687 {
623 test_cipherlist = 1; 688 test_cipherlist = 1;
624 } 689 }
690 else if (strcmp(*argv, "-c_small_records") == 0)
691 {
692 c_small_records = 1;
693 }
694 else if (strcmp(*argv, "-s_small_records") == 0)
695 {
696 s_small_records = 1;
697 }
625 else if (strcmp(*argv, "-cutthrough") == 0) 698 else if (strcmp(*argv, "-cutthrough") == 0)
626 { 699 {
627 cutthrough = 1; 700 cutthrough = 1;
628 } 701 }
629 else 702 else
630 { 703 {
631 fprintf(stderr,"unknown option %s\n",*argv); 704 fprintf(stderr,"unknown option %s\n",*argv);
632 badop=1; 705 badop=1;
633 break; 706 break;
634 } 707 }
(...skipping 18 matching lines...) Expand all
653 726
654 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 727 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
655 { 728 {
656 fprintf(stderr, "This case cannot work. Use -f to perform " 729 fprintf(stderr, "This case cannot work. Use -f to perform "
657 "the test anyway (and\n-d to see what happens), " 730 "the test anyway (and\n-d to see what happens), "
658 "or add one of -ssl2, -ssl3, -tls1, -reuse\n" 731 "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
659 "to avoid protocol mismatch.\n"); 732 "to avoid protocol mismatch.\n");
660 EXIT(1); 733 EXIT(1);
661 } 734 }
662 735
663 #ifdef OPENSSL_FIPS
664 if(fips_mode)
665 {
666 if(!FIPS_mode_set(1))
667 {
668 ERR_load_crypto_strings();
669 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
670 EXIT(1);
671 }
672 else
673 fprintf(stderr,"*** IN FIPS MODE ***\n");
674 }
675 #endif
676
677 if (print_time) 736 if (print_time)
678 { 737 {
679 if (!bio_pair) 738 if (!bio_pair)
680 { 739 {
681 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); 740 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
682 bio_pair = 1; 741 bio_pair = 1;
683 } 742 }
684 if (number < 50 && !force) 743 if (number < 50 && !force)
685 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); 744 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
686 } 745 }
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
754 { 813 {
755 ERR_print_errors(bio_err); 814 ERR_print_errors(bio_err);
756 goto end; 815 goto end;
757 } 816 }
758 817
759 if (cipher != NULL) 818 if (cipher != NULL)
760 { 819 {
761 SSL_CTX_set_cipher_list(c_ctx,cipher); 820 SSL_CTX_set_cipher_list(c_ctx,cipher);
762 SSL_CTX_set_cipher_list(s_ctx,cipher); 821 SSL_CTX_set_cipher_list(s_ctx,cipher);
763 } 822 }
823
824 ssl_mode = 0;
825 if (c_small_records)
826 {
827 ssl_mode = SSL_CTX_get_mode(c_ctx);
828 ssl_mode |= SSL_MODE_SMALL_BUFFERS;
829 SSL_CTX_set_mode(c_ctx, ssl_mode);
830 }
831 ssl_mode = 0;
832 if (s_small_records)
833 {
834 ssl_mode = SSL_CTX_get_mode(s_ctx);
835 ssl_mode |= SSL_MODE_SMALL_BUFFERS;
836 SSL_CTX_set_mode(s_ctx, ssl_mode);
837 }
764 ssl_mode = 0; 838 ssl_mode = 0;
765 if (cutthrough) 839 if (cutthrough)
766 { 840 {
767 ssl_mode = SSL_CTX_get_mode(c_ctx); 841 ssl_mode = SSL_CTX_get_mode(c_ctx);
768 ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH; 842 ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH;
769 SSL_CTX_set_mode(c_ctx, ssl_mode); 843 SSL_CTX_set_mode(c_ctx, ssl_mode);
770 } 844 }
771 845
772 #ifndef OPENSSL_NO_DH 846 #ifndef OPENSSL_NO_DH
773 if (!no_dhe) 847 if (!no_dhe)
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
818 EC_KEY_free(ecdh); 892 EC_KEY_free(ecdh);
819 } 893 }
820 #else 894 #else
821 (void)no_ecdhe; 895 (void)no_ecdhe;
822 #endif 896 #endif
823 897
824 #ifndef OPENSSL_NO_RSA 898 #ifndef OPENSSL_NO_RSA
825 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 899 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
826 #endif 900 #endif
827 901
902 #ifdef TLSEXT_TYPE_opaque_prf_input
903 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb) ;
904 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb) ;
905 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co 2 or NULL */
906 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so 2 or NULL */
907 #endif
908
828 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) 909 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
829 { 910 {
830 ERR_print_errors(bio_err); 911 ERR_print_errors(bio_err);
831 } 912 }
832 else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 913 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
833 (server_key?server_key:server_cert), SSL_FILETYPE_PEM)) 914 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
834 { 915 {
835 ERR_print_errors(bio_err); 916 ERR_print_errors(bio_err);
836 goto end; 917 goto end;
837 } 918 }
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
869 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, 950 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
870 verify_callback); 951 verify_callback);
871 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &ap p_verify_arg); 952 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &ap p_verify_arg);
872 } 953 }
873 954
874 { 955 {
875 int session_id_context = 0; 956 int session_id_context = 0;
876 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_contex t, sizeof session_id_context); 957 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_contex t, sizeof session_id_context);
877 } 958 }
878 959
960 /* Use PSK only if PSK key is given */
961 if (psk_key != NULL)
962 {
963 /* no_psk is used to avoid putting psk command to openssl tool * /
964 if (no_psk)
965 {
966 /* if PSK is not compiled in and psk key is
967 * given, do nothing and exit successfully */
968 ret=0;
969 goto end;
970 }
971 #ifndef OPENSSL_NO_PSK
972 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
973 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
974 if (debug)
975 BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n ");
976 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_h int"))
977 {
978 BIO_printf(bio_err,"error setting PSK identity hint to s _ctx\n");
979 ERR_print_errors(bio_err);
980 goto end;
981 }
982 #endif
983 }
984
879 c_ssl=SSL_new(c_ctx); 985 c_ssl=SSL_new(c_ctx);
880 s_ssl=SSL_new(s_ctx); 986 s_ssl=SSL_new(s_ctx);
881 987
882 #ifndef OPENSSL_NO_KRB5 988 #ifndef OPENSSL_NO_KRB5
883 if (c_ssl && c_ssl->kssl_ctx) 989 if (c_ssl && c_ssl->kssl_ctx)
884 { 990 {
885 char localhost[MAXHOSTNAMELEN+2]; 991 char localhost[MAXHOSTNAMELEN+2];
886 992
887 if (gethostname(localhost, sizeof localhost-1) == 0) 993 if (gethostname(localhost, sizeof localhost-1) == 0)
888 { 994 {
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
945 if (bio_stdout != NULL) BIO_free(bio_stdout); 1051 if (bio_stdout != NULL) BIO_free(bio_stdout);
946 1052
947 #ifndef OPENSSL_NO_RSA 1053 #ifndef OPENSSL_NO_RSA
948 free_tmp_rsa(); 1054 free_tmp_rsa();
949 #endif 1055 #endif
950 #ifndef OPENSSL_NO_ENGINE 1056 #ifndef OPENSSL_NO_ENGINE
951 ENGINE_cleanup(); 1057 ENGINE_cleanup();
952 #endif 1058 #endif
953 CRYPTO_cleanup_all_ex_data(); 1059 CRYPTO_cleanup_all_ex_data();
954 ERR_free_strings(); 1060 ERR_free_strings();
955 » ERR_remove_state(0); 1061 » ERR_remove_thread_state(NULL);
956 EVP_cleanup(); 1062 EVP_cleanup();
957 CRYPTO_mem_leaks(bio_err); 1063 CRYPTO_mem_leaks(bio_err);
958 if (bio_err != NULL) BIO_free(bio_err); 1064 if (bio_err != NULL) BIO_free(bio_err);
959 EXIT(ret); 1065 EXIT(ret);
960 return ret; 1066 return ret;
961 } 1067 }
962 1068
963 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, 1069 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
964 clock_t *s_time, clock_t *c_time) 1070 clock_t *s_time, clock_t *c_time)
965 { 1071 {
(...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after
1358 { 1464 {
1359 MS_STATIC char cbuf[1024*8],sbuf[1024*8]; 1465 MS_STATIC char cbuf[1024*8],sbuf[1024*8];
1360 long cw_num=count,cr_num=count; 1466 long cw_num=count,cr_num=count;
1361 long sw_num=count,sr_num=count; 1467 long sw_num=count,sr_num=count;
1362 int ret=1; 1468 int ret=1;
1363 BIO *c_to_s=NULL; 1469 BIO *c_to_s=NULL;
1364 BIO *s_to_c=NULL; 1470 BIO *s_to_c=NULL;
1365 BIO *c_bio=NULL; 1471 BIO *c_bio=NULL;
1366 BIO *s_bio=NULL; 1472 BIO *s_bio=NULL;
1367 int c_r,c_w,s_r,s_w; 1473 int c_r,c_w,s_r,s_w;
1368 int c_want,s_want;
1369 int i,j; 1474 int i,j;
1370 int done=0; 1475 int done=0;
1371 int c_write,s_write; 1476 int c_write,s_write;
1372 int do_server=0,do_client=0; 1477 int do_server=0,do_client=0;
1373 1478
1374 memset(cbuf,0,sizeof(cbuf)); 1479 memset(cbuf,0,sizeof(cbuf));
1375 memset(sbuf,0,sizeof(sbuf)); 1480 memset(sbuf,0,sizeof(sbuf));
1376 1481
1377 c_to_s=BIO_new(BIO_s_mem()); 1482 c_to_s=BIO_new(BIO_s_mem());
1378 s_to_c=BIO_new(BIO_s_mem()); 1483 s_to_c=BIO_new(BIO_s_mem());
(...skipping 14 matching lines...) Expand all
1393 SSL_set_connect_state(c_ssl); 1498 SSL_set_connect_state(c_ssl);
1394 SSL_set_bio(c_ssl,s_to_c,c_to_s); 1499 SSL_set_bio(c_ssl,s_to_c,c_to_s);
1395 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); 1500 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
1396 1501
1397 SSL_set_accept_state(s_ssl); 1502 SSL_set_accept_state(s_ssl);
1398 SSL_set_bio(s_ssl,c_to_s,s_to_c); 1503 SSL_set_bio(s_ssl,c_to_s,s_to_c);
1399 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); 1504 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
1400 1505
1401 c_r=0; s_r=1; 1506 c_r=0; s_r=1;
1402 c_w=1; s_w=0; 1507 c_w=1; s_w=0;
1403 c_want=W_WRITE;
1404 s_want=0;
1405 c_write=1,s_write=0; 1508 c_write=1,s_write=0;
1406 1509
1407 /* We can always do writes */ 1510 /* We can always do writes */
1408 for (;;) 1511 for (;;)
1409 { 1512 {
1410 do_server=0; 1513 do_server=0;
1411 do_client=0; 1514 do_client=0;
1412 1515
1413 i=(int)BIO_pending(s_bio); 1516 i=(int)BIO_pending(s_bio);
1414 if ((i && s_r) || s_w) do_server=1; 1517 if ((i && s_r) || s_w) do_server=1;
(...skipping 680 matching lines...) Expand 10 before | Expand all | Expand 10 after
2095 2198
2096 X509_STORE_CTX_set_ex_data(ctx, 2199 X509_STORE_CTX_set_ex_data(ctx,
2097 get_proxy_auth_ex_data_idx(),letters); 2200 get_proxy_auth_ex_data_idx(),letters);
2098 } 2201 }
2099 if (cb_arg->allow_proxy_certs) 2202 if (cb_arg->allow_proxy_certs)
2100 { 2203 {
2101 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); 2204 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
2102 } 2205 }
2103 2206
2104 #ifndef OPENSSL_NO_X509_VERIFY 2207 #ifndef OPENSSL_NO_X509_VERIFY
2208 # ifdef OPENSSL_FIPS
2209 if(s->version == TLS1_VERSION)
2210 FIPS_allow_md5(1);
2211 # endif
2105 ok = X509_verify_cert(ctx); 2212 ok = X509_verify_cert(ctx);
2213 # ifdef OPENSSL_FIPS
2214 if(s->version == TLS1_VERSION)
2215 FIPS_allow_md5(0);
2216 # endif
2106 #endif 2217 #endif
2107 2218
2108 if (cb_arg->proxy_auth) 2219 if (cb_arg->proxy_auth)
2109 { 2220 {
2110 if (ok > 0) 2221 if (ok > 0)
2111 { 2222 {
2112 const char *cond_end = NULL; 2223 const char *cond_end = NULL;
2113 2224
2114 ok = process_proxy_cond(letters, 2225 ok = process_proxy_cond(letters,
2115 cb_arg->proxy_cond, &cond_end); 2226 cb_arg->proxy_cond, &cond_end);
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after
2264 if ((dh=DH_new()) == NULL) return(NULL); 2375 if ((dh=DH_new()) == NULL) return(NULL);
2265 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); 2376 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
2266 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); 2377 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
2267 if ((dh->p == NULL) || (dh->g == NULL)) 2378 if ((dh->p == NULL) || (dh->g == NULL))
2268 { DH_free(dh); return(NULL); } 2379 { DH_free(dh); return(NULL); }
2269 dh->length = 160; 2380 dh->length = 160;
2270 return(dh); 2381 return(dh);
2271 } 2382 }
2272 #endif 2383 #endif
2273 2384
2385 #ifndef OPENSSL_NO_PSK
2386 /* convert the PSK key (psk_key) in ascii to binary (psk) */
2387 static int psk_key2bn(const char *pskkey, unsigned char *psk,
2388 unsigned int max_psk_len)
2389 {
2390 int ret;
2391 BIGNUM *bn = NULL;
2392
2393 ret = BN_hex2bn(&bn, pskkey);
2394 if (!ret)
2395 {
2396 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey);
2397 if (bn)
2398 BN_free(bn);
2399 return 0;
2400 }
2401 if (BN_num_bytes(bn) > (int)max_psk_len)
2402 {
2403 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
2404 max_psk_len, BN_num_bytes(bn));
2405 BN_free(bn);
2406 return 0;
2407 }
2408 ret = BN_bn2bin(bn, psk);
2409 BN_free(bn);
2410 return ret;
2411 }
2412
2413 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi ty,
2414 unsigned int max_identity_len, unsigned char *psk,
2415 unsigned int max_psk_len)
2416 {
2417 int ret;
2418 unsigned int psk_len = 0;
2419
2420 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
2421 if (ret < 0)
2422 goto out_err;
2423 if (debug)
2424 fprintf(stderr, "client: created identity '%s' len=%d\n", identi ty, ret);
2425 ret = psk_key2bn(psk_key, psk, max_psk_len);
2426 if (ret < 0)
2427 goto out_err;
2428 psk_len = ret;
2429 out_err:
2430 return psk_len;
2431 }
2432
2433 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
2434 unsigned char *psk, unsigned int max_psk_len)
2435 {
2436 unsigned int psk_len=0;
2437
2438 if (strcmp(identity, "Client_identity") != 0)
2439 {
2440 BIO_printf(bio_err, "server: PSK error: client identity not foun d\n");
2441 return 0;
2442 }
2443 psk_len=psk_key2bn(psk_key, psk, max_psk_len);
2444 return psk_len;
2445 }
2446 #endif
2447
2274 static int do_test_cipherlist(void) 2448 static int do_test_cipherlist(void)
2275 { 2449 {
2276 int i = 0; 2450 int i = 0;
2277 const SSL_METHOD *meth; 2451 const SSL_METHOD *meth;
2278 » SSL_CIPHER *ci, *tci = NULL; 2452 » const SSL_CIPHER *ci, *tci = NULL;
2279 2453
2280 #ifndef OPENSSL_NO_SSL2 2454 #ifndef OPENSSL_NO_SSL2
2281 fprintf(stderr, "testing SSLv2 cipher list order: "); 2455 fprintf(stderr, "testing SSLv2 cipher list order: ");
2282 meth = SSLv2_method(); 2456 meth = SSLv2_method();
2283 while ((ci = meth->get_cipher(i++)) != NULL) 2457 while ((ci = meth->get_cipher(i++)) != NULL)
2284 { 2458 {
2285 if (tci != NULL) 2459 if (tci != NULL)
2286 if (ci->id >= tci->id) 2460 if (ci->id >= tci->id)
2287 { 2461 {
2288 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 2462 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
2320 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 2494 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2321 return 0; 2495 return 0;
2322 } 2496 }
2323 tci = ci; 2497 tci = ci;
2324 } 2498 }
2325 fprintf(stderr, "ok\n"); 2499 fprintf(stderr, "ok\n");
2326 #endif 2500 #endif
2327 2501
2328 return 1; 2502 return 1;
2329 } 2503 }
OLDNEW
« no previous file with comments | « openssl/ssl/ssl_txt.c ('k') | openssl/ssl/t1_clnt.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698