OLD | NEW |
1 /* ssl/ssltest.c */ | 1 /* ssl/ssltest.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 * This product includes cryptographic software written by Eric Young | 106 * This product includes cryptographic software written by Eric Young |
107 * (eay@cryptsoft.com). This product includes software written by Tim | 107 * (eay@cryptsoft.com). This product includes software written by Tim |
108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
109 * | 109 * |
110 */ | 110 */ |
111 /* ==================================================================== | 111 /* ==================================================================== |
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. |
113 * ECC cipher suite support in OpenSSL originally developed by | 113 * ECC cipher suite support in OpenSSL originally developed by |
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. |
115 */ | 115 */ |
| 116 /* ==================================================================== |
| 117 * Copyright 2005 Nokia. All rights reserved. |
| 118 * |
| 119 * The portions of the attached software ("Contribution") is developed by |
| 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source |
| 121 * license. |
| 122 * |
| 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of |
| 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites |
| 125 * support (see RFC 4279) to OpenSSL. |
| 126 * |
| 127 * No patent licenses or other rights except those expressly stated in |
| 128 * the OpenSSL open source license shall be deemed granted or received |
| 129 * expressly, by implication, estoppel, or otherwise. |
| 130 * |
| 131 * No assurances are provided by Nokia that the Contribution does not |
| 132 * infringe the patent or other intellectual property rights of any third |
| 133 * party or that the license provides you with all the necessary rights |
| 134 * to make use of the Contribution. |
| 135 * |
| 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN |
| 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA |
| 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY |
| 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR |
| 140 * OTHERWISE. |
| 141 */ |
116 | 142 |
117 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly | 143 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly |
118 on Linux and GNU platforms. */ | 144 on Linux and GNU platforms. */ |
119 | 145 |
120 #include <assert.h> | 146 #include <assert.h> |
121 #include <errno.h> | 147 #include <errno.h> |
122 #include <limits.h> | 148 #include <limits.h> |
123 #include <stdio.h> | 149 #include <stdio.h> |
124 #include <stdlib.h> | 150 #include <stdlib.h> |
125 #include <string.h> | 151 #include <string.h> |
126 #include <time.h> | 152 #include <time.h> |
127 | 153 |
128 #define USE_SOCKETS | 154 #define USE_SOCKETS |
129 #include "e_os.h" | 155 #include "e_os.h" |
130 | 156 |
| 157 #ifdef OPENSSL_SYS_VMS |
131 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on | 158 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on |
132 VMS (at least with DECompHP C). */ | 159 VMS (at least with DECompHP C). */ |
| 160 #endif |
| 161 |
133 #include <ctype.h> | 162 #include <ctype.h> |
134 | 163 |
135 #include <openssl/bio.h> | 164 #include <openssl/bio.h> |
136 #include <openssl/crypto.h> | 165 #include <openssl/crypto.h> |
137 #include <openssl/evp.h> | 166 #include <openssl/evp.h> |
138 #include <openssl/x509.h> | 167 #include <openssl/x509.h> |
139 #include <openssl/x509v3.h> | 168 #include <openssl/x509v3.h> |
140 #include <openssl/ssl.h> | 169 #include <openssl/ssl.h> |
141 #ifndef OPENSSL_NO_ENGINE | 170 #ifndef OPENSSL_NO_ENGINE |
142 #include <openssl/engine.h> | 171 #include <openssl/engine.h> |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
200 char *proxy_auth; | 229 char *proxy_auth; |
201 char *proxy_cond; | 230 char *proxy_cond; |
202 }; | 231 }; |
203 | 232 |
204 #ifndef OPENSSL_NO_DH | 233 #ifndef OPENSSL_NO_DH |
205 static DH *get_dh512(void); | 234 static DH *get_dh512(void); |
206 static DH *get_dh1024(void); | 235 static DH *get_dh1024(void); |
207 static DH *get_dh1024dsa(void); | 236 static DH *get_dh1024dsa(void); |
208 #endif | 237 #endif |
209 | 238 |
| 239 |
| 240 static char *psk_key=NULL; /* by default PSK is not used */ |
| 241 #ifndef OPENSSL_NO_PSK |
| 242 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi
ty, |
| 243 unsigned int max_identity_len, unsigned char *psk, |
| 244 unsigned int max_psk_len); |
| 245 static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned
char *psk, |
| 246 unsigned int max_psk_len); |
| 247 #endif |
| 248 |
210 static BIO *bio_err=NULL; | 249 static BIO *bio_err=NULL; |
211 static BIO *bio_stdout=NULL; | 250 static BIO *bio_stdout=NULL; |
212 | 251 |
213 static char *cipher=NULL; | 252 static char *cipher=NULL; |
214 static int verbose=0; | 253 static int verbose=0; |
215 static int debug=0; | 254 static int debug=0; |
216 #if 0 | 255 #if 0 |
217 /* Not used yet. */ | 256 /* Not used yet. */ |
218 #ifdef FIONBIO | 257 #ifdef FIONBIO |
219 static int s_nbio=0; | 258 static int s_nbio=0; |
220 #endif | 259 #endif |
221 #endif | 260 #endif |
222 | 261 |
223 static const char rnd_seed[] = "string to make the random number generator think
it has entropy"; | 262 static const char rnd_seed[] = "string to make the random number generator think
it has entropy"; |
224 | 263 |
225 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_tim
e); | 264 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_tim
e); |
226 int doit(SSL *s_ssl,SSL *c_ssl,long bytes); | 265 int doit(SSL *s_ssl,SSL *c_ssl,long bytes); |
227 static int do_test_cipherlist(void); | 266 static int do_test_cipherlist(void); |
228 static void sv_usage(void) | 267 static void sv_usage(void) |
229 { | 268 { |
230 fprintf(stderr,"usage: ssltest [args ...]\n"); | 269 fprintf(stderr,"usage: ssltest [args ...]\n"); |
231 fprintf(stderr,"\n"); | 270 fprintf(stderr,"\n"); |
232 #ifdef OPENSSL_FIPS | |
233 fprintf(stderr,"-F - run test in FIPS mode\n"); | |
234 #endif | |
235 fprintf(stderr," -server_auth - check server certificate\n"); | 271 fprintf(stderr," -server_auth - check server certificate\n"); |
236 fprintf(stderr," -client_auth - do client authentication\n"); | 272 fprintf(stderr," -client_auth - do client authentication\n"); |
237 fprintf(stderr," -proxy - allow proxy certificates\n"); | 273 fprintf(stderr," -proxy - allow proxy certificates\n"); |
238 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n"); | 274 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n"); |
239 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rig
hts\n"); | 275 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rig
hts\n"); |
240 fprintf(stderr," -v - more output\n"); | 276 fprintf(stderr," -v - more output\n"); |
241 fprintf(stderr," -d - debug output\n"); | 277 fprintf(stderr," -d - debug output\n"); |
242 fprintf(stderr," -reuse - use session-id reuse\n"); | 278 fprintf(stderr," -reuse - use session-id reuse\n"); |
243 fprintf(stderr," -num <val> - number of connections to perform\n"); | 279 fprintf(stderr," -num <val> - number of connections to perform\n"); |
244 fprintf(stderr," -bytes <val> - number of bytes to swap between client/
server\n"); | 280 fprintf(stderr," -bytes <val> - number of bytes to swap between client/
server\n"); |
245 #ifndef OPENSSL_NO_DH | 281 #ifndef OPENSSL_NO_DH |
246 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n
"); | 282 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n
"); |
247 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime
) for DHE\n"); | 283 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime
) for DHE\n"); |
248 fprintf(stderr," -no_dhe - disable DHE\n"); | 284 fprintf(stderr," -no_dhe - disable DHE\n"); |
249 #endif | 285 #endif |
250 #ifndef OPENSSL_NO_ECDH | 286 #ifndef OPENSSL_NO_ECDH |
251 fprintf(stderr," -no_ecdhe - disable ECDHE\n"); | 287 fprintf(stderr," -no_ecdhe - disable ECDHE\n"); |
252 #endif | 288 #endif |
| 289 #ifndef OPENSSL_NO_PSK |
| 290 fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); |
| 291 #endif |
253 #ifndef OPENSSL_NO_SSL2 | 292 #ifndef OPENSSL_NO_SSL2 |
254 fprintf(stderr," -ssl2 - use SSLv2\n"); | 293 fprintf(stderr," -ssl2 - use SSLv2\n"); |
255 #endif | 294 #endif |
256 #ifndef OPENSSL_NO_SSL3 | 295 #ifndef OPENSSL_NO_SSL3 |
257 fprintf(stderr," -ssl3 - use SSLv3\n"); | 296 fprintf(stderr," -ssl3 - use SSLv3\n"); |
258 #endif | 297 #endif |
259 #ifndef OPENSSL_NO_TLS1 | 298 #ifndef OPENSSL_NO_TLS1 |
260 fprintf(stderr," -tls1 - use TLSv1\n"); | 299 fprintf(stderr," -tls1 - use TLSv1\n"); |
261 #endif | 300 #endif |
262 fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); | 301 fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); |
263 fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); | 302 fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); |
264 fprintf(stderr," -cert arg - Server certificate file\n"); | 303 fprintf(stderr," -cert arg - Server certificate file\n"); |
265 fprintf(stderr," -key arg - Server key file (default: same as -cert
)\n"); | 304 fprintf(stderr," -key arg - Server key file (default: same as -cert
)\n"); |
266 fprintf(stderr," -c_cert arg - Client certificate file\n"); | 305 fprintf(stderr," -c_cert arg - Client certificate file\n"); |
267 fprintf(stderr," -c_key arg - Client key file (default: same as -c_ce
rt)\n"); | 306 fprintf(stderr," -c_key arg - Client key file (default: same as -c_ce
rt)\n"); |
268 fprintf(stderr," -cipher arg - The cipher list\n"); | 307 fprintf(stderr," -cipher arg - The cipher list\n"); |
269 fprintf(stderr," -bio_pair - Use BIO pairs\n"); | 308 fprintf(stderr," -bio_pair - Use BIO pairs\n"); |
270 fprintf(stderr," -f - Test even cases that can't work\n"); | 309 fprintf(stderr," -f - Test even cases that can't work\n"); |
271 fprintf(stderr," -time - measure processor time used by client a
nd server\n"); | 310 fprintf(stderr," -time - measure processor time used by client a
nd server\n"); |
272 fprintf(stderr," -zlib - use zlib compression\n"); | 311 fprintf(stderr," -zlib - use zlib compression\n"); |
273 fprintf(stderr," -rle - use rle compression\n"); | 312 fprintf(stderr," -rle - use rle compression\n"); |
274 #ifndef OPENSSL_NO_ECDH | 313 #ifndef OPENSSL_NO_ECDH |
275 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephe
meral ECDH keys.\n" \ | 314 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephe
meral ECDH keys.\n" \ |
276 " Use \"openssl ecparam -list_curves\" fo
r all names\n" \ | 315 " Use \"openssl ecparam -list_curves\" fo
r all names\n" \ |
277 " (default is sect163r2).\n"); | 316 " (default is sect163r2).\n"); |
278 #endif | 317 #endif |
279 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher
lists\n"); | 318 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher
lists\n"); |
280 » fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for str
ong ciphers\n"); | 319 » fprintf(stderr," -c_small_records - enable client side use of small SSL
record buffers\n"); |
| 320 » fprintf(stderr," -s_small_records - enable server side use of small SSL
record buffers\n"); |
| 321 » fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for stro
ng ciphers\n"); |
281 } | 322 } |
282 | 323 |
283 static void print_details(SSL *c_ssl, const char *prefix) | 324 static void print_details(SSL *c_ssl, const char *prefix) |
284 { | 325 { |
285 » SSL_CIPHER *ciph; | 326 » const SSL_CIPHER *ciph; |
286 X509 *cert; | 327 X509 *cert; |
287 | 328 |
288 ciph=SSL_get_current_cipher(c_ssl); | 329 ciph=SSL_get_current_cipher(c_ssl); |
289 BIO_printf(bio_stdout,"%s%s, cipher %s %s", | 330 BIO_printf(bio_stdout,"%s%s, cipher %s %s", |
290 prefix, | 331 prefix, |
291 SSL_get_version(c_ssl), | 332 SSL_get_version(c_ssl), |
292 SSL_CIPHER_get_version(ciph), | 333 SSL_CIPHER_get_version(ciph), |
293 SSL_CIPHER_get_name(ciph)); | 334 SSL_CIPHER_get_name(ciph)); |
294 cert=SSL_get_peer_certificate(c_ssl); | 335 cert=SSL_get_peer_certificate(c_ssl); |
295 if (cert != NULL) | 336 if (cert != NULL) |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
380 | 421 |
381 err: | 422 err: |
382 if (errstr) | 423 if (errstr) |
383 { | 424 { |
384 /* we cannot use bio_err here */ | 425 /* we cannot use bio_err here */ |
385 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at
%s:%d\n", | 426 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at
%s:%d\n", |
386 errstr, mode, type, file, line); | 427 errstr, mode, type, file, line); |
387 } | 428 } |
388 } | 429 } |
389 | 430 |
| 431 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 432 struct cb_info_st { void *input; size_t len; int ret; }; |
| 433 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ |
| 434 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ |
| 435 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ |
| 436 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ |
| 437 |
| 438 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) |
| 439 { |
| 440 struct cb_info_st *arg = arg_; |
| 441 |
| 442 if (arg == NULL) |
| 443 return 1; |
| 444 |
| 445 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) |
| 446 return 0; |
| 447 return arg->ret; |
| 448 } |
| 449 #endif |
| 450 int ssl_mode = 0; |
| 451 int c_small_records=0; |
| 452 int s_small_records=0; |
| 453 int cutthrough = 0; |
390 | 454 |
391 int main(int argc, char *argv[]) | 455 int main(int argc, char *argv[]) |
392 { | 456 { |
393 char *CApath=NULL,*CAfile=NULL; | 457 char *CApath=NULL,*CAfile=NULL; |
394 int badop=0; | 458 int badop=0; |
395 int bio_pair=0; | 459 int bio_pair=0; |
396 int force=0; | 460 int force=0; |
397 int tls1=0,ssl2=0,ssl3=0,ret=1; | 461 int tls1=0,ssl2=0,ssl3=0,ret=1; |
398 int client_auth=0; | 462 int client_auth=0; |
399 int server_auth=0,i; | 463 int server_auth=0,i; |
400 struct app_verify_arg app_verify_arg = | 464 struct app_verify_arg app_verify_arg = |
401 { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; | 465 { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; |
402 char *server_cert=TEST_SERVER_CERT; | 466 char *server_cert=TEST_SERVER_CERT; |
403 char *server_key=NULL; | 467 char *server_key=NULL; |
404 char *client_cert=TEST_CLIENT_CERT; | 468 char *client_cert=TEST_CLIENT_CERT; |
405 char *client_key=NULL; | 469 char *client_key=NULL; |
406 #ifndef OPENSSL_NO_ECDH | 470 #ifndef OPENSSL_NO_ECDH |
407 char *named_curve = NULL; | 471 char *named_curve = NULL; |
408 #endif | 472 #endif |
409 SSL_CTX *s_ctx=NULL; | 473 SSL_CTX *s_ctx=NULL; |
410 SSL_CTX *c_ctx=NULL; | 474 SSL_CTX *c_ctx=NULL; |
411 » SSL_METHOD *meth=NULL; | 475 » const SSL_METHOD *meth=NULL; |
412 SSL *c_ssl,*s_ssl; | 476 SSL *c_ssl,*s_ssl; |
413 int number=1,reuse=0; | 477 int number=1,reuse=0; |
414 long bytes=256L; | 478 long bytes=256L; |
415 #ifndef OPENSSL_NO_DH | 479 #ifndef OPENSSL_NO_DH |
416 DH *dh; | 480 DH *dh; |
417 » int dhe1024 = 1, dhe1024dsa = 0; | 481 » int dhe1024 = 0, dhe1024dsa = 0; |
418 #endif | 482 #endif |
419 #ifndef OPENSSL_NO_ECDH | 483 #ifndef OPENSSL_NO_ECDH |
420 EC_KEY *ecdh = NULL; | 484 EC_KEY *ecdh = NULL; |
421 #endif | 485 #endif |
422 int no_dhe = 0; | 486 int no_dhe = 0; |
423 int no_ecdhe = 0; | 487 int no_ecdhe = 0; |
| 488 int no_psk = 0; |
424 int print_time = 0; | 489 int print_time = 0; |
425 clock_t s_time = 0, c_time = 0; | 490 clock_t s_time = 0, c_time = 0; |
426 int comp = 0; | 491 int comp = 0; |
427 #ifndef OPENSSL_NO_COMP | 492 #ifndef OPENSSL_NO_COMP |
428 COMP_METHOD *cm = NULL; | 493 COMP_METHOD *cm = NULL; |
429 #endif | 494 #endif |
430 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | 495 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
431 int test_cipherlist = 0; | 496 int test_cipherlist = 0; |
432 #ifdef OPENSSL_FIPS | |
433 int fips_mode=0; | |
434 #endif | |
435 int ssl_mode = 0; | |
436 int cutthrough = 0; | |
437 | 497 |
438 verbose = 0; | 498 verbose = 0; |
439 debug = 0; | 499 debug = 0; |
440 cipher = 0; | 500 cipher = 0; |
441 | 501 |
442 » bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);» | 502 » bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);» |
443 | 503 |
444 CRYPTO_set_locking_callback(lock_dbg_cb); | 504 CRYPTO_set_locking_callback(lock_dbg_cb); |
445 | 505 |
446 /* enable memory leak checking unless explicitly disabled */ | 506 /* enable memory leak checking unless explicitly disabled */ |
447 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("O
PENSSL_DEBUG_MEMORY"), "off")))) | 507 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("O
PENSSL_DEBUG_MEMORY"), "off")))) |
448 { | 508 { |
449 CRYPTO_malloc_debug_init(); | 509 CRYPTO_malloc_debug_init(); |
450 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); | 510 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); |
451 } | 511 } |
452 else | 512 else |
453 { | 513 { |
454 /* OPENSSL_DEBUG_MEMORY=off */ | 514 /* OPENSSL_DEBUG_MEMORY=off */ |
455 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); | 515 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); |
456 } | 516 } |
457 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | 517 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); |
458 | 518 |
459 RAND_seed(rnd_seed, sizeof rnd_seed); | 519 RAND_seed(rnd_seed, sizeof rnd_seed); |
460 | 520 |
461 » bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); | 521 » bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT); |
462 | 522 |
463 argc--; | 523 argc--; |
464 argv++; | 524 argv++; |
465 | 525 |
466 while (argc >= 1) | 526 while (argc >= 1) |
467 { | 527 { |
468 » » if(!strcmp(*argv,"-F")) | 528 » » if» (strcmp(*argv,"-server_auth") == 0) |
469 » » » { | |
470 #ifdef OPENSSL_FIPS | |
471 » » » fips_mode=1; | |
472 #else | |
473 » » » fprintf(stderr,"not compiled with FIPS support, so exitt
ing without running.\n"); | |
474 » » » EXIT(0); | |
475 #endif | |
476 » » » } | |
477 » » else if»(strcmp(*argv,"-server_auth") == 0) | |
478 server_auth=1; | 529 server_auth=1; |
479 else if (strcmp(*argv,"-client_auth") == 0) | 530 else if (strcmp(*argv,"-client_auth") == 0) |
480 client_auth=1; | 531 client_auth=1; |
481 else if (strcmp(*argv,"-proxy_auth") == 0) | 532 else if (strcmp(*argv,"-proxy_auth") == 0) |
482 { | 533 { |
483 if (--argc < 1) goto bad; | 534 if (--argc < 1) goto bad; |
484 app_verify_arg.proxy_auth= *(++argv); | 535 app_verify_arg.proxy_auth= *(++argv); |
485 } | 536 } |
486 else if (strcmp(*argv,"-proxy_cond") == 0) | 537 else if (strcmp(*argv,"-proxy_cond") == 0) |
487 { | 538 { |
(...skipping 19 matching lines...) Expand all Loading... |
507 #ifndef OPENSSL_NO_DH | 558 #ifndef OPENSSL_NO_DH |
508 dhe1024dsa=1; | 559 dhe1024dsa=1; |
509 #else | 560 #else |
510 fprintf(stderr,"ignoring -dhe1024, since I'm compiled wi
thout DH\n"); | 561 fprintf(stderr,"ignoring -dhe1024, since I'm compiled wi
thout DH\n"); |
511 #endif | 562 #endif |
512 } | 563 } |
513 else if (strcmp(*argv,"-no_dhe") == 0) | 564 else if (strcmp(*argv,"-no_dhe") == 0) |
514 no_dhe=1; | 565 no_dhe=1; |
515 else if (strcmp(*argv,"-no_ecdhe") == 0) | 566 else if (strcmp(*argv,"-no_ecdhe") == 0) |
516 no_ecdhe=1; | 567 no_ecdhe=1; |
| 568 else if (strcmp(*argv,"-psk") == 0) |
| 569 { |
| 570 if (--argc < 1) goto bad; |
| 571 psk_key=*(++argv); |
| 572 #ifndef OPENSSL_NO_PSK |
| 573 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(
psk_key)) |
| 574 { |
| 575 BIO_printf(bio_err,"Not a hex number '%s'\n",*ar
gv); |
| 576 goto bad; |
| 577 } |
| 578 #else |
| 579 no_psk=1; |
| 580 #endif |
| 581 } |
517 else if (strcmp(*argv,"-ssl2") == 0) | 582 else if (strcmp(*argv,"-ssl2") == 0) |
518 ssl2=1; | 583 ssl2=1; |
519 else if (strcmp(*argv,"-tls1") == 0) | 584 else if (strcmp(*argv,"-tls1") == 0) |
520 tls1=1; | 585 tls1=1; |
521 else if (strcmp(*argv,"-ssl3") == 0) | 586 else if (strcmp(*argv,"-ssl3") == 0) |
522 ssl3=1; | 587 ssl3=1; |
523 else if (strncmp(*argv,"-num",4) == 0) | 588 else if (strncmp(*argv,"-num",4) == 0) |
524 { | 589 { |
525 if (--argc < 1) goto bad; | 590 if (--argc < 1) goto bad; |
526 number= atoi(*(++argv)); | 591 number= atoi(*(++argv)); |
(...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
615 app_verify_arg.app_verify = 1; | 680 app_verify_arg.app_verify = 1; |
616 } | 681 } |
617 else if (strcmp(*argv,"-proxy") == 0) | 682 else if (strcmp(*argv,"-proxy") == 0) |
618 { | 683 { |
619 app_verify_arg.allow_proxy_certs = 1; | 684 app_verify_arg.allow_proxy_certs = 1; |
620 } | 685 } |
621 else if (strcmp(*argv,"-test_cipherlist") == 0) | 686 else if (strcmp(*argv,"-test_cipherlist") == 0) |
622 { | 687 { |
623 test_cipherlist = 1; | 688 test_cipherlist = 1; |
624 } | 689 } |
| 690 else if (strcmp(*argv, "-c_small_records") == 0) |
| 691 { |
| 692 c_small_records = 1; |
| 693 } |
| 694 else if (strcmp(*argv, "-s_small_records") == 0) |
| 695 { |
| 696 s_small_records = 1; |
| 697 } |
625 else if (strcmp(*argv, "-cutthrough") == 0) | 698 else if (strcmp(*argv, "-cutthrough") == 0) |
626 { | 699 { |
627 cutthrough = 1; | 700 cutthrough = 1; |
628 } | 701 } |
629 else | 702 else |
630 { | 703 { |
631 fprintf(stderr,"unknown option %s\n",*argv); | 704 fprintf(stderr,"unknown option %s\n",*argv); |
632 badop=1; | 705 badop=1; |
633 break; | 706 break; |
634 } | 707 } |
(...skipping 18 matching lines...) Expand all Loading... |
653 | 726 |
654 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) | 727 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) |
655 { | 728 { |
656 fprintf(stderr, "This case cannot work. Use -f to perform " | 729 fprintf(stderr, "This case cannot work. Use -f to perform " |
657 "the test anyway (and\n-d to see what happens), " | 730 "the test anyway (and\n-d to see what happens), " |
658 "or add one of -ssl2, -ssl3, -tls1, -reuse\n" | 731 "or add one of -ssl2, -ssl3, -tls1, -reuse\n" |
659 "to avoid protocol mismatch.\n"); | 732 "to avoid protocol mismatch.\n"); |
660 EXIT(1); | 733 EXIT(1); |
661 } | 734 } |
662 | 735 |
663 #ifdef OPENSSL_FIPS | |
664 if(fips_mode) | |
665 { | |
666 if(!FIPS_mode_set(1)) | |
667 { | |
668 ERR_load_crypto_strings(); | |
669 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); | |
670 EXIT(1); | |
671 } | |
672 else | |
673 fprintf(stderr,"*** IN FIPS MODE ***\n"); | |
674 } | |
675 #endif | |
676 | |
677 if (print_time) | 736 if (print_time) |
678 { | 737 { |
679 if (!bio_pair) | 738 if (!bio_pair) |
680 { | 739 { |
681 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); | 740 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); |
682 bio_pair = 1; | 741 bio_pair = 1; |
683 } | 742 } |
684 if (number < 50 && !force) | 743 if (number < 50 && !force) |
685 fprintf(stderr, "Warning: For accurate timings, use more
connections (e.g. -num 1000)\n"); | 744 fprintf(stderr, "Warning: For accurate timings, use more
connections (e.g. -num 1000)\n"); |
686 } | 745 } |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
754 { | 813 { |
755 ERR_print_errors(bio_err); | 814 ERR_print_errors(bio_err); |
756 goto end; | 815 goto end; |
757 } | 816 } |
758 | 817 |
759 if (cipher != NULL) | 818 if (cipher != NULL) |
760 { | 819 { |
761 SSL_CTX_set_cipher_list(c_ctx,cipher); | 820 SSL_CTX_set_cipher_list(c_ctx,cipher); |
762 SSL_CTX_set_cipher_list(s_ctx,cipher); | 821 SSL_CTX_set_cipher_list(s_ctx,cipher); |
763 } | 822 } |
| 823 |
| 824 ssl_mode = 0; |
| 825 if (c_small_records) |
| 826 { |
| 827 ssl_mode = SSL_CTX_get_mode(c_ctx); |
| 828 ssl_mode |= SSL_MODE_SMALL_BUFFERS; |
| 829 SSL_CTX_set_mode(c_ctx, ssl_mode); |
| 830 } |
| 831 ssl_mode = 0; |
| 832 if (s_small_records) |
| 833 { |
| 834 ssl_mode = SSL_CTX_get_mode(s_ctx); |
| 835 ssl_mode |= SSL_MODE_SMALL_BUFFERS; |
| 836 SSL_CTX_set_mode(s_ctx, ssl_mode); |
| 837 } |
764 ssl_mode = 0; | 838 ssl_mode = 0; |
765 if (cutthrough) | 839 if (cutthrough) |
766 { | 840 { |
767 ssl_mode = SSL_CTX_get_mode(c_ctx); | 841 ssl_mode = SSL_CTX_get_mode(c_ctx); |
768 ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH; | 842 ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH; |
769 SSL_CTX_set_mode(c_ctx, ssl_mode); | 843 SSL_CTX_set_mode(c_ctx, ssl_mode); |
770 } | 844 } |
771 | 845 |
772 #ifndef OPENSSL_NO_DH | 846 #ifndef OPENSSL_NO_DH |
773 if (!no_dhe) | 847 if (!no_dhe) |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
818 EC_KEY_free(ecdh); | 892 EC_KEY_free(ecdh); |
819 } | 893 } |
820 #else | 894 #else |
821 (void)no_ecdhe; | 895 (void)no_ecdhe; |
822 #endif | 896 #endif |
823 | 897 |
824 #ifndef OPENSSL_NO_RSA | 898 #ifndef OPENSSL_NO_RSA |
825 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); | 899 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); |
826 #endif | 900 #endif |
827 | 901 |
| 902 #ifdef TLSEXT_TYPE_opaque_prf_input |
| 903 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb)
; |
| 904 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb)
; |
| 905 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co
2 or NULL */ |
| 906 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so
2 or NULL */ |
| 907 #endif |
| 908 |
828 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) | 909 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) |
829 { | 910 { |
830 ERR_print_errors(bio_err); | 911 ERR_print_errors(bio_err); |
831 } | 912 } |
832 else if (!SSL_CTX_use_PrivateKey_file(s_ctx, | 913 else if (!SSL_CTX_use_PrivateKey_file(s_ctx, |
833 (server_key?server_key:server_cert), SSL_FILETYPE_PEM)) | 914 (server_key?server_key:server_cert), SSL_FILETYPE_PEM)) |
834 { | 915 { |
835 ERR_print_errors(bio_err); | 916 ERR_print_errors(bio_err); |
836 goto end; | 917 goto end; |
837 } | 918 } |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
869 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, | 950 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, |
870 verify_callback); | 951 verify_callback); |
871 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &ap
p_verify_arg); | 952 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &ap
p_verify_arg); |
872 } | 953 } |
873 | 954 |
874 { | 955 { |
875 int session_id_context = 0; | 956 int session_id_context = 0; |
876 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_contex
t, sizeof session_id_context); | 957 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_contex
t, sizeof session_id_context); |
877 } | 958 } |
878 | 959 |
| 960 /* Use PSK only if PSK key is given */ |
| 961 if (psk_key != NULL) |
| 962 { |
| 963 /* no_psk is used to avoid putting psk command to openssl tool *
/ |
| 964 if (no_psk) |
| 965 { |
| 966 /* if PSK is not compiled in and psk key is |
| 967 * given, do nothing and exit successfully */ |
| 968 ret=0; |
| 969 goto end; |
| 970 } |
| 971 #ifndef OPENSSL_NO_PSK |
| 972 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); |
| 973 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); |
| 974 if (debug) |
| 975 BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n
"); |
| 976 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_h
int")) |
| 977 { |
| 978 BIO_printf(bio_err,"error setting PSK identity hint to s
_ctx\n"); |
| 979 ERR_print_errors(bio_err); |
| 980 goto end; |
| 981 } |
| 982 #endif |
| 983 } |
| 984 |
879 c_ssl=SSL_new(c_ctx); | 985 c_ssl=SSL_new(c_ctx); |
880 s_ssl=SSL_new(s_ctx); | 986 s_ssl=SSL_new(s_ctx); |
881 | 987 |
882 #ifndef OPENSSL_NO_KRB5 | 988 #ifndef OPENSSL_NO_KRB5 |
883 if (c_ssl && c_ssl->kssl_ctx) | 989 if (c_ssl && c_ssl->kssl_ctx) |
884 { | 990 { |
885 char localhost[MAXHOSTNAMELEN+2]; | 991 char localhost[MAXHOSTNAMELEN+2]; |
886 | 992 |
887 if (gethostname(localhost, sizeof localhost-1) == 0) | 993 if (gethostname(localhost, sizeof localhost-1) == 0) |
888 { | 994 { |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
945 if (bio_stdout != NULL) BIO_free(bio_stdout); | 1051 if (bio_stdout != NULL) BIO_free(bio_stdout); |
946 | 1052 |
947 #ifndef OPENSSL_NO_RSA | 1053 #ifndef OPENSSL_NO_RSA |
948 free_tmp_rsa(); | 1054 free_tmp_rsa(); |
949 #endif | 1055 #endif |
950 #ifndef OPENSSL_NO_ENGINE | 1056 #ifndef OPENSSL_NO_ENGINE |
951 ENGINE_cleanup(); | 1057 ENGINE_cleanup(); |
952 #endif | 1058 #endif |
953 CRYPTO_cleanup_all_ex_data(); | 1059 CRYPTO_cleanup_all_ex_data(); |
954 ERR_free_strings(); | 1060 ERR_free_strings(); |
955 » ERR_remove_state(0); | 1061 » ERR_remove_thread_state(NULL); |
956 EVP_cleanup(); | 1062 EVP_cleanup(); |
957 CRYPTO_mem_leaks(bio_err); | 1063 CRYPTO_mem_leaks(bio_err); |
958 if (bio_err != NULL) BIO_free(bio_err); | 1064 if (bio_err != NULL) BIO_free(bio_err); |
959 EXIT(ret); | 1065 EXIT(ret); |
960 return ret; | 1066 return ret; |
961 } | 1067 } |
962 | 1068 |
963 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, | 1069 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, |
964 clock_t *s_time, clock_t *c_time) | 1070 clock_t *s_time, clock_t *c_time) |
965 { | 1071 { |
(...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1358 { | 1464 { |
1359 MS_STATIC char cbuf[1024*8],sbuf[1024*8]; | 1465 MS_STATIC char cbuf[1024*8],sbuf[1024*8]; |
1360 long cw_num=count,cr_num=count; | 1466 long cw_num=count,cr_num=count; |
1361 long sw_num=count,sr_num=count; | 1467 long sw_num=count,sr_num=count; |
1362 int ret=1; | 1468 int ret=1; |
1363 BIO *c_to_s=NULL; | 1469 BIO *c_to_s=NULL; |
1364 BIO *s_to_c=NULL; | 1470 BIO *s_to_c=NULL; |
1365 BIO *c_bio=NULL; | 1471 BIO *c_bio=NULL; |
1366 BIO *s_bio=NULL; | 1472 BIO *s_bio=NULL; |
1367 int c_r,c_w,s_r,s_w; | 1473 int c_r,c_w,s_r,s_w; |
1368 int c_want,s_want; | |
1369 int i,j; | 1474 int i,j; |
1370 int done=0; | 1475 int done=0; |
1371 int c_write,s_write; | 1476 int c_write,s_write; |
1372 int do_server=0,do_client=0; | 1477 int do_server=0,do_client=0; |
1373 | 1478 |
1374 memset(cbuf,0,sizeof(cbuf)); | 1479 memset(cbuf,0,sizeof(cbuf)); |
1375 memset(sbuf,0,sizeof(sbuf)); | 1480 memset(sbuf,0,sizeof(sbuf)); |
1376 | 1481 |
1377 c_to_s=BIO_new(BIO_s_mem()); | 1482 c_to_s=BIO_new(BIO_s_mem()); |
1378 s_to_c=BIO_new(BIO_s_mem()); | 1483 s_to_c=BIO_new(BIO_s_mem()); |
(...skipping 14 matching lines...) Expand all Loading... |
1393 SSL_set_connect_state(c_ssl); | 1498 SSL_set_connect_state(c_ssl); |
1394 SSL_set_bio(c_ssl,s_to_c,c_to_s); | 1499 SSL_set_bio(c_ssl,s_to_c,c_to_s); |
1395 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); | 1500 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); |
1396 | 1501 |
1397 SSL_set_accept_state(s_ssl); | 1502 SSL_set_accept_state(s_ssl); |
1398 SSL_set_bio(s_ssl,c_to_s,s_to_c); | 1503 SSL_set_bio(s_ssl,c_to_s,s_to_c); |
1399 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); | 1504 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); |
1400 | 1505 |
1401 c_r=0; s_r=1; | 1506 c_r=0; s_r=1; |
1402 c_w=1; s_w=0; | 1507 c_w=1; s_w=0; |
1403 c_want=W_WRITE; | |
1404 s_want=0; | |
1405 c_write=1,s_write=0; | 1508 c_write=1,s_write=0; |
1406 | 1509 |
1407 /* We can always do writes */ | 1510 /* We can always do writes */ |
1408 for (;;) | 1511 for (;;) |
1409 { | 1512 { |
1410 do_server=0; | 1513 do_server=0; |
1411 do_client=0; | 1514 do_client=0; |
1412 | 1515 |
1413 i=(int)BIO_pending(s_bio); | 1516 i=(int)BIO_pending(s_bio); |
1414 if ((i && s_r) || s_w) do_server=1; | 1517 if ((i && s_r) || s_w) do_server=1; |
(...skipping 680 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2095 | 2198 |
2096 X509_STORE_CTX_set_ex_data(ctx, | 2199 X509_STORE_CTX_set_ex_data(ctx, |
2097 get_proxy_auth_ex_data_idx(),letters); | 2200 get_proxy_auth_ex_data_idx(),letters); |
2098 } | 2201 } |
2099 if (cb_arg->allow_proxy_certs) | 2202 if (cb_arg->allow_proxy_certs) |
2100 { | 2203 { |
2101 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); | 2204 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); |
2102 } | 2205 } |
2103 | 2206 |
2104 #ifndef OPENSSL_NO_X509_VERIFY | 2207 #ifndef OPENSSL_NO_X509_VERIFY |
| 2208 # ifdef OPENSSL_FIPS |
| 2209 if(s->version == TLS1_VERSION) |
| 2210 FIPS_allow_md5(1); |
| 2211 # endif |
2105 ok = X509_verify_cert(ctx); | 2212 ok = X509_verify_cert(ctx); |
| 2213 # ifdef OPENSSL_FIPS |
| 2214 if(s->version == TLS1_VERSION) |
| 2215 FIPS_allow_md5(0); |
| 2216 # endif |
2106 #endif | 2217 #endif |
2107 | 2218 |
2108 if (cb_arg->proxy_auth) | 2219 if (cb_arg->proxy_auth) |
2109 { | 2220 { |
2110 if (ok > 0) | 2221 if (ok > 0) |
2111 { | 2222 { |
2112 const char *cond_end = NULL; | 2223 const char *cond_end = NULL; |
2113 | 2224 |
2114 ok = process_proxy_cond(letters, | 2225 ok = process_proxy_cond(letters, |
2115 cb_arg->proxy_cond, &cond_end); | 2226 cb_arg->proxy_cond, &cond_end); |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2264 if ((dh=DH_new()) == NULL) return(NULL); | 2375 if ((dh=DH_new()) == NULL) return(NULL); |
2265 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); | 2376 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); |
2266 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); | 2377 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); |
2267 if ((dh->p == NULL) || (dh->g == NULL)) | 2378 if ((dh->p == NULL) || (dh->g == NULL)) |
2268 { DH_free(dh); return(NULL); } | 2379 { DH_free(dh); return(NULL); } |
2269 dh->length = 160; | 2380 dh->length = 160; |
2270 return(dh); | 2381 return(dh); |
2271 } | 2382 } |
2272 #endif | 2383 #endif |
2273 | 2384 |
| 2385 #ifndef OPENSSL_NO_PSK |
| 2386 /* convert the PSK key (psk_key) in ascii to binary (psk) */ |
| 2387 static int psk_key2bn(const char *pskkey, unsigned char *psk, |
| 2388 unsigned int max_psk_len) |
| 2389 { |
| 2390 int ret; |
| 2391 BIGNUM *bn = NULL; |
| 2392 |
| 2393 ret = BN_hex2bn(&bn, pskkey); |
| 2394 if (!ret) |
| 2395 { |
| 2396 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n",
pskkey); |
| 2397 if (bn) |
| 2398 BN_free(bn); |
| 2399 return 0; |
| 2400 } |
| 2401 if (BN_num_bytes(bn) > (int)max_psk_len) |
| 2402 { |
| 2403 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for
key (%d)\n", |
| 2404 max_psk_len, BN_num_bytes(bn)); |
| 2405 BN_free(bn); |
| 2406 return 0; |
| 2407 } |
| 2408 ret = BN_bn2bin(bn, psk); |
| 2409 BN_free(bn); |
| 2410 return ret; |
| 2411 } |
| 2412 |
| 2413 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi
ty, |
| 2414 unsigned int max_identity_len, unsigned char *psk, |
| 2415 unsigned int max_psk_len) |
| 2416 { |
| 2417 int ret; |
| 2418 unsigned int psk_len = 0; |
| 2419 |
| 2420 ret = BIO_snprintf(identity, max_identity_len, "Client_identity"); |
| 2421 if (ret < 0) |
| 2422 goto out_err; |
| 2423 if (debug) |
| 2424 fprintf(stderr, "client: created identity '%s' len=%d\n", identi
ty, ret); |
| 2425 ret = psk_key2bn(psk_key, psk, max_psk_len); |
| 2426 if (ret < 0) |
| 2427 goto out_err; |
| 2428 psk_len = ret; |
| 2429 out_err: |
| 2430 return psk_len; |
| 2431 } |
| 2432 |
| 2433 static unsigned int psk_server_callback(SSL *ssl, const char *identity, |
| 2434 unsigned char *psk, unsigned int max_psk_len) |
| 2435 { |
| 2436 unsigned int psk_len=0; |
| 2437 |
| 2438 if (strcmp(identity, "Client_identity") != 0) |
| 2439 { |
| 2440 BIO_printf(bio_err, "server: PSK error: client identity not foun
d\n"); |
| 2441 return 0; |
| 2442 } |
| 2443 psk_len=psk_key2bn(psk_key, psk, max_psk_len); |
| 2444 return psk_len; |
| 2445 } |
| 2446 #endif |
| 2447 |
2274 static int do_test_cipherlist(void) | 2448 static int do_test_cipherlist(void) |
2275 { | 2449 { |
2276 int i = 0; | 2450 int i = 0; |
2277 const SSL_METHOD *meth; | 2451 const SSL_METHOD *meth; |
2278 » SSL_CIPHER *ci, *tci = NULL; | 2452 » const SSL_CIPHER *ci, *tci = NULL; |
2279 | 2453 |
2280 #ifndef OPENSSL_NO_SSL2 | 2454 #ifndef OPENSSL_NO_SSL2 |
2281 fprintf(stderr, "testing SSLv2 cipher list order: "); | 2455 fprintf(stderr, "testing SSLv2 cipher list order: "); |
2282 meth = SSLv2_method(); | 2456 meth = SSLv2_method(); |
2283 while ((ci = meth->get_cipher(i++)) != NULL) | 2457 while ((ci = meth->get_cipher(i++)) != NULL) |
2284 { | 2458 { |
2285 if (tci != NULL) | 2459 if (tci != NULL) |
2286 if (ci->id >= tci->id) | 2460 if (ci->id >= tci->id) |
2287 { | 2461 { |
2288 fprintf(stderr, "failed %lx vs. %lx\n", ci->id,
tci->id); | 2462 fprintf(stderr, "failed %lx vs. %lx\n", ci->id,
tci->id); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2320 fprintf(stderr, "failed %lx vs. %lx\n", ci->id,
tci->id); | 2494 fprintf(stderr, "failed %lx vs. %lx\n", ci->id,
tci->id); |
2321 return 0; | 2495 return 0; |
2322 } | 2496 } |
2323 tci = ci; | 2497 tci = ci; |
2324 } | 2498 } |
2325 fprintf(stderr, "ok\n"); | 2499 fprintf(stderr, "ok\n"); |
2326 #endif | 2500 #endif |
2327 | 2501 |
2328 return 1; | 2502 return 1; |
2329 } | 2503 } |
OLD | NEW |