diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-22 03:29:12 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-01-22 09:31:38 +0000 |
| commit | ae5c8664e587f2445c8e4eb436cffbb64af4f6b8 (patch) | |
| tree | 6d5b2cbee6396484f83126f8c7e7a36b9777a652 /ssl/ssltest.c | |
| parent | aae3233e1e08e9f11742f8f351af5c98cd8add16 (diff) | |
Run util/openssl-format-source -v -c .
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'ssl/ssltest.c')
| -rw-r--r-- | ssl/ssltest.c | 5192 |
1 files changed, 2531 insertions, 2661 deletions
diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 9ff21171b1..c9dfb8cd0c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -5,21 +5,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -110,7 +110,7 @@ */ /* ==================================================================== * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. - * ECC cipher suite support in OpenSSL originally developed by + * ECC cipher suite support in OpenSSL originally developed by * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ /* ==================================================================== @@ -155,8 +155,10 @@ #include "e_os.h" #ifdef OPENSSL_SYS_VMS -/* Or isascii won't be declared properly on VMS (at least with DECompHP C). */ -#define _XOPEN_SOURCE 500 +/* + * Or isascii won't be declared properly on VMS (at least with DECompHP C). + */ +# define _XOPEN_SOURCE 500 #endif #include <ctype.h> @@ -168,21 +170,21 @@ #include <openssl/x509v3.h> #include <openssl/ssl.h> #ifndef OPENSSL_NO_ENGINE -#include <openssl/engine.h> +# include <openssl/engine.h> #endif #include <openssl/err.h> #include <openssl/rand.h> #ifndef OPENSSL_NO_RSA -#include <openssl/rsa.h> +# include <openssl/rsa.h> #endif #ifndef OPENSSL_NO_DSA -#include <openssl/dsa.h> +# include <openssl/dsa.h> #endif #ifndef OPENSSL_NO_DH -#include <openssl/dh.h> +# include <openssl/dh.h> #endif #ifndef OPENSSL_NO_SRP -#include <openssl/srp.h> +# include <openssl/srp.h> #endif #include <openssl/bn.h> @@ -191,49 +193,50 @@ * on Compaq platforms (at least with DEC C). * Do not try to put it earlier, or IPv6 includes * get screwed... -*/ -#define _XOPEN_SOURCE_EXTENDED 1 + */ +#define _XOPEN_SOURCE_EXTENDED 1 #ifdef OPENSSL_SYS_WINDOWS -#include <winsock.h> +# include <winsock.h> #else -#include OPENSSL_UNISTD +# include OPENSSL_UNISTD #endif #ifdef OPENSSL_SYS_VMS -# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" -# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" +# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" +# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" #elif defined(OPENSSL_SYS_WINCE) -# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" -# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" +# define TEST_SERVER_CERT "\\OpenSSL\\server.pem" +# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" #elif defined(OPENSSL_SYS_NETWARE) -# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" -# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" +# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" +# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" #else -# define TEST_SERVER_CERT "../apps/server.pem" -# define TEST_CLIENT_CERT "../apps/client.pem" +# define TEST_SERVER_CERT "../apps/server.pem" +# define TEST_CLIENT_CERT "../apps/client.pem" #endif -/* There is really no standard for this, so let's assign some tentative - numbers. In any case, these numbers are only for this test */ -#define COMP_RLE 255 -#define COMP_ZLIB 1 +/* + * There is really no standard for this, so let's assign some tentative + * numbers. In any case, these numbers are only for this test + */ +#define COMP_RLE 255 +#define COMP_ZLIB 1 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); +static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); static void free_tmp_rsa(void); #endif static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg); #define APP_CALLBACK_STRING "Test Callback Argument" -struct app_verify_arg - { - char *string; - int app_verify; - int allow_proxy_certs; - char *proxy_auth; - char *proxy_cond; - }; +struct app_verify_arg { + char *string; + int app_verify; + int allow_proxy_certs; + char *proxy_auth; + char *proxy_cond; +}; #ifndef OPENSSL_NO_DH static DH *get_dh512(void); @@ -241,61 +244,59 @@ static DH *get_dh1024(void); static DH *get_dh1024dsa(void); #endif - -static char *psk_key=NULL; /* by default PSK is not used */ +static char *psk_key = NULL; /* by default PSK is not used */ #ifndef OPENSSL_NO_PSK -static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, - unsigned int max_identity_len, unsigned char *psk, - unsigned int max_psk_len); -static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, - unsigned int max_psk_len); +static unsigned int psk_client_callback(SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); +static unsigned int psk_server_callback(SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); #endif #ifndef OPENSSL_NO_SRP /* SRP client */ /* This is a context that we pass to all callbacks */ -typedef struct srp_client_arg_st - { - char *srppassin; - char *srplogin; - } SRP_CLIENT_ARG; +typedef struct srp_client_arg_st { + char *srppassin; + char *srplogin; +} SRP_CLIENT_ARG; -#define PWD_STRLEN 1024 +# define PWD_STRLEN 1024 -static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) - { - SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; - return BUF_strdup((char *)srp_client_arg->srppassin); - } +static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) +{ + SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; + return BUF_strdup((char *)srp_client_arg->srppassin); +} /* SRP server */ /* This is a context that we pass to SRP server callbacks */ -typedef struct srp_server_arg_st - { - char *expected_user; - char *pass; - } SRP_SERVER_ARG; +typedef struct srp_server_arg_st { + char *expected_user; + char *pass; +} SRP_SERVER_ARG; static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) - { - SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg; - - if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) - { - fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); - return SSL3_AL_FATAL; - } - if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0) - { - *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; - } - return SSL_ERROR_NONE; - } +{ + SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg; + + if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) { + fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); + return SSL3_AL_FATAL; + } + if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + return SSL_ERROR_NONE; +} #endif -static BIO *bio_err=NULL; -static BIO *bio_stdout=NULL; +static BIO *bio_err = NULL; +static BIO *bio_stdout = NULL; static const char *alpn_client; static const char *alpn_server; @@ -311,119 +312,122 @@ static unsigned char *alpn_selected; * * returns: a malloced buffer or NULL on failure. */ -static unsigned char *next_protos_parse(unsigned short *outlen, const char *in) - { - size_t len; - unsigned char *out; - size_t i, start = 0; - - len = strlen(in); - if (len >= 65535) - return NULL; - - out = OPENSSL_malloc(strlen(in) + 1); - if (!out) - return NULL; - - for (i = 0; i <= len; ++i) - { - if (i == len || in[i] == ',') - { - if (i - start > 255) - { - OPENSSL_free(out); - return NULL; - } - out[start] = i - start; - start = i + 1; - } - else - out[i+1] = in[i]; - } - - *outlen = len + 1; - return out; - } - -static int cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) - { - unsigned char *protos; - unsigned short protos_len; - - protos = next_protos_parse(&protos_len, alpn_server); - if (protos == NULL) - { - fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", alpn_server); - abort(); - } - - if (SSL_select_next_proto((unsigned char**) out, outlen, protos, protos_len, in, inlen) != - OPENSSL_NPN_NEGOTIATED) - { - OPENSSL_free(protos); - return SSL_TLSEXT_ERR_NOACK; - } - - /* Make a copy of the selected protocol which will be freed in verify_alpn. */ - alpn_selected = OPENSSL_malloc(*outlen); - memcpy(alpn_selected, *out, *outlen); - *out = alpn_selected; - - OPENSSL_free(protos); - return SSL_TLSEXT_ERR_OK; - } +static unsigned char *next_protos_parse(unsigned short *outlen, + const char *in) +{ + size_t len; + unsigned char *out; + size_t i, start = 0; + + len = strlen(in); + if (len >= 65535) + return NULL; + + out = OPENSSL_malloc(strlen(in) + 1); + if (!out) + return NULL; + + for (i = 0; i <= len; ++i) { + if (i == len || in[i] == ',') { + if (i - start > 255) { + OPENSSL_free(out); + return NULL; + } + out[start] = i - start; + start = i + 1; + } else + out[i + 1] = in[i]; + } + + *outlen = len + 1; + return out; +} + +static int cb_server_alpn(SSL *s, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + unsigned char *protos; + unsigned short protos_len; + + protos = next_protos_parse(&protos_len, alpn_server); + if (protos == NULL) { + fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", + alpn_server); + abort(); + } + + if (SSL_select_next_proto + ((unsigned char **)out, outlen, protos, protos_len, in, + inlen) != OPENSSL_NPN_NEGOTIATED) { + OPENSSL_free(protos); + return SSL_TLSEXT_ERR_NOACK; + } + + /* + * Make a copy of the selected protocol which will be freed in + * verify_alpn. + */ + alpn_selected = OPENSSL_malloc(*outlen); + memcpy(alpn_selected, *out, *outlen); + *out = alpn_selected; + + OPENSSL_free(protos); + return SSL_TLSEXT_ERR_OK; +} static int verify_alpn(SSL *client, SSL *server) - { - const unsigned char *client_proto, *server_proto; - unsigned int client_proto_len = 0, server_proto_len = 0; - SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); - SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); - - if (alpn_selected != NULL) - { - OPENSSL_free(alpn_selected); - alpn_selected = NULL; - } - - if (client_proto_len != server_proto_len || - memcmp(client_proto, server_proto, client_proto_len) != 0) - { - BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); - goto err; - } - - if (client_proto_len > 0 && alpn_expected == NULL) - { - BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n"); - goto err; - } - - if (alpn_expected != NULL && - (client_proto_len != strlen(alpn_expected) || - memcmp(client_proto, alpn_expected, client_proto_len) != 0)) - { - BIO_printf(bio_stdout, "ALPN selected protocols not equal to expected protocol: %s\n", alpn_expected); - goto err; - } - - return 0; - -err: - BIO_printf(bio_stdout, "ALPN results: client: '"); - BIO_write(bio_stdout, client_proto, client_proto_len); - BIO_printf(bio_stdout, "', server: '"); - BIO_write(bio_stdout, server_proto, server_proto_len); - BIO_printf(bio_stdout, "'\n"); - BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", alpn_client, alpn_server); - return -1; - } +{ + const unsigned char *client_proto, *server_proto; + unsigned int client_proto_len = 0, server_proto_len = 0; + SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); + SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); + + if (alpn_selected != NULL) { + OPENSSL_free(alpn_selected); + alpn_selected = NULL; + } + + if (client_proto_len != server_proto_len || + memcmp(client_proto, server_proto, client_proto_len) != 0) { + BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); + goto err; + } + + if (client_proto_len > 0 && alpn_expected == NULL) { + BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n"); + goto err; + } + + if (alpn_expected != NULL && + (client_proto_len != strlen(alpn_expected) || + memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { + BIO_printf(bio_stdout, + "ALPN selected protocols not equal to expected protocol: %s\n", + alpn_expected); + goto err; + } + + return 0; + + err: + BIO_printf(bio_stdout, "ALPN results: client: '"); + BIO_write(bio_stdout, client_proto, client_proto_len); + BIO_printf(bio_stdout, "', server: '"); + BIO_write(bio_stdout, server_proto, server_proto_len); + BIO_printf(bio_stdout, "'\n"); + BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", + alpn_client, alpn_server); + return -1; +} #define SCT_EXT_TYPE 18 -/* WARNING : below extension types are *NOT* IETF assigned, and - could conflict if these types are reassigned and handled - specially by OpenSSL in the future */ +/* + * WARNING : below extension types are *NOT* IETF assigned, and could + * conflict if these types are reassigned and handled specially by OpenSSL + * in the future + */ #define TACK_EXT_TYPE 62208 #define CUSTOM_EXT_TYPE_0 1000 #define CUSTOM_EXT_TYPE_1 1001 @@ -434,7 +438,7 @@ const char custom_ext_cli_string[] = "abc"; const char custom_ext_srv_string[] = "defg"; /* These set from cmdline */ -char* serverinfo_file = NULL; +char *serverinfo_file = NULL; int serverinfo_sct = 0; int serverinfo_tack = 0; @@ -450,28 +454,28 @@ int custom_ext = 0; int custom_ext_error = 0; static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, size_t inlen, - int *al, void *arg) - { - if (ext_type == SCT_EXT_TYPE) - serverinfo_sct_seen++; - else if (ext_type == TACK_EXT_TYPE) - serverinfo_tack_seen++; - else - serverinfo_other_seen++; - return 1; - } + const unsigned char *in, size_t inlen, + int *al, void *arg) +{ + if (ext_type == SCT_EXT_TYPE) + serverinfo_sct_seen++; + else if (ext_type == TACK_EXT_TYPE) + serverinfo_tack_seen++; + else + serverinfo_other_seen++; + return 1; +} static int verify_serverinfo() - { - if (serverinfo_sct != serverinfo_sct_seen) - return -1; - if (serverinfo_tack != serverinfo_tack_seen) - return -1; - if (serverinfo_other_seen) - return -1; - return 0; - } +{ + if (serverinfo_sct != serverinfo_sct_seen) + return -1; + if (serverinfo_tack != serverinfo_tack_seen) + return -1; + if (serverinfo_other_seen) + return -1; + return 0; +} /*- * Four test cases for custom extensions: @@ -482,2449 +486,2274 @@ static int verify_serverinfo() */ static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_0) - custom_ext_error = 1; - return 0; /* Don't send an extension */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_0) + custom_ext_error = 1; + return 0; /* Don't send an extension */ +} static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return 1; +} static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_1) - custom_ext_error = 1; - *out = (const unsigned char*)custom_ext_cli_string; - *outlen = strlen(custom_ext_cli_string); - return 1; /* Send "abc" */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_1) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + return 1; +} static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_2) - custom_ext_error = 1; - *out = (const unsigned char*)custom_ext_cli_string; - *outlen = strlen(custom_ext_cli_string); - return 1; /* Send "abc" */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_2) - custom_ext_error = 1; - if (inlen != 0) - custom_ext_error = 1; /* Should be empty response */ - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + if (inlen != 0) + custom_ext_error = 1; /* Should be empty response */ + return 1; +} static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_3) - custom_ext_error = 1; - *out = (const unsigned char*)custom_ext_cli_string; - *outlen = strlen(custom_ext_cli_string); - return 1; /* Send "abc" */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + *out = (const unsigned char *)custom_ext_cli_string; + *outlen = strlen(custom_ext_cli_string); + return 1; /* Send "abc" */ +} static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_3) - custom_ext_error = 1; - if (inlen != strlen(custom_ext_srv_string)) - custom_ext_error = 1; - if (memcmp(custom_ext_srv_string, in, inlen) != 0) - custom_ext_error = 1; /* Check for "defg" */ - return 1; - } - -/* custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback for this extension */ + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + if (inlen != strlen(custom_ext_srv_string)) + custom_ext_error = 1; + if (memcmp(custom_ext_srv_string, in, inlen) != 0) + custom_ext_error = 1; /* Check for "defg" */ + return 1; +} + +/* + * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback + * for this extension + */ static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - custom_ext_error = 1; - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + custom_ext_error = 1; + return 1; +} /* 'add' callbacks are only called if the 'parse' callback is called */ static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - /* Error: should not have been called */ - custom_ext_error = 1; - return 0; /* Don't send an extension */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + /* Error: should not have been called */ + custom_ext_error = 1; + return 0; /* Don't send an extension */ +} static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_1) - custom_ext_error = 1; - /* Check for "abc" */ - if (inlen != strlen(custom_ext_cli_string)) - custom_ext_error = 1; - if (memcmp(in, custom_ext_cli_string, inlen) != 0) - custom_ext_error = 1; - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_1) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - return 0; /* Don't send an extension */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + return 0; /* Don't send an extension */ +} static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_2) - custom_ext_error = 1; - /* Check for "abc" */ - if (inlen != strlen(custom_ext_cli_string)) - custom_ext_error = 1; - if (memcmp(in, custom_ext_cli_string, inlen) != 0) - custom_ext_error = 1; - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_2) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - *out = NULL; - *outlen = 0; - return 1; /* Send empty extension */ - } + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + *out = NULL; + *outlen = 0; + return 1; /* Send empty extension */ +} static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type, - const unsigned char *in, - size_t inlen, int *al, - void *arg) - { - if (ext_type != CUSTOM_EXT_TYPE_3) - custom_ext_error = 1; - /* Check for "abc" */ - if (inlen != strlen(custom_ext_cli_string)) - custom_ext_error = 1; - if (memcmp(in, custom_ext_cli_string, inlen) != 0) - custom_ext_error = 1; - return 1; - } + const unsigned char *in, + size_t inlen, int *al, void *arg) +{ + if (ext_type != CUSTOM_EXT_TYPE_3) + custom_ext_error = 1; + /* Check for "abc" */ + if (inlen != strlen(custom_ext_cli_string)) + custom_ext_error = 1; + if (memcmp(in, custom_ext_cli_string, inlen) != 0) + custom_ext_error = 1; + return 1; +} static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type, - const unsigned char **out, - size_t *outlen, int *al, void *arg) - { - *out = (const unsigned char*)custom_ext_srv_string; - *outlen = strlen(custom_ext_srv_string); - return 1; /* Send "defg" */ - } - -static char *cipher=NULL; -static int verbose=0; -static int debug=0; + const unsigned char **out, + size_t *outlen, int *al, void *arg) +{ + *out = (const unsigned char *)custom_ext_srv_string; + *outlen = strlen(custom_ext_srv_string); + return 1; /* Send "defg" */ +} + +static char *cipher = NULL; +static int verbose = 0; +static int debug = 0; #if 0 /* Not used yet. */ -#ifdef FIONBIO -static int s_nbio=0; -#endif +# ifdef FIONBIO +static int s_nbio = 0; +# endif #endif -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; +static const char rnd_seed[] = + "string to make the random number generator think it has entropy"; -int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); -int doit(SSL *s_ssl,SSL *c_ssl,long bytes); +int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, + clock_t *c_time); +int doit(SSL *s_ssl, SSL *c_ssl, long bytes); static int do_test_cipherlist(void); static void sv_usage(void) - { - fprintf(stderr,"usage: ssltest [args ...]\n"); - fprintf(stderr,"\n"); +{ + fprintf(stderr, "usage: ssltest [args ...]\n"); + fprintf(stderr, "\n"); #ifdef OPENSSL_FIPS - fprintf(stderr,"-F - run test in FIPS mode\n"); -#endif - fprintf(stderr," -server_auth - check server certificate\n"); - fprintf(stderr," -client_auth - do client authentication\n"); - fprintf(stderr," -proxy - allow proxy certificates\n"); - fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n"); - fprintf(stderr," -proxy_cond <val> - expression to test proxy policy rights\n"); - fprintf(stderr," -v - more output\n"); - fprintf(stderr," -d - debug output\n"); - fprintf(stderr," -reuse - use session-id reuse\n"); - fprintf(stderr," -num <val> - number of connections to perform\n"); - fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); + fprintf(stderr, "-F - run test in FIPS mode\n"); +#endif + fprintf(stderr, " -server_auth - check server certificate\n"); + fprintf(stderr, " -client_auth - do client authentication\n"); + fprintf(stderr, " -proxy - allow proxy certificates\n"); + fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n"); + fprintf(stderr, + " -proxy_cond <val> - expression to test proxy policy rights\n"); + fprintf(stderr, " -v - more output\n"); + fprintf(stderr, " -d - debug output\n"); + fprintf(stderr, " -reuse - use session-id reuse\n"); + fprintf(stderr, " -num <val> - number of connections to perform\n"); + fprintf(stderr, + " -bytes <val> - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH - fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); - fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); - fprintf(stderr," -no_dhe - disable DHE\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + fprintf(stderr, + " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); + fprintf(stderr, " -no_dhe - disable DHE\n"); #endif #ifndef OPENSSL_NO_ECDH - fprintf(stderr," -no_ecdhe - disable ECDHE\n"); + fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); #endif #ifndef OPENSSL_NO_PSK - fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); + fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n"); #endif #ifndef OPENSSL_NO_SRP - fprintf(stderr," -srpuser user - SRP username to use\n"); - fprintf(stderr," -srppass arg - password for 'user'\n"); + fprintf(stderr, " -srpuser user - SRP username to use\n"); + fprintf(stderr, " -srppass arg - password for 'user'\n"); #endif #ifndef OPENSSL_NO_SSL2 - fprintf(stderr," -ssl2 - use SSLv2\n"); + fprintf(stderr, " -ssl2 - use SSLv2\n"); #endif #ifndef OPENSSL_NO_SSL3_METHOD - fprintf(stderr," -ssl3 - use SSLv3\n"); + fprintf(stderr, " -ssl3 - use SSLv3\n"); #endif #ifndef OPENSSL_NO_TLS1 - fprintf(stderr," -tls1 - use TLSv1\n"); -#endif - fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); - fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); - fprintf(stderr," -cert arg - Server certificate file\n"); - fprintf(stderr," -key arg - Server key file (default: same as -cert)\n"); - fprintf(stderr," -c_cert arg - Client certificate file\n"); - fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n"); - fprintf(stderr," -cipher arg - The cipher list\n"); - fprintf(stderr," -bio_pair - Use BIO pairs\n"); - fprintf(stderr," -f - Test even cases that can't work\n"); - fprintf(stderr," -time - measure processor time used by client and server\n"); - fprintf(stderr," -zlib - use zlib compression\n"); - fprintf(stderr," -rle - use rle compression\n"); + fprintf(stderr, " -tls1 - use TLSv1\n"); +#endif + fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); + fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); + fprintf(stderr, " -cert arg - Server certificate file\n"); + fprintf(stderr, + " -key arg - Server key file (default: same as -cert)\n"); + fprintf(stderr, " -c_cert arg - Client certificate file\n"); + fprintf(stderr, + " -c_key arg - Client key file (default: same as -c_cert)\n"); + fprintf(stderr, " -cipher arg - The cipher list\n"); + fprintf(stderr, " -bio_pair - Use BIO pairs\n"); + fprintf(stderr, " -f - Test even cases that can't work\n"); + fprintf(stderr, + " -time - measure processor time used by client and server\n"); + fprintf(stderr, " -zlib - use zlib compression\n"); + fprintf(stderr, " -rle - use rle compression\n"); #ifndef OPENSSL_NO_ECDH - fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ - " Use \"openssl ecparam -list_curves\" for all names\n" \ - " (default is sect163r2).\n"); -#endif - fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n" - " Wh |