diff options
| author | djm <> | 2008-09-06 12:17:54 +0000 |
|---|---|---|
| committer | djm <> | 2008-09-06 12:17:54 +0000 |
| commit | 38ce604e3cc97706b876b0525ddff0121115456d (patch) | |
| tree | 7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libssl/src/ssl/ssltest.c | |
| parent | 12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff) | |
| download | openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2 openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssltest.c | 256 |
1 files changed, 209 insertions, 47 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 9381c435d5..e786b428cd 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c | |||
| @@ -108,6 +108,11 @@ | |||
| 108 | * Hudson (tjh@cryptsoft.com). | 108 | * Hudson (tjh@cryptsoft.com). |
| 109 | * | 109 | * |
| 110 | */ | 110 | */ |
| 111 | /* ==================================================================== | ||
| 112 | * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. | ||
| 113 | * ECC cipher suite support in OpenSSL originally developed by | ||
| 114 | * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. | ||
| 115 | */ | ||
| 111 | 116 | ||
| 112 | #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly | 117 | #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly |
| 113 | on Linux and GNU platforms. */ | 118 | on Linux and GNU platforms. */ |
| @@ -140,7 +145,16 @@ | |||
| 140 | #endif | 145 | #endif |
| 141 | #include <openssl/err.h> | 146 | #include <openssl/err.h> |
| 142 | #include <openssl/rand.h> | 147 | #include <openssl/rand.h> |
| 143 | #include <openssl/fips.h> | 148 | #ifndef OPENSSL_NO_RSA |
| 149 | #include <openssl/rsa.h> | ||
| 150 | #endif | ||
| 151 | #ifndef OPENSSL_NO_DSA | ||
| 152 | #include <openssl/dsa.h> | ||
| 153 | #endif | ||
| 154 | #ifndef OPENSSL_NO_DH | ||
| 155 | #include <openssl/dh.h> | ||
| 156 | #endif | ||
| 157 | #include <openssl/bn.h> | ||
| 144 | 158 | ||
| 145 | #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly | 159 | #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly |
| 146 | on Compaq platforms (at least with DEC C). | 160 | on Compaq platforms (at least with DEC C). |
| @@ -160,6 +174,9 @@ | |||
| 160 | #elif defined(OPENSSL_SYS_WINCE) | 174 | #elif defined(OPENSSL_SYS_WINCE) |
| 161 | # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" | 175 | # define TEST_SERVER_CERT "\\OpenSSL\\server.pem" |
| 162 | # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" | 176 | # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem" |
| 177 | #elif defined(OPENSSL_SYS_NETWARE) | ||
| 178 | # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem" | ||
| 179 | # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem" | ||
| 163 | #else | 180 | #else |
| 164 | # define TEST_SERVER_CERT "../apps/server.pem" | 181 | # define TEST_SERVER_CERT "../apps/server.pem" |
| 165 | # define TEST_CLIENT_CERT "../apps/client.pem" | 182 | # define TEST_CLIENT_CERT "../apps/client.pem" |
| @@ -167,8 +184,8 @@ | |||
| 167 | 184 | ||
| 168 | /* There is really no standard for this, so let's assign some tentative | 185 | /* There is really no standard for this, so let's assign some tentative |
| 169 | numbers. In any case, these numbers are only for this test */ | 186 | numbers. In any case, these numbers are only for this test */ |
| 170 | #define COMP_RLE 1 | 187 | #define COMP_RLE 255 |
| 171 | #define COMP_ZLIB 2 | 188 | #define COMP_ZLIB 1 |
| 172 | 189 | ||
| 173 | static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); | 190 | static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
| 174 | #ifndef OPENSSL_NO_RSA | 191 | #ifndef OPENSSL_NO_RSA |
| @@ -209,13 +226,11 @@ static const char rnd_seed[] = "string to make the random number generator think | |||
| 209 | 226 | ||
| 210 | int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); | 227 | int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); |
| 211 | int doit(SSL *s_ssl,SSL *c_ssl,long bytes); | 228 | int doit(SSL *s_ssl,SSL *c_ssl,long bytes); |
| 229 | static int do_test_cipherlist(void); | ||
| 212 | static void sv_usage(void) | 230 | static void sv_usage(void) |
| 213 | { | 231 | { |
| 214 | fprintf(stderr,"usage: ssltest [args ...]\n"); | 232 | fprintf(stderr,"usage: ssltest [args ...]\n"); |
| 215 | fprintf(stderr,"\n"); | 233 | fprintf(stderr,"\n"); |
| 216 | #ifdef OPENSSL_FIPS | ||
| 217 | fprintf(stderr,"-F - run test in FIPS mode\n"); | ||
| 218 | #endif | ||
| 219 | fprintf(stderr," -server_auth - check server certificate\n"); | 234 | fprintf(stderr," -server_auth - check server certificate\n"); |
| 220 | fprintf(stderr," -client_auth - do client authentication\n"); | 235 | fprintf(stderr," -client_auth - do client authentication\n"); |
| 221 | fprintf(stderr," -proxy - allow proxy certificates\n"); | 236 | fprintf(stderr," -proxy - allow proxy certificates\n"); |
| @@ -231,6 +246,9 @@ static void sv_usage(void) | |||
| 231 | fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); | 246 | fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); |
| 232 | fprintf(stderr," -no_dhe - disable DHE\n"); | 247 | fprintf(stderr," -no_dhe - disable DHE\n"); |
| 233 | #endif | 248 | #endif |
| 249 | #ifndef OPENSSL_NO_ECDH | ||
| 250 | fprintf(stderr," -no_ecdhe - disable ECDHE\n"); | ||
| 251 | #endif | ||
| 234 | #ifndef OPENSSL_NO_SSL2 | 252 | #ifndef OPENSSL_NO_SSL2 |
| 235 | fprintf(stderr," -ssl2 - use SSLv2\n"); | 253 | fprintf(stderr," -ssl2 - use SSLv2\n"); |
| 236 | #endif | 254 | #endif |
| @@ -251,7 +269,13 @@ static void sv_usage(void) | |||
| 251 | fprintf(stderr," -f - Test even cases that can't work\n"); | 269 | fprintf(stderr," -f - Test even cases that can't work\n"); |
| 252 | fprintf(stderr," -time - measure processor time used by client and server\n"); | 270 | fprintf(stderr," -time - measure processor time used by client and server\n"); |
| 253 | fprintf(stderr," -zlib - use zlib compression\n"); | 271 | fprintf(stderr," -zlib - use zlib compression\n"); |
| 254 | fprintf(stderr," -time - use rle compression\n"); | 272 | fprintf(stderr," -rle - use rle compression\n"); |
| 273 | #ifndef OPENSSL_NO_ECDH | ||
| 274 | fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ | ||
| 275 | " Use \"openssl ecparam -list_curves\" for all names\n" \ | ||
| 276 | " (default is sect163r2).\n"); | ||
| 277 | #endif | ||
| 278 | fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); | ||
| 255 | } | 279 | } |
| 256 | 280 | ||
| 257 | static void print_details(SSL *c_ssl, const char *prefix) | 281 | static void print_details(SSL *c_ssl, const char *prefix) |
| @@ -361,6 +385,7 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) | |||
| 361 | } | 385 | } |
| 362 | } | 386 | } |
| 363 | 387 | ||
| 388 | |||
| 364 | int main(int argc, char *argv[]) | 389 | int main(int argc, char *argv[]) |
| 365 | { | 390 | { |
| 366 | char *CApath=NULL,*CAfile=NULL; | 391 | char *CApath=NULL,*CAfile=NULL; |
| @@ -376,24 +401,32 @@ int main(int argc, char *argv[]) | |||
| 376 | char *server_key=NULL; | 401 | char *server_key=NULL; |
| 377 | char *client_cert=TEST_CLIENT_CERT; | 402 | char *client_cert=TEST_CLIENT_CERT; |
| 378 | char *client_key=NULL; | 403 | char *client_key=NULL; |
| 404 | #ifndef OPENSSL_NO_ECDH | ||
| 405 | char *named_curve = NULL; | ||
| 406 | #endif | ||
| 379 | SSL_CTX *s_ctx=NULL; | 407 | SSL_CTX *s_ctx=NULL; |
| 380 | SSL_CTX *c_ctx=NULL; | 408 | SSL_CTX *c_ctx=NULL; |
| 381 | SSL_METHOD *meth=NULL; | 409 | SSL_METHOD *meth=NULL; |
| 382 | SSL *c_ssl,*s_ssl; | 410 | SSL *c_ssl,*s_ssl; |
| 383 | int number=1,reuse=0; | 411 | int number=1,reuse=0; |
| 384 | long bytes=1L; | 412 | long bytes=256L; |
| 385 | #ifndef OPENSSL_NO_DH | 413 | #ifndef OPENSSL_NO_DH |
| 386 | DH *dh; | 414 | DH *dh; |
| 387 | int dhe1024 = 0, dhe1024dsa = 0; | 415 | int dhe1024 = 0, dhe1024dsa = 0; |
| 388 | #endif | 416 | #endif |
| 417 | #ifndef OPENSSL_NO_ECDH | ||
| 418 | EC_KEY *ecdh = NULL; | ||
| 419 | #endif | ||
| 389 | int no_dhe = 0; | 420 | int no_dhe = 0; |
| 421 | int no_ecdhe = 0; | ||
| 390 | int print_time = 0; | 422 | int print_time = 0; |
| 391 | clock_t s_time = 0, c_time = 0; | 423 | clock_t s_time = 0, c_time = 0; |
| 392 | int comp = 0; | 424 | int comp = 0; |
| 425 | #ifndef OPENSSL_NO_COMP | ||
| 393 | COMP_METHOD *cm = NULL; | 426 | COMP_METHOD *cm = NULL; |
| 394 | #ifdef OPENSSL_FIPS | ||
| 395 | int fips_mode=0; | ||
| 396 | #endif | 427 | #endif |
| 428 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | ||
| 429 | int test_cipherlist = 0; | ||
| 397 | 430 | ||
| 398 | verbose = 0; | 431 | verbose = 0; |
| 399 | debug = 0; | 432 | debug = 0; |
| @@ -425,16 +458,7 @@ int main(int argc, char *argv[]) | |||
| 425 | 458 | ||
| 426 | while (argc >= 1) | 459 | while (argc >= 1) |
| 427 | { | 460 | { |
| 428 | if(!strcmp(*argv,"-F")) | 461 | if (strcmp(*argv,"-server_auth") == 0) |
| 429 | { | ||
| 430 | #ifdef OPENSSL_FIPS | ||
| 431 | fips_mode=1; | ||
| 432 | #else | ||
| 433 | fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); | ||
| 434 | EXIT(0); | ||
| 435 | #endif | ||
| 436 | } | ||
| 437 | else if (strcmp(*argv,"-server_auth") == 0) | ||
| 438 | server_auth=1; | 462 | server_auth=1; |
| 439 | else if (strcmp(*argv,"-client_auth") == 0) | 463 | else if (strcmp(*argv,"-client_auth") == 0) |
| 440 | client_auth=1; | 464 | client_auth=1; |
| @@ -472,6 +496,8 @@ int main(int argc, char *argv[]) | |||
| 472 | } | 496 | } |
| 473 | else if (strcmp(*argv,"-no_dhe") == 0) | 497 | else if (strcmp(*argv,"-no_dhe") == 0) |
| 474 | no_dhe=1; | 498 | no_dhe=1; |
| 499 | else if (strcmp(*argv,"-no_ecdhe") == 0) | ||
| 500 | no_ecdhe=1; | ||
| 475 | else if (strcmp(*argv,"-ssl2") == 0) | 501 | else if (strcmp(*argv,"-ssl2") == 0) |
| 476 | ssl2=1; | 502 | ssl2=1; |
| 477 | else if (strcmp(*argv,"-tls1") == 0) | 503 | else if (strcmp(*argv,"-tls1") == 0) |
| @@ -558,6 +584,16 @@ int main(int argc, char *argv[]) | |||
| 558 | { | 584 | { |
| 559 | comp = COMP_RLE; | 585 | comp = COMP_RLE; |
| 560 | } | 586 | } |
| 587 | else if (strcmp(*argv,"-named_curve") == 0) | ||
| 588 | { | ||
| 589 | if (--argc < 1) goto bad; | ||
| 590 | #ifndef OPENSSL_NO_ECDH | ||
| 591 | named_curve = *(++argv); | ||
| 592 | #else | ||
| 593 | fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n"); | ||
| 594 | ++argv; | ||
| 595 | #endif | ||
| 596 | } | ||
| 561 | else if (strcmp(*argv,"-app_verify") == 0) | 597 | else if (strcmp(*argv,"-app_verify") == 0) |
| 562 | { | 598 | { |
| 563 | app_verify_arg.app_verify = 1; | 599 | app_verify_arg.app_verify = 1; |
| @@ -566,6 +602,10 @@ int main(int argc, char *argv[]) | |||
| 566 | { | 602 | { |
| 567 | app_verify_arg.allow_proxy_certs = 1; | 603 | app_verify_arg.allow_proxy_certs = 1; |
| 568 | } | 604 | } |
| 605 | else if (strcmp(*argv,"-test_cipherlist") == 0) | ||
| 606 | { | ||
| 607 | test_cipherlist = 1; | ||
| 608 | } | ||
| 569 | else | 609 | else |
| 570 | { | 610 | { |
| 571 | fprintf(stderr,"unknown option %s\n",*argv); | 611 | fprintf(stderr,"unknown option %s\n",*argv); |
| @@ -582,6 +622,14 @@ bad: | |||
| 582 | goto end; | 622 | goto end; |
| 583 | } | 623 | } |
| 584 | 624 | ||
| 625 | if (test_cipherlist == 1) | ||
| 626 | { | ||
| 627 | /* ensure that the cipher list are correctly sorted and exit */ | ||
| 628 | if (do_test_cipherlist() == 0) | ||
| 629 | EXIT(1); | ||
| 630 | ret = 0; | ||
| 631 | goto end; | ||
| 632 | } | ||
| 585 | 633 | ||
| 586 | if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) | 634 | if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) |
| 587 | { | 635 | { |
| @@ -592,20 +640,6 @@ bad: | |||
| 592 | EXIT(1); | 640 | EXIT(1); |
| 593 | } | 641 | } |
| 594 | 642 | ||
| 595 | #ifdef OPENSSL_FIPS | ||
| 596 | if(fips_mode) | ||
| 597 | { | ||
| 598 | if(!FIPS_mode_set(1)) | ||
| 599 | { | ||
| 600 | ERR_load_crypto_strings(); | ||
| 601 | ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); | ||
| 602 | EXIT(1); | ||
| 603 | } | ||
| 604 | else | ||
| 605 | fprintf(stderr,"*** IN FIPS MODE ***\n"); | ||
| 606 | } | ||
| 607 | #endif | ||
| 608 | |||
| 609 | if (print_time) | 643 | if (print_time) |
| 610 | { | 644 | { |
| 611 | if (!bio_pair) | 645 | if (!bio_pair) |
| @@ -622,6 +656,7 @@ bad: | |||
| 622 | SSL_library_init(); | 656 | SSL_library_init(); |
| 623 | SSL_load_error_strings(); | 657 | SSL_load_error_strings(); |
| 624 | 658 | ||
| 659 | #ifndef OPENSSL_NO_COMP | ||
| 625 | if (comp == COMP_ZLIB) cm = COMP_zlib(); | 660 | if (comp == COMP_ZLIB) cm = COMP_zlib(); |
| 626 | if (comp == COMP_RLE) cm = COMP_rle(); | 661 | if (comp == COMP_RLE) cm = COMP_rle(); |
| 627 | if (cm != NULL) | 662 | if (cm != NULL) |
| @@ -645,6 +680,20 @@ bad: | |||
| 645 | ERR_print_errors_fp(stderr); | 680 | ERR_print_errors_fp(stderr); |
| 646 | } | 681 | } |
| 647 | } | 682 | } |
| 683 | ssl_comp_methods = SSL_COMP_get_compression_methods(); | ||
| 684 | fprintf(stderr, "Available compression methods:\n"); | ||
| 685 | { | ||
| 686 | int j, n = sk_SSL_COMP_num(ssl_comp_methods); | ||
| 687 | if (n == 0) | ||
| 688 | fprintf(stderr, " NONE\n"); | ||
| 689 | else | ||
| 690 | for (j = 0; j < n; j++) | ||
| 691 | { | ||
| 692 | SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); | ||
| 693 | fprintf(stderr, " %d: %s\n", c->id, c->name); | ||
| 694 | } | ||
| 695 | } | ||
| 696 | #endif | ||
| 648 | 697 | ||
| 649 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) | 698 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 650 | if (ssl2) | 699 | if (ssl2) |
| @@ -699,6 +748,38 @@ bad: | |||
| 699 | (void)no_dhe; | 748 | (void)no_dhe; |
| 700 | #endif | 749 | #endif |
| 701 | 750 | ||
| 751 | #ifndef OPENSSL_NO_ECDH | ||
| 752 | if (!no_ecdhe) | ||
| 753 | { | ||
| 754 | int nid; | ||
| 755 | |||
| 756 | if (named_curve != NULL) | ||
| 757 | { | ||
| 758 | nid = OBJ_sn2nid(named_curve); | ||
| 759 | if (nid == 0) | ||
| 760 | { | ||
| 761 | BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); | ||
| 762 | goto end; | ||
| 763 | } | ||
| 764 | } | ||
| 765 | else | ||
| 766 | nid = NID_sect163r2; | ||
| 767 | |||
| 768 | ecdh = EC_KEY_new_by_curve_name(nid); | ||
| 769 | if (ecdh == NULL) | ||
| 770 | { | ||
| 771 | BIO_printf(bio_err, "unable to create curve\n"); | ||
| 772 | goto end; | ||
| 773 | } | ||
| 774 | |||
| 775 | SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); | ||
| 776 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); | ||
| 777 | EC_KEY_free(ecdh); | ||
| 778 | } | ||
| 779 | #else | ||
| 780 | (void)no_ecdhe; | ||
| 781 | #endif | ||
| 782 | |||
| 702 | #ifndef OPENSSL_NO_RSA | 783 | #ifndef OPENSSL_NO_RSA |
| 703 | SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); | 784 | SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); |
| 704 | #endif | 785 | #endif |
| @@ -835,6 +916,7 @@ end: | |||
| 835 | CRYPTO_mem_leaks(bio_err); | 916 | CRYPTO_mem_leaks(bio_err); |
| 836 | if (bio_err != NULL) BIO_free(bio_err); | 917 | if (bio_err != NULL) BIO_free(bio_err); |
| 837 | EXIT(ret); | 918 | EXIT(ret); |
| 919 | return ret; | ||
| 838 | } | 920 | } |
| 839 | 921 | ||
| 840 | int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, | 922 | int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, |
| @@ -1325,8 +1407,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) | |||
| 1325 | { | 1407 | { |
| 1326 | if (c_write) | 1408 | if (c_write) |
| 1327 | { | 1409 | { |
| 1328 | j=(cw_num > (long)sizeof(cbuf)) | 1410 | j = (cw_num > (long)sizeof(cbuf)) ? |
| 1329 | ?sizeof(cbuf):(int)cw_num; | 1411 | (int)sizeof(cbuf) : (int)cw_num; |
| 1330 | i=BIO_write(c_bio,cbuf,j); | 1412 | i=BIO_write(c_bio,cbuf,j); |
| 1331 | if (i < 0) | 1413 | if (i < 0) |
| 1332 | { | 1414 | { |
| @@ -1456,8 +1538,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) | |||
| 1456 | } | 1538 | } |
| 1457 | else | 1539 | else |
| 1458 | { | 1540 | { |
| 1459 | j=(sw_num > (long)sizeof(sbuf))? | 1541 | j = (sw_num > (long)sizeof(sbuf)) ? |
| 1460 | sizeof(sbuf):(int)sw_num; | 1542 | (int)sizeof(sbuf) : (int)sw_num; |
| 1461 | i=BIO_write(s_bio,sbuf,j); | 1543 | i=BIO_write(s_bio,sbuf,j); |
| 1462 | if (i < 0) | 1544 | if (i < 0) |
| 1463 | { | 1545 | { |
| @@ -1644,7 +1726,7 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) | |||
| 1644 | fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); | 1726 | fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); |
| 1645 | while(i-- > 0) | 1727 | while(i-- > 0) |
| 1646 | { | 1728 | { |
| 1647 | char c = *s++; | 1729 | int c = *s++; |
| 1648 | if (isascii(c) && isalpha(c)) | 1730 | if (isascii(c) && isalpha(c)) |
| 1649 | { | 1731 | { |
| 1650 | if (islower(c)) | 1732 | if (islower(c)) |
| @@ -1705,11 +1787,11 @@ static int process_proxy_cond_adders(unsigned int letters[26], | |||
| 1705 | static int process_proxy_cond_val(unsigned int letters[26], | 1787 | static int process_proxy_cond_val(unsigned int letters[26], |
| 1706 | const char *cond, const char **cond_end, int *pos, int indent) | 1788 | const char *cond, const char **cond_end, int *pos, int indent) |
| 1707 | { | 1789 | { |
| 1708 | char c; | 1790 | int c; |
| 1709 | int ok = 1; | 1791 | int ok = 1; |
| 1710 | int negate = 0; | 1792 | int negate = 0; |
| 1711 | 1793 | ||
| 1712 | while(isspace(*cond)) | 1794 | while(isspace((int)*cond)) |
| 1713 | { | 1795 | { |
| 1714 | cond++; (*pos)++; | 1796 | cond++; (*pos)++; |
| 1715 | } | 1797 | } |
| @@ -1724,7 +1806,7 @@ static int process_proxy_cond_val(unsigned int letters[26], | |||
| 1724 | { | 1806 | { |
| 1725 | negate = !negate; | 1807 | negate = !negate; |
| 1726 | cond++; (*pos)++; | 1808 | cond++; (*pos)++; |
| 1727 | while(isspace(*cond)) | 1809 | while(isspace((int)*cond)) |
| 1728 | { | 1810 | { |
| 1729 | cond++; (*pos)++; | 1811 | cond++; (*pos)++; |
| 1730 | } | 1812 | } |
| @@ -1739,7 +1821,7 @@ static int process_proxy_cond_val(unsigned int letters[26], | |||
| 1739 | cond = *cond_end; | 1821 | cond = *cond_end; |
| 1740 | if (ok < 0) | 1822 | if (ok < 0) |
| 1741 | goto end; | 1823 | goto end; |
| 1742 | while(isspace(*cond)) | 1824 | while(isspace((int)*cond)) |
| 1743 | { | 1825 | { |
| 1744 | cond++; (*pos)++; | 1826 | cond++; (*pos)++; |
| 1745 | } | 1827 | } |
| @@ -1799,7 +1881,7 @@ static int process_proxy_cond_multipliers(unsigned int letters[26], | |||
| 1799 | 1881 | ||
| 1800 | while(ok >= 0) | 1882 | while(ok >= 0) |
| 1801 | { | 1883 | { |
| 1802 | while(isspace(*cond)) | 1884 | while(isspace((int)*cond)) |
| 1803 | { | 1885 | { |
| 1804 | cond++; (*pos)++; | 1886 | cond++; (*pos)++; |
| 1805 | } | 1887 | } |
| @@ -1866,7 +1948,7 @@ static int process_proxy_cond_adders(unsigned int letters[26], | |||
| 1866 | 1948 | ||
| 1867 | while(ok >= 0) | 1949 | while(ok >= 0) |
| 1868 | { | 1950 | { |
| 1869 | while(isspace(*cond)) | 1951 | while(isspace((int)*cond)) |
| 1870 | { | 1952 | { |
| 1871 | cond++; (*pos)++; | 1953 | cond++; (*pos)++; |
| 1872 | } | 1954 | } |
| @@ -1949,7 +2031,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 1949 | letters[i] = 0; | 2031 | letters[i] = 0; |
| 1950 | for(sp = cb_arg->proxy_auth; *sp; sp++) | 2032 | for(sp = cb_arg->proxy_auth; *sp; sp++) |
| 1951 | { | 2033 | { |
| 1952 | char c = *sp; | 2034 | int c = *sp; |
| 1953 | if (isascii(c) && isalpha(c)) | 2035 | if (isascii(c) && isalpha(c)) |
| 1954 | { | 2036 | { |
| 1955 | if (islower(c)) | 2037 | if (islower(c)) |
| @@ -1979,7 +2061,15 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 1979 | } | 2061 | } |
| 1980 | 2062 | ||
| 1981 | #ifndef OPENSSL_NO_X509_VERIFY | 2063 | #ifndef OPENSSL_NO_X509_VERIFY |
| 2064 | # ifdef OPENSSL_FIPS | ||
| 2065 | if(s->version == TLS1_VERSION) | ||
| 2066 | FIPS_allow_md5(1); | ||
| 2067 | # endif | ||
| 1982 | ok = X509_verify_cert(ctx); | 2068 | ok = X509_verify_cert(ctx); |
| 2069 | # ifdef OPENSSL_FIPS | ||
| 2070 | if(s->version == TLS1_VERSION) | ||
| 2071 | FIPS_allow_md5(0); | ||
| 2072 | # endif | ||
| 1983 | #endif | 2073 | #endif |
| 1984 | 2074 | ||
| 1985 | if (cb_arg->proxy_auth) | 2075 | if (cb_arg->proxy_auth) |
| @@ -2014,14 +2104,29 @@ static RSA *rsa_tmp=NULL; | |||
| 2014 | 2104 | ||
| 2015 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) | 2105 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) |
| 2016 | { | 2106 | { |
| 2107 | BIGNUM *bn = NULL; | ||
| 2017 | if (rsa_tmp == NULL) | 2108 | if (rsa_tmp == NULL) |
| 2018 | { | 2109 | { |
| 2110 | bn = BN_new(); | ||
| 2111 | rsa_tmp = RSA_new(); | ||
| 2112 | if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) | ||
| 2113 | { | ||
| 2114 | BIO_printf(bio_err, "Memory error..."); | ||
| 2115 | goto end; | ||
| 2116 | } | ||
| 2019 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); | 2117 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); |
| 2020 | (void)BIO_flush(bio_err); | 2118 | (void)BIO_flush(bio_err); |
| 2021 | rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); | 2119 | if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL)) |
| 2120 | { | ||
| 2121 | BIO_printf(bio_err, "Error generating key."); | ||
| 2122 | RSA_free(rsa_tmp); | ||
| 2123 | rsa_tmp = NULL; | ||
| 2124 | } | ||
| 2125 | end: | ||
| 2022 | BIO_printf(bio_err,"\n"); | 2126 | BIO_printf(bio_err,"\n"); |
| 2023 | (void)BIO_flush(bio_err); | 2127 | (void)BIO_flush(bio_err); |
| 2024 | } | 2128 | } |
| 2129 | if(bn) BN_free(bn); | ||
| 2025 | return(rsa_tmp); | 2130 | return(rsa_tmp); |
| 2026 | } | 2131 | } |
| 2027 | 2132 | ||
| @@ -2132,3 +2237,60 @@ static DH *get_dh1024dsa() | |||
| 2132 | return(dh); | 2237 | return(dh); |
| 2133 | } | 2238 | } |
| 2134 | #endif | 2239 | #endif |
| 2240 | |||
| 2241 | static int do_test_cipherlist(void) | ||
| 2242 | { | ||
| 2243 | int i = 0; | ||
| 2244 | const SSL_METHOD *meth; | ||
| 2245 | SSL_CIPHER *ci, *tci = NULL; | ||
| 2246 | |||
| 2247 | #ifndef OPENSSL_NO_SSL2 | ||
| 2248 | fprintf(stderr, "testing SSLv2 cipher list order: "); | ||
| 2249 | meth = SSLv2_method(); | ||
| 2250 | while ((ci = meth->get_cipher(i++)) != NULL) | ||
| 2251 | { | ||
| 2252 | if (tci != NULL) | ||
| 2253 | if (ci->id >= tci->id) | ||
| 2254 | { | ||
| 2255 | fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); | ||
| 2256 | return 0; | ||
| 2257 | } | ||
| 2258 | tci = ci; | ||
| 2259 | } | ||
| 2260 | fprintf(stderr, "ok\n"); | ||
| 2261 | #endif | ||
| 2262 | #ifndef OPENSSL_NO_SSL3 | ||
| 2263 | fprintf(stderr, "testing SSLv3 cipher list order: "); | ||
| 2264 | meth = SSLv3_method(); | ||
| 2265 | tci = NULL; | ||
| 2266 | while ((ci = meth->get_cipher(i++)) != NULL) | ||
| 2267 | { | ||
| 2268 | if (tci != NULL) | ||
| 2269 | if (ci->id >= tci->id) | ||
| 2270 | { | ||
| 2271 | fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); | ||
| 2272 | return 0; | ||
| 2273 | } | ||
| 2274 | tci = ci; | ||
| 2275 | } | ||
| 2276 | fprintf(stderr, "ok\n"); | ||
| 2277 | #endif | ||
| 2278 | #ifndef OPENSSL_NO_TLS1 | ||
| 2279 | fprintf(stderr, "testing TLSv1 cipher list order: "); | ||
| 2280 | meth = TLSv1_method(); | ||
| 2281 | tci = NULL; | ||
| 2282 | while ((ci = meth->get_cipher(i++)) != NULL) | ||
| 2283 | { | ||
| 2284 | if (tci != NULL) | ||
| 2285 | if (ci->id >= tci->id) | ||
| 2286 | { | ||
| 2287 | fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); | ||
| 2288 | return 0; | ||
| 2289 | } | ||
| 2290 | tci = ci; | ||
| 2291 | } | ||
| 2292 | fprintf(stderr, "ok\n"); | ||
| 2293 | #endif | ||
| 2294 | |||
| 2295 | return 1; | ||
| 2296 | } | ||