diff options
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
| -rw-r--r-- | src/lib/libssl/src/ssl/ssltest.c | 133 |
1 files changed, 124 insertions, 9 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 0bb4fa43bd..0f8fd3902d 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c | |||
| @@ -181,6 +181,9 @@ | |||
| 181 | #ifndef OPENSSL_NO_DH | 181 | #ifndef OPENSSL_NO_DH |
| 182 | #include <openssl/dh.h> | 182 | #include <openssl/dh.h> |
| 183 | #endif | 183 | #endif |
| 184 | #ifndef OPENSSL_NO_SRP | ||
| 185 | #include <openssl/srp.h> | ||
| 186 | #endif | ||
| 184 | #include <openssl/bn.h> | 187 | #include <openssl/bn.h> |
| 185 | 188 | ||
| 186 | #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly | 189 | #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly |
| @@ -246,6 +249,49 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned | |||
| 246 | unsigned int max_psk_len); | 249 | unsigned int max_psk_len); |
| 247 | #endif | 250 | #endif |
| 248 | 251 | ||
| 252 | #ifndef OPENSSL_NO_SRP | ||
| 253 | /* SRP client */ | ||
| 254 | /* This is a context that we pass to all callbacks */ | ||
| 255 | typedef struct srp_client_arg_st | ||
| 256 | { | ||
| 257 | char *srppassin; | ||
| 258 | char *srplogin; | ||
| 259 | } SRP_CLIENT_ARG; | ||
| 260 | |||
| 261 | #define PWD_STRLEN 1024 | ||
| 262 | |||
| 263 | static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) | ||
| 264 | { | ||
| 265 | SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; | ||
| 266 | return BUF_strdup((char *)srp_client_arg->srppassin); | ||
| 267 | } | ||
| 268 | |||
| 269 | /* SRP server */ | ||
| 270 | /* This is a context that we pass to SRP server callbacks */ | ||
| 271 | typedef struct srp_server_arg_st | ||
| 272 | { | ||
| 273 | char *expected_user; | ||
| 274 | char *pass; | ||
| 275 | } SRP_SERVER_ARG; | ||
| 276 | |||
| 277 | static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) | ||
| 278 | { | ||
| 279 | SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg; | ||
| 280 | |||
| 281 | if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) | ||
| 282 | { | ||
| 283 | fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); | ||
| 284 | return SSL3_AL_FATAL; | ||
| 285 | } | ||
| 286 | if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0) | ||
| 287 | { | ||
| 288 | *ad = SSL_AD_INTERNAL_ERROR; | ||
| 289 | return SSL3_AL_FATAL; | ||
| 290 | } | ||
| 291 | return SSL_ERROR_NONE; | ||
| 292 | } | ||
| 293 | #endif | ||
| 294 | |||
| 249 | static BIO *bio_err=NULL; | 295 | static BIO *bio_err=NULL; |
| 250 | static BIO *bio_stdout=NULL; | 296 | static BIO *bio_stdout=NULL; |
| 251 | 297 | ||
| @@ -268,6 +314,9 @@ static void sv_usage(void) | |||
| 268 | { | 314 | { |
| 269 | fprintf(stderr,"usage: ssltest [args ...]\n"); | 315 | fprintf(stderr,"usage: ssltest [args ...]\n"); |
| 270 | fprintf(stderr,"\n"); | 316 | fprintf(stderr,"\n"); |
| 317 | #ifdef OPENSSL_FIPS | ||
| 318 | fprintf(stderr,"-F - run test in FIPS mode\n"); | ||
| 319 | #endif | ||
| 271 | fprintf(stderr," -server_auth - check server certificate\n"); | 320 | fprintf(stderr," -server_auth - check server certificate\n"); |
| 272 | fprintf(stderr," -client_auth - do client authentication\n"); | 321 | fprintf(stderr," -client_auth - do client authentication\n"); |
| 273 | fprintf(stderr," -proxy - allow proxy certificates\n"); | 322 | fprintf(stderr," -proxy - allow proxy certificates\n"); |
| @@ -289,6 +338,10 @@ static void sv_usage(void) | |||
| 289 | #ifndef OPENSSL_NO_PSK | 338 | #ifndef OPENSSL_NO_PSK |
| 290 | fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); | 339 | fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); |
| 291 | #endif | 340 | #endif |
| 341 | #ifndef OPENSSL_NO_SRP | ||
| 342 | fprintf(stderr," -srpuser user - SRP username to use\n"); | ||
| 343 | fprintf(stderr," -srppass arg - password for 'user'\n"); | ||
| 344 | #endif | ||
| 292 | #ifndef OPENSSL_NO_SSL2 | 345 | #ifndef OPENSSL_NO_SSL2 |
| 293 | fprintf(stderr," -ssl2 - use SSLv2\n"); | 346 | fprintf(stderr," -ssl2 - use SSLv2\n"); |
| 294 | #endif | 347 | #endif |
| @@ -476,6 +529,12 @@ int main(int argc, char *argv[]) | |||
| 476 | #ifndef OPENSSL_NO_ECDH | 529 | #ifndef OPENSSL_NO_ECDH |
| 477 | EC_KEY *ecdh = NULL; | 530 | EC_KEY *ecdh = NULL; |
| 478 | #endif | 531 | #endif |
| 532 | #ifndef OPENSSL_NO_SRP | ||
| 533 | /* client */ | ||
| 534 | SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; | ||
| 535 | /* server */ | ||
| 536 | SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; | ||
| 537 | #endif | ||
| 479 | int no_dhe = 0; | 538 | int no_dhe = 0; |
| 480 | int no_ecdhe = 0; | 539 | int no_ecdhe = 0; |
| 481 | int no_psk = 0; | 540 | int no_psk = 0; |
| @@ -487,6 +546,9 @@ int main(int argc, char *argv[]) | |||
| 487 | #endif | 546 | #endif |
| 488 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; | 547 | STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; |
| 489 | int test_cipherlist = 0; | 548 | int test_cipherlist = 0; |
| 549 | #ifdef OPENSSL_FIPS | ||
| 550 | int fips_mode=0; | ||
| 551 | #endif | ||
| 490 | 552 | ||
| 491 | verbose = 0; | 553 | verbose = 0; |
| 492 | debug = 0; | 554 | debug = 0; |
| @@ -518,7 +580,16 @@ int main(int argc, char *argv[]) | |||
| 518 | 580 | ||
| 519 | while (argc >= 1) | 581 | while (argc >= 1) |
| 520 | { | 582 | { |
| 521 | if (strcmp(*argv,"-server_auth") == 0) | 583 | if(!strcmp(*argv,"-F")) |
| 584 | { | ||
| 585 | #ifdef OPENSSL_FIPS | ||
| 586 | fips_mode=1; | ||
| 587 | #else | ||
| 588 | fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); | ||
| 589 | EXIT(0); | ||
| 590 | #endif | ||
| 591 | } | ||
| 592 | else if (strcmp(*argv,"-server_auth") == 0) | ||
| 522 | server_auth=1; | 593 | server_auth=1; |
| 523 | else if (strcmp(*argv,"-client_auth") == 0) | 594 | else if (strcmp(*argv,"-client_auth") == 0) |
| 524 | client_auth=1; | 595 | client_auth=1; |
| @@ -572,6 +643,20 @@ int main(int argc, char *argv[]) | |||
| 572 | no_psk=1; | 643 | no_psk=1; |
| 573 | #endif | 644 | #endif |
| 574 | } | 645 | } |
| 646 | #ifndef OPENSSL_NO_SRP | ||
| 647 | else if (strcmp(*argv,"-srpuser") == 0) | ||
| 648 | { | ||
| 649 | if (--argc < 1) goto bad; | ||
| 650 | srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv); | ||
| 651 | tls1=1; | ||
| 652 | } | ||
| 653 | else if (strcmp(*argv,"-srppass") == 0) | ||
| 654 | { | ||
| 655 | if (--argc < 1) goto bad; | ||
| 656 | srp_server_arg.pass = srp_client_arg.srppassin= *(++argv); | ||
| 657 | tls1=1; | ||
| 658 | } | ||
| 659 | #endif | ||
| 575 | else if (strcmp(*argv,"-ssl2") == 0) | 660 | else if (strcmp(*argv,"-ssl2") == 0) |
| 576 | ssl2=1; | 661 | ssl2=1; |
| 577 | else if (strcmp(*argv,"-tls1") == 0) | 662 | else if (strcmp(*argv,"-tls1") == 0) |
| @@ -714,6 +799,20 @@ bad: | |||
| 714 | EXIT(1); | 799 | EXIT(1); |
| 715 | } | 800 | } |
| 716 | 801 | ||
| 802 | #ifdef OPENSSL_FIPS | ||
| 803 | if(fips_mode) | ||
| 804 | { | ||
| 805 | if(!FIPS_mode_set(1)) | ||
| 806 | { | ||
| 807 | ERR_load_crypto_strings(); | ||
| 808 | ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); | ||
| 809 | EXIT(1); | ||
| 810 | } | ||
| 811 | else | ||
| 812 | fprintf(stderr,"*** IN FIPS MODE ***\n"); | ||
| 813 | } | ||
| 814 | #endif | ||
| 815 | |||
| 717 | if (print_time) | 816 | if (print_time) |
| 718 | { | 817 | { |
| 719 | if (!bio_pair) | 818 | if (!bio_pair) |
| @@ -837,7 +936,11 @@ bad: | |||
| 837 | } | 936 | } |
| 838 | } | 937 | } |
| 839 | else | 938 | else |
| 939 | #ifdef OPENSSL_NO_EC2M | ||
| 940 | nid = NID_X9_62_prime256v1; | ||
| 941 | #else | ||
| 840 | nid = NID_sect163r2; | 942 | nid = NID_sect163r2; |
| 943 | #endif | ||
| 841 | 944 | ||
| 842 | ecdh = EC_KEY_new_by_curve_name(nid); | 945 | ecdh = EC_KEY_new_by_curve_name(nid); |
| 843 | if (ecdh == NULL) | 946 | if (ecdh == NULL) |
| @@ -940,6 +1043,26 @@ bad: | |||
| 940 | } | 1043 | } |
| 941 | #endif | 1044 | #endif |
| 942 | } | 1045 | } |
| 1046 | #ifndef OPENSSL_NO_SRP | ||
| 1047 | if (srp_client_arg.srplogin) | ||
| 1048 | { | ||
| 1049 | if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) | ||
| 1050 | { | ||
| 1051 | BIO_printf(bio_err,"Unable to set SRP username\n"); | ||
| 1052 | goto end; | ||
| 1053 | } | ||
| 1054 | SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg); | ||
| 1055 | SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb); | ||
| 1056 | /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/ | ||
| 1057 | } | ||
| 1058 | |||
| 1059 | if (srp_server_arg.expected_user != NULL) | ||
| 1060 | { | ||
| 1061 | SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback); | ||
| 1062 | SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); | ||
| 1063 | SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); | ||
| 1064 | } | ||
| 1065 | #endif | ||
| 943 | 1066 | ||
| 944 | c_ssl=SSL_new(c_ctx); | 1067 | c_ssl=SSL_new(c_ctx); |
| 945 | s_ssl=SSL_new(s_ctx); | 1068 | s_ssl=SSL_new(s_ctx); |
| @@ -2164,15 +2287,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 2164 | } | 2287 | } |
| 2165 | 2288 | ||
| 2166 | #ifndef OPENSSL_NO_X509_VERIFY | 2289 | #ifndef OPENSSL_NO_X509_VERIFY |
| 2167 | # ifdef OPENSSL_FIPS | ||
| 2168 | if(s->version == TLS1_VERSION) | ||
| 2169 | FIPS_allow_md5(1); | ||
| 2170 | # endif | ||
| 2171 | ok = X509_verify_cert(ctx); | 2290 | ok = X509_verify_cert(ctx); |
| 2172 | # ifdef OPENSSL_FIPS | ||
| 2173 | if(s->version == TLS1_VERSION) | ||
| 2174 | FIPS_allow_md5(0); | ||
| 2175 | # endif | ||
| 2176 | #endif | 2291 | #endif |
| 2177 | 2292 | ||
| 2178 | if (cb_arg->proxy_auth) | 2293 | if (cb_arg->proxy_auth) |