summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libssl/ssl/ssltest.c203
1 files changed, 108 insertions, 95 deletions
diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c
index 19e9a7d25a..4346cf4465 100644
--- a/src/regress/lib/libssl/ssl/ssltest.c
+++ b/src/regress/lib/libssl/ssl/ssltest.c
@@ -5,21 +5,21 @@
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -110,7 +110,7 @@
110 */ 110 */
111/* ==================================================================== 111/* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by 113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */ 115 */
116/* ==================================================================== 116/* ====================================================================
@@ -212,7 +212,8 @@ static char *cipher = NULL;
212static int verbose = 0; 212static int verbose = 0;
213static int debug = 0; 213static int debug = 0;
214 214
215int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time); 215int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
216 clock_t *c_time);
216int doit(SSL *s_ssl, SSL *c_ssl, long bytes); 217int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
217static int do_test_cipherlist(void); 218static int do_test_cipherlist(void);
218 219
@@ -262,10 +263,8 @@ print_details(SSL *c_ssl, const char *prefix)
262 263
263 ciph = SSL_get_current_cipher(c_ssl); 264 ciph = SSL_get_current_cipher(c_ssl);
264 BIO_printf(bio_stdout, "%s%s, cipher %s %s", 265 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
265 prefix, 266 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
266 SSL_get_version(c_ssl), 267 SSL_CIPHER_get_name(ciph));
267 SSL_CIPHER_get_version(ciph),
268 SSL_CIPHER_get_name(ciph));
269 cert = SSL_get_peer_certificate(c_ssl); 268 cert = SSL_get_peer_certificate(c_ssl);
270 if (cert != NULL) { 269 if (cert != NULL) {
271 EVP_PKEY *pkey = X509_get_pubkey(cert); 270 EVP_PKEY *pkey = X509_get_pubkey(cert);
@@ -274,13 +273,12 @@ print_details(SSL *c_ssl, const char *prefix)
274 pkey->pkey.rsa != NULL && 273 pkey->pkey.rsa != NULL &&
275 pkey->pkey.rsa->n != NULL) { 274 pkey->pkey.rsa->n != NULL) {
276 BIO_printf(bio_stdout, ", %d bit RSA", 275 BIO_printf(bio_stdout, ", %d bit RSA",
277 BN_num_bits(pkey->pkey.rsa->n)); 276 BN_num_bits(pkey->pkey.rsa->n));
278 } 277 } else if (pkey->type == EVP_PKEY_DSA &&
279 else if (pkey->type == EVP_PKEY_DSA &&
280 pkey->pkey.dsa != NULL && 278 pkey->pkey.dsa != NULL &&
281 pkey->pkey.dsa->p != NULL) { 279 pkey->pkey.dsa->p != NULL) {
282 BIO_printf(bio_stdout, ", %d bit DSA", 280 BIO_printf(bio_stdout, ", %d bit DSA",
283 BN_num_bits(pkey->pkey.dsa->p)); 281 BN_num_bits(pkey->pkey.dsa->p));
284 } 282 }
285 EVP_PKEY_free(pkey); 283 EVP_PKEY_free(pkey);
286 } 284 }
@@ -326,8 +324,8 @@ lock_dbg_cb(int mode, int type, const char *file, int line)
326 324
327 if (modes[type] != rw) { 325 if (modes[type] != rw) {
328 errstr = (rw == CRYPTO_READ) ? 326 errstr = (rw == CRYPTO_READ) ?
329 "CRYPTO_r_unlock on write lock" : 327 "CRYPTO_r_unlock on write lock" :
330 "CRYPTO_w_unlock on read lock"; 328 "CRYPTO_w_unlock on read lock";
331 } 329 }
332 330
333 modes[type] = 0; 331 modes[type] = 0;
@@ -339,8 +337,9 @@ lock_dbg_cb(int mode, int type, const char *file, int line)
339err: 337err:
340 if (errstr) { 338 if (errstr) {
341 /* we cannot use bio_err here */ 339 /* we cannot use bio_err here */
342 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", 340 fprintf(stderr,
343 errstr, mode, type, file, line); 341 "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
342 errstr, mode, type, file, line);
344 } 343 }
345} 344}
346 345
@@ -355,7 +354,7 @@ main(int argc, char *argv[])
355 int client_auth = 0; 354 int client_auth = 0;
356 int server_auth = 0, i; 355 int server_auth = 0, i;
357 struct app_verify_arg app_verify_arg = 356 struct app_verify_arg app_verify_arg =
358 { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; 357 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
359 char *server_cert = TEST_SERVER_CERT; 358 char *server_cert = TEST_SERVER_CERT;
360 char *server_key = NULL; 359 char *server_key = NULL;
361 char *client_cert = TEST_CLIENT_CERT; 360 char *client_cert = TEST_CLIENT_CERT;
@@ -382,7 +381,6 @@ main(int argc, char *argv[])
382 381
383 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT); 382 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
384 383
385
386 CRYPTO_set_locking_callback(lock_dbg_cb); 384 CRYPTO_set_locking_callback(lock_dbg_cb);
387 385
388 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT); 386 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
@@ -589,7 +587,7 @@ bad:
589 } 587 }
590 } else 588 } else
591#ifdef OPENSSL_NO_EC2M 589#ifdef OPENSSL_NO_EC2M
592 nid = NID_X9_62_prime256v1; 590 nid = NID_X9_62_prime256v1;
593#else 591#else
594 nid = NID_sect163r2; 592 nid = NID_sect163r2;
595#endif 593#endif
@@ -607,7 +605,8 @@ bad:
607 605
608 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); 606 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
609 607
610 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { 608 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert,
609 SSL_FILETYPE_PEM)) {
611 ERR_print_errors(bio_err); 610 ERR_print_errors(bio_err);
612 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 611 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
613 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { 612 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
@@ -617,10 +616,10 @@ bad:
617 616
618 if (client_auth) { 617 if (client_auth) {
619 SSL_CTX_use_certificate_file(c_ctx, client_cert, 618 SSL_CTX_use_certificate_file(c_ctx, client_cert,
620 SSL_FILETYPE_PEM); 619 SSL_FILETYPE_PEM);
621 SSL_CTX_use_PrivateKey_file(c_ctx, 620 SSL_CTX_use_PrivateKey_file(c_ctx,
622 (client_key ? client_key : client_cert), 621 (client_key ? client_key : client_cert),
623 SSL_FILETYPE_PEM); 622 SSL_FILETYPE_PEM);
624 } 623 }
625 624
626 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || 625 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
@@ -635,20 +634,23 @@ bad:
635 if (client_auth) { 634 if (client_auth) {
636 BIO_printf(bio_err, "client authentication\n"); 635 BIO_printf(bio_err, "client authentication\n");
637 SSL_CTX_set_verify(s_ctx, 636 SSL_CTX_set_verify(s_ctx,
638 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 637 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
639 verify_callback); 638 verify_callback);
640 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg); 639 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
640 &app_verify_arg);
641 } 641 }
642 if (server_auth) { 642 if (server_auth) {
643 BIO_printf(bio_err, "server authentication\n"); 643 BIO_printf(bio_err, "server authentication\n");
644 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, 644 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
645 verify_callback); 645 verify_callback);
646 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg); 646 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
647 &app_verify_arg);
647 } 648 }
648 649
649 { 650 {
650 int session_id_context = 0; 651 int session_id_context = 0;
651 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); 652 SSL_CTX_set_session_id_context(s_ctx,
653 (void *)&session_id_context, sizeof(session_id_context));
652 } 654 }
653 655
654 c_ssl = SSL_new(c_ctx); 656 c_ssl = SSL_new(c_ctx);
@@ -658,7 +660,8 @@ bad:
658 if (!reuse) 660 if (!reuse)
659 SSL_set_session(c_ssl, NULL); 661 SSL_set_session(c_ssl, NULL);
660 if (bio_pair) 662 if (bio_pair)
661 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time); 663 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time,
664 &c_time);
662 else 665 else
663 ret = doit(s_ssl, c_ssl, bytes); 666 ret = doit(s_ssl, c_ssl, bytes);
664 } 667 }
@@ -667,25 +670,27 @@ bad:
667 print_details(c_ssl, ""); 670 print_details(c_ssl, "");
668 } 671 }
669 if ((number > 1) || (bytes > 1L)) 672 if ((number > 1) || (bytes > 1L))
670 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number, bytes); 673 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",
674 number, bytes);
671 if (print_time) { 675 if (print_time) {
672#ifdef CLOCKS_PER_SEC 676#ifdef CLOCKS_PER_SEC
673 /* "To determine the time in seconds, the value returned 677 /* "To determine the time in seconds, the value returned
674 * by the clock function should be divided by the value 678 * by the clock function should be divided by the value
675 * of the macro CLOCKS_PER_SEC." 679 * of the macro CLOCKS_PER_SEC."
676 * -- ISO/IEC 9899 */ 680 * -- ISO/IEC 9899 */
677 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" 681 BIO_printf(bio_stdout,
678 "Approximate total client time: %6.2f s\n", 682 "Approximate total server time: %6.2f s\n"
679 (double)s_time/CLOCKS_PER_SEC, 683 "Approximate total client time: %6.2f s\n",
680 (double)c_time/CLOCKS_PER_SEC); 684 (double)s_time/CLOCKS_PER_SEC,
685 (double)c_time/CLOCKS_PER_SEC);
681#else 686#else
682 /* "`CLOCKS_PER_SEC' undeclared (first use this function)" 687 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
683 * -- cc on NeXTstep/OpenStep */ 688 * -- cc on NeXTstep/OpenStep */
684 BIO_printf(bio_stdout, 689 BIO_printf(bio_stdout,
685 "Approximate total server time: %6.2f units\n" 690 "Approximate total server time: %6.2f units\n"
686 "Approximate total client time: %6.2f units\n", 691 "Approximate total client time: %6.2f units\n",
687 (double)s_time, 692 (double)s_time,
688 (double)c_time); 693 (double)c_time);
689#endif 694#endif
690 } 695 }
691 696
@@ -722,7 +727,8 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
722{ 727{
723 long cw_num = count, cr_num = count, sw_num = count, sr_num = count; 728 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
724 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; 729 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
725 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; 730 BIO *server = NULL, *server_io = NULL;
731 BIO *client = NULL, *client_io = NULL;
726 int ret = 1; 732 int ret = 1;
727 733
728 size_t bufsiz = 256; /* small buffer for testing */ 734 size_t bufsiz = 256; /* small buffer for testing */
@@ -801,7 +807,7 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
801 if (debug) 807 if (debug)
802 if (SSL_in_init(c_ssl)) 808 if (SSL_in_init(c_ssl))
803 printf("client waiting in SSL_connect - %s\n", 809 printf("client waiting in SSL_connect - %s\n",
804 SSL_state_string_long(c_ssl)); 810 SSL_state_string_long(c_ssl));
805 811
806 if (cw_num > 0) { 812 if (cw_num > 0) {
807 /* Write to server. */ 813 /* Write to server. */
@@ -874,7 +880,7 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
874 if (debug) 880 if (debug)
875 if (SSL_in_init(s_ssl)) 881 if (SSL_in_init(s_ssl))
876 printf("server waiting in SSL_accept - %s\n", 882 printf("server waiting in SSL_accept - %s\n",
877 SSL_state_string_long(s_ssl)); 883 SSL_state_string_long(s_ssl));
878 884
879 if (sw_num > 0) { 885 if (sw_num > 0) {
880 /* Write to client. */ 886 /* Write to client. */
@@ -937,8 +943,7 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
937 int progress = 0; 943 int progress = 0;
938 944
939 /* io1 to io2 */ 945 /* io1 to io2 */
940 do 946 do {
941 {
942 size_t num; 947 size_t num;
943 int r; 948 int r;
944 949
@@ -963,16 +968,16 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
963 if (r != (int)num) /* can't happen */ 968 if (r != (int)num) /* can't happen */
964 { 969 {
965 fprintf(stderr, "ERROR: BIO_write could not write " 970 fprintf(stderr, "ERROR: BIO_write could not write "
966 "BIO_ctrl_get_write_guarantee() bytes"); 971 "BIO_ctrl_get_write_guarantee() bytes");
967 goto err; 972 goto err;
968 } 973 }
969 progress = 1; 974 progress = 1;
970 975
971 if (debug) 976 if (debug)
972 printf((io1 == client_io) ? 977 printf((io1 == client_io) ?
973 "C->S relaying: %d bytes\n" : 978 "C->S relaying: %d bytes\n" :
974 "S->C relaying: %d bytes\n", 979 "S->C relaying: %d bytes\n",
975 (int)num); 980 (int)num);
976 } 981 }
977 } while (r1 && r2); 982 } while (r1 && r2);
978 983
@@ -1007,7 +1012,7 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
1007 if (r != (int)num) /* can't happen */ 1012 if (r != (int)num) /* can't happen */
1008 { 1013 {
1009 fprintf(stderr, "ERROR: BIO_read could not read " 1014 fprintf(stderr, "ERROR: BIO_read could not read "
1010 "BIO_ctrl_pending() bytes"); 1015 "BIO_ctrl_pending() bytes");
1011 goto err; 1016 goto err;
1012 } 1017 }
1013 progress = 1; 1018 progress = 1;
@@ -1015,15 +1020,15 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
1015 if (r != (int)num) /* can't happen */ 1020 if (r != (int)num) /* can't happen */
1016 { 1021 {
1017 fprintf(stderr, "ERROR: BIO_nwrite() did not accept " 1022 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1018 "BIO_nwrite0() bytes"); 1023 "BIO_nwrite0() bytes");
1019 goto err; 1024 goto err;
1020 } 1025 }
1021 1026
1022 if (debug) 1027 if (debug)
1023 printf((io2 == client_io) ? 1028 printf((io2 == client_io) ?
1024 "C->S relaying: %d bytes\n" : 1029 "C->S relaying: %d bytes\n" :
1025 "S->C relaying: %d bytes\n", 1030 "S->C relaying: %d bytes\n",
1026 (int)num); 1031 (int)num);
1027 } 1032 }
1028 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ 1033 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1029 1034
@@ -1034,8 +1039,8 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
1034 fprintf(stderr, "This can happen for SSL2 because " 1039 fprintf(stderr, "This can happen for SSL2 because "
1035 "CLIENT-FINISHED and SERVER-VERIFY are written \n" 1040 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
1036 "concurrently ..."); 1041 "concurrently ...");
1037 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 1042 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 &&
1038 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) { 1043 strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) {
1039 fprintf(stderr, " ok.\n"); 1044 fprintf(stderr, " ok.\n");
1040 goto end; 1045 goto end;
1041 } 1046 }
@@ -1052,7 +1057,7 @@ doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
1052end: 1057end:
1053 ret = 0; 1058 ret = 0;
1054 1059
1055 err: 1060err:
1056 ERR_print_errors(bio_err); 1061 ERR_print_errors(bio_err);
1057 1062
1058 if (server) 1063 if (server)
@@ -1146,9 +1151,9 @@ doit(SSL *s_ssl, SSL *c_ssl, long count)
1146 printf("server:SSL_write()\n"); 1151 printf("server:SSL_write()\n");
1147 else 1152 else
1148 printf("server:SSL_read()\n"); */ 1153 printf("server:SSL_read()\n"); */
1149 } 1154 }
1150 1155
1151 if (do_client && debug) { 1156 if (do_client && debug) {
1152 if (SSL_in_init(c_ssl)) 1157 if (SSL_in_init(c_ssl))
1153 printf("client waiting in SSL_connect - %s\n", 1158 printf("client waiting in SSL_connect - %s\n",
1154 SSL_state_string_long(c_ssl)); 1159 SSL_state_string_long(c_ssl));
@@ -1156,9 +1161,9 @@ doit(SSL *s_ssl, SSL *c_ssl, long count)
1156 printf("client:SSL_write()\n"); 1161 printf("client:SSL_write()\n");
1157 else 1162 else
1158 printf("client:SSL_read()\n"); */ 1163 printf("client:SSL_read()\n"); */
1159 } 1164 }
1160 1165
1161 if (!do_client && !do_server) { 1166 if (!do_client && !do_server) {
1162 fprintf(stdout, "ERROR IN STARTUP\n"); 1167 fprintf(stdout, "ERROR IN STARTUP\n");
1163 ERR_print_errors(bio_err); 1168 ERR_print_errors(bio_err);
1164 break; 1169 break;
@@ -1289,13 +1294,13 @@ doit(SSL *s_ssl, SSL *c_ssl, long count)
1289 s_write = 0; 1294 s_write = 0;
1290 c_r = 1; 1295 c_r = 1;
1291 if (sw_num <= 0) 1296 if (sw_num <= 0)
1292 done|=S_DONE; 1297 done |= S_DONE;
1293 } 1298 }
1294 } 1299 }
1295 } 1300 }
1296 1301
1297 if ((done & S_DONE) 1302 if ((done & S_DONE) && (done & C_DONE))
1298 && (done & C_DONE)) break; 1303 break;
1299 } 1304 }
1300 1305
1301 if (verbose) 1306 if (verbose)
@@ -1350,7 +1355,7 @@ verify_callback(int ok, X509_STORE_CTX *ctx)
1350 char *s, buf[256]; 1355 char *s, buf[256];
1351 1356
1352 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, 1357 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
1353 sizeof buf); 1358 sizeof buf);
1354 if (s != NULL) { 1359 if (s != NULL) {
1355 if (ok) 1360 if (ok)
1356 fprintf(stderr, "depth=%d %s\n", 1361 fprintf(stderr, "depth=%d %s\n",
@@ -1382,14 +1387,14 @@ verify_callback(int ok, X509_STORE_CTX *ctx)
1382 if (xs->ex_flags & EXFLAG_PROXY) { 1387 if (xs->ex_flags & EXFLAG_PROXY) {
1383 unsigned int *letters = 1388 unsigned int *letters =
1384 X509_STORE_CTX_get_ex_data(ctx, 1389 X509_STORE_CTX_get_ex_data(ctx,
1385 get_proxy_auth_ex_data_idx()); 1390 get_proxy_auth_ex_data_idx());
1386 1391
1387 if (letters) { 1392 if (letters) {
1388 int found_any = 0; 1393 int found_any = 0;
1389 int i; 1394 int i;
1390 PROXY_CERT_INFO_EXTENSION *pci = 1395 PROXY_CERT_INFO_EXTENSION *pci =
1391 X509_get_ext_d2i(xs, NID_proxyCertInfo, 1396 X509_get_ext_d2i(xs, NID_proxyCertInfo,
1392 NULL, NULL); 1397 NULL, NULL);
1393 1398
1394 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) { 1399 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
1395 case NID_Independent: 1400 case NID_Independent:
@@ -1473,8 +1478,8 @@ static void
1473process_proxy_debug(int indent, const char *format, ...) 1478process_proxy_debug(int indent, const char *format, ...)
1474{ 1479{
1475 static const char indentation[] = 1480 static const char indentation[] =
1476 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" 1481 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1477 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */ 1482 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1478 char my_format[256]; 1483 char my_format[256];
1479 va_list args; 1484 va_list args;
1480 1485
@@ -1558,7 +1563,7 @@ process_proxy_cond_val(unsigned int letters[26], const char *cond,
1558 ok = -1; 1563 ok = -1;
1559 goto end; 1564 goto end;
1560 } 1565 }
1561 end: 1566end:
1562 *cond_end = cond; 1567 *cond_end = cond;
1563 if (ok >= 0 && negate) 1568 if (ok >= 0 && negate)
1564 ok = !ok; 1569 ok = !ok;
@@ -1627,10 +1632,11 @@ process_proxy_cond_multipliers(unsigned int letters[26], const char *cond,
1627 goto end; 1632 goto end;
1628 } 1633 }
1629 } 1634 }
1630 end: 1635end:
1631 if (debug) 1636 if (debug)
1632 process_proxy_debug(indent, 1637 process_proxy_debug(indent,
1633 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n", 1638 "End process_proxy_cond_multipliers at position %d: %s, "
1639 "returning %d\n",
1634 *pos, cond, ok); 1640 *pos, cond, ok);
1635 1641
1636 *cond_end = cond; 1642 *cond_end = cond;
@@ -1690,10 +1696,10 @@ process_proxy_cond_adders(unsigned int letters[26], const char *cond,
1690 goto end; 1696 goto end;
1691 } 1697 }
1692 } 1698 }
1693 end: 1699end:
1694 if (debug) 1700 if (debug)
1695 process_proxy_debug(indent, 1701 process_proxy_debug(indent,
1696 "End process_proxy_cond_adders at position %d: %s, returning %d\n", 1702 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
1697 *pos, cond, ok); 1703 *pos, cond, ok);
1698 1704
1699 *cond_end = cond; 1705 *cond_end = cond;
@@ -1721,7 +1727,7 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1721 fprintf(stderr, "In app_verify_callback, allowing cert. "); 1727 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1722 fprintf(stderr, "Arg is: %s\n", cb_arg->string); 1728 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1723 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", 1729 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1724 (void *)ctx, (void *)ctx->cert); 1730 (void *)ctx, (void *)ctx->cert);
1725 if (ctx->cert) 1731 if (ctx->cert)
1726 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256); 1732 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
1727 if (s != NULL) { 1733 if (s != NULL) {
@@ -1768,7 +1774,7 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1768 const char *cond_end = NULL; 1774 const char *cond_end = NULL;
1769 1775
1770 ok = process_proxy_cond(letters, 1776 ok = process_proxy_cond(letters,
1771 cb_arg->proxy_cond, &cond_end); 1777 cb_arg->proxy_cond, &cond_end);
1772 1778
1773 if (ok < 0) 1779 if (ok < 0)
1774 exit(3); 1780 exit(3);
@@ -1778,10 +1784,10 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1778 } 1784 }
1779 if (!ok) 1785 if (!ok)
1780 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n", 1786 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
1781 cb_arg->proxy_cond); 1787 cb_arg->proxy_cond);
1782 else 1788 else
1783 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n", 1789 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
1784 cb_arg->proxy_cond); 1790 cb_arg->proxy_cond);
1785 } 1791 }
1786 } 1792 }
1787 return (ok); 1793 return (ok);
@@ -1813,7 +1819,7 @@ end:
1813 } 1819 }
1814 if (bn) 1820 if (bn)
1815 BN_free(bn); 1821 BN_free(bn);
1816 return (rsa_tmp); 1822 return (rsa_tmp);
1817} 1823}
1818 1824
1819static void 1825static void
@@ -1847,8 +1853,9 @@ get_dh512()
1847 }; 1853 };
1848 DH *dh; 1854 DH *dh;
1849 1855
1850 if ((dh = DH_new()) == NULL) return (NULL); 1856 if ((dh = DH_new()) == NULL)
1851 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); 1857 return (NULL);
1858 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
1852 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); 1859 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
1853 if ((dh->p == NULL) || (dh->g == NULL)) { 1860 if ((dh->p == NULL) || (dh->g == NULL)) {
1854 DH_free(dh); 1861 DH_free(dh);
@@ -1878,8 +1885,9 @@ get_dh1024()
1878 }; 1885 };
1879 DH *dh; 1886 DH *dh;
1880 1887
1881 if ((dh = DH_new()) == NULL) return (NULL); 1888 if ((dh = DH_new()) == NULL)
1882 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 1889 return (NULL);
1890 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1883 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 1891 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1884 if ((dh->p == NULL) || (dh->g == NULL)) { 1892 if ((dh->p == NULL) || (dh->g == NULL)) {
1885 DH_free(dh); 1893 DH_free(dh);
@@ -1919,8 +1927,9 @@ get_dh1024dsa()
1919 }; 1927 };
1920 DH *dh; 1928 DH *dh;
1921 1929
1922 if ((dh = DH_new()) == NULL) return (NULL); 1930 if ((dh = DH_new()) == NULL)
1923 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 1931 return (NULL);
1932 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1924 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 1933 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1925 if ((dh->p == NULL) || (dh->g == NULL)) { 1934 if ((dh->p == NULL) || (dh->g == NULL)) {
1926 DH_free(dh); 1935 DH_free(dh);
@@ -1941,10 +1950,12 @@ do_test_cipherlist(void)
1941 meth = SSLv3_method(); 1950 meth = SSLv3_method();
1942 tci = NULL; 1951 tci = NULL;
1943 while ((ci = meth->get_cipher(i++)) != NULL) { 1952 while ((ci = meth->get_cipher(i++)) != NULL) {
1944 if (tci != NULL) 1953 if (tci != NULL) {
1945 if (ci->id >= tci->id) { 1954 if (ci->id >= tci->id) {
1946 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 1955 fprintf(stderr,
1947 return 0; 1956 "failed %lx vs. %lx\n", ci->id, tci->id);
1957 return 0;
1958 }
1948 } 1959 }
1949 tci = ci; 1960 tci = ci;
1950 } 1961 }
@@ -1953,10 +1964,12 @@ do_test_cipherlist(void)
1953 meth = TLSv1_method(); 1964 meth = TLSv1_method();
1954 tci = NULL; 1965 tci = NULL;
1955 while ((ci = meth->get_cipher(i++)) != NULL) { 1966 while ((ci = meth->get_cipher(i++)) != NULL) {
1956 if (tci != NULL) 1967 if (tci != NULL) {
1957 if (ci->id >= tci->id) { 1968 if (ci->id >= tci->id) {
1958 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 1969 fprintf(stderr,
1959 return 0; 1970 "failed %lx vs. %lx\n", ci->id, tci->id);
1971 return 0;
1972 }
1960 } 1973 }
1961 tci = ci; 1974 tci = ci;
1962 } 1975 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 16:45:08 +0000