diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libssl/ssl/ssltest.c | 41 | 
1 files changed, 0 insertions, 41 deletions
| diff --git a/src/regress/lib/libssl/ssl/ssltest.c b/src/regress/lib/libssl/ssl/ssltest.c index 90d9e7f6ae..19e9a7d25a 100644 --- a/src/regress/lib/libssl/ssl/ssltest.c +++ b/src/regress/lib/libssl/ssl/ssltest.c | |||
| @@ -175,9 +175,7 @@ | |||
| 175 | #include <openssl/rand.h> | 175 | #include <openssl/rand.h> | 
| 176 | #include <openssl/rsa.h> | 176 | #include <openssl/rsa.h> | 
| 177 | #include <openssl/dsa.h> | 177 | #include <openssl/dsa.h> | 
| 178 | #ifndef OPENSSL_NO_DH | ||
| 179 | #include <openssl/dh.h> | 178 | #include <openssl/dh.h> | 
| 180 | #endif | ||
| 181 | #include <openssl/bn.h> | 179 | #include <openssl/bn.h> | 
| 182 | 180 | ||
| 183 | #define _XOPEN_SOURCE_EXTENDED 1 | 181 | #define _XOPEN_SOURCE_EXTENDED 1 | 
| @@ -203,11 +201,9 @@ struct app_verify_arg { | |||
| 203 | char *proxy_cond; | 201 | char *proxy_cond; | 
| 204 | }; | 202 | }; | 
| 205 | 203 | ||
| 206 | #ifndef OPENSSL_NO_DH | ||
| 207 | static DH *get_dh512(void); | 204 | static DH *get_dh512(void); | 
| 208 | static DH *get_dh1024(void); | 205 | static DH *get_dh1024(void); | 
| 209 | static DH *get_dh1024dsa(void); | 206 | static DH *get_dh1024dsa(void); | 
| 210 | #endif | ||
| 211 | 207 | ||
| 212 | static BIO *bio_err = NULL; | 208 | static BIO *bio_err = NULL; | 
| 213 | static BIO *bio_stdout = NULL; | 209 | static BIO *bio_stdout = NULL; | 
| @@ -235,14 +231,10 @@ sv_usage(void) | |||
| 235 | fprintf(stderr, " -reuse - use session-id reuse\n"); | 231 | fprintf(stderr, " -reuse - use session-id reuse\n"); | 
| 236 | fprintf(stderr, " -num <val> - number of connections to perform\n"); | 232 | fprintf(stderr, " -num <val> - number of connections to perform\n"); | 
| 237 | fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n"); | 233 | fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n"); | 
| 238 | #ifndef OPENSSL_NO_DH | ||
| 239 | fprintf(stderr, " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); | 234 | fprintf(stderr, " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); | 
| 240 | fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); | 235 | fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); | 
| 241 | fprintf(stderr, " -no_dhe - disable DHE\n"); | 236 | fprintf(stderr, " -no_dhe - disable DHE\n"); | 
| 242 | #endif | ||
| 243 | #ifndef OPENSSL_NO_ECDH | ||
| 244 | fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); | 237 | fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); | 
| 245 | #endif | ||
| 246 | fprintf(stderr, " -dtls1 - use DTLSv1\n"); | 238 | fprintf(stderr, " -dtls1 - use DTLSv1\n"); | 
| 247 | fprintf(stderr, " -ssl3 - use SSLv3\n"); | 239 | fprintf(stderr, " -ssl3 - use SSLv3\n"); | 
| 248 | fprintf(stderr, " -tls1 - use TLSv1\n"); | 240 | fprintf(stderr, " -tls1 - use TLSv1\n"); | 
| @@ -256,11 +248,9 @@ sv_usage(void) | |||
| 256 | fprintf(stderr, " -bio_pair - Use BIO pairs\n"); | 248 | fprintf(stderr, " -bio_pair - Use BIO pairs\n"); | 
| 257 | fprintf(stderr, " -f - Test even cases that can't work\n"); | 249 | fprintf(stderr, " -f - Test even cases that can't work\n"); | 
| 258 | fprintf(stderr, " -time - measure processor time used by client and server\n"); | 250 | fprintf(stderr, " -time - measure processor time used by client and server\n"); | 
| 259 | #ifndef OPENSSL_NO_ECDH | ||
| 260 | fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ | 251 | fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ | 
| 261 | " Use \"openssl ecparam -list_curves\" for all names\n" \ | 252 | " Use \"openssl ecparam -list_curves\" for all names\n" \ | 
| 262 | " (default is sect163r2).\n"); | 253 | " (default is sect163r2).\n"); | 
| 263 | #endif | ||
| 264 | fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n"); | 254 | fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n"); | 
| 265 | } | 255 | } | 
| 266 | 256 | ||
| @@ -370,22 +360,16 @@ main(int argc, char *argv[]) | |||
| 370 | char *server_key = NULL; | 360 | char *server_key = NULL; | 
| 371 | char *client_cert = TEST_CLIENT_CERT; | 361 | char *client_cert = TEST_CLIENT_CERT; | 
| 372 | char *client_key = NULL; | 362 | char *client_key = NULL; | 
| 373 | #ifndef OPENSSL_NO_ECDH | ||
| 374 | char *named_curve = NULL; | 363 | char *named_curve = NULL; | 
| 375 | #endif | ||
| 376 | SSL_CTX *s_ctx = NULL; | 364 | SSL_CTX *s_ctx = NULL; | 
| 377 | SSL_CTX *c_ctx = NULL; | 365 | SSL_CTX *c_ctx = NULL; | 
| 378 | const SSL_METHOD *meth = NULL; | 366 | const SSL_METHOD *meth = NULL; | 
| 379 | SSL *c_ssl, *s_ssl; | 367 | SSL *c_ssl, *s_ssl; | 
| 380 | int number = 1, reuse = 0; | 368 | int number = 1, reuse = 0; | 
| 381 | long bytes = 256L; | 369 | long bytes = 256L; | 
| 382 | #ifndef OPENSSL_NO_DH | ||
| 383 | DH *dh; | 370 | DH *dh; | 
| 384 | int dhe1024 = 0, dhe1024dsa = 0; | 371 | int dhe1024 = 0, dhe1024dsa = 0; | 
| 385 | #endif | ||
| 386 | #ifndef OPENSSL_NO_ECDH | ||
| 387 | EC_KEY *ecdh = NULL; | 372 | EC_KEY *ecdh = NULL; | 
| 388 | #endif | ||
| 389 | int no_dhe = 0; | 373 | int no_dhe = 0; | 
| 390 | int no_ecdhe = 0; | 374 | int no_ecdhe = 0; | 
| 391 | int print_time = 0; | 375 | int print_time = 0; | 
| @@ -429,17 +413,9 @@ main(int argc, char *argv[]) | |||
| 429 | else if (strcmp(*argv, "-reuse") == 0) | 413 | else if (strcmp(*argv, "-reuse") == 0) | 
| 430 | reuse = 1; | 414 | reuse = 1; | 
| 431 | else if (strcmp(*argv, "-dhe1024") == 0) { | 415 | else if (strcmp(*argv, "-dhe1024") == 0) { | 
| 432 | #ifndef OPENSSL_NO_DH | ||
| 433 | dhe1024 = 1; | 416 | dhe1024 = 1; | 
| 434 | #else | ||
| 435 | fprintf(stderr, "ignoring -dhe1024, since I'm compiled without DH\n"); | ||
| 436 | #endif | ||
| 437 | } else if (strcmp(*argv, "-dhe1024dsa") == 0) { | 417 | } else if (strcmp(*argv, "-dhe1024dsa") == 0) { | 
| 438 | #ifndef OPENSSL_NO_DH | ||
| 439 | dhe1024dsa = 1; | 418 | dhe1024dsa = 1; | 
| 440 | #else | ||
| 441 | fprintf(stderr, "ignoring -dhe1024, since I'm compiled without DH\n"); | ||
| 442 | #endif | ||
| 443 | } else if (strcmp(*argv, "-no_dhe") == 0) | 419 | } else if (strcmp(*argv, "-no_dhe") == 0) | 
| 444 | no_dhe = 1; | 420 | no_dhe = 1; | 
| 445 | else if (strcmp(*argv, "-no_ecdhe") == 0) | 421 | else if (strcmp(*argv, "-no_ecdhe") == 0) | 
| @@ -514,12 +490,7 @@ main(int argc, char *argv[]) | |||
| 514 | } else if (strcmp(*argv, "-named_curve") == 0) { | 490 | } else if (strcmp(*argv, "-named_curve") == 0) { | 
| 515 | if (--argc < 1) | 491 | if (--argc < 1) | 
| 516 | goto bad; | 492 | goto bad; | 
| 517 | #ifndef OPENSSL_NO_ECDH | ||
| 518 | named_curve = *(++argv); | 493 | named_curve = *(++argv); | 
| 519 | #else | ||
| 520 | fprintf(stderr, "ignoring -named_curve, since I'm compiled without ECDH\n"); | ||
| 521 | ++argv; | ||
| 522 | #endif | ||
| 523 | } else if (strcmp(*argv, "-app_verify") == 0) { | 494 | } else if (strcmp(*argv, "-app_verify") == 0) { | 
| 524 | app_verify_arg.app_verify = 1; | 495 | app_verify_arg.app_verify = 1; | 
| 525 | } else if (strcmp(*argv, "-proxy") == 0) { | 496 | } else if (strcmp(*argv, "-proxy") == 0) { | 
| @@ -594,7 +565,6 @@ bad: | |||
| 594 | SSL_CTX_set_cipher_list(s_ctx, cipher); | 565 | SSL_CTX_set_cipher_list(s_ctx, cipher); | 
| 595 | } | 566 | } | 
| 596 | 567 | ||
| 597 | #ifndef OPENSSL_NO_DH | ||
| 598 | if (!no_dhe) { | 568 | if (!no_dhe) { | 
| 599 | if (dhe1024dsa) { | 569 | if (dhe1024dsa) { | 
| 600 | /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ | 570 | /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ | 
| @@ -607,11 +577,7 @@ bad: | |||
| 607 | SSL_CTX_set_tmp_dh(s_ctx, dh); | 577 | SSL_CTX_set_tmp_dh(s_ctx, dh); | 
| 608 | DH_free(dh); | 578 | DH_free(dh); | 
| 609 | } | 579 | } | 
| 610 | #else | ||
| 611 | (void)no_dhe; | ||
| 612 | #endif | ||
| 613 | 580 | ||
| 614 | #ifndef OPENSSL_NO_ECDH | ||
| 615 | if (!no_ecdhe) { | 581 | if (!no_ecdhe) { | 
| 616 | int nid; | 582 | int nid; | 
| 617 | 583 | ||
| @@ -638,9 +604,6 @@ bad: | |||
| 638 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); | 604 | SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); | 
| 639 | EC_KEY_free(ecdh); | 605 | EC_KEY_free(ecdh); | 
| 640 | } | 606 | } | 
| 641 | #else | ||
| 642 | (void)no_ecdhe; | ||
| 643 | #endif | ||
| 644 | 607 | ||
| 645 | SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); | 608 | SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); | 
| 646 | 609 | ||
| @@ -1798,9 +1761,7 @@ app_verify_callback(X509_STORE_CTX *ctx, void *arg) | |||
| 1798 | X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); | 1761 | X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); | 
| 1799 | } | 1762 | } | 
| 1800 | 1763 | ||
| 1801 | #ifndef OPENSSL_NO_X509_VERIFY | ||
| 1802 | ok = X509_verify_cert(ctx); | 1764 | ok = X509_verify_cert(ctx); | 
| 1803 | #endif | ||
| 1804 | 1765 | ||
| 1805 | if (cb_arg->proxy_auth) { | 1766 | if (cb_arg->proxy_auth) { | 
| 1806 | if (ok > 0) { | 1767 | if (ok > 0) { | 
| @@ -1864,7 +1825,6 @@ free_tmp_rsa(void) | |||
| 1864 | } | 1825 | } | 
| 1865 | } | 1826 | } | 
| 1866 | 1827 | ||
| 1867 | #ifndef OPENSSL_NO_DH | ||
| 1868 | /* These DH parameters have been generated as follows: | 1828 | /* These DH parameters have been generated as follows: | 
| 1869 | * $ openssl dhparam -C -noout 512 | 1829 | * $ openssl dhparam -C -noout 512 | 
| 1870 | * $ openssl dhparam -C -noout 1024 | 1830 | * $ openssl dhparam -C -noout 1024 | 
| @@ -1969,7 +1929,6 @@ get_dh1024dsa() | |||
| 1969 | dh->length = 160; | 1929 | dh->length = 160; | 
| 1970 | return (dh); | 1930 | return (dh); | 
| 1971 | } | 1931 | } | 
| 1972 | #endif | ||
| 1973 | 1932 | ||
| 1974 | static int | 1933 | static int | 
| 1975 | do_test_cipherlist(void) | 1934 | do_test_cipherlist(void) | 
