/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
+#include "e_os.h"
+
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
#ifndef _BSD_SOURCE
# define _BSD_SOURCE 1
#include "internal/nelem.h"
-#define USE_SOCKETS
-#include "e_os.h"
-
#ifdef OPENSSL_SYS_VMS
/*
* Or isascii won't be declared properly on VMS (at least with DECompHP C).
OPENSSL_free(out);
return NULL;
}
- out[start] = i - start;
+ out[start] = (unsigned char)(i - start);
start = i + 1;
} else
out[i + 1] = in[i];
return 1;
}
-static int verify_serverinfo()
+static int verify_serverinfo(void)
{
if (serverinfo_sct != serverinfo_sct_seen)
return -1;
}
static char *cipher = NULL;
+static char *ciphersuites = NULL;
static int verbose = 0;
static int debug = 0;
fprintf(stderr, " -c_cert arg - Client certificate file\n");
fprintf(stderr,
" -c_key arg - Client key file (default: same as -c_cert)\n");
- fprintf(stderr, " -cipher arg - The cipher list\n");
+ fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
+ fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
fprintf(stderr, " -bio_pair - Use BIO pairs\n");
fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
}
X509_free(cert);
}
- if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
+ if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
BIO_puts(bio_stdout, ", temp key: ");
print_key_details(bio_stdout, pkey);
EVP_PKEY_free(pkey);
verbose = 0;
debug = 0;
- cipher = 0;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
if (--argc < 1)
goto bad;
cipher = *(++argv);
+ } else if (strcmp(*argv, "-ciphersuites") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ciphersuites = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
} else if (tls1_2) {
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
+ } else {
+ min_version = 0;
+ max_version = 0;
}
#endif
#ifndef OPENSSL_NO_DTLS
- if (dtls || dtls1 || dtls12)
+ if (dtls || dtls1 || dtls12) {
meth = DTLS_method();
- if (dtls1) {
- min_version = DTLS1_VERSION;
- max_version = DTLS1_VERSION;
- } else if (dtls12) {
- min_version = DTLS1_2_VERSION;
- max_version = DTLS1_2_VERSION;
+ if (dtls1) {
+ min_version = DTLS1_VERSION;
+ max_version = DTLS1_VERSION;
+ } else if (dtls12) {
+ min_version = DTLS1_2_VERSION;
+ max_version = DTLS1_2_VERSION;
+ } else {
+ min_version = 0;
+ max_version = 0;
+ }
}
#endif
goto end;
if (cipher != NULL) {
- if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
- || !SSL_CTX_set_cipher_list(s_ctx, cipher)
- || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+ if (strcmp(cipher, "") == 0) {
+ if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+ ERR_clear_error();
+ } else {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /* Should have failed when clearing all TLSv1.2 ciphers. */
+ fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+ goto end;
+ }
+
+ if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+ ERR_clear_error();
+ } else {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /* Should have failed when clearing all TLSv1.2 ciphers. */
+ fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+ goto end;
+ }
+
+ if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
+ ERR_clear_error();
+ } else {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ /* Should have failed when clearing all TLSv1.2 ciphers. */
+ fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
+ goto end;
+ }
+ } else {
+ if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
+ || !SSL_CTX_set_cipher_list(s_ctx, cipher)
+ || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ }
+ if (ciphersuites != NULL) {
+ if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
+ || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
+ || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
ERR_print_errors(bio_err);
goto end;
}
{
int session_id_context = 0;
if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
- sizeof session_id_context) ||
+ sizeof(session_id_context)) ||
!SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
- sizeof session_id_context)) {
+ sizeof(session_id_context))) {
ERR_print_errors(bio_err);
goto end;
}
int err_in_client = 0;
int err_in_server = 0;
- acpt = BIO_new_accept("0");
+ acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
+ : "[::1]:0");
if (acpt == NULL)
goto err;
BIO_set_accept_ip_family(acpt, family);
if (cw_num > 0) {
/* Write to server. */
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
+ if (cw_num > (long)sizeof(cbuf))
+ i = sizeof(cbuf);
else
i = (int)cw_num;
r = BIO_write(c_ssl_bio, cbuf, i);
if (sw_num > 0) {
/* Write to client. */
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
+ if (sw_num > (long)sizeof(sbuf))
+ i = sizeof(sbuf);
else
i = (int)sw_num;
r = BIO_write(s_ssl_bio, sbuf, i);
if (cw_num > 0) {
/* Write to server. */
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
+ if (cw_num > (long)sizeof(cbuf))
+ i = sizeof(cbuf);
else
i = (int)cw_num;
r = BIO_write(c_ssl_bio, cbuf, i);
if (sw_num > 0) {
/* Write to client. */
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
+ if (sw_num > (long)sizeof(sbuf))
+ i = sizeof(sbuf);
else
i = (int)sw_num;
r = BIO_write(s_ssl_bio, sbuf, i);
char *s, buf[256];
s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
- buf, sizeof buf);
+ buf, sizeof(buf));
if (s != NULL) {
if (ok)
printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
* $ openssl dhparam -C -noout -dsaparam 1024
* (The third function has been renamed to avoid name conflicts.)
*/
-static DH *get_dh512()
+static DH *get_dh512(void)
{
static unsigned char dh512_p[] = {
0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
return dh;
}
-static DH *get_dh1024()
+static DH *get_dh1024(void)
{
static unsigned char dh1024_p[] = {
0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
return dh;
}
-static DH *get_dh1024dsa()
+static DH *get_dh1024dsa(void)
{
static unsigned char dh1024_p[] = {
0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,