generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reverting 1.0.2-only changes supporting the prior authz RFC5878-based tests from commit 835d104f46c4448a27844a9309de456c7972a943

Browse Source
This commit is contained in:
Scott Deboy 2014-02-09 07:49:44 -08:00
parent 5a32dd8930
commit c32ebefaa8
1 changed files with 0 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
ssl/ssltest.c
View File

@ -836,11 +836,6 @@ static void sv_usage(void)
" (default is sect163r2).\n"); " (default is sect163r2).\n");
#endif #endif
fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
#ifndef OPENSSL_NO_TLSEXT
fprintf(stderr," -server_authz arg - binary authz file for certificate\n");
fprintf(stderr," -c_support_proof - indicate client support for server_authz audit proofs\n");
fprintf(stderr," -c_require_proof - fail if no audit proof is sent\n");
#endif
fprintf(stderr," -serverinfo_file file - have server use this file\n"); fprintf(stderr," -serverinfo_file file - have server use this file\n");
fprintf(stderr," -serverinfo_sct - have client offer and expect SCT\n"); fprintf(stderr," -serverinfo_sct - have client offer and expect SCT\n");
fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n"); fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
@ -978,56 +973,6 @@ int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
} }
#endif #endif
#ifndef OPENSSL_NO_TLSEXT
struct audit_proof_cb_arg_st
{
unsigned char *expected_proof;
size_t expected_proof_length;
int require;
};
struct audit_proof_cb_arg_st c_expected = { NULL, 0, 0 };
static int audit_proof_cb(SSL *s, void *arg)
{
const unsigned char *proof;
size_t proof_len;
SSL_SESSION *sess = SSL_get_session(s);
struct audit_proof_cb_arg_st *cb_arg = (struct audit_proof_cb_arg_st*)arg;
proof = SSL_SESSION_get_tlsext_authz_server_audit_proof(sess,
&proof_len);
if (proof != NULL)
{
if (proof_len == cb_arg->expected_proof_length &&
cb_arg->expected_proof != NULL &&
memcmp(proof, cb_arg->expected_proof, proof_len) == 0)
{
BIO_printf(bio_stdout, "Audit proof OK (%lu bytes).\n",
(long)proof_len);
return 1;
}
else
{
BIO_printf(bio_stdout, "Audit proof mismatch.\n");
/* Cause handshake failure. */
return 0;
}
}
else /* proof == NULL */
{
BIO_printf(bio_stdout, "No audit proof found.\n");
if (cb_arg->require)
{
/* Cause handshake failure. */
return 0;
}
return 1;
}
}
#endif
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
char *CApath=NULL,*CAfile=NULL; char *CApath=NULL,*CAfile=NULL;
@ -1079,11 +1024,6 @@ int main(int argc, char *argv[])
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
int fips_mode=0; int fips_mode=0;
#endif #endif
#ifndef OPENSSL_NO_TLSEXT
char *s_authz_file = NULL;
int c_support_proof = 0;
int c_require_proof = 0;
#endif
verbose = 0; verbose = 0;
debug = 0; debug = 0;
@ -1302,24 +1242,6 @@ int main(int argc, char *argv[])
{ {
test_cipherlist = 1; test_cipherlist = 1;
} }
#ifndef OPENSSL_NO_TLSEXT
else if(strcmp(*argv,"-server_authz") == 0)
{
if (--argc < 1) goto bad;
s_authz_file = *(++argv);
tls1 = 1;
}
else if (strcmp(*argv,"-c_support_proof") == 0)
{
c_support_proof = 1;
tls1 = 1;
}
else if (strcmp(*argv,"-c_require_proof") == 0)
{
c_require_proof = 1;
tls1 = 1;
}
#endif
else if (strcmp(*argv,"-serverinfo_sct") == 0) else if (strcmp(*argv,"-serverinfo_sct") == 0)
{ {
serverinfo_sct = 1; serverinfo_sct = 1;
@ -1389,15 +1311,6 @@ bad:
"to avoid protocol mismatch.\n"); "to avoid protocol mismatch.\n");
EXIT(1); EXIT(1);
} }
if (c_require_proof && s_authz_file == NULL && !force)
{
fprintf(stderr, "This case cannot work. -c_require_proof "
"requires an audit proof, but none was supplied. "
"Use -f to perform the test anyway (and\n-d to see "
"what happens), or use -server_authz to supply an "
"audit proof.\n");
EXIT(1);
}
#ifdef OPENSSL_FIPS #ifdef OPENSSL_FIPS
if(fips_mode) if(fips_mode)
@ -1669,34 +1582,6 @@ bad:
SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
} }
#endif #endif
#ifndef OPENSSL_NO_TLSEXT
if (s_authz_file != NULL)
{
if(!SSL_CTX_use_authz_file(s_ctx, s_authz_file))
{
BIO_printf(bio_err, "Unable to set authz data\n");
goto end;
}
}
if (c_support_proof || c_require_proof)
{
size_t proof_length;
const unsigned char *proof = SSL_CTX_get_authz_data(s_ctx,
TLSEXT_AUTHZDATAFORMAT_audit_proof, &proof_length);
if (proof != NULL)
{
/* Store a local copy. */
c_expected.expected_proof = OPENSSL_malloc(proof_length);
c_expected.expected_proof_length = proof_length;
memcpy(c_expected.expected_proof, proof, proof_length);
}
c_expected.require = c_require_proof;
SSL_CTX_set_tlsext_authz_server_audit_proof_cb(c_ctx,
audit_proof_cb);
SSL_CTX_set_tlsext_authz_server_audit_proof_cb_arg(c_ctx,
&c_expected);
}
#endif
if (serverinfo_sct) if (serverinfo_sct)
SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL, SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL,
@ -1849,10 +1734,6 @@ end:
#endif #endif
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup(); ENGINE_cleanup();
#endif
#ifndef OPENSSL_NO_TLSEXT
if (c_expected.expected_proof != NULL)
OPENSSL_free(c_expected.expected_proof);
#endif #endif
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
ERR_free_strings(); ERR_free_strings();