int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
/* initialize random seed used by curl clients */
unsigned int iseed = (unsigned int) time (NULL);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
srand (iseed);
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 0;
}
if (0 != strncmp (ssl_version, "GnuTLS", 6))
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
return 0;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return -1;
}
char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes256_sha = "rsa_aes_256_sha";
}
errorCount +=
test_wrap ("multi threaded daemon, single client", &test_single_client,
NULL,
MHD_USE_TLS | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION,
aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
errorCount +=
test_wrap ("multi threaded daemon, parallel client",
&test_parallel_clients, NULL,
MHD_USE_TLS | MHD_USE_DEBUG | MHD_USE_THREAD_PER_CONNECTION,
aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
if (errorCount != 0)
fprintf (stderr, "Failed test: %s.\n", argv[0]);
curl_global_cleanup ();
return errorCount != 0;
}
static int32_t
test_token(struct client *c1, int32_t hc1, struct client *c2, int32_t hc2, int wrap_ext)
{
int32_t val;
int i;
for (i = 0; i < 10; i++) {
/* mic */
test_mic(c1, hc1, c2, hc2);
test_mic(c2, hc2, c1, hc1);
/* wrap */
val = test_wrap(c1, hc1, c2, hc2, 0);
if (val) return val;
val = test_wrap(c2, hc2, c1, hc1, 0);
if (val) return val;
val = test_wrap(c1, hc1, c2, hc2, 1);
if (val) return val;
val = test_wrap(c2, hc2, c1, hc1, 1);
if (val) return val;
if (wrap_ext) {
/* wrap ext */
val = test_wrap_ext(c1, hc1, c2, hc2, 1, 0);
if (val) return val;
val = test_wrap_ext(c2, hc2, c1, hc1, 1, 0);
if (val) return val;
val = test_wrap_ext(c1, hc1, c2, hc2, 1, 1);
if (val) return val;
val = test_wrap_ext(c2, hc2, c1, hc1, 1, 1);
if (val) return val;
val = test_wrap_ext(c1, hc1, c2, hc2, 0, 0);
if (val) return val;
val = test_wrap_ext(c2, hc2, c1, hc1, 0, 0);
if (val) return val;
val = test_wrap_ext(c1, hc1, c2, hc2, 0, 1);
if (val) return val;
val = test_wrap_ext(c2, hc2, c1, hc1, 0, 1);
if (val) return val;
}
}
return GSMERR_OK;
}
/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
errorCount += test_wrap ("ip addr option", &test_ip_addr_option);
return errorCount != 0;
}
void
test_wrapmodes ()
{
const int ori = 0;
const int w = 4;
static int
val[] = {-7, -6, -5, -4, -3, -2, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -10},
cla[] = { 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3, 3, 3, 3, 3, 3, 3},
per[] = { 1, 2, 3, 0, 1, 2, 3, 0, 1, 2, 3, 0, 1, 2, 3, 0, 1},
mir[] = { 1, 2, 3, 3, 2, 1, 0, 0, 1, 2, 3, 3, 2, 1, 0, 0, 1};
for (int i = 0; val[i] > -10; ++i) {
OIIO_CHECK_EQUAL (test_wrap (wrap_clamp, val[i], ori, w), cla[i]);
OIIO_CHECK_EQUAL (test_wrap (wrap_periodic, val[i], ori, w), per[i]);
OIIO_CHECK_EQUAL (test_wrap (wrap_periodic_pow2, val[i], ori, w), per[i]);
OIIO_CHECK_EQUAL (test_wrap (wrap_mirror, val[i], ori, w), mir[i]);
}
}
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
/* initialize random seed used by curl clients */
unsigned int iseed = (unsigned int) time (NULL);
srand (iseed);
gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return -1;
}
char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes256_sha = "rsa_aes_256_sha";
}
errorCount +=
test_wrap ("single threaded daemon, single client", &test_single_client,
NULL,
MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG,
aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
errorCount +=
test_wrap ("single threaded daemon, parallel clients",
&test_parallel_clients, NULL,
MHD_USE_SELECT_INTERNALLY | MHD_USE_SSL | MHD_USE_DEBUG,
aes256_sha, CURL_SSLVERSION_TLSv1, MHD_OPTION_HTTPS_MEM_KEY,
srv_key_pem, MHD_OPTION_HTTPS_MEM_CERT,
srv_self_signed_cert_pem, MHD_OPTION_END);
curl_global_cleanup ();
return errorCount != 0;
}
/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
int daemon_flags =
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 0;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return 0;
}
char *aes128_sha = "AES128-SHA";
char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
errorCount +=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
errorCount +=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
errorCount +=
test_wrap ("SSL3.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
#if 0
/* manual inspection of the handshake suggests that CURL will
request TLSv1, we send back "SSL3" and CURL takes it *despite*
being configured to speak SSL3-only. Notably, the other way
round (have curl request SSL3, respond with TLSv1 only)
is properly refused by CURL. Either way, this does NOT seem
to be a bug in MHD/gnuTLS but rather in CURL; hence this
test is commented out here... */
errorCount +=
test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version,
NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
#endif
errorCount +=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END);
curl_global_cleanup ();
return errorCount != 0;
}
/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
int daemon_flags =
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 77;
}
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 77;
}
if (0 != strncmp (ssl_version, "GnuTLS", 6))
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
return 77;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return 77;
}
const char *aes128_sha = "AES128-SHA";
const char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
if (0 !=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
errorCount++;
}
fprintf (stderr,
"The following handshake should fail (and print an error message)...\n");
if (0 !=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
errorCount++;
}
curl_global_cleanup ();
return errorCount != 0;
}
__attribute__((fastcall)) static inline int test_tk( int *a, int *b, int c ) {
return test_wrap( test_enter, a, b , c );
}
/* setup a temporary transfer test file */
int
main (int argc, char *const *argv)
{
unsigned int errorCount = 0;
const char *ssl_version;
int daemon_flags =
MHD_USE_THREAD_PER_CONNECTION | MHD_USE_SSL | MHD_USE_DEBUG;
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
#ifdef GCRYCTL_INITIALIZATION_FINISHED
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
#endif
if (curl_check_version (MHD_REQ_CURL_VERSION))
{
return 0;
}
ssl_version = curl_version_info (CURLVERSION_NOW)->ssl_version;
if (NULL == ssl_version)
{
fprintf (stderr, "Curl does not support SSL. Cannot run the test.\n");
return 0;
}
if (0 != strncmp (ssl_version, "GnuTLS", 6))
{
fprintf (stderr, "This test can be run only with libcurl-gnutls.\n");
return 0;
}
if (0 != curl_global_init (CURL_GLOBAL_ALL))
{
fprintf (stderr, "Error: %s\n", strerror (errno));
return 0;
}
const char *aes128_sha = "AES128-SHA";
const char *aes256_sha = "AES256-SHA";
if (curl_uses_nss_ssl() == 0)
{
aes128_sha = "rsa_aes_128_sha";
aes256_sha = "rsa_aes_256_sha";
}
if (0 !=
test_wrap ("TLS1.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0-AES-SHA1 test failed\n");
errorCount++;
}
#if 0
/* this used to work, but somehow no longer. gnutls issue? */
if (0 !=
test_wrap ("SSL3.0-AES256-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "SSL3.0-AES256-SHA1 test failed\n");
errorCount++;
}
if (0 !=
test_wrap ("SSL3.0-AES-SHA1",
&test_https_transfer, NULL, daemon_flags,
aes128_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-SSL3.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "SSL3.0-AES-SHA1 test failed\n");
errorCount++;
}
#endif
#if 0
/* manual inspection of the handshake suggests that CURL will
request TLSv1, we send back "SSL3" and CURL takes it *despite*
being configured to speak SSL3-only. Notably, the other way
round (have curl request SSL3, respond with TLSv1 only)
is properly refused by CURL. Either way, this does NOT seem
to be a bug in MHD/gnuTLS but rather in CURL; hence this
test is commented out here... */
errorCount +=
test_wrap ("unmatching version: SSL3 vs. TLS", &test_unmatching_ssl_version,
NULL, daemon_flags, "AES256-SHA", CURL_SSLVERSION_TLSv1,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_CIPHER_ALGORITHM, "SSL3", MHD_OPTION_END);
#endif
fprintf (stderr,
"The following handshake should fail (and print an error message)...\n");
if (0 !=
test_wrap ("TLS1.0 vs SSL3",
&test_unmatching_ssl_version, NULL, daemon_flags,
aes256_sha,
CURL_SSLVERSION_SSLv3,
MHD_OPTION_HTTPS_MEM_KEY, srv_key_pem,
MHD_OPTION_HTTPS_MEM_CERT, srv_self_signed_cert_pem,
MHD_OPTION_HTTPS_PRIORITIES, "NONE:+VERS-TLS1.0:+AES-256-CBC:+SHA1:+RSA:+COMP-NULL",
MHD_OPTION_END))
{
fprintf (stderr, "TLS1.0 vs SSL3 test failed\n");
errorCount++;
}
curl_global_cleanup ();
return errorCount != 0;
}
