sslv2conftest.c revision 306195
1/* Written by Matt Caswell for the OpenSSL Project */ 2/* ==================================================================== 3 * Copyright (c) 2016 The OpenSSL Project. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in 14 * the documentation and/or other materials provided with the 15 * distribution. 16 * 17 * 3. All advertising materials mentioning features or use of this 18 * software must display the following acknowledgment: 19 * "This product includes software developed by the OpenSSL Project 20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21 * 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23 * endorse or promote products derived from this software without 24 * prior written permission. For written permission, please contact 25 * openssl-core@openssl.org. 26 * 27 * 5. Products derived from this software may not be called "OpenSSL" 28 * nor may "OpenSSL" appear in their names without prior written 29 * permission of the OpenSSL Project. 30 * 31 * 6. Redistributions of any form whatsoever must retain the following 32 * acknowledgment: 33 * "This product includes software developed by the OpenSSL Project 34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47 * OF THE POSSIBILITY OF SUCH DAMAGE. 48 * ==================================================================== 49 * 50 * This product includes cryptographic software written by Eric Young 51 * (eay@cryptsoft.com). This product includes software written by Tim 52 * Hudson (tjh@cryptsoft.com). 53 * 54 */ 55 56#include <stdlib.h> 57#include <openssl/bio.h> 58#include <openssl/ssl.h> 59#include <openssl/err.h> 60 61 62#define TOTAL_NUM_TESTS 2 63#define TEST_SSL_CTX 0 64 65#define SSLV2ON 1 66#define SSLV2OFF 0 67 68SSL_CONF_CTX *confctx; 69SSL_CTX *ctx; 70SSL *ssl; 71 72static int checksslv2(int test, int sslv2) 73{ 74 int options; 75 if (test == TEST_SSL_CTX) { 76 options = SSL_CTX_get_options(ctx); 77 } else { 78 options = SSL_get_options(ssl); 79 } 80 return ((options & SSL_OP_NO_SSLv2) == 0) ^ (sslv2 == SSLV2OFF); 81} 82 83int main(int argc, char *argv[]) 84{ 85 BIO *err; 86 int testresult = 0; 87 int currtest = 0; 88 89 SSL_library_init(); 90 SSL_load_error_strings(); 91 92 err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); 93 94 CRYPTO_malloc_debug_init(); 95 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); 96 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 97 98 99 confctx = SSL_CONF_CTX_new(); 100 ctx = SSL_CTX_new(SSLv23_method()); 101 ssl = SSL_new(ctx); 102 if (confctx == NULL || ctx == NULL) 103 goto end; 104 105 SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE 106 | SSL_CONF_FLAG_CLIENT 107 | SSL_CONF_FLAG_SERVER); 108 109 /* 110 * For each test set up an SSL_CTX and SSL and see whether SSLv2 is enabled 111 * as expected after various SSL_CONF_cmd("Protocol", ...) calls. 112 */ 113 for (currtest = 0; currtest < TOTAL_NUM_TESTS; currtest++) { 114 BIO_printf(err, "SSLv2 CONF Test number %d\n", currtest); 115 if (currtest == TEST_SSL_CTX) 116 SSL_CONF_CTX_set_ssl_ctx(confctx, ctx); 117 else 118 SSL_CONF_CTX_set_ssl(confctx, ssl); 119 120 /* SSLv2 should be off by default */ 121 if (!checksslv2(currtest, SSLV2OFF)) { 122 BIO_printf(err, "SSLv2 CONF Test: Off by default test FAIL\n"); 123 goto end; 124 } 125 126 if (SSL_CONF_cmd(confctx, "Protocol", "ALL") != 2 127 || !SSL_CONF_CTX_finish(confctx)) { 128 BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n"); 129 goto end; 130 } 131 132 /* Should still be off even after ALL Protocols on */ 133 if (!checksslv2(currtest, SSLV2OFF)) { 134 BIO_printf(err, "SSLv2 CONF Test: Off after config #1 FAIL\n"); 135 goto end; 136 } 137 138 if (SSL_CONF_cmd(confctx, "Protocol", "SSLv2") != 2 139 || !SSL_CONF_CTX_finish(confctx)) { 140 BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n"); 141 goto end; 142 } 143 144 /* Should still be off even if explicitly asked for */ 145 if (!checksslv2(currtest, SSLV2OFF)) { 146 BIO_printf(err, "SSLv2 CONF Test: Off after config #2 FAIL\n"); 147 goto end; 148 } 149 150 if (SSL_CONF_cmd(confctx, "Protocol", "-SSLv2") != 2 151 || !SSL_CONF_CTX_finish(confctx)) { 152 BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n");; 153 goto end; 154 } 155 156 if (!checksslv2(currtest, SSLV2OFF)) { 157 BIO_printf(err, "SSLv2 CONF Test: Off after config #3 FAIL\n"); 158 goto end; 159 } 160 161 if (currtest == TEST_SSL_CTX) 162 SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); 163 else 164 SSL_clear_options(ssl, SSL_OP_NO_SSLv2); 165 166 if (!checksslv2(currtest, SSLV2ON)) { 167 BIO_printf(err, "SSLv2 CONF Test: On after clear FAIL\n"); 168 goto end; 169 } 170 171 if (SSL_CONF_cmd(confctx, "Protocol", "ALL") != 2 172 || !SSL_CONF_CTX_finish(confctx)) { 173 BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n"); 174 goto end; 175 } 176 177 /* Option has been cleared and config says have SSLv2 so should be on */ 178 if (!checksslv2(currtest, SSLV2ON)) { 179 BIO_printf(err, "SSLv2 CONF Test: On after config #1 FAIL\n"); 180 goto end; 181 } 182 183 if (SSL_CONF_cmd(confctx, "Protocol", "SSLv2") != 2 184 || !SSL_CONF_CTX_finish(confctx)) { 185 BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n"); 186 goto end; 187 } 188 189 /* Option has been cleared and config says have SSLv2 so should be on */ 190 if (!checksslv2(currtest, SSLV2ON)) { 191 BIO_printf(err, "SSLv2 CONF Test: On after config #2 FAIL\n"); 192 goto end; 193 } 194 195 if (SSL_CONF_cmd(confctx, "Protocol", "-SSLv2") != 2 196 || !SSL_CONF_CTX_finish(confctx)) { 197 BIO_printf(err, "SSLv2 CONF Test: SSL_CONF command FAIL\n"); 198 goto end; 199 } 200 201 /* Option has been cleared but config says no SSLv2 so should be off */ 202 if (!checksslv2(currtest, SSLV2OFF)) { 203 BIO_printf(err, "SSLv2 CONF Test: Off after config #4 FAIL\n"); 204 goto end; 205 } 206 207 } 208 209 testresult = 1; 210 211 end: 212 SSL_free(ssl); 213 SSL_CTX_free(ctx); 214 SSL_CONF_CTX_free(confctx); 215 216 if (!testresult) { 217 printf("SSLv2 CONF test: FAILED (Test %d)\n", currtest); 218 ERR_print_errors(err); 219 } else { 220 printf("SSLv2 CONF test: PASSED\n"); 221 } 222 223 ERR_free_strings(); 224 ERR_remove_thread_state(NULL); 225 EVP_cleanup(); 226 CRYPTO_cleanup_all_ex_data(); 227 CRYPTO_mem_leaks(err); 228 BIO_free(err); 229 230 return testresult ? EXIT_SUCCESS : EXIT_FAILURE; 231} 232