require_noerr(SecTrustEvaluate(*trust, &trust_result), out);
CFIndex n_certs = SecTrustGetCertificateCount(*trust);
- /* fprintf(stderr, "%ld certs; trust_eval: %d\n", n_certs, trust_result); */
peer_cert_array = CFArrayCreateMutable(NULL, n_certs, &kCFTypeArrayCallBacks);
orig_peer_cert_array = CFArrayCreateMutableCopy(NULL, n_certs, ssl->peer_certs);
CFReleaseNull(orig_peer_cert_array);
CFReleaseNull(peer_cert_array);
- /*
- CFStringRef cert_name = SecCertificateCopySubjectSummary(cert);
- char cert_name_buffer[1024];
- require(CFStringGetFileSystemRepresentation(cert_name,
- cert_name_buffer, sizeof(cert_name_buffer)), out);
- fprintf(stderr, "cert name: %s\n", cert_name_buffer);
- CFRelease(trust);
- */
return true;
out:
CFReleaseNull(orig_peer_cert_array);
require_noerr(ortn=SSLGetSessionState(ctx,&ssl_state), out);
require_action(ssl_state==kSSLIdle, out, ortn = -1);
- //uint64_t start = mach_absolute_time();
do {
ortn = SSLHandshake(ctx);
require_noerr(SSLGetSessionState(ctx,&ssl_state), out);
require_string(!got_server_auth, out, "got server auth during resumption??");
require_string(check_peer_cert(ctx, ssl, &trust), out, "Certificate check failed (resumption case)");
}
- //uint64_t elapsed = mach_absolute_time() - start;
- //fprintf(stderr, "setr elapsed: %lld\n", elapsed);
-
- /*
- SSLProtocol proto = kSSLProtocolUnknown;
- require_noerr_quiet(SSLGetNegotiatedProtocolVersion(ctx, &proto), out); */
SSLCipherSuite cipherSuite;
require_noerr_quiet(ortn = SSLGetNegotiatedCipher(ctx, &cipherSuite), out);
- //fprintf(stderr, "st negotiated %s\n", sslcipher_itoa(cipherSuite));
if(ssl->is_dtls) {
size_t sz;
SSLGetDatagramWriteSize(ctx, &sz);
- //fprintf(stderr, "Max Write Size = %ld\n", sz);
}
Boolean sessionWasResumed = false;
size_t session_id_length = sizeof(session_id_data);
require_noerr_quiet(ortn = SSLGetResumableSessionInfo(ctx, &sessionWasResumed, session_id_data, &session_id_length), out);
require_action(ssl->dh_anonymous || (ssl->is_session_resume == sessionWasResumed), out, ortn = -1);
- // if (sessionWasResumed) fprintf(stderr, "st resumed session\n");
- //hexdump(session_id_data, session_id_length);
#define BUFSIZE (8*1024)
unsigned char ibuf[BUFSIZE], obuf[BUFSIZE];
size_t len;
if (ssl->is_server) {
memset(obuf, i, BUFSIZE);
- // SecRandomCopyBytes(kSecRandomDefault, sizeof(obuf), obuf);
require_noerr(ortn = SSLWrite(ctx, obuf, BUFSIZE, &len), out);
require_action(len == BUFSIZE, out, ortn = -1);
size_t l=len;
ortn = SSLRead(ctx, ibuf+len, BUFSIZE-len, &l);
len+=l;
- //printf("SSLRead [%p] %d, l=%zd len=%zd\n", ctx, (int)ortn, l, len);
}
- //printf("SSLRead [%p] done\n", ctx);
-
require_noerr(ortn, out);
require_action(len == BUFSIZE, out, ortn = -1);
CFArrayRef server_rsa_certs = server_chain();
CFArrayRef server_ec_certs = server_ec_chain();
CFArrayRef client_certs = trusted_client_chain();
- ok(server_rsa_certs, "got rsa server cert chain");
- ok(server_ec_certs, "got ec server cert chain");
- ok(client_certs, "got rsa client cert chain");
+ require(server_rsa_certs != NULL, end);
+ require(server_ec_certs != NULL, end);
+ require(client_certs != NULL, end);
-/* Enable this if you want to test a specific d/i/k/l/m/p combination */
-#if 0
- int i=0, l=0, k=0, p=0; { {
-#else
int i,k,l, p;
for (p=0; p<nprotos; p++)
for (i=0; i<SupportedCipherSuitesCount; i++)
for (l = 0; l<2; l++) { /* resumption or not */
-#endif
uint16_t cs = (uint16_t)(SupportedCipherSuites[i]);
KeyExchangeMethod kem = sslCipherSuiteGetKeyExchangeMethod(cs);
SSL_CipherAlgorithm cipher = sslCipherSuiteGetSymmetricCipherAlgorithm(cs);
skip("This ciphersuite is not supported for this protocol version", 1, version_ok);
int sp[2];
- if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp)) exit(errno);
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp)) {
+ exit(errno);
+ }
fcntl(sp[0], F_SETNOSIGPIPE, 1);
fcntl(sp[1], F_SETNOSIGPIPE, 1);
SSLAuthenticate client_side_auth = k;
uint32_t session_id = (p<<24) | (k<<16) | (i+1);
- //fprintf(stderr, "session_id: %d\n", session_id);
server = ssl_test_handle_create(session_id, (l == 1), true /*server*/,
client_side_auth, dh_anonymous, dtls,
sp[0], server_certs, client_certs, protos[p]);
pthread_create(&client_thread, NULL, securetransport_ssl_thread, client);
pthread_create(&server_thread, NULL, securetransport_ssl_thread, server);
- int server_err, client_err;
+ intptr_t server_err, client_err;
pthread_join(client_thread, (void*)&client_err);
pthread_join(server_thread, (void*)&server_err);
} /* all configs */
+end:
+ CFReleaseSafe(client_certs);
CFReleaseSafe(server_ec_certs);
CFReleaseSafe(server_rsa_certs);
- CFReleaseSafe(client_certs);
-
}
int ssl_42_ciphers(int argc, char *const *argv)
{
- plan_tests(3 * 2 * nprotos * SupportedCipherSuitesCount /* client auth 0/1/2 * #resumptions * #protos * #ciphers */
- + 3 /*cert*/);
+ plan_tests(3 * 2 * nprotos * SupportedCipherSuitesCount /* client auth 0/1/2 * #resumptions * #protos * #ciphers */);
tests();
projects / apple / security.git / blobdiff