Lines Matching +full:1 +full:- +full:eng
45 #define INVALID_SOCKET (-1)
67 for (p = si; p != NULL; p = p->ai_next) { in host_connect()
73 sa = (struct sockaddr *)p->ai_addr; in host_connect()
74 if (sa->sa_family == AF_INET) { in host_connect()
76 (void *)sa)->sin_addr; in host_connect()
77 } else if (sa->sa_family == AF_INET6) { in host_connect()
79 (void *)sa)->sin6_addr; in host_connect()
84 if (!inet_ntop(p->ai_family, addr, in host_connect()
91 (int)sa->sa_family); in host_connect()
95 fd = socket(p->ai_family, p->ai_socktype, p->ai_protocol); in host_connect()
102 if (connect(fd, p->ai_addr, p->ai_addrlen) == INVALID_SOCKET) { in host_connect()
126 * We make the socket non-blocking, since we are going to use in host_connect()
133 arg = 1; in host_connect()
157 if (zc->verbose) { in cc_start_name_list()
159 fprintf(stderr, "--- anchor DN list start ---\n"); in cc_start_name_list()
169 if (zc->verbose) { in cc_start_name()
182 if (zc->verbose) { in cc_append_name()
211 if (zc->verbose) { in cc_end_name_list()
212 fprintf(stderr, "--- anchor DN list end ---\n"); in cc_end_name_list()
225 if (((hh >> i) & 1) != 0) { in print_hashes()
227 } else if (((hh2 >> i) & 1) != 0) { in print_hashes()
238 br_sha1_ID, br_md5sha1_ID, -1 in choose_hash()
244 if (((hh >> f[u]) & 1) != 0) { in choose_hash()
248 return -1; in choose_hash()
261 if (zc->verbose) { in cc_choose()
290 switch (zc->sk->key_type) { in cc_choose()
292 if ((choices->hash_id = choose_hash(auth_types)) >= 0) { in cc_choose()
293 if (zc->verbose) { in cc_choose()
295 choices->hash_id, in cc_choose()
296 hash_function_name(choices->hash_id)); in cc_choose()
298 choices->auth_type = BR_AUTH_RSA; in cc_choose()
299 choices->chain = zc->chain; in cc_choose()
300 choices->chain_len = zc->chain_len; in cc_choose()
305 if (zc->issuer_key_type != 0 in cc_choose()
306 && scurve == zc->sk->key.ec.curve) in cc_choose()
310 x = (zc->issuer_key_type == BR_KEYTYPE_RSA) ? 16 : 17; in cc_choose()
311 if (((auth_types >> x) & 1) != 0) { in cc_choose()
312 if (zc->verbose) { in cc_choose()
315 choices->auth_type = BR_AUTH_ECDH; in cc_choose()
316 choices->hash_id = -1; in cc_choose()
317 choices->chain = zc->chain; in cc_choose()
318 choices->chain_len = zc->chain_len; in cc_choose()
322 if ((choices->hash_id = choose_hash(auth_types >> 8)) >= 0) { in cc_choose()
323 if (zc->verbose) { in cc_choose()
325 choices->hash_id, in cc_choose()
326 hash_function_name(choices->hash_id)); in cc_choose()
328 choices->auth_type = BR_AUTH_ECDSA; in cc_choose()
329 choices->chain = zc->chain; in cc_choose()
330 choices->chain_len = zc->chain_len; in cc_choose()
335 if (zc->verbose) { in cc_choose()
338 choices->chain = NULL; in cc_choose()
339 choices->chain_len = 0; in cc_choose()
353 r = iec->mul(data, *len, zc->sk->key.ec.x, in cc_do_keyx()
354 zc->sk->key.ec.xlen, zc->sk->key.ec.curve); in cc_do_keyx()
355 xoff = iec->xoff(zc->sk->key.ec.curve, &xlen); in cc_do_keyx()
370 switch (zc->sk->key_type) { in cc_do_sign()
379 if (zc->verbose) { in cc_do_sign()
380 fprintf(stderr, "ERROR: cannot RSA-sign with" in cc_do_sign()
386 sig_len = (zc->sk->key.rsa.n_bitlen + 7) >> 3; in cc_do_sign()
388 if (zc->verbose) { in cc_do_sign()
389 fprintf(stderr, "ERROR: cannot RSA-sign," in cc_do_sign()
398 hash_oid, hv, hv_len, &zc->sk->key.rsa, data); in cc_do_sign()
400 if (zc->verbose) { in cc_do_sign()
401 fprintf(stderr, "ERROR: RSA-sign failure\n"); in cc_do_sign()
410 if (zc->verbose) { in cc_do_sign()
411 fprintf(stderr, "ERROR: cannot ECDSA-sign with" in cc_do_sign()
418 if (zc->verbose) { in cc_do_sign()
419 fprintf(stderr, "ERROR: cannot ECDSA-sign" in cc_do_sign()
426 br_ec_get_default(), hc, hv, &zc->sk->key.ec, data); in cc_do_sign()
428 if (zc->verbose) { in cc_do_sign()
429 fprintf(stderr, "ERROR: ECDSA-sign failure\n"); in cc_do_sign()
466 " -q suppress verbose messages\n"); in usage_client()
468 " -trace activate extra debug messages (dump of all packets)\n"); in usage_client()
470 " -sni name use this specific name for SNI\n"); in usage_client()
472 " -nosni do not send any SNI\n"); in usage_client()
474 " -mono use monodirectional buffering\n"); in usage_client()
476 " -buf length set the I/O buffer length (in bytes)\n"); in usage_client()
478 " -CA file add certificates in 'file' to trust anchors\n"); in usage_client()
480 " -cert file set client certificate chain\n"); in usage_client()
482 " -key file set client private key (for certificate authentication)\n"); in usage_client()
484 " -nostaticecdh prohibit full-static ECDH (client certificate)\n"); in usage_client()
486 " -list list supported names (protocols, algorithms...)\n"); in usage_client()
488 " -vmin name set minimum supported version (default: TLS-1.0)\n"); in usage_client()
490 " -vmax name set maximum supported version (default: TLS-1.2)\n"); in usage_client()
492 " -cs names set list of supported cipher suites (comma-separated)\n"); in usage_client()
494 " -hf names add support for some hash functions (comma-separated)\n"); in usage_client()
496 " -minhello len set minimum ClientHello length (in bytes)\n"); in usage_client()
498 " -fallback send the TLS_FALLBACK_SCSV (i.e. claim a downgrade)\n"); in usage_client()
500 " -noreneg prohibit renegotiations\n"); in usage_client()
502 " -alpn name add protocol name to list of protocols (ALPN extension)\n"); in usage_client()
504 " -strictalpn fail on ALPN mismatch\n"); in usage_client()
544 verbose = 1; in do_client()
550 bidi = 1; in do_client()
563 minhello_len = (size_t)-1; in do_client()
571 if (arg[0] != '-') { in do_client()
581 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) { in do_client()
582 verbose = 1; in do_client()
583 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) { in do_client()
585 } else if (eqstr(arg, "-trace")) { in do_client()
586 trace = 1; in do_client()
587 } else if (eqstr(arg, "-sni")) { in do_client()
590 "ERROR: no argument for '-sni'\n"); in do_client()
600 } else if (eqstr(arg, "-nosni")) { in do_client()
607 } else if (eqstr(arg, "-mono")) { in do_client()
609 } else if (eqstr(arg, "-buf")) { in do_client()
612 "ERROR: no argument for '-buf'\n"); in do_client()
624 if (iobuf_len == (size_t)-1) { in do_client()
628 } else if (eqstr(arg, "-CA")) { in do_client()
631 "ERROR: no argument for '-CA'\n"); in do_client()
640 } else if (eqstr(arg, "-cert")) { in do_client()
643 "ERROR: no argument for '-cert'\n"); in do_client()
658 } else if (eqstr(arg, "-key")) { in do_client()
661 "ERROR: no argument for '-key'\n"); in do_client()
676 } else if (eqstr(arg, "-nostaticecdh")) { in do_client()
677 nostaticecdh = 1; in do_client()
678 } else if (eqstr(arg, "-list")) { in do_client()
681 } else if (eqstr(arg, "-vmin")) { in do_client()
684 "ERROR: no argument for '-vmin'\n"); in do_client()
703 } else if (eqstr(arg, "-vmax")) { in do_client()
706 "ERROR: no argument for '-vmax'\n"); in do_client()
725 } else if (eqstr(arg, "-cs")) { in do_client()
728 "ERROR: no argument for '-cs'\n"); in do_client()
744 } else if (eqstr(arg, "-hf")) { in do_client()
749 "ERROR: no argument for '-hf'\n"); in do_client()
760 } else if (eqstr(arg, "-minhello")) { in do_client()
763 "ERROR: no argument for '-minhello'\n"); in do_client()
768 if (minhello_len != (size_t)-1) { in do_client()
778 if (minhello_len == (size_t)-1 in do_client()
784 } else if (eqstr(arg, "-fallback")) { in do_client()
785 fallback = 1; in do_client()
786 } else if (eqstr(arg, "-noreneg")) { in do_client()
788 } else if (eqstr(arg, "-alpn")) { in do_client()
791 "ERROR: no argument for '-alpn'\n"); in do_client()
796 } else if (eqstr(arg, "-strictalpn")) { in do_client()
809 for (u = strlen(server_name); u > 0; u --) { in do_client()
810 int c = server_name[u - 1]; in do_client()
825 memcpy(host, server_name, u - 1); in do_client()
826 host[u - 1] = 0; in do_client()
878 hfuns = (unsigned)-1; in do_client()
892 suite_ids = xmalloc((num_suites + 1) * sizeof *suite_ids); in do_client()
894 br_ssl_engine_set_versions(&cc.eng, vmin, vmax); in do_client()
901 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK; in do_client()
902 if ((hfuns & ((unsigned)1 << id)) != 0) { in do_client()
913 if (!(hfuns & (1 << br_md5_ID))) { in do_client()
917 if (!(hfuns & (1 << br_sha1_ID))) { in do_client()
918 fprintf(stderr, "ERROR: TLS 1.0 and 1.1 need SHA-1\n"); in do_client()
933 if ((req & REQ_SHA1) != 0 && !(hfuns & (1 << br_sha1_ID))) { in do_client()
935 "ERROR: cipher suite %s requires SHA-1\n", in do_client()
939 if ((req & REQ_SHA256) != 0 && !(hfuns & (1 << br_sha256_ID))) { in do_client()
941 "ERROR: cipher suite %s requires SHA-256\n", in do_client()
945 if ((req & REQ_SHA384) != 0 && !(hfuns & (1 << br_sha384_ID))) { in do_client()
947 "ERROR: cipher suite %s requires SHA-384\n", in do_client()
953 br_ssl_engine_set_default_aes_cbc(&cc.eng); in do_client()
956 br_ssl_engine_set_default_aes_ccm(&cc.eng); in do_client()
959 br_ssl_engine_set_default_aes_gcm(&cc.eng); in do_client()
962 br_ssl_engine_set_default_chapol(&cc.eng); in do_client()
965 br_ssl_engine_set_default_des_cbc(&cc.eng); in do_client()
971 br_ssl_engine_set_default_ec(&cc.eng); in do_client()
972 br_ssl_engine_set_default_rsavrfy(&cc.eng); in do_client()
975 br_ssl_engine_set_default_ecdsa(&cc.eng); in do_client()
978 br_ssl_engine_set_default_ec(&cc.eng); in do_client()
984 br_ssl_engine_set_suites(&cc.eng, suite_ids, num_suites); in do_client()
991 id = (hc->desc >> BR_HASHDESC_ID_OFF) & BR_HASHDESC_ID_MASK; in do_client()
992 if ((hfuns & ((unsigned)1 << id)) != 0) { in do_client()
993 br_ssl_engine_set_hash(&cc.eng, id, hc); in do_client()
998 br_ssl_engine_set_prf10(&cc.eng, &br_tls10_prf); in do_client()
1001 if ((hfuns & ((unsigned)1 << br_sha256_ID)) != 0) { in do_client()
1002 br_ssl_engine_set_prf_sha256(&cc.eng, in do_client()
1005 if ((hfuns & ((unsigned)1 << br_sha384_ID)) != 0) { in do_client()
1006 br_ssl_engine_set_prf_sha384(&cc.eng, in do_client()
1025 br_ssl_engine_set_x509(&cc.eng, &xwc.vtable); in do_client()
1027 br_ssl_engine_set_x509(&cc.eng, &xc.vtable); in do_client()
1030 if (minhello_len != (size_t)-1) { in do_client()
1033 br_ssl_engine_set_all_flags(&cc.eng, flags); in do_client()
1035 br_ssl_engine_set_protocol_names(&cc.eng, in do_client()
1046 if (nostaticecdh || sk->key_type != BR_KEYTYPE_EC) { in do_client()
1057 br_ssl_engine_set_buffer(&cc.eng, iobuf, iobuf_len, bidi); in do_client()
1078 if (run_ssl_engine(&cc.eng, fd, in do_client()
1110 retcode = -1; in do_client()