summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssltest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c2139
1 files changed, 2139 insertions, 0 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
new file mode 100644
index 0000000000..3a0db0cb51
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -0,0 +1,2139 @@
1/* ssl/ssltest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
113 on Linux and GNU platforms. */
114
115#include <assert.h>
116#include <errno.h>
117#include <limits.h>
118#include <stdio.h>
119#include <stdlib.h>
120#include <string.h>
121#include <time.h>
122#include <inttypes.h>
123#include <ctype.h>
124
125#define USE_SOCKETS
126#include "e_os.h"
127
128#include <openssl/bio.h>
129#include <openssl/crypto.h>
130#include <openssl/evp.h>
131#include <openssl/x509.h>
132#include <openssl/x509v3.h>
133#include <openssl/ssl.h>
134#ifndef OPENSSL_NO_ENGINE
135#include <openssl/engine.h>
136#endif
137#include <openssl/err.h>
138#include <openssl/rand.h>
139#include <openssl/fips.h>
140
141#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
142 on Compaq platforms (at least with DEC C).
143 Do not try to put it earlier, or IPv6 includes
144 get screwed...
145 */
146
147#ifdef OPENSSL_SYS_WINDOWS
148#include <winsock.h>
149#else
150#include OPENSSL_UNISTD
151#endif
152
153#ifdef OPENSSL_SYS_VMS
154# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
155# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
156#elif defined(OPENSSL_SYS_WINCE)
157# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
158# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
159#else
160# define TEST_SERVER_CERT "../apps/server.pem"
161# define TEST_CLIENT_CERT "../apps/client.pem"
162#endif
163
164/* There is really no standard for this, so let's assign some tentative
165 numbers. In any case, these numbers are only for this test */
166#define COMP_RLE 1
167#define COMP_ZLIB 2
168
169static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
170#ifndef OPENSSL_NO_RSA
171static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
172static void free_tmp_rsa(void);
173#endif
174static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
175#define APP_CALLBACK_STRING "Test Callback Argument"
176struct app_verify_arg
177 {
178 char *string;
179 int app_verify;
180 int allow_proxy_certs;
181 char *proxy_auth;
182 char *proxy_cond;
183 };
184
185#ifndef OPENSSL_NO_DH
186static DH *get_dh512(void);
187static DH *get_dh1024(void);
188static DH *get_dh1024dsa(void);
189#endif
190
191static BIO *bio_err=NULL;
192static BIO *bio_stdout=NULL;
193
194static char *cipher=NULL;
195static int verbose=0;
196static int debug=0;
197#if 0
198/* Not used yet. */
199#ifdef FIONBIO
200static int s_nbio=0;
201#endif
202#endif
203
204static const char rnd_seed[] = "string to make the random number generator think it has entropy";
205
206int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
207int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
208static void sv_usage(void)
209 {
210 fprintf(stderr,"usage: ssltest [args ...]\n");
211 fprintf(stderr,"\n");
212#ifdef OPENSSL_FIPS
213 fprintf(stderr,"-F - run test in FIPS mode\n");
214#endif
215 fprintf(stderr," -server_auth - check server certificate\n");
216 fprintf(stderr," -client_auth - do client authentication\n");
217 fprintf(stderr," -proxy - allow proxy certificates\n");
218 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
219 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
220 fprintf(stderr," -v - more output\n");
221 fprintf(stderr," -d - debug output\n");
222 fprintf(stderr," -reuse - use session-id reuse\n");
223 fprintf(stderr," -num <val> - number of connections to perform\n");
224 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
225#ifndef OPENSSL_NO_DH
226 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
227 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
228 fprintf(stderr," -no_dhe - disable DHE\n");
229#endif
230#ifndef OPENSSL_NO_SSL2
231 fprintf(stderr," -ssl2 - use SSLv2\n");
232#endif
233#ifndef OPENSSL_NO_SSL3
234 fprintf(stderr," -ssl3 - use SSLv3\n");
235#endif
236#ifndef OPENSSL_NO_TLS1
237 fprintf(stderr," -tls1 - use TLSv1\n");
238#endif
239 fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
240 fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
241 fprintf(stderr," -cert arg - Server certificate file\n");
242 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
243 fprintf(stderr," -c_cert arg - Client certificate file\n");
244 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
245 fprintf(stderr," -cipher arg - The cipher list\n");
246 fprintf(stderr," -bio_pair - Use BIO pairs\n");
247 fprintf(stderr," -f - Test even cases that can't work\n");
248 fprintf(stderr," -time - measure processor time used by client and server\n");
249 fprintf(stderr," -zlib - use zlib compression\n");
250 fprintf(stderr," -time - use rle compression\n");
251 }
252
253static void print_details(SSL *c_ssl, const char *prefix)
254 {
255 SSL_CIPHER *ciph;
256 X509 *cert;
257
258 ciph=SSL_get_current_cipher(c_ssl);
259 BIO_printf(bio_stdout,"%s%s, cipher %s %s",
260 prefix,
261 SSL_get_version(c_ssl),
262 SSL_CIPHER_get_version(ciph),
263 SSL_CIPHER_get_name(ciph));
264 cert=SSL_get_peer_certificate(c_ssl);
265 if (cert != NULL)
266 {
267 EVP_PKEY *pkey = X509_get_pubkey(cert);
268 if (pkey != NULL)
269 {
270 if (0)
271 ;
272#ifndef OPENSSL_NO_RSA
273 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
274 && pkey->pkey.rsa->n != NULL)
275 {
276 BIO_printf(bio_stdout, ", %d bit RSA",
277 BN_num_bits(pkey->pkey.rsa->n));
278 }
279#endif
280#ifndef OPENSSL_NO_DSA
281 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
282 && pkey->pkey.dsa->p != NULL)
283 {
284 BIO_printf(bio_stdout, ", %d bit DSA",
285 BN_num_bits(pkey->pkey.dsa->p));
286 }
287#endif
288 EVP_PKEY_free(pkey);
289 }
290 X509_free(cert);
291 }
292 /* The SSL API does not allow us to look at temporary RSA/DH keys,
293 * otherwise we should print their lengths too */
294 BIO_printf(bio_stdout,"\n");
295 }
296
297static void lock_dbg_cb(int mode, int type, const char *file, int line)
298 {
299 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
300 const char *errstr = NULL;
301 int rw;
302
303 rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
304 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
305 {
306 errstr = "invalid mode";
307 goto err;
308 }
309
310 if (type < 0 || type >= CRYPTO_NUM_LOCKS)
311 {
312 errstr = "type out of bounds";
313 goto err;
314 }
315
316 if (mode & CRYPTO_LOCK)
317 {
318 if (modes[type])
319 {
320 errstr = "already locked";
321 /* must not happen in a single-threaded program
322 * (would deadlock) */
323 goto err;
324 }
325
326 modes[type] = rw;
327 }
328 else if (mode & CRYPTO_UNLOCK)
329 {
330 if (!modes[type])
331 {
332 errstr = "not locked";
333 goto err;
334 }
335
336 if (modes[type] != rw)
337 {
338 errstr = (rw == CRYPTO_READ) ?
339 "CRYPTO_r_unlock on write lock" :
340 "CRYPTO_w_unlock on read lock";
341 }
342
343 modes[type] = 0;
344 }
345 else
346 {
347 errstr = "invalid mode";
348 goto err;
349 }
350
351 err:
352 if (errstr)
353 {
354 /* we cannot use bio_err here */
355 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
356 errstr, mode, type, file, line);
357 }
358 }
359
360int main(int argc, char *argv[])
361 {
362 char *CApath=NULL,*CAfile=NULL;
363 int badop=0;
364 int bio_pair=0;
365 int force=0;
366 int tls1=0,ssl2=0,ssl3=0,ret=1;
367 int client_auth=0;
368 int server_auth=0,i;
369 struct app_verify_arg app_verify_arg =
370 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
371 char *server_cert=TEST_SERVER_CERT;
372 char *server_key=NULL;
373 char *client_cert=TEST_CLIENT_CERT;
374 char *client_key=NULL;
375 SSL_CTX *s_ctx=NULL;
376 SSL_CTX *c_ctx=NULL;
377 SSL_METHOD *meth=NULL;
378 SSL *c_ssl,*s_ssl;
379 int number=1,reuse=0;
380 long bytes=1L;
381#ifndef OPENSSL_NO_DH
382 DH *dh;
383 int dhe1024 = 0, dhe1024dsa = 0;
384#endif
385 int no_dhe = 0;
386 int print_time = 0;
387 clock_t s_time = 0, c_time = 0;
388 int comp = 0;
389 COMP_METHOD *cm = NULL;
390#ifdef OPENSSL_FIPS
391 int fips_mode=0;
392 const char *path=argv[0];
393#endif
394
395 verbose = 0;
396 debug = 0;
397 cipher = 0;
398
399 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
400
401 CRYPTO_set_locking_callback(lock_dbg_cb);
402
403 /* enable memory leak checking unless explicitly disabled */
404 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
405 {
406 CRYPTO_malloc_debug_init();
407 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
408 }
409 else
410 {
411 /* OPENSSL_DEBUG_MEMORY=off */
412 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
413 }
414 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
415
416 RAND_seed(rnd_seed, sizeof rnd_seed);
417
418 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
419
420 argc--;
421 argv++;
422
423 while (argc >= 1)
424 {
425 if(!strcmp(*argv,"-F"))
426 {
427#ifdef OPENSSL_FIPS
428 fips_mode=1;
429#else
430 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
431 EXIT(0);
432#endif
433 }
434 else if (strcmp(*argv,"-server_auth") == 0)
435 server_auth=1;
436 else if (strcmp(*argv,"-client_auth") == 0)
437 client_auth=1;
438 else if (strcmp(*argv,"-proxy_auth") == 0)
439 {
440 if (--argc < 1) goto bad;
441 app_verify_arg.proxy_auth= *(++argv);
442 }
443 else if (strcmp(*argv,"-proxy_cond") == 0)
444 {
445 if (--argc < 1) goto bad;
446 app_verify_arg.proxy_cond= *(++argv);
447 }
448 else if (strcmp(*argv,"-v") == 0)
449 verbose=1;
450 else if (strcmp(*argv,"-d") == 0)
451 debug=1;
452 else if (strcmp(*argv,"-reuse") == 0)
453 reuse=1;
454 else if (strcmp(*argv,"-dhe1024") == 0)
455 {
456#ifndef OPENSSL_NO_DH
457 dhe1024=1;
458#else
459 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
460#endif
461 }
462 else if (strcmp(*argv,"-dhe1024dsa") == 0)
463 {
464#ifndef OPENSSL_NO_DH
465 dhe1024dsa=1;
466#else
467 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
468#endif
469 }
470 else if (strcmp(*argv,"-no_dhe") == 0)
471 no_dhe=1;
472 else if (strcmp(*argv,"-ssl2") == 0)
473 ssl2=1;
474 else if (strcmp(*argv,"-tls1") == 0)
475 tls1=1;
476 else if (strcmp(*argv,"-ssl3") == 0)
477 ssl3=1;
478 else if (strncmp(*argv,"-num",4) == 0)
479 {
480 if (--argc < 1) goto bad;
481 number= atoi(*(++argv));
482 if (number == 0) number=1;
483 }
484 else if (strcmp(*argv,"-bytes") == 0)
485 {
486 if (--argc < 1) goto bad;
487 bytes= atol(*(++argv));
488 if (bytes == 0L) bytes=1L;
489 i=strlen(argv[0]);
490 if (argv[0][i-1] == 'k') bytes*=1024L;
491 if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
492 }
493 else if (strcmp(*argv,"-cert") == 0)
494 {
495 if (--argc < 1) goto bad;
496 server_cert= *(++argv);
497 }
498 else if (strcmp(*argv,"-s_cert") == 0)
499 {
500 if (--argc < 1) goto bad;
501 server_cert= *(++argv);
502 }
503 else if (strcmp(*argv,"-key") == 0)
504 {
505 if (--argc < 1) goto bad;
506 server_key= *(++argv);
507 }
508 else if (strcmp(*argv,"-s_key") == 0)
509 {
510 if (--argc < 1) goto bad;
511 server_key= *(++argv);
512 }
513 else if (strcmp(*argv,"-c_cert") == 0)
514 {
515 if (--argc < 1) goto bad;
516 client_cert= *(++argv);
517 }
518 else if (strcmp(*argv,"-c_key") == 0)
519 {
520 if (--argc < 1) goto bad;
521 client_key= *(++argv);
522 }
523 else if (strcmp(*argv,"-cipher") == 0)
524 {
525 if (--argc < 1) goto bad;
526 cipher= *(++argv);
527 }
528 else if (strcmp(*argv,"-CApath") == 0)
529 {
530 if (--argc < 1) goto bad;
531 CApath= *(++argv);
532 }
533 else if (strcmp(*argv,"-CAfile") == 0)
534 {
535 if (--argc < 1) goto bad;
536 CAfile= *(++argv);
537 }
538 else if (strcmp(*argv,"-bio_pair") == 0)
539 {
540 bio_pair = 1;
541 }
542 else if (strcmp(*argv,"-f") == 0)
543 {
544 force = 1;
545 }
546 else if (strcmp(*argv,"-time") == 0)
547 {
548 print_time = 1;
549 }
550 else if (strcmp(*argv,"-zlib") == 0)
551 {
552 comp = COMP_ZLIB;
553 }
554 else if (strcmp(*argv,"-rle") == 0)
555 {
556 comp = COMP_RLE;
557 }
558 else if (strcmp(*argv,"-app_verify") == 0)
559 {
560 app_verify_arg.app_verify = 1;
561 }
562 else if (strcmp(*argv,"-proxy") == 0)
563 {
564 app_verify_arg.allow_proxy_certs = 1;
565 }
566 else
567 {
568 fprintf(stderr,"unknown option %s\n",*argv);
569 badop=1;
570 break;
571 }
572 argc--;
573 argv++;
574 }
575 if (badop)
576 {
577bad:
578 sv_usage();
579 goto end;
580 }
581
582
583 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
584 {
585 fprintf(stderr, "This case cannot work. Use -f to perform "
586 "the test anyway (and\n-d to see what happens), "
587 "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
588 "to avoid protocol mismatch.\n");
589 EXIT(1);
590 }
591
592#ifdef OPENSSL_FIPS
593 if(fips_mode)
594 {
595 if(!FIPS_mode_set(1,path))
596 {
597 ERR_load_crypto_strings();
598 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
599 EXIT(1);
600 }
601 else
602 fprintf(stderr,"*** IN FIPS MODE ***\n");
603 }
604#endif
605
606 if (print_time)
607 {
608 if (!bio_pair)
609 {
610 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
611 bio_pair = 1;
612 }
613 if (number < 50 && !force)
614 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
615 }
616
617/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
618
619 SSL_library_init();
620 SSL_load_error_strings();
621
622 if (comp == COMP_ZLIB) cm = COMP_zlib();
623 if (comp == COMP_RLE) cm = COMP_rle();
624 if (cm != NULL)
625 {
626 if (cm->type != NID_undef)
627 {
628 if (SSL_COMP_add_compression_method(comp, cm) != 0)
629 {
630 fprintf(stderr,
631 "Failed to add compression method\n");
632 ERR_print_errors_fp(stderr);
633 }
634 }
635 else
636 {
637 fprintf(stderr,
638 "Warning: %s compression not supported\n",
639 (comp == COMP_RLE ? "rle" :
640 (comp == COMP_ZLIB ? "zlib" :
641 "unknown")));
642 ERR_print_errors_fp(stderr);
643 }
644 }
645
646#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
647 if (ssl2)
648 meth=SSLv2_method();
649 else
650 if (tls1)
651 meth=TLSv1_method();
652 else
653 if (ssl3)
654 meth=SSLv3_method();
655 else
656 meth=SSLv23_method();
657#else
658#ifdef OPENSSL_NO_SSL2
659 meth=SSLv3_method();
660#else
661 meth=SSLv2_method();
662#endif
663#endif
664
665 c_ctx=SSL_CTX_new(meth);
666 s_ctx=SSL_CTX_new(meth);
667 if ((c_ctx == NULL) || (s_ctx == NULL))
668 {
669 ERR_print_errors(bio_err);
670 goto end;
671 }
672
673 if (cipher != NULL)
674 {
675 SSL_CTX_set_cipher_list(c_ctx,cipher);
676 SSL_CTX_set_cipher_list(s_ctx,cipher);
677 }
678
679#ifndef OPENSSL_NO_DH
680 if (!no_dhe)
681 {
682 if (dhe1024dsa)
683 {
684 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
685 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
686 dh=get_dh1024dsa();
687 }
688 else if (dhe1024)
689 dh=get_dh1024();
690 else
691 dh=get_dh512();
692 SSL_CTX_set_tmp_dh(s_ctx,dh);
693 DH_free(dh);
694 }
695#else
696 (void)no_dhe;
697#endif
698
699#ifndef OPENSSL_NO_RSA
700 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
701#endif
702
703 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
704 {
705 ERR_print_errors(bio_err);
706 }
707 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
708 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
709 {
710 ERR_print_errors(bio_err);
711 goto end;
712 }
713
714 if (client_auth)
715 {
716 SSL_CTX_use_certificate_file(c_ctx,client_cert,
717 SSL_FILETYPE_PEM);
718 SSL_CTX_use_PrivateKey_file(c_ctx,
719 (client_key?client_key:client_cert),
720 SSL_FILETYPE_PEM);
721 }
722
723 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
724 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
725 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
726 (!SSL_CTX_set_default_verify_paths(c_ctx)))
727 {
728 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
729 ERR_print_errors(bio_err);
730 /* goto end; */
731 }
732
733 if (client_auth)
734 {
735 BIO_printf(bio_err,"client authentication\n");
736 SSL_CTX_set_verify(s_ctx,
737 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
738 verify_callback);
739 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
740 }
741 if (server_auth)
742 {
743 BIO_printf(bio_err,"server authentication\n");
744 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
745 verify_callback);
746 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
747 }
748
749 {
750 int session_id_context = 0;
751 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
752 }
753
754 c_ssl=SSL_new(c_ctx);
755 s_ssl=SSL_new(s_ctx);
756
757#ifndef OPENSSL_NO_KRB5
758 if (c_ssl && c_ssl->kssl_ctx)
759 {
760 char localhost[MAXHOSTNAMELEN+2];
761
762 if (gethostname(localhost, sizeof localhost-1) == 0)
763 {
764 localhost[sizeof localhost-1]='\0';
765 if(strlen(localhost) == sizeof localhost-1)
766 {
767 BIO_printf(bio_err,"localhost name too long\n");
768 goto end;
769 }
770 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
771 localhost);
772 }
773 }
774#endif /* OPENSSL_NO_KRB5 */
775
776 for (i=0; i<number; i++)
777 {
778 if (!reuse) SSL_set_session(c_ssl,NULL);
779 if (bio_pair)
780 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
781 else
782 ret=doit(s_ssl,c_ssl,bytes);
783 }
784
785 if (!verbose)
786 {
787 print_details(c_ssl, "");
788 }
789 if ((number > 1) || (bytes > 1L))
790 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
791 if (print_time)
792 {
793#ifdef CLOCKS_PER_SEC
794 /* "To determine the time in seconds, the value returned
795 * by the clock function should be divided by the value
796 * of the macro CLOCKS_PER_SEC."
797 * -- ISO/IEC 9899 */
798 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
799 "Approximate total client time: %6.2f s\n",
800 (double)s_time/CLOCKS_PER_SEC,
801 (double)c_time/CLOCKS_PER_SEC);
802#else
803 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
804 * -- cc on NeXTstep/OpenStep */
805 BIO_printf(bio_stdout,
806 "Approximate total server time: %6.2f units\n"
807 "Approximate total client time: %6.2f units\n",
808 (double)s_time,
809 (double)c_time);
810#endif
811 }
812
813 SSL_free(s_ssl);
814 SSL_free(c_ssl);
815
816end:
817 if (s_ctx != NULL) SSL_CTX_free(s_ctx);
818 if (c_ctx != NULL) SSL_CTX_free(c_ctx);
819
820 if (bio_stdout != NULL) BIO_free(bio_stdout);
821
822#ifndef OPENSSL_NO_RSA
823 free_tmp_rsa();
824#endif
825#ifndef OPENSSL_NO_ENGINE
826 ENGINE_cleanup();
827#endif
828 CRYPTO_cleanup_all_ex_data();
829 ERR_free_strings();
830 ERR_remove_state(0);
831 EVP_cleanup();
832 CRYPTO_mem_leaks(bio_err);
833 if (bio_err != NULL) BIO_free(bio_err);
834 EXIT(ret);
835 }
836
837int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
838 clock_t *s_time, clock_t *c_time)
839 {
840 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
841 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
842 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
843 int ret = 1;
844
845 size_t bufsiz = 256; /* small buffer for testing */
846
847 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
848 goto err;
849 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
850 goto err;
851
852 s_ssl_bio = BIO_new(BIO_f_ssl());
853 if (!s_ssl_bio)
854 goto err;
855
856 c_ssl_bio = BIO_new(BIO_f_ssl());
857 if (!c_ssl_bio)
858 goto err;
859
860 SSL_set_connect_state(c_ssl);
861 SSL_set_bio(c_ssl, client, client);
862 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
863
864 SSL_set_accept_state(s_ssl);
865 SSL_set_bio(s_ssl, server, server);
866 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
867
868 do
869 {
870 /* c_ssl_bio: SSL filter BIO
871 *
872 * client: pseudo-I/O for SSL library
873 *
874 * client_io: client's SSL communication; usually to be
875 * relayed over some I/O facility, but in this
876 * test program, we're the server, too:
877 *
878 * server_io: server's SSL communication
879 *
880 * server: pseudo-I/O for SSL library
881 *
882 * s_ssl_bio: SSL filter BIO
883 *
884 * The client and the server each employ a "BIO pair":
885 * client + client_io, server + server_io.
886 * BIO pairs are symmetric. A BIO pair behaves similar
887 * to a non-blocking socketpair (but both endpoints must
888 * be handled by the same thread).
889 * [Here we could connect client and server to the ends
890 * of a single BIO pair, but then this code would be less
891 * suitable as an example for BIO pairs in general.]
892 *
893 * Useful functions for querying the state of BIO pair endpoints:
894 *
895 * BIO_ctrl_pending(bio) number of bytes we can read now
896 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
897 * other side's read attempt
898 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
899 *
900 * ..._read_request is never more than ..._write_guarantee;
901 * it depends on the application which one you should use.
902 */
903
904 /* We have non-blocking behaviour throughout this test program, but
905 * can be sure that there is *some* progress in each iteration; so
906 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
907 * -- we just try everything in each iteration
908 */
909
910 {
911 /* CLIENT */
912
913 MS_STATIC char cbuf[1024*8];
914 int i, r;
915 clock_t c_clock = clock();
916
917 memset(cbuf, 0, sizeof(cbuf));
918
919 if (debug)
920 if (SSL_in_init(c_ssl))
921 printf("client waiting in SSL_connect - %s\n",
922 SSL_state_string_long(c_ssl));
923
924 if (cw_num > 0)
925 {
926 /* Write to server. */
927
928 if (cw_num > (long)sizeof cbuf)
929 i = sizeof cbuf;
930 else
931 i = (int)cw_num;
932 r = BIO_write(c_ssl_bio, cbuf, i);
933 if (r < 0)
934 {
935 if (!BIO_should_retry(c_ssl_bio))
936 {
937 fprintf(stderr,"ERROR in CLIENT\n");
938 goto err;
939 }
940 /* BIO_should_retry(...) can just be ignored here.
941 * The library expects us to call BIO_write with
942 * the same arguments again, and that's what we will
943 * do in the next iteration. */
944 }
945 else if (r == 0)
946 {
947 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
948 goto err;
949 }
950 else
951 {
952 if (debug)
953 printf("client wrote %d\n", r);
954 cw_num -= r;
955 }
956 }
957
958 if (cr_num > 0)
959 {
960 /* Read from server. */
961
962 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
963 if (r < 0)
964 {
965 if (!BIO_should_retry(c_ssl_bio))
966 {
967 fprintf(stderr,"ERROR in CLIENT\n");
968 goto err;
969 }
970 /* Again, "BIO_should_retry" can be ignored. */
971 }
972 else if (r == 0)
973 {
974 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
975 goto err;
976 }
977 else
978 {
979 if (debug)
980 printf("client read %d\n", r);
981 cr_num -= r;
982 }
983 }
984
985 /* c_time and s_time increments will typically be very small
986 * (depending on machine speed and clock tick intervals),
987 * but sampling over a large number of connections should
988 * result in fairly accurate figures. We cannot guarantee
989 * a lot, however -- if each connection lasts for exactly
990 * one clock tick, it will be counted only for the client
991 * or only for the server or even not at all.
992 */
993 *c_time += (clock() - c_clock);
994 }
995
996 {
997 /* SERVER */
998
999 MS_STATIC char sbuf[1024*8];
1000 int i, r;
1001 clock_t s_clock = clock();
1002
1003 memset(sbuf, 0, sizeof(sbuf));
1004
1005 if (debug)
1006 if (SSL_in_init(s_ssl))
1007 printf("server waiting in SSL_accept - %s\n",
1008 SSL_state_string_long(s_ssl));
1009
1010 if (sw_num > 0)
1011 {
1012 /* Write to client. */
1013
1014 if (sw_num > (long)sizeof sbuf)
1015 i = sizeof sbuf;
1016 else
1017 i = (int)sw_num;
1018 r = BIO_write(s_ssl_bio, sbuf, i);
1019 if (r < 0)
1020 {
1021 if (!BIO_should_retry(s_ssl_bio))
1022 {
1023 fprintf(stderr,"ERROR in SERVER\n");
1024 goto err;
1025 }
1026 /* Ignore "BIO_should_retry". */
1027 }
1028 else if (r == 0)
1029 {
1030 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
1031 goto err;
1032 }
1033 else
1034 {
1035 if (debug)
1036 printf("server wrote %d\n", r);
1037 sw_num -= r;
1038 }
1039 }
1040
1041 if (sr_num > 0)
1042 {
1043 /* Read from client. */
1044
1045 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
1046 if (r < 0)
1047 {
1048 if (!BIO_should_retry(s_ssl_bio))
1049 {
1050 fprintf(stderr,"ERROR in SERVER\n");
1051 goto err;
1052 }
1053 /* blah, blah */
1054 }
1055 else if (r == 0)
1056 {
1057 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
1058 goto err;
1059 }
1060 else
1061 {
1062 if (debug)
1063 printf("server read %d\n", r);
1064 sr_num -= r;
1065 }
1066 }
1067
1068 *s_time += (clock() - s_clock);
1069 }
1070
1071 {
1072 /* "I/O" BETWEEN CLIENT AND SERVER. */
1073
1074 size_t r1, r2;
1075 BIO *io1 = server_io, *io2 = client_io;
1076 /* we use the non-copying interface for io1
1077 * and the standard BIO_write/BIO_read interface for io2
1078 */
1079
1080 static int prev_progress = 1;
1081 int progress = 0;
1082
1083 /* io1 to io2 */
1084 do
1085 {
1086 size_t num;
1087 int r;
1088
1089 r1 = BIO_ctrl_pending(io1);
1090 r2 = BIO_ctrl_get_write_guarantee(io2);
1091
1092 num = r1;
1093 if (r2 < num)
1094 num = r2;
1095 if (num)
1096 {
1097 char *dataptr;
1098
1099 if (INT_MAX < num) /* yeah, right */
1100 num = INT_MAX;
1101
1102 r = BIO_nread(io1, &dataptr, (int)num);
1103 assert(r > 0);
1104 assert(r <= (int)num);
1105 /* possibly r < num (non-contiguous data) */
1106 num = r;
1107 r = BIO_write(io2, dataptr, (int)num);
1108 if (r != (int)num) /* can't happen */
1109 {
1110 fprintf(stderr, "ERROR: BIO_write could not write "
1111 "BIO_ctrl_get_write_guarantee() bytes");
1112 goto err;
1113 }
1114 progress = 1;
1115
1116 if (debug)
1117 printf((io1 == client_io) ?
1118 "C->S relaying: %d bytes\n" :
1119 "S->C relaying: %d bytes\n",
1120 (int)num);
1121 }
1122 }
1123 while (r1 && r2);
1124
1125 /* io2 to io1 */
1126 {
1127 size_t num;
1128 int r;
1129
1130 r1 = BIO_ctrl_pending(io2);
1131 r2 = BIO_ctrl_get_read_request(io1);
1132 /* here we could use ..._get_write_guarantee instead of
1133 * ..._get_read_request, but by using the latter
1134 * we test restartability of the SSL implementation
1135 * more thoroughly */
1136 num = r1;
1137 if (r2 < num)
1138 num = r2;
1139 if (num)
1140 {
1141 char *dataptr;
1142
1143 if (INT_MAX < num)
1144 num = INT_MAX;
1145
1146 if (num > 1)
1147 --num; /* test restartability even more thoroughly */
1148
1149 r = BIO_nwrite0(io1, &dataptr);
1150 assert(r > 0);
1151 if (r < (int)num)
1152 num = r;
1153 r = BIO_read(io2, dataptr, (int)num);
1154 if (r != (int)num) /* can't happen */
1155 {
1156 fprintf(stderr, "ERROR: BIO_read could not read "
1157 "BIO_ctrl_pending() bytes");
1158 goto err;
1159 }
1160 progress = 1;
1161 r = BIO_nwrite(io1, &dataptr, (int)num);
1162 if (r != (int)num) /* can't happen */
1163 {
1164 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1165 "BIO_nwrite0() bytes");
1166 goto err;
1167 }
1168
1169 if (debug)
1170 printf((io2 == client_io) ?
1171 "C->S relaying: %d bytes\n" :
1172 "S->C relaying: %d bytes\n",
1173 (int)num);
1174 }
1175 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1176
1177 if (!progress && !prev_progress)
1178 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
1179 {
1180 fprintf(stderr, "ERROR: got stuck\n");
1181 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
1182 {
1183 fprintf(stderr, "This can happen for SSL2 because "
1184 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
1185 "concurrently ...");
1186 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
1187 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
1188 {
1189 fprintf(stderr, " ok.\n");
1190 goto end;
1191 }
1192 }
1193 fprintf(stderr, " ERROR.\n");
1194 goto err;
1195 }
1196 prev_progress = progress;
1197 }
1198 }
1199 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1200
1201 if (verbose)
1202 print_details(c_ssl, "DONE via BIO pair: ");
1203end:
1204 ret = 0;
1205
1206 err:
1207 ERR_print_errors(bio_err);
1208
1209 if (server)
1210 BIO_free(server);
1211 if (server_io)
1212 BIO_free(server_io);
1213 if (client)
1214 BIO_free(client);
1215 if (client_io)
1216 BIO_free(client_io);
1217 if (s_ssl_bio)
1218 BIO_free(s_ssl_bio);
1219 if (c_ssl_bio)
1220 BIO_free(c_ssl_bio);
1221
1222 return ret;
1223 }
1224
1225
1226#define W_READ 1
1227#define W_WRITE 2
1228#define C_DONE 1
1229#define S_DONE 2
1230
1231int doit(SSL *s_ssl, SSL *c_ssl, long count)
1232 {
1233 MS_STATIC char cbuf[1024*8],sbuf[1024*8];
1234 long cw_num=count,cr_num=count;
1235 long sw_num=count,sr_num=count;
1236 int ret=1;
1237 BIO *c_to_s=NULL;
1238 BIO *s_to_c=NULL;
1239 BIO *c_bio=NULL;
1240 BIO *s_bio=NULL;
1241 int c_r,c_w,s_r,s_w;
1242 int c_want,s_want;
1243 int i,j;
1244 int done=0;
1245 int c_write,s_write;
1246 int do_server=0,do_client=0;
1247
1248 memset(cbuf,0,sizeof(cbuf));
1249 memset(sbuf,0,sizeof(sbuf));
1250
1251 c_to_s=BIO_new(BIO_s_mem());
1252 s_to_c=BIO_new(BIO_s_mem());
1253 if ((s_to_c == NULL) || (c_to_s == NULL))
1254 {
1255 ERR_print_errors(bio_err);
1256 goto err;
1257 }
1258
1259 c_bio=BIO_new(BIO_f_ssl());
1260 s_bio=BIO_new(BIO_f_ssl());
1261 if ((c_bio == NULL) || (s_bio == NULL))
1262 {
1263 ERR_print_errors(bio_err);
1264 goto err;
1265 }
1266
1267 SSL_set_connect_state(c_ssl);
1268 SSL_set_bio(c_ssl,s_to_c,c_to_s);
1269 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
1270
1271 SSL_set_accept_state(s_ssl);
1272 SSL_set_bio(s_ssl,c_to_s,s_to_c);
1273 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
1274
1275 c_r=0; s_r=1;
1276 c_w=1; s_w=0;
1277 c_want=W_WRITE;
1278 s_want=0;
1279 c_write=1,s_write=0;
1280
1281 /* We can always do writes */
1282 for (;;)
1283 {
1284 do_server=0;
1285 do_client=0;
1286
1287 i=(int)BIO_pending(s_bio);
1288 if ((i && s_r) || s_w) do_server=1;
1289
1290 i=(int)BIO_pending(c_bio);
1291 if ((i && c_r) || c_w) do_client=1;
1292
1293 if (do_server && debug)
1294 {
1295 if (SSL_in_init(s_ssl))
1296 printf("server waiting in SSL_accept - %s\n",
1297 SSL_state_string_long(s_ssl));
1298/* else if (s_write)
1299 printf("server:SSL_write()\n");
1300 else
1301 printf("server:SSL_read()\n"); */
1302 }
1303
1304 if (do_client && debug)
1305 {
1306 if (SSL_in_init(c_ssl))
1307 printf("client waiting in SSL_connect - %s\n",
1308 SSL_state_string_long(c_ssl));
1309/* else if (c_write)
1310 printf("client:SSL_write()\n");
1311 else
1312 printf("client:SSL_read()\n"); */
1313 }
1314
1315 if (!do_client && !do_server)
1316 {
1317 fprintf(stdout,"ERROR IN STARTUP\n");
1318 ERR_print_errors(bio_err);
1319 break;
1320 }
1321 if (do_client && !(done & C_DONE))
1322 {
1323 if (c_write)
1324 {
1325 j=(cw_num > (long)sizeof(cbuf))
1326 ?sizeof(cbuf):(int)cw_num;
1327 i=BIO_write(c_bio,cbuf,j);
1328 if (i < 0)
1329 {
1330 c_r=0;
1331 c_w=0;
1332 if (BIO_should_retry(c_bio))
1333 {
1334 if (BIO_should_read(c_bio))
1335 c_r=1;
1336 if (BIO_should_write(c_bio))
1337 c_w=1;
1338 }
1339 else
1340 {
1341 fprintf(stderr,"ERROR in CLIENT\n");
1342 ERR_print_errors(bio_err);
1343 goto err;
1344 }
1345 }
1346 else if (i == 0)
1347 {
1348 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1349 goto err;
1350 }
1351 else
1352 {
1353 if (debug)
1354 printf("client wrote %d\n",i);
1355 /* ok */
1356 s_r=1;
1357 c_write=0;
1358 cw_num-=i;
1359 }
1360 }
1361 else
1362 {
1363 i=BIO_read(c_bio,cbuf,sizeof(cbuf));
1364 if (i < 0)
1365 {
1366 c_r=0;
1367 c_w=0;
1368 if (BIO_should_retry(c_bio))
1369 {
1370 if (BIO_should_read(c_bio))
1371 c_r=1;
1372 if (BIO_should_write(c_bio))
1373 c_w=1;
1374 }
1375 else
1376 {
1377 fprintf(stderr,"ERROR in CLIENT\n");
1378 ERR_print_errors(bio_err);
1379 goto err;
1380 }
1381 }
1382 else if (i == 0)
1383 {
1384 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1385 goto err;
1386 }
1387 else
1388 {
1389 if (debug)
1390 printf("client read %d\n",i);
1391 cr_num-=i;
1392 if (sw_num > 0)
1393 {
1394 s_write=1;
1395 s_w=1;
1396 }
1397 if (cr_num <= 0)
1398 {
1399 s_write=1;
1400 s_w=1;
1401 done=S_DONE|C_DONE;
1402 }
1403 }
1404 }
1405 }
1406
1407 if (do_server && !(done & S_DONE))
1408 {
1409 if (!s_write)
1410 {
1411 i=BIO_read(s_bio,sbuf,sizeof(cbuf));
1412 if (i < 0)
1413 {
1414 s_r=0;
1415 s_w=0;
1416 if (BIO_should_retry(s_bio))
1417 {
1418 if (BIO_should_read(s_bio))
1419 s_r=1;
1420 if (BIO_should_write(s_bio))
1421 s_w=1;
1422 }
1423 else
1424 {
1425 fprintf(stderr,"ERROR in SERVER\n");
1426 ERR_print_errors(bio_err);
1427 goto err;
1428 }
1429 }
1430 else if (i == 0)
1431 {
1432 ERR_print_errors(bio_err);
1433 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
1434 goto err;
1435 }
1436 else
1437 {
1438 if (debug)
1439 printf("server read %d\n",i);
1440 sr_num-=i;
1441 if (cw_num > 0)
1442 {
1443 c_write=1;
1444 c_w=1;
1445 }
1446 if (sr_num <= 0)
1447 {
1448 s_write=1;
1449 s_w=1;
1450 c_write=0;
1451 }
1452 }
1453 }
1454 else
1455 {
1456 j=(sw_num > (long)sizeof(sbuf))?
1457 sizeof(sbuf):(int)sw_num;
1458 i=BIO_write(s_bio,sbuf,j);
1459 if (i < 0)
1460 {
1461 s_r=0;
1462 s_w=0;
1463 if (BIO_should_retry(s_bio))
1464 {
1465 if (BIO_should_read(s_bio))
1466 s_r=1;
1467 if (BIO_should_write(s_bio))
1468 s_w=1;
1469 }
1470 else
1471 {
1472 fprintf(stderr,"ERROR in SERVER\n");
1473 ERR_print_errors(bio_err);
1474 goto err;
1475 }
1476 }
1477 else if (i == 0)
1478 {
1479 ERR_print_errors(bio_err);
1480 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
1481 goto err;
1482 }
1483 else
1484 {
1485 if (debug)
1486 printf("server wrote %d\n",i);
1487 sw_num-=i;
1488 s_write=0;
1489 c_r=1;
1490 if (sw_num <= 0)
1491 done|=S_DONE;
1492 }
1493 }
1494 }
1495
1496 if ((done & S_DONE) && (done & C_DONE)) break;
1497 }
1498
1499 if (verbose)
1500 print_details(c_ssl, "DONE: ");
1501 ret=0;
1502err:
1503 /* We have to set the BIO's to NULL otherwise they will be
1504 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
1505 * again when c_ssl is SSL_free()ed.
1506 * This is a hack required because s_ssl and c_ssl are sharing the same
1507 * BIO structure and SSL_set_bio() and SSL_free() automatically
1508 * BIO_free non NULL entries.
1509 * You should not normally do this or be required to do this */
1510 if (s_ssl != NULL)
1511 {
1512 s_ssl->rbio=NULL;
1513 s_ssl->wbio=NULL;
1514 }
1515 if (c_ssl != NULL)
1516 {
1517 c_ssl->rbio=NULL;
1518 c_ssl->wbio=NULL;
1519 }
1520
1521 if (c_to_s != NULL) BIO_free(c_to_s);
1522 if (s_to_c != NULL) BIO_free(s_to_c);
1523 if (c_bio != NULL) BIO_free_all(c_bio);
1524 if (s_bio != NULL) BIO_free_all(s_bio);
1525 return(ret);
1526 }
1527
1528static int get_proxy_auth_ex_data_idx(void)
1529 {
1530 static volatile int idx = -1;
1531 if (idx < 0)
1532 {
1533 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1534 if (idx < 0)
1535 {
1536 idx = X509_STORE_CTX_get_ex_new_index(0,
1537 "SSLtest for verify callback", NULL,NULL,NULL);
1538 }
1539 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1540 }
1541 return idx;
1542 }
1543
1544static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1545 {
1546 char *s,buf[256];
1547
1548 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
1549 sizeof buf);
1550 if (s != NULL)
1551 {
1552 if (ok)
1553 fprintf(stderr,"depth=%d %s\n",
1554 ctx->error_depth,buf);
1555 else
1556 {
1557 fprintf(stderr,"depth=%d error=%d %s\n",
1558 ctx->error_depth,ctx->error,buf);
1559 }
1560 }
1561
1562 if (ok == 0)
1563 {
1564 fprintf(stderr,"Error string: %s\n",
1565 X509_verify_cert_error_string(ctx->error));
1566 switch (ctx->error)
1567 {
1568 case X509_V_ERR_CERT_NOT_YET_VALID:
1569 case X509_V_ERR_CERT_HAS_EXPIRED:
1570 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1571 fprintf(stderr," ... ignored.\n");
1572 ok=1;
1573 }
1574 }
1575
1576 if (ok == 1)
1577 {
1578 X509 *xs = ctx->current_cert;
1579#if 0
1580 X509 *xi = ctx->current_issuer;
1581#endif
1582
1583 if (xs->ex_flags & EXFLAG_PROXY)
1584 {
1585 unsigned int *letters =
1586 X509_STORE_CTX_get_ex_data(ctx,
1587 get_proxy_auth_ex_data_idx());
1588
1589 if (letters)
1590 {
1591 int found_any = 0;
1592 int i;
1593 PROXY_CERT_INFO_EXTENSION *pci =
1594 X509_get_ext_d2i(xs, NID_proxyCertInfo,
1595 NULL, NULL);
1596
1597 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
1598 {
1599 case NID_Independent:
1600 /* Completely meaningless in this
1601 program, as there's no way to
1602 grant explicit rights to a
1603 specific PrC. Basically, using
1604 id-ppl-Independent is the perfect
1605 way to grant no rights at all. */
1606 fprintf(stderr, " Independent proxy certificate");
1607 for (i = 0; i < 26; i++)
1608 letters[i] = 0;
1609 break;
1610 case NID_id_ppl_inheritAll:
1611 /* This is basically a NOP, we
1612 simply let the current rights
1613 stand as they are. */
1614 fprintf(stderr, " Proxy certificate inherits all");
1615 break;
1616 default:
1617 s = (char *)
1618 pci->proxyPolicy->policy->data;
1619 i = pci->proxyPolicy->policy->length;
1620
1621 /* The algorithm works as follows:
1622 it is assumed that previous
1623 iterations or the initial granted
1624 rights has already set some elements
1625 of `letters'. What we need to do is
1626 to clear those that weren't granted
1627 by the current PrC as well. The
1628 easiest way to do this is to add 1
1629 to all the elements whose letters
1630 are given with the current policy.
1631 That way, all elements that are set
1632 by the current policy and were
1633 already set by earlier policies and
1634 through the original grant of rights
1635 will get the value 2 or higher.
1636 The last thing to do is to sweep
1637 through `letters' and keep the
1638 elements having the value 2 as set,
1639 and clear all the others. */
1640
1641 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1642 while(i-- > 0)
1643 {
1644 char c = *s++;
1645 if (isascii(c) && isalpha(c))
1646 {
1647 if (islower(c))
1648 c = toupper(c);
1649 letters[c - 'A']++;
1650 }
1651 }
1652 for (i = 0; i < 26; i++)
1653 if (letters[i] < 2)
1654 letters[i] = 0;
1655 else
1656 letters[i] = 1;
1657 }
1658
1659 found_any = 0;
1660 fprintf(stderr,
1661 ", resulting proxy rights = ");
1662 for(i = 0; i < 26; i++)
1663 if (letters[i])
1664 {
1665 fprintf(stderr, "%c", i + 'A');
1666 found_any = 1;
1667 }
1668 if (!found_any)
1669 fprintf(stderr, "none");
1670 fprintf(stderr, "\n");
1671
1672 PROXY_CERT_INFO_EXTENSION_free(pci);
1673 }
1674 }
1675 }
1676
1677 return(ok);
1678 }
1679
1680static void process_proxy_debug(int indent, const char *format, ...)
1681 {
1682 static const char indentation[] =
1683 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1684 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1685 char my_format[256];
1686 va_list args;
1687
1688 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
1689 indent, indent, indentation, format);
1690
1691 va_start(args, format);
1692 vfprintf(stderr, my_format, args);
1693 va_end(args);
1694 }
1695/* Priority levels:
1696 0 [!]var, ()
1697 1 & ^
1698 2 |
1699*/
1700static int process_proxy_cond_adders(unsigned int letters[26],
1701 const char *cond, const char **cond_end, int *pos, int indent);
1702static int process_proxy_cond_val(unsigned int letters[26],
1703 const char *cond, const char **cond_end, int *pos, int indent)
1704 {
1705 char c;
1706 int ok = 1;
1707 int negate = 0;
1708
1709 while(isspace(*cond))
1710 {
1711 cond++; (*pos)++;
1712 }
1713 c = *cond;
1714
1715 if (debug)
1716 process_proxy_debug(indent,
1717 "Start process_proxy_cond_val at position %d: %s\n",
1718 *pos, cond);
1719
1720 while(c == '!')
1721 {
1722 negate = !negate;
1723 cond++; (*pos)++;
1724 while(isspace(*cond))
1725 {
1726 cond++; (*pos)++;
1727 }
1728 c = *cond;
1729 }
1730
1731 if (c == '(')
1732 {
1733 cond++; (*pos)++;
1734 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
1735 indent + 1);
1736 cond = *cond_end;
1737 if (ok < 0)
1738 goto end;
1739 while(isspace(*cond))
1740 {
1741 cond++; (*pos)++;
1742 }
1743 c = *cond;
1744 if (c != ')')
1745 {
1746 fprintf(stderr,
1747 "Weird condition character in position %d: "
1748 "%c\n", *pos, c);
1749 ok = -1;
1750 goto end;
1751 }
1752 cond++; (*pos)++;
1753 }
1754 else if (isascii(c) && isalpha(c))
1755 {
1756 if (islower(c))
1757 c = toupper(c);
1758 ok = letters[c - 'A'];
1759 cond++; (*pos)++;
1760 }
1761 else
1762 {
1763 fprintf(stderr,
1764 "Weird condition character in position %d: "
1765 "%c\n", *pos, c);
1766 ok = -1;
1767 goto end;
1768 }
1769 end:
1770 *cond_end = cond;
1771 if (ok >= 0 && negate)
1772 ok = !ok;
1773
1774 if (debug)
1775 process_proxy_debug(indent,
1776 "End process_proxy_cond_val at position %d: %s, returning %d\n",
1777 *pos, cond, ok);
1778
1779 return ok;
1780 }
1781static int process_proxy_cond_multipliers(unsigned int letters[26],
1782 const char *cond, const char **cond_end, int *pos, int indent)
1783 {
1784 int ok;
1785 char c;
1786
1787 if (debug)
1788 process_proxy_debug(indent,
1789 "Start process_proxy_cond_multipliers at position %d: %s\n",
1790 *pos, cond);
1791
1792 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
1793 cond = *cond_end;
1794 if (ok < 0)
1795 goto end;
1796
1797 while(ok >= 0)
1798 {
1799 while(isspace(*cond))
1800 {
1801 cond++; (*pos)++;
1802 }
1803 c = *cond;
1804
1805 switch(c)
1806 {
1807 case '&':
1808 case '^':
1809 {
1810 int save_ok = ok;
1811
1812 cond++; (*pos)++;
1813 ok = process_proxy_cond_val(letters,
1814 cond, cond_end, pos, indent + 1);
1815 cond = *cond_end;
1816 if (ok < 0)
1817 break;
1818
1819 switch(c)
1820 {
1821 case '&':
1822 ok &= save_ok;
1823 break;
1824 case '^':
1825 ok ^= save_ok;
1826 break;
1827 default:
1828 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1829 " STOPPING\n");
1830 EXIT(1);
1831 }
1832 }
1833 break;
1834 default:
1835 goto end;
1836 }
1837 }
1838 end:
1839 if (debug)
1840 process_proxy_debug(indent,
1841 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
1842 *pos, cond, ok);
1843
1844 *cond_end = cond;
1845 return ok;
1846 }
1847static int process_proxy_cond_adders(unsigned int letters[26],
1848 const char *cond, const char **cond_end, int *pos, int indent)
1849 {
1850 int ok;
1851 char c;
1852
1853 if (debug)
1854 process_proxy_debug(indent,
1855 "Start process_proxy_cond_adders at position %d: %s\n",
1856 *pos, cond);
1857
1858 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
1859 indent + 1);
1860 cond = *cond_end;
1861 if (ok < 0)
1862 goto end;
1863
1864 while(ok >= 0)
1865 {
1866 while(isspace(*cond))
1867 {
1868 cond++; (*pos)++;
1869 }
1870 c = *cond;
1871
1872 switch(c)
1873 {
1874 case '|':
1875 {
1876 int save_ok = ok;
1877
1878 cond++; (*pos)++;
1879 ok = process_proxy_cond_multipliers(letters,
1880 cond, cond_end, pos, indent + 1);
1881 cond = *cond_end;
1882 if (ok < 0)
1883 break;
1884
1885 switch(c)
1886 {
1887 case '|':
1888 ok |= save_ok;
1889 break;
1890 default:
1891 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1892 " STOPPING\n");
1893 EXIT(1);
1894 }
1895 }
1896 break;
1897 default:
1898 goto end;
1899 }
1900 }
1901 end:
1902 if (debug)
1903 process_proxy_debug(indent,
1904 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
1905 *pos, cond, ok);
1906
1907 *cond_end = cond;
1908 return ok;
1909 }
1910
1911static int process_proxy_cond(unsigned int letters[26],
1912 const char *cond, const char **cond_end)
1913 {
1914 int pos = 1;
1915 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
1916 }
1917
1918static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1919 {
1920 int ok=1;
1921 struct app_verify_arg *cb_arg = arg;
1922 unsigned int letters[26]; /* only used with proxy_auth */
1923
1924 if (cb_arg->app_verify)
1925 {
1926 char *s = NULL,buf[256];
1927
1928 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1929 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1930 fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
1931 (unsigned int)ctx, (unsigned int)ctx->cert);
1932 if (ctx->cert)
1933 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
1934 if (s != NULL)
1935 {
1936 fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
1937 }
1938 return(1);
1939 }
1940 if (cb_arg->proxy_auth)
1941 {
1942 int found_any = 0, i;
1943 char *sp;
1944
1945 for(i = 0; i < 26; i++)
1946 letters[i] = 0;
1947 for(sp = cb_arg->proxy_auth; *sp; sp++)
1948 {
1949 char c = *sp;
1950 if (isascii(c) && isalpha(c))
1951 {
1952 if (islower(c))
1953 c = toupper(c);
1954 letters[c - 'A'] = 1;
1955 }
1956 }
1957
1958 fprintf(stderr,
1959 " Initial proxy rights = ");
1960 for(i = 0; i < 26; i++)
1961 if (letters[i])
1962 {
1963 fprintf(stderr, "%c", i + 'A');
1964 found_any = 1;
1965 }
1966 if (!found_any)
1967 fprintf(stderr, "none");
1968 fprintf(stderr, "\n");
1969
1970 X509_STORE_CTX_set_ex_data(ctx,
1971 get_proxy_auth_ex_data_idx(),letters);
1972 }
1973 if (cb_arg->allow_proxy_certs)
1974 {
1975 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
1976 }
1977
1978#ifndef OPENSSL_NO_X509_VERIFY
1979# ifdef OPENSSL_FIPS
1980 if(s->version == TLS1_VERSION)
1981 FIPS_allow_md5(1);
1982# endif
1983 ok = X509_verify_cert(ctx);
1984# ifdef OPENSSL_FIPS
1985 if(s->version == TLS1_VERSION)
1986 FIPS_allow_md5(0);
1987# endif
1988#endif
1989
1990 if (cb_arg->proxy_auth)
1991 {
1992 if (ok)
1993 {
1994 const char *cond_end = NULL;
1995
1996 ok = process_proxy_cond(letters,
1997 cb_arg->proxy_cond, &cond_end);
1998
1999 if (ok < 0)
2000 EXIT(3);
2001 if (*cond_end)
2002 {
2003 fprintf(stderr, "Stopped processing condition before it's end.\n");
2004 ok = 0;
2005 }
2006 if (!ok)
2007 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
2008 cb_arg->proxy_cond);
2009 else
2010 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
2011 cb_arg->proxy_cond);
2012 }
2013 }
2014 return(ok);
2015 }
2016
2017#ifndef OPENSSL_NO_RSA
2018static RSA *rsa_tmp=NULL;
2019
2020static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2021 {
2022 if (rsa_tmp == NULL)
2023 {
2024 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2025 (void)BIO_flush(bio_err);
2026 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
2027 BIO_printf(bio_err,"\n");
2028 (void)BIO_flush(bio_err);
2029 }
2030 return(rsa_tmp);
2031 }
2032
2033static void free_tmp_rsa(void)
2034 {
2035 if (rsa_tmp != NULL)
2036 {
2037 RSA_free(rsa_tmp);
2038 rsa_tmp = NULL;
2039 }
2040 }
2041#endif
2042
2043#ifndef OPENSSL_NO_DH
2044/* These DH parameters have been generated as follows:
2045 * $ openssl dhparam -C -noout 512
2046 * $ openssl dhparam -C -noout 1024
2047 * $ openssl dhparam -C -noout -dsaparam 1024
2048 * (The third function has been renamed to avoid name conflicts.)
2049 */
2050static DH *get_dh512()
2051 {
2052 static unsigned char dh512_p[]={
2053 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
2054 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
2055 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
2056 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
2057 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
2058 0x02,0xC5,0xAE,0x23,
2059 };
2060 static unsigned char dh512_g[]={
2061 0x02,
2062 };
2063 DH *dh;
2064
2065 if ((dh=DH_new()) == NULL) return(NULL);
2066 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
2067 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
2068 if ((dh->p == NULL) || (dh->g == NULL))
2069 { DH_free(dh); return(NULL); }
2070 return(dh);
2071 }
2072
2073static DH *get_dh1024()
2074 {
2075 static unsigned char dh1024_p[]={
2076 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
2077 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
2078 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
2079 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
2080 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
2081 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
2082 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
2083 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
2084 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
2085 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
2086 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
2087 };
2088 static unsigned char dh1024_g[]={
2089 0x02,
2090 };
2091 DH *dh;
2092
2093 if ((dh=DH_new()) == NULL) return(NULL);
2094 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
2095 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
2096 if ((dh->p == NULL) || (dh->g == NULL))
2097 { DH_free(dh); return(NULL); }
2098 return(dh);
2099 }
2100
2101static DH *get_dh1024dsa()
2102 {
2103 static unsigned char dh1024_p[]={
2104 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
2105 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
2106 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
2107 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
2108 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
2109 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
2110 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
2111 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
2112 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
2113 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
2114 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
2115 };
2116 static unsigned char dh1024_g[]={
2117 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
2118 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
2119 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
2120 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
2121 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
2122 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
2123 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
2124 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
2125 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
2126 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
2127 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
2128 };
2129 DH *dh;
2130
2131 if ((dh=DH_new()) == NULL) return(NULL);
2132 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
2133 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
2134 if ((dh->p == NULL) || (dh->g == NULL))
2135 { DH_free(dh); return(NULL); }
2136 dh->length = 160;
2137 return(dh);
2138 }
2139#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-27 13:44:33 +0000