1 files changed, 138 insertions, 88 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 90570f4bee..d655bbbd84 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -56,11 +56,12 @@
 * [including the GNU Public Licence.]
 */
+#include <assert.h>
+#include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <errno.h>
-#include <limits.h>
 #include "openssl/e_os.h"
@@ -69,14 +70,11 @@
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
 #include <openssl/err.h>
+#include <openssl/rand.h>
 #ifdef WINDOWS
 #include "../crypto/bio/bss_file.c"
 #endif
-#if defined(NO_RSA) && !defined(NO_SSL2)
-#define NO_SSL2
-#endif
 #ifdef VMS
 #  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
 #  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
@@ -85,19 +83,23 @@
 #  define TEST_CLIENT_CERT "../apps/client.pem"
 #endif
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #ifndef NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 #endif
 #ifndef NO_DH
 static DH *get_dh512(void);
 #endif
-BIO *bio_err=NULL;
+#ifndef NO_DSA
-BIO *bio_stdout=NULL;
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+#endif
+static BIO *bio_err=NULL;
+static BIO *bio_stdout=NULL;
 static char *cipher=NULL;
-int verbose=0;
+static int verbose=0;
-int debug=0;
+static int debug=0;
 #if 0
 /* Not used yet. */
 #ifdef FIONBIO
@@ -105,6 +107,7 @@ static int s_nbio=0;
 #endif
 #endif
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes);
 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
@@ -122,6 +125,9 @@ static void sv_usage(void)
 #if !defined NO_DH && !defined NO_DSA
        fprintf(stderr," -dhe1024      - generate 1024 bit key for DHE\n");
 #endif
+#if !defined NO_DH
+        fprintf(stderr," -no_dhe       - disable DHE\n");
+#endif
 #ifndef NO_SSL2
        fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -159,16 +165,21 @@ int main(int argc, char *argv[])
        int number=1,reuse=0;
        long bytes=1L;
        SSL_CIPHER *ciph;
-        int dhe1024 = 0;
+        int dhe1024 = 0, no_dhe = 0;
 #ifndef NO_DH
        DH *dh;
 #endif
+        verbose = 0;
+        debug = 0;
+        cipher = 0;
+        
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        RAND_seed(rnd_seed, sizeof rnd_seed);
        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
        bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
-        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
        argc--;
        argv++;
@@ -186,6 +197,8 @@ int main(int argc, char *argv[])
                        reuse=1;
                else if (strcmp(*argv,"-dhe1024") == 0)
                        dhe1024=1;
+                else if (strcmp(*argv,"-no_dhe") == 0)
+                        no_dhe=1;
                else if (strcmp(*argv,"-ssl2") == 0)
                        ssl2=1;
                else if (strcmp(*argv,"-tls1") == 0)
@@ -311,31 +324,36 @@ bad:
                }
 #ifndef NO_DH
-# ifndef NO_DSA
+        if (!no_dhe)
-        if (dhe1024) 
                {
-                DSA *dsa;
+# ifndef NO_DSA
+                if (dhe1024) 
-                if (verbose)
                        {
-                        fprintf(stdout, "Creating 1024 bit DHE parameters ...");
+                        DSA *dsa;
-                        fflush(stdout);
+                        unsigned char seed[20];
+                        
+                        if (verbose)
+                                {
+                                BIO_printf(bio_err, "Creating 1024 bit DHE parameters\n");
+                                BIO_flush(bio_err);
+                                }
+                        
+                        memcpy(seed, "Random String no. 12", 20);
+                        dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, dsa_cb, bio_err);
+                        dh = DSA_dup_DH(dsa);   
+                        DSA_free(dsa);
+                        /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+                        SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+                        
+                        if (verbose)
+                                fprintf(stdout, " done\n");
                        }
+                else
-                dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
-                dh = DSA_dup_DH(dsa);   
-                DSA_free(dsa);
-                /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
-                SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
-                if (verbose)
-                        fprintf(stdout, " done\n");
-                }
-        else
 # endif
-                dh=get_dh512();
+                        dh=get_dh512();
-        SSL_CTX_set_tmp_dh(s_ctx,dh);
+                SSL_CTX_set_tmp_dh(s_ctx,dh);
-        DH_free(dh);
+                DH_free(dh);
+                }
 #endif
 #ifndef NO_RSA
@@ -373,17 +391,22 @@ bad:
        if (client_auth)
                {
-                fprintf(stderr,"client authentication\n");
+                BIO_printf(bio_err,"client authentication\n");
                SSL_CTX_set_verify(s_ctx,
                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        verify_callback);
                }
        if (server_auth)
                {
-                fprintf(stderr,"server authentication\n");
+                BIO_printf(bio_err,"server authentication\n");
                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
                        verify_callback);
                }
+        
+        {
+                int session_id_context = 0;
+                SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
+        }
        c_ssl=SSL_new(c_ctx);
        s_ssl=SSL_new(s_ctx);
@@ -400,13 +423,13 @@ bad:
        if (!verbose)
                {
                ciph=SSL_get_current_cipher(c_ssl);
-                fprintf(stdout,"Protocol %s, cipher %s, %s\n",
+                BIO_printf(bio_stdout,"Protocol %s, cipher %s, %s\n",
                        SSL_get_version(c_ssl),
                        SSL_CIPHER_get_version(ciph),
                        SSL_CIPHER_get_name(ciph));
                }
        if ((number > 1) || (bytes > 1L))
-                printf("%d handshakes of %ld bytes done\n",number,bytes);
+                BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
        SSL_free(s_ssl);
        SSL_free(c_ssl);
@@ -421,6 +444,7 @@ end:
        ERR_remove_state(0);
        EVP_cleanup();
        CRYPTO_mem_leaks(bio_err);
+        if (bio_err != NULL) BIO_free(bio_err);
        EXIT(ret);
        }
@@ -485,7 +509,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                 * BIO_ctrl_pending(bio)              number of bytes we can read now
                 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
                 *                                      other side's read attempt
-                 * BIO_ctrl_get_write_gurantee(bio)   number of bytes we can write now
+                 * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
                 *
                 * ..._read_request is never more than ..._write_guarantee;
                 * it depends on the application which one you should use.
@@ -517,7 +541,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                                else
                                        i = (int)cw_num;
                                r = BIO_write(c_ssl_bio, cbuf, i);
-                                if (r == -1)
+                                if (r < 0)
                                        {
                                        if (!BIO_should_retry(c_ssl_bio))
                                                {
@@ -590,7 +614,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                                else
                                        i = (int)sw_num;
                                r = BIO_write(s_ssl_bio, sbuf, i);
-                                if (r == -1)
+                                if (r < 0)
                                        {
                                        if (!BIO_should_retry(s_ssl_bio))
                                                {
@@ -643,45 +667,40 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                        {
                        /* "I/O" BETWEEN CLIENT AND SERVER. */
-#define RELAYBUFSIZ 200
-                        static char buf[RELAYBUFSIZ];
-                        /* RELAYBUF is arbitrary.  When writing data over some real
-                         * network, use a buffer of the same size as in the BIO_pipe
-                         * and make that size large (for reading from the network
-                         * small buffers usually won't hurt).
-                         * Here sizes differ for testing. */
                        size_t r1, r2;
-                        size_t num;
+                        BIO *io1 = server_io, *io2 = client_io;
-                        int r;
+                        /* we use the non-copying interface for io1
+                         * and the standard BIO_write/BIO_read interface for io2
+                         */
+                        
                        static int prev_progress = 1;
                        int progress = 0;
                        
-                        /* client to server */
+                        /* io1 to io2 */
                        do
                                {
-                                r1 = BIO_ctrl_pending(client_io);
+                                size_t num;
-                                r2 = BIO_ctrl_get_write_guarantee(server_io);
+                                int r;
+                                r1 = BIO_ctrl_pending(io1);
+                                r2 = BIO_ctrl_get_write_guarantee(io2);
                                num = r1;
                                if (r2 < num)
                                        num = r2;
                                if (num)
                                        {
-                                        if (sizeof buf < num)
+                                        char *dataptr;
-                                                num = sizeof buf;
                                        if (INT_MAX < num) /* yeah, right */
                                                num = INT_MAX;
                                        
-                                        r = BIO_read(client_io, buf, (int)num);
+                                        r = BIO_nread(io1, &dataptr, (int)num);
-                                        if (r != (int)num) /* can't happen */
+                                        assert(r > 0);
-                                                {
+                                        assert(r <= (int)num);
-                                                fprintf(stderr, "ERROR: BIO_read could not read "
+                                        /* possibly r < num (non-contiguous data) */
-                                                        "BIO_ctrl_pending() bytes");
+                                        num = r;
-                                                goto err;
+                                        r = BIO_write(io2, dataptr, (int)num);
-                                                }
-                                        r = BIO_write(server_io, buf, (int)num);
                                        if (r != (int)num) /* can't happen */
                                                {
                                                fprintf(stderr, "ERROR: BIO_write could not write "
@@ -691,48 +710,58 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count)
                                        progress = 1;
                                        if (debug)
-                                                printf("C->S relaying: %d bytes\n", (int)num);
+                                                printf((io1 == client_io) ?
+                                                        "C->S relaying: %d bytes\n" :
+                                                        "S->C relaying: %d bytes\n",
+                                                        (int)num);
                                        }
                                }
                        while (r1 && r2);
-                        /* server to client */
+                        /* io2 to io1 */
-                        do
+                        {
-                                {
+                                size_t num;
-                                r1 = BIO_ctrl_pending(server_io);
+                                int r;
-                                r2 = BIO_ctrl_get_write_guarantee(client_io);
+                                r1 = BIO_ctrl_pending(io2);
+                                r2 = BIO_ctrl_get_read_request(io1);
+                                /* here we could use ..._get_write_guarantee instead of
+                                 * ..._get_read_request, but by using the latter
+                                 * we test restartability of the SSL implementation
+                                 * more thoroughly */
                                num = r1;
                                if (r2 < num)
                                        num = r2;
                                if (num)
                                        {
-                                        if (sizeof buf < num)
+                                        char *dataptr;
-                                                num = sizeof buf;
+                                        
                                        if (INT_MAX < num)
                                                num = INT_MAX;
+                                        if (num > 1)
+                                                --num; /* test restartability even more thoroughly */
                                        
-                                        r = BIO_read(server_io, buf, (int)num);
+                                        r = BIO_nwrite(io1, &dataptr, (int)num);
+                                        assert(r > 0);
+                                        assert(r <= (int)num);
+                                        num = r;
+                                        r = BIO_read(io2, dataptr, (int)num);
                                        if (r != (int)num) /* can't happen */
                                                {
                                                fprintf(stderr, "ERROR: BIO_read could not read "
                                                        "BIO_ctrl_pending() bytes");
                                                goto err;
                                                }
-                                        r = BIO_write(client_io, buf, (int)num);
-                                        if (r != (int)num) /* can't happen */
-                                                {
-                                                fprintf(stderr, "ERROR: BIO_write could not write "
-                                                        "BIO_ctrl_get_write_guarantee() bytes");
-                                                goto err;
-                                                }
                                        progress = 1;
+                                        
                                        if (debug)
-                                                printf("S->C relaying: %d bytes\n", (int)num);
+                                                printf((io2 == client_io) ?
+                                                        "C->S relaying: %d bytes\n" :
+                                                        "S->C relaying: %d bytes\n",
+                                                        (int)num);
                                        }
-                                }
+                        } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
-                        while (r1 && r2);
                        if (!progress && !prev_progress)
                                if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
@@ -1091,7 +1120,7 @@ err:
        return(ret);
        }
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
        {
        char *s,buf[256];
@@ -1161,3 +1190,24 @@ static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
        return(rsa_tmp);
        }
 #endif
+#ifndef NO_DSA
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+        {
+        char c='*';
+        static int ok=0,num=0;
+        if (p == 0) { c='.'; num++; };
+        if (p == 1) c='+';
+        if (p == 2) { c='*'; ok++; }
+        if (p == 3) c='\n';
+        BIO_write(arg,&c,1);
+        (void)BIO_flush(arg);
+        if (!ok && (p == 0) && (num > 1))
+                {
+                BIO_printf((BIO *)arg,"error in dsatest\n");
+                exit(1);
+                }
+        }
+#endif

diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 90570f4bee..d655bbbd84 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -56,11 +56,12 @@
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
58		58
		59	#include <assert.h>
		60	#include <errno.h>
		61	#include <limits.h>
59	#include <stdio.h>	62	#include <stdio.h>
60	#include <stdlib.h>	63	#include <stdlib.h>
61	#include <string.h>	64	#include <string.h>
62	#include <errno.h>
63	#include <limits.h>
64		65
65	#include "openssl/e_os.h"	66	#include "openssl/e_os.h"
66		67
@@ -69,14 +70,11 @@
69	#include <openssl/x509.h>	70	#include <openssl/x509.h>
70	#include <openssl/ssl.h>	71	#include <openssl/ssl.h>
71	#include <openssl/err.h>	72	#include <openssl/err.h>
		73	#include <openssl/rand.h>
72	#ifdef WINDOWS	74	#ifdef WINDOWS
73	#include "../crypto/bio/bss_file.c"	75	#include "../crypto/bio/bss_file.c"
74	#endif	76	#endif
75		77
76	#if defined(NO_RSA) && !defined(NO_SSL2)
77	#define NO_SSL2
78	#endif
79
80	#ifdef VMS	78	#ifdef VMS
81	# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"	79	# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
82	# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"	80	# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
@@ -85,19 +83,23 @@
85	# define TEST_CLIENT_CERT "../apps/client.pem"	83	# define TEST_CLIENT_CERT "../apps/client.pem"
86	#endif	84	#endif
87		85
88	int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);	86	static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
89	#ifndef NO_RSA	87	#ifndef NO_RSA
90	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export,int keylength);	88	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export,int keylength);
91	#endif	89	#endif
92	#ifndef NO_DH	90	#ifndef NO_DH
93	static DH *get_dh512(void);	91	static DH *get_dh512(void);
94	#endif	92	#endif
95	BIO *bio_err=NULL;	93	#ifndef NO_DSA
96	BIO *bio_stdout=NULL;	94	static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
		95	#endif
		96
		97	static BIO *bio_err=NULL;
		98	static BIO *bio_stdout=NULL;
97		99
98	static char *cipher=NULL;	100	static char *cipher=NULL;
99	int verbose=0;	101	static int verbose=0;
100	int debug=0;	102	static int debug=0;
101	#if 0	103	#if 0
102	/* Not used yet. */	104	/* Not used yet. */
103	#ifdef FIONBIO	105	#ifdef FIONBIO
@@ -105,6 +107,7 @@ static int s_nbio=0;
105	#endif	107	#endif
106	#endif	108	#endif
107		109
		110	static const char rnd_seed[] = "string to make the random number generator think it has entropy";
108		111
109	int doit_biopair(SSL s_ssl,SSL c_ssl,long bytes);	112	int doit_biopair(SSL s_ssl,SSL c_ssl,long bytes);
110	int doit(SSL s_ssl,SSL c_ssl,long bytes);	113	int doit(SSL s_ssl,SSL c_ssl,long bytes);
@@ -122,6 +125,9 @@ static void sv_usage(void)
122	#if !defined NO_DH && !defined NO_DSA	125	#if !defined NO_DH && !defined NO_DSA
123	fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n");	126	fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n");
124	#endif	127	#endif
		128	#if !defined NO_DH
		129	fprintf(stderr," -no_dhe - disable DHE\n");
		130	#endif
125	#ifndef NO_SSL2	131	#ifndef NO_SSL2
126	fprintf(stderr," -ssl2 - use SSLv2\n");	132	fprintf(stderr," -ssl2 - use SSLv2\n");
127	#endif	133	#endif
@@ -159,16 +165,21 @@ int main(int argc, char *argv[])
159	int number=1,reuse=0;	165	int number=1,reuse=0;
160	long bytes=1L;	166	long bytes=1L;
161	SSL_CIPHER *ciph;	167	SSL_CIPHER *ciph;
162	int dhe1024 = 0;	168	int dhe1024 = 0, no_dhe = 0;
163	#ifndef NO_DH	169	#ifndef NO_DH
164	DH *dh;	170	DH *dh;
165	#endif	171	#endif
		172	verbose = 0;
		173	debug = 0;
		174	cipher = 0;
		175
		176	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
		177
		178	RAND_seed(rnd_seed, sizeof rnd_seed);
166		179
167	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	180	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
168	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);	181	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
169		182
170	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
171
172	argc--;	183	argc--;
173	argv++;	184	argv++;
174		185
@@ -186,6 +197,8 @@ int main(int argc, char *argv[])
186	reuse=1;	197	reuse=1;
187	else if (strcmp(*argv,"-dhe1024") == 0)	198	else if (strcmp(*argv,"-dhe1024") == 0)
188	dhe1024=1;	199	dhe1024=1;
		200	else if (strcmp(*argv,"-no_dhe") == 0)
		201	no_dhe=1;
189	else if (strcmp(*argv,"-ssl2") == 0)	202	else if (strcmp(*argv,"-ssl2") == 0)
190	ssl2=1;	203	ssl2=1;
191	else if (strcmp(*argv,"-tls1") == 0)	204	else if (strcmp(*argv,"-tls1") == 0)
@@ -311,31 +324,36 @@ bad:
311	}	324	}
312		325
313	#ifndef NO_DH	326	#ifndef NO_DH
314	# ifndef NO_DSA	327	if (!no_dhe)
315	if (dhe1024)
316	{	328	{
317	DSA *dsa;	329	# ifndef NO_DSA
318		330	if (dhe1024)
319	if (verbose)
320	{	331	{
321	fprintf(stdout, "Creating 1024 bit DHE parameters ...");	332	DSA *dsa;
322	fflush(stdout);	333	unsigned char seed[20];
		334
		335	if (verbose)
		336	{
		337	BIO_printf(bio_err, "Creating 1024 bit DHE parameters\n");
		338	BIO_flush(bio_err);
		339	}
		340
		341	memcpy(seed, "Random String no. 12", 20);
		342	dsa = DSA_generate_parameters(1024, seed, 20, NULL, NULL, dsa_cb, bio_err);
		343	dh = DSA_dup_DH(dsa);
		344	DSA_free(dsa);
		345	/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
		346	SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
		347
		348	if (verbose)
		349	fprintf(stdout, " done\n");
323	}	350	}
324		351	else
325	dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
326	dh = DSA_dup_DH(dsa);
327	DSA_free(dsa);
328	/* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
329	SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
330
331	if (verbose)
332	fprintf(stdout, " done\n");
333	}
334	else
335	# endif	352	# endif
336	dh=get_dh512();	353	dh=get_dh512();
337	SSL_CTX_set_tmp_dh(s_ctx,dh);	354	SSL_CTX_set_tmp_dh(s_ctx,dh);
338	DH_free(dh);	355	DH_free(dh);
		356	}
339	#endif	357	#endif
340		358
341	#ifndef NO_RSA	359	#ifndef NO_RSA
@@ -373,17 +391,22 @@ bad:
373		391
374	if (client_auth)	392	if (client_auth)
375	{	393	{
376	fprintf(stderr,"client authentication\n");	394	BIO_printf(bio_err,"client authentication\n");
377	SSL_CTX_set_verify(s_ctx,	395	SSL_CTX_set_verify(s_ctx,
378	SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,	396	SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
379	verify_callback);	397	verify_callback);
380	}	398	}
381	if (server_auth)	399	if (server_auth)
382	{	400	{
383	fprintf(stderr,"server authentication\n");	401	BIO_printf(bio_err,"server authentication\n");
384	SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,	402	SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
385	verify_callback);	403	verify_callback);
386	}	404	}
		405
		406	{
		407	int session_id_context = 0;
		408	SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
		409	}
387		410
388	c_ssl=SSL_new(c_ctx);	411	c_ssl=SSL_new(c_ctx);
389	s_ssl=SSL_new(s_ctx);	412	s_ssl=SSL_new(s_ctx);
@@ -400,13 +423,13 @@ bad:
400	if (!verbose)	423	if (!verbose)
401	{	424	{
402	ciph=SSL_get_current_cipher(c_ssl);	425	ciph=SSL_get_current_cipher(c_ssl);
403	fprintf(stdout,"Protocol %s, cipher %s, %s\n",	426	BIO_printf(bio_stdout,"Protocol %s, cipher %s, %s\n",
404	SSL_get_version(c_ssl),	427	SSL_get_version(c_ssl),
405	SSL_CIPHER_get_version(ciph),	428	SSL_CIPHER_get_version(ciph),
406	SSL_CIPHER_get_name(ciph));	429	SSL_CIPHER_get_name(ciph));
407	}	430	}
408	if ((number > 1) \|\| (bytes > 1L))	431	if ((number > 1) \|\| (bytes > 1L))
409	printf("%d handshakes of %ld bytes done\n",number,bytes);	432	BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
410		433
411	SSL_free(s_ssl);	434	SSL_free(s_ssl);
412	SSL_free(c_ssl);	435	SSL_free(c_ssl);
@@ -421,6 +444,7 @@ end:
421	ERR_remove_state(0);	444	ERR_remove_state(0);
422	EVP_cleanup();	445	EVP_cleanup();
423	CRYPTO_mem_leaks(bio_err);	446	CRYPTO_mem_leaks(bio_err);
		447	if (bio_err != NULL) BIO_free(bio_err);
424	EXIT(ret);	448	EXIT(ret);
425	}	449	}
426		450
@@ -485,7 +509,7 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count)
485	* BIO_ctrl_pending(bio) number of bytes we can read now	509	* BIO_ctrl_pending(bio) number of bytes we can read now
486	* BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil	510	* BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
487	* other side's read attempt	511	* other side's read attempt
488	* BIO_ctrl_get_write_gurantee(bio) number of bytes we can write now	512	* BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
489	*	513	*
490	* ..._read_request is never more than ..._write_guarantee;	514	* ..._read_request is never more than ..._write_guarantee;
491	* it depends on the application which one you should use.	515	* it depends on the application which one you should use.
@@ -517,7 +541,7 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count)
517	else	541	else
518	i = (int)cw_num;	542	i = (int)cw_num;
519	r = BIO_write(c_ssl_bio, cbuf, i);	543	r = BIO_write(c_ssl_bio, cbuf, i);
520	if (r == -1)	544	if (r < 0)
521	{	545	{
522	if (!BIO_should_retry(c_ssl_bio))	546	if (!BIO_should_retry(c_ssl_bio))
523	{	547	{
@@ -590,7 +614,7 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count)
590	else	614	else
591	i = (int)sw_num;	615	i = (int)sw_num;
592	r = BIO_write(s_ssl_bio, sbuf, i);	616	r = BIO_write(s_ssl_bio, sbuf, i);
593	if (r == -1)	617	if (r < 0)
594	{	618	{
595	if (!BIO_should_retry(s_ssl_bio))	619	if (!BIO_should_retry(s_ssl_bio))
596	{	620	{
@@ -643,45 +667,40 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count)
643	{	667	{
644	/* "I/O" BETWEEN CLIENT AND SERVER. */	668	/* "I/O" BETWEEN CLIENT AND SERVER. */
645		669
646	#define RELAYBUFSIZ 200
647	static char buf[RELAYBUFSIZ];
648
649	/* RELAYBUF is arbitrary. When writing data over some real
650	* network, use a buffer of the same size as in the BIO_pipe
651	* and make that size large (for reading from the network
652	* small buffers usually won't hurt).
653	* Here sizes differ for testing. */
654
655	size_t r1, r2;	670	size_t r1, r2;
656	size_t num;	671	BIO io1 = server_io, io2 = client_io;
657	int r;	672	/* we use the non-copying interface for io1
		673	* and the standard BIO_write/BIO_read interface for io2
		674	*/
		675
658	static int prev_progress = 1;	676	static int prev_progress = 1;
659	int progress = 0;	677	int progress = 0;
660		678
661	/* client to server */	679	/* io1 to io2 */
662	do	680	do
663	{	681	{
664	r1 = BIO_ctrl_pending(client_io);	682	size_t num;
665	r2 = BIO_ctrl_get_write_guarantee(server_io);	683	int r;
		684
		685	r1 = BIO_ctrl_pending(io1);
		686	r2 = BIO_ctrl_get_write_guarantee(io2);
666		687
667	num = r1;	688	num = r1;
668	if (r2 < num)	689	if (r2 < num)
669	num = r2;	690	num = r2;
670	if (num)	691	if (num)
671	{	692	{
672	if (sizeof buf < num)	693	char *dataptr;
673	num = sizeof buf;	694
674	if (INT_MAX < num) /* yeah, right */	695	if (INT_MAX < num) /* yeah, right */
675	num = INT_MAX;	696	num = INT_MAX;
676		697
677	r = BIO_read(client_io, buf, (int)num);	698	r = BIO_nread(io1, &dataptr, (int)num);
678	if (r != (int)num) /* can't happen */	699	assert(r > 0);
679	{	700	assert(r <= (int)num);
680	fprintf(stderr, "ERROR: BIO_read could not read "	701	/* possibly r < num (non-contiguous data) */
681	"BIO_ctrl_pending() bytes");	702	num = r;
682	goto err;	703	r = BIO_write(io2, dataptr, (int)num);
683	}
684	r = BIO_write(server_io, buf, (int)num);
685	if (r != (int)num) /* can't happen */	704	if (r != (int)num) /* can't happen */
686	{	705	{
687	fprintf(stderr, "ERROR: BIO_write could not write "	706	fprintf(stderr, "ERROR: BIO_write could not write "
@@ -691,48 +710,58 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count)
691	progress = 1;	710	progress = 1;
692		711
693	if (debug)	712	if (debug)
694	printf("C->S relaying: %d bytes\n", (int)num);	713	printf((io1 == client_io) ?
		714	"C->S relaying: %d bytes\n" :
		715	"S->C relaying: %d bytes\n",
		716	(int)num);
695	}	717	}
696	}	718	}
697	while (r1 && r2);	719	while (r1 && r2);
698		720
699	/* server to client */	721	/* io2 to io1 */
700	do	722	{
701	{	723	size_t num;
702	r1 = BIO_ctrl_pending(server_io);	724	int r;
703	r2 = BIO_ctrl_get_write_guarantee(client_io);	725
704		726	r1 = BIO_ctrl_pending(io2);
		727	r2 = BIO_ctrl_get_read_request(io1);
		728	/* here we could use ..._get_write_guarantee instead of
		729	* ..._get_read_request, but by using the latter
		730	* we test restartability of the SSL implementation
		731	* more thoroughly */
705	num = r1;	732	num = r1;
706	if (r2 < num)	733	if (r2 < num)
707	num = r2;	734	num = r2;
708	if (num)	735	if (num)
709	{	736	{
710	if (sizeof buf < num)	737	char *dataptr;
711	num = sizeof buf;	738
712	if (INT_MAX < num)	739	if (INT_MAX < num)
713	num = INT_MAX;	740	num = INT_MAX;
		741
		742	if (num > 1)
		743	--num; /* test restartability even more thoroughly */
714		744
715	r = BIO_read(server_io, buf, (int)num);	745	r = BIO_nwrite(io1, &dataptr, (int)num);
		746	assert(r > 0);
		747	assert(r <= (int)num);
		748	num = r;
		749	r = BIO_read(io2, dataptr, (int)num);
716	if (r != (int)num) /* can't happen */	750	if (r != (int)num) /* can't happen */
717	{	751	{
718	fprintf(stderr, "ERROR: BIO_read could not read "	752	fprintf(stderr, "ERROR: BIO_read could not read "
719	"BIO_ctrl_pending() bytes");	753	"BIO_ctrl_pending() bytes");
720	goto err;	754	goto err;
721	}	755	}
722	r = BIO_write(client_io, buf, (int)num);
723	if (r != (int)num) /* can't happen */
724	{
725	fprintf(stderr, "ERROR: BIO_write could not write "
726	"BIO_ctrl_get_write_guarantee() bytes");
727	goto err;
728	}
729	progress = 1;	756	progress = 1;
730		757
731	if (debug)	758	if (debug)
732	printf("S->C relaying: %d bytes\n", (int)num);	759	printf((io2 == client_io) ?
		760	"C->S relaying: %d bytes\n" :
		761	"S->C relaying: %d bytes\n",
		762	(int)num);
733	}	763	}
734	}	764	} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
735	while (r1 && r2);
736		765
737	if (!progress && !prev_progress)	766	if (!progress && !prev_progress)
738	if (cw_num > 0 \|\| cr_num > 0 \|\| sw_num > 0 \|\| sr_num > 0)	767	if (cw_num > 0 \|\| cr_num > 0 \|\| sw_num > 0 \|\| sr_num > 0)
@@ -1091,7 +1120,7 @@ err:
1091	return(ret);	1120	return(ret);
1092	}	1121	}
1093		1122
1094	int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)	1123	static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1095	{	1124	{
1096	char *s,buf[256];	1125	char *s,buf[256];
1097		1126
@@ -1161,3 +1190,24 @@ static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength)
1161	return(rsa_tmp);	1190	return(rsa_tmp);
1162	}	1191	}
1163	#endif	1192	#endif
		1193
		1194	#ifndef NO_DSA
		1195	static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
		1196	{
		1197	char c='*';
		1198	static int ok=0,num=0;
		1199
		1200	if (p == 0) { c='.'; num++; };
		1201	if (p == 1) c='+';
		1202	if (p == 2) { c='*'; ok++; }
		1203	if (p == 3) c='\n';
		1204	BIO_write(arg,&c,1);
		1205	(void)BIO_flush(arg);
		1206
		1207	if (!ok && (p == 0) && (num > 1))
		1208	{
		1209	BIO_printf((BIO *)arg,"error in dsatest\n");
		1210	exit(1);
		1211	}
		1212	}
		1213	#endif