summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src/ssl/ssltest.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/src/ssl/ssltest.c')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c2134
1 files changed, 2134 insertions, 0 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
new file mode 100644
index 0000000000..9381c435d5
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -0,0 +1,2134 @@
1/* ssl/ssltest.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
113 on Linux and GNU platforms. */
114
115#include <assert.h>
116#include <errno.h>
117#include <limits.h>
118#include <stdio.h>
119#include <stdlib.h>
120#include <string.h>
121#include <time.h>
122#include <inttypes.h>
123#include <ctype.h>
124
125#define USE_SOCKETS
126#include "e_os.h"
127
128#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
129 VMS (at least with DECompHP C). */
130#include <ctype.h>
131
132#include <openssl/bio.h>
133#include <openssl/crypto.h>
134#include <openssl/evp.h>
135#include <openssl/x509.h>
136#include <openssl/x509v3.h>
137#include <openssl/ssl.h>
138#ifndef OPENSSL_NO_ENGINE
139#include <openssl/engine.h>
140#endif
141#include <openssl/err.h>
142#include <openssl/rand.h>
143#include <openssl/fips.h>
144
145#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
146 on Compaq platforms (at least with DEC C).
147 Do not try to put it earlier, or IPv6 includes
148 get screwed...
149 */
150
151#ifdef OPENSSL_SYS_WINDOWS
152#include <winsock.h>
153#else
154#include OPENSSL_UNISTD
155#endif
156
157#ifdef OPENSSL_SYS_VMS
158# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
159# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
160#elif defined(OPENSSL_SYS_WINCE)
161# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
162# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
163#else
164# define TEST_SERVER_CERT "../apps/server.pem"
165# define TEST_CLIENT_CERT "../apps/client.pem"
166#endif
167
168/* There is really no standard for this, so let's assign some tentative
169 numbers. In any case, these numbers are only for this test */
170#define COMP_RLE 1
171#define COMP_ZLIB 2
172
173static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
174#ifndef OPENSSL_NO_RSA
175static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
176static void free_tmp_rsa(void);
177#endif
178static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
179#define APP_CALLBACK_STRING "Test Callback Argument"
180struct app_verify_arg
181 {
182 char *string;
183 int app_verify;
184 int allow_proxy_certs;
185 char *proxy_auth;
186 char *proxy_cond;
187 };
188
189#ifndef OPENSSL_NO_DH
190static DH *get_dh512(void);
191static DH *get_dh1024(void);
192static DH *get_dh1024dsa(void);
193#endif
194
195static BIO *bio_err=NULL;
196static BIO *bio_stdout=NULL;
197
198static char *cipher=NULL;
199static int verbose=0;
200static int debug=0;
201#if 0
202/* Not used yet. */
203#ifdef FIONBIO
204static int s_nbio=0;
205#endif
206#endif
207
208static const char rnd_seed[] = "string to make the random number generator think it has entropy";
209
210int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
211int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
212static void sv_usage(void)
213 {
214 fprintf(stderr,"usage: ssltest [args ...]\n");
215 fprintf(stderr,"\n");
216#ifdef OPENSSL_FIPS
217 fprintf(stderr,"-F - run test in FIPS mode\n");
218#endif
219 fprintf(stderr," -server_auth - check server certificate\n");
220 fprintf(stderr," -client_auth - do client authentication\n");
221 fprintf(stderr," -proxy - allow proxy certificates\n");
222 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
223 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
224 fprintf(stderr," -v - more output\n");
225 fprintf(stderr," -d - debug output\n");
226 fprintf(stderr," -reuse - use session-id reuse\n");
227 fprintf(stderr," -num <val> - number of connections to perform\n");
228 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
229#ifndef OPENSSL_NO_DH
230 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
231 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
232 fprintf(stderr," -no_dhe - disable DHE\n");
233#endif
234#ifndef OPENSSL_NO_SSL2
235 fprintf(stderr," -ssl2 - use SSLv2\n");
236#endif
237#ifndef OPENSSL_NO_SSL3
238 fprintf(stderr," -ssl3 - use SSLv3\n");
239#endif
240#ifndef OPENSSL_NO_TLS1
241 fprintf(stderr," -tls1 - use TLSv1\n");
242#endif
243 fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
244 fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
245 fprintf(stderr," -cert arg - Server certificate file\n");
246 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
247 fprintf(stderr," -c_cert arg - Client certificate file\n");
248 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
249 fprintf(stderr," -cipher arg - The cipher list\n");
250 fprintf(stderr," -bio_pair - Use BIO pairs\n");
251 fprintf(stderr," -f - Test even cases that can't work\n");
252 fprintf(stderr," -time - measure processor time used by client and server\n");
253 fprintf(stderr," -zlib - use zlib compression\n");
254 fprintf(stderr," -time - use rle compression\n");
255 }
256
257static void print_details(SSL *c_ssl, const char *prefix)
258 {
259 SSL_CIPHER *ciph;
260 X509 *cert;
261
262 ciph=SSL_get_current_cipher(c_ssl);
263 BIO_printf(bio_stdout,"%s%s, cipher %s %s",
264 prefix,
265 SSL_get_version(c_ssl),
266 SSL_CIPHER_get_version(ciph),
267 SSL_CIPHER_get_name(ciph));
268 cert=SSL_get_peer_certificate(c_ssl);
269 if (cert != NULL)
270 {
271 EVP_PKEY *pkey = X509_get_pubkey(cert);
272 if (pkey != NULL)
273 {
274 if (0)
275 ;
276#ifndef OPENSSL_NO_RSA
277 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
278 && pkey->pkey.rsa->n != NULL)
279 {
280 BIO_printf(bio_stdout, ", %d bit RSA",
281 BN_num_bits(pkey->pkey.rsa->n));
282 }
283#endif
284#ifndef OPENSSL_NO_DSA
285 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
286 && pkey->pkey.dsa->p != NULL)
287 {
288 BIO_printf(bio_stdout, ", %d bit DSA",
289 BN_num_bits(pkey->pkey.dsa->p));
290 }
291#endif
292 EVP_PKEY_free(pkey);
293 }
294 X509_free(cert);
295 }
296 /* The SSL API does not allow us to look at temporary RSA/DH keys,
297 * otherwise we should print their lengths too */
298 BIO_printf(bio_stdout,"\n");
299 }
300
301static void lock_dbg_cb(int mode, int type, const char *file, int line)
302 {
303 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
304 const char *errstr = NULL;
305 int rw;
306
307 rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
308 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
309 {
310 errstr = "invalid mode";
311 goto err;
312 }
313
314 if (type < 0 || type >= CRYPTO_NUM_LOCKS)
315 {
316 errstr = "type out of bounds";
317 goto err;
318 }
319
320 if (mode & CRYPTO_LOCK)
321 {
322 if (modes[type])
323 {
324 errstr = "already locked";
325 /* must not happen in a single-threaded program
326 * (would deadlock) */
327 goto err;
328 }
329
330 modes[type] = rw;
331 }
332 else if (mode & CRYPTO_UNLOCK)
333 {
334 if (!modes[type])
335 {
336 errstr = "not locked";
337 goto err;
338 }
339
340 if (modes[type] != rw)
341 {
342 errstr = (rw == CRYPTO_READ) ?
343 "CRYPTO_r_unlock on write lock" :
344 "CRYPTO_w_unlock on read lock";
345 }
346
347 modes[type] = 0;
348 }
349 else
350 {
351 errstr = "invalid mode";
352 goto err;
353 }
354
355 err:
356 if (errstr)
357 {
358 /* we cannot use bio_err here */
359 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
360 errstr, mode, type, file, line);
361 }
362 }
363
364int main(int argc, char *argv[])
365 {
366 char *CApath=NULL,*CAfile=NULL;
367 int badop=0;
368 int bio_pair=0;
369 int force=0;
370 int tls1=0,ssl2=0,ssl3=0,ret=1;
371 int client_auth=0;
372 int server_auth=0,i;
373 struct app_verify_arg app_verify_arg =
374 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
375 char *server_cert=TEST_SERVER_CERT;
376 char *server_key=NULL;
377 char *client_cert=TEST_CLIENT_CERT;
378 char *client_key=NULL;
379 SSL_CTX *s_ctx=NULL;
380 SSL_CTX *c_ctx=NULL;
381 SSL_METHOD *meth=NULL;
382 SSL *c_ssl,*s_ssl;
383 int number=1,reuse=0;
384 long bytes=1L;
385#ifndef OPENSSL_NO_DH
386 DH *dh;
387 int dhe1024 = 0, dhe1024dsa = 0;
388#endif
389 int no_dhe = 0;
390 int print_time = 0;
391 clock_t s_time = 0, c_time = 0;
392 int comp = 0;
393 COMP_METHOD *cm = NULL;
394#ifdef OPENSSL_FIPS
395 int fips_mode=0;
396#endif
397
398 verbose = 0;
399 debug = 0;
400 cipher = 0;
401
402 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
403
404 CRYPTO_set_locking_callback(lock_dbg_cb);
405
406 /* enable memory leak checking unless explicitly disabled */
407 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
408 {
409 CRYPTO_malloc_debug_init();
410 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
411 }
412 else
413 {
414 /* OPENSSL_DEBUG_MEMORY=off */
415 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
416 }
417 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
418
419 RAND_seed(rnd_seed, sizeof rnd_seed);
420
421 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
422
423 argc--;
424 argv++;
425
426 while (argc >= 1)
427 {
428 if(!strcmp(*argv,"-F"))
429 {
430#ifdef OPENSSL_FIPS
431 fips_mode=1;
432#else
433 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
434 EXIT(0);
435#endif
436 }
437 else if (strcmp(*argv,"-server_auth") == 0)
438 server_auth=1;
439 else if (strcmp(*argv,"-client_auth") == 0)
440 client_auth=1;
441 else if (strcmp(*argv,"-proxy_auth") == 0)
442 {
443 if (--argc < 1) goto bad;
444 app_verify_arg.proxy_auth= *(++argv);
445 }
446 else if (strcmp(*argv,"-proxy_cond") == 0)
447 {
448 if (--argc < 1) goto bad;
449 app_verify_arg.proxy_cond= *(++argv);
450 }
451 else if (strcmp(*argv,"-v") == 0)
452 verbose=1;
453 else if (strcmp(*argv,"-d") == 0)
454 debug=1;
455 else if (strcmp(*argv,"-reuse") == 0)
456 reuse=1;
457 else if (strcmp(*argv,"-dhe1024") == 0)
458 {
459#ifndef OPENSSL_NO_DH
460 dhe1024=1;
461#else
462 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
463#endif
464 }
465 else if (strcmp(*argv,"-dhe1024dsa") == 0)
466 {
467#ifndef OPENSSL_NO_DH
468 dhe1024dsa=1;
469#else
470 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
471#endif
472 }
473 else if (strcmp(*argv,"-no_dhe") == 0)
474 no_dhe=1;
475 else if (strcmp(*argv,"-ssl2") == 0)
476 ssl2=1;
477 else if (strcmp(*argv,"-tls1") == 0)
478 tls1=1;
479 else if (strcmp(*argv,"-ssl3") == 0)
480 ssl3=1;
481 else if (strncmp(*argv,"-num",4) == 0)
482 {
483 if (--argc < 1) goto bad;
484 number= atoi(*(++argv));
485 if (number == 0) number=1;
486 }
487 else if (strcmp(*argv,"-bytes") == 0)
488 {
489 if (--argc < 1) goto bad;
490 bytes= atol(*(++argv));
491 if (bytes == 0L) bytes=1L;
492 i=strlen(argv[0]);
493 if (argv[0][i-1] == 'k') bytes*=1024L;
494 if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
495 }
496 else if (strcmp(*argv,"-cert") == 0)
497 {
498 if (--argc < 1) goto bad;
499 server_cert= *(++argv);
500 }
501 else if (strcmp(*argv,"-s_cert") == 0)
502 {
503 if (--argc < 1) goto bad;
504 server_cert= *(++argv);
505 }
506 else if (strcmp(*argv,"-key") == 0)
507 {
508 if (--argc < 1) goto bad;
509 server_key= *(++argv);
510 }
511 else if (strcmp(*argv,"-s_key") == 0)
512 {
513 if (--argc < 1) goto bad;
514 server_key= *(++argv);
515 }
516 else if (strcmp(*argv,"-c_cert") == 0)
517 {
518 if (--argc < 1) goto bad;
519 client_cert= *(++argv);
520 }
521 else if (strcmp(*argv,"-c_key") == 0)
522 {
523 if (--argc < 1) goto bad;
524 client_key= *(++argv);
525 }
526 else if (strcmp(*argv,"-cipher") == 0)
527 {
528 if (--argc < 1) goto bad;
529 cipher= *(++argv);
530 }
531 else if (strcmp(*argv,"-CApath") == 0)
532 {
533 if (--argc < 1) goto bad;
534 CApath= *(++argv);
535 }
536 else if (strcmp(*argv,"-CAfile") == 0)
537 {
538 if (--argc < 1) goto bad;
539 CAfile= *(++argv);
540 }
541 else if (strcmp(*argv,"-bio_pair") == 0)
542 {
543 bio_pair = 1;
544 }
545 else if (strcmp(*argv,"-f") == 0)
546 {
547 force = 1;
548 }
549 else if (strcmp(*argv,"-time") == 0)
550 {
551 print_time = 1;
552 }
553 else if (strcmp(*argv,"-zlib") == 0)
554 {
555 comp = COMP_ZLIB;
556 }
557 else if (strcmp(*argv,"-rle") == 0)
558 {
559 comp = COMP_RLE;
560 }
561 else if (strcmp(*argv,"-app_verify") == 0)
562 {
563 app_verify_arg.app_verify = 1;
564 }
565 else if (strcmp(*argv,"-proxy") == 0)
566 {
567 app_verify_arg.allow_proxy_certs = 1;
568 }
569 else
570 {
571 fprintf(stderr,"unknown option %s\n",*argv);
572 badop=1;
573 break;
574 }
575 argc--;
576 argv++;
577 }
578 if (badop)
579 {
580bad:
581 sv_usage();
582 goto end;
583 }
584
585
586 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
587 {
588 fprintf(stderr, "This case cannot work. Use -f to perform "
589 "the test anyway (and\n-d to see what happens), "
590 "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
591 "to avoid protocol mismatch.\n");
592 EXIT(1);
593 }
594
595#ifdef OPENSSL_FIPS
596 if(fips_mode)
597 {
598 if(!FIPS_mode_set(1))
599 {
600 ERR_load_crypto_strings();
601 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
602 EXIT(1);
603 }
604 else
605 fprintf(stderr,"*** IN FIPS MODE ***\n");
606 }
607#endif
608
609 if (print_time)
610 {
611 if (!bio_pair)
612 {
613 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
614 bio_pair = 1;
615 }
616 if (number < 50 && !force)
617 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
618 }
619
620/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
621
622 SSL_library_init();
623 SSL_load_error_strings();
624
625 if (comp == COMP_ZLIB) cm = COMP_zlib();
626 if (comp == COMP_RLE) cm = COMP_rle();
627 if (cm != NULL)
628 {
629 if (cm->type != NID_undef)
630 {
631 if (SSL_COMP_add_compression_method(comp, cm) != 0)
632 {
633 fprintf(stderr,
634 "Failed to add compression method\n");
635 ERR_print_errors_fp(stderr);
636 }
637 }
638 else
639 {
640 fprintf(stderr,
641 "Warning: %s compression not supported\n",
642 (comp == COMP_RLE ? "rle" :
643 (comp == COMP_ZLIB ? "zlib" :
644 "unknown")));
645 ERR_print_errors_fp(stderr);
646 }
647 }
648
649#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
650 if (ssl2)
651 meth=SSLv2_method();
652 else
653 if (tls1)
654 meth=TLSv1_method();
655 else
656 if (ssl3)
657 meth=SSLv3_method();
658 else
659 meth=SSLv23_method();
660#else
661#ifdef OPENSSL_NO_SSL2
662 meth=SSLv3_method();
663#else
664 meth=SSLv2_method();
665#endif
666#endif
667
668 c_ctx=SSL_CTX_new(meth);
669 s_ctx=SSL_CTX_new(meth);
670 if ((c_ctx == NULL) || (s_ctx == NULL))
671 {
672 ERR_print_errors(bio_err);
673 goto end;
674 }
675
676 if (cipher != NULL)
677 {
678 SSL_CTX_set_cipher_list(c_ctx,cipher);
679 SSL_CTX_set_cipher_list(s_ctx,cipher);
680 }
681
682#ifndef OPENSSL_NO_DH
683 if (!no_dhe)
684 {
685 if (dhe1024dsa)
686 {
687 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
688 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
689 dh=get_dh1024dsa();
690 }
691 else if (dhe1024)
692 dh=get_dh1024();
693 else
694 dh=get_dh512();
695 SSL_CTX_set_tmp_dh(s_ctx,dh);
696 DH_free(dh);
697 }
698#else
699 (void)no_dhe;
700#endif
701
702#ifndef OPENSSL_NO_RSA
703 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
704#endif
705
706 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
707 {
708 ERR_print_errors(bio_err);
709 }
710 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
711 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
712 {
713 ERR_print_errors(bio_err);
714 goto end;
715 }
716
717 if (client_auth)
718 {
719 SSL_CTX_use_certificate_file(c_ctx,client_cert,
720 SSL_FILETYPE_PEM);
721 SSL_CTX_use_PrivateKey_file(c_ctx,
722 (client_key?client_key:client_cert),
723 SSL_FILETYPE_PEM);
724 }
725
726 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
727 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
728 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
729 (!SSL_CTX_set_default_verify_paths(c_ctx)))
730 {
731 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
732 ERR_print_errors(bio_err);
733 /* goto end; */
734 }
735
736 if (client_auth)
737 {
738 BIO_printf(bio_err,"client authentication\n");
739 SSL_CTX_set_verify(s_ctx,
740 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
741 verify_callback);
742 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
743 }
744 if (server_auth)
745 {
746 BIO_printf(bio_err,"server authentication\n");
747 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
748 verify_callback);
749 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
750 }
751
752 {
753 int session_id_context = 0;
754 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
755 }
756
757 c_ssl=SSL_new(c_ctx);
758 s_ssl=SSL_new(s_ctx);
759
760#ifndef OPENSSL_NO_KRB5
761 if (c_ssl && c_ssl->kssl_ctx)
762 {
763 char localhost[MAXHOSTNAMELEN+2];
764
765 if (gethostname(localhost, sizeof localhost-1) == 0)
766 {
767 localhost[sizeof localhost-1]='\0';
768 if(strlen(localhost) == sizeof localhost-1)
769 {
770 BIO_printf(bio_err,"localhost name too long\n");
771 goto end;
772 }
773 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
774 localhost);
775 }
776 }
777#endif /* OPENSSL_NO_KRB5 */
778
779 for (i=0; i<number; i++)
780 {
781 if (!reuse) SSL_set_session(c_ssl,NULL);
782 if (bio_pair)
783 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
784 else
785 ret=doit(s_ssl,c_ssl,bytes);
786 }
787
788 if (!verbose)
789 {
790 print_details(c_ssl, "");
791 }
792 if ((number > 1) || (bytes > 1L))
793 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
794 if (print_time)
795 {
796#ifdef CLOCKS_PER_SEC
797 /* "To determine the time in seconds, the value returned
798 * by the clock function should be divided by the value
799 * of the macro CLOCKS_PER_SEC."
800 * -- ISO/IEC 9899 */
801 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
802 "Approximate total client time: %6.2f s\n",
803 (double)s_time/CLOCKS_PER_SEC,
804 (double)c_time/CLOCKS_PER_SEC);
805#else
806 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
807 * -- cc on NeXTstep/OpenStep */
808 BIO_printf(bio_stdout,
809 "Approximate total server time: %6.2f units\n"
810 "Approximate total client time: %6.2f units\n",
811 (double)s_time,
812 (double)c_time);
813#endif
814 }
815
816 SSL_free(s_ssl);
817 SSL_free(c_ssl);
818
819end:
820 if (s_ctx != NULL) SSL_CTX_free(s_ctx);
821 if (c_ctx != NULL) SSL_CTX_free(c_ctx);
822
823 if (bio_stdout != NULL) BIO_free(bio_stdout);
824
825#ifndef OPENSSL_NO_RSA
826 free_tmp_rsa();
827#endif
828#ifndef OPENSSL_NO_ENGINE
829 ENGINE_cleanup();
830#endif
831 CRYPTO_cleanup_all_ex_data();
832 ERR_free_strings();
833 ERR_remove_state(0);
834 EVP_cleanup();
835 CRYPTO_mem_leaks(bio_err);
836 if (bio_err != NULL) BIO_free(bio_err);
837 EXIT(ret);
838 }
839
840int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
841 clock_t *s_time, clock_t *c_time)
842 {
843 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
844 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
845 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
846 int ret = 1;
847
848 size_t bufsiz = 256; /* small buffer for testing */
849
850 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
851 goto err;
852 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
853 goto err;
854
855 s_ssl_bio = BIO_new(BIO_f_ssl());
856 if (!s_ssl_bio)
857 goto err;
858
859 c_ssl_bio = BIO_new(BIO_f_ssl());
860 if (!c_ssl_bio)
861 goto err;
862
863 SSL_set_connect_state(c_ssl);
864 SSL_set_bio(c_ssl, client, client);
865 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
866
867 SSL_set_accept_state(s_ssl);
868 SSL_set_bio(s_ssl, server, server);
869 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
870
871 do
872 {
873 /* c_ssl_bio: SSL filter BIO
874 *
875 * client: pseudo-I/O for SSL library
876 *
877 * client_io: client's SSL communication; usually to be
878 * relayed over some I/O facility, but in this
879 * test program, we're the server, too:
880 *
881 * server_io: server's SSL communication
882 *
883 * server: pseudo-I/O for SSL library
884 *
885 * s_ssl_bio: SSL filter BIO
886 *
887 * The client and the server each employ a "BIO pair":
888 * client + client_io, server + server_io.
889 * BIO pairs are symmetric. A BIO pair behaves similar
890 * to a non-blocking socketpair (but both endpoints must
891 * be handled by the same thread).
892 * [Here we could connect client and server to the ends
893 * of a single BIO pair, but then this code would be less
894 * suitable as an example for BIO pairs in general.]
895 *
896 * Useful functions for querying the state of BIO pair endpoints:
897 *
898 * BIO_ctrl_pending(bio) number of bytes we can read now
899 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
900 * other side's read attempt
901 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
902 *
903 * ..._read_request is never more than ..._write_guarantee;
904 * it depends on the application which one you should use.
905 */
906
907 /* We have non-blocking behaviour throughout this test program, but
908 * can be sure that there is *some* progress in each iteration; so
909 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
910 * -- we just try everything in each iteration
911 */
912
913 {
914 /* CLIENT */
915
916 MS_STATIC char cbuf[1024*8];
917 int i, r;
918 clock_t c_clock = clock();
919
920 memset(cbuf, 0, sizeof(cbuf));
921
922 if (debug)
923 if (SSL_in_init(c_ssl))
924 printf("client waiting in SSL_connect - %s\n",
925 SSL_state_string_long(c_ssl));
926
927 if (cw_num > 0)
928 {
929 /* Write to server. */
930
931 if (cw_num > (long)sizeof cbuf)
932 i = sizeof cbuf;
933 else
934 i = (int)cw_num;
935 r = BIO_write(c_ssl_bio, cbuf, i);
936 if (r < 0)
937 {
938 if (!BIO_should_retry(c_ssl_bio))
939 {
940 fprintf(stderr,"ERROR in CLIENT\n");
941 goto err;
942 }
943 /* BIO_should_retry(...) can just be ignored here.
944 * The library expects us to call BIO_write with
945 * the same arguments again, and that's what we will
946 * do in the next iteration. */
947 }
948 else if (r == 0)
949 {
950 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
951 goto err;
952 }
953 else
954 {
955 if (debug)
956 printf("client wrote %d\n", r);
957 cw_num -= r;
958 }
959 }
960
961 if (cr_num > 0)
962 {
963 /* Read from server. */
964
965 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
966 if (r < 0)
967 {
968 if (!BIO_should_retry(c_ssl_bio))
969 {
970 fprintf(stderr,"ERROR in CLIENT\n");
971 goto err;
972 }
973 /* Again, "BIO_should_retry" can be ignored. */
974 }
975 else if (r == 0)
976 {
977 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
978 goto err;
979 }
980 else
981 {
982 if (debug)
983 printf("client read %d\n", r);
984 cr_num -= r;
985 }
986 }
987
988 /* c_time and s_time increments will typically be very small
989 * (depending on machine speed and clock tick intervals),
990 * but sampling over a large number of connections should
991 * result in fairly accurate figures. We cannot guarantee
992 * a lot, however -- if each connection lasts for exactly
993 * one clock tick, it will be counted only for the client
994 * or only for the server or even not at all.
995 */
996 *c_time += (clock() - c_clock);
997 }
998
999 {
1000 /* SERVER */
1001
1002 MS_STATIC char sbuf[1024*8];
1003 int i, r;
1004 clock_t s_clock = clock();
1005
1006 memset(sbuf, 0, sizeof(sbuf));
1007
1008 if (debug)
1009 if (SSL_in_init(s_ssl))
1010 printf("server waiting in SSL_accept - %s\n",
1011 SSL_state_string_long(s_ssl));
1012
1013 if (sw_num > 0)
1014 {
1015 /* Write to client. */
1016
1017 if (sw_num > (long)sizeof sbuf)
1018 i = sizeof sbuf;
1019 else
1020 i = (int)sw_num;
1021 r = BIO_write(s_ssl_bio, sbuf, i);
1022 if (r < 0)
1023 {
1024 if (!BIO_should_retry(s_ssl_bio))
1025 {
1026 fprintf(stderr,"ERROR in SERVER\n");
1027 goto err;
1028 }
1029 /* Ignore "BIO_should_retry". */
1030 }
1031 else if (r == 0)
1032 {
1033 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
1034 goto err;
1035 }
1036 else
1037 {
1038 if (debug)
1039 printf("server wrote %d\n", r);
1040 sw_num -= r;
1041 }
1042 }
1043
1044 if (sr_num > 0)
1045 {
1046 /* Read from client. */
1047
1048 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
1049 if (r < 0)
1050 {
1051 if (!BIO_should_retry(s_ssl_bio))
1052 {
1053 fprintf(stderr,"ERROR in SERVER\n");
1054 goto err;
1055 }
1056 /* blah, blah */
1057 }
1058 else if (r == 0)
1059 {
1060 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
1061 goto err;
1062 }
1063 else
1064 {
1065 if (debug)
1066 printf("server read %d\n", r);
1067 sr_num -= r;
1068 }
1069 }
1070
1071 *s_time += (clock() - s_clock);
1072 }
1073
1074 {
1075 /* "I/O" BETWEEN CLIENT AND SERVER. */
1076
1077 size_t r1, r2;
1078 BIO *io1 = server_io, *io2 = client_io;
1079 /* we use the non-copying interface for io1
1080 * and the standard BIO_write/BIO_read interface for io2
1081 */
1082
1083 static int prev_progress = 1;
1084 int progress = 0;
1085
1086 /* io1 to io2 */
1087 do
1088 {
1089 size_t num;
1090 int r;
1091
1092 r1 = BIO_ctrl_pending(io1);
1093 r2 = BIO_ctrl_get_write_guarantee(io2);
1094
1095 num = r1;
1096 if (r2 < num)
1097 num = r2;
1098 if (num)
1099 {
1100 char *dataptr;
1101
1102 if (INT_MAX < num) /* yeah, right */
1103 num = INT_MAX;
1104
1105 r = BIO_nread(io1, &dataptr, (int)num);
1106 assert(r > 0);
1107 assert(r <= (int)num);
1108 /* possibly r < num (non-contiguous data) */
1109 num = r;
1110 r = BIO_write(io2, dataptr, (int)num);
1111 if (r != (int)num) /* can't happen */
1112 {
1113 fprintf(stderr, "ERROR: BIO_write could not write "
1114 "BIO_ctrl_get_write_guarantee() bytes");
1115 goto err;
1116 }
1117 progress = 1;
1118
1119 if (debug)
1120 printf((io1 == client_io) ?
1121 "C->S relaying: %d bytes\n" :
1122 "S->C relaying: %d bytes\n",
1123 (int)num);
1124 }
1125 }
1126 while (r1 && r2);
1127
1128 /* io2 to io1 */
1129 {
1130 size_t num;
1131 int r;
1132
1133 r1 = BIO_ctrl_pending(io2);
1134 r2 = BIO_ctrl_get_read_request(io1);
1135 /* here we could use ..._get_write_guarantee instead of
1136 * ..._get_read_request, but by using the latter
1137 * we test restartability of the SSL implementation
1138 * more thoroughly */
1139 num = r1;
1140 if (r2 < num)
1141 num = r2;
1142 if (num)
1143 {
1144 char *dataptr;
1145
1146 if (INT_MAX < num)
1147 num = INT_MAX;
1148
1149 if (num > 1)
1150 --num; /* test restartability even more thoroughly */
1151
1152 r = BIO_nwrite0(io1, &dataptr);
1153 assert(r > 0);
1154 if (r < (int)num)
1155 num = r;
1156 r = BIO_read(io2, dataptr, (int)num);
1157 if (r != (int)num) /* can't happen */
1158 {
1159 fprintf(stderr, "ERROR: BIO_read could not read "
1160 "BIO_ctrl_pending() bytes");
1161 goto err;
1162 }
1163 progress = 1;
1164 r = BIO_nwrite(io1, &dataptr, (int)num);
1165 if (r != (int)num) /* can't happen */
1166 {
1167 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1168 "BIO_nwrite0() bytes");
1169 goto err;
1170 }
1171
1172 if (debug)
1173 printf((io2 == client_io) ?
1174 "C->S relaying: %d bytes\n" :
1175 "S->C relaying: %d bytes\n",
1176 (int)num);
1177 }
1178 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1179
1180 if (!progress && !prev_progress)
1181 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
1182 {
1183 fprintf(stderr, "ERROR: got stuck\n");
1184 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
1185 {
1186 fprintf(stderr, "This can happen for SSL2 because "
1187 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
1188 "concurrently ...");
1189 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
1190 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
1191 {
1192 fprintf(stderr, " ok.\n");
1193 goto end;
1194 }
1195 }
1196 fprintf(stderr, " ERROR.\n");
1197 goto err;
1198 }
1199 prev_progress = progress;
1200 }
1201 }
1202 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1203
1204 if (verbose)
1205 print_details(c_ssl, "DONE via BIO pair: ");
1206end:
1207 ret = 0;
1208
1209 err:
1210 ERR_print_errors(bio_err);
1211
1212 if (server)
1213 BIO_free(server);
1214 if (server_io)
1215 BIO_free(server_io);
1216 if (client)
1217 BIO_free(client);
1218 if (client_io)
1219 BIO_free(client_io);
1220 if (s_ssl_bio)
1221 BIO_free(s_ssl_bio);
1222 if (c_ssl_bio)
1223 BIO_free(c_ssl_bio);
1224
1225 return ret;
1226 }
1227
1228
1229#define W_READ 1
1230#define W_WRITE 2
1231#define C_DONE 1
1232#define S_DONE 2
1233
1234int doit(SSL *s_ssl, SSL *c_ssl, long count)
1235 {
1236 MS_STATIC char cbuf[1024*8],sbuf[1024*8];
1237 long cw_num=count,cr_num=count;
1238 long sw_num=count,sr_num=count;
1239 int ret=1;
1240 BIO *c_to_s=NULL;
1241 BIO *s_to_c=NULL;
1242 BIO *c_bio=NULL;
1243 BIO *s_bio=NULL;
1244 int c_r,c_w,s_r,s_w;
1245 int c_want,s_want;
1246 int i,j;
1247 int done=0;
1248 int c_write,s_write;
1249 int do_server=0,do_client=0;
1250
1251 memset(cbuf,0,sizeof(cbuf));
1252 memset(sbuf,0,sizeof(sbuf));
1253
1254 c_to_s=BIO_new(BIO_s_mem());
1255 s_to_c=BIO_new(BIO_s_mem());
1256 if ((s_to_c == NULL) || (c_to_s == NULL))
1257 {
1258 ERR_print_errors(bio_err);
1259 goto err;
1260 }
1261
1262 c_bio=BIO_new(BIO_f_ssl());
1263 s_bio=BIO_new(BIO_f_ssl());
1264 if ((c_bio == NULL) || (s_bio == NULL))
1265 {
1266 ERR_print_errors(bio_err);
1267 goto err;
1268 }
1269
1270 SSL_set_connect_state(c_ssl);
1271 SSL_set_bio(c_ssl,s_to_c,c_to_s);
1272 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
1273
1274 SSL_set_accept_state(s_ssl);
1275 SSL_set_bio(s_ssl,c_to_s,s_to_c);
1276 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
1277
1278 c_r=0; s_r=1;
1279 c_w=1; s_w=0;
1280 c_want=W_WRITE;
1281 s_want=0;
1282 c_write=1,s_write=0;
1283
1284 /* We can always do writes */
1285 for (;;)
1286 {
1287 do_server=0;
1288 do_client=0;
1289
1290 i=(int)BIO_pending(s_bio);
1291 if ((i && s_r) || s_w) do_server=1;
1292
1293 i=(int)BIO_pending(c_bio);
1294 if ((i && c_r) || c_w) do_client=1;
1295
1296 if (do_server && debug)
1297 {
1298 if (SSL_in_init(s_ssl))
1299 printf("server waiting in SSL_accept - %s\n",
1300 SSL_state_string_long(s_ssl));
1301/* else if (s_write)
1302 printf("server:SSL_write()\n");
1303 else
1304 printf("server:SSL_read()\n"); */
1305 }
1306
1307 if (do_client && debug)
1308 {
1309 if (SSL_in_init(c_ssl))
1310 printf("client waiting in SSL_connect - %s\n",
1311 SSL_state_string_long(c_ssl));
1312/* else if (c_write)
1313 printf("client:SSL_write()\n");
1314 else
1315 printf("client:SSL_read()\n"); */
1316 }
1317
1318 if (!do_client && !do_server)
1319 {
1320 fprintf(stdout,"ERROR IN STARTUP\n");
1321 ERR_print_errors(bio_err);
1322 break;
1323 }
1324 if (do_client && !(done & C_DONE))
1325 {
1326 if (c_write)
1327 {
1328 j=(cw_num > (long)sizeof(cbuf))
1329 ?sizeof(cbuf):(int)cw_num;
1330 i=BIO_write(c_bio,cbuf,j);
1331 if (i < 0)
1332 {
1333 c_r=0;
1334 c_w=0;
1335 if (BIO_should_retry(c_bio))
1336 {
1337 if (BIO_should_read(c_bio))
1338 c_r=1;
1339 if (BIO_should_write(c_bio))
1340 c_w=1;
1341 }
1342 else
1343 {
1344 fprintf(stderr,"ERROR in CLIENT\n");
1345 ERR_print_errors(bio_err);
1346 goto err;
1347 }
1348 }
1349 else if (i == 0)
1350 {
1351 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1352 goto err;
1353 }
1354 else
1355 {
1356 if (debug)
1357 printf("client wrote %d\n",i);
1358 /* ok */
1359 s_r=1;
1360 c_write=0;
1361 cw_num-=i;
1362 }
1363 }
1364 else
1365 {
1366 i=BIO_read(c_bio,cbuf,sizeof(cbuf));
1367 if (i < 0)
1368 {
1369 c_r=0;
1370 c_w=0;
1371 if (BIO_should_retry(c_bio))
1372 {
1373 if (BIO_should_read(c_bio))
1374 c_r=1;
1375 if (BIO_should_write(c_bio))
1376 c_w=1;
1377 }
1378 else
1379 {
1380 fprintf(stderr,"ERROR in CLIENT\n");
1381 ERR_print_errors(bio_err);
1382 goto err;
1383 }
1384 }
1385 else if (i == 0)
1386 {
1387 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1388 goto err;
1389 }
1390 else
1391 {
1392 if (debug)
1393 printf("client read %d\n",i);
1394 cr_num-=i;
1395 if (sw_num > 0)
1396 {
1397 s_write=1;
1398 s_w=1;
1399 }
1400 if (cr_num <= 0)
1401 {
1402 s_write=1;
1403 s_w=1;
1404 done=S_DONE|C_DONE;
1405 }
1406 }
1407 }
1408 }
1409
1410 if (do_server && !(done & S_DONE))
1411 {
1412 if (!s_write)
1413 {
1414 i=BIO_read(s_bio,sbuf,sizeof(cbuf));
1415 if (i < 0)
1416 {
1417 s_r=0;
1418 s_w=0;
1419 if (BIO_should_retry(s_bio))
1420 {
1421 if (BIO_should_read(s_bio))
1422 s_r=1;
1423 if (BIO_should_write(s_bio))
1424 s_w=1;
1425 }
1426 else
1427 {
1428 fprintf(stderr,"ERROR in SERVER\n");
1429 ERR_print_errors(bio_err);
1430 goto err;
1431 }
1432 }
1433 else if (i == 0)
1434 {
1435 ERR_print_errors(bio_err);
1436 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
1437 goto err;
1438 }
1439 else
1440 {
1441 if (debug)
1442 printf("server read %d\n",i);
1443 sr_num-=i;
1444 if (cw_num > 0)
1445 {
1446 c_write=1;
1447 c_w=1;
1448 }
1449 if (sr_num <= 0)
1450 {
1451 s_write=1;
1452 s_w=1;
1453 c_write=0;
1454 }
1455 }
1456 }
1457 else
1458 {
1459 j=(sw_num > (long)sizeof(sbuf))?
1460 sizeof(sbuf):(int)sw_num;
1461 i=BIO_write(s_bio,sbuf,j);
1462 if (i < 0)
1463 {
1464 s_r=0;
1465 s_w=0;
1466 if (BIO_should_retry(s_bio))
1467 {
1468 if (BIO_should_read(s_bio))
1469 s_r=1;
1470 if (BIO_should_write(s_bio))
1471 s_w=1;
1472 }
1473 else
1474 {
1475 fprintf(stderr,"ERROR in SERVER\n");
1476 ERR_print_errors(bio_err);
1477 goto err;
1478 }
1479 }
1480 else if (i == 0)
1481 {
1482 ERR_print_errors(bio_err);
1483 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
1484 goto err;
1485 }
1486 else
1487 {
1488 if (debug)
1489 printf("server wrote %d\n",i);
1490 sw_num-=i;
1491 s_write=0;
1492 c_r=1;
1493 if (sw_num <= 0)
1494 done|=S_DONE;
1495 }
1496 }
1497 }
1498
1499 if ((done & S_DONE) && (done & C_DONE)) break;
1500 }
1501
1502 if (verbose)
1503 print_details(c_ssl, "DONE: ");
1504 ret=0;
1505err:
1506 /* We have to set the BIO's to NULL otherwise they will be
1507 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
1508 * again when c_ssl is SSL_free()ed.
1509 * This is a hack required because s_ssl and c_ssl are sharing the same
1510 * BIO structure and SSL_set_bio() and SSL_free() automatically
1511 * BIO_free non NULL entries.
1512 * You should not normally do this or be required to do this */
1513 if (s_ssl != NULL)
1514 {
1515 s_ssl->rbio=NULL;
1516 s_ssl->wbio=NULL;
1517 }
1518 if (c_ssl != NULL)
1519 {
1520 c_ssl->rbio=NULL;
1521 c_ssl->wbio=NULL;
1522 }
1523
1524 if (c_to_s != NULL) BIO_free(c_to_s);
1525 if (s_to_c != NULL) BIO_free(s_to_c);
1526 if (c_bio != NULL) BIO_free_all(c_bio);
1527 if (s_bio != NULL) BIO_free_all(s_bio);
1528 return(ret);
1529 }
1530
1531static int get_proxy_auth_ex_data_idx(void)
1532 {
1533 static volatile int idx = -1;
1534 if (idx < 0)
1535 {
1536 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1537 if (idx < 0)
1538 {
1539 idx = X509_STORE_CTX_get_ex_new_index(0,
1540 "SSLtest for verify callback", NULL,NULL,NULL);
1541 }
1542 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1543 }
1544 return idx;
1545 }
1546
1547static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1548 {
1549 char *s,buf[256];
1550
1551 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
1552 sizeof buf);
1553 if (s != NULL)
1554 {
1555 if (ok)
1556 fprintf(stderr,"depth=%d %s\n",
1557 ctx->error_depth,buf);
1558 else
1559 {
1560 fprintf(stderr,"depth=%d error=%d %s\n",
1561 ctx->error_depth,ctx->error,buf);
1562 }
1563 }
1564
1565 if (ok == 0)
1566 {
1567 fprintf(stderr,"Error string: %s\n",
1568 X509_verify_cert_error_string(ctx->error));
1569 switch (ctx->error)
1570 {
1571 case X509_V_ERR_CERT_NOT_YET_VALID:
1572 case X509_V_ERR_CERT_HAS_EXPIRED:
1573 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1574 fprintf(stderr," ... ignored.\n");
1575 ok=1;
1576 }
1577 }
1578
1579 if (ok == 1)
1580 {
1581 X509 *xs = ctx->current_cert;
1582#if 0
1583 X509 *xi = ctx->current_issuer;
1584#endif
1585
1586 if (xs->ex_flags & EXFLAG_PROXY)
1587 {
1588 unsigned int *letters =
1589 X509_STORE_CTX_get_ex_data(ctx,
1590 get_proxy_auth_ex_data_idx());
1591
1592 if (letters)
1593 {
1594 int found_any = 0;
1595 int i;
1596 PROXY_CERT_INFO_EXTENSION *pci =
1597 X509_get_ext_d2i(xs, NID_proxyCertInfo,
1598 NULL, NULL);
1599
1600 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
1601 {
1602 case NID_Independent:
1603 /* Completely meaningless in this
1604 program, as there's no way to
1605 grant explicit rights to a
1606 specific PrC. Basically, using
1607 id-ppl-Independent is the perfect
1608 way to grant no rights at all. */
1609 fprintf(stderr, " Independent proxy certificate");
1610 for (i = 0; i < 26; i++)
1611 letters[i] = 0;
1612 break;
1613 case NID_id_ppl_inheritAll:
1614 /* This is basically a NOP, we
1615 simply let the current rights
1616 stand as they are. */
1617 fprintf(stderr, " Proxy certificate inherits all");
1618 break;
1619 default:
1620 s = (char *)
1621 pci->proxyPolicy->policy->data;
1622 i = pci->proxyPolicy->policy->length;
1623
1624 /* The algorithm works as follows:
1625 it is assumed that previous
1626 iterations or the initial granted
1627 rights has already set some elements
1628 of `letters'. What we need to do is
1629 to clear those that weren't granted
1630 by the current PrC as well. The
1631 easiest way to do this is to add 1
1632 to all the elements whose letters
1633 are given with the current policy.
1634 That way, all elements that are set
1635 by the current policy and were
1636 already set by earlier policies and
1637 through the original grant of rights
1638 will get the value 2 or higher.
1639 The last thing to do is to sweep
1640 through `letters' and keep the
1641 elements having the value 2 as set,
1642 and clear all the others. */
1643
1644 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1645 while(i-- > 0)
1646 {
1647 char c = *s++;
1648 if (isascii(c) && isalpha(c))
1649 {
1650 if (islower(c))
1651 c = toupper(c);
1652 letters[c - 'A']++;
1653 }
1654 }
1655 for (i = 0; i < 26; i++)
1656 if (letters[i] < 2)
1657 letters[i] = 0;
1658 else
1659 letters[i] = 1;
1660 }
1661
1662 found_any = 0;
1663 fprintf(stderr,
1664 ", resulting proxy rights = ");
1665 for(i = 0; i < 26; i++)
1666 if (letters[i])
1667 {
1668 fprintf(stderr, "%c", i + 'A');
1669 found_any = 1;
1670 }
1671 if (!found_any)
1672 fprintf(stderr, "none");
1673 fprintf(stderr, "\n");
1674
1675 PROXY_CERT_INFO_EXTENSION_free(pci);
1676 }
1677 }
1678 }
1679
1680 return(ok);
1681 }
1682
1683static void process_proxy_debug(int indent, const char *format, ...)
1684 {
1685 static const char indentation[] =
1686 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1687 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1688 char my_format[256];
1689 va_list args;
1690
1691 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
1692 indent, indent, indentation, format);
1693
1694 va_start(args, format);
1695 vfprintf(stderr, my_format, args);
1696 va_end(args);
1697 }
1698/* Priority levels:
1699 0 [!]var, ()
1700 1 & ^
1701 2 |
1702*/
1703static int process_proxy_cond_adders(unsigned int letters[26],
1704 const char *cond, const char **cond_end, int *pos, int indent);
1705static int process_proxy_cond_val(unsigned int letters[26],
1706 const char *cond, const char **cond_end, int *pos, int indent)
1707 {
1708 char c;
1709 int ok = 1;
1710 int negate = 0;
1711
1712 while(isspace(*cond))
1713 {
1714 cond++; (*pos)++;
1715 }
1716 c = *cond;
1717
1718 if (debug)
1719 process_proxy_debug(indent,
1720 "Start process_proxy_cond_val at position %d: %s\n",
1721 *pos, cond);
1722
1723 while(c == '!')
1724 {
1725 negate = !negate;
1726 cond++; (*pos)++;
1727 while(isspace(*cond))
1728 {
1729 cond++; (*pos)++;
1730 }
1731 c = *cond;
1732 }
1733
1734 if (c == '(')
1735 {
1736 cond++; (*pos)++;
1737 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
1738 indent + 1);
1739 cond = *cond_end;
1740 if (ok < 0)
1741 goto end;
1742 while(isspace(*cond))
1743 {
1744 cond++; (*pos)++;
1745 }
1746 c = *cond;
1747 if (c != ')')
1748 {
1749 fprintf(stderr,
1750 "Weird condition character in position %d: "
1751 "%c\n", *pos, c);
1752 ok = -1;
1753 goto end;
1754 }
1755 cond++; (*pos)++;
1756 }
1757 else if (isascii(c) && isalpha(c))
1758 {
1759 if (islower(c))
1760 c = toupper(c);
1761 ok = letters[c - 'A'];
1762 cond++; (*pos)++;
1763 }
1764 else
1765 {
1766 fprintf(stderr,
1767 "Weird condition character in position %d: "
1768 "%c\n", *pos, c);
1769 ok = -1;
1770 goto end;
1771 }
1772 end:
1773 *cond_end = cond;
1774 if (ok >= 0 && negate)
1775 ok = !ok;
1776
1777 if (debug)
1778 process_proxy_debug(indent,
1779 "End process_proxy_cond_val at position %d: %s, returning %d\n",
1780 *pos, cond, ok);
1781
1782 return ok;
1783 }
1784static int process_proxy_cond_multipliers(unsigned int letters[26],
1785 const char *cond, const char **cond_end, int *pos, int indent)
1786 {
1787 int ok;
1788 char c;
1789
1790 if (debug)
1791 process_proxy_debug(indent,
1792 "Start process_proxy_cond_multipliers at position %d: %s\n",
1793 *pos, cond);
1794
1795 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
1796 cond = *cond_end;
1797 if (ok < 0)
1798 goto end;
1799
1800 while(ok >= 0)
1801 {
1802 while(isspace(*cond))
1803 {
1804 cond++; (*pos)++;
1805 }
1806 c = *cond;
1807
1808 switch(c)
1809 {
1810 case '&':
1811 case '^':
1812 {
1813 int save_ok = ok;
1814
1815 cond++; (*pos)++;
1816 ok = process_proxy_cond_val(letters,
1817 cond, cond_end, pos, indent + 1);
1818 cond = *cond_end;
1819 if (ok < 0)
1820 break;
1821
1822 switch(c)
1823 {
1824 case '&':
1825 ok &= save_ok;
1826 break;
1827 case '^':
1828 ok ^= save_ok;
1829 break;
1830 default:
1831 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1832 " STOPPING\n");
1833 EXIT(1);
1834 }
1835 }
1836 break;
1837 default:
1838 goto end;
1839 }
1840 }
1841 end:
1842 if (debug)
1843 process_proxy_debug(indent,
1844 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
1845 *pos, cond, ok);
1846
1847 *cond_end = cond;
1848 return ok;
1849 }
1850static int process_proxy_cond_adders(unsigned int letters[26],
1851 const char *cond, const char **cond_end, int *pos, int indent)
1852 {
1853 int ok;
1854 char c;
1855
1856 if (debug)
1857 process_proxy_debug(indent,
1858 "Start process_proxy_cond_adders at position %d: %s\n",
1859 *pos, cond);
1860
1861 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
1862 indent + 1);
1863 cond = *cond_end;
1864 if (ok < 0)
1865 goto end;
1866
1867 while(ok >= 0)
1868 {
1869 while(isspace(*cond))
1870 {
1871 cond++; (*pos)++;
1872 }
1873 c = *cond;
1874
1875 switch(c)
1876 {
1877 case '|':
1878 {
1879 int save_ok = ok;
1880
1881 cond++; (*pos)++;
1882 ok = process_proxy_cond_multipliers(letters,
1883 cond, cond_end, pos, indent + 1);
1884 cond = *cond_end;
1885 if (ok < 0)
1886 break;
1887
1888 switch(c)
1889 {
1890 case '|':
1891 ok |= save_ok;
1892 break;
1893 default:
1894 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1895 " STOPPING\n");
1896 EXIT(1);
1897 }
1898 }
1899 break;
1900 default:
1901 goto end;
1902 }
1903 }
1904 end:
1905 if (debug)
1906 process_proxy_debug(indent,
1907 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
1908 *pos, cond, ok);
1909
1910 *cond_end = cond;
1911 return ok;
1912 }
1913
1914static int process_proxy_cond(unsigned int letters[26],
1915 const char *cond, const char **cond_end)
1916 {
1917 int pos = 1;
1918 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
1919 }
1920
1921static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1922 {
1923 int ok=1;
1924 struct app_verify_arg *cb_arg = arg;
1925 unsigned int letters[26]; /* only used with proxy_auth */
1926
1927 if (cb_arg->app_verify)
1928 {
1929 char *s = NULL,buf[256];
1930
1931 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1932 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1933 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1934 (void *)ctx, (void *)ctx->cert);
1935 if (ctx->cert)
1936 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
1937 if (s != NULL)
1938 {
1939 fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
1940 }
1941 return(1);
1942 }
1943 if (cb_arg->proxy_auth)
1944 {
1945 int found_any = 0, i;
1946 char *sp;
1947
1948 for(i = 0; i < 26; i++)
1949 letters[i] = 0;
1950 for(sp = cb_arg->proxy_auth; *sp; sp++)
1951 {
1952 char c = *sp;
1953 if (isascii(c) && isalpha(c))
1954 {
1955 if (islower(c))
1956 c = toupper(c);
1957 letters[c - 'A'] = 1;
1958 }
1959 }
1960
1961 fprintf(stderr,
1962 " Initial proxy rights = ");
1963 for(i = 0; i < 26; i++)
1964 if (letters[i])
1965 {
1966 fprintf(stderr, "%c", i + 'A');
1967 found_any = 1;
1968 }
1969 if (!found_any)
1970 fprintf(stderr, "none");
1971 fprintf(stderr, "\n");
1972
1973 X509_STORE_CTX_set_ex_data(ctx,
1974 get_proxy_auth_ex_data_idx(),letters);
1975 }
1976 if (cb_arg->allow_proxy_certs)
1977 {
1978 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
1979 }
1980
1981#ifndef OPENSSL_NO_X509_VERIFY
1982 ok = X509_verify_cert(ctx);
1983#endif
1984
1985 if (cb_arg->proxy_auth)
1986 {
1987 if (ok)
1988 {
1989 const char *cond_end = NULL;
1990
1991 ok = process_proxy_cond(letters,
1992 cb_arg->proxy_cond, &cond_end);
1993
1994 if (ok < 0)
1995 EXIT(3);
1996 if (*cond_end)
1997 {
1998 fprintf(stderr, "Stopped processing condition before it's end.\n");
1999 ok = 0;
2000 }
2001 if (!ok)
2002 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
2003 cb_arg->proxy_cond);
2004 else
2005 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
2006 cb_arg->proxy_cond);
2007 }
2008 }
2009 return(ok);
2010 }
2011
2012#ifndef OPENSSL_NO_RSA
2013static RSA *rsa_tmp=NULL;
2014
2015static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2016 {
2017 if (rsa_tmp == NULL)
2018 {
2019 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2020 (void)BIO_flush(bio_err);
2021 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
2022 BIO_printf(bio_err,"\n");
2023 (void)BIO_flush(bio_err);
2024 }
2025 return(rsa_tmp);
2026 }
2027
2028static void free_tmp_rsa(void)
2029 {
2030 if (rsa_tmp != NULL)
2031 {
2032 RSA_free(rsa_tmp);
2033 rsa_tmp = NULL;
2034 }
2035 }
2036#endif
2037
2038#ifndef OPENSSL_NO_DH
2039/* These DH parameters have been generated as follows:
2040 * $ openssl dhparam -C -noout 512
2041 * $ openssl dhparam -C -noout 1024
2042 * $ openssl dhparam -C -noout -dsaparam 1024
2043 * (The third function has been renamed to avoid name conflicts.)
2044 */
2045static DH *get_dh512()
2046 {
2047 static unsigned char dh512_p[]={
2048 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
2049 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
2050 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
2051 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
2052 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
2053 0x02,0xC5,0xAE,0x23,
2054 };
2055 static unsigned char dh512_g[]={
2056 0x02,
2057 };
2058 DH *dh;
2059
2060 if ((dh=DH_new()) == NULL) return(NULL);
2061 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
2062 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
2063 if ((dh->p == NULL) || (dh->g == NULL))
2064 { DH_free(dh); return(NULL); }
2065 return(dh);
2066 }
2067
2068static DH *get_dh1024()
2069 {
2070 static unsigned char dh1024_p[]={
2071 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
2072 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
2073 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
2074 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
2075 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
2076 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
2077 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
2078 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
2079 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
2080 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
2081 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
2082 };
2083 static unsigned char dh1024_g[]={
2084 0x02,
2085 };
2086 DH *dh;
2087
2088 if ((dh=DH_new()) == NULL) return(NULL);
2089 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
2090 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
2091 if ((dh->p == NULL) || (dh->g == NULL))
2092 { DH_free(dh); return(NULL); }
2093 return(dh);
2094 }
2095
2096static DH *get_dh1024dsa()
2097 {
2098 static unsigned char dh1024_p[]={
2099 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
2100 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
2101 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
2102 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
2103 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
2104 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
2105 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
2106 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
2107 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
2108 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
2109 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
2110 };
2111 static unsigned char dh1024_g[]={
2112 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
2113 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
2114 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
2115 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
2116 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
2117 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
2118 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
2119 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
2120 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
2121 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
2122 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
2123 };
2124 DH *dh;
2125
2126 if ((dh=DH_new()) == NULL) return(NULL);
2127 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
2128 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
2129 if ((dh->p == NULL) || (dh->g == NULL))
2130 { DH_free(dh); return(NULL); }
2131 dh->length = 160;
2132 return(dh);
2133 }
2134#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 06:41:23 +0000