1 files changed, 751 insertions, 0 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
new file mode 100644
index 0000000000..f9dca4e3ef
--- /dev/null
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -0,0 +1,751 @@
+/* ssl/ssltest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "e_os.h"
+#include "bio.h"
+#include "crypto.h"
+#include "x509.h"
+#include "ssl.h"
+#include "err.h"
+#ifdef WINDOWS
+#include "../crypto/bio/bss_file.c"
+#endif
+#define TEST_SERVER_CERT "../apps/server.pem"
+#define TEST_CLIENT_CERT "../apps/client.pem"
+#ifndef NOPROTO
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+#ifndef NO_DSA
+static DH *get_dh512(void);
+#endif
+#else
+int MS_CALLBACK verify_callback();
+static RSA MS_CALLBACK *tmp_rsa_cb();
+#ifndef NO_DSA
+static DH *get_dh512();
+#endif
+#endif
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+static char *cipher=NULL;
+int verbose=0;
+int debug=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+#ifndef  NOPROTO
+int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
+#else
+int doit();
+#endif
+static void sv_usage()
+        {
+        fprintf(stderr,"usage: ssltest [args ...]\n");
+        fprintf(stderr,"\n");
+        fprintf(stderr," -server_auth  - check server certificate\n");
+        fprintf(stderr," -client_auth  - do client authentication\n");
+        fprintf(stderr," -v            - more output\n");
+        fprintf(stderr," -d            - debug output\n");
+        fprintf(stderr," -reuse        - use session-id reuse\n");
+        fprintf(stderr," -num <val>    - number of connections to perform\n");
+        fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
+#ifndef NO_SSL2
+        fprintf(stderr," -ssl2         - use SSLv2\n");
+#endif
+#ifndef NO_SSL3
+        fprintf(stderr," -ssl3         - use SSLv3\n");
+#endif
+#ifndef NO_TLS1
+        fprintf(stderr," -tls1         - use TLSv1\n");
+#endif
+        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+        fprintf(stderr," -cert arg     - Certificate file\n");
+        fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
+        fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
+        fprintf(stderr," -cipher arg   - The cipher list\n");
+        }
+int main(argc, argv)
+int argc;
+char *argv[];
+        {
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int tls1=0,ssl2=0,ssl3=0,ret=1;
+        int client_auth=0;
+        int server_auth=0,i;
+        char *server_cert=TEST_SERVER_CERT;
+        char *client_cert=TEST_CLIENT_CERT;
+        SSL_CTX *s_ctx=NULL;
+        SSL_CTX *c_ctx=NULL;
+        SSL_METHOD *meth=NULL;
+        SSL *c_ssl,*s_ssl;
+        int number=1,reuse=0;
+        long bytes=1L;
+        SSL_CIPHER *ciph;
+#ifndef NO_DH
+        DH *dh;
+#endif
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-server_auth") == 0)
+                        server_auth=1;
+                else if (strcmp(*argv,"-client_auth") == 0)
+                        client_auth=1;
+                else if (strcmp(*argv,"-v") == 0)
+                        verbose=1;
+                else if (strcmp(*argv,"-d") == 0)
+                        debug=1;
+                else if (strcmp(*argv,"-reuse") == 0)
+                        reuse=1;
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        ssl2=1;
+                else if (strcmp(*argv,"-tls1") == 0)
+                        tls1=1;
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        ssl3=1;
+                else if (strncmp(*argv,"-num",4) == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        number= atoi(*(++argv));
+                        if (number == 0) number=1;
+                        }
+                else if (strcmp(*argv,"-bytes") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        bytes= atol(*(++argv));
+                        if (bytes == 0L) bytes=1L;
+                        i=strlen(argv[0]);
+                        if (argv[0][i-1] == 'k') bytes*=1024L;
+                        if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        server_cert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-s_cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        server_cert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-c_cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        client_cert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cipher") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        cipher= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+/*      if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
+        SSLeay_add_ssl_algorithms();
+        SSL_load_error_strings();
+#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        if (ssl2)
+                meth=SSLv2_method();
+        else 
+        if (tls1)
+                meth=TLSv1_method();
+        else
+        if (ssl3)
+                meth=SSLv3_method();
+        else
+                meth=SSLv23_method();
+#else
+#ifdef NO_SSL2
+        meth=SSLv3_method();
+#else
+        meth=SSLv2_method();
+#endif
+#endif
+        c_ctx=SSL_CTX_new(meth);
+        s_ctx=SSL_CTX_new(meth);
+        if ((c_ctx == NULL) || (s_ctx == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (cipher != NULL)
+                {
+                SSL_CTX_set_cipher_list(c_ctx,cipher);
+                SSL_CTX_set_cipher_list(s_ctx,cipher);
+                }
+#ifndef NO_DH
+        dh=get_dh512();
+        SSL_CTX_set_tmp_dh(s_ctx,dh);
+        DH_free(dh);
+#endif
+#ifndef NO_RSA
+        SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
+#endif
+        if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                }
+        else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
+                SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (client_auth)
+                {
+                SSL_CTX_use_certificate_file(c_ctx,client_cert,
+                        SSL_FILETYPE_PEM);
+                SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
+                        SSL_FILETYPE_PEM);
+                }
+        if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+                (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(c_ctx)))
+                {
+                /* fprintf(stderr,"SSL_load_verify_locations\n"); */
+                ERR_print_errors(bio_err);
+                /* goto end; */
+                }
+        if (client_auth)
+                {
+                fprintf(stderr,"client authentication\n");
+                SSL_CTX_set_verify(s_ctx,
+                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        verify_callback);
+                }
+        if (server_auth)
+                {
+                fprintf(stderr,"server authentication\n");
+                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+                        verify_callback);
+                }
+        c_ssl=SSL_new(c_ctx);
+        s_ssl=SSL_new(s_ctx);
+        for (i=0; i<number; i++)
+                {
+                if (!reuse) SSL_set_session(c_ssl,NULL);
+                ret=doit(s_ssl,c_ssl,bytes);
+                }
+        if (!verbose)
+                {
+                ciph=SSL_get_current_cipher(c_ssl);
+                fprintf(stdout,"Protocol %s, cipher %s, %s\n",
+                        SSL_get_version(c_ssl),
+                        SSL_CIPHER_get_version(ciph),
+                        SSL_CIPHER_get_name(ciph));
+                }
+        if ((number > 1) || (bytes > 1L))
+                printf("%d handshakes of %ld bytes done\n",number,bytes);
+        SSL_free(s_ssl);
+        SSL_free(c_ssl);
+end:
+        if (s_ctx != NULL) SSL_CTX_free(s_ctx);
+        if (c_ctx != NULL) SSL_CTX_free(c_ctx);
+        if (bio_stdout != NULL) BIO_free(bio_stdout);
+        ERR_remove_state(0);
+        EVP_cleanup();
+        CRYPTO_mem_leaks(bio_err);
+        EXIT(ret);
+        }
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+int doit(s_ssl,c_ssl,count)
+SSL *s_ssl,*c_ssl;
+long count;
+        {
+        MS_STATIC char cbuf[1024*8],sbuf[1024*8];
+        long cw_num=count,cr_num=count;
+        long sw_num=count,sr_num=count;
+        int ret=1;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int c_r,c_w,s_r,s_w;
+        int c_want,s_want;
+        int i,j;
+        int done=0;
+        int c_write,s_write;
+        int do_server=0,do_client=0;
+        SSL_CIPHER *ciph;
+        c_to_s=BIO_new(BIO_s_mem());
+        s_to_c=BIO_new(BIO_s_mem());
+        if ((s_to_c == NULL) || (c_to_s == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto err;
+                }
+        SSL_set_connect_state(c_ssl);
+        SSL_set_bio(c_ssl,s_to_c,c_to_s);
+        BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
+        c_r=0; s_r=1;
+        c_w=1; s_w=0;
+        c_want=W_WRITE;
+        s_want=0;
+        c_write=1,s_write=0;
+        /* We can always do writes */
+        for (;;)
+                {
+                do_server=0;
+                do_client=0;
+                i=(int)BIO_pending(s_bio);
+                if ((i && s_r) || s_w) do_server=1;
+                i=(int)BIO_pending(c_bio);
+                if ((i && c_r) || c_w) do_client=1;
+                if (do_server && debug)
+                        {
+                        if (SSL_in_init(s_ssl))
+                                printf("server waiting in SSL_accept - %s\n",
+                                        SSL_state_string_long(s_ssl));
+/*                      else if (s_write)
+                                printf("server:SSL_write()\n");
+                        else
+                                printf("server:SSL_read()\n"); */
+                        }
+                if (do_client && debug)
+                        {
+                        if (SSL_in_init(c_ssl))
+                                printf("client waiting in SSL_connect - %s\n",
+                                        SSL_state_string_long(c_ssl));
+/*                      else if (c_write)
+                                printf("client:SSL_write()\n");
+                        else
+                                printf("client:SSL_read()\n"); */
+                        }
+                if (!do_client && !do_server)
+                        {
+                        fprintf(stdout,"ERROR IN STARTUP\n");
+                        ERR_print_errors(bio_err);
+                        break;
+                        }
+                if (do_client && !(done & C_DONE))
+                        {
+                        if (c_write)
+                                {
+                                j=(cw_num > (long)sizeof(cbuf))
+                                        ?sizeof(cbuf):(int)cw_num;
+                                i=BIO_write(c_bio,cbuf,j);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("client wrote %d\n",i);
+                                        /* ok */
+                                        s_r=1;
+                                        c_write=0;
+                                        cw_num-=i;
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_read(c_bio,cbuf,sizeof(cbuf));
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("client read %d\n",i);
+                                        cr_num-=i;
+                                        if (sw_num > 0)
+                                                {
+                                                s_write=1;
+                                                s_w=1;
+                                                }
+                                        if (cr_num <= 0)
+                                                {
+                                                s_write=1;
+                                                s_w=1;
+                                                done=S_DONE|C_DONE;
+                                                }
+                                        }
+                                }
+                        }
+                if (do_server && !(done & S_DONE))
+                        {
+                        if (!s_write)
+                                {
+                                i=BIO_read(s_bio,sbuf,sizeof(cbuf));
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        ERR_print_errors(bio_err);
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("server read %d\n",i);
+                                        sr_num-=i;
+                                        if (cw_num > 0)
+                                                {
+                                                c_write=1;
+                                                c_w=1;
+                                                }
+                                        if (sr_num <= 0)
+                                                {
+                                                s_write=1;
+                                                s_w=1;
+                                                c_write=0;
+                                                }
+                                        }
+                                }
+                        else
+                                {
+                                j=(sw_num > (long)sizeof(sbuf))?
+                                        sizeof(sbuf):(int)sw_num;
+                                i=BIO_write(s_bio,sbuf,j);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors(bio_err);
+                                                goto err;
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        ERR_print_errors(bio_err);
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
+                                        goto err;
+                                        }
+                                else
+                                        {
+                                        if (debug)
+                                                printf("server wrote %d\n",i);
+                                        sw_num-=i;
+                                        s_write=0;
+                                        c_r=1;
+                                        if (sw_num <= 0)
+                                                done|=S_DONE;
+                                        }
+                                }
+                        }
+                if ((done & S_DONE) && (done & C_DONE)) break;
+                }
+        ciph=SSL_get_current_cipher(c_ssl);
+        if (verbose)
+                fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n",
+                        SSL_get_version(c_ssl),
+                        SSL_CIPHER_get_version(ciph),
+                        SSL_CIPHER_get_name(ciph));
+        ret=0;
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * Free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+        if (s_ssl != NULL)
+                {
+                s_ssl->rbio=NULL;
+                s_ssl->wbio=NULL;
+                }
+        if (c_ssl != NULL)
+                {
+                c_ssl->rbio=NULL;
+                c_ssl->wbio=NULL;
+                }
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+        if (c_bio != NULL) BIO_free_all(c_bio);
+        if (s_bio != NULL) BIO_free_all(s_bio);
+        return(ret);
+        }
+int MS_CALLBACK verify_callback(ok, ctx)
+int ok;
+X509_STORE_CTX *ctx;
+        {
+        char *s,buf[256];
+        s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+        if (s != NULL)
+                {
+                if (ok)
+                        fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf);
+                else
+                        fprintf(stderr,"depth=%d error=%d %s\n",
+                                ctx->error_depth,ctx->error,buf);
+                }
+        if (ok == 0)
+                {
+                switch (ctx->error)
+                        {
+                case X509_V_ERR_CERT_NOT_YET_VALID:
+                case X509_V_ERR_CERT_HAS_EXPIRED:
+                case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+                        ok=1;
+                        }
+                }
+        return(ok);
+        }
+#ifndef NO_DH
+static unsigned char dh512_p[]={
+        0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+        0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+        0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+        0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+        0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+        0x47,0x74,0xE8,0x33,
+        };
+static unsigned char dh512_g[]={
+        0x02,
+        };
+static DH *get_dh512()
+        {
+        DH *dh=NULL;
+        if ((dh=DH_new()) == NULL) return(NULL);
+        dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+        dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+        if ((dh->p == NULL) || (dh->g == NULL))
+                return(NULL);
+        return(dh);
+        }
+#endif
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+SSL *s;
+int export;
+        {
+        static RSA *rsa_tmp=NULL;
+        if (rsa_tmp == NULL)
+                {
+                BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+                BIO_flush(bio_err);
+#ifndef NO_RSA
+                rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+#endif
+                BIO_printf(bio_err,"\n");
+                BIO_flush(bio_err);
+                }
+        return(rsa_tmp);
+        }

diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c new file mode 100644 index 0000000000..f9dca4e3ef --- /dev/null +++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -0,0 +1,751 @@
	1	/* ssl/ssltest.c */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58
	59	#include <stdio.h>
	60	#include <stdlib.h>
	61	#include <string.h>
	62	#include <errno.h>
	63	#include "e_os.h"
	64	#include "bio.h"
	65	#include "crypto.h"
	66	#include "x509.h"
	67	#include "ssl.h"
	68	#include "err.h"
	69	#ifdef WINDOWS
	70	#include "../crypto/bio/bss_file.c"
	71	#endif
	72
	73	#define TEST_SERVER_CERT "../apps/server.pem"
	74	#define TEST_CLIENT_CERT "../apps/client.pem"
	75
	76	#ifndef NOPROTO
	77	int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
	78	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int export);
	79	#ifndef NO_DSA
	80	static DH *get_dh512(void);
	81	#endif
	82	#else
	83	int MS_CALLBACK verify_callback();
	84	static RSA MS_CALLBACK *tmp_rsa_cb();
	85	#ifndef NO_DSA
	86	static DH *get_dh512();
	87	#endif
	88	#endif
	89
	90	BIO *bio_err=NULL;
	91	BIO *bio_stdout=NULL;
	92
	93	static char *cipher=NULL;
	94	int verbose=0;
	95	int debug=0;
	96	#ifdef FIONBIO
	97	static int s_nbio=0;
	98	#endif
	99
	100
	101	#ifndef NOPROTO
	102	int doit(SSL s_ssl,SSL c_ssl,long bytes);
	103	#else
	104	int doit();
	105	#endif
	106
	107	static void sv_usage()
	108	{
	109	fprintf(stderr,"usage: ssltest [args ...]\n");
	110	fprintf(stderr,"\n");
	111	fprintf(stderr," -server_auth - check server certificate\n");
	112	fprintf(stderr," -client_auth - do client authentication\n");
	113	fprintf(stderr," -v - more output\n");
	114	fprintf(stderr," -d - debug output\n");
	115	fprintf(stderr," -reuse - use session-id reuse\n");
	116	fprintf(stderr," -num <val> - number of connections to perform\n");
	117	fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
	118	#ifndef NO_SSL2
	119	fprintf(stderr," -ssl2 - use SSLv2\n");
	120	#endif
	121	#ifndef NO_SSL3
	122	fprintf(stderr," -ssl3 - use SSLv3\n");
	123	#endif
	124	#ifndef NO_TLS1
	125	fprintf(stderr," -tls1 - use TLSv1\n");
	126	#endif
	127	fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
	128	fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
	129	fprintf(stderr," -cert arg - Certificate file\n");
	130	fprintf(stderr," -s_cert arg - Just the server certificate file\n");
	131	fprintf(stderr," -c_cert arg - Just the client certificate file\n");
	132	fprintf(stderr," -cipher arg - The cipher list\n");
	133	}
	134
	135	int main(argc, argv)
	136	int argc;
	137	char *argv[];
	138	{
	139	char CApath=NULL,CAfile=NULL;
	140	int badop=0;
	141	int tls1=0,ssl2=0,ssl3=0,ret=1;
	142	int client_auth=0;
	143	int server_auth=0,i;
	144	char *server_cert=TEST_SERVER_CERT;
	145	char *client_cert=TEST_CLIENT_CERT;
	146	SSL_CTX *s_ctx=NULL;
	147	SSL_CTX *c_ctx=NULL;
	148	SSL_METHOD *meth=NULL;
	149	SSL c_ssl,s_ssl;
	150	int number=1,reuse=0;
	151	long bytes=1L;
	152	SSL_CIPHER *ciph;
	153	#ifndef NO_DH
	154	DH *dh;
	155	#endif
	156
	157	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
	158	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
	159
	160	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
	161
	162	argc--;
	163	argv++;
	164
	165	while (argc >= 1)
	166	{
	167	if (strcmp(*argv,"-server_auth") == 0)
	168	server_auth=1;
	169	else if (strcmp(*argv,"-client_auth") == 0)
	170	client_auth=1;
	171	else if (strcmp(*argv,"-v") == 0)
	172	verbose=1;
	173	else if (strcmp(*argv,"-d") == 0)
	174	debug=1;
	175	else if (strcmp(*argv,"-reuse") == 0)
	176	reuse=1;
	177	else if (strcmp(*argv,"-ssl2") == 0)
	178	ssl2=1;
	179	else if (strcmp(*argv,"-tls1") == 0)
	180	tls1=1;
	181	else if (strcmp(*argv,"-ssl3") == 0)
	182	ssl3=1;
	183	else if (strncmp(*argv,"-num",4) == 0)
	184	{
	185	if (--argc < 1) goto bad;
	186	number= atoi(*(++argv));
	187	if (number == 0) number=1;
	188	}
	189	else if (strcmp(*argv,"-bytes") == 0)
	190	{
	191	if (--argc < 1) goto bad;
	192	bytes= atol(*(++argv));
	193	if (bytes == 0L) bytes=1L;
	194	i=strlen(argv[0]);
	195	if (argv[0][i-1] == 'k') bytes*=1024L;
	196	if (argv[0][i-1] == 'm') bytes=1024L1024L;
	197	}
	198	else if (strcmp(*argv,"-cert") == 0)
	199	{
	200	if (--argc < 1) goto bad;
	201	server_cert= *(++argv);
	202	}
	203	else if (strcmp(*argv,"-s_cert") == 0)
	204	{
	205	if (--argc < 1) goto bad;
	206	server_cert= *(++argv);
	207	}
	208	else if (strcmp(*argv,"-c_cert") == 0)
	209	{
	210	if (--argc < 1) goto bad;
	211	client_cert= *(++argv);
	212	}
	213	else if (strcmp(*argv,"-cipher") == 0)
	214	{
	215	if (--argc < 1) goto bad;
	216	cipher= *(++argv);
	217	}
	218	else if (strcmp(*argv,"-CApath") == 0)
	219	{
	220	if (--argc < 1) goto bad;
	221	CApath= *(++argv);
	222	}
	223	else if (strcmp(*argv,"-CAfile") == 0)
	224	{
	225	if (--argc < 1) goto bad;
	226	CAfile= *(++argv);
	227	}
	228	else
	229	{
	230	fprintf(stderr,"unknown option %s\n",*argv);
	231	badop=1;
	232	break;
	233	}
	234	argc--;
	235	argv++;
	236	}
	237	if (badop)
	238	{
	239	bad:
	240	sv_usage();
	241	goto end;
	242	}
	243
	244	/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
	245
	246	SSLeay_add_ssl_algorithms();
	247	SSL_load_error_strings();
	248
	249	#if !defined(NO_SSL2) && !defined(NO_SSL3)
	250	if (ssl2)
	251	meth=SSLv2_method();
	252	else
	253	if (tls1)
	254	meth=TLSv1_method();
	255	else
	256	if (ssl3)
	257	meth=SSLv3_method();
	258	else
	259	meth=SSLv23_method();
	260	#else
	261	#ifdef NO_SSL2
	262	meth=SSLv3_method();
	263	#else
	264	meth=SSLv2_method();
	265	#endif
	266	#endif
	267
	268	c_ctx=SSL_CTX_new(meth);
	269	s_ctx=SSL_CTX_new(meth);
	270	if ((c_ctx == NULL) \|\| (s_ctx == NULL))
	271	{
	272	ERR_print_errors(bio_err);
	273	goto end;
	274	}
	275
	276	if (cipher != NULL)
	277	{
	278	SSL_CTX_set_cipher_list(c_ctx,cipher);
	279	SSL_CTX_set_cipher_list(s_ctx,cipher);
	280	}
	281
	282	#ifndef NO_DH
	283	dh=get_dh512();
	284	SSL_CTX_set_tmp_dh(s_ctx,dh);
	285	DH_free(dh);
	286	#endif
	287
	288	#ifndef NO_RSA
	289	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
	290	#endif
	291
	292	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
	293	{
	294	ERR_print_errors(bio_err);
	295	}
	296	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
	297	SSL_FILETYPE_PEM))
	298	{
	299	ERR_print_errors(bio_err);
	300	goto end;
	301	}
	302
	303	if (client_auth)
	304	{
	305	SSL_CTX_use_certificate_file(c_ctx,client_cert,
	306	SSL_FILETYPE_PEM);
	307	SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
	308	SSL_FILETYPE_PEM);
	309	}
	310
	311	if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) \|\|
	312	(!SSL_CTX_set_default_verify_paths(s_ctx)) \|\|
	313	(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) \|\|
	314	(!SSL_CTX_set_default_verify_paths(c_ctx)))
	315	{
	316	/* fprintf(stderr,"SSL_load_verify_locations\n"); */
	317	ERR_print_errors(bio_err);
	318	/* goto end; */
	319	}
	320
	321	if (client_auth)
	322	{
	323	fprintf(stderr,"client authentication\n");
	324	SSL_CTX_set_verify(s_ctx,
	325	SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
	326	verify_callback);
	327	}
	328	if (server_auth)
	329	{
	330	fprintf(stderr,"server authentication\n");
	331	SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
	332	verify_callback);
	333	}
	334
	335	c_ssl=SSL_new(c_ctx);
	336	s_ssl=SSL_new(s_ctx);
	337
	338	for (i=0; i<number; i++)
	339	{
	340	if (!reuse) SSL_set_session(c_ssl,NULL);
	341	ret=doit(s_ssl,c_ssl,bytes);
	342	}
	343
	344	if (!verbose)
	345	{
	346	ciph=SSL_get_current_cipher(c_ssl);
	347	fprintf(stdout,"Protocol %s, cipher %s, %s\n",
	348	SSL_get_version(c_ssl),
	349	SSL_CIPHER_get_version(ciph),
	350	SSL_CIPHER_get_name(ciph));
	351	}
	352	if ((number > 1) \|\| (bytes > 1L))
	353	printf("%d handshakes of %ld bytes done\n",number,bytes);
	354
	355	SSL_free(s_ssl);
	356	SSL_free(c_ssl);
	357
	358	end:
	359	if (s_ctx != NULL) SSL_CTX_free(s_ctx);
	360	if (c_ctx != NULL) SSL_CTX_free(c_ctx);
	361
	362	if (bio_stdout != NULL) BIO_free(bio_stdout);
	363
	364	ERR_remove_state(0);
	365	EVP_cleanup();
	366	CRYPTO_mem_leaks(bio_err);
	367	EXIT(ret);
	368	}
	369
	370	#define W_READ 1
	371	#define W_WRITE 2
	372	#define C_DONE 1
	373	#define S_DONE 2
	374
	375	int doit(s_ssl,c_ssl,count)
	376	SSL s_ssl,c_ssl;
	377	long count;
	378	{
	379	MS_STATIC char cbuf[10248],sbuf[10248];
	380	long cw_num=count,cr_num=count;
	381	long sw_num=count,sr_num=count;
	382	int ret=1;
	383	BIO *c_to_s=NULL;
	384	BIO *s_to_c=NULL;
	385	BIO *c_bio=NULL;
	386	BIO *s_bio=NULL;
	387	int c_r,c_w,s_r,s_w;
	388	int c_want,s_want;
	389	int i,j;
	390	int done=0;
	391	int c_write,s_write;
	392	int do_server=0,do_client=0;
	393	SSL_CIPHER *ciph;
	394
	395	c_to_s=BIO_new(BIO_s_mem());
	396	s_to_c=BIO_new(BIO_s_mem());
	397	if ((s_to_c == NULL) \|\| (c_to_s == NULL))
	398	{
	399	ERR_print_errors(bio_err);
	400	goto err;
	401	}
	402
	403	c_bio=BIO_new(BIO_f_ssl());
	404	s_bio=BIO_new(BIO_f_ssl());
	405	if ((c_bio == NULL) \|\| (s_bio == NULL))
	406	{
	407	ERR_print_errors(bio_err);
	408	goto err;
	409	}
	410
	411	SSL_set_connect_state(c_ssl);
	412	SSL_set_bio(c_ssl,s_to_c,c_to_s);
	413	BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
	414
	415	SSL_set_accept_state(s_ssl);
	416	SSL_set_bio(s_ssl,c_to_s,s_to_c);
	417	BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
	418
	419	c_r=0; s_r=1;
	420	c_w=1; s_w=0;
	421	c_want=W_WRITE;
	422	s_want=0;
	423	c_write=1,s_write=0;
	424
	425	/* We can always do writes */
	426	for (;;)
	427	{
	428	do_server=0;
	429	do_client=0;
	430
	431	i=(int)BIO_pending(s_bio);
	432	if ((i && s_r) \|\| s_w) do_server=1;
	433
	434	i=(int)BIO_pending(c_bio);
	435	if ((i && c_r) \|\| c_w) do_client=1;
	436
	437	if (do_server && debug)
	438	{
	439	if (SSL_in_init(s_ssl))
	440	printf("server waiting in SSL_accept - %s\n",
	441	SSL_state_string_long(s_ssl));
	442	/* else if (s_write)
	443	printf("server:SSL_write()\n");
	444	else
	445	printf("server:SSL_read()\n"); */
	446	}
	447
	448	if (do_client && debug)
	449	{
	450	if (SSL_in_init(c_ssl))
	451	printf("client waiting in SSL_connect - %s\n",
	452	SSL_state_string_long(c_ssl));
	453	/* else if (c_write)
	454	printf("client:SSL_write()\n");
	455	else
	456	printf("client:SSL_read()\n"); */
	457	}
	458
	459	if (!do_client && !do_server)
	460	{
	461	fprintf(stdout,"ERROR IN STARTUP\n");
	462	ERR_print_errors(bio_err);
	463	break;
	464	}
	465	if (do_client && !(done & C_DONE))
	466	{
	467	if (c_write)
	468	{
	469	j=(cw_num > (long)sizeof(cbuf))
	470	?sizeof(cbuf):(int)cw_num;
	471	i=BIO_write(c_bio,cbuf,j);
	472	if (i < 0)
	473	{
	474	c_r=0;
	475	c_w=0;
	476	if (BIO_should_retry(c_bio))
	477	{
	478	if (BIO_should_read(c_bio))
	479	c_r=1;
	480	if (BIO_should_write(c_bio))
	481	c_w=1;
	482	}
	483	else
	484	{
	485	fprintf(stderr,"ERROR in CLIENT\n");
	486	ERR_print_errors(bio_err);
	487	goto err;
	488	}
	489	}
	490	else if (i == 0)
	491	{
	492	fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
	493	goto err;
	494	}
	495	else
	496	{
	497	if (debug)
	498	printf("client wrote %d\n",i);
	499	/* ok */
	500	s_r=1;
	501	c_write=0;
	502	cw_num-=i;
	503	}
	504	}
	505	else
	506	{
	507	i=BIO_read(c_bio,cbuf,sizeof(cbuf));
	508	if (i < 0)
	509	{
	510	c_r=0;
	511	c_w=0;
	512	if (BIO_should_retry(c_bio))
	513	{
	514	if (BIO_should_read(c_bio))
	515	c_r=1;
	516	if (BIO_should_write(c_bio))
	517	c_w=1;
	518	}
	519	else
	520	{
	521	fprintf(stderr,"ERROR in CLIENT\n");
	522	ERR_print_errors(bio_err);
	523	goto err;
	524	}
	525	}
	526	else if (i == 0)
	527	{
	528	fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
	529	goto err;
	530	}
	531	else
	532	{
	533	if (debug)
	534	printf("client read %d\n",i);
	535	cr_num-=i;
	536	if (sw_num > 0)
	537	{
	538	s_write=1;
	539	s_w=1;
	540	}
	541	if (cr_num <= 0)
	542	{
	543	s_write=1;
	544	s_w=1;
	545	done=S_DONE\|C_DONE;
	546	}
	547	}
	548	}
	549	}
	550
	551	if (do_server && !(done & S_DONE))
	552	{
	553	if (!s_write)
	554	{
	555	i=BIO_read(s_bio,sbuf,sizeof(cbuf));
	556	if (i < 0)
	557	{
	558	s_r=0;
	559	s_w=0;
	560	if (BIO_should_retry(s_bio))
	561	{
	562	if (BIO_should_read(s_bio))
	563	s_r=1;
	564	if (BIO_should_write(s_bio))
	565	s_w=1;
	566	}
	567	else
	568	{
	569	fprintf(stderr,"ERROR in SERVER\n");
	570	ERR_print_errors(bio_err);
	571	goto err;
	572	}
	573	}
	574	else if (i == 0)
	575	{
	576	ERR_print_errors(bio_err);
	577	fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
	578	goto err;
	579	}
	580	else
	581	{
	582	if (debug)
	583	printf("server read %d\n",i);
	584	sr_num-=i;
	585	if (cw_num > 0)
	586	{
	587	c_write=1;
	588	c_w=1;
	589	}
	590	if (sr_num <= 0)
	591	{
	592	s_write=1;
	593	s_w=1;
	594	c_write=0;
	595	}
	596	}
	597	}
	598	else
	599	{
	600	j=(sw_num > (long)sizeof(sbuf))?
	601	sizeof(sbuf):(int)sw_num;
	602	i=BIO_write(s_bio,sbuf,j);
	603	if (i < 0)
	604	{
	605	s_r=0;
	606	s_w=0;
	607	if (BIO_should_retry(s_bio))
	608	{
	609	if (BIO_should_read(s_bio))
	610	s_r=1;
	611	if (BIO_should_write(s_bio))
	612	s_w=1;
	613	}
	614	else
	615	{
	616	fprintf(stderr,"ERROR in SERVER\n");
	617	ERR_print_errors(bio_err);
	618	goto err;
	619	}
	620	}
	621	else if (i == 0)
	622	{
	623	ERR_print_errors(bio_err);
	624	fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
	625	goto err;
	626	}
	627	else
	628	{
	629	if (debug)
	630	printf("server wrote %d\n",i);
	631	sw_num-=i;
	632	s_write=0;
	633	c_r=1;
	634	if (sw_num <= 0)
	635	done\|=S_DONE;
	636	}
	637	}
	638	}
	639
	640	if ((done & S_DONE) && (done & C_DONE)) break;
	641	}
	642
	643	ciph=SSL_get_current_cipher(c_ssl);
	644	if (verbose)
	645	fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n",
	646	SSL_get_version(c_ssl),
	647	SSL_CIPHER_get_version(ciph),
	648	SSL_CIPHER_get_name(ciph));
	649	ret=0;
	650	err:
	651	/* We have to set the BIO's to NULL otherwise they will be
	652	* Free()ed twice. Once when th s_ssl is SSL_free()ed and
	653	* again when c_ssl is SSL_free()ed.
	654	* This is a hack required because s_ssl and c_ssl are sharing the same
	655	* BIO structure and SSL_set_bio() and SSL_free() automatically
	656	* BIO_free non NULL entries.
	657	* You should not normally do this or be required to do this */
	658	if (s_ssl != NULL)
	659	{
	660	s_ssl->rbio=NULL;
	661	s_ssl->wbio=NULL;
	662	}
	663	if (c_ssl != NULL)
	664	{
	665	c_ssl->rbio=NULL;
	666	c_ssl->wbio=NULL;
	667	}
	668
	669	if (c_to_s != NULL) BIO_free(c_to_s);
	670	if (s_to_c != NULL) BIO_free(s_to_c);
	671	if (c_bio != NULL) BIO_free_all(c_bio);
	672	if (s_bio != NULL) BIO_free_all(s_bio);
	673	return(ret);
	674	}
	675
	676	int MS_CALLBACK verify_callback(ok, ctx)
	677	int ok;
	678	X509_STORE_CTX *ctx;
	679	{
	680	char *s,buf[256];
	681
	682	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
	683	if (s != NULL)
	684	{
	685	if (ok)
	686	fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf);
	687	else
	688	fprintf(stderr,"depth=%d error=%d %s\n",
	689	ctx->error_depth,ctx->error,buf);
	690	}
	691
	692	if (ok == 0)
	693	{
	694	switch (ctx->error)
	695	{
	696	case X509_V_ERR_CERT_NOT_YET_VALID:
	697	case X509_V_ERR_CERT_HAS_EXPIRED:
	698	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
	699	ok=1;
	700	}
	701	}
	702
	703	return(ok);
	704	}
	705
	706	#ifndef NO_DH
	707	static unsigned char dh512_p[]={
	708	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
	709	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
	710	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
	711	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
	712	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
	713	0x47,0x74,0xE8,0x33,
	714	};
	715	static unsigned char dh512_g[]={
	716	0x02,
	717	};
	718
	719	static DH *get_dh512()
	720	{
	721	DH *dh=NULL;
	722
	723	if ((dh=DH_new()) == NULL) return(NULL);
	724	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
	725	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
	726	if ((dh->p == NULL) \|\| (dh->g == NULL))
	727	return(NULL);
	728	return(dh);
	729	}
	730	#endif
	731
	732	static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
	733	SSL *s;
	734	int export;
	735	{
	736	static RSA *rsa_tmp=NULL;
	737
	738	if (rsa_tmp == NULL)
	739	{
	740	BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
	741	BIO_flush(bio_err);
	742	#ifndef NO_RSA
	743	rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
	744	#endif
	745	BIO_printf(bio_err,"\n");
	746	BIO_flush(bio_err);
	747	}
	748	return(rsa_tmp);
	749	}
	750
	751