1 files changed, 257 insertions, 26 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index 2ef8a50785..1afdfa7750 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -55,6 +55,65 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#define _XOPEN_SOURCE 600       /* Or gethostname won't be declared properly
+                                   on Linux and GNU platforms. */
+#define _XOPEN_SOURCE_EXTENDED  1 /* Or gethostname won't be declared properly
+                                   on Compaq platforms (at least with DEC C).
+                                */
 #include <assert.h>
 #include <errno.h>
@@ -64,20 +123,24 @@
 #include <string.h>
 #include <time.h>
-#include "openssl/e_os.h"
+#include "e_os.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/ssl.h>
+#include <openssl/engine.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
+#include <winsock.h>
 #include "../crypto/bio/bss_file.c"
+#else
+#include OPENSSL_UNISTD
 #endif
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
 #  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
 #else
@@ -85,12 +148,21 @@
 #  define TEST_CLIENT_CERT "../apps/client.pem"
 #endif
+/* There is really no standard for this, so let's assign some tentative
+   numbers.  In any case, these numbers are only for this test */
+#define COMP_RLE        1
+#define COMP_ZLIB       2
 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
 static void free_tmp_rsa(void);
 #endif
-#ifndef NO_DH
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK "Test Callback Argument"
+static char *app_verify_arg = APP_CALLBACK;
+#ifndef OPENSSL_NO_DH
 static DH *get_dh512(void);
 static DH *get_dh1024(void);
 static DH *get_dh1024dsa(void);
@@ -124,18 +196,18 @@ static void sv_usage(void)
        fprintf(stderr," -reuse        - use session-id reuse\n");
        fprintf(stderr," -num <val>    - number of connections to perform\n");
        fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
        fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
        fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
        fprintf(stderr," -no_dhe       - disable DHE\n");
 #endif
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
        fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
        fprintf(stderr," -ssl3         - use SSLv3\n");
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
        fprintf(stderr," -tls1         - use TLSv1\n");
 #endif
        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
@@ -148,6 +220,8 @@ static void sv_usage(void)
        fprintf(stderr," -bio_pair     - Use BIO pairs\n");
        fprintf(stderr," -f            - Test even cases that can't work\n");
        fprintf(stderr," -time         - measure processor time used by client and server\n");
+        fprintf(stderr," -zlib         - use zlib compression\n");
+        fprintf(stderr," -time         - use rle compression\n");
        }
 static void print_details(SSL *c_ssl, const char *prefix)
@@ -169,7 +243,7 @@ static void print_details(SSL *c_ssl, const char *prefix)
                        {
                        if (0) 
                                ;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
                        else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
                                && pkey->pkey.rsa->n != NULL)
                                {
@@ -177,7 +251,7 @@ static void print_details(SSL *c_ssl, const char *prefix)
                                        BN_num_bits(pkey->pkey.rsa->n));
                                }
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
                        else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
                                && pkey->pkey.dsa->p != NULL)
                                {
@@ -194,6 +268,69 @@ static void print_details(SSL *c_ssl, const char *prefix)
        BIO_printf(bio_stdout,"\n");
        }
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+        {
+        static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+        const char *errstr = NULL;
+        int rw;
+        
+        rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+        if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+                {
+                errstr = "invalid mode";
+                goto err;
+                }
+        if (type < 0 || type > CRYPTO_NUM_LOCKS)
+                {
+                errstr = "type out of bounds";
+                goto err;
+                }
+        if (mode & CRYPTO_LOCK)
+                {
+                if (modes[type])
+                        {
+                        errstr = "already locked";
+                        /* must not happen in a single-threaded program
+                         * (would deadlock) */
+                        goto err;
+                        }
+                modes[type] = rw;
+                }
+        else if (mode & CRYPTO_UNLOCK)
+                {
+                if (!modes[type])
+                        {
+                        errstr = "not locked";
+                        goto err;
+                        }
+                
+                if (modes[type] != rw)
+                        {
+                        errstr = (rw == CRYPTO_READ) ?
+                                "CRYPTO_r_unlock on write lock" :
+                                "CRYPTO_w_unlock on read lock";
+                        }
+                modes[type] = 0;
+                }
+        else
+                {
+                errstr = "invalid mode";
+                goto err;
+                }
+ err:
+        if (errstr)
+                {
+                /* we cannot use bio_err here */
+                fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+                        errstr, mode, type, file, line);
+                }
+        }
 int main(int argc, char *argv[])
        {
        char *CApath=NULL,*CAfile=NULL;
@@ -203,6 +340,7 @@ int main(int argc, char *argv[])
        int tls1=0,ssl2=0,ssl3=0,ret=1;
        int client_auth=0;
        int server_auth=0,i;
+        int app_verify=0;
        char *server_cert=TEST_SERVER_CERT;
        char *server_key=NULL;
        char *client_cert=TEST_CLIENT_CERT;
@@ -213,18 +351,33 @@ int main(int argc, char *argv[])
        SSL *c_ssl,*s_ssl;
        int number=1,reuse=0;
        long bytes=1L;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
        DH *dh;
        int dhe1024 = 0, dhe1024dsa = 0;
 #endif
        int no_dhe = 0;
        int print_time = 0;
        clock_t s_time = 0, c_time = 0;
+        int comp = 0;
+        COMP_METHOD *cm = NULL;
        verbose = 0;
        debug = 0;
        cipher = 0;
        
+        CRYPTO_set_locking_callback(lock_dbg_cb);
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
        RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -247,7 +400,7 @@ int main(int argc, char *argv[])
                        debug=1;
                else if (strcmp(*argv,"-reuse") == 0)
                        reuse=1;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
                else if (strcmp(*argv,"-dhe1024") == 0)
                        dhe1024=1;
                else if (strcmp(*argv,"-dhe1024dsa") == 0)
@@ -333,6 +486,18 @@ int main(int argc, char *argv[])
                        {
                        print_time = 1;
                        }
+                else if (strcmp(*argv,"-zlib") == 0)
+                        {
+                        comp = COMP_ZLIB;
+                        }
+                else if (strcmp(*argv,"-rle") == 0)
+                        {
+                        comp = COMP_RLE;
+                        }
+                else if (strcmp(*argv,"-app_verify") == 0)
+                        {
+                        app_verify = 1;
+                        }
                else
                        {
                        fprintf(stderr,"unknown option %s\n",*argv);
@@ -374,7 +539,24 @@ bad:
        SSL_library_init();
        SSL_load_error_strings();
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+        if (comp == COMP_ZLIB) cm = COMP_zlib();
+        if (comp == COMP_RLE) cm = COMP_rle();
+        if (cm != NULL)
+                {
+                if (cm->type != NID_undef)
+                        SSL_COMP_add_compression_method(comp, cm);
+                else
+                        {
+                        fprintf(stderr,
+                                "Warning: %s compression not supported\n",
+                                (comp == COMP_RLE ? "rle" :
+                                        (comp == COMP_ZLIB ? "zlib" :
+                                                "unknown")));
+                        ERR_print_errors_fp(stderr);
+                        }
+                }
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        if (ssl2)
                meth=SSLv2_method();
        else 
@@ -386,7 +568,7 @@ bad:
        else
                meth=SSLv23_method();
 #else
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
        meth=SSLv3_method();
 #else
        meth=SSLv2_method();
@@ -407,7 +589,7 @@ bad:
                SSL_CTX_set_cipher_list(s_ctx,cipher);
                }
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
        if (!no_dhe)
                {
                if (dhe1024dsa)
@@ -427,7 +609,7 @@ bad:
        (void)no_dhe;
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
        SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif
@@ -467,12 +649,20 @@ bad:
                SSL_CTX_set_verify(s_ctx,
                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
                        verify_callback);
+                if (app_verify) 
+                        {
+                        SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+                        }
                }
        if (server_auth)
                {
                BIO_printf(bio_err,"server authentication\n");
                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
                        verify_callback);
+                if (app_verify) 
+                        {
+                        SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+                        }
                }
        
        {
@@ -483,6 +673,19 @@ bad:
        c_ssl=SSL_new(c_ctx);
        s_ssl=SSL_new(s_ctx);
+#ifndef OPENSSL_NO_KRB5
+        if (c_ssl  &&  c_ssl->kssl_ctx)
+                {
+                char    localhost[257];
+                if (gethostname(localhost, 256) == 0)
+                        {
+                        kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+                                localhost);
+                        }
+                }
+#endif    /* OPENSSL_NO_KRB5  */
        for (i=0; i<number; i++)
                {
                if (!reuse) SSL_set_session(c_ssl,NULL);
@@ -529,9 +732,11 @@ end:
        if (bio_stdout != NULL) BIO_free(bio_stdout);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
        free_tmp_rsa();
 #endif
+        ENGINE_cleanup();
+        CRYPTO_cleanup_all_ex_data();
        ERR_free_strings();
        ERR_remove_state(0);
        EVP_cleanup();
@@ -848,10 +1053,10 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
                                        if (num > 1)
                                                --num; /* test restartability even more thoroughly */
                                        
-                                        r = BIO_nwrite(io1, &dataptr, (int)num);
+                                        r = BIO_nwrite0(io1, &dataptr);
                                        assert(r > 0);
-                                        assert(r <= (int)num);
+                                        if (r < (int)num)
-                                        num = r;
+                                                num = r;
                                        r = BIO_read(io2, dataptr, (int)num);
                                        if (r != (int)num) /* can't happen */
                                                {
@@ -860,6 +1065,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
                                                goto err;
                                                }
                                        progress = 1;
+                                        r = BIO_nwrite(io1, &dataptr, (int)num);
+                                        if (r != (int)num) /* can't happen */
+                                                {
+                                                fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
+                                                        "BIO_nwrite0() bytes");
+                                                goto err;
+                                                }
                                        
                                        if (debug)
                                                printf((io2 == client_io) ?
@@ -1245,7 +1457,26 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
        return(ok);
        }
-#ifndef NO_RSA
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+        {
+        char *s = NULL,buf[256];
+        int ok=1;
+        fprintf(stderr, "In app_verify_callback, allowing cert. ");
+        fprintf(stderr, "Arg is: %s\n", (char *)arg);
+        fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
+                        (unsigned int)ctx, (unsigned int)ctx->cert);
+        if (ctx->cert)
+                s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
+        if (s != NULL)
+                {
+                        fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
+                }
+        return(ok);
+        }
+#ifndef OPENSSL_NO_RSA
 static RSA *rsa_tmp=NULL;
 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
@@ -1271,14 +1502,14 @@ static void free_tmp_rsa(void)
        }
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 /* These DH parameters have been generated as follows:
 *    $ openssl dhparam -C -noout 512
 *    $ openssl dhparam -C -noout 1024
 *    $ openssl dhparam -C -noout -dsaparam 1024
 * (The third function has been renamed to avoid name conflicts.)
 */
-DH *get_dh512()
+static DH *get_dh512()
        {
        static unsigned char dh512_p[]={
                0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
@@ -1301,7 +1532,7 @@ DH *get_dh512()
        return(dh);
        }
-DH *get_dh1024()
+static DH *get_dh1024()
        {
        static unsigned char dh1024_p[]={
                0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
@@ -1329,7 +1560,7 @@ DH *get_dh1024()
        return(dh);
        }
-DH *get_dh1024dsa()
+static DH *get_dh1024dsa()
        {
        static unsigned char dh1024_p[]={
                0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,

diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c index 2ef8a50785..1afdfa7750 100644 --- a/src/lib/libssl/src/ssl/ssltest.c +++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -55,6 +55,65 @@
55	* copied and put under another distribution licence	55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]	56	* [including the GNU Public Licence.]
57	*/	57	*/
		58	/* ====================================================================
		59	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
		60	*
		61	* Redistribution and use in source and binary forms, with or without
		62	* modification, are permitted provided that the following conditions
		63	* are met:
		64	*
		65	* 1. Redistributions of source code must retain the above copyright
		66	* notice, this list of conditions and the following disclaimer.
		67	*
		68	* 2. Redistributions in binary form must reproduce the above copyright
		69	* notice, this list of conditions and the following disclaimer in
		70	* the documentation and/or other materials provided with the
		71	* distribution.
		72	*
		73	* 3. All advertising materials mentioning features or use of this
		74	* software must display the following acknowledgment:
		75	* "This product includes software developed by the OpenSSL Project
		76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
		77	*
		78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
		79	* endorse or promote products derived from this software without
		80	* prior written permission. For written permission, please contact
		81	* openssl-core@openssl.org.
		82	*
		83	* 5. Products derived from this software may not be called "OpenSSL"
		84	* nor may "OpenSSL" appear in their names without prior written
		85	* permission of the OpenSSL Project.
		86	*
		87	* 6. Redistributions of any form whatsoever must retain the following
		88	* acknowledgment:
		89	* "This product includes software developed by the OpenSSL Project
		90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
		91	*
		92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
		93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
		94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
		95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
		96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
		97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
		98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
		99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
		100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
		101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
		102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
		103	* OF THE POSSIBILITY OF SUCH DAMAGE.
		104	* ====================================================================
		105	*
		106	* This product includes cryptographic software written by Eric Young
		107	* (eay@cryptsoft.com). This product includes software written by Tim
		108	* Hudson (tjh@cryptsoft.com).
		109	*
		110	*/
		111
		112	#define _XOPEN_SOURCE 600 /* Or gethostname won't be declared properly
		113	on Linux and GNU platforms. */
		114	#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
		115	on Compaq platforms (at least with DEC C).
		116	*/
58		117
59	#include <assert.h>	118	#include <assert.h>
60	#include <errno.h>	119	#include <errno.h>
@@ -64,20 +123,24 @@
64	#include <string.h>	123	#include <string.h>
65	#include <time.h>	124	#include <time.h>
66		125
67	#include "openssl/e_os.h"	126	#include "e_os.h"
68		127
69	#include <openssl/bio.h>	128	#include <openssl/bio.h>
70	#include <openssl/crypto.h>	129	#include <openssl/crypto.h>
71	#include <openssl/evp.h>	130	#include <openssl/evp.h>
72	#include <openssl/x509.h>	131	#include <openssl/x509.h>
73	#include <openssl/ssl.h>	132	#include <openssl/ssl.h>
		133	#include <openssl/engine.h>
74	#include <openssl/err.h>	134	#include <openssl/err.h>
75	#include <openssl/rand.h>	135	#include <openssl/rand.h>
76	#ifdef WINDOWS	136	#ifdef OPENSSL_SYS_WINDOWS
		137	#include <winsock.h>
77	#include "../crypto/bio/bss_file.c"	138	#include "../crypto/bio/bss_file.c"
		139	#else
		140	#include OPENSSL_UNISTD
78	#endif	141	#endif
79		142
80	#ifdef VMS	143	#ifdef OPENSSL_SYS_VMS
81	# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"	144	# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
82	# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"	145	# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
83	#else	146	#else
@@ -85,12 +148,21 @@
85	# define TEST_CLIENT_CERT "../apps/client.pem"	148	# define TEST_CLIENT_CERT "../apps/client.pem"
86	#endif	149	#endif
87		150
		151	/* There is really no standard for this, so let's assign some tentative
		152	numbers. In any case, these numbers are only for this test */
		153	#define COMP_RLE 1
		154	#define COMP_ZLIB 2
		155
88	static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);	156	static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
89	#ifndef NO_RSA	157	#ifndef OPENSSL_NO_RSA
90	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export,int keylength);	158	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export,int keylength);
91	static void free_tmp_rsa(void);	159	static void free_tmp_rsa(void);
92	#endif	160	#endif
93	#ifndef NO_DH	161	static int MS_CALLBACK app_verify_callback(X509_STORE_CTX ctx, void arg);
		162	#define APP_CALLBACK "Test Callback Argument"
		163	static char *app_verify_arg = APP_CALLBACK;
		164
		165	#ifndef OPENSSL_NO_DH
94	static DH *get_dh512(void);	166	static DH *get_dh512(void);
95	static DH *get_dh1024(void);	167	static DH *get_dh1024(void);
96	static DH *get_dh1024dsa(void);	168	static DH *get_dh1024dsa(void);
@@ -124,18 +196,18 @@ static void sv_usage(void)
124	fprintf(stderr," -reuse - use session-id reuse\n");	196	fprintf(stderr," -reuse - use session-id reuse\n");
125	fprintf(stderr," -num <val> - number of connections to perform\n");	197	fprintf(stderr," -num <val> - number of connections to perform\n");
126	fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");	198	fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
127	#ifndef NO_DH	199	#ifndef OPENSSL_NO_DH
128	fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");	200	fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
129	fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");	201	fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
130	fprintf(stderr," -no_dhe - disable DHE\n");	202	fprintf(stderr," -no_dhe - disable DHE\n");
131	#endif	203	#endif
132	#ifndef NO_SSL2	204	#ifndef OPENSSL_NO_SSL2
133	fprintf(stderr," -ssl2 - use SSLv2\n");	205	fprintf(stderr," -ssl2 - use SSLv2\n");
134	#endif	206	#endif
135	#ifndef NO_SSL3	207	#ifndef OPENSSL_NO_SSL3
136	fprintf(stderr," -ssl3 - use SSLv3\n");	208	fprintf(stderr," -ssl3 - use SSLv3\n");
137	#endif	209	#endif
138	#ifndef NO_TLS1	210	#ifndef OPENSSL_NO_TLS1
139	fprintf(stderr," -tls1 - use TLSv1\n");	211	fprintf(stderr," -tls1 - use TLSv1\n");
140	#endif	212	#endif
141	fprintf(stderr," -CApath arg - PEM format directory of CA's\n");	213	fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
@@ -148,6 +220,8 @@ static void sv_usage(void)
148	fprintf(stderr," -bio_pair - Use BIO pairs\n");	220	fprintf(stderr," -bio_pair - Use BIO pairs\n");
149	fprintf(stderr," -f - Test even cases that can't work\n");	221	fprintf(stderr," -f - Test even cases that can't work\n");
150	fprintf(stderr," -time - measure processor time used by client and server\n");	222	fprintf(stderr," -time - measure processor time used by client and server\n");
		223	fprintf(stderr," -zlib - use zlib compression\n");
		224	fprintf(stderr," -time - use rle compression\n");
151	}	225	}
152		226
153	static void print_details(SSL c_ssl, const char prefix)	227	static void print_details(SSL c_ssl, const char prefix)
@@ -169,7 +243,7 @@ static void print_details(SSL c_ssl, const char prefix)
169	{	243	{
170	if (0)	244	if (0)
171	;	245	;
172	#ifndef NO_RSA	246	#ifndef OPENSSL_NO_RSA
173	else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL	247	else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
174	&& pkey->pkey.rsa->n != NULL)	248	&& pkey->pkey.rsa->n != NULL)
175	{	249	{
@@ -177,7 +251,7 @@ static void print_details(SSL c_ssl, const char prefix)
177	BN_num_bits(pkey->pkey.rsa->n));	251	BN_num_bits(pkey->pkey.rsa->n));
178	}	252	}
179	#endif	253	#endif
180	#ifndef NO_DSA	254	#ifndef OPENSSL_NO_DSA
181	else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL	255	else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
182	&& pkey->pkey.dsa->p != NULL)	256	&& pkey->pkey.dsa->p != NULL)
183	{	257	{
@@ -194,6 +268,69 @@ static void print_details(SSL c_ssl, const char prefix)
194	BIO_printf(bio_stdout,"\n");	268	BIO_printf(bio_stdout,"\n");
195	}	269	}
196		270
		271	static void lock_dbg_cb(int mode, int type, const char *file, int line)
		272	{
		273	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
		274	const char *errstr = NULL;
		275	int rw;
		276
		277	rw = mode & (CRYPTO_READ\|CRYPTO_WRITE);
		278	if (!((rw == CRYPTO_READ) \|\| (rw == CRYPTO_WRITE)))
		279	{
		280	errstr = "invalid mode";
		281	goto err;
		282	}
		283
		284	if (type < 0 \|\| type > CRYPTO_NUM_LOCKS)
		285	{
		286	errstr = "type out of bounds";
		287	goto err;
		288	}
		289
		290	if (mode & CRYPTO_LOCK)
		291	{
		292	if (modes[type])
		293	{
		294	errstr = "already locked";
		295	/* must not happen in a single-threaded program
		296	* (would deadlock) */
		297	goto err;
		298	}
		299
		300	modes[type] = rw;
		301	}
		302	else if (mode & CRYPTO_UNLOCK)
		303	{
		304	if (!modes[type])
		305	{
		306	errstr = "not locked";
		307	goto err;
		308	}
		309
		310	if (modes[type] != rw)
		311	{
		312	errstr = (rw == CRYPTO_READ) ?
		313	"CRYPTO_r_unlock on write lock" :
		314	"CRYPTO_w_unlock on read lock";
		315	}
		316
		317	modes[type] = 0;
		318	}
		319	else
		320	{
		321	errstr = "invalid mode";
		322	goto err;
		323	}
		324
		325	err:
		326	if (errstr)
		327	{
		328	/* we cannot use bio_err here */
		329	fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
		330	errstr, mode, type, file, line);
		331	}
		332	}
		333
197	int main(int argc, char *argv[])	334	int main(int argc, char *argv[])
198	{	335	{
199	char CApath=NULL,CAfile=NULL;	336	char CApath=NULL,CAfile=NULL;
@@ -203,6 +340,7 @@ int main(int argc, char *argv[])
203	int tls1=0,ssl2=0,ssl3=0,ret=1;	340	int tls1=0,ssl2=0,ssl3=0,ret=1;
204	int client_auth=0;	341	int client_auth=0;
205	int server_auth=0,i;	342	int server_auth=0,i;
		343	int app_verify=0;
206	char *server_cert=TEST_SERVER_CERT;	344	char *server_cert=TEST_SERVER_CERT;
207	char *server_key=NULL;	345	char *server_key=NULL;
208	char *client_cert=TEST_CLIENT_CERT;	346	char *client_cert=TEST_CLIENT_CERT;
@@ -213,18 +351,33 @@ int main(int argc, char *argv[])
213	SSL c_ssl,s_ssl;	351	SSL c_ssl,s_ssl;
214	int number=1,reuse=0;	352	int number=1,reuse=0;
215	long bytes=1L;	353	long bytes=1L;
216	#ifndef NO_DH	354	#ifndef OPENSSL_NO_DH
217	DH *dh;	355	DH *dh;
218	int dhe1024 = 0, dhe1024dsa = 0;	356	int dhe1024 = 0, dhe1024dsa = 0;
219	#endif	357	#endif
220	int no_dhe = 0;	358	int no_dhe = 0;
221	int print_time = 0;	359	int print_time = 0;
222	clock_t s_time = 0, c_time = 0;	360	clock_t s_time = 0, c_time = 0;
		361	int comp = 0;
		362	COMP_METHOD *cm = NULL;
223		363
224	verbose = 0;	364	verbose = 0;
225	debug = 0;	365	debug = 0;
226	cipher = 0;	366	cipher = 0;
227		367
		368	CRYPTO_set_locking_callback(lock_dbg_cb);
		369
		370	/* enable memory leak checking unless explicitly disabled */
		371	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
		372	{
		373	CRYPTO_malloc_debug_init();
		374	CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
		375	}
		376	else
		377	{
		378	/* OPENSSL_DEBUG_MEMORY=off */
		379	CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
		380	}
228	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);	381	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
229		382
230	RAND_seed(rnd_seed, sizeof rnd_seed);	383	RAND_seed(rnd_seed, sizeof rnd_seed);
@@ -247,7 +400,7 @@ int main(int argc, char *argv[])
247	debug=1;	400	debug=1;
248	else if (strcmp(*argv,"-reuse") == 0)	401	else if (strcmp(*argv,"-reuse") == 0)
249	reuse=1;	402	reuse=1;
250	#ifndef NO_DH	403	#ifndef OPENSSL_NO_DH
251	else if (strcmp(*argv,"-dhe1024") == 0)	404	else if (strcmp(*argv,"-dhe1024") == 0)
252	dhe1024=1;	405	dhe1024=1;
253	else if (strcmp(*argv,"-dhe1024dsa") == 0)	406	else if (strcmp(*argv,"-dhe1024dsa") == 0)
@@ -333,6 +486,18 @@ int main(int argc, char *argv[])
333	{	486	{
334	print_time = 1;	487	print_time = 1;
335	}	488	}
		489	else if (strcmp(*argv,"-zlib") == 0)
		490	{
		491	comp = COMP_ZLIB;
		492	}
		493	else if (strcmp(*argv,"-rle") == 0)
		494	{
		495	comp = COMP_RLE;
		496	}
		497	else if (strcmp(*argv,"-app_verify") == 0)
		498	{
		499	app_verify = 1;
		500	}
336	else	501	else
337	{	502	{
338	fprintf(stderr,"unknown option %s\n",*argv);	503	fprintf(stderr,"unknown option %s\n",*argv);
@@ -374,7 +539,24 @@ bad:
374	SSL_library_init();	539	SSL_library_init();
375	SSL_load_error_strings();	540	SSL_load_error_strings();
376		541
377	#if !defined(NO_SSL2) && !defined(NO_SSL3)	542	if (comp == COMP_ZLIB) cm = COMP_zlib();
		543	if (comp == COMP_RLE) cm = COMP_rle();
		544	if (cm != NULL)
		545	{
		546	if (cm->type != NID_undef)
		547	SSL_COMP_add_compression_method(comp, cm);
		548	else
		549	{
		550	fprintf(stderr,
		551	"Warning: %s compression not supported\n",
		552	(comp == COMP_RLE ? "rle" :
		553	(comp == COMP_ZLIB ? "zlib" :
		554	"unknown")));
		555	ERR_print_errors_fp(stderr);
		556	}
		557	}
		558
		559	#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
378	if (ssl2)	560	if (ssl2)
379	meth=SSLv2_method();	561	meth=SSLv2_method();
380	else	562	else
@@ -386,7 +568,7 @@ bad:
386	else	568	else
387	meth=SSLv23_method();	569	meth=SSLv23_method();
388	#else	570	#else
389	#ifdef NO_SSL2	571	#ifdef OPENSSL_NO_SSL2
390	meth=SSLv3_method();	572	meth=SSLv3_method();
391	#else	573	#else
392	meth=SSLv2_method();	574	meth=SSLv2_method();
@@ -407,7 +589,7 @@ bad:
407	SSL_CTX_set_cipher_list(s_ctx,cipher);	589	SSL_CTX_set_cipher_list(s_ctx,cipher);
408	}	590	}
409		591
410	#ifndef NO_DH	592	#ifndef OPENSSL_NO_DH
411	if (!no_dhe)	593	if (!no_dhe)
412	{	594	{
413	if (dhe1024dsa)	595	if (dhe1024dsa)
@@ -427,7 +609,7 @@ bad:
427	(void)no_dhe;	609	(void)no_dhe;
428	#endif	610	#endif
429		611
430	#ifndef NO_RSA	612	#ifndef OPENSSL_NO_RSA
431	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);	613	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
432	#endif	614	#endif
433		615
@@ -467,12 +649,20 @@ bad:
467	SSL_CTX_set_verify(s_ctx,	649	SSL_CTX_set_verify(s_ctx,
468	SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,	650	SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
469	verify_callback);	651	verify_callback);
		652	if (app_verify)
		653	{
		654	SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
		655	}
470	}	656	}
471	if (server_auth)	657	if (server_auth)
472	{	658	{
473	BIO_printf(bio_err,"server authentication\n");	659	BIO_printf(bio_err,"server authentication\n");
474	SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,	660	SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
475	verify_callback);	661	verify_callback);
		662	if (app_verify)
		663	{
		664	SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
		665	}
476	}	666	}
477		667
478	{	668	{
@@ -483,6 +673,19 @@ bad:
483	c_ssl=SSL_new(c_ctx);	673	c_ssl=SSL_new(c_ctx);
484	s_ssl=SSL_new(s_ctx);	674	s_ssl=SSL_new(s_ctx);
485		675
		676	#ifndef OPENSSL_NO_KRB5
		677	if (c_ssl && c_ssl->kssl_ctx)
		678	{
		679	char localhost[257];
		680
		681	if (gethostname(localhost, 256) == 0)
		682	{
		683	kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
		684	localhost);
		685	}
		686	}
		687	#endif /* OPENSSL_NO_KRB5 */
		688
486	for (i=0; i<number; i++)	689	for (i=0; i<number; i++)
487	{	690	{
488	if (!reuse) SSL_set_session(c_ssl,NULL);	691	if (!reuse) SSL_set_session(c_ssl,NULL);
@@ -529,9 +732,11 @@ end:
529		732
530	if (bio_stdout != NULL) BIO_free(bio_stdout);	733	if (bio_stdout != NULL) BIO_free(bio_stdout);
531		734
532	#ifndef NO_RSA	735	#ifndef OPENSSL_NO_RSA
533	free_tmp_rsa();	736	free_tmp_rsa();
534	#endif	737	#endif
		738	ENGINE_cleanup();
		739	CRYPTO_cleanup_all_ex_data();
535	ERR_free_strings();	740	ERR_free_strings();
536	ERR_remove_state(0);	741	ERR_remove_state(0);
537	EVP_cleanup();	742	EVP_cleanup();
@@ -848,10 +1053,10 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count,
848	if (num > 1)	1053	if (num > 1)
849	--num; /* test restartability even more thoroughly */	1054	--num; /* test restartability even more thoroughly */
850		1055
851	r = BIO_nwrite(io1, &dataptr, (int)num);	1056	r = BIO_nwrite0(io1, &dataptr);
852	assert(r > 0);	1057	assert(r > 0);
853	assert(r <= (int)num);	1058	if (r < (int)num)
854	num = r;	1059	num = r;
855	r = BIO_read(io2, dataptr, (int)num);	1060	r = BIO_read(io2, dataptr, (int)num);
856	if (r != (int)num) /* can't happen */	1061	if (r != (int)num) /* can't happen */
857	{	1062	{
@@ -860,6 +1065,13 @@ int doit_biopair(SSL s_ssl, SSL c_ssl, long count,
860	goto err;	1065	goto err;
861	}	1066	}
862	progress = 1;	1067	progress = 1;
		1068	r = BIO_nwrite(io1, &dataptr, (int)num);
		1069	if (r != (int)num) /* can't happen */
		1070	{
		1071	fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
		1072	"BIO_nwrite0() bytes");
		1073	goto err;
		1074	}
863		1075
864	if (debug)	1076	if (debug)
865	printf((io2 == client_io) ?	1077	printf((io2 == client_io) ?
@@ -1245,7 +1457,26 @@ static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
1245	return(ok);	1457	return(ok);
1246	}	1458	}
1247		1459
1248	#ifndef NO_RSA	1460	static int MS_CALLBACK app_verify_callback(X509_STORE_CTX ctx, void arg)
		1461	{
		1462	char *s = NULL,buf[256];
		1463	int ok=1;
		1464
		1465	fprintf(stderr, "In app_verify_callback, allowing cert. ");
		1466	fprintf(stderr, "Arg is: %s\n", (char *)arg);
		1467	fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
		1468	(unsigned int)ctx, (unsigned int)ctx->cert);
		1469	if (ctx->cert)
		1470	s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
		1471	if (s != NULL)
		1472	{
		1473	fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
		1474	}
		1475
		1476	return(ok);
		1477	}
		1478
		1479	#ifndef OPENSSL_NO_RSA
1249	static RSA *rsa_tmp=NULL;	1480	static RSA *rsa_tmp=NULL;
1250		1481
1251	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength)	1482	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength)
@@ -1271,14 +1502,14 @@ static void free_tmp_rsa(void)
1271	}	1502	}
1272	#endif	1503	#endif
1273		1504
1274	#ifndef NO_DH	1505	#ifndef OPENSSL_NO_DH
1275	/* These DH parameters have been generated as follows:	1506	/* These DH parameters have been generated as follows:
1276	* $ openssl dhparam -C -noout 512	1507	* $ openssl dhparam -C -noout 512
1277	* $ openssl dhparam -C -noout 1024	1508	* $ openssl dhparam -C -noout 1024
1278	* $ openssl dhparam -C -noout -dsaparam 1024	1509	* $ openssl dhparam -C -noout -dsaparam 1024
1279	* (The third function has been renamed to avoid name conflicts.)	1510	* (The third function has been renamed to avoid name conflicts.)
1280	*/	1511	*/
1281	DH *get_dh512()	1512	static DH *get_dh512()
1282	{	1513	{
1283	static unsigned char dh512_p[]={	1514	static unsigned char dh512_p[]={
1284	0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,	1515	0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
@@ -1301,7 +1532,7 @@ DH *get_dh512()
1301	return(dh);	1532	return(dh);
1302	}	1533	}
1303		1534
1304	DH *get_dh1024()	1535	static DH *get_dh1024()
1305	{	1536	{
1306	static unsigned char dh1024_p[]={	1537	static unsigned char dh1024_p[]={
1307	0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,	1538	0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
@@ -1329,7 +1560,7 @@ DH *get_dh1024()
1329	return(dh);	1560	return(dh);
1330	}	1561	}
1331		1562
1332	DH *get_dh1024dsa()	1563	static DH *get_dh1024dsa()
1333	{	1564	{
1334	static unsigned char dh1024_p[]={	1565	static unsigned char dh1024_p[]={
1335	0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,	1566	0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,