summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libssl/src/ssl/ssltest.c2349
1 files changed, 1086 insertions, 1263 deletions
diff --git a/src/lib/libssl/src/ssl/ssltest.c b/src/lib/libssl/src/ssl/ssltest.c
index f1fdabad5f..269d171615 100644
--- a/src/lib/libssl/src/ssl/ssltest.c
+++ b/src/lib/libssl/src/ssl/ssltest.c
@@ -188,9 +188,9 @@
188#include <openssl/bn.h> 188#include <openssl/bn.h>
189 189
190#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly 190#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
191 on Compaq platforms (at least with DEC C). 191on Compaq platforms (at least with DEC C).
192 Do not try to put it earlier, or IPv6 includes 192Do not try to put it earlier, or IPv6 includes
193 get screwed... 193get screwed...
194 */ 194 */
195 195
196#include OPENSSL_UNISTD 196#include OPENSSL_UNISTD
@@ -205,19 +205,18 @@
205 205
206static int verify_callback(int ok, X509_STORE_CTX *ctx); 206static int verify_callback(int ok, X509_STORE_CTX *ctx);
207#ifndef OPENSSL_NO_RSA 207#ifndef OPENSSL_NO_RSA
208static RSA *tmp_rsa_cb(SSL *s, int is_export,int keylength); 208static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
209static void free_tmp_rsa(void); 209static void free_tmp_rsa(void);
210#endif 210#endif
211static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); 211static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
212#define APP_CALLBACK_STRING "Test Callback Argument" 212#define APP_CALLBACK_STRING "Test Callback Argument"
213struct app_verify_arg 213struct app_verify_arg {
214 {
215 char *string; 214 char *string;
216 int app_verify; 215 int app_verify;
217 int allow_proxy_certs; 216 int allow_proxy_certs;
218 char *proxy_auth; 217 char *proxy_auth;
219 char *proxy_cond; 218 char *proxy_cond;
220 }; 219};
221 220
222#ifndef OPENSSL_NO_DH 221#ifndef OPENSSL_NO_DH
223static DH *get_dh512(void); 222static DH *get_dh512(void);
@@ -226,288 +225,283 @@ static DH *get_dh1024dsa(void);
226#endif 225#endif
227 226
228 227
229static char *psk_key=NULL; /* by default PSK is not used */ 228static char *psk_key = NULL; /* by default PSK is not used */
230#ifndef OPENSSL_NO_PSK 229#ifndef OPENSSL_NO_PSK
231static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, 230static unsigned int psk_client_callback(SSL *ssl, const char *hint,
232 unsigned int max_identity_len, unsigned char *psk, 231 char *identity, unsigned int max_identity_len, unsigned char *psk,
233 unsigned int max_psk_len); 232 unsigned int max_psk_len);
234static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, 233static unsigned int psk_server_callback(SSL *ssl, const char *identity,
235 unsigned int max_psk_len); 234 unsigned char *psk, unsigned int max_psk_len);
236#endif 235#endif
237 236
238#ifndef OPENSSL_NO_SRP 237#ifndef OPENSSL_NO_SRP
239/* SRP client */ 238/* SRP client */
240/* This is a context that we pass to all callbacks */ 239/* This is a context that we pass to all callbacks */
241typedef struct srp_client_arg_st 240typedef struct srp_client_arg_st {
242 {
243 char *srppassin; 241 char *srppassin;
244 char *srplogin; 242 char *srplogin;
245 } SRP_CLIENT_ARG; 243} SRP_CLIENT_ARG;
246 244
247#define PWD_STRLEN 1024 245#define PWD_STRLEN 1024
248 246
249static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg) 247static char *
250 { 248ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
249{
251 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; 250 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
252 return BUF_strdup((char *)srp_client_arg->srppassin); 251 return BUF_strdup((char *)srp_client_arg->srppassin);
253 } 252}
254 253
255/* SRP server */ 254/* SRP server */
256/* This is a context that we pass to SRP server callbacks */ 255/* This is a context that we pass to SRP server callbacks */
257typedef struct srp_server_arg_st 256typedef struct srp_server_arg_st {
258 {
259 char *expected_user; 257 char *expected_user;
260 char *pass; 258 char *pass;
261 } SRP_SERVER_ARG; 259} SRP_SERVER_ARG;
262 260
263static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) 261static int
264 { 262ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
265 SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg; 263{
264 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *) arg;
266 265
267 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) 266 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
268 {
269 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s)); 267 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
270 return SSL3_AL_FATAL; 268 return SSL3_AL_FATAL;
271 } 269 }
272 if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0) 270 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
273 {
274 *ad = SSL_AD_INTERNAL_ERROR; 271 *ad = SSL_AD_INTERNAL_ERROR;
275 return SSL3_AL_FATAL; 272 return SSL3_AL_FATAL;
276 }
277 return SSL_ERROR_NONE;
278 } 273 }
274 return SSL_ERROR_NONE;
275}
279#endif 276#endif
280 277
281static BIO *bio_err=NULL; 278static BIO *bio_err = NULL;
282static BIO *bio_stdout=NULL; 279static BIO *bio_stdout = NULL;
283 280
284static char *cipher=NULL; 281static char *cipher = NULL;
285static int verbose=0; 282static int verbose = 0;
286static int debug=0; 283static int debug = 0;
287#if 0 284#if 0
288/* Not used yet. */ 285/* Not used yet. */
289#ifdef FIONBIO 286#ifdef FIONBIO
290static int s_nbio=0; 287static int s_nbio = 0;
291#endif 288#endif
292#endif 289#endif
293 290
294static const char rnd_seed[] = "string to make the random number generator think it has entropy"; 291static const char rnd_seed[] = "string to make the random number generator think it has entropy";
295 292
296int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); 293int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, clock_t *c_time);
297int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 294int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
298static int do_test_cipherlist(void); 295static int do_test_cipherlist(void);
299static void sv_usage(void) 296
300 { 297static void
301 fprintf(stderr,"usage: ssltest [args ...]\n"); 298sv_usage(void)
302 fprintf(stderr,"\n"); 299{
300 fprintf(stderr, "usage: ssltest [args ...]\n");
301 fprintf(stderr, "\n");
303#ifdef OPENSSL_FIPS 302#ifdef OPENSSL_FIPS
304 fprintf(stderr,"-F - run test in FIPS mode\n"); 303 fprintf(stderr, "-F - run test in FIPS mode\n");
305#endif 304#endif
306 fprintf(stderr," -server_auth - check server certificate\n"); 305 fprintf(stderr, " -server_auth - check server certificate\n");
307 fprintf(stderr," -client_auth - do client authentication\n"); 306 fprintf(stderr, " -client_auth - do client authentication\n");
308 fprintf(stderr," -proxy - allow proxy certificates\n"); 307 fprintf(stderr, " -proxy - allow proxy certificates\n");
309 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n"); 308 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
310 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n"); 309 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n");
311 fprintf(stderr," -v - more output\n"); 310 fprintf(stderr, " -v - more output\n");
312 fprintf(stderr," -d - debug output\n"); 311 fprintf(stderr, " -d - debug output\n");
313 fprintf(stderr," -reuse - use session-id reuse\n"); 312 fprintf(stderr, " -reuse - use session-id reuse\n");
314 fprintf(stderr," -num <val> - number of connections to perform\n"); 313 fprintf(stderr, " -num <val> - number of connections to perform\n");
315 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); 314 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n");
316#ifndef OPENSSL_NO_DH 315#ifndef OPENSSL_NO_DH
317 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); 316 fprintf(stderr, " -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
318 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 317 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
319 fprintf(stderr," -no_dhe - disable DHE\n"); 318 fprintf(stderr, " -no_dhe - disable DHE\n");
320#endif 319#endif
321#ifndef OPENSSL_NO_ECDH 320#ifndef OPENSSL_NO_ECDH
322 fprintf(stderr," -no_ecdhe - disable ECDHE\n"); 321 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
323#endif 322#endif
324#ifndef OPENSSL_NO_PSK 323#ifndef OPENSSL_NO_PSK
325 fprintf(stderr," -psk arg - PSK in hex (without 0x)\n"); 324 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
326#endif 325#endif
327#ifndef OPENSSL_NO_SRP 326#ifndef OPENSSL_NO_SRP
328 fprintf(stderr," -srpuser user - SRP username to use\n"); 327 fprintf(stderr, " -srpuser user - SRP username to use\n");
329 fprintf(stderr," -srppass arg - password for 'user'\n"); 328 fprintf(stderr, " -srppass arg - password for 'user'\n");
330#endif 329#endif
331#ifndef OPENSSL_NO_SSL2 330#ifndef OPENSSL_NO_SSL2
332 fprintf(stderr," -ssl2 - use SSLv2\n"); 331 fprintf(stderr, " -ssl2 - use SSLv2\n");
333#endif 332#endif
334#ifndef OPENSSL_NO_SSL3 333#ifndef OPENSSL_NO_SSL3
335 fprintf(stderr," -ssl3 - use SSLv3\n"); 334 fprintf(stderr, " -ssl3 - use SSLv3\n");
336#endif 335#endif
337#ifndef OPENSSL_NO_TLS1 336#ifndef OPENSSL_NO_TLS1
338 fprintf(stderr," -tls1 - use TLSv1\n"); 337 fprintf(stderr, " -tls1 - use TLSv1\n");
339#endif 338#endif
340 fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); 339 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
341 fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); 340 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
342 fprintf(stderr," -cert arg - Server certificate file\n"); 341 fprintf(stderr, " -cert arg - Server certificate file\n");
343 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n"); 342 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n");
344 fprintf(stderr," -c_cert arg - Client certificate file\n"); 343 fprintf(stderr, " -c_cert arg - Client certificate file\n");
345 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n"); 344 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n");
346 fprintf(stderr," -cipher arg - The cipher list\n"); 345 fprintf(stderr, " -cipher arg - The cipher list\n");
347 fprintf(stderr," -bio_pair - Use BIO pairs\n"); 346 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
348 fprintf(stderr," -f - Test even cases that can't work\n"); 347 fprintf(stderr, " -f - Test even cases that can't work\n");
349 fprintf(stderr," -time - measure processor time used by client and server\n"); 348 fprintf(stderr, " -time - measure processor time used by client and server\n");
350 fprintf(stderr," -zlib - use zlib compression\n"); 349 fprintf(stderr, " -zlib - use zlib compression\n");
351 fprintf(stderr," -rle - use rle compression\n"); 350 fprintf(stderr, " -rle - use rle compression\n");
352#ifndef OPENSSL_NO_ECDH 351#ifndef OPENSSL_NO_ECDH
353 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 352 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
354 " Use \"openssl ecparam -list_curves\" for all names\n" \ 353 " Use \"openssl ecparam -list_curves\" for all names\n" \
355 " (default is sect163r2).\n"); 354 " (default is sect163r2).\n");
356#endif 355#endif
357 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n"); 356 fprintf(stderr, " -test_cipherlist - verifies the order of the ssl cipher lists\n");
358 } 357}
359 358
360static void print_details(SSL *c_ssl, const char *prefix) 359static void
361 { 360print_details(SSL *c_ssl, const char *prefix)
361{
362 const SSL_CIPHER *ciph; 362 const SSL_CIPHER *ciph;
363 X509 *cert; 363 X509 *cert;
364 364
365 ciph=SSL_get_current_cipher(c_ssl); 365 ciph = SSL_get_current_cipher(c_ssl);
366 BIO_printf(bio_stdout,"%s%s, cipher %s %s", 366 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
367 prefix, 367 prefix,
368 SSL_get_version(c_ssl), 368 SSL_get_version(c_ssl),
369 SSL_CIPHER_get_version(ciph), 369 SSL_CIPHER_get_version(ciph),
370 SSL_CIPHER_get_name(ciph)); 370 SSL_CIPHER_get_name(ciph));
371 cert=SSL_get_peer_certificate(c_ssl); 371 cert = SSL_get_peer_certificate(c_ssl);
372 if (cert != NULL) 372 if (cert != NULL) {
373 {
374 EVP_PKEY *pkey = X509_get_pubkey(cert); 373 EVP_PKEY *pkey = X509_get_pubkey(cert);
375 if (pkey != NULL) 374 if (pkey != NULL) {
376 { 375 if (0)
377 if (0) 376;
378 ;
379#ifndef OPENSSL_NO_RSA 377#ifndef OPENSSL_NO_RSA
380 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL 378 else if (pkey->type == EVP_PKEY_RSA &&
381 && pkey->pkey.rsa->n != NULL) 379 pkey->pkey.rsa != NULL &&
382 { 380 pkey->pkey.rsa->n != NULL) {
383 BIO_printf(bio_stdout, ", %d bit RSA", 381 BIO_printf(bio_stdout, ", %d bit RSA",
384 BN_num_bits(pkey->pkey.rsa->n)); 382 BN_num_bits(pkey->pkey.rsa->n));
385 } 383 }
386#endif 384#endif
387#ifndef OPENSSL_NO_DSA 385#ifndef OPENSSL_NO_DSA
388 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL 386 else if (pkey->type == EVP_PKEY_DSA &&
389 && pkey->pkey.dsa->p != NULL) 387 pkey->pkey.dsa != NULL &&
390 { 388 pkey->pkey.dsa->p != NULL) {
391 BIO_printf(bio_stdout, ", %d bit DSA", 389 BIO_printf(bio_stdout, ", %d bit DSA",
392 BN_num_bits(pkey->pkey.dsa->p)); 390 BN_num_bits(pkey->pkey.dsa->p));
393 } 391 }
394#endif 392#endif
395 EVP_PKEY_free(pkey); 393 EVP_PKEY_free(pkey);
396 }
397 X509_free(cert);
398 } 394 }
395 X509_free(cert);
396 }
399 /* The SSL API does not allow us to look at temporary RSA/DH keys, 397 /* The SSL API does not allow us to look at temporary RSA/DH keys,
400 * otherwise we should print their lengths too */ 398 * otherwise we should print their lengths too */
401 BIO_printf(bio_stdout,"\n"); 399 BIO_printf(bio_stdout, "\n");
402 } 400}
403 401
404static void lock_dbg_cb(int mode, int type, const char *file, int line) 402static void
405 { 403lock_dbg_cb(int mode, int type, const char *file, int line)
404{
406 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ 405 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
407 const char *errstr = NULL; 406 const char *errstr = NULL;
408 int rw; 407 int rw;
409 408
410 rw = mode & (CRYPTO_READ|CRYPTO_WRITE); 409 rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
411 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) 410 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
412 {
413 errstr = "invalid mode"; 411 errstr = "invalid mode";
414 goto err; 412 goto err;
415 } 413 }
416 414
417 if (type < 0 || type >= CRYPTO_NUM_LOCKS) 415 if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
418 {
419 errstr = "type out of bounds"; 416 errstr = "type out of bounds";
420 goto err; 417 goto err;
421 } 418 }
422 419
423 if (mode & CRYPTO_LOCK) 420 if (mode & CRYPTO_LOCK) {
424 { 421 if (modes[type]) {
425 if (modes[type])
426 {
427 errstr = "already locked"; 422 errstr = "already locked";
428 /* must not happen in a single-threaded program 423 /* must not happen in a single-threaded program
429 * (would deadlock) */ 424 * (would deadlock) */
430 goto err; 425 goto err;
431 } 426 }
432 427
433 modes[type] = rw; 428 modes[type] = rw;
434 } 429 } else if (mode & CRYPTO_UNLOCK) {
435 else if (mode & CRYPTO_UNLOCK) 430 if (!modes[type]) {
436 {
437 if (!modes[type])
438 {
439 errstr = "not locked"; 431 errstr = "not locked";
440 goto err; 432 goto err;
441 } 433 }
442 434
443 if (modes[type] != rw) 435 if (modes[type] != rw) {
444 {
445 errstr = (rw == CRYPTO_READ) ? 436 errstr = (rw == CRYPTO_READ) ?
446 "CRYPTO_r_unlock on write lock" : 437 "CRYPTO_r_unlock on write lock" :
447 "CRYPTO_w_unlock on read lock"; 438 "CRYPTO_w_unlock on read lock";
448 } 439 }
449 440
450 modes[type] = 0; 441 modes[type] = 0;
451 } 442 } else {
452 else
453 {
454 errstr = "invalid mode"; 443 errstr = "invalid mode";
455 goto err; 444 goto err;
456 } 445 }
457 446
458 err: 447err:
459 if (errstr) 448 if (errstr) {
460 {
461 /* we cannot use bio_err here */ 449 /* we cannot use bio_err here */
462 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n", 450 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
463 errstr, mode, type, file, line); 451 errstr, mode, type, file, line);
464 }
465 } 452 }
453}
466 454
467#ifdef TLSEXT_TYPE_opaque_prf_input 455#ifdef TLSEXT_TYPE_opaque_prf_input
468struct cb_info_st { void *input; size_t len; int ret; }; 456 struct cb_info_st { void *input;
457 size_t len;
458 int ret;
459};
460
469struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ 461struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
470struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ 462struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
471struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ 463struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
472struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ 464struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
473 465
474int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) 466int
475 { 467opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
468{
476 struct cb_info_st *arg = arg_; 469 struct cb_info_st *arg = arg_;
477 470
478 if (arg == NULL) 471 if (arg == NULL)
479 return 1; 472 return 1;
480 473
481 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) 474 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
482 return 0; 475 return 0;
483 return arg->ret; 476 return arg->ret;
484 } 477}
485#endif 478#endif
486 479
487int main(int argc, char *argv[]) 480int
488 { 481main(int argc, char *argv[])
489 char *CApath=NULL,*CAfile=NULL; 482{
490 int badop=0; 483 char *CApath = NULL, *CAfile = NULL;
491 int bio_pair=0; 484 int badop = 0;
492 int force=0; 485 int bio_pair = 0;
493 int tls1=0,ssl2=0,ssl3=0,ret=1; 486 int force = 0;
494 int client_auth=0; 487 int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
495 int server_auth=0,i; 488 int client_auth = 0;
489 int server_auth = 0, i;
496 struct app_verify_arg app_verify_arg = 490 struct app_verify_arg app_verify_arg =
497 { APP_CALLBACK_STRING, 0, 0, NULL, NULL }; 491 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
498 char *server_cert=TEST_SERVER_CERT; 492 char *server_cert = TEST_SERVER_CERT;
499 char *server_key=NULL; 493 char *server_key = NULL;
500 char *client_cert=TEST_CLIENT_CERT; 494 char *client_cert = TEST_CLIENT_CERT;
501 char *client_key=NULL; 495 char *client_key = NULL;
502#ifndef OPENSSL_NO_ECDH 496#ifndef OPENSSL_NO_ECDH
503 char *named_curve = NULL; 497 char *named_curve = NULL;
504#endif 498#endif
505 SSL_CTX *s_ctx=NULL; 499 SSL_CTX *s_ctx = NULL;
506 SSL_CTX *c_ctx=NULL; 500 SSL_CTX *c_ctx = NULL;
507 const SSL_METHOD *meth=NULL; 501 const SSL_METHOD *meth = NULL;
508 SSL *c_ssl,*s_ssl; 502 SSL *c_ssl, *s_ssl;
509 int number=1,reuse=0; 503 int number = 1, reuse = 0;
510 long bytes=256L; 504 long bytes = 256L;
511#ifndef OPENSSL_NO_DH 505#ifndef OPENSSL_NO_DH
512 DH *dh; 506 DH *dh;
513 int dhe1024 = 0, dhe1024dsa = 0; 507 int dhe1024 = 0, dhe1024dsa = 0;
@@ -517,9 +511,9 @@ int main(int argc, char *argv[])
517#endif 511#endif
518#ifndef OPENSSL_NO_SRP 512#ifndef OPENSSL_NO_SRP
519 /* client */ 513 /* client */
520 SRP_CLIENT_ARG srp_client_arg = {NULL,NULL}; 514 SRP_CLIENT_ARG srp_client_arg = {NULL, NULL};
521 /* server */ 515 /* server */
522 SRP_SERVER_ARG srp_server_arg = {NULL,NULL}; 516 SRP_SERVER_ARG srp_server_arg = {NULL, NULL};
523#endif 517#endif
524 int no_dhe = 0; 518 int no_dhe = 0;
525 int no_ecdhe = 0; 519 int no_ecdhe = 0;
@@ -533,282 +527,237 @@ int main(int argc, char *argv[])
533#endif 527#endif
534 int test_cipherlist = 0; 528 int test_cipherlist = 0;
535#ifdef OPENSSL_FIPS 529#ifdef OPENSSL_FIPS
536 int fips_mode=0; 530 int fips_mode = 0;
537#endif 531#endif
538 532
539 verbose = 0; 533 verbose = 0;
540 debug = 0; 534 debug = 0;
541 cipher = 0; 535 cipher = 0;
542 536
543 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT); 537 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
538
544 539
545 CRYPTO_set_locking_callback(lock_dbg_cb); 540 CRYPTO_set_locking_callback(lock_dbg_cb);
546 541
547 /* enable memory leak checking unless explicitly disabled */ 542 /* enable memory leak checking unless explicitly disabled */
548 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) 543 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
549 {
550 CRYPTO_malloc_debug_init(); 544 CRYPTO_malloc_debug_init();
551 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); 545 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
552 } 546 } else {
553 else
554 {
555 /* OPENSSL_DEBUG_MEMORY=off */ 547 /* OPENSSL_DEBUG_MEMORY=off */
556 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); 548 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
557 } 549 }
558 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 550 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
559 551
560 RAND_seed(rnd_seed, sizeof rnd_seed); 552 RAND_seed(rnd_seed, sizeof rnd_seed);
561 553
562 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT); 554 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
563 555
564 argc--; 556 argc--;
565 argv++; 557 argv++;
566 558
567 while (argc >= 1) 559 while (argc >= 1) {
568 { 560 if (!strcmp(*argv, "-F")) {
569 if(!strcmp(*argv,"-F"))
570 {
571#ifdef OPENSSL_FIPS 561#ifdef OPENSSL_FIPS
572 fips_mode=1; 562 fips_mode = 1;
573#else 563#else
574 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n"); 564 fprintf(stderr, "not compiled with FIPS support, so exitting without running.\n");
575 exit(0); 565 exit(0);
576#endif 566#endif
577 } 567 } else if (strcmp(*argv, "-server_auth") == 0)
578 else if (strcmp(*argv,"-server_auth") == 0) 568 server_auth = 1;
579 server_auth=1; 569 else if (strcmp(*argv, "-client_auth") == 0)
580 else if (strcmp(*argv,"-client_auth") == 0) 570 client_auth = 1;
581 client_auth=1; 571 else if (strcmp(*argv, "-proxy_auth") == 0) {
582 else if (strcmp(*argv,"-proxy_auth") == 0) 572 if (--argc < 1)
583 { 573 goto bad;
584 if (--argc < 1) goto bad;
585 app_verify_arg.proxy_auth= *(++argv); 574 app_verify_arg.proxy_auth= *(++argv);
586 } 575 } else if (strcmp(*argv, "-proxy_cond") == 0) {
587 else if (strcmp(*argv,"-proxy_cond") == 0) 576 if (--argc < 1)
588 { 577 goto bad;
589 if (--argc < 1) goto bad;
590 app_verify_arg.proxy_cond= *(++argv); 578 app_verify_arg.proxy_cond= *(++argv);
591 } 579 } else if (strcmp(*argv, "-v") == 0)
592 else if (strcmp(*argv,"-v") == 0) 580 verbose = 1;
593 verbose=1; 581 else if (strcmp(*argv, "-d") == 0)
594 else if (strcmp(*argv,"-d") == 0) 582 debug = 1;
595 debug=1; 583 else if (strcmp(*argv, "-reuse") == 0)
596 else if (strcmp(*argv,"-reuse") == 0) 584 reuse = 1;
597 reuse=1; 585 else if (strcmp(*argv, "-dhe1024") == 0) {
598 else if (strcmp(*argv,"-dhe1024") == 0)
599 {
600#ifndef OPENSSL_NO_DH 586#ifndef OPENSSL_NO_DH
601 dhe1024=1; 587 dhe1024 = 1;
602#else 588#else
603 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); 589 fprintf(stderr, "ignoring -dhe1024, since I'm compiled without DH\n");
604#endif 590#endif
605 } 591 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
606 else if (strcmp(*argv,"-dhe1024dsa") == 0)
607 {
608#ifndef OPENSSL_NO_DH 592#ifndef OPENSSL_NO_DH
609 dhe1024dsa=1; 593 dhe1024dsa = 1;
610#else 594#else
611 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n"); 595 fprintf(stderr, "ignoring -dhe1024, since I'm compiled without DH\n");
612#endif 596#endif
613 } 597 } else if (strcmp(*argv, "-no_dhe") == 0)
614 else if (strcmp(*argv,"-no_dhe") == 0) 598 no_dhe = 1;
615 no_dhe=1; 599 else if (strcmp(*argv, "-no_ecdhe") == 0)
616 else if (strcmp(*argv,"-no_ecdhe") == 0) 600 no_ecdhe = 1;
617 no_ecdhe=1; 601 else if (strcmp(*argv, "-psk") == 0) {
618 else if (strcmp(*argv,"-psk") == 0) 602 if (--argc < 1)
619 { 603 goto bad;
620 if (--argc < 1) goto bad;
621 psk_key=*(++argv); 604 psk_key=*(++argv);
622#ifndef OPENSSL_NO_PSK 605#ifndef OPENSSL_NO_PSK
623 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) 606 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
624 { 607 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
625 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
626 goto bad; 608 goto bad;
627 } 609 }
628#else 610#else
629 no_psk=1; 611 no_psk = 1;
630#endif 612#endif
631 } 613 }
632#ifndef OPENSSL_NO_SRP 614#ifndef OPENSSL_NO_SRP
633 else if (strcmp(*argv,"-srpuser") == 0) 615 else if (strcmp(*argv, "-srpuser") == 0) {
634 { 616 if (--argc < 1)
635 if (--argc < 1) goto bad; 617 goto bad;
636 srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv); 618 srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
637 tls1=1; 619 tls1 = 1;
638 } 620 } else if (strcmp(*argv, "-srppass") == 0) {
639 else if (strcmp(*argv,"-srppass") == 0) 621 if (--argc < 1)
640 { 622 goto bad;
641 if (--argc < 1) goto bad;
642 srp_server_arg.pass = srp_client_arg.srppassin= *(++argv); 623 srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
643 tls1=1; 624 tls1 = 1;
644 } 625 }
645#endif 626#endif
646 else if (strcmp(*argv,"-ssl2") == 0) 627 else if (strcmp(*argv, "-ssl2") == 0)
647 ssl2=1; 628 ssl2 = 1;
648 else if (strcmp(*argv,"-tls1") == 0) 629 else if (strcmp(*argv, "-tls1") == 0)
649 tls1=1; 630 tls1 = 1;
650 else if (strcmp(*argv,"-ssl3") == 0) 631 else if (strcmp(*argv, "-ssl3") == 0)
651 ssl3=1; 632 ssl3 = 1;
652 else if (strncmp(*argv,"-num",4) == 0) 633 else if (strncmp(*argv, "-num", 4) == 0) {
653 { 634 if (--argc < 1)
654 if (--argc < 1) goto bad; 635 goto bad;
655 number= atoi(*(++argv)); 636 number = atoi(*(++argv));
656 if (number == 0) number=1; 637 if (number == 0)
657 } 638 number = 1;
658 else if (strcmp(*argv,"-bytes") == 0) 639 } else if (strcmp(*argv, "-bytes") == 0) {
659 { 640 if (--argc < 1)
660 if (--argc < 1) goto bad; 641 goto bad;
661 bytes= atol(*(++argv)); 642 bytes = atol(*(++argv));
662 if (bytes == 0L) bytes=1L; 643 if (bytes == 0L)
663 i=strlen(argv[0]); 644 bytes = 1L;
664 if (argv[0][i-1] == 'k') bytes*=1024L; 645 i = strlen(argv[0]);
665 if (argv[0][i-1] == 'm') bytes*=1024L*1024L; 646 if (argv[0][i - 1] == 'k')
666 } 647 bytes*=1024L;
667 else if (strcmp(*argv,"-cert") == 0) 648 if (argv[0][i - 1] == 'm')
668 { 649 bytes*=1024L*1024L;
669 if (--argc < 1) goto bad; 650 } else if (strcmp(*argv, "-cert") == 0) {
651 if (--argc < 1)
652 goto bad;
670 server_cert= *(++argv); 653 server_cert= *(++argv);
671 } 654 } else if (strcmp(*argv, "-s_cert") == 0) {
672 else if (strcmp(*argv,"-s_cert") == 0) 655 if (--argc < 1)
673 { 656 goto bad;
674 if (--argc < 1) goto bad;
675 server_cert= *(++argv); 657 server_cert= *(++argv);
676 } 658 } else if (strcmp(*argv, "-key") == 0) {
677 else if (strcmp(*argv,"-key") == 0) 659 if (--argc < 1)
678 { 660 goto bad;
679 if (--argc < 1) goto bad;
680 server_key= *(++argv); 661 server_key= *(++argv);
681 } 662 } else if (strcmp(*argv, "-s_key") == 0) {
682 else if (strcmp(*argv,"-s_key") == 0) 663 if (--argc < 1)
683 { 664 goto bad;
684 if (--argc < 1) goto bad;
685 server_key= *(++argv); 665 server_key= *(++argv);
686 } 666 } else if (strcmp(*argv, "-c_cert") == 0) {
687 else if (strcmp(*argv,"-c_cert") == 0) 667 if (--argc < 1)
688 { 668 goto bad;
689 if (--argc < 1) goto bad;
690 client_cert= *(++argv); 669 client_cert= *(++argv);
691 } 670 } else if (strcmp(*argv, "-c_key") == 0) {
692 else if (strcmp(*argv,"-c_key") == 0) 671 if (--argc < 1)
693 { 672 goto bad;
694 if (--argc < 1) goto bad;
695 client_key= *(++argv); 673 client_key= *(++argv);
696 } 674 } else if (strcmp(*argv, "-cipher") == 0) {
697 else if (strcmp(*argv,"-cipher") == 0) 675 if (--argc < 1)
698 { 676 goto bad;
699 if (--argc < 1) goto bad;
700 cipher= *(++argv); 677 cipher= *(++argv);
701 } 678 } else if (strcmp(*argv, "-CApath") == 0) {
702 else if (strcmp(*argv,"-CApath") == 0) 679 if (--argc < 1)
703 { 680 goto bad;
704 if (--argc < 1) goto bad;
705 CApath= *(++argv); 681 CApath= *(++argv);
706 } 682 } else if (strcmp(*argv, "-CAfile") == 0) {
707 else if (strcmp(*argv,"-CAfile") == 0) 683 if (--argc < 1)
708 { 684 goto bad;
709 if (--argc < 1) goto bad;
710 CAfile= *(++argv); 685 CAfile= *(++argv);
711 } 686 } else if (strcmp(*argv, "-bio_pair") == 0) {
712 else if (strcmp(*argv,"-bio_pair") == 0)
713 {
714 bio_pair = 1; 687 bio_pair = 1;
715 } 688 } else if (strcmp(*argv, "-f") == 0) {
716 else if (strcmp(*argv,"-f") == 0)
717 {
718 force = 1; 689 force = 1;
719 } 690 } else if (strcmp(*argv, "-time") == 0) {
720 else if (strcmp(*argv,"-time") == 0)
721 {
722 print_time = 1; 691 print_time = 1;
723 } 692 } else if (strcmp(*argv, "-zlib") == 0) {
724 else if (strcmp(*argv,"-zlib") == 0)
725 {
726 comp = COMP_ZLIB; 693 comp = COMP_ZLIB;
727 } 694 } else if (strcmp(*argv, "-rle") == 0) {
728 else if (strcmp(*argv,"-rle") == 0)
729 {
730 comp = COMP_RLE; 695 comp = COMP_RLE;
731 } 696 } else if (strcmp(*argv, "-named_curve") == 0) {
732 else if (strcmp(*argv,"-named_curve") == 0) 697 if (--argc < 1)
733 { 698 goto bad;
734 if (--argc < 1) goto bad;
735#ifndef OPENSSL_NO_ECDH 699#ifndef OPENSSL_NO_ECDH
736 named_curve = *(++argv); 700 named_curve = *(++argv);
737#else 701#else
738 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n"); 702 fprintf(stderr, "ignoring -named_curve, since I'm compiled without ECDH\n");
739 ++argv; 703 ++argv;
740#endif 704#endif
741 } 705 } else if (strcmp(*argv, "-app_verify") == 0) {
742 else if (strcmp(*argv,"-app_verify") == 0)
743 {
744 app_verify_arg.app_verify = 1; 706 app_verify_arg.app_verify = 1;
745 } 707 } else if (strcmp(*argv, "-proxy") == 0) {
746 else if (strcmp(*argv,"-proxy") == 0)
747 {
748 app_verify_arg.allow_proxy_certs = 1; 708 app_verify_arg.allow_proxy_certs = 1;
749 } 709 } else if (strcmp(*argv, "-test_cipherlist") == 0) {
750 else if (strcmp(*argv,"-test_cipherlist") == 0)
751 {
752 test_cipherlist = 1; 710 test_cipherlist = 1;
753 } 711 } else {
754 else 712 fprintf(stderr, "unknown option %s\n", *argv);
755 { 713 badop = 1;
756 fprintf(stderr,"unknown option %s\n",*argv);
757 badop=1;
758 break; 714 break;
759 } 715 }
760 argc--; 716 argc--;
761 argv++; 717 argv++;
762 } 718 }
763 if (badop) 719 if (badop) {
764 {
765bad: 720bad:
766 sv_usage(); 721 sv_usage();
767 goto end; 722 goto end;
768 } 723 }
769 724
770 if (test_cipherlist == 1) 725 if (test_cipherlist == 1) {
771 {
772 /* ensure that the cipher list are correctly sorted and exit */ 726 /* ensure that the cipher list are correctly sorted and exit */
773 if (do_test_cipherlist() == 0) 727 if (do_test_cipherlist() == 0)
774 exit(1); 728 exit(1);
775 ret = 0; 729 ret = 0;
776 goto end; 730 goto end;
777 } 731 }
778 732
779 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 733 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) {
780 { 734 fprintf(stderr,
781 fprintf(stderr, "This case cannot work. Use -f to perform " 735 "This case cannot work. Use -f to perform "
782 "the test anyway (and\n-d to see what happens), " 736 "the test anyway (and\n-d to see what happens), "
783 "or add one of -ssl2, -ssl3, -tls1, -reuse\n" 737 "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
784 "to avoid protocol mismatch.\n"); 738 "to avoid protocol mismatch.\n");
785 exit(1); 739 exit(1);
786 } 740 }
787 741
788#ifdef OPENSSL_FIPS 742#ifdef OPENSSL_FIPS
789 if(fips_mode) 743 if (fips_mode) {
790 { 744 if (!FIPS_mode_set(1)) {
791 if(!FIPS_mode_set(1))
792 {
793 ERR_load_crypto_strings(); 745 ERR_load_crypto_strings();
794 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); 746 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
795 exit(1); 747 exit(1);
796 } 748 } else
797 else 749 fprintf(stderr, "*** IN FIPS MODE ***\n");
798 fprintf(stderr,"*** IN FIPS MODE ***\n"); 750 }
799 }
800#endif 751#endif
801 752
802 if (print_time) 753 if (print_time) {
803 { 754 if (!bio_pair) {
804 if (!bio_pair)
805 {
806 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); 755 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
807 bio_pair = 1; 756 bio_pair = 1;
808 } 757 }
809 if (number < 50 && !force) 758 if (number < 50 && !force)
810 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); 759 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
811 } 760 }
812 761
813/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ 762/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
814 763
@@ -816,141 +765,124 @@ bad:
816 SSL_load_error_strings(); 765 SSL_load_error_strings();
817 766
818#ifndef OPENSSL_NO_COMP 767#ifndef OPENSSL_NO_COMP
819 if (comp == COMP_ZLIB) cm = COMP_zlib(); 768 if (comp == COMP_ZLIB)
820 if (comp == COMP_RLE) cm = COMP_rle(); 769 cm = COMP_zlib();
821 if (cm != NULL) 770 if (comp == COMP_RLE)
822 { 771 cm = COMP_rle();
823 if (cm->type != NID_undef) 772 if (cm != NULL) {
824 { 773 if (cm->type != NID_undef) {
825 if (SSL_COMP_add_compression_method(comp, cm) != 0) 774 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
826 {
827 fprintf(stderr, 775 fprintf(stderr,
828 "Failed to add compression method\n"); 776 "Failed to add compression method\n");
829 ERR_print_errors_fp(stderr); 777 ERR_print_errors_fp(stderr);
830 }
831 } 778 }
832 else 779 } else {
833 {
834 fprintf(stderr, 780 fprintf(stderr,
835 "Warning: %s compression not supported\n", 781 "Warning: %s compression not supported\n",
836 (comp == COMP_RLE ? "rle" : 782 (comp == COMP_RLE ? "rle" :
837 (comp == COMP_ZLIB ? "zlib" : 783 (comp == COMP_ZLIB ? "zlib" :
838 "unknown"))); 784 "unknown")));
839 ERR_print_errors_fp(stderr); 785 ERR_print_errors_fp(stderr);
840 }
841 } 786 }
787 }
842 ssl_comp_methods = SSL_COMP_get_compression_methods(); 788 ssl_comp_methods = SSL_COMP_get_compression_methods();
843 fprintf(stderr, "Available compression methods:\n"); 789 fprintf(stderr, "Available compression methods:\n");
844 { 790 {
845 int j, n = sk_SSL_COMP_num(ssl_comp_methods); 791 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
846 if (n == 0) 792 if (n == 0)
847 fprintf(stderr, " NONE\n"); 793 fprintf(stderr, " NONE\n");
848 else 794 else
849 for (j = 0; j < n; j++) 795 for (j = 0; j < n; j++) {
850 { 796 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
851 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); 797 fprintf(stderr, " %d: %s\n", c->id, c->name);
852 fprintf(stderr, " %d: %s\n", c->id, c->name);
853 } 798 }
854 } 799 }
855#endif 800#endif
856 801
857#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) 802#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
858 if (ssl2) 803 if (ssl2)
859 meth=SSLv2_method(); 804 meth = SSLv2_method();
860 else 805 else if (tls1)
861 if (tls1) 806 meth = TLSv1_method();
862 meth=TLSv1_method(); 807 else if (ssl3)
808 meth = SSLv3_method();
863 else 809 else
864 if (ssl3) 810 meth = SSLv23_method();
865 meth=SSLv3_method();
866 else
867 meth=SSLv23_method();
868#else 811#else
869#ifdef OPENSSL_NO_SSL2 812#ifdef OPENSSL_NO_SSL2
870 if (tls1) 813 if (tls1)
871 meth=TLSv1_method(); 814 meth = TLSv1_method();
872 else 815 else if (ssl3)
873 if (ssl3) 816 meth = SSLv3_method();
874 meth=SSLv3_method();
875 else 817 else
876 meth=SSLv23_method(); 818 meth = SSLv23_method();
877#else 819#else
878 meth=SSLv2_method(); 820 meth = SSLv2_method();
879#endif 821#endif
880#endif 822#endif
881 823
882 c_ctx=SSL_CTX_new(meth); 824 c_ctx = SSL_CTX_new(meth);
883 s_ctx=SSL_CTX_new(meth); 825 s_ctx = SSL_CTX_new(meth);
884 if ((c_ctx == NULL) || (s_ctx == NULL)) 826 if ((c_ctx == NULL) || (s_ctx == NULL)) {
885 {
886 ERR_print_errors(bio_err); 827 ERR_print_errors(bio_err);
887 goto end; 828 goto end;
888 } 829 }
889 830
890 if (cipher != NULL) 831 if (cipher != NULL) {
891 { 832 SSL_CTX_set_cipher_list(c_ctx, cipher);
892 SSL_CTX_set_cipher_list(c_ctx,cipher); 833 SSL_CTX_set_cipher_list(s_ctx, cipher);
893 SSL_CTX_set_cipher_list(s_ctx,cipher); 834 }
894 }
895 835
896#ifndef OPENSSL_NO_DH 836#ifndef OPENSSL_NO_DH
897 if (!no_dhe) 837 if (!no_dhe) {
898 { 838 if (dhe1024dsa) {
899 if (dhe1024dsa)
900 {
901 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ 839 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
902 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); 840 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
903 dh=get_dh1024dsa(); 841 dh = get_dh1024dsa();
904 } 842 } else if (dhe1024)
905 else if (dhe1024) 843 dh = get_dh1024();
906 dh=get_dh1024();
907 else 844 else
908 dh=get_dh512(); 845 dh = get_dh512();
909 SSL_CTX_set_tmp_dh(s_ctx,dh); 846 SSL_CTX_set_tmp_dh(s_ctx, dh);
910 DH_free(dh); 847 DH_free(dh);
911 } 848 }
912#else 849#else
913 (void)no_dhe; 850 (void)no_dhe;
914#endif 851#endif
915 852
916#ifndef OPENSSL_NO_ECDH 853#ifndef OPENSSL_NO_ECDH
917 if (!no_ecdhe) 854 if (!no_ecdhe) {
918 {
919 int nid; 855 int nid;
920 856
921 if (named_curve != NULL) 857 if (named_curve != NULL) {
922 {
923 nid = OBJ_sn2nid(named_curve); 858 nid = OBJ_sn2nid(named_curve);
924 if (nid == 0) 859 if (nid == 0) {
925 {
926 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); 860 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
927 goto end; 861 goto end;
928 }
929 } 862 }
930 else 863 } else
931#ifdef OPENSSL_NO_EC2M 864#ifdef OPENSSL_NO_EC2M
932 nid = NID_X9_62_prime256v1; 865 nid = NID_X9_62_prime256v1;
933#else 866#else
934 nid = NID_sect163r2; 867 nid = NID_sect163r2;
935#endif 868#endif
936 869
937 ecdh = EC_KEY_new_by_curve_name(nid); 870 ecdh = EC_KEY_new_by_curve_name(nid);
938 if (ecdh == NULL) 871 if (ecdh == NULL) {
939 {
940 BIO_printf(bio_err, "unable to create curve\n"); 872 BIO_printf(bio_err, "unable to create curve\n");
941 goto end; 873 goto end;
942 } 874 }
943 875
944 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); 876 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
945 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); 877 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
946 EC_KEY_free(ecdh); 878 EC_KEY_free(ecdh);
947 } 879 }
948#else 880#else
949 (void)no_ecdhe; 881 (void)no_ecdhe;
950#endif 882#endif
951 883
952#ifndef OPENSSL_NO_RSA 884#ifndef OPENSSL_NO_RSA
953 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 885 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
954#endif 886#endif
955 887
956#ifdef TLSEXT_TYPE_opaque_prf_input 888#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -960,169 +892,154 @@ bad:
960 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */ 892 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
961#endif 893#endif
962 894
963 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) 895 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
964 {
965 ERR_print_errors(bio_err); 896 ERR_print_errors(bio_err);
966 } 897 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
967 else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 898 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
968 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
969 {
970 ERR_print_errors(bio_err); 899 ERR_print_errors(bio_err);
971 goto end; 900 goto end;
972 } 901 }
973 902
974 if (client_auth) 903 if (client_auth) {
975 { 904 SSL_CTX_use_certificate_file(c_ctx, client_cert,
976 SSL_CTX_use_certificate_file(c_ctx,client_cert, 905 SSL_FILETYPE_PEM);
977 SSL_FILETYPE_PEM);
978 SSL_CTX_use_PrivateKey_file(c_ctx, 906 SSL_CTX_use_PrivateKey_file(c_ctx,
979 (client_key?client_key:client_cert), 907 (client_key ? client_key : client_cert),
980 SSL_FILETYPE_PEM); 908 SSL_FILETYPE_PEM);
981 } 909 }
982 910
983 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || 911 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
984 (!SSL_CTX_set_default_verify_paths(s_ctx)) || 912 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
985 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || 913 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
986 (!SSL_CTX_set_default_verify_paths(c_ctx))) 914 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
987 {
988 /* fprintf(stderr,"SSL_load_verify_locations\n"); */ 915 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
989 ERR_print_errors(bio_err); 916 ERR_print_errors(bio_err);
990 /* goto end; */ 917 /* goto end; */
991 } 918 }
992 919
993 if (client_auth) 920 if (client_auth) {
994 { 921 BIO_printf(bio_err, "client authentication\n");
995 BIO_printf(bio_err,"client authentication\n");
996 SSL_CTX_set_verify(s_ctx, 922 SSL_CTX_set_verify(s_ctx,
997 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 923 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
998 verify_callback); 924 verify_callback);
999 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg); 925 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
1000 } 926 }
1001 if (server_auth) 927 if (server_auth) {
1002 { 928 BIO_printf(bio_err, "server authentication\n");
1003 BIO_printf(bio_err,"server authentication\n"); 929 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
1004 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, 930 verify_callback);
1005 verify_callback);
1006 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg); 931 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
1007 } 932 }
1008 933
1009 { 934 {
1010 int session_id_context = 0; 935 int session_id_context = 0;
1011 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); 936 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
1012 } 937 }
1013 938
1014 /* Use PSK only if PSK key is given */ 939 /* Use PSK only if PSK key is given */
1015 if (psk_key != NULL) 940 if (psk_key != NULL) {
1016 {
1017 /* no_psk is used to avoid putting psk command to openssl tool */ 941 /* no_psk is used to avoid putting psk command to openssl tool */
1018 if (no_psk) 942 if (no_psk) {
1019 {
1020 /* if PSK is not compiled in and psk key is 943 /* if PSK is not compiled in and psk key is
1021 * given, do nothing and exit successfully */ 944 * given, do nothing and exit successfully */
1022 ret=0; 945 ret = 0;
1023 goto end; 946 goto end;
1024 } 947 }
1025#ifndef OPENSSL_NO_PSK 948#ifndef OPENSSL_NO_PSK
1026 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback); 949 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1027 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback); 950 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1028 if (debug) 951 if (debug)
1029 BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n"); 952 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1030 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) 953 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
1031 { 954 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1032 BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
1033 ERR_print_errors(bio_err); 955 ERR_print_errors(bio_err);
1034 goto end; 956 goto end;
1035 }
1036#endif
1037 } 957 }
958#endif
959 }
1038#ifndef OPENSSL_NO_SRP 960#ifndef OPENSSL_NO_SRP
1039 if (srp_client_arg.srplogin) 961 if (srp_client_arg.srplogin) {
1040 { 962 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1041 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) 963 BIO_printf(bio_err, "Unable to set SRP username\n");
1042 {
1043 BIO_printf(bio_err,"Unable to set SRP username\n");
1044 goto end; 964 goto end;
1045 } 965 }
1046 SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg); 966 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1047 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb); 967 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
1048 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/ 968 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
1049 } 969 }
1050 970
1051 if (srp_server_arg.expected_user != NULL) 971 if (srp_server_arg.expected_user != NULL) {
1052 { 972 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1053 SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
1054 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg); 973 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1055 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb); 974 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1056 } 975 }
1057#endif 976#endif
1058 977
1059 c_ssl=SSL_new(c_ctx); 978 c_ssl = SSL_new(c_ctx);
1060 s_ssl=SSL_new(s_ctx); 979 s_ssl = SSL_new(s_ctx);
1061 980
1062#ifndef OPENSSL_NO_KRB5 981#ifndef OPENSSL_NO_KRB5
1063 if (c_ssl && c_ssl->kssl_ctx) 982 if (c_ssl && c_ssl->kssl_ctx) {
1064 { 983 char localhost[MAXHOSTNAMELEN + 2];
1065 char localhost[MAXHOSTNAMELEN+2]; 984
1066 985 if (gethostname(localhost, sizeof localhost - 1) == 0) {
1067 if (gethostname(localhost, sizeof localhost-1) == 0) 986 localhost[sizeof localhost - 1] = '\0';
1068 { 987 if (strlen(localhost) == sizeof localhost - 1) {
1069 localhost[sizeof localhost-1]='\0'; 988 BIO_printf(bio_err, "localhost name too long\n");
1070 if(strlen(localhost) == sizeof localhost-1)
1071 {
1072 BIO_printf(bio_err,"localhost name too long\n");
1073 goto end; 989 goto end;
1074 }
1075 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
1076 localhost);
1077 } 990 }
991 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
992 localhost);
1078 } 993 }
994 }
1079#endif /* OPENSSL_NO_KRB5 */ 995#endif /* OPENSSL_NO_KRB5 */
1080 996
1081 for (i=0; i<number; i++) 997 for (i = 0; i < number; i++) {
1082 { 998 if (!reuse)
1083 if (!reuse) SSL_set_session(c_ssl,NULL); 999 SSL_set_session(c_ssl, NULL);
1084 if (bio_pair) 1000 if (bio_pair)
1085 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time); 1001 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1086 else 1002 else
1087 ret=doit(s_ssl,c_ssl,bytes); 1003 ret = doit(s_ssl, c_ssl, bytes);
1088 } 1004 }
1089 1005
1090 if (!verbose) 1006 if (!verbose) {
1091 {
1092 print_details(c_ssl, ""); 1007 print_details(c_ssl, "");
1093 } 1008 }
1094 if ((number > 1) || (bytes > 1L)) 1009 if ((number > 1) || (bytes > 1L))
1095 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes); 1010 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number, bytes);
1096 if (print_time) 1011 if (print_time) {
1097 {
1098#ifdef CLOCKS_PER_SEC 1012#ifdef CLOCKS_PER_SEC
1099 /* "To determine the time in seconds, the value returned 1013 /* "To determine the time in seconds, the value returned
1100 * by the clock function should be divided by the value 1014 * by the clock function should be divided by the value
1101 * of the macro CLOCKS_PER_SEC." 1015 * of the macro CLOCKS_PER_SEC."
1102 * -- ISO/IEC 9899 */ 1016 * -- ISO/IEC 9899 */
1103 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" 1017 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1104 "Approximate total client time: %6.2f s\n", 1018 "Approximate total client time: %6.2f s\n",
1105 (double)s_time/CLOCKS_PER_SEC, 1019 (double)s_time/CLOCKS_PER_SEC,
1106 (double)c_time/CLOCKS_PER_SEC); 1020 (double)c_time/CLOCKS_PER_SEC);
1107#else 1021#else
1108 /* "`CLOCKS_PER_SEC' undeclared (first use this function)" 1022 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
1109 * -- cc on NeXTstep/OpenStep */ 1023 * -- cc on NeXTstep/OpenStep */
1110 BIO_printf(bio_stdout, 1024 BIO_printf(bio_stdout,
1111 "Approximate total server time: %6.2f units\n" 1025 "Approximate total server time: %6.2f units\n"
1112 "Approximate total client time: %6.2f units\n", 1026 "Approximate total client time: %6.2f units\n",
1113 (double)s_time, 1027 (double)s_time,
1114 (double)c_time); 1028 (double)c_time);
1115#endif 1029#endif
1116 } 1030 }
1117 1031
1118 SSL_free(s_ssl); 1032 SSL_free(s_ssl);
1119 SSL_free(c_ssl); 1033 SSL_free(c_ssl);
1120 1034
1121end: 1035end:
1122 if (s_ctx != NULL) SSL_CTX_free(s_ctx); 1036 if (s_ctx != NULL)
1123 if (c_ctx != NULL) SSL_CTX_free(c_ctx); 1037 SSL_CTX_free(s_ctx);
1038 if (c_ctx != NULL)
1039 SSL_CTX_free(c_ctx);
1124 1040
1125 if (bio_stdout != NULL) BIO_free(bio_stdout); 1041 if (bio_stdout != NULL)
1042 BIO_free(bio_stdout);
1126 1043
1127#ifndef OPENSSL_NO_RSA 1044#ifndef OPENSSL_NO_RSA
1128 free_tmp_rsa(); 1045 free_tmp_rsa();
@@ -1135,26 +1052,28 @@ end:
1135 ERR_remove_thread_state(NULL); 1052 ERR_remove_thread_state(NULL);
1136 EVP_cleanup(); 1053 EVP_cleanup();
1137 CRYPTO_mem_leaks(bio_err); 1054 CRYPTO_mem_leaks(bio_err);
1138 if (bio_err != NULL) BIO_free(bio_err); 1055 if (bio_err != NULL)
1056 BIO_free(bio_err);
1139 exit(ret); 1057 exit(ret);
1140 return ret; 1058 return ret;
1141 } 1059}
1142 1060
1143int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, 1061int
1144 clock_t *s_time, clock_t *c_time) 1062doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
1145 { 1063 clock_t *c_time)
1064{
1146 long cw_num = count, cr_num = count, sw_num = count, sr_num = count; 1065 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1147 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; 1066 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1148 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; 1067 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1149 int ret = 1; 1068 int ret = 1;
1150 1069
1151 size_t bufsiz = 256; /* small buffer for testing */ 1070 size_t bufsiz = 256; /* small buffer for testing */
1152 1071
1153 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) 1072 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1154 goto err; 1073 goto err;
1155 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) 1074 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1156 goto err; 1075 goto err;
1157 1076
1158 s_ssl_bio = BIO_new(BIO_f_ssl()); 1077 s_ssl_bio = BIO_new(BIO_f_ssl());
1159 if (!s_ssl_bio) 1078 if (!s_ssl_bio)
1160 goto err; 1079 goto err;
@@ -1171,8 +1090,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1171 SSL_set_bio(s_ssl, server, server); 1090 SSL_set_bio(s_ssl, server, server);
1172 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); 1091 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1173 1092
1174 do 1093 do {
1175 {
1176 /* c_ssl_bio: SSL filter BIO 1094 /* c_ssl_bio: SSL filter BIO
1177 * 1095 *
1178 * client: pseudo-I/O for SSL library 1096 * client: pseudo-I/O for SSL library
@@ -1213,9 +1131,9 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1213 * -- we just try everything in each iteration 1131 * -- we just try everything in each iteration
1214 */ 1132 */
1215 1133
1216 { 1134 {
1217 /* CLIENT */ 1135 /* CLIENT */
1218 1136
1219 char cbuf[1024*8]; 1137 char cbuf[1024*8];
1220 int i, r; 1138 int i, r;
1221 clock_t c_clock = clock(); 1139 clock_t c_clock = clock();
@@ -1225,68 +1143,55 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1225 if (debug) 1143 if (debug)
1226 if (SSL_in_init(c_ssl)) 1144 if (SSL_in_init(c_ssl))
1227 printf("client waiting in SSL_connect - %s\n", 1145 printf("client waiting in SSL_connect - %s\n",
1228 SSL_state_string_long(c_ssl)); 1146 SSL_state_string_long(c_ssl));
1229 1147
1230 if (cw_num > 0) 1148 if (cw_num > 0) {
1231 {
1232 /* Write to server. */ 1149 /* Write to server. */
1233 1150
1234 if (cw_num > (long)sizeof cbuf) 1151 if (cw_num > (long)sizeof cbuf)
1235 i = sizeof cbuf; 1152 i = sizeof cbuf;
1236 else 1153 else
1237 i = (int)cw_num; 1154 i = (int)cw_num;
1238 r = BIO_write(c_ssl_bio, cbuf, i); 1155 r = BIO_write(c_ssl_bio, cbuf, i);
1239 if (r < 0) 1156 if (r < 0) {
1240 { 1157 if (!BIO_should_retry(c_ssl_bio)) {
1241 if (!BIO_should_retry(c_ssl_bio)) 1158 fprintf(stderr, "ERROR in CLIENT\n");
1242 {
1243 fprintf(stderr,"ERROR in CLIENT\n");
1244 goto err; 1159 goto err;
1245 } 1160 }
1246 /* BIO_should_retry(...) can just be ignored here. 1161 /* BIO_should_retry(...) can just be ignored here.
1247 * The library expects us to call BIO_write with 1162 * The library expects us to call BIO_write with
1248 * the same arguments again, and that's what we will 1163 * the same arguments again, and that's what we will
1249 * do in the next iteration. */ 1164 * do in the next iteration. */
1250 } 1165 } else if (r == 0) {
1251 else if (r == 0) 1166 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1252 {
1253 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1254 goto err; 1167 goto err;
1255 } 1168 } else {
1256 else
1257 {
1258 if (debug) 1169 if (debug)
1259 printf("client wrote %d\n", r); 1170 printf("client wrote %d\n", r);
1260 cw_num -= r; 1171 cw_num -= r;
1261 } 1172
1262 } 1173 }
1174 }
1263 1175
1264 if (cr_num > 0) 1176 if (cr_num > 0) {
1265 {
1266 /* Read from server. */ 1177 /* Read from server. */
1267 1178
1268 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); 1179 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1269 if (r < 0) 1180 if (r < 0) {
1270 { 1181 if (!BIO_should_retry(c_ssl_bio)) {
1271 if (!BIO_should_retry(c_ssl_bio)) 1182 fprintf(stderr, "ERROR in CLIENT\n");
1272 {
1273 fprintf(stderr,"ERROR in CLIENT\n");
1274 goto err; 1183 goto err;
1275 }
1276 /* Again, "BIO_should_retry" can be ignored. */
1277 } 1184 }
1278 else if (r == 0) 1185 /* Again, "BIO_should_retry" can be ignored. */
1279 { 1186 } else if (r == 0) {
1280 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); 1187 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1281 goto err; 1188 goto err;
1282 } 1189 } else {
1283 else
1284 {
1285 if (debug) 1190 if (debug)
1286 printf("client read %d\n", r); 1191 printf("client read %d\n", r);
1287 cr_num -= r; 1192 cr_num -= r;
1288 }
1289 } 1193 }
1194 }
1290 1195
1291 /* c_time and s_time increments will typically be very small 1196 /* c_time and s_time increments will typically be very small
1292 * (depending on machine speed and clock tick intervals), 1197 * (depending on machine speed and clock tick intervals),
@@ -1297,11 +1202,11 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1297 * or only for the server or even not at all. 1202 * or only for the server or even not at all.
1298 */ 1203 */
1299 *c_time += (clock() - c_clock); 1204 *c_time += (clock() - c_clock);
1300 } 1205 }
1301 1206
1302 { 1207 {
1303 /* SERVER */ 1208 /* SERVER */
1304 1209
1305 char sbuf[1024*8]; 1210 char sbuf[1024*8];
1306 int i, r; 1211 int i, r;
1307 clock_t s_clock = clock(); 1212 clock_t s_clock = clock();
@@ -1311,70 +1216,57 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1311 if (debug) 1216 if (debug)
1312 if (SSL_in_init(s_ssl)) 1217 if (SSL_in_init(s_ssl))
1313 printf("server waiting in SSL_accept - %s\n", 1218 printf("server waiting in SSL_accept - %s\n",
1314 SSL_state_string_long(s_ssl)); 1219 SSL_state_string_long(s_ssl));
1315 1220
1316 if (sw_num > 0) 1221 if (sw_num > 0) {
1317 {
1318 /* Write to client. */ 1222 /* Write to client. */
1319 1223
1320 if (sw_num > (long)sizeof sbuf) 1224 if (sw_num > (long)sizeof sbuf)
1321 i = sizeof sbuf; 1225 i = sizeof sbuf;
1322 else 1226 else
1323 i = (int)sw_num; 1227 i = (int)sw_num;
1324 r = BIO_write(s_ssl_bio, sbuf, i); 1228 r = BIO_write(s_ssl_bio, sbuf, i);
1325 if (r < 0) 1229 if (r < 0) {
1326 { 1230 if (!BIO_should_retry(s_ssl_bio)) {
1327 if (!BIO_should_retry(s_ssl_bio)) 1231 fprintf(stderr, "ERROR in SERVER\n");
1328 {
1329 fprintf(stderr,"ERROR in SERVER\n");
1330 goto err; 1232 goto err;
1331 }
1332 /* Ignore "BIO_should_retry". */
1333 } 1233 }
1334 else if (r == 0) 1234 /* Ignore "BIO_should_retry". */
1335 { 1235 } else if (r == 0) {
1336 fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); 1236 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1337 goto err; 1237 goto err;
1338 } 1238 } else {
1339 else
1340 {
1341 if (debug) 1239 if (debug)
1342 printf("server wrote %d\n", r); 1240 printf("server wrote %d\n", r);
1343 sw_num -= r; 1241 sw_num -= r;
1344 } 1242
1345 } 1243 }
1244 }
1346 1245
1347 if (sr_num > 0) 1246 if (sr_num > 0) {
1348 {
1349 /* Read from client. */ 1247 /* Read from client. */
1350 1248
1351 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); 1249 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
1352 if (r < 0) 1250 if (r < 0) {
1353 { 1251 if (!BIO_should_retry(s_ssl_bio)) {
1354 if (!BIO_should_retry(s_ssl_bio)) 1252 fprintf(stderr, "ERROR in SERVER\n");
1355 {
1356 fprintf(stderr,"ERROR in SERVER\n");
1357 goto err; 1253 goto err;
1358 }
1359 /* blah, blah */
1360 } 1254 }
1361 else if (r == 0) 1255 /* blah, blah */
1362 { 1256 } else if (r == 0) {
1363 fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); 1257 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1364 goto err; 1258 goto err;
1365 } 1259 } else {
1366 else
1367 {
1368 if (debug) 1260 if (debug)
1369 printf("server read %d\n", r); 1261 printf("server read %d\n", r);
1370 sr_num -= r; 1262 sr_num -= r;
1371 }
1372 } 1263 }
1264 }
1373 1265
1374 *s_time += (clock() - s_clock); 1266 *s_time += (clock() - s_clock);
1375 } 1267 }
1376 1268
1377 { 1269 {
1378 /* "I/O" BETWEEN CLIENT AND SERVER. */ 1270 /* "I/O" BETWEEN CLIENT AND SERVER. */
1379 1271
1380 size_t r1, r2; 1272 size_t r1, r2;
@@ -1382,13 +1274,13 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1382 /* we use the non-copying interface for io1 1274 /* we use the non-copying interface for io1
1383 * and the standard BIO_write/BIO_read interface for io2 1275 * and the standard BIO_write/BIO_read interface for io2
1384 */ 1276 */
1385 1277
1386 static int prev_progress = 1; 1278 static int prev_progress = 1;
1387 int progress = 0; 1279 int progress = 0;
1388 1280
1389 /* io1 to io2 */ 1281 /* io1 to io2 */
1390 do 1282 do
1391 { 1283 {
1392 size_t num; 1284 size_t num;
1393 int r; 1285 int r;
1394 1286
@@ -1398,13 +1290,12 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1398 num = r1; 1290 num = r1;
1399 if (r2 < num) 1291 if (r2 < num)
1400 num = r2; 1292 num = r2;
1401 if (num) 1293 if (num) {
1402 {
1403 char *dataptr; 1294 char *dataptr;
1404 1295
1405 if (INT_MAX < num) /* yeah, right */ 1296 if (INT_MAX < num) /* yeah, right */
1406 num = INT_MAX; 1297 num = INT_MAX;
1407 1298
1408 r = BIO_nread(io1, &dataptr, (int)num); 1299 r = BIO_nread(io1, &dataptr, (int)num);
1409 assert(r > 0); 1300 assert(r > 0);
1410 assert(r <= (int)num); 1301 assert(r <= (int)num);
@@ -1412,21 +1303,20 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1412 num = r; 1303 num = r;
1413 r = BIO_write(io2, dataptr, (int)num); 1304 r = BIO_write(io2, dataptr, (int)num);
1414 if (r != (int)num) /* can't happen */ 1305 if (r != (int)num) /* can't happen */
1415 { 1306 {
1416 fprintf(stderr, "ERROR: BIO_write could not write " 1307 fprintf(stderr, "ERROR: BIO_write could not write "
1417 "BIO_ctrl_get_write_guarantee() bytes"); 1308 "BIO_ctrl_get_write_guarantee() bytes");
1418 goto err; 1309 goto err;
1419 } 1310 }
1420 progress = 1; 1311 progress = 1;
1421 1312
1422 if (debug) 1313 if (debug)
1423 printf((io1 == client_io) ? 1314 printf((io1 == client_io) ?
1424 "C->S relaying: %d bytes\n" : 1315 "C->S relaying: %d bytes\n" :
1425 "S->C relaying: %d bytes\n", 1316 "S->C relaying: %d bytes\n",
1426 (int)num); 1317 (int)num);
1427 }
1428 } 1318 }
1429 while (r1 && r2); 1319 } while (r1 && r2);
1430 1320
1431 /* io2 to io1 */ 1321 /* io2 to io1 */
1432 { 1322 {
@@ -1442,76 +1332,71 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1442 num = r1; 1332 num = r1;
1443 if (r2 < num) 1333 if (r2 < num)
1444 num = r2; 1334 num = r2;
1445 if (num) 1335 if (num) {
1446 {
1447 char *dataptr; 1336 char *dataptr;
1448 1337
1449 if (INT_MAX < num) 1338 if (INT_MAX < num)
1450 num = INT_MAX; 1339 num = INT_MAX;
1451 1340
1452 if (num > 1) 1341 if (num > 1)
1453 --num; /* test restartability even more thoroughly */ 1342 --num; /* test restartability even more thoroughly */
1454 1343
1455 r = BIO_nwrite0(io1, &dataptr); 1344 r = BIO_nwrite0(io1, &dataptr);
1456 assert(r > 0); 1345 assert(r > 0);
1457 if (r < (int)num) 1346 if (r < (int)num)
1458 num = r; 1347 num = r;
1459 r = BIO_read(io2, dataptr, (int)num); 1348 r = BIO_read(io2, dataptr, (int)num);
1460 if (r != (int)num) /* can't happen */ 1349 if (r != (int)num) /* can't happen */
1461 { 1350 {
1462 fprintf(stderr, "ERROR: BIO_read could not read " 1351 fprintf(stderr, "ERROR: BIO_read could not read "
1463 "BIO_ctrl_pending() bytes"); 1352 "BIO_ctrl_pending() bytes");
1464 goto err; 1353 goto err;
1465 } 1354 }
1466 progress = 1; 1355 progress = 1;
1467 r = BIO_nwrite(io1, &dataptr, (int)num); 1356 r = BIO_nwrite(io1, &dataptr, (int)num);
1468 if (r != (int)num) /* can't happen */ 1357 if (r != (int)num) /* can't happen */
1469 { 1358 {
1470 fprintf(stderr, "ERROR: BIO_nwrite() did not accept " 1359 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1471 "BIO_nwrite0() bytes"); 1360 "BIO_nwrite0() bytes");
1472 goto err; 1361 goto err;
1473 } 1362 }
1474 1363
1475 if (debug) 1364 if (debug)
1476 printf((io2 == client_io) ? 1365 printf((io2 == client_io) ?
1477 "C->S relaying: %d bytes\n" : 1366 "C->S relaying: %d bytes\n" :
1478 "S->C relaying: %d bytes\n", 1367 "S->C relaying: %d bytes\n",
1479 (int)num); 1368 (int)num);
1480 } 1369 }
1481 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ 1370 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1482 1371
1483 if (!progress && !prev_progress) 1372 if (!progress && !prev_progress)
1484 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) 1373 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
1485 { 1374 fprintf(stderr, "ERROR: got stuck\n");
1486 fprintf(stderr, "ERROR: got stuck\n"); 1375 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) {
1487 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) 1376 fprintf(stderr, "This can happen for SSL2 because "
1488 { 1377 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
1489 fprintf(stderr, "This can happen for SSL2 because " 1378 "concurrently ...");
1490 "CLIENT-FINISHED and SERVER-VERIFY are written \n" 1379 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
1491 "concurrently ..."); 1380 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) {
1492 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0 1381 fprintf(stderr, " ok.\n");
1493 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0) 1382 goto end;
1494 {
1495 fprintf(stderr, " ok.\n");
1496 goto end;
1497 }
1498 }
1499 fprintf(stderr, " ERROR.\n");
1500 goto err;
1501 } 1383 }
1502 prev_progress = progress; 1384 }
1385 fprintf(stderr, " ERROR.\n");
1386 goto err;
1503 } 1387 }
1388 prev_progress = progress;
1504 } 1389 }
1505 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); 1390 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1506 1391
1507 if (verbose) 1392 if (verbose)
1508 print_details(c_ssl, "DONE via BIO pair: "); 1393 print_details(c_ssl, "DONE via BIO pair: ");
1509end: 1394end:
1510 ret = 0; 1395 ret = 0;
1511 1396
1512 err: 1397 err:
1513 ERR_print_errors(bio_err); 1398 ERR_print_errors(bio_err);
1514 1399
1515 if (server) 1400 if (server)
1516 BIO_free(server); 1401 BIO_free(server);
1517 if (server_io) 1402 if (server_io)
@@ -1526,7 +1411,7 @@ end:
1526 BIO_free(c_ssl_bio); 1411 BIO_free(c_ssl_bio);
1527 1412
1528 return ret; 1413 return ret;
1529 } 1414}
1530 1415
1531 1416
1532#define W_READ 1 1417#define W_READ 1
@@ -1534,274 +1419,230 @@ end:
1534#define C_DONE 1 1419#define C_DONE 1
1535#define S_DONE 2 1420#define S_DONE 2
1536 1421
1537int doit(SSL *s_ssl, SSL *c_ssl, long count) 1422int
1538 { 1423doit(SSL *s_ssl, SSL *c_ssl, long count)
1539 char cbuf[1024*8],sbuf[1024*8]; 1424{
1540 long cw_num=count,cr_num=count; 1425 char cbuf[1024*8], sbuf[1024*8];
1541 long sw_num=count,sr_num=count; 1426 long cw_num = count, cr_num = count;
1542 int ret=1; 1427 long sw_num = count, sr_num = count;
1543 BIO *c_to_s=NULL; 1428 int ret = 1;
1544 BIO *s_to_c=NULL; 1429 BIO *c_to_s = NULL;
1545 BIO *c_bio=NULL; 1430 BIO *s_to_c = NULL;
1546 BIO *s_bio=NULL; 1431 BIO *c_bio = NULL;
1547 int c_r,c_w,s_r,s_w; 1432 BIO *s_bio = NULL;
1548 int i,j; 1433 int c_r, c_w, s_r, s_w;
1549 int done=0; 1434 int i, j;
1550 int c_write,s_write; 1435 int done = 0;
1551 int do_server=0,do_client=0; 1436 int c_write, s_write;
1552 1437 int do_server = 0, do_client = 0;
1553 memset(cbuf,0,sizeof(cbuf)); 1438
1554 memset(sbuf,0,sizeof(sbuf)); 1439 memset(cbuf, 0, sizeof(cbuf));
1555 1440 memset(sbuf, 0, sizeof(sbuf));
1556 c_to_s=BIO_new(BIO_s_mem()); 1441
1557 s_to_c=BIO_new(BIO_s_mem()); 1442 c_to_s = BIO_new(BIO_s_mem());
1558 if ((s_to_c == NULL) || (c_to_s == NULL)) 1443 s_to_c = BIO_new(BIO_s_mem());
1559 { 1444 if ((s_to_c == NULL) || (c_to_s == NULL)) {
1560 ERR_print_errors(bio_err); 1445 ERR_print_errors(bio_err);
1561 goto err; 1446 goto err;
1562 } 1447 }
1563 1448
1564 c_bio=BIO_new(BIO_f_ssl()); 1449 c_bio = BIO_new(BIO_f_ssl());
1565 s_bio=BIO_new(BIO_f_ssl()); 1450 s_bio = BIO_new(BIO_f_ssl());
1566 if ((c_bio == NULL) || (s_bio == NULL)) 1451 if ((c_bio == NULL) || (s_bio == NULL)) {
1567 {
1568 ERR_print_errors(bio_err); 1452 ERR_print_errors(bio_err);
1569 goto err; 1453 goto err;
1570 } 1454 }
1571 1455
1572 SSL_set_connect_state(c_ssl); 1456 SSL_set_connect_state(c_ssl);
1573 SSL_set_bio(c_ssl,s_to_c,c_to_s); 1457 SSL_set_bio(c_ssl, s_to_c, c_to_s);
1574 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); 1458 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
1575 1459
1576 SSL_set_accept_state(s_ssl); 1460 SSL_set_accept_state(s_ssl);
1577 SSL_set_bio(s_ssl,c_to_s,s_to_c); 1461 SSL_set_bio(s_ssl, c_to_s, s_to_c);
1578 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); 1462 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
1579 1463
1580 c_r=0; s_r=1; 1464 c_r = 0;
1581 c_w=1; s_w=0; 1465 s_r = 1;
1582 c_write=1,s_write=0; 1466 c_w = 1;
1467 s_w = 0;
1468 c_write = 1, s_write = 0;
1583 1469
1584 /* We can always do writes */ 1470 /* We can always do writes */
1585 for (;;) 1471 for (;;) {
1586 { 1472 do_server = 0;
1587 do_server=0; 1473 do_client = 0;
1588 do_client=0;
1589 1474
1590 i=(int)BIO_pending(s_bio); 1475 i = (int)BIO_pending(s_bio);
1591 if ((i && s_r) || s_w) do_server=1; 1476 if ((i && s_r) || s_w)
1477 do_server = 1;
1592 1478
1593 i=(int)BIO_pending(c_bio); 1479 i = (int)BIO_pending(c_bio);
1594 if ((i && c_r) || c_w) do_client=1; 1480 if ((i && c_r) || c_w)
1481 do_client = 1;
1595 1482
1596 if (do_server && debug) 1483 if (do_server && debug) {
1597 {
1598 if (SSL_in_init(s_ssl)) 1484 if (SSL_in_init(s_ssl))
1599 printf("server waiting in SSL_accept - %s\n", 1485 printf("server waiting in SSL_accept - %s\n",
1600 SSL_state_string_long(s_ssl)); 1486 SSL_state_string_long(s_ssl));
1601/* else if (s_write) 1487/* else if (s_write)
1602 printf("server:SSL_write()\n"); 1488 printf("server:SSL_write()\n");
1603 else 1489 else
1604 printf("server:SSL_read()\n"); */ 1490 printf("server:SSL_read()\n"); */
1605 } 1491 }
1606 1492
1607 if (do_client && debug) 1493 if (do_client && debug) {
1608 {
1609 if (SSL_in_init(c_ssl)) 1494 if (SSL_in_init(c_ssl))
1610 printf("client waiting in SSL_connect - %s\n", 1495 printf("client waiting in SSL_connect - %s\n",
1611 SSL_state_string_long(c_ssl)); 1496 SSL_state_string_long(c_ssl));
1612/* else if (c_write) 1497/* else if (c_write)
1613 printf("client:SSL_write()\n"); 1498 printf("client:SSL_write()\n");
1614 else 1499 else
1615 printf("client:SSL_read()\n"); */ 1500 printf("client:SSL_read()\n"); */
1616 } 1501 }
1617 1502
1618 if (!do_client && !do_server) 1503 if (!do_client && !do_server) {
1619 { 1504 fprintf(stdout, "ERROR IN STARTUP\n");
1620 fprintf(stdout,"ERROR IN STARTUP\n");
1621 ERR_print_errors(bio_err); 1505 ERR_print_errors(bio_err);
1622 break; 1506 break;
1623 } 1507 }
1624 if (do_client && !(done & C_DONE)) 1508 if (do_client && !(done & C_DONE)) {
1625 { 1509 if (c_write) {
1626 if (c_write)
1627 {
1628 j = (cw_num > (long)sizeof(cbuf)) ? 1510 j = (cw_num > (long)sizeof(cbuf)) ?
1629 (int)sizeof(cbuf) : (int)cw_num; 1511 (int)sizeof(cbuf) : (int)cw_num;
1630 i=BIO_write(c_bio,cbuf,j); 1512 i = BIO_write(c_bio, cbuf, j);
1631 if (i < 0) 1513 if (i < 0) {
1632 { 1514 c_r = 0;
1633 c_r=0; 1515 c_w = 0;
1634 c_w=0; 1516 if (BIO_should_retry(c_bio)) {
1635 if (BIO_should_retry(c_bio))
1636 {
1637 if (BIO_should_read(c_bio)) 1517 if (BIO_should_read(c_bio))
1638 c_r=1; 1518 c_r = 1;
1639 if (BIO_should_write(c_bio)) 1519 if (BIO_should_write(c_bio))
1640 c_w=1; 1520 c_w = 1;
1641 } 1521 } else {
1642 else 1522 fprintf(stderr, "ERROR in CLIENT\n");
1643 {
1644 fprintf(stderr,"ERROR in CLIENT\n");
1645 ERR_print_errors(bio_err); 1523 ERR_print_errors(bio_err);
1646 goto err; 1524 goto err;
1647 }
1648 } 1525 }
1649 else if (i == 0) 1526 } else if (i == 0) {
1650 { 1527 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1651 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1652 goto err; 1528 goto err;
1653 } 1529 } else {
1654 else
1655 {
1656 if (debug) 1530 if (debug)
1657 printf("client wrote %d\n",i); 1531 printf("client wrote %d\n", i);
1658 /* ok */ 1532 /* ok */
1659 s_r=1; 1533 s_r = 1;
1660 c_write=0; 1534 c_write = 0;
1661 cw_num-=i; 1535 cw_num -= i;
1662 }
1663 } 1536 }
1664 else 1537 } else {
1665 { 1538 i = BIO_read(c_bio, cbuf, sizeof(cbuf));
1666 i=BIO_read(c_bio,cbuf,sizeof(cbuf)); 1539 if (i < 0) {
1667 if (i < 0) 1540 c_r = 0;
1668 { 1541 c_w = 0;
1669 c_r=0; 1542 if (BIO_should_retry(c_bio)) {
1670 c_w=0;
1671 if (BIO_should_retry(c_bio))
1672 {
1673 if (BIO_should_read(c_bio)) 1543 if (BIO_should_read(c_bio))
1674 c_r=1; 1544 c_r = 1;
1675 if (BIO_should_write(c_bio)) 1545 if (BIO_should_write(c_bio))
1676 c_w=1; 1546 c_w = 1;
1677 } 1547 } else {
1678 else 1548 fprintf(stderr, "ERROR in CLIENT\n");
1679 {
1680 fprintf(stderr,"ERROR in CLIENT\n");
1681 ERR_print_errors(bio_err); 1549 ERR_print_errors(bio_err);
1682 goto err; 1550 goto err;
1683 }
1684 } 1551 }
1685 else if (i == 0) 1552 } else if (i == 0) {
1686 { 1553 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1687 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1688 goto err; 1554 goto err;
1689 } 1555 } else {
1690 else
1691 {
1692 if (debug) 1556 if (debug)
1693 printf("client read %d\n",i); 1557 printf("client read %d\n", i);
1694 cr_num-=i; 1558 cr_num -= i;
1695 if (sw_num > 0) 1559 if (sw_num > 0) {
1696 { 1560 s_write = 1;
1697 s_write=1; 1561 s_w = 1;
1698 s_w=1; 1562 }
1699 } 1563 if (cr_num <= 0) {
1700 if (cr_num <= 0) 1564 s_write = 1;
1701 { 1565 s_w = 1;
1702 s_write=1; 1566 done = S_DONE|C_DONE;
1703 s_w=1;
1704 done=S_DONE|C_DONE;
1705 }
1706 } 1567 }
1707 } 1568 }
1708 } 1569 }
1570 }
1709 1571
1710 if (do_server && !(done & S_DONE)) 1572 if (do_server && !(done & S_DONE)) {
1711 { 1573 if (!s_write) {
1712 if (!s_write) 1574 i = BIO_read(s_bio, sbuf, sizeof(cbuf));
1713 { 1575 if (i < 0) {
1714 i=BIO_read(s_bio,sbuf,sizeof(cbuf)); 1576 s_r = 0;
1715 if (i < 0) 1577 s_w = 0;
1716 { 1578 if (BIO_should_retry(s_bio)) {
1717 s_r=0;
1718 s_w=0;
1719 if (BIO_should_retry(s_bio))
1720 {
1721 if (BIO_should_read(s_bio)) 1579 if (BIO_should_read(s_bio))
1722 s_r=1; 1580 s_r = 1;
1723 if (BIO_should_write(s_bio)) 1581 if (BIO_should_write(s_bio))
1724 s_w=1; 1582 s_w = 1;
1725 } 1583 } else {
1726 else 1584 fprintf(stderr, "ERROR in SERVER\n");
1727 {
1728 fprintf(stderr,"ERROR in SERVER\n");
1729 ERR_print_errors(bio_err); 1585 ERR_print_errors(bio_err);
1730 goto err; 1586 goto err;
1731 }
1732 } 1587 }
1733 else if (i == 0) 1588 } else if (i == 0) {
1734 {
1735 ERR_print_errors(bio_err); 1589 ERR_print_errors(bio_err);
1736 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n"); 1590 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n");
1737 goto err; 1591 goto err;
1738 } 1592 } else {
1739 else
1740 {
1741 if (debug) 1593 if (debug)
1742 printf("server read %d\n",i); 1594 printf("server read %d\n", i);
1743 sr_num-=i; 1595 sr_num -= i;
1744 if (cw_num > 0) 1596 if (cw_num > 0) {
1745 { 1597 c_write = 1;
1746 c_write=1; 1598 c_w = 1;
1747 c_w=1; 1599 }
1748 } 1600 if (sr_num <= 0) {
1749 if (sr_num <= 0) 1601 s_write = 1;
1750 { 1602 s_w = 1;
1751 s_write=1; 1603 c_write = 0;
1752 s_w=1;
1753 c_write=0;
1754 }
1755 } 1604 }
1756 } 1605 }
1757 else 1606 } else {
1758 {
1759 j = (sw_num > (long)sizeof(sbuf)) ? 1607 j = (sw_num > (long)sizeof(sbuf)) ?
1760 (int)sizeof(sbuf) : (int)sw_num; 1608 (int)sizeof(sbuf) : (int)sw_num;
1761 i=BIO_write(s_bio,sbuf,j); 1609 i = BIO_write(s_bio, sbuf, j);
1762 if (i < 0) 1610 if (i < 0) {
1763 { 1611 s_r = 0;
1764 s_r=0; 1612 s_w = 0;
1765 s_w=0; 1613 if (BIO_should_retry(s_bio)) {
1766 if (BIO_should_retry(s_bio))
1767 {
1768 if (BIO_should_read(s_bio)) 1614 if (BIO_should_read(s_bio))
1769 s_r=1; 1615 s_r = 1;
1770 if (BIO_should_write(s_bio)) 1616 if (BIO_should_write(s_bio))
1771 s_w=1; 1617 s_w = 1;
1772 } 1618 } else {
1773 else 1619 fprintf(stderr, "ERROR in SERVER\n");
1774 {
1775 fprintf(stderr,"ERROR in SERVER\n");
1776 ERR_print_errors(bio_err); 1620 ERR_print_errors(bio_err);
1777 goto err; 1621 goto err;
1778 }
1779 } 1622 }
1780 else if (i == 0) 1623 } else if (i == 0) {
1781 {
1782 ERR_print_errors(bio_err); 1624 ERR_print_errors(bio_err);
1783 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n"); 1625 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n");
1784 goto err; 1626 goto err;
1785 } 1627 } else {
1786 else
1787 {
1788 if (debug) 1628 if (debug)
1789 printf("server wrote %d\n",i); 1629 printf("server wrote %d\n", i);
1790 sw_num-=i; 1630 sw_num -= i;
1791 s_write=0; 1631 s_write = 0;
1792 c_r=1; 1632 c_r = 1;
1793 if (sw_num <= 0) 1633 if (sw_num <= 0)
1794 done|=S_DONE; 1634 done|=S_DONE;
1795 }
1796 } 1635 }
1797 } 1636 }
1798
1799 if ((done & S_DONE) && (done & C_DONE)) break;
1800 } 1637 }
1801 1638
1639 if ((done & S_DONE)
1640 && (done & C_DONE)) break;
1641 }
1642
1802 if (verbose) 1643 if (verbose)
1803 print_details(c_ssl, "DONE: "); 1644 print_details(c_ssl, "DONE: ");
1804 ret=0; 1645 ret = 0;
1805err: 1646err:
1806 /* We have to set the BIO's to NULL otherwise they will be 1647 /* We have to set the BIO's to NULL otherwise they will be
1807 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and 1648 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
@@ -1810,95 +1651,89 @@ err:
1810 * BIO structure and SSL_set_bio() and SSL_free() automatically 1651 * BIO structure and SSL_set_bio() and SSL_free() automatically
1811 * BIO_free non NULL entries. 1652 * BIO_free non NULL entries.
1812 * You should not normally do this or be required to do this */ 1653 * You should not normally do this or be required to do this */
1813 if (s_ssl != NULL) 1654 if (s_ssl != NULL) {
1814 { 1655 s_ssl->rbio = NULL;
1815 s_ssl->rbio=NULL; 1656 s_ssl->wbio = NULL;
1816 s_ssl->wbio=NULL; 1657 }
1817 } 1658 if (c_ssl != NULL) {
1818 if (c_ssl != NULL) 1659 c_ssl->rbio = NULL;
1819 { 1660 c_ssl->wbio = NULL;
1820 c_ssl->rbio=NULL;
1821 c_ssl->wbio=NULL;
1822 }
1823
1824 if (c_to_s != NULL) BIO_free(c_to_s);
1825 if (s_to_c != NULL) BIO_free(s_to_c);
1826 if (c_bio != NULL) BIO_free_all(c_bio);
1827 if (s_bio != NULL) BIO_free_all(s_bio);
1828 return(ret);
1829 } 1661 }
1830 1662
1831static int get_proxy_auth_ex_data_idx(void) 1663 if (c_to_s != NULL)
1832 { 1664 BIO_free(c_to_s);
1665 if (s_to_c != NULL)
1666 BIO_free(s_to_c);
1667 if (c_bio != NULL)
1668 BIO_free_all(c_bio);
1669 if (s_bio != NULL)
1670 BIO_free_all(s_bio);
1671 return (ret);
1672}
1673
1674static int
1675get_proxy_auth_ex_data_idx(void)
1676{
1833 static volatile int idx = -1; 1677 static volatile int idx = -1;
1834 if (idx < 0) 1678 if (idx < 0) {
1835 {
1836 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); 1679 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1837 if (idx < 0) 1680 if (idx < 0) {
1838 {
1839 idx = X509_STORE_CTX_get_ex_new_index(0, 1681 idx = X509_STORE_CTX_get_ex_new_index(0,
1840 "SSLtest for verify callback", NULL,NULL,NULL); 1682 "SSLtest for verify callback", NULL, NULL, NULL);
1841 }
1842 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1843 } 1683 }
1844 return idx; 1684 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1845 } 1685 }
1686 return idx;
1687}
1846 1688
1847static int verify_callback(int ok, X509_STORE_CTX *ctx) 1689static int
1848 { 1690verify_callback(int ok, X509_STORE_CTX *ctx)
1849 char *s,buf[256]; 1691{
1692 char *s, buf[256];
1850 1693
1851 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf, 1694 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
1852 sizeof buf); 1695 sizeof buf);
1853 if (s != NULL) 1696 if (s != NULL) {
1854 {
1855 if (ok) 1697 if (ok)
1856 fprintf(stderr,"depth=%d %s\n", 1698 fprintf(stderr, "depth=%d %s\n",
1857 ctx->error_depth,buf); 1699 ctx->error_depth, buf);
1858 else 1700 else {
1859 { 1701 fprintf(stderr, "depth=%d error=%d %s\n",
1860 fprintf(stderr,"depth=%d error=%d %s\n", 1702 ctx->error_depth, ctx->error, buf);
1861 ctx->error_depth,ctx->error,buf);
1862 }
1863 } 1703 }
1704 }
1864 1705
1865 if (ok == 0) 1706 if (ok == 0) {
1866 { 1707 fprintf(stderr, "Error string: %s\n",
1867 fprintf(stderr,"Error string: %s\n", 1708 X509_verify_cert_error_string(ctx->error));
1868 X509_verify_cert_error_string(ctx->error)); 1709 switch (ctx->error) {
1869 switch (ctx->error)
1870 {
1871 case X509_V_ERR_CERT_NOT_YET_VALID: 1710 case X509_V_ERR_CERT_NOT_YET_VALID:
1872 case X509_V_ERR_CERT_HAS_EXPIRED: 1711 case X509_V_ERR_CERT_HAS_EXPIRED:
1873 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1712 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1874 fprintf(stderr," ... ignored.\n"); 1713 fprintf(stderr, " ... ignored.\n");
1875 ok=1; 1714 ok = 1;
1876 }
1877 } 1715 }
1716 }
1878 1717
1879 if (ok == 1) 1718 if (ok == 1) {
1880 {
1881 X509 *xs = ctx->current_cert; 1719 X509 *xs = ctx->current_cert;
1882#if 0 1720#if 0
1883 X509 *xi = ctx->current_issuer; 1721 X509 *xi = ctx->current_issuer;
1884#endif 1722#endif
1885 1723
1886 if (xs->ex_flags & EXFLAG_PROXY) 1724 if (xs->ex_flags & EXFLAG_PROXY) {
1887 {
1888 unsigned int *letters = 1725 unsigned int *letters =
1889 X509_STORE_CTX_get_ex_data(ctx, 1726 X509_STORE_CTX_get_ex_data(ctx,
1890 get_proxy_auth_ex_data_idx()); 1727 get_proxy_auth_ex_data_idx());
1891 1728
1892 if (letters) 1729 if (letters) {
1893 {
1894 int found_any = 0; 1730 int found_any = 0;
1895 int i; 1731 int i;
1896 PROXY_CERT_INFO_EXTENSION *pci = 1732 PROXY_CERT_INFO_EXTENSION *pci =
1897 X509_get_ext_d2i(xs, NID_proxyCertInfo, 1733 X509_get_ext_d2i(xs, NID_proxyCertInfo,
1898 NULL, NULL); 1734 NULL, NULL);
1899 1735
1900 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) 1736 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
1901 {
1902 case NID_Independent: 1737 case NID_Independent:
1903 /* Completely meaningless in this 1738 /* Completely meaningless in this
1904 program, as there's no way to 1739 program, as there's no way to
@@ -1918,7 +1753,7 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)
1918 break; 1753 break;
1919 default: 1754 default:
1920 s = (char *) 1755 s = (char *)
1921 pci->proxyPolicy->policy->data; 1756 pci->proxyPolicy->policy->data;
1922 i = pci->proxyPolicy->policy->length; 1757 i = pci->proxyPolicy->policy->length;
1923 1758
1924 /* The algorithm works as follows: 1759 /* The algorithm works as follows:
@@ -1942,412 +1777,398 @@ static int verify_callback(int ok, X509_STORE_CTX *ctx)
1942 and clear all the others. */ 1777 and clear all the others. */
1943 1778
1944 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s); 1779 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
1945 while(i-- > 0) 1780 while (i-- > 0) {
1946 {
1947 int c = *s++; 1781 int c = *s++;
1948 if (isascii(c) && isalpha(c)) 1782 if (isascii(c) && isalpha(c)) {
1949 {
1950 if (islower(c)) 1783 if (islower(c))
1951 c = toupper(c); 1784 c = toupper(c);
1952 letters[c - 'A']++; 1785 letters[c - 'A']++;
1953 }
1954 } 1786 }
1787 }
1955 for (i = 0; i < 26; i++) 1788 for (i = 0; i < 26; i++)
1956 if (letters[i] < 2) 1789 if (letters[i] < 2)
1957 letters[i] = 0; 1790 letters[i] = 0;
1958 else 1791 else
1959 letters[i] = 1; 1792 letters[i] = 1;
1960 } 1793 }
1961 1794
1962 found_any = 0; 1795 found_any = 0;
1963 fprintf(stderr, 1796 fprintf(stderr, ", resulting proxy rights = ");
1964 ", resulting proxy rights = "); 1797 for (i = 0; i < 26; i++)
1965 for(i = 0; i < 26; i++) 1798 if (letters[i]) {
1966 if (letters[i]) 1799 fprintf(stderr, "%c", i + 'A');
1967 { 1800 found_any = 1;
1968 fprintf(stderr, "%c", i + 'A'); 1801 }
1969 found_any = 1;
1970 }
1971 if (!found_any) 1802 if (!found_any)
1972 fprintf(stderr, "none"); 1803 fprintf(stderr, "none");
1973 fprintf(stderr, "\n"); 1804 fprintf(stderr, "\n");
1974 1805
1975 PROXY_CERT_INFO_EXTENSION_free(pci); 1806 PROXY_CERT_INFO_EXTENSION_free(pci);
1976 }
1977 } 1807 }
1978 } 1808 }
1979
1980 return(ok);
1981 } 1809 }
1982 1810
1983static void process_proxy_debug(int indent, const char *format, ...) 1811 return (ok);
1984 { 1812}
1813
1814static void
1815process_proxy_debug(int indent, const char *format, ...)
1816{
1985 static const char indentation[] = 1817 static const char indentation[] =
1986 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" 1818 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1987 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */ 1819 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1988 char my_format[256]; 1820 char my_format[256];
1989 va_list args; 1821 va_list args;
1990 1822
1991 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s", 1823 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
1992 indent, indent, indentation, format); 1824 indent, indent, indentation, format);
1993 1825
1994 va_start(args, format); 1826 va_start(args, format);
1995 vfprintf(stderr, my_format, args); 1827 vfprintf(stderr, my_format, args);
1996 va_end(args); 1828 va_end(args);
1997 } 1829}
1998/* Priority levels: 1830/* Priority levels:
1999 0 [!]var, () 1831 0 [!]var, ()
2000 1 & ^ 1832 1 & ^
2001 2 | 1833 2 |
2002*/ 1834*/
2003static int process_proxy_cond_adders(unsigned int letters[26], 1835static int process_proxy_cond_adders(unsigned int letters[26],
2004 const char *cond, const char **cond_end, int *pos, int indent); 1836 const char *cond, const char **cond_end, int *pos, int indent);
2005static int process_proxy_cond_val(unsigned int letters[26], 1837
2006 const char *cond, const char **cond_end, int *pos, int indent) 1838static int
2007 { 1839process_proxy_cond_val(unsigned int letters[26], const char *cond,
1840 const char **cond_end, int *pos, int indent)
1841{
2008 int c; 1842 int c;
2009 int ok = 1; 1843 int ok = 1;
2010 int negate = 0; 1844 int negate = 0;
2011 1845
2012 while(isspace((int)*cond)) 1846 while (isspace((int)*cond)) {
2013 { 1847 cond++;
2014 cond++; (*pos)++; 1848 (*pos)++;
2015 } 1849 }
2016 c = *cond; 1850 c = *cond;
2017 1851
2018 if (debug) 1852 if (debug)
2019 process_proxy_debug(indent, 1853 process_proxy_debug(indent,
2020 "Start process_proxy_cond_val at position %d: %s\n", 1854 "Start process_proxy_cond_val at position %d: %s\n",
2021 *pos, cond); 1855 *pos, cond);
2022 1856
2023 while(c == '!') 1857 while (c == '!') {
2024 {
2025 negate = !negate; 1858 negate = !negate;
2026 cond++; (*pos)++; 1859 cond++;
2027 while(isspace((int)*cond)) 1860 (*pos)++;
2028 { 1861 while (isspace((int)*cond)) {
2029 cond++; (*pos)++; 1862 cond++;
2030 } 1863 (*pos)++;
2031 c = *cond;
2032 } 1864 }
1865 c = *cond;
1866 }
2033 1867
2034 if (c == '(') 1868 if (c == '(') {
2035 { 1869 cond++;
2036 cond++; (*pos)++; 1870 (*pos)++;
2037 ok = process_proxy_cond_adders(letters, cond, cond_end, pos, 1871 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2038 indent + 1); 1872 indent + 1);
2039 cond = *cond_end; 1873 cond = *cond_end;
2040 if (ok < 0) 1874 if (ok < 0)
2041 goto end; 1875 goto end;
2042 while(isspace((int)*cond)) 1876 while (isspace((int)*cond)) {
2043 { 1877 cond++;
2044 cond++; (*pos)++; 1878 (*pos)++;
2045 } 1879 }
2046 c = *cond; 1880 c = *cond;
2047 if (c != ')') 1881 if (c != ')') {
2048 {
2049 fprintf(stderr, 1882 fprintf(stderr,
2050 "Weird condition character in position %d: " 1883 "Weird condition character in position %d: "
2051 "%c\n", *pos, c); 1884 "%c\n", *pos, c);
2052 ok = -1; 1885 ok = -1;
2053 goto end; 1886 goto end;
2054 }
2055 cond++; (*pos)++;
2056 } 1887 }
2057 else if (isascii(c) && isalpha(c)) 1888 cond++;
2058 { 1889 (*pos)++;
1890 } else if (isascii(c) && isalpha(c)) {
2059 if (islower(c)) 1891 if (islower(c))
2060 c = toupper(c); 1892 c = toupper(c);
2061 ok = letters[c - 'A']; 1893 ok = letters[c - 'A'];
2062 cond++; (*pos)++; 1894 cond++;
2063 } 1895 (*pos)++;
2064 else 1896 } else {
2065 {
2066 fprintf(stderr, 1897 fprintf(stderr,
2067 "Weird condition character in position %d: " 1898 "Weird condition character in position %d: "
2068 "%c\n", *pos, c); 1899 "%c\n", *pos, c);
2069 ok = -1; 1900 ok = -1;
2070 goto end; 1901 goto end;
2071 } 1902 }
2072 end: 1903 end:
2073 *cond_end = cond; 1904 *cond_end = cond;
2074 if (ok >= 0 && negate) 1905 if (ok >= 0 && negate)
2075 ok = !ok; 1906 ok = !ok;
2076 1907
2077 if (debug) 1908 if (debug)
2078 process_proxy_debug(indent, 1909 process_proxy_debug(indent,
2079 "End process_proxy_cond_val at position %d: %s, returning %d\n", 1910 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2080 *pos, cond, ok); 1911 *pos, cond, ok);
2081 1912
2082 return ok; 1913 return ok;
2083 } 1914}
2084static int process_proxy_cond_multipliers(unsigned int letters[26], 1915
2085 const char *cond, const char **cond_end, int *pos, int indent) 1916static int
2086 { 1917process_proxy_cond_multipliers(unsigned int letters[26], const char *cond,
1918 const char **cond_end, int *pos, int indent)
1919{
2087 int ok; 1920 int ok;
2088 char c; 1921 char c;
2089 1922
2090 if (debug) 1923 if (debug)
2091 process_proxy_debug(indent, 1924 process_proxy_debug(indent,
2092 "Start process_proxy_cond_multipliers at position %d: %s\n", 1925 "Start process_proxy_cond_multipliers at position %d: %s\n",
2093 *pos, cond); 1926 *pos, cond);
2094 1927
2095 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1); 1928 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2096 cond = *cond_end; 1929 cond = *cond_end;
2097 if (ok < 0) 1930 if (ok < 0)
2098 goto end; 1931 goto end;
2099 1932
2100 while(ok >= 0) 1933 while (ok >= 0) {
2101 { 1934 while (isspace((int)*cond)) {
2102 while(isspace((int)*cond)) 1935 cond++;
2103 { 1936 (*pos)++;
2104 cond++; (*pos)++; 1937 }
2105 }
2106 c = *cond; 1938 c = *cond;
2107 1939
2108 switch(c) 1940 switch (c) {
2109 {
2110 case '&': 1941 case '&':
2111 case '^': 1942 case '^':
2112 { 1943 {
2113 int save_ok = ok; 1944 int save_ok = ok;
2114 1945
2115 cond++; (*pos)++; 1946 cond++;
2116 ok = process_proxy_cond_val(letters, 1947 (*pos)++;
2117 cond, cond_end, pos, indent + 1); 1948 ok = process_proxy_cond_val(letters,
2118 cond = *cond_end; 1949 cond, cond_end, pos, indent + 1);
2119 if (ok < 0) 1950 cond = *cond_end;
2120 break; 1951 if (ok < 0)
2121 1952 break;
2122 switch(c) 1953
2123 { 1954 switch (c) {
2124 case '&': 1955 case '&':
2125 ok &= save_ok; 1956 ok &= save_ok;
2126 break; 1957 break;
2127 case '^': 1958 case '^':
2128 ok ^= save_ok; 1959 ok ^= save_ok;
2129 break; 1960 break;
2130 default: 1961 default:
2131 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" 1962 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2132 " STOPPING\n"); 1963 " STOPPING\n");
2133 exit(1); 1964 exit(1);
2134 } 1965 }
2135 } 1966 }
2136 break; 1967 break;
2137 default: 1968 default:
2138 goto end; 1969 goto end;
2139 }
2140 } 1970 }
2141 end: 1971 }
1972 end:
2142 if (debug) 1973 if (debug)
2143 process_proxy_debug(indent, 1974 process_proxy_debug(indent,
2144 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n", 1975 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2145 *pos, cond, ok); 1976 *pos, cond, ok);
2146 1977
2147 *cond_end = cond; 1978 *cond_end = cond;
2148 return ok; 1979 return ok;
2149 } 1980}
2150static int process_proxy_cond_adders(unsigned int letters[26], 1981
2151 const char *cond, const char **cond_end, int *pos, int indent) 1982static int
2152 { 1983process_proxy_cond_adders(unsigned int letters[26], const char *cond,
1984 const char **cond_end, int *pos, int indent)
1985{
2153 int ok; 1986 int ok;
2154 char c; 1987 char c;
2155 1988
2156 if (debug) 1989 if (debug)
2157 process_proxy_debug(indent, 1990 process_proxy_debug(indent,
2158 "Start process_proxy_cond_adders at position %d: %s\n", 1991 "Start process_proxy_cond_adders at position %d: %s\n",
2159 *pos, cond); 1992 *pos, cond);
2160 1993
2161 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos, 1994 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2162 indent + 1); 1995 indent + 1);
2163 cond = *cond_end; 1996 cond = *cond_end;
2164 if (ok < 0) 1997 if (ok < 0)
2165 goto end; 1998 goto end;
2166 1999
2167 while(ok >= 0) 2000 while (ok >= 0) {
2168 { 2001 while (isspace((int)*cond)) {
2169 while(isspace((int)*cond)) 2002 cond++;
2170 { 2003 (*pos)++;
2171 cond++; (*pos)++; 2004 }
2172 }
2173 c = *cond; 2005 c = *cond;
2174 2006
2175 switch(c) 2007 switch (c) {
2176 {
2177 case '|': 2008 case '|':
2178 { 2009 {
2179 int save_ok = ok; 2010 int save_ok = ok;
2180 2011
2181 cond++; (*pos)++; 2012 cond++;
2182 ok = process_proxy_cond_multipliers(letters, 2013 (*pos)++;
2183 cond, cond_end, pos, indent + 1); 2014 ok = process_proxy_cond_multipliers(letters,
2184 cond = *cond_end; 2015 cond, cond_end, pos, indent + 1);
2185 if (ok < 0) 2016 cond = *cond_end;
2186 break; 2017 if (ok < 0)
2187 2018 break;
2188 switch(c) 2019
2189 { 2020 switch (c) {
2190 case '|': 2021 case '|':
2191 ok |= save_ok; 2022 ok |= save_ok;
2192 break; 2023 break;
2193 default: 2024 default:
2194 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!" 2025 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2195 " STOPPING\n"); 2026 " STOPPING\n");
2196 exit(1); 2027 exit(1);
2197 } 2028 }
2198 } 2029 }
2199 break; 2030 break;
2200 default: 2031 default:
2201 goto end; 2032 goto end;
2202 }
2203 } 2033 }
2204 end: 2034 }
2035 end:
2205 if (debug) 2036 if (debug)
2206 process_proxy_debug(indent, 2037 process_proxy_debug(indent,
2207 "End process_proxy_cond_adders at position %d: %s, returning %d\n", 2038 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2208 *pos, cond, ok); 2039 *pos, cond, ok);
2209 2040
2210 *cond_end = cond; 2041 *cond_end = cond;
2211 return ok; 2042 return ok;
2212 } 2043}
2213 2044
2214static int process_proxy_cond(unsigned int letters[26], 2045static int
2215 const char *cond, const char **cond_end) 2046process_proxy_cond(unsigned int letters[26], const char *cond,
2216 { 2047 const char **cond_end)
2048{
2217 int pos = 1; 2049 int pos = 1;
2218 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1); 2050 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
2219 } 2051}
2220 2052
2221static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) 2053static int
2222 { 2054app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2223 int ok=1; 2055{
2056 int ok = 1;
2224 struct app_verify_arg *cb_arg = arg; 2057 struct app_verify_arg *cb_arg = arg;
2225 unsigned int letters[26]; /* only used with proxy_auth */ 2058 unsigned int letters[26]; /* only used with proxy_auth */
2226 2059
2227 if (cb_arg->app_verify) 2060 if (cb_arg->app_verify) {
2228 { 2061 char *s = NULL, buf[256];
2229 char *s = NULL,buf[256];
2230 2062
2231 fprintf(stderr, "In app_verify_callback, allowing cert. "); 2063 fprintf(stderr, "In app_verify_callback, allowing cert. ");
2232 fprintf(stderr, "Arg is: %s\n", cb_arg->string); 2064 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
2233 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", 2065 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2234 (void *)ctx, (void *)ctx->cert); 2066 (void *)ctx, (void *)ctx->cert);
2235 if (ctx->cert) 2067 if (ctx->cert)
2236 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256); 2068 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
2237 if (s != NULL) 2069 if (s != NULL) {
2238 { 2070 fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
2239 fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
2240 }
2241 return(1);
2242 } 2071 }
2243 if (cb_arg->proxy_auth) 2072 return (1);
2244 { 2073 }
2074 if (cb_arg->proxy_auth) {
2245 int found_any = 0, i; 2075 int found_any = 0, i;
2246 char *sp; 2076 char *sp;
2247 2077
2248 for(i = 0; i < 26; i++) 2078 for (i = 0; i < 26; i++)
2249 letters[i] = 0; 2079 letters[i] = 0;
2250 for(sp = cb_arg->proxy_auth; *sp; sp++) 2080 for (sp = cb_arg->proxy_auth; *sp; sp++) {
2251 {
2252 int c = *sp; 2081 int c = *sp;
2253 if (isascii(c) && isalpha(c)) 2082 if (isascii(c) && isalpha(c)) {
2254 {
2255 if (islower(c)) 2083 if (islower(c))
2256 c = toupper(c); 2084 c = toupper(c);
2257 letters[c - 'A'] = 1; 2085 letters[c - 'A'] = 1;
2258 }
2259 } 2086 }
2087 }
2260 2088
2261 fprintf(stderr, 2089 fprintf(stderr, " Initial proxy rights = ");
2262 " Initial proxy rights = "); 2090 for (i = 0; i < 26; i++)
2263 for(i = 0; i < 26; i++) 2091 if (letters[i]) {
2264 if (letters[i]) 2092 fprintf(stderr, "%c", i + 'A');
2265 { 2093 found_any = 1;
2266 fprintf(stderr, "%c", i + 'A'); 2094 }
2267 found_any = 1;
2268 }
2269 if (!found_any) 2095 if (!found_any)
2270 fprintf(stderr, "none"); 2096 fprintf(stderr, "none");
2271 fprintf(stderr, "\n"); 2097 fprintf(stderr, "\n");
2272 2098
2273 X509_STORE_CTX_set_ex_data(ctx, 2099 X509_STORE_CTX_set_ex_data(ctx,
2274 get_proxy_auth_ex_data_idx(),letters); 2100 get_proxy_auth_ex_data_idx(), letters);
2275 } 2101 }
2276 if (cb_arg->allow_proxy_certs) 2102 if (cb_arg->allow_proxy_certs) {
2277 {
2278 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); 2103 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
2279 } 2104 }
2280 2105
2281#ifndef OPENSSL_NO_X509_VERIFY 2106#ifndef OPENSSL_NO_X509_VERIFY
2282 ok = X509_verify_cert(ctx); 2107 ok = X509_verify_cert(ctx);
2283#endif 2108#endif
2284 2109
2285 if (cb_arg->proxy_auth) 2110 if (cb_arg->proxy_auth) {
2286 { 2111 if (ok > 0) {
2287 if (ok > 0)
2288 {
2289 const char *cond_end = NULL; 2112 const char *cond_end = NULL;
2290 2113
2291 ok = process_proxy_cond(letters, 2114 ok = process_proxy_cond(letters,
2292 cb_arg->proxy_cond, &cond_end); 2115 cb_arg->proxy_cond, &cond_end);
2293 2116
2294 if (ok < 0) 2117 if (ok < 0)
2295 exit(3); 2118 exit(3);
2296 if (*cond_end) 2119 if (*cond_end) {
2297 {
2298 fprintf(stderr, "Stopped processing condition before it's end.\n"); 2120 fprintf(stderr, "Stopped processing condition before it's end.\n");
2299 ok = 0; 2121 ok = 0;
2300 } 2122 }
2301 if (!ok) 2123 if (!ok)
2302 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n", 2124 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
2303 cb_arg->proxy_cond); 2125 cb_arg->proxy_cond);
2304 else 2126 else
2305 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n", 2127 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
2306 cb_arg->proxy_cond); 2128 cb_arg->proxy_cond);
2307 }
2308 } 2129 }
2309 return(ok);
2310 } 2130 }
2131 return (ok);
2132}
2311 2133
2312#ifndef OPENSSL_NO_RSA 2134#ifndef OPENSSL_NO_RSA
2313static RSA *rsa_tmp=NULL; 2135static RSA *rsa_tmp = NULL;
2314 2136
2315static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) 2137static RSA
2316 { 2138*tmp_rsa_cb(SSL *s, int is_export, int keylength)
2139{
2317 BIGNUM *bn = NULL; 2140 BIGNUM *bn = NULL;
2318 if (rsa_tmp == NULL) 2141 if (rsa_tmp == NULL) {
2319 {
2320 bn = BN_new(); 2142 bn = BN_new();
2321 rsa_tmp = RSA_new(); 2143 rsa_tmp = RSA_new();
2322 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) 2144 if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
2323 {
2324 BIO_printf(bio_err, "Memory error..."); 2145 BIO_printf(bio_err, "Memory error...");
2325 goto end; 2146 goto end;
2326 } 2147 }
2327 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 2148 BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
2328 (void)BIO_flush(bio_err); 2149 (void)BIO_flush(bio_err);
2329 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL)) 2150 if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2330 {
2331 BIO_printf(bio_err, "Error generating key."); 2151 BIO_printf(bio_err, "Error generating key.");
2332 RSA_free(rsa_tmp); 2152 RSA_free(rsa_tmp);
2333 rsa_tmp = NULL; 2153 rsa_tmp = NULL;
2334 } 2154 }
2335end: 2155end:
2336 BIO_printf(bio_err,"\n"); 2156 BIO_printf(bio_err, "\n");
2337 (void)BIO_flush(bio_err); 2157 (void)BIO_flush(bio_err);
2338 }
2339 if(bn) BN_free(bn);
2340 return(rsa_tmp);
2341 } 2158 }
2159 if (bn)
2160 BN_free(bn);
2161 return (rsa_tmp);
2162}
2342 2163
2343static void free_tmp_rsa(void) 2164static void
2344 { 2165free_tmp_rsa(void)
2345 if (rsa_tmp != NULL) 2166{
2346 { 2167 if (rsa_tmp != NULL) {
2347 RSA_free(rsa_tmp); 2168 RSA_free(rsa_tmp);
2348 rsa_tmp = NULL; 2169 rsa_tmp = NULL;
2349 }
2350 } 2170 }
2171}
2351#endif 2172#endif
2352 2173
2353#ifndef OPENSSL_NO_DH 2174#ifndef OPENSSL_NO_DH
@@ -2357,129 +2178,136 @@ static void free_tmp_rsa(void)
2357 * $ openssl dhparam -C -noout -dsaparam 1024 2178 * $ openssl dhparam -C -noout -dsaparam 1024
2358 * (The third function has been renamed to avoid name conflicts.) 2179 * (The third function has been renamed to avoid name conflicts.)
2359 */ 2180 */
2360static DH *get_dh512() 2181static DH
2361 { 2182*get_dh512()
2362 static unsigned char dh512_p[]={ 2183{
2363 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6, 2184 static unsigned char dh512_p[] = {
2364 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0, 2185 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0, 0xC6,
2365 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F, 2186 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04, 0xB0,
2366 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8, 2187 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9, 0x5F,
2367 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33, 2188 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33, 0xB8,
2368 0x02,0xC5,0xAE,0x23, 2189 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21, 0x33,
2369 }; 2190 0x02, 0xC5, 0xAE, 0x23,
2370 static unsigned char dh512_g[]={ 2191 };
2192 static unsigned char dh512_g[] = {
2371 0x02, 2193 0x02,
2372 }; 2194 };
2373 DH *dh; 2195 DH *dh;
2374 2196
2375 if ((dh=DH_new()) == NULL) return(NULL); 2197 if ((dh = DH_new()) == NULL) return (NULL);
2376 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 2198 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2377 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 2199 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2378 if ((dh->p == NULL) || (dh->g == NULL)) 2200 if ((dh->p == NULL) || (dh->g == NULL)) {
2379 { DH_free(dh); return(NULL); } 2201 DH_free(dh);
2380 return(dh); 2202 return (NULL);
2381 } 2203 }
2382 2204 return (dh);
2383static DH *get_dh1024() 2205}
2384 { 2206
2385 static unsigned char dh1024_p[]={ 2207static DH
2386 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A, 2208*get_dh1024()
2387 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2, 2209{
2388 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0, 2210 static unsigned char dh1024_p[] = {
2389 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2, 2211 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A,
2390 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C, 2212 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2,
2391 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8, 2213 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0,
2392 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52, 2214 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2,
2393 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1, 2215 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C,
2394 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1, 2216 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8,
2395 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB, 2217 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52,
2396 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53, 2218 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1,
2397 }; 2219 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1,
2398 static unsigned char dh1024_g[]={ 2220 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB,
2221 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2222 };
2223 static unsigned char dh1024_g[] = {
2399 0x02, 2224 0x02,
2400 }; 2225 };
2401 DH *dh; 2226 DH *dh;
2402 2227
2403 if ((dh=DH_new()) == NULL) return(NULL); 2228 if ((dh = DH_new()) == NULL) return (NULL);
2404 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); 2229 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2405 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); 2230 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2406 if ((dh->p == NULL) || (dh->g == NULL)) 2231 if ((dh->p == NULL) || (dh->g == NULL)) {
2407 { DH_free(dh); return(NULL); } 2232 DH_free(dh);
2408 return(dh); 2233 return (NULL);
2409 } 2234 }
2410 2235 return (dh);
2411static DH *get_dh1024dsa() 2236}
2412 { 2237
2413 static unsigned char dh1024_p[]={ 2238static DH
2414 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00, 2239*get_dh1024dsa()
2415 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19, 2240{
2416 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2, 2241 static unsigned char dh1024_p[] = {
2417 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55, 2242 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
2418 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC, 2243 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
2419 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97, 2244 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
2420 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D, 2245 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
2421 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB, 2246 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
2422 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6, 2247 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
2423 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E, 2248 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
2424 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39, 2249 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
2425 }; 2250 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
2426 static unsigned char dh1024_g[]={ 2251 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
2427 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05, 2252 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2428 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3, 2253 };
2429 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9, 2254 static unsigned char dh1024_g[] = {
2430 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C, 2255 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
2431 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65, 2256 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
2432 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60, 2257 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
2433 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6, 2258 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
2434 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7, 2259 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
2435 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1, 2260 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
2436 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60, 2261 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
2437 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2, 2262 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
2438 }; 2263 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
2264 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
2265 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
2266 };
2439 DH *dh; 2267 DH *dh;
2440 2268
2441 if ((dh=DH_new()) == NULL) return(NULL); 2269 if ((dh = DH_new()) == NULL) return (NULL);
2442 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); 2270 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2443 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); 2271 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2444 if ((dh->p == NULL) || (dh->g == NULL)) 2272 if ((dh->p == NULL) || (dh->g == NULL)) {
2445 { DH_free(dh); return(NULL); } 2273 DH_free(dh);
2446 dh->length = 160; 2274 return (NULL);
2447 return(dh);
2448 } 2275 }
2276 dh->length = 160;
2277 return (dh);
2278}
2449#endif 2279#endif
2450 2280
2451#ifndef OPENSSL_NO_PSK 2281#ifndef OPENSSL_NO_PSK
2452/* convert the PSK key (psk_key) in ascii to binary (psk) */ 2282/* convert the PSK key (psk_key) in ascii to binary (psk) */
2453static int psk_key2bn(const char *pskkey, unsigned char *psk, 2283static int
2454 unsigned int max_psk_len) 2284psk_key2bn(const char *pskkey, unsigned char *psk, unsigned int max_psk_len)
2455 { 2285{
2456 int ret; 2286 int ret;
2457 BIGNUM *bn = NULL; 2287 BIGNUM *bn = NULL;
2458 2288
2459 ret = BN_hex2bn(&bn, pskkey); 2289 ret = BN_hex2bn(&bn, pskkey);
2460 if (!ret) 2290 if (!ret) {
2461 { 2291 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey);
2462 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey);
2463 if (bn) 2292 if (bn)
2464 BN_free(bn); 2293 BN_free(bn);
2465 return 0; 2294 return 0;
2466 } 2295 }
2467 if (BN_num_bytes(bn) > (int)max_psk_len) 2296 if (BN_num_bytes(bn) > (int)max_psk_len) {
2468 { 2297 BIO_printf(bio_err, "psk buffer of callback is too small (%d) for key (%d)\n",
2469 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n", 2298 max_psk_len, BN_num_bytes(bn));
2470 max_psk_len, BN_num_bytes(bn));
2471 BN_free(bn); 2299 BN_free(bn);
2472 return 0; 2300 return 0;
2473 } 2301 }
2474 ret = BN_bn2bin(bn, psk); 2302 ret = BN_bn2bin(bn, psk);
2475 BN_free(bn); 2303 BN_free(bn);
2476 return ret; 2304 return ret;
2477 } 2305}
2478 2306
2479static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity, 2307static unsigned int
2480 unsigned int max_identity_len, unsigned char *psk, 2308psk_client_callback(SSL *ssl, const char *hint, char *identity,
2481 unsigned int max_psk_len) 2309 unsigned int max_identity_len, unsigned char *psk, unsigned int max_psk_len)
2482 { 2310{
2483 int ret; 2311 int ret;
2484 unsigned int psk_len = 0; 2312 unsigned int psk_len = 0;
2485 2313
@@ -2494,25 +2322,26 @@ static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identi
2494 psk_len = ret; 2322 psk_len = ret;
2495out_err: 2323out_err:
2496 return psk_len; 2324 return psk_len;
2497 } 2325}
2498 2326
2499static unsigned int psk_server_callback(SSL *ssl, const char *identity, 2327static unsigned int
2500 unsigned char *psk, unsigned int max_psk_len) 2328psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
2501 { 2329 unsigned int max_psk_len)
2502 unsigned int psk_len=0; 2330{
2331 unsigned int psk_len = 0;
2503 2332
2504 if (strcmp(identity, "Client_identity") != 0) 2333 if (strcmp(identity, "Client_identity") != 0) {
2505 {
2506 BIO_printf(bio_err, "server: PSK error: client identity not found\n"); 2334 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
2507 return 0; 2335 return 0;
2508 }
2509 psk_len=psk_key2bn(psk_key, psk, max_psk_len);
2510 return psk_len;
2511 } 2336 }
2337 psk_len = psk_key2bn(psk_key, psk, max_psk_len);
2338 return psk_len;
2339}
2512#endif 2340#endif
2513 2341
2514static int do_test_cipherlist(void) 2342static int
2515 { 2343do_test_cipherlist(void)
2344{
2516 int i = 0; 2345 int i = 0;
2517 const SSL_METHOD *meth; 2346 const SSL_METHOD *meth;
2518 const SSL_CIPHER *ci, *tci = NULL; 2347 const SSL_CIPHER *ci, *tci = NULL;
@@ -2520,50 +2349,44 @@ static int do_test_cipherlist(void)
2520#ifndef OPENSSL_NO_SSL2 2349#ifndef OPENSSL_NO_SSL2
2521 fprintf(stderr, "testing SSLv2 cipher list order: "); 2350 fprintf(stderr, "testing SSLv2 cipher list order: ");
2522 meth = SSLv2_method(); 2351 meth = SSLv2_method();
2523 while ((ci = meth->get_cipher(i++)) != NULL) 2352 while ((ci = meth->get_cipher(i++)) != NULL) {
2524 {
2525 if (tci != NULL) 2353 if (tci != NULL)
2526 if (ci->id >= tci->id) 2354 if (ci->id >= tci->id) {
2527 { 2355 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2528 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 2356 return 0;
2529 return 0;
2530 }
2531 tci = ci;
2532 } 2357 }
2358 tci = ci;
2359 }
2533 fprintf(stderr, "ok\n"); 2360 fprintf(stderr, "ok\n");
2534#endif 2361#endif
2535#ifndef OPENSSL_NO_SSL3 2362#ifndef OPENSSL_NO_SSL3
2536 fprintf(stderr, "testing SSLv3 cipher list order: "); 2363 fprintf(stderr, "testing SSLv3 cipher list order: ");
2537 meth = SSLv3_method(); 2364 meth = SSLv3_method();
2538 tci = NULL; 2365 tci = NULL;
2539 while ((ci = meth->get_cipher(i++)) != NULL) 2366 while ((ci = meth->get_cipher(i++)) != NULL) {
2540 {
2541 if (tci != NULL) 2367 if (tci != NULL)
2542 if (ci->id >= tci->id) 2368 if (ci->id >= tci->id) {
2543 {
2544 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 2369 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2545 return 0; 2370 return 0;
2546 }
2547 tci = ci;
2548 } 2371 }
2372 tci = ci;
2373 }
2549 fprintf(stderr, "ok\n"); 2374 fprintf(stderr, "ok\n");
2550#endif 2375#endif
2551#ifndef OPENSSL_NO_TLS1 2376#ifndef OPENSSL_NO_TLS1
2552 fprintf(stderr, "testing TLSv1 cipher list order: "); 2377 fprintf(stderr, "testing TLSv1 cipher list order: ");
2553 meth = TLSv1_method(); 2378 meth = TLSv1_method();
2554 tci = NULL; 2379 tci = NULL;
2555 while ((ci = meth->get_cipher(i++)) != NULL) 2380 while ((ci = meth->get_cipher(i++)) != NULL) {
2556 {
2557 if (tci != NULL) 2381 if (tci != NULL)
2558 if (ci->id >= tci->id) 2382 if (ci->id >= tci->id) {
2559 {
2560 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id); 2383 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
2561 return 0; 2384 return 0;
2562 }
2563 tci = ci;
2564 } 2385 }
2386 tci = ci;
2387 }
2565 fprintf(stderr, "ok\n"); 2388 fprintf(stderr, "ok\n");
2566#endif 2389#endif
2567 2390
2568 return 1; 2391 return 1;
2569 } 2392}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 21:13:39 +0000