| ssltest.c (55714) | ssltest.c (59191) |
|---|---|
| 1/* ssl/ssltest.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 42 unchanged lines hidden (view full) --- 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 | 1/* ssl/ssltest.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 42 unchanged lines hidden (view full) --- 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 |
| 59#include <assert.h> 60#include <errno.h> 61#include <limits.h> |
|
| 59#include <stdio.h> 60#include <stdlib.h> 61#include <string.h> | 62#include <stdio.h> 63#include <stdlib.h> 64#include <string.h> |
| 62#include <errno.h> 63#include <limits.h> | 65#include <time.h> |
| 64 65#include "openssl/e_os.h" 66 67#include <openssl/bio.h> 68#include <openssl/crypto.h> | 66 67#include "openssl/e_os.h" 68 69#include <openssl/bio.h> 70#include <openssl/crypto.h> |
| 71#include <openssl/evp.h> |
|
| 69#include <openssl/x509.h> 70#include <openssl/ssl.h> 71#include <openssl/err.h> | 72#include <openssl/x509.h> 73#include <openssl/ssl.h> 74#include <openssl/err.h> |
| 75#include <openssl/rand.h> |
|
| 72#ifdef WINDOWS 73#include "../crypto/bio/bss_file.c" 74#endif 75 | 76#ifdef WINDOWS 77#include "../crypto/bio/bss_file.c" 78#endif 79 |
| 76#if defined(NO_RSA) && !defined(NO_SSL2) 77#define NO_SSL2 78#endif 79 | |
| 80#ifdef VMS 81# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" 82# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" 83#else 84# define TEST_SERVER_CERT "../apps/server.pem" 85# define TEST_CLIENT_CERT "../apps/client.pem" 86#endif 87 | 80#ifdef VMS 81# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" 82# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" 83#else 84# define TEST_SERVER_CERT "../apps/server.pem" 85# define TEST_CLIENT_CERT "../apps/client.pem" 86#endif 87 |
| 88int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); | 88static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
| 89#ifndef NO_RSA 90static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); 91#endif 92#ifndef NO_DH 93static DH *get_dh512(void); | 89#ifndef NO_RSA 90static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); 91#endif 92#ifndef NO_DH 93static DH *get_dh512(void); |
| 94static DH *get_dh1024(void); 95static DH *get_dh1024dsa(void); |
|
| 94#endif | 96#endif |
| 95BIO *bio_err=NULL; 96BIO *bio_stdout=NULL; | |
| 97 | 97 |
| 98static BIO *bio_err=NULL; 99static BIO *bio_stdout=NULL; 100 |
|
| 98static char *cipher=NULL; | 101static char *cipher=NULL; |
| 99int verbose=0; 100int debug=0; | 102static int verbose=0; 103static int debug=0; |
| 101#if 0 102/* Not used yet. */ 103#ifdef FIONBIO 104static int s_nbio=0; 105#endif 106#endif 107 | 104#if 0 105/* Not used yet. */ 106#ifdef FIONBIO 107static int s_nbio=0; 108#endif 109#endif 110 |
| 111static const char rnd_seed[] = "string to make the random number generator think it has entropy"; |
|
| 108 | 112 |
| 109int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes); | 113int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time); |
| 110int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 111static void sv_usage(void) 112 { 113 fprintf(stderr,"usage: ssltest [args ...]\n"); 114 fprintf(stderr,"\n"); 115 fprintf(stderr," -server_auth - check server certificate\n"); 116 fprintf(stderr," -client_auth - do client authentication\n"); 117 fprintf(stderr," -v - more output\n"); 118 fprintf(stderr," -d - debug output\n"); 119 fprintf(stderr," -reuse - use session-id reuse\n"); 120 fprintf(stderr," -num <val> - number of connections to perform\n"); 121 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); | 114int doit(SSL *s_ssl,SSL *c_ssl,long bytes); 115static void sv_usage(void) 116 { 117 fprintf(stderr,"usage: ssltest [args ...]\n"); 118 fprintf(stderr,"\n"); 119 fprintf(stderr," -server_auth - check server certificate\n"); 120 fprintf(stderr," -client_auth - do client authentication\n"); 121 fprintf(stderr," -v - more output\n"); 122 fprintf(stderr," -d - debug output\n"); 123 fprintf(stderr," -reuse - use session-id reuse\n"); 124 fprintf(stderr," -num <val> - number of connections to perform\n"); 125 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); |
| 122#if !defined NO_DH && !defined NO_DSA 123 fprintf(stderr," -dhe1024 - generate 1024 bit key for DHE\n"); | 126#ifndef NO_DH 127 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); 128 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 129 fprintf(stderr," -no_dhe - disable DHE\n"); |
| 124#endif 125#ifndef NO_SSL2 126 fprintf(stderr," -ssl2 - use SSLv2\n"); 127#endif 128#ifndef NO_SSL3 129 fprintf(stderr," -ssl3 - use SSLv3\n"); 130#endif 131#ifndef NO_TLS1 132 fprintf(stderr," -tls1 - use TLSv1\n"); 133#endif 134 fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); 135 fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); | 130#endif 131#ifndef NO_SSL2 132 fprintf(stderr," -ssl2 - use SSLv2\n"); 133#endif 134#ifndef NO_SSL3 135 fprintf(stderr," -ssl3 - use SSLv3\n"); 136#endif 137#ifndef NO_TLS1 138 fprintf(stderr," -tls1 - use TLSv1\n"); 139#endif 140 fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); 141 fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); |
| 136 fprintf(stderr," -cert arg - Certificate file\n"); 137 fprintf(stderr," -s_cert arg - Just the server certificate file\n"); 138 fprintf(stderr," -c_cert arg - Just the client certificate file\n"); | 142 fprintf(stderr," -cert arg - Server certificate file\n"); 143 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n"); 144 fprintf(stderr," -c_cert arg - Client certificate file\n"); 145 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n"); |
| 139 fprintf(stderr," -cipher arg - The cipher list\n"); 140 fprintf(stderr," -bio_pair - Use BIO pairs\n"); 141 fprintf(stderr," -f - Test even cases that can't work\n"); | 146 fprintf(stderr," -cipher arg - The cipher list\n"); 147 fprintf(stderr," -bio_pair - Use BIO pairs\n"); 148 fprintf(stderr," -f - Test even cases that can't work\n"); |
| 149 fprintf(stderr," -time - measure processor time used by client and server\n"); |
|
| 142 } 143 | 150 } 151 |
| 152static void print_details(SSL *c_ssl, const char *prefix) 153 { 154 SSL_CIPHER *ciph; 155 X509 *cert; 156 157 ciph=SSL_get_current_cipher(c_ssl); 158 BIO_printf(bio_stdout,"%s%s, cipher %s %s", 159 prefix, 160 SSL_get_version(c_ssl), 161 SSL_CIPHER_get_version(ciph), 162 SSL_CIPHER_get_name(ciph)); 163 cert=SSL_get_peer_certificate(c_ssl); 164 if (cert != NULL) 165 { 166 EVP_PKEY *pkey = X509_get_pubkey(cert); 167 if (pkey != NULL) 168 { 169 if (0) 170 ; 171#ifndef NO_RSA 172 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL 173 && pkey->pkey.rsa->n != NULL) 174 { 175 BIO_printf(bio_stdout, ", %d bit RSA", 176 BN_num_bits(pkey->pkey.rsa->n)); 177 } 178#endif 179#ifndef NO_DSA 180 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL 181 && pkey->pkey.dsa->p != NULL) 182 { 183 BIO_printf(bio_stdout, ", %d bit DSA", 184 BN_num_bits(pkey->pkey.dsa->p)); 185 } 186#endif 187 EVP_PKEY_free(pkey); 188 } 189 X509_free(cert); 190 } 191 /* The SSL API does not allow us to look at temporary RSA/DH keys, 192 * otherwise we should print their lengths too */ 193 BIO_printf(bio_stdout,"\n"); 194 } 195 |
|
| 144int main(int argc, char *argv[]) 145 { 146 char *CApath=NULL,*CAfile=NULL; 147 int badop=0; 148 int bio_pair=0; 149 int force=0; 150 int tls1=0,ssl2=0,ssl3=0,ret=1; 151 int client_auth=0; 152 int server_auth=0,i; 153 char *server_cert=TEST_SERVER_CERT; | 196int main(int argc, char *argv[]) 197 { 198 char *CApath=NULL,*CAfile=NULL; 199 int badop=0; 200 int bio_pair=0; 201 int force=0; 202 int tls1=0,ssl2=0,ssl3=0,ret=1; 203 int client_auth=0; 204 int server_auth=0,i; 205 char *server_cert=TEST_SERVER_CERT; |
| 206 char *server_key=NULL; |
|
| 154 char *client_cert=TEST_CLIENT_CERT; | 207 char *client_cert=TEST_CLIENT_CERT; |
| 208 char *client_key=NULL; |
|
| 155 SSL_CTX *s_ctx=NULL; 156 SSL_CTX *c_ctx=NULL; 157 SSL_METHOD *meth=NULL; 158 SSL *c_ssl,*s_ssl; 159 int number=1,reuse=0; 160 long bytes=1L; | 209 SSL_CTX *s_ctx=NULL; 210 SSL_CTX *c_ctx=NULL; 211 SSL_METHOD *meth=NULL; 212 SSL *c_ssl,*s_ssl; 213 int number=1,reuse=0; 214 long bytes=1L; |
| 161 SSL_CIPHER *ciph; 162 int dhe1024 = 0; | |
| 163#ifndef NO_DH 164 DH *dh; | 215#ifndef NO_DH 216 DH *dh; |
| 217 int dhe1024 = 0, dhe1024dsa = 0; |
|
| 165#endif | 218#endif |
| 219 int no_dhe = 0; 220 int print_time = 0; 221 clock_t s_time = 0, c_time = 0; |
|
| 166 | 222 |
| 223 verbose = 0; 224 debug = 0; 225 cipher = 0; 226 227 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 228 229 RAND_seed(rnd_seed, sizeof rnd_seed); 230 |
|
| 167 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 168 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); 169 | 231 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); 232 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); 233 |
| 170 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); 171 | |
| 172 argc--; 173 argv++; 174 175 while (argc >= 1) 176 { 177 if (strcmp(*argv,"-server_auth") == 0) 178 server_auth=1; 179 else if (strcmp(*argv,"-client_auth") == 0) 180 client_auth=1; 181 else if (strcmp(*argv,"-v") == 0) 182 verbose=1; 183 else if (strcmp(*argv,"-d") == 0) 184 debug=1; 185 else if (strcmp(*argv,"-reuse") == 0) 186 reuse=1; | 234 argc--; 235 argv++; 236 237 while (argc >= 1) 238 { 239 if (strcmp(*argv,"-server_auth") == 0) 240 server_auth=1; 241 else if (strcmp(*argv,"-client_auth") == 0) 242 client_auth=1; 243 else if (strcmp(*argv,"-v") == 0) 244 verbose=1; 245 else if (strcmp(*argv,"-d") == 0) 246 debug=1; 247 else if (strcmp(*argv,"-reuse") == 0) 248 reuse=1; |
| 249#ifndef NO_DH |
|
| 187 else if (strcmp(*argv,"-dhe1024") == 0) 188 dhe1024=1; | 250 else if (strcmp(*argv,"-dhe1024") == 0) 251 dhe1024=1; |
| 252 else if (strcmp(*argv,"-dhe1024dsa") == 0) 253 dhe1024dsa=1; 254#endif 255 else if (strcmp(*argv,"-no_dhe") == 0) 256 no_dhe=1; |
|
| 189 else if (strcmp(*argv,"-ssl2") == 0) 190 ssl2=1; 191 else if (strcmp(*argv,"-tls1") == 0) 192 tls1=1; 193 else if (strcmp(*argv,"-ssl3") == 0) 194 ssl3=1; 195 else if (strncmp(*argv,"-num",4) == 0) 196 { --- 15 unchanged lines hidden (view full) --- 212 if (--argc < 1) goto bad; 213 server_cert= *(++argv); 214 } 215 else if (strcmp(*argv,"-s_cert") == 0) 216 { 217 if (--argc < 1) goto bad; 218 server_cert= *(++argv); 219 } | 257 else if (strcmp(*argv,"-ssl2") == 0) 258 ssl2=1; 259 else if (strcmp(*argv,"-tls1") == 0) 260 tls1=1; 261 else if (strcmp(*argv,"-ssl3") == 0) 262 ssl3=1; 263 else if (strncmp(*argv,"-num",4) == 0) 264 { --- 15 unchanged lines hidden (view full) --- 280 if (--argc < 1) goto bad; 281 server_cert= *(++argv); 282 } 283 else if (strcmp(*argv,"-s_cert") == 0) 284 { 285 if (--argc < 1) goto bad; 286 server_cert= *(++argv); 287 } |
| 288 else if (strcmp(*argv,"-key") == 0) 289 { 290 if (--argc < 1) goto bad; 291 server_key= *(++argv); 292 } 293 else if (strcmp(*argv,"-s_key") == 0) 294 { 295 if (--argc < 1) goto bad; 296 server_key= *(++argv); 297 } |
|
| 220 else if (strcmp(*argv,"-c_cert") == 0) 221 { 222 if (--argc < 1) goto bad; 223 client_cert= *(++argv); 224 } | 298 else if (strcmp(*argv,"-c_cert") == 0) 299 { 300 if (--argc < 1) goto bad; 301 client_cert= *(++argv); 302 } |
| 303 else if (strcmp(*argv,"-c_key") == 0) 304 { 305 if (--argc < 1) goto bad; 306 client_key= *(++argv); 307 } |
|
| 225 else if (strcmp(*argv,"-cipher") == 0) 226 { 227 if (--argc < 1) goto bad; 228 cipher= *(++argv); 229 } 230 else if (strcmp(*argv,"-CApath") == 0) 231 { 232 if (--argc < 1) goto bad; --- 7 unchanged lines hidden (view full) --- 240 else if (strcmp(*argv,"-bio_pair") == 0) 241 { 242 bio_pair = 1; 243 } 244 else if (strcmp(*argv,"-f") == 0) 245 { 246 force = 1; 247 } | 308 else if (strcmp(*argv,"-cipher") == 0) 309 { 310 if (--argc < 1) goto bad; 311 cipher= *(++argv); 312 } 313 else if (strcmp(*argv,"-CApath") == 0) 314 { 315 if (--argc < 1) goto bad; --- 7 unchanged lines hidden (view full) --- 323 else if (strcmp(*argv,"-bio_pair") == 0) 324 { 325 bio_pair = 1; 326 } 327 else if (strcmp(*argv,"-f") == 0) 328 { 329 force = 1; 330 } |
| 331 else if (strcmp(*argv,"-time") == 0) 332 { 333 print_time = 1; 334 } |
|
| 248 else 249 { 250 fprintf(stderr,"unknown option %s\n",*argv); 251 badop=1; 252 break; 253 } 254 argc--; 255 argv++; 256 } 257 if (badop) 258 { 259bad: 260 sv_usage(); 261 goto end; 262 } 263 264 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 265 { | 335 else 336 { 337 fprintf(stderr,"unknown option %s\n",*argv); 338 badop=1; 339 break; 340 } 341 argc--; 342 argv++; 343 } 344 if (badop) 345 { 346bad: 347 sv_usage(); 348 goto end; 349 } 350 351 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) 352 { |
| 266 fprintf(stderr, "This case cannot work. Use -f switch to perform " 267 "the test anyway\n" 268 "(and -d to see what happens, " 269 "and -bio_pair to really make it happen :-)\n" 270 "or add one of -ssl2, -ssl3, -tls1, -reuse to " 271 "avoid protocol mismatch.\n"); | 353 fprintf(stderr, "This case cannot work. Use -f to perform " 354 "the test anyway (and\n-d to see what happens), " 355 "or add one of -ssl2, -ssl3, -tls1, -reuse\n" 356 "to avoid protocol mismatch.\n"); |
| 272 exit(1); 273 } 274 | 357 exit(1); 358 } 359 |
| 360 if (print_time) 361 { 362 if (!bio_pair) 363 { 364 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); 365 bio_pair = 1; 366 } 367 if (number < 50 && !force) 368 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); 369 } 370 |
|
| 275/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ 276 277 SSL_library_init(); 278 SSL_load_error_strings(); 279 280#if !defined(NO_SSL2) && !defined(NO_SSL3) 281 if (ssl2) 282 meth=SSLv2_method(); --- 23 unchanged lines hidden (view full) --- 306 307 if (cipher != NULL) 308 { 309 SSL_CTX_set_cipher_list(c_ctx,cipher); 310 SSL_CTX_set_cipher_list(s_ctx,cipher); 311 } 312 313#ifndef NO_DH | 371/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ 372 373 SSL_library_init(); 374 SSL_load_error_strings(); 375 376#if !defined(NO_SSL2) && !defined(NO_SSL3) 377 if (ssl2) 378 meth=SSLv2_method(); --- 23 unchanged lines hidden (view full) --- 402 403 if (cipher != NULL) 404 { 405 SSL_CTX_set_cipher_list(c_ctx,cipher); 406 SSL_CTX_set_cipher_list(s_ctx,cipher); 407 } 408 409#ifndef NO_DH |
| 314# ifndef NO_DSA 315 if (dhe1024) | 410 if (!no_dhe) |
| 316 { | 411 { |
| 317 DSA *dsa; 318 319 if (verbose) | 412 if (dhe1024dsa) |
| 320 { | 413 { |
| 321 fprintf(stdout, "Creating 1024 bit DHE parameters ..."); 322 fflush(stdout); | 414 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ 415 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); 416 dh=get_dh1024dsa(); |
| 323 } | 417 } |
| 324 325 dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL); 326 dh = DSA_dup_DH(dsa); 327 DSA_free(dsa); 328 /* important: SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ 329 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); 330 331 if (verbose) 332 fprintf(stdout, " done\n"); | 418 else if (dhe1024) 419 dh=get_dh1024(); 420 else 421 dh=get_dh512(); 422 SSL_CTX_set_tmp_dh(s_ctx,dh); 423 DH_free(dh); |
| 333 } | 424 } |
| 334 else 335# endif 336 dh=get_dh512(); 337 SSL_CTX_set_tmp_dh(s_ctx,dh); 338 DH_free(dh); | 425#else 426 (void)no_dhe; |
| 339#endif 340 341#ifndef NO_RSA 342 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 343#endif 344 345 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) 346 { 347 ERR_print_errors(bio_err); 348 } | 427#endif 428 429#ifndef NO_RSA 430 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); 431#endif 432 433 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) 434 { 435 ERR_print_errors(bio_err); 436 } |
| 349 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert, 350 SSL_FILETYPE_PEM)) | 437 else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 438 (server_key?server_key:server_cert), SSL_FILETYPE_PEM)) |
| 351 { 352 ERR_print_errors(bio_err); 353 goto end; 354 } 355 356 if (client_auth) 357 { 358 SSL_CTX_use_certificate_file(c_ctx,client_cert, 359 SSL_FILETYPE_PEM); | 439 { 440 ERR_print_errors(bio_err); 441 goto end; 442 } 443 444 if (client_auth) 445 { 446 SSL_CTX_use_certificate_file(c_ctx,client_cert, 447 SSL_FILETYPE_PEM); |
| 360 SSL_CTX_use_PrivateKey_file(c_ctx,client_cert, | 448 SSL_CTX_use_PrivateKey_file(c_ctx, 449 (client_key?client_key:client_cert), |
| 361 SSL_FILETYPE_PEM); 362 } 363 364 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || 365 (!SSL_CTX_set_default_verify_paths(s_ctx)) || 366 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || 367 (!SSL_CTX_set_default_verify_paths(c_ctx))) 368 { 369 /* fprintf(stderr,"SSL_load_verify_locations\n"); */ 370 ERR_print_errors(bio_err); 371 /* goto end; */ 372 } 373 374 if (client_auth) 375 { | 450 SSL_FILETYPE_PEM); 451 } 452 453 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || 454 (!SSL_CTX_set_default_verify_paths(s_ctx)) || 455 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || 456 (!SSL_CTX_set_default_verify_paths(c_ctx))) 457 { 458 /* fprintf(stderr,"SSL_load_verify_locations\n"); */ 459 ERR_print_errors(bio_err); 460 /* goto end; */ 461 } 462 463 if (client_auth) 464 { |
| 376 fprintf(stderr,"client authentication\n"); | 465 BIO_printf(bio_err,"client authentication\n"); |
| 377 SSL_CTX_set_verify(s_ctx, 378 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 379 verify_callback); 380 } 381 if (server_auth) 382 { | 466 SSL_CTX_set_verify(s_ctx, 467 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 468 verify_callback); 469 } 470 if (server_auth) 471 { |
| 383 fprintf(stderr,"server authentication\n"); | 472 BIO_printf(bio_err,"server authentication\n"); |
| 384 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, 385 verify_callback); 386 } | 473 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, 474 verify_callback); 475 } |
| 476 477 { 478 int session_id_context = 0; 479 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context); 480 } |
|
| 387 388 c_ssl=SSL_new(c_ctx); 389 s_ssl=SSL_new(s_ctx); 390 391 for (i=0; i<number; i++) 392 { 393 if (!reuse) SSL_set_session(c_ssl,NULL); 394 if (bio_pair) | 481 482 c_ssl=SSL_new(c_ctx); 483 s_ssl=SSL_new(s_ctx); 484 485 for (i=0; i<number; i++) 486 { 487 if (!reuse) SSL_set_session(c_ssl,NULL); 488 if (bio_pair) |
| 395 ret=doit_biopair(s_ssl,c_ssl,bytes); | 489 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time); |
| 396 else 397 ret=doit(s_ssl,c_ssl,bytes); 398 } 399 400 if (!verbose) 401 { | 490 else 491 ret=doit(s_ssl,c_ssl,bytes); 492 } 493 494 if (!verbose) 495 { |
| 402 ciph=SSL_get_current_cipher(c_ssl); 403 fprintf(stdout,"Protocol %s, cipher %s, %s\n", 404 SSL_get_version(c_ssl), 405 SSL_CIPHER_get_version(ciph), 406 SSL_CIPHER_get_name(ciph)); | 496 print_details(c_ssl, ""); |
| 407 } 408 if ((number > 1) || (bytes > 1L)) | 497 } 498 if ((number > 1) || (bytes > 1L)) |
| 409 printf("%d handshakes of %ld bytes done\n",number,bytes); | 499 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes); 500 if (print_time) 501 { 502#ifdef CLOCKS_PER_SEC 503 /* "To determine the time in seconds, the value returned 504 * by the clock function should be divided by the value 505 * of the macro CLOCKS_PER_SEC." 506 * -- ISO/IEC 9899 */ 507 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n" 508 "Approximate total client time: %6.2f s\n", 509 (double)s_time/CLOCKS_PER_SEC, 510 (double)c_time/CLOCKS_PER_SEC); 511#else 512 /* "`CLOCKS_PER_SEC' undeclared (first use this function)" 513 * -- cc on NeXTstep/OpenStep */ 514 BIO_printf(bio_stdout, 515 "Approximate total server time: %6.2f units\n" 516 "Approximate total client time: %6.2f units\n", 517 (double)s_time, 518 (double)c_time); 519#endif 520 } |
| 410 411 SSL_free(s_ssl); 412 SSL_free(c_ssl); 413 414end: 415 if (s_ctx != NULL) SSL_CTX_free(s_ctx); 416 if (c_ctx != NULL) SSL_CTX_free(c_ctx); 417 418 if (bio_stdout != NULL) BIO_free(bio_stdout); 419 420 ERR_free_strings(); 421 ERR_remove_state(0); 422 EVP_cleanup(); 423 CRYPTO_mem_leaks(bio_err); | 521 522 SSL_free(s_ssl); 523 SSL_free(c_ssl); 524 525end: 526 if (s_ctx != NULL) SSL_CTX_free(s_ctx); 527 if (c_ctx != NULL) SSL_CTX_free(c_ctx); 528 529 if (bio_stdout != NULL) BIO_free(bio_stdout); 530 531 ERR_free_strings(); 532 ERR_remove_state(0); 533 EVP_cleanup(); 534 CRYPTO_mem_leaks(bio_err); |
| 535 if (bio_err != NULL) BIO_free(bio_err); |
|
| 424 EXIT(ret); 425 } 426 | 536 EXIT(ret); 537 } 538 |
| 427int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count) | 539int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, 540 clock_t *s_time, clock_t *c_time) |
| 428 { 429 long cw_num = count, cr_num = count, sw_num = count, sr_num = count; 430 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; 431 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; | 541 { 542 long cw_num = count, cr_num = count, sw_num = count, sr_num = count; 543 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; 544 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL; |
| 432 SSL_CIPHER *ciph; | |
| 433 int ret = 1; 434 435 size_t bufsiz = 256; /* small buffer for testing */ 436 437 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) 438 goto err; 439 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) 440 goto err; --- 39 unchanged lines hidden (view full) --- 480 * of a single BIO pair, but then this code would be less 481 * suitable as an example for BIO pairs in general.] 482 * 483 * Useful functions for querying the state of BIO pair endpoints: 484 * 485 * BIO_ctrl_pending(bio) number of bytes we can read now 486 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil 487 * other side's read attempt | 545 int ret = 1; 546 547 size_t bufsiz = 256; /* small buffer for testing */ 548 549 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) 550 goto err; 551 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) 552 goto err; --- 39 unchanged lines hidden (view full) --- 592 * of a single BIO pair, but then this code would be less 593 * suitable as an example for BIO pairs in general.] 594 * 595 * Useful functions for querying the state of BIO pair endpoints: 596 * 597 * BIO_ctrl_pending(bio) number of bytes we can read now 598 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil 599 * other side's read attempt |
| 488 * BIO_ctrl_get_write_gurantee(bio) number of bytes we can write now | 600 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now |
| 489 * 490 * ..._read_request is never more than ..._write_guarantee; 491 * it depends on the application which one you should use. 492 */ 493 494 /* We have non-blocking behaviour throughout this test program, but 495 * can be sure that there is *some* progress in each iteration; so 496 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE 497 * -- we just try everything in each iteration 498 */ 499 500 { 501 /* CLIENT */ 502 503 MS_STATIC char cbuf[1024*8]; 504 int i, r; | 601 * 602 * ..._read_request is never more than ..._write_guarantee; 603 * it depends on the application which one you should use. 604 */ 605 606 /* We have non-blocking behaviour throughout this test program, but 607 * can be sure that there is *some* progress in each iteration; so 608 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE 609 * -- we just try everything in each iteration 610 */ 611 612 { 613 /* CLIENT */ 614 615 MS_STATIC char cbuf[1024*8]; 616 int i, r; |
| 617 clock_t c_clock = clock(); |
|
| 505 506 if (debug) 507 if (SSL_in_init(c_ssl)) 508 printf("client waiting in SSL_connect - %s\n", 509 SSL_state_string_long(c_ssl)); 510 511 if (cw_num > 0) 512 { 513 /* Write to server. */ 514 515 if (cw_num > (long)sizeof cbuf) 516 i = sizeof cbuf; 517 else 518 i = (int)cw_num; 519 r = BIO_write(c_ssl_bio, cbuf, i); | 618 619 if (debug) 620 if (SSL_in_init(c_ssl)) 621 printf("client waiting in SSL_connect - %s\n", 622 SSL_state_string_long(c_ssl)); 623 624 if (cw_num > 0) 625 { 626 /* Write to server. */ 627 628 if (cw_num > (long)sizeof cbuf) 629 i = sizeof cbuf; 630 else 631 i = (int)cw_num; 632 r = BIO_write(c_ssl_bio, cbuf, i); |
| 520 if (r == -1) | 633 if (r < 0) |
| 521 { 522 if (!BIO_should_retry(c_ssl_bio)) 523 { 524 fprintf(stderr,"ERROR in CLIENT\n"); 525 goto err; 526 } 527 /* BIO_should_retry(...) can just be ignored here. 528 * The library expects us to call BIO_write with --- 34 unchanged lines hidden (view full) --- 563 } 564 else 565 { 566 if (debug) 567 printf("client read %d\n", r); 568 cr_num -= r; 569 } 570 } | 634 { 635 if (!BIO_should_retry(c_ssl_bio)) 636 { 637 fprintf(stderr,"ERROR in CLIENT\n"); 638 goto err; 639 } 640 /* BIO_should_retry(...) can just be ignored here. 641 * The library expects us to call BIO_write with --- 34 unchanged lines hidden (view full) --- 676 } 677 else 678 { 679 if (debug) 680 printf("client read %d\n", r); 681 cr_num -= r; 682 } 683 } |
| 684 685 /* c_time and s_time increments will typically be very small 686 * (depending on machine speed and clock tick intervals), 687 * but sampling over a large number of connections should 688 * result in fairly accurate figures. We cannot guarantee 689 * a lot, however -- if each connection lasts for exactly 690 * one clock tick, it will be counted only for the client 691 * or only for the server or even not at all. 692 */ 693 *c_time += (clock() - c_clock); |
|
| 571 } 572 573 { 574 /* SERVER */ 575 576 MS_STATIC char sbuf[1024*8]; 577 int i, r; | 694 } 695 696 { 697 /* SERVER */ 698 699 MS_STATIC char sbuf[1024*8]; 700 int i, r; |
| 701 clock_t s_clock = clock(); |
|
| 578 579 if (debug) 580 if (SSL_in_init(s_ssl)) 581 printf("server waiting in SSL_accept - %s\n", 582 SSL_state_string_long(s_ssl)); 583 584 if (sw_num > 0) 585 { 586 /* Write to client. */ 587 588 if (sw_num > (long)sizeof sbuf) 589 i = sizeof sbuf; 590 else 591 i = (int)sw_num; 592 r = BIO_write(s_ssl_bio, sbuf, i); | 702 703 if (debug) 704 if (SSL_in_init(s_ssl)) 705 printf("server waiting in SSL_accept - %s\n", 706 SSL_state_string_long(s_ssl)); 707 708 if (sw_num > 0) 709 { 710 /* Write to client. */ 711 712 if (sw_num > (long)sizeof sbuf) 713 i = sizeof sbuf; 714 else 715 i = (int)sw_num; 716 r = BIO_write(s_ssl_bio, sbuf, i); |
| 593 if (r == -1) | 717 if (r < 0) |
| 594 { 595 if (!BIO_should_retry(s_ssl_bio)) 596 { 597 fprintf(stderr,"ERROR in SERVER\n"); 598 goto err; 599 } 600 /* Ignore "BIO_should_retry". */ 601 } --- 31 unchanged lines hidden (view full) --- 633 } 634 else 635 { 636 if (debug) 637 printf("server read %d\n", r); 638 sr_num -= r; 639 } 640 } | 718 { 719 if (!BIO_should_retry(s_ssl_bio)) 720 { 721 fprintf(stderr,"ERROR in SERVER\n"); 722 goto err; 723 } 724 /* Ignore "BIO_should_retry". */ 725 } --- 31 unchanged lines hidden (view full) --- 757 } 758 else 759 { 760 if (debug) 761 printf("server read %d\n", r); 762 sr_num -= r; 763 } 764 } |
| 765 766 *s_time += (clock() - s_clock); |
|
| 641 } 642 643 { 644 /* "I/O" BETWEEN CLIENT AND SERVER. */ 645 | 767 } 768 769 { 770 /* "I/O" BETWEEN CLIENT AND SERVER. */ 771 |
| 646#define RELAYBUFSIZ 200 647 static char buf[RELAYBUFSIZ]; 648 649 /* RELAYBUF is arbitrary. When writing data over some real 650 * network, use a buffer of the same size as in the BIO_pipe 651 * and make that size large (for reading from the network 652 * small buffers usually won't hurt). 653 * Here sizes differ for testing. */ 654 | |
| 655 size_t r1, r2; | 772 size_t r1, r2; |
| 656 size_t num; 657 int r; | 773 BIO *io1 = server_io, *io2 = client_io; 774 /* we use the non-copying interface for io1 775 * and the standard BIO_write/BIO_read interface for io2 776 */ 777 |
| 658 static int prev_progress = 1; 659 int progress = 0; 660 | 778 static int prev_progress = 1; 779 int progress = 0; 780 |
| 661 /* client to server */ | 781 /* io1 to io2 */ |
| 662 do 663 { | 782 do 783 { |
| 664 r1 = BIO_ctrl_pending(client_io); 665 r2 = BIO_ctrl_get_write_guarantee(server_io); | 784 size_t num; 785 int r; |
| 666 | 786 |
| 787 r1 = BIO_ctrl_pending(io1); 788 r2 = BIO_ctrl_get_write_guarantee(io2); 789 |
|
| 667 num = r1; 668 if (r2 < num) 669 num = r2; 670 if (num) 671 { | 790 num = r1; 791 if (r2 < num) 792 num = r2; 793 if (num) 794 { |
| 672 if (sizeof buf < num) 673 num = sizeof buf; | 795 char *dataptr; 796 |
| 674 if (INT_MAX < num) /* yeah, right */ 675 num = INT_MAX; 676 | 797 if (INT_MAX < num) /* yeah, right */ 798 num = INT_MAX; 799 |
| 677 r = BIO_read(client_io, buf, (int)num); | 800 r = BIO_nread(io1, &dataptr, (int)num); 801 assert(r > 0); 802 assert(r <= (int)num); 803 /* possibly r < num (non-contiguous data) */ 804 num = r; 805 r = BIO_write(io2, dataptr, (int)num); |
| 678 if (r != (int)num) /* can't happen */ 679 { | 806 if (r != (int)num) /* can't happen */ 807 { |
| 680 fprintf(stderr, "ERROR: BIO_read could not read " 681 "BIO_ctrl_pending() bytes"); 682 goto err; 683 } 684 r = BIO_write(server_io, buf, (int)num); 685 if (r != (int)num) /* can't happen */ 686 { | |
| 687 fprintf(stderr, "ERROR: BIO_write could not write " 688 "BIO_ctrl_get_write_guarantee() bytes"); 689 goto err; 690 } 691 progress = 1; 692 693 if (debug) | 808 fprintf(stderr, "ERROR: BIO_write could not write " 809 "BIO_ctrl_get_write_guarantee() bytes"); 810 goto err; 811 } 812 progress = 1; 813 814 if (debug) |
| 694 printf("C->S relaying: %d bytes\n", (int)num); | 815 printf((io1 == client_io) ? 816 "C->S relaying: %d bytes\n" : 817 "S->C relaying: %d bytes\n", 818 (int)num); |
| 695 } 696 } 697 while (r1 && r2); 698 | 819 } 820 } 821 while (r1 && r2); 822 |
| 699 /* server to client */ 700 do 701 { 702 r1 = BIO_ctrl_pending(server_io); 703 r2 = BIO_ctrl_get_write_guarantee(client_io); | 823 /* io2 to io1 */ 824 { 825 size_t num; 826 int r; |
| 704 | 827 |
| 828 r1 = BIO_ctrl_pending(io2); 829 r2 = BIO_ctrl_get_read_request(io1); 830 /* here we could use ..._get_write_guarantee instead of 831 * ..._get_read_request, but by using the latter 832 * we test restartability of the SSL implementation 833 * more thoroughly */ |
|
| 705 num = r1; 706 if (r2 < num) 707 num = r2; 708 if (num) 709 { | 834 num = r1; 835 if (r2 < num) 836 num = r2; 837 if (num) 838 { |
| 710 if (sizeof buf < num) 711 num = sizeof buf; | 839 char *dataptr; 840 |
| 712 if (INT_MAX < num) 713 num = INT_MAX; | 841 if (INT_MAX < num) 842 num = INT_MAX; |
| 843 844 if (num > 1) 845 --num; /* test restartability even more thoroughly */ |
|
| 714 | 846 |
| 715 r = BIO_read(server_io, buf, (int)num); | 847 r = BIO_nwrite(io1, &dataptr, (int)num); 848 assert(r > 0); 849 assert(r <= (int)num); 850 num = r; 851 r = BIO_read(io2, dataptr, (int)num); |
| 716 if (r != (int)num) /* can't happen */ 717 { 718 fprintf(stderr, "ERROR: BIO_read could not read " 719 "BIO_ctrl_pending() bytes"); 720 goto err; 721 } | 852 if (r != (int)num) /* can't happen */ 853 { 854 fprintf(stderr, "ERROR: BIO_read could not read " 855 "BIO_ctrl_pending() bytes"); 856 goto err; 857 } |
| 722 r = BIO_write(client_io, buf, (int)num); 723 if (r != (int)num) /* can't happen */ 724 { 725 fprintf(stderr, "ERROR: BIO_write could not write " 726 "BIO_ctrl_get_write_guarantee() bytes"); 727 goto err; 728 } | |
| 729 progress = 1; | 858 progress = 1; |
| 730 | 859 |
| 731 if (debug) | 860 if (debug) |
| 732 printf("S->C relaying: %d bytes\n", (int)num); | 861 printf((io2 == client_io) ? 862 "C->S relaying: %d bytes\n" : 863 "S->C relaying: %d bytes\n", 864 (int)num); |
| 733 } | 865 } |
| 734 } 735 while (r1 && r2); | 866 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ |
| 736 737 if (!progress && !prev_progress) 738 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) 739 { 740 fprintf(stderr, "ERROR: got stuck\n"); 741 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) 742 { 743 fprintf(stderr, "This can happen for SSL2 because " --- 9 unchanged lines hidden (view full) --- 753 fprintf(stderr, " ERROR.\n"); 754 goto err; 755 } 756 prev_progress = progress; 757 } 758 } 759 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); 760 | 867 868 if (!progress && !prev_progress) 869 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) 870 { 871 fprintf(stderr, "ERROR: got stuck\n"); 872 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) 873 { 874 fprintf(stderr, "This can happen for SSL2 because " --- 9 unchanged lines hidden (view full) --- 884 fprintf(stderr, " ERROR.\n"); 885 goto err; 886 } 887 prev_progress = progress; 888 } 889 } 890 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); 891 |
| 761 ciph = SSL_get_current_cipher(c_ssl); | |
| 762 if (verbose) | 892 if (verbose) |
| 763 fprintf(stdout,"DONE via BIO pair, protocol %s, cipher %s, %s\n", 764 SSL_get_version(c_ssl), 765 SSL_CIPHER_get_version(ciph), 766 SSL_CIPHER_get_name(ciph)); 767 end: | 893 print_details(c_ssl, "DONE via BIO pair: "); 894end: |
| 768 ret = 0; 769 770 err: 771 ERR_print_errors(bio_err); 772 773 if (server) 774 BIO_free(server); 775 if (server_io) --- 27 unchanged lines hidden (view full) --- 803 BIO *c_bio=NULL; 804 BIO *s_bio=NULL; 805 int c_r,c_w,s_r,s_w; 806 int c_want,s_want; 807 int i,j; 808 int done=0; 809 int c_write,s_write; 810 int do_server=0,do_client=0; | 895 ret = 0; 896 897 err: 898 ERR_print_errors(bio_err); 899 900 if (server) 901 BIO_free(server); 902 if (server_io) --- 27 unchanged lines hidden (view full) --- 930 BIO *c_bio=NULL; 931 BIO *s_bio=NULL; 932 int c_r,c_w,s_r,s_w; 933 int c_want,s_want; 934 int i,j; 935 int done=0; 936 int c_write,s_write; 937 int do_server=0,do_client=0; |
| 811 SSL_CIPHER *ciph; | |
| 812 813 c_to_s=BIO_new(BIO_s_mem()); 814 s_to_c=BIO_new(BIO_s_mem()); 815 if ((s_to_c == NULL) || (c_to_s == NULL)) 816 { 817 ERR_print_errors(bio_err); 818 goto err; 819 } --- 233 unchanged lines hidden (view full) --- 1053 done|=S_DONE; 1054 } 1055 } 1056 } 1057 1058 if ((done & S_DONE) && (done & C_DONE)) break; 1059 } 1060 | 938 939 c_to_s=BIO_new(BIO_s_mem()); 940 s_to_c=BIO_new(BIO_s_mem()); 941 if ((s_to_c == NULL) || (c_to_s == NULL)) 942 { 943 ERR_print_errors(bio_err); 944 goto err; 945 } --- 233 unchanged lines hidden (view full) --- 1179 done|=S_DONE; 1180 } 1181 } 1182 } 1183 1184 if ((done & S_DONE) && (done & C_DONE)) break; 1185 } 1186 |
| 1061 ciph=SSL_get_current_cipher(c_ssl); | |
| 1062 if (verbose) | 1187 if (verbose) |
| 1063 fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n", 1064 SSL_get_version(c_ssl), 1065 SSL_CIPHER_get_version(ciph), 1066 SSL_CIPHER_get_name(ciph)); | 1188 print_details(c_ssl, "DONE: "); |
| 1067 ret=0; 1068err: 1069 /* We have to set the BIO's to NULL otherwise they will be 1070 * Free()ed twice. Once when th s_ssl is SSL_free()ed and 1071 * again when c_ssl is SSL_free()ed. 1072 * This is a hack required because s_ssl and c_ssl are sharing the same 1073 * BIO structure and SSL_set_bio() and SSL_free() automatically 1074 * BIO_free non NULL entries. --- 11 unchanged lines hidden (view full) --- 1086 1087 if (c_to_s != NULL) BIO_free(c_to_s); 1088 if (s_to_c != NULL) BIO_free(s_to_c); 1089 if (c_bio != NULL) BIO_free_all(c_bio); 1090 if (s_bio != NULL) BIO_free_all(s_bio); 1091 return(ret); 1092 } 1093 | 1189 ret=0; 1190err: 1191 /* We have to set the BIO's to NULL otherwise they will be 1192 * Free()ed twice. Once when th s_ssl is SSL_free()ed and 1193 * again when c_ssl is SSL_free()ed. 1194 * This is a hack required because s_ssl and c_ssl are sharing the same 1195 * BIO structure and SSL_set_bio() and SSL_free() automatically 1196 * BIO_free non NULL entries. --- 11 unchanged lines hidden (view full) --- 1208 1209 if (c_to_s != NULL) BIO_free(c_to_s); 1210 if (s_to_c != NULL) BIO_free(s_to_c); 1211 if (c_bio != NULL) BIO_free_all(c_bio); 1212 if (s_bio != NULL) BIO_free_all(s_bio); 1213 return(ret); 1214 } 1215 |
| 1094int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) | 1216static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) |
| 1095 { 1096 char *s,buf[256]; 1097 1098 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); 1099 if (s != NULL) 1100 { 1101 if (ok) 1102 fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf); --- 11 unchanged lines hidden (view full) --- 1114 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1115 ok=1; 1116 } 1117 } 1118 1119 return(ok); 1120 } 1121 | 1217 { 1218 char *s,buf[256]; 1219 1220 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); 1221 if (s != NULL) 1222 { 1223 if (ok) 1224 fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf); --- 11 unchanged lines hidden (view full) --- 1236 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1237 ok=1; 1238 } 1239 } 1240 1241 return(ok); 1242 } 1243 |
| 1122#ifndef NO_DH 1123static unsigned char dh512_p[]={ 1124 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, 1125 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, 1126 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, 1127 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, 1128 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, 1129 0x47,0x74,0xE8,0x33, 1130 }; 1131static unsigned char dh512_g[]={ 1132 0x02, 1133 }; 1134 1135static DH *get_dh512(void) 1136 { 1137 DH *dh=NULL; 1138 1139 if ((dh=DH_new()) == NULL) return(NULL); 1140 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 1141 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 1142 if ((dh->p == NULL) || (dh->g == NULL)) 1143 return(NULL); 1144 return(dh); 1145 } 1146#endif 1147 | |
| 1148#ifndef NO_RSA 1149static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 1150 { 1151 static RSA *rsa_tmp=NULL; 1152 1153 if (rsa_tmp == NULL) 1154 { 1155 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 1156 (void)BIO_flush(bio_err); 1157 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); 1158 BIO_printf(bio_err,"\n"); 1159 (void)BIO_flush(bio_err); 1160 } 1161 return(rsa_tmp); 1162 } 1163#endif | 1244#ifndef NO_RSA 1245static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) 1246 { 1247 static RSA *rsa_tmp=NULL; 1248 1249 if (rsa_tmp == NULL) 1250 { 1251 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); 1252 (void)BIO_flush(bio_err); 1253 rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); 1254 BIO_printf(bio_err,"\n"); 1255 (void)BIO_flush(bio_err); 1256 } 1257 return(rsa_tmp); 1258 } 1259#endif |
| 1260 1261#ifndef NO_DH 1262/* These DH parameters have been generated as follows: 1263 * $ openssl dhparam -C -noout 512 1264 * $ openssl dhparam -C -noout 1024 1265 * $ openssl dhparam -C -noout -dsaparam 1024 1266 * (The third function has been renamed to avoid name conflicts.) 1267 */ 1268DH *get_dh512() 1269 { 1270 static unsigned char dh512_p[]={ 1271 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6, 1272 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0, 1273 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F, 1274 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8, 1275 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33, 1276 0x02,0xC5,0xAE,0x23, 1277 }; 1278 static unsigned char dh512_g[]={ 1279 0x02, 1280 }; 1281 DH *dh; 1282 1283 if ((dh=DH_new()) == NULL) return(NULL); 1284 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); 1285 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); 1286 if ((dh->p == NULL) || (dh->g == NULL)) 1287 { DH_free(dh); return(NULL); } 1288 return(dh); 1289 } 1290 1291DH *get_dh1024() 1292 { 1293 static unsigned char dh1024_p[]={ 1294 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A, 1295 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2, 1296 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0, 1297 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2, 1298 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C, 1299 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8, 1300 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52, 1301 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1, 1302 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1, 1303 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB, 1304 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53, 1305 }; 1306 static unsigned char dh1024_g[]={ 1307 0x02, 1308 }; 1309 DH *dh; 1310 1311 if ((dh=DH_new()) == NULL) return(NULL); 1312 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); 1313 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); 1314 if ((dh->p == NULL) || (dh->g == NULL)) 1315 { DH_free(dh); return(NULL); } 1316 return(dh); 1317 } 1318 1319DH *get_dh1024dsa() 1320 { 1321 static unsigned char dh1024_p[]={ 1322 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00, 1323 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19, 1324 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2, 1325 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55, 1326 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC, 1327 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97, 1328 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D, 1329 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB, 1330 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6, 1331 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E, 1332 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39, 1333 }; 1334 static unsigned char dh1024_g[]={ 1335 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05, 1336 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3, 1337 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9, 1338 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C, 1339 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65, 1340 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60, 1341 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6, 1342 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7, 1343 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1, 1344 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60, 1345 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2, 1346 }; 1347 DH *dh; 1348 1349 if ((dh=DH_new()) == NULL) return(NULL); 1350 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); 1351 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); 1352 if ((dh->p == NULL) || (dh->g == NULL)) 1353 { DH_free(dh); return(NULL); } 1354 dh->length = 160; 1355 return(dh); 1356 } 1357#endif |
|