Symaptic: os/ossrv/ssl/tsrc/ssl_test/src/ssltest.c@bde4ae8d615e (annotated)

sl@0	1	/* ssl/ssltest.c */
sl@0	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
sl@0	3	* All rights reserved.
sl@0	4	*
sl@0	5	* This package is an SSL implementation written
sl@0	6	* by Eric Young (eay@cryptsoft.com).
sl@0	7	* The implementation was written so as to conform with Netscapes SSL.
sl@0	8	*
sl@0	9	* This library is free for commercial and non-commercial use as long as
sl@0	10	* the following conditions are aheared to. The following conditions
sl@0	11	* apply to all code found in this distribution, be it the RC4, RSA,
sl@0	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
sl@0	13	* included with this distribution is covered by the same copyright terms
sl@0	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
sl@0	15	*
sl@0	16	* Copyright remains Eric Young's, and as such any Copyright notices in
sl@0	17	* the code are not to be removed.
sl@0	18	* If this package is used in a product, Eric Young should be given attribution
sl@0	19	* as the author of the parts of the library used.
sl@0	20	* This can be in the form of a textual message at program startup or
sl@0	21	* in documentation (online or textual) provided with the package.
sl@0	22	*
sl@0	23	* Redistribution and use in source and binary forms, with or without
sl@0	24	* modification, are permitted provided that the following conditions
sl@0	25	* are met:
sl@0	26	* 1. Redistributions of source code must retain the copyright
sl@0	27	* notice, this list of conditions and the following disclaimer.
sl@0	28	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	29	* notice, this list of conditions and the following disclaimer in the
sl@0	30	* documentation and/or other materials provided with the distribution.
sl@0	31	* 3. All advertising materials mentioning features or use of this software
sl@0	32	* must display the following acknowledgement:
sl@0	33	* "This product includes cryptographic software written by
sl@0	34	* Eric Young (eay@cryptsoft.com)"
sl@0	35	* The word 'cryptographic' can be left out if the rouines from the library
sl@0	36	* being used are not cryptographic related :-).
sl@0	37	* 4. If you include any Windows specific code (or a derivative thereof) from
sl@0	38	* the apps directory (application code) you must include an acknowledgement:
sl@0	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
sl@0	40	*
sl@0	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
sl@0	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
sl@0	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
sl@0	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
sl@0	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
sl@0	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
sl@0	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
sl@0	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
sl@0	51	* SUCH DAMAGE.
sl@0	52	*
sl@0	53	* The licence and distribution terms for any publically available version or
sl@0	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
sl@0	55	* copied and put under another distribution licence
sl@0	56	* [including the GNU Public Licence.]
sl@0	57	*/
sl@0	58	/* ====================================================================
sl@0	59	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
sl@0	60	*
sl@0	61	* Redistribution and use in source and binary forms, with or without
sl@0	62	* modification, are permitted provided that the following conditions
sl@0	63	* are met:
sl@0	64	*
sl@0	65	* 1. Redistributions of source code must retain the above copyright
sl@0	66	* notice, this list of conditions and the following disclaimer.
sl@0	67	*
sl@0	68	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	69	* notice, this list of conditions and the following disclaimer in
sl@0	70	* the documentation and/or other materials provided with the
sl@0	71	* distribution.
sl@0	72	*
sl@0	73	* 3. All advertising materials mentioning features or use of this
sl@0	74	* software must display the following acknowledgment:
sl@0	75	* "This product includes software developed by the OpenSSL Project
sl@0	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
sl@0	77	*
sl@0	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	79	* endorse or promote products derived from this software without
sl@0	80	* prior written permission. For written permission, please contact
sl@0	81	* openssl-core@openssl.org.
sl@0	82	*
sl@0	83	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	84	* nor may "OpenSSL" appear in their names without prior written
sl@0	85	* permission of the OpenSSL Project.
sl@0	86	*
sl@0	87	* 6. Redistributions of any form whatsoever must retain the following
sl@0	88	* acknowledgment:
sl@0	89	* "This product includes software developed by the OpenSSL Project
sl@0	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
sl@0	91	*
sl@0	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	104	* ====================================================================
sl@0	105	*
sl@0	106	* This product includes cryptographic software written by Eric Young
sl@0	107	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	108	* Hudson (tjh@cryptsoft.com).
sl@0	109	*
sl@0	110	*/
sl@0	111	/* ====================================================================
sl@0	112	* Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
sl@0	113	* ECC cipher suite support in OpenSSL originally developed by
sl@0	114	* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
sl@0	115	*/
sl@0	116	/*
sl@0	117	© Portions copyright (c) 2006, 2010 Nokia Corporation. All rights reserved.
sl@0	118	*/
sl@0	119
sl@0	120	#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
sl@0	121	on Linux and GNU platforms. */
sl@0	122
sl@0	123	#include <assert.h>
sl@0	124	#include <errno.h>
sl@0	125	#include <limits.h>
sl@0	126	#include <stdio.h>
sl@0	127	#include <stdlib.h>
sl@0	128	#include <string.h>
sl@0	129	#include <time.h>
sl@0	130	#include <dirent.h>
sl@0	131	#include <sys/stat.h>
sl@0	132
sl@0	133	#define USE_SOCKETS
sl@0	134	#ifndef SYMBIAN
sl@0	135	#include "../e_os.h"
sl@0	136	#else
sl@0	137	#include "e_os.h"
sl@0	138	#endif
sl@0	139	#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
sl@0	140	VMS (at least with DECompHP C). */
sl@0	141	#include <ctype.h>
sl@0	142
sl@0	143	#include <openssl/bio.h>
sl@0	144	#include <openssl/crypto.h>
sl@0	145	#include <openssl/evp.h>
sl@0	146	#include <openssl/x509.h>
sl@0	147	#include <openssl/x509v3.h>
sl@0	148	#include <openssl/ssl.h>
sl@0	149	#ifndef OPENSSL_NO_ENGINE
sl@0	150	#include <openssl/engine.h>
sl@0	151	#endif
sl@0	152	#include <openssl/err.h>
sl@0	153	#include <openssl/rand.h>
sl@0	154	#ifndef OPENSSL_NO_RSA
sl@0	155	#include <openssl/rsa.h>
sl@0	156	#endif
sl@0	157	#ifndef OPENSSL_NO_DSA
sl@0	158	#include <openssl/dsa.h>
sl@0	159	#endif
sl@0	160	#ifndef OPENSSL_NO_DH
sl@0	161	#include <openssl/dh.h>
sl@0	162	#endif
sl@0	163	#include <openssl/bn.h>
sl@0	164
sl@0	165	#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
sl@0	166	on Compaq platforms (at least with DEC C).
sl@0	167	Do not try to put it earlier, or IPv6 includes
sl@0	168	get screwed...
sl@0	169	*/
sl@0	170
sl@0	171	#ifdef OPENSSL_SYS_WINDOWS
sl@0	172	#include <winsock.h>
sl@0	173	#else
sl@0	174	#include OPENSSL_UNISTD
sl@0	175	#endif
sl@0	176
sl@0	177	#ifdef OPENSSL_SYS_VMS
sl@0	178	# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
sl@0	179	# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
sl@0	180	#elif defined(OPENSSL_SYS_WINCE)
sl@0	181	# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
sl@0	182	# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
sl@0	183	#elif defined(OPENSSL_SYS_NETWARE)
sl@0	184	# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
sl@0	185	# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
sl@0	186	#elif defined(SYMBIAN)
sl@0	187	# define TEST_SERVER_CERT "c:\\server.pem"
sl@0	188	# define TEST_CLIENT_CERT "c:\\client.pem"
sl@0	189	#else
sl@0	190	# define TEST_SERVER_CERT "../apps/server.pem"
sl@0	191	# define TEST_CLIENT_CERT "../apps/client.pem"
sl@0	192	#endif
sl@0	193
sl@0	194	/* There is really no standard for this, so let's assign some tentative
sl@0	195	numbers. In any case, these numbers are only for this test */
sl@0	196	#define COMP_RLE 255
sl@0	197	#define COMP_ZLIB 1
sl@0	198
sl@0	199	static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
sl@0	200	#ifndef OPENSSL_NO_RSA
sl@0	201	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export,int keylength);
sl@0	202	static void free_tmp_rsa(void);
sl@0	203	#endif
sl@0	204	static int MS_CALLBACK app_verify_callback(X509_STORE_CTX ctx, void arg);
sl@0	205	#define APP_CALLBACK_STRING "Test Callback Argument"
sl@0	206	struct app_verify_arg
sl@0	207	{
sl@0	208	char *string;
sl@0	209	int app_verify;
sl@0	210	int allow_proxy_certs;
sl@0	211	char *proxy_auth;
sl@0	212	char *proxy_cond;
sl@0	213	};
sl@0	214
sl@0	215	#ifndef OPENSSL_NO_DH
sl@0	216	static DH *get_dh512(void);
sl@0	217	static DH *get_dh1024(void);
sl@0	218	static DH *get_dh1024dsa(void);
sl@0	219	#endif
sl@0	220
sl@0	221	static BIO *bio_err=NULL;
sl@0	222	static BIO *bio_stdout=NULL;
sl@0	223
sl@0	224	static char *cipher=NULL;
sl@0	225	static int verbose=0;
sl@0	226	static int debug=0;
sl@0	227	#if 0
sl@0	228	/* Not used yet. */
sl@0	229	#ifdef FIONBIO
sl@0	230	static int s_nbio=0;
sl@0	231	#endif
sl@0	232	#endif
sl@0	233
sl@0	234	#ifdef SYMBIAN
sl@0	235
sl@0	236	FILE *fp_stdout;
sl@0	237	FILE *fp_stderr;
sl@0	238	FILE *fp_stdin;
sl@0	239
sl@0	240	#define LOG_STDOUT "c:\\file_stdout"
sl@0	241	#define LOG_STDIN "c:\\file_stdin"
sl@0	242	#define LOG_STDERR "c:\\file_stderr"
sl@0	243
sl@0	244	#endif
sl@0	245
sl@0	246	// This function is used to generate the xml file used bt ATS
sl@0	247	void testResultXml(char *filename,int retval)
sl@0	248	{
sl@0	249	char time_buf[50];
sl@0	250
sl@0	251	char result[10];
sl@0	252
sl@0	253	char xmlfilename[256];
sl@0	254
sl@0	255	time_t t = time(NULL);
sl@0	256
sl@0	257	struct tm *tm1 = localtime(&t);
sl@0	258
sl@0	259	char *atsinitmsg = "<test-report>\n\t<test-batch>";
sl@0	260
sl@0	261	char *atsbatchinit1 = \
sl@0	262	"\n\t\t<batch-init>\
sl@0	263	\n\t\t\t<description></description>\
sl@0	264	\n\t\t\t<date>";
sl@0	265
sl@0	266	char *atsbatchinit2 = "</date>\
sl@0	267	\n\t\t\t<factory>NA</factory>\
sl@0	268	\n\t\t\t<component>\
sl@0	269	\n\t\t\t\t<name>NA</name>\
sl@0	270	\n\t\t\t\t<version>NA</version>\
sl@0	271	\n\t\t\t</component>\
sl@0	272	\n\t\t</batch-init>";
sl@0	273
sl@0	274	char *atsbatchresult= \
sl@0	275	"\n\t\t<batch-result>\
sl@0	276	\n\t\t\t<run-time>00:00:00</run-time>\
sl@0	277	\n\t\t</batch-result>";
sl@0	278
sl@0	279	char *atsclosemsg = \
sl@0	280	"\n\t</test-batch>\
sl@0	281	\n</test-report>\n ";
sl@0	282
sl@0	283	char *atstestinit = "\n\t\t<test-case time-stamp=\"00:00:00\">";
sl@0	284
sl@0	285
sl@0	286	char *atscaseinit1 = \
sl@0	287	"\n\t\t\t<case-init>\
sl@0	288	\n\t\t\t\t<version></version>\
sl@0	289	\n\t\t\t\t<id>";
sl@0	290
sl@0	291	char *atscaseinit2 = "</id>\
sl@0	292	\n\t\t\t\t<expected-result description=\"\">0</expected-result>\
sl@0	293	\n\t\t\t</case-init>";
sl@0	294
sl@0	295	char *atscaseresult1= \
sl@0	296	"\n\t\t\t<case-result status=\"";
sl@0	297
sl@0	298	char *atscaseresult2= "\">\
sl@0	299	\n\t\t\t\t<actual-result>0</actual-result>\
sl@0	300	\n\t\t\t\t<run-time>00:00:00</run-time>\
sl@0	301	\n\t\t\t</case-result>";
sl@0	302
sl@0	303	char *atstestclose = "\n\t\t</test-case>";
sl@0	304
sl@0	305	DIR *dir;
sl@0	306	FILE *fp;
sl@0	307
sl@0	308	dir = opendir("c:\\spd_logs");
sl@0	309	if(!dir)
sl@0	310	mkdir("c:\\spd_logs",0777);
sl@0	311
sl@0	312	dir = opendir("c:\\spd_logs\\xml");
sl@0	313	if(!dir)
sl@0	314	mkdir("c:\\spd_logs\\xml",0777);
sl@0	315
sl@0	316	// create the xml file name
sl@0	317	strcpy(xmlfilename,"c:/spd_logs/xml/");
sl@0	318	strcat(xmlfilename,filename);
sl@0	319	strcat(xmlfilename,".xml");
sl@0	320
sl@0	321	strftime(time_buf,50,"%c",tm1);
sl@0	322
sl@0	323	if(retval)
sl@0	324	strcpy(result,"FAILED");
sl@0	325	else
sl@0	326	strcpy(result,"PASSED");
sl@0	327
sl@0	328	fp = fopen(xmlfilename,"w");
sl@0	329
sl@0	330	if(fp)
sl@0	331	{
sl@0	332	fprintf(fp,"%s%s%s%s%s%s%s%s%s%s%s%s%s%s",atsinitmsg,atsbatchinit1,time_buf,atsbatchinit2,atstestinit,
sl@0	333	atscaseinit1,filename,atscaseinit2,atscaseresult1,result,atscaseresult2,
sl@0	334	atstestclose,atsbatchresult,atsclosemsg);
sl@0	335
sl@0	336	fclose(fp);
sl@0	337	}
sl@0	338	}
sl@0	339
sl@0	340
sl@0	341	static const char rnd_seed[] = "string to make the random number generator think it has entropy";
sl@0	342
sl@0	343	int doit_biopair(SSL s_ssl,SSL c_ssl,long bytes,clock_t s_time,clock_t c_time);
sl@0	344	int doit(SSL s_ssl,SSL c_ssl,long bytes);
sl@0	345	static int do_test_cipherlist(void);
sl@0	346	static void sv_usage(void)
sl@0	347	{
sl@0	348	fprintf(stderr,"usage: ssltest [args ...]\n");
sl@0	349	fprintf(stderr,"\n");
sl@0	350	fprintf(stderr," -server_auth - check server certificate\n");
sl@0	351	fprintf(stderr," -client_auth - do client authentication\n");
sl@0	352	fprintf(stderr," -symstore <symfile> - symbian store certificates\n");
sl@0	353	fprintf(stderr," -proxy - allow proxy certificates\n");
sl@0	354	fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
sl@0	355	fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
sl@0	356	fprintf(stderr," -v - more output\n");
sl@0	357	fprintf(stderr," -d - debug output\n");
sl@0	358	fprintf(stderr," -reuse - use session-id reuse\n");
sl@0	359	fprintf(stderr," -num <val> - number of connections to perform\n");
sl@0	360	fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
sl@0	361	#ifndef OPENSSL_NO_DH
sl@0	362	fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
sl@0	363	fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
sl@0	364	fprintf(stderr," -no_dhe - disable DHE\n");
sl@0	365	#endif
sl@0	366	#ifndef OPENSSL_NO_ECDH
sl@0	367	fprintf(stderr," -no_ecdhe - disable ECDHE\n");
sl@0	368	#endif
sl@0	369	#ifndef OPENSSL_NO_SSL2
sl@0	370	fprintf(stderr," -ssl2 - use SSLv2\n");
sl@0	371	#endif
sl@0	372	#ifndef OPENSSL_NO_SSL3
sl@0	373	fprintf(stderr," -ssl3 - use SSLv3\n");
sl@0	374	#endif
sl@0	375	#ifndef OPENSSL_NO_TLS1
sl@0	376	fprintf(stderr," -tls1 - use TLSv1\n");
sl@0	377	#endif
sl@0	378	fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
sl@0	379	fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
sl@0	380	fprintf(stderr," -cert arg - Server certificate file\n");
sl@0	381	fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
sl@0	382	fprintf(stderr," -c_cert arg - Client certificate file\n");
sl@0	383	fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
sl@0	384	fprintf(stderr," -cipher arg - The cipher list\n");
sl@0	385	fprintf(stderr," -bio_pair - Use BIO pairs\n");
sl@0	386	fprintf(stderr," -f - Test even cases that can't work\n");
sl@0	387	fprintf(stderr," -time - measure processor time used by client and server\n");
sl@0	388	fprintf(stderr," -zlib - use zlib compression\n");
sl@0	389	fprintf(stderr," -rle - use rle compression\n");
sl@0	390	#ifndef OPENSSL_NO_ECDH
sl@0	391	fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
sl@0	392	" Use \"openssl ecparam -list_curves\" for all names\n" \
sl@0	393	" (default is sect163r2).\n");
sl@0	394	#endif
sl@0	395	fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
sl@0	396
sl@0	397	}
sl@0	398
sl@0	399	static void print_details(SSL c_ssl, const char prefix)
sl@0	400	{
sl@0	401	SSL_CIPHER *ciph;
sl@0	402	X509 *cert;
sl@0	403
sl@0	404	ciph=SSL_get_current_cipher(c_ssl);
sl@0	405	BIO_printf(bio_stdout,"%s%s, cipher %s %s",
sl@0	406	prefix,
sl@0	407	SSL_get_version(c_ssl),
sl@0	408	SSL_CIPHER_get_version(ciph),
sl@0	409	SSL_CIPHER_get_name(ciph));
sl@0	410	cert=SSL_get_peer_certificate(c_ssl);
sl@0	411	if (cert != NULL)
sl@0	412	{
sl@0	413	EVP_PKEY *pkey = X509_get_pubkey(cert);
sl@0	414	if (pkey != NULL)
sl@0	415	{
sl@0	416	if (0)
sl@0	417	;
sl@0	418	#ifndef OPENSSL_NO_RSA
sl@0	419	else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
sl@0	420	&& pkey->pkey.rsa->n != NULL)
sl@0	421	{
sl@0	422	BIO_printf(bio_stdout, ", %d bit RSA",
sl@0	423	BN_num_bits(pkey->pkey.rsa->n));
sl@0	424	}
sl@0	425	#endif
sl@0	426	#ifndef OPENSSL_NO_DSA
sl@0	427	else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
sl@0	428	&& pkey->pkey.dsa->p != NULL)
sl@0	429	{
sl@0	430	BIO_printf(bio_stdout, ", %d bit DSA",
sl@0	431	BN_num_bits(pkey->pkey.dsa->p));
sl@0	432	}
sl@0	433	#endif
sl@0	434	EVP_PKEY_free(pkey);
sl@0	435	}
sl@0	436	X509_free(cert);
sl@0	437	}
sl@0	438	/* The SSL API does not allow us to look at temporary RSA/DH keys,
sl@0	439	* otherwise we should print their lengths too */
sl@0	440	BIO_printf(bio_stdout,"\n");
sl@0	441	}
sl@0	442
sl@0	443	static void lock_dbg_cb(int mode, int type, const char *file, int line)
sl@0	444	{
sl@0	445	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
sl@0	446	const char *errstr = NULL;
sl@0	447	int rw;
sl@0	448
sl@0	449	rw = mode & (CRYPTO_READ\|CRYPTO_WRITE);
sl@0	450	if (!((rw == CRYPTO_READ) \|\| (rw == CRYPTO_WRITE)))
sl@0	451	{
sl@0	452	errstr = "invalid mode";
sl@0	453	goto err;
sl@0	454	}
sl@0	455
sl@0	456	if (type < 0 \|\| type >= CRYPTO_NUM_LOCKS)
sl@0	457	{
sl@0	458	errstr = "type out of bounds";
sl@0	459	goto err;
sl@0	460	}
sl@0	461
sl@0	462	if (mode & CRYPTO_LOCK)
sl@0	463	{
sl@0	464	if (modes[type])
sl@0	465	{
sl@0	466	errstr = "already locked";
sl@0	467	/* must not happen in a single-threaded program
sl@0	468	* (would deadlock) */
sl@0	469	goto err;
sl@0	470	}
sl@0	471
sl@0	472	modes[type] = rw;
sl@0	473	}
sl@0	474	else if (mode & CRYPTO_UNLOCK)
sl@0	475	{
sl@0	476	if (!modes[type])
sl@0	477	{
sl@0	478	errstr = "not locked";
sl@0	479	goto err;
sl@0	480	}
sl@0	481
sl@0	482	if (modes[type] != rw)
sl@0	483	{
sl@0	484	errstr = (rw == CRYPTO_READ) ?
sl@0	485	"CRYPTO_r_unlock on write lock" :
sl@0	486	"CRYPTO_w_unlock on read lock";
sl@0	487	}
sl@0	488
sl@0	489	modes[type] = 0;
sl@0	490	}
sl@0	491	else
sl@0	492	{
sl@0	493	errstr = "invalid mode";
sl@0	494	goto err;
sl@0	495	}
sl@0	496
sl@0	497	err:
sl@0	498	if (errstr)
sl@0	499	{
sl@0	500	/* we cannot use bio_err here */
sl@0	501	fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
sl@0	502	errstr, mode, type, file, line);
sl@0	503	}
sl@0	504	}
sl@0	505
sl@0	506
sl@0	507	//-----------------------------------------------------------------------------
sl@0	508	//function function for destroying argv
sl@0	509	//-----------------------------------------------------------------------------
sl@0	510	void DeleteArgs(char ** cmd_line,int argc)
sl@0	511	{
sl@0	512	int i;
sl@0	513	for(i=0;i<argc;i++) free(cmd_line[i]);
sl@0	514
sl@0	515	free(cmd_line);
sl@0	516	}
sl@0	517
sl@0	518
sl@0	519
sl@0	520	char** create_params(char ip_str,int argc)
sl@0	521	{
sl@0	522	char *paramets[25];
sl@0	523	char **cmd_line=NULL;
sl@0	524	char str=NULL,ptr=NULL;
sl@0	525	int len=0,cnt=0,i=0;
sl@0	526
sl@0	527	//int* p = (int*) User::Alloc(10);
sl@0	528
sl@0	529	str=ip_str;
sl@0	530
sl@0	531	while(str)
sl@0	532	{
sl@0	533	ptr=strchr(str,' ');
sl@0	534	if(ptr)
sl@0	535	{
sl@0	536	len = ptr-str;
sl@0	537	paramets[cnt]=(char )malloc(sizeof(char)len+1);
sl@0	538	if(paramets[cnt])
sl@0	539	{
sl@0	540	strncpy(paramets[cnt],str,len);
sl@0	541	paramets[cnt][len]='\0';
sl@0	542	}
sl@0	543	cnt++;
sl@0	544	str+= len + 1;
sl@0	545	}
sl@0	546	else
sl@0	547	{
sl@0	548	//malloc(16);
sl@0	549	len = strlen(str);
sl@0	550	paramets[cnt]=(char )malloc(sizeof(char)len+1);
sl@0	551	if(paramets[cnt])
sl@0	552	strcpy(paramets[cnt],str);
sl@0	553	cnt++;
sl@0	554	break;
sl@0	555	}
sl@0	556
sl@0	557	}
sl@0	558
sl@0	559	if(cnt)
sl@0	560	cmd_line=(char *)malloc(cntsizeof(char *));
sl@0	561	for(i=0;i<cnt;i++)
sl@0	562	cmd_line[i]=paramets[i];
sl@0	563	*argc=cnt;
sl@0	564	return cmd_line;
sl@0	565
sl@0	566
sl@0	567	}
sl@0	568
sl@0	569	#ifdef SYMBIAN
sl@0	570	int testssl_init(void)
sl@0	571	{
sl@0	572	//fp_stdout = fopen(LOG_STDOUT,"w+");
sl@0	573	fp_stdout = freopen(LOG_STDOUT,"a",stdout);
sl@0	574	if(!fp_stdout)
sl@0	575	return 1;
sl@0	576	//fp_stderr = fopen(LOG_STDERR,"w+");
sl@0	577	fp_stderr = freopen(LOG_STDERR,"a",stderr);
sl@0	578	if(!fp_stderr)
sl@0	579	return 1;
sl@0	580	fp_stdin = freopen(LOG_STDIN,"a",stdin);
sl@0	581	//fp_stdin = fopen(LOG_STDIN,"a");
sl@0	582	if(!fp_stdin)
sl@0	583	return 1;
sl@0	584	return 0;
sl@0	585	}
sl@0	586
sl@0	587	void testssl_deinit(void)
sl@0	588	{
sl@0	589	fclose(fp_stdout);
sl@0	590	fclose(fp_stdin);
sl@0	591	fclose(fp_stderr);
sl@0	592	}
sl@0	593
sl@0	594	int main(int argc, char *argv[])
sl@0	595	{
sl@0	596
sl@0	597
sl@0	598	int ret;
sl@0	599	int i = 0;
sl@0	600
sl@0	601	char ssltestnum[25];
sl@0	602
sl@0	603	if(testssl_init())
sl@0	604	return 1;
sl@0	605
sl@0	606	fprintf(stdout,"\n");
sl@0	607	for(i=0;i<argc;i++)
sl@0	608	{
sl@0	609	fprintf(stdout,"%s ",argv[i]);
sl@0	610	fprintf(stderr,"%s ",argv[i]);
sl@0	611	}
sl@0	612	fprintf(stdout,"\n");
sl@0	613	fprintf(stderr,"\n");
sl@0	614
sl@0	615	strcpy(ssltestnum,argv[1]);
sl@0	616
sl@0	617	argv += 2;
sl@0	618	argc -= 2;
sl@0	619
sl@0	620	ret = ssl_main(argc,argv);
sl@0	621
sl@0	622	//Call routine to write XML file here depending on ret value.
sl@0	623	testResultXml(ssltestnum, ret);
sl@0	624	testssl_deinit();
sl@0	625
sl@0	626	return ret;
sl@0	627	}
sl@0	628	#endif /* IF_DEF SYMBIAN */
sl@0	629
sl@0	630
sl@0	631	#ifndef SYMBIAN
sl@0	632	int main(int argc, char *argv[])
sl@0	633	#else
sl@0	634	int ssl_main(int argc, char *argv[])
sl@0	635	//int main(int argc, char *argv[])
sl@0	636	#endif
sl@0	637	{
sl@0	638	char CApath=NULL,CAfile=NULL;
sl@0	639	int badop=0;
sl@0	640	int bio_pair=0;
sl@0	641	int force=0;
sl@0	642	int tls1=0,ssl2=0,ssl3=0,ret=1;
sl@0	643	int client_auth=0;
sl@0	644	int server_auth=0,i;
sl@0	645	int sym_store=0;
sl@0	646	struct app_verify_arg app_verify_arg =
sl@0	647	{ APP_CALLBACK_STRING, 0, 0, NULL, NULL };
sl@0	648	char *server_cert=TEST_SERVER_CERT;
sl@0	649	char *server_key=NULL;
sl@0	650	char *client_cert=TEST_CLIENT_CERT;
sl@0	651	char *client_key=NULL;
sl@0	652	char *symfile = NULL;
sl@0	653	int ret_match = 0;
sl@0	654	BIO *io = NULL;
sl@0	655	X509_INFO *x509_info = NULL;
sl@0	656	STACK_OF(X509_INFO) *x509_inf_st =NULL;
sl@0	657	X509_STORE_CTX st_ctx;
sl@0	658	STACK_OF(X509)* x509_sk = sk_X509_new_null();
sl@0	659	#ifndef OPENSSL_NO_ECDH
sl@0	660	char *named_curve = NULL;
sl@0	661	#endif
sl@0	662	SSL_CTX *s_ctx=NULL;
sl@0	663	SSL_CTX *c_ctx=NULL;
sl@0	664	SSL_METHOD *meth=NULL;
sl@0	665	SSL c_ssl,s_ssl;
sl@0	666	int number=1,reuse=0;
sl@0	667	long bytes=256L;
sl@0	668	#ifndef OPENSSL_NO_DH
sl@0	669	DH *dh;
sl@0	670	int dhe1024 = 0, dhe1024dsa = 0;
sl@0	671	#endif
sl@0	672	#ifndef OPENSSL_NO_ECDH
sl@0	673	EC_KEY *ecdh = NULL;
sl@0	674	#endif
sl@0	675	int no_dhe = 0;
sl@0	676	int no_ecdhe = 0;
sl@0	677	int print_time = 0;
sl@0	678	clock_t s_time = 0, c_time = 0;
sl@0	679	int comp = 0;
sl@0	680	#ifndef OPENSSL_NO_COMP
sl@0	681	COMP_METHOD *cm = NULL;
sl@0	682	#endif
sl@0	683	STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
sl@0	684	int test_cipherlist = 0;
sl@0	685	char KDefinion[]="After";
sl@0	686	char KData[]="Main";
sl@0	687
sl@0	688	verbose = 0;
sl@0	689	debug = 0;
sl@0	690	cipher = 0;
sl@0	691
sl@0	692
sl@0	693	//libcrypto_Init();
sl@0	694
sl@0	695	SSL_library_init();
sl@0	696
sl@0	697	SSL_load_error_strings();
sl@0	698
sl@0	699	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
sl@0	700
sl@0	701	CRYPTO_set_locking_callback(lock_dbg_cb);
sl@0	702
sl@0	703	/* enable memory leak checking unless explicitly disabled */
sl@0	704	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
sl@0	705	{
sl@0	706	CRYPTO_malloc_debug_init();
sl@0	707	CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
sl@0	708	}
sl@0	709	else
sl@0	710	{
sl@0	711	/* OPENSSL_DEBUG_MEMORY=off */
sl@0	712	CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
sl@0	713	}
sl@0	714	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
sl@0	715
sl@0	716	RAND_seed(rnd_seed, sizeof rnd_seed);
sl@0	717
sl@0	718	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
sl@0	719
sl@0	720
sl@0	721	#ifndef SYMBIAN
sl@0	722	argc--;
sl@0	723	argv++;
sl@0	724	#endif
sl@0	725
sl@0	726	while (argc >= 1)
sl@0	727	{
sl@0	728	if (strcmp(*argv,"-server_auth") == 0)
sl@0	729	server_auth=1;
sl@0	730	else if (strcmp(*argv,"-client_auth") == 0)
sl@0	731	client_auth=1;
sl@0	732	else if (strcmp(*argv,"-proxy_auth") == 0)
sl@0	733	{
sl@0	734	if (--argc < 1) goto bad;
sl@0	735	app_verify_arg.proxy_auth= *(++argv);
sl@0	736	}
sl@0	737	else if (strcmp(*argv,"-proxy_cond") == 0)
sl@0	738	{
sl@0	739	if (--argc < 1) goto bad;
sl@0	740	app_verify_arg.proxy_cond= *(++argv);
sl@0	741	}
sl@0	742	else if (strcmp(*argv,"-v") == 0)
sl@0	743	verbose=1;
sl@0	744	else if (strcmp(*argv,"-d") == 0)
sl@0	745	debug=1;
sl@0	746	else if (strcmp(*argv,"-reuse") == 0)
sl@0	747	reuse=1;
sl@0	748	else if (strcmp(*argv,"-dhe1024") == 0)
sl@0	749	{
sl@0	750	#ifndef OPENSSL_NO_DH
sl@0	751	dhe1024=1;
sl@0	752	#else
sl@0	753	fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
sl@0	754	#endif
sl@0	755	}
sl@0	756	else if (strcmp(*argv,"-dhe1024dsa") == 0)
sl@0	757	{
sl@0	758	#ifndef OPENSSL_NO_DH
sl@0	759	dhe1024dsa=1;
sl@0	760	#else
sl@0	761	fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
sl@0	762	#endif
sl@0	763	}
sl@0	764	else if (strcmp(*argv,"-no_dhe") == 0)
sl@0	765	no_dhe=1;
sl@0	766	else if (strcmp(*argv,"-no_ecdhe") == 0)
sl@0	767	no_ecdhe=1;
sl@0	768	else if (strcmp(*argv,"-ssl2") == 0)
sl@0	769	ssl2=1;
sl@0	770	else if (strcmp(*argv,"-tls1") == 0)
sl@0	771	tls1=1;
sl@0	772	else if (strcmp(*argv,"-ssl3") == 0)
sl@0	773	ssl3=1;
sl@0	774	else if (strncmp(*argv,"-num",4) == 0)
sl@0	775	{
sl@0	776	if (--argc < 1) goto bad;
sl@0	777	number= atoi(*(++argv));
sl@0	778	if (number == 0) number=1;
sl@0	779	}
sl@0	780	else if (strcmp(*argv,"-bytes") == 0)
sl@0	781	{
sl@0	782	if (--argc < 1) goto bad;
sl@0	783	bytes= atol(*(++argv));
sl@0	784	if (bytes == 0L) bytes=1L;
sl@0	785	i=strlen(argv[0]);
sl@0	786	if (argv[0][i-1] == 'k') bytes*=1024L;
sl@0	787	if (argv[0][i-1] == 'm') bytes=1024L1024L;
sl@0	788	}
sl@0	789	else if (strcmp(*argv,"-cert") == 0)
sl@0	790	{
sl@0	791	if (--argc < 1) goto bad;
sl@0	792	server_cert= *(++argv);
sl@0	793	}
sl@0	794	else if (strcmp(*argv,"-s_cert") == 0)
sl@0	795	{
sl@0	796	if (--argc < 1) goto bad;
sl@0	797	server_cert= *(++argv);
sl@0	798	}
sl@0	799	else if (strcmp(*argv,"-key") == 0)
sl@0	800	{
sl@0	801	if (--argc < 1) goto bad;
sl@0	802	server_key= *(++argv);
sl@0	803	}
sl@0	804	else if (strcmp(*argv,"-s_key") == 0)
sl@0	805	{
sl@0	806	if (--argc < 1) goto bad;
sl@0	807	server_key= *(++argv);
sl@0	808	}
sl@0	809	else if (strcmp(*argv,"-c_cert") == 0)
sl@0	810	{
sl@0	811	if (--argc < 1) goto bad;
sl@0	812	client_cert= *(++argv);
sl@0	813	}
sl@0	814	else if (strcmp(*argv,"-c_key") == 0)
sl@0	815	{
sl@0	816	if (--argc < 1) goto bad;
sl@0	817	client_key= *(++argv);
sl@0	818	}
sl@0	819	else if (strcmp(*argv,"-cipher") == 0)
sl@0	820	{
sl@0	821	if (--argc < 1) goto bad;
sl@0	822	cipher= *(++argv);
sl@0	823	}
sl@0	824	else if (strcmp(*argv,"-CApath") == 0)
sl@0	825	{
sl@0	826	if (--argc < 1) goto bad;
sl@0	827	CApath= *(++argv);
sl@0	828	}
sl@0	829	else if (strcmp(*argv,"-CAfile") == 0)
sl@0	830	{
sl@0	831	if (--argc < 1) goto bad;
sl@0	832	CAfile= *(++argv);
sl@0	833	}
sl@0	834	else if (strcmp(*argv,"-bio_pair") == 0)
sl@0	835	{
sl@0	836	bio_pair = 1;
sl@0	837	}
sl@0	838	else if (strcmp(*argv,"-f") == 0)
sl@0	839	{
sl@0	840	force = 1;
sl@0	841	}
sl@0	842	else if (strcmp(*argv,"-time") == 0)
sl@0	843	{
sl@0	844	print_time = 1;
sl@0	845	}
sl@0	846	else if (strcmp(*argv,"-zlib") == 0)
sl@0	847	{
sl@0	848	comp = COMP_ZLIB;
sl@0	849	}
sl@0	850	else if (strcmp(*argv,"-rle") == 0)
sl@0	851	{
sl@0	852	comp = COMP_RLE;
sl@0	853	}
sl@0	854	else if (strcmp(*argv,"-named_curve") == 0)
sl@0	855	{
sl@0	856	if (--argc < 1) goto bad;
sl@0	857	#ifndef OPENSSL_NO_ECDH
sl@0	858	named_curve = *(++argv);
sl@0	859	#else
sl@0	860	fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
sl@0	861	++argv;
sl@0	862	#endif
sl@0	863	}
sl@0	864	else if (strcmp(*argv,"-app_verify") == 0)
sl@0	865	{
sl@0	866	app_verify_arg.app_verify = 1;
sl@0	867	}
sl@0	868	else if (strcmp(*argv,"-proxy") == 0)
sl@0	869	{
sl@0	870	app_verify_arg.allow_proxy_certs = 1;
sl@0	871	}
sl@0	872	else if (strcmp(*argv,"-test_cipherlist") == 0)
sl@0	873	{
sl@0	874	test_cipherlist = 1;
sl@0	875	}
sl@0	876	else if (strcmp(*argv,"-symstore") == 0)
sl@0	877	{
sl@0	878	sym_store = 1;
sl@0	879	if(--argc >= 1)
sl@0	880	symfile= *(++argv);
sl@0	881	}
sl@0	882	else
sl@0	883	{
sl@0	884	fprintf(stderr,"unknown option %s\n",*argv);
sl@0	885	badop=1;
sl@0	886	break;
sl@0	887	}
sl@0	888	argc--;
sl@0	889	argv++;
sl@0	890	}
sl@0	891	if (badop)
sl@0	892	{
sl@0	893	bad:
sl@0	894	sv_usage();
sl@0	895	goto end;
sl@0	896	}
sl@0	897
sl@0	898	if (test_cipherlist == 1)
sl@0	899	{
sl@0	900	/* ensure that the cipher list are correctly sorted and exit */
sl@0	901	if (do_test_cipherlist() == 0)
sl@0	902	{
sl@0	903	fprintf(stderr, "FAILED:do_test_cipherlist\n");
sl@0	904	return 1;
sl@0	905	//EXIT(1);
sl@0	906	}
sl@0	907	ret = 0;
sl@0	908	goto end;
sl@0	909	}
sl@0	910
sl@0	911	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
sl@0	912	{
sl@0	913	fprintf(stderr, "This case cannot work. Use -f to perform "
sl@0	914	"the test anyway (and\n-d to see what happens), "
sl@0	915	"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
sl@0	916	"to avoid protocol mismatch.\n");
sl@0	917
sl@0	918	return 1;
sl@0	919	//EXIT(1);
sl@0	920	}
sl@0	921
sl@0	922	if (print_time)
sl@0	923	{
sl@0	924	if (!bio_pair)
sl@0	925	{
sl@0	926	fprintf(stderr, "Using BIO pair (-bio_pair)\n");
sl@0	927	bio_pair = 1;
sl@0	928	}
sl@0	929	if (number < 50 && !force)
sl@0	930	fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
sl@0	931	}
sl@0	932
sl@0	933	/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
sl@0	934
sl@0	935	SSL_library_init();
sl@0	936	SSL_load_error_strings();
sl@0	937
sl@0	938	#ifndef OPENSSL_NO_COMP
sl@0	939	if (comp == COMP_ZLIB) cm = COMP_zlib();
sl@0	940	if (comp == COMP_RLE) cm = COMP_rle();
sl@0	941	if (cm != NULL)
sl@0	942	{
sl@0	943	if (cm->type != NID_undef)
sl@0	944	{
sl@0	945	if (SSL_COMP_add_compression_method(comp, cm) != 0)
sl@0	946	{
sl@0	947	fprintf(stderr,
sl@0	948	"Failed to add compression method\n");
sl@0	949	ERR_print_errors_fp(stderr);
sl@0	950	}
sl@0	951	}
sl@0	952	else
sl@0	953	{
sl@0	954	fprintf(stderr,
sl@0	955	"Warning: %s compression not supported\n",
sl@0	956	(comp == COMP_RLE ? "rle" :
sl@0	957	(comp == COMP_ZLIB ? "zlib" :
sl@0	958	"unknown")));
sl@0	959	ERR_print_errors_fp(stderr);
sl@0	960	}
sl@0	961	}
sl@0	962	ssl_comp_methods = SSL_COMP_get_compression_methods();
sl@0	963	fprintf(stderr, "Available compression methods:\n");
sl@0	964	{
sl@0	965	int j, n = sk_SSL_COMP_num(ssl_comp_methods);
sl@0	966	if (n == 0)
sl@0	967	fprintf(stderr, " NONE\n");
sl@0	968	else
sl@0	969	for (j = 0; j < n; j++)
sl@0	970	{
sl@0	971	SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
sl@0	972	fprintf(stderr, " %d: %s\n", c->id, c->name);
sl@0	973	}
sl@0	974	}
sl@0	975	#endif
sl@0	976
sl@0	977	#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
sl@0	978	if (ssl2)
sl@0	979	meth=SSLv2_method();
sl@0	980	else
sl@0	981	if (tls1)
sl@0	982	meth=TLSv1_method();
sl@0	983	else
sl@0	984	if (ssl3)
sl@0	985	meth=SSLv3_method();
sl@0	986	else
sl@0	987	meth=SSLv23_method();
sl@0	988	#else
sl@0	989	#ifdef OPENSSL_NO_SSL2
sl@0	990	meth=SSLv3_method();
sl@0	991	#else
sl@0	992	meth=SSLv2_method();
sl@0	993	#endif
sl@0	994	#endif
sl@0	995
sl@0	996	c_ctx=SSL_CTX_new(meth);
sl@0	997	s_ctx=SSL_CTX_new(meth);
sl@0	998	if ((c_ctx == NULL) \|\| (s_ctx == NULL))
sl@0	999	{
sl@0	1000	ERR_print_errors(bio_err);
sl@0	1001	goto end;
sl@0	1002	}
sl@0	1003
sl@0	1004	if (cipher != NULL)
sl@0	1005	{
sl@0	1006	SSL_CTX_set_cipher_list(c_ctx,cipher);
sl@0	1007	SSL_CTX_set_cipher_list(s_ctx,cipher);
sl@0	1008	}
sl@0	1009
sl@0	1010	#ifndef OPENSSL_NO_DH
sl@0	1011	if (!no_dhe)
sl@0	1012	{
sl@0	1013	if (dhe1024dsa)
sl@0	1014	{
sl@0	1015	/* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
sl@0	1016	SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
sl@0	1017	dh=get_dh1024dsa();
sl@0	1018	}
sl@0	1019	else if (dhe1024)
sl@0	1020	dh=get_dh1024();
sl@0	1021	else
sl@0	1022	dh=get_dh512();
sl@0	1023	SSL_CTX_set_tmp_dh(s_ctx,dh);
sl@0	1024	DH_free(dh);
sl@0	1025	}
sl@0	1026	#else
sl@0	1027	(void)no_dhe;
sl@0	1028	#endif
sl@0	1029
sl@0	1030	#ifndef OPENSSL_NO_ECDH
sl@0	1031	if (!no_ecdhe)
sl@0	1032	{
sl@0	1033	int nid;
sl@0	1034
sl@0	1035	if (named_curve != NULL)
sl@0	1036	{
sl@0	1037	nid = OBJ_sn2nid(named_curve);
sl@0	1038	if (nid == 0)
sl@0	1039	{
sl@0	1040	BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
sl@0	1041	goto end;
sl@0	1042	}
sl@0	1043	}
sl@0	1044	else
sl@0	1045	nid = NID_sect163r2;
sl@0	1046
sl@0	1047	ecdh = EC_KEY_new_by_curve_name(nid);
sl@0	1048	if (ecdh == NULL)
sl@0	1049	{
sl@0	1050	BIO_printf(bio_err, "unable to create curve\n");
sl@0	1051	goto end;
sl@0	1052	}
sl@0	1053
sl@0	1054	SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
sl@0	1055	SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
sl@0	1056	EC_KEY_free(ecdh);
sl@0	1057	}
sl@0	1058	#else
sl@0	1059	(void)no_ecdhe;
sl@0	1060	#endif
sl@0	1061
sl@0	1062	#ifndef OPENSSL_NO_RSA
sl@0	1063	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
sl@0	1064	#endif
sl@0	1065
sl@0	1066	if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
sl@0	1067	{
sl@0	1068	ERR_print_errors(bio_err);
sl@0	1069	}
sl@0	1070	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
sl@0	1071	(server_key?server_key:server_cert), SSL_FILETYPE_PEM))
sl@0	1072	{
sl@0	1073	ERR_print_errors(bio_err);
sl@0	1074	goto end;
sl@0	1075	}
sl@0	1076
sl@0	1077	if (client_auth)
sl@0	1078	{
sl@0	1079	SSL_CTX_use_certificate_file(c_ctx,client_cert,
sl@0	1080	SSL_FILETYPE_PEM);
sl@0	1081	SSL_CTX_use_PrivateKey_file(c_ctx,
sl@0	1082	(client_key?client_key:client_cert),
sl@0	1083	SSL_FILETYPE_PEM);
sl@0	1084	}
sl@0	1085
sl@0	1086	#if (defined(SYMBIAN) && (defined(__WINSCW__) \|\| defined(__WINS__)))
sl@0	1087	sleep(30); //we sleep till the required servers are up
sl@0	1088	#endif
sl@0	1089
sl@0	1090	if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) \|\|
sl@0	1091	(!SSL_CTX_set_default_verify_paths(s_ctx)) \|\|
sl@0	1092	(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) \|\|
sl@0	1093	(!SSL_CTX_set_default_verify_paths(c_ctx)))
sl@0	1094	{
sl@0	1095	/* fprintf(stderr,"SSL_load_verify_locations\n"); */
sl@0	1096	ERR_print_errors(bio_err);
sl@0	1097	/* goto end; */
sl@0	1098	}
sl@0	1099	if(sym_store)
sl@0	1100	{
sl@0	1101	BIO_printf(bio_stdout,"certificates from symbian store\n");
sl@0	1102	if (!SSL_CTX_set_default_verify_paths(c_ctx))
sl@0	1103	{
sl@0	1104	BIO_printf(bio_err,"Failed to retrieve certificates from symbian store\n");
sl@0	1105	return 1;
sl@0	1106	}
sl@0	1107	else
sl@0	1108	{
sl@0	1109
sl@0	1110	BIO_printf(bio_stdout,"symbian certificates loaded\n");
sl@0	1111	if(symfile)
sl@0	1112	{
sl@0	1113	BIO_printf(bio_stdout,"symfile is not NULL\n");
sl@0	1114	io = BIO_new_file(symfile, "r");
sl@0	1115	if(!io)
sl@0	1116	{
sl@0	1117	return 1;
sl@0	1118	}
sl@0	1119
sl@0	1120	x509_inf_st = PEM_X509_INFO_read_bio(io, NULL, NULL, NULL);
sl@0	1121	BIO_free(io);
sl@0	1122
sl@0	1123	if(!x509_inf_st)
sl@0	1124	{
sl@0	1125	return 1;
sl@0	1126	}
sl@0	1127
sl@0	1128	x509_info = sk_X509_INFO_value(x509_inf_st, 0);
sl@0	1129	if(x509_info->x509)
sl@0	1130	{
sl@0	1131	BIO_printf(bio_stdout,"x509 structure is not null\n");
sl@0	1132	sk_X509_push(x509_sk,x509_info->x509);
sl@0	1133	X509_STORE_CTX_init(&st_ctx, c_ctx->cert_store, x509_info->x509, x509_sk);
sl@0	1134	BIO_printf(bio_stdout,"calling x509_verify_cert\n");
sl@0	1135	ret_match = X509_verify_cert(&st_ctx);
sl@0	1136	if( ret_match > 0 )
sl@0	1137	{
sl@0	1138	BIO_printf(bio_stdout,"Certificates match\n");
sl@0	1139	return 0;
sl@0	1140	}
sl@0	1141	else
sl@0	1142	{
sl@0	1143	BIO_printf(bio_err,"Certificates don match\n");
sl@0	1144	return -1;
sl@0	1145	}
sl@0	1146	}
sl@0	1147	}
sl@0	1148	else
sl@0	1149	{
sl@0	1150	return 0;
sl@0	1151	}
sl@0	1152
sl@0	1153	}
sl@0	1154	}
sl@0	1155	if (client_auth)
sl@0	1156	{
sl@0	1157	BIO_printf(bio_err,"client authentication\n");
sl@0	1158	SSL_CTX_set_verify(s_ctx,
sl@0	1159	SSL_VERIFY_PEER\|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
sl@0	1160	verify_callback);
sl@0	1161	SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
sl@0	1162	}
sl@0	1163	if (server_auth)
sl@0	1164	{
sl@0	1165	BIO_printf(bio_err,"server authentication\n");
sl@0	1166	SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
sl@0	1167	verify_callback);
sl@0	1168	SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
sl@0	1169	}
sl@0	1170
sl@0	1171	{
sl@0	1172	int session_id_context = 0;
sl@0	1173	SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
sl@0	1174	}
sl@0	1175
sl@0	1176	c_ssl=SSL_new(c_ctx);
sl@0	1177	s_ssl=SSL_new(s_ctx);
sl@0	1178
sl@0	1179	#ifndef OPENSSL_NO_KRB5
sl@0	1180	if (c_ssl && c_ssl->kssl_ctx)
sl@0	1181	{
sl@0	1182	char localhost[MAXHOSTNAMELEN+2];
sl@0	1183
sl@0	1184	if (gethostname(localhost, sizeof localhost-1) == 0)
sl@0	1185	{
sl@0	1186	localhost[sizeof localhost-1]='\0';
sl@0	1187	if(strlen(localhost) == sizeof localhost-1)
sl@0	1188	{
sl@0	1189	BIO_printf(bio_err,"localhost name too long\n");
sl@0	1190	goto end;
sl@0	1191	}
sl@0	1192	kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
sl@0	1193	localhost);
sl@0	1194	}
sl@0	1195	}
sl@0	1196	#endif /* OPENSSL_NO_KRB5 */
sl@0	1197
sl@0	1198	for (i=0; i<number; i++)
sl@0	1199	{
sl@0	1200	if (!reuse) SSL_set_session(c_ssl,NULL);
sl@0	1201	if (bio_pair)
sl@0	1202	{
sl@0	1203	ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
sl@0	1204
sl@0	1205	}
sl@0	1206
sl@0	1207	else
sl@0	1208	{
sl@0	1209
sl@0	1210	ret=doit(s_ssl,c_ssl,bytes);
sl@0	1211
sl@0	1212	}
sl@0	1213
sl@0	1214	}
sl@0	1215
sl@0	1216	if (!verbose)
sl@0	1217	{
sl@0	1218	print_details(c_ssl, "");
sl@0	1219	}
sl@0	1220	if ((number > 1) \|\| (bytes > 1L))
sl@0	1221	BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
sl@0	1222	if (print_time)
sl@0	1223	{
sl@0	1224	#ifdef CLOCKS_PER_SEC
sl@0	1225	/* "To determine the time in seconds, the value returned
sl@0	1226	* by the clock function should be divided by the value
sl@0	1227	* of the macro CLOCKS_PER_SEC."
sl@0	1228	* -- ISO/IEC 9899 */
sl@0	1229	BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
sl@0	1230	"Approximate total client time: %6.2f s\n",
sl@0	1231	(double)s_time/CLOCKS_PER_SEC,
sl@0	1232	(double)c_time/CLOCKS_PER_SEC);
sl@0	1233	#else
sl@0	1234	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
sl@0	1235	* -- cc on NeXTstep/OpenStep */
sl@0	1236	BIO_printf(bio_stdout,
sl@0	1237	"Approximate total server time: %6.2f units\n"
sl@0	1238	"Approximate total client time: %6.2f units\n",
sl@0	1239	(double)s_time,
sl@0	1240	(double)c_time);
sl@0	1241	#endif
sl@0	1242	}
sl@0	1243
sl@0	1244	SSL_free(s_ssl);
sl@0	1245	SSL_free(c_ssl);
sl@0	1246
sl@0	1247	end:
sl@0	1248	if (s_ctx != NULL) SSL_CTX_free(s_ctx);
sl@0	1249	if (c_ctx != NULL) SSL_CTX_free(c_ctx);
sl@0	1250
sl@0	1251	if (bio_stdout != NULL) BIO_free(bio_stdout);
sl@0	1252
sl@0	1253	#ifndef OPENSSL_NO_RSA
sl@0	1254	free_tmp_rsa();
sl@0	1255	#endif
sl@0	1256	#ifndef OPENSSL_NO_ENGINE
sl@0	1257	ENGINE_cleanup();
sl@0	1258	#endif
sl@0	1259	CRYPTO_cleanup_all_ex_data();
sl@0	1260	ERR_free_strings();
sl@0	1261	ERR_remove_state(0);
sl@0	1262	EVP_cleanup();
sl@0	1263	//CRYPTO_mem_leaks(bio_err);
sl@0	1264	if (bio_err != NULL) BIO_free(bio_err);
sl@0	1265	//getchar();
sl@0	1266	//EXIT(ret);
sl@0	1267	#ifdef SYMBIAN
sl@0	1268	testssl_deinit();
sl@0	1269	#endif
sl@0	1270	return ret;
sl@0	1271	}
sl@0	1272
sl@0	1273	int doit_biopair(SSL s_ssl, SSL c_ssl, long count,
sl@0	1274	clock_t s_time, clock_t c_time)
sl@0	1275	{
sl@0	1276	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
sl@0	1277	BIO s_ssl_bio = NULL, c_ssl_bio = NULL;
sl@0	1278	BIO server = NULL, server_io = NULL, client = NULL, client_io = NULL;
sl@0	1279	int ret = 1;
sl@0	1280
sl@0	1281	size_t bufsiz = 256; /* small buffer for testing */
sl@0	1282
sl@0	1283	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
sl@0	1284	goto err;
sl@0	1285	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
sl@0	1286	goto err;
sl@0	1287
sl@0	1288	s_ssl_bio = BIO_new(BIO_f_ssl());
sl@0	1289	if (!s_ssl_bio)
sl@0	1290	goto err;
sl@0	1291
sl@0	1292	c_ssl_bio = BIO_new(BIO_f_ssl());
sl@0	1293	if (!c_ssl_bio)
sl@0	1294	goto err;
sl@0	1295
sl@0	1296	SSL_set_connect_state(c_ssl);
sl@0	1297	SSL_set_bio(c_ssl, client, client);
sl@0	1298	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
sl@0	1299
sl@0	1300	SSL_set_accept_state(s_ssl);
sl@0	1301	SSL_set_bio(s_ssl, server, server);
sl@0	1302	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
sl@0	1303
sl@0	1304	do
sl@0	1305	{
sl@0	1306	/* c_ssl_bio: SSL filter BIO
sl@0	1307	*
sl@0	1308	* client: pseudo-I/O for SSL library
sl@0	1309	*
sl@0	1310	* client_io: client's SSL communication; usually to be
sl@0	1311	* relayed over some I/O facility, but in this
sl@0	1312	* test program, we're the server, too:
sl@0	1313	*
sl@0	1314	* server_io: server's SSL communication
sl@0	1315	*
sl@0	1316	* server: pseudo-I/O for SSL library
sl@0	1317	*
sl@0	1318	* s_ssl_bio: SSL filter BIO
sl@0	1319	*
sl@0	1320	* The client and the server each employ a "BIO pair":
sl@0	1321	* client + client_io, server + server_io.
sl@0	1322	* BIO pairs are symmetric. A BIO pair behaves similar
sl@0	1323	* to a non-blocking socketpair (but both endpoints must
sl@0	1324	* be handled by the same thread).
sl@0	1325	* [Here we could connect client and server to the ends
sl@0	1326	* of a single BIO pair, but then this code would be less
sl@0	1327	* suitable as an example for BIO pairs in general.]
sl@0	1328	*
sl@0	1329	* Useful functions for querying the state of BIO pair endpoints:
sl@0	1330	*
sl@0	1331	* BIO_ctrl_pending(bio) number of bytes we can read now
sl@0	1332	* BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
sl@0	1333	* other side's read attempt
sl@0	1334	* BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
sl@0	1335	*
sl@0	1336	* ..._read_request is never more than ..._write_guarantee;
sl@0	1337	* it depends on the application which one you should use.
sl@0	1338	*/
sl@0	1339
sl@0	1340	/* We have non-blocking behaviour throughout this test program, but
sl@0	1341	* can be sure that there is some progress in each iteration; so
sl@0	1342	* we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
sl@0	1343	* -- we just try everything in each iteration
sl@0	1344	*/
sl@0	1345
sl@0	1346	{
sl@0	1347	/* CLIENT */
sl@0	1348
sl@0	1349	//MS_STATIC char cbuf[1024*8];
sl@0	1350	MS_STATIC char cbuf[1024*2];
sl@0	1351	int i, r;
sl@0	1352	clock_t c_clock = clock();
sl@0	1353
sl@0	1354	memset(cbuf, 0, sizeof(cbuf));
sl@0	1355
sl@0	1356	if (debug)
sl@0	1357	if (SSL_in_init(c_ssl))
sl@0	1358	fprintf(stdout,"client waiting in SSL_connect - %s\n",
sl@0	1359	SSL_state_string_long(c_ssl));
sl@0	1360
sl@0	1361	if (cw_num > 0)
sl@0	1362	{
sl@0	1363	/* Write to server. */
sl@0	1364
sl@0	1365	if (cw_num > (long)sizeof cbuf)
sl@0	1366	i = sizeof cbuf;
sl@0	1367	else
sl@0	1368	i = (int)cw_num;
sl@0	1369	r = BIO_write(c_ssl_bio, cbuf, i);
sl@0	1370	if (r < 0)
sl@0	1371	{
sl@0	1372	if (!BIO_should_retry(c_ssl_bio))
sl@0	1373	{
sl@0	1374	fprintf(stderr,"ERROR in CLIENT\n");
sl@0	1375	goto err;
sl@0	1376	}
sl@0	1377	/* BIO_should_retry(...) can just be ignored here.
sl@0	1378	* The library expects us to call BIO_write with
sl@0	1379	* the same arguments again, and that's what we will
sl@0	1380	* do in the next iteration. */
sl@0	1381	}
sl@0	1382	else if (r == 0)
sl@0	1383	{
sl@0	1384	fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
sl@0	1385	goto err;
sl@0	1386	}
sl@0	1387	else
sl@0	1388	{
sl@0	1389	if (debug)
sl@0	1390	fprintf(stdout,"client wrote %d\n", r);
sl@0	1391	cw_num -= r;
sl@0	1392	}
sl@0	1393	}
sl@0	1394
sl@0	1395	if (cr_num > 0)
sl@0	1396	{
sl@0	1397	/* Read from server. */
sl@0	1398
sl@0	1399	r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
sl@0	1400	if (r < 0)
sl@0	1401	{
sl@0	1402	if (!BIO_should_retry(c_ssl_bio))
sl@0	1403	{
sl@0	1404	fprintf(stderr,"ERROR in CLIENT\n");
sl@0	1405	goto err;
sl@0	1406	}
sl@0	1407	/* Again, "BIO_should_retry" can be ignored. */
sl@0	1408	}
sl@0	1409	else if (r == 0)
sl@0	1410	{
sl@0	1411	fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
sl@0	1412	goto err;
sl@0	1413	}
sl@0	1414	else
sl@0	1415	{
sl@0	1416	if (debug)
sl@0	1417	fprintf(stdout,"client read %d\n", r);
sl@0	1418	cr_num -= r;
sl@0	1419	}
sl@0	1420	}
sl@0	1421
sl@0	1422	/* c_time and s_time increments will typically be very small
sl@0	1423	* (depending on machine speed and clock tick intervals),
sl@0	1424	* but sampling over a large number of connections should
sl@0	1425	* result in fairly accurate figures. We cannot guarantee
sl@0	1426	* a lot, however -- if each connection lasts for exactly
sl@0	1427	* one clock tick, it will be counted only for the client
sl@0	1428	* or only for the server or even not at all.
sl@0	1429	*/
sl@0	1430	*c_time += (clock() - c_clock);
sl@0	1431	}
sl@0	1432
sl@0	1433	{
sl@0	1434	/* SERVER */
sl@0	1435
sl@0	1436	//MS_STATIC char sbuf[1024*8];
sl@0	1437	MS_STATIC char sbuf[1024*2];
sl@0	1438	int i, r;
sl@0	1439	clock_t s_clock = clock();
sl@0	1440
sl@0	1441	memset(sbuf, 0, sizeof(sbuf));
sl@0	1442
sl@0	1443	if (debug)
sl@0	1444	if (SSL_in_init(s_ssl))
sl@0	1445	fprintf(stdout,"server waiting in SSL_accept - %s\n",
sl@0	1446	SSL_state_string_long(s_ssl));
sl@0	1447
sl@0	1448	if (sw_num > 0)
sl@0	1449	{
sl@0	1450	/* Write to client. */
sl@0	1451
sl@0	1452	if (sw_num > (long)sizeof sbuf)
sl@0	1453	i = sizeof sbuf;
sl@0	1454	else
sl@0	1455	i = (int)sw_num;
sl@0	1456	r = BIO_write(s_ssl_bio, sbuf, i);
sl@0	1457	if (r < 0)
sl@0	1458	{
sl@0	1459	if (!BIO_should_retry(s_ssl_bio))
sl@0	1460	{
sl@0	1461	fprintf(stderr,"ERROR in SERVER\n");
sl@0	1462	goto err;
sl@0	1463	}
sl@0	1464	/* Ignore "BIO_should_retry". */
sl@0	1465	}
sl@0	1466	else if (r == 0)
sl@0	1467	{
sl@0	1468	fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
sl@0	1469	goto err;
sl@0	1470	}
sl@0	1471	else
sl@0	1472	{
sl@0	1473	if (debug)
sl@0	1474	fprintf(stdout,"server wrote %d\n", r);
sl@0	1475	sw_num -= r;
sl@0	1476	}
sl@0	1477	}
sl@0	1478
sl@0	1479	if (sr_num > 0)
sl@0	1480	{
sl@0	1481	/* Read from client. */
sl@0	1482
sl@0	1483	r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
sl@0	1484	if (r < 0)
sl@0	1485	{
sl@0	1486	if (!BIO_should_retry(s_ssl_bio))
sl@0	1487	{
sl@0	1488	fprintf(stderr,"ERROR in SERVER\n");
sl@0	1489	goto err;
sl@0	1490	}
sl@0	1491	/* blah, blah */
sl@0	1492	}
sl@0	1493	else if (r == 0)
sl@0	1494	{
sl@0	1495	fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
sl@0	1496	goto err;
sl@0	1497	}
sl@0	1498	else
sl@0	1499	{
sl@0	1500	if (debug)
sl@0	1501	fprintf(stdout,"server read %d\n", r);
sl@0	1502	sr_num -= r;
sl@0	1503	}
sl@0	1504	}
sl@0	1505
sl@0	1506	*s_time += (clock() - s_clock);
sl@0	1507	}
sl@0	1508
sl@0	1509	{
sl@0	1510	/* "I/O" BETWEEN CLIENT AND SERVER. */
sl@0	1511
sl@0	1512	size_t r1, r2;
sl@0	1513	BIO io1 = server_io, io2 = client_io;
sl@0	1514	/* we use the non-copying interface for io1
sl@0	1515	* and the standard BIO_write/BIO_read interface for io2
sl@0	1516	*/
sl@0	1517
sl@0	1518	static int prev_progress = 1;
sl@0	1519	int progress = 0;
sl@0	1520
sl@0	1521	/* io1 to io2 */
sl@0	1522	do
sl@0	1523	{
sl@0	1524	size_t num;
sl@0	1525	int r;
sl@0	1526
sl@0	1527	r1 = BIO_ctrl_pending(io1);
sl@0	1528	r2 = BIO_ctrl_get_write_guarantee(io2);
sl@0	1529
sl@0	1530	num = r1;
sl@0	1531	if (r2 < num)
sl@0	1532	num = r2;
sl@0	1533	if (num)
sl@0	1534	{
sl@0	1535	char *dataptr;
sl@0	1536
sl@0	1537	if (INT_MAX < num) /* yeah, right */
sl@0	1538	num = INT_MAX;
sl@0	1539
sl@0	1540	r = BIO_nread(io1, &dataptr, (int)num);
sl@0	1541	assert(r > 0);
sl@0	1542	assert(r <= (int)num);
sl@0	1543	/* possibly r < num (non-contiguous data) */
sl@0	1544	num = r;
sl@0	1545	r = BIO_write(io2, dataptr, (int)num);
sl@0	1546	if (r != (int)num) /* can't happen */
sl@0	1547	{
sl@0	1548	fprintf(stderr, "ERROR: BIO_write could not write "
sl@0	1549	"BIO_ctrl_get_write_guarantee() bytes");
sl@0	1550	goto err;
sl@0	1551	}
sl@0	1552	progress = 1;
sl@0	1553
sl@0	1554	if (debug)
sl@0	1555	fprintf(stdout,(io1 == client_io) ?
sl@0	1556	"C->S relaying: %d bytes\n" :
sl@0	1557	"S->C relaying: %d bytes\n",
sl@0	1558	(int)num);
sl@0	1559	}
sl@0	1560	}
sl@0	1561	while (r1 && r2);
sl@0	1562
sl@0	1563	/* io2 to io1 */
sl@0	1564	{
sl@0	1565	size_t num;
sl@0	1566	int r;
sl@0	1567
sl@0	1568	r1 = BIO_ctrl_pending(io2);
sl@0	1569	r2 = BIO_ctrl_get_read_request(io1);
sl@0	1570	/* here we could use ..._get_write_guarantee instead of
sl@0	1571	* ..._get_read_request, but by using the latter
sl@0	1572	* we test restartability of the SSL implementation
sl@0	1573	* more thoroughly */
sl@0	1574	num = r1;
sl@0	1575	if (r2 < num)
sl@0	1576	num = r2;
sl@0	1577	if (num)
sl@0	1578	{
sl@0	1579	char *dataptr;
sl@0	1580
sl@0	1581	if (INT_MAX < num)
sl@0	1582	num = INT_MAX;
sl@0	1583
sl@0	1584	if (num > 1)
sl@0	1585	--num; /* test restartability even more thoroughly */
sl@0	1586
sl@0	1587	r = BIO_nwrite0(io1, &dataptr);
sl@0	1588	assert(r > 0);
sl@0	1589	if (r < (int)num)
sl@0	1590	num = r;
sl@0	1591	r = BIO_read(io2, dataptr, (int)num);
sl@0	1592	if (r != (int)num) /* can't happen */
sl@0	1593	{
sl@0	1594	fprintf(stderr, "ERROR: BIO_read could not read "
sl@0	1595	"BIO_ctrl_pending() bytes");
sl@0	1596	goto err;
sl@0	1597	}
sl@0	1598	progress = 1;
sl@0	1599	r = BIO_nwrite(io1, &dataptr, (int)num);
sl@0	1600	if (r != (int)num) /* can't happen */
sl@0	1601	{
sl@0	1602	fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
sl@0	1603	"BIO_nwrite0() bytes");
sl@0	1604	goto err;
sl@0	1605	}
sl@0	1606
sl@0	1607	if (debug)
sl@0	1608	fprintf(stdout,(io2 == client_io) ?
sl@0	1609	"C->S relaying: %d bytes\n" :
sl@0	1610	"S->C relaying: %d bytes\n",
sl@0	1611	(int)num);
sl@0	1612	}
sl@0	1613	} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
sl@0	1614
sl@0	1615	if (!progress && !prev_progress)
sl@0	1616	if (cw_num > 0 \|\| cr_num > 0 \|\| sw_num > 0 \|\| sr_num > 0)
sl@0	1617	{
sl@0	1618	fprintf(stderr, "ERROR: got stuck\n");
sl@0	1619	if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
sl@0	1620	{
sl@0	1621	fprintf(stderr, "This can happen for SSL2 because "
sl@0	1622	"CLIENT-FINISHED and SERVER-VERIFY are written \n"
sl@0	1623	"concurrently ...");
sl@0	1624	if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
sl@0	1625	&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
sl@0	1626	{
sl@0	1627	fprintf(stderr, " ok.\n");
sl@0	1628	goto end;
sl@0	1629	}
sl@0	1630	}
sl@0	1631	fprintf(stderr, " ERROR.\n");
sl@0	1632	goto err;
sl@0	1633	}
sl@0	1634	prev_progress = progress;
sl@0	1635	}
sl@0	1636	}
sl@0	1637	while (cw_num > 0 \|\| cr_num > 0 \|\| sw_num > 0 \|\| sr_num > 0);
sl@0	1638
sl@0	1639	if (verbose)
sl@0	1640	print_details(c_ssl, "DONE via BIO pair: ");
sl@0	1641	end:
sl@0	1642	ret = 0;
sl@0	1643
sl@0	1644	err:
sl@0	1645	ERR_print_errors(bio_err);
sl@0	1646
sl@0	1647	if (server)
sl@0	1648	BIO_free(server);
sl@0	1649	if (server_io)
sl@0	1650	BIO_free(server_io);
sl@0	1651	if (client)
sl@0	1652	BIO_free(client);
sl@0	1653	if (client_io)
sl@0	1654	BIO_free(client_io);
sl@0	1655	if (s_ssl_bio)
sl@0	1656	BIO_free(s_ssl_bio);
sl@0	1657	if (c_ssl_bio)
sl@0	1658	BIO_free(c_ssl_bio);
sl@0	1659
sl@0	1660	return ret;
sl@0	1661	}
sl@0	1662
sl@0	1663
sl@0	1664	#define W_READ 1
sl@0	1665	#define W_WRITE 2
sl@0	1666	#define C_DONE 1
sl@0	1667	#define S_DONE 2
sl@0	1668
sl@0	1669	int doit(SSL s_ssl, SSL c_ssl, long count)
sl@0	1670	{
sl@0	1671	//MS_STATIC char cbuf[10248],sbuf[10248];
sl@0	1672	MS_STATIC char cbuf[21024],sbuf[21024];
sl@0	1673	int ret=1;
sl@0	1674	BIO *c_to_s=NULL;
sl@0	1675	BIO *s_to_c=NULL;
sl@0	1676	BIO *c_bio=NULL;
sl@0	1677	BIO *s_bio=NULL;
sl@0	1678	int c_r,c_w,s_r,s_w;
sl@0	1679	int c_want,s_want;
sl@0	1680	int i,j;
sl@0	1681	int done=0;
sl@0	1682	int c_write,s_write;
sl@0	1683	int do_server=0,do_client=0;
sl@0	1684	unsigned int cw_num,cr_num;
sl@0	1685	unsigned int sw_num,sr_num;
sl@0	1686
sl@0	1687	cw_num=count;
sl@0	1688	cr_num=count;
sl@0	1689	sw_num=count;
sl@0	1690	sr_num=count;
sl@0	1691
sl@0	1692	memset(cbuf,0,sizeof(cbuf));
sl@0	1693	memset(sbuf,0,sizeof(sbuf));
sl@0	1694
sl@0	1695	c_to_s=BIO_new(BIO_s_mem());
sl@0	1696	s_to_c=BIO_new(BIO_s_mem());
sl@0	1697	if ((s_to_c == NULL) \|\| (c_to_s == NULL))
sl@0	1698	{
sl@0	1699	ERR_print_errors(bio_err);
sl@0	1700	goto err;
sl@0	1701	}
sl@0	1702
sl@0	1703	c_bio=BIO_new(BIO_f_ssl());
sl@0	1704	s_bio=BIO_new(BIO_f_ssl());
sl@0	1705
sl@0	1706
sl@0	1707	if ((c_bio == NULL) \|\| (s_bio == NULL))
sl@0	1708	{
sl@0	1709	ERR_print_errors(bio_err);
sl@0	1710	goto err;
sl@0	1711	}
sl@0	1712
sl@0	1713	SSL_set_connect_state(c_ssl);
sl@0	1714	SSL_set_bio(c_ssl,s_to_c,c_to_s);
sl@0	1715	BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
sl@0	1716	SSL_set_accept_state(s_ssl);
sl@0	1717	SSL_set_bio(s_ssl,c_to_s,s_to_c);
sl@0	1718	BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
sl@0	1719
sl@0	1720	c_r=0; s_r=1;
sl@0	1721	c_w=1; s_w=0;
sl@0	1722	c_want=W_WRITE;
sl@0	1723	s_want=0;
sl@0	1724	c_write=1,s_write=0;
sl@0	1725
sl@0	1726	/* We can always do writes */
sl@0	1727	for (;;)
sl@0	1728	{
sl@0	1729	do_server=0;
sl@0	1730	do_client=0;
sl@0	1731
sl@0	1732	i=(int)BIO_pending(s_bio);
sl@0	1733
sl@0	1734	if ((i && s_r) \|\| s_w) do_server=1;
sl@0	1735
sl@0	1736	i=(int)BIO_pending(c_bio);
sl@0	1737
sl@0	1738	if ((i && c_r) \|\| c_w) do_client=1;
sl@0	1739
sl@0	1740	if (do_server && debug)
sl@0	1741	{
sl@0	1742	if (SSL_in_init(s_ssl))
sl@0	1743	fprintf(stdout,"server waiting in SSL_accept - %s\n",
sl@0	1744	SSL_state_string_long(s_ssl));
sl@0	1745	/* else if (s_write)
sl@0	1746	printf("server:SSL_write()\n");
sl@0	1747	else
sl@0	1748	printf("server:SSL_read()\n"); */
sl@0	1749	}
sl@0	1750
sl@0	1751	if (do_client && debug)
sl@0	1752	{
sl@0	1753	if (SSL_in_init(c_ssl))
sl@0	1754	fprintf(stdout,"client waiting in SSL_connect - %s\n",
sl@0	1755	SSL_state_string_long(c_ssl));
sl@0	1756	/* else if (c_write)
sl@0	1757	printf("client:SSL_write()\n");
sl@0	1758	else
sl@0	1759	printf("client:SSL_read()\n"); */
sl@0	1760	}
sl@0	1761
sl@0	1762	if (!do_client && !do_server)
sl@0	1763	{
sl@0	1764	fprintf(stdout,"ERROR IN STARTUP\n");
sl@0	1765	ERR_print_errors(bio_err);
sl@0	1766	break;
sl@0	1767	}
sl@0	1768	if (do_client && !(done & C_DONE))
sl@0	1769	{
sl@0	1770	if (c_write)
sl@0	1771	{
sl@0	1772	j = (cw_num > (long)sizeof(cbuf)) ?
sl@0	1773	(int)sizeof(cbuf) : (int)cw_num;
sl@0	1774
sl@0	1775	i=BIO_write(c_bio,cbuf,j);
sl@0	1776
sl@0	1777	if (i < 0)
sl@0	1778	{
sl@0	1779	c_r=0;
sl@0	1780	c_w=0;
sl@0	1781	if (BIO_should_retry(c_bio))
sl@0	1782	{
sl@0	1783
sl@0	1784	if (BIO_should_read(c_bio))
sl@0	1785	{
sl@0	1786
sl@0	1787	c_r=1;
sl@0	1788	}
sl@0	1789
sl@0	1790	if (BIO_should_write(c_bio))
sl@0	1791	{
sl@0	1792
sl@0	1793	c_w=1;
sl@0	1794	}
sl@0	1795
sl@0	1796	}
sl@0	1797	else
sl@0	1798	{
sl@0	1799	fprintf(stderr,"ERROR in CLIENT\n");
sl@0	1800	ERR_print_errors(bio_err);
sl@0	1801	goto err;
sl@0	1802	}
sl@0	1803	}
sl@0	1804	else if (i == 0)
sl@0	1805	{
sl@0	1806	fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
sl@0	1807	goto err;
sl@0	1808	}
sl@0	1809	else
sl@0	1810	{
sl@0	1811	if (debug)
sl@0	1812	fprintf(stdout,"client wrote %d\n",i);
sl@0	1813	/* ok */
sl@0	1814	s_r=1;
sl@0	1815	c_write=0;
sl@0	1816	cw_num-=i;
sl@0	1817	}
sl@0	1818	}
sl@0	1819	else
sl@0	1820	{
sl@0	1821	i=BIO_read(c_bio,cbuf,sizeof(cbuf));
sl@0	1822	if (i < 0)
sl@0	1823	{
sl@0	1824	c_r=0;
sl@0	1825	c_w=0;
sl@0	1826	if (BIO_should_retry(c_bio))
sl@0	1827	{
sl@0	1828	if (BIO_should_read(c_bio))
sl@0	1829	c_r=1;
sl@0	1830	if (BIO_should_write(c_bio))
sl@0	1831	c_w=1;
sl@0	1832	}
sl@0	1833	else
sl@0	1834	{
sl@0	1835	fprintf(stderr,"ERROR in CLIENT\n");
sl@0	1836	ERR_print_errors(bio_err);
sl@0	1837	goto err;
sl@0	1838	}
sl@0	1839	}
sl@0	1840	else if (i == 0)
sl@0	1841	{
sl@0	1842	fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
sl@0	1843	goto err;
sl@0	1844	}
sl@0	1845	else
sl@0	1846	{
sl@0	1847	if (debug)
sl@0	1848	fprintf(stdout,"client read %d\n",i);
sl@0	1849	cr_num-=i;
sl@0	1850	if (sw_num > 0)
sl@0	1851	{
sl@0	1852	s_write=1;
sl@0	1853	s_w=1;
sl@0	1854	}
sl@0	1855	if (cr_num <= 0)
sl@0	1856	{
sl@0	1857	s_write=1;
sl@0	1858	s_w=1;
sl@0	1859	done=S_DONE\|C_DONE;
sl@0	1860	}
sl@0	1861	}
sl@0	1862	}
sl@0	1863	}
sl@0	1864
sl@0	1865	if (do_server && !(done & S_DONE))
sl@0	1866	{
sl@0	1867	if (!s_write)
sl@0	1868	{
sl@0	1869	i=BIO_read(s_bio,sbuf,sizeof(cbuf));
sl@0	1870	if (i < 0)
sl@0	1871	{
sl@0	1872	s_r=0;
sl@0	1873	s_w=0;
sl@0	1874	if (BIO_should_retry(s_bio))
sl@0	1875	{
sl@0	1876	if (BIO_should_read(s_bio))
sl@0	1877	s_r=1;
sl@0	1878	if (BIO_should_write(s_bio))
sl@0	1879	s_w=1;
sl@0	1880	}
sl@0	1881	else
sl@0	1882	{
sl@0	1883	fprintf(stderr,"ERROR in SERVER\n");
sl@0	1884	ERR_print_errors(bio_err);
sl@0	1885	goto err;
sl@0	1886	}
sl@0	1887	}
sl@0	1888	else if (i == 0)
sl@0	1889	{
sl@0	1890	ERR_print_errors(bio_err);
sl@0	1891	fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
sl@0	1892	goto err;
sl@0	1893	}
sl@0	1894	else
sl@0	1895	{
sl@0	1896	if (debug)
sl@0	1897	fprintf(stdout,"server read %d\n",i);
sl@0	1898	sr_num-=i;
sl@0	1899	if (cw_num > 0)
sl@0	1900	{
sl@0	1901	c_write=1;
sl@0	1902	c_w=1;
sl@0	1903	}
sl@0	1904	if (sr_num <= 0)
sl@0	1905	{
sl@0	1906	s_write=1;
sl@0	1907	s_w=1;
sl@0	1908	c_write=0;
sl@0	1909	}
sl@0	1910	}
sl@0	1911	}
sl@0	1912	else
sl@0	1913	{
sl@0	1914	j = (sw_num > (long)sizeof(sbuf)) ?
sl@0	1915	(int)sizeof(sbuf) : (int)sw_num;
sl@0	1916	i=BIO_write(s_bio,sbuf,j);
sl@0	1917	if (i < 0)
sl@0	1918	{
sl@0	1919	s_r=0;
sl@0	1920	s_w=0;
sl@0	1921	if (BIO_should_retry(s_bio))
sl@0	1922	{
sl@0	1923	if (BIO_should_read(s_bio))
sl@0	1924	s_r=1;
sl@0	1925	if (BIO_should_write(s_bio))
sl@0	1926	s_w=1;
sl@0	1927	}
sl@0	1928	else
sl@0	1929	{
sl@0	1930	fprintf(stderr,"ERROR in SERVER\n");
sl@0	1931	ERR_print_errors(bio_err);
sl@0	1932	goto err;
sl@0	1933	}
sl@0	1934	}
sl@0	1935	else if (i == 0)
sl@0	1936	{
sl@0	1937	ERR_print_errors(bio_err);
sl@0	1938	fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
sl@0	1939	goto err;
sl@0	1940	}
sl@0	1941	else
sl@0	1942	{
sl@0	1943	if (debug)
sl@0	1944	fprintf(stdout,"server wrote %d\n",i);
sl@0	1945	sw_num-=i;
sl@0	1946	s_write=0;
sl@0	1947	c_r=1;
sl@0	1948	if (sw_num <= 0)
sl@0	1949	done\|=S_DONE;
sl@0	1950	}
sl@0	1951	}
sl@0	1952	}
sl@0	1953
sl@0	1954	if ((done & S_DONE) && (done & C_DONE)) break;
sl@0	1955	}
sl@0	1956
sl@0	1957	if (verbose)
sl@0	1958	print_details(c_ssl, "DONE: ");
sl@0	1959	ret=0;
sl@0	1960	err:
sl@0	1961	/* We have to set the BIO's to NULL otherwise they will be
sl@0	1962	* OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
sl@0	1963	* again when c_ssl is SSL_free()ed.
sl@0	1964	* This is a hack required because s_ssl and c_ssl are sharing the same
sl@0	1965	* BIO structure and SSL_set_bio() and SSL_free() automatically
sl@0	1966	* BIO_free non NULL entries.
sl@0	1967	* You should not normally do this or be required to do this */
sl@0	1968	if (s_ssl != NULL)
sl@0	1969	{
sl@0	1970	s_ssl->rbio=NULL;
sl@0	1971	s_ssl->wbio=NULL;
sl@0	1972	}
sl@0	1973	if (c_ssl != NULL)
sl@0	1974	{
sl@0	1975	c_ssl->rbio=NULL;
sl@0	1976	c_ssl->wbio=NULL;
sl@0	1977	}
sl@0	1978
sl@0	1979	if (c_to_s != NULL) BIO_free(c_to_s);
sl@0	1980	if (s_to_c != NULL) BIO_free(s_to_c);
sl@0	1981	if (c_bio != NULL) BIO_free_all(c_bio);
sl@0	1982	if (s_bio != NULL) BIO_free_all(s_bio);
sl@0	1983	return(ret);
sl@0	1984	}
sl@0	1985
sl@0	1986	static int get_proxy_auth_ex_data_idx(void)
sl@0	1987	{
sl@0	1988	static volatile int idx = -1;
sl@0	1989	if (idx < 0)
sl@0	1990	{
sl@0	1991	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
sl@0	1992	if (idx < 0)
sl@0	1993	{
sl@0	1994	idx = X509_STORE_CTX_get_ex_new_index(0,
sl@0	1995	"SSLtest for verify callback", NULL,NULL,NULL);
sl@0	1996	}
sl@0	1997	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
sl@0	1998	}
sl@0	1999	return idx;
sl@0	2000	}
sl@0	2001
sl@0	2002	static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
sl@0	2003	{
sl@0	2004	char *s,buf[256];
sl@0	2005
sl@0	2006	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
sl@0	2007	sizeof buf);
sl@0	2008	if (s != NULL)
sl@0	2009	{
sl@0	2010	if (ok)
sl@0	2011	fprintf(stderr,"depth=%d %s\n",
sl@0	2012	ctx->error_depth,buf);
sl@0	2013	else
sl@0	2014	{
sl@0	2015	fprintf(stderr,"depth=%d error=%d %s\n",
sl@0	2016	ctx->error_depth,ctx->error,buf);
sl@0	2017	}
sl@0	2018	}
sl@0	2019
sl@0	2020	if (ok == 0)
sl@0	2021	{
sl@0	2022	fprintf(stderr,"Error string: %s\n",
sl@0	2023	X509_verify_cert_error_string(ctx->error));
sl@0	2024	switch (ctx->error)
sl@0	2025	{
sl@0	2026	case X509_V_ERR_CERT_NOT_YET_VALID:
sl@0	2027	case X509_V_ERR_CERT_HAS_EXPIRED:
sl@0	2028	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
sl@0	2029	fprintf(stderr," ... ignored.\n");
sl@0	2030	ok=1;
sl@0	2031	}
sl@0	2032	}
sl@0	2033
sl@0	2034	if (ok == 1)
sl@0	2035	{
sl@0	2036	X509 *xs = ctx->current_cert;
sl@0	2037	#if 0
sl@0	2038	X509 *xi = ctx->current_issuer;
sl@0	2039	#endif
sl@0	2040
sl@0	2041	if (xs->ex_flags & EXFLAG_PROXY)
sl@0	2042	{
sl@0	2043	unsigned int *letters =
sl@0	2044	X509_STORE_CTX_get_ex_data(ctx,
sl@0	2045	get_proxy_auth_ex_data_idx());
sl@0	2046
sl@0	2047	if (letters)
sl@0	2048	{
sl@0	2049	int found_any = 0;
sl@0	2050	int i;
sl@0	2051	PROXY_CERT_INFO_EXTENSION *pci =
sl@0	2052	X509_get_ext_d2i(xs, NID_proxyCertInfo,
sl@0	2053	NULL, NULL);
sl@0	2054
sl@0	2055	switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
sl@0	2056	{
sl@0	2057	case NID_Independent:
sl@0	2058	/* Completely meaningless in this
sl@0	2059	program, as there's no way to
sl@0	2060	grant explicit rights to a
sl@0	2061	specific PrC. Basically, using
sl@0	2062	id-ppl-Independent is the perfect
sl@0	2063	way to grant no rights at all. */
sl@0	2064	fprintf(stderr, " Independent proxy certificate");
sl@0	2065	for (i = 0; i < 26; i++)
sl@0	2066	letters[i] = 0;
sl@0	2067	break;
sl@0	2068	case NID_id_ppl_inheritAll:
sl@0	2069	/* This is basically a NOP, we
sl@0	2070	simply let the current rights
sl@0	2071	stand as they are. */
sl@0	2072	fprintf(stderr, " Proxy certificate inherits all");
sl@0	2073	break;
sl@0	2074	default:
sl@0	2075	s = (char *)
sl@0	2076	pci->proxyPolicy->policy->data;
sl@0	2077	i = pci->proxyPolicy->policy->length;
sl@0	2078
sl@0	2079	/* The algorithm works as follows:
sl@0	2080	it is assumed that previous
sl@0	2081	iterations or the initial granted
sl@0	2082	rights has already set some elements
sl@0	2083	of `letters'. What we need to do is
sl@0	2084	to clear those that weren't granted
sl@0	2085	by the current PrC as well. The
sl@0	2086	easiest way to do this is to add 1
sl@0	2087	to all the elements whose letters
sl@0	2088	are given with the current policy.
sl@0	2089	That way, all elements that are set
sl@0	2090	by the current policy and were
sl@0	2091	already set by earlier policies and
sl@0	2092	through the original grant of rights
sl@0	2093	will get the value 2 or higher.
sl@0	2094	The last thing to do is to sweep
sl@0	2095	through `letters' and keep the
sl@0	2096	elements having the value 2 as set,
sl@0	2097	and clear all the others. */
sl@0	2098
sl@0	2099	fprintf(stderr, " Certificate proxy rights = %.s", i, i, s);
sl@0	2100	while(i-- > 0)
sl@0	2101	{
sl@0	2102	int c = *s++;
sl@0	2103	if (isascii(c) && isalpha(c))
sl@0	2104	{
sl@0	2105	if (islower(c))
sl@0	2106	c = toupper(c);
sl@0	2107	letters[c - 'A']++;
sl@0	2108	}
sl@0	2109	}
sl@0	2110	for (i = 0; i < 26; i++)
sl@0	2111	if (letters[i] < 2)
sl@0	2112	letters[i] = 0;
sl@0	2113	else
sl@0	2114	letters[i] = 1;
sl@0	2115	}
sl@0	2116
sl@0	2117	found_any = 0;
sl@0	2118	fprintf(stderr,
sl@0	2119	", resulting proxy rights = ");
sl@0	2120	for(i = 0; i < 26; i++)
sl@0	2121	if (letters[i])
sl@0	2122	{
sl@0	2123	fprintf(stderr, "%c", i + 'A');
sl@0	2124	found_any = 1;
sl@0	2125	}
sl@0	2126	if (!found_any)
sl@0	2127	fprintf(stderr, "none");
sl@0	2128	fprintf(stderr, "\n");
sl@0	2129
sl@0	2130	PROXY_CERT_INFO_EXTENSION_free(pci);
sl@0	2131	}
sl@0	2132	}
sl@0	2133	}
sl@0	2134
sl@0	2135	return(ok);
sl@0	2136	}
sl@0	2137
sl@0	2138	static void process_proxy_debug(int indent, const char *format, ...)
sl@0	2139	{
sl@0	2140	static const char indentation[] =
sl@0	2141	">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
sl@0	2142	">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
sl@0	2143	char my_format[256];
sl@0	2144	va_list args;
sl@0	2145
sl@0	2146	BIO_snprintf(my_format, sizeof(my_format), "%.s %s",
sl@0	2147	indent, indent, indentation, format);
sl@0	2148
sl@0	2149	va_start(args, format);
sl@0	2150	vfprintf(stderr, my_format, args);
sl@0	2151	va_end(args);
sl@0	2152	}
sl@0	2153	/* Priority levels:
sl@0	2154	0 [!]var, ()
sl@0	2155	1 & ^
sl@0	2156	2 \|
sl@0	2157	*/
sl@0	2158	static int process_proxy_cond_adders(unsigned int letters[26],
sl@0	2159	const char cond, const char cond_end, int pos, int indent);
sl@0	2160	static int process_proxy_cond_val(unsigned int letters[26],
sl@0	2161	const char cond, const char cond_end, int pos, int indent)
sl@0	2162	{
sl@0	2163	int c;
sl@0	2164	int ok = 1;
sl@0	2165	int negate = 0;
sl@0	2166
sl@0	2167	while(isspace((int)*cond))
sl@0	2168	{
sl@0	2169	cond++; (*pos)++;
sl@0	2170	}
sl@0	2171	c = *cond;
sl@0	2172
sl@0	2173	if (debug)
sl@0	2174	process_proxy_debug(indent,
sl@0	2175	"Start process_proxy_cond_val at position %d: %s\n",
sl@0	2176	*pos, cond);
sl@0	2177
sl@0	2178	while(c == '!')
sl@0	2179	{
sl@0	2180	negate = !negate;
sl@0	2181	cond++; (*pos)++;
sl@0	2182	while(isspace((int)*cond))
sl@0	2183	{
sl@0	2184	cond++; (*pos)++;
sl@0	2185	}
sl@0	2186	c = *cond;
sl@0	2187	}
sl@0	2188
sl@0	2189	if (c == '(')
sl@0	2190	{
sl@0	2191	cond++; (*pos)++;
sl@0	2192	ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
sl@0	2193	indent + 1);
sl@0	2194	cond = *cond_end;
sl@0	2195	if (ok < 0)
sl@0	2196	goto end;
sl@0	2197	while(isspace((int)*cond))
sl@0	2198	{
sl@0	2199	cond++; (*pos)++;
sl@0	2200	}
sl@0	2201	c = *cond;
sl@0	2202	if (c != ')')
sl@0	2203	{
sl@0	2204	fprintf(stderr,
sl@0	2205	"Weird condition character in position %d: "
sl@0	2206	"%c\n", *pos, c);
sl@0	2207	ok = -1;
sl@0	2208	goto end;
sl@0	2209	}
sl@0	2210	cond++; (*pos)++;
sl@0	2211	}
sl@0	2212	else if (isascii(c) && isalpha(c))
sl@0	2213	{
sl@0	2214	if (islower(c))
sl@0	2215	c = toupper(c);
sl@0	2216	ok = letters[c - 'A'];
sl@0	2217	cond++; (*pos)++;
sl@0	2218	}
sl@0	2219	else
sl@0	2220	{
sl@0	2221	fprintf(stderr,
sl@0	2222	"Weird condition character in position %d: "
sl@0	2223	"%c\n", *pos, c);
sl@0	2224	ok = -1;
sl@0	2225	goto end;
sl@0	2226	}
sl@0	2227	end:
sl@0	2228	*cond_end = cond;
sl@0	2229	if (ok >= 0 && negate)
sl@0	2230	ok = !ok;
sl@0	2231
sl@0	2232	if (debug)
sl@0	2233	process_proxy_debug(indent,
sl@0	2234	"End process_proxy_cond_val at position %d: %s, returning %d\n",
sl@0	2235	*pos, cond, ok);
sl@0	2236
sl@0	2237	return ok;
sl@0	2238	}
sl@0	2239	static int process_proxy_cond_multipliers(unsigned int letters[26],
sl@0	2240	const char cond, const char cond_end, int pos, int indent)
sl@0	2241	{
sl@0	2242	int ok;
sl@0	2243	char c;
sl@0	2244
sl@0	2245	if (debug)
sl@0	2246	process_proxy_debug(indent,
sl@0	2247	"Start process_proxy_cond_multipliers at position %d: %s\n",
sl@0	2248	*pos, cond);
sl@0	2249
sl@0	2250	ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
sl@0	2251	cond = *cond_end;
sl@0	2252	if (ok < 0)
sl@0	2253	goto end;
sl@0	2254
sl@0	2255	while(ok >= 0)
sl@0	2256	{
sl@0	2257	while(isspace((int)*cond))
sl@0	2258	{
sl@0	2259	cond++; (*pos)++;
sl@0	2260	}
sl@0	2261	c = *cond;
sl@0	2262
sl@0	2263	switch(c)
sl@0	2264	{
sl@0	2265	case '&':
sl@0	2266	case '^':
sl@0	2267	{
sl@0	2268	int save_ok = ok;
sl@0	2269
sl@0	2270	cond++; (*pos)++;
sl@0	2271	ok = process_proxy_cond_val(letters,
sl@0	2272	cond, cond_end, pos, indent + 1);
sl@0	2273	cond = *cond_end;
sl@0	2274	if (ok < 0)
sl@0	2275	break;
sl@0	2276
sl@0	2277	switch(c)
sl@0	2278	{
sl@0	2279	case '&':
sl@0	2280	ok &= save_ok;
sl@0	2281	break;
sl@0	2282	case '^':
sl@0	2283	ok ^= save_ok;
sl@0	2284	break;
sl@0	2285	default:
sl@0	2286	fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
sl@0	2287	" STOPPING\n");
sl@0	2288	// return 1;
sl@0	2289	getchar();
sl@0	2290	//EXIT(1);
sl@0	2291	}
sl@0	2292	}
sl@0	2293	break;
sl@0	2294	default:
sl@0	2295	goto end;
sl@0	2296	}
sl@0	2297	}
sl@0	2298	end:
sl@0	2299	if (debug)
sl@0	2300	process_proxy_debug(indent,
sl@0	2301	"End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
sl@0	2302	*pos, cond, ok);
sl@0	2303
sl@0	2304	*cond_end = cond;
sl@0	2305	return ok;
sl@0	2306	}
sl@0	2307	static int process_proxy_cond_adders(unsigned int letters[26],
sl@0	2308	const char cond, const char cond_end, int pos, int indent)
sl@0	2309	{
sl@0	2310	int ok;
sl@0	2311	char c;
sl@0	2312
sl@0	2313	if (debug)
sl@0	2314	process_proxy_debug(indent,
sl@0	2315	"Start process_proxy_cond_adders at position %d: %s\n",
sl@0	2316	*pos, cond);
sl@0	2317
sl@0	2318	ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
sl@0	2319	indent + 1);
sl@0	2320	cond = *cond_end;
sl@0	2321	if (ok < 0)
sl@0	2322	goto end;
sl@0	2323
sl@0	2324	while(ok >= 0)
sl@0	2325	{
sl@0	2326	while(isspace((int)*cond))
sl@0	2327	{
sl@0	2328	cond++; (*pos)++;
sl@0	2329	}
sl@0	2330	c = *cond;
sl@0	2331
sl@0	2332	switch(c)
sl@0	2333	{
sl@0	2334	case '\|':
sl@0	2335	{
sl@0	2336	int save_ok = ok;
sl@0	2337
sl@0	2338	cond++; (*pos)++;
sl@0	2339	ok = process_proxy_cond_multipliers(letters,
sl@0	2340	cond, cond_end, pos, indent + 1);
sl@0	2341	cond = *cond_end;
sl@0	2342	if (ok < 0)
sl@0	2343	break;
sl@0	2344
sl@0	2345	switch(c)
sl@0	2346	{
sl@0	2347	case '\|':
sl@0	2348	ok \|= save_ok;
sl@0	2349	break;
sl@0	2350	default:
sl@0	2351	fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
sl@0	2352	" STOPPING\n");
sl@0	2353	//return 1;
sl@0	2354	getchar();
sl@0	2355	//EXIT(1);
sl@0	2356	}
sl@0	2357	}
sl@0	2358	break;
sl@0	2359	default:
sl@0	2360	goto end;
sl@0	2361	}
sl@0	2362	}
sl@0	2363	end:
sl@0	2364	if (debug)
sl@0	2365	process_proxy_debug(indent,
sl@0	2366	"End process_proxy_cond_adders at position %d: %s, returning %d\n",
sl@0	2367	*pos, cond, ok);
sl@0	2368
sl@0	2369	*cond_end = cond;
sl@0	2370	return ok;
sl@0	2371	}
sl@0	2372
sl@0	2373	static int process_proxy_cond(unsigned int letters[26],
sl@0	2374	const char cond, const char *cond_end)
sl@0	2375	{
sl@0	2376	int pos = 1;
sl@0	2377	return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
sl@0	2378	}
sl@0	2379
sl@0	2380	static int MS_CALLBACK app_verify_callback(X509_STORE_CTX ctx, void arg)
sl@0	2381	{
sl@0	2382	int ok=1;
sl@0	2383	struct app_verify_arg *cb_arg = arg;
sl@0	2384	unsigned int letters[26]; /* only used with proxy_auth */
sl@0	2385
sl@0	2386	if (cb_arg->app_verify)
sl@0	2387	{
sl@0	2388	char *s = NULL,buf[256];
sl@0	2389
sl@0	2390	fprintf(stderr, "In app_verify_callback, allowing cert. ");
sl@0	2391	fprintf(stderr, "Arg is: %s\n", cb_arg->string);
sl@0	2392	fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
sl@0	2393	(void )ctx, (void )ctx->cert);
sl@0	2394	if (ctx->cert)
sl@0	2395	s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
sl@0	2396	if (s != NULL)
sl@0	2397	{
sl@0	2398	fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
sl@0	2399	}
sl@0	2400	return(1);
sl@0	2401	}
sl@0	2402	if (cb_arg->proxy_auth)
sl@0	2403	{
sl@0	2404	int found_any = 0, i;
sl@0	2405	char *sp;
sl@0	2406
sl@0	2407	for(i = 0; i < 26; i++)
sl@0	2408	letters[i] = 0;
sl@0	2409	for(sp = cb_arg->proxy_auth; *sp; sp++)
sl@0	2410	{
sl@0	2411	int c = *sp;
sl@0	2412	if (isascii(c) && isalpha(c))
sl@0	2413	{
sl@0	2414	if (islower(c))
sl@0	2415	c = toupper(c);
sl@0	2416	letters[c - 'A'] = 1;
sl@0	2417	}
sl@0	2418	}
sl@0	2419
sl@0	2420	fprintf(stderr,
sl@0	2421	" Initial proxy rights = ");
sl@0	2422	for(i = 0; i < 26; i++)
sl@0	2423	if (letters[i])
sl@0	2424	{
sl@0	2425	fprintf(stderr, "%c", i + 'A');
sl@0	2426	found_any = 1;
sl@0	2427	}
sl@0	2428	if (!found_any)
sl@0	2429	fprintf(stderr, "none");
sl@0	2430	fprintf(stderr, "\n");
sl@0	2431
sl@0	2432	X509_STORE_CTX_set_ex_data(ctx,
sl@0	2433	get_proxy_auth_ex_data_idx(),letters);
sl@0	2434	}
sl@0	2435	if (cb_arg->allow_proxy_certs)
sl@0	2436	{
sl@0	2437	X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
sl@0	2438	}
sl@0	2439
sl@0	2440	#ifndef OPENSSL_NO_X509_VERIFY
sl@0	2441	# ifdef OPENSSL_FIPS
sl@0	2442	if(s->version == TLS1_VERSION)
sl@0	2443	FIPS_allow_md5(1);
sl@0	2444	# endif
sl@0	2445	ok = X509_verify_cert(ctx);
sl@0	2446	# ifdef OPENSSL_FIPS
sl@0	2447	if(s->version == TLS1_VERSION)
sl@0	2448	FIPS_allow_md5(0);
sl@0	2449	# endif
sl@0	2450	#endif
sl@0	2451
sl@0	2452	if (cb_arg->proxy_auth)
sl@0	2453	{
sl@0	2454	if (ok)
sl@0	2455	{
sl@0	2456	const char *cond_end = NULL;
sl@0	2457
sl@0	2458	ok = process_proxy_cond(letters,
sl@0	2459	cb_arg->proxy_cond, &cond_end);
sl@0	2460
sl@0	2461	if (ok < 0)
sl@0	2462	getchar();
sl@0	2463	return 3;
sl@0	2464	//EXIT(3);
sl@0	2465	if (*cond_end)
sl@0	2466	{
sl@0	2467	fprintf(stderr, "Stopped processing condition before it's end.\n");
sl@0	2468	ok = 0;
sl@0	2469	}
sl@0	2470	if (!ok)
sl@0	2471	fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
sl@0	2472	cb_arg->proxy_cond);
sl@0	2473	else
sl@0	2474	fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
sl@0	2475	cb_arg->proxy_cond);
sl@0	2476	}
sl@0	2477	}
sl@0	2478	return(ok);
sl@0	2479	}
sl@0	2480
sl@0	2481	#ifndef OPENSSL_NO_RSA
sl@0	2482	static RSA *rsa_tmp=NULL;
sl@0	2483
sl@0	2484	static RSA MS_CALLBACK tmp_rsa_cb(SSL s, int is_export, int keylength)
sl@0	2485	{
sl@0	2486	BIGNUM *bn = NULL;
sl@0	2487	if (rsa_tmp == NULL)
sl@0	2488	{
sl@0	2489	bn = BN_new();
sl@0	2490	rsa_tmp = RSA_new();
sl@0	2491	if(!bn \|\| !rsa_tmp \|\| !BN_set_word(bn, RSA_F4))
sl@0	2492	{
sl@0	2493	BIO_printf(bio_err, "Memory error...");
sl@0	2494	goto end;
sl@0	2495	}
sl@0	2496	BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
sl@0	2497	(void)BIO_flush(bio_err);
sl@0	2498	if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
sl@0	2499	{
sl@0	2500	BIO_printf(bio_err, "Error generating key.");
sl@0	2501	RSA_free(rsa_tmp);
sl@0	2502	rsa_tmp = NULL;
sl@0	2503	}
sl@0	2504	end:
sl@0	2505	BIO_printf(bio_err,"\n");
sl@0	2506	(void)BIO_flush(bio_err);
sl@0	2507	}
sl@0	2508	if(bn) BN_free(bn);
sl@0	2509	return(rsa_tmp);
sl@0	2510	}
sl@0	2511
sl@0	2512	static void free_tmp_rsa(void)
sl@0	2513	{
sl@0	2514	if (rsa_tmp != NULL)
sl@0	2515	{
sl@0	2516	RSA_free(rsa_tmp);
sl@0	2517	rsa_tmp = NULL;
sl@0	2518	}
sl@0	2519	}
sl@0	2520	#endif
sl@0	2521
sl@0	2522	#ifndef OPENSSL_NO_DH
sl@0	2523	/* These DH parameters have been generated as follows:
sl@0	2524	* $ openssl dhparam -C -noout 512
sl@0	2525	* $ openssl dhparam -C -noout 1024
sl@0	2526	* $ openssl dhparam -C -noout -dsaparam 1024
sl@0	2527	* (The third function has been renamed to avoid name conflicts.)
sl@0	2528	*/
sl@0	2529	static DH *get_dh512()
sl@0	2530	{
sl@0	2531	static unsigned char dh512_p[]={
sl@0	2532	0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
sl@0	2533	0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
sl@0	2534	0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
sl@0	2535	0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
sl@0	2536	0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
sl@0	2537	0x02,0xC5,0xAE,0x23,
sl@0	2538	};
sl@0	2539	static unsigned char dh512_g[]={
sl@0	2540	0x02,
sl@0	2541	};
sl@0	2542	DH *dh;
sl@0	2543
sl@0	2544	if ((dh=DH_new()) == NULL) return(NULL);
sl@0	2545	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
sl@0	2546	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
sl@0	2547	if ((dh->p == NULL) \|\| (dh->g == NULL))
sl@0	2548	{ DH_free(dh); return(NULL); }
sl@0	2549	return(dh);
sl@0	2550	}
sl@0	2551
sl@0	2552	static DH *get_dh1024()
sl@0	2553	{
sl@0	2554	static unsigned char dh1024_p[]={
sl@0	2555	0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
sl@0	2556	0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
sl@0	2557	0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
sl@0	2558	0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
sl@0	2559	0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
sl@0	2560	0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
sl@0	2561	0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
sl@0	2562	0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
sl@0	2563	0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
sl@0	2564	0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
sl@0	2565	0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
sl@0	2566	};
sl@0	2567	static unsigned char dh1024_g[]={
sl@0	2568	0x02,
sl@0	2569	};
sl@0	2570	DH *dh;
sl@0	2571
sl@0	2572	if ((dh=DH_new()) == NULL) return(NULL);
sl@0	2573	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
sl@0	2574	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
sl@0	2575	if ((dh->p == NULL) \|\| (dh->g == NULL))
sl@0	2576	{ DH_free(dh); return(NULL); }
sl@0	2577	return(dh);
sl@0	2578	}
sl@0	2579
sl@0	2580	static DH *get_dh1024dsa()
sl@0	2581	{
sl@0	2582	static unsigned char dh1024_p[]={
sl@0	2583	0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
sl@0	2584	0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
sl@0	2585	0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
sl@0	2586	0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
sl@0	2587	0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
sl@0	2588	0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
sl@0	2589	0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
sl@0	2590	0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
sl@0	2591	0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
sl@0	2592	0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
sl@0	2593	0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
sl@0	2594	};
sl@0	2595	static unsigned char dh1024_g[]={
sl@0	2596	0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
sl@0	2597	0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
sl@0	2598	0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
sl@0	2599	0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
sl@0	2600	0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
sl@0	2601	0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
sl@0	2602	0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
sl@0	2603	0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
sl@0	2604	0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
sl@0	2605	0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
sl@0	2606	0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
sl@0	2607	};
sl@0	2608	DH *dh;
sl@0	2609
sl@0	2610	if ((dh=DH_new()) == NULL) return(NULL);
sl@0	2611	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
sl@0	2612	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
sl@0	2613	if ((dh->p == NULL) \|\| (dh->g == NULL))
sl@0	2614	{ DH_free(dh); return(NULL); }
sl@0	2615	dh->length = 160;
sl@0	2616	return(dh);
sl@0	2617	}
sl@0	2618
sl@0	2619	static int do_test_cipherlist(void)
sl@0	2620	{
sl@0	2621	int i = 0;
sl@0	2622	const SSL_METHOD *meth;
sl@0	2623	SSL_CIPHER ci, tci = NULL;
sl@0	2624
sl@0	2625	fprintf(stderr, "testing SSLv2 cipher list order: ");
sl@0	2626	meth = SSLv2_method();
sl@0	2627	while ((ci = meth->get_cipher(i++)) != NULL)
sl@0	2628	{
sl@0	2629	if (tci != NULL)
sl@0	2630	if (ci->id >= tci->id)
sl@0	2631	{
sl@0	2632	fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
sl@0	2633	return 0;
sl@0	2634	}
sl@0	2635	tci = ci;
sl@0	2636	}
sl@0	2637	fprintf(stderr, "ok\n");
sl@0	2638
sl@0	2639	fprintf(stderr, "testing SSLv3 cipher list order: ");
sl@0	2640	meth = SSLv3_method();
sl@0	2641	tci = NULL;
sl@0	2642	while ((ci = meth->get_cipher(i++)) != NULL)
sl@0	2643	{
sl@0	2644	if (tci != NULL)
sl@0	2645	if (ci->id >= tci->id)
sl@0	2646	{
sl@0	2647	fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
sl@0	2648	return 0;
sl@0	2649	}
sl@0	2650	tci = ci;
sl@0	2651	}
sl@0	2652	fprintf(stderr, "ok\n");
sl@0	2653
sl@0	2654	fprintf(stderr, "testing TLSv1 cipher list order: ");
sl@0	2655	meth = TLSv1_method();
sl@0	2656	tci = NULL;
sl@0	2657	while ((ci = meth->get_cipher(i++)) != NULL)
sl@0	2658	{
sl@0	2659	if (tci != NULL)
sl@0	2660	if (ci->id >= tci->id)
sl@0	2661	{
sl@0	2662	fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
sl@0	2663	return 0;
sl@0	2664	}
sl@0	2665	tci = ci;
sl@0	2666	}
sl@0	2667	fprintf(stderr, "ok\n");
sl@0	2668
sl@0	2669	return 1;
sl@0	2670	}
sl@0	2671	#endif

author	sl@SLION-WIN7.fritz.box
	Fri, 15 Jun 2012 03:10:57 +0200 (2012-06-15)
changeset 0	bde4ae8d615e
permissions	-rw-r--r--