]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* ssl/ssltest.c */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include <stdlib.h> | |
61 | #include <string.h> | |
62 | #include <errno.h> | |
17e3dd1c BM |
63 | |
64 | #ifndef FLAT_INC | |
65 | # include "../e_os.h" | |
66 | #else | |
67 | # include "e_os.h" | |
68 | #endif | |
69 | ||
ec577822 BM |
70 | #include <openssl/bio.h> |
71 | #include <openssl/crypto.h> | |
72 | #include <openssl/x509.h> | |
73 | #include <openssl/ssl.h> | |
74 | #include <openssl/err.h> | |
58964a49 | 75 | #ifdef WINDOWS |
d02b48c6 RE |
76 | #include "../crypto/bio/bss_file.c" |
77 | #endif | |
78 | ||
79df9d62 UM |
79 | #if defined(NO_RSA) && !defined(NO_SSL2) |
80 | #define NO_SSL2 | |
81 | #endif | |
82 | ||
7d7d2cbc UM |
83 | #ifdef VMS |
84 | # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM" | |
85 | # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM" | |
86 | #else | |
87 | # define TEST_SERVER_CERT "../apps/server.pem" | |
88 | # define TEST_CLIENT_CERT "../apps/client.pem" | |
89 | #endif | |
d02b48c6 | 90 | |
d02b48c6 | 91 | int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
79df9d62 | 92 | #ifndef NO_RSA |
60e31c3a | 93 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength); |
79df9d62 UM |
94 | #endif |
95 | #ifndef NO_DH | |
d02b48c6 | 96 | static DH *get_dh512(void); |
58964a49 | 97 | #endif |
d02b48c6 RE |
98 | BIO *bio_err=NULL; |
99 | BIO *bio_stdout=NULL; | |
100 | ||
101 | static char *cipher=NULL; | |
102 | int verbose=0; | |
58964a49 | 103 | int debug=0; |
d02b48c6 RE |
104 | #ifdef FIONBIO |
105 | static int s_nbio=0; | |
106 | #endif | |
107 | ||
108 | ||
58964a49 | 109 | int doit(SSL *s_ssl,SSL *c_ssl,long bytes); |
6b691a5c | 110 | static void sv_usage(void) |
d02b48c6 RE |
111 | { |
112 | fprintf(stderr,"usage: ssltest [args ...]\n"); | |
113 | fprintf(stderr,"\n"); | |
114 | fprintf(stderr," -server_auth - check server certificate\n"); | |
115 | fprintf(stderr," -client_auth - do client authentication\n"); | |
116 | fprintf(stderr," -v - more output\n"); | |
58964a49 RE |
117 | fprintf(stderr," -d - debug output\n"); |
118 | fprintf(stderr," -reuse - use session-id reuse\n"); | |
119 | fprintf(stderr," -num <val> - number of connections to perform\n"); | |
120 | fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n"); | |
d02b48c6 RE |
121 | #ifndef NO_SSL2 |
122 | fprintf(stderr," -ssl2 - use SSLv2\n"); | |
123 | #endif | |
124 | #ifndef NO_SSL3 | |
125 | fprintf(stderr," -ssl3 - use SSLv3\n"); | |
58964a49 RE |
126 | #endif |
127 | #ifndef NO_TLS1 | |
128 | fprintf(stderr," -tls1 - use TLSv1\n"); | |
d02b48c6 RE |
129 | #endif |
130 | fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); | |
131 | fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); | |
58964a49 RE |
132 | fprintf(stderr," -cert arg - Certificate file\n"); |
133 | fprintf(stderr," -s_cert arg - Just the server certificate file\n"); | |
134 | fprintf(stderr," -c_cert arg - Just the client certificate file\n"); | |
135 | fprintf(stderr," -cipher arg - The cipher list\n"); | |
d02b48c6 RE |
136 | } |
137 | ||
6b691a5c | 138 | int main(int argc, char *argv[]) |
d02b48c6 RE |
139 | { |
140 | char *CApath=NULL,*CAfile=NULL; | |
141 | int badop=0; | |
58964a49 | 142 | int tls1=0,ssl2=0,ssl3=0,ret=1; |
d02b48c6 | 143 | int client_auth=0; |
58964a49 | 144 | int server_auth=0,i; |
d02b48c6 RE |
145 | char *server_cert=TEST_SERVER_CERT; |
146 | char *client_cert=TEST_CLIENT_CERT; | |
147 | SSL_CTX *s_ctx=NULL; | |
148 | SSL_CTX *c_ctx=NULL; | |
149 | SSL_METHOD *meth=NULL; | |
58964a49 RE |
150 | SSL *c_ssl,*s_ssl; |
151 | int number=1,reuse=0; | |
152 | long bytes=1L; | |
153 | SSL_CIPHER *ciph; | |
154 | #ifndef NO_DH | |
d02b48c6 | 155 | DH *dh; |
58964a49 | 156 | #endif |
d02b48c6 RE |
157 | |
158 | bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); | |
159 | bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); | |
160 | ||
161 | CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); | |
162 | ||
163 | argc--; | |
164 | argv++; | |
165 | ||
166 | while (argc >= 1) | |
167 | { | |
168 | if (strcmp(*argv,"-server_auth") == 0) | |
169 | server_auth=1; | |
170 | else if (strcmp(*argv,"-client_auth") == 0) | |
171 | client_auth=1; | |
172 | else if (strcmp(*argv,"-v") == 0) | |
173 | verbose=1; | |
58964a49 RE |
174 | else if (strcmp(*argv,"-d") == 0) |
175 | debug=1; | |
176 | else if (strcmp(*argv,"-reuse") == 0) | |
177 | reuse=1; | |
d02b48c6 RE |
178 | else if (strcmp(*argv,"-ssl2") == 0) |
179 | ssl2=1; | |
58964a49 RE |
180 | else if (strcmp(*argv,"-tls1") == 0) |
181 | tls1=1; | |
d02b48c6 RE |
182 | else if (strcmp(*argv,"-ssl3") == 0) |
183 | ssl3=1; | |
58964a49 RE |
184 | else if (strncmp(*argv,"-num",4) == 0) |
185 | { | |
186 | if (--argc < 1) goto bad; | |
187 | number= atoi(*(++argv)); | |
188 | if (number == 0) number=1; | |
189 | } | |
190 | else if (strcmp(*argv,"-bytes") == 0) | |
191 | { | |
192 | if (--argc < 1) goto bad; | |
193 | bytes= atol(*(++argv)); | |
194 | if (bytes == 0L) bytes=1L; | |
195 | i=strlen(argv[0]); | |
196 | if (argv[0][i-1] == 'k') bytes*=1024L; | |
197 | if (argv[0][i-1] == 'm') bytes*=1024L*1024L; | |
198 | } | |
d02b48c6 RE |
199 | else if (strcmp(*argv,"-cert") == 0) |
200 | { | |
201 | if (--argc < 1) goto bad; | |
202 | server_cert= *(++argv); | |
203 | } | |
204 | else if (strcmp(*argv,"-s_cert") == 0) | |
205 | { | |
206 | if (--argc < 1) goto bad; | |
207 | server_cert= *(++argv); | |
208 | } | |
209 | else if (strcmp(*argv,"-c_cert") == 0) | |
210 | { | |
211 | if (--argc < 1) goto bad; | |
212 | client_cert= *(++argv); | |
213 | } | |
214 | else if (strcmp(*argv,"-cipher") == 0) | |
215 | { | |
216 | if (--argc < 1) goto bad; | |
217 | cipher= *(++argv); | |
218 | } | |
219 | else if (strcmp(*argv,"-CApath") == 0) | |
220 | { | |
221 | if (--argc < 1) goto bad; | |
222 | CApath= *(++argv); | |
223 | } | |
224 | else if (strcmp(*argv,"-CAfile") == 0) | |
225 | { | |
226 | if (--argc < 1) goto bad; | |
227 | CAfile= *(++argv); | |
228 | } | |
229 | else | |
230 | { | |
231 | fprintf(stderr,"unknown option %s\n",*argv); | |
232 | badop=1; | |
233 | break; | |
234 | } | |
235 | argc--; | |
236 | argv++; | |
237 | } | |
238 | if (badop) | |
239 | { | |
240 | bad: | |
241 | sv_usage(); | |
242 | goto end; | |
243 | } | |
244 | ||
245 | /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ | |
246 | ||
413c4f45 | 247 | SSL_library_init(); |
d02b48c6 RE |
248 | SSL_load_error_strings(); |
249 | ||
250 | #if !defined(NO_SSL2) && !defined(NO_SSL3) | |
251 | if (ssl2) | |
252 | meth=SSLv2_method(); | |
253 | else | |
58964a49 RE |
254 | if (tls1) |
255 | meth=TLSv1_method(); | |
256 | else | |
d02b48c6 RE |
257 | if (ssl3) |
258 | meth=SSLv3_method(); | |
259 | else | |
260 | meth=SSLv23_method(); | |
261 | #else | |
262 | #ifdef NO_SSL2 | |
263 | meth=SSLv3_method(); | |
264 | #else | |
265 | meth=SSLv2_method(); | |
266 | #endif | |
267 | #endif | |
268 | ||
269 | c_ctx=SSL_CTX_new(meth); | |
270 | s_ctx=SSL_CTX_new(meth); | |
271 | if ((c_ctx == NULL) || (s_ctx == NULL)) | |
272 | { | |
273 | ERR_print_errors(bio_err); | |
274 | goto end; | |
275 | } | |
276 | ||
277 | if (cipher != NULL) | |
278 | { | |
279 | SSL_CTX_set_cipher_list(c_ctx,cipher); | |
280 | SSL_CTX_set_cipher_list(s_ctx,cipher); | |
281 | } | |
282 | ||
283 | #ifndef NO_DH | |
284 | dh=get_dh512(); | |
285 | SSL_CTX_set_tmp_dh(s_ctx,dh); | |
58964a49 RE |
286 | DH_free(dh); |
287 | #endif | |
288 | ||
289 | #ifndef NO_RSA | |
290 | SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb); | |
d02b48c6 RE |
291 | #endif |
292 | ||
293 | if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM)) | |
294 | { | |
295 | ERR_print_errors(bio_err); | |
296 | } | |
297 | else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert, | |
298 | SSL_FILETYPE_PEM)) | |
299 | { | |
300 | ERR_print_errors(bio_err); | |
301 | goto end; | |
302 | } | |
303 | ||
304 | if (client_auth) | |
305 | { | |
306 | SSL_CTX_use_certificate_file(c_ctx,client_cert, | |
307 | SSL_FILETYPE_PEM); | |
308 | SSL_CTX_use_PrivateKey_file(c_ctx,client_cert, | |
309 | SSL_FILETYPE_PEM); | |
310 | } | |
311 | ||
312 | if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || | |
313 | (!SSL_CTX_set_default_verify_paths(s_ctx)) || | |
314 | (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || | |
315 | (!SSL_CTX_set_default_verify_paths(c_ctx))) | |
316 | { | |
58964a49 | 317 | /* fprintf(stderr,"SSL_load_verify_locations\n"); */ |
d02b48c6 | 318 | ERR_print_errors(bio_err); |
58964a49 | 319 | /* goto end; */ |
d02b48c6 RE |
320 | } |
321 | ||
322 | if (client_auth) | |
323 | { | |
324 | fprintf(stderr,"client authentication\n"); | |
325 | SSL_CTX_set_verify(s_ctx, | |
326 | SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, | |
327 | verify_callback); | |
328 | } | |
329 | if (server_auth) | |
330 | { | |
331 | fprintf(stderr,"server authentication\n"); | |
332 | SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, | |
333 | verify_callback); | |
334 | } | |
335 | ||
58964a49 RE |
336 | c_ssl=SSL_new(c_ctx); |
337 | s_ssl=SSL_new(s_ctx); | |
338 | ||
339 | for (i=0; i<number; i++) | |
340 | { | |
341 | if (!reuse) SSL_set_session(c_ssl,NULL); | |
342 | ret=doit(s_ssl,c_ssl,bytes); | |
343 | } | |
344 | ||
345 | if (!verbose) | |
346 | { | |
347 | ciph=SSL_get_current_cipher(c_ssl); | |
348 | fprintf(stdout,"Protocol %s, cipher %s, %s\n", | |
349 | SSL_get_version(c_ssl), | |
350 | SSL_CIPHER_get_version(ciph), | |
351 | SSL_CIPHER_get_name(ciph)); | |
352 | } | |
353 | if ((number > 1) || (bytes > 1L)) | |
354 | printf("%d handshakes of %ld bytes done\n",number,bytes); | |
355 | ||
356 | SSL_free(s_ssl); | |
357 | SSL_free(c_ssl); | |
358 | ||
d02b48c6 RE |
359 | end: |
360 | if (s_ctx != NULL) SSL_CTX_free(s_ctx); | |
361 | if (c_ctx != NULL) SSL_CTX_free(c_ctx); | |
362 | ||
363 | if (bio_stdout != NULL) BIO_free(bio_stdout); | |
364 | ||
dfeab068 | 365 | ERR_free_strings(); |
d02b48c6 RE |
366 | ERR_remove_state(0); |
367 | EVP_cleanup(); | |
368 | CRYPTO_mem_leaks(bio_err); | |
369 | EXIT(ret); | |
370 | } | |
371 | ||
372 | #define W_READ 1 | |
373 | #define W_WRITE 2 | |
374 | #define C_DONE 1 | |
375 | #define S_DONE 2 | |
376 | ||
6b691a5c | 377 | int doit(SSL *s_ssl, SSL *c_ssl, long count) |
d02b48c6 | 378 | { |
58964a49 RE |
379 | MS_STATIC char cbuf[1024*8],sbuf[1024*8]; |
380 | long cw_num=count,cr_num=count; | |
381 | long sw_num=count,sr_num=count; | |
d02b48c6 | 382 | int ret=1; |
d02b48c6 RE |
383 | BIO *c_to_s=NULL; |
384 | BIO *s_to_c=NULL; | |
385 | BIO *c_bio=NULL; | |
386 | BIO *s_bio=NULL; | |
387 | int c_r,c_w,s_r,s_w; | |
388 | int c_want,s_want; | |
58964a49 | 389 | int i,j; |
d02b48c6 RE |
390 | int done=0; |
391 | int c_write,s_write; | |
392 | int do_server=0,do_client=0; | |
393 | SSL_CIPHER *ciph; | |
394 | ||
d02b48c6 RE |
395 | c_to_s=BIO_new(BIO_s_mem()); |
396 | s_to_c=BIO_new(BIO_s_mem()); | |
397 | if ((s_to_c == NULL) || (c_to_s == NULL)) | |
398 | { | |
399 | ERR_print_errors(bio_err); | |
400 | goto err; | |
401 | } | |
402 | ||
403 | c_bio=BIO_new(BIO_f_ssl()); | |
404 | s_bio=BIO_new(BIO_f_ssl()); | |
405 | if ((c_bio == NULL) || (s_bio == NULL)) | |
406 | { | |
407 | ERR_print_errors(bio_err); | |
408 | goto err; | |
409 | } | |
410 | ||
411 | SSL_set_connect_state(c_ssl); | |
412 | SSL_set_bio(c_ssl,s_to_c,c_to_s); | |
58964a49 | 413 | BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE); |
d02b48c6 RE |
414 | |
415 | SSL_set_accept_state(s_ssl); | |
416 | SSL_set_bio(s_ssl,c_to_s,s_to_c); | |
58964a49 | 417 | BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE); |
d02b48c6 RE |
418 | |
419 | c_r=0; s_r=1; | |
420 | c_w=1; s_w=0; | |
421 | c_want=W_WRITE; | |
422 | s_want=0; | |
423 | c_write=1,s_write=0; | |
424 | ||
425 | /* We can always do writes */ | |
426 | for (;;) | |
427 | { | |
428 | do_server=0; | |
429 | do_client=0; | |
430 | ||
431 | i=(int)BIO_pending(s_bio); | |
432 | if ((i && s_r) || s_w) do_server=1; | |
433 | ||
434 | i=(int)BIO_pending(c_bio); | |
435 | if ((i && c_r) || c_w) do_client=1; | |
436 | ||
58964a49 | 437 | if (do_server && debug) |
d02b48c6 RE |
438 | { |
439 | if (SSL_in_init(s_ssl)) | |
440 | printf("server waiting in SSL_accept - %s\n", | |
441 | SSL_state_string_long(s_ssl)); | |
58964a49 | 442 | /* else if (s_write) |
d02b48c6 | 443 | printf("server:SSL_write()\n"); |
58964a49 RE |
444 | else |
445 | printf("server:SSL_read()\n"); */ | |
d02b48c6 RE |
446 | } |
447 | ||
58964a49 | 448 | if (do_client && debug) |
d02b48c6 RE |
449 | { |
450 | if (SSL_in_init(c_ssl)) | |
451 | printf("client waiting in SSL_connect - %s\n", | |
452 | SSL_state_string_long(c_ssl)); | |
58964a49 | 453 | /* else if (c_write) |
d02b48c6 RE |
454 | printf("client:SSL_write()\n"); |
455 | else | |
58964a49 | 456 | printf("client:SSL_read()\n"); */ |
d02b48c6 RE |
457 | } |
458 | ||
459 | if (!do_client && !do_server) | |
460 | { | |
461 | fprintf(stdout,"ERROR IN STARTUP\n"); | |
462 | ERR_print_errors(bio_err); | |
463 | break; | |
464 | } | |
465 | if (do_client && !(done & C_DONE)) | |
466 | { | |
467 | if (c_write) | |
468 | { | |
58964a49 RE |
469 | j=(cw_num > (long)sizeof(cbuf)) |
470 | ?sizeof(cbuf):(int)cw_num; | |
471 | i=BIO_write(c_bio,cbuf,j); | |
d02b48c6 RE |
472 | if (i < 0) |
473 | { | |
474 | c_r=0; | |
475 | c_w=0; | |
476 | if (BIO_should_retry(c_bio)) | |
477 | { | |
478 | if (BIO_should_read(c_bio)) | |
479 | c_r=1; | |
480 | if (BIO_should_write(c_bio)) | |
481 | c_w=1; | |
482 | } | |
483 | else | |
484 | { | |
485 | fprintf(stderr,"ERROR in CLIENT\n"); | |
486 | ERR_print_errors(bio_err); | |
487 | goto err; | |
488 | } | |
489 | } | |
490 | else if (i == 0) | |
491 | { | |
492 | fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); | |
493 | goto err; | |
494 | } | |
495 | else | |
496 | { | |
58964a49 RE |
497 | if (debug) |
498 | printf("client wrote %d\n",i); | |
d02b48c6 | 499 | /* ok */ |
58964a49 | 500 | s_r=1; |
d02b48c6 | 501 | c_write=0; |
58964a49 | 502 | cw_num-=i; |
d02b48c6 RE |
503 | } |
504 | } | |
505 | else | |
506 | { | |
58964a49 | 507 | i=BIO_read(c_bio,cbuf,sizeof(cbuf)); |
d02b48c6 RE |
508 | if (i < 0) |
509 | { | |
510 | c_r=0; | |
511 | c_w=0; | |
512 | if (BIO_should_retry(c_bio)) | |
513 | { | |
514 | if (BIO_should_read(c_bio)) | |
515 | c_r=1; | |
516 | if (BIO_should_write(c_bio)) | |
517 | c_w=1; | |
518 | } | |
519 | else | |
520 | { | |
521 | fprintf(stderr,"ERROR in CLIENT\n"); | |
522 | ERR_print_errors(bio_err); | |
523 | goto err; | |
524 | } | |
525 | } | |
526 | else if (i == 0) | |
527 | { | |
528 | fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); | |
529 | goto err; | |
530 | } | |
531 | else | |
532 | { | |
58964a49 RE |
533 | if (debug) |
534 | printf("client read %d\n",i); | |
535 | cr_num-=i; | |
536 | if (sw_num > 0) | |
537 | { | |
538 | s_write=1; | |
539 | s_w=1; | |
540 | } | |
541 | if (cr_num <= 0) | |
542 | { | |
543 | s_write=1; | |
544 | s_w=1; | |
545 | done=S_DONE|C_DONE; | |
546 | } | |
d02b48c6 RE |
547 | } |
548 | } | |
549 | } | |
550 | ||
551 | if (do_server && !(done & S_DONE)) | |
552 | { | |
553 | if (!s_write) | |
554 | { | |
58964a49 | 555 | i=BIO_read(s_bio,sbuf,sizeof(cbuf)); |
d02b48c6 RE |
556 | if (i < 0) |
557 | { | |
558 | s_r=0; | |
559 | s_w=0; | |
560 | if (BIO_should_retry(s_bio)) | |
561 | { | |
562 | if (BIO_should_read(s_bio)) | |
563 | s_r=1; | |
564 | if (BIO_should_write(s_bio)) | |
565 | s_w=1; | |
566 | } | |
567 | else | |
568 | { | |
569 | fprintf(stderr,"ERROR in SERVER\n"); | |
570 | ERR_print_errors(bio_err); | |
571 | goto err; | |
572 | } | |
573 | } | |
574 | else if (i == 0) | |
575 | { | |
576 | ERR_print_errors(bio_err); | |
577 | fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n"); | |
578 | goto err; | |
579 | } | |
580 | else | |
581 | { | |
58964a49 RE |
582 | if (debug) |
583 | printf("server read %d\n",i); | |
584 | sr_num-=i; | |
585 | if (cw_num > 0) | |
586 | { | |
587 | c_write=1; | |
588 | c_w=1; | |
589 | } | |
590 | if (sr_num <= 0) | |
591 | { | |
592 | s_write=1; | |
593 | s_w=1; | |
594 | c_write=0; | |
595 | } | |
d02b48c6 RE |
596 | } |
597 | } | |
598 | else | |
599 | { | |
58964a49 RE |
600 | j=(sw_num > (long)sizeof(sbuf))? |
601 | sizeof(sbuf):(int)sw_num; | |
602 | i=BIO_write(s_bio,sbuf,j); | |
d02b48c6 RE |
603 | if (i < 0) |
604 | { | |
605 | s_r=0; | |
606 | s_w=0; | |
607 | if (BIO_should_retry(s_bio)) | |
608 | { | |
609 | if (BIO_should_read(s_bio)) | |
610 | s_r=1; | |
611 | if (BIO_should_write(s_bio)) | |
612 | s_w=1; | |
613 | } | |
614 | else | |
615 | { | |
616 | fprintf(stderr,"ERROR in SERVER\n"); | |
617 | ERR_print_errors(bio_err); | |
618 | goto err; | |
619 | } | |
620 | } | |
621 | else if (i == 0) | |
622 | { | |
623 | ERR_print_errors(bio_err); | |
624 | fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n"); | |
625 | goto err; | |
626 | } | |
627 | else | |
628 | { | |
58964a49 RE |
629 | if (debug) |
630 | printf("server wrote %d\n",i); | |
631 | sw_num-=i; | |
d02b48c6 | 632 | s_write=0; |
58964a49 RE |
633 | c_r=1; |
634 | if (sw_num <= 0) | |
635 | done|=S_DONE; | |
d02b48c6 RE |
636 | } |
637 | } | |
638 | } | |
639 | ||
640 | if ((done & S_DONE) && (done & C_DONE)) break; | |
641 | } | |
642 | ||
643 | ciph=SSL_get_current_cipher(c_ssl); | |
58964a49 RE |
644 | if (verbose) |
645 | fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n", | |
646 | SSL_get_version(c_ssl), | |
647 | SSL_CIPHER_get_version(ciph), | |
648 | SSL_CIPHER_get_name(ciph)); | |
d02b48c6 RE |
649 | ret=0; |
650 | err: | |
651 | /* We have to set the BIO's to NULL otherwise they will be | |
652 | * Free()ed twice. Once when th s_ssl is SSL_free()ed and | |
653 | * again when c_ssl is SSL_free()ed. | |
654 | * This is a hack required because s_ssl and c_ssl are sharing the same | |
655 | * BIO structure and SSL_set_bio() and SSL_free() automatically | |
656 | * BIO_free non NULL entries. | |
657 | * You should not normally do this or be required to do this */ | |
658 | if (s_ssl != NULL) | |
659 | { | |
660 | s_ssl->rbio=NULL; | |
661 | s_ssl->wbio=NULL; | |
662 | } | |
663 | if (c_ssl != NULL) | |
664 | { | |
665 | c_ssl->rbio=NULL; | |
666 | c_ssl->wbio=NULL; | |
667 | } | |
668 | ||
669 | if (c_to_s != NULL) BIO_free(c_to_s); | |
670 | if (s_to_c != NULL) BIO_free(s_to_c); | |
58964a49 RE |
671 | if (c_bio != NULL) BIO_free_all(c_bio); |
672 | if (s_bio != NULL) BIO_free_all(s_bio); | |
d02b48c6 RE |
673 | return(ret); |
674 | } | |
675 | ||
6b691a5c | 676 | int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) |
d02b48c6 RE |
677 | { |
678 | char *s,buf[256]; | |
679 | ||
680 | s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256); | |
681 | if (s != NULL) | |
682 | { | |
683 | if (ok) | |
684 | fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf); | |
685 | else | |
686 | fprintf(stderr,"depth=%d error=%d %s\n", | |
687 | ctx->error_depth,ctx->error,buf); | |
688 | } | |
689 | ||
690 | if (ok == 0) | |
691 | { | |
692 | switch (ctx->error) | |
693 | { | |
694 | case X509_V_ERR_CERT_NOT_YET_VALID: | |
695 | case X509_V_ERR_CERT_HAS_EXPIRED: | |
696 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: | |
697 | ok=1; | |
698 | } | |
699 | } | |
700 | ||
701 | return(ok); | |
702 | } | |
703 | ||
58964a49 | 704 | #ifndef NO_DH |
d02b48c6 RE |
705 | static unsigned char dh512_p[]={ |
706 | 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, | |
707 | 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, | |
708 | 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, | |
709 | 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, | |
710 | 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, | |
711 | 0x47,0x74,0xE8,0x33, | |
712 | }; | |
713 | static unsigned char dh512_g[]={ | |
714 | 0x02, | |
715 | }; | |
716 | ||
6b691a5c | 717 | static DH *get_dh512(void) |
d02b48c6 RE |
718 | { |
719 | DH *dh=NULL; | |
720 | ||
d02b48c6 RE |
721 | if ((dh=DH_new()) == NULL) return(NULL); |
722 | dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); | |
723 | dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); | |
724 | if ((dh->p == NULL) || (dh->g == NULL)) | |
725 | return(NULL); | |
d02b48c6 RE |
726 | return(dh); |
727 | } | |
58964a49 RE |
728 | #endif |
729 | ||
79df9d62 | 730 | #ifndef NO_RSA |
6b691a5c | 731 | static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export, int keylength) |
58964a49 RE |
732 | { |
733 | static RSA *rsa_tmp=NULL; | |
734 | ||
735 | if (rsa_tmp == NULL) | |
736 | { | |
60e31c3a | 737 | BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength); |
58964a49 | 738 | BIO_flush(bio_err); |
60e31c3a | 739 | rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL); |
58964a49 RE |
740 | BIO_printf(bio_err,"\n"); |
741 | BIO_flush(bio_err); | |
742 | } | |
743 | return(rsa_tmp); | |
744 | } | |
79df9d62 | 745 | #endif |