ssltest.c 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395
  1. /* ssl/ssltest.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <assert.h>
  59. #include <errno.h>
  60. #include <limits.h>
  61. #include <stdio.h>
  62. #include <stdlib.h>
  63. #include <string.h>
  64. #include <time.h>
  65. #include "openssl/e_os.h"
  66. #include <openssl/bio.h>
  67. #include <openssl/crypto.h>
  68. #include <openssl/evp.h>
  69. #include <openssl/x509.h>
  70. #include <openssl/ssl.h>
  71. #include <openssl/err.h>
  72. #include <openssl/rand.h>
  73. #ifdef WINDOWS
  74. #include "../crypto/bio/bss_file.c"
  75. #endif
  76. #ifdef VMS
  77. # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
  78. # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
  79. #else
  80. # define TEST_SERVER_CERT "../apps/server.pem"
  81. # define TEST_CLIENT_CERT "../apps/client.pem"
  82. #endif
  83. static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
  84. #ifndef NO_RSA
  85. static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
  86. static void free_tmp_rsa(void);
  87. #endif
  88. #ifndef NO_DH
  89. static DH *get_dh512(void);
  90. static DH *get_dh1024(void);
  91. static DH *get_dh1024dsa(void);
  92. #endif
  93. static BIO *bio_err=NULL;
  94. static BIO *bio_stdout=NULL;
  95. static char *cipher=NULL;
  96. static int verbose=0;
  97. static int debug=0;
  98. #if 0
  99. /* Not used yet. */
  100. #ifdef FIONBIO
  101. static int s_nbio=0;
  102. #endif
  103. #endif
  104. static const char rnd_seed[] = "string to make the random number generator think it has entropy";
  105. int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
  106. int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
  107. static void sv_usage(void)
  108. {
  109. fprintf(stderr,"usage: ssltest [args ...]\n");
  110. fprintf(stderr,"\n");
  111. fprintf(stderr," -server_auth - check server certificate\n");
  112. fprintf(stderr," -client_auth - do client authentication\n");
  113. fprintf(stderr," -v - more output\n");
  114. fprintf(stderr," -d - debug output\n");
  115. fprintf(stderr," -reuse - use session-id reuse\n");
  116. fprintf(stderr," -num <val> - number of connections to perform\n");
  117. fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
  118. #ifndef NO_DH
  119. fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
  120. fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
  121. fprintf(stderr," -no_dhe - disable DHE\n");
  122. #endif
  123. #ifndef NO_SSL2
  124. fprintf(stderr," -ssl2 - use SSLv2\n");
  125. #endif
  126. #ifndef NO_SSL3
  127. fprintf(stderr," -ssl3 - use SSLv3\n");
  128. #endif
  129. #ifndef NO_TLS1
  130. fprintf(stderr," -tls1 - use TLSv1\n");
  131. #endif
  132. fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
  133. fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
  134. fprintf(stderr," -cert arg - Server certificate file\n");
  135. fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
  136. fprintf(stderr," -c_cert arg - Client certificate file\n");
  137. fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
  138. fprintf(stderr," -cipher arg - The cipher list\n");
  139. fprintf(stderr," -bio_pair - Use BIO pairs\n");
  140. fprintf(stderr," -f - Test even cases that can't work\n");
  141. fprintf(stderr," -time - measure processor time used by client and server\n");
  142. }
  143. static void print_details(SSL *c_ssl, const char *prefix)
  144. {
  145. SSL_CIPHER *ciph;
  146. X509 *cert;
  147. ciph=SSL_get_current_cipher(c_ssl);
  148. BIO_printf(bio_stdout,"%s%s, cipher %s %s",
  149. prefix,
  150. SSL_get_version(c_ssl),
  151. SSL_CIPHER_get_version(ciph),
  152. SSL_CIPHER_get_name(ciph));
  153. cert=SSL_get_peer_certificate(c_ssl);
  154. if (cert != NULL)
  155. {
  156. EVP_PKEY *pkey = X509_get_pubkey(cert);
  157. if (pkey != NULL)
  158. {
  159. if (0)
  160. ;
  161. #ifndef NO_RSA
  162. else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
  163. && pkey->pkey.rsa->n != NULL)
  164. {
  165. BIO_printf(bio_stdout, ", %d bit RSA",
  166. BN_num_bits(pkey->pkey.rsa->n));
  167. }
  168. #endif
  169. #ifndef NO_DSA
  170. else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
  171. && pkey->pkey.dsa->p != NULL)
  172. {
  173. BIO_printf(bio_stdout, ", %d bit DSA",
  174. BN_num_bits(pkey->pkey.dsa->p));
  175. }
  176. #endif
  177. EVP_PKEY_free(pkey);
  178. }
  179. X509_free(cert);
  180. }
  181. /* The SSL API does not allow us to look at temporary RSA/DH keys,
  182. * otherwise we should print their lengths too */
  183. BIO_printf(bio_stdout,"\n");
  184. }
  185. int main(int argc, char *argv[])
  186. {
  187. char *CApath=NULL,*CAfile=NULL;
  188. int badop=0;
  189. int bio_pair=0;
  190. int force=0;
  191. int tls1=0,ssl2=0,ssl3=0,ret=1;
  192. int client_auth=0;
  193. int server_auth=0,i;
  194. char *server_cert=TEST_SERVER_CERT;
  195. char *server_key=NULL;
  196. char *client_cert=TEST_CLIENT_CERT;
  197. char *client_key=NULL;
  198. SSL_CTX *s_ctx=NULL;
  199. SSL_CTX *c_ctx=NULL;
  200. SSL_METHOD *meth=NULL;
  201. SSL *c_ssl,*s_ssl;
  202. int number=1,reuse=0;
  203. long bytes=1L;
  204. #ifndef NO_DH
  205. DH *dh;
  206. int dhe1024 = 0, dhe1024dsa = 0;
  207. #endif
  208. int no_dhe = 0;
  209. int print_time = 0;
  210. clock_t s_time = 0, c_time = 0;
  211. verbose = 0;
  212. debug = 0;
  213. cipher = 0;
  214. bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
  215. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
  216. RAND_seed(rnd_seed, sizeof rnd_seed);
  217. bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
  218. argc--;
  219. argv++;
  220. while (argc >= 1)
  221. {
  222. if (strcmp(*argv,"-server_auth") == 0)
  223. server_auth=1;
  224. else if (strcmp(*argv,"-client_auth") == 0)
  225. client_auth=1;
  226. else if (strcmp(*argv,"-v") == 0)
  227. verbose=1;
  228. else if (strcmp(*argv,"-d") == 0)
  229. debug=1;
  230. else if (strcmp(*argv,"-reuse") == 0)
  231. reuse=1;
  232. else if (strcmp(*argv,"-dhe1024") == 0)
  233. {
  234. #ifndef NO_DH
  235. dhe1024=1;
  236. #else
  237. fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
  238. #endif
  239. }
  240. else if (strcmp(*argv,"-dhe1024dsa") == 0)
  241. {
  242. #ifndef NO_DH
  243. dhe1024dsa=1;
  244. #else
  245. fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
  246. #endif
  247. }
  248. else if (strcmp(*argv,"-no_dhe") == 0)
  249. no_dhe=1;
  250. else if (strcmp(*argv,"-ssl2") == 0)
  251. ssl2=1;
  252. else if (strcmp(*argv,"-tls1") == 0)
  253. tls1=1;
  254. else if (strcmp(*argv,"-ssl3") == 0)
  255. ssl3=1;
  256. else if (strncmp(*argv,"-num",4) == 0)
  257. {
  258. if (--argc < 1) goto bad;
  259. number= atoi(*(++argv));
  260. if (number == 0) number=1;
  261. }
  262. else if (strcmp(*argv,"-bytes") == 0)
  263. {
  264. if (--argc < 1) goto bad;
  265. bytes= atol(*(++argv));
  266. if (bytes == 0L) bytes=1L;
  267. i=strlen(argv[0]);
  268. if (argv[0][i-1] == 'k') bytes*=1024L;
  269. if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
  270. }
  271. else if (strcmp(*argv,"-cert") == 0)
  272. {
  273. if (--argc < 1) goto bad;
  274. server_cert= *(++argv);
  275. }
  276. else if (strcmp(*argv,"-s_cert") == 0)
  277. {
  278. if (--argc < 1) goto bad;
  279. server_cert= *(++argv);
  280. }
  281. else if (strcmp(*argv,"-key") == 0)
  282. {
  283. if (--argc < 1) goto bad;
  284. server_key= *(++argv);
  285. }
  286. else if (strcmp(*argv,"-s_key") == 0)
  287. {
  288. if (--argc < 1) goto bad;
  289. server_key= *(++argv);
  290. }
  291. else if (strcmp(*argv,"-c_cert") == 0)
  292. {
  293. if (--argc < 1) goto bad;
  294. client_cert= *(++argv);
  295. }
  296. else if (strcmp(*argv,"-c_key") == 0)
  297. {
  298. if (--argc < 1) goto bad;
  299. client_key= *(++argv);
  300. }
  301. else if (strcmp(*argv,"-cipher") == 0)
  302. {
  303. if (--argc < 1) goto bad;
  304. cipher= *(++argv);
  305. }
  306. else if (strcmp(*argv,"-CApath") == 0)
  307. {
  308. if (--argc < 1) goto bad;
  309. CApath= *(++argv);
  310. }
  311. else if (strcmp(*argv,"-CAfile") == 0)
  312. {
  313. if (--argc < 1) goto bad;
  314. CAfile= *(++argv);
  315. }
  316. else if (strcmp(*argv,"-bio_pair") == 0)
  317. {
  318. bio_pair = 1;
  319. }
  320. else if (strcmp(*argv,"-f") == 0)
  321. {
  322. force = 1;
  323. }
  324. else if (strcmp(*argv,"-time") == 0)
  325. {
  326. print_time = 1;
  327. }
  328. else
  329. {
  330. fprintf(stderr,"unknown option %s\n",*argv);
  331. badop=1;
  332. break;
  333. }
  334. argc--;
  335. argv++;
  336. }
  337. if (badop)
  338. {
  339. bad:
  340. sv_usage();
  341. goto end;
  342. }
  343. if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
  344. {
  345. fprintf(stderr, "This case cannot work. Use -f to perform "
  346. "the test anyway (and\n-d to see what happens), "
  347. "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
  348. "to avoid protocol mismatch.\n");
  349. EXIT(1);
  350. }
  351. if (print_time)
  352. {
  353. if (!bio_pair)
  354. {
  355. fprintf(stderr, "Using BIO pair (-bio_pair)\n");
  356. bio_pair = 1;
  357. }
  358. if (number < 50 && !force)
  359. fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
  360. }
  361. /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
  362. SSL_library_init();
  363. SSL_load_error_strings();
  364. #if !defined(NO_SSL2) && !defined(NO_SSL3)
  365. if (ssl2)
  366. meth=SSLv2_method();
  367. else
  368. if (tls1)
  369. meth=TLSv1_method();
  370. else
  371. if (ssl3)
  372. meth=SSLv3_method();
  373. else
  374. meth=SSLv23_method();
  375. #else
  376. #ifdef NO_SSL2
  377. meth=SSLv3_method();
  378. #else
  379. meth=SSLv2_method();
  380. #endif
  381. #endif
  382. c_ctx=SSL_CTX_new(meth);
  383. s_ctx=SSL_CTX_new(meth);
  384. if ((c_ctx == NULL) || (s_ctx == NULL))
  385. {
  386. ERR_print_errors(bio_err);
  387. goto end;
  388. }
  389. if (cipher != NULL)
  390. {
  391. SSL_CTX_set_cipher_list(c_ctx,cipher);
  392. SSL_CTX_set_cipher_list(s_ctx,cipher);
  393. }
  394. #ifndef NO_DH
  395. if (!no_dhe)
  396. {
  397. if (dhe1024dsa)
  398. {
  399. /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
  400. SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
  401. dh=get_dh1024dsa();
  402. }
  403. else if (dhe1024)
  404. dh=get_dh1024();
  405. else
  406. dh=get_dh512();
  407. SSL_CTX_set_tmp_dh(s_ctx,dh);
  408. DH_free(dh);
  409. }
  410. #else
  411. (void)no_dhe;
  412. #endif
  413. #ifndef NO_RSA
  414. SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
  415. #endif
  416. if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
  417. {
  418. ERR_print_errors(bio_err);
  419. }
  420. else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
  421. (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
  422. {
  423. ERR_print_errors(bio_err);
  424. goto end;
  425. }
  426. if (client_auth)
  427. {
  428. SSL_CTX_use_certificate_file(c_ctx,client_cert,
  429. SSL_FILETYPE_PEM);
  430. SSL_CTX_use_PrivateKey_file(c_ctx,
  431. (client_key?client_key:client_cert),
  432. SSL_FILETYPE_PEM);
  433. }
  434. if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
  435. (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
  436. (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
  437. (!SSL_CTX_set_default_verify_paths(c_ctx)))
  438. {
  439. /* fprintf(stderr,"SSL_load_verify_locations\n"); */
  440. ERR_print_errors(bio_err);
  441. /* goto end; */
  442. }
  443. if (client_auth)
  444. {
  445. BIO_printf(bio_err,"client authentication\n");
  446. SSL_CTX_set_verify(s_ctx,
  447. SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
  448. verify_callback);
  449. }
  450. if (server_auth)
  451. {
  452. BIO_printf(bio_err,"server authentication\n");
  453. SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
  454. verify_callback);
  455. }
  456. {
  457. int session_id_context = 0;
  458. SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
  459. }
  460. c_ssl=SSL_new(c_ctx);
  461. s_ssl=SSL_new(s_ctx);
  462. for (i=0; i<number; i++)
  463. {
  464. if (!reuse) SSL_set_session(c_ssl,NULL);
  465. if (bio_pair)
  466. ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
  467. else
  468. ret=doit(s_ssl,c_ssl,bytes);
  469. }
  470. if (!verbose)
  471. {
  472. print_details(c_ssl, "");
  473. }
  474. if ((number > 1) || (bytes > 1L))
  475. BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
  476. if (print_time)
  477. {
  478. #ifdef CLOCKS_PER_SEC
  479. /* "To determine the time in seconds, the value returned
  480. * by the clock function should be divided by the value
  481. * of the macro CLOCKS_PER_SEC."
  482. * -- ISO/IEC 9899 */
  483. BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
  484. "Approximate total client time: %6.2f s\n",
  485. (double)s_time/CLOCKS_PER_SEC,
  486. (double)c_time/CLOCKS_PER_SEC);
  487. #else
  488. /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
  489. * -- cc on NeXTstep/OpenStep */
  490. BIO_printf(bio_stdout,
  491. "Approximate total server time: %6.2f units\n"
  492. "Approximate total client time: %6.2f units\n",
  493. (double)s_time,
  494. (double)c_time);
  495. #endif
  496. }
  497. SSL_free(s_ssl);
  498. SSL_free(c_ssl);
  499. end:
  500. if (s_ctx != NULL) SSL_CTX_free(s_ctx);
  501. if (c_ctx != NULL) SSL_CTX_free(c_ctx);
  502. if (bio_stdout != NULL) BIO_free(bio_stdout);
  503. #ifndef NO_RSA
  504. free_tmp_rsa();
  505. #endif
  506. ERR_free_strings();
  507. ERR_remove_state(0);
  508. EVP_cleanup();
  509. CRYPTO_mem_leaks(bio_err);
  510. if (bio_err != NULL) BIO_free(bio_err);
  511. EXIT(ret);
  512. }
  513. int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
  514. clock_t *s_time, clock_t *c_time)
  515. {
  516. long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
  517. BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
  518. BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
  519. int ret = 1;
  520. size_t bufsiz = 256; /* small buffer for testing */
  521. if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
  522. goto err;
  523. if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
  524. goto err;
  525. s_ssl_bio = BIO_new(BIO_f_ssl());
  526. if (!s_ssl_bio)
  527. goto err;
  528. c_ssl_bio = BIO_new(BIO_f_ssl());
  529. if (!c_ssl_bio)
  530. goto err;
  531. SSL_set_connect_state(c_ssl);
  532. SSL_set_bio(c_ssl, client, client);
  533. (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
  534. SSL_set_accept_state(s_ssl);
  535. SSL_set_bio(s_ssl, server, server);
  536. (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
  537. do
  538. {
  539. /* c_ssl_bio: SSL filter BIO
  540. *
  541. * client: pseudo-I/O for SSL library
  542. *
  543. * client_io: client's SSL communication; usually to be
  544. * relayed over some I/O facility, but in this
  545. * test program, we're the server, too:
  546. *
  547. * server_io: server's SSL communication
  548. *
  549. * server: pseudo-I/O for SSL library
  550. *
  551. * s_ssl_bio: SSL filter BIO
  552. *
  553. * The client and the server each employ a "BIO pair":
  554. * client + client_io, server + server_io.
  555. * BIO pairs are symmetric. A BIO pair behaves similar
  556. * to a non-blocking socketpair (but both endpoints must
  557. * be handled by the same thread).
  558. * [Here we could connect client and server to the ends
  559. * of a single BIO pair, but then this code would be less
  560. * suitable as an example for BIO pairs in general.]
  561. *
  562. * Useful functions for querying the state of BIO pair endpoints:
  563. *
  564. * BIO_ctrl_pending(bio) number of bytes we can read now
  565. * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
  566. * other side's read attempt
  567. * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
  568. *
  569. * ..._read_request is never more than ..._write_guarantee;
  570. * it depends on the application which one you should use.
  571. */
  572. /* We have non-blocking behaviour throughout this test program, but
  573. * can be sure that there is *some* progress in each iteration; so
  574. * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
  575. * -- we just try everything in each iteration
  576. */
  577. {
  578. /* CLIENT */
  579. MS_STATIC char cbuf[1024*8];
  580. int i, r;
  581. clock_t c_clock = clock();
  582. memset(cbuf, 0, sizeof(cbuf));
  583. if (debug)
  584. if (SSL_in_init(c_ssl))
  585. printf("client waiting in SSL_connect - %s\n",
  586. SSL_state_string_long(c_ssl));
  587. if (cw_num > 0)
  588. {
  589. /* Write to server. */
  590. if (cw_num > (long)sizeof cbuf)
  591. i = sizeof cbuf;
  592. else
  593. i = (int)cw_num;
  594. r = BIO_write(c_ssl_bio, cbuf, i);
  595. if (r < 0)
  596. {
  597. if (!BIO_should_retry(c_ssl_bio))
  598. {
  599. fprintf(stderr,"ERROR in CLIENT\n");
  600. goto err;
  601. }
  602. /* BIO_should_retry(...) can just be ignored here.
  603. * The library expects us to call BIO_write with
  604. * the same arguments again, and that's what we will
  605. * do in the next iteration. */
  606. }
  607. else if (r == 0)
  608. {
  609. fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
  610. goto err;
  611. }
  612. else
  613. {
  614. if (debug)
  615. printf("client wrote %d\n", r);
  616. cw_num -= r;
  617. }
  618. }
  619. if (cr_num > 0)
  620. {
  621. /* Read from server. */
  622. r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
  623. if (r < 0)
  624. {
  625. if (!BIO_should_retry(c_ssl_bio))
  626. {
  627. fprintf(stderr,"ERROR in CLIENT\n");
  628. goto err;
  629. }
  630. /* Again, "BIO_should_retry" can be ignored. */
  631. }
  632. else if (r == 0)
  633. {
  634. fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
  635. goto err;
  636. }
  637. else
  638. {
  639. if (debug)
  640. printf("client read %d\n", r);
  641. cr_num -= r;
  642. }
  643. }
  644. /* c_time and s_time increments will typically be very small
  645. * (depending on machine speed and clock tick intervals),
  646. * but sampling over a large number of connections should
  647. * result in fairly accurate figures. We cannot guarantee
  648. * a lot, however -- if each connection lasts for exactly
  649. * one clock tick, it will be counted only for the client
  650. * or only for the server or even not at all.
  651. */
  652. *c_time += (clock() - c_clock);
  653. }
  654. {
  655. /* SERVER */
  656. MS_STATIC char sbuf[1024*8];
  657. int i, r;
  658. clock_t s_clock = clock();
  659. memset(sbuf, 0, sizeof(sbuf));
  660. if (debug)
  661. if (SSL_in_init(s_ssl))
  662. printf("server waiting in SSL_accept - %s\n",
  663. SSL_state_string_long(s_ssl));
  664. if (sw_num > 0)
  665. {
  666. /* Write to client. */
  667. if (sw_num > (long)sizeof sbuf)
  668. i = sizeof sbuf;
  669. else
  670. i = (int)sw_num;
  671. r = BIO_write(s_ssl_bio, sbuf, i);
  672. if (r < 0)
  673. {
  674. if (!BIO_should_retry(s_ssl_bio))
  675. {
  676. fprintf(stderr,"ERROR in SERVER\n");
  677. goto err;
  678. }
  679. /* Ignore "BIO_should_retry". */
  680. }
  681. else if (r == 0)
  682. {
  683. fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
  684. goto err;
  685. }
  686. else
  687. {
  688. if (debug)
  689. printf("server wrote %d\n", r);
  690. sw_num -= r;
  691. }
  692. }
  693. if (sr_num > 0)
  694. {
  695. /* Read from client. */
  696. r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
  697. if (r < 0)
  698. {
  699. if (!BIO_should_retry(s_ssl_bio))
  700. {
  701. fprintf(stderr,"ERROR in SERVER\n");
  702. goto err;
  703. }
  704. /* blah, blah */
  705. }
  706. else if (r == 0)
  707. {
  708. fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
  709. goto err;
  710. }
  711. else
  712. {
  713. if (debug)
  714. printf("server read %d\n", r);
  715. sr_num -= r;
  716. }
  717. }
  718. *s_time += (clock() - s_clock);
  719. }
  720. {
  721. /* "I/O" BETWEEN CLIENT AND SERVER. */
  722. size_t r1, r2;
  723. BIO *io1 = server_io, *io2 = client_io;
  724. /* we use the non-copying interface for io1
  725. * and the standard BIO_write/BIO_read interface for io2
  726. */
  727. static int prev_progress = 1;
  728. int progress = 0;
  729. /* io1 to io2 */
  730. do
  731. {
  732. size_t num;
  733. int r;
  734. r1 = BIO_ctrl_pending(io1);
  735. r2 = BIO_ctrl_get_write_guarantee(io2);
  736. num = r1;
  737. if (r2 < num)
  738. num = r2;
  739. if (num)
  740. {
  741. char *dataptr;
  742. if (INT_MAX < num) /* yeah, right */
  743. num = INT_MAX;
  744. r = BIO_nread(io1, &dataptr, (int)num);
  745. assert(r > 0);
  746. assert(r <= (int)num);
  747. /* possibly r < num (non-contiguous data) */
  748. num = r;
  749. r = BIO_write(io2, dataptr, (int)num);
  750. if (r != (int)num) /* can't happen */
  751. {
  752. fprintf(stderr, "ERROR: BIO_write could not write "
  753. "BIO_ctrl_get_write_guarantee() bytes");
  754. goto err;
  755. }
  756. progress = 1;
  757. if (debug)
  758. printf((io1 == client_io) ?
  759. "C->S relaying: %d bytes\n" :
  760. "S->C relaying: %d bytes\n",
  761. (int)num);
  762. }
  763. }
  764. while (r1 && r2);
  765. /* io2 to io1 */
  766. {
  767. size_t num;
  768. int r;
  769. r1 = BIO_ctrl_pending(io2);
  770. r2 = BIO_ctrl_get_read_request(io1);
  771. /* here we could use ..._get_write_guarantee instead of
  772. * ..._get_read_request, but by using the latter
  773. * we test restartability of the SSL implementation
  774. * more thoroughly */
  775. num = r1;
  776. if (r2 < num)
  777. num = r2;
  778. if (num)
  779. {
  780. char *dataptr;
  781. if (INT_MAX < num)
  782. num = INT_MAX;
  783. if (num > 1)
  784. --num; /* test restartability even more thoroughly */
  785. r = BIO_nwrite0(io1, &dataptr);
  786. assert(r > 0);
  787. if (r < (int)num)
  788. num = r;
  789. r = BIO_read(io2, dataptr, (int)num);
  790. if (r != (int)num) /* can't happen */
  791. {
  792. fprintf(stderr, "ERROR: BIO_read could not read "
  793. "BIO_ctrl_pending() bytes");
  794. goto err;
  795. }
  796. progress = 1;
  797. r = BIO_nwrite(io1, &dataptr, (int)num);
  798. if (r != (int)num) /* can't happen */
  799. {
  800. fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
  801. "BIO_nwrite0() bytes");
  802. goto err;
  803. }
  804. if (debug)
  805. printf((io2 == client_io) ?
  806. "C->S relaying: %d bytes\n" :
  807. "S->C relaying: %d bytes\n",
  808. (int)num);
  809. }
  810. } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
  811. if (!progress && !prev_progress)
  812. if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
  813. {
  814. fprintf(stderr, "ERROR: got stuck\n");
  815. if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
  816. {
  817. fprintf(stderr, "This can happen for SSL2 because "
  818. "CLIENT-FINISHED and SERVER-VERIFY are written \n"
  819. "concurrently ...");
  820. if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
  821. && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
  822. {
  823. fprintf(stderr, " ok.\n");
  824. goto end;
  825. }
  826. }
  827. fprintf(stderr, " ERROR.\n");
  828. goto err;
  829. }
  830. prev_progress = progress;
  831. }
  832. }
  833. while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
  834. if (verbose)
  835. print_details(c_ssl, "DONE via BIO pair: ");
  836. end:
  837. ret = 0;
  838. err:
  839. ERR_print_errors(bio_err);
  840. if (server)
  841. BIO_free(server);
  842. if (server_io)
  843. BIO_free(server_io);
  844. if (client)
  845. BIO_free(client);
  846. if (client_io)
  847. BIO_free(client_io);
  848. if (s_ssl_bio)
  849. BIO_free(s_ssl_bio);
  850. if (c_ssl_bio)
  851. BIO_free(c_ssl_bio);
  852. return ret;
  853. }
  854. #define W_READ 1
  855. #define W_WRITE 2
  856. #define C_DONE 1
  857. #define S_DONE 2
  858. int doit(SSL *s_ssl, SSL *c_ssl, long count)
  859. {
  860. MS_STATIC char cbuf[1024*8],sbuf[1024*8];
  861. long cw_num=count,cr_num=count;
  862. long sw_num=count,sr_num=count;
  863. int ret=1;
  864. BIO *c_to_s=NULL;
  865. BIO *s_to_c=NULL;
  866. BIO *c_bio=NULL;
  867. BIO *s_bio=NULL;
  868. int c_r,c_w,s_r,s_w;
  869. int c_want,s_want;
  870. int i,j;
  871. int done=0;
  872. int c_write,s_write;
  873. int do_server=0,do_client=0;
  874. memset(cbuf,0,sizeof(cbuf));
  875. memset(sbuf,0,sizeof(sbuf));
  876. c_to_s=BIO_new(BIO_s_mem());
  877. s_to_c=BIO_new(BIO_s_mem());
  878. if ((s_to_c == NULL) || (c_to_s == NULL))
  879. {
  880. ERR_print_errors(bio_err);
  881. goto err;
  882. }
  883. c_bio=BIO_new(BIO_f_ssl());
  884. s_bio=BIO_new(BIO_f_ssl());
  885. if ((c_bio == NULL) || (s_bio == NULL))
  886. {
  887. ERR_print_errors(bio_err);
  888. goto err;
  889. }
  890. SSL_set_connect_state(c_ssl);
  891. SSL_set_bio(c_ssl,s_to_c,c_to_s);
  892. BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
  893. SSL_set_accept_state(s_ssl);
  894. SSL_set_bio(s_ssl,c_to_s,s_to_c);
  895. BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
  896. c_r=0; s_r=1;
  897. c_w=1; s_w=0;
  898. c_want=W_WRITE;
  899. s_want=0;
  900. c_write=1,s_write=0;
  901. /* We can always do writes */
  902. for (;;)
  903. {
  904. do_server=0;
  905. do_client=0;
  906. i=(int)BIO_pending(s_bio);
  907. if ((i && s_r) || s_w) do_server=1;
  908. i=(int)BIO_pending(c_bio);
  909. if ((i && c_r) || c_w) do_client=1;
  910. if (do_server && debug)
  911. {
  912. if (SSL_in_init(s_ssl))
  913. printf("server waiting in SSL_accept - %s\n",
  914. SSL_state_string_long(s_ssl));
  915. /* else if (s_write)
  916. printf("server:SSL_write()\n");
  917. else
  918. printf("server:SSL_read()\n"); */
  919. }
  920. if (do_client && debug)
  921. {
  922. if (SSL_in_init(c_ssl))
  923. printf("client waiting in SSL_connect - %s\n",
  924. SSL_state_string_long(c_ssl));
  925. /* else if (c_write)
  926. printf("client:SSL_write()\n");
  927. else
  928. printf("client:SSL_read()\n"); */
  929. }
  930. if (!do_client && !do_server)
  931. {
  932. fprintf(stdout,"ERROR IN STARTUP\n");
  933. ERR_print_errors(bio_err);
  934. break;
  935. }
  936. if (do_client && !(done & C_DONE))
  937. {
  938. if (c_write)
  939. {
  940. j=(cw_num > (long)sizeof(cbuf))
  941. ?sizeof(cbuf):(int)cw_num;
  942. i=BIO_write(c_bio,cbuf,j);
  943. if (i < 0)
  944. {
  945. c_r=0;
  946. c_w=0;
  947. if (BIO_should_retry(c_bio))
  948. {
  949. if (BIO_should_read(c_bio))
  950. c_r=1;
  951. if (BIO_should_write(c_bio))
  952. c_w=1;
  953. }
  954. else
  955. {
  956. fprintf(stderr,"ERROR in CLIENT\n");
  957. ERR_print_errors(bio_err);
  958. goto err;
  959. }
  960. }
  961. else if (i == 0)
  962. {
  963. fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
  964. goto err;
  965. }
  966. else
  967. {
  968. if (debug)
  969. printf("client wrote %d\n",i);
  970. /* ok */
  971. s_r=1;
  972. c_write=0;
  973. cw_num-=i;
  974. }
  975. }
  976. else
  977. {
  978. i=BIO_read(c_bio,cbuf,sizeof(cbuf));
  979. if (i < 0)
  980. {
  981. c_r=0;
  982. c_w=0;
  983. if (BIO_should_retry(c_bio))
  984. {
  985. if (BIO_should_read(c_bio))
  986. c_r=1;
  987. if (BIO_should_write(c_bio))
  988. c_w=1;
  989. }
  990. else
  991. {
  992. fprintf(stderr,"ERROR in CLIENT\n");
  993. ERR_print_errors(bio_err);
  994. goto err;
  995. }
  996. }
  997. else if (i == 0)
  998. {
  999. fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
  1000. goto err;
  1001. }
  1002. else
  1003. {
  1004. if (debug)
  1005. printf("client read %d\n",i);
  1006. cr_num-=i;
  1007. if (sw_num > 0)
  1008. {
  1009. s_write=1;
  1010. s_w=1;
  1011. }
  1012. if (cr_num <= 0)
  1013. {
  1014. s_write=1;
  1015. s_w=1;
  1016. done=S_DONE|C_DONE;
  1017. }
  1018. }
  1019. }
  1020. }
  1021. if (do_server && !(done & S_DONE))
  1022. {
  1023. if (!s_write)
  1024. {
  1025. i=BIO_read(s_bio,sbuf,sizeof(cbuf));
  1026. if (i < 0)
  1027. {
  1028. s_r=0;
  1029. s_w=0;
  1030. if (BIO_should_retry(s_bio))
  1031. {
  1032. if (BIO_should_read(s_bio))
  1033. s_r=1;
  1034. if (BIO_should_write(s_bio))
  1035. s_w=1;
  1036. }
  1037. else
  1038. {
  1039. fprintf(stderr,"ERROR in SERVER\n");
  1040. ERR_print_errors(bio_err);
  1041. goto err;
  1042. }
  1043. }
  1044. else if (i == 0)
  1045. {
  1046. ERR_print_errors(bio_err);
  1047. fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
  1048. goto err;
  1049. }
  1050. else
  1051. {
  1052. if (debug)
  1053. printf("server read %d\n",i);
  1054. sr_num-=i;
  1055. if (cw_num > 0)
  1056. {
  1057. c_write=1;
  1058. c_w=1;
  1059. }
  1060. if (sr_num <= 0)
  1061. {
  1062. s_write=1;
  1063. s_w=1;
  1064. c_write=0;
  1065. }
  1066. }
  1067. }
  1068. else
  1069. {
  1070. j=(sw_num > (long)sizeof(sbuf))?
  1071. sizeof(sbuf):(int)sw_num;
  1072. i=BIO_write(s_bio,sbuf,j);
  1073. if (i < 0)
  1074. {
  1075. s_r=0;
  1076. s_w=0;
  1077. if (BIO_should_retry(s_bio))
  1078. {
  1079. if (BIO_should_read(s_bio))
  1080. s_r=1;
  1081. if (BIO_should_write(s_bio))
  1082. s_w=1;
  1083. }
  1084. else
  1085. {
  1086. fprintf(stderr,"ERROR in SERVER\n");
  1087. ERR_print_errors(bio_err);
  1088. goto err;
  1089. }
  1090. }
  1091. else if (i == 0)
  1092. {
  1093. ERR_print_errors(bio_err);
  1094. fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
  1095. goto err;
  1096. }
  1097. else
  1098. {
  1099. if (debug)
  1100. printf("server wrote %d\n",i);
  1101. sw_num-=i;
  1102. s_write=0;
  1103. c_r=1;
  1104. if (sw_num <= 0)
  1105. done|=S_DONE;
  1106. }
  1107. }
  1108. }
  1109. if ((done & S_DONE) && (done & C_DONE)) break;
  1110. }
  1111. if (verbose)
  1112. print_details(c_ssl, "DONE: ");
  1113. ret=0;
  1114. err:
  1115. /* We have to set the BIO's to NULL otherwise they will be
  1116. * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
  1117. * again when c_ssl is SSL_free()ed.
  1118. * This is a hack required because s_ssl and c_ssl are sharing the same
  1119. * BIO structure and SSL_set_bio() and SSL_free() automatically
  1120. * BIO_free non NULL entries.
  1121. * You should not normally do this or be required to do this */
  1122. if (s_ssl != NULL)
  1123. {
  1124. s_ssl->rbio=NULL;
  1125. s_ssl->wbio=NULL;
  1126. }
  1127. if (c_ssl != NULL)
  1128. {
  1129. c_ssl->rbio=NULL;
  1130. c_ssl->wbio=NULL;
  1131. }
  1132. if (c_to_s != NULL) BIO_free(c_to_s);
  1133. if (s_to_c != NULL) BIO_free(s_to_c);
  1134. if (c_bio != NULL) BIO_free_all(c_bio);
  1135. if (s_bio != NULL) BIO_free_all(s_bio);
  1136. return(ret);
  1137. }
  1138. static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
  1139. {
  1140. char *s,buf[256];
  1141. s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
  1142. if (s != NULL)
  1143. {
  1144. if (ok)
  1145. fprintf(stderr,"depth=%d %s\n",ctx->error_depth,buf);
  1146. else
  1147. fprintf(stderr,"depth=%d error=%d %s\n",
  1148. ctx->error_depth,ctx->error,buf);
  1149. }
  1150. if (ok == 0)
  1151. {
  1152. switch (ctx->error)
  1153. {
  1154. case X509_V_ERR_CERT_NOT_YET_VALID:
  1155. case X509_V_ERR_CERT_HAS_EXPIRED:
  1156. case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
  1157. ok=1;
  1158. }
  1159. }
  1160. return(ok);
  1161. }
  1162. #ifndef NO_RSA
  1163. static RSA *rsa_tmp=NULL;
  1164. static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
  1165. {
  1166. if (rsa_tmp == NULL)
  1167. {
  1168. BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
  1169. (void)BIO_flush(bio_err);
  1170. rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
  1171. BIO_printf(bio_err,"\n");
  1172. (void)BIO_flush(bio_err);
  1173. }
  1174. return(rsa_tmp);
  1175. }
  1176. static void free_tmp_rsa(void)
  1177. {
  1178. if (rsa_tmp != NULL)
  1179. {
  1180. RSA_free(rsa_tmp);
  1181. rsa_tmp = NULL;
  1182. }
  1183. }
  1184. #endif
  1185. #ifndef NO_DH
  1186. /* These DH parameters have been generated as follows:
  1187. * $ openssl dhparam -C -noout 512
  1188. * $ openssl dhparam -C -noout 1024
  1189. * $ openssl dhparam -C -noout -dsaparam 1024
  1190. * (The third function has been renamed to avoid name conflicts.)
  1191. */
  1192. DH *get_dh512()
  1193. {
  1194. static unsigned char dh512_p[]={
  1195. 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
  1196. 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
  1197. 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
  1198. 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
  1199. 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
  1200. 0x02,0xC5,0xAE,0x23,
  1201. };
  1202. static unsigned char dh512_g[]={
  1203. 0x02,
  1204. };
  1205. DH *dh;
  1206. if ((dh=DH_new()) == NULL) return(NULL);
  1207. dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
  1208. dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
  1209. if ((dh->p == NULL) || (dh->g == NULL))
  1210. { DH_free(dh); return(NULL); }
  1211. return(dh);
  1212. }
  1213. DH *get_dh1024()
  1214. {
  1215. static unsigned char dh1024_p[]={
  1216. 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
  1217. 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
  1218. 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
  1219. 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
  1220. 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
  1221. 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
  1222. 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
  1223. 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
  1224. 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
  1225. 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
  1226. 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
  1227. };
  1228. static unsigned char dh1024_g[]={
  1229. 0x02,
  1230. };
  1231. DH *dh;
  1232. if ((dh=DH_new()) == NULL) return(NULL);
  1233. dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
  1234. dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
  1235. if ((dh->p == NULL) || (dh->g == NULL))
  1236. { DH_free(dh); return(NULL); }
  1237. return(dh);
  1238. }
  1239. DH *get_dh1024dsa()
  1240. {
  1241. static unsigned char dh1024_p[]={
  1242. 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
  1243. 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
  1244. 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
  1245. 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
  1246. 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
  1247. 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
  1248. 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
  1249. 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
  1250. 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
  1251. 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
  1252. 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
  1253. };
  1254. static unsigned char dh1024_g[]={
  1255. 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
  1256. 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
  1257. 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
  1258. 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
  1259. 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
  1260. 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
  1261. 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
  1262. 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
  1263. 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
  1264. 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
  1265. 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
  1266. };
  1267. DH *dh;
  1268. if ((dh=DH_new()) == NULL) return(NULL);
  1269. dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
  1270. dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
  1271. if ((dh->p == NULL) || (dh->g == NULL))
  1272. { DH_free(dh); return(NULL); }
  1273. dh->length = 160;
  1274. return(dh);
  1275. }
  1276. #endif