* SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
*/
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
+#ifdef OPENSSL_NO_DEPRECATED
+#undef OPENSSL_NO_DEPRECATED
+#endif
+
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <sys/types.h>
+
#include <sys/stat.h>
#include <openssl/e_os2.h>
#ifdef OPENSSL_NO_STDIO
#define APPS_WIN16
#endif
+#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
+#include <sys/types.h>
+#endif
+
/* With IPv6, it looks like Digital has mixed up the proper order of
recursive header file inclusion, resulting in the compiler complaining
that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
#include <openssl/rand.h>
#include "s_apps.h"
-#ifdef OPENSSL_SYS_WINDOWS
-#include <conio.h>
-#endif
-
#ifdef OPENSSL_SYS_WINCE
/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
#ifdef fileno
static int s_quiet=0;
static int hack=0;
+#ifndef OPENSSL_NO_ENGINE
static char *engine_id=NULL;
+#endif
static const char *session_id_prefix=NULL;
#ifdef MONOLITH
s_msg=0;
s_quiet=0;
hack=0;
+#ifndef OPENSSL_NO_ENGINE
engine_id=NULL;
+#endif
}
#endif
BIO_printf(bio_err," -context arg - set session ID context\n");
BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
- BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err," -cert arg - certificate file to use\n");
BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -key arg - Private Key file to use, PEM format assumed, in cert file if\n");
+ BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
+ BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
BIO_printf(bio_err," or a default set of parameters is used\n");
#ifndef OPENSSL_NO_ECDH
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
+#endif
BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
}
int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
int state=0;
SSL_METHOD *meth=NULL;
+#ifndef OPENSSL_NO_ENGINE
ENGINE *e=NULL;
+#endif
char *inrand=NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ char *dpassarg = NULL, *dpass = NULL;
+ int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+ X509 *s_cert = NULL, *s_dcert = NULL;
+ EVP_PKEY *s_key = NULL, *s_dkey = NULL;
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
meth=SSLv23_server_method();
if (--argc < 1) goto bad;
s_cert_file= *(++argv);
}
+ else if (strcmp(*argv,"-certform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_cert_format = str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-key") == 0)
{
if (--argc < 1) goto bad;
s_key_file= *(++argv);
}
+ else if (strcmp(*argv,"-keyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_key_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-pass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passarg = *(++argv);
+ }
else if (strcmp(*argv,"-dhparam") == 0)
{
if (--argc < 1) goto bad;
named_curve = *(++argv);
}
#endif
+ else if (strcmp(*argv,"-dcertform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dcert_format = str2fmt(*(++argv));
+ }
else if (strcmp(*argv,"-dcert") == 0)
{
if (--argc < 1) goto bad;
s_dcert_file= *(++argv);
}
+ else if (strcmp(*argv,"-dkeyform") == 0)
+ {
+ if (--argc < 1) goto bad;
+ s_dkey_format = str2fmt(*(++argv));
+ }
+ else if (strcmp(*argv,"-dpass") == 0)
+ {
+ if (--argc < 1) goto bad;
+ dpassarg = *(++argv);
+ }
else if (strcmp(*argv,"-dkey") == 0)
{
if (--argc < 1) goto bad;
if (--argc < 1) goto bad;
session_id_prefix = *(++argv);
}
+#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine_id= *(++argv);
}
+#endif
else if (strcmp(*argv,"-rand") == 0)
{
if (--argc < 1) goto bad;
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
+#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine_id, 1);
+#endif
+
+ if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
+ {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+
+ if (s_key_file == NULL)
+ s_key_file = s_cert_file;
+
+ s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+ "server certificate private key file");
+ if (!s_key)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
+ NULL, e, "server certificate file");
+
+ if (!s_cert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (s_dcert_file)
+ {
+
+ if (s_dkey_file == NULL)
+ s_dkey_file = s_dcert_file;
+
+ s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
+ 0, dpass, e,
+ "second certificate private key file");
+ if (!s_dkey)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_dcert)
+ {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status())
}
#endif
- if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
+ if (!set_cert_key_stuff(ctx,s_cert,s_key))
goto end;
- if (s_dcert_file != NULL)
+ if (s_dcert != NULL)
{
- if (!set_cert_stuff(ctx,s_dcert_file,s_dkey_file))
+ if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
goto end;
}
ret=0;
end:
if (ctx != NULL) SSL_CTX_free(ctx);
+ if (s_cert)
+ X509_free(s_cert);
+ if (s_dcert)
+ X509_free(s_dcert);
+ if (s_key)
+ EVP_PKEY_free(s_key);
+ if (s_dkey)
+ EVP_PKEY_free(s_dkey);
+ if (pass)
+ OPENSSL_free(pass);
+ if (dpass)
+ OPENSSL_free(dpass);
if (bio_s_out != NULL)
{
BIO_free(bio_s_out);
bio_s_out=NULL;
}
apps_shutdown();
- EXIT(ret);
+ OPENSSL_EXIT(ret);
}
static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
{
BIO_printf(bio,"%4ld items in the session cache\n",
SSL_CTX_sess_number(ssl_ctx));
- BIO_printf(bio,"%4d client connects (SSL_connect())\n",
+ BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
SSL_CTX_sess_connect(ssl_ctx));
- BIO_printf(bio,"%4d client renegotiates (SSL_connect())\n",
+ BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
SSL_CTX_sess_connect_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4d client connects that finished\n",
+ BIO_printf(bio,"%4ld client connects that finished\n",
SSL_CTX_sess_connect_good(ssl_ctx));
- BIO_printf(bio,"%4d server accepts (SSL_accept())\n",
+ BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
SSL_CTX_sess_accept(ssl_ctx));
- BIO_printf(bio,"%4d server renegotiates (SSL_accept())\n",
+ BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
SSL_CTX_sess_accept_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4d server accepts that finished\n",
+ BIO_printf(bio,"%4ld server accepts that finished\n",
SSL_CTX_sess_accept_good(ssl_ctx));
- BIO_printf(bio,"%4d session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
- BIO_printf(bio,"%4d session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
- BIO_printf(bio,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
- BIO_printf(bio,"%4d callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
- BIO_printf(bio,"%4d cache full overflows (%d allowed)\n",
+ BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
+ BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
+ BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
+ BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
SSL_CTX_sess_cache_full(ssl_ctx),
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
unsigned long l;
SSL *con=NULL;
BIO *sbio;
-#ifdef OPENSSL_SYS_WINDOWS
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
struct timeval tv;
#endif
if (s_debug)
{
con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
if (s_msg)
if (!read_from_sslcon)
{
FD_ZERO(&readfds);
-#ifndef OPENSSL_SYS_WINDOWS
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
FD_SET(fileno(stdin),&readfds);
#endif
FD_SET(s,&readfds);
* the compiler: if you do have a cast then you can either
* go for (int *) or (void *).
*/
-#ifdef OPENSSL_SYS_WINDOWS
- /* Under Windows we can't select on stdin: only
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
* on sockets. As a workaround we timeout the select every
* second and check for any keypress. In a proper Windows
* application we wouldn't do this because it is inefficient.
if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
TLS1_FLAGS_TLS_PADDING_BUG)
BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-
+#ifndef OPENSSL_NO_KRB5
+ if (con->kssl_ctx->client_princ != NULL)
+ {
+ BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
+ con->kssl_ctx->client_princ);
+ }
+#endif /* OPENSSL_NO_KRB5 */
return(1);
}
if (s_debug)
{
con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
+ BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
}
if (s_msg)
else
{
BIO_printf(bio_s_out,"read R BLOCK\n");
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+#if defined(OPENSSL_SYS_NETWARE)
+ delay(1000);
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
sleep(1);
#endif
continue;
#ifndef OPENSSL_NO_RSA
static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
{
+ BIGNUM *bn = NULL;
static RSA *rsa_tmp=NULL;
- if (rsa_tmp == NULL)
+ if (!rsa_tmp && ((bn = BN_new()) == NULL))
+ BIO_printf(bio_err,"Allocation error in generating RSA key\n");
+ if (!rsa_tmp && bn)
{
if (!s_quiet)
{
BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
(void)BIO_flush(bio_err);
}
- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+ if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+ !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
+ {
+ if(rsa_tmp) RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
if (!s_quiet)
{
BIO_printf(bio_err,"\n");
(void)BIO_flush(bio_err);
}
+ BN_free(bn);
}
return(rsa_tmp);
}
projects / openssl.git / blobdiff