xref: /openbsd-src/regress/lib/libssl/ssl/ssltest.c (revision f70a35c1ac939e8e150fc052e9b2573f16a75c74)
1 /*	$OpenBSD: ssltest.c,v 1.31 2021/10/31 16:56:17 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer.
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142 
143 #define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
144 				   on Linux and GNU platforms. */
145 #include <sys/types.h>
146 #include <sys/socket.h>
147 
148 #include <netinet/in.h>
149 
150 #include <assert.h>
151 #include <errno.h>
152 #include <limits.h>
153 #include <netdb.h>
154 #include <stdio.h>
155 #include <stdlib.h>
156 #include <string.h>
157 #include <time.h>
158 #include <unistd.h>
159 
160 #include <ctype.h>
161 
162 #include <openssl/opensslconf.h>
163 #include <openssl/bio.h>
164 #include <openssl/crypto.h>
165 #include <openssl/evp.h>
166 #include <openssl/x509.h>
167 #include <openssl/x509v3.h>
168 #include <openssl/ssl.h>
169 #ifndef OPENSSL_NO_ENGINE
170 #include <openssl/engine.h>
171 #endif
172 #include <openssl/err.h>
173 #include <openssl/rand.h>
174 #include <openssl/rsa.h>
175 #include <openssl/dsa.h>
176 #include <openssl/dh.h>
177 #include <openssl/bn.h>
178 
179 #include "ssl_locl.h"
180 
181 #define TEST_SERVER_CERT "../apps/server.pem"
182 #define TEST_CLIENT_CERT "../apps/client.pem"
183 
184 static int verify_callback(int ok, X509_STORE_CTX *ctx);
185 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
186 #define APP_CALLBACK_STRING "Test Callback Argument"
187 struct app_verify_arg {
188 	char *string;
189 	int app_verify;
190 	int allow_proxy_certs;
191 	char *proxy_auth;
192 	char *proxy_cond;
193 };
194 
195 static DH *get_dh1024(void);
196 static DH *get_dh1024dsa(void);
197 
198 static BIO *bio_err = NULL;
199 static BIO *bio_stdout = NULL;
200 
201 static const char *alpn_client;
202 static const char *alpn_server;
203 static const char *alpn_expected;
204 static unsigned char *alpn_selected;
205 
206 /*
207  * next_protos_parse parses a comma separated list of strings into a string
208  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
209  *   outlen: (output) set to the length of the resulting buffer on success.
210  *   err: (maybe NULL) on failure, an error message line is written to this BIO.
211  *   in: a NUL terminated string like "abc,def,ghi"
212  *
213  *   returns: a malloced buffer or NULL on failure.
214  */
215 static unsigned char *
216 next_protos_parse(unsigned short *outlen, const char *in)
217 {
218 	size_t i, len, start = 0;
219 	unsigned char *out;
220 
221 	len = strlen(in);
222 	if (len >= 65535)
223 		return (NULL);
224 
225 	if ((out = malloc(strlen(in) + 1)) == NULL)
226 		return (NULL);
227 
228 	for (i = 0; i <= len; ++i) {
229 		if (i == len || in[i] == ',') {
230 			if (i - start > 255) {
231 				free(out);
232 				return (NULL);
233 			}
234 			out[start] = i - start;
235 			start = i + 1;
236 		} else
237 			out[i+1] = in[i];
238 	}
239 	*outlen = len + 1;
240 	return (out);
241 }
242 
243 static int
244 cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
245     const unsigned char *in, unsigned int inlen, void *arg)
246 {
247 	unsigned char *protos;
248 	unsigned short protos_len;
249 
250 	if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) {
251 		fprintf(stderr,
252 		    "failed to parser ALPN server protocol string: %s\n",
253 		    alpn_server);
254 		abort();
255 	}
256 
257 	if (SSL_select_next_proto((unsigned char **)out, outlen, protos,
258 	    protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) {
259 		free(protos);
260 		return (SSL_TLSEXT_ERR_NOACK);
261 	}
262 
263 	/*
264 	 * Make a copy of the selected protocol which will be freed in
265 	 * verify_alpn.
266 	 */
267 	if ((alpn_selected = malloc(*outlen)) == NULL) {
268 		fprintf(stderr, "malloc failed\n");
269 		abort();
270 	}
271 	memcpy(alpn_selected, *out, *outlen);
272 	*out = alpn_selected;
273 	free(protos);
274 
275 	return (SSL_TLSEXT_ERR_OK);
276 }
277 
278 static int
279 verify_alpn(SSL *client, SSL *server)
280 {
281 	const unsigned char *client_proto, *server_proto;
282 	unsigned int client_proto_len = 0, server_proto_len = 0;
283 
284 	SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
285 	SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
286 
287 	free(alpn_selected);
288 	alpn_selected = NULL;
289 
290 	if (client_proto_len != server_proto_len ||
291 	    memcmp(client_proto, server_proto, client_proto_len) != 0) {
292 		BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
293 		goto err;
294 	}
295 
296 	if (client_proto_len > 0 && alpn_expected == NULL) {
297 		BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
298 		goto err;
299 	}
300 
301 	if (alpn_expected != NULL &&
302 	    (client_proto_len != strlen(alpn_expected) ||
303 	     memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
304 		BIO_printf(bio_stdout, "ALPN selected protocols not equal to "
305 		    "expected protocol: %s\n", alpn_expected);
306 		goto err;
307 	}
308 
309 	return (0);
310 
311 err:
312 	BIO_printf(bio_stdout, "ALPN results: client: '");
313 	BIO_write(bio_stdout, client_proto, client_proto_len);
314 	BIO_printf(bio_stdout, "', server: '");
315 	BIO_write(bio_stdout, server_proto, server_proto_len);
316 	BIO_printf(bio_stdout, "'\n");
317 	BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
318 	    alpn_client, alpn_server);
319 
320 	return (-1);
321 }
322 
323 static char *cipher = NULL;
324 static int verbose = 0;
325 static int debug = 0;
326 
327 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
328     clock_t *c_time);
329 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
330 
331 static void
332 sv_usage(void)
333 {
334 	fprintf(stderr, "usage: ssltest [args ...]\n");
335 	fprintf(stderr, "\n");
336 	fprintf(stderr, " -server_auth  - check server certificate\n");
337 	fprintf(stderr, " -client_auth  - do client authentication\n");
338 	fprintf(stderr, " -proxy        - allow proxy certificates\n");
339 	fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
340 	fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n");
341 	fprintf(stderr, " -v            - more output\n");
342 	fprintf(stderr, " -d            - debug output\n");
343 	fprintf(stderr, " -reuse        - use session-id reuse\n");
344 	fprintf(stderr, " -num <val>    - number of connections to perform\n");
345 	fprintf(stderr, " -bytes <val>  - number of bytes to swap between client/server\n");
346 	fprintf(stderr, " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
347 	fprintf(stderr, " -no_dhe       - disable DHE\n");
348 	fprintf(stderr, " -no_ecdhe     - disable ECDHE\n");
349 	fprintf(stderr, " -dtls1        - use DTLSv1\n");
350 	fprintf(stderr, " -tls1         - use TLSv1\n");
351 	fprintf(stderr, " -tls1_2       - use TLSv1.2\n");
352 	fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
353 	fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
354 	fprintf(stderr, " -cert arg     - Server certificate file\n");
355 	fprintf(stderr, " -key arg      - Server key file (default: same as -cert)\n");
356 	fprintf(stderr, " -c_cert arg   - Client certificate file\n");
357 	fprintf(stderr, " -c_key arg    - Client key file (default: same as -c_cert)\n");
358 	fprintf(stderr, " -cipher arg   - The cipher list\n");
359 	fprintf(stderr, " -bio_pair     - Use BIO pairs\n");
360 	fprintf(stderr, " -f            - Test even cases that can't work\n");
361 	fprintf(stderr, " -time         - measure processor time used by client and server\n");
362 	fprintf(stderr, " -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
363 	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
364 	               "                 (default is sect163r2).\n");
365 	fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
366 	fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
367 	fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
368 }
369 
370 static void
371 print_details(SSL *c_ssl, const char *prefix)
372 {
373 	const SSL_CIPHER *ciph;
374 	X509 *cert;
375 
376 	ciph = SSL_get_current_cipher(c_ssl);
377 	BIO_printf(bio_stdout, "%s%s, cipher %s %s",
378 	    prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
379 	    SSL_CIPHER_get_name(ciph));
380 	cert = SSL_get_peer_certificate(c_ssl);
381 	if (cert != NULL) {
382 		EVP_PKEY *pkey = X509_get_pubkey(cert);
383 		if (pkey != NULL) {
384 			if (pkey->type == EVP_PKEY_RSA &&
385 			    pkey->pkey.rsa != NULL &&
386 			    pkey->pkey.rsa->n != NULL) {
387 				BIO_printf(bio_stdout, ", %d bit RSA",
388 				    BN_num_bits(pkey->pkey.rsa->n));
389 			} else if (pkey->type == EVP_PKEY_DSA &&
390 			    pkey->pkey.dsa != NULL &&
391 			    pkey->pkey.dsa->p != NULL) {
392 				BIO_printf(bio_stdout, ", %d bit DSA",
393 				    BN_num_bits(pkey->pkey.dsa->p));
394 			}
395 			EVP_PKEY_free(pkey);
396 		}
397 		X509_free(cert);
398 	}
399 	/* The SSL API does not allow us to look at temporary RSA/DH keys,
400 	 * otherwise we should print their lengths too */
401 	BIO_printf(bio_stdout, "\n");
402 }
403 
404 int
405 main(int argc, char *argv[])
406 {
407 	char *CApath = NULL, *CAfile = NULL;
408 	int badop = 0;
409 	int bio_pair = 0;
410 	int force = 0;
411 	int tls1 = 0, tls1_2 = 0, dtls1 = 0, ret = 1;
412 	int client_auth = 0;
413 	int server_auth = 0, i;
414 	struct app_verify_arg app_verify_arg =
415 	    { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
416 	char *server_cert = TEST_SERVER_CERT;
417 	char *server_key = NULL;
418 	char *client_cert = TEST_CLIENT_CERT;
419 	char *client_key = NULL;
420 	char *named_curve = NULL;
421 	SSL_CTX *s_ctx = NULL;
422 	SSL_CTX *c_ctx = NULL;
423 	const SSL_METHOD *meth = NULL;
424 	SSL *c_ssl, *s_ssl;
425 	int number = 1, reuse = 0;
426 	long bytes = 256L;
427 	DH *dh;
428 	int dhe1024dsa = 0;
429 	EC_KEY *ecdh = NULL;
430 	int no_dhe = 0;
431 	int no_ecdhe = 0;
432 	int print_time = 0;
433 	clock_t s_time = 0, c_time = 0;
434 
435 	verbose = 0;
436 	debug = 0;
437 	cipher = 0;
438 
439 	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
440 
441 	bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
442 
443 	argc--;
444 	argv++;
445 
446 	while (argc >= 1) {
447 		if (!strcmp(*argv, "-F")) {
448 			fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n");
449 			exit(0);
450 		} else if (strcmp(*argv, "-server_auth") == 0)
451 			server_auth = 1;
452 		else if (strcmp(*argv, "-client_auth") == 0)
453 			client_auth = 1;
454 		else if (strcmp(*argv, "-proxy_auth") == 0) {
455 			if (--argc < 1)
456 				goto bad;
457 			app_verify_arg.proxy_auth= *(++argv);
458 		} else if (strcmp(*argv, "-proxy_cond") == 0) {
459 			if (--argc < 1)
460 				goto bad;
461 			app_verify_arg.proxy_cond= *(++argv);
462 		} else if (strcmp(*argv, "-v") == 0)
463 			verbose = 1;
464 		else if (strcmp(*argv, "-d") == 0)
465 			debug = 1;
466 		else if (strcmp(*argv, "-reuse") == 0)
467 			reuse = 1;
468 		else if (strcmp(*argv, "-dhe1024dsa") == 0) {
469 			dhe1024dsa = 1;
470 		} else if (strcmp(*argv, "-no_dhe") == 0)
471 			no_dhe = 1;
472 		else if (strcmp(*argv, "-no_ecdhe") == 0)
473 			no_ecdhe = 1;
474 		else if (strcmp(*argv, "-dtls1") == 0)
475 			dtls1 = 1;
476 		else if (strcmp(*argv, "-tls1") == 0)
477 			tls1 = 1;
478 		else if (strcmp(*argv, "-tls1_2") == 0)
479 			tls1_2 = 1;
480 		else if (strncmp(*argv, "-num", 4) == 0) {
481 			if (--argc < 1)
482 				goto bad;
483 			number = atoi(*(++argv));
484 			if (number == 0)
485 				number = 1;
486 		} else if (strcmp(*argv, "-bytes") == 0) {
487 			if (--argc < 1)
488 				goto bad;
489 			bytes = atol(*(++argv));
490 			if (bytes == 0L)
491 				bytes = 1L;
492 			i = strlen(argv[0]);
493 			if (argv[0][i - 1] == 'k')
494 				bytes*=1024L;
495 			if (argv[0][i - 1] == 'm')
496 				bytes*=1024L*1024L;
497 		} else if (strcmp(*argv, "-cert") == 0) {
498 			if (--argc < 1)
499 				goto bad;
500 			server_cert= *(++argv);
501 		} else if (strcmp(*argv, "-s_cert") == 0) {
502 			if (--argc < 1)
503 				goto bad;
504 			server_cert= *(++argv);
505 		} else if (strcmp(*argv, "-key") == 0) {
506 			if (--argc < 1)
507 				goto bad;
508 			server_key= *(++argv);
509 		} else if (strcmp(*argv, "-s_key") == 0) {
510 			if (--argc < 1)
511 				goto bad;
512 			server_key= *(++argv);
513 		} else if (strcmp(*argv, "-c_cert") == 0) {
514 			if (--argc < 1)
515 				goto bad;
516 			client_cert= *(++argv);
517 		} else if (strcmp(*argv, "-c_key") == 0) {
518 			if (--argc < 1)
519 				goto bad;
520 			client_key= *(++argv);
521 		} else if (strcmp(*argv, "-cipher") == 0) {
522 			if (--argc < 1)
523 				goto bad;
524 			cipher= *(++argv);
525 		} else if (strcmp(*argv, "-CApath") == 0) {
526 			if (--argc < 1)
527 				goto bad;
528 			CApath= *(++argv);
529 		} else if (strcmp(*argv, "-CAfile") == 0) {
530 			if (--argc < 1)
531 				goto bad;
532 			CAfile= *(++argv);
533 		} else if (strcmp(*argv, "-bio_pair") == 0) {
534 			bio_pair = 1;
535 		} else if (strcmp(*argv, "-f") == 0) {
536 			force = 1;
537 		} else if (strcmp(*argv, "-time") == 0) {
538 			print_time = 1;
539 		} else if (strcmp(*argv, "-named_curve") == 0) {
540 			if (--argc < 1)
541 				goto bad;
542 			named_curve = *(++argv);
543 		} else if (strcmp(*argv, "-app_verify") == 0) {
544 			app_verify_arg.app_verify = 1;
545 		} else if (strcmp(*argv, "-proxy") == 0) {
546 			app_verify_arg.allow_proxy_certs = 1;
547 		} else if (strcmp(*argv, "-alpn_client") == 0) {
548 			if (--argc < 1)
549 				goto bad;
550 			alpn_client = *(++argv);
551 		} else if (strcmp(*argv, "-alpn_server") == 0) {
552 			if (--argc < 1)
553 				goto bad;
554 			alpn_server = *(++argv);
555 		} else if (strcmp(*argv, "-alpn_expected") == 0) {
556 			if (--argc < 1)
557 				goto bad;
558 			alpn_expected = *(++argv);
559 		} else {
560 			fprintf(stderr, "unknown option %s\n", *argv);
561 			badop = 1;
562 			break;
563 		}
564 		argc--;
565 		argv++;
566 	}
567 	if (badop) {
568 bad:
569 		sv_usage();
570 		goto end;
571 	}
572 
573 	if (!dtls1 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
574 		fprintf(stderr,
575 		    "This case cannot work.  Use -f to perform "
576 		    "the test anyway (and\n-d to see what happens), "
577 		    "or add one of -dtls1, -tls1, -tls1_2, -reuse\n"
578 		    "to avoid protocol mismatch.\n");
579 		exit(1);
580 	}
581 
582 	if (print_time) {
583 		if (!bio_pair) {
584 			fprintf(stderr, "Using BIO pair (-bio_pair)\n");
585 			bio_pair = 1;
586 		}
587 		if (number < 50 && !force)
588 			fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
589 	}
590 
591 /*	if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
592 
593 	SSL_library_init();
594 	SSL_load_error_strings();
595 
596 	if (dtls1)
597 		meth = DTLSv1_method();
598 	else if (tls1)
599 		meth = TLSv1_method();
600 	else if (tls1_2)
601 		meth = TLSv1_2_method();
602 	else
603 		meth = TLS_method();
604 
605 	c_ctx = SSL_CTX_new(meth);
606 	s_ctx = SSL_CTX_new(meth);
607 	if ((c_ctx == NULL) || (s_ctx == NULL)) {
608 		ERR_print_errors(bio_err);
609 		goto end;
610 	}
611 
612 	if (cipher != NULL) {
613 		SSL_CTX_set_cipher_list(c_ctx, cipher);
614 		SSL_CTX_set_cipher_list(s_ctx, cipher);
615 	}
616 
617 	if (!no_dhe) {
618 		if (dhe1024dsa) {
619 			/* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
620 			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
621 			dh = get_dh1024dsa();
622 		} else
623 			dh = get_dh1024();
624 		SSL_CTX_set_tmp_dh(s_ctx, dh);
625 		DH_free(dh);
626 	}
627 
628 	if (!no_ecdhe) {
629 		int nid;
630 
631 		if (named_curve != NULL) {
632 			nid = OBJ_sn2nid(named_curve);
633 			if (nid == 0) {
634 				BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
635 				goto end;
636 			}
637 		} else
638 			nid = NID_X9_62_prime256v1;
639 
640 		ecdh = EC_KEY_new_by_curve_name(nid);
641 		if (ecdh == NULL) {
642 			BIO_printf(bio_err, "unable to create curve\n");
643 			goto end;
644 		}
645 
646 		SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
647 		SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
648 		EC_KEY_free(ecdh);
649 	}
650 
651 	if (!SSL_CTX_use_certificate_file(s_ctx, server_cert,
652 	    SSL_FILETYPE_PEM)) {
653 		ERR_print_errors(bio_err);
654 	} else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
655 	    (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
656 		ERR_print_errors(bio_err);
657 		goto end;
658 	}
659 
660 	if (client_auth) {
661 		SSL_CTX_use_certificate_file(c_ctx, client_cert,
662 		    SSL_FILETYPE_PEM);
663 		SSL_CTX_use_PrivateKey_file(c_ctx,
664 		    (client_key ? client_key : client_cert),
665 		    SSL_FILETYPE_PEM);
666 	}
667 
668 	if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
669 	    (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
670 	    (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
671 	    (!SSL_CTX_set_default_verify_paths(c_ctx))) {
672 		/* fprintf(stderr,"SSL_load_verify_locations\n"); */
673 		ERR_print_errors(bio_err);
674 		/* goto end; */
675 	}
676 
677 	if (client_auth) {
678 		BIO_printf(bio_err, "client authentication\n");
679 		SSL_CTX_set_verify(s_ctx,
680 		    SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
681 		    verify_callback);
682 		SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
683 		    &app_verify_arg);
684 	}
685 	if (server_auth) {
686 		BIO_printf(bio_err, "server authentication\n");
687 		SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
688 		    verify_callback);
689 		SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
690 		    &app_verify_arg);
691 	}
692 
693 	{
694 		int session_id_context = 0;
695 		SSL_CTX_set_session_id_context(s_ctx,
696 		    (void *)&session_id_context, sizeof(session_id_context));
697 	}
698 
699 	if (alpn_server != NULL)
700 		SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
701 
702 	if (alpn_client != NULL) {
703 		unsigned short alpn_len;
704 		unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
705 
706 		if (alpn == NULL) {
707 			BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
708 			goto end;
709 		}
710 		SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
711 		free(alpn);
712 	}
713 
714 	c_ssl = SSL_new(c_ctx);
715 	s_ssl = SSL_new(s_ctx);
716 
717 	for (i = 0; i < number; i++) {
718 		if (!reuse)
719 			SSL_set_session(c_ssl, NULL);
720 		if (bio_pair)
721 			ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time,
722 			    &c_time);
723 		else
724 			ret = doit(s_ssl, c_ssl, bytes);
725 	}
726 
727 	if (!verbose) {
728 		print_details(c_ssl, "");
729 	}
730 	if ((number > 1) || (bytes > 1L))
731 		BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",
732 		    number, bytes);
733 	if (print_time) {
734 #ifdef CLOCKS_PER_SEC
735 		/* "To determine the time in seconds, the value returned
736 		 * by the clock function should be divided by the value
737 		 * of the macro CLOCKS_PER_SEC."
738 		 *                                       -- ISO/IEC 9899 */
739 		BIO_printf(bio_stdout,
740 		    "Approximate total server time: %6.2f s\n"
741 		    "Approximate total client time: %6.2f s\n",
742 		    (double)s_time/CLOCKS_PER_SEC,
743 		    (double)c_time/CLOCKS_PER_SEC);
744 #else
745 		/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
746 		 *                            -- cc on NeXTstep/OpenStep */
747 		BIO_printf(bio_stdout,
748 		    "Approximate total server time: %6.2f units\n"
749 		    "Approximate total client time: %6.2f units\n",
750 		    (double)s_time,
751 		    (double)c_time);
752 #endif
753 	}
754 
755 	SSL_free(s_ssl);
756 	SSL_free(c_ssl);
757 
758 end:
759 	SSL_CTX_free(s_ctx);
760 	SSL_CTX_free(c_ctx);
761 	BIO_free(bio_stdout);
762 
763 #ifndef OPENSSL_NO_ENGINE
764 	ENGINE_cleanup();
765 #endif
766 	CRYPTO_cleanup_all_ex_data();
767 	ERR_free_strings();
768 	ERR_remove_thread_state(NULL);
769 	EVP_cleanup();
770 	CRYPTO_mem_leaks(bio_err);
771 	BIO_free(bio_err);
772 
773 	exit(ret);
774 	return ret;
775 }
776 
777 int
778 doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
779     clock_t *c_time)
780 {
781 	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
782 	BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
783 	BIO *server = NULL, *server_io = NULL;
784 	BIO *client = NULL, *client_io = NULL;
785 	int ret = 1;
786 
787 	size_t bufsiz = 256; /* small buffer for testing */
788 
789 	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
790 		goto err;
791 	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
792 		goto err;
793 
794 	s_ssl_bio = BIO_new(BIO_f_ssl());
795 	if (!s_ssl_bio)
796 		goto err;
797 
798 	c_ssl_bio = BIO_new(BIO_f_ssl());
799 	if (!c_ssl_bio)
800 		goto err;
801 
802 	SSL_set_connect_state(c_ssl);
803 	SSL_set_bio(c_ssl, client, client);
804 	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
805 
806 	SSL_set_accept_state(s_ssl);
807 	SSL_set_bio(s_ssl, server, server);
808 	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
809 
810 	do {
811 		/* c_ssl_bio:          SSL filter BIO
812 		 *
813 		 * client:             pseudo-I/O for SSL library
814 		 *
815 		 * client_io:          client's SSL communication; usually to be
816 		 *                     relayed over some I/O facility, but in this
817 		 *                     test program, we're the server, too:
818 		 *
819 		 * server_io:          server's SSL communication
820 		 *
821 		 * server:             pseudo-I/O for SSL library
822 		 *
823 		 * s_ssl_bio:          SSL filter BIO
824 		 *
825 		 * The client and the server each employ a "BIO pair":
826 		 * client + client_io, server + server_io.
827 		 * BIO pairs are symmetric.  A BIO pair behaves similar
828 		 * to a non-blocking socketpair (but both endpoints must
829 		 * be handled by the same thread).
830 		 * [Here we could connect client and server to the ends
831 		 * of a single BIO pair, but then this code would be less
832 		 * suitable as an example for BIO pairs in general.]
833 		 *
834 		 * Useful functions for querying the state of BIO pair endpoints:
835 		 *
836 		 * BIO_ctrl_pending(bio)              number of bytes we can read now
837 		 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
838 		 *                                      other side's read attempt
839 		 * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
840 		 *
841 		 * ..._read_request is never more than ..._write_guarantee;
842 		 * it depends on the application which one you should use.
843 		 */
844 
845 		/* We have non-blocking behaviour throughout this test program, but
846 		 * can be sure that there is *some* progress in each iteration; so
847 		 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
848 		 * -- we just try everything in each iteration
849 		 */
850 
851 		{
852 			/* CLIENT */
853 
854 			char cbuf[1024*8];
855 			int i, r;
856 			clock_t c_clock = clock();
857 
858 			memset(cbuf, 0, sizeof(cbuf));
859 
860 			if (debug)
861 				if (SSL_in_init(c_ssl))
862 					printf("client waiting in SSL_connect - %s\n",
863 					    SSL_state_string_long(c_ssl));
864 
865 			if (cw_num > 0) {
866 				/* Write to server. */
867 
868 				if (cw_num > (long)sizeof cbuf)
869 					i = sizeof cbuf;
870 				else
871 					i = (int)cw_num;
872 				r = BIO_write(c_ssl_bio, cbuf, i);
873 				if (r < 0) {
874 					if (!BIO_should_retry(c_ssl_bio)) {
875 						fprintf(stderr, "ERROR in CLIENT\n");
876 						goto err;
877 					}
878 					/* BIO_should_retry(...) can just be ignored here.
879 					 * The library expects us to call BIO_write with
880 					 * the same arguments again, and that's what we will
881 					 * do in the next iteration. */
882 				} else if (r == 0) {
883 					fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
884 					goto err;
885 				} else {
886 					if (debug)
887 						printf("client wrote %d\n", r);
888 					cw_num -= r;
889 
890 				}
891 			}
892 
893 			if (cr_num > 0) {
894 				/* Read from server. */
895 
896 				r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
897 				if (r < 0) {
898 					if (!BIO_should_retry(c_ssl_bio)) {
899 						fprintf(stderr, "ERROR in CLIENT\n");
900 						goto err;
901 					}
902 					/* Again, "BIO_should_retry" can be ignored. */
903 				} else if (r == 0) {
904 					fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
905 					goto err;
906 				} else {
907 					if (debug)
908 						printf("client read %d\n", r);
909 					cr_num -= r;
910 				}
911 			}
912 
913 			/* c_time and s_time increments will typically be very small
914 			 * (depending on machine speed and clock tick intervals),
915 			 * but sampling over a large number of connections should
916 			 * result in fairly accurate figures.  We cannot guarantee
917 			 * a lot, however -- if each connection lasts for exactly
918 			 * one clock tick, it will be counted only for the client
919 			 * or only for the server or even not at all.
920 			 */
921 			*c_time += (clock() - c_clock);
922 		}
923 
924 		{
925 			/* SERVER */
926 
927 			char sbuf[1024*8];
928 			int i, r;
929 			clock_t s_clock = clock();
930 
931 			memset(sbuf, 0, sizeof(sbuf));
932 
933 			if (debug)
934 				if (SSL_in_init(s_ssl))
935 					printf("server waiting in SSL_accept - %s\n",
936 					    SSL_state_string_long(s_ssl));
937 
938 			if (sw_num > 0) {
939 				/* Write to client. */
940 
941 				if (sw_num > (long)sizeof sbuf)
942 					i = sizeof sbuf;
943 				else
944 					i = (int)sw_num;
945 				r = BIO_write(s_ssl_bio, sbuf, i);
946 				if (r < 0) {
947 					if (!BIO_should_retry(s_ssl_bio)) {
948 						fprintf(stderr, "ERROR in SERVER\n");
949 						goto err;
950 					}
951 					/* Ignore "BIO_should_retry". */
952 				} else if (r == 0) {
953 					fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
954 					goto err;
955 				} else {
956 					if (debug)
957 						printf("server wrote %d\n", r);
958 					sw_num -= r;
959 
960 				}
961 			}
962 
963 			if (sr_num > 0) {
964 				/* Read from client. */
965 
966 				r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
967 				if (r < 0) {
968 					if (!BIO_should_retry(s_ssl_bio)) {
969 						fprintf(stderr, "ERROR in SERVER\n");
970 						goto err;
971 					}
972 					/* blah, blah */
973 				} else if (r == 0) {
974 					fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
975 					goto err;
976 				} else {
977 					if (debug)
978 						printf("server read %d\n", r);
979 					sr_num -= r;
980 				}
981 			}
982 
983 			*s_time += (clock() - s_clock);
984 		}
985 
986 		{
987 			/* "I/O" BETWEEN CLIENT AND SERVER. */
988 
989 			size_t r1, r2;
990 			BIO *io1 = server_io, *io2 = client_io;
991 			/* we use the non-copying interface for io1
992 			 * and the standard BIO_write/BIO_read interface for io2
993 			 */
994 
995 			static int prev_progress = 1;
996 			int progress = 0;
997 
998 			/* io1 to io2 */
999 			do {
1000 				size_t num;
1001 				int r;
1002 
1003 				r1 = BIO_ctrl_pending(io1);
1004 				r2 = BIO_ctrl_get_write_guarantee(io2);
1005 
1006 				num = r1;
1007 				if (r2 < num)
1008 					num = r2;
1009 				if (num) {
1010 					char *dataptr;
1011 
1012 					if (INT_MAX < num) /* yeah, right */
1013 						num = INT_MAX;
1014 
1015 					r = BIO_nread(io1, &dataptr, (int)num);
1016 					assert(r > 0);
1017 					assert(r <= (int)num);
1018 					/* possibly r < num (non-contiguous data) */
1019 					num = r;
1020 					r = BIO_write(io2, dataptr, (int)num);
1021 					if (r != (int)num) /* can't happen */
1022 					{
1023 						fprintf(stderr, "ERROR: BIO_write could not write "
1024 						    "BIO_ctrl_get_write_guarantee() bytes");
1025 						goto err;
1026 					}
1027 					progress = 1;
1028 
1029 					if (debug)
1030 						printf((io1 == client_io) ?
1031 						    "C->S relaying: %d bytes\n" :
1032 						    "S->C relaying: %d bytes\n",
1033 						    (int)num);
1034 				}
1035 			} while (r1 && r2);
1036 
1037 			/* io2 to io1 */
1038 			{
1039 				size_t num;
1040 				int r;
1041 
1042 				r1 = BIO_ctrl_pending(io2);
1043 				r2 = BIO_ctrl_get_read_request(io1);
1044 				/* here we could use ..._get_write_guarantee instead of
1045 				 * ..._get_read_request, but by using the latter
1046 				 * we test restartability of the SSL implementation
1047 				 * more thoroughly */
1048 				num = r1;
1049 				if (r2 < num)
1050 					num = r2;
1051 				if (num) {
1052 					char *dataptr;
1053 
1054 					if (INT_MAX < num)
1055 						num = INT_MAX;
1056 
1057 					if (num > 1)
1058 						--num; /* test restartability even more thoroughly */
1059 
1060 					r = BIO_nwrite0(io1, &dataptr);
1061 					assert(r > 0);
1062 					if (r < (int)num)
1063 						num = r;
1064 					r = BIO_read(io2, dataptr, (int)num);
1065 					if (r != (int)num) /* can't happen */
1066 					{
1067 						fprintf(stderr, "ERROR: BIO_read could not read "
1068 						    "BIO_ctrl_pending() bytes");
1069 						goto err;
1070 					}
1071 					progress = 1;
1072 					r = BIO_nwrite(io1, &dataptr, (int)num);
1073 					if (r != (int)num) /* can't happen */
1074 					{
1075 						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1076 						    "BIO_nwrite0() bytes");
1077 						goto err;
1078 					}
1079 
1080 					if (debug)
1081 						printf((io2 == client_io) ?
1082 						    "C->S relaying: %d bytes\n" :
1083 						    "S->C relaying: %d bytes\n",
1084 						    (int)num);
1085 				}
1086 			} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1087 
1088 			if (!progress && !prev_progress) {
1089 				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
1090 					fprintf(stderr, "ERROR: got stuck\n");
1091 					goto err;
1092 				}
1093 			}
1094 			prev_progress = progress;
1095 		}
1096 	} while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1097 
1098 	if (verbose)
1099 		print_details(c_ssl, "DONE via BIO pair: ");
1100 
1101 	if (verify_alpn(c_ssl, s_ssl) < 0) {
1102 		ret = 1;
1103 		goto err;
1104 	}
1105 
1106 	ret = 0;
1107 
1108 err:
1109 	ERR_print_errors(bio_err);
1110 
1111 	BIO_free(server);
1112 	BIO_free(server_io);
1113 	BIO_free(client);
1114 	BIO_free(client_io);
1115 	BIO_free(s_ssl_bio);
1116 	BIO_free(c_ssl_bio);
1117 
1118 	return ret;
1119 }
1120 
1121 
1122 #define W_READ	1
1123 #define W_WRITE	2
1124 #define C_DONE	1
1125 #define S_DONE	2
1126 
1127 int
1128 doit(SSL *s_ssl, SSL *c_ssl, long count)
1129 {
1130 	char cbuf[1024*8], sbuf[1024*8];
1131 	long cw_num = count, cr_num = count;
1132 	long sw_num = count, sr_num = count;
1133 	int ret = 1;
1134 	BIO *c_to_s = NULL;
1135 	BIO *s_to_c = NULL;
1136 	BIO *c_bio = NULL;
1137 	BIO *s_bio = NULL;
1138 	int c_r, c_w, s_r, s_w;
1139 	int i, j;
1140 	int done = 0;
1141 	int c_write, s_write;
1142 	int do_server = 0, do_client = 0;
1143 
1144 	memset(cbuf, 0, sizeof(cbuf));
1145 	memset(sbuf, 0, sizeof(sbuf));
1146 
1147 	c_to_s = BIO_new(BIO_s_mem());
1148 	s_to_c = BIO_new(BIO_s_mem());
1149 	if ((s_to_c == NULL) || (c_to_s == NULL)) {
1150 		ERR_print_errors(bio_err);
1151 		goto err;
1152 	}
1153 
1154 	c_bio = BIO_new(BIO_f_ssl());
1155 	s_bio = BIO_new(BIO_f_ssl());
1156 	if ((c_bio == NULL) || (s_bio == NULL)) {
1157 		ERR_print_errors(bio_err);
1158 		goto err;
1159 	}
1160 
1161 	SSL_set_connect_state(c_ssl);
1162 	SSL_set_bio(c_ssl, s_to_c, c_to_s);
1163 	BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
1164 
1165 	SSL_set_accept_state(s_ssl);
1166 	SSL_set_bio(s_ssl, c_to_s, s_to_c);
1167 	BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
1168 
1169 	c_r = 0;
1170 	s_r = 1;
1171 	c_w = 1;
1172 	s_w = 0;
1173 	c_write = 1, s_write = 0;
1174 
1175 	/* We can always do writes */
1176 	for (;;) {
1177 		do_server = 0;
1178 		do_client = 0;
1179 
1180 		i = (int)BIO_pending(s_bio);
1181 		if ((i && s_r) || s_w)
1182 			do_server = 1;
1183 
1184 		i = (int)BIO_pending(c_bio);
1185 		if ((i && c_r) || c_w)
1186 			do_client = 1;
1187 
1188 		if (do_server && debug) {
1189 			if (SSL_in_init(s_ssl))
1190 				printf("server waiting in SSL_accept - %s\n",
1191 				    SSL_state_string_long(s_ssl));
1192 		}
1193 
1194 		if (do_client && debug) {
1195 			if (SSL_in_init(c_ssl))
1196 				printf("client waiting in SSL_connect - %s\n",
1197 				    SSL_state_string_long(c_ssl));
1198 		}
1199 
1200 		if (!do_client && !do_server) {
1201 			fprintf(stdout, "ERROR in STARTUP\n");
1202 			ERR_print_errors(bio_err);
1203 			goto err;
1204 		}
1205 
1206 		if (do_client && !(done & C_DONE)) {
1207 			if (c_write) {
1208 				j = (cw_num > (long)sizeof(cbuf)) ?
1209 				    (int)sizeof(cbuf) : (int)cw_num;
1210 				i = BIO_write(c_bio, cbuf, j);
1211 				if (i < 0) {
1212 					c_r = 0;
1213 					c_w = 0;
1214 					if (BIO_should_retry(c_bio)) {
1215 						if (BIO_should_read(c_bio))
1216 							c_r = 1;
1217 						if (BIO_should_write(c_bio))
1218 							c_w = 1;
1219 					} else {
1220 						fprintf(stderr, "ERROR in CLIENT\n");
1221 						ERR_print_errors(bio_err);
1222 						goto err;
1223 					}
1224 				} else if (i == 0) {
1225 					fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1226 					goto err;
1227 				} else {
1228 					if (debug)
1229 						printf("client wrote %d\n", i);
1230 					/* ok */
1231 					s_r = 1;
1232 					c_write = 0;
1233 					cw_num -= i;
1234 				}
1235 			} else {
1236 				i = BIO_read(c_bio, cbuf, sizeof(cbuf));
1237 				if (i < 0) {
1238 					c_r = 0;
1239 					c_w = 0;
1240 					if (BIO_should_retry(c_bio)) {
1241 						if (BIO_should_read(c_bio))
1242 							c_r = 1;
1243 						if (BIO_should_write(c_bio))
1244 							c_w = 1;
1245 					} else {
1246 						fprintf(stderr, "ERROR in CLIENT\n");
1247 						ERR_print_errors(bio_err);
1248 						goto err;
1249 					}
1250 				} else if (i == 0) {
1251 					fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1252 					goto err;
1253 				} else {
1254 					if (debug)
1255 						printf("client read %d\n", i);
1256 					cr_num -= i;
1257 					if (sw_num > 0) {
1258 						s_write = 1;
1259 						s_w = 1;
1260 					}
1261 					if (cr_num <= 0) {
1262 						s_write = 1;
1263 						s_w = 1;
1264 						done = S_DONE|C_DONE;
1265 					}
1266 				}
1267 			}
1268 		}
1269 
1270 		if (do_server && !(done & S_DONE)) {
1271 			if (!s_write) {
1272 				i = BIO_read(s_bio, sbuf, sizeof(cbuf));
1273 				if (i < 0) {
1274 					s_r = 0;
1275 					s_w = 0;
1276 					if (BIO_should_retry(s_bio)) {
1277 						if (BIO_should_read(s_bio))
1278 							s_r = 1;
1279 						if (BIO_should_write(s_bio))
1280 							s_w = 1;
1281 					} else {
1282 						fprintf(stderr, "ERROR in SERVER\n");
1283 						ERR_print_errors(bio_err);
1284 						goto err;
1285 					}
1286 				} else if (i == 0) {
1287 					ERR_print_errors(bio_err);
1288 					fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n");
1289 					goto err;
1290 				} else {
1291 					if (debug)
1292 						printf("server read %d\n", i);
1293 					sr_num -= i;
1294 					if (cw_num > 0) {
1295 						c_write = 1;
1296 						c_w = 1;
1297 					}
1298 					if (sr_num <= 0) {
1299 						s_write = 1;
1300 						s_w = 1;
1301 						c_write = 0;
1302 					}
1303 				}
1304 			} else {
1305 				j = (sw_num > (long)sizeof(sbuf)) ?
1306 				    (int)sizeof(sbuf) : (int)sw_num;
1307 				i = BIO_write(s_bio, sbuf, j);
1308 				if (i < 0) {
1309 					s_r = 0;
1310 					s_w = 0;
1311 					if (BIO_should_retry(s_bio)) {
1312 						if (BIO_should_read(s_bio))
1313 							s_r = 1;
1314 						if (BIO_should_write(s_bio))
1315 							s_w = 1;
1316 					} else {
1317 						fprintf(stderr, "ERROR in SERVER\n");
1318 						ERR_print_errors(bio_err);
1319 						goto err;
1320 					}
1321 				} else if (i == 0) {
1322 					ERR_print_errors(bio_err);
1323 					fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n");
1324 					goto err;
1325 				} else {
1326 					if (debug)
1327 						printf("server wrote %d\n", i);
1328 					sw_num -= i;
1329 					s_write = 0;
1330 					c_r = 1;
1331 					if (sw_num <= 0)
1332 						done |= S_DONE;
1333 				}
1334 			}
1335 		}
1336 
1337 		if ((done & S_DONE) && (done & C_DONE))
1338 			break;
1339 	}
1340 
1341 	if (verbose)
1342 		print_details(c_ssl, "DONE: ");
1343 
1344 	if (verify_alpn(c_ssl, s_ssl) < 0) {
1345 		ret = 1;
1346 		goto err;
1347 	}
1348 
1349 	ret = 0;
1350 err:
1351 	/* We have to set the BIO's to NULL otherwise they will be
1352 	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
1353 	 * again when c_ssl is SSL_free()ed.
1354 	 * This is a hack required because s_ssl and c_ssl are sharing the same
1355 	 * BIO structure and SSL_set_bio() and SSL_free() automatically
1356 	 * BIO_free non NULL entries.
1357 	 * You should not normally do this or be required to do this */
1358 	if (s_ssl != NULL) {
1359 		s_ssl->rbio = NULL;
1360 		s_ssl->wbio = NULL;
1361 	}
1362 	if (c_ssl != NULL) {
1363 		c_ssl->rbio = NULL;
1364 		c_ssl->wbio = NULL;
1365 	}
1366 
1367 	BIO_free(c_to_s);
1368 	BIO_free(s_to_c);
1369 	BIO_free_all(c_bio);
1370 	BIO_free_all(s_bio);
1371 
1372 	return (ret);
1373 }
1374 
1375 static int
1376 get_proxy_auth_ex_data_idx(void)
1377 {
1378 	static volatile int idx = -1;
1379 	if (idx < 0) {
1380 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
1381 		if (idx < 0) {
1382 			idx = X509_STORE_CTX_get_ex_new_index(0,
1383 			    "SSLtest for verify callback", NULL, NULL, NULL);
1384 		}
1385 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
1386 	}
1387 	return idx;
1388 }
1389 
1390 static int
1391 verify_callback(int ok, X509_STORE_CTX *ctx)
1392 {
1393 	X509 *xs;
1394 	char *s, buf[256];
1395 	int error, error_depth;
1396 
1397 	xs = X509_STORE_CTX_get_current_cert(ctx);
1398 	s = X509_NAME_oneline(X509_get_subject_name(xs), buf, sizeof buf);
1399 	error = X509_STORE_CTX_get_error(ctx);
1400 	error_depth = X509_STORE_CTX_get_error_depth(ctx);
1401 	if (s != NULL) {
1402 		if (ok)
1403 			fprintf(stderr, "depth=%d %s\n", error_depth, buf);
1404 		else {
1405 			fprintf(stderr, "depth=%d error=%d %s\n", error_depth,
1406 			    error, buf);
1407 		}
1408 	}
1409 
1410 	if (ok == 0) {
1411 		fprintf(stderr, "Error string: %s\n",
1412 		    X509_verify_cert_error_string(error));
1413 		switch (error) {
1414 		case X509_V_ERR_CERT_NOT_YET_VALID:
1415 		case X509_V_ERR_CERT_HAS_EXPIRED:
1416 		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1417 			fprintf(stderr, "  ... ignored.\n");
1418 			ok = 1;
1419 		}
1420 	}
1421 
1422 	if (ok == 1) {
1423 		if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
1424 			unsigned int *letters =
1425 			    X509_STORE_CTX_get_ex_data(ctx,
1426 			    get_proxy_auth_ex_data_idx());
1427 
1428 			if (letters) {
1429 				int found_any = 0;
1430 				int i;
1431 				PROXY_CERT_INFO_EXTENSION *pci =
1432 				    X509_get_ext_d2i(xs, NID_proxyCertInfo,
1433 				    NULL, NULL);
1434 
1435 				switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
1436 				case NID_Independent:
1437 					/* Completely meaningless in this
1438 					   program, as there's no way to
1439 					   grant explicit rights to a
1440 					   specific PrC.  Basically, using
1441 					   id-ppl-Independent is the perfect
1442 					   way to grant no rights at all. */
1443 					fprintf(stderr, "  Independent proxy certificate");
1444 					for (i = 0; i < 26; i++)
1445 						letters[i] = 0;
1446 					break;
1447 				case NID_id_ppl_inheritAll:
1448 					/* This is basically a NOP, we
1449 					   simply let the current rights
1450 					   stand as they are. */
1451 					fprintf(stderr, "  Proxy certificate inherits all");
1452 					break;
1453 				default:
1454 					s = (char *)
1455 					pci->proxyPolicy->policy->data;
1456 					i = pci->proxyPolicy->policy->length;
1457 
1458 					/* The algorithm works as follows:
1459 					   it is assumed that previous
1460 					   iterations or the initial granted
1461 					   rights has already set some elements
1462 					   of `letters'.  What we need to do is
1463 					   to clear those that weren't granted
1464 					   by the current PrC as well.  The
1465 					   easiest way to do this is to add 1
1466 					   to all the elements whose letters
1467 					   are given with the current policy.
1468 					   That way, all elements that are set
1469 					   by the current policy and were
1470 					   already set by earlier policies and
1471 					   through the original grant of rights
1472 					   will get the value 2 or higher.
1473 					   The last thing to do is to sweep
1474 					   through `letters' and keep the
1475 					   elements having the value 2 as set,
1476 					   and clear all the others. */
1477 
1478 					fprintf(stderr, "  Certificate proxy rights = %*.*s", i, i, s);
1479 					while (i-- > 0) {
1480 						int c = *s++;
1481 						if (isascii(c) && isalpha(c)) {
1482 							if (islower(c))
1483 								c = toupper(c);
1484 							letters[c - 'A']++;
1485 						}
1486 					}
1487 					for (i = 0; i < 26; i++)
1488 						if (letters[i] < 2)
1489 							letters[i] = 0;
1490 					else
1491 						letters[i] = 1;
1492 				}
1493 
1494 				found_any = 0;
1495 				fprintf(stderr, ", resulting proxy rights = ");
1496 				for (i = 0; i < 26; i++)
1497 					if (letters[i]) {
1498 					fprintf(stderr, "%c", i + 'A');
1499 					found_any = 1;
1500 				}
1501 				if (!found_any)
1502 					fprintf(stderr, "none");
1503 				fprintf(stderr, "\n");
1504 
1505 				PROXY_CERT_INFO_EXTENSION_free(pci);
1506 			}
1507 		}
1508 	}
1509 
1510 	return (ok);
1511 }
1512 
1513 static void
1514 process_proxy_debug(int indent, const char *format, ...)
1515 {
1516 	static const char indentation[] =
1517 	    ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
1518 	    ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
1519 	char my_format[256];
1520 	va_list args;
1521 
1522 	(void) snprintf(my_format, sizeof(my_format), "%*.*s %s",
1523 	    indent, indent, indentation, format);
1524 
1525 	va_start(args, format);
1526 	vfprintf(stderr, my_format, args);
1527 	va_end(args);
1528 }
1529 /* Priority levels:
1530    0	[!]var, ()
1531    1	& ^
1532    2	|
1533 */
1534 static int process_proxy_cond_adders(unsigned int letters[26],
1535     const char *cond, const char **cond_end, int *pos, int indent);
1536 
1537 static int
1538 process_proxy_cond_val(unsigned int letters[26], const char *cond,
1539     const char **cond_end, int *pos, int indent)
1540 {
1541 	int c;
1542 	int ok = 1;
1543 	int negate = 0;
1544 
1545 	while (isspace((int)*cond)) {
1546 		cond++;
1547 		(*pos)++;
1548 	}
1549 	c = *cond;
1550 
1551 	if (debug)
1552 		process_proxy_debug(indent,
1553 		    "Start process_proxy_cond_val at position %d: %s\n",
1554 		    *pos, cond);
1555 
1556 	while (c == '!') {
1557 		negate = !negate;
1558 		cond++;
1559 		(*pos)++;
1560 		while (isspace((int)*cond)) {
1561 			cond++;
1562 			(*pos)++;
1563 		}
1564 		c = *cond;
1565 	}
1566 
1567 	if (c == '(') {
1568 		cond++;
1569 		(*pos)++;
1570 		ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
1571 		    indent + 1);
1572 		cond = *cond_end;
1573 		if (ok < 0)
1574 			goto end;
1575 		while (isspace((int)*cond)) {
1576 			cond++;
1577 			(*pos)++;
1578 		}
1579 		c = *cond;
1580 		if (c != ')') {
1581 			fprintf(stderr,
1582 			    "Weird condition character in position %d: "
1583 			    "%c\n", *pos, c);
1584 			ok = -1;
1585 			goto end;
1586 		}
1587 		cond++;
1588 		(*pos)++;
1589 	} else if (isascii(c) && isalpha(c)) {
1590 		if (islower(c))
1591 			c = toupper(c);
1592 		ok = letters[c - 'A'];
1593 		cond++;
1594 		(*pos)++;
1595 	} else {
1596 		fprintf(stderr,
1597 		    "Weird condition character in position %d: "
1598 		    "%c\n", *pos, c);
1599 		ok = -1;
1600 		goto end;
1601 	}
1602 end:
1603 	*cond_end = cond;
1604 	if (ok >= 0 && negate)
1605 		ok = !ok;
1606 
1607 	if (debug)
1608 		process_proxy_debug(indent,
1609 		    "End process_proxy_cond_val at position %d: %s, returning %d\n",
1610 		    *pos, cond, ok);
1611 
1612 	return ok;
1613 }
1614 
1615 static int
1616 process_proxy_cond_multipliers(unsigned int letters[26], const char *cond,
1617     const char **cond_end, int *pos, int indent)
1618 {
1619 	int ok;
1620 	char c;
1621 
1622 	if (debug)
1623 		process_proxy_debug(indent,
1624 		    "Start process_proxy_cond_multipliers at position %d: %s\n",
1625 		    *pos, cond);
1626 
1627 	ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
1628 	cond = *cond_end;
1629 	if (ok < 0)
1630 		goto end;
1631 
1632 	while (ok >= 0) {
1633 		while (isspace((int)*cond)) {
1634 			cond++;
1635 			(*pos)++;
1636 		}
1637 		c = *cond;
1638 
1639 		switch (c) {
1640 		case '&':
1641 		case '^':
1642 			{
1643 				int save_ok = ok;
1644 
1645 				cond++;
1646 				(*pos)++;
1647 				ok = process_proxy_cond_val(letters,
1648 				    cond, cond_end, pos, indent + 1);
1649 				cond = *cond_end;
1650 				if (ok < 0)
1651 					break;
1652 
1653 				switch (c) {
1654 				case '&':
1655 					ok &= save_ok;
1656 					break;
1657 				case '^':
1658 					ok ^= save_ok;
1659 					break;
1660 				default:
1661 					fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1662 					    " STOPPING\n");
1663 					exit(1);
1664 				}
1665 			}
1666 			break;
1667 		default:
1668 			goto end;
1669 		}
1670 	}
1671 end:
1672 	if (debug)
1673 		process_proxy_debug(indent,
1674 		    "End process_proxy_cond_multipliers at position %d: %s, "
1675 		    "returning %d\n",
1676 		    *pos, cond, ok);
1677 
1678 	*cond_end = cond;
1679 	return ok;
1680 }
1681 
1682 static int
1683 process_proxy_cond_adders(unsigned int letters[26], const char *cond,
1684     const char **cond_end, int *pos, int indent)
1685 {
1686 	int ok;
1687 	char c;
1688 
1689 	if (debug)
1690 		process_proxy_debug(indent,
1691 		    "Start process_proxy_cond_adders at position %d: %s\n",
1692 		    *pos, cond);
1693 
1694 	ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
1695 	    indent + 1);
1696 	cond = *cond_end;
1697 	if (ok < 0)
1698 		goto end;
1699 
1700 	while (ok >= 0) {
1701 		while (isspace((int)*cond)) {
1702 			cond++;
1703 			(*pos)++;
1704 		}
1705 		c = *cond;
1706 
1707 		switch (c) {
1708 		case '|':
1709 			{
1710 				int save_ok = ok;
1711 
1712 				cond++;
1713 				(*pos)++;
1714 				ok = process_proxy_cond_multipliers(letters,
1715 				    cond, cond_end, pos, indent + 1);
1716 				cond = *cond_end;
1717 				if (ok < 0)
1718 					break;
1719 
1720 				switch (c) {
1721 				case '|':
1722 					ok |= save_ok;
1723 					break;
1724 				default:
1725 					fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
1726 					    " STOPPING\n");
1727 					exit(1);
1728 				}
1729 			}
1730 			break;
1731 		default:
1732 			goto end;
1733 		}
1734 	}
1735 end:
1736 	if (debug)
1737 		process_proxy_debug(indent,
1738 		    "End process_proxy_cond_adders at position %d: %s, returning %d\n",
1739 		    *pos, cond, ok);
1740 
1741 	*cond_end = cond;
1742 	return ok;
1743 }
1744 
1745 static int
1746 process_proxy_cond(unsigned int letters[26], const char *cond,
1747     const char **cond_end)
1748 {
1749 	int pos = 1;
1750 	return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
1751 }
1752 
1753 static int
1754 app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1755 {
1756 	int ok = 1;
1757 	struct app_verify_arg *cb_arg = arg;
1758 	unsigned int letters[26]; /* only used with proxy_auth */
1759 
1760 	if (cb_arg->app_verify) {
1761 		X509 *xs;
1762 		char *s = NULL, buf[256];
1763 
1764 		xs = X509_STORE_CTX_get0_cert(ctx);
1765 		fprintf(stderr, "In app_verify_callback, allowing cert. ");
1766 		fprintf(stderr, "Arg is: %s\n", cb_arg->string);
1767 		fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1768 		    (void *)ctx, (void *)xs);
1769 		if (xs)
1770 			s = X509_NAME_oneline(X509_get_subject_name(xs), buf, 256);
1771 		if (s != NULL) {
1772 			fprintf(stderr, "cert depth=%d %s\n",
1773 			    X509_STORE_CTX_get_error_depth(ctx), buf);
1774 		}
1775 		return (1);
1776 	}
1777 	if (cb_arg->proxy_auth) {
1778 		int found_any = 0, i;
1779 		char *sp;
1780 
1781 		for (i = 0; i < 26; i++)
1782 			letters[i] = 0;
1783 		for (sp = cb_arg->proxy_auth; *sp; sp++) {
1784 			int c = *sp;
1785 			if (isascii(c) && isalpha(c)) {
1786 				if (islower(c))
1787 					c = toupper(c);
1788 				letters[c - 'A'] = 1;
1789 			}
1790 		}
1791 
1792 		fprintf(stderr, "  Initial proxy rights = ");
1793 		for (i = 0; i < 26; i++)
1794 			if (letters[i]) {
1795 			fprintf(stderr, "%c", i + 'A');
1796 			found_any = 1;
1797 		}
1798 		if (!found_any)
1799 			fprintf(stderr, "none");
1800 		fprintf(stderr, "\n");
1801 
1802 		X509_STORE_CTX_set_ex_data(ctx,
1803 		    get_proxy_auth_ex_data_idx(), letters);
1804 	}
1805 	if (cb_arg->allow_proxy_certs) {
1806 		X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
1807 	}
1808 
1809 	ok = X509_verify_cert(ctx);
1810 
1811 	if (cb_arg->proxy_auth) {
1812 		if (ok > 0) {
1813 			const char *cond_end = NULL;
1814 
1815 			ok = process_proxy_cond(letters,
1816 			    cb_arg->proxy_cond, &cond_end);
1817 
1818 			if (ok < 0)
1819 				exit(3);
1820 			if (*cond_end) {
1821 				fprintf(stderr, "Stopped processing condition before it's end.\n");
1822 				ok = 0;
1823 			}
1824 			if (!ok)
1825 				fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
1826 				    cb_arg->proxy_cond);
1827 			else
1828 				fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
1829 				    cb_arg->proxy_cond);
1830 		}
1831 	}
1832 	return (ok);
1833 }
1834 
1835 /* These DH parameters have been generated as follows:
1836  *    $ openssl dhparam -C -noout 1024
1837  *    $ openssl dhparam -C -noout -dsaparam 1024
1838  * (The second function has been renamed to avoid name conflicts.)
1839  */
1840 static DH *
1841 get_dh1024()
1842 {
1843 	static unsigned char dh1024_p[] = {
1844 		0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A,
1845 		0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2,
1846 		0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0,
1847 		0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2,
1848 		0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C,
1849 		0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8,
1850 		0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52,
1851 		0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1,
1852 		0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1,
1853 		0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB,
1854 		0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
1855 	};
1856 	static unsigned char dh1024_g[] = {
1857 		0x02,
1858 	};
1859 	DH *dh;
1860 
1861 	if ((dh = DH_new()) == NULL)
1862 		return (NULL);
1863 	dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1864 	dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1865 	if ((dh->p == NULL) || (dh->g == NULL)) {
1866 		DH_free(dh);
1867 		return (NULL);
1868 	}
1869 	return (dh);
1870 }
1871 
1872 static DH *
1873 get_dh1024dsa()
1874 {
1875 	static unsigned char dh1024_p[] = {
1876 		0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
1877 		0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
1878 		0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
1879 		0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
1880 		0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
1881 		0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
1882 		0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
1883 		0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
1884 		0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
1885 		0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
1886 		0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
1887 	};
1888 	static unsigned char dh1024_g[] = {
1889 		0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
1890 		0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
1891 		0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
1892 		0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
1893 		0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
1894 		0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
1895 		0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
1896 		0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
1897 		0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
1898 		0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
1899 		0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
1900 	};
1901 	DH *dh;
1902 
1903 	if ((dh = DH_new()) == NULL)
1904 		return (NULL);
1905 	dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1906 	dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1907 	if ((dh->p == NULL) || (dh->g == NULL)) {
1908 		DH_free(dh);
1909 		return (NULL);
1910 	}
1911 	dh->length = 160;
1912 	return (dh);
1913 }
1914