const char *RAND_file_name(char *buf, size_t size)
{
char *s=NULL;
int ok = 0;
#ifdef __OpenBSD__
struct stat sb;
#endif
if (OPENSSL_issetugid() == 0)
s=getenv("RANDFILE");
if (s != NULL && *s && strlen(s) + 1 < size)
{
if (BUF_strlcpy(buf,s,size) >= size)
return NULL;
}
else
{
if (OPENSSL_issetugid() == 0)
s=getenv("HOME");
#ifdef DEFAULT_HOME
if (s == NULL)
{
s = DEFAULT_HOME;
}
#endif
if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
{
BUF_strlcpy(buf,s,size);
#ifndef OPENSSL_SYS_VMS
BUF_strlcat(buf,"/",size);
#endif
BUF_strlcat(buf,RFILE,size);
ok = 1;
}
else
buf[0] = '\0'; /* no file name */
}
#ifdef __OpenBSD__
/* given that all random loads just fail if the file can't be
* seen on a stat, we stat the file we're returning, if it
* fails, use /dev/arandom instead. this allows the user to
* use their own source for good random data, but defaults
* to something hopefully decent if that isn't available.
*/
if (!ok)
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
if (stat(buf,&sb) == -1)
if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
return(NULL);
}
#endif
return(buf);
}
int main(int argc, char *argv[])
{
char *CApath = NULL, *CAfile = NULL;
int badop = 0;
int ret = 1;
int client_auth = 0;
int server_auth = 0;
SSL_CTX *s_ctx = NULL;
SSL_CTX *c_ctx = NULL;
char *scert = TEST_SERVER_CERT;
char *ccert = TEST_CLIENT_CERT;
SSL_METHOD *ssl_method = SSLv23_method();
RAND_seed(rnd_seed, sizeof rnd_seed);
if (bio_err == NULL)
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (bio_stdout == NULL)
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
argc--;
argv++;
while (argc >= 1) {
if (sgx_strcmp(*argv, "-server_auth") == 0)
server_auth = 1;
else if (sgx_strcmp(*argv, "-client_auth") == 0)
client_auth = 1;
else if (sgx_strcmp(*argv, "-reconnect") == 0)
reconnect = 1;
else if (sgx_strcmp(*argv, "-stats") == 0)
cache_stats = 1;
else if (sgx_strcmp(*argv, "-ssl3") == 0)
ssl_method = SSLv3_method();
else if (sgx_strcmp(*argv, "-ssl2") == 0)
ssl_method = SSLv2_method();
else if (sgx_strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
CApath = *(++argv);
} else if (sgx_strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
} else if (sgx_strcmp(*argv, "-cert") == 0) {
if (--argc < 1)
goto bad;
scert = *(++argv);
} else if (sgx_strcmp(*argv, "-ccert") == 0) {
if (--argc < 1)
goto bad;
ccert = *(++argv);
} else if (sgx_strcmp(*argv, "-threads") == 0) {
if (--argc < 1)
goto bad;
thread_number = atoi(*(++argv));
if (thread_number == 0)
thread_number = 1;
if (thread_number > MAX_THREAD_NUMBER)
thread_number = MAX_THREAD_NUMBER;
} else if (sgx_strcmp(*argv, "-loops") == 0) {
if (--argc < 1)
goto bad;
number_of_loops = atoi(*(++argv));
if (number_of_loops == 0)
number_of_loops = 1;
} else {
fprintf(stderr, "unknown option %s\n", *argv);
badop = 1;
break;
}
argc--;
argv++;
}
if (badop) {
bad:
sv_usage();
goto end;
}
if (cipher == NULL && OPENSSL_issetugid() == 0)
cipher = getenv("SSL_CIPHER");
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
c_ctx = SSL_CTX_new(ssl_method);
s_ctx = SSL_CTX_new(ssl_method);
if ((c_ctx == NULL) || (s_ctx == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
SSL_CTX_set_session_cache_mode(s_ctx,
SSL_SESS_CACHE_NO_AUTO_CLEAR |
SSL_SESS_CACHE_SERVER);
SSL_CTX_set_session_cache_mode(c_ctx,
SSL_SESS_CACHE_NO_AUTO_CLEAR |
SSL_SESS_CACHE_SERVER);
if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
} else
if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
ERR_print_errors(bio_err);
goto end;
}
if (client_auth) {
SSL_CTX_use_certificate_file(c_ctx, ccert, SSL_FILETYPE_PEM);
SSL_CTX_use_RSAPrivateKey_file(c_ctx, ccert, SSL_FILETYPE_PEM);
}
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
fprintf(stderr, "SSL_load_verify_locations\n");
ERR_print_errors(bio_err);
goto end;
}
if (client_auth) {
fprintf(stderr, "client authentication\n");
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
}
if (server_auth) {
fprintf(stderr, "server authentication\n");
SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
}
thread_setup();
do_threads(s_ctx, c_ctx);
thread_cleanup();
end:
if (c_ctx != NULL) {
fprintf(stderr, "Client SSL_CTX stats then free it\n");
print_stats(stderr, c_ctx);
SSL_CTX_free(c_ctx);
}
if (s_ctx != NULL) {
fprintf(stderr, "Server SSL_CTX stats then free it\n");
print_stats(stderr, s_ctx);
if (cache_stats) {
fprintf(stderr, "-----\n");
lh_stats(SSL_CTX_sessions(s_ctx), stderr);
fprintf(stderr, "-----\n");
/*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
fprintf(stderr,"-----\n"); */
lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr);
fprintf(stderr, "-----\n");
}
SSL_CTX_free(s_ctx);
fprintf(stderr, "done free\n");
}
exit(ret);
return (0);
}
const char *RAND_file_name(char *buf, size_t size)
{
char *s = NULL;
int use_randfile = 1;
#ifdef __OpenBSD__
struct stat sb;
#endif
#if defined(_WIN32) && defined(CP_UTF8)
DWORD len;
WCHAR *var, *val;
if ((var = L"RANDFILE",
len = GetEnvironmentVariableW(var, NULL, 0)) == 0
&& (var = L"HOME", use_randfile = 0,
len = GetEnvironmentVariableW(var, NULL, 0)) == 0
&& (var = L"USERPROFILE",
len = GetEnvironmentVariableW(var, NULL, 0)) == 0) {
var = L"SYSTEMROOT",
len = GetEnvironmentVariableW(var, NULL, 0);
}
if (len != 0) {
int sz;
val = _alloca(len * sizeof(WCHAR));
if (GetEnvironmentVariableW(var, val, len) < len
&& (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
NULL, NULL)) != 0) {
s = _alloca(sz);
if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
NULL, NULL) == 0)
s = NULL;
}
}
#else
if (OPENSSL_issetugid() != 0) {
use_randfile = 0;
} else {
s = getenv("RANDFILE");
if (s == NULL || *s == '\0') {
use_randfile = 0;
s = getenv("HOME");
}
}
#endif
#ifdef DEFAULT_HOME
if (!use_randfile && s == NULL) {
s = DEFAULT_HOME;
}
#endif
if (s != NULL && *s) {
size_t len = strlen(s);
if (use_randfile && len + 1 < size) {
if (OPENSSL_strlcpy(buf, s, size) >= size)
return NULL;
} else if (len + strlen(RFILE) + 2 < size) {
OPENSSL_strlcpy(buf, s, size);
#ifndef OPENSSL_SYS_VMS
OPENSSL_strlcat(buf, "/", size);
#endif
OPENSSL_strlcat(buf, RFILE, size);
}
} else {
buf[0] = '\0'; /* no file name */
}
#ifdef __OpenBSD__
/*
* given that all random loads just fail if the file can't be seen on a
* stat, we stat the file we're returning, if it fails, use /dev/arandom
* instead. this allows the user to use their own source for good random
* data, but defaults to something hopefully decent if that isn't
* available.
*/
if (!buf[0] || stat(buf, &sb) == -1)
if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) {
return NULL;
}
#endif
return buf[0] ? buf : NULL;
}
