const char *RAND_file_name(char *buf, size_t size) { char *s=NULL; int ok = 0; #ifdef __OpenBSD__ struct stat sb; #endif if (OPENSSL_issetugid() == 0) s=getenv("RANDFILE"); if (s != NULL && *s && strlen(s) + 1 < size) { if (BUF_strlcpy(buf,s,size) >= size) return NULL; } else { if (OPENSSL_issetugid() == 0) s=getenv("HOME"); #ifdef DEFAULT_HOME if (s == NULL) { s = DEFAULT_HOME; } #endif if (s && *s && strlen(s)+strlen(RFILE)+2 < size) { BUF_strlcpy(buf,s,size); #ifndef OPENSSL_SYS_VMS BUF_strlcat(buf,"/",size); #endif BUF_strlcat(buf,RFILE,size); ok = 1; } else buf[0] = '\0'; /* no file name */ } #ifdef __OpenBSD__ /* given that all random loads just fail if the file can't be * seen on a stat, we stat the file we're returning, if it * fails, use /dev/arandom instead. this allows the user to * use their own source for good random data, but defaults * to something hopefully decent if that isn't available. */ if (!ok) if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { return(NULL); } if (stat(buf,&sb) == -1) if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) { return(NULL); } #endif return(buf); }
int main(int argc, char *argv[]) { char *CApath = NULL, *CAfile = NULL; int badop = 0; int ret = 1; int client_auth = 0; int server_auth = 0; SSL_CTX *s_ctx = NULL; SSL_CTX *c_ctx = NULL; char *scert = TEST_SERVER_CERT; char *ccert = TEST_CLIENT_CERT; SSL_METHOD *ssl_method = SSLv23_method(); RAND_seed(rnd_seed, sizeof rnd_seed); if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (bio_stdout == NULL) bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE); argc--; argv++; while (argc >= 1) { if (sgx_strcmp(*argv, "-server_auth") == 0) server_auth = 1; else if (sgx_strcmp(*argv, "-client_auth") == 0) client_auth = 1; else if (sgx_strcmp(*argv, "-reconnect") == 0) reconnect = 1; else if (sgx_strcmp(*argv, "-stats") == 0) cache_stats = 1; else if (sgx_strcmp(*argv, "-ssl3") == 0) ssl_method = SSLv3_method(); else if (sgx_strcmp(*argv, "-ssl2") == 0) ssl_method = SSLv2_method(); else if (sgx_strcmp(*argv, "-CApath") == 0) { if (--argc < 1) goto bad; CApath = *(++argv); } else if (sgx_strcmp(*argv, "-CAfile") == 0) { if (--argc < 1) goto bad; CAfile = *(++argv); } else if (sgx_strcmp(*argv, "-cert") == 0) { if (--argc < 1) goto bad; scert = *(++argv); } else if (sgx_strcmp(*argv, "-ccert") == 0) { if (--argc < 1) goto bad; ccert = *(++argv); } else if (sgx_strcmp(*argv, "-threads") == 0) { if (--argc < 1) goto bad; thread_number = atoi(*(++argv)); if (thread_number == 0) thread_number = 1; if (thread_number > MAX_THREAD_NUMBER) thread_number = MAX_THREAD_NUMBER; } else if (sgx_strcmp(*argv, "-loops") == 0) { if (--argc < 1) goto bad; number_of_loops = atoi(*(++argv)); if (number_of_loops == 0) number_of_loops = 1; } else { fprintf(stderr, "unknown option %s\n", *argv); badop = 1; break; } argc--; argv++; } if (badop) { bad: sv_usage(); goto end; } if (cipher == NULL && OPENSSL_issetugid() == 0) cipher = getenv("SSL_CIPHER"); SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); c_ctx = SSL_CTX_new(ssl_method); s_ctx = SSL_CTX_new(ssl_method); if ((c_ctx == NULL) || (s_ctx == NULL)) { ERR_print_errors(bio_err); goto end; } SSL_CTX_set_session_cache_mode(s_ctx, SSL_SESS_CACHE_NO_AUTO_CLEAR | SSL_SESS_CACHE_SERVER); SSL_CTX_set_session_cache_mode(c_ctx, SSL_SESS_CACHE_NO_AUTO_CLEAR | SSL_SESS_CACHE_SERVER); if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); } else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); goto end; } if (client_auth) { SSL_CTX_use_certificate_file(c_ctx, ccert, SSL_FILETYPE_PEM); SSL_CTX_use_RSAPrivateKey_file(c_ctx, ccert, SSL_FILETYPE_PEM); } if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(s_ctx)) || (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(c_ctx))) { fprintf(stderr, "SSL_load_verify_locations\n"); ERR_print_errors(bio_err); goto end; } if (client_auth) { fprintf(stderr, "client authentication\n"); SSL_CTX_set_verify(s_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_callback); } if (server_auth) { fprintf(stderr, "server authentication\n"); SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback); } thread_setup(); do_threads(s_ctx, c_ctx); thread_cleanup(); end: if (c_ctx != NULL) { fprintf(stderr, "Client SSL_CTX stats then free it\n"); print_stats(stderr, c_ctx); SSL_CTX_free(c_ctx); } if (s_ctx != NULL) { fprintf(stderr, "Server SSL_CTX stats then free it\n"); print_stats(stderr, s_ctx); if (cache_stats) { fprintf(stderr, "-----\n"); lh_stats(SSL_CTX_sessions(s_ctx), stderr); fprintf(stderr, "-----\n"); /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); fprintf(stderr,"-----\n"); */ lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr); fprintf(stderr, "-----\n"); } SSL_CTX_free(s_ctx); fprintf(stderr, "done free\n"); } exit(ret); return (0); }
const char *RAND_file_name(char *buf, size_t size) { char *s = NULL; int use_randfile = 1; #ifdef __OpenBSD__ struct stat sb; #endif #if defined(_WIN32) && defined(CP_UTF8) DWORD len; WCHAR *var, *val; if ((var = L"RANDFILE", len = GetEnvironmentVariableW(var, NULL, 0)) == 0 && (var = L"HOME", use_randfile = 0, len = GetEnvironmentVariableW(var, NULL, 0)) == 0 && (var = L"USERPROFILE", len = GetEnvironmentVariableW(var, NULL, 0)) == 0) { var = L"SYSTEMROOT", len = GetEnvironmentVariableW(var, NULL, 0); } if (len != 0) { int sz; val = _alloca(len * sizeof(WCHAR)); if (GetEnvironmentVariableW(var, val, len) < len && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, NULL, NULL)) != 0) { s = _alloca(sz); if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, NULL, NULL) == 0) s = NULL; } } #else if (OPENSSL_issetugid() != 0) { use_randfile = 0; } else { s = getenv("RANDFILE"); if (s == NULL || *s == '\0') { use_randfile = 0; s = getenv("HOME"); } } #endif #ifdef DEFAULT_HOME if (!use_randfile && s == NULL) { s = DEFAULT_HOME; } #endif if (s != NULL && *s) { size_t len = strlen(s); if (use_randfile && len + 1 < size) { if (OPENSSL_strlcpy(buf, s, size) >= size) return NULL; } else if (len + strlen(RFILE) + 2 < size) { OPENSSL_strlcpy(buf, s, size); #ifndef OPENSSL_SYS_VMS OPENSSL_strlcat(buf, "/", size); #endif OPENSSL_strlcat(buf, RFILE, size); } } else { buf[0] = '\0'; /* no file name */ } #ifdef __OpenBSD__ /* * given that all random loads just fail if the file can't be seen on a * stat, we stat the file we're returning, if it fails, use /dev/arandom * instead. this allows the user to use their own source for good random * data, but defaults to something hopefully decent if that isn't * available. */ if (!buf[0] || stat(buf, &sb) == -1) if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) { return NULL; } #endif return buf[0] ? buf : NULL; }