Fix comments, add new test.
[openssl.git] / ssl / ssltest.c
1 /* ssl/ssltest.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 /* ====================================================================
59  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
60  *
61  * Redistribution and use in source and binary forms, with or without
62  * modification, are permitted provided that the following conditions
63  * are met:
64  *
65  * 1. Redistributions of source code must retain the above copyright
66  *    notice, this list of conditions and the following disclaimer. 
67  *
68  * 2. Redistributions in binary form must reproduce the above copyright
69  *    notice, this list of conditions and the following disclaimer in
70  *    the documentation and/or other materials provided with the
71  *    distribution.
72  *
73  * 3. All advertising materials mentioning features or use of this
74  *    software must display the following acknowledgment:
75  *    "This product includes software developed by the OpenSSL Project
76  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77  *
78  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79  *    endorse or promote products derived from this software without
80  *    prior written permission. For written permission, please contact
81  *    openssl-core@openssl.org.
82  *
83  * 5. Products derived from this software may not be called "OpenSSL"
84  *    nor may "OpenSSL" appear in their names without prior written
85  *    permission of the OpenSSL Project.
86  *
87  * 6. Redistributions of any form whatsoever must retain the following
88  *    acknowledgment:
89  *    "This product includes software developed by the OpenSSL Project
90  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91  *
92  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
96  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103  * OF THE POSSIBILITY OF SUCH DAMAGE.
104  * ====================================================================
105  *
106  * This product includes cryptographic software written by Eric Young
107  * (eay@cryptsoft.com).  This product includes software written by Tim
108  * Hudson (tjh@cryptsoft.com).
109  *
110  */
111 /* ====================================================================
112  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113  * ECC cipher suite support in OpenSSL originally developed by 
114  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115  */
116 /* ====================================================================
117  * Copyright 2005 Nokia. All rights reserved.
118  *
119  * The portions of the attached software ("Contribution") is developed by
120  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121  * license.
122  *
123  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125  * support (see RFC 4279) to OpenSSL.
126  *
127  * No patent licenses or other rights except those expressly stated in
128  * the OpenSSL open source license shall be deemed granted or received
129  * expressly, by implication, estoppel, or otherwise.
130  *
131  * No assurances are provided by Nokia that the Contribution does not
132  * infringe the patent or other intellectual property rights of any third
133  * party or that the license provides you with all the necessary rights
134  * to make use of the Contribution.
135  *
136  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140  * OTHERWISE.
141  */
142
143 #define _BSD_SOURCE 1           /* Or gethostname won't be declared properly
144                                    on Linux and GNU platforms. */
145
146 #include <assert.h>
147 #include <errno.h>
148 #include <limits.h>
149 #include <stdio.h>
150 #include <stdlib.h>
151 #include <string.h>
152 #include <time.h>
153
154 #define USE_SOCKETS
155 #include "e_os.h"
156
157 #ifdef OPENSSL_SYS_VMS
158 #define _XOPEN_SOURCE 500       /* Or isascii won't be declared properly on
159                                    VMS (at least with DECompHP C).  */
160 #endif
161
162 #include <ctype.h>
163
164 #include <openssl/bio.h>
165 #include <openssl/crypto.h>
166 #include <openssl/evp.h>
167 #include <openssl/x509.h>
168 #include <openssl/x509v3.h>
169 #include <openssl/ssl.h>
170 #ifndef OPENSSL_NO_ENGINE
171 #include <openssl/engine.h>
172 #endif
173 #include <openssl/err.h>
174 #include <openssl/rand.h>
175 #ifndef OPENSSL_NO_RSA
176 #include <openssl/rsa.h>
177 #endif
178 #ifndef OPENSSL_NO_DSA
179 #include <openssl/dsa.h>
180 #endif
181 #ifndef OPENSSL_NO_DH
182 #include <openssl/dh.h>
183 #endif
184 #ifndef OPENSSL_NO_SRP
185 #include <openssl/srp.h>
186 #endif
187 #include <openssl/bn.h>
188
189 #define _XOPEN_SOURCE_EXTENDED  1 /* Or gethostname won't be declared properly
190                                      on Compaq platforms (at least with DEC C).
191                                      Do not try to put it earlier, or IPv6 includes
192                                      get screwed...
193                                   */
194
195 #ifdef OPENSSL_SYS_WINDOWS
196 #include <winsock.h>
197 #else
198 #include OPENSSL_UNISTD
199 #endif
200
201 #ifdef OPENSSL_SYS_VMS
202 #  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
203 #  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
204 #elif defined(OPENSSL_SYS_WINCE)
205 #  define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
206 #  define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
207 #elif defined(OPENSSL_SYS_NETWARE)
208 #  define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
209 #  define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
210 #else
211 #  define TEST_SERVER_CERT "../apps/server.pem"
212 #  define TEST_CLIENT_CERT "../apps/client.pem"
213 #endif
214
215 /* There is really no standard for this, so let's assign some tentative
216    numbers.  In any case, these numbers are only for this test */
217 #define COMP_RLE        255
218 #define COMP_ZLIB       1
219
220 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
221 #ifndef OPENSSL_NO_RSA
222 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
223 static void free_tmp_rsa(void);
224 #endif
225 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
226 #define APP_CALLBACK_STRING "Test Callback Argument"
227 struct app_verify_arg
228         {
229         char *string;
230         int app_verify;
231         int allow_proxy_certs;
232         char *proxy_auth;
233         char *proxy_cond;
234         };
235
236 #ifndef OPENSSL_NO_DH
237 static DH *get_dh512(void);
238 static DH *get_dh1024(void);
239 static DH *get_dh1024dsa(void);
240 #endif
241
242
243 static char *psk_key=NULL; /* by default PSK is not used */
244 #ifndef OPENSSL_NO_PSK
245 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
246         unsigned int max_identity_len, unsigned char *psk,
247         unsigned int max_psk_len);
248 static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
249         unsigned int max_psk_len);
250 #endif
251
252 #ifndef OPENSSL_NO_SRP
253 /* SRP client */
254 /* This is a context that we pass to all callbacks */
255 typedef struct srp_client_arg_st
256         {
257         char *srppassin;
258         char *srplogin;
259         } SRP_CLIENT_ARG;
260
261 #define PWD_STRLEN 1024
262
263 static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
264         {
265         SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
266         return BUF_strdup((char *)srp_client_arg->srppassin);
267         }
268
269 /* SRP server */
270 /* This is a context that we pass to SRP server callbacks */
271 typedef struct srp_server_arg_st
272         {
273         char *expected_user;
274         char *pass;
275         } SRP_SERVER_ARG;
276
277 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
278         {
279         SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg;
280
281         if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0)
282                 {
283                 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
284                 return SSL3_AL_FATAL;
285                 }
286         if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0)
287                 {
288                 *ad = SSL_AD_INTERNAL_ERROR;
289                 return SSL3_AL_FATAL;
290                 }
291         return SSL_ERROR_NONE;
292         }
293 #endif
294
295 static BIO *bio_err=NULL;
296 static BIO *bio_stdout=NULL;
297
298 #ifndef OPENSSL_NO_NEXTPROTONEG
299 /* Note that this code assumes that this is only a one element list: */
300 static const char NEXT_PROTO_STRING[] = "\x09testproto";
301 int npn_client = 0;
302 int npn_server = 0;
303 int npn_server_reject = 0;
304
305 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
306         {
307         /* This callback only returns the protocol string, rather than a length
308            prefixed set. We assume that NEXT_PROTO_STRING is a one element list and
309            remove the first byte to chop off the length prefix. */
310         *out = (unsigned char*) NEXT_PROTO_STRING + 1;
311         *outlen = sizeof(NEXT_PROTO_STRING) - 2;
312         return SSL_TLSEXT_ERR_OK;
313         }
314
315 static int cb_server_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
316         {
317         *data = (const unsigned char *) NEXT_PROTO_STRING;
318         *len = sizeof(NEXT_PROTO_STRING) - 1;
319         return SSL_TLSEXT_ERR_OK;
320         }
321
322 static int cb_server_rejects_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
323         {
324         return SSL_TLSEXT_ERR_NOACK;
325         }
326
327 static int verify_npn(SSL *client, SSL *server)
328         {
329         const unsigned char *client_s;
330         unsigned client_len;
331         const unsigned char *server_s;
332         unsigned server_len;
333
334         SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
335         SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
336
337         if (client_len)
338                 {
339                 BIO_printf(bio_stdout, "Client NPN: ");
340                 BIO_write(bio_stdout, client_s, client_len);
341                 BIO_printf(bio_stdout, "\n");
342                 }
343
344         if (server_len)
345                 {
346                 BIO_printf(bio_stdout, "Server NPN: ");
347                 BIO_write(bio_stdout, server_s, server_len);
348                 BIO_printf(bio_stdout, "\n");
349                 }
350
351         /* If an NPN string was returned, it must be the protocol that we
352          * expected to negotiate. */
353         if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
354                            memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
355                 return -1;
356         if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
357                            memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
358                 return -1;
359
360         if (!npn_client && client_len)
361                 return -1;
362         if (!npn_server && server_len)
363                 return -1;
364         if (npn_server_reject && server_len)
365                 return -1;
366         if (npn_client && npn_server && (!client_len || !server_len))
367                 return -1;
368
369         return 0;
370         }
371 #endif
372
373 static const char *alpn_client;
374 static const char *alpn_server;
375 static const char *alpn_expected;
376 static unsigned char *alpn_selected;
377
378 /* next_protos_parse parses a comma separated list of strings into a string
379  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
380  *   outlen: (output) set to the length of the resulting buffer on success.
381  *   err: (maybe NULL) on failure, an error message line is written to this BIO.
382  *   in: a NUL termianted string like "abc,def,ghi"
383  *
384  *   returns: a malloced buffer or NULL on failure.
385  */
386 static unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
387         {
388         size_t len;
389         unsigned char *out;
390         size_t i, start = 0;
391
392         len = strlen(in);
393         if (len >= 65535)
394                 return NULL;
395
396         out = OPENSSL_malloc(strlen(in) + 1);
397         if (!out)
398                 return NULL;
399
400         for (i = 0; i <= len; ++i)
401                 {
402                 if (i == len || in[i] == ',')
403                         {
404                         if (i - start > 255)
405                                 {
406                                 OPENSSL_free(out);
407                                 return NULL;
408                                 }
409                         out[start] = i - start;
410                         start = i + 1;
411                         }
412                 else
413                         out[i+1] = in[i];
414                 }
415
416         *outlen = len + 1;
417         return out;
418         }
419
420 static int cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
421         {
422         unsigned char *protos;
423         unsigned short protos_len;
424
425         protos = next_protos_parse(&protos_len, alpn_server);
426         if (protos == NULL)
427                 {
428                 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", alpn_server);
429                 abort();
430                 }
431
432         if (SSL_select_next_proto((unsigned char**) out, outlen, protos, protos_len, in, inlen) !=
433             OPENSSL_NPN_NEGOTIATED)
434                 {
435                 OPENSSL_free(protos);
436                 return SSL_TLSEXT_ERR_NOACK;
437                 }
438
439         /* Make a copy of the selected protocol which will be freed in verify_alpn. */
440         alpn_selected = OPENSSL_malloc(*outlen);
441         memcpy(alpn_selected, *out, *outlen);
442         *out = alpn_selected;
443
444         OPENSSL_free(protos);
445         return SSL_TLSEXT_ERR_OK;
446         }
447
448 static int verify_alpn(SSL *client, SSL *server)
449         {
450         const unsigned char *client_proto, *server_proto;
451         unsigned int client_proto_len = 0, server_proto_len = 0;
452         SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
453         SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
454
455         if (alpn_selected != NULL)
456                 {
457                 OPENSSL_free(alpn_selected);
458                 alpn_selected = NULL;
459                 }
460
461         if (client_proto_len != server_proto_len ||
462             memcmp(client_proto, server_proto, client_proto_len) != 0)
463                 {
464                 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
465                 goto err;
466                 }
467
468         if (client_proto_len > 0 && alpn_expected == NULL)
469                 {
470                 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
471                 goto err;
472                 }
473
474         if (alpn_expected != NULL &&
475             (client_proto_len != strlen(alpn_expected) ||
476              memcmp(client_proto, alpn_expected, client_proto_len) != 0))
477                 {
478                 BIO_printf(bio_stdout, "ALPN selected protocols not equal to expected protocol: %s\n", alpn_expected);
479                 goto err;
480                 }
481
482         return 0;
483
484 err:
485         BIO_printf(bio_stdout, "ALPN results: client: '");
486         BIO_write(bio_stdout, client_proto, client_proto_len);
487         BIO_printf(bio_stdout, "', server: '");
488         BIO_write(bio_stdout, server_proto, server_proto_len);
489         BIO_printf(bio_stdout, "'\n");
490         BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", alpn_client, alpn_server);
491         return -1;
492         }
493
494 #define SCT_EXT_TYPE 18
495
496 /* WARNING : below extension types are *NOT* IETF assigned, and 
497    could conflict if these types are reassigned and handled 
498    specially by OpenSSL in the future */
499 #define TACK_EXT_TYPE 62208
500 #define CUSTOM_EXT_TYPE_0 1000
501 #define CUSTOM_EXT_TYPE_1 1001
502 #define CUSTOM_EXT_TYPE_2 1002
503 #define CUSTOM_EXT_TYPE_3 1003
504
505 const char custom_ext_cli_string[] = "abc";
506 const char custom_ext_srv_string[] = "defg";
507
508 /* These set from cmdline */
509 char* serverinfo_file = NULL;
510 int serverinfo_sct = 0;
511 int serverinfo_tack = 0;
512
513 /* These set based on extension callbacks */
514 int serverinfo_sct_seen = 0;
515 int serverinfo_tack_seen = 0;
516 int serverinfo_other_seen = 0;
517
518 /* This set from cmdline */
519 int custom_ext = 0;
520
521 /* This set based on extension callbacks */
522 int custom_ext_error = 0;
523
524 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
525                                    const unsigned char *in, size_t inlen, 
526                                    int *al, void *arg)
527         {
528         if (ext_type == SCT_EXT_TYPE)
529                 serverinfo_sct_seen++;
530         else if (ext_type == TACK_EXT_TYPE)
531                 serverinfo_tack_seen++;
532         else
533                 serverinfo_other_seen++;
534         return 1;
535         }
536
537 static int verify_serverinfo()
538         {
539         if (serverinfo_sct != serverinfo_sct_seen)
540                 return -1;
541         if (serverinfo_tack != serverinfo_tack_seen)
542                 return -1;
543         if (serverinfo_other_seen)
544                 return -1;
545         return 0;
546         }
547
548 /* Four test cases for custom extensions:
549  * 0 - no ClientHello extension or ServerHello response
550  * 1 - ClientHello with "abc", no response
551  * 2 - ClientHello with "abc", empty response
552  * 3 - ClientHello with "abc", "defg" response
553  */
554
555 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
556                                      const unsigned char **out,
557                                      size_t *outlen, int *al, void *arg)
558         {
559         if (ext_type != CUSTOM_EXT_TYPE_0)
560                 custom_ext_error = 1;
561         return 0;  /* Don't send an extension */
562         }
563
564 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
565                                       const unsigned char *in,
566                                       size_t inlen, int *al,
567                                       void *arg)
568         {
569         return 1;
570         }
571
572 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
573                                      const unsigned char **out,
574                                      size_t *outlen, int *al, void *arg)
575         {
576         if (ext_type != CUSTOM_EXT_TYPE_1)
577                 custom_ext_error = 1;
578         *out = (const unsigned char*)custom_ext_cli_string;
579         *outlen = strlen(custom_ext_cli_string);
580         return 1; /* Send "abc" */
581         }
582
583 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
584                                       const unsigned char *in,
585                                       size_t inlen, int *al,
586                                       void *arg)
587         {
588         return 1;
589         }
590
591 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
592                                      const unsigned char **out,
593                                      size_t *outlen, int *al, void *arg)
594         {
595         if (ext_type != CUSTOM_EXT_TYPE_2)
596                 custom_ext_error = 1;
597         *out = (const unsigned char*)custom_ext_cli_string;
598         *outlen = strlen(custom_ext_cli_string);
599         return 1; /* Send "abc" */
600         }
601
602 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
603                                       const unsigned char *in,
604                                       size_t inlen, int *al,
605                                       void *arg)
606         {
607         if (ext_type != CUSTOM_EXT_TYPE_2)
608                 custom_ext_error = 1;
609         if (inlen != 0)
610                 custom_ext_error = 1; /* Should be empty response */
611         return 1;
612         }
613
614 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
615                                      const unsigned char **out,
616                                      size_t *outlen, int *al, void *arg)
617         {
618         if (ext_type != CUSTOM_EXT_TYPE_3)
619                 custom_ext_error = 1;
620         *out = (const unsigned char*)custom_ext_cli_string;
621         *outlen = strlen(custom_ext_cli_string);
622         return 1; /* Send "abc" */
623         }
624
625 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
626                                       const unsigned char *in,
627                                       size_t inlen, int *al,
628                                       void *arg)
629         {
630         if (ext_type != CUSTOM_EXT_TYPE_3)
631                 custom_ext_error = 1;
632         if (inlen != strlen(custom_ext_srv_string))
633                 custom_ext_error = 1;
634         if (memcmp(custom_ext_srv_string, in, inlen) != 0)
635                 custom_ext_error = 1; /* Check for "defg" */
636         return 1;
637         }
638
639 /* custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback for this extension */
640 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
641                                      const unsigned char *in,
642                                      size_t inlen, int *al,
643                                      void *arg)
644         {
645         custom_ext_error = 1;
646         return 1;
647         }
648
649 /* 'add' callbacks are only called if the 'parse' callback is called */
650 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
651                                       const unsigned char **out,
652                                       size_t *outlen, int *al, void *arg)
653         {
654         /* Error: should not have been called */
655         custom_ext_error = 1;
656         return 0; /* Don't send an extension */
657         }
658
659 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
660                                 const unsigned char *in,
661                                 size_t inlen, int *al,
662                                 void *arg)
663         {
664         if (ext_type != CUSTOM_EXT_TYPE_1)
665                 custom_ext_error = 1;           
666          /* Check for "abc" */
667         if (inlen != strlen(custom_ext_cli_string))
668                 custom_ext_error = 1;
669         if (memcmp(in, custom_ext_cli_string, inlen) != 0)
670                 custom_ext_error = 1;
671         return 1;
672         }
673
674 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
675                                       const unsigned char **out,
676                                       size_t *outlen, int *al, void *arg)
677         {
678         return 0; /* Don't send an extension */
679         }
680
681 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
682                                      const unsigned char *in,
683                                      size_t inlen, int *al,
684                                      void *arg)
685         {
686         if (ext_type != CUSTOM_EXT_TYPE_2)
687                 custom_ext_error = 1;           
688          /* Check for "abc" */
689         if (inlen != strlen(custom_ext_cli_string))
690                 custom_ext_error = 1;
691         if (memcmp(in, custom_ext_cli_string, inlen) != 0)
692                 custom_ext_error = 1;
693         return 1;
694         }
695
696 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
697                                       const unsigned char **out,
698                                       size_t *outlen, int *al, void *arg)
699         {
700         *out = NULL;
701         *outlen = 0;
702         return 1; /* Send empty extension */
703         }
704
705 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
706                                      const unsigned char *in,
707                                      size_t inlen, int *al,
708                                      void *arg)
709         {
710         if (ext_type != CUSTOM_EXT_TYPE_3)
711                 custom_ext_error = 1;           
712          /* Check for "abc" */  
713         if (inlen != strlen(custom_ext_cli_string))
714                 custom_ext_error = 1;
715         if (memcmp(in, custom_ext_cli_string, inlen) != 0)
716                 custom_ext_error = 1;
717         return 1;
718         }
719
720 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
721                                       const unsigned char **out,
722                                       size_t *outlen, int *al, void *arg)
723         {
724         *out = (const unsigned char*)custom_ext_srv_string;
725         *outlen = strlen(custom_ext_srv_string);
726         return 1; /* Send "defg" */
727         }
728
729 static char *cipher=NULL;
730 static int verbose=0;
731 static int debug=0;
732 #if 0
733 /* Not used yet. */
734 #ifdef FIONBIO
735 static int s_nbio=0;
736 #endif
737 #endif
738
739 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
740
741 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
742 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
743 static int do_test_cipherlist(void);
744 static void sv_usage(void)
745         {
746         fprintf(stderr,"usage: ssltest [args ...]\n");
747         fprintf(stderr,"\n");
748 #ifdef OPENSSL_FIPS
749         fprintf(stderr,"-F             - run test in FIPS mode\n");
750 #endif
751         fprintf(stderr," -server_auth  - check server certificate\n");
752         fprintf(stderr," -client_auth  - do client authentication\n");
753         fprintf(stderr," -proxy        - allow proxy certificates\n");
754         fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
755         fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
756         fprintf(stderr," -v            - more output\n");
757         fprintf(stderr," -d            - debug output\n");
758         fprintf(stderr," -reuse        - use session-id reuse\n");
759         fprintf(stderr," -num <val>    - number of connections to perform\n");
760         fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
761 #ifndef OPENSSL_NO_DH
762         fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
763         fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
764         fprintf(stderr," -no_dhe       - disable DHE\n");
765 #endif
766 #ifndef OPENSSL_NO_ECDH
767         fprintf(stderr," -no_ecdhe     - disable ECDHE\n");
768 #endif
769 #ifndef OPENSSL_NO_PSK
770         fprintf(stderr," -psk arg      - PSK in hex (without 0x)\n");
771 #endif
772 #ifndef OPENSSL_NO_SRP
773         fprintf(stderr," -srpuser user  - SRP username to use\n");
774         fprintf(stderr," -srppass arg   - password for 'user'\n");
775 #endif
776 #ifndef OPENSSL_NO_SSL2
777         fprintf(stderr," -ssl2         - use SSLv2\n");
778 #endif
779 #ifndef OPENSSL_NO_SSL3
780         fprintf(stderr," -ssl3         - use SSLv3\n");
781 #endif
782 #ifndef OPENSSL_NO_TLS1
783         fprintf(stderr," -tls1         - use TLSv1\n");
784 #endif
785         fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
786         fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
787         fprintf(stderr," -cert arg     - Server certificate file\n");
788         fprintf(stderr," -key arg      - Server key file (default: same as -cert)\n");
789         fprintf(stderr," -c_cert arg   - Client certificate file\n");
790         fprintf(stderr," -c_key arg    - Client key file (default: same as -c_cert)\n");
791         fprintf(stderr," -cipher arg   - The cipher list\n");
792         fprintf(stderr," -bio_pair     - Use BIO pairs\n");
793         fprintf(stderr," -f            - Test even cases that can't work\n");
794         fprintf(stderr," -time         - measure processor time used by client and server\n");
795         fprintf(stderr," -zlib         - use zlib compression\n");
796         fprintf(stderr," -rle          - use rle compression\n");
797 #ifndef OPENSSL_NO_ECDH
798         fprintf(stderr," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
799                        "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
800                        "                 (default is sect163r2).\n");
801 #endif
802         fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
803 #ifndef OPENSSL_NO_NEXTPROTONEG
804         fprintf(stderr," -npn_client - have client side offer NPN\n");
805         fprintf(stderr," -npn_server - have server side offer NPN\n");
806         fprintf(stderr," -npn_server_reject - have server reject NPN\n");
807 #endif
808         fprintf(stderr," -serverinfo_file file - have server use this file\n");
809         fprintf(stderr," -serverinfo_sct  - have client offer and expect SCT\n");
810         fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
811         fprintf(stderr," -custom_ext - try various custom extension callbacks\n");
812         fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n");
813         fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n");
814         fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
815         }
816
817 static void print_details(SSL *c_ssl, const char *prefix)
818         {
819         const SSL_CIPHER *ciph;
820         X509 *cert;
821                 
822         ciph=SSL_get_current_cipher(c_ssl);
823         BIO_printf(bio_stdout,"%s%s, cipher %s %s",
824                 prefix,
825                 SSL_get_version(c_ssl),
826                 SSL_CIPHER_get_version(ciph),
827                 SSL_CIPHER_get_name(ciph));
828         cert=SSL_get_peer_certificate(c_ssl);
829         if (cert != NULL)
830                 {
831                 EVP_PKEY *pkey = X509_get_pubkey(cert);
832                 if (pkey != NULL)
833                         {
834                         if (0) 
835                                 ;
836 #ifndef OPENSSL_NO_RSA
837                         else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
838                                 && pkey->pkey.rsa->n != NULL)
839                                 {
840                                 BIO_printf(bio_stdout, ", %d bit RSA",
841                                         BN_num_bits(pkey->pkey.rsa->n));
842                                 }
843 #endif
844 #ifndef OPENSSL_NO_DSA
845                         else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
846                                 && pkey->pkey.dsa->p != NULL)
847                                 {
848                                 BIO_printf(bio_stdout, ", %d bit DSA",
849                                         BN_num_bits(pkey->pkey.dsa->p));
850                                 }
851 #endif
852                         EVP_PKEY_free(pkey);
853                         }
854                 X509_free(cert);
855                 }
856         /* The SSL API does not allow us to look at temporary RSA/DH keys,
857          * otherwise we should print their lengths too */
858         BIO_printf(bio_stdout,"\n");
859         }
860
861 static void lock_dbg_cb(int mode, int type, const char *file, int line)
862         {
863         static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
864         const char *errstr = NULL;
865         int rw;
866         
867         rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
868         if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
869                 {
870                 errstr = "invalid mode";
871                 goto err;
872                 }
873
874         if (type < 0 || type >= CRYPTO_NUM_LOCKS)
875                 {
876                 errstr = "type out of bounds";
877                 goto err;
878                 }
879
880         if (mode & CRYPTO_LOCK)
881                 {
882                 if (modes[type])
883                         {
884                         errstr = "already locked";
885                         /* must not happen in a single-threaded program
886                          * (would deadlock) */
887                         goto err;
888                         }
889
890                 modes[type] = rw;
891                 }
892         else if (mode & CRYPTO_UNLOCK)
893                 {
894                 if (!modes[type])
895                         {
896                         errstr = "not locked";
897                         goto err;
898                         }
899                 
900                 if (modes[type] != rw)
901                         {
902                         errstr = (rw == CRYPTO_READ) ?
903                                 "CRYPTO_r_unlock on write lock" :
904                                 "CRYPTO_w_unlock on read lock";
905                         }
906
907                 modes[type] = 0;
908                 }
909         else
910                 {
911                 errstr = "invalid mode";
912                 goto err;
913                 }
914
915  err:
916         if (errstr)
917                 {
918                 /* we cannot use bio_err here */
919                 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
920                         errstr, mode, type, file, line);
921                 }
922         }
923
924 #ifdef TLSEXT_TYPE_opaque_prf_input
925 struct cb_info_st { void *input; size_t len; int ret; };
926 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
927 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
928 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
929 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
930
931 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
932         {
933         struct cb_info_st *arg = arg_;
934
935         if (arg == NULL)
936                 return 1;
937         
938         if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
939                 return 0;
940         return arg->ret;
941         }
942 #endif
943
944 int main(int argc, char *argv[])
945         {
946         char *CApath=NULL,*CAfile=NULL;
947         int badop=0;
948         int bio_pair=0;
949         int force=0;
950         int tls1=0,ssl2=0,ssl3=0,ret=1;
951         int client_auth=0;
952         int server_auth=0,i;
953         struct app_verify_arg app_verify_arg =
954                 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
955         char *server_cert=TEST_SERVER_CERT;
956         char *server_key=NULL;
957         char *client_cert=TEST_CLIENT_CERT;
958         char *client_key=NULL;
959 #ifndef OPENSSL_NO_ECDH
960         char *named_curve = NULL;
961 #endif
962         SSL_CTX *s_ctx=NULL;
963         SSL_CTX *c_ctx=NULL;
964         const SSL_METHOD *meth=NULL;
965         SSL *c_ssl,*s_ssl;
966         int number=1,reuse=0;
967         long bytes=256L;
968 #ifndef OPENSSL_NO_DH
969         DH *dh;
970         int dhe1024 = 0, dhe1024dsa = 0;
971 #endif
972 #ifndef OPENSSL_NO_ECDH
973         EC_KEY *ecdh = NULL;
974 #endif
975 #ifndef OPENSSL_NO_SRP
976         /* client */
977         SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
978         /* server */
979         SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
980 #endif
981         int no_dhe = 0;
982         int no_ecdhe = 0;
983         int no_psk = 0;
984         int print_time = 0;
985         clock_t s_time = 0, c_time = 0;
986 #ifndef OPENSSL_NO_COMP
987         int comp = 0;
988         COMP_METHOD *cm = NULL;
989         STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
990 #endif
991         int test_cipherlist = 0;
992 #ifdef OPENSSL_FIPS
993         int fips_mode=0;
994 #endif
995
996         verbose = 0;
997         debug = 0;
998         cipher = 0;
999
1000         bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);     
1001
1002         CRYPTO_set_locking_callback(lock_dbg_cb);
1003
1004         /* enable memory leak checking unless explicitly disabled */
1005         if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
1006                 {
1007                 CRYPTO_malloc_debug_init();
1008                 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1009                 }
1010         else
1011                 {
1012                 /* OPENSSL_DEBUG_MEMORY=off */
1013                 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1014                 }
1015         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1016
1017         RAND_seed(rnd_seed, sizeof rnd_seed);
1018
1019         bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
1020
1021         argc--;
1022         argv++;
1023
1024         while (argc >= 1)
1025                 {
1026                 if(!strcmp(*argv,"-F"))
1027                         {
1028 #ifdef OPENSSL_FIPS
1029                         fips_mode=1;
1030 #else
1031                         fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
1032                         EXIT(0);
1033 #endif
1034                         }
1035                 else if (strcmp(*argv,"-server_auth") == 0)
1036                         server_auth=1;
1037                 else if (strcmp(*argv,"-client_auth") == 0)
1038                         client_auth=1;
1039                 else if (strcmp(*argv,"-proxy_auth") == 0)
1040                         {
1041                         if (--argc < 1) goto bad;
1042                         app_verify_arg.proxy_auth= *(++argv);
1043                         }
1044                 else if (strcmp(*argv,"-proxy_cond") == 0)
1045                         {
1046                         if (--argc < 1) goto bad;
1047                         app_verify_arg.proxy_cond= *(++argv);
1048                         }
1049                 else if (strcmp(*argv,"-v") == 0)
1050                         verbose=1;
1051                 else if (strcmp(*argv,"-d") == 0)
1052                         debug=1;
1053                 else if (strcmp(*argv,"-reuse") == 0)
1054                         reuse=1;
1055                 else if (strcmp(*argv,"-dhe1024") == 0)
1056                         {
1057 #ifndef OPENSSL_NO_DH
1058                         dhe1024=1;
1059 #else
1060                         fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1061 #endif
1062                         }
1063                 else if (strcmp(*argv,"-dhe1024dsa") == 0)
1064                         {
1065 #ifndef OPENSSL_NO_DH
1066                         dhe1024dsa=1;
1067 #else
1068                         fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1069 #endif
1070                         }
1071                 else if (strcmp(*argv,"-no_dhe") == 0)
1072                         no_dhe=1;
1073                 else if (strcmp(*argv,"-no_ecdhe") == 0)
1074                         no_ecdhe=1;
1075                 else if (strcmp(*argv,"-psk") == 0)
1076                         {
1077                         if (--argc < 1) goto bad;
1078                         psk_key=*(++argv);
1079 #ifndef OPENSSL_NO_PSK
1080                         if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key))
1081                                 {
1082                                 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
1083                                 goto bad;
1084                                 }
1085 #else
1086                         no_psk=1;
1087 #endif
1088                         }
1089 #ifndef OPENSSL_NO_SRP
1090                 else if (strcmp(*argv,"-srpuser") == 0)
1091                         {
1092                         if (--argc < 1) goto bad;
1093                         srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
1094                         tls1=1;
1095                         }
1096                 else if (strcmp(*argv,"-srppass") == 0)
1097                         {
1098                         if (--argc < 1) goto bad;
1099                         srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
1100                         tls1=1;
1101                         }
1102 #endif
1103                 else if (strcmp(*argv,"-ssl2") == 0)
1104                         ssl2=1;
1105                 else if (strcmp(*argv,"-tls1") == 0)
1106                         tls1=1;
1107                 else if (strcmp(*argv,"-ssl3") == 0)
1108                         ssl3=1;
1109                 else if (strncmp(*argv,"-num",4) == 0)
1110                         {
1111                         if (--argc < 1) goto bad;
1112                         number= atoi(*(++argv));
1113                         if (number == 0) number=1;
1114                         }
1115                 else if (strcmp(*argv,"-bytes") == 0)
1116                         {
1117                         if (--argc < 1) goto bad;
1118                         bytes= atol(*(++argv));
1119                         if (bytes == 0L) bytes=1L;
1120                         i=strlen(argv[0]);
1121                         if (argv[0][i-1] == 'k') bytes*=1024L;
1122                         if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
1123                         }
1124                 else if (strcmp(*argv,"-cert") == 0)
1125                         {
1126                         if (--argc < 1) goto bad;
1127                         server_cert= *(++argv);
1128                         }
1129                 else if (strcmp(*argv,"-s_cert") == 0)
1130                         {
1131                         if (--argc < 1) goto bad;
1132                         server_cert= *(++argv);
1133                         }
1134                 else if (strcmp(*argv,"-key") == 0)
1135                         {
1136                         if (--argc < 1) goto bad;
1137                         server_key= *(++argv);
1138                         }
1139                 else if (strcmp(*argv,"-s_key") == 0)
1140                         {
1141                         if (--argc < 1) goto bad;
1142                         server_key= *(++argv);
1143                         }
1144                 else if (strcmp(*argv,"-c_cert") == 0)
1145                         {
1146                         if (--argc < 1) goto bad;
1147                         client_cert= *(++argv);
1148                         }
1149                 else if (strcmp(*argv,"-c_key") == 0)
1150                         {
1151                         if (--argc < 1) goto bad;
1152                         client_key= *(++argv);
1153                         }
1154                 else if (strcmp(*argv,"-cipher") == 0)
1155                         {
1156                         if (--argc < 1) goto bad;
1157                         cipher= *(++argv);
1158                         }
1159                 else if (strcmp(*argv,"-CApath") == 0)
1160                         {
1161                         if (--argc < 1) goto bad;
1162                         CApath= *(++argv);
1163                         }
1164                 else if (strcmp(*argv,"-CAfile") == 0)
1165                         {
1166                         if (--argc < 1) goto bad;
1167                         CAfile= *(++argv);
1168                         }
1169                 else if (strcmp(*argv,"-bio_pair") == 0)
1170                         {
1171                         bio_pair = 1;
1172                         }
1173                 else if (strcmp(*argv,"-f") == 0)
1174                         {
1175                         force = 1;
1176                         }
1177                 else if (strcmp(*argv,"-time") == 0)
1178                         {
1179                         print_time = 1;
1180                         }
1181 #ifndef OPENSSL_NO_COMP
1182                 else if (strcmp(*argv,"-zlib") == 0)
1183                         {
1184                         comp = COMP_ZLIB;
1185                         }
1186                 else if (strcmp(*argv,"-rle") == 0)
1187                         {
1188                         comp = COMP_RLE;
1189                         }
1190 #endif
1191                 else if (strcmp(*argv,"-named_curve") == 0)
1192                         {
1193                         if (--argc < 1) goto bad;
1194 #ifndef OPENSSL_NO_ECDH         
1195                         named_curve = *(++argv);
1196 #else
1197                         fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
1198                         ++argv;
1199 #endif
1200                         }
1201                 else if (strcmp(*argv,"-app_verify") == 0)
1202                         {
1203                         app_verify_arg.app_verify = 1;
1204                         }
1205                 else if (strcmp(*argv,"-proxy") == 0)
1206                         {
1207                         app_verify_arg.allow_proxy_certs = 1;
1208                         }
1209                 else if (strcmp(*argv,"-test_cipherlist") == 0)
1210                         {
1211                         test_cipherlist = 1;
1212                         }
1213 #ifndef OPENSSL_NO_NEXTPROTONEG
1214                 else if (strcmp(*argv,"-npn_client") == 0)
1215                         {
1216                         npn_client = 1;
1217                         }
1218                 else if (strcmp(*argv,"-npn_server") == 0)
1219                         {
1220                         npn_server = 1;
1221                         }
1222                 else if (strcmp(*argv,"-npn_server_reject") == 0)
1223                         {
1224                         npn_server_reject = 1;
1225                         }
1226 #endif
1227                 else if (strcmp(*argv,"-serverinfo_sct") == 0)
1228                         {
1229                         serverinfo_sct = 1;
1230                         }
1231                 else if (strcmp(*argv,"-serverinfo_tack") == 0)
1232                         {
1233                         serverinfo_tack = 1;
1234                         }
1235                 else if (strcmp(*argv,"-serverinfo_file") == 0)
1236                         {
1237                         if (--argc < 1) goto bad;
1238                         serverinfo_file = *(++argv);
1239                         }
1240                 else if (strcmp(*argv,"-custom_ext") == 0)
1241                         {
1242                         custom_ext = 1;
1243                         }
1244                 else if (strcmp(*argv,"-alpn_client") == 0)
1245                         {
1246                         if (--argc < 1) goto bad;
1247                         alpn_client = *(++argv);
1248                         }
1249                 else if (strcmp(*argv,"-alpn_server") == 0)
1250                         {
1251                         if (--argc < 1) goto bad;
1252                         alpn_server = *(++argv);
1253                         }
1254                 else if (strcmp(*argv,"-alpn_expected") == 0)
1255                         {
1256                         if (--argc < 1) goto bad;
1257                         alpn_expected = *(++argv);
1258                         }
1259                 else
1260                         {
1261                         fprintf(stderr,"unknown option %s\n",*argv);
1262                         badop=1;
1263                         break;
1264                         }
1265                 argc--;
1266                 argv++;
1267                 }
1268         if (badop)
1269                 {
1270 bad:
1271                 sv_usage();
1272                 goto end;
1273                 }
1274
1275         if (test_cipherlist == 1)
1276                 {
1277                 /* ensure that the cipher list are correctly sorted and exit */
1278                 if (do_test_cipherlist() == 0)
1279                         EXIT(1);
1280                 ret = 0;
1281                 goto end;
1282                 }
1283
1284         if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
1285                 {
1286                 fprintf(stderr, "This case cannot work.  Use -f to perform "
1287                         "the test anyway (and\n-d to see what happens), "
1288                         "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
1289                         "to avoid protocol mismatch.\n");
1290                 EXIT(1);
1291                 }
1292
1293 #ifdef OPENSSL_FIPS
1294         if(fips_mode)
1295                 {
1296                 if(!FIPS_mode_set(1))
1297                         {
1298                         ERR_load_crypto_strings();
1299                         ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
1300                         EXIT(1);
1301                         }
1302                 else
1303                         fprintf(stderr,"*** IN FIPS MODE ***\n");
1304                 }
1305 #endif
1306
1307         if (print_time)
1308                 {
1309                 if (!bio_pair)
1310                         {
1311                         fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1312                         bio_pair = 1;
1313                         }
1314                 if (number < 50 && !force)
1315                         fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1316                 }
1317
1318 /*      if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1319
1320         SSL_library_init();
1321         SSL_load_error_strings();
1322
1323 #ifndef OPENSSL_NO_COMP
1324         if (comp == COMP_ZLIB) cm = COMP_zlib();
1325         if (comp == COMP_RLE) cm = COMP_rle();
1326         if (cm != NULL)
1327                 {
1328                 if (cm->type != NID_undef)
1329                         {
1330                         if (SSL_COMP_add_compression_method(comp, cm) != 0)
1331                                 {
1332                                 fprintf(stderr,
1333                                         "Failed to add compression method\n");
1334                                 ERR_print_errors_fp(stderr);
1335                                 }
1336                         }
1337                 else
1338                         {
1339                         fprintf(stderr,
1340                                 "Warning: %s compression not supported\n",
1341                                 (comp == COMP_RLE ? "rle" :
1342                                         (comp == COMP_ZLIB ? "zlib" :
1343                                                 "unknown")));
1344                         ERR_print_errors_fp(stderr);
1345                         }
1346                 }
1347         ssl_comp_methods = SSL_COMP_get_compression_methods();
1348         fprintf(stderr, "Available compression methods:\n");
1349         {
1350         int j, n = sk_SSL_COMP_num(ssl_comp_methods);
1351         if (n == 0)
1352                 fprintf(stderr, "  NONE\n");
1353         else
1354                 for (j = 0; j < n; j++)
1355                         {
1356                         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1357                         fprintf(stderr, "  %d: %s\n", c->id, c->name);
1358                         }
1359         }
1360 #endif
1361
1362 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
1363         if (ssl2)
1364                 meth=SSLv2_method();
1365         else 
1366         if (tls1)
1367                 meth=TLSv1_method();
1368         else
1369         if (ssl3)
1370                 meth=SSLv3_method();
1371         else
1372                 meth=SSLv23_method();
1373 #else
1374 #ifdef OPENSSL_NO_SSL2
1375         if (tls1)
1376                 meth=TLSv1_method();
1377         else
1378         if (ssl3)
1379                 meth=SSLv3_method();
1380         else
1381                 meth=SSLv23_method();
1382 #else
1383         meth=SSLv2_method();
1384 #endif
1385 #endif
1386
1387         c_ctx=SSL_CTX_new(meth);
1388         s_ctx=SSL_CTX_new(meth);
1389         if ((c_ctx == NULL) || (s_ctx == NULL))
1390                 {
1391                 ERR_print_errors(bio_err);
1392                 goto end;
1393                 }
1394         /* Since we will use low security ciphersuites and keys for
1395          * testing set security level to zero.
1396          */
1397         SSL_CTX_set_security_level(c_ctx, 0);
1398         SSL_CTX_set_security_level(s_ctx, 0);
1399
1400         if (cipher != NULL)
1401                 {
1402                 SSL_CTX_set_cipher_list(c_ctx,cipher);
1403                 SSL_CTX_set_cipher_list(s_ctx,cipher);
1404                 }
1405
1406 #ifndef OPENSSL_NO_DH
1407         if (!no_dhe)
1408                 {
1409                 if (dhe1024dsa)
1410                         {
1411                         /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
1412                         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1413                         dh=get_dh1024dsa();
1414                         }
1415                 else if (dhe1024)
1416                         dh=get_dh1024();
1417                 else
1418                         dh=get_dh512();
1419                 SSL_CTX_set_tmp_dh(s_ctx,dh);
1420                 DH_free(dh);
1421                 }
1422 #else
1423         (void)no_dhe;
1424 #endif
1425
1426 #ifndef OPENSSL_NO_ECDH
1427         if (!no_ecdhe)
1428                 {
1429                 int nid;
1430
1431                 if (named_curve != NULL)
1432                         {
1433                         nid = OBJ_sn2nid(named_curve);
1434                         if (nid == 0)
1435                         {
1436                                 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1437                                 goto end;
1438                                 }
1439                         }
1440                 else
1441 #ifdef OPENSSL_NO_EC2M
1442                         nid = NID_X9_62_prime256v1;
1443 #else
1444                         nid = NID_sect163r2;
1445 #endif
1446
1447                 ecdh = EC_KEY_new_by_curve_name(nid);
1448                 if (ecdh == NULL)
1449                         {
1450                         BIO_printf(bio_err, "unable to create curve\n");
1451                         goto end;
1452                         }
1453
1454                 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1455                 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1456                 EC_KEY_free(ecdh);
1457                 }
1458 #else
1459         (void)no_ecdhe;
1460 #endif
1461
1462 #ifndef OPENSSL_NO_RSA
1463         SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
1464 #endif
1465
1466 #ifdef TLSEXT_TYPE_opaque_prf_input
1467         SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
1468         SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
1469         SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
1470         SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
1471 #endif
1472
1473         if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
1474                 {
1475                 ERR_print_errors(bio_err);
1476                 }
1477         else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
1478                 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
1479                 {
1480                 ERR_print_errors(bio_err);
1481                 goto end;
1482                 }
1483
1484         if (client_auth)
1485                 {
1486                 SSL_CTX_use_certificate_file(c_ctx,client_cert,
1487                         SSL_FILETYPE_PEM);
1488                 SSL_CTX_use_PrivateKey_file(c_ctx,
1489                         (client_key?client_key:client_cert),
1490                         SSL_FILETYPE_PEM);
1491                 }
1492
1493         if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
1494                 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1495                 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
1496                 (!SSL_CTX_set_default_verify_paths(c_ctx)))
1497                 {
1498                 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1499                 ERR_print_errors(bio_err);
1500                 /* goto end; */
1501                 }
1502
1503         if (client_auth)
1504                 {
1505                 BIO_printf(bio_err,"client authentication\n");
1506                 SSL_CTX_set_verify(s_ctx,
1507                         SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1508                         verify_callback);
1509                 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
1510                 }
1511         if (server_auth)
1512                 {
1513                 BIO_printf(bio_err,"server authentication\n");
1514                 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
1515                         verify_callback);
1516                 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
1517                 }
1518         
1519         {
1520                 int session_id_context = 0;
1521                 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
1522         }
1523
1524         /* Use PSK only if PSK key is given */
1525         if (psk_key != NULL)
1526                 {
1527                 /* no_psk is used to avoid putting psk command to openssl tool */
1528                 if (no_psk)
1529                         {
1530                         /* if PSK is not compiled in and psk key is
1531                          * given, do nothing and exit successfully */
1532                         ret=0;
1533                         goto end;
1534                         }
1535 #ifndef OPENSSL_NO_PSK
1536                 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1537                 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1538                 if (debug)
1539                         BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n");
1540                 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint"))
1541                         {
1542                         BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
1543                         ERR_print_errors(bio_err);
1544                         goto end;
1545                         }
1546 #endif
1547                 }
1548 #ifndef OPENSSL_NO_SRP
1549         if (srp_client_arg.srplogin)
1550                 {
1551                 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
1552                         {
1553                         BIO_printf(bio_err,"Unable to set SRP username\n");
1554                         goto end;
1555                         }
1556                 SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
1557                 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
1558                 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
1559                 }
1560
1561         if (srp_server_arg.expected_user != NULL)
1562                 {
1563                 SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
1564                 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1565                 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1566                 }
1567 #endif
1568
1569 #ifndef OPENSSL_NO_NEXTPROTONEG
1570         if (npn_client)
1571                 {
1572                 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1573                 }
1574         if (npn_server)
1575                 {
1576                 if (npn_server_reject)
1577                         {
1578                         BIO_printf(bio_err, "Can't have both -npn_server and -npn_server_reject\n");
1579                         goto end;
1580                         }
1581                 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1582                 }
1583         if (npn_server_reject)
1584                 {
1585                 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1586                 }
1587 #endif
1588
1589         if (serverinfo_sct)
1590                 SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
1591                                               NULL, NULL, NULL,
1592                                               serverinfo_cli_parse_cb, NULL);
1593         if (serverinfo_tack)
1594                 SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1595                                               NULL, NULL, NULL,
1596                                               serverinfo_cli_parse_cb, NULL);
1597
1598         if (serverinfo_file)
1599                 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
1600                         {
1601                         BIO_printf(bio_err, "missing serverinfo file\n");
1602                         goto end;
1603                         }
1604
1605         if (custom_ext)
1606                 {
1607                 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0, 
1608                                               custom_ext_0_cli_add_cb,
1609                                               NULL, NULL,
1610                                               custom_ext_0_cli_parse_cb, NULL);
1611                 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1, 
1612                                               custom_ext_1_cli_add_cb,
1613                                               NULL, NULL,
1614                                               custom_ext_1_cli_parse_cb, NULL);
1615                 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2, 
1616                                               custom_ext_2_cli_add_cb,
1617                                               NULL, NULL,
1618                                               custom_ext_2_cli_parse_cb, NULL);
1619                 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3, 
1620                                               custom_ext_3_cli_add_cb,
1621                                               NULL, NULL,
1622                                               custom_ext_3_cli_parse_cb, NULL);
1623
1624
1625                 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0, 
1626                                               custom_ext_0_srv_add_cb,
1627                                               NULL, NULL,
1628                                               custom_ext_0_srv_parse_cb, NULL);
1629                 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1, 
1630                                               custom_ext_1_srv_add_cb,
1631                                               NULL, NULL,
1632                                               custom_ext_1_srv_parse_cb, NULL);
1633                 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2, 
1634                                               custom_ext_2_srv_add_cb,
1635                                               NULL, NULL,
1636                                               custom_ext_2_srv_parse_cb, NULL);
1637                 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3, 
1638                                               custom_ext_3_srv_add_cb,
1639                                               NULL, NULL,
1640                                               custom_ext_3_srv_parse_cb, NULL);
1641                 }
1642
1643         if (alpn_server)
1644                 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
1645
1646         if (alpn_client)
1647                 {
1648                 unsigned short alpn_len;
1649                 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1650
1651                 if (alpn == NULL)
1652                         {
1653                         BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1654                         goto end;
1655                         }
1656                 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
1657                 OPENSSL_free(alpn);
1658                 }
1659
1660         c_ssl=SSL_new(c_ctx);
1661         s_ssl=SSL_new(s_ctx);
1662
1663 #ifndef OPENSSL_NO_KRB5
1664         if (c_ssl  &&  c_ssl->kssl_ctx)
1665                 {
1666                 char    localhost[MAXHOSTNAMELEN+2];
1667
1668                 if (gethostname(localhost, sizeof localhost-1) == 0)
1669                         {
1670                         localhost[sizeof localhost-1]='\0';
1671                         if(strlen(localhost) == sizeof localhost-1)
1672                                 {
1673                                 BIO_printf(bio_err,"localhost name too long\n");
1674                                 goto end;
1675                                 }
1676                         kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
1677                                 localhost);
1678                         }
1679                 }
1680 #endif    /* OPENSSL_NO_KRB5  */
1681
1682         for (i=0; i<number; i++)
1683                 {
1684                 if (!reuse) SSL_set_session(c_ssl,NULL);
1685                 if (bio_pair)
1686                         ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
1687                 else
1688                         ret=doit(s_ssl,c_ssl,bytes);
1689                 }
1690
1691         if (!verbose)
1692                 {
1693                 print_details(c_ssl, "");
1694                 }
1695         if ((number > 1) || (bytes > 1L))
1696                 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
1697         if (print_time)
1698                 {
1699 #ifdef CLOCKS_PER_SEC
1700                 /* "To determine the time in seconds, the value returned
1701                  * by the clock function should be divided by the value
1702                  * of the macro CLOCKS_PER_SEC."
1703                  *                                       -- ISO/IEC 9899 */
1704                 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1705                         "Approximate total client time: %6.2f s\n",
1706                         (double)s_time/CLOCKS_PER_SEC,
1707                         (double)c_time/CLOCKS_PER_SEC);
1708 #else
1709                 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
1710                  *                            -- cc on NeXTstep/OpenStep */
1711                 BIO_printf(bio_stdout,
1712                         "Approximate total server time: %6.2f units\n"
1713                         "Approximate total client time: %6.2f units\n",
1714                         (double)s_time,
1715                         (double)c_time);
1716 #endif
1717                 }
1718
1719         SSL_free(s_ssl);
1720         SSL_free(c_ssl);
1721
1722 end:
1723         if (s_ctx != NULL) SSL_CTX_free(s_ctx);
1724         if (c_ctx != NULL) SSL_CTX_free(c_ctx);
1725
1726         if (bio_stdout != NULL) BIO_free(bio_stdout);
1727
1728 #ifndef OPENSSL_NO_RSA
1729         free_tmp_rsa();
1730 #endif
1731 #ifndef OPENSSL_NO_ENGINE
1732         ENGINE_cleanup();
1733 #endif
1734         CRYPTO_cleanup_all_ex_data();
1735         ERR_free_strings();
1736         ERR_remove_thread_state(NULL);
1737         EVP_cleanup();
1738         CRYPTO_mem_leaks(bio_err);
1739         if (bio_err != NULL) BIO_free(bio_err);
1740         EXIT(ret);
1741         return ret;
1742         }
1743
1744 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1745         clock_t *s_time, clock_t *c_time)
1746         {
1747         long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1748         BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1749         BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1750         int ret = 1;
1751         
1752         size_t bufsiz = 256; /* small buffer for testing */
1753
1754         if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1755                 goto err;
1756         if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1757                 goto err;
1758         
1759         s_ssl_bio = BIO_new(BIO_f_ssl());
1760         if (!s_ssl_bio)
1761                 goto err;
1762
1763         c_ssl_bio = BIO_new(BIO_f_ssl());
1764         if (!c_ssl_bio)
1765                 goto err;
1766
1767         SSL_set_connect_state(c_ssl);
1768         SSL_set_bio(c_ssl, client, client);
1769         (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1770
1771         SSL_set_accept_state(s_ssl);
1772         SSL_set_bio(s_ssl, server, server);
1773         (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1774
1775         do
1776                 {
1777                 /* c_ssl_bio:          SSL filter BIO
1778                  *
1779                  * client:             pseudo-I/O for SSL library
1780                  *
1781                  * client_io:          client's SSL communication; usually to be
1782                  *                     relayed over some I/O facility, but in this
1783                  *                     test program, we're the server, too:
1784                  *
1785                  * server_io:          server's SSL communication
1786                  *
1787                  * server:             pseudo-I/O for SSL library
1788                  *
1789                  * s_ssl_bio:          SSL filter BIO
1790                  *
1791                  * The client and the server each employ a "BIO pair":
1792                  * client + client_io, server + server_io.
1793                  * BIO pairs are symmetric.  A BIO pair behaves similar
1794                  * to a non-blocking socketpair (but both endpoints must
1795                  * be handled by the same thread).
1796                  * [Here we could connect client and server to the ends
1797                  * of a single BIO pair, but then this code would be less
1798                  * suitable as an example for BIO pairs in general.]
1799                  *
1800                  * Useful functions for querying the state of BIO pair endpoints:
1801                  *
1802                  * BIO_ctrl_pending(bio)              number of bytes we can read now
1803                  * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
1804                  *                                      other side's read attempt
1805                  * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
1806                  *
1807                  * ..._read_request is never more than ..._write_guarantee;
1808                  * it depends on the application which one you should use.
1809                  */
1810
1811                 /* We have non-blocking behaviour throughout this test program, but
1812                  * can be sure that there is *some* progress in each iteration; so
1813                  * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
1814                  * -- we just try everything in each iteration
1815                  */
1816
1817                         {
1818                         /* CLIENT */
1819                 
1820                         MS_STATIC char cbuf[1024*8];
1821                         int i, r;
1822                         clock_t c_clock = clock();
1823
1824                         memset(cbuf, 0, sizeof(cbuf));
1825
1826                         if (debug)
1827                                 if (SSL_in_init(c_ssl))
1828                                         printf("client waiting in SSL_connect - %s\n",
1829                                                 SSL_state_string_long(c_ssl));
1830
1831                         if (cw_num > 0)
1832                                 {
1833                                 /* Write to server. */
1834                                 
1835                                 if (cw_num > (long)sizeof cbuf)
1836                                         i = sizeof cbuf;
1837                                 else
1838                                         i = (int)cw_num;
1839                                 r = BIO_write(c_ssl_bio, cbuf, i);
1840                                 if (r < 0)
1841                                         {
1842                                         if (!BIO_should_retry(c_ssl_bio))
1843                                                 {
1844                                                 fprintf(stderr,"ERROR in CLIENT\n");
1845                                                 goto err;
1846                                                 }
1847                                         /* BIO_should_retry(...) can just be ignored here.
1848                                          * The library expects us to call BIO_write with
1849                                          * the same arguments again, and that's what we will
1850                                          * do in the next iteration. */
1851                                         }
1852                                 else if (r == 0)
1853                                         {
1854                                         fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1855                                         goto err;
1856                                         }
1857                                 else
1858                                         {
1859                                         if (debug)
1860                                                 printf("client wrote %d\n", r);
1861                                         cw_num -= r;                            
1862                                         }
1863                                 }
1864
1865                         if (cr_num > 0)
1866                                 {
1867                                 /* Read from server. */
1868
1869                                 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1870                                 if (r < 0)
1871                                         {
1872                                         if (!BIO_should_retry(c_ssl_bio))
1873                                                 {
1874                                                 fprintf(stderr,"ERROR in CLIENT\n");
1875                                                 goto err;
1876                                                 }
1877                                         /* Again, "BIO_should_retry" can be ignored. */
1878                                         }
1879                                 else if (r == 0)
1880                                         {
1881                                         fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1882                                         goto err;
1883                                         }
1884                                 else
1885                                         {
1886                                         if (debug)
1887                                                 printf("client read %d\n", r);
1888                                         cr_num -= r;
1889                                         }
1890                                 }
1891
1892                         /* c_time and s_time increments will typically be very small
1893                          * (depending on machine speed and clock tick intervals),
1894                          * but sampling over a large number of connections should
1895                          * result in fairly accurate figures.  We cannot guarantee
1896                          * a lot, however -- if each connection lasts for exactly
1897                          * one clock tick, it will be counted only for the client
1898                          * or only for the server or even not at all.
1899                          */
1900                         *c_time += (clock() - c_clock);
1901                         }
1902
1903                         {
1904                         /* SERVER */
1905                 
1906                         MS_STATIC char sbuf[1024*8];
1907                         int i, r;
1908                         clock_t s_clock = clock();
1909
1910                         memset(sbuf, 0, sizeof(sbuf));
1911
1912                         if (debug)
1913                                 if (SSL_in_init(s_ssl))
1914                                         printf("server waiting in SSL_accept - %s\n",
1915                                                 SSL_state_string_long(s_ssl));
1916
1917                         if (sw_num > 0)
1918                                 {
1919                                 /* Write to client. */
1920                                 
1921                                 if (sw_num > (long)sizeof sbuf)
1922                                         i = sizeof sbuf;
1923                                 else
1924                                         i = (int)sw_num;
1925                                 r = BIO_write(s_ssl_bio, sbuf, i);
1926                                 if (r < 0)
1927                                         {
1928                                         if (!BIO_should_retry(s_ssl_bio))
1929                                                 {
1930                                                 fprintf(stderr,"ERROR in SERVER\n");
1931                                                 goto err;
1932                                                 }
1933                                         /* Ignore "BIO_should_retry". */
1934                                         }
1935                                 else if (r == 0)
1936                                         {
1937                                         fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
1938                                         goto err;
1939                                         }
1940                                 else
1941                                         {
1942                                         if (debug)
1943                                                 printf("server wrote %d\n", r);
1944                                         sw_num -= r;                            
1945                                         }
1946                                 }
1947
1948                         if (sr_num > 0)
1949                                 {
1950                                 /* Read from client. */
1951
1952                                 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
1953                                 if (r < 0)
1954                                         {
1955                                         if (!BIO_should_retry(s_ssl_bio))
1956                                                 {
1957                                                 fprintf(stderr,"ERROR in SERVER\n");
1958                                                 goto err;
1959                                                 }
1960                                         /* blah, blah */
1961                                         }
1962                                 else if (r == 0)
1963                                         {
1964                                         fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
1965                                         goto err;
1966                                         }
1967                                 else
1968                                         {
1969                                         if (debug)
1970                                                 printf("server read %d\n", r);
1971                                         sr_num -= r;
1972                                         }
1973                                 }
1974
1975                         *s_time += (clock() - s_clock);
1976                         }
1977                         
1978                         {
1979                         /* "I/O" BETWEEN CLIENT AND SERVER. */
1980
1981                         size_t r1, r2;
1982                         BIO *io1 = server_io, *io2 = client_io;
1983                         /* we use the non-copying interface for io1
1984                          * and the standard BIO_write/BIO_read interface for io2
1985                          */
1986                         
1987                         static int prev_progress = 1;
1988                         int progress = 0;
1989                         
1990                         /* io1 to io2 */
1991                         do
1992                                 {
1993                                 size_t num;
1994                                 int r;
1995
1996                                 r1 = BIO_ctrl_pending(io1);
1997                                 r2 = BIO_ctrl_get_write_guarantee(io2);
1998
1999                                 num = r1;
2000                                 if (r2 < num)
2001                                         num = r2;
2002                                 if (num)
2003                                         {
2004                                         char *dataptr;
2005
2006                                         if (INT_MAX < num) /* yeah, right */
2007                                                 num = INT_MAX;
2008                                         
2009                                         r = BIO_nread(io1, &dataptr, (int)num);
2010                                         assert(r > 0);
2011                                         assert(r <= (int)num);
2012                                         /* possibly r < num (non-contiguous data) */
2013                                         num = r;
2014                                         r = BIO_write(io2, dataptr, (int)num);
2015                                         if (r != (int)num) /* can't happen */
2016                                                 {
2017                                                 fprintf(stderr, "ERROR: BIO_write could not write "
2018                                                         "BIO_ctrl_get_write_guarantee() bytes");
2019                                                 goto err;
2020                                                 }
2021                                         progress = 1;
2022
2023                                         if (debug)
2024                                                 printf((io1 == client_io) ?
2025                                                         "C->S relaying: %d bytes\n" :
2026                                                         "S->C relaying: %d bytes\n",
2027                                                         (int)num);
2028                                         }
2029                                 }
2030                         while (r1 && r2);
2031
2032                         /* io2 to io1 */
2033                         {
2034                                 size_t num;
2035                                 int r;
2036
2037                                 r1 = BIO_ctrl_pending(io2);
2038                                 r2 = BIO_ctrl_get_read_request(io1);
2039                                 /* here we could use ..._get_write_guarantee instead of
2040                                  * ..._get_read_request, but by using the latter
2041                                  * we test restartability of the SSL implementation
2042                                  * more thoroughly */
2043                                 num = r1;
2044                                 if (r2 < num)
2045                                         num = r2;
2046                                 if (num)
2047                                         {
2048                                         char *dataptr;
2049                                         
2050                                         if (INT_MAX < num)
2051                                                 num = INT_MAX;
2052
2053                                         if (num > 1)
2054                                                 --num; /* test restartability even more thoroughly */
2055                                         
2056                                         r = BIO_nwrite0(io1, &dataptr);
2057                                         assert(r > 0);
2058                                         if (r < (int)num)
2059                                                 num = r;
2060                                         r = BIO_read(io2, dataptr, (int)num);
2061                                         if (r != (int)num) /* can't happen */
2062                                                 {
2063                                                 fprintf(stderr, "ERROR: BIO_read could not read "
2064                                                         "BIO_ctrl_pending() bytes");
2065                                                 goto err;
2066                                                 }
2067                                         progress = 1;
2068                                         r = BIO_nwrite(io1, &dataptr, (int)num);
2069                                         if (r != (int)num) /* can't happen */
2070                                                 {
2071                                                 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2072                                                         "BIO_nwrite0() bytes");
2073                                                 goto err;
2074                                                 }
2075                                         
2076                                         if (debug)
2077                                                 printf((io2 == client_io) ?
2078                                                         "C->S relaying: %d bytes\n" :
2079                                                         "S->C relaying: %d bytes\n",
2080                                                         (int)num);
2081                                         }
2082                         } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
2083
2084                         if (!progress && !prev_progress)
2085                                 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
2086                                         {
2087                                         fprintf(stderr, "ERROR: got stuck\n");
2088                                         if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
2089                                                 {
2090                                                 fprintf(stderr, "This can happen for SSL2 because "
2091                                                         "CLIENT-FINISHED and SERVER-VERIFY are written \n"
2092                                                         "concurrently ...");
2093                                                 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
2094                                                         && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
2095                                                         {
2096                                                         fprintf(stderr, " ok.\n");
2097                                                         goto end;
2098                                                         }
2099                                                 }
2100                                         fprintf(stderr, " ERROR.\n");
2101                                         goto err;
2102                                         }
2103                         prev_progress = progress;
2104                         }
2105                 }
2106         while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2107
2108         if (verbose)
2109                 print_details(c_ssl, "DONE via BIO pair: ");
2110 #ifndef OPENSSL_NO_NEXTPROTONEG
2111         if (verify_npn(c_ssl, s_ssl) < 0)
2112                 {
2113                 ret = 1;
2114                 goto end;
2115                 }
2116 #endif
2117         if (verify_serverinfo() < 0)
2118                 {
2119                 fprintf(stderr, "Server info verify error\n");
2120                 ret = 1;
2121                 goto err;
2122                 }
2123         if (verify_alpn(c_ssl, s_ssl) < 0)
2124                 {
2125                 ret = 1;
2126                 goto err;
2127                 }
2128
2129         if (custom_ext_error)
2130                 {
2131                 fprintf(stderr, "Custom extension error\n");
2132                 ret = 1;
2133                 goto err;
2134                 }
2135
2136 end:
2137         ret = 0;
2138
2139  err:
2140         ERR_print_errors(bio_err);
2141         
2142         if (server)
2143                 BIO_free(server);
2144         if (server_io)
2145                 BIO_free(server_io);
2146         if (client)
2147                 BIO_free(client);
2148         if (client_io)
2149                 BIO_free(client_io);
2150         if (s_ssl_bio)
2151                 BIO_free(s_ssl_bio);
2152         if (c_ssl_bio)
2153                 BIO_free(c_ssl_bio);
2154
2155         return ret;
2156         }
2157
2158
2159 #define W_READ  1
2160 #define W_WRITE 2
2161 #define C_DONE  1
2162 #define S_DONE  2
2163
2164 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2165         {
2166         char *cbuf=NULL,*sbuf=NULL;
2167         long bufsiz;
2168         long cw_num=count,cr_num=count;
2169         long sw_num=count,sr_num=count;
2170         int ret=1;
2171         BIO *c_to_s=NULL;
2172         BIO *s_to_c=NULL;
2173         BIO *c_bio=NULL;
2174         BIO *s_bio=NULL;
2175         int c_r,c_w,s_r,s_w;
2176         int i,j;
2177         int done=0;
2178         int c_write,s_write;
2179         int do_server=0,do_client=0;
2180         int max_frag = 5*1024;
2181
2182         bufsiz = count>40*1024 ? 40*1024 : count;
2183
2184         if ((cbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
2185         if ((sbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
2186
2187         memset(cbuf,0,bufsiz);
2188         memset(sbuf,0,bufsiz);
2189
2190         c_to_s=BIO_new(BIO_s_mem());
2191         s_to_c=BIO_new(BIO_s_mem());
2192         if ((s_to_c == NULL) || (c_to_s == NULL))
2193                 {
2194                 ERR_print_errors(bio_err);
2195                 goto err;
2196                 }
2197
2198         c_bio=BIO_new(BIO_f_ssl());
2199         s_bio=BIO_new(BIO_f_ssl());
2200         if ((c_bio == NULL) || (s_bio == NULL))
2201                 {
2202                 ERR_print_errors(bio_err);
2203                 goto err;
2204                 }
2205
2206         SSL_set_connect_state(c_ssl);
2207         SSL_set_bio(c_ssl,s_to_c,c_to_s);
2208         SSL_set_max_send_fragment(c_ssl,max_frag);
2209         BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
2210
2211         SSL_set_accept_state(s_ssl);
2212         SSL_set_bio(s_ssl,c_to_s,s_to_c);
2213         SSL_set_max_send_fragment(s_ssl,max_frag);
2214         BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
2215
2216         c_r=0; s_r=1;
2217         c_w=1; s_w=0;
2218         c_write=1,s_write=0;
2219
2220         /* We can always do writes */
2221         for (;;)
2222                 {
2223                 do_server=0;
2224                 do_client=0;
2225
2226                 i=(int)BIO_pending(s_bio);
2227                 if ((i && s_r) || s_w) do_server=1;
2228
2229                 i=(int)BIO_pending(c_bio);
2230                 if ((i && c_r) || c_w) do_client=1;
2231
2232                 if (do_server && debug)
2233                         {
2234                         if (SSL_in_init(s_ssl))
2235                                 printf("server waiting in SSL_accept - %s\n",
2236                                         SSL_state_string_long(s_ssl));
2237 /*                      else if (s_write)
2238                                 printf("server:SSL_write()\n");
2239                         else
2240                                 printf("server:SSL_read()\n"); */
2241                         }
2242
2243                 if (do_client && debug)
2244                         {
2245                         if (SSL_in_init(c_ssl))
2246                                 printf("client waiting in SSL_connect - %s\n",
2247                                         SSL_state_string_long(c_ssl));
2248 /*                      else if (c_write)
2249                                 printf("client:SSL_write()\n");
2250                         else
2251                                 printf("client:SSL_read()\n"); */
2252                         }
2253
2254                 if (!do_client && !do_server)
2255                         {
2256                         fprintf(stdout,"ERROR IN STARTUP\n");
2257                         ERR_print_errors(bio_err);
2258                         break;
2259                         }
2260                 if (do_client && !(done & C_DONE))
2261                         {
2262                         if (c_write)
2263                                 {
2264                                 j = (cw_num > bufsiz) ?
2265                                         (int)bufsiz : (int)cw_num;
2266                                 i=BIO_write(c_bio,cbuf,j);
2267                                 if (i < 0)
2268                                         {
2269                                         c_r=0;
2270                                         c_w=0;
2271                                         if (BIO_should_retry(c_bio))
2272                                                 {
2273                                                 if (BIO_should_read(c_bio))
2274                                                         c_r=1;
2275                                                 if (BIO_should_write(c_bio))
2276                                                         c_w=1;
2277                                                 }
2278                                         else
2279                                                 {
2280                                                 fprintf(stderr,"ERROR in CLIENT\n");
2281                                                 ERR_print_errors(bio_err);
2282                                                 goto err;
2283                                                 }
2284                                         }
2285                                 else if (i == 0)
2286                                         {
2287                                         fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2288                                         goto err;
2289                                         }
2290                                 else
2291                                         {
2292                                         if (debug)
2293                                                 printf("client wrote %d\n",i);
2294                                         /* ok */
2295                                         s_r=1;
2296                                         c_write=0;
2297                                         cw_num-=i;
2298                                         if (max_frag>1029)
2299                                                 SSL_set_max_send_fragment(c_ssl,max_frag-=5);
2300                                         }
2301                                 }
2302                         else
2303                                 {
2304                                 i=BIO_read(c_bio,cbuf,bufsiz);
2305                                 if (i < 0)
2306                                         {
2307                                         c_r=0;
2308                                         c_w=0;
2309                                         if (BIO_should_retry(c_bio))
2310                                                 {
2311                                                 if (BIO_should_read(c_bio))
2312                                                         c_r=1;
2313                                                 if (BIO_should_write(c_bio))
2314                                                         c_w=1;
2315                                                 }
2316                                         else
2317                                                 {
2318                                                 fprintf(stderr,"ERROR in CLIENT\n");
2319                                                 ERR_print_errors(bio_err);
2320                                                 goto err;
2321                                                 }
2322                                         }
2323                                 else if (i == 0)
2324                                         {
2325                                         fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2326                                         goto err;
2327                                         }
2328                                 else
2329                                         {
2330                                         if (debug)
2331                                                 printf("client read %d\n",i);
2332                                         cr_num-=i;
2333                                         if (sw_num > 0)
2334                                                 {
2335                                                 s_write=1;
2336                                                 s_w=1;
2337                                                 }
2338                                         if (cr_num <= 0)
2339                                                 {
2340                                                 s_write=1;
2341                                                 s_w=1;
2342                                                 done=S_DONE|C_DONE;
2343                                                 }
2344                                         }
2345                                 }
2346                         }
2347
2348                 if (do_server && !(done & S_DONE))
2349                         {
2350                         if (!s_write)
2351                                 {
2352                                 i=BIO_read(s_bio,sbuf,bufsiz);
2353                                 if (i < 0)
2354                                         {
2355                                         s_r=0;
2356                                         s_w=0;
2357                                         if (BIO_should_retry(s_bio))
2358                                                 {
2359                                                 if (BIO_should_read(s_bio))
2360                                                         s_r=1;
2361                                                 if (BIO_should_write(s_bio))
2362                                                         s_w=1;
2363                                                 }
2364                                         else
2365                                                 {
2366                                                 fprintf(stderr,"ERROR in SERVER\n");
2367                                                 ERR_print_errors(bio_err);
2368                                                 goto err;
2369                                                 }
2370                                         }
2371                                 else if (i == 0)
2372                                         {
2373                                         ERR_print_errors(bio_err);
2374                                         fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
2375                                         goto err;
2376                                         }
2377                                 else
2378                                         {
2379                                         if (debug)
2380                                                 printf("server read %d\n",i);
2381                                         sr_num-=i;
2382                                         if (cw_num > 0)
2383                                                 {
2384                                                 c_write=1;
2385                                                 c_w=1;
2386                                                 }
2387                                         if (sr_num <= 0)
2388                                                 {
2389                                                 s_write=1;
2390                                                 s_w=1;
2391                                                 c_write=0;
2392                                                 }
2393                                         }
2394                                 }
2395                         else
2396                                 {
2397                                 j = (sw_num > bufsiz) ?
2398                                         (int)bufsiz : (int)sw_num;
2399                                 i=BIO_write(s_bio,sbuf,j);
2400                                 if (i < 0)
2401                                         {
2402                                         s_r=0;
2403                                         s_w=0;
2404                                         if (BIO_should_retry(s_bio))
2405                                                 {
2406                                                 if (BIO_should_read(s_bio))
2407                                                         s_r=1;
2408                                                 if (BIO_should_write(s_bio))
2409                                                         s_w=1;
2410                                                 }
2411                                         else
2412                                                 {
2413                                                 fprintf(stderr,"ERROR in SERVER\n");
2414                                                 ERR_print_errors(bio_err);
2415                                                 goto err;
2416                                                 }
2417                                         }
2418                                 else if (i == 0)
2419                                         {
2420                                         ERR_print_errors(bio_err);
2421                                         fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
2422                                         goto err;
2423                                         }
2424                                 else
2425                                         {
2426                                         if (debug)
2427                                                 printf("server wrote %d\n",i);
2428                                         sw_num-=i;
2429                                         s_write=0;
2430                                         c_r=1;
2431                                         if (sw_num <= 0)
2432                                                 done|=S_DONE;
2433                                         if (max_frag>1029)
2434                                                 SSL_set_max_send_fragment(s_ssl,max_frag-=5);
2435                                         }
2436                                 }
2437                         }
2438
2439                 if ((done & S_DONE) && (done & C_DONE)) break;
2440                 }
2441
2442         if (verbose)
2443                 print_details(c_ssl, "DONE: ");
2444 #ifndef OPENSSL_NO_NEXTPROTONEG
2445         if (verify_npn(c_ssl, s_ssl) < 0)
2446                 {
2447                 ret = 1;
2448                 goto err;
2449                 }
2450 #endif
2451         if (verify_serverinfo() < 0)
2452                 {
2453                 fprintf(stderr, "Server info verify error\n");
2454                 ret = 1;
2455                 goto err;
2456                 }
2457         if (custom_ext_error)
2458                 {
2459                 fprintf(stderr, "Custom extension error\n");
2460                 ret = 1;
2461                 goto err;
2462                 }
2463         ret=0;
2464 err:
2465         /* We have to set the BIO's to NULL otherwise they will be
2466          * OPENSSL_free()ed twice.  Once when th s_ssl is SSL_free()ed and
2467          * again when c_ssl is SSL_free()ed.
2468          * This is a hack required because s_ssl and c_ssl are sharing the same
2469          * BIO structure and SSL_set_bio() and SSL_free() automatically
2470          * BIO_free non NULL entries.
2471          * You should not normally do this or be required to do this */
2472         if (s_ssl != NULL)
2473                 {
2474                 s_ssl->rbio=NULL;
2475                 s_ssl->wbio=NULL;
2476                 }
2477         if (c_ssl != NULL)
2478                 {
2479                 c_ssl->rbio=NULL;
2480                 c_ssl->wbio=NULL;
2481                 }
2482
2483         if (c_to_s != NULL) BIO_free(c_to_s);
2484         if (s_to_c != NULL) BIO_free(s_to_c);
2485         if (c_bio != NULL) BIO_free_all(c_bio);
2486         if (s_bio != NULL) BIO_free_all(s_bio);
2487
2488         if (cbuf) OPENSSL_free(cbuf);
2489         if (sbuf) OPENSSL_free(sbuf);
2490
2491         return(ret);
2492         }
2493
2494 static int get_proxy_auth_ex_data_idx(void)
2495         {
2496         static volatile int idx = -1;
2497         if (idx < 0)
2498                 {
2499                 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2500                 if (idx < 0)
2501                         {
2502                         idx = X509_STORE_CTX_get_ex_new_index(0,
2503                                 "SSLtest for verify callback", NULL,NULL,NULL);
2504                         }
2505                 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2506                 }
2507         return idx;
2508         }
2509
2510 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
2511         {
2512         char *s,buf[256];
2513
2514         s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
2515                             sizeof buf);
2516         if (s != NULL)
2517                 {
2518                 if (ok)
2519                         fprintf(stderr,"depth=%d %s\n",
2520                                 ctx->error_depth,buf);
2521                 else
2522                         {
2523                         fprintf(stderr,"depth=%d error=%d %s\n",
2524                                 ctx->error_depth,ctx->error,buf);
2525                         }
2526                 }
2527
2528         if (ok == 0)
2529                 {
2530                 fprintf(stderr,"Error string: %s\n",
2531                         X509_verify_cert_error_string(ctx->error));
2532                 switch (ctx->error)
2533                         {
2534                 case X509_V_ERR_CERT_NOT_YET_VALID:
2535                 case X509_V_ERR_CERT_HAS_EXPIRED:
2536                 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2537                         fprintf(stderr,"  ... ignored.\n");
2538                         ok=1;
2539                         }
2540                 }
2541
2542         if (ok == 1)
2543                 {
2544                 X509 *xs = ctx->current_cert;
2545 #if 0
2546                 X509 *xi = ctx->current_issuer;
2547 #endif
2548
2549                 if (xs->ex_flags & EXFLAG_PROXY)
2550                         {
2551                         unsigned int *letters =
2552                                 X509_STORE_CTX_get_ex_data(ctx,
2553                                         get_proxy_auth_ex_data_idx());
2554
2555                         if (letters)
2556                                 {
2557                                 int found_any = 0;
2558                                 int i;
2559                                 PROXY_CERT_INFO_EXTENSION *pci =
2560                                         X509_get_ext_d2i(xs, NID_proxyCertInfo,
2561                                                 NULL, NULL);
2562
2563                                 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
2564                                         {
2565                                 case NID_Independent:
2566                                         /* Completely meaningless in this
2567                                            program, as there's no way to
2568                                            grant explicit rights to a
2569                                            specific PrC.  Basically, using
2570                                            id-ppl-Independent is the perfect
2571                                            way to grant no rights at all. */
2572                                         fprintf(stderr, "  Independent proxy certificate");
2573                                         for (i = 0; i < 26; i++)
2574                                                 letters[i] = 0;
2575                                         break;
2576                                 case NID_id_ppl_inheritAll:
2577                                         /* This is basically a NOP, we
2578                                            simply let the current rights
2579                                            stand as they are. */
2580                                         fprintf(stderr, "  Proxy certificate inherits all");
2581                                         break;
2582                                 default:
2583                                         s = (char *)
2584                                                 pci->proxyPolicy->policy->data;
2585                                         i = pci->proxyPolicy->policy->length;
2586
2587                                         /* The algorithm works as follows:
2588                                            it is assumed that previous
2589                                            iterations or the initial granted
2590                                            rights has already set some elements
2591                                            of `letters'.  What we need to do is
2592                                            to clear those that weren't granted
2593                                            by the current PrC as well.  The
2594                                            easiest way to do this is to add 1
2595                                            to all the elements whose letters
2596                                            are given with the current policy.
2597                                            That way, all elements that are set
2598                                            by the current policy and were
2599                                            already set by earlier policies and
2600                                            through the original grant of rights
2601                                            will get the value 2 or higher.
2602                                            The last thing to do is to sweep
2603                                            through `letters' and keep the
2604                                            elements having the value 2 as set,
2605                                            and clear all the others. */
2606
2607                                         fprintf(stderr, "  Certificate proxy rights = %*.*s", i, i, s);
2608                                         while(i-- > 0)
2609                                                 {
2610                                                 int c = *s++;
2611                                                 if (isascii(c) && isalpha(c))
2612                                                         {
2613                                                         if (islower(c))
2614                                                                 c = toupper(c);
2615                                                         letters[c - 'A']++;
2616                                                         }
2617                                                 }
2618                                         for (i = 0; i < 26; i++)
2619                                                 if (letters[i] < 2)
2620                                                         letters[i] = 0;
2621                                                 else
2622                                                         letters[i] = 1;
2623                                         }
2624
2625                                 found_any = 0;
2626                                 fprintf(stderr,
2627                                         ", resulting proxy rights = ");
2628                                 for(i = 0; i < 26; i++)
2629                                         if (letters[i])
2630                                                 {
2631                                                 fprintf(stderr, "%c", i + 'A');
2632                                                 found_any = 1;
2633                                                 }
2634                                 if (!found_any)
2635                                         fprintf(stderr, "none");
2636                                 fprintf(stderr, "\n");
2637
2638                                 PROXY_CERT_INFO_EXTENSION_free(pci);
2639                                 }
2640                         }
2641                 }
2642
2643         return(ok);
2644         }
2645
2646 static void process_proxy_debug(int indent, const char *format, ...)
2647         {
2648         static const char indentation[] =
2649                 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2650                 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
2651         char my_format[256];
2652         va_list args;
2653
2654         BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2655                 indent, indent, indentation, format);
2656
2657         va_start(args, format);
2658         vfprintf(stderr, my_format, args);
2659         va_end(args);
2660         }
2661 /* Priority levels:
2662    0    [!]var, ()
2663    1    & ^
2664    2    |
2665 */
2666 static int process_proxy_cond_adders(unsigned int letters[26],
2667         const char *cond, const char **cond_end, int *pos, int indent);
2668 static int process_proxy_cond_val(unsigned int letters[26],
2669         const char *cond, const char **cond_end, int *pos, int indent)
2670         {
2671         int c;
2672         int ok = 1;
2673         int negate = 0;
2674
2675         while(isspace((int)*cond))
2676                 {
2677                 cond++; (*pos)++;
2678                 }
2679         c = *cond;
2680
2681         if (debug)
2682                 process_proxy_debug(indent,
2683                         "Start process_proxy_cond_val at position %d: %s\n",
2684                         *pos, cond);
2685
2686         while(c == '!')
2687                 {
2688                 negate = !negate;
2689                 cond++; (*pos)++;
2690                 while(isspace((int)*cond))
2691                         {
2692                         cond++; (*pos)++;
2693                         }
2694                 c = *cond;
2695                 }
2696
2697         if (c == '(')
2698                 {
2699                 cond++; (*pos)++;
2700                 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2701                         indent + 1);
2702                 cond = *cond_end;
2703                 if (ok < 0)
2704                         goto end;
2705                 while(isspace((int)*cond))
2706                         {
2707                         cond++; (*pos)++;
2708                         }
2709                 c = *cond;
2710                 if (c != ')')
2711                         {
2712                         fprintf(stderr,
2713                                 "Weird condition character in position %d: "
2714                                 "%c\n", *pos, c);
2715                         ok = -1;
2716                         goto end;
2717                         }
2718                 cond++; (*pos)++;
2719                 }
2720         else if (isascii(c) && isalpha(c))
2721                 {
2722                 if (islower(c))
2723                         c = toupper(c);
2724                 ok = letters[c - 'A'];
2725                 cond++; (*pos)++;
2726                 }
2727         else
2728                 {
2729                 fprintf(stderr,
2730                         "Weird condition character in position %d: "
2731                         "%c\n", *pos, c);
2732                 ok = -1;
2733                 goto end;
2734                 }
2735  end:
2736         *cond_end = cond;
2737         if (ok >= 0 && negate)
2738                 ok = !ok;
2739
2740         if (debug)
2741                 process_proxy_debug(indent,
2742                         "End process_proxy_cond_val at position %d: %s, returning %d\n",
2743                         *pos, cond, ok);
2744
2745         return ok;
2746         }
2747 static int process_proxy_cond_multipliers(unsigned int letters[26],
2748         const char *cond, const char **cond_end, int *pos, int indent)
2749         {
2750         int ok;
2751         char c;
2752
2753         if (debug)
2754                 process_proxy_debug(indent,
2755                         "Start process_proxy_cond_multipliers at position %d: %s\n",
2756                         *pos, cond);
2757
2758         ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2759         cond = *cond_end;
2760         if (ok < 0)
2761                 goto end;
2762
2763         while(ok >= 0)
2764                 {
2765                 while(isspace((int)*cond))
2766                         {
2767                         cond++; (*pos)++;
2768                         }
2769                 c = *cond;
2770
2771                 switch(c)
2772                         {
2773                 case '&':
2774                 case '^':
2775                         {
2776                         int save_ok = ok;
2777
2778                         cond++; (*pos)++;
2779                         ok = process_proxy_cond_val(letters,
2780                                 cond, cond_end, pos, indent + 1);
2781                         cond = *cond_end;
2782                         if (ok < 0)
2783                                 break;
2784
2785                         switch(c)
2786                                 {
2787                         case '&':
2788                                 ok &= save_ok;
2789                                 break;
2790                         case '^':
2791                                 ok ^= save_ok;
2792                                 break;
2793                         default:
2794                                 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2795                                         " STOPPING\n");
2796                                 EXIT(1);
2797                                 }
2798                         }
2799                         break;
2800                 default:
2801                         goto end;
2802                         }
2803                 }
2804  end:
2805         if (debug)
2806                 process_proxy_debug(indent,
2807                         "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2808                         *pos, cond, ok);
2809
2810         *cond_end = cond;
2811         return ok;
2812         }
2813 static int process_proxy_cond_adders(unsigned int letters[26],
2814         const char *cond, const char **cond_end, int *pos, int indent)
2815         {
2816         int ok;
2817         char c;
2818
2819         if (debug)
2820                 process_proxy_debug(indent,
2821                         "Start process_proxy_cond_adders at position %d: %s\n",
2822                         *pos, cond);
2823
2824         ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2825                 indent + 1);
2826         cond = *cond_end;
2827         if (ok < 0)
2828                 goto end;
2829
2830         while(ok >= 0)
2831                 {
2832                 while(isspace((int)*cond))
2833                         {
2834                         cond++; (*pos)++;
2835                         }
2836                 c = *cond;
2837
2838                 switch(c)
2839                         {
2840                 case '|':
2841                         {
2842                         int save_ok = ok;
2843
2844                         cond++; (*pos)++;
2845                         ok = process_proxy_cond_multipliers(letters,
2846                                 cond, cond_end, pos, indent + 1);
2847                         cond = *cond_end;
2848                         if (ok < 0)
2849                                 break;
2850
2851                         switch(c)
2852                                 {
2853                         case '|':
2854                                 ok |= save_ok;
2855                                 break;
2856                         default:
2857                                 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2858                                         " STOPPING\n");
2859                                 EXIT(1);
2860                                 }
2861                         }
2862                         break;
2863                 default:
2864                         goto end;
2865                         }
2866                 }
2867  end:
2868         if (debug)
2869                 process_proxy_debug(indent,
2870                         "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2871                         *pos, cond, ok);
2872
2873         *cond_end = cond;
2874         return ok;
2875         }
2876
2877 static int process_proxy_cond(unsigned int letters[26],
2878         const char *cond, const char **cond_end)
2879         {
2880         int pos = 1;
2881         return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
2882         }
2883
2884 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2885         {
2886         int ok=1;
2887         struct app_verify_arg *cb_arg = arg;
2888         unsigned int letters[26]; /* only used with proxy_auth */
2889
2890         if (cb_arg->app_verify)
2891                 {
2892                 char *s = NULL,buf[256];
2893
2894                 fprintf(stderr, "In app_verify_callback, allowing cert. ");
2895                 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
2896                 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2897                         (void *)ctx, (void *)ctx->cert);
2898                 if (ctx->cert)
2899                         s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
2900                 if (s != NULL)
2901                         {
2902                         fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
2903                         }
2904                 return(1);
2905                 }
2906         if (cb_arg->proxy_auth)
2907                 {
2908                 int found_any = 0, i;
2909                 char *sp;
2910
2911                 for(i = 0; i < 26; i++)
2912                         letters[i] = 0;
2913                 for(sp = cb_arg->proxy_auth; *sp; sp++)
2914                         {
2915                         int c = *sp;
2916                         if (isascii(c) && isalpha(c))
2917                                 {
2918                                 if (islower(c))
2919                                         c = toupper(c);
2920                                 letters[c - 'A'] = 1;
2921                                 }
2922                         }
2923
2924                 fprintf(stderr,
2925                         "  Initial proxy rights = ");
2926                 for(i = 0; i < 26; i++)
2927                         if (letters[i])
2928                                 {
2929                                 fprintf(stderr, "%c", i + 'A');
2930                                 found_any = 1;
2931                                 }
2932                 if (!found_any)
2933                         fprintf(stderr, "none");
2934                 fprintf(stderr, "\n");
2935
2936                 X509_STORE_CTX_set_ex_data(ctx,
2937                         get_proxy_auth_ex_data_idx(),letters);
2938                 }
2939         if (cb_arg->allow_proxy_certs)
2940                 {
2941                 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
2942                 }
2943
2944 #ifndef OPENSSL_NO_X509_VERIFY
2945         ok = X509_verify_cert(ctx);
2946 #endif
2947
2948         if (cb_arg->proxy_auth)
2949                 {
2950                 if (ok > 0)
2951                         {
2952                         const char *cond_end = NULL;
2953
2954                         ok = process_proxy_cond(letters,
2955                                 cb_arg->proxy_cond, &cond_end);
2956
2957                         if (ok < 0)
2958                                 EXIT(3);
2959                         if (*cond_end)
2960                                 {
2961                                 fprintf(stderr, "Stopped processing condition before it's end.\n");
2962                                 ok = 0;
2963                                 }
2964                         if (!ok)
2965                                 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
2966                                         cb_arg->proxy_cond);
2967                         else
2968                                 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
2969                                         cb_arg->proxy_cond);
2970                         }
2971                 }
2972         return(ok);
2973         }
2974
2975 #ifndef OPENSSL_NO_RSA
2976 static RSA *rsa_tmp=NULL;
2977
2978 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2979         {
2980         BIGNUM *bn = NULL;
2981         if (rsa_tmp == NULL)
2982                 {
2983                 bn = BN_new();
2984                 rsa_tmp = RSA_new();
2985                 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
2986                         {
2987                         BIO_printf(bio_err, "Memory error...");
2988                         goto end;
2989                         }
2990                 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
2991                 (void)BIO_flush(bio_err);
2992                 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
2993                         {
2994                         BIO_printf(bio_err, "Error generating key.");
2995                         RSA_free(rsa_tmp);
2996                         rsa_tmp = NULL;
2997                         }
2998 end:
2999                 BIO_printf(bio_err,"\n");
3000                 (void)BIO_flush(bio_err);
3001                 }
3002         if(bn) BN_free(bn);
3003         return(rsa_tmp);
3004         }
3005
3006 static void free_tmp_rsa(void)
3007         {
3008         if (rsa_tmp != NULL)
3009                 {
3010                 RSA_free(rsa_tmp);
3011                 rsa_tmp = NULL;
3012                 }
3013         }
3014 #endif
3015
3016 #ifndef OPENSSL_NO_DH
3017 /* These DH parameters have been generated as follows:
3018  *    $ openssl dhparam -C -noout 512
3019  *    $ openssl dhparam -C -noout 1024
3020  *    $ openssl dhparam -C -noout -dsaparam 1024
3021  * (The third function has been renamed to avoid name conflicts.)
3022  */
3023 static DH *get_dh512()
3024         {
3025         static unsigned char dh512_p[]={
3026                 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
3027                 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
3028                 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
3029                 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
3030                 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
3031                 0x02,0xC5,0xAE,0x23,
3032                 };
3033         static unsigned char dh512_g[]={
3034                 0x02,
3035                 };
3036         DH *dh;
3037
3038         if ((dh=DH_new()) == NULL) return(NULL);
3039         dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
3040         dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
3041         if ((dh->p == NULL) || (dh->g == NULL))
3042                 { DH_free(dh); return(NULL); }
3043         return(dh);
3044         }
3045
3046 static DH *get_dh1024()
3047         {
3048         static unsigned char dh1024_p[]={
3049                 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
3050                 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
3051                 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
3052                 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
3053                 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
3054                 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
3055                 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
3056                 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
3057                 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
3058                 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
3059                 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
3060                 };
3061         static unsigned char dh1024_g[]={
3062                 0x02,
3063                 };
3064         DH *dh;
3065
3066         if ((dh=DH_new()) == NULL) return(NULL);
3067         dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3068         dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3069         if ((dh->p == NULL) || (dh->g == NULL))
3070                 { DH_free(dh); return(NULL); }
3071         return(dh);
3072         }
3073
3074 static DH *get_dh1024dsa()
3075         {
3076         static unsigned char dh1024_p[]={
3077                 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
3078                 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
3079                 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
3080                 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
3081                 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
3082                 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
3083                 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
3084                 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
3085                 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
3086                 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
3087                 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
3088                 };
3089         static unsigned char dh1024_g[]={
3090                 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
3091                 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
3092                 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
3093                 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
3094                 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
3095                 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
3096                 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
3097                 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
3098                 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
3099                 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
3100                 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
3101                 };
3102         DH *dh;
3103
3104         if ((dh=DH_new()) == NULL) return(NULL);
3105         dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3106         dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3107         if ((dh->p == NULL) || (dh->g ==