2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
143 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
144 #define _BSD_SOURCE 1
157 #ifdef OPENSSL_SYS_VMS
159 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
161 # define _XOPEN_SOURCE 500
166 #include <openssl/bio.h>
167 #include <openssl/crypto.h>
168 #include <openssl/evp.h>
169 #include <openssl/x509.h>
170 #include <openssl/x509v3.h>
171 #include <openssl/ssl.h>
172 #ifndef OPENSSL_NO_ENGINE
173 # include <openssl/engine.h>
175 #include <openssl/err.h>
176 #include <openssl/rand.h>
177 #ifndef OPENSSL_NO_RSA
178 # include <openssl/rsa.h>
180 #ifndef OPENSSL_NO_DSA
181 # include <openssl/dsa.h>
183 #ifndef OPENSSL_NO_DH
184 # include <openssl/dh.h>
186 #ifndef OPENSSL_NO_SRP
187 # include <openssl/srp.h>
189 #include <openssl/bn.h>
191 #include "../ssl/ssl_locl.h"
194 * Or gethostname won't be declared properly
195 * on Compaq platforms (at least with DEC C).
196 * Do not try to put it earlier, or IPv6 includes
199 #define _XOPEN_SOURCE_EXTENDED 1
201 #ifdef OPENSSL_SYS_WINDOWS
202 # include <winsock.h>
204 # include OPENSSL_UNISTD
207 #ifdef OPENSSL_SYS_VMS
208 # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
209 # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
210 #elif defined(OPENSSL_SYS_WINCE)
211 # define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
212 # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
213 #elif defined(OPENSSL_SYS_NETWARE)
214 # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
215 # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
217 # define TEST_SERVER_CERT "../apps/server.pem"
218 # define TEST_CLIENT_CERT "../apps/client.pem"
222 * There is really no standard for this, so let's assign some tentative
223 * numbers. In any case, these numbers are only for this test
228 static int verify_callback(int ok, X509_STORE_CTX *ctx);
229 #ifndef OPENSSL_NO_RSA
230 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
231 static void free_tmp_rsa(void);
233 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
234 #define APP_CALLBACK_STRING "Test Callback Argument"
235 struct app_verify_arg {
238 int allow_proxy_certs;
243 #ifndef OPENSSL_NO_DH
244 static DH *get_dh512(void);
245 static DH *get_dh1024(void);
246 static DH *get_dh1024dsa(void);
249 static char *psk_key = NULL; /* by default PSK is not used */
250 #ifndef OPENSSL_NO_PSK
251 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
253 unsigned int max_identity_len,
255 unsigned int max_psk_len);
256 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
258 unsigned int max_psk_len);
261 #ifndef OPENSSL_NO_SRP
263 /* This is a context that we pass to all callbacks */
264 typedef struct srp_client_arg_st {
269 # define PWD_STRLEN 1024
271 static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
273 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
274 return BUF_strdup((char *)srp_client_arg->srppassin);
278 /* This is a context that we pass to SRP server callbacks */
279 typedef struct srp_server_arg_st {
284 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
286 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
288 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
289 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
290 return SSL3_AL_FATAL;
292 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
293 *ad = SSL_AD_INTERNAL_ERROR;
294 return SSL3_AL_FATAL;
296 return SSL_ERROR_NONE;
300 static BIO *bio_err = NULL;
301 static BIO *bio_stdout = NULL;
303 #ifndef OPENSSL_NO_NEXTPROTONEG
304 /* Note that this code assumes that this is only a one element list: */
305 static const char NEXT_PROTO_STRING[] = "\x09testproto";
308 int npn_server_reject = 0;
310 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
311 const unsigned char *in, unsigned int inlen,
315 * This callback only returns the protocol string, rather than a length
316 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
317 * and remove the first byte to chop off the length prefix.
319 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
320 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
321 return SSL_TLSEXT_ERR_OK;
324 static int cb_server_npn(SSL *s, const unsigned char **data,
325 unsigned int *len, void *arg)
327 *data = (const unsigned char *)NEXT_PROTO_STRING;
328 *len = sizeof(NEXT_PROTO_STRING) - 1;
329 return SSL_TLSEXT_ERR_OK;
332 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
333 unsigned int *len, void *arg)
335 return SSL_TLSEXT_ERR_NOACK;
338 static int verify_npn(SSL *client, SSL *server)
340 const unsigned char *client_s;
342 const unsigned char *server_s;
345 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
346 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
349 BIO_printf(bio_stdout, "Client NPN: ");
350 BIO_write(bio_stdout, client_s, client_len);
351 BIO_printf(bio_stdout, "\n");
355 BIO_printf(bio_stdout, "Server NPN: ");
356 BIO_write(bio_stdout, server_s, server_len);
357 BIO_printf(bio_stdout, "\n");
361 * If an NPN string was returned, it must be the protocol that we
362 * expected to negotiate.
364 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
365 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
367 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
368 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
371 if (!npn_client && client_len)
373 if (!npn_server && server_len)
375 if (npn_server_reject && server_len)
377 if (npn_client && npn_server && (!client_len || !server_len))
384 static const char *alpn_client;
385 static const char *alpn_server;
386 static const char *alpn_expected;
387 static unsigned char *alpn_selected;
390 * next_protos_parse parses a comma separated list of strings into a string
391 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
392 * outlen: (output) set to the length of the resulting buffer on success.
393 * err: (maybe NULL) on failure, an error message line is written to this BIO.
394 * in: a NUL terminated string like "abc,def,ghi"
396 * returns: a malloced buffer or NULL on failure.
398 static unsigned char *next_protos_parse(unsigned short *outlen,
409 out = OPENSSL_malloc(strlen(in) + 1);
413 for (i = 0; i <= len; ++i) {
414 if (i == len || in[i] == ',') {
415 if (i - start > 255) {
419 out[start] = i - start;
429 static int cb_server_alpn(SSL *s, const unsigned char **out,
430 unsigned char *outlen, const unsigned char *in,
431 unsigned int inlen, void *arg)
433 unsigned char *protos;
434 unsigned short protos_len;
436 protos = next_protos_parse(&protos_len, alpn_server);
437 if (protos == NULL) {
438 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
443 if (SSL_select_next_proto
444 ((unsigned char **)out, outlen, protos, protos_len, in,
445 inlen) != OPENSSL_NPN_NEGOTIATED) {
446 OPENSSL_free(protos);
447 return SSL_TLSEXT_ERR_NOACK;
451 * Make a copy of the selected protocol which will be freed in
454 alpn_selected = OPENSSL_malloc(*outlen);
455 memcpy(alpn_selected, *out, *outlen);
456 *out = alpn_selected;
458 OPENSSL_free(protos);
459 return SSL_TLSEXT_ERR_OK;
462 static int verify_alpn(SSL *client, SSL *server)
464 const unsigned char *client_proto, *server_proto;
465 unsigned int client_proto_len = 0, server_proto_len = 0;
466 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
467 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
469 OPENSSL_free(alpn_selected);
470 alpn_selected = NULL;
472 if (client_proto_len != server_proto_len ||
473 memcmp(client_proto, server_proto, client_proto_len) != 0) {
474 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
478 if (client_proto_len > 0 && alpn_expected == NULL) {
479 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
483 if (alpn_expected != NULL &&
484 (client_proto_len != strlen(alpn_expected) ||
485 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
486 BIO_printf(bio_stdout,
487 "ALPN selected protocols not equal to expected protocol: %s\n",
495 BIO_printf(bio_stdout, "ALPN results: client: '");
496 BIO_write(bio_stdout, client_proto, client_proto_len);
497 BIO_printf(bio_stdout, "', server: '");
498 BIO_write(bio_stdout, server_proto, server_proto_len);
499 BIO_printf(bio_stdout, "'\n");
500 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
501 alpn_client, alpn_server);
505 #define SCT_EXT_TYPE 18
508 * WARNING : below extension types are *NOT* IETF assigned, and could
509 * conflict if these types are reassigned and handled specially by OpenSSL
512 #define TACK_EXT_TYPE 62208
513 #define CUSTOM_EXT_TYPE_0 1000
514 #define CUSTOM_EXT_TYPE_1 1001
515 #define CUSTOM_EXT_TYPE_2 1002
516 #define CUSTOM_EXT_TYPE_3 1003
518 const char custom_ext_cli_string[] = "abc";
519 const char custom_ext_srv_string[] = "defg";
521 /* These set from cmdline */
522 char *serverinfo_file = NULL;
523 int serverinfo_sct = 0;
524 int serverinfo_tack = 0;
526 /* These set based on extension callbacks */
527 int serverinfo_sct_seen = 0;
528 int serverinfo_tack_seen = 0;
529 int serverinfo_other_seen = 0;
531 /* This set from cmdline */
534 /* This set based on extension callbacks */
535 int custom_ext_error = 0;
537 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
538 const unsigned char *in, size_t inlen,
541 if (ext_type == SCT_EXT_TYPE)
542 serverinfo_sct_seen++;
543 else if (ext_type == TACK_EXT_TYPE)
544 serverinfo_tack_seen++;
546 serverinfo_other_seen++;
550 static int verify_serverinfo()
552 if (serverinfo_sct != serverinfo_sct_seen)
554 if (serverinfo_tack != serverinfo_tack_seen)
556 if (serverinfo_other_seen)
562 * Four test cases for custom extensions:
563 * 0 - no ClientHello extension or ServerHello response
564 * 1 - ClientHello with "abc", no response
565 * 2 - ClientHello with "abc", empty response
566 * 3 - ClientHello with "abc", "defg" response
569 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
570 const unsigned char **out,
571 size_t *outlen, int *al, void *arg)
573 if (ext_type != CUSTOM_EXT_TYPE_0)
574 custom_ext_error = 1;
575 return 0; /* Don't send an extension */
578 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
579 const unsigned char *in,
580 size_t inlen, int *al, void *arg)
585 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
586 const unsigned char **out,
587 size_t *outlen, int *al, void *arg)
589 if (ext_type != CUSTOM_EXT_TYPE_1)
590 custom_ext_error = 1;
591 *out = (const unsigned char *)custom_ext_cli_string;
592 *outlen = strlen(custom_ext_cli_string);
593 return 1; /* Send "abc" */
596 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
597 const unsigned char *in,
598 size_t inlen, int *al, void *arg)
603 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
604 const unsigned char **out,
605 size_t *outlen, int *al, void *arg)
607 if (ext_type != CUSTOM_EXT_TYPE_2)
608 custom_ext_error = 1;
609 *out = (const unsigned char *)custom_ext_cli_string;
610 *outlen = strlen(custom_ext_cli_string);
611 return 1; /* Send "abc" */
614 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
615 const unsigned char *in,
616 size_t inlen, int *al, void *arg)
618 if (ext_type != CUSTOM_EXT_TYPE_2)
619 custom_ext_error = 1;
621 custom_ext_error = 1; /* Should be empty response */
625 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
626 const unsigned char **out,
627 size_t *outlen, int *al, void *arg)
629 if (ext_type != CUSTOM_EXT_TYPE_3)
630 custom_ext_error = 1;
631 *out = (const unsigned char *)custom_ext_cli_string;
632 *outlen = strlen(custom_ext_cli_string);
633 return 1; /* Send "abc" */
636 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
637 const unsigned char *in,
638 size_t inlen, int *al, void *arg)
640 if (ext_type != CUSTOM_EXT_TYPE_3)
641 custom_ext_error = 1;
642 if (inlen != strlen(custom_ext_srv_string))
643 custom_ext_error = 1;
644 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
645 custom_ext_error = 1; /* Check for "defg" */
650 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
653 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
654 const unsigned char *in,
655 size_t inlen, int *al, void *arg)
657 custom_ext_error = 1;
661 /* 'add' callbacks are only called if the 'parse' callback is called */
662 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
663 const unsigned char **out,
664 size_t *outlen, int *al, void *arg)
666 /* Error: should not have been called */
667 custom_ext_error = 1;
668 return 0; /* Don't send an extension */
671 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
672 const unsigned char *in,
673 size_t inlen, int *al, void *arg)
675 if (ext_type != CUSTOM_EXT_TYPE_1)
676 custom_ext_error = 1;
677 /* Check for "abc" */
678 if (inlen != strlen(custom_ext_cli_string))
679 custom_ext_error = 1;
680 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
681 custom_ext_error = 1;
685 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
686 const unsigned char **out,
687 size_t *outlen, int *al, void *arg)
689 return 0; /* Don't send an extension */
692 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
693 const unsigned char *in,
694 size_t inlen, int *al, void *arg)
696 if (ext_type != CUSTOM_EXT_TYPE_2)
697 custom_ext_error = 1;
698 /* Check for "abc" */
699 if (inlen != strlen(custom_ext_cli_string))
700 custom_ext_error = 1;
701 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
702 custom_ext_error = 1;
706 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
707 const unsigned char **out,
708 size_t *outlen, int *al, void *arg)
712 return 1; /* Send empty extension */
715 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
716 const unsigned char *in,
717 size_t inlen, int *al, void *arg)
719 if (ext_type != CUSTOM_EXT_TYPE_3)
720 custom_ext_error = 1;
721 /* Check for "abc" */
722 if (inlen != strlen(custom_ext_cli_string))
723 custom_ext_error = 1;
724 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
725 custom_ext_error = 1;
729 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
730 const unsigned char **out,
731 size_t *outlen, int *al, void *arg)
733 *out = (const unsigned char *)custom_ext_srv_string;
734 *outlen = strlen(custom_ext_srv_string);
735 return 1; /* Send "defg" */
738 static char *cipher = NULL;
739 static int verbose = 0;
740 static int debug = 0;
741 static const char rnd_seed[] =
742 "string to make the random number generator think it has entropy";
744 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
746 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
747 static int do_test_cipherlist(void);
749 static void sv_usage(void)
751 fprintf(stderr, "usage: ssltest [args ...]\n");
752 fprintf(stderr, "\n");
754 fprintf(stderr, "-F - run test in FIPS mode\n");
756 fprintf(stderr, " -server_auth - check server certificate\n");
757 fprintf(stderr, " -client_auth - do client authentication\n");
758 fprintf(stderr, " -proxy - allow proxy certificates\n");
759 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
761 " -proxy_cond <val> - expression to test proxy policy rights\n");
762 fprintf(stderr, " -v - more output\n");
763 fprintf(stderr, " -d - debug output\n");
764 fprintf(stderr, " -reuse - use session-id reuse\n");
765 fprintf(stderr, " -num <val> - number of connections to perform\n");
767 " -bytes <val> - number of bytes to swap between client/server\n");
768 #ifndef OPENSSL_NO_DH
770 " -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
772 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
773 fprintf(stderr, " -no_dhe - disable DHE\n");
775 #ifndef OPENSSL_NO_EC
776 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
778 #ifndef OPENSSL_NO_PSK
779 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
781 #ifndef OPENSSL_NO_SRP
782 fprintf(stderr, " -srpuser user - SRP username to use\n");
783 fprintf(stderr, " -srppass arg - password for 'user'\n");
785 #ifndef OPENSSL_NO_SSL3_METHOD
786 fprintf(stderr, " -ssl3 - use SSLv3\n");
788 fprintf(stderr, " -tls1 - use TLSv1\n");
789 #ifndef OPENSSL_NO_DTLS
790 fprintf(stderr, " -dtls1 - use DTLSv1\n");
791 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
793 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
794 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
795 fprintf(stderr, " -cert arg - Server certificate file\n");
797 " -key arg - Server key file (default: same as -cert)\n");
798 fprintf(stderr, " -c_cert arg - Client certificate file\n");
800 " -c_key arg - Client key file (default: same as -c_cert)\n");
801 fprintf(stderr, " -cipher arg - The cipher list\n");
802 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
803 fprintf(stderr, " -f - Test even cases that can't work\n");
805 " -time - measure processor time used by client and server\n");
806 fprintf(stderr, " -zlib - use zlib compression\n");
807 fprintf(stderr, " -rle - use rle compression\n");
808 #ifndef OPENSSL_NO_EC
810 " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
811 " Use \"openssl ecparam -list_curves\" for all names\n"
812 " (default is sect163r2).\n");
815 " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
816 " When this option is requested, the cipherlist\n"
817 " tests are run instead of handshake tests.\n");
818 #ifndef OPENSSL_NO_NEXTPROTONEG
819 fprintf(stderr, " -npn_client - have client side offer NPN\n");
820 fprintf(stderr, " -npn_server - have server side offer NPN\n");
821 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
823 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
824 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
826 " -serverinfo_tack - have client offer and expect TACK\n");
828 " -custom_ext - try various custom extension callbacks\n");
829 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
830 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
832 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
835 static void print_key_details(BIO *out, EVP_PKEY *key)
837 int keyid = EVP_PKEY_id(key);
838 #ifndef OPENSSL_NO_EC
839 if (keyid == EVP_PKEY_EC) {
840 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
843 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
845 cname = EC_curve_nid2nist(nid);
847 cname = OBJ_nid2sn(nid);
848 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
864 algname = OBJ_nid2sn(keyid);
867 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
871 static void print_details(SSL *c_ssl, const char *prefix)
873 const SSL_CIPHER *ciph;
878 ciph = SSL_get_current_cipher(c_ssl);
879 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
881 SSL_get_version(c_ssl),
882 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
883 cert = SSL_get_peer_certificate(c_ssl);
885 pkey = X509_get_pubkey(cert);
887 BIO_puts(bio_stdout, ", ");
888 print_key_details(bio_stdout, pkey);
893 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
894 BIO_puts(bio_stdout, ", temp key: ");
895 print_key_details(bio_stdout, pkey);
898 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
899 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
900 BIO_printf(bio_stdout, "\n");
903 static void lock_dbg_cb(int mode, int type, const char *file, int line)
905 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
906 const char *errstr = NULL;
909 rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
910 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
911 errstr = "invalid mode";
915 if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
916 errstr = "type out of bounds";
920 if (mode & CRYPTO_LOCK) {
922 errstr = "already locked";
924 * must not happen in a single-threaded program (would deadlock)
930 } else if (mode & CRYPTO_UNLOCK) {
932 errstr = "not locked";
936 if (modes[type] != rw) {
937 errstr = (rw == CRYPTO_READ) ?
938 "CRYPTO_r_unlock on write lock" :
939 "CRYPTO_w_unlock on read lock";
944 errstr = "invalid mode";
950 /* we cannot use bio_err here */
952 "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
953 errstr, mode, type, file, line);
957 int main(int argc, char *argv[])
959 char *CApath = NULL, *CAfile = NULL;
963 int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
965 int server_auth = 0, i;
966 struct app_verify_arg app_verify_arg =
967 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
968 char *server_cert = TEST_SERVER_CERT;
969 char *server_key = NULL;
970 char *client_cert = TEST_CLIENT_CERT;
971 char *client_key = NULL;
972 #ifndef OPENSSL_NO_EC
973 char *named_curve = NULL;
975 SSL_CTX *s_ctx = NULL;
976 SSL_CTX *c_ctx = NULL;
977 const SSL_METHOD *meth = NULL;
979 int number = 1, reuse = 0;
981 #ifndef OPENSSL_NO_DH
983 int dhe1024 = 0, dhe1024dsa = 0;
985 #ifndef OPENSSL_NO_EC
988 #ifndef OPENSSL_NO_SRP
990 SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
992 SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
998 clock_t s_time = 0, c_time = 0;
999 #ifndef OPENSSL_NO_COMP
1001 COMP_METHOD *cm = NULL;
1002 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
1004 int test_cipherlist = 0;
1008 int no_protocol = 0;
1011 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
1012 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
1013 const char *arg = NULL, *argn = NULL;
1019 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
1021 CRYPTO_set_locking_callback(lock_dbg_cb);
1023 /* enable memory leak checking unless explicitly disabled */
1024 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
1025 && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
1026 CRYPTO_malloc_debug_init();
1027 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1029 /* OPENSSL_DEBUG_MEMORY=off */
1030 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1032 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1034 RAND_seed(rnd_seed, sizeof rnd_seed);
1036 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1038 s_cctx = SSL_CONF_CTX_new();
1039 c_cctx = SSL_CONF_CTX_new();
1041 if (!s_cctx || !c_cctx) {
1042 ERR_print_errors(bio_err);
1046 SSL_CONF_CTX_set_flags(s_cctx,
1047 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER);
1048 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
1049 ERR_print_errors(bio_err);
1053 SSL_CONF_CTX_set_flags(c_cctx,
1054 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT);
1055 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
1056 ERR_print_errors(bio_err);
1064 if (!strcmp(*argv, "-F")) {
1069 "not compiled with FIPS support, so exiting without running.\n");
1072 } else if (strcmp(*argv, "-server_auth") == 0)
1074 else if (strcmp(*argv, "-client_auth") == 0)
1076 else if (strcmp(*argv, "-proxy_auth") == 0) {
1079 app_verify_arg.proxy_auth = *(++argv);
1080 } else if (strcmp(*argv, "-proxy_cond") == 0) {
1083 app_verify_arg.proxy_cond = *(++argv);
1084 } else if (strcmp(*argv, "-v") == 0)
1086 else if (strcmp(*argv, "-d") == 0)
1088 else if (strcmp(*argv, "-reuse") == 0)
1090 else if (strcmp(*argv, "-dhe1024") == 0) {
1091 #ifndef OPENSSL_NO_DH
1095 "ignoring -dhe1024, since I'm compiled without DH\n");
1097 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1098 #ifndef OPENSSL_NO_DH
1102 "ignoring -dhe1024, since I'm compiled without DH\n");
1104 } else if (strcmp(*argv, "-no_dhe") == 0)
1106 else if (strcmp(*argv, "-no_ecdhe") == 0)
1108 else if (strcmp(*argv, "-psk") == 0) {
1111 psk_key = *(++argv);
1112 #ifndef OPENSSL_NO_PSK
1113 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1114 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1121 #ifndef OPENSSL_NO_SRP
1122 else if (strcmp(*argv, "-srpuser") == 0) {
1125 srp_server_arg.expected_user = srp_client_arg.srplogin =
1128 } else if (strcmp(*argv, "-srppass") == 0) {
1131 srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
1135 else if (strcmp(*argv, "-tls1") == 0) {
1137 } else if (strcmp(*argv, "-ssl3") == 0) {
1138 #ifdef OPENSSL_NO_SSL3_METHOD
1142 } else if (strcmp(*argv, "-dtls1") == 0) {
1143 #ifdef OPENSSL_NO_DTLS
1147 } else if (strcmp(*argv, "-dtls12") == 0) {
1148 #ifdef OPENSSL_NO_DTLS
1152 } else if (strncmp(*argv, "-num", 4) == 0) {
1155 number = atoi(*(++argv));
1158 } else if (strcmp(*argv, "-bytes") == 0) {
1161 bytes = atol(*(++argv));
1164 i = strlen(argv[0]);
1165 if (argv[0][i - 1] == 'k')
1167 if (argv[0][i - 1] == 'm')
1168 bytes *= 1024L * 1024L;
1169 } else if (strcmp(*argv, "-cert") == 0) {
1172 server_cert = *(++argv);
1173 } else if (strcmp(*argv, "-s_cert") == 0) {
1176 server_cert = *(++argv);
1177 } else if (strcmp(*argv, "-key") == 0) {
1180 server_key = *(++argv);
1181 } else if (strcmp(*argv, "-s_key") == 0) {
1184 server_key = *(++argv);
1185 } else if (strcmp(*argv, "-c_cert") == 0) {
1188 client_cert = *(++argv);
1189 } else if (strcmp(*argv, "-c_key") == 0) {
1192 client_key = *(++argv);
1193 } else if (strcmp(*argv, "-cipher") == 0) {
1197 } else if (strcmp(*argv, "-CApath") == 0) {
1201 } else if (strcmp(*argv, "-CAfile") == 0) {
1205 } else if (strcmp(*argv, "-bio_pair") == 0) {
1207 } else if (strcmp(*argv, "-f") == 0) {
1209 } else if (strcmp(*argv, "-time") == 0) {
1212 #ifndef OPENSSL_NO_COMP
1213 else if (strcmp(*argv, "-zlib") == 0) {
1215 } else if (strcmp(*argv, "-rle") == 0) {
1219 else if (strcmp(*argv, "-named_curve") == 0) {
1222 #ifndef OPENSSL_NO_EC
1223 named_curve = *(++argv);
1226 "ignoring -named_curve, since I'm compiled without ECDH\n");
1229 } else if (strcmp(*argv, "-app_verify") == 0) {
1230 app_verify_arg.app_verify = 1;
1231 } else if (strcmp(*argv, "-proxy") == 0) {
1232 app_verify_arg.allow_proxy_certs = 1;
1233 } else if (strcmp(*argv, "-test_cipherlist") == 0) {
1234 test_cipherlist = 1;
1236 #ifndef OPENSSL_NO_NEXTPROTONEG
1237 else if (strcmp(*argv, "-npn_client") == 0) {
1239 } else if (strcmp(*argv, "-npn_server") == 0) {
1241 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1242 npn_server_reject = 1;
1245 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1247 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1248 serverinfo_tack = 1;
1249 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1252 serverinfo_file = *(++argv);
1253 } else if (strcmp(*argv, "-custom_ext") == 0) {
1255 } else if (strcmp(*argv, "-alpn_client") == 0) {
1258 alpn_client = *(++argv);
1259 } else if (strcmp(*argv, "-alpn_server") == 0) {
1262 alpn_server = *(++argv);
1263 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1266 alpn_expected = *(++argv);
1271 /* Try to process command using SSL_CONF */
1272 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1273 /* If not processed try server */
1275 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1276 /* Recognised: store it for later use */
1281 conf_args = sk_OPENSSL_STRING_new_null();
1285 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1287 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1292 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1294 BIO_printf(bio_err, "Error with command %s\n", arg);
1296 BIO_printf(bio_err, "unknown option %s\n", arg);
1310 * test_cipherlist prevails over protocol switch: we test the cipherlist
1311 * for all enabled protocols.
1313 if (test_cipherlist == 1) {
1315 * ensure that the cipher list are correctly sorted and exit
1317 fprintf(stdout, "Testing cipherlist order only. Ignoring all "
1318 "other options.\n");
1319 if (do_test_cipherlist() == 0)
1325 if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
1326 fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
1332 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1333 * Ideally, we would error out, but the generic test wrapper can't know
1334 * when to expect failure. So we do nothing and return success.
1337 fprintf(stderr, "Testing was requested for a disabled protocol. "
1338 "Skipping tests.\n");
1343 if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
1344 fprintf(stderr, "This case cannot work. Use -f to perform "
1345 "the test anyway (and\n-d to see what happens), "
1346 "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
1347 "to avoid protocol mismatch.\n");
1352 if (!FIPS_mode_set(1)) {
1353 ERR_load_crypto_strings();
1354 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
1357 fprintf(stderr, "*** IN FIPS MODE ***\n");
1363 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1366 if (number < 50 && !force)
1368 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1371 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1374 SSL_load_error_strings();
1376 #ifndef OPENSSL_NO_COMP
1377 if (comp == COMP_ZLIB)
1379 if (comp == COMP_RLE)
1382 if (cm->type != NID_undef) {
1383 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1384 fprintf(stderr, "Failed to add compression method\n");
1385 ERR_print_errors_fp(stderr);
1389 "Warning: %s compression not supported\n",
1390 (comp == COMP_RLE ? "rle" :
1391 (comp == COMP_ZLIB ? "zlib" : "unknown")));
1392 ERR_print_errors_fp(stderr);
1395 ssl_comp_methods = SSL_COMP_get_compression_methods();
1396 n = sk_SSL_COMP_num(ssl_comp_methods);
1399 printf("Available compression methods:");
1400 for (j = 0; j < n; j++) {
1401 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1402 printf(" %s:%d", c->name, c->id);
1409 * At this point, ssl3/tls1 is only set if the protocol is available.
1410 * (Otherwise we exit early.) However the compiler doesn't know this, so
1413 #ifndef OPENSSL_NO_SSL3
1415 meth = SSLv3_method();
1418 #ifndef OPENSSL_NO_DTLS
1420 meth = DTLSv1_method();
1422 meth = DTLSv1_2_method();
1426 meth = TLSv1_method();
1428 meth = SSLv23_method();
1430 c_ctx = SSL_CTX_new(meth);
1431 s_ctx = SSL_CTX_new(meth);
1432 if ((c_ctx == NULL) || (s_ctx == NULL)) {
1433 ERR_print_errors(bio_err);
1437 * Since we will use low security ciphersuites and keys for testing set
1438 * security level to zero.
1440 SSL_CTX_set_security_level(c_ctx, 0);
1441 SSL_CTX_set_security_level(s_ctx, 0);
1443 if (cipher != NULL) {
1444 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1445 || !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1446 ERR_print_errors(bio_err);
1451 /* Process SSL_CONF arguments */
1452 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1453 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1455 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1457 arg = sk_OPENSSL_STRING_value(conf_args, i);
1458 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1459 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1460 /* If not recognised use server context */
1462 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1464 BIO_printf(bio_err, "Error processing %s %s\n",
1465 arg, argn ? argn : "");
1466 ERR_print_errors(bio_err);
1471 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx)) {
1472 BIO_puts(bio_err, "Error finishing context\n");
1473 ERR_print_errors(bio_err);
1476 #ifndef OPENSSL_NO_DH
1480 * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
1482 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1483 dh = get_dh1024dsa();
1488 SSL_CTX_set_tmp_dh(s_ctx, dh);
1495 #ifndef OPENSSL_NO_EC
1499 if (named_curve != NULL) {
1500 nid = OBJ_sn2nid(named_curve);
1502 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1506 # ifdef OPENSSL_NO_EC2M
1507 nid = NID_X9_62_prime256v1;
1509 nid = NID_sect163r2;
1512 ecdh = EC_KEY_new_by_curve_name(nid);
1514 BIO_printf(bio_err, "unable to create curve\n");
1518 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1519 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1526 #ifndef OPENSSL_NO_RSA
1527 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
1530 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
1531 ERR_print_errors(bio_err);
1532 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
1533 (server_key ? server_key :
1535 SSL_FILETYPE_PEM)) {
1536 ERR_print_errors(bio_err);
1541 if (!SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM)
1542 || !SSL_CTX_use_PrivateKey_file(c_ctx,
1543 (client_key ? client_key : client_cert),
1544 SSL_FILETYPE_PEM)) {
1545 ERR_print_errors(bio_err);
1550 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1551 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1552 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1553 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1554 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1555 ERR_print_errors(bio_err);
1560 printf("client authentication\n");
1561 SSL_CTX_set_verify(s_ctx,
1562 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1564 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1568 printf("server authentication\n");
1569 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1570 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1575 int session_id_context = 0;
1576 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1577 sizeof session_id_context)) {
1578 ERR_print_errors(bio_err);
1583 /* Use PSK only if PSK key is given */
1584 if (psk_key != NULL) {
1586 * no_psk is used to avoid putting psk command to openssl tool
1590 * if PSK is not compiled in and psk key is given, do nothing and
1596 #ifndef OPENSSL_NO_PSK
1597 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1598 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1600 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1601 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
1602 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1603 ERR_print_errors(bio_err);
1608 #ifndef OPENSSL_NO_SRP
1609 if (srp_client_arg.srplogin) {
1610 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1611 BIO_printf(bio_err, "Unable to set SRP username\n");
1614 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1615 SSL_CTX_set_srp_client_pwd_callback(c_ctx,
1616 ssl_give_srp_client_pwd_cb);
1618 * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
1622 if (srp_server_arg.expected_user != NULL) {
1623 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1624 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1625 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1629 #ifndef OPENSSL_NO_NEXTPROTONEG
1631 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1634 if (npn_server_reject) {
1636 "Can't have both -npn_server and -npn_server_reject\n");
1639 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1641 if (npn_server_reject) {
1642 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
1647 if (serverinfo_sct) {
1648 if (!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
1650 serverinfo_cli_parse_cb, NULL)) {
1651 BIO_printf(bio_err, "Error adding SCT extension\n");
1655 if (serverinfo_tack) {
1656 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1658 serverinfo_cli_parse_cb, NULL)) {
1659 BIO_printf(bio_err, "Error adding TACK extension\n");
1663 if (serverinfo_file)
1664 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
1665 BIO_printf(bio_err, "missing serverinfo file\n");
1670 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1671 custom_ext_0_cli_add_cb,
1673 custom_ext_0_cli_parse_cb, NULL)
1674 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1675 custom_ext_1_cli_add_cb,
1677 custom_ext_1_cli_parse_cb, NULL)
1678 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1679 custom_ext_2_cli_add_cb,
1681 custom_ext_2_cli_parse_cb, NULL)
1682 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1683 custom_ext_3_cli_add_cb,
1685 custom_ext_3_cli_parse_cb, NULL)
1686 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1687 custom_ext_0_srv_add_cb,
1689 custom_ext_0_srv_parse_cb, NULL)
1690 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1691 custom_ext_1_srv_add_cb,
1693 custom_ext_1_srv_parse_cb, NULL)
1694 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1695 custom_ext_2_srv_add_cb,
1697 custom_ext_2_srv_parse_cb, NULL)
1698 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1699 custom_ext_3_srv_add_cb,
1701 custom_ext_3_srv_parse_cb, NULL)) {
1702 BIO_printf(bio_err, "Error setting custom extensions\n");
1708 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
1711 unsigned short alpn_len;
1712 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1715 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1718 /* Returns 0 on success!! */
1719 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1720 BIO_printf(bio_err, "Error setting ALPN\n");
1727 c_ssl = SSL_new(c_ctx);
1728 s_ssl = SSL_new(s_ctx);
1730 #ifndef OPENSSL_NO_KRB5
1731 if (c_ssl && c_ssl->kssl_ctx) {
1732 char localhost[MAXHOSTNAMELEN + 2];
1734 if (gethostname(localhost, sizeof localhost - 1) == 0) {
1735 localhost[sizeof localhost - 1] = '\0';
1736 if (strlen(localhost) == sizeof localhost - 1) {
1737 BIO_printf(bio_err, "localhost name too long\n");
1740 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
1743 #endif /* OPENSSL_NO_KRB5 */
1745 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1746 for (i = 0; i < number; i++) {
1748 if (!SSL_set_session(c_ssl, NULL)) {
1749 BIO_printf(bio_err, "Failed to set session\n");
1754 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1756 ret = doit(s_ssl, c_ssl, bytes);
1761 print_details(c_ssl, "");
1764 #ifdef CLOCKS_PER_SEC
1766 * "To determine the time in seconds, the value returned by the clock
1767 * function should be divided by the value of the macro
1768 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1770 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1771 "Approximate total client time: %6.2f s\n",
1772 (double)s_time / CLOCKS_PER_SEC,
1773 (double)c_time / CLOCKS_PER_SEC);
1775 BIO_printf(bio_stdout,
1776 "Approximate total server time: %6.2f units\n"
1777 "Approximate total client time: %6.2f units\n",
1778 (double)s_time, (double)c_time);
1786 SSL_CTX_free(s_ctx);
1787 SSL_CTX_free(c_ctx);
1788 SSL_CONF_CTX_free(s_cctx);
1789 SSL_CONF_CTX_free(c_cctx);
1790 sk_OPENSSL_STRING_free(conf_args);
1792 BIO_free(bio_stdout);
1794 #ifndef OPENSSL_NO_RSA
1797 #ifndef OPENSSL_NO_ENGINE
1800 CRYPTO_cleanup_all_ex_data();
1802 ERR_remove_thread_state(NULL);
1804 CRYPTO_mem_leaks(bio_err);
1809 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1810 clock_t *s_time, clock_t *c_time)
1812 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1813 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1814 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1817 size_t bufsiz = 256; /* small buffer for testing */
1819 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1821 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1824 s_ssl_bio = BIO_new(BIO_f_ssl());
1828 c_ssl_bio = BIO_new(BIO_f_ssl());
1832 SSL_set_connect_state(c_ssl);
1833 SSL_set_bio(c_ssl, client, client);
1834 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1836 SSL_set_accept_state(s_ssl);
1837 SSL_set_bio(s_ssl, server, server);
1838 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1842 * c_ssl_bio: SSL filter BIO
1844 * client: pseudo-I/O for SSL library
1846 * client_io: client's SSL communication; usually to be
1847 * relayed over some I/O facility, but in this
1848 * test program, we're the server, too:
1850 * server_io: server's SSL communication
1852 * server: pseudo-I/O for SSL library
1854 * s_ssl_bio: SSL filter BIO
1856 * The client and the server each employ a "BIO pair":
1857 * client + client_io, server + server_io.
1858 * BIO pairs are symmetric. A BIO pair behaves similar
1859 * to a non-blocking socketpair (but both endpoints must
1860 * be handled by the same thread).
1861 * [Here we could connect client and server to the ends
1862 * of a single BIO pair, but then this code would be less
1863 * suitable as an example for BIO pairs in general.]
1865 * Useful functions for querying the state of BIO pair endpoints:
1867 * BIO_ctrl_pending(bio) number of bytes we can read now
1868 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1869 * other side's read attempt
1870 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1872 * ..._read_request is never more than ..._write_guarantee;
1873 * it depends on the application which one you should use.
1877 * We have non-blocking behaviour throughout this test program, but
1878 * can be sure that there is *some* progress in each iteration; so we
1879 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1880 * we just try everything in each iteration
1886 char cbuf[1024 * 8];
1888 clock_t c_clock = clock();
1890 memset(cbuf, 0, sizeof(cbuf));
1893 if (SSL_in_init(c_ssl))
1894 printf("client waiting in SSL_connect - %s\n",
1895 SSL_state_string_long(c_ssl));
1898 /* Write to server. */
1900 if (cw_num > (long)sizeof cbuf)
1904 r = BIO_write(c_ssl_bio, cbuf, i);
1906 if (!BIO_should_retry(c_ssl_bio)) {
1907 fprintf(stderr, "ERROR in CLIENT\n");
1911 * BIO_should_retry(...) can just be ignored here. The
1912 * library expects us to call BIO_write with the same
1913 * arguments again, and that's what we will do in the
1916 } else if (r == 0) {
1917 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1921 printf("client wrote %d\n", r);
1927 /* Read from server. */
1929 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1931 if (!BIO_should_retry(c_ssl_bio)) {
1932 fprintf(stderr, "ERROR in CLIENT\n");
1936 * Again, "BIO_should_retry" can be ignored.
1938 } else if (r == 0) {
1939 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1943 printf("client read %d\n", r);
1949 * c_time and s_time increments will typically be very small
1950 * (depending on machine speed and clock tick intervals), but
1951 * sampling over a large number of connections should result in
1952 * fairly accurate figures. We cannot guarantee a lot, however
1953 * -- if each connection lasts for exactly one clock tick, it
1954 * will be counted only for the client or only for the server or
1957 *c_time += (clock() - c_clock);
1963 char sbuf[1024 * 8];
1965 clock_t s_clock = clock();
1967 memset(sbuf, 0, sizeof(sbuf));
1970 if (SSL_in_init(s_ssl))
1971 printf("server waiting in SSL_accept - %s\n",
1972 SSL_state_string_long(s_ssl));
1975 /* Write to client. */
1977 if (sw_num > (long)sizeof sbuf)
1981 r = BIO_write(s_ssl_bio, sbuf, i);
1983 if (!BIO_should_retry(s_ssl_bio)) {
1984 fprintf(stderr, "ERROR in SERVER\n");
1987 /* Ignore "BIO_should_retry". */
1988 } else if (r == 0) {
1989 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1993 printf("server wrote %d\n", r);
1999 /* Read from client. */
2001 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2003 if (!BIO_should_retry(s_ssl_bio)) {
2004 fprintf(stderr, "ERROR in SERVER\n");
2008 } else if (r == 0) {
2009 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2013 printf("server read %d\n", r);
2018 *s_time += (clock() - s_clock);
2022 /* "I/O" BETWEEN CLIENT AND SERVER. */
2025 BIO *io1 = server_io, *io2 = client_io;
2027 * we use the non-copying interface for io1 and the standard
2028 * BIO_write/BIO_read interface for io2
2031 static int prev_progress = 1;
2039 r1 = BIO_ctrl_pending(io1);
2040 r2 = BIO_ctrl_get_write_guarantee(io2);
2048 if (INT_MAX < num) /* yeah, right */
2051 r = BIO_nread(io1, &dataptr, (int)num);
2053 assert(r <= (int)num);
2055 * possibly r < num (non-contiguous data)
2058 r = BIO_write(io2, dataptr, (int)num);
2059 if (r != (int)num) { /* can't happen */
2060 fprintf(stderr, "ERROR: BIO_write could not write "
2061 "BIO_ctrl_get_write_guarantee() bytes");
2067 printf((io1 == client_io) ?
2068 "C->S relaying: %d bytes\n" :
2069 "S->C relaying: %d bytes\n", (int)num);
2079 r1 = BIO_ctrl_pending(io2);
2080 r2 = BIO_ctrl_get_read_request(io1);
2082 * here we could use ..._get_write_guarantee instead of
2083 * ..._get_read_request, but by using the latter we test
2084 * restartability of the SSL implementation more thoroughly
2096 --num; /* test restartability even more thoroughly */
2098 r = BIO_nwrite0(io1, &dataptr);
2102 r = BIO_read(io2, dataptr, (int)num);
2103 if (r != (int)num) { /* can't happen */
2104 fprintf(stderr, "ERROR: BIO_read could not read "
2105 "BIO_ctrl_pending() bytes");
2109 r = BIO_nwrite(io1, &dataptr, (int)num);
2110 if (r != (int)num) { /* can't happen */
2111 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2112 "BIO_nwrite0() bytes");
2117 printf((io2 == client_io) ?
2118 "C->S relaying: %d bytes\n" :
2119 "S->C relaying: %d bytes\n", (int)num);
2121 } /* no loop, BIO_ctrl_get_read_request now
2122 * returns 0 anyway */
2124 if (!progress && !prev_progress)
2125 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2126 fprintf(stderr, "ERROR: got stuck\n");
2127 fprintf(stderr, " ERROR.\n");
2130 prev_progress = progress;
2133 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2136 print_details(c_ssl, "DONE via BIO pair: ");
2137 #ifndef OPENSSL_NO_NEXTPROTONEG
2138 if (verify_npn(c_ssl, s_ssl) < 0) {
2143 if (verify_serverinfo() < 0) {
2144 fprintf(stderr, "Server info verify error\n");
2148 if (verify_alpn(c_ssl, s_ssl) < 0) {
2153 if (custom_ext_error) {
2154 fprintf(stderr, "Custom extension error\n");
2163 ERR_print_errors(bio_err);
2166 BIO_free(server_io);
2168 BIO_free(client_io);
2169 BIO_free(s_ssl_bio);
2170 BIO_free(c_ssl_bio);
2180 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2182 char *cbuf = NULL, *sbuf = NULL;
2184 long cw_num = count, cr_num = count;
2185 long sw_num = count, sr_num = count;
2191 int c_r, c_w, s_r, s_w;
2194 int c_write, s_write;
2195 int do_server = 0, do_client = 0;
2196 int max_frag = 5 * 1024;
2198 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2200 if ((cbuf = OPENSSL_malloc(bufsiz)) == NULL)
2202 if ((sbuf = OPENSSL_malloc(bufsiz)) == NULL)
2205 memset(cbuf, 0, bufsiz);
2206 memset(sbuf, 0, bufsiz);
2208 c_to_s = BIO_new(BIO_s_mem());
2209 s_to_c = BIO_new(BIO_s_mem());
2210 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2211 ERR_print_errors(bio_err);
2215 c_bio = BIO_new(BIO_f_ssl());
2216 s_bio = BIO_new(BIO_f_ssl());
2217 if ((c_bio == NULL) || (s_bio == NULL)) {
2218 ERR_print_errors(bio_err);
2222 SSL_set_connect_state(c_ssl);
2223 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2224 SSL_set_max_send_fragment(c_ssl, max_frag);
2225 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2227 SSL_set_accept_state(s_ssl);
2228 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2229 SSL_set_max_send_fragment(s_ssl, max_frag);
2230 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2236 c_write = 1, s_write = 0;
2238 /* We can always do writes */
2243 i = (int)BIO_pending(s_bio);
2244 if ((i && s_r) || s_w)
2247 i = (int)BIO_pending(c_bio);
2248 if ((i && c_r) || c_w)
2251 if (do_server && debug) {
2252 if (SSL_in_init(s_ssl))
2253 printf("server waiting in SSL_accept - %s\n",
2254 SSL_state_string_long(s_ssl));
2257 printf("server:SSL_write()\n");
2259 printf("server:SSL_read()\n"); */
2262 if (do_client && debug) {
2263 if (SSL_in_init(c_ssl))
2264 printf("client waiting in SSL_connect - %s\n",
2265 SSL_state_string_long(c_ssl));
2268 printf("client:SSL_write()\n");
2270 printf("client:SSL_read()\n"); */
2273 if (!do_client && !do_server) {
2274 fprintf(stdout, "ERROR IN STARTUP\n");
2275 ERR_print_errors(bio_err);
2278 if (do_client && !(done & C_DONE)) {
2280 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2281 i = BIO_write(c_bio, cbuf, j);
2285 if (BIO_should_retry(c_bio)) {
2286 if (BIO_should_read(c_bio))
2288 if (BIO_should_write(c_bio))
2291 fprintf(stderr, "ERROR in CLIENT\n");
2292 ERR_print_errors(bio_err);
2295 } else if (i == 0) {
2296 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2300 printf("client wrote %d\n", i);
2305 if (max_frag > 1029)
2306 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2309 i = BIO_read(c_bio, cbuf, bufsiz);
2313 if (BIO_should_retry(c_bio)) {
2314 if (BIO_should_read(c_bio))
2316 if (BIO_should_write(c_bio))
2319 fprintf(stderr, "ERROR in CLIENT\n");
2320 ERR_print_errors(bio_err);
2323 } else if (i == 0) {
2324 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2328 printf("client read %d\n", i);
2337 done = S_DONE | C_DONE;
2343 if (do_server && !(done & S_DONE)) {
2345 i = BIO_read(s_bio, sbuf, bufsiz);
2349 if (BIO_should_retry(s_bio)) {
2350 if (BIO_should_read(s_bio))
2352 if (BIO_should_write(s_bio))
2355 fprintf(stderr, "ERROR in SERVER\n");
2356 ERR_print_errors(bio_err);
2359 } else if (i == 0) {
2360 ERR_print_errors(bio_err);
2362 "SSL SERVER STARTUP FAILED in SSL_read\n");
2366 printf("server read %d\n", i);
2379 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2380 i = BIO_write(s_bio, sbuf, j);
2384 if (BIO_should_retry(s_bio)) {
2385 if (BIO_should_read(s_bio))
2387 if (BIO_should_write(s_bio))
2390 fprintf(stderr, "ERROR in SERVER\n");
2391 ERR_print_errors(bio_err);
2394 } else if (i == 0) {
2395 ERR_print_errors(bio_err);
2397 "SSL SERVER STARTUP FAILED in SSL_write\n");
2401 printf("server wrote %d\n", i);
2407 if (max_frag > 1029)
2408 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2413 if ((done & S_DONE) && (done & C_DONE))
2418 print_details(c_ssl, "DONE: ");
2419 #ifndef OPENSSL_NO_NEXTPROTONEG
2420 if (verify_npn(c_ssl, s_ssl) < 0) {
2425 if (verify_serverinfo() < 0) {
2426 fprintf(stderr, "Server info verify error\n");
2430 if (custom_ext_error) {
2431 fprintf(stderr, "Custom extension error\n");
2438 * We have to set the BIO's to NULL otherwise they will be
2439 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
2440 * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
2441 * c_ssl are sharing the same BIO structure and SSL_set_bio() and
2442 * SSL_free() automatically BIO_free non NULL entries. You should not
2443 * normally do this or be required to do this
2445 if (s_ssl != NULL) {
2449 if (c_ssl != NULL) {
2456 BIO_free_all(c_bio);
2457 BIO_free_all(s_bio);
2464 static int get_proxy_auth_ex_data_idx(void)
2466 static volatile int idx = -1;
2468 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2470 idx = X509_STORE_CTX_get_ex_new_index(0,
2471 "SSLtest for verify callback",
2474 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2479 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2483 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
2487 printf("depth=%d %s\n", ctx->error_depth, buf);
2489 fprintf(stderr, "depth=%d error=%d %s\n",
2490 ctx->error_depth, ctx->error, buf);
2495 switch (ctx->error) {
2497 fprintf(stderr, "Error string: %s\n",
2498 X509_verify_cert_error_string(ctx->error));
2500 case X509_V_ERR_CERT_NOT_YET_VALID:
2501 case X509_V_ERR_CERT_HAS_EXPIRED:
2502 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2508 X509 *xs = ctx->current_cert;
2509 if (xs->ex_flags & EXFLAG_PROXY) {
2510 unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
2511 get_proxy_auth_ex_data_idx
2517 PROXY_CERT_INFO_EXTENSION *pci =
2518 X509_get_ext_d2i(xs, NID_proxyCertInfo,
2521 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
2522 case NID_Independent:
2524 * Completely meaningless in this program, as there's no
2525 * way to grant explicit rights to a specific PrC.
2526 * Basically, using id-ppl-Independent is the perfect way
2527 * to grant no rights at all.
2529 fprintf(stderr, " Independent proxy certificate");
2530 for (i = 0; i < 26; i++)
2533 case NID_id_ppl_inheritAll:
2535 * This is basically a NOP, we simply let the current
2536 * rights stand as they are.
2538 fprintf(stderr, " Proxy certificate inherits all");
2542 pci->proxyPolicy->policy->data;
2543 i = pci->proxyPolicy->policy->length;
2546 * The algorithm works as follows: it is assumed that
2547 * previous iterations or the initial granted rights has
2548 * already set some elements of `letters'. What we need
2549 * to do is to clear those that weren't granted by the
2550 * current PrC as well. The easiest way to do this is to
2551 * add 1 to all the elements whose letters are given with
2552 * the current policy. That way, all elements that are
2553 * set by the current policy and were already set by
2554 * earlier policies and through the original grant of
2555 * rights will get the value 2 or higher. The last thing
2556 * to do is to sweep through `letters' and keep the
2557 * elements having the value 2 as set, and clear all the
2561 printf(" Certificate proxy rights = %*.*s", i,
2565 if (isascii(c) && isalpha(c)) {
2571 for (i = 0; i < 26; i++)
2579 printf(", resulting proxy rights = ");
2580 for (i = 0; i < 26; i++)
2582 printf("%c", i + 'A');
2589 PROXY_CERT_INFO_EXTENSION_free(pci);
2597 static void process_proxy_debug(int indent, const char *format, ...)
2600 static const char indentation[] =
2601 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2602 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
2603 char my_format[256];
2606 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2607 indent, indent, indentation, format);
2609 va_start(args, format);
2610 vfprintf(stderr, my_format, args);
2620 static int process_proxy_cond_adders(unsigned int letters[26],
2621 const char *cond, const char **cond_end,
2622 int *pos, int indent);
2623 static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
2624 const char **cond_end, int *pos, int indent)
2630 while (isspace((int)*cond)) {
2637 process_proxy_debug(indent,
2638 "Start process_proxy_cond_val at position %d: %s\n",
2645 while (isspace((int)*cond)) {
2655 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2660 while (isspace((int)*cond)) {
2667 "Weird condition character in position %d: "
2674 } else if (isascii(c) && isalpha(c)) {
2677 ok = letters[c - 'A'];
2682 "Weird condition character in position %d: " "%c\n", *pos, c);
2688 if (ok >= 0 && negate)
2692 process_proxy_debug(indent,
2693 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2699 static int process_proxy_cond_multipliers(unsigned int letters[26],
2701 const char **cond_end, int *pos,
2708 process_proxy_debug(indent,
2709 "Start process_proxy_cond_multipliers at position %d: %s\n",
2712 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2718 while (isspace((int)*cond)) {
2732 ok = process_proxy_cond_val(letters,
2733 cond, cond_end, pos, indent + 1);
2746 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2758 process_proxy_debug(indent,
2759 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2766 static int process_proxy_cond_adders(unsigned int letters[26],
2767 const char *cond, const char **cond_end,
2768 int *pos, int indent)
2774 process_proxy_debug(indent,
2775 "Start process_proxy_cond_adders at position %d: %s\n",
2778 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2785 while (isspace((int)*cond)) {
2798 ok = process_proxy_cond_multipliers(letters,
2799 cond, cond_end, pos,
2810 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2822 process_proxy_debug(indent,
2823 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2830 static int process_proxy_cond(unsigned int letters[26],
2831 const char *cond, const char **cond_end)
2834 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
2837 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2840 struct app_verify_arg *cb_arg = arg;
2841 unsigned int letters[26]; /* only used with proxy_auth */
2843 if (cb_arg->app_verify) {
2844 char *s = NULL, buf[256];
2846 printf("In app_verify_callback, allowing cert. ");
2847 printf("Arg is: %s\n", cb_arg->string);
2848 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2849 (void *)ctx, (void *)ctx->cert);
2851 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
2853 printf("cert depth=%d %s\n", ctx->error_depth, buf);
2857 if (cb_arg->proxy_auth) {
2858 int found_any = 0, i;
2861 for (i = 0; i < 26; i++)
2863 for (sp = cb_arg->proxy_auth; *sp; sp++) {
2865 if (isascii(c) && isalpha(c)) {
2868 letters[c - 'A'] = 1;
2872 printf(" Initial proxy rights = ");
2873 for (i = 0; i < 26; i++)
2875 printf("%c", i + 'A');
2882 X509_STORE_CTX_set_ex_data(ctx,
2883 get_proxy_auth_ex_data_idx(), letters);
2885 if (cb_arg->allow_proxy_certs) {
2886 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
2888 ok = X509_verify_cert(ctx);
2890 if (cb_arg->proxy_auth) {
2892 const char *cond_end = NULL;
2894 ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
2900 "Stopped processing condition before it's end.\n");
2905 "Proxy rights check with condition '%s' invalid\n",
2906 cb_arg->proxy_cond);
2908 printf("Proxy rights check with condition '%s' ok\n",
2909 cb_arg->proxy_cond);
2915 #ifndef OPENSSL_NO_RSA
2916 static RSA *rsa_tmp = NULL;
2918 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2921 if (rsa_tmp == NULL) {
2923 rsa_tmp = RSA_new();
2924 if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
2925 BIO_printf(bio_err, "Memory error...");
2928 printf("Generating temp (%d bit) RSA key...", keylength);
2929 if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2930 BIO_printf(bio_err, "Error generating key.");
2941 static void free_tmp_rsa(void)
2948 #ifndef OPENSSL_NO_DH
2950 * These DH parameters have been generated as follows:
2951 * $ openssl dhparam -C -noout 512
2952 * $ openssl dhparam -C -noout 1024
2953 * $ openssl dhparam -C -noout -dsaparam 1024
2954 * (The third function has been renamed to avoid name conflicts.)
2956 static DH *get_dh512()
2958 static unsigned char dh512_p[] = {
2959 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2961 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2963 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2965 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2967 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2969 0x02, 0xC5, 0xAE, 0x23,
2971 static unsigned char dh512_g[] = {
2976 if ((dh = DH_new()) == NULL)
2978 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2979 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2980 if ((dh->p == NULL) || (dh->g == NULL)) {
2987 static DH *get_dh1024()
2989 static unsigned char dh1024_p[] = {
2990 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2992 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2994 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2996 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2998 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
3000 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
3002 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
3004 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
3006 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
3008 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
3010 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
3012 static unsigned char dh1024_g[] = {
3017 if ((dh = DH_new()) == NULL)
3019 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3020 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3021 if ((dh->p == NULL) || (dh->g == NULL)) {
3028 static DH *get_dh1024dsa()
3030 static unsigned char dh1024_p[] = {
3031 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
3033 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3035 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3037 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3039 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3041 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3043 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3045 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3047 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3049 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3051 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3053 static unsigned char dh1024_g[] = {
3054 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3056 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3058 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3060 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3062 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3064 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3066 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3068 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3070 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3072 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3074 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3078 if ((dh = DH_new()) == NULL)
3080 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3081 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3082 if ((dh->p == NULL) || (dh->g == NULL)) {
3091 #ifndef OPENSSL_NO_PSK
3092 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3093 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3094 unsigned int max_psk_len)
3099 ret = BN_hex2bn(&bn, pskkey);
3101 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3106 if (BN_num_bytes(bn) > (int)max_psk_len) {
3108 "psk buffer of callback is too small (%d) for key (%d)\n",
3109 max_psk_len, BN_num_bytes(bn));
3113 ret = BN_bn2bin(bn, psk);
3118 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3120 unsigned int max_identity_len,
3122 unsigned int max_psk_len)
3125 unsigned int psk_len = 0;
3127 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3131 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3133 ret = psk_key2bn(psk_key, psk, max_psk_len);
3141 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3143 unsigned int max_psk_len)
3145 unsigned int psk_len = 0;
3147 if (strcmp(identity, "Client_identity") != 0) {
3148 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3151 psk_len = psk_key2bn(psk_key, psk, max_psk_len);
3156 static int do_test_cipherlist(void)
3159 const SSL_METHOD *meth;
3160 const SSL_CIPHER *ci, *tci = NULL;
3162 #ifndef OPENSSL_NO_SSL3
3163 meth = SSLv3_method();
3165 while ((ci = meth->get_cipher(i++)) != NULL) {
3167 if (ci->id >= tci->id) {
3168 fprintf(stderr, "testing SSLv3 cipher list order: ");
3169 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3175 meth = TLSv1_method();
3177 while ((ci = meth->get_cipher(i++)) != NULL) {
3179 if (ci->id >= tci->id) {
3180 fprintf(stderr, "testing TLSv1 cipher list order: ");
3181 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);