2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12 * ECC cipher suite support in OpenSSL originally developed by
13 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
15 /* ====================================================================
16 * Copyright 2005 Nokia. All rights reserved.
18 * The portions of the attached software ("Contribution") is developed by
19 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
22 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
23 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
24 * support (see RFC 4279) to OpenSSL.
26 * No patent licenses or other rights except those expressly stated in
27 * the OpenSSL open source license shall be deemed granted or received
28 * expressly, by implication, estoppel, or otherwise.
30 * No assurances are provided by Nokia that the Contribution does not
31 * infringe the patent or other intellectual property rights of any third
32 * party or that the license provides you with all the necessary rights
33 * to make use of the Contribution.
35 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
36 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
37 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
38 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
42 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
44 #define _DEFAULT_SOURCE 1
57 #ifdef OPENSSL_SYS_VMS
59 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
61 # define _XOPEN_SOURCE 500
66 #include <openssl/bio.h>
67 #include <openssl/crypto.h>
68 #include <openssl/evp.h>
69 #include <openssl/x509.h>
70 #include <openssl/x509v3.h>
71 #include <openssl/ssl.h>
72 #ifndef OPENSSL_NO_ENGINE
73 # include <openssl/engine.h>
75 #include <openssl/err.h>
76 #include <openssl/rand.h>
77 #ifndef OPENSSL_NO_RSA
78 # include <openssl/rsa.h>
80 #ifndef OPENSSL_NO_DSA
81 # include <openssl/dsa.h>
84 # include <openssl/dh.h>
86 #ifndef OPENSSL_NO_SRP
87 # include <openssl/srp.h>
89 #include <openssl/bn.h>
91 # include <openssl/ct.h>
94 #include "../ssl/ssl_locl.h"
97 * Or gethostname won't be declared properly
98 * on Compaq platforms (at least with DEC C).
99 * Do not try to put it earlier, or IPv6 includes
102 #define _XOPEN_SOURCE_EXTENDED 1
104 #ifdef OPENSSL_SYS_WINDOWS
105 # include <winsock.h>
107 # include OPENSSL_UNISTD
110 static SSL_CTX *s_ctx = NULL;
111 static SSL_CTX *s_ctx2 = NULL;
114 * There is really no standard for this, so let's assign something
119 static int verify_callback(int ok, X509_STORE_CTX *ctx);
120 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
121 #define APP_CALLBACK_STRING "Test Callback Argument"
122 struct app_verify_arg {
127 #ifndef OPENSSL_NO_DH
128 static DH *get_dh512(void);
129 static DH *get_dh1024(void);
130 static DH *get_dh1024dsa(void);
133 static char *psk_key = NULL; /* by default PSK is not used */
134 #ifndef OPENSSL_NO_PSK
135 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
137 unsigned int max_identity_len,
139 unsigned int max_psk_len);
140 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
142 unsigned int max_psk_len);
145 #ifndef OPENSSL_NO_SRP
147 /* This is a context that we pass to all callbacks */
148 typedef struct srp_client_arg_st {
153 # define PWD_STRLEN 1024
155 static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
157 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
158 return OPENSSL_strdup((char *)srp_client_arg->srppassin);
162 /* This is a context that we pass to SRP server callbacks */
163 typedef struct srp_server_arg_st {
168 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
170 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
172 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
173 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
174 return SSL3_AL_FATAL;
176 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
177 *ad = SSL_AD_INTERNAL_ERROR;
178 return SSL3_AL_FATAL;
180 return SSL_ERROR_NONE;
184 static BIO *bio_err = NULL;
185 static BIO *bio_stdout = NULL;
187 #ifndef OPENSSL_NO_NEXTPROTONEG
188 /* Note that this code assumes that this is only a one element list: */
189 static const char NEXT_PROTO_STRING[] = "\x09testproto";
190 static int npn_client = 0;
191 static int npn_server = 0;
192 static int npn_server_reject = 0;
194 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
195 const unsigned char *in, unsigned int inlen,
199 * This callback only returns the protocol string, rather than a length
200 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
201 * and remove the first byte to chop off the length prefix.
203 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
204 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
205 return SSL_TLSEXT_ERR_OK;
208 static int cb_server_npn(SSL *s, const unsigned char **data,
209 unsigned int *len, void *arg)
211 *data = (const unsigned char *)NEXT_PROTO_STRING;
212 *len = sizeof(NEXT_PROTO_STRING) - 1;
213 return SSL_TLSEXT_ERR_OK;
216 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
217 unsigned int *len, void *arg)
219 return SSL_TLSEXT_ERR_NOACK;
222 static int verify_npn(SSL *client, SSL *server)
224 const unsigned char *client_s;
226 const unsigned char *server_s;
229 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
230 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
233 BIO_printf(bio_stdout, "Client NPN: ");
234 BIO_write(bio_stdout, client_s, client_len);
235 BIO_printf(bio_stdout, "\n");
239 BIO_printf(bio_stdout, "Server NPN: ");
240 BIO_write(bio_stdout, server_s, server_len);
241 BIO_printf(bio_stdout, "\n");
245 * If an NPN string was returned, it must be the protocol that we
246 * expected to negotiate.
248 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
249 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
251 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
252 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
255 if (!npn_client && client_len)
257 if (!npn_server && server_len)
259 if (npn_server_reject && server_len)
261 if (npn_client && npn_server && (!client_len || !server_len))
268 static const char *alpn_client;
269 static char *alpn_server;
270 static char *alpn_server2;
271 static const char *alpn_expected;
272 static unsigned char *alpn_selected;
273 static const char *server_min_proto;
274 static const char *server_max_proto;
275 static const char *client_min_proto;
276 static const char *client_max_proto;
277 static const char *should_negotiate;
278 static const char *sn_client;
279 static const char *sn_server1;
280 static const char *sn_server2;
281 static int sn_expect = 0;
282 static const char *server_sess_out;
283 static const char *server_sess_in;
284 static const char *client_sess_out;
285 static const char *client_sess_in;
286 static SSL_SESSION *server_sess;
287 static SSL_SESSION *client_sess;
289 static int servername_cb(SSL *s, int *ad, void *arg)
291 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
292 if (sn_server2 == NULL) {
293 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
294 return SSL_TLSEXT_ERR_NOACK;
298 if (s_ctx2 != NULL && sn_server2 != NULL &&
299 !strcasecmp(servername, sn_server2)) {
300 BIO_printf(bio_stdout, "Switching server context.\n");
301 SSL_set_SSL_CTX(s, s_ctx2);
304 return SSL_TLSEXT_ERR_OK;
306 static int verify_servername(SSL *client, SSL *server)
308 /* just need to see if sn_context is what we expect */
309 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
312 if (sn_expect == 1 && ctx == s_ctx)
314 if (sn_expect == 2 && ctx == s_ctx2)
316 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
318 BIO_printf(bio_stdout, "Servername: context is 2\n");
319 else if (ctx == s_ctx)
320 BIO_printf(bio_stdout, "Servername: context is 1\n");
322 BIO_printf(bio_stdout, "Servername: context is unknown\n");
328 * next_protos_parse parses a comma separated list of strings into a string
329 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
330 * outlen: (output) set to the length of the resulting buffer on success.
331 * err: (maybe NULL) on failure, an error message line is written to this BIO.
332 * in: a NUL terminated string like "abc,def,ghi"
334 * returns: a malloced buffer or NULL on failure.
336 static unsigned char *next_protos_parse(size_t *outlen,
347 out = OPENSSL_malloc(strlen(in) + 1);
351 for (i = 0; i <= len; ++i) {
352 if (i == len || in[i] == ',') {
353 if (i - start > 255) {
357 out[start] = i - start;
367 static int cb_server_alpn(SSL *s, const unsigned char **out,
368 unsigned char *outlen, const unsigned char *in,
369 unsigned int inlen, void *arg)
371 unsigned char *protos;
373 char* alpn_str = arg;
375 protos = next_protos_parse(&protos_len, alpn_str);
376 if (protos == NULL) {
377 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
382 if (SSL_select_next_proto
383 ((unsigned char **)out, outlen, protos, protos_len, in,
384 inlen) != OPENSSL_NPN_NEGOTIATED) {
385 OPENSSL_free(protos);
386 return SSL_TLSEXT_ERR_NOACK;
390 * Make a copy of the selected protocol which will be freed in
393 alpn_selected = OPENSSL_malloc(*outlen);
394 memcpy(alpn_selected, *out, *outlen);
395 *out = alpn_selected;
397 OPENSSL_free(protos);
398 return SSL_TLSEXT_ERR_OK;
401 static int verify_alpn(SSL *client, SSL *server)
403 const unsigned char *client_proto, *server_proto;
404 unsigned int client_proto_len = 0, server_proto_len = 0;
405 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
406 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
408 OPENSSL_free(alpn_selected);
409 alpn_selected = NULL;
411 if (client_proto_len != server_proto_len) {
412 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
416 if (client_proto != NULL &&
417 memcmp(client_proto, server_proto, client_proto_len) != 0) {
418 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
422 if (client_proto_len > 0 && alpn_expected == NULL) {
423 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
427 if (alpn_expected != NULL &&
428 (client_proto_len != strlen(alpn_expected) ||
429 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
430 BIO_printf(bio_stdout,
431 "ALPN selected protocols not equal to expected protocol: %s\n",
439 BIO_printf(bio_stdout, "ALPN results: client: '");
440 BIO_write(bio_stdout, client_proto, client_proto_len);
441 BIO_printf(bio_stdout, "', server: '");
442 BIO_write(bio_stdout, server_proto, server_proto_len);
443 BIO_printf(bio_stdout, "'\n");
444 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
446 if (SSL_get_SSL_CTX(server) == s_ctx2) {
447 BIO_printf(bio_stdout, "%s'\n",
450 BIO_printf(bio_stdout, "%s'\n",
457 * WARNING : below extension types are *NOT* IETF assigned, and could
458 * conflict if these types are reassigned and handled specially by OpenSSL
461 #define TACK_EXT_TYPE 62208
462 #define CUSTOM_EXT_TYPE_0 1000
463 #define CUSTOM_EXT_TYPE_1 1001
464 #define CUSTOM_EXT_TYPE_2 1002
465 #define CUSTOM_EXT_TYPE_3 1003
467 static const char custom_ext_cli_string[] = "abc";
468 static const char custom_ext_srv_string[] = "defg";
470 /* These set from cmdline */
471 static char *serverinfo_file = NULL;
472 static int serverinfo_sct = 0;
473 static int serverinfo_tack = 0;
475 /* These set based on extension callbacks */
476 static int serverinfo_sct_seen = 0;
477 static int serverinfo_tack_seen = 0;
478 static int serverinfo_other_seen = 0;
480 /* This set from cmdline */
481 static int custom_ext = 0;
483 /* This set based on extension callbacks */
484 static int custom_ext_error = 0;
486 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
487 const unsigned char *in, size_t inlen,
490 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
491 serverinfo_sct_seen++;
492 else if (ext_type == TACK_EXT_TYPE)
493 serverinfo_tack_seen++;
495 serverinfo_other_seen++;
499 static int verify_serverinfo()
501 if (serverinfo_sct != serverinfo_sct_seen)
503 if (serverinfo_tack != serverinfo_tack_seen)
505 if (serverinfo_other_seen)
511 * Four test cases for custom extensions:
512 * 0 - no ClientHello extension or ServerHello response
513 * 1 - ClientHello with "abc", no response
514 * 2 - ClientHello with "abc", empty response
515 * 3 - ClientHello with "abc", "defg" response
518 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
519 const unsigned char **out,
520 size_t *outlen, int *al, void *arg)
522 if (ext_type != CUSTOM_EXT_TYPE_0)
523 custom_ext_error = 1;
524 return 0; /* Don't send an extension */
527 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
528 const unsigned char *in,
529 size_t inlen, int *al, void *arg)
534 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
535 const unsigned char **out,
536 size_t *outlen, int *al, void *arg)
538 if (ext_type != CUSTOM_EXT_TYPE_1)
539 custom_ext_error = 1;
540 *out = (const unsigned char *)custom_ext_cli_string;
541 *outlen = strlen(custom_ext_cli_string);
542 return 1; /* Send "abc" */
545 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
546 const unsigned char *in,
547 size_t inlen, int *al, void *arg)
552 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
553 const unsigned char **out,
554 size_t *outlen, int *al, void *arg)
556 if (ext_type != CUSTOM_EXT_TYPE_2)
557 custom_ext_error = 1;
558 *out = (const unsigned char *)custom_ext_cli_string;
559 *outlen = strlen(custom_ext_cli_string);
560 return 1; /* Send "abc" */
563 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
564 const unsigned char *in,
565 size_t inlen, int *al, void *arg)
567 if (ext_type != CUSTOM_EXT_TYPE_2)
568 custom_ext_error = 1;
570 custom_ext_error = 1; /* Should be empty response */
574 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
575 const unsigned char **out,
576 size_t *outlen, int *al, void *arg)
578 if (ext_type != CUSTOM_EXT_TYPE_3)
579 custom_ext_error = 1;
580 *out = (const unsigned char *)custom_ext_cli_string;
581 *outlen = strlen(custom_ext_cli_string);
582 return 1; /* Send "abc" */
585 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
586 const unsigned char *in,
587 size_t inlen, int *al, void *arg)
589 if (ext_type != CUSTOM_EXT_TYPE_3)
590 custom_ext_error = 1;
591 if (inlen != strlen(custom_ext_srv_string))
592 custom_ext_error = 1;
593 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
594 custom_ext_error = 1; /* Check for "defg" */
599 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
602 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
603 const unsigned char *in,
604 size_t inlen, int *al, void *arg)
606 custom_ext_error = 1;
610 /* 'add' callbacks are only called if the 'parse' callback is called */
611 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
612 const unsigned char **out,
613 size_t *outlen, int *al, void *arg)
615 /* Error: should not have been called */
616 custom_ext_error = 1;
617 return 0; /* Don't send an extension */
620 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
621 const unsigned char *in,
622 size_t inlen, int *al, void *arg)
624 if (ext_type != CUSTOM_EXT_TYPE_1)
625 custom_ext_error = 1;
626 /* Check for "abc" */
627 if (inlen != strlen(custom_ext_cli_string))
628 custom_ext_error = 1;
629 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
630 custom_ext_error = 1;
634 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
635 const unsigned char **out,
636 size_t *outlen, int *al, void *arg)
638 return 0; /* Don't send an extension */
641 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
642 const unsigned char *in,
643 size_t inlen, int *al, void *arg)
645 if (ext_type != CUSTOM_EXT_TYPE_2)
646 custom_ext_error = 1;
647 /* Check for "abc" */
648 if (inlen != strlen(custom_ext_cli_string))
649 custom_ext_error = 1;
650 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
651 custom_ext_error = 1;
655 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
656 const unsigned char **out,
657 size_t *outlen, int *al, void *arg)
661 return 1; /* Send empty extension */
664 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
665 const unsigned char *in,
666 size_t inlen, int *al, void *arg)
668 if (ext_type != CUSTOM_EXT_TYPE_3)
669 custom_ext_error = 1;
670 /* Check for "abc" */
671 if (inlen != strlen(custom_ext_cli_string))
672 custom_ext_error = 1;
673 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
674 custom_ext_error = 1;
678 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
679 const unsigned char **out,
680 size_t *outlen, int *al, void *arg)
682 *out = (const unsigned char *)custom_ext_srv_string;
683 *outlen = strlen(custom_ext_srv_string);
684 return 1; /* Send "defg" */
687 static char *cipher = NULL;
688 static int verbose = 0;
689 static int debug = 0;
690 static const char rnd_seed[] =
691 "string to make the random number generator think it has entropy";
693 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
694 long bytes, clock_t *s_time, clock_t *c_time);
695 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
697 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
699 static void sv_usage(void)
701 fprintf(stderr, "usage: ssltest [args ...]\n");
702 fprintf(stderr, "\n");
704 fprintf(stderr, "-F - run test in FIPS mode\n");
706 fprintf(stderr, " -server_auth - check server certificate\n");
707 fprintf(stderr, " -client_auth - do client authentication\n");
708 fprintf(stderr, " -v - more output\n");
709 fprintf(stderr, " -d - debug output\n");
710 fprintf(stderr, " -reuse - use session-id reuse\n");
711 fprintf(stderr, " -num <val> - number of connections to perform\n");
713 " -bytes <val> - number of bytes to swap between client/server\n");
714 #ifndef OPENSSL_NO_DH
716 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
718 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
720 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
721 fprintf(stderr, " -no_dhe - disable DHE\n");
723 #ifndef OPENSSL_NO_EC
724 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
726 #ifndef OPENSSL_NO_PSK
727 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
729 #ifndef OPENSSL_NO_SRP
730 fprintf(stderr, " -srpuser user - SRP username to use\n");
731 fprintf(stderr, " -srppass arg - password for 'user'\n");
733 #ifndef OPENSSL_NO_SSL3
734 fprintf(stderr, " -ssl3 - use SSLv3\n");
736 #ifndef OPENSSL_NO_TLS1
737 fprintf(stderr, " -tls1 - use TLSv1\n");
739 #ifndef OPENSSL_NO_DTLS
740 fprintf(stderr, " -dtls - use DTLS\n");
741 #ifndef OPENSSL_NO_DTLS1
742 fprintf(stderr, " -dtls1 - use DTLSv1\n");
744 #ifndef OPENSSL_NO_DTLS1_2
745 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
748 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
749 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
750 fprintf(stderr, " -cert arg - Server certificate file\n");
752 " -key arg - Server key file (default: same as -cert)\n");
753 fprintf(stderr, " -c_cert arg - Client certificate file\n");
755 " -c_key arg - Client key file (default: same as -c_cert)\n");
756 fprintf(stderr, " -cipher arg - The cipher list\n");
757 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
758 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
759 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
760 fprintf(stderr, " -f - Test even cases that can't work\n");
762 " -time - measure processor time used by client and server\n");
763 fprintf(stderr, " -zlib - use zlib compression\n");
764 #ifndef OPENSSL_NO_NEXTPROTONEG
765 fprintf(stderr, " -npn_client - have client side offer NPN\n");
766 fprintf(stderr, " -npn_server - have server side offer NPN\n");
767 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
769 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
770 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
772 " -serverinfo_tack - have client offer and expect TACK\n");
774 " -custom_ext - try various custom extension callbacks\n");
775 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
776 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
777 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
778 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
780 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
781 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
782 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
783 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
784 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
785 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
786 #ifndef OPENSSL_NO_CT
787 fprintf(stderr, " -noct - no certificate transparency\n");
788 fprintf(stderr, " -requestct - request certificate transparency\n");
789 fprintf(stderr, " -requirect - require certificate transparency\n");
791 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
792 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
793 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
794 fprintf(stderr, " -sn_expect1 - expected server 1\n");
795 fprintf(stderr, " -sn_expect2 - expected server 2\n");
796 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
797 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
798 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
799 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
800 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
801 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
804 static void print_key_details(BIO *out, EVP_PKEY *key)
806 int keyid = EVP_PKEY_id(key);
807 #ifndef OPENSSL_NO_EC
808 if (keyid == EVP_PKEY_EC) {
809 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
812 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
814 cname = EC_curve_nid2nist(nid);
816 cname = OBJ_nid2sn(nid);
817 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
833 algname = OBJ_nid2sn(keyid);
836 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
840 static void print_details(SSL *c_ssl, const char *prefix)
842 const SSL_CIPHER *ciph;
847 ciph = SSL_get_current_cipher(c_ssl);
848 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
850 SSL_get_version(c_ssl),
851 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
852 cert = SSL_get_peer_certificate(c_ssl);
854 pkey = X509_get_pubkey(cert);
856 BIO_puts(bio_stdout, ", ");
857 print_key_details(bio_stdout, pkey);
862 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
863 BIO_puts(bio_stdout, ", temp key: ");
864 print_key_details(bio_stdout, pkey);
867 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
868 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
869 BIO_printf(bio_stdout, "\n");
873 * protocol_from_string - converts a protocol version string to a number
875 * Returns -1 on failure or the version on success
877 static int protocol_from_string(const char *value)
879 struct protocol_versions {
883 static const struct protocol_versions versions[] = {
884 {"ssl3", SSL3_VERSION},
885 {"tls1", TLS1_VERSION},
886 {"tls1.1", TLS1_1_VERSION},
887 {"tls1.2", TLS1_2_VERSION},
888 {"dtls1", DTLS1_VERSION},
889 {"dtls1.2", DTLS1_2_VERSION}};
891 size_t n = OSSL_NELEM(versions);
893 for (i = 0; i < n; i++)
894 if (strcmp(versions[i].name, value) == 0)
895 return versions[i].version;
899 static SSL_SESSION *read_session(const char *filename)
902 BIO *f = BIO_new_file(filename, "r");
905 BIO_printf(bio_err, "Can't open session file %s\n", filename);
906 ERR_print_errors(bio_err);
909 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
911 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
912 ERR_print_errors(bio_err);
918 static int write_session(const char *filename, SSL_SESSION *sess)
920 BIO *f = BIO_new_file(filename, "w");
923 BIO_printf(bio_err, "No session information\n");
927 BIO_printf(bio_err, "Can't open session file %s\n", filename);
928 ERR_print_errors(bio_err);
931 PEM_write_bio_SSL_SESSION(f, sess);
937 * set_protocol_version - Sets protocol version minimum or maximum
939 * Returns 0 on failure and 1 on success
941 static int set_protocol_version(const char *version, SSL *ssl, int setting)
943 if (version != NULL) {
944 int ver = protocol_from_string(version);
946 BIO_printf(bio_err, "Error parsing: %s\n", version);
949 return SSL_ctrl(ssl, setting, ver, NULL);
954 int main(int argc, char *argv[])
956 char *CApath = NULL, *CAfile = NULL;
958 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
960 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
962 int server_auth = 0, i;
963 struct app_verify_arg app_verify_arg =
964 { APP_CALLBACK_STRING, 0 };
966 SSL_CTX *c_ctx = NULL;
967 const SSL_METHOD *meth = NULL;
969 int number = 1, reuse = 0;
970 int should_reuse = -1;
973 #ifndef OPENSSL_NO_DH
975 int dhe512 = 0, dhe1024dsa = 0;
977 #ifndef OPENSSL_NO_SRP
979 SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
981 SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
986 clock_t s_time = 0, c_time = 0;
987 #ifndef OPENSSL_NO_COMP
989 COMP_METHOD *cm = NULL;
990 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
996 int min_version = 0, max_version = 0;
997 #ifndef OPENSSL_NO_CT
999 * Disable CT validation by default, because it will interfere with
1000 * anything using custom extension handlers to deal with SCT extensions.
1002 int ct_validation = 0;
1004 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
1005 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
1006 char *arg = NULL, *argn = NULL;
1012 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
1014 p = getenv("OPENSSL_DEBUG_MEMORY");
1015 if (p != NULL && strcmp(p, "on") == 0)
1016 CRYPTO_set_mem_debug(1);
1017 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1019 RAND_seed(rnd_seed, sizeof rnd_seed);
1021 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1023 s_cctx = SSL_CONF_CTX_new();
1024 s_cctx2 = SSL_CONF_CTX_new();
1025 c_cctx = SSL_CONF_CTX_new();
1027 if (!s_cctx || !c_cctx || !s_cctx2) {
1028 ERR_print_errors(bio_err);
1032 SSL_CONF_CTX_set_flags(s_cctx,
1033 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1034 SSL_CONF_FLAG_CERTIFICATE |
1035 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1036 SSL_CONF_CTX_set_flags(s_cctx2,
1037 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1038 SSL_CONF_FLAG_CERTIFICATE |
1039 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1040 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
1041 ERR_print_errors(bio_err);
1044 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
1045 ERR_print_errors(bio_err);
1049 SSL_CONF_CTX_set_flags(c_cctx,
1050 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
1051 SSL_CONF_FLAG_CERTIFICATE |
1052 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1053 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
1054 ERR_print_errors(bio_err);
1062 if (strcmp(*argv, "-F") == 0) {
1067 "not compiled with FIPS support, so exiting without running.\n");
1070 } else if (strcmp(*argv, "-server_auth") == 0)
1072 else if (strcmp(*argv, "-client_auth") == 0)
1074 else if (strcmp(*argv, "-v") == 0)
1076 else if (strcmp(*argv, "-d") == 0)
1078 else if (strcmp(*argv, "-reuse") == 0)
1080 else if (strcmp(*argv, "-dhe512") == 0) {
1081 #ifndef OPENSSL_NO_DH
1085 "ignoring -dhe512, since I'm compiled without DH\n");
1087 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1088 #ifndef OPENSSL_NO_DH
1092 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1094 } else if (strcmp(*argv, "-no_dhe") == 0)
1096 else if (strcmp(*argv, "-no_ecdhe") == 0)
1098 else if (strcmp(*argv, "-psk") == 0) {
1101 psk_key = *(++argv);
1102 #ifndef OPENSSL_NO_PSK
1103 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1104 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1111 #ifndef OPENSSL_NO_SRP
1112 else if (strcmp(*argv, "-srpuser") == 0) {
1115 srp_server_arg.expected_user = srp_client_arg.srplogin =
1117 min_version = TLS1_VERSION;
1118 } else if (strcmp(*argv, "-srppass") == 0) {
1121 srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
1122 min_version = TLS1_VERSION;
1125 else if (strcmp(*argv, "-tls1") == 0) {
1127 } else if (strcmp(*argv, "-ssl3") == 0) {
1129 } else if (strcmp(*argv, "-dtls1") == 0) {
1131 } else if (strcmp(*argv, "-dtls12") == 0) {
1133 } else if (strcmp(*argv, "-dtls") == 0) {
1135 } else if (strncmp(*argv, "-num", 4) == 0) {
1138 number = atoi(*(++argv));
1141 } else if (strcmp(*argv, "-bytes") == 0) {
1144 bytes = atol(*(++argv));
1147 i = strlen(argv[0]);
1148 if (argv[0][i - 1] == 'k')
1150 if (argv[0][i - 1] == 'm')
1151 bytes *= 1024L * 1024L;
1152 } else if (strcmp(*argv, "-cipher") == 0) {
1156 } else if (strcmp(*argv, "-CApath") == 0) {
1160 } else if (strcmp(*argv, "-CAfile") == 0) {
1164 } else if (strcmp(*argv, "-bio_pair") == 0) {
1165 bio_type = BIO_PAIR;
1167 #ifndef OPENSSL_NO_SOCK
1168 else if (strcmp(*argv, "-ipv4") == 0) {
1169 bio_type = BIO_IPV4;
1170 } else if (strcmp(*argv, "-ipv6") == 0) {
1171 bio_type = BIO_IPV6;
1174 else if (strcmp(*argv, "-f") == 0) {
1176 } else if (strcmp(*argv, "-time") == 0) {
1179 #ifndef OPENSSL_NO_CT
1180 else if (strcmp(*argv, "-noct") == 0) {
1183 else if (strcmp(*argv, "-ct") == 0) {
1187 #ifndef OPENSSL_NO_COMP
1188 else if (strcmp(*argv, "-zlib") == 0) {
1192 else if (strcmp(*argv, "-app_verify") == 0) {
1193 app_verify_arg.app_verify = 1;
1195 #ifndef OPENSSL_NO_NEXTPROTONEG
1196 else if (strcmp(*argv, "-npn_client") == 0) {
1198 } else if (strcmp(*argv, "-npn_server") == 0) {
1200 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1201 npn_server_reject = 1;
1204 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1206 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1207 serverinfo_tack = 1;
1208 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1211 serverinfo_file = *(++argv);
1212 } else if (strcmp(*argv, "-custom_ext") == 0) {
1214 } else if (strcmp(*argv, "-alpn_client") == 0) {
1217 alpn_client = *(++argv);
1218 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1219 strcmp(*argv, "-alpn_server1") == 0) {
1222 alpn_server = *(++argv);
1223 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1226 alpn_server2 = *(++argv);
1227 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1230 alpn_expected = *(++argv);
1231 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1234 server_min_proto = *(++argv);
1235 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1238 server_max_proto = *(++argv);
1239 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1242 client_min_proto = *(++argv);
1243 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1246 client_max_proto = *(++argv);
1247 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1250 should_negotiate = *(++argv);
1251 } else if (strcmp(*argv, "-sn_client") == 0) {
1254 sn_client = *(++argv);
1255 } else if (strcmp(*argv, "-sn_server1") == 0) {
1258 sn_server1 = *(++argv);
1259 } else if (strcmp(*argv, "-sn_server2") == 0) {
1262 sn_server2 = *(++argv);
1263 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1265 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1267 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1270 server_sess_out = *(++argv);
1271 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1274 server_sess_in = *(++argv);
1275 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1278 client_sess_out = *(++argv);
1279 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1282 client_sess_in = *(++argv);
1283 } else if (strcmp(*argv, "-should_reuse") == 0) {
1286 should_reuse = !!atoi(*(++argv));
1287 } else if (strcmp(*argv, "-no_ticket") == 0) {
1293 /* Try to process command using SSL_CONF */
1294 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1295 /* If not processed try server */
1297 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1298 /* Recognised: store it for later use */
1303 conf_args = sk_OPENSSL_STRING_new_null();
1307 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1309 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1314 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1316 BIO_printf(bio_err, "Error with command %s\n", arg);
1318 BIO_printf(bio_err, "unknown option %s\n", arg);
1331 if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
1332 fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
1337 #ifdef OPENSSL_NO_SSL3
1342 #ifdef OPENSSL_NO_TLS1
1347 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1352 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1360 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1361 * Ideally, we would error out, but the generic test wrapper can't know
1362 * when to expect failure. So we do nothing and return success.
1365 fprintf(stderr, "Testing was requested for a disabled protocol. "
1366 "Skipping tests.\n");
1371 if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
1372 fprintf(stderr, "This case cannot work. Use -f to perform "
1373 "the test anyway (and\n-d to see what happens), "
1374 "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
1375 "to avoid protocol mismatch.\n");
1380 if (!FIPS_mode_set(1)) {
1381 ERR_print_errors(bio_err);
1384 fprintf(stderr, "*** IN FIPS MODE ***\n");
1389 if (bio_type != BIO_PAIR) {
1390 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1391 bio_type = BIO_PAIR;
1393 if (number < 50 && !force)
1395 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1398 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1400 #ifndef OPENSSL_NO_COMP
1401 if (comp == COMP_ZLIB)
1404 if (COMP_get_type(cm) != NID_undef) {
1405 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1406 fprintf(stderr, "Failed to add compression method\n");
1407 ERR_print_errors_fp(stderr);
1411 "Warning: %s compression not supported\n",
1412 comp == COMP_ZLIB ? "zlib" : "unknown");
1413 ERR_print_errors_fp(stderr);
1416 ssl_comp_methods = SSL_COMP_get_compression_methods();
1417 n = sk_SSL_COMP_num(ssl_comp_methods);
1420 printf("Available compression methods:");
1421 for (j = 0; j < n; j++) {
1422 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1423 printf(" %s:%d", c->name, c->id);
1429 #ifndef OPENSSL_NO_TLS
1430 meth = TLS_method();
1432 min_version = SSL3_VERSION;
1433 max_version = SSL3_VERSION;
1435 min_version = TLS1_VERSION;
1436 max_version = TLS1_VERSION;
1439 #ifndef OPENSSL_NO_DTLS
1440 if (dtls || dtls1 || dtls12)
1441 meth = DTLS_method();
1443 min_version = DTLS1_VERSION;
1444 max_version = DTLS1_VERSION;
1445 } else if (dtls12) {
1446 min_version = DTLS1_2_VERSION;
1447 max_version = DTLS1_2_VERSION;
1451 c_ctx = SSL_CTX_new(meth);
1452 s_ctx = SSL_CTX_new(meth);
1453 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1454 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1455 ERR_print_errors(bio_err);
1459 * Since we will use low security ciphersuites and keys for testing set
1460 * security level to zero by default. Tests can override this by adding
1461 * "@SECLEVEL=n" to the cipher string.
1463 SSL_CTX_set_security_level(c_ctx, 0);
1464 SSL_CTX_set_security_level(s_ctx, 0);
1465 SSL_CTX_set_security_level(s_ctx2, 0);
1468 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1469 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1472 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1474 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1476 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1478 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1481 if (cipher != NULL) {
1482 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1483 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1484 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1485 ERR_print_errors(bio_err);
1490 #ifndef OPENSSL_NO_CT
1491 if (ct_validation &&
1492 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1493 ERR_print_errors(bio_err);
1498 /* Process SSL_CONF arguments */
1499 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1500 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1501 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1503 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1505 arg = sk_OPENSSL_STRING_value(conf_args, i);
1506 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1507 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1508 /* If not recognised use server context */
1510 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1512 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1515 BIO_printf(bio_err, "Error processing %s %s\n",
1516 arg, argn ? argn : "");
1517 ERR_print_errors(bio_err);
1522 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1523 BIO_puts(bio_err, "Error finishing context\n");
1524 ERR_print_errors(bio_err);
1527 #ifndef OPENSSL_NO_DH
1530 dh = get_dh1024dsa();
1535 SSL_CTX_set_tmp_dh(s_ctx, dh);
1536 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1543 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1544 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1545 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1546 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1547 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1548 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1549 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1550 ERR_print_errors(bio_err);
1554 #ifndef OPENSSL_NO_CT
1555 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1556 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1557 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1558 ERR_print_errors(bio_err);
1563 printf("client authentication\n");
1564 SSL_CTX_set_verify(s_ctx,
1565 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1567 SSL_CTX_set_verify(s_ctx2,
1568 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1570 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1572 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1576 printf("server authentication\n");
1577 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1578 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1583 int session_id_context = 0;
1584 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1585 sizeof session_id_context) ||
1586 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1587 sizeof session_id_context)) {
1588 ERR_print_errors(bio_err);
1593 /* Use PSK only if PSK key is given */
1594 if (psk_key != NULL) {
1596 * no_psk is used to avoid putting psk command to openssl tool
1600 * if PSK is not compiled in and psk key is given, do nothing and
1606 #ifndef OPENSSL_NO_PSK
1607 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1608 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1609 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1611 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1612 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1613 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1614 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1615 ERR_print_errors(bio_err);
1620 #ifndef OPENSSL_NO_SRP
1621 if (srp_client_arg.srplogin) {
1622 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1623 BIO_printf(bio_err, "Unable to set SRP username\n");
1626 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1627 SSL_CTX_set_srp_client_pwd_callback(c_ctx,
1628 ssl_give_srp_client_pwd_cb);
1630 * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
1634 if (srp_server_arg.expected_user != NULL) {
1635 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1636 SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
1637 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1638 SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
1639 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1640 SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
1644 #ifndef OPENSSL_NO_NEXTPROTONEG
1646 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1649 if (npn_server_reject) {
1651 "Can't have both -npn_server and -npn_server_reject\n");
1654 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1655 SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL);
1657 if (npn_server_reject) {
1658 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
1660 SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
1665 if (serverinfo_sct) {
1666 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1667 TLSEXT_TYPE_signed_certificate_timestamp,
1669 serverinfo_cli_parse_cb, NULL)) {
1670 BIO_printf(bio_err, "Error adding SCT extension\n");
1674 if (serverinfo_tack) {
1675 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1677 serverinfo_cli_parse_cb, NULL)) {
1678 BIO_printf(bio_err, "Error adding TACK extension\n");
1682 if (serverinfo_file)
1683 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1684 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1685 BIO_printf(bio_err, "missing serverinfo file\n");
1690 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1691 custom_ext_0_cli_add_cb,
1693 custom_ext_0_cli_parse_cb, NULL)
1694 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1695 custom_ext_1_cli_add_cb,
1697 custom_ext_1_cli_parse_cb, NULL)
1698 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1699 custom_ext_2_cli_add_cb,
1701 custom_ext_2_cli_parse_cb, NULL)
1702 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1703 custom_ext_3_cli_add_cb,
1705 custom_ext_3_cli_parse_cb, NULL)
1706 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1707 custom_ext_0_srv_add_cb,
1709 custom_ext_0_srv_parse_cb, NULL)
1710 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1711 custom_ext_0_srv_add_cb,
1713 custom_ext_0_srv_parse_cb, NULL)
1714 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1715 custom_ext_1_srv_add_cb,
1717 custom_ext_1_srv_parse_cb, NULL)
1718 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1719 custom_ext_1_srv_add_cb,
1721 custom_ext_1_srv_parse_cb, NULL)
1722 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1723 custom_ext_2_srv_add_cb,
1725 custom_ext_2_srv_parse_cb, NULL)
1726 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1727 custom_ext_2_srv_add_cb,
1729 custom_ext_2_srv_parse_cb, NULL)
1730 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1731 custom_ext_3_srv_add_cb,
1733 custom_ext_3_srv_parse_cb, NULL)
1734 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1735 custom_ext_3_srv_add_cb,
1737 custom_ext_3_srv_parse_cb, NULL)) {
1738 BIO_printf(bio_err, "Error setting custom extensions\n");
1744 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1746 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1750 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1753 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1756 /* Returns 0 on success!! */
1757 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1758 BIO_printf(bio_err, "Error setting ALPN\n");
1765 if (server_sess_in != NULL) {
1766 server_sess = read_session(server_sess_in);
1767 if (server_sess == NULL)
1770 if (client_sess_in != NULL) {
1771 client_sess = read_session(client_sess_in);
1772 if (client_sess == NULL)
1776 if (server_sess_out != NULL || server_sess_in != NULL) {
1780 /* Use a fixed key so that we can decrypt the ticket. */
1781 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1782 keys = OPENSSL_zalloc(size);
1783 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1787 if (sn_server1 != NULL || sn_server2 != NULL)
1788 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1790 c_ssl = SSL_new(c_ctx);
1791 s_ssl = SSL_new(s_ctx);
1794 SSL_set_tlsext_host_name(c_ssl, sn_client);
1796 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1798 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1800 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1802 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1806 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1807 BIO_printf(bio_err, "Can't add server session\n");
1808 ERR_print_errors(bio_err);
1813 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1814 for (i = 0; i < number; i++) {
1816 if (!SSL_set_session(c_ssl, NULL)) {
1817 BIO_printf(bio_err, "Failed to set session\n");
1821 if (client_sess_in != NULL) {
1822 if (SSL_set_session(c_ssl, client_sess) == 0) {
1823 BIO_printf(bio_err, "Can't set client session\n");
1824 ERR_print_errors(bio_err);
1830 ret = doit(s_ssl, c_ssl, bytes);
1833 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1835 #ifndef OPENSSL_NO_SOCK
1837 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1838 bytes, &s_time, &c_time);
1841 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1842 bytes, &s_time, &c_time);
1854 if (should_negotiate && ret == 0 &&
1855 strcmp(should_negotiate, "fail-server") != 0 &&
1856 strcmp(should_negotiate, "fail-client") != 0) {
1857 int version = protocol_from_string(should_negotiate);
1859 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1863 if (SSL_version(c_ssl) != version) {
1864 BIO_printf(bio_err, "Unxpected version negotiated. "
1865 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1871 if (should_reuse != -1) {
1872 if (SSL_session_reused(s_ssl) != should_reuse ||
1873 SSL_session_reused(c_ssl) != should_reuse) {
1874 BIO_printf(bio_err, "Unexpected session reuse state. "
1875 "Expected: %d, server: %d, client: %d\n", should_reuse,
1876 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1882 if (server_sess_out != NULL) {
1883 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1888 if (client_sess_out != NULL) {
1889 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1896 print_details(c_ssl, "");
1899 #ifdef CLOCKS_PER_SEC
1901 * "To determine the time in seconds, the value returned by the clock
1902 * function should be divided by the value of the macro
1903 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1905 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1906 "Approximate total client time: %6.2f s\n",
1907 (double)s_time / CLOCKS_PER_SEC,
1908 (double)c_time / CLOCKS_PER_SEC);
1910 BIO_printf(bio_stdout,
1911 "Approximate total server time: %6.2f units\n"
1912 "Approximate total client time: %6.2f units\n",
1913 (double)s_time, (double)c_time);
1922 SSL_CTX_free(s_ctx);
1923 SSL_CTX_free(s_ctx2);
1924 SSL_CTX_free(c_ctx);
1925 SSL_CONF_CTX_free(s_cctx);
1926 SSL_CONF_CTX_free(s_cctx2);
1927 SSL_CONF_CTX_free(c_cctx);
1928 sk_OPENSSL_STRING_free(conf_args);
1930 BIO_free(bio_stdout);
1932 SSL_SESSION_free(server_sess);
1933 SSL_SESSION_free(client_sess);
1935 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1936 if (CRYPTO_mem_leaks(bio_err) <= 0)
1943 #ifndef OPENSSL_NO_SOCK
1944 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1945 clock_t *s_time, clock_t *c_time)
1947 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1948 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1949 BIO *acpt = NULL, *server = NULL, *client = NULL;
1952 int err_in_client = 0;
1953 int err_in_server = 0;
1955 acpt = BIO_new_accept("0");
1958 BIO_set_accept_ip_family(acpt, family);
1959 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1960 if (BIO_do_accept(acpt) <= 0)
1963 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1965 client = BIO_new_connect(addr_str);
1966 BIO_set_conn_ip_family(client, family);
1970 if (BIO_set_nbio(client, 1) <= 0)
1972 if (BIO_set_nbio(acpt, 1) <= 0)
1976 int st_connect = 0, st_accept = 0;
1978 while(!st_connect || !st_accept) {
1980 if (BIO_do_connect(client) <= 0) {
1981 if (!BIO_should_retry(client))
1988 if (BIO_do_accept(acpt) <= 0) {
1989 if (!BIO_should_retry(acpt))
1997 /* We're not interested in accepting further connects */
1998 server = BIO_pop(acpt);
2002 s_ssl_bio = BIO_new(BIO_f_ssl());
2006 c_ssl_bio = BIO_new(BIO_f_ssl());
2010 SSL_set_connect_state(c_ssl);
2011 SSL_set_bio(c_ssl, client, client);
2012 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2014 SSL_set_accept_state(s_ssl);
2015 SSL_set_bio(s_ssl, server, server);
2016 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2020 * c_ssl_bio: SSL filter BIO
2022 * client: I/O for SSL library
2025 * server: I/O for SSL library
2027 * s_ssl_bio: SSL filter BIO
2031 * We have non-blocking behaviour throughout this test program, but
2032 * can be sure that there is *some* progress in each iteration; so we
2033 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2034 * we just try everything in each iteration
2040 char cbuf[1024 * 8];
2042 clock_t c_clock = clock();
2044 memset(cbuf, 0, sizeof(cbuf));
2047 if (SSL_in_init(c_ssl))
2048 printf("client waiting in SSL_connect - %s\n",
2049 SSL_state_string_long(c_ssl));
2052 /* Write to server. */
2054 if (cw_num > (long)sizeof cbuf)
2058 r = BIO_write(c_ssl_bio, cbuf, i);
2060 if (!BIO_should_retry(c_ssl_bio)) {
2061 fprintf(stderr, "ERROR in CLIENT\n");
2066 * BIO_should_retry(...) can just be ignored here. The
2067 * library expects us to call BIO_write with the same
2068 * arguments again, and that's what we will do in the
2071 } else if (r == 0) {
2072 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2076 printf("client wrote %d\n", r);
2082 /* Read from server. */
2084 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2086 if (!BIO_should_retry(c_ssl_bio)) {
2087 fprintf(stderr, "ERROR in CLIENT\n");
2092 * Again, "BIO_should_retry" can be ignored.
2094 } else if (r == 0) {
2095 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2099 printf("client read %d\n", r);
2105 * c_time and s_time increments will typically be very small
2106 * (depending on machine speed and clock tick intervals), but
2107 * sampling over a large number of connections should result in
2108 * fairly accurate figures. We cannot guarantee a lot, however
2109 * -- if each connection lasts for exactly one clock tick, it
2110 * will be counted only for the client or only for the server or
2113 *c_time += (clock() - c_clock);
2119 char sbuf[1024 * 8];
2121 clock_t s_clock = clock();
2123 memset(sbuf, 0, sizeof(sbuf));
2126 if (SSL_in_init(s_ssl))
2127 printf("server waiting in SSL_accept - %s\n",
2128 SSL_state_string_long(s_ssl));
2131 /* Write to client. */
2133 if (sw_num > (long)sizeof sbuf)
2137 r = BIO_write(s_ssl_bio, sbuf, i);
2139 if (!BIO_should_retry(s_ssl_bio)) {
2140 fprintf(stderr, "ERROR in SERVER\n");
2144 /* Ignore "BIO_should_retry". */
2145 } else if (r == 0) {
2146 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2150 printf("server wrote %d\n", r);
2156 /* Read from client. */
2158 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2160 if (!BIO_should_retry(s_ssl_bio)) {
2161 fprintf(stderr, "ERROR in SERVER\n");
2166 } else if (r == 0) {
2167 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2171 printf("server read %d\n", r);
2176 *s_time += (clock() - s_clock);
2179 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2182 print_details(c_ssl, "DONE via TCP connect: ");
2183 # ifndef OPENSSL_NO_NEXTPROTONEG
2184 if (verify_npn(c_ssl, s_ssl) < 0) {
2189 if (verify_serverinfo() < 0) {
2190 fprintf(stderr, "Server info verify error\n");
2194 if (verify_alpn(c_ssl, s_ssl) < 0) {
2198 if (verify_servername(c_ssl, s_ssl) < 0) {
2203 if (custom_ext_error) {
2204 fprintf(stderr, "Custom extension error\n");
2209 # ifndef OPENSSL_NO_NEXTPROTONEG
2215 ERR_print_errors(bio_err);
2220 BIO_free(s_ssl_bio);
2221 BIO_free(c_ssl_bio);
2223 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2224 ret = (err_in_client != 0) ? 0 : 1;
2225 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2226 ret = (err_in_server != 0) ? 0 : 1;
2232 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2233 clock_t *s_time, clock_t *c_time)
2235 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2236 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2237 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2239 int err_in_client = 0;
2240 int err_in_server = 0;
2242 size_t bufsiz = 256; /* small buffer for testing */
2244 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2246 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2249 s_ssl_bio = BIO_new(BIO_f_ssl());
2253 c_ssl_bio = BIO_new(BIO_f_ssl());
2257 SSL_set_connect_state(c_ssl);
2258 SSL_set_bio(c_ssl, client, client);
2259 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2261 SSL_set_accept_state(s_ssl);
2262 SSL_set_bio(s_ssl, server, server);
2263 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2267 * c_ssl_bio: SSL filter BIO
2269 * client: pseudo-I/O for SSL library
2271 * client_io: client's SSL communication; usually to be
2272 * relayed over some I/O facility, but in this
2273 * test program, we're the server, too:
2275 * server_io: server's SSL communication
2277 * server: pseudo-I/O for SSL library
2279 * s_ssl_bio: SSL filter BIO
2281 * The client and the server each employ a "BIO pair":
2282 * client + client_io, server + server_io.
2283 * BIO pairs are symmetric. A BIO pair behaves similar
2284 * to a non-blocking socketpair (but both endpoints must
2285 * be handled by the same thread).
2286 * [Here we could connect client and server to the ends
2287 * of a single BIO pair, but then this code would be less
2288 * suitable as an example for BIO pairs in general.]
2290 * Useful functions for querying the state of BIO pair endpoints:
2292 * BIO_ctrl_pending(bio) number of bytes we can read now
2293 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2294 * other side's read attempt
2295 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2297 * ..._read_request is never more than ..._write_guarantee;
2298 * it depends on the application which one you should use.
2302 * We have non-blocking behaviour throughout this test program, but
2303 * can be sure that there is *some* progress in each iteration; so we
2304 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2305 * we just try everything in each iteration
2311 char cbuf[1024 * 8];
2313 clock_t c_clock = clock();
2315 memset(cbuf, 0, sizeof(cbuf));
2318 if (SSL_in_init(c_ssl))
2319 printf("client waiting in SSL_connect - %s\n",
2320 SSL_state_string_long(c_ssl));
2323 /* Write to server. */
2325 if (cw_num > (long)sizeof cbuf)
2329 r = BIO_write(c_ssl_bio, cbuf, i);
2331 if (!BIO_should_retry(c_ssl_bio)) {
2332 fprintf(stderr, "ERROR in CLIENT\n");
2337 * BIO_should_retry(...) can just be ignored here. The
2338 * library expects us to call BIO_write with the same
2339 * arguments again, and that's what we will do in the
2342 } else if (r == 0) {
2343 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2347 printf("client wrote %d\n", r);
2353 /* Read from server. */
2355 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2357 if (!BIO_should_retry(c_ssl_bio)) {
2358 fprintf(stderr, "ERROR in CLIENT\n");
2363 * Again, "BIO_should_retry" can be ignored.
2365 } else if (r == 0) {
2366 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2370 printf("client read %d\n", r);
2376 * c_time and s_time increments will typically be very small
2377 * (depending on machine speed and clock tick intervals), but
2378 * sampling over a large number of connections should result in
2379 * fairly accurate figures. We cannot guarantee a lot, however
2380 * -- if each connection lasts for exactly one clock tick, it
2381 * will be counted only for the client or only for the server or
2384 *c_time += (clock() - c_clock);
2390 char sbuf[1024 * 8];
2392 clock_t s_clock = clock();
2394 memset(sbuf, 0, sizeof(sbuf));
2397 if (SSL_in_init(s_ssl))
2398 printf("server waiting in SSL_accept - %s\n",
2399 SSL_state_string_long(s_ssl));
2402 /* Write to client. */
2404 if (sw_num > (long)sizeof sbuf)
2408 r = BIO_write(s_ssl_bio, sbuf, i);
2410 if (!BIO_should_retry(s_ssl_bio)) {
2411 fprintf(stderr, "ERROR in SERVER\n");
2415 /* Ignore "BIO_should_retry". */
2416 } else if (r == 0) {
2417 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2421 printf("server wrote %d\n", r);
2427 /* Read from client. */
2429 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2431 if (!BIO_should_retry(s_ssl_bio)) {
2432 fprintf(stderr, "ERROR in SERVER\n");
2437 } else if (r == 0) {
2438 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2442 printf("server read %d\n", r);
2447 *s_time += (clock() - s_clock);
2451 /* "I/O" BETWEEN CLIENT AND SERVER. */
2454 BIO *io1 = server_io, *io2 = client_io;
2456 * we use the non-copying interface for io1 and the standard
2457 * BIO_write/BIO_read interface for io2
2460 static int prev_progress = 1;
2468 r1 = BIO_ctrl_pending(io1);
2469 r2 = BIO_ctrl_get_write_guarantee(io2);
2477 if (INT_MAX < num) /* yeah, right */
2480 r = BIO_nread(io1, &dataptr, (int)num);
2482 assert(r <= (int)num);
2484 * possibly r < num (non-contiguous data)
2487 r = BIO_write(io2, dataptr, (int)num);
2488 if (r != (int)num) { /* can't happen */
2489 fprintf(stderr, "ERROR: BIO_write could not write "
2490 "BIO_ctrl_get_write_guarantee() bytes");
2496 printf((io1 == client_io) ?
2497 "C->S relaying: %d bytes\n" :
2498 "S->C relaying: %d bytes\n", (int)num);
2508 r1 = BIO_ctrl_pending(io2);
2509 r2 = BIO_ctrl_get_read_request(io1);
2511 * here we could use ..._get_write_guarantee instead of
2512 * ..._get_read_request, but by using the latter we test
2513 * restartability of the SSL implementation more thoroughly
2525 --num; /* test restartability even more thoroughly */
2527 r = BIO_nwrite0(io1, &dataptr);
2531 r = BIO_read(io2, dataptr, (int)num);
2532 if (r != (int)num) { /* can't happen */
2533 fprintf(stderr, "ERROR: BIO_read could not read "
2534 "BIO_ctrl_pending() bytes");
2538 r = BIO_nwrite(io1, &dataptr, (int)num);
2539 if (r != (int)num) { /* can't happen */
2540 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2541 "BIO_nwrite0() bytes");
2546 printf((io2 == client_io) ?
2547 "C->S relaying: %d bytes\n" :
2548 "S->C relaying: %d bytes\n", (int)num);
2550 } /* no loop, BIO_ctrl_get_read_request now
2551 * returns 0 anyway */
2553 if (!progress && !prev_progress)
2554 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2555 fprintf(stderr, "ERROR: got stuck\n");
2556 fprintf(stderr, " ERROR.\n");
2559 prev_progress = progress;
2562 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2565 print_details(c_ssl, "DONE via BIO pair: ");
2566 #ifndef OPENSSL_NO_NEXTPROTONEG
2567 if (verify_npn(c_ssl, s_ssl) < 0) {
2572 if (verify_serverinfo() < 0) {
2573 fprintf(stderr, "Server info verify error\n");
2577 if (verify_alpn(c_ssl, s_ssl) < 0) {
2581 if (verify_servername(c_ssl, s_ssl) < 0) {
2586 if (custom_ext_error) {
2587 fprintf(stderr, "Custom extension error\n");
2592 #ifndef OPENSSL_NO_NEXTPROTONEG
2598 ERR_print_errors(bio_err);
2601 BIO_free(server_io);
2603 BIO_free(client_io);
2604 BIO_free(s_ssl_bio);
2605 BIO_free(c_ssl_bio);
2607 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2608 ret = (err_in_client != 0) ? 0 : 1;
2609 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2610 ret = (err_in_server != 0) ? 0 : 1;
2620 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2622 char *cbuf = NULL, *sbuf = NULL;
2624 long cw_num = count, cr_num = count;
2625 long sw_num = count, sr_num = count;
2631 int c_r, c_w, s_r, s_w;
2634 int c_write, s_write;
2635 int do_server = 0, do_client = 0;
2636 int max_frag = 5 * 1024;
2637 int err_in_client = 0;
2638 int err_in_server = 0;
2640 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2642 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2644 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2647 c_to_s = BIO_new(BIO_s_mem());
2648 s_to_c = BIO_new(BIO_s_mem());
2649 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2650 ERR_print_errors(bio_err);
2654 c_bio = BIO_new(BIO_f_ssl());
2655 s_bio = BIO_new(BIO_f_ssl());
2656 if ((c_bio == NULL) || (s_bio == NULL)) {
2657 ERR_print_errors(bio_err);
2661 SSL_set_connect_state(c_ssl);
2662 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2663 SSL_set_max_send_fragment(c_ssl, max_frag);
2664 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2666 SSL_set_accept_state(s_ssl);
2667 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2668 SSL_set_max_send_fragment(s_ssl, max_frag);
2669 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2675 c_write = 1, s_write = 0;
2677 /* We can always do writes */
2682 i = (int)BIO_pending(s_bio);
2683 if ((i && s_r) || s_w)
2686 i = (int)BIO_pending(c_bio);
2687 if ((i && c_r) || c_w)
2690 if (do_server && debug) {
2691 if (SSL_in_init(s_ssl))
2692 printf("server waiting in SSL_accept - %s\n",
2693 SSL_state_string_long(s_ssl));
2696 printf("server:SSL_write()\n");
2698 printf("server:SSL_read()\n"); */
2701 if (do_client && debug) {
2702 if (SSL_in_init(c_ssl))
2703 printf("client waiting in SSL_connect - %s\n",
2704 SSL_state_string_long(c_ssl));
2707 printf("client:SSL_write()\n");
2709 printf("client:SSL_read()\n"); */
2712 if (!do_client && !do_server) {
2713 fprintf(stdout, "ERROR IN STARTUP\n");
2714 ERR_print_errors(bio_err);
2717 if (do_client && !(done & C_DONE)) {
2719 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2720 i = BIO_write(c_bio, cbuf, j);
2724 if (BIO_should_retry(c_bio)) {
2725 if (BIO_should_read(c_bio))
2727 if (BIO_should_write(c_bio))
2730 fprintf(stderr, "ERROR in CLIENT\n");
2732 ERR_print_errors(bio_err);
2735 } else if (i == 0) {
2736 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2740 printf("client wrote %d\n", i);
2745 if (max_frag > 1029)
2746 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2749 i = BIO_read(c_bio, cbuf, bufsiz);
2753 if (BIO_should_retry(c_bio)) {
2754 if (BIO_should_read(c_bio))
2756 if (BIO_should_write(c_bio))
2759 fprintf(stderr, "ERROR in CLIENT\n");
2761 ERR_print_errors(bio_err);
2764 } else if (i == 0) {
2765 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2769 printf("client read %d\n", i);
2778 done = S_DONE | C_DONE;
2784 if (do_server && !(done & S_DONE)) {
2786 i = BIO_read(s_bio, sbuf, bufsiz);
2790 if (BIO_should_retry(s_bio)) {
2791 if (BIO_should_read(s_bio))
2793 if (BIO_should_write(s_bio))
2796 fprintf(stderr, "ERROR in SERVER\n");
2798 ERR_print_errors(bio_err);
2801 } else if (i == 0) {
2802 ERR_print_errors(bio_err);
2804 "SSL SERVER STARTUP FAILED in SSL_read\n");
2808 printf("server read %d\n", i);
2821 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2822 i = BIO_write(s_bio, sbuf, j);
2826 if (BIO_should_retry(s_bio)) {
2827 if (BIO_should_read(s_bio))
2829 if (BIO_should_write(s_bio))
2832 fprintf(stderr, "ERROR in SERVER\n");
2834 ERR_print_errors(bio_err);
2837 } else if (i == 0) {
2838 ERR_print_errors(bio_err);
2840 "SSL SERVER STARTUP FAILED in SSL_write\n");
2844 printf("server wrote %d\n", i);
2850 if (max_frag > 1029)
2851 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2856 if ((done & S_DONE) && (done & C_DONE))
2861 print_details(c_ssl, "DONE: ");
2862 #ifndef OPENSSL_NO_NEXTPROTONEG
2863 if (verify_npn(c_ssl, s_ssl) < 0) {
2868 if (verify_serverinfo() < 0) {
2869 fprintf(stderr, "Server info verify error\n");
2873 if (custom_ext_error) {
2874 fprintf(stderr, "Custom extension error\n");
2881 * We have to set the BIO's to NULL otherwise they will be
2882 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
2883 * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
2884 * c_ssl are sharing the same BIO structure and SSL_set_bio() and
2885 * SSL_free() automatically BIO_free non NULL entries. You should not
2886 * normally do this or be required to do this
2888 if (s_ssl != NULL) {
2892 if (c_ssl != NULL) {
2899 BIO_free_all(c_bio);
2900 BIO_free_all(s_bio);
2904 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2905 ret = (err_in_client != 0) ? 0 : 1;
2906 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2907 ret = (err_in_server != 0) ? 0 : 1;
2912 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2916 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2920 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2922 fprintf(stderr, "depth=%d error=%d %s\n",
2923 X509_STORE_CTX_get_error_depth(ctx),
2924 X509_STORE_CTX_get_error(ctx), buf);
2929 int i = X509_STORE_CTX_get_error(ctx);
2933 fprintf(stderr, "Error string: %s\n",
2934 X509_verify_cert_error_string(i));
2936 case X509_V_ERR_CERT_NOT_YET_VALID:
2937 case X509_V_ERR_CERT_HAS_EXPIRED:
2938 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2947 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2950 struct app_verify_arg *cb_arg = arg;
2952 if (cb_arg->app_verify) {
2953 char *s = NULL, buf[256];
2954 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2956 printf("In app_verify_callback, allowing cert. ");
2957 printf("Arg is: %s\n", cb_arg->string);
2958 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2959 (void *)ctx, (void *)c);
2961 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2963 printf("cert depth=%d %s\n",
2964 X509_STORE_CTX_get_error_depth(ctx), buf);
2969 ok = X509_verify_cert(ctx);
2974 #ifndef OPENSSL_NO_DH
2976 * These DH parameters have been generated as follows:
2977 * $ openssl dhparam -C -noout 512
2978 * $ openssl dhparam -C -noout 1024
2979 * $ openssl dhparam -C -noout -dsaparam 1024
2980 * (The third function has been renamed to avoid name conflicts.)
2982 static DH *get_dh512()
2984 static unsigned char dh512_p[] = {
2985 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2987 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2989 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2991 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2993 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2995 0x02, 0xC5, 0xAE, 0x23,
2997 static unsigned char dh512_g[] = {
3003 if ((dh = DH_new()) == NULL)
3005 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
3006 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
3007 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3016 static DH *get_dh1024()
3018 static unsigned char dh1024_p[] = {
3019 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
3021 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
3023 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
3025 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
3027 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
3029 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
3031 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
3033 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
3035 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
3037 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
3039 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
3041 static unsigned char dh1024_g[] = {
3047 if ((dh = DH_new()) == NULL)
3049 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3050 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3051 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3060 static DH *get_dh1024dsa()
3062 static unsigned char dh1024_p[] = {
3063 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
3065 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3067 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3069 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3071 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3073 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3075 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3077 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3079 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3081 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3083 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3085 static unsigned char dh1024_g[] = {
3086 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3088 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3090 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3092 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3094 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3096 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3098 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3100 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3102 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3104 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3106 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3111 if ((dh = DH_new()) == NULL)
3113 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3114 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3115 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3121 DH_set_length(dh, 160);
3126 #ifndef OPENSSL_NO_PSK
3127 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3128 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3129 unsigned int max_psk_len)
3134 ret = BN_hex2bn(&bn, pskkey);
3136 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3141 if (BN_num_bytes(bn) > (int)max_psk_len) {
3143 "psk buffer of callback is too small (%d) for key (%d)\n",
3144 max_psk_len, BN_num_bytes(bn));
3148 ret = BN_bn2bin(bn, psk);
3153 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3155 unsigned int max_identity_len,
3157 unsigned int max_psk_len)
3160 unsigned int psk_len = 0;
3162 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3166 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3168 ret = psk_key2bn(psk_key, psk, max_psk_len);
3176 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3178 unsigned int max_psk_len)
3180 unsigned int psk_len = 0;
3182 if (strcmp(identity, "Client_identity") != 0) {
3183 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3186 psk_len = psk_key2bn(psk_key, psk, max_psk_len);