2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
5 * Licensed under the OpenSSL license (the "License"). You may not use
6 * this file except in compliance with the License. You can obtain a copy
7 * in the file LICENSE in the source distribution or at
8 * https://www.openssl.org/source/license.html
11 /* ====================================================================
12 * Copyright 2005 Nokia. All rights reserved.
14 * The portions of the attached software ("Contribution") is developed by
15 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
18 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
19 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
20 * support (see RFC 4279) to OpenSSL.
22 * No patent licenses or other rights except those expressly stated in
23 * the OpenSSL open source license shall be deemed granted or received
24 * expressly, by implication, estoppel, or otherwise.
26 * No assurances are provided by Nokia that the Contribution does not
27 * infringe the patent or other intellectual property rights of any third
28 * party or that the license provides you with all the necessary rights
29 * to make use of the Contribution.
31 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
32 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
33 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
34 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
38 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
40 # define _BSD_SOURCE 1
42 #ifndef _DEFAULT_SOURCE
43 # define _DEFAULT_SOURCE 1
57 #ifdef OPENSSL_SYS_VMS
59 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
61 # define _XOPEN_SOURCE 500
66 #include <openssl/bio.h>
67 #include <openssl/crypto.h>
68 #include <openssl/evp.h>
69 #include <openssl/x509.h>
70 #include <openssl/x509v3.h>
71 #include <openssl/ssl.h>
72 #include <openssl/err.h>
73 #include <openssl/rand.h>
74 #ifndef OPENSSL_NO_RSA
75 # include <openssl/rsa.h>
77 #ifndef OPENSSL_NO_DSA
78 # include <openssl/dsa.h>
81 # include <openssl/dh.h>
83 #include <openssl/bn.h>
85 # include <openssl/ct.h>
89 * Or gethostname won't be declared properly
90 * on Compaq platforms (at least with DEC C).
91 * Do not try to put it earlier, or IPv6 includes
94 #define _XOPEN_SOURCE_EXTENDED 1
96 #ifdef OPENSSL_SYS_WINDOWS
99 # include OPENSSL_UNISTD
102 static SSL_CTX *s_ctx = NULL;
103 static SSL_CTX *s_ctx2 = NULL;
106 * There is really no standard for this, so let's assign something
111 static int verify_callback(int ok, X509_STORE_CTX *ctx);
112 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
113 #define APP_CALLBACK_STRING "Test Callback Argument"
114 struct app_verify_arg {
119 #ifndef OPENSSL_NO_DH
120 static DH *get_dh512(void);
121 static DH *get_dh1024(void);
122 static DH *get_dh1024dsa(void);
125 static char *psk_key = NULL; /* by default PSK is not used */
126 #ifndef OPENSSL_NO_PSK
127 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
129 unsigned int max_identity_len,
131 unsigned int max_psk_len);
132 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
134 unsigned int max_psk_len);
137 static BIO *bio_err = NULL;
138 static BIO *bio_stdout = NULL;
140 #ifndef OPENSSL_NO_NEXTPROTONEG
141 /* Note that this code assumes that this is only a one element list: */
142 static const char NEXT_PROTO_STRING[] = "\x09testproto";
143 static int npn_client = 0;
144 static int npn_server = 0;
145 static int npn_server_reject = 0;
147 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
148 const unsigned char *in, unsigned int inlen,
152 * This callback only returns the protocol string, rather than a length
153 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
154 * and remove the first byte to chop off the length prefix.
156 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
157 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
158 return SSL_TLSEXT_ERR_OK;
161 static int cb_server_npn(SSL *s, const unsigned char **data,
162 unsigned int *len, void *arg)
164 *data = (const unsigned char *)NEXT_PROTO_STRING;
165 *len = sizeof(NEXT_PROTO_STRING) - 1;
166 return SSL_TLSEXT_ERR_OK;
169 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
170 unsigned int *len, void *arg)
172 return SSL_TLSEXT_ERR_NOACK;
175 static int verify_npn(SSL *client, SSL *server)
177 const unsigned char *client_s;
179 const unsigned char *server_s;
182 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
183 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
186 BIO_printf(bio_stdout, "Client NPN: ");
187 BIO_write(bio_stdout, client_s, client_len);
188 BIO_printf(bio_stdout, "\n");
192 BIO_printf(bio_stdout, "Server NPN: ");
193 BIO_write(bio_stdout, server_s, server_len);
194 BIO_printf(bio_stdout, "\n");
198 * If an NPN string was returned, it must be the protocol that we
199 * expected to negotiate.
201 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
202 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
204 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
205 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
208 if (!npn_client && client_len)
210 if (!npn_server && server_len)
212 if (npn_server_reject && server_len)
214 if (npn_client && npn_server && (!client_len || !server_len))
221 static const char *alpn_client;
222 static char *alpn_server;
223 static char *alpn_server2;
224 static const char *alpn_expected;
225 static unsigned char *alpn_selected;
226 static const char *server_min_proto;
227 static const char *server_max_proto;
228 static const char *client_min_proto;
229 static const char *client_max_proto;
230 static const char *should_negotiate;
231 static const char *sn_client;
232 static const char *sn_server1;
233 static const char *sn_server2;
234 static int sn_expect = 0;
235 static const char *server_sess_out;
236 static const char *server_sess_in;
237 static const char *client_sess_out;
238 static const char *client_sess_in;
239 static SSL_SESSION *server_sess;
240 static SSL_SESSION *client_sess;
242 static int servername_cb(SSL *s, int *ad, void *arg)
244 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
245 if (sn_server2 == NULL) {
246 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
247 return SSL_TLSEXT_ERR_NOACK;
251 if (s_ctx2 != NULL && sn_server2 != NULL &&
252 !strcasecmp(servername, sn_server2)) {
253 BIO_printf(bio_stdout, "Switching server context.\n");
254 SSL_set_SSL_CTX(s, s_ctx2);
257 return SSL_TLSEXT_ERR_OK;
259 static int verify_servername(SSL *client, SSL *server)
261 /* just need to see if sn_context is what we expect */
262 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
265 if (sn_expect == 1 && ctx == s_ctx)
267 if (sn_expect == 2 && ctx == s_ctx2)
269 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
271 BIO_printf(bio_stdout, "Servername: context is 2\n");
272 else if (ctx == s_ctx)
273 BIO_printf(bio_stdout, "Servername: context is 1\n");
275 BIO_printf(bio_stdout, "Servername: context is unknown\n");
281 * next_protos_parse parses a comma separated list of strings into a string
282 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
283 * outlen: (output) set to the length of the resulting buffer on success.
284 * in: a NUL terminated string like "abc,def,ghi"
286 * returns: a malloced buffer or NULL on failure.
288 static unsigned char *next_protos_parse(size_t *outlen,
299 out = OPENSSL_malloc(strlen(in) + 1);
303 for (i = 0; i <= len; ++i) {
304 if (i == len || in[i] == ',') {
305 if (i - start > 255) {
309 out[start] = i - start;
319 static int cb_server_alpn(SSL *s, const unsigned char **out,
320 unsigned char *outlen, const unsigned char *in,
321 unsigned int inlen, void *arg)
323 unsigned char *protos;
325 char* alpn_str = arg;
327 protos = next_protos_parse(&protos_len, alpn_str);
328 if (protos == NULL) {
329 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
334 if (SSL_select_next_proto
335 ((unsigned char **)out, outlen, protos, protos_len, in,
336 inlen) != OPENSSL_NPN_NEGOTIATED) {
337 OPENSSL_free(protos);
338 return SSL_TLSEXT_ERR_NOACK;
342 * Make a copy of the selected protocol which will be freed in
345 alpn_selected = OPENSSL_malloc(*outlen);
346 memcpy(alpn_selected, *out, *outlen);
347 *out = alpn_selected;
349 OPENSSL_free(protos);
350 return SSL_TLSEXT_ERR_OK;
353 static int verify_alpn(SSL *client, SSL *server)
355 const unsigned char *client_proto, *server_proto;
356 unsigned int client_proto_len = 0, server_proto_len = 0;
357 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
358 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
360 OPENSSL_free(alpn_selected);
361 alpn_selected = NULL;
363 if (client_proto_len != server_proto_len) {
364 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
368 if (client_proto != NULL &&
369 memcmp(client_proto, server_proto, client_proto_len) != 0) {
370 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
374 if (client_proto_len > 0 && alpn_expected == NULL) {
375 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
379 if (alpn_expected != NULL &&
380 (client_proto_len != strlen(alpn_expected) ||
381 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
382 BIO_printf(bio_stdout,
383 "ALPN selected protocols not equal to expected protocol: %s\n",
391 BIO_printf(bio_stdout, "ALPN results: client: '");
392 BIO_write(bio_stdout, client_proto, client_proto_len);
393 BIO_printf(bio_stdout, "', server: '");
394 BIO_write(bio_stdout, server_proto, server_proto_len);
395 BIO_printf(bio_stdout, "'\n");
396 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
398 if (SSL_get_SSL_CTX(server) == s_ctx2) {
399 BIO_printf(bio_stdout, "%s'\n",
402 BIO_printf(bio_stdout, "%s'\n",
409 * WARNING : below extension types are *NOT* IETF assigned, and could
410 * conflict if these types are reassigned and handled specially by OpenSSL
413 #define TACK_EXT_TYPE 62208
414 #define CUSTOM_EXT_TYPE_0 1000
415 #define CUSTOM_EXT_TYPE_1 1001
416 #define CUSTOM_EXT_TYPE_2 1002
417 #define CUSTOM_EXT_TYPE_3 1003
419 static const char custom_ext_cli_string[] = "abc";
420 static const char custom_ext_srv_string[] = "defg";
422 /* These set from cmdline */
423 static char *serverinfo_file = NULL;
424 static int serverinfo_sct = 0;
425 static int serverinfo_tack = 0;
427 /* These set based on extension callbacks */
428 static int serverinfo_sct_seen = 0;
429 static int serverinfo_tack_seen = 0;
430 static int serverinfo_other_seen = 0;
432 /* This set from cmdline */
433 static int custom_ext = 0;
435 /* This set based on extension callbacks */
436 static int custom_ext_error = 0;
438 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
439 const unsigned char *in, size_t inlen,
442 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
443 serverinfo_sct_seen++;
444 else if (ext_type == TACK_EXT_TYPE)
445 serverinfo_tack_seen++;
447 serverinfo_other_seen++;
451 static int verify_serverinfo()
453 if (serverinfo_sct != serverinfo_sct_seen)
455 if (serverinfo_tack != serverinfo_tack_seen)
457 if (serverinfo_other_seen)
463 * Four test cases for custom extensions:
464 * 0 - no ClientHello extension or ServerHello response
465 * 1 - ClientHello with "abc", no response
466 * 2 - ClientHello with "abc", empty response
467 * 3 - ClientHello with "abc", "defg" response
470 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
471 const unsigned char **out,
472 size_t *outlen, int *al, void *arg)
474 if (ext_type != CUSTOM_EXT_TYPE_0)
475 custom_ext_error = 1;
476 return 0; /* Don't send an extension */
479 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
480 const unsigned char *in,
481 size_t inlen, int *al, void *arg)
486 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
487 const unsigned char **out,
488 size_t *outlen, int *al, void *arg)
490 if (ext_type != CUSTOM_EXT_TYPE_1)
491 custom_ext_error = 1;
492 *out = (const unsigned char *)custom_ext_cli_string;
493 *outlen = strlen(custom_ext_cli_string);
494 return 1; /* Send "abc" */
497 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
498 const unsigned char *in,
499 size_t inlen, int *al, void *arg)
504 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
505 const unsigned char **out,
506 size_t *outlen, int *al, void *arg)
508 if (ext_type != CUSTOM_EXT_TYPE_2)
509 custom_ext_error = 1;
510 *out = (const unsigned char *)custom_ext_cli_string;
511 *outlen = strlen(custom_ext_cli_string);
512 return 1; /* Send "abc" */
515 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
516 const unsigned char *in,
517 size_t inlen, int *al, void *arg)
519 if (ext_type != CUSTOM_EXT_TYPE_2)
520 custom_ext_error = 1;
522 custom_ext_error = 1; /* Should be empty response */
526 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
527 const unsigned char **out,
528 size_t *outlen, int *al, void *arg)
530 if (ext_type != CUSTOM_EXT_TYPE_3)
531 custom_ext_error = 1;
532 *out = (const unsigned char *)custom_ext_cli_string;
533 *outlen = strlen(custom_ext_cli_string);
534 return 1; /* Send "abc" */
537 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
538 const unsigned char *in,
539 size_t inlen, int *al, void *arg)
541 if (ext_type != CUSTOM_EXT_TYPE_3)
542 custom_ext_error = 1;
543 if (inlen != strlen(custom_ext_srv_string))
544 custom_ext_error = 1;
545 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
546 custom_ext_error = 1; /* Check for "defg" */
551 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
554 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
555 const unsigned char *in,
556 size_t inlen, int *al, void *arg)
558 custom_ext_error = 1;
562 /* 'add' callbacks are only called if the 'parse' callback is called */
563 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
564 const unsigned char **out,
565 size_t *outlen, int *al, void *arg)
567 /* Error: should not have been called */
568 custom_ext_error = 1;
569 return 0; /* Don't send an extension */
572 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
573 const unsigned char *in,
574 size_t inlen, int *al, void *arg)
576 if (ext_type != CUSTOM_EXT_TYPE_1)
577 custom_ext_error = 1;
578 /* Check for "abc" */
579 if (inlen != strlen(custom_ext_cli_string))
580 custom_ext_error = 1;
581 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
582 custom_ext_error = 1;
586 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
587 const unsigned char **out,
588 size_t *outlen, int *al, void *arg)
590 return 0; /* Don't send an extension */
593 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
594 const unsigned char *in,
595 size_t inlen, int *al, void *arg)
597 if (ext_type != CUSTOM_EXT_TYPE_2)
598 custom_ext_error = 1;
599 /* Check for "abc" */
600 if (inlen != strlen(custom_ext_cli_string))
601 custom_ext_error = 1;
602 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
603 custom_ext_error = 1;
607 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
608 const unsigned char **out,
609 size_t *outlen, int *al, void *arg)
613 return 1; /* Send empty extension */
616 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
617 const unsigned char *in,
618 size_t inlen, int *al, void *arg)
620 if (ext_type != CUSTOM_EXT_TYPE_3)
621 custom_ext_error = 1;
622 /* Check for "abc" */
623 if (inlen != strlen(custom_ext_cli_string))
624 custom_ext_error = 1;
625 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
626 custom_ext_error = 1;
630 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
631 const unsigned char **out,
632 size_t *outlen, int *al, void *arg)
634 *out = (const unsigned char *)custom_ext_srv_string;
635 *outlen = strlen(custom_ext_srv_string);
636 return 1; /* Send "defg" */
639 static char *cipher = NULL;
640 static int verbose = 0;
641 static int debug = 0;
642 static const char rnd_seed[] =
643 "string to make the random number generator think it has entropy";
645 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
646 long bytes, clock_t *s_time, clock_t *c_time);
647 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
649 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
651 static void sv_usage(void)
653 fprintf(stderr, "usage: ssltest [args ...]\n");
654 fprintf(stderr, "\n");
655 fprintf(stderr, " -server_auth - check server certificate\n");
656 fprintf(stderr, " -client_auth - do client authentication\n");
657 fprintf(stderr, " -v - more output\n");
658 fprintf(stderr, " -d - debug output\n");
659 fprintf(stderr, " -reuse - use session-id reuse\n");
660 fprintf(stderr, " -num <val> - number of connections to perform\n");
662 " -bytes <val> - number of bytes to swap between client/server\n");
663 #ifndef OPENSSL_NO_DH
665 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
667 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
669 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
670 fprintf(stderr, " -no_dhe - disable DHE\n");
672 #ifndef OPENSSL_NO_EC
673 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
675 #ifndef OPENSSL_NO_PSK
676 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
678 #ifndef OPENSSL_NO_SSL3
679 fprintf(stderr, " -ssl3 - use SSLv3\n");
681 #ifndef OPENSSL_NO_TLS1
682 fprintf(stderr, " -tls1 - use TLSv1\n");
684 #ifndef OPENSSL_NO_DTLS
685 fprintf(stderr, " -dtls - use DTLS\n");
686 #ifndef OPENSSL_NO_DTLS1
687 fprintf(stderr, " -dtls1 - use DTLSv1\n");
689 #ifndef OPENSSL_NO_DTLS1_2
690 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
693 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
694 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
695 fprintf(stderr, " -cert arg - Server certificate file\n");
697 " -key arg - Server key file (default: same as -cert)\n");
698 fprintf(stderr, " -c_cert arg - Client certificate file\n");
700 " -c_key arg - Client key file (default: same as -c_cert)\n");
701 fprintf(stderr, " -cipher arg - The cipher list\n");
702 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
703 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
704 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
705 fprintf(stderr, " -f - Test even cases that can't work\n");
707 " -time - measure processor time used by client and server\n");
708 fprintf(stderr, " -zlib - use zlib compression\n");
709 #ifndef OPENSSL_NO_NEXTPROTONEG
710 fprintf(stderr, " -npn_client - have client side offer NPN\n");
711 fprintf(stderr, " -npn_server - have server side offer NPN\n");
712 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
714 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
715 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
717 " -serverinfo_tack - have client offer and expect TACK\n");
719 " -custom_ext - try various custom extension callbacks\n");
720 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
721 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
722 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
723 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
725 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
726 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
727 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
728 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
729 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
730 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
731 #ifndef OPENSSL_NO_CT
732 fprintf(stderr, " -noct - no certificate transparency\n");
733 fprintf(stderr, " -requestct - request certificate transparency\n");
734 fprintf(stderr, " -requirect - require certificate transparency\n");
736 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
737 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
738 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
739 fprintf(stderr, " -sn_expect1 - expected server 1\n");
740 fprintf(stderr, " -sn_expect2 - expected server 2\n");
741 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
742 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
743 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
744 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
745 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
746 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
749 static void print_key_details(BIO *out, EVP_PKEY *key)
751 int keyid = EVP_PKEY_id(key);
752 #ifndef OPENSSL_NO_EC
753 if (keyid == EVP_PKEY_EC) {
754 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
757 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
759 cname = EC_curve_nid2nist(nid);
761 cname = OBJ_nid2sn(nid);
762 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
778 algname = OBJ_nid2sn(keyid);
781 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
785 static void print_details(SSL *c_ssl, const char *prefix)
787 const SSL_CIPHER *ciph;
792 ciph = SSL_get_current_cipher(c_ssl);
793 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
795 SSL_get_version(c_ssl),
796 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
797 cert = SSL_get_peer_certificate(c_ssl);
799 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
801 if (pubkey != NULL) {
802 BIO_puts(bio_stdout, ", ");
803 print_key_details(bio_stdout, pubkey);
807 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
808 BIO_puts(bio_stdout, ", temp key: ");
809 print_key_details(bio_stdout, pkey);
812 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
813 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
814 BIO_printf(bio_stdout, "\n");
818 * protocol_from_string - converts a protocol version string to a number
820 * Returns -1 on failure or the version on success
822 static int protocol_from_string(const char *value)
824 struct protocol_versions {
828 static const struct protocol_versions versions[] = {
829 {"ssl3", SSL3_VERSION},
830 {"tls1", TLS1_VERSION},
831 {"tls1.1", TLS1_1_VERSION},
832 {"tls1.2", TLS1_2_VERSION},
833 {"tls1.3", TLS1_3_VERSION},
834 {"dtls1", DTLS1_VERSION},
835 {"dtls1.2", DTLS1_2_VERSION}};
837 size_t n = OSSL_NELEM(versions);
839 for (i = 0; i < n; i++)
840 if (strcmp(versions[i].name, value) == 0)
841 return versions[i].version;
845 static SSL_SESSION *read_session(const char *filename)
848 BIO *f = BIO_new_file(filename, "r");
851 BIO_printf(bio_err, "Can't open session file %s\n", filename);
852 ERR_print_errors(bio_err);
855 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
857 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
858 ERR_print_errors(bio_err);
864 static int write_session(const char *filename, SSL_SESSION *sess)
866 BIO *f = BIO_new_file(filename, "w");
869 BIO_printf(bio_err, "No session information\n");
873 BIO_printf(bio_err, "Can't open session file %s\n", filename);
874 ERR_print_errors(bio_err);
877 PEM_write_bio_SSL_SESSION(f, sess);
883 * set_protocol_version - Sets protocol version minimum or maximum
885 * Returns 0 on failure and 1 on success
887 static int set_protocol_version(const char *version, SSL *ssl, int setting)
889 if (version != NULL) {
890 int ver = protocol_from_string(version);
892 BIO_printf(bio_err, "Error parsing: %s\n", version);
895 return SSL_ctrl(ssl, setting, ver, NULL);
900 int main(int argc, char *argv[])
902 const char *CApath = NULL, *CAfile = NULL;
904 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
906 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1;
908 int server_auth = 0, i;
909 struct app_verify_arg app_verify_arg =
910 { APP_CALLBACK_STRING, 0 };
912 SSL_CTX *c_ctx = NULL;
913 const SSL_METHOD *meth = NULL;
915 int number = 1, reuse = 0;
916 int should_reuse = -1;
919 #ifndef OPENSSL_NO_DH
921 int dhe512 = 0, dhe1024dsa = 0;
926 clock_t s_time = 0, c_time = 0;
927 #ifndef OPENSSL_NO_COMP
929 COMP_METHOD *cm = NULL;
930 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
933 int min_version = 0, max_version = 0;
934 #ifndef OPENSSL_NO_CT
936 * Disable CT validation by default, because it will interfere with
937 * anything using custom extension handlers to deal with SCT extensions.
939 int ct_validation = 0;
941 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
942 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
943 char *arg = NULL, *argn = NULL;
949 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
951 p = getenv("OPENSSL_DEBUG_MEMORY");
952 if (p != NULL && strcmp(p, "on") == 0)
953 CRYPTO_set_mem_debug(1);
954 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
956 RAND_seed(rnd_seed, sizeof rnd_seed);
958 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
960 s_cctx = SSL_CONF_CTX_new();
961 s_cctx2 = SSL_CONF_CTX_new();
962 c_cctx = SSL_CONF_CTX_new();
964 if (!s_cctx || !c_cctx || !s_cctx2) {
965 ERR_print_errors(bio_err);
969 SSL_CONF_CTX_set_flags(s_cctx,
970 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
971 SSL_CONF_FLAG_CERTIFICATE |
972 SSL_CONF_FLAG_REQUIRE_PRIVATE);
973 SSL_CONF_CTX_set_flags(s_cctx2,
974 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
975 SSL_CONF_FLAG_CERTIFICATE |
976 SSL_CONF_FLAG_REQUIRE_PRIVATE);
977 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
978 ERR_print_errors(bio_err);
981 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
982 ERR_print_errors(bio_err);
986 SSL_CONF_CTX_set_flags(c_cctx,
987 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
988 SSL_CONF_FLAG_CERTIFICATE |
989 SSL_CONF_FLAG_REQUIRE_PRIVATE);
990 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
991 ERR_print_errors(bio_err);
999 if (strcmp(*argv, "-F") == 0) {
1001 "not compiled with FIPS support, so exiting without running.\n");
1003 } else if (strcmp(*argv, "-server_auth") == 0)
1005 else if (strcmp(*argv, "-client_auth") == 0)
1007 else if (strcmp(*argv, "-v") == 0)
1009 else if (strcmp(*argv, "-d") == 0)
1011 else if (strcmp(*argv, "-reuse") == 0)
1013 else if (strcmp(*argv, "-dhe512") == 0) {
1014 #ifndef OPENSSL_NO_DH
1018 "ignoring -dhe512, since I'm compiled without DH\n");
1020 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1021 #ifndef OPENSSL_NO_DH
1025 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1027 } else if (strcmp(*argv, "-no_dhe") == 0)
1029 else if (strcmp(*argv, "-no_ecdhe") == 0)
1031 else if (strcmp(*argv, "-psk") == 0) {
1034 psk_key = *(++argv);
1035 #ifndef OPENSSL_NO_PSK
1036 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1037 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1044 else if (strcmp(*argv, "-tls1_2") == 0) {
1046 } else if (strcmp(*argv, "-tls1") == 0) {
1048 } else if (strcmp(*argv, "-ssl3") == 0) {
1050 } else if (strcmp(*argv, "-dtls1") == 0) {
1052 } else if (strcmp(*argv, "-dtls12") == 0) {
1054 } else if (strcmp(*argv, "-dtls") == 0) {
1056 } else if (strncmp(*argv, "-num", 4) == 0) {
1059 number = atoi(*(++argv));
1062 } else if (strcmp(*argv, "-bytes") == 0) {
1065 bytes = atol(*(++argv));
1068 i = strlen(argv[0]);
1069 if (argv[0][i - 1] == 'k')
1071 if (argv[0][i - 1] == 'm')
1072 bytes *= 1024L * 1024L;
1073 } else if (strcmp(*argv, "-cipher") == 0) {
1077 } else if (strcmp(*argv, "-CApath") == 0) {
1081 } else if (strcmp(*argv, "-CAfile") == 0) {
1085 } else if (strcmp(*argv, "-bio_pair") == 0) {
1086 bio_type = BIO_PAIR;
1088 #ifndef OPENSSL_NO_SOCK
1089 else if (strcmp(*argv, "-ipv4") == 0) {
1090 bio_type = BIO_IPV4;
1091 } else if (strcmp(*argv, "-ipv6") == 0) {
1092 bio_type = BIO_IPV6;
1095 else if (strcmp(*argv, "-f") == 0) {
1097 } else if (strcmp(*argv, "-time") == 0) {
1100 #ifndef OPENSSL_NO_CT
1101 else if (strcmp(*argv, "-noct") == 0) {
1104 else if (strcmp(*argv, "-ct") == 0) {
1108 #ifndef OPENSSL_NO_COMP
1109 else if (strcmp(*argv, "-zlib") == 0) {
1113 else if (strcmp(*argv, "-app_verify") == 0) {
1114 app_verify_arg.app_verify = 1;
1116 #ifndef OPENSSL_NO_NEXTPROTONEG
1117 else if (strcmp(*argv, "-npn_client") == 0) {
1119 } else if (strcmp(*argv, "-npn_server") == 0) {
1121 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1122 npn_server_reject = 1;
1125 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1127 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1128 serverinfo_tack = 1;
1129 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1132 serverinfo_file = *(++argv);
1133 } else if (strcmp(*argv, "-custom_ext") == 0) {
1135 } else if (strcmp(*argv, "-alpn_client") == 0) {
1138 alpn_client = *(++argv);
1139 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1140 strcmp(*argv, "-alpn_server1") == 0) {
1143 alpn_server = *(++argv);
1144 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1147 alpn_server2 = *(++argv);
1148 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1151 alpn_expected = *(++argv);
1152 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1155 server_min_proto = *(++argv);
1156 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1159 server_max_proto = *(++argv);
1160 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1163 client_min_proto = *(++argv);
1164 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1167 client_max_proto = *(++argv);
1168 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1171 should_negotiate = *(++argv);
1172 } else if (strcmp(*argv, "-sn_client") == 0) {
1175 sn_client = *(++argv);
1176 } else if (strcmp(*argv, "-sn_server1") == 0) {
1179 sn_server1 = *(++argv);
1180 } else if (strcmp(*argv, "-sn_server2") == 0) {
1183 sn_server2 = *(++argv);
1184 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1186 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1188 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1191 server_sess_out = *(++argv);
1192 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1195 server_sess_in = *(++argv);
1196 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1199 client_sess_out = *(++argv);
1200 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1203 client_sess_in = *(++argv);
1204 } else if (strcmp(*argv, "-should_reuse") == 0) {
1207 should_reuse = !!atoi(*(++argv));
1208 } else if (strcmp(*argv, "-no_ticket") == 0) {
1214 /* Try to process command using SSL_CONF */
1215 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1216 /* If not processed try server */
1218 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1219 /* Recognised: store it for later use */
1224 conf_args = sk_OPENSSL_STRING_new_null();
1228 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1230 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1235 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1237 BIO_printf(bio_err, "Error with command %s\n", arg);
1239 BIO_printf(bio_err, "unknown option %s\n", arg);
1252 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1253 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1258 #ifdef OPENSSL_NO_SSL3
1263 #ifdef OPENSSL_NO_TLS1
1268 #ifdef OPENSSL_NO_TLS1_2
1273 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1278 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1286 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1287 * Ideally, we would error out, but the generic test wrapper can't know
1288 * when to expect failure. So we do nothing and return success.
1291 fprintf(stderr, "Testing was requested for a disabled protocol. "
1292 "Skipping tests.\n");
1297 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1298 && !reuse && !force) {
1299 fprintf(stderr, "This case cannot work. Use -f to perform "
1300 "the test anyway (and\n-d to see what happens), "
1301 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1302 "to avoid protocol mismatch.\n");
1307 if (bio_type != BIO_PAIR) {
1308 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1309 bio_type = BIO_PAIR;
1311 if (number < 50 && !force)
1313 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1316 #ifndef OPENSSL_NO_COMP
1317 if (comp == COMP_ZLIB)
1320 if (COMP_get_type(cm) != NID_undef) {
1321 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1322 fprintf(stderr, "Failed to add compression method\n");
1323 ERR_print_errors_fp(stderr);
1327 "Warning: %s compression not supported\n",
1328 comp == COMP_ZLIB ? "zlib" : "unknown");
1329 ERR_print_errors_fp(stderr);
1332 ssl_comp_methods = SSL_COMP_get_compression_methods();
1333 n = sk_SSL_COMP_num(ssl_comp_methods);
1336 printf("Available compression methods:");
1337 for (j = 0; j < n; j++) {
1338 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1339 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1345 #ifndef OPENSSL_NO_TLS
1346 meth = TLS_method();
1348 min_version = SSL3_VERSION;
1349 max_version = SSL3_VERSION;
1351 min_version = TLS1_VERSION;
1352 max_version = TLS1_VERSION;
1353 } else if (tls1_2) {
1354 min_version = TLS1_2_VERSION;
1355 max_version = TLS1_2_VERSION;
1358 #ifndef OPENSSL_NO_DTLS
1359 if (dtls || dtls1 || dtls12)
1360 meth = DTLS_method();
1362 min_version = DTLS1_VERSION;
1363 max_version = DTLS1_VERSION;
1364 } else if (dtls12) {
1365 min_version = DTLS1_2_VERSION;
1366 max_version = DTLS1_2_VERSION;
1370 c_ctx = SSL_CTX_new(meth);
1371 s_ctx = SSL_CTX_new(meth);
1372 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1373 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1374 ERR_print_errors(bio_err);
1378 * Since we will use low security ciphersuites and keys for testing set
1379 * security level to zero by default. Tests can override this by adding
1380 * "@SECLEVEL=n" to the cipher string.
1382 SSL_CTX_set_security_level(c_ctx, 0);
1383 SSL_CTX_set_security_level(s_ctx, 0);
1384 SSL_CTX_set_security_level(s_ctx2, 0);
1387 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1388 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1391 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1393 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1395 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1397 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1400 if (cipher != NULL) {
1401 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1402 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1403 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1404 ERR_print_errors(bio_err);
1409 #ifndef OPENSSL_NO_CT
1410 if (ct_validation &&
1411 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1412 ERR_print_errors(bio_err);
1417 /* Process SSL_CONF arguments */
1418 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1419 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1420 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1422 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1424 arg = sk_OPENSSL_STRING_value(conf_args, i);
1425 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1426 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1427 /* If not recognised use server context */
1429 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1431 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1434 BIO_printf(bio_err, "Error processing %s %s\n",
1435 arg, argn ? argn : "");
1436 ERR_print_errors(bio_err);
1441 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1442 BIO_puts(bio_err, "Error finishing context\n");
1443 ERR_print_errors(bio_err);
1446 #ifndef OPENSSL_NO_DH
1449 dh = get_dh1024dsa();
1454 SSL_CTX_set_tmp_dh(s_ctx, dh);
1455 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1462 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1463 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1464 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1465 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1466 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1467 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1468 ERR_print_errors(bio_err);
1471 #ifndef OPENSSL_NO_CT
1472 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1473 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1474 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1475 ERR_print_errors(bio_err);
1480 printf("client authentication\n");
1481 SSL_CTX_set_verify(s_ctx,
1482 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1484 SSL_CTX_set_verify(s_ctx2,
1485 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1487 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1489 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1493 printf("server authentication\n");
1494 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1495 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1500 int session_id_context = 0;
1501 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1502 sizeof session_id_context) ||
1503 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1504 sizeof session_id_context)) {
1505 ERR_print_errors(bio_err);
1510 /* Use PSK only if PSK key is given */
1511 if (psk_key != NULL) {
1513 * no_psk is used to avoid putting psk command to openssl tool
1517 * if PSK is not compiled in and psk key is given, do nothing and
1523 #ifndef OPENSSL_NO_PSK
1524 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1525 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1526 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1528 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1529 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1530 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1531 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1532 ERR_print_errors(bio_err);
1538 #ifndef OPENSSL_NO_NEXTPROTONEG
1540 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1543 if (npn_server_reject) {
1545 "Can't have both -npn_server and -npn_server_reject\n");
1548 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1549 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1551 if (npn_server_reject) {
1552 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1553 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1557 if (serverinfo_sct) {
1558 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1559 TLSEXT_TYPE_signed_certificate_timestamp,
1561 serverinfo_cli_parse_cb, NULL)) {
1562 BIO_printf(bio_err, "Error adding SCT extension\n");
1566 if (serverinfo_tack) {
1567 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1569 serverinfo_cli_parse_cb, NULL)) {
1570 BIO_printf(bio_err, "Error adding TACK extension\n");
1574 if (serverinfo_file)
1575 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1576 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1577 BIO_printf(bio_err, "missing serverinfo file\n");
1582 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1583 custom_ext_0_cli_add_cb,
1585 custom_ext_0_cli_parse_cb, NULL)
1586 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1587 custom_ext_1_cli_add_cb,
1589 custom_ext_1_cli_parse_cb, NULL)
1590 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1591 custom_ext_2_cli_add_cb,
1593 custom_ext_2_cli_parse_cb, NULL)
1594 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1595 custom_ext_3_cli_add_cb,
1597 custom_ext_3_cli_parse_cb, NULL)
1598 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1599 custom_ext_0_srv_add_cb,
1601 custom_ext_0_srv_parse_cb, NULL)
1602 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1603 custom_ext_0_srv_add_cb,
1605 custom_ext_0_srv_parse_cb, NULL)
1606 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1607 custom_ext_1_srv_add_cb,
1609 custom_ext_1_srv_parse_cb, NULL)
1610 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1611 custom_ext_1_srv_add_cb,
1613 custom_ext_1_srv_parse_cb, NULL)
1614 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1615 custom_ext_2_srv_add_cb,
1617 custom_ext_2_srv_parse_cb, NULL)
1618 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1619 custom_ext_2_srv_add_cb,
1621 custom_ext_2_srv_parse_cb, NULL)
1622 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1623 custom_ext_3_srv_add_cb,
1625 custom_ext_3_srv_parse_cb, NULL)
1626 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1627 custom_ext_3_srv_add_cb,
1629 custom_ext_3_srv_parse_cb, NULL)) {
1630 BIO_printf(bio_err, "Error setting custom extensions\n");
1636 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1638 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1642 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1645 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1648 /* Returns 0 on success!! */
1649 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1650 BIO_printf(bio_err, "Error setting ALPN\n");
1657 if (server_sess_in != NULL) {
1658 server_sess = read_session(server_sess_in);
1659 if (server_sess == NULL)
1662 if (client_sess_in != NULL) {
1663 client_sess = read_session(client_sess_in);
1664 if (client_sess == NULL)
1668 if (server_sess_out != NULL || server_sess_in != NULL) {
1672 /* Use a fixed key so that we can decrypt the ticket. */
1673 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1674 keys = OPENSSL_zalloc(size);
1675 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1679 if (sn_server1 != NULL || sn_server2 != NULL)
1680 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1682 c_ssl = SSL_new(c_ctx);
1683 s_ssl = SSL_new(s_ctx);
1686 SSL_set_tlsext_host_name(c_ssl, sn_client);
1688 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1690 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1692 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1694 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1698 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1699 BIO_printf(bio_err, "Can't add server session\n");
1700 ERR_print_errors(bio_err);
1705 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1706 for (i = 0; i < number; i++) {
1708 if (!SSL_set_session(c_ssl, NULL)) {
1709 BIO_printf(bio_err, "Failed to set session\n");
1713 if (client_sess_in != NULL) {
1714 if (SSL_set_session(c_ssl, client_sess) == 0) {
1715 BIO_printf(bio_err, "Can't set client session\n");
1716 ERR_print_errors(bio_err);
1722 ret = doit(s_ssl, c_ssl, bytes);
1725 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1727 #ifndef OPENSSL_NO_SOCK
1729 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1730 bytes, &s_time, &c_time);
1733 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1734 bytes, &s_time, &c_time);
1746 if (should_negotiate && ret == 0 &&
1747 strcmp(should_negotiate, "fail-server") != 0 &&
1748 strcmp(should_negotiate, "fail-client") != 0) {
1749 int version = protocol_from_string(should_negotiate);
1751 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1755 if (SSL_version(c_ssl) != version) {
1756 BIO_printf(bio_err, "Unexpected version negotiated. "
1757 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1763 if (should_reuse != -1) {
1764 if (SSL_session_reused(s_ssl) != should_reuse ||
1765 SSL_session_reused(c_ssl) != should_reuse) {
1766 BIO_printf(bio_err, "Unexpected session reuse state. "
1767 "Expected: %d, server: %d, client: %d\n", should_reuse,
1768 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1774 if (server_sess_out != NULL) {
1775 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1780 if (client_sess_out != NULL) {
1781 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1788 print_details(c_ssl, "");
1791 #ifdef CLOCKS_PER_SEC
1793 * "To determine the time in seconds, the value returned by the clock
1794 * function should be divided by the value of the macro
1795 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1797 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1798 "Approximate total client time: %6.2f s\n",
1799 (double)s_time / CLOCKS_PER_SEC,
1800 (double)c_time / CLOCKS_PER_SEC);
1802 BIO_printf(bio_stdout,
1803 "Approximate total server time: %6.2f units\n"
1804 "Approximate total client time: %6.2f units\n",
1805 (double)s_time, (double)c_time);
1814 SSL_CTX_free(s_ctx);
1815 SSL_CTX_free(s_ctx2);
1816 SSL_CTX_free(c_ctx);
1817 SSL_CONF_CTX_free(s_cctx);
1818 SSL_CONF_CTX_free(s_cctx2);
1819 SSL_CONF_CTX_free(c_cctx);
1820 sk_OPENSSL_STRING_free(conf_args);
1822 BIO_free(bio_stdout);
1824 SSL_SESSION_free(server_sess);
1825 SSL_SESSION_free(client_sess);
1827 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1828 if (CRYPTO_mem_leaks(bio_err) <= 0)
1835 #ifndef OPENSSL_NO_SOCK
1836 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1837 clock_t *s_time, clock_t *c_time)
1839 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1840 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1841 BIO *acpt = NULL, *server = NULL, *client = NULL;
1844 int err_in_client = 0;
1845 int err_in_server = 0;
1847 acpt = BIO_new_accept("0");
1850 BIO_set_accept_ip_family(acpt, family);
1851 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1852 if (BIO_do_accept(acpt) <= 0)
1855 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1857 client = BIO_new_connect(addr_str);
1858 BIO_set_conn_ip_family(client, family);
1862 if (BIO_set_nbio(client, 1) <= 0)
1864 if (BIO_set_nbio(acpt, 1) <= 0)
1868 int st_connect = 0, st_accept = 0;
1870 while(!st_connect || !st_accept) {
1872 if (BIO_do_connect(client) <= 0) {
1873 if (!BIO_should_retry(client))
1880 if (BIO_do_accept(acpt) <= 0) {
1881 if (!BIO_should_retry(acpt))
1889 /* We're not interested in accepting further connects */
1890 server = BIO_pop(acpt);
1894 s_ssl_bio = BIO_new(BIO_f_ssl());
1898 c_ssl_bio = BIO_new(BIO_f_ssl());
1902 SSL_set_connect_state(c_ssl);
1903 SSL_set_bio(c_ssl, client, client);
1904 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1906 SSL_set_accept_state(s_ssl);
1907 SSL_set_bio(s_ssl, server, server);
1908 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1912 * c_ssl_bio: SSL filter BIO
1914 * client: I/O for SSL library
1917 * server: I/O for SSL library
1919 * s_ssl_bio: SSL filter BIO
1923 * We have non-blocking behaviour throughout this test program, but
1924 * can be sure that there is *some* progress in each iteration; so we
1925 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1926 * we just try everything in each iteration
1932 char cbuf[1024 * 8];
1934 clock_t c_clock = clock();
1936 memset(cbuf, 0, sizeof(cbuf));
1939 if (SSL_in_init(c_ssl))
1940 printf("client waiting in SSL_connect - %s\n",
1941 SSL_state_string_long(c_ssl));
1944 /* Write to server. */
1946 if (cw_num > (long)sizeof cbuf)
1950 r = BIO_write(c_ssl_bio, cbuf, i);
1952 if (!BIO_should_retry(c_ssl_bio)) {
1953 fprintf(stderr, "ERROR in CLIENT\n");
1958 * BIO_should_retry(...) can just be ignored here. The
1959 * library expects us to call BIO_write with the same
1960 * arguments again, and that's what we will do in the
1963 } else if (r == 0) {
1964 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1968 printf("client wrote %d\n", r);
1974 /* Read from server. */
1976 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1978 if (!BIO_should_retry(c_ssl_bio)) {
1979 fprintf(stderr, "ERROR in CLIENT\n");
1984 * Again, "BIO_should_retry" can be ignored.
1986 } else if (r == 0) {
1987 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1991 printf("client read %d\n", r);
1997 * c_time and s_time increments will typically be very small
1998 * (depending on machine speed and clock tick intervals), but
1999 * sampling over a large number of connections should result in
2000 * fairly accurate figures. We cannot guarantee a lot, however
2001 * -- if each connection lasts for exactly one clock tick, it
2002 * will be counted only for the client or only for the server or
2005 *c_time += (clock() - c_clock);
2011 char sbuf[1024 * 8];
2013 clock_t s_clock = clock();
2015 memset(sbuf, 0, sizeof(sbuf));
2018 if (SSL_in_init(s_ssl))
2019 printf("server waiting in SSL_accept - %s\n",
2020 SSL_state_string_long(s_ssl));
2023 /* Write to client. */
2025 if (sw_num > (long)sizeof sbuf)
2029 r = BIO_write(s_ssl_bio, sbuf, i);
2031 if (!BIO_should_retry(s_ssl_bio)) {
2032 fprintf(stderr, "ERROR in SERVER\n");
2036 /* Ignore "BIO_should_retry". */
2037 } else if (r == 0) {
2038 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2042 printf("server wrote %d\n", r);
2048 /* Read from client. */
2050 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2052 if (!BIO_should_retry(s_ssl_bio)) {
2053 fprintf(stderr, "ERROR in SERVER\n");
2058 } else if (r == 0) {
2059 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2063 printf("server read %d\n", r);
2068 *s_time += (clock() - s_clock);
2071 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2074 print_details(c_ssl, "DONE via TCP connect: ");
2075 # ifndef OPENSSL_NO_NEXTPROTONEG
2076 if (verify_npn(c_ssl, s_ssl) < 0) {
2081 if (verify_serverinfo() < 0) {
2082 fprintf(stderr, "Server info verify error\n");
2086 if (verify_alpn(c_ssl, s_ssl) < 0) {
2090 if (verify_servername(c_ssl, s_ssl) < 0) {
2095 if (custom_ext_error) {
2096 fprintf(stderr, "Custom extension error\n");
2101 # ifndef OPENSSL_NO_NEXTPROTONEG
2107 ERR_print_errors(bio_err);
2112 BIO_free(s_ssl_bio);
2113 BIO_free(c_ssl_bio);
2115 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2116 ret = (err_in_client != 0) ? 0 : 1;
2117 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2118 ret = (err_in_server != 0) ? 0 : 1;
2124 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2125 clock_t *s_time, clock_t *c_time)
2127 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2128 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2129 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2131 int err_in_client = 0;
2132 int err_in_server = 0;
2134 size_t bufsiz = 256; /* small buffer for testing */
2136 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2138 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2141 s_ssl_bio = BIO_new(BIO_f_ssl());
2145 c_ssl_bio = BIO_new(BIO_f_ssl());
2149 SSL_set_connect_state(c_ssl);
2150 SSL_set_bio(c_ssl, client, client);
2151 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2153 SSL_set_accept_state(s_ssl);
2154 SSL_set_bio(s_ssl, server, server);
2155 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2159 * c_ssl_bio: SSL filter BIO
2161 * client: pseudo-I/O for SSL library
2163 * client_io: client's SSL communication; usually to be
2164 * relayed over some I/O facility, but in this
2165 * test program, we're the server, too:
2167 * server_io: server's SSL communication
2169 * server: pseudo-I/O for SSL library
2171 * s_ssl_bio: SSL filter BIO
2173 * The client and the server each employ a "BIO pair":
2174 * client + client_io, server + server_io.
2175 * BIO pairs are symmetric. A BIO pair behaves similar
2176 * to a non-blocking socketpair (but both endpoints must
2177 * be handled by the same thread).
2178 * [Here we could connect client and server to the ends
2179 * of a single BIO pair, but then this code would be less
2180 * suitable as an example for BIO pairs in general.]
2182 * Useful functions for querying the state of BIO pair endpoints:
2184 * BIO_ctrl_pending(bio) number of bytes we can read now
2185 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2186 * other side's read attempt
2187 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2189 * ..._read_request is never more than ..._write_guarantee;
2190 * it depends on the application which one you should use.
2194 * We have non-blocking behaviour throughout this test program, but
2195 * can be sure that there is *some* progress in each iteration; so we
2196 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2197 * we just try everything in each iteration
2203 char cbuf[1024 * 8];
2205 clock_t c_clock = clock();
2207 memset(cbuf, 0, sizeof(cbuf));
2210 if (SSL_in_init(c_ssl))
2211 printf("client waiting in SSL_connect - %s\n",
2212 SSL_state_string_long(c_ssl));
2215 /* Write to server. */
2217 if (cw_num > (long)sizeof cbuf)
2221 r = BIO_write(c_ssl_bio, cbuf, i);
2223 if (!BIO_should_retry(c_ssl_bio)) {
2224 fprintf(stderr, "ERROR in CLIENT\n");
2229 * BIO_should_retry(...) can just be ignored here. The
2230 * library expects us to call BIO_write with the same
2231 * arguments again, and that's what we will do in the
2234 } else if (r == 0) {
2235 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2239 printf("client wrote %d\n", r);
2245 /* Read from server. */
2247 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2249 if (!BIO_should_retry(c_ssl_bio)) {
2250 fprintf(stderr, "ERROR in CLIENT\n");
2255 * Again, "BIO_should_retry" can be ignored.
2257 } else if (r == 0) {
2258 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2262 printf("client read %d\n", r);
2268 * c_time and s_time increments will typically be very small
2269 * (depending on machine speed and clock tick intervals), but
2270 * sampling over a large number of connections should result in
2271 * fairly accurate figures. We cannot guarantee a lot, however
2272 * -- if each connection lasts for exactly one clock tick, it
2273 * will be counted only for the client or only for the server or
2276 *c_time += (clock() - c_clock);
2282 char sbuf[1024 * 8];
2284 clock_t s_clock = clock();
2286 memset(sbuf, 0, sizeof(sbuf));
2289 if (SSL_in_init(s_ssl))
2290 printf("server waiting in SSL_accept - %s\n",
2291 SSL_state_string_long(s_ssl));
2294 /* Write to client. */
2296 if (sw_num > (long)sizeof sbuf)
2300 r = BIO_write(s_ssl_bio, sbuf, i);
2302 if (!BIO_should_retry(s_ssl_bio)) {
2303 fprintf(stderr, "ERROR in SERVER\n");
2307 /* Ignore "BIO_should_retry". */
2308 } else if (r == 0) {
2309 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2313 printf("server wrote %d\n", r);
2319 /* Read from client. */
2321 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2323 if (!BIO_should_retry(s_ssl_bio)) {
2324 fprintf(stderr, "ERROR in SERVER\n");
2329 } else if (r == 0) {
2330 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2334 printf("server read %d\n", r);
2339 *s_time += (clock() - s_clock);
2343 /* "I/O" BETWEEN CLIENT AND SERVER. */
2346 BIO *io1 = server_io, *io2 = client_io;
2348 * we use the non-copying interface for io1 and the standard
2349 * BIO_write/BIO_read interface for io2
2352 static int prev_progress = 1;
2360 r1 = BIO_ctrl_pending(io1);
2361 r2 = BIO_ctrl_get_write_guarantee(io2);
2369 if (INT_MAX < num) /* yeah, right */
2372 r = BIO_nread(io1, &dataptr, (int)num);
2374 assert(r <= (int)num);
2376 * possibly r < num (non-contiguous data)
2379 r = BIO_write(io2, dataptr, (int)num);
2380 if (r != (int)num) { /* can't happen */
2381 fprintf(stderr, "ERROR: BIO_write could not write "
2382 "BIO_ctrl_get_write_guarantee() bytes");
2388 printf((io1 == client_io) ?
2389 "C->S relaying: %d bytes\n" :
2390 "S->C relaying: %d bytes\n", (int)num);
2400 r1 = BIO_ctrl_pending(io2);
2401 r2 = BIO_ctrl_get_read_request(io1);
2403 * here we could use ..._get_write_guarantee instead of
2404 * ..._get_read_request, but by using the latter we test
2405 * restartability of the SSL implementation more thoroughly
2417 --num; /* test restartability even more thoroughly */
2419 r = BIO_nwrite0(io1, &dataptr);
2423 r = BIO_read(io2, dataptr, (int)num);
2424 if (r != (int)num) { /* can't happen */
2425 fprintf(stderr, "ERROR: BIO_read could not read "
2426 "BIO_ctrl_pending() bytes");
2430 r = BIO_nwrite(io1, &dataptr, (int)num);
2431 if (r != (int)num) { /* can't happen */
2432 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2433 "BIO_nwrite0() bytes");
2438 printf((io2 == client_io) ?
2439 "C->S relaying: %d bytes\n" :
2440 "S->C relaying: %d bytes\n", (int)num);
2442 } /* no loop, BIO_ctrl_get_read_request now
2443 * returns 0 anyway */
2445 if (!progress && !prev_progress)
2446 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2447 fprintf(stderr, "ERROR: got stuck\n");
2448 fprintf(stderr, " ERROR.\n");
2451 prev_progress = progress;
2454 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2457 print_details(c_ssl, "DONE via BIO pair: ");
2458 #ifndef OPENSSL_NO_NEXTPROTONEG
2459 if (verify_npn(c_ssl, s_ssl) < 0) {
2464 if (verify_serverinfo() < 0) {
2465 fprintf(stderr, "Server info verify error\n");
2469 if (verify_alpn(c_ssl, s_ssl) < 0) {
2473 if (verify_servername(c_ssl, s_ssl) < 0) {
2478 if (custom_ext_error) {
2479 fprintf(stderr, "Custom extension error\n");
2484 #ifndef OPENSSL_NO_NEXTPROTONEG
2490 ERR_print_errors(bio_err);
2493 BIO_free(server_io);
2495 BIO_free(client_io);
2496 BIO_free(s_ssl_bio);
2497 BIO_free(c_ssl_bio);
2499 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2500 ret = (err_in_client != 0) ? 0 : 1;
2501 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2502 ret = (err_in_server != 0) ? 0 : 1;
2512 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2514 char *cbuf = NULL, *sbuf = NULL;
2516 long cw_num = count, cr_num = count;
2517 long sw_num = count, sr_num = count;
2523 int c_r, c_w, s_r, s_w;
2526 int c_write, s_write;
2527 int do_server = 0, do_client = 0;
2528 int max_frag = 5 * 1024;
2529 int err_in_client = 0;
2530 int err_in_server = 0;
2532 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2534 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2536 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2539 c_to_s = BIO_new(BIO_s_mem());
2540 s_to_c = BIO_new(BIO_s_mem());
2541 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2542 ERR_print_errors(bio_err);
2546 c_bio = BIO_new(BIO_f_ssl());
2547 s_bio = BIO_new(BIO_f_ssl());
2548 if ((c_bio == NULL) || (s_bio == NULL)) {
2549 ERR_print_errors(bio_err);
2553 SSL_set_connect_state(c_ssl);
2554 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2555 SSL_set_max_send_fragment(c_ssl, max_frag);
2556 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2559 * We've just given our ref to these BIOs to c_ssl. We need another one to
2562 if (!BIO_up_ref(c_to_s)) {
2563 /* c_to_s and s_to_c will get freed when we free c_ssl */
2568 if (!BIO_up_ref(s_to_c)) {
2569 /* s_to_c will get freed when we free c_ssl */
2574 SSL_set_accept_state(s_ssl);
2575 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2577 /* We've used up all our refs to these now */
2581 SSL_set_max_send_fragment(s_ssl, max_frag);
2582 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2588 c_write = 1, s_write = 0;
2590 /* We can always do writes */
2595 i = (int)BIO_pending(s_bio);
2596 if ((i && s_r) || s_w)
2599 i = (int)BIO_pending(c_bio);
2600 if ((i && c_r) || c_w)
2603 if (do_server && debug) {
2604 if (SSL_in_init(s_ssl))
2605 printf("server waiting in SSL_accept - %s\n",
2606 SSL_state_string_long(s_ssl));
2609 if (do_client && debug) {
2610 if (SSL_in_init(c_ssl))
2611 printf("client waiting in SSL_connect - %s\n",
2612 SSL_state_string_long(c_ssl));
2615 if (!do_client && !do_server) {
2616 fprintf(stdout, "ERROR IN STARTUP\n");
2617 ERR_print_errors(bio_err);
2620 if (do_client && !(done & C_DONE)) {
2622 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2623 i = BIO_write(c_bio, cbuf, j);
2627 if (BIO_should_retry(c_bio)) {
2628 if (BIO_should_read(c_bio))
2630 if (BIO_should_write(c_bio))
2633 fprintf(stderr, "ERROR in CLIENT\n");
2635 ERR_print_errors(bio_err);
2638 } else if (i == 0) {
2639 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2643 printf("client wrote %d\n", i);
2648 if (max_frag > 1029)
2649 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2652 i = BIO_read(c_bio, cbuf, bufsiz);
2656 if (BIO_should_retry(c_bio)) {
2657 if (BIO_should_read(c_bio))
2659 if (BIO_should_write(c_bio))
2662 fprintf(stderr, "ERROR in CLIENT\n");
2664 ERR_print_errors(bio_err);
2667 } else if (i == 0) {
2668 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2672 printf("client read %d\n", i);
2681 done = S_DONE | C_DONE;
2687 if (do_server && !(done & S_DONE)) {
2689 i = BIO_read(s_bio, sbuf, bufsiz);
2693 if (BIO_should_retry(s_bio)) {
2694 if (BIO_should_read(s_bio))
2696 if (BIO_should_write(s_bio))
2699 fprintf(stderr, "ERROR in SERVER\n");
2701 ERR_print_errors(bio_err);
2704 } else if (i == 0) {
2705 ERR_print_errors(bio_err);
2707 "SSL SERVER STARTUP FAILED in SSL_read\n");
2711 printf("server read %d\n", i);
2724 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2725 i = BIO_write(s_bio, sbuf, j);
2729 if (BIO_should_retry(s_bio)) {
2730 if (BIO_should_read(s_bio))
2732 if (BIO_should_write(s_bio))
2735 fprintf(stderr, "ERROR in SERVER\n");
2737 ERR_print_errors(bio_err);
2740 } else if (i == 0) {
2741 ERR_print_errors(bio_err);
2743 "SSL SERVER STARTUP FAILED in SSL_write\n");
2747 printf("server wrote %d\n", i);
2753 if (max_frag > 1029)
2754 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2759 if ((done & S_DONE) && (done & C_DONE))
2764 print_details(c_ssl, "DONE: ");
2765 #ifndef OPENSSL_NO_NEXTPROTONEG
2766 if (verify_npn(c_ssl, s_ssl) < 0) {
2771 if (verify_serverinfo() < 0) {
2772 fprintf(stderr, "Server info verify error\n");
2776 if (custom_ext_error) {
2777 fprintf(stderr, "Custom extension error\n");
2785 BIO_free_all(c_bio);
2786 BIO_free_all(s_bio);
2790 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2791 ret = (err_in_client != 0) ? 0 : 1;
2792 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2793 ret = (err_in_server != 0) ? 0 : 1;
2798 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2802 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2806 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2808 fprintf(stderr, "depth=%d error=%d %s\n",
2809 X509_STORE_CTX_get_error_depth(ctx),
2810 X509_STORE_CTX_get_error(ctx), buf);
2815 int i = X509_STORE_CTX_get_error(ctx);
2819 fprintf(stderr, "Error string: %s\n",
2820 X509_verify_cert_error_string(i));
2822 case X509_V_ERR_CERT_NOT_YET_VALID:
2823 case X509_V_ERR_CERT_HAS_EXPIRED:
2824 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2833 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2836 struct app_verify_arg *cb_arg = arg;
2838 if (cb_arg->app_verify) {
2839 char *s = NULL, buf[256];
2840 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2842 printf("In app_verify_callback, allowing cert. ");
2843 printf("Arg is: %s\n", cb_arg->string);
2844 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2845 (void *)ctx, (void *)c);
2847 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2849 printf("cert depth=%d %s\n",
2850 X509_STORE_CTX_get_error_depth(ctx), buf);
2855 ok = X509_verify_cert(ctx);
2860 #ifndef OPENSSL_NO_DH
2862 * These DH parameters have been generated as follows:
2863 * $ openssl dhparam -C -noout 512
2864 * $ openssl dhparam -C -noout 1024
2865 * $ openssl dhparam -C -noout -dsaparam 1024
2866 * (The third function has been renamed to avoid name conflicts.)
2868 static DH *get_dh512()
2870 static unsigned char dh512_p[] = {
2871 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2873 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2875 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2877 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2879 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2881 0x02, 0xC5, 0xAE, 0x23,
2883 static unsigned char dh512_g[] = {
2889 if ((dh = DH_new()) == NULL)
2891 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2892 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2893 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2902 static DH *get_dh1024()
2904 static unsigned char dh1024_p[] = {
2905 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2907 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2909 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2911 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2913 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2915 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2917 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2919 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2921 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2923 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2925 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2927 static unsigned char dh1024_g[] = {
2933 if ((dh = DH_new()) == NULL)
2935 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2936 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2937 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2946 static DH *get_dh1024dsa()
2948 static unsigned char dh1024_p[] = {
2949 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2951 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2953 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2955 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2957 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2959 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2961 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2963 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2965 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2967 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2969 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2971 static unsigned char dh1024_g[] = {
2972 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2974 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2976 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2978 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2980 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2982 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2984 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2986 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2988 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
2990 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
2992 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
2997 if ((dh = DH_new()) == NULL)
2999 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3000 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3001 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3007 DH_set_length(dh, 160);
3012 #ifndef OPENSSL_NO_PSK
3013 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3014 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3015 unsigned int max_psk_len)
3020 ret = BN_hex2bn(&bn, pskkey);
3022 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3027 if (BN_num_bytes(bn) > (int)max_psk_len) {
3029 "psk buffer of callback is too small (%d) for key (%d)\n",
3030 max_psk_len, BN_num_bytes(bn));
3034 ret = BN_bn2bin(bn, psk);
3039 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3041 unsigned int max_identity_len,
3043 unsigned int max_psk_len)
3046 unsigned int psk_len = 0;
3048 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3052 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3054 ret = psk_key2bn(psk_key, psk, max_psk_len);
3062 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3064 unsigned int max_psk_len)
3066 unsigned int psk_len = 0;
3068 if (strcmp(identity, "Client_identity") != 0) {
3069 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3072 psk_len = psk_key2bn(psk_key, psk, max_psk_len);