2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
143 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
144 on Linux and GNU platforms. */
157 #ifdef OPENSSL_SYS_VMS
158 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
159 VMS (at least with DECompHP C). */
164 #include <openssl/bio.h>
165 #include <openssl/crypto.h>
166 #include <openssl/evp.h>
167 #include <openssl/x509.h>
168 #include <openssl/x509v3.h>
169 #include <openssl/ssl.h>
170 #ifndef OPENSSL_NO_ENGINE
171 #include <openssl/engine.h>
173 #include <openssl/err.h>
174 #include <openssl/rand.h>
175 #ifndef OPENSSL_NO_RSA
176 #include <openssl/rsa.h>
178 #ifndef OPENSSL_NO_DSA
179 #include <openssl/dsa.h>
181 #ifndef OPENSSL_NO_DH
182 #include <openssl/dh.h>
184 #ifndef OPENSSL_NO_SRP
185 #include <openssl/srp.h>
187 #include <openssl/bn.h>
189 #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
190 on Compaq platforms (at least with DEC C).
191 Do not try to put it earlier, or IPv6 includes
195 #ifdef OPENSSL_SYS_WINDOWS
198 #include OPENSSL_UNISTD
201 #ifdef OPENSSL_SYS_VMS
202 # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
203 # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
204 #elif defined(OPENSSL_SYS_WINCE)
205 # define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
206 # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
207 #elif defined(OPENSSL_SYS_NETWARE)
208 # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
209 # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
211 # define TEST_SERVER_CERT "../apps/server.pem"
212 # define TEST_CLIENT_CERT "../apps/client.pem"
215 /* There is really no standard for this, so let's assign some tentative
216 numbers. In any case, these numbers are only for this test */
220 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
221 #ifndef OPENSSL_NO_RSA
222 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
223 static void free_tmp_rsa(void);
225 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
226 #define APP_CALLBACK_STRING "Test Callback Argument"
227 struct app_verify_arg
231 int allow_proxy_certs;
236 #ifndef OPENSSL_NO_DH
237 static DH *get_dh512(void);
238 static DH *get_dh1024(void);
239 static DH *get_dh1024dsa(void);
243 static char *psk_key=NULL; /* by default PSK is not used */
244 #ifndef OPENSSL_NO_PSK
245 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
246 unsigned int max_identity_len, unsigned char *psk,
247 unsigned int max_psk_len);
248 static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
249 unsigned int max_psk_len);
252 #ifndef OPENSSL_NO_SRP
254 /* This is a context that we pass to all callbacks */
255 typedef struct srp_client_arg_st
261 #define PWD_STRLEN 1024
263 static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
265 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
266 return BUF_strdup((char *)srp_client_arg->srppassin);
270 /* This is a context that we pass to SRP server callbacks */
271 typedef struct srp_server_arg_st
277 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
279 SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg;
281 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0)
283 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
284 return SSL3_AL_FATAL;
286 if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0)
288 *ad = SSL_AD_INTERNAL_ERROR;
289 return SSL3_AL_FATAL;
291 return SSL_ERROR_NONE;
295 static BIO *bio_err=NULL;
296 static BIO *bio_stdout=NULL;
298 #ifndef OPENSSL_NO_NPN
299 /* Note that this code assumes that this is only a one element list: */
300 static const char NEXT_PROTO_STRING[] = "\x09testproto";
303 int npn_server_reject = 0;
305 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
307 /* This callback only returns the protocol string, rather than a length
308 prefixed set. We assume that NEXT_PROTO_STRING is a one element list and
309 remove the first byte to chop off the length prefix. */
310 *out = (unsigned char*) NEXT_PROTO_STRING + 1;
311 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
312 return SSL_TLSEXT_ERR_OK;
315 static int cb_server_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
317 *data = (const unsigned char *) NEXT_PROTO_STRING;
318 *len = sizeof(NEXT_PROTO_STRING) - 1;
319 return SSL_TLSEXT_ERR_OK;
322 static int cb_server_rejects_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
324 return SSL_TLSEXT_ERR_NOACK;
327 static int verify_npn(SSL *client, SSL *server)
329 const unsigned char *client_s;
331 const unsigned char *server_s;
334 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
335 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
339 BIO_printf(bio_stdout, "Client NPN: ");
340 BIO_write(bio_stdout, client_s, client_len);
341 BIO_printf(bio_stdout, "\n");
346 BIO_printf(bio_stdout, "Server NPN: ");
347 BIO_write(bio_stdout, server_s, server_len);
348 BIO_printf(bio_stdout, "\n");
351 /* If an NPN string was returned, it must be the protocol that we
352 * expected to negotiate. */
353 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
354 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
356 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
357 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
360 if (!npn_client && client_len)
362 if (!npn_server && server_len)
364 if (npn_server_reject && server_len)
366 if (npn_client && npn_server && (!client_len || !server_len))
373 static const char *alpn_client;
374 static const char *alpn_server;
375 static const char *alpn_expected;
376 static unsigned char *alpn_selected;
378 /* next_protos_parse parses a comma separated list of strings into a string
379 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
380 * outlen: (output) set to the length of the resulting buffer on success.
381 * err: (maybe NULL) on failure, an error message line is written to this BIO.
382 * in: a NUL termianted string like "abc,def,ghi"
384 * returns: a malloced buffer or NULL on failure.
386 static unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
396 out = OPENSSL_malloc(strlen(in) + 1);
400 for (i = 0; i <= len; ++i)
402 if (i == len || in[i] == ',')
409 out[start] = i - start;
420 static int cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
422 unsigned char *protos;
423 unsigned short protos_len;
425 protos = next_protos_parse(&protos_len, alpn_server);
428 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", alpn_server);
432 if (SSL_select_next_proto((unsigned char**) out, outlen, protos, protos_len, in, inlen) !=
433 OPENSSL_NPN_NEGOTIATED)
435 OPENSSL_free(protos);
436 return SSL_TLSEXT_ERR_NOACK;
439 /* Make a copy of the selected protocol which will be freed in verify_alpn. */
440 alpn_selected = OPENSSL_malloc(*outlen);
441 memcpy(alpn_selected, *out, *outlen);
442 *out = alpn_selected;
444 OPENSSL_free(protos);
445 return SSL_TLSEXT_ERR_OK;
448 static int verify_alpn(SSL *client, SSL *server)
450 const unsigned char *client_proto, *server_proto;
451 unsigned int client_proto_len = 0, server_proto_len = 0;
452 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
453 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
455 if (alpn_selected != NULL)
457 OPENSSL_free(alpn_selected);
458 alpn_selected = NULL;
461 if (client_proto_len != server_proto_len ||
462 memcmp(client_proto, server_proto, client_proto_len) != 0)
464 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
468 if (client_proto_len > 0 && alpn_expected == NULL)
470 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
474 if (alpn_expected != NULL &&
475 (client_proto_len != strlen(alpn_expected) ||
476 memcmp(client_proto, alpn_expected, client_proto_len) != 0))
478 BIO_printf(bio_stdout, "ALPN selected protocols not equal to expected protocol: %s\n", alpn_expected);
485 BIO_printf(bio_stdout, "ALPN results: client: '");
486 BIO_write(bio_stdout, client_proto, client_proto_len);
487 BIO_printf(bio_stdout, "', server: '");
488 BIO_write(bio_stdout, server_proto, server_proto_len);
489 BIO_printf(bio_stdout, "'\n");
490 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", alpn_client, alpn_server);
494 #define SCT_EXT_TYPE 18
496 /* WARNING : below extension types are *NOT* IETF assigned, and
497 could conflict if these types are reassigned and handled
498 specially by OpenSSL in the future */
499 #define TACK_EXT_TYPE 62208
500 #define CUSTOM_EXT_TYPE_0 1000
501 #define CUSTOM_EXT_TYPE_1 1001
502 #define CUSTOM_EXT_TYPE_2 1002
503 #define CUSTOM_EXT_TYPE_3 1003
505 const char custom_ext_cli_string[] = "abc";
506 const char custom_ext_srv_string[] = "defg";
508 /* These set from cmdline */
509 char* serverinfo_file = NULL;
510 int serverinfo_sct = 0;
511 int serverinfo_tack = 0;
513 /* These set based on extension callbacks */
514 int serverinfo_sct_seen = 0;
515 int serverinfo_tack_seen = 0;
516 int serverinfo_other_seen = 0;
518 /* This set from cmdline */
521 /* This set based on extension callbacks */
522 int custom_ext_error = 0;
524 /*Not IETF assigned supplemental data types*/
525 #define CUSTOM_SUPP_DATA_TYPE_0 100
526 #define CUSTOM_SUPP_DATA_TYPE_1 101
527 #define CUSTOM_SUPP_DATA_TYPE_2 102
529 const char supp_data_0_string[] = "00000";
532 int suppdata_error = 0;
534 static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
535 const unsigned char* in, unsigned short inlen,
538 if (ext_type == SCT_EXT_TYPE)
539 serverinfo_sct_seen++;
540 else if (ext_type == TACK_EXT_TYPE)
541 serverinfo_tack_seen++;
543 serverinfo_other_seen++;
547 static int verify_serverinfo()
549 if (serverinfo_sct != serverinfo_sct_seen)
551 if (serverinfo_tack != serverinfo_tack_seen)
553 if (serverinfo_other_seen)
558 /* Four test cases for custom extensions:
559 * 0 - no ClientHello extension or ServerHello response
560 * 1 - ClientHello with "abc", no response
561 * 2 - ClientHello with "abc", empty response
562 * 3 - ClientHello with "abc", "defg" response
565 static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
566 const unsigned char **out,
567 unsigned short *outlen, void *arg)
569 if (ext_type != CUSTOM_EXT_TYPE_0)
570 custom_ext_error = 1;
571 return -1; /* Don't send an extension */
574 static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
575 const unsigned char *in,
576 unsigned short inlen, int *al,
579 custom_ext_error = 1; /* Shouldn't be called */
583 static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
584 const unsigned char **out,
585 unsigned short *outlen, void *arg)
587 if (ext_type != CUSTOM_EXT_TYPE_1)
588 custom_ext_error = 1;
589 *out = (const unsigned char*)custom_ext_cli_string;
590 *outlen = strlen(custom_ext_cli_string);
591 return 1; /* Send "abc" */
594 static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
595 const unsigned char *in,
596 unsigned short inlen, int *al,
599 custom_ext_error = 1; /* Shouldn't be called */
603 static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
604 const unsigned char **out,
605 unsigned short *outlen, void *arg)
607 if (ext_type != CUSTOM_EXT_TYPE_2)
608 custom_ext_error = 1;
609 *out = (const unsigned char*)custom_ext_cli_string;
610 *outlen = strlen(custom_ext_cli_string);
611 return 1; /* Send "abc" */
614 static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
615 const unsigned char *in,
616 unsigned short inlen, int *al,
619 if (ext_type != CUSTOM_EXT_TYPE_2)
620 custom_ext_error = 1;
622 custom_ext_error = 1; /* Should be empty response */
626 static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
627 const unsigned char **out,
628 unsigned short *outlen, void *arg)
630 if (ext_type != CUSTOM_EXT_TYPE_3)
631 custom_ext_error = 1;
632 *out = (const unsigned char*)custom_ext_cli_string;
633 *outlen = strlen(custom_ext_cli_string);
634 return 1; /* Send "abc" */
637 static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
638 const unsigned char *in,
639 unsigned short inlen, int *al,
642 if (ext_type != CUSTOM_EXT_TYPE_3)
643 custom_ext_error = 1;
644 if (inlen != strlen(custom_ext_srv_string))
645 custom_ext_error = 1;
646 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
647 custom_ext_error = 1; /* Check for "defg" */
652 static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
653 const unsigned char *in,
654 unsigned short inlen, int *al,
657 custom_ext_error = 1;
658 return 0; /* Shouldn't be called */
661 static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
662 const unsigned char **out,
663 unsigned short *outlen, void *arg)
665 custom_ext_error = 1;
666 return 0; /* Shouldn't be called */
669 static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
670 const unsigned char *in,
671 unsigned short inlen, int *al,
674 if (ext_type != CUSTOM_EXT_TYPE_1)
675 custom_ext_error = 1;
676 /* Check for "abc" */
677 if (inlen != strlen(custom_ext_cli_string))
678 custom_ext_error = 1;
679 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
680 custom_ext_error = 1;
684 static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
685 const unsigned char **out,
686 unsigned short *outlen, void *arg)
688 return -1; /* Don't send an extension */
691 static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
692 const unsigned char *in,
693 unsigned short inlen, int *al,
696 if (ext_type != CUSTOM_EXT_TYPE_2)
697 custom_ext_error = 1;
698 /* Check for "abc" */
699 if (inlen != strlen(custom_ext_cli_string))
700 custom_ext_error = 1;
701 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
702 custom_ext_error = 1;
706 static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
707 const unsigned char **out,
708 unsigned short *outlen, void *arg)
712 return 1; /* Send empty extension */
715 static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
716 const unsigned char *in,
717 unsigned short inlen, int *al,
720 if (ext_type != CUSTOM_EXT_TYPE_3)
721 custom_ext_error = 1;
722 /* Check for "abc" */
723 if (inlen != strlen(custom_ext_cli_string))
724 custom_ext_error = 1;
725 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
726 custom_ext_error = 1;
730 static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
731 const unsigned char **out,
732 unsigned short *outlen, void *arg)
734 *out = (const unsigned char*)custom_ext_srv_string;
735 *outlen = strlen(custom_ext_srv_string);
736 return 1; /* Send "defg" */
739 static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
740 const unsigned char **out,
741 unsigned short *outlen, void *arg)
743 *out = (const unsigned char*)supp_data_0_string;
744 *outlen = strlen(supp_data_0_string);
750 static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
751 const unsigned char *in,
752 unsigned short inlen, int *al,
755 if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
757 if (inlen != strlen(supp_data_0_string))
759 if (memcmp(in, supp_data_0_string, inlen) != 0)
766 static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
767 const unsigned char **out,
768 unsigned short *outlen, void *arg)
773 static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
774 const unsigned char *in,
775 unsigned short inlen, int *al,
782 static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
783 const unsigned char *in,
784 unsigned short inlen, int *al,
791 static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
792 const unsigned char *in,
793 unsigned short inlen, int *al,
796 if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
798 if (inlen != strlen(supp_data_0_string))
800 if (memcmp(in, supp_data_0_string, inlen) != 0)
807 static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
808 const unsigned char **out,
809 unsigned short *outlen, void *arg)
811 *out = (const unsigned char*)supp_data_0_string;
812 *outlen = strlen(supp_data_0_string);
818 static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
819 const unsigned char *in,
820 unsigned short inlen, int *al,
827 static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
828 const unsigned char **out,
829 unsigned short *outlen, void *arg)
834 static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
835 const unsigned char *in,
836 unsigned short inlen, int *al,
843 static char *cipher=NULL;
844 static int verbose=0;
853 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
855 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
856 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
857 static int do_test_cipherlist(void);
858 static void sv_usage(void)
860 fprintf(stderr,"usage: ssltest [args ...]\n");
861 fprintf(stderr,"\n");
863 fprintf(stderr,"-F - run test in FIPS mode\n");
865 fprintf(stderr," -server_auth - check server certificate\n");
866 fprintf(stderr," -client_auth - do client authentication\n");
867 fprintf(stderr," -proxy - allow proxy certificates\n");
868 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
869 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
870 fprintf(stderr," -v - more output\n");
871 fprintf(stderr," -d - debug output\n");
872 fprintf(stderr," -reuse - use session-id reuse\n");
873 fprintf(stderr," -num <val> - number of connections to perform\n");
874 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
875 #ifndef OPENSSL_NO_DH
876 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
877 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
878 fprintf(stderr," -no_dhe - disable DHE\n");
880 #ifndef OPENSSL_NO_ECDH
881 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
883 #ifndef OPENSSL_NO_PSK
884 fprintf(stderr," -psk arg - PSK in hex (without 0x)\n");
886 #ifndef OPENSSL_NO_SRP
887 fprintf(stderr," -srpuser user - SRP username to use\n");
888 fprintf(stderr," -srppass arg - password for 'user'\n");
890 #ifndef OPENSSL_NO_SSL2
891 fprintf(stderr," -ssl2 - use SSLv2\n");
893 #ifndef OPENSSL_NO_SSL3
894 fprintf(stderr," -ssl3 - use SSLv3\n");
896 #ifndef OPENSSL_NO_TLS1
897 fprintf(stderr," -tls1 - use TLSv1\n");
899 fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
900 fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
901 fprintf(stderr," -cert arg - Server certificate file\n");
902 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
903 fprintf(stderr," -c_cert arg - Client certificate file\n");
904 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
905 fprintf(stderr," -cipher arg - The cipher list\n");
906 fprintf(stderr," -bio_pair - Use BIO pairs\n");
907 fprintf(stderr," -f - Test even cases that can't work\n");
908 fprintf(stderr," -time - measure processor time used by client and server\n");
909 fprintf(stderr," -zlib - use zlib compression\n");
910 fprintf(stderr," -rle - use rle compression\n");
911 #ifndef OPENSSL_NO_ECDH
912 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
913 " Use \"openssl ecparam -list_curves\" for all names\n" \
914 " (default is sect163r2).\n");
916 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
917 #ifndef OPENSSL_NO_NPN
918 fprintf(stderr," -npn_client - have client side offer NPN\n");
919 fprintf(stderr," -npn_server - have server side offer NPN\n");
920 fprintf(stderr," -npn_server_reject - have server reject NPN\n");
922 fprintf(stderr," -serverinfo_file file - have server use this file\n");
923 fprintf(stderr," -serverinfo_sct - have client offer and expect SCT\n");
924 fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
925 fprintf(stderr," -custom_ext - try various custom extension callbacks\n");
926 fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n");
927 fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n");
928 fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
929 fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n");
932 static void print_details(SSL *c_ssl, const char *prefix)
934 const SSL_CIPHER *ciph;
937 ciph=SSL_get_current_cipher(c_ssl);
938 BIO_printf(bio_stdout,"%s%s, cipher %s %s",
940 SSL_get_version(c_ssl),
941 SSL_CIPHER_get_version(ciph),
942 SSL_CIPHER_get_name(ciph));
943 cert=SSL_get_peer_certificate(c_ssl);
946 EVP_PKEY *pkey = X509_get_pubkey(cert);
951 #ifndef OPENSSL_NO_RSA
952 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
953 && pkey->pkey.rsa->n != NULL)
955 BIO_printf(bio_stdout, ", %d bit RSA",
956 BN_num_bits(pkey->pkey.rsa->n));
959 #ifndef OPENSSL_NO_DSA
960 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
961 && pkey->pkey.dsa->p != NULL)
963 BIO_printf(bio_stdout, ", %d bit DSA",
964 BN_num_bits(pkey->pkey.dsa->p));
971 /* The SSL API does not allow us to look at temporary RSA/DH keys,
972 * otherwise we should print their lengths too */
973 BIO_printf(bio_stdout,"\n");
976 static void lock_dbg_cb(int mode, int type, const char *file, int line)
978 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
979 const char *errstr = NULL;
982 rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
983 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
985 errstr = "invalid mode";
989 if (type < 0 || type >= CRYPTO_NUM_LOCKS)
991 errstr = "type out of bounds";
995 if (mode & CRYPTO_LOCK)
999 errstr = "already locked";
1000 /* must not happen in a single-threaded program
1001 * (would deadlock) */
1007 else if (mode & CRYPTO_UNLOCK)
1011 errstr = "not locked";
1015 if (modes[type] != rw)
1017 errstr = (rw == CRYPTO_READ) ?
1018 "CRYPTO_r_unlock on write lock" :
1019 "CRYPTO_w_unlock on read lock";
1026 errstr = "invalid mode";
1033 /* we cannot use bio_err here */
1034 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
1035 errstr, mode, type, file, line);
1039 #ifdef TLSEXT_TYPE_opaque_prf_input
1040 struct cb_info_st { void *input; size_t len; int ret; };
1041 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
1042 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
1043 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
1044 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
1046 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
1048 struct cb_info_st *arg = arg_;
1053 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
1059 int main(int argc, char *argv[])
1061 char *CApath=NULL,*CAfile=NULL;
1065 int tls1=0,ssl2=0,ssl3=0,ret=1;
1067 int server_auth=0,i;
1068 struct app_verify_arg app_verify_arg =
1069 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
1070 char *server_cert=TEST_SERVER_CERT;
1071 char *server_key=NULL;
1072 char *client_cert=TEST_CLIENT_CERT;
1073 char *client_key=NULL;
1074 #ifndef OPENSSL_NO_ECDH
1075 char *named_curve = NULL;
1077 SSL_CTX *s_ctx=NULL;
1078 SSL_CTX *c_ctx=NULL;
1079 const SSL_METHOD *meth=NULL;
1081 int number=1,reuse=0;
1083 #ifndef OPENSSL_NO_DH
1085 int dhe1024 = 0, dhe1024dsa = 0;
1087 #ifndef OPENSSL_NO_ECDH
1088 EC_KEY *ecdh = NULL;
1090 #ifndef OPENSSL_NO_SRP
1092 SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
1094 SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
1100 clock_t s_time = 0, c_time = 0;
1101 #ifndef OPENSSL_NO_COMP
1103 COMP_METHOD *cm = NULL;
1104 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
1106 int test_cipherlist = 0;
1115 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);
1117 CRYPTO_set_locking_callback(lock_dbg_cb);
1119 /* enable memory leak checking unless explicitly disabled */
1120 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
1122 CRYPTO_malloc_debug_init();
1123 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1127 /* OPENSSL_DEBUG_MEMORY=off */
1128 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1130 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1132 RAND_seed(rnd_seed, sizeof rnd_seed);
1134 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
1141 if(!strcmp(*argv,"-F"))
1146 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
1150 else if (strcmp(*argv,"-server_auth") == 0)
1152 else if (strcmp(*argv,"-client_auth") == 0)
1154 else if (strcmp(*argv,"-proxy_auth") == 0)
1156 if (--argc < 1) goto bad;
1157 app_verify_arg.proxy_auth= *(++argv);
1159 else if (strcmp(*argv,"-proxy_cond") == 0)
1161 if (--argc < 1) goto bad;
1162 app_verify_arg.proxy_cond= *(++argv);
1164 else if (strcmp(*argv,"-v") == 0)
1166 else if (strcmp(*argv,"-d") == 0)
1168 else if (strcmp(*argv,"-reuse") == 0)
1170 else if (strcmp(*argv,"-dhe1024") == 0)
1172 #ifndef OPENSSL_NO_DH
1175 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1178 else if (strcmp(*argv,"-dhe1024dsa") == 0)
1180 #ifndef OPENSSL_NO_DH
1183 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1186 else if (strcmp(*argv,"-no_dhe") == 0)
1188 else if (strcmp(*argv,"-no_ecdhe") == 0)
1190 else if (strcmp(*argv,"-psk") == 0)
1192 if (--argc < 1) goto bad;
1194 #ifndef OPENSSL_NO_PSK
1195 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key))
1197 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
1204 #ifndef OPENSSL_NO_SRP
1205 else if (strcmp(*argv,"-srpuser") == 0)
1207 if (--argc < 1) goto bad;
1208 srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
1211 else if (strcmp(*argv,"-srppass") == 0)
1213 if (--argc < 1) goto bad;
1214 srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
1218 else if (strcmp(*argv,"-ssl2") == 0)
1220 else if (strcmp(*argv,"-tls1") == 0)
1222 else if (strcmp(*argv,"-ssl3") == 0)
1224 else if (strncmp(*argv,"-num",4) == 0)
1226 if (--argc < 1) goto bad;
1227 number= atoi(*(++argv));
1228 if (number == 0) number=1;
1230 else if (strcmp(*argv,"-bytes") == 0)
1232 if (--argc < 1) goto bad;
1233 bytes= atol(*(++argv));
1234 if (bytes == 0L) bytes=1L;
1236 if (argv[0][i-1] == 'k') bytes*=1024L;
1237 if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
1239 else if (strcmp(*argv,"-cert") == 0)
1241 if (--argc < 1) goto bad;
1242 server_cert= *(++argv);
1244 else if (strcmp(*argv,"-s_cert") == 0)
1246 if (--argc < 1) goto bad;
1247 server_cert= *(++argv);
1249 else if (strcmp(*argv,"-key") == 0)
1251 if (--argc < 1) goto bad;
1252 server_key= *(++argv);
1254 else if (strcmp(*argv,"-s_key") == 0)
1256 if (--argc < 1) goto bad;
1257 server_key= *(++argv);
1259 else if (strcmp(*argv,"-c_cert") == 0)
1261 if (--argc < 1) goto bad;
1262 client_cert= *(++argv);
1264 else if (strcmp(*argv,"-c_key") == 0)
1266 if (--argc < 1) goto bad;
1267 client_key= *(++argv);
1269 else if (strcmp(*argv,"-cipher") == 0)
1271 if (--argc < 1) goto bad;
1274 else if (strcmp(*argv,"-CApath") == 0)
1276 if (--argc < 1) goto bad;
1279 else if (strcmp(*argv,"-CAfile") == 0)
1281 if (--argc < 1) goto bad;
1284 else if (strcmp(*argv,"-bio_pair") == 0)
1288 else if (strcmp(*argv,"-f") == 0)
1292 else if (strcmp(*argv,"-time") == 0)
1296 #ifndef OPENSSL_NO_COMP
1297 else if (strcmp(*argv,"-zlib") == 0)
1301 else if (strcmp(*argv,"-rle") == 0)
1306 else if (strcmp(*argv,"-named_curve") == 0)
1308 if (--argc < 1) goto bad;
1309 #ifndef OPENSSL_NO_ECDH
1310 named_curve = *(++argv);
1312 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
1316 else if (strcmp(*argv,"-app_verify") == 0)
1318 app_verify_arg.app_verify = 1;
1320 else if (strcmp(*argv,"-proxy") == 0)
1322 app_verify_arg.allow_proxy_certs = 1;
1324 else if (strcmp(*argv,"-test_cipherlist") == 0)
1326 test_cipherlist = 1;
1328 #ifndef OPENSSL_NO_NPN
1329 else if (strcmp(*argv,"-npn_client") == 0)
1333 else if (strcmp(*argv,"-npn_server") == 0)
1337 else if (strcmp(*argv,"-npn_server_reject") == 0)
1339 npn_server_reject = 1;
1342 else if (strcmp(*argv,"-serverinfo_sct") == 0)
1346 else if (strcmp(*argv,"-serverinfo_tack") == 0)
1348 serverinfo_tack = 1;
1350 else if (strcmp(*argv,"-serverinfo_file") == 0)
1352 if (--argc < 1) goto bad;
1353 serverinfo_file = *(++argv);
1355 else if (strcmp(*argv,"-custom_ext") == 0)
1359 else if (strcmp(*argv,"-alpn_client") == 0)
1361 if (--argc < 1) goto bad;
1362 alpn_client = *(++argv);
1364 else if (strcmp(*argv,"-alpn_server") == 0)
1366 if (--argc < 1) goto bad;
1367 alpn_server = *(++argv);
1369 else if (strcmp(*argv,"-alpn_expected") == 0)
1371 if (--argc < 1) goto bad;
1372 alpn_expected = *(++argv);
1374 else if (strcmp(*argv,"-suppdata") == 0)
1380 fprintf(stderr,"unknown option %s\n",*argv);
1394 if (test_cipherlist == 1)
1396 /* ensure that the cipher list are correctly sorted and exit */
1397 if (do_test_cipherlist() == 0)
1403 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
1405 fprintf(stderr, "This case cannot work. Use -f to perform "
1406 "the test anyway (and\n-d to see what happens), "
1407 "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
1408 "to avoid protocol mismatch.\n");
1415 if(!FIPS_mode_set(1))
1417 ERR_load_crypto_strings();
1418 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
1422 fprintf(stderr,"*** IN FIPS MODE ***\n");
1430 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1433 if (number < 50 && !force)
1434 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1437 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1440 SSL_load_error_strings();
1442 #ifndef OPENSSL_NO_COMP
1443 if (comp == COMP_ZLIB) cm = COMP_zlib();
1444 if (comp == COMP_RLE) cm = COMP_rle();
1447 if (cm->type != NID_undef)
1449 if (SSL_COMP_add_compression_method(comp, cm) != 0)
1452 "Failed to add compression method\n");
1453 ERR_print_errors_fp(stderr);
1459 "Warning: %s compression not supported\n",
1460 (comp == COMP_RLE ? "rle" :
1461 (comp == COMP_ZLIB ? "zlib" :
1463 ERR_print_errors_fp(stderr);
1466 ssl_comp_methods = SSL_COMP_get_compression_methods();
1467 fprintf(stderr, "Available compression methods:\n");
1469 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
1471 fprintf(stderr, " NONE\n");
1473 for (j = 0; j < n; j++)
1475 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1476 fprintf(stderr, " %d: %s\n", c->id, c->name);
1481 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
1483 meth=SSLv2_method();
1486 meth=TLSv1_method();
1489 meth=SSLv3_method();
1491 meth=SSLv23_method();
1493 #ifdef OPENSSL_NO_SSL2
1495 meth=TLSv1_method();
1498 meth=SSLv3_method();
1500 meth=SSLv23_method();
1502 meth=SSLv2_method();
1506 c_ctx=SSL_CTX_new(meth);
1507 s_ctx=SSL_CTX_new(meth);
1508 if ((c_ctx == NULL) || (s_ctx == NULL))
1510 ERR_print_errors(bio_err);
1516 SSL_CTX_set_cipher_list(c_ctx,cipher);
1517 SSL_CTX_set_cipher_list(s_ctx,cipher);
1520 #ifndef OPENSSL_NO_DH
1525 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
1526 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1533 SSL_CTX_set_tmp_dh(s_ctx,dh);
1540 #ifndef OPENSSL_NO_ECDH
1545 if (named_curve != NULL)
1547 nid = OBJ_sn2nid(named_curve);
1550 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1555 #ifdef OPENSSL_NO_EC2M
1556 nid = NID_X9_62_prime256v1;
1558 nid = NID_sect163r2;
1561 ecdh = EC_KEY_new_by_curve_name(nid);
1564 BIO_printf(bio_err, "unable to create curve\n");
1568 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1569 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1576 #ifndef OPENSSL_NO_RSA
1577 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
1580 #ifdef TLSEXT_TYPE_opaque_prf_input
1581 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
1582 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
1583 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
1584 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
1587 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
1589 ERR_print_errors(bio_err);
1591 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
1592 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
1594 ERR_print_errors(bio_err);
1600 SSL_CTX_use_certificate_file(c_ctx,client_cert,
1602 SSL_CTX_use_PrivateKey_file(c_ctx,
1603 (client_key?client_key:client_cert),
1607 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
1608 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1609 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
1610 (!SSL_CTX_set_default_verify_paths(c_ctx)))
1612 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1613 ERR_print_errors(bio_err);
1619 BIO_printf(bio_err,"client authentication\n");
1620 SSL_CTX_set_verify(s_ctx,
1621 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1623 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
1627 BIO_printf(bio_err,"server authentication\n");
1628 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
1630 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
1634 int session_id_context = 0;
1635 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
1638 /* Use PSK only if PSK key is given */
1639 if (psk_key != NULL)
1641 /* no_psk is used to avoid putting psk command to openssl tool */
1644 /* if PSK is not compiled in and psk key is
1645 * given, do nothing and exit successfully */
1649 #ifndef OPENSSL_NO_PSK
1650 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1651 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1653 BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n");
1654 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint"))
1656 BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
1657 ERR_print_errors(bio_err);
1662 #ifndef OPENSSL_NO_SRP
1663 if (srp_client_arg.srplogin)
1665 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
1667 BIO_printf(bio_err,"Unable to set SRP username\n");
1670 SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
1671 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
1672 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
1675 if (srp_server_arg.expected_user != NULL)
1677 SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
1678 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1679 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1683 #ifndef OPENSSL_NO_NPN
1686 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1690 if (npn_server_reject)
1692 BIO_printf(bio_err, "Can't have both -npn_server and -npn_server_reject\n");
1695 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1697 if (npn_server_reject)
1699 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1704 SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL,
1705 serverinfo_cli_cb, NULL);
1706 if (serverinfo_tack)
1707 SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL,
1708 serverinfo_cli_cb, NULL);
1710 if (serverinfo_file)
1711 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
1713 BIO_printf(bio_err, "missing serverinfo file\n");
1719 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1720 custom_ext_0_cli_first_cb,
1721 custom_ext_0_cli_second_cb, NULL);
1722 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1723 custom_ext_1_cli_first_cb,
1724 custom_ext_1_cli_second_cb, NULL);
1725 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1726 custom_ext_2_cli_first_cb,
1727 custom_ext_2_cli_second_cb, NULL);
1728 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1729 custom_ext_3_cli_first_cb,
1730 custom_ext_3_cli_second_cb, NULL);
1733 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1734 custom_ext_0_srv_first_cb,
1735 custom_ext_0_srv_second_cb, NULL);
1736 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1737 custom_ext_1_srv_first_cb,
1738 custom_ext_1_srv_second_cb, NULL);
1739 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1740 custom_ext_2_srv_first_cb,
1741 custom_ext_2_srv_second_cb, NULL);
1742 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1743 custom_ext_3_srv_first_cb,
1744 custom_ext_3_srv_second_cb, NULL);
1748 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
1752 unsigned short alpn_len;
1753 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1757 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1760 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
1764 c_ssl=SSL_new(c_ctx);
1765 s_ssl=SSL_new(s_ctx);
1770 //client and server both send and receive, verify additional arg passed back
1771 SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0, supp_data_0_srv_first_cb, supp_data_0_srv_second_cb, s_ssl);
1772 SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0, supp_data_0_cli_first_cb, supp_data_0_cli_second_cb, c_ssl);
1774 //-1 response from sending server/client doesn't receive, -1 response from sending client/server doesn't receive
1775 SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1, supp_data_1_srv_first_cb, supp_data_1_srv_second_cb, NULL);
1776 SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1, supp_data_1_cli_first_cb, supp_data_1_cli_second_cb, NULL);
1778 //null sending server/client doesn't receive, null sending client/server doesn't receive
1779 SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2, /*supp_data_2_srv_first_cb*/NULL, supp_data_2_srv_second_cb, NULL);
1780 SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2, supp_data_2_cli_first_cb, /*supp_data_2_cli_second_cb*/NULL, NULL);
1782 //alerts set to non-zero and zero return values not tested
1784 #ifndef OPENSSL_NO_KRB5
1785 if (c_ssl && c_ssl->kssl_ctx)
1787 char localhost[MAXHOSTNAMELEN+2];
1789 if (gethostname(localhost, sizeof localhost-1) == 0)
1791 localhost[sizeof localhost-1]='\0';
1792 if(strlen(localhost) == sizeof localhost-1)
1794 BIO_printf(bio_err,"localhost name too long\n");
1797 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
1801 #endif /* OPENSSL_NO_KRB5 */
1803 for (i=0; i<number; i++)
1805 if (!reuse) SSL_set_session(c_ssl,NULL);
1807 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
1809 ret=doit(s_ssl,c_ssl,bytes);
1814 print_details(c_ssl, "");
1816 if ((number > 1) || (bytes > 1L))
1817 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
1820 #ifdef CLOCKS_PER_SEC
1821 /* "To determine the time in seconds, the value returned
1822 * by the clock function should be divided by the value
1823 * of the macro CLOCKS_PER_SEC."
1824 * -- ISO/IEC 9899 */
1825 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1826 "Approximate total client time: %6.2f s\n",
1827 (double)s_time/CLOCKS_PER_SEC,
1828 (double)c_time/CLOCKS_PER_SEC);
1830 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
1831 * -- cc on NeXTstep/OpenStep */
1832 BIO_printf(bio_stdout,
1833 "Approximate total server time: %6.2f units\n"
1834 "Approximate total client time: %6.2f units\n",
1844 if (s_ctx != NULL) SSL_CTX_free(s_ctx);
1845 if (c_ctx != NULL) SSL_CTX_free(c_ctx);
1847 if (bio_stdout != NULL) BIO_free(bio_stdout);
1849 #ifndef OPENSSL_NO_RSA
1852 #ifndef OPENSSL_NO_ENGINE
1855 CRYPTO_cleanup_all_ex_data();
1857 ERR_remove_thread_state(NULL);
1859 CRYPTO_mem_leaks(bio_err);
1860 if (bio_err != NULL) BIO_free(bio_err);
1865 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1866 clock_t *s_time, clock_t *c_time)
1868 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1869 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1870 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1873 size_t bufsiz = 256; /* small buffer for testing */
1875 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1877 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1880 s_ssl_bio = BIO_new(BIO_f_ssl());
1884 c_ssl_bio = BIO_new(BIO_f_ssl());
1888 SSL_set_connect_state(c_ssl);
1889 SSL_set_bio(c_ssl, client, client);
1890 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1892 SSL_set_accept_state(s_ssl);
1893 SSL_set_bio(s_ssl, server, server);
1894 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1898 /* c_ssl_bio: SSL filter BIO
1900 * client: pseudo-I/O for SSL library
1902 * client_io: client's SSL communication; usually to be
1903 * relayed over some I/O facility, but in this
1904 * test program, we're the server, too:
1906 * server_io: server's SSL communication
1908 * server: pseudo-I/O for SSL library
1910 * s_ssl_bio: SSL filter BIO
1912 * The client and the server each employ a "BIO pair":
1913 * client + client_io, server + server_io.
1914 * BIO pairs are symmetric. A BIO pair behaves similar
1915 * to a non-blocking socketpair (but both endpoints must
1916 * be handled by the same thread).
1917 * [Here we could connect client and server to the ends
1918 * of a single BIO pair, but then this code would be less
1919 * suitable as an example for BIO pairs in general.]
1921 * Useful functions for querying the state of BIO pair endpoints:
1923 * BIO_ctrl_pending(bio) number of bytes we can read now
1924 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1925 * other side's read attempt
1926 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1928 * ..._read_request is never more than ..._write_guarantee;
1929 * it depends on the application which one you should use.
1932 /* We have non-blocking behaviour throughout this test program, but
1933 * can be sure that there is *some* progress in each iteration; so
1934 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
1935 * -- we just try everything in each iteration
1941 MS_STATIC char cbuf[1024*8];
1943 clock_t c_clock = clock();
1945 memset(cbuf, 0, sizeof(cbuf));
1948 if (SSL_in_init(c_ssl))
1949 printf("client waiting in SSL_connect - %s\n",
1950 SSL_state_string_long(c_ssl));
1954 /* Write to server. */
1956 if (cw_num > (long)sizeof cbuf)
1960 r = BIO_write(c_ssl_bio, cbuf, i);
1963 if (!BIO_should_retry(c_ssl_bio))
1965 fprintf(stderr,"ERROR in CLIENT\n");
1968 /* BIO_should_retry(...) can just be ignored here.
1969 * The library expects us to call BIO_write with
1970 * the same arguments again, and that's what we will
1971 * do in the next iteration. */
1975 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1981 printf("client wrote %d\n", r);
1988 /* Read from server. */
1990 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1993 if (!BIO_should_retry(c_ssl_bio))
1995 fprintf(stderr,"ERROR in CLIENT\n");
1998 /* Again, "BIO_should_retry" can be ignored. */
2002 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2008 printf("client read %d\n", r);
2013 /* c_time and s_time increments will typically be very small
2014 * (depending on machine speed and clock tick intervals),
2015 * but sampling over a large number of connections should
2016 * result in fairly accurate figures. We cannot guarantee
2017 * a lot, however -- if each connection lasts for exactly
2018 * one clock tick, it will be counted only for the client
2019 * or only for the server or even not at all.
2021 *c_time += (clock() - c_clock);
2027 MS_STATIC char sbuf[1024*8];
2029 clock_t s_clock = clock();
2031 memset(sbuf, 0, sizeof(sbuf));
2034 if (SSL_in_init(s_ssl))
2035 printf("server waiting in SSL_accept - %s\n",
2036 SSL_state_string_long(s_ssl));
2040 /* Write to client. */
2042 if (sw_num > (long)sizeof sbuf)
2046 r = BIO_write(s_ssl_bio, sbuf, i);
2049 if (!BIO_should_retry(s_ssl_bio))
2051 fprintf(stderr,"ERROR in SERVER\n");
2054 /* Ignore "BIO_should_retry". */
2058 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
2064 printf("server wrote %d\n", r);
2071 /* Read from client. */
2073 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2076 if (!BIO_should_retry(s_ssl_bio))
2078 fprintf(stderr,"ERROR in SERVER\n");
2085 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
2091 printf("server read %d\n", r);
2096 *s_time += (clock() - s_clock);
2100 /* "I/O" BETWEEN CLIENT AND SERVER. */
2103 BIO *io1 = server_io, *io2 = client_io;
2104 /* we use the non-copying interface for io1
2105 * and the standard BIO_write/BIO_read interface for io2
2108 static int prev_progress = 1;
2117 r1 = BIO_ctrl_pending(io1);
2118 r2 = BIO_ctrl_get_write_guarantee(io2);
2127 if (INT_MAX < num) /* yeah, right */
2130 r = BIO_nread(io1, &dataptr, (int)num);
2132 assert(r <= (int)num);
2133 /* possibly r < num (non-contiguous data) */
2135 r = BIO_write(io2, dataptr, (int)num);
2136 if (r != (int)num) /* can't happen */
2138 fprintf(stderr, "ERROR: BIO_write could not write "
2139 "BIO_ctrl_get_write_guarantee() bytes");
2145 printf((io1 == client_io) ?
2146 "C->S relaying: %d bytes\n" :
2147 "S->C relaying: %d bytes\n",
2158 r1 = BIO_ctrl_pending(io2);
2159 r2 = BIO_ctrl_get_read_request(io1);
2160 /* here we could use ..._get_write_guarantee instead of
2161 * ..._get_read_request, but by using the latter
2162 * we test restartability of the SSL implementation
2163 * more thoroughly */
2175 --num; /* test restartability even more thoroughly */
2177 r = BIO_nwrite0(io1, &dataptr);
2181 r = BIO_read(io2, dataptr, (int)num);
2182 if (r != (int)num) /* can't happen */
2184 fprintf(stderr, "ERROR: BIO_read could not read "
2185 "BIO_ctrl_pending() bytes");
2189 r = BIO_nwrite(io1, &dataptr, (int)num);
2190 if (r != (int)num) /* can't happen */
2192 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2193 "BIO_nwrite0() bytes");
2198 printf((io2 == client_io) ?
2199 "C->S relaying: %d bytes\n" :
2200 "S->C relaying: %d bytes\n",
2203 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
2205 if (!progress && !prev_progress)
2206 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
2208 fprintf(stderr, "ERROR: got stuck\n");
2209 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
2211 fprintf(stderr, "This can happen for SSL2 because "
2212 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
2213 "concurrently ...");
2214 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
2215 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
2217 fprintf(stderr, " ok.\n");
2221 fprintf(stderr, " ERROR.\n");
2224 prev_progress = progress;
2227 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2230 print_details(c_ssl, "DONE via BIO pair: ");
2231 #ifndef OPENSSL_NO_NPN
2232 if (verify_npn(c_ssl, s_ssl) < 0)
2238 if (verify_serverinfo() < 0)
2243 if (verify_alpn(c_ssl, s_ssl) < 0)
2249 if (custom_ext_error)
2259 ERR_print_errors(bio_err);
2264 BIO_free(server_io);
2268 BIO_free(client_io);
2270 BIO_free(s_ssl_bio);
2272 BIO_free(c_ssl_bio);
2283 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2285 MS_STATIC char cbuf[1024*8],sbuf[1024*8];
2286 long cw_num=count,cr_num=count;
2287 long sw_num=count,sr_num=count;
2293 int c_r,c_w,s_r,s_w;
2296 int c_write,s_write;
2297 int do_server=0,do_client=0;
2299 memset(cbuf,0,sizeof(cbuf));
2300 memset(sbuf,0,sizeof(sbuf));
2302 c_to_s=BIO_new(BIO_s_mem());
2303 s_to_c=BIO_new(BIO_s_mem());
2304 if ((s_to_c == NULL) || (c_to_s == NULL))
2306 ERR_print_errors(bio_err);
2310 c_bio=BIO_new(BIO_f_ssl());
2311 s_bio=BIO_new(BIO_f_ssl());
2312 if ((c_bio == NULL) || (s_bio == NULL))
2314 ERR_print_errors(bio_err);
2318 SSL_set_connect_state(c_ssl);
2319 SSL_set_bio(c_ssl,s_to_c,c_to_s);
2320 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
2322 SSL_set_accept_state(s_ssl);
2323 SSL_set_bio(s_ssl,c_to_s,s_to_c);
2324 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
2328 c_write=1,s_write=0;
2330 /* We can always do writes */
2336 i=(int)BIO_pending(s_bio);
2337 if ((i && s_r) || s_w) do_server=1;
2339 i=(int)BIO_pending(c_bio);
2340 if ((i && c_r) || c_w) do_client=1;
2342 if (do_server && debug)
2344 if (SSL_in_init(s_ssl))
2345 printf("server waiting in SSL_accept - %s\n",
2346 SSL_state_string_long(s_ssl));
2347 /* else if (s_write)
2348 printf("server:SSL_write()\n");
2350 printf("server:SSL_read()\n"); */
2353 if (do_client && debug)
2355 if (SSL_in_init(c_ssl))
2356 printf("client waiting in SSL_connect - %s\n",
2357 SSL_state_string_long(c_ssl));
2358 /* else if (c_write)
2359 printf("client:SSL_write()\n");
2361 printf("client:SSL_read()\n"); */
2364 if (!do_client && !do_server)
2366 fprintf(stdout,"ERROR IN STARTUP\n");
2367 ERR_print_errors(bio_err);
2370 if (do_client && !(done & C_DONE))
2374 j = (cw_num > (long)sizeof(cbuf)) ?
2375 (int)sizeof(cbuf) : (int)cw_num;
2376 i=BIO_write(c_bio,cbuf,j);
2381 if (BIO_should_retry(c_bio))
2383 if (BIO_should_read(c_bio))
2385 if (BIO_should_write(c_bio))
2390 fprintf(stderr,"ERROR in CLIENT\n");
2391 ERR_print_errors(bio_err);
2397 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2403 printf("client wrote %d\n",i);
2412 i=BIO_read(c_bio,cbuf,sizeof(cbuf));
2417 if (BIO_should_retry(c_bio))
2419 if (BIO_should_read(c_bio))
2421 if (BIO_should_write(c_bio))
2426 fprintf(stderr,"ERROR in CLIENT\n");
2427 ERR_print_errors(bio_err);
2433 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2439 printf("client read %d\n",i);
2456 if (do_server && !(done & S_DONE))
2460 i=BIO_read(s_bio,sbuf,sizeof(cbuf));
2465 if (BIO_should_retry(s_bio))
2467 if (BIO_should_read(s_bio))
2469 if (BIO_should_write(s_bio))
2474 fprintf(stderr,"ERROR in SERVER\n");
2475 ERR_print_errors(bio_err);
2481 ERR_print_errors(bio_err);
2482 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
2488 printf("server read %d\n",i);
2505 j = (sw_num > (long)sizeof(sbuf)) ?
2506 (int)sizeof(sbuf) : (int)sw_num;
2507 i=BIO_write(s_bio,sbuf,j);
2512 if (BIO_should_retry(s_bio))
2514 if (BIO_should_read(s_bio))
2516 if (BIO_should_write(s_bio))
2521 fprintf(stderr,"ERROR in SERVER\n");
2522 ERR_print_errors(bio_err);
2528 ERR_print_errors(bio_err);
2529 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
2535 printf("server wrote %d\n",i);
2545 if ((done & S_DONE) && (done & C_DONE)) break;
2549 print_details(c_ssl, "DONE: ");
2550 #ifndef OPENSSL_NO_NPN
2551 if (verify_npn(c_ssl, s_ssl) < 0)
2557 if (suppdata_error < 0)
2562 if (verify_serverinfo() < 0)
2567 if (custom_ext_error)
2574 /* We have to set the BIO's to NULL otherwise they will be
2575 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
2576 * again when c_ssl is SSL_free()ed.
2577 * This is a hack required because s_ssl and c_ssl are sharing the same
2578 * BIO structure and SSL_set_bio() and SSL_free() automatically
2579 * BIO_free non NULL entries.
2580 * You should not normally do this or be required to do this */
2592 if (c_to_s != NULL) BIO_free(c_to_s);
2593 if (s_to_c != NULL) BIO_free(s_to_c);
2594 if (c_bio != NULL) BIO_free_all(c_bio);
2595 if (s_bio != NULL) BIO_free_all(s_bio);
2599 static int get_proxy_auth_ex_data_idx(void)
2601 static volatile int idx = -1;
2604 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2607 idx = X509_STORE_CTX_get_ex_new_index(0,
2608 "SSLtest for verify callback", NULL,NULL,NULL);
2610 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2615 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
2619 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
2624 fprintf(stderr,"depth=%d %s\n",
2625 ctx->error_depth,buf);
2628 fprintf(stderr,"depth=%d error=%d %s\n",
2629 ctx->error_depth,ctx->error,buf);
2635 fprintf(stderr,"Error string: %s\n",
2636 X509_verify_cert_error_string(ctx->error));
2639 case X509_V_ERR_CERT_NOT_YET_VALID:
2640 case X509_V_ERR_CERT_HAS_EXPIRED:
2641 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2642 fprintf(stderr," ... ignored.\n");
2649 X509 *xs = ctx->current_cert;
2651 X509 *xi = ctx->current_issuer;
2654 if (xs->ex_flags & EXFLAG_PROXY)
2656 unsigned int *letters =
2657 X509_STORE_CTX_get_ex_data(ctx,
2658 get_proxy_auth_ex_data_idx());
2664 PROXY_CERT_INFO_EXTENSION *pci =
2665 X509_get_ext_d2i(xs, NID_proxyCertInfo,
2668 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
2670 case NID_Independent:
2671 /* Completely meaningless in this
2672 program, as there's no way to
2673 grant explicit rights to a
2674 specific PrC. Basically, using
2675 id-ppl-Independent is the perfect
2676 way to grant no rights at all. */
2677 fprintf(stderr, " Independent proxy certificate");
2678 for (i = 0; i < 26; i++)
2681 case NID_id_ppl_inheritAll:
2682 /* This is basically a NOP, we
2683 simply let the current rights
2684 stand as they are. */
2685 fprintf(stderr, " Proxy certificate inherits all");
2689 pci->proxyPolicy->policy->data;
2690 i = pci->proxyPolicy->policy->length;
2692 /* The algorithm works as follows:
2693 it is assumed that previous
2694 iterations or the initial granted
2695 rights has already set some elements
2696 of `letters'. What we need to do is
2697 to clear those that weren't granted
2698 by the current PrC as well. The
2699 easiest way to do this is to add 1
2700 to all the elements whose letters
2701 are given with the current policy.
2702 That way, all elements that are set
2703 by the current policy and were
2704 already set by earlier policies and
2705 through the original grant of rights
2706 will get the value 2 or higher.
2707 The last thing to do is to sweep
2708 through `letters' and keep the
2709 elements having the value 2 as set,
2710 and clear all the others. */
2712 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
2716 if (isascii(c) && isalpha(c))
2723 for (i = 0; i < 26; i++)
2732 ", resulting proxy rights = ");
2733 for(i = 0; i < 26; i++)
2736 fprintf(stderr, "%c", i + 'A');
2740 fprintf(stderr, "none");
2741 fprintf(stderr, "\n");
2743 PROXY_CERT_INFO_EXTENSION_free(pci);
2751 static void process_proxy_debug(int indent, const char *format, ...)
2753 static const char indentation[] =
2754 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2755 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
2756 char my_format[256];
2759 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2760 indent, indent, indentation, format);
2762 va_start(args, format);
2763 vfprintf(stderr, my_format, args);
2771 static int process_proxy_cond_adders(unsigned int letters[26],
2772 const char *cond, const char **cond_end, int *pos, int indent);
2773 static int process_proxy_cond_val(unsigned int letters[26],
2774 const char *cond, const char **cond_end, int *pos, int indent)
2780 while(isspace((int)*cond))
2787 process_proxy_debug(indent,
2788 "Start process_proxy_cond_val at position %d: %s\n",
2795 while(isspace((int)*cond))
2805 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2810 while(isspace((int)*cond))
2818 "Weird condition character in position %d: "
2825 else if (isascii(c) && isalpha(c))
2829 ok = letters[c - 'A'];
2835 "Weird condition character in position %d: "
2842 if (ok >= 0 && negate)
2846 process_proxy_debug(indent,
2847 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2852 static int process_proxy_cond_multipliers(unsigned int letters[26],
2853 const char *cond, const char **cond_end, int *pos, int indent)
2859 process_proxy_debug(indent,
2860 "Start process_proxy_cond_multipliers at position %d: %s\n",
2863 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2870 while(isspace((int)*cond))
2884 ok = process_proxy_cond_val(letters,
2885 cond, cond_end, pos, indent + 1);
2899 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2911 process_proxy_debug(indent,
2912 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2918 static int process_proxy_cond_adders(unsigned int letters[26],
2919 const char *cond, const char **cond_end, int *pos, int indent)
2925 process_proxy_debug(indent,
2926 "Start process_proxy_cond_adders at position %d: %s\n",
2929 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2937 while(isspace((int)*cond))
2950 ok = process_proxy_cond_multipliers(letters,
2951 cond, cond_end, pos, indent + 1);
2962 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2974 process_proxy_debug(indent,
2975 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2982 static int process_proxy_cond(unsigned int letters[26],
2983 const char *cond, const char **cond_end)
2986 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
2989 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2992 struct app_verify_arg *cb_arg = arg;
2993 unsigned int letters[26]; /* only used with proxy_auth */
2995 if (cb_arg->app_verify)
2997 char *s = NULL,buf[256];
2999 fprintf(stderr, "In app_verify_callback, allowing cert. ");
3000 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
3001 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
3002 (void *)ctx, (void *)ctx->cert);
3004 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
3007 fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
3011 if (cb_arg->proxy_auth)
3013 int found_any = 0, i;
3016 for(i = 0; i < 26; i++)
3018 for(sp = cb_arg->proxy_auth; *sp; sp++)
3021 if (isascii(c) && isalpha(c))
3025 letters[c - 'A'] = 1;
3030 " Initial proxy rights = ");
3031 for(i = 0; i < 26; i++)
3034 fprintf(stderr, "%c", i + 'A');
3038 fprintf(stderr, "none");
3039 fprintf(stderr, "\n");
3041 X509_STORE_CTX_set_ex_data(ctx,
3042 get_proxy_auth_ex_data_idx(),letters);
3044 if (cb_arg->allow_proxy_certs)
3046 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
3049 #ifndef OPENSSL_NO_X509_VERIFY
3050 ok = X509_verify_cert(ctx);
3053 if (cb_arg->proxy_auth)
3057 const char *cond_end = NULL;
3059 ok = process_proxy_cond(letters,
3060 cb_arg->proxy_cond, &cond_end);
3066 fprintf(stderr, "Stopped processing condition before it's end.\n");
3070 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
3071 cb_arg->proxy_cond);
3073 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
3074 cb_arg->proxy_cond);
3080 #ifndef OPENSSL_NO_RSA
3081 static RSA *rsa_tmp=NULL;
3083 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
3086 if (rsa_tmp == NULL)
3089 rsa_tmp = RSA_new();
3090 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
3092 BIO_printf(bio_err, "Memory error...");
3095 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
3096 (void)BIO_flush(bio_err);
3097 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
3099 BIO_printf(bio_err, "Error generating key.");
3104 BIO_printf(bio_err,"\n");
3105 (void)BIO_flush(bio_err);
3111 static void free_tmp_rsa(void)
3113 if (rsa_tmp != NULL)
3121 #ifndef OPENSSL_NO_DH
3122 /* These DH parameters have been generated as follows:
3123 * $ openssl dhparam -C -noout 512
3124 * $ openssl dhparam -C -noout 1024
3125 * $ openssl dhparam -C -noout -dsaparam 1024
3126 * (The third function has been renamed to avoid name conflicts.)
3128 static DH *get_dh512()
3130 static unsigned char dh512_p[]={
3131 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
3132 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
3133 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
3134 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
3135 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
3136 0x02,0xC5,0xAE,0x23,
3138 static unsigned char dh512_g[]={
3143 if ((dh=DH_new()) == NULL) return(NULL);
3144 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
3145 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
3146 if ((dh->p == NULL) || (dh->g == NULL))
3147 { DH_free(dh); return(NULL); }
3151 static DH *get_dh1024()
3153 static unsigned char dh1024_p[]={
3154 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
3155 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
3156 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
3157 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
3158 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
3159 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
3160 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
3161 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
3162 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
3163 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
3164 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
3166 static unsigned char dh1024_g[]={
3171 if ((dh=DH_new()) == NULL) return(NULL);
3172 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3173 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3174 if ((dh->p == NULL) || (dh->g == NULL))
3175 { DH_free(dh); return(NULL); }
3179 static DH *get_dh1024dsa()
3181 static unsigned char dh1024_p[]={
3182 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
3183 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
3184 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
3185 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
3186 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
3187 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
3188 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
3189 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
3190 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
3191 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
3192 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
3194 static unsigned char dh1024_g[]={
3195 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
3196 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
3197 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
3198 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
3199 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
3200 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
3201 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
3202 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
3203 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
3204 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
3205 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
3209 if ((dh=DH_new()) == NULL) return(NULL);
3210 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3211 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3212 if ((dh->p == NULL) || (dh->g == NULL))
3213 { DH_free(dh); return(NULL); }
3219 #ifndef OPENSSL_NO_PSK
3220 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3221 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3222 unsigned int max_psk_len)
3227 ret = BN_hex2bn(&bn, pskkey);
3230 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey);
3235 if (BN_num_bytes(bn) > (int)max_psk_len)
3237 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
3238 max_psk_len, BN_num_bytes(bn));
3242 ret = BN_bn2bin(bn, psk);
3247 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
3248 unsigned int max_identity_len, unsigned char *psk,
3249 unsigned int max_psk_len)
3252 unsigned int psk_len = 0;
3254 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3258 fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
3259 ret = psk_key2bn(psk_key, psk, max_psk_len);
3267 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3268 unsigned char *psk, unsigned int max_psk_len)
3270 unsigned int psk_len=0;
3272 if (strcmp(identity, "Client_identity") != 0)
3274 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3277 psk_len=psk_key2bn(psk_key, psk, max_psk_len);
3282 static int do_test_cipherlist(void)
3285 const SSL_METHOD *meth;
3286 const SSL_CIPHER *ci, *tci = NULL;
3288 #ifndef OPENSSL_NO_SSL2
3289 fprintf(stderr, "testing SSLv2 cipher list order: ");
3290 meth = SSLv2_method();
3291 while ((ci = meth->get_cipher(i++)) != NULL)
3294 if (ci->id >= tci->id)
3296 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3301 fprintf(stderr, "ok\n");
3303 #ifndef OPENSSL_NO_SSL3
3304 fprintf(stderr, "testing SSLv3 cipher list order: ");
3305 meth = SSLv3_method();
3307 while ((ci = meth->get_cipher(i++)) != NULL)
3310 if (ci->id >= tci->id)
3312 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3317 fprintf(stderr, "ok\n");
3319 #ifndef OPENSSL_NO_TLS1
3320 fprintf(stderr, "testing TLSv1 cipher list order: ");
3321 meth = TLSv1_method();
3323 while ((ci = meth->get_cipher(i++)) != NULL)
3326 if (ci->id >= tci->id)
3328 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3333 fprintf(stderr, "ok\n");