2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* ====================================================================
11 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
12 * ECC cipher suite support in OpenSSL originally developed by
13 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
15 /* ====================================================================
16 * Copyright 2005 Nokia. All rights reserved.
18 * The portions of the attached software ("Contribution") is developed by
19 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
22 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
23 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
24 * support (see RFC 4279) to OpenSSL.
26 * No patent licenses or other rights except those expressly stated in
27 * the OpenSSL open source license shall be deemed granted or received
28 * expressly, by implication, estoppel, or otherwise.
30 * No assurances are provided by Nokia that the Contribution does not
31 * infringe the patent or other intellectual property rights of any third
32 * party or that the license provides you with all the necessary rights
33 * to make use of the Contribution.
35 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
36 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
37 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
38 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
42 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
44 # define _BSD_SOURCE 1
46 #ifndef _DEFAULT_SOURCE
47 # define _DEFAULT_SOURCE 1
61 #ifdef OPENSSL_SYS_VMS
63 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
65 # define _XOPEN_SOURCE 500
70 #include <openssl/bio.h>
71 #include <openssl/crypto.h>
72 #include <openssl/evp.h>
73 #include <openssl/x509.h>
74 #include <openssl/x509v3.h>
75 #include <openssl/ssl.h>
76 #include <openssl/err.h>
77 #include <openssl/rand.h>
78 #ifndef OPENSSL_NO_RSA
79 # include <openssl/rsa.h>
81 #ifndef OPENSSL_NO_DSA
82 # include <openssl/dsa.h>
85 # include <openssl/dh.h>
87 #include <openssl/bn.h>
89 # include <openssl/ct.h>
93 * Or gethostname won't be declared properly
94 * on Compaq platforms (at least with DEC C).
95 * Do not try to put it earlier, or IPv6 includes
98 #define _XOPEN_SOURCE_EXTENDED 1
100 #ifdef OPENSSL_SYS_WINDOWS
101 # include <winsock.h>
103 # include OPENSSL_UNISTD
106 static SSL_CTX *s_ctx = NULL;
107 static SSL_CTX *s_ctx2 = NULL;
110 * There is really no standard for this, so let's assign something
115 static int verify_callback(int ok, X509_STORE_CTX *ctx);
116 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
117 #define APP_CALLBACK_STRING "Test Callback Argument"
118 struct app_verify_arg {
123 #ifndef OPENSSL_NO_DH
124 static DH *get_dh512(void);
125 static DH *get_dh1024(void);
126 static DH *get_dh1024dsa(void);
129 static char *psk_key = NULL; /* by default PSK is not used */
130 #ifndef OPENSSL_NO_PSK
131 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
133 unsigned int max_identity_len,
135 unsigned int max_psk_len);
136 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
138 unsigned int max_psk_len);
141 static BIO *bio_err = NULL;
142 static BIO *bio_stdout = NULL;
144 #ifndef OPENSSL_NO_NEXTPROTONEG
145 /* Note that this code assumes that this is only a one element list: */
146 static const char NEXT_PROTO_STRING[] = "\x09testproto";
147 static int npn_client = 0;
148 static int npn_server = 0;
149 static int npn_server_reject = 0;
151 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
152 const unsigned char *in, unsigned int inlen,
156 * This callback only returns the protocol string, rather than a length
157 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
158 * and remove the first byte to chop off the length prefix.
160 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
161 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
162 return SSL_TLSEXT_ERR_OK;
165 static int cb_server_npn(SSL *s, const unsigned char **data,
166 unsigned int *len, void *arg)
168 *data = (const unsigned char *)NEXT_PROTO_STRING;
169 *len = sizeof(NEXT_PROTO_STRING) - 1;
170 return SSL_TLSEXT_ERR_OK;
173 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
174 unsigned int *len, void *arg)
176 return SSL_TLSEXT_ERR_NOACK;
179 static int verify_npn(SSL *client, SSL *server)
181 const unsigned char *client_s;
183 const unsigned char *server_s;
186 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
187 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
190 BIO_printf(bio_stdout, "Client NPN: ");
191 BIO_write(bio_stdout, client_s, client_len);
192 BIO_printf(bio_stdout, "\n");
196 BIO_printf(bio_stdout, "Server NPN: ");
197 BIO_write(bio_stdout, server_s, server_len);
198 BIO_printf(bio_stdout, "\n");
202 * If an NPN string was returned, it must be the protocol that we
203 * expected to negotiate.
205 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
206 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
208 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
209 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
212 if (!npn_client && client_len)
214 if (!npn_server && server_len)
216 if (npn_server_reject && server_len)
218 if (npn_client && npn_server && (!client_len || !server_len))
225 static const char *alpn_client;
226 static char *alpn_server;
227 static char *alpn_server2;
228 static const char *alpn_expected;
229 static unsigned char *alpn_selected;
230 static const char *server_min_proto;
231 static const char *server_max_proto;
232 static const char *client_min_proto;
233 static const char *client_max_proto;
234 static const char *should_negotiate;
235 static const char *sn_client;
236 static const char *sn_server1;
237 static const char *sn_server2;
238 static int sn_expect = 0;
239 static const char *server_sess_out;
240 static const char *server_sess_in;
241 static const char *client_sess_out;
242 static const char *client_sess_in;
243 static SSL_SESSION *server_sess;
244 static SSL_SESSION *client_sess;
246 static int servername_cb(SSL *s, int *ad, void *arg)
248 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
249 if (sn_server2 == NULL) {
250 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
251 return SSL_TLSEXT_ERR_NOACK;
255 if (s_ctx2 != NULL && sn_server2 != NULL &&
256 !strcasecmp(servername, sn_server2)) {
257 BIO_printf(bio_stdout, "Switching server context.\n");
258 SSL_set_SSL_CTX(s, s_ctx2);
261 return SSL_TLSEXT_ERR_OK;
263 static int verify_servername(SSL *client, SSL *server)
265 /* just need to see if sn_context is what we expect */
266 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
269 if (sn_expect == 1 && ctx == s_ctx)
271 if (sn_expect == 2 && ctx == s_ctx2)
273 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
275 BIO_printf(bio_stdout, "Servername: context is 2\n");
276 else if (ctx == s_ctx)
277 BIO_printf(bio_stdout, "Servername: context is 1\n");
279 BIO_printf(bio_stdout, "Servername: context is unknown\n");
285 * next_protos_parse parses a comma separated list of strings into a string
286 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
287 * outlen: (output) set to the length of the resulting buffer on success.
288 * err: (maybe NULL) on failure, an error message line is written to this BIO.
289 * in: a NUL terminated string like "abc,def,ghi"
291 * returns: a malloced buffer or NULL on failure.
293 static unsigned char *next_protos_parse(size_t *outlen,
304 out = OPENSSL_malloc(strlen(in) + 1);
308 for (i = 0; i <= len; ++i) {
309 if (i == len || in[i] == ',') {
310 if (i - start > 255) {
314 out[start] = i - start;
324 static int cb_server_alpn(SSL *s, const unsigned char **out,
325 unsigned char *outlen, const unsigned char *in,
326 unsigned int inlen, void *arg)
328 unsigned char *protos;
330 char* alpn_str = arg;
332 protos = next_protos_parse(&protos_len, alpn_str);
333 if (protos == NULL) {
334 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
339 if (SSL_select_next_proto
340 ((unsigned char **)out, outlen, protos, protos_len, in,
341 inlen) != OPENSSL_NPN_NEGOTIATED) {
342 OPENSSL_free(protos);
343 return SSL_TLSEXT_ERR_NOACK;
347 * Make a copy of the selected protocol which will be freed in
350 alpn_selected = OPENSSL_malloc(*outlen);
351 memcpy(alpn_selected, *out, *outlen);
352 *out = alpn_selected;
354 OPENSSL_free(protos);
355 return SSL_TLSEXT_ERR_OK;
358 static int verify_alpn(SSL *client, SSL *server)
360 const unsigned char *client_proto, *server_proto;
361 unsigned int client_proto_len = 0, server_proto_len = 0;
362 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
363 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
365 OPENSSL_free(alpn_selected);
366 alpn_selected = NULL;
368 if (client_proto_len != server_proto_len) {
369 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
373 if (client_proto != NULL &&
374 memcmp(client_proto, server_proto, client_proto_len) != 0) {
375 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
379 if (client_proto_len > 0 && alpn_expected == NULL) {
380 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
384 if (alpn_expected != NULL &&
385 (client_proto_len != strlen(alpn_expected) ||
386 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
387 BIO_printf(bio_stdout,
388 "ALPN selected protocols not equal to expected protocol: %s\n",
396 BIO_printf(bio_stdout, "ALPN results: client: '");
397 BIO_write(bio_stdout, client_proto, client_proto_len);
398 BIO_printf(bio_stdout, "', server: '");
399 BIO_write(bio_stdout, server_proto, server_proto_len);
400 BIO_printf(bio_stdout, "'\n");
401 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
403 if (SSL_get_SSL_CTX(server) == s_ctx2) {
404 BIO_printf(bio_stdout, "%s'\n",
407 BIO_printf(bio_stdout, "%s'\n",
414 * WARNING : below extension types are *NOT* IETF assigned, and could
415 * conflict if these types are reassigned and handled specially by OpenSSL
418 #define TACK_EXT_TYPE 62208
419 #define CUSTOM_EXT_TYPE_0 1000
420 #define CUSTOM_EXT_TYPE_1 1001
421 #define CUSTOM_EXT_TYPE_2 1002
422 #define CUSTOM_EXT_TYPE_3 1003
424 static const char custom_ext_cli_string[] = "abc";
425 static const char custom_ext_srv_string[] = "defg";
427 /* These set from cmdline */
428 static char *serverinfo_file = NULL;
429 static int serverinfo_sct = 0;
430 static int serverinfo_tack = 0;
432 /* These set based on extension callbacks */
433 static int serverinfo_sct_seen = 0;
434 static int serverinfo_tack_seen = 0;
435 static int serverinfo_other_seen = 0;
437 /* This set from cmdline */
438 static int custom_ext = 0;
440 /* This set based on extension callbacks */
441 static int custom_ext_error = 0;
443 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
444 const unsigned char *in, size_t inlen,
447 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
448 serverinfo_sct_seen++;
449 else if (ext_type == TACK_EXT_TYPE)
450 serverinfo_tack_seen++;
452 serverinfo_other_seen++;
456 static int verify_serverinfo()
458 if (serverinfo_sct != serverinfo_sct_seen)
460 if (serverinfo_tack != serverinfo_tack_seen)
462 if (serverinfo_other_seen)
468 * Four test cases for custom extensions:
469 * 0 - no ClientHello extension or ServerHello response
470 * 1 - ClientHello with "abc", no response
471 * 2 - ClientHello with "abc", empty response
472 * 3 - ClientHello with "abc", "defg" response
475 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
476 const unsigned char **out,
477 size_t *outlen, int *al, void *arg)
479 if (ext_type != CUSTOM_EXT_TYPE_0)
480 custom_ext_error = 1;
481 return 0; /* Don't send an extension */
484 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
485 const unsigned char *in,
486 size_t inlen, int *al, void *arg)
491 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
492 const unsigned char **out,
493 size_t *outlen, int *al, void *arg)
495 if (ext_type != CUSTOM_EXT_TYPE_1)
496 custom_ext_error = 1;
497 *out = (const unsigned char *)custom_ext_cli_string;
498 *outlen = strlen(custom_ext_cli_string);
499 return 1; /* Send "abc" */
502 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
503 const unsigned char *in,
504 size_t inlen, int *al, void *arg)
509 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
510 const unsigned char **out,
511 size_t *outlen, int *al, void *arg)
513 if (ext_type != CUSTOM_EXT_TYPE_2)
514 custom_ext_error = 1;
515 *out = (const unsigned char *)custom_ext_cli_string;
516 *outlen = strlen(custom_ext_cli_string);
517 return 1; /* Send "abc" */
520 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
521 const unsigned char *in,
522 size_t inlen, int *al, void *arg)
524 if (ext_type != CUSTOM_EXT_TYPE_2)
525 custom_ext_error = 1;
527 custom_ext_error = 1; /* Should be empty response */
531 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
532 const unsigned char **out,
533 size_t *outlen, int *al, void *arg)
535 if (ext_type != CUSTOM_EXT_TYPE_3)
536 custom_ext_error = 1;
537 *out = (const unsigned char *)custom_ext_cli_string;
538 *outlen = strlen(custom_ext_cli_string);
539 return 1; /* Send "abc" */
542 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
543 const unsigned char *in,
544 size_t inlen, int *al, void *arg)
546 if (ext_type != CUSTOM_EXT_TYPE_3)
547 custom_ext_error = 1;
548 if (inlen != strlen(custom_ext_srv_string))
549 custom_ext_error = 1;
550 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
551 custom_ext_error = 1; /* Check for "defg" */
556 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
559 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
560 const unsigned char *in,
561 size_t inlen, int *al, void *arg)
563 custom_ext_error = 1;
567 /* 'add' callbacks are only called if the 'parse' callback is called */
568 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
569 const unsigned char **out,
570 size_t *outlen, int *al, void *arg)
572 /* Error: should not have been called */
573 custom_ext_error = 1;
574 return 0; /* Don't send an extension */
577 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
578 const unsigned char *in,
579 size_t inlen, int *al, void *arg)
581 if (ext_type != CUSTOM_EXT_TYPE_1)
582 custom_ext_error = 1;
583 /* Check for "abc" */
584 if (inlen != strlen(custom_ext_cli_string))
585 custom_ext_error = 1;
586 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
587 custom_ext_error = 1;
591 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
592 const unsigned char **out,
593 size_t *outlen, int *al, void *arg)
595 return 0; /* Don't send an extension */
598 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
599 const unsigned char *in,
600 size_t inlen, int *al, void *arg)
602 if (ext_type != CUSTOM_EXT_TYPE_2)
603 custom_ext_error = 1;
604 /* Check for "abc" */
605 if (inlen != strlen(custom_ext_cli_string))
606 custom_ext_error = 1;
607 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
608 custom_ext_error = 1;
612 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
613 const unsigned char **out,
614 size_t *outlen, int *al, void *arg)
618 return 1; /* Send empty extension */
621 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
622 const unsigned char *in,
623 size_t inlen, int *al, void *arg)
625 if (ext_type != CUSTOM_EXT_TYPE_3)
626 custom_ext_error = 1;
627 /* Check for "abc" */
628 if (inlen != strlen(custom_ext_cli_string))
629 custom_ext_error = 1;
630 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
631 custom_ext_error = 1;
635 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
636 const unsigned char **out,
637 size_t *outlen, int *al, void *arg)
639 *out = (const unsigned char *)custom_ext_srv_string;
640 *outlen = strlen(custom_ext_srv_string);
641 return 1; /* Send "defg" */
644 static char *cipher = NULL;
645 static int verbose = 0;
646 static int debug = 0;
647 static const char rnd_seed[] =
648 "string to make the random number generator think it has entropy";
650 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
651 long bytes, clock_t *s_time, clock_t *c_time);
652 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
654 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
656 static void sv_usage(void)
658 fprintf(stderr, "usage: ssltest [args ...]\n");
659 fprintf(stderr, "\n");
660 fprintf(stderr, " -server_auth - check server certificate\n");
661 fprintf(stderr, " -client_auth - do client authentication\n");
662 fprintf(stderr, " -v - more output\n");
663 fprintf(stderr, " -d - debug output\n");
664 fprintf(stderr, " -reuse - use session-id reuse\n");
665 fprintf(stderr, " -num <val> - number of connections to perform\n");
667 " -bytes <val> - number of bytes to swap between client/server\n");
668 #ifndef OPENSSL_NO_DH
670 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
672 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
674 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
675 fprintf(stderr, " -no_dhe - disable DHE\n");
677 #ifndef OPENSSL_NO_EC
678 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
680 #ifndef OPENSSL_NO_PSK
681 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
683 #ifndef OPENSSL_NO_SSL3
684 fprintf(stderr, " -ssl3 - use SSLv3\n");
686 #ifndef OPENSSL_NO_TLS1
687 fprintf(stderr, " -tls1 - use TLSv1\n");
689 #ifndef OPENSSL_NO_DTLS
690 fprintf(stderr, " -dtls - use DTLS\n");
691 #ifndef OPENSSL_NO_DTLS1
692 fprintf(stderr, " -dtls1 - use DTLSv1\n");
694 #ifndef OPENSSL_NO_DTLS1_2
695 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
698 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
699 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
700 fprintf(stderr, " -cert arg - Server certificate file\n");
702 " -key arg - Server key file (default: same as -cert)\n");
703 fprintf(stderr, " -c_cert arg - Client certificate file\n");
705 " -c_key arg - Client key file (default: same as -c_cert)\n");
706 fprintf(stderr, " -cipher arg - The cipher list\n");
707 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
708 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
709 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
710 fprintf(stderr, " -f - Test even cases that can't work\n");
712 " -time - measure processor time used by client and server\n");
713 fprintf(stderr, " -zlib - use zlib compression\n");
714 #ifndef OPENSSL_NO_NEXTPROTONEG
715 fprintf(stderr, " -npn_client - have client side offer NPN\n");
716 fprintf(stderr, " -npn_server - have server side offer NPN\n");
717 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
719 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
720 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
722 " -serverinfo_tack - have client offer and expect TACK\n");
724 " -custom_ext - try various custom extension callbacks\n");
725 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
726 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
727 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
728 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
730 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
731 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
732 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
733 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
734 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
735 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
736 #ifndef OPENSSL_NO_CT
737 fprintf(stderr, " -noct - no certificate transparency\n");
738 fprintf(stderr, " -requestct - request certificate transparency\n");
739 fprintf(stderr, " -requirect - require certificate transparency\n");
741 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
742 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
743 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
744 fprintf(stderr, " -sn_expect1 - expected server 1\n");
745 fprintf(stderr, " -sn_expect2 - expected server 2\n");
746 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
747 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
748 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
749 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
750 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
751 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
754 static void print_key_details(BIO *out, EVP_PKEY *key)
756 int keyid = EVP_PKEY_id(key);
757 #ifndef OPENSSL_NO_EC
758 if (keyid == EVP_PKEY_EC) {
759 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
762 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
764 cname = EC_curve_nid2nist(nid);
766 cname = OBJ_nid2sn(nid);
767 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
783 algname = OBJ_nid2sn(keyid);
786 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
790 static void print_details(SSL *c_ssl, const char *prefix)
792 const SSL_CIPHER *ciph;
797 ciph = SSL_get_current_cipher(c_ssl);
798 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
800 SSL_get_version(c_ssl),
801 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
802 cert = SSL_get_peer_certificate(c_ssl);
804 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
806 if (pubkey != NULL) {
807 BIO_puts(bio_stdout, ", ");
808 print_key_details(bio_stdout, pubkey);
812 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
813 BIO_puts(bio_stdout, ", temp key: ");
814 print_key_details(bio_stdout, pkey);
817 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
818 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
819 BIO_printf(bio_stdout, "\n");
823 * protocol_from_string - converts a protocol version string to a number
825 * Returns -1 on failure or the version on success
827 static int protocol_from_string(const char *value)
829 struct protocol_versions {
833 static const struct protocol_versions versions[] = {
834 {"ssl3", SSL3_VERSION},
835 {"tls1", TLS1_VERSION},
836 {"tls1.1", TLS1_1_VERSION},
837 {"tls1.2", TLS1_2_VERSION},
838 {"tls1.3", TLS1_3_VERSION},
839 {"dtls1", DTLS1_VERSION},
840 {"dtls1.2", DTLS1_2_VERSION}};
842 size_t n = OSSL_NELEM(versions);
844 for (i = 0; i < n; i++)
845 if (strcmp(versions[i].name, value) == 0)
846 return versions[i].version;
850 static SSL_SESSION *read_session(const char *filename)
853 BIO *f = BIO_new_file(filename, "r");
856 BIO_printf(bio_err, "Can't open session file %s\n", filename);
857 ERR_print_errors(bio_err);
860 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
862 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
863 ERR_print_errors(bio_err);
869 static int write_session(const char *filename, SSL_SESSION *sess)
871 BIO *f = BIO_new_file(filename, "w");
874 BIO_printf(bio_err, "No session information\n");
878 BIO_printf(bio_err, "Can't open session file %s\n", filename);
879 ERR_print_errors(bio_err);
882 PEM_write_bio_SSL_SESSION(f, sess);
888 * set_protocol_version - Sets protocol version minimum or maximum
890 * Returns 0 on failure and 1 on success
892 static int set_protocol_version(const char *version, SSL *ssl, int setting)
894 if (version != NULL) {
895 int ver = protocol_from_string(version);
897 BIO_printf(bio_err, "Error parsing: %s\n", version);
900 return SSL_ctrl(ssl, setting, ver, NULL);
905 int main(int argc, char *argv[])
907 const char *CApath = NULL, *CAfile = NULL;
909 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
911 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1;
913 int server_auth = 0, i;
914 struct app_verify_arg app_verify_arg =
915 { APP_CALLBACK_STRING, 0 };
917 SSL_CTX *c_ctx = NULL;
918 const SSL_METHOD *meth = NULL;
920 int number = 1, reuse = 0;
921 int should_reuse = -1;
924 #ifndef OPENSSL_NO_DH
926 int dhe512 = 0, dhe1024dsa = 0;
931 clock_t s_time = 0, c_time = 0;
932 #ifndef OPENSSL_NO_COMP
934 COMP_METHOD *cm = NULL;
935 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
938 int min_version = 0, max_version = 0;
939 #ifndef OPENSSL_NO_CT
941 * Disable CT validation by default, because it will interfere with
942 * anything using custom extension handlers to deal with SCT extensions.
944 int ct_validation = 0;
946 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
947 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
948 char *arg = NULL, *argn = NULL;
954 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
956 p = getenv("OPENSSL_DEBUG_MEMORY");
957 if (p != NULL && strcmp(p, "on") == 0)
958 CRYPTO_set_mem_debug(1);
959 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
961 RAND_seed(rnd_seed, sizeof rnd_seed);
963 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
965 s_cctx = SSL_CONF_CTX_new();
966 s_cctx2 = SSL_CONF_CTX_new();
967 c_cctx = SSL_CONF_CTX_new();
969 if (!s_cctx || !c_cctx || !s_cctx2) {
970 ERR_print_errors(bio_err);
974 SSL_CONF_CTX_set_flags(s_cctx,
975 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
976 SSL_CONF_FLAG_CERTIFICATE |
977 SSL_CONF_FLAG_REQUIRE_PRIVATE);
978 SSL_CONF_CTX_set_flags(s_cctx2,
979 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
980 SSL_CONF_FLAG_CERTIFICATE |
981 SSL_CONF_FLAG_REQUIRE_PRIVATE);
982 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
983 ERR_print_errors(bio_err);
986 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
987 ERR_print_errors(bio_err);
991 SSL_CONF_CTX_set_flags(c_cctx,
992 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
993 SSL_CONF_FLAG_CERTIFICATE |
994 SSL_CONF_FLAG_REQUIRE_PRIVATE);
995 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
996 ERR_print_errors(bio_err);
1004 if (strcmp(*argv, "-F") == 0) {
1006 "not compiled with FIPS support, so exiting without running.\n");
1008 } else if (strcmp(*argv, "-server_auth") == 0)
1010 else if (strcmp(*argv, "-client_auth") == 0)
1012 else if (strcmp(*argv, "-v") == 0)
1014 else if (strcmp(*argv, "-d") == 0)
1016 else if (strcmp(*argv, "-reuse") == 0)
1018 else if (strcmp(*argv, "-dhe512") == 0) {
1019 #ifndef OPENSSL_NO_DH
1023 "ignoring -dhe512, since I'm compiled without DH\n");
1025 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1026 #ifndef OPENSSL_NO_DH
1030 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1032 } else if (strcmp(*argv, "-no_dhe") == 0)
1034 else if (strcmp(*argv, "-no_ecdhe") == 0)
1036 else if (strcmp(*argv, "-psk") == 0) {
1039 psk_key = *(++argv);
1040 #ifndef OPENSSL_NO_PSK
1041 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1042 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1049 else if (strcmp(*argv, "-tls1_2") == 0) {
1051 } else if (strcmp(*argv, "-tls1") == 0) {
1053 } else if (strcmp(*argv, "-ssl3") == 0) {
1055 } else if (strcmp(*argv, "-dtls1") == 0) {
1057 } else if (strcmp(*argv, "-dtls12") == 0) {
1059 } else if (strcmp(*argv, "-dtls") == 0) {
1061 } else if (strncmp(*argv, "-num", 4) == 0) {
1064 number = atoi(*(++argv));
1067 } else if (strcmp(*argv, "-bytes") == 0) {
1070 bytes = atol(*(++argv));
1073 i = strlen(argv[0]);
1074 if (argv[0][i - 1] == 'k')
1076 if (argv[0][i - 1] == 'm')
1077 bytes *= 1024L * 1024L;
1078 } else if (strcmp(*argv, "-cipher") == 0) {
1082 } else if (strcmp(*argv, "-CApath") == 0) {
1086 } else if (strcmp(*argv, "-CAfile") == 0) {
1090 } else if (strcmp(*argv, "-bio_pair") == 0) {
1091 bio_type = BIO_PAIR;
1093 #ifndef OPENSSL_NO_SOCK
1094 else if (strcmp(*argv, "-ipv4") == 0) {
1095 bio_type = BIO_IPV4;
1096 } else if (strcmp(*argv, "-ipv6") == 0) {
1097 bio_type = BIO_IPV6;
1100 else if (strcmp(*argv, "-f") == 0) {
1102 } else if (strcmp(*argv, "-time") == 0) {
1105 #ifndef OPENSSL_NO_CT
1106 else if (strcmp(*argv, "-noct") == 0) {
1109 else if (strcmp(*argv, "-ct") == 0) {
1113 #ifndef OPENSSL_NO_COMP
1114 else if (strcmp(*argv, "-zlib") == 0) {
1118 else if (strcmp(*argv, "-app_verify") == 0) {
1119 app_verify_arg.app_verify = 1;
1121 #ifndef OPENSSL_NO_NEXTPROTONEG
1122 else if (strcmp(*argv, "-npn_client") == 0) {
1124 } else if (strcmp(*argv, "-npn_server") == 0) {
1126 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1127 npn_server_reject = 1;
1130 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1132 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1133 serverinfo_tack = 1;
1134 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1137 serverinfo_file = *(++argv);
1138 } else if (strcmp(*argv, "-custom_ext") == 0) {
1140 } else if (strcmp(*argv, "-alpn_client") == 0) {
1143 alpn_client = *(++argv);
1144 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1145 strcmp(*argv, "-alpn_server1") == 0) {
1148 alpn_server = *(++argv);
1149 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1152 alpn_server2 = *(++argv);
1153 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1156 alpn_expected = *(++argv);
1157 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1160 server_min_proto = *(++argv);
1161 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1164 server_max_proto = *(++argv);
1165 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1168 client_min_proto = *(++argv);
1169 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1172 client_max_proto = *(++argv);
1173 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1176 should_negotiate = *(++argv);
1177 } else if (strcmp(*argv, "-sn_client") == 0) {
1180 sn_client = *(++argv);
1181 } else if (strcmp(*argv, "-sn_server1") == 0) {
1184 sn_server1 = *(++argv);
1185 } else if (strcmp(*argv, "-sn_server2") == 0) {
1188 sn_server2 = *(++argv);
1189 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1191 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1193 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1196 server_sess_out = *(++argv);
1197 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1200 server_sess_in = *(++argv);
1201 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1204 client_sess_out = *(++argv);
1205 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1208 client_sess_in = *(++argv);
1209 } else if (strcmp(*argv, "-should_reuse") == 0) {
1212 should_reuse = !!atoi(*(++argv));
1213 } else if (strcmp(*argv, "-no_ticket") == 0) {
1219 /* Try to process command using SSL_CONF */
1220 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1221 /* If not processed try server */
1223 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1224 /* Recognised: store it for later use */
1229 conf_args = sk_OPENSSL_STRING_new_null();
1233 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1235 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1240 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1242 BIO_printf(bio_err, "Error with command %s\n", arg);
1244 BIO_printf(bio_err, "unknown option %s\n", arg);
1257 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1258 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1263 #ifdef OPENSSL_NO_SSL3
1268 #ifdef OPENSSL_NO_TLS1
1273 #ifdef OPENSSL_NO_TLS1_2
1278 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1283 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1291 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1292 * Ideally, we would error out, but the generic test wrapper can't know
1293 * when to expect failure. So we do nothing and return success.
1296 fprintf(stderr, "Testing was requested for a disabled protocol. "
1297 "Skipping tests.\n");
1302 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1303 && !reuse && !force) {
1304 fprintf(stderr, "This case cannot work. Use -f to perform "
1305 "the test anyway (and\n-d to see what happens), "
1306 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1307 "to avoid protocol mismatch.\n");
1312 if (bio_type != BIO_PAIR) {
1313 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1314 bio_type = BIO_PAIR;
1316 if (number < 50 && !force)
1318 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1321 #ifndef OPENSSL_NO_COMP
1322 if (comp == COMP_ZLIB)
1325 if (COMP_get_type(cm) != NID_undef) {
1326 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1327 fprintf(stderr, "Failed to add compression method\n");
1328 ERR_print_errors_fp(stderr);
1332 "Warning: %s compression not supported\n",
1333 comp == COMP_ZLIB ? "zlib" : "unknown");
1334 ERR_print_errors_fp(stderr);
1337 ssl_comp_methods = SSL_COMP_get_compression_methods();
1338 n = sk_SSL_COMP_num(ssl_comp_methods);
1341 printf("Available compression methods:");
1342 for (j = 0; j < n; j++) {
1343 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1344 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1350 #ifndef OPENSSL_NO_TLS
1351 meth = TLS_method();
1353 min_version = SSL3_VERSION;
1354 max_version = SSL3_VERSION;
1356 min_version = TLS1_VERSION;
1357 max_version = TLS1_VERSION;
1358 } else if (tls1_2) {
1359 min_version = TLS1_2_VERSION;
1360 max_version = TLS1_2_VERSION;
1363 #ifndef OPENSSL_NO_DTLS
1364 if (dtls || dtls1 || dtls12)
1365 meth = DTLS_method();
1367 min_version = DTLS1_VERSION;
1368 max_version = DTLS1_VERSION;
1369 } else if (dtls12) {
1370 min_version = DTLS1_2_VERSION;
1371 max_version = DTLS1_2_VERSION;
1375 c_ctx = SSL_CTX_new(meth);
1376 s_ctx = SSL_CTX_new(meth);
1377 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1378 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1379 ERR_print_errors(bio_err);
1383 * Since we will use low security ciphersuites and keys for testing set
1384 * security level to zero by default. Tests can override this by adding
1385 * "@SECLEVEL=n" to the cipher string.
1387 SSL_CTX_set_security_level(c_ctx, 0);
1388 SSL_CTX_set_security_level(s_ctx, 0);
1389 SSL_CTX_set_security_level(s_ctx2, 0);
1392 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1393 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1396 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1398 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1400 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1402 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1405 if (cipher != NULL) {
1406 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1407 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1408 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1409 ERR_print_errors(bio_err);
1414 #ifndef OPENSSL_NO_CT
1415 if (ct_validation &&
1416 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1417 ERR_print_errors(bio_err);
1422 /* Process SSL_CONF arguments */
1423 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1424 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1425 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1427 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1429 arg = sk_OPENSSL_STRING_value(conf_args, i);
1430 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1431 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1432 /* If not recognised use server context */
1434 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1436 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1439 BIO_printf(bio_err, "Error processing %s %s\n",
1440 arg, argn ? argn : "");
1441 ERR_print_errors(bio_err);
1446 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1447 BIO_puts(bio_err, "Error finishing context\n");
1448 ERR_print_errors(bio_err);
1451 #ifndef OPENSSL_NO_DH
1454 dh = get_dh1024dsa();
1459 SSL_CTX_set_tmp_dh(s_ctx, dh);
1460 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1467 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1468 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1469 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1470 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1471 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1472 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1473 ERR_print_errors(bio_err);
1476 #ifndef OPENSSL_NO_CT
1477 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1478 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1479 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1480 ERR_print_errors(bio_err);
1485 printf("client authentication\n");
1486 SSL_CTX_set_verify(s_ctx,
1487 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1489 SSL_CTX_set_verify(s_ctx2,
1490 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1492 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1494 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1498 printf("server authentication\n");
1499 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1500 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1505 int session_id_context = 0;
1506 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1507 sizeof session_id_context) ||
1508 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1509 sizeof session_id_context)) {
1510 ERR_print_errors(bio_err);
1515 /* Use PSK only if PSK key is given */
1516 if (psk_key != NULL) {
1518 * no_psk is used to avoid putting psk command to openssl tool
1522 * if PSK is not compiled in and psk key is given, do nothing and
1528 #ifndef OPENSSL_NO_PSK
1529 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1530 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1531 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1533 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1534 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1535 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1536 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1537 ERR_print_errors(bio_err);
1543 #ifndef OPENSSL_NO_NEXTPROTONEG
1545 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1548 if (npn_server_reject) {
1550 "Can't have both -npn_server and -npn_server_reject\n");
1553 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1554 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1556 if (npn_server_reject) {
1557 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1558 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1562 if (serverinfo_sct) {
1563 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1564 TLSEXT_TYPE_signed_certificate_timestamp,
1566 serverinfo_cli_parse_cb, NULL)) {
1567 BIO_printf(bio_err, "Error adding SCT extension\n");
1571 if (serverinfo_tack) {
1572 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1574 serverinfo_cli_parse_cb, NULL)) {
1575 BIO_printf(bio_err, "Error adding TACK extension\n");
1579 if (serverinfo_file)
1580 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1581 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1582 BIO_printf(bio_err, "missing serverinfo file\n");
1587 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1588 custom_ext_0_cli_add_cb,
1590 custom_ext_0_cli_parse_cb, NULL)
1591 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1592 custom_ext_1_cli_add_cb,
1594 custom_ext_1_cli_parse_cb, NULL)
1595 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1596 custom_ext_2_cli_add_cb,
1598 custom_ext_2_cli_parse_cb, NULL)
1599 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1600 custom_ext_3_cli_add_cb,
1602 custom_ext_3_cli_parse_cb, NULL)
1603 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1604 custom_ext_0_srv_add_cb,
1606 custom_ext_0_srv_parse_cb, NULL)
1607 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1608 custom_ext_0_srv_add_cb,
1610 custom_ext_0_srv_parse_cb, NULL)
1611 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1612 custom_ext_1_srv_add_cb,
1614 custom_ext_1_srv_parse_cb, NULL)
1615 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1616 custom_ext_1_srv_add_cb,
1618 custom_ext_1_srv_parse_cb, NULL)
1619 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1620 custom_ext_2_srv_add_cb,
1622 custom_ext_2_srv_parse_cb, NULL)
1623 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1624 custom_ext_2_srv_add_cb,
1626 custom_ext_2_srv_parse_cb, NULL)
1627 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1628 custom_ext_3_srv_add_cb,
1630 custom_ext_3_srv_parse_cb, NULL)
1631 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1632 custom_ext_3_srv_add_cb,
1634 custom_ext_3_srv_parse_cb, NULL)) {
1635 BIO_printf(bio_err, "Error setting custom extensions\n");
1641 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1643 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1647 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1650 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1653 /* Returns 0 on success!! */
1654 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1655 BIO_printf(bio_err, "Error setting ALPN\n");
1662 if (server_sess_in != NULL) {
1663 server_sess = read_session(server_sess_in);
1664 if (server_sess == NULL)
1667 if (client_sess_in != NULL) {
1668 client_sess = read_session(client_sess_in);
1669 if (client_sess == NULL)
1673 if (server_sess_out != NULL || server_sess_in != NULL) {
1677 /* Use a fixed key so that we can decrypt the ticket. */
1678 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1679 keys = OPENSSL_zalloc(size);
1680 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1684 if (sn_server1 != NULL || sn_server2 != NULL)
1685 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1687 c_ssl = SSL_new(c_ctx);
1688 s_ssl = SSL_new(s_ctx);
1691 SSL_set_tlsext_host_name(c_ssl, sn_client);
1693 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1695 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1697 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1699 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1703 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1704 BIO_printf(bio_err, "Can't add server session\n");
1705 ERR_print_errors(bio_err);
1710 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1711 for (i = 0; i < number; i++) {
1713 if (!SSL_set_session(c_ssl, NULL)) {
1714 BIO_printf(bio_err, "Failed to set session\n");
1718 if (client_sess_in != NULL) {
1719 if (SSL_set_session(c_ssl, client_sess) == 0) {
1720 BIO_printf(bio_err, "Can't set client session\n");
1721 ERR_print_errors(bio_err);
1727 ret = doit(s_ssl, c_ssl, bytes);
1730 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1732 #ifndef OPENSSL_NO_SOCK
1734 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1735 bytes, &s_time, &c_time);
1738 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1739 bytes, &s_time, &c_time);
1751 if (should_negotiate && ret == 0 &&
1752 strcmp(should_negotiate, "fail-server") != 0 &&
1753 strcmp(should_negotiate, "fail-client") != 0) {
1754 int version = protocol_from_string(should_negotiate);
1756 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1760 if (SSL_version(c_ssl) != version) {
1761 BIO_printf(bio_err, "Unxpected version negotiated. "
1762 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1768 if (should_reuse != -1) {
1769 if (SSL_session_reused(s_ssl) != should_reuse ||
1770 SSL_session_reused(c_ssl) != should_reuse) {
1771 BIO_printf(bio_err, "Unexpected session reuse state. "
1772 "Expected: %d, server: %d, client: %d\n", should_reuse,
1773 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1779 if (server_sess_out != NULL) {
1780 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1785 if (client_sess_out != NULL) {
1786 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1793 print_details(c_ssl, "");
1796 #ifdef CLOCKS_PER_SEC
1798 * "To determine the time in seconds, the value returned by the clock
1799 * function should be divided by the value of the macro
1800 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1802 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1803 "Approximate total client time: %6.2f s\n",
1804 (double)s_time / CLOCKS_PER_SEC,
1805 (double)c_time / CLOCKS_PER_SEC);
1807 BIO_printf(bio_stdout,
1808 "Approximate total server time: %6.2f units\n"
1809 "Approximate total client time: %6.2f units\n",
1810 (double)s_time, (double)c_time);
1819 SSL_CTX_free(s_ctx);
1820 SSL_CTX_free(s_ctx2);
1821 SSL_CTX_free(c_ctx);
1822 SSL_CONF_CTX_free(s_cctx);
1823 SSL_CONF_CTX_free(s_cctx2);
1824 SSL_CONF_CTX_free(c_cctx);
1825 sk_OPENSSL_STRING_free(conf_args);
1827 BIO_free(bio_stdout);
1829 SSL_SESSION_free(server_sess);
1830 SSL_SESSION_free(client_sess);
1832 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1833 if (CRYPTO_mem_leaks(bio_err) <= 0)
1840 #ifndef OPENSSL_NO_SOCK
1841 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1842 clock_t *s_time, clock_t *c_time)
1844 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1845 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1846 BIO *acpt = NULL, *server = NULL, *client = NULL;
1849 int err_in_client = 0;
1850 int err_in_server = 0;
1852 acpt = BIO_new_accept("0");
1855 BIO_set_accept_ip_family(acpt, family);
1856 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1857 if (BIO_do_accept(acpt) <= 0)
1860 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1862 client = BIO_new_connect(addr_str);
1863 BIO_set_conn_ip_family(client, family);
1867 if (BIO_set_nbio(client, 1) <= 0)
1869 if (BIO_set_nbio(acpt, 1) <= 0)
1873 int st_connect = 0, st_accept = 0;
1875 while(!st_connect || !st_accept) {
1877 if (BIO_do_connect(client) <= 0) {
1878 if (!BIO_should_retry(client))
1885 if (BIO_do_accept(acpt) <= 0) {
1886 if (!BIO_should_retry(acpt))
1894 /* We're not interested in accepting further connects */
1895 server = BIO_pop(acpt);
1899 s_ssl_bio = BIO_new(BIO_f_ssl());
1903 c_ssl_bio = BIO_new(BIO_f_ssl());
1907 SSL_set_connect_state(c_ssl);
1908 SSL_set_bio(c_ssl, client, client);
1909 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1911 SSL_set_accept_state(s_ssl);
1912 SSL_set_bio(s_ssl, server, server);
1913 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1917 * c_ssl_bio: SSL filter BIO
1919 * client: I/O for SSL library
1922 * server: I/O for SSL library
1924 * s_ssl_bio: SSL filter BIO
1928 * We have non-blocking behaviour throughout this test program, but
1929 * can be sure that there is *some* progress in each iteration; so we
1930 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1931 * we just try everything in each iteration
1937 char cbuf[1024 * 8];
1939 clock_t c_clock = clock();
1941 memset(cbuf, 0, sizeof(cbuf));
1944 if (SSL_in_init(c_ssl))
1945 printf("client waiting in SSL_connect - %s\n",
1946 SSL_state_string_long(c_ssl));
1949 /* Write to server. */
1951 if (cw_num > (long)sizeof cbuf)
1955 r = BIO_write(c_ssl_bio, cbuf, i);
1957 if (!BIO_should_retry(c_ssl_bio)) {
1958 fprintf(stderr, "ERROR in CLIENT\n");
1963 * BIO_should_retry(...) can just be ignored here. The
1964 * library expects us to call BIO_write with the same
1965 * arguments again, and that's what we will do in the
1968 } else if (r == 0) {
1969 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1973 printf("client wrote %d\n", r);
1979 /* Read from server. */
1981 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1983 if (!BIO_should_retry(c_ssl_bio)) {
1984 fprintf(stderr, "ERROR in CLIENT\n");
1989 * Again, "BIO_should_retry" can be ignored.
1991 } else if (r == 0) {
1992 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1996 printf("client read %d\n", r);
2002 * c_time and s_time increments will typically be very small
2003 * (depending on machine speed and clock tick intervals), but
2004 * sampling over a large number of connections should result in
2005 * fairly accurate figures. We cannot guarantee a lot, however
2006 * -- if each connection lasts for exactly one clock tick, it
2007 * will be counted only for the client or only for the server or
2010 *c_time += (clock() - c_clock);
2016 char sbuf[1024 * 8];
2018 clock_t s_clock = clock();
2020 memset(sbuf, 0, sizeof(sbuf));
2023 if (SSL_in_init(s_ssl))
2024 printf("server waiting in SSL_accept - %s\n",
2025 SSL_state_string_long(s_ssl));
2028 /* Write to client. */
2030 if (sw_num > (long)sizeof sbuf)
2034 r = BIO_write(s_ssl_bio, sbuf, i);
2036 if (!BIO_should_retry(s_ssl_bio)) {
2037 fprintf(stderr, "ERROR in SERVER\n");
2041 /* Ignore "BIO_should_retry". */
2042 } else if (r == 0) {
2043 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2047 printf("server wrote %d\n", r);
2053 /* Read from client. */
2055 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2057 if (!BIO_should_retry(s_ssl_bio)) {
2058 fprintf(stderr, "ERROR in SERVER\n");
2063 } else if (r == 0) {
2064 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2068 printf("server read %d\n", r);
2073 *s_time += (clock() - s_clock);
2076 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2079 print_details(c_ssl, "DONE via TCP connect: ");
2080 # ifndef OPENSSL_NO_NEXTPROTONEG
2081 if (verify_npn(c_ssl, s_ssl) < 0) {
2086 if (verify_serverinfo() < 0) {
2087 fprintf(stderr, "Server info verify error\n");
2091 if (verify_alpn(c_ssl, s_ssl) < 0) {
2095 if (verify_servername(c_ssl, s_ssl) < 0) {
2100 if (custom_ext_error) {
2101 fprintf(stderr, "Custom extension error\n");
2106 # ifndef OPENSSL_NO_NEXTPROTONEG
2112 ERR_print_errors(bio_err);
2117 BIO_free(s_ssl_bio);
2118 BIO_free(c_ssl_bio);
2120 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2121 ret = (err_in_client != 0) ? 0 : 1;
2122 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2123 ret = (err_in_server != 0) ? 0 : 1;
2129 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2130 clock_t *s_time, clock_t *c_time)
2132 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2133 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2134 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2136 int err_in_client = 0;
2137 int err_in_server = 0;
2139 size_t bufsiz = 256; /* small buffer for testing */
2141 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2143 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2146 s_ssl_bio = BIO_new(BIO_f_ssl());
2150 c_ssl_bio = BIO_new(BIO_f_ssl());
2154 SSL_set_connect_state(c_ssl);
2155 SSL_set_bio(c_ssl, client, client);
2156 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2158 SSL_set_accept_state(s_ssl);
2159 SSL_set_bio(s_ssl, server, server);
2160 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2164 * c_ssl_bio: SSL filter BIO
2166 * client: pseudo-I/O for SSL library
2168 * client_io: client's SSL communication; usually to be
2169 * relayed over some I/O facility, but in this
2170 * test program, we're the server, too:
2172 * server_io: server's SSL communication
2174 * server: pseudo-I/O for SSL library
2176 * s_ssl_bio: SSL filter BIO
2178 * The client and the server each employ a "BIO pair":
2179 * client + client_io, server + server_io.
2180 * BIO pairs are symmetric. A BIO pair behaves similar
2181 * to a non-blocking socketpair (but both endpoints must
2182 * be handled by the same thread).
2183 * [Here we could connect client and server to the ends
2184 * of a single BIO pair, but then this code would be less
2185 * suitable as an example for BIO pairs in general.]
2187 * Useful functions for querying the state of BIO pair endpoints:
2189 * BIO_ctrl_pending(bio) number of bytes we can read now
2190 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2191 * other side's read attempt
2192 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2194 * ..._read_request is never more than ..._write_guarantee;
2195 * it depends on the application which one you should use.
2199 * We have non-blocking behaviour throughout this test program, but
2200 * can be sure that there is *some* progress in each iteration; so we
2201 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2202 * we just try everything in each iteration
2208 char cbuf[1024 * 8];
2210 clock_t c_clock = clock();
2212 memset(cbuf, 0, sizeof(cbuf));
2215 if (SSL_in_init(c_ssl))
2216 printf("client waiting in SSL_connect - %s\n",
2217 SSL_state_string_long(c_ssl));
2220 /* Write to server. */
2222 if (cw_num > (long)sizeof cbuf)
2226 r = BIO_write(c_ssl_bio, cbuf, i);
2228 if (!BIO_should_retry(c_ssl_bio)) {
2229 fprintf(stderr, "ERROR in CLIENT\n");
2234 * BIO_should_retry(...) can just be ignored here. The
2235 * library expects us to call BIO_write with the same
2236 * arguments again, and that's what we will do in the
2239 } else if (r == 0) {
2240 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2244 printf("client wrote %d\n", r);
2250 /* Read from server. */
2252 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2254 if (!BIO_should_retry(c_ssl_bio)) {
2255 fprintf(stderr, "ERROR in CLIENT\n");
2260 * Again, "BIO_should_retry" can be ignored.
2262 } else if (r == 0) {
2263 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2267 printf("client read %d\n", r);
2273 * c_time and s_time increments will typically be very small
2274 * (depending on machine speed and clock tick intervals), but
2275 * sampling over a large number of connections should result in
2276 * fairly accurate figures. We cannot guarantee a lot, however
2277 * -- if each connection lasts for exactly one clock tick, it
2278 * will be counted only for the client or only for the server or
2281 *c_time += (clock() - c_clock);
2287 char sbuf[1024 * 8];
2289 clock_t s_clock = clock();
2291 memset(sbuf, 0, sizeof(sbuf));
2294 if (SSL_in_init(s_ssl))
2295 printf("server waiting in SSL_accept - %s\n",
2296 SSL_state_string_long(s_ssl));
2299 /* Write to client. */
2301 if (sw_num > (long)sizeof sbuf)
2305 r = BIO_write(s_ssl_bio, sbuf, i);
2307 if (!BIO_should_retry(s_ssl_bio)) {
2308 fprintf(stderr, "ERROR in SERVER\n");
2312 /* Ignore "BIO_should_retry". */
2313 } else if (r == 0) {
2314 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2318 printf("server wrote %d\n", r);
2324 /* Read from client. */
2326 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2328 if (!BIO_should_retry(s_ssl_bio)) {
2329 fprintf(stderr, "ERROR in SERVER\n");
2334 } else if (r == 0) {
2335 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2339 printf("server read %d\n", r);
2344 *s_time += (clock() - s_clock);
2348 /* "I/O" BETWEEN CLIENT AND SERVER. */
2351 BIO *io1 = server_io, *io2 = client_io;
2353 * we use the non-copying interface for io1 and the standard
2354 * BIO_write/BIO_read interface for io2
2357 static int prev_progress = 1;
2365 r1 = BIO_ctrl_pending(io1);
2366 r2 = BIO_ctrl_get_write_guarantee(io2);
2374 if (INT_MAX < num) /* yeah, right */
2377 r = BIO_nread(io1, &dataptr, (int)num);
2379 assert(r <= (int)num);
2381 * possibly r < num (non-contiguous data)
2384 r = BIO_write(io2, dataptr, (int)num);
2385 if (r != (int)num) { /* can't happen */
2386 fprintf(stderr, "ERROR: BIO_write could not write "
2387 "BIO_ctrl_get_write_guarantee() bytes");
2393 printf((io1 == client_io) ?
2394 "C->S relaying: %d bytes\n" :
2395 "S->C relaying: %d bytes\n", (int)num);
2405 r1 = BIO_ctrl_pending(io2);
2406 r2 = BIO_ctrl_get_read_request(io1);
2408 * here we could use ..._get_write_guarantee instead of
2409 * ..._get_read_request, but by using the latter we test
2410 * restartability of the SSL implementation more thoroughly
2422 --num; /* test restartability even more thoroughly */
2424 r = BIO_nwrite0(io1, &dataptr);
2428 r = BIO_read(io2, dataptr, (int)num);
2429 if (r != (int)num) { /* can't happen */
2430 fprintf(stderr, "ERROR: BIO_read could not read "
2431 "BIO_ctrl_pending() bytes");
2435 r = BIO_nwrite(io1, &dataptr, (int)num);
2436 if (r != (int)num) { /* can't happen */
2437 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2438 "BIO_nwrite0() bytes");
2443 printf((io2 == client_io) ?
2444 "C->S relaying: %d bytes\n" :
2445 "S->C relaying: %d bytes\n", (int)num);
2447 } /* no loop, BIO_ctrl_get_read_request now
2448 * returns 0 anyway */
2450 if (!progress && !prev_progress)
2451 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2452 fprintf(stderr, "ERROR: got stuck\n");
2453 fprintf(stderr, " ERROR.\n");
2456 prev_progress = progress;
2459 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2462 print_details(c_ssl, "DONE via BIO pair: ");
2463 #ifndef OPENSSL_NO_NEXTPROTONEG
2464 if (verify_npn(c_ssl, s_ssl) < 0) {
2469 if (verify_serverinfo() < 0) {
2470 fprintf(stderr, "Server info verify error\n");
2474 if (verify_alpn(c_ssl, s_ssl) < 0) {
2478 if (verify_servername(c_ssl, s_ssl) < 0) {
2483 if (custom_ext_error) {
2484 fprintf(stderr, "Custom extension error\n");
2489 #ifndef OPENSSL_NO_NEXTPROTONEG
2495 ERR_print_errors(bio_err);
2498 BIO_free(server_io);
2500 BIO_free(client_io);
2501 BIO_free(s_ssl_bio);
2502 BIO_free(c_ssl_bio);
2504 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2505 ret = (err_in_client != 0) ? 0 : 1;
2506 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2507 ret = (err_in_server != 0) ? 0 : 1;
2517 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2519 char *cbuf = NULL, *sbuf = NULL;
2521 long cw_num = count, cr_num = count;
2522 long sw_num = count, sr_num = count;
2528 int c_r, c_w, s_r, s_w;
2531 int c_write, s_write;
2532 int do_server = 0, do_client = 0;
2533 int max_frag = 5 * 1024;
2534 int err_in_client = 0;
2535 int err_in_server = 0;
2537 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2539 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2541 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2544 c_to_s = BIO_new(BIO_s_mem());
2545 s_to_c = BIO_new(BIO_s_mem());
2546 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2547 ERR_print_errors(bio_err);
2551 c_bio = BIO_new(BIO_f_ssl());
2552 s_bio = BIO_new(BIO_f_ssl());
2553 if ((c_bio == NULL) || (s_bio == NULL)) {
2554 ERR_print_errors(bio_err);
2558 SSL_set_connect_state(c_ssl);
2559 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2560 SSL_set_max_send_fragment(c_ssl, max_frag);
2561 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2564 * We've just given our ref to these BIOs to c_ssl. We need another one to
2567 if (!BIO_up_ref(c_to_s)) {
2568 /* c_to_s and s_to_c will get freed when we free c_ssl */
2573 if (!BIO_up_ref(s_to_c)) {
2574 /* s_to_c will get freed when we free c_ssl */
2579 SSL_set_accept_state(s_ssl);
2580 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2582 /* We've used up all our refs to these now */
2586 SSL_set_max_send_fragment(s_ssl, max_frag);
2587 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2593 c_write = 1, s_write = 0;
2595 /* We can always do writes */
2600 i = (int)BIO_pending(s_bio);
2601 if ((i && s_r) || s_w)
2604 i = (int)BIO_pending(c_bio);
2605 if ((i && c_r) || c_w)
2608 if (do_server && debug) {
2609 if (SSL_in_init(s_ssl))
2610 printf("server waiting in SSL_accept - %s\n",
2611 SSL_state_string_long(s_ssl));
2614 if (do_client && debug) {
2615 if (SSL_in_init(c_ssl))
2616 printf("client waiting in SSL_connect - %s\n",
2617 SSL_state_string_long(c_ssl));
2620 if (!do_client && !do_server) {
2621 fprintf(stdout, "ERROR IN STARTUP\n");
2622 ERR_print_errors(bio_err);
2625 if (do_client && !(done & C_DONE)) {
2627 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2628 i = BIO_write(c_bio, cbuf, j);
2632 if (BIO_should_retry(c_bio)) {
2633 if (BIO_should_read(c_bio))
2635 if (BIO_should_write(c_bio))
2638 fprintf(stderr, "ERROR in CLIENT\n");
2640 ERR_print_errors(bio_err);
2643 } else if (i == 0) {
2644 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2648 printf("client wrote %d\n", i);
2653 if (max_frag > 1029)
2654 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2657 i = BIO_read(c_bio, cbuf, bufsiz);
2661 if (BIO_should_retry(c_bio)) {
2662 if (BIO_should_read(c_bio))
2664 if (BIO_should_write(c_bio))
2667 fprintf(stderr, "ERROR in CLIENT\n");
2669 ERR_print_errors(bio_err);
2672 } else if (i == 0) {
2673 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2677 printf("client read %d\n", i);
2686 done = S_DONE | C_DONE;
2692 if (do_server && !(done & S_DONE)) {
2694 i = BIO_read(s_bio, sbuf, bufsiz);
2698 if (BIO_should_retry(s_bio)) {
2699 if (BIO_should_read(s_bio))
2701 if (BIO_should_write(s_bio))
2704 fprintf(stderr, "ERROR in SERVER\n");
2706 ERR_print_errors(bio_err);
2709 } else if (i == 0) {
2710 ERR_print_errors(bio_err);
2712 "SSL SERVER STARTUP FAILED in SSL_read\n");
2716 printf("server read %d\n", i);
2729 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2730 i = BIO_write(s_bio, sbuf, j);
2734 if (BIO_should_retry(s_bio)) {
2735 if (BIO_should_read(s_bio))
2737 if (BIO_should_write(s_bio))
2740 fprintf(stderr, "ERROR in SERVER\n");
2742 ERR_print_errors(bio_err);
2745 } else if (i == 0) {
2746 ERR_print_errors(bio_err);
2748 "SSL SERVER STARTUP FAILED in SSL_write\n");
2752 printf("server wrote %d\n", i);
2758 if (max_frag > 1029)
2759 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2764 if ((done & S_DONE) && (done & C_DONE))
2769 print_details(c_ssl, "DONE: ");
2770 #ifndef OPENSSL_NO_NEXTPROTONEG
2771 if (verify_npn(c_ssl, s_ssl) < 0) {
2776 if (verify_serverinfo() < 0) {
2777 fprintf(stderr, "Server info verify error\n");
2781 if (custom_ext_error) {
2782 fprintf(stderr, "Custom extension error\n");
2790 BIO_free_all(c_bio);
2791 BIO_free_all(s_bio);
2795 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2796 ret = (err_in_client != 0) ? 0 : 1;
2797 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2798 ret = (err_in_server != 0) ? 0 : 1;
2803 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2807 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2811 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2813 fprintf(stderr, "depth=%d error=%d %s\n",
2814 X509_STORE_CTX_get_error_depth(ctx),
2815 X509_STORE_CTX_get_error(ctx), buf);
2820 int i = X509_STORE_CTX_get_error(ctx);
2824 fprintf(stderr, "Error string: %s\n",
2825 X509_verify_cert_error_string(i));
2827 case X509_V_ERR_CERT_NOT_YET_VALID:
2828 case X509_V_ERR_CERT_HAS_EXPIRED:
2829 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2838 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2841 struct app_verify_arg *cb_arg = arg;
2843 if (cb_arg->app_verify) {
2844 char *s = NULL, buf[256];
2845 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2847 printf("In app_verify_callback, allowing cert. ");
2848 printf("Arg is: %s\n", cb_arg->string);
2849 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2850 (void *)ctx, (void *)c);
2852 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2854 printf("cert depth=%d %s\n",
2855 X509_STORE_CTX_get_error_depth(ctx), buf);
2860 ok = X509_verify_cert(ctx);
2865 #ifndef OPENSSL_NO_DH
2867 * These DH parameters have been generated as follows:
2868 * $ openssl dhparam -C -noout 512
2869 * $ openssl dhparam -C -noout 1024
2870 * $ openssl dhparam -C -noout -dsaparam 1024
2871 * (The third function has been renamed to avoid name conflicts.)
2873 static DH *get_dh512()
2875 static unsigned char dh512_p[] = {
2876 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2878 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2880 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2882 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2884 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2886 0x02, 0xC5, 0xAE, 0x23,
2888 static unsigned char dh512_g[] = {
2894 if ((dh = DH_new()) == NULL)
2896 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2897 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2898 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2907 static DH *get_dh1024()
2909 static unsigned char dh1024_p[] = {
2910 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2912 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2914 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2916 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2918 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2920 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2922 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2924 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2926 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2928 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2930 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2932 static unsigned char dh1024_g[] = {
2938 if ((dh = DH_new()) == NULL)
2940 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2941 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2942 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2951 static DH *get_dh1024dsa()
2953 static unsigned char dh1024_p[] = {
2954 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2956 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2958 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2960 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2962 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2964 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2966 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2968 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2970 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2972 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2974 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2976 static unsigned char dh1024_g[] = {
2977 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2979 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2981 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2983 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2985 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2987 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2989 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2991 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2993 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
2995 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
2997 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3002 if ((dh = DH_new()) == NULL)
3004 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3005 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3006 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3012 DH_set_length(dh, 160);
3017 #ifndef OPENSSL_NO_PSK
3018 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3019 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3020 unsigned int max_psk_len)
3025 ret = BN_hex2bn(&bn, pskkey);
3027 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3032 if (BN_num_bytes(bn) > (int)max_psk_len) {
3034 "psk buffer of callback is too small (%d) for key (%d)\n",
3035 max_psk_len, BN_num_bytes(bn));
3039 ret = BN_bn2bin(bn, psk);
3044 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3046 unsigned int max_identity_len,
3048 unsigned int max_psk_len)
3051 unsigned int psk_len = 0;
3053 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3057 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3059 ret = psk_key2bn(psk_key, psk, max_psk_len);
3067 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3069 unsigned int max_psk_len)
3071 unsigned int psk_len = 0;
3073 if (strcmp(identity, "Client_identity") != 0) {
3074 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3077 psk_len = psk_key2bn(psk_key, psk, max_psk_len);