2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 * DH low level APIs are deprecated for public use, but still ok for
16 #include "internal/deprecated.h"
20 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
22 # define _BSD_SOURCE 1
24 #ifndef _DEFAULT_SOURCE
25 # define _DEFAULT_SOURCE 1
36 #include "internal/nelem.h"
38 #ifdef OPENSSL_SYS_VMS
40 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
42 # define _XOPEN_SOURCE 500
47 #include <openssl/bio.h>
48 #include <openssl/crypto.h>
49 #include <openssl/evp.h>
50 #include <openssl/x509.h>
51 #include <openssl/x509v3.h>
52 #include <openssl/ssl.h>
53 #include <openssl/err.h>
54 #include <openssl/rand.h>
55 #ifndef OPENSSL_NO_RSA
56 # include <openssl/rsa.h>
58 #ifndef OPENSSL_NO_DSA
59 # include <openssl/dsa.h>
62 # include <openssl/dh.h>
64 #include <openssl/bn.h>
66 # include <openssl/ct.h>
68 #include <openssl/provider.h>
71 * Or gethostname won't be declared properly
72 * on Compaq platforms (at least with DEC C).
73 * Do not try to put it earlier, or IPv6 includes
76 #define _XOPEN_SOURCE_EXTENDED 1
78 #ifdef OPENSSL_SYS_WINDOWS
84 DEFINE_STACK_OF(SSL_COMP)
85 DEFINE_STACK_OF_STRING()
87 static SSL_CTX *s_ctx = NULL;
88 static SSL_CTX *s_ctx2 = NULL;
91 * There is really no standard for this, so let's assign something
96 static int verify_callback(int ok, X509_STORE_CTX *ctx);
97 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
98 #define APP_CALLBACK_STRING "Test Callback Argument"
99 struct app_verify_arg {
104 #ifndef OPENSSL_NO_DH
105 static DH *get_dh512(void);
106 static DH *get_dh1024(void);
107 static DH *get_dh1024dsa(void);
110 static char *psk_key = NULL; /* by default PSK is not used */
111 #ifndef OPENSSL_NO_PSK
112 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
114 unsigned int max_identity_len,
116 unsigned int max_psk_len);
117 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
119 unsigned int max_psk_len);
122 static BIO *bio_err = NULL;
123 static BIO *bio_stdout = NULL;
125 #ifndef OPENSSL_NO_NEXTPROTONEG
126 /* Note that this code assumes that this is only a one element list: */
127 static const char NEXT_PROTO_STRING[] = "\x09testproto";
128 static int npn_client = 0;
129 static int npn_server = 0;
130 static int npn_server_reject = 0;
132 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
133 const unsigned char *in, unsigned int inlen,
137 * This callback only returns the protocol string, rather than a length
138 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
139 * and remove the first byte to chop off the length prefix.
141 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
142 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
143 return SSL_TLSEXT_ERR_OK;
146 static int cb_server_npn(SSL *s, const unsigned char **data,
147 unsigned int *len, void *arg)
149 *data = (const unsigned char *)NEXT_PROTO_STRING;
150 *len = sizeof(NEXT_PROTO_STRING) - 1;
151 return SSL_TLSEXT_ERR_OK;
154 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
155 unsigned int *len, void *arg)
157 return SSL_TLSEXT_ERR_NOACK;
160 static int verify_npn(SSL *client, SSL *server)
162 const unsigned char *client_s;
164 const unsigned char *server_s;
167 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
168 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
171 BIO_printf(bio_stdout, "Client NPN: ");
172 BIO_write(bio_stdout, client_s, client_len);
173 BIO_printf(bio_stdout, "\n");
177 BIO_printf(bio_stdout, "Server NPN: ");
178 BIO_write(bio_stdout, server_s, server_len);
179 BIO_printf(bio_stdout, "\n");
183 * If an NPN string was returned, it must be the protocol that we
184 * expected to negotiate.
186 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
187 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
189 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
190 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
193 if (!npn_client && client_len)
195 if (!npn_server && server_len)
197 if (npn_server_reject && server_len)
199 if (npn_client && npn_server && (!client_len || !server_len))
206 static const char *alpn_client;
207 static char *alpn_server;
208 static char *alpn_server2;
209 static const char *alpn_expected;
210 static unsigned char *alpn_selected;
211 static const char *server_min_proto;
212 static const char *server_max_proto;
213 static const char *client_min_proto;
214 static const char *client_max_proto;
215 static const char *should_negotiate;
216 static const char *sn_client;
217 static const char *sn_server1;
218 static const char *sn_server2;
219 static int sn_expect = 0;
220 static const char *server_sess_out;
221 static const char *server_sess_in;
222 static const char *client_sess_out;
223 static const char *client_sess_in;
224 static SSL_SESSION *server_sess;
225 static SSL_SESSION *client_sess;
227 static int servername_cb(SSL *s, int *ad, void *arg)
229 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
230 if (sn_server2 == NULL) {
231 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
232 return SSL_TLSEXT_ERR_NOACK;
236 if (s_ctx2 != NULL && sn_server2 != NULL &&
237 !strcasecmp(servername, sn_server2)) {
238 BIO_printf(bio_stdout, "Switching server context.\n");
239 SSL_set_SSL_CTX(s, s_ctx2);
242 return SSL_TLSEXT_ERR_OK;
244 static int verify_servername(SSL *client, SSL *server)
246 /* just need to see if sn_context is what we expect */
247 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
250 if (sn_expect == 1 && ctx == s_ctx)
252 if (sn_expect == 2 && ctx == s_ctx2)
254 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
256 BIO_printf(bio_stdout, "Servername: context is 2\n");
257 else if (ctx == s_ctx)
258 BIO_printf(bio_stdout, "Servername: context is 1\n");
260 BIO_printf(bio_stdout, "Servername: context is unknown\n");
266 * next_protos_parse parses a comma separated list of strings into a string
267 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
268 * outlen: (output) set to the length of the resulting buffer on success.
269 * in: a NUL terminated string like "abc,def,ghi"
271 * returns: a malloced buffer or NULL on failure.
273 static unsigned char *next_protos_parse(size_t *outlen,
284 out = OPENSSL_malloc(strlen(in) + 1);
288 for (i = 0; i <= len; ++i) {
289 if (i == len || in[i] == ',') {
290 if (i - start > 255) {
294 out[start] = (unsigned char)(i - start);
304 static int cb_server_alpn(SSL *s, const unsigned char **out,
305 unsigned char *outlen, const unsigned char *in,
306 unsigned int inlen, void *arg)
308 unsigned char *protos;
310 char* alpn_str = arg;
312 protos = next_protos_parse(&protos_len, alpn_str);
313 if (protos == NULL) {
314 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
319 if (SSL_select_next_proto
320 ((unsigned char **)out, outlen, protos, protos_len, in,
321 inlen) != OPENSSL_NPN_NEGOTIATED) {
322 OPENSSL_free(protos);
323 return SSL_TLSEXT_ERR_NOACK;
327 * Make a copy of the selected protocol which will be freed in
330 alpn_selected = OPENSSL_malloc(*outlen);
331 memcpy(alpn_selected, *out, *outlen);
332 *out = alpn_selected;
334 OPENSSL_free(protos);
335 return SSL_TLSEXT_ERR_OK;
338 static int verify_alpn(SSL *client, SSL *server)
340 const unsigned char *client_proto, *server_proto;
341 unsigned int client_proto_len = 0, server_proto_len = 0;
342 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
343 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
345 OPENSSL_free(alpn_selected);
346 alpn_selected = NULL;
348 if (client_proto_len != server_proto_len) {
349 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
353 if (client_proto != NULL &&
354 memcmp(client_proto, server_proto, client_proto_len) != 0) {
355 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
359 if (client_proto_len > 0 && alpn_expected == NULL) {
360 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
364 if (alpn_expected != NULL &&
365 (client_proto_len != strlen(alpn_expected) ||
366 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
367 BIO_printf(bio_stdout,
368 "ALPN selected protocols not equal to expected protocol: %s\n",
376 BIO_printf(bio_stdout, "ALPN results: client: '");
377 BIO_write(bio_stdout, client_proto, client_proto_len);
378 BIO_printf(bio_stdout, "', server: '");
379 BIO_write(bio_stdout, server_proto, server_proto_len);
380 BIO_printf(bio_stdout, "'\n");
381 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
383 if (SSL_get_SSL_CTX(server) == s_ctx2) {
384 BIO_printf(bio_stdout, "%s'\n",
387 BIO_printf(bio_stdout, "%s'\n",
394 * WARNING : below extension types are *NOT* IETF assigned, and could
395 * conflict if these types are reassigned and handled specially by OpenSSL
398 #define TACK_EXT_TYPE 62208
399 #define CUSTOM_EXT_TYPE_0 1000
400 #define CUSTOM_EXT_TYPE_1 1001
401 #define CUSTOM_EXT_TYPE_2 1002
402 #define CUSTOM_EXT_TYPE_3 1003
404 static const char custom_ext_cli_string[] = "abc";
405 static const char custom_ext_srv_string[] = "defg";
407 /* These set from cmdline */
408 static char *serverinfo_file = NULL;
409 static int serverinfo_sct = 0;
410 static int serverinfo_tack = 0;
412 /* These set based on extension callbacks */
413 static int serverinfo_sct_seen = 0;
414 static int serverinfo_tack_seen = 0;
415 static int serverinfo_other_seen = 0;
417 /* This set from cmdline */
418 static int custom_ext = 0;
420 /* This set based on extension callbacks */
421 static int custom_ext_error = 0;
423 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
424 const unsigned char *in, size_t inlen,
427 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
428 serverinfo_sct_seen++;
429 else if (ext_type == TACK_EXT_TYPE)
430 serverinfo_tack_seen++;
432 serverinfo_other_seen++;
436 static int verify_serverinfo(void)
438 if (serverinfo_sct != serverinfo_sct_seen)
440 if (serverinfo_tack != serverinfo_tack_seen)
442 if (serverinfo_other_seen)
448 * Four test cases for custom extensions:
449 * 0 - no ClientHello extension or ServerHello response
450 * 1 - ClientHello with "abc", no response
451 * 2 - ClientHello with "abc", empty response
452 * 3 - ClientHello with "abc", "defg" response
455 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
456 const unsigned char **out,
457 size_t *outlen, int *al, void *arg)
459 if (ext_type != CUSTOM_EXT_TYPE_0)
460 custom_ext_error = 1;
461 return 0; /* Don't send an extension */
464 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
465 const unsigned char *in,
466 size_t inlen, int *al, void *arg)
471 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
472 const unsigned char **out,
473 size_t *outlen, int *al, void *arg)
475 if (ext_type != CUSTOM_EXT_TYPE_1)
476 custom_ext_error = 1;
477 *out = (const unsigned char *)custom_ext_cli_string;
478 *outlen = strlen(custom_ext_cli_string);
479 return 1; /* Send "abc" */
482 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
483 const unsigned char *in,
484 size_t inlen, int *al, void *arg)
489 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
490 const unsigned char **out,
491 size_t *outlen, int *al, void *arg)
493 if (ext_type != CUSTOM_EXT_TYPE_2)
494 custom_ext_error = 1;
495 *out = (const unsigned char *)custom_ext_cli_string;
496 *outlen = strlen(custom_ext_cli_string);
497 return 1; /* Send "abc" */
500 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
501 const unsigned char *in,
502 size_t inlen, int *al, void *arg)
504 if (ext_type != CUSTOM_EXT_TYPE_2)
505 custom_ext_error = 1;
507 custom_ext_error = 1; /* Should be empty response */
511 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
512 const unsigned char **out,
513 size_t *outlen, int *al, void *arg)
515 if (ext_type != CUSTOM_EXT_TYPE_3)
516 custom_ext_error = 1;
517 *out = (const unsigned char *)custom_ext_cli_string;
518 *outlen = strlen(custom_ext_cli_string);
519 return 1; /* Send "abc" */
522 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
523 const unsigned char *in,
524 size_t inlen, int *al, void *arg)
526 if (ext_type != CUSTOM_EXT_TYPE_3)
527 custom_ext_error = 1;
528 if (inlen != strlen(custom_ext_srv_string))
529 custom_ext_error = 1;
530 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
531 custom_ext_error = 1; /* Check for "defg" */
536 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
539 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
540 const unsigned char *in,
541 size_t inlen, int *al, void *arg)
543 custom_ext_error = 1;
547 /* 'add' callbacks are only called if the 'parse' callback is called */
548 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
549 const unsigned char **out,
550 size_t *outlen, int *al, void *arg)
552 /* Error: should not have been called */
553 custom_ext_error = 1;
554 return 0; /* Don't send an extension */
557 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
558 const unsigned char *in,
559 size_t inlen, int *al, void *arg)
561 if (ext_type != CUSTOM_EXT_TYPE_1)
562 custom_ext_error = 1;
563 /* Check for "abc" */
564 if (inlen != strlen(custom_ext_cli_string))
565 custom_ext_error = 1;
566 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
567 custom_ext_error = 1;
571 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
572 const unsigned char **out,
573 size_t *outlen, int *al, void *arg)
575 return 0; /* Don't send an extension */
578 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
579 const unsigned char *in,
580 size_t inlen, int *al, void *arg)
582 if (ext_type != CUSTOM_EXT_TYPE_2)
583 custom_ext_error = 1;
584 /* Check for "abc" */
585 if (inlen != strlen(custom_ext_cli_string))
586 custom_ext_error = 1;
587 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
588 custom_ext_error = 1;
592 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
593 const unsigned char **out,
594 size_t *outlen, int *al, void *arg)
598 return 1; /* Send empty extension */
601 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
602 const unsigned char *in,
603 size_t inlen, int *al, void *arg)
605 if (ext_type != CUSTOM_EXT_TYPE_3)
606 custom_ext_error = 1;
607 /* Check for "abc" */
608 if (inlen != strlen(custom_ext_cli_string))
609 custom_ext_error = 1;
610 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
611 custom_ext_error = 1;
615 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
616 const unsigned char **out,
617 size_t *outlen, int *al, void *arg)
619 *out = (const unsigned char *)custom_ext_srv_string;
620 *outlen = strlen(custom_ext_srv_string);
621 return 1; /* Send "defg" */
624 static char *cipher = NULL;
625 static char *ciphersuites = NULL;
626 static int verbose = 0;
627 static int debug = 0;
629 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
630 long bytes, clock_t *s_time, clock_t *c_time);
631 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
633 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
635 static void sv_usage(void)
637 fprintf(stderr, "usage: ssltest [args ...]\n");
638 fprintf(stderr, "\n");
639 fprintf(stderr, " -server_auth - check server certificate\n");
640 fprintf(stderr, " -client_auth - do client authentication\n");
641 fprintf(stderr, " -v - more output\n");
642 fprintf(stderr, " -d - debug output\n");
643 fprintf(stderr, " -reuse - use session-id reuse\n");
644 fprintf(stderr, " -num <val> - number of connections to perform\n");
646 " -bytes <val> - number of bytes to swap between client/server\n");
647 #ifndef OPENSSL_NO_DH
649 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
651 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
653 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
654 fprintf(stderr, " -no_dhe - disable DHE\n");
656 #ifndef OPENSSL_NO_EC
657 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
659 #ifndef OPENSSL_NO_PSK
660 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
662 #ifndef OPENSSL_NO_SSL3
663 fprintf(stderr, " -ssl3 - use SSLv3\n");
665 #ifndef OPENSSL_NO_TLS1
666 fprintf(stderr, " -tls1 - use TLSv1\n");
668 #ifndef OPENSSL_NO_DTLS
669 fprintf(stderr, " -dtls - use DTLS\n");
670 #ifndef OPENSSL_NO_DTLS1
671 fprintf(stderr, " -dtls1 - use DTLSv1\n");
673 #ifndef OPENSSL_NO_DTLS1_2
674 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
677 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
678 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
679 fprintf(stderr, " -cert arg - Server certificate file\n");
681 " -key arg - Server key file (default: same as -cert)\n");
682 fprintf(stderr, " -c_cert arg - Client certificate file\n");
684 " -c_key arg - Client key file (default: same as -c_cert)\n");
685 fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
686 fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
687 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
688 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
689 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
690 fprintf(stderr, " -f - Test even cases that can't work\n");
692 " -time - measure processor time used by client and server\n");
693 fprintf(stderr, " -zlib - use zlib compression\n");
694 #ifndef OPENSSL_NO_NEXTPROTONEG
695 fprintf(stderr, " -npn_client - have client side offer NPN\n");
696 fprintf(stderr, " -npn_server - have server side offer NPN\n");
697 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
699 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
700 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
702 " -serverinfo_tack - have client offer and expect TACK\n");
704 " -custom_ext - try various custom extension callbacks\n");
705 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
706 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
707 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
708 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
710 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
711 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
712 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
713 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
714 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
715 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
716 #ifndef OPENSSL_NO_CT
717 fprintf(stderr, " -noct - no certificate transparency\n");
718 fprintf(stderr, " -requestct - request certificate transparency\n");
719 fprintf(stderr, " -requirect - require certificate transparency\n");
721 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
722 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
723 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
724 fprintf(stderr, " -sn_expect1 - expected server 1\n");
725 fprintf(stderr, " -sn_expect2 - expected server 2\n");
726 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
727 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
728 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
729 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
730 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
731 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
732 fprintf(stderr, " -provider <name> - Load the given provider into the library context\n");
733 fprintf(stderr, " -config <cnf> - Load the given config file into the library context\n");
736 static void print_key_details(BIO *out, EVP_PKEY *key)
738 int keyid = EVP_PKEY_id(key);
739 #ifndef OPENSSL_NO_EC
740 if (keyid == EVP_PKEY_EC) {
741 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
744 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
746 cname = EC_curve_nid2nist(nid);
748 cname = OBJ_nid2sn(nid);
749 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
765 algname = OBJ_nid2sn(keyid);
768 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
772 static void print_details(SSL *c_ssl, const char *prefix)
774 const SSL_CIPHER *ciph;
779 ciph = SSL_get_current_cipher(c_ssl);
780 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
782 SSL_get_version(c_ssl),
783 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
784 cert = SSL_get0_peer_certificate(c_ssl);
786 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
788 if (pubkey != NULL) {
789 BIO_puts(bio_stdout, ", ");
790 print_key_details(bio_stdout, pubkey);
793 if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
794 BIO_puts(bio_stdout, ", temp key: ");
795 print_key_details(bio_stdout, pkey);
798 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
799 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
800 BIO_printf(bio_stdout, "\n");
804 * protocol_from_string - converts a protocol version string to a number
806 * Returns -1 on failure or the version on success
808 static int protocol_from_string(const char *value)
810 struct protocol_versions {
814 static const struct protocol_versions versions[] = {
815 {"ssl3", SSL3_VERSION},
816 {"tls1", TLS1_VERSION},
817 {"tls1.1", TLS1_1_VERSION},
818 {"tls1.2", TLS1_2_VERSION},
819 {"tls1.3", TLS1_3_VERSION},
820 {"dtls1", DTLS1_VERSION},
821 {"dtls1.2", DTLS1_2_VERSION}};
823 size_t n = OSSL_NELEM(versions);
825 for (i = 0; i < n; i++)
826 if (strcmp(versions[i].name, value) == 0)
827 return versions[i].version;
831 static SSL_SESSION *read_session(const char *filename)
834 BIO *f = BIO_new_file(filename, "r");
837 BIO_printf(bio_err, "Can't open session file %s\n", filename);
838 ERR_print_errors(bio_err);
841 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
843 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
844 ERR_print_errors(bio_err);
850 static int write_session(const char *filename, SSL_SESSION *sess)
852 BIO *f = BIO_new_file(filename, "w");
855 BIO_printf(bio_err, "No session information\n");
859 BIO_printf(bio_err, "Can't open session file %s\n", filename);
860 ERR_print_errors(bio_err);
863 PEM_write_bio_SSL_SESSION(f, sess);
869 * set_protocol_version - Sets protocol version minimum or maximum
871 * Returns 0 on failure and 1 on success
873 static int set_protocol_version(const char *version, SSL *ssl, int setting)
875 if (version != NULL) {
876 int ver = protocol_from_string(version);
878 BIO_printf(bio_err, "Error parsing: %s\n", version);
881 return SSL_ctrl(ssl, setting, ver, NULL);
886 int main(int argc, char *argv[])
888 const char *CApath = NULL, *CAfile = NULL;
890 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
892 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
893 int ret = EXIT_FAILURE;
895 int server_auth = 0, i;
896 struct app_verify_arg app_verify_arg =
897 { APP_CALLBACK_STRING, 0 };
898 SSL_CTX *c_ctx = NULL;
899 const SSL_METHOD *meth = NULL;
901 int number = 1, reuse = 0;
902 int should_reuse = -1;
905 #ifndef OPENSSL_NO_DH
907 int dhe512 = 0, dhe1024dsa = 0;
912 clock_t s_time = 0, c_time = 0;
913 #ifndef OPENSSL_NO_COMP
915 COMP_METHOD *cm = NULL;
916 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
919 int min_version = 0, max_version = 0;
920 #ifndef OPENSSL_NO_CT
922 * Disable CT validation by default, because it will interfere with
923 * anything using custom extension handlers to deal with SCT extensions.
925 int ct_validation = 0;
927 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
928 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
929 char *arg = NULL, *argn = NULL;
930 const char *provider = NULL, *config = NULL;
931 OSSL_PROVIDER *thisprov = NULL, *defctxnull = NULL;
932 OPENSSL_CTX *libctx = NULL;
937 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
938 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
940 s_cctx = SSL_CONF_CTX_new();
941 s_cctx2 = SSL_CONF_CTX_new();
942 c_cctx = SSL_CONF_CTX_new();
944 if (!s_cctx || !c_cctx || !s_cctx2) {
945 ERR_print_errors(bio_err);
949 SSL_CONF_CTX_set_flags(s_cctx,
950 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
951 SSL_CONF_FLAG_CERTIFICATE |
952 SSL_CONF_FLAG_REQUIRE_PRIVATE);
953 SSL_CONF_CTX_set_flags(s_cctx2,
954 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
955 SSL_CONF_FLAG_CERTIFICATE |
956 SSL_CONF_FLAG_REQUIRE_PRIVATE);
957 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
958 ERR_print_errors(bio_err);
961 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
962 ERR_print_errors(bio_err);
966 SSL_CONF_CTX_set_flags(c_cctx,
967 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
968 SSL_CONF_FLAG_CERTIFICATE |
969 SSL_CONF_FLAG_REQUIRE_PRIVATE);
970 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
971 ERR_print_errors(bio_err);
979 if (strcmp(*argv, "-F") == 0) {
981 "not compiled with FIPS support, so exiting without running.\n");
983 } else if (strcmp(*argv, "-server_auth") == 0)
985 else if (strcmp(*argv, "-client_auth") == 0)
987 else if (strcmp(*argv, "-v") == 0)
989 else if (strcmp(*argv, "-d") == 0)
991 else if (strcmp(*argv, "-reuse") == 0)
993 else if (strcmp(*argv, "-dhe512") == 0) {
994 #ifndef OPENSSL_NO_DH
998 "ignoring -dhe512, since I'm compiled without DH\n");
1000 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1001 #ifndef OPENSSL_NO_DH
1005 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1007 } else if (strcmp(*argv, "-no_dhe") == 0)
1009 else if (strcmp(*argv, "-no_ecdhe") == 0)
1011 else if (strcmp(*argv, "-psk") == 0) {
1014 psk_key = *(++argv);
1015 #ifndef OPENSSL_NO_PSK
1016 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1017 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1024 else if (strcmp(*argv, "-tls1_2") == 0) {
1026 } else if (strcmp(*argv, "-tls1") == 0) {
1028 } else if (strcmp(*argv, "-ssl3") == 0) {
1030 } else if (strcmp(*argv, "-dtls1") == 0) {
1032 } else if (strcmp(*argv, "-dtls12") == 0) {
1034 } else if (strcmp(*argv, "-dtls") == 0) {
1036 } else if (strncmp(*argv, "-num", 4) == 0) {
1039 number = atoi(*(++argv));
1042 } else if (strcmp(*argv, "-bytes") == 0) {
1045 bytes = atol(*(++argv));
1048 i = strlen(argv[0]);
1049 if (argv[0][i - 1] == 'k')
1051 if (argv[0][i - 1] == 'm')
1052 bytes *= 1024L * 1024L;
1053 } else if (strcmp(*argv, "-cipher") == 0) {
1057 } else if (strcmp(*argv, "-ciphersuites") == 0) {
1060 ciphersuites = *(++argv);
1061 } else if (strcmp(*argv, "-CApath") == 0) {
1065 } else if (strcmp(*argv, "-CAfile") == 0) {
1069 } else if (strcmp(*argv, "-bio_pair") == 0) {
1070 bio_type = BIO_PAIR;
1072 #ifndef OPENSSL_NO_SOCK
1073 else if (strcmp(*argv, "-ipv4") == 0) {
1074 bio_type = BIO_IPV4;
1075 } else if (strcmp(*argv, "-ipv6") == 0) {
1076 bio_type = BIO_IPV6;
1079 else if (strcmp(*argv, "-f") == 0) {
1081 } else if (strcmp(*argv, "-time") == 0) {
1084 #ifndef OPENSSL_NO_CT
1085 else if (strcmp(*argv, "-noct") == 0) {
1088 else if (strcmp(*argv, "-ct") == 0) {
1092 #ifndef OPENSSL_NO_COMP
1093 else if (strcmp(*argv, "-zlib") == 0) {
1097 else if (strcmp(*argv, "-app_verify") == 0) {
1098 app_verify_arg.app_verify = 1;
1100 #ifndef OPENSSL_NO_NEXTPROTONEG
1101 else if (strcmp(*argv, "-npn_client") == 0) {
1103 } else if (strcmp(*argv, "-npn_server") == 0) {
1105 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1106 npn_server_reject = 1;
1109 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1111 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1112 serverinfo_tack = 1;
1113 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1116 serverinfo_file = *(++argv);
1117 } else if (strcmp(*argv, "-custom_ext") == 0) {
1119 } else if (strcmp(*argv, "-alpn_client") == 0) {
1122 alpn_client = *(++argv);
1123 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1124 strcmp(*argv, "-alpn_server1") == 0) {
1127 alpn_server = *(++argv);
1128 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1131 alpn_server2 = *(++argv);
1132 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1135 alpn_expected = *(++argv);
1136 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1139 server_min_proto = *(++argv);
1140 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1143 server_max_proto = *(++argv);
1144 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1147 client_min_proto = *(++argv);
1148 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1151 client_max_proto = *(++argv);
1152 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1155 should_negotiate = *(++argv);
1156 } else if (strcmp(*argv, "-sn_client") == 0) {
1159 sn_client = *(++argv);
1160 } else if (strcmp(*argv, "-sn_server1") == 0) {
1163 sn_server1 = *(++argv);
1164 } else if (strcmp(*argv, "-sn_server2") == 0) {
1167 sn_server2 = *(++argv);
1168 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1170 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1172 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1175 server_sess_out = *(++argv);
1176 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1179 server_sess_in = *(++argv);
1180 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1183 client_sess_out = *(++argv);
1184 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1187 client_sess_in = *(++argv);
1188 } else if (strcmp(*argv, "-should_reuse") == 0) {
1191 should_reuse = !!atoi(*(++argv));
1192 } else if (strcmp(*argv, "-no_ticket") == 0) {
1194 } else if (strcmp(*argv, "-provider") == 0) {
1197 provider = *(++argv);
1198 } else if (strcmp(*argv, "-config") == 0) {
1206 /* Try to process command using SSL_CONF */
1207 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1208 /* If not processed try server */
1210 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1211 /* Recognised: store it for later use */
1216 conf_args = sk_OPENSSL_STRING_new_null();
1220 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1222 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1227 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1229 BIO_printf(bio_err, "Error with command %s\n", arg);
1231 BIO_printf(bio_err, "unknown option %s\n", arg);
1244 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1245 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1250 #ifdef OPENSSL_NO_SSL3
1255 #ifdef OPENSSL_NO_TLS1
1260 #ifdef OPENSSL_NO_TLS1_2
1265 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1270 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1278 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1279 * Ideally, we would error out, but the generic test wrapper can't know
1280 * when to expect failure. So we do nothing and return success.
1283 fprintf(stderr, "Testing was requested for a disabled protocol. "
1284 "Skipping tests.\n");
1289 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1290 && !reuse && !force) {
1291 fprintf(stderr, "This case cannot work. Use -f to perform "
1292 "the test anyway (and\n-d to see what happens), "
1293 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1294 "to avoid protocol mismatch.\n");
1299 if (bio_type != BIO_PAIR) {
1300 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1301 bio_type = BIO_PAIR;
1303 if (number < 50 && !force)
1305 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1308 #ifndef OPENSSL_NO_COMP
1309 if (comp == COMP_ZLIB)
1312 if (COMP_get_type(cm) != NID_undef) {
1313 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1314 fprintf(stderr, "Failed to add compression method\n");
1315 ERR_print_errors_fp(stderr);
1319 "Warning: %s compression not supported\n",
1320 comp == COMP_ZLIB ? "zlib" : "unknown");
1321 ERR_print_errors_fp(stderr);
1324 ssl_comp_methods = SSL_COMP_get_compression_methods();
1325 n = sk_SSL_COMP_num(ssl_comp_methods);
1328 printf("Available compression methods:");
1329 for (j = 0; j < n; j++) {
1330 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1331 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1337 #ifndef OPENSSL_NO_TLS
1338 meth = TLS_method();
1340 min_version = SSL3_VERSION;
1341 max_version = SSL3_VERSION;
1343 min_version = TLS1_VERSION;
1344 max_version = TLS1_VERSION;
1345 } else if (tls1_2) {
1346 min_version = TLS1_2_VERSION;
1347 max_version = TLS1_2_VERSION;
1353 #ifndef OPENSSL_NO_DTLS
1354 if (dtls || dtls1 || dtls12) {
1355 meth = DTLS_method();
1357 min_version = DTLS1_VERSION;
1358 max_version = DTLS1_VERSION;
1359 } else if (dtls12) {
1360 min_version = DTLS1_2_VERSION;
1361 max_version = DTLS1_2_VERSION;
1369 if (provider != NULL) {
1370 defctxnull = OSSL_PROVIDER_load(NULL, "null");
1371 if (defctxnull == NULL)
1373 libctx = OPENSSL_CTX_new();
1378 && !OPENSSL_CTX_load_config(libctx, config))
1381 thisprov = OSSL_PROVIDER_load(libctx, provider);
1382 if (thisprov == NULL)
1386 c_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
1387 s_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
1388 s_ctx2 = SSL_CTX_new_with_libctx(libctx, NULL, meth); /* no SSL_CTX_dup! */
1389 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1390 ERR_print_errors(bio_err);
1394 * Since we will use low security ciphersuites and keys for testing set
1395 * security level to zero by default. Tests can override this by adding
1396 * "@SECLEVEL=n" to the cipher string.
1398 SSL_CTX_set_security_level(c_ctx, 0);
1399 SSL_CTX_set_security_level(s_ctx, 0);
1400 SSL_CTX_set_security_level(s_ctx2, 0);
1403 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1404 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1407 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1409 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1411 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1413 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1416 if (cipher != NULL) {
1417 if (strcmp(cipher, "") == 0) {
1418 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
1419 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1422 ERR_print_errors(bio_err);
1426 /* Should have failed when clearing all TLSv1.2 ciphers. */
1427 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1431 if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1432 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1435 ERR_print_errors(bio_err);
1439 /* Should have failed when clearing all TLSv1.2 ciphers. */
1440 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1444 if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1445 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1448 ERR_print_errors(bio_err);
1452 /* Should have failed when clearing all TLSv1.2 ciphers. */
1453 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1457 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1458 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1459 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1460 ERR_print_errors(bio_err);
1465 if (ciphersuites != NULL) {
1466 if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
1467 || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
1468 || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
1469 ERR_print_errors(bio_err);
1474 #ifndef OPENSSL_NO_CT
1475 if (ct_validation &&
1476 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1477 ERR_print_errors(bio_err);
1482 /* Process SSL_CONF arguments */
1483 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1484 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1485 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1487 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1489 arg = sk_OPENSSL_STRING_value(conf_args, i);
1490 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1491 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1492 /* If not recognised use server context */
1494 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1496 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1499 BIO_printf(bio_err, "Error processing %s %s\n",
1500 arg, argn ? argn : "");
1501 ERR_print_errors(bio_err);
1506 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1507 BIO_puts(bio_err, "Error finishing context\n");
1508 ERR_print_errors(bio_err);
1511 #ifndef OPENSSL_NO_DH
1514 dh = get_dh1024dsa();
1519 SSL_CTX_set_tmp_dh(s_ctx, dh);
1520 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1527 if (!(SSL_CTX_load_verify_file(s_ctx, CAfile)
1528 || SSL_CTX_load_verify_dir(s_ctx, CApath))
1529 || !SSL_CTX_set_default_verify_paths(s_ctx)
1530 || !(SSL_CTX_load_verify_file(s_ctx2, CAfile)
1531 || SSL_CTX_load_verify_dir(s_ctx2, CApath))
1532 || !SSL_CTX_set_default_verify_paths(s_ctx2)
1533 || !(SSL_CTX_load_verify_file(c_ctx, CAfile)
1534 || SSL_CTX_load_verify_dir(c_ctx, CApath))
1535 || !SSL_CTX_set_default_verify_paths(c_ctx)) {
1536 ERR_print_errors(bio_err);
1539 #ifndef OPENSSL_NO_CT
1540 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1541 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1542 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1543 ERR_print_errors(bio_err);
1548 printf("client authentication\n");
1549 SSL_CTX_set_verify(s_ctx,
1550 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1552 SSL_CTX_set_verify(s_ctx2,
1553 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1555 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1557 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1561 printf("server authentication\n");
1562 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1563 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1568 int session_id_context = 0;
1569 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1570 sizeof(session_id_context)) ||
1571 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1572 sizeof(session_id_context))) {
1573 ERR_print_errors(bio_err);
1578 /* Use PSK only if PSK key is given */
1579 if (psk_key != NULL) {
1581 * no_psk is used to avoid putting psk command to openssl tool
1585 * if PSK is not compiled in and psk key is given, do nothing and
1591 #ifndef OPENSSL_NO_PSK
1592 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1593 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1594 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1596 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1597 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1598 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1599 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1600 ERR_print_errors(bio_err);
1606 #ifndef OPENSSL_NO_NEXTPROTONEG
1608 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1611 if (npn_server_reject) {
1613 "Can't have both -npn_server and -npn_server_reject\n");
1616 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1617 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1619 if (npn_server_reject) {
1620 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1621 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1625 if (serverinfo_sct) {
1626 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1627 TLSEXT_TYPE_signed_certificate_timestamp,
1629 serverinfo_cli_parse_cb, NULL)) {
1630 BIO_printf(bio_err, "Error adding SCT extension\n");
1634 if (serverinfo_tack) {
1635 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1637 serverinfo_cli_parse_cb, NULL)) {
1638 BIO_printf(bio_err, "Error adding TACK extension\n");
1642 if (serverinfo_file)
1643 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1644 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1645 BIO_printf(bio_err, "missing serverinfo file\n");
1650 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1651 custom_ext_0_cli_add_cb,
1653 custom_ext_0_cli_parse_cb, NULL)
1654 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1655 custom_ext_1_cli_add_cb,
1657 custom_ext_1_cli_parse_cb, NULL)
1658 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1659 custom_ext_2_cli_add_cb,
1661 custom_ext_2_cli_parse_cb, NULL)
1662 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1663 custom_ext_3_cli_add_cb,
1665 custom_ext_3_cli_parse_cb, NULL)
1666 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1667 custom_ext_0_srv_add_cb,
1669 custom_ext_0_srv_parse_cb, NULL)
1670 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1671 custom_ext_0_srv_add_cb,
1673 custom_ext_0_srv_parse_cb, NULL)
1674 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1675 custom_ext_1_srv_add_cb,
1677 custom_ext_1_srv_parse_cb, NULL)
1678 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1679 custom_ext_1_srv_add_cb,
1681 custom_ext_1_srv_parse_cb, NULL)
1682 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1683 custom_ext_2_srv_add_cb,
1685 custom_ext_2_srv_parse_cb, NULL)
1686 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1687 custom_ext_2_srv_add_cb,
1689 custom_ext_2_srv_parse_cb, NULL)
1690 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1691 custom_ext_3_srv_add_cb,
1693 custom_ext_3_srv_parse_cb, NULL)
1694 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1695 custom_ext_3_srv_add_cb,
1697 custom_ext_3_srv_parse_cb, NULL)) {
1698 BIO_printf(bio_err, "Error setting custom extensions\n");
1704 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1706 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1710 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1713 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1716 /* Returns 0 on success!! */
1717 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1718 BIO_printf(bio_err, "Error setting ALPN\n");
1725 if (server_sess_in != NULL) {
1726 server_sess = read_session(server_sess_in);
1727 if (server_sess == NULL)
1730 if (client_sess_in != NULL) {
1731 client_sess = read_session(client_sess_in);
1732 if (client_sess == NULL)
1736 if (server_sess_out != NULL || server_sess_in != NULL) {
1740 /* Use a fixed key so that we can decrypt the ticket. */
1741 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1742 keys = OPENSSL_zalloc(size);
1743 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1747 if (sn_server1 != NULL || sn_server2 != NULL)
1748 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1750 c_ssl = SSL_new(c_ctx);
1751 s_ssl = SSL_new(s_ctx);
1754 SSL_set_tlsext_host_name(c_ssl, sn_client);
1756 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1758 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1760 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1762 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1766 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1767 BIO_printf(bio_err, "Can't add server session\n");
1768 ERR_print_errors(bio_err);
1773 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1774 for (i = 0; i < number; i++) {
1776 if (!SSL_set_session(c_ssl, NULL)) {
1777 BIO_printf(bio_err, "Failed to set session\n");
1781 if (client_sess_in != NULL) {
1782 if (SSL_set_session(c_ssl, client_sess) == 0) {
1783 BIO_printf(bio_err, "Can't set client session\n");
1784 ERR_print_errors(bio_err);
1790 ret = doit(s_ssl, c_ssl, bytes);
1793 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1795 #ifndef OPENSSL_NO_SOCK
1797 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1798 bytes, &s_time, &c_time);
1801 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1802 bytes, &s_time, &c_time);
1811 if (ret != EXIT_SUCCESS) break;
1814 if (should_negotiate && ret == EXIT_SUCCESS &&
1815 strcmp(should_negotiate, "fail-server") != 0 &&
1816 strcmp(should_negotiate, "fail-client") != 0) {
1817 int version = protocol_from_string(should_negotiate);
1819 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1823 if (SSL_version(c_ssl) != version) {
1824 BIO_printf(bio_err, "Unexpected version negotiated. "
1825 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1831 if (should_reuse != -1) {
1832 if (SSL_session_reused(s_ssl) != should_reuse ||
1833 SSL_session_reused(c_ssl) != should_reuse) {
1834 BIO_printf(bio_err, "Unexpected session reuse state. "
1835 "Expected: %d, server: %d, client: %d\n", should_reuse,
1836 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1842 if (server_sess_out != NULL) {
1843 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1848 if (client_sess_out != NULL) {
1849 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1856 print_details(c_ssl, "");
1859 #ifdef CLOCKS_PER_SEC
1861 * "To determine the time in seconds, the value returned by the clock
1862 * function should be divided by the value of the macro
1863 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1865 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1866 "Approximate total client time: %6.2f s\n",
1867 (double)s_time / CLOCKS_PER_SEC,
1868 (double)c_time / CLOCKS_PER_SEC);
1870 BIO_printf(bio_stdout,
1871 "Approximate total server time: %6.2f units\n"
1872 "Approximate total client time: %6.2f units\n",
1873 (double)s_time, (double)c_time);
1882 SSL_CTX_free(s_ctx);
1883 SSL_CTX_free(s_ctx2);
1884 SSL_CTX_free(c_ctx);
1885 SSL_CONF_CTX_free(s_cctx);
1886 SSL_CONF_CTX_free(s_cctx2);
1887 SSL_CONF_CTX_free(c_cctx);
1888 sk_OPENSSL_STRING_free(conf_args);
1890 BIO_free(bio_stdout);
1892 SSL_SESSION_free(server_sess);
1893 SSL_SESSION_free(client_sess);
1895 OSSL_PROVIDER_unload(defctxnull);
1896 OSSL_PROVIDER_unload(thisprov);
1897 OPENSSL_CTX_free(libctx);
1903 #ifndef OPENSSL_NO_SOCK
1904 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1905 clock_t *s_time, clock_t *c_time)
1907 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1908 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1909 BIO *acpt = NULL, *server = NULL, *client = NULL;
1911 int ret = EXIT_FAILURE;
1912 int err_in_client = 0;
1913 int err_in_server = 0;
1915 acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
1919 BIO_set_accept_ip_family(acpt, family);
1920 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1921 if (BIO_do_accept(acpt) <= 0)
1924 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1926 client = BIO_new_connect(addr_str);
1927 BIO_set_conn_ip_family(client, family);
1931 if (BIO_set_nbio(client, 1) <= 0)
1933 if (BIO_set_nbio(acpt, 1) <= 0)
1937 int st_connect = 0, st_accept = 0;
1939 while(!st_connect || !st_accept) {
1941 if (BIO_do_connect(client) <= 0) {
1942 if (!BIO_should_retry(client))
1949 if (BIO_do_accept(acpt) <= 0) {
1950 if (!BIO_should_retry(acpt))
1958 /* We're not interested in accepting further connects */
1959 server = BIO_pop(acpt);
1963 s_ssl_bio = BIO_new(BIO_f_ssl());
1967 c_ssl_bio = BIO_new(BIO_f_ssl());
1971 SSL_set_connect_state(c_ssl);
1972 SSL_set_bio(c_ssl, client, client);
1973 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1975 SSL_set_accept_state(s_ssl);
1976 SSL_set_bio(s_ssl, server, server);
1977 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1981 * c_ssl_bio: SSL filter BIO
1983 * client: I/O for SSL library
1986 * server: I/O for SSL library
1988 * s_ssl_bio: SSL filter BIO
1992 * We have non-blocking behaviour throughout this test program, but
1993 * can be sure that there is *some* progress in each iteration; so we
1994 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1995 * we just try everything in each iteration
2001 char cbuf[1024 * 8];
2003 clock_t c_clock = clock();
2005 memset(cbuf, 0, sizeof(cbuf));
2008 if (SSL_in_init(c_ssl))
2009 printf("client waiting in SSL_connect - %s\n",
2010 SSL_state_string_long(c_ssl));
2013 /* Write to server. */
2015 if (cw_num > (long)sizeof(cbuf))
2019 r = BIO_write(c_ssl_bio, cbuf, i);
2021 if (!BIO_should_retry(c_ssl_bio)) {
2022 fprintf(stderr, "ERROR in CLIENT\n");
2027 * BIO_should_retry(...) can just be ignored here. The
2028 * library expects us to call BIO_write with the same
2029 * arguments again, and that's what we will do in the
2032 } else if (r == 0) {
2033 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2037 printf("client wrote %d\n", r);
2043 /* Read from server. */
2045 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2047 if (!BIO_should_retry(c_ssl_bio)) {
2048 fprintf(stderr, "ERROR in CLIENT\n");
2053 * Again, "BIO_should_retry" can be ignored.
2055 } else if (r == 0) {
2056 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2060 printf("client read %d\n", r);
2066 * c_time and s_time increments will typically be very small
2067 * (depending on machine speed and clock tick intervals), but
2068 * sampling over a large number of connections should result in
2069 * fairly accurate figures. We cannot guarantee a lot, however
2070 * -- if each connection lasts for exactly one clock tick, it
2071 * will be counted only for the client or only for the server or
2074 *c_time += (clock() - c_clock);
2080 char sbuf[1024 * 8];
2082 clock_t s_clock = clock();
2084 memset(sbuf, 0, sizeof(sbuf));
2087 if (SSL_in_init(s_ssl))
2088 printf("server waiting in SSL_accept - %s\n",
2089 SSL_state_string_long(s_ssl));
2092 /* Write to client. */
2094 if (sw_num > (long)sizeof(sbuf))
2098 r = BIO_write(s_ssl_bio, sbuf, i);
2100 if (!BIO_should_retry(s_ssl_bio)) {
2101 fprintf(stderr, "ERROR in SERVER\n");
2105 /* Ignore "BIO_should_retry". */
2106 } else if (r == 0) {
2107 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2111 printf("server wrote %d\n", r);
2117 /* Read from client. */
2119 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2121 if (!BIO_should_retry(s_ssl_bio)) {
2122 fprintf(stderr, "ERROR in SERVER\n");
2127 } else if (r == 0) {
2128 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2132 printf("server read %d\n", r);
2137 *s_time += (clock() - s_clock);
2140 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2143 print_details(c_ssl, "DONE via TCP connect: ");
2144 # ifndef OPENSSL_NO_NEXTPROTONEG
2145 if (verify_npn(c_ssl, s_ssl) < 0)
2148 if (verify_serverinfo() < 0) {
2149 fprintf(stderr, "Server info verify error\n");
2152 if (verify_alpn(c_ssl, s_ssl) < 0
2153 || verify_servername(c_ssl, s_ssl) < 0)
2156 if (custom_ext_error) {
2157 fprintf(stderr, "Custom extension error\n");
2161 # ifndef OPENSSL_NO_NEXTPROTONEG
2167 ERR_print_errors(bio_err);
2172 BIO_free(s_ssl_bio);
2173 BIO_free(c_ssl_bio);
2175 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2176 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2177 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2178 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2184 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2185 clock_t *s_time, clock_t *c_time)
2187 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2188 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2189 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2190 int ret = EXIT_FAILURE;
2191 int err_in_client = 0;
2192 int err_in_server = 0;
2194 size_t bufsiz = 256; /* small buffer for testing */
2196 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2198 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2201 s_ssl_bio = BIO_new(BIO_f_ssl());
2205 c_ssl_bio = BIO_new(BIO_f_ssl());
2209 SSL_set_connect_state(c_ssl);
2210 SSL_set_bio(c_ssl, client, client);
2211 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2213 SSL_set_accept_state(s_ssl);
2214 SSL_set_bio(s_ssl, server, server);
2215 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2219 * c_ssl_bio: SSL filter BIO
2221 * client: pseudo-I/O for SSL library
2223 * client_io: client's SSL communication; usually to be
2224 * relayed over some I/O facility, but in this
2225 * test program, we're the server, too:
2227 * server_io: server's SSL communication
2229 * server: pseudo-I/O for SSL library
2231 * s_ssl_bio: SSL filter BIO
2233 * The client and the server each employ a "BIO pair":
2234 * client + client_io, server + server_io.
2235 * BIO pairs are symmetric. A BIO pair behaves similar
2236 * to a non-blocking socketpair (but both endpoints must
2237 * be handled by the same thread).
2238 * [Here we could connect client and server to the ends
2239 * of a single BIO pair, but then this code would be less
2240 * suitable as an example for BIO pairs in general.]
2242 * Useful functions for querying the state of BIO pair endpoints:
2244 * BIO_ctrl_pending(bio) number of bytes we can read now
2245 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
2246 * other side's read attempt
2247 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2249 * ..._read_request is never more than ..._write_guarantee;
2250 * it depends on the application which one you should use.
2254 * We have non-blocking behaviour throughout this test program, but
2255 * can be sure that there is *some* progress in each iteration; so we
2256 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2257 * we just try everything in each iteration
2263 char cbuf[1024 * 8];
2265 clock_t c_clock = clock();
2267 memset(cbuf, 0, sizeof(cbuf));
2270 if (SSL_in_init(c_ssl))
2271 printf("client waiting in SSL_connect - %s\n",
2272 SSL_state_string_long(c_ssl));
2275 /* Write to server. */
2277 if (cw_num > (long)sizeof(cbuf))
2281 r = BIO_write(c_ssl_bio, cbuf, i);
2283 if (!BIO_should_retry(c_ssl_bio)) {
2284 fprintf(stderr, "ERROR in CLIENT\n");
2289 * BIO_should_retry(...) can just be ignored here. The
2290 * library expects us to call BIO_write with the same
2291 * arguments again, and that's what we will do in the
2294 } else if (r == 0) {
2295 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2299 printf("client wrote %d\n", r);
2305 /* Read from server. */
2307 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2309 if (!BIO_should_retry(c_ssl_bio)) {
2310 fprintf(stderr, "ERROR in CLIENT\n");
2315 * Again, "BIO_should_retry" can be ignored.
2317 } else if (r == 0) {
2318 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2322 printf("client read %d\n", r);
2328 * c_time and s_time increments will typically be very small
2329 * (depending on machine speed and clock tick intervals), but
2330 * sampling over a large number of connections should result in
2331 * fairly accurate figures. We cannot guarantee a lot, however
2332 * -- if each connection lasts for exactly one clock tick, it
2333 * will be counted only for the client or only for the server or
2336 *c_time += (clock() - c_clock);
2342 char sbuf[1024 * 8];
2344 clock_t s_clock = clock();
2346 memset(sbuf, 0, sizeof(sbuf));
2349 if (SSL_in_init(s_ssl))
2350 printf("server waiting in SSL_accept - %s\n",
2351 SSL_state_string_long(s_ssl));
2354 /* Write to client. */
2356 if (sw_num > (long)sizeof(sbuf))
2360 r = BIO_write(s_ssl_bio, sbuf, i);
2362 if (!BIO_should_retry(s_ssl_bio)) {
2363 fprintf(stderr, "ERROR in SERVER\n");
2367 /* Ignore "BIO_should_retry". */
2368 } else if (r == 0) {
2369 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2373 printf("server wrote %d\n", r);
2379 /* Read from client. */
2381 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2383 if (!BIO_should_retry(s_ssl_bio)) {
2384 fprintf(stderr, "ERROR in SERVER\n");
2389 } else if (r == 0) {
2390 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2394 printf("server read %d\n", r);
2399 *s_time += (clock() - s_clock);
2403 /* "I/O" BETWEEN CLIENT AND SERVER. */
2406 BIO *io1 = server_io, *io2 = client_io;
2408 * we use the non-copying interface for io1 and the standard
2409 * BIO_write/BIO_read interface for io2
2412 static int prev_progress = 1;
2420 r1 = BIO_ctrl_pending(io1);
2421 r2 = BIO_ctrl_get_write_guarantee(io2);
2429 if (INT_MAX < num) /* yeah, right */
2432 r = BIO_nread(io1, &dataptr, (int)num);
2434 assert(r <= (int)num);
2436 * possibly r < num (non-contiguous data)
2439 r = BIO_write(io2, dataptr, (int)num);
2440 if (r != (int)num) { /* can't happen */
2441 fprintf(stderr, "ERROR: BIO_write could not write "
2442 "BIO_ctrl_get_write_guarantee() bytes");
2448 printf((io1 == client_io) ?
2449 "C->S relaying: %d bytes\n" :
2450 "S->C relaying: %d bytes\n", (int)num);
2460 r1 = BIO_ctrl_pending(io2);
2461 r2 = BIO_ctrl_get_read_request(io1);
2463 * here we could use ..._get_write_guarantee instead of
2464 * ..._get_read_request, but by using the latter we test
2465 * restartability of the SSL implementation more thoroughly
2477 --num; /* test restartability even more thoroughly */
2479 r = BIO_nwrite0(io1, &dataptr);
2483 r = BIO_read(io2, dataptr, (int)num);
2484 if (r != (int)num) { /* can't happen */
2485 fprintf(stderr, "ERROR: BIO_read could not read "
2486 "BIO_ctrl_pending() bytes");
2490 r = BIO_nwrite(io1, &dataptr, (int)num);
2491 if (r != (int)num) { /* can't happen */
2492 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2493 "BIO_nwrite0() bytes");
2498 printf((io2 == client_io) ?
2499 "C->S relaying: %d bytes\n" :
2500 "S->C relaying: %d bytes\n", (int)num);
2502 } /* no loop, BIO_ctrl_get_read_request now
2503 * returns 0 anyway */
2505 if (!progress && !prev_progress)
2506 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2507 fprintf(stderr, "ERROR: got stuck\n");
2508 fprintf(stderr, " ERROR.\n");
2511 prev_progress = progress;
2514 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2517 print_details(c_ssl, "DONE via BIO pair: ");
2518 #ifndef OPENSSL_NO_NEXTPROTONEG
2519 if (verify_npn(c_ssl, s_ssl) < 0)
2522 if (verify_serverinfo() < 0) {
2523 fprintf(stderr, "Server info verify error\n");
2526 if (verify_alpn(c_ssl, s_ssl) < 0
2527 || verify_servername(c_ssl, s_ssl) < 0)
2530 if (custom_ext_error) {
2531 fprintf(stderr, "Custom extension error\n");
2535 #ifndef OPENSSL_NO_NEXTPROTONEG
2541 ERR_print_errors(bio_err);
2544 BIO_free(server_io);
2546 BIO_free(client_io);
2547 BIO_free(s_ssl_bio);
2548 BIO_free(c_ssl_bio);
2550 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2551 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2552 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2553 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2563 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2565 char *cbuf = NULL, *sbuf = NULL;
2567 long cw_num = count, cr_num = count;
2568 long sw_num = count, sr_num = count;
2569 int ret = EXIT_FAILURE;
2574 int c_r, c_w, s_r, s_w;
2577 int c_write, s_write;
2578 int do_server = 0, do_client = 0;
2579 int max_frag = 5 * 1024;
2580 int err_in_client = 0;
2581 int err_in_server = 0;
2583 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2585 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2587 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2590 c_to_s = BIO_new(BIO_s_mem());
2591 s_to_c = BIO_new(BIO_s_mem());
2592 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2593 ERR_print_errors(bio_err);
2597 c_bio = BIO_new(BIO_f_ssl());
2598 s_bio = BIO_new(BIO_f_ssl());
2599 if ((c_bio == NULL) || (s_bio == NULL)) {
2600 ERR_print_errors(bio_err);
2604 SSL_set_connect_state(c_ssl);
2605 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2606 SSL_set_max_send_fragment(c_ssl, max_frag);
2607 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2610 * We've just given our ref to these BIOs to c_ssl. We need another one to
2613 if (!BIO_up_ref(c_to_s)) {
2614 /* c_to_s and s_to_c will get freed when we free c_ssl */
2619 if (!BIO_up_ref(s_to_c)) {
2620 /* s_to_c will get freed when we free c_ssl */
2625 SSL_set_accept_state(s_ssl);
2626 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2628 /* We've used up all our refs to these now */
2632 SSL_set_max_send_fragment(s_ssl, max_frag);
2633 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2639 c_write = 1, s_write = 0;
2641 /* We can always do writes */
2646 i = (int)BIO_pending(s_bio);
2647 if ((i && s_r) || s_w)
2650 i = (int)BIO_pending(c_bio);
2651 if ((i && c_r) || c_w)
2654 if (do_server && debug) {
2655 if (SSL_in_init(s_ssl))
2656 printf("server waiting in SSL_accept - %s\n",
2657 SSL_state_string_long(s_ssl));
2660 if (do_client && debug) {
2661 if (SSL_in_init(c_ssl))
2662 printf("client waiting in SSL_connect - %s\n",
2663 SSL_state_string_long(c_ssl));
2666 if (!do_client && !do_server) {
2667 fprintf(stdout, "ERROR IN STARTUP\n");
2668 ERR_print_errors(bio_err);
2671 if (do_client && !(done & C_DONE)) {
2673 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2674 i = BIO_write(c_bio, cbuf, j);
2678 if (BIO_should_retry(c_bio)) {
2679 if (BIO_should_read(c_bio))
2681 if (BIO_should_write(c_bio))
2684 fprintf(stderr, "ERROR in CLIENT\n");
2686 ERR_print_errors(bio_err);
2689 } else if (i == 0) {
2690 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2694 printf("client wrote %d\n", i);
2699 if (max_frag > 1029)
2700 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2703 i = BIO_read(c_bio, cbuf, bufsiz);
2707 if (BIO_should_retry(c_bio)) {
2708 if (BIO_should_read(c_bio))
2710 if (BIO_should_write(c_bio))
2713 fprintf(stderr, "ERROR in CLIENT\n");
2715 ERR_print_errors(bio_err);
2718 } else if (i == 0) {
2719 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2723 printf("client read %d\n", i);
2732 done = S_DONE | C_DONE;
2738 if (do_server && !(done & S_DONE)) {
2740 i = BIO_read(s_bio, sbuf, bufsiz);
2744 if (BIO_should_retry(s_bio)) {
2745 if (BIO_should_read(s_bio))
2747 if (BIO_should_write(s_bio))
2750 fprintf(stderr, "ERROR in SERVER\n");
2752 ERR_print_errors(bio_err);
2755 } else if (i == 0) {
2756 ERR_print_errors(bio_err);
2758 "SSL SERVER STARTUP FAILED in SSL_read\n");
2762 printf("server read %d\n", i);
2775 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2776 i = BIO_write(s_bio, sbuf, j);
2780 if (BIO_should_retry(s_bio)) {
2781 if (BIO_should_read(s_bio))
2783 if (BIO_should_write(s_bio))
2786 fprintf(stderr, "ERROR in SERVER\n");
2788 ERR_print_errors(bio_err);
2791 } else if (i == 0) {
2792 ERR_print_errors(bio_err);
2794 "SSL SERVER STARTUP FAILED in SSL_write\n");
2798 printf("server wrote %d\n", i);
2804 if (max_frag > 1029)
2805 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2810 if ((done & S_DONE) && (done & C_DONE))
2815 print_details(c_ssl, "DONE: ");
2816 #ifndef OPENSSL_NO_NEXTPROTONEG
2817 if (verify_npn(c_ssl, s_ssl) < 0)
2820 if (verify_serverinfo() < 0) {
2821 fprintf(stderr, "Server info verify error\n");
2824 if (custom_ext_error) {
2825 fprintf(stderr, "Custom extension error\n");
2832 BIO_free_all(c_bio);
2833 BIO_free_all(s_bio);
2837 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2838 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2839 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2840 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2845 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2849 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2853 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2855 fprintf(stderr, "depth=%d error=%d %s\n",
2856 X509_STORE_CTX_get_error_depth(ctx),
2857 X509_STORE_CTX_get_error(ctx), buf);
2862 int i = X509_STORE_CTX_get_error(ctx);
2866 fprintf(stderr, "Error string: %s\n",
2867 X509_verify_cert_error_string(i));
2869 case X509_V_ERR_CERT_NOT_YET_VALID:
2870 case X509_V_ERR_CERT_HAS_EXPIRED:
2871 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2880 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2883 struct app_verify_arg *cb_arg = arg;
2885 if (cb_arg->app_verify) {
2886 char *s = NULL, buf[256];
2887 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2889 printf("In app_verify_callback, allowing cert. ");
2890 printf("Arg is: %s\n", cb_arg->string);
2891 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2892 (void *)ctx, (void *)c);
2894 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2896 printf("cert depth=%d %s\n",
2897 X509_STORE_CTX_get_error_depth(ctx), buf);
2902 ok = X509_verify_cert(ctx);
2907 #ifndef OPENSSL_NO_DH
2909 * These DH parameters have been generated as follows:
2910 * $ openssl dhparam -C -noout 512
2911 * $ openssl dhparam -C -noout 1024
2912 * $ openssl dhparam -C -noout -dsaparam 1024
2913 * (The third function has been renamed to avoid name conflicts.)
2915 static DH *get_dh512(void)
2917 static unsigned char dh512_p[] = {
2918 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2920 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2922 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2924 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2926 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2928 0x02, 0xC5, 0xAE, 0x23,
2930 static unsigned char dh512_g[] = {
2936 if ((dh = DH_new()) == NULL)
2938 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2939 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2940 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2949 static DH *get_dh1024(void)
2951 static unsigned char dh1024_p[] = {
2952 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2954 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2956 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2958 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2960 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2962 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2964 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2966 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2968 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2970 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2972 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2974 static unsigned char dh1024_g[] = {
2980 if ((dh = DH_new()) == NULL)
2982 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2983 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2984 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2993 static DH *get_dh1024dsa(void)
2995 static unsigned char dh1024_p[] = {
2996 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2998 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3000 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3002 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3004 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3006 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3008 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3010 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3012 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3014 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3016 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3018 static unsigned char dh1024_g[] = {
3019 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3021 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3023 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3025 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3027 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3029 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3031 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3033 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3035 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3037 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3039 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3044 if ((dh = DH_new()) == NULL)
3046 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3047 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3048 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3054 DH_set_length(dh, 160);
3059 #ifndef OPENSSL_NO_PSK
3060 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3061 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3062 unsigned int max_psk_len)
3067 ret = BN_hex2bn(&bn, pskkey);
3069 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3074 if (BN_num_bytes(bn) > (int)max_psk_len) {
3076 "psk buffer of callback is too small (%d) for key (%d)\n",
3077 max_psk_len, BN_num_bytes(bn));
3081 ret = BN_bn2bin(bn, psk);
3086 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3088 unsigned int max_identity_len,
3090 unsigned int max_psk_len)
3093 unsigned int psk_len = 0;
3095 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3099 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3101 ret = psk_key2bn(psk_key, psk, max_psk_len);
3109 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3111 unsigned int max_psk_len)
3113 unsigned int psk_len = 0;
3115 if (strcmp(identity, "Client_identity") != 0) {
3116 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3119 psk_len = psk_key2bn(psk_key, psk, max_psk_len);