+ if (custom_ext) {
+ if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_cli_add_cb,
+ NULL, NULL,
+ custom_ext_0_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_cli_add_cb,
+ NULL, NULL,
+ custom_ext_1_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_cli_add_cb,
+ NULL, NULL,
+ custom_ext_2_cli_parse_cb, NULL)
+ || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_cli_add_cb,
+ NULL, NULL,
+ custom_ext_3_cli_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_srv_add_cb,
+ NULL, NULL,
+ custom_ext_0_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
+ custom_ext_0_srv_add_cb,
+ NULL, NULL,
+ custom_ext_0_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_srv_add_cb,
+ NULL, NULL,
+ custom_ext_1_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
+ custom_ext_1_srv_add_cb,
+ NULL, NULL,
+ custom_ext_1_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_srv_add_cb,
+ NULL, NULL,
+ custom_ext_2_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
+ custom_ext_2_srv_add_cb,
+ NULL, NULL,
+ custom_ext_2_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_srv_add_cb,
+ NULL, NULL,
+ custom_ext_3_srv_parse_cb, NULL)
+ || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
+ custom_ext_3_srv_add_cb,
+ NULL, NULL,
+ custom_ext_3_srv_parse_cb, NULL)) {
+ BIO_printf(bio_err, "Error setting custom extensions\n");
+ goto end;
+ }
+ }
+
+ if (alpn_server)
+ SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
+ if (alpn_server2)
+ SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
+
+ if (alpn_client) {
+ size_t alpn_len;
+ unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
+
+ if (alpn == NULL) {
+ BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
+ goto end;
+ }
+ /* Returns 0 on success!! */
+ if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
+ BIO_printf(bio_err, "Error setting ALPN\n");
+ OPENSSL_free(alpn);
+ goto end;
+ }
+ OPENSSL_free(alpn);
+ }
+
+ if (sn_server1 != NULL || sn_server2 != NULL)
+ SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
+
+ c_ssl = SSL_new(c_ctx);
+ s_ssl = SSL_new(s_ctx);
+
+ if (sn_client)
+ SSL_set_tlsext_host_name(c_ssl, sn_client);
+
+ if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
+ goto end;
+ if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
+ goto end;
+
+ BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
+ for (i = 0; i < number; i++) {
+ if (!reuse) {
+ if (!SSL_set_session(c_ssl, NULL)) {
+ BIO_printf(bio_err, "Failed to set session\n");
+ goto end;
+ }
+ }
+ switch (bio_type) {
+ case BIO_MEM:
+ ret = doit(s_ssl, c_ssl, bytes);
+ break;
+ case BIO_PAIR:
+ ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
+ break;
+ case BIO_IPV4:
+ ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
+ bytes, &s_time, &c_time);
+ break;
+ case BIO_IPV6:
+ ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
+ bytes, &s_time, &c_time);
+ break;
+ }
+ if (ret) break;
+ }
+
+ if (should_negotiate && ret == 0 &&
+ strcmp(should_negotiate, "fail-server") != 0 &&
+ strcmp(should_negotiate, "fail-client") != 0) {
+ int version = protocol_from_string(should_negotiate);
+ if (version < 0) {
+ BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
+ ret = 1;
+ goto err;
+ }
+ if (SSL_version(c_ssl) != version) {
+ BIO_printf(bio_err, "Unxpected version negotiated. "
+ "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
+ ret = 1;
+ goto err;
+ }
+ }
+
+ if (!verbose) {
+ print_details(c_ssl, "");
+ }
+ if (print_time) {
+#ifdef CLOCKS_PER_SEC
+ /*
+ * "To determine the time in seconds, the value returned by the clock
+ * function should be divided by the value of the macro
+ * CLOCKS_PER_SEC." -- ISO/IEC 9899
+ */
+ BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
+ "Approximate total client time: %6.2f s\n",
+ (double)s_time / CLOCKS_PER_SEC,
+ (double)c_time / CLOCKS_PER_SEC);
+#else
+ BIO_printf(bio_stdout,
+ "Approximate total server time: %6.2f units\n"
+ "Approximate total client time: %6.2f units\n",
+ (double)s_time, (double)c_time);
+#endif
+ }
+
+ err:
+ SSL_free(s_ssl);
+ SSL_free(c_ssl);
+
+ end:
+ SSL_CTX_free(s_ctx);
+ SSL_CTX_free(s_ctx2);
+ SSL_CTX_free(c_ctx);
+ SSL_CONF_CTX_free(s_cctx);
+ SSL_CONF_CTX_free(s_cctx2);
+ SSL_CONF_CTX_free(c_cctx);
+ sk_OPENSSL_STRING_free(conf_args);
+
+ BIO_free(bio_stdout);
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+ if (CRYPTO_mem_leaks(bio_err) <= 0)
+ ret = 1;
+#endif
+ BIO_free(bio_err);
+ EXIT(ret);
+}
+
+int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
+ clock_t *s_time, clock_t *c_time)
+{
+ long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+ BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+ BIO *acpt = NULL, *server = NULL, *client = NULL;
+ char addr_str[40];
+ int ret = 1;
+ int err_in_client = 0;
+ int err_in_server = 0;
+
+ acpt = BIO_new_accept("0");
+ if (acpt == NULL)
+ goto err;
+ BIO_set_accept_ip_family(acpt, family);
+ BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
+ if (BIO_do_accept(acpt) <= 0)
+ goto err;
+
+ BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
+
+ client = BIO_new_connect(addr_str);
+ BIO_set_conn_ip_family(client, family);
+ if (!client)
+ goto err;
+
+ if (BIO_set_nbio(client, 1) <= 0)
+ goto err;
+ if (BIO_set_nbio(acpt, 1) <= 0)
+ goto err;
+
+ {
+ int st_connect = 0, st_accept = 0;
+
+ while(!st_connect || !st_accept) {
+ if (!st_connect) {
+ if (BIO_do_connect(client) <= 0) {
+ if (!BIO_should_retry(client))
+ goto err;
+ } else {
+ st_connect = 1;
+ }
+ }
+ if (!st_accept) {
+ if (BIO_do_accept(acpt) <= 0) {
+ if (!BIO_should_retry(acpt))
+ goto err;
+ } else {
+ st_accept = 1;
+ }
+ }
+ }
+ }
+ /* We're not interested in accepting further connects */
+ server = BIO_pop(acpt);
+ BIO_free_all(acpt);
+ acpt = NULL;
+
+ s_ssl_bio = BIO_new(BIO_f_ssl());
+ if (!s_ssl_bio)
+ goto err;
+
+ c_ssl_bio = BIO_new(BIO_f_ssl());
+ if (!c_ssl_bio)
+ goto err;
+
+ SSL_set_connect_state(c_ssl);
+ SSL_set_bio(c_ssl, client, client);
+ (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+ SSL_set_accept_state(s_ssl);
+ SSL_set_bio(s_ssl, server, server);
+ (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+ do {
+ /*-
+ * c_ssl_bio: SSL filter BIO
+ *
+ * client: I/O for SSL library
+ *
+ *
+ * server: I/O for SSL library
+ *
+ * s_ssl_bio: SSL filter BIO
+ */
+
+ /*
+ * We have non-blocking behaviour throughout this test program, but
+ * can be sure that there is *some* progress in each iteration; so we
+ * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
+ * we just try everything in each iteration
+ */
+
+ {
+ /* CLIENT */
+
+ char cbuf[1024 * 8];
+ int i, r;
+ clock_t c_clock = clock();
+
+ memset(cbuf, 0, sizeof(cbuf));
+
+ if (debug)
+ if (SSL_in_init(c_ssl))
+ printf("client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
+
+ if (cw_num > 0) {
+ /* Write to server. */
+
+ if (cw_num > (long)sizeof cbuf)
+ i = sizeof cbuf;
+ else
+ i = (int)cw_num;
+ r = BIO_write(c_ssl_bio, cbuf, i);
+ if (r < 0) {
+ if (!BIO_should_retry(c_ssl_bio)) {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
+ goto err;
+ }
+ /*
+ * BIO_should_retry(...) can just be ignored here. The
+ * library expects us to call BIO_write with the same
+ * arguments again, and that's what we will do in the
+ * next iteration.
+ */
+ } else if (r == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("client wrote %d\n", r);
+ cw_num -= r;
+ }
+ }
+
+ if (cr_num > 0) {
+ /* Read from server. */
+
+ r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+ if (r < 0) {
+ if (!BIO_should_retry(c_ssl_bio)) {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ err_in_client = 1;
+ goto err;
+ }
+ /*
+ * Again, "BIO_should_retry" can be ignored.
+ */
+ } else if (r == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("client read %d\n", r);
+ cr_num -= r;
+ }
+ }
+
+ /*
+ * c_time and s_time increments will typically be very small
+ * (depending on machine speed and clock tick intervals), but
+ * sampling over a large number of connections should result in
+ * fairly accurate figures. We cannot guarantee a lot, however
+ * -- if each connection lasts for exactly one clock tick, it
+ * will be counted only for the client or only for the server or
+ * even not at all.
+ */
+ *c_time += (clock() - c_clock);