2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
143 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
144 #define _BSD_SOURCE 1
145 #define _DEFAULT_SOURCE 1
158 #ifdef OPENSSL_SYS_VMS
160 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
162 # define _XOPEN_SOURCE 500
167 #include <openssl/bio.h>
168 #include <openssl/crypto.h>
169 #include <openssl/evp.h>
170 #include <openssl/x509.h>
171 #include <openssl/x509v3.h>
172 #include <openssl/ssl.h>
173 #ifndef OPENSSL_NO_ENGINE
174 # include <openssl/engine.h>
176 #include <openssl/err.h>
177 #include <openssl/rand.h>
178 #ifndef OPENSSL_NO_RSA
179 # include <openssl/rsa.h>
181 #ifndef OPENSSL_NO_DSA
182 # include <openssl/dsa.h>
184 #ifndef OPENSSL_NO_DH
185 # include <openssl/dh.h>
187 #ifndef OPENSSL_NO_SRP
188 # include <openssl/srp.h>
190 #include <openssl/bn.h>
193 * Or gethostname won't be declared properly
194 * on Compaq platforms (at least with DEC C).
195 * Do not try to put it earlier, or IPv6 includes
198 #define _XOPEN_SOURCE_EXTENDED 1
200 #ifdef OPENSSL_SYS_WINDOWS
201 # include <winsock.h>
203 # include OPENSSL_UNISTD
206 #ifdef OPENSSL_SYS_VMS
207 # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
208 # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
209 #elif defined(OPENSSL_SYS_WINCE)
210 # define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
211 # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
212 #elif defined(OPENSSL_SYS_NETWARE)
213 # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
214 # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
216 # define TEST_SERVER_CERT "../apps/server.pem"
217 # define TEST_CLIENT_CERT "../apps/client.pem"
220 static SSL_CTX *s_ctx = NULL;
221 static SSL_CTX *s_ctx2 = NULL;
224 * There is really no standard for this, so let's assign some tentative
225 * numbers. In any case, these numbers are only for this test
230 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
231 #ifndef OPENSSL_NO_RSA
232 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
233 static void free_tmp_rsa(void);
235 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
236 #define APP_CALLBACK_STRING "Test Callback Argument"
237 struct app_verify_arg {
240 int allow_proxy_certs;
245 #ifndef OPENSSL_NO_DH
246 static DH *get_dh512(void);
247 static DH *get_dh1024(void);
248 static DH *get_dh1024dsa(void);
251 static char *psk_key = NULL; /* by default PSK is not used */
252 #ifndef OPENSSL_NO_PSK
253 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
255 unsigned int max_identity_len,
257 unsigned int max_psk_len);
258 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
260 unsigned int max_psk_len);
263 #ifndef OPENSSL_NO_SRP
265 /* This is a context that we pass to all callbacks */
266 typedef struct srp_client_arg_st {
271 # define PWD_STRLEN 1024
273 static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
275 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
276 return BUF_strdup((char *)srp_client_arg->srppassin);
280 /* This is a context that we pass to SRP server callbacks */
281 typedef struct srp_server_arg_st {
286 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
288 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
290 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
291 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
292 return SSL3_AL_FATAL;
294 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
295 *ad = SSL_AD_INTERNAL_ERROR;
296 return SSL3_AL_FATAL;
298 return SSL_ERROR_NONE;
302 static BIO *bio_err = NULL;
303 static BIO *bio_stdout = NULL;
305 static const char *alpn_client;
306 static char *alpn_server;
307 static char *alpn_server2;
308 static const char *alpn_expected;
309 static unsigned char *alpn_selected;
310 static const char *sn_client;
311 static const char *sn_server1;
312 static const char *sn_server2;
313 static int sn_expect = 0;
315 static int servername_cb(SSL *s, int *ad, void *arg)
317 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
318 if (sn_server2 == NULL) {
319 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
320 return SSL_TLSEXT_ERR_NOACK;
323 if (servername != NULL) {
324 if (s_ctx2 != NULL && sn_server2 != NULL &&
325 !strcasecmp(servername, sn_server2)) {
326 BIO_printf(bio_stdout, "Switching server context.\n");
327 SSL_set_SSL_CTX(s, s_ctx2);
330 return SSL_TLSEXT_ERR_OK;
332 static int verify_servername(SSL *client, SSL *server)
334 /* just need to see if sn_context is what we expect */
335 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
338 if (sn_expect == 1 && ctx == s_ctx)
340 if (sn_expect == 2 && ctx == s_ctx2)
342 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
344 BIO_printf(bio_stdout, "Servername: context is 2\n");
345 else if (ctx == s_ctx)
346 BIO_printf(bio_stdout, "Servername: context is 1\n");
348 BIO_printf(bio_stdout, "Servername: context is unknown\n");
353 * next_protos_parse parses a comma separated list of strings into a string
354 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
355 * outlen: (output) set to the length of the resulting buffer on success.
356 * err: (maybe NULL) on failure, an error message line is written to this BIO.
357 * in: a NUL terminated string like "abc,def,ghi"
359 * returns: a malloced buffer or NULL on failure.
361 static unsigned char *next_protos_parse(unsigned short *outlen,
372 out = OPENSSL_malloc(strlen(in) + 1);
376 for (i = 0; i <= len; ++i) {
377 if (i == len || in[i] == ',') {
378 if (i - start > 255) {
382 out[start] = i - start;
392 static int cb_server_alpn(SSL *s, const unsigned char **out,
393 unsigned char *outlen, const unsigned char *in,
394 unsigned int inlen, void *arg)
396 unsigned char *protos;
397 unsigned short protos_len;
398 char* alpn_str = arg;
400 protos = next_protos_parse(&protos_len, alpn_str);
401 if (protos == NULL) {
402 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
407 if (SSL_select_next_proto
408 ((unsigned char **)out, outlen, protos, protos_len, in,
409 inlen) != OPENSSL_NPN_NEGOTIATED) {
410 OPENSSL_free(protos);
411 return SSL_TLSEXT_ERR_NOACK;
415 * Make a copy of the selected protocol which will be freed in
418 alpn_selected = OPENSSL_malloc(*outlen);
419 memcpy(alpn_selected, *out, *outlen);
420 *out = alpn_selected;
422 OPENSSL_free(protos);
423 return SSL_TLSEXT_ERR_OK;
426 static int verify_alpn(SSL *client, SSL *server)
428 const unsigned char *client_proto, *server_proto;
429 unsigned int client_proto_len = 0, server_proto_len = 0;
430 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
431 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
433 if (alpn_selected != NULL) {
434 OPENSSL_free(alpn_selected);
435 alpn_selected = NULL;
438 if (client_proto_len != server_proto_len ||
439 memcmp(client_proto, server_proto, client_proto_len) != 0) {
440 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
444 if (client_proto_len > 0 && alpn_expected == NULL) {
445 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
449 if (alpn_expected != NULL &&
450 (client_proto_len != strlen(alpn_expected) ||
451 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
452 BIO_printf(bio_stdout,
453 "ALPN selected protocols not equal to expected protocol: %s\n",
461 BIO_printf(bio_stdout, "ALPN results: client: '");
462 BIO_write(bio_stdout, client_proto, client_proto_len);
463 BIO_printf(bio_stdout, "', server: '");
464 BIO_write(bio_stdout, server_proto, server_proto_len);
465 BIO_printf(bio_stdout, "'\n");
466 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: ",
468 if (SSL_get_SSL_CTX(server) == s_ctx2) {
469 BIO_printf(bio_stdout, "'%s'\n",
471 } else if (SSL_get_SSL_CTX(server) == s_ctx){
472 BIO_printf(bio_stdout, "'%s'\n",
475 BIO_printf(bio_stdout, "unknown\n");
480 #define SCT_EXT_TYPE 18
483 * WARNING : below extension types are *NOT* IETF assigned, and could
484 * conflict if these types are reassigned and handled specially by OpenSSL
487 #define TACK_EXT_TYPE 62208
488 #define CUSTOM_EXT_TYPE_0 1000
489 #define CUSTOM_EXT_TYPE_1 1001
490 #define CUSTOM_EXT_TYPE_2 1002
491 #define CUSTOM_EXT_TYPE_3 1003
493 const char custom_ext_cli_string[] = "abc";
494 const char custom_ext_srv_string[] = "defg";
496 /* These set from cmdline */
497 char *serverinfo_file = NULL;
498 int serverinfo_sct = 0;
499 int serverinfo_tack = 0;
501 /* These set based on extension callbacks */
502 int serverinfo_sct_seen = 0;
503 int serverinfo_tack_seen = 0;
504 int serverinfo_other_seen = 0;
506 /* This set from cmdline */
509 /* This set based on extension callbacks */
510 int custom_ext_error = 0;
512 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
513 const unsigned char *in, size_t inlen,
516 if (ext_type == SCT_EXT_TYPE)
517 serverinfo_sct_seen++;
518 else if (ext_type == TACK_EXT_TYPE)
519 serverinfo_tack_seen++;
521 serverinfo_other_seen++;
525 static int verify_serverinfo()
527 if (serverinfo_sct != serverinfo_sct_seen)
529 if (serverinfo_tack != serverinfo_tack_seen)
531 if (serverinfo_other_seen)
537 * Four test cases for custom extensions:
538 * 0 - no ClientHello extension or ServerHello response
539 * 1 - ClientHello with "abc", no response
540 * 2 - ClientHello with "abc", empty response
541 * 3 - ClientHello with "abc", "defg" response
544 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
545 const unsigned char **out,
546 size_t *outlen, int *al, void *arg)
548 if (ext_type != CUSTOM_EXT_TYPE_0)
549 custom_ext_error = 1;
550 return 0; /* Don't send an extension */
553 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
554 const unsigned char *in,
555 size_t inlen, int *al, void *arg)
560 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
561 const unsigned char **out,
562 size_t *outlen, int *al, void *arg)
564 if (ext_type != CUSTOM_EXT_TYPE_1)
565 custom_ext_error = 1;
566 *out = (const unsigned char *)custom_ext_cli_string;
567 *outlen = strlen(custom_ext_cli_string);
568 return 1; /* Send "abc" */
571 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
572 const unsigned char *in,
573 size_t inlen, int *al, void *arg)
578 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
579 const unsigned char **out,
580 size_t *outlen, int *al, void *arg)
582 if (ext_type != CUSTOM_EXT_TYPE_2)
583 custom_ext_error = 1;
584 *out = (const unsigned char *)custom_ext_cli_string;
585 *outlen = strlen(custom_ext_cli_string);
586 return 1; /* Send "abc" */
589 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
590 const unsigned char *in,
591 size_t inlen, int *al, void *arg)
593 if (ext_type != CUSTOM_EXT_TYPE_2)
594 custom_ext_error = 1;
596 custom_ext_error = 1; /* Should be empty response */
600 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
601 const unsigned char **out,
602 size_t *outlen, int *al, void *arg)
604 if (ext_type != CUSTOM_EXT_TYPE_3)
605 custom_ext_error = 1;
606 *out = (const unsigned char *)custom_ext_cli_string;
607 *outlen = strlen(custom_ext_cli_string);
608 return 1; /* Send "abc" */
611 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
612 const unsigned char *in,
613 size_t inlen, int *al, void *arg)
615 if (ext_type != CUSTOM_EXT_TYPE_3)
616 custom_ext_error = 1;
617 if (inlen != strlen(custom_ext_srv_string))
618 custom_ext_error = 1;
619 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
620 custom_ext_error = 1; /* Check for "defg" */
625 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
628 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
629 const unsigned char *in,
630 size_t inlen, int *al, void *arg)
632 custom_ext_error = 1;
636 /* 'add' callbacks are only called if the 'parse' callback is called */
637 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
638 const unsigned char **out,
639 size_t *outlen, int *al, void *arg)
641 /* Error: should not have been called */
642 custom_ext_error = 1;
643 return 0; /* Don't send an extension */
646 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
647 const unsigned char *in,
648 size_t inlen, int *al, void *arg)
650 if (ext_type != CUSTOM_EXT_TYPE_1)
651 custom_ext_error = 1;
652 /* Check for "abc" */
653 if (inlen != strlen(custom_ext_cli_string))
654 custom_ext_error = 1;
655 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
656 custom_ext_error = 1;
660 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
661 const unsigned char **out,
662 size_t *outlen, int *al, void *arg)
664 return 0; /* Don't send an extension */
667 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
668 const unsigned char *in,
669 size_t inlen, int *al, void *arg)
671 if (ext_type != CUSTOM_EXT_TYPE_2)
672 custom_ext_error = 1;
673 /* Check for "abc" */
674 if (inlen != strlen(custom_ext_cli_string))
675 custom_ext_error = 1;
676 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
677 custom_ext_error = 1;
681 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
682 const unsigned char **out,
683 size_t *outlen, int *al, void *arg)
687 return 1; /* Send empty extension */
690 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
691 const unsigned char *in,
692 size_t inlen, int *al, void *arg)
694 if (ext_type != CUSTOM_EXT_TYPE_3)
695 custom_ext_error = 1;
696 /* Check for "abc" */
697 if (inlen != strlen(custom_ext_cli_string))
698 custom_ext_error = 1;
699 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
700 custom_ext_error = 1;
704 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
705 const unsigned char **out,
706 size_t *outlen, int *al, void *arg)
708 *out = (const unsigned char *)custom_ext_srv_string;
709 *outlen = strlen(custom_ext_srv_string);
710 return 1; /* Send "defg" */
713 static char *cipher = NULL;
714 static int verbose = 0;
715 static int debug = 0;
719 static int s_nbio = 0;
723 static const char rnd_seed[] =
724 "string to make the random number generator think it has entropy";
726 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
728 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
729 static int do_test_cipherlist(void);
730 static void sv_usage(void)
732 fprintf(stderr, "usage: ssltest [args ...]\n");
733 fprintf(stderr, "\n");
735 fprintf(stderr, "-F - run test in FIPS mode\n");
737 fprintf(stderr, " -server_auth - check server certificate\n");
738 fprintf(stderr, " -client_auth - do client authentication\n");
739 fprintf(stderr, " -proxy - allow proxy certificates\n");
740 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
742 " -proxy_cond <val> - expression to test proxy policy rights\n");
743 fprintf(stderr, " -v - more output\n");
744 fprintf(stderr, " -d - debug output\n");
745 fprintf(stderr, " -reuse - use session-id reuse\n");
746 fprintf(stderr, " -num <val> - number of connections to perform\n");
748 " -bytes <val> - number of bytes to swap between client/server\n");
749 #ifndef OPENSSL_NO_DH
751 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
753 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
755 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
756 fprintf(stderr, " -no_dhe - disable DHE\n");
758 #ifndef OPENSSL_NO_ECDH
759 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
761 #ifndef OPENSSL_NO_PSK
762 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
764 #ifndef OPENSSL_NO_SRP
765 fprintf(stderr, " -srpuser user - SRP username to use\n");
766 fprintf(stderr, " -srppass arg - password for 'user'\n");
768 #ifndef OPENSSL_NO_SSL2
769 fprintf(stderr, " -ssl2 - use SSLv2\n");
771 #ifndef OPENSSL_NO_SSL3_METHOD
772 fprintf(stderr, " -ssl3 - use SSLv3\n");
774 #ifndef OPENSSL_NO_TLS1
775 fprintf(stderr, " -tls1 - use TLSv1\n");
777 #ifndef OPENSSL_NO_DTLS
778 fprintf(stderr, " -dtls1 - use DTLSv1\n");
779 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
781 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
782 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
783 fprintf(stderr, " -cert arg - Server certificate file\n");
785 " -key arg - Server key file (default: same as -cert)\n");
786 fprintf(stderr, " -c_cert arg - Client certificate file\n");
788 " -c_key arg - Client key file (default: same as -c_cert)\n");
789 fprintf(stderr, " -cipher arg - The cipher list\n");
790 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
791 fprintf(stderr, " -f - Test even cases that can't work\n");
793 " -time - measure processor time used by client and server\n");
794 fprintf(stderr, " -zlib - use zlib compression\n");
795 fprintf(stderr, " -rle - use rle compression\n");
796 #ifndef OPENSSL_NO_ECDH
798 " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
799 " Use \"openssl ecparam -list_curves\" for all names\n"
800 " (default is sect163r2).\n");
803 " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
804 " When this option is requested, the cipherlist\n"
805 " tests are run instead of handshake tests.\n");
806 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
807 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
809 " -serverinfo_tack - have client offer and expect TACK\n");
811 " -custom_ext - try various custom extension callbacks\n");
812 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
813 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
814 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
815 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
817 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
818 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
819 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
820 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
821 fprintf(stderr, " -sn_expect1 - expected server 1\n");
822 fprintf(stderr, " -sn_expect2 - expected server 2\n");
825 static void print_details(SSL *c_ssl, const char *prefix)
827 const SSL_CIPHER *ciph;
830 ciph = SSL_get_current_cipher(c_ssl);
831 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
833 SSL_get_version(c_ssl),
834 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
835 cert = SSL_get_peer_certificate(c_ssl);
837 EVP_PKEY *pkey = X509_get_pubkey(cert);
840 #ifndef OPENSSL_NO_RSA
841 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
842 && pkey->pkey.rsa->n != NULL) {
843 BIO_printf(bio_stdout, ", %d bit RSA",
844 BN_num_bits(pkey->pkey.rsa->n));
847 #ifndef OPENSSL_NO_DSA
848 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
849 && pkey->pkey.dsa->p != NULL) {
850 BIO_printf(bio_stdout, ", %d bit DSA",
851 BN_num_bits(pkey->pkey.dsa->p));
859 * The SSL API does not allow us to look at temporary RSA/DH keys,
860 * otherwise we should print their lengths too
862 BIO_printf(bio_stdout, "\n");
865 static void lock_dbg_cb(int mode, int type, const char *file, int line)
867 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
868 const char *errstr = NULL;
871 rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
872 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
873 errstr = "invalid mode";
877 if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
878 errstr = "type out of bounds";
882 if (mode & CRYPTO_LOCK) {
884 errstr = "already locked";
886 * must not happen in a single-threaded program (would deadlock)
892 } else if (mode & CRYPTO_UNLOCK) {
894 errstr = "not locked";
898 if (modes[type] != rw) {
899 errstr = (rw == CRYPTO_READ) ?
900 "CRYPTO_r_unlock on write lock" :
901 "CRYPTO_w_unlock on read lock";
906 errstr = "invalid mode";
912 /* we cannot use bio_err here */
914 "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
915 errstr, mode, type, file, line);
919 #ifdef TLSEXT_TYPE_opaque_prf_input
925 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
926 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
927 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
928 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
930 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
932 struct cb_info_st *arg = arg_;
937 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
943 int main(int argc, char *argv[])
945 char *CApath = NULL, *CAfile = NULL;
949 int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
951 int server_auth = 0, i;
952 struct app_verify_arg app_verify_arg =
953 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
954 char *server_cert = TEST_SERVER_CERT;
955 char *server_key = NULL;
956 char *client_cert = TEST_CLIENT_CERT;
957 char *client_key = NULL;
958 #ifndef OPENSSL_NO_ECDH
959 char *named_curve = NULL;
961 SSL_CTX *c_ctx = NULL;
962 const SSL_METHOD *meth = NULL;
964 int number = 1, reuse = 0;
966 #ifndef OPENSSL_NO_DH
968 int dhe512 = 0, dhe1024dsa = 0;
970 #ifndef OPENSSL_NO_ECDH
973 #ifndef OPENSSL_NO_SRP
975 SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
977 SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
983 clock_t s_time = 0, c_time = 0;
984 #ifndef OPENSSL_NO_COMP
986 COMP_METHOD *cm = NULL;
987 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
989 int test_cipherlist = 0;
999 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
1001 CRYPTO_set_locking_callback(lock_dbg_cb);
1003 /* enable memory leak checking unless explicitly disabled */
1004 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
1005 && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
1006 CRYPTO_malloc_debug_init();
1007 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1009 /* OPENSSL_DEBUG_MEMORY=off */
1010 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1012 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1014 RAND_seed(rnd_seed, sizeof rnd_seed);
1016 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1022 if (!strcmp(*argv, "-F")) {
1027 "not compiled with FIPS support, so exiting without running.\n");
1030 } else if (strcmp(*argv, "-server_auth") == 0)
1032 else if (strcmp(*argv, "-client_auth") == 0)
1034 else if (strcmp(*argv, "-proxy_auth") == 0) {
1037 app_verify_arg.proxy_auth = *(++argv);
1038 } else if (strcmp(*argv, "-proxy_cond") == 0) {
1041 app_verify_arg.proxy_cond = *(++argv);
1042 } else if (strcmp(*argv, "-v") == 0)
1044 else if (strcmp(*argv, "-d") == 0)
1046 else if (strcmp(*argv, "-reuse") == 0)
1048 else if (strcmp(*argv, "-dhe512") == 0) {
1049 #ifndef OPENSSL_NO_DH
1053 "ignoring -dhe512, since I'm compiled without DH\n");
1055 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1056 #ifndef OPENSSL_NO_DH
1060 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1062 } else if (strcmp(*argv, "-no_dhe") == 0)
1064 else if (strcmp(*argv, "-no_ecdhe") == 0)
1066 else if (strcmp(*argv, "-psk") == 0) {
1069 psk_key = *(++argv);
1070 #ifndef OPENSSL_NO_PSK
1071 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1072 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1079 #ifndef OPENSSL_NO_SRP
1080 else if (strcmp(*argv, "-srpuser") == 0) {
1083 srp_server_arg.expected_user = srp_client_arg.srplogin =
1086 } else if (strcmp(*argv, "-srppass") == 0) {
1089 srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
1093 else if (strcmp(*argv, "-ssl2") == 0) {
1094 #ifdef OPENSSL_NO_SSL2
1098 } else if (strcmp(*argv, "-tls1") == 0) {
1099 #ifdef OPENSSL_NO_TLS1
1103 } else if (strcmp(*argv, "-ssl3") == 0) {
1104 #ifdef OPENSSL_NO_SSL3_METHOD
1108 } else if (strcmp(*argv, "-dtls1") == 0) {
1109 #ifdef OPENSSL_NO_DTLS
1113 } else if (strcmp(*argv, "-dtls12") == 0) {
1114 #ifdef OPENSSL_NO_DTLS
1118 } else if (strncmp(*argv, "-num", 4) == 0) {
1121 number = atoi(*(++argv));
1124 } else if (strcmp(*argv, "-bytes") == 0) {
1127 bytes = atol(*(++argv));
1130 i = strlen(argv[0]);
1131 if (argv[0][i - 1] == 'k')
1133 if (argv[0][i - 1] == 'm')
1134 bytes *= 1024L * 1024L;
1135 } else if (strcmp(*argv, "-cert") == 0) {
1138 server_cert = *(++argv);
1139 } else if (strcmp(*argv, "-s_cert") == 0) {
1142 server_cert = *(++argv);
1143 } else if (strcmp(*argv, "-key") == 0) {
1146 server_key = *(++argv);
1147 } else if (strcmp(*argv, "-s_key") == 0) {
1150 server_key = *(++argv);
1151 } else if (strcmp(*argv, "-c_cert") == 0) {
1154 client_cert = *(++argv);
1155 } else if (strcmp(*argv, "-c_key") == 0) {
1158 client_key = *(++argv);
1159 } else if (strcmp(*argv, "-cipher") == 0) {
1163 } else if (strcmp(*argv, "-CApath") == 0) {
1167 } else if (strcmp(*argv, "-CAfile") == 0) {
1171 } else if (strcmp(*argv, "-bio_pair") == 0) {
1173 } else if (strcmp(*argv, "-f") == 0) {
1175 } else if (strcmp(*argv, "-time") == 0) {
1178 #ifndef OPENSSL_NO_COMP
1179 else if (strcmp(*argv, "-zlib") == 0) {
1181 } else if (strcmp(*argv, "-rle") == 0) {
1185 else if (strcmp(*argv, "-named_curve") == 0) {
1188 #ifndef OPENSSL_NO_ECDH
1189 named_curve = *(++argv);
1192 "ignoring -named_curve, since I'm compiled without ECDH\n");
1195 } else if (strcmp(*argv, "-app_verify") == 0) {
1196 app_verify_arg.app_verify = 1;
1197 } else if (strcmp(*argv, "-proxy") == 0) {
1198 app_verify_arg.allow_proxy_certs = 1;
1199 } else if (strcmp(*argv, "-test_cipherlist") == 0) {
1200 test_cipherlist = 1;
1201 } else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1203 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1204 serverinfo_tack = 1;
1205 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1208 serverinfo_file = *(++argv);
1209 } else if (strcmp(*argv, "-custom_ext") == 0) {
1211 } else if (strcmp(*argv, "-alpn_client") == 0) {
1214 alpn_client = *(++argv);
1215 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1216 strcmp(*argv, "-alpn_server1") == 0) {
1219 alpn_server = *(++argv);
1220 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1223 alpn_server2 = *(++argv);
1224 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1227 alpn_expected = *(++argv);
1228 } else if (strcmp(*argv, "-sn_client") == 0) {
1231 sn_client = *(++argv);
1232 } else if (strcmp(*argv, "-sn_server1") == 0) {
1235 sn_server1 = *(++argv);
1236 } else if (strcmp(*argv, "-sn_server2") == 0) {
1239 sn_server2 = *(++argv);
1240 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1242 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1245 fprintf(stderr, "unknown option %s\n", *argv);
1259 * test_cipherlist prevails over protocol switch: we test the cipherlist
1260 * for all enabled protocols.
1262 if (test_cipherlist == 1) {
1264 * ensure that the cipher list are correctly sorted and exit
1266 fprintf(stdout, "Testing cipherlist order only. Ignoring all "
1267 "other options.\n");
1268 if (do_test_cipherlist() == 0)
1274 if (ssl2 + ssl3 + tls1 + dtls1 + dtls12 > 1) {
1275 fprintf(stderr, "At most one of -ssl2, -ssl3, -tls1, -dtls1 or -dtls12 should "
1281 * Testing was requested for a compiled-out protocol (e.g. SSLv2).
1282 * Ideally, we would error out, but the generic test wrapper can't know
1283 * when to expect failure. So we do nothing and return success.
1286 fprintf(stderr, "Testing was requested for a disabled protocol. "
1287 "Skipping tests.\n");
1292 if (!ssl2 && !ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
1293 fprintf(stderr, "This case cannot work. Use -f to perform "
1294 "the test anyway (and\n-d to see what happens), "
1295 "or add one of ssl2, -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
1296 "to avoid protocol mismatch.\n");
1301 if (!FIPS_mode_set(1)) {
1302 ERR_load_crypto_strings();
1303 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
1306 fprintf(stderr, "*** IN FIPS MODE ***\n");
1312 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1315 if (number < 50 && !force)
1317 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1320 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1323 SSL_load_error_strings();
1325 #ifndef OPENSSL_NO_COMP
1326 if (comp == COMP_ZLIB)
1328 if (comp == COMP_RLE)
1331 if (cm->type != NID_undef) {
1332 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1333 fprintf(stderr, "Failed to add compression method\n");
1334 ERR_print_errors_fp(stderr);
1338 "Warning: %s compression not supported\n",
1339 (comp == COMP_RLE ? "rle" :
1340 (comp == COMP_ZLIB ? "zlib" : "unknown")));
1341 ERR_print_errors_fp(stderr);
1344 ssl_comp_methods = SSL_COMP_get_compression_methods();
1345 fprintf(stderr, "Available compression methods:\n");
1347 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
1349 fprintf(stderr, " NONE\n");
1351 for (j = 0; j < n; j++) {
1352 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1353 fprintf(stderr, " %d: %s\n", c->id, c->name);
1359 * At this point, ssl2/ssl3/tls1 is only set if the protocol is
1360 * available. (Otherwise we exit early.) However the compiler doesn't
1361 * know this, so we ifdef.
1363 #ifndef OPENSSL_NO_SSL2
1365 meth = SSLv2_method();
1368 #ifndef OPENSSL_NO_SSL3
1370 meth = SSLv3_method();
1373 #ifndef OPENSSL_NO_DTLS
1375 meth = DTLSv1_method();
1377 meth = DTLSv1_2_method();
1380 #ifndef OPENSSL_NO_TLS1
1382 meth = TLSv1_method();
1385 meth = SSLv23_method();
1387 c_ctx = SSL_CTX_new(meth);
1388 s_ctx = SSL_CTX_new(meth);
1389 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1390 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1391 ERR_print_errors(bio_err);
1395 if (cipher != NULL) {
1396 SSL_CTX_set_cipher_list(c_ctx, cipher);
1397 SSL_CTX_set_cipher_list(s_ctx, cipher);
1398 SSL_CTX_set_cipher_list(s_ctx2, cipher);
1401 #ifndef OPENSSL_NO_DH
1405 * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
1407 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1408 SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_DH_USE);
1409 dh = get_dh1024dsa();
1414 SSL_CTX_set_tmp_dh(s_ctx, dh);
1415 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1422 #ifndef OPENSSL_NO_ECDH
1426 if (named_curve != NULL) {
1427 nid = OBJ_sn2nid(named_curve);
1429 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1433 nid = NID_X9_62_prime256v1;
1436 ecdh = EC_KEY_new_by_curve_name(nid);
1438 BIO_printf(bio_err, "unable to create curve\n");
1442 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1443 SSL_CTX_set_tmp_ecdh(s_ctx2, ecdh);
1444 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1445 SSL_CTX_set_options(s_ctx2, SSL_OP_SINGLE_ECDH_USE);
1452 #ifndef OPENSSL_NO_RSA
1453 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
1454 SSL_CTX_set_tmp_rsa_callback(s_ctx2, tmp_rsa_cb);
1457 #ifdef TLSEXT_TYPE_opaque_prf_input
1458 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
1459 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
1460 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx2, opaque_prf_input_cb);
1461 /* or &co2 or NULL */
1462 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1);
1463 /* or &so2 or NULL */
1464 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1);
1465 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx2, &so1);
1468 if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
1469 ERR_print_errors(bio_err);
1470 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
1471 (server_key ? server_key :
1473 SSL_FILETYPE_PEM)) {
1474 ERR_print_errors(bio_err);
1478 if (!SSL_CTX_use_certificate_file(s_ctx2, server_cert, SSL_FILETYPE_PEM)) {
1479 ERR_print_errors(bio_err);
1480 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx2,
1481 (server_key ? server_key :
1483 SSL_FILETYPE_PEM)) {
1484 ERR_print_errors(bio_err);
1489 SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
1490 SSL_CTX_use_PrivateKey_file(c_ctx,
1491 (client_key ? client_key : client_cert),
1495 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1496 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1497 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1498 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1499 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1500 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1501 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1502 ERR_print_errors(bio_err);
1507 BIO_printf(bio_err, "client authentication\n");
1508 SSL_CTX_set_verify(s_ctx,
1509 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1511 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1513 SSL_CTX_set_verify(s_ctx2,
1514 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1516 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1520 BIO_printf(bio_err, "server authentication\n");
1521 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1522 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1527 int session_id_context = 0;
1528 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1529 sizeof session_id_context);
1530 SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1531 sizeof session_id_context);
1534 /* Use PSK only if PSK key is given */
1535 if (psk_key != NULL) {
1537 * no_psk is used to avoid putting psk command to openssl tool
1541 * if PSK is not compiled in and psk key is given, do nothing and
1547 #ifndef OPENSSL_NO_PSK
1548 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1549 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1550 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1552 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1553 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
1554 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1555 ERR_print_errors(bio_err);
1558 if (!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1559 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx2\n");
1560 ERR_print_errors(bio_err);
1565 #ifndef OPENSSL_NO_SRP
1566 if (srp_client_arg.srplogin) {
1567 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1568 BIO_printf(bio_err, "Unable to set SRP username\n");
1571 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1572 SSL_CTX_set_srp_client_pwd_callback(c_ctx,
1573 ssl_give_srp_client_pwd_cb);
1575 * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
1579 if (srp_server_arg.expected_user != NULL) {
1580 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1581 SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
1582 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1583 SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
1584 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1585 SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
1590 SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
1592 serverinfo_cli_parse_cb, NULL);
1593 if (serverinfo_tack)
1594 SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1596 serverinfo_cli_parse_cb, NULL);
1598 if (serverinfo_file) {
1599 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
1600 BIO_printf(bio_err, "missing serverinfo file\n");
1603 if (!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1604 BIO_printf(bio_err, "missing serverinfo file\n");
1610 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1611 custom_ext_0_cli_add_cb,
1613 custom_ext_0_cli_parse_cb, NULL);
1614 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1615 custom_ext_1_cli_add_cb,
1617 custom_ext_1_cli_parse_cb, NULL);
1618 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1619 custom_ext_2_cli_add_cb,
1621 custom_ext_2_cli_parse_cb, NULL);
1622 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1623 custom_ext_3_cli_add_cb,
1625 custom_ext_3_cli_parse_cb, NULL);
1627 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1628 custom_ext_0_srv_add_cb,
1630 custom_ext_0_srv_parse_cb, NULL);
1631 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1632 custom_ext_1_srv_add_cb,
1634 custom_ext_1_srv_parse_cb, NULL);
1635 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1636 custom_ext_2_srv_add_cb,
1638 custom_ext_2_srv_parse_cb, NULL);
1639 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1640 custom_ext_3_srv_add_cb,
1642 custom_ext_3_srv_parse_cb, NULL);
1644 SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1645 custom_ext_0_srv_add_cb,
1647 custom_ext_0_srv_parse_cb, NULL);
1648 SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1649 custom_ext_1_srv_add_cb,
1651 custom_ext_1_srv_parse_cb, NULL);
1652 SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1653 custom_ext_2_srv_add_cb,
1655 custom_ext_2_srv_parse_cb, NULL);
1656 SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1657 custom_ext_3_srv_add_cb,
1659 custom_ext_3_srv_parse_cb, NULL);
1663 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1665 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1668 unsigned short alpn_len;
1669 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1672 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1675 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
1679 if (sn_server1 || sn_server2)
1680 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1682 c_ssl = SSL_new(c_ctx);
1683 s_ssl = SSL_new(s_ctx);
1686 SSL_set_tlsext_host_name(c_ssl, sn_client);
1688 #ifndef OPENSSL_NO_KRB5
1689 if (c_ssl && c_ssl->kssl_ctx) {
1690 char localhost[MAXHOSTNAMELEN + 2];
1692 if (gethostname(localhost, sizeof localhost - 1) == 0) {
1693 localhost[sizeof localhost - 1] = '\0';
1694 if (strlen(localhost) == sizeof localhost - 1) {
1695 BIO_printf(bio_err, "localhost name too long\n");
1698 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
1701 #endif /* OPENSSL_NO_KRB5 */
1703 for (i = 0; i < number; i++) {
1705 SSL_set_session(c_ssl, NULL);
1707 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1709 ret = doit(s_ssl, c_ssl, bytes);
1713 print_details(c_ssl, "");
1715 if ((number > 1) || (bytes > 1L))
1716 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number,
1719 #ifdef CLOCKS_PER_SEC
1721 * "To determine the time in seconds, the value returned by the clock
1722 * function should be divided by the value of the macro
1723 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1725 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1726 "Approximate total client time: %6.2f s\n",
1727 (double)s_time / CLOCKS_PER_SEC,
1728 (double)c_time / CLOCKS_PER_SEC);
1731 * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
1734 BIO_printf(bio_stdout,
1735 "Approximate total server time: %6.2f units\n"
1736 "Approximate total client time: %6.2f units\n",
1737 (double)s_time, (double)c_time);
1741 if (verify_alpn(c_ssl, s_ssl) < 0)
1743 if (verify_servername(c_ssl, s_ssl) < 0)
1751 SSL_CTX_free(s_ctx);
1753 SSL_CTX_free(s_ctx2);
1755 SSL_CTX_free(c_ctx);
1757 if (bio_stdout != NULL)
1758 BIO_free(bio_stdout);
1760 #ifndef OPENSSL_NO_RSA
1763 #ifndef OPENSSL_NO_ENGINE
1766 CRYPTO_cleanup_all_ex_data();
1768 ERR_remove_thread_state(NULL);
1770 CRYPTO_mem_leaks(bio_err);
1771 if (bio_err != NULL)
1777 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1778 clock_t *s_time, clock_t *c_time)
1780 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1781 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1782 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1785 size_t bufsiz = 256; /* small buffer for testing */
1787 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1789 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1792 s_ssl_bio = BIO_new(BIO_f_ssl());
1796 c_ssl_bio = BIO_new(BIO_f_ssl());
1800 SSL_set_connect_state(c_ssl);
1801 SSL_set_bio(c_ssl, client, client);
1802 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1804 SSL_set_accept_state(s_ssl);
1805 SSL_set_bio(s_ssl, server, server);
1806 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1810 * c_ssl_bio: SSL filter BIO
1812 * client: pseudo-I/O for SSL library
1814 * client_io: client's SSL communication; usually to be
1815 * relayed over some I/O facility, but in this
1816 * test program, we're the server, too:
1818 * server_io: server's SSL communication
1820 * server: pseudo-I/O for SSL library
1822 * s_ssl_bio: SSL filter BIO
1824 * The client and the server each employ a "BIO pair":
1825 * client + client_io, server + server_io.
1826 * BIO pairs are symmetric. A BIO pair behaves similar
1827 * to a non-blocking socketpair (but both endpoints must
1828 * be handled by the same thread).
1829 * [Here we could connect client and server to the ends
1830 * of a single BIO pair, but then this code would be less
1831 * suitable as an example for BIO pairs in general.]
1833 * Useful functions for querying the state of BIO pair endpoints:
1835 * BIO_ctrl_pending(bio) number of bytes we can read now
1836 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1837 * other side's read attempt
1838 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1840 * ..._read_request is never more than ..._write_guarantee;
1841 * it depends on the application which one you should use.
1845 * We have non-blocking behaviour throughout this test program, but
1846 * can be sure that there is *some* progress in each iteration; so we
1847 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1848 * we just try everything in each iteration
1854 MS_STATIC char cbuf[1024 * 8];
1856 clock_t c_clock = clock();
1858 memset(cbuf, 0, sizeof(cbuf));
1861 if (SSL_in_init(c_ssl))
1862 printf("client waiting in SSL_connect - %s\n",
1863 SSL_state_string_long(c_ssl));
1866 /* Write to server. */
1868 if (cw_num > (long)sizeof cbuf)
1872 r = BIO_write(c_ssl_bio, cbuf, i);
1874 if (!BIO_should_retry(c_ssl_bio)) {
1875 fprintf(stderr, "ERROR in CLIENT\n");
1879 * BIO_should_retry(...) can just be ignored here. The
1880 * library expects us to call BIO_write with the same
1881 * arguments again, and that's what we will do in the
1884 } else if (r == 0) {
1885 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1889 printf("client wrote %d\n", r);
1895 /* Read from server. */
1897 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1899 if (!BIO_should_retry(c_ssl_bio)) {
1900 fprintf(stderr, "ERROR in CLIENT\n");
1904 * Again, "BIO_should_retry" can be ignored.
1906 } else if (r == 0) {
1907 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1911 printf("client read %d\n", r);
1917 * c_time and s_time increments will typically be very small
1918 * (depending on machine speed and clock tick intervals), but
1919 * sampling over a large number of connections should result in
1920 * fairly accurate figures. We cannot guarantee a lot, however
1921 * -- if each connection lasts for exactly one clock tick, it
1922 * will be counted only for the client or only for the server or
1925 *c_time += (clock() - c_clock);
1931 MS_STATIC char sbuf[1024 * 8];
1933 clock_t s_clock = clock();
1935 memset(sbuf, 0, sizeof(sbuf));
1938 if (SSL_in_init(s_ssl))
1939 printf("server waiting in SSL_accept - %s\n",
1940 SSL_state_string_long(s_ssl));
1943 /* Write to client. */
1945 if (sw_num > (long)sizeof sbuf)
1949 r = BIO_write(s_ssl_bio, sbuf, i);
1951 if (!BIO_should_retry(s_ssl_bio)) {
1952 fprintf(stderr, "ERROR in SERVER\n");
1955 /* Ignore "BIO_should_retry". */
1956 } else if (r == 0) {
1957 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1961 printf("server wrote %d\n", r);
1967 /* Read from client. */
1969 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
1971 if (!BIO_should_retry(s_ssl_bio)) {
1972 fprintf(stderr, "ERROR in SERVER\n");
1976 } else if (r == 0) {
1977 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1981 printf("server read %d\n", r);
1986 *s_time += (clock() - s_clock);
1990 /* "I/O" BETWEEN CLIENT AND SERVER. */
1993 BIO *io1 = server_io, *io2 = client_io;
1995 * we use the non-copying interface for io1 and the standard
1996 * BIO_write/BIO_read interface for io2
1999 static int prev_progress = 1;
2007 r1 = BIO_ctrl_pending(io1);
2008 r2 = BIO_ctrl_get_write_guarantee(io2);
2016 if (INT_MAX < num) /* yeah, right */
2019 r = BIO_nread(io1, &dataptr, (int)num);
2021 assert(r <= (int)num);
2023 * possibly r < num (non-contiguous data)
2026 r = BIO_write(io2, dataptr, (int)num);
2027 if (r != (int)num) { /* can't happen */
2028 fprintf(stderr, "ERROR: BIO_write could not write "
2029 "BIO_ctrl_get_write_guarantee() bytes");
2035 printf((io1 == client_io) ?
2036 "C->S relaying: %d bytes\n" :
2037 "S->C relaying: %d bytes\n", (int)num);
2047 r1 = BIO_ctrl_pending(io2);
2048 r2 = BIO_ctrl_get_read_request(io1);
2050 * here we could use ..._get_write_guarantee instead of
2051 * ..._get_read_request, but by using the latter we test
2052 * restartability of the SSL implementation more thoroughly
2064 --num; /* test restartability even more thoroughly */
2066 r = BIO_nwrite0(io1, &dataptr);
2070 r = BIO_read(io2, dataptr, (int)num);
2071 if (r != (int)num) { /* can't happen */
2072 fprintf(stderr, "ERROR: BIO_read could not read "
2073 "BIO_ctrl_pending() bytes");
2077 r = BIO_nwrite(io1, &dataptr, (int)num);
2078 if (r != (int)num) { /* can't happen */
2079 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2080 "BIO_nwrite0() bytes");
2085 printf((io2 == client_io) ?
2086 "C->S relaying: %d bytes\n" :
2087 "S->C relaying: %d bytes\n", (int)num);
2089 } /* no loop, BIO_ctrl_get_read_request now
2090 * returns 0 anyway */
2092 if (!progress && !prev_progress)
2093 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2094 fprintf(stderr, "ERROR: got stuck\n");
2095 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) {
2096 fprintf(stderr, "This can happen for SSL2 because "
2097 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
2098 "concurrently ...");
2099 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
2100 && strncmp("2SSV", SSL_state_string(s_ssl),
2102 fprintf(stderr, " ok.\n");
2106 fprintf(stderr, " ERROR.\n");
2109 prev_progress = progress;
2112 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2115 print_details(c_ssl, "DONE via BIO pair: ");
2117 if (verify_serverinfo() < 0) {
2122 if (custom_ext_error) {
2131 ERR_print_errors(bio_err);
2136 BIO_free(server_io);
2140 BIO_free(client_io);
2142 BIO_free(s_ssl_bio);
2144 BIO_free(c_ssl_bio);
2154 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2156 char *cbuf = NULL, *sbuf = NULL;
2158 long cw_num = count, cr_num = count;
2159 long sw_num = count, sr_num = count;
2165 int c_r, c_w, s_r, s_w;
2168 int c_write, s_write;
2169 int do_server = 0, do_client = 0;
2170 int max_frag = 5 * 1024;
2172 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2174 if ((cbuf = OPENSSL_malloc(bufsiz)) == NULL)
2176 if ((sbuf = OPENSSL_malloc(bufsiz)) == NULL)
2179 memset(cbuf, 0, bufsiz);
2180 memset(sbuf, 0, bufsiz);
2182 c_to_s = BIO_new(BIO_s_mem());
2183 s_to_c = BIO_new(BIO_s_mem());
2184 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2185 ERR_print_errors(bio_err);
2189 c_bio = BIO_new(BIO_f_ssl());
2190 s_bio = BIO_new(BIO_f_ssl());
2191 if ((c_bio == NULL) || (s_bio == NULL)) {
2192 ERR_print_errors(bio_err);
2196 SSL_set_connect_state(c_ssl);
2197 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2198 SSL_set_max_send_fragment(c_ssl, max_frag);
2199 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2201 SSL_set_accept_state(s_ssl);
2202 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2203 SSL_set_max_send_fragment(s_ssl, max_frag);
2204 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2210 c_write = 1, s_write = 0;
2212 /* We can always do writes */
2217 i = (int)BIO_pending(s_bio);
2218 if ((i && s_r) || s_w)
2221 i = (int)BIO_pending(c_bio);
2222 if ((i && c_r) || c_w)
2225 if (do_server && debug) {
2226 if (SSL_in_init(s_ssl))
2227 printf("server waiting in SSL_accept - %s\n",
2228 SSL_state_string_long(s_ssl));
2231 printf("server:SSL_write()\n");
2233 printf("server:SSL_read()\n"); */
2236 if (do_client && debug) {
2237 if (SSL_in_init(c_ssl))
2238 printf("client waiting in SSL_connect - %s\n",
2239 SSL_state_string_long(c_ssl));
2242 printf("client:SSL_write()\n");
2244 printf("client:SSL_read()\n"); */
2247 if (!do_client && !do_server) {
2248 fprintf(stdout, "ERROR IN STARTUP\n");
2249 ERR_print_errors(bio_err);
2252 if (do_client && !(done & C_DONE)) {
2254 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2255 i = BIO_write(c_bio, cbuf, j);
2259 if (BIO_should_retry(c_bio)) {
2260 if (BIO_should_read(c_bio))
2262 if (BIO_should_write(c_bio))
2265 fprintf(stderr, "ERROR in CLIENT\n");
2266 ERR_print_errors(bio_err);
2269 } else if (i == 0) {
2270 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2274 printf("client wrote %d\n", i);
2279 if (max_frag > 1029)
2280 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2283 i = BIO_read(c_bio, cbuf, bufsiz);
2287 if (BIO_should_retry(c_bio)) {
2288 if (BIO_should_read(c_bio))
2290 if (BIO_should_write(c_bio))
2293 fprintf(stderr, "ERROR in CLIENT\n");
2294 ERR_print_errors(bio_err);
2297 } else if (i == 0) {
2298 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2302 printf("client read %d\n", i);
2311 done = S_DONE | C_DONE;
2317 if (do_server && !(done & S_DONE)) {
2319 i = BIO_read(s_bio, sbuf, bufsiz);
2323 if (BIO_should_retry(s_bio)) {
2324 if (BIO_should_read(s_bio))
2326 if (BIO_should_write(s_bio))
2329 fprintf(stderr, "ERROR in SERVER\n");
2330 ERR_print_errors(bio_err);
2333 } else if (i == 0) {
2334 ERR_print_errors(bio_err);
2336 "SSL SERVER STARTUP FAILED in SSL_read\n");
2340 printf("server read %d\n", i);
2353 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2354 i = BIO_write(s_bio, sbuf, j);
2358 if (BIO_should_retry(s_bio)) {
2359 if (BIO_should_read(s_bio))
2361 if (BIO_should_write(s_bio))
2364 fprintf(stderr, "ERROR in SERVER\n");
2365 ERR_print_errors(bio_err);
2368 } else if (i == 0) {
2369 ERR_print_errors(bio_err);
2371 "SSL SERVER STARTUP FAILED in SSL_write\n");
2375 printf("server wrote %d\n", i);
2381 if (max_frag > 1029)
2382 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2387 if ((done & S_DONE) && (done & C_DONE))
2392 print_details(c_ssl, "DONE: ");
2393 if (verify_serverinfo() < 0) {
2397 if (custom_ext_error) {
2404 * We have to set the BIO's to NULL otherwise they will be
2405 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
2406 * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
2407 * c_ssl are sharing the same BIO structure and SSL_set_bio() and
2408 * SSL_free() automatically BIO_free non NULL entries. You should not
2409 * normally do this or be required to do this
2411 if (s_ssl != NULL) {
2415 if (c_ssl != NULL) {
2425 BIO_free_all(c_bio);
2427 BIO_free_all(s_bio);
2437 static int get_proxy_auth_ex_data_idx(void)
2439 static volatile int idx = -1;
2441 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2443 idx = X509_STORE_CTX_get_ex_new_index(0,
2444 "SSLtest for verify callback",
2447 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2452 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
2456 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
2460 fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
2462 fprintf(stderr, "depth=%d error=%d %s\n",
2463 ctx->error_depth, ctx->error, buf);
2468 fprintf(stderr, "Error string: %s\n",
2469 X509_verify_cert_error_string(ctx->error));
2470 switch (ctx->error) {
2471 case X509_V_ERR_CERT_NOT_YET_VALID:
2472 case X509_V_ERR_CERT_HAS_EXPIRED:
2473 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2474 fprintf(stderr, " ... ignored.\n");
2480 X509 *xs = ctx->current_cert;
2482 X509 *xi = ctx->current_issuer;
2485 if (xs->ex_flags & EXFLAG_PROXY) {
2486 unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
2487 get_proxy_auth_ex_data_idx
2493 PROXY_CERT_INFO_EXTENSION *pci =
2494 X509_get_ext_d2i(xs, NID_proxyCertInfo,
2497 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
2498 case NID_Independent:
2500 * Completely meaningless in this program, as there's no
2501 * way to grant explicit rights to a specific PrC.
2502 * Basically, using id-ppl-Independent is the perfect way
2503 * to grant no rights at all.
2505 fprintf(stderr, " Independent proxy certificate");
2506 for (i = 0; i < 26; i++)
2509 case NID_id_ppl_inheritAll:
2511 * This is basically a NOP, we simply let the current
2512 * rights stand as they are.
2514 fprintf(stderr, " Proxy certificate inherits all");
2518 pci->proxyPolicy->policy->data;
2519 i = pci->proxyPolicy->policy->length;
2522 * The algorithm works as follows: it is assumed that
2523 * previous iterations or the initial granted rights has
2524 * already set some elements of `letters'. What we need
2525 * to do is to clear those that weren't granted by the
2526 * current PrC as well. The easiest way to do this is to
2527 * add 1 to all the elements whose letters are given with
2528 * the current policy. That way, all elements that are
2529 * set by the current policy and were already set by
2530 * earlier policies and through the original grant of
2531 * rights will get the value 2 or higher. The last thing
2532 * to do is to sweep through `letters' and keep the
2533 * elements having the value 2 as set, and clear all the
2537 fprintf(stderr, " Certificate proxy rights = %*.*s", i,
2541 if (isascii(c) && isalpha(c)) {
2547 for (i = 0; i < 26; i++)
2555 fprintf(stderr, ", resulting proxy rights = ");
2556 for (i = 0; i < 26; i++)
2558 fprintf(stderr, "%c", i + 'A');
2562 fprintf(stderr, "none");
2563 fprintf(stderr, "\n");
2565 PROXY_CERT_INFO_EXTENSION_free(pci);
2573 static void process_proxy_debug(int indent, const char *format, ...)
2576 static const char indentation[] =
2577 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2578 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
2579 char my_format[256];
2582 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2583 indent, indent, indentation, format);
2585 va_start(args, format);
2586 vfprintf(stderr, my_format, args);
2596 static int process_proxy_cond_adders(unsigned int letters[26],
2597 const char *cond, const char **cond_end,
2598 int *pos, int indent);
2599 static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
2600 const char **cond_end, int *pos, int indent)
2606 while (isspace((int)*cond)) {
2613 process_proxy_debug(indent,
2614 "Start process_proxy_cond_val at position %d: %s\n",
2621 while (isspace((int)*cond)) {
2631 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2636 while (isspace((int)*cond)) {
2643 "Weird condition character in position %d: "
2650 } else if (isascii(c) && isalpha(c)) {
2653 ok = letters[c - 'A'];
2658 "Weird condition character in position %d: " "%c\n", *pos, c);
2664 if (ok >= 0 && negate)
2668 process_proxy_debug(indent,
2669 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2675 static int process_proxy_cond_multipliers(unsigned int letters[26],
2677 const char **cond_end, int *pos,
2684 process_proxy_debug(indent,
2685 "Start process_proxy_cond_multipliers at position %d: %s\n",
2688 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2694 while (isspace((int)*cond)) {
2708 ok = process_proxy_cond_val(letters,
2709 cond, cond_end, pos, indent + 1);
2722 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2734 process_proxy_debug(indent,
2735 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2742 static int process_proxy_cond_adders(unsigned int letters[26],
2743 const char *cond, const char **cond_end,
2744 int *pos, int indent)
2750 process_proxy_debug(indent,
2751 "Start process_proxy_cond_adders at position %d: %s\n",
2754 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2761 while (isspace((int)*cond)) {
2774 ok = process_proxy_cond_multipliers(letters,
2775 cond, cond_end, pos,
2786 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2798 process_proxy_debug(indent,
2799 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2806 static int process_proxy_cond(unsigned int letters[26],
2807 const char *cond, const char **cond_end)
2810 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
2813 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2816 struct app_verify_arg *cb_arg = arg;
2817 unsigned int letters[26]; /* only used with proxy_auth */
2819 if (cb_arg->app_verify) {
2820 char *s = NULL, buf[256];
2822 fprintf(stderr, "In app_verify_callback, allowing cert. ");
2823 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
2825 "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2826 (void *)ctx, (void *)ctx->cert);
2828 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
2830 fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
2834 if (cb_arg->proxy_auth) {
2835 int found_any = 0, i;
2838 for (i = 0; i < 26; i++)
2840 for (sp = cb_arg->proxy_auth; *sp; sp++) {
2842 if (isascii(c) && isalpha(c)) {
2845 letters[c - 'A'] = 1;
2849 fprintf(stderr, " Initial proxy rights = ");
2850 for (i = 0; i < 26; i++)
2852 fprintf(stderr, "%c", i + 'A');
2856 fprintf(stderr, "none");
2857 fprintf(stderr, "\n");
2859 X509_STORE_CTX_set_ex_data(ctx,
2860 get_proxy_auth_ex_data_idx(), letters);
2862 if (cb_arg->allow_proxy_certs) {
2863 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
2865 #ifndef OPENSSL_NO_X509_VERIFY
2866 ok = X509_verify_cert(ctx);
2869 if (cb_arg->proxy_auth) {
2871 const char *cond_end = NULL;
2873 ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
2879 "Stopped processing condition before it's end.\n");
2884 "Proxy rights check with condition '%s' proved invalid\n",
2885 cb_arg->proxy_cond);
2888 "Proxy rights check with condition '%s' proved valid\n",
2889 cb_arg->proxy_cond);
2895 #ifndef OPENSSL_NO_RSA
2896 static RSA *rsa_tmp = NULL;
2898 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2901 if (rsa_tmp == NULL) {
2903 rsa_tmp = RSA_new();
2904 if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
2905 BIO_printf(bio_err, "Memory error...");
2908 BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
2909 (void)BIO_flush(bio_err);
2910 if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2911 BIO_printf(bio_err, "Error generating key.");
2916 BIO_printf(bio_err, "\n");
2917 (void)BIO_flush(bio_err);
2924 static void free_tmp_rsa(void)
2926 if (rsa_tmp != NULL) {
2933 #ifndef OPENSSL_NO_DH
2935 * These DH parameters have been generated as follows:
2936 * $ openssl dhparam -C -noout 512
2937 * $ openssl dhparam -C -noout 1024
2938 * $ openssl dhparam -C -noout -dsaparam 1024
2939 * (The third function has been renamed to avoid name conflicts.)
2941 static DH *get_dh512()
2943 static unsigned char dh512_p[] = {
2944 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2946 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2948 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2950 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2952 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2954 0x02, 0xC5, 0xAE, 0x23,
2956 static unsigned char dh512_g[] = {
2961 if ((dh = DH_new()) == NULL)
2963 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2964 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2965 if ((dh->p == NULL) || (dh->g == NULL)) {
2972 static DH *get_dh1024()
2974 static unsigned char dh1024_p[] = {
2975 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2977 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2979 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2981 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2983 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2985 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2987 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2989 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2991 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2993 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2995 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2997 static unsigned char dh1024_g[] = {
3002 if ((dh = DH_new()) == NULL)
3004 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3005 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3006 if ((dh->p == NULL) || (dh->g == NULL)) {
3013 static DH *get_dh1024dsa()
3015 static unsigned char dh1024_p[] = {
3016 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
3018 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3020 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3022 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3024 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3026 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3028 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3030 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3032 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3034 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3036 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3038 static unsigned char dh1024_g[] = {
3039 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3041 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3043 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3045 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3047 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3049 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3051 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3053 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3055 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3057 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3059 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3063 if ((dh = DH_new()) == NULL)
3065 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3066 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3067 if ((dh->p == NULL) || (dh->g == NULL)) {
3076 #ifndef OPENSSL_NO_PSK
3077 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3078 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3079 unsigned int max_psk_len)
3084 ret = BN_hex2bn(&bn, pskkey);
3086 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3092 if (BN_num_bytes(bn) > (int)max_psk_len) {
3094 "psk buffer of callback is too small (%d) for key (%d)\n",
3095 max_psk_len, BN_num_bytes(bn));
3099 ret = BN_bn2bin(bn, psk);
3104 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3106 unsigned int max_identity_len,
3108 unsigned int max_psk_len)
3111 unsigned int psk_len = 0;
3113 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3117 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3119 ret = psk_key2bn(psk_key, psk, max_psk_len);
3127 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3129 unsigned int max_psk_len)
3131 unsigned int psk_len = 0;
3133 if (strcmp(identity, "Client_identity") != 0) {
3134 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3137 psk_len = psk_key2bn(psk_key, psk, max_psk_len);
3142 static int do_test_cipherlist(void)
3145 const SSL_METHOD *meth;
3146 const SSL_CIPHER *ci, *tci = NULL;
3148 #ifndef OPENSSL_NO_SSL2
3149 fprintf(stderr, "testing SSLv2 cipher list order: ");
3150 meth = SSLv2_method();
3151 while ((ci = meth->get_cipher(i++)) != NULL) {
3153 if (ci->id >= tci->id) {
3154 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3159 fprintf(stderr, "ok\n");
3161 #ifndef OPENSSL_NO_SSL3
3162 fprintf(stderr, "testing SSLv3 cipher list order: ");
3163 meth = SSLv3_method();
3165 while ((ci = meth->get_cipher(i++)) != NULL) {
3167 if (ci->id >= tci->id) {
3168 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3173 fprintf(stderr, "ok\n");
3175 #ifndef OPENSSL_NO_TLS1
3176 fprintf(stderr, "testing TLSv1 cipher list order: ");
3177 meth = TLSv1_method();
3179 while ((ci = meth->get_cipher(i++)) != NULL) {
3181 if (ci->id >= tci->id) {
3182 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3187 fprintf(stderr, "ok\n");