2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
143 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
144 on Linux and GNU platforms. */
157 #ifdef OPENSSL_SYS_VMS
158 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
159 VMS (at least with DECompHP C). */
164 #include <openssl/bio.h>
165 #include <openssl/crypto.h>
166 #include <openssl/evp.h>
167 #include <openssl/x509.h>
168 #include <openssl/x509v3.h>
169 #include <openssl/ssl.h>
170 #ifndef OPENSSL_NO_ENGINE
171 #include <openssl/engine.h>
173 #include <openssl/err.h>
174 #include <openssl/rand.h>
175 #ifndef OPENSSL_NO_RSA
176 #include <openssl/rsa.h>
178 #ifndef OPENSSL_NO_DSA
179 #include <openssl/dsa.h>
181 #ifndef OPENSSL_NO_DH
182 #include <openssl/dh.h>
184 #ifndef OPENSSL_NO_SRP
185 #include <openssl/srp.h>
187 #include <openssl/bn.h>
189 #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
190 on Compaq platforms (at least with DEC C).
191 Do not try to put it earlier, or IPv6 includes
195 #ifdef OPENSSL_SYS_WINDOWS
198 #include OPENSSL_UNISTD
201 #ifdef OPENSSL_SYS_VMS
202 # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
203 # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
204 #elif defined(OPENSSL_SYS_WINCE)
205 # define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
206 # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
207 #elif defined(OPENSSL_SYS_NETWARE)
208 # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
209 # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
211 # define TEST_SERVER_CERT "../apps/server.pem"
212 # define TEST_CLIENT_CERT "../apps/client.pem"
215 /* There is really no standard for this, so let's assign some tentative
216 numbers. In any case, these numbers are only for this test */
220 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
221 #ifndef OPENSSL_NO_RSA
222 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
223 static void free_tmp_rsa(void);
225 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
226 #define APP_CALLBACK_STRING "Test Callback Argument"
227 struct app_verify_arg
231 int allow_proxy_certs;
236 #ifndef OPENSSL_NO_DH
237 static DH *get_dh512(void);
238 static DH *get_dh1024(void);
239 static DH *get_dh1024dsa(void);
243 static char *psk_key=NULL; /* by default PSK is not used */
244 #ifndef OPENSSL_NO_PSK
245 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
246 unsigned int max_identity_len, unsigned char *psk,
247 unsigned int max_psk_len);
248 static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
249 unsigned int max_psk_len);
252 #ifndef OPENSSL_NO_SRP
254 /* This is a context that we pass to all callbacks */
255 typedef struct srp_client_arg_st
261 #define PWD_STRLEN 1024
263 static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
265 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
266 return BUF_strdup((char *)srp_client_arg->srppassin);
270 /* This is a context that we pass to SRP server callbacks */
271 typedef struct srp_server_arg_st
277 static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
279 SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg;
281 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0)
283 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
284 return SSL3_AL_FATAL;
286 if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0)
288 *ad = SSL_AD_INTERNAL_ERROR;
289 return SSL3_AL_FATAL;
291 return SSL_ERROR_NONE;
295 static BIO *bio_err=NULL;
296 static BIO *bio_stdout=NULL;
298 #ifndef OPENSSL_NO_NPN
299 /* Note that this code assumes that this is only a one element list: */
300 static const char NEXT_PROTO_STRING[] = "\x09testproto";
303 int npn_server_reject = 0;
305 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
307 /* This callback only returns the protocol string, rather than a length
308 prefixed set. We assume that NEXT_PROTO_STRING is a one element list and
309 remove the first byte to chop off the length prefix. */
310 *out = (unsigned char*) NEXT_PROTO_STRING + 1;
311 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
312 return SSL_TLSEXT_ERR_OK;
315 static int cb_server_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
317 *data = (const unsigned char *) NEXT_PROTO_STRING;
318 *len = sizeof(NEXT_PROTO_STRING) - 1;
319 return SSL_TLSEXT_ERR_OK;
322 static int cb_server_rejects_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
324 return SSL_TLSEXT_ERR_NOACK;
327 static int verify_npn(SSL *client, SSL *server)
329 const unsigned char *client_s;
331 const unsigned char *server_s;
334 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
335 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
339 BIO_printf(bio_stdout, "Client NPN: ");
340 BIO_write(bio_stdout, client_s, client_len);
341 BIO_printf(bio_stdout, "\n");
346 BIO_printf(bio_stdout, "Server NPN: ");
347 BIO_write(bio_stdout, server_s, server_len);
348 BIO_printf(bio_stdout, "\n");
351 /* If an NPN string was returned, it must be the protocol that we
352 * expected to negotiate. */
353 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
354 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
356 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
357 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
360 if (!npn_client && client_len)
362 if (!npn_server && server_len)
364 if (npn_server_reject && server_len)
366 if (npn_client && npn_server && (!client_len || !server_len))
373 static const char *alpn_client;
374 static const char *alpn_server;
375 static const char *alpn_expected;
376 static unsigned char *alpn_selected;
378 /* next_protos_parse parses a comma separated list of strings into a string
379 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
380 * outlen: (output) set to the length of the resulting buffer on success.
381 * err: (maybe NULL) on failure, an error message line is written to this BIO.
382 * in: a NUL termianted string like "abc,def,ghi"
384 * returns: a malloced buffer or NULL on failure.
386 static unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
396 out = OPENSSL_malloc(strlen(in) + 1);
400 for (i = 0; i <= len; ++i)
402 if (i == len || in[i] == ',')
409 out[start] = i - start;
420 static int cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
422 unsigned char *protos;
423 unsigned short protos_len;
425 protos = next_protos_parse(&protos_len, alpn_server);
428 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", alpn_server);
432 if (SSL_select_next_proto((unsigned char**) out, outlen, protos, protos_len, in, inlen) !=
433 OPENSSL_NPN_NEGOTIATED)
435 OPENSSL_free(protos);
436 return SSL_TLSEXT_ERR_NOACK;
439 /* Make a copy of the selected protocol which will be freed in verify_alpn. */
440 alpn_selected = OPENSSL_malloc(*outlen);
441 memcpy(alpn_selected, *out, *outlen);
442 *out = alpn_selected;
444 OPENSSL_free(protos);
445 return SSL_TLSEXT_ERR_OK;
448 static int verify_alpn(SSL *client, SSL *server)
450 const unsigned char *client_proto, *server_proto;
451 unsigned int client_proto_len = 0, server_proto_len = 0;
452 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
453 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
455 if (alpn_selected != NULL)
457 OPENSSL_free(alpn_selected);
458 alpn_selected = NULL;
461 if (client_proto_len != server_proto_len ||
462 memcmp(client_proto, server_proto, client_proto_len) != 0)
464 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
468 if (client_proto_len > 0 && alpn_expected == NULL)
470 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
474 if (alpn_expected != NULL &&
475 (client_proto_len != strlen(alpn_expected) ||
476 memcmp(client_proto, alpn_expected, client_proto_len) != 0))
478 BIO_printf(bio_stdout, "ALPN selected protocols not equal to expected protocol: %s\n", alpn_expected);
485 BIO_printf(bio_stdout, "ALPN results: client: '");
486 BIO_write(bio_stdout, client_proto, client_proto_len);
487 BIO_printf(bio_stdout, "', server: '");
488 BIO_write(bio_stdout, server_proto, server_proto_len);
489 BIO_printf(bio_stdout, "'\n");
490 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", alpn_client, alpn_server);
494 #define SCT_EXT_TYPE 18
496 /* WARNING : below extension types are *NOT* IETF assigned, and
497 could conflict if these types are reassigned and handled
498 specially by OpenSSL in the future */
499 #define TACK_EXT_TYPE 62208
500 #define CUSTOM_EXT_TYPE_0 1000
501 #define CUSTOM_EXT_TYPE_1 1001
502 #define CUSTOM_EXT_TYPE_2 1002
503 #define CUSTOM_EXT_TYPE_3 1003
505 const char custom_ext_cli_string[] = "abc";
506 const char custom_ext_srv_string[] = "defg";
508 /* These set from cmdline */
509 char* serverinfo_file = NULL;
510 int serverinfo_sct = 0;
511 int serverinfo_tack = 0;
513 /* These set based on extension callbacks */
514 int serverinfo_sct_seen = 0;
515 int serverinfo_tack_seen = 0;
516 int serverinfo_other_seen = 0;
518 /* This set from cmdline */
521 /* This set based on extension callbacks */
522 int custom_ext_error = 0;
524 /* Not IETF assigned supplemental data types */
525 #define CUSTOM_SUPP_DATA_TYPE_0 100
526 #define CUSTOM_SUPP_DATA_TYPE_1 101
527 #define CUSTOM_SUPP_DATA_TYPE_2 102
529 const char supp_data_0_string[] = "00000";
532 int suppdata_error = 0;
534 static int serverinfo_cli_cb(SSL* s, unsigned short ext_type,
535 const unsigned char* in, unsigned short inlen,
538 if (ext_type == SCT_EXT_TYPE)
539 serverinfo_sct_seen++;
540 else if (ext_type == TACK_EXT_TYPE)
541 serverinfo_tack_seen++;
543 serverinfo_other_seen++;
547 static int verify_serverinfo()
549 if (serverinfo_sct != serverinfo_sct_seen)
551 if (serverinfo_tack != serverinfo_tack_seen)
553 if (serverinfo_other_seen)
558 /* Four test cases for custom extensions:
559 * 0 - no ClientHello extension or ServerHello response
560 * 1 - ClientHello with "abc", no response
561 * 2 - ClientHello with "abc", empty response
562 * 3 - ClientHello with "abc", "defg" response
565 static int custom_ext_0_cli_first_cb(SSL *s, unsigned short ext_type,
566 const unsigned char **out,
567 unsigned short *outlen, void *arg)
569 if (ext_type != CUSTOM_EXT_TYPE_0)
570 custom_ext_error = 1;
571 return -1; /* Don't send an extension */
574 static int custom_ext_0_cli_second_cb(SSL *s, unsigned short ext_type,
575 const unsigned char *in,
576 unsigned short inlen, int *al,
579 custom_ext_error = 1; /* Shouldn't be called */
583 static int custom_ext_1_cli_first_cb(SSL *s, unsigned short ext_type,
584 const unsigned char **out,
585 unsigned short *outlen, void *arg)
587 if (ext_type != CUSTOM_EXT_TYPE_1)
588 custom_ext_error = 1;
589 *out = (const unsigned char*)custom_ext_cli_string;
590 *outlen = strlen(custom_ext_cli_string);
591 return 1; /* Send "abc" */
594 static int custom_ext_1_cli_second_cb(SSL *s, unsigned short ext_type,
595 const unsigned char *in,
596 unsigned short inlen, int *al,
599 custom_ext_error = 1; /* Shouldn't be called */
603 static int custom_ext_2_cli_first_cb(SSL *s, unsigned short ext_type,
604 const unsigned char **out,
605 unsigned short *outlen, void *arg)
607 if (ext_type != CUSTOM_EXT_TYPE_2)
608 custom_ext_error = 1;
609 *out = (const unsigned char*)custom_ext_cli_string;
610 *outlen = strlen(custom_ext_cli_string);
611 return 1; /* Send "abc" */
614 static int custom_ext_2_cli_second_cb(SSL *s, unsigned short ext_type,
615 const unsigned char *in,
616 unsigned short inlen, int *al,
619 if (ext_type != CUSTOM_EXT_TYPE_2)
620 custom_ext_error = 1;
622 custom_ext_error = 1; /* Should be empty response */
626 static int custom_ext_3_cli_first_cb(SSL *s, unsigned short ext_type,
627 const unsigned char **out,
628 unsigned short *outlen, void *arg)
630 if (ext_type != CUSTOM_EXT_TYPE_3)
631 custom_ext_error = 1;
632 *out = (const unsigned char*)custom_ext_cli_string;
633 *outlen = strlen(custom_ext_cli_string);
634 return 1; /* Send "abc" */
637 static int custom_ext_3_cli_second_cb(SSL *s, unsigned short ext_type,
638 const unsigned char *in,
639 unsigned short inlen, int *al,
642 if (ext_type != CUSTOM_EXT_TYPE_3)
643 custom_ext_error = 1;
644 if (inlen != strlen(custom_ext_srv_string))
645 custom_ext_error = 1;
646 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
647 custom_ext_error = 1; /* Check for "defg" */
652 static int custom_ext_0_srv_first_cb(SSL *s, unsigned short ext_type,
653 const unsigned char *in,
654 unsigned short inlen, int *al,
657 custom_ext_error = 1;
658 return 0; /* Shouldn't be called */
661 static int custom_ext_0_srv_second_cb(SSL *s, unsigned short ext_type,
662 const unsigned char **out,
663 unsigned short *outlen, void *arg)
665 custom_ext_error = 1;
666 return 0; /* Shouldn't be called */
669 static int custom_ext_1_srv_first_cb(SSL *s, unsigned short ext_type,
670 const unsigned char *in,
671 unsigned short inlen, int *al,
674 if (ext_type != CUSTOM_EXT_TYPE_1)
675 custom_ext_error = 1;
676 /* Check for "abc" */
677 if (inlen != strlen(custom_ext_cli_string))
678 custom_ext_error = 1;
679 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
680 custom_ext_error = 1;
684 static int custom_ext_1_srv_second_cb(SSL *s, unsigned short ext_type,
685 const unsigned char **out,
686 unsigned short *outlen, void *arg)
688 return -1; /* Don't send an extension */
691 static int custom_ext_2_srv_first_cb(SSL *s, unsigned short ext_type,
692 const unsigned char *in,
693 unsigned short inlen, int *al,
696 if (ext_type != CUSTOM_EXT_TYPE_2)
697 custom_ext_error = 1;
698 /* Check for "abc" */
699 if (inlen != strlen(custom_ext_cli_string))
700 custom_ext_error = 1;
701 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
702 custom_ext_error = 1;
706 static int custom_ext_2_srv_second_cb(SSL *s, unsigned short ext_type,
707 const unsigned char **out,
708 unsigned short *outlen, void *arg)
712 return 1; /* Send empty extension */
715 static int custom_ext_3_srv_first_cb(SSL *s, unsigned short ext_type,
716 const unsigned char *in,
717 unsigned short inlen, int *al,
720 if (ext_type != CUSTOM_EXT_TYPE_3)
721 custom_ext_error = 1;
722 /* Check for "abc" */
723 if (inlen != strlen(custom_ext_cli_string))
724 custom_ext_error = 1;
725 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
726 custom_ext_error = 1;
730 static int custom_ext_3_srv_second_cb(SSL *s, unsigned short ext_type,
731 const unsigned char **out,
732 unsigned short *outlen, void *arg)
734 *out = (const unsigned char*)custom_ext_srv_string;
735 *outlen = strlen(custom_ext_srv_string);
736 return 1; /* Send "defg" */
739 static int supp_data_0_srv_first_cb(SSL *s, unsigned short supp_data_type,
740 const unsigned char **out,
741 unsigned short *outlen, void *arg)
743 *out = (const unsigned char*)supp_data_0_string;
744 *outlen = strlen(supp_data_0_string);
750 static int supp_data_0_srv_second_cb(SSL *s, unsigned short supp_data_type,
751 const unsigned char *in,
752 unsigned short inlen, int *al,
755 if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
757 if (inlen != strlen(supp_data_0_string))
759 if (memcmp(in, supp_data_0_string, inlen) != 0)
766 static int supp_data_1_srv_first_cb(SSL *s, unsigned short supp_data_type,
767 const unsigned char **out,
768 unsigned short *outlen, void *arg)
773 static int supp_data_1_srv_second_cb(SSL *s, unsigned short supp_data_type,
774 const unsigned char *in,
775 unsigned short inlen, int *al,
782 static int supp_data_2_srv_second_cb(SSL *s, unsigned short supp_data_type,
783 const unsigned char *in,
784 unsigned short inlen, int *al,
791 static int supp_data_0_cli_first_cb(SSL *s, unsigned short supp_data_type,
792 const unsigned char *in,
793 unsigned short inlen, int *al,
796 if (supp_data_type != CUSTOM_SUPP_DATA_TYPE_0)
798 if (inlen != strlen(supp_data_0_string))
800 if (memcmp(in, supp_data_0_string, inlen) != 0)
807 static int supp_data_0_cli_second_cb(SSL *s, unsigned short supp_data_type,
808 const unsigned char **out,
809 unsigned short *outlen, void *arg)
811 *out = (const unsigned char*)supp_data_0_string;
812 *outlen = strlen(supp_data_0_string);
818 static int supp_data_1_cli_first_cb(SSL *s, unsigned short supp_data_type,
819 const unsigned char *in,
820 unsigned short inlen, int *al,
827 static int supp_data_1_cli_second_cb(SSL *s, unsigned short supp_data_type,
828 const unsigned char **out,
829 unsigned short *outlen, void *arg)
834 static int supp_data_2_cli_first_cb(SSL *s, unsigned short supp_data_type,
835 const unsigned char *in,
836 unsigned short inlen, int *al,
843 static char *cipher=NULL;
844 static int verbose=0;
853 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
855 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
856 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
857 static int do_test_cipherlist(void);
858 static void sv_usage(void)
860 fprintf(stderr,"usage: ssltest [args ...]\n");
861 fprintf(stderr,"\n");
863 fprintf(stderr,"-F - run test in FIPS mode\n");
865 fprintf(stderr," -server_auth - check server certificate\n");
866 fprintf(stderr," -client_auth - do client authentication\n");
867 fprintf(stderr," -proxy - allow proxy certificates\n");
868 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
869 fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
870 fprintf(stderr," -v - more output\n");
871 fprintf(stderr," -d - debug output\n");
872 fprintf(stderr," -reuse - use session-id reuse\n");
873 fprintf(stderr," -num <val> - number of connections to perform\n");
874 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
875 #ifndef OPENSSL_NO_DH
876 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
877 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
878 fprintf(stderr," -no_dhe - disable DHE\n");
880 #ifndef OPENSSL_NO_ECDH
881 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
883 #ifndef OPENSSL_NO_PSK
884 fprintf(stderr," -psk arg - PSK in hex (without 0x)\n");
886 #ifndef OPENSSL_NO_SRP
887 fprintf(stderr," -srpuser user - SRP username to use\n");
888 fprintf(stderr," -srppass arg - password for 'user'\n");
890 #ifndef OPENSSL_NO_SSL2
891 fprintf(stderr," -ssl2 - use SSLv2\n");
893 #ifndef OPENSSL_NO_SSL3
894 fprintf(stderr," -ssl3 - use SSLv3\n");
896 #ifndef OPENSSL_NO_TLS1
897 fprintf(stderr," -tls1 - use TLSv1\n");
899 fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
900 fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
901 fprintf(stderr," -cert arg - Server certificate file\n");
902 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
903 fprintf(stderr," -c_cert arg - Client certificate file\n");
904 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
905 fprintf(stderr," -cipher arg - The cipher list\n");
906 fprintf(stderr," -bio_pair - Use BIO pairs\n");
907 fprintf(stderr," -f - Test even cases that can't work\n");
908 fprintf(stderr," -time - measure processor time used by client and server\n");
909 fprintf(stderr," -zlib - use zlib compression\n");
910 fprintf(stderr," -rle - use rle compression\n");
911 #ifndef OPENSSL_NO_ECDH
912 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
913 " Use \"openssl ecparam -list_curves\" for all names\n" \
914 " (default is sect163r2).\n");
916 fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
917 #ifndef OPENSSL_NO_NPN
918 fprintf(stderr," -npn_client - have client side offer NPN\n");
919 fprintf(stderr," -npn_server - have server side offer NPN\n");
920 fprintf(stderr," -npn_server_reject - have server reject NPN\n");
922 fprintf(stderr," -serverinfo_file file - have server use this file\n");
923 fprintf(stderr," -serverinfo_sct - have client offer and expect SCT\n");
924 fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
925 fprintf(stderr," -custom_ext - try various custom extension callbacks\n");
926 fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n");
927 fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n");
928 fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
929 fprintf(stderr, "-suppdata - exercise supplemental data callbacks\n");
932 static void print_details(SSL *c_ssl, const char *prefix)
934 const SSL_CIPHER *ciph;
937 ciph=SSL_get_current_cipher(c_ssl);
938 BIO_printf(bio_stdout,"%s%s, cipher %s %s",
940 SSL_get_version(c_ssl),
941 SSL_CIPHER_get_version(ciph),
942 SSL_CIPHER_get_name(ciph));
943 cert=SSL_get_peer_certificate(c_ssl);
946 EVP_PKEY *pkey = X509_get_pubkey(cert);
951 #ifndef OPENSSL_NO_RSA
952 else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
953 && pkey->pkey.rsa->n != NULL)
955 BIO_printf(bio_stdout, ", %d bit RSA",
956 BN_num_bits(pkey->pkey.rsa->n));
959 #ifndef OPENSSL_NO_DSA
960 else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
961 && pkey->pkey.dsa->p != NULL)
963 BIO_printf(bio_stdout, ", %d bit DSA",
964 BN_num_bits(pkey->pkey.dsa->p));
971 /* The SSL API does not allow us to look at temporary RSA/DH keys,
972 * otherwise we should print their lengths too */
973 BIO_printf(bio_stdout,"\n");
976 static void lock_dbg_cb(int mode, int type, const char *file, int line)
978 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
979 const char *errstr = NULL;
982 rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
983 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
985 errstr = "invalid mode";
989 if (type < 0 || type >= CRYPTO_NUM_LOCKS)
991 errstr = "type out of bounds";
995 if (mode & CRYPTO_LOCK)
999 errstr = "already locked";
1000 /* must not happen in a single-threaded program
1001 * (would deadlock) */
1007 else if (mode & CRYPTO_UNLOCK)
1011 errstr = "not locked";
1015 if (modes[type] != rw)
1017 errstr = (rw == CRYPTO_READ) ?
1018 "CRYPTO_r_unlock on write lock" :
1019 "CRYPTO_w_unlock on read lock";
1026 errstr = "invalid mode";
1033 /* we cannot use bio_err here */
1034 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
1035 errstr, mode, type, file, line);
1039 #ifdef TLSEXT_TYPE_opaque_prf_input
1040 struct cb_info_st { void *input; size_t len; int ret; };
1041 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
1042 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
1043 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
1044 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
1046 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
1048 struct cb_info_st *arg = arg_;
1053 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
1059 int main(int argc, char *argv[])
1061 char *CApath=NULL,*CAfile=NULL;
1065 int tls1=0,ssl2=0,ssl3=0,ret=1;
1067 int server_auth=0,i;
1068 struct app_verify_arg app_verify_arg =
1069 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
1070 char *server_cert=TEST_SERVER_CERT;
1071 char *server_key=NULL;
1072 char *client_cert=TEST_CLIENT_CERT;
1073 char *client_key=NULL;
1074 #ifndef OPENSSL_NO_ECDH
1075 char *named_curve = NULL;
1077 SSL_CTX *s_ctx=NULL;
1078 SSL_CTX *c_ctx=NULL;
1079 const SSL_METHOD *meth=NULL;
1081 int number=1,reuse=0;
1083 #ifndef OPENSSL_NO_DH
1085 int dhe1024 = 0, dhe1024dsa = 0;
1087 #ifndef OPENSSL_NO_ECDH
1088 EC_KEY *ecdh = NULL;
1090 #ifndef OPENSSL_NO_SRP
1092 SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
1094 SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
1100 clock_t s_time = 0, c_time = 0;
1101 #ifndef OPENSSL_NO_COMP
1103 COMP_METHOD *cm = NULL;
1104 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
1106 int test_cipherlist = 0;
1115 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);
1117 CRYPTO_set_locking_callback(lock_dbg_cb);
1119 /* enable memory leak checking unless explicitly disabled */
1120 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
1122 CRYPTO_malloc_debug_init();
1123 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1127 /* OPENSSL_DEBUG_MEMORY=off */
1128 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1130 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1132 RAND_seed(rnd_seed, sizeof rnd_seed);
1134 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
1141 if(!strcmp(*argv,"-F"))
1146 fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
1150 else if (strcmp(*argv,"-server_auth") == 0)
1152 else if (strcmp(*argv,"-client_auth") == 0)
1154 else if (strcmp(*argv,"-proxy_auth") == 0)
1156 if (--argc < 1) goto bad;
1157 app_verify_arg.proxy_auth= *(++argv);
1159 else if (strcmp(*argv,"-proxy_cond") == 0)
1161 if (--argc < 1) goto bad;
1162 app_verify_arg.proxy_cond= *(++argv);
1164 else if (strcmp(*argv,"-v") == 0)
1166 else if (strcmp(*argv,"-d") == 0)
1168 else if (strcmp(*argv,"-reuse") == 0)
1170 else if (strcmp(*argv,"-dhe1024") == 0)
1172 #ifndef OPENSSL_NO_DH
1175 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1178 else if (strcmp(*argv,"-dhe1024dsa") == 0)
1180 #ifndef OPENSSL_NO_DH
1183 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1186 else if (strcmp(*argv,"-no_dhe") == 0)
1188 else if (strcmp(*argv,"-no_ecdhe") == 0)
1190 else if (strcmp(*argv,"-psk") == 0)
1192 if (--argc < 1) goto bad;
1194 #ifndef OPENSSL_NO_PSK
1195 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key))
1197 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
1204 #ifndef OPENSSL_NO_SRP
1205 else if (strcmp(*argv,"-srpuser") == 0)
1207 if (--argc < 1) goto bad;
1208 srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
1211 else if (strcmp(*argv,"-srppass") == 0)
1213 if (--argc < 1) goto bad;
1214 srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
1218 else if (strcmp(*argv,"-ssl2") == 0)
1220 else if (strcmp(*argv,"-tls1") == 0)
1222 else if (strcmp(*argv,"-ssl3") == 0)
1224 else if (strncmp(*argv,"-num",4) == 0)
1226 if (--argc < 1) goto bad;
1227 number= atoi(*(++argv));
1228 if (number == 0) number=1;
1230 else if (strcmp(*argv,"-bytes") == 0)
1232 if (--argc < 1) goto bad;
1233 bytes= atol(*(++argv));
1234 if (bytes == 0L) bytes=1L;
1236 if (argv[0][i-1] == 'k') bytes*=1024L;
1237 if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
1239 else if (strcmp(*argv,"-cert") == 0)
1241 if (--argc < 1) goto bad;
1242 server_cert= *(++argv);
1244 else if (strcmp(*argv,"-s_cert") == 0)
1246 if (--argc < 1) goto bad;
1247 server_cert= *(++argv);
1249 else if (strcmp(*argv,"-key") == 0)
1251 if (--argc < 1) goto bad;
1252 server_key= *(++argv);
1254 else if (strcmp(*argv,"-s_key") == 0)
1256 if (--argc < 1) goto bad;
1257 server_key= *(++argv);
1259 else if (strcmp(*argv,"-c_cert") == 0)
1261 if (--argc < 1) goto bad;
1262 client_cert= *(++argv);
1264 else if (strcmp(*argv,"-c_key") == 0)
1266 if (--argc < 1) goto bad;
1267 client_key= *(++argv);
1269 else if (strcmp(*argv,"-cipher") == 0)
1271 if (--argc < 1) goto bad;
1274 else if (strcmp(*argv,"-CApath") == 0)
1276 if (--argc < 1) goto bad;
1279 else if (strcmp(*argv,"-CAfile") == 0)
1281 if (--argc < 1) goto bad;
1284 else if (strcmp(*argv,"-bio_pair") == 0)
1288 else if (strcmp(*argv,"-f") == 0)
1292 else if (strcmp(*argv,"-time") == 0)
1296 #ifndef OPENSSL_NO_COMP
1297 else if (strcmp(*argv,"-zlib") == 0)
1301 else if (strcmp(*argv,"-rle") == 0)
1306 else if (strcmp(*argv,"-named_curve") == 0)
1308 if (--argc < 1) goto bad;
1309 #ifndef OPENSSL_NO_ECDH
1310 named_curve = *(++argv);
1312 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
1316 else if (strcmp(*argv,"-app_verify") == 0)
1318 app_verify_arg.app_verify = 1;
1320 else if (strcmp(*argv,"-proxy") == 0)
1322 app_verify_arg.allow_proxy_certs = 1;
1324 else if (strcmp(*argv,"-test_cipherlist") == 0)
1326 test_cipherlist = 1;
1328 #ifndef OPENSSL_NO_NPN
1329 else if (strcmp(*argv,"-npn_client") == 0)
1333 else if (strcmp(*argv,"-npn_server") == 0)
1337 else if (strcmp(*argv,"-npn_server_reject") == 0)
1339 npn_server_reject = 1;
1342 else if (strcmp(*argv,"-serverinfo_sct") == 0)
1346 else if (strcmp(*argv,"-serverinfo_tack") == 0)
1348 serverinfo_tack = 1;
1350 else if (strcmp(*argv,"-serverinfo_file") == 0)
1352 if (--argc < 1) goto bad;
1353 serverinfo_file = *(++argv);
1355 else if (strcmp(*argv,"-custom_ext") == 0)
1359 else if (strcmp(*argv,"-alpn_client") == 0)
1361 if (--argc < 1) goto bad;
1362 alpn_client = *(++argv);
1364 else if (strcmp(*argv,"-alpn_server") == 0)
1366 if (--argc < 1) goto bad;
1367 alpn_server = *(++argv);
1369 else if (strcmp(*argv,"-alpn_expected") == 0)
1371 if (--argc < 1) goto bad;
1372 alpn_expected = *(++argv);
1374 else if (strcmp(*argv,"-suppdata") == 0)
1380 fprintf(stderr,"unknown option %s\n",*argv);
1394 if (test_cipherlist == 1)
1396 /* ensure that the cipher list are correctly sorted and exit */
1397 if (do_test_cipherlist() == 0)
1403 if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
1405 fprintf(stderr, "This case cannot work. Use -f to perform "
1406 "the test anyway (and\n-d to see what happens), "
1407 "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
1408 "to avoid protocol mismatch.\n");
1415 if(!FIPS_mode_set(1))
1417 ERR_load_crypto_strings();
1418 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
1422 fprintf(stderr,"*** IN FIPS MODE ***\n");
1430 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1433 if (number < 50 && !force)
1434 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1437 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1440 SSL_load_error_strings();
1442 #ifndef OPENSSL_NO_COMP
1443 if (comp == COMP_ZLIB) cm = COMP_zlib();
1444 if (comp == COMP_RLE) cm = COMP_rle();
1447 if (cm->type != NID_undef)
1449 if (SSL_COMP_add_compression_method(comp, cm) != 0)
1452 "Failed to add compression method\n");
1453 ERR_print_errors_fp(stderr);
1459 "Warning: %s compression not supported\n",
1460 (comp == COMP_RLE ? "rle" :
1461 (comp == COMP_ZLIB ? "zlib" :
1463 ERR_print_errors_fp(stderr);
1466 ssl_comp_methods = SSL_COMP_get_compression_methods();
1467 fprintf(stderr, "Available compression methods:\n");
1469 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
1471 fprintf(stderr, " NONE\n");
1473 for (j = 0; j < n; j++)
1475 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1476 fprintf(stderr, " %d: %s\n", c->id, c->name);
1481 #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
1483 meth=SSLv2_method();
1486 meth=TLSv1_method();
1489 meth=SSLv3_method();
1491 meth=SSLv23_method();
1493 #ifdef OPENSSL_NO_SSL2
1495 meth=TLSv1_method();
1498 meth=SSLv3_method();
1500 meth=SSLv23_method();
1502 meth=SSLv2_method();
1506 c_ctx=SSL_CTX_new(meth);
1507 s_ctx=SSL_CTX_new(meth);
1508 if ((c_ctx == NULL) || (s_ctx == NULL))
1510 ERR_print_errors(bio_err);
1516 SSL_CTX_set_cipher_list(c_ctx,cipher);
1517 SSL_CTX_set_cipher_list(s_ctx,cipher);
1520 #ifndef OPENSSL_NO_DH
1525 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
1526 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1533 SSL_CTX_set_tmp_dh(s_ctx,dh);
1540 #ifndef OPENSSL_NO_ECDH
1545 if (named_curve != NULL)
1547 nid = OBJ_sn2nid(named_curve);
1550 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1555 #ifdef OPENSSL_NO_EC2M
1556 nid = NID_X9_62_prime256v1;
1558 nid = NID_sect163r2;
1561 ecdh = EC_KEY_new_by_curve_name(nid);
1564 BIO_printf(bio_err, "unable to create curve\n");
1568 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1569 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1576 #ifndef OPENSSL_NO_RSA
1577 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
1580 #ifdef TLSEXT_TYPE_opaque_prf_input
1581 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
1582 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
1583 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
1584 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
1587 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
1589 ERR_print_errors(bio_err);
1591 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
1592 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
1594 ERR_print_errors(bio_err);
1600 SSL_CTX_use_certificate_file(c_ctx,client_cert,
1602 SSL_CTX_use_PrivateKey_file(c_ctx,
1603 (client_key?client_key:client_cert),
1607 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
1608 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1609 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
1610 (!SSL_CTX_set_default_verify_paths(c_ctx)))
1612 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1613 ERR_print_errors(bio_err);
1619 BIO_printf(bio_err,"client authentication\n");
1620 SSL_CTX_set_verify(s_ctx,
1621 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1623 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
1627 BIO_printf(bio_err,"server authentication\n");
1628 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
1630 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
1634 int session_id_context = 0;
1635 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
1638 /* Use PSK only if PSK key is given */
1639 if (psk_key != NULL)
1641 /* no_psk is used to avoid putting psk command to openssl tool */
1644 /* if PSK is not compiled in and psk key is
1645 * given, do nothing and exit successfully */
1649 #ifndef OPENSSL_NO_PSK
1650 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1651 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1653 BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n");
1654 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint"))
1656 BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
1657 ERR_print_errors(bio_err);
1662 #ifndef OPENSSL_NO_SRP
1663 if (srp_client_arg.srplogin)
1665 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
1667 BIO_printf(bio_err,"Unable to set SRP username\n");
1670 SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
1671 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
1672 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
1675 if (srp_server_arg.expected_user != NULL)
1677 SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
1678 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1679 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1683 #ifndef OPENSSL_NO_NPN
1686 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1690 if (npn_server_reject)
1692 BIO_printf(bio_err, "Can't have both -npn_server and -npn_server_reject\n");
1695 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1697 if (npn_server_reject)
1699 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1704 SSL_CTX_set_custom_cli_ext(c_ctx, SCT_EXT_TYPE, NULL,
1705 serverinfo_cli_cb, NULL);
1706 if (serverinfo_tack)
1707 SSL_CTX_set_custom_cli_ext(c_ctx, TACK_EXT_TYPE, NULL,
1708 serverinfo_cli_cb, NULL);
1710 if (serverinfo_file)
1711 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
1713 BIO_printf(bio_err, "missing serverinfo file\n");
1719 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1720 custom_ext_0_cli_first_cb,
1721 custom_ext_0_cli_second_cb, NULL);
1722 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1723 custom_ext_1_cli_first_cb,
1724 custom_ext_1_cli_second_cb, NULL);
1725 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1726 custom_ext_2_cli_first_cb,
1727 custom_ext_2_cli_second_cb, NULL);
1728 SSL_CTX_set_custom_cli_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1729 custom_ext_3_cli_first_cb,
1730 custom_ext_3_cli_second_cb, NULL);
1733 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1734 custom_ext_0_srv_first_cb,
1735 custom_ext_0_srv_second_cb, NULL);
1736 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1737 custom_ext_1_srv_first_cb,
1738 custom_ext_1_srv_second_cb, NULL);
1739 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1740 custom_ext_2_srv_first_cb,
1741 custom_ext_2_srv_second_cb, NULL);
1742 SSL_CTX_set_custom_srv_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1743 custom_ext_3_srv_first_cb,
1744 custom_ext_3_srv_second_cb, NULL);
1748 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
1752 unsigned short alpn_len;
1753 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1757 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1760 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
1764 c_ssl=SSL_new(c_ctx);
1765 s_ssl=SSL_new(s_ctx);
1770 /* client and server both send and receive, verify
1771 * additional arg passed back */
1772 SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_0,
1773 supp_data_0_srv_first_cb,
1774 supp_data_0_srv_second_cb, s_ssl);
1775 SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_0,
1776 supp_data_0_cli_first_cb,
1777 supp_data_0_cli_second_cb, c_ssl);
1779 /* -1 response from sending server/client doesn't
1780 * receive, -1 response from sending client/server
1781 * doesn't receive */
1782 SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_1,
1783 supp_data_1_srv_first_cb,
1784 supp_data_1_srv_second_cb, NULL);
1785 SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_1,
1786 supp_data_1_cli_first_cb,
1787 supp_data_1_cli_second_cb, NULL);
1789 /* null sending server/client doesn't receive, null
1790 sending client/server doesn't receive */
1791 SSL_CTX_set_srv_supp_data(s_ctx, CUSTOM_SUPP_DATA_TYPE_2,
1792 /*supp_data_2_srv_first_cb*/NULL,
1793 supp_data_2_srv_second_cb, NULL);
1794 SSL_CTX_set_cli_supp_data(c_ctx, CUSTOM_SUPP_DATA_TYPE_2,
1795 supp_data_2_cli_first_cb,
1796 /*supp_data_2_cli_second_cb*/NULL,
1799 /* alerts set to non-zero and zero return values not tested */
1801 #ifndef OPENSSL_NO_KRB5
1802 if (c_ssl && c_ssl->kssl_ctx)
1804 char localhost[MAXHOSTNAMELEN+2];
1806 if (gethostname(localhost, sizeof localhost-1) == 0)
1808 localhost[sizeof localhost-1]='\0';
1809 if(strlen(localhost) == sizeof localhost-1)
1811 BIO_printf(bio_err,"localhost name too long\n");
1814 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
1818 #endif /* OPENSSL_NO_KRB5 */
1820 for (i=0; i<number; i++)
1822 if (!reuse) SSL_set_session(c_ssl,NULL);
1824 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
1826 ret=doit(s_ssl,c_ssl,bytes);
1831 print_details(c_ssl, "");
1833 if ((number > 1) || (bytes > 1L))
1834 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
1837 #ifdef CLOCKS_PER_SEC
1838 /* "To determine the time in seconds, the value returned
1839 * by the clock function should be divided by the value
1840 * of the macro CLOCKS_PER_SEC."
1841 * -- ISO/IEC 9899 */
1842 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1843 "Approximate total client time: %6.2f s\n",
1844 (double)s_time/CLOCKS_PER_SEC,
1845 (double)c_time/CLOCKS_PER_SEC);
1847 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
1848 * -- cc on NeXTstep/OpenStep */
1849 BIO_printf(bio_stdout,
1850 "Approximate total server time: %6.2f units\n"
1851 "Approximate total client time: %6.2f units\n",
1861 if (s_ctx != NULL) SSL_CTX_free(s_ctx);
1862 if (c_ctx != NULL) SSL_CTX_free(c_ctx);
1864 if (bio_stdout != NULL) BIO_free(bio_stdout);
1866 #ifndef OPENSSL_NO_RSA
1869 #ifndef OPENSSL_NO_ENGINE
1872 CRYPTO_cleanup_all_ex_data();
1874 ERR_remove_thread_state(NULL);
1876 CRYPTO_mem_leaks(bio_err);
1877 if (bio_err != NULL) BIO_free(bio_err);
1882 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1883 clock_t *s_time, clock_t *c_time)
1885 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1886 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1887 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1890 size_t bufsiz = 256; /* small buffer for testing */
1892 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1894 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1897 s_ssl_bio = BIO_new(BIO_f_ssl());
1901 c_ssl_bio = BIO_new(BIO_f_ssl());
1905 SSL_set_connect_state(c_ssl);
1906 SSL_set_bio(c_ssl, client, client);
1907 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1909 SSL_set_accept_state(s_ssl);
1910 SSL_set_bio(s_ssl, server, server);
1911 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1915 /* c_ssl_bio: SSL filter BIO
1917 * client: pseudo-I/O for SSL library
1919 * client_io: client's SSL communication; usually to be
1920 * relayed over some I/O facility, but in this
1921 * test program, we're the server, too:
1923 * server_io: server's SSL communication
1925 * server: pseudo-I/O for SSL library
1927 * s_ssl_bio: SSL filter BIO
1929 * The client and the server each employ a "BIO pair":
1930 * client + client_io, server + server_io.
1931 * BIO pairs are symmetric. A BIO pair behaves similar
1932 * to a non-blocking socketpair (but both endpoints must
1933 * be handled by the same thread).
1934 * [Here we could connect client and server to the ends
1935 * of a single BIO pair, but then this code would be less
1936 * suitable as an example for BIO pairs in general.]
1938 * Useful functions for querying the state of BIO pair endpoints:
1940 * BIO_ctrl_pending(bio) number of bytes we can read now
1941 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1942 * other side's read attempt
1943 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1945 * ..._read_request is never more than ..._write_guarantee;
1946 * it depends on the application which one you should use.
1949 /* We have non-blocking behaviour throughout this test program, but
1950 * can be sure that there is *some* progress in each iteration; so
1951 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
1952 * -- we just try everything in each iteration
1958 MS_STATIC char cbuf[1024*8];
1960 clock_t c_clock = clock();
1962 memset(cbuf, 0, sizeof(cbuf));
1965 if (SSL_in_init(c_ssl))
1966 printf("client waiting in SSL_connect - %s\n",
1967 SSL_state_string_long(c_ssl));
1971 /* Write to server. */
1973 if (cw_num > (long)sizeof cbuf)
1977 r = BIO_write(c_ssl_bio, cbuf, i);
1980 if (!BIO_should_retry(c_ssl_bio))
1982 fprintf(stderr,"ERROR in CLIENT\n");
1985 /* BIO_should_retry(...) can just be ignored here.
1986 * The library expects us to call BIO_write with
1987 * the same arguments again, and that's what we will
1988 * do in the next iteration. */
1992 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
1998 printf("client wrote %d\n", r);
2005 /* Read from server. */
2007 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2010 if (!BIO_should_retry(c_ssl_bio))
2012 fprintf(stderr,"ERROR in CLIENT\n");
2015 /* Again, "BIO_should_retry" can be ignored. */
2019 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2025 printf("client read %d\n", r);
2030 /* c_time and s_time increments will typically be very small
2031 * (depending on machine speed and clock tick intervals),
2032 * but sampling over a large number of connections should
2033 * result in fairly accurate figures. We cannot guarantee
2034 * a lot, however -- if each connection lasts for exactly
2035 * one clock tick, it will be counted only for the client
2036 * or only for the server or even not at all.
2038 *c_time += (clock() - c_clock);
2044 MS_STATIC char sbuf[1024*8];
2046 clock_t s_clock = clock();
2048 memset(sbuf, 0, sizeof(sbuf));
2051 if (SSL_in_init(s_ssl))
2052 printf("server waiting in SSL_accept - %s\n",
2053 SSL_state_string_long(s_ssl));
2057 /* Write to client. */
2059 if (sw_num > (long)sizeof sbuf)
2063 r = BIO_write(s_ssl_bio, sbuf, i);
2066 if (!BIO_should_retry(s_ssl_bio))
2068 fprintf(stderr,"ERROR in SERVER\n");
2071 /* Ignore "BIO_should_retry". */
2075 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
2081 printf("server wrote %d\n", r);
2088 /* Read from client. */
2090 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2093 if (!BIO_should_retry(s_ssl_bio))
2095 fprintf(stderr,"ERROR in SERVER\n");
2102 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
2108 printf("server read %d\n", r);
2113 *s_time += (clock() - s_clock);
2117 /* "I/O" BETWEEN CLIENT AND SERVER. */
2120 BIO *io1 = server_io, *io2 = client_io;
2121 /* we use the non-copying interface for io1
2122 * and the standard BIO_write/BIO_read interface for io2
2125 static int prev_progress = 1;
2134 r1 = BIO_ctrl_pending(io1);
2135 r2 = BIO_ctrl_get_write_guarantee(io2);
2144 if (INT_MAX < num) /* yeah, right */
2147 r = BIO_nread(io1, &dataptr, (int)num);
2149 assert(r <= (int)num);
2150 /* possibly r < num (non-contiguous data) */
2152 r = BIO_write(io2, dataptr, (int)num);
2153 if (r != (int)num) /* can't happen */
2155 fprintf(stderr, "ERROR: BIO_write could not write "
2156 "BIO_ctrl_get_write_guarantee() bytes");
2162 printf((io1 == client_io) ?
2163 "C->S relaying: %d bytes\n" :
2164 "S->C relaying: %d bytes\n",
2175 r1 = BIO_ctrl_pending(io2);
2176 r2 = BIO_ctrl_get_read_request(io1);
2177 /* here we could use ..._get_write_guarantee instead of
2178 * ..._get_read_request, but by using the latter
2179 * we test restartability of the SSL implementation
2180 * more thoroughly */
2192 --num; /* test restartability even more thoroughly */
2194 r = BIO_nwrite0(io1, &dataptr);
2198 r = BIO_read(io2, dataptr, (int)num);
2199 if (r != (int)num) /* can't happen */
2201 fprintf(stderr, "ERROR: BIO_read could not read "
2202 "BIO_ctrl_pending() bytes");
2206 r = BIO_nwrite(io1, &dataptr, (int)num);
2207 if (r != (int)num) /* can't happen */
2209 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2210 "BIO_nwrite0() bytes");
2215 printf((io2 == client_io) ?
2216 "C->S relaying: %d bytes\n" :
2217 "S->C relaying: %d bytes\n",
2220 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
2222 if (!progress && !prev_progress)
2223 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
2225 fprintf(stderr, "ERROR: got stuck\n");
2226 if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
2228 fprintf(stderr, "This can happen for SSL2 because "
2229 "CLIENT-FINISHED and SERVER-VERIFY are written \n"
2230 "concurrently ...");
2231 if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
2232 && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
2234 fprintf(stderr, " ok.\n");
2238 fprintf(stderr, " ERROR.\n");
2241 prev_progress = progress;
2244 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2247 print_details(c_ssl, "DONE via BIO pair: ");
2248 #ifndef OPENSSL_NO_NPN
2249 if (verify_npn(c_ssl, s_ssl) < 0)
2255 if (verify_serverinfo() < 0)
2260 if (verify_alpn(c_ssl, s_ssl) < 0)
2266 if (custom_ext_error)
2276 ERR_print_errors(bio_err);
2281 BIO_free(server_io);
2285 BIO_free(client_io);
2287 BIO_free(s_ssl_bio);
2289 BIO_free(c_ssl_bio);
2300 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2302 MS_STATIC char cbuf[1024*8],sbuf[1024*8];
2303 long cw_num=count,cr_num=count;
2304 long sw_num=count,sr_num=count;
2310 int c_r,c_w,s_r,s_w;
2313 int c_write,s_write;
2314 int do_server=0,do_client=0;
2316 memset(cbuf,0,sizeof(cbuf));
2317 memset(sbuf,0,sizeof(sbuf));
2319 c_to_s=BIO_new(BIO_s_mem());
2320 s_to_c=BIO_new(BIO_s_mem());
2321 if ((s_to_c == NULL) || (c_to_s == NULL))
2323 ERR_print_errors(bio_err);
2327 c_bio=BIO_new(BIO_f_ssl());
2328 s_bio=BIO_new(BIO_f_ssl());
2329 if ((c_bio == NULL) || (s_bio == NULL))
2331 ERR_print_errors(bio_err);
2335 SSL_set_connect_state(c_ssl);
2336 SSL_set_bio(c_ssl,s_to_c,c_to_s);
2337 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
2339 SSL_set_accept_state(s_ssl);
2340 SSL_set_bio(s_ssl,c_to_s,s_to_c);
2341 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
2345 c_write=1,s_write=0;
2347 /* We can always do writes */
2353 i=(int)BIO_pending(s_bio);
2354 if ((i && s_r) || s_w) do_server=1;
2356 i=(int)BIO_pending(c_bio);
2357 if ((i && c_r) || c_w) do_client=1;
2359 if (do_server && debug)
2361 if (SSL_in_init(s_ssl))
2362 printf("server waiting in SSL_accept - %s\n",
2363 SSL_state_string_long(s_ssl));
2364 /* else if (s_write)
2365 printf("server:SSL_write()\n");
2367 printf("server:SSL_read()\n"); */
2370 if (do_client && debug)
2372 if (SSL_in_init(c_ssl))
2373 printf("client waiting in SSL_connect - %s\n",
2374 SSL_state_string_long(c_ssl));
2375 /* else if (c_write)
2376 printf("client:SSL_write()\n");
2378 printf("client:SSL_read()\n"); */
2381 if (!do_client && !do_server)
2383 fprintf(stdout,"ERROR IN STARTUP\n");
2384 ERR_print_errors(bio_err);
2387 if (do_client && !(done & C_DONE))
2391 j = (cw_num > (long)sizeof(cbuf)) ?
2392 (int)sizeof(cbuf) : (int)cw_num;
2393 i=BIO_write(c_bio,cbuf,j);
2398 if (BIO_should_retry(c_bio))
2400 if (BIO_should_read(c_bio))
2402 if (BIO_should_write(c_bio))
2407 fprintf(stderr,"ERROR in CLIENT\n");
2408 ERR_print_errors(bio_err);
2414 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2420 printf("client wrote %d\n",i);
2429 i=BIO_read(c_bio,cbuf,sizeof(cbuf));
2434 if (BIO_should_retry(c_bio))
2436 if (BIO_should_read(c_bio))
2438 if (BIO_should_write(c_bio))
2443 fprintf(stderr,"ERROR in CLIENT\n");
2444 ERR_print_errors(bio_err);
2450 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2456 printf("client read %d\n",i);
2473 if (do_server && !(done & S_DONE))
2477 i=BIO_read(s_bio,sbuf,sizeof(cbuf));
2482 if (BIO_should_retry(s_bio))
2484 if (BIO_should_read(s_bio))
2486 if (BIO_should_write(s_bio))
2491 fprintf(stderr,"ERROR in SERVER\n");
2492 ERR_print_errors(bio_err);
2498 ERR_print_errors(bio_err);
2499 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
2505 printf("server read %d\n",i);
2522 j = (sw_num > (long)sizeof(sbuf)) ?
2523 (int)sizeof(sbuf) : (int)sw_num;
2524 i=BIO_write(s_bio,sbuf,j);
2529 if (BIO_should_retry(s_bio))
2531 if (BIO_should_read(s_bio))
2533 if (BIO_should_write(s_bio))
2538 fprintf(stderr,"ERROR in SERVER\n");
2539 ERR_print_errors(bio_err);
2545 ERR_print_errors(bio_err);
2546 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
2552 printf("server wrote %d\n",i);
2562 if ((done & S_DONE) && (done & C_DONE)) break;
2566 print_details(c_ssl, "DONE: ");
2567 #ifndef OPENSSL_NO_NPN
2568 if (verify_npn(c_ssl, s_ssl) < 0)
2574 if (suppdata_error < 0)
2579 if (verify_serverinfo() < 0)
2584 if (custom_ext_error)
2591 /* We have to set the BIO's to NULL otherwise they will be
2592 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
2593 * again when c_ssl is SSL_free()ed.
2594 * This is a hack required because s_ssl and c_ssl are sharing the same
2595 * BIO structure and SSL_set_bio() and SSL_free() automatically
2596 * BIO_free non NULL entries.
2597 * You should not normally do this or be required to do this */
2609 if (c_to_s != NULL) BIO_free(c_to_s);
2610 if (s_to_c != NULL) BIO_free(s_to_c);
2611 if (c_bio != NULL) BIO_free_all(c_bio);
2612 if (s_bio != NULL) BIO_free_all(s_bio);
2616 static int get_proxy_auth_ex_data_idx(void)
2618 static volatile int idx = -1;
2621 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2624 idx = X509_STORE_CTX_get_ex_new_index(0,
2625 "SSLtest for verify callback", NULL,NULL,NULL);
2627 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2632 static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
2636 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
2641 fprintf(stderr,"depth=%d %s\n",
2642 ctx->error_depth,buf);
2645 fprintf(stderr,"depth=%d error=%d %s\n",
2646 ctx->error_depth,ctx->error,buf);
2652 fprintf(stderr,"Error string: %s\n",
2653 X509_verify_cert_error_string(ctx->error));
2656 case X509_V_ERR_CERT_NOT_YET_VALID:
2657 case X509_V_ERR_CERT_HAS_EXPIRED:
2658 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2659 fprintf(stderr," ... ignored.\n");
2666 X509 *xs = ctx->current_cert;
2668 X509 *xi = ctx->current_issuer;
2671 if (xs->ex_flags & EXFLAG_PROXY)
2673 unsigned int *letters =
2674 X509_STORE_CTX_get_ex_data(ctx,
2675 get_proxy_auth_ex_data_idx());
2681 PROXY_CERT_INFO_EXTENSION *pci =
2682 X509_get_ext_d2i(xs, NID_proxyCertInfo,
2685 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
2687 case NID_Independent:
2688 /* Completely meaningless in this
2689 program, as there's no way to
2690 grant explicit rights to a
2691 specific PrC. Basically, using
2692 id-ppl-Independent is the perfect
2693 way to grant no rights at all. */
2694 fprintf(stderr, " Independent proxy certificate");
2695 for (i = 0; i < 26; i++)
2698 case NID_id_ppl_inheritAll:
2699 /* This is basically a NOP, we
2700 simply let the current rights
2701 stand as they are. */
2702 fprintf(stderr, " Proxy certificate inherits all");
2706 pci->proxyPolicy->policy->data;
2707 i = pci->proxyPolicy->policy->length;
2709 /* The algorithm works as follows:
2710 it is assumed that previous
2711 iterations or the initial granted
2712 rights has already set some elements
2713 of `letters'. What we need to do is
2714 to clear those that weren't granted
2715 by the current PrC as well. The
2716 easiest way to do this is to add 1
2717 to all the elements whose letters
2718 are given with the current policy.
2719 That way, all elements that are set
2720 by the current policy and were
2721 already set by earlier policies and
2722 through the original grant of rights
2723 will get the value 2 or higher.
2724 The last thing to do is to sweep
2725 through `letters' and keep the
2726 elements having the value 2 as set,
2727 and clear all the others. */
2729 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
2733 if (isascii(c) && isalpha(c))
2740 for (i = 0; i < 26; i++)
2749 ", resulting proxy rights = ");
2750 for(i = 0; i < 26; i++)
2753 fprintf(stderr, "%c", i + 'A');
2757 fprintf(stderr, "none");
2758 fprintf(stderr, "\n");
2760 PROXY_CERT_INFO_EXTENSION_free(pci);
2768 static void process_proxy_debug(int indent, const char *format, ...)
2770 static const char indentation[] =
2771 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2772 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
2773 char my_format[256];
2776 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2777 indent, indent, indentation, format);
2779 va_start(args, format);
2780 vfprintf(stderr, my_format, args);
2788 static int process_proxy_cond_adders(unsigned int letters[26],
2789 const char *cond, const char **cond_end, int *pos, int indent);
2790 static int process_proxy_cond_val(unsigned int letters[26],
2791 const char *cond, const char **cond_end, int *pos, int indent)
2797 while(isspace((int)*cond))
2804 process_proxy_debug(indent,
2805 "Start process_proxy_cond_val at position %d: %s\n",
2812 while(isspace((int)*cond))
2822 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2827 while(isspace((int)*cond))
2835 "Weird condition character in position %d: "
2842 else if (isascii(c) && isalpha(c))
2846 ok = letters[c - 'A'];
2852 "Weird condition character in position %d: "
2859 if (ok >= 0 && negate)
2863 process_proxy_debug(indent,
2864 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2869 static int process_proxy_cond_multipliers(unsigned int letters[26],
2870 const char *cond, const char **cond_end, int *pos, int indent)
2876 process_proxy_debug(indent,
2877 "Start process_proxy_cond_multipliers at position %d: %s\n",
2880 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2887 while(isspace((int)*cond))
2901 ok = process_proxy_cond_val(letters,
2902 cond, cond_end, pos, indent + 1);
2916 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2928 process_proxy_debug(indent,
2929 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2935 static int process_proxy_cond_adders(unsigned int letters[26],
2936 const char *cond, const char **cond_end, int *pos, int indent)
2942 process_proxy_debug(indent,
2943 "Start process_proxy_cond_adders at position %d: %s\n",
2946 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2954 while(isspace((int)*cond))
2967 ok = process_proxy_cond_multipliers(letters,
2968 cond, cond_end, pos, indent + 1);
2979 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2991 process_proxy_debug(indent,
2992 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2999 static int process_proxy_cond(unsigned int letters[26],
3000 const char *cond, const char **cond_end)
3003 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
3006 static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
3009 struct app_verify_arg *cb_arg = arg;
3010 unsigned int letters[26]; /* only used with proxy_auth */
3012 if (cb_arg->app_verify)
3014 char *s = NULL,buf[256];
3016 fprintf(stderr, "In app_verify_callback, allowing cert. ");
3017 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
3018 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
3019 (void *)ctx, (void *)ctx->cert);
3021 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
3024 fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
3028 if (cb_arg->proxy_auth)
3030 int found_any = 0, i;
3033 for(i = 0; i < 26; i++)
3035 for(sp = cb_arg->proxy_auth; *sp; sp++)
3038 if (isascii(c) && isalpha(c))
3042 letters[c - 'A'] = 1;
3047 " Initial proxy rights = ");
3048 for(i = 0; i < 26; i++)
3051 fprintf(stderr, "%c", i + 'A');
3055 fprintf(stderr, "none");
3056 fprintf(stderr, "\n");
3058 X509_STORE_CTX_set_ex_data(ctx,
3059 get_proxy_auth_ex_data_idx(),letters);
3061 if (cb_arg->allow_proxy_certs)
3063 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
3066 #ifndef OPENSSL_NO_X509_VERIFY
3067 ok = X509_verify_cert(ctx);
3070 if (cb_arg->proxy_auth)
3074 const char *cond_end = NULL;
3076 ok = process_proxy_cond(letters,
3077 cb_arg->proxy_cond, &cond_end);
3083 fprintf(stderr, "Stopped processing condition before it's end.\n");
3087 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
3088 cb_arg->proxy_cond);
3090 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
3091 cb_arg->proxy_cond);
3097 #ifndef OPENSSL_NO_RSA
3098 static RSA *rsa_tmp=NULL;
3100 static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
3103 if (rsa_tmp == NULL)
3106 rsa_tmp = RSA_new();
3107 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
3109 BIO_printf(bio_err, "Memory error...");
3112 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
3113 (void)BIO_flush(bio_err);
3114 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
3116 BIO_printf(bio_err, "Error generating key.");
3121 BIO_printf(bio_err,"\n");
3122 (void)BIO_flush(bio_err);
3128 static void free_tmp_rsa(void)
3130 if (rsa_tmp != NULL)
3138 #ifndef OPENSSL_NO_DH
3139 /* These DH parameters have been generated as follows:
3140 * $ openssl dhparam -C -noout 512
3141 * $ openssl dhparam -C -noout 1024
3142 * $ openssl dhparam -C -noout -dsaparam 1024
3143 * (The third function has been renamed to avoid name conflicts.)
3145 static DH *get_dh512()
3147 static unsigned char dh512_p[]={
3148 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
3149 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
3150 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
3151 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
3152 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
3153 0x02,0xC5,0xAE,0x23,
3155 static unsigned char dh512_g[]={
3160 if ((dh=DH_new()) == NULL) return(NULL);
3161 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
3162 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
3163 if ((dh->p == NULL) || (dh->g == NULL))
3164 { DH_free(dh); return(NULL); }
3168 static DH *get_dh1024()
3170 static unsigned char dh1024_p[]={
3171 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
3172 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
3173 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
3174 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
3175 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
3176 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
3177 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
3178 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
3179 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
3180 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
3181 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
3183 static unsigned char dh1024_g[]={
3188 if ((dh=DH_new()) == NULL) return(NULL);
3189 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3190 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3191 if ((dh->p == NULL) || (dh->g == NULL))
3192 { DH_free(dh); return(NULL); }
3196 static DH *get_dh1024dsa()
3198 static unsigned char dh1024_p[]={
3199 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
3200 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
3201 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
3202 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
3203 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
3204 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
3205 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
3206 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
3207 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
3208 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
3209 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
3211 static unsigned char dh1024_g[]={
3212 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
3213 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
3214 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
3215 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
3216 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
3217 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
3218 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
3219 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
3220 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
3221 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
3222 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
3226 if ((dh=DH_new()) == NULL) return(NULL);
3227 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3228 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3229 if ((dh->p == NULL) || (dh->g == NULL))
3230 { DH_free(dh); return(NULL); }
3236 #ifndef OPENSSL_NO_PSK
3237 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3238 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3239 unsigned int max_psk_len)
3244 ret = BN_hex2bn(&bn, pskkey);
3247 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey);
3252 if (BN_num_bytes(bn) > (int)max_psk_len)
3254 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
3255 max_psk_len, BN_num_bytes(bn));
3259 ret = BN_bn2bin(bn, psk);
3264 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
3265 unsigned int max_identity_len, unsigned char *psk,
3266 unsigned int max_psk_len)
3269 unsigned int psk_len = 0;
3271 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3275 fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
3276 ret = psk_key2bn(psk_key, psk, max_psk_len);
3284 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3285 unsigned char *psk, unsigned int max_psk_len)
3287 unsigned int psk_len=0;
3289 if (strcmp(identity, "Client_identity") != 0)
3291 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3294 psk_len=psk_key2bn(psk_key, psk, max_psk_len);
3299 static int do_test_cipherlist(void)
3302 const SSL_METHOD *meth;
3303 const SSL_CIPHER *ci, *tci = NULL;
3305 #ifndef OPENSSL_NO_SSL2
3306 fprintf(stderr, "testing SSLv2 cipher list order: ");
3307 meth = SSLv2_method();
3308 while ((ci = meth->get_cipher(i++)) != NULL)
3311 if (ci->id >= tci->id)
3313 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3318 fprintf(stderr, "ok\n");
3320 #ifndef OPENSSL_NO_SSL3
3321 fprintf(stderr, "testing SSLv3 cipher list order: ");
3322 meth = SSLv3_method();
3324 while ((ci = meth->get_cipher(i++)) != NULL)
3327 if (ci->id >= tci->id)
3329 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3334 fprintf(stderr, "ok\n");
3336 #ifndef OPENSSL_NO_TLS1
3337 fprintf(stderr, "testing TLSv1 cipher list order: ");
3338 meth = TLSv1_method();
3340 while ((ci = meth->get_cipher(i++)) != NULL)
3343 if (ci->id >= tci->id)
3345 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3350 fprintf(stderr, "ok\n");