2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
143 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
144 on Linux and GNU platforms. */
157 #ifdef OPENSSL_SYS_VMS
158 #define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
159 VMS (at least with DECompHP C). */
164 #include <openssl/bio.h>
165 #include <openssl/crypto.h>
166 #include <openssl/evp.h>
167 #include <openssl/x509.h>
168 #include <openssl/x509v3.h>
169 #include <openssl/ssl.h>
170 #ifndef OPENSSL_NO_ENGINE
171 #include <openssl/engine.h>
173 #include <openssl/err.h>
174 #include <openssl/rand.h>
175 #ifndef OPENSSL_NO_RSA
176 #include <openssl/rsa.h>
178 #ifndef OPENSSL_NO_DSA
179 #include <openssl/dsa.h>
181 #ifndef OPENSSL_NO_DH
182 #include <openssl/dh.h>
184 #ifndef OPENSSL_NO_SRP
185 #include <openssl/srp.h>
187 #include <openssl/bn.h>
189 #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
190 on Compaq platforms (at least with DEC C).
191 Do not try to put it earlier, or IPv6 includes
195 #ifdef OPENSSL_SYS_WINDOWS
198 #include OPENSSL_UNISTD
201 #ifdef OPENSSL_SYS_VMS
202 # define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
203 # define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
204 #elif defined(OPENSSL_SYS_WINCE)
205 # define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
206 # define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
207 #elif defined(OPENSSL_SYS_NETWARE)
208 # define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
209 # define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
211 # define TEST_SERVER_CERT "../apps/server.pem"
212 # define TEST_CLIENT_CERT "../apps/client.pem"
215 /* There is really no standard for this, so let's assign some tentative
216 numbers. In any case, these numbers are only for this test */
220 static int verify_callback(int ok, X509_STORE_CTX *ctx);
221 #ifndef OPENSSL_NO_RSA
222 static RSA *tmp_rsa_cb(SSL *s, int is_export,int keylength);
223 static void free_tmp_rsa(void);
225 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
226 #define APP_CALLBACK_STRING "Test Callback Argument"
227 struct app_verify_arg
231 int allow_proxy_certs;
236 #ifndef OPENSSL_NO_DH
237 static DH *get_dh512(void);
238 static DH *get_dh1024(void);
239 static DH *get_dh1024dsa(void);
243 static char *psk_key=NULL; /* by default PSK is not used */
244 #ifndef OPENSSL_NO_PSK
245 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
246 unsigned int max_identity_len, unsigned char *psk,
247 unsigned int max_psk_len);
248 static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk,
249 unsigned int max_psk_len);
252 #ifndef OPENSSL_NO_SRP
254 /* This is a context that we pass to all callbacks */
255 typedef struct srp_client_arg_st
261 #define PWD_STRLEN 1024
263 static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
265 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
266 return BUF_strdup((char *)srp_client_arg->srppassin);
270 /* This is a context that we pass to SRP server callbacks */
271 typedef struct srp_server_arg_st
277 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
279 SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg;
281 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0)
283 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
284 return SSL3_AL_FATAL;
286 if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0)
288 *ad = SSL_AD_INTERNAL_ERROR;
289 return SSL3_AL_FATAL;
291 return SSL_ERROR_NONE;
295 static BIO *bio_err=NULL;
296 static BIO *bio_stdout=NULL;
298 #ifndef OPENSSL_NO_NEXTPROTONEG
299 /* Note that this code assumes that this is only a one element list: */
300 static const char NEXT_PROTO_STRING[] = "\x09testproto";
303 int npn_server_reject = 0;
305 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
307 /* This callback only returns the protocol string, rather than a length
308 prefixed set. We assume that NEXT_PROTO_STRING is a one element list and
309 remove the first byte to chop off the length prefix. */
310 *out = (unsigned char*) NEXT_PROTO_STRING + 1;
311 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
312 return SSL_TLSEXT_ERR_OK;
315 static int cb_server_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
317 *data = (const unsigned char *) NEXT_PROTO_STRING;
318 *len = sizeof(NEXT_PROTO_STRING) - 1;
319 return SSL_TLSEXT_ERR_OK;
322 static int cb_server_rejects_npn(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
324 return SSL_TLSEXT_ERR_NOACK;
327 static int verify_npn(SSL *client, SSL *server)
329 const unsigned char *client_s;
331 const unsigned char *server_s;
334 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
335 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
339 BIO_printf(bio_stdout, "Client NPN: ");
340 BIO_write(bio_stdout, client_s, client_len);
341 BIO_printf(bio_stdout, "\n");
346 BIO_printf(bio_stdout, "Server NPN: ");
347 BIO_write(bio_stdout, server_s, server_len);
348 BIO_printf(bio_stdout, "\n");
351 /* If an NPN string was returned, it must be the protocol that we
352 * expected to negotiate. */
353 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
354 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
356 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
357 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
360 if (!npn_client && client_len)
362 if (!npn_server && server_len)
364 if (npn_server_reject && server_len)
366 if (npn_client && npn_server && (!client_len || !server_len))
373 static const char *alpn_client;
374 static const char *alpn_server;
375 static const char *alpn_expected;
376 static unsigned char *alpn_selected;
379 * next_protos_parse parses a comma separated list of strings into a string
380 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
381 * outlen: (output) set to the length of the resulting buffer on success.
382 * err: (maybe NULL) on failure, an error message line is written to this BIO.
383 * in: a NUL terminated string like "abc,def,ghi"
385 * returns: a malloced buffer or NULL on failure.
387 static unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
397 out = OPENSSL_malloc(strlen(in) + 1);
401 for (i = 0; i <= len; ++i)
403 if (i == len || in[i] == ',')
410 out[start] = i - start;
421 static int cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
423 unsigned char *protos;
424 unsigned short protos_len;
426 protos = next_protos_parse(&protos_len, alpn_server);
429 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n", alpn_server);
433 if (SSL_select_next_proto((unsigned char**) out, outlen, protos, protos_len, in, inlen) !=
434 OPENSSL_NPN_NEGOTIATED)
436 OPENSSL_free(protos);
437 return SSL_TLSEXT_ERR_NOACK;
440 /* Make a copy of the selected protocol which will be freed in verify_alpn. */
441 alpn_selected = OPENSSL_malloc(*outlen);
442 memcpy(alpn_selected, *out, *outlen);
443 *out = alpn_selected;
445 OPENSSL_free(protos);
446 return SSL_TLSEXT_ERR_OK;
449 static int verify_alpn(SSL *client, SSL *server)
451 const unsigned char *client_proto, *server_proto;
452 unsigned int client_proto_len = 0, server_proto_len = 0;
453 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
454 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
456 if (alpn_selected != NULL)
458 OPENSSL_free(alpn_selected);
459 alpn_selected = NULL;
462 if (client_proto_len != server_proto_len ||
463 memcmp(client_proto, server_proto, client_proto_len) != 0)
465 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
469 if (client_proto_len > 0 && alpn_expected == NULL)
471 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
475 if (alpn_expected != NULL &&
476 (client_proto_len != strlen(alpn_expected) ||
477 memcmp(client_proto, alpn_expected, client_proto_len) != 0))
479 BIO_printf(bio_stdout, "ALPN selected protocols not equal to expected protocol: %s\n", alpn_expected);
486 BIO_printf(bio_stdout, "ALPN results: client: '");
487 BIO_write(bio_stdout, client_proto, client_proto_len);
488 BIO_printf(bio_stdout, "', server: '");
489 BIO_write(bio_stdout, server_proto, server_proto_len);
490 BIO_printf(bio_stdout, "'\n");
491 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", alpn_client, alpn_server);
495 #define SCT_EXT_TYPE 18
497 /* WARNING : below extension types are *NOT* IETF assigned, and
498 could conflict if these types are reassigned and handled
499 specially by OpenSSL in the future */
500 #define TACK_EXT_TYPE 62208
501 #define CUSTOM_EXT_TYPE_0 1000
502 #define CUSTOM_EXT_TYPE_1 1001
503 #define CUSTOM_EXT_TYPE_2 1002
504 #define CUSTOM_EXT_TYPE_3 1003
506 const char custom_ext_cli_string[] = "abc";
507 const char custom_ext_srv_string[] = "defg";
509 /* These set from cmdline */
510 char* serverinfo_file = NULL;
511 int serverinfo_sct = 0;
512 int serverinfo_tack = 0;
514 /* These set based on extension callbacks */
515 int serverinfo_sct_seen = 0;
516 int serverinfo_tack_seen = 0;
517 int serverinfo_other_seen = 0;
519 /* This set from cmdline */
522 /* This set based on extension callbacks */
523 int custom_ext_error = 0;
525 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
526 const unsigned char *in, size_t inlen,
529 if (ext_type == SCT_EXT_TYPE)
530 serverinfo_sct_seen++;
531 else if (ext_type == TACK_EXT_TYPE)
532 serverinfo_tack_seen++;
534 serverinfo_other_seen++;
538 static int verify_serverinfo()
540 if (serverinfo_sct != serverinfo_sct_seen)
542 if (serverinfo_tack != serverinfo_tack_seen)
544 if (serverinfo_other_seen)
550 * Four test cases for custom extensions:
551 * 0 - no ClientHello extension or ServerHello response
552 * 1 - ClientHello with "abc", no response
553 * 2 - ClientHello with "abc", empty response
554 * 3 - ClientHello with "abc", "defg" response
557 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
558 const unsigned char **out,
559 size_t *outlen, int *al, void *arg)
561 if (ext_type != CUSTOM_EXT_TYPE_0)
562 custom_ext_error = 1;
563 return 0; /* Don't send an extension */
566 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
567 const unsigned char *in,
568 size_t inlen, int *al,
574 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
575 const unsigned char **out,
576 size_t *outlen, int *al, void *arg)
578 if (ext_type != CUSTOM_EXT_TYPE_1)
579 custom_ext_error = 1;
580 *out = (const unsigned char*)custom_ext_cli_string;
581 *outlen = strlen(custom_ext_cli_string);
582 return 1; /* Send "abc" */
585 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
586 const unsigned char *in,
587 size_t inlen, int *al,
593 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
594 const unsigned char **out,
595 size_t *outlen, int *al, void *arg)
597 if (ext_type != CUSTOM_EXT_TYPE_2)
598 custom_ext_error = 1;
599 *out = (const unsigned char*)custom_ext_cli_string;
600 *outlen = strlen(custom_ext_cli_string);
601 return 1; /* Send "abc" */
604 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
605 const unsigned char *in,
606 size_t inlen, int *al,
609 if (ext_type != CUSTOM_EXT_TYPE_2)
610 custom_ext_error = 1;
612 custom_ext_error = 1; /* Should be empty response */
616 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
617 const unsigned char **out,
618 size_t *outlen, int *al, void *arg)
620 if (ext_type != CUSTOM_EXT_TYPE_3)
621 custom_ext_error = 1;
622 *out = (const unsigned char*)custom_ext_cli_string;
623 *outlen = strlen(custom_ext_cli_string);
624 return 1; /* Send "abc" */
627 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
628 const unsigned char *in,
629 size_t inlen, int *al,
632 if (ext_type != CUSTOM_EXT_TYPE_3)
633 custom_ext_error = 1;
634 if (inlen != strlen(custom_ext_srv_string))
635 custom_ext_error = 1;
636 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
637 custom_ext_error = 1; /* Check for "defg" */
641 /* custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback for this extension */
642 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
643 const unsigned char *in,
644 size_t inlen, int *al,
647 custom_ext_error = 1;
651 /* 'add' callbacks are only called if the 'parse' callback is called */
652 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
653 const unsigned char **out,
654 size_t *outlen, int *al, void *arg)
656 /* Error: should not have been called */
657 custom_ext_error = 1;
658 return 0; /* Don't send an extension */
661 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
662 const unsigned char *in,
663 size_t inlen, int *al,
666 if (ext_type != CUSTOM_EXT_TYPE_1)
667 custom_ext_error = 1;
668 /* Check for "abc" */
669 if (inlen != strlen(custom_ext_cli_string))
670 custom_ext_error = 1;
671 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
672 custom_ext_error = 1;
676 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
677 const unsigned char **out,
678 size_t *outlen, int *al, void *arg)
680 return 0; /* Don't send an extension */
683 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
684 const unsigned char *in,
685 size_t inlen, int *al,
688 if (ext_type != CUSTOM_EXT_TYPE_2)
689 custom_ext_error = 1;
690 /* Check for "abc" */
691 if (inlen != strlen(custom_ext_cli_string))
692 custom_ext_error = 1;
693 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
694 custom_ext_error = 1;
698 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
699 const unsigned char **out,
700 size_t *outlen, int *al, void *arg)
704 return 1; /* Send empty extension */
707 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
708 const unsigned char *in,
709 size_t inlen, int *al,
712 if (ext_type != CUSTOM_EXT_TYPE_3)
713 custom_ext_error = 1;
714 /* Check for "abc" */
715 if (inlen != strlen(custom_ext_cli_string))
716 custom_ext_error = 1;
717 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
718 custom_ext_error = 1;
722 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
723 const unsigned char **out,
724 size_t *outlen, int *al, void *arg)
726 *out = (const unsigned char*)custom_ext_srv_string;
727 *outlen = strlen(custom_ext_srv_string);
728 return 1; /* Send "defg" */
731 static char *cipher=NULL;
732 static int verbose=0;
741 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
743 int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
744 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
745 static int do_test_cipherlist(void);
746 static void sv_usage(void)
748 fprintf(stderr,"usage: ssltest [args ...]\n");
749 fprintf(stderr,"\n");
751 fprintf(stderr,"-F - run test in FIPS mode\n");
753 fprintf(stderr," -server_auth - check server certificate\n");
754 fprintf(stderr," -client_auth - do client authentication\n");
755 fprintf(stderr," -proxy - allow proxy certificates\n");
756 fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
757 fprintf(stderr," -proxy_cond <val> - expression to test proxy policy rights\n");
758 fprintf(stderr," -v - more output\n");
759 fprintf(stderr," -d - debug output\n");
760 fprintf(stderr," -reuse - use session-id reuse\n");
761 fprintf(stderr," -num <val> - number of connections to perform\n");
762 fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
763 #ifndef OPENSSL_NO_DH
764 fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
765 fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
766 fprintf(stderr," -no_dhe - disable DHE\n");
768 #ifndef OPENSSL_NO_ECDH
769 fprintf(stderr," -no_ecdhe - disable ECDHE\n");
771 #ifndef OPENSSL_NO_PSK
772 fprintf(stderr," -psk arg - PSK in hex (without 0x)\n");
774 #ifndef OPENSSL_NO_SRP
775 fprintf(stderr," -srpuser user - SRP username to use\n");
776 fprintf(stderr," -srppass arg - password for 'user'\n");
778 #ifndef OPENSSL_NO_SSL3_METHOD
779 fprintf(stderr," -ssl3 - use SSLv3\n");
781 #ifndef OPENSSL_NO_TLS1
782 fprintf(stderr," -tls1 - use TLSv1\n");
784 fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
785 fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
786 fprintf(stderr," -cert arg - Server certificate file\n");
787 fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
788 fprintf(stderr," -c_cert arg - Client certificate file\n");
789 fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
790 fprintf(stderr," -cipher arg - The cipher list\n");
791 fprintf(stderr," -bio_pair - Use BIO pairs\n");
792 fprintf(stderr," -f - Test even cases that can't work\n");
793 fprintf(stderr," -time - measure processor time used by client and server\n");
794 fprintf(stderr," -zlib - use zlib compression\n");
795 fprintf(stderr," -rle - use rle compression\n");
796 #ifndef OPENSSL_NO_ECDH
797 fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
798 " Use \"openssl ecparam -list_curves\" for all names\n" \
799 " (default is sect163r2).\n");
801 fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
802 " When this option is requested, the cipherlist\n"
803 " tests are run instead of handshake tests.\n");
804 #ifndef OPENSSL_NO_NEXTPROTONEG
805 fprintf(stderr," -npn_client - have client side offer NPN\n");
806 fprintf(stderr," -npn_server - have server side offer NPN\n");
807 fprintf(stderr," -npn_server_reject - have server reject NPN\n");
809 fprintf(stderr," -serverinfo_file file - have server use this file\n");
810 fprintf(stderr," -serverinfo_sct - have client offer and expect SCT\n");
811 fprintf(stderr," -serverinfo_tack - have client offer and expect TACK\n");
812 fprintf(stderr," -custom_ext - try various custom extension callbacks\n");
813 fprintf(stderr," -alpn_client <string> - have client side offer ALPN\n");
814 fprintf(stderr," -alpn_server <string> - have server side offer ALPN\n");
815 fprintf(stderr," -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
818 static void print_key_details(BIO *out, EVP_PKEY *key)
820 int keyid = EVP_PKEY_id(key);
821 #ifndef OPENSSL_NO_EC
822 if (keyid == EVP_PKEY_EC)
824 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
827 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
829 cname = EC_curve_nid2nist(nid);
831 cname = OBJ_nid2sn(nid);
832 BIO_printf(out, "%d bits EC (%s)",
833 EVP_PKEY_bits(key), cname);
851 algname = OBJ_nid2sn(keyid);
854 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
858 static void print_details(SSL *c_ssl, const char *prefix)
860 const SSL_CIPHER *ciph;
865 ciph=SSL_get_current_cipher(c_ssl);
866 BIO_printf(bio_stdout,"%s%s, cipher %s %s",
868 SSL_get_version(c_ssl),
869 SSL_CIPHER_get_version(ciph),
870 SSL_CIPHER_get_name(ciph));
871 cert=SSL_get_peer_certificate(c_ssl);
874 pkey = X509_get_pubkey(cert);
877 BIO_puts(bio_stdout, ", ");
878 print_key_details(bio_stdout, pkey);
883 if (SSL_get_server_tmp_key(c_ssl, &pkey))
885 BIO_puts(bio_stdout, ", temp key: ");
886 print_key_details(bio_stdout, pkey);
889 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
890 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
891 BIO_printf(bio_stdout,"\n");
894 static void lock_dbg_cb(int mode, int type, const char *file, int line)
896 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
897 const char *errstr = NULL;
900 rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
901 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
903 errstr = "invalid mode";
907 if (type < 0 || type >= CRYPTO_NUM_LOCKS)
909 errstr = "type out of bounds";
913 if (mode & CRYPTO_LOCK)
917 errstr = "already locked";
918 /* must not happen in a single-threaded program
919 * (would deadlock) */
925 else if (mode & CRYPTO_UNLOCK)
929 errstr = "not locked";
933 if (modes[type] != rw)
935 errstr = (rw == CRYPTO_READ) ?
936 "CRYPTO_r_unlock on write lock" :
937 "CRYPTO_w_unlock on read lock";
944 errstr = "invalid mode";
951 /* we cannot use bio_err here */
952 fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
953 errstr, mode, type, file, line);
957 #ifdef TLSEXT_TYPE_opaque_prf_input
958 struct cb_info_st { void *input; size_t len; int ret; };
959 struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */
960 struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */
961 struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */
962 struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */
964 int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
966 struct cb_info_st *arg = arg_;
971 if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len))
977 int main(int argc, char *argv[])
979 char *CApath=NULL,*CAfile=NULL;
983 int tls1=0,ssl3=0,ret=1;
986 struct app_verify_arg app_verify_arg =
987 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
988 char *server_cert=TEST_SERVER_CERT;
989 char *server_key=NULL;
990 char *client_cert=TEST_CLIENT_CERT;
991 char *client_key=NULL;
992 #ifndef OPENSSL_NO_ECDH
993 char *named_curve = NULL;
997 const SSL_METHOD *meth=NULL;
999 int number=1,reuse=0;
1001 #ifndef OPENSSL_NO_DH
1003 int dhe1024 = 0, dhe1024dsa = 0;
1005 #ifndef OPENSSL_NO_ECDH
1006 EC_KEY *ecdh = NULL;
1008 #ifndef OPENSSL_NO_SRP
1010 SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
1012 SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
1018 clock_t s_time = 0, c_time = 0;
1019 #ifndef OPENSSL_NO_COMP
1021 COMP_METHOD *cm = NULL;
1022 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
1024 int test_cipherlist = 0;
1028 int no_protocol = 0;
1030 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
1031 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
1032 const char *arg = NULL, *argn = NULL;
1038 bio_err=BIO_new_fp(stderr,BIO_NOCLOSE|BIO_FP_TEXT);
1040 CRYPTO_set_locking_callback(lock_dbg_cb);
1042 /* enable memory leak checking unless explicitly disabled */
1043 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
1045 CRYPTO_malloc_debug_init();
1046 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1050 /* OPENSSL_DEBUG_MEMORY=off */
1051 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1053 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1055 RAND_seed(rnd_seed, sizeof rnd_seed);
1057 bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE|BIO_FP_TEXT);
1059 s_cctx = SSL_CONF_CTX_new();
1060 c_cctx = SSL_CONF_CTX_new();
1062 if (!s_cctx || !c_cctx)
1064 ERR_print_errors(bio_err);
1068 SSL_CONF_CTX_set_flags(s_cctx,
1069 SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_SERVER);
1070 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_"))
1072 ERR_print_errors(bio_err);
1076 SSL_CONF_CTX_set_flags(c_cctx,
1077 SSL_CONF_FLAG_CMDLINE|SSL_CONF_FLAG_CLIENT);
1078 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_"))
1080 ERR_print_errors(bio_err);
1089 if(!strcmp(*argv,"-F"))
1094 fprintf(stderr,"not compiled with FIPS support, so exiting without running.\n");
1098 else if (strcmp(*argv,"-server_auth") == 0)
1100 else if (strcmp(*argv,"-client_auth") == 0)
1102 else if (strcmp(*argv,"-proxy_auth") == 0)
1104 if (--argc < 1) goto bad;
1105 app_verify_arg.proxy_auth= *(++argv);
1107 else if (strcmp(*argv,"-proxy_cond") == 0)
1109 if (--argc < 1) goto bad;
1110 app_verify_arg.proxy_cond= *(++argv);
1112 else if (strcmp(*argv,"-v") == 0)
1114 else if (strcmp(*argv,"-d") == 0)
1116 else if (strcmp(*argv,"-reuse") == 0)
1118 else if (strcmp(*argv,"-dhe1024") == 0)
1120 #ifndef OPENSSL_NO_DH
1123 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1126 else if (strcmp(*argv,"-dhe1024dsa") == 0)
1128 #ifndef OPENSSL_NO_DH
1131 fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
1134 else if (strcmp(*argv,"-no_dhe") == 0)
1136 else if (strcmp(*argv,"-no_ecdhe") == 0)
1138 else if (strcmp(*argv,"-psk") == 0)
1140 if (--argc < 1) goto bad;
1142 #ifndef OPENSSL_NO_PSK
1143 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key))
1145 BIO_printf(bio_err,"Not a hex number '%s'\n",*argv);
1152 #ifndef OPENSSL_NO_SRP
1153 else if (strcmp(*argv,"-srpuser") == 0)
1155 if (--argc < 1) goto bad;
1156 srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
1159 else if (strcmp(*argv,"-srppass") == 0)
1161 if (--argc < 1) goto bad;
1162 srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
1166 else if (strcmp(*argv,"-tls1") == 0)
1168 #ifdef OPENSSL_NO_TLS1
1173 else if (strcmp(*argv,"-ssl3") == 0)
1175 #ifdef OPENSSL_NO_SSL3_METHOD
1180 else if (strncmp(*argv,"-num",4) == 0)
1182 if (--argc < 1) goto bad;
1183 number= atoi(*(++argv));
1184 if (number == 0) number=1;
1186 else if (strcmp(*argv,"-bytes") == 0)
1188 if (--argc < 1) goto bad;
1189 bytes= atol(*(++argv));
1190 if (bytes == 0L) bytes=1L;
1192 if (argv[0][i-1] == 'k') bytes*=1024L;
1193 if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
1195 else if (strcmp(*argv,"-cert") == 0)
1197 if (--argc < 1) goto bad;
1198 server_cert= *(++argv);
1200 else if (strcmp(*argv,"-s_cert") == 0)
1202 if (--argc < 1) goto bad;
1203 server_cert= *(++argv);
1205 else if (strcmp(*argv,"-key") == 0)
1207 if (--argc < 1) goto bad;
1208 server_key= *(++argv);
1210 else if (strcmp(*argv,"-s_key") == 0)
1212 if (--argc < 1) goto bad;
1213 server_key= *(++argv);
1215 else if (strcmp(*argv,"-c_cert") == 0)
1217 if (--argc < 1) goto bad;
1218 client_cert= *(++argv);
1220 else if (strcmp(*argv,"-c_key") == 0)
1222 if (--argc < 1) goto bad;
1223 client_key= *(++argv);
1225 else if (strcmp(*argv,"-cipher") == 0)
1227 if (--argc < 1) goto bad;
1230 else if (strcmp(*argv,"-CApath") == 0)
1232 if (--argc < 1) goto bad;
1235 else if (strcmp(*argv,"-CAfile") == 0)
1237 if (--argc < 1) goto bad;
1240 else if (strcmp(*argv,"-bio_pair") == 0)
1244 else if (strcmp(*argv,"-f") == 0)
1248 else if (strcmp(*argv,"-time") == 0)
1252 #ifndef OPENSSL_NO_COMP
1253 else if (strcmp(*argv,"-zlib") == 0)
1257 else if (strcmp(*argv,"-rle") == 0)
1262 else if (strcmp(*argv,"-named_curve") == 0)
1264 if (--argc < 1) goto bad;
1265 #ifndef OPENSSL_NO_ECDH
1266 named_curve = *(++argv);
1268 fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
1272 else if (strcmp(*argv,"-app_verify") == 0)
1274 app_verify_arg.app_verify = 1;
1276 else if (strcmp(*argv,"-proxy") == 0)
1278 app_verify_arg.allow_proxy_certs = 1;
1280 else if (strcmp(*argv,"-test_cipherlist") == 0)
1282 test_cipherlist = 1;
1284 #ifndef OPENSSL_NO_NEXTPROTONEG
1285 else if (strcmp(*argv,"-npn_client") == 0)
1289 else if (strcmp(*argv,"-npn_server") == 0)
1293 else if (strcmp(*argv,"-npn_server_reject") == 0)
1295 npn_server_reject = 1;
1298 else if (strcmp(*argv,"-serverinfo_sct") == 0)
1302 else if (strcmp(*argv,"-serverinfo_tack") == 0)
1304 serverinfo_tack = 1;
1306 else if (strcmp(*argv,"-serverinfo_file") == 0)
1308 if (--argc < 1) goto bad;
1309 serverinfo_file = *(++argv);
1311 else if (strcmp(*argv,"-custom_ext") == 0)
1315 else if (strcmp(*argv,"-alpn_client") == 0)
1317 if (--argc < 1) goto bad;
1318 alpn_client = *(++argv);
1320 else if (strcmp(*argv,"-alpn_server") == 0)
1322 if (--argc < 1) goto bad;
1323 alpn_server = *(++argv);
1325 else if (strcmp(*argv,"-alpn_expected") == 0)
1327 if (--argc < 1) goto bad;
1328 alpn_expected = *(++argv);
1335 /* Try to process command using SSL_CONF */
1336 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1337 /* If not processed try server */
1339 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1340 /* Recognised: store it for later use */
1347 conf_args = sk_OPENSSL_STRING_new_null();
1351 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1353 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1358 BIO_printf(bio_err, "Missing argument for %s\n",
1361 BIO_printf(bio_err, "Error with command %s\n",
1364 BIO_printf(bio_err,"unknown option %s\n", arg);
1379 * test_cipherlist prevails over protocol switch: we test the cipherlist
1380 * for all enabled protocols.
1382 if (test_cipherlist == 1)
1384 /* ensure that the cipher list are correctly sorted and exit */
1385 fprintf(stdout, "Testing cipherlist order only. Ignoring all "
1386 "other options.\n");
1387 if (do_test_cipherlist() == 0)
1393 if (ssl3 + tls1 > 1)
1395 fprintf(stderr, "At most one of -ssl3, or -tls1 should "
1401 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1402 * Ideally, we would error out, but the generic test wrapper can't know
1403 * when to expect failure. So we do nothing and return success.
1407 fprintf(stderr, "Testing was requested for a disabled protocol. "
1408 "Skipping tests.\n");
1413 if (!ssl3 && !tls1 && number > 1 && !reuse && !force)
1415 fprintf(stderr, "This case cannot work. Use -f to perform "
1416 "the test anyway (and\n-d to see what happens), "
1417 "or add one of -ssl3, -tls1, -reuse\n"
1418 "to avoid protocol mismatch.\n");
1425 if(!FIPS_mode_set(1))
1427 ERR_load_crypto_strings();
1428 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
1432 fprintf(stderr,"*** IN FIPS MODE ***\n");
1440 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1443 if (number < 50 && !force)
1444 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1447 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1450 SSL_load_error_strings();
1452 #ifndef OPENSSL_NO_COMP
1453 if (comp == COMP_ZLIB) cm = COMP_zlib();
1454 if (comp == COMP_RLE) cm = COMP_rle();
1457 if (cm->type != NID_undef)
1459 if (SSL_COMP_add_compression_method(comp, cm) != 0)
1462 "Failed to add compression method\n");
1463 ERR_print_errors_fp(stderr);
1469 "Warning: %s compression not supported\n",
1470 (comp == COMP_RLE ? "rle" :
1471 (comp == COMP_ZLIB ? "zlib" :
1473 ERR_print_errors_fp(stderr);
1476 ssl_comp_methods = SSL_COMP_get_compression_methods();
1477 fprintf(stderr, "Available compression methods:\n");
1479 int j, n = sk_SSL_COMP_num(ssl_comp_methods);
1481 fprintf(stderr, " NONE\n");
1483 for (j = 0; j < n; j++)
1485 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1486 fprintf(stderr, " %d: %s\n", c->id, c->name);
1491 /* At this point, ssl3/tls1 is only set if the protocol is available.
1492 * (Otherwise we exit early.)
1493 * However the compiler doesn't know this, so we ifdef. */
1494 #ifndef OPENSSL_NO_SSL3
1496 meth=SSLv3_method();
1499 #ifndef OPENSSL_NO_TLS1
1501 meth=TLSv1_method();
1504 meth=SSLv23_method();
1506 c_ctx=SSL_CTX_new(meth);
1507 s_ctx=SSL_CTX_new(meth);
1508 if ((c_ctx == NULL) || (s_ctx == NULL))
1510 ERR_print_errors(bio_err);
1513 /* Since we will use low security ciphersuites and keys for
1514 * testing set security level to zero.
1516 SSL_CTX_set_security_level(c_ctx, 0);
1517 SSL_CTX_set_security_level(s_ctx, 0);
1521 SSL_CTX_set_cipher_list(c_ctx,cipher);
1522 SSL_CTX_set_cipher_list(s_ctx,cipher);
1525 /* Process SSL_CONF arguments */
1526 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1527 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1529 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2)
1532 arg = sk_OPENSSL_STRING_value(conf_args, i);
1533 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1534 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1535 /* If not recognised use server context */
1537 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1540 BIO_printf(bio_err, "Error processing %s %s\n",
1541 arg, argn ? argn : "");
1542 ERR_print_errors(bio_err);
1547 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx))
1549 BIO_puts(bio_err, "Error finishing context\n");
1550 ERR_print_errors(bio_err);
1554 #ifndef OPENSSL_NO_DH
1559 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
1560 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1567 SSL_CTX_set_tmp_dh(s_ctx,dh);
1574 #ifndef OPENSSL_NO_ECDH
1579 if (named_curve != NULL)
1581 nid = OBJ_sn2nid(named_curve);
1584 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1589 #ifdef OPENSSL_NO_EC2M
1590 nid = NID_X9_62_prime256v1;
1592 nid = NID_sect163r2;
1595 ecdh = EC_KEY_new_by_curve_name(nid);
1598 BIO_printf(bio_err, "unable to create curve\n");
1602 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1603 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1610 #ifndef OPENSSL_NO_RSA
1611 SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
1614 #ifdef TLSEXT_TYPE_opaque_prf_input
1615 SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb);
1616 SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb);
1617 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); /* or &co2 or NULL */
1618 SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); /* or &so2 or NULL */
1621 if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
1623 ERR_print_errors(bio_err);
1625 else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
1626 (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
1628 ERR_print_errors(bio_err);
1634 SSL_CTX_use_certificate_file(c_ctx,client_cert,
1636 SSL_CTX_use_PrivateKey_file(c_ctx,
1637 (client_key?client_key:client_cert),
1641 if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
1642 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1643 (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
1644 (!SSL_CTX_set_default_verify_paths(c_ctx)))
1646 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1647 ERR_print_errors(bio_err);
1653 BIO_printf(bio_err,"client authentication\n");
1654 SSL_CTX_set_verify(s_ctx,
1655 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1657 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
1661 BIO_printf(bio_err,"server authentication\n");
1662 SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
1664 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
1668 int session_id_context = 0;
1669 SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
1672 /* Use PSK only if PSK key is given */
1673 if (psk_key != NULL)
1675 /* no_psk is used to avoid putting psk command to openssl tool */
1678 /* if PSK is not compiled in and psk key is
1679 * given, do nothing and exit successfully */
1683 #ifndef OPENSSL_NO_PSK
1684 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1685 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1687 BIO_printf(bio_err,"setting PSK identity hint to s_ctx\n");
1688 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint"))
1690 BIO_printf(bio_err,"error setting PSK identity hint to s_ctx\n");
1691 ERR_print_errors(bio_err);
1696 #ifndef OPENSSL_NO_SRP
1697 if (srp_client_arg.srplogin)
1699 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
1701 BIO_printf(bio_err,"Unable to set SRP username\n");
1704 SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
1705 SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
1706 /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
1709 if (srp_server_arg.expected_user != NULL)
1711 SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
1712 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1713 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1717 #ifndef OPENSSL_NO_NEXTPROTONEG
1720 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1724 if (npn_server_reject)
1726 BIO_printf(bio_err, "Can't have both -npn_server and -npn_server_reject\n");
1729 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1731 if (npn_server_reject)
1733 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1738 SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
1740 serverinfo_cli_parse_cb, NULL);
1741 if (serverinfo_tack)
1742 SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1744 serverinfo_cli_parse_cb, NULL);
1746 if (serverinfo_file)
1747 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file))
1749 BIO_printf(bio_err, "missing serverinfo file\n");
1755 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1756 custom_ext_0_cli_add_cb,
1758 custom_ext_0_cli_parse_cb, NULL);
1759 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1760 custom_ext_1_cli_add_cb,
1762 custom_ext_1_cli_parse_cb, NULL);
1763 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1764 custom_ext_2_cli_add_cb,
1766 custom_ext_2_cli_parse_cb, NULL);
1767 SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1768 custom_ext_3_cli_add_cb,
1770 custom_ext_3_cli_parse_cb, NULL);
1773 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1774 custom_ext_0_srv_add_cb,
1776 custom_ext_0_srv_parse_cb, NULL);
1777 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1778 custom_ext_1_srv_add_cb,
1780 custom_ext_1_srv_parse_cb, NULL);
1781 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1782 custom_ext_2_srv_add_cb,
1784 custom_ext_2_srv_parse_cb, NULL);
1785 SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1786 custom_ext_3_srv_add_cb,
1788 custom_ext_3_srv_parse_cb, NULL);
1792 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
1796 unsigned short alpn_len;
1797 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1801 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1804 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
1808 c_ssl=SSL_new(c_ctx);
1809 s_ssl=SSL_new(s_ctx);
1811 #ifndef OPENSSL_NO_KRB5
1812 if (c_ssl && c_ssl->kssl_ctx)
1814 char localhost[MAXHOSTNAMELEN+2];
1816 if (gethostname(localhost, sizeof localhost-1) == 0)
1818 localhost[sizeof localhost-1]='\0';
1819 if(strlen(localhost) == sizeof localhost-1)
1821 BIO_printf(bio_err,"localhost name too long\n");
1824 kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
1828 #endif /* OPENSSL_NO_KRB5 */
1830 for (i=0; i<number; i++)
1832 if (!reuse) SSL_set_session(c_ssl,NULL);
1834 ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
1836 ret=doit(s_ssl,c_ssl,bytes);
1841 print_details(c_ssl, "");
1843 if ((number > 1) || (bytes > 1L))
1844 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
1847 #ifdef CLOCKS_PER_SEC
1848 /* "To determine the time in seconds, the value returned
1849 * by the clock function should be divided by the value
1850 * of the macro CLOCKS_PER_SEC."
1851 * -- ISO/IEC 9899 */
1852 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1853 "Approximate total client time: %6.2f s\n",
1854 (double)s_time/CLOCKS_PER_SEC,
1855 (double)c_time/CLOCKS_PER_SEC);
1857 BIO_printf(bio_stdout,
1858 "Approximate total server time: %6.2f units\n"
1859 "Approximate total client time: %6.2f units\n",
1869 if (s_ctx != NULL) SSL_CTX_free(s_ctx);
1870 if (c_ctx != NULL) SSL_CTX_free(c_ctx);
1873 SSL_CONF_CTX_free(s_cctx);
1875 SSL_CONF_CTX_free(c_cctx);
1876 sk_OPENSSL_STRING_free(conf_args);
1878 if (bio_stdout != NULL) BIO_free(bio_stdout);
1880 #ifndef OPENSSL_NO_RSA
1883 #ifndef OPENSSL_NO_ENGINE
1886 CRYPTO_cleanup_all_ex_data();
1888 ERR_remove_thread_state(NULL);
1890 CRYPTO_mem_leaks(bio_err);
1891 if (bio_err != NULL) BIO_free(bio_err);
1896 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1897 clock_t *s_time, clock_t *c_time)
1899 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1900 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1901 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1904 size_t bufsiz = 256; /* small buffer for testing */
1906 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1908 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1911 s_ssl_bio = BIO_new(BIO_f_ssl());
1915 c_ssl_bio = BIO_new(BIO_f_ssl());
1919 SSL_set_connect_state(c_ssl);
1920 SSL_set_bio(c_ssl, client, client);
1921 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1923 SSL_set_accept_state(s_ssl);
1924 SSL_set_bio(s_ssl, server, server);
1925 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1930 * c_ssl_bio: SSL filter BIO
1932 * client: pseudo-I/O for SSL library
1934 * client_io: client's SSL communication; usually to be
1935 * relayed over some I/O facility, but in this
1936 * test program, we're the server, too:
1938 * server_io: server's SSL communication
1940 * server: pseudo-I/O for SSL library
1942 * s_ssl_bio: SSL filter BIO
1944 * The client and the server each employ a "BIO pair":
1945 * client + client_io, server + server_io.
1946 * BIO pairs are symmetric. A BIO pair behaves similar
1947 * to a non-blocking socketpair (but both endpoints must
1948 * be handled by the same thread).
1949 * [Here we could connect client and server to the ends
1950 * of a single BIO pair, but then this code would be less
1951 * suitable as an example for BIO pairs in general.]
1953 * Useful functions for querying the state of BIO pair endpoints:
1955 * BIO_ctrl_pending(bio) number of bytes we can read now
1956 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1957 * other side's read attempt
1958 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1960 * ..._read_request is never more than ..._write_guarantee;
1961 * it depends on the application which one you should use.
1964 /* We have non-blocking behaviour throughout this test program, but
1965 * can be sure that there is *some* progress in each iteration; so
1966 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
1967 * -- we just try everything in each iteration
1973 MS_STATIC char cbuf[1024*8];
1975 clock_t c_clock = clock();
1977 memset(cbuf, 0, sizeof(cbuf));
1980 if (SSL_in_init(c_ssl))
1981 printf("client waiting in SSL_connect - %s\n",
1982 SSL_state_string_long(c_ssl));
1986 /* Write to server. */
1988 if (cw_num > (long)sizeof cbuf)
1992 r = BIO_write(c_ssl_bio, cbuf, i);
1995 if (!BIO_should_retry(c_ssl_bio))
1997 fprintf(stderr,"ERROR in CLIENT\n");
2000 /* BIO_should_retry(...) can just be ignored here.
2001 * The library expects us to call BIO_write with
2002 * the same arguments again, and that's what we will
2003 * do in the next iteration. */
2007 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2013 printf("client wrote %d\n", r);
2020 /* Read from server. */
2022 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2025 if (!BIO_should_retry(c_ssl_bio))
2027 fprintf(stderr,"ERROR in CLIENT\n");
2030 /* Again, "BIO_should_retry" can be ignored. */
2034 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2040 printf("client read %d\n", r);
2045 /* c_time and s_time increments will typically be very small
2046 * (depending on machine speed and clock tick intervals),
2047 * but sampling over a large number of connections should
2048 * result in fairly accurate figures. We cannot guarantee
2049 * a lot, however -- if each connection lasts for exactly
2050 * one clock tick, it will be counted only for the client
2051 * or only for the server or even not at all.
2053 *c_time += (clock() - c_clock);
2059 MS_STATIC char sbuf[1024*8];
2061 clock_t s_clock = clock();
2063 memset(sbuf, 0, sizeof(sbuf));
2066 if (SSL_in_init(s_ssl))
2067 printf("server waiting in SSL_accept - %s\n",
2068 SSL_state_string_long(s_ssl));
2072 /* Write to client. */
2074 if (sw_num > (long)sizeof sbuf)
2078 r = BIO_write(s_ssl_bio, sbuf, i);
2081 if (!BIO_should_retry(s_ssl_bio))
2083 fprintf(stderr,"ERROR in SERVER\n");
2086 /* Ignore "BIO_should_retry". */
2090 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
2096 printf("server wrote %d\n", r);
2103 /* Read from client. */
2105 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2108 if (!BIO_should_retry(s_ssl_bio))
2110 fprintf(stderr,"ERROR in SERVER\n");
2117 fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
2123 printf("server read %d\n", r);
2128 *s_time += (clock() - s_clock);
2132 /* "I/O" BETWEEN CLIENT AND SERVER. */
2135 BIO *io1 = server_io, *io2 = client_io;
2136 /* we use the non-copying interface for io1
2137 * and the standard BIO_write/BIO_read interface for io2
2140 static int prev_progress = 1;
2149 r1 = BIO_ctrl_pending(io1);
2150 r2 = BIO_ctrl_get_write_guarantee(io2);
2159 if (INT_MAX < num) /* yeah, right */
2162 r = BIO_nread(io1, &dataptr, (int)num);
2164 assert(r <= (int)num);
2165 /* possibly r < num (non-contiguous data) */
2167 r = BIO_write(io2, dataptr, (int)num);
2168 if (r != (int)num) /* can't happen */
2170 fprintf(stderr, "ERROR: BIO_write could not write "
2171 "BIO_ctrl_get_write_guarantee() bytes");
2177 printf((io1 == client_io) ?
2178 "C->S relaying: %d bytes\n" :
2179 "S->C relaying: %d bytes\n",
2190 r1 = BIO_ctrl_pending(io2);
2191 r2 = BIO_ctrl_get_read_request(io1);
2192 /* here we could use ..._get_write_guarantee instead of
2193 * ..._get_read_request, but by using the latter
2194 * we test restartability of the SSL implementation
2195 * more thoroughly */
2207 --num; /* test restartability even more thoroughly */
2209 r = BIO_nwrite0(io1, &dataptr);
2213 r = BIO_read(io2, dataptr, (int)num);
2214 if (r != (int)num) /* can't happen */
2216 fprintf(stderr, "ERROR: BIO_read could not read "
2217 "BIO_ctrl_pending() bytes");
2221 r = BIO_nwrite(io1, &dataptr, (int)num);
2222 if (r != (int)num) /* can't happen */
2224 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2225 "BIO_nwrite0() bytes");
2230 printf((io2 == client_io) ?
2231 "C->S relaying: %d bytes\n" :
2232 "S->C relaying: %d bytes\n",
2235 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
2237 if (!progress && !prev_progress)
2238 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
2240 fprintf(stderr, "ERROR: got stuck\n");
2241 fprintf(stderr, " ERROR.\n");
2244 prev_progress = progress;
2247 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2250 print_details(c_ssl, "DONE via BIO pair: ");
2251 #ifndef OPENSSL_NO_NEXTPROTONEG
2252 if (verify_npn(c_ssl, s_ssl) < 0)
2258 if (verify_serverinfo() < 0)
2260 fprintf(stderr, "Server info verify error\n");
2264 if (verify_alpn(c_ssl, s_ssl) < 0)
2270 if (custom_ext_error)
2272 fprintf(stderr, "Custom extension error\n");
2281 ERR_print_errors(bio_err);
2286 BIO_free(server_io);
2290 BIO_free(client_io);
2292 BIO_free(s_ssl_bio);
2294 BIO_free(c_ssl_bio);
2305 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2307 char *cbuf=NULL,*sbuf=NULL;
2309 long cw_num=count,cr_num=count;
2310 long sw_num=count,sr_num=count;
2316 int c_r,c_w,s_r,s_w;
2319 int c_write,s_write;
2320 int do_server=0,do_client=0;
2321 int max_frag = 5*1024;
2323 bufsiz = count>40*1024 ? 40*1024 : count;
2325 if ((cbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
2326 if ((sbuf = OPENSSL_malloc(bufsiz))==NULL) goto err;
2328 memset(cbuf,0,bufsiz);
2329 memset(sbuf,0,bufsiz);
2331 c_to_s=BIO_new(BIO_s_mem());
2332 s_to_c=BIO_new(BIO_s_mem());
2333 if ((s_to_c == NULL) || (c_to_s == NULL))
2335 ERR_print_errors(bio_err);
2339 c_bio=BIO_new(BIO_f_ssl());
2340 s_bio=BIO_new(BIO_f_ssl());
2341 if ((c_bio == NULL) || (s_bio == NULL))
2343 ERR_print_errors(bio_err);
2347 SSL_set_connect_state(c_ssl);
2348 SSL_set_bio(c_ssl,s_to_c,c_to_s);
2349 SSL_set_max_send_fragment(c_ssl,max_frag);
2350 BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
2352 SSL_set_accept_state(s_ssl);
2353 SSL_set_bio(s_ssl,c_to_s,s_to_c);
2354 SSL_set_max_send_fragment(s_ssl,max_frag);
2355 BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
2359 c_write=1,s_write=0;
2361 /* We can always do writes */
2367 i=(int)BIO_pending(s_bio);
2368 if ((i && s_r) || s_w) do_server=1;
2370 i=(int)BIO_pending(c_bio);
2371 if ((i && c_r) || c_w) do_client=1;
2373 if (do_server && debug)
2375 if (SSL_in_init(s_ssl))
2376 printf("server waiting in SSL_accept - %s\n",
2377 SSL_state_string_long(s_ssl));
2380 printf("server:SSL_write()\n");
2382 printf("server:SSL_read()\n"); */
2385 if (do_client && debug)
2387 if (SSL_in_init(c_ssl))
2388 printf("client waiting in SSL_connect - %s\n",
2389 SSL_state_string_long(c_ssl));
2392 printf("client:SSL_write()\n");
2394 printf("client:SSL_read()\n"); */
2397 if (!do_client && !do_server)
2399 fprintf(stdout,"ERROR IN STARTUP\n");
2400 ERR_print_errors(bio_err);
2403 if (do_client && !(done & C_DONE))
2407 j = (cw_num > bufsiz) ?
2408 (int)bufsiz : (int)cw_num;
2409 i=BIO_write(c_bio,cbuf,j);
2414 if (BIO_should_retry(c_bio))
2416 if (BIO_should_read(c_bio))
2418 if (BIO_should_write(c_bio))
2423 fprintf(stderr,"ERROR in CLIENT\n");
2424 ERR_print_errors(bio_err);
2430 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2436 printf("client wrote %d\n",i);
2442 SSL_set_max_send_fragment(c_ssl,max_frag-=5);
2447 i=BIO_read(c_bio,cbuf,bufsiz);
2452 if (BIO_should_retry(c_bio))
2454 if (BIO_should_read(c_bio))
2456 if (BIO_should_write(c_bio))
2461 fprintf(stderr,"ERROR in CLIENT\n");
2462 ERR_print_errors(bio_err);
2468 fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
2474 printf("client read %d\n",i);
2491 if (do_server && !(done & S_DONE))
2495 i=BIO_read(s_bio,sbuf,bufsiz);
2500 if (BIO_should_retry(s_bio))
2502 if (BIO_should_read(s_bio))
2504 if (BIO_should_write(s_bio))
2509 fprintf(stderr,"ERROR in SERVER\n");
2510 ERR_print_errors(bio_err);
2516 ERR_print_errors(bio_err);
2517 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
2523 printf("server read %d\n",i);
2540 j = (sw_num > bufsiz) ?
2541 (int)bufsiz : (int)sw_num;
2542 i=BIO_write(s_bio,sbuf,j);
2547 if (BIO_should_retry(s_bio))
2549 if (BIO_should_read(s_bio))
2551 if (BIO_should_write(s_bio))
2556 fprintf(stderr,"ERROR in SERVER\n");
2557 ERR_print_errors(bio_err);
2563 ERR_print_errors(bio_err);
2564 fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
2570 printf("server wrote %d\n",i);
2577 SSL_set_max_send_fragment(s_ssl,max_frag-=5);
2582 if ((done & S_DONE) && (done & C_DONE)) break;
2586 print_details(c_ssl, "DONE: ");
2587 #ifndef OPENSSL_NO_NEXTPROTONEG
2588 if (verify_npn(c_ssl, s_ssl) < 0)
2594 if (verify_serverinfo() < 0)
2596 fprintf(stderr, "Server info verify error\n");
2600 if (custom_ext_error)
2602 fprintf(stderr, "Custom extension error\n");
2608 /* We have to set the BIO's to NULL otherwise they will be
2609 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
2610 * again when c_ssl is SSL_free()ed.
2611 * This is a hack required because s_ssl and c_ssl are sharing the same
2612 * BIO structure and SSL_set_bio() and SSL_free() automatically
2613 * BIO_free non NULL entries.
2614 * You should not normally do this or be required to do this */
2626 if (c_to_s != NULL) BIO_free(c_to_s);
2627 if (s_to_c != NULL) BIO_free(s_to_c);
2628 if (c_bio != NULL) BIO_free_all(c_bio);
2629 if (s_bio != NULL) BIO_free_all(s_bio);
2631 if (cbuf) OPENSSL_free(cbuf);
2632 if (sbuf) OPENSSL_free(sbuf);
2637 static int get_proxy_auth_ex_data_idx(void)
2639 static volatile int idx = -1;
2642 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2645 idx = X509_STORE_CTX_get_ex_new_index(0,
2646 "SSLtest for verify callback", NULL,NULL,NULL);
2648 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2653 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2657 s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
2662 fprintf(stderr,"depth=%d %s\n",
2663 ctx->error_depth,buf);
2666 fprintf(stderr,"depth=%d error=%d %s\n",
2667 ctx->error_depth,ctx->error,buf);
2673 fprintf(stderr,"Error string: %s\n",
2674 X509_verify_cert_error_string(ctx->error));
2677 case X509_V_ERR_CERT_NOT_YET_VALID:
2678 case X509_V_ERR_CERT_HAS_EXPIRED:
2679 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2680 fprintf(stderr," ... ignored.\n");
2687 X509 *xs = ctx->current_cert;
2689 X509 *xi = ctx->current_issuer;
2692 if (xs->ex_flags & EXFLAG_PROXY)
2694 unsigned int *letters =
2695 X509_STORE_CTX_get_ex_data(ctx,
2696 get_proxy_auth_ex_data_idx());
2702 PROXY_CERT_INFO_EXTENSION *pci =
2703 X509_get_ext_d2i(xs, NID_proxyCertInfo,
2706 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
2708 case NID_Independent:
2709 /* Completely meaningless in this
2710 program, as there's no way to
2711 grant explicit rights to a
2712 specific PrC. Basically, using
2713 id-ppl-Independent is the perfect
2714 way to grant no rights at all. */
2715 fprintf(stderr, " Independent proxy certificate");
2716 for (i = 0; i < 26; i++)
2719 case NID_id_ppl_inheritAll:
2720 /* This is basically a NOP, we
2721 simply let the current rights
2722 stand as they are. */
2723 fprintf(stderr, " Proxy certificate inherits all");
2727 pci->proxyPolicy->policy->data;
2728 i = pci->proxyPolicy->policy->length;
2730 /* The algorithm works as follows:
2731 it is assumed that previous
2732 iterations or the initial granted
2733 rights has already set some elements
2734 of `letters'. What we need to do is
2735 to clear those that weren't granted
2736 by the current PrC as well. The
2737 easiest way to do this is to add 1
2738 to all the elements whose letters
2739 are given with the current policy.
2740 That way, all elements that are set
2741 by the current policy and were
2742 already set by earlier policies and
2743 through the original grant of rights
2744 will get the value 2 or higher.
2745 The last thing to do is to sweep
2746 through `letters' and keep the
2747 elements having the value 2 as set,
2748 and clear all the others. */
2750 fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
2754 if (isascii(c) && isalpha(c))
2761 for (i = 0; i < 26; i++)
2770 ", resulting proxy rights = ");
2771 for(i = 0; i < 26; i++)
2774 fprintf(stderr, "%c", i + 'A');
2778 fprintf(stderr, "none");
2779 fprintf(stderr, "\n");
2781 PROXY_CERT_INFO_EXTENSION_free(pci);
2789 static void process_proxy_debug(int indent, const char *format, ...)
2791 static const char indentation[] =
2792 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2793 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
2794 char my_format[256];
2797 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2798 indent, indent, indentation, format);
2800 va_start(args, format);
2801 vfprintf(stderr, my_format, args);
2810 static int process_proxy_cond_adders(unsigned int letters[26],
2811 const char *cond, const char **cond_end, int *pos, int indent);
2812 static int process_proxy_cond_val(unsigned int letters[26],
2813 const char *cond, const char **cond_end, int *pos, int indent)
2819 while(isspace((int)*cond))
2826 process_proxy_debug(indent,
2827 "Start process_proxy_cond_val at position %d: %s\n",
2834 while(isspace((int)*cond))
2844 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2849 while(isspace((int)*cond))
2857 "Weird condition character in position %d: "
2864 else if (isascii(c) && isalpha(c))
2868 ok = letters[c - 'A'];
2874 "Weird condition character in position %d: "
2881 if (ok >= 0 && negate)
2885 process_proxy_debug(indent,
2886 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2891 static int process_proxy_cond_multipliers(unsigned int letters[26],
2892 const char *cond, const char **cond_end, int *pos, int indent)
2898 process_proxy_debug(indent,
2899 "Start process_proxy_cond_multipliers at position %d: %s\n",
2902 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2909 while(isspace((int)*cond))
2923 ok = process_proxy_cond_val(letters,
2924 cond, cond_end, pos, indent + 1);
2938 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2950 process_proxy_debug(indent,
2951 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2957 static int process_proxy_cond_adders(unsigned int letters[26],
2958 const char *cond, const char **cond_end, int *pos, int indent)
2964 process_proxy_debug(indent,
2965 "Start process_proxy_cond_adders at position %d: %s\n",
2968 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2976 while(isspace((int)*cond))
2989 ok = process_proxy_cond_multipliers(letters,
2990 cond, cond_end, pos, indent + 1);
3001 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
3013 process_proxy_debug(indent,
3014 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
3021 static int process_proxy_cond(unsigned int letters[26],
3022 const char *cond, const char **cond_end)
3025 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
3028 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
3031 struct app_verify_arg *cb_arg = arg;
3032 unsigned int letters[26]; /* only used with proxy_auth */
3034 if (cb_arg->app_verify)
3036 char *s = NULL,buf[256];
3038 fprintf(stderr, "In app_verify_callback, allowing cert. ");
3039 fprintf(stderr, "Arg is: %s\n", cb_arg->string);
3040 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
3041 (void *)ctx, (void *)ctx->cert);
3043 s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
3046 fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
3050 if (cb_arg->proxy_auth)
3052 int found_any = 0, i;
3055 for(i = 0; i < 26; i++)
3057 for(sp = cb_arg->proxy_auth; *sp; sp++)
3060 if (isascii(c) && isalpha(c))
3064 letters[c - 'A'] = 1;
3069 " Initial proxy rights = ");
3070 for(i = 0; i < 26; i++)
3073 fprintf(stderr, "%c", i + 'A');
3077 fprintf(stderr, "none");
3078 fprintf(stderr, "\n");
3080 X509_STORE_CTX_set_ex_data(ctx,
3081 get_proxy_auth_ex_data_idx(),letters);
3083 if (cb_arg->allow_proxy_certs)
3085 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
3088 #ifndef OPENSSL_NO_X509_VERIFY
3089 ok = X509_verify_cert(ctx);
3092 if (cb_arg->proxy_auth)
3096 const char *cond_end = NULL;
3098 ok = process_proxy_cond(letters,
3099 cb_arg->proxy_cond, &cond_end);
3105 fprintf(stderr, "Stopped processing condition before it's end.\n");
3109 fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
3110 cb_arg->proxy_cond);
3112 fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
3113 cb_arg->proxy_cond);
3119 #ifndef OPENSSL_NO_RSA
3120 static RSA *rsa_tmp=NULL;
3122 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
3125 if (rsa_tmp == NULL)
3128 rsa_tmp = RSA_new();
3129 if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
3131 BIO_printf(bio_err, "Memory error...");
3134 BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
3135 (void)BIO_flush(bio_err);
3136 if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
3138 BIO_printf(bio_err, "Error generating key.");
3143 BIO_printf(bio_err,"\n");
3144 (void)BIO_flush(bio_err);
3150 static void free_tmp_rsa(void)
3152 if (rsa_tmp != NULL)
3160 #ifndef OPENSSL_NO_DH
3162 * These DH parameters have been generated as follows:
3163 * $ openssl dhparam -C -noout 512
3164 * $ openssl dhparam -C -noout 1024
3165 * $ openssl dhparam -C -noout -dsaparam 1024
3166 * (The third function has been renamed to avoid name conflicts.)
3168 static DH *get_dh512()
3170 static unsigned char dh512_p[]={
3171 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
3172 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
3173 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
3174 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
3175 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
3176 0x02,0xC5,0xAE,0x23,
3178 static unsigned char dh512_g[]={
3183 if ((dh=DH_new()) == NULL) return(NULL);
3184 dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
3185 dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
3186 if ((dh->p == NULL) || (dh->g == NULL))
3187 { DH_free(dh); return(NULL); }
3191 static DH *get_dh1024()
3193 static unsigned char dh1024_p[]={
3194 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
3195 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
3196 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
3197 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
3198 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
3199 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
3200 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
3201 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
3202 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
3203 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
3204 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
3206 static unsigned char dh1024_g[]={
3211 if ((dh=DH_new()) == NULL) return(NULL);
3212 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3213 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3214 if ((dh->p == NULL) || (dh->g == NULL))
3215 { DH_free(dh); return(NULL); }
3219 static DH *get_dh1024dsa()
3221 static unsigned char dh1024_p[]={
3222 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
3223 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
3224 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
3225 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
3226 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
3227 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
3228 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
3229 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
3230 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
3231 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
3232 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
3234 static unsigned char dh1024_g[]={
3235 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
3236 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
3237 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
3238 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
3239 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
3240 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
3241 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
3242 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
3243 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
3244 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
3245 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
3249 if ((dh=DH_new()) == NULL) return(NULL);
3250 dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
3251 dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
3252 if ((dh->p == NULL) || (dh->g == NULL))
3253 { DH_free(dh); return(NULL); }
3259 #ifndef OPENSSL_NO_PSK
3260 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3261 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3262 unsigned int max_psk_len)
3267 ret = BN_hex2bn(&bn, pskkey);
3270 BIO_printf(bio_err,"Could not convert PSK key '%s' to BIGNUM\n", pskkey);
3275 if (BN_num_bytes(bn) > (int)max_psk_len)
3277 BIO_printf(bio_err,"psk buffer of callback is too small (%d) for key (%d)\n",
3278 max_psk_len, BN_num_bytes(bn));
3282 ret = BN_bn2bin(bn, psk);
3287 static unsigned int psk_client_callback(SSL *ssl, const char *hint, char *identity,
3288 unsigned int max_identity_len, unsigned char *psk,
3289 unsigned int max_psk_len)
3292 unsigned int psk_len = 0;
3294 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3298 fprintf(stderr, "client: created identity '%s' len=%d\n", identity, ret);
3299 ret = psk_key2bn(psk_key, psk, max_psk_len);
3307 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3308 unsigned char *psk, unsigned int max_psk_len)
3310 unsigned int psk_len=0;
3312 if (strcmp(identity, "Client_identity") != 0)
3314 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3317 psk_len=psk_key2bn(psk_key, psk, max_psk_len);
3322 static int do_test_cipherlist(void)
3325 const SSL_METHOD *meth;
3326 const SSL_CIPHER *ci, *tci = NULL;
3328 #ifndef OPENSSL_NO_SSL3
3329 fprintf(stderr, "testing SSLv3 cipher list order: ");
3330 meth = SSLv3_method();
3332 while ((ci = meth->get_cipher(i++)) != NULL)
3335 if (ci->id >= tci->id)
3337 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3342 fprintf(stderr, "ok\n");
3344 #ifndef OPENSSL_NO_TLS1
3345 fprintf(stderr, "testing TLSv1 cipher list order: ");
3346 meth = TLSv1_method();
3348 while ((ci = meth->get_cipher(i++)) != NULL)
3351 if (ci->id >= tci->id)
3353 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3358 fprintf(stderr, "ok\n");