2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
87 * 6. Redistributions of any form whatsoever must retain the following
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
143 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
144 #define _BSD_SOURCE 1
157 #ifdef OPENSSL_SYS_VMS
159 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
161 # define _XOPEN_SOURCE 500
166 #include <openssl/bio.h>
167 #include <openssl/crypto.h>
168 #include <openssl/evp.h>
169 #include <openssl/x509.h>
170 #include <openssl/x509v3.h>
171 #include <openssl/ssl.h>
172 #ifndef OPENSSL_NO_ENGINE
173 # include <openssl/engine.h>
175 #include <openssl/err.h>
176 #include <openssl/rand.h>
177 #ifndef OPENSSL_NO_RSA
178 # include <openssl/rsa.h>
180 #ifndef OPENSSL_NO_DSA
181 # include <openssl/dsa.h>
183 #ifndef OPENSSL_NO_DH
184 # include <openssl/dh.h>
186 #ifndef OPENSSL_NO_SRP
187 # include <openssl/srp.h>
189 #include <openssl/bn.h>
191 #include "../ssl/ssl_locl.h"
194 * Or gethostname won't be declared properly
195 * on Compaq platforms (at least with DEC C).
196 * Do not try to put it earlier, or IPv6 includes
199 #define _XOPEN_SOURCE_EXTENDED 1
201 #ifdef OPENSSL_SYS_WINDOWS
202 # include <winsock.h>
204 # include OPENSSL_UNISTD
208 * There is really no standard for this, so let's assign something
213 static int verify_callback(int ok, X509_STORE_CTX *ctx);
214 #ifndef OPENSSL_NO_RSA
215 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength);
216 static void free_tmp_rsa(void);
218 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
219 #define APP_CALLBACK_STRING "Test Callback Argument"
220 struct app_verify_arg {
223 int allow_proxy_certs;
228 #ifndef OPENSSL_NO_DH
229 static DH *get_dh512(void);
230 static DH *get_dh1024(void);
231 static DH *get_dh1024dsa(void);
234 static char *psk_key = NULL; /* by default PSK is not used */
235 #ifndef OPENSSL_NO_PSK
236 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
238 unsigned int max_identity_len,
240 unsigned int max_psk_len);
241 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
243 unsigned int max_psk_len);
246 #ifndef OPENSSL_NO_SRP
248 /* This is a context that we pass to all callbacks */
249 typedef struct srp_client_arg_st {
254 # define PWD_STRLEN 1024
256 static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
258 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
259 return BUF_strdup((char *)srp_client_arg->srppassin);
263 /* This is a context that we pass to SRP server callbacks */
264 typedef struct srp_server_arg_st {
269 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
271 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
273 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
274 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
275 return SSL3_AL_FATAL;
277 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
278 *ad = SSL_AD_INTERNAL_ERROR;
279 return SSL3_AL_FATAL;
281 return SSL_ERROR_NONE;
285 static BIO *bio_err = NULL;
286 static BIO *bio_stdout = NULL;
288 #ifndef OPENSSL_NO_NEXTPROTONEG
289 /* Note that this code assumes that this is only a one element list: */
290 static const char NEXT_PROTO_STRING[] = "\x09testproto";
291 static int npn_client = 0;
292 static int npn_server = 0;
293 static int npn_server_reject = 0;
295 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
296 const unsigned char *in, unsigned int inlen,
300 * This callback only returns the protocol string, rather than a length
301 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
302 * and remove the first byte to chop off the length prefix.
304 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
305 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
306 return SSL_TLSEXT_ERR_OK;
309 static int cb_server_npn(SSL *s, const unsigned char **data,
310 unsigned int *len, void *arg)
312 *data = (const unsigned char *)NEXT_PROTO_STRING;
313 *len = sizeof(NEXT_PROTO_STRING) - 1;
314 return SSL_TLSEXT_ERR_OK;
317 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
318 unsigned int *len, void *arg)
320 return SSL_TLSEXT_ERR_NOACK;
323 static int verify_npn(SSL *client, SSL *server)
325 const unsigned char *client_s;
327 const unsigned char *server_s;
330 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
331 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
334 BIO_printf(bio_stdout, "Client NPN: ");
335 BIO_write(bio_stdout, client_s, client_len);
336 BIO_printf(bio_stdout, "\n");
340 BIO_printf(bio_stdout, "Server NPN: ");
341 BIO_write(bio_stdout, server_s, server_len);
342 BIO_printf(bio_stdout, "\n");
346 * If an NPN string was returned, it must be the protocol that we
347 * expected to negotiate.
349 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
350 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
352 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
353 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
356 if (!npn_client && client_len)
358 if (!npn_server && server_len)
360 if (npn_server_reject && server_len)
362 if (npn_client && npn_server && (!client_len || !server_len))
369 static const char *alpn_client;
370 static const char *alpn_server;
371 static const char *alpn_expected;
372 static unsigned char *alpn_selected;
375 * next_protos_parse parses a comma separated list of strings into a string
376 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
377 * outlen: (output) set to the length of the resulting buffer on success.
378 * err: (maybe NULL) on failure, an error message line is written to this BIO.
379 * in: a NUL terminated string like "abc,def,ghi"
381 * returns: a malloced buffer or NULL on failure.
383 static unsigned char *next_protos_parse(unsigned short *outlen,
394 out = OPENSSL_malloc(strlen(in) + 1);
398 for (i = 0; i <= len; ++i) {
399 if (i == len || in[i] == ',') {
400 if (i - start > 255) {
404 out[start] = i - start;
414 static int cb_server_alpn(SSL *s, const unsigned char **out,
415 unsigned char *outlen, const unsigned char *in,
416 unsigned int inlen, void *arg)
418 unsigned char *protos;
419 unsigned short protos_len;
421 protos = next_protos_parse(&protos_len, alpn_server);
422 if (protos == NULL) {
423 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
428 if (SSL_select_next_proto
429 ((unsigned char **)out, outlen, protos, protos_len, in,
430 inlen) != OPENSSL_NPN_NEGOTIATED) {
431 OPENSSL_free(protos);
432 return SSL_TLSEXT_ERR_NOACK;
436 * Make a copy of the selected protocol which will be freed in
439 alpn_selected = OPENSSL_malloc(*outlen);
440 memcpy(alpn_selected, *out, *outlen);
441 *out = alpn_selected;
443 OPENSSL_free(protos);
444 return SSL_TLSEXT_ERR_OK;
447 static int verify_alpn(SSL *client, SSL *server)
449 const unsigned char *client_proto, *server_proto;
450 unsigned int client_proto_len = 0, server_proto_len = 0;
451 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
452 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
454 OPENSSL_free(alpn_selected);
455 alpn_selected = NULL;
457 if (client_proto_len != server_proto_len ||
458 memcmp(client_proto, server_proto, client_proto_len) != 0) {
459 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
463 if (client_proto_len > 0 && alpn_expected == NULL) {
464 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
468 if (alpn_expected != NULL &&
469 (client_proto_len != strlen(alpn_expected) ||
470 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
471 BIO_printf(bio_stdout,
472 "ALPN selected protocols not equal to expected protocol: %s\n",
480 BIO_printf(bio_stdout, "ALPN results: client: '");
481 BIO_write(bio_stdout, client_proto, client_proto_len);
482 BIO_printf(bio_stdout, "', server: '");
483 BIO_write(bio_stdout, server_proto, server_proto_len);
484 BIO_printf(bio_stdout, "'\n");
485 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
486 alpn_client, alpn_server);
490 #define SCT_EXT_TYPE 18
493 * WARNING : below extension types are *NOT* IETF assigned, and could
494 * conflict if these types are reassigned and handled specially by OpenSSL
497 #define TACK_EXT_TYPE 62208
498 #define CUSTOM_EXT_TYPE_0 1000
499 #define CUSTOM_EXT_TYPE_1 1001
500 #define CUSTOM_EXT_TYPE_2 1002
501 #define CUSTOM_EXT_TYPE_3 1003
503 static const char custom_ext_cli_string[] = "abc";
504 static const char custom_ext_srv_string[] = "defg";
506 /* These set from cmdline */
507 static char *serverinfo_file = NULL;
508 static int serverinfo_sct = 0;
509 static int serverinfo_tack = 0;
511 /* These set based on extension callbacks */
512 static int serverinfo_sct_seen = 0;
513 static int serverinfo_tack_seen = 0;
514 static int serverinfo_other_seen = 0;
516 /* This set from cmdline */
517 static int custom_ext = 0;
519 /* This set based on extension callbacks */
520 static int custom_ext_error = 0;
522 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
523 const unsigned char *in, size_t inlen,
526 if (ext_type == SCT_EXT_TYPE)
527 serverinfo_sct_seen++;
528 else if (ext_type == TACK_EXT_TYPE)
529 serverinfo_tack_seen++;
531 serverinfo_other_seen++;
535 static int verify_serverinfo()
537 if (serverinfo_sct != serverinfo_sct_seen)
539 if (serverinfo_tack != serverinfo_tack_seen)
541 if (serverinfo_other_seen)
547 * Four test cases for custom extensions:
548 * 0 - no ClientHello extension or ServerHello response
549 * 1 - ClientHello with "abc", no response
550 * 2 - ClientHello with "abc", empty response
551 * 3 - ClientHello with "abc", "defg" response
554 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
555 const unsigned char **out,
556 size_t *outlen, int *al, void *arg)
558 if (ext_type != CUSTOM_EXT_TYPE_0)
559 custom_ext_error = 1;
560 return 0; /* Don't send an extension */
563 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
564 const unsigned char *in,
565 size_t inlen, int *al, void *arg)
570 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
571 const unsigned char **out,
572 size_t *outlen, int *al, void *arg)
574 if (ext_type != CUSTOM_EXT_TYPE_1)
575 custom_ext_error = 1;
576 *out = (const unsigned char *)custom_ext_cli_string;
577 *outlen = strlen(custom_ext_cli_string);
578 return 1; /* Send "abc" */
581 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
582 const unsigned char *in,
583 size_t inlen, int *al, void *arg)
588 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
589 const unsigned char **out,
590 size_t *outlen, int *al, void *arg)
592 if (ext_type != CUSTOM_EXT_TYPE_2)
593 custom_ext_error = 1;
594 *out = (const unsigned char *)custom_ext_cli_string;
595 *outlen = strlen(custom_ext_cli_string);
596 return 1; /* Send "abc" */
599 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
600 const unsigned char *in,
601 size_t inlen, int *al, void *arg)
603 if (ext_type != CUSTOM_EXT_TYPE_2)
604 custom_ext_error = 1;
606 custom_ext_error = 1; /* Should be empty response */
610 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
611 const unsigned char **out,
612 size_t *outlen, int *al, void *arg)
614 if (ext_type != CUSTOM_EXT_TYPE_3)
615 custom_ext_error = 1;
616 *out = (const unsigned char *)custom_ext_cli_string;
617 *outlen = strlen(custom_ext_cli_string);
618 return 1; /* Send "abc" */
621 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
622 const unsigned char *in,
623 size_t inlen, int *al, void *arg)
625 if (ext_type != CUSTOM_EXT_TYPE_3)
626 custom_ext_error = 1;
627 if (inlen != strlen(custom_ext_srv_string))
628 custom_ext_error = 1;
629 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
630 custom_ext_error = 1; /* Check for "defg" */
635 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
638 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
639 const unsigned char *in,
640 size_t inlen, int *al, void *arg)
642 custom_ext_error = 1;
646 /* 'add' callbacks are only called if the 'parse' callback is called */
647 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
648 const unsigned char **out,
649 size_t *outlen, int *al, void *arg)
651 /* Error: should not have been called */
652 custom_ext_error = 1;
653 return 0; /* Don't send an extension */
656 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
657 const unsigned char *in,
658 size_t inlen, int *al, void *arg)
660 if (ext_type != CUSTOM_EXT_TYPE_1)
661 custom_ext_error = 1;
662 /* Check for "abc" */
663 if (inlen != strlen(custom_ext_cli_string))
664 custom_ext_error = 1;
665 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
666 custom_ext_error = 1;
670 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
671 const unsigned char **out,
672 size_t *outlen, int *al, void *arg)
674 return 0; /* Don't send an extension */
677 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
678 const unsigned char *in,
679 size_t inlen, int *al, void *arg)
681 if (ext_type != CUSTOM_EXT_TYPE_2)
682 custom_ext_error = 1;
683 /* Check for "abc" */
684 if (inlen != strlen(custom_ext_cli_string))
685 custom_ext_error = 1;
686 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
687 custom_ext_error = 1;
691 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
692 const unsigned char **out,
693 size_t *outlen, int *al, void *arg)
697 return 1; /* Send empty extension */
700 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
701 const unsigned char *in,
702 size_t inlen, int *al, void *arg)
704 if (ext_type != CUSTOM_EXT_TYPE_3)
705 custom_ext_error = 1;
706 /* Check for "abc" */
707 if (inlen != strlen(custom_ext_cli_string))
708 custom_ext_error = 1;
709 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
710 custom_ext_error = 1;
714 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
715 const unsigned char **out,
716 size_t *outlen, int *al, void *arg)
718 *out = (const unsigned char *)custom_ext_srv_string;
719 *outlen = strlen(custom_ext_srv_string);
720 return 1; /* Send "defg" */
723 static char *cipher = NULL;
724 static int verbose = 0;
725 static int debug = 0;
726 static const char rnd_seed[] =
727 "string to make the random number generator think it has entropy";
729 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
731 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
732 static int do_test_cipherlist(void);
734 static void sv_usage(void)
736 fprintf(stderr, "usage: ssltest [args ...]\n");
737 fprintf(stderr, "\n");
739 fprintf(stderr, "-F - run test in FIPS mode\n");
741 fprintf(stderr, " -server_auth - check server certificate\n");
742 fprintf(stderr, " -client_auth - do client authentication\n");
743 fprintf(stderr, " -proxy - allow proxy certificates\n");
744 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
746 " -proxy_cond <val> - expression to test proxy policy rights\n");
747 fprintf(stderr, " -v - more output\n");
748 fprintf(stderr, " -d - debug output\n");
749 fprintf(stderr, " -reuse - use session-id reuse\n");
750 fprintf(stderr, " -num <val> - number of connections to perform\n");
752 " -bytes <val> - number of bytes to swap between client/server\n");
753 #ifndef OPENSSL_NO_DH
755 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
757 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
759 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
760 fprintf(stderr, " -no_dhe - disable DHE\n");
762 #ifndef OPENSSL_NO_EC
763 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
765 #ifndef OPENSSL_NO_PSK
766 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
768 #ifndef OPENSSL_NO_SRP
769 fprintf(stderr, " -srpuser user - SRP username to use\n");
770 fprintf(stderr, " -srppass arg - password for 'user'\n");
772 #ifndef OPENSSL_NO_SSL3_METHOD
773 fprintf(stderr, " -ssl3 - use SSLv3\n");
775 fprintf(stderr, " -tls1 - use TLSv1\n");
776 #ifndef OPENSSL_NO_DTLS
777 fprintf(stderr, " -dtls1 - use DTLSv1\n");
778 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
780 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
781 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
782 fprintf(stderr, " -cert arg - Server certificate file\n");
784 " -key arg - Server key file (default: same as -cert)\n");
785 fprintf(stderr, " -c_cert arg - Client certificate file\n");
787 " -c_key arg - Client key file (default: same as -c_cert)\n");
788 fprintf(stderr, " -cipher arg - The cipher list\n");
789 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
790 fprintf(stderr, " -f - Test even cases that can't work\n");
792 " -time - measure processor time used by client and server\n");
793 fprintf(stderr, " -zlib - use zlib compression\n");
794 #ifndef OPENSSL_NO_EC
796 " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
797 " Use \"openssl ecparam -list_curves\" for all names\n"
798 " (default is sect163r2).\n");
801 " -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
802 " When this option is requested, the cipherlist\n"
803 " tests are run instead of handshake tests.\n");
804 #ifndef OPENSSL_NO_NEXTPROTONEG
805 fprintf(stderr, " -npn_client - have client side offer NPN\n");
806 fprintf(stderr, " -npn_server - have server side offer NPN\n");
807 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
809 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
810 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
812 " -serverinfo_tack - have client offer and expect TACK\n");
814 " -custom_ext - try various custom extension callbacks\n");
815 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
816 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
818 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
821 static void print_key_details(BIO *out, EVP_PKEY *key)
823 int keyid = EVP_PKEY_id(key);
824 #ifndef OPENSSL_NO_EC
825 if (keyid == EVP_PKEY_EC) {
826 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
829 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
831 cname = EC_curve_nid2nist(nid);
833 cname = OBJ_nid2sn(nid);
834 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
850 algname = OBJ_nid2sn(keyid);
853 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
857 static void print_details(SSL *c_ssl, const char *prefix)
859 const SSL_CIPHER *ciph;
864 ciph = SSL_get_current_cipher(c_ssl);
865 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
867 SSL_get_version(c_ssl),
868 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
869 cert = SSL_get_peer_certificate(c_ssl);
871 pkey = X509_get_pubkey(cert);
873 BIO_puts(bio_stdout, ", ");
874 print_key_details(bio_stdout, pkey);
879 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
880 BIO_puts(bio_stdout, ", temp key: ");
881 print_key_details(bio_stdout, pkey);
884 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
885 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
886 BIO_printf(bio_stdout, "\n");
889 static void lock_dbg_cb(int mode, int type, const char *file, int line)
891 static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
892 const char *errstr = NULL;
895 rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
896 if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
897 errstr = "invalid mode";
901 if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
902 errstr = "type out of bounds";
906 if (mode & CRYPTO_LOCK) {
908 errstr = "already locked";
910 * must not happen in a single-threaded program (would deadlock)
916 } else if (mode & CRYPTO_UNLOCK) {
918 errstr = "not locked";
922 if (modes[type] != rw) {
923 errstr = (rw == CRYPTO_READ) ?
924 "CRYPTO_r_unlock on write lock" :
925 "CRYPTO_w_unlock on read lock";
930 errstr = "invalid mode";
936 /* we cannot use bio_err here */
938 "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
939 errstr, mode, type, file, line);
943 int main(int argc, char *argv[])
945 char *CApath = NULL, *CAfile = NULL;
949 int dtls1 = 0, dtls12 = 0, tls1 = 0, ssl3 = 0, ret = 1;
951 int server_auth = 0, i;
952 struct app_verify_arg app_verify_arg =
953 { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
954 #ifndef OPENSSL_NO_EC
955 char *named_curve = NULL;
957 SSL_CTX *s_ctx = NULL;
958 SSL_CTX *c_ctx = NULL;
959 const SSL_METHOD *meth = NULL;
961 int number = 1, reuse = 0;
963 #ifndef OPENSSL_NO_DH
965 int dhe512 = 0, dhe1024dsa = 0;
967 #ifndef OPENSSL_NO_EC
970 #ifndef OPENSSL_NO_SRP
972 SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
974 SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
980 clock_t s_time = 0, c_time = 0;
981 #ifndef OPENSSL_NO_COMP
983 COMP_METHOD *cm = NULL;
984 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
986 int test_cipherlist = 0;
992 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL;
993 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
994 const char *arg = NULL, *argn = NULL;
1000 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
1002 CRYPTO_set_locking_callback(lock_dbg_cb);
1004 /* enable memory leak checking unless explicitly disabled */
1005 if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
1006 && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
1007 CRYPTO_malloc_debug_init();
1008 CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
1010 /* OPENSSL_DEBUG_MEMORY=off */
1011 CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
1013 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1015 RAND_seed(rnd_seed, sizeof rnd_seed);
1017 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1019 s_cctx = SSL_CONF_CTX_new();
1020 c_cctx = SSL_CONF_CTX_new();
1022 if (!s_cctx || !c_cctx) {
1023 ERR_print_errors(bio_err);
1027 SSL_CONF_CTX_set_flags(s_cctx,
1028 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1029 SSL_CONF_FLAG_CERTIFICATE |
1030 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1031 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
1032 ERR_print_errors(bio_err);
1036 SSL_CONF_CTX_set_flags(c_cctx,
1037 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
1038 SSL_CONF_FLAG_CERTIFICATE |
1039 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1040 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
1041 ERR_print_errors(bio_err);
1049 if (strcmp(*argv, "-F") == 0) {
1054 "not compiled with FIPS support, so exiting without running.\n");
1057 } else if (strcmp(*argv, "-server_auth") == 0)
1059 else if (strcmp(*argv, "-client_auth") == 0)
1061 else if (strcmp(*argv, "-proxy_auth") == 0) {
1064 app_verify_arg.proxy_auth = *(++argv);
1065 } else if (strcmp(*argv, "-proxy_cond") == 0) {
1068 app_verify_arg.proxy_cond = *(++argv);
1069 } else if (strcmp(*argv, "-v") == 0)
1071 else if (strcmp(*argv, "-d") == 0)
1073 else if (strcmp(*argv, "-reuse") == 0)
1075 else if (strcmp(*argv, "-dhe512") == 0) {
1076 #ifndef OPENSSL_NO_DH
1080 "ignoring -dhe512, since I'm compiled without DH\n");
1082 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1083 #ifndef OPENSSL_NO_DH
1087 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1089 } else if (strcmp(*argv, "-no_dhe") == 0)
1091 else if (strcmp(*argv, "-no_ecdhe") == 0)
1093 else if (strcmp(*argv, "-psk") == 0) {
1096 psk_key = *(++argv);
1097 #ifndef OPENSSL_NO_PSK
1098 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1099 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1106 #ifndef OPENSSL_NO_SRP
1107 else if (strcmp(*argv, "-srpuser") == 0) {
1110 srp_server_arg.expected_user = srp_client_arg.srplogin =
1113 } else if (strcmp(*argv, "-srppass") == 0) {
1116 srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
1120 else if (strcmp(*argv, "-tls1") == 0) {
1122 } else if (strcmp(*argv, "-ssl3") == 0) {
1123 #ifdef OPENSSL_NO_SSL3_METHOD
1127 } else if (strcmp(*argv, "-dtls1") == 0) {
1128 #ifdef OPENSSL_NO_DTLS
1132 } else if (strcmp(*argv, "-dtls12") == 0) {
1133 #ifdef OPENSSL_NO_DTLS
1137 } else if (strncmp(*argv, "-num", 4) == 0) {
1140 number = atoi(*(++argv));
1143 } else if (strcmp(*argv, "-bytes") == 0) {
1146 bytes = atol(*(++argv));
1149 i = strlen(argv[0]);
1150 if (argv[0][i - 1] == 'k')
1152 if (argv[0][i - 1] == 'm')
1153 bytes *= 1024L * 1024L;
1154 } else if (strcmp(*argv, "-cipher") == 0) {
1158 } else if (strcmp(*argv, "-CApath") == 0) {
1162 } else if (strcmp(*argv, "-CAfile") == 0) {
1166 } else if (strcmp(*argv, "-bio_pair") == 0) {
1168 } else if (strcmp(*argv, "-f") == 0) {
1170 } else if (strcmp(*argv, "-time") == 0) {
1173 #ifndef OPENSSL_NO_COMP
1174 else if (strcmp(*argv, "-zlib") == 0) {
1178 else if (strcmp(*argv, "-named_curve") == 0) {
1181 #ifndef OPENSSL_NO_EC
1182 named_curve = *(++argv);
1185 "ignoring -named_curve, since I'm compiled without ECDH\n");
1188 } else if (strcmp(*argv, "-app_verify") == 0) {
1189 app_verify_arg.app_verify = 1;
1190 } else if (strcmp(*argv, "-proxy") == 0) {
1191 app_verify_arg.allow_proxy_certs = 1;
1192 } else if (strcmp(*argv, "-test_cipherlist") == 0) {
1193 test_cipherlist = 1;
1195 #ifndef OPENSSL_NO_NEXTPROTONEG
1196 else if (strcmp(*argv, "-npn_client") == 0) {
1198 } else if (strcmp(*argv, "-npn_server") == 0) {
1200 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1201 npn_server_reject = 1;
1204 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1206 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1207 serverinfo_tack = 1;
1208 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1211 serverinfo_file = *(++argv);
1212 } else if (strcmp(*argv, "-custom_ext") == 0) {
1214 } else if (strcmp(*argv, "-alpn_client") == 0) {
1217 alpn_client = *(++argv);
1218 } else if (strcmp(*argv, "-alpn_server") == 0) {
1221 alpn_server = *(++argv);
1222 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1225 alpn_expected = *(++argv);
1230 /* Try to process command using SSL_CONF */
1231 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1232 /* If not processed try server */
1234 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1235 /* Recognised: store it for later use */
1240 conf_args = sk_OPENSSL_STRING_new_null();
1244 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1246 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1251 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1253 BIO_printf(bio_err, "Error with command %s\n", arg);
1255 BIO_printf(bio_err, "unknown option %s\n", arg);
1269 * test_cipherlist prevails over protocol switch: we test the cipherlist
1270 * for all enabled protocols.
1272 if (test_cipherlist == 1) {
1274 * ensure that the cipher list are correctly sorted and exit
1276 fprintf(stdout, "Testing cipherlist order only. Ignoring all "
1277 "other options.\n");
1278 if (do_test_cipherlist() == 0)
1284 if (ssl3 + tls1 + dtls1 + dtls12 > 1) {
1285 fprintf(stderr, "At most one of -ssl3, -tls1, -dtls1 or -dtls12 should "
1291 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1292 * Ideally, we would error out, but the generic test wrapper can't know
1293 * when to expect failure. So we do nothing and return success.
1296 fprintf(stderr, "Testing was requested for a disabled protocol. "
1297 "Skipping tests.\n");
1302 if (!ssl3 && !tls1 && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
1303 fprintf(stderr, "This case cannot work. Use -f to perform "
1304 "the test anyway (and\n-d to see what happens), "
1305 "or add one of -ssl3, -tls1, -dtls1, -dtls12, -reuse\n"
1306 "to avoid protocol mismatch.\n");
1311 if (!FIPS_mode_set(1)) {
1312 ERR_load_crypto_strings();
1313 ERR_print_errors(bio_err);
1316 fprintf(stderr, "*** IN FIPS MODE ***\n");
1322 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1325 if (number < 50 && !force)
1327 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1330 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1333 SSL_load_error_strings();
1335 #ifndef OPENSSL_NO_COMP
1336 if (comp == COMP_ZLIB)
1339 if (COMP_get_type(cm) != NID_undef) {
1340 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1341 fprintf(stderr, "Failed to add compression method\n");
1342 ERR_print_errors_fp(stderr);
1346 "Warning: %s compression not supported\n",
1347 comp == COMP_ZLIB ? "zlib" : "unknown");
1348 ERR_print_errors_fp(stderr);
1351 ssl_comp_methods = SSL_COMP_get_compression_methods();
1352 n = sk_SSL_COMP_num(ssl_comp_methods);
1355 printf("Available compression methods:");
1356 for (j = 0; j < n; j++) {
1357 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1358 printf(" %s:%d", c->name, c->id);
1365 * At this point, ssl3/tls1 is only set if the protocol is available.
1366 * (Otherwise we exit early.) However the compiler doesn't know this, so
1369 #ifndef OPENSSL_NO_SSL3
1371 meth = SSLv3_method();
1374 #ifndef OPENSSL_NO_DTLS
1376 meth = DTLSv1_method();
1378 meth = DTLSv1_2_method();
1382 meth = TLSv1_method();
1384 meth = TLS_method();
1386 c_ctx = SSL_CTX_new(meth);
1387 s_ctx = SSL_CTX_new(meth);
1388 if ((c_ctx == NULL) || (s_ctx == NULL)) {
1389 ERR_print_errors(bio_err);
1393 * Since we will use low security ciphersuites and keys for testing set
1394 * security level to zero by default. Tests can override this by adding
1395 * "@SECLEVEL=n" to the cipher string.
1397 SSL_CTX_set_security_level(c_ctx, 0);
1398 SSL_CTX_set_security_level(s_ctx, 0);
1400 if (cipher != NULL) {
1401 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1402 || !SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1403 ERR_print_errors(bio_err);
1408 /* Process SSL_CONF arguments */
1409 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1410 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1412 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1414 arg = sk_OPENSSL_STRING_value(conf_args, i);
1415 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1416 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1417 /* If not recognised use server context */
1419 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1421 BIO_printf(bio_err, "Error processing %s %s\n",
1422 arg, argn ? argn : "");
1423 ERR_print_errors(bio_err);
1428 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx)) {
1429 BIO_puts(bio_err, "Error finishing context\n");
1430 ERR_print_errors(bio_err);
1433 #ifndef OPENSSL_NO_DH
1437 * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
1439 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
1440 dh = get_dh1024dsa();
1445 SSL_CTX_set_tmp_dh(s_ctx, dh);
1452 #ifndef OPENSSL_NO_EC
1456 if (named_curve != NULL) {
1457 nid = OBJ_sn2nid(named_curve);
1459 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
1463 nid = NID_X9_62_prime256v1;
1466 ecdh = EC_KEY_new_by_curve_name(nid);
1468 BIO_printf(bio_err, "unable to create curve\n");
1472 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
1473 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
1480 #ifndef OPENSSL_NO_RSA
1481 SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
1484 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1485 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1486 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1487 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1488 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1489 ERR_print_errors(bio_err);
1494 printf("client authentication\n");
1495 SSL_CTX_set_verify(s_ctx,
1496 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1498 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1502 printf("server authentication\n");
1503 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1504 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1509 int session_id_context = 0;
1510 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1511 sizeof session_id_context)) {
1512 ERR_print_errors(bio_err);
1517 /* Use PSK only if PSK key is given */
1518 if (psk_key != NULL) {
1520 * no_psk is used to avoid putting psk command to openssl tool
1524 * if PSK is not compiled in and psk key is given, do nothing and
1530 #ifndef OPENSSL_NO_PSK
1531 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1532 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1534 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1535 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint")) {
1536 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1537 ERR_print_errors(bio_err);
1542 #ifndef OPENSSL_NO_SRP
1543 if (srp_client_arg.srplogin) {
1544 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1545 BIO_printf(bio_err, "Unable to set SRP username\n");
1548 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1549 SSL_CTX_set_srp_client_pwd_callback(c_ctx,
1550 ssl_give_srp_client_pwd_cb);
1552 * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
1556 if (srp_server_arg.expected_user != NULL) {
1557 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1558 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1559 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1563 #ifndef OPENSSL_NO_NEXTPROTONEG
1565 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1568 if (npn_server_reject) {
1570 "Can't have both -npn_server and -npn_server_reject\n");
1573 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1575 if (npn_server_reject) {
1576 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
1581 if (serverinfo_sct) {
1582 if (!SSL_CTX_add_client_custom_ext(c_ctx, SCT_EXT_TYPE,
1584 serverinfo_cli_parse_cb, NULL)) {
1585 BIO_printf(bio_err, "Error adding SCT extension\n");
1589 if (serverinfo_tack) {
1590 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1592 serverinfo_cli_parse_cb, NULL)) {
1593 BIO_printf(bio_err, "Error adding TACK extension\n");
1597 if (serverinfo_file)
1598 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file)) {
1599 BIO_printf(bio_err, "missing serverinfo file\n");
1604 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1605 custom_ext_0_cli_add_cb,
1607 custom_ext_0_cli_parse_cb, NULL)
1608 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1609 custom_ext_1_cli_add_cb,
1611 custom_ext_1_cli_parse_cb, NULL)
1612 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1613 custom_ext_2_cli_add_cb,
1615 custom_ext_2_cli_parse_cb, NULL)
1616 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1617 custom_ext_3_cli_add_cb,
1619 custom_ext_3_cli_parse_cb, NULL)
1620 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1621 custom_ext_0_srv_add_cb,
1623 custom_ext_0_srv_parse_cb, NULL)
1624 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1625 custom_ext_1_srv_add_cb,
1627 custom_ext_1_srv_parse_cb, NULL)
1628 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1629 custom_ext_2_srv_add_cb,
1631 custom_ext_2_srv_parse_cb, NULL)
1632 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1633 custom_ext_3_srv_add_cb,
1635 custom_ext_3_srv_parse_cb, NULL)) {
1636 BIO_printf(bio_err, "Error setting custom extensions\n");
1642 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
1645 unsigned short alpn_len;
1646 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1649 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1652 /* Returns 0 on success!! */
1653 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1654 BIO_printf(bio_err, "Error setting ALPN\n");
1661 c_ssl = SSL_new(c_ctx);
1662 s_ssl = SSL_new(s_ctx);
1664 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1665 for (i = 0; i < number; i++) {
1667 if (!SSL_set_session(c_ssl, NULL)) {
1668 BIO_printf(bio_err, "Failed to set session\n");
1673 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1675 ret = doit(s_ssl, c_ssl, bytes);
1680 print_details(c_ssl, "");
1683 #ifdef CLOCKS_PER_SEC
1685 * "To determine the time in seconds, the value returned by the clock
1686 * function should be divided by the value of the macro
1687 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1689 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1690 "Approximate total client time: %6.2f s\n",
1691 (double)s_time / CLOCKS_PER_SEC,
1692 (double)c_time / CLOCKS_PER_SEC);
1694 BIO_printf(bio_stdout,
1695 "Approximate total server time: %6.2f units\n"
1696 "Approximate total client time: %6.2f units\n",
1697 (double)s_time, (double)c_time);
1705 SSL_CTX_free(s_ctx);
1706 SSL_CTX_free(c_ctx);
1707 SSL_CONF_CTX_free(s_cctx);
1708 SSL_CONF_CTX_free(c_cctx);
1709 sk_OPENSSL_STRING_free(conf_args);
1711 BIO_free(bio_stdout);
1713 #ifndef OPENSSL_NO_RSA
1716 #ifndef OPENSSL_NO_ENGINE
1719 CRYPTO_cleanup_all_ex_data();
1721 ERR_remove_thread_state(NULL);
1723 CRYPTO_mem_leaks(bio_err);
1728 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
1729 clock_t *s_time, clock_t *c_time)
1731 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1732 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1733 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
1736 size_t bufsiz = 256; /* small buffer for testing */
1738 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
1740 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
1743 s_ssl_bio = BIO_new(BIO_f_ssl());
1747 c_ssl_bio = BIO_new(BIO_f_ssl());
1751 SSL_set_connect_state(c_ssl);
1752 SSL_set_bio(c_ssl, client, client);
1753 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1755 SSL_set_accept_state(s_ssl);
1756 SSL_set_bio(s_ssl, server, server);
1757 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1761 * c_ssl_bio: SSL filter BIO
1763 * client: pseudo-I/O for SSL library
1765 * client_io: client's SSL communication; usually to be
1766 * relayed over some I/O facility, but in this
1767 * test program, we're the server, too:
1769 * server_io: server's SSL communication
1771 * server: pseudo-I/O for SSL library
1773 * s_ssl_bio: SSL filter BIO
1775 * The client and the server each employ a "BIO pair":
1776 * client + client_io, server + server_io.
1777 * BIO pairs are symmetric. A BIO pair behaves similar
1778 * to a non-blocking socketpair (but both endpoints must
1779 * be handled by the same thread).
1780 * [Here we could connect client and server to the ends
1781 * of a single BIO pair, but then this code would be less
1782 * suitable as an example for BIO pairs in general.]
1784 * Useful functions for querying the state of BIO pair endpoints:
1786 * BIO_ctrl_pending(bio) number of bytes we can read now
1787 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
1788 * other side's read attempt
1789 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
1791 * ..._read_request is never more than ..._write_guarantee;
1792 * it depends on the application which one you should use.
1796 * We have non-blocking behaviour throughout this test program, but
1797 * can be sure that there is *some* progress in each iteration; so we
1798 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1799 * we just try everything in each iteration
1805 char cbuf[1024 * 8];
1807 clock_t c_clock = clock();
1809 memset(cbuf, 0, sizeof(cbuf));
1812 if (SSL_in_init(c_ssl))
1813 printf("client waiting in SSL_connect - %s\n",
1814 SSL_state_string_long(c_ssl));
1817 /* Write to server. */
1819 if (cw_num > (long)sizeof cbuf)
1823 r = BIO_write(c_ssl_bio, cbuf, i);
1825 if (!BIO_should_retry(c_ssl_bio)) {
1826 fprintf(stderr, "ERROR in CLIENT\n");
1830 * BIO_should_retry(...) can just be ignored here. The
1831 * library expects us to call BIO_write with the same
1832 * arguments again, and that's what we will do in the
1835 } else if (r == 0) {
1836 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1840 printf("client wrote %d\n", r);
1846 /* Read from server. */
1848 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1850 if (!BIO_should_retry(c_ssl_bio)) {
1851 fprintf(stderr, "ERROR in CLIENT\n");
1855 * Again, "BIO_should_retry" can be ignored.
1857 } else if (r == 0) {
1858 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1862 printf("client read %d\n", r);
1868 * c_time and s_time increments will typically be very small
1869 * (depending on machine speed and clock tick intervals), but
1870 * sampling over a large number of connections should result in
1871 * fairly accurate figures. We cannot guarantee a lot, however
1872 * -- if each connection lasts for exactly one clock tick, it
1873 * will be counted only for the client or only for the server or
1876 *c_time += (clock() - c_clock);
1882 char sbuf[1024 * 8];
1884 clock_t s_clock = clock();
1886 memset(sbuf, 0, sizeof(sbuf));
1889 if (SSL_in_init(s_ssl))
1890 printf("server waiting in SSL_accept - %s\n",
1891 SSL_state_string_long(s_ssl));
1894 /* Write to client. */
1896 if (sw_num > (long)sizeof sbuf)
1900 r = BIO_write(s_ssl_bio, sbuf, i);
1902 if (!BIO_should_retry(s_ssl_bio)) {
1903 fprintf(stderr, "ERROR in SERVER\n");
1906 /* Ignore "BIO_should_retry". */
1907 } else if (r == 0) {
1908 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1912 printf("server wrote %d\n", r);
1918 /* Read from client. */
1920 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
1922 if (!BIO_should_retry(s_ssl_bio)) {
1923 fprintf(stderr, "ERROR in SERVER\n");
1927 } else if (r == 0) {
1928 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
1932 printf("server read %d\n", r);
1937 *s_time += (clock() - s_clock);
1941 /* "I/O" BETWEEN CLIENT AND SERVER. */
1944 BIO *io1 = server_io, *io2 = client_io;
1946 * we use the non-copying interface for io1 and the standard
1947 * BIO_write/BIO_read interface for io2
1950 static int prev_progress = 1;
1958 r1 = BIO_ctrl_pending(io1);
1959 r2 = BIO_ctrl_get_write_guarantee(io2);
1967 if (INT_MAX < num) /* yeah, right */
1970 r = BIO_nread(io1, &dataptr, (int)num);
1972 assert(r <= (int)num);
1974 * possibly r < num (non-contiguous data)
1977 r = BIO_write(io2, dataptr, (int)num);
1978 if (r != (int)num) { /* can't happen */
1979 fprintf(stderr, "ERROR: BIO_write could not write "
1980 "BIO_ctrl_get_write_guarantee() bytes");
1986 printf((io1 == client_io) ?
1987 "C->S relaying: %d bytes\n" :
1988 "S->C relaying: %d bytes\n", (int)num);
1998 r1 = BIO_ctrl_pending(io2);
1999 r2 = BIO_ctrl_get_read_request(io1);
2001 * here we could use ..._get_write_guarantee instead of
2002 * ..._get_read_request, but by using the latter we test
2003 * restartability of the SSL implementation more thoroughly
2015 --num; /* test restartability even more thoroughly */
2017 r = BIO_nwrite0(io1, &dataptr);
2021 r = BIO_read(io2, dataptr, (int)num);
2022 if (r != (int)num) { /* can't happen */
2023 fprintf(stderr, "ERROR: BIO_read could not read "
2024 "BIO_ctrl_pending() bytes");
2028 r = BIO_nwrite(io1, &dataptr, (int)num);
2029 if (r != (int)num) { /* can't happen */
2030 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2031 "BIO_nwrite0() bytes");
2036 printf((io2 == client_io) ?
2037 "C->S relaying: %d bytes\n" :
2038 "S->C relaying: %d bytes\n", (int)num);
2040 } /* no loop, BIO_ctrl_get_read_request now
2041 * returns 0 anyway */
2043 if (!progress && !prev_progress)
2044 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2045 fprintf(stderr, "ERROR: got stuck\n");
2046 fprintf(stderr, " ERROR.\n");
2049 prev_progress = progress;
2052 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2055 print_details(c_ssl, "DONE via BIO pair: ");
2056 #ifndef OPENSSL_NO_NEXTPROTONEG
2057 if (verify_npn(c_ssl, s_ssl) < 0) {
2062 if (verify_serverinfo() < 0) {
2063 fprintf(stderr, "Server info verify error\n");
2067 if (verify_alpn(c_ssl, s_ssl) < 0) {
2072 if (custom_ext_error) {
2073 fprintf(stderr, "Custom extension error\n");
2082 ERR_print_errors(bio_err);
2085 BIO_free(server_io);
2087 BIO_free(client_io);
2088 BIO_free(s_ssl_bio);
2089 BIO_free(c_ssl_bio);
2099 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2101 char *cbuf = NULL, *sbuf = NULL;
2103 long cw_num = count, cr_num = count;
2104 long sw_num = count, sr_num = count;
2110 int c_r, c_w, s_r, s_w;
2113 int c_write, s_write;
2114 int do_server = 0, do_client = 0;
2115 int max_frag = 5 * 1024;
2117 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2119 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2121 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2124 c_to_s = BIO_new(BIO_s_mem());
2125 s_to_c = BIO_new(BIO_s_mem());
2126 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2127 ERR_print_errors(bio_err);
2131 c_bio = BIO_new(BIO_f_ssl());
2132 s_bio = BIO_new(BIO_f_ssl());
2133 if ((c_bio == NULL) || (s_bio == NULL)) {
2134 ERR_print_errors(bio_err);
2138 SSL_set_connect_state(c_ssl);
2139 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2140 SSL_set_max_send_fragment(c_ssl, max_frag);
2141 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2143 SSL_set_accept_state(s_ssl);
2144 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2145 SSL_set_max_send_fragment(s_ssl, max_frag);
2146 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2152 c_write = 1, s_write = 0;
2154 /* We can always do writes */
2159 i = (int)BIO_pending(s_bio);
2160 if ((i && s_r) || s_w)
2163 i = (int)BIO_pending(c_bio);
2164 if ((i && c_r) || c_w)
2167 if (do_server && debug) {
2168 if (SSL_in_init(s_ssl))
2169 printf("server waiting in SSL_accept - %s\n",
2170 SSL_state_string_long(s_ssl));
2173 printf("server:SSL_write()\n");
2175 printf("server:SSL_read()\n"); */
2178 if (do_client && debug) {
2179 if (SSL_in_init(c_ssl))
2180 printf("client waiting in SSL_connect - %s\n",
2181 SSL_state_string_long(c_ssl));
2184 printf("client:SSL_write()\n");
2186 printf("client:SSL_read()\n"); */
2189 if (!do_client && !do_server) {
2190 fprintf(stdout, "ERROR IN STARTUP\n");
2191 ERR_print_errors(bio_err);
2194 if (do_client && !(done & C_DONE)) {
2196 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2197 i = BIO_write(c_bio, cbuf, j);
2201 if (BIO_should_retry(c_bio)) {
2202 if (BIO_should_read(c_bio))
2204 if (BIO_should_write(c_bio))
2207 fprintf(stderr, "ERROR in CLIENT\n");
2208 ERR_print_errors(bio_err);
2211 } else if (i == 0) {
2212 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2216 printf("client wrote %d\n", i);
2221 if (max_frag > 1029)
2222 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2225 i = BIO_read(c_bio, cbuf, bufsiz);
2229 if (BIO_should_retry(c_bio)) {
2230 if (BIO_should_read(c_bio))
2232 if (BIO_should_write(c_bio))
2235 fprintf(stderr, "ERROR in CLIENT\n");
2236 ERR_print_errors(bio_err);
2239 } else if (i == 0) {
2240 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2244 printf("client read %d\n", i);
2253 done = S_DONE | C_DONE;
2259 if (do_server && !(done & S_DONE)) {
2261 i = BIO_read(s_bio, sbuf, bufsiz);
2265 if (BIO_should_retry(s_bio)) {
2266 if (BIO_should_read(s_bio))
2268 if (BIO_should_write(s_bio))
2271 fprintf(stderr, "ERROR in SERVER\n");
2272 ERR_print_errors(bio_err);
2275 } else if (i == 0) {
2276 ERR_print_errors(bio_err);
2278 "SSL SERVER STARTUP FAILED in SSL_read\n");
2282 printf("server read %d\n", i);
2295 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2296 i = BIO_write(s_bio, sbuf, j);
2300 if (BIO_should_retry(s_bio)) {
2301 if (BIO_should_read(s_bio))
2303 if (BIO_should_write(s_bio))
2306 fprintf(stderr, "ERROR in SERVER\n");
2307 ERR_print_errors(bio_err);
2310 } else if (i == 0) {
2311 ERR_print_errors(bio_err);
2313 "SSL SERVER STARTUP FAILED in SSL_write\n");
2317 printf("server wrote %d\n", i);
2323 if (max_frag > 1029)
2324 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2329 if ((done & S_DONE) && (done & C_DONE))
2334 print_details(c_ssl, "DONE: ");
2335 #ifndef OPENSSL_NO_NEXTPROTONEG
2336 if (verify_npn(c_ssl, s_ssl) < 0) {
2341 if (verify_serverinfo() < 0) {
2342 fprintf(stderr, "Server info verify error\n");
2346 if (custom_ext_error) {
2347 fprintf(stderr, "Custom extension error\n");
2354 * We have to set the BIO's to NULL otherwise they will be
2355 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
2356 * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
2357 * c_ssl are sharing the same BIO structure and SSL_set_bio() and
2358 * SSL_free() automatically BIO_free non NULL entries. You should not
2359 * normally do this or be required to do this
2361 if (s_ssl != NULL) {
2365 if (c_ssl != NULL) {
2372 BIO_free_all(c_bio);
2373 BIO_free_all(s_bio);
2380 static int get_proxy_auth_ex_data_idx(void)
2382 static volatile int idx = -1;
2384 CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
2386 idx = X509_STORE_CTX_get_ex_new_index(0,
2387 "SSLtest for verify callback",
2390 CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
2395 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2399 s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
2403 printf("depth=%d %s\n", ctx->error_depth, buf);
2405 fprintf(stderr, "depth=%d error=%d %s\n",
2406 ctx->error_depth, ctx->error, buf);
2411 switch (ctx->error) {
2413 fprintf(stderr, "Error string: %s\n",
2414 X509_verify_cert_error_string(ctx->error));
2416 case X509_V_ERR_CERT_NOT_YET_VALID:
2417 case X509_V_ERR_CERT_HAS_EXPIRED:
2418 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2424 X509 *xs = ctx->current_cert;
2425 if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
2426 unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
2427 get_proxy_auth_ex_data_idx
2433 PROXY_CERT_INFO_EXTENSION *pci =
2434 X509_get_ext_d2i(xs, NID_proxyCertInfo,
2437 switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
2438 case NID_Independent:
2440 * Completely meaningless in this program, as there's no
2441 * way to grant explicit rights to a specific PrC.
2442 * Basically, using id-ppl-Independent is the perfect way
2443 * to grant no rights at all.
2445 fprintf(stderr, " Independent proxy certificate");
2446 for (i = 0; i < 26; i++)
2449 case NID_id_ppl_inheritAll:
2451 * This is basically a NOP, we simply let the current
2452 * rights stand as they are.
2454 fprintf(stderr, " Proxy certificate inherits all");
2458 pci->proxyPolicy->policy->data;
2459 i = pci->proxyPolicy->policy->length;
2462 * The algorithm works as follows: it is assumed that
2463 * previous iterations or the initial granted rights has
2464 * already set some elements of `letters'. What we need
2465 * to do is to clear those that weren't granted by the
2466 * current PrC as well. The easiest way to do this is to
2467 * add 1 to all the elements whose letters are given with
2468 * the current policy. That way, all elements that are
2469 * set by the current policy and were already set by
2470 * earlier policies and through the original grant of
2471 * rights will get the value 2 or higher. The last thing
2472 * to do is to sweep through `letters' and keep the
2473 * elements having the value 2 as set, and clear all the
2477 printf(" Certificate proxy rights = %*.*s", i,
2481 if (isascii(c) && isalpha(c)) {
2487 for (i = 0; i < 26; i++)
2495 printf(", resulting proxy rights = ");
2496 for (i = 0; i < 26; i++)
2498 printf("%c", i + 'A');
2505 PROXY_CERT_INFO_EXTENSION_free(pci);
2513 static void process_proxy_debug(int indent, const char *format, ...)
2516 static const char indentation[] =
2517 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
2518 ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
2519 char my_format[256];
2522 BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
2523 indent, indent, indentation, format);
2525 va_start(args, format);
2526 vfprintf(stderr, my_format, args);
2536 static int process_proxy_cond_adders(unsigned int letters[26],
2537 const char *cond, const char **cond_end,
2538 int *pos, int indent);
2539 static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
2540 const char **cond_end, int *pos, int indent)
2546 while (isspace((int)*cond)) {
2553 process_proxy_debug(indent,
2554 "Start process_proxy_cond_val at position %d: %s\n",
2561 while (isspace((int)*cond)) {
2571 ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
2576 while (isspace((int)*cond)) {
2583 "Weird condition character in position %d: "
2590 } else if (isascii(c) && isalpha(c)) {
2593 ok = letters[c - 'A'];
2598 "Weird condition character in position %d: " "%c\n", *pos, c);
2604 if (ok >= 0 && negate)
2608 process_proxy_debug(indent,
2609 "End process_proxy_cond_val at position %d: %s, returning %d\n",
2615 static int process_proxy_cond_multipliers(unsigned int letters[26],
2617 const char **cond_end, int *pos,
2624 process_proxy_debug(indent,
2625 "Start process_proxy_cond_multipliers at position %d: %s\n",
2628 ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
2634 while (isspace((int)*cond)) {
2648 ok = process_proxy_cond_val(letters,
2649 cond, cond_end, pos, indent + 1);
2662 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2674 process_proxy_debug(indent,
2675 "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
2682 static int process_proxy_cond_adders(unsigned int letters[26],
2683 const char *cond, const char **cond_end,
2684 int *pos, int indent)
2690 process_proxy_debug(indent,
2691 "Start process_proxy_cond_adders at position %d: %s\n",
2694 ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
2701 while (isspace((int)*cond)) {
2714 ok = process_proxy_cond_multipliers(letters,
2715 cond, cond_end, pos,
2726 fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
2738 process_proxy_debug(indent,
2739 "End process_proxy_cond_adders at position %d: %s, returning %d\n",
2746 static int process_proxy_cond(unsigned int letters[26],
2747 const char *cond, const char **cond_end)
2750 return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
2753 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2756 struct app_verify_arg *cb_arg = arg;
2757 unsigned int letters[26]; /* only used with proxy_auth */
2759 if (cb_arg->app_verify) {
2760 char *s = NULL, buf[256];
2762 printf("In app_verify_callback, allowing cert. ");
2763 printf("Arg is: %s\n", cb_arg->string);
2764 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2765 (void *)ctx, (void *)ctx->cert);
2767 s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
2769 printf("cert depth=%d %s\n", ctx->error_depth, buf);
2773 if (cb_arg->proxy_auth) {
2774 int found_any = 0, i;
2777 for (i = 0; i < 26; i++)
2779 for (sp = cb_arg->proxy_auth; *sp; sp++) {
2781 if (isascii(c) && isalpha(c)) {
2784 letters[c - 'A'] = 1;
2788 printf(" Initial proxy rights = ");
2789 for (i = 0; i < 26; i++)
2791 printf("%c", i + 'A');
2798 X509_STORE_CTX_set_ex_data(ctx,
2799 get_proxy_auth_ex_data_idx(), letters);
2801 if (cb_arg->allow_proxy_certs) {
2802 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
2804 ok = X509_verify_cert(ctx);
2806 if (cb_arg->proxy_auth) {
2808 const char *cond_end = NULL;
2810 ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
2816 "Stopped processing condition before it's end.\n");
2821 "Proxy rights check with condition '%s' invalid\n",
2822 cb_arg->proxy_cond);
2824 printf("Proxy rights check with condition '%s' ok\n",
2825 cb_arg->proxy_cond);
2831 #ifndef OPENSSL_NO_RSA
2832 static RSA *rsa_tmp = NULL;
2834 static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength)
2837 if (rsa_tmp == NULL) {
2839 rsa_tmp = RSA_new();
2840 if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
2841 BIO_printf(bio_err, "Memory error...");
2844 printf("Generating temp (%d bit) RSA key...", keylength);
2845 if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
2846 BIO_printf(bio_err, "Error generating key.");
2857 static void free_tmp_rsa(void)
2864 #ifndef OPENSSL_NO_DH
2866 * These DH parameters have been generated as follows:
2867 * $ openssl dhparam -C -noout 512
2868 * $ openssl dhparam -C -noout 1024
2869 * $ openssl dhparam -C -noout -dsaparam 1024
2870 * (The third function has been renamed to avoid name conflicts.)
2872 static DH *get_dh512()
2874 static unsigned char dh512_p[] = {
2875 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2877 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2879 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2881 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2883 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2885 0x02, 0xC5, 0xAE, 0x23,
2887 static unsigned char dh512_g[] = {
2892 if ((dh = DH_new()) == NULL)
2894 dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2895 dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2896 if ((dh->p == NULL) || (dh->g == NULL)) {
2903 static DH *get_dh1024()
2905 static unsigned char dh1024_p[] = {
2906 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2908 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2910 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2912 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2914 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2916 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2918 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2920 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2922 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2924 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2926 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2928 static unsigned char dh1024_g[] = {
2933 if ((dh = DH_new()) == NULL)
2935 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2936 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2937 if ((dh->p == NULL) || (dh->g == NULL)) {
2944 static DH *get_dh1024dsa()
2946 static unsigned char dh1024_p[] = {
2947 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2949 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2951 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2953 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2955 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2957 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2959 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2961 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2963 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2965 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2967 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2969 static unsigned char dh1024_g[] = {
2970 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2972 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2974 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2976 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2978 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2980 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2982 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2984 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2986 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
2988 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
2990 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
2994 if ((dh = DH_new()) == NULL)
2996 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2997 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2998 if ((dh->p == NULL) || (dh->g == NULL)) {
3007 #ifndef OPENSSL_NO_PSK
3008 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3009 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3010 unsigned int max_psk_len)
3015 ret = BN_hex2bn(&bn, pskkey);
3017 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3022 if (BN_num_bytes(bn) > (int)max_psk_len) {
3024 "psk buffer of callback is too small (%d) for key (%d)\n",
3025 max_psk_len, BN_num_bytes(bn));
3029 ret = BN_bn2bin(bn, psk);
3034 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3036 unsigned int max_identity_len,
3038 unsigned int max_psk_len)
3041 unsigned int psk_len = 0;
3043 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3047 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3049 ret = psk_key2bn(psk_key, psk, max_psk_len);
3057 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3059 unsigned int max_psk_len)
3061 unsigned int psk_len = 0;
3063 if (strcmp(identity, "Client_identity") != 0) {
3064 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3067 psk_len = psk_key2bn(psk_key, psk, max_psk_len);
3072 static int do_test_cipherlist(void)
3075 const SSL_METHOD *meth;
3076 const SSL_CIPHER *ci, *tci = NULL;
3078 #ifndef OPENSSL_NO_SSL3
3079 meth = SSLv3_method();
3081 while ((ci = meth->get_cipher(i++)) != NULL) {
3083 if (ci->id >= tci->id) {
3084 fprintf(stderr, "testing SSLv3 cipher list order: ");
3085 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
3091 meth = TLSv1_method();
3093 while ((ci = meth->get_cipher(i++)) != NULL) {
3095 if (ci->id >= tci->id) {
3096 fprintf(stderr, "testing TLSv1 cipher list order: ");
3097 fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);