1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
86 * 6. Redistributions of any form whatsoever must retain the following
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
143 #define _BSD_SOURCE 1
144 #define _DEFAULT_SOURCE 1
157 #ifdef OPENSSL_SYS_VMS
159 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
161 # define _XOPEN_SOURCE 500
166 #include <openssl/bio.h>
167 #include <openssl/crypto.h>
168 #include <openssl/evp.h>
169 #include <openssl/x509.h>
170 #include <openssl/x509v3.h>
171 #include <openssl/ssl.h>
172 #ifndef OPENSSL_NO_ENGINE
173 # include <openssl/engine.h>
175 #include <openssl/err.h>
176 #include <openssl/rand.h>
177 #ifndef OPENSSL_NO_RSA
178 # include <openssl/rsa.h>
180 #ifndef OPENSSL_NO_DSA
181 # include <openssl/dsa.h>
183 #ifndef OPENSSL_NO_DH
184 # include <openssl/dh.h>
186 #ifndef OPENSSL_NO_SRP
187 # include <openssl/srp.h>
189 #include <openssl/bn.h>
190 #ifndef OPENSSL_NO_CT
191 # include <openssl/ct.h>
194 #include "../ssl/ssl_locl.h"
197 * Or gethostname won't be declared properly
198 * on Compaq platforms (at least with DEC C).
199 * Do not try to put it earlier, or IPv6 includes
202 #define _XOPEN_SOURCE_EXTENDED 1
204 #ifdef OPENSSL_SYS_WINDOWS
205 # include <winsock.h>
207 # include OPENSSL_UNISTD
210 static SSL_CTX *s_ctx = NULL;
211 static SSL_CTX *s_ctx2 = NULL;
214 * There is really no standard for this, so let's assign something
219 static int verify_callback(int ok, X509_STORE_CTX *ctx);
220 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
221 #define APP_CALLBACK_STRING "Test Callback Argument"
222 struct app_verify_arg {
227 #ifndef OPENSSL_NO_DH
228 static DH *get_dh512(void);
229 static DH *get_dh1024(void);
230 static DH *get_dh1024dsa(void);
233 static char *psk_key = NULL; /* by default PSK is not used */
234 #ifndef OPENSSL_NO_PSK
235 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
237 unsigned int max_identity_len,
239 unsigned int max_psk_len);
240 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
242 unsigned int max_psk_len);
245 #ifndef OPENSSL_NO_SRP
247 /* This is a context that we pass to all callbacks */
248 typedef struct srp_client_arg_st {
253 # define PWD_STRLEN 1024
255 static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
257 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
258 return OPENSSL_strdup((char *)srp_client_arg->srppassin);
262 /* This is a context that we pass to SRP server callbacks */
263 typedef struct srp_server_arg_st {
268 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
270 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
272 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
273 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
274 return SSL3_AL_FATAL;
276 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
277 *ad = SSL_AD_INTERNAL_ERROR;
278 return SSL3_AL_FATAL;
280 return SSL_ERROR_NONE;
284 static BIO *bio_err = NULL;
285 static BIO *bio_stdout = NULL;
287 #ifndef OPENSSL_NO_NEXTPROTONEG
288 /* Note that this code assumes that this is only a one element list: */
289 static const char NEXT_PROTO_STRING[] = "\x09testproto";
290 static int npn_client = 0;
291 static int npn_server = 0;
292 static int npn_server_reject = 0;
294 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
295 const unsigned char *in, unsigned int inlen,
299 * This callback only returns the protocol string, rather than a length
300 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
301 * and remove the first byte to chop off the length prefix.
303 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
304 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
305 return SSL_TLSEXT_ERR_OK;
308 static int cb_server_npn(SSL *s, const unsigned char **data,
309 unsigned int *len, void *arg)
311 *data = (const unsigned char *)NEXT_PROTO_STRING;
312 *len = sizeof(NEXT_PROTO_STRING) - 1;
313 return SSL_TLSEXT_ERR_OK;
316 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
317 unsigned int *len, void *arg)
319 return SSL_TLSEXT_ERR_NOACK;
322 static int verify_npn(SSL *client, SSL *server)
324 const unsigned char *client_s;
326 const unsigned char *server_s;
329 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
330 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
333 BIO_printf(bio_stdout, "Client NPN: ");
334 BIO_write(bio_stdout, client_s, client_len);
335 BIO_printf(bio_stdout, "\n");
339 BIO_printf(bio_stdout, "Server NPN: ");
340 BIO_write(bio_stdout, server_s, server_len);
341 BIO_printf(bio_stdout, "\n");
345 * If an NPN string was returned, it must be the protocol that we
346 * expected to negotiate.
348 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
349 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
351 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
352 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
355 if (!npn_client && client_len)
357 if (!npn_server && server_len)
359 if (npn_server_reject && server_len)
361 if (npn_client && npn_server && (!client_len || !server_len))
368 static const char *alpn_client;
369 static char *alpn_server;
370 static char *alpn_server2;
371 static const char *alpn_expected;
372 static unsigned char *alpn_selected;
373 static const char *server_min_proto;
374 static const char *server_max_proto;
375 static const char *client_min_proto;
376 static const char *client_max_proto;
377 static const char *should_negotiate;
378 static const char *sn_client;
379 static const char *sn_server1;
380 static const char *sn_server2;
381 static int sn_expect = 0;
382 static const char *server_sess_out;
383 static const char *server_sess_in;
384 static const char *client_sess_out;
385 static const char *client_sess_in;
386 static SSL_SESSION *server_sess;
387 static SSL_SESSION *client_sess;
389 static int servername_cb(SSL *s, int *ad, void *arg)
391 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
392 if (sn_server2 == NULL) {
393 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
394 return SSL_TLSEXT_ERR_NOACK;
398 if (s_ctx2 != NULL && sn_server2 != NULL &&
399 !strcasecmp(servername, sn_server2)) {
400 BIO_printf(bio_stdout, "Switching server context.\n");
401 SSL_set_SSL_CTX(s, s_ctx2);
404 return SSL_TLSEXT_ERR_OK;
406 static int verify_servername(SSL *client, SSL *server)
408 /* just need to see if sn_context is what we expect */
409 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
412 if (sn_expect == 1 && ctx == s_ctx)
414 if (sn_expect == 2 && ctx == s_ctx2)
416 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
418 BIO_printf(bio_stdout, "Servername: context is 2\n");
419 else if (ctx == s_ctx)
420 BIO_printf(bio_stdout, "Servername: context is 1\n");
422 BIO_printf(bio_stdout, "Servername: context is unknown\n");
428 * next_protos_parse parses a comma separated list of strings into a string
429 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
430 * outlen: (output) set to the length of the resulting buffer on success.
431 * err: (maybe NULL) on failure, an error message line is written to this BIO.
432 * in: a NUL terminated string like "abc,def,ghi"
434 * returns: a malloced buffer or NULL on failure.
436 static unsigned char *next_protos_parse(size_t *outlen,
447 out = OPENSSL_malloc(strlen(in) + 1);
451 for (i = 0; i <= len; ++i) {
452 if (i == len || in[i] == ',') {
453 if (i - start > 255) {
457 out[start] = i - start;
467 static int cb_server_alpn(SSL *s, const unsigned char **out,
468 unsigned char *outlen, const unsigned char *in,
469 unsigned int inlen, void *arg)
471 unsigned char *protos;
473 char* alpn_str = arg;
475 protos = next_protos_parse(&protos_len, alpn_str);
476 if (protos == NULL) {
477 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
482 if (SSL_select_next_proto
483 ((unsigned char **)out, outlen, protos, protos_len, in,
484 inlen) != OPENSSL_NPN_NEGOTIATED) {
485 OPENSSL_free(protos);
486 return SSL_TLSEXT_ERR_NOACK;
490 * Make a copy of the selected protocol which will be freed in
493 alpn_selected = OPENSSL_malloc(*outlen);
494 memcpy(alpn_selected, *out, *outlen);
495 *out = alpn_selected;
497 OPENSSL_free(protos);
498 return SSL_TLSEXT_ERR_OK;
501 static int verify_alpn(SSL *client, SSL *server)
503 const unsigned char *client_proto, *server_proto;
504 unsigned int client_proto_len = 0, server_proto_len = 0;
505 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
506 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
508 OPENSSL_free(alpn_selected);
509 alpn_selected = NULL;
511 if (client_proto_len != server_proto_len) {
512 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
516 if (client_proto != NULL &&
517 memcmp(client_proto, server_proto, client_proto_len) != 0) {
518 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
522 if (client_proto_len > 0 && alpn_expected == NULL) {
523 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
527 if (alpn_expected != NULL &&
528 (client_proto_len != strlen(alpn_expected) ||
529 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
530 BIO_printf(bio_stdout,
531 "ALPN selected protocols not equal to expected protocol: %s\n",
539 BIO_printf(bio_stdout, "ALPN results: client: '");
540 BIO_write(bio_stdout, client_proto, client_proto_len);
541 BIO_printf(bio_stdout, "', server: '");
542 BIO_write(bio_stdout, server_proto, server_proto_len);
543 BIO_printf(bio_stdout, "'\n");
544 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
546 if (SSL_get_SSL_CTX(server) == s_ctx2) {
547 BIO_printf(bio_stdout, "%s'\n",
550 BIO_printf(bio_stdout, "%s'\n",
557 * WARNING : below extension types are *NOT* IETF assigned, and could
558 * conflict if these types are reassigned and handled specially by OpenSSL
561 #define TACK_EXT_TYPE 62208
562 #define CUSTOM_EXT_TYPE_0 1000
563 #define CUSTOM_EXT_TYPE_1 1001
564 #define CUSTOM_EXT_TYPE_2 1002
565 #define CUSTOM_EXT_TYPE_3 1003
567 static const char custom_ext_cli_string[] = "abc";
568 static const char custom_ext_srv_string[] = "defg";
570 /* These set from cmdline */
571 static char *serverinfo_file = NULL;
572 static int serverinfo_sct = 0;
573 static int serverinfo_tack = 0;
575 /* These set based on extension callbacks */
576 static int serverinfo_sct_seen = 0;
577 static int serverinfo_tack_seen = 0;
578 static int serverinfo_other_seen = 0;
580 /* This set from cmdline */
581 static int custom_ext = 0;
583 /* This set based on extension callbacks */
584 static int custom_ext_error = 0;
586 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
587 const unsigned char *in, size_t inlen,
590 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
591 serverinfo_sct_seen++;
592 else if (ext_type == TACK_EXT_TYPE)
593 serverinfo_tack_seen++;
595 serverinfo_other_seen++;
599 static int verify_serverinfo()
601 if (serverinfo_sct != serverinfo_sct_seen)
603 if (serverinfo_tack != serverinfo_tack_seen)
605 if (serverinfo_other_seen)
611 * Four test cases for custom extensions:
612 * 0 - no ClientHello extension or ServerHello response
613 * 1 - ClientHello with "abc", no response
614 * 2 - ClientHello with "abc", empty response
615 * 3 - ClientHello with "abc", "defg" response
618 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
619 const unsigned char **out,
620 size_t *outlen, int *al, void *arg)
622 if (ext_type != CUSTOM_EXT_TYPE_0)
623 custom_ext_error = 1;
624 return 0; /* Don't send an extension */
627 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
628 const unsigned char *in,
629 size_t inlen, int *al, void *arg)
634 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
635 const unsigned char **out,
636 size_t *outlen, int *al, void *arg)
638 if (ext_type != CUSTOM_EXT_TYPE_1)
639 custom_ext_error = 1;
640 *out = (const unsigned char *)custom_ext_cli_string;
641 *outlen = strlen(custom_ext_cli_string);
642 return 1; /* Send "abc" */
645 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
646 const unsigned char *in,
647 size_t inlen, int *al, void *arg)
652 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
653 const unsigned char **out,
654 size_t *outlen, int *al, void *arg)
656 if (ext_type != CUSTOM_EXT_TYPE_2)
657 custom_ext_error = 1;
658 *out = (const unsigned char *)custom_ext_cli_string;
659 *outlen = strlen(custom_ext_cli_string);
660 return 1; /* Send "abc" */
663 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
664 const unsigned char *in,
665 size_t inlen, int *al, void *arg)
667 if (ext_type != CUSTOM_EXT_TYPE_2)
668 custom_ext_error = 1;
670 custom_ext_error = 1; /* Should be empty response */
674 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
675 const unsigned char **out,
676 size_t *outlen, int *al, void *arg)
678 if (ext_type != CUSTOM_EXT_TYPE_3)
679 custom_ext_error = 1;
680 *out = (const unsigned char *)custom_ext_cli_string;
681 *outlen = strlen(custom_ext_cli_string);
682 return 1; /* Send "abc" */
685 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
686 const unsigned char *in,
687 size_t inlen, int *al, void *arg)
689 if (ext_type != CUSTOM_EXT_TYPE_3)
690 custom_ext_error = 1;
691 if (inlen != strlen(custom_ext_srv_string))
692 custom_ext_error = 1;
693 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
694 custom_ext_error = 1; /* Check for "defg" */
699 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
702 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
703 const unsigned char *in,
704 size_t inlen, int *al, void *arg)
706 custom_ext_error = 1;
710 /* 'add' callbacks are only called if the 'parse' callback is called */
711 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
712 const unsigned char **out,
713 size_t *outlen, int *al, void *arg)
715 /* Error: should not have been called */
716 custom_ext_error = 1;
717 return 0; /* Don't send an extension */
720 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
721 const unsigned char *in,
722 size_t inlen, int *al, void *arg)
724 if (ext_type != CUSTOM_EXT_TYPE_1)
725 custom_ext_error = 1;
726 /* Check for "abc" */
727 if (inlen != strlen(custom_ext_cli_string))
728 custom_ext_error = 1;
729 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
730 custom_ext_error = 1;
734 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
735 const unsigned char **out,
736 size_t *outlen, int *al, void *arg)
738 return 0; /* Don't send an extension */
741 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
742 const unsigned char *in,
743 size_t inlen, int *al, void *arg)
745 if (ext_type != CUSTOM_EXT_TYPE_2)
746 custom_ext_error = 1;
747 /* Check for "abc" */
748 if (inlen != strlen(custom_ext_cli_string))
749 custom_ext_error = 1;
750 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
751 custom_ext_error = 1;
755 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
756 const unsigned char **out,
757 size_t *outlen, int *al, void *arg)
761 return 1; /* Send empty extension */
764 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
765 const unsigned char *in,
766 size_t inlen, int *al, void *arg)
768 if (ext_type != CUSTOM_EXT_TYPE_3)
769 custom_ext_error = 1;
770 /* Check for "abc" */
771 if (inlen != strlen(custom_ext_cli_string))
772 custom_ext_error = 1;
773 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
774 custom_ext_error = 1;
778 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
779 const unsigned char **out,
780 size_t *outlen, int *al, void *arg)
782 *out = (const unsigned char *)custom_ext_srv_string;
783 *outlen = strlen(custom_ext_srv_string);
784 return 1; /* Send "defg" */
787 static char *cipher = NULL;
788 static int verbose = 0;
789 static int debug = 0;
790 static const char rnd_seed[] =
791 "string to make the random number generator think it has entropy";
793 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
794 long bytes, clock_t *s_time, clock_t *c_time);
795 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
797 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
799 static void sv_usage(void)
801 fprintf(stderr, "usage: ssltest [args ...]\n");
802 fprintf(stderr, "\n");
804 fprintf(stderr, "-F - run test in FIPS mode\n");
806 fprintf(stderr, " -server_auth - check server certificate\n");
807 fprintf(stderr, " -client_auth - do client authentication\n");
808 fprintf(stderr, " -v - more output\n");
809 fprintf(stderr, " -d - debug output\n");
810 fprintf(stderr, " -reuse - use session-id reuse\n");
811 fprintf(stderr, " -num <val> - number of connections to perform\n");
813 " -bytes <val> - number of bytes to swap between client/server\n");
814 #ifndef OPENSSL_NO_DH
816 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
818 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
820 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
821 fprintf(stderr, " -no_dhe - disable DHE\n");
823 #ifndef OPENSSL_NO_EC
824 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
826 #ifndef OPENSSL_NO_PSK
827 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
829 #ifndef OPENSSL_NO_SRP
830 fprintf(stderr, " -srpuser user - SRP username to use\n");
831 fprintf(stderr, " -srppass arg - password for 'user'\n");
833 #ifndef OPENSSL_NO_SSL3
834 fprintf(stderr, " -ssl3 - use SSLv3\n");
836 #ifndef OPENSSL_NO_TLS1
837 fprintf(stderr, " -tls1 - use TLSv1\n");
839 #ifndef OPENSSL_NO_DTLS
840 fprintf(stderr, " -dtls - use DTLS\n");
841 #ifndef OPENSSL_NO_DTLS1
842 fprintf(stderr, " -dtls1 - use DTLSv1\n");
844 #ifndef OPENSSL_NO_DTLS1_2
845 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
848 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
849 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
850 fprintf(stderr, " -cert arg - Server certificate file\n");
852 " -key arg - Server key file (default: same as -cert)\n");
853 fprintf(stderr, " -c_cert arg - Client certificate file\n");
855 " -c_key arg - Client key file (default: same as -c_cert)\n");
856 fprintf(stderr, " -cipher arg - The cipher list\n");
857 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
858 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
859 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
860 fprintf(stderr, " -f - Test even cases that can't work\n");
862 " -time - measure processor time used by client and server\n");
863 fprintf(stderr, " -zlib - use zlib compression\n");
864 #ifndef OPENSSL_NO_NEXTPROTONEG
865 fprintf(stderr, " -npn_client - have client side offer NPN\n");
866 fprintf(stderr, " -npn_server - have server side offer NPN\n");
867 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
869 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
870 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
872 " -serverinfo_tack - have client offer and expect TACK\n");
874 " -custom_ext - try various custom extension callbacks\n");
875 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
876 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
877 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
878 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
880 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
881 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
882 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
883 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
884 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
885 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
886 #ifndef OPENSSL_NO_CT
887 fprintf(stderr, " -noct - no certificate transparency\n");
888 fprintf(stderr, " -requestct - request certificate transparency\n");
889 fprintf(stderr, " -requirect - require certificate transparency\n");
891 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
892 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
893 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
894 fprintf(stderr, " -sn_expect1 - expected server 1\n");
895 fprintf(stderr, " -sn_expect2 - expected server 2\n");
896 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
897 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
898 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
899 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
900 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
901 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
904 static void print_key_details(BIO *out, EVP_PKEY *key)
906 int keyid = EVP_PKEY_id(key);
907 #ifndef OPENSSL_NO_EC
908 if (keyid == EVP_PKEY_EC) {
909 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
912 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
914 cname = EC_curve_nid2nist(nid);
916 cname = OBJ_nid2sn(nid);
917 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
933 algname = OBJ_nid2sn(keyid);
936 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
940 static void print_details(SSL *c_ssl, const char *prefix)
942 const SSL_CIPHER *ciph;
947 ciph = SSL_get_current_cipher(c_ssl);
948 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
950 SSL_get_version(c_ssl),
951 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
952 cert = SSL_get_peer_certificate(c_ssl);
954 pkey = X509_get_pubkey(cert);
956 BIO_puts(bio_stdout, ", ");
957 print_key_details(bio_stdout, pkey);
962 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
963 BIO_puts(bio_stdout, ", temp key: ");
964 print_key_details(bio_stdout, pkey);
967 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
968 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
969 BIO_printf(bio_stdout, "\n");
973 * protocol_from_string - converts a protocol version string to a number
975 * Returns -1 on failure or the version on success
977 static int protocol_from_string(const char *value)
979 struct protocol_versions {
983 static const struct protocol_versions versions[] = {
984 {"ssl3", SSL3_VERSION},
985 {"tls1", TLS1_VERSION},
986 {"tls1.1", TLS1_1_VERSION},
987 {"tls1.2", TLS1_2_VERSION},
988 {"dtls1", DTLS1_VERSION},
989 {"dtls1.2", DTLS1_2_VERSION}};
991 size_t n = OSSL_NELEM(versions);
993 for (i = 0; i < n; i++)
994 if (strcmp(versions[i].name, value) == 0)
995 return versions[i].version;
999 static SSL_SESSION *read_session(const char *filename)
1002 BIO *f = BIO_new_file(filename, "r");
1005 BIO_printf(bio_err, "Can't open session file %s\n", filename);
1006 ERR_print_errors(bio_err);
1009 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
1011 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
1012 ERR_print_errors(bio_err);
1018 static int write_session(const char *filename, SSL_SESSION *sess)
1020 BIO *f = BIO_new_file(filename, "w");
1023 BIO_printf(bio_err, "No session information\n");
1027 BIO_printf(bio_err, "Can't open session file %s\n", filename);
1028 ERR_print_errors(bio_err);
1031 PEM_write_bio_SSL_SESSION(f, sess);
1037 * set_protocol_version - Sets protocol version minimum or maximum
1039 * Returns 0 on failure and 1 on success
1041 static int set_protocol_version(const char *version, SSL *ssl, int setting)
1043 if (version != NULL) {
1044 int ver = protocol_from_string(version);
1046 BIO_printf(bio_err, "Error parsing: %s\n", version);
1049 return SSL_ctrl(ssl, setting, ver, NULL);
1054 int main(int argc, char *argv[])
1056 char *CApath = NULL, *CAfile = NULL;
1058 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
1060 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
1061 int client_auth = 0;
1062 int server_auth = 0, i;
1063 struct app_verify_arg app_verify_arg =
1064 { APP_CALLBACK_STRING, 0 };
1066 SSL_CTX *c_ctx = NULL;
1067 const SSL_METHOD *meth = NULL;
1069 int number = 1, reuse = 0;
1070 int should_reuse = -1;
1073 #ifndef OPENSSL_NO_DH
1075 int dhe512 = 0, dhe1024dsa = 0;
1077 #ifndef OPENSSL_NO_SRP
1079 SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
1081 SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
1086 clock_t s_time = 0, c_time = 0;
1087 #ifndef OPENSSL_NO_COMP
1089 COMP_METHOD *cm = NULL;
1090 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
1096 int min_version = 0, max_version = 0;
1097 #ifndef OPENSSL_NO_CT
1099 * Disable CT validation by default, because it will interfere with
1100 * anything using custom extension handlers to deal with SCT extensions.
1102 int ct_validation = 0;
1104 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
1105 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
1106 char *arg = NULL, *argn = NULL;
1112 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
1114 p = getenv("OPENSSL_DEBUG_MEMORY");
1115 if (p != NULL && strcmp(p, "on") == 0)
1116 CRYPTO_set_mem_debug(1);
1117 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1119 RAND_seed(rnd_seed, sizeof rnd_seed);
1121 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1123 s_cctx = SSL_CONF_CTX_new();
1124 s_cctx2 = SSL_CONF_CTX_new();
1125 c_cctx = SSL_CONF_CTX_new();
1127 if (!s_cctx || !c_cctx || !s_cctx2) {
1128 ERR_print_errors(bio_err);
1132 SSL_CONF_CTX_set_flags(s_cctx,
1133 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1134 SSL_CONF_FLAG_CERTIFICATE |
1135 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1136 SSL_CONF_CTX_set_flags(s_cctx2,
1137 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1138 SSL_CONF_FLAG_CERTIFICATE |
1139 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1140 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
1141 ERR_print_errors(bio_err);
1144 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
1145 ERR_print_errors(bio_err);
1149 SSL_CONF_CTX_set_flags(c_cctx,
1150 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
1151 SSL_CONF_FLAG_CERTIFICATE |
1152 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1153 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
1154 ERR_print_errors(bio_err);
1162 if (strcmp(*argv, "-F") == 0) {
1167 "not compiled with FIPS support, so exiting without running.\n");
1170 } else if (strcmp(*argv, "-server_auth") == 0)
1172 else if (strcmp(*argv, "-client_auth") == 0)
1174 else if (strcmp(*argv, "-v") == 0)
1176 else if (strcmp(*argv, "-d") == 0)
1178 else if (strcmp(*argv, "-reuse") == 0)
1180 else if (strcmp(*argv, "-dhe512") == 0) {
1181 #ifndef OPENSSL_NO_DH
1185 "ignoring -dhe512, since I'm compiled without DH\n");
1187 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1188 #ifndef OPENSSL_NO_DH
1192 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1194 } else if (strcmp(*argv, "-no_dhe") == 0)
1196 else if (strcmp(*argv, "-no_ecdhe") == 0)
1198 else if (strcmp(*argv, "-psk") == 0) {
1201 psk_key = *(++argv);
1202 #ifndef OPENSSL_NO_PSK
1203 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1204 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1211 #ifndef OPENSSL_NO_SRP
1212 else if (strcmp(*argv, "-srpuser") == 0) {
1215 srp_server_arg.expected_user = srp_client_arg.srplogin =
1217 min_version = TLS1_VERSION;
1218 } else if (strcmp(*argv, "-srppass") == 0) {
1221 srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
1222 min_version = TLS1_VERSION;
1225 else if (strcmp(*argv, "-tls1") == 0) {
1227 } else if (strcmp(*argv, "-ssl3") == 0) {
1229 } else if (strcmp(*argv, "-dtls1") == 0) {
1231 } else if (strcmp(*argv, "-dtls12") == 0) {
1233 } else if (strcmp(*argv, "-dtls") == 0) {
1235 } else if (strncmp(*argv, "-num", 4) == 0) {
1238 number = atoi(*(++argv));
1241 } else if (strcmp(*argv, "-bytes") == 0) {
1244 bytes = atol(*(++argv));
1247 i = strlen(argv[0]);
1248 if (argv[0][i - 1] == 'k')
1250 if (argv[0][i - 1] == 'm')
1251 bytes *= 1024L * 1024L;
1252 } else if (strcmp(*argv, "-cipher") == 0) {
1256 } else if (strcmp(*argv, "-CApath") == 0) {
1260 } else if (strcmp(*argv, "-CAfile") == 0) {
1264 } else if (strcmp(*argv, "-bio_pair") == 0) {
1265 bio_type = BIO_PAIR;
1267 #ifndef OPENSSL_NO_SOCK
1268 else if (strcmp(*argv, "-ipv4") == 0) {
1269 bio_type = BIO_IPV4;
1270 } else if (strcmp(*argv, "-ipv6") == 0) {
1271 bio_type = BIO_IPV6;
1274 else if (strcmp(*argv, "-f") == 0) {
1276 } else if (strcmp(*argv, "-time") == 0) {
1279 #ifndef OPENSSL_NO_CT
1280 else if (strcmp(*argv, "-noct") == 0) {
1283 else if (strcmp(*argv, "-ct") == 0) {
1287 #ifndef OPENSSL_NO_COMP
1288 else if (strcmp(*argv, "-zlib") == 0) {
1292 else if (strcmp(*argv, "-app_verify") == 0) {
1293 app_verify_arg.app_verify = 1;
1295 #ifndef OPENSSL_NO_NEXTPROTONEG
1296 else if (strcmp(*argv, "-npn_client") == 0) {
1298 } else if (strcmp(*argv, "-npn_server") == 0) {
1300 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1301 npn_server_reject = 1;
1304 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1306 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1307 serverinfo_tack = 1;
1308 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1311 serverinfo_file = *(++argv);
1312 } else if (strcmp(*argv, "-custom_ext") == 0) {
1314 } else if (strcmp(*argv, "-alpn_client") == 0) {
1317 alpn_client = *(++argv);
1318 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1319 strcmp(*argv, "-alpn_server1") == 0) {
1322 alpn_server = *(++argv);
1323 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1326 alpn_server2 = *(++argv);
1327 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1330 alpn_expected = *(++argv);
1331 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1334 server_min_proto = *(++argv);
1335 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1338 server_max_proto = *(++argv);
1339 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1342 client_min_proto = *(++argv);
1343 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1346 client_max_proto = *(++argv);
1347 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1350 should_negotiate = *(++argv);
1351 } else if (strcmp(*argv, "-sn_client") == 0) {
1354 sn_client = *(++argv);
1355 } else if (strcmp(*argv, "-sn_server1") == 0) {
1358 sn_server1 = *(++argv);
1359 } else if (strcmp(*argv, "-sn_server2") == 0) {
1362 sn_server2 = *(++argv);
1363 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1365 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1367 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1370 server_sess_out = *(++argv);
1371 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1374 server_sess_in = *(++argv);
1375 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1378 client_sess_out = *(++argv);
1379 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1382 client_sess_in = *(++argv);
1383 } else if (strcmp(*argv, "-should_reuse") == 0) {
1386 should_reuse = !!atoi(*(++argv));
1387 } else if (strcmp(*argv, "-no_ticket") == 0) {
1393 /* Try to process command using SSL_CONF */
1394 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1395 /* If not processed try server */
1397 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1398 /* Recognised: store it for later use */
1403 conf_args = sk_OPENSSL_STRING_new_null();
1407 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1409 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1414 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1416 BIO_printf(bio_err, "Error with command %s\n", arg);
1418 BIO_printf(bio_err, "unknown option %s\n", arg);
1431 if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
1432 fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
1437 #ifdef OPENSSL_NO_SSL3
1442 #ifdef OPENSSL_NO_TLS1
1447 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1452 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1460 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1461 * Ideally, we would error out, but the generic test wrapper can't know
1462 * when to expect failure. So we do nothing and return success.
1465 fprintf(stderr, "Testing was requested for a disabled protocol. "
1466 "Skipping tests.\n");
1471 if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
1472 fprintf(stderr, "This case cannot work. Use -f to perform "
1473 "the test anyway (and\n-d to see what happens), "
1474 "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
1475 "to avoid protocol mismatch.\n");
1480 if (!FIPS_mode_set(1)) {
1481 ERR_print_errors(bio_err);
1484 fprintf(stderr, "*** IN FIPS MODE ***\n");
1489 if (bio_type != BIO_PAIR) {
1490 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1491 bio_type = BIO_PAIR;
1493 if (number < 50 && !force)
1495 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1498 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1500 #ifndef OPENSSL_NO_COMP
1501 if (comp == COMP_ZLIB)
1504 if (COMP_get_type(cm) != NID_undef) {
1505 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1506 fprintf(stderr, "Failed to add compression method\n");
1507 ERR_print_errors_fp(stderr);
1511 "Warning: %s compression not supported\n",
1512 comp == COMP_ZLIB ? "zlib" : "unknown");
1513 ERR_print_errors_fp(stderr);
1516 ssl_comp_methods = SSL_COMP_get_compression_methods();
1517 n = sk_SSL_COMP_num(ssl_comp_methods);
1520 printf("Available compression methods:");
1521 for (j = 0; j < n; j++) {
1522 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1523 printf(" %s:%d", c->name, c->id);
1529 #ifndef OPENSSL_NO_TLS
1530 meth = TLS_method();
1532 min_version = SSL3_VERSION;
1533 max_version = SSL3_VERSION;
1535 min_version = TLS1_VERSION;
1536 max_version = TLS1_VERSION;
1539 #ifndef OPENSSL_NO_DTLS
1540 if (dtls || dtls1 || dtls12)
1541 meth = DTLS_method();
1543 min_version = DTLS1_VERSION;
1544 max_version = DTLS1_VERSION;
1545 } else if (dtls12) {
1546 min_version = DTLS1_2_VERSION;
1547 max_version = DTLS1_2_VERSION;
1551 c_ctx = SSL_CTX_new(meth);
1552 s_ctx = SSL_CTX_new(meth);
1553 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1554 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1555 ERR_print_errors(bio_err);
1559 * Since we will use low security ciphersuites and keys for testing set
1560 * security level to zero by default. Tests can override this by adding
1561 * "@SECLEVEL=n" to the cipher string.
1563 SSL_CTX_set_security_level(c_ctx, 0);
1564 SSL_CTX_set_security_level(s_ctx, 0);
1565 SSL_CTX_set_security_level(s_ctx2, 0);
1568 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1569 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1572 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1574 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1576 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1578 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1581 if (cipher != NULL) {
1582 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1583 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1584 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1585 ERR_print_errors(bio_err);
1590 #ifndef OPENSSL_NO_CT
1591 if (ct_validation &&
1592 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1593 ERR_print_errors(bio_err);
1598 /* Process SSL_CONF arguments */
1599 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1600 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1601 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1603 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1605 arg = sk_OPENSSL_STRING_value(conf_args, i);
1606 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1607 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1608 /* If not recognised use server context */
1610 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1612 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1615 BIO_printf(bio_err, "Error processing %s %s\n",
1616 arg, argn ? argn : "");
1617 ERR_print_errors(bio_err);
1622 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1623 BIO_puts(bio_err, "Error finishing context\n");
1624 ERR_print_errors(bio_err);
1627 #ifndef OPENSSL_NO_DH
1630 dh = get_dh1024dsa();
1635 SSL_CTX_set_tmp_dh(s_ctx, dh);
1636 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1643 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1644 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1645 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1646 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1647 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1648 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1649 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1650 ERR_print_errors(bio_err);
1654 #ifndef OPENSSL_NO_CT
1655 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1656 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1657 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1658 ERR_print_errors(bio_err);
1663 printf("client authentication\n");
1664 SSL_CTX_set_verify(s_ctx,
1665 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1667 SSL_CTX_set_verify(s_ctx2,
1668 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1670 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1672 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1676 printf("server authentication\n");
1677 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1678 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1683 int session_id_context = 0;
1684 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1685 sizeof session_id_context) ||
1686 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1687 sizeof session_id_context)) {
1688 ERR_print_errors(bio_err);
1693 /* Use PSK only if PSK key is given */
1694 if (psk_key != NULL) {
1696 * no_psk is used to avoid putting psk command to openssl tool
1700 * if PSK is not compiled in and psk key is given, do nothing and
1706 #ifndef OPENSSL_NO_PSK
1707 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1708 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1709 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1711 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1712 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1713 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1714 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1715 ERR_print_errors(bio_err);
1720 #ifndef OPENSSL_NO_SRP
1721 if (srp_client_arg.srplogin) {
1722 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1723 BIO_printf(bio_err, "Unable to set SRP username\n");
1726 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1727 SSL_CTX_set_srp_client_pwd_callback(c_ctx,
1728 ssl_give_srp_client_pwd_cb);
1730 * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
1734 if (srp_server_arg.expected_user != NULL) {
1735 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1736 SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
1737 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1738 SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
1739 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1740 SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
1744 #ifndef OPENSSL_NO_NEXTPROTONEG
1746 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1749 if (npn_server_reject) {
1751 "Can't have both -npn_server and -npn_server_reject\n");
1754 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1755 SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL);
1757 if (npn_server_reject) {
1758 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
1760 SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
1765 if (serverinfo_sct) {
1766 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1767 TLSEXT_TYPE_signed_certificate_timestamp,
1769 serverinfo_cli_parse_cb, NULL)) {
1770 BIO_printf(bio_err, "Error adding SCT extension\n");
1774 if (serverinfo_tack) {
1775 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1777 serverinfo_cli_parse_cb, NULL)) {
1778 BIO_printf(bio_err, "Error adding TACK extension\n");
1782 if (serverinfo_file)
1783 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1784 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1785 BIO_printf(bio_err, "missing serverinfo file\n");
1790 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1791 custom_ext_0_cli_add_cb,
1793 custom_ext_0_cli_parse_cb, NULL)
1794 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1795 custom_ext_1_cli_add_cb,
1797 custom_ext_1_cli_parse_cb, NULL)
1798 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1799 custom_ext_2_cli_add_cb,
1801 custom_ext_2_cli_parse_cb, NULL)
1802 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1803 custom_ext_3_cli_add_cb,
1805 custom_ext_3_cli_parse_cb, NULL)
1806 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1807 custom_ext_0_srv_add_cb,
1809 custom_ext_0_srv_parse_cb, NULL)
1810 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1811 custom_ext_0_srv_add_cb,
1813 custom_ext_0_srv_parse_cb, NULL)
1814 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1815 custom_ext_1_srv_add_cb,
1817 custom_ext_1_srv_parse_cb, NULL)
1818 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1819 custom_ext_1_srv_add_cb,
1821 custom_ext_1_srv_parse_cb, NULL)
1822 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1823 custom_ext_2_srv_add_cb,
1825 custom_ext_2_srv_parse_cb, NULL)
1826 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1827 custom_ext_2_srv_add_cb,
1829 custom_ext_2_srv_parse_cb, NULL)
1830 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1831 custom_ext_3_srv_add_cb,
1833 custom_ext_3_srv_parse_cb, NULL)
1834 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1835 custom_ext_3_srv_add_cb,
1837 custom_ext_3_srv_parse_cb, NULL)) {
1838 BIO_printf(bio_err, "Error setting custom extensions\n");
1844 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1846 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1850 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1853 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1856 /* Returns 0 on success!! */
1857 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1858 BIO_printf(bio_err, "Error setting ALPN\n");
1865 if (server_sess_in != NULL) {
1866 server_sess = read_session(server_sess_in);
1867 if (server_sess == NULL)
1870 if (client_sess_in != NULL) {
1871 client_sess = read_session(client_sess_in);
1872 if (client_sess == NULL)
1876 if (server_sess_out != NULL || server_sess_in != NULL) {
1880 /* Use a fixed key so that we can decrypt the ticket. */
1881 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1882 keys = OPENSSL_zalloc(size);
1883 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1887 if (sn_server1 != NULL || sn_server2 != NULL)
1888 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1890 c_ssl = SSL_new(c_ctx);
1891 s_ssl = SSL_new(s_ctx);
1894 SSL_set_tlsext_host_name(c_ssl, sn_client);
1896 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1898 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1900 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1902 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1906 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1907 BIO_printf(bio_err, "Can't add server session\n");
1908 ERR_print_errors(bio_err);
1913 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1914 for (i = 0; i < number; i++) {
1916 if (!SSL_set_session(c_ssl, NULL)) {
1917 BIO_printf(bio_err, "Failed to set session\n");
1921 if (client_sess_in != NULL) {
1922 if (SSL_set_session(c_ssl, client_sess) == 0) {
1923 BIO_printf(bio_err, "Can't set client session\n");
1924 ERR_print_errors(bio_err);
1930 ret = doit(s_ssl, c_ssl, bytes);
1933 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1935 #ifndef OPENSSL_NO_SOCK
1937 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1938 bytes, &s_time, &c_time);
1941 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1942 bytes, &s_time, &c_time);
1954 if (should_negotiate && ret == 0 &&
1955 strcmp(should_negotiate, "fail-server") != 0 &&
1956 strcmp(should_negotiate, "fail-client") != 0) {
1957 int version = protocol_from_string(should_negotiate);
1959 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1963 if (SSL_version(c_ssl) != version) {
1964 BIO_printf(bio_err, "Unxpected version negotiated. "
1965 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1971 if (should_reuse != -1) {
1972 if (SSL_session_reused(s_ssl) != should_reuse ||
1973 SSL_session_reused(c_ssl) != should_reuse) {
1974 BIO_printf(bio_err, "Unexpected session reuse state. "
1975 "Expected: %d, server: %d, client: %d\n", should_reuse,
1976 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1982 if (server_sess_out != NULL) {
1983 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1988 if (client_sess_out != NULL) {
1989 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1996 print_details(c_ssl, "");
1999 #ifdef CLOCKS_PER_SEC
2001 * "To determine the time in seconds, the value returned by the clock
2002 * function should be divided by the value of the macro
2003 * CLOCKS_PER_SEC." -- ISO/IEC 9899
2005 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
2006 "Approximate total client time: %6.2f s\n",
2007 (double)s_time / CLOCKS_PER_SEC,
2008 (double)c_time / CLOCKS_PER_SEC);
2010 BIO_printf(bio_stdout,
2011 "Approximate total server time: %6.2f units\n"
2012 "Approximate total client time: %6.2f units\n",
2013 (double)s_time, (double)c_time);
2022 SSL_CTX_free(s_ctx);
2023 SSL_CTX_free(s_ctx2);
2024 SSL_CTX_free(c_ctx);
2025 SSL_CONF_CTX_free(s_cctx);
2026 SSL_CONF_CTX_free(s_cctx2);
2027 SSL_CONF_CTX_free(c_cctx);
2028 sk_OPENSSL_STRING_free(conf_args);
2030 BIO_free(bio_stdout);
2032 SSL_SESSION_free(server_sess);
2033 SSL_SESSION_free(client_sess);
2035 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
2036 if (CRYPTO_mem_leaks(bio_err) <= 0)
2043 #ifndef OPENSSL_NO_SOCK
2044 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
2045 clock_t *s_time, clock_t *c_time)
2047 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2048 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2049 BIO *acpt = NULL, *server = NULL, *client = NULL;
2052 int err_in_client = 0;
2053 int err_in_server = 0;
2055 acpt = BIO_new_accept("0");
2058 BIO_set_accept_ip_family(acpt, family);
2059 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
2060 if (BIO_do_accept(acpt) <= 0)
2063 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
2065 client = BIO_new_connect(addr_str);
2066 BIO_set_conn_ip_family(client, family);
2070 if (BIO_set_nbio(client, 1) <= 0)
2072 if (BIO_set_nbio(acpt, 1) <= 0)
2076 int st_connect = 0, st_accept = 0;
2078 while(!st_connect || !st_accept) {
2080 if (BIO_do_connect(client) <= 0) {
2081 if (!BIO_should_retry(client))
2088 if (BIO_do_accept(acpt) <= 0) {
2089 if (!BIO_should_retry(acpt))
2097 /* We're not interested in accepting further connects */
2098 server = BIO_pop(acpt);
2102 s_ssl_bio = BIO_new(BIO_f_ssl());
2106 c_ssl_bio = BIO_new(BIO_f_ssl());
2110 SSL_set_connect_state(c_ssl);
2111 SSL_set_bio(c_ssl, client, client);
2112 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2114 SSL_set_accept_state(s_ssl);
2115 SSL_set_bio(s_ssl, server, server);
2116 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2120 * c_ssl_bio: SSL filter BIO
2122 * client: I/O for SSL library
2125 * server: I/O for SSL library
2127 * s_ssl_bio: SSL filter BIO
2131 * We have non-blocking behaviour throughout this test program, but
2132 * can be sure that there is *some* progress in each iteration; so we
2133 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2134 * we just try everything in each iteration
2140 char cbuf[1024 * 8];
2142 clock_t c_clock = clock();
2144 memset(cbuf, 0, sizeof(cbuf));
2147 if (SSL_in_init(c_ssl))
2148 printf("client waiting in SSL_connect - %s\n",
2149 SSL_state_string_long(c_ssl));
2152 /* Write to server. */
2154 if (cw_num > (long)sizeof cbuf)
2158 r = BIO_write(c_ssl_bio, cbuf, i);
2160 if (!BIO_should_retry(c_ssl_bio)) {
2161 fprintf(stderr, "ERROR in CLIENT\n");
2166 * BIO_should_retry(...) can just be ignored here. The
2167 * library expects us to call BIO_write with the same
2168 * arguments again, and that's what we will do in the
2171 } else if (r == 0) {
2172 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2176 printf("client wrote %d\n", r);
2182 /* Read from server. */
2184 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2186 if (!BIO_should_retry(c_ssl_bio)) {
2187 fprintf(stderr, "ERROR in CLIENT\n");
2192 * Again, "BIO_should_retry" can be ignored.
2194 } else if (r == 0) {
2195 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2199 printf("client read %d\n", r);
2205 * c_time and s_time increments will typically be very small
2206 * (depending on machine speed and clock tick intervals), but
2207 * sampling over a large number of connections should result in
2208 * fairly accurate figures. We cannot guarantee a lot, however
2209 * -- if each connection lasts for exactly one clock tick, it
2210 * will be counted only for the client or only for the server or
2213 *c_time += (clock() - c_clock);
2219 char sbuf[1024 * 8];
2221 clock_t s_clock = clock();
2223 memset(sbuf, 0, sizeof(sbuf));
2226 if (SSL_in_init(s_ssl))
2227 printf("server waiting in SSL_accept - %s\n",
2228 SSL_state_string_long(s_ssl));
2231 /* Write to client. */
2233 if (sw_num > (long)sizeof sbuf)
2237 r = BIO_write(s_ssl_bio, sbuf, i);
2239 if (!BIO_should_retry(s_ssl_bio)) {
2240 fprintf(stderr, "ERROR in SERVER\n");
2244 /* Ignore "BIO_should_retry". */
2245 } else if (r == 0) {
2246 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2250 printf("server wrote %d\n", r);
2256 /* Read from client. */
2258 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2260 if (!BIO_should_retry(s_ssl_bio)) {
2261 fprintf(stderr, "ERROR in SERVER\n");
2266 } else if (r == 0) {
2267 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2271 printf("server read %d\n", r);
2276 *s_time += (clock() - s_clock);
2279 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2282 print_details(c_ssl, "DONE via TCP connect: ");
2283 # ifndef OPENSSL_NO_NEXTPROTONEG
2284 if (verify_npn(c_ssl, s_ssl) < 0) {
2289 if (verify_serverinfo() < 0) {
2290 fprintf(stderr, "Server info verify error\n");
2294 if (verify_alpn(c_ssl, s_ssl) < 0) {
2298 if (verify_servername(c_ssl, s_ssl) < 0) {
2303 if (custom_ext_error) {
2304 fprintf(stderr, "Custom extension error\n");
2309 # ifndef OPENSSL_NO_NEXTPROTONEG
2315 ERR_print_errors(bio_err);
2320 BIO_free(s_ssl_bio);
2321 BIO_free(c_ssl_bio);
2323 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2324 ret = (err_in_client != 0) ? 0 : 1;
2325 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2326 ret = (err_in_server != 0) ? 0 : 1;
2332 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2333 clock_t *s_time, clock_t *c_time)
2335 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2336 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2337 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2339 int err_in_client = 0;
2340 int err_in_server = 0;
2342 size_t bufsiz = 256; /* small buffer for testing */
2344 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2346 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2349 s_ssl_bio = BIO_new(BIO_f_ssl());
2353 c_ssl_bio = BIO_new(BIO_f_ssl());
2357 SSL_set_connect_state(c_ssl);
2358 SSL_set_bio(c_ssl, client, client);
2359 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2361 SSL_set_accept_state(s_ssl);
2362 SSL_set_bio(s_ssl, server, server);
2363 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2367 * c_ssl_bio: SSL filter BIO
2369 * client: pseudo-I/O for SSL library
2371 * client_io: client's SSL communication; usually to be
2372 * relayed over some I/O facility, but in this
2373 * test program, we're the server, too:
2375 * server_io: server's SSL communication
2377 * server: pseudo-I/O for SSL library
2379 * s_ssl_bio: SSL filter BIO
2381 * The client and the server each employ a "BIO pair":
2382 * client + client_io, server + server_io.
2383 * BIO pairs are symmetric. A BIO pair behaves similar
2384 * to a non-blocking socketpair (but both endpoints must
2385 * be handled by the same thread).
2386 * [Here we could connect client and server to the ends
2387 * of a single BIO pair, but then this code would be less
2388 * suitable as an example for BIO pairs in general.]
2390 * Useful functions for querying the state of BIO pair endpoints:
2392 * BIO_ctrl_pending(bio) number of bytes we can read now
2393 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2394 * other side's read attempt
2395 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2397 * ..._read_request is never more than ..._write_guarantee;
2398 * it depends on the application which one you should use.
2402 * We have non-blocking behaviour throughout this test program, but
2403 * can be sure that there is *some* progress in each iteration; so we
2404 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2405 * we just try everything in each iteration
2411 char cbuf[1024 * 8];
2413 clock_t c_clock = clock();
2415 memset(cbuf, 0, sizeof(cbuf));
2418 if (SSL_in_init(c_ssl))
2419 printf("client waiting in SSL_connect - %s\n",
2420 SSL_state_string_long(c_ssl));
2423 /* Write to server. */
2425 if (cw_num > (long)sizeof cbuf)
2429 r = BIO_write(c_ssl_bio, cbuf, i);
2431 if (!BIO_should_retry(c_ssl_bio)) {
2432 fprintf(stderr, "ERROR in CLIENT\n");
2437 * BIO_should_retry(...) can just be ignored here. The
2438 * library expects us to call BIO_write with the same
2439 * arguments again, and that's what we will do in the
2442 } else if (r == 0) {
2443 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2447 printf("client wrote %d\n", r);
2453 /* Read from server. */
2455 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2457 if (!BIO_should_retry(c_ssl_bio)) {
2458 fprintf(stderr, "ERROR in CLIENT\n");
2463 * Again, "BIO_should_retry" can be ignored.
2465 } else if (r == 0) {
2466 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2470 printf("client read %d\n", r);
2476 * c_time and s_time increments will typically be very small
2477 * (depending on machine speed and clock tick intervals), but
2478 * sampling over a large number of connections should result in
2479 * fairly accurate figures. We cannot guarantee a lot, however
2480 * -- if each connection lasts for exactly one clock tick, it
2481 * will be counted only for the client or only for the server or
2484 *c_time += (clock() - c_clock);
2490 char sbuf[1024 * 8];
2492 clock_t s_clock = clock();
2494 memset(sbuf, 0, sizeof(sbuf));
2497 if (SSL_in_init(s_ssl))
2498 printf("server waiting in SSL_accept - %s\n",
2499 SSL_state_string_long(s_ssl));
2502 /* Write to client. */
2504 if (sw_num > (long)sizeof sbuf)
2508 r = BIO_write(s_ssl_bio, sbuf, i);
2510 if (!BIO_should_retry(s_ssl_bio)) {
2511 fprintf(stderr, "ERROR in SERVER\n");
2515 /* Ignore "BIO_should_retry". */
2516 } else if (r == 0) {
2517 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2521 printf("server wrote %d\n", r);
2527 /* Read from client. */
2529 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2531 if (!BIO_should_retry(s_ssl_bio)) {
2532 fprintf(stderr, "ERROR in SERVER\n");
2537 } else if (r == 0) {
2538 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2542 printf("server read %d\n", r);
2547 *s_time += (clock() - s_clock);
2551 /* "I/O" BETWEEN CLIENT AND SERVER. */
2554 BIO *io1 = server_io, *io2 = client_io;
2556 * we use the non-copying interface for io1 and the standard
2557 * BIO_write/BIO_read interface for io2
2560 static int prev_progress = 1;
2568 r1 = BIO_ctrl_pending(io1);
2569 r2 = BIO_ctrl_get_write_guarantee(io2);
2577 if (INT_MAX < num) /* yeah, right */
2580 r = BIO_nread(io1, &dataptr, (int)num);
2582 assert(r <= (int)num);
2584 * possibly r < num (non-contiguous data)
2587 r = BIO_write(io2, dataptr, (int)num);
2588 if (r != (int)num) { /* can't happen */
2589 fprintf(stderr, "ERROR: BIO_write could not write "
2590 "BIO_ctrl_get_write_guarantee() bytes");
2596 printf((io1 == client_io) ?
2597 "C->S relaying: %d bytes\n" :
2598 "S->C relaying: %d bytes\n", (int)num);
2608 r1 = BIO_ctrl_pending(io2);
2609 r2 = BIO_ctrl_get_read_request(io1);
2611 * here we could use ..._get_write_guarantee instead of
2612 * ..._get_read_request, but by using the latter we test
2613 * restartability of the SSL implementation more thoroughly
2625 --num; /* test restartability even more thoroughly */
2627 r = BIO_nwrite0(io1, &dataptr);
2631 r = BIO_read(io2, dataptr, (int)num);
2632 if (r != (int)num) { /* can't happen */
2633 fprintf(stderr, "ERROR: BIO_read could not read "
2634 "BIO_ctrl_pending() bytes");
2638 r = BIO_nwrite(io1, &dataptr, (int)num);
2639 if (r != (int)num) { /* can't happen */
2640 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2641 "BIO_nwrite0() bytes");
2646 printf((io2 == client_io) ?
2647 "C->S relaying: %d bytes\n" :
2648 "S->C relaying: %d bytes\n", (int)num);
2650 } /* no loop, BIO_ctrl_get_read_request now
2651 * returns 0 anyway */
2653 if (!progress && !prev_progress)
2654 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2655 fprintf(stderr, "ERROR: got stuck\n");
2656 fprintf(stderr, " ERROR.\n");
2659 prev_progress = progress;
2662 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2665 print_details(c_ssl, "DONE via BIO pair: ");
2666 #ifndef OPENSSL_NO_NEXTPROTONEG
2667 if (verify_npn(c_ssl, s_ssl) < 0) {
2672 if (verify_serverinfo() < 0) {
2673 fprintf(stderr, "Server info verify error\n");
2677 if (verify_alpn(c_ssl, s_ssl) < 0) {
2681 if (verify_servername(c_ssl, s_ssl) < 0) {
2686 if (custom_ext_error) {
2687 fprintf(stderr, "Custom extension error\n");
2692 #ifndef OPENSSL_NO_NEXTPROTONEG
2698 ERR_print_errors(bio_err);
2701 BIO_free(server_io);
2703 BIO_free(client_io);
2704 BIO_free(s_ssl_bio);
2705 BIO_free(c_ssl_bio);
2707 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2708 ret = (err_in_client != 0) ? 0 : 1;
2709 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2710 ret = (err_in_server != 0) ? 0 : 1;
2720 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2722 char *cbuf = NULL, *sbuf = NULL;
2724 long cw_num = count, cr_num = count;
2725 long sw_num = count, sr_num = count;
2731 int c_r, c_w, s_r, s_w;
2734 int c_write, s_write;
2735 int do_server = 0, do_client = 0;
2736 int max_frag = 5 * 1024;
2737 int err_in_client = 0;
2738 int err_in_server = 0;
2740 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2742 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2744 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2747 c_to_s = BIO_new(BIO_s_mem());
2748 s_to_c = BIO_new(BIO_s_mem());
2749 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2750 ERR_print_errors(bio_err);
2754 c_bio = BIO_new(BIO_f_ssl());
2755 s_bio = BIO_new(BIO_f_ssl());
2756 if ((c_bio == NULL) || (s_bio == NULL)) {
2757 ERR_print_errors(bio_err);
2761 SSL_set_connect_state(c_ssl);
2762 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2763 SSL_set_max_send_fragment(c_ssl, max_frag);
2764 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2766 SSL_set_accept_state(s_ssl);
2767 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2768 SSL_set_max_send_fragment(s_ssl, max_frag);
2769 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2775 c_write = 1, s_write = 0;
2777 /* We can always do writes */
2782 i = (int)BIO_pending(s_bio);
2783 if ((i && s_r) || s_w)
2786 i = (int)BIO_pending(c_bio);
2787 if ((i && c_r) || c_w)
2790 if (do_server && debug) {
2791 if (SSL_in_init(s_ssl))
2792 printf("server waiting in SSL_accept - %s\n",
2793 SSL_state_string_long(s_ssl));
2796 printf("server:SSL_write()\n");
2798 printf("server:SSL_read()\n"); */
2801 if (do_client && debug) {
2802 if (SSL_in_init(c_ssl))
2803 printf("client waiting in SSL_connect - %s\n",
2804 SSL_state_string_long(c_ssl));
2807 printf("client:SSL_write()\n");
2809 printf("client:SSL_read()\n"); */
2812 if (!do_client && !do_server) {
2813 fprintf(stdout, "ERROR IN STARTUP\n");
2814 ERR_print_errors(bio_err);
2817 if (do_client && !(done & C_DONE)) {
2819 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2820 i = BIO_write(c_bio, cbuf, j);
2824 if (BIO_should_retry(c_bio)) {
2825 if (BIO_should_read(c_bio))
2827 if (BIO_should_write(c_bio))
2830 fprintf(stderr, "ERROR in CLIENT\n");
2832 ERR_print_errors(bio_err);
2835 } else if (i == 0) {
2836 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2840 printf("client wrote %d\n", i);
2845 if (max_frag > 1029)
2846 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2849 i = BIO_read(c_bio, cbuf, bufsiz);
2853 if (BIO_should_retry(c_bio)) {
2854 if (BIO_should_read(c_bio))
2856 if (BIO_should_write(c_bio))
2859 fprintf(stderr, "ERROR in CLIENT\n");
2861 ERR_print_errors(bio_err);
2864 } else if (i == 0) {
2865 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2869 printf("client read %d\n", i);
2878 done = S_DONE | C_DONE;
2884 if (do_server && !(done & S_DONE)) {
2886 i = BIO_read(s_bio, sbuf, bufsiz);
2890 if (BIO_should_retry(s_bio)) {
2891 if (BIO_should_read(s_bio))
2893 if (BIO_should_write(s_bio))
2896 fprintf(stderr, "ERROR in SERVER\n");
2898 ERR_print_errors(bio_err);
2901 } else if (i == 0) {
2902 ERR_print_errors(bio_err);
2904 "SSL SERVER STARTUP FAILED in SSL_read\n");
2908 printf("server read %d\n", i);
2921 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2922 i = BIO_write(s_bio, sbuf, j);
2926 if (BIO_should_retry(s_bio)) {
2927 if (BIO_should_read(s_bio))
2929 if (BIO_should_write(s_bio))
2932 fprintf(stderr, "ERROR in SERVER\n");
2934 ERR_print_errors(bio_err);
2937 } else if (i == 0) {
2938 ERR_print_errors(bio_err);
2940 "SSL SERVER STARTUP FAILED in SSL_write\n");
2944 printf("server wrote %d\n", i);
2950 if (max_frag > 1029)
2951 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2956 if ((done & S_DONE) && (done & C_DONE))
2961 print_details(c_ssl, "DONE: ");
2962 #ifndef OPENSSL_NO_NEXTPROTONEG
2963 if (verify_npn(c_ssl, s_ssl) < 0) {
2968 if (verify_serverinfo() < 0) {
2969 fprintf(stderr, "Server info verify error\n");
2973 if (custom_ext_error) {
2974 fprintf(stderr, "Custom extension error\n");
2981 * We have to set the BIO's to NULL otherwise they will be
2982 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
2983 * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
2984 * c_ssl are sharing the same BIO structure and SSL_set_bio() and
2985 * SSL_free() automatically BIO_free non NULL entries. You should not
2986 * normally do this or be required to do this
2988 if (s_ssl != NULL) {
2992 if (c_ssl != NULL) {
2999 BIO_free_all(c_bio);
3000 BIO_free_all(s_bio);
3004 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
3005 ret = (err_in_client != 0) ? 0 : 1;
3006 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
3007 ret = (err_in_server != 0) ? 0 : 1;
3012 static int verify_callback(int ok, X509_STORE_CTX *ctx)
3016 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
3020 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
3022 fprintf(stderr, "depth=%d error=%d %s\n",
3023 X509_STORE_CTX_get_error_depth(ctx),
3024 X509_STORE_CTX_get_error(ctx), buf);
3029 int i = X509_STORE_CTX_get_error(ctx);
3033 fprintf(stderr, "Error string: %s\n",
3034 X509_verify_cert_error_string(i));
3036 case X509_V_ERR_CERT_NOT_YET_VALID:
3037 case X509_V_ERR_CERT_HAS_EXPIRED:
3038 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
3047 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
3050 struct app_verify_arg *cb_arg = arg;
3052 if (cb_arg->app_verify) {
3053 char *s = NULL, buf[256];
3054 X509 *c = X509_STORE_CTX_get0_cert(ctx);
3056 printf("In app_verify_callback, allowing cert. ");
3057 printf("Arg is: %s\n", cb_arg->string);
3058 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
3059 (void *)ctx, (void *)c);
3061 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
3063 printf("cert depth=%d %s\n",
3064 X509_STORE_CTX_get_error_depth(ctx), buf);
3069 ok = X509_verify_cert(ctx);
3074 #ifndef OPENSSL_NO_DH
3076 * These DH parameters have been generated as follows:
3077 * $ openssl dhparam -C -noout 512
3078 * $ openssl dhparam -C -noout 1024
3079 * $ openssl dhparam -C -noout -dsaparam 1024
3080 * (The third function has been renamed to avoid name conflicts.)
3082 static DH *get_dh512()
3084 static unsigned char dh512_p[] = {
3085 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
3087 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
3089 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
3091 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
3093 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
3095 0x02, 0xC5, 0xAE, 0x23,
3097 static unsigned char dh512_g[] = {
3103 if ((dh = DH_new()) == NULL)
3105 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
3106 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
3107 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3116 static DH *get_dh1024()
3118 static unsigned char dh1024_p[] = {
3119 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
3121 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
3123 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
3125 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
3127 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
3129 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
3131 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
3133 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
3135 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
3137 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
3139 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
3141 static unsigned char dh1024_g[] = {
3147 if ((dh = DH_new()) == NULL)
3149 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3150 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3151 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3160 static DH *get_dh1024dsa()
3162 static unsigned char dh1024_p[] = {
3163 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
3165 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3167 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3169 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3171 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3173 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3175 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3177 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3179 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3181 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3183 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3185 static unsigned char dh1024_g[] = {
3186 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3188 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3190 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3192 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3194 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3196 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3198 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3200 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3202 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3204 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3206 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3211 if ((dh = DH_new()) == NULL)
3213 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3214 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3215 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3221 DH_set_length(dh, 160);
3226 #ifndef OPENSSL_NO_PSK
3227 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3228 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3229 unsigned int max_psk_len)
3234 ret = BN_hex2bn(&bn, pskkey);
3236 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3241 if (BN_num_bytes(bn) > (int)max_psk_len) {
3243 "psk buffer of callback is too small (%d) for key (%d)\n",
3244 max_psk_len, BN_num_bytes(bn));
3248 ret = BN_bn2bin(bn, psk);
3253 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3255 unsigned int max_identity_len,
3257 unsigned int max_psk_len)
3260 unsigned int psk_len = 0;
3262 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3266 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3268 ret = psk_key2bn(psk_key, psk, max_psk_len);
3276 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3278 unsigned int max_psk_len)
3280 unsigned int psk_len = 0;
3282 if (strcmp(identity, "Client_identity") != 0) {
3283 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3286 psk_len = psk_key2bn(psk_key, psk, max_psk_len);