2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
14 # define _BSD_SOURCE 1
16 #ifndef _DEFAULT_SOURCE
17 # define _DEFAULT_SOURCE 1
31 #ifdef OPENSSL_SYS_VMS
33 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
35 # define _XOPEN_SOURCE 500
40 #include <openssl/bio.h>
41 #include <openssl/crypto.h>
42 #include <openssl/evp.h>
43 #include <openssl/x509.h>
44 #include <openssl/x509v3.h>
45 #include <openssl/ssl.h>
46 #include <openssl/err.h>
47 #include <openssl/rand.h>
48 #ifndef OPENSSL_NO_RSA
49 # include <openssl/rsa.h>
51 #ifndef OPENSSL_NO_DSA
52 # include <openssl/dsa.h>
55 # include <openssl/dh.h>
57 #include <openssl/bn.h>
59 # include <openssl/ct.h>
63 * Or gethostname won't be declared properly
64 * on Compaq platforms (at least with DEC C).
65 * Do not try to put it earlier, or IPv6 includes
68 #define _XOPEN_SOURCE_EXTENDED 1
70 #ifdef OPENSSL_SYS_WINDOWS
73 # include OPENSSL_UNISTD
76 static SSL_CTX *s_ctx = NULL;
77 static SSL_CTX *s_ctx2 = NULL;
80 * There is really no standard for this, so let's assign something
85 static int verify_callback(int ok, X509_STORE_CTX *ctx);
86 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
87 #define APP_CALLBACK_STRING "Test Callback Argument"
88 struct app_verify_arg {
94 static DH *get_dh512(void);
95 static DH *get_dh1024(void);
96 static DH *get_dh1024dsa(void);
99 static char *psk_key = NULL; /* by default PSK is not used */
100 #ifndef OPENSSL_NO_PSK
101 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
103 unsigned int max_identity_len,
105 unsigned int max_psk_len);
106 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
108 unsigned int max_psk_len);
111 static BIO *bio_err = NULL;
112 static BIO *bio_stdout = NULL;
114 #ifndef OPENSSL_NO_NEXTPROTONEG
115 /* Note that this code assumes that this is only a one element list: */
116 static const char NEXT_PROTO_STRING[] = "\x09testproto";
117 static int npn_client = 0;
118 static int npn_server = 0;
119 static int npn_server_reject = 0;
121 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
122 const unsigned char *in, unsigned int inlen,
126 * This callback only returns the protocol string, rather than a length
127 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
128 * and remove the first byte to chop off the length prefix.
130 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
131 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
132 return SSL_TLSEXT_ERR_OK;
135 static int cb_server_npn(SSL *s, const unsigned char **data,
136 unsigned int *len, void *arg)
138 *data = (const unsigned char *)NEXT_PROTO_STRING;
139 *len = sizeof(NEXT_PROTO_STRING) - 1;
140 return SSL_TLSEXT_ERR_OK;
143 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
144 unsigned int *len, void *arg)
146 return SSL_TLSEXT_ERR_NOACK;
149 static int verify_npn(SSL *client, SSL *server)
151 const unsigned char *client_s;
153 const unsigned char *server_s;
156 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
157 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
160 BIO_printf(bio_stdout, "Client NPN: ");
161 BIO_write(bio_stdout, client_s, client_len);
162 BIO_printf(bio_stdout, "\n");
166 BIO_printf(bio_stdout, "Server NPN: ");
167 BIO_write(bio_stdout, server_s, server_len);
168 BIO_printf(bio_stdout, "\n");
172 * If an NPN string was returned, it must be the protocol that we
173 * expected to negotiate.
175 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
176 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
178 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
179 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
182 if (!npn_client && client_len)
184 if (!npn_server && server_len)
186 if (npn_server_reject && server_len)
188 if (npn_client && npn_server && (!client_len || !server_len))
195 static const char *alpn_client;
196 static char *alpn_server;
197 static char *alpn_server2;
198 static const char *alpn_expected;
199 static unsigned char *alpn_selected;
200 static const char *server_min_proto;
201 static const char *server_max_proto;
202 static const char *client_min_proto;
203 static const char *client_max_proto;
204 static const char *should_negotiate;
205 static const char *sn_client;
206 static const char *sn_server1;
207 static const char *sn_server2;
208 static int sn_expect = 0;
209 static const char *server_sess_out;
210 static const char *server_sess_in;
211 static const char *client_sess_out;
212 static const char *client_sess_in;
213 static SSL_SESSION *server_sess;
214 static SSL_SESSION *client_sess;
216 static int servername_cb(SSL *s, int *ad, void *arg)
218 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
219 if (sn_server2 == NULL) {
220 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
221 return SSL_TLSEXT_ERR_NOACK;
225 if (s_ctx2 != NULL && sn_server2 != NULL &&
226 !strcasecmp(servername, sn_server2)) {
227 BIO_printf(bio_stdout, "Switching server context.\n");
228 SSL_set_SSL_CTX(s, s_ctx2);
231 return SSL_TLSEXT_ERR_OK;
233 static int verify_servername(SSL *client, SSL *server)
235 /* just need to see if sn_context is what we expect */
236 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
239 if (sn_expect == 1 && ctx == s_ctx)
241 if (sn_expect == 2 && ctx == s_ctx2)
243 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
245 BIO_printf(bio_stdout, "Servername: context is 2\n");
246 else if (ctx == s_ctx)
247 BIO_printf(bio_stdout, "Servername: context is 1\n");
249 BIO_printf(bio_stdout, "Servername: context is unknown\n");
255 * next_protos_parse parses a comma separated list of strings into a string
256 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
257 * outlen: (output) set to the length of the resulting buffer on success.
258 * in: a NUL terminated string like "abc,def,ghi"
260 * returns: a malloced buffer or NULL on failure.
262 static unsigned char *next_protos_parse(size_t *outlen,
273 out = OPENSSL_malloc(strlen(in) + 1);
277 for (i = 0; i <= len; ++i) {
278 if (i == len || in[i] == ',') {
279 if (i - start > 255) {
283 out[start] = i - start;
293 static int cb_server_alpn(SSL *s, const unsigned char **out,
294 unsigned char *outlen, const unsigned char *in,
295 unsigned int inlen, void *arg)
297 unsigned char *protos;
299 char* alpn_str = arg;
301 protos = next_protos_parse(&protos_len, alpn_str);
302 if (protos == NULL) {
303 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
308 if (SSL_select_next_proto
309 ((unsigned char **)out, outlen, protos, protos_len, in,
310 inlen) != OPENSSL_NPN_NEGOTIATED) {
311 OPENSSL_free(protos);
312 return SSL_TLSEXT_ERR_NOACK;
316 * Make a copy of the selected protocol which will be freed in
319 alpn_selected = OPENSSL_malloc(*outlen);
320 memcpy(alpn_selected, *out, *outlen);
321 *out = alpn_selected;
323 OPENSSL_free(protos);
324 return SSL_TLSEXT_ERR_OK;
327 static int verify_alpn(SSL *client, SSL *server)
329 const unsigned char *client_proto, *server_proto;
330 unsigned int client_proto_len = 0, server_proto_len = 0;
331 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
332 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
334 OPENSSL_free(alpn_selected);
335 alpn_selected = NULL;
337 if (client_proto_len != server_proto_len) {
338 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
342 if (client_proto != NULL &&
343 memcmp(client_proto, server_proto, client_proto_len) != 0) {
344 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
348 if (client_proto_len > 0 && alpn_expected == NULL) {
349 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
353 if (alpn_expected != NULL &&
354 (client_proto_len != strlen(alpn_expected) ||
355 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
356 BIO_printf(bio_stdout,
357 "ALPN selected protocols not equal to expected protocol: %s\n",
365 BIO_printf(bio_stdout, "ALPN results: client: '");
366 BIO_write(bio_stdout, client_proto, client_proto_len);
367 BIO_printf(bio_stdout, "', server: '");
368 BIO_write(bio_stdout, server_proto, server_proto_len);
369 BIO_printf(bio_stdout, "'\n");
370 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
372 if (SSL_get_SSL_CTX(server) == s_ctx2) {
373 BIO_printf(bio_stdout, "%s'\n",
376 BIO_printf(bio_stdout, "%s'\n",
383 * WARNING : below extension types are *NOT* IETF assigned, and could
384 * conflict if these types are reassigned and handled specially by OpenSSL
387 #define TACK_EXT_TYPE 62208
388 #define CUSTOM_EXT_TYPE_0 1000
389 #define CUSTOM_EXT_TYPE_1 1001
390 #define CUSTOM_EXT_TYPE_2 1002
391 #define CUSTOM_EXT_TYPE_3 1003
393 static const char custom_ext_cli_string[] = "abc";
394 static const char custom_ext_srv_string[] = "defg";
396 /* These set from cmdline */
397 static char *serverinfo_file = NULL;
398 static int serverinfo_sct = 0;
399 static int serverinfo_tack = 0;
401 /* These set based on extension callbacks */
402 static int serverinfo_sct_seen = 0;
403 static int serverinfo_tack_seen = 0;
404 static int serverinfo_other_seen = 0;
406 /* This set from cmdline */
407 static int custom_ext = 0;
409 /* This set based on extension callbacks */
410 static int custom_ext_error = 0;
412 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
413 const unsigned char *in, size_t inlen,
416 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
417 serverinfo_sct_seen++;
418 else if (ext_type == TACK_EXT_TYPE)
419 serverinfo_tack_seen++;
421 serverinfo_other_seen++;
425 static int verify_serverinfo()
427 if (serverinfo_sct != serverinfo_sct_seen)
429 if (serverinfo_tack != serverinfo_tack_seen)
431 if (serverinfo_other_seen)
437 * Four test cases for custom extensions:
438 * 0 - no ClientHello extension or ServerHello response
439 * 1 - ClientHello with "abc", no response
440 * 2 - ClientHello with "abc", empty response
441 * 3 - ClientHello with "abc", "defg" response
444 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
445 const unsigned char **out,
446 size_t *outlen, int *al, void *arg)
448 if (ext_type != CUSTOM_EXT_TYPE_0)
449 custom_ext_error = 1;
450 return 0; /* Don't send an extension */
453 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
454 const unsigned char *in,
455 size_t inlen, int *al, void *arg)
460 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
461 const unsigned char **out,
462 size_t *outlen, int *al, void *arg)
464 if (ext_type != CUSTOM_EXT_TYPE_1)
465 custom_ext_error = 1;
466 *out = (const unsigned char *)custom_ext_cli_string;
467 *outlen = strlen(custom_ext_cli_string);
468 return 1; /* Send "abc" */
471 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
472 const unsigned char *in,
473 size_t inlen, int *al, void *arg)
478 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
479 const unsigned char **out,
480 size_t *outlen, int *al, void *arg)
482 if (ext_type != CUSTOM_EXT_TYPE_2)
483 custom_ext_error = 1;
484 *out = (const unsigned char *)custom_ext_cli_string;
485 *outlen = strlen(custom_ext_cli_string);
486 return 1; /* Send "abc" */
489 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
490 const unsigned char *in,
491 size_t inlen, int *al, void *arg)
493 if (ext_type != CUSTOM_EXT_TYPE_2)
494 custom_ext_error = 1;
496 custom_ext_error = 1; /* Should be empty response */
500 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
501 const unsigned char **out,
502 size_t *outlen, int *al, void *arg)
504 if (ext_type != CUSTOM_EXT_TYPE_3)
505 custom_ext_error = 1;
506 *out = (const unsigned char *)custom_ext_cli_string;
507 *outlen = strlen(custom_ext_cli_string);
508 return 1; /* Send "abc" */
511 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
512 const unsigned char *in,
513 size_t inlen, int *al, void *arg)
515 if (ext_type != CUSTOM_EXT_TYPE_3)
516 custom_ext_error = 1;
517 if (inlen != strlen(custom_ext_srv_string))
518 custom_ext_error = 1;
519 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
520 custom_ext_error = 1; /* Check for "defg" */
525 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
528 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
529 const unsigned char *in,
530 size_t inlen, int *al, void *arg)
532 custom_ext_error = 1;
536 /* 'add' callbacks are only called if the 'parse' callback is called */
537 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
538 const unsigned char **out,
539 size_t *outlen, int *al, void *arg)
541 /* Error: should not have been called */
542 custom_ext_error = 1;
543 return 0; /* Don't send an extension */
546 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
547 const unsigned char *in,
548 size_t inlen, int *al, void *arg)
550 if (ext_type != CUSTOM_EXT_TYPE_1)
551 custom_ext_error = 1;
552 /* Check for "abc" */
553 if (inlen != strlen(custom_ext_cli_string))
554 custom_ext_error = 1;
555 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
556 custom_ext_error = 1;
560 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
561 const unsigned char **out,
562 size_t *outlen, int *al, void *arg)
564 return 0; /* Don't send an extension */
567 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
568 const unsigned char *in,
569 size_t inlen, int *al, void *arg)
571 if (ext_type != CUSTOM_EXT_TYPE_2)
572 custom_ext_error = 1;
573 /* Check for "abc" */
574 if (inlen != strlen(custom_ext_cli_string))
575 custom_ext_error = 1;
576 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
577 custom_ext_error = 1;
581 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
582 const unsigned char **out,
583 size_t *outlen, int *al, void *arg)
587 return 1; /* Send empty extension */
590 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
591 const unsigned char *in,
592 size_t inlen, int *al, void *arg)
594 if (ext_type != CUSTOM_EXT_TYPE_3)
595 custom_ext_error = 1;
596 /* Check for "abc" */
597 if (inlen != strlen(custom_ext_cli_string))
598 custom_ext_error = 1;
599 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
600 custom_ext_error = 1;
604 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
605 const unsigned char **out,
606 size_t *outlen, int *al, void *arg)
608 *out = (const unsigned char *)custom_ext_srv_string;
609 *outlen = strlen(custom_ext_srv_string);
610 return 1; /* Send "defg" */
613 static char *cipher = NULL;
614 static int verbose = 0;
615 static int debug = 0;
616 static const char rnd_seed[] =
617 "string to make the random number generator think it has randomness";
619 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
620 long bytes, clock_t *s_time, clock_t *c_time);
621 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
623 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
625 static void sv_usage(void)
627 fprintf(stderr, "usage: ssltest [args ...]\n");
628 fprintf(stderr, "\n");
629 fprintf(stderr, " -server_auth - check server certificate\n");
630 fprintf(stderr, " -client_auth - do client authentication\n");
631 fprintf(stderr, " -v - more output\n");
632 fprintf(stderr, " -d - debug output\n");
633 fprintf(stderr, " -reuse - use session-id reuse\n");
634 fprintf(stderr, " -num <val> - number of connections to perform\n");
636 " -bytes <val> - number of bytes to swap between client/server\n");
637 #ifndef OPENSSL_NO_DH
639 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
641 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
643 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
644 fprintf(stderr, " -no_dhe - disable DHE\n");
646 #ifndef OPENSSL_NO_EC
647 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
649 #ifndef OPENSSL_NO_PSK
650 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
652 #ifndef OPENSSL_NO_SSL3
653 fprintf(stderr, " -ssl3 - use SSLv3\n");
655 #ifndef OPENSSL_NO_TLS1
656 fprintf(stderr, " -tls1 - use TLSv1\n");
658 #ifndef OPENSSL_NO_DTLS
659 fprintf(stderr, " -dtls - use DTLS\n");
660 #ifndef OPENSSL_NO_DTLS1
661 fprintf(stderr, " -dtls1 - use DTLSv1\n");
663 #ifndef OPENSSL_NO_DTLS1_2
664 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
667 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
668 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
669 fprintf(stderr, " -cert arg - Server certificate file\n");
671 " -key arg - Server key file (default: same as -cert)\n");
672 fprintf(stderr, " -c_cert arg - Client certificate file\n");
674 " -c_key arg - Client key file (default: same as -c_cert)\n");
675 fprintf(stderr, " -cipher arg - The cipher list\n");
676 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
677 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
678 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
679 fprintf(stderr, " -f - Test even cases that can't work\n");
681 " -time - measure processor time used by client and server\n");
682 fprintf(stderr, " -zlib - use zlib compression\n");
683 #ifndef OPENSSL_NO_NEXTPROTONEG
684 fprintf(stderr, " -npn_client - have client side offer NPN\n");
685 fprintf(stderr, " -npn_server - have server side offer NPN\n");
686 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
688 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
689 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
691 " -serverinfo_tack - have client offer and expect TACK\n");
693 " -custom_ext - try various custom extension callbacks\n");
694 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
695 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
696 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
697 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
699 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
700 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
701 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
702 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
703 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
704 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
705 #ifndef OPENSSL_NO_CT
706 fprintf(stderr, " -noct - no certificate transparency\n");
707 fprintf(stderr, " -requestct - request certificate transparency\n");
708 fprintf(stderr, " -requirect - require certificate transparency\n");
710 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
711 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
712 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
713 fprintf(stderr, " -sn_expect1 - expected server 1\n");
714 fprintf(stderr, " -sn_expect2 - expected server 2\n");
715 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
716 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
717 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
718 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
719 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
720 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
723 static void print_key_details(BIO *out, EVP_PKEY *key)
725 int keyid = EVP_PKEY_id(key);
726 #ifndef OPENSSL_NO_EC
727 if (keyid == EVP_PKEY_EC) {
728 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
731 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
733 cname = EC_curve_nid2nist(nid);
735 cname = OBJ_nid2sn(nid);
736 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
752 algname = OBJ_nid2sn(keyid);
755 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
759 static void print_details(SSL *c_ssl, const char *prefix)
761 const SSL_CIPHER *ciph;
766 ciph = SSL_get_current_cipher(c_ssl);
767 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
769 SSL_get_version(c_ssl),
770 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
771 cert = SSL_get_peer_certificate(c_ssl);
773 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
775 if (pubkey != NULL) {
776 BIO_puts(bio_stdout, ", ");
777 print_key_details(bio_stdout, pubkey);
781 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
782 BIO_puts(bio_stdout, ", temp key: ");
783 print_key_details(bio_stdout, pkey);
786 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
787 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
788 BIO_printf(bio_stdout, "\n");
792 * protocol_from_string - converts a protocol version string to a number
794 * Returns -1 on failure or the version on success
796 static int protocol_from_string(const char *value)
798 struct protocol_versions {
802 static const struct protocol_versions versions[] = {
803 {"ssl3", SSL3_VERSION},
804 {"tls1", TLS1_VERSION},
805 {"tls1.1", TLS1_1_VERSION},
806 {"tls1.2", TLS1_2_VERSION},
807 {"tls1.3", TLS1_3_VERSION},
808 {"dtls1", DTLS1_VERSION},
809 {"dtls1.2", DTLS1_2_VERSION}};
811 size_t n = OSSL_NELEM(versions);
813 for (i = 0; i < n; i++)
814 if (strcmp(versions[i].name, value) == 0)
815 return versions[i].version;
819 static SSL_SESSION *read_session(const char *filename)
822 BIO *f = BIO_new_file(filename, "r");
825 BIO_printf(bio_err, "Can't open session file %s\n", filename);
826 ERR_print_errors(bio_err);
829 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
831 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
832 ERR_print_errors(bio_err);
838 static int write_session(const char *filename, SSL_SESSION *sess)
840 BIO *f = BIO_new_file(filename, "w");
843 BIO_printf(bio_err, "No session information\n");
847 BIO_printf(bio_err, "Can't open session file %s\n", filename);
848 ERR_print_errors(bio_err);
851 PEM_write_bio_SSL_SESSION(f, sess);
857 * set_protocol_version - Sets protocol version minimum or maximum
859 * Returns 0 on failure and 1 on success
861 static int set_protocol_version(const char *version, SSL *ssl, int setting)
863 if (version != NULL) {
864 int ver = protocol_from_string(version);
866 BIO_printf(bio_err, "Error parsing: %s\n", version);
869 return SSL_ctrl(ssl, setting, ver, NULL);
874 int main(int argc, char *argv[])
876 const char *CApath = NULL, *CAfile = NULL;
878 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
880 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
881 int ret = EXIT_FAILURE;
883 int server_auth = 0, i;
884 struct app_verify_arg app_verify_arg =
885 { APP_CALLBACK_STRING, 0 };
887 SSL_CTX *c_ctx = NULL;
888 const SSL_METHOD *meth = NULL;
890 int number = 1, reuse = 0;
891 int should_reuse = -1;
894 #ifndef OPENSSL_NO_DH
896 int dhe512 = 0, dhe1024dsa = 0;
901 clock_t s_time = 0, c_time = 0;
902 #ifndef OPENSSL_NO_COMP
904 COMP_METHOD *cm = NULL;
905 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
908 int min_version = 0, max_version = 0;
909 #ifndef OPENSSL_NO_CT
911 * Disable CT validation by default, because it will interfere with
912 * anything using custom extension handlers to deal with SCT extensions.
914 int ct_validation = 0;
916 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
917 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
918 char *arg = NULL, *argn = NULL;
924 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
926 p = getenv("OPENSSL_DEBUG_MEMORY");
927 if (p != NULL && strcmp(p, "on") == 0)
928 CRYPTO_set_mem_debug(1);
929 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
931 RAND_seed(rnd_seed, sizeof rnd_seed);
933 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
935 s_cctx = SSL_CONF_CTX_new();
936 s_cctx2 = SSL_CONF_CTX_new();
937 c_cctx = SSL_CONF_CTX_new();
939 if (!s_cctx || !c_cctx || !s_cctx2) {
940 ERR_print_errors(bio_err);
944 SSL_CONF_CTX_set_flags(s_cctx,
945 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
946 SSL_CONF_FLAG_CERTIFICATE |
947 SSL_CONF_FLAG_REQUIRE_PRIVATE);
948 SSL_CONF_CTX_set_flags(s_cctx2,
949 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
950 SSL_CONF_FLAG_CERTIFICATE |
951 SSL_CONF_FLAG_REQUIRE_PRIVATE);
952 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
953 ERR_print_errors(bio_err);
956 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
957 ERR_print_errors(bio_err);
961 SSL_CONF_CTX_set_flags(c_cctx,
962 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
963 SSL_CONF_FLAG_CERTIFICATE |
964 SSL_CONF_FLAG_REQUIRE_PRIVATE);
965 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
966 ERR_print_errors(bio_err);
974 if (strcmp(*argv, "-F") == 0) {
976 "not compiled with FIPS support, so exiting without running.\n");
978 } else if (strcmp(*argv, "-server_auth") == 0)
980 else if (strcmp(*argv, "-client_auth") == 0)
982 else if (strcmp(*argv, "-v") == 0)
984 else if (strcmp(*argv, "-d") == 0)
986 else if (strcmp(*argv, "-reuse") == 0)
988 else if (strcmp(*argv, "-dhe512") == 0) {
989 #ifndef OPENSSL_NO_DH
993 "ignoring -dhe512, since I'm compiled without DH\n");
995 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
996 #ifndef OPENSSL_NO_DH
1000 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1002 } else if (strcmp(*argv, "-no_dhe") == 0)
1004 else if (strcmp(*argv, "-no_ecdhe") == 0)
1006 else if (strcmp(*argv, "-psk") == 0) {
1009 psk_key = *(++argv);
1010 #ifndef OPENSSL_NO_PSK
1011 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1012 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1019 else if (strcmp(*argv, "-tls1_2") == 0) {
1021 } else if (strcmp(*argv, "-tls1") == 0) {
1023 } else if (strcmp(*argv, "-ssl3") == 0) {
1025 } else if (strcmp(*argv, "-dtls1") == 0) {
1027 } else if (strcmp(*argv, "-dtls12") == 0) {
1029 } else if (strcmp(*argv, "-dtls") == 0) {
1031 } else if (strncmp(*argv, "-num", 4) == 0) {
1034 number = atoi(*(++argv));
1037 } else if (strcmp(*argv, "-bytes") == 0) {
1040 bytes = atol(*(++argv));
1043 i = strlen(argv[0]);
1044 if (argv[0][i - 1] == 'k')
1046 if (argv[0][i - 1] == 'm')
1047 bytes *= 1024L * 1024L;
1048 } else if (strcmp(*argv, "-cipher") == 0) {
1052 } else if (strcmp(*argv, "-CApath") == 0) {
1056 } else if (strcmp(*argv, "-CAfile") == 0) {
1060 } else if (strcmp(*argv, "-bio_pair") == 0) {
1061 bio_type = BIO_PAIR;
1063 #ifndef OPENSSL_NO_SOCK
1064 else if (strcmp(*argv, "-ipv4") == 0) {
1065 bio_type = BIO_IPV4;
1066 } else if (strcmp(*argv, "-ipv6") == 0) {
1067 bio_type = BIO_IPV6;
1070 else if (strcmp(*argv, "-f") == 0) {
1072 } else if (strcmp(*argv, "-time") == 0) {
1075 #ifndef OPENSSL_NO_CT
1076 else if (strcmp(*argv, "-noct") == 0) {
1079 else if (strcmp(*argv, "-ct") == 0) {
1083 #ifndef OPENSSL_NO_COMP
1084 else if (strcmp(*argv, "-zlib") == 0) {
1088 else if (strcmp(*argv, "-app_verify") == 0) {
1089 app_verify_arg.app_verify = 1;
1091 #ifndef OPENSSL_NO_NEXTPROTONEG
1092 else if (strcmp(*argv, "-npn_client") == 0) {
1094 } else if (strcmp(*argv, "-npn_server") == 0) {
1096 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1097 npn_server_reject = 1;
1100 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1102 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1103 serverinfo_tack = 1;
1104 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1107 serverinfo_file = *(++argv);
1108 } else if (strcmp(*argv, "-custom_ext") == 0) {
1110 } else if (strcmp(*argv, "-alpn_client") == 0) {
1113 alpn_client = *(++argv);
1114 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1115 strcmp(*argv, "-alpn_server1") == 0) {
1118 alpn_server = *(++argv);
1119 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1122 alpn_server2 = *(++argv);
1123 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1126 alpn_expected = *(++argv);
1127 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1130 server_min_proto = *(++argv);
1131 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1134 server_max_proto = *(++argv);
1135 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1138 client_min_proto = *(++argv);
1139 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1142 client_max_proto = *(++argv);
1143 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1146 should_negotiate = *(++argv);
1147 } else if (strcmp(*argv, "-sn_client") == 0) {
1150 sn_client = *(++argv);
1151 } else if (strcmp(*argv, "-sn_server1") == 0) {
1154 sn_server1 = *(++argv);
1155 } else if (strcmp(*argv, "-sn_server2") == 0) {
1158 sn_server2 = *(++argv);
1159 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1161 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1163 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1166 server_sess_out = *(++argv);
1167 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1170 server_sess_in = *(++argv);
1171 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1174 client_sess_out = *(++argv);
1175 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1178 client_sess_in = *(++argv);
1179 } else if (strcmp(*argv, "-should_reuse") == 0) {
1182 should_reuse = !!atoi(*(++argv));
1183 } else if (strcmp(*argv, "-no_ticket") == 0) {
1189 /* Try to process command using SSL_CONF */
1190 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1191 /* If not processed try server */
1193 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1194 /* Recognised: store it for later use */
1199 conf_args = sk_OPENSSL_STRING_new_null();
1203 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1205 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1210 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1212 BIO_printf(bio_err, "Error with command %s\n", arg);
1214 BIO_printf(bio_err, "unknown option %s\n", arg);
1227 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1228 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1233 #ifdef OPENSSL_NO_SSL3
1238 #ifdef OPENSSL_NO_TLS1
1243 #ifdef OPENSSL_NO_TLS1_2
1248 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1253 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1261 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1262 * Ideally, we would error out, but the generic test wrapper can't know
1263 * when to expect failure. So we do nothing and return success.
1266 fprintf(stderr, "Testing was requested for a disabled protocol. "
1267 "Skipping tests.\n");
1272 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1273 && !reuse && !force) {
1274 fprintf(stderr, "This case cannot work. Use -f to perform "
1275 "the test anyway (and\n-d to see what happens), "
1276 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1277 "to avoid protocol mismatch.\n");
1282 if (bio_type != BIO_PAIR) {
1283 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1284 bio_type = BIO_PAIR;
1286 if (number < 50 && !force)
1288 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1291 #ifndef OPENSSL_NO_COMP
1292 if (comp == COMP_ZLIB)
1295 if (COMP_get_type(cm) != NID_undef) {
1296 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1297 fprintf(stderr, "Failed to add compression method\n");
1298 ERR_print_errors_fp(stderr);
1302 "Warning: %s compression not supported\n",
1303 comp == COMP_ZLIB ? "zlib" : "unknown");
1304 ERR_print_errors_fp(stderr);
1307 ssl_comp_methods = SSL_COMP_get_compression_methods();
1308 n = sk_SSL_COMP_num(ssl_comp_methods);
1311 printf("Available compression methods:");
1312 for (j = 0; j < n; j++) {
1313 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1314 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1320 #ifndef OPENSSL_NO_TLS
1321 meth = TLS_method();
1323 min_version = SSL3_VERSION;
1324 max_version = SSL3_VERSION;
1326 min_version = TLS1_VERSION;
1327 max_version = TLS1_VERSION;
1328 } else if (tls1_2) {
1329 min_version = TLS1_2_VERSION;
1330 max_version = TLS1_2_VERSION;
1333 #ifndef OPENSSL_NO_DTLS
1334 if (dtls || dtls1 || dtls12)
1335 meth = DTLS_method();
1337 min_version = DTLS1_VERSION;
1338 max_version = DTLS1_VERSION;
1339 } else if (dtls12) {
1340 min_version = DTLS1_2_VERSION;
1341 max_version = DTLS1_2_VERSION;
1345 c_ctx = SSL_CTX_new(meth);
1346 s_ctx = SSL_CTX_new(meth);
1347 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1348 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1349 ERR_print_errors(bio_err);
1353 * Since we will use low security ciphersuites and keys for testing set
1354 * security level to zero by default. Tests can override this by adding
1355 * "@SECLEVEL=n" to the cipher string.
1357 SSL_CTX_set_security_level(c_ctx, 0);
1358 SSL_CTX_set_security_level(s_ctx, 0);
1359 SSL_CTX_set_security_level(s_ctx2, 0);
1362 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1363 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1366 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1368 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1370 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1372 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1375 if (cipher != NULL) {
1376 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1377 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1378 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1379 ERR_print_errors(bio_err);
1384 #ifndef OPENSSL_NO_CT
1385 if (ct_validation &&
1386 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1387 ERR_print_errors(bio_err);
1392 /* Process SSL_CONF arguments */
1393 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1394 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1395 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1397 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1399 arg = sk_OPENSSL_STRING_value(conf_args, i);
1400 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1401 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1402 /* If not recognised use server context */
1404 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1406 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1409 BIO_printf(bio_err, "Error processing %s %s\n",
1410 arg, argn ? argn : "");
1411 ERR_print_errors(bio_err);
1416 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1417 BIO_puts(bio_err, "Error finishing context\n");
1418 ERR_print_errors(bio_err);
1421 #ifndef OPENSSL_NO_DH
1424 dh = get_dh1024dsa();
1429 SSL_CTX_set_tmp_dh(s_ctx, dh);
1430 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1437 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1438 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1439 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1440 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1441 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1442 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1443 ERR_print_errors(bio_err);
1446 #ifndef OPENSSL_NO_CT
1447 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1448 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1449 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1450 ERR_print_errors(bio_err);
1455 printf("client authentication\n");
1456 SSL_CTX_set_verify(s_ctx,
1457 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1459 SSL_CTX_set_verify(s_ctx2,
1460 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1462 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1464 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1468 printf("server authentication\n");
1469 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1470 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1475 int session_id_context = 0;
1476 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1477 sizeof session_id_context) ||
1478 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1479 sizeof session_id_context)) {
1480 ERR_print_errors(bio_err);
1485 /* Use PSK only if PSK key is given */
1486 if (psk_key != NULL) {
1488 * no_psk is used to avoid putting psk command to openssl tool
1492 * if PSK is not compiled in and psk key is given, do nothing and
1498 #ifndef OPENSSL_NO_PSK
1499 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1500 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1501 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1503 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1504 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1505 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1506 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1507 ERR_print_errors(bio_err);
1513 #ifndef OPENSSL_NO_NEXTPROTONEG
1515 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1518 if (npn_server_reject) {
1520 "Can't have both -npn_server and -npn_server_reject\n");
1523 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1524 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1526 if (npn_server_reject) {
1527 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1528 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1532 if (serverinfo_sct) {
1533 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1534 TLSEXT_TYPE_signed_certificate_timestamp,
1536 serverinfo_cli_parse_cb, NULL)) {
1537 BIO_printf(bio_err, "Error adding SCT extension\n");
1541 if (serverinfo_tack) {
1542 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1544 serverinfo_cli_parse_cb, NULL)) {
1545 BIO_printf(bio_err, "Error adding TACK extension\n");
1549 if (serverinfo_file)
1550 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1551 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1552 BIO_printf(bio_err, "missing serverinfo file\n");
1557 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1558 custom_ext_0_cli_add_cb,
1560 custom_ext_0_cli_parse_cb, NULL)
1561 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1562 custom_ext_1_cli_add_cb,
1564 custom_ext_1_cli_parse_cb, NULL)
1565 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1566 custom_ext_2_cli_add_cb,
1568 custom_ext_2_cli_parse_cb, NULL)
1569 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1570 custom_ext_3_cli_add_cb,
1572 custom_ext_3_cli_parse_cb, NULL)
1573 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1574 custom_ext_0_srv_add_cb,
1576 custom_ext_0_srv_parse_cb, NULL)
1577 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1578 custom_ext_0_srv_add_cb,
1580 custom_ext_0_srv_parse_cb, NULL)
1581 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1582 custom_ext_1_srv_add_cb,
1584 custom_ext_1_srv_parse_cb, NULL)
1585 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1586 custom_ext_1_srv_add_cb,
1588 custom_ext_1_srv_parse_cb, NULL)
1589 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1590 custom_ext_2_srv_add_cb,
1592 custom_ext_2_srv_parse_cb, NULL)
1593 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1594 custom_ext_2_srv_add_cb,
1596 custom_ext_2_srv_parse_cb, NULL)
1597 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1598 custom_ext_3_srv_add_cb,
1600 custom_ext_3_srv_parse_cb, NULL)
1601 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1602 custom_ext_3_srv_add_cb,
1604 custom_ext_3_srv_parse_cb, NULL)) {
1605 BIO_printf(bio_err, "Error setting custom extensions\n");
1611 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1613 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1617 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1620 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1623 /* Returns 0 on success!! */
1624 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1625 BIO_printf(bio_err, "Error setting ALPN\n");
1632 if (server_sess_in != NULL) {
1633 server_sess = read_session(server_sess_in);
1634 if (server_sess == NULL)
1637 if (client_sess_in != NULL) {
1638 client_sess = read_session(client_sess_in);
1639 if (client_sess == NULL)
1643 if (server_sess_out != NULL || server_sess_in != NULL) {
1647 /* Use a fixed key so that we can decrypt the ticket. */
1648 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1649 keys = OPENSSL_zalloc(size);
1650 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1654 if (sn_server1 != NULL || sn_server2 != NULL)
1655 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1657 c_ssl = SSL_new(c_ctx);
1658 s_ssl = SSL_new(s_ctx);
1661 SSL_set_tlsext_host_name(c_ssl, sn_client);
1663 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1665 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1667 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1669 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1673 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1674 BIO_printf(bio_err, "Can't add server session\n");
1675 ERR_print_errors(bio_err);
1680 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1681 for (i = 0; i < number; i++) {
1683 if (!SSL_set_session(c_ssl, NULL)) {
1684 BIO_printf(bio_err, "Failed to set session\n");
1688 if (client_sess_in != NULL) {
1689 if (SSL_set_session(c_ssl, client_sess) == 0) {
1690 BIO_printf(bio_err, "Can't set client session\n");
1691 ERR_print_errors(bio_err);
1697 ret = doit(s_ssl, c_ssl, bytes);
1700 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1702 #ifndef OPENSSL_NO_SOCK
1704 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1705 bytes, &s_time, &c_time);
1708 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1709 bytes, &s_time, &c_time);
1718 if (ret != EXIT_SUCCESS) break;
1721 if (should_negotiate && ret == EXIT_SUCCESS &&
1722 strcmp(should_negotiate, "fail-server") != 0 &&
1723 strcmp(should_negotiate, "fail-client") != 0) {
1724 int version = protocol_from_string(should_negotiate);
1726 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1730 if (SSL_version(c_ssl) != version) {
1731 BIO_printf(bio_err, "Unexpected version negotiated. "
1732 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1738 if (should_reuse != -1) {
1739 if (SSL_session_reused(s_ssl) != should_reuse ||
1740 SSL_session_reused(c_ssl) != should_reuse) {
1741 BIO_printf(bio_err, "Unexpected session reuse state. "
1742 "Expected: %d, server: %d, client: %d\n", should_reuse,
1743 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1749 if (server_sess_out != NULL) {
1750 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1755 if (client_sess_out != NULL) {
1756 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1763 print_details(c_ssl, "");
1766 #ifdef CLOCKS_PER_SEC
1768 * "To determine the time in seconds, the value returned by the clock
1769 * function should be divided by the value of the macro
1770 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1772 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1773 "Approximate total client time: %6.2f s\n",
1774 (double)s_time / CLOCKS_PER_SEC,
1775 (double)c_time / CLOCKS_PER_SEC);
1777 BIO_printf(bio_stdout,
1778 "Approximate total server time: %6.2f units\n"
1779 "Approximate total client time: %6.2f units\n",
1780 (double)s_time, (double)c_time);
1789 SSL_CTX_free(s_ctx);
1790 SSL_CTX_free(s_ctx2);
1791 SSL_CTX_free(c_ctx);
1792 SSL_CONF_CTX_free(s_cctx);
1793 SSL_CONF_CTX_free(s_cctx2);
1794 SSL_CONF_CTX_free(c_cctx);
1795 sk_OPENSSL_STRING_free(conf_args);
1797 BIO_free(bio_stdout);
1799 SSL_SESSION_free(server_sess);
1800 SSL_SESSION_free(client_sess);
1802 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1803 if (CRYPTO_mem_leaks(bio_err) <= 0)
1810 #ifndef OPENSSL_NO_SOCK
1811 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1812 clock_t *s_time, clock_t *c_time)
1814 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1815 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1816 BIO *acpt = NULL, *server = NULL, *client = NULL;
1818 int ret = EXIT_FAILURE;
1819 int err_in_client = 0;
1820 int err_in_server = 0;
1822 acpt = BIO_new_accept("0");
1825 BIO_set_accept_ip_family(acpt, family);
1826 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1827 if (BIO_do_accept(acpt) <= 0)
1830 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1832 client = BIO_new_connect(addr_str);
1833 BIO_set_conn_ip_family(client, family);
1837 if (BIO_set_nbio(client, 1) <= 0)
1839 if (BIO_set_nbio(acpt, 1) <= 0)
1843 int st_connect = 0, st_accept = 0;
1845 while(!st_connect || !st_accept) {
1847 if (BIO_do_connect(client) <= 0) {
1848 if (!BIO_should_retry(client))
1855 if (BIO_do_accept(acpt) <= 0) {
1856 if (!BIO_should_retry(acpt))
1864 /* We're not interested in accepting further connects */
1865 server = BIO_pop(acpt);
1869 s_ssl_bio = BIO_new(BIO_f_ssl());
1873 c_ssl_bio = BIO_new(BIO_f_ssl());
1877 SSL_set_connect_state(c_ssl);
1878 SSL_set_bio(c_ssl, client, client);
1879 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1881 SSL_set_accept_state(s_ssl);
1882 SSL_set_bio(s_ssl, server, server);
1883 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1887 * c_ssl_bio: SSL filter BIO
1889 * client: I/O for SSL library
1892 * server: I/O for SSL library
1894 * s_ssl_bio: SSL filter BIO
1898 * We have non-blocking behaviour throughout this test program, but
1899 * can be sure that there is *some* progress in each iteration; so we
1900 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1901 * we just try everything in each iteration
1907 char cbuf[1024 * 8];
1909 clock_t c_clock = clock();
1911 memset(cbuf, 0, sizeof(cbuf));
1914 if (SSL_in_init(c_ssl))
1915 printf("client waiting in SSL_connect - %s\n",
1916 SSL_state_string_long(c_ssl));
1919 /* Write to server. */
1921 if (cw_num > (long)sizeof cbuf)
1925 r = BIO_write(c_ssl_bio, cbuf, i);
1927 if (!BIO_should_retry(c_ssl_bio)) {
1928 fprintf(stderr, "ERROR in CLIENT\n");
1933 * BIO_should_retry(...) can just be ignored here. The
1934 * library expects us to call BIO_write with the same
1935 * arguments again, and that's what we will do in the
1938 } else if (r == 0) {
1939 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1943 printf("client wrote %d\n", r);
1949 /* Read from server. */
1951 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1953 if (!BIO_should_retry(c_ssl_bio)) {
1954 fprintf(stderr, "ERROR in CLIENT\n");
1959 * Again, "BIO_should_retry" can be ignored.
1961 } else if (r == 0) {
1962 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1966 printf("client read %d\n", r);
1972 * c_time and s_time increments will typically be very small
1973 * (depending on machine speed and clock tick intervals), but
1974 * sampling over a large number of connections should result in
1975 * fairly accurate figures. We cannot guarantee a lot, however
1976 * -- if each connection lasts for exactly one clock tick, it
1977 * will be counted only for the client or only for the server or
1980 *c_time += (clock() - c_clock);
1986 char sbuf[1024 * 8];
1988 clock_t s_clock = clock();
1990 memset(sbuf, 0, sizeof(sbuf));
1993 if (SSL_in_init(s_ssl))
1994 printf("server waiting in SSL_accept - %s\n",
1995 SSL_state_string_long(s_ssl));
1998 /* Write to client. */
2000 if (sw_num > (long)sizeof sbuf)
2004 r = BIO_write(s_ssl_bio, sbuf, i);
2006 if (!BIO_should_retry(s_ssl_bio)) {
2007 fprintf(stderr, "ERROR in SERVER\n");
2011 /* Ignore "BIO_should_retry". */
2012 } else if (r == 0) {
2013 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2017 printf("server wrote %d\n", r);
2023 /* Read from client. */
2025 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2027 if (!BIO_should_retry(s_ssl_bio)) {
2028 fprintf(stderr, "ERROR in SERVER\n");
2033 } else if (r == 0) {
2034 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2038 printf("server read %d\n", r);
2043 *s_time += (clock() - s_clock);
2046 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2049 print_details(c_ssl, "DONE via TCP connect: ");
2050 # ifndef OPENSSL_NO_NEXTPROTONEG
2051 if (verify_npn(c_ssl, s_ssl) < 0)
2054 if (verify_serverinfo() < 0) {
2055 fprintf(stderr, "Server info verify error\n");
2058 if (verify_alpn(c_ssl, s_ssl) < 0
2059 || verify_servername(c_ssl, s_ssl) < 0)
2062 if (custom_ext_error) {
2063 fprintf(stderr, "Custom extension error\n");
2067 # ifndef OPENSSL_NO_NEXTPROTONEG
2073 ERR_print_errors(bio_err);
2078 BIO_free(s_ssl_bio);
2079 BIO_free(c_ssl_bio);
2081 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2082 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2083 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2084 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2090 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2091 clock_t *s_time, clock_t *c_time)
2093 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2094 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2095 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2096 int ret = EXIT_FAILURE;
2097 int err_in_client = 0;
2098 int err_in_server = 0;
2100 size_t bufsiz = 256; /* small buffer for testing */
2102 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2104 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2107 s_ssl_bio = BIO_new(BIO_f_ssl());
2111 c_ssl_bio = BIO_new(BIO_f_ssl());
2115 SSL_set_connect_state(c_ssl);
2116 SSL_set_bio(c_ssl, client, client);
2117 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2119 SSL_set_accept_state(s_ssl);
2120 SSL_set_bio(s_ssl, server, server);
2121 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2125 * c_ssl_bio: SSL filter BIO
2127 * client: pseudo-I/O for SSL library
2129 * client_io: client's SSL communication; usually to be
2130 * relayed over some I/O facility, but in this
2131 * test program, we're the server, too:
2133 * server_io: server's SSL communication
2135 * server: pseudo-I/O for SSL library
2137 * s_ssl_bio: SSL filter BIO
2139 * The client and the server each employ a "BIO pair":
2140 * client + client_io, server + server_io.
2141 * BIO pairs are symmetric. A BIO pair behaves similar
2142 * to a non-blocking socketpair (but both endpoints must
2143 * be handled by the same thread).
2144 * [Here we could connect client and server to the ends
2145 * of a single BIO pair, but then this code would be less
2146 * suitable as an example for BIO pairs in general.]
2148 * Useful functions for querying the state of BIO pair endpoints:
2150 * BIO_ctrl_pending(bio) number of bytes we can read now
2151 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2152 * other side's read attempt
2153 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2155 * ..._read_request is never more than ..._write_guarantee;
2156 * it depends on the application which one you should use.
2160 * We have non-blocking behaviour throughout this test program, but
2161 * can be sure that there is *some* progress in each iteration; so we
2162 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2163 * we just try everything in each iteration
2169 char cbuf[1024 * 8];
2171 clock_t c_clock = clock();
2173 memset(cbuf, 0, sizeof(cbuf));
2176 if (SSL_in_init(c_ssl))
2177 printf("client waiting in SSL_connect - %s\n",
2178 SSL_state_string_long(c_ssl));
2181 /* Write to server. */
2183 if (cw_num > (long)sizeof cbuf)
2187 r = BIO_write(c_ssl_bio, cbuf, i);
2189 if (!BIO_should_retry(c_ssl_bio)) {
2190 fprintf(stderr, "ERROR in CLIENT\n");
2195 * BIO_should_retry(...) can just be ignored here. The
2196 * library expects us to call BIO_write with the same
2197 * arguments again, and that's what we will do in the
2200 } else if (r == 0) {
2201 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2205 printf("client wrote %d\n", r);
2211 /* Read from server. */
2213 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2215 if (!BIO_should_retry(c_ssl_bio)) {
2216 fprintf(stderr, "ERROR in CLIENT\n");
2221 * Again, "BIO_should_retry" can be ignored.
2223 } else if (r == 0) {
2224 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2228 printf("client read %d\n", r);
2234 * c_time and s_time increments will typically be very small
2235 * (depending on machine speed and clock tick intervals), but
2236 * sampling over a large number of connections should result in
2237 * fairly accurate figures. We cannot guarantee a lot, however
2238 * -- if each connection lasts for exactly one clock tick, it
2239 * will be counted only for the client or only for the server or
2242 *c_time += (clock() - c_clock);
2248 char sbuf[1024 * 8];
2250 clock_t s_clock = clock();
2252 memset(sbuf, 0, sizeof(sbuf));
2255 if (SSL_in_init(s_ssl))
2256 printf("server waiting in SSL_accept - %s\n",
2257 SSL_state_string_long(s_ssl));
2260 /* Write to client. */
2262 if (sw_num > (long)sizeof sbuf)
2266 r = BIO_write(s_ssl_bio, sbuf, i);
2268 if (!BIO_should_retry(s_ssl_bio)) {
2269 fprintf(stderr, "ERROR in SERVER\n");
2273 /* Ignore "BIO_should_retry". */
2274 } else if (r == 0) {
2275 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2279 printf("server wrote %d\n", r);
2285 /* Read from client. */
2287 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2289 if (!BIO_should_retry(s_ssl_bio)) {
2290 fprintf(stderr, "ERROR in SERVER\n");
2295 } else if (r == 0) {
2296 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2300 printf("server read %d\n", r);
2305 *s_time += (clock() - s_clock);
2309 /* "I/O" BETWEEN CLIENT AND SERVER. */
2312 BIO *io1 = server_io, *io2 = client_io;
2314 * we use the non-copying interface for io1 and the standard
2315 * BIO_write/BIO_read interface for io2
2318 static int prev_progress = 1;
2326 r1 = BIO_ctrl_pending(io1);
2327 r2 = BIO_ctrl_get_write_guarantee(io2);
2335 if (INT_MAX < num) /* yeah, right */
2338 r = BIO_nread(io1, &dataptr, (int)num);
2340 assert(r <= (int)num);
2342 * possibly r < num (non-contiguous data)
2345 r = BIO_write(io2, dataptr, (int)num);
2346 if (r != (int)num) { /* can't happen */
2347 fprintf(stderr, "ERROR: BIO_write could not write "
2348 "BIO_ctrl_get_write_guarantee() bytes");
2354 printf((io1 == client_io) ?
2355 "C->S relaying: %d bytes\n" :
2356 "S->C relaying: %d bytes\n", (int)num);
2366 r1 = BIO_ctrl_pending(io2);
2367 r2 = BIO_ctrl_get_read_request(io1);
2369 * here we could use ..._get_write_guarantee instead of
2370 * ..._get_read_request, but by using the latter we test
2371 * restartability of the SSL implementation more thoroughly
2383 --num; /* test restartability even more thoroughly */
2385 r = BIO_nwrite0(io1, &dataptr);
2389 r = BIO_read(io2, dataptr, (int)num);
2390 if (r != (int)num) { /* can't happen */
2391 fprintf(stderr, "ERROR: BIO_read could not read "
2392 "BIO_ctrl_pending() bytes");
2396 r = BIO_nwrite(io1, &dataptr, (int)num);
2397 if (r != (int)num) { /* can't happen */
2398 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2399 "BIO_nwrite0() bytes");
2404 printf((io2 == client_io) ?
2405 "C->S relaying: %d bytes\n" :
2406 "S->C relaying: %d bytes\n", (int)num);
2408 } /* no loop, BIO_ctrl_get_read_request now
2409 * returns 0 anyway */
2411 if (!progress && !prev_progress)
2412 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2413 fprintf(stderr, "ERROR: got stuck\n");
2414 fprintf(stderr, " ERROR.\n");
2417 prev_progress = progress;
2420 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2423 print_details(c_ssl, "DONE via BIO pair: ");
2424 #ifndef OPENSSL_NO_NEXTPROTONEG
2425 if (verify_npn(c_ssl, s_ssl) < 0)
2428 if (verify_serverinfo() < 0) {
2429 fprintf(stderr, "Server info verify error\n");
2432 if (verify_alpn(c_ssl, s_ssl) < 0
2433 || verify_servername(c_ssl, s_ssl) < 0)
2436 if (custom_ext_error) {
2437 fprintf(stderr, "Custom extension error\n");
2441 #ifndef OPENSSL_NO_NEXTPROTONEG
2447 ERR_print_errors(bio_err);
2450 BIO_free(server_io);
2452 BIO_free(client_io);
2453 BIO_free(s_ssl_bio);
2454 BIO_free(c_ssl_bio);
2456 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2457 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2458 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2459 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2469 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2471 char *cbuf = NULL, *sbuf = NULL;
2473 long cw_num = count, cr_num = count;
2474 long sw_num = count, sr_num = count;
2475 int ret = EXIT_FAILURE;
2480 int c_r, c_w, s_r, s_w;
2483 int c_write, s_write;
2484 int do_server = 0, do_client = 0;
2485 int max_frag = 5 * 1024;
2486 int err_in_client = 0;
2487 int err_in_server = 0;
2489 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2491 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2493 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2496 c_to_s = BIO_new(BIO_s_mem());
2497 s_to_c = BIO_new(BIO_s_mem());
2498 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2499 ERR_print_errors(bio_err);
2503 c_bio = BIO_new(BIO_f_ssl());
2504 s_bio = BIO_new(BIO_f_ssl());
2505 if ((c_bio == NULL) || (s_bio == NULL)) {
2506 ERR_print_errors(bio_err);
2510 SSL_set_connect_state(c_ssl);
2511 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2512 SSL_set_max_send_fragment(c_ssl, max_frag);
2513 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2516 * We've just given our ref to these BIOs to c_ssl. We need another one to
2519 if (!BIO_up_ref(c_to_s)) {
2520 /* c_to_s and s_to_c will get freed when we free c_ssl */
2525 if (!BIO_up_ref(s_to_c)) {
2526 /* s_to_c will get freed when we free c_ssl */
2531 SSL_set_accept_state(s_ssl);
2532 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2534 /* We've used up all our refs to these now */
2538 SSL_set_max_send_fragment(s_ssl, max_frag);
2539 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2545 c_write = 1, s_write = 0;
2547 /* We can always do writes */
2552 i = (int)BIO_pending(s_bio);
2553 if ((i && s_r) || s_w)
2556 i = (int)BIO_pending(c_bio);
2557 if ((i && c_r) || c_w)
2560 if (do_server && debug) {
2561 if (SSL_in_init(s_ssl))
2562 printf("server waiting in SSL_accept - %s\n",
2563 SSL_state_string_long(s_ssl));
2566 if (do_client && debug) {
2567 if (SSL_in_init(c_ssl))
2568 printf("client waiting in SSL_connect - %s\n",
2569 SSL_state_string_long(c_ssl));
2572 if (!do_client && !do_server) {
2573 fprintf(stdout, "ERROR IN STARTUP\n");
2574 ERR_print_errors(bio_err);
2577 if (do_client && !(done & C_DONE)) {
2579 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2580 i = BIO_write(c_bio, cbuf, j);
2584 if (BIO_should_retry(c_bio)) {
2585 if (BIO_should_read(c_bio))
2587 if (BIO_should_write(c_bio))
2590 fprintf(stderr, "ERROR in CLIENT\n");
2592 ERR_print_errors(bio_err);
2595 } else if (i == 0) {
2596 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2600 printf("client wrote %d\n", i);
2605 if (max_frag > 1029)
2606 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2609 i = BIO_read(c_bio, cbuf, bufsiz);
2613 if (BIO_should_retry(c_bio)) {
2614 if (BIO_should_read(c_bio))
2616 if (BIO_should_write(c_bio))
2619 fprintf(stderr, "ERROR in CLIENT\n");
2621 ERR_print_errors(bio_err);
2624 } else if (i == 0) {
2625 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2629 printf("client read %d\n", i);
2638 done = S_DONE | C_DONE;
2644 if (do_server && !(done & S_DONE)) {
2646 i = BIO_read(s_bio, sbuf, bufsiz);
2650 if (BIO_should_retry(s_bio)) {
2651 if (BIO_should_read(s_bio))
2653 if (BIO_should_write(s_bio))
2656 fprintf(stderr, "ERROR in SERVER\n");
2658 ERR_print_errors(bio_err);
2661 } else if (i == 0) {
2662 ERR_print_errors(bio_err);
2664 "SSL SERVER STARTUP FAILED in SSL_read\n");
2668 printf("server read %d\n", i);
2681 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2682 i = BIO_write(s_bio, sbuf, j);
2686 if (BIO_should_retry(s_bio)) {
2687 if (BIO_should_read(s_bio))
2689 if (BIO_should_write(s_bio))
2692 fprintf(stderr, "ERROR in SERVER\n");
2694 ERR_print_errors(bio_err);
2697 } else if (i == 0) {
2698 ERR_print_errors(bio_err);
2700 "SSL SERVER STARTUP FAILED in SSL_write\n");
2704 printf("server wrote %d\n", i);
2710 if (max_frag > 1029)
2711 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2716 if ((done & S_DONE) && (done & C_DONE))
2721 print_details(c_ssl, "DONE: ");
2722 #ifndef OPENSSL_NO_NEXTPROTONEG
2723 if (verify_npn(c_ssl, s_ssl) < 0)
2726 if (verify_serverinfo() < 0) {
2727 fprintf(stderr, "Server info verify error\n");
2730 if (custom_ext_error) {
2731 fprintf(stderr, "Custom extension error\n");
2738 BIO_free_all(c_bio);
2739 BIO_free_all(s_bio);
2743 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2744 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2745 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2746 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2751 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2755 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2759 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2761 fprintf(stderr, "depth=%d error=%d %s\n",
2762 X509_STORE_CTX_get_error_depth(ctx),
2763 X509_STORE_CTX_get_error(ctx), buf);
2768 int i = X509_STORE_CTX_get_error(ctx);
2772 fprintf(stderr, "Error string: %s\n",
2773 X509_verify_cert_error_string(i));
2775 case X509_V_ERR_CERT_NOT_YET_VALID:
2776 case X509_V_ERR_CERT_HAS_EXPIRED:
2777 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2786 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2789 struct app_verify_arg *cb_arg = arg;
2791 if (cb_arg->app_verify) {
2792 char *s = NULL, buf[256];
2793 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2795 printf("In app_verify_callback, allowing cert. ");
2796 printf("Arg is: %s\n", cb_arg->string);
2797 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2798 (void *)ctx, (void *)c);
2800 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2802 printf("cert depth=%d %s\n",
2803 X509_STORE_CTX_get_error_depth(ctx), buf);
2808 ok = X509_verify_cert(ctx);
2813 #ifndef OPENSSL_NO_DH
2815 * These DH parameters have been generated as follows:
2816 * $ openssl dhparam -C -noout 512
2817 * $ openssl dhparam -C -noout 1024
2818 * $ openssl dhparam -C -noout -dsaparam 1024
2819 * (The third function has been renamed to avoid name conflicts.)
2821 static DH *get_dh512()
2823 static unsigned char dh512_p[] = {
2824 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2826 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2828 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2830 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2832 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2834 0x02, 0xC5, 0xAE, 0x23,
2836 static unsigned char dh512_g[] = {
2842 if ((dh = DH_new()) == NULL)
2844 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2845 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2846 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2855 static DH *get_dh1024()
2857 static unsigned char dh1024_p[] = {
2858 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2860 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2862 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2864 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2866 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2868 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2870 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2872 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2874 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2876 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2878 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2880 static unsigned char dh1024_g[] = {
2886 if ((dh = DH_new()) == NULL)
2888 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2889 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2890 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2899 static DH *get_dh1024dsa()
2901 static unsigned char dh1024_p[] = {
2902 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2904 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2906 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2908 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2910 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2912 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2914 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2916 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2918 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2920 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2922 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2924 static unsigned char dh1024_g[] = {
2925 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2927 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2929 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2931 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2933 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2935 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2937 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2939 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2941 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
2943 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
2945 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
2950 if ((dh = DH_new()) == NULL)
2952 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2953 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2954 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2960 DH_set_length(dh, 160);
2965 #ifndef OPENSSL_NO_PSK
2966 /* convert the PSK key (psk_key) in ascii to binary (psk) */
2967 static int psk_key2bn(const char *pskkey, unsigned char *psk,
2968 unsigned int max_psk_len)
2973 ret = BN_hex2bn(&bn, pskkey);
2975 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
2980 if (BN_num_bytes(bn) > (int)max_psk_len) {
2982 "psk buffer of callback is too small (%d) for key (%d)\n",
2983 max_psk_len, BN_num_bytes(bn));
2987 ret = BN_bn2bin(bn, psk);
2992 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
2994 unsigned int max_identity_len,
2996 unsigned int max_psk_len)
2999 unsigned int psk_len = 0;
3001 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3005 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3007 ret = psk_key2bn(psk_key, psk, max_psk_len);
3015 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3017 unsigned int max_psk_len)
3019 unsigned int psk_len = 0;
3021 if (strcmp(identity, "Client_identity") != 0) {
3022 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3025 psk_len = psk_key2bn(psk_key, psk, max_psk_len);