2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
14 # define _BSD_SOURCE 1
16 #ifndef _DEFAULT_SOURCE
17 # define _DEFAULT_SOURCE 1
31 #ifdef OPENSSL_SYS_VMS
33 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
35 # define _XOPEN_SOURCE 500
40 #include <openssl/bio.h>
41 #include <openssl/crypto.h>
42 #include <openssl/evp.h>
43 #include <openssl/x509.h>
44 #include <openssl/x509v3.h>
45 #include <openssl/ssl.h>
46 #include <openssl/err.h>
47 #include <openssl/rand.h>
48 #ifndef OPENSSL_NO_RSA
49 # include <openssl/rsa.h>
51 #ifndef OPENSSL_NO_DSA
52 # include <openssl/dsa.h>
55 # include <openssl/dh.h>
57 #include <openssl/bn.h>
59 # include <openssl/ct.h>
63 * Or gethostname won't be declared properly
64 * on Compaq platforms (at least with DEC C).
65 * Do not try to put it earlier, or IPv6 includes
68 #define _XOPEN_SOURCE_EXTENDED 1
70 #ifdef OPENSSL_SYS_WINDOWS
73 # include OPENSSL_UNISTD
76 static SSL_CTX *s_ctx = NULL;
77 static SSL_CTX *s_ctx2 = NULL;
80 * There is really no standard for this, so let's assign something
85 static int verify_callback(int ok, X509_STORE_CTX *ctx);
86 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
87 #define APP_CALLBACK_STRING "Test Callback Argument"
88 struct app_verify_arg {
94 static DH *get_dh512(void);
95 static DH *get_dh1024(void);
96 static DH *get_dh1024dsa(void);
99 static char *psk_key = NULL; /* by default PSK is not used */
100 #ifndef OPENSSL_NO_PSK
101 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
103 unsigned int max_identity_len,
105 unsigned int max_psk_len);
106 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
108 unsigned int max_psk_len);
111 static BIO *bio_err = NULL;
112 static BIO *bio_stdout = NULL;
114 #ifndef OPENSSL_NO_NEXTPROTONEG
115 /* Note that this code assumes that this is only a one element list: */
116 static const char NEXT_PROTO_STRING[] = "\x09testproto";
117 static int npn_client = 0;
118 static int npn_server = 0;
119 static int npn_server_reject = 0;
121 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
122 const unsigned char *in, unsigned int inlen,
126 * This callback only returns the protocol string, rather than a length
127 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
128 * and remove the first byte to chop off the length prefix.
130 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
131 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
132 return SSL_TLSEXT_ERR_OK;
135 static int cb_server_npn(SSL *s, const unsigned char **data,
136 unsigned int *len, void *arg)
138 *data = (const unsigned char *)NEXT_PROTO_STRING;
139 *len = sizeof(NEXT_PROTO_STRING) - 1;
140 return SSL_TLSEXT_ERR_OK;
143 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
144 unsigned int *len, void *arg)
146 return SSL_TLSEXT_ERR_NOACK;
149 static int verify_npn(SSL *client, SSL *server)
151 const unsigned char *client_s;
153 const unsigned char *server_s;
156 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
157 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
160 BIO_printf(bio_stdout, "Client NPN: ");
161 BIO_write(bio_stdout, client_s, client_len);
162 BIO_printf(bio_stdout, "\n");
166 BIO_printf(bio_stdout, "Server NPN: ");
167 BIO_write(bio_stdout, server_s, server_len);
168 BIO_printf(bio_stdout, "\n");
172 * If an NPN string was returned, it must be the protocol that we
173 * expected to negotiate.
175 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
176 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
178 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
179 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
182 if (!npn_client && client_len)
184 if (!npn_server && server_len)
186 if (npn_server_reject && server_len)
188 if (npn_client && npn_server && (!client_len || !server_len))
195 static const char *alpn_client;
196 static char *alpn_server;
197 static char *alpn_server2;
198 static const char *alpn_expected;
199 static unsigned char *alpn_selected;
200 static const char *server_min_proto;
201 static const char *server_max_proto;
202 static const char *client_min_proto;
203 static const char *client_max_proto;
204 static const char *should_negotiate;
205 static const char *sn_client;
206 static const char *sn_server1;
207 static const char *sn_server2;
208 static int sn_expect = 0;
209 static const char *server_sess_out;
210 static const char *server_sess_in;
211 static const char *client_sess_out;
212 static const char *client_sess_in;
213 static SSL_SESSION *server_sess;
214 static SSL_SESSION *client_sess;
216 static int servername_cb(SSL *s, int *ad, void *arg)
218 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
219 if (sn_server2 == NULL) {
220 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
221 return SSL_TLSEXT_ERR_NOACK;
225 if (s_ctx2 != NULL && sn_server2 != NULL &&
226 !strcasecmp(servername, sn_server2)) {
227 BIO_printf(bio_stdout, "Switching server context.\n");
228 SSL_set_SSL_CTX(s, s_ctx2);
231 return SSL_TLSEXT_ERR_OK;
233 static int verify_servername(SSL *client, SSL *server)
235 /* just need to see if sn_context is what we expect */
236 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
239 if (sn_expect == 1 && ctx == s_ctx)
241 if (sn_expect == 2 && ctx == s_ctx2)
243 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
245 BIO_printf(bio_stdout, "Servername: context is 2\n");
246 else if (ctx == s_ctx)
247 BIO_printf(bio_stdout, "Servername: context is 1\n");
249 BIO_printf(bio_stdout, "Servername: context is unknown\n");
255 * next_protos_parse parses a comma separated list of strings into a string
256 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
257 * outlen: (output) set to the length of the resulting buffer on success.
258 * in: a NUL terminated string like "abc,def,ghi"
260 * returns: a malloced buffer or NULL on failure.
262 static unsigned char *next_protos_parse(size_t *outlen,
273 out = OPENSSL_malloc(strlen(in) + 1);
277 for (i = 0; i <= len; ++i) {
278 if (i == len || in[i] == ',') {
279 if (i - start > 255) {
283 out[start] = i - start;
293 static int cb_server_alpn(SSL *s, const unsigned char **out,
294 unsigned char *outlen, const unsigned char *in,
295 unsigned int inlen, void *arg)
297 unsigned char *protos;
299 char* alpn_str = arg;
301 protos = next_protos_parse(&protos_len, alpn_str);
302 if (protos == NULL) {
303 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
308 if (SSL_select_next_proto
309 ((unsigned char **)out, outlen, protos, protos_len, in,
310 inlen) != OPENSSL_NPN_NEGOTIATED) {
311 OPENSSL_free(protos);
312 return SSL_TLSEXT_ERR_NOACK;
316 * Make a copy of the selected protocol which will be freed in
319 alpn_selected = OPENSSL_malloc(*outlen);
320 memcpy(alpn_selected, *out, *outlen);
321 *out = alpn_selected;
323 OPENSSL_free(protos);
324 return SSL_TLSEXT_ERR_OK;
327 static int verify_alpn(SSL *client, SSL *server)
329 const unsigned char *client_proto, *server_proto;
330 unsigned int client_proto_len = 0, server_proto_len = 0;
331 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
332 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
334 OPENSSL_free(alpn_selected);
335 alpn_selected = NULL;
337 if (client_proto_len != server_proto_len) {
338 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
342 if (client_proto != NULL &&
343 memcmp(client_proto, server_proto, client_proto_len) != 0) {
344 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
348 if (client_proto_len > 0 && alpn_expected == NULL) {
349 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
353 if (alpn_expected != NULL &&
354 (client_proto_len != strlen(alpn_expected) ||
355 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
356 BIO_printf(bio_stdout,
357 "ALPN selected protocols not equal to expected protocol: %s\n",
365 BIO_printf(bio_stdout, "ALPN results: client: '");
366 BIO_write(bio_stdout, client_proto, client_proto_len);
367 BIO_printf(bio_stdout, "', server: '");
368 BIO_write(bio_stdout, server_proto, server_proto_len);
369 BIO_printf(bio_stdout, "'\n");
370 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
372 if (SSL_get_SSL_CTX(server) == s_ctx2) {
373 BIO_printf(bio_stdout, "%s'\n",
376 BIO_printf(bio_stdout, "%s'\n",
383 * WARNING : below extension types are *NOT* IETF assigned, and could
384 * conflict if these types are reassigned and handled specially by OpenSSL
387 #define TACK_EXT_TYPE 62208
388 #define CUSTOM_EXT_TYPE_0 1000
389 #define CUSTOM_EXT_TYPE_1 1001
390 #define CUSTOM_EXT_TYPE_2 1002
391 #define CUSTOM_EXT_TYPE_3 1003
393 static const char custom_ext_cli_string[] = "abc";
394 static const char custom_ext_srv_string[] = "defg";
396 /* These set from cmdline */
397 static char *serverinfo_file = NULL;
398 static int serverinfo_sct = 0;
399 static int serverinfo_tack = 0;
401 /* These set based on extension callbacks */
402 static int serverinfo_sct_seen = 0;
403 static int serverinfo_tack_seen = 0;
404 static int serverinfo_other_seen = 0;
406 /* This set from cmdline */
407 static int custom_ext = 0;
409 /* This set based on extension callbacks */
410 static int custom_ext_error = 0;
412 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
413 const unsigned char *in, size_t inlen,
416 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
417 serverinfo_sct_seen++;
418 else if (ext_type == TACK_EXT_TYPE)
419 serverinfo_tack_seen++;
421 serverinfo_other_seen++;
425 static int verify_serverinfo()
427 if (serverinfo_sct != serverinfo_sct_seen)
429 if (serverinfo_tack != serverinfo_tack_seen)
431 if (serverinfo_other_seen)
437 * Four test cases for custom extensions:
438 * 0 - no ClientHello extension or ServerHello response
439 * 1 - ClientHello with "abc", no response
440 * 2 - ClientHello with "abc", empty response
441 * 3 - ClientHello with "abc", "defg" response
444 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
445 const unsigned char **out,
446 size_t *outlen, int *al, void *arg)
448 if (ext_type != CUSTOM_EXT_TYPE_0)
449 custom_ext_error = 1;
450 return 0; /* Don't send an extension */
453 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
454 const unsigned char *in,
455 size_t inlen, int *al, void *arg)
460 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
461 const unsigned char **out,
462 size_t *outlen, int *al, void *arg)
464 if (ext_type != CUSTOM_EXT_TYPE_1)
465 custom_ext_error = 1;
466 *out = (const unsigned char *)custom_ext_cli_string;
467 *outlen = strlen(custom_ext_cli_string);
468 return 1; /* Send "abc" */
471 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
472 const unsigned char *in,
473 size_t inlen, int *al, void *arg)
478 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
479 const unsigned char **out,
480 size_t *outlen, int *al, void *arg)
482 if (ext_type != CUSTOM_EXT_TYPE_2)
483 custom_ext_error = 1;
484 *out = (const unsigned char *)custom_ext_cli_string;
485 *outlen = strlen(custom_ext_cli_string);
486 return 1; /* Send "abc" */
489 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
490 const unsigned char *in,
491 size_t inlen, int *al, void *arg)
493 if (ext_type != CUSTOM_EXT_TYPE_2)
494 custom_ext_error = 1;
496 custom_ext_error = 1; /* Should be empty response */
500 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
501 const unsigned char **out,
502 size_t *outlen, int *al, void *arg)
504 if (ext_type != CUSTOM_EXT_TYPE_3)
505 custom_ext_error = 1;
506 *out = (const unsigned char *)custom_ext_cli_string;
507 *outlen = strlen(custom_ext_cli_string);
508 return 1; /* Send "abc" */
511 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
512 const unsigned char *in,
513 size_t inlen, int *al, void *arg)
515 if (ext_type != CUSTOM_EXT_TYPE_3)
516 custom_ext_error = 1;
517 if (inlen != strlen(custom_ext_srv_string))
518 custom_ext_error = 1;
519 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
520 custom_ext_error = 1; /* Check for "defg" */
525 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
528 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
529 const unsigned char *in,
530 size_t inlen, int *al, void *arg)
532 custom_ext_error = 1;
536 /* 'add' callbacks are only called if the 'parse' callback is called */
537 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
538 const unsigned char **out,
539 size_t *outlen, int *al, void *arg)
541 /* Error: should not have been called */
542 custom_ext_error = 1;
543 return 0; /* Don't send an extension */
546 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
547 const unsigned char *in,
548 size_t inlen, int *al, void *arg)
550 if (ext_type != CUSTOM_EXT_TYPE_1)
551 custom_ext_error = 1;
552 /* Check for "abc" */
553 if (inlen != strlen(custom_ext_cli_string))
554 custom_ext_error = 1;
555 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
556 custom_ext_error = 1;
560 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
561 const unsigned char **out,
562 size_t *outlen, int *al, void *arg)
564 return 0; /* Don't send an extension */
567 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
568 const unsigned char *in,
569 size_t inlen, int *al, void *arg)
571 if (ext_type != CUSTOM_EXT_TYPE_2)
572 custom_ext_error = 1;
573 /* Check for "abc" */
574 if (inlen != strlen(custom_ext_cli_string))
575 custom_ext_error = 1;
576 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
577 custom_ext_error = 1;
581 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
582 const unsigned char **out,
583 size_t *outlen, int *al, void *arg)
587 return 1; /* Send empty extension */
590 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
591 const unsigned char *in,
592 size_t inlen, int *al, void *arg)
594 if (ext_type != CUSTOM_EXT_TYPE_3)
595 custom_ext_error = 1;
596 /* Check for "abc" */
597 if (inlen != strlen(custom_ext_cli_string))
598 custom_ext_error = 1;
599 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
600 custom_ext_error = 1;
604 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
605 const unsigned char **out,
606 size_t *outlen, int *al, void *arg)
608 *out = (const unsigned char *)custom_ext_srv_string;
609 *outlen = strlen(custom_ext_srv_string);
610 return 1; /* Send "defg" */
613 static char *cipher = NULL;
614 static int verbose = 0;
615 static int debug = 0;
616 static const char rnd_seed[] =
617 "string to make the random number generator think it has randomness";
619 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
620 long bytes, clock_t *s_time, clock_t *c_time);
621 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
623 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
625 static void sv_usage(void)
627 fprintf(stderr, "usage: ssltest [args ...]\n");
628 fprintf(stderr, "\n");
629 fprintf(stderr, " -server_auth - check server certificate\n");
630 fprintf(stderr, " -client_auth - do client authentication\n");
631 fprintf(stderr, " -v - more output\n");
632 fprintf(stderr, " -d - debug output\n");
633 fprintf(stderr, " -reuse - use session-id reuse\n");
634 fprintf(stderr, " -num <val> - number of connections to perform\n");
636 " -bytes <val> - number of bytes to swap between client/server\n");
637 #ifndef OPENSSL_NO_DH
639 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
641 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
643 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
644 fprintf(stderr, " -no_dhe - disable DHE\n");
646 #ifndef OPENSSL_NO_EC
647 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
649 #ifndef OPENSSL_NO_PSK
650 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
652 #ifndef OPENSSL_NO_SSL3
653 fprintf(stderr, " -ssl3 - use SSLv3\n");
655 #ifndef OPENSSL_NO_TLS1
656 fprintf(stderr, " -tls1 - use TLSv1\n");
658 #ifndef OPENSSL_NO_DTLS
659 fprintf(stderr, " -dtls - use DTLS\n");
660 #ifndef OPENSSL_NO_DTLS1
661 fprintf(stderr, " -dtls1 - use DTLSv1\n");
663 #ifndef OPENSSL_NO_DTLS1_2
664 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
667 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
668 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
669 fprintf(stderr, " -cert arg - Server certificate file\n");
671 " -key arg - Server key file (default: same as -cert)\n");
672 fprintf(stderr, " -c_cert arg - Client certificate file\n");
674 " -c_key arg - Client key file (default: same as -c_cert)\n");
675 fprintf(stderr, " -cipher arg - The cipher list\n");
676 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
677 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
678 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
679 fprintf(stderr, " -f - Test even cases that can't work\n");
681 " -time - measure processor time used by client and server\n");
682 fprintf(stderr, " -zlib - use zlib compression\n");
683 #ifndef OPENSSL_NO_NEXTPROTONEG
684 fprintf(stderr, " -npn_client - have client side offer NPN\n");
685 fprintf(stderr, " -npn_server - have server side offer NPN\n");
686 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
688 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
689 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
691 " -serverinfo_tack - have client offer and expect TACK\n");
693 " -custom_ext - try various custom extension callbacks\n");
694 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
695 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
696 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
697 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
699 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
700 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
701 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
702 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
703 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
704 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
705 #ifndef OPENSSL_NO_CT
706 fprintf(stderr, " -noct - no certificate transparency\n");
707 fprintf(stderr, " -requestct - request certificate transparency\n");
708 fprintf(stderr, " -requirect - require certificate transparency\n");
710 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
711 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
712 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
713 fprintf(stderr, " -sn_expect1 - expected server 1\n");
714 fprintf(stderr, " -sn_expect2 - expected server 2\n");
715 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
716 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
717 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
718 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
719 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
720 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
723 static void print_key_details(BIO *out, EVP_PKEY *key)
725 int keyid = EVP_PKEY_id(key);
726 #ifndef OPENSSL_NO_EC
727 if (keyid == EVP_PKEY_EC) {
728 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
731 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
733 cname = EC_curve_nid2nist(nid);
735 cname = OBJ_nid2sn(nid);
736 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
752 algname = OBJ_nid2sn(keyid);
755 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
759 static void print_details(SSL *c_ssl, const char *prefix)
761 const SSL_CIPHER *ciph;
766 ciph = SSL_get_current_cipher(c_ssl);
767 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
769 SSL_get_version(c_ssl),
770 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
771 cert = SSL_get_peer_certificate(c_ssl);
773 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
775 if (pubkey != NULL) {
776 BIO_puts(bio_stdout, ", ");
777 print_key_details(bio_stdout, pubkey);
781 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
782 BIO_puts(bio_stdout, ", temp key: ");
783 print_key_details(bio_stdout, pkey);
786 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
787 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
788 BIO_printf(bio_stdout, "\n");
792 * protocol_from_string - converts a protocol version string to a number
794 * Returns -1 on failure or the version on success
796 static int protocol_from_string(const char *value)
798 struct protocol_versions {
802 static const struct protocol_versions versions[] = {
803 {"ssl3", SSL3_VERSION},
804 {"tls1", TLS1_VERSION},
805 {"tls1.1", TLS1_1_VERSION},
806 {"tls1.2", TLS1_2_VERSION},
807 {"tls1.3", TLS1_3_VERSION},
808 {"dtls1", DTLS1_VERSION},
809 {"dtls1.2", DTLS1_2_VERSION}};
811 size_t n = OSSL_NELEM(versions);
813 for (i = 0; i < n; i++)
814 if (strcmp(versions[i].name, value) == 0)
815 return versions[i].version;
819 static SSL_SESSION *read_session(const char *filename)
822 BIO *f = BIO_new_file(filename, "r");
825 BIO_printf(bio_err, "Can't open session file %s\n", filename);
826 ERR_print_errors(bio_err);
829 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
831 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
832 ERR_print_errors(bio_err);
838 static int write_session(const char *filename, SSL_SESSION *sess)
840 BIO *f = BIO_new_file(filename, "w");
843 BIO_printf(bio_err, "No session information\n");
847 BIO_printf(bio_err, "Can't open session file %s\n", filename);
848 ERR_print_errors(bio_err);
851 PEM_write_bio_SSL_SESSION(f, sess);
857 * set_protocol_version - Sets protocol version minimum or maximum
859 * Returns 0 on failure and 1 on success
861 static int set_protocol_version(const char *version, SSL *ssl, int setting)
863 if (version != NULL) {
864 int ver = protocol_from_string(version);
866 BIO_printf(bio_err, "Error parsing: %s\n", version);
869 return SSL_ctrl(ssl, setting, ver, NULL);
874 int main(int argc, char *argv[])
876 const char *CApath = NULL, *CAfile = NULL;
878 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
880 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0, ret = 1;
882 int server_auth = 0, i;
883 struct app_verify_arg app_verify_arg =
884 { APP_CALLBACK_STRING, 0 };
886 SSL_CTX *c_ctx = NULL;
887 const SSL_METHOD *meth = NULL;
889 int number = 1, reuse = 0;
890 int should_reuse = -1;
893 #ifndef OPENSSL_NO_DH
895 int dhe512 = 0, dhe1024dsa = 0;
900 clock_t s_time = 0, c_time = 0;
901 #ifndef OPENSSL_NO_COMP
903 COMP_METHOD *cm = NULL;
904 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
907 int min_version = 0, max_version = 0;
908 #ifndef OPENSSL_NO_CT
910 * Disable CT validation by default, because it will interfere with
911 * anything using custom extension handlers to deal with SCT extensions.
913 int ct_validation = 0;
915 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
916 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
917 char *arg = NULL, *argn = NULL;
923 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
925 p = getenv("OPENSSL_DEBUG_MEMORY");
926 if (p != NULL && strcmp(p, "on") == 0)
927 CRYPTO_set_mem_debug(1);
928 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
930 RAND_seed(rnd_seed, sizeof rnd_seed);
932 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
934 s_cctx = SSL_CONF_CTX_new();
935 s_cctx2 = SSL_CONF_CTX_new();
936 c_cctx = SSL_CONF_CTX_new();
938 if (!s_cctx || !c_cctx || !s_cctx2) {
939 ERR_print_errors(bio_err);
943 SSL_CONF_CTX_set_flags(s_cctx,
944 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
945 SSL_CONF_FLAG_CERTIFICATE |
946 SSL_CONF_FLAG_REQUIRE_PRIVATE);
947 SSL_CONF_CTX_set_flags(s_cctx2,
948 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
949 SSL_CONF_FLAG_CERTIFICATE |
950 SSL_CONF_FLAG_REQUIRE_PRIVATE);
951 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
952 ERR_print_errors(bio_err);
955 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
956 ERR_print_errors(bio_err);
960 SSL_CONF_CTX_set_flags(c_cctx,
961 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
962 SSL_CONF_FLAG_CERTIFICATE |
963 SSL_CONF_FLAG_REQUIRE_PRIVATE);
964 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
965 ERR_print_errors(bio_err);
973 if (strcmp(*argv, "-F") == 0) {
975 "not compiled with FIPS support, so exiting without running.\n");
977 } else if (strcmp(*argv, "-server_auth") == 0)
979 else if (strcmp(*argv, "-client_auth") == 0)
981 else if (strcmp(*argv, "-v") == 0)
983 else if (strcmp(*argv, "-d") == 0)
985 else if (strcmp(*argv, "-reuse") == 0)
987 else if (strcmp(*argv, "-dhe512") == 0) {
988 #ifndef OPENSSL_NO_DH
992 "ignoring -dhe512, since I'm compiled without DH\n");
994 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
995 #ifndef OPENSSL_NO_DH
999 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1001 } else if (strcmp(*argv, "-no_dhe") == 0)
1003 else if (strcmp(*argv, "-no_ecdhe") == 0)
1005 else if (strcmp(*argv, "-psk") == 0) {
1008 psk_key = *(++argv);
1009 #ifndef OPENSSL_NO_PSK
1010 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1011 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1018 else if (strcmp(*argv, "-tls1_2") == 0) {
1020 } else if (strcmp(*argv, "-tls1") == 0) {
1022 } else if (strcmp(*argv, "-ssl3") == 0) {
1024 } else if (strcmp(*argv, "-dtls1") == 0) {
1026 } else if (strcmp(*argv, "-dtls12") == 0) {
1028 } else if (strcmp(*argv, "-dtls") == 0) {
1030 } else if (strncmp(*argv, "-num", 4) == 0) {
1033 number = atoi(*(++argv));
1036 } else if (strcmp(*argv, "-bytes") == 0) {
1039 bytes = atol(*(++argv));
1042 i = strlen(argv[0]);
1043 if (argv[0][i - 1] == 'k')
1045 if (argv[0][i - 1] == 'm')
1046 bytes *= 1024L * 1024L;
1047 } else if (strcmp(*argv, "-cipher") == 0) {
1051 } else if (strcmp(*argv, "-CApath") == 0) {
1055 } else if (strcmp(*argv, "-CAfile") == 0) {
1059 } else if (strcmp(*argv, "-bio_pair") == 0) {
1060 bio_type = BIO_PAIR;
1062 #ifndef OPENSSL_NO_SOCK
1063 else if (strcmp(*argv, "-ipv4") == 0) {
1064 bio_type = BIO_IPV4;
1065 } else if (strcmp(*argv, "-ipv6") == 0) {
1066 bio_type = BIO_IPV6;
1069 else if (strcmp(*argv, "-f") == 0) {
1071 } else if (strcmp(*argv, "-time") == 0) {
1074 #ifndef OPENSSL_NO_CT
1075 else if (strcmp(*argv, "-noct") == 0) {
1078 else if (strcmp(*argv, "-ct") == 0) {
1082 #ifndef OPENSSL_NO_COMP
1083 else if (strcmp(*argv, "-zlib") == 0) {
1087 else if (strcmp(*argv, "-app_verify") == 0) {
1088 app_verify_arg.app_verify = 1;
1090 #ifndef OPENSSL_NO_NEXTPROTONEG
1091 else if (strcmp(*argv, "-npn_client") == 0) {
1093 } else if (strcmp(*argv, "-npn_server") == 0) {
1095 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1096 npn_server_reject = 1;
1099 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1101 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1102 serverinfo_tack = 1;
1103 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1106 serverinfo_file = *(++argv);
1107 } else if (strcmp(*argv, "-custom_ext") == 0) {
1109 } else if (strcmp(*argv, "-alpn_client") == 0) {
1112 alpn_client = *(++argv);
1113 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1114 strcmp(*argv, "-alpn_server1") == 0) {
1117 alpn_server = *(++argv);
1118 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1121 alpn_server2 = *(++argv);
1122 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1125 alpn_expected = *(++argv);
1126 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1129 server_min_proto = *(++argv);
1130 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1133 server_max_proto = *(++argv);
1134 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1137 client_min_proto = *(++argv);
1138 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1141 client_max_proto = *(++argv);
1142 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1145 should_negotiate = *(++argv);
1146 } else if (strcmp(*argv, "-sn_client") == 0) {
1149 sn_client = *(++argv);
1150 } else if (strcmp(*argv, "-sn_server1") == 0) {
1153 sn_server1 = *(++argv);
1154 } else if (strcmp(*argv, "-sn_server2") == 0) {
1157 sn_server2 = *(++argv);
1158 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1160 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1162 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1165 server_sess_out = *(++argv);
1166 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1169 server_sess_in = *(++argv);
1170 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1173 client_sess_out = *(++argv);
1174 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1177 client_sess_in = *(++argv);
1178 } else if (strcmp(*argv, "-should_reuse") == 0) {
1181 should_reuse = !!atoi(*(++argv));
1182 } else if (strcmp(*argv, "-no_ticket") == 0) {
1188 /* Try to process command using SSL_CONF */
1189 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1190 /* If not processed try server */
1192 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1193 /* Recognised: store it for later use */
1198 conf_args = sk_OPENSSL_STRING_new_null();
1202 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1204 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1209 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1211 BIO_printf(bio_err, "Error with command %s\n", arg);
1213 BIO_printf(bio_err, "unknown option %s\n", arg);
1226 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1227 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1232 #ifdef OPENSSL_NO_SSL3
1237 #ifdef OPENSSL_NO_TLS1
1242 #ifdef OPENSSL_NO_TLS1_2
1247 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1252 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1260 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1261 * Ideally, we would error out, but the generic test wrapper can't know
1262 * when to expect failure. So we do nothing and return success.
1265 fprintf(stderr, "Testing was requested for a disabled protocol. "
1266 "Skipping tests.\n");
1271 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1272 && !reuse && !force) {
1273 fprintf(stderr, "This case cannot work. Use -f to perform "
1274 "the test anyway (and\n-d to see what happens), "
1275 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1276 "to avoid protocol mismatch.\n");
1281 if (bio_type != BIO_PAIR) {
1282 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1283 bio_type = BIO_PAIR;
1285 if (number < 50 && !force)
1287 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1290 #ifndef OPENSSL_NO_COMP
1291 if (comp == COMP_ZLIB)
1294 if (COMP_get_type(cm) != NID_undef) {
1295 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1296 fprintf(stderr, "Failed to add compression method\n");
1297 ERR_print_errors_fp(stderr);
1301 "Warning: %s compression not supported\n",
1302 comp == COMP_ZLIB ? "zlib" : "unknown");
1303 ERR_print_errors_fp(stderr);
1306 ssl_comp_methods = SSL_COMP_get_compression_methods();
1307 n = sk_SSL_COMP_num(ssl_comp_methods);
1310 printf("Available compression methods:");
1311 for (j = 0; j < n; j++) {
1312 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1313 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1319 #ifndef OPENSSL_NO_TLS
1320 meth = TLS_method();
1322 min_version = SSL3_VERSION;
1323 max_version = SSL3_VERSION;
1325 min_version = TLS1_VERSION;
1326 max_version = TLS1_VERSION;
1327 } else if (tls1_2) {
1328 min_version = TLS1_2_VERSION;
1329 max_version = TLS1_2_VERSION;
1332 #ifndef OPENSSL_NO_DTLS
1333 if (dtls || dtls1 || dtls12)
1334 meth = DTLS_method();
1336 min_version = DTLS1_VERSION;
1337 max_version = DTLS1_VERSION;
1338 } else if (dtls12) {
1339 min_version = DTLS1_2_VERSION;
1340 max_version = DTLS1_2_VERSION;
1344 c_ctx = SSL_CTX_new(meth);
1345 s_ctx = SSL_CTX_new(meth);
1346 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1347 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1348 ERR_print_errors(bio_err);
1352 * Since we will use low security ciphersuites and keys for testing set
1353 * security level to zero by default. Tests can override this by adding
1354 * "@SECLEVEL=n" to the cipher string.
1356 SSL_CTX_set_security_level(c_ctx, 0);
1357 SSL_CTX_set_security_level(s_ctx, 0);
1358 SSL_CTX_set_security_level(s_ctx2, 0);
1361 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1362 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1365 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1367 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1369 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1371 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1374 if (cipher != NULL) {
1375 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1376 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1377 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1378 ERR_print_errors(bio_err);
1383 #ifndef OPENSSL_NO_CT
1384 if (ct_validation &&
1385 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1386 ERR_print_errors(bio_err);
1391 /* Process SSL_CONF arguments */
1392 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1393 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1394 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1396 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1398 arg = sk_OPENSSL_STRING_value(conf_args, i);
1399 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1400 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1401 /* If not recognised use server context */
1403 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1405 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1408 BIO_printf(bio_err, "Error processing %s %s\n",
1409 arg, argn ? argn : "");
1410 ERR_print_errors(bio_err);
1415 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1416 BIO_puts(bio_err, "Error finishing context\n");
1417 ERR_print_errors(bio_err);
1420 #ifndef OPENSSL_NO_DH
1423 dh = get_dh1024dsa();
1428 SSL_CTX_set_tmp_dh(s_ctx, dh);
1429 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1436 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1437 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1438 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1439 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1440 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1441 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1442 ERR_print_errors(bio_err);
1445 #ifndef OPENSSL_NO_CT
1446 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1447 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1448 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1449 ERR_print_errors(bio_err);
1454 printf("client authentication\n");
1455 SSL_CTX_set_verify(s_ctx,
1456 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1458 SSL_CTX_set_verify(s_ctx2,
1459 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1461 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1463 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1467 printf("server authentication\n");
1468 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1469 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1474 int session_id_context = 0;
1475 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1476 sizeof session_id_context) ||
1477 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1478 sizeof session_id_context)) {
1479 ERR_print_errors(bio_err);
1484 /* Use PSK only if PSK key is given */
1485 if (psk_key != NULL) {
1487 * no_psk is used to avoid putting psk command to openssl tool
1491 * if PSK is not compiled in and psk key is given, do nothing and
1497 #ifndef OPENSSL_NO_PSK
1498 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1499 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1500 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1502 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1503 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1504 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1505 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1506 ERR_print_errors(bio_err);
1512 #ifndef OPENSSL_NO_NEXTPROTONEG
1514 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1517 if (npn_server_reject) {
1519 "Can't have both -npn_server and -npn_server_reject\n");
1522 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1523 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1525 if (npn_server_reject) {
1526 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1527 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1531 if (serverinfo_sct) {
1532 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1533 TLSEXT_TYPE_signed_certificate_timestamp,
1535 serverinfo_cli_parse_cb, NULL)) {
1536 BIO_printf(bio_err, "Error adding SCT extension\n");
1540 if (serverinfo_tack) {
1541 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1543 serverinfo_cli_parse_cb, NULL)) {
1544 BIO_printf(bio_err, "Error adding TACK extension\n");
1548 if (serverinfo_file)
1549 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1550 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1551 BIO_printf(bio_err, "missing serverinfo file\n");
1556 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1557 custom_ext_0_cli_add_cb,
1559 custom_ext_0_cli_parse_cb, NULL)
1560 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1561 custom_ext_1_cli_add_cb,
1563 custom_ext_1_cli_parse_cb, NULL)
1564 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1565 custom_ext_2_cli_add_cb,
1567 custom_ext_2_cli_parse_cb, NULL)
1568 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1569 custom_ext_3_cli_add_cb,
1571 custom_ext_3_cli_parse_cb, NULL)
1572 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1573 custom_ext_0_srv_add_cb,
1575 custom_ext_0_srv_parse_cb, NULL)
1576 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1577 custom_ext_0_srv_add_cb,
1579 custom_ext_0_srv_parse_cb, NULL)
1580 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1581 custom_ext_1_srv_add_cb,
1583 custom_ext_1_srv_parse_cb, NULL)
1584 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1585 custom_ext_1_srv_add_cb,
1587 custom_ext_1_srv_parse_cb, NULL)
1588 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1589 custom_ext_2_srv_add_cb,
1591 custom_ext_2_srv_parse_cb, NULL)
1592 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1593 custom_ext_2_srv_add_cb,
1595 custom_ext_2_srv_parse_cb, NULL)
1596 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1597 custom_ext_3_srv_add_cb,
1599 custom_ext_3_srv_parse_cb, NULL)
1600 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1601 custom_ext_3_srv_add_cb,
1603 custom_ext_3_srv_parse_cb, NULL)) {
1604 BIO_printf(bio_err, "Error setting custom extensions\n");
1610 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1612 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1616 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1619 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1622 /* Returns 0 on success!! */
1623 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1624 BIO_printf(bio_err, "Error setting ALPN\n");
1631 if (server_sess_in != NULL) {
1632 server_sess = read_session(server_sess_in);
1633 if (server_sess == NULL)
1636 if (client_sess_in != NULL) {
1637 client_sess = read_session(client_sess_in);
1638 if (client_sess == NULL)
1642 if (server_sess_out != NULL || server_sess_in != NULL) {
1646 /* Use a fixed key so that we can decrypt the ticket. */
1647 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1648 keys = OPENSSL_zalloc(size);
1649 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1653 if (sn_server1 != NULL || sn_server2 != NULL)
1654 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1656 c_ssl = SSL_new(c_ctx);
1657 s_ssl = SSL_new(s_ctx);
1660 SSL_set_tlsext_host_name(c_ssl, sn_client);
1662 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1664 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1666 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1668 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1672 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1673 BIO_printf(bio_err, "Can't add server session\n");
1674 ERR_print_errors(bio_err);
1679 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1680 for (i = 0; i < number; i++) {
1682 if (!SSL_set_session(c_ssl, NULL)) {
1683 BIO_printf(bio_err, "Failed to set session\n");
1687 if (client_sess_in != NULL) {
1688 if (SSL_set_session(c_ssl, client_sess) == 0) {
1689 BIO_printf(bio_err, "Can't set client session\n");
1690 ERR_print_errors(bio_err);
1696 ret = doit(s_ssl, c_ssl, bytes);
1699 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1701 #ifndef OPENSSL_NO_SOCK
1703 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1704 bytes, &s_time, &c_time);
1707 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1708 bytes, &s_time, &c_time);
1720 if (should_negotiate && ret == 0 &&
1721 strcmp(should_negotiate, "fail-server") != 0 &&
1722 strcmp(should_negotiate, "fail-client") != 0) {
1723 int version = protocol_from_string(should_negotiate);
1725 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1729 if (SSL_version(c_ssl) != version) {
1730 BIO_printf(bio_err, "Unexpected version negotiated. "
1731 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1737 if (should_reuse != -1) {
1738 if (SSL_session_reused(s_ssl) != should_reuse ||
1739 SSL_session_reused(c_ssl) != should_reuse) {
1740 BIO_printf(bio_err, "Unexpected session reuse state. "
1741 "Expected: %d, server: %d, client: %d\n", should_reuse,
1742 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1748 if (server_sess_out != NULL) {
1749 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1754 if (client_sess_out != NULL) {
1755 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1762 print_details(c_ssl, "");
1765 #ifdef CLOCKS_PER_SEC
1767 * "To determine the time in seconds, the value returned by the clock
1768 * function should be divided by the value of the macro
1769 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1771 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1772 "Approximate total client time: %6.2f s\n",
1773 (double)s_time / CLOCKS_PER_SEC,
1774 (double)c_time / CLOCKS_PER_SEC);
1776 BIO_printf(bio_stdout,
1777 "Approximate total server time: %6.2f units\n"
1778 "Approximate total client time: %6.2f units\n",
1779 (double)s_time, (double)c_time);
1788 SSL_CTX_free(s_ctx);
1789 SSL_CTX_free(s_ctx2);
1790 SSL_CTX_free(c_ctx);
1791 SSL_CONF_CTX_free(s_cctx);
1792 SSL_CONF_CTX_free(s_cctx2);
1793 SSL_CONF_CTX_free(c_cctx);
1794 sk_OPENSSL_STRING_free(conf_args);
1796 BIO_free(bio_stdout);
1798 SSL_SESSION_free(server_sess);
1799 SSL_SESSION_free(client_sess);
1801 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1802 if (CRYPTO_mem_leaks(bio_err) <= 0)
1809 #ifndef OPENSSL_NO_SOCK
1810 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1811 clock_t *s_time, clock_t *c_time)
1813 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1814 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1815 BIO *acpt = NULL, *server = NULL, *client = NULL;
1818 int err_in_client = 0;
1819 int err_in_server = 0;
1821 acpt = BIO_new_accept("0");
1824 BIO_set_accept_ip_family(acpt, family);
1825 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1826 if (BIO_do_accept(acpt) <= 0)
1829 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1831 client = BIO_new_connect(addr_str);
1832 BIO_set_conn_ip_family(client, family);
1836 if (BIO_set_nbio(client, 1) <= 0)
1838 if (BIO_set_nbio(acpt, 1) <= 0)
1842 int st_connect = 0, st_accept = 0;
1844 while(!st_connect || !st_accept) {
1846 if (BIO_do_connect(client) <= 0) {
1847 if (!BIO_should_retry(client))
1854 if (BIO_do_accept(acpt) <= 0) {
1855 if (!BIO_should_retry(acpt))
1863 /* We're not interested in accepting further connects */
1864 server = BIO_pop(acpt);
1868 s_ssl_bio = BIO_new(BIO_f_ssl());
1872 c_ssl_bio = BIO_new(BIO_f_ssl());
1876 SSL_set_connect_state(c_ssl);
1877 SSL_set_bio(c_ssl, client, client);
1878 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1880 SSL_set_accept_state(s_ssl);
1881 SSL_set_bio(s_ssl, server, server);
1882 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1886 * c_ssl_bio: SSL filter BIO
1888 * client: I/O for SSL library
1891 * server: I/O for SSL library
1893 * s_ssl_bio: SSL filter BIO
1897 * We have non-blocking behaviour throughout this test program, but
1898 * can be sure that there is *some* progress in each iteration; so we
1899 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1900 * we just try everything in each iteration
1906 char cbuf[1024 * 8];
1908 clock_t c_clock = clock();
1910 memset(cbuf, 0, sizeof(cbuf));
1913 if (SSL_in_init(c_ssl))
1914 printf("client waiting in SSL_connect - %s\n",
1915 SSL_state_string_long(c_ssl));
1918 /* Write to server. */
1920 if (cw_num > (long)sizeof cbuf)
1924 r = BIO_write(c_ssl_bio, cbuf, i);
1926 if (!BIO_should_retry(c_ssl_bio)) {
1927 fprintf(stderr, "ERROR in CLIENT\n");
1932 * BIO_should_retry(...) can just be ignored here. The
1933 * library expects us to call BIO_write with the same
1934 * arguments again, and that's what we will do in the
1937 } else if (r == 0) {
1938 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1942 printf("client wrote %d\n", r);
1948 /* Read from server. */
1950 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
1952 if (!BIO_should_retry(c_ssl_bio)) {
1953 fprintf(stderr, "ERROR in CLIENT\n");
1958 * Again, "BIO_should_retry" can be ignored.
1960 } else if (r == 0) {
1961 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1965 printf("client read %d\n", r);
1971 * c_time and s_time increments will typically be very small
1972 * (depending on machine speed and clock tick intervals), but
1973 * sampling over a large number of connections should result in
1974 * fairly accurate figures. We cannot guarantee a lot, however
1975 * -- if each connection lasts for exactly one clock tick, it
1976 * will be counted only for the client or only for the server or
1979 *c_time += (clock() - c_clock);
1985 char sbuf[1024 * 8];
1987 clock_t s_clock = clock();
1989 memset(sbuf, 0, sizeof(sbuf));
1992 if (SSL_in_init(s_ssl))
1993 printf("server waiting in SSL_accept - %s\n",
1994 SSL_state_string_long(s_ssl));
1997 /* Write to client. */
1999 if (sw_num > (long)sizeof sbuf)
2003 r = BIO_write(s_ssl_bio, sbuf, i);
2005 if (!BIO_should_retry(s_ssl_bio)) {
2006 fprintf(stderr, "ERROR in SERVER\n");
2010 /* Ignore "BIO_should_retry". */
2011 } else if (r == 0) {
2012 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2016 printf("server wrote %d\n", r);
2022 /* Read from client. */
2024 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2026 if (!BIO_should_retry(s_ssl_bio)) {
2027 fprintf(stderr, "ERROR in SERVER\n");
2032 } else if (r == 0) {
2033 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2037 printf("server read %d\n", r);
2042 *s_time += (clock() - s_clock);
2045 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2048 print_details(c_ssl, "DONE via TCP connect: ");
2049 # ifndef OPENSSL_NO_NEXTPROTONEG
2050 if (verify_npn(c_ssl, s_ssl) < 0) {
2055 if (verify_serverinfo() < 0) {
2056 fprintf(stderr, "Server info verify error\n");
2060 if (verify_alpn(c_ssl, s_ssl) < 0) {
2064 if (verify_servername(c_ssl, s_ssl) < 0) {
2069 if (custom_ext_error) {
2070 fprintf(stderr, "Custom extension error\n");
2075 # ifndef OPENSSL_NO_NEXTPROTONEG
2081 ERR_print_errors(bio_err);
2086 BIO_free(s_ssl_bio);
2087 BIO_free(c_ssl_bio);
2089 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2090 ret = (err_in_client != 0) ? 0 : 1;
2091 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2092 ret = (err_in_server != 0) ? 0 : 1;
2098 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2099 clock_t *s_time, clock_t *c_time)
2101 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2102 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2103 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2105 int err_in_client = 0;
2106 int err_in_server = 0;
2108 size_t bufsiz = 256; /* small buffer for testing */
2110 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2112 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2115 s_ssl_bio = BIO_new(BIO_f_ssl());
2119 c_ssl_bio = BIO_new(BIO_f_ssl());
2123 SSL_set_connect_state(c_ssl);
2124 SSL_set_bio(c_ssl, client, client);
2125 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2127 SSL_set_accept_state(s_ssl);
2128 SSL_set_bio(s_ssl, server, server);
2129 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2133 * c_ssl_bio: SSL filter BIO
2135 * client: pseudo-I/O for SSL library
2137 * client_io: client's SSL communication; usually to be
2138 * relayed over some I/O facility, but in this
2139 * test program, we're the server, too:
2141 * server_io: server's SSL communication
2143 * server: pseudo-I/O for SSL library
2145 * s_ssl_bio: SSL filter BIO
2147 * The client and the server each employ a "BIO pair":
2148 * client + client_io, server + server_io.
2149 * BIO pairs are symmetric. A BIO pair behaves similar
2150 * to a non-blocking socketpair (but both endpoints must
2151 * be handled by the same thread).
2152 * [Here we could connect client and server to the ends
2153 * of a single BIO pair, but then this code would be less
2154 * suitable as an example for BIO pairs in general.]
2156 * Useful functions for querying the state of BIO pair endpoints:
2158 * BIO_ctrl_pending(bio) number of bytes we can read now
2159 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2160 * other side's read attempt
2161 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2163 * ..._read_request is never more than ..._write_guarantee;
2164 * it depends on the application which one you should use.
2168 * We have non-blocking behaviour throughout this test program, but
2169 * can be sure that there is *some* progress in each iteration; so we
2170 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2171 * we just try everything in each iteration
2177 char cbuf[1024 * 8];
2179 clock_t c_clock = clock();
2181 memset(cbuf, 0, sizeof(cbuf));
2184 if (SSL_in_init(c_ssl))
2185 printf("client waiting in SSL_connect - %s\n",
2186 SSL_state_string_long(c_ssl));
2189 /* Write to server. */
2191 if (cw_num > (long)sizeof cbuf)
2195 r = BIO_write(c_ssl_bio, cbuf, i);
2197 if (!BIO_should_retry(c_ssl_bio)) {
2198 fprintf(stderr, "ERROR in CLIENT\n");
2203 * BIO_should_retry(...) can just be ignored here. The
2204 * library expects us to call BIO_write with the same
2205 * arguments again, and that's what we will do in the
2208 } else if (r == 0) {
2209 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2213 printf("client wrote %d\n", r);
2219 /* Read from server. */
2221 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2223 if (!BIO_should_retry(c_ssl_bio)) {
2224 fprintf(stderr, "ERROR in CLIENT\n");
2229 * Again, "BIO_should_retry" can be ignored.
2231 } else if (r == 0) {
2232 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2236 printf("client read %d\n", r);
2242 * c_time and s_time increments will typically be very small
2243 * (depending on machine speed and clock tick intervals), but
2244 * sampling over a large number of connections should result in
2245 * fairly accurate figures. We cannot guarantee a lot, however
2246 * -- if each connection lasts for exactly one clock tick, it
2247 * will be counted only for the client or only for the server or
2250 *c_time += (clock() - c_clock);
2256 char sbuf[1024 * 8];
2258 clock_t s_clock = clock();
2260 memset(sbuf, 0, sizeof(sbuf));
2263 if (SSL_in_init(s_ssl))
2264 printf("server waiting in SSL_accept - %s\n",
2265 SSL_state_string_long(s_ssl));
2268 /* Write to client. */
2270 if (sw_num > (long)sizeof sbuf)
2274 r = BIO_write(s_ssl_bio, sbuf, i);
2276 if (!BIO_should_retry(s_ssl_bio)) {
2277 fprintf(stderr, "ERROR in SERVER\n");
2281 /* Ignore "BIO_should_retry". */
2282 } else if (r == 0) {
2283 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2287 printf("server wrote %d\n", r);
2293 /* Read from client. */
2295 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2297 if (!BIO_should_retry(s_ssl_bio)) {
2298 fprintf(stderr, "ERROR in SERVER\n");
2303 } else if (r == 0) {
2304 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2308 printf("server read %d\n", r);
2313 *s_time += (clock() - s_clock);
2317 /* "I/O" BETWEEN CLIENT AND SERVER. */
2320 BIO *io1 = server_io, *io2 = client_io;
2322 * we use the non-copying interface for io1 and the standard
2323 * BIO_write/BIO_read interface for io2
2326 static int prev_progress = 1;
2334 r1 = BIO_ctrl_pending(io1);
2335 r2 = BIO_ctrl_get_write_guarantee(io2);
2343 if (INT_MAX < num) /* yeah, right */
2346 r = BIO_nread(io1, &dataptr, (int)num);
2348 assert(r <= (int)num);
2350 * possibly r < num (non-contiguous data)
2353 r = BIO_write(io2, dataptr, (int)num);
2354 if (r != (int)num) { /* can't happen */
2355 fprintf(stderr, "ERROR: BIO_write could not write "
2356 "BIO_ctrl_get_write_guarantee() bytes");
2362 printf((io1 == client_io) ?
2363 "C->S relaying: %d bytes\n" :
2364 "S->C relaying: %d bytes\n", (int)num);
2374 r1 = BIO_ctrl_pending(io2);
2375 r2 = BIO_ctrl_get_read_request(io1);
2377 * here we could use ..._get_write_guarantee instead of
2378 * ..._get_read_request, but by using the latter we test
2379 * restartability of the SSL implementation more thoroughly
2391 --num; /* test restartability even more thoroughly */
2393 r = BIO_nwrite0(io1, &dataptr);
2397 r = BIO_read(io2, dataptr, (int)num);
2398 if (r != (int)num) { /* can't happen */
2399 fprintf(stderr, "ERROR: BIO_read could not read "
2400 "BIO_ctrl_pending() bytes");
2404 r = BIO_nwrite(io1, &dataptr, (int)num);
2405 if (r != (int)num) { /* can't happen */
2406 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2407 "BIO_nwrite0() bytes");
2412 printf((io2 == client_io) ?
2413 "C->S relaying: %d bytes\n" :
2414 "S->C relaying: %d bytes\n", (int)num);
2416 } /* no loop, BIO_ctrl_get_read_request now
2417 * returns 0 anyway */
2419 if (!progress && !prev_progress)
2420 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2421 fprintf(stderr, "ERROR: got stuck\n");
2422 fprintf(stderr, " ERROR.\n");
2425 prev_progress = progress;
2428 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2431 print_details(c_ssl, "DONE via BIO pair: ");
2432 #ifndef OPENSSL_NO_NEXTPROTONEG
2433 if (verify_npn(c_ssl, s_ssl) < 0) {
2438 if (verify_serverinfo() < 0) {
2439 fprintf(stderr, "Server info verify error\n");
2443 if (verify_alpn(c_ssl, s_ssl) < 0) {
2447 if (verify_servername(c_ssl, s_ssl) < 0) {
2452 if (custom_ext_error) {
2453 fprintf(stderr, "Custom extension error\n");
2458 #ifndef OPENSSL_NO_NEXTPROTONEG
2464 ERR_print_errors(bio_err);
2467 BIO_free(server_io);
2469 BIO_free(client_io);
2470 BIO_free(s_ssl_bio);
2471 BIO_free(c_ssl_bio);
2473 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2474 ret = (err_in_client != 0) ? 0 : 1;
2475 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2476 ret = (err_in_server != 0) ? 0 : 1;
2486 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2488 char *cbuf = NULL, *sbuf = NULL;
2490 long cw_num = count, cr_num = count;
2491 long sw_num = count, sr_num = count;
2497 int c_r, c_w, s_r, s_w;
2500 int c_write, s_write;
2501 int do_server = 0, do_client = 0;
2502 int max_frag = 5 * 1024;
2503 int err_in_client = 0;
2504 int err_in_server = 0;
2506 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2508 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2510 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2513 c_to_s = BIO_new(BIO_s_mem());
2514 s_to_c = BIO_new(BIO_s_mem());
2515 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2516 ERR_print_errors(bio_err);
2520 c_bio = BIO_new(BIO_f_ssl());
2521 s_bio = BIO_new(BIO_f_ssl());
2522 if ((c_bio == NULL) || (s_bio == NULL)) {
2523 ERR_print_errors(bio_err);
2527 SSL_set_connect_state(c_ssl);
2528 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2529 SSL_set_max_send_fragment(c_ssl, max_frag);
2530 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2533 * We've just given our ref to these BIOs to c_ssl. We need another one to
2536 if (!BIO_up_ref(c_to_s)) {
2537 /* c_to_s and s_to_c will get freed when we free c_ssl */
2542 if (!BIO_up_ref(s_to_c)) {
2543 /* s_to_c will get freed when we free c_ssl */
2548 SSL_set_accept_state(s_ssl);
2549 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2551 /* We've used up all our refs to these now */
2555 SSL_set_max_send_fragment(s_ssl, max_frag);
2556 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2562 c_write = 1, s_write = 0;
2564 /* We can always do writes */
2569 i = (int)BIO_pending(s_bio);
2570 if ((i && s_r) || s_w)
2573 i = (int)BIO_pending(c_bio);
2574 if ((i && c_r) || c_w)
2577 if (do_server && debug) {
2578 if (SSL_in_init(s_ssl))
2579 printf("server waiting in SSL_accept - %s\n",
2580 SSL_state_string_long(s_ssl));
2583 if (do_client && debug) {
2584 if (SSL_in_init(c_ssl))
2585 printf("client waiting in SSL_connect - %s\n",
2586 SSL_state_string_long(c_ssl));
2589 if (!do_client && !do_server) {
2590 fprintf(stdout, "ERROR IN STARTUP\n");
2591 ERR_print_errors(bio_err);
2594 if (do_client && !(done & C_DONE)) {
2596 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2597 i = BIO_write(c_bio, cbuf, j);
2601 if (BIO_should_retry(c_bio)) {
2602 if (BIO_should_read(c_bio))
2604 if (BIO_should_write(c_bio))
2607 fprintf(stderr, "ERROR in CLIENT\n");
2609 ERR_print_errors(bio_err);
2612 } else if (i == 0) {
2613 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2617 printf("client wrote %d\n", i);
2622 if (max_frag > 1029)
2623 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2626 i = BIO_read(c_bio, cbuf, bufsiz);
2630 if (BIO_should_retry(c_bio)) {
2631 if (BIO_should_read(c_bio))
2633 if (BIO_should_write(c_bio))
2636 fprintf(stderr, "ERROR in CLIENT\n");
2638 ERR_print_errors(bio_err);
2641 } else if (i == 0) {
2642 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2646 printf("client read %d\n", i);
2655 done = S_DONE | C_DONE;
2661 if (do_server && !(done & S_DONE)) {
2663 i = BIO_read(s_bio, sbuf, bufsiz);
2667 if (BIO_should_retry(s_bio)) {
2668 if (BIO_should_read(s_bio))
2670 if (BIO_should_write(s_bio))
2673 fprintf(stderr, "ERROR in SERVER\n");
2675 ERR_print_errors(bio_err);
2678 } else if (i == 0) {
2679 ERR_print_errors(bio_err);
2681 "SSL SERVER STARTUP FAILED in SSL_read\n");
2685 printf("server read %d\n", i);
2698 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2699 i = BIO_write(s_bio, sbuf, j);
2703 if (BIO_should_retry(s_bio)) {
2704 if (BIO_should_read(s_bio))
2706 if (BIO_should_write(s_bio))
2709 fprintf(stderr, "ERROR in SERVER\n");
2711 ERR_print_errors(bio_err);
2714 } else if (i == 0) {
2715 ERR_print_errors(bio_err);
2717 "SSL SERVER STARTUP FAILED in SSL_write\n");
2721 printf("server wrote %d\n", i);
2727 if (max_frag > 1029)
2728 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2733 if ((done & S_DONE) && (done & C_DONE))
2738 print_details(c_ssl, "DONE: ");
2739 #ifndef OPENSSL_NO_NEXTPROTONEG
2740 if (verify_npn(c_ssl, s_ssl) < 0) {
2745 if (verify_serverinfo() < 0) {
2746 fprintf(stderr, "Server info verify error\n");
2750 if (custom_ext_error) {
2751 fprintf(stderr, "Custom extension error\n");
2759 BIO_free_all(c_bio);
2760 BIO_free_all(s_bio);
2764 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2765 ret = (err_in_client != 0) ? 0 : 1;
2766 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2767 ret = (err_in_server != 0) ? 0 : 1;
2772 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2776 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2780 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2782 fprintf(stderr, "depth=%d error=%d %s\n",
2783 X509_STORE_CTX_get_error_depth(ctx),
2784 X509_STORE_CTX_get_error(ctx), buf);
2789 int i = X509_STORE_CTX_get_error(ctx);
2793 fprintf(stderr, "Error string: %s\n",
2794 X509_verify_cert_error_string(i));
2796 case X509_V_ERR_CERT_NOT_YET_VALID:
2797 case X509_V_ERR_CERT_HAS_EXPIRED:
2798 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2807 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2810 struct app_verify_arg *cb_arg = arg;
2812 if (cb_arg->app_verify) {
2813 char *s = NULL, buf[256];
2814 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2816 printf("In app_verify_callback, allowing cert. ");
2817 printf("Arg is: %s\n", cb_arg->string);
2818 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2819 (void *)ctx, (void *)c);
2821 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2823 printf("cert depth=%d %s\n",
2824 X509_STORE_CTX_get_error_depth(ctx), buf);
2829 ok = X509_verify_cert(ctx);
2834 #ifndef OPENSSL_NO_DH
2836 * These DH parameters have been generated as follows:
2837 * $ openssl dhparam -C -noout 512
2838 * $ openssl dhparam -C -noout 1024
2839 * $ openssl dhparam -C -noout -dsaparam 1024
2840 * (The third function has been renamed to avoid name conflicts.)
2842 static DH *get_dh512()
2844 static unsigned char dh512_p[] = {
2845 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2847 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2849 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2851 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2853 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2855 0x02, 0xC5, 0xAE, 0x23,
2857 static unsigned char dh512_g[] = {
2863 if ((dh = DH_new()) == NULL)
2865 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2866 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2867 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2876 static DH *get_dh1024()
2878 static unsigned char dh1024_p[] = {
2879 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2881 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2883 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2885 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2887 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2889 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2891 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2893 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2895 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2897 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2899 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2901 static unsigned char dh1024_g[] = {
2907 if ((dh = DH_new()) == NULL)
2909 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2910 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2911 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2920 static DH *get_dh1024dsa()
2922 static unsigned char dh1024_p[] = {
2923 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2925 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2927 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2929 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2931 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2933 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2935 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2937 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2939 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2941 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2943 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2945 static unsigned char dh1024_g[] = {
2946 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2948 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2950 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2952 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2954 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2956 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2958 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2960 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2962 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
2964 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
2966 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
2971 if ((dh = DH_new()) == NULL)
2973 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2974 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2975 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2981 DH_set_length(dh, 160);
2986 #ifndef OPENSSL_NO_PSK
2987 /* convert the PSK key (psk_key) in ascii to binary (psk) */
2988 static int psk_key2bn(const char *pskkey, unsigned char *psk,
2989 unsigned int max_psk_len)
2994 ret = BN_hex2bn(&bn, pskkey);
2996 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3001 if (BN_num_bytes(bn) > (int)max_psk_len) {
3003 "psk buffer of callback is too small (%d) for key (%d)\n",
3004 max_psk_len, BN_num_bytes(bn));
3008 ret = BN_bn2bin(bn, psk);
3013 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3015 unsigned int max_identity_len,
3017 unsigned int max_psk_len)
3020 unsigned int psk_len = 0;
3022 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3026 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3028 ret = psk_key2bn(psk_key, psk, max_psk_len);
3036 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3038 unsigned int max_psk_len)
3040 unsigned int psk_len = 0;
3042 if (strcmp(identity, "Client_identity") != 0) {
3043 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3046 psk_len = psk_key2bn(psk_key, psk, max_psk_len);