2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 * DH low level APIs are deprecated for public use, but still ok for
16 #include "internal/deprecated.h"
20 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
22 # define _BSD_SOURCE 1
24 #ifndef _DEFAULT_SOURCE
25 # define _DEFAULT_SOURCE 1
36 #include "internal/nelem.h"
38 #ifdef OPENSSL_SYS_VMS
40 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
42 # define _XOPEN_SOURCE 500
47 #include <openssl/bio.h>
48 #include <openssl/crypto.h>
49 #include <openssl/evp.h>
50 #include <openssl/x509.h>
51 #include <openssl/x509v3.h>
52 #include <openssl/ssl.h>
53 #include <openssl/err.h>
54 #include <openssl/rand.h>
55 #ifndef OPENSSL_NO_RSA
56 # include <openssl/rsa.h>
58 #ifndef OPENSSL_NO_DSA
59 # include <openssl/dsa.h>
62 # include <openssl/dh.h>
64 #include <openssl/bn.h>
66 # include <openssl/ct.h>
70 * Or gethostname won't be declared properly
71 * on Compaq platforms (at least with DEC C).
72 * Do not try to put it earlier, or IPv6 includes
75 #define _XOPEN_SOURCE_EXTENDED 1
77 #ifdef OPENSSL_SYS_WINDOWS
83 static SSL_CTX *s_ctx = NULL;
84 static SSL_CTX *s_ctx2 = NULL;
87 * There is really no standard for this, so let's assign something
92 static int verify_callback(int ok, X509_STORE_CTX *ctx);
93 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
94 #define APP_CALLBACK_STRING "Test Callback Argument"
95 struct app_verify_arg {
100 #ifndef OPENSSL_NO_DH
101 static DH *get_dh512(void);
102 static DH *get_dh1024(void);
103 static DH *get_dh1024dsa(void);
106 static char *psk_key = NULL; /* by default PSK is not used */
107 #ifndef OPENSSL_NO_PSK
108 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
110 unsigned int max_identity_len,
112 unsigned int max_psk_len);
113 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
115 unsigned int max_psk_len);
118 static BIO *bio_err = NULL;
119 static BIO *bio_stdout = NULL;
121 #ifndef OPENSSL_NO_NEXTPROTONEG
122 /* Note that this code assumes that this is only a one element list: */
123 static const char NEXT_PROTO_STRING[] = "\x09testproto";
124 static int npn_client = 0;
125 static int npn_server = 0;
126 static int npn_server_reject = 0;
128 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
129 const unsigned char *in, unsigned int inlen,
133 * This callback only returns the protocol string, rather than a length
134 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
135 * and remove the first byte to chop off the length prefix.
137 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
138 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
139 return SSL_TLSEXT_ERR_OK;
142 static int cb_server_npn(SSL *s, const unsigned char **data,
143 unsigned int *len, void *arg)
145 *data = (const unsigned char *)NEXT_PROTO_STRING;
146 *len = sizeof(NEXT_PROTO_STRING) - 1;
147 return SSL_TLSEXT_ERR_OK;
150 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
151 unsigned int *len, void *arg)
153 return SSL_TLSEXT_ERR_NOACK;
156 static int verify_npn(SSL *client, SSL *server)
158 const unsigned char *client_s;
160 const unsigned char *server_s;
163 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
164 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
167 BIO_printf(bio_stdout, "Client NPN: ");
168 BIO_write(bio_stdout, client_s, client_len);
169 BIO_printf(bio_stdout, "\n");
173 BIO_printf(bio_stdout, "Server NPN: ");
174 BIO_write(bio_stdout, server_s, server_len);
175 BIO_printf(bio_stdout, "\n");
179 * If an NPN string was returned, it must be the protocol that we
180 * expected to negotiate.
182 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
183 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
185 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
186 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
189 if (!npn_client && client_len)
191 if (!npn_server && server_len)
193 if (npn_server_reject && server_len)
195 if (npn_client && npn_server && (!client_len || !server_len))
202 static const char *alpn_client;
203 static char *alpn_server;
204 static char *alpn_server2;
205 static const char *alpn_expected;
206 static unsigned char *alpn_selected;
207 static const char *server_min_proto;
208 static const char *server_max_proto;
209 static const char *client_min_proto;
210 static const char *client_max_proto;
211 static const char *should_negotiate;
212 static const char *sn_client;
213 static const char *sn_server1;
214 static const char *sn_server2;
215 static int sn_expect = 0;
216 static const char *server_sess_out;
217 static const char *server_sess_in;
218 static const char *client_sess_out;
219 static const char *client_sess_in;
220 static SSL_SESSION *server_sess;
221 static SSL_SESSION *client_sess;
223 static int servername_cb(SSL *s, int *ad, void *arg)
225 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
226 if (sn_server2 == NULL) {
227 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
228 return SSL_TLSEXT_ERR_NOACK;
232 if (s_ctx2 != NULL && sn_server2 != NULL &&
233 !strcasecmp(servername, sn_server2)) {
234 BIO_printf(bio_stdout, "Switching server context.\n");
235 SSL_set_SSL_CTX(s, s_ctx2);
238 return SSL_TLSEXT_ERR_OK;
240 static int verify_servername(SSL *client, SSL *server)
242 /* just need to see if sn_context is what we expect */
243 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
246 if (sn_expect == 1 && ctx == s_ctx)
248 if (sn_expect == 2 && ctx == s_ctx2)
250 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
252 BIO_printf(bio_stdout, "Servername: context is 2\n");
253 else if (ctx == s_ctx)
254 BIO_printf(bio_stdout, "Servername: context is 1\n");
256 BIO_printf(bio_stdout, "Servername: context is unknown\n");
262 * next_protos_parse parses a comma separated list of strings into a string
263 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
264 * outlen: (output) set to the length of the resulting buffer on success.
265 * in: a NUL terminated string like "abc,def,ghi"
267 * returns: a malloced buffer or NULL on failure.
269 static unsigned char *next_protos_parse(size_t *outlen,
280 out = OPENSSL_malloc(strlen(in) + 1);
284 for (i = 0; i <= len; ++i) {
285 if (i == len || in[i] == ',') {
286 if (i - start > 255) {
290 out[start] = (unsigned char)(i - start);
300 static int cb_server_alpn(SSL *s, const unsigned char **out,
301 unsigned char *outlen, const unsigned char *in,
302 unsigned int inlen, void *arg)
304 unsigned char *protos;
306 char* alpn_str = arg;
308 protos = next_protos_parse(&protos_len, alpn_str);
309 if (protos == NULL) {
310 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
315 if (SSL_select_next_proto
316 ((unsigned char **)out, outlen, protos, protos_len, in,
317 inlen) != OPENSSL_NPN_NEGOTIATED) {
318 OPENSSL_free(protos);
319 return SSL_TLSEXT_ERR_NOACK;
323 * Make a copy of the selected protocol which will be freed in
326 alpn_selected = OPENSSL_malloc(*outlen);
327 memcpy(alpn_selected, *out, *outlen);
328 *out = alpn_selected;
330 OPENSSL_free(protos);
331 return SSL_TLSEXT_ERR_OK;
334 static int verify_alpn(SSL *client, SSL *server)
336 const unsigned char *client_proto, *server_proto;
337 unsigned int client_proto_len = 0, server_proto_len = 0;
338 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
339 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
341 OPENSSL_free(alpn_selected);
342 alpn_selected = NULL;
344 if (client_proto_len != server_proto_len) {
345 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
349 if (client_proto != NULL &&
350 memcmp(client_proto, server_proto, client_proto_len) != 0) {
351 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
355 if (client_proto_len > 0 && alpn_expected == NULL) {
356 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
360 if (alpn_expected != NULL &&
361 (client_proto_len != strlen(alpn_expected) ||
362 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
363 BIO_printf(bio_stdout,
364 "ALPN selected protocols not equal to expected protocol: %s\n",
372 BIO_printf(bio_stdout, "ALPN results: client: '");
373 BIO_write(bio_stdout, client_proto, client_proto_len);
374 BIO_printf(bio_stdout, "', server: '");
375 BIO_write(bio_stdout, server_proto, server_proto_len);
376 BIO_printf(bio_stdout, "'\n");
377 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
379 if (SSL_get_SSL_CTX(server) == s_ctx2) {
380 BIO_printf(bio_stdout, "%s'\n",
383 BIO_printf(bio_stdout, "%s'\n",
390 * WARNING : below extension types are *NOT* IETF assigned, and could
391 * conflict if these types are reassigned and handled specially by OpenSSL
394 #define TACK_EXT_TYPE 62208
395 #define CUSTOM_EXT_TYPE_0 1000
396 #define CUSTOM_EXT_TYPE_1 1001
397 #define CUSTOM_EXT_TYPE_2 1002
398 #define CUSTOM_EXT_TYPE_3 1003
400 static const char custom_ext_cli_string[] = "abc";
401 static const char custom_ext_srv_string[] = "defg";
403 /* These set from cmdline */
404 static char *serverinfo_file = NULL;
405 static int serverinfo_sct = 0;
406 static int serverinfo_tack = 0;
408 /* These set based on extension callbacks */
409 static int serverinfo_sct_seen = 0;
410 static int serverinfo_tack_seen = 0;
411 static int serverinfo_other_seen = 0;
413 /* This set from cmdline */
414 static int custom_ext = 0;
416 /* This set based on extension callbacks */
417 static int custom_ext_error = 0;
419 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
420 const unsigned char *in, size_t inlen,
423 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
424 serverinfo_sct_seen++;
425 else if (ext_type == TACK_EXT_TYPE)
426 serverinfo_tack_seen++;
428 serverinfo_other_seen++;
432 static int verify_serverinfo(void)
434 if (serverinfo_sct != serverinfo_sct_seen)
436 if (serverinfo_tack != serverinfo_tack_seen)
438 if (serverinfo_other_seen)
444 * Four test cases for custom extensions:
445 * 0 - no ClientHello extension or ServerHello response
446 * 1 - ClientHello with "abc", no response
447 * 2 - ClientHello with "abc", empty response
448 * 3 - ClientHello with "abc", "defg" response
451 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
452 const unsigned char **out,
453 size_t *outlen, int *al, void *arg)
455 if (ext_type != CUSTOM_EXT_TYPE_0)
456 custom_ext_error = 1;
457 return 0; /* Don't send an extension */
460 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
461 const unsigned char *in,
462 size_t inlen, int *al, void *arg)
467 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
468 const unsigned char **out,
469 size_t *outlen, int *al, void *arg)
471 if (ext_type != CUSTOM_EXT_TYPE_1)
472 custom_ext_error = 1;
473 *out = (const unsigned char *)custom_ext_cli_string;
474 *outlen = strlen(custom_ext_cli_string);
475 return 1; /* Send "abc" */
478 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
479 const unsigned char *in,
480 size_t inlen, int *al, void *arg)
485 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
486 const unsigned char **out,
487 size_t *outlen, int *al, void *arg)
489 if (ext_type != CUSTOM_EXT_TYPE_2)
490 custom_ext_error = 1;
491 *out = (const unsigned char *)custom_ext_cli_string;
492 *outlen = strlen(custom_ext_cli_string);
493 return 1; /* Send "abc" */
496 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
497 const unsigned char *in,
498 size_t inlen, int *al, void *arg)
500 if (ext_type != CUSTOM_EXT_TYPE_2)
501 custom_ext_error = 1;
503 custom_ext_error = 1; /* Should be empty response */
507 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
508 const unsigned char **out,
509 size_t *outlen, int *al, void *arg)
511 if (ext_type != CUSTOM_EXT_TYPE_3)
512 custom_ext_error = 1;
513 *out = (const unsigned char *)custom_ext_cli_string;
514 *outlen = strlen(custom_ext_cli_string);
515 return 1; /* Send "abc" */
518 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
519 const unsigned char *in,
520 size_t inlen, int *al, void *arg)
522 if (ext_type != CUSTOM_EXT_TYPE_3)
523 custom_ext_error = 1;
524 if (inlen != strlen(custom_ext_srv_string))
525 custom_ext_error = 1;
526 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
527 custom_ext_error = 1; /* Check for "defg" */
532 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
535 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
536 const unsigned char *in,
537 size_t inlen, int *al, void *arg)
539 custom_ext_error = 1;
543 /* 'add' callbacks are only called if the 'parse' callback is called */
544 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
545 const unsigned char **out,
546 size_t *outlen, int *al, void *arg)
548 /* Error: should not have been called */
549 custom_ext_error = 1;
550 return 0; /* Don't send an extension */
553 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
554 const unsigned char *in,
555 size_t inlen, int *al, void *arg)
557 if (ext_type != CUSTOM_EXT_TYPE_1)
558 custom_ext_error = 1;
559 /* Check for "abc" */
560 if (inlen != strlen(custom_ext_cli_string))
561 custom_ext_error = 1;
562 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
563 custom_ext_error = 1;
567 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
568 const unsigned char **out,
569 size_t *outlen, int *al, void *arg)
571 return 0; /* Don't send an extension */
574 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
575 const unsigned char *in,
576 size_t inlen, int *al, void *arg)
578 if (ext_type != CUSTOM_EXT_TYPE_2)
579 custom_ext_error = 1;
580 /* Check for "abc" */
581 if (inlen != strlen(custom_ext_cli_string))
582 custom_ext_error = 1;
583 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
584 custom_ext_error = 1;
588 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
589 const unsigned char **out,
590 size_t *outlen, int *al, void *arg)
594 return 1; /* Send empty extension */
597 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
598 const unsigned char *in,
599 size_t inlen, int *al, void *arg)
601 if (ext_type != CUSTOM_EXT_TYPE_3)
602 custom_ext_error = 1;
603 /* Check for "abc" */
604 if (inlen != strlen(custom_ext_cli_string))
605 custom_ext_error = 1;
606 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
607 custom_ext_error = 1;
611 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
612 const unsigned char **out,
613 size_t *outlen, int *al, void *arg)
615 *out = (const unsigned char *)custom_ext_srv_string;
616 *outlen = strlen(custom_ext_srv_string);
617 return 1; /* Send "defg" */
620 static char *cipher = NULL;
621 static char *ciphersuites = NULL;
622 static int verbose = 0;
623 static int debug = 0;
625 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
626 long bytes, clock_t *s_time, clock_t *c_time);
627 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
629 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
631 static void sv_usage(void)
633 fprintf(stderr, "usage: ssltest [args ...]\n");
634 fprintf(stderr, "\n");
635 fprintf(stderr, " -server_auth - check server certificate\n");
636 fprintf(stderr, " -client_auth - do client authentication\n");
637 fprintf(stderr, " -v - more output\n");
638 fprintf(stderr, " -d - debug output\n");
639 fprintf(stderr, " -reuse - use session-id reuse\n");
640 fprintf(stderr, " -num <val> - number of connections to perform\n");
642 " -bytes <val> - number of bytes to swap between client/server\n");
643 #ifndef OPENSSL_NO_DH
645 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
647 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
649 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
650 fprintf(stderr, " -no_dhe - disable DHE\n");
652 #ifndef OPENSSL_NO_EC
653 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
655 #ifndef OPENSSL_NO_PSK
656 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
658 #ifndef OPENSSL_NO_SSL3
659 fprintf(stderr, " -ssl3 - use SSLv3\n");
661 #ifndef OPENSSL_NO_TLS1
662 fprintf(stderr, " -tls1 - use TLSv1\n");
664 #ifndef OPENSSL_NO_DTLS
665 fprintf(stderr, " -dtls - use DTLS\n");
666 #ifndef OPENSSL_NO_DTLS1
667 fprintf(stderr, " -dtls1 - use DTLSv1\n");
669 #ifndef OPENSSL_NO_DTLS1_2
670 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
673 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
674 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
675 fprintf(stderr, " -cert arg - Server certificate file\n");
677 " -key arg - Server key file (default: same as -cert)\n");
678 fprintf(stderr, " -c_cert arg - Client certificate file\n");
680 " -c_key arg - Client key file (default: same as -c_cert)\n");
681 fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
682 fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
683 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
684 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
685 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
686 fprintf(stderr, " -f - Test even cases that can't work\n");
688 " -time - measure processor time used by client and server\n");
689 fprintf(stderr, " -zlib - use zlib compression\n");
690 #ifndef OPENSSL_NO_NEXTPROTONEG
691 fprintf(stderr, " -npn_client - have client side offer NPN\n");
692 fprintf(stderr, " -npn_server - have server side offer NPN\n");
693 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
695 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
696 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
698 " -serverinfo_tack - have client offer and expect TACK\n");
700 " -custom_ext - try various custom extension callbacks\n");
701 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
702 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
703 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
704 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
706 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
707 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
708 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
709 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
710 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
711 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
712 #ifndef OPENSSL_NO_CT
713 fprintf(stderr, " -noct - no certificate transparency\n");
714 fprintf(stderr, " -requestct - request certificate transparency\n");
715 fprintf(stderr, " -requirect - require certificate transparency\n");
717 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
718 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
719 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
720 fprintf(stderr, " -sn_expect1 - expected server 1\n");
721 fprintf(stderr, " -sn_expect2 - expected server 2\n");
722 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
723 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
724 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
725 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
726 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
727 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
730 static void print_key_details(BIO *out, EVP_PKEY *key)
732 int keyid = EVP_PKEY_id(key);
733 #ifndef OPENSSL_NO_EC
734 if (keyid == EVP_PKEY_EC) {
735 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
738 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
740 cname = EC_curve_nid2nist(nid);
742 cname = OBJ_nid2sn(nid);
743 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
759 algname = OBJ_nid2sn(keyid);
762 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
766 static void print_details(SSL *c_ssl, const char *prefix)
768 const SSL_CIPHER *ciph;
773 ciph = SSL_get_current_cipher(c_ssl);
774 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
776 SSL_get_version(c_ssl),
777 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
778 cert = SSL_get_peer_certificate(c_ssl);
780 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
782 if (pubkey != NULL) {
783 BIO_puts(bio_stdout, ", ");
784 print_key_details(bio_stdout, pubkey);
788 if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
789 BIO_puts(bio_stdout, ", temp key: ");
790 print_key_details(bio_stdout, pkey);
793 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
794 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
795 BIO_printf(bio_stdout, "\n");
799 * protocol_from_string - converts a protocol version string to a number
801 * Returns -1 on failure or the version on success
803 static int protocol_from_string(const char *value)
805 struct protocol_versions {
809 static const struct protocol_versions versions[] = {
810 {"ssl3", SSL3_VERSION},
811 {"tls1", TLS1_VERSION},
812 {"tls1.1", TLS1_1_VERSION},
813 {"tls1.2", TLS1_2_VERSION},
814 {"tls1.3", TLS1_3_VERSION},
815 {"dtls1", DTLS1_VERSION},
816 {"dtls1.2", DTLS1_2_VERSION}};
818 size_t n = OSSL_NELEM(versions);
820 for (i = 0; i < n; i++)
821 if (strcmp(versions[i].name, value) == 0)
822 return versions[i].version;
826 static SSL_SESSION *read_session(const char *filename)
829 BIO *f = BIO_new_file(filename, "r");
832 BIO_printf(bio_err, "Can't open session file %s\n", filename);
833 ERR_print_errors(bio_err);
836 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
838 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
839 ERR_print_errors(bio_err);
845 static int write_session(const char *filename, SSL_SESSION *sess)
847 BIO *f = BIO_new_file(filename, "w");
850 BIO_printf(bio_err, "No session information\n");
854 BIO_printf(bio_err, "Can't open session file %s\n", filename);
855 ERR_print_errors(bio_err);
858 PEM_write_bio_SSL_SESSION(f, sess);
864 * set_protocol_version - Sets protocol version minimum or maximum
866 * Returns 0 on failure and 1 on success
868 static int set_protocol_version(const char *version, SSL *ssl, int setting)
870 if (version != NULL) {
871 int ver = protocol_from_string(version);
873 BIO_printf(bio_err, "Error parsing: %s\n", version);
876 return SSL_ctrl(ssl, setting, ver, NULL);
881 int main(int argc, char *argv[])
883 const char *CApath = NULL, *CAfile = NULL;
885 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
887 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
888 int ret = EXIT_FAILURE;
890 int server_auth = 0, i;
891 struct app_verify_arg app_verify_arg =
892 { APP_CALLBACK_STRING, 0 };
893 SSL_CTX *c_ctx = NULL;
894 const SSL_METHOD *meth = NULL;
896 int number = 1, reuse = 0;
897 int should_reuse = -1;
900 #ifndef OPENSSL_NO_DH
902 int dhe512 = 0, dhe1024dsa = 0;
907 clock_t s_time = 0, c_time = 0;
908 #ifndef OPENSSL_NO_COMP
910 COMP_METHOD *cm = NULL;
911 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
914 int min_version = 0, max_version = 0;
915 #ifndef OPENSSL_NO_CT
917 * Disable CT validation by default, because it will interfere with
918 * anything using custom extension handlers to deal with SCT extensions.
920 int ct_validation = 0;
922 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
923 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
924 char *arg = NULL, *argn = NULL;
929 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
930 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
932 s_cctx = SSL_CONF_CTX_new();
933 s_cctx2 = SSL_CONF_CTX_new();
934 c_cctx = SSL_CONF_CTX_new();
936 if (!s_cctx || !c_cctx || !s_cctx2) {
937 ERR_print_errors(bio_err);
941 SSL_CONF_CTX_set_flags(s_cctx,
942 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
943 SSL_CONF_FLAG_CERTIFICATE |
944 SSL_CONF_FLAG_REQUIRE_PRIVATE);
945 SSL_CONF_CTX_set_flags(s_cctx2,
946 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
947 SSL_CONF_FLAG_CERTIFICATE |
948 SSL_CONF_FLAG_REQUIRE_PRIVATE);
949 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
950 ERR_print_errors(bio_err);
953 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
954 ERR_print_errors(bio_err);
958 SSL_CONF_CTX_set_flags(c_cctx,
959 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
960 SSL_CONF_FLAG_CERTIFICATE |
961 SSL_CONF_FLAG_REQUIRE_PRIVATE);
962 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
963 ERR_print_errors(bio_err);
971 if (strcmp(*argv, "-F") == 0) {
973 "not compiled with FIPS support, so exiting without running.\n");
975 } else if (strcmp(*argv, "-server_auth") == 0)
977 else if (strcmp(*argv, "-client_auth") == 0)
979 else if (strcmp(*argv, "-v") == 0)
981 else if (strcmp(*argv, "-d") == 0)
983 else if (strcmp(*argv, "-reuse") == 0)
985 else if (strcmp(*argv, "-dhe512") == 0) {
986 #ifndef OPENSSL_NO_DH
990 "ignoring -dhe512, since I'm compiled without DH\n");
992 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
993 #ifndef OPENSSL_NO_DH
997 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
999 } else if (strcmp(*argv, "-no_dhe") == 0)
1001 else if (strcmp(*argv, "-no_ecdhe") == 0)
1003 else if (strcmp(*argv, "-psk") == 0) {
1006 psk_key = *(++argv);
1007 #ifndef OPENSSL_NO_PSK
1008 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1009 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1016 else if (strcmp(*argv, "-tls1_2") == 0) {
1018 } else if (strcmp(*argv, "-tls1") == 0) {
1020 } else if (strcmp(*argv, "-ssl3") == 0) {
1022 } else if (strcmp(*argv, "-dtls1") == 0) {
1024 } else if (strcmp(*argv, "-dtls12") == 0) {
1026 } else if (strcmp(*argv, "-dtls") == 0) {
1028 } else if (strncmp(*argv, "-num", 4) == 0) {
1031 number = atoi(*(++argv));
1034 } else if (strcmp(*argv, "-bytes") == 0) {
1037 bytes = atol(*(++argv));
1040 i = strlen(argv[0]);
1041 if (argv[0][i - 1] == 'k')
1043 if (argv[0][i - 1] == 'm')
1044 bytes *= 1024L * 1024L;
1045 } else if (strcmp(*argv, "-cipher") == 0) {
1049 } else if (strcmp(*argv, "-ciphersuites") == 0) {
1052 ciphersuites = *(++argv);
1053 } else if (strcmp(*argv, "-CApath") == 0) {
1057 } else if (strcmp(*argv, "-CAfile") == 0) {
1061 } else if (strcmp(*argv, "-bio_pair") == 0) {
1062 bio_type = BIO_PAIR;
1064 #ifndef OPENSSL_NO_SOCK
1065 else if (strcmp(*argv, "-ipv4") == 0) {
1066 bio_type = BIO_IPV4;
1067 } else if (strcmp(*argv, "-ipv6") == 0) {
1068 bio_type = BIO_IPV6;
1071 else if (strcmp(*argv, "-f") == 0) {
1073 } else if (strcmp(*argv, "-time") == 0) {
1076 #ifndef OPENSSL_NO_CT
1077 else if (strcmp(*argv, "-noct") == 0) {
1080 else if (strcmp(*argv, "-ct") == 0) {
1084 #ifndef OPENSSL_NO_COMP
1085 else if (strcmp(*argv, "-zlib") == 0) {
1089 else if (strcmp(*argv, "-app_verify") == 0) {
1090 app_verify_arg.app_verify = 1;
1092 #ifndef OPENSSL_NO_NEXTPROTONEG
1093 else if (strcmp(*argv, "-npn_client") == 0) {
1095 } else if (strcmp(*argv, "-npn_server") == 0) {
1097 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1098 npn_server_reject = 1;
1101 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1103 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1104 serverinfo_tack = 1;
1105 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1108 serverinfo_file = *(++argv);
1109 } else if (strcmp(*argv, "-custom_ext") == 0) {
1111 } else if (strcmp(*argv, "-alpn_client") == 0) {
1114 alpn_client = *(++argv);
1115 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1116 strcmp(*argv, "-alpn_server1") == 0) {
1119 alpn_server = *(++argv);
1120 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1123 alpn_server2 = *(++argv);
1124 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1127 alpn_expected = *(++argv);
1128 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1131 server_min_proto = *(++argv);
1132 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1135 server_max_proto = *(++argv);
1136 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1139 client_min_proto = *(++argv);
1140 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1143 client_max_proto = *(++argv);
1144 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1147 should_negotiate = *(++argv);
1148 } else if (strcmp(*argv, "-sn_client") == 0) {
1151 sn_client = *(++argv);
1152 } else if (strcmp(*argv, "-sn_server1") == 0) {
1155 sn_server1 = *(++argv);
1156 } else if (strcmp(*argv, "-sn_server2") == 0) {
1159 sn_server2 = *(++argv);
1160 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1162 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1164 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1167 server_sess_out = *(++argv);
1168 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1171 server_sess_in = *(++argv);
1172 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1175 client_sess_out = *(++argv);
1176 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1179 client_sess_in = *(++argv);
1180 } else if (strcmp(*argv, "-should_reuse") == 0) {
1183 should_reuse = !!atoi(*(++argv));
1184 } else if (strcmp(*argv, "-no_ticket") == 0) {
1190 /* Try to process command using SSL_CONF */
1191 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1192 /* If not processed try server */
1194 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1195 /* Recognised: store it for later use */
1200 conf_args = sk_OPENSSL_STRING_new_null();
1204 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1206 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1211 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1213 BIO_printf(bio_err, "Error with command %s\n", arg);
1215 BIO_printf(bio_err, "unknown option %s\n", arg);
1228 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1229 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1234 #ifdef OPENSSL_NO_SSL3
1239 #ifdef OPENSSL_NO_TLS1
1244 #ifdef OPENSSL_NO_TLS1_2
1249 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1254 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1262 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1263 * Ideally, we would error out, but the generic test wrapper can't know
1264 * when to expect failure. So we do nothing and return success.
1267 fprintf(stderr, "Testing was requested for a disabled protocol. "
1268 "Skipping tests.\n");
1273 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1274 && !reuse && !force) {
1275 fprintf(stderr, "This case cannot work. Use -f to perform "
1276 "the test anyway (and\n-d to see what happens), "
1277 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1278 "to avoid protocol mismatch.\n");
1283 if (bio_type != BIO_PAIR) {
1284 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1285 bio_type = BIO_PAIR;
1287 if (number < 50 && !force)
1289 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1292 #ifndef OPENSSL_NO_COMP
1293 if (comp == COMP_ZLIB)
1296 if (COMP_get_type(cm) != NID_undef) {
1297 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1298 fprintf(stderr, "Failed to add compression method\n");
1299 ERR_print_errors_fp(stderr);
1303 "Warning: %s compression not supported\n",
1304 comp == COMP_ZLIB ? "zlib" : "unknown");
1305 ERR_print_errors_fp(stderr);
1308 ssl_comp_methods = SSL_COMP_get_compression_methods();
1309 n = sk_SSL_COMP_num(ssl_comp_methods);
1312 printf("Available compression methods:");
1313 for (j = 0; j < n; j++) {
1314 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1315 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1321 #ifndef OPENSSL_NO_TLS
1322 meth = TLS_method();
1324 min_version = SSL3_VERSION;
1325 max_version = SSL3_VERSION;
1327 min_version = TLS1_VERSION;
1328 max_version = TLS1_VERSION;
1329 } else if (tls1_2) {
1330 min_version = TLS1_2_VERSION;
1331 max_version = TLS1_2_VERSION;
1337 #ifndef OPENSSL_NO_DTLS
1338 if (dtls || dtls1 || dtls12) {
1339 meth = DTLS_method();
1341 min_version = DTLS1_VERSION;
1342 max_version = DTLS1_VERSION;
1343 } else if (dtls12) {
1344 min_version = DTLS1_2_VERSION;
1345 max_version = DTLS1_2_VERSION;
1353 c_ctx = SSL_CTX_new(meth);
1354 s_ctx = SSL_CTX_new(meth);
1355 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1356 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1357 ERR_print_errors(bio_err);
1361 * Since we will use low security ciphersuites and keys for testing set
1362 * security level to zero by default. Tests can override this by adding
1363 * "@SECLEVEL=n" to the cipher string.
1365 SSL_CTX_set_security_level(c_ctx, 0);
1366 SSL_CTX_set_security_level(s_ctx, 0);
1367 SSL_CTX_set_security_level(s_ctx2, 0);
1370 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1371 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1374 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1376 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1378 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1380 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1383 if (cipher != NULL) {
1384 if (strcmp(cipher, "") == 0) {
1385 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
1386 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1389 ERR_print_errors(bio_err);
1393 /* Should have failed when clearing all TLSv1.2 ciphers. */
1394 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1398 if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1399 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1402 ERR_print_errors(bio_err);
1406 /* Should have failed when clearing all TLSv1.2 ciphers. */
1407 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1411 if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1412 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1415 ERR_print_errors(bio_err);
1419 /* Should have failed when clearing all TLSv1.2 ciphers. */
1420 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1424 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1425 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1426 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1427 ERR_print_errors(bio_err);
1432 if (ciphersuites != NULL) {
1433 if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
1434 || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
1435 || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
1436 ERR_print_errors(bio_err);
1441 #ifndef OPENSSL_NO_CT
1442 if (ct_validation &&
1443 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1444 ERR_print_errors(bio_err);
1449 /* Process SSL_CONF arguments */
1450 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1451 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1452 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1454 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1456 arg = sk_OPENSSL_STRING_value(conf_args, i);
1457 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1458 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1459 /* If not recognised use server context */
1461 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1463 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1466 BIO_printf(bio_err, "Error processing %s %s\n",
1467 arg, argn ? argn : "");
1468 ERR_print_errors(bio_err);
1473 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1474 BIO_puts(bio_err, "Error finishing context\n");
1475 ERR_print_errors(bio_err);
1478 #ifndef OPENSSL_NO_DH
1481 dh = get_dh1024dsa();
1486 SSL_CTX_set_tmp_dh(s_ctx, dh);
1487 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1494 if (!(SSL_CTX_load_verify_file(s_ctx, CAfile)
1495 || SSL_CTX_load_verify_dir(s_ctx, CApath))
1496 || !SSL_CTX_set_default_verify_paths(s_ctx)
1497 || !(SSL_CTX_load_verify_file(s_ctx2, CAfile)
1498 || SSL_CTX_load_verify_dir(s_ctx2, CApath))
1499 || !SSL_CTX_set_default_verify_paths(s_ctx2)
1500 || !(SSL_CTX_load_verify_file(c_ctx, CAfile)
1501 || SSL_CTX_load_verify_dir(c_ctx, CApath))
1502 || !SSL_CTX_set_default_verify_paths(c_ctx)) {
1503 ERR_print_errors(bio_err);
1506 #ifndef OPENSSL_NO_CT
1507 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1508 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1509 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1510 ERR_print_errors(bio_err);
1515 printf("client authentication\n");
1516 SSL_CTX_set_verify(s_ctx,
1517 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1519 SSL_CTX_set_verify(s_ctx2,
1520 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1522 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1524 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1528 printf("server authentication\n");
1529 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1530 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1535 int session_id_context = 0;
1536 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1537 sizeof(session_id_context)) ||
1538 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1539 sizeof(session_id_context))) {
1540 ERR_print_errors(bio_err);
1545 /* Use PSK only if PSK key is given */
1546 if (psk_key != NULL) {
1548 * no_psk is used to avoid putting psk command to openssl tool
1552 * if PSK is not compiled in and psk key is given, do nothing and
1558 #ifndef OPENSSL_NO_PSK
1559 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1560 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1561 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1563 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1564 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1565 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1566 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1567 ERR_print_errors(bio_err);
1573 #ifndef OPENSSL_NO_NEXTPROTONEG
1575 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1578 if (npn_server_reject) {
1580 "Can't have both -npn_server and -npn_server_reject\n");
1583 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1584 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1586 if (npn_server_reject) {
1587 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1588 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1592 if (serverinfo_sct) {
1593 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1594 TLSEXT_TYPE_signed_certificate_timestamp,
1596 serverinfo_cli_parse_cb, NULL)) {
1597 BIO_printf(bio_err, "Error adding SCT extension\n");
1601 if (serverinfo_tack) {
1602 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1604 serverinfo_cli_parse_cb, NULL)) {
1605 BIO_printf(bio_err, "Error adding TACK extension\n");
1609 if (serverinfo_file)
1610 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1611 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1612 BIO_printf(bio_err, "missing serverinfo file\n");
1617 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1618 custom_ext_0_cli_add_cb,
1620 custom_ext_0_cli_parse_cb, NULL)
1621 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1622 custom_ext_1_cli_add_cb,
1624 custom_ext_1_cli_parse_cb, NULL)
1625 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1626 custom_ext_2_cli_add_cb,
1628 custom_ext_2_cli_parse_cb, NULL)
1629 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1630 custom_ext_3_cli_add_cb,
1632 custom_ext_3_cli_parse_cb, NULL)
1633 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1634 custom_ext_0_srv_add_cb,
1636 custom_ext_0_srv_parse_cb, NULL)
1637 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1638 custom_ext_0_srv_add_cb,
1640 custom_ext_0_srv_parse_cb, NULL)
1641 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1642 custom_ext_1_srv_add_cb,
1644 custom_ext_1_srv_parse_cb, NULL)
1645 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1646 custom_ext_1_srv_add_cb,
1648 custom_ext_1_srv_parse_cb, NULL)
1649 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1650 custom_ext_2_srv_add_cb,
1652 custom_ext_2_srv_parse_cb, NULL)
1653 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1654 custom_ext_2_srv_add_cb,
1656 custom_ext_2_srv_parse_cb, NULL)
1657 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1658 custom_ext_3_srv_add_cb,
1660 custom_ext_3_srv_parse_cb, NULL)
1661 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1662 custom_ext_3_srv_add_cb,
1664 custom_ext_3_srv_parse_cb, NULL)) {
1665 BIO_printf(bio_err, "Error setting custom extensions\n");
1671 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1673 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1677 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1680 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1683 /* Returns 0 on success!! */
1684 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1685 BIO_printf(bio_err, "Error setting ALPN\n");
1692 if (server_sess_in != NULL) {
1693 server_sess = read_session(server_sess_in);
1694 if (server_sess == NULL)
1697 if (client_sess_in != NULL) {
1698 client_sess = read_session(client_sess_in);
1699 if (client_sess == NULL)
1703 if (server_sess_out != NULL || server_sess_in != NULL) {
1707 /* Use a fixed key so that we can decrypt the ticket. */
1708 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1709 keys = OPENSSL_zalloc(size);
1710 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1714 if (sn_server1 != NULL || sn_server2 != NULL)
1715 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1717 c_ssl = SSL_new(c_ctx);
1718 s_ssl = SSL_new(s_ctx);
1721 SSL_set_tlsext_host_name(c_ssl, sn_client);
1723 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1725 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1727 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1729 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1733 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1734 BIO_printf(bio_err, "Can't add server session\n");
1735 ERR_print_errors(bio_err);
1740 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1741 for (i = 0; i < number; i++) {
1743 if (!SSL_set_session(c_ssl, NULL)) {
1744 BIO_printf(bio_err, "Failed to set session\n");
1748 if (client_sess_in != NULL) {
1749 if (SSL_set_session(c_ssl, client_sess) == 0) {
1750 BIO_printf(bio_err, "Can't set client session\n");
1751 ERR_print_errors(bio_err);
1757 ret = doit(s_ssl, c_ssl, bytes);
1760 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1762 #ifndef OPENSSL_NO_SOCK
1764 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1765 bytes, &s_time, &c_time);
1768 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1769 bytes, &s_time, &c_time);
1778 if (ret != EXIT_SUCCESS) break;
1781 if (should_negotiate && ret == EXIT_SUCCESS &&
1782 strcmp(should_negotiate, "fail-server") != 0 &&
1783 strcmp(should_negotiate, "fail-client") != 0) {
1784 int version = protocol_from_string(should_negotiate);
1786 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1790 if (SSL_version(c_ssl) != version) {
1791 BIO_printf(bio_err, "Unexpected version negotiated. "
1792 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1798 if (should_reuse != -1) {
1799 if (SSL_session_reused(s_ssl) != should_reuse ||
1800 SSL_session_reused(c_ssl) != should_reuse) {
1801 BIO_printf(bio_err, "Unexpected session reuse state. "
1802 "Expected: %d, server: %d, client: %d\n", should_reuse,
1803 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1809 if (server_sess_out != NULL) {
1810 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1815 if (client_sess_out != NULL) {
1816 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1823 print_details(c_ssl, "");
1826 #ifdef CLOCKS_PER_SEC
1828 * "To determine the time in seconds, the value returned by the clock
1829 * function should be divided by the value of the macro
1830 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1832 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1833 "Approximate total client time: %6.2f s\n",
1834 (double)s_time / CLOCKS_PER_SEC,
1835 (double)c_time / CLOCKS_PER_SEC);
1837 BIO_printf(bio_stdout,
1838 "Approximate total server time: %6.2f units\n"
1839 "Approximate total client time: %6.2f units\n",
1840 (double)s_time, (double)c_time);
1849 SSL_CTX_free(s_ctx);
1850 SSL_CTX_free(s_ctx2);
1851 SSL_CTX_free(c_ctx);
1852 SSL_CONF_CTX_free(s_cctx);
1853 SSL_CONF_CTX_free(s_cctx2);
1854 SSL_CONF_CTX_free(c_cctx);
1855 sk_OPENSSL_STRING_free(conf_args);
1857 BIO_free(bio_stdout);
1859 SSL_SESSION_free(server_sess);
1860 SSL_SESSION_free(client_sess);
1866 #ifndef OPENSSL_NO_SOCK
1867 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1868 clock_t *s_time, clock_t *c_time)
1870 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1871 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1872 BIO *acpt = NULL, *server = NULL, *client = NULL;
1874 int ret = EXIT_FAILURE;
1875 int err_in_client = 0;
1876 int err_in_server = 0;
1878 acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
1882 BIO_set_accept_ip_family(acpt, family);
1883 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1884 if (BIO_do_accept(acpt) <= 0)
1887 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1889 client = BIO_new_connect(addr_str);
1890 BIO_set_conn_ip_family(client, family);
1894 if (BIO_set_nbio(client, 1) <= 0)
1896 if (BIO_set_nbio(acpt, 1) <= 0)
1900 int st_connect = 0, st_accept = 0;
1902 while(!st_connect || !st_accept) {
1904 if (BIO_do_connect(client) <= 0) {
1905 if (!BIO_should_retry(client))
1912 if (BIO_do_accept(acpt) <= 0) {
1913 if (!BIO_should_retry(acpt))
1921 /* We're not interested in accepting further connects */
1922 server = BIO_pop(acpt);
1926 s_ssl_bio = BIO_new(BIO_f_ssl());
1930 c_ssl_bio = BIO_new(BIO_f_ssl());
1934 SSL_set_connect_state(c_ssl);
1935 SSL_set_bio(c_ssl, client, client);
1936 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1938 SSL_set_accept_state(s_ssl);
1939 SSL_set_bio(s_ssl, server, server);
1940 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1944 * c_ssl_bio: SSL filter BIO
1946 * client: I/O for SSL library
1949 * server: I/O for SSL library
1951 * s_ssl_bio: SSL filter BIO
1955 * We have non-blocking behaviour throughout this test program, but
1956 * can be sure that there is *some* progress in each iteration; so we
1957 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1958 * we just try everything in each iteration
1964 char cbuf[1024 * 8];
1966 clock_t c_clock = clock();
1968 memset(cbuf, 0, sizeof(cbuf));
1971 if (SSL_in_init(c_ssl))
1972 printf("client waiting in SSL_connect - %s\n",
1973 SSL_state_string_long(c_ssl));
1976 /* Write to server. */
1978 if (cw_num > (long)sizeof(cbuf))
1982 r = BIO_write(c_ssl_bio, cbuf, i);
1984 if (!BIO_should_retry(c_ssl_bio)) {
1985 fprintf(stderr, "ERROR in CLIENT\n");
1990 * BIO_should_retry(...) can just be ignored here. The
1991 * library expects us to call BIO_write with the same
1992 * arguments again, and that's what we will do in the
1995 } else if (r == 0) {
1996 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2000 printf("client wrote %d\n", r);
2006 /* Read from server. */
2008 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2010 if (!BIO_should_retry(c_ssl_bio)) {
2011 fprintf(stderr, "ERROR in CLIENT\n");
2016 * Again, "BIO_should_retry" can be ignored.
2018 } else if (r == 0) {
2019 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2023 printf("client read %d\n", r);
2029 * c_time and s_time increments will typically be very small
2030 * (depending on machine speed and clock tick intervals), but
2031 * sampling over a large number of connections should result in
2032 * fairly accurate figures. We cannot guarantee a lot, however
2033 * -- if each connection lasts for exactly one clock tick, it
2034 * will be counted only for the client or only for the server or
2037 *c_time += (clock() - c_clock);
2043 char sbuf[1024 * 8];
2045 clock_t s_clock = clock();
2047 memset(sbuf, 0, sizeof(sbuf));
2050 if (SSL_in_init(s_ssl))
2051 printf("server waiting in SSL_accept - %s\n",
2052 SSL_state_string_long(s_ssl));
2055 /* Write to client. */
2057 if (sw_num > (long)sizeof(sbuf))
2061 r = BIO_write(s_ssl_bio, sbuf, i);
2063 if (!BIO_should_retry(s_ssl_bio)) {
2064 fprintf(stderr, "ERROR in SERVER\n");
2068 /* Ignore "BIO_should_retry". */
2069 } else if (r == 0) {
2070 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2074 printf("server wrote %d\n", r);
2080 /* Read from client. */
2082 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2084 if (!BIO_should_retry(s_ssl_bio)) {
2085 fprintf(stderr, "ERROR in SERVER\n");
2090 } else if (r == 0) {
2091 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2095 printf("server read %d\n", r);
2100 *s_time += (clock() - s_clock);
2103 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2106 print_details(c_ssl, "DONE via TCP connect: ");
2107 # ifndef OPENSSL_NO_NEXTPROTONEG
2108 if (verify_npn(c_ssl, s_ssl) < 0)
2111 if (verify_serverinfo() < 0) {
2112 fprintf(stderr, "Server info verify error\n");
2115 if (verify_alpn(c_ssl, s_ssl) < 0
2116 || verify_servername(c_ssl, s_ssl) < 0)
2119 if (custom_ext_error) {
2120 fprintf(stderr, "Custom extension error\n");
2124 # ifndef OPENSSL_NO_NEXTPROTONEG
2130 ERR_print_errors(bio_err);
2135 BIO_free(s_ssl_bio);
2136 BIO_free(c_ssl_bio);
2138 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2139 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2140 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2141 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2147 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2148 clock_t *s_time, clock_t *c_time)
2150 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2151 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2152 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2153 int ret = EXIT_FAILURE;
2154 int err_in_client = 0;
2155 int err_in_server = 0;
2157 size_t bufsiz = 256; /* small buffer for testing */
2159 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2161 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2164 s_ssl_bio = BIO_new(BIO_f_ssl());
2168 c_ssl_bio = BIO_new(BIO_f_ssl());
2172 SSL_set_connect_state(c_ssl);
2173 SSL_set_bio(c_ssl, client, client);
2174 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2176 SSL_set_accept_state(s_ssl);
2177 SSL_set_bio(s_ssl, server, server);
2178 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2182 * c_ssl_bio: SSL filter BIO
2184 * client: pseudo-I/O for SSL library
2186 * client_io: client's SSL communication; usually to be
2187 * relayed over some I/O facility, but in this
2188 * test program, we're the server, too:
2190 * server_io: server's SSL communication
2192 * server: pseudo-I/O for SSL library
2194 * s_ssl_bio: SSL filter BIO
2196 * The client and the server each employ a "BIO pair":
2197 * client + client_io, server + server_io.
2198 * BIO pairs are symmetric. A BIO pair behaves similar
2199 * to a non-blocking socketpair (but both endpoints must
2200 * be handled by the same thread).
2201 * [Here we could connect client and server to the ends
2202 * of a single BIO pair, but then this code would be less
2203 * suitable as an example for BIO pairs in general.]
2205 * Useful functions for querying the state of BIO pair endpoints:
2207 * BIO_ctrl_pending(bio) number of bytes we can read now
2208 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
2209 * other side's read attempt
2210 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2212 * ..._read_request is never more than ..._write_guarantee;
2213 * it depends on the application which one you should use.
2217 * We have non-blocking behaviour throughout this test program, but
2218 * can be sure that there is *some* progress in each iteration; so we
2219 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2220 * we just try everything in each iteration
2226 char cbuf[1024 * 8];
2228 clock_t c_clock = clock();
2230 memset(cbuf, 0, sizeof(cbuf));
2233 if (SSL_in_init(c_ssl))
2234 printf("client waiting in SSL_connect - %s\n",
2235 SSL_state_string_long(c_ssl));
2238 /* Write to server. */
2240 if (cw_num > (long)sizeof(cbuf))
2244 r = BIO_write(c_ssl_bio, cbuf, i);
2246 if (!BIO_should_retry(c_ssl_bio)) {
2247 fprintf(stderr, "ERROR in CLIENT\n");
2252 * BIO_should_retry(...) can just be ignored here. The
2253 * library expects us to call BIO_write with the same
2254 * arguments again, and that's what we will do in the
2257 } else if (r == 0) {
2258 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2262 printf("client wrote %d\n", r);
2268 /* Read from server. */
2270 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2272 if (!BIO_should_retry(c_ssl_bio)) {
2273 fprintf(stderr, "ERROR in CLIENT\n");
2278 * Again, "BIO_should_retry" can be ignored.
2280 } else if (r == 0) {
2281 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2285 printf("client read %d\n", r);
2291 * c_time and s_time increments will typically be very small
2292 * (depending on machine speed and clock tick intervals), but
2293 * sampling over a large number of connections should result in
2294 * fairly accurate figures. We cannot guarantee a lot, however
2295 * -- if each connection lasts for exactly one clock tick, it
2296 * will be counted only for the client or only for the server or
2299 *c_time += (clock() - c_clock);
2305 char sbuf[1024 * 8];
2307 clock_t s_clock = clock();
2309 memset(sbuf, 0, sizeof(sbuf));
2312 if (SSL_in_init(s_ssl))
2313 printf("server waiting in SSL_accept - %s\n",
2314 SSL_state_string_long(s_ssl));
2317 /* Write to client. */
2319 if (sw_num > (long)sizeof(sbuf))
2323 r = BIO_write(s_ssl_bio, sbuf, i);
2325 if (!BIO_should_retry(s_ssl_bio)) {
2326 fprintf(stderr, "ERROR in SERVER\n");
2330 /* Ignore "BIO_should_retry". */
2331 } else if (r == 0) {
2332 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2336 printf("server wrote %d\n", r);
2342 /* Read from client. */
2344 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2346 if (!BIO_should_retry(s_ssl_bio)) {
2347 fprintf(stderr, "ERROR in SERVER\n");
2352 } else if (r == 0) {
2353 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2357 printf("server read %d\n", r);
2362 *s_time += (clock() - s_clock);
2366 /* "I/O" BETWEEN CLIENT AND SERVER. */
2369 BIO *io1 = server_io, *io2 = client_io;
2371 * we use the non-copying interface for io1 and the standard
2372 * BIO_write/BIO_read interface for io2
2375 static int prev_progress = 1;
2383 r1 = BIO_ctrl_pending(io1);
2384 r2 = BIO_ctrl_get_write_guarantee(io2);
2392 if (INT_MAX < num) /* yeah, right */
2395 r = BIO_nread(io1, &dataptr, (int)num);
2397 assert(r <= (int)num);
2399 * possibly r < num (non-contiguous data)
2402 r = BIO_write(io2, dataptr, (int)num);
2403 if (r != (int)num) { /* can't happen */
2404 fprintf(stderr, "ERROR: BIO_write could not write "
2405 "BIO_ctrl_get_write_guarantee() bytes");
2411 printf((io1 == client_io) ?
2412 "C->S relaying: %d bytes\n" :
2413 "S->C relaying: %d bytes\n", (int)num);
2423 r1 = BIO_ctrl_pending(io2);
2424 r2 = BIO_ctrl_get_read_request(io1);
2426 * here we could use ..._get_write_guarantee instead of
2427 * ..._get_read_request, but by using the latter we test
2428 * restartability of the SSL implementation more thoroughly
2440 --num; /* test restartability even more thoroughly */
2442 r = BIO_nwrite0(io1, &dataptr);
2446 r = BIO_read(io2, dataptr, (int)num);
2447 if (r != (int)num) { /* can't happen */
2448 fprintf(stderr, "ERROR: BIO_read could not read "
2449 "BIO_ctrl_pending() bytes");
2453 r = BIO_nwrite(io1, &dataptr, (int)num);
2454 if (r != (int)num) { /* can't happen */
2455 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2456 "BIO_nwrite0() bytes");
2461 printf((io2 == client_io) ?
2462 "C->S relaying: %d bytes\n" :
2463 "S->C relaying: %d bytes\n", (int)num);
2465 } /* no loop, BIO_ctrl_get_read_request now
2466 * returns 0 anyway */
2468 if (!progress && !prev_progress)
2469 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2470 fprintf(stderr, "ERROR: got stuck\n");
2471 fprintf(stderr, " ERROR.\n");
2474 prev_progress = progress;
2477 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2480 print_details(c_ssl, "DONE via BIO pair: ");
2481 #ifndef OPENSSL_NO_NEXTPROTONEG
2482 if (verify_npn(c_ssl, s_ssl) < 0)
2485 if (verify_serverinfo() < 0) {
2486 fprintf(stderr, "Server info verify error\n");
2489 if (verify_alpn(c_ssl, s_ssl) < 0
2490 || verify_servername(c_ssl, s_ssl) < 0)
2493 if (custom_ext_error) {
2494 fprintf(stderr, "Custom extension error\n");
2498 #ifndef OPENSSL_NO_NEXTPROTONEG
2504 ERR_print_errors(bio_err);
2507 BIO_free(server_io);
2509 BIO_free(client_io);
2510 BIO_free(s_ssl_bio);
2511 BIO_free(c_ssl_bio);
2513 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2514 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2515 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2516 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2526 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2528 char *cbuf = NULL, *sbuf = NULL;
2530 long cw_num = count, cr_num = count;
2531 long sw_num = count, sr_num = count;
2532 int ret = EXIT_FAILURE;
2537 int c_r, c_w, s_r, s_w;
2540 int c_write, s_write;
2541 int do_server = 0, do_client = 0;
2542 int max_frag = 5 * 1024;
2543 int err_in_client = 0;
2544 int err_in_server = 0;
2546 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2548 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2550 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2553 c_to_s = BIO_new(BIO_s_mem());
2554 s_to_c = BIO_new(BIO_s_mem());
2555 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2556 ERR_print_errors(bio_err);
2560 c_bio = BIO_new(BIO_f_ssl());
2561 s_bio = BIO_new(BIO_f_ssl());
2562 if ((c_bio == NULL) || (s_bio == NULL)) {
2563 ERR_print_errors(bio_err);
2567 SSL_set_connect_state(c_ssl);
2568 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2569 SSL_set_max_send_fragment(c_ssl, max_frag);
2570 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2573 * We've just given our ref to these BIOs to c_ssl. We need another one to
2576 if (!BIO_up_ref(c_to_s)) {
2577 /* c_to_s and s_to_c will get freed when we free c_ssl */
2582 if (!BIO_up_ref(s_to_c)) {
2583 /* s_to_c will get freed when we free c_ssl */
2588 SSL_set_accept_state(s_ssl);
2589 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2591 /* We've used up all our refs to these now */
2595 SSL_set_max_send_fragment(s_ssl, max_frag);
2596 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2602 c_write = 1, s_write = 0;
2604 /* We can always do writes */
2609 i = (int)BIO_pending(s_bio);
2610 if ((i && s_r) || s_w)
2613 i = (int)BIO_pending(c_bio);
2614 if ((i && c_r) || c_w)
2617 if (do_server && debug) {
2618 if (SSL_in_init(s_ssl))
2619 printf("server waiting in SSL_accept - %s\n",
2620 SSL_state_string_long(s_ssl));
2623 if (do_client && debug) {
2624 if (SSL_in_init(c_ssl))
2625 printf("client waiting in SSL_connect - %s\n",
2626 SSL_state_string_long(c_ssl));
2629 if (!do_client && !do_server) {
2630 fprintf(stdout, "ERROR IN STARTUP\n");
2631 ERR_print_errors(bio_err);
2634 if (do_client && !(done & C_DONE)) {
2636 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2637 i = BIO_write(c_bio, cbuf, j);
2641 if (BIO_should_retry(c_bio)) {
2642 if (BIO_should_read(c_bio))
2644 if (BIO_should_write(c_bio))
2647 fprintf(stderr, "ERROR in CLIENT\n");
2649 ERR_print_errors(bio_err);
2652 } else if (i == 0) {
2653 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2657 printf("client wrote %d\n", i);
2662 if (max_frag > 1029)
2663 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2666 i = BIO_read(c_bio, cbuf, bufsiz);
2670 if (BIO_should_retry(c_bio)) {
2671 if (BIO_should_read(c_bio))
2673 if (BIO_should_write(c_bio))
2676 fprintf(stderr, "ERROR in CLIENT\n");
2678 ERR_print_errors(bio_err);
2681 } else if (i == 0) {
2682 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2686 printf("client read %d\n", i);
2695 done = S_DONE | C_DONE;
2701 if (do_server && !(done & S_DONE)) {
2703 i = BIO_read(s_bio, sbuf, bufsiz);
2707 if (BIO_should_retry(s_bio)) {
2708 if (BIO_should_read(s_bio))
2710 if (BIO_should_write(s_bio))
2713 fprintf(stderr, "ERROR in SERVER\n");
2715 ERR_print_errors(bio_err);
2718 } else if (i == 0) {
2719 ERR_print_errors(bio_err);
2721 "SSL SERVER STARTUP FAILED in SSL_read\n");
2725 printf("server read %d\n", i);
2738 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2739 i = BIO_write(s_bio, sbuf, j);
2743 if (BIO_should_retry(s_bio)) {
2744 if (BIO_should_read(s_bio))
2746 if (BIO_should_write(s_bio))
2749 fprintf(stderr, "ERROR in SERVER\n");
2751 ERR_print_errors(bio_err);
2754 } else if (i == 0) {
2755 ERR_print_errors(bio_err);
2757 "SSL SERVER STARTUP FAILED in SSL_write\n");
2761 printf("server wrote %d\n", i);
2767 if (max_frag > 1029)
2768 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2773 if ((done & S_DONE) && (done & C_DONE))
2778 print_details(c_ssl, "DONE: ");
2779 #ifndef OPENSSL_NO_NEXTPROTONEG
2780 if (verify_npn(c_ssl, s_ssl) < 0)
2783 if (verify_serverinfo() < 0) {
2784 fprintf(stderr, "Server info verify error\n");
2787 if (custom_ext_error) {
2788 fprintf(stderr, "Custom extension error\n");
2795 BIO_free_all(c_bio);
2796 BIO_free_all(s_bio);
2800 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2801 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2802 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2803 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2808 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2812 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2816 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2818 fprintf(stderr, "depth=%d error=%d %s\n",
2819 X509_STORE_CTX_get_error_depth(ctx),
2820 X509_STORE_CTX_get_error(ctx), buf);
2825 int i = X509_STORE_CTX_get_error(ctx);
2829 fprintf(stderr, "Error string: %s\n",
2830 X509_verify_cert_error_string(i));
2832 case X509_V_ERR_CERT_NOT_YET_VALID:
2833 case X509_V_ERR_CERT_HAS_EXPIRED:
2834 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2843 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2846 struct app_verify_arg *cb_arg = arg;
2848 if (cb_arg->app_verify) {
2849 char *s = NULL, buf[256];
2850 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2852 printf("In app_verify_callback, allowing cert. ");
2853 printf("Arg is: %s\n", cb_arg->string);
2854 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2855 (void *)ctx, (void *)c);
2857 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2859 printf("cert depth=%d %s\n",
2860 X509_STORE_CTX_get_error_depth(ctx), buf);
2865 ok = X509_verify_cert(ctx);
2870 #ifndef OPENSSL_NO_DH
2872 * These DH parameters have been generated as follows:
2873 * $ openssl dhparam -C -noout 512
2874 * $ openssl dhparam -C -noout 1024
2875 * $ openssl dhparam -C -noout -dsaparam 1024
2876 * (The third function has been renamed to avoid name conflicts.)
2878 static DH *get_dh512(void)
2880 static unsigned char dh512_p[] = {
2881 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2883 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2885 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2887 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2889 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2891 0x02, 0xC5, 0xAE, 0x23,
2893 static unsigned char dh512_g[] = {
2899 if ((dh = DH_new()) == NULL)
2901 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2902 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2903 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2912 static DH *get_dh1024(void)
2914 static unsigned char dh1024_p[] = {
2915 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2917 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2919 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2921 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2923 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2925 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2927 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2929 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2931 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2933 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2935 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2937 static unsigned char dh1024_g[] = {
2943 if ((dh = DH_new()) == NULL)
2945 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2946 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2947 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2956 static DH *get_dh1024dsa(void)
2958 static unsigned char dh1024_p[] = {
2959 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2961 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2963 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2965 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2967 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2969 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2971 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2973 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2975 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2977 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2979 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2981 static unsigned char dh1024_g[] = {
2982 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2984 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2986 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2988 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2990 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2992 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2994 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2996 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2998 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3000 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3002 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3007 if ((dh = DH_new()) == NULL)
3009 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3010 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3011 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3017 DH_set_length(dh, 160);
3022 #ifndef OPENSSL_NO_PSK
3023 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3024 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3025 unsigned int max_psk_len)
3030 ret = BN_hex2bn(&bn, pskkey);
3032 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3037 if (BN_num_bytes(bn) > (int)max_psk_len) {
3039 "psk buffer of callback is too small (%d) for key (%d)\n",
3040 max_psk_len, BN_num_bytes(bn));
3044 ret = BN_bn2bin(bn, psk);
3049 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3051 unsigned int max_identity_len,
3053 unsigned int max_psk_len)
3056 unsigned int psk_len = 0;
3058 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3062 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3064 ret = psk_key2bn(psk_key, psk, max_psk_len);
3072 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3074 unsigned int max_psk_len)
3076 unsigned int psk_len = 0;
3078 if (strcmp(identity, "Client_identity") != 0) {
3079 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3082 psk_len = psk_key2bn(psk_key, psk, max_psk_len);