2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 * DH low level APIs are deprecated for public use, but still ok for
16 #include "internal/deprecated.h"
20 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
22 # define _BSD_SOURCE 1
24 #ifndef _DEFAULT_SOURCE
25 # define _DEFAULT_SOURCE 1
36 #include "internal/nelem.h"
38 #ifdef OPENSSL_SYS_VMS
40 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
42 # define _XOPEN_SOURCE 500
47 #include <openssl/bio.h>
48 #include <openssl/crypto.h>
49 #include <openssl/evp.h>
50 #include <openssl/x509.h>
51 #include <openssl/x509v3.h>
52 #include <openssl/ssl.h>
53 #include <openssl/err.h>
54 #include <openssl/rand.h>
55 #ifndef OPENSSL_NO_RSA
56 # include <openssl/rsa.h>
58 #ifndef OPENSSL_NO_DSA
59 # include <openssl/dsa.h>
62 # include <openssl/dh.h>
64 #include <openssl/bn.h>
66 # include <openssl/ct.h>
68 #include <openssl/provider.h>
71 * Or gethostname won't be declared properly
72 * on Compaq platforms (at least with DEC C).
73 * Do not try to put it earlier, or IPv6 includes
76 #define _XOPEN_SOURCE_EXTENDED 1
78 #ifdef OPENSSL_SYS_WINDOWS
84 DEFINE_STACK_OF(SSL_COMP)
85 DEFINE_STACK_OF_STRING()
87 static SSL_CTX *s_ctx = NULL;
88 static SSL_CTX *s_ctx2 = NULL;
91 * There is really no standard for this, so let's assign something
96 static int verify_callback(int ok, X509_STORE_CTX *ctx);
97 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
98 #define APP_CALLBACK_STRING "Test Callback Argument"
99 struct app_verify_arg {
104 #ifndef OPENSSL_NO_DH
105 static DH *get_dh512(void);
106 static DH *get_dh1024(void);
107 static DH *get_dh1024dsa(void);
110 static char *psk_key = NULL; /* by default PSK is not used */
111 #ifndef OPENSSL_NO_PSK
112 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
114 unsigned int max_identity_len,
116 unsigned int max_psk_len);
117 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
119 unsigned int max_psk_len);
122 static BIO *bio_err = NULL;
123 static BIO *bio_stdout = NULL;
125 #ifndef OPENSSL_NO_NEXTPROTONEG
126 /* Note that this code assumes that this is only a one element list: */
127 static const char NEXT_PROTO_STRING[] = "\x09testproto";
128 static int npn_client = 0;
129 static int npn_server = 0;
130 static int npn_server_reject = 0;
132 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
133 const unsigned char *in, unsigned int inlen,
137 * This callback only returns the protocol string, rather than a length
138 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
139 * and remove the first byte to chop off the length prefix.
141 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
142 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
143 return SSL_TLSEXT_ERR_OK;
146 static int cb_server_npn(SSL *s, const unsigned char **data,
147 unsigned int *len, void *arg)
149 *data = (const unsigned char *)NEXT_PROTO_STRING;
150 *len = sizeof(NEXT_PROTO_STRING) - 1;
151 return SSL_TLSEXT_ERR_OK;
154 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
155 unsigned int *len, void *arg)
157 return SSL_TLSEXT_ERR_NOACK;
160 static int verify_npn(SSL *client, SSL *server)
162 const unsigned char *client_s;
164 const unsigned char *server_s;
167 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
168 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
171 BIO_printf(bio_stdout, "Client NPN: ");
172 BIO_write(bio_stdout, client_s, client_len);
173 BIO_printf(bio_stdout, "\n");
177 BIO_printf(bio_stdout, "Server NPN: ");
178 BIO_write(bio_stdout, server_s, server_len);
179 BIO_printf(bio_stdout, "\n");
183 * If an NPN string was returned, it must be the protocol that we
184 * expected to negotiate.
186 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
187 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
189 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
190 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
193 if (!npn_client && client_len)
195 if (!npn_server && server_len)
197 if (npn_server_reject && server_len)
199 if (npn_client && npn_server && (!client_len || !server_len))
206 static const char *alpn_client;
207 static char *alpn_server;
208 static char *alpn_server2;
209 static const char *alpn_expected;
210 static unsigned char *alpn_selected;
211 static const char *server_min_proto;
212 static const char *server_max_proto;
213 static const char *client_min_proto;
214 static const char *client_max_proto;
215 static const char *should_negotiate;
216 static const char *sn_client;
217 static const char *sn_server1;
218 static const char *sn_server2;
219 static int sn_expect = 0;
220 static const char *server_sess_out;
221 static const char *server_sess_in;
222 static const char *client_sess_out;
223 static const char *client_sess_in;
224 static SSL_SESSION *server_sess;
225 static SSL_SESSION *client_sess;
227 static int servername_cb(SSL *s, int *ad, void *arg)
229 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
230 if (sn_server2 == NULL) {
231 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
232 return SSL_TLSEXT_ERR_NOACK;
236 if (s_ctx2 != NULL && sn_server2 != NULL &&
237 !strcasecmp(servername, sn_server2)) {
238 BIO_printf(bio_stdout, "Switching server context.\n");
239 SSL_set_SSL_CTX(s, s_ctx2);
242 return SSL_TLSEXT_ERR_OK;
244 static int verify_servername(SSL *client, SSL *server)
246 /* just need to see if sn_context is what we expect */
247 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
250 if (sn_expect == 1 && ctx == s_ctx)
252 if (sn_expect == 2 && ctx == s_ctx2)
254 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
256 BIO_printf(bio_stdout, "Servername: context is 2\n");
257 else if (ctx == s_ctx)
258 BIO_printf(bio_stdout, "Servername: context is 1\n");
260 BIO_printf(bio_stdout, "Servername: context is unknown\n");
266 * next_protos_parse parses a comma separated list of strings into a string
267 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
268 * outlen: (output) set to the length of the resulting buffer on success.
269 * in: a NUL terminated string like "abc,def,ghi"
271 * returns: a malloced buffer or NULL on failure.
273 static unsigned char *next_protos_parse(size_t *outlen,
284 out = OPENSSL_malloc(strlen(in) + 1);
288 for (i = 0; i <= len; ++i) {
289 if (i == len || in[i] == ',') {
290 if (i - start > 255) {
294 out[start] = (unsigned char)(i - start);
304 static int cb_server_alpn(SSL *s, const unsigned char **out,
305 unsigned char *outlen, const unsigned char *in,
306 unsigned int inlen, void *arg)
308 unsigned char *protos;
310 char* alpn_str = arg;
312 protos = next_protos_parse(&protos_len, alpn_str);
313 if (protos == NULL) {
314 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
319 if (SSL_select_next_proto
320 ((unsigned char **)out, outlen, protos, protos_len, in,
321 inlen) != OPENSSL_NPN_NEGOTIATED) {
322 OPENSSL_free(protos);
323 return SSL_TLSEXT_ERR_NOACK;
327 * Make a copy of the selected protocol which will be freed in
330 alpn_selected = OPENSSL_malloc(*outlen);
331 memcpy(alpn_selected, *out, *outlen);
332 *out = alpn_selected;
334 OPENSSL_free(protos);
335 return SSL_TLSEXT_ERR_OK;
338 static int verify_alpn(SSL *client, SSL *server)
340 const unsigned char *client_proto, *server_proto;
341 unsigned int client_proto_len = 0, server_proto_len = 0;
342 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
343 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
345 OPENSSL_free(alpn_selected);
346 alpn_selected = NULL;
348 if (client_proto_len != server_proto_len) {
349 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
353 if (client_proto != NULL &&
354 memcmp(client_proto, server_proto, client_proto_len) != 0) {
355 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
359 if (client_proto_len > 0 && alpn_expected == NULL) {
360 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
364 if (alpn_expected != NULL &&
365 (client_proto_len != strlen(alpn_expected) ||
366 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
367 BIO_printf(bio_stdout,
368 "ALPN selected protocols not equal to expected protocol: %s\n",
376 BIO_printf(bio_stdout, "ALPN results: client: '");
377 BIO_write(bio_stdout, client_proto, client_proto_len);
378 BIO_printf(bio_stdout, "', server: '");
379 BIO_write(bio_stdout, server_proto, server_proto_len);
380 BIO_printf(bio_stdout, "'\n");
381 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
383 if (SSL_get_SSL_CTX(server) == s_ctx2) {
384 BIO_printf(bio_stdout, "%s'\n",
387 BIO_printf(bio_stdout, "%s'\n",
394 * WARNING : below extension types are *NOT* IETF assigned, and could
395 * conflict if these types are reassigned and handled specially by OpenSSL
398 #define TACK_EXT_TYPE 62208
399 #define CUSTOM_EXT_TYPE_0 1000
400 #define CUSTOM_EXT_TYPE_1 1001
401 #define CUSTOM_EXT_TYPE_2 1002
402 #define CUSTOM_EXT_TYPE_3 1003
404 static const char custom_ext_cli_string[] = "abc";
405 static const char custom_ext_srv_string[] = "defg";
407 /* These set from cmdline */
408 static char *serverinfo_file = NULL;
409 static int serverinfo_sct = 0;
410 static int serverinfo_tack = 0;
412 /* These set based on extension callbacks */
413 static int serverinfo_sct_seen = 0;
414 static int serverinfo_tack_seen = 0;
415 static int serverinfo_other_seen = 0;
417 /* This set from cmdline */
418 static int custom_ext = 0;
420 /* This set based on extension callbacks */
421 static int custom_ext_error = 0;
423 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
424 const unsigned char *in, size_t inlen,
427 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
428 serverinfo_sct_seen++;
429 else if (ext_type == TACK_EXT_TYPE)
430 serverinfo_tack_seen++;
432 serverinfo_other_seen++;
436 static int verify_serverinfo(void)
438 if (serverinfo_sct != serverinfo_sct_seen)
440 if (serverinfo_tack != serverinfo_tack_seen)
442 if (serverinfo_other_seen)
448 * Four test cases for custom extensions:
449 * 0 - no ClientHello extension or ServerHello response
450 * 1 - ClientHello with "abc", no response
451 * 2 - ClientHello with "abc", empty response
452 * 3 - ClientHello with "abc", "defg" response
455 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
456 const unsigned char **out,
457 size_t *outlen, int *al, void *arg)
459 if (ext_type != CUSTOM_EXT_TYPE_0)
460 custom_ext_error = 1;
461 return 0; /* Don't send an extension */
464 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
465 const unsigned char *in,
466 size_t inlen, int *al, void *arg)
471 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
472 const unsigned char **out,
473 size_t *outlen, int *al, void *arg)
475 if (ext_type != CUSTOM_EXT_TYPE_1)
476 custom_ext_error = 1;
477 *out = (const unsigned char *)custom_ext_cli_string;
478 *outlen = strlen(custom_ext_cli_string);
479 return 1; /* Send "abc" */
482 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
483 const unsigned char *in,
484 size_t inlen, int *al, void *arg)
489 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
490 const unsigned char **out,
491 size_t *outlen, int *al, void *arg)
493 if (ext_type != CUSTOM_EXT_TYPE_2)
494 custom_ext_error = 1;
495 *out = (const unsigned char *)custom_ext_cli_string;
496 *outlen = strlen(custom_ext_cli_string);
497 return 1; /* Send "abc" */
500 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
501 const unsigned char *in,
502 size_t inlen, int *al, void *arg)
504 if (ext_type != CUSTOM_EXT_TYPE_2)
505 custom_ext_error = 1;
507 custom_ext_error = 1; /* Should be empty response */
511 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
512 const unsigned char **out,
513 size_t *outlen, int *al, void *arg)
515 if (ext_type != CUSTOM_EXT_TYPE_3)
516 custom_ext_error = 1;
517 *out = (const unsigned char *)custom_ext_cli_string;
518 *outlen = strlen(custom_ext_cli_string);
519 return 1; /* Send "abc" */
522 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
523 const unsigned char *in,
524 size_t inlen, int *al, void *arg)
526 if (ext_type != CUSTOM_EXT_TYPE_3)
527 custom_ext_error = 1;
528 if (inlen != strlen(custom_ext_srv_string))
529 custom_ext_error = 1;
530 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
531 custom_ext_error = 1; /* Check for "defg" */
536 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
539 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
540 const unsigned char *in,
541 size_t inlen, int *al, void *arg)
543 custom_ext_error = 1;
547 /* 'add' callbacks are only called if the 'parse' callback is called */
548 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
549 const unsigned char **out,
550 size_t *outlen, int *al, void *arg)
552 /* Error: should not have been called */
553 custom_ext_error = 1;
554 return 0; /* Don't send an extension */
557 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
558 const unsigned char *in,
559 size_t inlen, int *al, void *arg)
561 if (ext_type != CUSTOM_EXT_TYPE_1)
562 custom_ext_error = 1;
563 /* Check for "abc" */
564 if (inlen != strlen(custom_ext_cli_string))
565 custom_ext_error = 1;
566 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
567 custom_ext_error = 1;
571 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
572 const unsigned char **out,
573 size_t *outlen, int *al, void *arg)
575 return 0; /* Don't send an extension */
578 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
579 const unsigned char *in,
580 size_t inlen, int *al, void *arg)
582 if (ext_type != CUSTOM_EXT_TYPE_2)
583 custom_ext_error = 1;
584 /* Check for "abc" */
585 if (inlen != strlen(custom_ext_cli_string))
586 custom_ext_error = 1;
587 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
588 custom_ext_error = 1;
592 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
593 const unsigned char **out,
594 size_t *outlen, int *al, void *arg)
598 return 1; /* Send empty extension */
601 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
602 const unsigned char *in,
603 size_t inlen, int *al, void *arg)
605 if (ext_type != CUSTOM_EXT_TYPE_3)
606 custom_ext_error = 1;
607 /* Check for "abc" */
608 if (inlen != strlen(custom_ext_cli_string))
609 custom_ext_error = 1;
610 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
611 custom_ext_error = 1;
615 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
616 const unsigned char **out,
617 size_t *outlen, int *al, void *arg)
619 *out = (const unsigned char *)custom_ext_srv_string;
620 *outlen = strlen(custom_ext_srv_string);
621 return 1; /* Send "defg" */
624 static char *cipher = NULL;
625 static char *ciphersuites = NULL;
626 static int verbose = 0;
627 static int debug = 0;
629 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
630 long bytes, clock_t *s_time, clock_t *c_time);
631 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
633 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
635 static void sv_usage(void)
637 fprintf(stderr, "usage: ssltest [args ...]\n");
638 fprintf(stderr, "\n");
639 fprintf(stderr, " -server_auth - check server certificate\n");
640 fprintf(stderr, " -client_auth - do client authentication\n");
641 fprintf(stderr, " -v - more output\n");
642 fprintf(stderr, " -d - debug output\n");
643 fprintf(stderr, " -reuse - use session-id reuse\n");
644 fprintf(stderr, " -num <val> - number of connections to perform\n");
646 " -bytes <val> - number of bytes to swap between client/server\n");
647 #ifndef OPENSSL_NO_DH
649 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
651 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
653 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
654 fprintf(stderr, " -no_dhe - disable DHE\n");
656 #ifndef OPENSSL_NO_EC
657 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
659 #ifndef OPENSSL_NO_PSK
660 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
662 #ifndef OPENSSL_NO_SSL3
663 fprintf(stderr, " -ssl3 - use SSLv3\n");
665 #ifndef OPENSSL_NO_TLS1
666 fprintf(stderr, " -tls1 - use TLSv1\n");
668 #ifndef OPENSSL_NO_DTLS
669 fprintf(stderr, " -dtls - use DTLS\n");
670 #ifndef OPENSSL_NO_DTLS1
671 fprintf(stderr, " -dtls1 - use DTLSv1\n");
673 #ifndef OPENSSL_NO_DTLS1_2
674 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
677 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
678 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
679 fprintf(stderr, " -cert arg - Server certificate file\n");
681 " -key arg - Server key file (default: same as -cert)\n");
682 fprintf(stderr, " -c_cert arg - Client certificate file\n");
684 " -c_key arg - Client key file (default: same as -c_cert)\n");
685 fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
686 fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
687 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
688 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
689 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
690 fprintf(stderr, " -f - Test even cases that can't work\n");
692 " -time - measure processor time used by client and server\n");
693 fprintf(stderr, " -zlib - use zlib compression\n");
694 #ifndef OPENSSL_NO_NEXTPROTONEG
695 fprintf(stderr, " -npn_client - have client side offer NPN\n");
696 fprintf(stderr, " -npn_server - have server side offer NPN\n");
697 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
699 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
700 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
702 " -serverinfo_tack - have client offer and expect TACK\n");
704 " -custom_ext - try various custom extension callbacks\n");
705 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
706 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
707 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
708 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
710 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
711 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
712 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
713 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
714 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
715 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
716 #ifndef OPENSSL_NO_CT
717 fprintf(stderr, " -noct - no certificate transparency\n");
718 fprintf(stderr, " -requestct - request certificate transparency\n");
719 fprintf(stderr, " -requirect - require certificate transparency\n");
721 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
722 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
723 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
724 fprintf(stderr, " -sn_expect1 - expected server 1\n");
725 fprintf(stderr, " -sn_expect2 - expected server 2\n");
726 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
727 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
728 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
729 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
730 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
731 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
732 fprintf(stderr, " -provider <name> - Load the given provider into the library context\n");
733 fprintf(stderr, " -config <cnf> - Load the given config file into the library context\n");
736 static void print_key_details(BIO *out, EVP_PKEY *key)
738 int keyid = EVP_PKEY_id(key);
739 #ifndef OPENSSL_NO_EC
740 if (keyid == EVP_PKEY_EC) {
741 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
744 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
746 cname = EC_curve_nid2nist(nid);
748 cname = OBJ_nid2sn(nid);
749 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
765 algname = OBJ_nid2sn(keyid);
768 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
772 static void print_details(SSL *c_ssl, const char *prefix)
774 const SSL_CIPHER *ciph;
779 ciph = SSL_get_current_cipher(c_ssl);
780 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
782 SSL_get_version(c_ssl),
783 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
784 cert = SSL_get_peer_certificate(c_ssl);
786 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
788 if (pubkey != NULL) {
789 BIO_puts(bio_stdout, ", ");
790 print_key_details(bio_stdout, pubkey);
794 if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
795 BIO_puts(bio_stdout, ", temp key: ");
796 print_key_details(bio_stdout, pkey);
799 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
800 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
801 BIO_printf(bio_stdout, "\n");
805 * protocol_from_string - converts a protocol version string to a number
807 * Returns -1 on failure or the version on success
809 static int protocol_from_string(const char *value)
811 struct protocol_versions {
815 static const struct protocol_versions versions[] = {
816 {"ssl3", SSL3_VERSION},
817 {"tls1", TLS1_VERSION},
818 {"tls1.1", TLS1_1_VERSION},
819 {"tls1.2", TLS1_2_VERSION},
820 {"tls1.3", TLS1_3_VERSION},
821 {"dtls1", DTLS1_VERSION},
822 {"dtls1.2", DTLS1_2_VERSION}};
824 size_t n = OSSL_NELEM(versions);
826 for (i = 0; i < n; i++)
827 if (strcmp(versions[i].name, value) == 0)
828 return versions[i].version;
832 static SSL_SESSION *read_session(const char *filename)
835 BIO *f = BIO_new_file(filename, "r");
838 BIO_printf(bio_err, "Can't open session file %s\n", filename);
839 ERR_print_errors(bio_err);
842 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
844 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
845 ERR_print_errors(bio_err);
851 static int write_session(const char *filename, SSL_SESSION *sess)
853 BIO *f = BIO_new_file(filename, "w");
856 BIO_printf(bio_err, "No session information\n");
860 BIO_printf(bio_err, "Can't open session file %s\n", filename);
861 ERR_print_errors(bio_err);
864 PEM_write_bio_SSL_SESSION(f, sess);
870 * set_protocol_version - Sets protocol version minimum or maximum
872 * Returns 0 on failure and 1 on success
874 static int set_protocol_version(const char *version, SSL *ssl, int setting)
876 if (version != NULL) {
877 int ver = protocol_from_string(version);
879 BIO_printf(bio_err, "Error parsing: %s\n", version);
882 return SSL_ctrl(ssl, setting, ver, NULL);
887 int main(int argc, char *argv[])
889 const char *CApath = NULL, *CAfile = NULL;
891 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
893 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
894 int ret = EXIT_FAILURE;
896 int server_auth = 0, i;
897 struct app_verify_arg app_verify_arg =
898 { APP_CALLBACK_STRING, 0 };
899 SSL_CTX *c_ctx = NULL;
900 const SSL_METHOD *meth = NULL;
902 int number = 1, reuse = 0;
903 int should_reuse = -1;
906 #ifndef OPENSSL_NO_DH
908 int dhe512 = 0, dhe1024dsa = 0;
913 clock_t s_time = 0, c_time = 0;
914 #ifndef OPENSSL_NO_COMP
916 COMP_METHOD *cm = NULL;
917 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
920 int min_version = 0, max_version = 0;
921 #ifndef OPENSSL_NO_CT
923 * Disable CT validation by default, because it will interfere with
924 * anything using custom extension handlers to deal with SCT extensions.
926 int ct_validation = 0;
928 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
929 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
930 char *arg = NULL, *argn = NULL;
931 const char *provider = NULL, *config = NULL;
932 OSSL_PROVIDER *thisprov = NULL, *defctxnull = NULL;
933 OPENSSL_CTX *libctx = NULL;
938 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
939 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
941 s_cctx = SSL_CONF_CTX_new();
942 s_cctx2 = SSL_CONF_CTX_new();
943 c_cctx = SSL_CONF_CTX_new();
945 if (!s_cctx || !c_cctx || !s_cctx2) {
946 ERR_print_errors(bio_err);
950 SSL_CONF_CTX_set_flags(s_cctx,
951 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
952 SSL_CONF_FLAG_CERTIFICATE |
953 SSL_CONF_FLAG_REQUIRE_PRIVATE);
954 SSL_CONF_CTX_set_flags(s_cctx2,
955 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
956 SSL_CONF_FLAG_CERTIFICATE |
957 SSL_CONF_FLAG_REQUIRE_PRIVATE);
958 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
959 ERR_print_errors(bio_err);
962 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
963 ERR_print_errors(bio_err);
967 SSL_CONF_CTX_set_flags(c_cctx,
968 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
969 SSL_CONF_FLAG_CERTIFICATE |
970 SSL_CONF_FLAG_REQUIRE_PRIVATE);
971 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
972 ERR_print_errors(bio_err);
980 if (strcmp(*argv, "-F") == 0) {
982 "not compiled with FIPS support, so exiting without running.\n");
984 } else if (strcmp(*argv, "-server_auth") == 0)
986 else if (strcmp(*argv, "-client_auth") == 0)
988 else if (strcmp(*argv, "-v") == 0)
990 else if (strcmp(*argv, "-d") == 0)
992 else if (strcmp(*argv, "-reuse") == 0)
994 else if (strcmp(*argv, "-dhe512") == 0) {
995 #ifndef OPENSSL_NO_DH
999 "ignoring -dhe512, since I'm compiled without DH\n");
1001 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1002 #ifndef OPENSSL_NO_DH
1006 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1008 } else if (strcmp(*argv, "-no_dhe") == 0)
1010 else if (strcmp(*argv, "-no_ecdhe") == 0)
1012 else if (strcmp(*argv, "-psk") == 0) {
1015 psk_key = *(++argv);
1016 #ifndef OPENSSL_NO_PSK
1017 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1018 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1025 else if (strcmp(*argv, "-tls1_2") == 0) {
1027 } else if (strcmp(*argv, "-tls1") == 0) {
1029 } else if (strcmp(*argv, "-ssl3") == 0) {
1031 } else if (strcmp(*argv, "-dtls1") == 0) {
1033 } else if (strcmp(*argv, "-dtls12") == 0) {
1035 } else if (strcmp(*argv, "-dtls") == 0) {
1037 } else if (strncmp(*argv, "-num", 4) == 0) {
1040 number = atoi(*(++argv));
1043 } else if (strcmp(*argv, "-bytes") == 0) {
1046 bytes = atol(*(++argv));
1049 i = strlen(argv[0]);
1050 if (argv[0][i - 1] == 'k')
1052 if (argv[0][i - 1] == 'm')
1053 bytes *= 1024L * 1024L;
1054 } else if (strcmp(*argv, "-cipher") == 0) {
1058 } else if (strcmp(*argv, "-ciphersuites") == 0) {
1061 ciphersuites = *(++argv);
1062 } else if (strcmp(*argv, "-CApath") == 0) {
1066 } else if (strcmp(*argv, "-CAfile") == 0) {
1070 } else if (strcmp(*argv, "-bio_pair") == 0) {
1071 bio_type = BIO_PAIR;
1073 #ifndef OPENSSL_NO_SOCK
1074 else if (strcmp(*argv, "-ipv4") == 0) {
1075 bio_type = BIO_IPV4;
1076 } else if (strcmp(*argv, "-ipv6") == 0) {
1077 bio_type = BIO_IPV6;
1080 else if (strcmp(*argv, "-f") == 0) {
1082 } else if (strcmp(*argv, "-time") == 0) {
1085 #ifndef OPENSSL_NO_CT
1086 else if (strcmp(*argv, "-noct") == 0) {
1089 else if (strcmp(*argv, "-ct") == 0) {
1093 #ifndef OPENSSL_NO_COMP
1094 else if (strcmp(*argv, "-zlib") == 0) {
1098 else if (strcmp(*argv, "-app_verify") == 0) {
1099 app_verify_arg.app_verify = 1;
1101 #ifndef OPENSSL_NO_NEXTPROTONEG
1102 else if (strcmp(*argv, "-npn_client") == 0) {
1104 } else if (strcmp(*argv, "-npn_server") == 0) {
1106 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1107 npn_server_reject = 1;
1110 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1112 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1113 serverinfo_tack = 1;
1114 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1117 serverinfo_file = *(++argv);
1118 } else if (strcmp(*argv, "-custom_ext") == 0) {
1120 } else if (strcmp(*argv, "-alpn_client") == 0) {
1123 alpn_client = *(++argv);
1124 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1125 strcmp(*argv, "-alpn_server1") == 0) {
1128 alpn_server = *(++argv);
1129 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1132 alpn_server2 = *(++argv);
1133 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1136 alpn_expected = *(++argv);
1137 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1140 server_min_proto = *(++argv);
1141 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1144 server_max_proto = *(++argv);
1145 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1148 client_min_proto = *(++argv);
1149 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1152 client_max_proto = *(++argv);
1153 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1156 should_negotiate = *(++argv);
1157 } else if (strcmp(*argv, "-sn_client") == 0) {
1160 sn_client = *(++argv);
1161 } else if (strcmp(*argv, "-sn_server1") == 0) {
1164 sn_server1 = *(++argv);
1165 } else if (strcmp(*argv, "-sn_server2") == 0) {
1168 sn_server2 = *(++argv);
1169 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1171 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1173 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1176 server_sess_out = *(++argv);
1177 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1180 server_sess_in = *(++argv);
1181 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1184 client_sess_out = *(++argv);
1185 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1188 client_sess_in = *(++argv);
1189 } else if (strcmp(*argv, "-should_reuse") == 0) {
1192 should_reuse = !!atoi(*(++argv));
1193 } else if (strcmp(*argv, "-no_ticket") == 0) {
1195 } else if (strcmp(*argv, "-provider") == 0) {
1198 provider = *(++argv);
1199 } else if (strcmp(*argv, "-config") == 0) {
1207 /* Try to process command using SSL_CONF */
1208 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1209 /* If not processed try server */
1211 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1212 /* Recognised: store it for later use */
1217 conf_args = sk_OPENSSL_STRING_new_null();
1221 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1223 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1228 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1230 BIO_printf(bio_err, "Error with command %s\n", arg);
1232 BIO_printf(bio_err, "unknown option %s\n", arg);
1245 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1246 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1251 #ifdef OPENSSL_NO_SSL3
1256 #ifdef OPENSSL_NO_TLS1
1261 #ifdef OPENSSL_NO_TLS1_2
1266 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1271 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1279 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1280 * Ideally, we would error out, but the generic test wrapper can't know
1281 * when to expect failure. So we do nothing and return success.
1284 fprintf(stderr, "Testing was requested for a disabled protocol. "
1285 "Skipping tests.\n");
1290 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1291 && !reuse && !force) {
1292 fprintf(stderr, "This case cannot work. Use -f to perform "
1293 "the test anyway (and\n-d to see what happens), "
1294 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1295 "to avoid protocol mismatch.\n");
1300 if (bio_type != BIO_PAIR) {
1301 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1302 bio_type = BIO_PAIR;
1304 if (number < 50 && !force)
1306 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1309 #ifndef OPENSSL_NO_COMP
1310 if (comp == COMP_ZLIB)
1313 if (COMP_get_type(cm) != NID_undef) {
1314 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1315 fprintf(stderr, "Failed to add compression method\n");
1316 ERR_print_errors_fp(stderr);
1320 "Warning: %s compression not supported\n",
1321 comp == COMP_ZLIB ? "zlib" : "unknown");
1322 ERR_print_errors_fp(stderr);
1325 ssl_comp_methods = SSL_COMP_get_compression_methods();
1326 n = sk_SSL_COMP_num(ssl_comp_methods);
1329 printf("Available compression methods:");
1330 for (j = 0; j < n; j++) {
1331 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1332 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1338 #ifndef OPENSSL_NO_TLS
1339 meth = TLS_method();
1341 min_version = SSL3_VERSION;
1342 max_version = SSL3_VERSION;
1344 min_version = TLS1_VERSION;
1345 max_version = TLS1_VERSION;
1346 } else if (tls1_2) {
1347 min_version = TLS1_2_VERSION;
1348 max_version = TLS1_2_VERSION;
1354 #ifndef OPENSSL_NO_DTLS
1355 if (dtls || dtls1 || dtls12) {
1356 meth = DTLS_method();
1358 min_version = DTLS1_VERSION;
1359 max_version = DTLS1_VERSION;
1360 } else if (dtls12) {
1361 min_version = DTLS1_2_VERSION;
1362 max_version = DTLS1_2_VERSION;
1370 if (provider != NULL) {
1371 defctxnull = OSSL_PROVIDER_load(NULL, "null");
1372 if (defctxnull == NULL)
1374 libctx = OPENSSL_CTX_new();
1379 && !OPENSSL_CTX_load_config(libctx, config))
1382 thisprov = OSSL_PROVIDER_load(libctx, provider);
1383 if (thisprov == NULL)
1387 c_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
1388 s_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
1389 s_ctx2 = SSL_CTX_new_with_libctx(libctx, NULL, meth); /* no SSL_CTX_dup! */
1390 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1391 ERR_print_errors(bio_err);
1395 * Since we will use low security ciphersuites and keys for testing set
1396 * security level to zero by default. Tests can override this by adding
1397 * "@SECLEVEL=n" to the cipher string.
1399 SSL_CTX_set_security_level(c_ctx, 0);
1400 SSL_CTX_set_security_level(s_ctx, 0);
1401 SSL_CTX_set_security_level(s_ctx2, 0);
1404 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1405 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1408 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1410 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1412 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1414 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1417 if (cipher != NULL) {
1418 if (strcmp(cipher, "") == 0) {
1419 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
1420 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1423 ERR_print_errors(bio_err);
1427 /* Should have failed when clearing all TLSv1.2 ciphers. */
1428 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1432 if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1433 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1436 ERR_print_errors(bio_err);
1440 /* Should have failed when clearing all TLSv1.2 ciphers. */
1441 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1445 if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1446 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1449 ERR_print_errors(bio_err);
1453 /* Should have failed when clearing all TLSv1.2 ciphers. */
1454 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1458 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1459 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1460 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1461 ERR_print_errors(bio_err);
1466 if (ciphersuites != NULL) {
1467 if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
1468 || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
1469 || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
1470 ERR_print_errors(bio_err);
1475 #ifndef OPENSSL_NO_CT
1476 if (ct_validation &&
1477 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1478 ERR_print_errors(bio_err);
1483 /* Process SSL_CONF arguments */
1484 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1485 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1486 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1488 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1490 arg = sk_OPENSSL_STRING_value(conf_args, i);
1491 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1492 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1493 /* If not recognised use server context */
1495 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1497 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1500 BIO_printf(bio_err, "Error processing %s %s\n",
1501 arg, argn ? argn : "");
1502 ERR_print_errors(bio_err);
1507 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1508 BIO_puts(bio_err, "Error finishing context\n");
1509 ERR_print_errors(bio_err);
1512 #ifndef OPENSSL_NO_DH
1515 dh = get_dh1024dsa();
1520 SSL_CTX_set_tmp_dh(s_ctx, dh);
1521 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1528 if (!(SSL_CTX_load_verify_file(s_ctx, CAfile)
1529 || SSL_CTX_load_verify_dir(s_ctx, CApath))
1530 || !SSL_CTX_set_default_verify_paths(s_ctx)
1531 || !(SSL_CTX_load_verify_file(s_ctx2, CAfile)
1532 || SSL_CTX_load_verify_dir(s_ctx2, CApath))
1533 || !SSL_CTX_set_default_verify_paths(s_ctx2)
1534 || !(SSL_CTX_load_verify_file(c_ctx, CAfile)
1535 || SSL_CTX_load_verify_dir(c_ctx, CApath))
1536 || !SSL_CTX_set_default_verify_paths(c_ctx)) {
1537 ERR_print_errors(bio_err);
1540 #ifndef OPENSSL_NO_CT
1541 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1542 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1543 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1544 ERR_print_errors(bio_err);
1549 printf("client authentication\n");
1550 SSL_CTX_set_verify(s_ctx,
1551 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1553 SSL_CTX_set_verify(s_ctx2,
1554 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1556 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1558 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1562 printf("server authentication\n");
1563 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1564 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1569 int session_id_context = 0;
1570 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1571 sizeof(session_id_context)) ||
1572 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1573 sizeof(session_id_context))) {
1574 ERR_print_errors(bio_err);
1579 /* Use PSK only if PSK key is given */
1580 if (psk_key != NULL) {
1582 * no_psk is used to avoid putting psk command to openssl tool
1586 * if PSK is not compiled in and psk key is given, do nothing and
1592 #ifndef OPENSSL_NO_PSK
1593 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1594 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1595 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1597 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1598 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1599 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1600 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1601 ERR_print_errors(bio_err);
1607 #ifndef OPENSSL_NO_NEXTPROTONEG
1609 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1612 if (npn_server_reject) {
1614 "Can't have both -npn_server and -npn_server_reject\n");
1617 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1618 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1620 if (npn_server_reject) {
1621 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1622 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1626 if (serverinfo_sct) {
1627 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1628 TLSEXT_TYPE_signed_certificate_timestamp,
1630 serverinfo_cli_parse_cb, NULL)) {
1631 BIO_printf(bio_err, "Error adding SCT extension\n");
1635 if (serverinfo_tack) {
1636 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1638 serverinfo_cli_parse_cb, NULL)) {
1639 BIO_printf(bio_err, "Error adding TACK extension\n");
1643 if (serverinfo_file)
1644 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1645 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1646 BIO_printf(bio_err, "missing serverinfo file\n");
1651 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1652 custom_ext_0_cli_add_cb,
1654 custom_ext_0_cli_parse_cb, NULL)
1655 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1656 custom_ext_1_cli_add_cb,
1658 custom_ext_1_cli_parse_cb, NULL)
1659 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1660 custom_ext_2_cli_add_cb,
1662 custom_ext_2_cli_parse_cb, NULL)
1663 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1664 custom_ext_3_cli_add_cb,
1666 custom_ext_3_cli_parse_cb, NULL)
1667 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1668 custom_ext_0_srv_add_cb,
1670 custom_ext_0_srv_parse_cb, NULL)
1671 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1672 custom_ext_0_srv_add_cb,
1674 custom_ext_0_srv_parse_cb, NULL)
1675 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1676 custom_ext_1_srv_add_cb,
1678 custom_ext_1_srv_parse_cb, NULL)
1679 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1680 custom_ext_1_srv_add_cb,
1682 custom_ext_1_srv_parse_cb, NULL)
1683 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1684 custom_ext_2_srv_add_cb,
1686 custom_ext_2_srv_parse_cb, NULL)
1687 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1688 custom_ext_2_srv_add_cb,
1690 custom_ext_2_srv_parse_cb, NULL)
1691 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1692 custom_ext_3_srv_add_cb,
1694 custom_ext_3_srv_parse_cb, NULL)
1695 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1696 custom_ext_3_srv_add_cb,
1698 custom_ext_3_srv_parse_cb, NULL)) {
1699 BIO_printf(bio_err, "Error setting custom extensions\n");
1705 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1707 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1711 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1714 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1717 /* Returns 0 on success!! */
1718 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1719 BIO_printf(bio_err, "Error setting ALPN\n");
1726 if (server_sess_in != NULL) {
1727 server_sess = read_session(server_sess_in);
1728 if (server_sess == NULL)
1731 if (client_sess_in != NULL) {
1732 client_sess = read_session(client_sess_in);
1733 if (client_sess == NULL)
1737 if (server_sess_out != NULL || server_sess_in != NULL) {
1741 /* Use a fixed key so that we can decrypt the ticket. */
1742 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1743 keys = OPENSSL_zalloc(size);
1744 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1748 if (sn_server1 != NULL || sn_server2 != NULL)
1749 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1751 c_ssl = SSL_new(c_ctx);
1752 s_ssl = SSL_new(s_ctx);
1755 SSL_set_tlsext_host_name(c_ssl, sn_client);
1757 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1759 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1761 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1763 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1767 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1768 BIO_printf(bio_err, "Can't add server session\n");
1769 ERR_print_errors(bio_err);
1774 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1775 for (i = 0; i < number; i++) {
1777 if (!SSL_set_session(c_ssl, NULL)) {
1778 BIO_printf(bio_err, "Failed to set session\n");
1782 if (client_sess_in != NULL) {
1783 if (SSL_set_session(c_ssl, client_sess) == 0) {
1784 BIO_printf(bio_err, "Can't set client session\n");
1785 ERR_print_errors(bio_err);
1791 ret = doit(s_ssl, c_ssl, bytes);
1794 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1796 #ifndef OPENSSL_NO_SOCK
1798 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1799 bytes, &s_time, &c_time);
1802 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1803 bytes, &s_time, &c_time);
1812 if (ret != EXIT_SUCCESS) break;
1815 if (should_negotiate && ret == EXIT_SUCCESS &&
1816 strcmp(should_negotiate, "fail-server") != 0 &&
1817 strcmp(should_negotiate, "fail-client") != 0) {
1818 int version = protocol_from_string(should_negotiate);
1820 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1824 if (SSL_version(c_ssl) != version) {
1825 BIO_printf(bio_err, "Unexpected version negotiated. "
1826 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1832 if (should_reuse != -1) {
1833 if (SSL_session_reused(s_ssl) != should_reuse ||
1834 SSL_session_reused(c_ssl) != should_reuse) {
1835 BIO_printf(bio_err, "Unexpected session reuse state. "
1836 "Expected: %d, server: %d, client: %d\n", should_reuse,
1837 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1843 if (server_sess_out != NULL) {
1844 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1849 if (client_sess_out != NULL) {
1850 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1857 print_details(c_ssl, "");
1860 #ifdef CLOCKS_PER_SEC
1862 * "To determine the time in seconds, the value returned by the clock
1863 * function should be divided by the value of the macro
1864 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1866 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1867 "Approximate total client time: %6.2f s\n",
1868 (double)s_time / CLOCKS_PER_SEC,
1869 (double)c_time / CLOCKS_PER_SEC);
1871 BIO_printf(bio_stdout,
1872 "Approximate total server time: %6.2f units\n"
1873 "Approximate total client time: %6.2f units\n",
1874 (double)s_time, (double)c_time);
1883 SSL_CTX_free(s_ctx);
1884 SSL_CTX_free(s_ctx2);
1885 SSL_CTX_free(c_ctx);
1886 SSL_CONF_CTX_free(s_cctx);
1887 SSL_CONF_CTX_free(s_cctx2);
1888 SSL_CONF_CTX_free(c_cctx);
1889 sk_OPENSSL_STRING_free(conf_args);
1891 BIO_free(bio_stdout);
1893 SSL_SESSION_free(server_sess);
1894 SSL_SESSION_free(client_sess);
1896 OSSL_PROVIDER_unload(defctxnull);
1897 OSSL_PROVIDER_unload(thisprov);
1898 OPENSSL_CTX_free(libctx);
1904 #ifndef OPENSSL_NO_SOCK
1905 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1906 clock_t *s_time, clock_t *c_time)
1908 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1909 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1910 BIO *acpt = NULL, *server = NULL, *client = NULL;
1912 int ret = EXIT_FAILURE;
1913 int err_in_client = 0;
1914 int err_in_server = 0;
1916 acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
1920 BIO_set_accept_ip_family(acpt, family);
1921 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1922 if (BIO_do_accept(acpt) <= 0)
1925 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1927 client = BIO_new_connect(addr_str);
1928 BIO_set_conn_ip_family(client, family);
1932 if (BIO_set_nbio(client, 1) <= 0)
1934 if (BIO_set_nbio(acpt, 1) <= 0)
1938 int st_connect = 0, st_accept = 0;
1940 while(!st_connect || !st_accept) {
1942 if (BIO_do_connect(client) <= 0) {
1943 if (!BIO_should_retry(client))
1950 if (BIO_do_accept(acpt) <= 0) {
1951 if (!BIO_should_retry(acpt))
1959 /* We're not interested in accepting further connects */
1960 server = BIO_pop(acpt);
1964 s_ssl_bio = BIO_new(BIO_f_ssl());
1968 c_ssl_bio = BIO_new(BIO_f_ssl());
1972 SSL_set_connect_state(c_ssl);
1973 SSL_set_bio(c_ssl, client, client);
1974 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1976 SSL_set_accept_state(s_ssl);
1977 SSL_set_bio(s_ssl, server, server);
1978 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1982 * c_ssl_bio: SSL filter BIO
1984 * client: I/O for SSL library
1987 * server: I/O for SSL library
1989 * s_ssl_bio: SSL filter BIO
1993 * We have non-blocking behaviour throughout this test program, but
1994 * can be sure that there is *some* progress in each iteration; so we
1995 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1996 * we just try everything in each iteration
2002 char cbuf[1024 * 8];
2004 clock_t c_clock = clock();
2006 memset(cbuf, 0, sizeof(cbuf));
2009 if (SSL_in_init(c_ssl))
2010 printf("client waiting in SSL_connect - %s\n",
2011 SSL_state_string_long(c_ssl));
2014 /* Write to server. */
2016 if (cw_num > (long)sizeof(cbuf))
2020 r = BIO_write(c_ssl_bio, cbuf, i);
2022 if (!BIO_should_retry(c_ssl_bio)) {
2023 fprintf(stderr, "ERROR in CLIENT\n");
2028 * BIO_should_retry(...) can just be ignored here. The
2029 * library expects us to call BIO_write with the same
2030 * arguments again, and that's what we will do in the
2033 } else if (r == 0) {
2034 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2038 printf("client wrote %d\n", r);
2044 /* Read from server. */
2046 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2048 if (!BIO_should_retry(c_ssl_bio)) {
2049 fprintf(stderr, "ERROR in CLIENT\n");
2054 * Again, "BIO_should_retry" can be ignored.
2056 } else if (r == 0) {
2057 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2061 printf("client read %d\n", r);
2067 * c_time and s_time increments will typically be very small
2068 * (depending on machine speed and clock tick intervals), but
2069 * sampling over a large number of connections should result in
2070 * fairly accurate figures. We cannot guarantee a lot, however
2071 * -- if each connection lasts for exactly one clock tick, it
2072 * will be counted only for the client or only for the server or
2075 *c_time += (clock() - c_clock);
2081 char sbuf[1024 * 8];
2083 clock_t s_clock = clock();
2085 memset(sbuf, 0, sizeof(sbuf));
2088 if (SSL_in_init(s_ssl))
2089 printf("server waiting in SSL_accept - %s\n",
2090 SSL_state_string_long(s_ssl));
2093 /* Write to client. */
2095 if (sw_num > (long)sizeof(sbuf))
2099 r = BIO_write(s_ssl_bio, sbuf, i);
2101 if (!BIO_should_retry(s_ssl_bio)) {
2102 fprintf(stderr, "ERROR in SERVER\n");
2106 /* Ignore "BIO_should_retry". */
2107 } else if (r == 0) {
2108 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2112 printf("server wrote %d\n", r);
2118 /* Read from client. */
2120 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2122 if (!BIO_should_retry(s_ssl_bio)) {
2123 fprintf(stderr, "ERROR in SERVER\n");
2128 } else if (r == 0) {
2129 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2133 printf("server read %d\n", r);
2138 *s_time += (clock() - s_clock);
2141 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2144 print_details(c_ssl, "DONE via TCP connect: ");
2145 # ifndef OPENSSL_NO_NEXTPROTONEG
2146 if (verify_npn(c_ssl, s_ssl) < 0)
2149 if (verify_serverinfo() < 0) {
2150 fprintf(stderr, "Server info verify error\n");
2153 if (verify_alpn(c_ssl, s_ssl) < 0
2154 || verify_servername(c_ssl, s_ssl) < 0)
2157 if (custom_ext_error) {
2158 fprintf(stderr, "Custom extension error\n");
2162 # ifndef OPENSSL_NO_NEXTPROTONEG
2168 ERR_print_errors(bio_err);
2173 BIO_free(s_ssl_bio);
2174 BIO_free(c_ssl_bio);
2176 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2177 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2178 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2179 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2185 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2186 clock_t *s_time, clock_t *c_time)
2188 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2189 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2190 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2191 int ret = EXIT_FAILURE;
2192 int err_in_client = 0;
2193 int err_in_server = 0;
2195 size_t bufsiz = 256; /* small buffer for testing */
2197 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2199 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2202 s_ssl_bio = BIO_new(BIO_f_ssl());
2206 c_ssl_bio = BIO_new(BIO_f_ssl());
2210 SSL_set_connect_state(c_ssl);
2211 SSL_set_bio(c_ssl, client, client);
2212 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2214 SSL_set_accept_state(s_ssl);
2215 SSL_set_bio(s_ssl, server, server);
2216 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2220 * c_ssl_bio: SSL filter BIO
2222 * client: pseudo-I/O for SSL library
2224 * client_io: client's SSL communication; usually to be
2225 * relayed over some I/O facility, but in this
2226 * test program, we're the server, too:
2228 * server_io: server's SSL communication
2230 * server: pseudo-I/O for SSL library
2232 * s_ssl_bio: SSL filter BIO
2234 * The client and the server each employ a "BIO pair":
2235 * client + client_io, server + server_io.
2236 * BIO pairs are symmetric. A BIO pair behaves similar
2237 * to a non-blocking socketpair (but both endpoints must
2238 * be handled by the same thread).
2239 * [Here we could connect client and server to the ends
2240 * of a single BIO pair, but then this code would be less
2241 * suitable as an example for BIO pairs in general.]
2243 * Useful functions for querying the state of BIO pair endpoints:
2245 * BIO_ctrl_pending(bio) number of bytes we can read now
2246 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
2247 * other side's read attempt
2248 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2250 * ..._read_request is never more than ..._write_guarantee;
2251 * it depends on the application which one you should use.
2255 * We have non-blocking behaviour throughout this test program, but
2256 * can be sure that there is *some* progress in each iteration; so we
2257 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2258 * we just try everything in each iteration
2264 char cbuf[1024 * 8];
2266 clock_t c_clock = clock();
2268 memset(cbuf, 0, sizeof(cbuf));
2271 if (SSL_in_init(c_ssl))
2272 printf("client waiting in SSL_connect - %s\n",
2273 SSL_state_string_long(c_ssl));
2276 /* Write to server. */
2278 if (cw_num > (long)sizeof(cbuf))
2282 r = BIO_write(c_ssl_bio, cbuf, i);
2284 if (!BIO_should_retry(c_ssl_bio)) {
2285 fprintf(stderr, "ERROR in CLIENT\n");
2290 * BIO_should_retry(...) can just be ignored here. The
2291 * library expects us to call BIO_write with the same
2292 * arguments again, and that's what we will do in the
2295 } else if (r == 0) {
2296 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2300 printf("client wrote %d\n", r);
2306 /* Read from server. */
2308 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2310 if (!BIO_should_retry(c_ssl_bio)) {
2311 fprintf(stderr, "ERROR in CLIENT\n");
2316 * Again, "BIO_should_retry" can be ignored.
2318 } else if (r == 0) {
2319 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2323 printf("client read %d\n", r);
2329 * c_time and s_time increments will typically be very small
2330 * (depending on machine speed and clock tick intervals), but
2331 * sampling over a large number of connections should result in
2332 * fairly accurate figures. We cannot guarantee a lot, however
2333 * -- if each connection lasts for exactly one clock tick, it
2334 * will be counted only for the client or only for the server or
2337 *c_time += (clock() - c_clock);
2343 char sbuf[1024 * 8];
2345 clock_t s_clock = clock();
2347 memset(sbuf, 0, sizeof(sbuf));
2350 if (SSL_in_init(s_ssl))
2351 printf("server waiting in SSL_accept - %s\n",
2352 SSL_state_string_long(s_ssl));
2355 /* Write to client. */
2357 if (sw_num > (long)sizeof(sbuf))
2361 r = BIO_write(s_ssl_bio, sbuf, i);
2363 if (!BIO_should_retry(s_ssl_bio)) {
2364 fprintf(stderr, "ERROR in SERVER\n");
2368 /* Ignore "BIO_should_retry". */
2369 } else if (r == 0) {
2370 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2374 printf("server wrote %d\n", r);
2380 /* Read from client. */
2382 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2384 if (!BIO_should_retry(s_ssl_bio)) {
2385 fprintf(stderr, "ERROR in SERVER\n");
2390 } else if (r == 0) {
2391 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2395 printf("server read %d\n", r);
2400 *s_time += (clock() - s_clock);
2404 /* "I/O" BETWEEN CLIENT AND SERVER. */
2407 BIO *io1 = server_io, *io2 = client_io;
2409 * we use the non-copying interface for io1 and the standard
2410 * BIO_write/BIO_read interface for io2
2413 static int prev_progress = 1;
2421 r1 = BIO_ctrl_pending(io1);
2422 r2 = BIO_ctrl_get_write_guarantee(io2);
2430 if (INT_MAX < num) /* yeah, right */
2433 r = BIO_nread(io1, &dataptr, (int)num);
2435 assert(r <= (int)num);
2437 * possibly r < num (non-contiguous data)
2440 r = BIO_write(io2, dataptr, (int)num);
2441 if (r != (int)num) { /* can't happen */
2442 fprintf(stderr, "ERROR: BIO_write could not write "
2443 "BIO_ctrl_get_write_guarantee() bytes");
2449 printf((io1 == client_io) ?
2450 "C->S relaying: %d bytes\n" :
2451 "S->C relaying: %d bytes\n", (int)num);
2461 r1 = BIO_ctrl_pending(io2);
2462 r2 = BIO_ctrl_get_read_request(io1);
2464 * here we could use ..._get_write_guarantee instead of
2465 * ..._get_read_request, but by using the latter we test
2466 * restartability of the SSL implementation more thoroughly
2478 --num; /* test restartability even more thoroughly */
2480 r = BIO_nwrite0(io1, &dataptr);
2484 r = BIO_read(io2, dataptr, (int)num);
2485 if (r != (int)num) { /* can't happen */
2486 fprintf(stderr, "ERROR: BIO_read could not read "
2487 "BIO_ctrl_pending() bytes");
2491 r = BIO_nwrite(io1, &dataptr, (int)num);
2492 if (r != (int)num) { /* can't happen */
2493 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2494 "BIO_nwrite0() bytes");
2499 printf((io2 == client_io) ?
2500 "C->S relaying: %d bytes\n" :
2501 "S->C relaying: %d bytes\n", (int)num);
2503 } /* no loop, BIO_ctrl_get_read_request now
2504 * returns 0 anyway */
2506 if (!progress && !prev_progress)
2507 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2508 fprintf(stderr, "ERROR: got stuck\n");
2509 fprintf(stderr, " ERROR.\n");
2512 prev_progress = progress;
2515 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2518 print_details(c_ssl, "DONE via BIO pair: ");
2519 #ifndef OPENSSL_NO_NEXTPROTONEG
2520 if (verify_npn(c_ssl, s_ssl) < 0)
2523 if (verify_serverinfo() < 0) {
2524 fprintf(stderr, "Server info verify error\n");
2527 if (verify_alpn(c_ssl, s_ssl) < 0
2528 || verify_servername(c_ssl, s_ssl) < 0)
2531 if (custom_ext_error) {
2532 fprintf(stderr, "Custom extension error\n");
2536 #ifndef OPENSSL_NO_NEXTPROTONEG
2542 ERR_print_errors(bio_err);
2545 BIO_free(server_io);
2547 BIO_free(client_io);
2548 BIO_free(s_ssl_bio);
2549 BIO_free(c_ssl_bio);
2551 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2552 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2553 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2554 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2564 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2566 char *cbuf = NULL, *sbuf = NULL;
2568 long cw_num = count, cr_num = count;
2569 long sw_num = count, sr_num = count;
2570 int ret = EXIT_FAILURE;
2575 int c_r, c_w, s_r, s_w;
2578 int c_write, s_write;
2579 int do_server = 0, do_client = 0;
2580 int max_frag = 5 * 1024;
2581 int err_in_client = 0;
2582 int err_in_server = 0;
2584 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2586 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2588 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2591 c_to_s = BIO_new(BIO_s_mem());
2592 s_to_c = BIO_new(BIO_s_mem());
2593 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2594 ERR_print_errors(bio_err);
2598 c_bio = BIO_new(BIO_f_ssl());
2599 s_bio = BIO_new(BIO_f_ssl());
2600 if ((c_bio == NULL) || (s_bio == NULL)) {
2601 ERR_print_errors(bio_err);
2605 SSL_set_connect_state(c_ssl);
2606 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2607 SSL_set_max_send_fragment(c_ssl, max_frag);
2608 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2611 * We've just given our ref to these BIOs to c_ssl. We need another one to
2614 if (!BIO_up_ref(c_to_s)) {
2615 /* c_to_s and s_to_c will get freed when we free c_ssl */
2620 if (!BIO_up_ref(s_to_c)) {
2621 /* s_to_c will get freed when we free c_ssl */
2626 SSL_set_accept_state(s_ssl);
2627 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2629 /* We've used up all our refs to these now */
2633 SSL_set_max_send_fragment(s_ssl, max_frag);
2634 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2640 c_write = 1, s_write = 0;
2642 /* We can always do writes */
2647 i = (int)BIO_pending(s_bio);
2648 if ((i && s_r) || s_w)
2651 i = (int)BIO_pending(c_bio);
2652 if ((i && c_r) || c_w)
2655 if (do_server && debug) {
2656 if (SSL_in_init(s_ssl))
2657 printf("server waiting in SSL_accept - %s\n",
2658 SSL_state_string_long(s_ssl));
2661 if (do_client && debug) {
2662 if (SSL_in_init(c_ssl))
2663 printf("client waiting in SSL_connect - %s\n",
2664 SSL_state_string_long(c_ssl));
2667 if (!do_client && !do_server) {
2668 fprintf(stdout, "ERROR IN STARTUP\n");
2669 ERR_print_errors(bio_err);
2672 if (do_client && !(done & C_DONE)) {
2674 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2675 i = BIO_write(c_bio, cbuf, j);
2679 if (BIO_should_retry(c_bio)) {
2680 if (BIO_should_read(c_bio))
2682 if (BIO_should_write(c_bio))
2685 fprintf(stderr, "ERROR in CLIENT\n");
2687 ERR_print_errors(bio_err);
2690 } else if (i == 0) {
2691 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2695 printf("client wrote %d\n", i);
2700 if (max_frag > 1029)
2701 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2704 i = BIO_read(c_bio, cbuf, bufsiz);
2708 if (BIO_should_retry(c_bio)) {
2709 if (BIO_should_read(c_bio))
2711 if (BIO_should_write(c_bio))
2714 fprintf(stderr, "ERROR in CLIENT\n");
2716 ERR_print_errors(bio_err);
2719 } else if (i == 0) {
2720 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2724 printf("client read %d\n", i);
2733 done = S_DONE | C_DONE;
2739 if (do_server && !(done & S_DONE)) {
2741 i = BIO_read(s_bio, sbuf, bufsiz);
2745 if (BIO_should_retry(s_bio)) {
2746 if (BIO_should_read(s_bio))
2748 if (BIO_should_write(s_bio))
2751 fprintf(stderr, "ERROR in SERVER\n");
2753 ERR_print_errors(bio_err);
2756 } else if (i == 0) {
2757 ERR_print_errors(bio_err);
2759 "SSL SERVER STARTUP FAILED in SSL_read\n");
2763 printf("server read %d\n", i);
2776 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2777 i = BIO_write(s_bio, sbuf, j);
2781 if (BIO_should_retry(s_bio)) {
2782 if (BIO_should_read(s_bio))
2784 if (BIO_should_write(s_bio))
2787 fprintf(stderr, "ERROR in SERVER\n");
2789 ERR_print_errors(bio_err);
2792 } else if (i == 0) {
2793 ERR_print_errors(bio_err);
2795 "SSL SERVER STARTUP FAILED in SSL_write\n");
2799 printf("server wrote %d\n", i);
2805 if (max_frag > 1029)
2806 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2811 if ((done & S_DONE) && (done & C_DONE))
2816 print_details(c_ssl, "DONE: ");
2817 #ifndef OPENSSL_NO_NEXTPROTONEG
2818 if (verify_npn(c_ssl, s_ssl) < 0)
2821 if (verify_serverinfo() < 0) {
2822 fprintf(stderr, "Server info verify error\n");
2825 if (custom_ext_error) {
2826 fprintf(stderr, "Custom extension error\n");
2833 BIO_free_all(c_bio);
2834 BIO_free_all(s_bio);
2838 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2839 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2840 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2841 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2846 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2850 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2854 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2856 fprintf(stderr, "depth=%d error=%d %s\n",
2857 X509_STORE_CTX_get_error_depth(ctx),
2858 X509_STORE_CTX_get_error(ctx), buf);
2863 int i = X509_STORE_CTX_get_error(ctx);
2867 fprintf(stderr, "Error string: %s\n",
2868 X509_verify_cert_error_string(i));
2870 case X509_V_ERR_CERT_NOT_YET_VALID:
2871 case X509_V_ERR_CERT_HAS_EXPIRED:
2872 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2881 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2884 struct app_verify_arg *cb_arg = arg;
2886 if (cb_arg->app_verify) {
2887 char *s = NULL, buf[256];
2888 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2890 printf("In app_verify_callback, allowing cert. ");
2891 printf("Arg is: %s\n", cb_arg->string);
2892 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2893 (void *)ctx, (void *)c);
2895 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2897 printf("cert depth=%d %s\n",
2898 X509_STORE_CTX_get_error_depth(ctx), buf);
2903 ok = X509_verify_cert(ctx);
2908 #ifndef OPENSSL_NO_DH
2910 * These DH parameters have been generated as follows:
2911 * $ openssl dhparam -C -noout 512
2912 * $ openssl dhparam -C -noout 1024
2913 * $ openssl dhparam -C -noout -dsaparam 1024
2914 * (The third function has been renamed to avoid name conflicts.)
2916 static DH *get_dh512(void)
2918 static unsigned char dh512_p[] = {
2919 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2921 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2923 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2925 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2927 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2929 0x02, 0xC5, 0xAE, 0x23,
2931 static unsigned char dh512_g[] = {
2937 if ((dh = DH_new()) == NULL)
2939 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2940 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2941 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2950 static DH *get_dh1024(void)
2952 static unsigned char dh1024_p[] = {
2953 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2955 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2957 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2959 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2961 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2963 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2965 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2967 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2969 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2971 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2973 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2975 static unsigned char dh1024_g[] = {
2981 if ((dh = DH_new()) == NULL)
2983 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2984 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2985 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2994 static DH *get_dh1024dsa(void)
2996 static unsigned char dh1024_p[] = {
2997 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2999 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3001 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3003 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3005 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3007 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3009 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3011 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3013 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3015 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3017 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3019 static unsigned char dh1024_g[] = {
3020 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3022 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3024 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3026 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3028 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3030 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3032 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3034 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3036 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3038 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3040 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3045 if ((dh = DH_new()) == NULL)
3047 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3048 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3049 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3055 DH_set_length(dh, 160);
3060 #ifndef OPENSSL_NO_PSK
3061 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3062 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3063 unsigned int max_psk_len)
3068 ret = BN_hex2bn(&bn, pskkey);
3070 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3075 if (BN_num_bytes(bn) > (int)max_psk_len) {
3077 "psk buffer of callback is too small (%d) for key (%d)\n",
3078 max_psk_len, BN_num_bytes(bn));
3082 ret = BN_bn2bin(bn, psk);
3087 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3089 unsigned int max_identity_len,
3091 unsigned int max_psk_len)
3094 unsigned int psk_len = 0;
3096 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3100 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3102 ret = psk_key2bn(psk_key, psk, max_psk_len);
3110 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3112 unsigned int max_psk_len)
3114 unsigned int psk_len = 0;
3116 if (strcmp(identity, "Client_identity") != 0) {
3117 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3120 psk_len = psk_key2bn(psk_key, psk, max_psk_len);