1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
57 /* ====================================================================
58 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
86 * 6. Redistributions of any form whatsoever must retain the following
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
110 /* ====================================================================
111 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
112 * ECC cipher suite support in OpenSSL originally developed by
113 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 /* ====================================================================
116 * Copyright 2005 Nokia. All rights reserved.
118 * The portions of the attached software ("Contribution") is developed by
119 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
122 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
123 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
124 * support (see RFC 4279) to OpenSSL.
126 * No patent licenses or other rights except those expressly stated in
127 * the OpenSSL open source license shall be deemed granted or received
128 * expressly, by implication, estoppel, or otherwise.
130 * No assurances are provided by Nokia that the Contribution does not
131 * infringe the patent or other intellectual property rights of any third
132 * party or that the license provides you with all the necessary rights
133 * to make use of the Contribution.
135 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
136 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
137 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
138 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
142 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
143 #define _BSD_SOURCE 1
144 #define _DEFAULT_SOURCE 1
157 #ifdef OPENSSL_SYS_VMS
159 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
161 # define _XOPEN_SOURCE 500
166 #include <openssl/bio.h>
167 #include <openssl/crypto.h>
168 #include <openssl/evp.h>
169 #include <openssl/x509.h>
170 #include <openssl/x509v3.h>
171 #include <openssl/ssl.h>
172 #ifndef OPENSSL_NO_ENGINE
173 # include <openssl/engine.h>
175 #include <openssl/err.h>
176 #include <openssl/rand.h>
177 #ifndef OPENSSL_NO_RSA
178 # include <openssl/rsa.h>
180 #ifndef OPENSSL_NO_DSA
181 # include <openssl/dsa.h>
183 #ifndef OPENSSL_NO_DH
184 # include <openssl/dh.h>
186 #ifndef OPENSSL_NO_SRP
187 # include <openssl/srp.h>
189 #include <openssl/bn.h>
190 #ifndef OPENSSL_NO_CT
191 # include <openssl/ct.h>
194 #include "internal/threads.h"
195 #include "../ssl/ssl_locl.h"
198 * Or gethostname won't be declared properly
199 * on Compaq platforms (at least with DEC C).
200 * Do not try to put it earlier, or IPv6 includes
203 #define _XOPEN_SOURCE_EXTENDED 1
205 #ifdef OPENSSL_SYS_WINDOWS
206 # include <winsock.h>
208 # include OPENSSL_UNISTD
211 static SSL_CTX *s_ctx = NULL;
212 static SSL_CTX *s_ctx2 = NULL;
215 * There is really no standard for this, so let's assign something
220 static int verify_callback(int ok, X509_STORE_CTX *ctx);
221 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
222 #define APP_CALLBACK_STRING "Test Callback Argument"
223 struct app_verify_arg {
228 #ifndef OPENSSL_NO_DH
229 static DH *get_dh512(void);
230 static DH *get_dh1024(void);
231 static DH *get_dh1024dsa(void);
234 static char *psk_key = NULL; /* by default PSK is not used */
235 #ifndef OPENSSL_NO_PSK
236 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
238 unsigned int max_identity_len,
240 unsigned int max_psk_len);
241 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
243 unsigned int max_psk_len);
246 #ifndef OPENSSL_NO_SRP
248 /* This is a context that we pass to all callbacks */
249 typedef struct srp_client_arg_st {
254 # define PWD_STRLEN 1024
256 static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
258 SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
259 return OPENSSL_strdup((char *)srp_client_arg->srppassin);
263 /* This is a context that we pass to SRP server callbacks */
264 typedef struct srp_server_arg_st {
269 static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
271 SRP_SERVER_ARG *p = (SRP_SERVER_ARG *)arg;
273 if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0) {
274 fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
275 return SSL3_AL_FATAL;
277 if (SSL_set_srp_server_param_pw(s, p->expected_user, p->pass, "1024") < 0) {
278 *ad = SSL_AD_INTERNAL_ERROR;
279 return SSL3_AL_FATAL;
281 return SSL_ERROR_NONE;
285 static BIO *bio_err = NULL;
286 static BIO *bio_stdout = NULL;
288 #ifndef OPENSSL_NO_NEXTPROTONEG
289 /* Note that this code assumes that this is only a one element list: */
290 static const char NEXT_PROTO_STRING[] = "\x09testproto";
291 static int npn_client = 0;
292 static int npn_server = 0;
293 static int npn_server_reject = 0;
295 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
296 const unsigned char *in, unsigned int inlen,
300 * This callback only returns the protocol string, rather than a length
301 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
302 * and remove the first byte to chop off the length prefix.
304 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
305 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
306 return SSL_TLSEXT_ERR_OK;
309 static int cb_server_npn(SSL *s, const unsigned char **data,
310 unsigned int *len, void *arg)
312 *data = (const unsigned char *)NEXT_PROTO_STRING;
313 *len = sizeof(NEXT_PROTO_STRING) - 1;
314 return SSL_TLSEXT_ERR_OK;
317 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
318 unsigned int *len, void *arg)
320 return SSL_TLSEXT_ERR_NOACK;
323 static int verify_npn(SSL *client, SSL *server)
325 const unsigned char *client_s;
327 const unsigned char *server_s;
330 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
331 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
334 BIO_printf(bio_stdout, "Client NPN: ");
335 BIO_write(bio_stdout, client_s, client_len);
336 BIO_printf(bio_stdout, "\n");
340 BIO_printf(bio_stdout, "Server NPN: ");
341 BIO_write(bio_stdout, server_s, server_len);
342 BIO_printf(bio_stdout, "\n");
346 * If an NPN string was returned, it must be the protocol that we
347 * expected to negotiate.
349 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
350 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
352 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
353 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
356 if (!npn_client && client_len)
358 if (!npn_server && server_len)
360 if (npn_server_reject && server_len)
362 if (npn_client && npn_server && (!client_len || !server_len))
369 static const char *alpn_client;
370 static char *alpn_server;
371 static char *alpn_server2;
372 static const char *alpn_expected;
373 static unsigned char *alpn_selected;
374 static const char *server_min_proto;
375 static const char *server_max_proto;
376 static const char *client_min_proto;
377 static const char *client_max_proto;
378 static const char *should_negotiate;
379 static const char *sn_client;
380 static const char *sn_server1;
381 static const char *sn_server2;
382 static int sn_expect = 0;
383 static const char *server_sess_out;
384 static const char *server_sess_in;
385 static const char *client_sess_out;
386 static const char *client_sess_in;
387 static SSL_SESSION *server_sess;
388 static SSL_SESSION *client_sess;
390 static int servername_cb(SSL *s, int *ad, void *arg)
392 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
393 if (sn_server2 == NULL) {
394 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
395 return SSL_TLSEXT_ERR_NOACK;
399 if (s_ctx2 != NULL && sn_server2 != NULL &&
400 !strcasecmp(servername, sn_server2)) {
401 BIO_printf(bio_stdout, "Switching server context.\n");
402 SSL_set_SSL_CTX(s, s_ctx2);
405 return SSL_TLSEXT_ERR_OK;
407 static int verify_servername(SSL *client, SSL *server)
409 /* just need to see if sn_context is what we expect */
410 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
413 if (sn_expect == 1 && ctx == s_ctx)
415 if (sn_expect == 2 && ctx == s_ctx2)
417 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
419 BIO_printf(bio_stdout, "Servername: context is 2\n");
420 else if (ctx == s_ctx)
421 BIO_printf(bio_stdout, "Servername: context is 1\n");
423 BIO_printf(bio_stdout, "Servername: context is unknown\n");
429 * next_protos_parse parses a comma separated list of strings into a string
430 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
431 * outlen: (output) set to the length of the resulting buffer on success.
432 * err: (maybe NULL) on failure, an error message line is written to this BIO.
433 * in: a NUL terminated string like "abc,def,ghi"
435 * returns: a malloced buffer or NULL on failure.
437 static unsigned char *next_protos_parse(size_t *outlen,
448 out = OPENSSL_malloc(strlen(in) + 1);
452 for (i = 0; i <= len; ++i) {
453 if (i == len || in[i] == ',') {
454 if (i - start > 255) {
458 out[start] = i - start;
468 static int cb_server_alpn(SSL *s, const unsigned char **out,
469 unsigned char *outlen, const unsigned char *in,
470 unsigned int inlen, void *arg)
472 unsigned char *protos;
474 char* alpn_str = arg;
476 protos = next_protos_parse(&protos_len, alpn_str);
477 if (protos == NULL) {
478 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
483 if (SSL_select_next_proto
484 ((unsigned char **)out, outlen, protos, protos_len, in,
485 inlen) != OPENSSL_NPN_NEGOTIATED) {
486 OPENSSL_free(protos);
487 return SSL_TLSEXT_ERR_NOACK;
491 * Make a copy of the selected protocol which will be freed in
494 alpn_selected = OPENSSL_malloc(*outlen);
495 memcpy(alpn_selected, *out, *outlen);
496 *out = alpn_selected;
498 OPENSSL_free(protos);
499 return SSL_TLSEXT_ERR_OK;
502 static int verify_alpn(SSL *client, SSL *server)
504 const unsigned char *client_proto, *server_proto;
505 unsigned int client_proto_len = 0, server_proto_len = 0;
506 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
507 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
509 OPENSSL_free(alpn_selected);
510 alpn_selected = NULL;
512 if (client_proto_len != server_proto_len) {
513 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
517 if (client_proto != NULL &&
518 memcmp(client_proto, server_proto, client_proto_len) != 0) {
519 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
523 if (client_proto_len > 0 && alpn_expected == NULL) {
524 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
528 if (alpn_expected != NULL &&
529 (client_proto_len != strlen(alpn_expected) ||
530 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
531 BIO_printf(bio_stdout,
532 "ALPN selected protocols not equal to expected protocol: %s\n",
540 BIO_printf(bio_stdout, "ALPN results: client: '");
541 BIO_write(bio_stdout, client_proto, client_proto_len);
542 BIO_printf(bio_stdout, "', server: '");
543 BIO_write(bio_stdout, server_proto, server_proto_len);
544 BIO_printf(bio_stdout, "'\n");
545 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
547 if (SSL_get_SSL_CTX(server) == s_ctx2) {
548 BIO_printf(bio_stdout, "%s'\n",
551 BIO_printf(bio_stdout, "%s'\n",
558 * WARNING : below extension types are *NOT* IETF assigned, and could
559 * conflict if these types are reassigned and handled specially by OpenSSL
562 #define TACK_EXT_TYPE 62208
563 #define CUSTOM_EXT_TYPE_0 1000
564 #define CUSTOM_EXT_TYPE_1 1001
565 #define CUSTOM_EXT_TYPE_2 1002
566 #define CUSTOM_EXT_TYPE_3 1003
568 static const char custom_ext_cli_string[] = "abc";
569 static const char custom_ext_srv_string[] = "defg";
571 /* These set from cmdline */
572 static char *serverinfo_file = NULL;
573 static int serverinfo_sct = 0;
574 static int serverinfo_tack = 0;
576 /* These set based on extension callbacks */
577 static int serverinfo_sct_seen = 0;
578 static int serverinfo_tack_seen = 0;
579 static int serverinfo_other_seen = 0;
581 /* This set from cmdline */
582 static int custom_ext = 0;
584 /* This set based on extension callbacks */
585 static int custom_ext_error = 0;
587 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
588 const unsigned char *in, size_t inlen,
591 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
592 serverinfo_sct_seen++;
593 else if (ext_type == TACK_EXT_TYPE)
594 serverinfo_tack_seen++;
596 serverinfo_other_seen++;
600 static int verify_serverinfo()
602 if (serverinfo_sct != serverinfo_sct_seen)
604 if (serverinfo_tack != serverinfo_tack_seen)
606 if (serverinfo_other_seen)
612 * Four test cases for custom extensions:
613 * 0 - no ClientHello extension or ServerHello response
614 * 1 - ClientHello with "abc", no response
615 * 2 - ClientHello with "abc", empty response
616 * 3 - ClientHello with "abc", "defg" response
619 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
620 const unsigned char **out,
621 size_t *outlen, int *al, void *arg)
623 if (ext_type != CUSTOM_EXT_TYPE_0)
624 custom_ext_error = 1;
625 return 0; /* Don't send an extension */
628 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
629 const unsigned char *in,
630 size_t inlen, int *al, void *arg)
635 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
636 const unsigned char **out,
637 size_t *outlen, int *al, void *arg)
639 if (ext_type != CUSTOM_EXT_TYPE_1)
640 custom_ext_error = 1;
641 *out = (const unsigned char *)custom_ext_cli_string;
642 *outlen = strlen(custom_ext_cli_string);
643 return 1; /* Send "abc" */
646 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
647 const unsigned char *in,
648 size_t inlen, int *al, void *arg)
653 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
654 const unsigned char **out,
655 size_t *outlen, int *al, void *arg)
657 if (ext_type != CUSTOM_EXT_TYPE_2)
658 custom_ext_error = 1;
659 *out = (const unsigned char *)custom_ext_cli_string;
660 *outlen = strlen(custom_ext_cli_string);
661 return 1; /* Send "abc" */
664 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
665 const unsigned char *in,
666 size_t inlen, int *al, void *arg)
668 if (ext_type != CUSTOM_EXT_TYPE_2)
669 custom_ext_error = 1;
671 custom_ext_error = 1; /* Should be empty response */
675 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
676 const unsigned char **out,
677 size_t *outlen, int *al, void *arg)
679 if (ext_type != CUSTOM_EXT_TYPE_3)
680 custom_ext_error = 1;
681 *out = (const unsigned char *)custom_ext_cli_string;
682 *outlen = strlen(custom_ext_cli_string);
683 return 1; /* Send "abc" */
686 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
687 const unsigned char *in,
688 size_t inlen, int *al, void *arg)
690 if (ext_type != CUSTOM_EXT_TYPE_3)
691 custom_ext_error = 1;
692 if (inlen != strlen(custom_ext_srv_string))
693 custom_ext_error = 1;
694 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
695 custom_ext_error = 1; /* Check for "defg" */
700 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
703 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
704 const unsigned char *in,
705 size_t inlen, int *al, void *arg)
707 custom_ext_error = 1;
711 /* 'add' callbacks are only called if the 'parse' callback is called */
712 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
713 const unsigned char **out,
714 size_t *outlen, int *al, void *arg)
716 /* Error: should not have been called */
717 custom_ext_error = 1;
718 return 0; /* Don't send an extension */
721 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
722 const unsigned char *in,
723 size_t inlen, int *al, void *arg)
725 if (ext_type != CUSTOM_EXT_TYPE_1)
726 custom_ext_error = 1;
727 /* Check for "abc" */
728 if (inlen != strlen(custom_ext_cli_string))
729 custom_ext_error = 1;
730 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
731 custom_ext_error = 1;
735 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
736 const unsigned char **out,
737 size_t *outlen, int *al, void *arg)
739 return 0; /* Don't send an extension */
742 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
743 const unsigned char *in,
744 size_t inlen, int *al, void *arg)
746 if (ext_type != CUSTOM_EXT_TYPE_2)
747 custom_ext_error = 1;
748 /* Check for "abc" */
749 if (inlen != strlen(custom_ext_cli_string))
750 custom_ext_error = 1;
751 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
752 custom_ext_error = 1;
756 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
757 const unsigned char **out,
758 size_t *outlen, int *al, void *arg)
762 return 1; /* Send empty extension */
765 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
766 const unsigned char *in,
767 size_t inlen, int *al, void *arg)
769 if (ext_type != CUSTOM_EXT_TYPE_3)
770 custom_ext_error = 1;
771 /* Check for "abc" */
772 if (inlen != strlen(custom_ext_cli_string))
773 custom_ext_error = 1;
774 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
775 custom_ext_error = 1;
779 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
780 const unsigned char **out,
781 size_t *outlen, int *al, void *arg)
783 *out = (const unsigned char *)custom_ext_srv_string;
784 *outlen = strlen(custom_ext_srv_string);
785 return 1; /* Send "defg" */
788 static char *cipher = NULL;
789 static int verbose = 0;
790 static int debug = 0;
791 static const char rnd_seed[] =
792 "string to make the random number generator think it has entropy";
794 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
795 long bytes, clock_t *s_time, clock_t *c_time);
796 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
798 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
800 static void sv_usage(void)
802 fprintf(stderr, "usage: ssltest [args ...]\n");
803 fprintf(stderr, "\n");
805 fprintf(stderr, "-F - run test in FIPS mode\n");
807 fprintf(stderr, " -server_auth - check server certificate\n");
808 fprintf(stderr, " -client_auth - do client authentication\n");
809 fprintf(stderr, " -v - more output\n");
810 fprintf(stderr, " -d - debug output\n");
811 fprintf(stderr, " -reuse - use session-id reuse\n");
812 fprintf(stderr, " -num <val> - number of connections to perform\n");
814 " -bytes <val> - number of bytes to swap between client/server\n");
815 #ifndef OPENSSL_NO_DH
817 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
819 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
821 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
822 fprintf(stderr, " -no_dhe - disable DHE\n");
824 #ifndef OPENSSL_NO_EC
825 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
827 #ifndef OPENSSL_NO_PSK
828 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
830 #ifndef OPENSSL_NO_SRP
831 fprintf(stderr, " -srpuser user - SRP username to use\n");
832 fprintf(stderr, " -srppass arg - password for 'user'\n");
834 #ifndef OPENSSL_NO_SSL3
835 fprintf(stderr, " -ssl3 - use SSLv3\n");
837 #ifndef OPENSSL_NO_TLS1
838 fprintf(stderr, " -tls1 - use TLSv1\n");
840 #ifndef OPENSSL_NO_DTLS
841 fprintf(stderr, " -dtls - use DTLS\n");
842 #ifndef OPENSSL_NO_DTLS1
843 fprintf(stderr, " -dtls1 - use DTLSv1\n");
845 #ifndef OPENSSL_NO_DTLS1_2
846 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
849 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
850 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
851 fprintf(stderr, " -cert arg - Server certificate file\n");
853 " -key arg - Server key file (default: same as -cert)\n");
854 fprintf(stderr, " -c_cert arg - Client certificate file\n");
856 " -c_key arg - Client key file (default: same as -c_cert)\n");
857 fprintf(stderr, " -cipher arg - The cipher list\n");
858 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
859 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
860 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
861 fprintf(stderr, " -f - Test even cases that can't work\n");
863 " -time - measure processor time used by client and server\n");
864 fprintf(stderr, " -zlib - use zlib compression\n");
865 #ifndef OPENSSL_NO_NEXTPROTONEG
866 fprintf(stderr, " -npn_client - have client side offer NPN\n");
867 fprintf(stderr, " -npn_server - have server side offer NPN\n");
868 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
870 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
871 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
873 " -serverinfo_tack - have client offer and expect TACK\n");
875 " -custom_ext - try various custom extension callbacks\n");
876 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
877 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
878 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
879 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
881 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
882 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
883 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
884 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
885 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
886 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
887 #ifndef OPENSSL_NO_CT
888 fprintf(stderr, " -noct - no certificate transparency\n");
889 fprintf(stderr, " -requestct - request certificate transparency\n");
890 fprintf(stderr, " -requirect - require certificate transparency\n");
892 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
893 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
894 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
895 fprintf(stderr, " -sn_expect1 - expected server 1\n");
896 fprintf(stderr, " -sn_expect2 - expected server 2\n");
897 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
898 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
899 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
900 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
901 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
902 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
905 static void print_key_details(BIO *out, EVP_PKEY *key)
907 int keyid = EVP_PKEY_id(key);
908 #ifndef OPENSSL_NO_EC
909 if (keyid == EVP_PKEY_EC) {
910 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
913 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
915 cname = EC_curve_nid2nist(nid);
917 cname = OBJ_nid2sn(nid);
918 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
934 algname = OBJ_nid2sn(keyid);
937 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
941 static void print_details(SSL *c_ssl, const char *prefix)
943 const SSL_CIPHER *ciph;
948 ciph = SSL_get_current_cipher(c_ssl);
949 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
951 SSL_get_version(c_ssl),
952 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
953 cert = SSL_get_peer_certificate(c_ssl);
955 pkey = X509_get_pubkey(cert);
957 BIO_puts(bio_stdout, ", ");
958 print_key_details(bio_stdout, pkey);
963 if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
964 BIO_puts(bio_stdout, ", temp key: ");
965 print_key_details(bio_stdout, pkey);
968 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
969 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
970 BIO_printf(bio_stdout, "\n");
974 * protocol_from_string - converts a protocol version string to a number
976 * Returns -1 on failure or the version on success
978 static int protocol_from_string(const char *value)
980 struct protocol_versions {
984 static const struct protocol_versions versions[] = {
985 {"ssl3", SSL3_VERSION},
986 {"tls1", TLS1_VERSION},
987 {"tls1.1", TLS1_1_VERSION},
988 {"tls1.2", TLS1_2_VERSION},
989 {"dtls1", DTLS1_VERSION},
990 {"dtls1.2", DTLS1_2_VERSION}};
992 size_t n = OSSL_NELEM(versions);
994 for (i = 0; i < n; i++)
995 if (strcmp(versions[i].name, value) == 0)
996 return versions[i].version;
1000 static SSL_SESSION *read_session(const char *filename)
1003 BIO *f = BIO_new_file(filename, "r");
1006 BIO_printf(bio_err, "Can't open session file %s\n", filename);
1007 ERR_print_errors(bio_err);
1010 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
1012 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
1013 ERR_print_errors(bio_err);
1019 static int write_session(const char *filename, SSL_SESSION *sess)
1021 BIO *f = BIO_new_file(filename, "w");
1024 BIO_printf(bio_err, "No session information\n");
1028 BIO_printf(bio_err, "Can't open session file %s\n", filename);
1029 ERR_print_errors(bio_err);
1032 PEM_write_bio_SSL_SESSION(f, sess);
1038 * set_protocol_version - Sets protocol version minimum or maximum
1040 * Returns 0 on failure and 1 on success
1042 static int set_protocol_version(const char *version, SSL *ssl, int setting)
1044 if (version != NULL) {
1045 int ver = protocol_from_string(version);
1047 BIO_printf(bio_err, "Error parsing: %s\n", version);
1050 return SSL_ctrl(ssl, setting, ver, NULL);
1055 int main(int argc, char *argv[])
1057 char *CApath = NULL, *CAfile = NULL;
1059 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
1061 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, ssl3 = 0, ret = 1;
1062 int client_auth = 0;
1063 int server_auth = 0, i;
1064 struct app_verify_arg app_verify_arg =
1065 { APP_CALLBACK_STRING, 0 };
1067 SSL_CTX *c_ctx = NULL;
1068 const SSL_METHOD *meth = NULL;
1070 int number = 1, reuse = 0;
1071 int should_reuse = -1;
1074 #ifndef OPENSSL_NO_DH
1076 int dhe512 = 0, dhe1024dsa = 0;
1078 #ifndef OPENSSL_NO_SRP
1080 SRP_CLIENT_ARG srp_client_arg = { NULL, NULL };
1082 SRP_SERVER_ARG srp_server_arg = { NULL, NULL };
1087 clock_t s_time = 0, c_time = 0;
1088 #ifndef OPENSSL_NO_COMP
1090 COMP_METHOD *cm = NULL;
1091 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
1097 int min_version = 0, max_version = 0;
1098 #ifndef OPENSSL_NO_CT
1100 * Disable CT validation by default, because it will interfere with
1101 * anything using custom extension handlers to deal with SCT extensions.
1103 int ct_validation = 0;
1105 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
1106 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
1107 char *arg = NULL, *argn = NULL;
1113 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
1115 p = getenv("OPENSSL_DEBUG_MEMORY");
1116 if (p != NULL && strcmp(p, "on") == 0)
1117 CRYPTO_set_mem_debug(1);
1118 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
1120 RAND_seed(rnd_seed, sizeof rnd_seed);
1122 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
1124 s_cctx = SSL_CONF_CTX_new();
1125 s_cctx2 = SSL_CONF_CTX_new();
1126 c_cctx = SSL_CONF_CTX_new();
1128 if (!s_cctx || !c_cctx || !s_cctx2) {
1129 ERR_print_errors(bio_err);
1133 SSL_CONF_CTX_set_flags(s_cctx,
1134 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1135 SSL_CONF_FLAG_CERTIFICATE |
1136 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1137 SSL_CONF_CTX_set_flags(s_cctx2,
1138 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
1139 SSL_CONF_FLAG_CERTIFICATE |
1140 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1141 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
1142 ERR_print_errors(bio_err);
1145 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
1146 ERR_print_errors(bio_err);
1150 SSL_CONF_CTX_set_flags(c_cctx,
1151 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
1152 SSL_CONF_FLAG_CERTIFICATE |
1153 SSL_CONF_FLAG_REQUIRE_PRIVATE);
1154 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
1155 ERR_print_errors(bio_err);
1163 if (strcmp(*argv, "-F") == 0) {
1168 "not compiled with FIPS support, so exiting without running.\n");
1171 } else if (strcmp(*argv, "-server_auth") == 0)
1173 else if (strcmp(*argv, "-client_auth") == 0)
1175 else if (strcmp(*argv, "-v") == 0)
1177 else if (strcmp(*argv, "-d") == 0)
1179 else if (strcmp(*argv, "-reuse") == 0)
1181 else if (strcmp(*argv, "-dhe512") == 0) {
1182 #ifndef OPENSSL_NO_DH
1186 "ignoring -dhe512, since I'm compiled without DH\n");
1188 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1189 #ifndef OPENSSL_NO_DH
1193 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1195 } else if (strcmp(*argv, "-no_dhe") == 0)
1197 else if (strcmp(*argv, "-no_ecdhe") == 0)
1199 else if (strcmp(*argv, "-psk") == 0) {
1202 psk_key = *(++argv);
1203 #ifndef OPENSSL_NO_PSK
1204 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1205 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1212 #ifndef OPENSSL_NO_SRP
1213 else if (strcmp(*argv, "-srpuser") == 0) {
1216 srp_server_arg.expected_user = srp_client_arg.srplogin =
1218 min_version = TLS1_VERSION;
1219 } else if (strcmp(*argv, "-srppass") == 0) {
1222 srp_server_arg.pass = srp_client_arg.srppassin = *(++argv);
1223 min_version = TLS1_VERSION;
1226 else if (strcmp(*argv, "-tls1") == 0) {
1228 } else if (strcmp(*argv, "-ssl3") == 0) {
1230 } else if (strcmp(*argv, "-dtls1") == 0) {
1232 } else if (strcmp(*argv, "-dtls12") == 0) {
1234 } else if (strcmp(*argv, "-dtls") == 0) {
1236 } else if (strncmp(*argv, "-num", 4) == 0) {
1239 number = atoi(*(++argv));
1242 } else if (strcmp(*argv, "-bytes") == 0) {
1245 bytes = atol(*(++argv));
1248 i = strlen(argv[0]);
1249 if (argv[0][i - 1] == 'k')
1251 if (argv[0][i - 1] == 'm')
1252 bytes *= 1024L * 1024L;
1253 } else if (strcmp(*argv, "-cipher") == 0) {
1257 } else if (strcmp(*argv, "-CApath") == 0) {
1261 } else if (strcmp(*argv, "-CAfile") == 0) {
1265 } else if (strcmp(*argv, "-bio_pair") == 0) {
1266 bio_type = BIO_PAIR;
1268 #ifndef OPENSSL_NO_SOCK
1269 else if (strcmp(*argv, "-ipv4") == 0) {
1270 bio_type = BIO_IPV4;
1271 } else if (strcmp(*argv, "-ipv6") == 0) {
1272 bio_type = BIO_IPV6;
1275 else if (strcmp(*argv, "-f") == 0) {
1277 } else if (strcmp(*argv, "-time") == 0) {
1280 #ifndef OPENSSL_NO_CT
1281 else if (strcmp(*argv, "-noct") == 0) {
1284 else if (strcmp(*argv, "-ct") == 0) {
1288 #ifndef OPENSSL_NO_COMP
1289 else if (strcmp(*argv, "-zlib") == 0) {
1293 else if (strcmp(*argv, "-app_verify") == 0) {
1294 app_verify_arg.app_verify = 1;
1296 #ifndef OPENSSL_NO_NEXTPROTONEG
1297 else if (strcmp(*argv, "-npn_client") == 0) {
1299 } else if (strcmp(*argv, "-npn_server") == 0) {
1301 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1302 npn_server_reject = 1;
1305 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1307 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1308 serverinfo_tack = 1;
1309 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1312 serverinfo_file = *(++argv);
1313 } else if (strcmp(*argv, "-custom_ext") == 0) {
1315 } else if (strcmp(*argv, "-alpn_client") == 0) {
1318 alpn_client = *(++argv);
1319 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1320 strcmp(*argv, "-alpn_server1") == 0) {
1323 alpn_server = *(++argv);
1324 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1327 alpn_server2 = *(++argv);
1328 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1331 alpn_expected = *(++argv);
1332 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1335 server_min_proto = *(++argv);
1336 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1339 server_max_proto = *(++argv);
1340 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1343 client_min_proto = *(++argv);
1344 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1347 client_max_proto = *(++argv);
1348 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1351 should_negotiate = *(++argv);
1352 } else if (strcmp(*argv, "-sn_client") == 0) {
1355 sn_client = *(++argv);
1356 } else if (strcmp(*argv, "-sn_server1") == 0) {
1359 sn_server1 = *(++argv);
1360 } else if (strcmp(*argv, "-sn_server2") == 0) {
1363 sn_server2 = *(++argv);
1364 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1366 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1368 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1371 server_sess_out = *(++argv);
1372 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1375 server_sess_in = *(++argv);
1376 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1379 client_sess_out = *(++argv);
1380 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1383 client_sess_in = *(++argv);
1384 } else if (strcmp(*argv, "-should_reuse") == 0) {
1387 should_reuse = !!atoi(*(++argv));
1388 } else if (strcmp(*argv, "-no_ticket") == 0) {
1394 /* Try to process command using SSL_CONF */
1395 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1396 /* If not processed try server */
1398 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1399 /* Recognised: store it for later use */
1404 conf_args = sk_OPENSSL_STRING_new_null();
1408 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1410 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1415 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1417 BIO_printf(bio_err, "Error with command %s\n", arg);
1419 BIO_printf(bio_err, "unknown option %s\n", arg);
1432 if (ssl3 + tls1 + dtls + dtls1 + dtls12 > 1) {
1433 fprintf(stderr, "At most one of -ssl3, -tls1, -dtls, -dtls1 or -dtls12 should "
1438 #ifdef OPENSSL_NO_SSL3
1443 #ifdef OPENSSL_NO_TLS1
1448 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1453 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1461 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1462 * Ideally, we would error out, but the generic test wrapper can't know
1463 * when to expect failure. So we do nothing and return success.
1466 fprintf(stderr, "Testing was requested for a disabled protocol. "
1467 "Skipping tests.\n");
1472 if (!ssl3 && !tls1 && !dtls && !dtls1 && !dtls12 && number > 1 && !reuse && !force) {
1473 fprintf(stderr, "This case cannot work. Use -f to perform "
1474 "the test anyway (and\n-d to see what happens), "
1475 "or add one of -ssl3, -tls1, -dtls, -dtls1, -dtls12, -reuse\n"
1476 "to avoid protocol mismatch.\n");
1481 if (!FIPS_mode_set(1)) {
1482 ERR_print_errors(bio_err);
1485 fprintf(stderr, "*** IN FIPS MODE ***\n");
1490 if (bio_type != BIO_PAIR) {
1491 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1492 bio_type = BIO_PAIR;
1494 if (number < 50 && !force)
1496 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1499 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
1501 #ifndef OPENSSL_NO_COMP
1502 if (comp == COMP_ZLIB)
1505 if (COMP_get_type(cm) != NID_undef) {
1506 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1507 fprintf(stderr, "Failed to add compression method\n");
1508 ERR_print_errors_fp(stderr);
1512 "Warning: %s compression not supported\n",
1513 comp == COMP_ZLIB ? "zlib" : "unknown");
1514 ERR_print_errors_fp(stderr);
1517 ssl_comp_methods = SSL_COMP_get_compression_methods();
1518 n = sk_SSL_COMP_num(ssl_comp_methods);
1521 printf("Available compression methods:");
1522 for (j = 0; j < n; j++) {
1523 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1524 printf(" %s:%d", c->name, c->id);
1530 #ifndef OPENSSL_NO_TLS
1531 meth = TLS_method();
1533 min_version = SSL3_VERSION;
1534 max_version = SSL3_VERSION;
1536 min_version = TLS1_VERSION;
1537 max_version = TLS1_VERSION;
1540 #ifndef OPENSSL_NO_DTLS
1541 if (dtls || dtls1 || dtls12)
1542 meth = DTLS_method();
1544 min_version = DTLS1_VERSION;
1545 max_version = DTLS1_VERSION;
1546 } else if (dtls12) {
1547 min_version = DTLS1_2_VERSION;
1548 max_version = DTLS1_2_VERSION;
1552 c_ctx = SSL_CTX_new(meth);
1553 s_ctx = SSL_CTX_new(meth);
1554 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1555 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1556 ERR_print_errors(bio_err);
1560 * Since we will use low security ciphersuites and keys for testing set
1561 * security level to zero by default. Tests can override this by adding
1562 * "@SECLEVEL=n" to the cipher string.
1564 SSL_CTX_set_security_level(c_ctx, 0);
1565 SSL_CTX_set_security_level(s_ctx, 0);
1566 SSL_CTX_set_security_level(s_ctx2, 0);
1569 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1570 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1573 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1575 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1577 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1579 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1582 if (cipher != NULL) {
1583 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1584 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1585 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1586 ERR_print_errors(bio_err);
1591 #ifndef OPENSSL_NO_CT
1592 if (ct_validation &&
1593 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1594 ERR_print_errors(bio_err);
1599 /* Process SSL_CONF arguments */
1600 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1601 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1602 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1604 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1606 arg = sk_OPENSSL_STRING_value(conf_args, i);
1607 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1608 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1609 /* If not recognised use server context */
1611 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1613 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1616 BIO_printf(bio_err, "Error processing %s %s\n",
1617 arg, argn ? argn : "");
1618 ERR_print_errors(bio_err);
1623 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1624 BIO_puts(bio_err, "Error finishing context\n");
1625 ERR_print_errors(bio_err);
1628 #ifndef OPENSSL_NO_DH
1631 dh = get_dh1024dsa();
1636 SSL_CTX_set_tmp_dh(s_ctx, dh);
1637 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1644 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1645 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1646 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1647 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1648 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1649 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1650 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
1651 ERR_print_errors(bio_err);
1655 #ifndef OPENSSL_NO_CT
1656 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1657 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1658 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1659 ERR_print_errors(bio_err);
1664 printf("client authentication\n");
1665 SSL_CTX_set_verify(s_ctx,
1666 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1668 SSL_CTX_set_verify(s_ctx2,
1669 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1671 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1673 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1677 printf("server authentication\n");
1678 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1679 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1684 int session_id_context = 0;
1685 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1686 sizeof session_id_context) ||
1687 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1688 sizeof session_id_context)) {
1689 ERR_print_errors(bio_err);
1694 /* Use PSK only if PSK key is given */
1695 if (psk_key != NULL) {
1697 * no_psk is used to avoid putting psk command to openssl tool
1701 * if PSK is not compiled in and psk key is given, do nothing and
1707 #ifndef OPENSSL_NO_PSK
1708 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1709 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1710 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1712 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1713 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1714 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1715 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1716 ERR_print_errors(bio_err);
1721 #ifndef OPENSSL_NO_SRP
1722 if (srp_client_arg.srplogin) {
1723 if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin)) {
1724 BIO_printf(bio_err, "Unable to set SRP username\n");
1727 SSL_CTX_set_srp_cb_arg(c_ctx, &srp_client_arg);
1728 SSL_CTX_set_srp_client_pwd_callback(c_ctx,
1729 ssl_give_srp_client_pwd_cb);
1731 * SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);
1735 if (srp_server_arg.expected_user != NULL) {
1736 SSL_CTX_set_verify(s_ctx, SSL_VERIFY_NONE, verify_callback);
1737 SSL_CTX_set_verify(s_ctx2, SSL_VERIFY_NONE, verify_callback);
1738 SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
1739 SSL_CTX_set_srp_cb_arg(s_ctx2, &srp_server_arg);
1740 SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
1741 SSL_CTX_set_srp_username_callback(s_ctx2, ssl_srp_server_param_cb);
1745 #ifndef OPENSSL_NO_NEXTPROTONEG
1747 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1750 if (npn_server_reject) {
1752 "Can't have both -npn_server and -npn_server_reject\n");
1755 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_npn, NULL);
1756 SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_npn, NULL);
1758 if (npn_server_reject) {
1759 SSL_CTX_set_next_protos_advertised_cb(s_ctx, cb_server_rejects_npn,
1761 SSL_CTX_set_next_protos_advertised_cb(s_ctx2, cb_server_rejects_npn,
1766 if (serverinfo_sct) {
1767 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1768 TLSEXT_TYPE_signed_certificate_timestamp,
1770 serverinfo_cli_parse_cb, NULL)) {
1771 BIO_printf(bio_err, "Error adding SCT extension\n");
1775 if (serverinfo_tack) {
1776 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1778 serverinfo_cli_parse_cb, NULL)) {
1779 BIO_printf(bio_err, "Error adding TACK extension\n");
1783 if (serverinfo_file)
1784 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1785 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1786 BIO_printf(bio_err, "missing serverinfo file\n");
1791 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1792 custom_ext_0_cli_add_cb,
1794 custom_ext_0_cli_parse_cb, NULL)
1795 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1796 custom_ext_1_cli_add_cb,
1798 custom_ext_1_cli_parse_cb, NULL)
1799 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1800 custom_ext_2_cli_add_cb,
1802 custom_ext_2_cli_parse_cb, NULL)
1803 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1804 custom_ext_3_cli_add_cb,
1806 custom_ext_3_cli_parse_cb, NULL)
1807 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1808 custom_ext_0_srv_add_cb,
1810 custom_ext_0_srv_parse_cb, NULL)
1811 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1812 custom_ext_0_srv_add_cb,
1814 custom_ext_0_srv_parse_cb, NULL)
1815 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1816 custom_ext_1_srv_add_cb,
1818 custom_ext_1_srv_parse_cb, NULL)
1819 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1820 custom_ext_1_srv_add_cb,
1822 custom_ext_1_srv_parse_cb, NULL)
1823 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1824 custom_ext_2_srv_add_cb,
1826 custom_ext_2_srv_parse_cb, NULL)
1827 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1828 custom_ext_2_srv_add_cb,
1830 custom_ext_2_srv_parse_cb, NULL)
1831 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1832 custom_ext_3_srv_add_cb,
1834 custom_ext_3_srv_parse_cb, NULL)
1835 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1836 custom_ext_3_srv_add_cb,
1838 custom_ext_3_srv_parse_cb, NULL)) {
1839 BIO_printf(bio_err, "Error setting custom extensions\n");
1845 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1847 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1851 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1854 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1857 /* Returns 0 on success!! */
1858 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1859 BIO_printf(bio_err, "Error setting ALPN\n");
1866 if (server_sess_in != NULL) {
1867 server_sess = read_session(server_sess_in);
1868 if (server_sess == NULL)
1871 if (client_sess_in != NULL) {
1872 client_sess = read_session(client_sess_in);
1873 if (client_sess == NULL)
1877 if (server_sess_out != NULL || server_sess_in != NULL) {
1881 /* Use a fixed key so that we can decrypt the ticket. */
1882 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1883 keys = OPENSSL_zalloc(size);
1884 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1888 if (sn_server1 != NULL || sn_server2 != NULL)
1889 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1891 c_ssl = SSL_new(c_ctx);
1892 s_ssl = SSL_new(s_ctx);
1895 SSL_set_tlsext_host_name(c_ssl, sn_client);
1897 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1899 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1901 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1903 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1907 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1908 BIO_printf(bio_err, "Can't add server session\n");
1909 ERR_print_errors(bio_err);
1914 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1915 for (i = 0; i < number; i++) {
1917 if (!SSL_set_session(c_ssl, NULL)) {
1918 BIO_printf(bio_err, "Failed to set session\n");
1922 if (client_sess_in != NULL) {
1923 if (SSL_set_session(c_ssl, client_sess) == 0) {
1924 BIO_printf(bio_err, "Can't set client session\n");
1925 ERR_print_errors(bio_err);
1931 ret = doit(s_ssl, c_ssl, bytes);
1934 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1936 #ifndef OPENSSL_NO_SOCK
1938 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1939 bytes, &s_time, &c_time);
1942 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1943 bytes, &s_time, &c_time);
1955 if (should_negotiate && ret == 0 &&
1956 strcmp(should_negotiate, "fail-server") != 0 &&
1957 strcmp(should_negotiate, "fail-client") != 0) {
1958 int version = protocol_from_string(should_negotiate);
1960 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1964 if (SSL_version(c_ssl) != version) {
1965 BIO_printf(bio_err, "Unxpected version negotiated. "
1966 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1972 if (should_reuse != -1) {
1973 if (SSL_session_reused(s_ssl) != should_reuse ||
1974 SSL_session_reused(c_ssl) != should_reuse) {
1975 BIO_printf(bio_err, "Unexpected session reuse state. "
1976 "Expected: %d, server: %d, client: %d\n", should_reuse,
1977 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1983 if (server_sess_out != NULL) {
1984 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1989 if (client_sess_out != NULL) {
1990 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1997 print_details(c_ssl, "");
2000 #ifdef CLOCKS_PER_SEC
2002 * "To determine the time in seconds, the value returned by the clock
2003 * function should be divided by the value of the macro
2004 * CLOCKS_PER_SEC." -- ISO/IEC 9899
2006 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
2007 "Approximate total client time: %6.2f s\n",
2008 (double)s_time / CLOCKS_PER_SEC,
2009 (double)c_time / CLOCKS_PER_SEC);
2011 BIO_printf(bio_stdout,
2012 "Approximate total server time: %6.2f units\n"
2013 "Approximate total client time: %6.2f units\n",
2014 (double)s_time, (double)c_time);
2023 SSL_CTX_free(s_ctx);
2024 SSL_CTX_free(s_ctx2);
2025 SSL_CTX_free(c_ctx);
2026 SSL_CONF_CTX_free(s_cctx);
2027 SSL_CONF_CTX_free(s_cctx2);
2028 SSL_CONF_CTX_free(c_cctx);
2029 sk_OPENSSL_STRING_free(conf_args);
2031 BIO_free(bio_stdout);
2033 SSL_SESSION_free(server_sess);
2034 SSL_SESSION_free(client_sess);
2036 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
2037 if (CRYPTO_mem_leaks(bio_err) <= 0)
2044 #ifndef OPENSSL_NO_SOCK
2045 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
2046 clock_t *s_time, clock_t *c_time)
2048 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2049 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2050 BIO *acpt = NULL, *server = NULL, *client = NULL;
2053 int err_in_client = 0;
2054 int err_in_server = 0;
2056 acpt = BIO_new_accept("0");
2059 BIO_set_accept_ip_family(acpt, family);
2060 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
2061 if (BIO_do_accept(acpt) <= 0)
2064 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
2066 client = BIO_new_connect(addr_str);
2067 BIO_set_conn_ip_family(client, family);
2071 if (BIO_set_nbio(client, 1) <= 0)
2073 if (BIO_set_nbio(acpt, 1) <= 0)
2077 int st_connect = 0, st_accept = 0;
2079 while(!st_connect || !st_accept) {
2081 if (BIO_do_connect(client) <= 0) {
2082 if (!BIO_should_retry(client))
2089 if (BIO_do_accept(acpt) <= 0) {
2090 if (!BIO_should_retry(acpt))
2098 /* We're not interested in accepting further connects */
2099 server = BIO_pop(acpt);
2103 s_ssl_bio = BIO_new(BIO_f_ssl());
2107 c_ssl_bio = BIO_new(BIO_f_ssl());
2111 SSL_set_connect_state(c_ssl);
2112 SSL_set_bio(c_ssl, client, client);
2113 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2115 SSL_set_accept_state(s_ssl);
2116 SSL_set_bio(s_ssl, server, server);
2117 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2121 * c_ssl_bio: SSL filter BIO
2123 * client: I/O for SSL library
2126 * server: I/O for SSL library
2128 * s_ssl_bio: SSL filter BIO
2132 * We have non-blocking behaviour throughout this test program, but
2133 * can be sure that there is *some* progress in each iteration; so we
2134 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2135 * we just try everything in each iteration
2141 char cbuf[1024 * 8];
2143 clock_t c_clock = clock();
2145 memset(cbuf, 0, sizeof(cbuf));
2148 if (SSL_in_init(c_ssl))
2149 printf("client waiting in SSL_connect - %s\n",
2150 SSL_state_string_long(c_ssl));
2153 /* Write to server. */
2155 if (cw_num > (long)sizeof cbuf)
2159 r = BIO_write(c_ssl_bio, cbuf, i);
2161 if (!BIO_should_retry(c_ssl_bio)) {
2162 fprintf(stderr, "ERROR in CLIENT\n");
2167 * BIO_should_retry(...) can just be ignored here. The
2168 * library expects us to call BIO_write with the same
2169 * arguments again, and that's what we will do in the
2172 } else if (r == 0) {
2173 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2177 printf("client wrote %d\n", r);
2183 /* Read from server. */
2185 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2187 if (!BIO_should_retry(c_ssl_bio)) {
2188 fprintf(stderr, "ERROR in CLIENT\n");
2193 * Again, "BIO_should_retry" can be ignored.
2195 } else if (r == 0) {
2196 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2200 printf("client read %d\n", r);
2206 * c_time and s_time increments will typically be very small
2207 * (depending on machine speed and clock tick intervals), but
2208 * sampling over a large number of connections should result in
2209 * fairly accurate figures. We cannot guarantee a lot, however
2210 * -- if each connection lasts for exactly one clock tick, it
2211 * will be counted only for the client or only for the server or
2214 *c_time += (clock() - c_clock);
2220 char sbuf[1024 * 8];
2222 clock_t s_clock = clock();
2224 memset(sbuf, 0, sizeof(sbuf));
2227 if (SSL_in_init(s_ssl))
2228 printf("server waiting in SSL_accept - %s\n",
2229 SSL_state_string_long(s_ssl));
2232 /* Write to client. */
2234 if (sw_num > (long)sizeof sbuf)
2238 r = BIO_write(s_ssl_bio, sbuf, i);
2240 if (!BIO_should_retry(s_ssl_bio)) {
2241 fprintf(stderr, "ERROR in SERVER\n");
2245 /* Ignore "BIO_should_retry". */
2246 } else if (r == 0) {
2247 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2251 printf("server wrote %d\n", r);
2257 /* Read from client. */
2259 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2261 if (!BIO_should_retry(s_ssl_bio)) {
2262 fprintf(stderr, "ERROR in SERVER\n");
2267 } else if (r == 0) {
2268 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2272 printf("server read %d\n", r);
2277 *s_time += (clock() - s_clock);
2280 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2283 print_details(c_ssl, "DONE via TCP connect: ");
2284 # ifndef OPENSSL_NO_NEXTPROTONEG
2285 if (verify_npn(c_ssl, s_ssl) < 0) {
2290 if (verify_serverinfo() < 0) {
2291 fprintf(stderr, "Server info verify error\n");
2295 if (verify_alpn(c_ssl, s_ssl) < 0) {
2299 if (verify_servername(c_ssl, s_ssl) < 0) {
2304 if (custom_ext_error) {
2305 fprintf(stderr, "Custom extension error\n");
2310 # ifndef OPENSSL_NO_NEXTPROTONEG
2316 ERR_print_errors(bio_err);
2321 BIO_free(s_ssl_bio);
2322 BIO_free(c_ssl_bio);
2324 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2325 ret = (err_in_client != 0) ? 0 : 1;
2326 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2327 ret = (err_in_server != 0) ? 0 : 1;
2333 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2334 clock_t *s_time, clock_t *c_time)
2336 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2337 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2338 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2340 int err_in_client = 0;
2341 int err_in_server = 0;
2343 size_t bufsiz = 256; /* small buffer for testing */
2345 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2347 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2350 s_ssl_bio = BIO_new(BIO_f_ssl());
2354 c_ssl_bio = BIO_new(BIO_f_ssl());
2358 SSL_set_connect_state(c_ssl);
2359 SSL_set_bio(c_ssl, client, client);
2360 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2362 SSL_set_accept_state(s_ssl);
2363 SSL_set_bio(s_ssl, server, server);
2364 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2368 * c_ssl_bio: SSL filter BIO
2370 * client: pseudo-I/O for SSL library
2372 * client_io: client's SSL communication; usually to be
2373 * relayed over some I/O facility, but in this
2374 * test program, we're the server, too:
2376 * server_io: server's SSL communication
2378 * server: pseudo-I/O for SSL library
2380 * s_ssl_bio: SSL filter BIO
2382 * The client and the server each employ a "BIO pair":
2383 * client + client_io, server + server_io.
2384 * BIO pairs are symmetric. A BIO pair behaves similar
2385 * to a non-blocking socketpair (but both endpoints must
2386 * be handled by the same thread).
2387 * [Here we could connect client and server to the ends
2388 * of a single BIO pair, but then this code would be less
2389 * suitable as an example for BIO pairs in general.]
2391 * Useful functions for querying the state of BIO pair endpoints:
2393 * BIO_ctrl_pending(bio) number of bytes we can read now
2394 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
2395 * other side's read attempt
2396 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2398 * ..._read_request is never more than ..._write_guarantee;
2399 * it depends on the application which one you should use.
2403 * We have non-blocking behaviour throughout this test program, but
2404 * can be sure that there is *some* progress in each iteration; so we
2405 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2406 * we just try everything in each iteration
2412 char cbuf[1024 * 8];
2414 clock_t c_clock = clock();
2416 memset(cbuf, 0, sizeof(cbuf));
2419 if (SSL_in_init(c_ssl))
2420 printf("client waiting in SSL_connect - %s\n",
2421 SSL_state_string_long(c_ssl));
2424 /* Write to server. */
2426 if (cw_num > (long)sizeof cbuf)
2430 r = BIO_write(c_ssl_bio, cbuf, i);
2432 if (!BIO_should_retry(c_ssl_bio)) {
2433 fprintf(stderr, "ERROR in CLIENT\n");
2438 * BIO_should_retry(...) can just be ignored here. The
2439 * library expects us to call BIO_write with the same
2440 * arguments again, and that's what we will do in the
2443 } else if (r == 0) {
2444 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2448 printf("client wrote %d\n", r);
2454 /* Read from server. */
2456 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2458 if (!BIO_should_retry(c_ssl_bio)) {
2459 fprintf(stderr, "ERROR in CLIENT\n");
2464 * Again, "BIO_should_retry" can be ignored.
2466 } else if (r == 0) {
2467 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2471 printf("client read %d\n", r);
2477 * c_time and s_time increments will typically be very small
2478 * (depending on machine speed and clock tick intervals), but
2479 * sampling over a large number of connections should result in
2480 * fairly accurate figures. We cannot guarantee a lot, however
2481 * -- if each connection lasts for exactly one clock tick, it
2482 * will be counted only for the client or only for the server or
2485 *c_time += (clock() - c_clock);
2491 char sbuf[1024 * 8];
2493 clock_t s_clock = clock();
2495 memset(sbuf, 0, sizeof(sbuf));
2498 if (SSL_in_init(s_ssl))
2499 printf("server waiting in SSL_accept - %s\n",
2500 SSL_state_string_long(s_ssl));
2503 /* Write to client. */
2505 if (sw_num > (long)sizeof sbuf)
2509 r = BIO_write(s_ssl_bio, sbuf, i);
2511 if (!BIO_should_retry(s_ssl_bio)) {
2512 fprintf(stderr, "ERROR in SERVER\n");
2516 /* Ignore "BIO_should_retry". */
2517 } else if (r == 0) {
2518 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2522 printf("server wrote %d\n", r);
2528 /* Read from client. */
2530 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2532 if (!BIO_should_retry(s_ssl_bio)) {
2533 fprintf(stderr, "ERROR in SERVER\n");
2538 } else if (r == 0) {
2539 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2543 printf("server read %d\n", r);
2548 *s_time += (clock() - s_clock);
2552 /* "I/O" BETWEEN CLIENT AND SERVER. */
2555 BIO *io1 = server_io, *io2 = client_io;
2557 * we use the non-copying interface for io1 and the standard
2558 * BIO_write/BIO_read interface for io2
2561 static int prev_progress = 1;
2569 r1 = BIO_ctrl_pending(io1);
2570 r2 = BIO_ctrl_get_write_guarantee(io2);
2578 if (INT_MAX < num) /* yeah, right */
2581 r = BIO_nread(io1, &dataptr, (int)num);
2583 assert(r <= (int)num);
2585 * possibly r < num (non-contiguous data)
2588 r = BIO_write(io2, dataptr, (int)num);
2589 if (r != (int)num) { /* can't happen */
2590 fprintf(stderr, "ERROR: BIO_write could not write "
2591 "BIO_ctrl_get_write_guarantee() bytes");
2597 printf((io1 == client_io) ?
2598 "C->S relaying: %d bytes\n" :
2599 "S->C relaying: %d bytes\n", (int)num);
2609 r1 = BIO_ctrl_pending(io2);
2610 r2 = BIO_ctrl_get_read_request(io1);
2612 * here we could use ..._get_write_guarantee instead of
2613 * ..._get_read_request, but by using the latter we test
2614 * restartability of the SSL implementation more thoroughly
2626 --num; /* test restartability even more thoroughly */
2628 r = BIO_nwrite0(io1, &dataptr);
2632 r = BIO_read(io2, dataptr, (int)num);
2633 if (r != (int)num) { /* can't happen */
2634 fprintf(stderr, "ERROR: BIO_read could not read "
2635 "BIO_ctrl_pending() bytes");
2639 r = BIO_nwrite(io1, &dataptr, (int)num);
2640 if (r != (int)num) { /* can't happen */
2641 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2642 "BIO_nwrite0() bytes");
2647 printf((io2 == client_io) ?
2648 "C->S relaying: %d bytes\n" :
2649 "S->C relaying: %d bytes\n", (int)num);
2651 } /* no loop, BIO_ctrl_get_read_request now
2652 * returns 0 anyway */
2654 if (!progress && !prev_progress)
2655 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2656 fprintf(stderr, "ERROR: got stuck\n");
2657 fprintf(stderr, " ERROR.\n");
2660 prev_progress = progress;
2663 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2666 print_details(c_ssl, "DONE via BIO pair: ");
2667 #ifndef OPENSSL_NO_NEXTPROTONEG
2668 if (verify_npn(c_ssl, s_ssl) < 0) {
2673 if (verify_serverinfo() < 0) {
2674 fprintf(stderr, "Server info verify error\n");
2678 if (verify_alpn(c_ssl, s_ssl) < 0) {
2682 if (verify_servername(c_ssl, s_ssl) < 0) {
2687 if (custom_ext_error) {
2688 fprintf(stderr, "Custom extension error\n");
2693 #ifndef OPENSSL_NO_NEXTPROTONEG
2699 ERR_print_errors(bio_err);
2702 BIO_free(server_io);
2704 BIO_free(client_io);
2705 BIO_free(s_ssl_bio);
2706 BIO_free(c_ssl_bio);
2708 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2709 ret = (err_in_client != 0) ? 0 : 1;
2710 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2711 ret = (err_in_server != 0) ? 0 : 1;
2721 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2723 char *cbuf = NULL, *sbuf = NULL;
2725 long cw_num = count, cr_num = count;
2726 long sw_num = count, sr_num = count;
2732 int c_r, c_w, s_r, s_w;
2735 int c_write, s_write;
2736 int do_server = 0, do_client = 0;
2737 int max_frag = 5 * 1024;
2738 int err_in_client = 0;
2739 int err_in_server = 0;
2741 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2743 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2745 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2748 c_to_s = BIO_new(BIO_s_mem());
2749 s_to_c = BIO_new(BIO_s_mem());
2750 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2751 ERR_print_errors(bio_err);
2755 c_bio = BIO_new(BIO_f_ssl());
2756 s_bio = BIO_new(BIO_f_ssl());
2757 if ((c_bio == NULL) || (s_bio == NULL)) {
2758 ERR_print_errors(bio_err);
2762 SSL_set_connect_state(c_ssl);
2763 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2764 SSL_set_max_send_fragment(c_ssl, max_frag);
2765 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2767 SSL_set_accept_state(s_ssl);
2768 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2769 SSL_set_max_send_fragment(s_ssl, max_frag);
2770 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2776 c_write = 1, s_write = 0;
2778 /* We can always do writes */
2783 i = (int)BIO_pending(s_bio);
2784 if ((i && s_r) || s_w)
2787 i = (int)BIO_pending(c_bio);
2788 if ((i && c_r) || c_w)
2791 if (do_server && debug) {
2792 if (SSL_in_init(s_ssl))
2793 printf("server waiting in SSL_accept - %s\n",
2794 SSL_state_string_long(s_ssl));
2797 printf("server:SSL_write()\n");
2799 printf("server:SSL_read()\n"); */
2802 if (do_client && debug) {
2803 if (SSL_in_init(c_ssl))
2804 printf("client waiting in SSL_connect - %s\n",
2805 SSL_state_string_long(c_ssl));
2808 printf("client:SSL_write()\n");
2810 printf("client:SSL_read()\n"); */
2813 if (!do_client && !do_server) {
2814 fprintf(stdout, "ERROR IN STARTUP\n");
2815 ERR_print_errors(bio_err);
2818 if (do_client && !(done & C_DONE)) {
2820 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2821 i = BIO_write(c_bio, cbuf, j);
2825 if (BIO_should_retry(c_bio)) {
2826 if (BIO_should_read(c_bio))
2828 if (BIO_should_write(c_bio))
2831 fprintf(stderr, "ERROR in CLIENT\n");
2833 ERR_print_errors(bio_err);
2836 } else if (i == 0) {
2837 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2841 printf("client wrote %d\n", i);
2846 if (max_frag > 1029)
2847 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2850 i = BIO_read(c_bio, cbuf, bufsiz);
2854 if (BIO_should_retry(c_bio)) {
2855 if (BIO_should_read(c_bio))
2857 if (BIO_should_write(c_bio))
2860 fprintf(stderr, "ERROR in CLIENT\n");
2862 ERR_print_errors(bio_err);
2865 } else if (i == 0) {
2866 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2870 printf("client read %d\n", i);
2879 done = S_DONE | C_DONE;
2885 if (do_server && !(done & S_DONE)) {
2887 i = BIO_read(s_bio, sbuf, bufsiz);
2891 if (BIO_should_retry(s_bio)) {
2892 if (BIO_should_read(s_bio))
2894 if (BIO_should_write(s_bio))
2897 fprintf(stderr, "ERROR in SERVER\n");
2899 ERR_print_errors(bio_err);
2902 } else if (i == 0) {
2903 ERR_print_errors(bio_err);
2905 "SSL SERVER STARTUP FAILED in SSL_read\n");
2909 printf("server read %d\n", i);
2922 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2923 i = BIO_write(s_bio, sbuf, j);
2927 if (BIO_should_retry(s_bio)) {
2928 if (BIO_should_read(s_bio))
2930 if (BIO_should_write(s_bio))
2933 fprintf(stderr, "ERROR in SERVER\n");
2935 ERR_print_errors(bio_err);
2938 } else if (i == 0) {
2939 ERR_print_errors(bio_err);
2941 "SSL SERVER STARTUP FAILED in SSL_write\n");
2945 printf("server wrote %d\n", i);
2951 if (max_frag > 1029)
2952 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2957 if ((done & S_DONE) && (done & C_DONE))
2962 print_details(c_ssl, "DONE: ");
2963 #ifndef OPENSSL_NO_NEXTPROTONEG
2964 if (verify_npn(c_ssl, s_ssl) < 0) {
2969 if (verify_serverinfo() < 0) {
2970 fprintf(stderr, "Server info verify error\n");
2974 if (custom_ext_error) {
2975 fprintf(stderr, "Custom extension error\n");
2982 * We have to set the BIO's to NULL otherwise they will be
2983 * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
2984 * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
2985 * c_ssl are sharing the same BIO structure and SSL_set_bio() and
2986 * SSL_free() automatically BIO_free non NULL entries. You should not
2987 * normally do this or be required to do this
2989 if (s_ssl != NULL) {
2993 if (c_ssl != NULL) {
3000 BIO_free_all(c_bio);
3001 BIO_free_all(s_bio);
3005 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
3006 ret = (err_in_client != 0) ? 0 : 1;
3007 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
3008 ret = (err_in_server != 0) ? 0 : 1;
3013 static int verify_callback(int ok, X509_STORE_CTX *ctx)
3017 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
3021 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
3023 fprintf(stderr, "depth=%d error=%d %s\n",
3024 X509_STORE_CTX_get_error_depth(ctx),
3025 X509_STORE_CTX_get_error(ctx), buf);
3030 int i = X509_STORE_CTX_get_error(ctx);
3034 fprintf(stderr, "Error string: %s\n",
3035 X509_verify_cert_error_string(i));
3037 case X509_V_ERR_CERT_NOT_YET_VALID:
3038 case X509_V_ERR_CERT_HAS_EXPIRED:
3039 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
3048 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
3051 struct app_verify_arg *cb_arg = arg;
3053 if (cb_arg->app_verify) {
3054 char *s = NULL, buf[256];
3055 X509 *c = X509_STORE_CTX_get0_cert(ctx);
3057 printf("In app_verify_callback, allowing cert. ");
3058 printf("Arg is: %s\n", cb_arg->string);
3059 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
3060 (void *)ctx, (void *)c);
3062 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
3064 printf("cert depth=%d %s\n",
3065 X509_STORE_CTX_get_error_depth(ctx), buf);
3070 ok = X509_verify_cert(ctx);
3075 #ifndef OPENSSL_NO_DH
3077 * These DH parameters have been generated as follows:
3078 * $ openssl dhparam -C -noout 512
3079 * $ openssl dhparam -C -noout 1024
3080 * $ openssl dhparam -C -noout -dsaparam 1024
3081 * (The third function has been renamed to avoid name conflicts.)
3083 static DH *get_dh512()
3085 static unsigned char dh512_p[] = {
3086 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
3088 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
3090 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
3092 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
3094 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
3096 0x02, 0xC5, 0xAE, 0x23,
3098 static unsigned char dh512_g[] = {
3104 if ((dh = DH_new()) == NULL)
3106 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
3107 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
3108 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3117 static DH *get_dh1024()
3119 static unsigned char dh1024_p[] = {
3120 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
3122 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
3124 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
3126 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
3128 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
3130 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
3132 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
3134 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
3136 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
3138 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
3140 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
3142 static unsigned char dh1024_g[] = {
3148 if ((dh = DH_new()) == NULL)
3150 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3151 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3152 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3161 static DH *get_dh1024dsa()
3163 static unsigned char dh1024_p[] = {
3164 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
3166 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3168 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3170 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3172 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3174 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3176 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3178 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3180 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3182 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3184 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3186 static unsigned char dh1024_g[] = {
3187 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3189 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3191 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3193 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3195 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3197 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3199 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3201 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3203 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3205 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3207 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3212 if ((dh = DH_new()) == NULL)
3214 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3215 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3216 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3222 DH_set_length(dh, 160);
3227 #ifndef OPENSSL_NO_PSK
3228 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3229 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3230 unsigned int max_psk_len)
3235 ret = BN_hex2bn(&bn, pskkey);
3237 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3242 if (BN_num_bytes(bn) > (int)max_psk_len) {
3244 "psk buffer of callback is too small (%d) for key (%d)\n",
3245 max_psk_len, BN_num_bytes(bn));
3249 ret = BN_bn2bin(bn, psk);
3254 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3256 unsigned int max_identity_len,
3258 unsigned int max_psk_len)
3261 unsigned int psk_len = 0;
3263 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3267 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3269 ret = psk_key2bn(psk_key, psk, max_psk_len);
3277 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3279 unsigned int max_psk_len)
3281 unsigned int psk_len = 0;
3283 if (strcmp(identity, "Client_identity") != 0) {
3284 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3287 psk_len = psk_key2bn(psk_key, psk, max_psk_len);