2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 * DH low level APIs are deprecated for public use, but still ok for
16 #include "internal/deprecated.h"
20 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
22 # define _BSD_SOURCE 1
24 #ifndef _DEFAULT_SOURCE
25 # define _DEFAULT_SOURCE 1
36 #include "internal/nelem.h"
38 #ifdef OPENSSL_SYS_VMS
40 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
42 # define _XOPEN_SOURCE 500
47 #include <openssl/bio.h>
48 #include <openssl/crypto.h>
49 #include <openssl/evp.h>
50 #include <openssl/x509.h>
51 #include <openssl/x509v3.h>
52 #include <openssl/ssl.h>
53 #include <openssl/err.h>
54 #include <openssl/rand.h>
55 #ifndef OPENSSL_NO_RSA
56 # include <openssl/rsa.h>
58 #ifndef OPENSSL_NO_DSA
59 # include <openssl/dsa.h>
62 # include <openssl/dh.h>
64 #include <openssl/bn.h>
66 # include <openssl/ct.h>
68 #include <openssl/provider.h>
71 * Or gethostname won't be declared properly
72 * on Compaq platforms (at least with DEC C).
73 * Do not try to put it earlier, or IPv6 includes
76 #define _XOPEN_SOURCE_EXTENDED 1
78 #ifdef OPENSSL_SYS_WINDOWS
84 static SSL_CTX *s_ctx = NULL;
85 static SSL_CTX *s_ctx2 = NULL;
88 * There is really no standard for this, so let's assign something
93 static int verify_callback(int ok, X509_STORE_CTX *ctx);
94 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
95 #define APP_CALLBACK_STRING "Test Callback Argument"
96 struct app_verify_arg {
101 #ifndef OPENSSL_NO_DH
102 static DH *get_dh512(void);
103 static DH *get_dh1024(void);
104 static DH *get_dh1024dsa(void);
107 static char *psk_key = NULL; /* by default PSK is not used */
108 #ifndef OPENSSL_NO_PSK
109 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
111 unsigned int max_identity_len,
113 unsigned int max_psk_len);
114 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
116 unsigned int max_psk_len);
119 static BIO *bio_err = NULL;
120 static BIO *bio_stdout = NULL;
122 #ifndef OPENSSL_NO_NEXTPROTONEG
123 /* Note that this code assumes that this is only a one element list: */
124 static const char NEXT_PROTO_STRING[] = "\x09testproto";
125 static int npn_client = 0;
126 static int npn_server = 0;
127 static int npn_server_reject = 0;
129 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
130 const unsigned char *in, unsigned int inlen,
134 * This callback only returns the protocol string, rather than a length
135 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
136 * and remove the first byte to chop off the length prefix.
138 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
139 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
140 return SSL_TLSEXT_ERR_OK;
143 static int cb_server_npn(SSL *s, const unsigned char **data,
144 unsigned int *len, void *arg)
146 *data = (const unsigned char *)NEXT_PROTO_STRING;
147 *len = sizeof(NEXT_PROTO_STRING) - 1;
148 return SSL_TLSEXT_ERR_OK;
151 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
152 unsigned int *len, void *arg)
154 return SSL_TLSEXT_ERR_NOACK;
157 static int verify_npn(SSL *client, SSL *server)
159 const unsigned char *client_s;
161 const unsigned char *server_s;
164 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
165 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
168 BIO_printf(bio_stdout, "Client NPN: ");
169 BIO_write(bio_stdout, client_s, client_len);
170 BIO_printf(bio_stdout, "\n");
174 BIO_printf(bio_stdout, "Server NPN: ");
175 BIO_write(bio_stdout, server_s, server_len);
176 BIO_printf(bio_stdout, "\n");
180 * If an NPN string was returned, it must be the protocol that we
181 * expected to negotiate.
183 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
184 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
186 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
187 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
190 if (!npn_client && client_len)
192 if (!npn_server && server_len)
194 if (npn_server_reject && server_len)
196 if (npn_client && npn_server && (!client_len || !server_len))
203 static const char *alpn_client;
204 static char *alpn_server;
205 static char *alpn_server2;
206 static const char *alpn_expected;
207 static unsigned char *alpn_selected;
208 static const char *server_min_proto;
209 static const char *server_max_proto;
210 static const char *client_min_proto;
211 static const char *client_max_proto;
212 static const char *should_negotiate;
213 static const char *sn_client;
214 static const char *sn_server1;
215 static const char *sn_server2;
216 static int sn_expect = 0;
217 static const char *server_sess_out;
218 static const char *server_sess_in;
219 static const char *client_sess_out;
220 static const char *client_sess_in;
221 static SSL_SESSION *server_sess;
222 static SSL_SESSION *client_sess;
224 static int servername_cb(SSL *s, int *ad, void *arg)
226 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
227 if (sn_server2 == NULL) {
228 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
229 return SSL_TLSEXT_ERR_NOACK;
233 if (s_ctx2 != NULL && sn_server2 != NULL &&
234 !strcasecmp(servername, sn_server2)) {
235 BIO_printf(bio_stdout, "Switching server context.\n");
236 SSL_set_SSL_CTX(s, s_ctx2);
239 return SSL_TLSEXT_ERR_OK;
241 static int verify_servername(SSL *client, SSL *server)
243 /* just need to see if sn_context is what we expect */
244 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
247 if (sn_expect == 1 && ctx == s_ctx)
249 if (sn_expect == 2 && ctx == s_ctx2)
251 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
253 BIO_printf(bio_stdout, "Servername: context is 2\n");
254 else if (ctx == s_ctx)
255 BIO_printf(bio_stdout, "Servername: context is 1\n");
257 BIO_printf(bio_stdout, "Servername: context is unknown\n");
263 * next_protos_parse parses a comma separated list of strings into a string
264 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
265 * outlen: (output) set to the length of the resulting buffer on success.
266 * in: a NUL terminated string like "abc,def,ghi"
268 * returns: a malloced buffer or NULL on failure.
270 static unsigned char *next_protos_parse(size_t *outlen,
281 out = OPENSSL_malloc(strlen(in) + 1);
285 for (i = 0; i <= len; ++i) {
286 if (i == len || in[i] == ',') {
287 if (i - start > 255) {
291 out[start] = (unsigned char)(i - start);
301 static int cb_server_alpn(SSL *s, const unsigned char **out,
302 unsigned char *outlen, const unsigned char *in,
303 unsigned int inlen, void *arg)
305 unsigned char *protos;
307 char* alpn_str = arg;
309 protos = next_protos_parse(&protos_len, alpn_str);
310 if (protos == NULL) {
311 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
316 if (SSL_select_next_proto
317 ((unsigned char **)out, outlen, protos, protos_len, in,
318 inlen) != OPENSSL_NPN_NEGOTIATED) {
319 OPENSSL_free(protos);
320 return SSL_TLSEXT_ERR_NOACK;
324 * Make a copy of the selected protocol which will be freed in
327 alpn_selected = OPENSSL_malloc(*outlen);
328 memcpy(alpn_selected, *out, *outlen);
329 *out = alpn_selected;
331 OPENSSL_free(protos);
332 return SSL_TLSEXT_ERR_OK;
335 static int verify_alpn(SSL *client, SSL *server)
337 const unsigned char *client_proto, *server_proto;
338 unsigned int client_proto_len = 0, server_proto_len = 0;
339 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
340 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
342 OPENSSL_free(alpn_selected);
343 alpn_selected = NULL;
345 if (client_proto_len != server_proto_len) {
346 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
350 if (client_proto != NULL &&
351 memcmp(client_proto, server_proto, client_proto_len) != 0) {
352 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
356 if (client_proto_len > 0 && alpn_expected == NULL) {
357 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
361 if (alpn_expected != NULL &&
362 (client_proto_len != strlen(alpn_expected) ||
363 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
364 BIO_printf(bio_stdout,
365 "ALPN selected protocols not equal to expected protocol: %s\n",
373 BIO_printf(bio_stdout, "ALPN results: client: '");
374 BIO_write(bio_stdout, client_proto, client_proto_len);
375 BIO_printf(bio_stdout, "', server: '");
376 BIO_write(bio_stdout, server_proto, server_proto_len);
377 BIO_printf(bio_stdout, "'\n");
378 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
380 if (SSL_get_SSL_CTX(server) == s_ctx2) {
381 BIO_printf(bio_stdout, "%s'\n",
384 BIO_printf(bio_stdout, "%s'\n",
391 * WARNING : below extension types are *NOT* IETF assigned, and could
392 * conflict if these types are reassigned and handled specially by OpenSSL
395 #define TACK_EXT_TYPE 62208
396 #define CUSTOM_EXT_TYPE_0 1000
397 #define CUSTOM_EXT_TYPE_1 1001
398 #define CUSTOM_EXT_TYPE_2 1002
399 #define CUSTOM_EXT_TYPE_3 1003
401 static const char custom_ext_cli_string[] = "abc";
402 static const char custom_ext_srv_string[] = "defg";
404 /* These set from cmdline */
405 static char *serverinfo_file = NULL;
406 static int serverinfo_sct = 0;
407 static int serverinfo_tack = 0;
409 /* These set based on extension callbacks */
410 static int serverinfo_sct_seen = 0;
411 static int serverinfo_tack_seen = 0;
412 static int serverinfo_other_seen = 0;
414 /* This set from cmdline */
415 static int custom_ext = 0;
417 /* This set based on extension callbacks */
418 static int custom_ext_error = 0;
420 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
421 const unsigned char *in, size_t inlen,
424 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
425 serverinfo_sct_seen++;
426 else if (ext_type == TACK_EXT_TYPE)
427 serverinfo_tack_seen++;
429 serverinfo_other_seen++;
433 static int verify_serverinfo(void)
435 if (serverinfo_sct != serverinfo_sct_seen)
437 if (serverinfo_tack != serverinfo_tack_seen)
439 if (serverinfo_other_seen)
445 * Four test cases for custom extensions:
446 * 0 - no ClientHello extension or ServerHello response
447 * 1 - ClientHello with "abc", no response
448 * 2 - ClientHello with "abc", empty response
449 * 3 - ClientHello with "abc", "defg" response
452 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
453 const unsigned char **out,
454 size_t *outlen, int *al, void *arg)
456 if (ext_type != CUSTOM_EXT_TYPE_0)
457 custom_ext_error = 1;
458 return 0; /* Don't send an extension */
461 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
462 const unsigned char *in,
463 size_t inlen, int *al, void *arg)
468 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
469 const unsigned char **out,
470 size_t *outlen, int *al, void *arg)
472 if (ext_type != CUSTOM_EXT_TYPE_1)
473 custom_ext_error = 1;
474 *out = (const unsigned char *)custom_ext_cli_string;
475 *outlen = strlen(custom_ext_cli_string);
476 return 1; /* Send "abc" */
479 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
480 const unsigned char *in,
481 size_t inlen, int *al, void *arg)
486 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
487 const unsigned char **out,
488 size_t *outlen, int *al, void *arg)
490 if (ext_type != CUSTOM_EXT_TYPE_2)
491 custom_ext_error = 1;
492 *out = (const unsigned char *)custom_ext_cli_string;
493 *outlen = strlen(custom_ext_cli_string);
494 return 1; /* Send "abc" */
497 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
498 const unsigned char *in,
499 size_t inlen, int *al, void *arg)
501 if (ext_type != CUSTOM_EXT_TYPE_2)
502 custom_ext_error = 1;
504 custom_ext_error = 1; /* Should be empty response */
508 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
509 const unsigned char **out,
510 size_t *outlen, int *al, void *arg)
512 if (ext_type != CUSTOM_EXT_TYPE_3)
513 custom_ext_error = 1;
514 *out = (const unsigned char *)custom_ext_cli_string;
515 *outlen = strlen(custom_ext_cli_string);
516 return 1; /* Send "abc" */
519 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
520 const unsigned char *in,
521 size_t inlen, int *al, void *arg)
523 if (ext_type != CUSTOM_EXT_TYPE_3)
524 custom_ext_error = 1;
525 if (inlen != strlen(custom_ext_srv_string))
526 custom_ext_error = 1;
527 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
528 custom_ext_error = 1; /* Check for "defg" */
533 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
536 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
537 const unsigned char *in,
538 size_t inlen, int *al, void *arg)
540 custom_ext_error = 1;
544 /* 'add' callbacks are only called if the 'parse' callback is called */
545 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
546 const unsigned char **out,
547 size_t *outlen, int *al, void *arg)
549 /* Error: should not have been called */
550 custom_ext_error = 1;
551 return 0; /* Don't send an extension */
554 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
555 const unsigned char *in,
556 size_t inlen, int *al, void *arg)
558 if (ext_type != CUSTOM_EXT_TYPE_1)
559 custom_ext_error = 1;
560 /* Check for "abc" */
561 if (inlen != strlen(custom_ext_cli_string))
562 custom_ext_error = 1;
563 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
564 custom_ext_error = 1;
568 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
569 const unsigned char **out,
570 size_t *outlen, int *al, void *arg)
572 return 0; /* Don't send an extension */
575 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
576 const unsigned char *in,
577 size_t inlen, int *al, void *arg)
579 if (ext_type != CUSTOM_EXT_TYPE_2)
580 custom_ext_error = 1;
581 /* Check for "abc" */
582 if (inlen != strlen(custom_ext_cli_string))
583 custom_ext_error = 1;
584 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
585 custom_ext_error = 1;
589 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
590 const unsigned char **out,
591 size_t *outlen, int *al, void *arg)
595 return 1; /* Send empty extension */
598 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
599 const unsigned char *in,
600 size_t inlen, int *al, void *arg)
602 if (ext_type != CUSTOM_EXT_TYPE_3)
603 custom_ext_error = 1;
604 /* Check for "abc" */
605 if (inlen != strlen(custom_ext_cli_string))
606 custom_ext_error = 1;
607 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
608 custom_ext_error = 1;
612 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
613 const unsigned char **out,
614 size_t *outlen, int *al, void *arg)
616 *out = (const unsigned char *)custom_ext_srv_string;
617 *outlen = strlen(custom_ext_srv_string);
618 return 1; /* Send "defg" */
621 static char *cipher = NULL;
622 static char *ciphersuites = NULL;
623 static int verbose = 0;
624 static int debug = 0;
626 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
627 long bytes, clock_t *s_time, clock_t *c_time);
628 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
630 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
632 static void sv_usage(void)
634 fprintf(stderr, "usage: ssltest [args ...]\n");
635 fprintf(stderr, "\n");
636 fprintf(stderr, " -server_auth - check server certificate\n");
637 fprintf(stderr, " -client_auth - do client authentication\n");
638 fprintf(stderr, " -v - more output\n");
639 fprintf(stderr, " -d - debug output\n");
640 fprintf(stderr, " -reuse - use session-id reuse\n");
641 fprintf(stderr, " -num <val> - number of connections to perform\n");
643 " -bytes <val> - number of bytes to swap between client/server\n");
644 #ifndef OPENSSL_NO_DH
646 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
648 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
650 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
651 fprintf(stderr, " -no_dhe - disable DHE\n");
653 #ifndef OPENSSL_NO_EC
654 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
656 #ifndef OPENSSL_NO_PSK
657 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
659 #ifndef OPENSSL_NO_SSL3
660 fprintf(stderr, " -ssl3 - use SSLv3\n");
662 #ifndef OPENSSL_NO_TLS1
663 fprintf(stderr, " -tls1 - use TLSv1\n");
665 #ifndef OPENSSL_NO_DTLS
666 fprintf(stderr, " -dtls - use DTLS\n");
667 #ifndef OPENSSL_NO_DTLS1
668 fprintf(stderr, " -dtls1 - use DTLSv1\n");
670 #ifndef OPENSSL_NO_DTLS1_2
671 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
674 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
675 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
676 fprintf(stderr, " -cert arg - Server certificate file\n");
678 " -key arg - Server key file (default: same as -cert)\n");
679 fprintf(stderr, " -c_cert arg - Client certificate file\n");
681 " -c_key arg - Client key file (default: same as -c_cert)\n");
682 fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
683 fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
684 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
685 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
686 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
687 fprintf(stderr, " -f - Test even cases that can't work\n");
689 " -time - measure processor time used by client and server\n");
690 fprintf(stderr, " -zlib - use zlib compression\n");
691 #ifndef OPENSSL_NO_NEXTPROTONEG
692 fprintf(stderr, " -npn_client - have client side offer NPN\n");
693 fprintf(stderr, " -npn_server - have server side offer NPN\n");
694 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
696 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
697 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
699 " -serverinfo_tack - have client offer and expect TACK\n");
701 " -custom_ext - try various custom extension callbacks\n");
702 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
703 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
704 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
705 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
707 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
708 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
709 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
710 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
711 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
712 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
713 #ifndef OPENSSL_NO_CT
714 fprintf(stderr, " -noct - no certificate transparency\n");
715 fprintf(stderr, " -requestct - request certificate transparency\n");
716 fprintf(stderr, " -requirect - require certificate transparency\n");
718 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
719 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
720 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
721 fprintf(stderr, " -sn_expect1 - expected server 1\n");
722 fprintf(stderr, " -sn_expect2 - expected server 2\n");
723 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
724 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
725 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
726 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
727 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
728 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
729 fprintf(stderr, " -provider <name> - Load the given provider into the library context\n");
730 fprintf(stderr, " -config <cnf> - Load the given config file into the library context\n");
733 static void print_key_details(BIO *out, EVP_PKEY *key)
735 int keyid = EVP_PKEY_id(key);
736 #ifndef OPENSSL_NO_EC
737 if (keyid == EVP_PKEY_EC) {
738 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
741 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
743 cname = EC_curve_nid2nist(nid);
745 cname = OBJ_nid2sn(nid);
746 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
762 algname = OBJ_nid2sn(keyid);
765 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
769 static void print_details(SSL *c_ssl, const char *prefix)
771 const SSL_CIPHER *ciph;
776 ciph = SSL_get_current_cipher(c_ssl);
777 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
779 SSL_get_version(c_ssl),
780 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
781 cert = SSL_get_peer_certificate(c_ssl);
783 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
785 if (pubkey != NULL) {
786 BIO_puts(bio_stdout, ", ");
787 print_key_details(bio_stdout, pubkey);
791 if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
792 BIO_puts(bio_stdout, ", temp key: ");
793 print_key_details(bio_stdout, pkey);
796 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
797 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
798 BIO_printf(bio_stdout, "\n");
802 * protocol_from_string - converts a protocol version string to a number
804 * Returns -1 on failure or the version on success
806 static int protocol_from_string(const char *value)
808 struct protocol_versions {
812 static const struct protocol_versions versions[] = {
813 {"ssl3", SSL3_VERSION},
814 {"tls1", TLS1_VERSION},
815 {"tls1.1", TLS1_1_VERSION},
816 {"tls1.2", TLS1_2_VERSION},
817 {"tls1.3", TLS1_3_VERSION},
818 {"dtls1", DTLS1_VERSION},
819 {"dtls1.2", DTLS1_2_VERSION}};
821 size_t n = OSSL_NELEM(versions);
823 for (i = 0; i < n; i++)
824 if (strcmp(versions[i].name, value) == 0)
825 return versions[i].version;
829 static SSL_SESSION *read_session(const char *filename)
832 BIO *f = BIO_new_file(filename, "r");
835 BIO_printf(bio_err, "Can't open session file %s\n", filename);
836 ERR_print_errors(bio_err);
839 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
841 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
842 ERR_print_errors(bio_err);
848 static int write_session(const char *filename, SSL_SESSION *sess)
850 BIO *f = BIO_new_file(filename, "w");
853 BIO_printf(bio_err, "No session information\n");
857 BIO_printf(bio_err, "Can't open session file %s\n", filename);
858 ERR_print_errors(bio_err);
861 PEM_write_bio_SSL_SESSION(f, sess);
867 * set_protocol_version - Sets protocol version minimum or maximum
869 * Returns 0 on failure and 1 on success
871 static int set_protocol_version(const char *version, SSL *ssl, int setting)
873 if (version != NULL) {
874 int ver = protocol_from_string(version);
876 BIO_printf(bio_err, "Error parsing: %s\n", version);
879 return SSL_ctrl(ssl, setting, ver, NULL);
884 int main(int argc, char *argv[])
886 const char *CApath = NULL, *CAfile = NULL;
888 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
890 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
891 int ret = EXIT_FAILURE;
893 int server_auth = 0, i;
894 struct app_verify_arg app_verify_arg =
895 { APP_CALLBACK_STRING, 0 };
896 SSL_CTX *c_ctx = NULL;
897 const SSL_METHOD *meth = NULL;
899 int number = 1, reuse = 0;
900 int should_reuse = -1;
903 #ifndef OPENSSL_NO_DH
905 int dhe512 = 0, dhe1024dsa = 0;
910 clock_t s_time = 0, c_time = 0;
911 #ifndef OPENSSL_NO_COMP
913 COMP_METHOD *cm = NULL;
914 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
917 int min_version = 0, max_version = 0;
918 #ifndef OPENSSL_NO_CT
920 * Disable CT validation by default, because it will interfere with
921 * anything using custom extension handlers to deal with SCT extensions.
923 int ct_validation = 0;
925 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
926 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
927 char *arg = NULL, *argn = NULL;
928 const char *provider = NULL, *config = NULL;
929 OSSL_PROVIDER *thisprov = NULL, *defctxnull = NULL;
930 OPENSSL_CTX *libctx = NULL;
935 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
936 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
938 s_cctx = SSL_CONF_CTX_new();
939 s_cctx2 = SSL_CONF_CTX_new();
940 c_cctx = SSL_CONF_CTX_new();
942 if (!s_cctx || !c_cctx || !s_cctx2) {
943 ERR_print_errors(bio_err);
947 SSL_CONF_CTX_set_flags(s_cctx,
948 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
949 SSL_CONF_FLAG_CERTIFICATE |
950 SSL_CONF_FLAG_REQUIRE_PRIVATE);
951 SSL_CONF_CTX_set_flags(s_cctx2,
952 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
953 SSL_CONF_FLAG_CERTIFICATE |
954 SSL_CONF_FLAG_REQUIRE_PRIVATE);
955 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
956 ERR_print_errors(bio_err);
959 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
960 ERR_print_errors(bio_err);
964 SSL_CONF_CTX_set_flags(c_cctx,
965 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
966 SSL_CONF_FLAG_CERTIFICATE |
967 SSL_CONF_FLAG_REQUIRE_PRIVATE);
968 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
969 ERR_print_errors(bio_err);
977 if (strcmp(*argv, "-F") == 0) {
979 "not compiled with FIPS support, so exiting without running.\n");
981 } else if (strcmp(*argv, "-server_auth") == 0)
983 else if (strcmp(*argv, "-client_auth") == 0)
985 else if (strcmp(*argv, "-v") == 0)
987 else if (strcmp(*argv, "-d") == 0)
989 else if (strcmp(*argv, "-reuse") == 0)
991 else if (strcmp(*argv, "-dhe512") == 0) {
992 #ifndef OPENSSL_NO_DH
996 "ignoring -dhe512, since I'm compiled without DH\n");
998 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
999 #ifndef OPENSSL_NO_DH
1003 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1005 } else if (strcmp(*argv, "-no_dhe") == 0)
1007 else if (strcmp(*argv, "-no_ecdhe") == 0)
1009 else if (strcmp(*argv, "-psk") == 0) {
1012 psk_key = *(++argv);
1013 #ifndef OPENSSL_NO_PSK
1014 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1015 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1022 else if (strcmp(*argv, "-tls1_2") == 0) {
1024 } else if (strcmp(*argv, "-tls1") == 0) {
1026 } else if (strcmp(*argv, "-ssl3") == 0) {
1028 } else if (strcmp(*argv, "-dtls1") == 0) {
1030 } else if (strcmp(*argv, "-dtls12") == 0) {
1032 } else if (strcmp(*argv, "-dtls") == 0) {
1034 } else if (strncmp(*argv, "-num", 4) == 0) {
1037 number = atoi(*(++argv));
1040 } else if (strcmp(*argv, "-bytes") == 0) {
1043 bytes = atol(*(++argv));
1046 i = strlen(argv[0]);
1047 if (argv[0][i - 1] == 'k')
1049 if (argv[0][i - 1] == 'm')
1050 bytes *= 1024L * 1024L;
1051 } else if (strcmp(*argv, "-cipher") == 0) {
1055 } else if (strcmp(*argv, "-ciphersuites") == 0) {
1058 ciphersuites = *(++argv);
1059 } else if (strcmp(*argv, "-CApath") == 0) {
1063 } else if (strcmp(*argv, "-CAfile") == 0) {
1067 } else if (strcmp(*argv, "-bio_pair") == 0) {
1068 bio_type = BIO_PAIR;
1070 #ifndef OPENSSL_NO_SOCK
1071 else if (strcmp(*argv, "-ipv4") == 0) {
1072 bio_type = BIO_IPV4;
1073 } else if (strcmp(*argv, "-ipv6") == 0) {
1074 bio_type = BIO_IPV6;
1077 else if (strcmp(*argv, "-f") == 0) {
1079 } else if (strcmp(*argv, "-time") == 0) {
1082 #ifndef OPENSSL_NO_CT
1083 else if (strcmp(*argv, "-noct") == 0) {
1086 else if (strcmp(*argv, "-ct") == 0) {
1090 #ifndef OPENSSL_NO_COMP
1091 else if (strcmp(*argv, "-zlib") == 0) {
1095 else if (strcmp(*argv, "-app_verify") == 0) {
1096 app_verify_arg.app_verify = 1;
1098 #ifndef OPENSSL_NO_NEXTPROTONEG
1099 else if (strcmp(*argv, "-npn_client") == 0) {
1101 } else if (strcmp(*argv, "-npn_server") == 0) {
1103 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1104 npn_server_reject = 1;
1107 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1109 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1110 serverinfo_tack = 1;
1111 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1114 serverinfo_file = *(++argv);
1115 } else if (strcmp(*argv, "-custom_ext") == 0) {
1117 } else if (strcmp(*argv, "-alpn_client") == 0) {
1120 alpn_client = *(++argv);
1121 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1122 strcmp(*argv, "-alpn_server1") == 0) {
1125 alpn_server = *(++argv);
1126 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1129 alpn_server2 = *(++argv);
1130 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1133 alpn_expected = *(++argv);
1134 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1137 server_min_proto = *(++argv);
1138 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1141 server_max_proto = *(++argv);
1142 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1145 client_min_proto = *(++argv);
1146 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1149 client_max_proto = *(++argv);
1150 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1153 should_negotiate = *(++argv);
1154 } else if (strcmp(*argv, "-sn_client") == 0) {
1157 sn_client = *(++argv);
1158 } else if (strcmp(*argv, "-sn_server1") == 0) {
1161 sn_server1 = *(++argv);
1162 } else if (strcmp(*argv, "-sn_server2") == 0) {
1165 sn_server2 = *(++argv);
1166 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1168 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1170 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1173 server_sess_out = *(++argv);
1174 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1177 server_sess_in = *(++argv);
1178 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1181 client_sess_out = *(++argv);
1182 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1185 client_sess_in = *(++argv);
1186 } else if (strcmp(*argv, "-should_reuse") == 0) {
1189 should_reuse = !!atoi(*(++argv));
1190 } else if (strcmp(*argv, "-no_ticket") == 0) {
1192 } else if (strcmp(*argv, "-provider") == 0) {
1195 provider = *(++argv);
1196 } else if (strcmp(*argv, "-config") == 0) {
1204 /* Try to process command using SSL_CONF */
1205 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1206 /* If not processed try server */
1208 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1209 /* Recognised: store it for later use */
1214 conf_args = sk_OPENSSL_STRING_new_null();
1218 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1220 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1225 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1227 BIO_printf(bio_err, "Error with command %s\n", arg);
1229 BIO_printf(bio_err, "unknown option %s\n", arg);
1242 if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1243 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1248 #ifdef OPENSSL_NO_SSL3
1253 #ifdef OPENSSL_NO_TLS1
1258 #ifdef OPENSSL_NO_TLS1_2
1263 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1268 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1276 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1277 * Ideally, we would error out, but the generic test wrapper can't know
1278 * when to expect failure. So we do nothing and return success.
1281 fprintf(stderr, "Testing was requested for a disabled protocol. "
1282 "Skipping tests.\n");
1287 if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1288 && !reuse && !force) {
1289 fprintf(stderr, "This case cannot work. Use -f to perform "
1290 "the test anyway (and\n-d to see what happens), "
1291 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1292 "to avoid protocol mismatch.\n");
1297 if (bio_type != BIO_PAIR) {
1298 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1299 bio_type = BIO_PAIR;
1301 if (number < 50 && !force)
1303 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1306 #ifndef OPENSSL_NO_COMP
1307 if (comp == COMP_ZLIB)
1310 if (COMP_get_type(cm) != NID_undef) {
1311 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1312 fprintf(stderr, "Failed to add compression method\n");
1313 ERR_print_errors_fp(stderr);
1317 "Warning: %s compression not supported\n",
1318 comp == COMP_ZLIB ? "zlib" : "unknown");
1319 ERR_print_errors_fp(stderr);
1322 ssl_comp_methods = SSL_COMP_get_compression_methods();
1323 n = sk_SSL_COMP_num(ssl_comp_methods);
1326 printf("Available compression methods:");
1327 for (j = 0; j < n; j++) {
1328 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1329 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1335 #ifndef OPENSSL_NO_TLS
1336 meth = TLS_method();
1338 min_version = SSL3_VERSION;
1339 max_version = SSL3_VERSION;
1341 min_version = TLS1_VERSION;
1342 max_version = TLS1_VERSION;
1343 } else if (tls1_2) {
1344 min_version = TLS1_2_VERSION;
1345 max_version = TLS1_2_VERSION;
1351 #ifndef OPENSSL_NO_DTLS
1352 if (dtls || dtls1 || dtls12) {
1353 meth = DTLS_method();
1355 min_version = DTLS1_VERSION;
1356 max_version = DTLS1_VERSION;
1357 } else if (dtls12) {
1358 min_version = DTLS1_2_VERSION;
1359 max_version = DTLS1_2_VERSION;
1367 if (provider != NULL) {
1368 defctxnull = OSSL_PROVIDER_load(NULL, "null");
1369 if (defctxnull == NULL)
1371 libctx = OPENSSL_CTX_new();
1376 && !OPENSSL_CTX_load_config(libctx, config))
1379 thisprov = OSSL_PROVIDER_load(libctx, provider);
1380 if (thisprov == NULL)
1384 c_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
1385 s_ctx = SSL_CTX_new_with_libctx(libctx, NULL, meth);
1386 s_ctx2 = SSL_CTX_new_with_libctx(libctx, NULL, meth); /* no SSL_CTX_dup! */
1387 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1388 ERR_print_errors(bio_err);
1392 * Since we will use low security ciphersuites and keys for testing set
1393 * security level to zero by default. Tests can override this by adding
1394 * "@SECLEVEL=n" to the cipher string.
1396 SSL_CTX_set_security_level(c_ctx, 0);
1397 SSL_CTX_set_security_level(s_ctx, 0);
1398 SSL_CTX_set_security_level(s_ctx2, 0);
1401 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1402 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1405 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1407 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1409 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1411 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1414 if (cipher != NULL) {
1415 if (strcmp(cipher, "") == 0) {
1416 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
1417 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1420 ERR_print_errors(bio_err);
1424 /* Should have failed when clearing all TLSv1.2 ciphers. */
1425 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1429 if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1430 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1433 ERR_print_errors(bio_err);
1437 /* Should have failed when clearing all TLSv1.2 ciphers. */
1438 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1442 if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1443 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1446 ERR_print_errors(bio_err);
1450 /* Should have failed when clearing all TLSv1.2 ciphers. */
1451 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1455 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1456 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1457 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1458 ERR_print_errors(bio_err);
1463 if (ciphersuites != NULL) {
1464 if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
1465 || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
1466 || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
1467 ERR_print_errors(bio_err);
1472 #ifndef OPENSSL_NO_CT
1473 if (ct_validation &&
1474 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1475 ERR_print_errors(bio_err);
1480 /* Process SSL_CONF arguments */
1481 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1482 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1483 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1485 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1487 arg = sk_OPENSSL_STRING_value(conf_args, i);
1488 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1489 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1490 /* If not recognised use server context */
1492 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1494 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1497 BIO_printf(bio_err, "Error processing %s %s\n",
1498 arg, argn ? argn : "");
1499 ERR_print_errors(bio_err);
1504 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1505 BIO_puts(bio_err, "Error finishing context\n");
1506 ERR_print_errors(bio_err);
1509 #ifndef OPENSSL_NO_DH
1512 dh = get_dh1024dsa();
1517 SSL_CTX_set_tmp_dh(s_ctx, dh);
1518 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1525 if (!(SSL_CTX_load_verify_file(s_ctx, CAfile)
1526 || SSL_CTX_load_verify_dir(s_ctx, CApath))
1527 || !SSL_CTX_set_default_verify_paths(s_ctx)
1528 || !(SSL_CTX_load_verify_file(s_ctx2, CAfile)
1529 || SSL_CTX_load_verify_dir(s_ctx2, CApath))
1530 || !SSL_CTX_set_default_verify_paths(s_ctx2)
1531 || !(SSL_CTX_load_verify_file(c_ctx, CAfile)
1532 || SSL_CTX_load_verify_dir(c_ctx, CApath))
1533 || !SSL_CTX_set_default_verify_paths(c_ctx)) {
1534 ERR_print_errors(bio_err);
1537 #ifndef OPENSSL_NO_CT
1538 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1539 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1540 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1541 ERR_print_errors(bio_err);
1546 printf("client authentication\n");
1547 SSL_CTX_set_verify(s_ctx,
1548 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1550 SSL_CTX_set_verify(s_ctx2,
1551 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1553 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1555 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1559 printf("server authentication\n");
1560 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1561 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1566 int session_id_context = 0;
1567 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1568 sizeof(session_id_context)) ||
1569 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1570 sizeof(session_id_context))) {
1571 ERR_print_errors(bio_err);
1576 /* Use PSK only if PSK key is given */
1577 if (psk_key != NULL) {
1579 * no_psk is used to avoid putting psk command to openssl tool
1583 * if PSK is not compiled in and psk key is given, do nothing and
1589 #ifndef OPENSSL_NO_PSK
1590 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1591 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1592 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1594 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1595 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1596 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1597 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1598 ERR_print_errors(bio_err);
1604 #ifndef OPENSSL_NO_NEXTPROTONEG
1606 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1609 if (npn_server_reject) {
1611 "Can't have both -npn_server and -npn_server_reject\n");
1614 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1615 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1617 if (npn_server_reject) {
1618 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1619 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1623 if (serverinfo_sct) {
1624 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1625 TLSEXT_TYPE_signed_certificate_timestamp,
1627 serverinfo_cli_parse_cb, NULL)) {
1628 BIO_printf(bio_err, "Error adding SCT extension\n");
1632 if (serverinfo_tack) {
1633 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1635 serverinfo_cli_parse_cb, NULL)) {
1636 BIO_printf(bio_err, "Error adding TACK extension\n");
1640 if (serverinfo_file)
1641 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1642 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1643 BIO_printf(bio_err, "missing serverinfo file\n");
1648 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1649 custom_ext_0_cli_add_cb,
1651 custom_ext_0_cli_parse_cb, NULL)
1652 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1653 custom_ext_1_cli_add_cb,
1655 custom_ext_1_cli_parse_cb, NULL)
1656 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1657 custom_ext_2_cli_add_cb,
1659 custom_ext_2_cli_parse_cb, NULL)
1660 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1661 custom_ext_3_cli_add_cb,
1663 custom_ext_3_cli_parse_cb, NULL)
1664 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1665 custom_ext_0_srv_add_cb,
1667 custom_ext_0_srv_parse_cb, NULL)
1668 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1669 custom_ext_0_srv_add_cb,
1671 custom_ext_0_srv_parse_cb, NULL)
1672 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1673 custom_ext_1_srv_add_cb,
1675 custom_ext_1_srv_parse_cb, NULL)
1676 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1677 custom_ext_1_srv_add_cb,
1679 custom_ext_1_srv_parse_cb, NULL)
1680 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1681 custom_ext_2_srv_add_cb,
1683 custom_ext_2_srv_parse_cb, NULL)
1684 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1685 custom_ext_2_srv_add_cb,
1687 custom_ext_2_srv_parse_cb, NULL)
1688 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1689 custom_ext_3_srv_add_cb,
1691 custom_ext_3_srv_parse_cb, NULL)
1692 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1693 custom_ext_3_srv_add_cb,
1695 custom_ext_3_srv_parse_cb, NULL)) {
1696 BIO_printf(bio_err, "Error setting custom extensions\n");
1702 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1704 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1708 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1711 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1714 /* Returns 0 on success!! */
1715 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1716 BIO_printf(bio_err, "Error setting ALPN\n");
1723 if (server_sess_in != NULL) {
1724 server_sess = read_session(server_sess_in);
1725 if (server_sess == NULL)
1728 if (client_sess_in != NULL) {
1729 client_sess = read_session(client_sess_in);
1730 if (client_sess == NULL)
1734 if (server_sess_out != NULL || server_sess_in != NULL) {
1738 /* Use a fixed key so that we can decrypt the ticket. */
1739 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1740 keys = OPENSSL_zalloc(size);
1741 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1745 if (sn_server1 != NULL || sn_server2 != NULL)
1746 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1748 c_ssl = SSL_new(c_ctx);
1749 s_ssl = SSL_new(s_ctx);
1752 SSL_set_tlsext_host_name(c_ssl, sn_client);
1754 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1756 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1758 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1760 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1764 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1765 BIO_printf(bio_err, "Can't add server session\n");
1766 ERR_print_errors(bio_err);
1771 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1772 for (i = 0; i < number; i++) {
1774 if (!SSL_set_session(c_ssl, NULL)) {
1775 BIO_printf(bio_err, "Failed to set session\n");
1779 if (client_sess_in != NULL) {
1780 if (SSL_set_session(c_ssl, client_sess) == 0) {
1781 BIO_printf(bio_err, "Can't set client session\n");
1782 ERR_print_errors(bio_err);
1788 ret = doit(s_ssl, c_ssl, bytes);
1791 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1793 #ifndef OPENSSL_NO_SOCK
1795 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1796 bytes, &s_time, &c_time);
1799 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1800 bytes, &s_time, &c_time);
1809 if (ret != EXIT_SUCCESS) break;
1812 if (should_negotiate && ret == EXIT_SUCCESS &&
1813 strcmp(should_negotiate, "fail-server") != 0 &&
1814 strcmp(should_negotiate, "fail-client") != 0) {
1815 int version = protocol_from_string(should_negotiate);
1817 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1821 if (SSL_version(c_ssl) != version) {
1822 BIO_printf(bio_err, "Unexpected version negotiated. "
1823 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1829 if (should_reuse != -1) {
1830 if (SSL_session_reused(s_ssl) != should_reuse ||
1831 SSL_session_reused(c_ssl) != should_reuse) {
1832 BIO_printf(bio_err, "Unexpected session reuse state. "
1833 "Expected: %d, server: %d, client: %d\n", should_reuse,
1834 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1840 if (server_sess_out != NULL) {
1841 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1846 if (client_sess_out != NULL) {
1847 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1854 print_details(c_ssl, "");
1857 #ifdef CLOCKS_PER_SEC
1859 * "To determine the time in seconds, the value returned by the clock
1860 * function should be divided by the value of the macro
1861 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1863 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1864 "Approximate total client time: %6.2f s\n",
1865 (double)s_time / CLOCKS_PER_SEC,
1866 (double)c_time / CLOCKS_PER_SEC);
1868 BIO_printf(bio_stdout,
1869 "Approximate total server time: %6.2f units\n"
1870 "Approximate total client time: %6.2f units\n",
1871 (double)s_time, (double)c_time);
1880 SSL_CTX_free(s_ctx);
1881 SSL_CTX_free(s_ctx2);
1882 SSL_CTX_free(c_ctx);
1883 SSL_CONF_CTX_free(s_cctx);
1884 SSL_CONF_CTX_free(s_cctx2);
1885 SSL_CONF_CTX_free(c_cctx);
1886 sk_OPENSSL_STRING_free(conf_args);
1888 BIO_free(bio_stdout);
1890 SSL_SESSION_free(server_sess);
1891 SSL_SESSION_free(client_sess);
1893 OSSL_PROVIDER_unload(defctxnull);
1894 OSSL_PROVIDER_unload(thisprov);
1895 OPENSSL_CTX_free(libctx);
1901 #ifndef OPENSSL_NO_SOCK
1902 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1903 clock_t *s_time, clock_t *c_time)
1905 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1906 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1907 BIO *acpt = NULL, *server = NULL, *client = NULL;
1909 int ret = EXIT_FAILURE;
1910 int err_in_client = 0;
1911 int err_in_server = 0;
1913 acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
1917 BIO_set_accept_ip_family(acpt, family);
1918 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1919 if (BIO_do_accept(acpt) <= 0)
1922 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1924 client = BIO_new_connect(addr_str);
1925 BIO_set_conn_ip_family(client, family);
1929 if (BIO_set_nbio(client, 1) <= 0)
1931 if (BIO_set_nbio(acpt, 1) <= 0)
1935 int st_connect = 0, st_accept = 0;
1937 while(!st_connect || !st_accept) {
1939 if (BIO_do_connect(client) <= 0) {
1940 if (!BIO_should_retry(client))
1947 if (BIO_do_accept(acpt) <= 0) {
1948 if (!BIO_should_retry(acpt))
1956 /* We're not interested in accepting further connects */
1957 server = BIO_pop(acpt);
1961 s_ssl_bio = BIO_new(BIO_f_ssl());
1965 c_ssl_bio = BIO_new(BIO_f_ssl());
1969 SSL_set_connect_state(c_ssl);
1970 SSL_set_bio(c_ssl, client, client);
1971 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1973 SSL_set_accept_state(s_ssl);
1974 SSL_set_bio(s_ssl, server, server);
1975 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1979 * c_ssl_bio: SSL filter BIO
1981 * client: I/O for SSL library
1984 * server: I/O for SSL library
1986 * s_ssl_bio: SSL filter BIO
1990 * We have non-blocking behaviour throughout this test program, but
1991 * can be sure that there is *some* progress in each iteration; so we
1992 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1993 * we just try everything in each iteration
1999 char cbuf[1024 * 8];
2001 clock_t c_clock = clock();
2003 memset(cbuf, 0, sizeof(cbuf));
2006 if (SSL_in_init(c_ssl))
2007 printf("client waiting in SSL_connect - %s\n",
2008 SSL_state_string_long(c_ssl));
2011 /* Write to server. */
2013 if (cw_num > (long)sizeof(cbuf))
2017 r = BIO_write(c_ssl_bio, cbuf, i);
2019 if (!BIO_should_retry(c_ssl_bio)) {
2020 fprintf(stderr, "ERROR in CLIENT\n");
2025 * BIO_should_retry(...) can just be ignored here. The
2026 * library expects us to call BIO_write with the same
2027 * arguments again, and that's what we will do in the
2030 } else if (r == 0) {
2031 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2035 printf("client wrote %d\n", r);
2041 /* Read from server. */
2043 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2045 if (!BIO_should_retry(c_ssl_bio)) {
2046 fprintf(stderr, "ERROR in CLIENT\n");
2051 * Again, "BIO_should_retry" can be ignored.
2053 } else if (r == 0) {
2054 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2058 printf("client read %d\n", r);
2064 * c_time and s_time increments will typically be very small
2065 * (depending on machine speed and clock tick intervals), but
2066 * sampling over a large number of connections should result in
2067 * fairly accurate figures. We cannot guarantee a lot, however
2068 * -- if each connection lasts for exactly one clock tick, it
2069 * will be counted only for the client or only for the server or
2072 *c_time += (clock() - c_clock);
2078 char sbuf[1024 * 8];
2080 clock_t s_clock = clock();
2082 memset(sbuf, 0, sizeof(sbuf));
2085 if (SSL_in_init(s_ssl))
2086 printf("server waiting in SSL_accept - %s\n",
2087 SSL_state_string_long(s_ssl));
2090 /* Write to client. */
2092 if (sw_num > (long)sizeof(sbuf))
2096 r = BIO_write(s_ssl_bio, sbuf, i);
2098 if (!BIO_should_retry(s_ssl_bio)) {
2099 fprintf(stderr, "ERROR in SERVER\n");
2103 /* Ignore "BIO_should_retry". */
2104 } else if (r == 0) {
2105 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2109 printf("server wrote %d\n", r);
2115 /* Read from client. */
2117 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2119 if (!BIO_should_retry(s_ssl_bio)) {
2120 fprintf(stderr, "ERROR in SERVER\n");
2125 } else if (r == 0) {
2126 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2130 printf("server read %d\n", r);
2135 *s_time += (clock() - s_clock);
2138 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2141 print_details(c_ssl, "DONE via TCP connect: ");
2142 # ifndef OPENSSL_NO_NEXTPROTONEG
2143 if (verify_npn(c_ssl, s_ssl) < 0)
2146 if (verify_serverinfo() < 0) {
2147 fprintf(stderr, "Server info verify error\n");
2150 if (verify_alpn(c_ssl, s_ssl) < 0
2151 || verify_servername(c_ssl, s_ssl) < 0)
2154 if (custom_ext_error) {
2155 fprintf(stderr, "Custom extension error\n");
2159 # ifndef OPENSSL_NO_NEXTPROTONEG
2165 ERR_print_errors(bio_err);
2170 BIO_free(s_ssl_bio);
2171 BIO_free(c_ssl_bio);
2173 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2174 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2175 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2176 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2182 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2183 clock_t *s_time, clock_t *c_time)
2185 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2186 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2187 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2188 int ret = EXIT_FAILURE;
2189 int err_in_client = 0;
2190 int err_in_server = 0;
2192 size_t bufsiz = 256; /* small buffer for testing */
2194 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2196 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2199 s_ssl_bio = BIO_new(BIO_f_ssl());
2203 c_ssl_bio = BIO_new(BIO_f_ssl());
2207 SSL_set_connect_state(c_ssl);
2208 SSL_set_bio(c_ssl, client, client);
2209 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2211 SSL_set_accept_state(s_ssl);
2212 SSL_set_bio(s_ssl, server, server);
2213 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2217 * c_ssl_bio: SSL filter BIO
2219 * client: pseudo-I/O for SSL library
2221 * client_io: client's SSL communication; usually to be
2222 * relayed over some I/O facility, but in this
2223 * test program, we're the server, too:
2225 * server_io: server's SSL communication
2227 * server: pseudo-I/O for SSL library
2229 * s_ssl_bio: SSL filter BIO
2231 * The client and the server each employ a "BIO pair":
2232 * client + client_io, server + server_io.
2233 * BIO pairs are symmetric. A BIO pair behaves similar
2234 * to a non-blocking socketpair (but both endpoints must
2235 * be handled by the same thread).
2236 * [Here we could connect client and server to the ends
2237 * of a single BIO pair, but then this code would be less
2238 * suitable as an example for BIO pairs in general.]
2240 * Useful functions for querying the state of BIO pair endpoints:
2242 * BIO_ctrl_pending(bio) number of bytes we can read now
2243 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
2244 * other side's read attempt
2245 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2247 * ..._read_request is never more than ..._write_guarantee;
2248 * it depends on the application which one you should use.
2252 * We have non-blocking behaviour throughout this test program, but
2253 * can be sure that there is *some* progress in each iteration; so we
2254 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2255 * we just try everything in each iteration
2261 char cbuf[1024 * 8];
2263 clock_t c_clock = clock();
2265 memset(cbuf, 0, sizeof(cbuf));
2268 if (SSL_in_init(c_ssl))
2269 printf("client waiting in SSL_connect - %s\n",
2270 SSL_state_string_long(c_ssl));
2273 /* Write to server. */
2275 if (cw_num > (long)sizeof(cbuf))
2279 r = BIO_write(c_ssl_bio, cbuf, i);
2281 if (!BIO_should_retry(c_ssl_bio)) {
2282 fprintf(stderr, "ERROR in CLIENT\n");
2287 * BIO_should_retry(...) can just be ignored here. The
2288 * library expects us to call BIO_write with the same
2289 * arguments again, and that's what we will do in the
2292 } else if (r == 0) {
2293 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2297 printf("client wrote %d\n", r);
2303 /* Read from server. */
2305 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2307 if (!BIO_should_retry(c_ssl_bio)) {
2308 fprintf(stderr, "ERROR in CLIENT\n");
2313 * Again, "BIO_should_retry" can be ignored.
2315 } else if (r == 0) {
2316 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2320 printf("client read %d\n", r);
2326 * c_time and s_time increments will typically be very small
2327 * (depending on machine speed and clock tick intervals), but
2328 * sampling over a large number of connections should result in
2329 * fairly accurate figures. We cannot guarantee a lot, however
2330 * -- if each connection lasts for exactly one clock tick, it
2331 * will be counted only for the client or only for the server or
2334 *c_time += (clock() - c_clock);
2340 char sbuf[1024 * 8];
2342 clock_t s_clock = clock();
2344 memset(sbuf, 0, sizeof(sbuf));
2347 if (SSL_in_init(s_ssl))
2348 printf("server waiting in SSL_accept - %s\n",
2349 SSL_state_string_long(s_ssl));
2352 /* Write to client. */
2354 if (sw_num > (long)sizeof(sbuf))
2358 r = BIO_write(s_ssl_bio, sbuf, i);
2360 if (!BIO_should_retry(s_ssl_bio)) {
2361 fprintf(stderr, "ERROR in SERVER\n");
2365 /* Ignore "BIO_should_retry". */
2366 } else if (r == 0) {
2367 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2371 printf("server wrote %d\n", r);
2377 /* Read from client. */
2379 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2381 if (!BIO_should_retry(s_ssl_bio)) {
2382 fprintf(stderr, "ERROR in SERVER\n");
2387 } else if (r == 0) {
2388 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2392 printf("server read %d\n", r);
2397 *s_time += (clock() - s_clock);
2401 /* "I/O" BETWEEN CLIENT AND SERVER. */
2404 BIO *io1 = server_io, *io2 = client_io;
2406 * we use the non-copying interface for io1 and the standard
2407 * BIO_write/BIO_read interface for io2
2410 static int prev_progress = 1;
2418 r1 = BIO_ctrl_pending(io1);
2419 r2 = BIO_ctrl_get_write_guarantee(io2);
2427 if (INT_MAX < num) /* yeah, right */
2430 r = BIO_nread(io1, &dataptr, (int)num);
2432 assert(r <= (int)num);
2434 * possibly r < num (non-contiguous data)
2437 r = BIO_write(io2, dataptr, (int)num);
2438 if (r != (int)num) { /* can't happen */
2439 fprintf(stderr, "ERROR: BIO_write could not write "
2440 "BIO_ctrl_get_write_guarantee() bytes");
2446 printf((io1 == client_io) ?
2447 "C->S relaying: %d bytes\n" :
2448 "S->C relaying: %d bytes\n", (int)num);
2458 r1 = BIO_ctrl_pending(io2);
2459 r2 = BIO_ctrl_get_read_request(io1);
2461 * here we could use ..._get_write_guarantee instead of
2462 * ..._get_read_request, but by using the latter we test
2463 * restartability of the SSL implementation more thoroughly
2475 --num; /* test restartability even more thoroughly */
2477 r = BIO_nwrite0(io1, &dataptr);
2481 r = BIO_read(io2, dataptr, (int)num);
2482 if (r != (int)num) { /* can't happen */
2483 fprintf(stderr, "ERROR: BIO_read could not read "
2484 "BIO_ctrl_pending() bytes");
2488 r = BIO_nwrite(io1, &dataptr, (int)num);
2489 if (r != (int)num) { /* can't happen */
2490 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2491 "BIO_nwrite0() bytes");
2496 printf((io2 == client_io) ?
2497 "C->S relaying: %d bytes\n" :
2498 "S->C relaying: %d bytes\n", (int)num);
2500 } /* no loop, BIO_ctrl_get_read_request now
2501 * returns 0 anyway */
2503 if (!progress && !prev_progress)
2504 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2505 fprintf(stderr, "ERROR: got stuck\n");
2506 fprintf(stderr, " ERROR.\n");
2509 prev_progress = progress;
2512 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2515 print_details(c_ssl, "DONE via BIO pair: ");
2516 #ifndef OPENSSL_NO_NEXTPROTONEG
2517 if (verify_npn(c_ssl, s_ssl) < 0)
2520 if (verify_serverinfo() < 0) {
2521 fprintf(stderr, "Server info verify error\n");
2524 if (verify_alpn(c_ssl, s_ssl) < 0
2525 || verify_servername(c_ssl, s_ssl) < 0)
2528 if (custom_ext_error) {
2529 fprintf(stderr, "Custom extension error\n");
2533 #ifndef OPENSSL_NO_NEXTPROTONEG
2539 ERR_print_errors(bio_err);
2542 BIO_free(server_io);
2544 BIO_free(client_io);
2545 BIO_free(s_ssl_bio);
2546 BIO_free(c_ssl_bio);
2548 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2549 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2550 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2551 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2561 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2563 char *cbuf = NULL, *sbuf = NULL;
2565 long cw_num = count, cr_num = count;
2566 long sw_num = count, sr_num = count;
2567 int ret = EXIT_FAILURE;
2572 int c_r, c_w, s_r, s_w;
2575 int c_write, s_write;
2576 int do_server = 0, do_client = 0;
2577 int max_frag = 5 * 1024;
2578 int err_in_client = 0;
2579 int err_in_server = 0;
2581 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2583 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2585 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2588 c_to_s = BIO_new(BIO_s_mem());
2589 s_to_c = BIO_new(BIO_s_mem());
2590 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2591 ERR_print_errors(bio_err);
2595 c_bio = BIO_new(BIO_f_ssl());
2596 s_bio = BIO_new(BIO_f_ssl());
2597 if ((c_bio == NULL) || (s_bio == NULL)) {
2598 ERR_print_errors(bio_err);
2602 SSL_set_connect_state(c_ssl);
2603 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2604 SSL_set_max_send_fragment(c_ssl, max_frag);
2605 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2608 * We've just given our ref to these BIOs to c_ssl. We need another one to
2611 if (!BIO_up_ref(c_to_s)) {
2612 /* c_to_s and s_to_c will get freed when we free c_ssl */
2617 if (!BIO_up_ref(s_to_c)) {
2618 /* s_to_c will get freed when we free c_ssl */
2623 SSL_set_accept_state(s_ssl);
2624 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2626 /* We've used up all our refs to these now */
2630 SSL_set_max_send_fragment(s_ssl, max_frag);
2631 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2637 c_write = 1, s_write = 0;
2639 /* We can always do writes */
2644 i = (int)BIO_pending(s_bio);
2645 if ((i && s_r) || s_w)
2648 i = (int)BIO_pending(c_bio);
2649 if ((i && c_r) || c_w)
2652 if (do_server && debug) {
2653 if (SSL_in_init(s_ssl))
2654 printf("server waiting in SSL_accept - %s\n",
2655 SSL_state_string_long(s_ssl));
2658 if (do_client && debug) {
2659 if (SSL_in_init(c_ssl))
2660 printf("client waiting in SSL_connect - %s\n",
2661 SSL_state_string_long(c_ssl));
2664 if (!do_client && !do_server) {
2665 fprintf(stdout, "ERROR IN STARTUP\n");
2666 ERR_print_errors(bio_err);
2669 if (do_client && !(done & C_DONE)) {
2671 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2672 i = BIO_write(c_bio, cbuf, j);
2676 if (BIO_should_retry(c_bio)) {
2677 if (BIO_should_read(c_bio))
2679 if (BIO_should_write(c_bio))
2682 fprintf(stderr, "ERROR in CLIENT\n");
2684 ERR_print_errors(bio_err);
2687 } else if (i == 0) {
2688 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2692 printf("client wrote %d\n", i);
2697 if (max_frag > 1029)
2698 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2701 i = BIO_read(c_bio, cbuf, bufsiz);
2705 if (BIO_should_retry(c_bio)) {
2706 if (BIO_should_read(c_bio))
2708 if (BIO_should_write(c_bio))
2711 fprintf(stderr, "ERROR in CLIENT\n");
2713 ERR_print_errors(bio_err);
2716 } else if (i == 0) {
2717 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2721 printf("client read %d\n", i);
2730 done = S_DONE | C_DONE;
2736 if (do_server && !(done & S_DONE)) {
2738 i = BIO_read(s_bio, sbuf, bufsiz);
2742 if (BIO_should_retry(s_bio)) {
2743 if (BIO_should_read(s_bio))
2745 if (BIO_should_write(s_bio))
2748 fprintf(stderr, "ERROR in SERVER\n");
2750 ERR_print_errors(bio_err);
2753 } else if (i == 0) {
2754 ERR_print_errors(bio_err);
2756 "SSL SERVER STARTUP FAILED in SSL_read\n");
2760 printf("server read %d\n", i);
2773 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2774 i = BIO_write(s_bio, sbuf, j);
2778 if (BIO_should_retry(s_bio)) {
2779 if (BIO_should_read(s_bio))
2781 if (BIO_should_write(s_bio))
2784 fprintf(stderr, "ERROR in SERVER\n");
2786 ERR_print_errors(bio_err);
2789 } else if (i == 0) {
2790 ERR_print_errors(bio_err);
2792 "SSL SERVER STARTUP FAILED in SSL_write\n");
2796 printf("server wrote %d\n", i);
2802 if (max_frag > 1029)
2803 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2808 if ((done & S_DONE) && (done & C_DONE))
2813 print_details(c_ssl, "DONE: ");
2814 #ifndef OPENSSL_NO_NEXTPROTONEG
2815 if (verify_npn(c_ssl, s_ssl) < 0)
2818 if (verify_serverinfo() < 0) {
2819 fprintf(stderr, "Server info verify error\n");
2822 if (custom_ext_error) {
2823 fprintf(stderr, "Custom extension error\n");
2830 BIO_free_all(c_bio);
2831 BIO_free_all(s_bio);
2835 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2836 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2837 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2838 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2843 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2847 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2851 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2853 fprintf(stderr, "depth=%d error=%d %s\n",
2854 X509_STORE_CTX_get_error_depth(ctx),
2855 X509_STORE_CTX_get_error(ctx), buf);
2860 int i = X509_STORE_CTX_get_error(ctx);
2864 fprintf(stderr, "Error string: %s\n",
2865 X509_verify_cert_error_string(i));
2867 case X509_V_ERR_CERT_NOT_YET_VALID:
2868 case X509_V_ERR_CERT_HAS_EXPIRED:
2869 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2878 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2881 struct app_verify_arg *cb_arg = arg;
2883 if (cb_arg->app_verify) {
2884 char *s = NULL, buf[256];
2885 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2887 printf("In app_verify_callback, allowing cert. ");
2888 printf("Arg is: %s\n", cb_arg->string);
2889 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2890 (void *)ctx, (void *)c);
2892 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2894 printf("cert depth=%d %s\n",
2895 X509_STORE_CTX_get_error_depth(ctx), buf);
2900 ok = X509_verify_cert(ctx);
2905 #ifndef OPENSSL_NO_DH
2907 * These DH parameters have been generated as follows:
2908 * $ openssl dhparam -C -noout 512
2909 * $ openssl dhparam -C -noout 1024
2910 * $ openssl dhparam -C -noout -dsaparam 1024
2911 * (The third function has been renamed to avoid name conflicts.)
2913 static DH *get_dh512(void)
2915 static unsigned char dh512_p[] = {
2916 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2918 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2920 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2922 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2924 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2926 0x02, 0xC5, 0xAE, 0x23,
2928 static unsigned char dh512_g[] = {
2934 if ((dh = DH_new()) == NULL)
2936 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2937 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2938 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2947 static DH *get_dh1024(void)
2949 static unsigned char dh1024_p[] = {
2950 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2952 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2954 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2956 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2958 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2960 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2962 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2964 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2966 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2968 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2970 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2972 static unsigned char dh1024_g[] = {
2978 if ((dh = DH_new()) == NULL)
2980 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2981 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2982 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2991 static DH *get_dh1024dsa(void)
2993 static unsigned char dh1024_p[] = {
2994 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2996 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2998 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3000 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3002 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3004 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3006 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3008 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3010 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3012 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3014 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3016 static unsigned char dh1024_g[] = {
3017 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3019 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3021 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3023 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3025 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3027 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3029 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3031 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3033 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3035 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3037 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3042 if ((dh = DH_new()) == NULL)
3044 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3045 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3046 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3052 DH_set_length(dh, 160);
3057 #ifndef OPENSSL_NO_PSK
3058 /* convert the PSK key (psk_key) in ascii to binary (psk) */
3059 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3060 unsigned int max_psk_len)
3065 ret = BN_hex2bn(&bn, pskkey);
3067 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3072 if (BN_num_bytes(bn) > (int)max_psk_len) {
3074 "psk buffer of callback is too small (%d) for key (%d)\n",
3075 max_psk_len, BN_num_bytes(bn));
3079 ret = BN_bn2bin(bn, psk);
3084 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3086 unsigned int max_identity_len,
3088 unsigned int max_psk_len)
3091 unsigned int psk_len = 0;
3093 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3097 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3099 ret = psk_key2bn(psk_key, psk, max_psk_len);
3107 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3109 unsigned int max_psk_len)
3111 unsigned int psk_len = 0;
3113 if (strcmp(identity, "Client_identity") != 0) {
3114 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3117 psk_len = psk_key2bn(psk_key, psk, max_psk_len);