2 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
12 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
14 # define _BSD_SOURCE 1
16 #ifndef _DEFAULT_SOURCE
17 # define _DEFAULT_SOURCE 1
31 #ifdef OPENSSL_SYS_VMS
33 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
35 # define _XOPEN_SOURCE 500
40 #include <openssl/bio.h>
41 #include <openssl/crypto.h>
42 #include <openssl/evp.h>
43 #include <openssl/x509.h>
44 #include <openssl/x509v3.h>
45 #include <openssl/ssl.h>
46 #include <openssl/err.h>
47 #include <openssl/rand.h>
48 #ifndef OPENSSL_NO_RSA
49 # include <openssl/rsa.h>
51 #ifndef OPENSSL_NO_DSA
52 # include <openssl/dsa.h>
55 # include <openssl/dh.h>
57 #include <openssl/bn.h>
59 # include <openssl/ct.h>
63 * Or gethostname won't be declared properly
64 * on Compaq platforms (at least with DEC C).
65 * Do not try to put it earlier, or IPv6 includes
68 #define _XOPEN_SOURCE_EXTENDED 1
70 #ifdef OPENSSL_SYS_WINDOWS
73 # include OPENSSL_UNISTD
76 static SSL_CTX
*s_ctx
= NULL
;
77 static SSL_CTX
*s_ctx2
= NULL
;
80 * There is really no standard for this, so let's assign something
85 static int verify_callback(int ok
, X509_STORE_CTX
*ctx
);
86 static int app_verify_callback(X509_STORE_CTX
*ctx
, void *arg
);
87 #define APP_CALLBACK_STRING "Test Callback Argument"
88 struct app_verify_arg
{
94 static DH
*get_dh512(void);
95 static DH
*get_dh1024(void);
96 static DH
*get_dh1024dsa(void);
99 static char *psk_key
= NULL
; /* by default PSK is not used */
100 #ifndef OPENSSL_NO_PSK
101 static unsigned int psk_client_callback(SSL
*ssl
, const char *hint
,
103 unsigned int max_identity_len
,
105 unsigned int max_psk_len
);
106 static unsigned int psk_server_callback(SSL
*ssl
, const char *identity
,
108 unsigned int max_psk_len
);
111 static BIO
*bio_err
= NULL
;
112 static BIO
*bio_stdout
= NULL
;
114 #ifndef OPENSSL_NO_NEXTPROTONEG
115 /* Note that this code assumes that this is only a one element list: */
116 static const char NEXT_PROTO_STRING
[] = "\x09testproto";
117 static int npn_client
= 0;
118 static int npn_server
= 0;
119 static int npn_server_reject
= 0;
121 static int cb_client_npn(SSL
*s
, unsigned char **out
, unsigned char *outlen
,
122 const unsigned char *in
, unsigned int inlen
,
126 * This callback only returns the protocol string, rather than a length
127 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
128 * and remove the first byte to chop off the length prefix.
130 *out
= (unsigned char *)NEXT_PROTO_STRING
+ 1;
131 *outlen
= sizeof(NEXT_PROTO_STRING
) - 2;
132 return SSL_TLSEXT_ERR_OK
;
135 static int cb_server_npn(SSL
*s
, const unsigned char **data
,
136 unsigned int *len
, void *arg
)
138 *data
= (const unsigned char *)NEXT_PROTO_STRING
;
139 *len
= sizeof(NEXT_PROTO_STRING
) - 1;
140 return SSL_TLSEXT_ERR_OK
;
143 static int cb_server_rejects_npn(SSL
*s
, const unsigned char **data
,
144 unsigned int *len
, void *arg
)
146 return SSL_TLSEXT_ERR_NOACK
;
149 static int verify_npn(SSL
*client
, SSL
*server
)
151 const unsigned char *client_s
;
153 const unsigned char *server_s
;
156 SSL_get0_next_proto_negotiated(client
, &client_s
, &client_len
);
157 SSL_get0_next_proto_negotiated(server
, &server_s
, &server_len
);
160 BIO_printf(bio_stdout
, "Client NPN: ");
161 BIO_write(bio_stdout
, client_s
, client_len
);
162 BIO_printf(bio_stdout
, "\n");
166 BIO_printf(bio_stdout
, "Server NPN: ");
167 BIO_write(bio_stdout
, server_s
, server_len
);
168 BIO_printf(bio_stdout
, "\n");
172 * If an NPN string was returned, it must be the protocol that we
173 * expected to negotiate.
175 if (client_len
&& (client_len
!= sizeof(NEXT_PROTO_STRING
) - 2 ||
176 memcmp(client_s
, NEXT_PROTO_STRING
+ 1, client_len
)))
178 if (server_len
&& (server_len
!= sizeof(NEXT_PROTO_STRING
) - 2 ||
179 memcmp(server_s
, NEXT_PROTO_STRING
+ 1, server_len
)))
182 if (!npn_client
&& client_len
)
184 if (!npn_server
&& server_len
)
186 if (npn_server_reject
&& server_len
)
188 if (npn_client
&& npn_server
&& (!client_len
|| !server_len
))
195 static const char *alpn_client
;
196 static char *alpn_server
;
197 static char *alpn_server2
;
198 static const char *alpn_expected
;
199 static unsigned char *alpn_selected
;
200 static const char *server_min_proto
;
201 static const char *server_max_proto
;
202 static const char *client_min_proto
;
203 static const char *client_max_proto
;
204 static const char *should_negotiate
;
205 static const char *sn_client
;
206 static const char *sn_server1
;
207 static const char *sn_server2
;
208 static int sn_expect
= 0;
209 static const char *server_sess_out
;
210 static const char *server_sess_in
;
211 static const char *client_sess_out
;
212 static const char *client_sess_in
;
213 static SSL_SESSION
*server_sess
;
214 static SSL_SESSION
*client_sess
;
216 static int servername_cb(SSL
*s
, int *ad
, void *arg
)
218 const char *servername
= SSL_get_servername(s
, TLSEXT_NAMETYPE_host_name
);
219 if (sn_server2
== NULL
) {
220 BIO_printf(bio_stdout
, "Servername 2 is NULL\n");
221 return SSL_TLSEXT_ERR_NOACK
;
225 if (s_ctx2
!= NULL
&& sn_server2
!= NULL
&&
226 !strcasecmp(servername
, sn_server2
)) {
227 BIO_printf(bio_stdout
, "Switching server context.\n");
228 SSL_set_SSL_CTX(s
, s_ctx2
);
231 return SSL_TLSEXT_ERR_OK
;
233 static int verify_servername(SSL
*client
, SSL
*server
)
235 /* just need to see if sn_context is what we expect */
236 SSL_CTX
* ctx
= SSL_get_SSL_CTX(server
);
239 if (sn_expect
== 1 && ctx
== s_ctx
)
241 if (sn_expect
== 2 && ctx
== s_ctx2
)
243 BIO_printf(bio_stdout
, "Servername: expected context %d\n", sn_expect
);
245 BIO_printf(bio_stdout
, "Servername: context is 2\n");
246 else if (ctx
== s_ctx
)
247 BIO_printf(bio_stdout
, "Servername: context is 1\n");
249 BIO_printf(bio_stdout
, "Servername: context is unknown\n");
255 * next_protos_parse parses a comma separated list of strings into a string
256 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
257 * outlen: (output) set to the length of the resulting buffer on success.
258 * in: a NUL terminated string like "abc,def,ghi"
260 * returns: a malloced buffer or NULL on failure.
262 static unsigned char *next_protos_parse(size_t *outlen
,
273 out
= OPENSSL_malloc(strlen(in
) + 1);
277 for (i
= 0; i
<= len
; ++i
) {
278 if (i
== len
|| in
[i
] == ',') {
279 if (i
- start
> 255) {
283 out
[start
] = i
- start
;
293 static int cb_server_alpn(SSL
*s
, const unsigned char **out
,
294 unsigned char *outlen
, const unsigned char *in
,
295 unsigned int inlen
, void *arg
)
297 unsigned char *protos
;
299 char* alpn_str
= arg
;
301 protos
= next_protos_parse(&protos_len
, alpn_str
);
302 if (protos
== NULL
) {
303 fprintf(stderr
, "failed to parser ALPN server protocol string: %s\n",
308 if (SSL_select_next_proto
309 ((unsigned char **)out
, outlen
, protos
, protos_len
, in
,
310 inlen
) != OPENSSL_NPN_NEGOTIATED
) {
311 OPENSSL_free(protos
);
312 return SSL_TLSEXT_ERR_NOACK
;
316 * Make a copy of the selected protocol which will be freed in
319 alpn_selected
= OPENSSL_malloc(*outlen
);
320 memcpy(alpn_selected
, *out
, *outlen
);
321 *out
= alpn_selected
;
323 OPENSSL_free(protos
);
324 return SSL_TLSEXT_ERR_OK
;
327 static int verify_alpn(SSL
*client
, SSL
*server
)
329 const unsigned char *client_proto
, *server_proto
;
330 unsigned int client_proto_len
= 0, server_proto_len
= 0;
331 SSL_get0_alpn_selected(client
, &client_proto
, &client_proto_len
);
332 SSL_get0_alpn_selected(server
, &server_proto
, &server_proto_len
);
334 OPENSSL_free(alpn_selected
);
335 alpn_selected
= NULL
;
337 if (client_proto_len
!= server_proto_len
) {
338 BIO_printf(bio_stdout
, "ALPN selected protocols differ!\n");
342 if (client_proto
!= NULL
&&
343 memcmp(client_proto
, server_proto
, client_proto_len
) != 0) {
344 BIO_printf(bio_stdout
, "ALPN selected protocols differ!\n");
348 if (client_proto_len
> 0 && alpn_expected
== NULL
) {
349 BIO_printf(bio_stdout
, "ALPN unexpectedly negotiated\n");
353 if (alpn_expected
!= NULL
&&
354 (client_proto_len
!= strlen(alpn_expected
) ||
355 memcmp(client_proto
, alpn_expected
, client_proto_len
) != 0)) {
356 BIO_printf(bio_stdout
,
357 "ALPN selected protocols not equal to expected protocol: %s\n",
365 BIO_printf(bio_stdout
, "ALPN results: client: '");
366 BIO_write(bio_stdout
, client_proto
, client_proto_len
);
367 BIO_printf(bio_stdout
, "', server: '");
368 BIO_write(bio_stdout
, server_proto
, server_proto_len
);
369 BIO_printf(bio_stdout
, "'\n");
370 BIO_printf(bio_stdout
, "ALPN configured: client: '%s', server: '",
372 if (SSL_get_SSL_CTX(server
) == s_ctx2
) {
373 BIO_printf(bio_stdout
, "%s'\n",
376 BIO_printf(bio_stdout
, "%s'\n",
383 * WARNING : below extension types are *NOT* IETF assigned, and could
384 * conflict if these types are reassigned and handled specially by OpenSSL
387 #define TACK_EXT_TYPE 62208
388 #define CUSTOM_EXT_TYPE_0 1000
389 #define CUSTOM_EXT_TYPE_1 1001
390 #define CUSTOM_EXT_TYPE_2 1002
391 #define CUSTOM_EXT_TYPE_3 1003
393 static const char custom_ext_cli_string
[] = "abc";
394 static const char custom_ext_srv_string
[] = "defg";
396 /* These set from cmdline */
397 static char *serverinfo_file
= NULL
;
398 static int serverinfo_sct
= 0;
399 static int serverinfo_tack
= 0;
401 /* These set based on extension callbacks */
402 static int serverinfo_sct_seen
= 0;
403 static int serverinfo_tack_seen
= 0;
404 static int serverinfo_other_seen
= 0;
406 /* This set from cmdline */
407 static int custom_ext
= 0;
409 /* This set based on extension callbacks */
410 static int custom_ext_error
= 0;
412 static int serverinfo_cli_parse_cb(SSL
*s
, unsigned int ext_type
,
413 const unsigned char *in
, size_t inlen
,
416 if (ext_type
== TLSEXT_TYPE_signed_certificate_timestamp
)
417 serverinfo_sct_seen
++;
418 else if (ext_type
== TACK_EXT_TYPE
)
419 serverinfo_tack_seen
++;
421 serverinfo_other_seen
++;
425 static int verify_serverinfo()
427 if (serverinfo_sct
!= serverinfo_sct_seen
)
429 if (serverinfo_tack
!= serverinfo_tack_seen
)
431 if (serverinfo_other_seen
)
437 * Four test cases for custom extensions:
438 * 0 - no ClientHello extension or ServerHello response
439 * 1 - ClientHello with "abc", no response
440 * 2 - ClientHello with "abc", empty response
441 * 3 - ClientHello with "abc", "defg" response
444 static int custom_ext_0_cli_add_cb(SSL
*s
, unsigned int ext_type
,
445 const unsigned char **out
,
446 size_t *outlen
, int *al
, void *arg
)
448 if (ext_type
!= CUSTOM_EXT_TYPE_0
)
449 custom_ext_error
= 1;
450 return 0; /* Don't send an extension */
453 static int custom_ext_0_cli_parse_cb(SSL
*s
, unsigned int ext_type
,
454 const unsigned char *in
,
455 size_t inlen
, int *al
, void *arg
)
460 static int custom_ext_1_cli_add_cb(SSL
*s
, unsigned int ext_type
,
461 const unsigned char **out
,
462 size_t *outlen
, int *al
, void *arg
)
464 if (ext_type
!= CUSTOM_EXT_TYPE_1
)
465 custom_ext_error
= 1;
466 *out
= (const unsigned char *)custom_ext_cli_string
;
467 *outlen
= strlen(custom_ext_cli_string
);
468 return 1; /* Send "abc" */
471 static int custom_ext_1_cli_parse_cb(SSL
*s
, unsigned int ext_type
,
472 const unsigned char *in
,
473 size_t inlen
, int *al
, void *arg
)
478 static int custom_ext_2_cli_add_cb(SSL
*s
, unsigned int ext_type
,
479 const unsigned char **out
,
480 size_t *outlen
, int *al
, void *arg
)
482 if (ext_type
!= CUSTOM_EXT_TYPE_2
)
483 custom_ext_error
= 1;
484 *out
= (const unsigned char *)custom_ext_cli_string
;
485 *outlen
= strlen(custom_ext_cli_string
);
486 return 1; /* Send "abc" */
489 static int custom_ext_2_cli_parse_cb(SSL
*s
, unsigned int ext_type
,
490 const unsigned char *in
,
491 size_t inlen
, int *al
, void *arg
)
493 if (ext_type
!= CUSTOM_EXT_TYPE_2
)
494 custom_ext_error
= 1;
496 custom_ext_error
= 1; /* Should be empty response */
500 static int custom_ext_3_cli_add_cb(SSL
*s
, unsigned int ext_type
,
501 const unsigned char **out
,
502 size_t *outlen
, int *al
, void *arg
)
504 if (ext_type
!= CUSTOM_EXT_TYPE_3
)
505 custom_ext_error
= 1;
506 *out
= (const unsigned char *)custom_ext_cli_string
;
507 *outlen
= strlen(custom_ext_cli_string
);
508 return 1; /* Send "abc" */
511 static int custom_ext_3_cli_parse_cb(SSL
*s
, unsigned int ext_type
,
512 const unsigned char *in
,
513 size_t inlen
, int *al
, void *arg
)
515 if (ext_type
!= CUSTOM_EXT_TYPE_3
)
516 custom_ext_error
= 1;
517 if (inlen
!= strlen(custom_ext_srv_string
))
518 custom_ext_error
= 1;
519 if (memcmp(custom_ext_srv_string
, in
, inlen
) != 0)
520 custom_ext_error
= 1; /* Check for "defg" */
525 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
528 static int custom_ext_0_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
529 const unsigned char *in
,
530 size_t inlen
, int *al
, void *arg
)
532 custom_ext_error
= 1;
536 /* 'add' callbacks are only called if the 'parse' callback is called */
537 static int custom_ext_0_srv_add_cb(SSL
*s
, unsigned int ext_type
,
538 const unsigned char **out
,
539 size_t *outlen
, int *al
, void *arg
)
541 /* Error: should not have been called */
542 custom_ext_error
= 1;
543 return 0; /* Don't send an extension */
546 static int custom_ext_1_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
547 const unsigned char *in
,
548 size_t inlen
, int *al
, void *arg
)
550 if (ext_type
!= CUSTOM_EXT_TYPE_1
)
551 custom_ext_error
= 1;
552 /* Check for "abc" */
553 if (inlen
!= strlen(custom_ext_cli_string
))
554 custom_ext_error
= 1;
555 if (memcmp(in
, custom_ext_cli_string
, inlen
) != 0)
556 custom_ext_error
= 1;
560 static int custom_ext_1_srv_add_cb(SSL
*s
, unsigned int ext_type
,
561 const unsigned char **out
,
562 size_t *outlen
, int *al
, void *arg
)
564 return 0; /* Don't send an extension */
567 static int custom_ext_2_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
568 const unsigned char *in
,
569 size_t inlen
, int *al
, void *arg
)
571 if (ext_type
!= CUSTOM_EXT_TYPE_2
)
572 custom_ext_error
= 1;
573 /* Check for "abc" */
574 if (inlen
!= strlen(custom_ext_cli_string
))
575 custom_ext_error
= 1;
576 if (memcmp(in
, custom_ext_cli_string
, inlen
) != 0)
577 custom_ext_error
= 1;
581 static int custom_ext_2_srv_add_cb(SSL
*s
, unsigned int ext_type
,
582 const unsigned char **out
,
583 size_t *outlen
, int *al
, void *arg
)
587 return 1; /* Send empty extension */
590 static int custom_ext_3_srv_parse_cb(SSL
*s
, unsigned int ext_type
,
591 const unsigned char *in
,
592 size_t inlen
, int *al
, void *arg
)
594 if (ext_type
!= CUSTOM_EXT_TYPE_3
)
595 custom_ext_error
= 1;
596 /* Check for "abc" */
597 if (inlen
!= strlen(custom_ext_cli_string
))
598 custom_ext_error
= 1;
599 if (memcmp(in
, custom_ext_cli_string
, inlen
) != 0)
600 custom_ext_error
= 1;
604 static int custom_ext_3_srv_add_cb(SSL
*s
, unsigned int ext_type
,
605 const unsigned char **out
,
606 size_t *outlen
, int *al
, void *arg
)
608 *out
= (const unsigned char *)custom_ext_srv_string
;
609 *outlen
= strlen(custom_ext_srv_string
);
610 return 1; /* Send "defg" */
613 static char *cipher
= NULL
;
614 static int verbose
= 0;
615 static int debug
= 0;
617 int doit_localhost(SSL
*s_ssl
, SSL
*c_ssl
, int family
,
618 long bytes
, clock_t *s_time
, clock_t *c_time
);
619 int doit_biopair(SSL
*s_ssl
, SSL
*c_ssl
, long bytes
, clock_t *s_time
,
621 int doit(SSL
*s_ssl
, SSL
*c_ssl
, long bytes
);
623 static void sv_usage(void)
625 fprintf(stderr
, "usage: ssltest [args ...]\n");
626 fprintf(stderr
, "\n");
627 fprintf(stderr
, " -server_auth - check server certificate\n");
628 fprintf(stderr
, " -client_auth - do client authentication\n");
629 fprintf(stderr
, " -v - more output\n");
630 fprintf(stderr
, " -d - debug output\n");
631 fprintf(stderr
, " -reuse - use session-id reuse\n");
632 fprintf(stderr
, " -num <val> - number of connections to perform\n");
634 " -bytes <val> - number of bytes to swap between client/server\n");
635 #ifndef OPENSSL_NO_DH
637 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
639 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
641 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
642 fprintf(stderr
, " -no_dhe - disable DHE\n");
644 #ifndef OPENSSL_NO_EC
645 fprintf(stderr
, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
647 #ifndef OPENSSL_NO_PSK
648 fprintf(stderr
, " -psk arg - PSK in hex (without 0x)\n");
650 #ifndef OPENSSL_NO_SSL3
651 fprintf(stderr
, " -ssl3 - use SSLv3\n");
653 #ifndef OPENSSL_NO_TLS1
654 fprintf(stderr
, " -tls1 - use TLSv1\n");
656 #ifndef OPENSSL_NO_DTLS
657 fprintf(stderr
, " -dtls - use DTLS\n");
658 #ifndef OPENSSL_NO_DTLS1
659 fprintf(stderr
, " -dtls1 - use DTLSv1\n");
661 #ifndef OPENSSL_NO_DTLS1_2
662 fprintf(stderr
, " -dtls12 - use DTLSv1.2\n");
665 fprintf(stderr
, " -CApath arg - PEM format directory of CA's\n");
666 fprintf(stderr
, " -CAfile arg - PEM format file of CA's\n");
667 fprintf(stderr
, " -cert arg - Server certificate file\n");
669 " -key arg - Server key file (default: same as -cert)\n");
670 fprintf(stderr
, " -c_cert arg - Client certificate file\n");
672 " -c_key arg - Client key file (default: same as -c_cert)\n");
673 fprintf(stderr
, " -cipher arg - The cipher list\n");
674 fprintf(stderr
, " -bio_pair - Use BIO pairs\n");
675 fprintf(stderr
, " -ipv4 - Use IPv4 connection on localhost\n");
676 fprintf(stderr
, " -ipv6 - Use IPv6 connection on localhost\n");
677 fprintf(stderr
, " -f - Test even cases that can't work\n");
679 " -time - measure processor time used by client and server\n");
680 fprintf(stderr
, " -zlib - use zlib compression\n");
681 #ifndef OPENSSL_NO_NEXTPROTONEG
682 fprintf(stderr
, " -npn_client - have client side offer NPN\n");
683 fprintf(stderr
, " -npn_server - have server side offer NPN\n");
684 fprintf(stderr
, " -npn_server_reject - have server reject NPN\n");
686 fprintf(stderr
, " -serverinfo_file file - have server use this file\n");
687 fprintf(stderr
, " -serverinfo_sct - have client offer and expect SCT\n");
689 " -serverinfo_tack - have client offer and expect TACK\n");
691 " -custom_ext - try various custom extension callbacks\n");
692 fprintf(stderr
, " -alpn_client <string> - have client side offer ALPN\n");
693 fprintf(stderr
, " -alpn_server <string> - have server side offer ALPN\n");
694 fprintf(stderr
, " -alpn_server1 <string> - alias for -alpn_server\n");
695 fprintf(stderr
, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
697 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
698 fprintf(stderr
, " -server_min_proto <string> - Minimum version the server should support\n");
699 fprintf(stderr
, " -server_max_proto <string> - Maximum version the server should support\n");
700 fprintf(stderr
, " -client_min_proto <string> - Minimum version the client should support\n");
701 fprintf(stderr
, " -client_max_proto <string> - Maximum version the client should support\n");
702 fprintf(stderr
, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
703 #ifndef OPENSSL_NO_CT
704 fprintf(stderr
, " -noct - no certificate transparency\n");
705 fprintf(stderr
, " -requestct - request certificate transparency\n");
706 fprintf(stderr
, " -requirect - require certificate transparency\n");
708 fprintf(stderr
, " -sn_client <string> - have client request this servername\n");
709 fprintf(stderr
, " -sn_server1 <string> - have server context 1 respond to this servername\n");
710 fprintf(stderr
, " -sn_server2 <string> - have server context 2 respond to this servername\n");
711 fprintf(stderr
, " -sn_expect1 - expected server 1\n");
712 fprintf(stderr
, " -sn_expect2 - expected server 2\n");
713 fprintf(stderr
, " -server_sess_out <file> - Save the server session to a file\n");
714 fprintf(stderr
, " -server_sess_in <file> - Read the server session from a file\n");
715 fprintf(stderr
, " -client_sess_out <file> - Save the client session to a file\n");
716 fprintf(stderr
, " -client_sess_in <file> - Read the client session from a file\n");
717 fprintf(stderr
, " -should_reuse <number> - The expected state of reusing the session\n");
718 fprintf(stderr
, " -no_ticket - do not issue TLS session ticket\n");
721 static void print_key_details(BIO
*out
, EVP_PKEY
*key
)
723 int keyid
= EVP_PKEY_id(key
);
724 #ifndef OPENSSL_NO_EC
725 if (keyid
== EVP_PKEY_EC
) {
726 EC_KEY
*ec
= EVP_PKEY_get1_EC_KEY(key
);
729 nid
= EC_GROUP_get_curve_name(EC_KEY_get0_group(ec
));
731 cname
= EC_curve_nid2nist(nid
);
733 cname
= OBJ_nid2sn(nid
);
734 BIO_printf(out
, "%d bits EC (%s)", EVP_PKEY_bits(key
), cname
);
750 algname
= OBJ_nid2sn(keyid
);
753 BIO_printf(out
, "%d bits %s", EVP_PKEY_bits(key
), algname
);
757 static void print_details(SSL
*c_ssl
, const char *prefix
)
759 const SSL_CIPHER
*ciph
;
764 ciph
= SSL_get_current_cipher(c_ssl
);
765 BIO_printf(bio_stdout
, "%s%s, cipher %s %s",
767 SSL_get_version(c_ssl
),
768 SSL_CIPHER_get_version(ciph
), SSL_CIPHER_get_name(ciph
));
769 cert
= SSL_get_peer_certificate(c_ssl
);
771 EVP_PKEY
* pubkey
= X509_get0_pubkey(cert
);
773 if (pubkey
!= NULL
) {
774 BIO_puts(bio_stdout
, ", ");
775 print_key_details(bio_stdout
, pubkey
);
779 if (SSL_get_server_tmp_key(c_ssl
, &pkey
)) {
780 BIO_puts(bio_stdout
, ", temp key: ");
781 print_key_details(bio_stdout
, pkey
);
784 if (SSL_get_peer_signature_nid(c_ssl
, &mdnid
))
785 BIO_printf(bio_stdout
, ", digest=%s", OBJ_nid2sn(mdnid
));
786 BIO_printf(bio_stdout
, "\n");
790 * protocol_from_string - converts a protocol version string to a number
792 * Returns -1 on failure or the version on success
794 static int protocol_from_string(const char *value
)
796 struct protocol_versions
{
800 static const struct protocol_versions versions
[] = {
801 {"ssl3", SSL3_VERSION
},
802 {"tls1", TLS1_VERSION
},
803 {"tls1.1", TLS1_1_VERSION
},
804 {"tls1.2", TLS1_2_VERSION
},
805 {"tls1.3", TLS1_3_VERSION
},
806 {"dtls1", DTLS1_VERSION
},
807 {"dtls1.2", DTLS1_2_VERSION
}};
809 size_t n
= OSSL_NELEM(versions
);
811 for (i
= 0; i
< n
; i
++)
812 if (strcmp(versions
[i
].name
, value
) == 0)
813 return versions
[i
].version
;
817 static SSL_SESSION
*read_session(const char *filename
)
820 BIO
*f
= BIO_new_file(filename
, "r");
823 BIO_printf(bio_err
, "Can't open session file %s\n", filename
);
824 ERR_print_errors(bio_err
);
827 sess
= PEM_read_bio_SSL_SESSION(f
, NULL
, 0, NULL
);
829 BIO_printf(bio_err
, "Can't parse session file %s\n", filename
);
830 ERR_print_errors(bio_err
);
836 static int write_session(const char *filename
, SSL_SESSION
*sess
)
838 BIO
*f
= BIO_new_file(filename
, "w");
841 BIO_printf(bio_err
, "No session information\n");
845 BIO_printf(bio_err
, "Can't open session file %s\n", filename
);
846 ERR_print_errors(bio_err
);
849 PEM_write_bio_SSL_SESSION(f
, sess
);
855 * set_protocol_version - Sets protocol version minimum or maximum
857 * Returns 0 on failure and 1 on success
859 static int set_protocol_version(const char *version
, SSL
*ssl
, int setting
)
861 if (version
!= NULL
) {
862 int ver
= protocol_from_string(version
);
864 BIO_printf(bio_err
, "Error parsing: %s\n", version
);
867 return SSL_ctrl(ssl
, setting
, ver
, NULL
);
872 int main(int argc
, char *argv
[])
874 const char *CApath
= NULL
, *CAfile
= NULL
;
876 enum { BIO_MEM
, BIO_PAIR
, BIO_IPV4
, BIO_IPV6
} bio_type
= BIO_MEM
;
878 int dtls1
= 0, dtls12
= 0, dtls
= 0, tls1
= 0, tls1_2
= 0, ssl3
= 0;
879 int ret
= EXIT_FAILURE
;
881 int server_auth
= 0, i
;
882 struct app_verify_arg app_verify_arg
=
883 { APP_CALLBACK_STRING
, 0 };
885 SSL_CTX
*c_ctx
= NULL
;
886 const SSL_METHOD
*meth
= NULL
;
888 int number
= 1, reuse
= 0;
889 int should_reuse
= -1;
892 #ifndef OPENSSL_NO_DH
894 int dhe512
= 0, dhe1024dsa
= 0;
899 clock_t s_time
= 0, c_time
= 0;
900 #ifndef OPENSSL_NO_COMP
902 COMP_METHOD
*cm
= NULL
;
903 STACK_OF(SSL_COMP
) *ssl_comp_methods
= NULL
;
906 int min_version
= 0, max_version
= 0;
907 #ifndef OPENSSL_NO_CT
909 * Disable CT validation by default, because it will interfere with
910 * anything using custom extension handlers to deal with SCT extensions.
912 int ct_validation
= 0;
914 SSL_CONF_CTX
*s_cctx
= NULL
, *c_cctx
= NULL
, *s_cctx2
= NULL
;
915 STACK_OF(OPENSSL_STRING
) *conf_args
= NULL
;
916 char *arg
= NULL
, *argn
= NULL
;
922 bio_err
= BIO_new_fp(stderr
, BIO_NOCLOSE
| BIO_FP_TEXT
);
924 p
= getenv("OPENSSL_DEBUG_MEMORY");
925 if (p
!= NULL
&& strcmp(p
, "on") == 0)
926 CRYPTO_set_mem_debug(1);
927 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON
);
929 bio_stdout
= BIO_new_fp(stdout
, BIO_NOCLOSE
| BIO_FP_TEXT
);
931 s_cctx
= SSL_CONF_CTX_new();
932 s_cctx2
= SSL_CONF_CTX_new();
933 c_cctx
= SSL_CONF_CTX_new();
935 if (!s_cctx
|| !c_cctx
|| !s_cctx2
) {
936 ERR_print_errors(bio_err
);
940 SSL_CONF_CTX_set_flags(s_cctx
,
941 SSL_CONF_FLAG_CMDLINE
| SSL_CONF_FLAG_SERVER
|
942 SSL_CONF_FLAG_CERTIFICATE
|
943 SSL_CONF_FLAG_REQUIRE_PRIVATE
);
944 SSL_CONF_CTX_set_flags(s_cctx2
,
945 SSL_CONF_FLAG_CMDLINE
| SSL_CONF_FLAG_SERVER
|
946 SSL_CONF_FLAG_CERTIFICATE
|
947 SSL_CONF_FLAG_REQUIRE_PRIVATE
);
948 if (!SSL_CONF_CTX_set1_prefix(s_cctx
, "-s_")) {
949 ERR_print_errors(bio_err
);
952 if (!SSL_CONF_CTX_set1_prefix(s_cctx2
, "-s_")) {
953 ERR_print_errors(bio_err
);
957 SSL_CONF_CTX_set_flags(c_cctx
,
958 SSL_CONF_FLAG_CMDLINE
| SSL_CONF_FLAG_CLIENT
|
959 SSL_CONF_FLAG_CERTIFICATE
|
960 SSL_CONF_FLAG_REQUIRE_PRIVATE
);
961 if (!SSL_CONF_CTX_set1_prefix(c_cctx
, "-c_")) {
962 ERR_print_errors(bio_err
);
970 if (strcmp(*argv
, "-F") == 0) {
972 "not compiled with FIPS support, so exiting without running.\n");
974 } else if (strcmp(*argv
, "-server_auth") == 0)
976 else if (strcmp(*argv
, "-client_auth") == 0)
978 else if (strcmp(*argv
, "-v") == 0)
980 else if (strcmp(*argv
, "-d") == 0)
982 else if (strcmp(*argv
, "-reuse") == 0)
984 else if (strcmp(*argv
, "-dhe512") == 0) {
985 #ifndef OPENSSL_NO_DH
989 "ignoring -dhe512, since I'm compiled without DH\n");
991 } else if (strcmp(*argv
, "-dhe1024dsa") == 0) {
992 #ifndef OPENSSL_NO_DH
996 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
998 } else if (strcmp(*argv
, "-no_dhe") == 0)
1000 else if (strcmp(*argv
, "-no_ecdhe") == 0)
1002 else if (strcmp(*argv
, "-psk") == 0) {
1005 psk_key
= *(++argv
);
1006 #ifndef OPENSSL_NO_PSK
1007 if (strspn(psk_key
, "abcdefABCDEF1234567890") != strlen(psk_key
)) {
1008 BIO_printf(bio_err
, "Not a hex number '%s'\n", *argv
);
1015 else if (strcmp(*argv
, "-tls1_2") == 0) {
1017 } else if (strcmp(*argv
, "-tls1") == 0) {
1019 } else if (strcmp(*argv
, "-ssl3") == 0) {
1021 } else if (strcmp(*argv
, "-dtls1") == 0) {
1023 } else if (strcmp(*argv
, "-dtls12") == 0) {
1025 } else if (strcmp(*argv
, "-dtls") == 0) {
1027 } else if (strncmp(*argv
, "-num", 4) == 0) {
1030 number
= atoi(*(++argv
));
1033 } else if (strcmp(*argv
, "-bytes") == 0) {
1036 bytes
= atol(*(++argv
));
1039 i
= strlen(argv
[0]);
1040 if (argv
[0][i
- 1] == 'k')
1042 if (argv
[0][i
- 1] == 'm')
1043 bytes
*= 1024L * 1024L;
1044 } else if (strcmp(*argv
, "-cipher") == 0) {
1048 } else if (strcmp(*argv
, "-CApath") == 0) {
1052 } else if (strcmp(*argv
, "-CAfile") == 0) {
1056 } else if (strcmp(*argv
, "-bio_pair") == 0) {
1057 bio_type
= BIO_PAIR
;
1059 #ifndef OPENSSL_NO_SOCK
1060 else if (strcmp(*argv
, "-ipv4") == 0) {
1061 bio_type
= BIO_IPV4
;
1062 } else if (strcmp(*argv
, "-ipv6") == 0) {
1063 bio_type
= BIO_IPV6
;
1066 else if (strcmp(*argv
, "-f") == 0) {
1068 } else if (strcmp(*argv
, "-time") == 0) {
1071 #ifndef OPENSSL_NO_CT
1072 else if (strcmp(*argv
, "-noct") == 0) {
1075 else if (strcmp(*argv
, "-ct") == 0) {
1079 #ifndef OPENSSL_NO_COMP
1080 else if (strcmp(*argv
, "-zlib") == 0) {
1084 else if (strcmp(*argv
, "-app_verify") == 0) {
1085 app_verify_arg
.app_verify
= 1;
1087 #ifndef OPENSSL_NO_NEXTPROTONEG
1088 else if (strcmp(*argv
, "-npn_client") == 0) {
1090 } else if (strcmp(*argv
, "-npn_server") == 0) {
1092 } else if (strcmp(*argv
, "-npn_server_reject") == 0) {
1093 npn_server_reject
= 1;
1096 else if (strcmp(*argv
, "-serverinfo_sct") == 0) {
1098 } else if (strcmp(*argv
, "-serverinfo_tack") == 0) {
1099 serverinfo_tack
= 1;
1100 } else if (strcmp(*argv
, "-serverinfo_file") == 0) {
1103 serverinfo_file
= *(++argv
);
1104 } else if (strcmp(*argv
, "-custom_ext") == 0) {
1106 } else if (strcmp(*argv
, "-alpn_client") == 0) {
1109 alpn_client
= *(++argv
);
1110 } else if (strcmp(*argv
, "-alpn_server") == 0 ||
1111 strcmp(*argv
, "-alpn_server1") == 0) {
1114 alpn_server
= *(++argv
);
1115 } else if (strcmp(*argv
, "-alpn_server2") == 0) {
1118 alpn_server2
= *(++argv
);
1119 } else if (strcmp(*argv
, "-alpn_expected") == 0) {
1122 alpn_expected
= *(++argv
);
1123 } else if (strcmp(*argv
, "-server_min_proto") == 0) {
1126 server_min_proto
= *(++argv
);
1127 } else if (strcmp(*argv
, "-server_max_proto") == 0) {
1130 server_max_proto
= *(++argv
);
1131 } else if (strcmp(*argv
, "-client_min_proto") == 0) {
1134 client_min_proto
= *(++argv
);
1135 } else if (strcmp(*argv
, "-client_max_proto") == 0) {
1138 client_max_proto
= *(++argv
);
1139 } else if (strcmp(*argv
, "-should_negotiate") == 0) {
1142 should_negotiate
= *(++argv
);
1143 } else if (strcmp(*argv
, "-sn_client") == 0) {
1146 sn_client
= *(++argv
);
1147 } else if (strcmp(*argv
, "-sn_server1") == 0) {
1150 sn_server1
= *(++argv
);
1151 } else if (strcmp(*argv
, "-sn_server2") == 0) {
1154 sn_server2
= *(++argv
);
1155 } else if (strcmp(*argv
, "-sn_expect1") == 0) {
1157 } else if (strcmp(*argv
, "-sn_expect2") == 0) {
1159 } else if (strcmp(*argv
, "-server_sess_out") == 0) {
1162 server_sess_out
= *(++argv
);
1163 } else if (strcmp(*argv
, "-server_sess_in") == 0) {
1166 server_sess_in
= *(++argv
);
1167 } else if (strcmp(*argv
, "-client_sess_out") == 0) {
1170 client_sess_out
= *(++argv
);
1171 } else if (strcmp(*argv
, "-client_sess_in") == 0) {
1174 client_sess_in
= *(++argv
);
1175 } else if (strcmp(*argv
, "-should_reuse") == 0) {
1178 should_reuse
= !!atoi(*(++argv
));
1179 } else if (strcmp(*argv
, "-no_ticket") == 0) {
1185 /* Try to process command using SSL_CONF */
1186 rv
= SSL_CONF_cmd_argv(c_cctx
, &argc
, &argv
);
1187 /* If not processed try server */
1189 rv
= SSL_CONF_cmd_argv(s_cctx
, &argc
, &argv
);
1190 /* Recognised: store it for later use */
1195 conf_args
= sk_OPENSSL_STRING_new_null();
1199 if (!sk_OPENSSL_STRING_push(conf_args
, arg
))
1201 if (!sk_OPENSSL_STRING_push(conf_args
, argn
))
1206 BIO_printf(bio_err
, "Missing argument for %s\n", arg
);
1208 BIO_printf(bio_err
, "Error with command %s\n", arg
);
1210 BIO_printf(bio_err
, "unknown option %s\n", arg
);
1223 if (ssl3
+ tls1
+ tls1_2
+ dtls
+ dtls1
+ dtls12
> 1) {
1224 fprintf(stderr
, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1229 #ifdef OPENSSL_NO_SSL3
1234 #ifdef OPENSSL_NO_TLS1
1239 #ifdef OPENSSL_NO_TLS1_2
1244 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1249 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1257 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1258 * Ideally, we would error out, but the generic test wrapper can't know
1259 * when to expect failure. So we do nothing and return success.
1262 fprintf(stderr
, "Testing was requested for a disabled protocol. "
1263 "Skipping tests.\n");
1268 if (!ssl3
&& !tls1
&& !tls1_2
&& !dtls
&& !dtls1
&& !dtls12
&& number
> 1
1269 && !reuse
&& !force
) {
1270 fprintf(stderr
, "This case cannot work. Use -f to perform "
1271 "the test anyway (and\n-d to see what happens), "
1272 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1273 "to avoid protocol mismatch.\n");
1278 if (bio_type
!= BIO_PAIR
) {
1279 fprintf(stderr
, "Using BIO pair (-bio_pair)\n");
1280 bio_type
= BIO_PAIR
;
1282 if (number
< 50 && !force
)
1284 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1287 #ifndef OPENSSL_NO_COMP
1288 if (comp
== COMP_ZLIB
)
1291 if (COMP_get_type(cm
) != NID_undef
) {
1292 if (SSL_COMP_add_compression_method(comp
, cm
) != 0) {
1293 fprintf(stderr
, "Failed to add compression method\n");
1294 ERR_print_errors_fp(stderr
);
1298 "Warning: %s compression not supported\n",
1299 comp
== COMP_ZLIB
? "zlib" : "unknown");
1300 ERR_print_errors_fp(stderr
);
1303 ssl_comp_methods
= SSL_COMP_get_compression_methods();
1304 n
= sk_SSL_COMP_num(ssl_comp_methods
);
1307 printf("Available compression methods:");
1308 for (j
= 0; j
< n
; j
++) {
1309 SSL_COMP
*c
= sk_SSL_COMP_value(ssl_comp_methods
, j
);
1310 printf(" %s:%d", SSL_COMP_get0_name(c
), SSL_COMP_get_id(c
));
1316 #ifndef OPENSSL_NO_TLS
1317 meth
= TLS_method();
1319 min_version
= SSL3_VERSION
;
1320 max_version
= SSL3_VERSION
;
1322 min_version
= TLS1_VERSION
;
1323 max_version
= TLS1_VERSION
;
1324 } else if (tls1_2
) {
1325 min_version
= TLS1_2_VERSION
;
1326 max_version
= TLS1_2_VERSION
;
1329 #ifndef OPENSSL_NO_DTLS
1330 if (dtls
|| dtls1
|| dtls12
)
1331 meth
= DTLS_method();
1333 min_version
= DTLS1_VERSION
;
1334 max_version
= DTLS1_VERSION
;
1335 } else if (dtls12
) {
1336 min_version
= DTLS1_2_VERSION
;
1337 max_version
= DTLS1_2_VERSION
;
1341 c_ctx
= SSL_CTX_new(meth
);
1342 s_ctx
= SSL_CTX_new(meth
);
1343 s_ctx2
= SSL_CTX_new(meth
); /* no SSL_CTX_dup! */
1344 if ((c_ctx
== NULL
) || (s_ctx
== NULL
) || (s_ctx2
== NULL
)) {
1345 ERR_print_errors(bio_err
);
1349 * Since we will use low security ciphersuites and keys for testing set
1350 * security level to zero by default. Tests can override this by adding
1351 * "@SECLEVEL=n" to the cipher string.
1353 SSL_CTX_set_security_level(c_ctx
, 0);
1354 SSL_CTX_set_security_level(s_ctx
, 0);
1355 SSL_CTX_set_security_level(s_ctx2
, 0);
1358 SSL_CTX_set_options(c_ctx
, SSL_OP_NO_TICKET
);
1359 SSL_CTX_set_options(s_ctx
, SSL_OP_NO_TICKET
);
1362 if (SSL_CTX_set_min_proto_version(c_ctx
, min_version
) == 0)
1364 if (SSL_CTX_set_max_proto_version(c_ctx
, max_version
) == 0)
1366 if (SSL_CTX_set_min_proto_version(s_ctx
, min_version
) == 0)
1368 if (SSL_CTX_set_max_proto_version(s_ctx
, max_version
) == 0)
1371 if (cipher
!= NULL
) {
1372 if (!SSL_CTX_set_cipher_list(c_ctx
, cipher
)
1373 || !SSL_CTX_set_cipher_list(s_ctx
, cipher
)
1374 || !SSL_CTX_set_cipher_list(s_ctx2
, cipher
)) {
1375 ERR_print_errors(bio_err
);
1380 #ifndef OPENSSL_NO_CT
1381 if (ct_validation
&&
1382 !SSL_CTX_enable_ct(c_ctx
, SSL_CT_VALIDATION_STRICT
)) {
1383 ERR_print_errors(bio_err
);
1388 /* Process SSL_CONF arguments */
1389 SSL_CONF_CTX_set_ssl_ctx(c_cctx
, c_ctx
);
1390 SSL_CONF_CTX_set_ssl_ctx(s_cctx
, s_ctx
);
1391 SSL_CONF_CTX_set_ssl_ctx(s_cctx2
, s_ctx2
);
1393 for (i
= 0; i
< sk_OPENSSL_STRING_num(conf_args
); i
+= 2) {
1395 arg
= sk_OPENSSL_STRING_value(conf_args
, i
);
1396 argn
= sk_OPENSSL_STRING_value(conf_args
, i
+ 1);
1397 rv
= SSL_CONF_cmd(c_cctx
, arg
, argn
);
1398 /* If not recognised use server context */
1400 rv
= SSL_CONF_cmd(s_cctx2
, arg
, argn
);
1402 rv
= SSL_CONF_cmd(s_cctx
, arg
, argn
);
1405 BIO_printf(bio_err
, "Error processing %s %s\n",
1406 arg
, argn
? argn
: "");
1407 ERR_print_errors(bio_err
);
1412 if (!SSL_CONF_CTX_finish(s_cctx
) || !SSL_CONF_CTX_finish(c_cctx
) || !SSL_CONF_CTX_finish(s_cctx2
)) {
1413 BIO_puts(bio_err
, "Error finishing context\n");
1414 ERR_print_errors(bio_err
);
1417 #ifndef OPENSSL_NO_DH
1420 dh
= get_dh1024dsa();
1425 SSL_CTX_set_tmp_dh(s_ctx
, dh
);
1426 SSL_CTX_set_tmp_dh(s_ctx2
, dh
);
1433 if ((!SSL_CTX_load_verify_locations(s_ctx
, CAfile
, CApath
)) ||
1434 (!SSL_CTX_set_default_verify_paths(s_ctx
)) ||
1435 (!SSL_CTX_load_verify_locations(s_ctx2
, CAfile
, CApath
)) ||
1436 (!SSL_CTX_set_default_verify_paths(s_ctx2
)) ||
1437 (!SSL_CTX_load_verify_locations(c_ctx
, CAfile
, CApath
)) ||
1438 (!SSL_CTX_set_default_verify_paths(c_ctx
))) {
1439 ERR_print_errors(bio_err
);
1442 #ifndef OPENSSL_NO_CT
1443 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx
) ||
1444 !SSL_CTX_set_default_ctlog_list_file(s_ctx2
) ||
1445 !SSL_CTX_set_default_ctlog_list_file(c_ctx
)) {
1446 ERR_print_errors(bio_err
);
1451 printf("client authentication\n");
1452 SSL_CTX_set_verify(s_ctx
,
1453 SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT
,
1455 SSL_CTX_set_verify(s_ctx2
,
1456 SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT
,
1458 SSL_CTX_set_cert_verify_callback(s_ctx
, app_verify_callback
,
1460 SSL_CTX_set_cert_verify_callback(s_ctx2
, app_verify_callback
,
1464 printf("server authentication\n");
1465 SSL_CTX_set_verify(c_ctx
, SSL_VERIFY_PEER
, verify_callback
);
1466 SSL_CTX_set_cert_verify_callback(c_ctx
, app_verify_callback
,
1471 int session_id_context
= 0;
1472 if (!SSL_CTX_set_session_id_context(s_ctx
, (void *)&session_id_context
,
1473 sizeof session_id_context
) ||
1474 !SSL_CTX_set_session_id_context(s_ctx2
, (void *)&session_id_context
,
1475 sizeof session_id_context
)) {
1476 ERR_print_errors(bio_err
);
1481 /* Use PSK only if PSK key is given */
1482 if (psk_key
!= NULL
) {
1484 * no_psk is used to avoid putting psk command to openssl tool
1488 * if PSK is not compiled in and psk key is given, do nothing and
1494 #ifndef OPENSSL_NO_PSK
1495 SSL_CTX_set_psk_client_callback(c_ctx
, psk_client_callback
);
1496 SSL_CTX_set_psk_server_callback(s_ctx
, psk_server_callback
);
1497 SSL_CTX_set_psk_server_callback(s_ctx2
, psk_server_callback
);
1499 BIO_printf(bio_err
, "setting PSK identity hint to s_ctx\n");
1500 if (!SSL_CTX_use_psk_identity_hint(s_ctx
, "ctx server identity_hint") ||
1501 !SSL_CTX_use_psk_identity_hint(s_ctx2
, "ctx server identity_hint")) {
1502 BIO_printf(bio_err
, "error setting PSK identity hint to s_ctx\n");
1503 ERR_print_errors(bio_err
);
1509 #ifndef OPENSSL_NO_NEXTPROTONEG
1511 SSL_CTX_set_next_proto_select_cb(c_ctx
, cb_client_npn
, NULL
);
1514 if (npn_server_reject
) {
1516 "Can't have both -npn_server and -npn_server_reject\n");
1519 SSL_CTX_set_npn_advertised_cb(s_ctx
, cb_server_npn
, NULL
);
1520 SSL_CTX_set_npn_advertised_cb(s_ctx2
, cb_server_npn
, NULL
);
1522 if (npn_server_reject
) {
1523 SSL_CTX_set_npn_advertised_cb(s_ctx
, cb_server_rejects_npn
, NULL
);
1524 SSL_CTX_set_npn_advertised_cb(s_ctx2
, cb_server_rejects_npn
, NULL
);
1528 if (serverinfo_sct
) {
1529 if (!SSL_CTX_add_client_custom_ext(c_ctx
,
1530 TLSEXT_TYPE_signed_certificate_timestamp
,
1532 serverinfo_cli_parse_cb
, NULL
)) {
1533 BIO_printf(bio_err
, "Error adding SCT extension\n");
1537 if (serverinfo_tack
) {
1538 if (!SSL_CTX_add_client_custom_ext(c_ctx
, TACK_EXT_TYPE
,
1540 serverinfo_cli_parse_cb
, NULL
)) {
1541 BIO_printf(bio_err
, "Error adding TACK extension\n");
1545 if (serverinfo_file
)
1546 if (!SSL_CTX_use_serverinfo_file(s_ctx
, serverinfo_file
) ||
1547 !SSL_CTX_use_serverinfo_file(s_ctx2
, serverinfo_file
)) {
1548 BIO_printf(bio_err
, "missing serverinfo file\n");
1553 if (!SSL_CTX_add_client_custom_ext(c_ctx
, CUSTOM_EXT_TYPE_0
,
1554 custom_ext_0_cli_add_cb
,
1556 custom_ext_0_cli_parse_cb
, NULL
)
1557 || !SSL_CTX_add_client_custom_ext(c_ctx
, CUSTOM_EXT_TYPE_1
,
1558 custom_ext_1_cli_add_cb
,
1560 custom_ext_1_cli_parse_cb
, NULL
)
1561 || !SSL_CTX_add_client_custom_ext(c_ctx
, CUSTOM_EXT_TYPE_2
,
1562 custom_ext_2_cli_add_cb
,
1564 custom_ext_2_cli_parse_cb
, NULL
)
1565 || !SSL_CTX_add_client_custom_ext(c_ctx
, CUSTOM_EXT_TYPE_3
,
1566 custom_ext_3_cli_add_cb
,
1568 custom_ext_3_cli_parse_cb
, NULL
)
1569 || !SSL_CTX_add_server_custom_ext(s_ctx
, CUSTOM_EXT_TYPE_0
,
1570 custom_ext_0_srv_add_cb
,
1572 custom_ext_0_srv_parse_cb
, NULL
)
1573 || !SSL_CTX_add_server_custom_ext(s_ctx2
, CUSTOM_EXT_TYPE_0
,
1574 custom_ext_0_srv_add_cb
,
1576 custom_ext_0_srv_parse_cb
, NULL
)
1577 || !SSL_CTX_add_server_custom_ext(s_ctx
, CUSTOM_EXT_TYPE_1
,
1578 custom_ext_1_srv_add_cb
,
1580 custom_ext_1_srv_parse_cb
, NULL
)
1581 || !SSL_CTX_add_server_custom_ext(s_ctx2
, CUSTOM_EXT_TYPE_1
,
1582 custom_ext_1_srv_add_cb
,
1584 custom_ext_1_srv_parse_cb
, NULL
)
1585 || !SSL_CTX_add_server_custom_ext(s_ctx
, CUSTOM_EXT_TYPE_2
,
1586 custom_ext_2_srv_add_cb
,
1588 custom_ext_2_srv_parse_cb
, NULL
)
1589 || !SSL_CTX_add_server_custom_ext(s_ctx2
, CUSTOM_EXT_TYPE_2
,
1590 custom_ext_2_srv_add_cb
,
1592 custom_ext_2_srv_parse_cb
, NULL
)
1593 || !SSL_CTX_add_server_custom_ext(s_ctx
, CUSTOM_EXT_TYPE_3
,
1594 custom_ext_3_srv_add_cb
,
1596 custom_ext_3_srv_parse_cb
, NULL
)
1597 || !SSL_CTX_add_server_custom_ext(s_ctx2
, CUSTOM_EXT_TYPE_3
,
1598 custom_ext_3_srv_add_cb
,
1600 custom_ext_3_srv_parse_cb
, NULL
)) {
1601 BIO_printf(bio_err
, "Error setting custom extensions\n");
1607 SSL_CTX_set_alpn_select_cb(s_ctx
, cb_server_alpn
, alpn_server
);
1609 SSL_CTX_set_alpn_select_cb(s_ctx2
, cb_server_alpn
, alpn_server2
);
1613 unsigned char *alpn
= next_protos_parse(&alpn_len
, alpn_client
);
1616 BIO_printf(bio_err
, "Error parsing -alpn_client argument\n");
1619 /* Returns 0 on success!! */
1620 if (SSL_CTX_set_alpn_protos(c_ctx
, alpn
, alpn_len
)) {
1621 BIO_printf(bio_err
, "Error setting ALPN\n");
1628 if (server_sess_in
!= NULL
) {
1629 server_sess
= read_session(server_sess_in
);
1630 if (server_sess
== NULL
)
1633 if (client_sess_in
!= NULL
) {
1634 client_sess
= read_session(client_sess_in
);
1635 if (client_sess
== NULL
)
1639 if (server_sess_out
!= NULL
|| server_sess_in
!= NULL
) {
1643 /* Use a fixed key so that we can decrypt the ticket. */
1644 size
= SSL_CTX_set_tlsext_ticket_keys(s_ctx
, NULL
, 0);
1645 keys
= OPENSSL_zalloc(size
);
1646 SSL_CTX_set_tlsext_ticket_keys(s_ctx
, keys
, size
);
1650 if (sn_server1
!= NULL
|| sn_server2
!= NULL
)
1651 SSL_CTX_set_tlsext_servername_callback(s_ctx
, servername_cb
);
1653 c_ssl
= SSL_new(c_ctx
);
1654 s_ssl
= SSL_new(s_ctx
);
1657 SSL_set_tlsext_host_name(c_ssl
, sn_client
);
1659 if (!set_protocol_version(server_min_proto
, s_ssl
, SSL_CTRL_SET_MIN_PROTO_VERSION
))
1661 if (!set_protocol_version(server_max_proto
, s_ssl
, SSL_CTRL_SET_MAX_PROTO_VERSION
))
1663 if (!set_protocol_version(client_min_proto
, c_ssl
, SSL_CTRL_SET_MIN_PROTO_VERSION
))
1665 if (!set_protocol_version(client_max_proto
, c_ssl
, SSL_CTRL_SET_MAX_PROTO_VERSION
))
1669 if (SSL_CTX_add_session(s_ctx
, server_sess
) == 0) {
1670 BIO_printf(bio_err
, "Can't add server session\n");
1671 ERR_print_errors(bio_err
);
1676 BIO_printf(bio_stdout
, "Doing handshakes=%d bytes=%ld\n", number
, bytes
);
1677 for (i
= 0; i
< number
; i
++) {
1679 if (!SSL_set_session(c_ssl
, NULL
)) {
1680 BIO_printf(bio_err
, "Failed to set session\n");
1684 if (client_sess_in
!= NULL
) {
1685 if (SSL_set_session(c_ssl
, client_sess
) == 0) {
1686 BIO_printf(bio_err
, "Can't set client session\n");
1687 ERR_print_errors(bio_err
);
1693 ret
= doit(s_ssl
, c_ssl
, bytes
);
1696 ret
= doit_biopair(s_ssl
, c_ssl
, bytes
, &s_time
, &c_time
);
1698 #ifndef OPENSSL_NO_SOCK
1700 ret
= doit_localhost(s_ssl
, c_ssl
, BIO_FAMILY_IPV4
,
1701 bytes
, &s_time
, &c_time
);
1704 ret
= doit_localhost(s_ssl
, c_ssl
, BIO_FAMILY_IPV6
,
1705 bytes
, &s_time
, &c_time
);
1714 if (ret
!= EXIT_SUCCESS
) break;
1717 if (should_negotiate
&& ret
== EXIT_SUCCESS
&&
1718 strcmp(should_negotiate
, "fail-server") != 0 &&
1719 strcmp(should_negotiate
, "fail-client") != 0) {
1720 int version
= protocol_from_string(should_negotiate
);
1722 BIO_printf(bio_err
, "Error parsing: %s\n", should_negotiate
);
1726 if (SSL_version(c_ssl
) != version
) {
1727 BIO_printf(bio_err
, "Unexpected version negotiated. "
1728 "Expected: %s, got %s\n", should_negotiate
, SSL_get_version(c_ssl
));
1734 if (should_reuse
!= -1) {
1735 if (SSL_session_reused(s_ssl
) != should_reuse
||
1736 SSL_session_reused(c_ssl
) != should_reuse
) {
1737 BIO_printf(bio_err
, "Unexpected session reuse state. "
1738 "Expected: %d, server: %d, client: %d\n", should_reuse
,
1739 SSL_session_reused(s_ssl
), SSL_session_reused(c_ssl
));
1745 if (server_sess_out
!= NULL
) {
1746 if (write_session(server_sess_out
, SSL_get_session(s_ssl
)) == 0) {
1751 if (client_sess_out
!= NULL
) {
1752 if (write_session(client_sess_out
, SSL_get_session(c_ssl
)) == 0) {
1759 print_details(c_ssl
, "");
1762 #ifdef CLOCKS_PER_SEC
1764 * "To determine the time in seconds, the value returned by the clock
1765 * function should be divided by the value of the macro
1766 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1768 BIO_printf(bio_stdout
, "Approximate total server time: %6.2f s\n"
1769 "Approximate total client time: %6.2f s\n",
1770 (double)s_time
/ CLOCKS_PER_SEC
,
1771 (double)c_time
/ CLOCKS_PER_SEC
);
1773 BIO_printf(bio_stdout
,
1774 "Approximate total server time: %6.2f units\n"
1775 "Approximate total client time: %6.2f units\n",
1776 (double)s_time
, (double)c_time
);
1785 SSL_CTX_free(s_ctx
);
1786 SSL_CTX_free(s_ctx2
);
1787 SSL_CTX_free(c_ctx
);
1788 SSL_CONF_CTX_free(s_cctx
);
1789 SSL_CONF_CTX_free(s_cctx2
);
1790 SSL_CONF_CTX_free(c_cctx
);
1791 sk_OPENSSL_STRING_free(conf_args
);
1793 BIO_free(bio_stdout
);
1795 SSL_SESSION_free(server_sess
);
1796 SSL_SESSION_free(client_sess
);
1798 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1799 if (CRYPTO_mem_leaks(bio_err
) <= 0)
1806 #ifndef OPENSSL_NO_SOCK
1807 int doit_localhost(SSL
*s_ssl
, SSL
*c_ssl
, int family
, long count
,
1808 clock_t *s_time
, clock_t *c_time
)
1810 long cw_num
= count
, cr_num
= count
, sw_num
= count
, sr_num
= count
;
1811 BIO
*s_ssl_bio
= NULL
, *c_ssl_bio
= NULL
;
1812 BIO
*acpt
= NULL
, *server
= NULL
, *client
= NULL
;
1814 int ret
= EXIT_FAILURE
;
1815 int err_in_client
= 0;
1816 int err_in_server
= 0;
1818 acpt
= BIO_new_accept("0");
1821 BIO_set_accept_ip_family(acpt
, family
);
1822 BIO_set_bind_mode(acpt
, BIO_SOCK_NONBLOCK
| BIO_SOCK_REUSEADDR
);
1823 if (BIO_do_accept(acpt
) <= 0)
1826 BIO_snprintf(addr_str
, sizeof(addr_str
), ":%s", BIO_get_accept_port(acpt
));
1828 client
= BIO_new_connect(addr_str
);
1829 BIO_set_conn_ip_family(client
, family
);
1833 if (BIO_set_nbio(client
, 1) <= 0)
1835 if (BIO_set_nbio(acpt
, 1) <= 0)
1839 int st_connect
= 0, st_accept
= 0;
1841 while(!st_connect
|| !st_accept
) {
1843 if (BIO_do_connect(client
) <= 0) {
1844 if (!BIO_should_retry(client
))
1851 if (BIO_do_accept(acpt
) <= 0) {
1852 if (!BIO_should_retry(acpt
))
1860 /* We're not interested in accepting further connects */
1861 server
= BIO_pop(acpt
);
1865 s_ssl_bio
= BIO_new(BIO_f_ssl());
1869 c_ssl_bio
= BIO_new(BIO_f_ssl());
1873 SSL_set_connect_state(c_ssl
);
1874 SSL_set_bio(c_ssl
, client
, client
);
1875 (void)BIO_set_ssl(c_ssl_bio
, c_ssl
, BIO_NOCLOSE
);
1877 SSL_set_accept_state(s_ssl
);
1878 SSL_set_bio(s_ssl
, server
, server
);
1879 (void)BIO_set_ssl(s_ssl_bio
, s_ssl
, BIO_NOCLOSE
);
1883 * c_ssl_bio: SSL filter BIO
1885 * client: I/O for SSL library
1888 * server: I/O for SSL library
1890 * s_ssl_bio: SSL filter BIO
1894 * We have non-blocking behaviour throughout this test program, but
1895 * can be sure that there is *some* progress in each iteration; so we
1896 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1897 * we just try everything in each iteration
1903 char cbuf
[1024 * 8];
1905 clock_t c_clock
= clock();
1907 memset(cbuf
, 0, sizeof(cbuf
));
1910 if (SSL_in_init(c_ssl
))
1911 printf("client waiting in SSL_connect - %s\n",
1912 SSL_state_string_long(c_ssl
));
1915 /* Write to server. */
1917 if (cw_num
> (long)sizeof cbuf
)
1921 r
= BIO_write(c_ssl_bio
, cbuf
, i
);
1923 if (!BIO_should_retry(c_ssl_bio
)) {
1924 fprintf(stderr
, "ERROR in CLIENT\n");
1929 * BIO_should_retry(...) can just be ignored here. The
1930 * library expects us to call BIO_write with the same
1931 * arguments again, and that's what we will do in the
1934 } else if (r
== 0) {
1935 fprintf(stderr
, "SSL CLIENT STARTUP FAILED\n");
1939 printf("client wrote %d\n", r
);
1945 /* Read from server. */
1947 r
= BIO_read(c_ssl_bio
, cbuf
, sizeof(cbuf
));
1949 if (!BIO_should_retry(c_ssl_bio
)) {
1950 fprintf(stderr
, "ERROR in CLIENT\n");
1955 * Again, "BIO_should_retry" can be ignored.
1957 } else if (r
== 0) {
1958 fprintf(stderr
, "SSL CLIENT STARTUP FAILED\n");
1962 printf("client read %d\n", r
);
1968 * c_time and s_time increments will typically be very small
1969 * (depending on machine speed and clock tick intervals), but
1970 * sampling over a large number of connections should result in
1971 * fairly accurate figures. We cannot guarantee a lot, however
1972 * -- if each connection lasts for exactly one clock tick, it
1973 * will be counted only for the client or only for the server or
1976 *c_time
+= (clock() - c_clock
);
1982 char sbuf
[1024 * 8];
1984 clock_t s_clock
= clock();
1986 memset(sbuf
, 0, sizeof(sbuf
));
1989 if (SSL_in_init(s_ssl
))
1990 printf("server waiting in SSL_accept - %s\n",
1991 SSL_state_string_long(s_ssl
));
1994 /* Write to client. */
1996 if (sw_num
> (long)sizeof sbuf
)
2000 r
= BIO_write(s_ssl_bio
, sbuf
, i
);
2002 if (!BIO_should_retry(s_ssl_bio
)) {
2003 fprintf(stderr
, "ERROR in SERVER\n");
2007 /* Ignore "BIO_should_retry". */
2008 } else if (r
== 0) {
2009 fprintf(stderr
, "SSL SERVER STARTUP FAILED\n");
2013 printf("server wrote %d\n", r
);
2019 /* Read from client. */
2021 r
= BIO_read(s_ssl_bio
, sbuf
, sizeof(sbuf
));
2023 if (!BIO_should_retry(s_ssl_bio
)) {
2024 fprintf(stderr
, "ERROR in SERVER\n");
2029 } else if (r
== 0) {
2030 fprintf(stderr
, "SSL SERVER STARTUP FAILED\n");
2034 printf("server read %d\n", r
);
2039 *s_time
+= (clock() - s_clock
);
2042 while (cw_num
> 0 || cr_num
> 0 || sw_num
> 0 || sr_num
> 0);
2045 print_details(c_ssl
, "DONE via TCP connect: ");
2046 # ifndef OPENSSL_NO_NEXTPROTONEG
2047 if (verify_npn(c_ssl
, s_ssl
) < 0)
2050 if (verify_serverinfo() < 0) {
2051 fprintf(stderr
, "Server info verify error\n");
2054 if (verify_alpn(c_ssl
, s_ssl
) < 0
2055 || verify_servername(c_ssl
, s_ssl
) < 0)
2058 if (custom_ext_error
) {
2059 fprintf(stderr
, "Custom extension error\n");
2063 # ifndef OPENSSL_NO_NEXTPROTONEG
2069 ERR_print_errors(bio_err
);
2074 BIO_free(s_ssl_bio
);
2075 BIO_free(c_ssl_bio
);
2077 if (should_negotiate
!= NULL
&& strcmp(should_negotiate
, "fail-client") == 0)
2078 ret
= (err_in_client
!= 0) ? EXIT_SUCCESS
: EXIT_FAILURE
;
2079 else if (should_negotiate
!= NULL
&& strcmp(should_negotiate
, "fail-server") == 0)
2080 ret
= (err_in_server
!= 0) ? EXIT_SUCCESS
: EXIT_FAILURE
;
2086 int doit_biopair(SSL
*s_ssl
, SSL
*c_ssl
, long count
,
2087 clock_t *s_time
, clock_t *c_time
)
2089 long cw_num
= count
, cr_num
= count
, sw_num
= count
, sr_num
= count
;
2090 BIO
*s_ssl_bio
= NULL
, *c_ssl_bio
= NULL
;
2091 BIO
*server
= NULL
, *server_io
= NULL
, *client
= NULL
, *client_io
= NULL
;
2092 int ret
= EXIT_FAILURE
;
2093 int err_in_client
= 0;
2094 int err_in_server
= 0;
2096 size_t bufsiz
= 256; /* small buffer for testing */
2098 if (!BIO_new_bio_pair(&server
, bufsiz
, &server_io
, bufsiz
))
2100 if (!BIO_new_bio_pair(&client
, bufsiz
, &client_io
, bufsiz
))
2103 s_ssl_bio
= BIO_new(BIO_f_ssl());
2107 c_ssl_bio
= BIO_new(BIO_f_ssl());
2111 SSL_set_connect_state(c_ssl
);
2112 SSL_set_bio(c_ssl
, client
, client
);
2113 (void)BIO_set_ssl(c_ssl_bio
, c_ssl
, BIO_NOCLOSE
);
2115 SSL_set_accept_state(s_ssl
);
2116 SSL_set_bio(s_ssl
, server
, server
);
2117 (void)BIO_set_ssl(s_ssl_bio
, s_ssl
, BIO_NOCLOSE
);
2121 * c_ssl_bio: SSL filter BIO
2123 * client: pseudo-I/O for SSL library
2125 * client_io: client's SSL communication; usually to be
2126 * relayed over some I/O facility, but in this
2127 * test program, we're the server, too:
2129 * server_io: server's SSL communication
2131 * server: pseudo-I/O for SSL library
2133 * s_ssl_bio: SSL filter BIO
2135 * The client and the server each employ a "BIO pair":
2136 * client + client_io, server + server_io.
2137 * BIO pairs are symmetric. A BIO pair behaves similar
2138 * to a non-blocking socketpair (but both endpoints must
2139 * be handled by the same thread).
2140 * [Here we could connect client and server to the ends
2141 * of a single BIO pair, but then this code would be less
2142 * suitable as an example for BIO pairs in general.]
2144 * Useful functions for querying the state of BIO pair endpoints:
2146 * BIO_ctrl_pending(bio) number of bytes we can read now
2147 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
2148 * other side's read attempt
2149 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2151 * ..._read_request is never more than ..._write_guarantee;
2152 * it depends on the application which one you should use.
2156 * We have non-blocking behaviour throughout this test program, but
2157 * can be sure that there is *some* progress in each iteration; so we
2158 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2159 * we just try everything in each iteration
2165 char cbuf
[1024 * 8];
2167 clock_t c_clock
= clock();
2169 memset(cbuf
, 0, sizeof(cbuf
));
2172 if (SSL_in_init(c_ssl
))
2173 printf("client waiting in SSL_connect - %s\n",
2174 SSL_state_string_long(c_ssl
));
2177 /* Write to server. */
2179 if (cw_num
> (long)sizeof cbuf
)
2183 r
= BIO_write(c_ssl_bio
, cbuf
, i
);
2185 if (!BIO_should_retry(c_ssl_bio
)) {
2186 fprintf(stderr
, "ERROR in CLIENT\n");
2191 * BIO_should_retry(...) can just be ignored here. The
2192 * library expects us to call BIO_write with the same
2193 * arguments again, and that's what we will do in the
2196 } else if (r
== 0) {
2197 fprintf(stderr
, "SSL CLIENT STARTUP FAILED\n");
2201 printf("client wrote %d\n", r
);
2207 /* Read from server. */
2209 r
= BIO_read(c_ssl_bio
, cbuf
, sizeof(cbuf
));
2211 if (!BIO_should_retry(c_ssl_bio
)) {
2212 fprintf(stderr
, "ERROR in CLIENT\n");
2217 * Again, "BIO_should_retry" can be ignored.
2219 } else if (r
== 0) {
2220 fprintf(stderr
, "SSL CLIENT STARTUP FAILED\n");
2224 printf("client read %d\n", r
);
2230 * c_time and s_time increments will typically be very small
2231 * (depending on machine speed and clock tick intervals), but
2232 * sampling over a large number of connections should result in
2233 * fairly accurate figures. We cannot guarantee a lot, however
2234 * -- if each connection lasts for exactly one clock tick, it
2235 * will be counted only for the client or only for the server or
2238 *c_time
+= (clock() - c_clock
);
2244 char sbuf
[1024 * 8];
2246 clock_t s_clock
= clock();
2248 memset(sbuf
, 0, sizeof(sbuf
));
2251 if (SSL_in_init(s_ssl
))
2252 printf("server waiting in SSL_accept - %s\n",
2253 SSL_state_string_long(s_ssl
));
2256 /* Write to client. */
2258 if (sw_num
> (long)sizeof sbuf
)
2262 r
= BIO_write(s_ssl_bio
, sbuf
, i
);
2264 if (!BIO_should_retry(s_ssl_bio
)) {
2265 fprintf(stderr
, "ERROR in SERVER\n");
2269 /* Ignore "BIO_should_retry". */
2270 } else if (r
== 0) {
2271 fprintf(stderr
, "SSL SERVER STARTUP FAILED\n");
2275 printf("server wrote %d\n", r
);
2281 /* Read from client. */
2283 r
= BIO_read(s_ssl_bio
, sbuf
, sizeof(sbuf
));
2285 if (!BIO_should_retry(s_ssl_bio
)) {
2286 fprintf(stderr
, "ERROR in SERVER\n");
2291 } else if (r
== 0) {
2292 fprintf(stderr
, "SSL SERVER STARTUP FAILED\n");
2296 printf("server read %d\n", r
);
2301 *s_time
+= (clock() - s_clock
);
2305 /* "I/O" BETWEEN CLIENT AND SERVER. */
2308 BIO
*io1
= server_io
, *io2
= client_io
;
2310 * we use the non-copying interface for io1 and the standard
2311 * BIO_write/BIO_read interface for io2
2314 static int prev_progress
= 1;
2322 r1
= BIO_ctrl_pending(io1
);
2323 r2
= BIO_ctrl_get_write_guarantee(io2
);
2331 if (INT_MAX
< num
) /* yeah, right */
2334 r
= BIO_nread(io1
, &dataptr
, (int)num
);
2336 assert(r
<= (int)num
);
2338 * possibly r < num (non-contiguous data)
2341 r
= BIO_write(io2
, dataptr
, (int)num
);
2342 if (r
!= (int)num
) { /* can't happen */
2343 fprintf(stderr
, "ERROR: BIO_write could not write "
2344 "BIO_ctrl_get_write_guarantee() bytes");
2350 printf((io1
== client_io
) ?
2351 "C->S relaying: %d bytes\n" :
2352 "S->C relaying: %d bytes\n", (int)num
);
2362 r1
= BIO_ctrl_pending(io2
);
2363 r2
= BIO_ctrl_get_read_request(io1
);
2365 * here we could use ..._get_write_guarantee instead of
2366 * ..._get_read_request, but by using the latter we test
2367 * restartability of the SSL implementation more thoroughly
2379 --num
; /* test restartability even more thoroughly */
2381 r
= BIO_nwrite0(io1
, &dataptr
);
2385 r
= BIO_read(io2
, dataptr
, (int)num
);
2386 if (r
!= (int)num
) { /* can't happen */
2387 fprintf(stderr
, "ERROR: BIO_read could not read "
2388 "BIO_ctrl_pending() bytes");
2392 r
= BIO_nwrite(io1
, &dataptr
, (int)num
);
2393 if (r
!= (int)num
) { /* can't happen */
2394 fprintf(stderr
, "ERROR: BIO_nwrite() did not accept "
2395 "BIO_nwrite0() bytes");
2400 printf((io2
== client_io
) ?
2401 "C->S relaying: %d bytes\n" :
2402 "S->C relaying: %d bytes\n", (int)num
);
2404 } /* no loop, BIO_ctrl_get_read_request now
2405 * returns 0 anyway */
2407 if (!progress
&& !prev_progress
)
2408 if (cw_num
> 0 || cr_num
> 0 || sw_num
> 0 || sr_num
> 0) {
2409 fprintf(stderr
, "ERROR: got stuck\n");
2410 fprintf(stderr
, " ERROR.\n");
2413 prev_progress
= progress
;
2416 while (cw_num
> 0 || cr_num
> 0 || sw_num
> 0 || sr_num
> 0);
2419 print_details(c_ssl
, "DONE via BIO pair: ");
2420 #ifndef OPENSSL_NO_NEXTPROTONEG
2421 if (verify_npn(c_ssl
, s_ssl
) < 0)
2424 if (verify_serverinfo() < 0) {
2425 fprintf(stderr
, "Server info verify error\n");
2428 if (verify_alpn(c_ssl
, s_ssl
) < 0
2429 || verify_servername(c_ssl
, s_ssl
) < 0)
2432 if (custom_ext_error
) {
2433 fprintf(stderr
, "Custom extension error\n");
2437 #ifndef OPENSSL_NO_NEXTPROTONEG
2443 ERR_print_errors(bio_err
);
2446 BIO_free(server_io
);
2448 BIO_free(client_io
);
2449 BIO_free(s_ssl_bio
);
2450 BIO_free(c_ssl_bio
);
2452 if (should_negotiate
!= NULL
&& strcmp(should_negotiate
, "fail-client") == 0)
2453 ret
= (err_in_client
!= 0) ? EXIT_SUCCESS
: EXIT_FAILURE
;
2454 else if (should_negotiate
!= NULL
&& strcmp(should_negotiate
, "fail-server") == 0)
2455 ret
= (err_in_server
!= 0) ? EXIT_SUCCESS
: EXIT_FAILURE
;
2465 int doit(SSL
*s_ssl
, SSL
*c_ssl
, long count
)
2467 char *cbuf
= NULL
, *sbuf
= NULL
;
2469 long cw_num
= count
, cr_num
= count
;
2470 long sw_num
= count
, sr_num
= count
;
2471 int ret
= EXIT_FAILURE
;
2476 int c_r
, c_w
, s_r
, s_w
;
2479 int c_write
, s_write
;
2480 int do_server
= 0, do_client
= 0;
2481 int max_frag
= 5 * 1024;
2482 int err_in_client
= 0;
2483 int err_in_server
= 0;
2485 bufsiz
= count
> 40 * 1024 ? 40 * 1024 : count
;
2487 if ((cbuf
= OPENSSL_zalloc(bufsiz
)) == NULL
)
2489 if ((sbuf
= OPENSSL_zalloc(bufsiz
)) == NULL
)
2492 c_to_s
= BIO_new(BIO_s_mem());
2493 s_to_c
= BIO_new(BIO_s_mem());
2494 if ((s_to_c
== NULL
) || (c_to_s
== NULL
)) {
2495 ERR_print_errors(bio_err
);
2499 c_bio
= BIO_new(BIO_f_ssl());
2500 s_bio
= BIO_new(BIO_f_ssl());
2501 if ((c_bio
== NULL
) || (s_bio
== NULL
)) {
2502 ERR_print_errors(bio_err
);
2506 SSL_set_connect_state(c_ssl
);
2507 SSL_set_bio(c_ssl
, s_to_c
, c_to_s
);
2508 SSL_set_max_send_fragment(c_ssl
, max_frag
);
2509 BIO_set_ssl(c_bio
, c_ssl
, BIO_NOCLOSE
);
2512 * We've just given our ref to these BIOs to c_ssl. We need another one to
2515 if (!BIO_up_ref(c_to_s
)) {
2516 /* c_to_s and s_to_c will get freed when we free c_ssl */
2521 if (!BIO_up_ref(s_to_c
)) {
2522 /* s_to_c will get freed when we free c_ssl */
2527 SSL_set_accept_state(s_ssl
);
2528 SSL_set_bio(s_ssl
, c_to_s
, s_to_c
);
2530 /* We've used up all our refs to these now */
2534 SSL_set_max_send_fragment(s_ssl
, max_frag
);
2535 BIO_set_ssl(s_bio
, s_ssl
, BIO_NOCLOSE
);
2541 c_write
= 1, s_write
= 0;
2543 /* We can always do writes */
2548 i
= (int)BIO_pending(s_bio
);
2549 if ((i
&& s_r
) || s_w
)
2552 i
= (int)BIO_pending(c_bio
);
2553 if ((i
&& c_r
) || c_w
)
2556 if (do_server
&& debug
) {
2557 if (SSL_in_init(s_ssl
))
2558 printf("server waiting in SSL_accept - %s\n",
2559 SSL_state_string_long(s_ssl
));
2562 if (do_client
&& debug
) {
2563 if (SSL_in_init(c_ssl
))
2564 printf("client waiting in SSL_connect - %s\n",
2565 SSL_state_string_long(c_ssl
));
2568 if (!do_client
&& !do_server
) {
2569 fprintf(stdout
, "ERROR IN STARTUP\n");
2570 ERR_print_errors(bio_err
);
2573 if (do_client
&& !(done
& C_DONE
)) {
2575 j
= (cw_num
> bufsiz
) ? (int)bufsiz
: (int)cw_num
;
2576 i
= BIO_write(c_bio
, cbuf
, j
);
2580 if (BIO_should_retry(c_bio
)) {
2581 if (BIO_should_read(c_bio
))
2583 if (BIO_should_write(c_bio
))
2586 fprintf(stderr
, "ERROR in CLIENT\n");
2588 ERR_print_errors(bio_err
);
2591 } else if (i
== 0) {
2592 fprintf(stderr
, "SSL CLIENT STARTUP FAILED\n");
2596 printf("client wrote %d\n", i
);
2601 if (max_frag
> 1029)
2602 SSL_set_max_send_fragment(c_ssl
, max_frag
-= 5);
2605 i
= BIO_read(c_bio
, cbuf
, bufsiz
);
2609 if (BIO_should_retry(c_bio
)) {
2610 if (BIO_should_read(c_bio
))
2612 if (BIO_should_write(c_bio
))
2615 fprintf(stderr
, "ERROR in CLIENT\n");
2617 ERR_print_errors(bio_err
);
2620 } else if (i
== 0) {
2621 fprintf(stderr
, "SSL CLIENT STARTUP FAILED\n");
2625 printf("client read %d\n", i
);
2634 done
= S_DONE
| C_DONE
;
2640 if (do_server
&& !(done
& S_DONE
)) {
2642 i
= BIO_read(s_bio
, sbuf
, bufsiz
);
2646 if (BIO_should_retry(s_bio
)) {
2647 if (BIO_should_read(s_bio
))
2649 if (BIO_should_write(s_bio
))
2652 fprintf(stderr
, "ERROR in SERVER\n");
2654 ERR_print_errors(bio_err
);
2657 } else if (i
== 0) {
2658 ERR_print_errors(bio_err
);
2660 "SSL SERVER STARTUP FAILED in SSL_read\n");
2664 printf("server read %d\n", i
);
2677 j
= (sw_num
> bufsiz
) ? (int)bufsiz
: (int)sw_num
;
2678 i
= BIO_write(s_bio
, sbuf
, j
);
2682 if (BIO_should_retry(s_bio
)) {
2683 if (BIO_should_read(s_bio
))
2685 if (BIO_should_write(s_bio
))
2688 fprintf(stderr
, "ERROR in SERVER\n");
2690 ERR_print_errors(bio_err
);
2693 } else if (i
== 0) {
2694 ERR_print_errors(bio_err
);
2696 "SSL SERVER STARTUP FAILED in SSL_write\n");
2700 printf("server wrote %d\n", i
);
2706 if (max_frag
> 1029)
2707 SSL_set_max_send_fragment(s_ssl
, max_frag
-= 5);
2712 if ((done
& S_DONE
) && (done
& C_DONE
))
2717 print_details(c_ssl
, "DONE: ");
2718 #ifndef OPENSSL_NO_NEXTPROTONEG
2719 if (verify_npn(c_ssl
, s_ssl
) < 0)
2722 if (verify_serverinfo() < 0) {
2723 fprintf(stderr
, "Server info verify error\n");
2726 if (custom_ext_error
) {
2727 fprintf(stderr
, "Custom extension error\n");
2734 BIO_free_all(c_bio
);
2735 BIO_free_all(s_bio
);
2739 if (should_negotiate
!= NULL
&& strcmp(should_negotiate
, "fail-client") == 0)
2740 ret
= (err_in_client
!= 0) ? EXIT_SUCCESS
: EXIT_FAILURE
;
2741 else if (should_negotiate
!= NULL
&& strcmp(should_negotiate
, "fail-server") == 0)
2742 ret
= (err_in_server
!= 0) ? EXIT_SUCCESS
: EXIT_FAILURE
;
2747 static int verify_callback(int ok
, X509_STORE_CTX
*ctx
)
2751 s
= X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx
)),
2755 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx
), buf
);
2757 fprintf(stderr
, "depth=%d error=%d %s\n",
2758 X509_STORE_CTX_get_error_depth(ctx
),
2759 X509_STORE_CTX_get_error(ctx
), buf
);
2764 int i
= X509_STORE_CTX_get_error(ctx
);
2768 fprintf(stderr
, "Error string: %s\n",
2769 X509_verify_cert_error_string(i
));
2771 case X509_V_ERR_CERT_NOT_YET_VALID
:
2772 case X509_V_ERR_CERT_HAS_EXPIRED
:
2773 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
:
2782 static int app_verify_callback(X509_STORE_CTX
*ctx
, void *arg
)
2785 struct app_verify_arg
*cb_arg
= arg
;
2787 if (cb_arg
->app_verify
) {
2788 char *s
= NULL
, buf
[256];
2789 X509
*c
= X509_STORE_CTX_get0_cert(ctx
);
2791 printf("In app_verify_callback, allowing cert. ");
2792 printf("Arg is: %s\n", cb_arg
->string
);
2793 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2794 (void *)ctx
, (void *)c
);
2796 s
= X509_NAME_oneline(X509_get_subject_name(c
), buf
, 256);
2798 printf("cert depth=%d %s\n",
2799 X509_STORE_CTX_get_error_depth(ctx
), buf
);
2804 ok
= X509_verify_cert(ctx
);
2809 #ifndef OPENSSL_NO_DH
2811 * These DH parameters have been generated as follows:
2812 * $ openssl dhparam -C -noout 512
2813 * $ openssl dhparam -C -noout 1024
2814 * $ openssl dhparam -C -noout -dsaparam 1024
2815 * (The third function has been renamed to avoid name conflicts.)
2817 static DH
*get_dh512()
2819 static unsigned char dh512_p
[] = {
2820 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2822 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2824 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2826 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2828 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2830 0x02, 0xC5, 0xAE, 0x23,
2832 static unsigned char dh512_g
[] = {
2838 if ((dh
= DH_new()) == NULL
)
2840 p
= BN_bin2bn(dh512_p
, sizeof(dh512_p
), NULL
);
2841 g
= BN_bin2bn(dh512_g
, sizeof(dh512_g
), NULL
);
2842 if ((p
== NULL
) || (g
== NULL
) || !DH_set0_pqg(dh
, p
, NULL
, g
)) {
2851 static DH
*get_dh1024()
2853 static unsigned char dh1024_p
[] = {
2854 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2856 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2858 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2860 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2862 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2864 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2866 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2868 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2870 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2872 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2874 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2876 static unsigned char dh1024_g
[] = {
2882 if ((dh
= DH_new()) == NULL
)
2884 p
= BN_bin2bn(dh1024_p
, sizeof(dh1024_p
), NULL
);
2885 g
= BN_bin2bn(dh1024_g
, sizeof(dh1024_g
), NULL
);
2886 if ((p
== NULL
) || (g
== NULL
) || !DH_set0_pqg(dh
, p
, NULL
, g
)) {
2895 static DH
*get_dh1024dsa()
2897 static unsigned char dh1024_p
[] = {
2898 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2900 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2902 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2904 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2906 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2908 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2910 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2912 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2914 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2916 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2918 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2920 static unsigned char dh1024_g
[] = {
2921 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2923 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2925 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2927 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2929 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2931 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2933 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2935 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2937 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
2939 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
2941 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
2946 if ((dh
= DH_new()) == NULL
)
2948 p
= BN_bin2bn(dh1024_p
, sizeof(dh1024_p
), NULL
);
2949 g
= BN_bin2bn(dh1024_g
, sizeof(dh1024_g
), NULL
);
2950 if ((p
== NULL
) || (g
== NULL
) || !DH_set0_pqg(dh
, p
, NULL
, g
)) {
2956 DH_set_length(dh
, 160);
2961 #ifndef OPENSSL_NO_PSK
2962 /* convert the PSK key (psk_key) in ascii to binary (psk) */
2963 static int psk_key2bn(const char *pskkey
, unsigned char *psk
,
2964 unsigned int max_psk_len
)
2969 ret
= BN_hex2bn(&bn
, pskkey
);
2971 BIO_printf(bio_err
, "Could not convert PSK key '%s' to BIGNUM\n",
2976 if (BN_num_bytes(bn
) > (int)max_psk_len
) {
2978 "psk buffer of callback is too small (%d) for key (%d)\n",
2979 max_psk_len
, BN_num_bytes(bn
));
2983 ret
= BN_bn2bin(bn
, psk
);
2988 static unsigned int psk_client_callback(SSL
*ssl
, const char *hint
,
2990 unsigned int max_identity_len
,
2992 unsigned int max_psk_len
)
2995 unsigned int psk_len
= 0;
2997 ret
= BIO_snprintf(identity
, max_identity_len
, "Client_identity");
3001 fprintf(stderr
, "client: created identity '%s' len=%d\n", identity
,
3003 ret
= psk_key2bn(psk_key
, psk
, max_psk_len
);
3011 static unsigned int psk_server_callback(SSL
*ssl
, const char *identity
,
3013 unsigned int max_psk_len
)
3015 unsigned int psk_len
= 0;
3017 if (strcmp(identity
, "Client_identity") != 0) {
3018 BIO_printf(bio_err
, "server: PSK error: client identity not found\n");
3021 psk_len
= psk_key2bn(psk_key
, psk
, max_psk_len
);