1 /* $OpenBSD: ssltest.c,v 1.45 2024/03/01 03:45:16 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58 /* ====================================================================
59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111 /* ====================================================================
112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
113 * ECC cipher suite support in OpenSSL originally developed by
114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
115 */
116 /* ====================================================================
117 * Copyright 2005 Nokia. All rights reserved.
118 *
119 * The portions of the attached software ("Contribution") is developed by
120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
121 * license.
122 *
123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
125 * support (see RFC 4279) to OpenSSL.
126 *
127 * No patent licenses or other rights except those expressly stated in
128 * the OpenSSL open source license shall be deemed granted or received
129 * expressly, by implication, estoppel, or otherwise.
130 *
131 * No assurances are provided by Nokia that the Contribution does not
132 * infringe the patent or other intellectual property rights of any third
133 * party or that the license provides you with all the necessary rights
134 * to make use of the Contribution.
135 *
136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
140 * OTHERWISE.
141 */
142
143 /* XXX - USE_BIOPAIR code needs updating for BIO_n{read,write}{,0} removal. */
144 /* #define USE_BIOPAIR */
145
146 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
147 on Linux and GNU platforms. */
148 #include <sys/types.h>
149 #include <sys/socket.h>
150
151 #include <netinet/in.h>
152
153 #include <assert.h>
154 #include <errno.h>
155 #include <limits.h>
156 #include <netdb.h>
157 #include <stdio.h>
158 #include <stdlib.h>
159 #include <string.h>
160 #include <time.h>
161 #include <unistd.h>
162
163 #include <openssl/opensslconf.h>
164 #include <openssl/bio.h>
165 #include <openssl/crypto.h>
166 #include <openssl/evp.h>
167 #include <openssl/x509.h>
168 #include <openssl/x509v3.h>
169 #include <openssl/ssl.h>
170 #include <openssl/err.h>
171 #include <openssl/rand.h>
172 #include <openssl/rsa.h>
173 #include <openssl/dsa.h>
174 #include <openssl/dh.h>
175 #include <openssl/bn.h>
176
177 #include "ssl_local.h"
178
179 #define TEST_SERVER_CERT "../apps/server.pem"
180 #define TEST_CLIENT_CERT "../apps/client.pem"
181
182 static int verify_callback(int ok, X509_STORE_CTX *ctx);
183 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
184
185 static DH *get_dh1024(void);
186 static DH *get_dh1024dsa(void);
187
188 static BIO *bio_err = NULL;
189 static BIO *bio_stdout = NULL;
190
191 static const char *alpn_client;
192 static const char *alpn_server;
193 static const char *alpn_expected;
194 static unsigned char *alpn_selected;
195
196 /*
197 * next_protos_parse parses a comma separated list of strings into a string
198 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
199 * outlen: (output) set to the length of the resulting buffer on success.
200 * err: (maybe NULL) on failure, an error message line is written to this BIO.
201 * in: a NUL terminated string like "abc,def,ghi"
202 *
203 * returns: a malloced buffer or NULL on failure.
204 */
205 static unsigned char *
next_protos_parse(unsigned short * outlen,const char * in)206 next_protos_parse(unsigned short *outlen, const char *in)
207 {
208 size_t i, len, start = 0;
209 unsigned char *out;
210
211 len = strlen(in);
212 if (len >= 65535)
213 return (NULL);
214
215 if ((out = malloc(strlen(in) + 1)) == NULL)
216 return (NULL);
217
218 for (i = 0; i <= len; ++i) {
219 if (i == len || in[i] == ',') {
220 if (i - start > 255) {
221 free(out);
222 return (NULL);
223 }
224 out[start] = i - start;
225 start = i + 1;
226 } else
227 out[i+1] = in[i];
228 }
229 *outlen = len + 1;
230 return (out);
231 }
232
233 static int
cb_server_alpn(SSL * s,const unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)234 cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
235 const unsigned char *in, unsigned int inlen, void *arg)
236 {
237 unsigned char *protos;
238 unsigned short protos_len;
239
240 if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) {
241 fprintf(stderr,
242 "failed to parser ALPN server protocol string: %s\n",
243 alpn_server);
244 abort();
245 }
246
247 if (SSL_select_next_proto((unsigned char **)out, outlen, protos,
248 protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) {
249 free(protos);
250 return (SSL_TLSEXT_ERR_NOACK);
251 }
252
253 /*
254 * Make a copy of the selected protocol which will be freed in
255 * verify_alpn.
256 */
257 free(alpn_selected);
258 if ((alpn_selected = malloc(*outlen)) == NULL) {
259 fprintf(stderr, "malloc failed\n");
260 abort();
261 }
262 memcpy(alpn_selected, *out, *outlen);
263 *out = alpn_selected;
264 free(protos);
265
266 return (SSL_TLSEXT_ERR_OK);
267 }
268
269 static int
verify_alpn(SSL * client,SSL * server)270 verify_alpn(SSL *client, SSL *server)
271 {
272 const unsigned char *client_proto, *server_proto;
273 unsigned int client_proto_len = 0, server_proto_len = 0;
274
275 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
276 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
277
278 free(alpn_selected);
279 alpn_selected = NULL;
280
281 if (client_proto_len != server_proto_len || (client_proto_len > 0 &&
282 memcmp(client_proto, server_proto, client_proto_len) != 0)) {
283 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
284 goto err;
285 }
286
287 if (client_proto_len > 0 && alpn_expected == NULL) {
288 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
289 goto err;
290 }
291
292 if (alpn_expected != NULL &&
293 (client_proto_len != strlen(alpn_expected) ||
294 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
295 BIO_printf(bio_stdout, "ALPN selected protocols not equal to "
296 "expected protocol: %s\n", alpn_expected);
297 goto err;
298 }
299
300 return (0);
301
302 err:
303 BIO_printf(bio_stdout, "ALPN results: client: '");
304 BIO_write(bio_stdout, client_proto, client_proto_len);
305 BIO_printf(bio_stdout, "', server: '");
306 BIO_write(bio_stdout, server_proto, server_proto_len);
307 BIO_printf(bio_stdout, "'\n");
308 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n",
309 alpn_client, alpn_server);
310
311 return (-1);
312 }
313
314 static char *cipher = NULL;
315 static int verbose = 0;
316 static int debug = 0;
317
318 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
319 clock_t *c_time);
320 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
321
322 static void
sv_usage(void)323 sv_usage(void)
324 {
325 fprintf(stderr, "usage: ssltest [args ...]\n");
326 fprintf(stderr, "\n");
327 fprintf(stderr, " -server_auth - check server certificate\n");
328 fprintf(stderr, " -client_auth - do client authentication\n");
329 fprintf(stderr, " -proxy - allow proxy certificates\n");
330 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
331 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n");
332 fprintf(stderr, " -v - more output\n");
333 fprintf(stderr, " -d - debug output\n");
334 fprintf(stderr, " -reuse - use session-id reuse\n");
335 fprintf(stderr, " -num <val> - number of connections to perform\n");
336 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n");
337 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
338 fprintf(stderr, " -no_dhe - disable DHE\n");
339 fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
340 fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n");
341 fprintf(stderr, " -tls1 - use TLSv1\n");
342 fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
343 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
344 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
345 fprintf(stderr, " -cert arg - Server certificate file\n");
346 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n");
347 fprintf(stderr, " -c_cert arg - Client certificate file\n");
348 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n");
349 fprintf(stderr, " -cipher arg - The cipher list\n");
350 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
351 fprintf(stderr, " -f - Test even cases that can't work\n");
352 fprintf(stderr, " -time - measure processor time used by client and server\n");
353 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
354 " Use \"openssl ecparam -list_curves\" for all names\n" \
355 " (default is sect163r2).\n");
356 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
357 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
358 fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
359 }
360
361 static void
print_details(SSL * c_ssl,const char * prefix)362 print_details(SSL *c_ssl, const char *prefix)
363 {
364 const SSL_CIPHER *ciph;
365 X509 *cert = NULL;
366 EVP_PKEY *pkey;
367
368 ciph = SSL_get_current_cipher(c_ssl);
369 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
370 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph),
371 SSL_CIPHER_get_name(ciph));
372
373 if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL)
374 goto out;
375 if ((pkey = X509_get0_pubkey(cert)) == NULL)
376 goto out;
377 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
378 RSA *rsa;
379
380 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
381 goto out;
382
383 BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa));
384 } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
385 DSA *dsa;
386 const BIGNUM *p;
387
388 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL)
389 goto out;
390
391 DSA_get0_pqg(dsa, &p, NULL, NULL);
392
393 BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p));
394 }
395
396 out:
397 /*
398 * The SSL API does not allow us to look at temporary RSA/DH keys,
399 * otherwise we should print their lengths too
400 */
401 BIO_printf(bio_stdout, "\n");
402
403 X509_free(cert);
404 }
405
406 int
main(int argc,char * argv[])407 main(int argc, char *argv[])
408 {
409 char *CApath = NULL, *CAfile = NULL;
410 int badop = 0;
411 int bio_pair = 0;
412 int force = 0;
413 int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1;
414 int client_auth = 0;
415 int server_auth = 0, i;
416 char *app_verify_arg = "Test Callback Argument";
417 char *server_cert = TEST_SERVER_CERT;
418 char *server_key = NULL;
419 char *client_cert = TEST_CLIENT_CERT;
420 char *client_key = NULL;
421 char *named_curve = NULL;
422 SSL_CTX *s_ctx = NULL;
423 SSL_CTX *c_ctx = NULL;
424 const SSL_METHOD *meth = NULL;
425 SSL *c_ssl, *s_ssl;
426 int number = 1, reuse = 0;
427 int seclevel = 0;
428 long bytes = 256L;
429 DH *dh;
430 int dhe1024dsa = 0;
431 EC_KEY *ecdh = NULL;
432 int no_dhe = 0;
433 int no_ecdhe = 0;
434 int print_time = 0;
435 clock_t s_time = 0, c_time = 0;
436
437 verbose = 0;
438 debug = 0;
439 cipher = 0;
440
441 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT);
442
443 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT);
444
445 argc--;
446 argv++;
447
448 while (argc >= 1) {
449 if (!strcmp(*argv, "-F")) {
450 fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n");
451 exit(0);
452 } else if (strcmp(*argv, "-server_auth") == 0)
453 server_auth = 1;
454 else if (strcmp(*argv, "-client_auth") == 0)
455 client_auth = 1;
456 else if (strcmp(*argv, "-v") == 0)
457 verbose = 1;
458 else if (strcmp(*argv, "-d") == 0)
459 debug = 1;
460 else if (strcmp(*argv, "-reuse") == 0)
461 reuse = 1;
462 else if (strcmp(*argv, "-dhe1024dsa") == 0) {
463 dhe1024dsa = 1;
464 } else if (strcmp(*argv, "-no_dhe") == 0)
465 no_dhe = 1;
466 else if (strcmp(*argv, "-no_ecdhe") == 0)
467 no_ecdhe = 1;
468 else if (strcmp(*argv, "-dtls1_2") == 0)
469 dtls1_2 = 1;
470 else if (strcmp(*argv, "-tls1") == 0)
471 tls1 = 1;
472 else if (strcmp(*argv, "-tls1_2") == 0)
473 tls1_2 = 1;
474 else if (strncmp(*argv, "-num", 4) == 0) {
475 if (--argc < 1)
476 goto bad;
477 number = atoi(*(++argv));
478 if (number == 0)
479 number = 1;
480 } else if (strncmp(*argv, "-seclevel", 9) == 0) {
481 if (--argc < 1)
482 goto bad;
483 seclevel = atoi(*(++argv));
484 } else if (strcmp(*argv, "-bytes") == 0) {
485 if (--argc < 1)
486 goto bad;
487 bytes = atol(*(++argv));
488 if (bytes == 0L)
489 bytes = 1L;
490 i = strlen(argv[0]);
491 if (argv[0][i - 1] == 'k')
492 bytes*=1024L;
493 if (argv[0][i - 1] == 'm')
494 bytes*=1024L*1024L;
495 } else if (strcmp(*argv, "-cert") == 0) {
496 if (--argc < 1)
497 goto bad;
498 server_cert= *(++argv);
499 } else if (strcmp(*argv, "-s_cert") == 0) {
500 if (--argc < 1)
501 goto bad;
502 server_cert= *(++argv);
503 } else if (strcmp(*argv, "-key") == 0) {
504 if (--argc < 1)
505 goto bad;
506 server_key= *(++argv);
507 } else if (strcmp(*argv, "-s_key") == 0) {
508 if (--argc < 1)
509 goto bad;
510 server_key= *(++argv);
511 } else if (strcmp(*argv, "-c_cert") == 0) {
512 if (--argc < 1)
513 goto bad;
514 client_cert= *(++argv);
515 } else if (strcmp(*argv, "-c_key") == 0) {
516 if (--argc < 1)
517 goto bad;
518 client_key= *(++argv);
519 } else if (strcmp(*argv, "-cipher") == 0) {
520 if (--argc < 1)
521 goto bad;
522 cipher= *(++argv);
523 } else if (strcmp(*argv, "-CApath") == 0) {
524 if (--argc < 1)
525 goto bad;
526 CApath= *(++argv);
527 } else if (strcmp(*argv, "-CAfile") == 0) {
528 if (--argc < 1)
529 goto bad;
530 CAfile= *(++argv);
531 } else if (strcmp(*argv, "-bio_pair") == 0) {
532 bio_pair = 1;
533 } else if (strcmp(*argv, "-f") == 0) {
534 force = 1;
535 } else if (strcmp(*argv, "-time") == 0) {
536 print_time = 1;
537 } else if (strcmp(*argv, "-named_curve") == 0) {
538 if (--argc < 1)
539 goto bad;
540 named_curve = *(++argv);
541 } else if (strcmp(*argv, "-app_verify") == 0) {
542 ;
543 } else if (strcmp(*argv, "-alpn_client") == 0) {
544 if (--argc < 1)
545 goto bad;
546 alpn_client = *(++argv);
547 } else if (strcmp(*argv, "-alpn_server") == 0) {
548 if (--argc < 1)
549 goto bad;
550 alpn_server = *(++argv);
551 } else if (strcmp(*argv, "-alpn_expected") == 0) {
552 if (--argc < 1)
553 goto bad;
554 alpn_expected = *(++argv);
555 } else {
556 fprintf(stderr, "unknown option %s\n", *argv);
557 badop = 1;
558 break;
559 }
560 argc--;
561 argv++;
562 }
563 if (badop) {
564 bad:
565 sv_usage();
566 goto end;
567 }
568
569 if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
570 fprintf(stderr,
571 "This case cannot work. Use -f to perform "
572 "the test anyway (and\n-d to see what happens), "
573 "or add one of -dtls1, -tls1, -tls1_2, -reuse\n"
574 "to avoid protocol mismatch.\n");
575 exit(1);
576 }
577
578 if (print_time) {
579 if (!bio_pair) {
580 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
581 bio_pair = 1;
582 }
583 if (number < 50 && !force)
584 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
585 }
586
587 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
588
589 SSL_library_init();
590 SSL_load_error_strings();
591
592 if (dtls1_2)
593 meth = DTLSv1_2_method();
594 else if (tls1)
595 meth = TLSv1_method();
596 else if (tls1_2)
597 meth = TLSv1_2_method();
598 else
599 meth = TLS_method();
600
601 c_ctx = SSL_CTX_new(meth);
602 s_ctx = SSL_CTX_new(meth);
603 if ((c_ctx == NULL) || (s_ctx == NULL)) {
604 ERR_print_errors(bio_err);
605 goto end;
606 }
607
608 SSL_CTX_set_security_level(c_ctx, seclevel);
609 SSL_CTX_set_security_level(s_ctx, seclevel);
610
611 if (cipher != NULL) {
612 SSL_CTX_set_cipher_list(c_ctx, cipher);
613 SSL_CTX_set_cipher_list(s_ctx, cipher);
614 }
615
616 if (!no_dhe) {
617 if (dhe1024dsa) {
618 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
619 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
620 dh = get_dh1024dsa();
621 } else
622 dh = get_dh1024();
623 SSL_CTX_set_tmp_dh(s_ctx, dh);
624 DH_free(dh);
625 }
626
627 if (!no_ecdhe) {
628 int nid;
629
630 if (named_curve != NULL) {
631 nid = OBJ_sn2nid(named_curve);
632 if (nid == 0) {
633 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
634 goto end;
635 }
636 } else
637 nid = NID_X9_62_prime256v1;
638
639 ecdh = EC_KEY_new_by_curve_name(nid);
640 if (ecdh == NULL) {
641 BIO_printf(bio_err, "unable to create curve\n");
642 goto end;
643 }
644
645 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
646 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
647 EC_KEY_free(ecdh);
648 }
649
650 if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) {
651 ERR_print_errors(bio_err);
652 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
653 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) {
654 ERR_print_errors(bio_err);
655 goto end;
656 }
657
658 if (client_auth) {
659 SSL_CTX_use_certificate_chain_file(c_ctx, client_cert);
660 SSL_CTX_use_PrivateKey_file(c_ctx,
661 (client_key ? client_key : client_cert),
662 SSL_FILETYPE_PEM);
663 }
664
665 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
666 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
667 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
668 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
669 /* fprintf(stderr,"SSL_load_verify_locations\n"); */
670 ERR_print_errors(bio_err);
671 /* goto end; */
672 }
673
674 if (client_auth) {
675 BIO_printf(bio_err, "client authentication\n");
676 SSL_CTX_set_verify(s_ctx,
677 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
678 verify_callback);
679 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
680 app_verify_arg);
681 }
682 if (server_auth) {
683 BIO_printf(bio_err, "server authentication\n");
684 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER,
685 verify_callback);
686 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
687 app_verify_arg);
688 }
689
690 {
691 int session_id_context = 0;
692 SSL_CTX_set_session_id_context(s_ctx,
693 (void *)&session_id_context, sizeof(session_id_context));
694 }
695
696 if (alpn_server != NULL)
697 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL);
698
699 if (alpn_client != NULL) {
700 unsigned short alpn_len;
701 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
702
703 if (alpn == NULL) {
704 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
705 goto end;
706 }
707 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len);
708 free(alpn);
709 }
710
711 c_ssl = SSL_new(c_ctx);
712 s_ssl = SSL_new(s_ctx);
713
714 for (i = 0; i < number; i++) {
715 if (!reuse)
716 SSL_set_session(c_ssl, NULL);
717 #ifdef USE_BIOPAIR
718 if (bio_pair)
719 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time,
720 &c_time);
721 else
722 #endif
723 ret = doit(s_ssl, c_ssl, bytes);
724 }
725
726 if (!verbose) {
727 print_details(c_ssl, "");
728 }
729 if ((number > 1) || (bytes > 1L))
730 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",
731 number, bytes);
732 if (print_time) {
733 #ifdef CLOCKS_PER_SEC
734 /* "To determine the time in seconds, the value returned
735 * by the clock function should be divided by the value
736 * of the macro CLOCKS_PER_SEC."
737 * -- ISO/IEC 9899 */
738 BIO_printf(bio_stdout,
739 "Approximate total server time: %6.2f s\n"
740 "Approximate total client time: %6.2f s\n",
741 (double)s_time/CLOCKS_PER_SEC,
742 (double)c_time/CLOCKS_PER_SEC);
743 #else
744 /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
745 * -- cc on NeXTstep/OpenStep */
746 BIO_printf(bio_stdout,
747 "Approximate total server time: %6.2f units\n"
748 "Approximate total client time: %6.2f units\n",
749 (double)s_time,
750 (double)c_time);
751 #endif
752 }
753
754 SSL_free(s_ssl);
755 SSL_free(c_ssl);
756
757 end:
758 SSL_CTX_free(s_ctx);
759 SSL_CTX_free(c_ctx);
760 BIO_free(bio_stdout);
761
762 CRYPTO_cleanup_all_ex_data();
763 ERR_free_strings();
764 ERR_remove_thread_state(NULL);
765 EVP_cleanup();
766 BIO_free(bio_err);
767
768 exit(ret);
769 return ret;
770 }
771
772 #if USE_BIOPAIR
773 int
doit_biopair(SSL * s_ssl,SSL * c_ssl,long count,clock_t * s_time,clock_t * c_time)774 doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time,
775 clock_t *c_time)
776 {
777 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
778 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
779 BIO *server = NULL, *server_io = NULL;
780 BIO *client = NULL, *client_io = NULL;
781 int ret = 1;
782
783 size_t bufsiz = 256; /* small buffer for testing */
784
785 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
786 goto err;
787 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
788 goto err;
789
790 s_ssl_bio = BIO_new(BIO_f_ssl());
791 if (!s_ssl_bio)
792 goto err;
793
794 c_ssl_bio = BIO_new(BIO_f_ssl());
795 if (!c_ssl_bio)
796 goto err;
797
798 SSL_set_connect_state(c_ssl);
799 SSL_set_bio(c_ssl, client, client);
800 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
801
802 SSL_set_accept_state(s_ssl);
803 SSL_set_bio(s_ssl, server, server);
804 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
805
806 do {
807 /* c_ssl_bio: SSL filter BIO
808 *
809 * client: pseudo-I/O for SSL library
810 *
811 * client_io: client's SSL communication; usually to be
812 * relayed over some I/O facility, but in this
813 * test program, we're the server, too:
814 *
815 * server_io: server's SSL communication
816 *
817 * server: pseudo-I/O for SSL library
818 *
819 * s_ssl_bio: SSL filter BIO
820 *
821 * The client and the server each employ a "BIO pair":
822 * client + client_io, server + server_io.
823 * BIO pairs are symmetric. A BIO pair behaves similar
824 * to a non-blocking socketpair (but both endpoints must
825 * be handled by the same thread).
826 * [Here we could connect client and server to the ends
827 * of a single BIO pair, but then this code would be less
828 * suitable as an example for BIO pairs in general.]
829 *
830 * Useful functions for querying the state of BIO pair endpoints:
831 *
832 * BIO_ctrl_pending(bio) number of bytes we can read now
833 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
834 * other side's read attempt
835 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
836 *
837 * ..._read_request is never more than ..._write_guarantee;
838 * it depends on the application which one you should use.
839 */
840
841 /* We have non-blocking behaviour throughout this test program, but
842 * can be sure that there is *some* progress in each iteration; so
843 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
844 * -- we just try everything in each iteration
845 */
846
847 {
848 /* CLIENT */
849
850 char cbuf[1024*8];
851 int i, r;
852 clock_t c_clock = clock();
853
854 memset(cbuf, 0, sizeof(cbuf));
855
856 if (debug)
857 if (SSL_in_init(c_ssl))
858 printf("client waiting in SSL_connect - %s\n",
859 SSL_state_string_long(c_ssl));
860
861 if (cw_num > 0) {
862 /* Write to server. */
863
864 if (cw_num > (long)sizeof cbuf)
865 i = sizeof cbuf;
866 else
867 i = (int)cw_num;
868 r = BIO_write(c_ssl_bio, cbuf, i);
869 if (r < 0) {
870 if (!BIO_should_retry(c_ssl_bio)) {
871 fprintf(stderr, "ERROR in CLIENT\n");
872 goto err;
873 }
874 /* BIO_should_retry(...) can just be ignored here.
875 * The library expects us to call BIO_write with
876 * the same arguments again, and that's what we will
877 * do in the next iteration. */
878 } else if (r == 0) {
879 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
880 goto err;
881 } else {
882 if (debug)
883 printf("client wrote %d\n", r);
884 cw_num -= r;
885
886 }
887 }
888
889 if (cr_num > 0) {
890 /* Read from server. */
891
892 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
893 if (r < 0) {
894 if (!BIO_should_retry(c_ssl_bio)) {
895 fprintf(stderr, "ERROR in CLIENT\n");
896 goto err;
897 }
898 /* Again, "BIO_should_retry" can be ignored. */
899 } else if (r == 0) {
900 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
901 goto err;
902 } else {
903 if (debug)
904 printf("client read %d\n", r);
905 cr_num -= r;
906 }
907 }
908
909 /* c_time and s_time increments will typically be very small
910 * (depending on machine speed and clock tick intervals),
911 * but sampling over a large number of connections should
912 * result in fairly accurate figures. We cannot guarantee
913 * a lot, however -- if each connection lasts for exactly
914 * one clock tick, it will be counted only for the client
915 * or only for the server or even not at all.
916 */
917 *c_time += (clock() - c_clock);
918 }
919
920 {
921 /* SERVER */
922
923 char sbuf[1024*8];
924 int i, r;
925 clock_t s_clock = clock();
926
927 memset(sbuf, 0, sizeof(sbuf));
928
929 if (debug)
930 if (SSL_in_init(s_ssl))
931 printf("server waiting in SSL_accept - %s\n",
932 SSL_state_string_long(s_ssl));
933
934 if (sw_num > 0) {
935 /* Write to client. */
936
937 if (sw_num > (long)sizeof sbuf)
938 i = sizeof sbuf;
939 else
940 i = (int)sw_num;
941 r = BIO_write(s_ssl_bio, sbuf, i);
942 if (r < 0) {
943 if (!BIO_should_retry(s_ssl_bio)) {
944 fprintf(stderr, "ERROR in SERVER\n");
945 goto err;
946 }
947 /* Ignore "BIO_should_retry". */
948 } else if (r == 0) {
949 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
950 goto err;
951 } else {
952 if (debug)
953 printf("server wrote %d\n", r);
954 sw_num -= r;
955
956 }
957 }
958
959 if (sr_num > 0) {
960 /* Read from client. */
961
962 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
963 if (r < 0) {
964 if (!BIO_should_retry(s_ssl_bio)) {
965 fprintf(stderr, "ERROR in SERVER\n");
966 goto err;
967 }
968 /* blah, blah */
969 } else if (r == 0) {
970 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
971 goto err;
972 } else {
973 if (debug)
974 printf("server read %d\n", r);
975 sr_num -= r;
976 }
977 }
978
979 *s_time += (clock() - s_clock);
980 }
981
982 {
983 /* "I/O" BETWEEN CLIENT AND SERVER. */
984
985 size_t r1, r2;
986 BIO *io1 = server_io, *io2 = client_io;
987 /* we use the non-copying interface for io1
988 * and the standard BIO_write/BIO_read interface for io2
989 */
990
991 static int prev_progress = 1;
992 int progress = 0;
993
994 /* io1 to io2 */
995 do {
996 size_t num;
997 int r;
998
999 r1 = BIO_ctrl_pending(io1);
1000 r2 = BIO_ctrl_get_write_guarantee(io2);
1001
1002 num = r1;
1003 if (r2 < num)
1004 num = r2;
1005 if (num) {
1006 char *dataptr;
1007
1008 if (INT_MAX < num) /* yeah, right */
1009 num = INT_MAX;
1010
1011 r = BIO_nread(io1, &dataptr, (int)num);
1012 assert(r > 0);
1013 assert(r <= (int)num);
1014 /* possibly r < num (non-contiguous data) */
1015 num = r;
1016 r = BIO_write(io2, dataptr, (int)num);
1017 if (r != (int)num) /* can't happen */
1018 {
1019 fprintf(stderr, "ERROR: BIO_write could not write "
1020 "BIO_ctrl_get_write_guarantee() bytes");
1021 goto err;
1022 }
1023 progress = 1;
1024
1025 if (debug)
1026 printf((io1 == client_io) ?
1027 "C->S relaying: %d bytes\n" :
1028 "S->C relaying: %d bytes\n",
1029 (int)num);
1030 }
1031 } while (r1 && r2);
1032
1033 /* io2 to io1 */
1034 {
1035 size_t num;
1036 int r;
1037
1038 r1 = BIO_ctrl_pending(io2);
1039 r2 = BIO_ctrl_get_read_request(io1);
1040 /* here we could use ..._get_write_guarantee instead of
1041 * ..._get_read_request, but by using the latter
1042 * we test restartability of the SSL implementation
1043 * more thoroughly */
1044 num = r1;
1045 if (r2 < num)
1046 num = r2;
1047 if (num) {
1048 char *dataptr;
1049
1050 if (INT_MAX < num)
1051 num = INT_MAX;
1052
1053 if (num > 1)
1054 --num; /* test restartability even more thoroughly */
1055
1056 r = BIO_nwrite0(io1, &dataptr);
1057 assert(r > 0);
1058 if (r < (int)num)
1059 num = r;
1060 r = BIO_read(io2, dataptr, (int)num);
1061 if (r != (int)num) /* can't happen */
1062 {
1063 fprintf(stderr, "ERROR: BIO_read could not read "
1064 "BIO_ctrl_pending() bytes");
1065 goto err;
1066 }
1067 progress = 1;
1068 r = BIO_nwrite(io1, &dataptr, (int)num);
1069 if (r != (int)num) /* can't happen */
1070 {
1071 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
1072 "BIO_nwrite0() bytes");
1073 goto err;
1074 }
1075
1076 if (debug)
1077 printf((io2 == client_io) ?
1078 "C->S relaying: %d bytes\n" :
1079 "S->C relaying: %d bytes\n",
1080 (int)num);
1081 }
1082 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
1083
1084 if (!progress && !prev_progress) {
1085 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
1086 fprintf(stderr, "ERROR: got stuck\n");
1087 goto err;
1088 }
1089 }
1090 prev_progress = progress;
1091 }
1092 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
1093
1094 if (verbose)
1095 print_details(c_ssl, "DONE via BIO pair: ");
1096
1097 if (verify_alpn(c_ssl, s_ssl) < 0) {
1098 ret = 1;
1099 goto err;
1100 }
1101
1102 ret = 0;
1103
1104 err:
1105 ERR_print_errors(bio_err);
1106
1107 BIO_free(server);
1108 BIO_free(server_io);
1109 BIO_free(client);
1110 BIO_free(client_io);
1111 BIO_free(s_ssl_bio);
1112 BIO_free(c_ssl_bio);
1113
1114 return ret;
1115 }
1116 #endif
1117
1118
1119 #define W_READ 1
1120 #define W_WRITE 2
1121 #define C_DONE 1
1122 #define S_DONE 2
1123
1124 int
doit(SSL * s_ssl,SSL * c_ssl,long count)1125 doit(SSL *s_ssl, SSL *c_ssl, long count)
1126 {
1127 char cbuf[1024*8], sbuf[1024*8];
1128 long cw_num = count, cr_num = count;
1129 long sw_num = count, sr_num = count;
1130 int ret = 1;
1131 BIO *c_to_s = NULL;
1132 BIO *s_to_c = NULL;
1133 BIO *c_bio = NULL;
1134 BIO *s_bio = NULL;
1135 int c_r, c_w, s_r, s_w;
1136 int i, j;
1137 int done = 0;
1138 int c_write, s_write;
1139 int do_server = 0, do_client = 0;
1140
1141 memset(cbuf, 0, sizeof(cbuf));
1142 memset(sbuf, 0, sizeof(sbuf));
1143
1144 c_to_s = BIO_new(BIO_s_mem());
1145 s_to_c = BIO_new(BIO_s_mem());
1146 if ((s_to_c == NULL) || (c_to_s == NULL)) {
1147 ERR_print_errors(bio_err);
1148 goto err;
1149 }
1150
1151 c_bio = BIO_new(BIO_f_ssl());
1152 s_bio = BIO_new(BIO_f_ssl());
1153 if ((c_bio == NULL) || (s_bio == NULL)) {
1154 ERR_print_errors(bio_err);
1155 goto err;
1156 }
1157
1158 SSL_set_connect_state(c_ssl);
1159 SSL_set_bio(c_ssl, s_to_c, c_to_s);
1160 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
1161
1162 SSL_set_accept_state(s_ssl);
1163 SSL_set_bio(s_ssl, c_to_s, s_to_c);
1164 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
1165
1166 c_r = 0;
1167 s_r = 1;
1168 c_w = 1;
1169 s_w = 0;
1170 c_write = 1, s_write = 0;
1171
1172 /* We can always do writes */
1173 for (;;) {
1174 do_server = 0;
1175 do_client = 0;
1176
1177 i = (int)BIO_pending(s_bio);
1178 if ((i && s_r) || s_w)
1179 do_server = 1;
1180
1181 i = (int)BIO_pending(c_bio);
1182 if ((i && c_r) || c_w)
1183 do_client = 1;
1184
1185 if (do_server && debug) {
1186 if (SSL_in_init(s_ssl))
1187 printf("server waiting in SSL_accept - %s\n",
1188 SSL_state_string_long(s_ssl));
1189 }
1190
1191 if (do_client && debug) {
1192 if (SSL_in_init(c_ssl))
1193 printf("client waiting in SSL_connect - %s\n",
1194 SSL_state_string_long(c_ssl));
1195 }
1196
1197 if (!do_client && !do_server) {
1198 fprintf(stdout, "ERROR in STARTUP\n");
1199 ERR_print_errors(bio_err);
1200 goto err;
1201 }
1202
1203 if (do_client && !(done & C_DONE)) {
1204 if (c_write) {
1205 j = (cw_num > (long)sizeof(cbuf)) ?
1206 (int)sizeof(cbuf) : (int)cw_num;
1207 i = BIO_write(c_bio, cbuf, j);
1208 if (i < 0) {
1209 c_r = 0;
1210 c_w = 0;
1211 if (BIO_should_retry(c_bio)) {
1212 if (BIO_should_read(c_bio))
1213 c_r = 1;
1214 if (BIO_should_write(c_bio))
1215 c_w = 1;
1216 } else {
1217 fprintf(stderr, "ERROR in CLIENT\n");
1218 ERR_print_errors(bio_err);
1219 goto err;
1220 }
1221 } else if (i == 0) {
1222 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1223 goto err;
1224 } else {
1225 if (debug)
1226 printf("client wrote %d\n", i);
1227 /* ok */
1228 s_r = 1;
1229 c_write = 0;
1230 cw_num -= i;
1231 }
1232 } else {
1233 i = BIO_read(c_bio, cbuf, sizeof(cbuf));
1234 if (i < 0) {
1235 c_r = 0;
1236 c_w = 0;
1237 if (BIO_should_retry(c_bio)) {
1238 if (BIO_should_read(c_bio))
1239 c_r = 1;
1240 if (BIO_should_write(c_bio))
1241 c_w = 1;
1242 } else {
1243 fprintf(stderr, "ERROR in CLIENT\n");
1244 ERR_print_errors(bio_err);
1245 goto err;
1246 }
1247 } else if (i == 0) {
1248 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1249 goto err;
1250 } else {
1251 if (debug)
1252 printf("client read %d\n", i);
1253 cr_num -= i;
1254 if (sw_num > 0) {
1255 s_write = 1;
1256 s_w = 1;
1257 }
1258 if (cr_num <= 0) {
1259 s_write = 1;
1260 s_w = 1;
1261 done = S_DONE|C_DONE;
1262 }
1263 }
1264 }
1265 }
1266
1267 if (do_server && !(done & S_DONE)) {
1268 if (!s_write) {
1269 i = BIO_read(s_bio, sbuf, sizeof(cbuf));
1270 if (i < 0) {
1271 s_r = 0;
1272 s_w = 0;
1273 if (BIO_should_retry(s_bio)) {
1274 if (BIO_should_read(s_bio))
1275 s_r = 1;
1276 if (BIO_should_write(s_bio))
1277 s_w = 1;
1278 } else {
1279 fprintf(stderr, "ERROR in SERVER\n");
1280 ERR_print_errors(bio_err);
1281 goto err;
1282 }
1283 } else if (i == 0) {
1284 ERR_print_errors(bio_err);
1285 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n");
1286 goto err;
1287 } else {
1288 if (debug)
1289 printf("server read %d\n", i);
1290 sr_num -= i;
1291 if (cw_num > 0) {
1292 c_write = 1;
1293 c_w = 1;
1294 }
1295 if (sr_num <= 0) {
1296 s_write = 1;
1297 s_w = 1;
1298 c_write = 0;
1299 }
1300 }
1301 } else {
1302 j = (sw_num > (long)sizeof(sbuf)) ?
1303 (int)sizeof(sbuf) : (int)sw_num;
1304 i = BIO_write(s_bio, sbuf, j);
1305 if (i < 0) {
1306 s_r = 0;
1307 s_w = 0;
1308 if (BIO_should_retry(s_bio)) {
1309 if (BIO_should_read(s_bio))
1310 s_r = 1;
1311 if (BIO_should_write(s_bio))
1312 s_w = 1;
1313 } else {
1314 fprintf(stderr, "ERROR in SERVER\n");
1315 ERR_print_errors(bio_err);
1316 goto err;
1317 }
1318 } else if (i == 0) {
1319 ERR_print_errors(bio_err);
1320 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n");
1321 goto err;
1322 } else {
1323 if (debug)
1324 printf("server wrote %d\n", i);
1325 sw_num -= i;
1326 s_write = 0;
1327 c_r = 1;
1328 if (sw_num <= 0)
1329 done |= S_DONE;
1330 }
1331 }
1332 }
1333
1334 if ((done & S_DONE) && (done & C_DONE))
1335 break;
1336 }
1337
1338 if (verbose)
1339 print_details(c_ssl, "DONE: ");
1340
1341 if (verify_alpn(c_ssl, s_ssl) < 0) {
1342 ret = 1;
1343 goto err;
1344 }
1345
1346 ret = 0;
1347 err:
1348 /* We have to set the BIO's to NULL otherwise they will be
1349 * free()ed twice. Once when th s_ssl is SSL_free()ed and
1350 * again when c_ssl is SSL_free()ed.
1351 * This is a hack required because s_ssl and c_ssl are sharing the same
1352 * BIO structure and SSL_set_bio() and SSL_free() automatically
1353 * BIO_free non NULL entries.
1354 * You should not normally do this or be required to do this */
1355 if (s_ssl != NULL) {
1356 s_ssl->rbio = NULL;
1357 s_ssl->wbio = NULL;
1358 }
1359 if (c_ssl != NULL) {
1360 c_ssl->rbio = NULL;
1361 c_ssl->wbio = NULL;
1362 }
1363
1364 BIO_free(c_to_s);
1365 BIO_free(s_to_c);
1366 BIO_free_all(c_bio);
1367 BIO_free_all(s_bio);
1368
1369 return (ret);
1370 }
1371
1372 static int
verify_callback(int ok,X509_STORE_CTX * ctx)1373 verify_callback(int ok, X509_STORE_CTX *ctx)
1374 {
1375 X509 *xs;
1376 char *s, buf[256];
1377 int error, error_depth;
1378
1379 xs = X509_STORE_CTX_get_current_cert(ctx);
1380 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, sizeof buf);
1381 error = X509_STORE_CTX_get_error(ctx);
1382 error_depth = X509_STORE_CTX_get_error_depth(ctx);
1383 if (s != NULL) {
1384 if (ok)
1385 fprintf(stderr, "depth=%d %s\n", error_depth, buf);
1386 else {
1387 fprintf(stderr, "depth=%d error=%d %s\n", error_depth,
1388 error, buf);
1389 }
1390 }
1391
1392 if (ok == 0) {
1393 fprintf(stderr, "Error string: %s\n",
1394 X509_verify_cert_error_string(error));
1395 switch (error) {
1396 case X509_V_ERR_CERT_NOT_YET_VALID:
1397 case X509_V_ERR_CERT_HAS_EXPIRED:
1398 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1399 fprintf(stderr, " ... ignored.\n");
1400 ok = 1;
1401 }
1402 }
1403
1404 return (ok);
1405 }
1406
1407 static int
app_verify_callback(X509_STORE_CTX * ctx,void * arg)1408 app_verify_callback(X509_STORE_CTX *ctx, void *arg)
1409 {
1410 X509 *xs;
1411 char *s = NULL, buf[256];
1412 const char *cb_arg = arg;
1413
1414 xs = X509_STORE_CTX_get0_cert(ctx);
1415 fprintf(stderr, "In app_verify_callback, allowing cert. ");
1416 fprintf(stderr, "Arg is: %s\n", cb_arg);
1417 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
1418 (void *)ctx, (void *)xs);
1419 if (xs)
1420 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, 256);
1421 if (s != NULL) {
1422 fprintf(stderr, "cert depth=%d %s\n",
1423 X509_STORE_CTX_get_error_depth(ctx), buf);
1424 }
1425
1426 return 1;
1427 }
1428
1429 /* These DH parameters have been generated as follows:
1430 * $ openssl dhparam -C -noout 1024
1431 * $ openssl dhparam -C -noout -dsaparam 1024
1432 * (The second function has been renamed to avoid name conflicts.)
1433 */
1434 static DH *
get_dh1024(void)1435 get_dh1024(void)
1436 {
1437 static unsigned char dh1024_p[] = {
1438 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A,
1439 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2,
1440 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0,
1441 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2,
1442 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C,
1443 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8,
1444 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52,
1445 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1,
1446 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1,
1447 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB,
1448 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
1449 };
1450 static unsigned char dh1024_g[] = {
1451 0x02,
1452 };
1453 DH *dh;
1454 BIGNUM *dh_p = NULL, *dh_g = NULL;
1455
1456 if ((dh = DH_new()) == NULL)
1457 return NULL;
1458
1459 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1460 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1461 if (dh_p == NULL || dh_g == NULL)
1462 goto err;
1463
1464 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
1465 goto err;
1466
1467 return dh;
1468
1469 err:
1470 BN_free(dh_p);
1471 BN_free(dh_g);
1472 DH_free(dh);
1473 return NULL;
1474 }
1475
1476 static DH *
get_dh1024dsa(void)1477 get_dh1024dsa(void)
1478 {
1479 static unsigned char dh1024_p[] = {
1480 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00,
1481 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19,
1482 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2,
1483 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55,
1484 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC,
1485 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97,
1486 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D,
1487 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB,
1488 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6,
1489 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E,
1490 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
1491 };
1492 static unsigned char dh1024_g[] = {
1493 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05,
1494 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3,
1495 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9,
1496 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C,
1497 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65,
1498 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60,
1499 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6,
1500 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7,
1501 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1,
1502 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60,
1503 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
1504 };
1505 DH *dh;
1506 BIGNUM *dh_p = NULL, *dh_g = NULL;
1507
1508 if ((dh = DH_new()) == NULL)
1509 return NULL;
1510
1511 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
1512 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
1513 if (dh_p == NULL || dh_g == NULL)
1514 goto err;
1515
1516 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
1517 goto err;
1518
1519 DH_set_length(dh, 160);
1520
1521 return dh;
1522
1523 err:
1524 BN_free(dh_p);
1525 BN_free(dh_g);
1526 DH_free(dh);
1527 return NULL;
1528 }
1529