1 /*
2  * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4  * Copyright 2005 Nokia. All rights reserved.
5  *
6  * Licensed under the OpenSSL license (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  */
11 
12 #include "e_os.h"
13 
14 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
15 #ifndef _BSD_SOURCE
16 # define _BSD_SOURCE 1
17 #endif
18 #ifndef _DEFAULT_SOURCE
19 # define _DEFAULT_SOURCE 1
20 #endif
21 
22 #include <assert.h>
23 #include <errno.h>
24 #include <limits.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <time.h>
29 
30 #include "internal/nelem.h"
31 
32 #ifdef OPENSSL_SYS_VMS
33 /*
34  * Or isascii won't be declared properly on VMS (at least with DECompHP C).
35  */
36 # define _XOPEN_SOURCE 500
37 #endif
38 
39 #include <ctype.h>
40 
41 #include <openssl/bio.h>
42 #include <openssl/crypto.h>
43 #include <openssl/evp.h>
44 #include <openssl/x509.h>
45 #include <openssl/x509v3.h>
46 #include <openssl/ssl.h>
47 #include <openssl/err.h>
48 #include <openssl/rand.h>
49 #ifndef OPENSSL_NO_RSA
50 # include <openssl/rsa.h>
51 #endif
52 #ifndef OPENSSL_NO_DSA
53 # include <openssl/dsa.h>
54 #endif
55 #ifndef OPENSSL_NO_DH
56 # include <openssl/dh.h>
57 #endif
58 #include <openssl/bn.h>
59 #ifndef OPENSSL_NO_CT
60 # include <openssl/ct.h>
61 #endif
62 
63 /*
64  * Or gethostname won't be declared properly
65  * on Compaq platforms (at least with DEC C).
66  * Do not try to put it earlier, or IPv6 includes
67  * get screwed...
68  */
69 #define _XOPEN_SOURCE_EXTENDED  1
70 
71 #ifdef OPENSSL_SYS_WINDOWS
72 # include <winsock.h>
73 #else
74 # include OPENSSL_UNISTD
75 #endif
76 
77 static SSL_CTX *s_ctx = NULL;
78 static SSL_CTX *s_ctx2 = NULL;
79 
80 /*
81  * There is really no standard for this, so let's assign something
82  * only for this test
83  */
84 #define COMP_ZLIB       1
85 
86 static int verify_callback(int ok, X509_STORE_CTX *ctx);
87 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
88 #define APP_CALLBACK_STRING "Test Callback Argument"
89 struct app_verify_arg {
90     char *string;
91     int app_verify;
92 };
93 
94 #ifndef OPENSSL_NO_DH
95 static DH *get_dh512(void);
96 static DH *get_dh1024(void);
97 static DH *get_dh1024dsa(void);
98 #endif
99 
100 static char *psk_key = NULL;    /* by default PSK is not used */
101 #ifndef OPENSSL_NO_PSK
102 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
103                                         char *identity,
104                                         unsigned int max_identity_len,
105                                         unsigned char *psk,
106                                         unsigned int max_psk_len);
107 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
108                                         unsigned char *psk,
109                                         unsigned int max_psk_len);
110 #endif
111 
112 static BIO *bio_err = NULL;
113 static BIO *bio_stdout = NULL;
114 
115 #ifndef OPENSSL_NO_NEXTPROTONEG
116 /* Note that this code assumes that this is only a one element list: */
117 static const char NEXT_PROTO_STRING[] = "\x09testproto";
118 static int npn_client = 0;
119 static int npn_server = 0;
120 static int npn_server_reject = 0;
121 
cb_client_npn(SSL * s,unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)122 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
123                          const unsigned char *in, unsigned int inlen,
124                          void *arg)
125 {
126     /*
127      * This callback only returns the protocol string, rather than a length
128      * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
129      * and remove the first byte to chop off the length prefix.
130      */
131     *out = (unsigned char *)NEXT_PROTO_STRING + 1;
132     *outlen = sizeof(NEXT_PROTO_STRING) - 2;
133     return SSL_TLSEXT_ERR_OK;
134 }
135 
cb_server_npn(SSL * s,const unsigned char ** data,unsigned int * len,void * arg)136 static int cb_server_npn(SSL *s, const unsigned char **data,
137                          unsigned int *len, void *arg)
138 {
139     *data = (const unsigned char *)NEXT_PROTO_STRING;
140     *len = sizeof(NEXT_PROTO_STRING) - 1;
141     return SSL_TLSEXT_ERR_OK;
142 }
143 
cb_server_rejects_npn(SSL * s,const unsigned char ** data,unsigned int * len,void * arg)144 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
145                                  unsigned int *len, void *arg)
146 {
147     return SSL_TLSEXT_ERR_NOACK;
148 }
149 
verify_npn(SSL * client,SSL * server)150 static int verify_npn(SSL *client, SSL *server)
151 {
152     const unsigned char *client_s;
153     unsigned client_len;
154     const unsigned char *server_s;
155     unsigned server_len;
156 
157     SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
158     SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
159 
160     if (client_len) {
161         BIO_printf(bio_stdout, "Client NPN: ");
162         BIO_write(bio_stdout, client_s, client_len);
163         BIO_printf(bio_stdout, "\n");
164     }
165 
166     if (server_len) {
167         BIO_printf(bio_stdout, "Server NPN: ");
168         BIO_write(bio_stdout, server_s, server_len);
169         BIO_printf(bio_stdout, "\n");
170     }
171 
172     /*
173      * If an NPN string was returned, it must be the protocol that we
174      * expected to negotiate.
175      */
176     if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
177                        memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
178         return -1;
179     if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
180                        memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
181         return -1;
182 
183     if (!npn_client && client_len)
184         return -1;
185     if (!npn_server && server_len)
186         return -1;
187     if (npn_server_reject && server_len)
188         return -1;
189     if (npn_client && npn_server && (!client_len || !server_len))
190         return -1;
191 
192     return 0;
193 }
194 #endif
195 
196 static const char *alpn_client;
197 static char *alpn_server;
198 static char *alpn_server2;
199 static const char *alpn_expected;
200 static unsigned char *alpn_selected;
201 static const char *server_min_proto;
202 static const char *server_max_proto;
203 static const char *client_min_proto;
204 static const char *client_max_proto;
205 static const char *should_negotiate;
206 static const char *sn_client;
207 static const char *sn_server1;
208 static const char *sn_server2;
209 static int sn_expect = 0;
210 static const char *server_sess_out;
211 static const char *server_sess_in;
212 static const char *client_sess_out;
213 static const char *client_sess_in;
214 static SSL_SESSION *server_sess;
215 static SSL_SESSION *client_sess;
216 
servername_cb(SSL * s,int * ad,void * arg)217 static int servername_cb(SSL *s, int *ad, void *arg)
218 {
219     const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
220     if (sn_server2 == NULL) {
221         BIO_printf(bio_stdout, "Servername 2 is NULL\n");
222         return SSL_TLSEXT_ERR_NOACK;
223     }
224 
225     if (servername) {
226         if (s_ctx2 != NULL && sn_server2 != NULL &&
227             !strcasecmp(servername, sn_server2)) {
228             BIO_printf(bio_stdout, "Switching server context.\n");
229             SSL_set_SSL_CTX(s, s_ctx2);
230         }
231     }
232     return SSL_TLSEXT_ERR_OK;
233 }
verify_servername(SSL * client,SSL * server)234 static int verify_servername(SSL *client, SSL *server)
235 {
236     /* just need to see if sn_context is what we expect */
237     SSL_CTX* ctx = SSL_get_SSL_CTX(server);
238     if (sn_expect == 0)
239         return 0;
240     if (sn_expect == 1 && ctx == s_ctx)
241         return 0;
242     if (sn_expect == 2 && ctx == s_ctx2)
243         return 0;
244     BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
245     if (ctx == s_ctx2)
246         BIO_printf(bio_stdout, "Servername: context is 2\n");
247     else if (ctx == s_ctx)
248         BIO_printf(bio_stdout, "Servername: context is 1\n");
249     else
250         BIO_printf(bio_stdout, "Servername: context is unknown\n");
251     return -1;
252 }
253 
254 
255 /*-
256  * next_protos_parse parses a comma separated list of strings into a string
257  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
258  *   outlen: (output) set to the length of the resulting buffer on success.
259  *   in: a NUL terminated string like "abc,def,ghi"
260  *
261  *   returns: a malloced buffer or NULL on failure.
262  */
next_protos_parse(size_t * outlen,const char * in)263 static unsigned char *next_protos_parse(size_t *outlen,
264                                         const char *in)
265 {
266     size_t len;
267     unsigned char *out;
268     size_t i, start = 0;
269 
270     len = strlen(in);
271     if (len >= 65535)
272         return NULL;
273 
274     out = OPENSSL_malloc(strlen(in) + 1);
275     if (!out)
276         return NULL;
277 
278     for (i = 0; i <= len; ++i) {
279         if (i == len || in[i] == ',') {
280             if (i - start > 255) {
281                 OPENSSL_free(out);
282                 return NULL;
283             }
284             out[start] = (unsigned char)(i - start);
285             start = i + 1;
286         } else
287             out[i + 1] = in[i];
288     }
289 
290     *outlen = len + 1;
291     return out;
292 }
293 
cb_server_alpn(SSL * s,const unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)294 static int cb_server_alpn(SSL *s, const unsigned char **out,
295                           unsigned char *outlen, const unsigned char *in,
296                           unsigned int inlen, void *arg)
297 {
298     unsigned char *protos;
299     size_t protos_len;
300     char* alpn_str = arg;
301 
302     protos = next_protos_parse(&protos_len, alpn_str);
303     if (protos == NULL) {
304         fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
305                 alpn_str);
306         abort();
307     }
308 
309     if (SSL_select_next_proto
310         ((unsigned char **)out, outlen, protos, protos_len, in,
311          inlen) != OPENSSL_NPN_NEGOTIATED) {
312         OPENSSL_free(protos);
313         return SSL_TLSEXT_ERR_NOACK;
314     }
315 
316     /*
317      * Make a copy of the selected protocol which will be freed in
318      * verify_alpn.
319      */
320     alpn_selected = OPENSSL_malloc(*outlen);
321     memcpy(alpn_selected, *out, *outlen);
322     *out = alpn_selected;
323 
324     OPENSSL_free(protos);
325     return SSL_TLSEXT_ERR_OK;
326 }
327 
verify_alpn(SSL * client,SSL * server)328 static int verify_alpn(SSL *client, SSL *server)
329 {
330     const unsigned char *client_proto, *server_proto;
331     unsigned int client_proto_len = 0, server_proto_len = 0;
332     SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
333     SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
334 
335     OPENSSL_free(alpn_selected);
336     alpn_selected = NULL;
337 
338     if (client_proto_len != server_proto_len) {
339         BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
340         goto err;
341     }
342 
343     if (client_proto != NULL &&
344         memcmp(client_proto, server_proto, client_proto_len) != 0) {
345         BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
346         goto err;
347     }
348 
349     if (client_proto_len > 0 && alpn_expected == NULL) {
350         BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
351         goto err;
352     }
353 
354     if (alpn_expected != NULL &&
355         (client_proto_len != strlen(alpn_expected) ||
356          memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
357         BIO_printf(bio_stdout,
358                    "ALPN selected protocols not equal to expected protocol: %s\n",
359                    alpn_expected);
360         goto err;
361     }
362 
363     return 0;
364 
365  err:
366     BIO_printf(bio_stdout, "ALPN results: client: '");
367     BIO_write(bio_stdout, client_proto, client_proto_len);
368     BIO_printf(bio_stdout, "', server: '");
369     BIO_write(bio_stdout, server_proto, server_proto_len);
370     BIO_printf(bio_stdout, "'\n");
371     BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
372                    alpn_client);
373     if (SSL_get_SSL_CTX(server) == s_ctx2) {
374         BIO_printf(bio_stdout, "%s'\n",
375                    alpn_server2);
376     } else {
377         BIO_printf(bio_stdout, "%s'\n",
378                    alpn_server);
379     }
380     return -1;
381 }
382 
383 /*
384  * WARNING : below extension types are *NOT* IETF assigned, and could
385  * conflict if these types are reassigned and handled specially by OpenSSL
386  * in the future
387  */
388 #define TACK_EXT_TYPE 62208
389 #define CUSTOM_EXT_TYPE_0 1000
390 #define CUSTOM_EXT_TYPE_1 1001
391 #define CUSTOM_EXT_TYPE_2 1002
392 #define CUSTOM_EXT_TYPE_3 1003
393 
394 static const char custom_ext_cli_string[] = "abc";
395 static const char custom_ext_srv_string[] = "defg";
396 
397 /* These set from cmdline */
398 static char *serverinfo_file = NULL;
399 static int serverinfo_sct = 0;
400 static int serverinfo_tack = 0;
401 
402 /* These set based on extension callbacks */
403 static int serverinfo_sct_seen = 0;
404 static int serverinfo_tack_seen = 0;
405 static int serverinfo_other_seen = 0;
406 
407 /* This set from cmdline */
408 static int custom_ext = 0;
409 
410 /* This set based on extension callbacks */
411 static int custom_ext_error = 0;
412 
serverinfo_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)413 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
414                                    const unsigned char *in, size_t inlen,
415                                    int *al, void *arg)
416 {
417     if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
418         serverinfo_sct_seen++;
419     else if (ext_type == TACK_EXT_TYPE)
420         serverinfo_tack_seen++;
421     else
422         serverinfo_other_seen++;
423     return 1;
424 }
425 
verify_serverinfo(void)426 static int verify_serverinfo(void)
427 {
428     if (serverinfo_sct != serverinfo_sct_seen)
429         return -1;
430     if (serverinfo_tack != serverinfo_tack_seen)
431         return -1;
432     if (serverinfo_other_seen)
433         return -1;
434     return 0;
435 }
436 
437 /*-
438  * Four test cases for custom extensions:
439  * 0 - no ClientHello extension or ServerHello response
440  * 1 - ClientHello with "abc", no response
441  * 2 - ClientHello with "abc", empty response
442  * 3 - ClientHello with "abc", "defg" response
443  */
444 
custom_ext_0_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)445 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
446                                    const unsigned char **out,
447                                    size_t *outlen, int *al, void *arg)
448 {
449     if (ext_type != CUSTOM_EXT_TYPE_0)
450         custom_ext_error = 1;
451     return 0;                   /* Don't send an extension */
452 }
453 
custom_ext_0_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)454 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
455                                      const unsigned char *in,
456                                      size_t inlen, int *al, void *arg)
457 {
458     return 1;
459 }
460 
custom_ext_1_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)461 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
462                                    const unsigned char **out,
463                                    size_t *outlen, int *al, void *arg)
464 {
465     if (ext_type != CUSTOM_EXT_TYPE_1)
466         custom_ext_error = 1;
467     *out = (const unsigned char *)custom_ext_cli_string;
468     *outlen = strlen(custom_ext_cli_string);
469     return 1;                   /* Send "abc" */
470 }
471 
custom_ext_1_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)472 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
473                                      const unsigned char *in,
474                                      size_t inlen, int *al, void *arg)
475 {
476     return 1;
477 }
478 
custom_ext_2_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)479 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
480                                    const unsigned char **out,
481                                    size_t *outlen, int *al, void *arg)
482 {
483     if (ext_type != CUSTOM_EXT_TYPE_2)
484         custom_ext_error = 1;
485     *out = (const unsigned char *)custom_ext_cli_string;
486     *outlen = strlen(custom_ext_cli_string);
487     return 1;                   /* Send "abc" */
488 }
489 
custom_ext_2_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)490 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
491                                      const unsigned char *in,
492                                      size_t inlen, int *al, void *arg)
493 {
494     if (ext_type != CUSTOM_EXT_TYPE_2)
495         custom_ext_error = 1;
496     if (inlen != 0)
497         custom_ext_error = 1;   /* Should be empty response */
498     return 1;
499 }
500 
custom_ext_3_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)501 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
502                                    const unsigned char **out,
503                                    size_t *outlen, int *al, void *arg)
504 {
505     if (ext_type != CUSTOM_EXT_TYPE_3)
506         custom_ext_error = 1;
507     *out = (const unsigned char *)custom_ext_cli_string;
508     *outlen = strlen(custom_ext_cli_string);
509     return 1;                   /* Send "abc" */
510 }
511 
custom_ext_3_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)512 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
513                                      const unsigned char *in,
514                                      size_t inlen, int *al, void *arg)
515 {
516     if (ext_type != CUSTOM_EXT_TYPE_3)
517         custom_ext_error = 1;
518     if (inlen != strlen(custom_ext_srv_string))
519         custom_ext_error = 1;
520     if (memcmp(custom_ext_srv_string, in, inlen) != 0)
521         custom_ext_error = 1;   /* Check for "defg" */
522     return 1;
523 }
524 
525 /*
526  * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
527  * for this extension
528  */
custom_ext_0_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)529 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
530                                      const unsigned char *in,
531                                      size_t inlen, int *al, void *arg)
532 {
533     custom_ext_error = 1;
534     return 1;
535 }
536 
537 /* 'add' callbacks are only called if the 'parse' callback is called */
custom_ext_0_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)538 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
539                                    const unsigned char **out,
540                                    size_t *outlen, int *al, void *arg)
541 {
542     /* Error: should not have been called */
543     custom_ext_error = 1;
544     return 0;                   /* Don't send an extension */
545 }
546 
custom_ext_1_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)547 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
548                                      const unsigned char *in,
549                                      size_t inlen, int *al, void *arg)
550 {
551     if (ext_type != CUSTOM_EXT_TYPE_1)
552         custom_ext_error = 1;
553     /* Check for "abc" */
554     if (inlen != strlen(custom_ext_cli_string))
555         custom_ext_error = 1;
556     if (memcmp(in, custom_ext_cli_string, inlen) != 0)
557         custom_ext_error = 1;
558     return 1;
559 }
560 
custom_ext_1_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)561 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
562                                    const unsigned char **out,
563                                    size_t *outlen, int *al, void *arg)
564 {
565     return 0;                   /* Don't send an extension */
566 }
567 
custom_ext_2_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)568 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
569                                      const unsigned char *in,
570                                      size_t inlen, int *al, void *arg)
571 {
572     if (ext_type != CUSTOM_EXT_TYPE_2)
573         custom_ext_error = 1;
574     /* Check for "abc" */
575     if (inlen != strlen(custom_ext_cli_string))
576         custom_ext_error = 1;
577     if (memcmp(in, custom_ext_cli_string, inlen) != 0)
578         custom_ext_error = 1;
579     return 1;
580 }
581 
custom_ext_2_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)582 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
583                                    const unsigned char **out,
584                                    size_t *outlen, int *al, void *arg)
585 {
586     *out = NULL;
587     *outlen = 0;
588     return 1;                   /* Send empty extension */
589 }
590 
custom_ext_3_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)591 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
592                                      const unsigned char *in,
593                                      size_t inlen, int *al, void *arg)
594 {
595     if (ext_type != CUSTOM_EXT_TYPE_3)
596         custom_ext_error = 1;
597     /* Check for "abc" */
598     if (inlen != strlen(custom_ext_cli_string))
599         custom_ext_error = 1;
600     if (memcmp(in, custom_ext_cli_string, inlen) != 0)
601         custom_ext_error = 1;
602     return 1;
603 }
604 
custom_ext_3_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)605 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
606                                    const unsigned char **out,
607                                    size_t *outlen, int *al, void *arg)
608 {
609     *out = (const unsigned char *)custom_ext_srv_string;
610     *outlen = strlen(custom_ext_srv_string);
611     return 1;                   /* Send "defg" */
612 }
613 
614 static char *cipher = NULL;
615 static char *ciphersuites = NULL;
616 static int verbose = 0;
617 static int debug = 0;
618 
619 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
620                    long bytes, clock_t *s_time, clock_t *c_time);
621 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
622                  clock_t *c_time);
623 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
624 
sv_usage(void)625 static void sv_usage(void)
626 {
627     fprintf(stderr, "usage: ssltest [args ...]\n");
628     fprintf(stderr, "\n");
629     fprintf(stderr, " -server_auth  - check server certificate\n");
630     fprintf(stderr, " -client_auth  - do client authentication\n");
631     fprintf(stderr, " -v            - more output\n");
632     fprintf(stderr, " -d            - debug output\n");
633     fprintf(stderr, " -reuse        - use session-id reuse\n");
634     fprintf(stderr, " -num <val>    - number of connections to perform\n");
635     fprintf(stderr,
636             " -bytes <val>  - number of bytes to swap between client/server\n");
637 #ifndef OPENSSL_NO_DH
638     fprintf(stderr,
639             " -dhe512       - use 512 bit key for DHE (to test failure)\n");
640     fprintf(stderr,
641             " -dhe1024      - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
642     fprintf(stderr,
643             " -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
644     fprintf(stderr, " -no_dhe       - disable DHE\n");
645 #endif
646 #ifndef OPENSSL_NO_EC
647     fprintf(stderr, " -no_ecdhe     - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
648 #endif
649 #ifndef OPENSSL_NO_PSK
650     fprintf(stderr, " -psk arg      - PSK in hex (without 0x)\n");
651 #endif
652 #ifndef OPENSSL_NO_SSL3
653     fprintf(stderr, " -ssl3         - use SSLv3\n");
654 #endif
655 #ifndef OPENSSL_NO_TLS1
656     fprintf(stderr, " -tls1         - use TLSv1\n");
657 #endif
658 #ifndef OPENSSL_NO_DTLS
659     fprintf(stderr, " -dtls         - use DTLS\n");
660 #ifndef OPENSSL_NO_DTLS1
661     fprintf(stderr, " -dtls1        - use DTLSv1\n");
662 #endif
663 #ifndef OPENSSL_NO_DTLS1_2
664     fprintf(stderr, " -dtls12       - use DTLSv1.2\n");
665 #endif
666 #endif
667     fprintf(stderr, " -CApath arg   - PEM format directory of CA's\n");
668     fprintf(stderr, " -CAfile arg   - PEM format file of CA's\n");
669     fprintf(stderr, " -cert arg     - Server certificate file\n");
670     fprintf(stderr,
671             " -key arg      - Server key file (default: same as -cert)\n");
672     fprintf(stderr, " -c_cert arg   - Client certificate file\n");
673     fprintf(stderr,
674             " -c_key arg    - Client key file (default: same as -c_cert)\n");
675     fprintf(stderr, " -cipher arg   - The TLSv1.2 and below cipher list\n");
676     fprintf(stderr, " -ciphersuites arg   - The TLSv1.3 ciphersuites\n");
677     fprintf(stderr, " -bio_pair     - Use BIO pairs\n");
678     fprintf(stderr, " -ipv4         - Use IPv4 connection on localhost\n");
679     fprintf(stderr, " -ipv6         - Use IPv6 connection on localhost\n");
680     fprintf(stderr, " -f            - Test even cases that can't work\n");
681     fprintf(stderr,
682             " -time         - measure processor time used by client and server\n");
683     fprintf(stderr, " -zlib         - use zlib compression\n");
684 #ifndef OPENSSL_NO_NEXTPROTONEG
685     fprintf(stderr, " -npn_client - have client side offer NPN\n");
686     fprintf(stderr, " -npn_server - have server side offer NPN\n");
687     fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
688 #endif
689     fprintf(stderr, " -serverinfo_file file - have server use this file\n");
690     fprintf(stderr, " -serverinfo_sct  - have client offer and expect SCT\n");
691     fprintf(stderr,
692             " -serverinfo_tack - have client offer and expect TACK\n");
693     fprintf(stderr,
694             " -custom_ext - try various custom extension callbacks\n");
695     fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
696     fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
697     fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
698     fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
699     fprintf(stderr,
700             " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
701     fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
702     fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
703     fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
704     fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
705     fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
706 #ifndef OPENSSL_NO_CT
707     fprintf(stderr, " -noct         - no certificate transparency\n");
708     fprintf(stderr, " -requestct    - request certificate transparency\n");
709     fprintf(stderr, " -requirect    - require certificate transparency\n");
710 #endif
711     fprintf(stderr, " -sn_client <string>  - have client request this servername\n");
712     fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
713     fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
714     fprintf(stderr, " -sn_expect1          - expected server 1\n");
715     fprintf(stderr, " -sn_expect2          - expected server 2\n");
716     fprintf(stderr, " -server_sess_out <file>    - Save the server session to a file\n");
717     fprintf(stderr, " -server_sess_in <file>     - Read the server session from a file\n");
718     fprintf(stderr, " -client_sess_out <file>    - Save the client session to a file\n");
719     fprintf(stderr, " -client_sess_in <file>     - Read the client session from a file\n");
720     fprintf(stderr, " -should_reuse <number>     - The expected state of reusing the session\n");
721     fprintf(stderr, " -no_ticket    - do not issue TLS session ticket\n");
722 }
723 
print_key_details(BIO * out,EVP_PKEY * key)724 static void print_key_details(BIO *out, EVP_PKEY *key)
725 {
726     int keyid = EVP_PKEY_id(key);
727 #ifndef OPENSSL_NO_EC
728     if (keyid == EVP_PKEY_EC) {
729         EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
730         int nid;
731         const char *cname;
732         nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
733         EC_KEY_free(ec);
734         cname = EC_curve_nid2nist(nid);
735         if (!cname)
736             cname = OBJ_nid2sn(nid);
737         BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
738     } else
739 #endif
740     {
741         const char *algname;
742         switch (keyid) {
743         case EVP_PKEY_RSA:
744             algname = "RSA";
745             break;
746         case EVP_PKEY_DSA:
747             algname = "DSA";
748             break;
749         case EVP_PKEY_DH:
750             algname = "DH";
751             break;
752         default:
753             algname = OBJ_nid2sn(keyid);
754             break;
755         }
756         BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
757     }
758 }
759 
print_details(SSL * c_ssl,const char * prefix)760 static void print_details(SSL *c_ssl, const char *prefix)
761 {
762     const SSL_CIPHER *ciph;
763     int mdnid;
764     X509 *cert;
765     EVP_PKEY *pkey;
766 
767     ciph = SSL_get_current_cipher(c_ssl);
768     BIO_printf(bio_stdout, "%s%s, cipher %s %s",
769                prefix,
770                SSL_get_version(c_ssl),
771                SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
772     cert = SSL_get_peer_certificate(c_ssl);
773     if (cert != NULL) {
774         EVP_PKEY* pubkey = X509_get0_pubkey(cert);
775 
776         if (pubkey != NULL) {
777             BIO_puts(bio_stdout, ", ");
778             print_key_details(bio_stdout, pubkey);
779         }
780         X509_free(cert);
781     }
782     if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
783         BIO_puts(bio_stdout, ", temp key: ");
784         print_key_details(bio_stdout, pkey);
785         EVP_PKEY_free(pkey);
786     }
787     if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
788         BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
789     BIO_printf(bio_stdout, "\n");
790 }
791 
792 /*
793  * protocol_from_string - converts a protocol version string to a number
794  *
795  * Returns -1 on failure or the version on success
796  */
protocol_from_string(const char * value)797 static int protocol_from_string(const char *value)
798 {
799     struct protocol_versions {
800         const char *name;
801         int version;
802     };
803     static const struct protocol_versions versions[] = {
804         {"ssl3", SSL3_VERSION},
805         {"tls1", TLS1_VERSION},
806         {"tls1.1", TLS1_1_VERSION},
807         {"tls1.2", TLS1_2_VERSION},
808         {"tls1.3", TLS1_3_VERSION},
809         {"dtls1", DTLS1_VERSION},
810         {"dtls1.2", DTLS1_2_VERSION}};
811     size_t i;
812     size_t n = OSSL_NELEM(versions);
813 
814     for (i = 0; i < n; i++)
815         if (strcmp(versions[i].name, value) == 0)
816             return versions[i].version;
817     return -1;
818 }
819 
read_session(const char * filename)820 static SSL_SESSION *read_session(const char *filename)
821 {
822     SSL_SESSION *sess;
823     BIO *f = BIO_new_file(filename, "r");
824 
825     if (f == NULL) {
826         BIO_printf(bio_err, "Can't open session file %s\n", filename);
827         ERR_print_errors(bio_err);
828         return NULL;
829     }
830     sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
831     if (sess == NULL) {
832         BIO_printf(bio_err, "Can't parse session file %s\n", filename);
833         ERR_print_errors(bio_err);
834     }
835     BIO_free(f);
836     return sess;
837 }
838 
write_session(const char * filename,SSL_SESSION * sess)839 static int write_session(const char *filename, SSL_SESSION *sess)
840 {
841     BIO *f = BIO_new_file(filename, "w");
842 
843     if (sess == NULL) {
844         BIO_printf(bio_err, "No session information\n");
845         return 0;
846     }
847     if (f == NULL) {
848         BIO_printf(bio_err, "Can't open session file %s\n", filename);
849         ERR_print_errors(bio_err);
850         return 0;
851     }
852     PEM_write_bio_SSL_SESSION(f, sess);
853     BIO_free(f);
854     return 1;
855 }
856 
857 /*
858  * set_protocol_version - Sets protocol version minimum or maximum
859  *
860  * Returns 0 on failure and 1 on success
861  */
set_protocol_version(const char * version,SSL * ssl,int setting)862 static int set_protocol_version(const char *version, SSL *ssl, int setting)
863 {
864     if (version != NULL) {
865         int ver = protocol_from_string(version);
866         if (ver < 0) {
867             BIO_printf(bio_err, "Error parsing: %s\n", version);
868             return 0;
869         }
870         return SSL_ctrl(ssl, setting, ver, NULL);
871     }
872     return 1;
873 }
874 
main(int argc,char * argv[])875 int main(int argc, char *argv[])
876 {
877     const char *CApath = NULL, *CAfile = NULL;
878     int badop = 0;
879     enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
880     int force = 0;
881     int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
882     int ret = EXIT_FAILURE;
883     int client_auth = 0;
884     int server_auth = 0, i;
885     struct app_verify_arg app_verify_arg =
886         { APP_CALLBACK_STRING, 0 };
887     char *p;
888     SSL_CTX *c_ctx = NULL;
889     const SSL_METHOD *meth = NULL;
890     SSL *c_ssl, *s_ssl;
891     int number = 1, reuse = 0;
892     int should_reuse = -1;
893     int no_ticket = 0;
894     long bytes = 256L;
895 #ifndef OPENSSL_NO_DH
896     DH *dh;
897     int dhe512 = 0, dhe1024dsa = 0;
898 #endif
899     int no_dhe = 0;
900     int no_psk = 0;
901     int print_time = 0;
902     clock_t s_time = 0, c_time = 0;
903 #ifndef OPENSSL_NO_COMP
904     int n, comp = 0;
905     COMP_METHOD *cm = NULL;
906     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
907 #endif
908     int no_protocol;
909     int min_version = 0, max_version = 0;
910 #ifndef OPENSSL_NO_CT
911     /*
912      * Disable CT validation by default, because it will interfere with
913      * anything using custom extension handlers to deal with SCT extensions.
914      */
915     int ct_validation = 0;
916 #endif
917     SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
918     STACK_OF(OPENSSL_STRING) *conf_args = NULL;
919     char *arg = NULL, *argn = NULL;
920 
921     verbose = 0;
922     debug = 0;
923 
924     bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
925 
926     p = getenv("OPENSSL_DEBUG_MEMORY");
927     if (p != NULL && strcmp(p, "on") == 0)
928         CRYPTO_set_mem_debug(1);
929     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
930 
931     bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
932 
933     s_cctx = SSL_CONF_CTX_new();
934     s_cctx2 = SSL_CONF_CTX_new();
935     c_cctx = SSL_CONF_CTX_new();
936 
937     if (!s_cctx || !c_cctx || !s_cctx2) {
938         ERR_print_errors(bio_err);
939         goto end;
940     }
941 
942     SSL_CONF_CTX_set_flags(s_cctx,
943                            SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
944                            SSL_CONF_FLAG_CERTIFICATE |
945                            SSL_CONF_FLAG_REQUIRE_PRIVATE);
946     SSL_CONF_CTX_set_flags(s_cctx2,
947                            SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
948                            SSL_CONF_FLAG_CERTIFICATE |
949                            SSL_CONF_FLAG_REQUIRE_PRIVATE);
950     if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
951         ERR_print_errors(bio_err);
952         goto end;
953     }
954     if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
955         ERR_print_errors(bio_err);
956         goto end;
957     }
958 
959     SSL_CONF_CTX_set_flags(c_cctx,
960                            SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
961                            SSL_CONF_FLAG_CERTIFICATE |
962                            SSL_CONF_FLAG_REQUIRE_PRIVATE);
963     if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
964         ERR_print_errors(bio_err);
965         goto end;
966     }
967 
968     argc--;
969     argv++;
970 
971     while (argc >= 1) {
972         if (strcmp(*argv, "-F") == 0) {
973             fprintf(stderr,
974                     "not compiled with FIPS support, so exiting without running.\n");
975             EXIT(0);
976         } else if (strcmp(*argv, "-server_auth") == 0)
977             server_auth = 1;
978         else if (strcmp(*argv, "-client_auth") == 0)
979             client_auth = 1;
980         else if (strcmp(*argv, "-v") == 0)
981             verbose = 1;
982         else if (strcmp(*argv, "-d") == 0)
983             debug = 1;
984         else if (strcmp(*argv, "-reuse") == 0)
985             reuse = 1;
986         else if (strcmp(*argv, "-dhe512") == 0) {
987 #ifndef OPENSSL_NO_DH
988             dhe512 = 1;
989 #else
990             fprintf(stderr,
991                     "ignoring -dhe512, since I'm compiled without DH\n");
992 #endif
993         } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
994 #ifndef OPENSSL_NO_DH
995             dhe1024dsa = 1;
996 #else
997             fprintf(stderr,
998                     "ignoring -dhe1024dsa, since I'm compiled without DH\n");
999 #endif
1000         } else if (strcmp(*argv, "-no_dhe") == 0)
1001             no_dhe = 1;
1002         else if (strcmp(*argv, "-no_ecdhe") == 0)
1003             /* obsolete */;
1004         else if (strcmp(*argv, "-psk") == 0) {
1005             if (--argc < 1)
1006                 goto bad;
1007             psk_key = *(++argv);
1008 #ifndef OPENSSL_NO_PSK
1009             if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1010                 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1011                 goto bad;
1012             }
1013 #else
1014             no_psk = 1;
1015 #endif
1016         }
1017         else if (strcmp(*argv, "-tls1_2") == 0) {
1018             tls1_2 = 1;
1019         } else if (strcmp(*argv, "-tls1") == 0) {
1020             tls1 = 1;
1021         } else if (strcmp(*argv, "-ssl3") == 0) {
1022             ssl3 = 1;
1023         } else if (strcmp(*argv, "-dtls1") == 0) {
1024             dtls1 = 1;
1025         } else if (strcmp(*argv, "-dtls12") == 0) {
1026             dtls12 = 1;
1027         } else if (strcmp(*argv, "-dtls") == 0) {
1028             dtls = 1;
1029         } else if (strncmp(*argv, "-num", 4) == 0) {
1030             if (--argc < 1)
1031                 goto bad;
1032             number = atoi(*(++argv));
1033             if (number == 0)
1034                 number = 1;
1035         } else if (strcmp(*argv, "-bytes") == 0) {
1036             if (--argc < 1)
1037                 goto bad;
1038             bytes = atol(*(++argv));
1039             if (bytes == 0L)
1040                 bytes = 1L;
1041             i = strlen(argv[0]);
1042             if (argv[0][i - 1] == 'k')
1043                 bytes *= 1024L;
1044             if (argv[0][i - 1] == 'm')
1045                 bytes *= 1024L * 1024L;
1046         } else if (strcmp(*argv, "-cipher") == 0) {
1047             if (--argc < 1)
1048                 goto bad;
1049             cipher = *(++argv);
1050         } else if (strcmp(*argv, "-ciphersuites") == 0) {
1051             if (--argc < 1)
1052                 goto bad;
1053             ciphersuites = *(++argv);
1054         } else if (strcmp(*argv, "-CApath") == 0) {
1055             if (--argc < 1)
1056                 goto bad;
1057             CApath = *(++argv);
1058         } else if (strcmp(*argv, "-CAfile") == 0) {
1059             if (--argc < 1)
1060                 goto bad;
1061             CAfile = *(++argv);
1062         } else if (strcmp(*argv, "-bio_pair") == 0) {
1063             bio_type = BIO_PAIR;
1064         }
1065 #ifndef OPENSSL_NO_SOCK
1066         else if (strcmp(*argv, "-ipv4") == 0) {
1067             bio_type = BIO_IPV4;
1068         } else if (strcmp(*argv, "-ipv6") == 0) {
1069             bio_type = BIO_IPV6;
1070         }
1071 #endif
1072         else if (strcmp(*argv, "-f") == 0) {
1073             force = 1;
1074         } else if (strcmp(*argv, "-time") == 0) {
1075             print_time = 1;
1076         }
1077 #ifndef OPENSSL_NO_CT
1078         else if (strcmp(*argv, "-noct") == 0) {
1079             ct_validation = 0;
1080         }
1081         else if (strcmp(*argv, "-ct") == 0) {
1082             ct_validation = 1;
1083         }
1084 #endif
1085 #ifndef OPENSSL_NO_COMP
1086         else if (strcmp(*argv, "-zlib") == 0) {
1087             comp = COMP_ZLIB;
1088         }
1089 #endif
1090         else if (strcmp(*argv, "-app_verify") == 0) {
1091             app_verify_arg.app_verify = 1;
1092         }
1093 #ifndef OPENSSL_NO_NEXTPROTONEG
1094           else if (strcmp(*argv, "-npn_client") == 0) {
1095             npn_client = 1;
1096         } else if (strcmp(*argv, "-npn_server") == 0) {
1097             npn_server = 1;
1098         } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1099             npn_server_reject = 1;
1100         }
1101 #endif
1102         else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1103             serverinfo_sct = 1;
1104         } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1105             serverinfo_tack = 1;
1106         } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1107             if (--argc < 1)
1108                 goto bad;
1109             serverinfo_file = *(++argv);
1110         } else if (strcmp(*argv, "-custom_ext") == 0) {
1111             custom_ext = 1;
1112         } else if (strcmp(*argv, "-alpn_client") == 0) {
1113             if (--argc < 1)
1114                 goto bad;
1115             alpn_client = *(++argv);
1116         } else if (strcmp(*argv, "-alpn_server") == 0 ||
1117                    strcmp(*argv, "-alpn_server1") == 0) {
1118             if (--argc < 1)
1119                 goto bad;
1120             alpn_server = *(++argv);
1121         } else if (strcmp(*argv, "-alpn_server2") == 0) {
1122             if (--argc < 1)
1123                 goto bad;
1124             alpn_server2 = *(++argv);
1125         } else if (strcmp(*argv, "-alpn_expected") == 0) {
1126             if (--argc < 1)
1127                 goto bad;
1128             alpn_expected = *(++argv);
1129         } else if (strcmp(*argv, "-server_min_proto") == 0) {
1130             if (--argc < 1)
1131                 goto bad;
1132             server_min_proto = *(++argv);
1133         } else if (strcmp(*argv, "-server_max_proto") == 0) {
1134             if (--argc < 1)
1135                 goto bad;
1136             server_max_proto = *(++argv);
1137         } else if (strcmp(*argv, "-client_min_proto") == 0) {
1138             if (--argc < 1)
1139                 goto bad;
1140             client_min_proto = *(++argv);
1141         } else if (strcmp(*argv, "-client_max_proto") == 0) {
1142             if (--argc < 1)
1143                 goto bad;
1144             client_max_proto = *(++argv);
1145         } else if (strcmp(*argv, "-should_negotiate") == 0) {
1146             if (--argc < 1)
1147                 goto bad;
1148             should_negotiate = *(++argv);
1149         } else if (strcmp(*argv, "-sn_client") == 0) {
1150             if (--argc < 1)
1151                 goto bad;
1152             sn_client = *(++argv);
1153         } else if (strcmp(*argv, "-sn_server1") == 0) {
1154             if (--argc < 1)
1155                 goto bad;
1156             sn_server1 = *(++argv);
1157         } else if (strcmp(*argv, "-sn_server2") == 0) {
1158             if (--argc < 1)
1159                 goto bad;
1160             sn_server2 = *(++argv);
1161         } else if (strcmp(*argv, "-sn_expect1") == 0) {
1162             sn_expect = 1;
1163         } else if (strcmp(*argv, "-sn_expect2") == 0) {
1164             sn_expect = 2;
1165         } else if (strcmp(*argv, "-server_sess_out") == 0) {
1166             if (--argc < 1)
1167                 goto bad;
1168             server_sess_out = *(++argv);
1169         } else if (strcmp(*argv, "-server_sess_in") == 0) {
1170             if (--argc < 1)
1171                 goto bad;
1172             server_sess_in = *(++argv);
1173         } else if (strcmp(*argv, "-client_sess_out") == 0) {
1174             if (--argc < 1)
1175                 goto bad;
1176             client_sess_out = *(++argv);
1177         } else if (strcmp(*argv, "-client_sess_in") == 0) {
1178             if (--argc < 1)
1179                 goto bad;
1180             client_sess_in = *(++argv);
1181         } else if (strcmp(*argv, "-should_reuse") == 0) {
1182             if (--argc < 1)
1183                 goto bad;
1184             should_reuse = !!atoi(*(++argv));
1185         } else if (strcmp(*argv, "-no_ticket") == 0) {
1186             no_ticket = 1;
1187         } else {
1188             int rv;
1189             arg = argv[0];
1190             argn = argv[1];
1191             /* Try to process command using SSL_CONF */
1192             rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1193             /* If not processed try server */
1194             if (rv == 0)
1195                 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1196             /* Recognised: store it for later use */
1197             if (rv > 0) {
1198                 if (rv == 1)
1199                     argn = NULL;
1200                 if (!conf_args) {
1201                     conf_args = sk_OPENSSL_STRING_new_null();
1202                     if (!conf_args)
1203                         goto end;
1204                 }
1205                 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1206                     goto end;
1207                 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1208                     goto end;
1209                 continue;
1210             }
1211             if (rv == -3)
1212                 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1213             else if (rv < 0)
1214                 BIO_printf(bio_err, "Error with command %s\n", arg);
1215             else if (rv == 0)
1216                 BIO_printf(bio_err, "unknown option %s\n", arg);
1217             badop = 1;
1218             break;
1219         }
1220         argc--;
1221         argv++;
1222     }
1223     if (badop) {
1224  bad:
1225         sv_usage();
1226         goto end;
1227     }
1228 
1229     if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1230         fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1231                 "be requested.\n");
1232         EXIT(1);
1233     }
1234 
1235 #ifdef OPENSSL_NO_SSL3
1236     if (ssl3)
1237         no_protocol = 1;
1238     else
1239 #endif
1240 #ifdef OPENSSL_NO_TLS1
1241     if (tls1)
1242         no_protocol = 1;
1243     else
1244 #endif
1245 #ifdef OPENSSL_NO_TLS1_2
1246     if (tls1_2)
1247         no_protocol = 1;
1248     else
1249 #endif
1250 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1251     if (dtls1)
1252         no_protocol = 1;
1253     else
1254 #endif
1255 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1256     if (dtls12)
1257         no_protocol = 1;
1258     else
1259 #endif
1260         no_protocol = 0;
1261 
1262     /*
1263      * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1264      * Ideally, we would error out, but the generic test wrapper can't know
1265      * when to expect failure. So we do nothing and return success.
1266      */
1267     if (no_protocol) {
1268         fprintf(stderr, "Testing was requested for a disabled protocol. "
1269                 "Skipping tests.\n");
1270         ret = EXIT_SUCCESS;
1271         goto end;
1272     }
1273 
1274     if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1275             && !reuse && !force) {
1276         fprintf(stderr, "This case cannot work.  Use -f to perform "
1277                 "the test anyway (and\n-d to see what happens), "
1278                 "or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1279                 "to avoid protocol mismatch.\n");
1280         EXIT(1);
1281     }
1282 
1283     if (print_time) {
1284         if (bio_type != BIO_PAIR) {
1285             fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1286             bio_type = BIO_PAIR;
1287         }
1288         if (number < 50 && !force)
1289             fprintf(stderr,
1290                     "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1291     }
1292 
1293 #ifndef OPENSSL_NO_COMP
1294     if (comp == COMP_ZLIB)
1295         cm = COMP_zlib();
1296     if (cm != NULL) {
1297         if (COMP_get_type(cm) != NID_undef) {
1298             if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1299                 fprintf(stderr, "Failed to add compression method\n");
1300                 ERR_print_errors_fp(stderr);
1301             }
1302         } else {
1303             fprintf(stderr,
1304                     "Warning: %s compression not supported\n",
1305                     comp == COMP_ZLIB ? "zlib" : "unknown");
1306             ERR_print_errors_fp(stderr);
1307         }
1308     }
1309     ssl_comp_methods = SSL_COMP_get_compression_methods();
1310     n = sk_SSL_COMP_num(ssl_comp_methods);
1311     if (n) {
1312         int j;
1313         printf("Available compression methods:");
1314         for (j = 0; j < n; j++) {
1315             SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1316             printf("  %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1317         }
1318         printf("\n");
1319     }
1320 #endif
1321 
1322 #ifndef OPENSSL_NO_TLS
1323     meth = TLS_method();
1324     if (ssl3) {
1325         min_version = SSL3_VERSION;
1326         max_version = SSL3_VERSION;
1327     } else if (tls1) {
1328         min_version = TLS1_VERSION;
1329         max_version = TLS1_VERSION;
1330     } else if (tls1_2) {
1331         min_version = TLS1_2_VERSION;
1332         max_version = TLS1_2_VERSION;
1333     } else {
1334         min_version = SSL3_VERSION;
1335         max_version = TLS_MAX_VERSION;
1336     }
1337 #endif
1338 #ifndef OPENSSL_NO_DTLS
1339     if (dtls || dtls1 || dtls12) {
1340         meth = DTLS_method();
1341         if (dtls1) {
1342             min_version = DTLS1_VERSION;
1343             max_version = DTLS1_VERSION;
1344         } else if (dtls12) {
1345             min_version = DTLS1_2_VERSION;
1346             max_version = DTLS1_2_VERSION;
1347         } else {
1348             min_version = DTLS_MIN_VERSION;
1349             max_version = DTLS_MAX_VERSION;
1350         }
1351     }
1352 #endif
1353 
1354     c_ctx = SSL_CTX_new(meth);
1355     s_ctx = SSL_CTX_new(meth);
1356     s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1357     if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1358         ERR_print_errors(bio_err);
1359         goto end;
1360     }
1361     /*
1362      * Since we will use low security ciphersuites and keys for testing set
1363      * security level to zero by default. Tests can override this by adding
1364      * "@SECLEVEL=n" to the cipher string.
1365      */
1366     SSL_CTX_set_security_level(c_ctx, 0);
1367     SSL_CTX_set_security_level(s_ctx, 0);
1368     SSL_CTX_set_security_level(s_ctx2, 0);
1369 
1370     if (no_ticket) {
1371         SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1372         SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1373     }
1374 
1375     if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1376         goto end;
1377     if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1378         goto end;
1379     if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1380         goto end;
1381     if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1382         goto end;
1383 
1384     if (cipher != NULL) {
1385         if (strcmp(cipher, "") == 0) {
1386             if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
1387                 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1388                     ERR_clear_error();
1389                 } else {
1390                     ERR_print_errors(bio_err);
1391                     goto end;
1392                 }
1393             } else {
1394                 /* Should have failed when clearing all TLSv1.2 ciphers. */
1395                 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1396                 goto end;
1397             }
1398 
1399             if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1400                 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1401                     ERR_clear_error();
1402                 } else {
1403                     ERR_print_errors(bio_err);
1404                     goto end;
1405                 }
1406             } else {
1407                 /* Should have failed when clearing all TLSv1.2 ciphers. */
1408                 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1409                 goto end;
1410             }
1411 
1412             if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1413                 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1414                     ERR_clear_error();
1415                 } else {
1416                     ERR_print_errors(bio_err);
1417                     goto end;
1418                 }
1419             } else {
1420                 /* Should have failed when clearing all TLSv1.2 ciphers. */
1421                 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1422                 goto end;
1423             }
1424         } else {
1425             if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1426                     || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1427                     || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1428                 ERR_print_errors(bio_err);
1429                 goto end;
1430             }
1431         }
1432     }
1433     if (ciphersuites != NULL) {
1434         if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
1435             || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
1436             || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
1437             ERR_print_errors(bio_err);
1438             goto end;
1439         }
1440     }
1441 
1442 #ifndef OPENSSL_NO_CT
1443     if (ct_validation &&
1444         !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1445         ERR_print_errors(bio_err);
1446         goto end;
1447     }
1448 #endif
1449 
1450     /* Process SSL_CONF arguments */
1451     SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1452     SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1453     SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1454 
1455     for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1456         int rv;
1457         arg = sk_OPENSSL_STRING_value(conf_args, i);
1458         argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1459         rv = SSL_CONF_cmd(c_cctx, arg, argn);
1460         /* If not recognised use server context */
1461         if (rv == -2) {
1462             rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1463             if (rv > 0)
1464                 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1465         }
1466         if (rv <= 0) {
1467             BIO_printf(bio_err, "Error processing %s %s\n",
1468                        arg, argn ? argn : "");
1469             ERR_print_errors(bio_err);
1470             goto end;
1471         }
1472     }
1473 
1474     if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1475         BIO_puts(bio_err, "Error finishing context\n");
1476         ERR_print_errors(bio_err);
1477         goto end;
1478     }
1479 #ifndef OPENSSL_NO_DH
1480     if (!no_dhe) {
1481         if (dhe1024dsa) {
1482             dh = get_dh1024dsa();
1483         } else if (dhe512)
1484             dh = get_dh512();
1485         else
1486             dh = get_dh1024();
1487         SSL_CTX_set_tmp_dh(s_ctx, dh);
1488         SSL_CTX_set_tmp_dh(s_ctx2, dh);
1489         DH_free(dh);
1490     }
1491 #else
1492     (void)no_dhe;
1493 #endif
1494 
1495     if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1496         (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1497         (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1498         (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1499         (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1500         (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1501         ERR_print_errors(bio_err);
1502     }
1503 
1504 #ifndef OPENSSL_NO_CT
1505     if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1506         !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1507         !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1508         ERR_print_errors(bio_err);
1509     }
1510 #endif
1511 
1512     if (client_auth) {
1513         printf("client authentication\n");
1514         SSL_CTX_set_verify(s_ctx,
1515                            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1516                            verify_callback);
1517         SSL_CTX_set_verify(s_ctx2,
1518                            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1519                            verify_callback);
1520         SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1521                                          &app_verify_arg);
1522         SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1523                                          &app_verify_arg);
1524     }
1525     if (server_auth) {
1526         printf("server authentication\n");
1527         SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1528         SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1529                                          &app_verify_arg);
1530     }
1531 
1532     {
1533         int session_id_context = 0;
1534         if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1535                                             sizeof(session_id_context)) ||
1536             !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1537                                             sizeof(session_id_context))) {
1538             ERR_print_errors(bio_err);
1539             goto end;
1540         }
1541     }
1542 
1543     /* Use PSK only if PSK key is given */
1544     if (psk_key != NULL) {
1545         /*
1546          * no_psk is used to avoid putting psk command to openssl tool
1547          */
1548         if (no_psk) {
1549             /*
1550              * if PSK is not compiled in and psk key is given, do nothing and
1551              * exit successfully
1552              */
1553             ret = EXIT_SUCCESS;
1554             goto end;
1555         }
1556 #ifndef OPENSSL_NO_PSK
1557         SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1558         SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1559         SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1560         if (debug)
1561             BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1562         if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1563             !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1564             BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1565             ERR_print_errors(bio_err);
1566             goto end;
1567         }
1568 #endif
1569     }
1570 
1571 #ifndef OPENSSL_NO_NEXTPROTONEG
1572     if (npn_client) {
1573         SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1574     }
1575     if (npn_server) {
1576         if (npn_server_reject) {
1577             BIO_printf(bio_err,
1578                        "Can't have both -npn_server and -npn_server_reject\n");
1579             goto end;
1580         }
1581         SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1582         SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1583     }
1584     if (npn_server_reject) {
1585         SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1586         SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1587     }
1588 #endif
1589 
1590     if (serverinfo_sct) {
1591         if (!SSL_CTX_add_client_custom_ext(c_ctx,
1592                 TLSEXT_TYPE_signed_certificate_timestamp,
1593                 NULL, NULL, NULL,
1594                 serverinfo_cli_parse_cb, NULL)) {
1595             BIO_printf(bio_err, "Error adding SCT extension\n");
1596             goto end;
1597         }
1598     }
1599     if (serverinfo_tack) {
1600         if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1601                                       NULL, NULL, NULL,
1602                                       serverinfo_cli_parse_cb, NULL)) {
1603             BIO_printf(bio_err, "Error adding TACK extension\n");
1604             goto end;
1605         }
1606     }
1607     if (serverinfo_file)
1608         if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1609             !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1610             BIO_printf(bio_err, "missing serverinfo file\n");
1611             goto end;
1612         }
1613 
1614     if (custom_ext) {
1615         if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1616                                       custom_ext_0_cli_add_cb,
1617                                       NULL, NULL,
1618                                       custom_ext_0_cli_parse_cb, NULL)
1619             || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1620                                       custom_ext_1_cli_add_cb,
1621                                       NULL, NULL,
1622                                       custom_ext_1_cli_parse_cb, NULL)
1623             || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1624                                       custom_ext_2_cli_add_cb,
1625                                       NULL, NULL,
1626                                       custom_ext_2_cli_parse_cb, NULL)
1627             || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1628                                       custom_ext_3_cli_add_cb,
1629                                       NULL, NULL,
1630                                       custom_ext_3_cli_parse_cb, NULL)
1631             || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1632                                       custom_ext_0_srv_add_cb,
1633                                       NULL, NULL,
1634                                       custom_ext_0_srv_parse_cb, NULL)
1635             || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1636                                       custom_ext_0_srv_add_cb,
1637                                       NULL, NULL,
1638                                       custom_ext_0_srv_parse_cb, NULL)
1639             || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1640                                       custom_ext_1_srv_add_cb,
1641                                       NULL, NULL,
1642                                       custom_ext_1_srv_parse_cb, NULL)
1643             || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1644                                       custom_ext_1_srv_add_cb,
1645                                       NULL, NULL,
1646                                       custom_ext_1_srv_parse_cb, NULL)
1647             || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1648                                       custom_ext_2_srv_add_cb,
1649                                       NULL, NULL,
1650                                       custom_ext_2_srv_parse_cb, NULL)
1651             || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1652                                       custom_ext_2_srv_add_cb,
1653                                       NULL, NULL,
1654                                       custom_ext_2_srv_parse_cb, NULL)
1655             || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1656                                       custom_ext_3_srv_add_cb,
1657                                       NULL, NULL,
1658                                       custom_ext_3_srv_parse_cb, NULL)
1659             || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1660                                       custom_ext_3_srv_add_cb,
1661                                       NULL, NULL,
1662                                       custom_ext_3_srv_parse_cb, NULL)) {
1663             BIO_printf(bio_err, "Error setting custom extensions\n");
1664             goto end;
1665         }
1666     }
1667 
1668     if (alpn_server)
1669         SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1670     if (alpn_server2)
1671         SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1672 
1673     if (alpn_client) {
1674         size_t alpn_len;
1675         unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1676 
1677         if (alpn == NULL) {
1678             BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1679             goto end;
1680         }
1681         /* Returns 0 on success!! */
1682         if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1683             BIO_printf(bio_err, "Error setting ALPN\n");
1684             OPENSSL_free(alpn);
1685             goto end;
1686         }
1687         OPENSSL_free(alpn);
1688     }
1689 
1690     if (server_sess_in != NULL) {
1691         server_sess = read_session(server_sess_in);
1692         if (server_sess == NULL)
1693             goto end;
1694     }
1695     if (client_sess_in != NULL) {
1696         client_sess = read_session(client_sess_in);
1697         if (client_sess == NULL)
1698             goto end;
1699     }
1700 
1701     if (server_sess_out != NULL || server_sess_in != NULL) {
1702         char *keys;
1703         long size;
1704 
1705         /* Use a fixed key so that we can decrypt the ticket. */
1706         size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1707         keys = OPENSSL_zalloc(size);
1708         SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1709         OPENSSL_free(keys);
1710     }
1711 
1712     if (sn_server1 != NULL || sn_server2 != NULL)
1713         SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1714 
1715     c_ssl = SSL_new(c_ctx);
1716     s_ssl = SSL_new(s_ctx);
1717 
1718     if (sn_client)
1719         SSL_set_tlsext_host_name(c_ssl, sn_client);
1720 
1721     if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1722         goto end;
1723     if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1724         goto end;
1725     if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1726         goto end;
1727     if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1728         goto end;
1729 
1730     if (server_sess) {
1731         if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1732             BIO_printf(bio_err, "Can't add server session\n");
1733             ERR_print_errors(bio_err);
1734             goto end;
1735         }
1736     }
1737 
1738     BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1739     for (i = 0; i < number; i++) {
1740         if (!reuse) {
1741             if (!SSL_set_session(c_ssl, NULL)) {
1742                 BIO_printf(bio_err, "Failed to set session\n");
1743                 goto end;
1744             }
1745         }
1746         if (client_sess_in != NULL) {
1747             if (SSL_set_session(c_ssl, client_sess) == 0) {
1748                 BIO_printf(bio_err, "Can't set client session\n");
1749                 ERR_print_errors(bio_err);
1750                 goto end;
1751             }
1752         }
1753         switch (bio_type) {
1754         case BIO_MEM:
1755             ret = doit(s_ssl, c_ssl, bytes);
1756             break;
1757         case BIO_PAIR:
1758             ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1759             break;
1760 #ifndef OPENSSL_NO_SOCK
1761         case BIO_IPV4:
1762             ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1763                                  bytes, &s_time, &c_time);
1764             break;
1765         case BIO_IPV6:
1766             ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1767                                  bytes, &s_time, &c_time);
1768             break;
1769 #else
1770         case BIO_IPV4:
1771         case BIO_IPV6:
1772             ret = EXIT_FAILURE;
1773             goto err;
1774 #endif
1775         }
1776         if (ret != EXIT_SUCCESS)  break;
1777     }
1778 
1779     if (should_negotiate && ret == EXIT_SUCCESS &&
1780         strcmp(should_negotiate, "fail-server") != 0 &&
1781         strcmp(should_negotiate, "fail-client") != 0) {
1782         int version = protocol_from_string(should_negotiate);
1783         if (version < 0) {
1784             BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1785             ret = EXIT_FAILURE;
1786             goto err;
1787         }
1788         if (SSL_version(c_ssl) != version) {
1789             BIO_printf(bio_err, "Unexpected version negotiated. "
1790                 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1791             ret = EXIT_FAILURE;
1792             goto err;
1793         }
1794     }
1795 
1796     if (should_reuse != -1) {
1797         if (SSL_session_reused(s_ssl) != should_reuse ||
1798             SSL_session_reused(c_ssl) != should_reuse) {
1799             BIO_printf(bio_err, "Unexpected session reuse state. "
1800                 "Expected: %d, server: %d, client: %d\n", should_reuse,
1801                 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1802             ret = EXIT_FAILURE;
1803             goto err;
1804         }
1805     }
1806 
1807     if (server_sess_out != NULL) {
1808         if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1809             ret = EXIT_FAILURE;
1810             goto err;
1811         }
1812     }
1813     if (client_sess_out != NULL) {
1814         if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1815             ret = EXIT_FAILURE;
1816             goto err;
1817         }
1818     }
1819 
1820     if (!verbose) {
1821         print_details(c_ssl, "");
1822     }
1823     if (print_time) {
1824 #ifdef CLOCKS_PER_SEC
1825         /*
1826          * "To determine the time in seconds, the value returned by the clock
1827          * function should be divided by the value of the macro
1828          * CLOCKS_PER_SEC." -- ISO/IEC 9899
1829          */
1830         BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1831                    "Approximate total client time: %6.2f s\n",
1832                    (double)s_time / CLOCKS_PER_SEC,
1833                    (double)c_time / CLOCKS_PER_SEC);
1834 #else
1835         BIO_printf(bio_stdout,
1836                    "Approximate total server time: %6.2f units\n"
1837                    "Approximate total client time: %6.2f units\n",
1838                    (double)s_time, (double)c_time);
1839 #endif
1840     }
1841 
1842  err:
1843     SSL_free(s_ssl);
1844     SSL_free(c_ssl);
1845 
1846  end:
1847     SSL_CTX_free(s_ctx);
1848     SSL_CTX_free(s_ctx2);
1849     SSL_CTX_free(c_ctx);
1850     SSL_CONF_CTX_free(s_cctx);
1851     SSL_CONF_CTX_free(s_cctx2);
1852     SSL_CONF_CTX_free(c_cctx);
1853     sk_OPENSSL_STRING_free(conf_args);
1854 
1855     BIO_free(bio_stdout);
1856 
1857     SSL_SESSION_free(server_sess);
1858     SSL_SESSION_free(client_sess);
1859 
1860 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1861     if (CRYPTO_mem_leaks(bio_err) <= 0)
1862         ret = EXIT_FAILURE;
1863 #endif
1864     BIO_free(bio_err);
1865     EXIT(ret);
1866 }
1867 
1868 #ifndef OPENSSL_NO_SOCK
doit_localhost(SSL * s_ssl,SSL * c_ssl,int family,long count,clock_t * s_time,clock_t * c_time)1869 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1870                    clock_t *s_time, clock_t *c_time)
1871 {
1872     long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1873     BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1874     BIO *acpt = NULL, *server = NULL, *client = NULL;
1875     char addr_str[40];
1876     int ret = EXIT_FAILURE;
1877     int err_in_client = 0;
1878     int err_in_server = 0;
1879 
1880     acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
1881                                                     : "[::1]:0");
1882     if (acpt == NULL)
1883         goto err;
1884     BIO_set_accept_ip_family(acpt, family);
1885     BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1886     if (BIO_do_accept(acpt) <= 0)
1887         goto err;
1888 
1889     BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1890 
1891     client = BIO_new_connect(addr_str);
1892     BIO_set_conn_ip_family(client, family);
1893     if (!client)
1894         goto err;
1895 
1896     if (BIO_set_nbio(client, 1) <= 0)
1897         goto err;
1898     if (BIO_set_nbio(acpt, 1) <= 0)
1899         goto err;
1900 
1901     {
1902         int st_connect = 0, st_accept = 0;
1903 
1904         while(!st_connect || !st_accept) {
1905             if (!st_connect) {
1906                 if (BIO_do_connect(client) <= 0) {
1907                     if (!BIO_should_retry(client))
1908                         goto err;
1909                 } else {
1910                     st_connect = 1;
1911                 }
1912             }
1913             if (!st_accept) {
1914                 if (BIO_do_accept(acpt) <= 0) {
1915                     if (!BIO_should_retry(acpt))
1916                         goto err;
1917                 } else {
1918                     st_accept = 1;
1919                 }
1920             }
1921         }
1922     }
1923     /* We're not interested in accepting further connects */
1924     server = BIO_pop(acpt);
1925     BIO_free_all(acpt);
1926     acpt = NULL;
1927 
1928     s_ssl_bio = BIO_new(BIO_f_ssl());
1929     if (!s_ssl_bio)
1930         goto err;
1931 
1932     c_ssl_bio = BIO_new(BIO_f_ssl());
1933     if (!c_ssl_bio)
1934         goto err;
1935 
1936     SSL_set_connect_state(c_ssl);
1937     SSL_set_bio(c_ssl, client, client);
1938     (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1939 
1940     SSL_set_accept_state(s_ssl);
1941     SSL_set_bio(s_ssl, server, server);
1942     (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1943 
1944     do {
1945         /*-
1946          * c_ssl_bio:          SSL filter BIO
1947          *
1948          * client:             I/O for SSL library
1949          *
1950          *
1951          * server:             I/O for SSL library
1952          *
1953          * s_ssl_bio:          SSL filter BIO
1954          */
1955 
1956         /*
1957          * We have non-blocking behaviour throughout this test program, but
1958          * can be sure that there is *some* progress in each iteration; so we
1959          * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
1960          * we just try everything in each iteration
1961          */
1962 
1963         {
1964             /* CLIENT */
1965 
1966             char cbuf[1024 * 8];
1967             int i, r;
1968             clock_t c_clock = clock();
1969 
1970             memset(cbuf, 0, sizeof(cbuf));
1971 
1972             if (debug)
1973                 if (SSL_in_init(c_ssl))
1974                     printf("client waiting in SSL_connect - %s\n",
1975                            SSL_state_string_long(c_ssl));
1976 
1977             if (cw_num > 0) {
1978                 /* Write to server. */
1979 
1980                 if (cw_num > (long)sizeof(cbuf))
1981                     i = sizeof(cbuf);
1982                 else
1983                     i = (int)cw_num;
1984                 r = BIO_write(c_ssl_bio, cbuf, i);
1985                 if (r < 0) {
1986                     if (!BIO_should_retry(c_ssl_bio)) {
1987                         fprintf(stderr, "ERROR in CLIENT\n");
1988                         err_in_client = 1;
1989                         goto err;
1990                     }
1991                     /*
1992                      * BIO_should_retry(...) can just be ignored here. The
1993                      * library expects us to call BIO_write with the same
1994                      * arguments again, and that's what we will do in the
1995                      * next iteration.
1996                      */
1997                 } else if (r == 0) {
1998                     fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
1999                     goto err;
2000                 } else {
2001                     if (debug)
2002                         printf("client wrote %d\n", r);
2003                     cw_num -= r;
2004                 }
2005             }
2006 
2007             if (cr_num > 0) {
2008                 /* Read from server. */
2009 
2010                 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2011                 if (r < 0) {
2012                     if (!BIO_should_retry(c_ssl_bio)) {
2013                         fprintf(stderr, "ERROR in CLIENT\n");
2014                         err_in_client = 1;
2015                         goto err;
2016                     }
2017                     /*
2018                      * Again, "BIO_should_retry" can be ignored.
2019                      */
2020                 } else if (r == 0) {
2021                     fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2022                     goto err;
2023                 } else {
2024                     if (debug)
2025                         printf("client read %d\n", r);
2026                     cr_num -= r;
2027                 }
2028             }
2029 
2030             /*
2031              * c_time and s_time increments will typically be very small
2032              * (depending on machine speed and clock tick intervals), but
2033              * sampling over a large number of connections should result in
2034              * fairly accurate figures.  We cannot guarantee a lot, however
2035              * -- if each connection lasts for exactly one clock tick, it
2036              * will be counted only for the client or only for the server or
2037              * even not at all.
2038              */
2039             *c_time += (clock() - c_clock);
2040         }
2041 
2042         {
2043             /* SERVER */
2044 
2045             char sbuf[1024 * 8];
2046             int i, r;
2047             clock_t s_clock = clock();
2048 
2049             memset(sbuf, 0, sizeof(sbuf));
2050 
2051             if (debug)
2052                 if (SSL_in_init(s_ssl))
2053                     printf("server waiting in SSL_accept - %s\n",
2054                            SSL_state_string_long(s_ssl));
2055 
2056             if (sw_num > 0) {
2057                 /* Write to client. */
2058 
2059                 if (sw_num > (long)sizeof(sbuf))
2060                     i = sizeof(sbuf);
2061                 else
2062                     i = (int)sw_num;
2063                 r = BIO_write(s_ssl_bio, sbuf, i);
2064                 if (r < 0) {
2065                     if (!BIO_should_retry(s_ssl_bio)) {
2066                         fprintf(stderr, "ERROR in SERVER\n");
2067                         err_in_server = 1;
2068                         goto err;
2069                     }
2070                     /* Ignore "BIO_should_retry". */
2071                 } else if (r == 0) {
2072                     fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2073                     goto err;
2074                 } else {
2075                     if (debug)
2076                         printf("server wrote %d\n", r);
2077                     sw_num -= r;
2078                 }
2079             }
2080 
2081             if (sr_num > 0) {
2082                 /* Read from client. */
2083 
2084                 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2085                 if (r < 0) {
2086                     if (!BIO_should_retry(s_ssl_bio)) {
2087                         fprintf(stderr, "ERROR in SERVER\n");
2088                         err_in_server = 1;
2089                         goto err;
2090                     }
2091                     /* blah, blah */
2092                 } else if (r == 0) {
2093                     fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2094                     goto err;
2095                 } else {
2096                     if (debug)
2097                         printf("server read %d\n", r);
2098                     sr_num -= r;
2099                 }
2100             }
2101 
2102             *s_time += (clock() - s_clock);
2103         }
2104     }
2105     while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2106 
2107     if (verbose)
2108         print_details(c_ssl, "DONE via TCP connect: ");
2109 # ifndef OPENSSL_NO_NEXTPROTONEG
2110     if (verify_npn(c_ssl, s_ssl) < 0)
2111         goto end;
2112 # endif
2113     if (verify_serverinfo() < 0) {
2114         fprintf(stderr, "Server info verify error\n");
2115         goto err;
2116     }
2117     if (verify_alpn(c_ssl, s_ssl) < 0
2118             || verify_servername(c_ssl, s_ssl) < 0)
2119         goto err;
2120 
2121     if (custom_ext_error) {
2122         fprintf(stderr, "Custom extension error\n");
2123         goto err;
2124     }
2125 
2126 # ifndef OPENSSL_NO_NEXTPROTONEG
2127  end:
2128 # endif
2129     ret = EXIT_SUCCESS;
2130 
2131  err:
2132     ERR_print_errors(bio_err);
2133 
2134     BIO_free_all(acpt);
2135     BIO_free(server);
2136     BIO_free(client);
2137     BIO_free(s_ssl_bio);
2138     BIO_free(c_ssl_bio);
2139 
2140     if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2141         ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2142     else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2143         ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2144 
2145     return ret;
2146 }
2147 #endif
2148 
doit_biopair(SSL * s_ssl,SSL * c_ssl,long count,clock_t * s_time,clock_t * c_time)2149 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2150                  clock_t *s_time, clock_t *c_time)
2151 {
2152     long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2153     BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2154     BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2155     int ret = EXIT_FAILURE;
2156     int err_in_client = 0;
2157     int err_in_server = 0;
2158 
2159     size_t bufsiz = 256;        /* small buffer for testing */
2160 
2161     if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2162         goto err;
2163     if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2164         goto err;
2165 
2166     s_ssl_bio = BIO_new(BIO_f_ssl());
2167     if (!s_ssl_bio)
2168         goto err;
2169 
2170     c_ssl_bio = BIO_new(BIO_f_ssl());
2171     if (!c_ssl_bio)
2172         goto err;
2173 
2174     SSL_set_connect_state(c_ssl);
2175     SSL_set_bio(c_ssl, client, client);
2176     (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2177 
2178     SSL_set_accept_state(s_ssl);
2179     SSL_set_bio(s_ssl, server, server);
2180     (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2181 
2182     do {
2183         /*-
2184          * c_ssl_bio:          SSL filter BIO
2185          *
2186          * client:             pseudo-I/O for SSL library
2187          *
2188          * client_io:          client's SSL communication; usually to be
2189          *                     relayed over some I/O facility, but in this
2190          *                     test program, we're the server, too:
2191          *
2192          * server_io:          server's SSL communication
2193          *
2194          * server:             pseudo-I/O for SSL library
2195          *
2196          * s_ssl_bio:          SSL filter BIO
2197          *
2198          * The client and the server each employ a "BIO pair":
2199          * client + client_io, server + server_io.
2200          * BIO pairs are symmetric.  A BIO pair behaves similar
2201          * to a non-blocking socketpair (but both endpoints must
2202          * be handled by the same thread).
2203          * [Here we could connect client and server to the ends
2204          * of a single BIO pair, but then this code would be less
2205          * suitable as an example for BIO pairs in general.]
2206          *
2207          * Useful functions for querying the state of BIO pair endpoints:
2208          *
2209          * BIO_ctrl_pending(bio)              number of bytes we can read now
2210          * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfill
2211          *                                      other side's read attempt
2212          * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
2213          *
2214          * ..._read_request is never more than ..._write_guarantee;
2215          * it depends on the application which one you should use.
2216          */
2217 
2218         /*
2219          * We have non-blocking behaviour throughout this test program, but
2220          * can be sure that there is *some* progress in each iteration; so we
2221          * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2222          * we just try everything in each iteration
2223          */
2224 
2225         {
2226             /* CLIENT */
2227 
2228             char cbuf[1024 * 8];
2229             int i, r;
2230             clock_t c_clock = clock();
2231 
2232             memset(cbuf, 0, sizeof(cbuf));
2233 
2234             if (debug)
2235                 if (SSL_in_init(c_ssl))
2236                     printf("client waiting in SSL_connect - %s\n",
2237                            SSL_state_string_long(c_ssl));
2238 
2239             if (cw_num > 0) {
2240                 /* Write to server. */
2241 
2242                 if (cw_num > (long)sizeof(cbuf))
2243                     i = sizeof(cbuf);
2244                 else
2245                     i = (int)cw_num;
2246                 r = BIO_write(c_ssl_bio, cbuf, i);
2247                 if (r < 0) {
2248                     if (!BIO_should_retry(c_ssl_bio)) {
2249                         fprintf(stderr, "ERROR in CLIENT\n");
2250                         err_in_client = 1;
2251                         goto err;
2252                     }
2253                     /*
2254                      * BIO_should_retry(...) can just be ignored here. The
2255                      * library expects us to call BIO_write with the same
2256                      * arguments again, and that's what we will do in the
2257                      * next iteration.
2258                      */
2259                 } else if (r == 0) {
2260                     fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2261                     goto err;
2262                 } else {
2263                     if (debug)
2264                         printf("client wrote %d\n", r);
2265                     cw_num -= r;
2266                 }
2267             }
2268 
2269             if (cr_num > 0) {
2270                 /* Read from server. */
2271 
2272                 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2273                 if (r < 0) {
2274                     if (!BIO_should_retry(c_ssl_bio)) {
2275                         fprintf(stderr, "ERROR in CLIENT\n");
2276                         err_in_client = 1;
2277                         goto err;
2278                     }
2279                     /*
2280                      * Again, "BIO_should_retry" can be ignored.
2281                      */
2282                 } else if (r == 0) {
2283                     fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2284                     goto err;
2285                 } else {
2286                     if (debug)
2287                         printf("client read %d\n", r);
2288                     cr_num -= r;
2289                 }
2290             }
2291 
2292             /*
2293              * c_time and s_time increments will typically be very small
2294              * (depending on machine speed and clock tick intervals), but
2295              * sampling over a large number of connections should result in
2296              * fairly accurate figures.  We cannot guarantee a lot, however
2297              * -- if each connection lasts for exactly one clock tick, it
2298              * will be counted only for the client or only for the server or
2299              * even not at all.
2300              */
2301             *c_time += (clock() - c_clock);
2302         }
2303 
2304         {
2305             /* SERVER */
2306 
2307             char sbuf[1024 * 8];
2308             int i, r;
2309             clock_t s_clock = clock();
2310 
2311             memset(sbuf, 0, sizeof(sbuf));
2312 
2313             if (debug)
2314                 if (SSL_in_init(s_ssl))
2315                     printf("server waiting in SSL_accept - %s\n",
2316                            SSL_state_string_long(s_ssl));
2317 
2318             if (sw_num > 0) {
2319                 /* Write to client. */
2320 
2321                 if (sw_num > (long)sizeof(sbuf))
2322                     i = sizeof(sbuf);
2323                 else
2324                     i = (int)sw_num;
2325                 r = BIO_write(s_ssl_bio, sbuf, i);
2326                 if (r < 0) {
2327                     if (!BIO_should_retry(s_ssl_bio)) {
2328                         fprintf(stderr, "ERROR in SERVER\n");
2329                         err_in_server = 1;
2330                         goto err;
2331                     }
2332                     /* Ignore "BIO_should_retry". */
2333                 } else if (r == 0) {
2334                     fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2335                     goto err;
2336                 } else {
2337                     if (debug)
2338                         printf("server wrote %d\n", r);
2339                     sw_num -= r;
2340                 }
2341             }
2342 
2343             if (sr_num > 0) {
2344                 /* Read from client. */
2345 
2346                 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2347                 if (r < 0) {
2348                     if (!BIO_should_retry(s_ssl_bio)) {
2349                         fprintf(stderr, "ERROR in SERVER\n");
2350                         err_in_server = 1;
2351                         goto err;
2352                     }
2353                     /* blah, blah */
2354                 } else if (r == 0) {
2355                     fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2356                     goto err;
2357                 } else {
2358                     if (debug)
2359                         printf("server read %d\n", r);
2360                     sr_num -= r;
2361                 }
2362             }
2363 
2364             *s_time += (clock() - s_clock);
2365         }
2366 
2367         {
2368             /* "I/O" BETWEEN CLIENT AND SERVER. */
2369 
2370             size_t r1, r2;
2371             BIO *io1 = server_io, *io2 = client_io;
2372             /*
2373              * we use the non-copying interface for io1 and the standard
2374              * BIO_write/BIO_read interface for io2
2375              */
2376 
2377             static int prev_progress = 1;
2378             int progress = 0;
2379 
2380             /* io1 to io2 */
2381             do {
2382                 size_t num;
2383                 int r;
2384 
2385                 r1 = BIO_ctrl_pending(io1);
2386                 r2 = BIO_ctrl_get_write_guarantee(io2);
2387 
2388                 num = r1;
2389                 if (r2 < num)
2390                     num = r2;
2391                 if (num) {
2392                     char *dataptr;
2393 
2394                     if (INT_MAX < num) /* yeah, right */
2395                         num = INT_MAX;
2396 
2397                     r = BIO_nread(io1, &dataptr, (int)num);
2398                     assert(r > 0);
2399                     assert(r <= (int)num);
2400                     /*
2401                      * possibly r < num (non-contiguous data)
2402                      */
2403                     num = r;
2404                     r = BIO_write(io2, dataptr, (int)num);
2405                     if (r != (int)num) { /* can't happen */
2406                         fprintf(stderr, "ERROR: BIO_write could not write "
2407                                 "BIO_ctrl_get_write_guarantee() bytes");
2408                         goto err;
2409                     }
2410                     progress = 1;
2411 
2412                     if (debug)
2413                         printf((io1 == client_io) ?
2414                                "C->S relaying: %d bytes\n" :
2415                                "S->C relaying: %d bytes\n", (int)num);
2416                 }
2417             }
2418             while (r1 && r2);
2419 
2420             /* io2 to io1 */
2421             {
2422                 size_t num;
2423                 int r;
2424 
2425                 r1 = BIO_ctrl_pending(io2);
2426                 r2 = BIO_ctrl_get_read_request(io1);
2427                 /*
2428                  * here we could use ..._get_write_guarantee instead of
2429                  * ..._get_read_request, but by using the latter we test
2430                  * restartability of the SSL implementation more thoroughly
2431                  */
2432                 num = r1;
2433                 if (r2 < num)
2434                     num = r2;
2435                 if (num) {
2436                     char *dataptr;
2437 
2438                     if (INT_MAX < num)
2439                         num = INT_MAX;
2440 
2441                     if (num > 1)
2442                         --num;  /* test restartability even more thoroughly */
2443 
2444                     r = BIO_nwrite0(io1, &dataptr);
2445                     assert(r > 0);
2446                     if (r < (int)num)
2447                         num = r;
2448                     r = BIO_read(io2, dataptr, (int)num);
2449                     if (r != (int)num) { /* can't happen */
2450                         fprintf(stderr, "ERROR: BIO_read could not read "
2451                                 "BIO_ctrl_pending() bytes");
2452                         goto err;
2453                     }
2454                     progress = 1;
2455                     r = BIO_nwrite(io1, &dataptr, (int)num);
2456                     if (r != (int)num) { /* can't happen */
2457                         fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2458                                 "BIO_nwrite0() bytes");
2459                         goto err;
2460                     }
2461 
2462                     if (debug)
2463                         printf((io2 == client_io) ?
2464                                "C->S relaying: %d bytes\n" :
2465                                "S->C relaying: %d bytes\n", (int)num);
2466                 }
2467             }                   /* no loop, BIO_ctrl_get_read_request now
2468                                  * returns 0 anyway */
2469 
2470             if (!progress && !prev_progress)
2471                 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2472                     fprintf(stderr, "ERROR: got stuck\n");
2473                     fprintf(stderr, " ERROR.\n");
2474                     goto err;
2475                 }
2476             prev_progress = progress;
2477         }
2478     }
2479     while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2480 
2481     if (verbose)
2482         print_details(c_ssl, "DONE via BIO pair: ");
2483 #ifndef OPENSSL_NO_NEXTPROTONEG
2484     if (verify_npn(c_ssl, s_ssl) < 0)
2485         goto end;
2486 #endif
2487     if (verify_serverinfo() < 0) {
2488         fprintf(stderr, "Server info verify error\n");
2489         goto err;
2490     }
2491     if (verify_alpn(c_ssl, s_ssl) < 0
2492             || verify_servername(c_ssl, s_ssl) < 0)
2493         goto err;
2494 
2495     if (custom_ext_error) {
2496         fprintf(stderr, "Custom extension error\n");
2497         goto err;
2498     }
2499 
2500 #ifndef OPENSSL_NO_NEXTPROTONEG
2501  end:
2502 #endif
2503     ret = EXIT_SUCCESS;
2504 
2505  err:
2506     ERR_print_errors(bio_err);
2507 
2508     BIO_free(server);
2509     BIO_free(server_io);
2510     BIO_free(client);
2511     BIO_free(client_io);
2512     BIO_free(s_ssl_bio);
2513     BIO_free(c_ssl_bio);
2514 
2515     if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2516         ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2517     else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2518         ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2519 
2520     return ret;
2521 }
2522 
2523 #define W_READ  1
2524 #define W_WRITE 2
2525 #define C_DONE  1
2526 #define S_DONE  2
2527 
doit(SSL * s_ssl,SSL * c_ssl,long count)2528 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2529 {
2530     char *cbuf = NULL, *sbuf = NULL;
2531     long bufsiz;
2532     long cw_num = count, cr_num = count;
2533     long sw_num = count, sr_num = count;
2534     int ret = EXIT_FAILURE;
2535     BIO *c_to_s = NULL;
2536     BIO *s_to_c = NULL;
2537     BIO *c_bio = NULL;
2538     BIO *s_bio = NULL;
2539     int c_r, c_w, s_r, s_w;
2540     int i, j;
2541     int done = 0;
2542     int c_write, s_write;
2543     int do_server = 0, do_client = 0;
2544     int max_frag = 5 * 1024;
2545     int err_in_client = 0;
2546     int err_in_server = 0;
2547 
2548     bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2549 
2550     if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2551         goto err;
2552     if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2553         goto err;
2554 
2555     c_to_s = BIO_new(BIO_s_mem());
2556     s_to_c = BIO_new(BIO_s_mem());
2557     if ((s_to_c == NULL) || (c_to_s == NULL)) {
2558         ERR_print_errors(bio_err);
2559         goto err;
2560     }
2561 
2562     c_bio = BIO_new(BIO_f_ssl());
2563     s_bio = BIO_new(BIO_f_ssl());
2564     if ((c_bio == NULL) || (s_bio == NULL)) {
2565         ERR_print_errors(bio_err);
2566         goto err;
2567     }
2568 
2569     SSL_set_connect_state(c_ssl);
2570     SSL_set_bio(c_ssl, s_to_c, c_to_s);
2571     SSL_set_max_send_fragment(c_ssl, max_frag);
2572     BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2573 
2574     /*
2575      * We've just given our ref to these BIOs to c_ssl. We need another one to
2576      * give to s_ssl
2577      */
2578     if (!BIO_up_ref(c_to_s)) {
2579         /* c_to_s and s_to_c will get freed when we free c_ssl */
2580         c_to_s = NULL;
2581         s_to_c = NULL;
2582         goto err;
2583     }
2584     if (!BIO_up_ref(s_to_c)) {
2585         /* s_to_c will get freed when we free c_ssl */
2586         s_to_c = NULL;
2587         goto err;
2588     }
2589 
2590     SSL_set_accept_state(s_ssl);
2591     SSL_set_bio(s_ssl, c_to_s, s_to_c);
2592 
2593     /* We've used up all our refs to these now */
2594     c_to_s = NULL;
2595     s_to_c = NULL;
2596 
2597     SSL_set_max_send_fragment(s_ssl, max_frag);
2598     BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2599 
2600     c_r = 0;
2601     s_r = 1;
2602     c_w = 1;
2603     s_w = 0;
2604     c_write = 1, s_write = 0;
2605 
2606     /* We can always do writes */
2607     for (;;) {
2608         do_server = 0;
2609         do_client = 0;
2610 
2611         i = (int)BIO_pending(s_bio);
2612         if ((i && s_r) || s_w)
2613             do_server = 1;
2614 
2615         i = (int)BIO_pending(c_bio);
2616         if ((i && c_r) || c_w)
2617             do_client = 1;
2618 
2619         if (do_server && debug) {
2620             if (SSL_in_init(s_ssl))
2621                 printf("server waiting in SSL_accept - %s\n",
2622                        SSL_state_string_long(s_ssl));
2623         }
2624 
2625         if (do_client && debug) {
2626             if (SSL_in_init(c_ssl))
2627                 printf("client waiting in SSL_connect - %s\n",
2628                        SSL_state_string_long(c_ssl));
2629         }
2630 
2631         if (!do_client && !do_server) {
2632             fprintf(stdout, "ERROR IN STARTUP\n");
2633             ERR_print_errors(bio_err);
2634             goto err;
2635         }
2636         if (do_client && !(done & C_DONE)) {
2637             if (c_write) {
2638                 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2639                 i = BIO_write(c_bio, cbuf, j);
2640                 if (i < 0) {
2641                     c_r = 0;
2642                     c_w = 0;
2643                     if (BIO_should_retry(c_bio)) {
2644                         if (BIO_should_read(c_bio))
2645                             c_r = 1;
2646                         if (BIO_should_write(c_bio))
2647                             c_w = 1;
2648                     } else {
2649                         fprintf(stderr, "ERROR in CLIENT\n");
2650                         err_in_client = 1;
2651                         ERR_print_errors(bio_err);
2652                         goto err;
2653                     }
2654                 } else if (i == 0) {
2655                     fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2656                     goto err;
2657                 } else {
2658                     if (debug)
2659                         printf("client wrote %d\n", i);
2660                     /* ok */
2661                     s_r = 1;
2662                     c_write = 0;
2663                     cw_num -= i;
2664                     if (max_frag > 1029)
2665                         SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2666                 }
2667             } else {
2668                 i = BIO_read(c_bio, cbuf, bufsiz);
2669                 if (i < 0) {
2670                     c_r = 0;
2671                     c_w = 0;
2672                     if (BIO_should_retry(c_bio)) {
2673                         if (BIO_should_read(c_bio))
2674                             c_r = 1;
2675                         if (BIO_should_write(c_bio))
2676                             c_w = 1;
2677                     } else {
2678                         fprintf(stderr, "ERROR in CLIENT\n");
2679                         err_in_client = 1;
2680                         ERR_print_errors(bio_err);
2681                         goto err;
2682                     }
2683                 } else if (i == 0) {
2684                     fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2685                     goto err;
2686                 } else {
2687                     if (debug)
2688                         printf("client read %d\n", i);
2689                     cr_num -= i;
2690                     if (sw_num > 0) {
2691                         s_write = 1;
2692                         s_w = 1;
2693                     }
2694                     if (cr_num <= 0) {
2695                         s_write = 1;
2696                         s_w = 1;
2697                         done = S_DONE | C_DONE;
2698                     }
2699                 }
2700             }
2701         }
2702 
2703         if (do_server && !(done & S_DONE)) {
2704             if (!s_write) {
2705                 i = BIO_read(s_bio, sbuf, bufsiz);
2706                 if (i < 0) {
2707                     s_r = 0;
2708                     s_w = 0;
2709                     if (BIO_should_retry(s_bio)) {
2710                         if (BIO_should_read(s_bio))
2711                             s_r = 1;
2712                         if (BIO_should_write(s_bio))
2713                             s_w = 1;
2714                     } else {
2715                         fprintf(stderr, "ERROR in SERVER\n");
2716                         err_in_server = 1;
2717                         ERR_print_errors(bio_err);
2718                         goto err;
2719                     }
2720                 } else if (i == 0) {
2721                     ERR_print_errors(bio_err);
2722                     fprintf(stderr,
2723                             "SSL SERVER STARTUP FAILED in SSL_read\n");
2724                     goto err;
2725                 } else {
2726                     if (debug)
2727                         printf("server read %d\n", i);
2728                     sr_num -= i;
2729                     if (cw_num > 0) {
2730                         c_write = 1;
2731                         c_w = 1;
2732                     }
2733                     if (sr_num <= 0) {
2734                         s_write = 1;
2735                         s_w = 1;
2736                         c_write = 0;
2737                     }
2738                 }
2739             } else {
2740                 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2741                 i = BIO_write(s_bio, sbuf, j);
2742                 if (i < 0) {
2743                     s_r = 0;
2744                     s_w = 0;
2745                     if (BIO_should_retry(s_bio)) {
2746                         if (BIO_should_read(s_bio))
2747                             s_r = 1;
2748                         if (BIO_should_write(s_bio))
2749                             s_w = 1;
2750                     } else {
2751                         fprintf(stderr, "ERROR in SERVER\n");
2752                         err_in_server = 1;
2753                         ERR_print_errors(bio_err);
2754                         goto err;
2755                     }
2756                 } else if (i == 0) {
2757                     ERR_print_errors(bio_err);
2758                     fprintf(stderr,
2759                             "SSL SERVER STARTUP FAILED in SSL_write\n");
2760                     goto err;
2761                 } else {
2762                     if (debug)
2763                         printf("server wrote %d\n", i);
2764                     sw_num -= i;
2765                     s_write = 0;
2766                     c_r = 1;
2767                     if (sw_num <= 0)
2768                         done |= S_DONE;
2769                     if (max_frag > 1029)
2770                         SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2771                 }
2772             }
2773         }
2774 
2775         if ((done & S_DONE) && (done & C_DONE))
2776             break;
2777     }
2778 
2779     if (verbose)
2780         print_details(c_ssl, "DONE: ");
2781 #ifndef OPENSSL_NO_NEXTPROTONEG
2782     if (verify_npn(c_ssl, s_ssl) < 0)
2783         goto err;
2784 #endif
2785     if (verify_serverinfo() < 0) {
2786         fprintf(stderr, "Server info verify error\n");
2787         goto err;
2788     }
2789     if (custom_ext_error) {
2790         fprintf(stderr, "Custom extension error\n");
2791         goto err;
2792     }
2793     ret = EXIT_SUCCESS;
2794  err:
2795     BIO_free(c_to_s);
2796     BIO_free(s_to_c);
2797     BIO_free_all(c_bio);
2798     BIO_free_all(s_bio);
2799     OPENSSL_free(cbuf);
2800     OPENSSL_free(sbuf);
2801 
2802     if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2803         ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2804     else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2805         ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2806 
2807     return ret;
2808 }
2809 
verify_callback(int ok,X509_STORE_CTX * ctx)2810 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2811 {
2812     char *s, buf[256];
2813 
2814     s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2815                           buf, sizeof(buf));
2816     if (s != NULL) {
2817         if (ok)
2818             printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2819         else {
2820             fprintf(stderr, "depth=%d error=%d %s\n",
2821                     X509_STORE_CTX_get_error_depth(ctx),
2822                     X509_STORE_CTX_get_error(ctx), buf);
2823         }
2824     }
2825 
2826     if (ok == 0) {
2827         int i = X509_STORE_CTX_get_error(ctx);
2828 
2829         switch (i) {
2830         default:
2831             fprintf(stderr, "Error string: %s\n",
2832                     X509_verify_cert_error_string(i));
2833             break;
2834         case X509_V_ERR_CERT_NOT_YET_VALID:
2835         case X509_V_ERR_CERT_HAS_EXPIRED:
2836         case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2837             ok = 1;
2838             break;
2839         }
2840     }
2841 
2842     return ok;
2843 }
2844 
app_verify_callback(X509_STORE_CTX * ctx,void * arg)2845 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2846 {
2847     int ok = 1;
2848     struct app_verify_arg *cb_arg = arg;
2849 
2850     if (cb_arg->app_verify) {
2851         char *s = NULL, buf[256];
2852         X509 *c = X509_STORE_CTX_get0_cert(ctx);
2853 
2854         printf("In app_verify_callback, allowing cert. ");
2855         printf("Arg is: %s\n", cb_arg->string);
2856         printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2857                 (void *)ctx, (void *)c);
2858         if (c)
2859             s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2860         if (s != NULL) {
2861             printf("cert depth=%d %s\n",
2862                     X509_STORE_CTX_get_error_depth(ctx), buf);
2863         }
2864         return 1;
2865     }
2866 
2867     ok = X509_verify_cert(ctx);
2868 
2869     return ok;
2870 }
2871 
2872 #ifndef OPENSSL_NO_DH
2873 /*-
2874  * These DH parameters have been generated as follows:
2875  *    $ openssl dhparam -C -noout 512
2876  *    $ openssl dhparam -C -noout 1024
2877  *    $ openssl dhparam -C -noout -dsaparam 1024
2878  * (The third function has been renamed to avoid name conflicts.)
2879  */
get_dh512(void)2880 static DH *get_dh512(void)
2881 {
2882     static unsigned char dh512_p[] = {
2883         0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2884         0xC6,
2885         0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2886         0xB0,
2887         0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2888         0x5F,
2889         0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2890         0xB8,
2891         0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2892         0x33,
2893         0x02, 0xC5, 0xAE, 0x23,
2894     };
2895     static unsigned char dh512_g[] = {
2896         0x02,
2897     };
2898     DH *dh;
2899     BIGNUM *p, *g;
2900 
2901     if ((dh = DH_new()) == NULL)
2902         return NULL;
2903     p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2904     g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2905     if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2906         DH_free(dh);
2907         BN_free(p);
2908         BN_free(g);
2909         return NULL;
2910     }
2911     return dh;
2912 }
2913 
get_dh1024(void)2914 static DH *get_dh1024(void)
2915 {
2916     static unsigned char dh1024_p[] = {
2917         0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2918         0x3A,
2919         0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2920         0xA2,
2921         0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2922         0xB0,
2923         0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2924         0xC2,
2925         0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2926         0x8C,
2927         0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2928         0xB8,
2929         0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2930         0x52,
2931         0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2932         0xC1,
2933         0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2934         0xB1,
2935         0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2936         0xAB,
2937         0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2938     };
2939     static unsigned char dh1024_g[] = {
2940         0x02,
2941     };
2942     DH *dh;
2943     BIGNUM *p, *g;
2944 
2945     if ((dh = DH_new()) == NULL)
2946         return NULL;
2947     p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2948     g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2949     if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2950         DH_free(dh);
2951         BN_free(p);
2952         BN_free(g);
2953         return NULL;
2954     }
2955     return dh;
2956 }
2957 
get_dh1024dsa(void)2958 static DH *get_dh1024dsa(void)
2959 {
2960     static unsigned char dh1024_p[] = {
2961         0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
2962         0x00,
2963         0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
2964         0x19,
2965         0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
2966         0xD2,
2967         0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
2968         0x55,
2969         0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
2970         0xFC,
2971         0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
2972         0x97,
2973         0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
2974         0x8D,
2975         0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
2976         0xBB,
2977         0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
2978         0xF6,
2979         0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
2980         0x9E,
2981         0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
2982     };
2983     static unsigned char dh1024_g[] = {
2984         0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
2985         0x05,
2986         0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
2987         0xF3,
2988         0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
2989         0xE9,
2990         0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
2991         0x3C,
2992         0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
2993         0x65,
2994         0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
2995         0x60,
2996         0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
2997         0xF6,
2998         0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
2999         0xA7,
3000         0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3001         0xA1,
3002         0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3003         0x60,
3004         0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3005     };
3006     DH *dh;
3007     BIGNUM *p, *g;
3008 
3009     if ((dh = DH_new()) == NULL)
3010         return NULL;
3011     p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3012     g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3013     if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3014         DH_free(dh);
3015         BN_free(p);
3016         BN_free(g);
3017         return NULL;
3018     }
3019     DH_set_length(dh, 160);
3020     return dh;
3021 }
3022 #endif
3023 
3024 #ifndef OPENSSL_NO_PSK
3025 /* convert the PSK key (psk_key) in ascii to binary (psk) */
psk_key2bn(const char * pskkey,unsigned char * psk,unsigned int max_psk_len)3026 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3027                       unsigned int max_psk_len)
3028 {
3029     int ret;
3030     BIGNUM *bn = NULL;
3031 
3032     ret = BN_hex2bn(&bn, pskkey);
3033     if (!ret) {
3034         BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3035                    pskkey);
3036         BN_free(bn);
3037         return 0;
3038     }
3039     if (BN_num_bytes(bn) > (int)max_psk_len) {
3040         BIO_printf(bio_err,
3041                    "psk buffer of callback is too small (%d) for key (%d)\n",
3042                    max_psk_len, BN_num_bytes(bn));
3043         BN_free(bn);
3044         return 0;
3045     }
3046     ret = BN_bn2bin(bn, psk);
3047     BN_free(bn);
3048     return ret;
3049 }
3050 
psk_client_callback(SSL * ssl,const char * hint,char * identity,unsigned int max_identity_len,unsigned char * psk,unsigned int max_psk_len)3051 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3052                                         char *identity,
3053                                         unsigned int max_identity_len,
3054                                         unsigned char *psk,
3055                                         unsigned int max_psk_len)
3056 {
3057     int ret;
3058     unsigned int psk_len = 0;
3059 
3060     ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3061     if (ret < 0)
3062         goto out_err;
3063     if (debug)
3064         fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3065                 ret);
3066     ret = psk_key2bn(psk_key, psk, max_psk_len);
3067     if (ret < 0)
3068         goto out_err;
3069     psk_len = ret;
3070  out_err:
3071     return psk_len;
3072 }
3073 
psk_server_callback(SSL * ssl,const char * identity,unsigned char * psk,unsigned int max_psk_len)3074 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3075                                         unsigned char *psk,
3076                                         unsigned int max_psk_len)
3077 {
3078     unsigned int psk_len = 0;
3079 
3080     if (strcmp(identity, "Client_identity") != 0) {
3081         BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3082         return 0;
3083     }
3084     psk_len = psk_key2bn(psk_key, psk, max_psk_len);
3085     return psk_len;
3086 }
3087 #endif
3088