1 /*
2 * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
4 * Copyright 2005 Nokia. All rights reserved.
5 *
6 * Licensed under the OpenSSL license (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include "e_os.h"
13
14 /* Or gethostname won't be declared properly on Linux and GNU platforms. */
15 #ifndef _BSD_SOURCE
16 # define _BSD_SOURCE 1
17 #endif
18 #ifndef _DEFAULT_SOURCE
19 # define _DEFAULT_SOURCE 1
20 #endif
21
22 #include <assert.h>
23 #include <errno.h>
24 #include <limits.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <time.h>
29
30 #include "internal/nelem.h"
31
32 #ifdef OPENSSL_SYS_VMS
33 /*
34 * Or isascii won't be declared properly on VMS (at least with DECompHP C).
35 */
36 # define _XOPEN_SOURCE 500
37 #endif
38
39 #include <ctype.h>
40
41 #include <openssl/bio.h>
42 #include <openssl/crypto.h>
43 #include <openssl/evp.h>
44 #include <openssl/x509.h>
45 #include <openssl/x509v3.h>
46 #include <openssl/ssl.h>
47 #include <openssl/err.h>
48 #include <openssl/rand.h>
49 #ifndef OPENSSL_NO_RSA
50 # include <openssl/rsa.h>
51 #endif
52 #ifndef OPENSSL_NO_DSA
53 # include <openssl/dsa.h>
54 #endif
55 #ifndef OPENSSL_NO_DH
56 # include <openssl/dh.h>
57 #endif
58 #include <openssl/bn.h>
59 #ifndef OPENSSL_NO_CT
60 # include <openssl/ct.h>
61 #endif
62
63 /*
64 * Or gethostname won't be declared properly
65 * on Compaq platforms (at least with DEC C).
66 * Do not try to put it earlier, or IPv6 includes
67 * get screwed...
68 */
69 #define _XOPEN_SOURCE_EXTENDED 1
70
71 #ifdef OPENSSL_SYS_WINDOWS
72 # include <winsock.h>
73 #else
74 # include OPENSSL_UNISTD
75 #endif
76
77 static SSL_CTX *s_ctx = NULL;
78 static SSL_CTX *s_ctx2 = NULL;
79
80 /*
81 * There is really no standard for this, so let's assign something
82 * only for this test
83 */
84 #define COMP_ZLIB 1
85
86 static int verify_callback(int ok, X509_STORE_CTX *ctx);
87 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
88 #define APP_CALLBACK_STRING "Test Callback Argument"
89 struct app_verify_arg {
90 char *string;
91 int app_verify;
92 };
93
94 #ifndef OPENSSL_NO_DH
95 static DH *get_dh512(void);
96 static DH *get_dh1024(void);
97 static DH *get_dh1024dsa(void);
98 static DH *get_dh2048(void);
99 static DH *get_dh4096(void);
100 #endif
101
102 static char *psk_key = NULL; /* by default PSK is not used */
103 #ifndef OPENSSL_NO_PSK
104 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
105 char *identity,
106 unsigned int max_identity_len,
107 unsigned char *psk,
108 unsigned int max_psk_len);
109 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
110 unsigned char *psk,
111 unsigned int max_psk_len);
112 #endif
113
114 static BIO *bio_err = NULL;
115 static BIO *bio_stdout = NULL;
116
117 #ifndef OPENSSL_NO_NEXTPROTONEG
118 /* Note that this code assumes that this is only a one element list: */
119 static const char NEXT_PROTO_STRING[] = "\x09testproto";
120 static int npn_client = 0;
121 static int npn_server = 0;
122 static int npn_server_reject = 0;
123
cb_client_npn(SSL * s,unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)124 static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
125 const unsigned char *in, unsigned int inlen,
126 void *arg)
127 {
128 /*
129 * This callback only returns the protocol string, rather than a length
130 * prefixed set. We assume that NEXT_PROTO_STRING is a one element list
131 * and remove the first byte to chop off the length prefix.
132 */
133 *out = (unsigned char *)NEXT_PROTO_STRING + 1;
134 *outlen = sizeof(NEXT_PROTO_STRING) - 2;
135 return SSL_TLSEXT_ERR_OK;
136 }
137
cb_server_npn(SSL * s,const unsigned char ** data,unsigned int * len,void * arg)138 static int cb_server_npn(SSL *s, const unsigned char **data,
139 unsigned int *len, void *arg)
140 {
141 *data = (const unsigned char *)NEXT_PROTO_STRING;
142 *len = sizeof(NEXT_PROTO_STRING) - 1;
143 return SSL_TLSEXT_ERR_OK;
144 }
145
cb_server_rejects_npn(SSL * s,const unsigned char ** data,unsigned int * len,void * arg)146 static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
147 unsigned int *len, void *arg)
148 {
149 return SSL_TLSEXT_ERR_NOACK;
150 }
151
verify_npn(SSL * client,SSL * server)152 static int verify_npn(SSL *client, SSL *server)
153 {
154 const unsigned char *client_s;
155 unsigned client_len;
156 const unsigned char *server_s;
157 unsigned server_len;
158
159 SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
160 SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
161
162 if (client_len) {
163 BIO_printf(bio_stdout, "Client NPN: ");
164 BIO_write(bio_stdout, client_s, client_len);
165 BIO_printf(bio_stdout, "\n");
166 }
167
168 if (server_len) {
169 BIO_printf(bio_stdout, "Server NPN: ");
170 BIO_write(bio_stdout, server_s, server_len);
171 BIO_printf(bio_stdout, "\n");
172 }
173
174 /*
175 * If an NPN string was returned, it must be the protocol that we
176 * expected to negotiate.
177 */
178 if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
179 memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
180 return -1;
181 if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
182 memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
183 return -1;
184
185 if (!npn_client && client_len)
186 return -1;
187 if (!npn_server && server_len)
188 return -1;
189 if (npn_server_reject && server_len)
190 return -1;
191 if (npn_client && npn_server && (!client_len || !server_len))
192 return -1;
193
194 return 0;
195 }
196 #endif
197
198 static const char *alpn_client;
199 static char *alpn_server;
200 static char *alpn_server2;
201 static const char *alpn_expected;
202 static unsigned char *alpn_selected;
203 static const char *server_min_proto;
204 static const char *server_max_proto;
205 static const char *client_min_proto;
206 static const char *client_max_proto;
207 static const char *should_negotiate;
208 static const char *sn_client;
209 static const char *sn_server1;
210 static const char *sn_server2;
211 static int sn_expect = 0;
212 static const char *server_sess_out;
213 static const char *server_sess_in;
214 static const char *client_sess_out;
215 static const char *client_sess_in;
216 static SSL_SESSION *server_sess;
217 static SSL_SESSION *client_sess;
218
servername_cb(SSL * s,int * ad,void * arg)219 static int servername_cb(SSL *s, int *ad, void *arg)
220 {
221 const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
222 if (sn_server2 == NULL) {
223 BIO_printf(bio_stdout, "Servername 2 is NULL\n");
224 return SSL_TLSEXT_ERR_NOACK;
225 }
226
227 if (servername) {
228 if (s_ctx2 != NULL && sn_server2 != NULL &&
229 !strcasecmp(servername, sn_server2)) {
230 BIO_printf(bio_stdout, "Switching server context.\n");
231 SSL_set_SSL_CTX(s, s_ctx2);
232 }
233 }
234 return SSL_TLSEXT_ERR_OK;
235 }
verify_servername(SSL * client,SSL * server)236 static int verify_servername(SSL *client, SSL *server)
237 {
238 /* just need to see if sn_context is what we expect */
239 SSL_CTX* ctx = SSL_get_SSL_CTX(server);
240 if (sn_expect == 0)
241 return 0;
242 if (sn_expect == 1 && ctx == s_ctx)
243 return 0;
244 if (sn_expect == 2 && ctx == s_ctx2)
245 return 0;
246 BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
247 if (ctx == s_ctx2)
248 BIO_printf(bio_stdout, "Servername: context is 2\n");
249 else if (ctx == s_ctx)
250 BIO_printf(bio_stdout, "Servername: context is 1\n");
251 else
252 BIO_printf(bio_stdout, "Servername: context is unknown\n");
253 return -1;
254 }
255
256
257 /*-
258 * next_protos_parse parses a comma separated list of strings into a string
259 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
260 * outlen: (output) set to the length of the resulting buffer on success.
261 * in: a NUL terminated string like "abc,def,ghi"
262 *
263 * returns: a malloced buffer or NULL on failure.
264 */
next_protos_parse(size_t * outlen,const char * in)265 static unsigned char *next_protos_parse(size_t *outlen,
266 const char *in)
267 {
268 size_t len;
269 unsigned char *out;
270 size_t i, start = 0;
271
272 len = strlen(in);
273 if (len >= 65535)
274 return NULL;
275
276 out = OPENSSL_malloc(strlen(in) + 1);
277 if (!out)
278 return NULL;
279
280 for (i = 0; i <= len; ++i) {
281 if (i == len || in[i] == ',') {
282 if (i - start > 255) {
283 OPENSSL_free(out);
284 return NULL;
285 }
286 out[start] = (unsigned char)(i - start);
287 start = i + 1;
288 } else
289 out[i + 1] = in[i];
290 }
291
292 *outlen = len + 1;
293 return out;
294 }
295
cb_server_alpn(SSL * s,const unsigned char ** out,unsigned char * outlen,const unsigned char * in,unsigned int inlen,void * arg)296 static int cb_server_alpn(SSL *s, const unsigned char **out,
297 unsigned char *outlen, const unsigned char *in,
298 unsigned int inlen, void *arg)
299 {
300 unsigned char *protos;
301 size_t protos_len;
302 char* alpn_str = arg;
303
304 protos = next_protos_parse(&protos_len, alpn_str);
305 if (protos == NULL) {
306 fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
307 alpn_str);
308 abort();
309 }
310
311 if (SSL_select_next_proto
312 ((unsigned char **)out, outlen, protos, protos_len, in,
313 inlen) != OPENSSL_NPN_NEGOTIATED) {
314 OPENSSL_free(protos);
315 return SSL_TLSEXT_ERR_NOACK;
316 }
317
318 /*
319 * Make a copy of the selected protocol which will be freed in
320 * verify_alpn.
321 */
322 alpn_selected = OPENSSL_malloc(*outlen);
323 memcpy(alpn_selected, *out, *outlen);
324 *out = alpn_selected;
325
326 OPENSSL_free(protos);
327 return SSL_TLSEXT_ERR_OK;
328 }
329
verify_alpn(SSL * client,SSL * server)330 static int verify_alpn(SSL *client, SSL *server)
331 {
332 const unsigned char *client_proto, *server_proto;
333 unsigned int client_proto_len = 0, server_proto_len = 0;
334 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
335 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
336
337 OPENSSL_free(alpn_selected);
338 alpn_selected = NULL;
339
340 if (client_proto_len != server_proto_len) {
341 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
342 goto err;
343 }
344
345 if (client_proto != NULL &&
346 memcmp(client_proto, server_proto, client_proto_len) != 0) {
347 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
348 goto err;
349 }
350
351 if (client_proto_len > 0 && alpn_expected == NULL) {
352 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
353 goto err;
354 }
355
356 if (alpn_expected != NULL &&
357 (client_proto_len != strlen(alpn_expected) ||
358 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
359 BIO_printf(bio_stdout,
360 "ALPN selected protocols not equal to expected protocol: %s\n",
361 alpn_expected);
362 goto err;
363 }
364
365 return 0;
366
367 err:
368 BIO_printf(bio_stdout, "ALPN results: client: '");
369 BIO_write(bio_stdout, client_proto, client_proto_len);
370 BIO_printf(bio_stdout, "', server: '");
371 BIO_write(bio_stdout, server_proto, server_proto_len);
372 BIO_printf(bio_stdout, "'\n");
373 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
374 alpn_client);
375 if (SSL_get_SSL_CTX(server) == s_ctx2) {
376 BIO_printf(bio_stdout, "%s'\n",
377 alpn_server2);
378 } else {
379 BIO_printf(bio_stdout, "%s'\n",
380 alpn_server);
381 }
382 return -1;
383 }
384
385 /*
386 * WARNING : below extension types are *NOT* IETF assigned, and could
387 * conflict if these types are reassigned and handled specially by OpenSSL
388 * in the future
389 */
390 #define TACK_EXT_TYPE 62208
391 #define CUSTOM_EXT_TYPE_0 1000
392 #define CUSTOM_EXT_TYPE_1 1001
393 #define CUSTOM_EXT_TYPE_2 1002
394 #define CUSTOM_EXT_TYPE_3 1003
395
396 static const char custom_ext_cli_string[] = "abc";
397 static const char custom_ext_srv_string[] = "defg";
398
399 /* These set from cmdline */
400 static char *serverinfo_file = NULL;
401 static int serverinfo_sct = 0;
402 static int serverinfo_tack = 0;
403
404 /* These set based on extension callbacks */
405 static int serverinfo_sct_seen = 0;
406 static int serverinfo_tack_seen = 0;
407 static int serverinfo_other_seen = 0;
408
409 /* This set from cmdline */
410 static int custom_ext = 0;
411
412 /* This set based on extension callbacks */
413 static int custom_ext_error = 0;
414
serverinfo_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)415 static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
416 const unsigned char *in, size_t inlen,
417 int *al, void *arg)
418 {
419 if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
420 serverinfo_sct_seen++;
421 else if (ext_type == TACK_EXT_TYPE)
422 serverinfo_tack_seen++;
423 else
424 serverinfo_other_seen++;
425 return 1;
426 }
427
verify_serverinfo(void)428 static int verify_serverinfo(void)
429 {
430 if (serverinfo_sct != serverinfo_sct_seen)
431 return -1;
432 if (serverinfo_tack != serverinfo_tack_seen)
433 return -1;
434 if (serverinfo_other_seen)
435 return -1;
436 return 0;
437 }
438
439 /*-
440 * Four test cases for custom extensions:
441 * 0 - no ClientHello extension or ServerHello response
442 * 1 - ClientHello with "abc", no response
443 * 2 - ClientHello with "abc", empty response
444 * 3 - ClientHello with "abc", "defg" response
445 */
446
custom_ext_0_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)447 static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
448 const unsigned char **out,
449 size_t *outlen, int *al, void *arg)
450 {
451 if (ext_type != CUSTOM_EXT_TYPE_0)
452 custom_ext_error = 1;
453 return 0; /* Don't send an extension */
454 }
455
custom_ext_0_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)456 static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
457 const unsigned char *in,
458 size_t inlen, int *al, void *arg)
459 {
460 return 1;
461 }
462
custom_ext_1_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)463 static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
464 const unsigned char **out,
465 size_t *outlen, int *al, void *arg)
466 {
467 if (ext_type != CUSTOM_EXT_TYPE_1)
468 custom_ext_error = 1;
469 *out = (const unsigned char *)custom_ext_cli_string;
470 *outlen = strlen(custom_ext_cli_string);
471 return 1; /* Send "abc" */
472 }
473
custom_ext_1_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)474 static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
475 const unsigned char *in,
476 size_t inlen, int *al, void *arg)
477 {
478 return 1;
479 }
480
custom_ext_2_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)481 static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
482 const unsigned char **out,
483 size_t *outlen, int *al, void *arg)
484 {
485 if (ext_type != CUSTOM_EXT_TYPE_2)
486 custom_ext_error = 1;
487 *out = (const unsigned char *)custom_ext_cli_string;
488 *outlen = strlen(custom_ext_cli_string);
489 return 1; /* Send "abc" */
490 }
491
custom_ext_2_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)492 static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
493 const unsigned char *in,
494 size_t inlen, int *al, void *arg)
495 {
496 if (ext_type != CUSTOM_EXT_TYPE_2)
497 custom_ext_error = 1;
498 if (inlen != 0)
499 custom_ext_error = 1; /* Should be empty response */
500 return 1;
501 }
502
custom_ext_3_cli_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)503 static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
504 const unsigned char **out,
505 size_t *outlen, int *al, void *arg)
506 {
507 if (ext_type != CUSTOM_EXT_TYPE_3)
508 custom_ext_error = 1;
509 *out = (const unsigned char *)custom_ext_cli_string;
510 *outlen = strlen(custom_ext_cli_string);
511 return 1; /* Send "abc" */
512 }
513
custom_ext_3_cli_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)514 static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
515 const unsigned char *in,
516 size_t inlen, int *al, void *arg)
517 {
518 if (ext_type != CUSTOM_EXT_TYPE_3)
519 custom_ext_error = 1;
520 if (inlen != strlen(custom_ext_srv_string))
521 custom_ext_error = 1;
522 if (memcmp(custom_ext_srv_string, in, inlen) != 0)
523 custom_ext_error = 1; /* Check for "defg" */
524 return 1;
525 }
526
527 /*
528 * custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
529 * for this extension
530 */
custom_ext_0_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)531 static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
532 const unsigned char *in,
533 size_t inlen, int *al, void *arg)
534 {
535 custom_ext_error = 1;
536 return 1;
537 }
538
539 /* 'add' callbacks are only called if the 'parse' callback is called */
custom_ext_0_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)540 static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
541 const unsigned char **out,
542 size_t *outlen, int *al, void *arg)
543 {
544 /* Error: should not have been called */
545 custom_ext_error = 1;
546 return 0; /* Don't send an extension */
547 }
548
custom_ext_1_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)549 static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
550 const unsigned char *in,
551 size_t inlen, int *al, void *arg)
552 {
553 if (ext_type != CUSTOM_EXT_TYPE_1)
554 custom_ext_error = 1;
555 /* Check for "abc" */
556 if (inlen != strlen(custom_ext_cli_string))
557 custom_ext_error = 1;
558 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
559 custom_ext_error = 1;
560 return 1;
561 }
562
custom_ext_1_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)563 static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
564 const unsigned char **out,
565 size_t *outlen, int *al, void *arg)
566 {
567 return 0; /* Don't send an extension */
568 }
569
custom_ext_2_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)570 static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
571 const unsigned char *in,
572 size_t inlen, int *al, void *arg)
573 {
574 if (ext_type != CUSTOM_EXT_TYPE_2)
575 custom_ext_error = 1;
576 /* Check for "abc" */
577 if (inlen != strlen(custom_ext_cli_string))
578 custom_ext_error = 1;
579 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
580 custom_ext_error = 1;
581 return 1;
582 }
583
custom_ext_2_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)584 static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
585 const unsigned char **out,
586 size_t *outlen, int *al, void *arg)
587 {
588 *out = NULL;
589 *outlen = 0;
590 return 1; /* Send empty extension */
591 }
592
custom_ext_3_srv_parse_cb(SSL * s,unsigned int ext_type,const unsigned char * in,size_t inlen,int * al,void * arg)593 static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
594 const unsigned char *in,
595 size_t inlen, int *al, void *arg)
596 {
597 if (ext_type != CUSTOM_EXT_TYPE_3)
598 custom_ext_error = 1;
599 /* Check for "abc" */
600 if (inlen != strlen(custom_ext_cli_string))
601 custom_ext_error = 1;
602 if (memcmp(in, custom_ext_cli_string, inlen) != 0)
603 custom_ext_error = 1;
604 return 1;
605 }
606
custom_ext_3_srv_add_cb(SSL * s,unsigned int ext_type,const unsigned char ** out,size_t * outlen,int * al,void * arg)607 static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
608 const unsigned char **out,
609 size_t *outlen, int *al, void *arg)
610 {
611 *out = (const unsigned char *)custom_ext_srv_string;
612 *outlen = strlen(custom_ext_srv_string);
613 return 1; /* Send "defg" */
614 }
615
616 static char *cipher = NULL;
617 static char *ciphersuites = NULL;
618 static int verbose = 0;
619 static int debug = 0;
620
621 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
622 long bytes, clock_t *s_time, clock_t *c_time);
623 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
624 clock_t *c_time);
625 int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
626
sv_usage(void)627 static void sv_usage(void)
628 {
629 fprintf(stderr, "usage: ssltest [args ...]\n");
630 fprintf(stderr, "\n");
631 fprintf(stderr, " -server_auth - check server certificate\n");
632 fprintf(stderr, " -client_auth - do client authentication\n");
633 fprintf(stderr, " -v - more output\n");
634 fprintf(stderr, " -d - debug output\n");
635 fprintf(stderr, " -reuse - use session-id reuse\n");
636 fprintf(stderr, " -num <val> - number of connections to perform\n");
637 fprintf(stderr,
638 " -bytes <val> - number of bytes to swap between client/server\n");
639 #ifndef OPENSSL_NO_DH
640 fprintf(stderr,
641 " -dhe512 - use 512 bit key for DHE (to test failure)\n");
642 fprintf(stderr,
643 " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
644 fprintf(stderr,
645 " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
646 fprintf(stderr,
647 " -dhe2048 - use 2048 bit key (rfc3526 prime) for DHE\n");
648 fprintf(stderr,
649 " -dhe4096 - use 4096 bit key (rfc3526 prime) for DHE\n");
650 fprintf(stderr, " -no_dhe - disable DHE\n");
651 #endif
652 #ifndef OPENSSL_NO_EC
653 fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
654 #endif
655 #ifndef OPENSSL_NO_PSK
656 fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
657 #endif
658 #ifndef OPENSSL_NO_SSL3
659 fprintf(stderr, " -ssl3 - use SSLv3\n");
660 #endif
661 #ifndef OPENSSL_NO_TLS1
662 fprintf(stderr, " -tls1 - use TLSv1\n");
663 #endif
664 #ifndef OPENSSL_NO_TLS1_1
665 fprintf(stderr, " -tls1_1 - use TLSv1.1\n");
666 #endif
667 #ifndef OPENSSL_NO_TLS1_2
668 fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
669 #endif
670 #ifndef OPENSSL_NO_DTLS
671 fprintf(stderr, " -dtls - use DTLS\n");
672 #ifndef OPENSSL_NO_DTLS1
673 fprintf(stderr, " -dtls1 - use DTLSv1\n");
674 #endif
675 #ifndef OPENSSL_NO_DTLS1_2
676 fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
677 #endif
678 #endif
679 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
680 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
681 fprintf(stderr, " -cert arg - Server certificate file\n");
682 fprintf(stderr,
683 " -key arg - Server key file (default: same as -cert)\n");
684 fprintf(stderr, " -c_cert arg - Client certificate file\n");
685 fprintf(stderr,
686 " -c_key arg - Client key file (default: same as -c_cert)\n");
687 fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
688 fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
689 fprintf(stderr, " -bio_pair - Use BIO pairs\n");
690 fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
691 fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
692 fprintf(stderr, " -f - Test even cases that can't work\n");
693 fprintf(stderr,
694 " -time - measure processor time used by client and server\n");
695 fprintf(stderr, " -zlib - use zlib compression\n");
696 #ifndef OPENSSL_NO_NEXTPROTONEG
697 fprintf(stderr, " -npn_client - have client side offer NPN\n");
698 fprintf(stderr, " -npn_server - have server side offer NPN\n");
699 fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
700 #endif
701 fprintf(stderr, " -serverinfo_file file - have server use this file\n");
702 fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
703 fprintf(stderr,
704 " -serverinfo_tack - have client offer and expect TACK\n");
705 fprintf(stderr,
706 " -custom_ext - try various custom extension callbacks\n");
707 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
708 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
709 fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
710 fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
711 fprintf(stderr,
712 " -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
713 fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
714 fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
715 fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
716 fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
717 fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
718 #ifndef OPENSSL_NO_CT
719 fprintf(stderr, " -noct - no certificate transparency\n");
720 fprintf(stderr, " -requestct - request certificate transparency\n");
721 fprintf(stderr, " -requirect - require certificate transparency\n");
722 #endif
723 fprintf(stderr, " -sn_client <string> - have client request this servername\n");
724 fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
725 fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
726 fprintf(stderr, " -sn_expect1 - expected server 1\n");
727 fprintf(stderr, " -sn_expect2 - expected server 2\n");
728 fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
729 fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
730 fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
731 fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
732 fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
733 fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
734 }
735
print_key_details(BIO * out,EVP_PKEY * key)736 static void print_key_details(BIO *out, EVP_PKEY *key)
737 {
738 int keyid = EVP_PKEY_id(key);
739 #ifndef OPENSSL_NO_EC
740 if (keyid == EVP_PKEY_EC) {
741 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
742 int nid;
743 const char *cname;
744 nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
745 EC_KEY_free(ec);
746 cname = EC_curve_nid2nist(nid);
747 if (!cname)
748 cname = OBJ_nid2sn(nid);
749 BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
750 } else
751 #endif
752 {
753 const char *algname;
754 switch (keyid) {
755 case EVP_PKEY_RSA:
756 algname = "RSA";
757 break;
758 case EVP_PKEY_DSA:
759 algname = "DSA";
760 break;
761 case EVP_PKEY_DH:
762 algname = "DH";
763 break;
764 default:
765 algname = OBJ_nid2sn(keyid);
766 break;
767 }
768 BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
769 }
770 }
771
print_details(SSL * c_ssl,const char * prefix)772 static void print_details(SSL *c_ssl, const char *prefix)
773 {
774 const SSL_CIPHER *ciph;
775 int mdnid;
776 X509 *cert;
777 EVP_PKEY *pkey;
778
779 ciph = SSL_get_current_cipher(c_ssl);
780 BIO_printf(bio_stdout, "%s%s, cipher %s %s",
781 prefix,
782 SSL_get_version(c_ssl),
783 SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
784 cert = SSL_get_peer_certificate(c_ssl);
785 if (cert != NULL) {
786 EVP_PKEY* pubkey = X509_get0_pubkey(cert);
787
788 if (pubkey != NULL) {
789 BIO_puts(bio_stdout, ", ");
790 print_key_details(bio_stdout, pubkey);
791 }
792 X509_free(cert);
793 }
794 if (SSL_get_peer_tmp_key(c_ssl, &pkey)) {
795 BIO_puts(bio_stdout, ", temp key: ");
796 print_key_details(bio_stdout, pkey);
797 EVP_PKEY_free(pkey);
798 }
799 if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
800 BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
801 BIO_printf(bio_stdout, "\n");
802 }
803
804 /*
805 * protocol_from_string - converts a protocol version string to a number
806 *
807 * Returns -1 on failure or the version on success
808 */
protocol_from_string(const char * value)809 static int protocol_from_string(const char *value)
810 {
811 struct protocol_versions {
812 const char *name;
813 int version;
814 };
815 static const struct protocol_versions versions[] = {
816 {"ssl3", SSL3_VERSION},
817 {"tls1", TLS1_VERSION},
818 {"tls1.1", TLS1_1_VERSION},
819 {"tls1.2", TLS1_2_VERSION},
820 {"tls1.3", TLS1_3_VERSION},
821 {"dtls1", DTLS1_VERSION},
822 {"dtls1.2", DTLS1_2_VERSION}};
823 size_t i;
824 size_t n = OSSL_NELEM(versions);
825
826 for (i = 0; i < n; i++)
827 if (strcmp(versions[i].name, value) == 0)
828 return versions[i].version;
829 return -1;
830 }
831
read_session(const char * filename)832 static SSL_SESSION *read_session(const char *filename)
833 {
834 SSL_SESSION *sess;
835 BIO *f = BIO_new_file(filename, "r");
836
837 if (f == NULL) {
838 BIO_printf(bio_err, "Can't open session file %s\n", filename);
839 ERR_print_errors(bio_err);
840 return NULL;
841 }
842 sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
843 if (sess == NULL) {
844 BIO_printf(bio_err, "Can't parse session file %s\n", filename);
845 ERR_print_errors(bio_err);
846 }
847 BIO_free(f);
848 return sess;
849 }
850
write_session(const char * filename,SSL_SESSION * sess)851 static int write_session(const char *filename, SSL_SESSION *sess)
852 {
853 BIO *f;
854
855 if (sess == NULL) {
856 BIO_printf(bio_err, "No session information\n");
857 return 0;
858 }
859
860 f = BIO_new_file(filename, "w");
861 if (f == NULL) {
862 BIO_printf(bio_err, "Can't open session file %s\n", filename);
863 ERR_print_errors(bio_err);
864 return 0;
865 }
866 PEM_write_bio_SSL_SESSION(f, sess);
867 BIO_free(f);
868 return 1;
869 }
870
871 /*
872 * set_protocol_version - Sets protocol version minimum or maximum
873 *
874 * Returns 0 on failure and 1 on success
875 */
set_protocol_version(const char * version,SSL * ssl,int setting)876 static int set_protocol_version(const char *version, SSL *ssl, int setting)
877 {
878 if (version != NULL) {
879 int ver = protocol_from_string(version);
880 if (ver < 0) {
881 BIO_printf(bio_err, "Error parsing: %s\n", version);
882 return 0;
883 }
884 return SSL_ctrl(ssl, setting, ver, NULL);
885 }
886 return 1;
887 }
888
main(int argc,char * argv[])889 int main(int argc, char *argv[])
890 {
891 const char *CApath = NULL, *CAfile = NULL;
892 int badop = 0;
893 enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
894 int force = 0;
895 int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_1 = 0, tls1_2 = 0, ssl3 = 0;
896 int ret = EXIT_FAILURE;
897 int client_auth = 0;
898 int server_auth = 0, i;
899 struct app_verify_arg app_verify_arg =
900 { APP_CALLBACK_STRING, 0 };
901 char *p;
902 SSL_CTX *c_ctx = NULL;
903 const SSL_METHOD *meth = NULL;
904 SSL *c_ssl, *s_ssl;
905 int number = 1, reuse = 0;
906 int should_reuse = -1;
907 int no_ticket = 0;
908 long bytes = 256L;
909 #ifndef OPENSSL_NO_DH
910 DH *dh;
911 int dhe512 = 0, dhe1024dsa = 0;
912 int dhe2048 = 0, dhe4096 = 0;
913 #endif
914 int no_dhe = 0;
915 int no_psk = 0;
916 int print_time = 0;
917 clock_t s_time = 0, c_time = 0;
918 #ifndef OPENSSL_NO_COMP
919 int n, comp = 0;
920 COMP_METHOD *cm = NULL;
921 STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
922 #endif
923 int no_protocol;
924 int min_version = 0, max_version = 0;
925 #ifndef OPENSSL_NO_CT
926 /*
927 * Disable CT validation by default, because it will interfere with
928 * anything using custom extension handlers to deal with SCT extensions.
929 */
930 int ct_validation = 0;
931 #endif
932 SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
933 STACK_OF(OPENSSL_STRING) *conf_args = NULL;
934 char *arg = NULL, *argn = NULL;
935
936 verbose = 0;
937 debug = 0;
938
939 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
940
941 p = getenv("OPENSSL_DEBUG_MEMORY");
942 if (p != NULL && strcmp(p, "on") == 0)
943 CRYPTO_set_mem_debug(1);
944 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
945
946 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
947
948 s_cctx = SSL_CONF_CTX_new();
949 s_cctx2 = SSL_CONF_CTX_new();
950 c_cctx = SSL_CONF_CTX_new();
951
952 if (!s_cctx || !c_cctx || !s_cctx2) {
953 ERR_print_errors(bio_err);
954 goto end;
955 }
956
957 SSL_CONF_CTX_set_flags(s_cctx,
958 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
959 SSL_CONF_FLAG_CERTIFICATE |
960 SSL_CONF_FLAG_REQUIRE_PRIVATE);
961 SSL_CONF_CTX_set_flags(s_cctx2,
962 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
963 SSL_CONF_FLAG_CERTIFICATE |
964 SSL_CONF_FLAG_REQUIRE_PRIVATE);
965 if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
966 ERR_print_errors(bio_err);
967 goto end;
968 }
969 if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
970 ERR_print_errors(bio_err);
971 goto end;
972 }
973
974 SSL_CONF_CTX_set_flags(c_cctx,
975 SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
976 SSL_CONF_FLAG_CERTIFICATE |
977 SSL_CONF_FLAG_REQUIRE_PRIVATE);
978 if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
979 ERR_print_errors(bio_err);
980 goto end;
981 }
982
983 argc--;
984 argv++;
985
986 while (argc >= 1) {
987 if (strcmp(*argv, "-F") == 0) {
988 fprintf(stderr,
989 "not compiled with FIPS support, so exiting without running.\n");
990 EXIT(0);
991 } else if (strcmp(*argv, "-server_auth") == 0)
992 server_auth = 1;
993 else if (strcmp(*argv, "-client_auth") == 0)
994 client_auth = 1;
995 else if (strcmp(*argv, "-v") == 0)
996 verbose = 1;
997 else if (strcmp(*argv, "-d") == 0)
998 debug = 1;
999 else if (strcmp(*argv, "-reuse") == 0)
1000 reuse = 1;
1001 else if (strcmp(*argv, "-dhe512") == 0) {
1002 #ifndef OPENSSL_NO_DH
1003 dhe512 = 1;
1004 #else
1005 fprintf(stderr,
1006 "ignoring -dhe512, since I'm compiled without DH\n");
1007 #endif
1008 } else if (strcmp(*argv, "-dhe4096") == 0) {
1009 #ifndef OPENSSL_NO_DH
1010 dhe4096 = 1;
1011 #else
1012 fprintf(stderr,
1013 "ignoring -dhe4096, since I'm compiled without DH\n");
1014 #endif
1015 } else if (strcmp(*argv, "-dhe2048") == 0) {
1016 #ifndef OPENSSL_NO_DH
1017 dhe2048 = 1;
1018 #else
1019 fprintf(stderr,
1020 "ignoring -dhe2048, since I'm compiled without DH\n");
1021 #endif
1022 } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
1023 #ifndef OPENSSL_NO_DH
1024 dhe1024dsa = 1;
1025 #else
1026 fprintf(stderr,
1027 "ignoring -dhe1024dsa, since I'm compiled without DH\n");
1028 #endif
1029 } else if (strcmp(*argv, "-no_dhe") == 0)
1030 no_dhe = 1;
1031 else if (strcmp(*argv, "-no_ecdhe") == 0)
1032 /* obsolete */;
1033 else if (strcmp(*argv, "-psk") == 0) {
1034 if (--argc < 1)
1035 goto bad;
1036 psk_key = *(++argv);
1037 #ifndef OPENSSL_NO_PSK
1038 if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
1039 BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
1040 goto bad;
1041 }
1042 #else
1043 no_psk = 1;
1044 #endif
1045 }
1046 else if (strcmp(*argv, "-tls1_2") == 0) {
1047 tls1_2 = 1;
1048 } else if (strcmp(*argv, "-tls1_1") == 0) {
1049 tls1_1 = 1;
1050 } else if (strcmp(*argv, "-tls1") == 0) {
1051 tls1 = 1;
1052 } else if (strcmp(*argv, "-ssl3") == 0) {
1053 ssl3 = 1;
1054 } else if (strcmp(*argv, "-dtls1") == 0) {
1055 dtls1 = 1;
1056 } else if (strcmp(*argv, "-dtls12") == 0) {
1057 dtls12 = 1;
1058 } else if (strcmp(*argv, "-dtls") == 0) {
1059 dtls = 1;
1060 } else if (strncmp(*argv, "-num", 4) == 0) {
1061 if (--argc < 1)
1062 goto bad;
1063 number = atoi(*(++argv));
1064 if (number == 0)
1065 number = 1;
1066 } else if (strcmp(*argv, "-bytes") == 0) {
1067 if (--argc < 1)
1068 goto bad;
1069 bytes = atol(*(++argv));
1070 if (bytes == 0L)
1071 bytes = 1L;
1072 i = strlen(argv[0]);
1073 if (argv[0][i - 1] == 'k')
1074 bytes *= 1024L;
1075 if (argv[0][i - 1] == 'm')
1076 bytes *= 1024L * 1024L;
1077 } else if (strcmp(*argv, "-cipher") == 0) {
1078 if (--argc < 1)
1079 goto bad;
1080 cipher = *(++argv);
1081 } else if (strcmp(*argv, "-ciphersuites") == 0) {
1082 if (--argc < 1)
1083 goto bad;
1084 ciphersuites = *(++argv);
1085 } else if (strcmp(*argv, "-CApath") == 0) {
1086 if (--argc < 1)
1087 goto bad;
1088 CApath = *(++argv);
1089 } else if (strcmp(*argv, "-CAfile") == 0) {
1090 if (--argc < 1)
1091 goto bad;
1092 CAfile = *(++argv);
1093 } else if (strcmp(*argv, "-bio_pair") == 0) {
1094 bio_type = BIO_PAIR;
1095 }
1096 #ifndef OPENSSL_NO_SOCK
1097 else if (strcmp(*argv, "-ipv4") == 0) {
1098 bio_type = BIO_IPV4;
1099 } else if (strcmp(*argv, "-ipv6") == 0) {
1100 bio_type = BIO_IPV6;
1101 }
1102 #endif
1103 else if (strcmp(*argv, "-f") == 0) {
1104 force = 1;
1105 } else if (strcmp(*argv, "-time") == 0) {
1106 print_time = 1;
1107 }
1108 #ifndef OPENSSL_NO_CT
1109 else if (strcmp(*argv, "-noct") == 0) {
1110 ct_validation = 0;
1111 }
1112 else if (strcmp(*argv, "-ct") == 0) {
1113 ct_validation = 1;
1114 }
1115 #endif
1116 #ifndef OPENSSL_NO_COMP
1117 else if (strcmp(*argv, "-zlib") == 0) {
1118 comp = COMP_ZLIB;
1119 }
1120 #endif
1121 else if (strcmp(*argv, "-app_verify") == 0) {
1122 app_verify_arg.app_verify = 1;
1123 }
1124 #ifndef OPENSSL_NO_NEXTPROTONEG
1125 else if (strcmp(*argv, "-npn_client") == 0) {
1126 npn_client = 1;
1127 } else if (strcmp(*argv, "-npn_server") == 0) {
1128 npn_server = 1;
1129 } else if (strcmp(*argv, "-npn_server_reject") == 0) {
1130 npn_server_reject = 1;
1131 }
1132 #endif
1133 else if (strcmp(*argv, "-serverinfo_sct") == 0) {
1134 serverinfo_sct = 1;
1135 } else if (strcmp(*argv, "-serverinfo_tack") == 0) {
1136 serverinfo_tack = 1;
1137 } else if (strcmp(*argv, "-serverinfo_file") == 0) {
1138 if (--argc < 1)
1139 goto bad;
1140 serverinfo_file = *(++argv);
1141 } else if (strcmp(*argv, "-custom_ext") == 0) {
1142 custom_ext = 1;
1143 } else if (strcmp(*argv, "-alpn_client") == 0) {
1144 if (--argc < 1)
1145 goto bad;
1146 alpn_client = *(++argv);
1147 } else if (strcmp(*argv, "-alpn_server") == 0 ||
1148 strcmp(*argv, "-alpn_server1") == 0) {
1149 if (--argc < 1)
1150 goto bad;
1151 alpn_server = *(++argv);
1152 } else if (strcmp(*argv, "-alpn_server2") == 0) {
1153 if (--argc < 1)
1154 goto bad;
1155 alpn_server2 = *(++argv);
1156 } else if (strcmp(*argv, "-alpn_expected") == 0) {
1157 if (--argc < 1)
1158 goto bad;
1159 alpn_expected = *(++argv);
1160 } else if (strcmp(*argv, "-server_min_proto") == 0) {
1161 if (--argc < 1)
1162 goto bad;
1163 server_min_proto = *(++argv);
1164 } else if (strcmp(*argv, "-server_max_proto") == 0) {
1165 if (--argc < 1)
1166 goto bad;
1167 server_max_proto = *(++argv);
1168 } else if (strcmp(*argv, "-client_min_proto") == 0) {
1169 if (--argc < 1)
1170 goto bad;
1171 client_min_proto = *(++argv);
1172 } else if (strcmp(*argv, "-client_max_proto") == 0) {
1173 if (--argc < 1)
1174 goto bad;
1175 client_max_proto = *(++argv);
1176 } else if (strcmp(*argv, "-should_negotiate") == 0) {
1177 if (--argc < 1)
1178 goto bad;
1179 should_negotiate = *(++argv);
1180 } else if (strcmp(*argv, "-sn_client") == 0) {
1181 if (--argc < 1)
1182 goto bad;
1183 sn_client = *(++argv);
1184 } else if (strcmp(*argv, "-sn_server1") == 0) {
1185 if (--argc < 1)
1186 goto bad;
1187 sn_server1 = *(++argv);
1188 } else if (strcmp(*argv, "-sn_server2") == 0) {
1189 if (--argc < 1)
1190 goto bad;
1191 sn_server2 = *(++argv);
1192 } else if (strcmp(*argv, "-sn_expect1") == 0) {
1193 sn_expect = 1;
1194 } else if (strcmp(*argv, "-sn_expect2") == 0) {
1195 sn_expect = 2;
1196 } else if (strcmp(*argv, "-server_sess_out") == 0) {
1197 if (--argc < 1)
1198 goto bad;
1199 server_sess_out = *(++argv);
1200 } else if (strcmp(*argv, "-server_sess_in") == 0) {
1201 if (--argc < 1)
1202 goto bad;
1203 server_sess_in = *(++argv);
1204 } else if (strcmp(*argv, "-client_sess_out") == 0) {
1205 if (--argc < 1)
1206 goto bad;
1207 client_sess_out = *(++argv);
1208 } else if (strcmp(*argv, "-client_sess_in") == 0) {
1209 if (--argc < 1)
1210 goto bad;
1211 client_sess_in = *(++argv);
1212 } else if (strcmp(*argv, "-should_reuse") == 0) {
1213 if (--argc < 1)
1214 goto bad;
1215 should_reuse = !!atoi(*(++argv));
1216 } else if (strcmp(*argv, "-no_ticket") == 0) {
1217 no_ticket = 1;
1218 } else {
1219 int rv;
1220 arg = argv[0];
1221 argn = argv[1];
1222 /* Try to process command using SSL_CONF */
1223 rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
1224 /* If not processed try server */
1225 if (rv == 0)
1226 rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
1227 /* Recognised: store it for later use */
1228 if (rv > 0) {
1229 if (rv == 1)
1230 argn = NULL;
1231 if (!conf_args) {
1232 conf_args = sk_OPENSSL_STRING_new_null();
1233 if (!conf_args)
1234 goto end;
1235 }
1236 if (!sk_OPENSSL_STRING_push(conf_args, arg))
1237 goto end;
1238 if (!sk_OPENSSL_STRING_push(conf_args, argn))
1239 goto end;
1240 continue;
1241 }
1242 if (rv == -3)
1243 BIO_printf(bio_err, "Missing argument for %s\n", arg);
1244 else if (rv < 0)
1245 BIO_printf(bio_err, "Error with command %s\n", arg);
1246 else if (rv == 0)
1247 BIO_printf(bio_err, "unknown option %s\n", arg);
1248 badop = 1;
1249 break;
1250 }
1251 argc--;
1252 argv++;
1253 }
1254 if (badop) {
1255 bad:
1256 sv_usage();
1257 goto end;
1258 }
1259
1260 if (ssl3 + tls1 + tls1_1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
1261 fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
1262 "be requested.\n");
1263 EXIT(1);
1264 }
1265
1266 #ifdef OPENSSL_NO_SSL3
1267 if (ssl3)
1268 no_protocol = 1;
1269 else
1270 #endif
1271 #ifdef OPENSSL_NO_TLS1
1272 if (tls1)
1273 no_protocol = 1;
1274 else
1275 #endif
1276 #ifdef OPENSSL_NO_TLS1_1
1277 if (tls1_1)
1278 no_protocol = 1;
1279 else
1280 #endif
1281 #ifdef OPENSSL_NO_TLS1_2
1282 if (tls1_2)
1283 no_protocol = 1;
1284 else
1285 #endif
1286 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
1287 if (dtls1)
1288 no_protocol = 1;
1289 else
1290 #endif
1291 #if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
1292 if (dtls12)
1293 no_protocol = 1;
1294 else
1295 #endif
1296 no_protocol = 0;
1297
1298 /*
1299 * Testing was requested for a compiled-out protocol (e.g. SSLv3).
1300 * Ideally, we would error out, but the generic test wrapper can't know
1301 * when to expect failure. So we do nothing and return success.
1302 */
1303 if (no_protocol) {
1304 fprintf(stderr, "Testing was requested for a disabled protocol. "
1305 "Skipping tests.\n");
1306 ret = EXIT_SUCCESS;
1307 goto end;
1308 }
1309
1310 if (!ssl3 && !tls1 && !tls1_1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
1311 && !reuse && !force) {
1312 fprintf(stderr, "This case cannot work. Use -f to perform "
1313 "the test anyway (and\n-d to see what happens), "
1314 "or add one of -ssl3, -tls1, -tls1_1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
1315 "to avoid protocol mismatch.\n");
1316 EXIT(1);
1317 }
1318
1319 if (print_time) {
1320 if (bio_type != BIO_PAIR) {
1321 fprintf(stderr, "Using BIO pair (-bio_pair)\n");
1322 bio_type = BIO_PAIR;
1323 }
1324 if (number < 50 && !force)
1325 fprintf(stderr,
1326 "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
1327 }
1328
1329 #ifndef OPENSSL_NO_COMP
1330 if (comp == COMP_ZLIB)
1331 cm = COMP_zlib();
1332 if (cm != NULL) {
1333 if (COMP_get_type(cm) != NID_undef) {
1334 if (SSL_COMP_add_compression_method(comp, cm) != 0) {
1335 fprintf(stderr, "Failed to add compression method\n");
1336 ERR_print_errors_fp(stderr);
1337 }
1338 } else {
1339 fprintf(stderr,
1340 "Warning: %s compression not supported\n",
1341 comp == COMP_ZLIB ? "zlib" : "unknown");
1342 ERR_print_errors_fp(stderr);
1343 }
1344 }
1345 ssl_comp_methods = SSL_COMP_get_compression_methods();
1346 n = sk_SSL_COMP_num(ssl_comp_methods);
1347 if (n) {
1348 int j;
1349 printf("Available compression methods:");
1350 for (j = 0; j < n; j++) {
1351 SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
1352 printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
1353 }
1354 printf("\n");
1355 }
1356 #endif
1357
1358 #ifndef OPENSSL_NO_TLS
1359 meth = TLS_method();
1360 if (ssl3) {
1361 min_version = SSL3_VERSION;
1362 max_version = SSL3_VERSION;
1363 } else if (tls1) {
1364 min_version = TLS1_VERSION;
1365 max_version = TLS1_VERSION;
1366 } else if (tls1_1) {
1367 min_version = TLS1_1_VERSION;
1368 max_version = TLS1_1_VERSION;
1369 } else if (tls1_2) {
1370 min_version = TLS1_2_VERSION;
1371 max_version = TLS1_2_VERSION;
1372 } else {
1373 min_version = SSL3_VERSION;
1374 max_version = TLS_MAX_VERSION;
1375 }
1376 #endif
1377 #ifndef OPENSSL_NO_DTLS
1378 if (dtls || dtls1 || dtls12) {
1379 meth = DTLS_method();
1380 if (dtls1) {
1381 min_version = DTLS1_VERSION;
1382 max_version = DTLS1_VERSION;
1383 } else if (dtls12) {
1384 min_version = DTLS1_2_VERSION;
1385 max_version = DTLS1_2_VERSION;
1386 } else {
1387 min_version = DTLS_MIN_VERSION;
1388 max_version = DTLS_MAX_VERSION;
1389 }
1390 }
1391 #endif
1392
1393 c_ctx = SSL_CTX_new(meth);
1394 s_ctx = SSL_CTX_new(meth);
1395 s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
1396 if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
1397 ERR_print_errors(bio_err);
1398 goto end;
1399 }
1400 /*
1401 * Since we will use low security ciphersuites and keys for testing set
1402 * security level to zero by default. Tests can override this by adding
1403 * "@SECLEVEL=n" to the cipher string.
1404 */
1405 SSL_CTX_set_security_level(c_ctx, 0);
1406 SSL_CTX_set_security_level(s_ctx, 0);
1407 SSL_CTX_set_security_level(s_ctx2, 0);
1408
1409 if (no_ticket) {
1410 SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
1411 SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
1412 }
1413
1414 if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
1415 goto end;
1416 if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
1417 goto end;
1418 if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
1419 goto end;
1420 if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
1421 goto end;
1422
1423 if (cipher != NULL) {
1424 if (strcmp(cipher, "") == 0) {
1425 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)) {
1426 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1427 ERR_clear_error();
1428 } else {
1429 ERR_print_errors(bio_err);
1430 goto end;
1431 }
1432 } else {
1433 /* Should have failed when clearing all TLSv1.2 ciphers. */
1434 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1435 goto end;
1436 }
1437
1438 if (!SSL_CTX_set_cipher_list(s_ctx, cipher)) {
1439 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1440 ERR_clear_error();
1441 } else {
1442 ERR_print_errors(bio_err);
1443 goto end;
1444 }
1445 } else {
1446 /* Should have failed when clearing all TLSv1.2 ciphers. */
1447 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1448 goto end;
1449 }
1450
1451 if (!SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1452 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_NO_CIPHER_MATCH) {
1453 ERR_clear_error();
1454 } else {
1455 ERR_print_errors(bio_err);
1456 goto end;
1457 }
1458 } else {
1459 /* Should have failed when clearing all TLSv1.2 ciphers. */
1460 fprintf(stderr, "CLEARING ALL TLSv1.2 CIPHERS SHOULD FAIL\n");
1461 goto end;
1462 }
1463 } else {
1464 if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
1465 || !SSL_CTX_set_cipher_list(s_ctx, cipher)
1466 || !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
1467 ERR_print_errors(bio_err);
1468 goto end;
1469 }
1470 }
1471 }
1472 if (ciphersuites != NULL) {
1473 if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
1474 || !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
1475 || !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
1476 ERR_print_errors(bio_err);
1477 goto end;
1478 }
1479 }
1480
1481 #ifndef OPENSSL_NO_CT
1482 if (ct_validation &&
1483 !SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
1484 ERR_print_errors(bio_err);
1485 goto end;
1486 }
1487 #endif
1488
1489 /* Process SSL_CONF arguments */
1490 SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
1491 SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
1492 SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
1493
1494 for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
1495 int rv;
1496 arg = sk_OPENSSL_STRING_value(conf_args, i);
1497 argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
1498 rv = SSL_CONF_cmd(c_cctx, arg, argn);
1499 /* If not recognised use server context */
1500 if (rv == -2) {
1501 rv = SSL_CONF_cmd(s_cctx2, arg, argn);
1502 if (rv > 0)
1503 rv = SSL_CONF_cmd(s_cctx, arg, argn);
1504 }
1505 if (rv <= 0) {
1506 BIO_printf(bio_err, "Error processing %s %s\n",
1507 arg, argn ? argn : "");
1508 ERR_print_errors(bio_err);
1509 goto end;
1510 }
1511 }
1512
1513 if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
1514 BIO_puts(bio_err, "Error finishing context\n");
1515 ERR_print_errors(bio_err);
1516 goto end;
1517 }
1518 #ifndef OPENSSL_NO_DH
1519 if (!no_dhe) {
1520 if (dhe1024dsa) {
1521 dh = get_dh1024dsa();
1522 } else if (dhe512)
1523 dh = get_dh512();
1524 else if (dhe2048)
1525 dh = get_dh2048();
1526 else if (dhe4096)
1527 dh = get_dh4096();
1528 else
1529 dh = get_dh1024();
1530 SSL_CTX_set_tmp_dh(s_ctx, dh);
1531 SSL_CTX_set_tmp_dh(s_ctx2, dh);
1532 DH_free(dh);
1533 }
1534 #else
1535 (void)no_dhe;
1536 #endif
1537
1538 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
1539 (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
1540 (!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
1541 (!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
1542 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
1543 (!SSL_CTX_set_default_verify_paths(c_ctx))) {
1544 ERR_print_errors(bio_err);
1545 }
1546
1547 #ifndef OPENSSL_NO_CT
1548 if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
1549 !SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
1550 !SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
1551 ERR_print_errors(bio_err);
1552 }
1553 #endif
1554
1555 if (client_auth) {
1556 printf("client authentication\n");
1557 SSL_CTX_set_verify(s_ctx,
1558 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1559 verify_callback);
1560 SSL_CTX_set_verify(s_ctx2,
1561 SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
1562 verify_callback);
1563 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
1564 &app_verify_arg);
1565 SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
1566 &app_verify_arg);
1567 }
1568 if (server_auth) {
1569 printf("server authentication\n");
1570 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
1571 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
1572 &app_verify_arg);
1573 }
1574
1575 {
1576 int session_id_context = 0;
1577 if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
1578 sizeof(session_id_context)) ||
1579 !SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
1580 sizeof(session_id_context))) {
1581 ERR_print_errors(bio_err);
1582 goto end;
1583 }
1584 }
1585
1586 /* Use PSK only if PSK key is given */
1587 if (psk_key != NULL) {
1588 /*
1589 * no_psk is used to avoid putting psk command to openssl tool
1590 */
1591 if (no_psk) {
1592 /*
1593 * if PSK is not compiled in and psk key is given, do nothing and
1594 * exit successfully
1595 */
1596 ret = EXIT_SUCCESS;
1597 goto end;
1598 }
1599 #ifndef OPENSSL_NO_PSK
1600 SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
1601 SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
1602 SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
1603 if (debug)
1604 BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
1605 if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
1606 !SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
1607 BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
1608 ERR_print_errors(bio_err);
1609 goto end;
1610 }
1611 #endif
1612 }
1613
1614 #ifndef OPENSSL_NO_NEXTPROTONEG
1615 if (npn_client) {
1616 SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
1617 }
1618 if (npn_server) {
1619 if (npn_server_reject) {
1620 BIO_printf(bio_err,
1621 "Can't have both -npn_server and -npn_server_reject\n");
1622 goto end;
1623 }
1624 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
1625 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
1626 }
1627 if (npn_server_reject) {
1628 SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
1629 SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
1630 }
1631 #endif
1632
1633 if (serverinfo_sct) {
1634 if (!SSL_CTX_add_client_custom_ext(c_ctx,
1635 TLSEXT_TYPE_signed_certificate_timestamp,
1636 NULL, NULL, NULL,
1637 serverinfo_cli_parse_cb, NULL)) {
1638 BIO_printf(bio_err, "Error adding SCT extension\n");
1639 goto end;
1640 }
1641 }
1642 if (serverinfo_tack) {
1643 if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
1644 NULL, NULL, NULL,
1645 serverinfo_cli_parse_cb, NULL)) {
1646 BIO_printf(bio_err, "Error adding TACK extension\n");
1647 goto end;
1648 }
1649 }
1650 if (serverinfo_file)
1651 if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
1652 !SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
1653 BIO_printf(bio_err, "missing serverinfo file\n");
1654 goto end;
1655 }
1656
1657 if (custom_ext) {
1658 if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
1659 custom_ext_0_cli_add_cb,
1660 NULL, NULL,
1661 custom_ext_0_cli_parse_cb, NULL)
1662 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
1663 custom_ext_1_cli_add_cb,
1664 NULL, NULL,
1665 custom_ext_1_cli_parse_cb, NULL)
1666 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
1667 custom_ext_2_cli_add_cb,
1668 NULL, NULL,
1669 custom_ext_2_cli_parse_cb, NULL)
1670 || !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
1671 custom_ext_3_cli_add_cb,
1672 NULL, NULL,
1673 custom_ext_3_cli_parse_cb, NULL)
1674 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
1675 custom_ext_0_srv_add_cb,
1676 NULL, NULL,
1677 custom_ext_0_srv_parse_cb, NULL)
1678 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
1679 custom_ext_0_srv_add_cb,
1680 NULL, NULL,
1681 custom_ext_0_srv_parse_cb, NULL)
1682 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
1683 custom_ext_1_srv_add_cb,
1684 NULL, NULL,
1685 custom_ext_1_srv_parse_cb, NULL)
1686 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
1687 custom_ext_1_srv_add_cb,
1688 NULL, NULL,
1689 custom_ext_1_srv_parse_cb, NULL)
1690 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
1691 custom_ext_2_srv_add_cb,
1692 NULL, NULL,
1693 custom_ext_2_srv_parse_cb, NULL)
1694 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
1695 custom_ext_2_srv_add_cb,
1696 NULL, NULL,
1697 custom_ext_2_srv_parse_cb, NULL)
1698 || !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_3,
1699 custom_ext_3_srv_add_cb,
1700 NULL, NULL,
1701 custom_ext_3_srv_parse_cb, NULL)
1702 || !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_3,
1703 custom_ext_3_srv_add_cb,
1704 NULL, NULL,
1705 custom_ext_3_srv_parse_cb, NULL)) {
1706 BIO_printf(bio_err, "Error setting custom extensions\n");
1707 goto end;
1708 }
1709 }
1710
1711 if (alpn_server)
1712 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, alpn_server);
1713 if (alpn_server2)
1714 SSL_CTX_set_alpn_select_cb(s_ctx2, cb_server_alpn, alpn_server2);
1715
1716 if (alpn_client) {
1717 size_t alpn_len;
1718 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client);
1719
1720 if (alpn == NULL) {
1721 BIO_printf(bio_err, "Error parsing -alpn_client argument\n");
1722 goto end;
1723 }
1724 /* Returns 0 on success!! */
1725 if (SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len)) {
1726 BIO_printf(bio_err, "Error setting ALPN\n");
1727 OPENSSL_free(alpn);
1728 goto end;
1729 }
1730 OPENSSL_free(alpn);
1731 }
1732
1733 if (server_sess_in != NULL) {
1734 server_sess = read_session(server_sess_in);
1735 if (server_sess == NULL)
1736 goto end;
1737 }
1738 if (client_sess_in != NULL) {
1739 client_sess = read_session(client_sess_in);
1740 if (client_sess == NULL)
1741 goto end;
1742 }
1743
1744 if (server_sess_out != NULL || server_sess_in != NULL) {
1745 char *keys;
1746 long size;
1747
1748 /* Use a fixed key so that we can decrypt the ticket. */
1749 size = SSL_CTX_set_tlsext_ticket_keys(s_ctx, NULL, 0);
1750 keys = OPENSSL_zalloc(size);
1751 SSL_CTX_set_tlsext_ticket_keys(s_ctx, keys, size);
1752 OPENSSL_free(keys);
1753 }
1754
1755 if (sn_server1 != NULL || sn_server2 != NULL)
1756 SSL_CTX_set_tlsext_servername_callback(s_ctx, servername_cb);
1757
1758 c_ssl = SSL_new(c_ctx);
1759 s_ssl = SSL_new(s_ctx);
1760
1761 if (sn_client)
1762 SSL_set_tlsext_host_name(c_ssl, sn_client);
1763
1764 if (!set_protocol_version(server_min_proto, s_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1765 goto end;
1766 if (!set_protocol_version(server_max_proto, s_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1767 goto end;
1768 if (!set_protocol_version(client_min_proto, c_ssl, SSL_CTRL_SET_MIN_PROTO_VERSION))
1769 goto end;
1770 if (!set_protocol_version(client_max_proto, c_ssl, SSL_CTRL_SET_MAX_PROTO_VERSION))
1771 goto end;
1772
1773 if (server_sess) {
1774 if (SSL_CTX_add_session(s_ctx, server_sess) == 0) {
1775 BIO_printf(bio_err, "Can't add server session\n");
1776 ERR_print_errors(bio_err);
1777 goto end;
1778 }
1779 }
1780
1781 BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes);
1782 for (i = 0; i < number; i++) {
1783 if (!reuse) {
1784 if (!SSL_set_session(c_ssl, NULL)) {
1785 BIO_printf(bio_err, "Failed to set session\n");
1786 goto end;
1787 }
1788 }
1789 if (client_sess_in != NULL) {
1790 if (SSL_set_session(c_ssl, client_sess) == 0) {
1791 BIO_printf(bio_err, "Can't set client session\n");
1792 ERR_print_errors(bio_err);
1793 goto end;
1794 }
1795 }
1796 switch (bio_type) {
1797 case BIO_MEM:
1798 ret = doit(s_ssl, c_ssl, bytes);
1799 break;
1800 case BIO_PAIR:
1801 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
1802 break;
1803 #ifndef OPENSSL_NO_SOCK
1804 case BIO_IPV4:
1805 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV4,
1806 bytes, &s_time, &c_time);
1807 break;
1808 case BIO_IPV6:
1809 ret = doit_localhost(s_ssl, c_ssl, BIO_FAMILY_IPV6,
1810 bytes, &s_time, &c_time);
1811 break;
1812 #else
1813 case BIO_IPV4:
1814 case BIO_IPV6:
1815 ret = EXIT_FAILURE;
1816 goto err;
1817 #endif
1818 }
1819 if (ret != EXIT_SUCCESS) break;
1820 }
1821
1822 if (should_negotiate && ret == EXIT_SUCCESS &&
1823 strcmp(should_negotiate, "fail-server") != 0 &&
1824 strcmp(should_negotiate, "fail-client") != 0) {
1825 int version = protocol_from_string(should_negotiate);
1826 if (version < 0) {
1827 BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate);
1828 ret = EXIT_FAILURE;
1829 goto err;
1830 }
1831 if (SSL_version(c_ssl) != version) {
1832 BIO_printf(bio_err, "Unexpected version negotiated. "
1833 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
1834 ret = EXIT_FAILURE;
1835 goto err;
1836 }
1837 }
1838
1839 if (should_reuse != -1) {
1840 if (SSL_session_reused(s_ssl) != should_reuse ||
1841 SSL_session_reused(c_ssl) != should_reuse) {
1842 BIO_printf(bio_err, "Unexpected session reuse state. "
1843 "Expected: %d, server: %d, client: %d\n", should_reuse,
1844 SSL_session_reused(s_ssl), SSL_session_reused(c_ssl));
1845 ret = EXIT_FAILURE;
1846 goto err;
1847 }
1848 }
1849
1850 if (server_sess_out != NULL) {
1851 if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) {
1852 ret = EXIT_FAILURE;
1853 goto err;
1854 }
1855 }
1856 if (client_sess_out != NULL) {
1857 if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) {
1858 ret = EXIT_FAILURE;
1859 goto err;
1860 }
1861 }
1862
1863 if (!verbose) {
1864 print_details(c_ssl, "");
1865 }
1866 if (print_time) {
1867 #ifdef CLOCKS_PER_SEC
1868 /*
1869 * "To determine the time in seconds, the value returned by the clock
1870 * function should be divided by the value of the macro
1871 * CLOCKS_PER_SEC." -- ISO/IEC 9899
1872 */
1873 BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
1874 "Approximate total client time: %6.2f s\n",
1875 (double)s_time / CLOCKS_PER_SEC,
1876 (double)c_time / CLOCKS_PER_SEC);
1877 #else
1878 BIO_printf(bio_stdout,
1879 "Approximate total server time: %6.2f units\n"
1880 "Approximate total client time: %6.2f units\n",
1881 (double)s_time, (double)c_time);
1882 #endif
1883 }
1884
1885 err:
1886 SSL_free(s_ssl);
1887 SSL_free(c_ssl);
1888
1889 end:
1890 SSL_CTX_free(s_ctx);
1891 SSL_CTX_free(s_ctx2);
1892 SSL_CTX_free(c_ctx);
1893 SSL_CONF_CTX_free(s_cctx);
1894 SSL_CONF_CTX_free(s_cctx2);
1895 SSL_CONF_CTX_free(c_cctx);
1896 sk_OPENSSL_STRING_free(conf_args);
1897
1898 BIO_free(bio_stdout);
1899
1900 SSL_SESSION_free(server_sess);
1901 SSL_SESSION_free(client_sess);
1902
1903 #ifndef OPENSSL_NO_CRYPTO_MDEBUG
1904 if (CRYPTO_mem_leaks(bio_err) <= 0)
1905 ret = EXIT_FAILURE;
1906 #endif
1907 BIO_free(bio_err);
1908 EXIT(ret);
1909 }
1910
1911 #ifndef OPENSSL_NO_SOCK
doit_localhost(SSL * s_ssl,SSL * c_ssl,int family,long count,clock_t * s_time,clock_t * c_time)1912 int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family, long count,
1913 clock_t *s_time, clock_t *c_time)
1914 {
1915 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
1916 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
1917 BIO *acpt = NULL, *server = NULL, *client = NULL;
1918 char addr_str[40];
1919 int ret = EXIT_FAILURE;
1920 int err_in_client = 0;
1921 int err_in_server = 0;
1922
1923 acpt = BIO_new_accept(family == BIO_FAMILY_IPV4 ? "127.0.0.1:0"
1924 : "[::1]:0");
1925 if (acpt == NULL)
1926 goto err;
1927 BIO_set_accept_ip_family(acpt, family);
1928 BIO_set_bind_mode(acpt, BIO_SOCK_NONBLOCK | BIO_SOCK_REUSEADDR);
1929 if (BIO_do_accept(acpt) <= 0)
1930 goto err;
1931
1932 BIO_snprintf(addr_str, sizeof(addr_str), ":%s", BIO_get_accept_port(acpt));
1933
1934 client = BIO_new_connect(addr_str);
1935 BIO_set_conn_ip_family(client, family);
1936 if (!client)
1937 goto err;
1938
1939 if (BIO_set_nbio(client, 1) <= 0)
1940 goto err;
1941 if (BIO_set_nbio(acpt, 1) <= 0)
1942 goto err;
1943
1944 {
1945 int st_connect = 0, st_accept = 0;
1946
1947 while(!st_connect || !st_accept) {
1948 if (!st_connect) {
1949 if (BIO_do_connect(client) <= 0) {
1950 if (!BIO_should_retry(client))
1951 goto err;
1952 } else {
1953 st_connect = 1;
1954 }
1955 }
1956 if (!st_accept) {
1957 if (BIO_do_accept(acpt) <= 0) {
1958 if (!BIO_should_retry(acpt))
1959 goto err;
1960 } else {
1961 st_accept = 1;
1962 }
1963 }
1964 }
1965 }
1966 /* We're not interested in accepting further connects */
1967 server = BIO_pop(acpt);
1968 BIO_free_all(acpt);
1969 acpt = NULL;
1970
1971 s_ssl_bio = BIO_new(BIO_f_ssl());
1972 if (!s_ssl_bio)
1973 goto err;
1974
1975 c_ssl_bio = BIO_new(BIO_f_ssl());
1976 if (!c_ssl_bio)
1977 goto err;
1978
1979 SSL_set_connect_state(c_ssl);
1980 SSL_set_bio(c_ssl, client, client);
1981 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
1982
1983 SSL_set_accept_state(s_ssl);
1984 SSL_set_bio(s_ssl, server, server);
1985 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
1986
1987 do {
1988 /*-
1989 * c_ssl_bio: SSL filter BIO
1990 *
1991 * client: I/O for SSL library
1992 *
1993 *
1994 * server: I/O for SSL library
1995 *
1996 * s_ssl_bio: SSL filter BIO
1997 */
1998
1999 /*
2000 * We have non-blocking behaviour throughout this test program, but
2001 * can be sure that there is *some* progress in each iteration; so we
2002 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2003 * we just try everything in each iteration
2004 */
2005
2006 {
2007 /* CLIENT */
2008
2009 char cbuf[1024 * 8];
2010 int i, r;
2011 clock_t c_clock = clock();
2012
2013 memset(cbuf, 0, sizeof(cbuf));
2014
2015 if (debug)
2016 if (SSL_in_init(c_ssl))
2017 printf("client waiting in SSL_connect - %s\n",
2018 SSL_state_string_long(c_ssl));
2019
2020 if (cw_num > 0) {
2021 /* Write to server. */
2022
2023 if (cw_num > (long)sizeof(cbuf))
2024 i = sizeof(cbuf);
2025 else
2026 i = (int)cw_num;
2027 r = BIO_write(c_ssl_bio, cbuf, i);
2028 if (r < 0) {
2029 if (!BIO_should_retry(c_ssl_bio)) {
2030 fprintf(stderr, "ERROR in CLIENT\n");
2031 err_in_client = 1;
2032 goto err;
2033 }
2034 /*
2035 * BIO_should_retry(...) can just be ignored here. The
2036 * library expects us to call BIO_write with the same
2037 * arguments again, and that's what we will do in the
2038 * next iteration.
2039 */
2040 } else if (r == 0) {
2041 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2042 goto err;
2043 } else {
2044 if (debug)
2045 printf("client wrote %d\n", r);
2046 cw_num -= r;
2047 }
2048 }
2049
2050 if (cr_num > 0) {
2051 /* Read from server. */
2052
2053 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2054 if (r < 0) {
2055 if (!BIO_should_retry(c_ssl_bio)) {
2056 fprintf(stderr, "ERROR in CLIENT\n");
2057 err_in_client = 1;
2058 goto err;
2059 }
2060 /*
2061 * Again, "BIO_should_retry" can be ignored.
2062 */
2063 } else if (r == 0) {
2064 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2065 goto err;
2066 } else {
2067 if (debug)
2068 printf("client read %d\n", r);
2069 cr_num -= r;
2070 }
2071 }
2072
2073 /*
2074 * c_time and s_time increments will typically be very small
2075 * (depending on machine speed and clock tick intervals), but
2076 * sampling over a large number of connections should result in
2077 * fairly accurate figures. We cannot guarantee a lot, however
2078 * -- if each connection lasts for exactly one clock tick, it
2079 * will be counted only for the client or only for the server or
2080 * even not at all.
2081 */
2082 *c_time += (clock() - c_clock);
2083 }
2084
2085 {
2086 /* SERVER */
2087
2088 char sbuf[1024 * 8];
2089 int i, r;
2090 clock_t s_clock = clock();
2091
2092 memset(sbuf, 0, sizeof(sbuf));
2093
2094 if (debug)
2095 if (SSL_in_init(s_ssl))
2096 printf("server waiting in SSL_accept - %s\n",
2097 SSL_state_string_long(s_ssl));
2098
2099 if (sw_num > 0) {
2100 /* Write to client. */
2101
2102 if (sw_num > (long)sizeof(sbuf))
2103 i = sizeof(sbuf);
2104 else
2105 i = (int)sw_num;
2106 r = BIO_write(s_ssl_bio, sbuf, i);
2107 if (r < 0) {
2108 if (!BIO_should_retry(s_ssl_bio)) {
2109 fprintf(stderr, "ERROR in SERVER\n");
2110 err_in_server = 1;
2111 goto err;
2112 }
2113 /* Ignore "BIO_should_retry". */
2114 } else if (r == 0) {
2115 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2116 goto err;
2117 } else {
2118 if (debug)
2119 printf("server wrote %d\n", r);
2120 sw_num -= r;
2121 }
2122 }
2123
2124 if (sr_num > 0) {
2125 /* Read from client. */
2126
2127 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2128 if (r < 0) {
2129 if (!BIO_should_retry(s_ssl_bio)) {
2130 fprintf(stderr, "ERROR in SERVER\n");
2131 err_in_server = 1;
2132 goto err;
2133 }
2134 /* blah, blah */
2135 } else if (r == 0) {
2136 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2137 goto err;
2138 } else {
2139 if (debug)
2140 printf("server read %d\n", r);
2141 sr_num -= r;
2142 }
2143 }
2144
2145 *s_time += (clock() - s_clock);
2146 }
2147 }
2148 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2149
2150 if (verbose)
2151 print_details(c_ssl, "DONE via TCP connect: ");
2152 # ifndef OPENSSL_NO_NEXTPROTONEG
2153 if (verify_npn(c_ssl, s_ssl) < 0)
2154 goto end;
2155 # endif
2156 if (verify_serverinfo() < 0) {
2157 fprintf(stderr, "Server info verify error\n");
2158 goto err;
2159 }
2160 if (verify_alpn(c_ssl, s_ssl) < 0
2161 || verify_servername(c_ssl, s_ssl) < 0)
2162 goto err;
2163
2164 if (custom_ext_error) {
2165 fprintf(stderr, "Custom extension error\n");
2166 goto err;
2167 }
2168
2169 # ifndef OPENSSL_NO_NEXTPROTONEG
2170 end:
2171 # endif
2172 ret = EXIT_SUCCESS;
2173
2174 err:
2175 ERR_print_errors(bio_err);
2176
2177 BIO_free_all(acpt);
2178 BIO_free(server);
2179 BIO_free(client);
2180 BIO_free(s_ssl_bio);
2181 BIO_free(c_ssl_bio);
2182
2183 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2184 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2185 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2186 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2187
2188 return ret;
2189 }
2190 #endif
2191
doit_biopair(SSL * s_ssl,SSL * c_ssl,long count,clock_t * s_time,clock_t * c_time)2192 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
2193 clock_t *s_time, clock_t *c_time)
2194 {
2195 long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
2196 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
2197 BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
2198 int ret = EXIT_FAILURE;
2199 int err_in_client = 0;
2200 int err_in_server = 0;
2201
2202 size_t bufsiz = 256; /* small buffer for testing */
2203
2204 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
2205 goto err;
2206 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
2207 goto err;
2208
2209 s_ssl_bio = BIO_new(BIO_f_ssl());
2210 if (!s_ssl_bio)
2211 goto err;
2212
2213 c_ssl_bio = BIO_new(BIO_f_ssl());
2214 if (!c_ssl_bio)
2215 goto err;
2216
2217 SSL_set_connect_state(c_ssl);
2218 SSL_set_bio(c_ssl, client, client);
2219 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
2220
2221 SSL_set_accept_state(s_ssl);
2222 SSL_set_bio(s_ssl, server, server);
2223 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
2224
2225 do {
2226 /*-
2227 * c_ssl_bio: SSL filter BIO
2228 *
2229 * client: pseudo-I/O for SSL library
2230 *
2231 * client_io: client's SSL communication; usually to be
2232 * relayed over some I/O facility, but in this
2233 * test program, we're the server, too:
2234 *
2235 * server_io: server's SSL communication
2236 *
2237 * server: pseudo-I/O for SSL library
2238 *
2239 * s_ssl_bio: SSL filter BIO
2240 *
2241 * The client and the server each employ a "BIO pair":
2242 * client + client_io, server + server_io.
2243 * BIO pairs are symmetric. A BIO pair behaves similar
2244 * to a non-blocking socketpair (but both endpoints must
2245 * be handled by the same thread).
2246 * [Here we could connect client and server to the ends
2247 * of a single BIO pair, but then this code would be less
2248 * suitable as an example for BIO pairs in general.]
2249 *
2250 * Useful functions for querying the state of BIO pair endpoints:
2251 *
2252 * BIO_ctrl_pending(bio) number of bytes we can read now
2253 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
2254 * other side's read attempt
2255 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
2256 *
2257 * ..._read_request is never more than ..._write_guarantee;
2258 * it depends on the application which one you should use.
2259 */
2260
2261 /*
2262 * We have non-blocking behaviour throughout this test program, but
2263 * can be sure that there is *some* progress in each iteration; so we
2264 * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
2265 * we just try everything in each iteration
2266 */
2267
2268 {
2269 /* CLIENT */
2270
2271 char cbuf[1024 * 8];
2272 int i, r;
2273 clock_t c_clock = clock();
2274
2275 memset(cbuf, 0, sizeof(cbuf));
2276
2277 if (debug)
2278 if (SSL_in_init(c_ssl))
2279 printf("client waiting in SSL_connect - %s\n",
2280 SSL_state_string_long(c_ssl));
2281
2282 if (cw_num > 0) {
2283 /* Write to server. */
2284
2285 if (cw_num > (long)sizeof(cbuf))
2286 i = sizeof(cbuf);
2287 else
2288 i = (int)cw_num;
2289 r = BIO_write(c_ssl_bio, cbuf, i);
2290 if (r < 0) {
2291 if (!BIO_should_retry(c_ssl_bio)) {
2292 fprintf(stderr, "ERROR in CLIENT\n");
2293 err_in_client = 1;
2294 goto err;
2295 }
2296 /*
2297 * BIO_should_retry(...) can just be ignored here. The
2298 * library expects us to call BIO_write with the same
2299 * arguments again, and that's what we will do in the
2300 * next iteration.
2301 */
2302 } else if (r == 0) {
2303 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2304 goto err;
2305 } else {
2306 if (debug)
2307 printf("client wrote %d\n", r);
2308 cw_num -= r;
2309 }
2310 }
2311
2312 if (cr_num > 0) {
2313 /* Read from server. */
2314
2315 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
2316 if (r < 0) {
2317 if (!BIO_should_retry(c_ssl_bio)) {
2318 fprintf(stderr, "ERROR in CLIENT\n");
2319 err_in_client = 1;
2320 goto err;
2321 }
2322 /*
2323 * Again, "BIO_should_retry" can be ignored.
2324 */
2325 } else if (r == 0) {
2326 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2327 goto err;
2328 } else {
2329 if (debug)
2330 printf("client read %d\n", r);
2331 cr_num -= r;
2332 }
2333 }
2334
2335 /*
2336 * c_time and s_time increments will typically be very small
2337 * (depending on machine speed and clock tick intervals), but
2338 * sampling over a large number of connections should result in
2339 * fairly accurate figures. We cannot guarantee a lot, however
2340 * -- if each connection lasts for exactly one clock tick, it
2341 * will be counted only for the client or only for the server or
2342 * even not at all.
2343 */
2344 *c_time += (clock() - c_clock);
2345 }
2346
2347 {
2348 /* SERVER */
2349
2350 char sbuf[1024 * 8];
2351 int i, r;
2352 clock_t s_clock = clock();
2353
2354 memset(sbuf, 0, sizeof(sbuf));
2355
2356 if (debug)
2357 if (SSL_in_init(s_ssl))
2358 printf("server waiting in SSL_accept - %s\n",
2359 SSL_state_string_long(s_ssl));
2360
2361 if (sw_num > 0) {
2362 /* Write to client. */
2363
2364 if (sw_num > (long)sizeof(sbuf))
2365 i = sizeof(sbuf);
2366 else
2367 i = (int)sw_num;
2368 r = BIO_write(s_ssl_bio, sbuf, i);
2369 if (r < 0) {
2370 if (!BIO_should_retry(s_ssl_bio)) {
2371 fprintf(stderr, "ERROR in SERVER\n");
2372 err_in_server = 1;
2373 goto err;
2374 }
2375 /* Ignore "BIO_should_retry". */
2376 } else if (r == 0) {
2377 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2378 goto err;
2379 } else {
2380 if (debug)
2381 printf("server wrote %d\n", r);
2382 sw_num -= r;
2383 }
2384 }
2385
2386 if (sr_num > 0) {
2387 /* Read from client. */
2388
2389 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
2390 if (r < 0) {
2391 if (!BIO_should_retry(s_ssl_bio)) {
2392 fprintf(stderr, "ERROR in SERVER\n");
2393 err_in_server = 1;
2394 goto err;
2395 }
2396 /* blah, blah */
2397 } else if (r == 0) {
2398 fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
2399 goto err;
2400 } else {
2401 if (debug)
2402 printf("server read %d\n", r);
2403 sr_num -= r;
2404 }
2405 }
2406
2407 *s_time += (clock() - s_clock);
2408 }
2409
2410 {
2411 /* "I/O" BETWEEN CLIENT AND SERVER. */
2412
2413 size_t r1, r2;
2414 BIO *io1 = server_io, *io2 = client_io;
2415 /*
2416 * we use the non-copying interface for io1 and the standard
2417 * BIO_write/BIO_read interface for io2
2418 */
2419
2420 static int prev_progress = 1;
2421 int progress = 0;
2422
2423 /* io1 to io2 */
2424 do {
2425 size_t num;
2426 int r;
2427
2428 r1 = BIO_ctrl_pending(io1);
2429 r2 = BIO_ctrl_get_write_guarantee(io2);
2430
2431 num = r1;
2432 if (r2 < num)
2433 num = r2;
2434 if (num) {
2435 char *dataptr;
2436
2437 if (INT_MAX < num) /* yeah, right */
2438 num = INT_MAX;
2439
2440 r = BIO_nread(io1, &dataptr, (int)num);
2441 assert(r > 0);
2442 assert(r <= (int)num);
2443 /*
2444 * possibly r < num (non-contiguous data)
2445 */
2446 num = r;
2447 r = BIO_write(io2, dataptr, (int)num);
2448 if (r != (int)num) { /* can't happen */
2449 fprintf(stderr, "ERROR: BIO_write could not write "
2450 "BIO_ctrl_get_write_guarantee() bytes");
2451 goto err;
2452 }
2453 progress = 1;
2454
2455 if (debug)
2456 printf((io1 == client_io) ?
2457 "C->S relaying: %d bytes\n" :
2458 "S->C relaying: %d bytes\n", (int)num);
2459 }
2460 }
2461 while (r1 && r2);
2462
2463 /* io2 to io1 */
2464 {
2465 size_t num;
2466 int r;
2467
2468 r1 = BIO_ctrl_pending(io2);
2469 r2 = BIO_ctrl_get_read_request(io1);
2470 /*
2471 * here we could use ..._get_write_guarantee instead of
2472 * ..._get_read_request, but by using the latter we test
2473 * restartability of the SSL implementation more thoroughly
2474 */
2475 num = r1;
2476 if (r2 < num)
2477 num = r2;
2478 if (num) {
2479 char *dataptr;
2480
2481 if (INT_MAX < num)
2482 num = INT_MAX;
2483
2484 if (num > 1)
2485 --num; /* test restartability even more thoroughly */
2486
2487 r = BIO_nwrite0(io1, &dataptr);
2488 assert(r > 0);
2489 if (r < (int)num)
2490 num = r;
2491 r = BIO_read(io2, dataptr, (int)num);
2492 if (r != (int)num) { /* can't happen */
2493 fprintf(stderr, "ERROR: BIO_read could not read "
2494 "BIO_ctrl_pending() bytes");
2495 goto err;
2496 }
2497 progress = 1;
2498 r = BIO_nwrite(io1, &dataptr, (int)num);
2499 if (r != (int)num) { /* can't happen */
2500 fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
2501 "BIO_nwrite0() bytes");
2502 goto err;
2503 }
2504
2505 if (debug)
2506 printf((io2 == client_io) ?
2507 "C->S relaying: %d bytes\n" :
2508 "S->C relaying: %d bytes\n", (int)num);
2509 }
2510 } /* no loop, BIO_ctrl_get_read_request now
2511 * returns 0 anyway */
2512
2513 if (!progress && !prev_progress)
2514 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
2515 fprintf(stderr, "ERROR: got stuck\n");
2516 fprintf(stderr, " ERROR.\n");
2517 goto err;
2518 }
2519 prev_progress = progress;
2520 }
2521 }
2522 while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
2523
2524 if (verbose)
2525 print_details(c_ssl, "DONE via BIO pair: ");
2526 #ifndef OPENSSL_NO_NEXTPROTONEG
2527 if (verify_npn(c_ssl, s_ssl) < 0)
2528 goto end;
2529 #endif
2530 if (verify_serverinfo() < 0) {
2531 fprintf(stderr, "Server info verify error\n");
2532 goto err;
2533 }
2534 if (verify_alpn(c_ssl, s_ssl) < 0
2535 || verify_servername(c_ssl, s_ssl) < 0)
2536 goto err;
2537
2538 if (custom_ext_error) {
2539 fprintf(stderr, "Custom extension error\n");
2540 goto err;
2541 }
2542
2543 #ifndef OPENSSL_NO_NEXTPROTONEG
2544 end:
2545 #endif
2546 ret = EXIT_SUCCESS;
2547
2548 err:
2549 ERR_print_errors(bio_err);
2550
2551 BIO_free(server);
2552 BIO_free(server_io);
2553 BIO_free(client);
2554 BIO_free(client_io);
2555 BIO_free(s_ssl_bio);
2556 BIO_free(c_ssl_bio);
2557
2558 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2559 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2560 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2561 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2562
2563 return ret;
2564 }
2565
2566 #define W_READ 1
2567 #define W_WRITE 2
2568 #define C_DONE 1
2569 #define S_DONE 2
2570
doit(SSL * s_ssl,SSL * c_ssl,long count)2571 int doit(SSL *s_ssl, SSL *c_ssl, long count)
2572 {
2573 char *cbuf = NULL, *sbuf = NULL;
2574 long bufsiz;
2575 long cw_num = count, cr_num = count;
2576 long sw_num = count, sr_num = count;
2577 int ret = EXIT_FAILURE;
2578 BIO *c_to_s = NULL;
2579 BIO *s_to_c = NULL;
2580 BIO *c_bio = NULL;
2581 BIO *s_bio = NULL;
2582 int c_r, c_w, s_r, s_w;
2583 int i, j;
2584 int done = 0;
2585 int c_write, s_write;
2586 int do_server = 0, do_client = 0;
2587 int max_frag = 5 * 1024;
2588 int err_in_client = 0;
2589 int err_in_server = 0;
2590
2591 bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
2592
2593 if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2594 goto err;
2595 if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
2596 goto err;
2597
2598 c_to_s = BIO_new(BIO_s_mem());
2599 s_to_c = BIO_new(BIO_s_mem());
2600 if ((s_to_c == NULL) || (c_to_s == NULL)) {
2601 ERR_print_errors(bio_err);
2602 goto err;
2603 }
2604
2605 c_bio = BIO_new(BIO_f_ssl());
2606 s_bio = BIO_new(BIO_f_ssl());
2607 if ((c_bio == NULL) || (s_bio == NULL)) {
2608 ERR_print_errors(bio_err);
2609 goto err;
2610 }
2611
2612 SSL_set_connect_state(c_ssl);
2613 SSL_set_bio(c_ssl, s_to_c, c_to_s);
2614 SSL_set_max_send_fragment(c_ssl, max_frag);
2615 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
2616
2617 /*
2618 * We've just given our ref to these BIOs to c_ssl. We need another one to
2619 * give to s_ssl
2620 */
2621 if (!BIO_up_ref(c_to_s)) {
2622 /* c_to_s and s_to_c will get freed when we free c_ssl */
2623 c_to_s = NULL;
2624 s_to_c = NULL;
2625 goto err;
2626 }
2627 if (!BIO_up_ref(s_to_c)) {
2628 /* s_to_c will get freed when we free c_ssl */
2629 s_to_c = NULL;
2630 goto err;
2631 }
2632
2633 SSL_set_accept_state(s_ssl);
2634 SSL_set_bio(s_ssl, c_to_s, s_to_c);
2635
2636 /* We've used up all our refs to these now */
2637 c_to_s = NULL;
2638 s_to_c = NULL;
2639
2640 SSL_set_max_send_fragment(s_ssl, max_frag);
2641 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
2642
2643 c_r = 0;
2644 s_r = 1;
2645 c_w = 1;
2646 s_w = 0;
2647 c_write = 1, s_write = 0;
2648
2649 /* We can always do writes */
2650 for (;;) {
2651 do_server = 0;
2652 do_client = 0;
2653
2654 i = (int)BIO_pending(s_bio);
2655 if ((i && s_r) || s_w)
2656 do_server = 1;
2657
2658 i = (int)BIO_pending(c_bio);
2659 if ((i && c_r) || c_w)
2660 do_client = 1;
2661
2662 if (do_server && debug) {
2663 if (SSL_in_init(s_ssl))
2664 printf("server waiting in SSL_accept - %s\n",
2665 SSL_state_string_long(s_ssl));
2666 }
2667
2668 if (do_client && debug) {
2669 if (SSL_in_init(c_ssl))
2670 printf("client waiting in SSL_connect - %s\n",
2671 SSL_state_string_long(c_ssl));
2672 }
2673
2674 if (!do_client && !do_server) {
2675 fprintf(stdout, "ERROR IN STARTUP\n");
2676 ERR_print_errors(bio_err);
2677 goto err;
2678 }
2679 if (do_client && !(done & C_DONE)) {
2680 if (c_write) {
2681 j = (cw_num > bufsiz) ? (int)bufsiz : (int)cw_num;
2682 i = BIO_write(c_bio, cbuf, j);
2683 if (i < 0) {
2684 c_r = 0;
2685 c_w = 0;
2686 if (BIO_should_retry(c_bio)) {
2687 if (BIO_should_read(c_bio))
2688 c_r = 1;
2689 if (BIO_should_write(c_bio))
2690 c_w = 1;
2691 } else {
2692 fprintf(stderr, "ERROR in CLIENT\n");
2693 err_in_client = 1;
2694 ERR_print_errors(bio_err);
2695 goto err;
2696 }
2697 } else if (i == 0) {
2698 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2699 goto err;
2700 } else {
2701 if (debug)
2702 printf("client wrote %d\n", i);
2703 /* ok */
2704 s_r = 1;
2705 c_write = 0;
2706 cw_num -= i;
2707 if (max_frag > 1029)
2708 SSL_set_max_send_fragment(c_ssl, max_frag -= 5);
2709 }
2710 } else {
2711 i = BIO_read(c_bio, cbuf, bufsiz);
2712 if (i < 0) {
2713 c_r = 0;
2714 c_w = 0;
2715 if (BIO_should_retry(c_bio)) {
2716 if (BIO_should_read(c_bio))
2717 c_r = 1;
2718 if (BIO_should_write(c_bio))
2719 c_w = 1;
2720 } else {
2721 fprintf(stderr, "ERROR in CLIENT\n");
2722 err_in_client = 1;
2723 ERR_print_errors(bio_err);
2724 goto err;
2725 }
2726 } else if (i == 0) {
2727 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
2728 goto err;
2729 } else {
2730 if (debug)
2731 printf("client read %d\n", i);
2732 cr_num -= i;
2733 if (sw_num > 0) {
2734 s_write = 1;
2735 s_w = 1;
2736 }
2737 if (cr_num <= 0) {
2738 s_write = 1;
2739 s_w = 1;
2740 done = S_DONE | C_DONE;
2741 }
2742 }
2743 }
2744 }
2745
2746 if (do_server && !(done & S_DONE)) {
2747 if (!s_write) {
2748 i = BIO_read(s_bio, sbuf, bufsiz);
2749 if (i < 0) {
2750 s_r = 0;
2751 s_w = 0;
2752 if (BIO_should_retry(s_bio)) {
2753 if (BIO_should_read(s_bio))
2754 s_r = 1;
2755 if (BIO_should_write(s_bio))
2756 s_w = 1;
2757 } else {
2758 fprintf(stderr, "ERROR in SERVER\n");
2759 err_in_server = 1;
2760 ERR_print_errors(bio_err);
2761 goto err;
2762 }
2763 } else if (i == 0) {
2764 ERR_print_errors(bio_err);
2765 fprintf(stderr,
2766 "SSL SERVER STARTUP FAILED in SSL_read\n");
2767 goto err;
2768 } else {
2769 if (debug)
2770 printf("server read %d\n", i);
2771 sr_num -= i;
2772 if (cw_num > 0) {
2773 c_write = 1;
2774 c_w = 1;
2775 }
2776 if (sr_num <= 0) {
2777 s_write = 1;
2778 s_w = 1;
2779 c_write = 0;
2780 }
2781 }
2782 } else {
2783 j = (sw_num > bufsiz) ? (int)bufsiz : (int)sw_num;
2784 i = BIO_write(s_bio, sbuf, j);
2785 if (i < 0) {
2786 s_r = 0;
2787 s_w = 0;
2788 if (BIO_should_retry(s_bio)) {
2789 if (BIO_should_read(s_bio))
2790 s_r = 1;
2791 if (BIO_should_write(s_bio))
2792 s_w = 1;
2793 } else {
2794 fprintf(stderr, "ERROR in SERVER\n");
2795 err_in_server = 1;
2796 ERR_print_errors(bio_err);
2797 goto err;
2798 }
2799 } else if (i == 0) {
2800 ERR_print_errors(bio_err);
2801 fprintf(stderr,
2802 "SSL SERVER STARTUP FAILED in SSL_write\n");
2803 goto err;
2804 } else {
2805 if (debug)
2806 printf("server wrote %d\n", i);
2807 sw_num -= i;
2808 s_write = 0;
2809 c_r = 1;
2810 if (sw_num <= 0)
2811 done |= S_DONE;
2812 if (max_frag > 1029)
2813 SSL_set_max_send_fragment(s_ssl, max_frag -= 5);
2814 }
2815 }
2816 }
2817
2818 if ((done & S_DONE) && (done & C_DONE))
2819 break;
2820 }
2821
2822 if (verbose)
2823 print_details(c_ssl, "DONE: ");
2824 #ifndef OPENSSL_NO_NEXTPROTONEG
2825 if (verify_npn(c_ssl, s_ssl) < 0)
2826 goto err;
2827 #endif
2828 if (verify_serverinfo() < 0) {
2829 fprintf(stderr, "Server info verify error\n");
2830 goto err;
2831 }
2832 if (custom_ext_error) {
2833 fprintf(stderr, "Custom extension error\n");
2834 goto err;
2835 }
2836 ret = EXIT_SUCCESS;
2837 err:
2838 BIO_free(c_to_s);
2839 BIO_free(s_to_c);
2840 BIO_free_all(c_bio);
2841 BIO_free_all(s_bio);
2842 OPENSSL_free(cbuf);
2843 OPENSSL_free(sbuf);
2844
2845 if (should_negotiate != NULL && strcmp(should_negotiate, "fail-client") == 0)
2846 ret = (err_in_client != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2847 else if (should_negotiate != NULL && strcmp(should_negotiate, "fail-server") == 0)
2848 ret = (err_in_server != 0) ? EXIT_SUCCESS : EXIT_FAILURE;
2849
2850 return ret;
2851 }
2852
verify_callback(int ok,X509_STORE_CTX * ctx)2853 static int verify_callback(int ok, X509_STORE_CTX *ctx)
2854 {
2855 char *s, buf[256];
2856
2857 s = X509_NAME_oneline(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
2858 buf, sizeof(buf));
2859 if (s != NULL) {
2860 if (ok)
2861 printf("depth=%d %s\n", X509_STORE_CTX_get_error_depth(ctx), buf);
2862 else {
2863 fprintf(stderr, "depth=%d error=%d %s\n",
2864 X509_STORE_CTX_get_error_depth(ctx),
2865 X509_STORE_CTX_get_error(ctx), buf);
2866 }
2867 }
2868
2869 if (ok == 0) {
2870 int i = X509_STORE_CTX_get_error(ctx);
2871
2872 switch (i) {
2873 default:
2874 fprintf(stderr, "Error string: %s\n",
2875 X509_verify_cert_error_string(i));
2876 break;
2877 case X509_V_ERR_CERT_NOT_YET_VALID:
2878 case X509_V_ERR_CERT_HAS_EXPIRED:
2879 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
2880 ok = 1;
2881 break;
2882 }
2883 }
2884
2885 return ok;
2886 }
2887
app_verify_callback(X509_STORE_CTX * ctx,void * arg)2888 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg)
2889 {
2890 int ok = 1;
2891 struct app_verify_arg *cb_arg = arg;
2892
2893 if (cb_arg->app_verify) {
2894 char *s = NULL, buf[256];
2895 X509 *c = X509_STORE_CTX_get0_cert(ctx);
2896
2897 printf("In app_verify_callback, allowing cert. ");
2898 printf("Arg is: %s\n", cb_arg->string);
2899 printf("Finished printing do we have a context? 0x%p a cert? 0x%p\n",
2900 (void *)ctx, (void *)c);
2901 if (c)
2902 s = X509_NAME_oneline(X509_get_subject_name(c), buf, 256);
2903 if (s != NULL) {
2904 printf("cert depth=%d %s\n",
2905 X509_STORE_CTX_get_error_depth(ctx), buf);
2906 }
2907 return 1;
2908 }
2909
2910 ok = X509_verify_cert(ctx);
2911
2912 return ok;
2913 }
2914
2915 #ifndef OPENSSL_NO_DH
2916 /*-
2917 * These DH parameters have been generated as follows:
2918 * $ openssl dhparam -C -noout 512
2919 * $ openssl dhparam -C -noout 1024
2920 * $ openssl dhparam -C -noout -dsaparam 1024
2921 * (The third function has been renamed to avoid name conflicts.)
2922 */
get_dh512(void)2923 static DH *get_dh512(void)
2924 {
2925 static unsigned char dh512_p[] = {
2926 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
2927 0xC6,
2928 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
2929 0xB0,
2930 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
2931 0x5F,
2932 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
2933 0xB8,
2934 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
2935 0x33,
2936 0x02, 0xC5, 0xAE, 0x23,
2937 };
2938 static unsigned char dh512_g[] = {
2939 0x02,
2940 };
2941 DH *dh;
2942 BIGNUM *p, *g;
2943
2944 if ((dh = DH_new()) == NULL)
2945 return NULL;
2946 p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
2947 g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
2948 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2949 DH_free(dh);
2950 BN_free(p);
2951 BN_free(g);
2952 return NULL;
2953 }
2954 return dh;
2955 }
2956
get_dh1024(void)2957 static DH *get_dh1024(void)
2958 {
2959 static unsigned char dh1024_p[] = {
2960 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
2961 0x3A,
2962 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
2963 0xA2,
2964 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
2965 0xB0,
2966 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
2967 0xC2,
2968 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
2969 0x8C,
2970 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
2971 0xB8,
2972 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
2973 0x52,
2974 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
2975 0xC1,
2976 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
2977 0xB1,
2978 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
2979 0xAB,
2980 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
2981 };
2982 static unsigned char dh1024_g[] = {
2983 0x02,
2984 };
2985 DH *dh;
2986 BIGNUM *p, *g;
2987
2988 if ((dh = DH_new()) == NULL)
2989 return NULL;
2990 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
2991 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
2992 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
2993 DH_free(dh);
2994 BN_free(p);
2995 BN_free(g);
2996 return NULL;
2997 }
2998 return dh;
2999 }
3000
get_dh1024dsa(void)3001 static DH *get_dh1024dsa(void)
3002 {
3003 static unsigned char dh1024_p[] = {
3004 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
3005 0x00,
3006 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
3007 0x19,
3008 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
3009 0xD2,
3010 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
3011 0x55,
3012 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
3013 0xFC,
3014 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
3015 0x97,
3016 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
3017 0x8D,
3018 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
3019 0xBB,
3020 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
3021 0xF6,
3022 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
3023 0x9E,
3024 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
3025 };
3026 static unsigned char dh1024_g[] = {
3027 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
3028 0x05,
3029 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
3030 0xF3,
3031 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
3032 0xE9,
3033 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
3034 0x3C,
3035 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
3036 0x65,
3037 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
3038 0x60,
3039 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
3040 0xF6,
3041 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
3042 0xA7,
3043 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
3044 0xA1,
3045 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
3046 0x60,
3047 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
3048 };
3049 DH *dh;
3050 BIGNUM *p, *g;
3051
3052 if ((dh = DH_new()) == NULL)
3053 return NULL;
3054 p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
3055 g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
3056 if ((p == NULL) || (g == NULL) || !DH_set0_pqg(dh, p, NULL, g)) {
3057 DH_free(dh);
3058 BN_free(p);
3059 BN_free(g);
3060 return NULL;
3061 }
3062 DH_set_length(dh, 160);
3063 return dh;
3064 }
3065
get_dh2048(void)3066 static DH *get_dh2048(void)
3067 {
3068 BIGNUM *p = NULL, *g = NULL;
3069 DH *dh = NULL;
3070
3071 if ((dh = DH_new()) == NULL)
3072 return NULL;
3073
3074 g = BN_new();
3075 if (g == NULL || !BN_set_word(g, 2))
3076 goto err;
3077
3078 p = BN_get_rfc3526_prime_2048(NULL);
3079 if (p == NULL)
3080 goto err;
3081
3082 if (!DH_set0_pqg(dh, p, NULL, g))
3083 goto err;
3084
3085 return dh;
3086
3087 err:
3088 DH_free(dh);
3089 BN_free(p);
3090 BN_free(g);
3091 return NULL;
3092 }
3093
get_dh4096(void)3094 static DH *get_dh4096(void)
3095 {
3096 BIGNUM *p = NULL, *g = NULL;
3097 DH *dh = NULL;
3098
3099 if ((dh = DH_new()) == NULL)
3100 return NULL;
3101
3102 g = BN_new();
3103 if (g == NULL || !BN_set_word(g, 2))
3104 goto err;
3105
3106 p = BN_get_rfc3526_prime_4096(NULL);
3107 if (p == NULL)
3108 goto err;
3109
3110 if (!DH_set0_pqg(dh, p, NULL, g))
3111 goto err;
3112
3113 return dh;
3114
3115 err:
3116 DH_free(dh);
3117 BN_free(p);
3118 BN_free(g);
3119 return NULL;
3120 }
3121 #endif
3122
3123 #ifndef OPENSSL_NO_PSK
3124 /* convert the PSK key (psk_key) in ascii to binary (psk) */
psk_key2bn(const char * pskkey,unsigned char * psk,unsigned int max_psk_len)3125 static int psk_key2bn(const char *pskkey, unsigned char *psk,
3126 unsigned int max_psk_len)
3127 {
3128 int ret;
3129 BIGNUM *bn = NULL;
3130
3131 ret = BN_hex2bn(&bn, pskkey);
3132 if (!ret) {
3133 BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n",
3134 pskkey);
3135 BN_free(bn);
3136 return 0;
3137 }
3138 if (BN_num_bytes(bn) > (int)max_psk_len) {
3139 BIO_printf(bio_err,
3140 "psk buffer of callback is too small (%d) for key (%d)\n",
3141 max_psk_len, BN_num_bytes(bn));
3142 BN_free(bn);
3143 return 0;
3144 }
3145 ret = BN_bn2bin(bn, psk);
3146 BN_free(bn);
3147 return ret;
3148 }
3149
psk_client_callback(SSL * ssl,const char * hint,char * identity,unsigned int max_identity_len,unsigned char * psk,unsigned int max_psk_len)3150 static unsigned int psk_client_callback(SSL *ssl, const char *hint,
3151 char *identity,
3152 unsigned int max_identity_len,
3153 unsigned char *psk,
3154 unsigned int max_psk_len)
3155 {
3156 int ret;
3157 unsigned int psk_len = 0;
3158
3159 ret = BIO_snprintf(identity, max_identity_len, "Client_identity");
3160 if (ret < 0)
3161 goto out_err;
3162 if (debug)
3163 fprintf(stderr, "client: created identity '%s' len=%d\n", identity,
3164 ret);
3165 ret = psk_key2bn(psk_key, psk, max_psk_len);
3166 if (ret < 0)
3167 goto out_err;
3168 psk_len = ret;
3169 out_err:
3170 return psk_len;
3171 }
3172
psk_server_callback(SSL * ssl,const char * identity,unsigned char * psk,unsigned int max_psk_len)3173 static unsigned int psk_server_callback(SSL *ssl, const char *identity,
3174 unsigned char *psk,
3175 unsigned int max_psk_len)
3176 {
3177 unsigned int psk_len = 0;
3178
3179 if (strcmp(identity, "Client_identity") != 0) {
3180 BIO_printf(bio_err, "server: PSK error: client identity not found\n");
3181 return 0;
3182 }
3183 psk_len = psk_key2bn(psk_key, psk, max_psk_len);
3184 return psk_len;
3185 }
3186 #endif
3187