1 /* $OpenBSD: ssltest.c,v 1.40 2023/07/02 17:21:32 beck Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116 /* ==================================================================== 117 * Copyright 2005 Nokia. All rights reserved. 118 * 119 * The portions of the attached software ("Contribution") is developed by 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121 * license. 122 * 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125 * support (see RFC 4279) to OpenSSL. 126 * 127 * No patent licenses or other rights except those expressly stated in 128 * the OpenSSL open source license shall be deemed granted or received 129 * expressly, by implication, estoppel, or otherwise. 130 * 131 * No assurances are provided by Nokia that the Contribution does not 132 * infringe the patent or other intellectual property rights of any third 133 * party or that the license provides you with all the necessary rights 134 * to make use of the Contribution. 135 * 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140 * OTHERWISE. 141 */ 142 143 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly 144 on Linux and GNU platforms. */ 145 #include <sys/types.h> 146 #include <sys/socket.h> 147 148 #include <netinet/in.h> 149 150 #include <assert.h> 151 #include <errno.h> 152 #include <limits.h> 153 #include <netdb.h> 154 #include <stdio.h> 155 #include <stdlib.h> 156 #include <string.h> 157 #include <time.h> 158 #include <unistd.h> 159 160 #include <openssl/opensslconf.h> 161 #include <openssl/bio.h> 162 #include <openssl/crypto.h> 163 #include <openssl/evp.h> 164 #include <openssl/x509.h> 165 #include <openssl/x509v3.h> 166 #include <openssl/ssl.h> 167 #ifndef OPENSSL_NO_ENGINE 168 #include <openssl/engine.h> 169 #endif 170 #include <openssl/err.h> 171 #include <openssl/rand.h> 172 #include <openssl/rsa.h> 173 #include <openssl/dsa.h> 174 #include <openssl/dh.h> 175 #include <openssl/bn.h> 176 177 #include "ssl_local.h" 178 179 #define TEST_SERVER_CERT "../apps/server.pem" 180 #define TEST_CLIENT_CERT "../apps/client.pem" 181 182 static int verify_callback(int ok, X509_STORE_CTX *ctx); 183 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); 184 185 static DH *get_dh1024(void); 186 static DH *get_dh1024dsa(void); 187 188 static BIO *bio_err = NULL; 189 static BIO *bio_stdout = NULL; 190 191 static const char *alpn_client; 192 static const char *alpn_server; 193 static const char *alpn_expected; 194 static unsigned char *alpn_selected; 195 196 /* 197 * next_protos_parse parses a comma separated list of strings into a string 198 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. 199 * outlen: (output) set to the length of the resulting buffer on success. 200 * err: (maybe NULL) on failure, an error message line is written to this BIO. 201 * in: a NUL terminated string like "abc,def,ghi" 202 * 203 * returns: a malloced buffer or NULL on failure. 204 */ 205 static unsigned char * 206 next_protos_parse(unsigned short *outlen, const char *in) 207 { 208 size_t i, len, start = 0; 209 unsigned char *out; 210 211 len = strlen(in); 212 if (len >= 65535) 213 return (NULL); 214 215 if ((out = malloc(strlen(in) + 1)) == NULL) 216 return (NULL); 217 218 for (i = 0; i <= len; ++i) { 219 if (i == len || in[i] == ',') { 220 if (i - start > 255) { 221 free(out); 222 return (NULL); 223 } 224 out[start] = i - start; 225 start = i + 1; 226 } else 227 out[i+1] = in[i]; 228 } 229 *outlen = len + 1; 230 return (out); 231 } 232 233 static int 234 cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, 235 const unsigned char *in, unsigned int inlen, void *arg) 236 { 237 unsigned char *protos; 238 unsigned short protos_len; 239 240 if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) { 241 fprintf(stderr, 242 "failed to parser ALPN server protocol string: %s\n", 243 alpn_server); 244 abort(); 245 } 246 247 if (SSL_select_next_proto((unsigned char **)out, outlen, protos, 248 protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) { 249 free(protos); 250 return (SSL_TLSEXT_ERR_NOACK); 251 } 252 253 /* 254 * Make a copy of the selected protocol which will be freed in 255 * verify_alpn. 256 */ 257 if ((alpn_selected = malloc(*outlen)) == NULL) { 258 fprintf(stderr, "malloc failed\n"); 259 abort(); 260 } 261 memcpy(alpn_selected, *out, *outlen); 262 *out = alpn_selected; 263 free(protos); 264 265 return (SSL_TLSEXT_ERR_OK); 266 } 267 268 static int 269 verify_alpn(SSL *client, SSL *server) 270 { 271 const unsigned char *client_proto, *server_proto; 272 unsigned int client_proto_len = 0, server_proto_len = 0; 273 274 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); 275 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); 276 277 free(alpn_selected); 278 alpn_selected = NULL; 279 280 if (client_proto_len != server_proto_len || 281 memcmp(client_proto, server_proto, client_proto_len) != 0) { 282 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); 283 goto err; 284 } 285 286 if (client_proto_len > 0 && alpn_expected == NULL) { 287 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n"); 288 goto err; 289 } 290 291 if (alpn_expected != NULL && 292 (client_proto_len != strlen(alpn_expected) || 293 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { 294 BIO_printf(bio_stdout, "ALPN selected protocols not equal to " 295 "expected protocol: %s\n", alpn_expected); 296 goto err; 297 } 298 299 return (0); 300 301 err: 302 BIO_printf(bio_stdout, "ALPN results: client: '"); 303 BIO_write(bio_stdout, client_proto, client_proto_len); 304 BIO_printf(bio_stdout, "', server: '"); 305 BIO_write(bio_stdout, server_proto, server_proto_len); 306 BIO_printf(bio_stdout, "'\n"); 307 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", 308 alpn_client, alpn_server); 309 310 return (-1); 311 } 312 313 static char *cipher = NULL; 314 static int verbose = 0; 315 static int debug = 0; 316 317 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, 318 clock_t *c_time); 319 int doit(SSL *s_ssl, SSL *c_ssl, long bytes); 320 321 static void 322 sv_usage(void) 323 { 324 fprintf(stderr, "usage: ssltest [args ...]\n"); 325 fprintf(stderr, "\n"); 326 fprintf(stderr, " -server_auth - check server certificate\n"); 327 fprintf(stderr, " -client_auth - do client authentication\n"); 328 fprintf(stderr, " -proxy - allow proxy certificates\n"); 329 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n"); 330 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n"); 331 fprintf(stderr, " -v - more output\n"); 332 fprintf(stderr, " -d - debug output\n"); 333 fprintf(stderr, " -reuse - use session-id reuse\n"); 334 fprintf(stderr, " -num <val> - number of connections to perform\n"); 335 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n"); 336 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 337 fprintf(stderr, " -no_dhe - disable DHE\n"); 338 fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); 339 fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n"); 340 fprintf(stderr, " -tls1 - use TLSv1\n"); 341 fprintf(stderr, " -tls1_2 - use TLSv1.2\n"); 342 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); 343 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); 344 fprintf(stderr, " -cert arg - Server certificate file\n"); 345 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n"); 346 fprintf(stderr, " -c_cert arg - Client certificate file\n"); 347 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); 348 fprintf(stderr, " -cipher arg - The cipher list\n"); 349 fprintf(stderr, " -bio_pair - Use BIO pairs\n"); 350 fprintf(stderr, " -f - Test even cases that can't work\n"); 351 fprintf(stderr, " -time - measure processor time used by client and server\n"); 352 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 353 " Use \"openssl ecparam -list_curves\" for all names\n" \ 354 " (default is sect163r2).\n"); 355 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n"); 356 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n"); 357 fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n"); 358 } 359 360 static void 361 print_details(SSL *c_ssl, const char *prefix) 362 { 363 const SSL_CIPHER *ciph; 364 X509 *cert = NULL; 365 EVP_PKEY *pkey; 366 367 ciph = SSL_get_current_cipher(c_ssl); 368 BIO_printf(bio_stdout, "%s%s, cipher %s %s", 369 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), 370 SSL_CIPHER_get_name(ciph)); 371 372 if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL) 373 goto out; 374 if ((pkey = X509_get0_pubkey(cert)) == NULL) 375 goto out; 376 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { 377 RSA *rsa; 378 379 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) 380 goto out; 381 382 BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa)); 383 } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) { 384 DSA *dsa; 385 const BIGNUM *p; 386 387 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL) 388 goto out; 389 390 DSA_get0_pqg(dsa, &p, NULL, NULL); 391 392 BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p)); 393 } 394 395 out: 396 /* 397 * The SSL API does not allow us to look at temporary RSA/DH keys, 398 * otherwise we should print their lengths too 399 */ 400 BIO_printf(bio_stdout, "\n"); 401 402 X509_free(cert); 403 } 404 405 int 406 main(int argc, char *argv[]) 407 { 408 char *CApath = NULL, *CAfile = NULL; 409 int badop = 0; 410 int bio_pair = 0; 411 int force = 0; 412 int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1; 413 int client_auth = 0; 414 int server_auth = 0, i; 415 char *app_verify_arg = "Test Callback Argument"; 416 char *server_cert = TEST_SERVER_CERT; 417 char *server_key = NULL; 418 char *client_cert = TEST_CLIENT_CERT; 419 char *client_key = NULL; 420 char *named_curve = NULL; 421 SSL_CTX *s_ctx = NULL; 422 SSL_CTX *c_ctx = NULL; 423 const SSL_METHOD *meth = NULL; 424 SSL *c_ssl, *s_ssl; 425 int number = 1, reuse = 0; 426 int seclevel = 0; 427 long bytes = 256L; 428 DH *dh; 429 int dhe1024dsa = 0; 430 EC_KEY *ecdh = NULL; 431 int no_dhe = 0; 432 int no_ecdhe = 0; 433 int print_time = 0; 434 clock_t s_time = 0, c_time = 0; 435 436 verbose = 0; 437 debug = 0; 438 cipher = 0; 439 440 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT); 441 442 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT); 443 444 argc--; 445 argv++; 446 447 while (argc >= 1) { 448 if (!strcmp(*argv, "-F")) { 449 fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n"); 450 exit(0); 451 } else if (strcmp(*argv, "-server_auth") == 0) 452 server_auth = 1; 453 else if (strcmp(*argv, "-client_auth") == 0) 454 client_auth = 1; 455 else if (strcmp(*argv, "-v") == 0) 456 verbose = 1; 457 else if (strcmp(*argv, "-d") == 0) 458 debug = 1; 459 else if (strcmp(*argv, "-reuse") == 0) 460 reuse = 1; 461 else if (strcmp(*argv, "-dhe1024dsa") == 0) { 462 dhe1024dsa = 1; 463 } else if (strcmp(*argv, "-no_dhe") == 0) 464 no_dhe = 1; 465 else if (strcmp(*argv, "-no_ecdhe") == 0) 466 no_ecdhe = 1; 467 else if (strcmp(*argv, "-dtls1_2") == 0) 468 dtls1_2 = 1; 469 else if (strcmp(*argv, "-tls1") == 0) 470 tls1 = 1; 471 else if (strcmp(*argv, "-tls1_2") == 0) 472 tls1_2 = 1; 473 else if (strncmp(*argv, "-num", 4) == 0) { 474 if (--argc < 1) 475 goto bad; 476 number = atoi(*(++argv)); 477 if (number == 0) 478 number = 1; 479 } else if (strncmp(*argv, "-seclevel", 9) == 0) { 480 if (--argc < 1) 481 goto bad; 482 seclevel = atoi(*(++argv)); 483 } else if (strcmp(*argv, "-bytes") == 0) { 484 if (--argc < 1) 485 goto bad; 486 bytes = atol(*(++argv)); 487 if (bytes == 0L) 488 bytes = 1L; 489 i = strlen(argv[0]); 490 if (argv[0][i - 1] == 'k') 491 bytes*=1024L; 492 if (argv[0][i - 1] == 'm') 493 bytes*=1024L*1024L; 494 } else if (strcmp(*argv, "-cert") == 0) { 495 if (--argc < 1) 496 goto bad; 497 server_cert= *(++argv); 498 } else if (strcmp(*argv, "-s_cert") == 0) { 499 if (--argc < 1) 500 goto bad; 501 server_cert= *(++argv); 502 } else if (strcmp(*argv, "-key") == 0) { 503 if (--argc < 1) 504 goto bad; 505 server_key= *(++argv); 506 } else if (strcmp(*argv, "-s_key") == 0) { 507 if (--argc < 1) 508 goto bad; 509 server_key= *(++argv); 510 } else if (strcmp(*argv, "-c_cert") == 0) { 511 if (--argc < 1) 512 goto bad; 513 client_cert= *(++argv); 514 } else if (strcmp(*argv, "-c_key") == 0) { 515 if (--argc < 1) 516 goto bad; 517 client_key= *(++argv); 518 } else if (strcmp(*argv, "-cipher") == 0) { 519 if (--argc < 1) 520 goto bad; 521 cipher= *(++argv); 522 } else if (strcmp(*argv, "-CApath") == 0) { 523 if (--argc < 1) 524 goto bad; 525 CApath= *(++argv); 526 } else if (strcmp(*argv, "-CAfile") == 0) { 527 if (--argc < 1) 528 goto bad; 529 CAfile= *(++argv); 530 } else if (strcmp(*argv, "-bio_pair") == 0) { 531 bio_pair = 1; 532 } else if (strcmp(*argv, "-f") == 0) { 533 force = 1; 534 } else if (strcmp(*argv, "-time") == 0) { 535 print_time = 1; 536 } else if (strcmp(*argv, "-named_curve") == 0) { 537 if (--argc < 1) 538 goto bad; 539 named_curve = *(++argv); 540 } else if (strcmp(*argv, "-app_verify") == 0) { 541 ; 542 } else if (strcmp(*argv, "-alpn_client") == 0) { 543 if (--argc < 1) 544 goto bad; 545 alpn_client = *(++argv); 546 } else if (strcmp(*argv, "-alpn_server") == 0) { 547 if (--argc < 1) 548 goto bad; 549 alpn_server = *(++argv); 550 } else if (strcmp(*argv, "-alpn_expected") == 0) { 551 if (--argc < 1) 552 goto bad; 553 alpn_expected = *(++argv); 554 } else { 555 fprintf(stderr, "unknown option %s\n", *argv); 556 badop = 1; 557 break; 558 } 559 argc--; 560 argv++; 561 } 562 if (badop) { 563 bad: 564 sv_usage(); 565 goto end; 566 } 567 568 if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) { 569 fprintf(stderr, 570 "This case cannot work. Use -f to perform " 571 "the test anyway (and\n-d to see what happens), " 572 "or add one of -dtls1, -tls1, -tls1_2, -reuse\n" 573 "to avoid protocol mismatch.\n"); 574 exit(1); 575 } 576 577 if (print_time) { 578 if (!bio_pair) { 579 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); 580 bio_pair = 1; 581 } 582 if (number < 50 && !force) 583 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); 584 } 585 586 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ 587 588 SSL_library_init(); 589 SSL_load_error_strings(); 590 591 if (dtls1_2) 592 meth = DTLSv1_2_method(); 593 else if (tls1) 594 meth = TLSv1_method(); 595 else if (tls1_2) 596 meth = TLSv1_2_method(); 597 else 598 meth = TLS_method(); 599 600 c_ctx = SSL_CTX_new(meth); 601 s_ctx = SSL_CTX_new(meth); 602 if ((c_ctx == NULL) || (s_ctx == NULL)) { 603 ERR_print_errors(bio_err); 604 goto end; 605 } 606 607 SSL_CTX_set_security_level(c_ctx, seclevel); 608 SSL_CTX_set_security_level(s_ctx, seclevel); 609 610 if (cipher != NULL) { 611 SSL_CTX_set_cipher_list(c_ctx, cipher); 612 SSL_CTX_set_cipher_list(s_ctx, cipher); 613 } 614 615 if (!no_dhe) { 616 if (dhe1024dsa) { 617 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ 618 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); 619 dh = get_dh1024dsa(); 620 } else 621 dh = get_dh1024(); 622 SSL_CTX_set_tmp_dh(s_ctx, dh); 623 DH_free(dh); 624 } 625 626 if (!no_ecdhe) { 627 int nid; 628 629 if (named_curve != NULL) { 630 nid = OBJ_sn2nid(named_curve); 631 if (nid == 0) { 632 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); 633 goto end; 634 } 635 } else 636 nid = NID_X9_62_prime256v1; 637 638 ecdh = EC_KEY_new_by_curve_name(nid); 639 if (ecdh == NULL) { 640 BIO_printf(bio_err, "unable to create curve\n"); 641 goto end; 642 } 643 644 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); 645 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); 646 EC_KEY_free(ecdh); 647 } 648 649 if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) { 650 ERR_print_errors(bio_err); 651 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 652 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { 653 ERR_print_errors(bio_err); 654 goto end; 655 } 656 657 if (client_auth) { 658 SSL_CTX_use_certificate_chain_file(c_ctx, client_cert); 659 SSL_CTX_use_PrivateKey_file(c_ctx, 660 (client_key ? client_key : client_cert), 661 SSL_FILETYPE_PEM); 662 } 663 664 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || 665 (!SSL_CTX_set_default_verify_paths(s_ctx)) || 666 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || 667 (!SSL_CTX_set_default_verify_paths(c_ctx))) { 668 /* fprintf(stderr,"SSL_load_verify_locations\n"); */ 669 ERR_print_errors(bio_err); 670 /* goto end; */ 671 } 672 673 if (client_auth) { 674 BIO_printf(bio_err, "client authentication\n"); 675 SSL_CTX_set_verify(s_ctx, 676 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 677 verify_callback); 678 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, 679 app_verify_arg); 680 } 681 if (server_auth) { 682 BIO_printf(bio_err, "server authentication\n"); 683 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, 684 verify_callback); 685 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, 686 app_verify_arg); 687 } 688 689 { 690 int session_id_context = 0; 691 SSL_CTX_set_session_id_context(s_ctx, 692 (void *)&session_id_context, sizeof(session_id_context)); 693 } 694 695 if (alpn_server != NULL) 696 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL); 697 698 if (alpn_client != NULL) { 699 unsigned short alpn_len; 700 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client); 701 702 if (alpn == NULL) { 703 BIO_printf(bio_err, "Error parsing -alpn_client argument\n"); 704 goto end; 705 } 706 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len); 707 free(alpn); 708 } 709 710 c_ssl = SSL_new(c_ctx); 711 s_ssl = SSL_new(s_ctx); 712 713 for (i = 0; i < number; i++) { 714 if (!reuse) 715 SSL_set_session(c_ssl, NULL); 716 if (bio_pair) 717 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, 718 &c_time); 719 else 720 ret = doit(s_ssl, c_ssl, bytes); 721 } 722 723 if (!verbose) { 724 print_details(c_ssl, ""); 725 } 726 if ((number > 1) || (bytes > 1L)) 727 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", 728 number, bytes); 729 if (print_time) { 730 #ifdef CLOCKS_PER_SEC 731 /* "To determine the time in seconds, the value returned 732 * by the clock function should be divided by the value 733 * of the macro CLOCKS_PER_SEC." 734 * -- ISO/IEC 9899 */ 735 BIO_printf(bio_stdout, 736 "Approximate total server time: %6.2f s\n" 737 "Approximate total client time: %6.2f s\n", 738 (double)s_time/CLOCKS_PER_SEC, 739 (double)c_time/CLOCKS_PER_SEC); 740 #else 741 /* "`CLOCKS_PER_SEC' undeclared (first use this function)" 742 * -- cc on NeXTstep/OpenStep */ 743 BIO_printf(bio_stdout, 744 "Approximate total server time: %6.2f units\n" 745 "Approximate total client time: %6.2f units\n", 746 (double)s_time, 747 (double)c_time); 748 #endif 749 } 750 751 SSL_free(s_ssl); 752 SSL_free(c_ssl); 753 754 end: 755 SSL_CTX_free(s_ctx); 756 SSL_CTX_free(c_ctx); 757 BIO_free(bio_stdout); 758 759 #ifndef OPENSSL_NO_ENGINE 760 ENGINE_cleanup(); 761 #endif 762 CRYPTO_cleanup_all_ex_data(); 763 ERR_free_strings(); 764 ERR_remove_thread_state(NULL); 765 EVP_cleanup(); 766 CRYPTO_mem_leaks(bio_err); 767 BIO_free(bio_err); 768 769 exit(ret); 770 return ret; 771 } 772 773 int 774 doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time, 775 clock_t *c_time) 776 { 777 long cw_num = count, cr_num = count, sw_num = count, sr_num = count; 778 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; 779 BIO *server = NULL, *server_io = NULL; 780 BIO *client = NULL, *client_io = NULL; 781 int ret = 1; 782 783 size_t bufsiz = 256; /* small buffer for testing */ 784 785 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) 786 goto err; 787 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) 788 goto err; 789 790 s_ssl_bio = BIO_new(BIO_f_ssl()); 791 if (!s_ssl_bio) 792 goto err; 793 794 c_ssl_bio = BIO_new(BIO_f_ssl()); 795 if (!c_ssl_bio) 796 goto err; 797 798 SSL_set_connect_state(c_ssl); 799 SSL_set_bio(c_ssl, client, client); 800 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE); 801 802 SSL_set_accept_state(s_ssl); 803 SSL_set_bio(s_ssl, server, server); 804 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); 805 806 do { 807 /* c_ssl_bio: SSL filter BIO 808 * 809 * client: pseudo-I/O for SSL library 810 * 811 * client_io: client's SSL communication; usually to be 812 * relayed over some I/O facility, but in this 813 * test program, we're the server, too: 814 * 815 * server_io: server's SSL communication 816 * 817 * server: pseudo-I/O for SSL library 818 * 819 * s_ssl_bio: SSL filter BIO 820 * 821 * The client and the server each employ a "BIO pair": 822 * client + client_io, server + server_io. 823 * BIO pairs are symmetric. A BIO pair behaves similar 824 * to a non-blocking socketpair (but both endpoints must 825 * be handled by the same thread). 826 * [Here we could connect client and server to the ends 827 * of a single BIO pair, but then this code would be less 828 * suitable as an example for BIO pairs in general.] 829 * 830 * Useful functions for querying the state of BIO pair endpoints: 831 * 832 * BIO_ctrl_pending(bio) number of bytes we can read now 833 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil 834 * other side's read attempt 835 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now 836 * 837 * ..._read_request is never more than ..._write_guarantee; 838 * it depends on the application which one you should use. 839 */ 840 841 /* We have non-blocking behaviour throughout this test program, but 842 * can be sure that there is *some* progress in each iteration; so 843 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE 844 * -- we just try everything in each iteration 845 */ 846 847 { 848 /* CLIENT */ 849 850 char cbuf[1024*8]; 851 int i, r; 852 clock_t c_clock = clock(); 853 854 memset(cbuf, 0, sizeof(cbuf)); 855 856 if (debug) 857 if (SSL_in_init(c_ssl)) 858 printf("client waiting in SSL_connect - %s\n", 859 SSL_state_string_long(c_ssl)); 860 861 if (cw_num > 0) { 862 /* Write to server. */ 863 864 if (cw_num > (long)sizeof cbuf) 865 i = sizeof cbuf; 866 else 867 i = (int)cw_num; 868 r = BIO_write(c_ssl_bio, cbuf, i); 869 if (r < 0) { 870 if (!BIO_should_retry(c_ssl_bio)) { 871 fprintf(stderr, "ERROR in CLIENT\n"); 872 goto err; 873 } 874 /* BIO_should_retry(...) can just be ignored here. 875 * The library expects us to call BIO_write with 876 * the same arguments again, and that's what we will 877 * do in the next iteration. */ 878 } else if (r == 0) { 879 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 880 goto err; 881 } else { 882 if (debug) 883 printf("client wrote %d\n", r); 884 cw_num -= r; 885 886 } 887 } 888 889 if (cr_num > 0) { 890 /* Read from server. */ 891 892 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); 893 if (r < 0) { 894 if (!BIO_should_retry(c_ssl_bio)) { 895 fprintf(stderr, "ERROR in CLIENT\n"); 896 goto err; 897 } 898 /* Again, "BIO_should_retry" can be ignored. */ 899 } else if (r == 0) { 900 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 901 goto err; 902 } else { 903 if (debug) 904 printf("client read %d\n", r); 905 cr_num -= r; 906 } 907 } 908 909 /* c_time and s_time increments will typically be very small 910 * (depending on machine speed and clock tick intervals), 911 * but sampling over a large number of connections should 912 * result in fairly accurate figures. We cannot guarantee 913 * a lot, however -- if each connection lasts for exactly 914 * one clock tick, it will be counted only for the client 915 * or only for the server or even not at all. 916 */ 917 *c_time += (clock() - c_clock); 918 } 919 920 { 921 /* SERVER */ 922 923 char sbuf[1024*8]; 924 int i, r; 925 clock_t s_clock = clock(); 926 927 memset(sbuf, 0, sizeof(sbuf)); 928 929 if (debug) 930 if (SSL_in_init(s_ssl)) 931 printf("server waiting in SSL_accept - %s\n", 932 SSL_state_string_long(s_ssl)); 933 934 if (sw_num > 0) { 935 /* Write to client. */ 936 937 if (sw_num > (long)sizeof sbuf) 938 i = sizeof sbuf; 939 else 940 i = (int)sw_num; 941 r = BIO_write(s_ssl_bio, sbuf, i); 942 if (r < 0) { 943 if (!BIO_should_retry(s_ssl_bio)) { 944 fprintf(stderr, "ERROR in SERVER\n"); 945 goto err; 946 } 947 /* Ignore "BIO_should_retry". */ 948 } else if (r == 0) { 949 fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); 950 goto err; 951 } else { 952 if (debug) 953 printf("server wrote %d\n", r); 954 sw_num -= r; 955 956 } 957 } 958 959 if (sr_num > 0) { 960 /* Read from client. */ 961 962 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); 963 if (r < 0) { 964 if (!BIO_should_retry(s_ssl_bio)) { 965 fprintf(stderr, "ERROR in SERVER\n"); 966 goto err; 967 } 968 /* blah, blah */ 969 } else if (r == 0) { 970 fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); 971 goto err; 972 } else { 973 if (debug) 974 printf("server read %d\n", r); 975 sr_num -= r; 976 } 977 } 978 979 *s_time += (clock() - s_clock); 980 } 981 982 { 983 /* "I/O" BETWEEN CLIENT AND SERVER. */ 984 985 size_t r1, r2; 986 BIO *io1 = server_io, *io2 = client_io; 987 /* we use the non-copying interface for io1 988 * and the standard BIO_write/BIO_read interface for io2 989 */ 990 991 static int prev_progress = 1; 992 int progress = 0; 993 994 /* io1 to io2 */ 995 do { 996 size_t num; 997 int r; 998 999 r1 = BIO_ctrl_pending(io1); 1000 r2 = BIO_ctrl_get_write_guarantee(io2); 1001 1002 num = r1; 1003 if (r2 < num) 1004 num = r2; 1005 if (num) { 1006 char *dataptr; 1007 1008 if (INT_MAX < num) /* yeah, right */ 1009 num = INT_MAX; 1010 1011 r = BIO_nread(io1, &dataptr, (int)num); 1012 assert(r > 0); 1013 assert(r <= (int)num); 1014 /* possibly r < num (non-contiguous data) */ 1015 num = r; 1016 r = BIO_write(io2, dataptr, (int)num); 1017 if (r != (int)num) /* can't happen */ 1018 { 1019 fprintf(stderr, "ERROR: BIO_write could not write " 1020 "BIO_ctrl_get_write_guarantee() bytes"); 1021 goto err; 1022 } 1023 progress = 1; 1024 1025 if (debug) 1026 printf((io1 == client_io) ? 1027 "C->S relaying: %d bytes\n" : 1028 "S->C relaying: %d bytes\n", 1029 (int)num); 1030 } 1031 } while (r1 && r2); 1032 1033 /* io2 to io1 */ 1034 { 1035 size_t num; 1036 int r; 1037 1038 r1 = BIO_ctrl_pending(io2); 1039 r2 = BIO_ctrl_get_read_request(io1); 1040 /* here we could use ..._get_write_guarantee instead of 1041 * ..._get_read_request, but by using the latter 1042 * we test restartability of the SSL implementation 1043 * more thoroughly */ 1044 num = r1; 1045 if (r2 < num) 1046 num = r2; 1047 if (num) { 1048 char *dataptr; 1049 1050 if (INT_MAX < num) 1051 num = INT_MAX; 1052 1053 if (num > 1) 1054 --num; /* test restartability even more thoroughly */ 1055 1056 r = BIO_nwrite0(io1, &dataptr); 1057 assert(r > 0); 1058 if (r < (int)num) 1059 num = r; 1060 r = BIO_read(io2, dataptr, (int)num); 1061 if (r != (int)num) /* can't happen */ 1062 { 1063 fprintf(stderr, "ERROR: BIO_read could not read " 1064 "BIO_ctrl_pending() bytes"); 1065 goto err; 1066 } 1067 progress = 1; 1068 r = BIO_nwrite(io1, &dataptr, (int)num); 1069 if (r != (int)num) /* can't happen */ 1070 { 1071 fprintf(stderr, "ERROR: BIO_nwrite() did not accept " 1072 "BIO_nwrite0() bytes"); 1073 goto err; 1074 } 1075 1076 if (debug) 1077 printf((io2 == client_io) ? 1078 "C->S relaying: %d bytes\n" : 1079 "S->C relaying: %d bytes\n", 1080 (int)num); 1081 } 1082 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ 1083 1084 if (!progress && !prev_progress) { 1085 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) { 1086 fprintf(stderr, "ERROR: got stuck\n"); 1087 goto err; 1088 } 1089 } 1090 prev_progress = progress; 1091 } 1092 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); 1093 1094 if (verbose) 1095 print_details(c_ssl, "DONE via BIO pair: "); 1096 1097 if (verify_alpn(c_ssl, s_ssl) < 0) { 1098 ret = 1; 1099 goto err; 1100 } 1101 1102 ret = 0; 1103 1104 err: 1105 ERR_print_errors(bio_err); 1106 1107 BIO_free(server); 1108 BIO_free(server_io); 1109 BIO_free(client); 1110 BIO_free(client_io); 1111 BIO_free(s_ssl_bio); 1112 BIO_free(c_ssl_bio); 1113 1114 return ret; 1115 } 1116 1117 1118 #define W_READ 1 1119 #define W_WRITE 2 1120 #define C_DONE 1 1121 #define S_DONE 2 1122 1123 int 1124 doit(SSL *s_ssl, SSL *c_ssl, long count) 1125 { 1126 char cbuf[1024*8], sbuf[1024*8]; 1127 long cw_num = count, cr_num = count; 1128 long sw_num = count, sr_num = count; 1129 int ret = 1; 1130 BIO *c_to_s = NULL; 1131 BIO *s_to_c = NULL; 1132 BIO *c_bio = NULL; 1133 BIO *s_bio = NULL; 1134 int c_r, c_w, s_r, s_w; 1135 int i, j; 1136 int done = 0; 1137 int c_write, s_write; 1138 int do_server = 0, do_client = 0; 1139 1140 memset(cbuf, 0, sizeof(cbuf)); 1141 memset(sbuf, 0, sizeof(sbuf)); 1142 1143 c_to_s = BIO_new(BIO_s_mem()); 1144 s_to_c = BIO_new(BIO_s_mem()); 1145 if ((s_to_c == NULL) || (c_to_s == NULL)) { 1146 ERR_print_errors(bio_err); 1147 goto err; 1148 } 1149 1150 c_bio = BIO_new(BIO_f_ssl()); 1151 s_bio = BIO_new(BIO_f_ssl()); 1152 if ((c_bio == NULL) || (s_bio == NULL)) { 1153 ERR_print_errors(bio_err); 1154 goto err; 1155 } 1156 1157 SSL_set_connect_state(c_ssl); 1158 SSL_set_bio(c_ssl, s_to_c, c_to_s); 1159 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE); 1160 1161 SSL_set_accept_state(s_ssl); 1162 SSL_set_bio(s_ssl, c_to_s, s_to_c); 1163 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE); 1164 1165 c_r = 0; 1166 s_r = 1; 1167 c_w = 1; 1168 s_w = 0; 1169 c_write = 1, s_write = 0; 1170 1171 /* We can always do writes */ 1172 for (;;) { 1173 do_server = 0; 1174 do_client = 0; 1175 1176 i = (int)BIO_pending(s_bio); 1177 if ((i && s_r) || s_w) 1178 do_server = 1; 1179 1180 i = (int)BIO_pending(c_bio); 1181 if ((i && c_r) || c_w) 1182 do_client = 1; 1183 1184 if (do_server && debug) { 1185 if (SSL_in_init(s_ssl)) 1186 printf("server waiting in SSL_accept - %s\n", 1187 SSL_state_string_long(s_ssl)); 1188 } 1189 1190 if (do_client && debug) { 1191 if (SSL_in_init(c_ssl)) 1192 printf("client waiting in SSL_connect - %s\n", 1193 SSL_state_string_long(c_ssl)); 1194 } 1195 1196 if (!do_client && !do_server) { 1197 fprintf(stdout, "ERROR in STARTUP\n"); 1198 ERR_print_errors(bio_err); 1199 goto err; 1200 } 1201 1202 if (do_client && !(done & C_DONE)) { 1203 if (c_write) { 1204 j = (cw_num > (long)sizeof(cbuf)) ? 1205 (int)sizeof(cbuf) : (int)cw_num; 1206 i = BIO_write(c_bio, cbuf, j); 1207 if (i < 0) { 1208 c_r = 0; 1209 c_w = 0; 1210 if (BIO_should_retry(c_bio)) { 1211 if (BIO_should_read(c_bio)) 1212 c_r = 1; 1213 if (BIO_should_write(c_bio)) 1214 c_w = 1; 1215 } else { 1216 fprintf(stderr, "ERROR in CLIENT\n"); 1217 ERR_print_errors(bio_err); 1218 goto err; 1219 } 1220 } else if (i == 0) { 1221 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 1222 goto err; 1223 } else { 1224 if (debug) 1225 printf("client wrote %d\n", i); 1226 /* ok */ 1227 s_r = 1; 1228 c_write = 0; 1229 cw_num -= i; 1230 } 1231 } else { 1232 i = BIO_read(c_bio, cbuf, sizeof(cbuf)); 1233 if (i < 0) { 1234 c_r = 0; 1235 c_w = 0; 1236 if (BIO_should_retry(c_bio)) { 1237 if (BIO_should_read(c_bio)) 1238 c_r = 1; 1239 if (BIO_should_write(c_bio)) 1240 c_w = 1; 1241 } else { 1242 fprintf(stderr, "ERROR in CLIENT\n"); 1243 ERR_print_errors(bio_err); 1244 goto err; 1245 } 1246 } else if (i == 0) { 1247 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 1248 goto err; 1249 } else { 1250 if (debug) 1251 printf("client read %d\n", i); 1252 cr_num -= i; 1253 if (sw_num > 0) { 1254 s_write = 1; 1255 s_w = 1; 1256 } 1257 if (cr_num <= 0) { 1258 s_write = 1; 1259 s_w = 1; 1260 done = S_DONE|C_DONE; 1261 } 1262 } 1263 } 1264 } 1265 1266 if (do_server && !(done & S_DONE)) { 1267 if (!s_write) { 1268 i = BIO_read(s_bio, sbuf, sizeof(cbuf)); 1269 if (i < 0) { 1270 s_r = 0; 1271 s_w = 0; 1272 if (BIO_should_retry(s_bio)) { 1273 if (BIO_should_read(s_bio)) 1274 s_r = 1; 1275 if (BIO_should_write(s_bio)) 1276 s_w = 1; 1277 } else { 1278 fprintf(stderr, "ERROR in SERVER\n"); 1279 ERR_print_errors(bio_err); 1280 goto err; 1281 } 1282 } else if (i == 0) { 1283 ERR_print_errors(bio_err); 1284 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n"); 1285 goto err; 1286 } else { 1287 if (debug) 1288 printf("server read %d\n", i); 1289 sr_num -= i; 1290 if (cw_num > 0) { 1291 c_write = 1; 1292 c_w = 1; 1293 } 1294 if (sr_num <= 0) { 1295 s_write = 1; 1296 s_w = 1; 1297 c_write = 0; 1298 } 1299 } 1300 } else { 1301 j = (sw_num > (long)sizeof(sbuf)) ? 1302 (int)sizeof(sbuf) : (int)sw_num; 1303 i = BIO_write(s_bio, sbuf, j); 1304 if (i < 0) { 1305 s_r = 0; 1306 s_w = 0; 1307 if (BIO_should_retry(s_bio)) { 1308 if (BIO_should_read(s_bio)) 1309 s_r = 1; 1310 if (BIO_should_write(s_bio)) 1311 s_w = 1; 1312 } else { 1313 fprintf(stderr, "ERROR in SERVER\n"); 1314 ERR_print_errors(bio_err); 1315 goto err; 1316 } 1317 } else if (i == 0) { 1318 ERR_print_errors(bio_err); 1319 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n"); 1320 goto err; 1321 } else { 1322 if (debug) 1323 printf("server wrote %d\n", i); 1324 sw_num -= i; 1325 s_write = 0; 1326 c_r = 1; 1327 if (sw_num <= 0) 1328 done |= S_DONE; 1329 } 1330 } 1331 } 1332 1333 if ((done & S_DONE) && (done & C_DONE)) 1334 break; 1335 } 1336 1337 if (verbose) 1338 print_details(c_ssl, "DONE: "); 1339 1340 if (verify_alpn(c_ssl, s_ssl) < 0) { 1341 ret = 1; 1342 goto err; 1343 } 1344 1345 ret = 0; 1346 err: 1347 /* We have to set the BIO's to NULL otherwise they will be 1348 * free()ed twice. Once when th s_ssl is SSL_free()ed and 1349 * again when c_ssl is SSL_free()ed. 1350 * This is a hack required because s_ssl and c_ssl are sharing the same 1351 * BIO structure and SSL_set_bio() and SSL_free() automatically 1352 * BIO_free non NULL entries. 1353 * You should not normally do this or be required to do this */ 1354 if (s_ssl != NULL) { 1355 s_ssl->rbio = NULL; 1356 s_ssl->wbio = NULL; 1357 } 1358 if (c_ssl != NULL) { 1359 c_ssl->rbio = NULL; 1360 c_ssl->wbio = NULL; 1361 } 1362 1363 BIO_free(c_to_s); 1364 BIO_free(s_to_c); 1365 BIO_free_all(c_bio); 1366 BIO_free_all(s_bio); 1367 1368 return (ret); 1369 } 1370 1371 static int 1372 verify_callback(int ok, X509_STORE_CTX *ctx) 1373 { 1374 X509 *xs; 1375 char *s, buf[256]; 1376 int error, error_depth; 1377 1378 xs = X509_STORE_CTX_get_current_cert(ctx); 1379 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, sizeof buf); 1380 error = X509_STORE_CTX_get_error(ctx); 1381 error_depth = X509_STORE_CTX_get_error_depth(ctx); 1382 if (s != NULL) { 1383 if (ok) 1384 fprintf(stderr, "depth=%d %s\n", error_depth, buf); 1385 else { 1386 fprintf(stderr, "depth=%d error=%d %s\n", error_depth, 1387 error, buf); 1388 } 1389 } 1390 1391 if (ok == 0) { 1392 fprintf(stderr, "Error string: %s\n", 1393 X509_verify_cert_error_string(error)); 1394 switch (error) { 1395 case X509_V_ERR_CERT_NOT_YET_VALID: 1396 case X509_V_ERR_CERT_HAS_EXPIRED: 1397 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1398 fprintf(stderr, " ... ignored.\n"); 1399 ok = 1; 1400 } 1401 } 1402 1403 return (ok); 1404 } 1405 1406 static int 1407 app_verify_callback(X509_STORE_CTX *ctx, void *arg) 1408 { 1409 X509 *xs; 1410 char *s = NULL, buf[256]; 1411 const char *cb_arg = arg; 1412 1413 xs = X509_STORE_CTX_get0_cert(ctx); 1414 fprintf(stderr, "In app_verify_callback, allowing cert. "); 1415 fprintf(stderr, "Arg is: %s\n", cb_arg); 1416 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", 1417 (void *)ctx, (void *)xs); 1418 if (xs) 1419 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, 256); 1420 if (s != NULL) { 1421 fprintf(stderr, "cert depth=%d %s\n", 1422 X509_STORE_CTX_get_error_depth(ctx), buf); 1423 } 1424 1425 return 1; 1426 } 1427 1428 /* These DH parameters have been generated as follows: 1429 * $ openssl dhparam -C -noout 1024 1430 * $ openssl dhparam -C -noout -dsaparam 1024 1431 * (The second function has been renamed to avoid name conflicts.) 1432 */ 1433 static DH * 1434 get_dh1024(void) 1435 { 1436 static unsigned char dh1024_p[] = { 1437 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A, 1438 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2, 1439 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0, 1440 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2, 1441 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C, 1442 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8, 1443 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52, 1444 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1, 1445 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1, 1446 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB, 1447 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53, 1448 }; 1449 static unsigned char dh1024_g[] = { 1450 0x02, 1451 }; 1452 DH *dh; 1453 BIGNUM *dh_p = NULL, *dh_g = NULL; 1454 1455 if ((dh = DH_new()) == NULL) 1456 return NULL; 1457 1458 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 1459 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 1460 if (dh_p == NULL || dh_g == NULL) 1461 goto err; 1462 1463 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) 1464 goto err; 1465 1466 return dh; 1467 1468 err: 1469 BN_free(dh_p); 1470 BN_free(dh_g); 1471 DH_free(dh); 1472 return NULL; 1473 } 1474 1475 static DH * 1476 get_dh1024dsa(void) 1477 { 1478 static unsigned char dh1024_p[] = { 1479 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00, 1480 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19, 1481 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2, 1482 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55, 1483 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC, 1484 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97, 1485 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D, 1486 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB, 1487 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6, 1488 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E, 1489 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39, 1490 }; 1491 static unsigned char dh1024_g[] = { 1492 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05, 1493 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3, 1494 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9, 1495 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C, 1496 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65, 1497 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60, 1498 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6, 1499 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7, 1500 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1, 1501 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60, 1502 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, 1503 }; 1504 DH *dh; 1505 BIGNUM *dh_p = NULL, *dh_g = NULL; 1506 1507 if ((dh = DH_new()) == NULL) 1508 return NULL; 1509 1510 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 1511 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 1512 if (dh_p == NULL || dh_g == NULL) 1513 goto err; 1514 1515 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) 1516 goto err; 1517 1518 DH_set_length(dh, 160); 1519 1520 return dh; 1521 1522 err: 1523 BN_free(dh_p); 1524 BN_free(dh_g); 1525 DH_free(dh); 1526 return NULL; 1527 } 1528