1 /* $OpenBSD: ssltest.c,v 1.44 2023/11/19 13:12:06 tb Exp $ */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 /* ==================================================================== 59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * 68 * 2. Redistributions in binary form must reproduce the above copyright 69 * notice, this list of conditions and the following disclaimer in 70 * the documentation and/or other materials provided with the 71 * distribution. 72 * 73 * 3. All advertising materials mentioning features or use of this 74 * software must display the following acknowledgment: 75 * "This product includes software developed by the OpenSSL Project 76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77 * 78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79 * endorse or promote products derived from this software without 80 * prior written permission. For written permission, please contact 81 * openssl-core@openssl.org. 82 * 83 * 5. Products derived from this software may not be called "OpenSSL" 84 * nor may "OpenSSL" appear in their names without prior written 85 * permission of the OpenSSL Project. 86 * 87 * 6. Redistributions of any form whatsoever must retain the following 88 * acknowledgment: 89 * "This product includes software developed by the OpenSSL Project 90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91 * 92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103 * OF THE POSSIBILITY OF SUCH DAMAGE. 104 * ==================================================================== 105 * 106 * This product includes cryptographic software written by Eric Young 107 * (eay@cryptsoft.com). This product includes software written by Tim 108 * Hudson (tjh@cryptsoft.com). 109 * 110 */ 111 /* ==================================================================== 112 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 113 * ECC cipher suite support in OpenSSL originally developed by 114 * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. 115 */ 116 /* ==================================================================== 117 * Copyright 2005 Nokia. All rights reserved. 118 * 119 * The portions of the attached software ("Contribution") is developed by 120 * Nokia Corporation and is licensed pursuant to the OpenSSL open source 121 * license. 122 * 123 * The Contribution, originally written by Mika Kousa and Pasi Eronen of 124 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites 125 * support (see RFC 4279) to OpenSSL. 126 * 127 * No patent licenses or other rights except those expressly stated in 128 * the OpenSSL open source license shall be deemed granted or received 129 * expressly, by implication, estoppel, or otherwise. 130 * 131 * No assurances are provided by Nokia that the Contribution does not 132 * infringe the patent or other intellectual property rights of any third 133 * party or that the license provides you with all the necessary rights 134 * to make use of the Contribution. 135 * 136 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN 137 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA 138 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY 139 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR 140 * OTHERWISE. 141 */ 142 143 /* XXX - USE_BIOPAIR code needs updating for BIO_n{read,write}{,0} removal. */ 144 /* #define USE_BIOPAIR */ 145 146 #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly 147 on Linux and GNU platforms. */ 148 #include <sys/types.h> 149 #include <sys/socket.h> 150 151 #include <netinet/in.h> 152 153 #include <assert.h> 154 #include <errno.h> 155 #include <limits.h> 156 #include <netdb.h> 157 #include <stdio.h> 158 #include <stdlib.h> 159 #include <string.h> 160 #include <time.h> 161 #include <unistd.h> 162 163 #include <openssl/opensslconf.h> 164 #include <openssl/bio.h> 165 #include <openssl/crypto.h> 166 #include <openssl/evp.h> 167 #include <openssl/x509.h> 168 #include <openssl/x509v3.h> 169 #include <openssl/ssl.h> 170 #include <openssl/err.h> 171 #include <openssl/rand.h> 172 #include <openssl/rsa.h> 173 #include <openssl/dsa.h> 174 #include <openssl/dh.h> 175 #include <openssl/bn.h> 176 177 #include "ssl_local.h" 178 179 #define TEST_SERVER_CERT "../apps/server.pem" 180 #define TEST_CLIENT_CERT "../apps/client.pem" 181 182 static int verify_callback(int ok, X509_STORE_CTX *ctx); 183 static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); 184 185 static DH *get_dh1024(void); 186 static DH *get_dh1024dsa(void); 187 188 static BIO *bio_err = NULL; 189 static BIO *bio_stdout = NULL; 190 191 static const char *alpn_client; 192 static const char *alpn_server; 193 static const char *alpn_expected; 194 static unsigned char *alpn_selected; 195 196 /* 197 * next_protos_parse parses a comma separated list of strings into a string 198 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. 199 * outlen: (output) set to the length of the resulting buffer on success. 200 * err: (maybe NULL) on failure, an error message line is written to this BIO. 201 * in: a NUL terminated string like "abc,def,ghi" 202 * 203 * returns: a malloced buffer or NULL on failure. 204 */ 205 static unsigned char * 206 next_protos_parse(unsigned short *outlen, const char *in) 207 { 208 size_t i, len, start = 0; 209 unsigned char *out; 210 211 len = strlen(in); 212 if (len >= 65535) 213 return (NULL); 214 215 if ((out = malloc(strlen(in) + 1)) == NULL) 216 return (NULL); 217 218 for (i = 0; i <= len; ++i) { 219 if (i == len || in[i] == ',') { 220 if (i - start > 255) { 221 free(out); 222 return (NULL); 223 } 224 out[start] = i - start; 225 start = i + 1; 226 } else 227 out[i+1] = in[i]; 228 } 229 *outlen = len + 1; 230 return (out); 231 } 232 233 static int 234 cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen, 235 const unsigned char *in, unsigned int inlen, void *arg) 236 { 237 unsigned char *protos; 238 unsigned short protos_len; 239 240 if ((protos = next_protos_parse(&protos_len, alpn_server)) == NULL) { 241 fprintf(stderr, 242 "failed to parser ALPN server protocol string: %s\n", 243 alpn_server); 244 abort(); 245 } 246 247 if (SSL_select_next_proto((unsigned char **)out, outlen, protos, 248 protos_len, in, inlen) != OPENSSL_NPN_NEGOTIATED) { 249 free(protos); 250 return (SSL_TLSEXT_ERR_NOACK); 251 } 252 253 /* 254 * Make a copy of the selected protocol which will be freed in 255 * verify_alpn. 256 */ 257 free(alpn_selected); 258 if ((alpn_selected = malloc(*outlen)) == NULL) { 259 fprintf(stderr, "malloc failed\n"); 260 abort(); 261 } 262 memcpy(alpn_selected, *out, *outlen); 263 *out = alpn_selected; 264 free(protos); 265 266 return (SSL_TLSEXT_ERR_OK); 267 } 268 269 static int 270 verify_alpn(SSL *client, SSL *server) 271 { 272 const unsigned char *client_proto, *server_proto; 273 unsigned int client_proto_len = 0, server_proto_len = 0; 274 275 SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); 276 SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); 277 278 free(alpn_selected); 279 alpn_selected = NULL; 280 281 if (client_proto_len != server_proto_len || (client_proto_len > 0 && 282 memcmp(client_proto, server_proto, client_proto_len) != 0)) { 283 BIO_printf(bio_stdout, "ALPN selected protocols differ!\n"); 284 goto err; 285 } 286 287 if (client_proto_len > 0 && alpn_expected == NULL) { 288 BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n"); 289 goto err; 290 } 291 292 if (alpn_expected != NULL && 293 (client_proto_len != strlen(alpn_expected) || 294 memcmp(client_proto, alpn_expected, client_proto_len) != 0)) { 295 BIO_printf(bio_stdout, "ALPN selected protocols not equal to " 296 "expected protocol: %s\n", alpn_expected); 297 goto err; 298 } 299 300 return (0); 301 302 err: 303 BIO_printf(bio_stdout, "ALPN results: client: '"); 304 BIO_write(bio_stdout, client_proto, client_proto_len); 305 BIO_printf(bio_stdout, "', server: '"); 306 BIO_write(bio_stdout, server_proto, server_proto_len); 307 BIO_printf(bio_stdout, "'\n"); 308 BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '%s'\n", 309 alpn_client, alpn_server); 310 311 return (-1); 312 } 313 314 static char *cipher = NULL; 315 static int verbose = 0; 316 static int debug = 0; 317 318 int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time, 319 clock_t *c_time); 320 int doit(SSL *s_ssl, SSL *c_ssl, long bytes); 321 322 static void 323 sv_usage(void) 324 { 325 fprintf(stderr, "usage: ssltest [args ...]\n"); 326 fprintf(stderr, "\n"); 327 fprintf(stderr, " -server_auth - check server certificate\n"); 328 fprintf(stderr, " -client_auth - do client authentication\n"); 329 fprintf(stderr, " -proxy - allow proxy certificates\n"); 330 fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n"); 331 fprintf(stderr, " -proxy_cond <val> - experssion to test proxy policy rights\n"); 332 fprintf(stderr, " -v - more output\n"); 333 fprintf(stderr, " -d - debug output\n"); 334 fprintf(stderr, " -reuse - use session-id reuse\n"); 335 fprintf(stderr, " -num <val> - number of connections to perform\n"); 336 fprintf(stderr, " -bytes <val> - number of bytes to swap between client/server\n"); 337 fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); 338 fprintf(stderr, " -no_dhe - disable DHE\n"); 339 fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); 340 fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n"); 341 fprintf(stderr, " -tls1 - use TLSv1\n"); 342 fprintf(stderr, " -tls1_2 - use TLSv1.2\n"); 343 fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); 344 fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); 345 fprintf(stderr, " -cert arg - Server certificate file\n"); 346 fprintf(stderr, " -key arg - Server key file (default: same as -cert)\n"); 347 fprintf(stderr, " -c_cert arg - Client certificate file\n"); 348 fprintf(stderr, " -c_key arg - Client key file (default: same as -c_cert)\n"); 349 fprintf(stderr, " -cipher arg - The cipher list\n"); 350 fprintf(stderr, " -bio_pair - Use BIO pairs\n"); 351 fprintf(stderr, " -f - Test even cases that can't work\n"); 352 fprintf(stderr, " -time - measure processor time used by client and server\n"); 353 fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \ 354 " Use \"openssl ecparam -list_curves\" for all names\n" \ 355 " (default is sect163r2).\n"); 356 fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n"); 357 fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n"); 358 fprintf(stderr, " -alpn_expected <string> - the ALPN protocol that should be negotiated\n"); 359 } 360 361 static void 362 print_details(SSL *c_ssl, const char *prefix) 363 { 364 const SSL_CIPHER *ciph; 365 X509 *cert = NULL; 366 EVP_PKEY *pkey; 367 368 ciph = SSL_get_current_cipher(c_ssl); 369 BIO_printf(bio_stdout, "%s%s, cipher %s %s", 370 prefix, SSL_get_version(c_ssl), SSL_CIPHER_get_version(ciph), 371 SSL_CIPHER_get_name(ciph)); 372 373 if ((cert = SSL_get_peer_certificate(c_ssl)) == NULL) 374 goto out; 375 if ((pkey = X509_get0_pubkey(cert)) == NULL) 376 goto out; 377 if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) { 378 RSA *rsa; 379 380 if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) 381 goto out; 382 383 BIO_printf(bio_stdout, ", %d bit RSA", RSA_bits(rsa)); 384 } else if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) { 385 DSA *dsa; 386 const BIGNUM *p; 387 388 if ((dsa = EVP_PKEY_get0_DSA(pkey)) == NULL) 389 goto out; 390 391 DSA_get0_pqg(dsa, &p, NULL, NULL); 392 393 BIO_printf(bio_stdout, ", %d bit DSA", BN_num_bits(p)); 394 } 395 396 out: 397 /* 398 * The SSL API does not allow us to look at temporary RSA/DH keys, 399 * otherwise we should print their lengths too 400 */ 401 BIO_printf(bio_stdout, "\n"); 402 403 X509_free(cert); 404 } 405 406 int 407 main(int argc, char *argv[]) 408 { 409 char *CApath = NULL, *CAfile = NULL; 410 int badop = 0; 411 int bio_pair = 0; 412 int force = 0; 413 int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1; 414 int client_auth = 0; 415 int server_auth = 0, i; 416 char *app_verify_arg = "Test Callback Argument"; 417 char *server_cert = TEST_SERVER_CERT; 418 char *server_key = NULL; 419 char *client_cert = TEST_CLIENT_CERT; 420 char *client_key = NULL; 421 char *named_curve = NULL; 422 SSL_CTX *s_ctx = NULL; 423 SSL_CTX *c_ctx = NULL; 424 const SSL_METHOD *meth = NULL; 425 SSL *c_ssl, *s_ssl; 426 int number = 1, reuse = 0; 427 int seclevel = 0; 428 long bytes = 256L; 429 DH *dh; 430 int dhe1024dsa = 0; 431 EC_KEY *ecdh = NULL; 432 int no_dhe = 0; 433 int no_ecdhe = 0; 434 int print_time = 0; 435 clock_t s_time = 0, c_time = 0; 436 437 verbose = 0; 438 debug = 0; 439 cipher = 0; 440 441 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE|BIO_FP_TEXT); 442 443 bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE|BIO_FP_TEXT); 444 445 argc--; 446 argv++; 447 448 while (argc >= 1) { 449 if (!strcmp(*argv, "-F")) { 450 fprintf(stderr, "not compiled with FIPS support, so exiting without running.\n"); 451 exit(0); 452 } else if (strcmp(*argv, "-server_auth") == 0) 453 server_auth = 1; 454 else if (strcmp(*argv, "-client_auth") == 0) 455 client_auth = 1; 456 else if (strcmp(*argv, "-v") == 0) 457 verbose = 1; 458 else if (strcmp(*argv, "-d") == 0) 459 debug = 1; 460 else if (strcmp(*argv, "-reuse") == 0) 461 reuse = 1; 462 else if (strcmp(*argv, "-dhe1024dsa") == 0) { 463 dhe1024dsa = 1; 464 } else if (strcmp(*argv, "-no_dhe") == 0) 465 no_dhe = 1; 466 else if (strcmp(*argv, "-no_ecdhe") == 0) 467 no_ecdhe = 1; 468 else if (strcmp(*argv, "-dtls1_2") == 0) 469 dtls1_2 = 1; 470 else if (strcmp(*argv, "-tls1") == 0) 471 tls1 = 1; 472 else if (strcmp(*argv, "-tls1_2") == 0) 473 tls1_2 = 1; 474 else if (strncmp(*argv, "-num", 4) == 0) { 475 if (--argc < 1) 476 goto bad; 477 number = atoi(*(++argv)); 478 if (number == 0) 479 number = 1; 480 } else if (strncmp(*argv, "-seclevel", 9) == 0) { 481 if (--argc < 1) 482 goto bad; 483 seclevel = atoi(*(++argv)); 484 } else if (strcmp(*argv, "-bytes") == 0) { 485 if (--argc < 1) 486 goto bad; 487 bytes = atol(*(++argv)); 488 if (bytes == 0L) 489 bytes = 1L; 490 i = strlen(argv[0]); 491 if (argv[0][i - 1] == 'k') 492 bytes*=1024L; 493 if (argv[0][i - 1] == 'm') 494 bytes*=1024L*1024L; 495 } else if (strcmp(*argv, "-cert") == 0) { 496 if (--argc < 1) 497 goto bad; 498 server_cert= *(++argv); 499 } else if (strcmp(*argv, "-s_cert") == 0) { 500 if (--argc < 1) 501 goto bad; 502 server_cert= *(++argv); 503 } else if (strcmp(*argv, "-key") == 0) { 504 if (--argc < 1) 505 goto bad; 506 server_key= *(++argv); 507 } else if (strcmp(*argv, "-s_key") == 0) { 508 if (--argc < 1) 509 goto bad; 510 server_key= *(++argv); 511 } else if (strcmp(*argv, "-c_cert") == 0) { 512 if (--argc < 1) 513 goto bad; 514 client_cert= *(++argv); 515 } else if (strcmp(*argv, "-c_key") == 0) { 516 if (--argc < 1) 517 goto bad; 518 client_key= *(++argv); 519 } else if (strcmp(*argv, "-cipher") == 0) { 520 if (--argc < 1) 521 goto bad; 522 cipher= *(++argv); 523 } else if (strcmp(*argv, "-CApath") == 0) { 524 if (--argc < 1) 525 goto bad; 526 CApath= *(++argv); 527 } else if (strcmp(*argv, "-CAfile") == 0) { 528 if (--argc < 1) 529 goto bad; 530 CAfile= *(++argv); 531 } else if (strcmp(*argv, "-bio_pair") == 0) { 532 bio_pair = 1; 533 } else if (strcmp(*argv, "-f") == 0) { 534 force = 1; 535 } else if (strcmp(*argv, "-time") == 0) { 536 print_time = 1; 537 } else if (strcmp(*argv, "-named_curve") == 0) { 538 if (--argc < 1) 539 goto bad; 540 named_curve = *(++argv); 541 } else if (strcmp(*argv, "-app_verify") == 0) { 542 ; 543 } else if (strcmp(*argv, "-alpn_client") == 0) { 544 if (--argc < 1) 545 goto bad; 546 alpn_client = *(++argv); 547 } else if (strcmp(*argv, "-alpn_server") == 0) { 548 if (--argc < 1) 549 goto bad; 550 alpn_server = *(++argv); 551 } else if (strcmp(*argv, "-alpn_expected") == 0) { 552 if (--argc < 1) 553 goto bad; 554 alpn_expected = *(++argv); 555 } else { 556 fprintf(stderr, "unknown option %s\n", *argv); 557 badop = 1; 558 break; 559 } 560 argc--; 561 argv++; 562 } 563 if (badop) { 564 bad: 565 sv_usage(); 566 goto end; 567 } 568 569 if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) { 570 fprintf(stderr, 571 "This case cannot work. Use -f to perform " 572 "the test anyway (and\n-d to see what happens), " 573 "or add one of -dtls1, -tls1, -tls1_2, -reuse\n" 574 "to avoid protocol mismatch.\n"); 575 exit(1); 576 } 577 578 if (print_time) { 579 if (!bio_pair) { 580 fprintf(stderr, "Using BIO pair (-bio_pair)\n"); 581 bio_pair = 1; 582 } 583 if (number < 50 && !force) 584 fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n"); 585 } 586 587 /* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */ 588 589 SSL_library_init(); 590 SSL_load_error_strings(); 591 592 if (dtls1_2) 593 meth = DTLSv1_2_method(); 594 else if (tls1) 595 meth = TLSv1_method(); 596 else if (tls1_2) 597 meth = TLSv1_2_method(); 598 else 599 meth = TLS_method(); 600 601 c_ctx = SSL_CTX_new(meth); 602 s_ctx = SSL_CTX_new(meth); 603 if ((c_ctx == NULL) || (s_ctx == NULL)) { 604 ERR_print_errors(bio_err); 605 goto end; 606 } 607 608 SSL_CTX_set_security_level(c_ctx, seclevel); 609 SSL_CTX_set_security_level(s_ctx, seclevel); 610 611 if (cipher != NULL) { 612 SSL_CTX_set_cipher_list(c_ctx, cipher); 613 SSL_CTX_set_cipher_list(s_ctx, cipher); 614 } 615 616 if (!no_dhe) { 617 if (dhe1024dsa) { 618 /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */ 619 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); 620 dh = get_dh1024dsa(); 621 } else 622 dh = get_dh1024(); 623 SSL_CTX_set_tmp_dh(s_ctx, dh); 624 DH_free(dh); 625 } 626 627 if (!no_ecdhe) { 628 int nid; 629 630 if (named_curve != NULL) { 631 nid = OBJ_sn2nid(named_curve); 632 if (nid == 0) { 633 BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); 634 goto end; 635 } 636 } else 637 nid = NID_X9_62_prime256v1; 638 639 ecdh = EC_KEY_new_by_curve_name(nid); 640 if (ecdh == NULL) { 641 BIO_printf(bio_err, "unable to create curve\n"); 642 goto end; 643 } 644 645 SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); 646 SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE); 647 EC_KEY_free(ecdh); 648 } 649 650 if (!SSL_CTX_use_certificate_chain_file(s_ctx, server_cert)) { 651 ERR_print_errors(bio_err); 652 } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, 653 (server_key ? server_key : server_cert), SSL_FILETYPE_PEM)) { 654 ERR_print_errors(bio_err); 655 goto end; 656 } 657 658 if (client_auth) { 659 SSL_CTX_use_certificate_chain_file(c_ctx, client_cert); 660 SSL_CTX_use_PrivateKey_file(c_ctx, 661 (client_key ? client_key : client_cert), 662 SSL_FILETYPE_PEM); 663 } 664 665 if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) || 666 (!SSL_CTX_set_default_verify_paths(s_ctx)) || 667 (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) || 668 (!SSL_CTX_set_default_verify_paths(c_ctx))) { 669 /* fprintf(stderr,"SSL_load_verify_locations\n"); */ 670 ERR_print_errors(bio_err); 671 /* goto end; */ 672 } 673 674 if (client_auth) { 675 BIO_printf(bio_err, "client authentication\n"); 676 SSL_CTX_set_verify(s_ctx, 677 SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 678 verify_callback); 679 SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, 680 app_verify_arg); 681 } 682 if (server_auth) { 683 BIO_printf(bio_err, "server authentication\n"); 684 SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, 685 verify_callback); 686 SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, 687 app_verify_arg); 688 } 689 690 { 691 int session_id_context = 0; 692 SSL_CTX_set_session_id_context(s_ctx, 693 (void *)&session_id_context, sizeof(session_id_context)); 694 } 695 696 if (alpn_server != NULL) 697 SSL_CTX_set_alpn_select_cb(s_ctx, cb_server_alpn, NULL); 698 699 if (alpn_client != NULL) { 700 unsigned short alpn_len; 701 unsigned char *alpn = next_protos_parse(&alpn_len, alpn_client); 702 703 if (alpn == NULL) { 704 BIO_printf(bio_err, "Error parsing -alpn_client argument\n"); 705 goto end; 706 } 707 SSL_CTX_set_alpn_protos(c_ctx, alpn, alpn_len); 708 free(alpn); 709 } 710 711 c_ssl = SSL_new(c_ctx); 712 s_ssl = SSL_new(s_ctx); 713 714 for (i = 0; i < number; i++) { 715 if (!reuse) 716 SSL_set_session(c_ssl, NULL); 717 #ifdef USE_BIOPAIR 718 if (bio_pair) 719 ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, 720 &c_time); 721 else 722 #endif 723 ret = doit(s_ssl, c_ssl, bytes); 724 } 725 726 if (!verbose) { 727 print_details(c_ssl, ""); 728 } 729 if ((number > 1) || (bytes > 1L)) 730 BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", 731 number, bytes); 732 if (print_time) { 733 #ifdef CLOCKS_PER_SEC 734 /* "To determine the time in seconds, the value returned 735 * by the clock function should be divided by the value 736 * of the macro CLOCKS_PER_SEC." 737 * -- ISO/IEC 9899 */ 738 BIO_printf(bio_stdout, 739 "Approximate total server time: %6.2f s\n" 740 "Approximate total client time: %6.2f s\n", 741 (double)s_time/CLOCKS_PER_SEC, 742 (double)c_time/CLOCKS_PER_SEC); 743 #else 744 /* "`CLOCKS_PER_SEC' undeclared (first use this function)" 745 * -- cc on NeXTstep/OpenStep */ 746 BIO_printf(bio_stdout, 747 "Approximate total server time: %6.2f units\n" 748 "Approximate total client time: %6.2f units\n", 749 (double)s_time, 750 (double)c_time); 751 #endif 752 } 753 754 SSL_free(s_ssl); 755 SSL_free(c_ssl); 756 757 end: 758 SSL_CTX_free(s_ctx); 759 SSL_CTX_free(c_ctx); 760 BIO_free(bio_stdout); 761 762 CRYPTO_cleanup_all_ex_data(); 763 ERR_free_strings(); 764 ERR_remove_thread_state(NULL); 765 EVP_cleanup(); 766 CRYPTO_mem_leaks(bio_err); 767 BIO_free(bio_err); 768 769 exit(ret); 770 return ret; 771 } 772 773 #if USE_BIOPAIR 774 int 775 doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, clock_t *s_time, 776 clock_t *c_time) 777 { 778 long cw_num = count, cr_num = count, sw_num = count, sr_num = count; 779 BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL; 780 BIO *server = NULL, *server_io = NULL; 781 BIO *client = NULL, *client_io = NULL; 782 int ret = 1; 783 784 size_t bufsiz = 256; /* small buffer for testing */ 785 786 if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz)) 787 goto err; 788 if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz)) 789 goto err; 790 791 s_ssl_bio = BIO_new(BIO_f_ssl()); 792 if (!s_ssl_bio) 793 goto err; 794 795 c_ssl_bio = BIO_new(BIO_f_ssl()); 796 if (!c_ssl_bio) 797 goto err; 798 799 SSL_set_connect_state(c_ssl); 800 SSL_set_bio(c_ssl, client, client); 801 (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE); 802 803 SSL_set_accept_state(s_ssl); 804 SSL_set_bio(s_ssl, server, server); 805 (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE); 806 807 do { 808 /* c_ssl_bio: SSL filter BIO 809 * 810 * client: pseudo-I/O for SSL library 811 * 812 * client_io: client's SSL communication; usually to be 813 * relayed over some I/O facility, but in this 814 * test program, we're the server, too: 815 * 816 * server_io: server's SSL communication 817 * 818 * server: pseudo-I/O for SSL library 819 * 820 * s_ssl_bio: SSL filter BIO 821 * 822 * The client and the server each employ a "BIO pair": 823 * client + client_io, server + server_io. 824 * BIO pairs are symmetric. A BIO pair behaves similar 825 * to a non-blocking socketpair (but both endpoints must 826 * be handled by the same thread). 827 * [Here we could connect client and server to the ends 828 * of a single BIO pair, but then this code would be less 829 * suitable as an example for BIO pairs in general.] 830 * 831 * Useful functions for querying the state of BIO pair endpoints: 832 * 833 * BIO_ctrl_pending(bio) number of bytes we can read now 834 * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil 835 * other side's read attempt 836 * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now 837 * 838 * ..._read_request is never more than ..._write_guarantee; 839 * it depends on the application which one you should use. 840 */ 841 842 /* We have non-blocking behaviour throughout this test program, but 843 * can be sure that there is *some* progress in each iteration; so 844 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE 845 * -- we just try everything in each iteration 846 */ 847 848 { 849 /* CLIENT */ 850 851 char cbuf[1024*8]; 852 int i, r; 853 clock_t c_clock = clock(); 854 855 memset(cbuf, 0, sizeof(cbuf)); 856 857 if (debug) 858 if (SSL_in_init(c_ssl)) 859 printf("client waiting in SSL_connect - %s\n", 860 SSL_state_string_long(c_ssl)); 861 862 if (cw_num > 0) { 863 /* Write to server. */ 864 865 if (cw_num > (long)sizeof cbuf) 866 i = sizeof cbuf; 867 else 868 i = (int)cw_num; 869 r = BIO_write(c_ssl_bio, cbuf, i); 870 if (r < 0) { 871 if (!BIO_should_retry(c_ssl_bio)) { 872 fprintf(stderr, "ERROR in CLIENT\n"); 873 goto err; 874 } 875 /* BIO_should_retry(...) can just be ignored here. 876 * The library expects us to call BIO_write with 877 * the same arguments again, and that's what we will 878 * do in the next iteration. */ 879 } else if (r == 0) { 880 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 881 goto err; 882 } else { 883 if (debug) 884 printf("client wrote %d\n", r); 885 cw_num -= r; 886 887 } 888 } 889 890 if (cr_num > 0) { 891 /* Read from server. */ 892 893 r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf)); 894 if (r < 0) { 895 if (!BIO_should_retry(c_ssl_bio)) { 896 fprintf(stderr, "ERROR in CLIENT\n"); 897 goto err; 898 } 899 /* Again, "BIO_should_retry" can be ignored. */ 900 } else if (r == 0) { 901 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 902 goto err; 903 } else { 904 if (debug) 905 printf("client read %d\n", r); 906 cr_num -= r; 907 } 908 } 909 910 /* c_time and s_time increments will typically be very small 911 * (depending on machine speed and clock tick intervals), 912 * but sampling over a large number of connections should 913 * result in fairly accurate figures. We cannot guarantee 914 * a lot, however -- if each connection lasts for exactly 915 * one clock tick, it will be counted only for the client 916 * or only for the server or even not at all. 917 */ 918 *c_time += (clock() - c_clock); 919 } 920 921 { 922 /* SERVER */ 923 924 char sbuf[1024*8]; 925 int i, r; 926 clock_t s_clock = clock(); 927 928 memset(sbuf, 0, sizeof(sbuf)); 929 930 if (debug) 931 if (SSL_in_init(s_ssl)) 932 printf("server waiting in SSL_accept - %s\n", 933 SSL_state_string_long(s_ssl)); 934 935 if (sw_num > 0) { 936 /* Write to client. */ 937 938 if (sw_num > (long)sizeof sbuf) 939 i = sizeof sbuf; 940 else 941 i = (int)sw_num; 942 r = BIO_write(s_ssl_bio, sbuf, i); 943 if (r < 0) { 944 if (!BIO_should_retry(s_ssl_bio)) { 945 fprintf(stderr, "ERROR in SERVER\n"); 946 goto err; 947 } 948 /* Ignore "BIO_should_retry". */ 949 } else if (r == 0) { 950 fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); 951 goto err; 952 } else { 953 if (debug) 954 printf("server wrote %d\n", r); 955 sw_num -= r; 956 957 } 958 } 959 960 if (sr_num > 0) { 961 /* Read from client. */ 962 963 r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf)); 964 if (r < 0) { 965 if (!BIO_should_retry(s_ssl_bio)) { 966 fprintf(stderr, "ERROR in SERVER\n"); 967 goto err; 968 } 969 /* blah, blah */ 970 } else if (r == 0) { 971 fprintf(stderr, "SSL SERVER STARTUP FAILED\n"); 972 goto err; 973 } else { 974 if (debug) 975 printf("server read %d\n", r); 976 sr_num -= r; 977 } 978 } 979 980 *s_time += (clock() - s_clock); 981 } 982 983 { 984 /* "I/O" BETWEEN CLIENT AND SERVER. */ 985 986 size_t r1, r2; 987 BIO *io1 = server_io, *io2 = client_io; 988 /* we use the non-copying interface for io1 989 * and the standard BIO_write/BIO_read interface for io2 990 */ 991 992 static int prev_progress = 1; 993 int progress = 0; 994 995 /* io1 to io2 */ 996 do { 997 size_t num; 998 int r; 999 1000 r1 = BIO_ctrl_pending(io1); 1001 r2 = BIO_ctrl_get_write_guarantee(io2); 1002 1003 num = r1; 1004 if (r2 < num) 1005 num = r2; 1006 if (num) { 1007 char *dataptr; 1008 1009 if (INT_MAX < num) /* yeah, right */ 1010 num = INT_MAX; 1011 1012 r = BIO_nread(io1, &dataptr, (int)num); 1013 assert(r > 0); 1014 assert(r <= (int)num); 1015 /* possibly r < num (non-contiguous data) */ 1016 num = r; 1017 r = BIO_write(io2, dataptr, (int)num); 1018 if (r != (int)num) /* can't happen */ 1019 { 1020 fprintf(stderr, "ERROR: BIO_write could not write " 1021 "BIO_ctrl_get_write_guarantee() bytes"); 1022 goto err; 1023 } 1024 progress = 1; 1025 1026 if (debug) 1027 printf((io1 == client_io) ? 1028 "C->S relaying: %d bytes\n" : 1029 "S->C relaying: %d bytes\n", 1030 (int)num); 1031 } 1032 } while (r1 && r2); 1033 1034 /* io2 to io1 */ 1035 { 1036 size_t num; 1037 int r; 1038 1039 r1 = BIO_ctrl_pending(io2); 1040 r2 = BIO_ctrl_get_read_request(io1); 1041 /* here we could use ..._get_write_guarantee instead of 1042 * ..._get_read_request, but by using the latter 1043 * we test restartability of the SSL implementation 1044 * more thoroughly */ 1045 num = r1; 1046 if (r2 < num) 1047 num = r2; 1048 if (num) { 1049 char *dataptr; 1050 1051 if (INT_MAX < num) 1052 num = INT_MAX; 1053 1054 if (num > 1) 1055 --num; /* test restartability even more thoroughly */ 1056 1057 r = BIO_nwrite0(io1, &dataptr); 1058 assert(r > 0); 1059 if (r < (int)num) 1060 num = r; 1061 r = BIO_read(io2, dataptr, (int)num); 1062 if (r != (int)num) /* can't happen */ 1063 { 1064 fprintf(stderr, "ERROR: BIO_read could not read " 1065 "BIO_ctrl_pending() bytes"); 1066 goto err; 1067 } 1068 progress = 1; 1069 r = BIO_nwrite(io1, &dataptr, (int)num); 1070 if (r != (int)num) /* can't happen */ 1071 { 1072 fprintf(stderr, "ERROR: BIO_nwrite() did not accept " 1073 "BIO_nwrite0() bytes"); 1074 goto err; 1075 } 1076 1077 if (debug) 1078 printf((io2 == client_io) ? 1079 "C->S relaying: %d bytes\n" : 1080 "S->C relaying: %d bytes\n", 1081 (int)num); 1082 } 1083 } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */ 1084 1085 if (!progress && !prev_progress) { 1086 if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) { 1087 fprintf(stderr, "ERROR: got stuck\n"); 1088 goto err; 1089 } 1090 } 1091 prev_progress = progress; 1092 } 1093 } while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0); 1094 1095 if (verbose) 1096 print_details(c_ssl, "DONE via BIO pair: "); 1097 1098 if (verify_alpn(c_ssl, s_ssl) < 0) { 1099 ret = 1; 1100 goto err; 1101 } 1102 1103 ret = 0; 1104 1105 err: 1106 ERR_print_errors(bio_err); 1107 1108 BIO_free(server); 1109 BIO_free(server_io); 1110 BIO_free(client); 1111 BIO_free(client_io); 1112 BIO_free(s_ssl_bio); 1113 BIO_free(c_ssl_bio); 1114 1115 return ret; 1116 } 1117 #endif 1118 1119 1120 #define W_READ 1 1121 #define W_WRITE 2 1122 #define C_DONE 1 1123 #define S_DONE 2 1124 1125 int 1126 doit(SSL *s_ssl, SSL *c_ssl, long count) 1127 { 1128 char cbuf[1024*8], sbuf[1024*8]; 1129 long cw_num = count, cr_num = count; 1130 long sw_num = count, sr_num = count; 1131 int ret = 1; 1132 BIO *c_to_s = NULL; 1133 BIO *s_to_c = NULL; 1134 BIO *c_bio = NULL; 1135 BIO *s_bio = NULL; 1136 int c_r, c_w, s_r, s_w; 1137 int i, j; 1138 int done = 0; 1139 int c_write, s_write; 1140 int do_server = 0, do_client = 0; 1141 1142 memset(cbuf, 0, sizeof(cbuf)); 1143 memset(sbuf, 0, sizeof(sbuf)); 1144 1145 c_to_s = BIO_new(BIO_s_mem()); 1146 s_to_c = BIO_new(BIO_s_mem()); 1147 if ((s_to_c == NULL) || (c_to_s == NULL)) { 1148 ERR_print_errors(bio_err); 1149 goto err; 1150 } 1151 1152 c_bio = BIO_new(BIO_f_ssl()); 1153 s_bio = BIO_new(BIO_f_ssl()); 1154 if ((c_bio == NULL) || (s_bio == NULL)) { 1155 ERR_print_errors(bio_err); 1156 goto err; 1157 } 1158 1159 SSL_set_connect_state(c_ssl); 1160 SSL_set_bio(c_ssl, s_to_c, c_to_s); 1161 BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE); 1162 1163 SSL_set_accept_state(s_ssl); 1164 SSL_set_bio(s_ssl, c_to_s, s_to_c); 1165 BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE); 1166 1167 c_r = 0; 1168 s_r = 1; 1169 c_w = 1; 1170 s_w = 0; 1171 c_write = 1, s_write = 0; 1172 1173 /* We can always do writes */ 1174 for (;;) { 1175 do_server = 0; 1176 do_client = 0; 1177 1178 i = (int)BIO_pending(s_bio); 1179 if ((i && s_r) || s_w) 1180 do_server = 1; 1181 1182 i = (int)BIO_pending(c_bio); 1183 if ((i && c_r) || c_w) 1184 do_client = 1; 1185 1186 if (do_server && debug) { 1187 if (SSL_in_init(s_ssl)) 1188 printf("server waiting in SSL_accept - %s\n", 1189 SSL_state_string_long(s_ssl)); 1190 } 1191 1192 if (do_client && debug) { 1193 if (SSL_in_init(c_ssl)) 1194 printf("client waiting in SSL_connect - %s\n", 1195 SSL_state_string_long(c_ssl)); 1196 } 1197 1198 if (!do_client && !do_server) { 1199 fprintf(stdout, "ERROR in STARTUP\n"); 1200 ERR_print_errors(bio_err); 1201 goto err; 1202 } 1203 1204 if (do_client && !(done & C_DONE)) { 1205 if (c_write) { 1206 j = (cw_num > (long)sizeof(cbuf)) ? 1207 (int)sizeof(cbuf) : (int)cw_num; 1208 i = BIO_write(c_bio, cbuf, j); 1209 if (i < 0) { 1210 c_r = 0; 1211 c_w = 0; 1212 if (BIO_should_retry(c_bio)) { 1213 if (BIO_should_read(c_bio)) 1214 c_r = 1; 1215 if (BIO_should_write(c_bio)) 1216 c_w = 1; 1217 } else { 1218 fprintf(stderr, "ERROR in CLIENT\n"); 1219 ERR_print_errors(bio_err); 1220 goto err; 1221 } 1222 } else if (i == 0) { 1223 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 1224 goto err; 1225 } else { 1226 if (debug) 1227 printf("client wrote %d\n", i); 1228 /* ok */ 1229 s_r = 1; 1230 c_write = 0; 1231 cw_num -= i; 1232 } 1233 } else { 1234 i = BIO_read(c_bio, cbuf, sizeof(cbuf)); 1235 if (i < 0) { 1236 c_r = 0; 1237 c_w = 0; 1238 if (BIO_should_retry(c_bio)) { 1239 if (BIO_should_read(c_bio)) 1240 c_r = 1; 1241 if (BIO_should_write(c_bio)) 1242 c_w = 1; 1243 } else { 1244 fprintf(stderr, "ERROR in CLIENT\n"); 1245 ERR_print_errors(bio_err); 1246 goto err; 1247 } 1248 } else if (i == 0) { 1249 fprintf(stderr, "SSL CLIENT STARTUP FAILED\n"); 1250 goto err; 1251 } else { 1252 if (debug) 1253 printf("client read %d\n", i); 1254 cr_num -= i; 1255 if (sw_num > 0) { 1256 s_write = 1; 1257 s_w = 1; 1258 } 1259 if (cr_num <= 0) { 1260 s_write = 1; 1261 s_w = 1; 1262 done = S_DONE|C_DONE; 1263 } 1264 } 1265 } 1266 } 1267 1268 if (do_server && !(done & S_DONE)) { 1269 if (!s_write) { 1270 i = BIO_read(s_bio, sbuf, sizeof(cbuf)); 1271 if (i < 0) { 1272 s_r = 0; 1273 s_w = 0; 1274 if (BIO_should_retry(s_bio)) { 1275 if (BIO_should_read(s_bio)) 1276 s_r = 1; 1277 if (BIO_should_write(s_bio)) 1278 s_w = 1; 1279 } else { 1280 fprintf(stderr, "ERROR in SERVER\n"); 1281 ERR_print_errors(bio_err); 1282 goto err; 1283 } 1284 } else if (i == 0) { 1285 ERR_print_errors(bio_err); 1286 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_read\n"); 1287 goto err; 1288 } else { 1289 if (debug) 1290 printf("server read %d\n", i); 1291 sr_num -= i; 1292 if (cw_num > 0) { 1293 c_write = 1; 1294 c_w = 1; 1295 } 1296 if (sr_num <= 0) { 1297 s_write = 1; 1298 s_w = 1; 1299 c_write = 0; 1300 } 1301 } 1302 } else { 1303 j = (sw_num > (long)sizeof(sbuf)) ? 1304 (int)sizeof(sbuf) : (int)sw_num; 1305 i = BIO_write(s_bio, sbuf, j); 1306 if (i < 0) { 1307 s_r = 0; 1308 s_w = 0; 1309 if (BIO_should_retry(s_bio)) { 1310 if (BIO_should_read(s_bio)) 1311 s_r = 1; 1312 if (BIO_should_write(s_bio)) 1313 s_w = 1; 1314 } else { 1315 fprintf(stderr, "ERROR in SERVER\n"); 1316 ERR_print_errors(bio_err); 1317 goto err; 1318 } 1319 } else if (i == 0) { 1320 ERR_print_errors(bio_err); 1321 fprintf(stderr, "SSL SERVER STARTUP FAILED in SSL_write\n"); 1322 goto err; 1323 } else { 1324 if (debug) 1325 printf("server wrote %d\n", i); 1326 sw_num -= i; 1327 s_write = 0; 1328 c_r = 1; 1329 if (sw_num <= 0) 1330 done |= S_DONE; 1331 } 1332 } 1333 } 1334 1335 if ((done & S_DONE) && (done & C_DONE)) 1336 break; 1337 } 1338 1339 if (verbose) 1340 print_details(c_ssl, "DONE: "); 1341 1342 if (verify_alpn(c_ssl, s_ssl) < 0) { 1343 ret = 1; 1344 goto err; 1345 } 1346 1347 ret = 0; 1348 err: 1349 /* We have to set the BIO's to NULL otherwise they will be 1350 * free()ed twice. Once when th s_ssl is SSL_free()ed and 1351 * again when c_ssl is SSL_free()ed. 1352 * This is a hack required because s_ssl and c_ssl are sharing the same 1353 * BIO structure and SSL_set_bio() and SSL_free() automatically 1354 * BIO_free non NULL entries. 1355 * You should not normally do this or be required to do this */ 1356 if (s_ssl != NULL) { 1357 s_ssl->rbio = NULL; 1358 s_ssl->wbio = NULL; 1359 } 1360 if (c_ssl != NULL) { 1361 c_ssl->rbio = NULL; 1362 c_ssl->wbio = NULL; 1363 } 1364 1365 BIO_free(c_to_s); 1366 BIO_free(s_to_c); 1367 BIO_free_all(c_bio); 1368 BIO_free_all(s_bio); 1369 1370 return (ret); 1371 } 1372 1373 static int 1374 verify_callback(int ok, X509_STORE_CTX *ctx) 1375 { 1376 X509 *xs; 1377 char *s, buf[256]; 1378 int error, error_depth; 1379 1380 xs = X509_STORE_CTX_get_current_cert(ctx); 1381 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, sizeof buf); 1382 error = X509_STORE_CTX_get_error(ctx); 1383 error_depth = X509_STORE_CTX_get_error_depth(ctx); 1384 if (s != NULL) { 1385 if (ok) 1386 fprintf(stderr, "depth=%d %s\n", error_depth, buf); 1387 else { 1388 fprintf(stderr, "depth=%d error=%d %s\n", error_depth, 1389 error, buf); 1390 } 1391 } 1392 1393 if (ok == 0) { 1394 fprintf(stderr, "Error string: %s\n", 1395 X509_verify_cert_error_string(error)); 1396 switch (error) { 1397 case X509_V_ERR_CERT_NOT_YET_VALID: 1398 case X509_V_ERR_CERT_HAS_EXPIRED: 1399 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: 1400 fprintf(stderr, " ... ignored.\n"); 1401 ok = 1; 1402 } 1403 } 1404 1405 return (ok); 1406 } 1407 1408 static int 1409 app_verify_callback(X509_STORE_CTX *ctx, void *arg) 1410 { 1411 X509 *xs; 1412 char *s = NULL, buf[256]; 1413 const char *cb_arg = arg; 1414 1415 xs = X509_STORE_CTX_get0_cert(ctx); 1416 fprintf(stderr, "In app_verify_callback, allowing cert. "); 1417 fprintf(stderr, "Arg is: %s\n", cb_arg); 1418 fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n", 1419 (void *)ctx, (void *)xs); 1420 if (xs) 1421 s = X509_NAME_oneline(X509_get_subject_name(xs), buf, 256); 1422 if (s != NULL) { 1423 fprintf(stderr, "cert depth=%d %s\n", 1424 X509_STORE_CTX_get_error_depth(ctx), buf); 1425 } 1426 1427 return 1; 1428 } 1429 1430 /* These DH parameters have been generated as follows: 1431 * $ openssl dhparam -C -noout 1024 1432 * $ openssl dhparam -C -noout -dsaparam 1024 1433 * (The second function has been renamed to avoid name conflicts.) 1434 */ 1435 static DH * 1436 get_dh1024(void) 1437 { 1438 static unsigned char dh1024_p[] = { 1439 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF, 0x3A, 1440 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56, 0xA2, 1441 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F, 0xB0, 1442 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87, 0xC2, 1443 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0, 0x8C, 1444 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F, 0xB8, 1445 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D, 0x52, 1446 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC, 0xC1, 1447 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB, 0xB1, 1448 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89, 0xAB, 1449 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53, 1450 }; 1451 static unsigned char dh1024_g[] = { 1452 0x02, 1453 }; 1454 DH *dh; 1455 BIGNUM *dh_p = NULL, *dh_g = NULL; 1456 1457 if ((dh = DH_new()) == NULL) 1458 return NULL; 1459 1460 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 1461 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 1462 if (dh_p == NULL || dh_g == NULL) 1463 goto err; 1464 1465 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) 1466 goto err; 1467 1468 return dh; 1469 1470 err: 1471 BN_free(dh_p); 1472 BN_free(dh_g); 1473 DH_free(dh); 1474 return NULL; 1475 } 1476 1477 static DH * 1478 get_dh1024dsa(void) 1479 { 1480 static unsigned char dh1024_p[] = { 1481 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5, 0x00, 1482 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87, 0x19, 1483 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65, 0xD2, 1484 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6, 0x55, 1485 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF, 0xFC, 1486 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52, 0x97, 1487 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28, 0x8D, 1488 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD, 0xBB, 1489 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C, 0xF6, 1490 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26, 0x9E, 1491 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39, 1492 }; 1493 static unsigned char dh1024_g[] = { 1494 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80, 0x05, 1495 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03, 0xF3, 1496 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A, 0xE9, 1497 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85, 0x3C, 1498 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B, 0x65, 1499 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF, 0x60, 1500 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E, 0xF6, 1501 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB, 0xA7, 1502 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72, 0xA1, 1503 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E, 0x60, 1504 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2, 1505 }; 1506 DH *dh; 1507 BIGNUM *dh_p = NULL, *dh_g = NULL; 1508 1509 if ((dh = DH_new()) == NULL) 1510 return NULL; 1511 1512 dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); 1513 dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL); 1514 if (dh_p == NULL || dh_g == NULL) 1515 goto err; 1516 1517 if (!DH_set0_pqg(dh, dh_p, NULL, dh_g)) 1518 goto err; 1519 1520 DH_set_length(dh, 160); 1521 1522 return dh; 1523 1524 err: 1525 BN_free(dh_p); 1526 BN_free(dh_g); 1527 DH_free(dh); 1528 return NULL; 1529 } 1530