xref: /openbsd-src/regress/lib/libssl/server/servertest.c (revision d59bb9942320b767f2a19aaa7690c8c6e30b724c) 
1*d59bb994Sjsing /* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */
2*d59bb994Sjsing /*
3*d59bb994Sjsing  * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4*d59bb994Sjsing  *
5*d59bb994Sjsing  * Permission to use, copy, modify, and distribute this software for any
6*d59bb994Sjsing  * purpose with or without fee is hereby granted, provided that the above
7*d59bb994Sjsing  * copyright notice and this permission notice appear in all copies.
8*d59bb994Sjsing  *
9*d59bb994Sjsing  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10*d59bb994Sjsing  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11*d59bb994Sjsing  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12*d59bb994Sjsing  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13*d59bb994Sjsing  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14*d59bb994Sjsing  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15*d59bb994Sjsing  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16*d59bb994Sjsing  */
17*d59bb994Sjsing 
18*d59bb994Sjsing #include <openssl/ssl.h>
19*d59bb994Sjsing 
20*d59bb994Sjsing #include <openssl/err.h>
21*d59bb994Sjsing #include <openssl/dtls1.h>
22*d59bb994Sjsing #include <openssl/ssl3.h>
23*d59bb994Sjsing 
24*d59bb994Sjsing #include <err.h>
25*d59bb994Sjsing #include <stdio.h>
26*d59bb994Sjsing #include <string.h>
27*d59bb994Sjsing 
28*d59bb994Sjsing char *server_ca_file;
29*d59bb994Sjsing char *server_cert_file;
30*d59bb994Sjsing char *server_key_file;
31*d59bb994Sjsing 
32*d59bb994Sjsing static unsigned char sslv2_client_hello_tls10[] = {
33*d59bb994Sjsing 	0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
34*d59bb994Sjsing 	0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
35*d59bb994Sjsing 	0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
36*d59bb994Sjsing 	0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
37*d59bb994Sjsing 	0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
38*d59bb994Sjsing 	0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
39*d59bb994Sjsing 	0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
40*d59bb994Sjsing 	0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
41*d59bb994Sjsing 	0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
42*d59bb994Sjsing 	0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
43*d59bb994Sjsing 	0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
44*d59bb994Sjsing 	0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
45*d59bb994Sjsing 	0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
46*d59bb994Sjsing 	0xc8, 0x73, 0xad, 0x9c,
47*d59bb994Sjsing };
48*d59bb994Sjsing 
49*d59bb994Sjsing static unsigned char sslv2_client_hello_tls12[] = {
50*d59bb994Sjsing 	0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
51*d59bb994Sjsing 	0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
52*d59bb994Sjsing 	0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
53*d59bb994Sjsing 	0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
54*d59bb994Sjsing 	0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
55*d59bb994Sjsing 	0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
56*d59bb994Sjsing 	0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
57*d59bb994Sjsing 	0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
58*d59bb994Sjsing 	0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
59*d59bb994Sjsing 	0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
60*d59bb994Sjsing 	0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
61*d59bb994Sjsing 	0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
62*d59bb994Sjsing 	0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
63*d59bb994Sjsing 	0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
64*d59bb994Sjsing 	0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
65*d59bb994Sjsing 	0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
66*d59bb994Sjsing 	0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
67*d59bb994Sjsing 	0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
68*d59bb994Sjsing 	0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
69*d59bb994Sjsing 	0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
70*d59bb994Sjsing 	0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
71*d59bb994Sjsing 	0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
72*d59bb994Sjsing 	0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
73*d59bb994Sjsing 	0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
74*d59bb994Sjsing 	0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
75*d59bb994Sjsing 	0x4e, 0x7d, 0x9d, 0x9c, 0x52,
76*d59bb994Sjsing };
77*d59bb994Sjsing 
78*d59bb994Sjsing struct server_hello_test {
79*d59bb994Sjsing 	const unsigned char *desc;
80*d59bb994Sjsing 	unsigned char *client_hello;
81*d59bb994Sjsing 	const size_t client_hello_len;
82*d59bb994Sjsing 	const SSL_METHOD *(*ssl_method)(void);
83*d59bb994Sjsing 	const long ssl_options;
84*d59bb994Sjsing };
85*d59bb994Sjsing 
86*d59bb994Sjsing static struct server_hello_test server_hello_tests[] = {
87*d59bb994Sjsing 	{
88*d59bb994Sjsing 		.desc = "TLSv1.0 in SSLv2 record",
89*d59bb994Sjsing 		.client_hello = sslv2_client_hello_tls10,
90*d59bb994Sjsing 		.client_hello_len = sizeof(sslv2_client_hello_tls10),
91*d59bb994Sjsing 		.ssl_method = TLS_server_method,
92*d59bb994Sjsing 		.ssl_options = 0,
93*d59bb994Sjsing 	},
94*d59bb994Sjsing 	{
95*d59bb994Sjsing 		.desc = "TLSv1.2 in SSLv2 record",
96*d59bb994Sjsing 		.client_hello = sslv2_client_hello_tls12,
97*d59bb994Sjsing 		.client_hello_len = sizeof(sslv2_client_hello_tls12),
98*d59bb994Sjsing 		.ssl_method = TLS_server_method,
99*d59bb994Sjsing 		.ssl_options = 0,
100*d59bb994Sjsing 	},
101*d59bb994Sjsing };
102*d59bb994Sjsing 
103*d59bb994Sjsing #define N_SERVER_HELLO_TESTS \
104*d59bb994Sjsing     (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
105*d59bb994Sjsing 
106*d59bb994Sjsing static int
107*d59bb994Sjsing server_hello_test(int testno, struct server_hello_test *sht)
108*d59bb994Sjsing {
109*d59bb994Sjsing 	BIO *rbio = NULL, *wbio = NULL;
110*d59bb994Sjsing 	SSL_CTX *ssl_ctx = NULL;
111*d59bb994Sjsing 	SSL *ssl = NULL;
112*d59bb994Sjsing 	int ret = 1;
113*d59bb994Sjsing 
114*d59bb994Sjsing 	fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
115*d59bb994Sjsing 
116*d59bb994Sjsing 	if ((rbio = BIO_new_mem_buf(sht->client_hello,
117*d59bb994Sjsing 	    sht->client_hello_len)) == NULL) {
118*d59bb994Sjsing 		fprintf(stderr, "Failed to setup rbio\n");
119*d59bb994Sjsing 		goto failure;
120*d59bb994Sjsing 	}
121*d59bb994Sjsing 	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
122*d59bb994Sjsing 		fprintf(stderr, "Failed to setup wbio\n");
123*d59bb994Sjsing 		goto failure;
124*d59bb994Sjsing 	}
125*d59bb994Sjsing 
126*d59bb994Sjsing 	if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
127*d59bb994Sjsing 		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
128*d59bb994Sjsing 		goto failure;
129*d59bb994Sjsing 	}
130*d59bb994Sjsing 
131*d59bb994Sjsing 	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
132*d59bb994Sjsing 	    SSL_FILETYPE_PEM) != 1) {
133*d59bb994Sjsing 		fprintf(stderr, "Failed to load server certificate");
134*d59bb994Sjsing 		goto failure;
135*d59bb994Sjsing 	}
136*d59bb994Sjsing 	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
137*d59bb994Sjsing 	    SSL_FILETYPE_PEM) != 1) {
138*d59bb994Sjsing 		fprintf(stderr, "Failed to load server private key");
139*d59bb994Sjsing 		goto failure;
140*d59bb994Sjsing 	}
141*d59bb994Sjsing 
142*d59bb994Sjsing 	SSL_CTX_set_dh_auto(ssl_ctx, 1);
143*d59bb994Sjsing 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
144*d59bb994Sjsing 	SSL_CTX_set_options(ssl_ctx, sht->ssl_options);
145*d59bb994Sjsing 
146*d59bb994Sjsing 	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
147*d59bb994Sjsing 		fprintf(stderr, "SSL_new() returned NULL\n");
148*d59bb994Sjsing 		goto failure;
149*d59bb994Sjsing 	}
150*d59bb994Sjsing 
151*d59bb994Sjsing 	rbio->references = 2;
152*d59bb994Sjsing 	wbio->references = 2;
153*d59bb994Sjsing 
154*d59bb994Sjsing 	SSL_set_bio(ssl, rbio, wbio);
155*d59bb994Sjsing 
156*d59bb994Sjsing 	if (SSL_accept(ssl) != 0) {
157*d59bb994Sjsing 		fprintf(stderr, "SSL_accept() returned non-zero\n");
158*d59bb994Sjsing 		ERR_print_errors_fp(stderr);
159*d59bb994Sjsing 		goto failure;
160*d59bb994Sjsing 	}
161*d59bb994Sjsing 
162*d59bb994Sjsing 	ret = 0;
163*d59bb994Sjsing 
164*d59bb994Sjsing  failure:
165*d59bb994Sjsing 	SSL_CTX_free(ssl_ctx);
166*d59bb994Sjsing 	SSL_free(ssl);
167*d59bb994Sjsing 
168*d59bb994Sjsing 	rbio->references = 1;
169*d59bb994Sjsing 	wbio->references = 1;
170*d59bb994Sjsing 
171*d59bb994Sjsing 	BIO_free(rbio);
172*d59bb994Sjsing 	BIO_free(wbio);
173*d59bb994Sjsing 
174*d59bb994Sjsing 	return (ret);
175*d59bb994Sjsing }
176*d59bb994Sjsing 
177*d59bb994Sjsing int
178*d59bb994Sjsing main(int argc, char **argv)
179*d59bb994Sjsing {
180*d59bb994Sjsing 	int failed = 0;
181*d59bb994Sjsing 	size_t i;
182*d59bb994Sjsing 
183*d59bb994Sjsing 	if (argc != 4) {
184*d59bb994Sjsing 		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
185*d59bb994Sjsing 		    argv[0]);
186*d59bb994Sjsing 		exit(1);
187*d59bb994Sjsing 	}
188*d59bb994Sjsing 
189*d59bb994Sjsing 	server_key_file = argv[1];
190*d59bb994Sjsing 	server_cert_file = argv[2];
191*d59bb994Sjsing 	server_ca_file = argv[3];
192*d59bb994Sjsing 
193*d59bb994Sjsing 	SSL_library_init();
194*d59bb994Sjsing 	SSL_load_error_strings();
195*d59bb994Sjsing 
196*d59bb994Sjsing 	for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
197*d59bb994Sjsing 		failed |= server_hello_test(i, &server_hello_tests[i]);
198*d59bb994Sjsing 
199*d59bb994Sjsing 	return (failed);
200*d59bb994Sjsing }
201