xref: /openbsd-src/regress/lib/libssl/server/servertest.c (revision 0b5493cb0c742202428c9cd6ec8d6e309804d203) 
1 /* $OpenBSD: servertest.c,v 1.8 2023/07/11 10:09:47 tb Exp $ */
2 /*
3  * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <openssl/ssl.h>
19 
20 #include <openssl/err.h>
21 #include <openssl/dtls1.h>
22 #include <openssl/ssl3.h>
23 
24 #include <err.h>
25 #include <stdio.h>
26 #include <string.h>
27 
28 const SSL_METHOD *tls_legacy_method(void);
29 
30 char *server_ca_file;
31 char *server_cert_file;
32 char *server_key_file;
33 
34 static unsigned char sslv2_client_hello_tls10[] = {
35 	0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
36 	0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
37 	0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
38 	0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
39 	0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
40 	0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
41 	0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
42 	0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
43 	0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
44 	0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
45 	0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
46 	0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
47 	0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
48 	0xc8, 0x73, 0xad, 0x9c,
49 };
50 
51 static unsigned char sslv2_client_hello_tls12[] = {
52 	0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
53 	0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
54 	0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
55 	0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
56 	0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
57 	0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
58 	0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
59 	0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
60 	0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
61 	0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
62 	0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
63 	0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
64 	0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
65 	0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
66 	0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
67 	0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
68 	0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
69 	0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
70 	0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
71 	0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
72 	0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
73 	0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
74 	0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
75 	0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
76 	0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
77 	0x4e, 0x7d, 0x9d, 0x9c, 0x52,
78 };
79 
80 struct server_hello_test {
81 	const unsigned char *desc;
82 	unsigned char *client_hello;
83 	const size_t client_hello_len;
84 	const SSL_METHOD *(*ssl_method)(void);
85 	const long ssl_clear_options;
86 	const long ssl_set_options;
87 	int accept_fails;
88 };
89 
90 static struct server_hello_test server_hello_tests[] = {
91 	{
92 		.desc = "TLSv1.0 in SSLv2 record",
93 		.client_hello = sslv2_client_hello_tls10,
94 		.client_hello_len = sizeof(sslv2_client_hello_tls10),
95 		.ssl_method = tls_legacy_method,
96 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
97 		.ssl_set_options = 0,
98 		.accept_fails = 1,
99 	},
100 	{
101 		.desc = "TLSv1.2 in SSLv2 record",
102 		.client_hello = sslv2_client_hello_tls12,
103 		.client_hello_len = sizeof(sslv2_client_hello_tls12),
104 		.ssl_method = tls_legacy_method,
105 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
106 		.ssl_set_options = 0,
107 		.accept_fails = 1,
108 	},
109 };
110 
111 #define N_SERVER_HELLO_TESTS \
112     (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
113 
114 static int
115 server_hello_test(int testno, struct server_hello_test *sht)
116 {
117 	BIO *rbio = NULL, *wbio = NULL;
118 	SSL_CTX *ssl_ctx = NULL;
119 	SSL *ssl = NULL;
120 	int ret = 1;
121 
122 	fprintf(stderr, "Test %d - %s\n", testno, sht->desc);
123 
124 	if ((rbio = BIO_new_mem_buf(sht->client_hello,
125 	    sht->client_hello_len)) == NULL) {
126 		fprintf(stderr, "Failed to setup rbio\n");
127 		goto failure;
128 	}
129 	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
130 		fprintf(stderr, "Failed to setup wbio\n");
131 		goto failure;
132 	}
133 
134 	if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
135 		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
136 		goto failure;
137 	}
138 
139 	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
140 	    SSL_FILETYPE_PEM) != 1) {
141 		fprintf(stderr, "Failed to load server certificate");
142 		goto failure;
143 	}
144 	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
145 	    SSL_FILETYPE_PEM) != 1) {
146 		fprintf(stderr, "Failed to load server private key");
147 		goto failure;
148 	}
149 
150 	SSL_CTX_set_dh_auto(ssl_ctx, 1);
151 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
152 
153 	SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
154 	SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
155 
156 	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
157 		fprintf(stderr, "SSL_new() returned NULL\n");
158 		goto failure;
159 	}
160 
161 	BIO_up_ref(rbio);
162 	BIO_up_ref(wbio);
163 	SSL_set_bio(ssl, rbio, wbio);
164 
165 	if (SSL_accept(ssl) != 0) {
166 		if (sht->accept_fails)
167 			ret = 0;
168 		fprintf(stderr, "SSL_accept() returned non-zero\n");
169 		ERR_print_errors_fp(stderr);
170 		goto failure;
171 	}
172 
173 	ret = 0;
174 
175  failure:
176 	SSL_CTX_free(ssl_ctx);
177 	SSL_free(ssl);
178 
179 	BIO_free(rbio);
180 	BIO_free(wbio);
181 
182 	return (ret);
183 }
184 
185 int
186 main(int argc, char **argv)
187 {
188 	int failed = 0;
189 	size_t i;
190 
191 	if (argc != 4) {
192 		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
193 		    argv[0]);
194 		exit(1);
195 	}
196 
197 	server_key_file = argv[1];
198 	server_cert_file = argv[2];
199 	server_ca_file = argv[3];
200 
201 	SSL_library_init();
202 	SSL_load_error_strings();
203 
204 	for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
205 		failed |= server_hello_test(i, &server_hello_tests[i]);
206 
207 	return (failed);
208 }
209