xref: /openbsd-src/regress/lib/libssl/server/servertest.c (revision 99fd087599a8791921855f21bd7e36130f39aadc) 
1 /* $OpenBSD: servertest.c,v 1.2 2020/01/25 05:02:27 jsing Exp $ */
2 /*
3  * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <openssl/ssl.h>
19 
20 #include <openssl/err.h>
21 #include <openssl/dtls1.h>
22 #include <openssl/ssl3.h>
23 
24 #include <err.h>
25 #include <stdio.h>
26 #include <string.h>
27 
28 char *server_ca_file;
29 char *server_cert_file;
30 char *server_key_file;
31 
32 static unsigned char sslv2_client_hello_tls10[] = {
33 	0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
34 	0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
35 	0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
36 	0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
37 	0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
38 	0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
39 	0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
40 	0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
41 	0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
42 	0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
43 	0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
44 	0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
45 	0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
46 	0xc8, 0x73, 0xad, 0x9c,
47 };
48 
49 static unsigned char sslv2_client_hello_tls12[] = {
50 	0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
51 	0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
52 	0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
53 	0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
54 	0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
55 	0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
56 	0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
57 	0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
58 	0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
59 	0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
60 	0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
61 	0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
62 	0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
63 	0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
64 	0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
65 	0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
66 	0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
67 	0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
68 	0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
69 	0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
70 	0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
71 	0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
72 	0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
73 	0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
74 	0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
75 	0x4e, 0x7d, 0x9d, 0x9c, 0x52,
76 };
77 
78 struct server_hello_test {
79 	const unsigned char *desc;
80 	unsigned char *client_hello;
81 	const size_t client_hello_len;
82 	const SSL_METHOD *(*ssl_method)(void);
83 	const long ssl_clear_options;
84 	const long ssl_set_options;
85 };
86 
87 static struct server_hello_test server_hello_tests[] = {
88 	{
89 		.desc = "TLSv1.0 in SSLv2 record",
90 		.client_hello = sslv2_client_hello_tls10,
91 		.client_hello_len = sizeof(sslv2_client_hello_tls10),
92 		.ssl_method = TLS_server_method,
93 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
94 		.ssl_set_options = 0,
95 	},
96 	{
97 		.desc = "TLSv1.2 in SSLv2 record",
98 		.client_hello = sslv2_client_hello_tls12,
99 		.client_hello_len = sizeof(sslv2_client_hello_tls12),
100 		.ssl_method = TLS_server_method,
101 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
102 		.ssl_set_options = 0,
103 	},
104 };
105 
106 #define N_SERVER_HELLO_TESTS \
107     (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
108 
109 static int
110 server_hello_test(int testno, struct server_hello_test *sht)
111 {
112 	BIO *rbio = NULL, *wbio = NULL;
113 	SSL_CTX *ssl_ctx = NULL;
114 	SSL *ssl = NULL;
115 	int ret = 1;
116 
117 	fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
118 
119 	if ((rbio = BIO_new_mem_buf(sht->client_hello,
120 	    sht->client_hello_len)) == NULL) {
121 		fprintf(stderr, "Failed to setup rbio\n");
122 		goto failure;
123 	}
124 	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
125 		fprintf(stderr, "Failed to setup wbio\n");
126 		goto failure;
127 	}
128 
129 	if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
130 		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
131 		goto failure;
132 	}
133 
134 	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
135 	    SSL_FILETYPE_PEM) != 1) {
136 		fprintf(stderr, "Failed to load server certificate");
137 		goto failure;
138 	}
139 	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
140 	    SSL_FILETYPE_PEM) != 1) {
141 		fprintf(stderr, "Failed to load server private key");
142 		goto failure;
143 	}
144 
145 	SSL_CTX_set_dh_auto(ssl_ctx, 1);
146 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
147 
148 	SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
149 	SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
150 
151 	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
152 		fprintf(stderr, "SSL_new() returned NULL\n");
153 		goto failure;
154 	}
155 
156 	rbio->references = 2;
157 	wbio->references = 2;
158 
159 	SSL_set_bio(ssl, rbio, wbio);
160 
161 	if (SSL_accept(ssl) != 0) {
162 		fprintf(stderr, "SSL_accept() returned non-zero\n");
163 		ERR_print_errors_fp(stderr);
164 		goto failure;
165 	}
166 
167 	ret = 0;
168 
169  failure:
170 	SSL_CTX_free(ssl_ctx);
171 	SSL_free(ssl);
172 
173 	rbio->references = 1;
174 	wbio->references = 1;
175 
176 	BIO_free(rbio);
177 	BIO_free(wbio);
178 
179 	return (ret);
180 }
181 
182 int
183 main(int argc, char **argv)
184 {
185 	int failed = 0;
186 	size_t i;
187 
188 	if (argc != 4) {
189 		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
190 		    argv[0]);
191 		exit(1);
192 	}
193 
194 	server_key_file = argv[1];
195 	server_cert_file = argv[2];
196 	server_ca_file = argv[3];
197 
198 	SSL_library_init();
199 	SSL_load_error_strings();
200 
201 	for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
202 		failed |= server_hello_test(i, &server_hello_tests[i]);
203 
204 	return (failed);
205 }
206