xref: /openbsd/regress/lib/libssl/server/servertest.c (revision 09467b48) 
1 /* $OpenBSD: servertest.c,v 1.3 2020/05/11 18:18:21 jsing Exp $ */
2 /*
3  * Copyright (c) 2015, 2016, 2017 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <openssl/ssl.h>
19 
20 #include <openssl/err.h>
21 #include <openssl/dtls1.h>
22 #include <openssl/ssl3.h>
23 
24 #include <err.h>
25 #include <stdio.h>
26 #include <string.h>
27 
28 const SSL_METHOD *tls_legacy_server_method(void);
29 
30 char *server_ca_file;
31 char *server_cert_file;
32 char *server_key_file;
33 
34 static unsigned char sslv2_client_hello_tls10[] = {
35 	0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00,
36 	0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00,
37 	0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00,
38 	0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33,
39 	0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00,
40 	0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00,
41 	0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62,
42 	0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00,
43 	0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00,
44 	0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14,
45 	0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00,
46 	0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26,
47 	0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76,
48 	0xc8, 0x73, 0xad, 0x9c,
49 };
50 
51 static unsigned char sslv2_client_hello_tls12[] = {
52 	0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00,
53 	0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00,
54 	0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00,
55 	0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69,
56 	0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00,
57 	0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00,
58 	0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86,
59 	0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00,
60 	0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00,
61 	0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0,
62 	0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00,
63 	0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00,
64 	0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31,
65 	0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00,
66 	0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00,
67 	0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43,
68 	0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00,
69 	0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00,
70 	0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05,
71 	0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00,
72 	0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00,
73 	0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90,
74 	0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11,
75 	0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27,
76 	0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5,
77 	0x4e, 0x7d, 0x9d, 0x9c, 0x52,
78 };
79 
80 struct server_hello_test {
81 	const unsigned char *desc;
82 	unsigned char *client_hello;
83 	const size_t client_hello_len;
84 	const SSL_METHOD *(*ssl_method)(void);
85 	const long ssl_clear_options;
86 	const long ssl_set_options;
87 };
88 
89 static struct server_hello_test server_hello_tests[] = {
90 	{
91 		.desc = "TLSv1.0 in SSLv2 record",
92 		.client_hello = sslv2_client_hello_tls10,
93 		.client_hello_len = sizeof(sslv2_client_hello_tls10),
94 		.ssl_method = tls_legacy_server_method,
95 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
96 		.ssl_set_options = 0,
97 	},
98 	{
99 		.desc = "TLSv1.2 in SSLv2 record",
100 		.client_hello = sslv2_client_hello_tls12,
101 		.client_hello_len = sizeof(sslv2_client_hello_tls12),
102 		.ssl_method = tls_legacy_server_method,
103 		.ssl_clear_options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
104 		.ssl_set_options = 0,
105 	},
106 };
107 
108 #define N_SERVER_HELLO_TESTS \
109     (sizeof(server_hello_tests) / sizeof(*server_hello_tests))
110 
111 static int
112 server_hello_test(int testno, struct server_hello_test *sht)
113 {
114 	BIO *rbio = NULL, *wbio = NULL;
115 	SSL_CTX *ssl_ctx = NULL;
116 	SSL *ssl = NULL;
117 	int ret = 1;
118 
119 	fprintf(stderr, "Test %i - %s\n", testno, sht->desc);
120 
121 	if ((rbio = BIO_new_mem_buf(sht->client_hello,
122 	    sht->client_hello_len)) == NULL) {
123 		fprintf(stderr, "Failed to setup rbio\n");
124 		goto failure;
125 	}
126 	if ((wbio = BIO_new(BIO_s_mem())) == NULL) {
127 		fprintf(stderr, "Failed to setup wbio\n");
128 		goto failure;
129 	}
130 
131 	if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) {
132 		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
133 		goto failure;
134 	}
135 
136 	if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file,
137 	    SSL_FILETYPE_PEM) != 1) {
138 		fprintf(stderr, "Failed to load server certificate");
139 		goto failure;
140 	}
141 	if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file,
142 	    SSL_FILETYPE_PEM) != 1) {
143 		fprintf(stderr, "Failed to load server private key");
144 		goto failure;
145 	}
146 
147 	SSL_CTX_set_dh_auto(ssl_ctx, 1);
148 	SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
149 
150 	SSL_CTX_clear_options(ssl_ctx, sht->ssl_clear_options);
151 	SSL_CTX_set_options(ssl_ctx, sht->ssl_set_options);
152 
153 	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
154 		fprintf(stderr, "SSL_new() returned NULL\n");
155 		goto failure;
156 	}
157 
158 	rbio->references = 2;
159 	wbio->references = 2;
160 
161 	SSL_set_bio(ssl, rbio, wbio);
162 
163 	if (SSL_accept(ssl) != 0) {
164 		fprintf(stderr, "SSL_accept() returned non-zero\n");
165 		ERR_print_errors_fp(stderr);
166 		goto failure;
167 	}
168 
169 	ret = 0;
170 
171  failure:
172 	SSL_CTX_free(ssl_ctx);
173 	SSL_free(ssl);
174 
175 	rbio->references = 1;
176 	wbio->references = 1;
177 
178 	BIO_free(rbio);
179 	BIO_free(wbio);
180 
181 	return (ret);
182 }
183 
184 int
185 main(int argc, char **argv)
186 {
187 	int failed = 0;
188 	size_t i;
189 
190 	if (argc != 4) {
191 		fprintf(stderr, "usage: %s keyfile certfile cafile\n",
192 		    argv[0]);
193 		exit(1);
194 	}
195 
196 	server_key_file = argv[1];
197 	server_cert_file = argv[2];
198 	server_ca_file = argv[3];
199 
200 	SSL_library_init();
201 	SSL_load_error_strings();
202 
203 	for (i = 0; i < N_SERVER_HELLO_TESTS; i++)
204 		failed |= server_hello_test(i, &server_hello_tests[i]);
205 
206 	return (failed);
207 }
208