Test TLS interoperability between LibreSSL and OpenSSL.

Implement simple SSL client and server in C. Create four binaries by linking them with LibreSSL or OpenSSL. This way API compatibility is tested. Connect and accept with netcat to test protocol compatibility with libtls. Currently OpenSSL 1.0.2p from ports is used. Plan is to move to OpenSSL 1.1 and and test TLS 1.3. idea from beck@; help from jsing@
author: bluhm <> 2018-11-07 01:08:49 +0000
committer: bluhm <> 2018-11-07 01:08:49 +0000
commit: be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b (patch)
tree: a8266eebb496a361bb45e73920260a5f766bd201 /src/regress/lib/libssl/interop/client.c
parent: 29618fb6c2a365d42aec39a074aba2f6dc4934d9 (diff)
download: openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.gz
openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.bz2
openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.zip
1 files changed, 136 insertions, 0 deletions
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
new file mode 100644
index 0000000000..d4d4f1e94d
--- /dev/null
+++ b/src/regress/lib/libssl/interop/client.c
@@ -0,0 +1,136 @@
+/*      $OpenBSD: client.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $    */
+/*
+ * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <err.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include "util.h"
+void __dead usage(void);
+void __dead
+usage(void)
+{
+        fprintf(stderr, "usage: client host port");
+        exit(2);
+}
+int
+main(int argc, char *argv[])
+{
+        const SSL_METHOD *method;
+        SSL_CTX *ctx;
+        SSL *ssl;
+        BIO *bio;
+        SSL_SESSION *session;
+        int error;
+        char buf[256];
+        char *host_port, *host, *port;
+        if (argc == 3) {
+                host = argv[1];
+                port = argv[2];
+        } else {
+                usage();
+        }
+        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
+            host, port) == -1)
+                err(1, "asprintf host port");
+        SSL_library_init();
+        SSL_load_error_strings();
+        /* setup method and context */
+        method = SSLv23_client_method();
+        if (method == NULL)
+                err_ssl(1, "SSLv23_client_method");
+        ctx = SSL_CTX_new(method);
+        if (ctx == NULL)
+                err_ssl(1, "SSL_CTX_new");
+        /* setup ssl and bio for socket operations */
+        ssl = SSL_new(ctx);
+        if (ssl == NULL)
+                err_ssl(1, "SSL_new");
+        bio = BIO_new_connect(host_port);
+        if (bio == NULL)
+                err_ssl(1, "BIO_new_connect");
+        print_ciphers(SSL_get_ciphers(ssl));
+        /* connect */
+        if (BIO_do_connect(bio) <= 0)
+                err_ssl(1, "BIO_do_connect");
+        printf("connect ");
+        print_sockname(bio);
+        printf("connect ");
+        print_peername(bio);
+        /* do ssl client handshake */
+        SSL_set_bio(ssl, bio, bio);
+        if ((error = SSL_connect(ssl)) <= 0)
+                err_ssl(1, "SSL_connect %d", error);
+        /* print session statistics */
+        session = SSL_get_session(ssl);
+        if (session == NULL)
+                err_ssl(1, "SSL_get_session");
+        if (SSL_SESSION_print_fp(stdout, session) <= 0)
+                err_ssl(1, "SSL_SESSION_print_fp");
+        /* read server greeting and write client hello over TLS connection */
+        if ((error = SSL_read(ssl, buf, 9)) <= 0)
+                err_ssl(1, "SSL_read %d", error);
+        if (error != 9)
+                errx(1, "read not 9 bytes greeting: %d", error);
+        buf[9] = '\0';
+        printf("<<< %s", buf);
+        if (fflush(stdout) != 0)
+                err(1, "fflush stdout");
+        strlcpy(buf, "hello\n", sizeof(buf));
+        printf(">>> %s", buf);
+        if (fflush(stdout) != 0)
+                err(1, "fflush stdout");
+        if ((error = SSL_write(ssl, buf, 6)) <= 0)
+                err_ssl(1, "SSL_write %d", error);
+        if (error != 6)
+                errx(1, "write not 6 bytes hello: %d", error);
+        /* shutdown connection */
+        if ((error = SSL_shutdown(ssl)) < 0)
+                err_ssl(1, "SSL_shutdown unidirectional %d", error);
+        if (error <= 0) {
+                if ((error = SSL_shutdown(ssl)) <= 0)
+                        err_ssl(1, "SSL_shutdown bidirectional %d", error);
+        }
+        /* cleanup and free resources */
+        SSL_free(ssl);
+        SSL_CTX_free(ctx);
+        printf("success\n");
+        return 0;
+}
author	bluhm <>	2018-11-07 01:08:49 +0000
committer	bluhm <>	2018-11-07 01:08:49 +0000
commit	be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b (patch)
tree	a8266eebb496a361bb45e73920260a5f766bd201 /src/regress/lib/libssl/interop/client.c
parent	29618fb6c2a365d42aec39a074aba2f6dc4934d9 (diff)
download	openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.gz openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.bz2 openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.zip

diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c new file mode 100644 index 0000000000..d4d4f1e94d --- /dev/null +++ b/src/regress/lib/libssl/interop/client.c
@@ -0,0 +1,136 @@
	1	/* $OpenBSD: client.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ */
	2	/*
	3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <sys/types.h>
	19	#include <sys/socket.h>
	20
	21	#include <err.h>
	22	#include <netdb.h>
	23	#include <stdio.h>
	24	#include <unistd.h>
	25
	26	#include <openssl/err.h>
	27	#include <openssl/ssl.h>
	28
	29	#include "util.h"
	30
	31	void __dead usage(void);
	32
	33	void __dead
	34	usage(void)
	35	{
	36	fprintf(stderr, "usage: client host port");
	37	exit(2);
	38	}
	39
	40	int
	41	main(int argc, char *argv[])
	42	{
	43	const SSL_METHOD *method;
	44	SSL_CTX *ctx;
	45	SSL *ssl;
	46	BIO *bio;
	47	SSL_SESSION *session;
	48	int error;
	49	char buf[256];
	50	char host_port, host, *port;
	51
	52	if (argc == 3) {
	53	host = argv[1];
	54	port = argv[2];
	55	} else {
	56	usage();
	57	}
	58	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
	59	host, port) == -1)
	60	err(1, "asprintf host port");
	61
	62	SSL_library_init();
	63	SSL_load_error_strings();
	64
	65	/* setup method and context */
	66	method = SSLv23_client_method();
	67	if (method == NULL)
	68	err_ssl(1, "SSLv23_client_method");
	69	ctx = SSL_CTX_new(method);
	70	if (ctx == NULL)
	71	err_ssl(1, "SSL_CTX_new");
	72
	73	/* setup ssl and bio for socket operations */
	74	ssl = SSL_new(ctx);
	75	if (ssl == NULL)
	76	err_ssl(1, "SSL_new");
	77	bio = BIO_new_connect(host_port);
	78	if (bio == NULL)
	79	err_ssl(1, "BIO_new_connect");
	80
	81	print_ciphers(SSL_get_ciphers(ssl));
	82
	83	/* connect */
	84	if (BIO_do_connect(bio) <= 0)
	85	err_ssl(1, "BIO_do_connect");
	86	printf("connect ");
	87	print_sockname(bio);
	88	printf("connect ");
	89	print_peername(bio);
	90
	91	/* do ssl client handshake */
	92	SSL_set_bio(ssl, bio, bio);
	93	if ((error = SSL_connect(ssl)) <= 0)
	94	err_ssl(1, "SSL_connect %d", error);
	95
	96	/* print session statistics */
	97	session = SSL_get_session(ssl);
	98	if (session == NULL)
	99	err_ssl(1, "SSL_get_session");
	100	if (SSL_SESSION_print_fp(stdout, session) <= 0)
	101	err_ssl(1, "SSL_SESSION_print_fp");
	102
	103	/* read server greeting and write client hello over TLS connection */
	104	if ((error = SSL_read(ssl, buf, 9)) <= 0)
	105	err_ssl(1, "SSL_read %d", error);
	106	if (error != 9)
	107	errx(1, "read not 9 bytes greeting: %d", error);
	108	buf[9] = '\0';
	109	printf("<<< %s", buf);
	110	if (fflush(stdout) != 0)
	111	err(1, "fflush stdout");
	112	strlcpy(buf, "hello\n", sizeof(buf));
	113	printf(">>> %s", buf);
	114	if (fflush(stdout) != 0)
	115	err(1, "fflush stdout");
	116	if ((error = SSL_write(ssl, buf, 6)) <= 0)
	117	err_ssl(1, "SSL_write %d", error);
	118	if (error != 6)
	119	errx(1, "write not 6 bytes hello: %d", error);
	120
	121	/* shutdown connection */
	122	if ((error = SSL_shutdown(ssl)) < 0)
	123	err_ssl(1, "SSL_shutdown unidirectional %d", error);
	124	if (error <= 0) {
	125	if ((error = SSL_shutdown(ssl)) <= 0)
	126	err_ssl(1, "SSL_shutdown bidirectional %d", error);
	127	}
	128
	129	/* cleanup and free resources */
	130	SSL_free(ssl);
	131	SSL_CTX_free(ctx);
	132
	133	printf("success\n");
	134
	135	return 0;
	136	}