Test TLS interoperability between LibreSSL and OpenSSL.

Implement simple SSL client and server in C. Create four binaries by linking them with LibreSSL or OpenSSL. This way API compatibility is tested. Connect and accept with netcat to test protocol compatibility with libtls. Currently OpenSSL 1.0.2p from ports is used. Plan is to move to OpenSSL 1.1 and and test TLS 1.3. idea from beck@; help from jsing@
author: bluhm <> 2018-11-07 01:08:49 +0000
committer: bluhm <> 2018-11-07 01:08:49 +0000
commit: be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b (patch)
tree: a8266eebb496a361bb45e73920260a5f766bd201 /src/regress/lib/libssl/interop/server.c
parent: 29618fb6c2a365d42aec39a074aba2f6dc4934d9 (diff)
download: openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.gz
openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.bz2
openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.zip
1 files changed, 161 insertions, 0 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
new file mode 100644
index 0000000000..862ca21fcb
--- /dev/null
+++ b/src/regress/lib/libssl/interop/server.c
@@ -0,0 +1,161 @@
+/*      $OpenBSD: server.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $    */
+/*
+ * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <err.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include "util.h"
+void __dead usage(void);
+void __dead
+usage(void)
+{
+        fprintf(stderr, "usage: server [host port]");
+        exit(2);
+}
+int
+main(int argc, char *argv[])
+{
+        const SSL_METHOD *method;
+        SSL_CTX *ctx;
+        SSL *ssl;
+        BIO *bio;
+        SSL_SESSION *session;
+        int error;
+        char buf[256];
+        char *crt, *key, *host_port, *host = "127.0.0.1", *port = "0";
+        if (argc == 3) {
+                host = argv[1];
+                port = argv[2];
+        } else if (argc != 1) {
+                usage();
+        }
+        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
+            host, port) == -1)
+                err(1, "asprintf host port");
+        if (asprintf(&crt, "%s.crt", host) == -1)
+                err(1, "asprintf crt");
+        if (asprintf(&key, "%s.key", host) == -1)
+                err(1, "asprintf key");
+        SSL_library_init();
+        SSL_load_error_strings();
+        /* setup method and context */
+        method = SSLv23_server_method();
+        if (method == NULL)
+                err_ssl(1, "SSLv23_server_method");
+        ctx = SSL_CTX_new(method);
+        if (ctx == NULL)
+                err_ssl(1, "SSL_CTX_new");
+        /* needed when linking with OpenSSL 1.0.2p */
+        if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
+                err_ssl(1, "SSL_CTX_set_ecdh_auto");
+        /* load server certificate */
+        if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
+                err_ssl(1, "SSL_CTX_use_certificate_file");
+        if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
+                err_ssl(1, "SSL_CTX_use_PrivateKey_file");
+        if (SSL_CTX_check_private_key(ctx) <= 0)
+                err_ssl(1, "SSL_CTX_check_private_key");
+        /* setup ssl and bio for socket operations */
+        ssl = SSL_new(ctx);
+        if (ssl == NULL)
+                err_ssl(1, "SSL_new");
+        bio = BIO_new_accept(host_port);
+        if (bio == NULL)
+                err_ssl(1, "BIO_new_accept");
+        print_ciphers(SSL_get_ciphers(ssl));
+        /* bind, listen */
+        if (BIO_do_accept(bio) <= 0)
+                err_ssl(1, "BIO_do_accept setup");
+        printf("listen ");
+        print_sockname(bio);
+        /* fork to background and accept */
+        if (daemon(1, 1) == -1)
+                err(1, "daemon");
+        if (BIO_do_accept(bio) <= 0)
+                err_ssl(1, "BIO_do_accept wait");
+        bio = BIO_pop(bio);
+        printf("accept ");
+        print_sockname(bio);
+        printf("accept ");
+        print_peername(bio);
+        /* do ssl server handshake */
+        SSL_set_bio(ssl, bio, bio);
+        if ((error = SSL_accept(ssl)) <= 0)
+                err_ssl(1, "SSL_accept %d", error);
+        /* print session statistics */
+        session = SSL_get_session(ssl);
+        if (session == NULL)
+                err_ssl(1, "SSL_get_session");
+        if (SSL_SESSION_print_fp(stdout, session) <= 0)
+                err_ssl(1, "SSL_SESSION_print_fp");
+        /* write server greeting and read client hello over TLS connection */
+        strlcpy(buf, "greeting\n", sizeof(buf));
+        printf(">>> %s", buf);
+        if (fflush(stdout) != 0)
+                err(1, "fflush stdout");
+        if ((error = SSL_write(ssl, buf, 9)) <= 0)
+                err_ssl(1, "SSL_write %d", error);
+        if (error != 9)
+                errx(1, "write not 9 bytes greeting: %d", error);
+        if ((error = SSL_read(ssl, buf, 6)) <= 0)
+                err_ssl(1, "SSL_read %d", error);
+        if (error != 6)
+                errx(1, "read not 6 bytes hello: %d", error);
+        buf[6] = '\0';
+        printf("<<< %s", buf);
+        if (fflush(stdout) != 0)
+                err(1, "fflush stdout");
+        /* shutdown connection */
+        if ((error = SSL_shutdown(ssl)) < 0)
+                err_ssl(1, "SSL_shutdown unidirectional %d", error);
+        if (error <= 0) {
+                if ((error = SSL_shutdown(ssl)) <= 0)
+                        err_ssl(1, "SSL_shutdown bidirectional %d", error);
+        }
+        /* cleanup and free resources */
+        SSL_free(ssl);
+        SSL_CTX_free(ctx);
+        printf("success\n");
+        return 0;
+}
author	bluhm <>	2018-11-07 01:08:49 +0000
committer	bluhm <>	2018-11-07 01:08:49 +0000
commit	be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b (patch)
tree	a8266eebb496a361bb45e73920260a5f766bd201 /src/regress/lib/libssl/interop/server.c
parent	29618fb6c2a365d42aec39a074aba2f6dc4934d9 (diff)
download	openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.gz openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.tar.bz2 openbsd-be03b61c1b8f59ccdd34dbe5f6c6b30de697d28b.zip

diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c new file mode 100644 index 0000000000..862ca21fcb --- /dev/null +++ b/src/regress/lib/libssl/interop/server.c
@@ -0,0 +1,161 @@
	1	/* $OpenBSD: server.c,v 1.1.1.1 2018/11/07 01:08:49 bluhm Exp $ */
	2	/*
	3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <sys/types.h>
	19	#include <sys/socket.h>
	20
	21	#include <err.h>
	22	#include <netdb.h>
	23	#include <stdio.h>
	24	#include <unistd.h>
	25
	26	#include <openssl/err.h>
	27	#include <openssl/ssl.h>
	28
	29	#include "util.h"
	30
	31	void __dead usage(void);
	32
	33	void __dead
	34	usage(void)
	35	{
	36	fprintf(stderr, "usage: server [host port]");
	37	exit(2);
	38	}
	39
	40	int
	41	main(int argc, char *argv[])
	42	{
	43	const SSL_METHOD *method;
	44	SSL_CTX *ctx;
	45	SSL *ssl;
	46	BIO *bio;
	47	SSL_SESSION *session;
	48	int error;
	49	char buf[256];
	50	char crt, key, host_port, host = "127.0.0.1", *port = "0";
	51
	52	if (argc == 3) {
	53	host = argv[1];
	54	port = argv[2];
	55	} else if (argc != 1) {
	56	usage();
	57	}
	58	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
	59	host, port) == -1)
	60	err(1, "asprintf host port");
	61	if (asprintf(&crt, "%s.crt", host) == -1)
	62	err(1, "asprintf crt");
	63	if (asprintf(&key, "%s.key", host) == -1)
	64	err(1, "asprintf key");
	65
	66	SSL_library_init();
	67	SSL_load_error_strings();
	68
	69	/* setup method and context */
	70	method = SSLv23_server_method();
	71	if (method == NULL)
	72	err_ssl(1, "SSLv23_server_method");
	73	ctx = SSL_CTX_new(method);
	74	if (ctx == NULL)
	75	err_ssl(1, "SSL_CTX_new");
	76
	77	/* needed when linking with OpenSSL 1.0.2p */
	78	if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
	79	err_ssl(1, "SSL_CTX_set_ecdh_auto");
	80
	81	/* load server certificate */
	82	if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
	83	err_ssl(1, "SSL_CTX_use_certificate_file");
	84	if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
	85	err_ssl(1, "SSL_CTX_use_PrivateKey_file");
	86	if (SSL_CTX_check_private_key(ctx) <= 0)
	87	err_ssl(1, "SSL_CTX_check_private_key");
	88
	89	/* setup ssl and bio for socket operations */
	90	ssl = SSL_new(ctx);
	91	if (ssl == NULL)
	92	err_ssl(1, "SSL_new");
	93	bio = BIO_new_accept(host_port);
	94	if (bio == NULL)
	95	err_ssl(1, "BIO_new_accept");
	96
	97	print_ciphers(SSL_get_ciphers(ssl));
	98
	99	/* bind, listen */
	100	if (BIO_do_accept(bio) <= 0)
	101	err_ssl(1, "BIO_do_accept setup");
	102	printf("listen ");
	103	print_sockname(bio);
	104
	105	/* fork to background and accept */
	106	if (daemon(1, 1) == -1)
	107	err(1, "daemon");
	108	if (BIO_do_accept(bio) <= 0)
	109	err_ssl(1, "BIO_do_accept wait");
	110	bio = BIO_pop(bio);
	111	printf("accept ");
	112	print_sockname(bio);
	113	printf("accept ");
	114	print_peername(bio);
	115
	116	/* do ssl server handshake */
	117	SSL_set_bio(ssl, bio, bio);
	118	if ((error = SSL_accept(ssl)) <= 0)
	119	err_ssl(1, "SSL_accept %d", error);
	120
	121	/* print session statistics */
	122	session = SSL_get_session(ssl);
	123	if (session == NULL)
	124	err_ssl(1, "SSL_get_session");
	125	if (SSL_SESSION_print_fp(stdout, session) <= 0)
	126	err_ssl(1, "SSL_SESSION_print_fp");
	127
	128	/* write server greeting and read client hello over TLS connection */
	129	strlcpy(buf, "greeting\n", sizeof(buf));
	130	printf(">>> %s", buf);
	131	if (fflush(stdout) != 0)
	132	err(1, "fflush stdout");
	133	if ((error = SSL_write(ssl, buf, 9)) <= 0)
	134	err_ssl(1, "SSL_write %d", error);
	135	if (error != 9)
	136	errx(1, "write not 9 bytes greeting: %d", error);
	137	if ((error = SSL_read(ssl, buf, 6)) <= 0)
	138	err_ssl(1, "SSL_read %d", error);
	139	if (error != 6)
	140	errx(1, "read not 6 bytes hello: %d", error);
	141	buf[6] = '\0';
	142	printf("<<< %s", buf);
	143	if (fflush(stdout) != 0)
	144	err(1, "fflush stdout");
	145
	146	/* shutdown connection */
	147	if ((error = SSL_shutdown(ssl)) < 0)
	148	err_ssl(1, "SSL_shutdown unidirectional %d", error);
	149	if (error <= 0) {
	150	if ((error = SSL_shutdown(ssl)) <= 0)
	151	err_ssl(1, "SSL_shutdown bidirectional %d", error);
	152	}
	153
	154	/* cleanup and free resources */
	155	SSL_free(ssl);
	156	SSL_CTX_free(ctx);
	157
	158	printf("success\n");
	159
	160	return 0;
	161	}