Add -peekaboo option to s_client, to test SSL_peek

peeks data before reading, compares to subsequent read. ok jsing@
author: beck <> 2020-01-22 04:51:48 +0000
committer: beck <> 2020-01-22 04:51:48 +0000
commit: aa63e39fdcbb655a32b0cd7bf602f7f051f03e52 (patch)
tree: 7287082ee677d1768e85bf90919ec7b9665b3391 /src
parent: 24920ea442ae11d098818346d1b92cbf95582783 (diff)
download: openbsd-aa63e39fdcbb655a32b0cd7bf602f7f051f03e52.tar.gz
openbsd-aa63e39fdcbb655a32b0cd7bf602f7f051f03e52.tar.bz2
openbsd-aa63e39fdcbb655a32b0cd7bf602f7f051f03e52.zip
1 files changed, 66 insertions, 4 deletions
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 23bf67e695..2cb9e26b59 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.38 2019/06/28 13:35:02 deraadt Exp $ */
+/* $OpenBSD: s_client.c,v 1.39 2020/01/22 04:51:48 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -292,10 +292,11 @@ s_client_main(int argc, char **argv)
 {
        unsigned int off = 0, clr = 0;
        SSL *con = NULL;
-        int s, k, state = 0, af = AF_UNSPEC;
+        int s, k, p, state = 0, af = AF_UNSPEC;
-        char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
+        char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL, *pbuf = NULL;
        int cbuf_len, cbuf_off;
        int sbuf_len, sbuf_off;
+        int pbuf_len, pbuf_off;
        char *port = PORT_STR;
        int full_log = 1;
        char *host = SSL_HOST_NAME;
@@ -314,6 +315,7 @@ s_client_main(int argc, char **argv)
        int ret = 1, in_init = 1, i, nbio_test = 0;
        int starttls_proto = PROTO_OFF;
        int prexit = 0;
+        int peekaboo = 0;
        X509_VERIFY_PARAM *vpm = NULL;
        int badarg = 0;
        const SSL_METHOD *meth = NULL;
@@ -351,6 +353,7 @@ s_client_main(int argc, char **argv)
        if (((cbuf = malloc(BUFSIZZ)) == NULL) ||
            ((sbuf = malloc(BUFSIZZ)) == NULL) ||
+            ((pbuf = malloc(BUFSIZZ)) == NULL) ||
            ((mbuf = malloc(BUFSIZZ + 1)) == NULL)) {   /* NUL byte */
                BIO_printf(bio_err, "out of memory\n");
                goto end;
@@ -415,6 +418,8 @@ s_client_main(int argc, char **argv)
                        verify_return_error = 1;
                else if (strcmp(*argv, "-prexit") == 0)
                        prexit = 1;
+                else if (strcmp(*argv, "-peekaboo") == 0)
+                        peekaboo = 1;
                else if (strcmp(*argv, "-crlf") == 0)
                        crlf = 1;
                else if (strcmp(*argv, "-quiet") == 0) {
@@ -825,6 +830,8 @@ re_start:
        cbuf_off = 0;
        sbuf_len = 0;
        sbuf_off = 0;
+        pbuf_len = 0;
+        pbuf_off = 0;
        /* This is an ugly hack that does a lot of assumptions */
        /*
@@ -1114,6 +1121,47 @@ re_start:
                                }
                        }
 #endif
+                        if (peekaboo) {
+                                p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ );
+                                switch (SSL_get_error(con, k)) {
+                                case SSL_ERROR_NONE:
+                                        if (p <= 0)
+                                                goto end;
+                                        pbuf_off = 0;
+                                        pbuf_len = p;
+                                        break;
+                                case SSL_ERROR_WANT_WRITE:
+                                        BIO_printf(bio_c_out, "peek W BLOCK\n");
+                                        write_ssl = 1;
+                                        read_tty = 0;
+                                        break;
+                                case SSL_ERROR_WANT_READ:
+                                        BIO_printf(bio_c_out, "peek R BLOCK\n");
+                                        write_tty = 0;
+                                        read_ssl = 1;
+                                        if ((read_tty == 0) && (write_ssl == 0))
+                                                write_ssl = 1;
+                                        break;
+                                case SSL_ERROR_WANT_X509_LOOKUP:
+                                        BIO_printf(bio_c_out, "peek X BLOCK\n");
+                                        break;
+                                case SSL_ERROR_SYSCALL:
+                                        ret = errno;
+                                        BIO_printf(bio_err, "peek:errno=%d\n", ret);
+                                        goto shut;
+                                case SSL_ERROR_ZERO_RETURN:
+                                        BIO_printf(bio_c_out, "peek closed\n");
+                                        ret = 0;
+                                        goto shut;
+                                case SSL_ERROR_SSL:
+                                        ERR_print_errors(bio_err);
+                                        goto shut;
+                                        /* break; */
+                                }
+                        }
                        k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
                        switch (SSL_get_error(con, k)) {
@@ -1122,7 +1170,21 @@ re_start:
                                        goto end;
                                sbuf_off = 0;
                                sbuf_len = k;
+                                if (peekaboo) {
+                                        if (k < p) {
+                                                ret = -1;
+                                                BIO_printf(bio_err,
+                                                    "read less than peek!\n");
+                                                goto shut;
+                                        }
+                                        if (p > 0 && (memcmp(sbuf, pbuf, p) != 0)) {
+                                                ret = -1;
+                                                BIO_printf(bio_err,
+                                                    "peek of %d different from read of %d!\n",
+                                                    p, k);
+                                                goto shut;
+                                        }
+                                }
                                read_ssl = 0;
                                write_tty = 1;
                                break;
author	beck <>	2020-01-22 04:51:48 +0000
committer	beck <>	2020-01-22 04:51:48 +0000
commit	aa63e39fdcbb655a32b0cd7bf602f7f051f03e52 (patch)
tree	7287082ee677d1768e85bf90919ec7b9665b3391 /src
parent	24920ea442ae11d098818346d1b92cbf95582783 (diff)
download	openbsd-aa63e39fdcbb655a32b0cd7bf602f7f051f03e52.tar.gz openbsd-aa63e39fdcbb655a32b0cd7bf602f7f051f03e52.tar.bz2 openbsd-aa63e39fdcbb655a32b0cd7bf602f7f051f03e52.zip

diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c index 23bf67e695..2cb9e26b59 100644 --- a/src/usr.bin/openssl/s_client.c +++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s_client.c,v 1.38 2019/06/28 13:35:02 deraadt Exp $ */	1	/* $OpenBSD: s_client.c,v 1.39 2020/01/22 04:51:48 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -292,10 +292,11 @@ s_client_main(int argc, char **argv)
292	{	292	{
293	unsigned int off = 0, clr = 0;	293	unsigned int off = 0, clr = 0;
294	SSL *con = NULL;	294	SSL *con = NULL;
295	int s, k, state = 0, af = AF_UNSPEC;	295	int s, k, p, state = 0, af = AF_UNSPEC;
296	char cbuf = NULL, sbuf = NULL, *mbuf = NULL;	296	char cbuf = NULL, sbuf = NULL, mbuf = NULL, pbuf = NULL;
297	int cbuf_len, cbuf_off;	297	int cbuf_len, cbuf_off;
298	int sbuf_len, sbuf_off;	298	int sbuf_len, sbuf_off;
		299	int pbuf_len, pbuf_off;
299	char *port = PORT_STR;	300	char *port = PORT_STR;
300	int full_log = 1;	301	int full_log = 1;
301	char *host = SSL_HOST_NAME;	302	char *host = SSL_HOST_NAME;
@@ -314,6 +315,7 @@ s_client_main(int argc, char **argv)
314	int ret = 1, in_init = 1, i, nbio_test = 0;	315	int ret = 1, in_init = 1, i, nbio_test = 0;
315	int starttls_proto = PROTO_OFF;	316	int starttls_proto = PROTO_OFF;
316	int prexit = 0;	317	int prexit = 0;
		318	int peekaboo = 0;
317	X509_VERIFY_PARAM *vpm = NULL;	319	X509_VERIFY_PARAM *vpm = NULL;
318	int badarg = 0;	320	int badarg = 0;
319	const SSL_METHOD *meth = NULL;	321	const SSL_METHOD *meth = NULL;
@@ -351,6 +353,7 @@ s_client_main(int argc, char **argv)
351		353
352	if (((cbuf = malloc(BUFSIZZ)) == NULL) \|\|	354	if (((cbuf = malloc(BUFSIZZ)) == NULL) \|\|
353	((sbuf = malloc(BUFSIZZ)) == NULL) \|\|	355	((sbuf = malloc(BUFSIZZ)) == NULL) \|\|
		356	((pbuf = malloc(BUFSIZZ)) == NULL) \|\|
354	((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */	357	((mbuf = malloc(BUFSIZZ + 1)) == NULL)) { /* NUL byte */
355	BIO_printf(bio_err, "out of memory\n");	358	BIO_printf(bio_err, "out of memory\n");
356	goto end;	359	goto end;
@@ -415,6 +418,8 @@ s_client_main(int argc, char **argv)
415	verify_return_error = 1;	418	verify_return_error = 1;
416	else if (strcmp(*argv, "-prexit") == 0)	419	else if (strcmp(*argv, "-prexit") == 0)
417	prexit = 1;	420	prexit = 1;
		421	else if (strcmp(*argv, "-peekaboo") == 0)
		422	peekaboo = 1;
418	else if (strcmp(*argv, "-crlf") == 0)	423	else if (strcmp(*argv, "-crlf") == 0)
419	crlf = 1;	424	crlf = 1;
420	else if (strcmp(*argv, "-quiet") == 0) {	425	else if (strcmp(*argv, "-quiet") == 0) {
@@ -825,6 +830,8 @@ re_start:
825	cbuf_off = 0;	830	cbuf_off = 0;
826	sbuf_len = 0;	831	sbuf_len = 0;
827	sbuf_off = 0;	832	sbuf_off = 0;
		833	pbuf_len = 0;
		834	pbuf_off = 0;
828		835
829	/* This is an ugly hack that does a lot of assumptions */	836	/* This is an ugly hack that does a lot of assumptions */
830	/*	837	/*
@@ -1114,6 +1121,47 @@ re_start:
1114	}	1121	}
1115	}	1122	}
1116	#endif	1123	#endif
		1124	if (peekaboo) {
		1125	p = SSL_peek(con, pbuf, 1024 /* BUFSIZZ */ );
		1126
		1127	switch (SSL_get_error(con, k)) {
		1128	case SSL_ERROR_NONE:
		1129	if (p <= 0)
		1130	goto end;
		1131	pbuf_off = 0;
		1132	pbuf_len = p;
		1133
		1134	break;
		1135	case SSL_ERROR_WANT_WRITE:
		1136	BIO_printf(bio_c_out, "peek W BLOCK\n");
		1137	write_ssl = 1;
		1138	read_tty = 0;
		1139	break;
		1140	case SSL_ERROR_WANT_READ:
		1141	BIO_printf(bio_c_out, "peek R BLOCK\n");
		1142	write_tty = 0;
		1143	read_ssl = 1;
		1144	if ((read_tty == 0) && (write_ssl == 0))
		1145	write_ssl = 1;
		1146	break;
		1147	case SSL_ERROR_WANT_X509_LOOKUP:
		1148	BIO_printf(bio_c_out, "peek X BLOCK\n");
		1149	break;
		1150	case SSL_ERROR_SYSCALL:
		1151	ret = errno;
		1152	BIO_printf(bio_err, "peek:errno=%d\n", ret);
		1153	goto shut;
		1154	case SSL_ERROR_ZERO_RETURN:
		1155	BIO_printf(bio_c_out, "peek closed\n");
		1156	ret = 0;
		1157	goto shut;
		1158	case SSL_ERROR_SSL:
		1159	ERR_print_errors(bio_err);
		1160	goto shut;
		1161	/* break; */
		1162	}
		1163	}
		1164
1117	k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );	1165	k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
1118		1166
1119	switch (SSL_get_error(con, k)) {	1167	switch (SSL_get_error(con, k)) {
@@ -1122,7 +1170,21 @@ re_start:
1122	goto end;	1170	goto end;
1123	sbuf_off = 0;	1171	sbuf_off = 0;
1124	sbuf_len = k;	1172	sbuf_len = k;
1125		1173	if (peekaboo) {
		1174	if (k < p) {
		1175	ret = -1;
		1176	BIO_printf(bio_err,
		1177	"read less than peek!\n");
		1178	goto shut;
		1179	}
		1180	if (p > 0 && (memcmp(sbuf, pbuf, p) != 0)) {
		1181	ret = -1;
		1182	BIO_printf(bio_err,
		1183	"peek of %d different from read of %d!\n",
		1184	p, k);
		1185	goto shut;
		1186	}
		1187	}
1126	read_ssl = 0;	1188	read_ssl = 0;
1127	write_tty = 1;	1189	write_tty = 1;
1128	break;	1190	break;