1 files changed, 0 insertions, 285 deletions
diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c
deleted file mode 100644
index 31a960381e..0000000000
--- a/src/regress/lib/libssl/interop/client.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/*      $OpenBSD: client.c,v 1.11 2022/07/07 13:12:57 tb Exp $  */
-/*
- * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <err.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include "util.h"
-void __dead usage(void);
-void __dead
-usage(void)
-{
-        fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
-            "[-l ciphers] [-V version] host port\n");
-        exit(2);
-}
-int
-main(int argc, char *argv[])
-{
-        const SSL_METHOD *method;
-        SSL_CTX *ctx;
-        SSL *ssl;
-        BIO *bio;
-        SSL_SESSION *session = NULL;
-        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
-        int version = 0;
-        char buf[256];
-        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
-        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
-                switch (ch) {
-                case 'C':
-                        ca = optarg;
-                        break;
-                case 'c':
-                        crt = optarg;
-                        break;
-                case 'k':
-                        key = optarg;
-                        break;
-                case 'L':
-                        listciphers = 1;
-                        break;
-                case 'l':
-                        ciphers = optarg;
-                        break;
-                case 's':
-                        /* multiple reueses are possible */
-                        sessionreuse++;
-                        break;
-                case 'V':
-                        if (strcmp(optarg, "TLS1") == 0) {
-                                version = TLS1_VERSION;
-                        } else if (strcmp(optarg, "TLS1_1") == 0) {
-                                version = TLS1_1_VERSION;
-                        } else if (strcmp(optarg, "TLS1_2") == 0) {
-                                version = TLS1_2_VERSION;
-#ifdef TLS1_3_VERSION
-                        } else if (strcmp(optarg, "TLS1_3") == 0) {
-                                version = TLS1_3_VERSION;
-#endif
-                        } else {
-                                errx(1, "unknown protocol version: %s", optarg);
-                        }
-                        break;
-                case 'v':
-                        verify = 1;
-                        break;
-                default:
-                        usage();
-                }
-        }
-        argc -= optind;
-        argv += optind;
-        if (argc == 2) {
-                host = argv[0];
-                port = argv[1];
-        } else if (!listciphers) {
-                usage();
-        }
-        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
-            host, port) == -1)
-                err(1, "asprintf host port");
-        if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
-                errx(1, "certificate and private key must be used together");
-        SSL_library_init();
-        SSL_load_error_strings();
-        print_version();
-        /* setup method and context */
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        method = TLS_client_method();
-        if (method == NULL)
-                err_ssl(1, "TLS_client_method");
-#else
-        switch (version) {
-        case TLS1_VERSION:
-                method = TLSv1_client_method();
-                break;
-        case TLS1_1_VERSION:
-                method = TLSv1_1_client_method();
-                break;
-        case TLS1_2_VERSION:
-                method = TLSv1_2_client_method();
-                break;
-#ifdef TLS1_3_VERSION
-        case TLS1_3_VERSION:
-                err(1, "TLS1_3 not supported");
-#endif
-        default:
-                method = SSLv23_client_method();
-                break;
-        }
-        if (method == NULL)
-                err_ssl(1, "SSLv23_client_method");
-#endif
-        ctx = SSL_CTX_new(method);
-        if (ctx == NULL)
-                err_ssl(1, "SSL_CTX_new");
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        if (version) {
-                if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
-                        err_ssl(1, "SSL_CTX_set_min_proto_version");
-                if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
-                        err_ssl(1, "SSL_CTX_set_max_proto_version");
-        }
-#endif
-        /* load client certificate */
-        if (crt != NULL) {
-                if (SSL_CTX_use_certificate_file(ctx, crt,
-                    SSL_FILETYPE_PEM) <= 0)
-                        err_ssl(1, "SSL_CTX_use_certificate_file");
-                if (SSL_CTX_use_PrivateKey_file(ctx, key,
-                    SSL_FILETYPE_PEM) <= 0)
-                        err_ssl(1, "SSL_CTX_use_PrivateKey_file");
-                if (SSL_CTX_check_private_key(ctx) <= 0)
-                        err_ssl(1, "SSL_CTX_check_private_key");
-        }
-        /* verify server certificate */
-        if (ca != NULL) {
-                if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
-                        err_ssl(1, "SSL_CTX_load_verify_locations");
-        }
-        SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
-            verify_callback);
-        if (sessionreuse) {
-                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
-        }
-        if (ciphers) {
-                if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
-                        err_ssl(1, "SSL_CTX_set_cipher_list");
-        }
-        if (listciphers) {
-                STACK_OF(SSL_CIPHER) *supported_ciphers;
-#if OPENSSL_VERSION_NUMBER < 0x1010000f
-#define SSL_get1_supported_ciphers SSL_get_ciphers
-#endif
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                supported_ciphers = SSL_get1_supported_ciphers(ssl);
-                if (supported_ciphers == NULL)
-                        err_ssl(1, "SSL_get1_supported_ciphers");
-                print_ciphers(supported_ciphers);
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-                sk_SSL_CIPHER_free(supported_ciphers);
-#endif
-                return 0;
-        }
-        do {
-                /* setup bio for socket operations */
-                bio = BIO_new_connect(host_port);
-                if (bio == NULL)
-                        err_ssl(1, "BIO_new_connect");
-                /* connect */
-                if (BIO_do_connect(bio) <= 0)
-                        err_ssl(1, "BIO_do_connect");
-                printf("connect ");
-                print_sockname(bio);
-                printf("connect ");
-                print_peername(bio);
-                /* do ssl client handshake */
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                SSL_set_bio(ssl, bio, bio);
-                /* resuse session if possible */
-                if (session != NULL) {
-                        if (SSL_set_session(ssl, session) <= 0)
-                                err_ssl(1, "SSL_set_session");
-                }
-                if ((error = SSL_connect(ssl)) <= 0)
-                        err_ssl(1, "SSL_connect %d", error);
-                printf("session %d: %s\n", sessionreuse,
-                    SSL_session_reused(ssl) ? "reuse" : "new");
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* print session statistics */
-                if (sessionreuse) {
-                        session = SSL_get1_session(ssl);
-                        if (session == NULL)
-                                err_ssl(1, "SSL1_get_session");
-                } else {
-                        session = SSL_get_session(ssl);
-                        if (session == NULL)
-                                err_ssl(1, "SSL_get_session");
-                }
-                if (SSL_SESSION_print_fp(stdout, session) <= 0)
-                        err_ssl(1, "SSL_SESSION_print_fp");
-                /* read server greeting and write client hello over TLS */
-                if ((error = SSL_read(ssl, buf, 9)) <= 0)
-                        err_ssl(1, "SSL_read %d", error);
-                if (error != 9)
-                        errx(1, "read not 9 bytes greeting: %d", error);
-                buf[9] = '\0';
-                printf("<<< %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                strlcpy(buf, "hello\n", sizeof(buf));
-                printf(">>> %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                if ((error = SSL_write(ssl, buf, 6)) <= 0)
-                        err_ssl(1, "SSL_write %d", error);
-                if (error != 6)
-                        errx(1, "write not 6 bytes hello: %d", error);
-                /* shutdown connection */
-                if ((error = SSL_shutdown(ssl)) < 0)
-                        err_ssl(1, "SSL_shutdown unidirectional %d", error);
-                if (error <= 0) {
-                        if ((error = SSL_shutdown(ssl)) <= 0)
-                                err_ssl(1, "SSL_shutdown bidirectional %d",
-                                    error);
-                }
-                SSL_free(ssl);
-        } while (sessionreuse--);
-        SSL_CTX_free(ctx);
-        printf("success\n");
-        return 0;
-}

diff --git a/src/regress/lib/libssl/interop/client.c b/src/regress/lib/libssl/interop/client.c deleted file mode 100644 index 31a960381e..0000000000 --- a/src/regress/lib/libssl/interop/client.c +++ /dev/null
@@ -1,285 +0,0 @@
1	/* $OpenBSD: client.c,v 1.11 2022/07/07 13:12:57 tb Exp $ */
2	/*
3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <sys/types.h>
19	#include <sys/socket.h>
20
21	#include <err.h>
22	#include <netdb.h>
23	#include <stdio.h>
24	#include <string.h>
25	#include <unistd.h>
26
27	#include <openssl/err.h>
28	#include <openssl/ssl.h>
29
30	#include "util.h"
31
32	void __dead usage(void);
33
34	void __dead
35	usage(void)
36	{
37	fprintf(stderr, "usage: client [-Lsv] [-C CA] [-c crt -k key] "
38	"[-l ciphers] [-V version] host port\n");
39	exit(2);
40	}
41
42	int
43	main(int argc, char *argv[])
44	{
45	const SSL_METHOD *method;
46	SSL_CTX *ctx;
47	SSL *ssl;
48	BIO *bio;
49	SSL_SESSION *session = NULL;
50	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
51	int version = 0;
52	char buf[256];
53	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
54	char host_port, host = "127.0.0.1", *port = "0";
55
56	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sV:v")) != -1) {
57	switch (ch) {
58	case 'C':
59	ca = optarg;
60	break;
61	case 'c':
62	crt = optarg;
63	break;
64	case 'k':
65	key = optarg;
66	break;
67	case 'L':
68	listciphers = 1;
69	break;
70	case 'l':
71	ciphers = optarg;
72	break;
73	case 's':
74	/* multiple reueses are possible */
75	sessionreuse++;
76	break;
77	case 'V':
78	if (strcmp(optarg, "TLS1") == 0) {
79	version = TLS1_VERSION;
80	} else if (strcmp(optarg, "TLS1_1") == 0) {
81	version = TLS1_1_VERSION;
82	} else if (strcmp(optarg, "TLS1_2") == 0) {
83	version = TLS1_2_VERSION;
84	#ifdef TLS1_3_VERSION
85	} else if (strcmp(optarg, "TLS1_3") == 0) {
86	version = TLS1_3_VERSION;
87	#endif
88	} else {
89	errx(1, "unknown protocol version: %s", optarg);
90	}
91	break;
92	case 'v':
93	verify = 1;
94	break;
95	default:
96	usage();
97	}
98	}
99	argc -= optind;
100	argv += optind;
101	if (argc == 2) {
102	host = argv[0];
103	port = argv[1];
104	} else if (!listciphers) {
105	usage();
106	}
107	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
108	host, port) == -1)
109	err(1, "asprintf host port");
110	if ((crt == NULL && key != NULL) \|\| (crt != NULL && key == NULL))
111	errx(1, "certificate and private key must be used together");
112
113	SSL_library_init();
114	SSL_load_error_strings();
115	print_version();
116
117	/* setup method and context */
118	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
119	method = TLS_client_method();
120	if (method == NULL)
121	err_ssl(1, "TLS_client_method");
122	#else
123	switch (version) {
124	case TLS1_VERSION:
125	method = TLSv1_client_method();
126	break;
127	case TLS1_1_VERSION:
128	method = TLSv1_1_client_method();
129	break;
130	case TLS1_2_VERSION:
131	method = TLSv1_2_client_method();
132	break;
133	#ifdef TLS1_3_VERSION
134	case TLS1_3_VERSION:
135	err(1, "TLS1_3 not supported");
136	#endif
137	default:
138	method = SSLv23_client_method();
139	break;
140	}
141	if (method == NULL)
142	err_ssl(1, "SSLv23_client_method");
143	#endif
144	ctx = SSL_CTX_new(method);
145	if (ctx == NULL)
146	err_ssl(1, "SSL_CTX_new");
147
148	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
149	if (version) {
150	if (SSL_CTX_set_min_proto_version(ctx, version) != 1)
151	err_ssl(1, "SSL_CTX_set_min_proto_version");
152	if (SSL_CTX_set_max_proto_version(ctx, version) != 1)
153	err_ssl(1, "SSL_CTX_set_max_proto_version");
154	}
155	#endif
156
157	/* load client certificate */
158	if (crt != NULL) {
159	if (SSL_CTX_use_certificate_file(ctx, crt,
160	SSL_FILETYPE_PEM) <= 0)
161	err_ssl(1, "SSL_CTX_use_certificate_file");
162	if (SSL_CTX_use_PrivateKey_file(ctx, key,
163	SSL_FILETYPE_PEM) <= 0)
164	err_ssl(1, "SSL_CTX_use_PrivateKey_file");
165	if (SSL_CTX_check_private_key(ctx) <= 0)
166	err_ssl(1, "SSL_CTX_check_private_key");
167	}
168
169	/* verify server certificate */
170	if (ca != NULL) {
171	if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
172	err_ssl(1, "SSL_CTX_load_verify_locations");
173	}
174	SSL_CTX_set_verify(ctx, verify ? SSL_VERIFY_PEER : SSL_VERIFY_NONE,
175	verify_callback);
176
177	if (sessionreuse) {
178	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
179	}
180
181	if (ciphers) {
182	if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
183	err_ssl(1, "SSL_CTX_set_cipher_list");
184	}
185
186	if (listciphers) {
187	STACK_OF(SSL_CIPHER) *supported_ciphers;
188
189	#if OPENSSL_VERSION_NUMBER < 0x1010000f
190	#define SSL_get1_supported_ciphers SSL_get_ciphers
191	#endif
192	ssl = SSL_new(ctx);
193	if (ssl == NULL)
194	err_ssl(1, "SSL_new");
195	supported_ciphers = SSL_get1_supported_ciphers(ssl);
196	if (supported_ciphers == NULL)
197	err_ssl(1, "SSL_get1_supported_ciphers");
198	print_ciphers(supported_ciphers);
199
200	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
201	sk_SSL_CIPHER_free(supported_ciphers);
202	#endif
203	return 0;
204	}
205
206	do {
207	/* setup bio for socket operations */
208	bio = BIO_new_connect(host_port);
209	if (bio == NULL)
210	err_ssl(1, "BIO_new_connect");
211
212	/* connect */
213	if (BIO_do_connect(bio) <= 0)
214	err_ssl(1, "BIO_do_connect");
215	printf("connect ");
216	print_sockname(bio);
217	printf("connect ");
218	print_peername(bio);
219
220	/* do ssl client handshake */
221	ssl = SSL_new(ctx);
222	if (ssl == NULL)
223	err_ssl(1, "SSL_new");
224	SSL_set_bio(ssl, bio, bio);
225	/* resuse session if possible */
226	if (session != NULL) {
227	if (SSL_set_session(ssl, session) <= 0)
228	err_ssl(1, "SSL_set_session");
229	}
230	if ((error = SSL_connect(ssl)) <= 0)
231	err_ssl(1, "SSL_connect %d", error);
232	printf("session %d: %s\n", sessionreuse,
233	SSL_session_reused(ssl) ? "reuse" : "new");
234	if (fflush(stdout) != 0)
235	err(1, "fflush stdout");
236
237	/* print session statistics */
238	if (sessionreuse) {
239	session = SSL_get1_session(ssl);
240	if (session == NULL)
241	err_ssl(1, "SSL1_get_session");
242	} else {
243	session = SSL_get_session(ssl);
244	if (session == NULL)
245	err_ssl(1, "SSL_get_session");
246	}
247	if (SSL_SESSION_print_fp(stdout, session) <= 0)
248	err_ssl(1, "SSL_SESSION_print_fp");
249
250	/* read server greeting and write client hello over TLS */
251	if ((error = SSL_read(ssl, buf, 9)) <= 0)
252	err_ssl(1, "SSL_read %d", error);
253	if (error != 9)
254	errx(1, "read not 9 bytes greeting: %d", error);
255	buf[9] = '\0';
256	printf("<<< %s", buf);
257	if (fflush(stdout) != 0)
258	err(1, "fflush stdout");
259	strlcpy(buf, "hello\n", sizeof(buf));
260	printf(">>> %s", buf);
261	if (fflush(stdout) != 0)
262	err(1, "fflush stdout");
263	if ((error = SSL_write(ssl, buf, 6)) <= 0)
264	err_ssl(1, "SSL_write %d", error);
265	if (error != 6)
266	errx(1, "write not 6 bytes hello: %d", error);
267
268	/* shutdown connection */
269	if ((error = SSL_shutdown(ssl)) < 0)
270	err_ssl(1, "SSL_shutdown unidirectional %d", error);
271	if (error <= 0) {
272	if ((error = SSL_shutdown(ssl)) <= 0)
273	err_ssl(1, "SSL_shutdown bidirectional %d",
274	error);
275	}
276
277	SSL_free(ssl);
278	} while (sessionreuse--);
279
280	SSL_CTX_free(ctx);
281
282	printf("success\n");
283
284	return 0;
285	}