1 files changed, 0 insertions, 279 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
deleted file mode 100644
index 6723817498..0000000000
--- a/src/regress/lib/libssl/interop/server.c
+++ /dev/null
@@ -1,279 +0,0 @@
-/*      $OpenBSD: server.c,v 1.8 2019/03/21 17:52:26 bluhm Exp $        */
-/*
- * Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <err.h>
-#include <netdb.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include "util.h"
-void __dead usage(void);
-void __dead
-usage(void)
-{
-        fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
-            "[-l ciphers] [-p dhparam] [host port]\n");
-        exit(2);
-}
-int
-main(int argc, char *argv[])
-{
-        const SSL_METHOD *method;
-        SSL_CTX *ctx;
-        SSL *ssl;
-        BIO *abio, *cbio;
-        SSL_SESSION *session;
-        int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
-        char buf[256], *dhparam = NULL;
-        char *ca = NULL, *crt = NULL, *key = NULL, *ciphers = NULL;
-        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sv")) != -1) {
-                switch (ch) {
-                case 'C':
-                        ca = optarg;
-                        break;
-                case 'c':
-                        crt = optarg;
-                        break;
-                case 'k':
-                        key = optarg;
-                        break;
-                case 'L':
-                        listciphers = 1;
-                        break;
-                case 'l':
-                        ciphers = optarg;
-                        break;
-                case 'p':
-                        dhparam = optarg;
-                        break;
-                case 's':
-                        /* multiple reueses are possible */
-                        sessionreuse++;
-                        break;
-                case 'v':
-                        /* use twice to force client cert */
-                        verify++;
-                        break;
-                default:
-                        usage();
-                }
-        }
-        argc -= optind;
-        argv += optind;
-        if (argc == 2) {
-                host = argv[0];
-                port = argv[1];
-        } else if (argc != 0 && !listciphers) {
-                usage();
-        }
-        if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
-            host, port) == -1)
-                err(1, "asprintf host port");
-        if ((crt == NULL && key != NULL) || (crt != NULL && key == NULL))
-                errx(1, "certificate and private key must be used together");
-        if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
-                err(1, "asprintf crt");
-        if (key == NULL && asprintf(&key, "%s.key", host) == -1)
-                err(1, "asprintf key");
-        SSL_library_init();
-        SSL_load_error_strings();
-        print_version();
-        /* setup method and context */
-#if OPENSSL_VERSION_NUMBER >= 0x1010000f
-        method = TLS_server_method();
-        if (method == NULL)
-                err_ssl(1, "TLS_server_method");
-#else
-        method = SSLv23_server_method();
-        if (method == NULL)
-                err_ssl(1, "SSLv23_server_method");
-#endif
-        ctx = SSL_CTX_new(method);
-        if (ctx == NULL)
-                err_ssl(1, "SSL_CTX_new");
-#if OPENSSL_VERSION_NUMBER >= 0x10100000
-        /* needed to use DHE cipher with libressl */
-        if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
-                err_ssl(1, "SSL_CTX_set_dh_auto");
-#endif
-        /* needed to use ADH, EDH, DHE cipher with openssl */
-        if (dhparam != NULL) {
-                DH *dh;
-                FILE *file;
-                file = fopen(dhparam, "r");
-                if (file == NULL)
-                        err(1, "fopen %s", dhparam);
-                dh = PEM_read_DHparams(file, NULL, NULL, NULL);
-                if (dh == NULL)
-                        err_ssl(1, "PEM_read_DHparams");
-                if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
-                        err_ssl(1, "SSL_CTX_set_tmp_dh");
-                fclose(file);
-        }
-        /* needed when linking with OpenSSL 1.0.2p */
-        if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
-                err_ssl(1, "SSL_CTX_set_ecdh_auto");
-        /* load server certificate */
-        if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
-                err_ssl(1, "SSL_CTX_use_certificate_file");
-        if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
-                err_ssl(1, "SSL_CTX_use_PrivateKey_file");
-        if (SSL_CTX_check_private_key(ctx) <= 0)
-                err_ssl(1, "SSL_CTX_check_private_key");
-        /* request client certificate and verify it */
-        if (ca != NULL) {
-                STACK_OF(X509_NAME) *x509stack;
-                x509stack = SSL_load_client_CA_file(ca);
-                if (x509stack == NULL)
-                        err_ssl(1, "SSL_load_client_CA_file");
-                SSL_CTX_set_client_CA_list(ctx, x509stack);
-                if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
-                        err_ssl(1, "SSL_CTX_load_verify_locations");
-        }
-        SSL_CTX_set_verify(ctx,
-            verify == 0 ?  SSL_VERIFY_NONE :
-            verify == 1 ?  SSL_VERIFY_PEER :
-            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-            verify_callback);
-        if (sessionreuse) {
-                uint32_t context;
-                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
-                context = arc4random();
-                if (SSL_CTX_set_session_id_context(ctx,
-                    (unsigned char *)&context, sizeof(context)) <= 0)
-                        err_ssl(1, "SSL_CTX_set_session_id_context");
-        }
-        if (ciphers) {
-                if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
-                        err_ssl(1, "SSL_CTX_set_cipher_list");
-        }
-        if (listciphers) {
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                print_ciphers(SSL_get_ciphers(ssl));
-                return 0;
-        }
-        /* setup bio for socket operations */
-        abio = BIO_new_accept(host_port);
-        if (abio == NULL)
-                err_ssl(1, "BIO_new_accept");
-        /* bind, listen */
-        if (BIO_do_accept(abio) <= 0)
-                err_ssl(1, "BIO_do_accept setup");
-        printf("listen ");
-        print_sockname(abio);
-        /* fork to background and set timeout */
-        if (daemon(1, 1) == -1)
-                err(1, "daemon");
-        if ((int)alarm(10) == -1)
-                err(1, "alarm");
-        do {
-                /* accept connection */
-                if (BIO_do_accept(abio) <= 0)
-                        err_ssl(1, "BIO_do_accept wait");
-                cbio = BIO_pop(abio);
-                printf("accept ");
-                print_sockname(cbio);
-                printf("accept ");
-                print_peername(cbio);
-                /* do ssl server handshake */
-                ssl = SSL_new(ctx);
-                if (ssl == NULL)
-                        err_ssl(1, "SSL_new");
-                SSL_set_bio(ssl, cbio, cbio);
-                if ((error = SSL_accept(ssl)) <= 0)
-                        err_ssl(1, "SSL_accept %d", error);
-                printf("session %d: %s\n", sessionreuse,
-                    SSL_session_reused(ssl) ? "reuse" : "new");
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* print session statistics */
-                session = SSL_get_session(ssl);
-                if (session == NULL)
-                        err_ssl(1, "SSL_get_session");
-                if (SSL_SESSION_print_fp(stdout, session) <= 0)
-                        err_ssl(1, "SSL_SESSION_print_fp");
-                /* write server greeting and read client hello over TLS */
-                strlcpy(buf, "greeting\n", sizeof(buf));
-                printf(">>> %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                if ((error = SSL_write(ssl, buf, 9)) <= 0)
-                        err_ssl(1, "SSL_write %d", error);
-                if (error != 9)
-                        errx(1, "write not 9 bytes greeting: %d", error);
-                if ((error = SSL_read(ssl, buf, 6)) <= 0)
-                        err_ssl(1, "SSL_read %d", error);
-                if (error != 6)
-                        errx(1, "read not 6 bytes hello: %d", error);
-                buf[6] = '\0';
-                printf("<<< %s", buf);
-                if (fflush(stdout) != 0)
-                        err(1, "fflush stdout");
-                /* shutdown connection */
-                if ((error = SSL_shutdown(ssl)) < 0)
-                        err_ssl(1, "SSL_shutdown unidirectional %d", error);
-                if (error <= 0) {
-                        if ((error = SSL_shutdown(ssl)) <= 0)
-                                err_ssl(1, "SSL_shutdown bidirectional %d",
-                                    error);
-                }
-                SSL_free(ssl);
-        } while (sessionreuse--);
-        SSL_CTX_free(ctx);
-        printf("success\n");
-        return 0;
-}

diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c deleted file mode 100644 index 6723817498..0000000000 --- a/src/regress/lib/libssl/interop/server.c +++ /dev/null
@@ -1,279 +0,0 @@
1	/* $OpenBSD: server.c,v 1.8 2019/03/21 17:52:26 bluhm Exp $ */
2	/*
3	* Copyright (c) 2018-2019 Alexander Bluhm <bluhm@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <sys/types.h>
19	#include <sys/socket.h>
20
21	#include <err.h>
22	#include <netdb.h>
23	#include <stdio.h>
24	#include <stdlib.h>
25	#include <string.h>
26	#include <unistd.h>
27
28	#include <openssl/err.h>
29	#include <openssl/ssl.h>
30
31	#include "util.h"
32
33	void __dead usage(void);
34
35	void __dead
36	usage(void)
37	{
38	fprintf(stderr, "usage: server [-Lsvv] [-C CA] [-c crt -k key] "
39	"[-l ciphers] [-p dhparam] [host port]\n");
40	exit(2);
41	}
42
43	int
44	main(int argc, char *argv[])
45	{
46	const SSL_METHOD *method;
47	SSL_CTX *ctx;
48	SSL *ssl;
49	BIO abio, cbio;
50	SSL_SESSION *session;
51	int ch, error, listciphers = 0, sessionreuse = 0, verify = 0;
52	char buf[256], *dhparam = NULL;
53	char ca = NULL, crt = NULL, key = NULL, ciphers = NULL;
54	char host_port, host = "127.0.0.1", *port = "0";
55
56	while ((ch = getopt(argc, argv, "C:c:k:Ll:p:sv")) != -1) {
57	switch (ch) {
58	case 'C':
59	ca = optarg;
60	break;
61	case 'c':
62	crt = optarg;
63	break;
64	case 'k':
65	key = optarg;
66	break;
67	case 'L':
68	listciphers = 1;
69	break;
70	case 'l':
71	ciphers = optarg;
72	break;
73	case 'p':
74	dhparam = optarg;
75	break;
76	case 's':
77	/* multiple reueses are possible */
78	sessionreuse++;
79	break;
80	case 'v':
81	/* use twice to force client cert */
82	verify++;
83	break;
84	default:
85	usage();
86	}
87	}
88	argc -= optind;
89	argv += optind;
90	if (argc == 2) {
91	host = argv[0];
92	port = argv[1];
93	} else if (argc != 0 && !listciphers) {
94	usage();
95	}
96	if (asprintf(&host_port, strchr(host, ':') ? "[%s]:%s" : "%s:%s",
97	host, port) == -1)
98	err(1, "asprintf host port");
99	if ((crt == NULL && key != NULL) \|\| (crt != NULL && key == NULL))
100	errx(1, "certificate and private key must be used together");
101	if (crt == NULL && asprintf(&crt, "%s.crt", host) == -1)
102	err(1, "asprintf crt");
103	if (key == NULL && asprintf(&key, "%s.key", host) == -1)
104	err(1, "asprintf key");
105
106	SSL_library_init();
107	SSL_load_error_strings();
108	print_version();
109
110	/* setup method and context */
111	#if OPENSSL_VERSION_NUMBER >= 0x1010000f
112	method = TLS_server_method();
113	if (method == NULL)
114	err_ssl(1, "TLS_server_method");
115	#else
116	method = SSLv23_server_method();
117	if (method == NULL)
118	err_ssl(1, "SSLv23_server_method");
119	#endif
120	ctx = SSL_CTX_new(method);
121	if (ctx == NULL)
122	err_ssl(1, "SSL_CTX_new");
123
124	#if OPENSSL_VERSION_NUMBER >= 0x10100000
125	/* needed to use DHE cipher with libressl */
126	if (SSL_CTX_set_dh_auto(ctx, 1) <= 0)
127	err_ssl(1, "SSL_CTX_set_dh_auto");
128	#endif
129	/* needed to use ADH, EDH, DHE cipher with openssl */
130	if (dhparam != NULL) {
131	DH *dh;
132	FILE *file;
133
134	file = fopen(dhparam, "r");
135	if (file == NULL)
136	err(1, "fopen %s", dhparam);
137	dh = PEM_read_DHparams(file, NULL, NULL, NULL);
138	if (dh == NULL)
139	err_ssl(1, "PEM_read_DHparams");
140	if (SSL_CTX_set_tmp_dh(ctx, dh) <= 0)
141	err_ssl(1, "SSL_CTX_set_tmp_dh");
142	fclose(file);
143	}
144
145	/* needed when linking with OpenSSL 1.0.2p */
146	if (SSL_CTX_set_ecdh_auto(ctx, 1) <= 0)
147	err_ssl(1, "SSL_CTX_set_ecdh_auto");
148
149	/* load server certificate */
150	if (SSL_CTX_use_certificate_file(ctx, crt, SSL_FILETYPE_PEM) <= 0)
151	err_ssl(1, "SSL_CTX_use_certificate_file");
152	if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0)
153	err_ssl(1, "SSL_CTX_use_PrivateKey_file");
154	if (SSL_CTX_check_private_key(ctx) <= 0)
155	err_ssl(1, "SSL_CTX_check_private_key");
156
157	/* request client certificate and verify it */
158	if (ca != NULL) {
159	STACK_OF(X509_NAME) *x509stack;
160
161	x509stack = SSL_load_client_CA_file(ca);
162	if (x509stack == NULL)
163	err_ssl(1, "SSL_load_client_CA_file");
164	SSL_CTX_set_client_CA_list(ctx, x509stack);
165	if (SSL_CTX_load_verify_locations(ctx, ca, NULL) <= 0)
166	err_ssl(1, "SSL_CTX_load_verify_locations");
167	}
168	SSL_CTX_set_verify(ctx,
169	verify == 0 ? SSL_VERIFY_NONE :
170	verify == 1 ? SSL_VERIFY_PEER :
171	SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
172	verify_callback);
173
174	if (sessionreuse) {
175	uint32_t context;
176
177	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
178	context = arc4random();
179	if (SSL_CTX_set_session_id_context(ctx,
180	(unsigned char *)&context, sizeof(context)) <= 0)
181	err_ssl(1, "SSL_CTX_set_session_id_context");
182	}
183
184	if (ciphers) {
185	if (SSL_CTX_set_cipher_list(ctx, ciphers) <= 0)
186	err_ssl(1, "SSL_CTX_set_cipher_list");
187	}
188
189	if (listciphers) {
190	ssl = SSL_new(ctx);
191	if (ssl == NULL)
192	err_ssl(1, "SSL_new");
193	print_ciphers(SSL_get_ciphers(ssl));
194	return 0;
195	}
196
197	/* setup bio for socket operations */
198	abio = BIO_new_accept(host_port);
199	if (abio == NULL)
200	err_ssl(1, "BIO_new_accept");
201
202	/* bind, listen */
203	if (BIO_do_accept(abio) <= 0)
204	err_ssl(1, "BIO_do_accept setup");
205	printf("listen ");
206	print_sockname(abio);
207
208	/* fork to background and set timeout */
209	if (daemon(1, 1) == -1)
210	err(1, "daemon");
211	if ((int)alarm(10) == -1)
212	err(1, "alarm");
213
214	do {
215	/* accept connection */
216	if (BIO_do_accept(abio) <= 0)
217	err_ssl(1, "BIO_do_accept wait");
218	cbio = BIO_pop(abio);
219	printf("accept ");
220	print_sockname(cbio);
221	printf("accept ");
222	print_peername(cbio);
223
224	/* do ssl server handshake */
225	ssl = SSL_new(ctx);
226	if (ssl == NULL)
227	err_ssl(1, "SSL_new");
228	SSL_set_bio(ssl, cbio, cbio);
229	if ((error = SSL_accept(ssl)) <= 0)
230	err_ssl(1, "SSL_accept %d", error);
231	printf("session %d: %s\n", sessionreuse,
232	SSL_session_reused(ssl) ? "reuse" : "new");
233	if (fflush(stdout) != 0)
234	err(1, "fflush stdout");
235
236
237	/* print session statistics */
238	session = SSL_get_session(ssl);
239	if (session == NULL)
240	err_ssl(1, "SSL_get_session");
241	if (SSL_SESSION_print_fp(stdout, session) <= 0)
242	err_ssl(1, "SSL_SESSION_print_fp");
243
244	/* write server greeting and read client hello over TLS */
245	strlcpy(buf, "greeting\n", sizeof(buf));
246	printf(">>> %s", buf);
247	if (fflush(stdout) != 0)
248	err(1, "fflush stdout");
249	if ((error = SSL_write(ssl, buf, 9)) <= 0)
250	err_ssl(1, "SSL_write %d", error);
251	if (error != 9)
252	errx(1, "write not 9 bytes greeting: %d", error);
253	if ((error = SSL_read(ssl, buf, 6)) <= 0)
254	err_ssl(1, "SSL_read %d", error);
255	if (error != 6)
256	errx(1, "read not 6 bytes hello: %d", error);
257	buf[6] = '\0';
258	printf("<<< %s", buf);
259	if (fflush(stdout) != 0)
260	err(1, "fflush stdout");
261
262	/* shutdown connection */
263	if ((error = SSL_shutdown(ssl)) < 0)
264	err_ssl(1, "SSL_shutdown unidirectional %d", error);
265	if (error <= 0) {
266	if ((error = SSL_shutdown(ssl)) <= 0)
267	err_ssl(1, "SSL_shutdown bidirectional %d",
268	error);
269	}
270
271	SSL_free(ssl);
272	} while (sessionreuse--);
273
274	SSL_CTX_free(ctx);
275
276	printf("success\n");
277
278	return 0;
279	}