1 files changed, 88 insertions, 63 deletions
diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c
index 6c0c720dfe..f50f368bb1 100644
--- a/src/regress/lib/libssl/interop/server.c
+++ b/src/regress/lib/libssl/interop/server.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: server.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $        */
+/*      $OpenBSD: server.c,v 1.5 2018/11/10 08:33:45 bluhm Exp $        */
 /*
 * Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
 *
@@ -21,6 +21,7 @@
 #include <err.h>
 #include <netdb.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -35,7 +36,7 @@ void __dead
 usage(void)
 {
        fprintf(stderr,
-            "usage: server [-vv] [-C CA] [-c crt -k key] [host port]");
+            "usage: server [-svv] [-C CA] [-c crt -k key] [host port]");
        exit(2);
 }
@@ -45,14 +46,14 @@ main(int argc, char *argv[])
        const SSL_METHOD *method;
        SSL_CTX *ctx;
        SSL *ssl;
-        BIO *bio;
+        BIO *abio, *cbio;
        SSL_SESSION *session;
-        int error, verify = 0;
+        int error, sessionreuse = 0, verify = 0;
        char buf[256], ch;
        char *ca = NULL, *crt = NULL, *key = NULL;
        char *host_port, *host = "127.0.0.1", *port = "0";
-        while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) {
+        while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) {
                switch (ch) {
                case 'C':
                        ca = optarg;
@@ -63,6 +64,10 @@ main(int argc, char *argv[])
                case 'k':
                        key = optarg;
                        break;
+                case 's':
+                        /* multiple reueses are possible */
+                        sessionreuse++;
+                        break;
                case 'v':
                        /* use twice to force client cert */
                        verify++;
@@ -136,74 +141,94 @@ main(int argc, char *argv[])
            SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
            verify_callback);
-        /* setup ssl and bio for socket operations */
+        if (sessionreuse) {
-        ssl = SSL_new(ctx);
+                uint32_t context;
-        if (ssl == NULL)
-                err_ssl(1, "SSL_new");
+                SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
-        bio = BIO_new_accept(host_port);
+                context = arc4random();
-        if (bio == NULL)
+                if (SSL_CTX_set_session_id_context(ctx,
+                    (unsigned char *)&context, sizeof(context)) <= 0)
+                        err_ssl(1, "SSL_CTX_set_session_id_context");
+        }
+        /* setup bio for socket operations */
+        abio = BIO_new_accept(host_port);
+        if (abio == NULL)
                err_ssl(1, "BIO_new_accept");
-        print_ciphers(SSL_get_ciphers(ssl));
        /* bind, listen */
-        if (BIO_do_accept(bio) <= 0)
+        if (BIO_do_accept(abio) <= 0)
                err_ssl(1, "BIO_do_accept setup");
        printf("listen ");
-        print_sockname(bio);
+        print_sockname(abio);
-        /* fork to background, set timeout, and accept */
+        /* fork to background and set timeout */
        if (daemon(1, 1) == -1)
                err(1, "daemon");
-        if ((int)alarm(60) == -1)
+        if ((int)alarm(10) == -1)
                err(1, "alarm");
-        if (BIO_do_accept(bio) <= 0)
-                err_ssl(1, "BIO_do_accept wait");
-        bio = BIO_pop(bio);
-        printf("accept ");
-        print_sockname(bio);
-        printf("accept ");
-        print_peername(bio);
-        /* do ssl server handshake */
-        SSL_set_bio(ssl, bio, bio);
-        if ((error = SSL_accept(ssl)) <= 0)
-                err_ssl(1, "SSL_accept %d", error);
-        /* print session statistics */
-        session = SSL_get_session(ssl);
-        if (session == NULL)
-                err_ssl(1, "SSL_get_session");
-        if (SSL_SESSION_print_fp(stdout, session) <= 0)
-                err_ssl(1, "SSL_SESSION_print_fp");
-        /* write server greeting and read client hello over TLS connection */
-        strlcpy(buf, "greeting\n", sizeof(buf));
-        printf(">>> %s", buf);
-        if (fflush(stdout) != 0)
-                err(1, "fflush stdout");
-        if ((error = SSL_write(ssl, buf, 9)) <= 0)
-                err_ssl(1, "SSL_write %d", error);
-        if (error != 9)
-                errx(1, "write not 9 bytes greeting: %d", error);
-        if ((error = SSL_read(ssl, buf, 6)) <= 0)
-                err_ssl(1, "SSL_read %d", error);
-        if (error != 6)
-                errx(1, "read not 6 bytes hello: %d", error);
-        buf[6] = '\0';
-        printf("<<< %s", buf);
-        if (fflush(stdout) != 0)
-                err(1, "fflush stdout");
-        /* shutdown connection */
-        if ((error = SSL_shutdown(ssl)) < 0)
-                err_ssl(1, "SSL_shutdown unidirectional %d", error);
-        if (error <= 0) {
-                if ((error = SSL_shutdown(ssl)) <= 0)
-                        err_ssl(1, "SSL_shutdown bidirectional %d", error);
-        }
-        /* cleanup and free resources */
+        do {
-        SSL_free(ssl);
+                /* accept connection */
+                if (BIO_do_accept(abio) <= 0)
+                        err_ssl(1, "BIO_do_accept wait");
+                cbio = BIO_pop(abio);
+                printf("accept ");
+                print_sockname(cbio);
+                printf("accept ");
+                print_peername(cbio);
+                /* do ssl server handshake */
+                ssl = SSL_new(ctx);
+                if (ssl == NULL)
+                        err_ssl(1, "SSL_new");
+                print_ciphers(SSL_get_ciphers(ssl));
+                SSL_set_bio(ssl, cbio, cbio);
+                if ((error = SSL_accept(ssl)) <= 0)
+                        err_ssl(1, "SSL_accept %d", error);
+                printf("session %d: %s\n", sessionreuse,
+                    SSL_session_reused(ssl) ? "reuse" : "new");
+                if (fflush(stdout) != 0)
+                        err(1, "fflush stdout");
+                /* print session statistics */
+                session = SSL_get_session(ssl);
+                if (session == NULL)
+                        err_ssl(1, "SSL_get_session");
+                if (SSL_SESSION_print_fp(stdout, session) <= 0)
+                        err_ssl(1, "SSL_SESSION_print_fp");
+                /* write server greeting and read client hello over TLS */
+                strlcpy(buf, "greeting\n", sizeof(buf));
+                printf(">>> %s", buf);
+                if (fflush(stdout) != 0)
+                        err(1, "fflush stdout");
+                if ((error = SSL_write(ssl, buf, 9)) <= 0)
+                        err_ssl(1, "SSL_write %d", error);
+                if (error != 9)
+                        errx(1, "write not 9 bytes greeting: %d", error);
+                if ((error = SSL_read(ssl, buf, 6)) <= 0)
+                        err_ssl(1, "SSL_read %d", error);
+                if (error != 6)
+                        errx(1, "read not 6 bytes hello: %d", error);
+                buf[6] = '\0';
+                printf("<<< %s", buf);
+                if (fflush(stdout) != 0)
+                        err(1, "fflush stdout");
+                /* shutdown connection */
+                if ((error = SSL_shutdown(ssl)) < 0)
+                        err_ssl(1, "SSL_shutdown unidirectional %d", error);
+                if (error <= 0) {
+                        if ((error = SSL_shutdown(ssl)) <= 0)
+                                err_ssl(1, "SSL_shutdown bidirectional %d",
+                                    error);
+                }
+                SSL_free(ssl);
+        } while (sessionreuse--);
        SSL_CTX_free(ctx);
        printf("success\n");

diff --git a/src/regress/lib/libssl/interop/server.c b/src/regress/lib/libssl/interop/server.c index 6c0c720dfe..f50f368bb1 100644 --- a/src/regress/lib/libssl/interop/server.c +++ b/src/regress/lib/libssl/interop/server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: server.c,v 1.4 2018/11/09 06:30:41 bluhm Exp $ */	1	/* $OpenBSD: server.c,v 1.5 2018/11/10 08:33:45 bluhm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>	3	* Copyright (c) 2018 Alexander Bluhm <bluhm@openbsd.org>
4	*	4	*
@@ -21,6 +21,7 @@
21	#include <err.h>	21	#include <err.h>
22	#include <netdb.h>	22	#include <netdb.h>
23	#include <stdio.h>	23	#include <stdio.h>
		24	#include <stdlib.h>
24	#include <string.h>	25	#include <string.h>
25	#include <unistd.h>	26	#include <unistd.h>
26		27
@@ -35,7 +36,7 @@ void __dead
35	usage(void)	36	usage(void)
36	{	37	{
37	fprintf(stderr,	38	fprintf(stderr,
38	"usage: server [-vv] [-C CA] [-c crt -k key] [host port]");	39	"usage: server [-svv] [-C CA] [-c crt -k key] [host port]");
39	exit(2);	40	exit(2);
40	}	41	}
41		42
@@ -45,14 +46,14 @@ main(int argc, char *argv[])
45	const SSL_METHOD *method;	46	const SSL_METHOD *method;
46	SSL_CTX *ctx;	47	SSL_CTX *ctx;
47	SSL *ssl;	48	SSL *ssl;
48	BIO *bio;	49	BIO abio, cbio;
49	SSL_SESSION *session;	50	SSL_SESSION *session;
50	int error, verify = 0;	51	int error, sessionreuse = 0, verify = 0;
51	char buf[256], ch;	52	char buf[256], ch;
52	char ca = NULL, crt = NULL, *key = NULL;	53	char ca = NULL, crt = NULL, *key = NULL;
53	char host_port, host = "127.0.0.1", *port = "0";	54	char host_port, host = "127.0.0.1", *port = "0";
54		55
55	while ((ch = getopt(argc, argv, "C:c:k:v")) != -1) {	56	while ((ch = getopt(argc, argv, "C:c:k:sv")) != -1) {
56	switch (ch) {	57	switch (ch) {
57	case 'C':	58	case 'C':
58	ca = optarg;	59	ca = optarg;
@@ -63,6 +64,10 @@ main(int argc, char *argv[])
63	case 'k':	64	case 'k':
64	key = optarg;	65	key = optarg;
65	break;	66	break;
		67	case 's':
		68	/* multiple reueses are possible */
		69	sessionreuse++;
		70	break;
66	case 'v':	71	case 'v':
67	/* use twice to force client cert */	72	/* use twice to force client cert */
68	verify++;	73	verify++;
@@ -136,74 +141,94 @@ main(int argc, char *argv[])
136	SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,	141	SSL_VERIFY_PEER \| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
137	verify_callback);	142	verify_callback);
138		143
139	/* setup ssl and bio for socket operations */	144	if (sessionreuse) {
140	ssl = SSL_new(ctx);	145	uint32_t context;
141	if (ssl == NULL)	146
142	err_ssl(1, "SSL_new");	147	SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
143	bio = BIO_new_accept(host_port);	148	context = arc4random();
144	if (bio == NULL)	149	if (SSL_CTX_set_session_id_context(ctx,
		150	(unsigned char *)&context, sizeof(context)) <= 0)
		151	err_ssl(1, "SSL_CTX_set_session_id_context");
		152	}
		153
		154	/* setup bio for socket operations */
		155	abio = BIO_new_accept(host_port);
		156	if (abio == NULL)
145	err_ssl(1, "BIO_new_accept");	157	err_ssl(1, "BIO_new_accept");
146	print_ciphers(SSL_get_ciphers(ssl));
147		158
148	/* bind, listen */	159	/* bind, listen */
149	if (BIO_do_accept(bio) <= 0)	160	if (BIO_do_accept(abio) <= 0)
150	err_ssl(1, "BIO_do_accept setup");	161	err_ssl(1, "BIO_do_accept setup");
151	printf("listen ");	162	printf("listen ");
152	print_sockname(bio);	163	print_sockname(abio);
153		164
154	/* fork to background, set timeout, and accept */	165	/* fork to background and set timeout */
155	if (daemon(1, 1) == -1)	166	if (daemon(1, 1) == -1)
156	err(1, "daemon");	167	err(1, "daemon");
157	if ((int)alarm(60) == -1)	168	if ((int)alarm(10) == -1)
158	err(1, "alarm");	169	err(1, "alarm");
159	if (BIO_do_accept(bio) <= 0)
160	err_ssl(1, "BIO_do_accept wait");
161	bio = BIO_pop(bio);
162	printf("accept ");
163	print_sockname(bio);
164	printf("accept ");
165	print_peername(bio);
166
167	/* do ssl server handshake */
168	SSL_set_bio(ssl, bio, bio);
169	if ((error = SSL_accept(ssl)) <= 0)
170	err_ssl(1, "SSL_accept %d", error);
171
172	/* print session statistics */
173	session = SSL_get_session(ssl);
174	if (session == NULL)
175	err_ssl(1, "SSL_get_session");
176	if (SSL_SESSION_print_fp(stdout, session) <= 0)
177	err_ssl(1, "SSL_SESSION_print_fp");
178
179	/* write server greeting and read client hello over TLS connection */
180	strlcpy(buf, "greeting\n", sizeof(buf));
181	printf(">>> %s", buf);
182	if (fflush(stdout) != 0)
183	err(1, "fflush stdout");
184	if ((error = SSL_write(ssl, buf, 9)) <= 0)
185	err_ssl(1, "SSL_write %d", error);
186	if (error != 9)
187	errx(1, "write not 9 bytes greeting: %d", error);
188	if ((error = SSL_read(ssl, buf, 6)) <= 0)
189	err_ssl(1, "SSL_read %d", error);
190	if (error != 6)
191	errx(1, "read not 6 bytes hello: %d", error);
192	buf[6] = '\0';
193	printf("<<< %s", buf);
194	if (fflush(stdout) != 0)
195	err(1, "fflush stdout");
196
197	/* shutdown connection */
198	if ((error = SSL_shutdown(ssl)) < 0)
199	err_ssl(1, "SSL_shutdown unidirectional %d", error);
200	if (error <= 0) {
201	if ((error = SSL_shutdown(ssl)) <= 0)
202	err_ssl(1, "SSL_shutdown bidirectional %d", error);
203	}
204		170
205	/* cleanup and free resources */	171	do {
206	SSL_free(ssl);	172	/* accept connection */
		173	if (BIO_do_accept(abio) <= 0)
		174	err_ssl(1, "BIO_do_accept wait");
		175	cbio = BIO_pop(abio);
		176	printf("accept ");
		177	print_sockname(cbio);
		178	printf("accept ");
		179	print_peername(cbio);
		180
		181	/* do ssl server handshake */
		182	ssl = SSL_new(ctx);
		183	if (ssl == NULL)
		184	err_ssl(1, "SSL_new");
		185	print_ciphers(SSL_get_ciphers(ssl));
		186	SSL_set_bio(ssl, cbio, cbio);
		187	if ((error = SSL_accept(ssl)) <= 0)
		188	err_ssl(1, "SSL_accept %d", error);
		189	printf("session %d: %s\n", sessionreuse,
		190	SSL_session_reused(ssl) ? "reuse" : "new");
		191	if (fflush(stdout) != 0)
		192	err(1, "fflush stdout");
		193
		194
		195	/* print session statistics */
		196	session = SSL_get_session(ssl);
		197	if (session == NULL)
		198	err_ssl(1, "SSL_get_session");
		199	if (SSL_SESSION_print_fp(stdout, session) <= 0)
		200	err_ssl(1, "SSL_SESSION_print_fp");
		201
		202	/* write server greeting and read client hello over TLS */
		203	strlcpy(buf, "greeting\n", sizeof(buf));
		204	printf(">>> %s", buf);
		205	if (fflush(stdout) != 0)
		206	err(1, "fflush stdout");
		207	if ((error = SSL_write(ssl, buf, 9)) <= 0)
		208	err_ssl(1, "SSL_write %d", error);
		209	if (error != 9)
		210	errx(1, "write not 9 bytes greeting: %d", error);
		211	if ((error = SSL_read(ssl, buf, 6)) <= 0)
		212	err_ssl(1, "SSL_read %d", error);
		213	if (error != 6)
		214	errx(1, "read not 6 bytes hello: %d", error);
		215	buf[6] = '\0';
		216	printf("<<< %s", buf);
		217	if (fflush(stdout) != 0)
		218	err(1, "fflush stdout");
		219
		220	/* shutdown connection */
		221	if ((error = SSL_shutdown(ssl)) < 0)
		222	err_ssl(1, "SSL_shutdown unidirectional %d", error);
		223	if (error <= 0) {
		224	if ((error = SSL_shutdown(ssl)) <= 0)
		225	err_ssl(1, "SSL_shutdown bidirectional %d",
		226	error);
		227	}
		228
		229	SSL_free(ssl);
		230	} while (sessionreuse--);
		231
207	SSL_CTX_free(ctx);	232	SSL_CTX_free(ctx);
208		233
209	printf("success\n");	234	printf("success\n");