From 09f0e9b21348ea5dac5102d84e10045c88358c5c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 5 Mar 2017 14:15:53 +0000 Subject: Add an initial regress test that covers the server-side of libssl, by providing SSL_accept() with fixed ClientHello messages. --- src/regress/lib/libssl/Makefile | 3 +- src/regress/lib/libssl/server/Makefile | 18 +++ src/regress/lib/libssl/server/servertest.c | 200 +++++++++++++++++++++++++++++ 3 files changed, 220 insertions(+), 1 deletion(-) create mode 100644 src/regress/lib/libssl/server/Makefile create mode 100644 src/regress/lib/libssl/server/servertest.c diff --git a/src/regress/lib/libssl/Makefile b/src/regress/lib/libssl/Makefile index 85e50ecb04..d6ee2f160a 100644 --- a/src/regress/lib/libssl/Makefile +++ b/src/regress/lib/libssl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.24 2016/11/04 19:45:12 jsing Exp $ +# $OpenBSD: Makefile,v 1.25 2017/03/05 14:15:53 jsing Exp $ SUBDIR= \ asn1 \ @@ -6,6 +6,7 @@ SUBDIR= \ ciphers \ client \ pqueue \ + server \ ssl \ unit diff --git a/src/regress/lib/libssl/server/Makefile b/src/regress/lib/libssl/server/Makefile new file mode 100644 index 0000000000..705190d076 --- /dev/null +++ b/src/regress/lib/libssl/server/Makefile @@ -0,0 +1,18 @@ +# $OpenBSD: Makefile,v 1.1 2017/03/05 14:15:53 jsing Exp $ + +PROG= servertest +LDADD= -lssl -lcrypto +DPADD= ${LIBSSL} ${LIBCRYPTO} +WARNINGS= Yes +CFLAGS+= -DLIBRESSL_INTERNAL -Werror + +REGRESS_TARGETS= \ + regress-servertest + +regress-servertest: ${PROG} + ./servertest \ + ${.CURDIR}/../../libssl/certs/server.pem \ + ${.CURDIR}/../../libssl/certs/server.pem \ + ${.CURDIR}/../../libssl/certs/ca.pem + +.include diff --git a/src/regress/lib/libssl/server/servertest.c b/src/regress/lib/libssl/server/servertest.c new file mode 100644 index 0000000000..32578599e5 --- /dev/null +++ b/src/regress/lib/libssl/server/servertest.c @@ -0,0 +1,200 @@ +/* $OpenBSD: servertest.c,v 1.1 2017/03/05 14:15:53 jsing Exp $ */ +/* + * Copyright (c) 2015, 2016, 2017 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +#include +#include +#include + +char *server_ca_file; +char *server_cert_file; +char *server_key_file; + +static unsigned char sslv2_client_hello_tls10[] = { + 0x80, 0x6a, 0x01, 0x03, 0x01, 0x00, 0x51, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x00, 0x39, 0x00, 0x00, + 0x38, 0x00, 0x00, 0x35, 0x00, 0x00, 0x16, 0x00, + 0x00, 0x13, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x33, + 0x00, 0x00, 0x32, 0x00, 0x00, 0x2f, 0x00, 0x00, + 0x07, 0x00, 0x00, 0x66, 0x00, 0x00, 0x05, 0x00, + 0x00, 0x04, 0x00, 0x00, 0x63, 0x00, 0x00, 0x62, + 0x00, 0x00, 0x61, 0x00, 0x00, 0x15, 0x00, 0x00, + 0x12, 0x00, 0x00, 0x09, 0x00, 0x00, 0x65, 0x00, + 0x00, 0x64, 0x00, 0x00, 0x60, 0x00, 0x00, 0x14, + 0x00, 0x00, 0x11, 0x00, 0x00, 0x08, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x03, 0xdd, 0xb6, 0x59, 0x26, + 0x46, 0xe6, 0x79, 0x77, 0xf4, 0xec, 0x42, 0x76, + 0xc8, 0x73, 0xad, 0x9c, +}; + +static unsigned char sslv2_client_hello_tls12[] = { + 0x80, 0xcb, 0x01, 0x03, 0x03, 0x00, 0xa2, 0x00, + 0x00, 0x00, 0x20, 0x00, 0x00, 0xa5, 0x00, 0x00, + 0xa3, 0x00, 0x00, 0xa1, 0x00, 0x00, 0x9f, 0x00, + 0x00, 0x6b, 0x00, 0x00, 0x6a, 0x00, 0x00, 0x69, + 0x00, 0x00, 0x68, 0x00, 0x00, 0x39, 0x00, 0x00, + 0x38, 0x00, 0x00, 0x37, 0x00, 0x00, 0x36, 0x00, + 0x00, 0x88, 0x00, 0x00, 0x87, 0x00, 0x00, 0x86, + 0x00, 0x00, 0x85, 0x00, 0x00, 0x9d, 0x00, 0x00, + 0x3d, 0x00, 0x00, 0x35, 0x00, 0x00, 0x84, 0x00, + 0x00, 0xa4, 0x00, 0x00, 0xa2, 0x00, 0x00, 0xa0, + 0x00, 0x00, 0x9e, 0x00, 0x00, 0x67, 0x00, 0x00, + 0x40, 0x00, 0x00, 0x3f, 0x00, 0x00, 0x3e, 0x00, + 0x00, 0x33, 0x00, 0x00, 0x32, 0x00, 0x00, 0x31, + 0x00, 0x00, 0x30, 0x00, 0x00, 0x9a, 0x00, 0x00, + 0x99, 0x00, 0x00, 0x98, 0x00, 0x00, 0x97, 0x00, + 0x00, 0x45, 0x00, 0x00, 0x44, 0x00, 0x00, 0x43, + 0x00, 0x00, 0x42, 0x00, 0x00, 0x9c, 0x00, 0x00, + 0x3c, 0x00, 0x00, 0x2f, 0x00, 0x00, 0x96, 0x00, + 0x00, 0x41, 0x00, 0x00, 0x07, 0x00, 0x00, 0x05, + 0x00, 0x00, 0x04, 0x00, 0x00, 0x16, 0x00, 0x00, + 0x13, 0x00, 0x00, 0x10, 0x00, 0x00, 0x0d, 0x00, + 0x00, 0x0a, 0x00, 0x00, 0xff, 0x1d, 0xfd, 0x90, + 0x03, 0x61, 0x3c, 0x5a, 0x22, 0x83, 0xed, 0x11, + 0x85, 0xf4, 0xea, 0x36, 0x59, 0xd9, 0x1b, 0x27, + 0x22, 0x01, 0x14, 0x07, 0x66, 0xb2, 0x24, 0xf5, + 0x4e, 0x7d, 0x9d, 0x9c, 0x52, +}; + +struct server_hello_test { + const unsigned char *desc; + unsigned char *client_hello; + const size_t client_hello_len; + const SSL_METHOD *(*ssl_method)(void); + const long ssl_options; +}; + +static struct server_hello_test server_hello_tests[] = { + { + .desc = "TLSv1.0 in SSLv2 record", + .client_hello = sslv2_client_hello_tls10, + .client_hello_len = sizeof(sslv2_client_hello_tls10), + .ssl_method = TLS_server_method, + .ssl_options = 0, + }, + { + .desc = "TLSv1.2 in SSLv2 record", + .client_hello = sslv2_client_hello_tls12, + .client_hello_len = sizeof(sslv2_client_hello_tls12), + .ssl_method = TLS_server_method, + .ssl_options = 0, + }, +}; + +#define N_SERVER_HELLO_TESTS \ + (sizeof(server_hello_tests) / sizeof(*server_hello_tests)) + +static int +server_hello_test(int testno, struct server_hello_test *sht) +{ + BIO *rbio = NULL, *wbio = NULL; + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + int ret = 1; + + fprintf(stderr, "Test %i - %s\n", testno, sht->desc); + + if ((rbio = BIO_new_mem_buf(sht->client_hello, + sht->client_hello_len)) == NULL) { + fprintf(stderr, "Failed to setup rbio\n"); + goto failure; + } + if ((wbio = BIO_new(BIO_s_mem())) == NULL) { + fprintf(stderr, "Failed to setup wbio\n"); + goto failure; + } + + if ((ssl_ctx = SSL_CTX_new(sht->ssl_method())) == NULL) { + fprintf(stderr, "SSL_CTX_new() returned NULL\n"); + goto failure; + } + + if (SSL_CTX_use_certificate_file(ssl_ctx, server_cert_file, + SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "Failed to load server certificate"); + goto failure; + } + if (SSL_CTX_use_PrivateKey_file(ssl_ctx, server_key_file, + SSL_FILETYPE_PEM) != 1) { + fprintf(stderr, "Failed to load server private key"); + goto failure; + } + + SSL_CTX_set_dh_auto(ssl_ctx, 1); + SSL_CTX_set_ecdh_auto(ssl_ctx, 1); + SSL_CTX_set_options(ssl_ctx, sht->ssl_options); + + if ((ssl = SSL_new(ssl_ctx)) == NULL) { + fprintf(stderr, "SSL_new() returned NULL\n"); + goto failure; + } + + rbio->references = 2; + wbio->references = 2; + + SSL_set_bio(ssl, rbio, wbio); + + if (SSL_accept(ssl) != 0) { + fprintf(stderr, "SSL_accept() returned non-zero\n"); + ERR_print_errors_fp(stderr); + goto failure; + } + + ret = 0; + + failure: + SSL_CTX_free(ssl_ctx); + SSL_free(ssl); + + rbio->references = 1; + wbio->references = 1; + + BIO_free(rbio); + BIO_free(wbio); + + return (ret); +} + +int +main(int argc, char **argv) +{ + int failed = 0; + size_t i; + + if (argc != 4) { + fprintf(stderr, "usage: %s keyfile certfile cafile\n", + argv[0]); + exit(1); + } + + server_key_file = argv[1]; + server_cert_file = argv[2]; + server_ca_file = argv[3]; + + SSL_library_init(); + SSL_load_error_strings(); + + for (i = 0; i < N_SERVER_HELLO_TESTS; i++) + failed |= server_hello_test(i, &server_hello_tests[i]); + + return (failed); +} -- cgit v1.2.3-55-g6feb