X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=test%2Fssltestlib.c;h=64acea3f7dc6d3cbd06b13f7946085feb0080f2f;hb=d5475e319575a45b20f560bdfae56cbfb165cb01;hp=655fc05cb2a696e2aba0d808a136c6f25001b7eb;hpb=fa454945cf2855fed452ff9bdb1876096bc07beb;p=openssl.git diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 655fc05cb2..64acea3f7d 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -9,7 +9,9 @@ #include +#include "e_os.h" #include "ssltestlib.h" +#include "testutil.h" static int tls_dump_new(BIO *bi); static int tls_dump_free(BIO *a); @@ -20,12 +22,11 @@ static int tls_dump_gets(BIO *bp, char *buf, int size); static int tls_dump_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -# define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) - -# define BIO_TYPE_MEMPACKET_TEST 0x81 +#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_MEMPACKET_TEST 0x81 static BIO_METHOD *method_tls_dump = NULL; -static BIO_METHOD *method_mempacket_test = NULL; +static BIO_METHOD *meth_mem = NULL; /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void) @@ -155,7 +156,7 @@ static void dump_data(const char *data, int len) printf("*** Message Fragment len: %d\n", fraglen); if (fragoff + fraglen > msglen) printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); - else if(reclen < fraglen) + else if (reclen < fraglen) printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); else printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); @@ -264,34 +265,33 @@ static int mempacket_test_puts(BIO *bp, const char *str); const BIO_METHOD *bio_s_mempacket_test(void) { - if (method_mempacket_test == NULL) { - method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, - "Mem Packet Test"); - if ( method_mempacket_test == NULL - || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write) - || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read) - || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts) - || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets) - || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl) - || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new) - || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free)) + if (meth_mem == NULL) { + if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, + "Mem Packet Test")) + || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) + || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) + || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) + || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) + || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) + || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) + || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) return NULL; } - return method_mempacket_test; + return meth_mem; } void bio_s_mempacket_test_free(void) { - BIO_meth_free(method_mempacket_test); + BIO_meth_free(meth_mem); } static int mempacket_test_new(BIO *bio) { - MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + MEMPACKET_TEST_CTX *ctx; + + if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) return 0; - ctx->pkts = sk_MEMPACKET_new_null(); - if (ctx->pkts == NULL) { + if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { OPENSSL_free(ctx); return 0; } @@ -308,7 +308,6 @@ static int mempacket_test_free(BIO *bio) OPENSSL_free(ctx); BIO_set_data(bio, NULL); BIO_set_init(bio, 0); - return 1; } @@ -330,7 +329,6 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) unsigned int seq, offset, len, epoch; BIO_clear_retry_flags(bio); - thispkt = sk_MEMPACKET_value(ctx->pkts, 0); if (thispkt == NULL || thispkt->num != ctx->currpkt) { /* Probably run out of data */ @@ -350,12 +348,10 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) * we know that there won't be any re-ordering. We overwrite to deal * with any packets that have been injected */ - rem = thispkt->len; - rec = thispkt->data; - while (rem > 0) { - if (rem < DTLS1_RT_HEADER_LENGTH) { + for (rem = thispkt->len, rec = thispkt->data + ; rem > 0; rec += len, rem -= len) { + if (rem < DTLS1_RT_HEADER_LENGTH) return -1; - } epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; if (epoch != ctx->epoch) { ctx->epoch = epoch; @@ -372,16 +368,11 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) + DTLS1_RT_HEADER_LENGTH; - - rec += len; - rem -= len; } } memcpy(out, thispkt->data, outl); - mempacket_free(thispkt); - return outl; } @@ -403,12 +394,9 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, ctx->noinject = 1; } - thispkt = OPENSSL_malloc(sizeof(MEMPACKET)); - if (thispkt == NULL) + if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt)))) return -1; - - thispkt->data = OPENSSL_malloc(inl); - if (thispkt->data == NULL) { + if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) { mempacket_free(thispkt); return -1; } @@ -442,7 +430,7 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, else return inl; } while(1); - } else if(looppkt->num == thispkt->num) { + } else if (looppkt->num == thispkt->num) { if (!ctx->noinject) { /* We injected two packets with the same packet number! */ return -1; @@ -529,38 +517,33 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, SSL_CTX *serverctx = NULL; SSL_CTX *clientctx = NULL; - serverctx = SSL_CTX_new(sm); - clientctx = SSL_CTX_new(cm); - if (serverctx == NULL || clientctx == NULL) { - printf("Failed to create SSL_CTX\n"); + if (!TEST_ptr(serverctx = SSL_CTX_new(sm)) + || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm)))) goto err; - } - if (SSL_CTX_use_certificate_file(serverctx, certfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server certificate\n"); + if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) goto err; - } - if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server private key\n"); - } - if (SSL_CTX_check_private_key(serverctx) <= 0) { - printf("Failed to check private key\n"); - goto err; - } - *sctx = serverctx; - *cctx = clientctx; +#ifndef OPENSSL_NO_DH + SSL_CTX_set_dh_auto(serverctx, 1); +#endif + *sctx = serverctx; + if (cctx != NULL) + *cctx = clientctx; return 1; + err: SSL_CTX_free(serverctx); SSL_CTX_free(clientctx); return 0; } -#define MAXLOOPS 100000 +#define MAXLOOPS 1000000 /* * NOTE: Transfers control of the BIOs - this function will free them on error @@ -568,62 +551,46 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) { - SSL *serverssl, *clientssl; + SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; - if (*sssl == NULL) - serverssl = SSL_new(serverctx); - else + if (*sssl != NULL) serverssl = *sssl; - if (*cssl == NULL) - clientssl = SSL_new(clientctx); - else + else if (!TEST_ptr(serverssl = SSL_new(serverctx))) + goto error; + if (*cssl != NULL) clientssl = *cssl; - - if (serverssl == NULL || clientssl == NULL) { - printf("Failed to create SSL object\n"); + else if (!TEST_ptr(clientssl = SSL_new(clientctx))) goto error; - } if (SSL_is_dtls(clientssl)) { - s_to_c_bio = BIO_new(bio_s_mempacket_test()); - c_to_s_bio = BIO_new(bio_s_mempacket_test()); + if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) + || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) + goto error; } else { - s_to_c_bio = BIO_new(BIO_s_mem()); - c_to_s_bio = BIO_new(BIO_s_mem()); - } - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create mem BIOs\n"); - goto error; + if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) + || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) + goto error; } - if (s_to_c_fbio != NULL) - s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio); - if (c_to_s_fbio != NULL) - c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio); - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create chained BIOs\n"); + if (s_to_c_fbio != NULL + && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) + goto error; + if (c_to_s_fbio != NULL + && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) goto error; - } /* Set Non-blocking IO behaviour */ BIO_set_mem_eof_return(s_to_c_bio, -1); BIO_set_mem_eof_return(c_to_s_bio, -1); /* Up ref these as we are passing them to two SSL objects */ + SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); BIO_up_ref(s_to_c_bio); BIO_up_ref(c_to_s_bio); - - SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); - - /* BIOs will now be freed when SSL objects are freed */ - s_to_c_bio = c_to_s_bio = NULL; - s_to_c_fbio = c_to_s_fbio = NULL; - *sssl = serverssl; *cssl = clientssl; - return 1; error: @@ -637,10 +604,12 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, return 0; } -int create_ssl_connection(SSL *serverssl, SSL *clientssl) +int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) { int retc = -1, rets = -1, err, abortctr = 0; int clienterr = 0, servererr = 0; + unsigned char buf; + size_t readbytes; do { err = SSL_ERROR_WANT_WRITE; @@ -651,9 +620,11 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) } if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_connect() failed %d, %d\n", retc, err); + TEST_info("SSL_connect() failed %d, %d", retc, err); clienterr = 1; } + if (want != SSL_ERROR_NONE && err == want) + return 0; err = SSL_ERROR_WANT_WRITE; while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { @@ -663,16 +634,38 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) } if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_accept() failed %d, %d\n", retc, err); + TEST_info("SSL_accept() failed %d, %d", rets, err); servererr = 1; } + if (want != SSL_ERROR_NONE && err == want) + return 0; if (clienterr && servererr) return 0; if (++abortctr == MAXLOOPS) { - printf("No progress made\n"); + TEST_info("No progress made"); return 0; } } while (retc <=0 || rets <= 0); + /* + * We attempt to read some data on the client side which we expect to fail. + * This will ensure we have received the NewSessionTicket in TLSv1.3 where + * appropriate. + */ + if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { + if (!TEST_ulong_eq(readbytes, 0)) + return 0; + } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) { + return 0; + } + return 1; } + +void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) +{ + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); +}