Update the tls13encryptiontest for new read record layer

The tls13encryption is an internal test that reaches inside libssl
to test encryption/decryption of records. It needs to be amended for the
new code structure so that it is testing the equivalent things as before.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 8dace6c21a73a4b99bba062d45570b0c0fa1fec3..4d6cc781e35bb04a13cddaa3ffd0fb814f2b52eb 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1045,35 +1045,46 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
     }
 
     /* Loop through all the settings since they must all be understood */
     }
 
     /* Loop through all the settings since they must all be understood */

-    for (p = settings; p->key != NULL; p++) {
-        if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
-            if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
-                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
-                goto err;
-            }
-        } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
-            if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
-                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
-                goto err;
-            }
-        } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
-            if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
-                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
-                goto err;
-            }
-        } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
-            if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
-                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
-                goto err;
-            }
-        } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
-            if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
-                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
+    if (settings != NULL) {
+        for (p = settings; p->key != NULL; p++) {
+            if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
+                if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
+                    RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
+                                SSL_R_FAILED_TO_GET_PARAMETER);
+                    goto err;
+                }
+            } else if (strcmp(p->key,
+                              OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
+                if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
+                    RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
+                                SSL_R_FAILED_TO_GET_PARAMETER);
+                    goto err;
+                }
+            } else if (strcmp(p->key,
+                              OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
+                if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
+                    RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
+                                SSL_R_FAILED_TO_GET_PARAMETER);
+                    goto err;
+                }
+            } else if (strcmp(p->key,
+                              OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
+                if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
+                    RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
+                                SSL_R_FAILED_TO_GET_PARAMETER);
+                    goto err;
+                }
+            } else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
+                if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
+                    RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
+                                SSL_R_FAILED_TO_GET_PARAMETER);
+                    goto err;
+                }
+            } else {
+                RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
+                            SSL_R_UNKNOWN_MANDATORY_PARAMETER);

                 goto err;
             }
                 goto err;
             }

-        } else {
-            RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER);
-            goto err;

         }
     }
 
         }
     }
 


@@ -1115,20 +1126,22 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
     rl->next = next;
 
     rl->cbarg = cbarg;
     rl->next = next;
 
     rl->cbarg = cbarg;

-    for (; fns->function_id != 0; fns++) {
-        switch (fns->function_id) {
-        case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
-            rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
-            break;
-        case OSSL_FUNC_RLAYER_MSG_CALLBACK:
-            rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
-            break;
-        case OSSL_FUNC_RLAYER_SECURITY:
-            rl->security = OSSL_FUNC_rlayer_security(fns);
-            break;
-        default:
-            /* Just ignore anything we don't understand */
-            break;
+    if (fns != NULL) {
+        for (; fns->function_id != 0; fns++) {
+            switch (fns->function_id) {
+            case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
+                rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
+                break;
+            case OSSL_FUNC_RLAYER_MSG_CALLBACK:
+                rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
+                break;
+            case OSSL_FUNC_RLAYER_SECURITY:
+                rl->security = OSSL_FUNC_rlayer_security(fns);
+                break;
+            default:
+                /* Just ignore anything we don't understand */
+                break;
+            }

         }
     }
 
         }
     }
 

diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c
index 0ce5ee1328b52079734c7fd5199ad1c7fce1e098..a29e238a84d43ec5710d27948f6015aecb9201d2 100644 (file)
--- a/test/tls13encryptiontest.c
+++ b/test/tls13encryptiontest.c
@@ -11,6 +11,8 @@
 #include <openssl/evp.h>
 #include "../ssl/ssl_local.h"
 #include "../ssl/record/record_local.h"
 #include <openssl/evp.h>
 #include "../ssl/ssl_local.h"
 #include "../ssl/record/record_local.h"

+#include "../ssl/record/recordmethod.h"
+#include "../ssl/record/methods/recmethod_local.h"

 #include "internal/nelem.h"
 #include "testutil.h"
 
 #include "internal/nelem.h"
 #include "testutil.h"
 


@@ -306,11 +308,14 @@ static int test_tls13_encryption(void)
     SSL_CTX *ctx = NULL;
     SSL *ssl = NULL;
     SSL3_RECORD rec;
     SSL_CTX *ctx = NULL;
     SSL *ssl = NULL;
     SSL3_RECORD rec;

-    unsigned char *key = NULL, *iv = NULL, *seq = NULL;
+    unsigned char *key = NULL;

     const EVP_CIPHER *ciph = EVP_aes_128_gcm();
     int ret = 0;
     size_t ivlen, ctr;
     SSL_CONNECTION *s;
     const EVP_CIPHER *ciph = EVP_aes_128_gcm();
     int ret = 0;
     size_t ivlen, ctr;
     SSL_CONNECTION *s;

+    unsigned char seqbuf[SEQ_NUM_SIZE];
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    OSSL_RECORD_LAYER *rl;

 
     /*
      * Encrypted TLSv1.3 records always have an outer content type of
 
     /*
      * Encrypted TLSv1.3 records always have an outer content type of


@@ -349,16 +354,14 @@ static int test_tls13_encryption(void)
     for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
         /* Load the record */
         ivlen = EVP_CIPHER_get_iv_length(ciph);
     for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
         /* Load the record */
         ivlen = EVP_CIPHER_get_iv_length(ciph);

-        if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
-                         RECORD_LAYER_get_read_sequence(&s->rlayer))) {
+        if (!load_record(&rec, &refdata[ctr], &key, iv, ivlen, seqbuf)) {

             TEST_error("Failed loading key into EVP_CIPHER_CTX");
             goto err;
         }
 
         /* Set up the read/write sequences */
             TEST_error("Failed loading key into EVP_CIPHER_CTX");
             goto err;
         }
 
         /* Set up the read/write sequences */

-        memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
-               RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
-        memcpy(s->write_iv, s->read_iv, ivlen);
+        memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), seqbuf, sizeof(seqbuf));
+        memcpy(s->write_iv, iv, ivlen);

 
         /* Load the key into the EVP_CIPHER_CTXs */
         if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
 
         /* Load the key into the EVP_CIPHER_CTXs */
         if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0


@@ -378,8 +381,18 @@ static int test_tls13_encryption(void)
             goto err;
         }
 
             goto err;
         }
 

+        if (!TEST_true(ossl_tls_record_method.new_record_layer(
+                          NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
+                          OSSL_RECORD_DIRECTION_READ,
+                          OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
+                          iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
+                          EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
+                          NULL, NULL, NULL, NULL, NULL, NULL, &rl))) {
+            goto err;
+        }
+        memcpy(rl->sequence, seqbuf, sizeof(seqbuf));

         /* Decrypt it */
         /* Decrypt it */

-        if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0, NULL, 0), 1)) {
+        if (!TEST_int_eq(rl->funcs->cipher(rl, &rec, 1, 0, NULL, 0), 1)) {

             TEST_info("Failed to decrypt record %zu", ctr);
             goto err;
         }
             TEST_info("Failed to decrypt record %zu", ctr);
             goto err;
         }


@@ -388,14 +401,11 @@ static int test_tls13_encryption(void)
             goto err;
         }
 
             goto err;
         }
 

+        ossl_tls_record_method.free(rl);

         OPENSSL_free(rec.data);
         OPENSSL_free(key);
         OPENSSL_free(rec.data);
         OPENSSL_free(key);

-        OPENSSL_free(iv);
-        OPENSSL_free(seq);

         rec.data = NULL;
         key = NULL;
         rec.data = NULL;
         key = NULL;

-        iv = NULL;
-        seq = NULL;

     }
 
     TEST_note("PASS: %zu records tested", ctr);
     }
 
     TEST_note("PASS: %zu records tested", ctr);


@@ -404,8 +414,6 @@ static int test_tls13_encryption(void)
  err:
     OPENSSL_free(rec.data);
     OPENSSL_free(key);
  err:
     OPENSSL_free(rec.data);
     OPENSSL_free(key);

-    OPENSSL_free(iv);
-    OPENSSL_free(seq);

     SSL_free(ssl);
     SSL_CTX_free(ctx);
     return ret;
     SSL_free(ssl);
     SSL_CTX_free(ctx);
     return ret;