wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Convert dtls_mtu_test, dtlsv1listentest

Browse source 
Also converted most of ssltestlib but left the packet_dump output
as-is (for now).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3257)
This commit is contained in:
Rich Salz 2017-04-26 12:20:44 -04:00
parent aa24cd1bfb
commit 8ed9a26616
5 changed files with 185 additions and 292 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
test/build.info
View file

@ -233,7 +233,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
SOURCE[dtlsv1listentest]=dtlsv1listentest.c
INCLUDE[dtlsv1listentest]=.. ../include
DEPEND[dtlsv1listentest]=../libssl
DEPEND[dtlsv1listentest]=../libssl libtestutil.a
SOURCE[ct_test]=ct_test.c
INCLUDE[ct_test]=../crypto/include ../include
@ -316,7 +316,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
PROGRAMS_NO_INST=dtls_mtu_test
SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
INCLUDE[dtls_mtu_test]=.. ../include
DEPEND[dtls_mtu_test]=../libcrypto ../libssl
DEPEND[dtls_mtu_test]=../libcrypto ../libssl libtestutil.a
ENDIF
IF[{- !$disabled{shared} -}]

135
test/dtls_mtu_test.c
View file

@ -15,6 +15,7 @@
#include <openssl/err.h>
#include "ssltestlib.h"
#include "testutil.h"
/* for SSL_READ_ETM() */
#include "../ssl/ssl_locl.h"
@ -57,21 +58,19 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
memset(buf, 0x5a, sizeof(buf));
if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1)
goto out;
if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl,
NULL, NULL)))
goto end;
if (no_etm)
SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC);
if (SSL_set_cipher_list(srvr_ssl, cs) != 1 ||
SSL_set_cipher_list(clnt_ssl, cs) != 1) {
ERR_print_errors_fp(stdout);
goto out;
}
sc_bio = SSL_get_rbio(srvr_ssl);
if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1)
goto out;
if (!TEST_true(SSL_set_cipher_list(srvr_ssl, cs))
|| !TEST_true(SSL_set_cipher_list(clnt_ssl, cs))
|| !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl))
|| !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl,
SSL_ERROR_NONE)))
goto end;
if (debug)
printf("Channel established\n");
@ -82,28 +81,27 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
SSL_set_mtu(clnt_ssl, 500 + i);
mtus[i] = DTLS_get_data_mtu(clnt_ssl);
if (debug)
printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n",
cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]);
if (mtus[i] == 0) {
fprintf(stderr,
"payload MTU failed with record MTU %d for %s\n",
500 + i, cs);
goto out;
TEST_info("%s%s MTU for record mtu %d = %lu",
cs, no_etm ? "-noEtM" : "",
500 + i, (unsigned long)mtus[i]);
if (!TEST_size_t_ne(mtus[i], 0)) {
TEST_info("Cipher %s MTU %d", cs, 500 + i);
goto end;
}
}
/* Now get out of the way */
SSL_set_mtu(clnt_ssl, 1000);
/* Now for all values in the range of payload MTUs, send
* a payload of that size and see what actual record size
* we end up with. */
/*
* Now for all values in the range of payload MTUs, send a payload of
* that size and see what actual record size we end up with.
*/
for (s = mtus[0]; s <= mtus[29]; s++) {
size_t reclen;
if (SSL_write(clnt_ssl, buf, s) != (int)s) {
ERR_print_errors_fp(stdout);
goto out;
}
if (!TEST_int_eq(SSL_write(clnt_ssl, buf, s), (int)s))
goto end;
reclen = BIO_read(sc_bio, buf, sizeof(buf));
if (debug)
printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s);
@ -111,53 +109,58 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
for (i = 0; i < 30; i++) {
/* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */
if (s <= mtus[i] && reclen > (size_t)(500 + i)) {
/* We sent a packet smaller than or equal to mtus[j] and
* that made a record *larger* than the record MTU 500+j! */
fprintf(stderr,
"%s: Payload MTU %"OSSLzu" reported for record MTU %d\n"
"but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n",
cs, mtus[i], 500 + i, s, reclen);
goto out;
if (!TEST_false(s <= mtus[i] && reclen > (size_t)(500 + i))) {
/*
* We sent a packet smaller than or equal to mtus[j] and
* that made a record *larger* than the record MTU 500+j!
*/
TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d",
cs, (unsigned long)s, (unsigned long)mtus[i],
(unsigned long)reclen, 500 + i);
goto end;
}
if (s > mtus[i] && reclen <= (size_t)(500 + i)) {
/* We sent a *larger* packet than mtus[i] and that *still*
if (!TEST_false(s > mtus[i] && reclen <= (size_t)(500 + i))) {
/*
* We sent a *larger* packet than mtus[i] and that *still*
* fits within the record MTU 500+i, so DTLS_get_data_mtu()
* was overly pessimistic. */
fprintf(stderr,
"%s: Payload MTU %"OSSLzu" reported for record MTU %d\n"
"but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n",
cs, mtus[i], 500 + i, s, reclen);
goto out;
* was overly pessimistic.
*/
TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d",
cs, (unsigned long)s, (unsigned long)mtus[i],
(unsigned long)reclen, 500 + i);
goto end;
}
}
}
rv = 1;
if (SSL_READ_ETM(clnt_ssl))
rv = 2;
out:
end:
SSL_free(clnt_ssl);
SSL_free(srvr_ssl);
return rv;
}
int main(void)
static int run_mtu_tests(void)
{
SSL_CTX *ctx = SSL_CTX_new(DTLS_method());
SSL_CTX *ctx = NULL;
STACK_OF(SSL_CIPHER) *ciphers;
int i, rv = 0;
int i, ret = 0;
if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method())))
goto end;
SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback);
SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback);
SSL_CTX_set_security_level(ctx, 0);
/* We only care about iterating over each enc/mac; we don't
* want to repeat the test for each auth/kx variant.
* So keep life simple and only do (non-DH) PSK. */
if (!SSL_CTX_set_cipher_list(ctx, "PSK")) {
fprintf(stderr, "Failed to set PSK cipher list\n");
goto out;
}
/*
* We only care about iterating over each enc/mac; we don't want to
* repeat the test for each auth/kx variant. So keep life simple and
* only do (non-DH) PSK.
*/
if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "PSK")))
goto end;
ciphers = SSL_CTX_get_ciphers(ctx);
for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
@ -165,26 +168,28 @@ int main(void)
const char *cipher_name = SSL_CIPHER_get_name(cipher);
/* As noted above, only one test for each enc/mac variant. */
if (strncmp(cipher_name, "PSK-", 4))
if (strncmp(cipher_name, "PSK-", 4) != 0)
continue;
rv = mtu_test(ctx, cipher_name, 0);
if (!rv)
if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0))
break;
printf("DTLS MTU test OK for %s\n", cipher_name);
if (rv == 1)
TEST_info("%s OK", cipher_name);
if (ret == 1)
continue;
/* mtu_test() returns 2 if it used Encrypt-then-MAC */
rv = mtu_test(ctx, cipher_name, 1);
if (!rv)
if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 1), 0))
break;
printf("DTLS MTU test OK for %s without Encrypt-then-MAC\n", cipher_name);
TEST_info("%s without EtM OK", cipher_name);
}
out:
SSL_CTX_free(ctx);
return !rv;
end:
SSL_CTX_free(ctx);
bio_s_mempacket_test_free();
return ret;
}
void register_tests()
{
ADD_TEST(run_mtu_tests);
}

182
test/dtlsv1listentest.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,10 +12,8 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
#endif
#include "e_os.h"
#include "testutil.h"
#ifndef OPENSSL_NO_SOCK
@ -236,7 +234,7 @@ static const unsigned char verify[] = {
0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */
};
static struct {
typedef struct {
const unsigned char *in;
unsigned int inlen;
/*
@ -245,52 +243,18 @@ static struct {
* DROP == 0 return value, no output
*/
enum {GOOD, VERIFY, DROP} outtype;
} testpackets[9] = {
{
clienthello_nocookie,
sizeof(clienthello_nocookie),
VERIFY
},
{
clienthello_nocookie_frag,
sizeof(clienthello_nocookie_frag),
VERIFY
},
{
clienthello_nocookie_short,
sizeof(clienthello_nocookie_short),
DROP
},
{
clienthello_2ndfrag,
sizeof(clienthello_2ndfrag),
DROP
},
{
clienthello_cookie,
sizeof(clienthello_cookie),
GOOD
},
{
clienthello_cookie_frag,
sizeof(clienthello_cookie_frag),
GOOD
},
{
clienthello_badcookie,
sizeof(clienthello_badcookie),
VERIFY
},
{
clienthello_cookie_short,
sizeof(clienthello_cookie_short),
DROP
},
{
record_short,
sizeof(record_short),
DROP
}
} tests;
static tests testpackets[9] = {
{ clienthello_nocookie, sizeof(clienthello_nocookie), VERIFY },
{ clienthello_nocookie_frag, sizeof(clienthello_nocookie_frag), VERIFY },
{ clienthello_nocookie_short, sizeof(clienthello_nocookie_short), DROP },
{ clienthello_2ndfrag, sizeof(clienthello_2ndfrag), DROP },
{ clienthello_cookie, sizeof(clienthello_cookie), GOOD },
{ clienthello_cookie_frag, sizeof(clienthello_cookie_frag), GOOD },
{ clienthello_badcookie, sizeof(clienthello_badcookie), VERIFY },
{ clienthello_cookie_short, sizeof(clienthello_cookie_short), DROP },
{ record_short, sizeof(record_short), DROP }
};
# define COOKIE_LEN 20
@ -299,9 +263,8 @@ static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
{
unsigned int i;
for (i = 0; i < COOKIE_LEN; i++, cookie++) {
for (i = 0; i < COOKIE_LEN; i++, cookie++)
*cookie = i;
}
*cookie_len = COOKIE_LEN;
return 1;
@ -322,105 +285,72 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie,
return 1;
}
#endif
int main(void)
static int dtls_listen_test(int i)
{
#ifndef OPENSSL_NO_SOCK
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
BIO *outbio = NULL;
BIO *inbio = NULL;
BIO_ADDR *peer = BIO_ADDR_new();
BIO_ADDR *peer = NULL;
tests *tp = &testpackets[i];
char *data;
long datalen;
int ret, success = 0;
long i;
ctx = SSL_CTX_new(DTLS_server_method());
if (ctx == NULL || peer == NULL)
if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_server_method()))
|| !TEST_ptr(peer = BIO_ADDR_new()))
goto err;
SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen);
SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify);
/* Create an SSL object for the connection */
ssl = SSL_new(ctx);
if (ssl == NULL)
goto err;
outbio = BIO_new(BIO_s_mem());
if (outbio == NULL)
/* Create an SSL object and set the BIO */
if (!TEST_ptr(ssl = SSL_new(ctx))
|| !TEST_ptr(outbio = BIO_new(BIO_s_mem())))
goto err;
SSL_set0_wbio(ssl, outbio);
success = 1;
for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) {
inbio = BIO_new_mem_buf((char *)testpackets[i].in,
testpackets[i].inlen);
if (inbio == NULL) {
success = 0;
/* Set Non-blocking IO behaviour */
if (!TEST_ptr(inbio = BIO_new_mem_buf((char *)tp->in, tp->inlen)))
goto err;
BIO_set_mem_eof_return(inbio, -1);
SSL_set0_rbio(ssl, inbio);
/* Process the incoming packet */
if (!TEST_int_ge(ret = DTLSv1_listen(ssl, peer), 0))
goto err;
datalen = BIO_get_mem_data(outbio, &data);
if (tp->outtype == VERIFY) {
if (!TEST_int_eq(ret, 0)
|| !TEST_mem_eq(data, datalen, verify, sizeof(verify)))
goto err;
}
/* Set Non-blocking IO behaviour */
BIO_set_mem_eof_return(inbio, -1);
SSL_set0_rbio(ssl, inbio);
/* Process the incoming packet */
ret = DTLSv1_listen(ssl, peer);
if (ret < 0) {
success = 0;
} else if (datalen == 0) {
if (!TEST_true((ret == 0 && tp->outtype == DROP)
|| (ret == 1 && tp->outtype == GOOD)))
goto err;
}
datalen = BIO_get_mem_data(outbio, &data);
if (testpackets[i].outtype == VERIFY) {
if (ret == 0) {
if (datalen != sizeof(verify)
|| (memcmp(data, verify, sizeof(verify)) != 0)) {
printf("Test %ld failure: incorrect HelloVerifyRequest\n", i);
success = 0;
} else {
printf("Test %ld success\n", i);
}
} else {
printf ("Test %ld failure: should not have succeeded\n", i);
success = 0;
}
} else if (datalen == 0) {
if ((ret == 0 && testpackets[i].outtype == DROP)
|| (ret == 1 && testpackets[i].outtype == GOOD)) {
printf("Test %ld success\n", i);
} else {
printf("Test %ld failure: wrong return value\n", i);
success = 0;
}
} else {
printf("Test %ld failure: Unexpected data output\n", i);
success = 0;
}
(void)BIO_reset(outbio);
inbio = NULL;
/* Frees up inbio */
SSL_set0_rbio(ssl, NULL);
} else {
TEST_info("Test %d: unexpected data output", i);
goto err;
}
(void)BIO_reset(outbio);
inbio = NULL;
SSL_set0_rbio(ssl, NULL);
success = 1;
err:
if (!success)
ERR_print_errors_fp(stderr);
/* Also frees up outbio */
SSL_free(ssl);
SSL_CTX_free(ctx);
BIO_free(inbio);
OPENSSL_free(peer);
# ifndef OPENSSL_NO_CRYPTO_MDEBUG
CRYPTO_mem_leaks_fp(stderr);
# endif
return success ? 0 : 1;
#else
printf("DTLSv1_listen() is not supported by this build - skipping\n");
return 0;
return success;
}
#endif
void register_tests()
{
#ifndef OPENSSL_NO_SOCK
ADD_ALL_TESTS(dtls_listen_test, (int)OSSL_NELEM(testpackets));
#endif
}

BIN
test/libtestutil.a Normal file
View file

Binary file not shown.

156
test/ssltestlib.c
View file

@ -11,6 +11,7 @@
#include "e_os.h"
#include "ssltestlib.h"
#include "testutil.h"
static int tls_dump_new(BIO *bi);
static int tls_dump_free(BIO *a);
@ -21,12 +22,11 @@ static int tls_dump_gets(BIO *bp, char *buf, int size);
static int tls_dump_puts(BIO *bp, const char *str);
/* Choose a sufficiently large type likely to be unused for this custom BIO */
# define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
# define BIO_TYPE_MEMPACKET_TEST 0x81
#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
#define BIO_TYPE_MEMPACKET_TEST 0x81
static BIO_METHOD *method_tls_dump = NULL;
static BIO_METHOD *method_mempacket_test = NULL;
static BIO_METHOD *meth_mem = NULL;
/* Note: Not thread safe! */
const BIO_METHOD *bio_f_tls_dump_filter(void)
@ -265,34 +265,33 @@ static int mempacket_test_puts(BIO *bp, const char *str);
const BIO_METHOD *bio_s_mempacket_test(void)
{
if (method_mempacket_test == NULL) {
method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
"Mem Packet Test");
if ( method_mempacket_test == NULL
|| !BIO_meth_set_write(method_mempacket_test, mempacket_test_write)
|| !BIO_meth_set_read(method_mempacket_test, mempacket_test_read)
|| !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts)
|| !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets)
|| !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl)
|| !BIO_meth_set_create(method_mempacket_test, mempacket_test_new)
|| !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free))
if (meth_mem == NULL) {
if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
"Mem Packet Test"))
|| !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write))
|| !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read))
|| !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts))
|| !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets))
|| !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl))
|| !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new))
|| !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free)))
return NULL;
}
return method_mempacket_test;
return meth_mem;
}
void bio_s_mempacket_test_free(void)
{
BIO_meth_free(method_mempacket_test);
BIO_meth_free(meth_mem);
}
static int mempacket_test_new(BIO *bio)
{
MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx == NULL)
MEMPACKET_TEST_CTX *ctx;
if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx))))
return 0;
ctx->pkts = sk_MEMPACKET_new_null();
if (ctx->pkts == NULL) {
if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) {
OPENSSL_free(ctx);
return 0;
}
@ -309,7 +308,6 @@ static int mempacket_test_free(BIO *bio)
OPENSSL_free(ctx);
BIO_set_data(bio, NULL);
BIO_set_init(bio, 0);
return 1;
}
@ -331,7 +329,6 @@ static int mempacket_test_read(BIO *bio, char *out, int outl)
unsigned int seq, offset, len, epoch;
BIO_clear_retry_flags(bio);
thispkt = sk_MEMPACKET_value(ctx->pkts, 0);
if (thispkt == NULL || thispkt->num != ctx->currpkt) {
/* Probably run out of data */
@ -351,12 +348,10 @@ static int mempacket_test_read(BIO *bio, char *out, int outl)
* we know that there won't be any re-ordering. We overwrite to deal
* with any packets that have been injected
*/
rem = thispkt->len;
rec = thispkt->data;
while (rem > 0) {
if (rem < DTLS1_RT_HEADER_LENGTH) {
for (rem = thispkt->len, rec = thispkt->data
; rem > 0; rec += len, rem -= len) {
if (rem < DTLS1_RT_HEADER_LENGTH)
return -1;
}
epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO];
if (epoch != ctx->epoch) {
ctx->epoch = epoch;
@ -373,16 +368,11 @@ static int mempacket_test_read(BIO *bio, char *out, int outl)
len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO])
+ DTLS1_RT_HEADER_LENGTH;
rec += len;
rem -= len;
}
}
memcpy(out, thispkt->data, outl);
mempacket_free(thispkt);
return outl;
}
@ -404,12 +394,9 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
ctx->noinject = 1;
}
thispkt = OPENSSL_malloc(sizeof(MEMPACKET));
if (thispkt == NULL)
if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt))))
return -1;
thispkt->data = OPENSSL_malloc(inl);
if (thispkt->data == NULL) {
if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) {
mempacket_free(thispkt);
return -1;
}
@ -530,26 +517,16 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
SSL_CTX *serverctx = NULL;
SSL_CTX *clientctx = NULL;
serverctx = SSL_CTX_new(sm);
clientctx = SSL_CTX_new(cm);
if (serverctx == NULL || clientctx == NULL) {
printf("Failed to create SSL_CTX\n");
if (!TEST_ptr(serverctx = SSL_CTX_new(sm))
|| !TEST_ptr(clientctx = SSL_CTX_new(cm)))
goto err;
}
if (SSL_CTX_use_certificate_file(serverctx, certfile,
SSL_FILETYPE_PEM) <= 0) {
printf("Failed to load server certificate\n");
if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,
SSL_FILETYPE_PEM), 1)
|| !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))
goto err;
}
if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,
SSL_FILETYPE_PEM) <= 0) {
printf("Failed to load server private key\n");
}
if (SSL_CTX_check_private_key(serverctx) <= 0) {
printf("Failed to check private key\n");
goto err;
}
#ifndef OPENSSL_NO_DH
SSL_CTX_set_dh_auto(serverctx, 1);
@ -557,8 +534,8 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
*sctx = serverctx;
*cctx = clientctx;
return 1;
err:
SSL_CTX_free(serverctx);
SSL_CTX_free(clientctx);
@ -573,62 +550,46 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
{
SSL *serverssl, *clientssl;
SSL *serverssl = NULL, *clientssl = NULL;
BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
if (*sssl == NULL)
serverssl = SSL_new(serverctx);
else
if (*sssl != NULL)
serverssl = *sssl;
if (*cssl == NULL)
clientssl = SSL_new(clientctx);
else
clientssl = *cssl;
if (serverssl == NULL || clientssl == NULL) {
printf("Failed to create SSL object\n");
else if (!TEST_ptr(serverssl = SSL_new(serverctx)))
goto error;
if (*cssl != NULL)
clientssl = *cssl;
else if (!TEST_ptr(clientssl = SSL_new(clientctx)))
goto error;
}
if (SSL_is_dtls(clientssl)) {
s_to_c_bio = BIO_new(bio_s_mempacket_test());
c_to_s_bio = BIO_new(bio_s_mempacket_test());
if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test()))
|| !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test())))
goto error;
} else {
s_to_c_bio = BIO_new(BIO_s_mem());
c_to_s_bio = BIO_new(BIO_s_mem());
}
if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
printf("Failed to create mem BIOs\n");
goto error;
if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem()))
|| !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem())))
goto error;
}
if (s_to_c_fbio != NULL)
s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio);
if (c_to_s_fbio != NULL)
c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio);
if (s_to_c_bio == NULL || c_to_s_bio == NULL) {
printf("Failed to create chained BIOs\n");
if (s_to_c_fbio != NULL
&& !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio)))
goto error;
if (c_to_s_fbio != NULL
&& !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio)))
goto error;
}
/* Set Non-blocking IO behaviour */
BIO_set_mem_eof_return(s_to_c_bio, -1);
BIO_set_mem_eof_return(c_to_s_bio, -1);
/* Up ref these as we are passing them to two SSL objects */
SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
BIO_up_ref(s_to_c_bio);
BIO_up_ref(c_to_s_bio);
SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio);
/* BIOs will now be freed when SSL objects are freed */
s_to_c_bio = c_to_s_bio = NULL;
s_to_c_fbio = c_to_s_fbio = NULL;
*sssl = serverssl;
*cssl = clientssl;
return 1;
error:
@ -658,7 +619,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
}
if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
printf("SSL_connect() failed %d, %d\n", retc, err);
TEST_info("SSL_connect() failed %d, %d", retc, err);
clienterr = 1;
}
if (want != SSL_ERROR_NONE && err == want)
@ -672,7 +633,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
}
if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) {
printf("SSL_accept() failed %d, %d\n", rets, err);
TEST_info("SSL_accept() failed %d, %d", rets, err);
servererr = 1;
}
if (want != SSL_ERROR_NONE && err == want)
@ -680,7 +641,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
if (clienterr && servererr)
return 0;
if (++abortctr == MAXLOOPS) {
printf("No progress made\n");
TEST_info("No progress made");
return 0;
}
} while (retc <=0 || rets <= 0);
@ -691,12 +652,9 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
* appropriate.
*/
if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {
if (readbytes != 0) {
printf("Unexpected success reading data %"OSSLzu"\n", readbytes);
if (!TEST_ulong_eq(readbytes, 0))
return 0;
}
} else if (SSL_get_error(clientssl, 0) != SSL_ERROR_WANT_READ) {
printf("SSL_read_ex() failed\n");
} else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) {
return 0;
}