Add conditional unit testing interface.

Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>

Configure

@@ -736,6 +736,7 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "shared"         => "default",
 		 "ssl-trace"	  => "default",
 		 "store"	  => "experimental",
+		 "unit-test"	  => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );

ssl/Makefile

@@ -30,7 +30,7 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
-	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c
+	bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c
 LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
@@ -41,7 +41,7 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
-	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o
+	bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o
 
 SRC= $(LIBSRC)
 

ssl/heartbeat_test.c

@@ -38,6 +38,8 @@
  * http://mike-bland.com/tags/heartbleed.html
  */
 
+#define OPENSSL_UNIT_TEST
+
 #include "../ssl/ssl_locl.h"
 
 #include "testutil.h"
@@ -46,7 +48,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_SYS_WINDOWS)
+#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST)
 
 /* As per https://tools.ietf.org/html/rfc6520#section-4 */
 #define MIN_PADDING_SIZE	16

ssl/ssl.h

@@ -2570,6 +2570,10 @@ int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, i
 void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
 void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
 
+#ifndef OPENSSL_NO_UNIT_TEST
+const struct openssl_ssl_test_functions *SSL_test_functions(void);
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.

ssl/ssl_locl.h

@@ -971,6 +971,16 @@ const SSL_METHOD *func_name(void)  \
 	return &func_name##_data; \
 	}
 
+struct openssl_ssl_test_functions
+	{
+	int (*p_ssl_init_wbio_buffer)(SSL *s, int push);
+	int (*p_ssl3_setup_buffers)(SSL *s);
+	int (*p_tls1_process_heartbeat)(SSL *s);
+	int (*p_dtls1_process_heartbeat)(SSL *s);
+	};
+
+#ifndef OPENSSL_UNIT_TEST
+
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
@@ -1380,5 +1390,12 @@ void ssl3_cbc_digest_record(
 void tls_fips_digest_extra(
 	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
 	const unsigned char *data, size_t data_len, size_t orig_len);
+#else
+
+#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
+#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
 
 #endif
+#endif

ssl/ssl_utst.c

@@ -0,0 +1,73 @@
+/* ssl_utst.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_UNIT_TEST
+
+
+static const struct openssl_ssl_test_functions ssl_test_functions =
+	{
+	ssl_init_wbio_buffer,
+	ssl3_setup_buffers,
+	tls1_process_heartbeat,
+	dtls1_process_heartbeat
+	};
+
+const struct openssl_ssl_test_functions *SSL_test_functions(void)
+	{
+	return &ssl_test_functions;
+	}
+
+#endif

util/mk1mf.pl

@@ -1465,6 +1465,7 @@ sub read_options
 		"no-zlib" => 0,
 		"no-zlib-dynamic" => 0,
 		"no-ssl-trace" => 0,
+		"no-unit-test" => 0,
 		"fips" => \$fips,
 		"fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
 		"fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],

util/mkdef.pl

@@ -119,7 +119,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 # SCTP
 			 "SCTP",
 			 # SSL TRACE
-		 	 "SSL_TRACE");
+		 	 "SSL_TRACE",
+			 # Unit testing
+		 	 "UNIT_TEST");
 
 my $options="";
 open(IN,"<Makefile") || die "unable to open Makefile!\n";
@@ -140,6 +142,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_ssl2; my $no_ec2m; my $no_nextprotoneg;
 my $no_srp; my $no_nistp_gcc; my $no_sctp; my $no_ssl_trace;
+my $no_unit_test;
 
 my $fips;
 
@@ -239,6 +242,7 @@ foreach (@ARGV, split(/ /, $options))
 	elsif (/^no-jpake$/)	{ $no_jpake=1; }
 	elsif (/^no-srp$/)	{ $no_srp=1; }
 	elsif (/^no-sctp$/)	{ $no_sctp=1; }
+	elsif (/^no-unit-test$/){ $no_unit_test=1; }
 	}
 
 
@@ -1208,6 +1212,7 @@ sub is_valid
 			if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
 			if ($keyword eq "SRP" && $no_srp) { return 0; }
 			if ($keyword eq "SCTP" && $no_sctp) { return 0; }
+			if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
 			if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
 
 			# Nothing recognise as true

util/ssleay.num

@@ -181,6 +181,7 @@ SSL_get_verify_depth                    229	EXIST::FUNCTION:
 SSL_CTX_set_session_id_context          231	EXIST::FUNCTION:
 SSL_CTX_set_cert_verify_callback        232	EXIST:!VMS:FUNCTION:
 SSL_CTX_set_cert_verify_cb              232	EXIST:VMS:FUNCTION:
+SSL_test_functions                      233	EXIST::FUNCTION:UNIT_TEST
 SSL_CTX_set_default_passwd_cb_userdata  235	EXIST:!VMS:FUNCTION:
 SSL_CTX_set_def_passwd_cb_ud            235	EXIST:VMS:FUNCTION:
 SSL_set_purpose                         236	EXIST::FUNCTION: