VirtualBox

source: vbox/trunk/src/libs/openssl-3.3.2/test/helpers/ssltestlib.c@ 108358

最後變更 在這個檔案從108358是 108206,由 vboxsync 提交於 5 週 前

openssl-3.3.2: Exported all files to OSE and removed .scm-settings ​bugref:10757
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 43.4 KB
 
1/*
2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * We need access to the deprecated low level ENGINE APIs for legacy purposes
12 * when the deprecated calls are not hidden
13 */
14#ifndef OPENSSL_NO_DEPRECATED_3_0
15# define OPENSSL_SUPPRESS_DEPRECATED
16#endif
17
18#include <string.h>
19
20#include <openssl/engine.h>
21#include "internal/e_os.h"
22#include "internal/nelem.h"
23#include "ssltestlib.h"
24#include "../testutil.h"
25
26#if (!defined(OPENSSL_NO_KTLS) || !defined(OPENSSL_NO_QUIC)) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_NO_SOCK)
27# define OSSL_USE_SOCKETS 1
28# include "internal/sockets.h"
29# include <openssl/bio.h>
30#endif
31
32static int tls_dump_new(BIO *bi);
33static int tls_dump_free(BIO *a);
34static int tls_dump_read(BIO *b, char *out, int outl);
35static int tls_dump_write(BIO *b, const char *in, int inl);
36static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr);
37static int tls_dump_gets(BIO *bp, char *buf, int size);
38static int tls_dump_puts(BIO *bp, const char *str);
39
40/* Choose a sufficiently large type likely to be unused for this custom BIO */
41#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
42#define BIO_TYPE_MEMPACKET_TEST 0x81
43#define BIO_TYPE_ALWAYS_RETRY 0x82
44#define BIO_TYPE_MAYBE_RETRY (0x83 | BIO_TYPE_FILTER)
45
46static BIO_METHOD *method_tls_dump = NULL;
47static BIO_METHOD *meth_mem = NULL;
48static BIO_METHOD *meth_always_retry = NULL;
49static BIO_METHOD *meth_maybe_retry = NULL;
50static int retry_err = -1;
51
52/* Note: Not thread safe! */
53const BIO_METHOD *bio_f_tls_dump_filter(void)
54{
55 if (method_tls_dump == NULL) {
56 method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER,
57 "TLS dump filter");
58 if (method_tls_dump == NULL
59 || !BIO_meth_set_write(method_tls_dump, tls_dump_write)
60 || !BIO_meth_set_read(method_tls_dump, tls_dump_read)
61 || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts)
62 || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets)
63 || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl)
64 || !BIO_meth_set_create(method_tls_dump, tls_dump_new)
65 || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free))
66 return NULL;
67 }
68 return method_tls_dump;
69}
70
71void bio_f_tls_dump_filter_free(void)
72{
73 BIO_meth_free(method_tls_dump);
74}
75
76static int tls_dump_new(BIO *bio)
77{
78 BIO_set_init(bio, 1);
79 return 1;
80}
81
82static int tls_dump_free(BIO *bio)
83{
84 BIO_set_init(bio, 0);
85
86 return 1;
87}
88
89static void copy_flags(BIO *bio)
90{
91 int flags;
92 BIO *next = BIO_next(bio);
93
94 flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
95 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
96 BIO_set_flags(bio, flags);
97}
98
99#define RECORD_CONTENT_TYPE 0
100#define RECORD_VERSION_HI 1
101#define RECORD_VERSION_LO 2
102#define RECORD_EPOCH_HI 3
103#define RECORD_EPOCH_LO 4
104#define RECORD_SEQUENCE_START 5
105#define RECORD_SEQUENCE_END 10
106#define RECORD_LEN_HI 11
107#define RECORD_LEN_LO 12
108
109#define MSG_TYPE 0
110#define MSG_LEN_HI 1
111#define MSG_LEN_MID 2
112#define MSG_LEN_LO 3
113#define MSG_SEQ_HI 4
114#define MSG_SEQ_LO 5
115#define MSG_FRAG_OFF_HI 6
116#define MSG_FRAG_OFF_MID 7
117#define MSG_FRAG_OFF_LO 8
118#define MSG_FRAG_LEN_HI 9
119#define MSG_FRAG_LEN_MID 10
120#define MSG_FRAG_LEN_LO 11
121
122
123static void dump_data(const char *data, int len)
124{
125 int rem, i, content, reclen, msglen, fragoff, fraglen, epoch;
126 unsigned char *rec;
127
128 printf("---- START OF PACKET ----\n");
129
130 rem = len;
131 rec = (unsigned char *)data;
132
133 while (rem > 0) {
134 if (rem != len)
135 printf("*\n");
136 printf("*---- START OF RECORD ----\n");
137 if (rem < DTLS1_RT_HEADER_LENGTH) {
138 printf("*---- RECORD TRUNCATED ----\n");
139 break;
140 }
141 content = rec[RECORD_CONTENT_TYPE];
142 printf("** Record Content-type: %d\n", content);
143 printf("** Record Version: %02x%02x\n",
144 rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]);
145 epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO];
146 printf("** Record Epoch: %d\n", epoch);
147 printf("** Record Sequence: ");
148 for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++)
149 printf("%02x", rec[i]);
150 reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO];
151 printf("\n** Record Length: %d\n", reclen);
152
153 /* Now look at message */
154 rec += DTLS1_RT_HEADER_LENGTH;
155 rem -= DTLS1_RT_HEADER_LENGTH;
156 if (content == SSL3_RT_HANDSHAKE) {
157 printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n");
158 if (epoch > 0) {
159 printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n");
160 } else if (rem < DTLS1_HM_HEADER_LENGTH
161 || reclen < DTLS1_HM_HEADER_LENGTH) {
162 printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n");
163 } else {
164 printf("*** Message Type: %d\n", rec[MSG_TYPE]);
165 msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8)
166 | rec[MSG_LEN_LO];
167 printf("*** Message Length: %d\n", msglen);
168 printf("*** Message sequence: %d\n",
169 (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]);
170 fragoff = (rec[MSG_FRAG_OFF_HI] << 16)
171 | (rec[MSG_FRAG_OFF_MID] << 8)
172 | rec[MSG_FRAG_OFF_LO];
173 printf("*** Message Fragment offset: %d\n", fragoff);
174 fraglen = (rec[MSG_FRAG_LEN_HI] << 16)
175 | (rec[MSG_FRAG_LEN_MID] << 8)
176 | rec[MSG_FRAG_LEN_LO];
177 printf("*** Message Fragment len: %d\n", fraglen);
178 if (fragoff + fraglen > msglen)
179 printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n");
180 else if (reclen < fraglen)
181 printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n");
182 else
183 printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n");
184 }
185 }
186 if (rem < reclen) {
187 printf("*---- RECORD TRUNCATED ----\n");
188 rem = 0;
189 } else {
190 rec += reclen;
191 rem -= reclen;
192 printf("*---- END OF RECORD ----\n");
193 }
194 }
195 printf("---- END OF PACKET ----\n\n");
196 fflush(stdout);
197}
198
199static int tls_dump_read(BIO *bio, char *out, int outl)
200{
201 int ret;
202 BIO *next = BIO_next(bio);
203
204 ret = BIO_read(next, out, outl);
205 copy_flags(bio);
206
207 if (ret > 0) {
208 dump_data(out, ret);
209 }
210
211 return ret;
212}
213
214static int tls_dump_write(BIO *bio, const char *in, int inl)
215{
216 int ret;
217 BIO *next = BIO_next(bio);
218
219 ret = BIO_write(next, in, inl);
220 copy_flags(bio);
221
222 return ret;
223}
224
225static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr)
226{
227 long ret;
228 BIO *next = BIO_next(bio);
229
230 if (next == NULL)
231 return 0;
232
233 switch (cmd) {
234 case BIO_CTRL_DUP:
235 ret = 0L;
236 break;
237 default:
238 ret = BIO_ctrl(next, cmd, num, ptr);
239 break;
240 }
241 return ret;
242}
243
244static int tls_dump_gets(BIO *bio, char *buf, int size)
245{
246 /* We don't support this - not needed anyway */
247 return -1;
248}
249
250static int tls_dump_puts(BIO *bio, const char *str)
251{
252 return tls_dump_write(bio, str, strlen(str));
253}
254
255
256struct mempacket_st {
257 unsigned char *data;
258 int len;
259 unsigned int num;
260 unsigned int type;
261};
262
263static void mempacket_free(MEMPACKET *pkt)
264{
265 if (pkt->data != NULL)
266 OPENSSL_free(pkt->data);
267 OPENSSL_free(pkt);
268}
269
270typedef struct mempacket_test_ctx_st {
271 STACK_OF(MEMPACKET) *pkts;
272 uint16_t epoch;
273 unsigned int currrec;
274 unsigned int currpkt;
275 unsigned int lastpkt;
276 unsigned int injected;
277 unsigned int noinject;
278 unsigned int dropepoch;
279 int droprec;
280 int duprec;
281} MEMPACKET_TEST_CTX;
282
283static int mempacket_test_new(BIO *bi);
284static int mempacket_test_free(BIO *a);
285static int mempacket_test_read(BIO *b, char *out, int outl);
286static int mempacket_test_write(BIO *b, const char *in, int inl);
287static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr);
288static int mempacket_test_gets(BIO *bp, char *buf, int size);
289static int mempacket_test_puts(BIO *bp, const char *str);
290
291const BIO_METHOD *bio_s_mempacket_test(void)
292{
293 if (meth_mem == NULL) {
294 if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
295 "Mem Packet Test"))
296 || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write))
297 || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read))
298 || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts))
299 || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets))
300 || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl))
301 || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new))
302 || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free)))
303 return NULL;
304 }
305 return meth_mem;
306}
307
308void bio_s_mempacket_test_free(void)
309{
310 BIO_meth_free(meth_mem);
311}
312
313static int mempacket_test_new(BIO *bio)
314{
315 MEMPACKET_TEST_CTX *ctx;
316
317 if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx))))
318 return 0;
319 if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) {
320 OPENSSL_free(ctx);
321 return 0;
322 }
323 ctx->dropepoch = 0;
324 ctx->droprec = -1;
325 BIO_set_init(bio, 1);
326 BIO_set_data(bio, ctx);
327 return 1;
328}
329
330static int mempacket_test_free(BIO *bio)
331{
332 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
333
334 sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free);
335 OPENSSL_free(ctx);
336 BIO_set_data(bio, NULL);
337 BIO_set_init(bio, 0);
338 return 1;
339}
340
341/* Record Header values */
342#define EPOCH_HI 3
343#define EPOCH_LO 4
344#define RECORD_SEQUENCE 10
345#define RECORD_LEN_HI 11
346#define RECORD_LEN_LO 12
347
348#define STANDARD_PACKET 0
349
350static int mempacket_test_read(BIO *bio, char *out, int outl)
351{
352 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
353 MEMPACKET *thispkt;
354 unsigned char *rec;
355 int rem;
356 unsigned int seq, offset, len, epoch;
357
358 BIO_clear_retry_flags(bio);
359 if ((thispkt = sk_MEMPACKET_value(ctx->pkts, 0)) == NULL
360 || thispkt->num != ctx->currpkt) {
361 /* Probably run out of data */
362 BIO_set_retry_read(bio);
363 return -1;
364 }
365 (void)sk_MEMPACKET_shift(ctx->pkts);
366 ctx->currpkt++;
367
368 if (outl > thispkt->len)
369 outl = thispkt->len;
370
371 if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ
372 && (ctx->injected || ctx->droprec >= 0)) {
373 /*
374 * Overwrite the record sequence number. We strictly number them in
375 * the order received. Since we are actually a reliable transport
376 * we know that there won't be any re-ordering. We overwrite to deal
377 * with any packets that have been injected
378 */
379 for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len) {
380 if (rem < DTLS1_RT_HEADER_LENGTH)
381 return -1;
382 epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO];
383 if (epoch != ctx->epoch) {
384 ctx->epoch = epoch;
385 ctx->currrec = 0;
386 }
387 seq = ctx->currrec;
388 offset = 0;
389 do {
390 rec[RECORD_SEQUENCE - offset] = seq & 0xFF;
391 seq >>= 8;
392 offset++;
393 } while (seq > 0);
394
395 len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO])
396 + DTLS1_RT_HEADER_LENGTH;
397 if (rem < (int)len)
398 return -1;
399 if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) {
400 if (rem > (int)len)
401 memmove(rec, rec + len, rem - len);
402 outl -= len;
403 ctx->droprec = -1;
404 if (outl == 0)
405 BIO_set_retry_read(bio);
406 } else {
407 rec += len;
408 }
409
410 ctx->currrec++;
411 }
412 }
413
414 memcpy(out, thispkt->data, outl);
415 mempacket_free(thispkt);
416 return outl;
417}
418
419/*
420 * Look for records from different epochs in the last datagram and swap them
421 * around
422 */
423int mempacket_swap_epoch(BIO *bio)
424{
425 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
426 MEMPACKET *thispkt;
427 int rem, len, prevlen = 0, pktnum;
428 unsigned char *rec, *prevrec = NULL, *tmp;
429 unsigned int epoch;
430 int numpkts = sk_MEMPACKET_num(ctx->pkts);
431
432 if (numpkts <= 0)
433 return 0;
434
435 /*
436 * If there are multiple packets we only look in the last one. This should
437 * always be the one where any epoch change occurs.
438 */
439 thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 1);
440 if (thispkt == NULL)
441 return 0;
442
443 for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len, rec += len) {
444 if (rem < DTLS1_RT_HEADER_LENGTH)
445 return 0;
446 epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO];
447 len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO])
448 + DTLS1_RT_HEADER_LENGTH;
449 if (rem < len)
450 return 0;
451
452 /* Assumes the epoch change does not happen on the first record */
453 if (epoch != ctx->epoch) {
454 if (prevrec == NULL)
455 return 0;
456
457 /*
458 * We found 2 records with different epochs. Take a copy of the
459 * earlier record
460 */
461 tmp = OPENSSL_malloc(prevlen);
462 if (tmp == NULL)
463 return 0;
464
465 memcpy(tmp, prevrec, prevlen);
466 /*
467 * Move everything from this record onwards, including any trailing
468 * records, and overwrite the earlier record
469 */
470 memmove(prevrec, rec, rem);
471 thispkt->len -= prevlen;
472 pktnum = thispkt->num;
473
474 /*
475 * Create a new packet for the earlier record that we took out and
476 * add it to the end of the packet list.
477 */
478 thispkt = OPENSSL_malloc(sizeof(*thispkt));
479 if (thispkt == NULL) {
480 OPENSSL_free(tmp);
481 return 0;
482 }
483 thispkt->type = INJECT_PACKET;
484 thispkt->data = tmp;
485 thispkt->len = prevlen;
486 thispkt->num = pktnum + 1;
487 if (sk_MEMPACKET_insert(ctx->pkts, thispkt, numpkts) <= 0) {
488 OPENSSL_free(tmp);
489 OPENSSL_free(thispkt);
490 return 0;
491 }
492
493 return 1;
494 }
495 prevrec = rec;
496 prevlen = len;
497 }
498
499 return 0;
500}
501
502/* Move packet from position s to position d in the list (d < s) */
503int mempacket_move_packet(BIO *bio, int d, int s)
504{
505 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
506 MEMPACKET *thispkt;
507 int numpkts = sk_MEMPACKET_num(ctx->pkts);
508 int i;
509
510 if (d >= s)
511 return 0;
512
513 /* We need at least s + 1 packets to be able to swap them */
514 if (numpkts <= s)
515 return 0;
516
517 /* Get the packet at position s */
518 thispkt = sk_MEMPACKET_value(ctx->pkts, s);
519 if (thispkt == NULL)
520 return 0;
521
522 /* Remove and re-add it */
523 if (sk_MEMPACKET_delete(ctx->pkts, s) != thispkt)
524 return 0;
525
526 thispkt->num -= (s - d);
527 if (sk_MEMPACKET_insert(ctx->pkts, thispkt, d) <= 0)
528 return 0;
529
530 /* Increment the packet numbers for moved packets */
531 for (i = d + 1; i <= s; i++) {
532 thispkt = sk_MEMPACKET_value(ctx->pkts, i);
533 thispkt->num++;
534 }
535 return 1;
536}
537
538int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
539 int type)
540{
541 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
542 MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3];
543 int i, duprec;
544 const unsigned char *inu = (const unsigned char *)in;
545 size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO])
546 + DTLS1_RT_HEADER_LENGTH;
547
548 if (ctx == NULL)
549 return -1;
550
551 if ((size_t)inl < len)
552 return -1;
553
554 if ((size_t)inl == len)
555 duprec = 0;
556 else
557 duprec = ctx->duprec > 0;
558
559 /* We don't support arbitrary injection when duplicating records */
560 if (duprec && pktnum != -1)
561 return -1;
562
563 /* We only allow injection before we've started writing any data */
564 if (pktnum >= 0) {
565 if (ctx->noinject)
566 return -1;
567 ctx->injected = 1;
568 } else {
569 ctx->noinject = 1;
570 }
571
572 for (i = 0; i < (duprec ? 3 : 1); i++) {
573 if (!TEST_ptr(allpkts[i] = OPENSSL_malloc(sizeof(*thispkt))))
574 goto err;
575 thispkt = allpkts[i];
576
577 if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl)))
578 goto err;
579 /*
580 * If we are duplicating the packet, we duplicate it three times. The
581 * first two times we drop the first record if there are more than one.
582 * In this way we know that libssl will not be able to make progress
583 * until it receives the last packet, and hence will be forced to
584 * buffer these records.
585 */
586 if (duprec && i != 2) {
587 memcpy(thispkt->data, in + len, inl - len);
588 thispkt->len = inl - len;
589 } else {
590 memcpy(thispkt->data, in, inl);
591 thispkt->len = inl;
592 }
593 thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt + i;
594 thispkt->type = type;
595 }
596
597 for (i = 0; i < sk_MEMPACKET_num(ctx->pkts); i++) {
598 if (!TEST_ptr(looppkt = sk_MEMPACKET_value(ctx->pkts, i)))
599 goto err;
600 /* Check if we found the right place to insert this packet */
601 if (looppkt->num > thispkt->num) {
602 if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0)
603 goto err;
604 /* If we're doing up front injection then we're done */
605 if (pktnum >= 0)
606 return inl;
607 /*
608 * We need to do some accounting on lastpkt. We increment it first,
609 * but it might now equal the value of injected packets, so we need
610 * to skip over those
611 */
612 ctx->lastpkt++;
613 do {
614 i++;
615 nextpkt = sk_MEMPACKET_value(ctx->pkts, i);
616 if (nextpkt != NULL && nextpkt->num == ctx->lastpkt)
617 ctx->lastpkt++;
618 else
619 return inl;
620 } while(1);
621 } else if (looppkt->num == thispkt->num) {
622 if (!ctx->noinject) {
623 /* We injected two packets with the same packet number! */
624 goto err;
625 }
626 ctx->lastpkt++;
627 thispkt->num++;
628 }
629 }
630 /*
631 * We didn't find any packets with a packet number equal to or greater than
632 * this one, so we just add it onto the end
633 */
634 for (i = 0; i < (duprec ? 3 : 1); i++) {
635 thispkt = allpkts[i];
636 if (!sk_MEMPACKET_push(ctx->pkts, thispkt))
637 goto err;
638
639 if (pktnum < 0)
640 ctx->lastpkt++;
641 }
642
643 return inl;
644
645 err:
646 for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++)
647 mempacket_free(allpkts[i]);
648 return -1;
649}
650
651static int mempacket_test_write(BIO *bio, const char *in, int inl)
652{
653 return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET);
654}
655
656static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr)
657{
658 long ret = 1;
659 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
660 MEMPACKET *thispkt;
661
662 switch (cmd) {
663 case BIO_CTRL_EOF:
664 ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0);
665 break;
666 case BIO_CTRL_GET_CLOSE:
667 ret = BIO_get_shutdown(bio);
668 break;
669 case BIO_CTRL_SET_CLOSE:
670 BIO_set_shutdown(bio, (int)num);
671 break;
672 case BIO_CTRL_WPENDING:
673 ret = 0L;
674 break;
675 case BIO_CTRL_PENDING:
676 thispkt = sk_MEMPACKET_value(ctx->pkts, 0);
677 if (thispkt == NULL)
678 ret = 0;
679 else
680 ret = thispkt->len;
681 break;
682 case BIO_CTRL_FLUSH:
683 ret = 1;
684 break;
685 case MEMPACKET_CTRL_SET_DROP_EPOCH:
686 ctx->dropepoch = (unsigned int)num;
687 break;
688 case MEMPACKET_CTRL_SET_DROP_REC:
689 ctx->droprec = (int)num;
690 break;
691 case MEMPACKET_CTRL_GET_DROP_REC:
692 ret = ctx->droprec;
693 break;
694 case MEMPACKET_CTRL_SET_DUPLICATE_REC:
695 ctx->duprec = (int)num;
696 break;
697 case BIO_CTRL_RESET:
698 case BIO_CTRL_DUP:
699 case BIO_CTRL_PUSH:
700 case BIO_CTRL_POP:
701 default:
702 ret = 0;
703 break;
704 }
705 return ret;
706}
707
708static int mempacket_test_gets(BIO *bio, char *buf, int size)
709{
710 /* We don't support this - not needed anyway */
711 return -1;
712}
713
714static int mempacket_test_puts(BIO *bio, const char *str)
715{
716 return mempacket_test_write(bio, str, strlen(str));
717}
718
719static int always_retry_new(BIO *bi);
720static int always_retry_free(BIO *a);
721static int always_retry_read(BIO *b, char *out, int outl);
722static int always_retry_write(BIO *b, const char *in, int inl);
723static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr);
724static int always_retry_gets(BIO *bp, char *buf, int size);
725static int always_retry_puts(BIO *bp, const char *str);
726
727const BIO_METHOD *bio_s_always_retry(void)
728{
729 if (meth_always_retry == NULL) {
730 if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY,
731 "Always Retry"))
732 || !TEST_true(BIO_meth_set_write(meth_always_retry,
733 always_retry_write))
734 || !TEST_true(BIO_meth_set_read(meth_always_retry,
735 always_retry_read))
736 || !TEST_true(BIO_meth_set_puts(meth_always_retry,
737 always_retry_puts))
738 || !TEST_true(BIO_meth_set_gets(meth_always_retry,
739 always_retry_gets))
740 || !TEST_true(BIO_meth_set_ctrl(meth_always_retry,
741 always_retry_ctrl))
742 || !TEST_true(BIO_meth_set_create(meth_always_retry,
743 always_retry_new))
744 || !TEST_true(BIO_meth_set_destroy(meth_always_retry,
745 always_retry_free)))
746 return NULL;
747 }
748 return meth_always_retry;
749}
750
751void bio_s_always_retry_free(void)
752{
753 BIO_meth_free(meth_always_retry);
754}
755
756static int always_retry_new(BIO *bio)
757{
758 BIO_set_init(bio, 1);
759 return 1;
760}
761
762static int always_retry_free(BIO *bio)
763{
764 BIO_set_data(bio, NULL);
765 BIO_set_init(bio, 0);
766 return 1;
767}
768
769void set_always_retry_err_val(int err)
770{
771 retry_err = err;
772}
773
774static int always_retry_read(BIO *bio, char *out, int outl)
775{
776 BIO_set_retry_read(bio);
777 return retry_err;
778}
779
780static int always_retry_write(BIO *bio, const char *in, int inl)
781{
782 BIO_set_retry_write(bio);
783 return retry_err;
784}
785
786static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr)
787{
788 long ret = 1;
789
790 switch (cmd) {
791 case BIO_CTRL_FLUSH:
792 BIO_set_retry_write(bio);
793 /* fall through */
794 case BIO_CTRL_EOF:
795 case BIO_CTRL_RESET:
796 case BIO_CTRL_DUP:
797 case BIO_CTRL_PUSH:
798 case BIO_CTRL_POP:
799 default:
800 ret = 0;
801 break;
802 }
803 return ret;
804}
805
806static int always_retry_gets(BIO *bio, char *buf, int size)
807{
808 BIO_set_retry_read(bio);
809 return retry_err;
810}
811
812static int always_retry_puts(BIO *bio, const char *str)
813{
814 BIO_set_retry_write(bio);
815 return retry_err;
816}
817
818struct maybe_retry_data_st {
819 unsigned int retrycnt;
820};
821
822static int maybe_retry_new(BIO *bi);
823static int maybe_retry_free(BIO *a);
824static int maybe_retry_write(BIO *b, const char *in, int inl);
825static long maybe_retry_ctrl(BIO *b, int cmd, long num, void *ptr);
826
827const BIO_METHOD *bio_s_maybe_retry(void)
828{
829 if (meth_maybe_retry == NULL) {
830 if (!TEST_ptr(meth_maybe_retry = BIO_meth_new(BIO_TYPE_MAYBE_RETRY,
831 "Maybe Retry"))
832 || !TEST_true(BIO_meth_set_write(meth_maybe_retry,
833 maybe_retry_write))
834 || !TEST_true(BIO_meth_set_ctrl(meth_maybe_retry,
835 maybe_retry_ctrl))
836 || !TEST_true(BIO_meth_set_create(meth_maybe_retry,
837 maybe_retry_new))
838 || !TEST_true(BIO_meth_set_destroy(meth_maybe_retry,
839 maybe_retry_free)))
840 return NULL;
841 }
842 return meth_maybe_retry;
843}
844
845void bio_s_maybe_retry_free(void)
846{
847 BIO_meth_free(meth_maybe_retry);
848}
849
850static int maybe_retry_new(BIO *bio)
851{
852 struct maybe_retry_data_st *data = OPENSSL_zalloc(sizeof(*data));
853
854 if (data == NULL)
855 return 0;
856
857 BIO_set_data(bio, data);
858 BIO_set_init(bio, 1);
859 return 1;
860}
861
862static int maybe_retry_free(BIO *bio)
863{
864 struct maybe_retry_data_st *data = BIO_get_data(bio);
865
866 OPENSSL_free(data);
867 BIO_set_data(bio, NULL);
868 BIO_set_init(bio, 0);
869 return 1;
870}
871
872static int maybe_retry_write(BIO *bio, const char *in, int inl)
873{
874 struct maybe_retry_data_st *data = BIO_get_data(bio);
875
876 if (data == NULL)
877 return -1;
878
879 if (data->retrycnt == 0) {
880 BIO_set_retry_write(bio);
881 return -1;
882 }
883 data->retrycnt--;
884
885 return BIO_write(BIO_next(bio), in, inl);
886}
887
888static long maybe_retry_ctrl(BIO *bio, int cmd, long num, void *ptr)
889{
890 struct maybe_retry_data_st *data = BIO_get_data(bio);
891
892 if (data == NULL)
893 return 0;
894
895 switch (cmd) {
896 case MAYBE_RETRY_CTRL_SET_RETRY_AFTER_CNT:
897 data->retrycnt = num;
898 return 1;
899
900 case BIO_CTRL_FLUSH:
901 if (data->retrycnt == 0) {
902 BIO_set_retry_write(bio);
903 return -1;
904 }
905 data->retrycnt--;
906 /* fall through */
907 default:
908 return BIO_ctrl(BIO_next(bio), cmd, num, ptr);
909 }
910}
911
912int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm,
913 const SSL_METHOD *cm, int min_proto_version,
914 int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx,
915 char *certfile, char *privkeyfile)
916{
917 SSL_CTX *serverctx = NULL;
918 SSL_CTX *clientctx = NULL;
919
920 if (sctx != NULL) {
921 if (*sctx != NULL)
922 serverctx = *sctx;
923 else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm))
924 || !TEST_true(SSL_CTX_set_options(serverctx,
925 SSL_OP_ALLOW_CLIENT_RENEGOTIATION)))
926 goto err;
927 }
928
929 if (cctx != NULL) {
930 if (*cctx != NULL)
931 clientctx = *cctx;
932 else if (!TEST_ptr(clientctx = SSL_CTX_new_ex(libctx, NULL, cm)))
933 goto err;
934 }
935
936#if !defined(OPENSSL_NO_TLS1_3) \
937 && defined(OPENSSL_NO_EC) \
938 && defined(OPENSSL_NO_DH)
939 /*
940 * There are no usable built-in TLSv1.3 groups if ec and dh are both
941 * disabled
942 */
943 if (max_proto_version == 0
944 && (sm == TLS_server_method() || cm == TLS_client_method()))
945 max_proto_version = TLS1_2_VERSION;
946#endif
947
948 if (serverctx != NULL
949 && ((min_proto_version > 0
950 && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
951 min_proto_version)))
952 || (max_proto_version > 0
953 && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
954 max_proto_version)))))
955 goto err;
956 if (clientctx != NULL
957 && ((min_proto_version > 0
958 && !TEST_true(SSL_CTX_set_min_proto_version(clientctx,
959 min_proto_version)))
960 || (max_proto_version > 0
961 && !TEST_true(SSL_CTX_set_max_proto_version(clientctx,
962 max_proto_version)))))
963 goto err;
964
965 if (serverctx != NULL && certfile != NULL && privkeyfile != NULL) {
966 if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
967 SSL_FILETYPE_PEM), 1)
968 || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx,
969 privkeyfile,
970 SSL_FILETYPE_PEM), 1)
971 || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))
972 goto err;
973 }
974
975 if (sctx != NULL)
976 *sctx = serverctx;
977 if (cctx != NULL)
978 *cctx = clientctx;
979 return 1;
980
981 err:
982 if (sctx != NULL && *sctx == NULL)
983 SSL_CTX_free(serverctx);
984 if (cctx != NULL && *cctx == NULL)
985 SSL_CTX_free(clientctx);
986 return 0;
987}
988
989#define MAXLOOPS 1000000
990
991#if defined(OSSL_USE_SOCKETS)
992
993int wait_until_sock_readable(int sock)
994{
995 fd_set readfds;
996 struct timeval timeout;
997 int width;
998
999 width = sock + 1;
1000 FD_ZERO(&readfds);
1001 openssl_fdset(sock, &readfds);
1002 timeout.tv_sec = 10; /* give up after 10 seconds */
1003 timeout.tv_usec = 0;
1004
1005 select(width, &readfds, NULL, NULL, &timeout);
1006
1007 return FD_ISSET(sock, &readfds);
1008}
1009
1010int create_test_sockets(int *cfdp, int *sfdp, int socktype, BIO_ADDR *saddr)
1011{
1012 struct sockaddr_in sin;
1013 const char *host = "127.0.0.1";
1014 int cfd_connected = 0, ret = 0;
1015 socklen_t slen = sizeof(sin);
1016 int afd = -1, cfd = -1, sfd = -1;
1017
1018 memset ((char *) &sin, 0, sizeof(sin));
1019 sin.sin_family = AF_INET;
1020 sin.sin_addr.s_addr = inet_addr(host);
1021
1022 afd = BIO_socket(AF_INET, socktype,
1023 socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0);
1024 if (afd == INVALID_SOCKET)
1025 return 0;
1026
1027 if (bind(afd, (struct sockaddr*)&sin, sizeof(sin)) < 0)
1028 goto out;
1029
1030 if (getsockname(afd, (struct sockaddr*)&sin, &slen) < 0)
1031 goto out;
1032
1033 if (saddr != NULL
1034 && !BIO_ADDR_rawmake(saddr, sin.sin_family, &sin.sin_addr,
1035 sizeof(sin.sin_addr), sin.sin_port))
1036 goto out;
1037
1038 if (socktype == SOCK_STREAM && listen(afd, 1) < 0)
1039 goto out;
1040
1041 cfd = BIO_socket(AF_INET, socktype,
1042 socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0);
1043 if (cfd == INVALID_SOCKET)
1044 goto out;
1045
1046 if (!BIO_socket_nbio(afd, 1))
1047 goto out;
1048
1049 /*
1050 * If a DGRAM socket then we don't call "accept" or "connect" - so act like
1051 * we already called them.
1052 */
1053 if (socktype == SOCK_DGRAM) {
1054 cfd_connected = 1;
1055 sfd = afd;
1056 afd = -1;
1057 }
1058
1059 while (sfd == -1 || !cfd_connected) {
1060 sfd = accept(afd, NULL, 0);
1061 if (sfd == -1 && errno != EAGAIN)
1062 goto out;
1063
1064 if (!cfd_connected && connect(cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0)
1065 goto out;
1066 else
1067 cfd_connected = 1;
1068 }
1069
1070 if (!BIO_socket_nbio(cfd, 1) || !BIO_socket_nbio(sfd, 1))
1071 goto out;
1072 ret = 1;
1073 *cfdp = cfd;
1074 *sfdp = sfd;
1075 goto success;
1076
1077out:
1078 if (cfd != -1)
1079 close(cfd);
1080 if (sfd != -1)
1081 close(sfd);
1082success:
1083 if (afd != -1)
1084 close(afd);
1085 return ret;
1086}
1087
1088int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
1089 SSL **cssl, int sfd, int cfd)
1090{
1091 SSL *serverssl = NULL, *clientssl = NULL;
1092 BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
1093 BIO_POLL_DESCRIPTOR rdesc = {0}, wdesc = {0};
1094
1095 if (*sssl != NULL)
1096 serverssl = *sssl;
1097 else if (!TEST_ptr(serverssl = SSL_new(serverctx)))
1098 goto error;
1099 if (*cssl != NULL)
1100 clientssl = *cssl;
1101 else if (!TEST_ptr(clientssl = SSL_new(clientctx)))
1102 goto error;
1103
1104 if (!TEST_ptr(s_to_c_bio = BIO_new_socket(sfd, BIO_NOCLOSE))
1105 || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE)))
1106 goto error;
1107
1108 if (!TEST_false(SSL_get_rpoll_descriptor(clientssl, &rdesc)
1109 || !TEST_false(SSL_get_wpoll_descriptor(clientssl, &wdesc))))
1110 goto error;
1111
1112 SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio);
1113 SSL_set_bio(serverssl, s_to_c_bio, s_to_c_bio);
1114
1115 if (!TEST_true(SSL_get_rpoll_descriptor(clientssl, &rdesc))
1116 || !TEST_true(SSL_get_wpoll_descriptor(clientssl, &wdesc))
1117 || !TEST_int_eq(rdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD)
1118 || !TEST_int_eq(wdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD)
1119 || !TEST_int_eq(rdesc.value.fd, cfd)
1120 || !TEST_int_eq(wdesc.value.fd, cfd))
1121 goto error;
1122
1123 if (!TEST_true(SSL_get_rpoll_descriptor(serverssl, &rdesc))
1124 || !TEST_true(SSL_get_wpoll_descriptor(serverssl, &wdesc))
1125 || !TEST_int_eq(rdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD)
1126 || !TEST_int_eq(wdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD)
1127 || !TEST_int_eq(rdesc.value.fd, sfd)
1128 || !TEST_int_eq(wdesc.value.fd, sfd))
1129 goto error;
1130
1131 *sssl = serverssl;
1132 *cssl = clientssl;
1133 return 1;
1134
1135 error:
1136 SSL_free(serverssl);
1137 SSL_free(clientssl);
1138 BIO_free(s_to_c_bio);
1139 BIO_free(c_to_s_bio);
1140 return 0;
1141}
1142
1143#else
1144
1145int wait_until_sock_readable(int sock)
1146{
1147 return 0;
1148}
1149
1150#endif /* defined(OSSL_USE_SOCKETS) */
1151
1152/*
1153 * NOTE: Transfers control of the BIOs - this function will free them on error
1154 */
1155int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
1156 SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
1157{
1158 SSL *serverssl = NULL, *clientssl = NULL;
1159 BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
1160
1161 if (*sssl != NULL)
1162 serverssl = *sssl;
1163 else if (!TEST_ptr(serverssl = SSL_new(serverctx)))
1164 goto error;
1165 if (*cssl != NULL)
1166 clientssl = *cssl;
1167 else if (!TEST_ptr(clientssl = SSL_new(clientctx)))
1168 goto error;
1169
1170 if (SSL_is_dtls(clientssl)) {
1171 if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test()))
1172 || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test())))
1173 goto error;
1174 } else {
1175 if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem()))
1176 || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem())))
1177 goto error;
1178 }
1179
1180 if (s_to_c_fbio != NULL
1181 && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio)))
1182 goto error;
1183 if (c_to_s_fbio != NULL
1184 && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio)))
1185 goto error;
1186
1187 /* Set Non-blocking IO behaviour */
1188 BIO_set_mem_eof_return(s_to_c_bio, -1);
1189 BIO_set_mem_eof_return(c_to_s_bio, -1);
1190
1191 /* Up ref these as we are passing them to two SSL objects */
1192 SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
1193 BIO_up_ref(s_to_c_bio);
1194 BIO_up_ref(c_to_s_bio);
1195 SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio);
1196 *sssl = serverssl;
1197 *cssl = clientssl;
1198 return 1;
1199
1200 error:
1201 SSL_free(serverssl);
1202 SSL_free(clientssl);
1203 BIO_free(s_to_c_bio);
1204 BIO_free(c_to_s_bio);
1205 BIO_free(s_to_c_fbio);
1206 BIO_free(c_to_s_fbio);
1207
1208 return 0;
1209}
1210
1211/*
1212 * Create an SSL connection, but does not read any post-handshake
1213 * NewSessionTicket messages.
1214 * If |read| is set and we're using DTLS then we will attempt to SSL_read on
1215 * the connection once we've completed one half of it, to ensure any retransmits
1216 * get triggered.
1217 * We stop the connection attempt (and return a failure value) if either peer
1218 * has SSL_get_error() return the value in the |want| parameter. The connection
1219 * attempt could be restarted by a subsequent call to this function.
1220 */
1221int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want,
1222 int read, int listen)
1223{
1224 int retc = -1, rets = -1, err, abortctr = 0, ret = 0;
1225 int clienterr = 0, servererr = 0;
1226 int isdtls = SSL_is_dtls(serverssl);
1227#ifndef OPENSSL_NO_SOCK
1228 BIO_ADDR *peer = NULL;
1229
1230 if (listen) {
1231 if (!isdtls) {
1232 TEST_error("DTLSv1_listen requested for non-DTLS object\n");
1233 return 0;
1234 }
1235 peer = BIO_ADDR_new();
1236 if (!TEST_ptr(peer))
1237 return 0;
1238 }
1239#else
1240 if (listen) {
1241 TEST_error("DTLSv1_listen requested in a no-sock build\n");
1242 return 0;
1243 }
1244#endif
1245
1246 do {
1247 err = SSL_ERROR_WANT_WRITE;
1248 while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
1249 retc = SSL_connect(clientssl);
1250 if (retc <= 0)
1251 err = SSL_get_error(clientssl, retc);
1252 }
1253
1254 if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
1255 TEST_info("SSL_connect() failed %d, %d", retc, err);
1256 if (want != SSL_ERROR_SSL)
1257 TEST_openssl_errors();
1258 clienterr = 1;
1259 }
1260 if (want != SSL_ERROR_NONE && err == want)
1261 goto err;
1262
1263 err = SSL_ERROR_WANT_WRITE;
1264 while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
1265#ifndef OPENSSL_NO_SOCK
1266 if (listen) {
1267 rets = DTLSv1_listen(serverssl, peer);
1268 if (rets < 0) {
1269 err = SSL_ERROR_SSL;
1270 } else if (rets == 0) {
1271 err = SSL_ERROR_WANT_READ;
1272 } else {
1273 /* Success - stop listening and call SSL_accept from now on */
1274 listen = 0;
1275 rets = 0;
1276 }
1277 } else
1278#endif
1279 {
1280 rets = SSL_accept(serverssl);
1281 if (rets <= 0)
1282 err = SSL_get_error(serverssl, rets);
1283 }
1284 }
1285
1286 if (!servererr && rets <= 0
1287 && err != SSL_ERROR_WANT_READ
1288 && err != SSL_ERROR_WANT_X509_LOOKUP) {
1289 TEST_info("SSL_accept() failed %d, %d", rets, err);
1290 if (want != SSL_ERROR_SSL)
1291 TEST_openssl_errors();
1292 servererr = 1;
1293 }
1294 if (want != SSL_ERROR_NONE && err == want)
1295 goto err;
1296 if (clienterr && servererr)
1297 goto err;
1298 if (isdtls && read) {
1299 unsigned char buf[20];
1300
1301 /* Trigger any retransmits that may be appropriate */
1302 if (rets > 0 && retc <= 0) {
1303 if (SSL_read(serverssl, buf, sizeof(buf)) > 0) {
1304 /* We don't expect this to succeed! */
1305 TEST_info("Unexpected SSL_read() success!");
1306 goto err;
1307 }
1308 }
1309 if (retc > 0 && rets <= 0) {
1310 if (SSL_read(clientssl, buf, sizeof(buf)) > 0) {
1311 /* We don't expect this to succeed! */
1312 TEST_info("Unexpected SSL_read() success!");
1313 goto err;
1314 }
1315 }
1316 }
1317 if (++abortctr == MAXLOOPS) {
1318 TEST_info("No progress made");
1319 goto err;
1320 }
1321 if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) {
1322 /*
1323 * It looks like we're just spinning. Pause for a short period to
1324 * give the DTLS timer a chance to do something. We only do this for
1325 * the first few times to prevent hangs.
1326 */
1327 OSSL_sleep(50);
1328 }
1329 } while (retc <=0 || rets <= 0);
1330
1331 ret = 1;
1332 err:
1333#ifndef OPENSSL_NO_SOCK
1334 BIO_ADDR_free(peer);
1335#endif
1336 return ret;
1337}
1338
1339/*
1340 * Create an SSL connection including any post handshake NewSessionTicket
1341 * messages.
1342 */
1343int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
1344{
1345 int i;
1346 unsigned char buf;
1347 size_t readbytes;
1348
1349 if (!create_bare_ssl_connection(serverssl, clientssl, want, 1, 0))
1350 return 0;
1351
1352 /*
1353 * We attempt to read some data on the client side which we expect to fail.
1354 * This will ensure we have received the NewSessionTicket in TLSv1.3 where
1355 * appropriate. We do this twice because there are 2 NewSessionTickets.
1356 */
1357 for (i = 0; i < 2; i++) {
1358 if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {
1359 if (!TEST_ulong_eq(readbytes, 0))
1360 return 0;
1361 } else if (!TEST_int_eq(SSL_get_error(clientssl, 0),
1362 SSL_ERROR_WANT_READ)) {
1363 return 0;
1364 }
1365 }
1366
1367 return 1;
1368}
1369
1370void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl)
1371{
1372 SSL_shutdown(clientssl);
1373 SSL_shutdown(serverssl);
1374 SSL_free(serverssl);
1375 SSL_free(clientssl);
1376}
1377
1378SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize)
1379{
1380 const SSL_CIPHER *cipher = NULL;
1381 const unsigned char key[SHA384_DIGEST_LENGTH] = {
1382 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
1383 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
1384 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
1385 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
1386 0x2c, 0x2d, 0x2e, 0x2f
1387 };
1388 SSL_SESSION *sess = NULL;
1389
1390 if (mdsize == SHA384_DIGEST_LENGTH) {
1391 cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
1392 } else if (mdsize == SHA256_DIGEST_LENGTH) {
1393 /*
1394 * Any ciphersuite using SHA256 will do - it will be compatible with
1395 * the actual ciphersuite selected as long as it too is based on SHA256
1396 */
1397 cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES);
1398 } else {
1399 /* Should not happen */
1400 return NULL;
1401 }
1402 sess = SSL_SESSION_new();
1403 if (!TEST_ptr(sess)
1404 || !TEST_ptr(cipher)
1405 || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize))
1406 || !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
1407 || !TEST_true(
1408 SSL_SESSION_set_protocol_version(sess,
1409 TLS1_3_VERSION))) {
1410 SSL_SESSION_free(sess);
1411 return NULL;
1412 }
1413 return sess;
1414}
1415
1416#define NUM_EXTRA_CERTS 40
1417
1418int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx,
1419 const char *cert_file)
1420{
1421 BIO *certbio = NULL;
1422 X509 *chaincert = NULL;
1423 int certlen;
1424 int ret = 0;
1425 int i;
1426
1427 if (!TEST_ptr(certbio = BIO_new_file(cert_file, "r")))
1428 goto end;
1429
1430 if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL)))
1431 goto end;
1432
1433 if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL)
1434 goto end;
1435 BIO_free(certbio);
1436 certbio = NULL;
1437
1438 /*
1439 * We assume the supplied certificate is big enough so that if we add
1440 * NUM_EXTRA_CERTS it will make the overall message large enough. The
1441 * default buffer size is requested to be 16k, but due to the way BUF_MEM
1442 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this
1443 * test we need to have a message larger than that.
1444 */
1445 certlen = i2d_X509(chaincert, NULL);
1446 OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
1447 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
1448 for (i = 0; i < NUM_EXTRA_CERTS; i++) {
1449 if (!X509_up_ref(chaincert))
1450 goto end;
1451 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
1452 X509_free(chaincert);
1453 goto end;
1454 }
1455 }
1456
1457 ret = 1;
1458 end:
1459 BIO_free(certbio);
1460 X509_free(chaincert);
1461 return ret;
1462}
1463
1464ENGINE *load_dasync(void)
1465{
1466#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
1467 ENGINE *e;
1468
1469 if (!TEST_ptr(e = ENGINE_by_id("dasync")))
1470 return NULL;
1471
1472 if (!TEST_true(ENGINE_init(e))) {
1473 ENGINE_free(e);
1474 return NULL;
1475 }
1476
1477 if (!TEST_true(ENGINE_register_ciphers(e))) {
1478 ENGINE_free(e);
1479 return NULL;
1480 }
1481
1482 return e;
1483#else
1484 return NULL;
1485#endif
1486}
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette