]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | ||
12 | #include "internal/nelem.h" | |
13 | #include "internal/cryptlib.h" /* for ossl_sleep() */ | |
14 | #include "ssltestlib.h" | |
15 | #include "testutil.h" | |
16 | #include "e_os.h" | |
17 | ||
18 | #ifdef OPENSSL_SYS_UNIX | |
19 | # include <unistd.h> | |
20 | # ifndef OPENSSL_NO_KTLS | |
21 | # include <netinet/in.h> | |
22 | # include <netinet/in.h> | |
23 | # include <arpa/inet.h> | |
24 | # include <sys/socket.h> | |
25 | # include <unistd.h> | |
26 | # include <fcntl.h> | |
27 | # endif | |
28 | #endif | |
29 | ||
30 | static int tls_dump_new(BIO *bi); | |
31 | static int tls_dump_free(BIO *a); | |
32 | static int tls_dump_read(BIO *b, char *out, int outl); | |
33 | static int tls_dump_write(BIO *b, const char *in, int inl); | |
34 | static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr); | |
35 | static int tls_dump_gets(BIO *bp, char *buf, int size); | |
36 | static int tls_dump_puts(BIO *bp, const char *str); | |
37 | ||
38 | /* Choose a sufficiently large type likely to be unused for this custom BIO */ | |
39 | #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) | |
40 | #define BIO_TYPE_MEMPACKET_TEST 0x81 | |
41 | #define BIO_TYPE_ALWAYS_RETRY 0x82 | |
42 | ||
43 | static BIO_METHOD *method_tls_dump = NULL; | |
44 | static BIO_METHOD *meth_mem = NULL; | |
45 | static BIO_METHOD *meth_always_retry = NULL; | |
46 | ||
47 | /* Note: Not thread safe! */ | |
48 | const BIO_METHOD *bio_f_tls_dump_filter(void) | |
49 | { | |
50 | if (method_tls_dump == NULL) { | |
51 | method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, | |
52 | "TLS dump filter"); | |
53 | if ( method_tls_dump == NULL | |
54 | || !BIO_meth_set_write(method_tls_dump, tls_dump_write) | |
55 | || !BIO_meth_set_read(method_tls_dump, tls_dump_read) | |
56 | || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) | |
57 | || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets) | |
58 | || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl) | |
59 | || !BIO_meth_set_create(method_tls_dump, tls_dump_new) | |
60 | || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free)) | |
61 | return NULL; | |
62 | } | |
63 | return method_tls_dump; | |
64 | } | |
65 | ||
66 | void bio_f_tls_dump_filter_free(void) | |
67 | { | |
68 | BIO_meth_free(method_tls_dump); | |
69 | } | |
70 | ||
71 | static int tls_dump_new(BIO *bio) | |
72 | { | |
73 | BIO_set_init(bio, 1); | |
74 | return 1; | |
75 | } | |
76 | ||
77 | static int tls_dump_free(BIO *bio) | |
78 | { | |
79 | BIO_set_init(bio, 0); | |
80 | ||
81 | return 1; | |
82 | } | |
83 | ||
84 | static void copy_flags(BIO *bio) | |
85 | { | |
86 | int flags; | |
87 | BIO *next = BIO_next(bio); | |
88 | ||
89 | flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
90 | BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
91 | BIO_set_flags(bio, flags); | |
92 | } | |
93 | ||
94 | #define RECORD_CONTENT_TYPE 0 | |
95 | #define RECORD_VERSION_HI 1 | |
96 | #define RECORD_VERSION_LO 2 | |
97 | #define RECORD_EPOCH_HI 3 | |
98 | #define RECORD_EPOCH_LO 4 | |
99 | #define RECORD_SEQUENCE_START 5 | |
100 | #define RECORD_SEQUENCE_END 10 | |
101 | #define RECORD_LEN_HI 11 | |
102 | #define RECORD_LEN_LO 12 | |
103 | ||
104 | #define MSG_TYPE 0 | |
105 | #define MSG_LEN_HI 1 | |
106 | #define MSG_LEN_MID 2 | |
107 | #define MSG_LEN_LO 3 | |
108 | #define MSG_SEQ_HI 4 | |
109 | #define MSG_SEQ_LO 5 | |
110 | #define MSG_FRAG_OFF_HI 6 | |
111 | #define MSG_FRAG_OFF_MID 7 | |
112 | #define MSG_FRAG_OFF_LO 8 | |
113 | #define MSG_FRAG_LEN_HI 9 | |
114 | #define MSG_FRAG_LEN_MID 10 | |
115 | #define MSG_FRAG_LEN_LO 11 | |
116 | ||
117 | ||
118 | static void dump_data(const char *data, int len) | |
119 | { | |
120 | int rem, i, content, reclen, msglen, fragoff, fraglen, epoch; | |
121 | unsigned char *rec; | |
122 | ||
123 | printf("---- START OF PACKET ----\n"); | |
124 | ||
125 | rem = len; | |
126 | rec = (unsigned char *)data; | |
127 | ||
128 | while (rem > 0) { | |
129 | if (rem != len) | |
130 | printf("*\n"); | |
131 | printf("*---- START OF RECORD ----\n"); | |
132 | if (rem < DTLS1_RT_HEADER_LENGTH) { | |
133 | printf("*---- RECORD TRUNCATED ----\n"); | |
134 | break; | |
135 | } | |
136 | content = rec[RECORD_CONTENT_TYPE]; | |
137 | printf("** Record Content-type: %d\n", content); | |
138 | printf("** Record Version: %02x%02x\n", | |
139 | rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); | |
140 | epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO]; | |
141 | printf("** Record Epoch: %d\n", epoch); | |
142 | printf("** Record Sequence: "); | |
143 | for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++) | |
144 | printf("%02x", rec[i]); | |
145 | reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]; | |
146 | printf("\n** Record Length: %d\n", reclen); | |
147 | ||
148 | /* Now look at message */ | |
149 | rec += DTLS1_RT_HEADER_LENGTH; | |
150 | rem -= DTLS1_RT_HEADER_LENGTH; | |
151 | if (content == SSL3_RT_HANDSHAKE) { | |
152 | printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n"); | |
153 | if (epoch > 0) { | |
154 | printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n"); | |
155 | } else if (rem < DTLS1_HM_HEADER_LENGTH | |
156 | || reclen < DTLS1_HM_HEADER_LENGTH) { | |
157 | printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); | |
158 | } else { | |
159 | printf("*** Message Type: %d\n", rec[MSG_TYPE]); | |
160 | msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8) | |
161 | | rec[MSG_LEN_LO]; | |
162 | printf("*** Message Length: %d\n", msglen); | |
163 | printf("*** Message sequence: %d\n", | |
164 | (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); | |
165 | fragoff = (rec[MSG_FRAG_OFF_HI] << 16) | |
166 | | (rec[MSG_FRAG_OFF_MID] << 8) | |
167 | | rec[MSG_FRAG_OFF_LO]; | |
168 | printf("*** Message Fragment offset: %d\n", fragoff); | |
169 | fraglen = (rec[MSG_FRAG_LEN_HI] << 16) | |
170 | | (rec[MSG_FRAG_LEN_MID] << 8) | |
171 | | rec[MSG_FRAG_LEN_LO]; | |
172 | printf("*** Message Fragment len: %d\n", fraglen); | |
173 | if (fragoff + fraglen > msglen) | |
174 | printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); | |
175 | else if (reclen < fraglen) | |
176 | printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); | |
177 | else | |
178 | printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); | |
179 | } | |
180 | } | |
181 | if (rem < reclen) { | |
182 | printf("*---- RECORD TRUNCATED ----\n"); | |
183 | rem = 0; | |
184 | } else { | |
185 | rec += reclen; | |
186 | rem -= reclen; | |
187 | printf("*---- END OF RECORD ----\n"); | |
188 | } | |
189 | } | |
190 | printf("---- END OF PACKET ----\n\n"); | |
191 | fflush(stdout); | |
192 | } | |
193 | ||
194 | static int tls_dump_read(BIO *bio, char *out, int outl) | |
195 | { | |
196 | int ret; | |
197 | BIO *next = BIO_next(bio); | |
198 | ||
199 | ret = BIO_read(next, out, outl); | |
200 | copy_flags(bio); | |
201 | ||
202 | if (ret > 0) { | |
203 | dump_data(out, ret); | |
204 | } | |
205 | ||
206 | return ret; | |
207 | } | |
208 | ||
209 | static int tls_dump_write(BIO *bio, const char *in, int inl) | |
210 | { | |
211 | int ret; | |
212 | BIO *next = BIO_next(bio); | |
213 | ||
214 | ret = BIO_write(next, in, inl); | |
215 | copy_flags(bio); | |
216 | ||
217 | return ret; | |
218 | } | |
219 | ||
220 | static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
221 | { | |
222 | long ret; | |
223 | BIO *next = BIO_next(bio); | |
224 | ||
225 | if (next == NULL) | |
226 | return 0; | |
227 | ||
228 | switch (cmd) { | |
229 | case BIO_CTRL_DUP: | |
230 | ret = 0L; | |
231 | break; | |
232 | default: | |
233 | ret = BIO_ctrl(next, cmd, num, ptr); | |
234 | break; | |
235 | } | |
236 | return ret; | |
237 | } | |
238 | ||
239 | static int tls_dump_gets(BIO *bio, char *buf, int size) | |
240 | { | |
241 | /* We don't support this - not needed anyway */ | |
242 | return -1; | |
243 | } | |
244 | ||
245 | static int tls_dump_puts(BIO *bio, const char *str) | |
246 | { | |
247 | return tls_dump_write(bio, str, strlen(str)); | |
248 | } | |
249 | ||
250 | ||
251 | struct mempacket_st { | |
252 | unsigned char *data; | |
253 | int len; | |
254 | unsigned int num; | |
255 | unsigned int type; | |
256 | }; | |
257 | ||
258 | static void mempacket_free(MEMPACKET *pkt) | |
259 | { | |
260 | if (pkt->data != NULL) | |
261 | OPENSSL_free(pkt->data); | |
262 | OPENSSL_free(pkt); | |
263 | } | |
264 | ||
265 | typedef struct mempacket_test_ctx_st { | |
266 | STACK_OF(MEMPACKET) *pkts; | |
267 | unsigned int epoch; | |
268 | unsigned int currrec; | |
269 | unsigned int currpkt; | |
270 | unsigned int lastpkt; | |
271 | unsigned int injected; | |
272 | unsigned int noinject; | |
273 | unsigned int dropepoch; | |
274 | int droprec; | |
275 | int duprec; | |
276 | } MEMPACKET_TEST_CTX; | |
277 | ||
278 | static int mempacket_test_new(BIO *bi); | |
279 | static int mempacket_test_free(BIO *a); | |
280 | static int mempacket_test_read(BIO *b, char *out, int outl); | |
281 | static int mempacket_test_write(BIO *b, const char *in, int inl); | |
282 | static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr); | |
283 | static int mempacket_test_gets(BIO *bp, char *buf, int size); | |
284 | static int mempacket_test_puts(BIO *bp, const char *str); | |
285 | ||
286 | const BIO_METHOD *bio_s_mempacket_test(void) | |
287 | { | |
288 | if (meth_mem == NULL) { | |
289 | if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, | |
290 | "Mem Packet Test")) | |
291 | || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) | |
292 | || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) | |
293 | || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) | |
294 | || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) | |
295 | || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) | |
296 | || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) | |
297 | || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) | |
298 | return NULL; | |
299 | } | |
300 | return meth_mem; | |
301 | } | |
302 | ||
303 | void bio_s_mempacket_test_free(void) | |
304 | { | |
305 | BIO_meth_free(meth_mem); | |
306 | } | |
307 | ||
308 | static int mempacket_test_new(BIO *bio) | |
309 | { | |
310 | MEMPACKET_TEST_CTX *ctx; | |
311 | ||
312 | if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) | |
313 | return 0; | |
314 | if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { | |
315 | OPENSSL_free(ctx); | |
316 | return 0; | |
317 | } | |
318 | ctx->dropepoch = 0; | |
319 | ctx->droprec = -1; | |
320 | BIO_set_init(bio, 1); | |
321 | BIO_set_data(bio, ctx); | |
322 | return 1; | |
323 | } | |
324 | ||
325 | static int mempacket_test_free(BIO *bio) | |
326 | { | |
327 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
328 | ||
329 | sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free); | |
330 | OPENSSL_free(ctx); | |
331 | BIO_set_data(bio, NULL); | |
332 | BIO_set_init(bio, 0); | |
333 | return 1; | |
334 | } | |
335 | ||
336 | /* Record Header values */ | |
337 | #define EPOCH_HI 3 | |
338 | #define EPOCH_LO 4 | |
339 | #define RECORD_SEQUENCE 10 | |
340 | #define RECORD_LEN_HI 11 | |
341 | #define RECORD_LEN_LO 12 | |
342 | ||
343 | #define STANDARD_PACKET 0 | |
344 | ||
345 | static int mempacket_test_read(BIO *bio, char *out, int outl) | |
346 | { | |
347 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
348 | MEMPACKET *thispkt; | |
349 | unsigned char *rec; | |
350 | int rem; | |
351 | unsigned int seq, offset, len, epoch; | |
352 | ||
353 | BIO_clear_retry_flags(bio); | |
354 | thispkt = sk_MEMPACKET_value(ctx->pkts, 0); | |
355 | if (thispkt == NULL || thispkt->num != ctx->currpkt) { | |
356 | /* Probably run out of data */ | |
357 | BIO_set_retry_read(bio); | |
358 | return -1; | |
359 | } | |
360 | (void)sk_MEMPACKET_shift(ctx->pkts); | |
361 | ctx->currpkt++; | |
362 | ||
363 | if (outl > thispkt->len) | |
364 | outl = thispkt->len; | |
365 | ||
366 | if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ | |
367 | && (ctx->injected || ctx->droprec >= 0)) { | |
368 | /* | |
369 | * Overwrite the record sequence number. We strictly number them in | |
370 | * the order received. Since we are actually a reliable transport | |
371 | * we know that there won't be any re-ordering. We overwrite to deal | |
372 | * with any packets that have been injected | |
373 | */ | |
374 | for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len) { | |
375 | if (rem < DTLS1_RT_HEADER_LENGTH) | |
376 | return -1; | |
377 | epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; | |
378 | if (epoch != ctx->epoch) { | |
379 | ctx->epoch = epoch; | |
380 | ctx->currrec = 0; | |
381 | } | |
382 | seq = ctx->currrec; | |
383 | offset = 0; | |
384 | do { | |
385 | rec[RECORD_SEQUENCE - offset] = seq & 0xFF; | |
386 | seq >>= 8; | |
387 | offset++; | |
388 | } while (seq > 0); | |
389 | ||
390 | len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) | |
391 | + DTLS1_RT_HEADER_LENGTH; | |
392 | if (rem < (int)len) | |
393 | return -1; | |
394 | if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) { | |
395 | if (rem > (int)len) | |
396 | memmove(rec, rec + len, rem - len); | |
397 | outl -= len; | |
398 | ctx->droprec = -1; | |
399 | if (outl == 0) | |
400 | BIO_set_retry_read(bio); | |
401 | } else { | |
402 | rec += len; | |
403 | } | |
404 | ||
405 | ctx->currrec++; | |
406 | } | |
407 | } | |
408 | ||
409 | memcpy(out, thispkt->data, outl); | |
410 | mempacket_free(thispkt); | |
411 | return outl; | |
412 | } | |
413 | ||
414 | int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, | |
415 | int type) | |
416 | { | |
417 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
418 | MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3]; | |
419 | int i, duprec; | |
420 | const unsigned char *inu = (const unsigned char *)in; | |
421 | size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO]) | |
422 | + DTLS1_RT_HEADER_LENGTH; | |
423 | ||
424 | if (ctx == NULL) | |
425 | return -1; | |
426 | ||
427 | if ((size_t)inl < len) | |
428 | return -1; | |
429 | ||
430 | if ((size_t)inl == len) | |
431 | duprec = 0; | |
432 | else | |
433 | duprec = ctx->duprec > 0; | |
434 | ||
435 | /* We don't support arbitrary injection when duplicating records */ | |
436 | if (duprec && pktnum != -1) | |
437 | return -1; | |
438 | ||
439 | /* We only allow injection before we've started writing any data */ | |
440 | if (pktnum >= 0) { | |
441 | if (ctx->noinject) | |
442 | return -1; | |
443 | ctx->injected = 1; | |
444 | } else { | |
445 | ctx->noinject = 1; | |
446 | } | |
447 | ||
448 | for (i = 0; i < (duprec ? 3 : 1); i++) { | |
449 | if (!TEST_ptr(allpkts[i] = OPENSSL_malloc(sizeof(*thispkt)))) | |
450 | goto err; | |
451 | thispkt = allpkts[i]; | |
452 | ||
453 | if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) | |
454 | goto err; | |
455 | /* | |
456 | * If we are duplicating the packet, we duplicate it three times. The | |
457 | * first two times we drop the first record if there are more than one. | |
458 | * In this way we know that libssl will not be able to make progress | |
459 | * until it receives the last packet, and hence will be forced to | |
460 | * buffer these records. | |
461 | */ | |
462 | if (duprec && i != 2) { | |
463 | memcpy(thispkt->data, in + len, inl - len); | |
464 | thispkt->len = inl - len; | |
465 | } else { | |
466 | memcpy(thispkt->data, in, inl); | |
467 | thispkt->len = inl; | |
468 | } | |
469 | thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt + i; | |
470 | thispkt->type = type; | |
471 | } | |
472 | ||
473 | for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) { | |
474 | /* Check if we found the right place to insert this packet */ | |
475 | if (looppkt->num > thispkt->num) { | |
476 | if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) | |
477 | goto err; | |
478 | /* If we're doing up front injection then we're done */ | |
479 | if (pktnum >= 0) | |
480 | return inl; | |
481 | /* | |
482 | * We need to do some accounting on lastpkt. We increment it first, | |
483 | * but it might now equal the value of injected packets, so we need | |
484 | * to skip over those | |
485 | */ | |
486 | ctx->lastpkt++; | |
487 | do { | |
488 | i++; | |
489 | nextpkt = sk_MEMPACKET_value(ctx->pkts, i); | |
490 | if (nextpkt != NULL && nextpkt->num == ctx->lastpkt) | |
491 | ctx->lastpkt++; | |
492 | else | |
493 | return inl; | |
494 | } while(1); | |
495 | } else if (looppkt->num == thispkt->num) { | |
496 | if (!ctx->noinject) { | |
497 | /* We injected two packets with the same packet number! */ | |
498 | goto err; | |
499 | } | |
500 | ctx->lastpkt++; | |
501 | thispkt->num++; | |
502 | } | |
503 | } | |
504 | /* | |
505 | * We didn't find any packets with a packet number equal to or greater than | |
506 | * this one, so we just add it onto the end | |
507 | */ | |
508 | for (i = 0; i < (duprec ? 3 : 1); i++) { | |
509 | thispkt = allpkts[i]; | |
510 | if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) | |
511 | goto err; | |
512 | ||
513 | if (pktnum < 0) | |
514 | ctx->lastpkt++; | |
515 | } | |
516 | ||
517 | return inl; | |
518 | ||
519 | err: | |
520 | for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++) | |
521 | mempacket_free(allpkts[i]); | |
522 | return -1; | |
523 | } | |
524 | ||
525 | static int mempacket_test_write(BIO *bio, const char *in, int inl) | |
526 | { | |
527 | return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET); | |
528 | } | |
529 | ||
530 | static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
531 | { | |
532 | long ret = 1; | |
533 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
534 | MEMPACKET *thispkt; | |
535 | ||
536 | switch (cmd) { | |
537 | case BIO_CTRL_EOF: | |
538 | ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0); | |
539 | break; | |
540 | case BIO_CTRL_GET_CLOSE: | |
541 | ret = BIO_get_shutdown(bio); | |
542 | break; | |
543 | case BIO_CTRL_SET_CLOSE: | |
544 | BIO_set_shutdown(bio, (int)num); | |
545 | break; | |
546 | case BIO_CTRL_WPENDING: | |
547 | ret = 0L; | |
548 | break; | |
549 | case BIO_CTRL_PENDING: | |
550 | thispkt = sk_MEMPACKET_value(ctx->pkts, 0); | |
551 | if (thispkt == NULL) | |
552 | ret = 0; | |
553 | else | |
554 | ret = thispkt->len; | |
555 | break; | |
556 | case BIO_CTRL_FLUSH: | |
557 | ret = 1; | |
558 | break; | |
559 | case MEMPACKET_CTRL_SET_DROP_EPOCH: | |
560 | ctx->dropepoch = (unsigned int)num; | |
561 | break; | |
562 | case MEMPACKET_CTRL_SET_DROP_REC: | |
563 | ctx->droprec = (int)num; | |
564 | break; | |
565 | case MEMPACKET_CTRL_GET_DROP_REC: | |
566 | ret = ctx->droprec; | |
567 | break; | |
568 | case MEMPACKET_CTRL_SET_DUPLICATE_REC: | |
569 | ctx->duprec = (int)num; | |
570 | break; | |
571 | case BIO_CTRL_RESET: | |
572 | case BIO_CTRL_DUP: | |
573 | case BIO_CTRL_PUSH: | |
574 | case BIO_CTRL_POP: | |
575 | default: | |
576 | ret = 0; | |
577 | break; | |
578 | } | |
579 | return ret; | |
580 | } | |
581 | ||
582 | static int mempacket_test_gets(BIO *bio, char *buf, int size) | |
583 | { | |
584 | /* We don't support this - not needed anyway */ | |
585 | return -1; | |
586 | } | |
587 | ||
588 | static int mempacket_test_puts(BIO *bio, const char *str) | |
589 | { | |
590 | return mempacket_test_write(bio, str, strlen(str)); | |
591 | } | |
592 | ||
593 | static int always_retry_new(BIO *bi); | |
594 | static int always_retry_free(BIO *a); | |
595 | static int always_retry_read(BIO *b, char *out, int outl); | |
596 | static int always_retry_write(BIO *b, const char *in, int inl); | |
597 | static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr); | |
598 | static int always_retry_gets(BIO *bp, char *buf, int size); | |
599 | static int always_retry_puts(BIO *bp, const char *str); | |
600 | ||
601 | const BIO_METHOD *bio_s_always_retry(void) | |
602 | { | |
603 | if (meth_always_retry == NULL) { | |
604 | if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY, | |
605 | "Always Retry")) | |
606 | || !TEST_true(BIO_meth_set_write(meth_always_retry, | |
607 | always_retry_write)) | |
608 | || !TEST_true(BIO_meth_set_read(meth_always_retry, | |
609 | always_retry_read)) | |
610 | || !TEST_true(BIO_meth_set_puts(meth_always_retry, | |
611 | always_retry_puts)) | |
612 | || !TEST_true(BIO_meth_set_gets(meth_always_retry, | |
613 | always_retry_gets)) | |
614 | || !TEST_true(BIO_meth_set_ctrl(meth_always_retry, | |
615 | always_retry_ctrl)) | |
616 | || !TEST_true(BIO_meth_set_create(meth_always_retry, | |
617 | always_retry_new)) | |
618 | || !TEST_true(BIO_meth_set_destroy(meth_always_retry, | |
619 | always_retry_free))) | |
620 | return NULL; | |
621 | } | |
622 | return meth_always_retry; | |
623 | } | |
624 | ||
625 | void bio_s_always_retry_free(void) | |
626 | { | |
627 | BIO_meth_free(meth_always_retry); | |
628 | } | |
629 | ||
630 | static int always_retry_new(BIO *bio) | |
631 | { | |
632 | BIO_set_init(bio, 1); | |
633 | return 1; | |
634 | } | |
635 | ||
636 | static int always_retry_free(BIO *bio) | |
637 | { | |
638 | BIO_set_data(bio, NULL); | |
639 | BIO_set_init(bio, 0); | |
640 | return 1; | |
641 | } | |
642 | ||
643 | static int always_retry_read(BIO *bio, char *out, int outl) | |
644 | { | |
645 | BIO_set_retry_read(bio); | |
646 | return -1; | |
647 | } | |
648 | ||
649 | static int always_retry_write(BIO *bio, const char *in, int inl) | |
650 | { | |
651 | BIO_set_retry_write(bio); | |
652 | return -1; | |
653 | } | |
654 | ||
655 | static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
656 | { | |
657 | long ret = 1; | |
658 | ||
659 | switch (cmd) { | |
660 | case BIO_CTRL_FLUSH: | |
661 | BIO_set_retry_write(bio); | |
662 | /* fall through */ | |
663 | case BIO_CTRL_EOF: | |
664 | case BIO_CTRL_RESET: | |
665 | case BIO_CTRL_DUP: | |
666 | case BIO_CTRL_PUSH: | |
667 | case BIO_CTRL_POP: | |
668 | default: | |
669 | ret = 0; | |
670 | break; | |
671 | } | |
672 | return ret; | |
673 | } | |
674 | ||
675 | static int always_retry_gets(BIO *bio, char *buf, int size) | |
676 | { | |
677 | BIO_set_retry_read(bio); | |
678 | return -1; | |
679 | } | |
680 | ||
681 | static int always_retry_puts(BIO *bio, const char *str) | |
682 | { | |
683 | BIO_set_retry_write(bio); | |
684 | return -1; | |
685 | } | |
686 | ||
687 | int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, | |
688 | int min_proto_version, int max_proto_version, | |
689 | SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, | |
690 | char *privkeyfile) | |
691 | { | |
692 | SSL_CTX *serverctx = NULL; | |
693 | SSL_CTX *clientctx = NULL; | |
694 | ||
695 | if (*sctx != NULL) | |
696 | serverctx = *sctx; | |
697 | else if (!TEST_ptr(serverctx = SSL_CTX_new(sm))) | |
698 | goto err; | |
699 | ||
700 | if (cctx != NULL) { | |
701 | if (*cctx != NULL) | |
702 | clientctx = *cctx; | |
703 | else if (!TEST_ptr(clientctx = SSL_CTX_new(cm))) | |
704 | goto err; | |
705 | } | |
706 | ||
707 | if ((min_proto_version > 0 | |
708 | && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, | |
709 | min_proto_version))) | |
710 | || (max_proto_version > 0 | |
711 | && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, | |
712 | max_proto_version)))) | |
713 | goto err; | |
714 | if (clientctx != NULL | |
715 | && ((min_proto_version > 0 | |
716 | && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, | |
717 | min_proto_version))) | |
718 | || (max_proto_version > 0 | |
719 | && !TEST_true(SSL_CTX_set_max_proto_version(clientctx, | |
720 | max_proto_version))))) | |
721 | goto err; | |
722 | ||
723 | if (certfile != NULL && privkeyfile != NULL) { | |
724 | if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, | |
725 | SSL_FILETYPE_PEM), 1) | |
726 | || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, | |
727 | privkeyfile, | |
728 | SSL_FILETYPE_PEM), 1) | |
729 | || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) | |
730 | goto err; | |
731 | } | |
732 | ||
733 | #ifndef OPENSSL_NO_DH | |
734 | SSL_CTX_set_dh_auto(serverctx, 1); | |
735 | #endif | |
736 | ||
737 | *sctx = serverctx; | |
738 | if (cctx != NULL) | |
739 | *cctx = clientctx; | |
740 | return 1; | |
741 | ||
742 | err: | |
743 | SSL_CTX_free(serverctx); | |
744 | SSL_CTX_free(clientctx); | |
745 | return 0; | |
746 | } | |
747 | ||
748 | #define MAXLOOPS 1000000 | |
749 | ||
750 | #if !defined(OPENSSL_NO_KTLS) && !defined(OPENSSL_NO_SOCK) | |
751 | static int set_nb(int fd) | |
752 | { | |
753 | int flags; | |
754 | ||
755 | flags = fcntl(fd,F_GETFL,0); | |
756 | if (flags == -1) | |
757 | return flags; | |
758 | flags = fcntl(fd, F_SETFL, flags | O_NONBLOCK); | |
759 | return flags; | |
760 | } | |
761 | ||
762 | int create_test_sockets(int *cfd, int *sfd) | |
763 | { | |
764 | struct sockaddr_in sin; | |
765 | const char *host = "127.0.0.1"; | |
766 | int cfd_connected = 0, ret = 0; | |
767 | socklen_t slen = sizeof(sin); | |
768 | int afd = -1; | |
769 | ||
770 | *cfd = -1; | |
771 | *sfd = -1; | |
772 | ||
773 | memset ((char *) &sin, 0, sizeof(sin)); | |
774 | sin.sin_family = AF_INET; | |
775 | sin.sin_addr.s_addr = inet_addr(host); | |
776 | ||
777 | afd = socket(AF_INET, SOCK_STREAM, 0); | |
778 | if (afd < 0) | |
779 | return 0; | |
780 | ||
781 | if (bind(afd, (struct sockaddr*)&sin, sizeof(sin)) < 0) | |
782 | goto out; | |
783 | ||
784 | if (getsockname(afd, (struct sockaddr*)&sin, &slen) < 0) | |
785 | goto out; | |
786 | ||
787 | if (listen(afd, 1) < 0) | |
788 | goto out; | |
789 | ||
790 | *cfd = socket(AF_INET, SOCK_STREAM, 0); | |
791 | if (*cfd < 0) | |
792 | goto out; | |
793 | ||
794 | if (set_nb(afd) == -1) | |
795 | goto out; | |
796 | ||
797 | while (*sfd == -1 || !cfd_connected ) { | |
798 | *sfd = accept(afd, NULL, 0); | |
799 | if (*sfd == -1 && errno != EAGAIN) | |
800 | goto out; | |
801 | ||
802 | if (!cfd_connected && connect(*cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0) | |
803 | goto out; | |
804 | else | |
805 | cfd_connected = 1; | |
806 | } | |
807 | ||
808 | if (set_nb(*cfd) == -1 || set_nb(*sfd) == -1) | |
809 | goto out; | |
810 | ret = 1; | |
811 | goto success; | |
812 | ||
813 | out: | |
814 | if (*cfd != -1) | |
815 | close(*cfd); | |
816 | if (*sfd != -1) | |
817 | close(*sfd); | |
818 | success: | |
819 | if (afd != -1) | |
820 | close(afd); | |
821 | return ret; | |
822 | } | |
823 | ||
824 | int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, | |
825 | SSL **cssl, int sfd, int cfd) | |
826 | { | |
827 | SSL *serverssl = NULL, *clientssl = NULL; | |
828 | BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; | |
829 | ||
830 | if (*sssl != NULL) | |
831 | serverssl = *sssl; | |
832 | else if (!TEST_ptr(serverssl = SSL_new(serverctx))) | |
833 | goto error; | |
834 | if (*cssl != NULL) | |
835 | clientssl = *cssl; | |
836 | else if (!TEST_ptr(clientssl = SSL_new(clientctx))) | |
837 | goto error; | |
838 | ||
839 | if (!TEST_ptr(s_to_c_bio = BIO_new_socket(sfd, BIO_NOCLOSE)) | |
840 | || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE))) | |
841 | goto error; | |
842 | ||
843 | SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio); | |
844 | SSL_set_bio(serverssl, s_to_c_bio, s_to_c_bio); | |
845 | *sssl = serverssl; | |
846 | *cssl = clientssl; | |
847 | return 1; | |
848 | ||
849 | error: | |
850 | SSL_free(serverssl); | |
851 | SSL_free(clientssl); | |
852 | BIO_free(s_to_c_bio); | |
853 | BIO_free(c_to_s_bio); | |
854 | return 0; | |
855 | } | |
856 | #endif | |
857 | ||
858 | /* | |
859 | * NOTE: Transfers control of the BIOs - this function will free them on error | |
860 | */ | |
861 | int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, | |
862 | SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) | |
863 | { | |
864 | SSL *serverssl = NULL, *clientssl = NULL; | |
865 | BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; | |
866 | ||
867 | if (*sssl != NULL) | |
868 | serverssl = *sssl; | |
869 | else if (!TEST_ptr(serverssl = SSL_new(serverctx))) | |
870 | goto error; | |
871 | if (*cssl != NULL) | |
872 | clientssl = *cssl; | |
873 | else if (!TEST_ptr(clientssl = SSL_new(clientctx))) | |
874 | goto error; | |
875 | ||
876 | if (SSL_is_dtls(clientssl)) { | |
877 | if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) | |
878 | || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) | |
879 | goto error; | |
880 | } else { | |
881 | if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) | |
882 | || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) | |
883 | goto error; | |
884 | } | |
885 | ||
886 | if (s_to_c_fbio != NULL | |
887 | && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) | |
888 | goto error; | |
889 | if (c_to_s_fbio != NULL | |
890 | && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) | |
891 | goto error; | |
892 | ||
893 | /* Set Non-blocking IO behaviour */ | |
894 | BIO_set_mem_eof_return(s_to_c_bio, -1); | |
895 | BIO_set_mem_eof_return(c_to_s_bio, -1); | |
896 | ||
897 | /* Up ref these as we are passing them to two SSL objects */ | |
898 | SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); | |
899 | BIO_up_ref(s_to_c_bio); | |
900 | BIO_up_ref(c_to_s_bio); | |
901 | SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); | |
902 | *sssl = serverssl; | |
903 | *cssl = clientssl; | |
904 | return 1; | |
905 | ||
906 | error: | |
907 | SSL_free(serverssl); | |
908 | SSL_free(clientssl); | |
909 | BIO_free(s_to_c_bio); | |
910 | BIO_free(c_to_s_bio); | |
911 | BIO_free(s_to_c_fbio); | |
912 | BIO_free(c_to_s_fbio); | |
913 | ||
914 | return 0; | |
915 | } | |
916 | ||
917 | /* | |
918 | * Create an SSL connection, but does not ready any post-handshake | |
919 | * NewSessionTicket messages. | |
920 | * If |read| is set and we're using DTLS then we will attempt to SSL_read on | |
921 | * the connection once we've completed one half of it, to ensure any retransmits | |
922 | * get triggered. | |
923 | */ | |
924 | int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, | |
925 | int read) | |
926 | { | |
927 | int retc = -1, rets = -1, err, abortctr = 0; | |
928 | int clienterr = 0, servererr = 0; | |
929 | int isdtls = SSL_is_dtls(serverssl); | |
930 | ||
931 | do { | |
932 | err = SSL_ERROR_WANT_WRITE; | |
933 | while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) { | |
934 | retc = SSL_connect(clientssl); | |
935 | if (retc <= 0) | |
936 | err = SSL_get_error(clientssl, retc); | |
937 | } | |
938 | ||
939 | if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { | |
940 | TEST_info("SSL_connect() failed %d, %d", retc, err); | |
941 | clienterr = 1; | |
942 | } | |
943 | if (want != SSL_ERROR_NONE && err == want) | |
944 | return 0; | |
945 | ||
946 | err = SSL_ERROR_WANT_WRITE; | |
947 | while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { | |
948 | rets = SSL_accept(serverssl); | |
949 | if (rets <= 0) | |
950 | err = SSL_get_error(serverssl, rets); | |
951 | } | |
952 | ||
953 | if (!servererr && rets <= 0 | |
954 | && err != SSL_ERROR_WANT_READ | |
955 | && err != SSL_ERROR_WANT_X509_LOOKUP) { | |
956 | TEST_info("SSL_accept() failed %d, %d", rets, err); | |
957 | servererr = 1; | |
958 | } | |
959 | if (want != SSL_ERROR_NONE && err == want) | |
960 | return 0; | |
961 | if (clienterr && servererr) | |
962 | return 0; | |
963 | if (isdtls && read) { | |
964 | unsigned char buf[20]; | |
965 | ||
966 | /* Trigger any retransmits that may be appropriate */ | |
967 | if (rets > 0 && retc <= 0) { | |
968 | if (SSL_read(serverssl, buf, sizeof(buf)) > 0) { | |
969 | /* We don't expect this to succeed! */ | |
970 | TEST_info("Unexpected SSL_read() success!"); | |
971 | return 0; | |
972 | } | |
973 | } | |
974 | if (retc > 0 && rets <= 0) { | |
975 | if (SSL_read(clientssl, buf, sizeof(buf)) > 0) { | |
976 | /* We don't expect this to succeed! */ | |
977 | TEST_info("Unexpected SSL_read() success!"); | |
978 | return 0; | |
979 | } | |
980 | } | |
981 | } | |
982 | if (++abortctr == MAXLOOPS) { | |
983 | TEST_info("No progress made"); | |
984 | return 0; | |
985 | } | |
986 | if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) { | |
987 | /* | |
988 | * It looks like we're just spinning. Pause for a short period to | |
989 | * give the DTLS timer a chance to do something. We only do this for | |
990 | * the first few times to prevent hangs. | |
991 | */ | |
992 | ossl_sleep(50); | |
993 | } | |
994 | } while (retc <=0 || rets <= 0); | |
995 | ||
996 | return 1; | |
997 | } | |
998 | ||
999 | /* | |
1000 | * Create an SSL connection including any post handshake NewSessionTicket | |
1001 | * messages. | |
1002 | */ | |
1003 | int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) | |
1004 | { | |
1005 | int i; | |
1006 | unsigned char buf; | |
1007 | size_t readbytes; | |
1008 | ||
1009 | if (!create_bare_ssl_connection(serverssl, clientssl, want, 1)) | |
1010 | return 0; | |
1011 | ||
1012 | /* | |
1013 | * We attempt to read some data on the client side which we expect to fail. | |
1014 | * This will ensure we have received the NewSessionTicket in TLSv1.3 where | |
1015 | * appropriate. We do this twice because there are 2 NewSessionTickets. | |
1016 | */ | |
1017 | for (i = 0; i < 2; i++) { | |
1018 | if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { | |
1019 | if (!TEST_ulong_eq(readbytes, 0)) | |
1020 | return 0; | |
1021 | } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), | |
1022 | SSL_ERROR_WANT_READ)) { | |
1023 | return 0; | |
1024 | } | |
1025 | } | |
1026 | ||
1027 | return 1; | |
1028 | } | |
1029 | ||
1030 | void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) | |
1031 | { | |
1032 | SSL_shutdown(clientssl); | |
1033 | SSL_shutdown(serverssl); | |
1034 | SSL_free(serverssl); | |
1035 | SSL_free(clientssl); | |
1036 | } |