]>
Commit | Line | Data |
---|---|---|
2cb4b5f6 | 1 | /* |
da1c088f | 2 | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
2cb4b5f6 | 3 | * |
909f1a2e | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
2cb4b5f6 MC |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
d82dec40 MC |
10 | #include <string.h> |
11 | ||
0c593328 | 12 | #include "internal/e_os.h" |
176db6dc | 13 | #include "internal/nelem.h" |
2cb4b5f6 | 14 | #include "ssltestlib.h" |
20f8bc72 | 15 | #include "../testutil.h" |
61e96557 | 16 | |
0c593328 MC |
17 | #if (!defined(OPENSSL_NO_KTLS) || !defined(OPENSSL_NO_QUIC)) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_NO_SOCK) |
18 | # define OSSL_USE_SOCKETS 1 | |
19 | # include "internal/sockets.h" | |
20 | # include <openssl/bio.h> | |
61e96557 | 21 | #endif |
2cb4b5f6 | 22 | |
d9a2e90b MC |
23 | static int tls_dump_new(BIO *bi); |
24 | static int tls_dump_free(BIO *a); | |
25 | static int tls_dump_read(BIO *b, char *out, int outl); | |
26 | static int tls_dump_write(BIO *b, const char *in, int inl); | |
27 | static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr); | |
28 | static int tls_dump_gets(BIO *bp, char *buf, int size); | |
29 | static int tls_dump_puts(BIO *bp, const char *str); | |
30 | ||
31 | /* Choose a sufficiently large type likely to be unused for this custom BIO */ | |
8ed9a266 RS |
32 | #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) |
33 | #define BIO_TYPE_MEMPACKET_TEST 0x81 | |
a77b4dba | 34 | #define BIO_TYPE_ALWAYS_RETRY 0x82 |
d9a2e90b MC |
35 | |
36 | static BIO_METHOD *method_tls_dump = NULL; | |
8ed9a266 | 37 | static BIO_METHOD *meth_mem = NULL; |
a77b4dba | 38 | static BIO_METHOD *meth_always_retry = NULL; |
149c4f98 | 39 | static int retry_err = -1; |
d9a2e90b MC |
40 | |
41 | /* Note: Not thread safe! */ | |
42 | const BIO_METHOD *bio_f_tls_dump_filter(void) | |
43 | { | |
44 | if (method_tls_dump == NULL) { | |
45 | method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, | |
46 | "TLS dump filter"); | |
1287dabd | 47 | if (method_tls_dump == NULL |
d9a2e90b MC |
48 | || !BIO_meth_set_write(method_tls_dump, tls_dump_write) |
49 | || !BIO_meth_set_read(method_tls_dump, tls_dump_read) | |
50 | || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) | |
51 | || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets) | |
52 | || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl) | |
53 | || !BIO_meth_set_create(method_tls_dump, tls_dump_new) | |
54 | || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free)) | |
55 | return NULL; | |
56 | } | |
57 | return method_tls_dump; | |
58 | } | |
59 | ||
60 | void bio_f_tls_dump_filter_free(void) | |
61 | { | |
62 | BIO_meth_free(method_tls_dump); | |
63 | } | |
64 | ||
65 | static int tls_dump_new(BIO *bio) | |
66 | { | |
67 | BIO_set_init(bio, 1); | |
68 | return 1; | |
69 | } | |
70 | ||
71 | static int tls_dump_free(BIO *bio) | |
72 | { | |
73 | BIO_set_init(bio, 0); | |
74 | ||
75 | return 1; | |
76 | } | |
77 | ||
78 | static void copy_flags(BIO *bio) | |
79 | { | |
80 | int flags; | |
81 | BIO *next = BIO_next(bio); | |
82 | ||
83 | flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
84 | BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
85 | BIO_set_flags(bio, flags); | |
86 | } | |
87 | ||
88 | #define RECORD_CONTENT_TYPE 0 | |
89 | #define RECORD_VERSION_HI 1 | |
90 | #define RECORD_VERSION_LO 2 | |
91 | #define RECORD_EPOCH_HI 3 | |
92 | #define RECORD_EPOCH_LO 4 | |
93 | #define RECORD_SEQUENCE_START 5 | |
94 | #define RECORD_SEQUENCE_END 10 | |
95 | #define RECORD_LEN_HI 11 | |
96 | #define RECORD_LEN_LO 12 | |
97 | ||
98 | #define MSG_TYPE 0 | |
99 | #define MSG_LEN_HI 1 | |
100 | #define MSG_LEN_MID 2 | |
101 | #define MSG_LEN_LO 3 | |
102 | #define MSG_SEQ_HI 4 | |
103 | #define MSG_SEQ_LO 5 | |
104 | #define MSG_FRAG_OFF_HI 6 | |
105 | #define MSG_FRAG_OFF_MID 7 | |
106 | #define MSG_FRAG_OFF_LO 8 | |
107 | #define MSG_FRAG_LEN_HI 9 | |
108 | #define MSG_FRAG_LEN_MID 10 | |
109 | #define MSG_FRAG_LEN_LO 11 | |
110 | ||
111 | ||
112 | static void dump_data(const char *data, int len) | |
113 | { | |
114 | int rem, i, content, reclen, msglen, fragoff, fraglen, epoch; | |
115 | unsigned char *rec; | |
116 | ||
117 | printf("---- START OF PACKET ----\n"); | |
118 | ||
119 | rem = len; | |
120 | rec = (unsigned char *)data; | |
121 | ||
122 | while (rem > 0) { | |
123 | if (rem != len) | |
124 | printf("*\n"); | |
125 | printf("*---- START OF RECORD ----\n"); | |
126 | if (rem < DTLS1_RT_HEADER_LENGTH) { | |
127 | printf("*---- RECORD TRUNCATED ----\n"); | |
128 | break; | |
129 | } | |
130 | content = rec[RECORD_CONTENT_TYPE]; | |
131 | printf("** Record Content-type: %d\n", content); | |
132 | printf("** Record Version: %02x%02x\n", | |
133 | rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); | |
134 | epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO]; | |
135 | printf("** Record Epoch: %d\n", epoch); | |
136 | printf("** Record Sequence: "); | |
137 | for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++) | |
138 | printf("%02x", rec[i]); | |
139 | reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]; | |
140 | printf("\n** Record Length: %d\n", reclen); | |
141 | ||
142 | /* Now look at message */ | |
143 | rec += DTLS1_RT_HEADER_LENGTH; | |
144 | rem -= DTLS1_RT_HEADER_LENGTH; | |
145 | if (content == SSL3_RT_HANDSHAKE) { | |
146 | printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n"); | |
147 | if (epoch > 0) { | |
148 | printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n"); | |
149 | } else if (rem < DTLS1_HM_HEADER_LENGTH | |
150 | || reclen < DTLS1_HM_HEADER_LENGTH) { | |
151 | printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); | |
152 | } else { | |
153 | printf("*** Message Type: %d\n", rec[MSG_TYPE]); | |
154 | msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8) | |
155 | | rec[MSG_LEN_LO]; | |
156 | printf("*** Message Length: %d\n", msglen); | |
157 | printf("*** Message sequence: %d\n", | |
158 | (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); | |
159 | fragoff = (rec[MSG_FRAG_OFF_HI] << 16) | |
160 | | (rec[MSG_FRAG_OFF_MID] << 8) | |
161 | | rec[MSG_FRAG_OFF_LO]; | |
162 | printf("*** Message Fragment offset: %d\n", fragoff); | |
163 | fraglen = (rec[MSG_FRAG_LEN_HI] << 16) | |
164 | | (rec[MSG_FRAG_LEN_MID] << 8) | |
165 | | rec[MSG_FRAG_LEN_LO]; | |
166 | printf("*** Message Fragment len: %d\n", fraglen); | |
167 | if (fragoff + fraglen > msglen) | |
168 | printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); | |
28b86f31 | 169 | else if (reclen < fraglen) |
d9a2e90b MC |
170 | printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); |
171 | else | |
172 | printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); | |
173 | } | |
174 | } | |
175 | if (rem < reclen) { | |
176 | printf("*---- RECORD TRUNCATED ----\n"); | |
177 | rem = 0; | |
178 | } else { | |
179 | rec += reclen; | |
180 | rem -= reclen; | |
181 | printf("*---- END OF RECORD ----\n"); | |
182 | } | |
183 | } | |
184 | printf("---- END OF PACKET ----\n\n"); | |
185 | fflush(stdout); | |
186 | } | |
187 | ||
188 | static int tls_dump_read(BIO *bio, char *out, int outl) | |
189 | { | |
190 | int ret; | |
191 | BIO *next = BIO_next(bio); | |
192 | ||
193 | ret = BIO_read(next, out, outl); | |
194 | copy_flags(bio); | |
195 | ||
196 | if (ret > 0) { | |
197 | dump_data(out, ret); | |
198 | } | |
199 | ||
200 | return ret; | |
201 | } | |
202 | ||
203 | static int tls_dump_write(BIO *bio, const char *in, int inl) | |
204 | { | |
205 | int ret; | |
206 | BIO *next = BIO_next(bio); | |
207 | ||
208 | ret = BIO_write(next, in, inl); | |
209 | copy_flags(bio); | |
210 | ||
211 | return ret; | |
212 | } | |
213 | ||
214 | static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
215 | { | |
216 | long ret; | |
217 | BIO *next = BIO_next(bio); | |
218 | ||
219 | if (next == NULL) | |
220 | return 0; | |
221 | ||
222 | switch (cmd) { | |
223 | case BIO_CTRL_DUP: | |
224 | ret = 0L; | |
225 | break; | |
226 | default: | |
227 | ret = BIO_ctrl(next, cmd, num, ptr); | |
228 | break; | |
229 | } | |
230 | return ret; | |
231 | } | |
232 | ||
233 | static int tls_dump_gets(BIO *bio, char *buf, int size) | |
234 | { | |
235 | /* We don't support this - not needed anyway */ | |
236 | return -1; | |
237 | } | |
238 | ||
239 | static int tls_dump_puts(BIO *bio, const char *str) | |
240 | { | |
241 | return tls_dump_write(bio, str, strlen(str)); | |
242 | } | |
243 | ||
d82dec40 | 244 | |
0556f2aa | 245 | struct mempacket_st { |
d82dec40 MC |
246 | unsigned char *data; |
247 | int len; | |
248 | unsigned int num; | |
249 | unsigned int type; | |
0556f2aa | 250 | }; |
d82dec40 | 251 | |
d82dec40 MC |
252 | static void mempacket_free(MEMPACKET *pkt) |
253 | { | |
254 | if (pkt->data != NULL) | |
255 | OPENSSL_free(pkt->data); | |
256 | OPENSSL_free(pkt); | |
257 | } | |
258 | ||
259 | typedef struct mempacket_test_ctx_st { | |
260 | STACK_OF(MEMPACKET) *pkts; | |
279754d4 | 261 | uint16_t epoch; |
d82dec40 MC |
262 | unsigned int currrec; |
263 | unsigned int currpkt; | |
264 | unsigned int lastpkt; | |
61e96557 | 265 | unsigned int injected; |
d82dec40 | 266 | unsigned int noinject; |
61e96557 MC |
267 | unsigned int dropepoch; |
268 | int droprec; | |
f1358634 | 269 | int duprec; |
d82dec40 MC |
270 | } MEMPACKET_TEST_CTX; |
271 | ||
272 | static int mempacket_test_new(BIO *bi); | |
273 | static int mempacket_test_free(BIO *a); | |
274 | static int mempacket_test_read(BIO *b, char *out, int outl); | |
275 | static int mempacket_test_write(BIO *b, const char *in, int inl); | |
276 | static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr); | |
277 | static int mempacket_test_gets(BIO *bp, char *buf, int size); | |
278 | static int mempacket_test_puts(BIO *bp, const char *str); | |
279 | ||
280 | const BIO_METHOD *bio_s_mempacket_test(void) | |
281 | { | |
8ed9a266 RS |
282 | if (meth_mem == NULL) { |
283 | if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, | |
284 | "Mem Packet Test")) | |
285 | || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) | |
286 | || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) | |
287 | || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) | |
288 | || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) | |
289 | || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) | |
290 | || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) | |
291 | || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) | |
d82dec40 MC |
292 | return NULL; |
293 | } | |
8ed9a266 | 294 | return meth_mem; |
d82dec40 MC |
295 | } |
296 | ||
297 | void bio_s_mempacket_test_free(void) | |
298 | { | |
8ed9a266 | 299 | BIO_meth_free(meth_mem); |
d82dec40 MC |
300 | } |
301 | ||
302 | static int mempacket_test_new(BIO *bio) | |
303 | { | |
8ed9a266 | 304 | MEMPACKET_TEST_CTX *ctx; |
bd91e3c8 | 305 | |
8ed9a266 | 306 | if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) |
d82dec40 | 307 | return 0; |
8ed9a266 | 308 | if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { |
d82dec40 MC |
309 | OPENSSL_free(ctx); |
310 | return 0; | |
311 | } | |
61e96557 MC |
312 | ctx->dropepoch = 0; |
313 | ctx->droprec = -1; | |
d82dec40 MC |
314 | BIO_set_init(bio, 1); |
315 | BIO_set_data(bio, ctx); | |
316 | return 1; | |
317 | } | |
318 | ||
319 | static int mempacket_test_free(BIO *bio) | |
320 | { | |
321 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
322 | ||
323 | sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free); | |
324 | OPENSSL_free(ctx); | |
325 | BIO_set_data(bio, NULL); | |
326 | BIO_set_init(bio, 0); | |
d82dec40 MC |
327 | return 1; |
328 | } | |
329 | ||
330 | /* Record Header values */ | |
61e96557 MC |
331 | #define EPOCH_HI 3 |
332 | #define EPOCH_LO 4 | |
d82dec40 MC |
333 | #define RECORD_SEQUENCE 10 |
334 | #define RECORD_LEN_HI 11 | |
335 | #define RECORD_LEN_LO 12 | |
336 | ||
337 | #define STANDARD_PACKET 0 | |
338 | ||
339 | static int mempacket_test_read(BIO *bio, char *out, int outl) | |
340 | { | |
341 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
342 | MEMPACKET *thispkt; | |
343 | unsigned char *rec; | |
344 | int rem; | |
345 | unsigned int seq, offset, len, epoch; | |
346 | ||
347 | BIO_clear_retry_flags(bio); | |
a8086e6b | 348 | if ((thispkt = sk_MEMPACKET_value(ctx->pkts, 0)) == NULL |
30eba7f3 | 349 | || thispkt->num != ctx->currpkt) { |
d82dec40 MC |
350 | /* Probably run out of data */ |
351 | BIO_set_retry_read(bio); | |
352 | return -1; | |
353 | } | |
1c288878 | 354 | (void)sk_MEMPACKET_shift(ctx->pkts); |
d82dec40 MC |
355 | ctx->currpkt++; |
356 | ||
357 | if (outl > thispkt->len) | |
358 | outl = thispkt->len; | |
359 | ||
61e96557 MC |
360 | if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ |
361 | && (ctx->injected || ctx->droprec >= 0)) { | |
d82dec40 MC |
362 | /* |
363 | * Overwrite the record sequence number. We strictly number them in | |
364 | * the order received. Since we are actually a reliable transport | |
365 | * we know that there won't be any re-ordering. We overwrite to deal | |
366 | * with any packets that have been injected | |
367 | */ | |
61e96557 | 368 | for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len) { |
8ed9a266 | 369 | if (rem < DTLS1_RT_HEADER_LENGTH) |
d82dec40 | 370 | return -1; |
d82dec40 MC |
371 | epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; |
372 | if (epoch != ctx->epoch) { | |
373 | ctx->epoch = epoch; | |
374 | ctx->currrec = 0; | |
375 | } | |
376 | seq = ctx->currrec; | |
377 | offset = 0; | |
378 | do { | |
379 | rec[RECORD_SEQUENCE - offset] = seq & 0xFF; | |
380 | seq >>= 8; | |
381 | offset++; | |
382 | } while (seq > 0); | |
d82dec40 MC |
383 | |
384 | len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) | |
385 | + DTLS1_RT_HEADER_LENGTH; | |
61e96557 MC |
386 | if (rem < (int)len) |
387 | return -1; | |
388 | if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) { | |
389 | if (rem > (int)len) | |
390 | memmove(rec, rec + len, rem - len); | |
391 | outl -= len; | |
392 | ctx->droprec = -1; | |
393 | if (outl == 0) | |
394 | BIO_set_retry_read(bio); | |
395 | } else { | |
396 | rec += len; | |
397 | } | |
398 | ||
399 | ctx->currrec++; | |
d82dec40 MC |
400 | } |
401 | } | |
402 | ||
403 | memcpy(out, thispkt->data, outl); | |
d82dec40 | 404 | mempacket_free(thispkt); |
d82dec40 MC |
405 | return outl; |
406 | } | |
407 | ||
e1c153d3 | 408 | /* |
8189fe24 MC |
409 | * Look for records from different epochs in the last datagram and swap them |
410 | * around | |
e1c153d3 MC |
411 | */ |
412 | int mempacket_swap_epoch(BIO *bio) | |
413 | { | |
414 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
415 | MEMPACKET *thispkt; | |
416 | int rem, len, prevlen = 0, pktnum; | |
417 | unsigned char *rec, *prevrec = NULL, *tmp; | |
418 | unsigned int epoch; | |
419 | int numpkts = sk_MEMPACKET_num(ctx->pkts); | |
420 | ||
421 | if (numpkts <= 0) | |
422 | return 0; | |
423 | ||
424 | /* | |
425 | * If there are multiple packets we only look in the last one. This should | |
426 | * always be the one where any epoch change occurs. | |
427 | */ | |
428 | thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 1); | |
429 | if (thispkt == NULL) | |
430 | return 0; | |
431 | ||
432 | for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len, rec += len) { | |
433 | if (rem < DTLS1_RT_HEADER_LENGTH) | |
434 | return 0; | |
435 | epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; | |
436 | len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) | |
437 | + DTLS1_RT_HEADER_LENGTH; | |
438 | if (rem < len) | |
439 | return 0; | |
440 | ||
441 | /* Assumes the epoch change does not happen on the first record */ | |
442 | if (epoch != ctx->epoch) { | |
443 | if (prevrec == NULL) | |
444 | return 0; | |
445 | ||
446 | /* | |
447 | * We found 2 records with different epochs. Take a copy of the | |
448 | * earlier record | |
449 | */ | |
450 | tmp = OPENSSL_malloc(prevlen); | |
451 | if (tmp == NULL) | |
452 | return 0; | |
453 | ||
454 | memcpy(tmp, prevrec, prevlen); | |
455 | /* | |
456 | * Move everything from this record onwards, including any trailing | |
457 | * records, and overwrite the earlier record | |
458 | */ | |
459 | memmove(prevrec, rec, rem); | |
460 | thispkt->len -= prevlen; | |
461 | pktnum = thispkt->num; | |
462 | ||
463 | /* | |
464 | * Create a new packet for the earlier record that we took out and | |
465 | * add it to the end of the packet list. | |
466 | */ | |
467 | thispkt = OPENSSL_malloc(sizeof(*thispkt)); | |
468 | if (thispkt == NULL) { | |
469 | OPENSSL_free(tmp); | |
470 | return 0; | |
471 | } | |
472 | thispkt->type = INJECT_PACKET; | |
473 | thispkt->data = tmp; | |
474 | thispkt->len = prevlen; | |
475 | thispkt->num = pktnum + 1; | |
476 | if (sk_MEMPACKET_insert(ctx->pkts, thispkt, numpkts) <= 0) { | |
477 | OPENSSL_free(tmp); | |
478 | OPENSSL_free(thispkt); | |
479 | return 0; | |
480 | } | |
481 | ||
482 | return 1; | |
483 | } | |
484 | prevrec = rec; | |
485 | prevlen = len; | |
486 | } | |
487 | ||
488 | return 0; | |
489 | } | |
490 | ||
8189fe24 MC |
491 | /* Move packet from position s to position d in the list (d < s) */ |
492 | int mempacket_move_packet(BIO *bio, int d, int s) | |
4000827f MC |
493 | { |
494 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
495 | MEMPACKET *thispkt; | |
496 | int numpkts = sk_MEMPACKET_num(ctx->pkts); | |
8189fe24 | 497 | int i; |
4000827f | 498 | |
8189fe24 | 499 | if (d >= s) |
4000827f MC |
500 | return 0; |
501 | ||
8189fe24 MC |
502 | /* We need at least s + 1 packets to be able to swap them */ |
503 | if (numpkts <= s) | |
4000827f MC |
504 | return 0; |
505 | ||
8189fe24 MC |
506 | /* Get the packet at position s */ |
507 | thispkt = sk_MEMPACKET_value(ctx->pkts, s); | |
508 | if (thispkt == NULL) | |
4000827f MC |
509 | return 0; |
510 | ||
8189fe24 MC |
511 | /* Remove and re-add it */ |
512 | if (sk_MEMPACKET_delete(ctx->pkts, s) != thispkt) | |
4000827f MC |
513 | return 0; |
514 | ||
8189fe24 MC |
515 | thispkt->num -= (s - d); |
516 | if (sk_MEMPACKET_insert(ctx->pkts, thispkt, d) <= 0) | |
4000827f | 517 | return 0; |
4000827f | 518 | |
8189fe24 MC |
519 | /* Increment the packet numbers for moved packets */ |
520 | for (i = d + 1; i <= s; i++) { | |
521 | thispkt = sk_MEMPACKET_value(ctx->pkts, i); | |
522 | thispkt->num++; | |
523 | } | |
4000827f MC |
524 | return 1; |
525 | } | |
526 | ||
d82dec40 MC |
527 | int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, |
528 | int type) | |
529 | { | |
530 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
f1358634 | 531 | MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3]; |
760e2d60 | 532 | int i, duprec; |
f1358634 MC |
533 | const unsigned char *inu = (const unsigned char *)in; |
534 | size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO]) | |
535 | + DTLS1_RT_HEADER_LENGTH; | |
d82dec40 MC |
536 | |
537 | if (ctx == NULL) | |
538 | return -1; | |
539 | ||
f1358634 MC |
540 | if ((size_t)inl < len) |
541 | return -1; | |
542 | ||
543 | if ((size_t)inl == len) | |
544 | duprec = 0; | |
760e2d60 F |
545 | else |
546 | duprec = ctx->duprec > 0; | |
f1358634 MC |
547 | |
548 | /* We don't support arbitrary injection when duplicating records */ | |
549 | if (duprec && pktnum != -1) | |
550 | return -1; | |
551 | ||
d82dec40 MC |
552 | /* We only allow injection before we've started writing any data */ |
553 | if (pktnum >= 0) { | |
554 | if (ctx->noinject) | |
555 | return -1; | |
61e96557 | 556 | ctx->injected = 1; |
d82dec40 MC |
557 | } else { |
558 | ctx->noinject = 1; | |
559 | } | |
560 | ||
f1358634 MC |
561 | for (i = 0; i < (duprec ? 3 : 1); i++) { |
562 | if (!TEST_ptr(allpkts[i] = OPENSSL_malloc(sizeof(*thispkt)))) | |
563 | goto err; | |
564 | thispkt = allpkts[i]; | |
d82dec40 | 565 | |
f1358634 MC |
566 | if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) |
567 | goto err; | |
568 | /* | |
569 | * If we are duplicating the packet, we duplicate it three times. The | |
570 | * first two times we drop the first record if there are more than one. | |
571 | * In this way we know that libssl will not be able to make progress | |
572 | * until it receives the last packet, and hence will be forced to | |
573 | * buffer these records. | |
574 | */ | |
575 | if (duprec && i != 2) { | |
576 | memcpy(thispkt->data, in + len, inl - len); | |
577 | thispkt->len = inl - len; | |
578 | } else { | |
579 | memcpy(thispkt->data, in, inl); | |
580 | thispkt->len = inl; | |
581 | } | |
582 | thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt + i; | |
583 | thispkt->type = type; | |
584 | } | |
d82dec40 | 585 | |
30eba7f3 | 586 | for (i = 0; i < sk_MEMPACKET_num(ctx->pkts); i++) { |
82d46d14 P |
587 | if (!TEST_ptr(looppkt = sk_MEMPACKET_value(ctx->pkts, i))) |
588 | goto err; | |
d82dec40 MC |
589 | /* Check if we found the right place to insert this packet */ |
590 | if (looppkt->num > thispkt->num) { | |
f1358634 MC |
591 | if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) |
592 | goto err; | |
d82dec40 MC |
593 | /* If we're doing up front injection then we're done */ |
594 | if (pktnum >= 0) | |
595 | return inl; | |
596 | /* | |
597 | * We need to do some accounting on lastpkt. We increment it first, | |
598 | * but it might now equal the value of injected packets, so we need | |
599 | * to skip over those | |
600 | */ | |
601 | ctx->lastpkt++; | |
602 | do { | |
603 | i++; | |
a8086e6b TM |
604 | nextpkt = sk_MEMPACKET_value(ctx->pkts, i); |
605 | if (nextpkt != NULL && nextpkt->num == ctx->lastpkt) | |
d82dec40 MC |
606 | ctx->lastpkt++; |
607 | else | |
608 | return inl; | |
609 | } while(1); | |
28b86f31 | 610 | } else if (looppkt->num == thispkt->num) { |
d82dec40 MC |
611 | if (!ctx->noinject) { |
612 | /* We injected two packets with the same packet number! */ | |
f1358634 | 613 | goto err; |
d82dec40 MC |
614 | } |
615 | ctx->lastpkt++; | |
616 | thispkt->num++; | |
617 | } | |
618 | } | |
619 | /* | |
620 | * We didn't find any packets with a packet number equal to or greater than | |
621 | * this one, so we just add it onto the end | |
622 | */ | |
f1358634 MC |
623 | for (i = 0; i < (duprec ? 3 : 1); i++) { |
624 | thispkt = allpkts[i]; | |
625 | if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) | |
626 | goto err; | |
d82dec40 | 627 | |
f1358634 MC |
628 | if (pktnum < 0) |
629 | ctx->lastpkt++; | |
630 | } | |
d82dec40 MC |
631 | |
632 | return inl; | |
f1358634 MC |
633 | |
634 | err: | |
635 | for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++) | |
636 | mempacket_free(allpkts[i]); | |
637 | return -1; | |
d82dec40 MC |
638 | } |
639 | ||
640 | static int mempacket_test_write(BIO *bio, const char *in, int inl) | |
641 | { | |
642 | return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET); | |
643 | } | |
644 | ||
645 | static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
646 | { | |
647 | long ret = 1; | |
648 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
649 | MEMPACKET *thispkt; | |
650 | ||
651 | switch (cmd) { | |
652 | case BIO_CTRL_EOF: | |
653 | ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0); | |
654 | break; | |
655 | case BIO_CTRL_GET_CLOSE: | |
656 | ret = BIO_get_shutdown(bio); | |
657 | break; | |
658 | case BIO_CTRL_SET_CLOSE: | |
659 | BIO_set_shutdown(bio, (int)num); | |
660 | break; | |
661 | case BIO_CTRL_WPENDING: | |
662 | ret = 0L; | |
663 | break; | |
664 | case BIO_CTRL_PENDING: | |
665 | thispkt = sk_MEMPACKET_value(ctx->pkts, 0); | |
666 | if (thispkt == NULL) | |
667 | ret = 0; | |
668 | else | |
669 | ret = thispkt->len; | |
670 | break; | |
671 | case BIO_CTRL_FLUSH: | |
672 | ret = 1; | |
673 | break; | |
61e96557 MC |
674 | case MEMPACKET_CTRL_SET_DROP_EPOCH: |
675 | ctx->dropepoch = (unsigned int)num; | |
676 | break; | |
677 | case MEMPACKET_CTRL_SET_DROP_REC: | |
678 | ctx->droprec = (int)num; | |
679 | break; | |
680 | case MEMPACKET_CTRL_GET_DROP_REC: | |
681 | ret = ctx->droprec; | |
682 | break; | |
f1358634 MC |
683 | case MEMPACKET_CTRL_SET_DUPLICATE_REC: |
684 | ctx->duprec = (int)num; | |
685 | break; | |
d82dec40 MC |
686 | case BIO_CTRL_RESET: |
687 | case BIO_CTRL_DUP: | |
688 | case BIO_CTRL_PUSH: | |
689 | case BIO_CTRL_POP: | |
690 | default: | |
691 | ret = 0; | |
692 | break; | |
693 | } | |
694 | return ret; | |
695 | } | |
696 | ||
697 | static int mempacket_test_gets(BIO *bio, char *buf, int size) | |
698 | { | |
699 | /* We don't support this - not needed anyway */ | |
700 | return -1; | |
701 | } | |
702 | ||
703 | static int mempacket_test_puts(BIO *bio, const char *str) | |
704 | { | |
705 | return mempacket_test_write(bio, str, strlen(str)); | |
706 | } | |
707 | ||
a77b4dba MC |
708 | static int always_retry_new(BIO *bi); |
709 | static int always_retry_free(BIO *a); | |
710 | static int always_retry_read(BIO *b, char *out, int outl); | |
711 | static int always_retry_write(BIO *b, const char *in, int inl); | |
712 | static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr); | |
713 | static int always_retry_gets(BIO *bp, char *buf, int size); | |
714 | static int always_retry_puts(BIO *bp, const char *str); | |
715 | ||
716 | const BIO_METHOD *bio_s_always_retry(void) | |
717 | { | |
718 | if (meth_always_retry == NULL) { | |
719 | if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY, | |
720 | "Always Retry")) | |
721 | || !TEST_true(BIO_meth_set_write(meth_always_retry, | |
722 | always_retry_write)) | |
723 | || !TEST_true(BIO_meth_set_read(meth_always_retry, | |
724 | always_retry_read)) | |
725 | || !TEST_true(BIO_meth_set_puts(meth_always_retry, | |
726 | always_retry_puts)) | |
727 | || !TEST_true(BIO_meth_set_gets(meth_always_retry, | |
728 | always_retry_gets)) | |
729 | || !TEST_true(BIO_meth_set_ctrl(meth_always_retry, | |
730 | always_retry_ctrl)) | |
731 | || !TEST_true(BIO_meth_set_create(meth_always_retry, | |
732 | always_retry_new)) | |
733 | || !TEST_true(BIO_meth_set_destroy(meth_always_retry, | |
734 | always_retry_free))) | |
735 | return NULL; | |
736 | } | |
737 | return meth_always_retry; | |
738 | } | |
739 | ||
740 | void bio_s_always_retry_free(void) | |
741 | { | |
742 | BIO_meth_free(meth_always_retry); | |
743 | } | |
744 | ||
745 | static int always_retry_new(BIO *bio) | |
746 | { | |
747 | BIO_set_init(bio, 1); | |
748 | return 1; | |
749 | } | |
750 | ||
751 | static int always_retry_free(BIO *bio) | |
752 | { | |
753 | BIO_set_data(bio, NULL); | |
754 | BIO_set_init(bio, 0); | |
755 | return 1; | |
756 | } | |
757 | ||
149c4f98 MC |
758 | void set_always_retry_err_val(int err) |
759 | { | |
760 | retry_err = err; | |
761 | } | |
762 | ||
a77b4dba MC |
763 | static int always_retry_read(BIO *bio, char *out, int outl) |
764 | { | |
765 | BIO_set_retry_read(bio); | |
149c4f98 | 766 | return retry_err; |
a77b4dba MC |
767 | } |
768 | ||
769 | static int always_retry_write(BIO *bio, const char *in, int inl) | |
770 | { | |
771 | BIO_set_retry_write(bio); | |
149c4f98 | 772 | return retry_err; |
a77b4dba MC |
773 | } |
774 | ||
775 | static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
776 | { | |
777 | long ret = 1; | |
778 | ||
779 | switch (cmd) { | |
780 | case BIO_CTRL_FLUSH: | |
781 | BIO_set_retry_write(bio); | |
782 | /* fall through */ | |
783 | case BIO_CTRL_EOF: | |
784 | case BIO_CTRL_RESET: | |
785 | case BIO_CTRL_DUP: | |
786 | case BIO_CTRL_PUSH: | |
787 | case BIO_CTRL_POP: | |
788 | default: | |
789 | ret = 0; | |
790 | break; | |
791 | } | |
792 | return ret; | |
793 | } | |
794 | ||
795 | static int always_retry_gets(BIO *bio, char *buf, int size) | |
796 | { | |
797 | BIO_set_retry_read(bio); | |
149c4f98 | 798 | return retry_err; |
a77b4dba MC |
799 | } |
800 | ||
801 | static int always_retry_puts(BIO *bio, const char *str) | |
802 | { | |
803 | BIO_set_retry_write(bio); | |
149c4f98 | 804 | return retry_err; |
a77b4dba MC |
805 | } |
806 | ||
b4250010 | 807 | int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, |
a763ca11 MC |
808 | const SSL_METHOD *cm, int min_proto_version, |
809 | int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, | |
810 | char *certfile, char *privkeyfile) | |
2cb4b5f6 MC |
811 | { |
812 | SSL_CTX *serverctx = NULL; | |
813 | SSL_CTX *clientctx = NULL; | |
814 | ||
a763ca11 MC |
815 | if (sctx != NULL) { |
816 | if (*sctx != NULL) | |
817 | serverctx = *sctx; | |
55373bfd RS |
818 | else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)) |
819 | || !TEST_true(SSL_CTX_set_options(serverctx, | |
820 | SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) | |
a763ca11 MC |
821 | goto err; |
822 | } | |
2cb4b5f6 | 823 | |
9aa78c36 MC |
824 | if (cctx != NULL) { |
825 | if (*cctx != NULL) | |
826 | clientctx = *cctx; | |
d8652be0 | 827 | else if (!TEST_ptr(clientctx = SSL_CTX_new_ex(libctx, NULL, cm))) |
9aa78c36 MC |
828 | goto err; |
829 | } | |
830 | ||
a763ca11 MC |
831 | #if !defined(OPENSSL_NO_TLS1_3) \ |
832 | && defined(OPENSSL_NO_EC) \ | |
833 | && defined(OPENSSL_NO_DH) | |
834 | /* | |
835 | * There are no usable built-in TLSv1.3 groups if ec and dh are both | |
836 | * disabled | |
837 | */ | |
838 | if (max_proto_version == 0 | |
839 | && (sm == TLS_server_method() || cm == TLS_client_method())) | |
840 | max_proto_version = TLS1_2_VERSION; | |
841 | #endif | |
842 | ||
843 | if (serverctx != NULL | |
844 | && ((min_proto_version > 0 | |
845 | && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, | |
846 | min_proto_version))) | |
847 | || (max_proto_version > 0 | |
848 | && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, | |
849 | max_proto_version))))) | |
7d7f6834 RL |
850 | goto err; |
851 | if (clientctx != NULL | |
852 | && ((min_proto_version > 0 | |
6021d8ec | 853 | && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, |
7d7f6834 RL |
854 | min_proto_version))) |
855 | || (max_proto_version > 0 | |
6021d8ec | 856 | && !TEST_true(SSL_CTX_set_max_proto_version(clientctx, |
7d7f6834 RL |
857 | max_proto_version))))) |
858 | goto err; | |
859 | ||
a763ca11 | 860 | if (serverctx != NULL && certfile != NULL && privkeyfile != NULL) { |
0d8da779 MC |
861 | if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, |
862 | SSL_FILETYPE_PEM), 1) | |
863 | || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, | |
864 | privkeyfile, | |
865 | SSL_FILETYPE_PEM), 1) | |
866 | || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) | |
867 | goto err; | |
868 | } | |
2cb4b5f6 | 869 | |
a763ca11 MC |
870 | if (sctx != NULL) |
871 | *sctx = serverctx; | |
bb01ef3f MC |
872 | if (cctx != NULL) |
873 | *cctx = clientctx; | |
2cb4b5f6 | 874 | return 1; |
8ed9a266 | 875 | |
2cb4b5f6 | 876 | err: |
a763ca11 | 877 | if (sctx != NULL && *sctx == NULL) |
0d52ede7 MC |
878 | SSL_CTX_free(serverctx); |
879 | if (cctx != NULL && *cctx == NULL) | |
880 | SSL_CTX_free(clientctx); | |
2cb4b5f6 MC |
881 | return 0; |
882 | } | |
883 | ||
9970290e | 884 | #define MAXLOOPS 1000000 |
2cb4b5f6 | 885 | |
0c593328 | 886 | #if defined(OSSL_USE_SOCKETS) |
a5df3fc0 | 887 | |
0c593328 | 888 | int wait_until_sock_readable(int sock) |
fe5d9450 | 889 | { |
0c593328 MC |
890 | fd_set readfds; |
891 | struct timeval timeout; | |
892 | int width; | |
893 | ||
894 | width = sock + 1; | |
895 | FD_ZERO(&readfds); | |
896 | openssl_fdset(sock, &readfds); | |
897 | timeout.tv_sec = 10; /* give up after 10 seconds */ | |
898 | timeout.tv_usec = 0; | |
899 | ||
900 | select(width, &readfds, NULL, NULL, &timeout); | |
fe5d9450 | 901 | |
0c593328 | 902 | return FD_ISSET(sock, &readfds); |
fe5d9450 BP |
903 | } |
904 | ||
0c593328 | 905 | int create_test_sockets(int *cfdp, int *sfdp, int socktype, BIO_ADDR *saddr) |
fe5d9450 BP |
906 | { |
907 | struct sockaddr_in sin; | |
908 | const char *host = "127.0.0.1"; | |
909 | int cfd_connected = 0, ret = 0; | |
910 | socklen_t slen = sizeof(sin); | |
e1fdd526 | 911 | int afd = -1, cfd = -1, sfd = -1; |
fe5d9450 BP |
912 | |
913 | memset ((char *) &sin, 0, sizeof(sin)); | |
914 | sin.sin_family = AF_INET; | |
915 | sin.sin_addr.s_addr = inet_addr(host); | |
916 | ||
0c593328 MC |
917 | afd = BIO_socket(AF_INET, socktype, |
918 | socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0); | |
919 | if (afd == INVALID_SOCKET) | |
fe5d9450 BP |
920 | return 0; |
921 | ||
922 | if (bind(afd, (struct sockaddr*)&sin, sizeof(sin)) < 0) | |
923 | goto out; | |
924 | ||
925 | if (getsockname(afd, (struct sockaddr*)&sin, &slen) < 0) | |
926 | goto out; | |
927 | ||
0c593328 MC |
928 | if (saddr != NULL |
929 | && !BIO_ADDR_rawmake(saddr, sin.sin_family, &sin.sin_addr, | |
930 | sizeof(sin.sin_addr), sin.sin_port)) | |
931 | goto out; | |
932 | ||
933 | if (socktype == SOCK_STREAM && listen(afd, 1) < 0) | |
fe5d9450 BP |
934 | goto out; |
935 | ||
0c593328 MC |
936 | cfd = BIO_socket(AF_INET, socktype, |
937 | socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0); | |
938 | if (cfd == INVALID_SOCKET) | |
fe5d9450 BP |
939 | goto out; |
940 | ||
0c593328 | 941 | if (!BIO_socket_nbio(afd, 1)) |
fe5d9450 BP |
942 | goto out; |
943 | ||
0c593328 MC |
944 | /* |
945 | * If a DGRAM socket then we don't call "accept" or "connect" - so act like | |
946 | * we already called them. | |
947 | */ | |
948 | if (socktype == SOCK_DGRAM) { | |
949 | cfd_connected = 1; | |
950 | sfd = afd; | |
951 | afd = -1; | |
952 | } | |
953 | ||
1287dabd | 954 | while (sfd == -1 || !cfd_connected) { |
e1fdd526 JB |
955 | sfd = accept(afd, NULL, 0); |
956 | if (sfd == -1 && errno != EAGAIN) | |
fe5d9450 BP |
957 | goto out; |
958 | ||
e1fdd526 | 959 | if (!cfd_connected && connect(cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0) |
fe5d9450 BP |
960 | goto out; |
961 | else | |
962 | cfd_connected = 1; | |
963 | } | |
964 | ||
0c593328 | 965 | if (!BIO_socket_nbio(cfd, 1) || !BIO_socket_nbio(sfd, 1)) |
fe5d9450 BP |
966 | goto out; |
967 | ret = 1; | |
e1fdd526 JB |
968 | *cfdp = cfd; |
969 | *sfdp = sfd; | |
fe5d9450 BP |
970 | goto success; |
971 | ||
972 | out: | |
e1fdd526 JB |
973 | if (cfd != -1) |
974 | close(cfd); | |
975 | if (sfd != -1) | |
976 | close(sfd); | |
fe5d9450 | 977 | success: |
e1fdd526 JB |
978 | if (afd != -1) |
979 | close(afd); | |
fe5d9450 BP |
980 | return ret; |
981 | } | |
fe5d9450 BP |
982 | |
983 | int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, | |
984 | SSL **cssl, int sfd, int cfd) | |
985 | { | |
986 | SSL *serverssl = NULL, *clientssl = NULL; | |
987 | BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; | |
988 | ||
989 | if (*sssl != NULL) | |
990 | serverssl = *sssl; | |
991 | else if (!TEST_ptr(serverssl = SSL_new(serverctx))) | |
992 | goto error; | |
993 | if (*cssl != NULL) | |
994 | clientssl = *cssl; | |
995 | else if (!TEST_ptr(clientssl = SSL_new(clientctx))) | |
996 | goto error; | |
997 | ||
998 | if (!TEST_ptr(s_to_c_bio = BIO_new_socket(sfd, BIO_NOCLOSE)) | |
999 | || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE))) | |
1000 | goto error; | |
1001 | ||
1002 | SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio); | |
1003 | SSL_set_bio(serverssl, s_to_c_bio, s_to_c_bio); | |
1004 | *sssl = serverssl; | |
1005 | *cssl = clientssl; | |
1006 | return 1; | |
1007 | ||
1008 | error: | |
1009 | SSL_free(serverssl); | |
1010 | SSL_free(clientssl); | |
1011 | BIO_free(s_to_c_bio); | |
1012 | BIO_free(c_to_s_bio); | |
1013 | return 0; | |
1014 | } | |
a5df3fc0 TM |
1015 | |
1016 | #else | |
1017 | ||
1018 | int wait_until_sock_readable(int sock) | |
1019 | { | |
1020 | return 0; | |
1021 | } | |
1022 | ||
0c593328 | 1023 | #endif /* defined(OSSL_USE_SOCKETS) */ |
fe5d9450 | 1024 | |
2cb4b5f6 MC |
1025 | /* |
1026 | * NOTE: Transfers control of the BIOs - this function will free them on error | |
1027 | */ | |
b4982125 | 1028 | int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, |
2cb4b5f6 MC |
1029 | SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) |
1030 | { | |
8ed9a266 | 1031 | SSL *serverssl = NULL, *clientssl = NULL; |
2cb4b5f6 MC |
1032 | BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; |
1033 | ||
8ed9a266 | 1034 | if (*sssl != NULL) |
eaa776da | 1035 | serverssl = *sssl; |
8ed9a266 RS |
1036 | else if (!TEST_ptr(serverssl = SSL_new(serverctx))) |
1037 | goto error; | |
1038 | if (*cssl != NULL) | |
eaa776da | 1039 | clientssl = *cssl; |
8ed9a266 | 1040 | else if (!TEST_ptr(clientssl = SSL_new(clientctx))) |
2cb4b5f6 | 1041 | goto error; |
2cb4b5f6 | 1042 | |
b4982125 | 1043 | if (SSL_is_dtls(clientssl)) { |
8ed9a266 RS |
1044 | if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) |
1045 | || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) | |
1046 | goto error; | |
b4982125 | 1047 | } else { |
8ed9a266 RS |
1048 | if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) |
1049 | || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) | |
1050 | goto error; | |
2cb4b5f6 MC |
1051 | } |
1052 | ||
8ed9a266 RS |
1053 | if (s_to_c_fbio != NULL |
1054 | && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) | |
1055 | goto error; | |
1056 | if (c_to_s_fbio != NULL | |
1057 | && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) | |
2cb4b5f6 | 1058 | goto error; |
2cb4b5f6 MC |
1059 | |
1060 | /* Set Non-blocking IO behaviour */ | |
1061 | BIO_set_mem_eof_return(s_to_c_bio, -1); | |
1062 | BIO_set_mem_eof_return(c_to_s_bio, -1); | |
1063 | ||
1064 | /* Up ref these as we are passing them to two SSL objects */ | |
8ed9a266 | 1065 | SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); |
2cb4b5f6 MC |
1066 | BIO_up_ref(s_to_c_bio); |
1067 | BIO_up_ref(c_to_s_bio); | |
2cb4b5f6 | 1068 | SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); |
b4982125 MC |
1069 | *sssl = serverssl; |
1070 | *cssl = clientssl; | |
b4982125 MC |
1071 | return 1; |
1072 | ||
1073 | error: | |
1074 | SSL_free(serverssl); | |
1075 | SSL_free(clientssl); | |
1076 | BIO_free(s_to_c_bio); | |
1077 | BIO_free(c_to_s_bio); | |
1078 | BIO_free(s_to_c_fbio); | |
1079 | BIO_free(c_to_s_fbio); | |
1080 | ||
1081 | return 0; | |
1082 | } | |
1083 | ||
c748834f | 1084 | /* |
743d9c16 | 1085 | * Create an SSL connection, but does not read any post-handshake |
c748834f | 1086 | * NewSessionTicket messages. |
80c455d5 MC |
1087 | * If |read| is set and we're using DTLS then we will attempt to SSL_read on |
1088 | * the connection once we've completed one half of it, to ensure any retransmits | |
1089 | * get triggered. | |
743d9c16 MC |
1090 | * We stop the connection attempt (and return a failure value) if either peer |
1091 | * has SSL_get_error() return the value in the |want| parameter. The connection | |
1092 | * attempt could be restarted by a subsequent call to this function. | |
c748834f | 1093 | */ |
80c455d5 | 1094 | int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, |
26dad42e | 1095 | int read, int listen) |
b4982125 | 1096 | { |
26dad42e | 1097 | int retc = -1, rets = -1, err, abortctr = 0, ret = 0; |
b4982125 | 1098 | int clienterr = 0, servererr = 0; |
61e96557 | 1099 | int isdtls = SSL_is_dtls(serverssl); |
26dad42e MC |
1100 | #ifndef OPENSSL_NO_SOCK |
1101 | BIO_ADDR *peer = NULL; | |
1102 | ||
1103 | if (listen) { | |
1104 | if (!isdtls) { | |
1105 | TEST_error("DTLSv1_listen requested for non-DTLS object\n"); | |
1106 | return 0; | |
1107 | } | |
1108 | peer = BIO_ADDR_new(); | |
1109 | if (!TEST_ptr(peer)) | |
1110 | return 0; | |
1111 | } | |
1112 | #else | |
1113 | if (listen) { | |
1114 | TEST_error("DTLSv1_listen requested in a no-sock build\n"); | |
1115 | return 0; | |
1116 | } | |
1117 | #endif | |
b4982125 | 1118 | |
2cb4b5f6 MC |
1119 | do { |
1120 | err = SSL_ERROR_WANT_WRITE; | |
eaa776da | 1121 | while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) { |
2cb4b5f6 MC |
1122 | retc = SSL_connect(clientssl); |
1123 | if (retc <= 0) | |
1124 | err = SSL_get_error(clientssl, retc); | |
1125 | } | |
1126 | ||
eaa776da | 1127 | if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { |
8ed9a266 | 1128 | TEST_info("SSL_connect() failed %d, %d", retc, err); |
e737adb4 MC |
1129 | if (want != SSL_ERROR_SSL) |
1130 | TEST_openssl_errors(); | |
eaa776da | 1131 | clienterr = 1; |
2cb4b5f6 | 1132 | } |
8e2236ef | 1133 | if (want != SSL_ERROR_NONE && err == want) |
26dad42e | 1134 | goto err; |
2cb4b5f6 MC |
1135 | |
1136 | err = SSL_ERROR_WANT_WRITE; | |
eaa776da | 1137 | while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { |
26dad42e MC |
1138 | #ifndef OPENSSL_NO_SOCK |
1139 | if (listen) { | |
1140 | rets = DTLSv1_listen(serverssl, peer); | |
1141 | if (rets < 0) { | |
1142 | err = SSL_ERROR_SSL; | |
1143 | } else if (rets == 0) { | |
1144 | err = SSL_ERROR_WANT_READ; | |
1145 | } else { | |
1146 | /* Success - stop listening and call SSL_accept from now on */ | |
1147 | listen = 0; | |
1148 | rets = 0; | |
1149 | } | |
1150 | } else | |
1151 | #endif | |
1152 | { | |
1153 | rets = SSL_accept(serverssl); | |
1154 | if (rets <= 0) | |
1155 | err = SSL_get_error(serverssl, rets); | |
1156 | } | |
2cb4b5f6 MC |
1157 | } |
1158 | ||
cd6fe29f MC |
1159 | if (!servererr && rets <= 0 |
1160 | && err != SSL_ERROR_WANT_READ | |
1161 | && err != SSL_ERROR_WANT_X509_LOOKUP) { | |
8ed9a266 | 1162 | TEST_info("SSL_accept() failed %d, %d", rets, err); |
e737adb4 MC |
1163 | if (want != SSL_ERROR_SSL) |
1164 | TEST_openssl_errors(); | |
eaa776da | 1165 | servererr = 1; |
2cb4b5f6 | 1166 | } |
8e2236ef | 1167 | if (want != SSL_ERROR_NONE && err == want) |
26dad42e | 1168 | goto err; |
eaa776da | 1169 | if (clienterr && servererr) |
26dad42e | 1170 | goto err; |
80c455d5 MC |
1171 | if (isdtls && read) { |
1172 | unsigned char buf[20]; | |
1173 | ||
1174 | /* Trigger any retransmits that may be appropriate */ | |
1175 | if (rets > 0 && retc <= 0) { | |
1176 | if (SSL_read(serverssl, buf, sizeof(buf)) > 0) { | |
1177 | /* We don't expect this to succeed! */ | |
1178 | TEST_info("Unexpected SSL_read() success!"); | |
26dad42e | 1179 | goto err; |
80c455d5 MC |
1180 | } |
1181 | } | |
1182 | if (retc > 0 && rets <= 0) { | |
1183 | if (SSL_read(clientssl, buf, sizeof(buf)) > 0) { | |
1184 | /* We don't expect this to succeed! */ | |
1185 | TEST_info("Unexpected SSL_read() success!"); | |
26dad42e | 1186 | goto err; |
80c455d5 MC |
1187 | } |
1188 | } | |
61e96557 | 1189 | } |
2cb4b5f6 | 1190 | if (++abortctr == MAXLOOPS) { |
8ed9a266 | 1191 | TEST_info("No progress made"); |
26dad42e | 1192 | goto err; |
2cb4b5f6 | 1193 | } |
61e96557 MC |
1194 | if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) { |
1195 | /* | |
1196 | * It looks like we're just spinning. Pause for a short period to | |
1197 | * give the DTLS timer a chance to do something. We only do this for | |
1198 | * the first few times to prevent hangs. | |
1199 | */ | |
5139dec2 | 1200 | OSSL_sleep(50); |
61e96557 | 1201 | } |
2cb4b5f6 MC |
1202 | } while (retc <=0 || rets <= 0); |
1203 | ||
26dad42e MC |
1204 | ret = 1; |
1205 | err: | |
1206 | #ifndef OPENSSL_NO_SOCK | |
1207 | BIO_ADDR_free(peer); | |
1208 | #endif | |
1209 | return ret; | |
c748834f MC |
1210 | } |
1211 | ||
1212 | /* | |
1213 | * Create an SSL connection including any post handshake NewSessionTicket | |
1214 | * messages. | |
1215 | */ | |
1216 | int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) | |
1217 | { | |
1218 | int i; | |
1219 | unsigned char buf; | |
1220 | size_t readbytes; | |
1221 | ||
26dad42e | 1222 | if (!create_bare_ssl_connection(serverssl, clientssl, want, 1, 0)) |
c748834f MC |
1223 | return 0; |
1224 | ||
59db06f1 MC |
1225 | /* |
1226 | * We attempt to read some data on the client side which we expect to fail. | |
1227 | * This will ensure we have received the NewSessionTicket in TLSv1.3 where | |
c2969ff6 | 1228 | * appropriate. We do this twice because there are 2 NewSessionTickets. |
59db06f1 | 1229 | */ |
36ff232c MC |
1230 | for (i = 0; i < 2; i++) { |
1231 | if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { | |
1232 | if (!TEST_ulong_eq(readbytes, 0)) | |
1233 | return 0; | |
1234 | } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), | |
1235 | SSL_ERROR_WANT_READ)) { | |
59db06f1 | 1236 | return 0; |
36ff232c | 1237 | } |
59db06f1 MC |
1238 | } |
1239 | ||
2cb4b5f6 | 1240 | return 1; |
2cb4b5f6 | 1241 | } |
ca8c71ba MC |
1242 | |
1243 | void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) | |
1244 | { | |
1245 | SSL_shutdown(clientssl); | |
1246 | SSL_shutdown(serverssl); | |
1247 | SSL_free(serverssl); | |
1248 | SSL_free(clientssl); | |
1249 | } |