]>
Commit | Line | Data |
---|---|---|
2cb4b5f6 MC |
1 | /* |
2 | * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the OpenSSL license (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
d82dec40 MC |
10 | #include <string.h> |
11 | ||
176db6dc | 12 | #include "internal/nelem.h" |
2cb4b5f6 | 13 | #include "ssltestlib.h" |
8ed9a266 | 14 | #include "testutil.h" |
2cb4b5f6 | 15 | |
d9a2e90b MC |
16 | static int tls_dump_new(BIO *bi); |
17 | static int tls_dump_free(BIO *a); | |
18 | static int tls_dump_read(BIO *b, char *out, int outl); | |
19 | static int tls_dump_write(BIO *b, const char *in, int inl); | |
20 | static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr); | |
21 | static int tls_dump_gets(BIO *bp, char *buf, int size); | |
22 | static int tls_dump_puts(BIO *bp, const char *str); | |
23 | ||
24 | /* Choose a sufficiently large type likely to be unused for this custom BIO */ | |
8ed9a266 RS |
25 | #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) |
26 | #define BIO_TYPE_MEMPACKET_TEST 0x81 | |
d9a2e90b MC |
27 | |
28 | static BIO_METHOD *method_tls_dump = NULL; | |
8ed9a266 | 29 | static BIO_METHOD *meth_mem = NULL; |
d9a2e90b MC |
30 | |
31 | /* Note: Not thread safe! */ | |
32 | const BIO_METHOD *bio_f_tls_dump_filter(void) | |
33 | { | |
34 | if (method_tls_dump == NULL) { | |
35 | method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, | |
36 | "TLS dump filter"); | |
37 | if ( method_tls_dump == NULL | |
38 | || !BIO_meth_set_write(method_tls_dump, tls_dump_write) | |
39 | || !BIO_meth_set_read(method_tls_dump, tls_dump_read) | |
40 | || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) | |
41 | || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets) | |
42 | || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl) | |
43 | || !BIO_meth_set_create(method_tls_dump, tls_dump_new) | |
44 | || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free)) | |
45 | return NULL; | |
46 | } | |
47 | return method_tls_dump; | |
48 | } | |
49 | ||
50 | void bio_f_tls_dump_filter_free(void) | |
51 | { | |
52 | BIO_meth_free(method_tls_dump); | |
53 | } | |
54 | ||
55 | static int tls_dump_new(BIO *bio) | |
56 | { | |
57 | BIO_set_init(bio, 1); | |
58 | return 1; | |
59 | } | |
60 | ||
61 | static int tls_dump_free(BIO *bio) | |
62 | { | |
63 | BIO_set_init(bio, 0); | |
64 | ||
65 | return 1; | |
66 | } | |
67 | ||
68 | static void copy_flags(BIO *bio) | |
69 | { | |
70 | int flags; | |
71 | BIO *next = BIO_next(bio); | |
72 | ||
73 | flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
74 | BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); | |
75 | BIO_set_flags(bio, flags); | |
76 | } | |
77 | ||
78 | #define RECORD_CONTENT_TYPE 0 | |
79 | #define RECORD_VERSION_HI 1 | |
80 | #define RECORD_VERSION_LO 2 | |
81 | #define RECORD_EPOCH_HI 3 | |
82 | #define RECORD_EPOCH_LO 4 | |
83 | #define RECORD_SEQUENCE_START 5 | |
84 | #define RECORD_SEQUENCE_END 10 | |
85 | #define RECORD_LEN_HI 11 | |
86 | #define RECORD_LEN_LO 12 | |
87 | ||
88 | #define MSG_TYPE 0 | |
89 | #define MSG_LEN_HI 1 | |
90 | #define MSG_LEN_MID 2 | |
91 | #define MSG_LEN_LO 3 | |
92 | #define MSG_SEQ_HI 4 | |
93 | #define MSG_SEQ_LO 5 | |
94 | #define MSG_FRAG_OFF_HI 6 | |
95 | #define MSG_FRAG_OFF_MID 7 | |
96 | #define MSG_FRAG_OFF_LO 8 | |
97 | #define MSG_FRAG_LEN_HI 9 | |
98 | #define MSG_FRAG_LEN_MID 10 | |
99 | #define MSG_FRAG_LEN_LO 11 | |
100 | ||
101 | ||
102 | static void dump_data(const char *data, int len) | |
103 | { | |
104 | int rem, i, content, reclen, msglen, fragoff, fraglen, epoch; | |
105 | unsigned char *rec; | |
106 | ||
107 | printf("---- START OF PACKET ----\n"); | |
108 | ||
109 | rem = len; | |
110 | rec = (unsigned char *)data; | |
111 | ||
112 | while (rem > 0) { | |
113 | if (rem != len) | |
114 | printf("*\n"); | |
115 | printf("*---- START OF RECORD ----\n"); | |
116 | if (rem < DTLS1_RT_HEADER_LENGTH) { | |
117 | printf("*---- RECORD TRUNCATED ----\n"); | |
118 | break; | |
119 | } | |
120 | content = rec[RECORD_CONTENT_TYPE]; | |
121 | printf("** Record Content-type: %d\n", content); | |
122 | printf("** Record Version: %02x%02x\n", | |
123 | rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); | |
124 | epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO]; | |
125 | printf("** Record Epoch: %d\n", epoch); | |
126 | printf("** Record Sequence: "); | |
127 | for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++) | |
128 | printf("%02x", rec[i]); | |
129 | reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]; | |
130 | printf("\n** Record Length: %d\n", reclen); | |
131 | ||
132 | /* Now look at message */ | |
133 | rec += DTLS1_RT_HEADER_LENGTH; | |
134 | rem -= DTLS1_RT_HEADER_LENGTH; | |
135 | if (content == SSL3_RT_HANDSHAKE) { | |
136 | printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n"); | |
137 | if (epoch > 0) { | |
138 | printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n"); | |
139 | } else if (rem < DTLS1_HM_HEADER_LENGTH | |
140 | || reclen < DTLS1_HM_HEADER_LENGTH) { | |
141 | printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); | |
142 | } else { | |
143 | printf("*** Message Type: %d\n", rec[MSG_TYPE]); | |
144 | msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8) | |
145 | | rec[MSG_LEN_LO]; | |
146 | printf("*** Message Length: %d\n", msglen); | |
147 | printf("*** Message sequence: %d\n", | |
148 | (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); | |
149 | fragoff = (rec[MSG_FRAG_OFF_HI] << 16) | |
150 | | (rec[MSG_FRAG_OFF_MID] << 8) | |
151 | | rec[MSG_FRAG_OFF_LO]; | |
152 | printf("*** Message Fragment offset: %d\n", fragoff); | |
153 | fraglen = (rec[MSG_FRAG_LEN_HI] << 16) | |
154 | | (rec[MSG_FRAG_LEN_MID] << 8) | |
155 | | rec[MSG_FRAG_LEN_LO]; | |
156 | printf("*** Message Fragment len: %d\n", fraglen); | |
157 | if (fragoff + fraglen > msglen) | |
158 | printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); | |
28b86f31 | 159 | else if (reclen < fraglen) |
d9a2e90b MC |
160 | printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); |
161 | else | |
162 | printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); | |
163 | } | |
164 | } | |
165 | if (rem < reclen) { | |
166 | printf("*---- RECORD TRUNCATED ----\n"); | |
167 | rem = 0; | |
168 | } else { | |
169 | rec += reclen; | |
170 | rem -= reclen; | |
171 | printf("*---- END OF RECORD ----\n"); | |
172 | } | |
173 | } | |
174 | printf("---- END OF PACKET ----\n\n"); | |
175 | fflush(stdout); | |
176 | } | |
177 | ||
178 | static int tls_dump_read(BIO *bio, char *out, int outl) | |
179 | { | |
180 | int ret; | |
181 | BIO *next = BIO_next(bio); | |
182 | ||
183 | ret = BIO_read(next, out, outl); | |
184 | copy_flags(bio); | |
185 | ||
186 | if (ret > 0) { | |
187 | dump_data(out, ret); | |
188 | } | |
189 | ||
190 | return ret; | |
191 | } | |
192 | ||
193 | static int tls_dump_write(BIO *bio, const char *in, int inl) | |
194 | { | |
195 | int ret; | |
196 | BIO *next = BIO_next(bio); | |
197 | ||
198 | ret = BIO_write(next, in, inl); | |
199 | copy_flags(bio); | |
200 | ||
201 | return ret; | |
202 | } | |
203 | ||
204 | static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
205 | { | |
206 | long ret; | |
207 | BIO *next = BIO_next(bio); | |
208 | ||
209 | if (next == NULL) | |
210 | return 0; | |
211 | ||
212 | switch (cmd) { | |
213 | case BIO_CTRL_DUP: | |
214 | ret = 0L; | |
215 | break; | |
216 | default: | |
217 | ret = BIO_ctrl(next, cmd, num, ptr); | |
218 | break; | |
219 | } | |
220 | return ret; | |
221 | } | |
222 | ||
223 | static int tls_dump_gets(BIO *bio, char *buf, int size) | |
224 | { | |
225 | /* We don't support this - not needed anyway */ | |
226 | return -1; | |
227 | } | |
228 | ||
229 | static int tls_dump_puts(BIO *bio, const char *str) | |
230 | { | |
231 | return tls_dump_write(bio, str, strlen(str)); | |
232 | } | |
233 | ||
d82dec40 | 234 | |
0556f2aa | 235 | struct mempacket_st { |
d82dec40 MC |
236 | unsigned char *data; |
237 | int len; | |
238 | unsigned int num; | |
239 | unsigned int type; | |
0556f2aa | 240 | }; |
d82dec40 | 241 | |
d82dec40 MC |
242 | static void mempacket_free(MEMPACKET *pkt) |
243 | { | |
244 | if (pkt->data != NULL) | |
245 | OPENSSL_free(pkt->data); | |
246 | OPENSSL_free(pkt); | |
247 | } | |
248 | ||
249 | typedef struct mempacket_test_ctx_st { | |
250 | STACK_OF(MEMPACKET) *pkts; | |
251 | unsigned int epoch; | |
252 | unsigned int currrec; | |
253 | unsigned int currpkt; | |
254 | unsigned int lastpkt; | |
255 | unsigned int noinject; | |
256 | } MEMPACKET_TEST_CTX; | |
257 | ||
258 | static int mempacket_test_new(BIO *bi); | |
259 | static int mempacket_test_free(BIO *a); | |
260 | static int mempacket_test_read(BIO *b, char *out, int outl); | |
261 | static int mempacket_test_write(BIO *b, const char *in, int inl); | |
262 | static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr); | |
263 | static int mempacket_test_gets(BIO *bp, char *buf, int size); | |
264 | static int mempacket_test_puts(BIO *bp, const char *str); | |
265 | ||
266 | const BIO_METHOD *bio_s_mempacket_test(void) | |
267 | { | |
8ed9a266 RS |
268 | if (meth_mem == NULL) { |
269 | if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, | |
270 | "Mem Packet Test")) | |
271 | || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) | |
272 | || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) | |
273 | || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) | |
274 | || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) | |
275 | || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) | |
276 | || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) | |
277 | || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) | |
d82dec40 MC |
278 | return NULL; |
279 | } | |
8ed9a266 | 280 | return meth_mem; |
d82dec40 MC |
281 | } |
282 | ||
283 | void bio_s_mempacket_test_free(void) | |
284 | { | |
8ed9a266 | 285 | BIO_meth_free(meth_mem); |
d82dec40 MC |
286 | } |
287 | ||
288 | static int mempacket_test_new(BIO *bio) | |
289 | { | |
8ed9a266 | 290 | MEMPACKET_TEST_CTX *ctx; |
bd91e3c8 | 291 | |
8ed9a266 | 292 | if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) |
d82dec40 | 293 | return 0; |
8ed9a266 | 294 | if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { |
d82dec40 MC |
295 | OPENSSL_free(ctx); |
296 | return 0; | |
297 | } | |
298 | BIO_set_init(bio, 1); | |
299 | BIO_set_data(bio, ctx); | |
300 | return 1; | |
301 | } | |
302 | ||
303 | static int mempacket_test_free(BIO *bio) | |
304 | { | |
305 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
306 | ||
307 | sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free); | |
308 | OPENSSL_free(ctx); | |
309 | BIO_set_data(bio, NULL); | |
310 | BIO_set_init(bio, 0); | |
d82dec40 MC |
311 | return 1; |
312 | } | |
313 | ||
314 | /* Record Header values */ | |
315 | #define EPOCH_HI 4 | |
316 | #define EPOCH_LO 5 | |
317 | #define RECORD_SEQUENCE 10 | |
318 | #define RECORD_LEN_HI 11 | |
319 | #define RECORD_LEN_LO 12 | |
320 | ||
321 | #define STANDARD_PACKET 0 | |
322 | ||
323 | static int mempacket_test_read(BIO *bio, char *out, int outl) | |
324 | { | |
325 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
326 | MEMPACKET *thispkt; | |
327 | unsigned char *rec; | |
328 | int rem; | |
329 | unsigned int seq, offset, len, epoch; | |
330 | ||
331 | BIO_clear_retry_flags(bio); | |
d82dec40 MC |
332 | thispkt = sk_MEMPACKET_value(ctx->pkts, 0); |
333 | if (thispkt == NULL || thispkt->num != ctx->currpkt) { | |
334 | /* Probably run out of data */ | |
335 | BIO_set_retry_read(bio); | |
336 | return -1; | |
337 | } | |
1c288878 | 338 | (void)sk_MEMPACKET_shift(ctx->pkts); |
d82dec40 MC |
339 | ctx->currpkt++; |
340 | ||
341 | if (outl > thispkt->len) | |
342 | outl = thispkt->len; | |
343 | ||
344 | if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ) { | |
345 | /* | |
346 | * Overwrite the record sequence number. We strictly number them in | |
347 | * the order received. Since we are actually a reliable transport | |
348 | * we know that there won't be any re-ordering. We overwrite to deal | |
349 | * with any packets that have been injected | |
350 | */ | |
8ed9a266 RS |
351 | for (rem = thispkt->len, rec = thispkt->data |
352 | ; rem > 0; rec += len, rem -= len) { | |
353 | if (rem < DTLS1_RT_HEADER_LENGTH) | |
d82dec40 | 354 | return -1; |
d82dec40 MC |
355 | epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; |
356 | if (epoch != ctx->epoch) { | |
357 | ctx->epoch = epoch; | |
358 | ctx->currrec = 0; | |
359 | } | |
360 | seq = ctx->currrec; | |
361 | offset = 0; | |
362 | do { | |
363 | rec[RECORD_SEQUENCE - offset] = seq & 0xFF; | |
364 | seq >>= 8; | |
365 | offset++; | |
366 | } while (seq > 0); | |
367 | ctx->currrec++; | |
368 | ||
369 | len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) | |
370 | + DTLS1_RT_HEADER_LENGTH; | |
d82dec40 MC |
371 | } |
372 | } | |
373 | ||
374 | memcpy(out, thispkt->data, outl); | |
d82dec40 | 375 | mempacket_free(thispkt); |
d82dec40 MC |
376 | return outl; |
377 | } | |
378 | ||
379 | int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, | |
380 | int type) | |
381 | { | |
382 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
383 | MEMPACKET *thispkt, *looppkt, *nextpkt; | |
384 | int i; | |
385 | ||
386 | if (ctx == NULL) | |
387 | return -1; | |
388 | ||
389 | /* We only allow injection before we've started writing any data */ | |
390 | if (pktnum >= 0) { | |
391 | if (ctx->noinject) | |
392 | return -1; | |
393 | } else { | |
394 | ctx->noinject = 1; | |
395 | } | |
396 | ||
8ed9a266 | 397 | if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt)))) |
d82dec40 | 398 | return -1; |
8ed9a266 | 399 | if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) { |
d82dec40 MC |
400 | mempacket_free(thispkt); |
401 | return -1; | |
402 | } | |
403 | ||
404 | memcpy(thispkt->data, in, inl); | |
405 | thispkt->len = inl; | |
406 | thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt; | |
407 | thispkt->type = type; | |
408 | ||
409 | for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) { | |
410 | /* Check if we found the right place to insert this packet */ | |
411 | if (looppkt->num > thispkt->num) { | |
412 | if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) { | |
413 | mempacket_free(thispkt); | |
414 | return -1; | |
415 | } | |
416 | /* If we're doing up front injection then we're done */ | |
417 | if (pktnum >= 0) | |
418 | return inl; | |
419 | /* | |
420 | * We need to do some accounting on lastpkt. We increment it first, | |
421 | * but it might now equal the value of injected packets, so we need | |
422 | * to skip over those | |
423 | */ | |
424 | ctx->lastpkt++; | |
425 | do { | |
426 | i++; | |
427 | nextpkt = sk_MEMPACKET_value(ctx->pkts, i); | |
428 | if (nextpkt != NULL && nextpkt->num == ctx->lastpkt) | |
429 | ctx->lastpkt++; | |
430 | else | |
431 | return inl; | |
432 | } while(1); | |
28b86f31 | 433 | } else if (looppkt->num == thispkt->num) { |
d82dec40 MC |
434 | if (!ctx->noinject) { |
435 | /* We injected two packets with the same packet number! */ | |
436 | return -1; | |
437 | } | |
438 | ctx->lastpkt++; | |
439 | thispkt->num++; | |
440 | } | |
441 | } | |
442 | /* | |
443 | * We didn't find any packets with a packet number equal to or greater than | |
444 | * this one, so we just add it onto the end | |
445 | */ | |
446 | if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) { | |
447 | mempacket_free(thispkt); | |
448 | return -1; | |
449 | } | |
450 | ||
451 | if (pktnum < 0) | |
452 | ctx->lastpkt++; | |
453 | ||
454 | return inl; | |
455 | } | |
456 | ||
457 | static int mempacket_test_write(BIO *bio, const char *in, int inl) | |
458 | { | |
459 | return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET); | |
460 | } | |
461 | ||
462 | static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) | |
463 | { | |
464 | long ret = 1; | |
465 | MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); | |
466 | MEMPACKET *thispkt; | |
467 | ||
468 | switch (cmd) { | |
469 | case BIO_CTRL_EOF: | |
470 | ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0); | |
471 | break; | |
472 | case BIO_CTRL_GET_CLOSE: | |
473 | ret = BIO_get_shutdown(bio); | |
474 | break; | |
475 | case BIO_CTRL_SET_CLOSE: | |
476 | BIO_set_shutdown(bio, (int)num); | |
477 | break; | |
478 | case BIO_CTRL_WPENDING: | |
479 | ret = 0L; | |
480 | break; | |
481 | case BIO_CTRL_PENDING: | |
482 | thispkt = sk_MEMPACKET_value(ctx->pkts, 0); | |
483 | if (thispkt == NULL) | |
484 | ret = 0; | |
485 | else | |
486 | ret = thispkt->len; | |
487 | break; | |
488 | case BIO_CTRL_FLUSH: | |
489 | ret = 1; | |
490 | break; | |
491 | case BIO_CTRL_RESET: | |
492 | case BIO_CTRL_DUP: | |
493 | case BIO_CTRL_PUSH: | |
494 | case BIO_CTRL_POP: | |
495 | default: | |
496 | ret = 0; | |
497 | break; | |
498 | } | |
499 | return ret; | |
500 | } | |
501 | ||
502 | static int mempacket_test_gets(BIO *bio, char *buf, int size) | |
503 | { | |
504 | /* We don't support this - not needed anyway */ | |
505 | return -1; | |
506 | } | |
507 | ||
508 | static int mempacket_test_puts(BIO *bio, const char *str) | |
509 | { | |
510 | return mempacket_test_write(bio, str, strlen(str)); | |
511 | } | |
512 | ||
2cb4b5f6 MC |
513 | int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, |
514 | SSL_CTX **sctx, SSL_CTX **cctx, char *certfile, | |
515 | char *privkeyfile) | |
516 | { | |
517 | SSL_CTX *serverctx = NULL; | |
518 | SSL_CTX *clientctx = NULL; | |
519 | ||
8ed9a266 | 520 | if (!TEST_ptr(serverctx = SSL_CTX_new(sm)) |
bb01ef3f | 521 | || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm)))) |
2cb4b5f6 | 522 | goto err; |
2cb4b5f6 | 523 | |
8ed9a266 RS |
524 | if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, |
525 | SSL_FILETYPE_PEM), 1) | |
526 | || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, | |
527 | SSL_FILETYPE_PEM), 1) | |
528 | || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) | |
2cb4b5f6 | 529 | goto err; |
2cb4b5f6 | 530 | |
c5a56992 AP |
531 | #ifndef OPENSSL_NO_DH |
532 | SSL_CTX_set_dh_auto(serverctx, 1); | |
533 | #endif | |
534 | ||
2cb4b5f6 | 535 | *sctx = serverctx; |
bb01ef3f MC |
536 | if (cctx != NULL) |
537 | *cctx = clientctx; | |
2cb4b5f6 | 538 | return 1; |
8ed9a266 | 539 | |
2cb4b5f6 MC |
540 | err: |
541 | SSL_CTX_free(serverctx); | |
542 | SSL_CTX_free(clientctx); | |
543 | return 0; | |
544 | } | |
545 | ||
9970290e | 546 | #define MAXLOOPS 1000000 |
2cb4b5f6 MC |
547 | |
548 | /* | |
549 | * NOTE: Transfers control of the BIOs - this function will free them on error | |
550 | */ | |
b4982125 | 551 | int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, |
2cb4b5f6 MC |
552 | SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) |
553 | { | |
8ed9a266 | 554 | SSL *serverssl = NULL, *clientssl = NULL; |
2cb4b5f6 MC |
555 | BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; |
556 | ||
8ed9a266 | 557 | if (*sssl != NULL) |
eaa776da | 558 | serverssl = *sssl; |
8ed9a266 RS |
559 | else if (!TEST_ptr(serverssl = SSL_new(serverctx))) |
560 | goto error; | |
561 | if (*cssl != NULL) | |
eaa776da | 562 | clientssl = *cssl; |
8ed9a266 | 563 | else if (!TEST_ptr(clientssl = SSL_new(clientctx))) |
2cb4b5f6 | 564 | goto error; |
2cb4b5f6 | 565 | |
b4982125 | 566 | if (SSL_is_dtls(clientssl)) { |
8ed9a266 RS |
567 | if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) |
568 | || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) | |
569 | goto error; | |
b4982125 | 570 | } else { |
8ed9a266 RS |
571 | if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) |
572 | || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) | |
573 | goto error; | |
2cb4b5f6 MC |
574 | } |
575 | ||
8ed9a266 RS |
576 | if (s_to_c_fbio != NULL |
577 | && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) | |
578 | goto error; | |
579 | if (c_to_s_fbio != NULL | |
580 | && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) | |
2cb4b5f6 | 581 | goto error; |
2cb4b5f6 MC |
582 | |
583 | /* Set Non-blocking IO behaviour */ | |
584 | BIO_set_mem_eof_return(s_to_c_bio, -1); | |
585 | BIO_set_mem_eof_return(c_to_s_bio, -1); | |
586 | ||
587 | /* Up ref these as we are passing them to two SSL objects */ | |
8ed9a266 | 588 | SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); |
2cb4b5f6 MC |
589 | BIO_up_ref(s_to_c_bio); |
590 | BIO_up_ref(c_to_s_bio); | |
2cb4b5f6 | 591 | SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); |
b4982125 MC |
592 | *sssl = serverssl; |
593 | *cssl = clientssl; | |
b4982125 MC |
594 | return 1; |
595 | ||
596 | error: | |
597 | SSL_free(serverssl); | |
598 | SSL_free(clientssl); | |
599 | BIO_free(s_to_c_bio); | |
600 | BIO_free(c_to_s_bio); | |
601 | BIO_free(s_to_c_fbio); | |
602 | BIO_free(c_to_s_fbio); | |
603 | ||
604 | return 0; | |
605 | } | |
606 | ||
8e2236ef | 607 | int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) |
b4982125 MC |
608 | { |
609 | int retc = -1, rets = -1, err, abortctr = 0; | |
610 | int clienterr = 0, servererr = 0; | |
59db06f1 MC |
611 | unsigned char buf; |
612 | size_t readbytes; | |
b4982125 | 613 | |
2cb4b5f6 MC |
614 | do { |
615 | err = SSL_ERROR_WANT_WRITE; | |
eaa776da | 616 | while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) { |
2cb4b5f6 MC |
617 | retc = SSL_connect(clientssl); |
618 | if (retc <= 0) | |
619 | err = SSL_get_error(clientssl, retc); | |
620 | } | |
621 | ||
eaa776da | 622 | if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { |
8ed9a266 | 623 | TEST_info("SSL_connect() failed %d, %d", retc, err); |
eaa776da | 624 | clienterr = 1; |
2cb4b5f6 | 625 | } |
8e2236ef BK |
626 | if (want != SSL_ERROR_NONE && err == want) |
627 | return 0; | |
2cb4b5f6 MC |
628 | |
629 | err = SSL_ERROR_WANT_WRITE; | |
eaa776da | 630 | while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { |
2cb4b5f6 MC |
631 | rets = SSL_accept(serverssl); |
632 | if (rets <= 0) | |
633 | err = SSL_get_error(serverssl, rets); | |
634 | } | |
635 | ||
eaa776da | 636 | if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) { |
8ed9a266 | 637 | TEST_info("SSL_accept() failed %d, %d", rets, err); |
eaa776da | 638 | servererr = 1; |
2cb4b5f6 | 639 | } |
8e2236ef BK |
640 | if (want != SSL_ERROR_NONE && err == want) |
641 | return 0; | |
eaa776da | 642 | if (clienterr && servererr) |
b4982125 | 643 | return 0; |
2cb4b5f6 | 644 | if (++abortctr == MAXLOOPS) { |
8ed9a266 | 645 | TEST_info("No progress made"); |
b4982125 | 646 | return 0; |
2cb4b5f6 MC |
647 | } |
648 | } while (retc <=0 || rets <= 0); | |
649 | ||
59db06f1 MC |
650 | /* |
651 | * We attempt to read some data on the client side which we expect to fail. | |
652 | * This will ensure we have received the NewSessionTicket in TLSv1.3 where | |
653 | * appropriate. | |
654 | */ | |
655 | if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { | |
8ed9a266 | 656 | if (!TEST_ulong_eq(readbytes, 0)) |
59db06f1 | 657 | return 0; |
8ed9a266 | 658 | } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) { |
59db06f1 MC |
659 | return 0; |
660 | } | |
661 | ||
2cb4b5f6 | 662 | return 1; |
2cb4b5f6 | 663 | } |
ca8c71ba MC |
664 | |
665 | void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) | |
666 | { | |
667 | SSL_shutdown(clientssl); | |
668 | SSL_shutdown(serverssl); | |
669 | SSL_free(serverssl); | |
670 | SSL_free(clientssl); | |
671 | } |