From: Neil Horman Date: Thu, 11 Sep 2025 19:19:45 +0000 (-0400) Subject: Remove dasync engine from sslapitest and sslbuffertest X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99c284c8caffa62036b30f2ace50f8064e279987;p=thirdparty%2Fopenssl.git Remove dasync engine from sslapitest and sslbuffertest With the impending engine removal, we don't have a need to test engine functionality in these tests anymore, so remove the test cases that make use of the dasync engine here. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/28525) --- diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c index caf119c9b72..f25e63662cc 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -7,14 +7,6 @@ * https://www.openssl.org/source/license.html */ -/* - * We need access to the deprecated low level ENGINE APIs for legacy purposes - * when the deprecated calls are not hidden - */ -#ifndef OPENSSL_NO_DEPRECATED_3_0 -# define OPENSSL_SUPPRESS_DEPRECATED -#endif - #include #include @@ -1526,27 +1518,3 @@ int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, X509_free(chaincert); return ret; } - -ENGINE *load_dasync(void) -{ -#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) - ENGINE *e; - - if (!TEST_ptr(e = ENGINE_by_id("dasync"))) - return NULL; - - if (!TEST_true(ENGINE_init(e))) { - ENGINE_free(e); - return NULL; - } - - if (!TEST_true(ENGINE_register_ciphers(e))) { - ENGINE_free(e); - return NULL; - } - - return e; -#else - return NULL; -#endif -} diff --git a/test/helpers/ssltestlib.h b/test/helpers/ssltestlib.h index 557b820efb5..c490c4cfa51 100644 --- a/test/helpers/ssltestlib.h +++ b/test/helpers/ssltestlib.h @@ -88,6 +88,4 @@ SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize); int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, const char *cert_file); -ENGINE *load_dasync(void); - #endif /* OSSL_TEST_SSLTESTLIB_H */ diff --git a/test/sslapitest.c b/test/sslapitest.c index 22932cf05e7..df5ccf1198f 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -33,7 +33,6 @@ #include #include #include -#include #include "helpers/ssltestlib.h" #include "testutil.h" @@ -11898,205 +11897,6 @@ end: } #endif /* OSSL_NO_USABLE_TLS1_3 */ -#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) -/* - * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not - * support this yet. The only pipeline capable cipher that we have is in the - * dasync engine (providers don't support this yet), so we have to use - * deprecated APIs for this test. - * - * Test 0: Client has pipelining enabled, server does not - * Test 1: Server has pipelining enabled, client does not - * Test 2: Client has pipelining enabled, server does not: not enough data to - * fill all the pipelines - * Test 3: Client has pipelining enabled, server does not: not enough data to - * fill all the pipelines by more than a full pipeline's worth - * Test 4: Client has pipelining enabled, server does not: more data than all - * the available pipelines can take - * Test 5: Client has pipelining enabled, server does not: Maximum size pipeline - * Test 6: Repeat of test 0, but the engine is loaded late (after the SSL_CTX - * is created) - */ -static int test_pipelining(int idx) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL, *peera, *peerb; - int testresult = 0, numreads, numpipes = 5; - /* A 55 byte message */ - unsigned char *msg = (unsigned char *) - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz123"; - size_t written, readbytes, offset, msglen, fragsize = 10; - int expectedreads; - unsigned char *buf = NULL; - ENGINE *e = NULL; - - if (idx != 6) { - e = load_dasync(); - if (e == NULL) - return 0; - } - - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), 0, - TLS1_2_VERSION, &sctx, &cctx, cert, - privkey))) - goto end; - - if (idx == 6) { - e = load_dasync(); - if (e == NULL) - goto end; - /* Now act like test 0 */ - idx = 0; - } - - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) - goto end; - - if (!TEST_true(SSL_set_cipher_list(clientssl, "AES128-SHA"))) - goto end; - - /* peera is always configured for pipelining, while peerb is not. */ - if (idx == 1) { - peera = serverssl; - peerb = clientssl; - - } else { - peera = clientssl; - peerb = serverssl; - } - - if (idx == 5) { - numpipes = 2; - /* Maximum allowed fragment size */ - fragsize = SSL3_RT_MAX_PLAIN_LENGTH; - msglen = fragsize * numpipes; - msg = OPENSSL_malloc(msglen); - if (!TEST_ptr(msg)) - goto end; - if (!TEST_int_gt(RAND_bytes_ex(libctx, msg, msglen, 0), 0)) - goto end; - } else if (idx == 4) { - msglen = 55; - } else { - msglen = 50; - } - if (idx == 2) - msglen -= 2; /* Send 2 less bytes */ - else if (idx == 3) - msglen -= 12; /* Send 12 less bytes */ - - buf = OPENSSL_malloc(msglen); - if (!TEST_ptr(buf)) - goto end; - - if (idx == 5) { - /* - * Test that setting a split send fragment longer than the maximum - * allowed fails - */ - if (!TEST_false(SSL_set_split_send_fragment(peera, (long)(fragsize + 1)))) - goto end; - } - - /* - * In the normal case. We have 5 pipelines with 10 bytes per pipeline - * (50 bytes in total). This is a ridiculously small number of bytes - - * but sufficient for our purposes - */ - if (!TEST_true(SSL_set_max_pipelines(peera, numpipes)) - || !TEST_true(SSL_set_split_send_fragment(peera, (long)fragsize))) - goto end; - - if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) - goto end; - - /* Write some data from peera to peerb */ - if (!TEST_true(SSL_write_ex(peera, msg, msglen, &written)) - || !TEST_size_t_eq(written, msglen)) - goto end; - - /* - * If the pipelining code worked, then we expect all |numpipes| pipelines to - * have been used - except in test 3 where only |numpipes - 1| pipelines - * will be used. This will result in |numpipes| records (|numpipes - 1| for - * test 3) having been sent to peerb. Since peerb is not using read_ahead we - * expect this to be read in |numpipes| or |numpipes - 1| separate - * SSL_read_ex calls. In the case of test 4, there is then one additional - * read for left over data that couldn't fit in the previous pipelines - */ - for (offset = 0, numreads = 0; - offset < msglen; - offset += readbytes, numreads++) { - if (!TEST_true(SSL_read_ex(peerb, buf + offset, - msglen - offset, &readbytes))) - goto end; - } - - expectedreads = idx == 4 ? numpipes + 1 - : (idx == 3 ? numpipes - 1 : numpipes); - if (!TEST_mem_eq(msg, msglen, buf, offset) - || !TEST_int_eq(numreads, expectedreads)) - goto end; - - /* - * Write some data from peerb to peera. We do this in up to |numpipes + 1| - * chunks to exercise the read pipelining code on peera. - */ - for (offset = 0; offset < msglen; offset += fragsize) { - size_t sendlen = msglen - offset; - - if (sendlen > fragsize) - sendlen = fragsize; - if (!TEST_true(SSL_write_ex(peerb, msg + offset, sendlen, &written)) - || !TEST_size_t_eq(written, sendlen)) - goto end; - } - - /* - * The data was written in |numpipes|, |numpipes - 1| or |numpipes + 1| - * separate chunks (depending on which test we are running). If the - * pipelining is working then we expect peera to read up to numpipes chunks - * and process them in parallel, giving back the complete result in a single - * call to SSL_read_ex - */ - if (!TEST_true(SSL_read_ex(peera, buf, msglen, &readbytes)) - || !TEST_size_t_le(readbytes, msglen)) - goto end; - - if (idx == 4) { - size_t readbytes2; - - if (!TEST_true(SSL_read_ex(peera, buf + readbytes, - msglen - readbytes, &readbytes2))) - goto end; - readbytes += readbytes2; - if (!TEST_size_t_le(readbytes, msglen)) - goto end; - } - - if (!TEST_mem_eq(msg, msglen, buf, readbytes)) - goto end; - - testresult = 1; -end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - if (e != NULL) { - ENGINE_unregister_ciphers(e); - ENGINE_finish(e); - ENGINE_free(e); - } - OPENSSL_free(buf); - if (fragsize == SSL3_RT_MAX_PLAIN_LENGTH) - OPENSSL_free(msg); - return testresult; -} -#endif /* !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) */ - static int check_version_string(SSL *s, int version) { const char *verstr = NULL; @@ -14190,9 +13990,6 @@ int setup_tests(void) #endif #if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) ADD_ALL_TESTS(test_serverinfo_custom, 4); -#endif -#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) - ADD_ALL_TESTS(test_pipelining, 7); #endif ADD_ALL_TESTS(test_version, 6); ADD_TEST(test_rstate_string); diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index 3b48dc92b1b..78705f78051 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -20,7 +20,6 @@ #include #include #include -#include #ifndef OPENSSL_NO_QUIC /* This test does not link libssl so avoid pulling in QUIC unwrappers. */ @@ -199,8 +198,6 @@ static int test_func(int test) * Test 2: Attempt to free buffers after a full record header but no record body * Test 3: Attempt to free buffers after a full record hedaer and partial record * body - * Test 4-7: We repeat tests 0-3 but including data from a second pipelined - * record */ static int test_free_buffers(int test) { @@ -209,55 +206,22 @@ static int test_free_buffers(int test) const char testdata[] = "Test data"; char buf[120]; size_t written, readbytes; - int i, pipeline = test > 3; - ENGINE *e = NULL; - - if (pipeline) { - e = load_dasync(); - if (e == NULL) - goto end; - test -= 4; - } if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl, NULL, NULL))) goto end; - if (pipeline) { - if (!TEST_true(SSL_set_cipher_list(serverssl, "AES128-SHA")) - || !TEST_true(SSL_set_max_proto_version(serverssl, - TLS1_2_VERSION)) - || !TEST_true(SSL_set_max_pipelines(serverssl, 2))) - goto end; - } - if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) goto end; - /* - * For the non-pipeline case we write one record. For pipelining we write - * two records. - */ - for (i = 0; i <= pipeline; i++) { - if (!TEST_true(SSL_write_ex(clientssl, testdata, strlen(testdata), - &written))) - goto end; - } + if (!TEST_true(SSL_write_ex(clientssl, testdata, strlen(testdata), + &written))) + goto end; if (test == 0) { - size_t readlen = 1; - - /* - * Deliberately only read the first byte - so the remaining bytes are - * still buffered. In the pipelining case we read as far as the first - * byte from the second record. - */ - if (pipeline) - readlen += strlen(testdata); - - if (!TEST_true(SSL_read_ex(serverssl, buf, readlen, &readbytes)) - || !TEST_size_t_eq(readlen, readbytes)) + if (!TEST_true(SSL_read_ex(serverssl, buf, 1, &readbytes)) + || !TEST_size_t_eq(1, readbytes)) goto end; } else { BIO *tmp; @@ -285,21 +249,6 @@ static int test_free_buffers(int test) goto end; } - if (pipeline) { - /* We happen to know the first record is 57 bytes long */ - const size_t first_rec_len = 57; - - if (test != 3) - partial_len += first_rec_len; - - /* - * Sanity check. If we got the record len right then this should - * never fail. - */ - if (!TEST_int_eq(buf[first_rec_len], SSL3_RT_APPLICATION_DATA)) - goto end; - } - /* * Put back just the partial record (plus the whole initial record in * the pipelining case) @@ -307,25 +256,13 @@ static int test_free_buffers(int test) if (!TEST_true(BIO_write_ex(tmp, buf, partial_len, &written))) goto end; - if (pipeline) { - /* - * Attempt a read. This should pass but only return data from the - * first record. Only a partial record is available for the second - * record. - */ - if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), - &readbytes)) - || !TEST_size_t_eq(readbytes, strlen(testdata))) - goto end; - } else { - /* - * Attempt a read. This should fail because only a partial record is - * available. - */ - if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), - &readbytes))) - goto end; - } + /* + * Attempt a read. This should fail because only a partial record is + * available. + */ + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), + &readbytes))) + goto end; } /* @@ -339,13 +276,6 @@ static int test_free_buffers(int test) end: SSL_free(clientssl); SSL_free(serverssl); -#ifdef TODO_REWRITE_ME_DASYNC_PROVIDER - if (e != NULL) { - ENGINE_unregister_ciphers(e); - ENGINE_finish(e); - ENGINE_free(e); - } -#endif return result; } @@ -372,11 +302,7 @@ int setup_tests(void) } ADD_ALL_TESTS(test_func, 9); -#if !defined(OPENSSL_NO_TLS1_2) && defined(TODO_REWRITE_ME_DASYNC_PROVIDER) - ADD_ALL_TESTS(test_free_buffers, 8); -#else ADD_ALL_TESTS(test_free_buffers, 4); -#endif return 1; }