diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-06-20 17:11:28 +0200 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2022-07-28 10:04:28 +0100 |
commit | 38b051a1fedc79ebf24a96de2e9a326ad3665baf (patch) | |
tree | e32fa2a0a5cf8572b48b3cb8a1aac2a20d0b439f /test | |
parent | ce602bb0a20589e5a84c48a55ce13219ab881e84 (diff) | |
download | openssl-new-38b051a1fedc79ebf24a96de2e9a326ad3665baf.tar.gz |
SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.
It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
Diffstat (limited to 'test')
-rw-r--r-- | test/dtls_mtu_test.c | 5 | ||||
-rw-r--r-- | test/helpers/handshake.c | 8 | ||||
-rw-r--r-- | test/sslapitest.c | 61 | ||||
-rw-r--r-- | test/tls13encryptiontest.c | 11 | ||||
-rw-r--r-- | test/tls13secretstest.c | 28 |
5 files changed, 71 insertions, 42 deletions
diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 2395b9d922..b11d5e3461 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -55,6 +55,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) size_t mtus[30]; unsigned char buf[600]; int rv = 0; + SSL_CONNECTION *clnt_sc; memset(buf, 0x5a, sizeof(buf)); @@ -132,8 +133,10 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) } } } + if (!TEST_ptr(clnt_sc = SSL_CONNECTION_FROM_SSL_ONLY(clnt_ssl))) + goto end; rv = 1; - if (SSL_READ_ETM(clnt_ssl)) + if (SSL_READ_ETM(clnt_sc)) rv = 2; end: SSL_free(clnt_ssl); diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index 7b2798b353..fc7f026300 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -978,9 +978,15 @@ static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer) return; } else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) { if (SSL_is_server(peer->ssl)) { + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(peer->ssl); + + if (sc == NULL) { + peer->status = PEER_ERROR; + return; + } /* Make the server believe it's received the extension */ if (test_ctx->extra.server.force_pha) - peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; + sc->post_handshake_auth = SSL_PHA_EXT_RECEIVED; ret = SSL_verify_client_post_handshake(peer->ssl); if (!ret) { peer->status = PEER_ERROR; diff --git a/test/sslapitest.c b/test/sslapitest.c index 1ab2534efc..2e091e74ff 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1079,12 +1079,17 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) char srec_wseq_after[SEQ_NUM_SIZE]; char srec_rseq_before[SEQ_NUM_SIZE]; char srec_rseq_after[SEQ_NUM_SIZE]; + SSL_CONNECTION *clientsc, *serversc; + + if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl)) + || !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; cbuf[0] = count++; - memcpy(crec_wseq_before, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_before, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); - memcpy(srec_wseq_before, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_before, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); + memcpy(crec_wseq_before, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_before, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE); + memcpy(srec_wseq_before, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_before, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE); if (!TEST_true(SSL_write(clientssl, cbuf, sizeof(cbuf)) == sizeof(cbuf))) goto end; @@ -1104,10 +1109,10 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) } } - memcpy(crec_wseq_after, &clientssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(crec_rseq_after, &clientssl->rlayer.read_sequence, SEQ_NUM_SIZE); - memcpy(srec_wseq_after, &serverssl->rlayer.write_sequence, SEQ_NUM_SIZE); - memcpy(srec_rseq_after, &serverssl->rlayer.read_sequence, SEQ_NUM_SIZE); + memcpy(crec_wseq_after, &clientsc->rlayer.write_sequence, SEQ_NUM_SIZE); + memcpy(crec_rseq_after, &clientsc->rlayer.read_sequence, SEQ_NUM_SIZE); + memcpy(srec_wseq_after, &serversc->rlayer.write_sequence, SEQ_NUM_SIZE); + memcpy(srec_rseq_after, &serversc->rlayer.read_sequence, SEQ_NUM_SIZE); /* verify the payload */ if (!TEST_mem_eq(cbuf, sizeof(cbuf), sbuf, sizeof(sbuf))) @@ -1117,7 +1122,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) * If ktls is used then kernel sequences are used instead of * OpenSSL sequences */ - if (!BIO_get_ktls_send(clientssl->wbio)) { + if (!BIO_get_ktls_send(clientsc->wbio)) { if (!TEST_mem_ne(crec_wseq_before, SEQ_NUM_SIZE, crec_wseq_after, SEQ_NUM_SIZE)) goto end; @@ -1127,7 +1132,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) goto end; } - if (!BIO_get_ktls_send(serverssl->wbio)) { + if (!BIO_get_ktls_send(serversc->wbio)) { if (!TEST_mem_ne(srec_wseq_before, SEQ_NUM_SIZE, srec_wseq_after, SEQ_NUM_SIZE)) goto end; @@ -1137,7 +1142,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) goto end; } - if (!BIO_get_ktls_recv(clientssl->wbio)) { + if (!BIO_get_ktls_recv(clientsc->wbio)) { if (!TEST_mem_ne(crec_rseq_before, SEQ_NUM_SIZE, crec_rseq_after, SEQ_NUM_SIZE)) goto end; @@ -1147,7 +1152,7 @@ static int ping_pong_query(SSL *clientssl, SSL *serverssl) goto end; } - if (!BIO_get_ktls_recv(serverssl->wbio)) { + if (!BIO_get_ktls_recv(serversc->wbio)) { if (!TEST_mem_ne(srec_rseq_before, SEQ_NUM_SIZE, srec_rseq_after, SEQ_NUM_SIZE)) goto end; @@ -1170,6 +1175,7 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, int ktls_used = 0, testresult = 0; int cfd = -1, sfd = -1; int rx_supported; + SSL_CONNECTION *clientsc, *serversc; if (!TEST_true(create_test_sockets(&cfd, &sfd))) goto end; @@ -1206,6 +1212,10 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, &clientssl, sfd, cfd))) goto end; + if (!TEST_ptr(clientsc = SSL_CONNECTION_FROM_SSL_ONLY(clientssl)) + || !TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + if (cis_ktls) { if (!TEST_true(SSL_set_options(clientssl, SSL_OP_ENABLE_KTLS))) goto end; @@ -1225,18 +1235,18 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, * isn't enabled. */ if (!cis_ktls) { - if (!TEST_false(BIO_get_ktls_send(clientssl->wbio))) + if (!TEST_false(BIO_get_ktls_send(clientsc->wbio))) goto end; } else { - if (BIO_get_ktls_send(clientssl->wbio)) + if (BIO_get_ktls_send(clientsc->wbio)) ktls_used = 1; } if (!sis_ktls) { - if (!TEST_false(BIO_get_ktls_send(serverssl->wbio))) + if (!TEST_false(BIO_get_ktls_send(serversc->wbio))) goto end; } else { - if (BIO_get_ktls_send(serverssl->wbio)) + if (BIO_get_ktls_send(serversc->wbio)) ktls_used = 1; } @@ -1246,18 +1256,18 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, rx_supported = 1; #endif if (!cis_ktls || !rx_supported) { - if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) + if (!TEST_false(BIO_get_ktls_recv(clientsc->rbio))) goto end; } else { - if (BIO_get_ktls_send(clientssl->rbio)) + if (BIO_get_ktls_send(clientsc->rbio)) ktls_used = 1; } if (!sis_ktls || !rx_supported) { - if (!TEST_false(BIO_get_ktls_recv(serverssl->rbio))) + if (!TEST_false(BIO_get_ktls_recv(serversc->rbio))) goto end; } else { - if (BIO_get_ktls_send(serverssl->rbio)) + if (BIO_get_ktls_send(serversc->rbio)) ktls_used = 1; } @@ -1306,6 +1316,7 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) off_t chunk_off = 0; int testresult = 0; FILE *ffdp; + SSL_CONNECTION *serversc; buf = OPENSSL_zalloc(SENDFILE_SZ); buf_dst = OPENSSL_zalloc(SENDFILE_SZ); @@ -1345,6 +1356,9 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) &clientssl, sfd, cfd))) goto end; + if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + if (!TEST_true(SSL_set_options(serverssl, SSL_OP_ENABLE_KTLS))) goto end; @@ -1352,7 +1366,7 @@ static int execute_test_ktls_sendfile(int tls_version, const char *cipher) SSL_ERROR_NONE))) goto end; - if (!BIO_get_ktls_send(serverssl->wbio)) { + if (!BIO_get_ktls_send(serversc->wbio)) { testresult = TEST_skip("Failed to enable KTLS for %s cipher %s", tls_version == TLS1_3_VERSION ? "TLS 1.3" : "TLS 1.2", cipher); @@ -1529,6 +1543,7 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, int testresult = 0; SSL3_RECORD *rr; void *zbuf; + SSL_CONNECTION *serversc; static unsigned char cbuf[16000]; static unsigned char sbuf[16000]; @@ -1589,7 +1604,9 @@ static int execute_cleanse_plaintext(const SSL_METHOD *smeth, * layer is a plaintext record. We can gather the pointer to check * for zeroization after SSL_read(). */ - rr = serverssl->rlayer.rrec; + if (!TEST_ptr(serversc = SSL_CONNECTION_FROM_SSL_ONLY(serverssl))) + goto end; + rr = serversc->rlayer.rrec; zbuf = &rr->data[rr->off]; if (!TEST_int_eq(rr->length, sizeof(cbuf))) goto end; diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index d2df29e6fd..0ce5ee1328 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -304,12 +304,13 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) static int test_tls13_encryption(void) { SSL_CTX *ctx = NULL; - SSL *s = NULL; + SSL *ssl = NULL; SSL3_RECORD rec; unsigned char *key = NULL, *iv = NULL, *seq = NULL; const EVP_CIPHER *ciph = EVP_aes_128_gcm(); int ret = 0; size_t ivlen, ctr; + SSL_CONNECTION *s; /* * Encrypted TLSv1.3 records always have an outer content type of @@ -325,8 +326,8 @@ static int test_tls13_encryption(void) goto err; } - s = SSL_new(ctx); - if (!TEST_ptr(s)) { + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) { TEST_info("Failed creating SSL"); goto err; } @@ -339,7 +340,7 @@ static int test_tls13_encryption(void) if (!TEST_ptr(s->enc_write_ctx)) goto err; - s->s3.tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES); + s->s3.tmp.new_cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); if (!TEST_ptr(s->s3.tmp.new_cipher)) { TEST_info("Failed to find cipher"); goto err; @@ -405,7 +406,7 @@ static int test_tls13_encryption(void) OPENSSL_free(key); OPENSSL_free(iv); OPENSSL_free(seq); - SSL_free(s); + SSL_free(ssl); SSL_CTX_free(ctx); return ret; } diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index bf214d3d5b..6a2479210a 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -126,7 +126,7 @@ static unsigned char server_ats_iv[] = { }; /* Mocked out implementations of various functions */ -int ssl3_digest_cached_records(SSL *s, int keep) +int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) { return 1; } @@ -134,7 +134,7 @@ int ssl3_digest_cached_records(SSL *s, int keep) static int full_hash = 0; /* Give a hash of the currently set handshake */ -int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, +int ssl_handshake_hash(SSL_CONNECTION *s, unsigned char *out, size_t outlen, size_t *hashlen) { if (sizeof(hs_start_hash) > outlen @@ -152,7 +152,7 @@ int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen, return 1; } -const EVP_MD *ssl_handshake_md(SSL *s) +const EVP_MD *ssl_handshake_md(SSL_CONNECTION *s) { return EVP_sha256(); } @@ -185,7 +185,7 @@ int tls1_alert_code(int code) return code; } -int ssl_log_secret(SSL *ssl, +int ssl_log_secret(SSL_CONNECTION *sc, const char *label, const uint8_t *secret, size_t secret_len) @@ -198,20 +198,21 @@ const EVP_MD *ssl_md(SSL_CTX *ctx, int idx) return EVP_sha256(); } -void ossl_statem_send_fatal(SSL *s, int al) +void ossl_statem_send_fatal(SSL_CONNECTION *s, int al) { } -void ossl_statem_fatal(SSL *s, int al, int reason, const char *fmt, ...) +void ossl_statem_fatal(SSL_CONNECTION *s, int al, int reason, + const char *fmt, ...) { } -int ossl_statem_export_allowed(SSL *s) +int ossl_statem_export_allowed(SSL_CONNECTION *s) { return 1; } -int ossl_statem_export_early_allowed(SSL *s) +int ossl_statem_export_early_allowed(SSL_CONNECTION *s) { return 1; } @@ -226,7 +227,7 @@ void ssl_evp_md_free(const EVP_MD *md) /* End of mocked out code */ -static int test_secret(SSL *s, unsigned char *prk, +static int test_secret(SSL_CONNECTION *s, unsigned char *prk, const unsigned char *label, size_t labellen, const unsigned char *ref_secret, const unsigned char *ref_key, const unsigned char *ref_iv) @@ -274,7 +275,8 @@ static int test_secret(SSL *s, unsigned char *prk, static int test_handshake_secrets(void) { SSL_CTX *ctx = NULL; - SSL *s = NULL; + SSL *ssl = NULL; + SSL_CONNECTION *s; int ret = 0; size_t hashsize; unsigned char out_master_secret[EVP_MAX_MD_SIZE]; @@ -284,8 +286,8 @@ static int test_handshake_secrets(void) if (!TEST_ptr(ctx)) goto err; - s = SSL_new(ctx); - if (!TEST_ptr(s )) + ssl = SSL_new(ctx); + if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) goto err; s->session = SSL_SESSION_new(); @@ -396,7 +398,7 @@ static int test_handshake_secrets(void) ret = 1; err: - SSL_free(s); + SSL_free(ssl); SSL_CTX_free(ctx); return ret; } |