diff options
author | Matt Caswell <matt@openssl.org> | 2022-10-21 14:32:51 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2022-10-25 11:42:11 +0100 |
commit | 50bed93a7655dc6d990aa42e52b316a97e2dc820 (patch) | |
tree | 703d2468387009b8e292325689ed2e488572bfb9 /test | |
parent | bb2bbd53d49c510c2ae705d86e8fd2ed829cbd92 (diff) | |
download | openssl-new-50bed93a7655dc6d990aa42e52b316a97e2dc820.tar.gz |
Fix test_tls13_encryption()
This test was disabled during the record write record layer refactor.
We can now enable it again.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19470)
Diffstat (limited to 'test')
-rw-r--r-- | test/tls13encryptiontest.c | 82 |
1 files changed, 24 insertions, 58 deletions
diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index dac71d0631..b8dd2ec5e1 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -305,17 +305,14 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc) static int test_tls13_encryption(void) { - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; SSL3_RECORD rec; unsigned char *key = NULL; const EVP_CIPHER *ciph = EVP_aes_128_gcm(); int ret = 0; size_t ivlen, ctr; - SSL_CONNECTION *s; unsigned char seqbuf[SEQ_NUM_SIZE]; unsigned char iv[EVP_MAX_IV_LENGTH]; - OSSL_RECORD_LAYER *rl; + OSSL_RECORD_LAYER *rrl = NULL, *wrl = NULL; /* * Encrypted TLSv1.3 records always have an outer content type of @@ -325,32 +322,6 @@ static int test_tls13_encryption(void) rec.type = SSL3_RT_APPLICATION_DATA; rec.rec_version = TLS1_2_VERSION; - ctx = SSL_CTX_new(TLS_method()); - if (!TEST_ptr(ctx)) { - TEST_info("Failed creating SSL_CTX"); - goto err; - } - - ssl = SSL_new(ctx); - if (!TEST_ptr(ssl) || !TEST_ptr(s = SSL_CONNECTION_FROM_SSL_ONLY(ssl))) { - TEST_info("Failed creating SSL"); - goto err; - } - - s->enc_read_ctx = EVP_CIPHER_CTX_new(); - if (!TEST_ptr(s->enc_read_ctx)) - goto err; - - s->enc_write_ctx = EVP_CIPHER_CTX_new(); - if (!TEST_ptr(s->enc_write_ctx)) - goto err; - - s->s3.tmp.new_cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); - if (!TEST_ptr(s->s3.tmp.new_cipher)) { - TEST_info("Failed to find cipher"); - goto err; - } - for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) { /* Load the record */ ivlen = EVP_CIPHER_get_iv_length(ciph); @@ -359,55 +330,53 @@ static int test_tls13_encryption(void) goto err; } - /* Set up the read/write sequences */ -#if 0 - /* TODO(RECLAYER): Fix me */ - memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), seqbuf, sizeof(seqbuf)); -#endif - memcpy(s->write_iv, iv, ivlen); - - /* Load the key into the EVP_CIPHER_CTXs */ - if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0 - || EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0) - <= 0) { - TEST_error("Failed loading key into EVP_CIPHER_CTX\n"); + /* Set up the write record layer */ + if (!TEST_true(ossl_tls_record_method.new_record_layer( + NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER, + OSSL_RECORD_DIRECTION_WRITE, + OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16, + iv, ivlen, NULL, 0, EVP_aes_128_gcm(), + EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL, NULL, &wrl))) goto err; - } + memcpy(wrl->sequence, seqbuf, sizeof(seqbuf)); /* Encrypt it */ -#if 0 - /* TODO(RECLAYER): Fix me */ - if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1, NULL, 0), 1)) { + if (!TEST_size_t_eq(wrl->funcs->cipher(wrl, &rec, 1, 1, NULL, 0), 1)) { TEST_info("Failed to encrypt record %zu", ctr); goto err; } -#endif + if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) { TEST_info("Record %zu encryption test failed", ctr); goto err; } + /* Set up the read record layer */ if (!TEST_true(ossl_tls_record_method.new_record_layer( NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER, OSSL_RECORD_DIRECTION_READ, OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16, iv, ivlen, NULL, 0, EVP_aes_128_gcm(), EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL, &rl))) { + NULL, NULL, NULL, NULL, NULL, NULL, &rrl))) goto err; - } - memcpy(rl->sequence, seqbuf, sizeof(seqbuf)); + memcpy(rrl->sequence, seqbuf, sizeof(seqbuf)); + /* Decrypt it */ - if (!TEST_int_eq(rl->funcs->cipher(rl, &rec, 1, 0, NULL, 0), 1)) { + if (!TEST_int_eq(rrl->funcs->cipher(rrl, &rec, 1, 0, NULL, 0), 1)) { TEST_info("Failed to decrypt record %zu", ctr); goto err; } + if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) { TEST_info("Record %zu decryption test failed", ctr); goto err; } - ossl_tls_record_method.free(rl); + ossl_tls_record_method.free(rrl); + ossl_tls_record_method.free(wrl); + rrl = wrl = NULL; OPENSSL_free(rec.data); OPENSSL_free(key); rec.data = NULL; @@ -418,18 +387,15 @@ static int test_tls13_encryption(void) ret = 1; err: + ossl_tls_record_method.free(rrl); + ossl_tls_record_method.free(wrl); OPENSSL_free(rec.data); OPENSSL_free(key); - SSL_free(ssl); - SSL_CTX_free(ctx); return ret; } int setup_tests(void) { - if (0) { - /* TODO(RECLAYER): This test needs fixing for the new record layer */ - ADD_TEST(test_tls13_encryption); - } + ADD_TEST(test_tls13_encryption); return 1; } |