2
0

ssltestlib.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688
  1. /*
  2. * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <string.h>
  10. #include "internal/nelem.h"
  11. #include "ssltestlib.h"
  12. #include "testutil.h"
  13. static int tls_dump_new(BIO *bi);
  14. static int tls_dump_free(BIO *a);
  15. static int tls_dump_read(BIO *b, char *out, int outl);
  16. static int tls_dump_write(BIO *b, const char *in, int inl);
  17. static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr);
  18. static int tls_dump_gets(BIO *bp, char *buf, int size);
  19. static int tls_dump_puts(BIO *bp, const char *str);
  20. /* Choose a sufficiently large type likely to be unused for this custom BIO */
  21. #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
  22. #define BIO_TYPE_MEMPACKET_TEST 0x81
  23. static BIO_METHOD *method_tls_dump = NULL;
  24. static BIO_METHOD *meth_mem = NULL;
  25. /* Note: Not thread safe! */
  26. const BIO_METHOD *bio_f_tls_dump_filter(void)
  27. {
  28. if (method_tls_dump == NULL) {
  29. method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER,
  30. "TLS dump filter");
  31. if ( method_tls_dump == NULL
  32. || !BIO_meth_set_write(method_tls_dump, tls_dump_write)
  33. || !BIO_meth_set_read(method_tls_dump, tls_dump_read)
  34. || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts)
  35. || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets)
  36. || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl)
  37. || !BIO_meth_set_create(method_tls_dump, tls_dump_new)
  38. || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free))
  39. return NULL;
  40. }
  41. return method_tls_dump;
  42. }
  43. void bio_f_tls_dump_filter_free(void)
  44. {
  45. BIO_meth_free(method_tls_dump);
  46. }
  47. static int tls_dump_new(BIO *bio)
  48. {
  49. BIO_set_init(bio, 1);
  50. return 1;
  51. }
  52. static int tls_dump_free(BIO *bio)
  53. {
  54. BIO_set_init(bio, 0);
  55. return 1;
  56. }
  57. static void copy_flags(BIO *bio)
  58. {
  59. int flags;
  60. BIO *next = BIO_next(bio);
  61. flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
  62. BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS);
  63. BIO_set_flags(bio, flags);
  64. }
  65. #define RECORD_CONTENT_TYPE 0
  66. #define RECORD_VERSION_HI 1
  67. #define RECORD_VERSION_LO 2
  68. #define RECORD_EPOCH_HI 3
  69. #define RECORD_EPOCH_LO 4
  70. #define RECORD_SEQUENCE_START 5
  71. #define RECORD_SEQUENCE_END 10
  72. #define RECORD_LEN_HI 11
  73. #define RECORD_LEN_LO 12
  74. #define MSG_TYPE 0
  75. #define MSG_LEN_HI 1
  76. #define MSG_LEN_MID 2
  77. #define MSG_LEN_LO 3
  78. #define MSG_SEQ_HI 4
  79. #define MSG_SEQ_LO 5
  80. #define MSG_FRAG_OFF_HI 6
  81. #define MSG_FRAG_OFF_MID 7
  82. #define MSG_FRAG_OFF_LO 8
  83. #define MSG_FRAG_LEN_HI 9
  84. #define MSG_FRAG_LEN_MID 10
  85. #define MSG_FRAG_LEN_LO 11
  86. static void dump_data(const char *data, int len)
  87. {
  88. int rem, i, content, reclen, msglen, fragoff, fraglen, epoch;
  89. unsigned char *rec;
  90. printf("---- START OF PACKET ----\n");
  91. rem = len;
  92. rec = (unsigned char *)data;
  93. while (rem > 0) {
  94. if (rem != len)
  95. printf("*\n");
  96. printf("*---- START OF RECORD ----\n");
  97. if (rem < DTLS1_RT_HEADER_LENGTH) {
  98. printf("*---- RECORD TRUNCATED ----\n");
  99. break;
  100. }
  101. content = rec[RECORD_CONTENT_TYPE];
  102. printf("** Record Content-type: %d\n", content);
  103. printf("** Record Version: %02x%02x\n",
  104. rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]);
  105. epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO];
  106. printf("** Record Epoch: %d\n", epoch);
  107. printf("** Record Sequence: ");
  108. for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++)
  109. printf("%02x", rec[i]);
  110. reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO];
  111. printf("\n** Record Length: %d\n", reclen);
  112. /* Now look at message */
  113. rec += DTLS1_RT_HEADER_LENGTH;
  114. rem -= DTLS1_RT_HEADER_LENGTH;
  115. if (content == SSL3_RT_HANDSHAKE) {
  116. printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n");
  117. if (epoch > 0) {
  118. printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n");
  119. } else if (rem < DTLS1_HM_HEADER_LENGTH
  120. || reclen < DTLS1_HM_HEADER_LENGTH) {
  121. printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n");
  122. } else {
  123. printf("*** Message Type: %d\n", rec[MSG_TYPE]);
  124. msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8)
  125. | rec[MSG_LEN_LO];
  126. printf("*** Message Length: %d\n", msglen);
  127. printf("*** Message sequence: %d\n",
  128. (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]);
  129. fragoff = (rec[MSG_FRAG_OFF_HI] << 16)
  130. | (rec[MSG_FRAG_OFF_MID] << 8)
  131. | rec[MSG_FRAG_OFF_LO];
  132. printf("*** Message Fragment offset: %d\n", fragoff);
  133. fraglen = (rec[MSG_FRAG_LEN_HI] << 16)
  134. | (rec[MSG_FRAG_LEN_MID] << 8)
  135. | rec[MSG_FRAG_LEN_LO];
  136. printf("*** Message Fragment len: %d\n", fraglen);
  137. if (fragoff + fraglen > msglen)
  138. printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n");
  139. else if (reclen < fraglen)
  140. printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n");
  141. else
  142. printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n");
  143. }
  144. }
  145. if (rem < reclen) {
  146. printf("*---- RECORD TRUNCATED ----\n");
  147. rem = 0;
  148. } else {
  149. rec += reclen;
  150. rem -= reclen;
  151. printf("*---- END OF RECORD ----\n");
  152. }
  153. }
  154. printf("---- END OF PACKET ----\n\n");
  155. fflush(stdout);
  156. }
  157. static int tls_dump_read(BIO *bio, char *out, int outl)
  158. {
  159. int ret;
  160. BIO *next = BIO_next(bio);
  161. ret = BIO_read(next, out, outl);
  162. copy_flags(bio);
  163. if (ret > 0) {
  164. dump_data(out, ret);
  165. }
  166. return ret;
  167. }
  168. static int tls_dump_write(BIO *bio, const char *in, int inl)
  169. {
  170. int ret;
  171. BIO *next = BIO_next(bio);
  172. ret = BIO_write(next, in, inl);
  173. copy_flags(bio);
  174. return ret;
  175. }
  176. static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr)
  177. {
  178. long ret;
  179. BIO *next = BIO_next(bio);
  180. if (next == NULL)
  181. return 0;
  182. switch (cmd) {
  183. case BIO_CTRL_DUP:
  184. ret = 0L;
  185. break;
  186. default:
  187. ret = BIO_ctrl(next, cmd, num, ptr);
  188. break;
  189. }
  190. return ret;
  191. }
  192. static int tls_dump_gets(BIO *bio, char *buf, int size)
  193. {
  194. /* We don't support this - not needed anyway */
  195. return -1;
  196. }
  197. static int tls_dump_puts(BIO *bio, const char *str)
  198. {
  199. return tls_dump_write(bio, str, strlen(str));
  200. }
  201. struct mempacket_st {
  202. unsigned char *data;
  203. int len;
  204. unsigned int num;
  205. unsigned int type;
  206. };
  207. static void mempacket_free(MEMPACKET *pkt)
  208. {
  209. if (pkt->data != NULL)
  210. OPENSSL_free(pkt->data);
  211. OPENSSL_free(pkt);
  212. }
  213. typedef struct mempacket_test_ctx_st {
  214. STACK_OF(MEMPACKET) *pkts;
  215. unsigned int epoch;
  216. unsigned int currrec;
  217. unsigned int currpkt;
  218. unsigned int lastpkt;
  219. unsigned int noinject;
  220. } MEMPACKET_TEST_CTX;
  221. static int mempacket_test_new(BIO *bi);
  222. static int mempacket_test_free(BIO *a);
  223. static int mempacket_test_read(BIO *b, char *out, int outl);
  224. static int mempacket_test_write(BIO *b, const char *in, int inl);
  225. static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr);
  226. static int mempacket_test_gets(BIO *bp, char *buf, int size);
  227. static int mempacket_test_puts(BIO *bp, const char *str);
  228. const BIO_METHOD *bio_s_mempacket_test(void)
  229. {
  230. if (meth_mem == NULL) {
  231. if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,
  232. "Mem Packet Test"))
  233. || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write))
  234. || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read))
  235. || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts))
  236. || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets))
  237. || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl))
  238. || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new))
  239. || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free)))
  240. return NULL;
  241. }
  242. return meth_mem;
  243. }
  244. void bio_s_mempacket_test_free(void)
  245. {
  246. BIO_meth_free(meth_mem);
  247. }
  248. static int mempacket_test_new(BIO *bio)
  249. {
  250. MEMPACKET_TEST_CTX *ctx;
  251. if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx))))
  252. return 0;
  253. if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) {
  254. OPENSSL_free(ctx);
  255. return 0;
  256. }
  257. BIO_set_init(bio, 1);
  258. BIO_set_data(bio, ctx);
  259. return 1;
  260. }
  261. static int mempacket_test_free(BIO *bio)
  262. {
  263. MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
  264. sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free);
  265. OPENSSL_free(ctx);
  266. BIO_set_data(bio, NULL);
  267. BIO_set_init(bio, 0);
  268. return 1;
  269. }
  270. /* Record Header values */
  271. #define EPOCH_HI 4
  272. #define EPOCH_LO 5
  273. #define RECORD_SEQUENCE 10
  274. #define RECORD_LEN_HI 11
  275. #define RECORD_LEN_LO 12
  276. #define STANDARD_PACKET 0
  277. static int mempacket_test_read(BIO *bio, char *out, int outl)
  278. {
  279. MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
  280. MEMPACKET *thispkt;
  281. unsigned char *rec;
  282. int rem;
  283. unsigned int seq, offset, len, epoch;
  284. BIO_clear_retry_flags(bio);
  285. thispkt = sk_MEMPACKET_value(ctx->pkts, 0);
  286. if (thispkt == NULL || thispkt->num != ctx->currpkt) {
  287. /* Probably run out of data */
  288. BIO_set_retry_read(bio);
  289. return -1;
  290. }
  291. (void)sk_MEMPACKET_shift(ctx->pkts);
  292. ctx->currpkt++;
  293. if (outl > thispkt->len)
  294. outl = thispkt->len;
  295. if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ) {
  296. /*
  297. * Overwrite the record sequence number. We strictly number them in
  298. * the order received. Since we are actually a reliable transport
  299. * we know that there won't be any re-ordering. We overwrite to deal
  300. * with any packets that have been injected
  301. */
  302. for (rem = thispkt->len, rec = thispkt->data
  303. ; rem > 0; rec += len, rem -= len) {
  304. if (rem < DTLS1_RT_HEADER_LENGTH)
  305. return -1;
  306. epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO];
  307. if (epoch != ctx->epoch) {
  308. ctx->epoch = epoch;
  309. ctx->currrec = 0;
  310. }
  311. seq = ctx->currrec;
  312. offset = 0;
  313. do {
  314. rec[RECORD_SEQUENCE - offset] = seq & 0xFF;
  315. seq >>= 8;
  316. offset++;
  317. } while (seq > 0);
  318. ctx->currrec++;
  319. len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO])
  320. + DTLS1_RT_HEADER_LENGTH;
  321. }
  322. }
  323. memcpy(out, thispkt->data, outl);
  324. mempacket_free(thispkt);
  325. return outl;
  326. }
  327. int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum,
  328. int type)
  329. {
  330. MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
  331. MEMPACKET *thispkt, *looppkt, *nextpkt;
  332. int i;
  333. if (ctx == NULL)
  334. return -1;
  335. /* We only allow injection before we've started writing any data */
  336. if (pktnum >= 0) {
  337. if (ctx->noinject)
  338. return -1;
  339. } else {
  340. ctx->noinject = 1;
  341. }
  342. if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt))))
  343. return -1;
  344. if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) {
  345. mempacket_free(thispkt);
  346. return -1;
  347. }
  348. memcpy(thispkt->data, in, inl);
  349. thispkt->len = inl;
  350. thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt;
  351. thispkt->type = type;
  352. for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) {
  353. /* Check if we found the right place to insert this packet */
  354. if (looppkt->num > thispkt->num) {
  355. if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) {
  356. mempacket_free(thispkt);
  357. return -1;
  358. }
  359. /* If we're doing up front injection then we're done */
  360. if (pktnum >= 0)
  361. return inl;
  362. /*
  363. * We need to do some accounting on lastpkt. We increment it first,
  364. * but it might now equal the value of injected packets, so we need
  365. * to skip over those
  366. */
  367. ctx->lastpkt++;
  368. do {
  369. i++;
  370. nextpkt = sk_MEMPACKET_value(ctx->pkts, i);
  371. if (nextpkt != NULL && nextpkt->num == ctx->lastpkt)
  372. ctx->lastpkt++;
  373. else
  374. return inl;
  375. } while(1);
  376. } else if (looppkt->num == thispkt->num) {
  377. if (!ctx->noinject) {
  378. /* We injected two packets with the same packet number! */
  379. return -1;
  380. }
  381. ctx->lastpkt++;
  382. thispkt->num++;
  383. }
  384. }
  385. /*
  386. * We didn't find any packets with a packet number equal to or greater than
  387. * this one, so we just add it onto the end
  388. */
  389. if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) {
  390. mempacket_free(thispkt);
  391. return -1;
  392. }
  393. if (pktnum < 0)
  394. ctx->lastpkt++;
  395. return inl;
  396. }
  397. static int mempacket_test_write(BIO *bio, const char *in, int inl)
  398. {
  399. return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET);
  400. }
  401. static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr)
  402. {
  403. long ret = 1;
  404. MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio);
  405. MEMPACKET *thispkt;
  406. switch (cmd) {
  407. case BIO_CTRL_EOF:
  408. ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0);
  409. break;
  410. case BIO_CTRL_GET_CLOSE:
  411. ret = BIO_get_shutdown(bio);
  412. break;
  413. case BIO_CTRL_SET_CLOSE:
  414. BIO_set_shutdown(bio, (int)num);
  415. break;
  416. case BIO_CTRL_WPENDING:
  417. ret = 0L;
  418. break;
  419. case BIO_CTRL_PENDING:
  420. thispkt = sk_MEMPACKET_value(ctx->pkts, 0);
  421. if (thispkt == NULL)
  422. ret = 0;
  423. else
  424. ret = thispkt->len;
  425. break;
  426. case BIO_CTRL_FLUSH:
  427. ret = 1;
  428. break;
  429. case BIO_CTRL_RESET:
  430. case BIO_CTRL_DUP:
  431. case BIO_CTRL_PUSH:
  432. case BIO_CTRL_POP:
  433. default:
  434. ret = 0;
  435. break;
  436. }
  437. return ret;
  438. }
  439. static int mempacket_test_gets(BIO *bio, char *buf, int size)
  440. {
  441. /* We don't support this - not needed anyway */
  442. return -1;
  443. }
  444. static int mempacket_test_puts(BIO *bio, const char *str)
  445. {
  446. return mempacket_test_write(bio, str, strlen(str));
  447. }
  448. int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
  449. int min_proto_version, int max_proto_version,
  450. SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
  451. char *privkeyfile)
  452. {
  453. SSL_CTX *serverctx = NULL;
  454. SSL_CTX *clientctx = NULL;
  455. if (!TEST_ptr(serverctx = SSL_CTX_new(sm))
  456. || (cctx != NULL && !TEST_ptr(clientctx = SSL_CTX_new(cm))))
  457. goto err;
  458. if ((min_proto_version > 0
  459. && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
  460. min_proto_version)))
  461. || (max_proto_version > 0
  462. && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
  463. max_proto_version))))
  464. goto err;
  465. if (clientctx != NULL
  466. && ((min_proto_version > 0
  467. && !TEST_true(SSL_CTX_set_min_proto_version(serverctx,
  468. min_proto_version)))
  469. || (max_proto_version > 0
  470. && !TEST_true(SSL_CTX_set_max_proto_version(serverctx,
  471. max_proto_version)))))
  472. goto err;
  473. if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,
  474. SSL_FILETYPE_PEM), 1)
  475. || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,
  476. SSL_FILETYPE_PEM), 1)
  477. || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))
  478. goto err;
  479. #ifndef OPENSSL_NO_DH
  480. SSL_CTX_set_dh_auto(serverctx, 1);
  481. #endif
  482. *sctx = serverctx;
  483. if (cctx != NULL)
  484. *cctx = clientctx;
  485. return 1;
  486. err:
  487. SSL_CTX_free(serverctx);
  488. SSL_CTX_free(clientctx);
  489. return 0;
  490. }
  491. #define MAXLOOPS 1000000
  492. /*
  493. * NOTE: Transfers control of the BIOs - this function will free them on error
  494. */
  495. int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
  496. SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio)
  497. {
  498. SSL *serverssl = NULL, *clientssl = NULL;
  499. BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL;
  500. if (*sssl != NULL)
  501. serverssl = *sssl;
  502. else if (!TEST_ptr(serverssl = SSL_new(serverctx)))
  503. goto error;
  504. if (*cssl != NULL)
  505. clientssl = *cssl;
  506. else if (!TEST_ptr(clientssl = SSL_new(clientctx)))
  507. goto error;
  508. if (SSL_is_dtls(clientssl)) {
  509. if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test()))
  510. || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test())))
  511. goto error;
  512. } else {
  513. if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem()))
  514. || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem())))
  515. goto error;
  516. }
  517. if (s_to_c_fbio != NULL
  518. && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio)))
  519. goto error;
  520. if (c_to_s_fbio != NULL
  521. && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio)))
  522. goto error;
  523. /* Set Non-blocking IO behaviour */
  524. BIO_set_mem_eof_return(s_to_c_bio, -1);
  525. BIO_set_mem_eof_return(c_to_s_bio, -1);
  526. /* Up ref these as we are passing them to two SSL objects */
  527. SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio);
  528. BIO_up_ref(s_to_c_bio);
  529. BIO_up_ref(c_to_s_bio);
  530. SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio);
  531. *sssl = serverssl;
  532. *cssl = clientssl;
  533. return 1;
  534. error:
  535. SSL_free(serverssl);
  536. SSL_free(clientssl);
  537. BIO_free(s_to_c_bio);
  538. BIO_free(c_to_s_bio);
  539. BIO_free(s_to_c_fbio);
  540. BIO_free(c_to_s_fbio);
  541. return 0;
  542. }
  543. int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
  544. {
  545. int retc = -1, rets = -1, err, abortctr = 0;
  546. int clienterr = 0, servererr = 0;
  547. unsigned char buf;
  548. size_t readbytes;
  549. do {
  550. err = SSL_ERROR_WANT_WRITE;
  551. while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) {
  552. retc = SSL_connect(clientssl);
  553. if (retc <= 0)
  554. err = SSL_get_error(clientssl, retc);
  555. }
  556. if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) {
  557. TEST_info("SSL_connect() failed %d, %d", retc, err);
  558. clienterr = 1;
  559. }
  560. if (want != SSL_ERROR_NONE && err == want)
  561. return 0;
  562. err = SSL_ERROR_WANT_WRITE;
  563. while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
  564. rets = SSL_accept(serverssl);
  565. if (rets <= 0)
  566. err = SSL_get_error(serverssl, rets);
  567. }
  568. if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) {
  569. TEST_info("SSL_accept() failed %d, %d", rets, err);
  570. servererr = 1;
  571. }
  572. if (want != SSL_ERROR_NONE && err == want)
  573. return 0;
  574. if (clienterr && servererr)
  575. return 0;
  576. if (++abortctr == MAXLOOPS) {
  577. TEST_info("No progress made");
  578. return 0;
  579. }
  580. } while (retc <=0 || rets <= 0);
  581. /*
  582. * We attempt to read some data on the client side which we expect to fail.
  583. * This will ensure we have received the NewSessionTicket in TLSv1.3 where
  584. * appropriate.
  585. */
  586. if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {
  587. if (!TEST_ulong_eq(readbytes, 0))
  588. return 0;
  589. } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) {
  590. return 0;
  591. }
  592. return 1;
  593. }
  594. void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl)
  595. {
  596. SSL_shutdown(clientssl);
  597. SSL_shutdown(serverssl);
  598. SSL_free(serverssl);
  599. SSL_free(clientssl);
  600. }