1 /* 2 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * We need access to the deprecated low level ENGINE APIs for legacy purposes 12 * when the deprecated calls are not hidden 13 */ 14 #ifndef OPENSSL_NO_DEPRECATED_3_0 15 # define OPENSSL_SUPPRESS_DEPRECATED 16 #endif 17 18 #include <string.h> 19 20 #include <openssl/engine.h> 21 #include "internal/e_os.h" 22 #include "internal/nelem.h" 23 #include "ssltestlib.h" 24 #include "../testutil.h" 25 26 #if (!defined(OPENSSL_NO_KTLS) || !defined(OPENSSL_NO_QUIC)) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_NO_SOCK) 27 # define OSSL_USE_SOCKETS 1 28 # include "internal/e_winsock.h" 29 # include "internal/sockets.h" 30 # include <openssl/bio.h> 31 #endif 32 33 static int tls_dump_new(BIO *bi); 34 static int tls_dump_free(BIO *a); 35 static int tls_dump_read(BIO *b, char *out, int outl); 36 static int tls_dump_write(BIO *b, const char *in, int inl); 37 static long tls_dump_ctrl(BIO *b, int cmd, long num, void *ptr); 38 static int tls_dump_gets(BIO *bp, char *buf, int size); 39 static int tls_dump_puts(BIO *bp, const char *str); 40 41 /* Choose a sufficiently large type likely to be unused for this custom BIO */ 42 #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) 43 #define BIO_TYPE_MEMPACKET_TEST 0x81 44 #define BIO_TYPE_ALWAYS_RETRY 0x82 45 #define BIO_TYPE_MAYBE_RETRY (0x83 | BIO_TYPE_FILTER) 46 47 static BIO_METHOD *method_tls_dump = NULL; 48 static BIO_METHOD *meth_mem = NULL; 49 static BIO_METHOD *meth_always_retry = NULL; 50 static BIO_METHOD *meth_maybe_retry = NULL; 51 static int retry_err = -1; 52 53 /* Note: Not thread safe! */ 54 const BIO_METHOD *bio_f_tls_dump_filter(void) 55 { 56 if (method_tls_dump == NULL) { 57 method_tls_dump = BIO_meth_new(BIO_TYPE_TLS_DUMP_FILTER, 58 "TLS dump filter"); 59 if (method_tls_dump == NULL 60 || !BIO_meth_set_write(method_tls_dump, tls_dump_write) 61 || !BIO_meth_set_read(method_tls_dump, tls_dump_read) 62 || !BIO_meth_set_puts(method_tls_dump, tls_dump_puts) 63 || !BIO_meth_set_gets(method_tls_dump, tls_dump_gets) 64 || !BIO_meth_set_ctrl(method_tls_dump, tls_dump_ctrl) 65 || !BIO_meth_set_create(method_tls_dump, tls_dump_new) 66 || !BIO_meth_set_destroy(method_tls_dump, tls_dump_free)) 67 return NULL; 68 } 69 return method_tls_dump; 70 } 71 72 void bio_f_tls_dump_filter_free(void) 73 { 74 BIO_meth_free(method_tls_dump); 75 } 76 77 static int tls_dump_new(BIO *bio) 78 { 79 BIO_set_init(bio, 1); 80 return 1; 81 } 82 83 static int tls_dump_free(BIO *bio) 84 { 85 BIO_set_init(bio, 0); 86 87 return 1; 88 } 89 90 static void copy_flags(BIO *bio) 91 { 92 int flags; 93 BIO *next = BIO_next(bio); 94 95 flags = BIO_test_flags(next, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); 96 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY | BIO_FLAGS_RWS); 97 BIO_set_flags(bio, flags); 98 } 99 100 #define RECORD_CONTENT_TYPE 0 101 #define RECORD_VERSION_HI 1 102 #define RECORD_VERSION_LO 2 103 #define RECORD_EPOCH_HI 3 104 #define RECORD_EPOCH_LO 4 105 #define RECORD_SEQUENCE_START 5 106 #define RECORD_SEQUENCE_END 10 107 #define RECORD_LEN_HI 11 108 #define RECORD_LEN_LO 12 109 110 #define MSG_TYPE 0 111 #define MSG_LEN_HI 1 112 #define MSG_LEN_MID 2 113 #define MSG_LEN_LO 3 114 #define MSG_SEQ_HI 4 115 #define MSG_SEQ_LO 5 116 #define MSG_FRAG_OFF_HI 6 117 #define MSG_FRAG_OFF_MID 7 118 #define MSG_FRAG_OFF_LO 8 119 #define MSG_FRAG_LEN_HI 9 120 #define MSG_FRAG_LEN_MID 10 121 #define MSG_FRAG_LEN_LO 11 122 123 124 static void dump_data(const char *data, int len) 125 { 126 int rem, i, content, reclen, msglen, fragoff, fraglen, epoch; 127 unsigned char *rec; 128 129 printf("---- START OF PACKET ----\n"); 130 131 rem = len; 132 rec = (unsigned char *)data; 133 134 while (rem > 0) { 135 if (rem != len) 136 printf("*\n"); 137 printf("*---- START OF RECORD ----\n"); 138 if (rem < DTLS1_RT_HEADER_LENGTH) { 139 printf("*---- RECORD TRUNCATED ----\n"); 140 break; 141 } 142 content = rec[RECORD_CONTENT_TYPE]; 143 printf("** Record Content-type: %d\n", content); 144 printf("** Record Version: %02x%02x\n", 145 rec[RECORD_VERSION_HI], rec[RECORD_VERSION_LO]); 146 epoch = (rec[RECORD_EPOCH_HI] << 8) | rec[RECORD_EPOCH_LO]; 147 printf("** Record Epoch: %d\n", epoch); 148 printf("** Record Sequence: "); 149 for (i = RECORD_SEQUENCE_START; i <= RECORD_SEQUENCE_END; i++) 150 printf("%02x", rec[i]); 151 reclen = (rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]; 152 printf("\n** Record Length: %d\n", reclen); 153 154 /* Now look at message */ 155 rec += DTLS1_RT_HEADER_LENGTH; 156 rem -= DTLS1_RT_HEADER_LENGTH; 157 if (content == SSL3_RT_HANDSHAKE) { 158 printf("**---- START OF HANDSHAKE MESSAGE FRAGMENT ----\n"); 159 if (epoch > 0) { 160 printf("**---- HANDSHAKE MESSAGE FRAGMENT ENCRYPTED ----\n"); 161 } else if (rem < DTLS1_HM_HEADER_LENGTH 162 || reclen < DTLS1_HM_HEADER_LENGTH) { 163 printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); 164 } else { 165 printf("*** Message Type: %d\n", rec[MSG_TYPE]); 166 msglen = (rec[MSG_LEN_HI] << 16) | (rec[MSG_LEN_MID] << 8) 167 | rec[MSG_LEN_LO]; 168 printf("*** Message Length: %d\n", msglen); 169 printf("*** Message sequence: %d\n", 170 (rec[MSG_SEQ_HI] << 8) | rec[MSG_SEQ_LO]); 171 fragoff = (rec[MSG_FRAG_OFF_HI] << 16) 172 | (rec[MSG_FRAG_OFF_MID] << 8) 173 | rec[MSG_FRAG_OFF_LO]; 174 printf("*** Message Fragment offset: %d\n", fragoff); 175 fraglen = (rec[MSG_FRAG_LEN_HI] << 16) 176 | (rec[MSG_FRAG_LEN_MID] << 8) 177 | rec[MSG_FRAG_LEN_LO]; 178 printf("*** Message Fragment len: %d\n", fraglen); 179 if (fragoff + fraglen > msglen) 180 printf("***---- HANDSHAKE MESSAGE FRAGMENT INVALID ----\n"); 181 else if (reclen < fraglen) 182 printf("**---- HANDSHAKE MESSAGE FRAGMENT TRUNCATED ----\n"); 183 else 184 printf("**---- END OF HANDSHAKE MESSAGE FRAGMENT ----\n"); 185 } 186 } 187 if (rem < reclen) { 188 printf("*---- RECORD TRUNCATED ----\n"); 189 rem = 0; 190 } else { 191 rec += reclen; 192 rem -= reclen; 193 printf("*---- END OF RECORD ----\n"); 194 } 195 } 196 printf("---- END OF PACKET ----\n\n"); 197 fflush(stdout); 198 } 199 200 static int tls_dump_read(BIO *bio, char *out, int outl) 201 { 202 int ret; 203 BIO *next = BIO_next(bio); 204 205 ret = BIO_read(next, out, outl); 206 copy_flags(bio); 207 208 if (ret > 0) { 209 dump_data(out, ret); 210 } 211 212 return ret; 213 } 214 215 static int tls_dump_write(BIO *bio, const char *in, int inl) 216 { 217 int ret; 218 BIO *next = BIO_next(bio); 219 220 ret = BIO_write(next, in, inl); 221 copy_flags(bio); 222 223 return ret; 224 } 225 226 static long tls_dump_ctrl(BIO *bio, int cmd, long num, void *ptr) 227 { 228 long ret; 229 BIO *next = BIO_next(bio); 230 231 if (next == NULL) 232 return 0; 233 234 switch (cmd) { 235 case BIO_CTRL_DUP: 236 ret = 0L; 237 break; 238 default: 239 ret = BIO_ctrl(next, cmd, num, ptr); 240 break; 241 } 242 return ret; 243 } 244 245 static int tls_dump_gets(BIO *bio, char *buf, int size) 246 { 247 /* We don't support this - not needed anyway */ 248 return -1; 249 } 250 251 static int tls_dump_puts(BIO *bio, const char *str) 252 { 253 return tls_dump_write(bio, str, strlen(str)); 254 } 255 256 257 struct mempacket_st { 258 unsigned char *data; 259 int len; 260 unsigned int num; 261 unsigned int type; 262 }; 263 264 static void mempacket_free(MEMPACKET *pkt) 265 { 266 if (pkt->data != NULL) 267 OPENSSL_free(pkt->data); 268 OPENSSL_free(pkt); 269 } 270 271 typedef struct mempacket_test_ctx_st { 272 STACK_OF(MEMPACKET) *pkts; 273 uint16_t epoch; 274 unsigned int currrec; 275 unsigned int currpkt; 276 unsigned int lastpkt; 277 unsigned int injected; 278 unsigned int noinject; 279 unsigned int dropepoch; 280 int droprec; 281 int duprec; 282 } MEMPACKET_TEST_CTX; 283 284 static int mempacket_test_new(BIO *bi); 285 static int mempacket_test_free(BIO *a); 286 static int mempacket_test_read(BIO *b, char *out, int outl); 287 static int mempacket_test_write(BIO *b, const char *in, int inl); 288 static long mempacket_test_ctrl(BIO *b, int cmd, long num, void *ptr); 289 static int mempacket_test_gets(BIO *bp, char *buf, int size); 290 static int mempacket_test_puts(BIO *bp, const char *str); 291 292 const BIO_METHOD *bio_s_mempacket_test(void) 293 { 294 if (meth_mem == NULL) { 295 if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, 296 "Mem Packet Test")) 297 || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) 298 || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) 299 || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) 300 || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) 301 || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) 302 || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) 303 || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) 304 return NULL; 305 } 306 return meth_mem; 307 } 308 309 void bio_s_mempacket_test_free(void) 310 { 311 BIO_meth_free(meth_mem); 312 } 313 314 static int mempacket_test_new(BIO *bio) 315 { 316 MEMPACKET_TEST_CTX *ctx; 317 318 if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) 319 return 0; 320 if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { 321 OPENSSL_free(ctx); 322 return 0; 323 } 324 ctx->dropepoch = 0; 325 ctx->droprec = -1; 326 BIO_set_init(bio, 1); 327 BIO_set_data(bio, ctx); 328 return 1; 329 } 330 331 static int mempacket_test_free(BIO *bio) 332 { 333 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 334 335 sk_MEMPACKET_pop_free(ctx->pkts, mempacket_free); 336 OPENSSL_free(ctx); 337 BIO_set_data(bio, NULL); 338 BIO_set_init(bio, 0); 339 return 1; 340 } 341 342 /* Record Header values */ 343 #define EPOCH_HI 3 344 #define EPOCH_LO 4 345 #define RECORD_SEQUENCE 10 346 #define RECORD_LEN_HI 11 347 #define RECORD_LEN_LO 12 348 349 #define STANDARD_PACKET 0 350 351 static int mempacket_test_read(BIO *bio, char *out, int outl) 352 { 353 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 354 MEMPACKET *thispkt; 355 unsigned char *rec; 356 int rem; 357 unsigned int seq, offset, len, epoch; 358 359 BIO_clear_retry_flags(bio); 360 if ((thispkt = sk_MEMPACKET_value(ctx->pkts, 0)) == NULL 361 || thispkt->num != ctx->currpkt) { 362 /* Probably run out of data */ 363 BIO_set_retry_read(bio); 364 return -1; 365 } 366 (void)sk_MEMPACKET_shift(ctx->pkts); 367 ctx->currpkt++; 368 369 if (outl > thispkt->len) 370 outl = thispkt->len; 371 372 if (thispkt->type != INJECT_PACKET_IGNORE_REC_SEQ 373 && (ctx->injected || ctx->droprec >= 0)) { 374 /* 375 * Overwrite the record sequence number. We strictly number them in 376 * the order received. Since we are actually a reliable transport 377 * we know that there won't be any re-ordering. We overwrite to deal 378 * with any packets that have been injected 379 */ 380 for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len) { 381 if (rem < DTLS1_RT_HEADER_LENGTH) 382 return -1; 383 epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; 384 if (epoch != ctx->epoch) { 385 ctx->epoch = epoch; 386 ctx->currrec = 0; 387 } 388 seq = ctx->currrec; 389 offset = 0; 390 do { 391 rec[RECORD_SEQUENCE - offset] = seq & 0xFF; 392 seq >>= 8; 393 offset++; 394 } while (seq > 0); 395 396 len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) 397 + DTLS1_RT_HEADER_LENGTH; 398 if (rem < (int)len) 399 return -1; 400 if (ctx->droprec == (int)ctx->currrec && ctx->dropepoch == epoch) { 401 if (rem > (int)len) 402 memmove(rec, rec + len, rem - len); 403 outl -= len; 404 ctx->droprec = -1; 405 if (outl == 0) 406 BIO_set_retry_read(bio); 407 } else { 408 rec += len; 409 } 410 411 ctx->currrec++; 412 } 413 } 414 415 memcpy(out, thispkt->data, outl); 416 mempacket_free(thispkt); 417 return outl; 418 } 419 420 /* 421 * Look for records from different epochs in the last datagram and swap them 422 * around 423 */ 424 int mempacket_swap_epoch(BIO *bio) 425 { 426 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 427 MEMPACKET *thispkt; 428 int rem, len, prevlen = 0, pktnum; 429 unsigned char *rec, *prevrec = NULL, *tmp; 430 unsigned int epoch; 431 int numpkts = sk_MEMPACKET_num(ctx->pkts); 432 433 if (numpkts <= 0) 434 return 0; 435 436 /* 437 * If there are multiple packets we only look in the last one. This should 438 * always be the one where any epoch change occurs. 439 */ 440 thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 1); 441 if (thispkt == NULL) 442 return 0; 443 444 for (rem = thispkt->len, rec = thispkt->data; rem > 0; rem -= len, rec += len) { 445 if (rem < DTLS1_RT_HEADER_LENGTH) 446 return 0; 447 epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; 448 len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) 449 + DTLS1_RT_HEADER_LENGTH; 450 if (rem < len) 451 return 0; 452 453 /* Assumes the epoch change does not happen on the first record */ 454 if (epoch != ctx->epoch) { 455 if (prevrec == NULL) 456 return 0; 457 458 /* 459 * We found 2 records with different epochs. Take a copy of the 460 * earlier record 461 */ 462 tmp = OPENSSL_malloc(prevlen); 463 if (tmp == NULL) 464 return 0; 465 466 memcpy(tmp, prevrec, prevlen); 467 /* 468 * Move everything from this record onwards, including any trailing 469 * records, and overwrite the earlier record 470 */ 471 memmove(prevrec, rec, rem); 472 thispkt->len -= prevlen; 473 pktnum = thispkt->num; 474 475 /* 476 * Create a new packet for the earlier record that we took out and 477 * add it to the end of the packet list. 478 */ 479 thispkt = OPENSSL_malloc(sizeof(*thispkt)); 480 if (thispkt == NULL) { 481 OPENSSL_free(tmp); 482 return 0; 483 } 484 thispkt->type = INJECT_PACKET; 485 thispkt->data = tmp; 486 thispkt->len = prevlen; 487 thispkt->num = pktnum + 1; 488 if (sk_MEMPACKET_insert(ctx->pkts, thispkt, numpkts) <= 0) { 489 OPENSSL_free(tmp); 490 OPENSSL_free(thispkt); 491 return 0; 492 } 493 494 return 1; 495 } 496 prevrec = rec; 497 prevlen = len; 498 } 499 500 return 0; 501 } 502 503 /* Move packet from position s to position d in the list (d < s) */ 504 int mempacket_move_packet(BIO *bio, int d, int s) 505 { 506 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 507 MEMPACKET *thispkt; 508 int numpkts = sk_MEMPACKET_num(ctx->pkts); 509 int i; 510 511 if (d >= s) 512 return 0; 513 514 /* We need at least s + 1 packets to be able to swap them */ 515 if (numpkts <= s) 516 return 0; 517 518 /* Get the packet at position s */ 519 thispkt = sk_MEMPACKET_value(ctx->pkts, s); 520 if (thispkt == NULL) 521 return 0; 522 523 /* Remove and re-add it */ 524 if (sk_MEMPACKET_delete(ctx->pkts, s) != thispkt) 525 return 0; 526 527 thispkt->num -= (s - d); 528 if (sk_MEMPACKET_insert(ctx->pkts, thispkt, d) <= 0) 529 return 0; 530 531 /* Increment the packet numbers for moved packets */ 532 for (i = d + 1; i <= s; i++) { 533 thispkt = sk_MEMPACKET_value(ctx->pkts, i); 534 thispkt->num++; 535 } 536 return 1; 537 } 538 539 int mempacket_dup_last_packet(BIO *bio) 540 { 541 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 542 MEMPACKET *thispkt, *duppkt; 543 int numpkts = sk_MEMPACKET_num(ctx->pkts); 544 545 /* We can only duplicate a packet if there is at least 1 pending */ 546 if (numpkts <= 0) 547 return 0; 548 549 /* Get the last packet */ 550 thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 1); 551 if (thispkt == NULL) 552 return 0; 553 554 duppkt = OPENSSL_malloc(sizeof(*duppkt)); 555 if (duppkt == NULL) 556 return 0; 557 558 *duppkt = *thispkt; 559 duppkt->data = OPENSSL_memdup(thispkt->data, thispkt->len); 560 if (duppkt->data == NULL) { 561 mempacket_free(duppkt); 562 return 0; 563 } 564 duppkt->num++; 565 if (sk_MEMPACKET_insert(ctx->pkts, duppkt, numpkts) <= 0) { 566 mempacket_free(duppkt); 567 return 0; 568 } 569 570 return 1; 571 } 572 573 int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, 574 int type) 575 { 576 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 577 MEMPACKET *thispkt = NULL, *looppkt, *nextpkt, *allpkts[3]; 578 int i, duprec; 579 const unsigned char *inu = (const unsigned char *)in; 580 size_t len = ((inu[RECORD_LEN_HI] << 8) | inu[RECORD_LEN_LO]) 581 + DTLS1_RT_HEADER_LENGTH; 582 583 if (ctx == NULL) 584 return -1; 585 586 if ((size_t)inl < len) 587 return -1; 588 589 if ((size_t)inl == len) 590 duprec = 0; 591 else 592 duprec = ctx->duprec > 0; 593 594 /* We don't support arbitrary injection when duplicating records */ 595 if (duprec && pktnum != -1) 596 return -1; 597 598 /* We only allow injection before we've started writing any data */ 599 if (pktnum >= 0) { 600 if (ctx->noinject) 601 return -1; 602 ctx->injected = 1; 603 } else { 604 ctx->noinject = 1; 605 } 606 607 for (i = 0; i < (duprec ? 3 : 1); i++) { 608 if (!TEST_ptr(allpkts[i] = OPENSSL_malloc(sizeof(*thispkt)))) 609 goto err; 610 thispkt = allpkts[i]; 611 612 if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) 613 goto err; 614 /* 615 * If we are duplicating the packet, we duplicate it three times. The 616 * first two times we drop the first record if there are more than one. 617 * In this way we know that libssl will not be able to make progress 618 * until it receives the last packet, and hence will be forced to 619 * buffer these records. 620 */ 621 if (duprec && i != 2) { 622 memcpy(thispkt->data, in + len, inl - len); 623 thispkt->len = inl - len; 624 } else { 625 memcpy(thispkt->data, in, inl); 626 thispkt->len = inl; 627 } 628 thispkt->num = (pktnum >= 0) ? (unsigned int)pktnum : ctx->lastpkt + i; 629 thispkt->type = type; 630 } 631 632 for (i = 0; i < sk_MEMPACKET_num(ctx->pkts); i++) { 633 if (!TEST_ptr(looppkt = sk_MEMPACKET_value(ctx->pkts, i))) 634 goto err; 635 /* Check if we found the right place to insert this packet */ 636 if (looppkt->num > thispkt->num) { 637 if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) 638 goto err; 639 /* If we're doing up front injection then we're done */ 640 if (pktnum >= 0) 641 return inl; 642 /* 643 * We need to do some accounting on lastpkt. We increment it first, 644 * but it might now equal the value of injected packets, so we need 645 * to skip over those 646 */ 647 ctx->lastpkt++; 648 do { 649 i++; 650 nextpkt = sk_MEMPACKET_value(ctx->pkts, i); 651 if (nextpkt != NULL && nextpkt->num == ctx->lastpkt) 652 ctx->lastpkt++; 653 else 654 return inl; 655 } while(1); 656 } else if (looppkt->num == thispkt->num) { 657 if (!ctx->noinject) { 658 /* We injected two packets with the same packet number! */ 659 goto err; 660 } 661 ctx->lastpkt++; 662 thispkt->num++; 663 } 664 } 665 /* 666 * We didn't find any packets with a packet number equal to or greater than 667 * this one, so we just add it onto the end 668 */ 669 for (i = 0; i < (duprec ? 3 : 1); i++) { 670 thispkt = allpkts[i]; 671 if (!sk_MEMPACKET_push(ctx->pkts, thispkt)) 672 goto err; 673 674 if (pktnum < 0) 675 ctx->lastpkt++; 676 } 677 678 return inl; 679 680 err: 681 for (i = 0; i < (ctx->duprec > 0 ? 3 : 1); i++) 682 mempacket_free(allpkts[i]); 683 return -1; 684 } 685 686 static int mempacket_test_write(BIO *bio, const char *in, int inl) 687 { 688 return mempacket_test_inject(bio, in, inl, -1, STANDARD_PACKET); 689 } 690 691 static long mempacket_test_ctrl(BIO *bio, int cmd, long num, void *ptr) 692 { 693 long ret = 1; 694 MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); 695 MEMPACKET *thispkt; 696 697 switch (cmd) { 698 case BIO_CTRL_EOF: 699 ret = (long)(sk_MEMPACKET_num(ctx->pkts) == 0); 700 break; 701 case BIO_CTRL_GET_CLOSE: 702 ret = BIO_get_shutdown(bio); 703 break; 704 case BIO_CTRL_SET_CLOSE: 705 BIO_set_shutdown(bio, (int)num); 706 break; 707 case BIO_CTRL_WPENDING: 708 ret = 0L; 709 break; 710 case BIO_CTRL_PENDING: 711 thispkt = sk_MEMPACKET_value(ctx->pkts, 0); 712 if (thispkt == NULL) 713 ret = 0; 714 else 715 ret = thispkt->len; 716 break; 717 case BIO_CTRL_FLUSH: 718 ret = 1; 719 break; 720 case MEMPACKET_CTRL_SET_DROP_EPOCH: 721 ctx->dropepoch = (unsigned int)num; 722 break; 723 case MEMPACKET_CTRL_SET_DROP_REC: 724 ctx->droprec = (int)num; 725 break; 726 case MEMPACKET_CTRL_GET_DROP_REC: 727 ret = ctx->droprec; 728 break; 729 case MEMPACKET_CTRL_SET_DUPLICATE_REC: 730 ctx->duprec = (int)num; 731 break; 732 case BIO_CTRL_RESET: 733 case BIO_CTRL_DUP: 734 case BIO_CTRL_PUSH: 735 case BIO_CTRL_POP: 736 default: 737 ret = 0; 738 break; 739 } 740 return ret; 741 } 742 743 static int mempacket_test_gets(BIO *bio, char *buf, int size) 744 { 745 /* We don't support this - not needed anyway */ 746 return -1; 747 } 748 749 static int mempacket_test_puts(BIO *bio, const char *str) 750 { 751 return mempacket_test_write(bio, str, strlen(str)); 752 } 753 754 static int always_retry_new(BIO *bi); 755 static int always_retry_free(BIO *a); 756 static int always_retry_read(BIO *b, char *out, int outl); 757 static int always_retry_write(BIO *b, const char *in, int inl); 758 static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr); 759 static int always_retry_gets(BIO *bp, char *buf, int size); 760 static int always_retry_puts(BIO *bp, const char *str); 761 762 const BIO_METHOD *bio_s_always_retry(void) 763 { 764 if (meth_always_retry == NULL) { 765 if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY, 766 "Always Retry")) 767 || !TEST_true(BIO_meth_set_write(meth_always_retry, 768 always_retry_write)) 769 || !TEST_true(BIO_meth_set_read(meth_always_retry, 770 always_retry_read)) 771 || !TEST_true(BIO_meth_set_puts(meth_always_retry, 772 always_retry_puts)) 773 || !TEST_true(BIO_meth_set_gets(meth_always_retry, 774 always_retry_gets)) 775 || !TEST_true(BIO_meth_set_ctrl(meth_always_retry, 776 always_retry_ctrl)) 777 || !TEST_true(BIO_meth_set_create(meth_always_retry, 778 always_retry_new)) 779 || !TEST_true(BIO_meth_set_destroy(meth_always_retry, 780 always_retry_free))) 781 return NULL; 782 } 783 return meth_always_retry; 784 } 785 786 void bio_s_always_retry_free(void) 787 { 788 BIO_meth_free(meth_always_retry); 789 } 790 791 static int always_retry_new(BIO *bio) 792 { 793 BIO_set_init(bio, 1); 794 return 1; 795 } 796 797 static int always_retry_free(BIO *bio) 798 { 799 BIO_set_data(bio, NULL); 800 BIO_set_init(bio, 0); 801 return 1; 802 } 803 804 void set_always_retry_err_val(int err) 805 { 806 retry_err = err; 807 } 808 809 static int always_retry_read(BIO *bio, char *out, int outl) 810 { 811 BIO_set_retry_read(bio); 812 return retry_err; 813 } 814 815 static int always_retry_write(BIO *bio, const char *in, int inl) 816 { 817 BIO_set_retry_write(bio); 818 return retry_err; 819 } 820 821 static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) 822 { 823 long ret = 1; 824 825 switch (cmd) { 826 case BIO_CTRL_FLUSH: 827 BIO_set_retry_write(bio); 828 /* fall through */ 829 case BIO_CTRL_EOF: 830 case BIO_CTRL_RESET: 831 case BIO_CTRL_DUP: 832 case BIO_CTRL_PUSH: 833 case BIO_CTRL_POP: 834 default: 835 ret = 0; 836 break; 837 } 838 return ret; 839 } 840 841 static int always_retry_gets(BIO *bio, char *buf, int size) 842 { 843 BIO_set_retry_read(bio); 844 return retry_err; 845 } 846 847 static int always_retry_puts(BIO *bio, const char *str) 848 { 849 BIO_set_retry_write(bio); 850 return retry_err; 851 } 852 853 struct maybe_retry_data_st { 854 unsigned int retrycnt; 855 }; 856 857 static int maybe_retry_new(BIO *bi); 858 static int maybe_retry_free(BIO *a); 859 static int maybe_retry_write(BIO *b, const char *in, int inl); 860 static long maybe_retry_ctrl(BIO *b, int cmd, long num, void *ptr); 861 862 const BIO_METHOD *bio_s_maybe_retry(void) 863 { 864 if (meth_maybe_retry == NULL) { 865 if (!TEST_ptr(meth_maybe_retry = BIO_meth_new(BIO_TYPE_MAYBE_RETRY, 866 "Maybe Retry")) 867 || !TEST_true(BIO_meth_set_write(meth_maybe_retry, 868 maybe_retry_write)) 869 || !TEST_true(BIO_meth_set_ctrl(meth_maybe_retry, 870 maybe_retry_ctrl)) 871 || !TEST_true(BIO_meth_set_create(meth_maybe_retry, 872 maybe_retry_new)) 873 || !TEST_true(BIO_meth_set_destroy(meth_maybe_retry, 874 maybe_retry_free))) 875 return NULL; 876 } 877 return meth_maybe_retry; 878 } 879 880 void bio_s_maybe_retry_free(void) 881 { 882 BIO_meth_free(meth_maybe_retry); 883 } 884 885 static int maybe_retry_new(BIO *bio) 886 { 887 struct maybe_retry_data_st *data = OPENSSL_zalloc(sizeof(*data)); 888 889 if (data == NULL) 890 return 0; 891 892 BIO_set_data(bio, data); 893 BIO_set_init(bio, 1); 894 return 1; 895 } 896 897 static int maybe_retry_free(BIO *bio) 898 { 899 struct maybe_retry_data_st *data = BIO_get_data(bio); 900 901 OPENSSL_free(data); 902 BIO_set_data(bio, NULL); 903 BIO_set_init(bio, 0); 904 return 1; 905 } 906 907 static int maybe_retry_write(BIO *bio, const char *in, int inl) 908 { 909 struct maybe_retry_data_st *data = BIO_get_data(bio); 910 911 if (data == NULL) 912 return -1; 913 914 if (data->retrycnt == 0) { 915 BIO_set_retry_write(bio); 916 return -1; 917 } 918 data->retrycnt--; 919 920 return BIO_write(BIO_next(bio), in, inl); 921 } 922 923 static long maybe_retry_ctrl(BIO *bio, int cmd, long num, void *ptr) 924 { 925 struct maybe_retry_data_st *data = BIO_get_data(bio); 926 927 if (data == NULL) 928 return 0; 929 930 switch (cmd) { 931 case MAYBE_RETRY_CTRL_SET_RETRY_AFTER_CNT: 932 data->retrycnt = num; 933 return 1; 934 935 case BIO_CTRL_FLUSH: 936 if (data->retrycnt == 0) { 937 BIO_set_retry_write(bio); 938 return -1; 939 } 940 data->retrycnt--; 941 /* fall through */ 942 default: 943 return BIO_ctrl(BIO_next(bio), cmd, num, ptr); 944 } 945 } 946 947 int create_ssl_ctx_pair(OSSL_LIB_CTX *libctx, const SSL_METHOD *sm, 948 const SSL_METHOD *cm, int min_proto_version, 949 int max_proto_version, SSL_CTX **sctx, SSL_CTX **cctx, 950 char *certfile, char *privkeyfile) 951 { 952 SSL_CTX *serverctx = NULL; 953 SSL_CTX *clientctx = NULL; 954 955 if (sctx != NULL) { 956 if (*sctx != NULL) 957 serverctx = *sctx; 958 else if (!TEST_ptr(serverctx = SSL_CTX_new_ex(libctx, NULL, sm)) 959 || !TEST_true(SSL_CTX_set_options(serverctx, 960 SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) 961 goto err; 962 } 963 964 if (cctx != NULL) { 965 if (*cctx != NULL) 966 clientctx = *cctx; 967 else if (!TEST_ptr(clientctx = SSL_CTX_new_ex(libctx, NULL, cm))) 968 goto err; 969 } 970 971 #if !defined(OPENSSL_NO_TLS1_3) \ 972 && defined(OPENSSL_NO_EC) \ 973 && defined(OPENSSL_NO_DH) 974 /* 975 * There are no usable built-in TLSv1.3 groups if ec and dh are both 976 * disabled 977 */ 978 if (max_proto_version == 0 979 && (sm == TLS_server_method() || cm == TLS_client_method())) 980 max_proto_version = TLS1_2_VERSION; 981 #endif 982 983 if (serverctx != NULL 984 && ((min_proto_version > 0 985 && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, 986 min_proto_version))) 987 || (max_proto_version > 0 988 && !TEST_true(SSL_CTX_set_max_proto_version(serverctx, 989 max_proto_version))))) 990 goto err; 991 if (clientctx != NULL 992 && ((min_proto_version > 0 993 && !TEST_true(SSL_CTX_set_min_proto_version(clientctx, 994 min_proto_version))) 995 || (max_proto_version > 0 996 && !TEST_true(SSL_CTX_set_max_proto_version(clientctx, 997 max_proto_version))))) 998 goto err; 999 1000 if (serverctx != NULL && certfile != NULL && privkeyfile != NULL) { 1001 if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, 1002 SSL_FILETYPE_PEM), 1) 1003 || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, 1004 privkeyfile, 1005 SSL_FILETYPE_PEM), 1) 1006 || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) 1007 goto err; 1008 } 1009 1010 if (sctx != NULL) 1011 *sctx = serverctx; 1012 if (cctx != NULL) 1013 *cctx = clientctx; 1014 return 1; 1015 1016 err: 1017 if (sctx != NULL && *sctx == NULL) 1018 SSL_CTX_free(serverctx); 1019 if (cctx != NULL && *cctx == NULL) 1020 SSL_CTX_free(clientctx); 1021 return 0; 1022 } 1023 1024 #define MAXLOOPS 1000000 1025 1026 #if defined(OSSL_USE_SOCKETS) 1027 1028 int wait_until_sock_readable(int sock) 1029 { 1030 fd_set readfds; 1031 struct timeval timeout; 1032 int width; 1033 1034 width = sock + 1; 1035 FD_ZERO(&readfds); 1036 openssl_fdset(sock, &readfds); 1037 timeout.tv_sec = 10; /* give up after 10 seconds */ 1038 timeout.tv_usec = 0; 1039 1040 select(width, &readfds, NULL, NULL, &timeout); 1041 1042 return FD_ISSET(sock, &readfds); 1043 } 1044 1045 int create_test_sockets(int *cfdp, int *sfdp, int socktype, BIO_ADDR *saddr) 1046 { 1047 struct sockaddr_in sin; 1048 const char *host = "127.0.0.1"; 1049 int cfd_connected = 0, ret = 0; 1050 socklen_t slen = sizeof(sin); 1051 int afd = -1, cfd = -1, sfd = -1; 1052 1053 memset ((char *) &sin, 0, sizeof(sin)); 1054 sin.sin_family = AF_INET; 1055 sin.sin_addr.s_addr = inet_addr(host); 1056 1057 afd = BIO_socket(AF_INET, socktype, 1058 socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0); 1059 if (afd == INVALID_SOCKET) 1060 return 0; 1061 1062 if (bind(afd, (struct sockaddr*)&sin, sizeof(sin)) < 0) 1063 goto out; 1064 1065 if (getsockname(afd, (struct sockaddr*)&sin, &slen) < 0) 1066 goto out; 1067 1068 if (saddr != NULL 1069 && !BIO_ADDR_rawmake(saddr, sin.sin_family, &sin.sin_addr, 1070 sizeof(sin.sin_addr), sin.sin_port)) 1071 goto out; 1072 1073 if (socktype == SOCK_STREAM && listen(afd, 1) < 0) 1074 goto out; 1075 1076 cfd = BIO_socket(AF_INET, socktype, 1077 socktype == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP, 0); 1078 if (cfd == INVALID_SOCKET) 1079 goto out; 1080 1081 if (!BIO_socket_nbio(afd, 1)) 1082 goto out; 1083 1084 /* 1085 * If a DGRAM socket then we don't call "accept" or "connect" - so act like 1086 * we already called them. 1087 */ 1088 if (socktype == SOCK_DGRAM) { 1089 cfd_connected = 1; 1090 sfd = afd; 1091 afd = -1; 1092 } 1093 1094 while (sfd == -1 || !cfd_connected) { 1095 sfd = accept(afd, NULL, 0); 1096 if (sfd == -1 && errno != EAGAIN) 1097 goto out; 1098 1099 if (!cfd_connected && connect(cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0) 1100 goto out; 1101 else 1102 cfd_connected = 1; 1103 } 1104 1105 if (!BIO_socket_nbio(cfd, 1) || !BIO_socket_nbio(sfd, 1)) 1106 goto out; 1107 ret = 1; 1108 *cfdp = cfd; 1109 *sfdp = sfd; 1110 goto success; 1111 1112 out: 1113 if (cfd != -1) 1114 close(cfd); 1115 if (sfd != -1) 1116 close(sfd); 1117 success: 1118 if (afd != -1) 1119 close(afd); 1120 return ret; 1121 } 1122 1123 int create_ssl_objects2(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, 1124 SSL **cssl, int sfd, int cfd) 1125 { 1126 SSL *serverssl = NULL, *clientssl = NULL; 1127 BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; 1128 BIO_POLL_DESCRIPTOR rdesc = {0}, wdesc = {0}; 1129 1130 if (*sssl != NULL) 1131 serverssl = *sssl; 1132 else if (!TEST_ptr(serverssl = SSL_new(serverctx))) 1133 goto error; 1134 if (*cssl != NULL) 1135 clientssl = *cssl; 1136 else if (!TEST_ptr(clientssl = SSL_new(clientctx))) 1137 goto error; 1138 1139 if (!TEST_ptr(s_to_c_bio = BIO_new_socket(sfd, BIO_NOCLOSE)) 1140 || !TEST_ptr(c_to_s_bio = BIO_new_socket(cfd, BIO_NOCLOSE))) 1141 goto error; 1142 1143 if (!TEST_false(SSL_get_rpoll_descriptor(clientssl, &rdesc) 1144 || !TEST_false(SSL_get_wpoll_descriptor(clientssl, &wdesc)))) 1145 goto error; 1146 1147 SSL_set_bio(clientssl, c_to_s_bio, c_to_s_bio); 1148 SSL_set_bio(serverssl, s_to_c_bio, s_to_c_bio); 1149 1150 if (!TEST_true(SSL_get_rpoll_descriptor(clientssl, &rdesc)) 1151 || !TEST_true(SSL_get_wpoll_descriptor(clientssl, &wdesc)) 1152 || !TEST_int_eq(rdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) 1153 || !TEST_int_eq(wdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) 1154 || !TEST_int_eq(rdesc.value.fd, cfd) 1155 || !TEST_int_eq(wdesc.value.fd, cfd)) 1156 goto error; 1157 1158 if (!TEST_true(SSL_get_rpoll_descriptor(serverssl, &rdesc)) 1159 || !TEST_true(SSL_get_wpoll_descriptor(serverssl, &wdesc)) 1160 || !TEST_int_eq(rdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) 1161 || !TEST_int_eq(wdesc.type, BIO_POLL_DESCRIPTOR_TYPE_SOCK_FD) 1162 || !TEST_int_eq(rdesc.value.fd, sfd) 1163 || !TEST_int_eq(wdesc.value.fd, sfd)) 1164 goto error; 1165 1166 *sssl = serverssl; 1167 *cssl = clientssl; 1168 return 1; 1169 1170 error: 1171 SSL_free(serverssl); 1172 SSL_free(clientssl); 1173 BIO_free(s_to_c_bio); 1174 BIO_free(c_to_s_bio); 1175 return 0; 1176 } 1177 1178 #else 1179 1180 int wait_until_sock_readable(int sock) 1181 { 1182 return 0; 1183 } 1184 1185 #endif /* defined(OSSL_USE_SOCKETS) */ 1186 1187 /* 1188 * NOTE: Transfers control of the BIOs - this function will free them on error 1189 */ 1190 int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, 1191 SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) 1192 { 1193 SSL *serverssl = NULL, *clientssl = NULL; 1194 BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; 1195 1196 if (*sssl != NULL) 1197 serverssl = *sssl; 1198 else if (!TEST_ptr(serverssl = SSL_new(serverctx))) 1199 goto error; 1200 if (*cssl != NULL) 1201 clientssl = *cssl; 1202 else if (!TEST_ptr(clientssl = SSL_new(clientctx))) 1203 goto error; 1204 1205 if (SSL_is_dtls(clientssl)) { 1206 if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) 1207 || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) 1208 goto error; 1209 } else { 1210 if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) 1211 || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) 1212 goto error; 1213 } 1214 1215 if (s_to_c_fbio != NULL 1216 && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) 1217 goto error; 1218 if (c_to_s_fbio != NULL 1219 && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) 1220 goto error; 1221 1222 /* Set Non-blocking IO behaviour */ 1223 BIO_set_mem_eof_return(s_to_c_bio, -1); 1224 BIO_set_mem_eof_return(c_to_s_bio, -1); 1225 1226 /* Up ref these as we are passing them to two SSL objects */ 1227 if (!BIO_up_ref(s_to_c_bio)) 1228 goto error; 1229 if (!BIO_up_ref(c_to_s_bio)) { 1230 BIO_free(s_to_c_bio); 1231 goto error; 1232 } 1233 1234 SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); 1235 SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); 1236 *sssl = serverssl; 1237 *cssl = clientssl; 1238 return 1; 1239 1240 error: 1241 SSL_free(serverssl); 1242 SSL_free(clientssl); 1243 BIO_free(s_to_c_bio); 1244 BIO_free(c_to_s_bio); 1245 BIO_free(s_to_c_fbio); 1246 BIO_free(c_to_s_fbio); 1247 1248 return 0; 1249 } 1250 1251 /* 1252 * Create an SSL connection, but does not read any post-handshake 1253 * NewSessionTicket messages. 1254 * If |read| is set and we're using DTLS then we will attempt to SSL_read on 1255 * the connection once we've completed one half of it, to ensure any retransmits 1256 * get triggered. 1257 * We stop the connection attempt (and return a failure value) if either peer 1258 * has SSL_get_error() return the value in the |want| parameter. The connection 1259 * attempt could be restarted by a subsequent call to this function. 1260 */ 1261 int create_bare_ssl_connection_ex(SSL *serverssl, SSL *clientssl, int want, 1262 int read, int listen, int *cm_count, int *sm_count) 1263 { 1264 int retc = -1, rets = -1, err, abortctr = 0, ret = 0; 1265 int clienterr = 0, servererr = 0; 1266 int isdtls = SSL_is_dtls(serverssl); 1267 int icm_count = 0, ism_count = 0; 1268 #ifndef OPENSSL_NO_SOCK 1269 BIO_ADDR *peer = NULL; 1270 1271 if (listen) { 1272 if (!isdtls) { 1273 TEST_error("DTLSv1_listen requested for non-DTLS object\n"); 1274 return 0; 1275 } 1276 peer = BIO_ADDR_new(); 1277 if (!TEST_ptr(peer)) 1278 return 0; 1279 } 1280 #else 1281 if (listen) { 1282 TEST_error("DTLSv1_listen requested in a no-sock build\n"); 1283 return 0; 1284 } 1285 #endif 1286 1287 do { 1288 err = SSL_ERROR_WANT_WRITE; 1289 while (!clienterr && retc <= 0 && err == SSL_ERROR_WANT_WRITE) { 1290 retc = SSL_connect(clientssl); 1291 if (retc <= 0) 1292 err = SSL_get_error(clientssl, retc); 1293 icm_count++; 1294 } 1295 1296 if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { 1297 TEST_info("SSL_connect() failed %d, %d", retc, err); 1298 if (want != SSL_ERROR_SSL) 1299 TEST_openssl_errors(); 1300 clienterr = 1; 1301 } 1302 if (want != SSL_ERROR_NONE && err == want) 1303 goto err; 1304 1305 err = SSL_ERROR_WANT_WRITE; 1306 while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { 1307 #ifndef OPENSSL_NO_SOCK 1308 if (listen) { 1309 rets = DTLSv1_listen(serverssl, peer); 1310 if (rets < 0) { 1311 err = SSL_ERROR_SSL; 1312 } else if (rets == 0) { 1313 err = SSL_ERROR_WANT_READ; 1314 } else { 1315 /* Success - stop listening and call SSL_accept from now on */ 1316 listen = 0; 1317 rets = 0; 1318 } 1319 ism_count++; 1320 } else 1321 #endif 1322 { 1323 rets = SSL_accept(serverssl); 1324 if (rets <= 0) 1325 err = SSL_get_error(serverssl, rets); 1326 ism_count++; 1327 } 1328 } 1329 1330 if (!servererr && rets <= 0 1331 && err != SSL_ERROR_WANT_READ 1332 && err != SSL_ERROR_WANT_X509_LOOKUP) { 1333 TEST_info("SSL_accept() failed %d, %d", rets, err); 1334 if (want != SSL_ERROR_SSL) 1335 TEST_openssl_errors(); 1336 servererr = 1; 1337 } 1338 if (want != SSL_ERROR_NONE && err == want) 1339 goto err; 1340 if (clienterr && servererr) 1341 goto err; 1342 if (isdtls && read) { 1343 unsigned char buf[20]; 1344 1345 /* Trigger any retransmits that may be appropriate */ 1346 if (rets > 0 && retc <= 0) { 1347 if (SSL_read(serverssl, buf, sizeof(buf)) > 0) { 1348 /* We don't expect this to succeed! */ 1349 TEST_info("Unexpected SSL_read() success!"); 1350 goto err; 1351 } 1352 ism_count++; 1353 } 1354 if (retc > 0 && rets <= 0) { 1355 if (SSL_read(clientssl, buf, sizeof(buf)) > 0) { 1356 /* We don't expect this to succeed! */ 1357 TEST_info("Unexpected SSL_read() success!"); 1358 goto err; 1359 } 1360 icm_count++; 1361 } 1362 } 1363 if (++abortctr == MAXLOOPS) { 1364 TEST_info("No progress made"); 1365 goto err; 1366 } 1367 if (isdtls && abortctr <= 50 && (abortctr % 10) == 0) { 1368 /* 1369 * It looks like we're just spinning. Pause for a short period to 1370 * give the DTLS timer a chance to do something. We only do this for 1371 * the first few times to prevent hangs. 1372 */ 1373 OSSL_sleep(50); 1374 } 1375 } while (retc <=0 || rets <= 0); 1376 1377 ret = 1; 1378 err: 1379 if (cm_count != NULL) 1380 *cm_count = icm_count; 1381 if (sm_count != NULL) 1382 *sm_count = ism_count; 1383 #ifndef OPENSSL_NO_SOCK 1384 BIO_ADDR_free(peer); 1385 #endif 1386 return ret; 1387 } 1388 1389 int create_bare_ssl_connection(SSL *serverssl, SSL *clientssl, int want, 1390 int read, int listen) 1391 { 1392 return create_bare_ssl_connection_ex(serverssl, clientssl, want, read, 1393 listen, NULL, NULL); 1394 } 1395 1396 /* 1397 * Create an SSL connection including any post handshake NewSessionTicket 1398 * messages. 1399 */ 1400 int create_ssl_connection_ex(SSL *serverssl, SSL *clientssl, int want, 1401 int *cm_count, int *sm_count) 1402 { 1403 int i; 1404 unsigned char buf; 1405 size_t readbytes; 1406 1407 if (!create_bare_ssl_connection_ex(serverssl, clientssl, want, 1, 0, 1408 cm_count, sm_count)) 1409 return 0; 1410 1411 /* 1412 * We attempt to read some data on the client side which we expect to fail. 1413 * This will ensure we have received the NewSessionTicket in TLSv1.3 where 1414 * appropriate. We do this twice because there are 2 NewSessionTickets. 1415 */ 1416 for (i = 0; i < 2; i++) { 1417 if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { 1418 if (!TEST_ulong_eq(readbytes, 0)) 1419 return 0; 1420 } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), 1421 SSL_ERROR_WANT_READ)) { 1422 return 0; 1423 } 1424 if (cm_count != NULL) 1425 (*cm_count)++; 1426 } 1427 1428 return 1; 1429 } 1430 1431 int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) 1432 { 1433 return create_ssl_connection_ex(serverssl, clientssl, want, NULL, NULL); 1434 } 1435 1436 void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl) 1437 { 1438 SSL_shutdown(clientssl); 1439 SSL_shutdown(serverssl); 1440 SSL_free(serverssl); 1441 SSL_free(clientssl); 1442 } 1443 1444 SSL_SESSION *create_a_psk(SSL *ssl, size_t mdsize) 1445 { 1446 const SSL_CIPHER *cipher = NULL; 1447 const unsigned char key[SHA384_DIGEST_LENGTH] = { 1448 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 1449 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 1450 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 1451 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 1452 0x2c, 0x2d, 0x2e, 0x2f 1453 }; 1454 SSL_SESSION *sess = NULL; 1455 1456 if (mdsize == SHA384_DIGEST_LENGTH) { 1457 cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES); 1458 } else if (mdsize == SHA256_DIGEST_LENGTH) { 1459 /* 1460 * Any ciphersuite using SHA256 will do - it will be compatible with 1461 * the actual ciphersuite selected as long as it too is based on SHA256 1462 */ 1463 cipher = SSL_CIPHER_find(ssl, TLS13_AES_128_GCM_SHA256_BYTES); 1464 } else { 1465 /* Should not happen */ 1466 return NULL; 1467 } 1468 sess = SSL_SESSION_new(); 1469 if (!TEST_ptr(sess) 1470 || !TEST_ptr(cipher) 1471 || !TEST_true(SSL_SESSION_set1_master_key(sess, key, mdsize)) 1472 || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)) 1473 || !TEST_true( 1474 SSL_SESSION_set_protocol_version(sess, 1475 TLS1_3_VERSION))) { 1476 SSL_SESSION_free(sess); 1477 return NULL; 1478 } 1479 return sess; 1480 } 1481 1482 #define NUM_EXTRA_CERTS 40 1483 1484 int ssl_ctx_add_large_cert_chain(OSSL_LIB_CTX *libctx, SSL_CTX *sctx, 1485 const char *cert_file) 1486 { 1487 BIO *certbio = NULL; 1488 X509 *chaincert = NULL; 1489 int certlen; 1490 int ret = 0; 1491 int i; 1492 1493 if (!TEST_ptr(certbio = BIO_new_file(cert_file, "r"))) 1494 goto end; 1495 1496 if (!TEST_ptr(chaincert = X509_new_ex(libctx, NULL))) 1497 goto end; 1498 1499 if (PEM_read_bio_X509(certbio, &chaincert, NULL, NULL) == NULL) 1500 goto end; 1501 BIO_free(certbio); 1502 certbio = NULL; 1503 1504 /* 1505 * We assume the supplied certificate is big enough so that if we add 1506 * NUM_EXTRA_CERTS it will make the overall message large enough. The 1507 * default buffer size is requested to be 16k, but due to the way BUF_MEM 1508 * works, it ends up allocating a little over 21k (16 * 4/3). So, in this 1509 * test we need to have a message larger than that. 1510 */ 1511 certlen = i2d_X509(chaincert, NULL); 1512 OPENSSL_assert(certlen * NUM_EXTRA_CERTS > 1513 (SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3); 1514 for (i = 0; i < NUM_EXTRA_CERTS; i++) { 1515 if (!X509_up_ref(chaincert)) 1516 goto end; 1517 if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) { 1518 X509_free(chaincert); 1519 goto end; 1520 } 1521 } 1522 1523 ret = 1; 1524 end: 1525 BIO_free(certbio); 1526 X509_free(chaincert); 1527 return ret; 1528 } 1529 1530 ENGINE *load_dasync(void) 1531 { 1532 #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 1533 ENGINE *e; 1534 1535 if (!TEST_ptr(e = ENGINE_by_id("dasync"))) 1536 return NULL; 1537 1538 if (!TEST_true(ENGINE_init(e))) { 1539 ENGINE_free(e); 1540 return NULL; 1541 } 1542 1543 if (!TEST_true(ENGINE_register_ciphers(e))) { 1544 ENGINE_free(e); 1545 return NULL; 1546 } 1547 1548 return e; 1549 #else 1550 return NULL; 1551 #endif 1552 } 1553