mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-24 13:55:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add a test_ssl_new testcase

Browse Source 
This requires some code being pulled into the empty protocol
implementation so the state machinery works.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
This commit is contained in:
Tomas Mraz 2022-05-16 18:08:54 +02:00 committed by Pauli
parent e44795bd5d
commit 08e4901298
8 changed files with 150 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
ssl/quic/quic_impl.c
View File

@ -28,37 +28,49 @@ int ossl_quic_clear(SSL *s)
int ossl_quic_accept(SSL *s)
{
s->statem.in_init = 0;
return 1;
}
int ossl_quic_connect(SSL *s)
{
s->statem.in_init = 0;
return 1;
}
int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
{
int ret;
BIO *rbio = SSL_get_rbio(s);
if (rbio == NULL)
return 0;
return BIO_read_ex(rbio, buf, len, readbytes);
s->rwstate = SSL_READING;
ret = BIO_read_ex(rbio, buf, len, readbytes);
if (ret > 0 || !BIO_should_retry(rbio))
s->rwstate = SSL_NOTHING;
return ret <= 0 ? -1 : ret;
}
int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
{
return 1;
return -1;
}
int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
{
BIO *wbio = SSL_get_wbio(s);
int ret;
if (wbio == NULL)
return 0;
return BIO_write_ex(wbio, buf, len, written);
s->rwstate = SSL_WRITING;
ret = BIO_write_ex(wbio, buf, len, written);
if (ret > 0 || !BIO_should_retry(wbio))
s->rwstate = SSL_NOTHING;
return ret;
}
int ossl_quic_shutdown(SSL *s)
@ -68,11 +80,30 @@ int ossl_quic_shutdown(SSL *s)
long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
{
switch(cmd) {
case SSL_CTRL_CHAIN:
if (larg)
return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
else
return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
}
return 0;
}
long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg)
long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
switch(cmd) {
case SSL_CTRL_CHAIN:
if (larg)
return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
else
return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
/* TODO(QUIC): these will have to be implemented properly */
return 1;
}
return 0;
}
@ -81,7 +112,7 @@ long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
return 0;
}
long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void))
long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
return 0;
}
@ -103,7 +134,28 @@ int ossl_quic_num_ciphers(void)
const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
{
static const SSL_CIPHER ciph = { 0 };
/*
* TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
* produces at least one valid TLS-1.2 cipher.
* Later we should allow that there are none with QUIC protocol as
* SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
*/
static const SSL_CIPHER ciph = {
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
SSL_kECDHE,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
256,
256
};
return &ciph;
}

8
ssl/quic/quic_local.h
View File

@ -15,8 +15,8 @@
# define OSSL_QUIC_ANY_VERSION 0xFFFFF
# define IMPLEMENT_quic_meth_func(version, func_name, s_accept, \
s_connect, enc_data) \
# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
q_connect, enc_data) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
@ -26,8 +26,8 @@ const SSL_METHOD *func_name(void) \
ossl_quic_new, \
ossl_quic_clear, \
ossl_quic_free, \
s_accept, \
s_connect, \
q_accept, \
q_connect, \
ossl_quic_read, \
ossl_quic_peek, \
ossl_quic_write, \

1
test/helpers/ssl_test_ctx.c
View File

@ -328,6 +328,7 @@ const char *ssl_session_id_name(ssl_session_id_t server)
static const test_enum ssl_test_methods[] = {
{"TLS", SSL_TEST_METHOD_TLS},
{"DTLS", SSL_TEST_METHOD_DTLS},
{"QUIC", SSL_TEST_METHOD_QUIC}
};
__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)

3
test/helpers/ssl_test_ctx.h
View File

@ -65,7 +65,8 @@ typedef enum {
typedef enum {
SSL_TEST_METHOD_TLS = 0, /* Default */
SSL_TEST_METHOD_DTLS
SSL_TEST_METHOD_DTLS,
SSL_TEST_METHOD_QUIC
} ssl_test_method_t;
typedef enum {

4
test/recipes/80-test_ssl_new.t
View File

@ -38,7 +38,7 @@ if (defined $ENV{SSL_TESTS}) {
@conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
plan tests => 30;
plan tests => 31;
}
map { s/;.*// } @conf_srcs if $^O eq "VMS";
my @conf_files = map { basename($_, ".in") } @conf_srcs;
@ -60,6 +60,7 @@ if (!$no_tls && $no_tls_below1_3 && disabled("ec") && disabled("dh")) {
}
my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3);
my $no_dtls = alldisabled(available_protocols("dtls"));
my $no_quic = disabled("quic");
my $no_npn = disabled("nextprotoneg");
my $no_ct = disabled("ct");
my $no_ec = disabled("ec");
@ -122,6 +123,7 @@ my %skip = (
"25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
"26-tls13_client_auth.cnf" => disabled("tls1_3") || ($no_ec && $no_dh),
"29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
"31-quic.cnf" => $no_quic || $no_ec
);
foreach my $conf (@conf_files) {

29
test/ssl-tests/31-quic.cnf Normal file
View File

@ -0,0 +1,29 @@
# Generated with generate_ssl_tests.pl
num_tests = 1
test-0 = 0-certstatus-good
# ===========================================================
[0-certstatus-good]
ssl_conf = 0-certstatus-good-ssl
[0-certstatus-good-ssl]
server = 0-certstatus-good-server
client = 0-certstatus-good-client
[0-certstatus-good-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[0-certstatus-good-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer
[test-0]
ExpectedResult = Success
Method = QUIC

28
test/ssl-tests/31-quic.cnf.in Normal file
View File

@ -0,0 +1,28 @@
# -*- mode: perl; -*-
# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
## Basic test of the QUIC protocol
use strict;
use warnings;
package ssltests;
our @tests = (
{
name => "certstatus-good",
server => {},
client => {},
test => {
"Method" => "QUIC",
"ExpectedResult" => "Success"
}
}
);

25
test/ssl_test.c
View File

@ -14,6 +14,9 @@
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/provider.h>
#ifndef OPENSSL_NO_QUIC
#include <openssl/quic.h>
#endif
#include "helpers/handshake.h"
#include "helpers/ssl_test_ctx.h"
@ -490,6 +493,28 @@ static int test_handshake(int idx)
goto err;
}
}
#ifndef OPENSSL_NO_QUIC
if (test_ctx->method == SSL_TEST_METHOD_QUIC) {
server_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method());
if (test_ctx->extra.server.servername_callback !=
SSL_TEST_SERVERNAME_CB_NONE) {
if (!TEST_ptr(server2_ctx =
SSL_CTX_new_ex(libctx, NULL,
OSSL_QUIC_server_method())))
goto err;
}
client_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
OSSL_QUIC_server_method());
resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
OSSL_QUIC_client_method());
if (!TEST_ptr(resume_server_ctx)
|| !TEST_ptr(resume_client_ctx))
goto err;
}
}
#endif
#ifdef OPENSSL_NO_AUTOLOAD_CONFIG
if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))