Let test handshakes stop on certain errors

Certain callback APIs allow the callback to request async processing by trickling a particular error value up the stack to the application as an error return from the handshake function. In those cases, SSL_want() returns a code specific to the type of async processing needed. The create_ssl_connection() helper function for the tests is very helpful for several things, including creating API tests. However, it does not currently let us test the async processing functionality of these callback interfaces, because the special SSL error codes are treated as generic errors and the helper continues to loop until it reaches its maximum iteration count. Add a new parameter, 'want', that indicates an expected/desired special SSL error code, so that the helper will terminate when either side reports that error, giving control back to the calling function and allowing the test to proceed. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2279)
2025-03-25 20:00:44 +08:00 · 2017-02-13 15:10:54 -06:00 · 2017-02-13 15:10:54 -06:00 · 8e2236eff8
commit 8e2236eff8
parent 694c9180d7
7 changed files with 20 additions and 16 deletions
--- a/test/asynciotest.c
+++ b/test/asynciotest.c
@ -303,7 +303,7 @@ int main(int argc, char *argv[])
            goto end;
        }

-        if (!create_ssl_connection(serverssl, clientssl)) {
+        if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
            printf("Test %d failed: Create SSL connection failed\n", test);
            goto end;
        }
--- a/test/dtls_mtu_test.c
+++ b/test/dtls_mtu_test.c
@ -70,7 +70,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
    }
    sc_bio = SSL_get_rbio(srvr_ssl);

-    if (create_ssl_connection(clnt_ssl, srvr_ssl) != 1)
+    if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1)
        goto out;

    if (debug)
--- a/test/dtlstest.c
+++ b/test/dtlstest.c
@ -89,7 +89,7 @@ static int test_dtls_unprocessed(int testidx)
    mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
                          sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);

-    if (!create_ssl_connection(serverssl1, clientssl1)) {
+    if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        ERR_print_errors_fp(stdout);
        goto end;
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@ -338,7 +338,7 @@ static int test_keylog(void) {
        goto end;
    }

-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        goto end;
    }
@ -435,7 +435,7 @@ static int test_keylog_no_master_key(void) {
        goto end;
    }

-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        goto end;
    }
@ -541,7 +541,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
        goto end;
    }

-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        goto end;
    }
@ -719,7 +719,7 @@ static int test_tlsext_status_type(void)
        goto end;
    }

-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        goto end;
    }
@ -745,7 +745,7 @@ static int test_tlsext_status_type(void)
    }

    /* This should fail because the callback will fail */
-    if (create_ssl_connection(serverssl, clientssl)) {
+    if (create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unexpected success creating the connection\n");
        goto end;
    }
@ -799,7 +799,7 @@ static int test_tlsext_status_type(void)
    BIO_free(certbio);
    certbio = NULL;

-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        goto end;
    }
@ -906,7 +906,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
        goto end;
    }

-    if (!create_ssl_connection(serverssl1, clientssl1)) {
+    if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        goto end;
    }
@ -932,7 +932,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
        goto end;
    }

-    if (!create_ssl_connection(serverssl2, clientssl2)) {
+    if (!create_ssl_connection(serverssl2, clientssl2, SSL_ERROR_NONE)) {
        printf("Unable to create second SSL connection\n");
        goto end;
    }
@ -1015,7 +1015,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
    }

    /* This should fail because of the mismatched protocol versions */
-    if (create_ssl_connection(serverssl3, clientssl3)) {
+    if (create_ssl_connection(serverssl3, clientssl3, SSL_ERROR_NONE)) {
        printf("Unable to create third SSL connection\n");
        goto end;
    }
@ -1436,7 +1436,7 @@ static int test_set_sigalgs(int idx)
        }
    }

-    if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+    if (curr->connsuccess != create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
        printf("Unexpected return value creating SSL connection (%d)\n", idx);
        goto end;
    }
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@ -240,7 +240,7 @@ static int test_ssl_corrupt(int testidx)
        goto end;
    }

-    if (!create_ssl_connection(server, client)) {
+    if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
        printf("Unable to create SSL connection\n");
        ERR_print_errors_fp(stdout);
        goto end;
--- a/test/ssltestlib.c
+++ b/test/ssltestlib.c
@ -641,7 +641,7 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
    return 0;
 }

-int create_ssl_connection(SSL *serverssl, SSL *clientssl)
+int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
 {
    int retc = -1, rets = -1, err, abortctr = 0;
    int clienterr = 0, servererr = 0;
@ -660,6 +660,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl)
            printf("SSL_connect() failed %d, %d\n", retc, err);
            clienterr = 1;
        }
+        if (want != SSL_ERROR_NONE && err == want)
+            return 0;

        err = SSL_ERROR_WANT_WRITE;
        while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
@ -672,6 +674,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl)
            printf("SSL_accept() failed %d, %d\n", rets, err);
            servererr = 1;
        }
+        if (want != SSL_ERROR_NONE && err == want)
+            return 0;
        if (clienterr && servererr)
            return 0;
        if (++abortctr == MAXLOOPS) {
--- a/test/ssltestlib.h
+++ b/test/ssltestlib.h
@ -17,7 +17,7 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
                        char *privkeyfile);
 int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
                       SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
-int create_ssl_connection(SSL *serverssl, SSL *clientssl);
+int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want);

 /* Note: Not thread safe! */
 const BIO_METHOD *bio_f_tls_dump_filter(void);