From: Rich Salz Date: Wed, 26 Apr 2017 16:20:44 +0000 (-0400) Subject: Convert dtls_mtu_test, dtlsv1listentest X-Git-Tag: OpenSSL_1_1_1-pre1~1650 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8ed9a26616a7101ea698c189fbbb663186676075;p=oweals%2Fopenssl.git Convert dtls_mtu_test, dtlsv1listentest Also converted most of ssltestlib but left the packet_dump output as-is (for now). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3257) --- diff --git a/test/build.info b/test/build.info index 9f4a434f9b..c8d86f7d13 100644 --- a/test/build.info +++ b/test/build.info @@ -233,7 +233,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN SOURCE[dtlsv1listentest]=dtlsv1listentest.c INCLUDE[dtlsv1listentest]=.. ../include - DEPEND[dtlsv1listentest]=../libssl + DEPEND[dtlsv1listentest]=../libssl libtestutil.a SOURCE[ct_test]=ct_test.c INCLUDE[ct_test]=../crypto/include ../include @@ -316,7 +316,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN PROGRAMS_NO_INST=dtls_mtu_test SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c INCLUDE[dtls_mtu_test]=.. ../include - DEPEND[dtls_mtu_test]=../libcrypto ../libssl + DEPEND[dtls_mtu_test]=../libcrypto ../libssl libtestutil.a ENDIF IF[{- !$disabled{shared} -}] diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 24d4ccc552..50f952b2ce 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -15,6 +15,7 @@ #include #include "ssltestlib.h" +#include "testutil.h" /* for SSL_READ_ETM() */ #include "../ssl/ssl_locl.h" @@ -57,21 +58,19 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) memset(buf, 0x5a, sizeof(buf)); - if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1) - goto out; + if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, + NULL, NULL))) + goto end; if (no_etm) SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC); - if (SSL_set_cipher_list(srvr_ssl, cs) != 1 || - SSL_set_cipher_list(clnt_ssl, cs) != 1) { - ERR_print_errors_fp(stdout); - goto out; - } - sc_bio = SSL_get_rbio(srvr_ssl); - - if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1) - goto out; + if (!TEST_true(SSL_set_cipher_list(srvr_ssl, cs)) + || !TEST_true(SSL_set_cipher_list(clnt_ssl, cs)) + || !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl)) + || !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl, + SSL_ERROR_NONE))) + goto end; if (debug) printf("Channel established\n"); @@ -82,28 +81,27 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) SSL_set_mtu(clnt_ssl, 500 + i); mtus[i] = DTLS_get_data_mtu(clnt_ssl); if (debug) - printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n", - cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]); - if (mtus[i] == 0) { - fprintf(stderr, - "payload MTU failed with record MTU %d for %s\n", - 500 + i, cs); - goto out; + TEST_info("%s%s MTU for record mtu %d = %lu", + cs, no_etm ? "-noEtM" : "", + 500 + i, (unsigned long)mtus[i]); + if (!TEST_size_t_ne(mtus[i], 0)) { + TEST_info("Cipher %s MTU %d", cs, 500 + i); + goto end; } } /* Now get out of the way */ SSL_set_mtu(clnt_ssl, 1000); - /* Now for all values in the range of payload MTUs, send - * a payload of that size and see what actual record size - * we end up with. */ + /* + * Now for all values in the range of payload MTUs, send a payload of + * that size and see what actual record size we end up with. + */ for (s = mtus[0]; s <= mtus[29]; s++) { size_t reclen; - if (SSL_write(clnt_ssl, buf, s) != (int)s) { - ERR_print_errors_fp(stdout); - goto out; - } + + if (!TEST_int_eq(SSL_write(clnt_ssl, buf, s), (int)s)) + goto end; reclen = BIO_read(sc_bio, buf, sizeof(buf)); if (debug) printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s); @@ -111,53 +109,58 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) for (i = 0; i < 30; i++) { /* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */ - if (s <= mtus[i] && reclen > (size_t)(500 + i)) { - /* We sent a packet smaller than or equal to mtus[j] and - * that made a record *larger* than the record MTU 500+j! */ - fprintf(stderr, - "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" - "but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n", - cs, mtus[i], 500 + i, s, reclen); - goto out; + if (!TEST_false(s <= mtus[i] && reclen > (size_t)(500 + i))) { + /* + * We sent a packet smaller than or equal to mtus[j] and + * that made a record *larger* than the record MTU 500+j! + */ + TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d", + cs, (unsigned long)s, (unsigned long)mtus[i], + (unsigned long)reclen, 500 + i); + goto end; } - if (s > mtus[i] && reclen <= (size_t)(500 + i)) { - /* We sent a *larger* packet than mtus[i] and that *still* + if (!TEST_false(s > mtus[i] && reclen <= (size_t)(500 + i))) { + /* + * We sent a *larger* packet than mtus[i] and that *still* * fits within the record MTU 500+i, so DTLS_get_data_mtu() - * was overly pessimistic. */ - fprintf(stderr, - "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" - "but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n", - cs, mtus[i], 500 + i, s, reclen); - goto out; + * was overly pessimistic. + */ + TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d", + cs, (unsigned long)s, (unsigned long)mtus[i], + (unsigned long)reclen, 500 + i); + goto end; } } } rv = 1; if (SSL_READ_ETM(clnt_ssl)) rv = 2; - out: + end: SSL_free(clnt_ssl); SSL_free(srvr_ssl); return rv; } -int main(void) +static int run_mtu_tests(void) { - SSL_CTX *ctx = SSL_CTX_new(DTLS_method()); + SSL_CTX *ctx = NULL; STACK_OF(SSL_CIPHER) *ciphers; - int i, rv = 0; + int i, ret = 0; + + if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method()))) + goto end; SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); SSL_CTX_set_security_level(ctx, 0); - /* We only care about iterating over each enc/mac; we don't - * want to repeat the test for each auth/kx variant. - * So keep life simple and only do (non-DH) PSK. */ - if (!SSL_CTX_set_cipher_list(ctx, "PSK")) { - fprintf(stderr, "Failed to set PSK cipher list\n"); - goto out; - } + /* + * We only care about iterating over each enc/mac; we don't want to + * repeat the test for each auth/kx variant. So keep life simple and + * only do (non-DH) PSK. + */ + if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "PSK"))) + goto end; ciphers = SSL_CTX_get_ciphers(ctx); for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { @@ -165,26 +168,28 @@ int main(void) const char *cipher_name = SSL_CIPHER_get_name(cipher); /* As noted above, only one test for each enc/mac variant. */ - if (strncmp(cipher_name, "PSK-", 4)) + if (strncmp(cipher_name, "PSK-", 4) != 0) continue; - rv = mtu_test(ctx, cipher_name, 0); - if (!rv) + if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0)) break; - - printf("DTLS MTU test OK for %s\n", cipher_name); - if (rv == 1) + TEST_info("%s OK", cipher_name); + if (ret == 1) continue; /* mtu_test() returns 2 if it used Encrypt-then-MAC */ - rv = mtu_test(ctx, cipher_name, 1); - if (!rv) + if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 1), 0)) break; - - printf("DTLS MTU test OK for %s without Encrypt-then-MAC\n", cipher_name); + TEST_info("%s without EtM OK", cipher_name); } - out: + + end: SSL_CTX_free(ctx); + bio_s_mempacket_test_free(); + return ret; +} - return !rv; +void register_tests() +{ + ADD_TEST(run_mtu_tests); } diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c index dfbc7aebb8..b70c60e618 100644 --- a/test/dtlsv1listentest.c +++ b/test/dtlsv1listentest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,8 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -# include -#endif #include "e_os.h" +#include "testutil.h" #ifndef OPENSSL_NO_SOCK @@ -236,7 +234,7 @@ static const unsigned char verify[] = { 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */ }; -static struct { +typedef struct { const unsigned char *in; unsigned int inlen; /* @@ -245,52 +243,18 @@ static struct { * DROP == 0 return value, no output */ enum {GOOD, VERIFY, DROP} outtype; -} testpackets[9] = { - { - clienthello_nocookie, - sizeof(clienthello_nocookie), - VERIFY - }, - { - clienthello_nocookie_frag, - sizeof(clienthello_nocookie_frag), - VERIFY - }, - { - clienthello_nocookie_short, - sizeof(clienthello_nocookie_short), - DROP - }, - { - clienthello_2ndfrag, - sizeof(clienthello_2ndfrag), - DROP - }, - { - clienthello_cookie, - sizeof(clienthello_cookie), - GOOD - }, - { - clienthello_cookie_frag, - sizeof(clienthello_cookie_frag), - GOOD - }, - { - clienthello_badcookie, - sizeof(clienthello_badcookie), - VERIFY - }, - { - clienthello_cookie_short, - sizeof(clienthello_cookie_short), - DROP - }, - { - record_short, - sizeof(record_short), - DROP - } +} tests; + +static tests testpackets[9] = { + { clienthello_nocookie, sizeof(clienthello_nocookie), VERIFY }, + { clienthello_nocookie_frag, sizeof(clienthello_nocookie_frag), VERIFY }, + { clienthello_nocookie_short, sizeof(clienthello_nocookie_short), DROP }, + { clienthello_2ndfrag, sizeof(clienthello_2ndfrag), DROP }, + { clienthello_cookie, sizeof(clienthello_cookie), GOOD }, + { clienthello_cookie_frag, sizeof(clienthello_cookie_frag), GOOD }, + { clienthello_badcookie, sizeof(clienthello_badcookie), VERIFY }, + { clienthello_cookie_short, sizeof(clienthello_cookie_short), DROP }, + { record_short, sizeof(record_short), DROP } }; # define COOKIE_LEN 20 @@ -299,9 +263,8 @@ static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned int i; - for (i = 0; i < COOKIE_LEN; i++, cookie++) { + for (i = 0; i < COOKIE_LEN; i++, cookie++) *cookie = i; - } *cookie_len = COOKIE_LEN; return 1; @@ -322,105 +285,72 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie, return 1; } -#endif -int main(void) +static int dtls_listen_test(int i) { -#ifndef OPENSSL_NO_SOCK SSL_CTX *ctx = NULL; SSL *ssl = NULL; BIO *outbio = NULL; BIO *inbio = NULL; - BIO_ADDR *peer = BIO_ADDR_new(); + BIO_ADDR *peer = NULL; + tests *tp = &testpackets[i]; char *data; long datalen; int ret, success = 0; - long i; - ctx = SSL_CTX_new(DTLS_server_method()); - if (ctx == NULL || peer == NULL) + if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_server_method())) + || !TEST_ptr(peer = BIO_ADDR_new())) goto err; - SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen); SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify); - /* Create an SSL object for the connection */ - ssl = SSL_new(ctx); - if (ssl == NULL) - goto err; - - outbio = BIO_new(BIO_s_mem()); - if (outbio == NULL) + /* Create an SSL object and set the BIO */ + if (!TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(outbio = BIO_new(BIO_s_mem()))) goto err; SSL_set0_wbio(ssl, outbio); - success = 1; - for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) { - inbio = BIO_new_mem_buf((char *)testpackets[i].in, - testpackets[i].inlen); - if (inbio == NULL) { - success = 0; - goto err; - } - /* Set Non-blocking IO behaviour */ - BIO_set_mem_eof_return(inbio, -1); + /* Set Non-blocking IO behaviour */ + if (!TEST_ptr(inbio = BIO_new_mem_buf((char *)tp->in, tp->inlen))) + goto err; + BIO_set_mem_eof_return(inbio, -1); + SSL_set0_rbio(ssl, inbio); - SSL_set0_rbio(ssl, inbio); + /* Process the incoming packet */ + if (!TEST_int_ge(ret = DTLSv1_listen(ssl, peer), 0)) + goto err; + datalen = BIO_get_mem_data(outbio, &data); - /* Process the incoming packet */ - ret = DTLSv1_listen(ssl, peer); - if (ret < 0) { - success = 0; + if (tp->outtype == VERIFY) { + if (!TEST_int_eq(ret, 0) + || !TEST_mem_eq(data, datalen, verify, sizeof(verify))) goto err; - } - - datalen = BIO_get_mem_data(outbio, &data); - - if (testpackets[i].outtype == VERIFY) { - if (ret == 0) { - if (datalen != sizeof(verify) - || (memcmp(data, verify, sizeof(verify)) != 0)) { - printf("Test %ld failure: incorrect HelloVerifyRequest\n", i); - success = 0; - } else { - printf("Test %ld success\n", i); - } - } else { - printf ("Test %ld failure: should not have succeeded\n", i); - success = 0; - } - } else if (datalen == 0) { - if ((ret == 0 && testpackets[i].outtype == DROP) - || (ret == 1 && testpackets[i].outtype == GOOD)) { - printf("Test %ld success\n", i); - } else { - printf("Test %ld failure: wrong return value\n", i); - success = 0; - } - } else { - printf("Test %ld failure: Unexpected data output\n", i); - success = 0; - } - (void)BIO_reset(outbio); - inbio = NULL; - /* Frees up inbio */ - SSL_set0_rbio(ssl, NULL); + } else if (datalen == 0) { + if (!TEST_true((ret == 0 && tp->outtype == DROP) + || (ret == 1 && tp->outtype == GOOD))) + goto err; + } else { + TEST_info("Test %d: unexpected data output", i); + goto err; } + (void)BIO_reset(outbio); + inbio = NULL; + SSL_set0_rbio(ssl, NULL); + success = 1; err: - if (!success) - ERR_print_errors_fp(stderr); /* Also frees up outbio */ SSL_free(ssl); SSL_CTX_free(ctx); BIO_free(inbio); OPENSSL_free(peer); -# ifndef OPENSSL_NO_CRYPTO_MDEBUG - CRYPTO_mem_leaks_fp(stderr); -# endif - return success ? 0 : 1; -#else - printf("DTLSv1_listen() is not supported by this build - skipping\n"); - return 0; + return success; +} +#endif + +void register_tests() +{ +#ifndef OPENSSL_NO_SOCK + ADD_ALL_TESTS(dtls_listen_test, (int)OSSL_NELEM(testpackets)); #endif } diff --git a/test/libtestutil.a b/test/libtestutil.a new file mode 100644 index 0000000000..9734195276 Binary files /dev/null and b/test/libtestutil.a differ diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 6fce12e0fc..9bce0d32d1 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -11,6 +11,7 @@ #include "e_os.h" #include "ssltestlib.h" +#include "testutil.h" static int tls_dump_new(BIO *bi); static int tls_dump_free(BIO *a); @@ -21,12 +22,11 @@ static int tls_dump_gets(BIO *bp, char *buf, int size); static int tls_dump_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -# define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) - -# define BIO_TYPE_MEMPACKET_TEST 0x81 +#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_MEMPACKET_TEST 0x81 static BIO_METHOD *method_tls_dump = NULL; -static BIO_METHOD *method_mempacket_test = NULL; +static BIO_METHOD *meth_mem = NULL; /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void) @@ -265,34 +265,33 @@ static int mempacket_test_puts(BIO *bp, const char *str); const BIO_METHOD *bio_s_mempacket_test(void) { - if (method_mempacket_test == NULL) { - method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, - "Mem Packet Test"); - if ( method_mempacket_test == NULL - || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write) - || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read) - || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts) - || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets) - || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl) - || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new) - || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free)) + if (meth_mem == NULL) { + if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, + "Mem Packet Test")) + || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) + || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) + || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) + || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) + || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) + || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) + || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) return NULL; } - return method_mempacket_test; + return meth_mem; } void bio_s_mempacket_test_free(void) { - BIO_meth_free(method_mempacket_test); + BIO_meth_free(meth_mem); } static int mempacket_test_new(BIO *bio) { - MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + MEMPACKET_TEST_CTX *ctx; + + if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) return 0; - ctx->pkts = sk_MEMPACKET_new_null(); - if (ctx->pkts == NULL) { + if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { OPENSSL_free(ctx); return 0; } @@ -309,7 +308,6 @@ static int mempacket_test_free(BIO *bio) OPENSSL_free(ctx); BIO_set_data(bio, NULL); BIO_set_init(bio, 0); - return 1; } @@ -331,7 +329,6 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) unsigned int seq, offset, len, epoch; BIO_clear_retry_flags(bio); - thispkt = sk_MEMPACKET_value(ctx->pkts, 0); if (thispkt == NULL || thispkt->num != ctx->currpkt) { /* Probably run out of data */ @@ -351,12 +348,10 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) * we know that there won't be any re-ordering. We overwrite to deal * with any packets that have been injected */ - rem = thispkt->len; - rec = thispkt->data; - while (rem > 0) { - if (rem < DTLS1_RT_HEADER_LENGTH) { + for (rem = thispkt->len, rec = thispkt->data + ; rem > 0; rec += len, rem -= len) { + if (rem < DTLS1_RT_HEADER_LENGTH) return -1; - } epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; if (epoch != ctx->epoch) { ctx->epoch = epoch; @@ -373,16 +368,11 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) + DTLS1_RT_HEADER_LENGTH; - - rec += len; - rem -= len; } } memcpy(out, thispkt->data, outl); - mempacket_free(thispkt); - return outl; } @@ -404,12 +394,9 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, ctx->noinject = 1; } - thispkt = OPENSSL_malloc(sizeof(MEMPACKET)); - if (thispkt == NULL) + if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt)))) return -1; - - thispkt->data = OPENSSL_malloc(inl); - if (thispkt->data == NULL) { + if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) { mempacket_free(thispkt); return -1; } @@ -530,26 +517,16 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, SSL_CTX *serverctx = NULL; SSL_CTX *clientctx = NULL; - serverctx = SSL_CTX_new(sm); - clientctx = SSL_CTX_new(cm); - if (serverctx == NULL || clientctx == NULL) { - printf("Failed to create SSL_CTX\n"); + if (!TEST_ptr(serverctx = SSL_CTX_new(sm)) + || !TEST_ptr(clientctx = SSL_CTX_new(cm))) goto err; - } - if (SSL_CTX_use_certificate_file(serverctx, certfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server certificate\n"); + if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) goto err; - } - if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server private key\n"); - } - if (SSL_CTX_check_private_key(serverctx) <= 0) { - printf("Failed to check private key\n"); - goto err; - } #ifndef OPENSSL_NO_DH SSL_CTX_set_dh_auto(serverctx, 1); @@ -557,8 +534,8 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, *sctx = serverctx; *cctx = clientctx; - return 1; + err: SSL_CTX_free(serverctx); SSL_CTX_free(clientctx); @@ -573,62 +550,46 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) { - SSL *serverssl, *clientssl; + SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; - if (*sssl == NULL) - serverssl = SSL_new(serverctx); - else + if (*sssl != NULL) serverssl = *sssl; - if (*cssl == NULL) - clientssl = SSL_new(clientctx); - else + else if (!TEST_ptr(serverssl = SSL_new(serverctx))) + goto error; + if (*cssl != NULL) clientssl = *cssl; - - if (serverssl == NULL || clientssl == NULL) { - printf("Failed to create SSL object\n"); + else if (!TEST_ptr(clientssl = SSL_new(clientctx))) goto error; - } if (SSL_is_dtls(clientssl)) { - s_to_c_bio = BIO_new(bio_s_mempacket_test()); - c_to_s_bio = BIO_new(bio_s_mempacket_test()); + if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) + || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) + goto error; } else { - s_to_c_bio = BIO_new(BIO_s_mem()); - c_to_s_bio = BIO_new(BIO_s_mem()); - } - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create mem BIOs\n"); - goto error; + if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) + || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) + goto error; } - if (s_to_c_fbio != NULL) - s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio); - if (c_to_s_fbio != NULL) - c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio); - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create chained BIOs\n"); + if (s_to_c_fbio != NULL + && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) + goto error; + if (c_to_s_fbio != NULL + && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) goto error; - } /* Set Non-blocking IO behaviour */ BIO_set_mem_eof_return(s_to_c_bio, -1); BIO_set_mem_eof_return(c_to_s_bio, -1); /* Up ref these as we are passing them to two SSL objects */ + SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); BIO_up_ref(s_to_c_bio); BIO_up_ref(c_to_s_bio); - - SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); - - /* BIOs will now be freed when SSL objects are freed */ - s_to_c_bio = c_to_s_bio = NULL; - s_to_c_fbio = c_to_s_fbio = NULL; - *sssl = serverssl; *cssl = clientssl; - return 1; error: @@ -658,7 +619,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) } if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_connect() failed %d, %d\n", retc, err); + TEST_info("SSL_connect() failed %d, %d", retc, err); clienterr = 1; } if (want != SSL_ERROR_NONE && err == want) @@ -672,7 +633,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) } if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_accept() failed %d, %d\n", rets, err); + TEST_info("SSL_accept() failed %d, %d", rets, err); servererr = 1; } if (want != SSL_ERROR_NONE && err == want) @@ -680,7 +641,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) if (clienterr && servererr) return 0; if (++abortctr == MAXLOOPS) { - printf("No progress made\n"); + TEST_info("No progress made"); return 0; } } while (retc <=0 || rets <= 0); @@ -691,12 +652,9 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) * appropriate. */ if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { - if (readbytes != 0) { - printf("Unexpected success reading data %"OSSLzu"\n", readbytes); + if (!TEST_ulong_eq(readbytes, 0)) return 0; - } - } else if (SSL_get_error(clientssl, 0) != SSL_ERROR_WANT_READ) { - printf("SSL_read_ex() failed\n"); + } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) { return 0; }