From 8e2236eff8e38109a57347c8ad795040b380c936 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Mon, 13 Feb 2017 15:10:54 -0600 Subject: [PATCH] Let test handshakes stop on certain errors Certain callback APIs allow the callback to request async processing by trickling a particular error value up the stack to the application as an error return from the handshake function. In those cases, SSL_want() returns a code specific to the type of async processing needed. The create_ssl_connection() helper function for the tests is very helpful for several things, including creating API tests. However, it does not currently let us test the async processing functionality of these callback interfaces, because the special SSL error codes are treated as generic errors and the helper continues to loop until it reaches its maximum iteration count. Add a new parameter, 'want', that indicates an expected/desired special SSL error code, so that the helper will terminate when either side reports that error, giving control back to the calling function and allowing the test to proceed. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2279) --- test/asynciotest.c | 2 +- test/dtls_mtu_test.c | 2 +- test/dtlstest.c | 2 +- test/sslapitest.c | 20 ++++++++++---------- test/sslcorrupttest.c | 2 +- test/ssltestlib.c | 6 +++++- test/ssltestlib.h | 2 +- 7 files changed, 20 insertions(+), 16 deletions(-) diff --git a/test/asynciotest.c b/test/asynciotest.c index d4edd94936..f418bbeb2c 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -303,7 +303,7 @@ int main(int argc, char *argv[]) goto end; } - if (!create_ssl_connection(serverssl, clientssl)) { + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Test %d failed: Create SSL connection failed\n", test); goto end; } diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 1a05c541f7..24d4ccc552 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -70,7 +70,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) } sc_bio = SSL_get_rbio(srvr_ssl); - if (create_ssl_connection(clnt_ssl, srvr_ssl) != 1) + if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1) goto out; if (debug) diff --git a/test/dtlstest.c b/test/dtlstest.c index b4a756f83d..bc22d3254c 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -89,7 +89,7 @@ static int test_dtls_unprocessed(int testidx) mempacket_test_inject(c_to_s_mempacket, (char *)certstatus, sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ); - if (!create_ssl_connection(serverssl1, clientssl1)) { + if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); ERR_print_errors_fp(stdout); goto end; diff --git a/test/sslapitest.c b/test/sslapitest.c index 47f008a711..cc852952e7 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -338,7 +338,7 @@ static int test_keylog(void) { goto end; } - if (!create_ssl_connection(serverssl, clientssl)) { + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); goto end; } @@ -435,7 +435,7 @@ static int test_keylog_no_master_key(void) { goto end; } - if (!create_ssl_connection(serverssl, clientssl)) { + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); goto end; } @@ -541,7 +541,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth, goto end; } - if (!create_ssl_connection(serverssl, clientssl)) { + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); goto end; } @@ -719,7 +719,7 @@ static int test_tlsext_status_type(void) goto end; } - if (!create_ssl_connection(serverssl, clientssl)) { + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); goto end; } @@ -745,7 +745,7 @@ static int test_tlsext_status_type(void) } /* This should fail because the callback will fail */ - if (create_ssl_connection(serverssl, clientssl)) { + if (create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unexpected success creating the connection\n"); goto end; } @@ -799,7 +799,7 @@ static int test_tlsext_status_type(void) BIO_free(certbio); certbio = NULL; - if (!create_ssl_connection(serverssl, clientssl)) { + if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); goto end; } @@ -906,7 +906,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) goto end; } - if (!create_ssl_connection(serverssl1, clientssl1)) { + if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); goto end; } @@ -932,7 +932,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) goto end; } - if (!create_ssl_connection(serverssl2, clientssl2)) { + if (!create_ssl_connection(serverssl2, clientssl2, SSL_ERROR_NONE)) { printf("Unable to create second SSL connection\n"); goto end; } @@ -1015,7 +1015,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix) } /* This should fail because of the mismatched protocol versions */ - if (create_ssl_connection(serverssl3, clientssl3)) { + if (create_ssl_connection(serverssl3, clientssl3, SSL_ERROR_NONE)) { printf("Unable to create third SSL connection\n"); goto end; } @@ -1436,7 +1436,7 @@ static int test_set_sigalgs(int idx) } } - if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) { + if (curr->connsuccess != create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) { printf("Unexpected return value creating SSL connection (%d)\n", idx); goto end; } diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index c1f074b11d..8ccad16f28 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -240,7 +240,7 @@ static int test_ssl_corrupt(int testidx) goto end; } - if (!create_ssl_connection(server, client)) { + if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) { printf("Unable to create SSL connection\n"); ERR_print_errors_fp(stdout); goto end; diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 8a4dd49d5c..64aa9169b6 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -641,7 +641,7 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, return 0; } -int create_ssl_connection(SSL *serverssl, SSL *clientssl) +int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) { int retc = -1, rets = -1, err, abortctr = 0; int clienterr = 0, servererr = 0; @@ -660,6 +660,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) printf("SSL_connect() failed %d, %d\n", retc, err); clienterr = 1; } + if (want != SSL_ERROR_NONE && err == want) + return 0; err = SSL_ERROR_WANT_WRITE; while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) { @@ -672,6 +674,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl) printf("SSL_accept() failed %d, %d\n", rets, err); servererr = 1; } + if (want != SSL_ERROR_NONE && err == want) + return 0; if (clienterr && servererr) return 0; if (++abortctr == MAXLOOPS) { diff --git a/test/ssltestlib.h b/test/ssltestlib.h index bd9272f1dc..e74a5ccab2 100644 --- a/test/ssltestlib.h +++ b/test/ssltestlib.h @@ -17,7 +17,7 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, char *privkeyfile); int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio); -int create_ssl_connection(SSL *serverssl, SSL *clientssl); +int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want); /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void); -- 2.25.1