mirror of https://github.com/openssl/openssl
Update the tls13encryptiontest for new read record layer
The tls13encryption is an internal test that reaches inside libssl to test encryption/decryption of records. It needs to be amended for the new code structure so that it is testing the equivalent things as before. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
This commit is contained in:
parent
d0b17ea025
commit
a16f9d3366
|
@ -1045,35 +1045,46 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
|
|||
}
|
||||
|
||||
/* Loop through all the settings since they must all be understood */
|
||||
for (p = settings; p->key != NULL; p++) {
|
||||
if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
|
||||
if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
if (settings != NULL) {
|
||||
for (p = settings; p->key != NULL; p++) {
|
||||
if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
|
||||
if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key,
|
||||
OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
|
||||
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key,
|
||||
OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
|
||||
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key,
|
||||
OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
|
||||
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
|
||||
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_R_UNKNOWN_MANDATORY_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
|
||||
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
|
||||
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
|
||||
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
|
||||
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
} else {
|
||||
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1115,20 +1126,22 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
|
|||
rl->next = next;
|
||||
|
||||
rl->cbarg = cbarg;
|
||||
for (; fns->function_id != 0; fns++) {
|
||||
switch (fns->function_id) {
|
||||
case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
|
||||
rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
|
||||
break;
|
||||
case OSSL_FUNC_RLAYER_MSG_CALLBACK:
|
||||
rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
|
||||
break;
|
||||
case OSSL_FUNC_RLAYER_SECURITY:
|
||||
rl->security = OSSL_FUNC_rlayer_security(fns);
|
||||
break;
|
||||
default:
|
||||
/* Just ignore anything we don't understand */
|
||||
break;
|
||||
if (fns != NULL) {
|
||||
for (; fns->function_id != 0; fns++) {
|
||||
switch (fns->function_id) {
|
||||
case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
|
||||
rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
|
||||
break;
|
||||
case OSSL_FUNC_RLAYER_MSG_CALLBACK:
|
||||
rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
|
||||
break;
|
||||
case OSSL_FUNC_RLAYER_SECURITY:
|
||||
rl->security = OSSL_FUNC_rlayer_security(fns);
|
||||
break;
|
||||
default:
|
||||
/* Just ignore anything we don't understand */
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
#include <openssl/evp.h>
|
||||
#include "../ssl/ssl_local.h"
|
||||
#include "../ssl/record/record_local.h"
|
||||
#include "../ssl/record/recordmethod.h"
|
||||
#include "../ssl/record/methods/recmethod_local.h"
|
||||
#include "internal/nelem.h"
|
||||
#include "testutil.h"
|
||||
|
||||
|
@ -306,11 +308,14 @@ static int test_tls13_encryption(void)
|
|||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
SSL3_RECORD rec;
|
||||
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
|
||||
unsigned char *key = NULL;
|
||||
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
|
||||
int ret = 0;
|
||||
size_t ivlen, ctr;
|
||||
SSL_CONNECTION *s;
|
||||
unsigned char seqbuf[SEQ_NUM_SIZE];
|
||||
unsigned char iv[EVP_MAX_IV_LENGTH];
|
||||
OSSL_RECORD_LAYER *rl;
|
||||
|
||||
/*
|
||||
* Encrypted TLSv1.3 records always have an outer content type of
|
||||
|
@ -349,16 +354,14 @@ static int test_tls13_encryption(void)
|
|||
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
|
||||
/* Load the record */
|
||||
ivlen = EVP_CIPHER_get_iv_length(ciph);
|
||||
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
|
||||
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
|
||||
if (!load_record(&rec, &refdata[ctr], &key, iv, ivlen, seqbuf)) {
|
||||
TEST_error("Failed loading key into EVP_CIPHER_CTX");
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* Set up the read/write sequences */
|
||||
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
|
||||
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
|
||||
memcpy(s->write_iv, s->read_iv, ivlen);
|
||||
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), seqbuf, sizeof(seqbuf));
|
||||
memcpy(s->write_iv, iv, ivlen);
|
||||
|
||||
/* Load the key into the EVP_CIPHER_CTXs */
|
||||
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
|
||||
|
@ -378,8 +381,18 @@ static int test_tls13_encryption(void)
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (!TEST_true(ossl_tls_record_method.new_record_layer(
|
||||
NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
|
||||
OSSL_RECORD_DIRECTION_READ,
|
||||
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
|
||||
iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
|
||||
EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, &rl))) {
|
||||
goto err;
|
||||
}
|
||||
memcpy(rl->sequence, seqbuf, sizeof(seqbuf));
|
||||
/* Decrypt it */
|
||||
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0, NULL, 0), 1)) {
|
||||
if (!TEST_int_eq(rl->funcs->cipher(rl, &rec, 1, 0, NULL, 0), 1)) {
|
||||
TEST_info("Failed to decrypt record %zu", ctr);
|
||||
goto err;
|
||||
}
|
||||
|
@ -388,14 +401,11 @@ static int test_tls13_encryption(void)
|
|||
goto err;
|
||||
}
|
||||
|
||||
ossl_tls_record_method.free(rl);
|
||||
OPENSSL_free(rec.data);
|
||||
OPENSSL_free(key);
|
||||
OPENSSL_free(iv);
|
||||
OPENSSL_free(seq);
|
||||
rec.data = NULL;
|
||||
key = NULL;
|
||||
iv = NULL;
|
||||
seq = NULL;
|
||||
}
|
||||
|
||||
TEST_note("PASS: %zu records tested", ctr);
|
||||
|
@ -404,8 +414,6 @@ static int test_tls13_encryption(void)
|
|||
err:
|
||||
OPENSSL_free(rec.data);
|
||||
OPENSSL_free(key);
|
||||
OPENSSL_free(iv);
|
||||
OPENSSL_free(seq);
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
return ret;
|
||||
|
|
Loading…
Reference in New Issue