openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Update the tls13encryptiontest for new read record layer 

The tls13encryption is an internal test that reaches inside libssl
to test encryption/decryption of records. It needs to be amended for the
new code structure so that it is testing the equivalent things as before.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
This commit is contained in:
Matt Caswell 2022-07-26 12:44:28 +01:00
parent d0b17ea025
commit a16f9d3366
2 changed files with 75 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
ssl/record/methods/tls_common.c
View File

@ -1045,35 +1045,46 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
}
/* Loop through all the settings since they must all be understood */
for (p = settings; p->key != NULL; p++) {
if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
if (settings != NULL) {
for (p = settings; p->key != NULL; p++) {
if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_USE_ETM) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->use_etm)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key,
OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR,
SSL_R_UNKNOWN_MANDATORY_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN) == 0) {
if (!OSSL_PARAM_get_uint(p, &rl->max_frag_len)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA) == 0) {
if (!OSSL_PARAM_get_uint32(p, &rl->max_early_data)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->stream_mac)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else if (strcmp(p->key, OSSL_LIBSSL_RECORD_LAYER_PARAM_TLSTREE) == 0) {
if (!OSSL_PARAM_get_int(p, &rl->tlstree)) {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_FAILED_TO_GET_PARAMETER);
goto err;
}
} else {
RLAYERfatal(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_MANDATORY_PARAMETER);
goto err;
}
}
@ -1115,20 +1126,22 @@ tls_int_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
rl->next = next;
rl->cbarg = cbarg;
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
break;
case OSSL_FUNC_RLAYER_MSG_CALLBACK:
rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
break;
case OSSL_FUNC_RLAYER_SECURITY:
rl->security = OSSL_FUNC_rlayer_security(fns);
break;
default:
/* Just ignore anything we don't understand */
break;
if (fns != NULL) {
for (; fns->function_id != 0; fns++) {
switch (fns->function_id) {
case OSSL_FUNC_RLAYER_SKIP_EARLY_DATA:
rl->skip_early_data = OSSL_FUNC_rlayer_skip_early_data(fns);
break;
case OSSL_FUNC_RLAYER_MSG_CALLBACK:
rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns);
break;
case OSSL_FUNC_RLAYER_SECURITY:
rl->security = OSSL_FUNC_rlayer_security(fns);
break;
default:
/* Just ignore anything we don't understand */
break;
}
}
}

34
test/tls13encryptiontest.c
View File

@ -11,6 +11,8 @@
#include <openssl/evp.h>
#include "../ssl/ssl_local.h"
#include "../ssl/record/record_local.h"
#include "../ssl/record/recordmethod.h"
#include "../ssl/record/methods/recmethod_local.h"
#include "internal/nelem.h"
#include "testutil.h"
@ -306,11 +308,14 @@ static int test_tls13_encryption(void)
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
unsigned char *key = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
SSL_CONNECTION *s;
unsigned char seqbuf[SEQ_NUM_SIZE];
unsigned char iv[EVP_MAX_IV_LENGTH];
OSSL_RECORD_LAYER *rl;
/*
* Encrypted TLSv1.3 records always have an outer content type of
@ -349,16 +354,14 @@ static int test_tls13_encryption(void)
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
/* Load the record */
ivlen = EVP_CIPHER_get_iv_length(ciph);
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
if (!load_record(&rec, &refdata[ctr], &key, iv, ivlen, seqbuf)) {
TEST_error("Failed loading key into EVP_CIPHER_CTX");
goto err;
}
/* Set up the read/write sequences */
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
memcpy(s->write_iv, s->read_iv, ivlen);
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer), seqbuf, sizeof(seqbuf));
memcpy(s->write_iv, iv, ivlen);
/* Load the key into the EVP_CIPHER_CTXs */
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
@ -378,8 +381,18 @@ static int test_tls13_encryption(void)
goto err;
}
if (!TEST_true(ossl_tls_record_method.new_record_layer(
NULL, NULL, TLS1_3_VERSION, OSSL_RECORD_ROLE_SERVER,
OSSL_RECORD_DIRECTION_READ,
OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, 0, key, 16,
iv, ivlen, NULL, 0, EVP_aes_128_gcm(),
EVP_GCM_TLS_TAG_LEN, 0, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL, NULL, &rl))) {
goto err;
}
memcpy(rl->sequence, seqbuf, sizeof(seqbuf));
/* Decrypt it */
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0, NULL, 0), 1)) {
if (!TEST_int_eq(rl->funcs->cipher(rl, &rec, 1, 0, NULL, 0), 1)) {
TEST_info("Failed to decrypt record %zu", ctr);
goto err;
}
@ -388,14 +401,11 @@ static int test_tls13_encryption(void)
goto err;
}
ossl_tls_record_method.free(rl);
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
rec.data = NULL;
key = NULL;
iv = NULL;
seq = NULL;
}
TEST_note("PASS: %zu records tested", ctr);
@ -404,8 +414,6 @@ static int test_tls13_encryption(void)
err:
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(ssl);
SSL_CTX_free(ctx);
return ret;