diff --git a/.gitattributes b/.gitattributes index 6771355ff7..6bd7389c8a 100644 --- a/.gitattributes +++ b/.gitattributes @@ -8,7 +8,6 @@ fuzz/corpora/** export-ignore Configurations/*.norelease.conf export-ignore .* export-ignore util/mktar.sh export-ignore -boringssl export-ignore krb5 export-ignore pyca-cryptography export-ignore dev export-ignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7adc2ab746..ad24aaa5b8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -200,7 +200,5 @@ jobs: run: make test TESTS="test_external_gost_engine" - name: test external krb5 run: make test TESTS="test_external_krb5" -# - name: test external boringssl -# run: BORING_RUNNER_DIR=$(pwd)/boringssl/ssl/test/runner make test TESTS="test_external_boringssl" # - name: test external pyca # run: make test TESTS="test_external_pyca" diff --git a/.gitmodules b/.gitmodules index 637e7ade7e..955140d60d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,7 +1,3 @@ -[submodule "boringssl"] - path = boringssl - url = https://boringssl.googlesource.com/boringssl - [submodule "pyca.cryptography"] path = pyca-cryptography url = https://github.com/pyca/cryptography.git diff --git a/INSTALL.md b/INSTALL.md index d6ef21d20e..14b6118c36 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -692,7 +692,7 @@ Enable building of integration with external test suites. This is a developer option and may not work on all platforms. The following external test suites are currently supported: - - BoringSSL test suite + - GOST engine test suite - Python PYCA/Cryptography test suite - krb5 test suite diff --git a/boringssl b/boringssl deleted file mode 160000 index 2070f8ad91..0000000000 --- a/boringssl +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 2070f8ad9151dc8f3a73bffaa146b5e6937a583f diff --git a/test/README-external.md b/test/README-external.md index b06deaac4f..3e10526b85 100644 --- a/test/README-external.md +++ b/test/README-external.md @@ -5,69 +5,6 @@ It is possible to integrate external test suites into OpenSSL's `make test`. This capability is considered a developer option and does not work on all platforms. -The BoringSSL test suite -======================== - -In order to run the BoringSSL tests with OpenSSL, first checkout the BoringSSL -source code into an appropriate directory. This can be done in two ways: - -1) Separately from the OpenSSL checkout using: - - $ git clone https://boringssl.googlesource.com/boringssl boringssl - - The BoringSSL tests are only confirmed to work at a specific commit in the - BoringSSL repository. Later commits may or may not pass the test suite: - - $ cd boringssl - $ git checkout 490469f850e - -2) Using the already configured submodule settings in OpenSSL: - - $ git submodule update --init - -Configure the OpenSSL source code to enable the external tests: - - $ cd ../openssl - $ ./config enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers \ - enable-external-tests - -Note that using other config options than those given above may cause the tests -to fail. - -Run the OpenSSL tests by providing the path to the BoringSSL test runner in the -`BORING_RUNNER_DIR` environment variable: - - $ BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make test - -Note that the test suite may change directory while running so the path provided -should be absolute and not relative to the current working directory. - -To see more detailed output you can run just the BoringSSL tests with the -verbose option: - - $ VERBOSE=1 BORING_RUNNER_DIR=/path/to/boringssl/ssl/test/runner make \ - TESTS="test_external_boringssl" test - -Test failures and suppressions ------------------------------- - -A large number of the BoringSSL tests are known to fail. A test could fail -because of many possible reasons. For example: - -- A bug in OpenSSL -- Different interpretations of standards -- Assumptions about the way BoringSSL works that do not apply to OpenSSL -- The test uses APIs added to BoringSSL that are not present in OpenSSL -- etc - -In order to provide a "clean" baseline run with all the tests passing a config -file has been provided that suppresses the running of tests that are known to -fail. These suppressions are held in the file "test/ossl_shim/ossl_config.json" -within the OpenSSL source code. - -The community is encouraged to contribute patches which reduce the number of -suppressions that are currently present. - Python PYCA/Cryptography test suite =================================== diff --git a/test/build.info b/test/build.info index 8abb14f634..b31e5dedd5 100644 --- a/test/build.info +++ b/test/build.info @@ -1,5 +1,3 @@ -SUBDIRS=ossl_shim - # TODO: use ../apps/libapps.a instead of direct ../apps/lib source. # This can't currently be done, because some of its units drag in too many # unresolved references that don't apply here. diff --git a/test/data2.bin b/test/data2.bin index c4f9691a26..40c1bdad13 100644 Binary files a/test/data2.bin and b/test/data2.bin differ diff --git a/test/ossl_shim/async_bio.cc b/test/ossl_shim/async_bio.cc deleted file mode 100644 index b21e5af51b..0000000000 --- a/test/ossl_shim/async_bio.cc +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "async_bio.h" - -#include -#include - -#include -#include - - -namespace { - -struct AsyncBio { - bool datagram; - bool enforce_write_quota; - size_t read_quota; - size_t write_quota; -}; - -AsyncBio *GetData(BIO *bio) { - return (AsyncBio *)BIO_get_data(bio); -} - -static int AsyncWrite(BIO *bio, const char *in, int inl) { - AsyncBio *a = GetData(bio); - if (a == NULL || BIO_next(bio) == NULL) { - return 0; - } - - if (!a->enforce_write_quota) { - return BIO_write(BIO_next(bio), in, inl); - } - - BIO_clear_retry_flags(bio); - - if (a->write_quota == 0) { - BIO_set_retry_write(bio); - errno = EAGAIN; - return -1; - } - - if (!a->datagram && (size_t)inl > a->write_quota) { - inl = a->write_quota; - } - int ret = BIO_write(BIO_next(bio), in, inl); - if (ret <= 0) { - BIO_copy_next_retry(bio); - } else { - a->write_quota -= (a->datagram ? 1 : ret); - } - return ret; -} - -static int AsyncRead(BIO *bio, char *out, int outl) { - AsyncBio *a = GetData(bio); - if (a == NULL || BIO_next(bio) == NULL) { - return 0; - } - - BIO_clear_retry_flags(bio); - - if (a->read_quota == 0) { - BIO_set_retry_read(bio); - errno = EAGAIN; - return -1; - } - - if (!a->datagram && (size_t)outl > a->read_quota) { - outl = a->read_quota; - } - int ret = BIO_read(BIO_next(bio), out, outl); - if (ret <= 0) { - BIO_copy_next_retry(bio); - } else { - a->read_quota -= (a->datagram ? 1 : ret); - } - return ret; -} - -static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { - if (BIO_next(bio) == NULL) { - return 0; - } - BIO_clear_retry_flags(bio); - int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); - BIO_copy_next_retry(bio); - return ret; -} - -static int AsyncNew(BIO *bio) { - AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); - if (a == NULL) { - return 0; - } - memset(a, 0, sizeof(*a)); - a->enforce_write_quota = true; - BIO_set_init(bio, 1); - BIO_set_data(bio, a); - return 1; -} - -static int AsyncFree(BIO *bio) { - if (bio == NULL) { - return 0; - } - - OPENSSL_free(BIO_get_data(bio)); - BIO_set_data(bio, NULL); - BIO_set_init(bio, 0); - return 1; -} - -static long AsyncCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp) -{ - if (BIO_next(bio) == NULL) - return 0; - return BIO_callback_ctrl(BIO_next(bio), cmd, fp); -} - -static BIO_METHOD *g_async_bio_method = NULL; - -static const BIO_METHOD *AsyncMethod(void) -{ - if (g_async_bio_method == NULL) { - g_async_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "async bio"); - if ( g_async_bio_method == NULL - || !BIO_meth_set_write(g_async_bio_method, AsyncWrite) - || !BIO_meth_set_read(g_async_bio_method, AsyncRead) - || !BIO_meth_set_ctrl(g_async_bio_method, AsyncCtrl) - || !BIO_meth_set_create(g_async_bio_method, AsyncNew) - || !BIO_meth_set_destroy(g_async_bio_method, AsyncFree) - || !BIO_meth_set_callback_ctrl(g_async_bio_method, AsyncCallbackCtrl)) - return NULL; - } - return g_async_bio_method; -} - -} // namespace - -bssl::UniquePtr AsyncBioCreate() { - return bssl::UniquePtr(BIO_new(AsyncMethod())); -} - -bssl::UniquePtr AsyncBioCreateDatagram() { - bssl::UniquePtr ret(BIO_new(AsyncMethod())); - if (!ret) { - return nullptr; - } - GetData(ret.get())->datagram = true; - return ret; -} - -void AsyncBioAllowRead(BIO *bio, size_t count) { - AsyncBio *a = GetData(bio); - if (a == NULL) { - return; - } - a->read_quota += count; -} - -void AsyncBioAllowWrite(BIO *bio, size_t count) { - AsyncBio *a = GetData(bio); - if (a == NULL) { - return; - } - a->write_quota += count; -} - -void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce) { - AsyncBio *a = GetData(bio); - if (a == NULL) { - return; - } - a->enforce_write_quota = enforce; -} diff --git a/test/ossl_shim/async_bio.h b/test/ossl_shim/async_bio.h deleted file mode 100644 index 0d3b0ebc6e..0000000000 --- a/test/ossl_shim/async_bio.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H -#define OSSL_TEST_SHIM_ASYNC_BIO_H - -#include -#include - - -// AsyncBioCreate creates a filter BIO for testing asynchronous state -// machines which consume a stream socket. Reads and writes will fail -// and return EAGAIN unless explicitly allowed. Each async BIO has a -// read quota and a write quota. Initially both are zero. As each is -// incremented, bytes are allowed to flow through the BIO. -bssl::UniquePtr AsyncBioCreate(); - -// AsyncBioCreateDatagram creates a filter BIO for testing for -// asynchronous state machines which consume datagram sockets. The read -// and write quota count in packets rather than bytes. -bssl::UniquePtr AsyncBioCreateDatagram(); - -// AsyncBioAllowRead increments |bio|'s read quota by |count|. -void AsyncBioAllowRead(BIO *bio, size_t count); - -// AsyncBioAllowWrite increments |bio|'s write quota by |count|. -void AsyncBioAllowWrite(BIO *bio, size_t count); - -// AsyncBioEnforceWriteQuota configures where |bio| enforces its write quota. -void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce); - - -#endif // OSSL_TEST_SHIM_ASYNC_BIO_H diff --git a/test/ossl_shim/build.info b/test/ossl_shim/build.info deleted file mode 100644 index d1dd208408..0000000000 --- a/test/ossl_shim/build.info +++ /dev/null @@ -1,6 +0,0 @@ -IF[{- defined $target{CXX} && !$disabled{"external-tests"} -}] - PROGRAMS{noinst}=ossl_shim - SOURCE[ossl_shim]=ossl_shim.cc async_bio.cc packeted_bio.cc test_config.cc - INCLUDE[ossl_shim]=. include ../../include - DEPEND[ossl_shim]=../../libssl ../../libcrypto -ENDIF diff --git a/test/ossl_shim/include/openssl/base.h b/test/ossl_shim/include/openssl/base.h deleted file mode 100644 index 9b07292673..0000000000 --- a/test/ossl_shim/include/openssl/base.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H -#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H - -/* Needed for DH functions */ -#include "internal/deprecated.h" - -/* Needed for BORINGSSL_MAKE_DELETER */ -# include -# include -# include -# include -# include - -# define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) - -extern "C++" { - -#include - -namespace bssl { - -namespace internal { - -template -struct DeleterImpl {}; - -template -struct Deleter { - void operator()(T *ptr) { - // Rather than specialize Deleter for each type, we specialize - // DeleterImpl. This allows bssl::UniquePtr to be used while only - // including base.h as long as the destructor is not emitted. This matches - // std::unique_ptr's behavior on forward-declared types. - // - // DeleterImpl itself is specialized in the corresponding module's header - // and must be included to release an object. If not included, the compiler - // will error that DeleterImpl does not have a method Free. - DeleterImpl::Free(ptr); - } -}; - -template -class StackAllocated { - public: - StackAllocated() { init(&ctx_); } - ~StackAllocated() { cleanup(&ctx_); } - - StackAllocated(const StackAllocated &) = delete; - T& operator=(const StackAllocated &) = delete; - - T *get() { return &ctx_; } - const T *get() const { return &ctx_; } - - void Reset() { - cleanup(&ctx_); - init(&ctx_); - } - - private: - T ctx_; -}; - -} // namespace internal - -#define BORINGSSL_MAKE_DELETER(type, deleter) \ - namespace internal { \ - template <> \ - struct DeleterImpl { \ - static void Free(type *ptr) { deleter(ptr); } \ - }; \ - } - -// This makes a unique_ptr to STACK_OF(type) that owns all elements on the -// stack, i.e. it uses sk_pop_free() to clean up. -#define BORINGSSL_MAKE_STACK_DELETER(type, deleter) \ - namespace internal { \ - template <> \ - struct DeleterImpl { \ - static void Free(STACK_OF(type) *ptr) { \ - sk_##type##_pop_free(ptr, deleter); \ - } \ - }; \ - } - -// Holds ownership of heap-allocated BoringSSL structures. Sample usage: -// bssl::UniquePtr rsa(RSA_new()); -// bssl::UniquePtr bio(BIO_new(BIO_s_mem())); -template -using UniquePtr = std::unique_ptr>; - -BORINGSSL_MAKE_DELETER(BIO, BIO_free) -BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free) -BORINGSSL_MAKE_DELETER(DH, DH_free) -BORINGSSL_MAKE_DELETER(X509, X509_free) -BORINGSSL_MAKE_DELETER(SSL, SSL_free) -BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free) -BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free) - -} // namespace bssl - -} /* extern C++ */ - - -#endif /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */ diff --git a/test/ossl_shim/ossl_config.json b/test/ossl_shim/ossl_config.json deleted file mode 100644 index 1e57499065..0000000000 --- a/test/ossl_shim/ossl_config.json +++ /dev/null @@ -1,301 +0,0 @@ - -{ - "DisabledTests" : { - "*TLS13*":"No TLS1.3 support yet", - "FragmentAlert-DTLS":"Test failure - reason unknown", - "FragmentedClientVersion":"Test failure - reason unknown", - "MTU":"Test failure - reason unknown", - "EmptyCertificateList":"Test failure - reason unknown", - "AppDataBeforeHandshake-DTLS":"Test failure - reason unknown", - "AlertAfterChangeCipherSpec":"Test failure - reason unknown", - "AppDataAfterChangeCipherSpec":"Test failure - reason unknown", - "AppDataAfterChangeCipherSpec-Empty":"Test failure - reason unknown", - "AppDataAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", - "AppDataBeforeHandshake-DTLS-Empty":"Test failure - reason unknown", - "AlertAfterChangeCipherSpec-DTLS":"Test failure - reason unknown", - "FragmentMessageLengthMismatch-DTLS":"Test failure - reason unknown", - "SplitFragments-Header-DTLS":"Test failure - reason unknown", - "SplitFragments-Boundary-DTLS":"Test failure - reason unknown", - "SplitFragments-Body-DTLS":"Test failure - reason unknown", - "SendEmptyFragments-DTLS":"Test failure - reason unknown", - "SendInvalidRecordType-DTLS":"Test failure - reason unknown", - "SendInvalidRecordType":"Test failure - reason unknown", - "FragmentMessageTypeMismatch-DTLS":"Test failure - reason unknown", - "SendWarningAlerts-Pass":"Test failure - reason unknown", - "SendWarningAlerts-DTLS-Pass":"Test failure - reason unknown", - "TooManyKeyUpdates":"Test failure - reason unknown", - "Unclean-Shutdown-Alert":"Test failure - reason unknown", - "V2ClientHello-WarningAlertPrefix":"Test failure - reason unknown", - "BadHelloRequest-2":"Test failure - reason unknown", - "DTLS-SendExtraFinished":"Test failure - reason unknown", - "NoNullCompression-TLS12":"Test failure - reason unknown", - "KeyUpdate-Client":"Test failure - reason unknown", - "KeyUpdate-InvalidRequestMode":"Test failure - reason unknown", - "DTLS-SendExtraFinished-Reordered":"Test failure - reason unknown", - "LargeMessage-Reject-DTLS":"Test failure - reason unknown", - "KeyUpdate-Server":"Test failure - reason unknown", - "SSL3-ECDHE-PSK-AES128-CBC-SHA-server":"Test failure - reason unknown", - "SSL3-ECDHE-PSK-AES256-CBC-SHA-server":"Test failure - reason unknown", - "DTLS1-NULL-SHA-server":"Test failure - reason unknown", - "DTLS1-NULL-SHA-client":"Test failure - reason unknown", - "DTLS12-NULL-SHA-client":"Test failure - reason unknown", - "DTLS12-NULL-SHA-server":"Test failure - reason unknown", - "BadECDSA-1-4":"Test failure - reason unknown", - "BadECDSA-3-4":"Test failure - reason unknown", - "BadECDSA-4-1":"Test failure - reason unknown", - "BadECDSA-4-4":"Test failure - reason unknown", - "BadECDSA-4-3":"Test failure - reason unknown", - "SillyDH":"Test failure - reason unknown", - "VersionNegotiationExtension-TLS1-DTLS":"Test failure - reason unknown", - "NoSupportedVersions-DTLS":"Test failure - reason unknown", - "VersionTooLow-DTLS":"Test failure - reason unknown", - "IgnoreClientVersionOrder":"Test failure - reason unknown", - "VersionTooLow":"Test failure - reason unknown", - "MinimumVersion-Server-TLS1-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server2-TLS1-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS1-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server2-TLS11-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server-TLS11-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS11-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS11-TLS1":"Test failure - reason unknown", - "MinimumVersion-Server2-TLS12-SSL3":"Test failure - reason unknown", - "MinimumVersion-Server-TLS12-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-TLS1":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-SSL3":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-TLS1-DTLS":"Test failure - reason unknown", - "MinimumVersion-Client2-TLS12-TLS11":"Test failure - reason unknown", - "DuplicateExtensionClient-TLS1":"Test failure - reason unknown", - "DuplicateExtensionServer-TLS1":"Test failure - reason unknown", - "ALPNClient-Mismatch-TLS1":"Test failure - reason unknown", - "UnsolicitedServerNameAck-TLS1":"Test failure - reason unknown", - "ALPNServer-Decline-TLS1":"Test failure - reason unknown", - "ALPNClient-EmptyProtocolName-TLS1":"Test failure - reason unknown", - "NegotiateALPNAndNPN-Swapped-TLS1":"Test failure - reason unknown", - "NegotiateALPNAndNPN-TLS1":"Test failure - reason unknown", - "TicketSessionIDLength-33-TLS1":"Test failure - reason unknown", - "DuplicateExtensionClient-TLS11":"Test failure - reason unknown", - "DuplicateExtensionServer-TLS11":"Test failure - reason unknown", - "UnsolicitedServerNameAck-TLS11":"Test failure - reason unknown", - "ALPNServer-Decline-TLS11":"Test failure - reason unknown", - "ALPNClient-Mismatch-TLS11":"Test failure - reason unknown", - "ALPNClient-EmptyProtocolName-TLS11":"Test failure - reason unknown", - "NegotiateALPNAndNPN-TLS11":"Test failure - reason unknown", - "NegotiateALPNAndNPN-Swapped-TLS11":"Test failure - reason unknown", - "TicketSessionIDLength-33-TLS11":"Test failure - reason unknown", - "DuplicateExtensionServer-TLS12":"Test failure - reason unknown", - "DuplicateExtensionClient-TLS12":"Test failure - reason unknown", - "UnsolicitedServerNameAck-TLS12":"Test failure - reason unknown", - "ALPNServer-Decline-TLS12":"Test failure - reason unknown", - "ALPNClient-Mismatch-TLS12":"Test failure - reason unknown", - "ALPNClient-EmptyProtocolName-TLS12":"Test failure - reason unknown", - "NegotiateALPNAndNPN-TLS12":"Test failure - reason unknown", - "NegotiateALPNAndNPN-Swapped-TLS12":"Test failure - reason unknown", - "TicketSessionIDLength-33-TLS12":"Test failure - reason unknown", - "ClientHelloPadding":"Test failure - reason unknown", - "Resume-Server-UnofferedCipher":"Test failure - reason unknown", - "Resume-Client-CipherMismatch":"Test failure - reason unknown", - "Resume-Server-ExtraIdentityNoBinder":"Test failure - reason unknown", - "Resume-Server-BinderWrongLength":"Test failure - reason unknown", - "Resume-Server-ExtraPSKBinder":"Test failure - reason unknown", - "Resume-Server-NoPSKBinder":"Test failure - reason unknown", - "Resume-Server-PSKBinderFirstExtension":"Test failure - reason unknown", - "Resume-Server-InvalidPSKBinder":"Test failure - reason unknown", - "ExtendedMasterSecret-NoToYes-Client":"Test failure - reason unknown", - "Renegotiate-Server-Forbidden":"Test failure - reason unknown", - "ExtendedMasterSecret-Renego-NoEMS":"Test failure - reason unknown", - "Renegotiate-Client-SwitchVersion":"Test failure - reason unknown", - "Renegotiate-Client-Upgrade":"Test failure - reason unknown", - "Renegotiate-SameClientVersion":"Test failure - reason unknown", - "Renegotiate-Client-Downgrade":"Test failure - reason unknown", - "Renegotiate-Client-SwitchCiphers2":"Test failure - reason unknown", - "Renegotiate-Client-SwitchCiphers":"Test failure - reason unknown", - "Renegotiate-Client-Forbidden-1":"Test failure - reason unknown", - "StrayHelloRequest":"Test failure - reason unknown", - "Renegotiate-Client-Freely-2":"Test failure - reason unknown", - "Renegotiate-Client-NoIgnore":"Test failure - reason unknown", - "StrayHelloRequest-Packed":"Test failure - reason unknown", - "Renegotiate-Client-Freely-1":"Test failure - reason unknown", - "Renegotiation-CertificateChange":"Test failure - reason unknown", - "Renegotiation-CertificateChange-2":"Test failure - reason unknown", - "Renegotiate-Client-SSL3":"Test failure - reason unknown", - "ClientAuth-SHA1-Fallback-ECDSA":"Test failure - reason unknown", - "ClientAuth-SHA1-Fallback-RSA":"Test failure - reason unknown", - "P224-Server":"Test failure - reason unknown", - "RSA-PSS-Large":"Test failure - reason unknown", - "DTLS-Retransmit-Client-1":"Test failure - reason unknown", - "DTLS-Retransmit-Client-2":"Test failure - reason unknown", - "DTLS-Retransmit-Server-1":"Test failure - reason unknown", - "DTLS-Retransmit-Server-2":"Test failure - reason unknown", - "DTLS-Retransmit-Client-3":"Test failure - reason unknown", - "DTLS-Retransmit-Server-3":"Test failure - reason unknown", - "DTLS-Retransmit-Client-4":"Test failure - reason unknown", - "Renegotiate-Client-Packed":"Test failure - reason unknown", - "DTLS-Retransmit-Server-4":"Test failure - reason unknown", - "DTLS-Retransmit-Client-5":"Test failure - reason unknown", - "DTLS-Retransmit-Server-6":"Test failure - reason unknown", - "DTLS-Retransmit-Client-6":"Test failure - reason unknown", - "DTLS-Retransmit-Server-5":"Test failure - reason unknown", - "DTLS-Retransmit-Client-7":"Test failure - reason unknown", - "DTLS-Retransmit-Server-7":"Test failure - reason unknown", - "DTLS-Retransmit-Client-8":"Test failure - reason unknown", - "DTLS-Retransmit-Client-9":"Test failure - reason unknown", - "DTLS-Retransmit-Server-8":"Test failure - reason unknown", - "DTLS-Retransmit-Server-9":"Test failure - reason unknown", - "DTLS-Retransmit-Client-10":"Test failure - reason unknown", - "DTLS-Retransmit-Client-11":"Test failure - reason unknown", - "DTLS-Retransmit-Server-10":"Test failure - reason unknown", - "DTLS-Retransmit-Server-11":"Test failure - reason unknown", - "CustomExtensions-ParseError-Server":"Test failure - reason unknown", - "CustomExtensions-FailAdd-Server":"Test failure - reason unknown", - "CustomExtensions-FailAdd-Client":"Test failure - reason unknown", - "CustomExtensions-ParseError-Client":"Test failure - reason unknown", - "UnknownExtension-Client":"Test failure - reason unknown", - "UnofferedExtension-Client":"Test failure - reason unknown", - "PointFormat-Client-MissingUncompressed":"Test failure - reason unknown", - "PointFormat-Server-MissingUncompressed":"Test failure - reason unknown", - "Basic-Client-RenewTicket-Sync":"Test failure - reason unknown", - "Renegotiate-Client-Sync":"Test failure - reason unknown", - "Shutdown-Shim-Sync":"Test failure - reason unknown", - "Basic-Client-RenewTicket-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Renegotiate-Client-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Shutdown-Shim-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Client-RenewTicket-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "Renegotiate-Client-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "Shutdown-Shim-Sync-PackHandshakeFlight":"Test failure - reason unknown", - "Basic-Client-RenewTicket-DTLS-Sync":"Test failure - reason unknown", - "Basic-Client-RenewTicket-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-Implicit-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "ClientAuth-NoCertificate-Server-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "ClientAuth-ECDSA-Client-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-ECDHE-RSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-ECDHE-ECDSA-DTLS-Sync-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Client-RenewTicket-Async":"Test failure - reason unknown", - "Shutdown-Shim-Async":"Test failure - reason unknown", - "Basic-Client-RenewTicket-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "Shutdown-Shim-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Client-RenewTicket-Async-PackHandshakeFlight":"Test failure - reason unknown", - "Shutdown-Shim-Async-PackHandshakeFlight":"Test failure - reason unknown", - "Basic-Client-RenewTicket-DTLS-Async":"Test failure - reason unknown", - "Basic-Client-RenewTicket-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-Implicit-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "ClientAuth-NoCertificate-Server-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "ClientAuth-ECDSA-Client-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-ECDHE-RSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "Basic-Server-ECDHE-ECDSA-DTLS-Async-SplitHandshakeRecords":"Test failure - reason unknown", - "SendUnencryptedFinished-DTLS":"Test failure - reason unknown", - "PartialEncryptedExtensionsWithServerHello":"Test failure - reason unknown", - "StrayChangeCipherSpec":"Test failure - reason unknown", - "PartialClientFinishedWithClientHello":"Test failure - reason unknown", - "TrailingMessageData-ClientHello":"Test failure - reason unknown", - "TrailingMessageData-ServerHello":"Test failure - reason unknown", - "TrailingMessageData-ServerCertificate":"Test failure - reason unknown", - "TrailingMessageData-ServerKeyExchange":"Test failure - reason unknown", - "TrailingMessageData-CertificateRequest":"Test failure - reason unknown", - "TrailingMessageData-ServerHelloDone":"Test failure - reason unknown", - "TrailingMessageData-ClientKeyExchange":"Test failure - reason unknown", - "TrailingMessageData-ClientCertificate":"Test failure - reason unknown", - "TrailingMessageData-CertificateVerify":"Test failure - reason unknown", - "TrailingMessageData-NextProtocol":"Test failure - reason unknown", - "TrailingMessageData-NewSessionTicket":"Test failure - reason unknown", - "TrailingMessageData-ClientFinished":"Test failure - reason unknown", - "TrailingMessageData-ServerFinished":"Test failure - reason unknown", - "TrailingMessageData-HelloVerifyRequest-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ServerHello-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ServerCertificate-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ServerKeyExchange-DTLS":"Test failure - reason unknown", - "TrailingMessageData-CertificateRequest-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ServerHelloDone-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ClientCertificate-DTLS":"Test failure - reason unknown", - "TrailingMessageData-CertificateVerify-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ClientKeyExchange-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ClientFinished-DTLS":"Test failure - reason unknown", - "TrailingMessageData-NewSessionTicket-DTLS":"Test failure - reason unknown", - "TrailingMessageData-ServerFinished-DTLS":"Test failure - reason unknown", - "MissingKeyShare-Client":"Test failure - reason unknown", - "MissingKeyShare-Server":"Test failure - reason unknown", - "DuplicateKeyShares":"Test failure - reason unknown", - "SkipEarlyData":"Test failure - reason unknown", - "SkipEarlyData-OmitEarlyDataExtension":"Test failure - reason unknown", - "SkipEarlyData-TooMuchData":"Test failure - reason unknown", - "SkipEarlyData-Interleaved":"Test failure - reason unknown", - "SkipEarlyData-HRR":"Test failure - reason unknown", - "SkipEarlyData-HRR-Interleaved":"Test failure - reason unknown", - "SkipEarlyData-HRR-TooMuchData":"Test failure - reason unknown", - "SkipEarlyData-HRR-FatalAlert":"Test failure - reason unknown", - "SkipEarlyData-EarlyDataInTLS12":"Test failure - reason unknown", - "SkipEarlyData-SecondClientHelloEarlyData":"Test failure - reason unknown", - "EmptyEncryptedExtensions":"Test failure - reason unknown", - "EncryptedExtensionsWithKeyShare":"Test failure - reason unknown", - "UnknownCurve-HelloRetryRequest":"Test failure - reason unknown", - "UnnecessaryHelloRetryRequest":"Test failure - reason unknown", - "HelloRetryRequest-Empty":"Test failure - reason unknown", - "SecondHelloRetryRequest":"Test failure - reason unknown", - "HelloRetryRequest-DuplicateCurve":"Test failure - reason unknown", - "HelloRetryRequest-DuplicateCookie":"Test failure - reason unknown", - "HelloRetryRequest-EmptyCookie":"Test failure - reason unknown", - "HelloRetryRequest-Unknown":"Test failure - reason unknown", - "SecondClientHelloMissingKeyShare":"Test failure - reason unknown", - "SecondClientHelloWrongCurve":"Test failure - reason unknown", - "HelloRetryRequestVersionMismatch":"Test failure - reason unknown", - "HelloRetryRequestCurveMismatch":"Test failure - reason unknown", - "SkipHelloRetryRequest":"Test failure - reason unknown", - "Peek-Renegotiate":"Test failure - reason unknown", - "Peek-KeyUpdate":"Test failure - reason unknown", - "DTLS-Retransmit-Client-12":"Test failure - reason unknown", - "DTLS-Retransmit-Timeout":"Test failure - reason unknown", - "DTLS-Retransmit-Server-12":"Test failure - reason unknown", - "DTLS-Retransmit-Fudge":"Test failure - reason unknown", - "DTLS-Retransmit-Fragmented":"Test failure - reason unknown", - "TrailingMessageData-ClientHello-DTLS":"Test failure - reason unknown", - "SendFallbackSCSV":"Current runner version uses old draft TLSv1.3", - "VersionNegotiationExtension-TLS11":"Current runner version uses old draft TLSv1.3", - "VersionNegotiationExtension-TLS1":"Current runner version uses old draft TLSv1.3", - "VersionNegotiationExtension-SSL3":"Current runner version uses old draft TLSv1.3", - "ConflictingVersionNegotiation":"Current runner version uses old draft TLSv1.3" - }, - "ErrorMap" : { - ":UNEXPECTED_MESSAGE:":"unexpected message", - ":INAPPROPRIATE_FALLBACK:":"inappropriate fallback", - ":UNEXPECTED_RECORD:":"unexpected message", - ":TLSV1_ALERT_RECORD_OVERFLOW:":"tlsv1 alert record overflow", - ":WRONG_SSL_VERSION:":"no protocols available", - ":BAD_ALERT:":"invalid alert", - ":HTTP_REQUEST:":"http request", - ":HTTPS_PROXY_REQUEST:":"https proxy request", - ":WRONG_CERTIFICATE_TYPE:":"wrong certificate type", - ":WRONG_VERSION_NUMBER:":"wrong version number", - ":DECRYPTION_FAILED_OR_BAD_RECORD_MAC:":"decryption failed or bad record mac", - ":DIGEST_CHECK_FAILED:":"digest check failed", - ":TOO_MANY_EMPTY_FRAGMENTS:":"record too small", - ":TOO_MANY_WARNING_ALERTS:":"too many warn alerts", - ":DATA_LENGTH_TOO_LONG:":"data length too long", - ":EXCESSIVE_MESSAGE_SIZE:":"excessive message size", - ":ENCRYPTED_LENGTH_TOO_LONG:":"packet length too long", - ":INVALID_COMPRESSION_LIST:":"no compression specified", - ":NO_SHARED_CIPHER:":"no shared cipher", - ":WRONG_CIPHER_RETURNED:":"wrong cipher returned", - ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"sslv3 alert handshake failure", - ":UNKNOWN_CIPHER_RETURNED:":"unknown cipher returned", - ":BAD_SIGNATURE:":"bad signature", - ":BAD_DH_P_LENGTH:":"dh key too small", - ":PEER_DID_NOT_RETURN_A_CERTIFICATE:":"peer did not return a certificate", - ":UNSUPPORTED_PROTOCOL:":"unsupported protocol", - ":PARSE_TLSEXT:":"bad extension", - ":BAD_SRTP_PROTECTION_PROFILE_LIST:":"bad srtp protection profile list", - ":OLD_SESSION_VERSION_NOT_RETURNED:":"ssl session version mismatch", - ":RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION:":"inconsistent extms", - ":RENEGOTIATION_EMS_MISMATCH:":"inconsistent extms", - ":RENEGOTIATION_MISMATCH:":"renegotiation mismatch", - ":WRONG_SIGNATURE_TYPE:":"wrong signature type", - ":BAD_ECC_CERT:":"wrong curve", - ":WRONG_CURVE:":"wrong curve", - ":INVALID_ENCODING:":"invalid encoding", - ":CERTIFICATE_VERIFY_FAILED:":"certificate verify failed", - ":BAD_CHANGE_CIPHER_SPEC:":"bad change cipher spec", - ":ECC_CERT_NOT_FOR_SIGNING:":"ecc cert not for signing", - ":OLD_SESSION_CIPHER_NOT_RETURNED:":"old session cipher not returned", - ":RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION:":"inconsistent extms" - } -} diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc deleted file mode 100644 index 7ea8050ae7..0000000000 --- a/test/ossl_shim/ossl_shim.cc +++ /dev/null @@ -1,1312 +0,0 @@ -/* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#if !defined(__STDC_FORMAT_MACROS) -#define __STDC_FORMAT_MACROS -#endif - -#include "packeted_bio.h" -#include - -#if !defined(OPENSSL_SYS_WINDOWS) -#include -#include -#include -#include -#include -#include -#include -#else -#include -OPENSSL_MSVC_PRAGMA(warning(push, 3)) -#include -#include -OPENSSL_MSVC_PRAGMA(warning(pop)) - -OPENSSL_MSVC_PRAGMA(comment(lib, "Ws2_32.lib")) -#endif - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "async_bio.h" -#include "test_config.h" - -namespace bssl { - -#if !defined(OPENSSL_SYS_WINDOWS) -static int closesocket(int sock) { - return close(sock); -} - -static void PrintSocketError(const char *func) { - perror(func); -} -#else -static void PrintSocketError(const char *func) { - fprintf(stderr, "%s: %d\n", func, WSAGetLastError()); -} -#endif - -static int Usage(const char *program) { - fprintf(stderr, "Usage: %s [flags...]\n", program); - return 1; -} - -struct TestState { - // async_bio is async BIO which pauses reads and writes. - BIO *async_bio = nullptr; - // packeted_bio is the packeted BIO which simulates read timeouts. - BIO *packeted_bio = nullptr; - bool cert_ready = false; - bool handshake_done = false; - // private_key is the underlying private key used when testing custom keys. - bssl::UniquePtr private_key; - bool got_new_session = false; - bssl::UniquePtr new_session; - bool ticket_decrypt_done = false; - bool alpn_select_done = false; -}; - -static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int index, long argl, void *argp) { - delete ((TestState *)ptr); -} - -static int g_config_index = 0; -static int g_state_index = 0; - -static bool SetTestConfig(SSL *ssl, const TestConfig *config) { - return SSL_set_ex_data(ssl, g_config_index, (void *)config) == 1; -} - -static const TestConfig *GetTestConfig(const SSL *ssl) { - return (const TestConfig *)SSL_get_ex_data(ssl, g_config_index); -} - -static bool SetTestState(SSL *ssl, std::unique_ptr state) { - // |SSL_set_ex_data| takes ownership of |state| only on success. - if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) { - state.release(); - return true; - } - return false; -} - -static TestState *GetTestState(const SSL *ssl) { - return (TestState *)SSL_get_ex_data(ssl, g_state_index); -} - -static bssl::UniquePtr LoadCertificate(const std::string &file) { - bssl::UniquePtr bio(BIO_new(BIO_s_file())); - if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { - return nullptr; - } - return bssl::UniquePtr(PEM_read_bio_X509(bio.get(), NULL, NULL, NULL)); -} - -static bssl::UniquePtr LoadPrivateKey(const std::string &file) { - bssl::UniquePtr bio(BIO_new(BIO_s_file())); - if (!bio || !BIO_read_filename(bio.get(), file.c_str())) { - return nullptr; - } - return bssl::UniquePtr( - PEM_read_bio_PrivateKey(bio.get(), NULL, NULL, NULL)); -} - -template -struct Free { - void operator()(T *buf) { - free(buf); - } -}; - -static bool GetCertificate(SSL *ssl, bssl::UniquePtr *out_x509, - bssl::UniquePtr *out_pkey) { - const TestConfig *config = GetTestConfig(ssl); - - if (!config->key_file.empty()) { - *out_pkey = LoadPrivateKey(config->key_file.c_str()); - if (!*out_pkey) { - return false; - } - } - if (!config->cert_file.empty()) { - *out_x509 = LoadCertificate(config->cert_file.c_str()); - if (!*out_x509) { - return false; - } - } - return true; -} - -static bool InstallCertificate(SSL *ssl) { - bssl::UniquePtr x509; - bssl::UniquePtr pkey; - if (!GetCertificate(ssl, &x509, &pkey)) { - return false; - } - - if (pkey && !SSL_use_PrivateKey(ssl, pkey.get())) { - return false; - } - - if (x509 && !SSL_use_certificate(ssl, x509.get())) { - return false; - } - - return true; -} - -static int ClientCertCallback(SSL *ssl, X509 **out_x509, EVP_PKEY **out_pkey) { - if (GetTestConfig(ssl)->async && !GetTestState(ssl)->cert_ready) { - return -1; - } - - bssl::UniquePtr x509; - bssl::UniquePtr pkey; - if (!GetCertificate(ssl, &x509, &pkey)) { - return -1; - } - - // Return zero for no certificate. - if (!x509) { - return 0; - } - - // Asynchronous private keys are not supported with client_cert_cb. - *out_x509 = x509.release(); - *out_pkey = pkey.release(); - return 1; -} - -static int VerifySucceed(X509_STORE_CTX *store_ctx, void *arg) { - return 1; -} - -static int VerifyFail(X509_STORE_CTX *store_ctx, void *arg) { - X509_STORE_CTX_set_error(store_ctx, X509_V_ERR_APPLICATION_VERIFICATION); - return 0; -} - -static int NextProtosAdvertisedCallback(SSL *ssl, const uint8_t **out, - unsigned int *out_len, void *arg) { - const TestConfig *config = GetTestConfig(ssl); - if (config->advertise_npn.empty()) { - return SSL_TLSEXT_ERR_NOACK; - } - - *out = (const uint8_t*)config->advertise_npn.data(); - *out_len = config->advertise_npn.size(); - return SSL_TLSEXT_ERR_OK; -} - -static int NextProtoSelectCallback(SSL* ssl, uint8_t** out, uint8_t* outlen, - const uint8_t* in, unsigned inlen, void* arg) { - const TestConfig *config = GetTestConfig(ssl); - if (config->select_next_proto.empty()) { - return SSL_TLSEXT_ERR_NOACK; - } - - *out = (uint8_t*)config->select_next_proto.data(); - *outlen = config->select_next_proto.size(); - return SSL_TLSEXT_ERR_OK; -} - -static int AlpnSelectCallback(SSL* ssl, const uint8_t** out, uint8_t* outlen, - const uint8_t* in, unsigned inlen, void* arg) { - if (GetTestState(ssl)->alpn_select_done) { - fprintf(stderr, "AlpnSelectCallback called after completion.\n"); - exit(1); - } - - GetTestState(ssl)->alpn_select_done = true; - - const TestConfig *config = GetTestConfig(ssl); - if (config->decline_alpn) { - return SSL_TLSEXT_ERR_NOACK; - } - - if (!config->expected_advertised_alpn.empty() && - (config->expected_advertised_alpn.size() != inlen || - memcmp(config->expected_advertised_alpn.data(), - in, inlen) != 0)) { - fprintf(stderr, "bad ALPN select callback inputs\n"); - exit(1); - } - - *out = (const uint8_t*)config->select_alpn.data(); - *outlen = config->select_alpn.size(); - return SSL_TLSEXT_ERR_OK; -} - -static unsigned PskClientCallback(SSL *ssl, const char *hint, - char *out_identity, - unsigned max_identity_len, - uint8_t *out_psk, unsigned max_psk_len) { - const TestConfig *config = GetTestConfig(ssl); - - if (config->psk_identity.empty()) { - if (hint != nullptr) { - fprintf(stderr, "Server PSK hint was non-null.\n"); - return 0; - } - } else if (hint == nullptr || - strcmp(hint, config->psk_identity.c_str()) != 0) { - fprintf(stderr, "Server PSK hint did not match.\n"); - return 0; - } - - // Account for the trailing '\0' for the identity. - if (config->psk_identity.size() >= max_identity_len || - config->psk.size() > max_psk_len) { - fprintf(stderr, "PSK buffers too small\n"); - return 0; - } - - OPENSSL_strlcpy(out_identity, config->psk_identity.c_str(), - max_identity_len); - memcpy(out_psk, config->psk.data(), config->psk.size()); - return config->psk.size(); -} - -static unsigned PskServerCallback(SSL *ssl, const char *identity, - uint8_t *out_psk, unsigned max_psk_len) { - const TestConfig *config = GetTestConfig(ssl); - - if (strcmp(identity, config->psk_identity.c_str()) != 0) { - fprintf(stderr, "Client PSK identity did not match.\n"); - return 0; - } - - if (config->psk.size() > max_psk_len) { - fprintf(stderr, "PSK buffers too small\n"); - return 0; - } - - memcpy(out_psk, config->psk.data(), config->psk.size()); - return config->psk.size(); -} - -static int CertCallback(SSL *ssl, void *arg) { - const TestConfig *config = GetTestConfig(ssl); - - // Check the CertificateRequest metadata is as expected. - // - // TODO(davidben): Test |SSL_get_client_CA_list|. - if (!SSL_is_server(ssl) && - !config->expected_certificate_types.empty()) { - const uint8_t *certificate_types; - size_t certificate_types_len = - SSL_get0_certificate_types(ssl, &certificate_types); - if (certificate_types_len != config->expected_certificate_types.size() || - memcmp(certificate_types, - config->expected_certificate_types.data(), - certificate_types_len) != 0) { - fprintf(stderr, "certificate types mismatch\n"); - return 0; - } - } - - // The certificate will be installed via other means. - if (!config->async || - config->use_old_client_cert_callback) { - return 1; - } - - if (!GetTestState(ssl)->cert_ready) { - return -1; - } - if (!InstallCertificate(ssl)) { - return 0; - } - return 1; -} - -static void InfoCallback(const SSL *ssl, int type, int val) { - if (type == SSL_CB_HANDSHAKE_DONE) { - if (GetTestConfig(ssl)->handshake_never_done) { - fprintf(stderr, "Handshake unexpectedly completed.\n"); - // Abort before any expected error code is printed, to ensure the overall - // test fails. - abort(); - } - GetTestState(ssl)->handshake_done = true; - - // Callbacks may be called again on a new handshake. - GetTestState(ssl)->ticket_decrypt_done = false; - GetTestState(ssl)->alpn_select_done = false; - } -} - -static int NewSessionCallback(SSL *ssl, SSL_SESSION *session) { - GetTestState(ssl)->got_new_session = true; - GetTestState(ssl)->new_session.reset(session); - return 1; -} - -static int TicketKeyCallback(SSL *ssl, uint8_t *key_name, uint8_t *iv, - EVP_CIPHER_CTX *ctx, EVP_MAC_CTX *hmac_ctx, - int encrypt) { - OSSL_PARAM params[2], *p = params; - - if (!encrypt) { - if (GetTestState(ssl)->ticket_decrypt_done) { - fprintf(stderr, "TicketKeyCallback called after completion.\n"); - return -1; - } - - GetTestState(ssl)->ticket_decrypt_done = true; - } - - // This is just test code, so use the all-zeros key. - static const uint8_t kZeros[16] = {0}; - - if (encrypt) { - memcpy(key_name, kZeros, sizeof(kZeros)); - RAND_bytes(iv, 16); - } else if (memcmp(key_name, kZeros, 16) != 0) { - return 0; - } - - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - const_cast("SHA256"), 0); - *p = OSSL_PARAM_construct_end(); - - if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, kZeros, iv, encrypt) - || !EVP_MAC_init(hmac_ctx, kZeros, sizeof(kZeros), params)) { - return -1; - } - - if (!encrypt) { - return GetTestConfig(ssl)->renew_ticket ? 2 : 1; - } - return 1; -} - -// kCustomExtensionValue is the extension value that the custom extension -// callbacks will add. -static const uint16_t kCustomExtensionValue = 1234; -static void *const kCustomExtensionAddArg = - reinterpret_cast(kCustomExtensionValue); -static void *const kCustomExtensionParseArg = - reinterpret_cast(kCustomExtensionValue + 1); -static const char kCustomExtensionContents[] = "custom extension"; - -static int CustomExtensionAddCallback(SSL *ssl, unsigned extension_value, - const uint8_t **out, size_t *out_len, - int *out_alert_value, void *add_arg) { - if (extension_value != kCustomExtensionValue || - add_arg != kCustomExtensionAddArg) { - abort(); - } - - if (GetTestConfig(ssl)->custom_extension_skip) { - return 0; - } - if (GetTestConfig(ssl)->custom_extension_fail_add) { - return -1; - } - - *out = reinterpret_cast(kCustomExtensionContents); - *out_len = sizeof(kCustomExtensionContents) - 1; - - return 1; -} - -static void CustomExtensionFreeCallback(SSL *ssl, unsigned extension_value, - const uint8_t *out, void *add_arg) { - if (extension_value != kCustomExtensionValue || - add_arg != kCustomExtensionAddArg || - out != reinterpret_cast(kCustomExtensionContents)) { - abort(); - } -} - -static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, - const uint8_t *contents, - size_t contents_len, - int *out_alert_value, void *parse_arg) { - if (extension_value != kCustomExtensionValue || - parse_arg != kCustomExtensionParseArg) { - abort(); - } - - if (contents_len != sizeof(kCustomExtensionContents) - 1 || - memcmp(contents, kCustomExtensionContents, contents_len) != 0) { - *out_alert_value = SSL_AD_DECODE_ERROR; - return 0; - } - - return 1; -} - -static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) { - // SNI must be accessible from the SNI callback. - const TestConfig *config = GetTestConfig(ssl); - const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (server_name == nullptr || - std::string(server_name) != config->expected_server_name) { - fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, - config->expected_server_name.c_str()); - return SSL_TLSEXT_ERR_ALERT_FATAL; - } - - return SSL_TLSEXT_ERR_OK; -} - -// Connect returns a new socket connected to localhost on |port| or -1 on -// error. -static int Connect(uint16_t port) { - int sock = socket(AF_INET, SOCK_STREAM, 0); - if (sock == -1) { - PrintSocketError("socket"); - return -1; - } - int nodelay = 1; - if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, - reinterpret_cast(&nodelay), sizeof(nodelay)) != 0) { - PrintSocketError("setsockopt"); - closesocket(sock); - return -1; - } - sockaddr_in sin; - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_port = htons(port); - if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) { - PrintSocketError("inet_pton"); - closesocket(sock); - return -1; - } - if (connect(sock, reinterpret_cast(&sin), - sizeof(sin)) != 0) { - PrintSocketError("connect"); - closesocket(sock); - return -1; - } - return sock; -} - -class SocketCloser { - public: - explicit SocketCloser(int sock) : sock_(sock) {} - ~SocketCloser() { - // Half-close and drain the socket before releasing it. This seems to be - // necessary for graceful shutdown on Windows. It will also avoid write - // failures in the test runner. -#if defined(OPENSSL_SYS_WINDOWS) - shutdown(sock_, SD_SEND); -#else - shutdown(sock_, SHUT_WR); -#endif - while (true) { - char buf[1024]; - if (recv(sock_, buf, sizeof(buf), 0) <= 0) { - break; - } - } - closesocket(sock_); - } - - private: - const int sock_; -}; - -static bssl::UniquePtr SetupCtx(const TestConfig *config) { - const char sess_id_ctx[] = "ossl_shim"; - bssl::UniquePtr ssl_ctx(SSL_CTX_new( - config->is_dtls ? DTLS_method() : TLS_method())); - if (!ssl_ctx) { - return nullptr; - } - - SSL_CTX_set_security_level(ssl_ctx.get(), 0); -#if 0 - /* Disabled for now until we have some TLS1.3 support */ - // Enable TLS 1.3 for tests. - if (!config->is_dtls && - !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_3_VERSION)) { - return nullptr; - } -#else - /* Ensure we don't negotiate TLSv1.3 until we can handle it */ - if (!config->is_dtls && - !SSL_CTX_set_max_proto_version(ssl_ctx.get(), TLS1_2_VERSION)) { - return nullptr; - } -#endif - - std::string cipher_list = "ALL"; - if (!config->cipher.empty()) { - cipher_list = config->cipher; - SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_CIPHER_SERVER_PREFERENCE); - } - if (!SSL_CTX_set_cipher_list(ssl_ctx.get(), cipher_list.c_str())) { - return nullptr; - } - - DH *tmpdh; - - if (config->use_sparse_dh_prime) { - BIGNUM *p, *g; - p = BN_new(); - g = BN_new(); - tmpdh = DH_new(); - if (p == NULL || g == NULL || tmpdh == NULL) { - BN_free(p); - BN_free(g); - DH_free(tmpdh); - return nullptr; - } - // This prime number is 2^1024 + 643 – a value just above a power of two. - // Because of its form, values modulo it are essentially certain to be one - // byte shorter. This is used to test padding of these values. - if (BN_hex2bn( - &p, - "1000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000028" - "3") == 0 || - !BN_set_word(g, 2)) { - BN_free(p); - BN_free(g); - DH_free(tmpdh); - return nullptr; - } - DH_set0_pqg(tmpdh, p, NULL, g); - } else { - tmpdh = DH_get_2048_256(); - } - - bssl::UniquePtr dh(tmpdh); - - if (!dh || !SSL_CTX_set_tmp_dh(ssl_ctx.get(), dh.get())) { - return nullptr; - } - - SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH); - - if (config->use_old_client_cert_callback) { - SSL_CTX_set_client_cert_cb(ssl_ctx.get(), ClientCertCallback); - } - - SSL_CTX_set_npn_advertised_cb( - ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); - if (!config->select_next_proto.empty()) { - SSL_CTX_set_next_proto_select_cb(ssl_ctx.get(), NextProtoSelectCallback, - NULL); - } - - if (!config->select_alpn.empty() || config->decline_alpn) { - SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), AlpnSelectCallback, NULL); - } - - SSL_CTX_set_info_callback(ssl_ctx.get(), InfoCallback); - SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback); - - if (config->use_ticket_callback) { - SSL_CTX_set_tlsext_ticket_key_evp_cb(ssl_ctx.get(), TicketKeyCallback); - } - - if (config->enable_client_custom_extension && - !SSL_CTX_add_client_custom_ext( - ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, - CustomExtensionFreeCallback, kCustomExtensionAddArg, - CustomExtensionParseCallback, kCustomExtensionParseArg)) { - return nullptr; - } - - if (config->enable_server_custom_extension && - !SSL_CTX_add_server_custom_ext( - ssl_ctx.get(), kCustomExtensionValue, CustomExtensionAddCallback, - CustomExtensionFreeCallback, kCustomExtensionAddArg, - CustomExtensionParseCallback, kCustomExtensionParseArg)) { - return nullptr; - } - - if (config->verify_fail) { - SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifyFail, NULL); - } else { - SSL_CTX_set_cert_verify_callback(ssl_ctx.get(), VerifySucceed, NULL); - } - - if (config->use_null_client_ca_list) { - SSL_CTX_set_client_CA_list(ssl_ctx.get(), nullptr); - } - - if (!SSL_CTX_set_session_id_context(ssl_ctx.get(), - (const unsigned char *)sess_id_ctx, - sizeof(sess_id_ctx) - 1)) - return nullptr; - - if (!config->expected_server_name.empty()) { - SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback); - } - - return ssl_ctx; -} - -// RetryAsync is called after a failed operation on |ssl| with return code -// |ret|. If the operation should be retried, it simulates one asynchronous -// event and returns true. Otherwise it returns false. -static bool RetryAsync(SSL *ssl, int ret) { - // No error; don't retry. - if (ret >= 0) { - return false; - } - - TestState *test_state = GetTestState(ssl); - assert(GetTestConfig(ssl)->async); - - if (test_state->packeted_bio != nullptr && - PacketedBioAdvanceClock(test_state->packeted_bio)) { - // The DTLS retransmit logic silently ignores write failures. So the test - // may progress, allow writes through synchronously. - AsyncBioEnforceWriteQuota(test_state->async_bio, false); - int timeout_ret = DTLSv1_handle_timeout(ssl); - AsyncBioEnforceWriteQuota(test_state->async_bio, true); - - if (timeout_ret < 0) { - fprintf(stderr, "Error retransmitting.\n"); - return false; - } - return true; - } - - // See if we needed to read or write more. If so, allow one byte through on - // the appropriate end to maximally stress the state machine. - switch (SSL_get_error(ssl, ret)) { - case SSL_ERROR_WANT_READ: - AsyncBioAllowRead(test_state->async_bio, 1); - return true; - case SSL_ERROR_WANT_WRITE: - AsyncBioAllowWrite(test_state->async_bio, 1); - return true; - case SSL_ERROR_WANT_X509_LOOKUP: - test_state->cert_ready = true; - return true; - default: - return false; - } -} - -// DoRead reads from |ssl|, resolving any asynchronous operations. It returns -// the result value of the final |SSL_read| call. -static int DoRead(SSL *ssl, uint8_t *out, size_t max_out) { - const TestConfig *config = GetTestConfig(ssl); - TestState *test_state = GetTestState(ssl); - int ret; - do { - if (config->async) { - // The DTLS retransmit logic silently ignores write failures. So the test - // may progress, allow writes through synchronously. |SSL_read| may - // trigger a retransmit, so disconnect the write quota. - AsyncBioEnforceWriteQuota(test_state->async_bio, false); - } - ret = config->peek_then_read ? SSL_peek(ssl, out, max_out) - : SSL_read(ssl, out, max_out); - if (config->async) { - AsyncBioEnforceWriteQuota(test_state->async_bio, true); - } - } while (config->async && RetryAsync(ssl, ret)); - - if (config->peek_then_read && ret > 0) { - std::unique_ptr buf(new uint8_t[static_cast(ret)]); - - // SSL_peek should synchronously return the same data. - int ret2 = SSL_peek(ssl, buf.get(), ret); - if (ret2 != ret || - memcmp(buf.get(), out, ret) != 0) { - fprintf(stderr, "First and second SSL_peek did not match.\n"); - return -1; - } - - // SSL_read should synchronously return the same data and consume it. - ret2 = SSL_read(ssl, buf.get(), ret); - if (ret2 != ret || - memcmp(buf.get(), out, ret) != 0) { - fprintf(stderr, "SSL_peek and SSL_read did not match.\n"); - return -1; - } - } - - return ret; -} - -// WriteAll writes |in_len| bytes from |in| to |ssl|, resolving any asynchronous -// operations. It returns the result of the final |SSL_write| call. -static int WriteAll(SSL *ssl, const uint8_t *in, size_t in_len) { - const TestConfig *config = GetTestConfig(ssl); - int ret; - do { - ret = SSL_write(ssl, in, in_len); - if (ret > 0) { - in += ret; - in_len -= ret; - } - } while ((config->async && RetryAsync(ssl, ret)) || (ret > 0 && in_len > 0)); - return ret; -} - -// DoShutdown calls |SSL_shutdown|, resolving any asynchronous operations. It -// returns the result of the final |SSL_shutdown| call. -static int DoShutdown(SSL *ssl) { - const TestConfig *config = GetTestConfig(ssl); - int ret; - do { - ret = SSL_shutdown(ssl); - } while (config->async && RetryAsync(ssl, ret)); - return ret; -} - -static uint16_t GetProtocolVersion(const SSL *ssl) { - uint16_t version = SSL_version(ssl); - if (!SSL_is_dtls(ssl)) { - return version; - } - return 0x0201 + ~version; -} - -// CheckHandshakeProperties checks, immediately after |ssl| completes its -// initial handshake (or False Starts), whether all the properties are -// consistent with the test configuration and invariants. -static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { - const TestConfig *config = GetTestConfig(ssl); - - if (SSL_get_current_cipher(ssl) == nullptr) { - fprintf(stderr, "null cipher after handshake\n"); - return false; - } - - if (is_resume && - (!!SSL_session_reused(ssl) == config->expect_session_miss)) { - fprintf(stderr, "session was%s reused\n", - SSL_session_reused(ssl) ? "" : " not"); - return false; - } - - if (!GetTestState(ssl)->handshake_done) { - fprintf(stderr, "handshake was not completed\n"); - return false; - } - - if (!config->is_server) { - bool expect_new_session = - !config->expect_no_session && - (!SSL_session_reused(ssl) || config->expect_ticket_renewal) && - // Session tickets are sent post-handshake in TLS 1.3. - GetProtocolVersion(ssl) < TLS1_3_VERSION; - if (expect_new_session != GetTestState(ssl)->got_new_session) { - fprintf(stderr, - "new session was%s cached, but we expected the opposite\n", - GetTestState(ssl)->got_new_session ? "" : " not"); - return false; - } - } - - if (!config->expected_server_name.empty()) { - const char *server_name = - SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (server_name == nullptr || - std::string(server_name) != config->expected_server_name) { - fprintf(stderr, "servername mismatch (got %s; want %s)\n", - server_name, config->expected_server_name.c_str()); - return false; - } - } - - if (!config->expected_next_proto.empty()) { - const uint8_t *next_proto; - unsigned next_proto_len; - SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len); - if (next_proto_len != config->expected_next_proto.size() || - memcmp(next_proto, config->expected_next_proto.data(), - next_proto_len) != 0) { - fprintf(stderr, "negotiated next proto mismatch\n"); - return false; - } - } - - if (!config->expected_alpn.empty()) { - const uint8_t *alpn_proto; - unsigned alpn_proto_len; - SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len); - if (alpn_proto_len != config->expected_alpn.size() || - memcmp(alpn_proto, config->expected_alpn.data(), - alpn_proto_len) != 0) { - fprintf(stderr, "negotiated alpn proto mismatch\n"); - return false; - } - } - - if (config->expect_extended_master_secret) { - if (!SSL_get_extms_support(ssl)) { - fprintf(stderr, "No EMS for connection when expected"); - return false; - } - } - - if (config->expect_verify_result) { - int expected_verify_result = config->verify_fail ? - X509_V_ERR_APPLICATION_VERIFICATION : - X509_V_OK; - - if (SSL_get_verify_result(ssl) != expected_verify_result) { - fprintf(stderr, "Wrong certificate verification result\n"); - return false; - } - } - - if (!config->psk.empty()) { - if (SSL_get_peer_cert_chain(ssl) != nullptr) { - fprintf(stderr, "Received peer certificate on a PSK cipher.\n"); - return false; - } - } else if (!config->is_server || config->require_any_client_certificate) { - if (SSL_get0_peer_certificate(ssl) == nullptr) { - fprintf(stderr, "Received no peer certificate but expected one.\n"); - return false; - } - } - - return true; -} - -// DoExchange runs a test SSL exchange against the peer. On success, it returns -// true and sets |*out_session| to the negotiated SSL session. If the test is a -// resumption attempt, |is_resume| is true and |session| is the session from the -// previous exchange. -static bool DoExchange(bssl::UniquePtr *out_session, - SSL_CTX *ssl_ctx, const TestConfig *config, - bool is_resume, SSL_SESSION *session) { - bssl::UniquePtr ssl(SSL_new(ssl_ctx)); - if (!ssl) { - return false; - } - - if (!SetTestConfig(ssl.get(), config) || - !SetTestState(ssl.get(), std::unique_ptr(new TestState))) { - return false; - } - - if (config->fallback_scsv && - !SSL_set_mode(ssl.get(), SSL_MODE_SEND_FALLBACK_SCSV)) { - return false; - } - // Install the certificate synchronously if nothing else will handle it. - if (!config->use_old_client_cert_callback && - !config->async && - !InstallCertificate(ssl.get())) { - return false; - } - SSL_set_cert_cb(ssl.get(), CertCallback, nullptr); - if (config->require_any_client_certificate) { - SSL_set_verify(ssl.get(), SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - NULL); - } - if (config->verify_peer) { - SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, NULL); - } - if (config->partial_write) { - SSL_set_mode(ssl.get(), SSL_MODE_ENABLE_PARTIAL_WRITE); - } - if (config->no_tls13) { - SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_3); - } - if (config->no_tls12) { - SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_2); - } - if (config->no_tls11) { - SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1_1); - } - if (config->no_tls1) { - SSL_set_options(ssl.get(), SSL_OP_NO_TLSv1); - } - if (config->no_ssl3) { - SSL_set_options(ssl.get(), SSL_OP_NO_SSLv3); - } - if (!config->host_name.empty() && - !SSL_set_tlsext_host_name(ssl.get(), config->host_name.c_str())) { - return false; - } - if (!config->advertise_alpn.empty() && - SSL_set_alpn_protos(ssl.get(), - (const uint8_t *)config->advertise_alpn.data(), - config->advertise_alpn.size()) != 0) { - return false; - } - if (!config->psk.empty()) { - SSL_set_psk_client_callback(ssl.get(), PskClientCallback); - SSL_set_psk_server_callback(ssl.get(), PskServerCallback); - } - if (!config->psk_identity.empty() && - !SSL_use_psk_identity_hint(ssl.get(), config->psk_identity.c_str())) { - return false; - } - if (!config->srtp_profiles.empty() && - SSL_set_tlsext_use_srtp(ssl.get(), config->srtp_profiles.c_str())) { - return false; - } - if (config->min_version != 0 && - !SSL_set_min_proto_version(ssl.get(), (uint16_t)config->min_version)) { - return false; - } - if (config->max_version != 0 && - !SSL_set_max_proto_version(ssl.get(), (uint16_t)config->max_version)) { - return false; - } - if (config->mtu != 0) { - SSL_set_options(ssl.get(), SSL_OP_NO_QUERY_MTU); - SSL_set_mtu(ssl.get(), config->mtu); - } - if (config->renegotiate_freely) { - // This is always on for OpenSSL. - } - if (!config->check_close_notify) { - SSL_set_quiet_shutdown(ssl.get(), 1); - } - if (config->p384_only) { - int nid = NID_secp384r1; - if (!SSL_set1_curves(ssl.get(), &nid, 1)) { - return false; - } - } - if (config->enable_all_curves) { - static const int kAllCurves[] = { - NID_X25519, NID_X9_62_prime256v1, NID_X448, NID_secp521r1, NID_secp384r1 - }; - if (!SSL_set1_curves(ssl.get(), kAllCurves, - OPENSSL_ARRAY_SIZE(kAllCurves))) { - return false; - } - } - if (config->max_cert_list > 0) { - SSL_set_max_cert_list(ssl.get(), config->max_cert_list); - } - - if (!config->async) { - SSL_set_mode(ssl.get(), SSL_MODE_AUTO_RETRY); - } - - int sock = Connect(config->port); - if (sock == -1) { - return false; - } - SocketCloser closer(sock); - - bssl::UniquePtr bio(BIO_new_socket(sock, BIO_NOCLOSE)); - if (!bio) { - return false; - } - if (config->is_dtls) { - bssl::UniquePtr packeted = PacketedBioCreate(!config->async); - if (!packeted) { - return false; - } - GetTestState(ssl.get())->packeted_bio = packeted.get(); - BIO_push(packeted.get(), bio.release()); - bio = std::move(packeted); - } - if (config->async) { - bssl::UniquePtr async_scoped = - config->is_dtls ? AsyncBioCreateDatagram() : AsyncBioCreate(); - if (!async_scoped) { - return false; - } - BIO_push(async_scoped.get(), bio.release()); - GetTestState(ssl.get())->async_bio = async_scoped.get(); - bio = std::move(async_scoped); - } - SSL_set_bio(ssl.get(), bio.get(), bio.get()); - bio.release(); // SSL_set_bio takes ownership. - - if (session != NULL) { - if (!config->is_server) { - if (SSL_set_session(ssl.get(), session) != 1) { - return false; - } - } - } - -#if 0 - // KNOWN BUG: OpenSSL's SSL_get_current_cipher behaves incorrectly when - // offering resumption. - if (SSL_get_current_cipher(ssl.get()) != nullptr) { - fprintf(stderr, "non-null cipher before handshake\n"); - return false; - } -#endif - - int ret; - if (config->implicit_handshake) { - if (config->is_server) { - SSL_set_accept_state(ssl.get()); - } else { - SSL_set_connect_state(ssl.get()); - } - } else { - do { - if (config->is_server) { - ret = SSL_accept(ssl.get()); - } else { - ret = SSL_connect(ssl.get()); - } - } while (config->async && RetryAsync(ssl.get(), ret)); - if (ret != 1 || - !CheckHandshakeProperties(ssl.get(), is_resume)) { - fprintf(stderr, "resumption check failed\n"); - return false; - } - - // Reset the state to assert later that the callback isn't called in - // renegotiations. - GetTestState(ssl.get())->got_new_session = false; - } - - if (config->export_keying_material > 0) { - std::vector result( - static_cast(config->export_keying_material)); - if (SSL_export_keying_material( - ssl.get(), result.data(), result.size(), - config->export_label.data(), config->export_label.size(), - reinterpret_cast(config->export_context.data()), - config->export_context.size(), config->use_export_context) != 1) { - fprintf(stderr, "failed to export keying material\n"); - return false; - } - if (WriteAll(ssl.get(), result.data(), result.size()) < 0) { - fprintf(stderr, "writing exported key material failed\n"); - return false; - } - } - - if (config->write_different_record_sizes) { - if (config->is_dtls) { - fprintf(stderr, "write_different_record_sizes not supported for DTLS\n"); - return false; - } - // This mode writes a number of different record sizes in an attempt to - // trip up the CBC record splitting code. - static const size_t kBufLen = 32769; - std::unique_ptr buf(new uint8_t[kBufLen]); - memset(buf.get(), 0x42, kBufLen); - static const size_t kRecordSizes[] = { - 0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769}; - for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) { - const size_t len = kRecordSizes[i]; - if (len > kBufLen) { - fprintf(stderr, "Bad kRecordSizes value.\n"); - return false; - } - if (WriteAll(ssl.get(), buf.get(), len) < 0) { - return false; - } - } - } else { - if (config->shim_writes_first) { - if (WriteAll(ssl.get(), reinterpret_cast("hello"), - 5) < 0) { - fprintf(stderr, "shim_writes_first write failed\n"); - return false; - } - } - if (!config->shim_shuts_down) { - for (;;) { - static const size_t kBufLen = 16384; - std::unique_ptr buf(new uint8_t[kBufLen]); - - // Read only 512 bytes at a time in TLS to ensure records may be - // returned in multiple reads. - int n = DoRead(ssl.get(), buf.get(), config->is_dtls ? kBufLen : 512); - int err = SSL_get_error(ssl.get(), n); - if (err == SSL_ERROR_ZERO_RETURN || - (n == 0 && err == SSL_ERROR_SYSCALL)) { - if (n != 0) { - fprintf(stderr, "Invalid SSL_get_error output\n"); - return false; - } - // Stop on either clean or unclean shutdown. - break; - } else if (err != SSL_ERROR_NONE) { - if (n > 0) { - fprintf(stderr, "Invalid SSL_get_error output\n"); - return false; - } - fprintf(stderr, "Unexpected entry in error queue\n"); - return false; - } - // Successfully read data. - if (n <= 0) { - fprintf(stderr, "Invalid SSL_get_error output\n"); - return false; - } - - // After a successful read, with or without False Start, the handshake - // must be complete. - if (!GetTestState(ssl.get())->handshake_done) { - fprintf(stderr, "handshake was not completed after SSL_read\n"); - return false; - } - - for (int i = 0; i < n; i++) { - buf[i] ^= 0xff; - } - if (WriteAll(ssl.get(), buf.get(), n) < 0) { - fprintf(stderr, "write of inverted bitstream failed\n"); - return false; - } - } - } - } - - if (!config->is_server && - !config->implicit_handshake && - // Session tickets are sent post-handshake in TLS 1.3. - GetProtocolVersion(ssl.get()) < TLS1_3_VERSION && - GetTestState(ssl.get())->got_new_session) { - fprintf(stderr, "new session was established after the handshake\n"); - return false; - } - - if (GetProtocolVersion(ssl.get()) >= TLS1_3_VERSION && !config->is_server) { - bool expect_new_session = - !config->expect_no_session && !config->shim_shuts_down; - if (expect_new_session != GetTestState(ssl.get())->got_new_session) { - fprintf(stderr, - "new session was%s cached, but we expected the opposite\n", - GetTestState(ssl.get())->got_new_session ? "" : " not"); - return false; - } - } - - if (out_session) { - *out_session = std::move(GetTestState(ssl.get())->new_session); - } - - ret = DoShutdown(ssl.get()); - - if (config->shim_shuts_down && config->check_close_notify) { - // We initiate shutdown, so |SSL_shutdown| will return in two stages. First - // it returns zero when our close_notify is sent, then one when the peer's - // is received. - if (ret != 0) { - fprintf(stderr, "Unexpected SSL_shutdown result: %d != 0\n", ret); - return false; - } - ret = DoShutdown(ssl.get()); - } - - if (ret != 1) { - fprintf(stderr, "Unexpected SSL_shutdown result: %d != 1\n", ret); - return false; - } - - if (SSL_total_renegotiations(ssl.get()) != - config->expect_total_renegotiations) { - fprintf(stderr, "Expected %d renegotiations, got %ld\n", - config->expect_total_renegotiations, - SSL_total_renegotiations(ssl.get())); - return false; - } - - return true; -} - -class StderrDelimiter { - public: - ~StderrDelimiter() { fprintf(stderr, "--- DONE ---\n"); } -}; - -static int Main(int argc, char **argv) { - // To distinguish ASan's output from ours, add a trailing message to stderr. - // Anything following this line will be considered an error. - StderrDelimiter delimiter; - -#if defined(OPENSSL_SYS_WINDOWS) - /* Initialize Winsock. */ - WORD wsa_version = MAKEWORD(2, 2); - WSADATA wsa_data; - int wsa_err = WSAStartup(wsa_version, &wsa_data); - if (wsa_err != 0) { - fprintf(stderr, "WSAStartup failed: %d\n", wsa_err); - return 1; - } - if (wsa_data.wVersion != wsa_version) { - fprintf(stderr, "Didn't get expected version: %x\n", wsa_data.wVersion); - return 1; - } -#else - signal(SIGPIPE, SIG_IGN); -#endif - - OPENSSL_init_crypto(0, NULL); - OPENSSL_init_ssl(0, NULL); - g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); - g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); - if (g_config_index < 0 || g_state_index < 0) { - return 1; - } - - TestConfig config; - if (!ParseConfig(argc - 1, argv + 1, &config)) { - return Usage(argv[0]); - } - - bssl::UniquePtr ssl_ctx = SetupCtx(&config); - if (!ssl_ctx) { - ERR_print_errors_fp(stderr); - return 1; - } - - bssl::UniquePtr session; - for (int i = 0; i < config.resume_count + 1; i++) { - bool is_resume = i > 0; - if (is_resume && !config.is_server && !session) { - fprintf(stderr, "No session to offer.\n"); - return 1; - } - - bssl::UniquePtr offer_session = std::move(session); - if (!DoExchange(&session, ssl_ctx.get(), &config, is_resume, - offer_session.get())) { - fprintf(stderr, "Connection %d failed.\n", i + 1); - ERR_print_errors_fp(stderr); - return 1; - } - } - - return 0; -} - -} // namespace bssl - -int main(int argc, char **argv) { - return bssl::Main(argc, argv); -} diff --git a/test/ossl_shim/packeted_bio.cc b/test/ossl_shim/packeted_bio.cc deleted file mode 100644 index b5286d3e7c..0000000000 --- a/test/ossl_shim/packeted_bio.cc +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "packeted_bio.h" - -#include -#include -#include -#include - -#include - - -namespace { - -const uint8_t kOpcodePacket = 'P'; -const uint8_t kOpcodeTimeout = 'T'; -const uint8_t kOpcodeTimeoutAck = 't'; - -struct PacketedBio { - explicit PacketedBio(bool advance_clock_arg) - : advance_clock(advance_clock_arg) { - memset(&timeout, 0, sizeof(timeout)); - memset(&clock, 0, sizeof(clock)); - memset(&read_deadline, 0, sizeof(read_deadline)); - } - - bool HasTimeout() const { - return timeout.tv_sec != 0 || timeout.tv_usec != 0; - } - - bool CanRead() const { - if (read_deadline.tv_sec == 0 && read_deadline.tv_usec == 0) { - return true; - } - - if (clock.tv_sec == read_deadline.tv_sec) { - return clock.tv_usec < read_deadline.tv_usec; - } - return clock.tv_sec < read_deadline.tv_sec; - } - - timeval timeout; - timeval clock; - timeval read_deadline; - bool advance_clock; -}; - -PacketedBio *GetData(BIO *bio) { - return (PacketedBio *)BIO_get_data(bio); -} - -const PacketedBio *GetData(const BIO *bio) { - return GetData(const_cast(bio)); -} - -// ReadAll reads |len| bytes from |bio| into |out|. It returns 1 on success and -// 0 or -1 on error. -static int ReadAll(BIO *bio, uint8_t *out, size_t len) { - while (len > 0) { - int chunk_len = INT_MAX; - if (len <= INT_MAX) { - chunk_len = (int)len; - } - int ret = BIO_read(bio, out, chunk_len); - if (ret <= 0) { - return ret; - } - out += ret; - len -= ret; - } - return 1; -} - -static int PacketedWrite(BIO *bio, const char *in, int inl) { - if (BIO_next(bio) == NULL) { - return 0; - } - - BIO_clear_retry_flags(bio); - - // Write the header. - uint8_t header[5]; - header[0] = kOpcodePacket; - header[1] = (inl >> 24) & 0xff; - header[2] = (inl >> 16) & 0xff; - header[3] = (inl >> 8) & 0xff; - header[4] = inl & 0xff; - int ret = BIO_write(BIO_next(bio), header, sizeof(header)); - if (ret <= 0) { - BIO_copy_next_retry(bio); - return ret; - } - - // Write the buffer. - ret = BIO_write(BIO_next(bio), in, inl); - if (ret < 0 || (inl > 0 && ret == 0)) { - BIO_copy_next_retry(bio); - return ret; - } - assert(ret == inl); - return ret; -} - -static int PacketedRead(BIO *bio, char *out, int outl) { - PacketedBio *data = GetData(bio); - if (BIO_next(bio) == NULL) { - return 0; - } - - BIO_clear_retry_flags(bio); - - for (;;) { - // Check if the read deadline has passed. - if (!data->CanRead()) { - BIO_set_retry_read(bio); - return -1; - } - - // Read the opcode. - uint8_t opcode; - int ret = ReadAll(BIO_next(bio), &opcode, sizeof(opcode)); - if (ret <= 0) { - BIO_copy_next_retry(bio); - return ret; - } - - if (opcode == kOpcodeTimeout) { - // The caller is required to advance any pending timeouts before - // continuing. - if (data->HasTimeout()) { - fprintf(stderr, "Unprocessed timeout!\n"); - return -1; - } - - // Process the timeout. - uint8_t buf[8]; - ret = ReadAll(BIO_next(bio), buf, sizeof(buf)); - if (ret <= 0) { - BIO_copy_next_retry(bio); - return ret; - } - uint64_t timeout = (static_cast(buf[0]) << 56) | - (static_cast(buf[1]) << 48) | - (static_cast(buf[2]) << 40) | - (static_cast(buf[3]) << 32) | - (static_cast(buf[4]) << 24) | - (static_cast(buf[5]) << 16) | - (static_cast(buf[6]) << 8) | - static_cast(buf[7]); - timeout /= 1000; // Convert nanoseconds to microseconds. - - data->timeout.tv_usec = timeout % 1000000; - data->timeout.tv_sec = timeout / 1000000; - - // Send an ACK to the peer. - ret = BIO_write(BIO_next(bio), &kOpcodeTimeoutAck, 1); - if (ret <= 0) { - return ret; - } - assert(ret == 1); - - if (!data->advance_clock) { - // Signal to the caller to retry the read, after advancing the clock. - BIO_set_retry_read(bio); - return -1; - } - - PacketedBioAdvanceClock(bio); - continue; - } - - if (opcode != kOpcodePacket) { - fprintf(stderr, "Unknown opcode, %u\n", opcode); - return -1; - } - - // Read the length prefix. - uint8_t len_bytes[4]; - ret = ReadAll(BIO_next(bio), len_bytes, sizeof(len_bytes)); - if (ret <= 0) { - BIO_copy_next_retry(bio); - return ret; - } - - uint32_t len = (len_bytes[0] << 24) | (len_bytes[1] << 16) | - (len_bytes[2] << 8) | len_bytes[3]; - uint8_t *buf = (uint8_t *)OPENSSL_malloc(len); - if (buf == NULL) { - return -1; - } - ret = ReadAll(BIO_next(bio), buf, len); - if (ret <= 0) { - fprintf(stderr, "Packeted BIO was truncated\n"); - return -1; - } - - if (outl > (int)len) { - outl = len; - } - memcpy(out, buf, outl); - OPENSSL_free(buf); - return outl; - } -} - -static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) { - if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) { - memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval)); - return 1; - } - - if (BIO_next(bio) == NULL) { - return 0; - } - BIO_clear_retry_flags(bio); - int ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); - BIO_copy_next_retry(bio); - return ret; -} - -static int PacketedNew(BIO *bio) { - BIO_set_init(bio, 1); - return 1; -} - -static int PacketedFree(BIO *bio) { - if (bio == NULL) { - return 0; - } - - delete GetData(bio); - BIO_set_init(bio, 0); - return 1; -} - -static long PacketedCallbackCtrl(BIO *bio, int cmd, BIO_info_cb fp) -{ - if (BIO_next(bio) == NULL) - return 0; - return BIO_callback_ctrl(BIO_next(bio), cmd, fp); -} - -static BIO_METHOD *g_packeted_bio_method = NULL; - -static const BIO_METHOD *PacketedMethod(void) -{ - if (g_packeted_bio_method == NULL) { - g_packeted_bio_method = BIO_meth_new(BIO_TYPE_FILTER, "packeted bio"); - if ( g_packeted_bio_method == NULL - || !BIO_meth_set_write(g_packeted_bio_method, PacketedWrite) - || !BIO_meth_set_read(g_packeted_bio_method, PacketedRead) - || !BIO_meth_set_ctrl(g_packeted_bio_method, PacketedCtrl) - || !BIO_meth_set_create(g_packeted_bio_method, PacketedNew) - || !BIO_meth_set_destroy(g_packeted_bio_method, PacketedFree) - || !BIO_meth_set_callback_ctrl(g_packeted_bio_method, - PacketedCallbackCtrl)) - return NULL; - } - return g_packeted_bio_method; -} -} // namespace - -bssl::UniquePtr PacketedBioCreate(bool advance_clock) { - bssl::UniquePtr bio(BIO_new(PacketedMethod())); - if (!bio) { - return nullptr; - } - BIO_set_data(bio.get(), new PacketedBio(advance_clock)); - return bio; -} - -timeval PacketedBioGetClock(const BIO *bio) { - return GetData(bio)->clock; -} - -bool PacketedBioAdvanceClock(BIO *bio) { - PacketedBio *data = GetData(bio); - if (data == nullptr) { - return false; - } - - if (!data->HasTimeout()) { - return false; - } - - data->clock.tv_usec += data->timeout.tv_usec; - data->clock.tv_sec += data->clock.tv_usec / 1000000; - data->clock.tv_usec %= 1000000; - data->clock.tv_sec += data->timeout.tv_sec; - memset(&data->timeout, 0, sizeof(data->timeout)); - return true; -} diff --git a/test/ossl_shim/packeted_bio.h b/test/ossl_shim/packeted_bio.h deleted file mode 100644 index 27678bd7e6..0000000000 --- a/test/ossl_shim/packeted_bio.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_TEST_SHIM_PACKETED_BIO_H -#define OSSL_TEST_SHIM_PACKETED_BIO_H - -#include -#include - -// PacketedBioCreate creates a filter BIO which implements a reliable in-order -// blocking datagram socket. It internally maintains a clock and honors -// |BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT| based on it. -// -// During a |BIO_read|, the peer may signal the filter BIO to simulate a -// timeout. If |advance_clock| is true, it automatically advances the clock and -// continues reading, subject to the read deadline. Otherwise, it fails -// immediately. The caller must then call |PacketedBioAdvanceClock| before -// retrying |BIO_read|. -bssl::UniquePtr PacketedBioCreate(bool advance_clock); - -// PacketedBioGetClock returns the current time for |bio|. -timeval PacketedBioGetClock(const BIO *bio); - -// PacketedBioAdvanceClock advances |bio|'s internal clock and returns true if -// there is a pending timeout. Otherwise, it returns false. -bool PacketedBioAdvanceClock(BIO *bio); - - -#endif // OSSL_TEST_SHIM_PACKETED_BIO_H diff --git a/test/ossl_shim/test_config.cc b/test/ossl_shim/test_config.cc deleted file mode 100644 index a37d010d7a..0000000000 --- a/test/ossl_shim/test_config.cc +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "test_config.h" - -#include -#include -#include - -#include - -#include - -namespace { - -template -struct Flag { - const char *flag; - T TestConfig::*member; -}; - -// FindField looks for the flag in |flags| that matches |flag|. If one is found, -// it returns a pointer to the corresponding field in |config|. Otherwise, it -// returns NULL. -template -T *FindField(TestConfig *config, const Flag (&flags)[N], const char *flag) { - for (size_t i = 0; i < N; i++) { - if (strcmp(flag, flags[i].flag) == 0) { - return &(config->*(flags[i].member)); - } - } - return NULL; -} - -const Flag kBoolFlags[] = { - { "-server", &TestConfig::is_server }, - { "-dtls", &TestConfig::is_dtls }, - { "-fallback-scsv", &TestConfig::fallback_scsv }, - { "-require-any-client-certificate", - &TestConfig::require_any_client_certificate }, - { "-async", &TestConfig::async }, - { "-write-different-record-sizes", - &TestConfig::write_different_record_sizes }, - { "-partial-write", &TestConfig::partial_write }, - { "-no-tls13", &TestConfig::no_tls13 }, - { "-no-tls12", &TestConfig::no_tls12 }, - { "-no-tls11", &TestConfig::no_tls11 }, - { "-no-tls1", &TestConfig::no_tls1 }, - { "-no-ssl3", &TestConfig::no_ssl3 }, - { "-shim-writes-first", &TestConfig::shim_writes_first }, - { "-expect-session-miss", &TestConfig::expect_session_miss }, - { "-decline-alpn", &TestConfig::decline_alpn }, - { "-expect-extended-master-secret", - &TestConfig::expect_extended_master_secret }, - { "-implicit-handshake", &TestConfig::implicit_handshake }, - { "-handshake-never-done", &TestConfig::handshake_never_done }, - { "-use-export-context", &TestConfig::use_export_context }, - { "-expect-ticket-renewal", &TestConfig::expect_ticket_renewal }, - { "-expect-no-session", &TestConfig::expect_no_session }, - { "-use-ticket-callback", &TestConfig::use_ticket_callback }, - { "-renew-ticket", &TestConfig::renew_ticket }, - { "-enable-client-custom-extension", - &TestConfig::enable_client_custom_extension }, - { "-enable-server-custom-extension", - &TestConfig::enable_server_custom_extension }, - { "-custom-extension-skip", &TestConfig::custom_extension_skip }, - { "-custom-extension-fail-add", &TestConfig::custom_extension_fail_add }, - { "-check-close-notify", &TestConfig::check_close_notify }, - { "-shim-shuts-down", &TestConfig::shim_shuts_down }, - { "-verify-fail", &TestConfig::verify_fail }, - { "-verify-peer", &TestConfig::verify_peer }, - { "-expect-verify-result", &TestConfig::expect_verify_result }, - { "-renegotiate-freely", &TestConfig::renegotiate_freely }, - { "-p384-only", &TestConfig::p384_only }, - { "-enable-all-curves", &TestConfig::enable_all_curves }, - { "-use-sparse-dh-prime", &TestConfig::use_sparse_dh_prime }, - { "-use-old-client-cert-callback", - &TestConfig::use_old_client_cert_callback }, - { "-use-null-client-ca-list", &TestConfig::use_null_client_ca_list }, - { "-peek-then-read", &TestConfig::peek_then_read }, -}; - -const Flag kStringFlags[] = { - { "-key-file", &TestConfig::key_file }, - { "-cert-file", &TestConfig::cert_file }, - { "-expect-server-name", &TestConfig::expected_server_name }, - { "-advertise-npn", &TestConfig::advertise_npn }, - { "-expect-next-proto", &TestConfig::expected_next_proto }, - { "-select-next-proto", &TestConfig::select_next_proto }, - { "-host-name", &TestConfig::host_name }, - { "-advertise-alpn", &TestConfig::advertise_alpn }, - { "-expect-alpn", &TestConfig::expected_alpn }, - { "-expect-advertised-alpn", &TestConfig::expected_advertised_alpn }, - { "-select-alpn", &TestConfig::select_alpn }, - { "-psk", &TestConfig::psk }, - { "-psk-identity", &TestConfig::psk_identity }, - { "-srtp-profiles", &TestConfig::srtp_profiles }, - { "-cipher", &TestConfig::cipher }, - { "-export-label", &TestConfig::export_label }, - { "-export-context", &TestConfig::export_context }, -}; - -const Flag kBase64Flags[] = { - { "-expect-certificate-types", &TestConfig::expected_certificate_types }, -}; - -const Flag kIntFlags[] = { - { "-port", &TestConfig::port }, - { "-resume-count", &TestConfig::resume_count }, - { "-min-version", &TestConfig::min_version }, - { "-max-version", &TestConfig::max_version }, - { "-mtu", &TestConfig::mtu }, - { "-export-keying-material", &TestConfig::export_keying_material }, - { "-expect-total-renegotiations", &TestConfig::expect_total_renegotiations }, - { "-max-cert-list", &TestConfig::max_cert_list }, -}; - -} // namespace - -bool ParseConfig(int argc, char **argv, TestConfig *out_config) { - for (int i = 0; i < argc; i++) { - bool *bool_field = FindField(out_config, kBoolFlags, argv[i]); - if (bool_field != NULL) { - *bool_field = true; - continue; - } - - std::string *string_field = FindField(out_config, kStringFlags, argv[i]); - if (string_field != NULL) { - const char *val; - - i++; - if (i >= argc) { - fprintf(stderr, "Missing parameter\n"); - return false; - } - - /* - * Fix up the -cipher argument. runner uses "DEFAULT:NULL-SHA" to enable - * the NULL-SHA cipher. However in OpenSSL "DEFAULT" permanently switches - * off NULL ciphers, so we use "ALL:NULL-SHA" instead. - */ - if (strcmp(argv[i - 1], "-cipher") == 0 - && strcmp(argv[i], "DEFAULT:NULL-SHA") == 0) - val = "ALL:NULL-SHA"; - else - val = argv[i]; - - string_field->assign(val); - continue; - } - - std::string *base64_field = FindField(out_config, kBase64Flags, argv[i]); - if (base64_field != NULL) { - i++; - if (i >= argc) { - fprintf(stderr, "Missing parameter\n"); - return false; - } - std::unique_ptr decoded(new uint8_t[strlen(argv[i])]); - int len = EVP_DecodeBlock(decoded.get(), - reinterpret_cast(argv[i]), - strlen(argv[i])); - if (len < 0) { - fprintf(stderr, "Invalid base64: %s\n", argv[i]); - return false; - } - base64_field->assign(reinterpret_cast(decoded.get()), len); - continue; - } - - int *int_field = FindField(out_config, kIntFlags, argv[i]); - if (int_field) { - i++; - if (i >= argc) { - fprintf(stderr, "Missing parameter\n"); - return false; - } - *int_field = atoi(argv[i]); - continue; - } - - fprintf(stderr, "Unknown argument: %s\n", argv[i]); - exit(89); - return false; - } - - return true; -} diff --git a/test/ossl_shim/test_config.h b/test/ossl_shim/test_config.h deleted file mode 100644 index 6dc7319485..0000000000 --- a/test/ossl_shim/test_config.h +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_TEST_SHIM_TEST_CONFIG_H -#define OSSL_TEST_SHIM_TEST_CONFIG_H - -#include -#include - -#include - - -struct TestConfig { - int port = 0; - bool is_server = false; - bool is_dtls = false; - int resume_count = 0; - bool fallback_scsv = false; - std::string key_file; - std::string cert_file; - std::string expected_server_name; - std::string expected_certificate_types; - bool require_any_client_certificate = false; - std::string advertise_npn; - std::string expected_next_proto; - std::string select_next_proto; - bool async = false; - bool write_different_record_sizes = false; - bool partial_write = false; - bool no_tls13 = false; - bool no_tls12 = false; - bool no_tls11 = false; - bool no_tls1 = false; - bool no_ssl3 = false; - bool shim_writes_first = false; - std::string host_name; - std::string advertise_alpn; - std::string expected_alpn; - std::string expected_advertised_alpn; - std::string select_alpn; - bool decline_alpn = false; - bool expect_session_miss = false; - bool expect_extended_master_secret = false; - std::string psk; - std::string psk_identity; - std::string srtp_profiles; - int min_version = 0; - int max_version = 0; - int mtu = 0; - bool implicit_handshake = false; - std::string cipher; - bool handshake_never_done = false; - int export_keying_material = 0; - std::string export_label; - std::string export_context; - bool use_export_context = false; - bool expect_ticket_renewal = false; - bool expect_no_session = false; - bool use_ticket_callback = false; - bool renew_ticket = false; - bool enable_client_custom_extension = false; - bool enable_server_custom_extension = false; - bool custom_extension_skip = false; - bool custom_extension_fail_add = false; - bool check_close_notify = false; - bool shim_shuts_down = false; - bool verify_fail = false; - bool verify_peer = false; - bool expect_verify_result = false; - int expect_total_renegotiations = 0; - bool renegotiate_freely = false; - bool p384_only = false; - bool enable_all_curves = false; - bool use_sparse_dh_prime = false; - bool use_old_client_cert_callback = false; - bool use_null_client_ca_list = false; - bool peek_then_read = false; - int max_cert_list = 0; -}; - -bool ParseConfig(int argc, char **argv, TestConfig *out_config); - - -#endif // OSSL_TEST_SHIM_TEST_CONFIG_H diff --git a/test/recipes/95-test_external_boringssl.t b/test/recipes/95-test_external_boringssl.t deleted file mode 100644 index ea607935aa..0000000000 --- a/test/recipes/95-test_external_boringssl.t +++ /dev/null @@ -1,30 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use OpenSSL::Test; -use OpenSSL::Test::Utils; -use OpenSSL::Test qw/:DEFAULT bldtop_file srctop_file cmdstr/; - -setup("test_external_boringssl"); - -plan skip_all => "No external tests in this configuration" - if disabled("external-tests"); -plan skip_all => "BoringSSL runner not detected" - if !$ENV{BORING_RUNNER_DIR}; - -plan tests => 1; - -indir $ENV{BORING_RUNNER_DIR} => sub { - ok(run(cmd(["go", "test", "-shim-path", - bldtop_file("test", "ossl_shim", "ossl_shim"), - "-shim-config", - srctop_file("test", "ossl_shim", "ossl_config.json"), - "-pipe", "-allow-unimplemented"]), prefix => "go test: "), - "running BoringSSL tests"); -}, create => 0, cleanup => 0;