diff options
Diffstat (limited to 'src/ssl/test/bssl_shim.cc')
-rw-r--r-- | src/ssl/test/bssl_shim.cc | 131 |
1 files changed, 28 insertions, 103 deletions
diff --git a/src/ssl/test/bssl_shim.cc b/src/ssl/test/bssl_shim.cc index 3f4e9cf..edae67b 100644 --- a/src/ssl/test/bssl_shim.cc +++ b/src/ssl/test/bssl_shim.cc @@ -39,7 +39,6 @@ #include <openssl/buf.h> #include <openssl/bytestring.h> #include <openssl/cipher.h> -#include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/hmac.h> #include <openssl/rand.h> @@ -97,10 +96,10 @@ struct TestState { bool handshake_done = false; // private_key is the underlying private key used when testing custom keys. ScopedEVP_PKEY private_key; - std::vector<uint8_t> private_key_result; - // private_key_retries is the number of times an asynchronous private key - // operation has been retried. - unsigned private_key_retries = 0; + std::vector<uint8_t> signature; + // signature_retries is the number of times an asynchronous sign operation has + // been retried. + unsigned signature_retries = 0; bool got_new_session = false; }; @@ -153,7 +152,7 @@ static ssl_private_key_result_t AsyncPrivateKeySign( SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, const EVP_MD *md, const uint8_t *in, size_t in_len) { TestState *test_state = GetTestState(ssl); - if (!test_state->private_key_result.empty()) { + if (!test_state->signature.empty()) { fprintf(stderr, "AsyncPrivateKeySign called with operation pending.\n"); abort(); } @@ -171,103 +170,42 @@ static ssl_private_key_result_t AsyncPrivateKeySign( !EVP_PKEY_sign(ctx.get(), nullptr, &len, in, in_len)) { return ssl_private_key_failure; } - test_state->private_key_result.resize(len); - if (!EVP_PKEY_sign(ctx.get(), bssl::vector_data( - &test_state->private_key_result), &len, in, in_len)) { + test_state->signature.resize(len); + if (!EVP_PKEY_sign(ctx.get(), bssl::vector_data(&test_state->signature), &len, + in, in_len)) { return ssl_private_key_failure; } - test_state->private_key_result.resize(len); + test_state->signature.resize(len); - // The signature will be released asynchronously in - // |AsyncPrivateKeySignComplete|. + // The signature will be released asynchronously in |AsyncPrivateKeySignComplete|. return ssl_private_key_retry; } static ssl_private_key_result_t AsyncPrivateKeySignComplete( SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) { TestState *test_state = GetTestState(ssl); - if (test_state->private_key_result.empty()) { + if (test_state->signature.empty()) { fprintf(stderr, "AsyncPrivateKeySignComplete called without operation pending.\n"); abort(); } - if (test_state->private_key_retries < 2) { + if (test_state->signature_retries < 2) { // Only return the signature on the second attempt, to test both incomplete // |sign| and |sign_complete|. return ssl_private_key_retry; } - if (max_out < test_state->private_key_result.size()) { + if (max_out < test_state->signature.size()) { fprintf(stderr, "Output buffer too small.\n"); return ssl_private_key_failure; } - memcpy(out, bssl::vector_data(&test_state->private_key_result), - test_state->private_key_result.size()); - *out_len = test_state->private_key_result.size(); + memcpy(out, bssl::vector_data(&test_state->signature), + test_state->signature.size()); + *out_len = test_state->signature.size(); - test_state->private_key_result.clear(); - test_state->private_key_retries = 0; - return ssl_private_key_success; -} - -static ssl_private_key_result_t AsyncPrivateKeyDecrypt( - SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out, - const uint8_t *in, size_t in_len) { - TestState *test_state = GetTestState(ssl); - if (!test_state->private_key_result.empty()) { - fprintf(stderr, - "AsyncPrivateKeyDecrypt called with operation pending.\n"); - abort(); - } - - EVP_PKEY *pkey = test_state->private_key.get(); - if (pkey->type != EVP_PKEY_RSA || pkey->pkey.rsa == NULL) { - fprintf(stderr, - "AsyncPrivateKeyDecrypt called with incorrect key type.\n"); - abort(); - } - RSA *rsa = pkey->pkey.rsa; - test_state->private_key_result.resize(RSA_size(rsa)); - if (!RSA_decrypt(rsa, out_len, - bssl::vector_data(&test_state->private_key_result), - RSA_size(rsa), in, in_len, RSA_NO_PADDING)) { - return ssl_private_key_failure; - } - - test_state->private_key_result.resize(*out_len); - - // The decryption will be released asynchronously in - // |AsyncPrivateKeyDecryptComplete|. - return ssl_private_key_retry; -} - -static ssl_private_key_result_t AsyncPrivateKeyDecryptComplete( - SSL *ssl, uint8_t *out, size_t *out_len, size_t max_out) { - TestState *test_state = GetTestState(ssl); - if (test_state->private_key_result.empty()) { - fprintf(stderr, - "AsyncPrivateKeyDecryptComplete called without operation " - "pending.\n"); - abort(); - } - - if (test_state->private_key_retries < 2) { - // Only return the decryption on the second attempt, to test both incomplete - // |decrypt| and |decrypt_complete|. - return ssl_private_key_retry; - } - - if (max_out < test_state->private_key_result.size()) { - fprintf(stderr, "Output buffer too small.\n"); - return ssl_private_key_failure; - } - memcpy(out, bssl::vector_data(&test_state->private_key_result), - test_state->private_key_result.size()); - *out_len = test_state->private_key_result.size(); - - test_state->private_key_result.clear(); - test_state->private_key_retries = 0; + test_state->signature.clear(); + test_state->signature_retries = 0; return ssl_private_key_success; } @@ -276,8 +214,6 @@ static const SSL_PRIVATE_KEY_METHOD g_async_private_key_method = { AsyncPrivateKeyMaxSignatureLen, AsyncPrivateKeySign, AsyncPrivateKeySignComplete, - AsyncPrivateKeyDecrypt, - AsyncPrivateKeyDecryptComplete }; template<typename T> @@ -313,7 +249,7 @@ static bool InstallCertificate(SSL *ssl) { } if (!config->key_file.empty()) { - if (config->async) { + if (config->use_async_private_key) { test_state->private_key = LoadPrivateKey(config->key_file.c_str()); if (!test_state->private_key) { return false; @@ -742,7 +678,7 @@ static ScopedSSL_CTX SetupCtx(const TestConfig *config) { SSL_CTX_set_session_cache_mode(ssl_ctx.get(), SSL_SESS_CACHE_BOTH); } - SSL_CTX_set_select_certificate_cb(ssl_ctx.get(), SelectCertificateCallback); + ssl_ctx->select_certificate_cb = SelectCertificateCallback; SSL_CTX_set_next_protos_advertised_cb( ssl_ctx.get(), NextProtosAdvertisedCallback, NULL); @@ -852,7 +788,7 @@ static bool RetryAsync(SSL *ssl, int ret) { // The handshake will resume without a second call to the early callback. return InstallCertificate(ssl); case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION: - test_state->private_key_retries++; + test_state->signature_retries++; return true; default: return false; @@ -927,7 +863,7 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { (!SSL_session_reused(ssl) || config->expect_ticket_renewal); if (expect_new_session != GetTestState(ssl)->got_new_session) { fprintf(stderr, - "new session was%s cached, but we expected the opposite\n", + "new session was%s established, but we expected the opposite\n", GetTestState(ssl)->got_new_session ? "" : " not"); return false; } @@ -1178,18 +1114,13 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, if (config->install_ddos_callback) { SSL_CTX_set_dos_protection_cb(ssl_ctx, DDoSCallback); } - if (config->renegotiate_once) { - SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_once); - } - if (config->renegotiate_freely) { - SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely); + if (!config->reject_peer_renegotiations) { + /* Renegotiations are disabled by default. */ + SSL_set_reject_peer_renegotiations(ssl.get(), 0); } if (!config->check_close_notify) { SSL_set_quiet_shutdown(ssl.get(), 1); } - if (config->disable_npn) { - SSL_set_options(ssl.get(), SSL_OP_DISABLE_NPN); - } int sock = Connect(config->port); if (sock == -1) { @@ -1402,14 +1333,6 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx, return false; } - if (SSL_total_renegotiations(ssl.get()) != - config->expect_total_renegotiations) { - fprintf(stderr, "Expected %d renegotiations, got %d\n", - config->expect_total_renegotiations, - SSL_total_renegotiations(ssl.get())); - return false; - } - return true; } @@ -1431,7 +1354,9 @@ int main(int argc, char **argv) { signal(SIGPIPE, SIG_IGN); #endif - CRYPTO_library_init(); + if (!SSL_library_init()) { + return 1; + } g_config_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree); if (g_config_index < 0 || g_state_index < 0) { |