Convert dtls_mtu_test, dtlsv1listentest

  SOURCE[dtlsv1listentest]=dtlsv1listentest.c

  INCLUDE[dtlsv1listentest]=.. ../include

  DEPEND[dtlsv1listentest]=../libssl

  DEPEND[dtlsv1listentest]=../libssl libtestutil.a

  SOURCE[ct_test]=ct_test.c

  INCLUDE[ct_test]=../crypto/include ../include

    PROGRAMS_NO_INST=dtls_mtu_test

    SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c

    INCLUDE[dtls_mtu_test]=.. ../include

    DEPEND[dtls_mtu_test]=../libcrypto ../libssl

    DEPEND[dtls_mtu_test]=../libcrypto ../libssl libtestutil.a

  ENDIF

  IF[{- !$disabled{shared} -}]

#include <openssl/err.h>

#include "ssltestlib.h"

#include "testutil.h"

/* for SSL_READ_ETM() */

#include "../ssl/ssl_locl.h"

    memset(buf, 0x5a, sizeof(buf));

    if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1)

        goto out;

    if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl,

                                      NULL, NULL)))

        goto end;

    if (no_etm)

        SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC);

    if (SSL_set_cipher_list(srvr_ssl, cs) != 1 ||

        SSL_set_cipher_list(clnt_ssl, cs) != 1) {

        ERR_print_errors_fp(stdout);

        goto out;

    }

    sc_bio = SSL_get_rbio(srvr_ssl);

    if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1)

        goto out;

    if (!TEST_true(SSL_set_cipher_list(srvr_ssl, cs))

            || !TEST_true(SSL_set_cipher_list(clnt_ssl, cs))

            || !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl))

            || !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl,

                                                SSL_ERROR_NONE)))

        goto end;

    if (debug)

        printf("Channel established\n");

        SSL_set_mtu(clnt_ssl, 500 + i);

        mtus[i] = DTLS_get_data_mtu(clnt_ssl);

        if (debug)

            printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n",

                   cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]);

        if (mtus[i] == 0) {

            fprintf(stderr,

                    "payload MTU failed with record MTU %d for %s\n",

                    500 + i, cs);

            goto out;

            TEST_info("%s%s MTU for record mtu %d = %lu",

                      cs, no_etm ? "-noEtM" : "",

                      500 + i, (unsigned long)mtus[i]);

        if (!TEST_size_t_ne(mtus[i], 0)) {

            TEST_info("Cipher %s MTU %d", cs, 500 + i);

            goto end;

        }

    }

    /* Now get out of the way */

    SSL_set_mtu(clnt_ssl, 1000);

    /* Now for all values in the range of payload MTUs, send

     * a payload of that size and see what actual record size

     * we end up with. */

    /*

     * Now for all values in the range of payload MTUs, send a payload of

     * that size and see what actual record size we end up with.

     */

    for (s = mtus[0]; s <= mtus[29]; s++) {

        size_t reclen;

        if (SSL_write(clnt_ssl, buf, s) != (int)s) {

            ERR_print_errors_fp(stdout);

            goto out;

        }

        if (!TEST_int_eq(SSL_write(clnt_ssl, buf, s), (int)s))

            goto end;

        reclen = BIO_read(sc_bio, buf, sizeof(buf));

        if (debug)

            printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s);

        for (i = 0; i < 30; i++) {

            /* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */

            if (s <= mtus[i] && reclen > (size_t)(500 + i)) {

                /* We sent a packet smaller than or equal to mtus[j] and

                 * that made a record *larger* than the record MTU 500+j! */

                fprintf(stderr,

                        "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n"

                        "but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n",

                        cs, mtus[i], 500 + i, s, reclen);

                goto out;

            if (!TEST_false(s <= mtus[i] && reclen > (size_t)(500 + i))) {

                /*

                 * We sent a packet smaller than or equal to mtus[j] and

                 * that made a record *larger* than the record MTU 500+j!

                 */

                TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d",

                           cs, (unsigned long)s, (unsigned long)mtus[i],

                           (unsigned long)reclen, 500 + i);

                goto end;

            }

            if (s > mtus[i] && reclen <= (size_t)(500 + i)) {

                /* We sent a *larger* packet than mtus[i] and that *still*

            if (!TEST_false(s > mtus[i] && reclen <= (size_t)(500 + i))) {

                /*

                 * We sent a *larger* packet than mtus[i] and that *still*

                 * fits within the record MTU 500+i, so DTLS_get_data_mtu()

                 * was overly pessimistic. */

                fprintf(stderr,

                        "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n"

                        "but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n",

                        cs, mtus[i], 500 + i, s, reclen);

                goto out;

                 * was overly pessimistic.

                 */

                TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d",

                           cs, (unsigned long)s, (unsigned long)mtus[i],

                           (unsigned long)reclen, 500 + i);

                goto end;

            }

        }

    }

    rv = 1;

    if (SSL_READ_ETM(clnt_ssl))

        rv = 2;

 out:

 end:

    SSL_free(clnt_ssl);

    SSL_free(srvr_ssl);

    return rv;

}

int main(void)

static int run_mtu_tests(void)

{

    SSL_CTX *ctx = SSL_CTX_new(DTLS_method());

    SSL_CTX *ctx = NULL;

    STACK_OF(SSL_CIPHER) *ciphers;

    int i, rv = 0;

    int i, ret = 0;

    if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method())))

        goto end;

    SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback);

    SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback);

    SSL_CTX_set_security_level(ctx, 0);

    /* We only care about iterating over each enc/mac; we don't

     * want to repeat the test for each auth/kx variant.

     * So keep life simple and only do (non-DH) PSK. */

    if (!SSL_CTX_set_cipher_list(ctx, "PSK")) {

        fprintf(stderr, "Failed to set PSK cipher list\n");

        goto out;

    }

    /*

     * We only care about iterating over each enc/mac; we don't want to

     * repeat the test for each auth/kx variant. So keep life simple and

     * only do (non-DH) PSK.

     */

    if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "PSK")))

        goto end;

    ciphers = SSL_CTX_get_ciphers(ctx);

    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {

        const char *cipher_name = SSL_CIPHER_get_name(cipher);

        /* As noted above, only one test for each enc/mac variant. */

        if (strncmp(cipher_name, "PSK-", 4))

        if (strncmp(cipher_name, "PSK-", 4) != 0)

            continue;

        rv = mtu_test(ctx, cipher_name, 0);

        if (!rv)

        if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0))

            break;

        printf("DTLS MTU test OK for %s\n", cipher_name);

        if (rv == 1)

        TEST_info("%s OK", cipher_name);

        if (ret == 1)

            continue;

        /* mtu_test() returns 2 if it used Encrypt-then-MAC */

        rv = mtu_test(ctx, cipher_name, 1);

        if (!rv)

        if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 1), 0))

            break;

        printf("DTLS MTU test OK for %s without Encrypt-then-MAC\n", cipher_name);

        TEST_info("%s without EtM OK", cipher_name);

    }

 out:

 end:

    SSL_CTX_free(ctx);

    bio_s_mempacket_test_free();

    return ret;

}

    return !rv;

void register_tests()

{

    ADD_TEST(run_mtu_tests);

}

/*

 * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

 * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.

 *

 * Licensed under the OpenSSL license (the "License").  You may not use

 * this file except in compliance with the License.  You can obtain a copy

#include <openssl/bio.h>

#include <openssl/err.h>

#include <openssl/conf.h>

#ifndef OPENSSL_NO_ENGINE

# include <openssl/engine.h>

#endif

#include "e_os.h"

#include "testutil.h"

#ifndef OPENSSL_NO_SOCK

    0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */

};

static struct {

typedef struct {

    const unsigned char *in;

    unsigned int inlen;

    /*

     * DROP == 0 return value, no output

     */

    enum {GOOD, VERIFY, DROP} outtype;

} testpackets[9] = {

    {

        clienthello_nocookie,

        sizeof(clienthello_nocookie),

        VERIFY

    },

    {

        clienthello_nocookie_frag,

        sizeof(clienthello_nocookie_frag),

        VERIFY

    },

    {

        clienthello_nocookie_short,

        sizeof(clienthello_nocookie_short),

        DROP

    },

    {

        clienthello_2ndfrag,

        sizeof(clienthello_2ndfrag),

        DROP

    },

    {

        clienthello_cookie,

        sizeof(clienthello_cookie),

        GOOD

    },

    {

        clienthello_cookie_frag,

        sizeof(clienthello_cookie_frag),

        GOOD

    },

    {

        clienthello_badcookie,

        sizeof(clienthello_badcookie),

        VERIFY

    },

    {

        clienthello_cookie_short,

        sizeof(clienthello_cookie_short),

        DROP

    },

    {

        record_short,

        sizeof(record_short),

        DROP

    }

} tests;

static tests testpackets[9] = {

    { clienthello_nocookie, sizeof(clienthello_nocookie), VERIFY },

    { clienthello_nocookie_frag, sizeof(clienthello_nocookie_frag), VERIFY },

    { clienthello_nocookie_short, sizeof(clienthello_nocookie_short), DROP },

    { clienthello_2ndfrag, sizeof(clienthello_2ndfrag), DROP },

    { clienthello_cookie, sizeof(clienthello_cookie), GOOD },

    { clienthello_cookie_frag, sizeof(clienthello_cookie_frag), GOOD },

    { clienthello_badcookie, sizeof(clienthello_badcookie), VERIFY },

    { clienthello_cookie_short, sizeof(clienthello_cookie_short), DROP },

    { record_short, sizeof(record_short), DROP }

};

# define COOKIE_LEN  20

{

    unsigned int i;

    for (i = 0; i < COOKIE_LEN; i++, cookie++) {

    for (i = 0; i < COOKIE_LEN; i++, cookie++)

        *cookie = i;

    }

    *cookie_len = COOKIE_LEN;

    return 1;

    return 1;

}

#endif

int main(void)

static int dtls_listen_test(int i)

{

#ifndef OPENSSL_NO_SOCK

    SSL_CTX *ctx = NULL;

    SSL *ssl = NULL;

    BIO *outbio = NULL;

    BIO *inbio = NULL;

    BIO_ADDR *peer = BIO_ADDR_new();

    BIO_ADDR *peer = NULL;

    tests *tp = &testpackets[i];

    char *data;

    long datalen;

    int ret, success = 0;

    long i;

    ctx = SSL_CTX_new(DTLS_server_method());

    if (ctx == NULL || peer == NULL)

    if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_server_method()))

            || !TEST_ptr(peer = BIO_ADDR_new()))

        goto err;

    SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen);

    SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify);

    /* Create an SSL object for the connection */

    ssl = SSL_new(ctx);

    if (ssl == NULL)

        goto err;

    outbio = BIO_new(BIO_s_mem());

    if (outbio == NULL)

    /* Create an SSL object and set the BIO */

    if (!TEST_ptr(ssl = SSL_new(ctx))

            || !TEST_ptr(outbio = BIO_new(BIO_s_mem())))

        goto err;

    SSL_set0_wbio(ssl, outbio);

    success = 1;

    for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) {

        inbio = BIO_new_mem_buf((char *)testpackets[i].in,

                                testpackets[i].inlen);

        if (inbio == NULL) {

            success = 0;

            goto err;

        }

    /* Set Non-blocking IO behaviour */

    if (!TEST_ptr(inbio = BIO_new_mem_buf((char *)tp->in, tp->inlen)))

        goto err;

    BIO_set_mem_eof_return(inbio, -1);

    SSL_set0_rbio(ssl, inbio);

    /* Process the incoming packet */

        ret = DTLSv1_listen(ssl, peer);

        if (ret < 0) {

            success = 0;

    if (!TEST_int_ge(ret = DTLSv1_listen(ssl, peer), 0))

        goto err;

        }

    datalen = BIO_get_mem_data(outbio, &data);

        if (testpackets[i].outtype == VERIFY) {

            if (ret == 0) {

                if (datalen != sizeof(verify)

                        || (memcmp(data, verify, sizeof(verify)) != 0)) {

                    printf("Test %ld failure: incorrect HelloVerifyRequest\n", i);

                    success = 0;

                } else {

                    printf("Test %ld success\n", i);

                }

            } else {

                printf ("Test %ld failure: should not have succeeded\n", i);

                success = 0;

            }

    if (tp->outtype == VERIFY) {

        if (!TEST_int_eq(ret, 0)

                || !TEST_mem_eq(data, datalen, verify, sizeof(verify)))

            goto err;

    } else if (datalen == 0) {

            if ((ret == 0 && testpackets[i].outtype == DROP)

                    || (ret == 1 && testpackets[i].outtype == GOOD)) {

                printf("Test %ld success\n", i);

            } else {

                printf("Test %ld failure: wrong return value\n", i);

                success = 0;

            }

        if (!TEST_true((ret == 0 && tp->outtype == DROP)

                || (ret == 1 && tp->outtype == GOOD)))

            goto err;

    } else {

            printf("Test %ld failure: Unexpected data output\n", i);

            success = 0;

        TEST_info("Test %d: unexpected data output", i);

        goto err;

    }

    (void)BIO_reset(outbio);

    inbio = NULL;

        /* Frees up inbio */

    SSL_set0_rbio(ssl, NULL);

    }

    success = 1;

 err:

    if (!success)

        ERR_print_errors_fp(stderr);

    /* Also frees up outbio */

    SSL_free(ssl);

    SSL_CTX_free(ctx);

    BIO_free(inbio);

    OPENSSL_free(peer);

# ifndef OPENSSL_NO_CRYPTO_MDEBUG

    CRYPTO_mem_leaks_fp(stderr);

    return success;

}

#endif

    return success ? 0 : 1;

#else

    printf("DTLSv1_listen() is not supported by this build - skipping\n");

    return 0;

void register_tests()

{

#ifndef OPENSSL_NO_SOCK

    ADD_ALL_TESTS(dtls_listen_test, (int)OSSL_NELEM(testpackets));

#endif

}

#include "e_os.h"

#include "ssltestlib.h"

#include "testutil.h"

static int tls_dump_new(BIO *bi);

static int tls_dump_free(BIO *a);

/* Choose a sufficiently large type likely to be unused for this custom BIO */

#define BIO_TYPE_TLS_DUMP_FILTER  (0x80 | BIO_TYPE_FILTER)

#define BIO_TYPE_MEMPACKET_TEST    0x81

static BIO_METHOD *method_tls_dump = NULL;

static BIO_METHOD *method_mempacket_test = NULL;

static BIO_METHOD *meth_mem = NULL;

/* Note: Not thread safe! */

const BIO_METHOD *bio_f_tls_dump_filter(void)

const BIO_METHOD *bio_s_mempacket_test(void)

{

    if (method_mempacket_test == NULL) {

        method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,

                                             "Mem Packet Test");

        if (   method_mempacket_test == NULL

            || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write)

            || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read)

            || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts)

            || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets)

            || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl)

            || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new)

            || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free))

    if (meth_mem == NULL) {

        if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST,

                                              "Mem Packet Test"))

            || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write))

            || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read))

            || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts))

            || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets))

            || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl))

            || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new))

            || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free)))

            return NULL;

    }

    return method_mempacket_test;

    return meth_mem;

}

void bio_s_mempacket_test_free(void)

{

    BIO_meth_free(method_mempacket_test);

    BIO_meth_free(meth_mem);

}

static int mempacket_test_new(BIO *bio)

{

    MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));

    if (ctx == NULL)

    MEMPACKET_TEST_CTX *ctx;

    if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx))))

        return 0;

    ctx->pkts = sk_MEMPACKET_new_null();

    if (ctx->pkts == NULL) {

    if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) {

        OPENSSL_free(ctx);

        return 0;

    }

    OPENSSL_free(ctx);

    BIO_set_data(bio, NULL);

    BIO_set_init(bio, 0);

    return 1;

}

    unsigned int seq, offset, len, epoch;

    BIO_clear_retry_flags(bio);

    thispkt = sk_MEMPACKET_value(ctx->pkts, 0);

    if (thispkt == NULL || thispkt->num != ctx->currpkt) {

        /* Probably run out of data */

         * we know that there won't be any re-ordering. We overwrite to deal

         * with any packets that have been injected

         */

        rem = thispkt->len;

        rec = thispkt->data;

        while (rem > 0) {

            if (rem < DTLS1_RT_HEADER_LENGTH) {

        for (rem = thispkt->len, rec = thispkt->data

                ; rem > 0; rec += len, rem -= len) {

            if (rem < DTLS1_RT_HEADER_LENGTH)

                return -1;

            }

            epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO];

            if (epoch != ctx->epoch) {

                ctx->epoch = epoch;

            len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO])

                  + DTLS1_RT_HEADER_LENGTH;

            rec += len;

            rem -= len;

        }

    }

    memcpy(out, thispkt->data, outl);

    mempacket_free(thispkt);

    return outl;

}

        ctx->noinject = 1;

    }

    thispkt = OPENSSL_malloc(sizeof(MEMPACKET));

    if (thispkt == NULL)

    if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt))))

        return -1;

    thispkt->data = OPENSSL_malloc(inl);

    if (thispkt->data == NULL) {

    if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) {

        mempacket_free(thispkt);

        return -1;

    }

    SSL_CTX *serverctx = NULL;

    SSL_CTX *clientctx = NULL;

    serverctx = SSL_CTX_new(sm);

    clientctx = SSL_CTX_new(cm);

    if (serverctx == NULL || clientctx == NULL) {

        printf("Failed to create SSL_CTX\n");

    if (!TEST_ptr(serverctx = SSL_CTX_new(sm))

            || !TEST_ptr(clientctx = SSL_CTX_new(cm)))

        goto err;

    }

    if (SSL_CTX_use_certificate_file(serverctx, certfile,

                                     SSL_FILETYPE_PEM) <= 0) {

        printf("Failed to load server certificate\n");

    if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile,

                                                  SSL_FILETYPE_PEM), 1)

            || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,

                                                        SSL_FILETYPE_PEM), 1)

            || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1))

        goto err;

    }

    if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile,

                                    SSL_FILETYPE_PEM) <= 0) {