diff options
author | Matt Caswell <matt@openssl.org> | 2023-03-06 12:01:39 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2023-03-06 15:08:59 +0000 |
commit | 531a9a2229aca0b2d6b851e13981054d16bfc947 (patch) | |
tree | 0851605c7e8a3cae462f7f0c01cfb0b6654e9444 /test | |
parent | eca5796c400df5a0b02d8c202aa05ee948285f9c (diff) |
Fix a bad merge in sslapitest
A bad merge from #20208 into the 3.0 branch caused a build break.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20441)
Diffstat (limited to 'test')
-rw-r--r-- | test/sslapitest.c | 187 |
1 files changed, 0 insertions, 187 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index 3c1367a07d..5253fc8893 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -10044,193 +10044,6 @@ end: #endif } -#ifndef OSSL_NO_USABLE_TLS1_3 -/* Test that read_ahead works across a key change */ -static int test_read_ahead_key_change(void) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - char *msg = "Hello World"; - size_t written, readbytes; - char buf[80]; - int i; - - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_3_VERSION, 0, - &sctx, &cctx, cert, privkey))) - goto end; - - SSL_CTX_set_read_ahead(sctx, 1); - - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) - goto end; - - if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) - goto end; - - /* Write some data, send a key update, write more data */ - if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written)) - || !TEST_size_t_eq(written, strlen(msg))) - goto end; - - if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED))) - goto end; - - if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written)) - || !TEST_size_t_eq(written, strlen(msg))) - goto end; - - /* - * Since read_ahead is on the first read below should read the record with - * the first app data, the second record with the key update message, and - * the third record with the app data all in one go. We should be able to - * still process the read_ahead data correctly even though it crosses - * epochs - */ - for (i = 0; i < 2; i++) { - if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1, - &readbytes))) - goto end; - - buf[readbytes] = '\0'; - if (!TEST_str_eq(buf, msg)) - goto end; - } - - testresult = 1; - -end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - return testresult; -} - -static size_t record_pad_cb(SSL *s, int type, size_t len, void *arg) -{ - int *called = arg; - - switch ((*called)++) { - case 0: - /* Add some padding to first record */ - return 512; - case 1: - /* Maximally pad the second record */ - return SSL3_RT_MAX_PLAIN_LENGTH - len; - case 2: - /* - * Exceeding the maximum padding should be fine. It should just pad to - * the maximum anyway - */ - return SSL3_RT_MAX_PLAIN_LENGTH + 1 - len; - case 3: - /* - * Very large padding should also be ok. Should just pad to the maximum - * allowed - */ - return SIZE_MAX; - default: - return 0; - } -} - -/* - * Test that setting record padding in TLSv1.3 works as expected - * Test 0: Record padding callback on the SSL_CTX - * Test 1: Record padding callback on the SSL - * Test 2: Record block padding on the SSL_CTX - * Test 3: Record block padding on the SSL - */ -static int test_tls13_record_padding(int idx) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - char *msg = "Hello World"; - size_t written, readbytes; - char buf[80]; - int i; - int called = 0; - - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), TLS1_3_VERSION, 0, - &sctx, &cctx, cert, privkey))) - goto end; - - if (idx == 0) { - SSL_CTX_set_record_padding_callback(cctx, record_pad_cb); - SSL_CTX_set_record_padding_callback_arg(cctx, &called); - if (!TEST_ptr_eq(SSL_CTX_get_record_padding_callback_arg(cctx), &called)) - goto end; - } else if (idx == 2) { - /* Exceeding the max plain length should fail */ - if (!TEST_false(SSL_CTX_set_block_padding(cctx, - SSL3_RT_MAX_PLAIN_LENGTH + 1))) - goto end; - if (!TEST_true(SSL_CTX_set_block_padding(cctx, 512))) - goto end; - } - - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL))) - goto end; - - if (idx == 1) { - SSL_set_record_padding_callback(clientssl, record_pad_cb); - SSL_set_record_padding_callback_arg(clientssl, &called); - if (!TEST_ptr_eq(SSL_get_record_padding_callback_arg(clientssl), &called)) - goto end; - } else if (idx == 3) { - /* Exceeding the max plain length should fail */ - if (!TEST_false(SSL_set_block_padding(clientssl, - SSL3_RT_MAX_PLAIN_LENGTH + 1))) - goto end; - if (!TEST_true(SSL_set_block_padding(clientssl, 512))) - goto end; - } - - if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) - goto end; - - called = 0; - /* - * Write some data, then check we can read it. Do this four times to check - * we can continue to write and read padded data after the initial record - * padding has been added. We don't actually check that the padding has - * been applied to the record - just that we can continue to communicate - * normally and that the callback has been called (if appropriate). - */ - for (i = 0; i < 4; i++) { - if (!TEST_true(SSL_write_ex(clientssl, msg, strlen(msg), &written)) - || !TEST_size_t_eq(written, strlen(msg))) - goto end; - - if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf) - 1, - &readbytes)) - || !TEST_size_t_eq(written, readbytes)) - goto end; - - buf[readbytes] = '\0'; - if (!TEST_str_eq(buf, msg)) - goto end; - } - - if ((idx == 0 || idx == 1) && !TEST_int_eq(called, 4)) - goto end; - - testresult = 1; -end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - return testresult; -} -#endif /* OSSL_NO_USABLE_TLS1_3 */ - #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) /* * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not |