diff options
author | Jairus Christensen <christensenjairus@gmail.com> | 2023-02-27 09:36:15 -0700 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-06-02 05:46:46 +0200 |
commit | cee0628e0d53be82bd644ce258c3d3e90e64eced (patch) | |
tree | cec946b10eae236d4d425397a2512ab1cb25e8b6 /test | |
parent | fc570b2605b8eb18c3903543aaf0234b1f698c8e (diff) |
[feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes it available
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20248)
Diffstat (limited to 'test')
-rw-r--r-- | test/build.info | 6 | ||||
-rw-r--r-- | test/recipes/90-test_sslapi.t | 4 | ||||
-rw-r--r-- | test/ssl_handshake_rtt_test.c | 138 |
3 files changed, 146 insertions, 2 deletions
diff --git a/test/build.info b/test/build.info index 277b631a26..f6f19d6407 100644 --- a/test/build.info +++ b/test/build.info @@ -50,7 +50,7 @@ IF[{- !$disabled{tests} -}] dtlsv1listentest ct_test threadstest afalgtest d2i_test \ ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \ bio_callback_test bio_memleak_test bio_core_test bio_dgram_test param_build_test \ - bioprinttest sslapitest dtlstest sslcorrupttest \ + bioprinttest sslapitest ssl_handshake_rtt_test dtlstest sslcorrupttest \ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test threadstest_fips threadpool_test \ asn1_encode_test asn1_decode_test asn1_string_table_test \ @@ -494,6 +494,10 @@ IF[{- !$disabled{tests} -}] INCLUDE[sslapitest]=../include ../apps/include .. DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a + SOURCE[ssl_handshake_rtt_test]=ssl_handshake_rtt_test.c helpers/ssltestlib.c + INCLUDE[ssl_handshake_rtt_test]=../include ../apps/include .. + DEPEND[ssl_handshake_rtt_test]=../libcrypto.a ../libssl.a libtestutil.a + SOURCE[rpktest]=rpktest.c helpers/ssltestlib.c INCLUDE[rpktest]=../include ../apps/include .. DEPEND[rpktest]=../libcrypto ../libssl libtestutil.a diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index 9e9e32b51e..18d9f3d204 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -33,7 +33,7 @@ my $provconfnew = bldtop_file("test", "temp.cnf"); plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" if alldisabled(grep { $_ ne "ssl3" } available_protocols("tls")); -plan tests => 3; +plan tests => 4; (undef, my $tmpfilename) = tempfile(); @@ -140,4 +140,6 @@ SKIP: { unlink $provconfnew; } +ok(run(test(["ssl_handshake_rtt_test"])),"running ssl_handshake_rtt_test"); + unlink $tmpfilename; diff --git a/test/ssl_handshake_rtt_test.c b/test/ssl_handshake_rtt_test.c new file mode 100644 index 0000000000..0e54284f04 --- /dev/null +++ b/test/ssl_handshake_rtt_test.c @@ -0,0 +1,138 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * We need access to the deprecated low level HMAC APIs for legacy purposes + * when the deprecated calls are not hidden + */ +#ifndef OPENSSL_NO_DEPRECATED_3_0 +# define OPENSSL_SUPPRESS_DEPRECATED +#endif + +#include <stdio.h> +#include <string.h> + +#include <openssl/opensslconf.h> +#include <openssl/bio.h> +#include <openssl/crypto.h> +#include <openssl/ssl.h> +#include <openssl/engine.h> + +#include "helpers/ssltestlib.h" +#include "testutil.h" +#include "testutil/output.h" +#include "internal/ktls.h" +#include "../ssl/ssl_local.h" +#include "../ssl/statem/statem_local.h" + +static OSSL_LIB_CTX *libctx = NULL; +static char *cert = NULL; +static char *privkey = NULL; + +/* + * Test 0: Clientside handshake RTT (TLSv1.2) + * Test 1: Serverside handshake RTT (TLSv1.2) + * Test 2: Clientside handshake RTT (TLSv1.3) + * Test 3: Serverside handshake RTT (TLSv1.3) + * Test 4: Clientside handshake RTT with Early Data (TLSv1.3) + */ +static int test_handshake_rtt(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + SSL_CONNECTION *s = NULL; + OSSL_STATEM *st = NULL; + uint64_t rtt; + +#ifdef OPENSSL_NO_TLS1_2 + if (tst <= 1) + return 1; +#endif +#ifdef OSSL_NO_USABLE_TLS1_3 + if (tst >= 2) + return 1; +#endif + + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + (tst <= 1) ? TLS1_2_VERSION + : TLS1_3_VERSION, + &sctx, &cctx, cert, privkey)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + s = SSL_CONNECTION_FROM_SSL(tst % 2 == 0 ? clientssl : serverssl); + if (!TEST_ptr(s) || !TEST_ptr(st = &s->statem)) + return 0; + + /* implicitly set handshake rtt with a delay */ + switch (tst) { + case 0: + st->hand_state = TLS_ST_CW_CLNT_HELLO; + ossl_statem_client_write_transition(s); + OSSL_sleep(1); + st->hand_state = TLS_ST_CR_SRVR_DONE; + ossl_statem_client_write_transition(s); + break; + case 1: + st->hand_state = TLS_ST_SW_SRVR_DONE; + ossl_statem_server_write_transition(s); + OSSL_sleep(1); + st->hand_state = TLS_ST_SR_FINISHED; + ossl_statem_server_write_transition(s); + break; + case 2: + st->hand_state = TLS_ST_CW_CLNT_HELLO; + ossl_statem_client_write_transition(s); + OSSL_sleep(1); + st->hand_state = TLS_ST_CR_SRVR_DONE; + ossl_statem_client_write_transition(s); + break; + case 3: + st->hand_state = TLS_ST_SW_SRVR_DONE; + ossl_statem_server_write_transition(s); + OSSL_sleep(1); + st->hand_state = TLS_ST_SR_FINISHED; + ossl_statem_server_write_transition(s); + break; + case 4: + st->hand_state = TLS_ST_EARLY_DATA; + ossl_statem_client_write_transition(s); + OSSL_sleep(1); + st->hand_state = TLS_ST_CR_SRVR_DONE; + ossl_statem_client_write_transition(s); + break; + } + + if (!TEST_int_gt(SSL_get_handshake_rtt(SSL_CONNECTION_GET_SSL(s), &rtt), 0)) + goto end; + /* 1 millisec is the absolute minimum it could be given the delay */ + if (!TEST_uint64_t_ge(rtt, 1000)) + goto end; + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_handshake_rtt, 5); + + return 1; +} |