kris
/
boringssl
1
0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
5345 коммитов
12 Ветки
38 MiB
 
 
 
 
 
 
Дерево: 4732c544f7
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '4732c544f7'
${ noResults }
boringssl/ssl/test/handshake_util.cc

212 строки
6.6 KiB
Исходник Вина История 

  1. /* Copyright (c) 2018, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. #include "handshake_util.h"

  16. 

  17. #include <assert.h>

  18. 

  19. #include <functional>

  20. 

  21. #include "async_bio.h"

  22. #include "packeted_bio.h"

  23. #include "test_config.h"

  24. #include "test_state.h"

  25. 

  26. #include <openssl/ssl.h>

  27. 

  28. using namespace bssl;

  29. 

  30. bool RetryAsync(SSL *ssl, int ret) {

  31.   // No error; don't retry.

  32.   if (ret >= 0) {

  33.     return false;

  34.   }

  35. 

  36.   TestState *test_state = GetTestState(ssl);

  37.   assert(GetTestConfig(ssl)->async);

  38. 

  39.   if (test_state->packeted_bio != nullptr &&

  40.       PacketedBioAdvanceClock(test_state->packeted_bio)) {

  41.     // The DTLS retransmit logic silently ignores write failures. So the test

  42.     // may progress, allow writes through synchronously.

  43.     AsyncBioEnforceWriteQuota(test_state->async_bio, false);

  44.     int timeout_ret = DTLSv1_handle_timeout(ssl);

  45.     AsyncBioEnforceWriteQuota(test_state->async_bio, true);

  46. 

  47.     if (timeout_ret < 0) {

  48.       fprintf(stderr, "Error retransmitting.\n");

  49.       return false;

  50.     }

  51.     return true;

  52.   }

  53. 

  54.   // See if we needed to read or write more. If so, allow one byte through on

  55.   // the appropriate end to maximally stress the state machine.

  56.   switch (SSL_get_error(ssl, ret)) {

  57.     case SSL_ERROR_WANT_READ:

  58.       AsyncBioAllowRead(test_state->async_bio, 1);

  59.       return true;

  60.     case SSL_ERROR_WANT_WRITE:

  61.       AsyncBioAllowWrite(test_state->async_bio, 1);

  62.       return true;

  63.     case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: {

  64.       UniquePtr<EVP_PKEY> pkey =

  65.           LoadPrivateKey(GetTestConfig(ssl)->send_channel_id);

  66.       if (!pkey) {

  67.         return false;

  68.       }

  69.       test_state->channel_id = std::move(pkey);

  70.       return true;

  71.     }

  72.     case SSL_ERROR_WANT_X509_LOOKUP:

  73.       test_state->cert_ready = true;

  74.       return true;

  75.     case SSL_ERROR_PENDING_SESSION:

  76.       test_state->session = std::move(test_state->pending_session);

  77.       return true;

  78.     case SSL_ERROR_PENDING_CERTIFICATE:

  79.       test_state->early_callback_ready = true;

  80.       return true;

  81.     case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:

  82.       test_state->private_key_retries++;

  83.       return true;

  84.     case SSL_ERROR_WANT_CERTIFICATE_VERIFY:

  85.       test_state->custom_verify_ready = true;

  86.       return true;

  87.     default:

  88.       return false;

  89.   }

  90. }

  91. 

  92. int CheckIdempotentError(const char *name, SSL *ssl,

  93.                          std::function<int()> func) {

  94.   int ret = func();

  95.   int ssl_err = SSL_get_error(ssl, ret);

  96.   uint32_t err = ERR_peek_error();

  97.   if (ssl_err == SSL_ERROR_SSL || ssl_err == SSL_ERROR_ZERO_RETURN) {

  98.     int ret2 = func();

  99.     int ssl_err2 = SSL_get_error(ssl, ret2);

  100.     uint32_t err2 = ERR_peek_error();

  101.     if (ret != ret2 || ssl_err != ssl_err2 || err != err2) {

  102.       fprintf(stderr, "Repeating %s did not replay the error.\n", name);

  103.       char buf[256];

  104.       ERR_error_string_n(err, buf, sizeof(buf));

  105.       fprintf(stderr, "Wanted: %d %d %s\n", ret, ssl_err, buf);

  106.       ERR_error_string_n(err2, buf, sizeof(buf));

  107.       fprintf(stderr, "Got:    %d %d %s\n", ret2, ssl_err2, buf);

  108.       // runner treats exit code 90 as always failing. Otherwise, it may

  109.       // accidentally consider the result an expected protocol failure.

  110.       exit(90);

  111.     }

  112.   }

  113.   return ret;

  114. }

  115. 

  116. // MoveBIOs moves the |BIO|s of |src| to |dst|.  It is used for handoff.

  117. static void MoveBIOs(SSL *dest, SSL *src) {

  118.   BIO *rbio = SSL_get_rbio(src);

  119.   BIO_up_ref(rbio);

  120.   SSL_set0_rbio(dest, rbio);

  121. 

  122.   BIO *wbio = SSL_get_wbio(src);

  123.   BIO_up_ref(wbio);

  124.   SSL_set0_wbio(dest, wbio);

  125. 

  126.   SSL_set0_rbio(src, nullptr);

  127.   SSL_set0_wbio(src, nullptr);

  128. }

  129. 

  130. static bool HandoffReady(SSL *ssl, int ret) {

  131.   return ret < 0 && SSL_get_error(ssl, ret) == SSL_ERROR_HANDOFF;

  132. }

  133. 

  134. static bool HandbackReady(SSL *ssl, int ret) {

  135.   return ret < 0 && SSL_get_error(ssl, ret) == SSL_ERROR_HANDBACK;

  136. }

  137. 

  138. bool DoSplitHandshake(UniquePtr<SSL> *ssl_uniqueptr, SettingsWriter *writer,

  139.                       bool is_resume) {

  140.   SSL *ssl = ssl_uniqueptr->get();

  141.   SSL_set_handoff_mode(ssl, 1);

  142. 

  143.   const TestConfig *config = GetTestConfig(ssl);

  144.   int ret = -1;

  145.   do {

  146.     ret = CheckIdempotentError("SSL_do_handshake", ssl,

  147.                                [&]() -> int { return SSL_do_handshake(ssl); });

  148.   } while (!HandoffReady(ssl, ret) &&

  149.            config->async &&

  150.            RetryAsync(ssl, ret));

  151. 

  152.   ScopedCBB cbb;

  153.   Array<uint8_t> handoff;

  154.   if (!HandoffReady(ssl, ret) ||

  155.       !CBB_init(cbb.get(), 512) ||

  156.       !SSL_serialize_handoff(ssl, cbb.get()) ||

  157.       !CBBFinishArray(cbb.get(), &handoff) ||

  158.       !writer->WriteHandoff(handoff)) {

  159.     fprintf(stderr, "Handoff failed.\n");

  160.     return false;

  161.   }

  162. 

  163.   UniquePtr<SSL_CTX> ctx = config->SetupCtx(ssl->ctx.get());

  164.   if (!ctx) {

  165.     return false;

  166.   }

  167.   UniquePtr<SSL> ssl_handshaker =

  168.       config->NewSSL(ctx.get(), nullptr, false, nullptr);

  169.   if (!ssl_handshaker) {

  170.     return false;

  171.   }

  172.   MoveBIOs(ssl_handshaker.get(), ssl);

  173. 

  174.   if (!MoveTestState(ssl_handshaker.get(), ssl) ||

  175.       !SSL_apply_handoff(ssl_handshaker.get(), handoff)) {

  176.     fprintf(stderr, "Handoff application failed.\n");

  177.     return false;

  178.   }

  179. 

  180.   do {

  181.     ret = CheckIdempotentError(

  182.         "SSL_do_handshake", ssl_handshaker.get(),

  183.         [&]() -> int { return SSL_do_handshake(ssl_handshaker.get()); });

  184.   } while (config->async && RetryAsync(ssl_handshaker.get(), ret));

  185. 

  186.   Array<uint8_t> handback;

  187.   if (!HandbackReady(ssl_handshaker.get(), ret) ||

  188.       !CBB_init(cbb.get(), 512) ||

  189.       !SSL_serialize_handback(ssl_handshaker.get(), cbb.get()) ||

  190.       !CBBFinishArray(cbb.get(), &handback) ||

  191.       !writer->WriteHandback(handback)) {

  192.     fprintf(stderr, "Handback failed.\n");

  193.     return false;

  194.   }

  195. 

  196.   UniquePtr<SSL> ssl_handback =

  197.       config->NewSSL(ctx.get(), nullptr, false, nullptr);

  198.   if (!ssl_handback) {

  199.     return false;

  200.   }

  201.   MoveBIOs(ssl_handback.get(), ssl_handshaker.get());

  202. 

  203.   if (!MoveTestState(ssl_handback.get(), ssl_handshaker.get()) ||

  204.       !SSL_apply_handback(ssl_handback.get(), handback)) {

  205.     fprintf(stderr, "Handback application failed.\n");

  206.     return false;

  207.   }

  208. 

  209.   *ssl_uniqueptr = std::move(ssl_handback);

  210.   return true;

  211. }