kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ed09f2d5cd
boringssl/ssl/test/handshake_util.cc
Matthew Braithwaite ce77762686 shim: extract a |DoSplitHandshake| helper function. 
This makes the shim code read more naturally, in that the split-
handshake special case now lives in its own file.

This helps with creating a separate binary to perform split
handshakes.

Change-Id: I7970a8f368417791d18d4d44eeb379ef4b46c960
Reviewed-on: https://boringssl-review.googlesource.com/29347
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2018-07-13 19:57:17 +00:00

212 lines
6.6 KiB
C++
Raw Blame History

/* Copyright (c) 2018, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include "handshake_util.h"
#include <assert.h>
#include <functional>
#include "async_bio.h"
#include "packeted_bio.h"
#include "test_config.h"
#include "test_state.h"
#include <openssl/ssl.h>
using namespace bssl;
bool RetryAsync(SSL *ssl, int ret) {
// No error; don't retry.
if (ret >= 0) {
return false;
}
TestState *test_state = GetTestState(ssl);
assert(GetTestConfig(ssl)->async);
if (test_state->packeted_bio != nullptr &&
PacketedBioAdvanceClock(test_state->packeted_bio)) {
// The DTLS retransmit logic silently ignores write failures. So the test
// may progress, allow writes through synchronously.
AsyncBioEnforceWriteQuota(test_state->async_bio, false);
int timeout_ret = DTLSv1_handle_timeout(ssl);
AsyncBioEnforceWriteQuota(test_state->async_bio, true);
if (timeout_ret < 0) {
fprintf(stderr, "Error retransmitting.\n");
return false;
}
return true;
}
// See if we needed to read or write more. If so, allow one byte through on
// the appropriate end to maximally stress the state machine.
switch (SSL_get_error(ssl, ret)) {
case SSL_ERROR_WANT_READ:
AsyncBioAllowRead(test_state->async_bio, 1);
return true;
case SSL_ERROR_WANT_WRITE:
AsyncBioAllowWrite(test_state->async_bio, 1);
return true;
case SSL_ERROR_WANT_CHANNEL_ID_LOOKUP: {
UniquePtr<EVP_PKEY> pkey =
LoadPrivateKey(GetTestConfig(ssl)->send_channel_id);
if (!pkey) {
return false;
}
test_state->channel_id = std::move(pkey);
return true;
}
case SSL_ERROR_WANT_X509_LOOKUP:
test_state->cert_ready = true;
return true;
case SSL_ERROR_PENDING_SESSION:
test_state->session = std::move(test_state->pending_session);
return true;
case SSL_ERROR_PENDING_CERTIFICATE:
test_state->early_callback_ready = true;
return true;
case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
test_state->private_key_retries++;
return true;
case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
test_state->custom_verify_ready = true;
return true;
default:
return false;
}
}
int CheckIdempotentError(const char *name, SSL *ssl,
std::function<int()> func) {
int ret = func();
int ssl_err = SSL_get_error(ssl, ret);
uint32_t err = ERR_peek_error();
if (ssl_err == SSL_ERROR_SSL || ssl_err == SSL_ERROR_ZERO_RETURN) {
int ret2 = func();
int ssl_err2 = SSL_get_error(ssl, ret2);
uint32_t err2 = ERR_peek_error();
if (ret != ret2 || ssl_err != ssl_err2 || err != err2) {
fprintf(stderr, "Repeating %s did not replay the error.\n", name);
char buf[256];
ERR_error_string_n(err, buf, sizeof(buf));
fprintf(stderr, "Wanted: %d %d %s\n", ret, ssl_err, buf);
ERR_error_string_n(err2, buf, sizeof(buf));
fprintf(stderr, "Got: %d %d %s\n", ret2, ssl_err2, buf);
// runner treats exit code 90 as always failing. Otherwise, it may
// accidentally consider the result an expected protocol failure.
exit(90);
}
}
return ret;
}
// MoveBIOs moves the |BIO|s of |src| to |dst|. It is used for handoff.
static void MoveBIOs(SSL *dest, SSL *src) {
BIO *rbio = SSL_get_rbio(src);
BIO_up_ref(rbio);
SSL_set0_rbio(dest, rbio);
BIO *wbio = SSL_get_wbio(src);
BIO_up_ref(wbio);
SSL_set0_wbio(dest, wbio);
SSL_set0_rbio(src, nullptr);
SSL_set0_wbio(src, nullptr);
}
static bool HandoffReady(SSL *ssl, int ret) {
return ret < 0 && SSL_get_error(ssl, ret) == SSL_ERROR_HANDOFF;
}
static bool HandbackReady(SSL *ssl, int ret) {
return ret < 0 && SSL_get_error(ssl, ret) == SSL_ERROR_HANDBACK;
}
bool DoSplitHandshake(UniquePtr<SSL> *ssl_uniqueptr, SettingsWriter *writer,
bool is_resume) {
SSL *ssl = ssl_uniqueptr->get();
SSL_set_handoff_mode(ssl, 1);
const TestConfig *config = GetTestConfig(ssl);
int ret = -1;
do {
ret = CheckIdempotentError("SSL_do_handshake", ssl,
[&]() -> int { return SSL_do_handshake(ssl); });
} while (!HandoffReady(ssl, ret) &&
config->async &&
RetryAsync(ssl, ret));
ScopedCBB cbb;
Array<uint8_t> handoff;
if (!HandoffReady(ssl, ret) ||
!CBB_init(cbb.get(), 512) ||
!SSL_serialize_handoff(ssl, cbb.get()) ||
!CBBFinishArray(cbb.get(), &handoff) ||
!writer->WriteHandoff(handoff)) {
fprintf(stderr, "Handoff failed.\n");
return false;
}
UniquePtr<SSL_CTX> ctx = config->SetupCtx(ssl->ctx.get());
if (!ctx) {
return false;
}
UniquePtr<SSL> ssl_handshaker =
config->NewSSL(ctx.get(), nullptr, false, nullptr);
if (!ssl_handshaker) {
return false;
}
MoveBIOs(ssl_handshaker.get(), ssl);
if (!MoveTestState(ssl_handshaker.get(), ssl) ||
!SSL_apply_handoff(ssl_handshaker.get(), handoff)) {
fprintf(stderr, "Handoff application failed.\n");
return false;
}
do {
ret = CheckIdempotentError(
"SSL_do_handshake", ssl_handshaker.get(),
[&]() -> int { return SSL_do_handshake(ssl_handshaker.get()); });
} while (config->async && RetryAsync(ssl_handshaker.get(), ret));
Array<uint8_t> handback;
if (!HandbackReady(ssl_handshaker.get(), ret) ||
!CBB_init(cbb.get(), 512) ||
!SSL_serialize_handback(ssl_handshaker.get(), cbb.get()) ||
!CBBFinishArray(cbb.get(), &handback) ||
!writer->WriteHandback(handback)) {
fprintf(stderr, "Handback failed.\n");
return false;
}
UniquePtr<SSL> ssl_handback =
config->NewSSL(ctx.get(), nullptr, false, nullptr);
if (!ssl_handback) {
return false;
}
MoveBIOs(ssl_handback.get(), ssl_handshaker.get());
if (!MoveTestState(ssl_handback.get(), ssl_handshaker.get()) ||
!SSL_apply_handback(ssl_handback.get(), handback)) {
fprintf(stderr, "Handback application failed.\n");
return false;
}
*ssl_uniqueptr = std::move(ssl_handback);
return true;
}
Reference in New Issue View Git Blame Copy Permalink