Tree - source-git/openssl - CentOS Git server

source-git / openssl

Blame test/dtls_mtu_test.c

Blob History Raw

Packit Service	084de1	`/*`
Packit Service	084de1	`* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.`
Packit Service	084de1	`*`
Packit Service	084de1	`* Licensed under the OpenSSL license (the "License"). You may not use`
Packit Service	084de1	`* this file except in compliance with the License. You can obtain a copy`
Packit Service	084de1	`* in the file LICENSE in the source distribution or at`
Packit Service	084de1	`* https://www.openssl.org/source/license.html`
Packit Service	084de1	`*/`
Packit Service	084de1
Packit Service	084de1	`#include <stdio.h>`
Packit Service	084de1	`#include <string.h>`
Packit Service	084de1
Packit Service	084de1	`#include <openssl/dtls1.h>`
Packit Service	084de1	`#include <openssl/ssl.h>`
Packit Service	084de1	`#include <openssl/err.h>`
Packit Service	084de1
Packit Service	084de1	`#include "ssltestlib.h"`
Packit Service	084de1	`#include "testutil.h"`
Packit Service	084de1
Packit Service	084de1	`/* for SSL_READ_ETM() */`
Packit Service	084de1	`#include "../ssl/ssl_local.h"`
Packit Service	084de1
Packit Service	084de1	`static int debug = 0;`
Packit Service	084de1
Packit Service	084de1	`static unsigned int clnt_psk_callback(SSL ssl, const char hint,`
Packit Service	084de1	`char *ident, unsigned int max_ident_len,`
Packit Service	084de1	`unsigned char *psk,`
Packit Service	084de1	`unsigned int max_psk_len)`
Packit Service	084de1	`{`
Packit Service	084de1	`BIO_snprintf(ident, max_ident_len, "psk");`
Packit Service	084de1
Packit Service	084de1	`if (max_psk_len > 20)`
Packit Service	084de1	`max_psk_len = 20;`
Packit Service	084de1	`memset(psk, 0x5a, max_psk_len);`
Packit Service	084de1
Packit Service	084de1	`return max_psk_len;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static unsigned int srvr_psk_callback(SSL ssl, const char identity,`
Packit Service	084de1	`unsigned char *psk,`
Packit Service	084de1	`unsigned int max_psk_len)`
Packit Service	084de1	`{`
Packit Service	084de1	`if (max_psk_len > 20)`
Packit Service	084de1	`max_psk_len = 20;`
Packit Service	084de1	`memset(psk, 0x5a, max_psk_len);`
Packit Service	084de1	`return max_psk_len;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int mtu_test(SSL_CTX ctx, const char cs, int no_etm)`
Packit Service	084de1	`{`
Packit Service	084de1	`SSL srvr_ssl = NULL, clnt_ssl = NULL;`
Packit Service	084de1	`BIO *sc_bio = NULL;`
Packit Service	084de1	`int i;`
Packit Service	084de1	`size_t s;`
Packit Service	084de1	`size_t mtus[30];`
Packit Service	084de1	`unsigned char buf[600];`
Packit Service	084de1	`int rv = 0;`
Packit Service	084de1
Packit Service	084de1	`memset(buf, 0x5a, sizeof(buf));`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl,`
Packit Service	084de1	`NULL, NULL)))`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`if (no_etm)`
Packit Service	084de1	`SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC);`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_true(SSL_set_cipher_list(srvr_ssl, cs))`
Packit Service	084de1	`\|\| !TEST_true(SSL_set_cipher_list(clnt_ssl, cs))`
Packit Service	084de1	`\|\| !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl))`
Packit Service	084de1	`\|\| !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl,`
Packit Service	084de1	`SSL_ERROR_NONE)))`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`if (debug)`
Packit Service	084de1	`TEST_info("Channel established");`
Packit Service	084de1
Packit Service	084de1	`/* For record MTU values between 500 and 539, call DTLS_get_data_mtu()`
Packit Service	084de1	`* to query the payload MTU which will fit. */`
Packit Service	084de1	`for (i = 0; i < 30; i++) {`
Packit Service	084de1	`SSL_set_mtu(clnt_ssl, 500 + i);`
Packit Service	084de1	`mtus[i] = DTLS_get_data_mtu(clnt_ssl);`
Packit Service	084de1	`if (debug)`
Packit Service	084de1	`TEST_info("%s%s MTU for record mtu %d = %lu",`
Packit Service	084de1	`cs, no_etm ? "-noEtM" : "",`
Packit Service	084de1	`500 + i, (unsigned long)mtus[i]);`
Packit Service	084de1	`if (!TEST_size_t_ne(mtus[i], 0)) {`
Packit Service	084de1	`TEST_info("Cipher %s MTU %d", cs, 500 + i);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`/* Now get out of the way */`
Packit Service	084de1	`SSL_set_mtu(clnt_ssl, 1000);`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* Now for all values in the range of payload MTUs, send a payload of`
Packit Service	084de1	`* that size and see what actual record size we end up with.`
Packit Service	084de1	`*/`
Packit Service	084de1	`for (s = mtus[0]; s <= mtus[29]; s++) {`
Packit Service	084de1	`size_t reclen;`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_int_eq(SSL_write(clnt_ssl, buf, s), (int)s))`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`reclen = BIO_read(sc_bio, buf, sizeof(buf));`
Packit Service	084de1	`if (debug)`
Packit Service	084de1	`TEST_info("record %zu for payload %zu", reclen, s);`
Packit Service	084de1
Packit Service	084de1	`for (i = 0; i < 30; i++) {`
Packit Service	084de1	`/* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_false(s <= mtus[i] && reclen > (size_t)(500 + i))) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We sent a packet smaller than or equal to mtus[j] and`
Packit Service	084de1	`* that made a record larger than the record MTU 500+j!`
Packit Service	084de1	`*/`
Packit Service	084de1	`TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d",`
Packit Service	084de1	`cs, (unsigned long)s, (unsigned long)mtus[i],`
Packit Service	084de1	`(unsigned long)reclen, 500 + i);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`if (!TEST_false(s > mtus[i] && reclen <= (size_t)(500 + i))) {`
Packit Service	084de1	`/*`
Packit Service	084de1	`* We sent a larger packet than mtus[i] and that still`
Packit Service	084de1	`* fits within the record MTU 500+i, so DTLS_get_data_mtu()`
Packit Service	084de1	`* was overly pessimistic.`
Packit Service	084de1	`*/`
Packit Service	084de1	`TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d",`
Packit Service	084de1	`cs, (unsigned long)s, (unsigned long)mtus[i],`
Packit Service	084de1	`(unsigned long)reclen, 500 + i);`
Packit Service	084de1	`goto end;`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`}`
Packit Service	084de1	`rv = 1;`
Packit Service	084de1	`if (SSL_READ_ETM(clnt_ssl))`
Packit Service	084de1	`rv = 2;`
Packit Service	084de1	`end:`
Packit Service	084de1	`SSL_free(clnt_ssl);`
Packit Service	084de1	`SSL_free(srvr_ssl);`
Packit Service	084de1	`return rv;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`static int run_mtu_tests(void)`
Packit Service	084de1	`{`
Packit Service	084de1	`SSL_CTX *ctx = NULL;`
Packit Service	084de1	`STACK_OF(SSL_CIPHER) *ciphers;`
Packit Service	084de1	`int i, ret = 0;`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method())))`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback);`
Packit Service	084de1	`SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback);`
Packit Service	084de1	`SSL_CTX_set_security_level(ctx, 0);`
Packit Service	084de1
Packit Service	084de1	`/*`
Packit Service	084de1	`* We only care about iterating over each enc/mac; we don't want to`
Packit Service	084de1	`* repeat the test for each auth/kx variant. So keep life simple and`
Packit Service	084de1	`* only do (non-DH) PSK.`
Packit Service	084de1	`*/`
Packit Service	084de1	`if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "PSK")))`
Packit Service	084de1	`goto end;`
Packit Service	084de1
Packit Service	084de1	`ciphers = SSL_CTX_get_ciphers(ctx);`
Packit Service	084de1	`for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {`
Packit Service	084de1	`const SSL_CIPHER *cipher = sk_SSL_CIPHER_value(ciphers, i);`
Packit Service	084de1	`const char *cipher_name = SSL_CIPHER_get_name(cipher);`
Packit Service	084de1
Packit Service	084de1	`/* As noted above, only one test for each enc/mac variant. */`
Packit Service	084de1	`if (strncmp(cipher_name, "PSK-", 4) != 0)`
Packit Service	084de1	`continue;`
Packit Service	084de1
Packit Service	084de1	`if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0))`
Packit Service	084de1	`break;`
Packit Service	084de1	`TEST_info("%s OK", cipher_name);`
Packit Service	084de1	`if (ret == 1)`
Packit Service	084de1	`continue;`
Packit Service	084de1
Packit Service	084de1	`/* mtu_test() returns 2 if it used Encrypt-then-MAC */`
Packit Service	084de1	`if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 1), 0))`
Packit Service	084de1	`break;`
Packit Service	084de1	`TEST_info("%s without EtM OK", cipher_name);`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`end:`
Packit Service	084de1	`SSL_CTX_free(ctx);`
Packit Service	084de1	`bio_s_mempacket_test_free();`
Packit Service	084de1	`return ret;`
Packit Service	084de1	`}`
Packit Service	084de1
Packit Service	084de1	`int setup_tests(void)`
Packit Service	084de1	`{`
Packit Service	084de1	`ADD_TEST(run_mtu_tests);`
Packit Service	084de1	`return 1;`
Packit Service	084de1	`}`

source-git / openssl

Source Code

Blame test/dtls_mtu_test.c