public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Check SSL_get_app_data() from QUIC cb in a failure situation

Browse source 
Ensure SSL_get_app_data() works even in a failure situation from SSL_free()

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27091)
This commit is contained in:
Matt Caswell 2025-03-18 12:04:15 +00:00 committed by Tomas Mraz
parent 2ebae654d5
commit f2488a567b
1 changed files with 29 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

33
test/sslapitest.c
View file

@ -12588,6 +12588,7 @@ struct quic_tls_test_data {
size_t params_len; size_t params_len;
int alert; int alert;
int err; int err;
int forcefail;
}; };
static int clientquicdata = 0xff, serverquicdata = 0xfe; static int clientquicdata = 0xff, serverquicdata = 0xfe;
@ -12600,7 +12601,7 @@ static int check_app_data(SSL *s)
data = (int *)SSL_get_app_data(s); data = (int *)SSL_get_app_data(s);
comparedata = SSL_is_server(s) ? &serverquicdata : &clientquicdata; comparedata = SSL_is_server(s) ? &serverquicdata : &clientquicdata;
if (comparedata != data) if (!TEST_true(comparedata == data))
return 0; return 0;
return 1; return 1;
@ -12658,6 +12659,13 @@ static int crypto_release_rcd_cb(SSL *s, size_t bytes_read, void *arg)
return 0; return 0;
} }
/* See if we need to force a failure in this callback */
if (data->forcefail) {
data->forcefail = 0;
data->err = 1;
return 0;
}
if (!TEST_size_t_eq(bytes_read, data->rcd_data_len[data->renc_level]) if (!TEST_size_t_eq(bytes_read, data->rcd_data_len[data->renc_level])
|| !TEST_size_t_gt(bytes_read, 0)) { || !TEST_size_t_gt(bytes_read, 0)) {
data->err = 1; data->err = 1;
@ -12745,8 +12753,10 @@ static int alert_cb(SSL *s, unsigned char alert_code, void *arg)
/* /*
* Test the QUIC TLS API * Test the QUIC TLS API
* Test 0: Normal run
* Test 1: Force a failure
*/ */
static int test_quic_tls(void) static int test_quic_tls(int idx)
{ {
SSL_CTX *sctx = NULL, *cctx = NULL; SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL; SSL *serverssl = NULL, *clientssl = NULL;
@ -12777,6 +12787,8 @@ static int test_quic_tls(void)
memset(&cdata, 0, sizeof(cdata)); memset(&cdata, 0, sizeof(cdata));
sdata.peer = &cdata; sdata.peer = &cdata;
cdata.peer = &sdata; cdata.peer = &sdata;
if (idx == 1)
sdata.forcefail = 1;
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(), TLS1_3_VERSION, 0, TLS_client_method(), TLS1_3_VERSION, 0,
@ -12799,8 +12811,17 @@ static int test_quic_tls(void)
sizeof(sparams)))) sizeof(sparams))))
goto end; goto end;
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) if (idx == 0) {
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
} else {
/* We expect this connection to fail */
if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
testresult = 1;
sdata.err = 0;
goto end; goto end;
}
/* Check no problems during the handshake */ /* Check no problems during the handshake */
if (!TEST_false(sdata.alert) if (!TEST_false(sdata.alert)
@ -12838,6 +12859,10 @@ static int test_quic_tls(void)
SSL_CTX_free(sctx); SSL_CTX_free(sctx);
SSL_CTX_free(cctx); SSL_CTX_free(cctx);
/* Check that we didn't suddenly hit an unexpected failure during cleanup */
if (!TEST_false(sdata.err) || !TEST_false(cdata.err))
testresult = 0;
return testresult; return testresult;
} }
@ -13319,7 +13344,7 @@ int setup_tests(void)
#endif #endif
ADD_ALL_TESTS(test_alpn, 4); ADD_ALL_TESTS(test_alpn, 4);
#if !defined(OSSL_NO_USABLE_TLS1_3) #if !defined(OSSL_NO_USABLE_TLS1_3)
ADD_TEST(test_quic_tls); ADD_ALL_TESTS(test_quic_tls, 2);
ADD_TEST(test_quic_tls_early_data); ADD_TEST(test_quic_tls_early_data);
#endif #endif
return 1; return 1;