Use more accessors in ssl_test.cc Fewer things we need to update as the internals change. Change-Id: If615a56557c8acbe08501f091e9fe21e5ff8072c Reviewed-on: https://boringssl-review.googlesource.com/29525 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 7f5361f..cfcaa73 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc
@@ -986,28 +986,20 @@ if (!ssl_ctx) { return nullptr; } + // Use a garbage ticket. + std::vector<uint8_t> ticket(ticket_len, 'a'); bssl::UniquePtr<SSL_SESSION> session( SSL_SESSION_from_bytes(der.data(), der.size(), ssl_ctx.get())); - if (!session) { + if (!session || + !SSL_SESSION_set_protocol_version(session.get(), version) || + !SSL_SESSION_set_ticket(session.get(), ticket.data(), ticket.size())) { return nullptr; } - - session->ssl_version = version; - - // Swap out the ticket for a garbage one. - OPENSSL_free(session->tlsext_tick); - session->tlsext_tick = reinterpret_cast<uint8_t*>(OPENSSL_malloc(ticket_len)); - if (session->tlsext_tick == nullptr) { - return nullptr; - } - OPENSSL_memset(session->tlsext_tick, 'a', ticket_len); - session->tlsext_ticklen = ticket_len; - // Fix up the timeout. #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) - session->time = 1234; + SSL_SESSION_set_time(session.get(), 1234); #else - session->time = time(NULL); + SSL_SESSION_set_time(session.get(), time(nullptr)); #endif return session; } @@ -1423,9 +1415,11 @@ return nullptr; } - ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH; - OPENSSL_memset(ret->session_id, 0, ret->session_id_length); - OPENSSL_memcpy(ret->session_id, &number, sizeof(number)); + uint8_t id[SSL3_SSL_SESSION_ID_LENGTH] = {0}; + OPENSSL_memcpy(id, &number, sizeof(number)); + if (!SSL_SESSION_set1_id(ret.get(), id, sizeof(id))) { + return nullptr; + } return ret; } @@ -2245,12 +2239,15 @@ } static bool GetServerTicketTime(long *out, const SSL_SESSION *session) { - if (session->tlsext_ticklen < 16 + 16 + SHA256_DIGEST_LENGTH) { + const uint8_t *ticket; + size_t ticket_len; + SSL_SESSION_get0_ticket(session, &ticket, &ticket_len); + if (ticket_len < 16 + 16 + SHA256_DIGEST_LENGTH) { return false; } - const uint8_t *ciphertext = session->tlsext_tick + 16 + 16; - size_t len = session->tlsext_ticklen - 16 - 16 - SHA256_DIGEST_LENGTH; + const uint8_t *ciphertext = ticket + 16 + 16; + size_t len = ticket_len - 16 - 16 - SHA256_DIGEST_LENGTH; std::unique_ptr<uint8_t[]> plaintext(new uint8_t[len]); #if defined(BORINGSSL_UNSAFE_FUZZER_MODE) @@ -2258,7 +2255,7 @@ OPENSSL_memcpy(plaintext.get(), ciphertext, len); #else static const uint8_t kZeros[16] = {0}; - const uint8_t *iv = session->tlsext_tick + 16; + const uint8_t *iv = ticket + 16; bssl::ScopedEVP_CIPHER_CTX ctx; int len1, len2; if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_128_cbc(), nullptr, kZeros, iv) || @@ -2280,7 +2277,7 @@ return false; } - *out = server_session->time; + *out = SSL_SESSION_get_time(server_session.get()); return true; } @@ -2354,7 +2351,7 @@ if (server_test) { ASSERT_TRUE(GetServerTicketTime(&session_time, new_session.get())); } else { - session_time = new_session->time; + session_time = SSL_SESSION_get_time(new_session.get()); } ASSERT_EQ(session_time, g_current_time.tv_sec); @@ -4133,7 +4130,7 @@ !TestPaddingExtension(TLS1_3_VERSION, TLS1_2_VERSION) || // Test the padding extension at TLS 1.3 with a TLS 1.3 session, so there // will be a PSK binder after the padding extension. - !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_DRAFT23_VERSION)) { + !TestPaddingExtension(TLS1_3_VERSION, TLS1_3_VERSION)) { ADD_FAILURE() << "Tests failed"; } }