Let test handshakes stop on certain errors

Certain callback APIs allow the callback to request async processing
by trickling a particular error value up the stack to the application
as an error return from the handshake function.  In those cases,
SSL_want() returns a code specific to the type of async processing
needed.

The create_ssl_connection() helper function for the tests is very
helpful for several things, including creating API tests.  However,
it does not currently let us test the async processing functionality
of these callback interfaces, because the special SSL error codes
are treated as generic errors and the helper continues to loop until
it reaches its maximum iteration count.

Add a new parameter, 'want', that indicates an expected/desired
special SSL error code, so that the helper will terminate when
either side reports that error, giving control back to the calling
function and allowing the test to proceed.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2279)

test/asynciotest.c

@@ -303,7 +303,7 @@ int main(int argc, char *argv[])
             goto end;
         }
 
-        if (!create_ssl_connection(serverssl, clientssl)) {
+        if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
             printf("Test %d failed: Create SSL connection failed\n", test);
             goto end;
         }

test/dtls_mtu_test.c

@@ -70,7 +70,7 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm)
     }
     sc_bio = SSL_get_rbio(srvr_ssl);
 
-    if (create_ssl_connection(clnt_ssl, srvr_ssl) != 1)
+    if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1)
         goto out;
 
     if (debug)

test/dtlstest.c

@@ -89,7 +89,7 @@ static int test_dtls_unprocessed(int testidx)
     mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
                           sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
 
-    if (!create_ssl_connection(serverssl1, clientssl1)) {
+    if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         ERR_print_errors_fp(stdout);
         goto end;

test/sslapitest.c

@@ -338,7 +338,7 @@ static int test_keylog(void) {
         goto end;
     }
 
-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         goto end;
     }
@@ -435,7 +435,7 @@ static int test_keylog_no_master_key(void) {
         goto end;
     }
 
-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         goto end;
     }
@@ -541,7 +541,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
         goto end;
     }
 
-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         goto end;
     }
@@ -719,7 +719,7 @@ static int test_tlsext_status_type(void)
         goto end;
     }
 
-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         goto end;
     }
@@ -745,7 +745,7 @@ static int test_tlsext_status_type(void)
     }
 
     /* This should fail because the callback will fail */
-    if (create_ssl_connection(serverssl, clientssl)) {
+    if (create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unexpected success creating the connection\n");
         goto end;
     }
@@ -799,7 +799,7 @@ static int test_tlsext_status_type(void)
     BIO_free(certbio);
     certbio = NULL;
 
-    if (!create_ssl_connection(serverssl, clientssl)) {
+    if (!create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         goto end;
     }
@@ -906,7 +906,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
         goto end;
     }
 
-    if (!create_ssl_connection(serverssl1, clientssl1)) {
+    if (!create_ssl_connection(serverssl1, clientssl1, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         goto end;
     }
@@ -932,7 +932,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
         goto end;
     }
 
-    if (!create_ssl_connection(serverssl2, clientssl2)) {
+    if (!create_ssl_connection(serverssl2, clientssl2, SSL_ERROR_NONE)) {
         printf("Unable to create second SSL connection\n");
         goto end;
     }
@@ -1015,7 +1015,7 @@ static int execute_test_session(SSL_SESSION_TEST_FIXTURE fix)
     }
 
     /* This should fail because of the mismatched protocol versions */
-    if (create_ssl_connection(serverssl3, clientssl3)) {
+    if (create_ssl_connection(serverssl3, clientssl3, SSL_ERROR_NONE)) {
         printf("Unable to create third SSL connection\n");
         goto end;
     }
@@ -1436,7 +1436,7 @@ static int test_set_sigalgs(int idx)
         }
     }
 
-    if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+    if (curr->connsuccess != create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) {
         printf("Unexpected return value creating SSL connection (%d)\n", idx);
         goto end;
     }

test/sslcorrupttest.c

@@ -240,7 +240,7 @@ static int test_ssl_corrupt(int testidx)
         goto end;
     }
 
-    if (!create_ssl_connection(server, client)) {
+    if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
         printf("Unable to create SSL connection\n");
         ERR_print_errors_fp(stdout);
         goto end;

test/ssltestlib.c

@@ -641,7 +641,7 @@ int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
     return 0;
 }
 
-int create_ssl_connection(SSL *serverssl, SSL *clientssl)
+int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want)
 {
     int retc = -1, rets = -1, err, abortctr = 0;
     int clienterr = 0, servererr = 0;
@@ -660,6 +660,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl)
             printf("SSL_connect() failed %d, %d\n", retc, err);
             clienterr = 1;
         }
+        if (want != SSL_ERROR_NONE && err == want)
+            return 0;
 
         err = SSL_ERROR_WANT_WRITE;
         while (!servererr && rets <= 0 && err == SSL_ERROR_WANT_WRITE) {
@@ -672,6 +674,8 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl)
             printf("SSL_accept() failed %d, %d\n", rets, err);
             servererr = 1;
         }
+        if (want != SSL_ERROR_NONE && err == want)
+            return 0;
         if (clienterr && servererr)
             return 0;
         if (++abortctr == MAXLOOPS) {

test/ssltestlib.h

@@ -17,7 +17,7 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
                         char *privkeyfile);
 int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl,
                        SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio);
-int create_ssl_connection(SSL *serverssl, SSL *clientssl);
+int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want);
 
 /* Note: Not thread safe! */
 const BIO_METHOD *bio_f_tls_dump_filter(void);