summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/kernel/src/inet_epmd_socket.erl11
-rw-r--r--lib/ssl/src/inet_tls_dist.erl244
-rw-r--r--lib/ssl/test/cryptcookie.erl20
-rw-r--r--lib/ssl/test/inet_epmd_socket_cryptcookie.erl5
-rw-r--r--lib/ssl/test/openssl_ocsp_SUITE.erl8
-rw-r--r--lib/ssl/test/ssl_dist_SUITE.erl17
-rw-r--r--lib/ssl/test/ssl_dist_bench_SUITE.erl28
-rw-r--r--lib/ssl/test/ssl_pem_cache_SUITE.erl10
-rw-r--r--lib/ssl/test/ssl_test_lib.erl380
-rw-r--r--lib/ssl/test/ssl_test_lib.hrl20
-rw-r--r--lib/ssl/test/ssl_trace_SUITE.erl24
11 files changed, 419 insertions, 348 deletions
diff --git a/lib/kernel/src/inet_epmd_socket.erl b/lib/kernel/src/inet_epmd_socket.erl
index 534f2ffe8d..49a56f84d0 100644
--- a/lib/kernel/src/inet_epmd_socket.erl
+++ b/lib/kernel/src/inet_epmd_socket.erl
@@ -26,6 +26,8 @@
accept_open/2, accept_controller/3, accepted/3,
connect/3]).
+-export([supported/0]).
+
-include("net_address.hrl").
-include("dist.hrl").
-include("dist_util.hrl").
@@ -455,3 +457,12 @@ input_data(Socket) ->
put_data(DistHandle, _PacketSize, Packet) ->
%% erlang:display({'<<==', _PacketSize}),
erlang:dist_ctrl_put_data(DistHandle, Packet).
+
+%% ------------------------------------------------------------
+supported() ->
+ try socket:is_supported(ipv6) of
+ _ ->
+ ok
+ catch error : notsup ->
+ "Module 'socket' not supported"
+ end.
diff --git a/lib/ssl/src/inet_tls_dist.erl b/lib/ssl/src/inet_tls_dist.erl
index 15d460d85c..89fe5ccf7d 100644
--- a/lib/ssl/src/inet_tls_dist.erl
+++ b/lib/ssl/src/inet_tls_dist.erl
@@ -34,6 +34,11 @@
-export([verify_client/3, cert_nodes/1]).
+%% kTLS helpers
+-export([inet_ktls_setopt/3, inet_ktls_getopt/3,
+ set_ktls/1, set_ktls_ulp/2, set_ktls_cipher/5,
+ ktls_os/0, ktls_opt_ulp/1, ktls_opt_cipher/6]).
+
-export([dbg/0]). % Debug
-include_lib("kernel/include/net_address.hrl").
@@ -345,7 +350,7 @@ accept_one(Family, Socket, NetKernel) ->
case KTLS of
true ->
{ok, KtlsInfo} = ssl_gen_statem:ktls_handover(Receiver),
- case set_ktls(KtlsInfo) of
+ case inet_set_ktls(KtlsInfo) of
ok ->
accept_one(
Family, maps:get(socket, KtlsInfo), NetKernel,
@@ -648,7 +653,7 @@ do_setup(
{ok, KtlsInfo} =
ssl_gen_statem:ktls_handover(Receiver),
Socket = maps:get(socket, KtlsInfo),
- case set_ktls(KtlsInfo) of
+ case inet_set_ktls(KtlsInfo) of
ok when is_port(Socket) ->
%% XXX Breaking abstraction barrier
Driver = erlang:port_get_data(Socket),
@@ -916,69 +921,142 @@ verify_fun(Value) ->
error(malformed_ssl_dist_opt, [Value])
end.
-set_ktls(KtlsInfo) ->
- %%
- %% Check OS type and version
+
+inet_set_ktls(
+ #{ socket := Socket, socket_options := SocketOptions } = KtlsInfo) ->
%%
- case {os:type(), os:version()} of
- {{unix,linux}, {_,_,_} = OsVersion}
- when {5,2,0} =< OsVersion ->
- set_ktls_1(KtlsInfo);
- OsTypeVersion ->
- {error, {ktls_invalid_os, OsTypeVersion}}
+ maybe
+ ok ?=
+ set_ktls(
+ KtlsInfo
+ #{ setopt_fun => fun ?MODULE:inet_ktls_setopt/3,
+ getopt_fun => fun ?MODULE:inet_ktls_getopt/3 }),
+ %%
+ #socket_options{
+ mode = _Mode,
+ packet = Packet,
+ packet_size = PacketSize,
+ header = Header,
+ active = Active
+ } = SocketOptions,
+ case
+ inet:setopts(
+ Socket,
+ [list, {packet, Packet}, {packet_size, PacketSize},
+ {header, Header}, {active, Active}])
+ of
+ ok ->
+ ok;
+ {error, SetoptError} ->
+ {error, {ktls_setopt_failed, SetoptError}}
+ end
end.
-%% Check TLS version and cipher suite
-%%
-set_ktls_1(
- #{tls_version := {3,4}, % 'tlsv1.3'
- cipher_suite := CipherSuite,
- socket := Socket} = KtlsInfo)
- when CipherSuite =:= ?TLS_AES_256_GCM_SHA384 ->
- %%
- %% See https://www.kernel.org/doc/html/latest/networking/tls.html
- %% and include/netinet/tcp.h
+inet_ktls_setopt(Socket, {Level, Opt}, Value)
+ when is_integer(Level), is_integer(Opt), is_binary(Value) ->
+ inet:setopts(Socket, [{raw, Level, Opt, Value}]).
+
+inet_ktls_getopt(Socket, {Level, Opt}, Size)
+ when is_integer(Level), is_integer(Opt), is_integer(Size) ->
+ case inet:getopts(Socket, [{raw, Level, Opt, Size}]) of
+ {ok, [{raw, Level, Opt, Value}]} ->
+ {ok, Value};
+ {ok, _} = Error ->
+ {error, Error};
+ {error, _} = Error ->
+ Error
+ end.
+
+
+set_ktls(KtlsInfo) ->
+ maybe
+ {ok, OS} ?= ktls_os(),
+ ok ?= set_ktls_ulp(KtlsInfo, OS),
+ #{ write_state := WriteState,
+ write_seq := WriteSeq,
+ read_state := ReadState,
+ read_seq := ReadSeq } = KtlsInfo,
+ ok ?= set_ktls_cipher(KtlsInfo, OS, WriteState, WriteSeq, tx),
+ set_ktls_cipher(KtlsInfo, OS, ReadState, ReadSeq, rx)
+ end.
+
+set_ktls_ulp(
+ #{ socket := Socket,
+ setopt_fun := SetoptFun,
+ getopt_fun := GetoptFun },
+ OS) ->
%%
- SOL_TCP = 6,
- TCP_ULP = 31,
- KtlsMod = <<"tls">>, % Linux kernel module name
- KtlsModSize = byte_size(KtlsMod),
- _ = inet:setopts(Socket, [{raw, SOL_TCP, TCP_ULP, KtlsMod}]),
+ {Option, Value} = ktls_opt_ulp(OS),
+ Size = byte_size(Value),
+ _ = SetoptFun(Socket, Option, Value),
%%
%% Check if kernel module loaded,
- %% i.e if getopts SOL_TCP,TCP_ULP returns KtlsMod
+ %% i.e if getopts Level, Opt returns Value
%%
- case
- inet:getopts(Socket, [{raw, SOL_TCP, TCP_ULP, KtlsModSize + 1}])
- of
- {ok, [{raw, SOL_TCP, TCP_ULP, <<KtlsMod:KtlsModSize/binary,0>>}]} ->
- set_ktls_2(KtlsInfo, Socket);
+ case GetoptFun(Socket, Option, Size + 1) of
+ {ok, <<Value:Size/binary, 0>>} ->
+ ok;
Other ->
- {error, {ktls_not_supported, Other}}
- end;
-set_ktls_1(
- #{tls_version := TLSVersion,
- cipher_suite := CipherSuite,
- socket := _}) ->
- {error, {ktls_invalid_cipher, TLSVersion, CipherSuite}}.
+ {error, {ktls_set_ulp_failed, Option, Value, Other}}
+ end.
%% Set kTLS cipher
%%
-set_ktls_2(
- #{write_state :=
- #cipher_state{
- key = <<WriteKey:32/bytes>>,
- iv = <<WriteSalt:4/bytes, WriteIV:8/bytes>>
- },
- write_seq := WriteSeq,
- read_state :=
- #cipher_state{
- key = <<ReadKey:32/bytes>>,
- iv = <<ReadSalt:4/bytes, ReadIV:8/bytes>>
- },
- read_seq := ReadSeq,
- socket_options := SocketOptions},
- Socket) ->
+set_ktls_cipher(
+ _KtlsInfo =
+ #{ tls_version := TLS_version,
+ cipher_suite := CipherSuite,
+ %%
+ socket := Socket,
+ setopt_fun := SetoptFun,
+ getopt_fun := GetoptFun },
+ OS, CipherState, CipherSeq, TxRx) ->
+ maybe
+ {ok, {Option, Value}} ?=
+ ktls_opt_cipher(
+ OS, TLS_version, CipherSuite, CipherState, CipherSeq, TxRx),
+ _ = SetoptFun(Socket, Option, Value),
+ case TxRx of
+ tx ->
+ Size = byte_size(Value),
+ case GetoptFun(Socket, Option, Size) of
+ {ok, Value} ->
+ ok;
+ Other ->
+ {error, {ktls_set_cipher_failed, Other}}
+ end;
+ rx ->
+ ok
+ end
+ end.
+
+ktls_os() ->
+ OS = {os:type(), os:version()},
+ case OS of
+ {{unix,linux}, OsVersion} when {5,2,0} =< OsVersion ->
+ {ok, OS};
+ _ ->
+ {error, {ktls_notsup, {os,OS}}}
+ end.
+
+ktls_opt_ulp(_OS) ->
+ %%
+ %% See https://www.kernel.org/doc/html/latest/networking/tls.html
+ %% and include/netinet/tcp.h
+ %%
+ SOL_TCP = 6, TCP_ULP = 31,
+ KtlsMod = <<"tls">>,
+ {{SOL_TCP,TCP_ULP}, KtlsMod}.
+
+ktls_opt_cipher(
+ _OS,
+ _TLS_version = {3,4}, % 'tlsv1.3'
+ _CipherSpec = ?TLS_AES_256_GCM_SHA384,
+ #cipher_state{
+ key = <<Key:32/bytes>>,
+ iv = <<Salt:4/bytes, IV:8/bytes>> },
+ CipherSeq,
+ TxRx) when is_integer(CipherSeq) ->
%%
%% See include/linux/tls.h
%%
@@ -987,51 +1065,29 @@ set_ktls_2(
TLS_1_3_VERSION =
(TLS_1_3_VERSION_MAJOR bsl 8) bor TLS_1_3_VERSION_MINOR,
TLS_CIPHER_AES_GCM_256 = 52,
- TLS_crypto_info_TX =
- <<TLS_1_3_VERSION:16/native,
- TLS_CIPHER_AES_GCM_256:16/native,
- WriteIV/bytes, WriteKey/bytes,
- WriteSalt/bytes, WriteSeq:64/native>>,
- TLS_crypto_info_RX =
+ SOL_TLS = 282,
+ TLS_TX = 1,
+ TLS_RX = 2,
+ Value =
<<TLS_1_3_VERSION:16/native,
TLS_CIPHER_AES_GCM_256:16/native,
- ReadIV/bytes, ReadKey/bytes,
- ReadSalt/bytes, ReadSeq:64/native>>,
+ IV/bytes, Key/bytes,
+ Salt/bytes, CipherSeq:64/native>>,
+ %%
SOL_TLS = 282,
TLS_TX = 1,
TLS_RX = 2,
- RawOptTX = {raw, SOL_TLS, TLS_TX, TLS_crypto_info_TX},
- RawOptRX = {raw, SOL_TLS, TLS_RX, TLS_crypto_info_RX},
- _ = inet:setopts(Socket, [RawOptTX]),
- _ = inet:setopts(Socket, [RawOptRX]),
- %%
- %% Check if cipher could be set
- %%
- case
- inet:getopts(
- Socket, [{raw, SOL_TLS, TLS_TX, byte_size(TLS_crypto_info_TX)}])
- of
- {ok, [RawOptTX]} ->
- #socket_options{
- mode = _Mode,
- packet = Packet,
- packet_size = PacketSize,
- header = Header,
- active = Active
- } = SocketOptions,
- case
- inet:setopts(
- Socket,
- [list, {packet, Packet}, {packet_size, PacketSize},
- {header, Header}, {active, Active}])
- of
- ok -> ok;
- {error, SetoptError} ->
- {error, {ktls_setopt_failed, SetoptError}}
- end;
- Other ->
- {error, {ktls_set_cipher_failed, Other}}
- end.
+ TLS_TxRx =
+ case TxRx of
+ tx -> TLS_TX;
+ rx -> TLS_RX
+ end,
+ {ok, {{SOL_TLS,TLS_TxRx}, Value}};
+ktls_opt_cipher(
+ _OS, TLS_version, CipherSpec, _CipherState, _CipherSeq, _TxRx) ->
+ {error,
+ {ktls_notsup, {cipher, TLS_version, CipherSpec, _CipherState}}}.
+
%% -------------------------------------------------------------------------
diff --git a/lib/ssl/test/cryptcookie.erl b/lib/ssl/test/cryptcookie.erl
index b713bc15a8..28a539f061 100644
--- a/lib/ssl/test/cryptcookie.erl
+++ b/lib/ssl/test/cryptcookie.erl
@@ -25,8 +25,9 @@
-module(cryptcookie).
-feature(maybe_expr, enable).
--export([supported/0, start_keypair_server/0, init/1, init/2]).
--export([encrypt_and_send_chunk/4, recv_and_decrypt_chunk/2]).
+-export([supported/0, start_keypair_server/0, init/1, init/2,
+ encrypt_and_send_chunk/4, recv_and_decrypt_chunk/2,
+ record_to_map/2]).
%% -------------------------------------------------------------------------
%% The curve choice greatly affects setup time,
@@ -649,6 +650,21 @@ decrypt_rekey(
%% -------------------------------------------------------------------------
+-define(RECORD_TO_MAP(Name, Record),
+ record_to_map(Name, Record = #Name{}) ->
+ record_to_map(record_info(fields, Name), Record, 2, #{})).
+
+%%%record_to_map(params, Record = #params{}) ->
+%%% record_to_map(record_info(fields, params), Record, 2, #{}).
+?RECORD_TO_MAP(params, Record).
+%%
+record_to_map([Field | Fields], Record, Index, Map) ->
+ record_to_map(
+ Fields, Record, Index + 1,
+ Map#{ Field => element(Index, Record) });
+record_to_map([], _Record, _Index, Map) ->
+ Map.
+
timestamp() ->
erlang:monotonic_time(second).
diff --git a/lib/ssl/test/inet_epmd_socket_cryptcookie.erl b/lib/ssl/test/inet_epmd_socket_cryptcookie.erl
index d1b78bebe3..fbe3df0f98 100644
--- a/lib/ssl/test/inet_epmd_socket_cryptcookie.erl
+++ b/lib/ssl/test/inet_epmd_socket_cryptcookie.erl
@@ -230,4 +230,7 @@ stream_controlling_process(Stream = {_, [_ | Socket], _}, Pid) ->
%% ------------------------------------------------------------
supported() ->
- dist_cryptcookie:supported().
+ maybe
+ ok ?= inet_epmd_socket:supported(),
+ dist_cryptcookie:supported()
+ end.
diff --git a/lib/ssl/test/openssl_ocsp_SUITE.erl b/lib/ssl/test/openssl_ocsp_SUITE.erl
index 800ce3ce78..a06dcbcb7b 100644
--- a/lib/ssl/test/openssl_ocsp_SUITE.erl
+++ b/lib/ssl/test/openssl_ocsp_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2011-2022. All Rights Reserved.
+%% Copyright Ericsson AB 2011-2023. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -242,16 +242,16 @@ ocsp_responder_init(ResponderPort, PrivDir, Starter) ->
ocsp_responder_loop(Port, {Status, Starter} = State) ->
receive
{_Port, closed} ->
- ?LOG("Port Closed"),
+ ?CT_LOG("Port Closed"),
ok;
{'EXIT', _Port, Reason} ->
- ?LOG("Port Closed ~p",[Reason]),
+ ?CT_LOG("Port Closed ~p",[Reason]),
ok;
{Port, {data, _Msg}} when Status == new ->
Starter ! {started, self()},
ocsp_responder_loop(Port, {started, undefined});
{Port, {data, Msg}} ->
- ?PAL("Responder Msg ~p",[Msg]),
+ ?CT_PAL("Responder Msg ~p",[Msg]),
ocsp_responder_loop(Port, State)
after 1000 ->
case Status of
diff --git a/lib/ssl/test/ssl_dist_SUITE.erl b/lib/ssl/test/ssl_dist_SUITE.erl
index a870f75ae1..70d43cbfd0 100644
--- a/lib/ssl/test/ssl_dist_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2007-2022. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2023. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -290,9 +290,9 @@ ktls_encrypt_decrypt(Test) when is_boolean(Test) ->
{ok, Server} = gen_tcp:accept(Listen),
try
maybe
- ok ?= ssl_test_lib:ktls_check_os(),
- ok ?= ssl_test_lib:ktls_set_ulp(Client),
- ok ?= ssl_test_lib:ktls_set_cipher(Client, tx, 11),
+ {ok, OS} ?= ssl_test_lib:ktls_os(),
+ ok ?= ssl_test_lib:ktls_set_ulp(Client, OS),
+ ok ?= ssl_test_lib:ktls_set_cipher(Client, OS, tx, 11),
case Test of
false ->
ok;
@@ -301,7 +301,7 @@ ktls_encrypt_decrypt(Test) when is_boolean(Test) ->
end
else
{error, Reason} ->
- {skip, {ktls, Reason}}
+ {skip, Reason}
end
after
_ = gen_tcp:close(Server),
@@ -321,8 +321,9 @@ ktls_encrypt_decrypt(Client, Server) ->
receive after 500 -> ok end, % Give time for data to arrive
%%
%% Activate Server TX encryption
- ok = ssl_test_lib:ktls_set_ulp(Server),
- ok = ssl_test_lib:ktls_set_cipher(Server, tx, 17),
+ {ok, OS} = ssl_test_lib:ktls_os(),
+ ok = ssl_test_lib:ktls_set_ulp(Server, OS),
+ ok = ssl_test_lib:ktls_set_cipher(Server, OS, tx, 17),
%% Send encrypted from Server
ok = gen_tcp:send(Server, Data),
%% Receive encrypted data without decryption
@@ -335,7 +336,7 @@ ktls_encrypt_decrypt(Client, Server) ->
ok
end,
%% Finally, activate Server decryption
- ok = ssl_test_lib:ktls_set_cipher(Server, rx, 11),
+ ok = ssl_test_lib:ktls_set_cipher(Server, OS, rx, 11),
%% Receive and decrypt the data that was first sent
{ok, Data} = gen_tcp:recv(Server, 0, 1000),
ok.
diff --git a/lib/ssl/test/ssl_dist_bench_SUITE.erl b/lib/ssl/test/ssl_dist_bench_SUITE.erl
index 81c6c5af16..12f6aab0c1 100644
--- a/lib/ssl/test/ssl_dist_bench_SUITE.erl
+++ b/lib/ssl/test/ssl_dist_bench_SUITE.erl
@@ -256,7 +256,7 @@ init_per_group(crypto_socket, Config) ->
{fail, {Class, Reason, Stacktrace}}
end;
init_per_group(crypto_inet, Config) ->
- try inet_epmd_socket_cryptcookie:supported() of
+ try inet_epmd_inet_cryptcookie:supported() of
ok ->
[{ssl_dist, false}, {ssl_dist_prefix, "Crypto-Inet"},
{ssl_dist_args,
@@ -272,11 +272,19 @@ init_per_group(plain, Config) ->
[{ssl_dist, false}, {ssl_dist_prefix, "Plain"}|Config];
%%
init_per_group(socket, Config) ->
- [{ssl_dist, false},
- {ssl_dist_prefix, "Socket"},
- {ssl_dist_args,
- "-proto_dist inet_epmd -inet_epmd socket"}
- | Config];
+ try inet_epmd_socket:supported() of
+ ok ->
+ [{ssl_dist, false},
+ {ssl_dist_prefix, "Socket"},
+ {ssl_dist_args,
+ "-proto_dist inet_epmd -inet_epmd socket"}
+ | Config];
+ Problem ->
+ {skip, Problem}
+ catch
+ Class : Reason : Stacktrace ->
+ {fail, {Class, Reason, Stacktrace}}
+ end;
%%
init_per_group(ktls, Config) ->
{ok, Listen} = gen_tcp:listen(0, [{active, false}]),
@@ -286,16 +294,16 @@ init_per_group(ktls, Config) ->
{ok, Server} = gen_tcp:accept(Listen),
try
maybe
- ok ?= ssl_test_lib:ktls_check_os(),
- ok ?= ssl_test_lib:ktls_set_ulp(Client),
- ok ?= ssl_test_lib:ktls_set_cipher(Client, tx, 1),
+ {ok, OS} ?= ssl_test_lib:ktls_os(),
+ ok ?= ssl_test_lib:ktls_set_ulp(Client, OS),
+ ok ?= ssl_test_lib:ktls_set_cipher(Client, OS, tx, 1),
[{ktls, true},
{ssl_dist_prefix,
proplists:get_value(ssl_dist_prefix, Config) ++ "-kTLS"}
| proplists:delete(ssl_dist_prefix, Config)]
else
{error, Reason} ->
- {skip, {ktls, Reason}}
+ {skip, Reason}
end
after
_ = gen_tcp:close(Server),
diff --git a/lib/ssl/test/ssl_pem_cache_SUITE.erl b/lib/ssl/test/ssl_pem_cache_SUITE.erl
index 53c95c0cb7..5610def4a9 100644
--- a/lib/ssl/test/ssl_pem_cache_SUITE.erl
+++ b/lib/ssl/test/ssl_pem_cache_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2015-2022. All Rights Reserved.
+%% Copyright Ericsson AB 2015-2023. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -478,9 +478,9 @@ check_tables(ExpectedTables) ->
true ->
ok;
_ ->
- ?PAL("Mismatch for table ~w", [ActualLabel]),
- ?PAL("Expected = ~w", [ExpectedTableSorted]),
- ?PAL("Actual = ~w", [ActualTableSorted]),
+ ?CT_PAL("Mismatch for table ~w", [ActualLabel]),
+ ?CT_PAL("Expected = ~w", [ExpectedTableSorted]),
+ ?CT_PAL("Actual = ~w", [ActualTableSorted]),
ct:fail({data_mismatch, ActualLabel})
end
end,
@@ -512,7 +512,7 @@ new_root_pem_helper(Config, CleanMode,
%% ConnectedN - state after establishing Nth connection
%% Cleaned - state after periodical cleanup
%% DisconnectedN - state after closing Nth connection
- ?PAL(">>> IntermediateServerKeyId = ~w", [IntermediateServerKeyId]),
+ ?CT_PAL(">>> IntermediateServerKeyId = ~w", [IntermediateServerKeyId]),
{ServerCAFile, ClientConf0, ServerConf, ServerRootCert0, ClientBase, ServerBase} =
create_initial_config(Config),
diff --git a/lib/ssl/test/ssl_test_lib.erl b/lib/ssl/test/ssl_test_lib.erl
index dcb6597ae1..e8d517c19a 100644
--- a/lib/ssl/test/ssl_test_lib.erl
+++ b/lib/ssl/test/ssl_test_lib.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2008-2022. All Rights Reserved.
+%% Copyright Ericsson AB 2008-2023. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -25,6 +25,8 @@
-include_lib("common_test/include/ct.hrl").
-include_lib("public_key/include/public_key.hrl").
-include_lib("ssl/src/tls_handshake_1_3.hrl").
+-include_lib("ssl/src/ssl_cipher.hrl").
+-include_lib("ssl/src/ssl_internal.hrl").
-export([clean_start/0,
clean_start/1,
@@ -220,9 +222,9 @@
%% Tracing
-export([handle_trace/3]).
--export([ktls_check_os/0,
- ktls_set_ulp/1,
- ktls_set_cipher/3]).
+-export([ktls_os/0,
+ ktls_set_ulp/2,
+ ktls_set_cipher/4]).
-record(sslsocket, { fd = nil, pid = nil}).
-define(SLEEP, 1000).
@@ -510,7 +512,7 @@ run_server(Opts) ->
Options = proplists:get_value(options, Opts),
Pid = proplists:get_value(from, Opts),
Transport = proplists:get_value(transport, Opts, ssl),
- ?LOG("~nssl:listen(~p, ~p)~n", [Port, format_options(Options)]),
+ ?CT_LOG("~nssl:listen(~p, ~p)~n", [Port, format_options(Options)]),
case Transport:listen(Port, Options) of
{ok, ListenSocket} ->
Pid ! {listen, up},
@@ -533,11 +535,11 @@ run_server(ListenSocket, Opts, N) ->
run_server(ListenSocket, Opts, N-1).
do_run_server(_, {error, _} = Result, Opts) ->
- ?LOG("Server error result ~p~n", [Result]),
+ ?CT_LOG("Server error result ~p~n", [Result]),
Pid = proplists:get_value(from, Opts),
Pid ! {self(), Result};
do_run_server(_, ok = Result, Opts) ->
- ?LOG("Server cancel result ~p~n", [Result]),
+ ?CT_LOG("Server cancel result ~p~n", [Result]),
Pid = proplists:get_value(from, Opts),
Pid ! {self(), Result};
do_run_server(ListenSocket, AcceptSocket, Opts) ->
@@ -548,7 +550,7 @@ do_run_server(ListenSocket, AcceptSocket, Opts) ->
no_result_msg ->
ok;
Msg ->
- ?LOG("~nServer Msg: ~p ~n", [Msg]),
+ ?CT_LOG("~nServer Msg: ~p ~n", [Msg]),
case lists:member(return_socket, Opts) of
true -> Pid ! {self(), {Msg, AcceptSocket}};
false -> Pid ! {self(), Msg}
@@ -559,14 +561,14 @@ do_run_server(ListenSocket, AcceptSocket, Opts) ->
server_apply_mfa(_, undefined) ->
no_result_msg;
server_apply_mfa(AcceptSocket, {Module, Function, Args}) ->
- ?LOG("~nServer: apply(~p,~p,~p)~n",
+ ?CT_LOG("~nServer: apply(~p,~p,~p)~n",
[Module, Function, [AcceptSocket | Args]]),
apply(Module, Function, [AcceptSocket | Args]).
client_apply_mfa(_, undefined) ->
no_result_msg;
client_apply_mfa(AcceptSocket, {Module, Function, Args}) ->
- ?LOG("~nClient: apply(~p,~p,~p)~n",
+ ?CT_LOG("~nClient: apply(~p,~p,~p)~n",
[Module, Function, [AcceptSocket | Args]]),
apply(Module, Function, [AcceptSocket | Args]).
@@ -574,7 +576,7 @@ client_apply_mfa(AcceptSocket, {Module, Function, Args}) ->
do_run_server_core(ListenSocket, AcceptSocket, Opts, Transport, Pid) ->
receive
{data, Data} ->
- ?LOG("[server] Send: ~p~n", [Data]),
+ ?CT_LOG("[server] Send: ~p~n", [Data]),
case Transport:send(AcceptSocket, Data) of
ok ->
Pid ! {self(), ok};
@@ -585,17 +587,17 @@ do_run_server_core(ListenSocket, AcceptSocket, Opts, Transport, Pid) ->
{active_receive, Data} ->
case active_recv(AcceptSocket, length(Data)) of
ReceivedData ->
- ?LOG("[server] Received: ~p~n", [Data]),
+ ?CT_LOG("[server] Received: ~p~n", [Data]),
Pid ! {self(), ReceivedData}
end,
do_run_server_core(ListenSocket, AcceptSocket, Opts, Transport, Pid);
{update_keys, Type} ->
case ssl:update_keys(AcceptSocket, Type) of
ok ->
- ?LOG("[server] Update keys: ~p", [Type]),
+ ?CT_LOG("[server] Update keys: ~p", [Type]),
Pid ! {self(), ok};
{error, Reason} ->
- ?LOG("[server] Update keys failed: ~p", [Type]),
+ ?CT_LOG("[server] Update keys failed: ~p", [Type]),
Pid ! {self(), Reason}
end,
do_run_server_core(ListenSocket, AcceptSocket, Opts, Transport, Pid);
@@ -607,10 +609,10 @@ do_run_server_core(ListenSocket, AcceptSocket, Opts, Transport, Pid) ->
{listen, MFA} ->
run_server(ListenSocket, [MFA | proplists:delete(mfa, Opts)]);
close ->
- ?LOG("~nServer closing~n", []),
+ ?CT_LOG("~nServer closing~n", []),
Result = Transport:close(AcceptSocket),
Result1 = Transport:close(ListenSocket),
- ?LOG("~nResult ~p : ~p ~n", [Result, Result1])
+ ?CT_LOG("~nResult ~p : ~p ~n", [Result, Result1])
end.
%%% To enable to test with s_client -reconnect
@@ -629,35 +631,35 @@ connect(#sslsocket{} = ListenSocket, Opts) ->
AcceptSocket
end;
connect(ListenSocket, _Opts) ->
- ?LOG("~ngen_tcp:accept(~p)~n", [ListenSocket]),
+ ?CT_LOG("~ngen_tcp:accept(~p)~n", [ListenSocket]),
{ok, AcceptSocket} = gen_tcp:accept(ListenSocket),
AcceptSocket.
connect(_, _, 0, AcceptSocket, _, _, _) ->
AcceptSocket;
connect(ListenSocket, Node, _N, _, Timeout, SslOpts, cancel) ->
- ?LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
+ ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
{ok, AcceptSocket} = ssl:transport_accept(ListenSocket),
- ?LOG("~nssl:handshake(~p,~p,~p)~n", [AcceptSocket, format_options(SslOpts),Timeout]),
+ ?CT_LOG("~nssl:handshake(~p,~p,~p)~n", [AcceptSocket, format_options(SslOpts),Timeout]),
case ssl:handshake(AcceptSocket, SslOpts, Timeout) of
{ok, Socket0, Ext} ->
- ?LOG("Ext ~p:~n", [Ext]),
- ?LOG("~nssl:handshake_cancel(~p)~n", [Socket0]),
+ ?CT_LOG("Ext ~p:~n", [Ext]),
+ ?CT_LOG("~nssl:handshake_cancel(~p)~n", [Socket0]),
ssl:handshake_cancel(Socket0);
Result ->
- ?LOG("~nssl:handshake@~p ret ~p",[Node,Result]),
+ ?CT_LOG("~nssl:handshake@~p ret ~p",[Node,Result]),
Result
end;
connect(ListenSocket, Node, N, _, Timeout, SslOpts, [_|_] =ContOpts0) ->
- ?LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
+ ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
{ok, AcceptSocket} = ssl:transport_accept(ListenSocket),
- ?LOG("~nssl:handshake(~p,~p,~p)~n", [AcceptSocket, SslOpts,Timeout]),
+ ?CT_LOG("~nssl:handshake(~p,~p,~p)~n", [AcceptSocket, SslOpts,Timeout]),
case ssl:handshake(AcceptSocket, SslOpts, Timeout) of
{ok, Socket0, Ext} ->
[_|_] = maps:get(sni, Ext),
- ?LOG("Ext ~p:~n", [Ext]),
+ ?CT_LOG("Ext ~p:~n", [Ext]),
ContOpts = case lists:keytake(want_ext, 1, ContOpts0) of
{value, {_, WantExt}, ContOpts1} ->
if is_pid(WantExt) ->
@@ -669,34 +671,34 @@ connect(ListenSocket, Node, N, _, Timeout, SslOpts, [_|_] =ContOpts0) ->
_ ->
ContOpts0
end,
- ?LOG("~nssl:handshake_continue(~p,~p,~p)~n", [Socket0, ContOpts,Timeout]),
+ ?CT_LOG("~nssl:handshake_continue(~p,~p,~p)~n", [Socket0, ContOpts,Timeout]),
case ssl:handshake_continue(Socket0, ContOpts, Timeout) of
{ok, Socket} ->
connect(ListenSocket, Node, N-1, Socket, Timeout, SslOpts, ContOpts0);
Error ->
- ?LOG("~nssl:handshake_continue@~p ret ~p",[Node,Error]),
+ ?CT_LOG("~nssl:handshake_continue@~p ret ~p",[Node,Error]),
Error
end;
Result ->
- ?LOG("~nssl:handshake@~p ret ~p",[Node,Result]),
+ ?CT_LOG("~nssl:handshake@~p ret ~p",[Node,Result]),
Result
end;
connect(ListenSocket, Node, N, _, Timeout, [], ContOpts) ->
- ?LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
+ ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
{ok, AcceptSocket} = ssl:transport_accept(ListenSocket),
- ?LOG("~nssl:handshake(~p, ~p)~n", [AcceptSocket, Timeout]),
+ ?CT_LOG("~nssl:handshake(~p, ~p)~n", [AcceptSocket, Timeout]),
case ssl:handshake(AcceptSocket, Timeout) of
{ok, Socket} ->
connect(ListenSocket, Node, N-1, Socket, Timeout, [], ContOpts);
Result ->
- ?LOG("~nssl:handshake@~p ret ~p",[Node,Result]),
+ ?CT_LOG("~nssl:handshake@~p ret ~p",[Node,Result]),
Result
end;
connect(ListenSocket, _Node, _, _, Timeout, Opts, _) ->
- ?LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
+ ?CT_LOG("ssl:transport_accept(~P)~n", [ListenSocket, ?PRINT_DEPTH]),
{ok, AcceptSocket} = ssl:transport_accept(ListenSocket),
- ?LOG("ssl:handshake(~p,~p, ~p)~n", [AcceptSocket, Opts, Timeout]),
+ ?CT_LOG("ssl:handshake(~p,~p, ~p)~n", [AcceptSocket, Opts, Timeout]),
ssl:handshake(AcceptSocket, Opts, Timeout),
AcceptSocket.
@@ -722,7 +724,7 @@ transport_accept_abuse(Opts) ->
Options = proplists:get_value(options, Opts),
Pid = proplists:get_value(from, Opts),
Transport = proplists:get_value(transport, Opts, ssl),
- ?LOG("~nssl:listen(~p, ~p)~n", [Port, Options]),
+ ?CT_LOG("~nssl:listen(~p, ~p)~n", [Port, Options]),
{ok, ListenSocket} = Transport:listen(Port, Options),
Pid ! {listen, up},
send_selected_port(Pid, Port, ListenSocket),
@@ -736,7 +738,7 @@ transport_switch_control(Opts) ->
Options = proplists:get_value(options, Opts),
Pid = proplists:get_value(from, Opts),
Transport = proplists:get_value(transport, Opts, ssl),
- ?LOG("~nssl:listen(~p, ~p)~n", [Port, Options]),
+ ?CT_LOG("~nssl:listen(~p, ~p)~n", [Port, Options]),
{ok, ListenSocket} = Transport:listen(Port, Options),
Pid ! {listen, up},
send_selected_port(Pid, Port, ListenSocket),
@@ -867,34 +869,34 @@ openssl_server_loop(Pid, SslPort, Args) ->
{data, Data} ->
case port_command(SslPort, Data, [nosuspend]) of
true ->
- ?LOG("[openssl server] Send data: ~p~n", [Data]),
+ ?CT_LOG("[openssl server] Send data: ~p~n", [Data]),
Pid ! {self(), ok};
_Else ->
- ?LOG("[openssl server] Send failed, data: ~p~n", [Data]),
+ ?CT_LOG("[openssl server] Send failed, data: ~p~n", [Data]),
Pid ! {self(), {error, port_command_failed}}
end,
openssl_server_loop(Pid, SslPort, Args);
{active_receive, Data} ->
case active_recv(SslPort, length(Data)) of
ReceivedData ->
- ?LOG("[openssl server] Received: ~p~n", [Data]),
+ ?CT_LOG("[openssl server] Received: ~p~n", [Data]),
Pid ! {self(), ReceivedData}
end,
openssl_server_loop(Pid, SslPort, Args);
{update_keys, Type} ->
case Type of
write ->
- ?LOG("[openssl server] Update keys: ~p", [Type]),
+ ?CT_LOG("[openssl server] Update keys: ~p", [Type]),
true = port_command(SslPort, "k", [nosuspend]),
Pid ! {self(), ok};
read_write ->
- ?LOG("[openssl server] Update keys: ~p", [Type]),
+ ?CT_LOG("[openssl server] Update keys: ~p", [Type]),
true = port_command(SslPort, "K", [nosuspend]),
Pid ! {self(), ok}
end,
openssl_server_loop(Pid, SslPort, Args);
close ->
- ?LOG("~n[openssl server] Server closing~n", []),
+ ?CT_LOG("~n[openssl server] Server closing~n", []),
catch port_close(SslPort);
{ssl_closed, _Socket} ->
%% TODO
@@ -944,17 +946,17 @@ openssl_client_loop_core(Pid, SslPort, Args) ->
{data, Data} ->
case port_command(SslPort, Data, [nosuspend]) of
true ->
- ?LOG("[openssl client] Send data: ~p~n", [Data]),
+ ?CT_LOG("[openssl client] Send data: ~p~n", [Data]),
Pid ! {self(), ok};
_Else ->
- ?LOG("[openssl client] Send failed, data: ~p~n", [Data]),
+ ?CT_LOG("[openssl client] Send failed, data: ~p~n", [Data]),
Pid ! {self(), {error, port_command_failed}}
end,
openssl_client_loop_core(Pid, SslPort, Args);
{active_receive, Data} ->
case active_recv(SslPort, length(Data)) of
ReceivedData ->
- ?LOG("[openssl client] Received: ~p~n (forward to PID=~p)~n",
+ ?CT_LOG("[openssl client] Received: ~p~n (forward to PID=~p)~n",
[Data, Pid]),
Pid ! {self(), ReceivedData}
end,
@@ -962,17 +964,17 @@ openssl_client_loop_core(Pid, SslPort, Args) ->
{update_keys, Type} ->
case Type of
write ->
- ?LOG("[openssl client] Update keys: ~p", [Type]),
+ ?CT_LOG("[openssl client] Update keys: ~p", [Type]),
true = port_command(SslPort, "k", [nosuspend]),
Pid ! {self(), ok};
read_write ->
- ?LOG("[openssl client] Update keys: ~p", [Type]),
+ ?CT_LOG("[openssl client] Update keys: ~p", [Type]),
true = port_command(SslPort, "K", [nosuspend]),
Pid ! {self(), ok}
end,
openssl_client_loop_core(Pid, SslPort, Args);
close ->
- ?LOG("~nClient closing~n", []),
+ ?CT_LOG("~nClient closing~n", []),
catch port_close(SslPort);
{ssl_closed, _Socket} ->
%% TODO
@@ -1017,8 +1019,8 @@ run_client(Opts) ->
Options0 = proplists:get_value(options, Opts),
Options = patch_dtls_options(Options0),
ContOpts = proplists:get_value(continue_options, Opts, []),
- ?LOG("~n~p:connect(~p, ~p)@~p~n", [Transport, Host, Port, Node]),
- ?LOG("SSLOpts:~n ~0.p", [format_options(Options)]),
+ ?CT_LOG("~n~p:connect(~p, ~p)@~p~n", [Transport, Host, Port, Node]),
+ ?CT_LOG("SSLOpts:~n ~0.p", [format_options(Options)]),
case ContOpts of
[] ->
client_loop(Node, Host, Port, Pid, Transport, Options, Opts);
@@ -1030,7 +1032,7 @@ client_loop(_Node, Host, Port, Pid, Transport, Options, Opts) ->
case Transport:connect(Host, Port, Options) of
{ok, Socket} ->
Pid ! {connected, Socket},
- ?LOG("~nClient: connected~n", []),
+ ?CT_LOG("~nClient: connected~n", []),
%% In special cases we want to know the client port, it will
%% be indicated by sending {port, 0} in options list!
send_selected_port(Pid, proplists:get_value(port, Options), Socket),
@@ -1039,7 +1041,7 @@ client_loop(_Node, Host, Port, Pid, Transport, Options, Opts) ->
no_result_msg ->
ok;
Msg ->
- ?LOG("~nClient Msg: ~p ~n", [Msg]),
+ ?CT_LOG("~nClient Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg}
end,
client_loop_core(Socket, Pid, Transport);
@@ -1050,35 +1052,35 @@ client_loop(_Node, Host, Port, Pid, Transport, Options, Opts) ->
_ ->
case get(retries) of
N when N < 5 ->
- ?LOG("~neconnrefused retries=~p sleep ~p",[N,?SLEEP]),
+ ?CT_LOG("~neconnrefused retries=~p sleep ~p",[N,?SLEEP]),
put(retries, N+1),
ct:sleep(?SLEEP),
run_client(Opts);
_ ->
- ?LOG("~nClient failed several times: connection failed: ~p ~n", [Reason]),
+ ?CT_LOG("~nClient failed several times: connection failed: ~p ~n", [Reason]),
Pid ! {self(), {error, Reason}}
end
end;
{error, econnreset = Reason} ->
case get(retries) of
N when N < 5 ->
- ?LOG("~neconnreset retries=~p sleep ~p",[N,?SLEEP]),
+ ?CT_LOG("~neconnreset retries=~p sleep ~p",[N,?SLEEP]),
put(retries, N+1),
ct:sleep(?SLEEP),
run_client(Opts);
_ ->
- ?LOG("~nClient failed several times: connection failed: ~p ~n", [Reason]),
+ ?CT_LOG("~nClient failed several times: connection failed: ~p ~n", [Reason]),
Pid ! {self(), {error, Reason}}
end;
{error, Reason} ->
- ?LOG("~nClient: connection failed: ~p ~n", [Reason]),
+ ?CT_LOG("~nClient: connection failed: ~p ~n", [Reason]),
Pid ! {connect_failed, Reason}
end.
client_loop_core(Socket, Pid, Transport) ->
receive
{data, Data} ->
- ?LOG("[client] Send: ~p~n", [Data]),
+ ?CT_LOG("[client] Send: ~p~n", [Data]),
case Transport:send(Socket, Data) of
ok ->
Pid ! {self(), ok};
@@ -1089,17 +1091,17 @@ client_loop_core(Socket, Pid, Transport) ->
{active_receive, Data} ->
case active_recv(Socket, length(Data)) of
ReceivedData ->
- ?LOG("[client] Received: ~p~n", [Data]),
+ ?CT_LOG("[client] Received: ~p~n", [Data]),
Pid ! {self(), ReceivedData}
end,
client_loop_core(Socket, Pid, Transport);
{update_keys, Type} ->
case ssl:update_keys(Socket, Type) of
ok ->
- ?LOG("[client] Update keys: ~p", [Type]),
+ ?CT_LOG("[client] Update keys: ~p", [Type]),
Pid ! {self(), ok};
{error, Reason} ->
- ?LOG("[client] Update keys failed: ~p", [Type]),
+ ?CT_LOG("[client] Update keys failed: ~p", [Type]),
Pid ! {self(), Reason}
end,
client_loop_core(Socket, Pid, Transport);
@@ -1107,7 +1109,7 @@ client_loop_core(Socket, Pid, Transport) ->
Pid ! {self(), {socket, Socket}},
client_loop_core(Socket, Pid, Transport);
close ->
- ?LOG("~nClient closing~n", []),
+ ?CT_LOG("~nClient closing~n", []),
Transport:close(Socket);
{ssl_closed, Socket} ->
ok;
@@ -1131,10 +1133,10 @@ client_cont_loop(_Node, Host, Port, Pid, Transport, Options, cancel, _Opts) ->
case Transport:connect(Host, Port, Options) of
{ok, Socket, _} ->
Result = Transport:handshake_cancel(Socket),
- ?LOG("~nClient: Cancel: ~p ~n", [Result]),
+ ?CT_LOG("~nClient: Cancel: ~p ~n", [Result]),
Pid ! {connect_failed, Result};
{error, Reason} ->
- ?LOG("~nClient: connection failed: ~p ~n", [Reason]),
+ ?CT_LOG("~nClient: connection failed: ~p ~n", [Reason]),
Pid ! {connect_failed, Reason}
end;
@@ -1152,45 +1154,47 @@ client_cont_loop(_Node, Host, Port, Pid, Transport, Options, ContOpts0, Opts) ->
_ ->
ContOpts0
end,
- ?LOG("~nClient: handshake_continue(~p, ~p, infinity) ~n", [Socket0, ContOpts]),
+ ?CT_LOG("~nClient: handshake_continue(~p, ~p, infinity) ~n", [Socket0, ContOpts]),
case Transport:handshake_continue(Socket0, ContOpts) of
{ok, Socket} ->
Pid ! {connected, Socket},
{Module, Function, Args} = proplists:get_value(mfa, Opts),
- ?LOG("~nClient: apply(~p,~p,~p)~n",
+ ?CT_LOG("~nClient: apply(~p,~p,~p)~n",
[Module, Function, [Socket | Args]]),
case apply(Module, Function, [Socket | Args]) of
no_result_msg ->
ok;
Msg ->
- ?LOG("~nClient Msg: ~p ~n", [Msg]),
+ ?CT_LOG("~nClient Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg}
end
end;
{error, Reason} ->
- ?LOG("~nClient: connection failed: ~p ~n", [Reason]),
+ ?CT_LOG("~nClient: connection failed: ~p ~n", [Reason]),
Pid ! {connect_failed, Reason}
end.
close(Pid) ->
- ?LOG("~nClose ~p ~n", [Pid]),
+ ?CT_LOG("~nClose ~p ~n", [Pid]),
Monitor = erlang:monitor(process, Pid),
Pid ! close,
receive
{'DOWN', Monitor, process, Pid, Reason} ->
erlang:demonitor(Monitor),
- ?LOG("~nPid: ~p down due to:~p ~n", [Pid, Reason])
+ ?CT_LOG("~nPid: ~p down due to:~p ~n", [Pid, Reason])
end.
close(Pid, Timeout) ->
- ?LOG("~n Close ~p ~n", [Pid]),
+ ?CT_LOG("~n Close ~p ~n", [Pid]),
Monitor = erlang:monitor(process, Pid),
Pid ! close,
receive
{'DOWN', Monitor, process, Pid, Reason} ->
erlang:demonitor(Monitor),
- ?LOG("~nPid: ~p down due to:~p ~n", [Pid, Reason])
- after Timeout -> exit(Pid, kill)
+ ?CT_LOG("~nPid: ~p down due to:~p ~n", [Pid, Reason])
+ after
+ Timeout ->
+ exit(Pid, kill)
end.
get_result(Pids) ->
@@ -1225,10 +1229,10 @@ match_result_msg2({Pid, {ok, {{127,_,_,_}, Port}}} = Msg, Msgs) ->
false -> ct:fail({{expected, Msgs}, {got, Msg}})
end;
match_result_msg2({Port, {data,Debug}}, Msgs) when is_port(Port) ->
- ?LOG(" Openssl (~p) ~s~n",[Port, Debug]),
+ ?CT_LOG(" Openssl (~p) ~s~n",[Port, Debug]),
check_result(Msgs);
match_result_msg2({Port, closed}, Msgs) when is_port(Port) ->
- ?LOG(" Openssl port (~p) closed ~n",[Port]),
+ ?CT_LOG(" Openssl port (~p) closed ~n",[Port]),
check_result(Msgs);
match_result_msg2(Msg, Msgs) ->
ct:fail({{expected, Msgs}, {got, Msg}}).
@@ -1316,7 +1320,7 @@ wait_for_result(Server, ServerMsg, Client, ClientMsg) ->
%% Unexpected
end;
{Port, {data,Debug}} when is_port(Port) ->
- ?LOG("~nopenssl ~s~n",[Debug]),
+ ?CT_LOG("~nopenssl ~s~n",[Debug]),
wait_for_result(Server, ServerMsg, Client, ClientMsg)
%% Unexpected ->
%% Unexpected
@@ -1337,7 +1341,7 @@ wait_for_result(Pid, Msg) ->
{Pid, Msg} ->
ok;
{Port, {data,Debug}} when is_port(Port) ->
- ?LOG("~nopenssl ~s~n",[Debug]),
+ ?CT_LOG("~nopenssl ~s~n",[Debug]),
wait_for_result(Pid,Msg)
%% Unexpected ->
%% Unexpected
@@ -1978,31 +1982,31 @@ run_upgrade_server(Opts) ->
SslOptions = proplists:get_value(ssl_options, Opts),
Pid = proplists:get_value(from, Opts),
- ?LOG("~ngen_tcp:listen(~p, ~p)~n", [Port, TcpOptions]),
+ ?CT_LOG("~ngen_tcp:listen(~p, ~p)~n", [Port, TcpOptions]),
{ok, ListenSocket} = gen_tcp:listen(Port, TcpOptions),
Pid ! {listen, up},
send_selected_port(Pid, Port, ListenSocket),
- ?LOG("~ngen_tcp:accept(~p)~n", [ListenSocket]),
+ ?CT_LOG("~ngen_tcp:accept(~p)~n", [ListenSocket]),
{ok, AcceptSocket} = gen_tcp:accept(ListenSocket),
try
{ok, SslAcceptSocket} = case TimeOut of
infinity ->
- ?LOG("~nssl:handshake(~p, ~p)~n",
+ ?CT_LOG("~nssl:handshake(~p, ~p)~n",
[AcceptSocket, SslOptions]),
ssl:handshake(AcceptSocket, SslOptions);
_ ->
- ?LOG("~nssl:handshake(~p, ~p, ~p)~n",
+ ?CT_LOG("~nssl:handshake(~p, ~p, ~p)~n",
[AcceptSocket, SslOptions, TimeOut]),
ssl:handshake(AcceptSocket, SslOptions, TimeOut)
end,
{Module, Function, Args} = proplists:get_value(mfa, Opts),
Msg = apply(Module, Function, [SslAcceptSocket | Args]),
- ?LOG("~nUpgrade Server Msg: ~p ~n", [Msg]),
+ ?CT_LOG("~nUpgrade Server Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg},
receive
close ->
- ?LOG("~nUpgrade Server closing~n", []),
+ ?CT_LOG("~nUpgrade Server closing~n", []),
ssl:close(SslAcceptSocket)
end
catch error:{badmatch, Error} ->
@@ -2020,24 +2024,24 @@ run_upgrade_client(Opts) ->
TcpOptions = proplists:get_value(tcp_options, Opts),
SslOptions = proplists:get_value(ssl_options, Opts),
- ?LOG("~ngen_tcp:connect(~p, ~p, ~p)~n",
+ ?CT_LOG("~ngen_tcp:connect(~p, ~p, ~p)~n",
[Host, Port, TcpOptions]),
{ok, Socket} = gen_tcp:connect(Host, Port, TcpOptions),
send_selected_port(Pid, Port, Socket),
- ?LOG("~nssl:connect(~p, ~p)~n", [Socket, SslOptions]),
+ ?CT_LOG("~nssl:connect(~p, ~p)~n", [Socket, SslOptions]),
{ok, SslSocket} = ssl:connect(Socket, SslOptions),
{Module, Function, Args} = proplists:get_value(mfa, Opts),
- ?LOG("~napply(~p, ~p, ~p)~n",
+ ?CT_LOG("~napply(~p, ~p, ~p)~n",
[Module, Function, [SslSocket | Args]]),
Msg = apply(Module, Function, [SslSocket | Args]),
- ?LOG("~nUpgrade Client Msg: ~p ~n", [Msg]),
+ ?CT_LOG("~nUpgrade Client Msg: ~p ~n", [Msg]),
Pid ! {self(), Msg},
receive
close ->
- ?LOG("~nUpgrade Client closing~n", []),
+ ?CT_LOG("~nUpgrade Client closing~n", []),
ssl:close(SslSocket)
end.
@@ -2052,11 +2056,11 @@ run_upgrade_client_error(Opts) ->
Timeout = proplists:get_value(timeout, Opts, infinity),
TcpOptions = proplists:get_value(tcp_options, Opts),
SslOptions = proplists:get_value(ssl_options, Opts),
- ?LOG("gen_tcp:connect(~p, ~p, ~p)",
+ ?CT_LOG("gen_tcp:connect(~p, ~p, ~p)",
[Host, Port, TcpOptions]),
{ok, Socket} = gen_tcp:connect(Host, Port, TcpOptions),
send_selected_port(Pid, Port, Socket),
- ?LOG("ssl:connect(~p, ~p)", [Socket, SslOptions]),
+ ?CT_LOG("ssl:connect(~p, ~p)", [Socket, SslOptions]),
Error = ssl:connect(Socket, SslOptions, Timeout),
Pid ! {self(), Error}.
@@ -2075,19 +2079,19 @@ run_upgrade_server_error(Opts) ->
SslOptions = proplists:get_value(ssl_options, Opts),
Pid = proplists:get_value(from, Opts),
- ?LOG("~ngen_tcp:listen(~p, ~p)~n", [Port, TcpOptions]),
+ ?CT_LOG("~ngen_tcp:listen(~p, ~p)~n", [Port, TcpOptions]),
{ok, ListenSocket} = gen_tcp:listen(Port, TcpOptions),
Pid ! {listen, up},
send_selected_port(Pid, Port, ListenSocket),
- ?LOG("~ngen_tcp:accept(~p)~n", [ListenSocket]),
+ ?CT_LOG("~ngen_tcp:accept(~p)~n", [ListenSocket]),
{ok, AcceptSocket} = gen_tcp:accept(ListenSocket),
Error = case TimeOut of
infinity ->
- ?LOG("~nssl:handshake(~p, ~p)~n",
+ ?CT_LOG("~nssl:handshake(~p, ~p)~n",
[AcceptSocket, SslOptions]),
ssl:handshake(AcceptSocket, SslOptions);
_ ->
- ?LOG("~nssl:ssl_handshake(~p, ~p, ~p)~n",
+ ?CT_LOG("~nssl:ssl_handshake(~p, ~p, ~p)~n",
[AcceptSocket, SslOptions, TimeOut]),
ssl:handshake(AcceptSocket, SslOptions, TimeOut)
end,
@@ -2105,7 +2109,7 @@ run_server_error(Opts) ->
Options = proplists:get_value(options, Opts),
Pid = proplists:get_value(from, Opts),
Transport = proplists:get_value(transport, Opts, ssl),
- ?LOG("~nssl:listen(~p, ~p)~n", [Port, Options]),
+ ?CT_LOG("~nssl:listen(~p, ~p)~n", [Port, Options]),
Timeout = proplists:get_value(timeout, Opts, infinity),
case Transport:listen(Port, Options) of
{ok, #sslsocket{} = ListenSocket} ->
@@ -2113,19 +2117,19 @@ run_server_error(Opts) ->
%% get {error, closed} and not {error, connection_refused}
Pid ! {listen, up},
send_selected_port(Pid, Port, ListenSocket),
- ?LOG("~nssl:transport_accept(~p)~n", [ListenSocket]),
+ ?CT_LOG("~nssl:transport_accept(~p)~n", [ListenSocket]),
case Transport:transport_accept(ListenSocket, Timeout) of
{error, _} = Error ->
Pid ! {self(), Error};
{ok, AcceptSocket} ->
- ?LOG("~nssl:handshake(~p)~n", [AcceptSocket]),
+ ?CT_LOG("~nssl:handshake(~p)~n", [AcceptSocket]),
Error = ssl:handshake(AcceptSocket),
Pid ! {self(), Error}
end;
{ok, ListenSocket} ->
Pid ! {listen, up},
send_selected_port(Pid, Port, ListenSocket),
- ?LOG("~n~p:accept(~p)~n", [Transport, ListenSocket]),
+ ?CT_LOG("~n~p:accept(~p)~n", [Transport, ListenSocket]),
case Transport:accept(ListenSocket) of
{error, _} = Error ->
Pid ! {self(), Error}
@@ -2148,7 +2152,7 @@ run_client_error(Opts) ->
Transport = proplists:get_value(transport, Opts, ssl),
Options0 = proplists:get_value(options, Opts),
Options = patch_dtls_options(Options0),
- ?LOG("~nssl:connect(~p, ~p, ~p)~n", [Host, Port, Options]),
+ ?CT_LOG("~nssl:connect(~p, ~p, ~p)~n", [Host, Port, Options]),
Error = Transport:connect(Host, Port, Options),
case Error of
{error, _} ->
@@ -2680,7 +2684,7 @@ der_to_pem(File, Entries) ->
cipher_result(Socket, Result) ->
{ok, Info} = ssl:connection_information(Socket),
Result = {ok, {proplists:get_value(protocol, Info), proplists:get_value(selected_cipher_suite, Info)}},
- ?LOG("~nSuccessfull connect: ~p~n", [Result]),
+ ?CT_LOG("~nSuccessfull connect: ~p~n", [Result]),
%% Importante to send two packets here
%% to properly test "cipher state" handling
Hello = "Hello\n",
@@ -2789,21 +2793,21 @@ openssl_tls_version_support(Proto, Opts, Port, Exe, Args0) ->
close_port(OpensslPort),
true;
{error, {tls_alert, {protocol_version, _}}} ->
- ?PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
+ ?CT_PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
close_port(OpensslPort),
false;
{error, {tls_alert, Alert}} ->
- ?PAL("OpenSSL returned alert ~p", [Alert]),
+ ?CT_PAL("OpenSSL returned alert ~p", [Alert]),
close_port(OpensslPort),
false;
{error, timeout} ->
- ?PAL("Timed out connection to OpenSSL", []),
+ ?CT_PAL("Timed out connection to OpenSSL", []),
close_port(OpensslPort),
false
end
catch
_:_ ->
- ?PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
+ ?CT_PAL("OpenSSL does not support ~p", [proplists:get_value(versions, Opts)]),
close_port(OpensslPort),
false
end.
@@ -2856,20 +2860,20 @@ check_key_exchange_send_active(Socket, KeyEx) ->
send_recv_result_active(Socket).
check_key_exchange({KeyEx,_, _}, KeyEx, _) ->
- ?LOG("Kex: ~p", [KeyEx]),
+ ?CT_LOG("Kex: ~p", [KeyEx]),
true;
check_key_exchange({KeyEx,_,_,_}, KeyEx, _) ->
- ?LOG("Kex: ~p", [KeyEx]),
+ ?CT_LOG("Kex: ~p", [KeyEx]),
true;
check_key_exchange(KeyEx1, KeyEx2, Version) ->
- ?LOG("Kex: ~p ~p", [KeyEx1, KeyEx2]),
+ ?CT_LOG("Kex: ~p ~p", [KeyEx1, KeyEx2]),
case Version of
'tlsv1.2' ->
v_1_2_check(element(1, KeyEx1), KeyEx2);
'dtlsv1.2' ->
v_1_2_check(element(1, KeyEx1), KeyEx2);
_ ->
- ?PAL("Negotiated ~p Expected ~p", [KeyEx1, KeyEx2]),
+ ?CT_PAL("Negotiated ~p Expected ~p", [KeyEx1, KeyEx2]),
false
end.
@@ -2913,10 +2917,10 @@ check_active_receive(Pid, Data) ->
check_active_receive_loop(Pid, Data) ->
receive
{Pid, Data} ->
- ?LOG("Received: ~p~n (from ~p)~n", [Data, Pid]),
+ ?CT_LOG("Received: ~p~n (from ~p)~n", [Data, Pid]),
Data;
{Pid, Data2} ->
- ?LOG("Received unexpected message: ~p~n (from ~p)~n", [Data2, Pid]),
+ ?CT_LOG("Received unexpected message: ~p~n (from ~p)~n", [Data2, Pid]),
check_active_receive_loop(Pid, Data)
end.
@@ -2950,15 +2954,15 @@ verify_active_session_resumption(Socket, SessionResumption, WaitForReply, Ticket
case ssl:connection_information(Socket, [session_resumption]) of
{ok, [{session_resumption, SessionResumption}]} ->
Msg = boolean_to_log_msg(SessionResumption),
- ?LOG("~nSession resumption verified! (expected ~p, got ~p)!",
+ ?CT_LOG("~nSession resumption verified! (expected ~p, got ~p)!",
[Msg, Msg]);
{ok, [{session_resumption, Got0}]} ->
Expected = boolean_to_log_msg(SessionResumption),
Got = boolean_to_log_msg(Got0),
- ?FAIL("~nFailed to verify session resumption! (expected ~p, got ~p)",
+ ?CT_FAIL("~nFailed to verify session resumption! (expected ~p, got ~p)",
[Expected, Got]);
{error, Reason} ->
- ?FAIL("~nFailed to verify session resumption! Reason: ~p",
+ ?CT_FAIL("~nFailed to verify session resumption! Reason: ~p",
[Reason])
end,
@@ -2970,7 +2974,7 @@ verify_active_session_resumption(Socket, SessionResumption, WaitForReply, Ticket
no_reply ->
ok;
Else1 ->
- ?FAIL("~nFaulty parameter: ~p", [Else1])
+ ?CT_FAIL("~nFaulty parameter: ~p", [Else1])
end,
Tickets =
case TicketOption of
@@ -2979,7 +2983,7 @@ verify_active_session_resumption(Socket, SessionResumption, WaitForReply, Ticket
no_tickets ->
ok;
Else2 ->
- ?FAIL("~nFaulty parameter: ~p", [Else2])
+ ?CT_FAIL("~nFaulty parameter: ~p", [Else2])
end,
case EarlyData of
{verify_early_data, Atom} ->
@@ -2987,28 +2991,28 @@ verify_active_session_resumption(Socket, SessionResumption, WaitForReply, Ticket
ok ->
Tickets;
Else ->
- ?FAIL("~nFailed to verify early_data! (expected ~p, got ~p)",
+ ?CT_FAIL("~nFailed to verify early_data! (expected ~p, got ~p)",
[Atom, Else])
end;
no_early_data ->
Tickets;
Else3 ->
- ?FAIL("~nFaulty parameter: ~p", [Else3])
+ ?CT_FAIL("~nFaulty parameter: ~p", [Else3])
end.
verify_server_early_data(Socket, WaitForReply, EarlyData) ->
case ssl:connection_information(Socket, [session_resumption]) of
{ok, [{session_resumption, true}]} ->
Msg = boolean_to_log_msg(true),
- ?LOG("~nSession resumption verified! (expected ~p, got ~p)!",
+ ?CT_LOG("~nSession resumption verified! (expected ~p, got ~p)!",
[Msg, Msg]);
{ok, [{session_resumption, Got0}]} ->
Expected = boolean_to_log_msg(true),
Got = boolean_to_log_msg(Got0),
- ?FAIL("~nFailed to verify session resumption! (expected ~p, got ~p)",
+ ?CT_FAIL("~nFailed to verify session resumption! (expected ~p, got ~p)",
[Expected, Got]);
{error, Reason} ->
- ?FAIL("~nFailed to verify session resumption! Reason: ~p",
+ ?CT_FAIL("~nFailed to verify session resumption! Reason: ~p",
[Reason])
end,
Data = "Hello world",
@@ -3020,14 +3024,14 @@ verify_server_early_data(Socket, WaitForReply, EarlyData) ->
_ ->
binary_to_list(EarlyData) ++ Data
end,
- ?LOG("Expected Reply: ~p~n", [Reply]),
+ ?CT_LOG("Expected Reply: ~p~n", [Reply]),
case WaitForReply of
wait_reply ->
Reply = active_recv(Socket, length(Reply));
no_reply ->
ok;
Else1 ->
- ?FAIL("~nFaulty parameter: ~p", [Else1])
+ ?CT_FAIL("~nFaulty parameter: ~p", [Else1])
end,
ok.
@@ -3038,10 +3042,10 @@ verify_session_ticket_extension([Ticket0|_], MaxEarlyDataSize) ->
indication = Size}}}} = Ticket0,
case Size of
MaxEarlyDataSize ->
- ?LOG("~nmax_early_data_size verified! (expected ~p, got ~p)!",
+ ?CT_LOG("~nmax_early_data_size verified! (expected ~p, got ~p)!",
[MaxEarlyDataSize, Size]);
Else ->
- ?LOG("~nFailed to verify max_early_data_size! (expected ~p, got ~p)!",
+ ?CT_LOG("~nFailed to verify max_early_data_size! (expected ~p, got ~p)!",
[MaxEarlyDataSize, Else])
end.
@@ -3050,7 +3054,7 @@ update_session_ticket_extension([Ticket|_], MaxEarlyDataSize) ->
extensions = #{early_data :=
#early_data_indication_nst{
indication = Size}}}} = Ticket,
- ?LOG("~nOverwrite max_early_data_size (from ~p to ~p)!",
+ ?CT_LOG("~nOverwrite max_early_data_size (from ~p to ~p)!",
[Size, MaxEarlyDataSize]),
#{ticket := #new_session_ticket{
extensions = #{early_data := _Extensions0}} = NST0} = Ticket,
@@ -3081,17 +3085,17 @@ check_tickets(Client) ->
Tickets
after
5000 ->
- ?FAIL("~nNo tickets received!", [])
+ ?CT_FAIL("~nNo tickets received!", [])
end.
active_recv_loop(Pid, SslPort, Data) ->
case active_recv(SslPort, length(Data)) of
Data ->
- ?LOG("[openssl server] Received: ~p~n (forward to PID=~p)~n",
+ ?CT_LOG("[openssl server] Received: ~p~n (forward to PID=~p)~n",
[Data, Pid]),
Pid ! {self(), Data};
Unexpected ->
- ?LOG("[openssl server] Received unexpected: ~p~n (dropping message)~n",
+ ?CT_LOG("[openssl server] Received unexpected: ~p~n (dropping message)~n",
[Unexpected]),
active_recv_loop(Pid, SslPort, Data)
end.
@@ -3392,28 +3396,28 @@ close_port(Port) ->
close_loop(Port, Time, SentClose) ->
receive
{Port, {data,Debug}} when is_port(Port) ->
- ?LOG("openssl ~s~n",[Debug]),
+ ?CT_LOG("openssl ~s~n",[Debug]),
close_loop(Port, Time, SentClose);
{ssl,_,Msg} ->
- ?LOG("ssl Msg ~s~n",[Msg]),
+ ?CT_LOG("ssl Msg ~s~n",[Msg]),
close_loop(Port, Time, SentClose);
{Port, closed} ->
- ?LOG("Port Closed~n",[]),
+ ?CT_LOG("Port Closed~n",[]),
ok;
{'EXIT', Port, Reason} ->
- ?LOG("Port Closed ~p~n",[Reason]),
+ ?CT_LOG("Port Closed ~p~n",[Reason]),
ok;
Msg ->
- ?LOG("Port Msg ~p~n",[Msg]),
+ ?CT_LOG("Port Msg ~p~n",[Msg]),
close_loop(Port, Time, SentClose)
after Time ->
case SentClose of
false ->
- ?LOG("Closing port ~n",[]),
+ ?CT_LOG("Closing port ~n",[]),
catch erlang:port_close(Port),
close_loop(Port, Time, true);
true ->
- ?LOG("Timeout~n",[])
+ ?CT_LOG("Timeout~n",[])
end
end.
@@ -3425,7 +3429,7 @@ portable_open_port("openssl" = Exe, Args0) ->
case IsWindows andalso os:getenv("WSLENV") of
false ->
AbsPath = os:find_executable(Exe),
- ?LOG("open_port({spawn_executable, ~p}, [stderr_to_stdout,~n {args, \"~s\"}]).",
+ ?CT_LOG("open_port({spawn_executable, ~p}, [stderr_to_stdout,~n {args, \"~s\"}]).",
[AbsPath, lists:join($\s, Args0)]),
open_port({spawn_executable, AbsPath},
[{args, Args0}, stderr_to_stdout]);
@@ -3442,14 +3446,14 @@ portable_open_port("openssl" = Exe, Args0) ->
Args1 = [Translate(Arg) || Arg <- Args0],
Args = ["/C","wsl","openssl"| Args1] ++ ["2>&1"],
Cmd = os:find_executable("cmd"),
- ?LOG("open_port({spawn_executable, ~p}, [stderr_to_stdout,~n {args, \"~s\"}]).",
+ ?CT_LOG("open_port({spawn_executable, ~p}, [stderr_to_stdout,~n {args, \"~s\"}]).",
[Cmd, lists:join($\s, Args0)]),
open_port({spawn_executable, Cmd},
[{args, Args}, stderr_to_stdout, hide])
end;
portable_open_port(Exe, Args) ->
AbsPath = os:find_executable(Exe),
- ?LOG("open_port({spawn_executable, ~p}, [{args, ~p}, stderr_to_stdout]).", [AbsPath, Args]),
+ ?CT_LOG("open_port({spawn_executable, ~p}, [{args, ~p}, stderr_to_stdout]).", [AbsPath, Args]),
open_port({spawn_executable, AbsPath},
[{args, Args}, stderr_to_stdout]).
@@ -3532,7 +3536,7 @@ do_supports_ssl_tls_version(Port, Acc) ->
"s_client: Unknown option: " ++ _->
false;
Info when length(Info) >= 24 ->
- ?LOG("~p", [Info]),
+ ?CT_LOG("~p", [Info]),
true;
_ ->
do_supports_ssl_tls_version(Port, Acc ++ Data)
@@ -3598,9 +3602,9 @@ protocol_options(Config, Options) ->
ct_log_supported_protocol_versions(Config) ->
case proplists:get_value(protocol, Config) of
dtls ->
- ?LOG("DTLS version ~p~n ", [dtls_record:supported_protocol_versions()]);
+ ?CT_LOG("DTLS version ~p~n ", [dtls_record:supported_protocol_versions()]);
_ ->
- ?LOG("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()])
+ ?CT_LOG("TLS/SSL version ~p~n ", [tls_record:supported_protocol_versions()])
end.
clean_env() ->
@@ -3793,10 +3797,10 @@ client_msg(Client, ClientMsg) ->
{Client, ClientMsg} ->
ok;
{Client, {error,closed}} ->
- ?LOG("client got close", []),
+ ?CT_LOG("client got close", []),
ok;
{Client, {error, Reason}} ->
- ?LOG("client got econnaborted: ~p", [Reason]),
+ ?CT_LOG("client got econnaborted: ~p", [Reason]),
ok;
Unexpected ->
ct:fail(Unexpected)
@@ -3806,10 +3810,10 @@ server_msg(Server, ServerMsg) ->
{Server, ServerMsg} ->
ok;
{Server, {error,closed}} ->
- ?LOG("server got close", []),
+ ?CT_LOG("server got close", []),
ok;
{Server, {error, Reason}} ->
- ?LOG("server got econnaborted: ~p", [Reason]),
+ ?CT_LOG("server got econnaborted: ~p", [Reason]),
ok;
Unexpected ->
ct:fail(Unexpected)
@@ -3981,7 +3985,7 @@ new_config(PrivDir, ServerOpts0) ->
ServerOpts = proplists:delete(keyfile, ServerOpts2),
{ok, PEM} = file:read_file(NewCaCertFile),
- ?LOG("CA file content: ~p~n", [public_key:pem_decode(PEM)]),
+ ?CT_LOG("CA file content: ~p~n", [public_key:pem_decode(PEM)]),
[{cacertfile, NewCaCertFile}, {certfile, NewCertFile},
{keyfile, NewKeyFile} | ServerOpts].
@@ -4082,11 +4086,11 @@ openssl_maxfraglen_support() ->
assert_mfl(Socket, undefined) ->
InfoMFL = ssl:connection_information(Socket, [max_fragment_length]),
- ?LOG("Connection MFL ~p, Expecting: [] ~n", [InfoMFL]),
+ ?CT_LOG("Connection MFL ~p, Expecting: [] ~n", [InfoMFL]),
{ok, []} = InfoMFL;
assert_mfl(Socket, MFL) ->
InfoMFL = ssl:connection_information(Socket, [max_fragment_length]),
- ?LOG("Connection MFL ~p, Expecting: ~p ~n", [InfoMFL, MFL]),
+ ?CT_LOG("Connection MFL ~p, Expecting: ~p ~n", [InfoMFL, MFL]),
{ok, [{max_fragment_length, ConnMFL}]} = InfoMFL,
ConnMFL = MFL.
-define(BIG_BUF, 10000000).
@@ -4145,67 +4149,31 @@ handle_trace(rle,
[{role, Role} | Stack0]}.
-ktls_check_os() ->
- case {os:type(), os:version()} of
- {{unix,linux}, OsVersion} when {5,2,0} =< OsVersion ->
- ok;
- OS ->
- {error, {notsup, {os,OS}}}
- end.
+ktls_os() ->
+ inet_tls_dist:ktls_os().
%% Set UserLand Protocol
-ktls_set_ulp(Socket) ->
- SOL_TCP = 6, TCP_ULP = 31,
- case inet:setopts(Socket, [{raw, SOL_TCP, TCP_ULP, <<"tls">>}]) of
- ok ->
- case inet:getopts(Socket, [{raw, SOL_TCP, TCP_ULP, 4}]) of
- {ok, [{raw, SOL_TCP, TCP_ULP, <<"tls",0>>}]} ->
- ok;
- GetULP ->
- {error, {get_ulp, GetULP}}
- end;
- Error ->
- {error, {set_ulp, Error}}
- end.
-
-ktls_set_cipher(Socket, TxRx, Seed) ->
+ktls_set_ulp(Socket, OS) ->
+ inet_tls_dist:set_ktls_ulp(
+ #{ socket => Socket,
+ setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3,
+ getopt_fun => fun inet_tls_dist:inet_ktls_getopt/3 },
+ OS).
+
+ktls_set_cipher(Socket, OS, TxRx, Seed) ->
+ TLS_version = {3,4},
+ TLS_cipher = ?TLS_AES_256_GCM_SHA384,
TLS_IV = binary:copy(<<(Seed + 0)>>, 8),
TLS_KEY = binary:copy(<<(Seed + 1)>>, 32),
TLS_SALT = binary:copy(<<(Seed + 2)>>, 4),
- ktls_set_cipher(Socket, TxRx, TLS_IV, TLS_KEY, TLS_SALT).
-
-ktls_set_cipher(Socket, TxRx, TLS_IV, TLS_KEY, TLS_SALT) ->
- TLS_OPT =
- case TxRx of
- tx -> 1;
- rx -> 2
- end,
- TLS_VER = ((3 bsl 8) bor 4),
- TLS_CIPHER = 52,
- TLS_SEQ = 0,
- TLS_crypto_info =
- <<TLS_VER:16/native, TLS_CIPHER:16/native,
- TLS_IV/binary, TLS_KEY/binary, TLS_SALT/binary,
- TLS_SEQ:64/native>>,
- SOL_TLS = 282,
- RawOpt = {raw, SOL_TLS, TLS_OPT, TLS_crypto_info},
- case inet:setopts(Socket, [RawOpt]) of
- ok ->
- case TxRx of
- tx ->
- OptSize = byte_size(TLS_crypto_info),
- case
- inet:getopts(
- Socket, [{raw, SOL_TLS, TLS_OPT, OptSize}])
- of
- {ok, [RawOpt]} ->
- ok;
- GetCipher ->
- {error, {get_cipher, GetCipher}}
- end;
- rx ->
- ok
- end;
- SetCipher ->
- {error, {set_cipher, SetCipher}}
- end.
+ KtlsInfo =
+ #{ socket => Socket,
+ tls_version => TLS_version,
+ cipher_suite => TLS_cipher,
+ setopt_fun => fun inet_tls_dist:inet_ktls_setopt/3,
+ getopt_fun => fun inet_tls_dist:inet_ktls_getopt/3 },
+ CipherState =
+ #cipher_state{
+ key = TLS_KEY,
+ iv = <<TLS_SALT/binary, TLS_IV/binary>> },
+ inet_tls_dist:set_ktls_cipher(KtlsInfo, OS, CipherState, 0, TxRx).
diff --git a/lib/ssl/test/ssl_test_lib.hrl b/lib/ssl/test/ssl_test_lib.hrl
index 817e3e0904..947c765c2a 100644
--- a/lib/ssl/test/ssl_test_lib.hrl
+++ b/lib/ssl/test/ssl_test_lib.hrl
@@ -1,6 +1,14 @@
--define(FORMAT, "(~s ~p:~p in ~p) ").
--define(ARGS, [erlang:pid_to_list(self()), ?MODULE, ?LINE, ?FUNCTION_NAME]).
--define(LOG(F), ct:log(?FORMAT ++ F, ?ARGS, [esc_chars])).
--define(LOG(F, Args), ct:log(?FORMAT ++ F, ?ARGS ++ Args, [esc_chars])).
--define(PAL(F, Args), ct:pal(?FORMAT ++ F, ?ARGS ++ Args)).
--define(FAIL(F, Args), ct:fail(?FORMAT ++ F, ?ARGS ++ Args)).
+-define(SSL_TEST_LIB_FORMAT, "(~s ~p:~p in ~p) ").
+-define(SSL_TEST_LIB_ARGS,
+ [erlang:pid_to_list(self()), ?MODULE, ?LINE, ?FUNCTION_NAME]).
+-define(CT_LOG(F),
+ (ct:log(?SSL_TEST_LIB_FORMAT ++ F, ?SSL_TEST_LIB_ARGS, [esc_chars]))).
+-define(CT_LOG(F, Args),
+ (ct:log(
+ ?SSL_TEST_LIB_FORMAT ++ F,
+ ?SSL_TEST_LIB_ARGS ++ Args,
+ [esc_chars]))).
+-define(CT_PAL(F, Args),
+ (ct:pal(?SSL_TEST_LIB_FORMAT ++ F, ?SSL_TEST_LIB_ARGS ++ Args))).
+-define(CT_FAIL(F, Args),
+ (ct:fail(?SSL_TEST_LIB_FORMAT ++ F, ?SSL_TEST_LIB_ARGS ++ Args))).
diff --git a/lib/ssl/test/ssl_trace_SUITE.erl b/lib/ssl/test/ssl_trace_SUITE.erl
index 376b9a01ab..8c8dc240ce 100644
--- a/lib/ssl/test/ssl_trace_SUITE.erl
+++ b/lib/ssl/test/ssl_trace_SUITE.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 2022. All Rights Reserved.
+%% Copyright Ericsson AB 2022-2023. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
@@ -264,7 +264,7 @@ tc_budget_option(Config) ->
true ->
ok;
_ ->
- ?FAIL("Expected ~w traces, but found ~w",
+ ?CT_FAIL("Expected ~w traces, but found ~w",
[ExpectedTraceCnt, ActualTraceCnt])
end.
@@ -283,7 +283,7 @@ tc_file_option(Config) ->
true ->
ok;
_ ->
- ?FAIL("Expected ~w traces, but found ~w",
+ ?CT_FAIL("Expected ~w traces, but found ~w",
[ExpectedTraceCnt, ActualTraceCnt])
end.
@@ -300,7 +300,7 @@ tc_write(_Config) ->
true ->
ok;
_ ->
- ?FAIL("Expected ~w traces, but found ~w",
+ ?CT_FAIL("Expected ~w traces, but found ~w",
[ExpectedTraceCnt, ActualTraceCnt])
end.
@@ -379,14 +379,14 @@ check_trace_map(Ref, ExpectedTraces, ExpectedRemainders) ->
true ->
ok;
_ ->
- ?FAIL("Expected trace remainders = ~w ~n"
+ ?CT_FAIL("Expected trace remainders = ~w ~n"
"Actual trace remainders = ~w",
[ExpectedRemainders, ActualRemainders])
end.
check_key(Type, ExpectedTraces, ReceivedPerType) ->
ReceivedPerTypeCnt = length(ReceivedPerType),
- ?LOG("Received Type = ~w Messages# = ~w", [Type, ReceivedPerTypeCnt]),
+ ?CT_LOG("Received Type = ~w Messages# = ~w", [Type, ReceivedPerTypeCnt]),
case ReceivedPerTypeCnt > 0 of
true ->
ExpectedPerType = maps:get(Type, ExpectedTraces, []),
@@ -413,7 +413,7 @@ check_key(Type, ExpectedTraces, ReceivedPerType) ->
case Result of
false ->
F = "Trace not found: {~s, ~w, ~w}",
- ?FAIL(F, [ExpectedString, Module, Function]);
+ ?CT_FAIL(F, [ExpectedString, Module, Function]);
_ -> ok
end,
Result
@@ -431,7 +431,7 @@ check_key(Type, ExpectedTraces, ReceivedPerType) ->
case Result of
false ->
F = "Processed trace not found: ~s",
- ?FAIL(F, [ExpectedString]);
+ ?CT_FAIL(F, [ExpectedString]);
_ -> ok
end,
Result
@@ -450,7 +450,7 @@ check_trace(processed, ExpectedPerType, ReceivedPerType) ->
P1 = ?CHECK_PROCESSED_TRACE([_Timestamp, _Pid, Txt], Expected),
true = lists:all(P1, ExpectedPerType);
check_trace(Type, _ExpectedPerType, _ReceivedPerType) ->
- ?FAIL("Type = ~w not checked", [Type]),
+ ?CT_FAIL("Type = ~w not checked", [Type]),
ok.
count_line(Filename) ->
@@ -460,7 +460,7 @@ count_line(Filename) ->
file:close(IoDevice),
Count;
{error, Reason} ->
- ?PAL("~s open error reason:~s~n", [Filename, Reason]),
+ ?CT_PAL("~s open error reason:~s~n", [Filename, Reason]),
ct:fail(Reason)
end.
@@ -471,7 +471,7 @@ count_line(IoDevice, Count) ->
end.
ssl_connect(Config) when is_list(Config) ->
- ?LOG("Establishing connection for producing traces", []),
+ ?CT_LOG("Establishing connection for producing traces", []),
ClientOpts = ssl_test_lib:ssl_options(client_rsa_verify_opts, Config),
ServerOpts = ssl_test_lib:ssl_options(server_rsa_verify_opts, Config),
{ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
@@ -489,5 +489,5 @@ ssl_connect(Config) when is_list(Config) ->
{mfa, {ssl_test_lib, send_recv_result, []}},
{options, [{keepalive, true},{active, false}
| ClientOpts]}]),
- ?LOG("Testcase ~p, Client ~p Server ~p ~n", [self(), Client, Server]),
+ ?CT_LOG("Testcase ~p, Client ~p Server ~p ~n", [self(), Client, Server]),
[Server, Client].
View Lorry Controller Status