Refactor KTLS tests to better support TLS 1.3.

- Use SSL_set_ciphersuites for TLS 1.3 tests instead of using
  SSL_set_cipher_list.

- Don't bother passing a sequence number size to KTLS test functions.
  These functions always test TLS (and not DTLS) for which the
  sequence size is always the same.  In addition, even for DTLS the
  check in question (verifying that the sequence number fields in SSL
  do not change) should still pass when doing a before/after
  comparison of the field.

- Define a helper structure to hold the TLS version and cipher name
  for a single KTLS test.

- Define an array of such structures with valid KTLS ciphers and move
  #ifdef's for TLS versions and supported ciphers out of test
  functions and instead use them to define the valid members of this
  array.  This also permits using TLS 1.3 cipher suite names for
  TLS 1.3 tests.

- Use separate tests per cipher for test_ktls to give more
  fine-grained pass/fail results as is already done for
  test_ktls_sendfile.

- While here, rename test_ktls_sendfile to execute_test_ktls_sendfile
  and test_ktls_sendfile_anytls to test_ktls_sendfile.  This is more
  consistent with the naming used for test_ktls as well as other tests
  in this file.

- Close the file descriptors used for temporary sockets in ktls tests.

- Don't assume that KTLS is supported for all compile-time supported
  cipher suites at runtime.  If the kernel fails to offload a given
  cipher suite, skip the test rather than failing it.  FreeBSD kernels
  may not offload all of the cipher suites supported by its KTLS if a
  suitable driver or KTLS backend is not present.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15814)

1 files changed, 17 insertions, 18 deletions

diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c
index 52b1799b68..2d992cde23 100644
--- a/test/helpers/ssltestlib.c
+++ b/test/helpers/ssltestlib.c
@@ -774,16 +774,13 @@ static int set_nb(int fd)
     return flags;
 }
 
-int create_test_sockets(int *cfd, int *sfd)
+int create_test_sockets(int *cfdp, int *sfdp)
 {
     struct sockaddr_in sin;
     const char *host = "127.0.0.1";
     int cfd_connected = 0, ret = 0;
     socklen_t slen = sizeof(sin);
-    int afd = -1;
-
-    *cfd = -1;
-    *sfd = -1;
+    int afd = -1, cfd = -1, sfd = -1;
 
     memset ((char *) &sin, 0, sizeof(sin));
     sin.sin_family = AF_INET;
@@ -802,37 +799,39 @@ int create_test_sockets(int *cfd, int *sfd)
     if (listen(afd, 1) < 0)
         goto out;
 
-    *cfd = socket(AF_INET, SOCK_STREAM, 0);
-    if (*cfd < 0)
+    cfd = socket(AF_INET, SOCK_STREAM, 0);
+    if (cfd < 0)
         goto out;
 
     if (set_nb(afd) == -1)
         goto out;
 
-    while (*sfd == -1 || !cfd_connected ) {
-        *sfd = accept(afd, NULL, 0);
-        if (*sfd == -1 && errno != EAGAIN)
+    while (sfd == -1 || !cfd_connected ) {
+        sfd = accept(afd, NULL, 0);
+        if (sfd == -1 && errno != EAGAIN)
             goto out;
 
-        if (!cfd_connected && connect(*cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0)
+        if (!cfd_connected && connect(cfd, (struct sockaddr*)&sin, sizeof(sin)) < 0)
             goto out;
         else
             cfd_connected = 1;
     }
 
-    if (set_nb(*cfd) == -1 || set_nb(*sfd) == -1)
+    if (set_nb(cfd) == -1 || set_nb(sfd) == -1)
         goto out;
     ret = 1;
+    *cfdp = cfd;
+    *sfdp = sfd;
     goto success;
 
 out:
-        if (*cfd != -1)
-            close(*cfd);
-        if (*sfd != -1)
-            close(*sfd);
+    if (cfd != -1)
+        close(cfd);
+    if (sfd != -1)
+        close(sfd);
 success:
-        if (afd != -1)
-            close(afd);
+    if (afd != -1)
+        close(afd);
     return ret;
 }