shim: move |TestState| and |TestConfig| to their own files.

This makes |TestState| and |TestConfig| accessible outside
bssl_shim.cc, as well as the functions SetupCtx() and NewSSL(), which
become methods on |TestConfig|.  A whole mess of callbacks move in
order to support this change.

Along the way, some bits of global state are moved (e.g. the global
test clock) and made self-initializing.

This helps with creating a separate binary to perform split
handshakes.

Change-Id: I39b00a1819074882353f5f04ed01312916f3cccb
Reviewed-on: https://boringssl-review.googlesource.com/29345
Commit-Queue: Matt Braithwaite <mab@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>

ssl/test/CMakeLists.txt

@@ -8,6 +8,7 @@ add_executable(
   packeted_bio.cc
   settings_writer.cc
   test_config.cc
+  test_state.cc
 
   $<TARGET_OBJECTS:test_support>
 )

ssl/test/test_config.h

@@ -18,6 +18,10 @@
 #include <string>
 #include <vector>
 
+#include <openssl/base.h>
+#include <openssl/x509.h>
+
+#include "test_state.h"
 
 struct TestConfig {
   int port = 0;
@@ -160,10 +164,27 @@ struct TestConfig {
   bool decline_ocsp_callback = false;
   bool fail_ocsp_callback = false;
   bool install_cert_compression_algs = false;
+
+  bssl::UniquePtr<SSL_CTX> SetupCtx(SSL_CTX *old_ctx) const;
+
+  bssl::UniquePtr<SSL> NewSSL(SSL_CTX *ssl_ctx, SSL_SESSION *session,
+                              bool is_resume,
+                              std::unique_ptr<TestState> test_state) const;
 };
 
 bool ParseConfig(int argc, char **argv, TestConfig *out_initial,
                  TestConfig *out_resume, TestConfig *out_retry);
 
+bool SetTestConfig(SSL *ssl, const TestConfig *config);
+
+const TestConfig *GetTestConfig(const SSL *ssl);
+
+bool MoveTestConfig(SSL *dest, SSL *src);
+
+bool LoadCertificate(bssl::UniquePtr<X509> *out_x509,
+                     bssl::UniquePtr<STACK_OF(X509)> *out_chain,
+                     const std::string &file);
+
+bssl::UniquePtr<EVP_PKEY> LoadPrivateKey(const std::string &file);
 
 #endif  // HEADER_TEST_CONFIG

ssl/test/test_state.cc

@@ -0,0 +1,86 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "test_state.h"
+
+#include <openssl/ssl.h>
+
+#include "../../crypto/internal.h"
+#include "../internal.h"
+
+static CRYPTO_once_t g_once = CRYPTO_ONCE_INIT;
+static int g_state_index = 0;
+// Some code treats the zero time special, so initialize the clock to a
+// non-zero time.
+static timeval g_clock = { 1234, 1234 };
+
+static void TestStateExFree(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                            int index, long argl, void *argp) {
+  delete ((TestState *)ptr);
+}
+
+static void init_once() {
+  g_state_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, TestStateExFree);
+  if (g_state_index < 0) {
+    abort();
+  }
+}
+
+struct timeval *GetClock() {
+  CRYPTO_once(&g_once, init_once);
+  return &g_clock;
+}
+
+void AdvanceClock(unsigned seconds) {
+  CRYPTO_once(&g_once, init_once);
+  g_clock.tv_sec += seconds;
+}
+
+bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state) {
+  CRYPTO_once(&g_once, init_once);
+  // |SSL_set_ex_data| takes ownership of |state| only on success.
+  if (SSL_set_ex_data(ssl, g_state_index, state.get()) == 1) {
+    state.release();
+    return true;
+  }
+  return false;
+}
+
+TestState *GetTestState(const SSL *ssl) {
+  CRYPTO_once(&g_once, init_once);
+  return (TestState *)SSL_get_ex_data(ssl, g_state_index);
+}
+
+bool MoveTestState(SSL *dest, SSL *src) {
+  TestState *state = GetTestState(src);
+  if (!SSL_set_ex_data(src, g_state_index, nullptr) ||
+      !SSL_set_ex_data(dest, g_state_index, state)) {
+    return false;
+  }
+
+  return true;
+}
+
+static void ssl_ctx_add_session(SSL_SESSION *session, void *void_param) {
+  SSL_CTX *ctx = reinterpret_cast<SSL_CTX *>(void_param);
+  bssl::UniquePtr<SSL_SESSION> new_session = bssl::SSL_SESSION_dup(
+      session, SSL_SESSION_INCLUDE_NONAUTH | SSL_SESSION_INCLUDE_TICKET);
+  if (new_session != nullptr) {
+    SSL_CTX_add_session(ctx, new_session.get());
+  }
+}
+
+void CopySessions(SSL_CTX *dst, const SSL_CTX *src) {
+  lh_SSL_SESSION_doall_arg(src->sessions, ssl_ctx_add_session, dst);
+}

ssl/test/test_state.h

@@ -0,0 +1,67 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef HEADER_TEST_STATE
+#define HEADER_TEST_STATE
+
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <openssl/base.h>
+
+struct TestState {
+  // async_bio is async BIO which pauses reads and writes.
+  BIO *async_bio = nullptr;
+  // packeted_bio is the packeted BIO which simulates read timeouts.
+  BIO *packeted_bio = nullptr;
+  bssl::UniquePtr<EVP_PKEY> channel_id;
+  bool cert_ready = false;
+  bssl::UniquePtr<SSL_SESSION> session;
+  bssl::UniquePtr<SSL_SESSION> pending_session;
+  bool early_callback_called = false;
+  bool handshake_done = false;
+  // private_key is the underlying private key used when testing custom keys.
+  bssl::UniquePtr<EVP_PKEY> private_key;
+  std::vector<uint8_t> private_key_result;
+  // private_key_retries is the number of times an asynchronous private key
+  // operation has been retried.
+  unsigned private_key_retries = 0;
+  bool got_new_session = false;
+  bssl::UniquePtr<SSL_SESSION> new_session;
+  bool ticket_decrypt_done = false;
+  bool alpn_select_done = false;
+  bool is_resume = false;
+  bool early_callback_ready = false;
+  bool custom_verify_ready = false;
+  std::string msg_callback_text;
+  bool msg_callback_ok = true;
+  // cert_verified is true if certificate verification has been driven to
+  // completion. This tests that the callback is not called again after this.
+  bool cert_verified = false;
+};
+
+bool SetTestState(SSL *ssl, std::unique_ptr<TestState> state);
+
+TestState *GetTestState(const SSL *ssl);
+
+bool MoveTestState(SSL *dest, SSL *src);
+
+struct timeval *GetClock();
+
+void AdvanceClock(unsigned seconds);
+
+void CopySessions(SSL_CTX *dest, const SSL_CTX *src);
+
+#endif  // HEADER_TEST_STATE