[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Fri Dec 30 21:34:16 UTC 2016
The branch master has been updated
via d2e491f225d465b11f18a466bf399d4a899cb50e (commit)
via f1b25aaed32f90b3309243d24353bf636c1c786b (commit)
via fb3ae0e830097a3a2a41a0ea82c7ad725f05a451 (commit)
from 2ed4c5714946a8d0285905d0fc98663bb785eb83 (commit)
- Log -----------------------------------------------------------------
commit d2e491f225d465b11f18a466bf399d4a899cb50e
Author: Matt Caswell <matt at openssl.org>
Date: Fri Dec 30 17:20:14 2016 +0000
Don't run the sigalgs tests over a TLSv1.3 connection
We need a new API for TLSv1.3 sig algs
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
commit f1b25aaed32f90b3309243d24353bf636c1c786b
Author: Matt Caswell <matt at openssl.org>
Date: Fri Dec 30 17:12:11 2016 +0000
Provide some tests for the sig algs API
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
commit fb3ae0e830097a3a2a41a0ea82c7ad725f05a451
Author: Matt Caswell <matt at openssl.org>
Date: Fri Dec 30 17:11:09 2016 +0000
Fix the SSL_set1_sigalgs() macro
This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04827, but the same fix was not applied to
other branches.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 2 +-
test/build.info | 2 +-
test/sslapitest.c | 128 ++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 130 insertions(+), 2 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index e746a81..68c13d4 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1258,7 +1258,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
- SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
+ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_set1_sigalgs_list(ctx, s) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
diff --git a/test/build.info b/test/build.info
index 92ac237..62949a5 100644
--- a/test/build.info
+++ b/test/build.info
@@ -273,7 +273,7 @@ IF[{- !$disabled{tests} -}]
DEPEND[bioprinttest]=../libcrypto
SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c test_main_custom.c
- INCLUDE[sslapitest]=../include
+ INCLUDE[sslapitest]=../include ..
DEPEND[sslapitest]=../libcrypto ../libssl
SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c test_main_custom.c
diff --git a/test/sslapitest.c b/test/sslapitest.c
index e370807..d20aec8 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -18,6 +18,7 @@
#include "ssltestlib.h"
#include "testutil.h"
#include "test_main_custom.h"
+#include "e_os.h"
static char *cert = NULL;
static char *privkey = NULL;
@@ -878,6 +879,132 @@ static int test_ssl_bio_change_wbio(void)
EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
}
+typedef struct {
+ /* The list of sig algs */
+ const int *list;
+ /* The length of the list */
+ size_t listlen;
+ /* A sigalgs list in string format */
+ const char *liststr;
+ /* Whether setting the list should succeed */
+ int valid;
+ /* Whether creating a connection with the list should succeed */
+ int connsuccess;
+} sigalgs_list;
+
+static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
+static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
+static const int invalidlist2[] = {NID_sha256, NID_undef};
+static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
+static const int invalidlist4[] = {NID_sha256};
+static const sigalgs_list testsigalgs[] = {
+ {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+ {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
+ {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+ {NULL, 0, "RSA+SHA256", 1, 1},
+ {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
+ {NULL, 0, "ECDSA+SHA512", 1, 0},
+ {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
+ {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
+ {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
+ {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
+ {NULL, 0, "RSA", 0, 0},
+ {NULL, 0, "SHA256", 0, 0},
+ {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
+ {NULL, 0, "Invalid", 0, 0}};
+
+static int test_set_sigalgs(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ const sigalgs_list *curr;
+ int testctx;
+
+ /* Should never happen */
+ if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2)
+ return 0;
+
+ testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
+ curr = testctx ? &testsigalgs[idx]
+ : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
+
+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
+ &cctx, cert, privkey)) {
+ printf("Unable to create SSL_CTX pair\n");
+ return 0;
+ }
+
+ /*
+ * TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
+ * for TLSv1.2 for now until we add a new API.
+ */
+ SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
+
+ if (testctx) {
+ int ret;
+ if (curr->list != NULL)
+ ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
+ else
+ ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
+
+ if (!ret) {
+ if (curr->valid)
+ printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
+ idx);
+ else
+ testresult = 1;
+ goto end;
+ }
+ if (!curr->valid) {
+ printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx);
+ goto end;
+ }
+ }
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+ printf("Unable to create SSL objects\n");
+ goto end;
+ }
+
+ if (!testctx) {
+ int ret;
+
+ if (curr->list != NULL)
+ ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
+ else
+ ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
+ if (!ret) {
+ if (curr->valid)
+ printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx);
+ else
+ testresult = 1;
+ goto end;
+ }
+ if (!curr->valid) {
+ printf("Unexpected success setting sigalgs in SSL (%d)\n", idx);
+ goto end;
+ }
+ }
+
+ if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+ printf("Unexpected return value creating SSL connection (%d)\n", idx);
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
int test_main(int argc, char *argv[])
{
int testresult = 1;
@@ -904,6 +1031,7 @@ int test_main(int argc, char *argv[])
ADD_TEST(test_ssl_bio_pop_ssl_bio);
ADD_TEST(test_ssl_bio_change_rbio);
ADD_TEST(test_ssl_bio_change_wbio);
+ ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
testresult = run_tests(argv[0]);
More information about the openssl-commits
mailing list