[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Fri Dec 30 21:34:37 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  7f5fb2b28c2de4730c13f35d7d90265c62693631 (commit)
       via  64e3965d63c452edb590a76b81b9bdf5118af623 (commit)
      from  72b993cfdf51d6cfc8705691ecda66285c507f7a (commit)


- Log -----------------------------------------------------------------
commit 7f5fb2b28c2de4730c13f35d7d90265c62693631
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Dec 30 17:12:11 2016 +0000

    Provide some tests for the sig algs API
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2160)
    (cherry picked from commit f1b25aaed32f90b3309243d24353bf636c1c786b)

commit 64e3965d63c452edb590a76b81b9bdf5118af623
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Dec 30 17:11:09 2016 +0000

    Fix the SSL_set1_sigalgs() macro
    
    This macro has a typo in it which makes it unusable. This issue was already
    fixed in 1.0.2 in commit 75fdee04827, but the same fix was not applied to
    other branches.
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2160)
    (cherry picked from commit fb3ae0e830097a3a2a41a0ea82c7ad725f05a451)

-----------------------------------------------------------------------

Summary of changes:
 include/openssl/ssl.h |   2 +-
 test/build.info       |   2 +-
 test/sslapitest.c     | 122 ++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 124 insertions(+), 2 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ccb2d35..bab3ee6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1241,7 +1241,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 # define SSL_CTX_set1_sigalgs_list(ctx, s) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
 # define SSL_set1_sigalgs(ctx, slist, slistlen) \
-        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
+        SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
 # define SSL_set1_sigalgs_list(ctx, s) \
         SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
 # define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
diff --git a/test/build.info b/test/build.info
index c143cb1..0c2c909 100644
--- a/test/build.info
+++ b/test/build.info
@@ -268,7 +268,7 @@ IF[{- !$disabled{tests} -}]
   DEPEND[bioprinttest]=../libcrypto
 
   SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c
-  INCLUDE[sslapitest]=../include
+  INCLUDE[sslapitest]=../include ..
   DEPEND[sslapitest]=../libcrypto ../libssl
 
   SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 01811bf..9caf5d1 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -17,6 +17,7 @@
 
 #include "ssltestlib.h"
 #include "testutil.h"
+#include "e_os.h"
 
 static char *cert = NULL;
 static char *privkey = NULL;
@@ -875,6 +876,126 @@ static int test_ssl_bio_change_wbio(void)
     EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
 }
 
+typedef struct {
+    /* The list of sig algs */
+    const int *list;
+    /* The length of the list */
+    size_t listlen;
+    /* A sigalgs list in string format */
+    const char *liststr;
+    /* Whether setting the list should succeed */
+    int valid;
+    /* Whether creating a connection with the list should succeed */
+    int connsuccess;
+} sigalgs_list;
+
+static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
+static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
+static const int invalidlist2[] = {NID_sha256, NID_undef};
+static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
+static const int invalidlist4[] = {NID_sha256};
+static const sigalgs_list testsigalgs[] = {
+    {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+    {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
+    {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+    {NULL, 0, "RSA+SHA256", 1, 1},
+    {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
+    {NULL, 0, "ECDSA+SHA512", 1, 0},
+    {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
+    {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
+    {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
+    {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
+    {NULL, 0, "RSA", 0, 0},
+    {NULL, 0, "SHA256", 0, 0},
+    {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
+    {NULL, 0, "Invalid", 0, 0}};
+
+static int test_set_sigalgs(int idx)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+    const sigalgs_list *curr;
+    int testctx;
+
+    /* Should never happen */
+    if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2)
+        return 0;
+
+    testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
+    curr = testctx ? &testsigalgs[idx]
+                   : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
+
+    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
+                             &cctx, cert, privkey)) {
+        printf("Unable to create SSL_CTX pair\n");
+        return 0;
+    }
+
+    if (testctx) {
+        int ret;
+        if (curr->list != NULL)
+            ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
+        else
+            ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
+
+        if (!ret) {
+            if (curr->valid)
+                printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
+                       idx);
+            else
+                testresult = 1;
+            goto end;
+        }
+        if (!curr->valid) {
+            printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx);
+            goto end;
+        }
+    }
+
+    if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+        printf("Unable to create SSL objects\n");
+        goto end;
+    }
+
+    if (!testctx) {
+        int ret;
+
+        if (curr->list != NULL)
+            ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
+        else
+            ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
+        if (!ret) {
+            if (curr->valid)
+                printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx);
+            else
+                testresult = 1;
+            goto end;
+        }
+        if (!curr->valid) {
+            printf("Unexpected success setting sigalgs in SSL (%d)\n", idx);
+            goto end;
+        }
+    }
+
+    if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+        printf("Unexpected return value creating SSL connection (%d)\n", idx);
+        goto end;
+    }
+
+    testresult = 1;
+
+ end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+
+    return testresult;
+}
+
 int main(int argc, char *argv[])
 {
     BIO *err = NULL;
@@ -909,6 +1030,7 @@ int main(int argc, char *argv[])
     ADD_TEST(test_ssl_bio_pop_ssl_bio);
     ADD_TEST(test_ssl_bio_change_rbio);
     ADD_TEST(test_ssl_bio_change_wbio);
+    ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
 
     testresult = run_tests(argv[0]);
 


More information about the openssl-commits mailing list