[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Matt Caswell
matt at openssl.org
Fri Dec 30 21:34:37 UTC 2016
The branch OpenSSL_1_1_0-stable has been updated
via 7f5fb2b28c2de4730c13f35d7d90265c62693631 (commit)
via 64e3965d63c452edb590a76b81b9bdf5118af623 (commit)
from 72b993cfdf51d6cfc8705691ecda66285c507f7a (commit)
- Log -----------------------------------------------------------------
commit 7f5fb2b28c2de4730c13f35d7d90265c62693631
Author: Matt Caswell <matt at openssl.org>
Date: Fri Dec 30 17:12:11 2016 +0000
Provide some tests for the sig algs API
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
(cherry picked from commit f1b25aaed32f90b3309243d24353bf636c1c786b)
commit 64e3965d63c452edb590a76b81b9bdf5118af623
Author: Matt Caswell <matt at openssl.org>
Date: Fri Dec 30 17:11:09 2016 +0000
Fix the SSL_set1_sigalgs() macro
This macro has a typo in it which makes it unusable. This issue was already
fixed in 1.0.2 in commit 75fdee04827, but the same fix was not applied to
other branches.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2160)
(cherry picked from commit fb3ae0e830097a3a2a41a0ea82c7ad725f05a451)
-----------------------------------------------------------------------
Summary of changes:
include/openssl/ssl.h | 2 +-
test/build.info | 2 +-
test/sslapitest.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 124 insertions(+), 2 deletions(-)
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index ccb2d35..bab3ee6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1241,7 +1241,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTX_set1_sigalgs_list(ctx, s) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_set1_sigalgs(ctx, slist, slistlen) \
- SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,clistlen,(int *)slist)
+ SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist)
# define SSL_set1_sigalgs_list(ctx, s) \
SSL_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)s)
# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
diff --git a/test/build.info b/test/build.info
index c143cb1..0c2c909 100644
--- a/test/build.info
+++ b/test/build.info
@@ -268,7 +268,7 @@ IF[{- !$disabled{tests} -}]
DEPEND[bioprinttest]=../libcrypto
SOURCE[sslapitest]=sslapitest.c ssltestlib.c testutil.c
- INCLUDE[sslapitest]=../include
+ INCLUDE[sslapitest]=../include ..
DEPEND[sslapitest]=../libcrypto ../libssl
SOURCE[dtlstest]=dtlstest.c ssltestlib.c testutil.c
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 01811bf..9caf5d1 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -17,6 +17,7 @@
#include "ssltestlib.h"
#include "testutil.h"
+#include "e_os.h"
static char *cert = NULL;
static char *privkey = NULL;
@@ -875,6 +876,126 @@ static int test_ssl_bio_change_wbio(void)
EXECUTE_TEST(execute_test_ssl_bio, ssl_bio_tear_down);
}
+typedef struct {
+ /* The list of sig algs */
+ const int *list;
+ /* The length of the list */
+ size_t listlen;
+ /* A sigalgs list in string format */
+ const char *liststr;
+ /* Whether setting the list should succeed */
+ int valid;
+ /* Whether creating a connection with the list should succeed */
+ int connsuccess;
+} sigalgs_list;
+
+static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
+static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
+static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
+static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
+static const int invalidlist2[] = {NID_sha256, NID_undef};
+static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
+static const int invalidlist4[] = {NID_sha256};
+static const sigalgs_list testsigalgs[] = {
+ {validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
+ {validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
+ {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
+ {NULL, 0, "RSA+SHA256", 1, 1},
+ {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
+ {NULL, 0, "ECDSA+SHA512", 1, 0},
+ {invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
+ {invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
+ {invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
+ {invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
+ {NULL, 0, "RSA", 0, 0},
+ {NULL, 0, "SHA256", 0, 0},
+ {NULL, 0, "RSA+SHA256:SHA256", 0, 0},
+ {NULL, 0, "Invalid", 0, 0}};
+
+static int test_set_sigalgs(int idx)
+{
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+ int testresult = 0;
+ const sigalgs_list *curr;
+ int testctx;
+
+ /* Should never happen */
+ if ((size_t)idx >= OSSL_NELEM(testsigalgs) * 2)
+ return 0;
+
+ testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
+ curr = testctx ? &testsigalgs[idx]
+ : &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
+
+ if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
+ &cctx, cert, privkey)) {
+ printf("Unable to create SSL_CTX pair\n");
+ return 0;
+ }
+
+ if (testctx) {
+ int ret;
+ if (curr->list != NULL)
+ ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
+ else
+ ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
+
+ if (!ret) {
+ if (curr->valid)
+ printf("Unexpected failure setting sigalgs in SSL_CTX (%d)\n",
+ idx);
+ else
+ testresult = 1;
+ goto end;
+ }
+ if (!curr->valid) {
+ printf("Unexpected success setting sigalgs in SSL_CTX (%d)\n", idx);
+ goto end;
+ }
+ }
+
+ if (!create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) {
+ printf("Unable to create SSL objects\n");
+ goto end;
+ }
+
+ if (!testctx) {
+ int ret;
+
+ if (curr->list != NULL)
+ ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
+ else
+ ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
+ if (!ret) {
+ if (curr->valid)
+ printf("Unexpected failure setting sigalgs in SSL (%d)\n", idx);
+ else
+ testresult = 1;
+ goto end;
+ }
+ if (!curr->valid) {
+ printf("Unexpected success setting sigalgs in SSL (%d)\n", idx);
+ goto end;
+ }
+ }
+
+ if (curr->connsuccess != create_ssl_connection(serverssl, clientssl)) {
+ printf("Unexpected return value creating SSL connection (%d)\n", idx);
+ goto end;
+ }
+
+ testresult = 1;
+
+ end:
+ SSL_free(serverssl);
+ SSL_free(clientssl);
+ SSL_CTX_free(sctx);
+ SSL_CTX_free(cctx);
+
+ return testresult;
+}
+
int main(int argc, char *argv[])
{
BIO *err = NULL;
@@ -909,6 +1030,7 @@ int main(int argc, char *argv[])
ADD_TEST(test_ssl_bio_pop_ssl_bio);
ADD_TEST(test_ssl_bio_change_rbio);
ADD_TEST(test_ssl_bio_change_wbio);
+ ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
testresult = run_tests(argv[0]);
More information about the openssl-commits
mailing list