[openssl-commits] [openssl] master update

Matt Caswell matt at openssl.org
Tue Apr 11 22:47:18 UTC 2017


The branch master has been updated
       via  829b2b854332bb3ccacc12c86e8fac1cfebb03bb (commit)
      from  429223d198aabacd129cf6dde5a4203b5af41737 (commit)


- Log -----------------------------------------------------------------
commit 829b2b854332bb3ccacc12c86e8fac1cfebb03bb
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Apr 11 16:26:13 2017 +0100

    Convert bad_dtls_test for the new test framework
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3184)

-----------------------------------------------------------------------

Summary of changes:
 test/bad_dtls_test.c | 218 +++++++++++++++++++++------------------------------
 test/build.info      |   2 +-
 2 files changed, 92 insertions(+), 128 deletions(-)

diff --git a/test/bad_dtls_test.c b/test/bad_dtls_test.c
index 1408a13..43733e9 100644
--- a/test/bad_dtls_test.c
+++ b/test/bad_dtls_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,6 +41,9 @@
 #include "../ssl/packet_locl.h"
 #include "../e_os.h" /* for OSSL_NELEM() */
 
+#include "test_main.h"
+#include "testutil.h"
+
 /* For DTLS1_BAD_VER packets the MAC doesn't include the handshake header */
 #define MAC_OFFSET (DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH)
 
@@ -182,7 +185,7 @@ static int validate_client_hello(BIO *wbio)
     /* Update handshake MAC for second ClientHello (with cookie) */
     if (cookie_found && !EVP_DigestUpdate(handshake_md, data + MAC_OFFSET,
                                           len - MAC_OFFSET))
-            printf("EVP_DigestUpdate() failed\n");
+        return 0;
 
     (void)BIO_reset(wbio);
 
@@ -259,7 +262,7 @@ static int send_server_hello(BIO *rbio)
 
     if (!EVP_DigestUpdate(handshake_md, server_hello + MAC_OFFSET,
                           sizeof(server_hello) - MAC_OFFSET))
-        printf("EVP_DigestUpdate() failed\n");
+        return 0;
 
     BIO_write(rbio, server_hello, sizeof(server_hello));
     BIO_write(rbio, change_cipher_spec, sizeof(change_cipher_spec));
@@ -268,7 +271,7 @@ static int send_server_hello(BIO *rbio)
 }
 
 /* Create header, HMAC, pad, encrypt and send a record */
-static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
+static int send_record(BIO *rbio, unsigned char type, uint64_t seqnr,
                        const void *msg, size_t len)
 {
     /* Note that the order of the record header fields on the wire,
@@ -284,10 +287,8 @@ static int send_record(BIO *rbio, unsigned char type, unsigned long seqnr,
     unsigned char pad;
     unsigned char *enc;
 
-#ifdef SIXTY_FOUR_BIT_LONG
     seq[0] = (seqnr >> 40) & 0xff;
     seq[1] = (seqnr >> 32) & 0xff;
-#endif
     seq[2] = (seqnr >> 24) & 0xff;
     seq[3] = (seqnr >> 16) & 0xff;
     seq[4] = (seqnr >> 8) & 0xff;
@@ -365,7 +366,7 @@ static int send_finished(SSL *s, BIO *rbio)
 
     /* Generate Finished MAC */
     if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL))
-        printf("EVP_DigestFinal_ex() failed\n");
+        return 0;
 
     do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
            handshake_hash, EVP_MD_CTX_size(handshake_md),
@@ -428,7 +429,7 @@ static int validate_ccs(BIO *wbio)
 #define DROP(x)   { x##UL, 1 }
 
 static struct {
-    unsigned long seq;
+    uint64_t seq;
     int drop;
 } tests[] = {
     NODROP(1), NODROP(3), NODROP(2),
@@ -443,24 +444,18 @@ static struct {
     /* The last test should be NODROP, because a DROP wouldn't get tested. */
 };
 
-int main(int argc, char *argv[])
+static int test_bad_dtls(void)
 {
-    SSL_SESSION *sess;
-    SSL_CTX *ctx;
-    SSL *con;
-    BIO *rbio;
-    BIO *wbio;
-    BIO *err;
+    SSL_SESSION *sess = NULL;
+    SSL_CTX *ctx = NULL;
+    SSL *con = NULL;
+    BIO *rbio = NULL;
+    BIO *wbio = NULL;
     time_t now = 0;
     int testresult = 0;
     int ret;
     int i;
 
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
     RAND_bytes(session_id, sizeof(session_id));
     RAND_bytes(master_secret, sizeof(master_secret));
     RAND_bytes(cookie, sizeof(cookie));
@@ -470,99 +465,78 @@ int main(int argc, char *argv[])
     memcpy(server_random, &now, sizeof(now));
 
     sess = client_session();
-    if (sess == NULL) {
-        printf("Failed to generate SSL_SESSION\n");
+    if (!TEST_ptr(sess))
         goto end;
-    }
 
     handshake_md = EVP_MD_CTX_new();
-    if (handshake_md == NULL ||
-        !EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(), NULL)) {
-        printf("Failed to initialise handshake_md\n");
+    if (!TEST_ptr(handshake_md)
+            || !TEST_true(EVP_DigestInit_ex(handshake_md, EVP_md5_sha1(),
+                                            NULL)))
         goto end;
-    }
 
     ctx = SSL_CTX_new(DTLS_client_method());
-    if (ctx == NULL) {
-        printf("Failed to allocate SSL_CTX\n");
-        goto end_md;
-    }
-    if (!SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER)) {
-        printf("SSL_CTX_set_min_proto_version() failed\n");
-        goto end_ctx;
-    }
-    if (!SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER)) {
-        printf("SSL_CTX_set_max_proto_version() failed\n");
-        goto end_ctx;
-    }
-
-    if (!SSL_CTX_set_cipher_list(ctx, "AES128-SHA")) {
-        printf("SSL_CTX_set_cipher_list() failed\n");
-        goto end_ctx;
-    }
+    if (!TEST_ptr(ctx)
+            || !TEST_true(SSL_CTX_set_min_proto_version(ctx, DTLS1_BAD_VER))
+            || !TEST_true(SSL_CTX_set_max_proto_version(ctx, DTLS1_BAD_VER))
+            || !TEST_true(SSL_CTX_set_cipher_list(ctx, "AES128-SHA")))
+        goto end;
 
     con = SSL_new(ctx);
-    if (!SSL_set_session(con, sess)) {
-        printf("SSL_set_session() failed\n");
-        goto end_con;
-    }
+    if (!TEST_ptr(con)
+            || !TEST_true(SSL_set_session(con, sess)))
+        goto end;
     SSL_SESSION_free(sess);
 
     rbio = BIO_new(BIO_s_mem());
     wbio = BIO_new(BIO_s_mem());
 
-    BIO_set_nbio(rbio, 1);
-    BIO_set_nbio(wbio, 1);
+    if (!TEST_ptr(rbio)
+            || !TEST_ptr(wbio))
+        goto end;
 
     SSL_set_bio(con, rbio, wbio);
+
+    if (!TEST_true(BIO_up_ref(rbio))) {
+        /*
+         * We can't up-ref but we assigned ownership to con, so we shouldn't
+         * free in the "end" block
+         */
+        rbio = wbio = NULL;
+        goto end;
+    }
+
+    if (!TEST_true(BIO_up_ref(wbio))) {
+        wbio = NULL;
+        goto end;
+    }
+
     SSL_set_connect_state(con);
 
     /* Send initial ClientHello */
     ret = SSL_do_handshake(con);
-    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
-        printf("Unexpected handshake result at initial call!\n");
-        goto end_con;
-    }
+    if (!TEST_int_le(ret, 0)
+            || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ)
+            || !TEST_int_eq(validate_client_hello(wbio), 1)
+            || !TEST_true(send_hello_verify(rbio)))
+        goto end;
 
-    if (validate_client_hello(wbio) != 1) {
-        printf("Initial ClientHello failed validation\n");
-        goto end_con;
-    }
-    if (send_hello_verify(rbio) != 1) {
-        printf("Failed to send HelloVerify\n");
-        goto end_con;
-    }
     ret = SSL_do_handshake(con);
-    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
-        printf("Unexpected handshake result after HelloVerify!\n");
-        goto end_con;
-    }
-    if (validate_client_hello(wbio) != 2) {
-        printf("Second ClientHello failed validation\n");
-        goto end_con;
-    }
-    if (send_server_hello(rbio) != 1) {
-        printf("Failed to send ServerHello\n");
-        goto end_con;
-    }
+    if (!TEST_int_le(ret, 0)
+            || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ)
+            || !TEST_int_eq(validate_client_hello(wbio), 2)
+            || !TEST_true(send_server_hello(rbio)))
+        goto end;
+
     ret = SSL_do_handshake(con);
-    if (ret > 0 || SSL_get_error(con, ret) != SSL_ERROR_WANT_READ) {
-        printf("Unexpected handshake result after ServerHello!\n");
-        goto end_con;
-    }
-    if (send_finished(con, rbio) != 1) {
-        printf("Failed to send Finished\n");
-        goto end_con;
-    }
+    if (!TEST_int_le(ret, 0)
+            || !TEST_int_eq(SSL_get_error(con, ret), SSL_ERROR_WANT_READ)
+            || !TEST_true(send_finished(con, rbio)))
+        goto end;
+
     ret = SSL_do_handshake(con);
-    if (ret < 1) {
-        printf("Handshake not successful after Finished!\n");
-        goto end_con;
-    }
-    if (validate_ccs(wbio) != 1) {
-        printf("Failed to validate client CCS/Finished\n");
-        goto end_con;
-    }
+    if (!TEST_int_gt(ret, 0)
+            || !TEST_true(validate_ccs(wbio)))
+        goto end;
 
     /* While we're here and crafting packets by hand, we might as well do a
        bit of a stress test on the DTLS record replay handling. Not Cisco-DTLS
@@ -570,55 +544,45 @@ int main(int argc, char *argv[])
        before, and in fact was broken even for a basic 0, 2, 1 test case
        when this test was first added.... */
     for (i = 0; i < (int)OSSL_NELEM(tests); i++) {
-        unsigned long recv_buf[2];
+        uint64_t recv_buf[2];
 
-        if (send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq,
-                        &tests[i].seq, sizeof(unsigned long)) != 1) {
-            printf("Failed to send data seq #0x%lx (%d)\n",
-                   tests[i].seq, i);
-            goto end_con;
+        if (!TEST_true(send_record(rbio, SSL3_RT_APPLICATION_DATA, tests[i].seq,
+                                   &tests[i].seq, sizeof(uint64_t)))) {
+            TEST_error("Failed to send data seq #0x%lx (%d)\n",
+                       tests[i].seq, i);
+            goto end;
         }
 
         if (tests[i].drop)
             continue;
 
-        ret = SSL_read(con, recv_buf, 2 * sizeof(unsigned long));
-        if (ret != sizeof(unsigned long)) {
-            printf("SSL_read failed or wrong size on seq#0x%lx (%d)\n",
-                   tests[i].seq, i);
-            goto end_con;
-        }
-        if (recv_buf[0] != tests[i].seq) {
-            printf("Wrong data packet received (0x%lx not 0x%lx) at packet %d\n",
-                   recv_buf[0], tests[i].seq, i);
-            goto end_con;
+        ret = SSL_read(con, recv_buf, 2 * sizeof(uint64_t));
+        if (!TEST_int_eq(ret, (int)sizeof(uint64_t))) {
+            TEST_error("SSL_read failed or wrong size on seq#0x%lx (%d)\n",
+                       tests[i].seq, i);
+            goto end;
         }
+        if (!TEST_true(recv_buf[0] == tests[i].seq))
+            goto end;
     }
-    if (tests[i-1].drop) {
-        printf("Error: last test cannot be DROP()\n");
-        goto end_con;
-    }
-    testresult=1;
 
- end_con:
+    /* The last test cannot be DROP() */
+    if (!TEST_false(tests[i-1].drop))
+        goto end;
+
+    testresult = 1;
+
+ end:
+    BIO_free(rbio);
+    BIO_free(wbio);
     SSL_free(con);
- end_ctx:
     SSL_CTX_free(ctx);
- end_md:
     EVP_MD_CTX_free(handshake_md);
- end:
-    ERR_print_errors_fp(stderr);
-
-    if (!testresult) {
-        printf("Cisco BadDTLS test: FAILED\n");
-    }
 
+    return testresult;
+}
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (CRYPTO_mem_leaks(err) <= 0)
-        testresult = 0;
-#endif
-    BIO_free(err);
-
-    return testresult?0:1;
+void register_tests(void)
+{
+    ADD_TEST(test_bad_dtls);
 }
diff --git a/test/build.info b/test/build.info
index 666cf53..0d82469 100644
--- a/test/build.info
+++ b/test/build.info
@@ -191,7 +191,7 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[clienthellotest]=../include
   DEPEND[clienthellotest]=../libcrypto ../libssl
 
-  SOURCE[bad_dtls_test]=bad_dtls_test.c
+  SOURCE[bad_dtls_test]=bad_dtls_test.c testutil.c test_main.c
   INCLUDE[bad_dtls_test]=../include
   DEPEND[bad_dtls_test]=../libcrypto ../libssl
 


More information about the openssl-commits mailing list