[openssl-commits] [openssl] master update
Richard Levitte
levitte at openssl.org
Wed Apr 12 10:30:42 UTC 2017
The branch master has been updated
via c983bc4fb2a501df36b95da160ef9002c15cb8fe (commit)
via 9fea3a51e5a1816c95bb687ebab4b64656e1b2bb (commit)
via fa2274e805b9787d90306963e3921a9e6f7010eb (commit)
from cbf0cfafd14038a7bc9674aaf9200eced7fcc842 (commit)
- Log -----------------------------------------------------------------
commit c983bc4fb2a501df36b95da160ef9002c15cb8fe
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Apr 11 01:38:00 2017 +0200
Add tests of custom negative 1
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
commit 9fea3a51e5a1816c95bb687ebab4b64656e1b2bb
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Apr 11 01:37:28 2017 +0200
Fix definition of i2d_fn in asn1_encode_test.c
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
commit fa2274e805b9787d90306963e3921a9e6f7010eb
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Apr 11 01:33:50 2017 +0200
In asn1_encode_test.c, add custom DER encoding checks
We're already checking that custom DER decodes to expected values (or
fails to do so), but we didn't check if values encode back to expected
DER.
Reviewed-by: Andy Polyakov <appro at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3174)
-----------------------------------------------------------------------
Summary of changes:
test/asn1_encode_test.c | 176 +++++++++++++++++++++++++++++++++++++++---------
1 file changed, 145 insertions(+), 31 deletions(-)
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index 36cf7f9..763c427 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -38,6 +38,9 @@ static unsigned char t_zero[] = {
static unsigned char t_one[] = {
0x01
};
+static unsigned char t_one_neg[] = {
+ 0xff
+};
static unsigned char t_longundef[] = {
0x7f, 0xff, 0xff, 0xff
};
@@ -95,6 +98,7 @@ static TEST_CUSTOM_DATA test_custom_data[] = {
CUSTOM_DATA(t_zero),
CUSTOM_DATA(t_longundef),
CUSTOM_DATA(t_one),
+ CUSTOM_DATA(t_one_neg),
CUSTOM_DATA(t_9bytes_1),
CUSTOM_DATA(t_8bytes_1),
CUSTOM_DATA(t_8bytes_2),
@@ -132,7 +136,7 @@ static TEST_CUSTOM_DATA test_custom_data[] = {
* A structure to collect all test information in. There MUST be one instance
* of this for each test
*/
-typedef int i2d_fn(void **a, unsigned char **pp);
+typedef int i2d_fn(void *a, unsigned char **pp);
typedef void *d2i_fn(void **a, unsigned char **pp, long length);
typedef void ifree_fn(void *a);
typedef struct {
@@ -194,6 +198,7 @@ static ASN1_LONG_DATA long_expected_32bit[] = {
{ 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
@@ -228,6 +233,7 @@ static ASN1_LONG_DATA long_expected_64bit[] = {
{ 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_SUCCESS(LONG_MAX, LONG_MAX), /* t_8bytes_2 */
@@ -279,6 +285,7 @@ static ASN1_INT32_DATA int32_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
@@ -325,6 +332,7 @@ static ASN1_UINT32_DATA uint32_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
@@ -371,6 +379,7 @@ static ASN1_INT64_DATA int64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
@@ -418,6 +427,7 @@ static ASN1_UINT64_DATA uint64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
+ CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_SUCCESS((uint64_t)INT64_MAX+1, (uint64_t)INT64_MAX+1),
/* t_8bytes_1 */
@@ -489,6 +499,41 @@ static int do_decode(unsigned char *bytes, long nbytes,
return ret;
}
+/*
+ * do_encode returns a tristate:
+ *
+ * -1 Couldn't encode
+ * 0 encoded DER wasn't what was expected (failure)
+ * 1 encoded DER was what was expected (success)
+ */
+static int do_encode(EXPECTED *input,
+ const unsigned char *expected, size_t expected_len,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *data = NULL;
+ int len;
+ int ret = 0;
+
+ len = package->i2d(input, &data);
+ if (len < 0)
+ return -1;
+
+ if ((size_t)len != expected_len
+ || memcmp(data, expected, expected_len) != 0) {
+ if (input->success == 0) {
+ ret = 1;
+ ERR_clear_error();
+ } else {
+ ret = 0;
+ }
+ } else {
+ ret = 1;
+ }
+
+ OPENSSL_free(data);
+ return ret;
+}
+
/* Do an encode/decode round trip */
static int do_enc_dec(EXPECTED *bytes, long nbytes,
const TEST_PACKAGE *package)
@@ -535,15 +580,13 @@ static size_t der_encode_length(size_t len, unsigned char **pp)
return lenbytes;
}
-/* Attempt to decode a custom encoding of the test structure */
-static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
- const EXPECTED *expected, size_t expected_size,
- const TEST_PACKAGE *package)
+static size_t make_custom_der(const TEST_CUSTOM_DATA *custom_data,
+ unsigned char **encoding, int explicit_default)
{
- size_t firstbytes, secondbytes, secondbytesinner, seqbytes;
+ size_t firstbytes, secondbytes = 0, secondbytesinner = 0, seqbytes;
const unsigned char t_true[] = { V_ASN1_BOOLEAN, 0x01, 0xff };
- unsigned char *encoding, *p = NULL;
- int ret;
+ unsigned char *p = NULL;
+ size_t i;
/*
* The first item is just an INTEGER tag, INTEGER length and INTEGER content
@@ -552,15 +595,21 @@ static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
1 + der_encode_length(custom_data->nbytes1, NULL)
+ custom_data->nbytes1;
- /*
- * The second item is an explicit tag, content length, INTEGER tag,
- * INTEGER length, INTEGER bytes
- */
- secondbytesinner =
- 1 + der_encode_length(custom_data->nbytes2, NULL)
- + custom_data->nbytes2;
- secondbytes =
- 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner;
+ for (i = custom_data->nbytes2; i > 0; i--) {
+ if (custom_data->bytes2[i - 1] != '\0')
+ break;
+ }
+ if (explicit_default || i > 0) {
+ /*
+ * The second item is an explicit tag, content length, INTEGER tag,
+ * INTEGER length, INTEGER bytes
+ */
+ secondbytesinner =
+ 1 + der_encode_length(custom_data->nbytes2, NULL)
+ + custom_data->nbytes2;
+ secondbytes =
+ 1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner;
+ }
/*
* The whole sequence is the sequence tag, content length, BOOLEAN true
@@ -571,9 +620,9 @@ static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
1 + der_encode_length(sizeof(t_true) + firstbytes + secondbytes, NULL)
+ sizeof(t_true) + firstbytes + secondbytes;
- encoding = p = OPENSSL_malloc(seqbytes);
- if (encoding == NULL)
- return -1;
+ *encoding = p = OPENSSL_malloc(seqbytes);
+ if (*encoding == NULL)
+ return 0;
/* Sequence tag */
*p++ = 0x30;
@@ -589,23 +638,63 @@ static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
memcpy(p, custom_data->bytes1, custom_data->nbytes1);
p += custom_data->nbytes1;
- /* Second INTEGER item (optional) */
- /* Start with the explicit optional tag */
- *p++ = 0xa0;
- der_encode_length(secondbytesinner, &p);
- *p++ = V_ASN1_INTEGER;
- der_encode_length(custom_data->nbytes2, &p);
- memcpy(p, custom_data->bytes2, custom_data->nbytes2);
- p += custom_data->nbytes2;
+ if (secondbytes > 0) {
+ /* Second INTEGER item (optional) */
+ /* Start with the explicit optional tag */
+ *p++ = 0xa0;
+ der_encode_length(secondbytesinner, &p);
+ *p++ = V_ASN1_INTEGER;
+ der_encode_length(custom_data->nbytes2, &p);
+ memcpy(p, custom_data->bytes2, custom_data->nbytes2);
+ p += custom_data->nbytes2;
+ }
+
+ OPENSSL_assert(seqbytes == (size_t)(p - *encoding));
+
+ return seqbytes;
+}
- OPENSSL_assert(seqbytes == (size_t)(p - encoding));
+/* Attempt to decode a custom encoding of the test structure */
+static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
+ const EXPECTED *expected, size_t expected_size,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *encoding = NULL;
+ /*
+ * We force the defaults to be explicitely encoded to make sure we test
+ * for defaults that shouldn't be present (i.e. we check for failure)
+ */
+ size_t encoding_length = make_custom_der(custom_data, &encoding, 1);
+ int ret;
- ret = do_decode(encoding, seqbytes, expected, expected_size, package);
+ if (encoding_length == 0)
+ return -1;
+
+ ret = do_decode(encoding, encoding_length, expected, expected_size,
+ package);
OPENSSL_free(encoding);
return ret;
}
+/* Attempt to encode the test structure and compare it to custom DER */
+static int do_encode_custom(EXPECTED *input,
+ const TEST_CUSTOM_DATA *custom_data,
+ const TEST_PACKAGE *package)
+{
+ unsigned char *expected = NULL;
+ size_t expected_length = make_custom_der(custom_data, &expected, 0);
+ int ret;
+
+ if (expected_length == 0)
+ return -1;
+
+ ret = do_encode(input, expected, expected_length, package);
+ OPENSSL_free(expected);
+
+ return ret;
+}
+
static int test_intern(const TEST_PACKAGE *package)
{
@@ -623,6 +712,29 @@ static int test_intern(const TEST_PACKAGE *package)
sizeof(test_custom_data) / sizeof(test_custom_data[0]));
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encode_expectations_elem_size;
+ switch (do_encode_custom((EXPECTED *)&((unsigned char *)package
+ ->encode_expectations)[pos],
+ &test_custom_data[i], package)) {
+ case -1:
+ fprintf(stderr, "Failed custom encode round trip %u of %s\n",
+ i, package->name);
+ ERR_print_errors_fp(stderr);
+ fail++;
+ ERR_clear_error();
+ break;
+ case 0:
+ fprintf(stderr, "Custom encode round trip %u of %s mismatch\n",
+ i, package->name);
+ ERR_print_errors_fp(stderr);
+ fail++;
+ ERR_clear_error();
+ break;
+ case 1:
+ break;
+ default:
+ OPENSSL_die("do_encode_custom() return unknown value",
+ __FILE__, __LINE__);
+ }
switch (do_decode_custom(&test_custom_data[i],
(EXPECTED *)&((unsigned char *)package
->encode_expectations)[pos],
@@ -638,12 +750,14 @@ static int test_intern(const TEST_PACKAGE *package)
case 0:
fprintf(stderr, "Custom decode round trip %u of %s mismatch\n",
i, package->name);
+ ERR_print_errors_fp(stderr);
fail++;
+ ERR_clear_error();
break;
case 1:
break;
default:
- OPENSSL_die("do_enc_dec() return unknown value",
+ OPENSSL_die("do_decode_custom() return unknown value",
__FILE__, __LINE__);
}
}
More information about the openssl-commits
mailing list