[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Apr 18 19:11:21 UTC 2017
The branch master has been updated
via f3ab6c16c424054c8d6d2c152744dcbaf41c3232 (commit)
from 3304d57848479441ffa0facc6d9693a466559756 (commit)
- Log -----------------------------------------------------------------
commit f3ab6c16c424054c8d6d2c152744dcbaf41c3232
Author: Rich Salz <rsalz at openssl.org>
Date: Mon Apr 17 13:54:45 2017 -0400
Update more tests
modes_internal_test, sslcorrupttest, v3nametest
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3238)
-----------------------------------------------------------------------
Summary of changes:
test/build.info | 6 +--
test/modes_internal_test.c | 65 +++++++++--------------
test/sslcorrupttest.c | 95 +++++++++------------------------
test/v3nametest.c | 127 +++++++++++++++++++++++----------------------
4 files changed, 119 insertions(+), 174 deletions(-)
diff --git a/test/build.info b/test/build.info
index eb36596..d6e43cf 100644
--- a/test/build.info
+++ b/test/build.info
@@ -159,8 +159,8 @@ IF[{- !$disabled{tests} -}]
INCLUDE[igetest]=.. ../include
DEPEND[igetest]=../libcrypto
- SOURCE[v3nametest]=v3nametest.c
- INCLUDE[v3nametest]=../include
+ SOURCE[v3nametest]=v3nametest.c testutil.c test_main.c
+ INCLUDE[v3nametest]=.. ../include
DEPEND[v3nametest]=../libcrypto
SOURCE[crltest]=crltest.c testutil.c test_main.c
@@ -276,7 +276,7 @@ IF[{- !$disabled{tests} -}]
INCLUDE[dtlstest]=../include .
DEPEND[dtlstest]=../libcrypto ../libssl
- SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c
+ SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c test_main_custom.c
INCLUDE[sslcorrupttest]=../include .
DEPEND[sslcorrupttest]=../libcrypto ../libssl
diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c
index c5265c9..087115b 100644
--- a/test/modes_internal_test.c
+++ b/test/modes_internal_test.c
@@ -198,8 +198,7 @@ static int execute_cts128(CTS128_FIXTURE fixture)
unsigned char cleartext[64], ciphertext[64], vector[64];
size_t tail;
- fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
- fflush(stdout);
+ TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len);
tail = fixture.transform_output(orig_vector, vector, len);
@@ -208,54 +207,39 @@ static int execute_cts128(CTS128_FIXTURE fixture)
fixture.encrypt_block(test_input, ciphertext, len,
encrypt_key_schedule, iv,
(block128_f)AES_encrypt);
- if (memcmp(ciphertext, vector, len)) {
- fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(ciphertext, len, vector, len))
return 0;
- }
- if (memcmp(iv, vector + len - tail, sizeof(iv))) {
- fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);
+
+ if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
- }
/* test block-based decryption */
memcpy(iv, test_iv, test_iv_len);
fixture.decrypt_block(ciphertext, cleartext, len,
decrypt_key_schedule, iv,
(block128_f)AES_decrypt);
- if (memcmp(cleartext, test_input, len)) {
- fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(cleartext, len, test_input, len))
return 0;
- }
- if (memcmp(iv, vector + len - tail, sizeof(iv))) {
- fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
- }
/* test streamed encryption */
memcpy(iv, test_iv, test_iv_len);
fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
iv, (cbc128_f) AES_cbc_encrypt);
- if (memcmp(ciphertext, vector, len)) {
- fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(ciphertext, len, vector, len))
return 0;
- }
- if (memcmp(iv, vector + len - tail, sizeof(iv))) {
- fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
- }
/* test streamed decryption */
memcpy(iv, test_iv, test_iv_len);
fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
(cbc128_f)AES_cbc_encrypt);
- if (memcmp(cleartext, test_input, len)) {
- fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(cleartext, len, test_input, len))
return 0;
- }
- if (memcmp(iv, vector + len - tail, sizeof(iv))) {
- fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
+ if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
- }
return 1;
}
@@ -286,11 +270,11 @@ static int test_cts128_nist(int idx)
EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
}
-/**********************************************************************
+/*
*
* Test of gcm128
*
- ***/
+ */
/* Test Case 1 */
static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
@@ -876,7 +860,6 @@ static int test_gcm128(int idx)
SIZED_DATA T = gcm128_vectors[idx].T;
GCM128_CONTEXT ctx;
AES_KEY key;
- int err = 0;
/* Size 1 inputs are special-cased to signal NULL. */
if (A.size == 1)
@@ -891,25 +874,27 @@ static int test_gcm128(int idx)
CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
memset(out, 0, P.size);
- if (A.data)
+ if (A.data != NULL)
CRYPTO_gcm128_aad(&ctx, A.data, A.size);
- if (P.data)
+ if (P.data != NULL)
CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
- if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
- || (C.data && memcmp(out, C.data, P.size)))
- err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
+ if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
+ || (C.data != NULL
+ && !TEST_mem_eq(out, P.size, C.data, P.size)))
+ return 0;
CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
memset(out, 0, P.size);
- if (A.data)
+ if (A.data != NULL)
CRYPTO_gcm128_aad(&ctx, A.data, A.size);
- if (C.data)
+ if (C.data != NULL)
CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
- if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
- || (P.data && memcmp(out, P.data, P.size)))
- err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
+ if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
+ || (P.data != NULL
+ && !TEST_mem_eq(out, P.size, P.data, P.size)))
+ return 0;
- return err == 0;
+ return 1;
}
static void benchmark_gcm128(const unsigned char *K, size_t Klen,
diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 8ccad16..98e5bb3 100644
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -10,6 +10,7 @@
#include <string.h>
#include "ssltestlib.h"
#include "testutil.h"
+#include "test_main_custom.h"
static int docorrupt = 0;
@@ -180,39 +181,30 @@ static char *privkey = NULL;
static int test_ssl_corrupt(int testidx)
{
+ static unsigned char junk[16000] = { 0 };
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *server = NULL, *client = NULL;
BIO *c_to_s_fbio;
int testresult = 0;
- static unsigned char junk[16000] = { 0 };
STACK_OF(SSL_CIPHER) *ciphers;
const SSL_CIPHER *currcipher;
docorrupt = 0;
- printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
+ TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);
- if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
- &cctx, cert, privkey)) {
- printf("Unable to create SSL_CTX pair\n");
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+ TLS_client_method(), &sctx,
+ &cctx, cert, privkey)))
return 0;
- }
- if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) {
- printf("Failed setting cipher list\n");
+ if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])))
goto end;
- }
- ciphers = SSL_CTX_get_ciphers(cctx);
- if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) {
- printf("Unexpected ciphers set\n");
+ if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx))
+ || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1)
+ || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0)))
goto end;
- }
- currcipher = sk_SSL_CIPHER_value(ciphers, 0);
- if (currcipher == NULL) {
- printf("Failed getting the current cipher\n");
- goto end;
- }
/*
* If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
@@ -220,50 +212,32 @@ static int test_ssl_corrupt(int testidx)
* get a "no shared cipher" error.
*/
if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
- if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
- printf("Failed setting max protocol version\n");
+ if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)))
goto end;
- }
}
- c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
- if (c_to_s_fbio == NULL) {
- printf("Failed to create filter BIO\n");
+ if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter())))
goto end;
- }
/* BIO is freed by create_ssl_connection on error */
- if (!create_ssl_objects(sctx, cctx, &server, &client, NULL,
- c_to_s_fbio)) {
- printf("Unable to create SSL objects\n");
- ERR_print_errors_fp(stdout);
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL,
+ c_to_s_fbio)))
goto end;
- }
- if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
- printf("Unable to create SSL connection\n");
- ERR_print_errors_fp(stdout);
+ if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE)))
goto end;
- }
docorrupt = 1;
- if (SSL_write(client, junk, sizeof(junk)) < 0) {
- printf("Unable to SSL_write\n");
- ERR_print_errors_fp(stdout);
+ if (!TEST_int_ge(SSL_write(client, junk, sizeof(junk)), 0))
goto end;
- }
- if (SSL_read(server, junk, sizeof(junk)) >= 0) {
- printf("Read should have failed with \"bad record mac\"\n");
+ if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0))
goto end;
- }
- if (ERR_GET_REASON(ERR_peek_error()) !=
- SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) {
- ERR_print_errors_fp(stdout);
+ if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()),
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC))
goto end;
- }
testresult = 1;
end:
@@ -271,44 +245,25 @@ static int test_ssl_corrupt(int testidx)
SSL_free(client);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
-
return testresult;
}
-int main(int argc, char *argv[])
+int test_main(int argc, char *argv[])
{
- BIO *err = NULL;
- int testresult = 1;
+ int ret;
if (argc != 3) {
- printf("Invalid argument count\n");
- return 1;
+ TEST_error("Usage error");
+ return 0;
}
-
cert = argv[1];
privkey = argv[2];
- err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
- CRYPTO_set_mem_debug(1);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list());
- testresult = run_tests(argv[0]);
-
+ ret = run_tests(argv[0]);
bio_f_tls_corrupt_filter_free();
-
OPENSSL_free(cipher_list);
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
- if (CRYPTO_mem_leaks(err) <= 0)
- testresult = 1;
-#endif
- BIO_free(err);
-
- if (!testresult)
- printf("PASS\n");
-
- return testresult;
+ return ret;
}
diff --git a/test/v3nametest.c b/test/v3nametest.c
index 648c1df..39dcfe8 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -7,10 +7,12 @@
* https://www.openssl.org/source/license.html
*/
+#include <string.h>
+#include "e_os.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
-#include "../e_os.h"
-#include <string.h>
+#include "testutil.h"
+#include "test_main.h"
static const char *const names[] = {
"a", "b", ".", "*", "@",
@@ -72,6 +74,7 @@ static const char *const exceptions[] = {
static int is_exception(const char *msg)
{
const char *const *p;
+
for (p = exceptions; *p; ++p)
if (strcmp(msg, *p) == 0)
return 1;
@@ -83,13 +86,16 @@ static int set_cn(X509 *crt, ...)
int ret = 0;
X509_NAME *n = NULL;
va_list ap;
+
va_start(ap, crt);
n = X509_NAME_new();
if (n == NULL)
goto out;
+
while (1) {
int nid;
const char *name;
+
nid = va_arg(ap, int);
if (nid == 0)
break;
@@ -238,59 +244,55 @@ static const struct set_name_fn name_fns[] = {
{set_email_and_cn, "set emailAddress", 0, 1},
{set_altname_dns, "set dnsName", 1, 0},
{set_altname_email, "set rfc822Name", 0, 1},
- {NULL, NULL, 0}
};
static X509 *make_cert()
{
- X509 *ret = NULL;
X509 *crt = NULL;
- X509_NAME *issuer = NULL;
- crt = X509_new();
- if (crt == NULL)
- goto out;
- if (!X509_set_version(crt, 3))
- goto out;
- ret = crt;
- crt = NULL;
- out:
- X509_NAME_free(issuer);
- return ret;
-}
-static int errors;
+ if (!TEST_ptr(crt = X509_new()))
+ return NULL;
+ if (!TEST_true(X509_set_version(crt, 3))) {
+ X509_free(crt);
+ return NULL;
+ }
+ return crt;
+}
-static void check_message(const struct set_name_fn *fn, const char *op,
- const char *nameincert, int match, const char *name)
+static int check_message(const struct set_name_fn *fn, const char *op,
+ const char *nameincert, int match, const char *name)
{
char msg[1024];
+
if (match < 0)
- return;
+ return 1;
BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
fn->name, op, nameincert,
match ? "matches" : "does not match", name);
if (is_exception(msg))
- return;
- puts(msg);
- ++errors;
+ return 1;
+ TEST_error("%s", msg);
+ return 0;
}
-static void run_cert(X509 *crt, const char *nameincert,
+static int run_cert(X509 *crt, const char *nameincert,
const struct set_name_fn *fn)
{
const char *const *pname = names;
- while (*pname) {
+ int failed = 0;
+
+ for (; *pname != NULL; ++pname) {
int samename = strcasecmp(nameincert, *pname) == 0;
size_t namelen = strlen(*pname);
- char *name = malloc(namelen);
+ char *name = OPENSSL_malloc(namelen);
int match, ret;
+
memcpy(name, *pname, namelen);
- ret = X509_check_host(crt, name, namelen, 0, NULL);
match = -1;
- if (ret < 0) {
- fprintf(stderr, "internal error in X509_check_host");
- ++errors;
+ if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL),
+ 0)) {
+ failed = 1;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
@@ -298,14 +300,14 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 0;
} else if (ret == 1)
match = 1;
- check_message(fn, "host", nameincert, match, *pname);
+ if (!TEST_true(check_message(fn, "host", nameincert, match, *pname)))
+ failed = 1;
- ret = X509_check_host(crt, name, namelen,
- X509_CHECK_FLAG_NO_WILDCARDS, NULL);
match = -1;
- if (ret < 0) {
- fprintf(stderr, "internal error in X509_check_host");
- ++errors;
+ if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen,
+ X509_CHECK_FLAG_NO_WILDCARDS,
+ NULL), 0)) {
+ failed = 1;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
@@ -313,10 +315,12 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 0;
} else if (ret == 1)
match = 1;
- check_message(fn, "host-no-wildcards", nameincert, match, *pname);
+ if (!TEST_true(check_message(fn, "host-no-wildcards",
+ nameincert, match, *pname)))
+ failed = 1;
- ret = X509_check_email(crt, name, namelen, 0);
match = -1;
+ ret = X509_check_email(crt, name, namelen, 0);
if (fn->email) {
if (ret && !samename)
match = 1;
@@ -324,32 +328,33 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 0;
} else if (ret)
match = 1;
- check_message(fn, "email", nameincert, match, *pname);
- ++pname;
- free(name);
+ if (!TEST_true(check_message(fn, "email", nameincert, match, *pname)))
+ failed = 1;
+ OPENSSL_free(name);
}
+
+ return failed == 0;
}
-int main(void)
+static int call_run_cert(int i)
{
- const struct set_name_fn *pfn = name_fns;
- while (pfn->name) {
- const char *const *pname = names;
- while (*pname) {
- X509 *crt = make_cert();
- if (crt == NULL) {
- fprintf(stderr, "make_cert failed\n");
- return 1;
- }
- if (!pfn->fn(crt, *pname)) {
- fprintf(stderr, "X509 name setting failed\n");
- return 1;
- }
- run_cert(crt, *pname, pfn);
- X509_free(crt);
- ++pname;
- }
- ++pfn;
+ int failed = 0;
+ const struct set_name_fn *pfn = &name_fns[i];
+ X509 *crt;
+ const char *const *pname;
+
+ TEST_info("%s", pfn->name);
+ for (pname = names; *pname != NULL; pname++) {
+ if (!TEST_ptr(crt = make_cert())
+ || !TEST_true(pfn->fn(crt, *pname))
+ || !run_cert(crt, *pname, pfn))
+ failed = 1;
+ X509_free(crt);
}
- return errors > 0 ? 1 : 0;
+ return failed == 0;
+}
+
+void register_tests(void)
+{
+ ADD_ALL_TESTS(call_run_cert, sizeof(name_fns) / sizeof(name_fns[0]));
}
More information about the openssl-commits
mailing list