[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Tue Apr 18 19:11:21 UTC 2017


The branch master has been updated
       via  f3ab6c16c424054c8d6d2c152744dcbaf41c3232 (commit)
      from  3304d57848479441ffa0facc6d9693a466559756 (commit)


- Log -----------------------------------------------------------------
commit f3ab6c16c424054c8d6d2c152744dcbaf41c3232
Author: Rich Salz <rsalz at openssl.org>
Date:   Mon Apr 17 13:54:45 2017 -0400

    Update more tests
    
    modes_internal_test, sslcorrupttest, v3nametest
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3238)

-----------------------------------------------------------------------

Summary of changes:
 test/build.info            |   6 +--
 test/modes_internal_test.c |  65 +++++++++--------------
 test/sslcorrupttest.c      |  95 +++++++++------------------------
 test/v3nametest.c          | 127 +++++++++++++++++++++++----------------------
 4 files changed, 119 insertions(+), 174 deletions(-)

diff --git a/test/build.info b/test/build.info
index eb36596..d6e43cf 100644
--- a/test/build.info
+++ b/test/build.info
@@ -159,8 +159,8 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[igetest]=.. ../include
   DEPEND[igetest]=../libcrypto
 
-  SOURCE[v3nametest]=v3nametest.c
-  INCLUDE[v3nametest]=../include
+  SOURCE[v3nametest]=v3nametest.c testutil.c test_main.c
+  INCLUDE[v3nametest]=.. ../include
   DEPEND[v3nametest]=../libcrypto
 
   SOURCE[crltest]=crltest.c testutil.c test_main.c
@@ -276,7 +276,7 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[dtlstest]=../include .
   DEPEND[dtlstest]=../libcrypto ../libssl
 
-  SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c
+  SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c test_main_custom.c
   INCLUDE[sslcorrupttest]=../include .
   DEPEND[sslcorrupttest]=../libcrypto ../libssl
 
diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c
index c5265c9..087115b 100644
--- a/test/modes_internal_test.c
+++ b/test/modes_internal_test.c
@@ -198,8 +198,7 @@ static int execute_cts128(CTS128_FIXTURE fixture)
     unsigned char cleartext[64], ciphertext[64], vector[64];
     size_t tail;
 
-    fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
-    fflush(stdout);
+    TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len);
 
     tail = fixture.transform_output(orig_vector, vector, len);
 
@@ -208,54 +207,39 @@ static int execute_cts128(CTS128_FIXTURE fixture)
     fixture.encrypt_block(test_input, ciphertext, len,
                           encrypt_key_schedule, iv,
                           (block128_f)AES_encrypt);
-    if (memcmp(ciphertext, vector, len)) {
-        fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(ciphertext, len, vector, len))
         return 0;
-    }
-    if (memcmp(iv, vector + len - tail, sizeof(iv))) {
-        fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);
+
+    if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
         return 0;
-    }
 
     /* test block-based decryption */
     memcpy(iv, test_iv, test_iv_len);
     fixture.decrypt_block(ciphertext, cleartext, len,
                           decrypt_key_schedule, iv,
                           (block128_f)AES_decrypt);
-    if (memcmp(cleartext, test_input, len)) {
-        fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(cleartext, len, test_input, len))
         return 0;
-    }
-    if (memcmp(iv, vector + len - tail, sizeof(iv))) {
-        fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
         return 0;
-    }
 
     /* test streamed encryption */
     memcpy(iv, test_iv, test_iv_len);
     fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
                     iv, (cbc128_f) AES_cbc_encrypt);
-    if (memcmp(ciphertext, vector, len)) {
-        fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(ciphertext, len, vector, len))
         return 0;
-    }
-    if (memcmp(iv, vector + len - tail, sizeof(iv))) {
-        fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
         return 0;
-    }
 
     /* test streamed decryption */
     memcpy(iv, test_iv, test_iv_len);
     fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
                     (cbc128_f)AES_cbc_encrypt);
-    if (memcmp(cleartext, test_input, len)) {
-        fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(cleartext, len, test_input, len))
         return 0;
-    }
-    if (memcmp(iv, vector + len - tail, sizeof(iv))) {
-        fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
+    if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
         return 0;
-    }
 
     return 1;
 }
@@ -286,11 +270,11 @@ static int test_cts128_nist(int idx)
     EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
 }
 
-/**********************************************************************
+/*
  *
  * Test of gcm128
  *
- ***/
+ */
 
 /* Test Case 1 */
 static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
@@ -876,7 +860,6 @@ static int test_gcm128(int idx)
     SIZED_DATA T = gcm128_vectors[idx].T;
     GCM128_CONTEXT ctx;
     AES_KEY key;
-    int err = 0;
 
     /* Size 1 inputs are special-cased to signal NULL. */
     if (A.size == 1)
@@ -891,25 +874,27 @@ static int test_gcm128(int idx)
     CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
     CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
     memset(out, 0, P.size);
-    if (A.data)
+    if (A.data != NULL)
         CRYPTO_gcm128_aad(&ctx, A.data, A.size);
-    if (P.data)
+    if (P.data != NULL)
         CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
-    if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
-        || (C.data && memcmp(out, C.data, P.size)))
-        err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
+    if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
+            || (C.data != NULL
+                    && !TEST_mem_eq(out, P.size, C.data, P.size)))
+        return 0;
 
     CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
     memset(out, 0, P.size);
-    if (A.data)
+    if (A.data != NULL)
         CRYPTO_gcm128_aad(&ctx, A.data, A.size);
-    if (C.data)
+    if (C.data != NULL)
         CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
-    if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
-        || (P.data && memcmp(out, P.data, P.size)))
-        err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
+    if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
+            || (P.data != NULL
+                    && !TEST_mem_eq(out, P.size, P.data, P.size)))
+        return 0;
 
-    return err == 0;
+    return 1;
 }
 
 static void benchmark_gcm128(const unsigned char *K, size_t Klen,
diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c
index 8ccad16..98e5bb3 100644
--- a/test/sslcorrupttest.c
+++ b/test/sslcorrupttest.c
@@ -10,6 +10,7 @@
 #include <string.h>
 #include "ssltestlib.h"
 #include "testutil.h"
+#include "test_main_custom.h"
 
 static int docorrupt = 0;
 
@@ -180,39 +181,30 @@ static char *privkey = NULL;
 
 static int test_ssl_corrupt(int testidx)
 {
+    static unsigned char junk[16000] = { 0 };
     SSL_CTX *sctx = NULL, *cctx = NULL;
     SSL *server = NULL, *client = NULL;
     BIO *c_to_s_fbio;
     int testresult = 0;
-    static unsigned char junk[16000] = { 0 };
     STACK_OF(SSL_CIPHER) *ciphers;
     const SSL_CIPHER *currcipher;
 
     docorrupt = 0;
 
-    printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
+    TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);
 
-    if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
-                             &cctx, cert, privkey)) {
-        printf("Unable to create SSL_CTX pair\n");
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+                                       TLS_client_method(), &sctx,
+                                       &cctx, cert, privkey)))
         return 0;
-    }
 
-    if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) {
-        printf("Failed setting cipher list\n");
+    if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])))
         goto end;
-    }
 
-    ciphers = SSL_CTX_get_ciphers(cctx);
-    if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) {
-        printf("Unexpected ciphers set\n");
+    if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx))
+            || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1)
+            || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0)))
         goto end;
-    }
-    currcipher = sk_SSL_CIPHER_value(ciphers, 0);
-    if (currcipher == NULL) {
-        printf("Failed getting the current cipher\n");
-        goto end;
-    }
 
     /*
      * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
@@ -220,50 +212,32 @@ static int test_ssl_corrupt(int testidx)
      * get a "no shared cipher" error.
      */
     if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
-        if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
-            printf("Failed setting max protocol version\n");
+        if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)))
             goto end;
-        }
     }
 
-    c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
-    if (c_to_s_fbio == NULL) {
-        printf("Failed to create filter BIO\n");
+    if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter())))
         goto end;
-    }
 
     /* BIO is freed by create_ssl_connection on error */
-    if (!create_ssl_objects(sctx, cctx, &server, &client, NULL,
-                            c_to_s_fbio)) {
-        printf("Unable to create SSL objects\n");
-        ERR_print_errors_fp(stdout);
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL,
+                                      c_to_s_fbio)))
         goto end;
-    }
 
-    if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
-        printf("Unable to create SSL connection\n");
-        ERR_print_errors_fp(stdout);
+    if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE)))
         goto end;
-    }
 
     docorrupt = 1;
 
-    if (SSL_write(client, junk, sizeof(junk)) < 0) {
-        printf("Unable to SSL_write\n");
-        ERR_print_errors_fp(stdout);
+    if (!TEST_int_ge(SSL_write(client, junk, sizeof(junk)), 0))
         goto end;
-    }
 
-    if (SSL_read(server, junk, sizeof(junk)) >= 0) {
-        printf("Read should have failed with \"bad record mac\"\n");
+    if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0))
         goto end;
-    }
 
-    if (ERR_GET_REASON(ERR_peek_error()) !=
-        SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) {
-        ERR_print_errors_fp(stdout);
+    if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()),
+                     SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC))
         goto end;
-    }
 
     testresult = 1;
  end:
@@ -271,44 +245,25 @@ static int test_ssl_corrupt(int testidx)
     SSL_free(client);
     SSL_CTX_free(sctx);
     SSL_CTX_free(cctx);
-
     return testresult;
 }
 
-int main(int argc, char *argv[])
+int test_main(int argc, char *argv[])
 {
-    BIO *err = NULL;
-    int testresult = 1;
+    int ret;
 
     if (argc != 3) {
-        printf("Invalid argument count\n");
-        return 1;
+        TEST_error("Usage error");
+        return 0;
     }
-
     cert = argv[1];
     privkey = argv[2];
 
-    err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
-
-    CRYPTO_set_mem_debug(1);
-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
     ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list());
 
-    testresult = run_tests(argv[0]);
-
+    ret = run_tests(argv[0]);
     bio_f_tls_corrupt_filter_free();
-
     OPENSSL_free(cipher_list);
 
-#ifndef OPENSSL_NO_CRYPTO_MDEBUG
-    if (CRYPTO_mem_leaks(err) <= 0)
-        testresult = 1;
-#endif
-    BIO_free(err);
-
-    if (!testresult)
-        printf("PASS\n");
-
-    return testresult;
+    return ret;
 }
diff --git a/test/v3nametest.c b/test/v3nametest.c
index 648c1df..39dcfe8 100644
--- a/test/v3nametest.c
+++ b/test/v3nametest.c
@@ -7,10 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <string.h>
+#include "e_os.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "../e_os.h"
-#include <string.h>
+#include "testutil.h"
+#include "test_main.h"
 
 static const char *const names[] = {
     "a", "b", ".", "*", "@",
@@ -72,6 +74,7 @@ static const char *const exceptions[] = {
 static int is_exception(const char *msg)
 {
     const char *const *p;
+
     for (p = exceptions; *p; ++p)
         if (strcmp(msg, *p) == 0)
             return 1;
@@ -83,13 +86,16 @@ static int set_cn(X509 *crt, ...)
     int ret = 0;
     X509_NAME *n = NULL;
     va_list ap;
+
     va_start(ap, crt);
     n = X509_NAME_new();
     if (n == NULL)
         goto out;
+
     while (1) {
         int nid;
         const char *name;
+
         nid = va_arg(ap, int);
         if (nid == 0)
             break;
@@ -238,59 +244,55 @@ static const struct set_name_fn name_fns[] = {
     {set_email_and_cn, "set emailAddress", 0, 1},
     {set_altname_dns, "set dnsName", 1, 0},
     {set_altname_email, "set rfc822Name", 0, 1},
-    {NULL, NULL, 0}
 };
 
 static X509 *make_cert()
 {
-    X509 *ret = NULL;
     X509 *crt = NULL;
-    X509_NAME *issuer = NULL;
-    crt = X509_new();
-    if (crt == NULL)
-        goto out;
-    if (!X509_set_version(crt, 3))
-        goto out;
-    ret = crt;
-    crt = NULL;
- out:
-    X509_NAME_free(issuer);
-    return ret;
-}
 
-static int errors;
+    if (!TEST_ptr(crt = X509_new()))
+        return NULL;
+    if (!TEST_true(X509_set_version(crt, 3))) {
+        X509_free(crt);
+        return NULL;
+    }
+    return crt;
+}
 
-static void check_message(const struct set_name_fn *fn, const char *op,
-                          const char *nameincert, int match, const char *name)
+static int check_message(const struct set_name_fn *fn, const char *op,
+                         const char *nameincert, int match, const char *name)
 {
     char msg[1024];
+
     if (match < 0)
-        return;
+        return 1;
     BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
                  fn->name, op, nameincert,
                  match ? "matches" : "does not match", name);
     if (is_exception(msg))
-        return;
-    puts(msg);
-    ++errors;
+        return 1;
+    TEST_error("%s", msg);
+    return 0;
 }
 
-static void run_cert(X509 *crt, const char *nameincert,
+static int run_cert(X509 *crt, const char *nameincert,
                      const struct set_name_fn *fn)
 {
     const char *const *pname = names;
-    while (*pname) {
+    int failed = 0;
+
+    for (; *pname != NULL; ++pname) {
         int samename = strcasecmp(nameincert, *pname) == 0;
         size_t namelen = strlen(*pname);
-        char *name = malloc(namelen);
+        char *name = OPENSSL_malloc(namelen);
         int match, ret;
+
         memcpy(name, *pname, namelen);
 
-        ret = X509_check_host(crt, name, namelen, 0, NULL);
         match = -1;
-        if (ret < 0) {
-            fprintf(stderr, "internal error in X509_check_host");
-            ++errors;
+        if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL),
+                         0)) {
+            failed = 1;
         } else if (fn->host) {
             if (ret == 1 && !samename)
                 match = 1;
@@ -298,14 +300,14 @@ static void run_cert(X509 *crt, const char *nameincert,
                 match = 0;
         } else if (ret == 1)
             match = 1;
-        check_message(fn, "host", nameincert, match, *pname);
+        if (!TEST_true(check_message(fn, "host", nameincert, match, *pname)))
+            failed = 1;
 
-        ret = X509_check_host(crt, name, namelen,
-                              X509_CHECK_FLAG_NO_WILDCARDS, NULL);
         match = -1;
-        if (ret < 0) {
-            fprintf(stderr, "internal error in X509_check_host");
-            ++errors;
+        if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen,
+                                               X509_CHECK_FLAG_NO_WILDCARDS,
+                                               NULL), 0)) {
+            failed = 1;
         } else if (fn->host) {
             if (ret == 1 && !samename)
                 match = 1;
@@ -313,10 +315,12 @@ static void run_cert(X509 *crt, const char *nameincert,
                 match = 0;
         } else if (ret == 1)
             match = 1;
-        check_message(fn, "host-no-wildcards", nameincert, match, *pname);
+        if (!TEST_true(check_message(fn, "host-no-wildcards",
+                                     nameincert, match, *pname)))
+            failed = 1;
 
-        ret = X509_check_email(crt, name, namelen, 0);
         match = -1;
+        ret = X509_check_email(crt, name, namelen, 0);
         if (fn->email) {
             if (ret && !samename)
                 match = 1;
@@ -324,32 +328,33 @@ static void run_cert(X509 *crt, const char *nameincert,
                 match = 0;
         } else if (ret)
             match = 1;
-        check_message(fn, "email", nameincert, match, *pname);
-        ++pname;
-        free(name);
+        if (!TEST_true(check_message(fn, "email", nameincert, match, *pname)))
+            failed = 1;
+        OPENSSL_free(name);
     }
+
+    return failed == 0;
 }
 
-int main(void)
+static int call_run_cert(int i)
 {
-    const struct set_name_fn *pfn = name_fns;
-    while (pfn->name) {
-        const char *const *pname = names;
-        while (*pname) {
-            X509 *crt = make_cert();
-            if (crt == NULL) {
-                fprintf(stderr, "make_cert failed\n");
-                return 1;
-            }
-            if (!pfn->fn(crt, *pname)) {
-                fprintf(stderr, "X509 name setting failed\n");
-                return 1;
-            }
-            run_cert(crt, *pname, pfn);
-            X509_free(crt);
-            ++pname;
-        }
-        ++pfn;
+    int failed = 0;
+    const struct set_name_fn *pfn = &name_fns[i];
+    X509 *crt;
+    const char *const *pname;
+
+    TEST_info("%s", pfn->name);
+    for (pname = names; *pname != NULL; pname++) {
+        if (!TEST_ptr(crt = make_cert())
+             || !TEST_true(pfn->fn(crt, *pname))
+             || !run_cert(crt, *pname, pfn))
+            failed = 1;
+        X509_free(crt);
     }
-    return errors > 0 ? 1 : 0;
+    return failed == 0;
+}
+
+void register_tests(void)
+{
+    ADD_ALL_TESTS(call_run_cert, sizeof(name_fns) / sizeof(name_fns[0]));
 }


More information about the openssl-commits mailing list