[openssl] master update
Richard Levitte
levitte at openssl.org
Sun May 16 10:08:17 UTC 2021
The branch master has been updated
via b422ba3dda5d85c295aae6205909a6eeb4921c4b (commit)
via a12da5dafbc6e681d32e88ddef0067ff14abd8f2 (commit)
from e2daf6f14045587614681bf6579480be63de6da0 (commit)
- Log -----------------------------------------------------------------
commit b422ba3dda5d85c295aae6205909a6eeb4921c4b
Author: Richard Levitte <levitte at openssl.org>
Date: Fri May 14 12:26:21 2021 +0200
Adapt 80-test_cmp_http.t and its data for random accept ports
Fixes #14694
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15281)
commit a12da5dafbc6e681d32e88ddef0067ff14abd8f2
Author: Richard Levitte <levitte at openssl.org>
Date: Fri May 14 12:25:11 2021 +0200
APPS: Make the cmp Mock server output the accept address and port
Fixes #14694
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15281)
-----------------------------------------------------------------------
Summary of changes:
apps/include/s_apps.h | 1 +
apps/lib/http_server.c | 9 +++
apps/lib/s_socket.c | 66 ++++++++++++----------
test/recipes/80-test_cmp_http.t | 44 ++++++++-------
test/recipes/80-test_cmp_http_data/Mock/server.cnf | 3 +-
test/recipes/80-test_cmp_http_data/Mock/test.cnf | 8 +--
.../80-test_cmp_http_data/test_connection.csv | 2 +-
7 files changed, 78 insertions(+), 55 deletions(-)
diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 3d2bace594..a5e9762aed 100644
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -16,6 +16,7 @@
#define PROTOCOL "tcp"
typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
+int report_server_accept(BIO *out, int asock, int with_address);
int do_server(int *accept_sock, const char *host, const char *port,
int family, int type, int protocol, do_server_cb cb,
unsigned char *context, int naccept, BIO *bio_s_out);
diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c
index 691e5c9056..ae33632598 100644
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@@ -23,6 +23,7 @@
#include "internal/sockets.h"
#include <openssl/err.h>
#include <openssl/rand.h>
+#include "s_apps.h"
#if defined(__TANDEM)
# if defined(OPENSSL_TANDEM_FLOSS)
@@ -218,6 +219,7 @@ void spawn_loop(const char *prog)
BIO *http_server_init_bio(const char *prog, const char *port)
{
BIO *acbio = NULL, *bufbio;
+ int asock;
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
@@ -237,6 +239,13 @@ BIO *http_server_init_bio(const char *prog, const char *port)
goto err;
}
+ /* Report back what address and port are used */
+ BIO_get_fd(acbio, &asock);
+ if (!report_server_accept(bio_out, asock, 1)) {
+ log_message(prog, LOG_ERR, "Error printing ACCEPT string");
+ goto err;
+ }
+
return acbio;
err:
diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 65d56c0991..e41429df89 100644
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -191,6 +191,38 @@ out:
return ret;
}
+int report_server_accept(BIO *out, int asock, int with_address)
+{
+ int success = 0;
+
+ if (with_address) {
+ union BIO_sock_info_u info;
+ char *hostname = NULL;
+ char *service = NULL;
+
+ if ((info.addr = BIO_ADDR_new()) != NULL
+ && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
+ && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
+ && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
+ && BIO_printf(out,
+ strchr(hostname, ':') == NULL
+ ? /* IPv4 */ "ACCEPT %s:%s\n"
+ : /* IPv6 */ "ACCEPT [%s]:%s\n",
+ hostname, service) > 0)
+ success = 1;
+
+ OPENSSL_free(hostname);
+ OPENSSL_free(service);
+ BIO_ADDR_free(info.addr);
+ } else {
+ (void)BIO_printf(out, "ACCEPT\n");
+ success = 1;
+ }
+ (void)BIO_flush(out);
+
+ return success;
+}
+
/*
* do_server - helper routine to perform a server operation
* @accept_sock: pointer to storage of resulting socket.
@@ -296,36 +328,10 @@ int do_server(int *accept_sock, const char *host, const char *port,
BIO_ADDRINFO_free(res);
res = NULL;
- if (sock_port == 0) {
- /* dynamically allocated port, report which one */
- union BIO_sock_info_u info;
- char *hostname = NULL;
- char *service = NULL;
- int success = 0;
-
- if ((info.addr = BIO_ADDR_new()) != NULL
- && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
- && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
- && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
- && BIO_printf(bio_s_out,
- strchr(hostname, ':') == NULL
- ? /* IPv4 */ "ACCEPT %s:%s\n"
- : /* IPv6 */ "ACCEPT [%s]:%s\n",
- hostname, service) > 0)
- success = 1;
-
- (void)BIO_flush(bio_s_out);
- OPENSSL_free(hostname);
- OPENSSL_free(service);
- BIO_ADDR_free(info.addr);
- if (!success) {
- BIO_closesocket(asock);
- ERR_print_errors(bio_err);
- goto end;
- }
- } else {
- (void)BIO_printf(bio_s_out, "ACCEPT\n");
- (void)BIO_flush(bio_s_out);
+ if (!report_server_accept(bio_s_out, asock, sock_port == 0)) {
+ BIO_closesocket(asock);
+ ERR_print_errors(bio_err);
+ goto end;
}
if (accept_sock != NULL)
diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t
index 7bb720a823..8bd9eacde9 100644
--- a/test/recipes/80-test_cmp_http.t
+++ b/test/recipes/80-test_cmp_http.t
@@ -28,15 +28,13 @@ plan skip_all => "These tests are not supported in a no-cmp build"
if disabled("cmp");
plan skip_all => "These tests are not supported in a no-ec build"
if disabled("ec");
+plan skip_all => "These tests are not supported in a no-sock build"
+ if disabled("sock");
plan skip_all => "Tests involving local HTTP server not available on Windows, AIX or VMS"
if $^O =~ /^(VMS|MSWin32|AIX)$/;
plan skip_all => "Tests involving local HTTP server not available in cross-compile builds"
if defined $ENV{EXE_SHELL};
-plan skip_all => "Tests involving local HTTP server require 'kill' command"
- if system("which kill >/dev/null");
-plan skip_all => "Tests involving local HTTP server require 'lsof' command"
- if system("which lsof >/dev/null"); # this typically excludes Solaris
sub chop_dblquot { # chop any leading and trailing '"' (needed for Windows)
my $str = shift;
@@ -65,6 +63,7 @@ my $pbm_ref; # The reference for PBM
my $pbm_secret; # The secret for PBM
my $column; # The column number of the expected result
my $sleep = 0; # The time to sleep between two requests
+my $server_fh; # Server file handle
# The local $server_name variables below are among others taken as the name of a
# sub-directory with server-specific certs etc. and CA-specific config section.
@@ -131,6 +130,9 @@ sub test_cmp_http {
my $params = shift;
my $expected_exit = shift;
my $path_app = bldtop_dir($app);
+ $params = [ '-server', "127.0.0.1:$server_port", @$params ]
+ unless grep { $_ eq '-server' } @$params;
+
with({ exit_checker => sub {
my $actual_exit = shift;
my $OK = $actual_exit == $expected_exit;
@@ -265,28 +267,32 @@ sub load_tests {
return \@result;
}
-sub mock_server_pid {
- return `lsof -iTCP:$server_port` =~ m/\n\S+\s+(\d+)\s+[^\n]+LISTEN/s ? $1 : 0;
-}
-
sub start_mock_server {
my $args = $_[0]; # optional further CLI arguments
my $dir = bldtop_dir("");
- my $cmd = "LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " .
- bldtop_dir($app) . " -config server.cnf $args";
- my $pid = mock_server_pid();
- if ($pid) {
- print "Mock server already running with pid=$pid\n";
- return $pid;
- }
+ local $ENV{LD_LIBRARY_PATH} = $dir;
+ local $ENV{DYLD_LIBRARY_PATH} = $dir;
+ my $cmd = bldtop_dir($app) . " -config server.cnf $args";
print "Current directory is ".getcwd()."\n";
- print "Launching mock server listening on port $server_port: $cmd\n";
- return system("$cmd &") == 0 # start in background, check for success
- ? (sleep 1, mock_server_pid()) : 0;
+ print "Launching mock server: $cmd\n";
+ my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd";
+ print "Pid is: $pid\n";
+ # Find out the actual server port
+ while (<$server_fh>) {
+ print;
+ s/\R$//; # Better chomp
+ next unless (/^ACCEPT\s.*:(\d+)$/);
+ $server_port = $1;
+ $server_tls = $1;
+ $kur_port = $1;
+ $pbm_port = $1;
+ last;
+ }
+ return $pid;
}
sub stop_mock_server {
my $pid = $_[0];
print "Killing mock server with pid=$pid\n";
- system("kill $pid") if $pid;
+ kill('QUIT', $pid) if $pid;
}
diff --git a/test/recipes/80-test_cmp_http_data/Mock/server.cnf b/test/recipes/80-test_cmp_http_data/Mock/server.cnf
index c8fe8edcc6..24a6ebb9f6 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/server.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/server.cnf
@@ -1,6 +1,7 @@
[cmp] # mock server configuration
-port = 1700
+# port 0 means that a random available port will be used
+port = 0
srv_cert = server.crt
srv_key = server.key
srv_secret = pass:test
diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
index 22ca0f2362..503ded18e3 100644
--- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf
+++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf
@@ -17,8 +17,8 @@ policies = certificatePolicies
[Mock] # the built-in OpenSSL CMP mock server
no_check_time = 1
server_host = 127.0.0.1 # localhost
-server_port = 1700
-server_tls = 0
+server_port = 0
+server_tls = $server_port
server_cert = server.crt
server = $server_host:$server_port
server_path = pkix/
@@ -30,8 +30,8 @@ expect_sender = $server_dn
subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf"
newkey = signer.key
out_trusted = signer_root.crt
-kur_port = 1700
-pbm_port = 1700
+kur_port = $server_port
+pbm_port = $server_port
pbm_ref =
pbm_secret = pass:test
cert = signer.crt
diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv
index 3276eb5fb3..b3290e0e73 100644
--- a/test/recipes/80-test_cmp_http_data/test_connection.csv
+++ b/test/recipes/80-test_cmp_http_data/test_connection.csv
@@ -14,7 +14,7 @@ TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,,
1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+1,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
,,,,,,,,,,,,,,,,,,,
1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
More information about the openssl-commits
mailing list