提交 f3ab6c16 编写于 作者: R Rich Salz

Update more tests

modes_internal_test, sslcorrupttest, v3nametest
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3238)
上级 3304d578
......@@ -159,8 +159,8 @@ IF[{- !$disabled{tests} -}]
INCLUDE[igetest]=.. ../include
DEPEND[igetest]=../libcrypto
SOURCE[v3nametest]=v3nametest.c
INCLUDE[v3nametest]=../include
SOURCE[v3nametest]=v3nametest.c testutil.c test_main.c
INCLUDE[v3nametest]=.. ../include
DEPEND[v3nametest]=../libcrypto
SOURCE[crltest]=crltest.c testutil.c test_main.c
......@@ -276,7 +276,7 @@ IF[{- !$disabled{tests} -}]
INCLUDE[dtlstest]=../include .
DEPEND[dtlstest]=../libcrypto ../libssl
SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c
SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c test_main_custom.c
INCLUDE[sslcorrupttest]=../include .
DEPEND[sslcorrupttest]=../libcrypto ../libssl
......
......@@ -198,8 +198,7 @@ static int execute_cts128(CTS128_FIXTURE fixture)
unsigned char cleartext[64], ciphertext[64], vector[64];
size_t tail;
fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
fflush(stdout);
TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len);
tail = fixture.transform_output(orig_vector, vector, len);
......@@ -208,54 +207,39 @@ static int execute_cts128(CTS128_FIXTURE fixture)
fixture.encrypt_block(test_input, ciphertext, len,
encrypt_key_schedule, iv,
(block128_f)AES_encrypt);
if (memcmp(ciphertext, vector, len)) {
fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(ciphertext, len, vector, len))
return 0;
}
if (memcmp(iv, vector + len - tail, sizeof(iv))) {
fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
}
/* test block-based decryption */
memcpy(iv, test_iv, test_iv_len);
fixture.decrypt_block(ciphertext, cleartext, len,
decrypt_key_schedule, iv,
(block128_f)AES_decrypt);
if (memcmp(cleartext, test_input, len)) {
fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(cleartext, len, test_input, len))
return 0;
}
if (memcmp(iv, vector + len - tail, sizeof(iv))) {
fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
}
/* test streamed encryption */
memcpy(iv, test_iv, test_iv_len);
fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
iv, (cbc128_f) AES_cbc_encrypt);
if (memcmp(ciphertext, vector, len)) {
fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(ciphertext, len, vector, len))
return 0;
}
if (memcmp(iv, vector + len - tail, sizeof(iv))) {
fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
}
/* test streamed decryption */
memcpy(iv, test_iv, test_iv_len);
fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
(cbc128_f)AES_cbc_encrypt);
if (memcmp(cleartext, test_input, len)) {
fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(cleartext, len, test_input, len))
return 0;
}
if (memcmp(iv, vector + len - tail, sizeof(iv))) {
fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
}
return 1;
}
......@@ -286,11 +270,11 @@ static int test_cts128_nist(int idx)
EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
}
/**********************************************************************
/*
*
* Test of gcm128
*
***/
*/
/* Test Case 1 */
static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
......@@ -876,7 +860,6 @@ static int test_gcm128(int idx)
SIZED_DATA T = gcm128_vectors[idx].T;
GCM128_CONTEXT ctx;
AES_KEY key;
int err = 0;
/* Size 1 inputs are special-cased to signal NULL. */
if (A.size == 1)
......@@ -891,25 +874,27 @@ static int test_gcm128(int idx)
CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
memset(out, 0, P.size);
if (A.data)
if (A.data != NULL)
CRYPTO_gcm128_aad(&ctx, A.data, A.size);
if (P.data)
if (P.data != NULL)
CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
|| (C.data && memcmp(out, C.data, P.size)))
err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
|| (C.data != NULL
&& !TEST_mem_eq(out, P.size, C.data, P.size)))
return 0;
CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
memset(out, 0, P.size);
if (A.data)
if (A.data != NULL)
CRYPTO_gcm128_aad(&ctx, A.data, A.size);
if (C.data)
if (C.data != NULL)
CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
|| (P.data && memcmp(out, P.data, P.size)))
err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
|| (P.data != NULL
&& !TEST_mem_eq(out, P.size, P.data, P.size)))
return 0;
return err == 0;
return 1;
}
static void benchmark_gcm128(const unsigned char *K, size_t Klen,
......
......@@ -10,6 +10,7 @@
#include <string.h>
#include "ssltestlib.h"
#include "testutil.h"
#include "test_main_custom.h"
static int docorrupt = 0;
......@@ -180,39 +181,30 @@ static char *privkey = NULL;
static int test_ssl_corrupt(int testidx)
{
static unsigned char junk[16000] = { 0 };
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *server = NULL, *client = NULL;
BIO *c_to_s_fbio;
int testresult = 0;
static unsigned char junk[16000] = { 0 };
STACK_OF(SSL_CIPHER) *ciphers;
const SSL_CIPHER *currcipher;
docorrupt = 0;
printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
&cctx, cert, privkey)) {
printf("Unable to create SSL_CTX pair\n");
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(), &sctx,
&cctx, cert, privkey)))
return 0;
}
if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) {
printf("Failed setting cipher list\n");
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])))
goto end;
}
ciphers = SSL_CTX_get_ciphers(cctx);
if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) {
printf("Unexpected ciphers set\n");
if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx))
|| !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1)
|| !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0)))
goto end;
}
currcipher = sk_SSL_CIPHER_value(ciphers, 0);
if (currcipher == NULL) {
printf("Failed getting the current cipher\n");
goto end;
}
/*
* If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
......@@ -220,50 +212,32 @@ static int test_ssl_corrupt(int testidx)
* get a "no shared cipher" error.
*/
if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
printf("Failed setting max protocol version\n");
if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)))
goto end;
}
}
c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
if (c_to_s_fbio == NULL) {
printf("Failed to create filter BIO\n");
if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter())))
goto end;
}
/* BIO is freed by create_ssl_connection on error */
if (!create_ssl_objects(sctx, cctx, &server, &client, NULL,
c_to_s_fbio)) {
printf("Unable to create SSL objects\n");
ERR_print_errors_fp(stdout);
if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL,
c_to_s_fbio)))
goto end;
}
if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
printf("Unable to create SSL connection\n");
ERR_print_errors_fp(stdout);
if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE)))
goto end;
}
docorrupt = 1;
if (SSL_write(client, junk, sizeof(junk)) < 0) {
printf("Unable to SSL_write\n");
ERR_print_errors_fp(stdout);
if (!TEST_int_ge(SSL_write(client, junk, sizeof(junk)), 0))
goto end;
}
if (SSL_read(server, junk, sizeof(junk)) >= 0) {
printf("Read should have failed with \"bad record mac\"\n");
if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0))
goto end;
}
if (ERR_GET_REASON(ERR_peek_error()) !=
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) {
ERR_print_errors_fp(stdout);
if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()),
SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC))
goto end;
}
testresult = 1;
end:
......@@ -271,44 +245,25 @@ static int test_ssl_corrupt(int testidx)
SSL_free(client);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
int main(int argc, char *argv[])
int test_main(int argc, char *argv[])
{
BIO *err = NULL;
int testresult = 1;
int ret;
if (argc != 3) {
printf("Invalid argument count\n");
return 1;
TEST_error("Usage error");
return 0;
}
cert = argv[1];
privkey = argv[2];
err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list());
testresult = run_tests(argv[0]);
ret = run_tests(argv[0]);
bio_f_tls_corrupt_filter_free();
OPENSSL_free(cipher_list);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (CRYPTO_mem_leaks(err) <= 0)
testresult = 1;
#endif
BIO_free(err);
if (!testresult)
printf("PASS\n");
return testresult;
return ret;
}
......@@ -7,10 +7,12 @@
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "e_os.h"
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include "../e_os.h"
#include <string.h>
#include "testutil.h"
#include "test_main.h"
static const char *const names[] = {
"a", "b", ".", "*", "@",
......@@ -72,6 +74,7 @@ static const char *const exceptions[] = {
static int is_exception(const char *msg)
{
const char *const *p;
for (p = exceptions; *p; ++p)
if (strcmp(msg, *p) == 0)
return 1;
......@@ -83,13 +86,16 @@ static int set_cn(X509 *crt, ...)
int ret = 0;
X509_NAME *n = NULL;
va_list ap;
va_start(ap, crt);
n = X509_NAME_new();
if (n == NULL)
goto out;
while (1) {
int nid;
const char *name;
nid = va_arg(ap, int);
if (nid == 0)
break;
......@@ -238,59 +244,55 @@ static const struct set_name_fn name_fns[] = {
{set_email_and_cn, "set emailAddress", 0, 1},
{set_altname_dns, "set dnsName", 1, 0},
{set_altname_email, "set rfc822Name", 0, 1},
{NULL, NULL, 0}
};
static X509 *make_cert()
{
X509 *ret = NULL;
X509 *crt = NULL;
X509_NAME *issuer = NULL;
crt = X509_new();
if (crt == NULL)
goto out;
if (!X509_set_version(crt, 3))
goto out;
ret = crt;
crt = NULL;
out:
X509_NAME_free(issuer);
return ret;
}
static int errors;
if (!TEST_ptr(crt = X509_new()))
return NULL;
if (!TEST_true(X509_set_version(crt, 3))) {
X509_free(crt);
return NULL;
}
return crt;
}
static void check_message(const struct set_name_fn *fn, const char *op,
const char *nameincert, int match, const char *name)
static int check_message(const struct set_name_fn *fn, const char *op,
const char *nameincert, int match, const char *name)
{
char msg[1024];
if (match < 0)
return;
return 1;
BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
fn->name, op, nameincert,
match ? "matches" : "does not match", name);
if (is_exception(msg))
return;
puts(msg);
++errors;
return 1;
TEST_error("%s", msg);
return 0;
}
static void run_cert(X509 *crt, const char *nameincert,
static int run_cert(X509 *crt, const char *nameincert,
const struct set_name_fn *fn)
{
const char *const *pname = names;
while (*pname) {
int failed = 0;
for (; *pname != NULL; ++pname) {
int samename = strcasecmp(nameincert, *pname) == 0;
size_t namelen = strlen(*pname);
char *name = malloc(namelen);
char *name = OPENSSL_malloc(namelen);
int match, ret;
memcpy(name, *pname, namelen);
ret = X509_check_host(crt, name, namelen, 0, NULL);
match = -1;
if (ret < 0) {
fprintf(stderr, "internal error in X509_check_host");
++errors;
if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL),
0)) {
failed = 1;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
......@@ -298,14 +300,14 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 0;
} else if (ret == 1)
match = 1;
check_message(fn, "host", nameincert, match, *pname);
if (!TEST_true(check_message(fn, "host", nameincert, match, *pname)))
failed = 1;
ret = X509_check_host(crt, name, namelen,
X509_CHECK_FLAG_NO_WILDCARDS, NULL);
match = -1;
if (ret < 0) {
fprintf(stderr, "internal error in X509_check_host");
++errors;
if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen,
X509_CHECK_FLAG_NO_WILDCARDS,
NULL), 0)) {
failed = 1;
} else if (fn->host) {
if (ret == 1 && !samename)
match = 1;
......@@ -313,10 +315,12 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 0;
} else if (ret == 1)
match = 1;
check_message(fn, "host-no-wildcards", nameincert, match, *pname);
if (!TEST_true(check_message(fn, "host-no-wildcards",
nameincert, match, *pname)))
failed = 1;
ret = X509_check_email(crt, name, namelen, 0);
match = -1;
ret = X509_check_email(crt, name, namelen, 0);
if (fn->email) {
if (ret && !samename)
match = 1;
......@@ -324,32 +328,33 @@ static void run_cert(X509 *crt, const char *nameincert,
match = 0;
} else if (ret)
match = 1;
check_message(fn, "email", nameincert, match, *pname);
++pname;
free(name);
if (!TEST_true(check_message(fn, "email", nameincert, match, *pname)))
failed = 1;
OPENSSL_free(name);
}
return failed == 0;
}
int main(void)
static int call_run_cert(int i)
{
const struct set_name_fn *pfn = name_fns;
while (pfn->name) {
const char *const *pname = names;
while (*pname) {
X509 *crt = make_cert();
if (crt == NULL) {
fprintf(stderr, "make_cert failed\n");
return 1;
}
if (!pfn->fn(crt, *pname)) {
fprintf(stderr, "X509 name setting failed\n");
return 1;
}
run_cert(crt, *pname, pfn);
X509_free(crt);
++pname;
}
++pfn;
int failed = 0;
const struct set_name_fn *pfn = &name_fns[i];
X509 *crt;
const char *const *pname;
TEST_info("%s", pfn->name);
for (pname = names; *pname != NULL; pname++) {
if (!TEST_ptr(crt = make_cert())
|| !TEST_true(pfn->fn(crt, *pname))
|| !run_cert(crt, *pname, pfn))
failed = 1;
X509_free(crt);
}
return errors > 0 ? 1 : 0;
return failed == 0;
}
void register_tests(void)
{
ADD_ALL_TESTS(call_run_cert, sizeof(name_fns) / sizeof(name_fns[0]));
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册