From f3ab6c16c424054c8d6d2c152744dcbaf41c3232 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Mon, 17 Apr 2017 13:54:45 -0400 Subject: [PATCH] Update more tests modes_internal_test, sslcorrupttest, v3nametest Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3238) --- test/build.info | 6 +- test/modes_internal_test.c | 65 ++++++++----------- test/sslcorrupttest.c | 95 ++++++++------------------- test/v3nametest.c | 127 +++++++++++++++++++------------------ 4 files changed, 119 insertions(+), 174 deletions(-) diff --git a/test/build.info b/test/build.info index eb36596ece..d6e43cf7b3 100644 --- a/test/build.info +++ b/test/build.info @@ -159,8 +159,8 @@ IF[{- !$disabled{tests} -}] INCLUDE[igetest]=.. ../include DEPEND[igetest]=../libcrypto - SOURCE[v3nametest]=v3nametest.c - INCLUDE[v3nametest]=../include + SOURCE[v3nametest]=v3nametest.c testutil.c test_main.c + INCLUDE[v3nametest]=.. ../include DEPEND[v3nametest]=../libcrypto SOURCE[crltest]=crltest.c testutil.c test_main.c @@ -276,7 +276,7 @@ IF[{- !$disabled{tests} -}] INCLUDE[dtlstest]=../include . DEPEND[dtlstest]=../libcrypto ../libssl - SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c + SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c test_main_custom.c INCLUDE[sslcorrupttest]=../include . DEPEND[sslcorrupttest]=../libcrypto ../libssl diff --git a/test/modes_internal_test.c b/test/modes_internal_test.c index c5265c9339..087115b242 100644 --- a/test/modes_internal_test.c +++ b/test/modes_internal_test.c @@ -198,8 +198,7 @@ static int execute_cts128(CTS128_FIXTURE fixture) unsigned char cleartext[64], ciphertext[64], vector[64]; size_t tail; - fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len); - fflush(stdout); + TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len); tail = fixture.transform_output(orig_vector, vector, len); @@ -208,54 +207,39 @@ static int execute_cts128(CTS128_FIXTURE fixture) fixture.encrypt_block(test_input, ciphertext, len, encrypt_key_schedule, iv, (block128_f)AES_encrypt); - if (memcmp(ciphertext, vector, len)) { - fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(ciphertext, len, vector, len)) return 0; - } - if (memcmp(iv, vector + len - tail, sizeof(iv))) { - fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len); + + if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; - } /* test block-based decryption */ memcpy(iv, test_iv, test_iv_len); fixture.decrypt_block(ciphertext, cleartext, len, decrypt_key_schedule, iv, (block128_f)AES_decrypt); - if (memcmp(cleartext, test_input, len)) { - fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(cleartext, len, test_input, len)) return 0; - } - if (memcmp(iv, vector + len - tail, sizeof(iv))) { - fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; - } /* test streamed encryption */ memcpy(iv, test_iv, test_iv_len); fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule, iv, (cbc128_f) AES_cbc_encrypt); - if (memcmp(ciphertext, vector, len)) { - fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(ciphertext, len, vector, len)) return 0; - } - if (memcmp(iv, vector + len - tail, sizeof(iv))) { - fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; - } /* test streamed decryption */ memcpy(iv, test_iv, test_iv_len); fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv, (cbc128_f)AES_cbc_encrypt); - if (memcmp(cleartext, test_input, len)) { - fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(cleartext, len, test_input, len)) return 0; - } - if (memcmp(iv, vector + len - tail, sizeof(iv))) { - fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len); + if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv))) return 0; - } return 1; } @@ -286,11 +270,11 @@ static int test_cts128_nist(int idx) EXECUTE_TEST_NO_TEARDOWN(execute_cts128); } -/********************************************************************** +/* * * Test of gcm128 * - ***/ + */ /* Test Case 1 */ static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 }; @@ -876,7 +860,6 @@ static int test_gcm128(int idx) SIZED_DATA T = gcm128_vectors[idx].T; GCM128_CONTEXT ctx; AES_KEY key; - int err = 0; /* Size 1 inputs are special-cased to signal NULL. */ if (A.size == 1) @@ -891,25 +874,27 @@ static int test_gcm128(int idx) CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt); CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); memset(out, 0, P.size); - if (A.data) + if (A.data != NULL) CRYPTO_gcm128_aad(&ctx, A.data, A.size); - if (P.data) + if (P.data != NULL) CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size); - if (CRYPTO_gcm128_finish(&ctx, T.data, 16) - || (C.data && memcmp(out, C.data, P.size))) - err++, fprintf(stderr, "encrypt test#%d failed.\n", idx); + if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) + || (C.data != NULL + && !TEST_mem_eq(out, P.size, C.data, P.size))) + return 0; CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size); memset(out, 0, P.size); - if (A.data) + if (A.data != NULL) CRYPTO_gcm128_aad(&ctx, A.data, A.size); - if (C.data) + if (C.data != NULL) CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size); - if (CRYPTO_gcm128_finish(&ctx, T.data, 16) - || (P.data && memcmp(out, P.data, P.size))) - err++, fprintf(stderr, "decrypt test#%d failed.\n", idx); + if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16)) + || (P.data != NULL + && !TEST_mem_eq(out, P.size, P.data, P.size))) + return 0; - return err == 0; + return 1; } static void benchmark_gcm128(const unsigned char *K, size_t Klen, diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 8ccad16f28..98e5bb3e06 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -10,6 +10,7 @@ #include #include "ssltestlib.h" #include "testutil.h" +#include "test_main_custom.h" static int docorrupt = 0; @@ -180,39 +181,30 @@ static char *privkey = NULL; static int test_ssl_corrupt(int testidx) { + static unsigned char junk[16000] = { 0 }; SSL_CTX *sctx = NULL, *cctx = NULL; SSL *server = NULL, *client = NULL; BIO *c_to_s_fbio; int testresult = 0; - static unsigned char junk[16000] = { 0 }; STACK_OF(SSL_CIPHER) *ciphers; const SSL_CIPHER *currcipher; docorrupt = 0; - printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]); + TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); - if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx, - &cctx, cert, privkey)) { - printf("Unable to create SSL_CTX pair\n"); + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), &sctx, + &cctx, cert, privkey))) return 0; - } - if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) { - printf("Failed setting cipher list\n"); + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx]))) goto end; - } - ciphers = SSL_CTX_get_ciphers(cctx); - if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) != 1) { - printf("Unexpected ciphers set\n"); + if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx)) + || !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1) + || !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0))) goto end; - } - currcipher = sk_SSL_CIPHER_value(ciphers, 0); - if (currcipher == NULL) { - printf("Failed getting the current cipher\n"); - goto end; - } /* * If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use @@ -220,50 +212,32 @@ static int test_ssl_corrupt(int testidx) * get a "no shared cipher" error. */ if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) { - if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) { - printf("Failed setting max protocol version\n"); + if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))) goto end; - } } - c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()); - if (c_to_s_fbio == NULL) { - printf("Failed to create filter BIO\n"); + if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter()))) goto end; - } /* BIO is freed by create_ssl_connection on error */ - if (!create_ssl_objects(sctx, cctx, &server, &client, NULL, - c_to_s_fbio)) { - printf("Unable to create SSL objects\n"); - ERR_print_errors_fp(stdout); + if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL, + c_to_s_fbio))) goto end; - } - if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) { - printf("Unable to create SSL connection\n"); - ERR_print_errors_fp(stdout); + if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE))) goto end; - } docorrupt = 1; - if (SSL_write(client, junk, sizeof(junk)) < 0) { - printf("Unable to SSL_write\n"); - ERR_print_errors_fp(stdout); + if (!TEST_int_ge(SSL_write(client, junk, sizeof(junk)), 0)) goto end; - } - if (SSL_read(server, junk, sizeof(junk)) >= 0) { - printf("Read should have failed with \"bad record mac\"\n"); + if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0)) goto end; - } - if (ERR_GET_REASON(ERR_peek_error()) != - SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) { - ERR_print_errors_fp(stdout); + if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()), + SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC)) goto end; - } testresult = 1; end: @@ -271,44 +245,25 @@ static int test_ssl_corrupt(int testidx) SSL_free(client); SSL_CTX_free(sctx); SSL_CTX_free(cctx); - return testresult; } -int main(int argc, char *argv[]) +int test_main(int argc, char *argv[]) { - BIO *err = NULL; - int testresult = 1; + int ret; if (argc != 3) { - printf("Invalid argument count\n"); - return 1; + TEST_error("Usage error"); + return 0; } - cert = argv[1]; privkey = argv[2]; - err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - - CRYPTO_set_mem_debug(1); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list()); - testresult = run_tests(argv[0]); - + ret = run_tests(argv[0]); bio_f_tls_corrupt_filter_free(); - OPENSSL_free(cipher_list); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - if (CRYPTO_mem_leaks(err) <= 0) - testresult = 1; -#endif - BIO_free(err); - - if (!testresult) - printf("PASS\n"); - - return testresult; + return ret; } diff --git a/test/v3nametest.c b/test/v3nametest.c index 648c1df4dd..39dcfe86ce 100644 --- a/test/v3nametest.c +++ b/test/v3nametest.c @@ -7,10 +7,12 @@ * https://www.openssl.org/source/license.html */ +#include +#include "e_os.h" #include #include -#include "../e_os.h" -#include +#include "testutil.h" +#include "test_main.h" static const char *const names[] = { "a", "b", ".", "*", "@", @@ -72,6 +74,7 @@ static const char *const exceptions[] = { static int is_exception(const char *msg) { const char *const *p; + for (p = exceptions; *p; ++p) if (strcmp(msg, *p) == 0) return 1; @@ -83,13 +86,16 @@ static int set_cn(X509 *crt, ...) int ret = 0; X509_NAME *n = NULL; va_list ap; + va_start(ap, crt); n = X509_NAME_new(); if (n == NULL) goto out; + while (1) { int nid; const char *name; + nid = va_arg(ap, int); if (nid == 0) break; @@ -238,59 +244,55 @@ static const struct set_name_fn name_fns[] = { {set_email_and_cn, "set emailAddress", 0, 1}, {set_altname_dns, "set dnsName", 1, 0}, {set_altname_email, "set rfc822Name", 0, 1}, - {NULL, NULL, 0} }; static X509 *make_cert() { - X509 *ret = NULL; X509 *crt = NULL; - X509_NAME *issuer = NULL; - crt = X509_new(); - if (crt == NULL) - goto out; - if (!X509_set_version(crt, 3)) - goto out; - ret = crt; - crt = NULL; - out: - X509_NAME_free(issuer); - return ret; -} -static int errors; + if (!TEST_ptr(crt = X509_new())) + return NULL; + if (!TEST_true(X509_set_version(crt, 3))) { + X509_free(crt); + return NULL; + } + return crt; +} -static void check_message(const struct set_name_fn *fn, const char *op, - const char *nameincert, int match, const char *name) +static int check_message(const struct set_name_fn *fn, const char *op, + const char *nameincert, int match, const char *name) { char msg[1024]; + if (match < 0) - return; + return 1; BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]", fn->name, op, nameincert, match ? "matches" : "does not match", name); if (is_exception(msg)) - return; - puts(msg); - ++errors; + return 1; + TEST_error("%s", msg); + return 0; } -static void run_cert(X509 *crt, const char *nameincert, +static int run_cert(X509 *crt, const char *nameincert, const struct set_name_fn *fn) { const char *const *pname = names; - while (*pname) { + int failed = 0; + + for (; *pname != NULL; ++pname) { int samename = strcasecmp(nameincert, *pname) == 0; size_t namelen = strlen(*pname); - char *name = malloc(namelen); + char *name = OPENSSL_malloc(namelen); int match, ret; + memcpy(name, *pname, namelen); - ret = X509_check_host(crt, name, namelen, 0, NULL); match = -1; - if (ret < 0) { - fprintf(stderr, "internal error in X509_check_host"); - ++errors; + if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL), + 0)) { + failed = 1; } else if (fn->host) { if (ret == 1 && !samename) match = 1; @@ -298,14 +300,14 @@ static void run_cert(X509 *crt, const char *nameincert, match = 0; } else if (ret == 1) match = 1; - check_message(fn, "host", nameincert, match, *pname); + if (!TEST_true(check_message(fn, "host", nameincert, match, *pname))) + failed = 1; - ret = X509_check_host(crt, name, namelen, - X509_CHECK_FLAG_NO_WILDCARDS, NULL); match = -1; - if (ret < 0) { - fprintf(stderr, "internal error in X509_check_host"); - ++errors; + if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, + X509_CHECK_FLAG_NO_WILDCARDS, + NULL), 0)) { + failed = 1; } else if (fn->host) { if (ret == 1 && !samename) match = 1; @@ -313,10 +315,12 @@ static void run_cert(X509 *crt, const char *nameincert, match = 0; } else if (ret == 1) match = 1; - check_message(fn, "host-no-wildcards", nameincert, match, *pname); + if (!TEST_true(check_message(fn, "host-no-wildcards", + nameincert, match, *pname))) + failed = 1; - ret = X509_check_email(crt, name, namelen, 0); match = -1; + ret = X509_check_email(crt, name, namelen, 0); if (fn->email) { if (ret && !samename) match = 1; @@ -324,32 +328,33 @@ static void run_cert(X509 *crt, const char *nameincert, match = 0; } else if (ret) match = 1; - check_message(fn, "email", nameincert, match, *pname); - ++pname; - free(name); + if (!TEST_true(check_message(fn, "email", nameincert, match, *pname))) + failed = 1; + OPENSSL_free(name); } + + return failed == 0; } -int main(void) +static int call_run_cert(int i) { - const struct set_name_fn *pfn = name_fns; - while (pfn->name) { - const char *const *pname = names; - while (*pname) { - X509 *crt = make_cert(); - if (crt == NULL) { - fprintf(stderr, "make_cert failed\n"); - return 1; - } - if (!pfn->fn(crt, *pname)) { - fprintf(stderr, "X509 name setting failed\n"); - return 1; - } - run_cert(crt, *pname, pfn); - X509_free(crt); - ++pname; - } - ++pfn; + int failed = 0; + const struct set_name_fn *pfn = &name_fns[i]; + X509 *crt; + const char *const *pname; + + TEST_info("%s", pfn->name); + for (pname = names; *pname != NULL; pname++) { + if (!TEST_ptr(crt = make_cert()) + || !TEST_true(pfn->fn(crt, *pname)) + || !run_cert(crt, *pname, pfn)) + failed = 1; + X509_free(crt); } - return errors > 0 ? 1 : 0; + return failed == 0; +} + +void register_tests(void) +{ + ADD_ALL_TESTS(call_run_cert, sizeof(name_fns) / sizeof(name_fns[0])); } -- GitLab