Add TEST_check (d61f0078) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/handshake_helper.c

+31 −33

Original line number	Diff line number	Diff line
		@@ -14,12 +14,12 @@
		#include <openssl/ssl.h>

		#include "handshake_helper.h"
		#include "testutil.h"

		HANDSHAKE_RESULT *HANDSHAKE_RESULT_new()
		{
		HANDSHAKE_RESULT *ret;
		ret = OPENSSL_zalloc(sizeof(*ret));
		OPENSSL_assert(ret != NULL);
		HANDSHAKE_RESULT ret = OPENSSL_zalloc(sizeof(ret));
		TEST_check(ret != NULL);
		return ret;
		}

		@@ -172,11 +172,11 @@ static void parse_protos(const char protos, unsigned char out, size_t outlen
		len = strlen(protos);

		/* Should never have reuse. */
		OPENSSL_assert(*out == NULL);
		TEST_check(*out == NULL);

		/* Test values are small, so we omit length limit checks. */
		*out = OPENSSL_malloc(len + 1);
		OPENSSL_assert(*out != NULL);
		TEST_check(*out != NULL);
		*outlen = len + 1;

		/*
		@@ -189,13 +189,13 @@ static void parse_protos(const char protos, unsigned char out, size_t outlen
		i = prefix + 1;
		while (i <= len) {
		if ((*out)[i] == ',') {
		OPENSSL_assert(i - 1 - prefix > 0);
		TEST_check(i - 1 - prefix > 0);
		(*out)[prefix] = i - 1 - prefix;
		prefix = i;
		}
		i++;
		}
		OPENSSL_assert(len - prefix > 0);
		TEST_check(len - prefix > 0);
		(*out)[prefix] = len - prefix;
		}

		@@ -217,8 +217,7 @@ static int client_npn_cb(SSL s, unsigned char out, unsigned char outlen,
		ctx_data->npn_protocols,
		ctx_data->npn_protocols_len);
		/* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */
		OPENSSL_assert(ret == OPENSSL_NPN_NEGOTIATED
		\|\| ret == OPENSSL_NPN_NO_OVERLAP);
		TEST_check(ret == OPENSSL_NPN_NEGOTIATED \|\| ret == OPENSSL_NPN_NO_OVERLAP);
		return SSL_TLSEXT_ERR_OK;
		}

		@@ -328,7 +327,7 @@ static void configure_handshake_ctx(SSL_CTX server_ctx, SSL_CTX server2_ctx,
		parse_protos(extra->server2.npn_protocols,
		&server2_ctx_data->npn_protocols,
		&server2_ctx_data->npn_protocols_len);
		OPENSSL_assert(server2_ctx != NULL);
		TEST_check(server2_ctx != NULL);
		SSL_CTX_set_next_protos_advertised_cb(server2_ctx, server_npn_cb,
		server2_ctx_data);
		}
		@@ -347,7 +346,7 @@ static void configure_handshake_ctx(SSL_CTX server_ctx, SSL_CTX server2_ctx,
		SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
		}
		if (extra->server2.alpn_protocols != NULL) {
		OPENSSL_assert(server2_ctx != NULL);
		TEST_check(server2_ctx != NULL);
		parse_protos(extra->server2.alpn_protocols,
		&server2_ctx_data->alpn_protocols,
		&server2_ctx_data->alpn_protocols_len);
		@@ -359,7 +358,7 @@ static void configure_handshake_ctx(SSL_CTX server_ctx, SSL_CTX server2_ctx,
		parse_protos(extra->client.alpn_protocols,
		&alpn_protos, &alpn_protos_len);
		/* Reversed return value convention... */
		OPENSSL_assert(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
		TEST_check(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
		alpn_protos_len) == 0);
		OPENSSL_free(alpn_protos);
		}
		@@ -370,21 +369,19 @@ static void configure_handshake_ctx(SSL_CTX server_ctx, SSL_CTX server2_ctx,
		*/
		ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0);
		ticket_keys = OPENSSL_zalloc(ticket_key_len);
		OPENSSL_assert(ticket_keys != NULL);
		OPENSSL_assert(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys,
		TEST_check(ticket_keys != NULL);
		TEST_check(SSL_CTX_set_tlsext_ticket_keys(server_ctx, ticket_keys,
		ticket_key_len) == 1);
		OPENSSL_free(ticket_keys);

		#ifndef OPENSSL_NO_CT
		OPENSSL_assert(SSL_CTX_set_default_ctlog_list_file(client_ctx));
		TEST_check(SSL_CTX_set_default_ctlog_list_file(client_ctx));
		switch (extra->client.ct_validation) {
		case SSL_TEST_CT_VALIDATION_PERMISSIVE:
		OPENSSL_assert(SSL_CTX_enable_ct(client_ctx,
		SSL_CT_VALIDATION_PERMISSIVE));
		TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_PERMISSIVE));
		break;
		case SSL_TEST_CT_VALIDATION_STRICT:
		OPENSSL_assert(SSL_CTX_enable_ct(client_ctx,
		SSL_CT_VALIDATION_STRICT));
		TEST_check(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT));
		break;
		case SSL_TEST_CT_VALIDATION_NONE:
		break;
		@@ -525,9 +522,9 @@ static char dup_str(const unsigned char in, size_t len)
		return NULL;

		/* Assert that the string does not contain NUL-bytes. */
		OPENSSL_assert(OPENSSL_strnlen((const char*)(in), len) == len);
		TEST_check(OPENSSL_strnlen((const char*)(in), len) == len);
		ret = OPENSSL_strndup((const char*)(in), len);
		OPENSSL_assert(ret != NULL);
		TEST_check(ret != NULL);
		return ret;
		}

		@@ -560,13 +557,14 @@ static HANDSHAKE_RESULT *do_handshake_internal(

		server = SSL_new(server_ctx);
		client = SSL_new(client_ctx);
		OPENSSL_assert(server != NULL && client != NULL);
		TEST_check(server != NULL);
		TEST_check(client != NULL);

		configure_handshake_ssl(server, client, extra);
		if (session_in != NULL) {
		/* In case we're testing resumption without tickets. */
		OPENSSL_assert(SSL_CTX_add_session(server_ctx, session_in));
		OPENSSL_assert(SSL_set_session(client, session_in));
		TEST_check(SSL_CTX_add_session(server_ctx, session_in));
		TEST_check(SSL_set_session(client, session_in));
		}

		memset(&server_ex_data, 0, sizeof(server_ex_data));
		@@ -577,7 +575,7 @@ static HANDSHAKE_RESULT *do_handshake_internal(
		client_to_server = BIO_new(BIO_s_mem());
		server_to_client = BIO_new(BIO_s_mem());

		OPENSSL_assert(client_to_server != NULL && server_to_client != NULL);
		TEST_check(client_to_server != NULL && server_to_client != NULL);

		/* Non-blocking bio. */
		BIO_set_nbio(client_to_server, 1);
		@@ -588,16 +586,16 @@ static HANDSHAKE_RESULT *do_handshake_internal(

		/* The bios are now owned by the SSL object. */
		SSL_set_bio(client, server_to_client, client_to_server);
		OPENSSL_assert(BIO_up_ref(server_to_client) > 0);
		OPENSSL_assert(BIO_up_ref(client_to_server) > 0);
		TEST_check(BIO_up_ref(server_to_client) > 0);
		TEST_check(BIO_up_ref(client_to_server) > 0);
		SSL_set_bio(server, client_to_server, server_to_client);

		ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL);
		OPENSSL_assert(ex_data_idx >= 0);
		TEST_check(ex_data_idx >= 0);

		OPENSSL_assert(SSL_set_ex_data(server, ex_data_idx,
		TEST_check(SSL_set_ex_data(server, ex_data_idx,
		&server_ex_data) == 1);
		OPENSSL_assert(SSL_set_ex_data(client, ex_data_idx,
		TEST_check(SSL_set_ex_data(client, ex_data_idx,
		&client_ex_data) == 1);

		SSL_set_info_callback(server, &info_cb);
		@@ -706,7 +704,7 @@ HANDSHAKE_RESULT do_handshake(SSL_CTX server_ctx, SSL_CTX *server2_ctx,
		if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_SIMPLE)
		goto end;

		OPENSSL_assert(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME);
		TEST_check(test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME);

		if (result->result != SSL_TEST_SUCCESS) {
		result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED;

test/ssl_test.c

+12 −12

Original line number	Diff line number	Diff line
		@@ -230,14 +230,14 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
		if (test_ctx->extra.server.servername_callback !=
		SSL_TEST_SERVERNAME_CB_NONE) {
		server2_ctx = SSL_CTX_new(DTLS_server_method());
		OPENSSL_assert(server2_ctx != NULL);
		TEST_check(server2_ctx != NULL);
		}
		client_ctx = SSL_CTX_new(DTLS_client_method());
		if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
		resume_server_ctx = SSL_CTX_new(DTLS_server_method());
		resume_client_ctx = SSL_CTX_new(DTLS_client_method());
		OPENSSL_assert(resume_server_ctx != NULL);
		OPENSSL_assert(resume_client_ctx != NULL);
		TEST_check(resume_server_ctx != NULL);
		TEST_check(resume_client_ctx != NULL);
		}
		}
		#endif
		@@ -247,22 +247,22 @@ static int execute_test(SSL_TEST_FIXTURE fixture)
		if (test_ctx->extra.server.servername_callback !=
		SSL_TEST_SERVERNAME_CB_NONE) {
		server2_ctx = SSL_CTX_new(TLS_server_method());
		OPENSSL_assert(server2_ctx != NULL);
		TEST_check(server2_ctx != NULL);
		}
		client_ctx = SSL_CTX_new(TLS_client_method());

		if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
		resume_server_ctx = SSL_CTX_new(TLS_server_method());
		resume_client_ctx = SSL_CTX_new(TLS_client_method());
		OPENSSL_assert(resume_server_ctx != NULL);
		OPENSSL_assert(resume_client_ctx != NULL);
		TEST_check(resume_server_ctx != NULL);
		TEST_check(resume_client_ctx != NULL);
		}
		}

		OPENSSL_assert(server_ctx != NULL);
		OPENSSL_assert(client_ctx != NULL);
		TEST_check(server_ctx != NULL);
		TEST_check(client_ctx != NULL);

		OPENSSL_assert(CONF_modules_load(conf, fixture.test_app, 0) > 0);
		TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);

		if (!SSL_CTX_config(server_ctx, "server")
		\|\| !SSL_CTX_config(client_ctx, "client")) {
		@@ -323,12 +323,12 @@ int main(int argc, char **argv)
		return 1;

		conf = NCONF_new(NULL);
		OPENSSL_assert(conf != NULL);
		TEST_check(conf != NULL);

		/* argv[1] should point to the test conf file */
		OPENSSL_assert(NCONF_load(conf, argv[1], NULL) > 0);
		TEST_check(NCONF_load(conf, argv[1], NULL) > 0);

		OPENSSL_assert(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests));
		TEST_check(NCONF_get_number_e(conf, NULL, "num_tests", &num_tests));

		ADD_ALL_TESTS(test_handshake, (int)(num_tests));
		result = run_tests(argv[0]);

test/ssl_test_ctx.c

+8 −7

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@

		#include "e_os.h"
		#include "ssl_test_ctx.h"
		#include "testutil.h"

		/* True enums and other test configuration values that map to an int. */
		typedef struct {
		@@ -286,7 +287,7 @@ const char *ssl_test_method_name(ssl_test_method_t method)
		{ \
		OPENSSL_free(ctx->field); \
		ctx->field = OPENSSL_strdup(value); \
		OPENSSL_assert(ctx->field != NULL); \
		TEST_check(ctx->field != NULL); \
		return 1; \
		}

		@@ -430,14 +431,14 @@ static const ssl_test_server_option ssl_test_server_options[] = {
		};

		/*
		* Since these methods are used to create tests, we use OPENSSL_assert liberally
		* Since these methods are used to create tests, we use TEST_check liberally
		* for malloc failures and other internal errors.
		*/
		SSL_TEST_CTX *SSL_TEST_CTX_new()
		{
		SSL_TEST_CTX *ret;
		ret = OPENSSL_zalloc(sizeof(*ret));
		OPENSSL_assert(ret != NULL);
		TEST_check(ret != NULL);
		return ret;
		}

		@@ -473,7 +474,7 @@ static int parse_client_options(SSL_TEST_CLIENT_CONF client, const CONF conf,
		size_t j;

		sk_conf = NCONF_get_section(conf, client_section);
		OPENSSL_assert(sk_conf != NULL);
		TEST_check(sk_conf != NULL);

		for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
		int found = 0;
		@@ -506,7 +507,7 @@ static int parse_server_options(SSL_TEST_SERVER_CONF server, const CONF conf,
		size_t j;

		sk_conf = NCONF_get_section(conf, server_section);
		OPENSSL_assert(sk_conf != NULL);
		TEST_check(sk_conf != NULL);

		for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
		int found = 0;
		@@ -539,10 +540,10 @@ SSL_TEST_CTX SSL_TEST_CTX_create(const CONF conf, const char *test_section)
		size_t j;

		sk_conf = NCONF_get_section(conf, test_section);
		OPENSSL_assert(sk_conf != NULL);
		TEST_check(sk_conf != NULL);

		ctx = SSL_TEST_CTX_new();
		OPENSSL_assert(ctx != NULL);
		TEST_check(ctx != NULL);

		for (i = 0; i < sk_CONF_VALUE_num(sk_conf); i++) {
		int found = 0;

test/ssl_test_ctx_test.c

+5 −6

Original line number	Diff line number	Diff line
		@@ -174,7 +174,7 @@ static SSL_TEST_CTX_TEST_FIXTURE set_up(const char *const test_case_name)
		SSL_TEST_CTX_TEST_FIXTURE fixture;
		fixture.test_case_name = test_case_name;
		fixture.expected_ctx = SSL_TEST_CTX_new();
		OPENSSL_assert(fixture.expected_ctx != NULL);
		TEST_check(fixture.expected_ctx != NULL);
		return fixture;
		}

		@@ -254,7 +254,7 @@ static int test_good_configuration()
		fixture.expected_ctx->extra.client.servername = SSL_TEST_SERVERNAME_SERVER2;
		fixture.expected_ctx->extra.client.npn_protocols =
		OPENSSL_strdup("foo,bar");
		OPENSSL_assert(fixture.expected_ctx->extra.client.npn_protocols != NULL);
		TEST_check(fixture.expected_ctx->extra.client.npn_protocols != NULL);

		fixture.expected_ctx->extra.server.servername_callback =
		SSL_TEST_SERVERNAME_IGNORE_MISMATCH;
		@@ -262,7 +262,7 @@ static int test_good_configuration()

		fixture.expected_ctx->resume_extra.server2.alpn_protocols =
		OPENSSL_strdup("baz");
		OPENSSL_assert(
		TEST_check(
		fixture.expected_ctx->resume_extra.server2.alpn_protocols != NULL);

		fixture.expected_ctx->resume_extra.client.ct_validation =
		@@ -302,11 +302,10 @@ int main(int argc, char **argv)
		return 1;

		conf = NCONF_new(NULL);
		OPENSSL_assert(conf != NULL);
		TEST_check(conf != NULL);

		/* argv[1] should point to test/ssl_test_ctx_test.conf */
		OPENSSL_assert(NCONF_load(conf, argv[1], NULL) > 0);

		TEST_check(NCONF_load(conf, argv[1], NULL) > 0);

		ADD_TEST(test_empty_configuration);
		ADD_TEST(test_good_configuration);

test/testutil.h

+15 −0

Original line number	Diff line number	Diff line
		@@ -10,6 +10,8 @@
		#ifndef HEADER_TESTUTIL_H
		# define HEADER_TESTUTIL_H

		#include <openssl/err.h>

		/*-
		* SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
		*
		@@ -94,3 +96,16 @@ int run_tests(const char *test_prog_name);
		*/
		int strings_equal(const char desc, const char s1, const char *s2);
		#endif /* HEADER_TESTUTIL_H */

		/*
		* For "impossible" conditions such as malloc failures or bugs in test code,
		* where continuing the test would be meaningless. Note that OPENSSL_assert
		* is fatal, and is never compiled out.
		*/
		#define TEST_check(condition) \
		do { \
		if (!(condition)) { \
		ERR_print_errors_fp(stderr); \
		OPENSSL_assert(!#condition); \
		} \
		} while (0);