Update more tests (f3ab6c16) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

test/build.info

+3 −3

Original line number	Diff line number	Diff line
		@@ -159,8 +159,8 @@ IF[{- !$disabled{tests} -}]
		INCLUDE[igetest]=.. ../include
		DEPEND[igetest]=../libcrypto

		SOURCE[v3nametest]=v3nametest.c
		INCLUDE[v3nametest]=../include
		SOURCE[v3nametest]=v3nametest.c testutil.c test_main.c
		INCLUDE[v3nametest]=.. ../include
		DEPEND[v3nametest]=../libcrypto

		SOURCE[crltest]=crltest.c testutil.c test_main.c
		@@ -276,7 +276,7 @@ IF[{- !$disabled{tests} -}]
		INCLUDE[dtlstest]=../include .
		DEPEND[dtlstest]=../libcrypto ../libssl

		SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c
		SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c testutil.c test_main_custom.c
		INCLUDE[sslcorrupttest]=../include .
		DEPEND[sslcorrupttest]=../libcrypto ../libssl

test/modes_internal_test.c

+25 −40

Original line number	Diff line number	Diff line
		@@ -198,8 +198,7 @@ static int execute_cts128(CTS128_FIXTURE fixture)
		unsigned char cleartext[64], ciphertext[64], vector[64];
		size_t tail;

		fprintf(stderr, "%s_vector_%" OSSLzu "\n", fixture.case_name, len);
		fflush(stdout);
		TEST_info("%s_vector_%lu", fixture.case_name, (unsigned long)len);

		tail = fixture.transform_output(orig_vector, vector, len);

		@@ -208,54 +207,39 @@ static int execute_cts128(CTS128_FIXTURE fixture)
		fixture.encrypt_block(test_input, ciphertext, len,
		encrypt_key_schedule, iv,
		(block128_f)AES_encrypt);
		if (memcmp(ciphertext, vector, len)) {
		fprintf(stderr, "block encrypt: output_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(ciphertext, len, vector, len))
		return 0;
		}
		if (memcmp(iv, vector + len - tail, sizeof(iv))) {
		fprintf(stderr, "block encrypt: iv_%" OSSLzu " mismatch\n", len);

		if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
		return 0;
		}

		/* test block-based decryption */
		memcpy(iv, test_iv, test_iv_len);
		fixture.decrypt_block(ciphertext, cleartext, len,
		decrypt_key_schedule, iv,
		(block128_f)AES_decrypt);
		if (memcmp(cleartext, test_input, len)) {
		fprintf(stderr, "block decrypt: input_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(cleartext, len, test_input, len))
		return 0;
		}
		if (memcmp(iv, vector + len - tail, sizeof(iv))) {
		fprintf(stderr, "block decrypt: iv_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
		return 0;
		}

		/* test streamed encryption */
		memcpy(iv, test_iv, test_iv_len);
		fixture.encrypt(test_input, ciphertext, len, encrypt_key_schedule,
		iv, (cbc128_f) AES_cbc_encrypt);
		if (memcmp(ciphertext, vector, len)) {
		fprintf(stderr, "stream encrypt: output_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(ciphertext, len, vector, len))
		return 0;
		}
		if (memcmp(iv, vector + len - tail, sizeof(iv))) {
		fprintf(stderr, "stream encrypt: iv_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
		return 0;
		}

		/* test streamed decryption */
		memcpy(iv, test_iv, test_iv_len);
		fixture.decrypt(ciphertext, cleartext, len, decrypt_key_schedule, iv,
		(cbc128_f)AES_cbc_encrypt);
		if (memcmp(cleartext, test_input, len)) {
		fprintf(stderr, "stream decrypt: input_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(cleartext, len, test_input, len))
		return 0;
		}
		if (memcmp(iv, vector + len - tail, sizeof(iv))) {
		fprintf(stderr, "stream decrypt: iv_%" OSSLzu " mismatch\n", len);
		if (!TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
		return 0;
		}

		return 1;
		}
		@@ -286,11 +270,11 @@ static int test_cts128_nist(int idx)
		EXECUTE_TEST_NO_TEARDOWN(execute_cts128);
		}

		/**********************************************************************
		/*
		*
		* Test of gcm128
		*
		***/
		*/

		/* Test Case 1 */
		static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
		@@ -876,7 +860,6 @@ static int test_gcm128(int idx)
		SIZED_DATA T = gcm128_vectors[idx].T;
		GCM128_CONTEXT ctx;
		AES_KEY key;
		int err = 0;

		/* Size 1 inputs are special-cased to signal NULL. */
		if (A.size == 1)
		@@ -891,25 +874,27 @@ static int test_gcm128(int idx)
		CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
		CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
		memset(out, 0, P.size);
		if (A.data)
		if (A.data != NULL)
		CRYPTO_gcm128_aad(&ctx, A.data, A.size);
		if (P.data)
		if (P.data != NULL)
		CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
		if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
		\|\| (C.data && memcmp(out, C.data, P.size)))
		err++, fprintf(stderr, "encrypt test#%d failed.\n", idx);
		if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
		\|\| (C.data != NULL
		&& !TEST_mem_eq(out, P.size, C.data, P.size)))
		return 0;

		CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
		memset(out, 0, P.size);
		if (A.data)
		if (A.data != NULL)
		CRYPTO_gcm128_aad(&ctx, A.data, A.size);
		if (C.data)
		if (C.data != NULL)
		CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
		if (CRYPTO_gcm128_finish(&ctx, T.data, 16)
		\|\| (P.data && memcmp(out, P.data, P.size)))
		err++, fprintf(stderr, "decrypt test#%d failed.\n", idx);
		if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
		\|\| (P.data != NULL
		&& !TEST_mem_eq(out, P.size, P.data, P.size)))
		return 0;

		return err == 0;
		return 1;
		}

		static void benchmark_gcm128(const unsigned char *K, size_t Klen,

test/sslcorrupttest.c

+25 −70

Original line number	Diff line number	Diff line
		@@ -10,6 +10,7 @@
		#include <string.h>
		#include "ssltestlib.h"
		#include "testutil.h"
		#include "test_main_custom.h"

		static int docorrupt = 0;

		@@ -180,39 +181,30 @@ static char *privkey = NULL;

		static int test_ssl_corrupt(int testidx)
		{
		static unsigned char junk[16000] = { 0 };
		SSL_CTX sctx = NULL, cctx = NULL;
		SSL server = NULL, client = NULL;
		BIO *c_to_s_fbio;
		int testresult = 0;
		static unsigned char junk[16000] = { 0 };
		STACK_OF(SSL_CIPHER) *ciphers;
		const SSL_CIPHER *currcipher;

		docorrupt = 0;

		printf("Starting Test %d, %s\n", testidx, cipher_list[testidx]);
		TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]);

		if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), &sctx,
		&cctx, cert, privkey)) {
		printf("Unable to create SSL_CTX pair\n");
		if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
		TLS_client_method(), &sctx,
		&cctx, cert, privkey)))
		return 0;
		}

		if (!SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])) {
		printf("Failed setting cipher list\n");
		if (!TEST_true(SSL_CTX_set_cipher_list(cctx, cipher_list[testidx])))
		goto end;
		}

		ciphers = SSL_CTX_get_ciphers(cctx);
		if (ciphers == NULL \|\| sk_SSL_CIPHER_num(ciphers) != 1) {
		printf("Unexpected ciphers set\n");
		if (!TEST_ptr(ciphers = SSL_CTX_get_ciphers(cctx))
		\|\| !TEST_int_eq(sk_SSL_CIPHER_num(ciphers), 1)
		\|\| !TEST_ptr(currcipher = sk_SSL_CIPHER_value(ciphers, 0)))
		goto end;
		}
		currcipher = sk_SSL_CIPHER_value(ciphers, 0);
		if (currcipher == NULL) {
		printf("Failed getting the current cipher\n");
		goto end;
		}

		/*
		* If we haven't got a TLSv1.3 cipher, then we mustn't attempt to use
		@@ -220,50 +212,32 @@ static int test_ssl_corrupt(int testidx)
		* get a "no shared cipher" error.
		*/
		if (strcmp(SSL_CIPHER_get_version(currcipher), "TLSv1.3") != 0) {
		if (!SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)) {
		printf("Failed setting max protocol version\n");
		if (!TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION)))
		goto end;
		}
		}

		c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter());
		if (c_to_s_fbio == NULL) {
		printf("Failed to create filter BIO\n");
		if (!TEST_ptr(c_to_s_fbio = BIO_new(bio_f_tls_corrupt_filter())))
		goto end;
		}

		/* BIO is freed by create_ssl_connection on error */
		if (!create_ssl_objects(sctx, cctx, &server, &client, NULL,
		c_to_s_fbio)) {
		printf("Unable to create SSL objects\n");
		ERR_print_errors_fp(stdout);
		if (!TEST_true(create_ssl_objects(sctx, cctx, &server, &client, NULL,
		c_to_s_fbio)))
		goto end;
		}

		if (!create_ssl_connection(server, client, SSL_ERROR_NONE)) {
		printf("Unable to create SSL connection\n");
		ERR_print_errors_fp(stdout);
		if (!TEST_true(create_ssl_connection(server, client, SSL_ERROR_NONE)))
		goto end;
		}

		docorrupt = 1;

		if (SSL_write(client, junk, sizeof(junk)) < 0) {
		printf("Unable to SSL_write\n");
		ERR_print_errors_fp(stdout);
		if (!TEST_int_ge(SSL_write(client, junk, sizeof(junk)), 0))
		goto end;
		}

		if (SSL_read(server, junk, sizeof(junk)) >= 0) {
		printf("Read should have failed with \"bad record mac\"\n");
		if (!TEST_int_lt(SSL_read(server, junk, sizeof(junk)), 0))
		goto end;
		}

		if (ERR_GET_REASON(ERR_peek_error()) !=
		SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC) {
		ERR_print_errors_fp(stdout);
		if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()),
		SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC))
		goto end;
		}

		testresult = 1;
		end:
		@@ -271,44 +245,25 @@ static int test_ssl_corrupt(int testidx)
		SSL_free(client);
		SSL_CTX_free(sctx);
		SSL_CTX_free(cctx);

		return testresult;
		}

		int main(int argc, char *argv[])
		int test_main(int argc, char *argv[])
		{
		BIO *err = NULL;
		int testresult = 1;
		int ret;

		if (argc != 3) {
		printf("Invalid argument count\n");
		return 1;
		TEST_error("Usage error");
		return 0;
		}

		cert = argv[1];
		privkey = argv[2];

		err = BIO_new_fp(stderr, BIO_NOCLOSE \| BIO_FP_TEXT);

		CRYPTO_set_mem_debug(1);
		CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

		ADD_ALL_TESTS(test_ssl_corrupt, setup_cipher_list());

		testresult = run_tests(argv[0]);

		ret = run_tests(argv[0]);
		bio_f_tls_corrupt_filter_free();

		OPENSSL_free(cipher_list);

		#ifndef OPENSSL_NO_CRYPTO_MDEBUG
		if (CRYPTO_mem_leaks(err) <= 0)
		testresult = 1;
		#endif
		BIO_free(err);

		if (!testresult)
		printf("PASS\n");

		return testresult;
		return ret;
		}

test/v3nametest.c

+66 −61

Original line number	Diff line number	Diff line
		@@ -7,10 +7,12 @@
		* https://www.openssl.org/source/license.html
		*/

		#include <string.h>
		#include "e_os.h"
		#include <openssl/x509.h>
		#include <openssl/x509v3.h>
		#include "../e_os.h"
		#include <string.h>
		#include "testutil.h"
		#include "test_main.h"

		static const char *const names[] = {
		"a", "b", ".", "*", "@",
		@@ -72,6 +74,7 @@ static const char *const exceptions[] = {
		static int is_exception(const char *msg)
		{
		const char const p;

		for (p = exceptions; *p; ++p)
		if (strcmp(msg, *p) == 0)
		return 1;
		@@ -83,13 +86,16 @@ static int set_cn(X509 *crt, ...)
		int ret = 0;
		X509_NAME *n = NULL;
		va_list ap;

		va_start(ap, crt);
		n = X509_NAME_new();
		if (n == NULL)
		goto out;

		while (1) {
		int nid;
		const char *name;

		nid = va_arg(ap, int);
		if (nid == 0)
		break;
		@@ -238,59 +244,55 @@ static const struct set_name_fn name_fns[] = {
		{set_email_and_cn, "set emailAddress", 0, 1},
		{set_altname_dns, "set dnsName", 1, 0},
		{set_altname_email, "set rfc822Name", 0, 1},
		{NULL, NULL, 0}
		};

		static X509 *make_cert()
		{
		X509 *ret = NULL;
		X509 *crt = NULL;
		X509_NAME *issuer = NULL;
		crt = X509_new();
		if (crt == NULL)
		goto out;
		if (!X509_set_version(crt, 3))
		goto out;
		ret = crt;
		crt = NULL;
		out:
		X509_NAME_free(issuer);
		return ret;
		}

		static int errors;
		if (!TEST_ptr(crt = X509_new()))
		return NULL;
		if (!TEST_true(X509_set_version(crt, 3))) {
		X509_free(crt);
		return NULL;
		}
		return crt;
		}

		static void check_message(const struct set_name_fn fn, const char op,
		static int check_message(const struct set_name_fn fn, const char op,
		const char nameincert, int match, const char name)
		{
		char msg[1024];

		if (match < 0)
		return;
		return 1;
		BIO_snprintf(msg, sizeof(msg), "%s: %s: [%s] %s [%s]",
		fn->name, op, nameincert,
		match ? "matches" : "does not match", name);
		if (is_exception(msg))
		return;
		puts(msg);
		++errors;
		return 1;
		TEST_error("%s", msg);
		return 0;
		}

		static void run_cert(X509 crt, const char nameincert,
		static int run_cert(X509 crt, const char nameincert,
		const struct set_name_fn *fn)
		{
		const char const pname = names;
		while (*pname) {
		int failed = 0;

		for (; *pname != NULL; ++pname) {
		int samename = strcasecmp(nameincert, *pname) == 0;
		size_t namelen = strlen(*pname);
		char *name = malloc(namelen);
		char *name = OPENSSL_malloc(namelen);
		int match, ret;

		memcpy(name, *pname, namelen);

		ret = X509_check_host(crt, name, namelen, 0, NULL);
		match = -1;
		if (ret < 0) {
		fprintf(stderr, "internal error in X509_check_host");
		++errors;
		if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen, 0, NULL),
		0)) {
		failed = 1;
		} else if (fn->host) {
		if (ret == 1 && !samename)
		match = 1;
		@@ -298,14 +300,14 @@ static void run_cert(X509 crt, const char nameincert,
		match = 0;
		} else if (ret == 1)
		match = 1;
		check_message(fn, "host", nameincert, match, *pname);
		if (!TEST_true(check_message(fn, "host", nameincert, match, *pname)))
		failed = 1;

		ret = X509_check_host(crt, name, namelen,
		X509_CHECK_FLAG_NO_WILDCARDS, NULL);
		match = -1;
		if (ret < 0) {
		fprintf(stderr, "internal error in X509_check_host");
		++errors;
		if (!TEST_int_ge(ret = X509_check_host(crt, name, namelen,
		X509_CHECK_FLAG_NO_WILDCARDS,
		NULL), 0)) {
		failed = 1;
		} else if (fn->host) {
		if (ret == 1 && !samename)
		match = 1;
		@@ -313,10 +315,12 @@ static void run_cert(X509 crt, const char nameincert,
		match = 0;
		} else if (ret == 1)
		match = 1;
		check_message(fn, "host-no-wildcards", nameincert, match, *pname);
		if (!TEST_true(check_message(fn, "host-no-wildcards",
		nameincert, match, *pname)))
		failed = 1;

		ret = X509_check_email(crt, name, namelen, 0);
		match = -1;
		ret = X509_check_email(crt, name, namelen, 0);
		if (fn->email) {
		if (ret && !samename)
		match = 1;
		@@ -324,32 +328,33 @@ static void run_cert(X509 crt, const char nameincert,
		match = 0;
		} else if (ret)
		match = 1;
		check_message(fn, "email", nameincert, match, *pname);
		++pname;
		free(name);
		if (!TEST_true(check_message(fn, "email", nameincert, match, *pname)))
		failed = 1;
		OPENSSL_free(name);
		}

		return failed == 0;
		}

		int main(void)
		static int call_run_cert(int i)
		{
		const struct set_name_fn *pfn = name_fns;
		while (pfn->name) {
		const char const pname = names;
		while (*pname) {
		X509 *crt = make_cert();
		if (crt == NULL) {
		fprintf(stderr, "make_cert failed\n");
		return 1;
		}
		if (!pfn->fn(crt, *pname)) {
		fprintf(stderr, "X509 name setting failed\n");
		return 1;
		}
		run_cert(crt, *pname, pfn);
		int failed = 0;
		const struct set_name_fn *pfn = &name_fns[i];
		X509 *crt;
		const char const pname;

		TEST_info("%s", pfn->name);
		for (pname = names; *pname != NULL; pname++) {
		if (!TEST_ptr(crt = make_cert())
		\|\| !TEST_true(pfn->fn(crt, *pname))
		\|\| !run_cert(crt, *pname, pfn))
		failed = 1;
		X509_free(crt);
		++pname;
		}
		++pfn;
		return failed == 0;
		}
		return errors > 0 ? 1 : 0;

		void register_tests(void)
		{
		ADD_ALL_TESTS(call_run_cert, sizeof(name_fns) / sizeof(name_fns[0]));
		}

Admin message