Commit Graph

60 Commits

Author SHA1 Message Date
shridhar kalavagunta
264ff64b94 Invoke tear_down when exiting test_encode_tls_sct() prematurely
Fixes #24121

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24222)
2024-04-23 11:33:42 +02:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Jiasheng Jiang
7625d70ad9 test/ct_test.c: Add the missing check after calling sk_SCT_new_null
As the potential failure of the allocation, the sk_SCT_new_null() could
return NULL pointer if fails.
And then sk_SCT_push() uses the 'fixture->sct_list' and returns -1 if
fails.
But the return value of the sk_SCT_push() is not checked.
I think it is better to check it just after the allocation.

CLA: trivial

Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17571)
2022-01-25 18:15:22 +01:00
Matt Caswell
9d01ac71a0 Fix safestack issues in ct.h
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12781)
2020-09-13 11:10:41 +01:00
Dr. David von Oheimb
06cee80a84 testutil: Make SETUP_TEST_FIXTURE return 0 on fixture == NULL
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11808)
2020-08-21 09:04:09 +02:00
Rich Salz
852c2ed260 In OpenSSL builds, declare STACK for datatypes ...
... and only *define* them in the source files that need them.
Use DEFINE_OR_DECLARE which is set appropriately for internal builds
and not non-deprecated builds.

Deprecate stack-of-block

Better documentation

Move some ASN1 struct typedefs to types.h

Update ParseC to handle this.  Most of all, ParseC needed to be more
consistent.  The handlers are "recursive", in so far that they are called
again and again until they terminate, which depends entirely on what the
"massager" returns.  There's a comment at the beginning of ParseC that
explains how that works. {Richard Levtte}

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10669)
2020-04-24 16:42:46 +02:00
Matt Caswell
33388b44b6 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)
2020-04-23 13:55:52 +01:00
Kurt Roeckx
4d9e8c9554 Create a new embeddedSCTs1 that's signed using SHA256
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
GH: #10786
2020-02-05 22:04:37 +01:00
Matt Caswell
1a2a3a4206 Extend tests of SSL_check_chain()
Actually supply a chain and then test:
1) A successful check of both the ee and chain certs
2) A failure to check the ee cert
3) A failure to check a chain cert

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9442)
2019-08-09 17:29:39 +01:00
Shane Lontis
98f29466dc fix truncation of integers on 32bit AIX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8417)
2019-03-11 14:45:18 +01:00
Richard Levitte
909f1a2e51 Following the license change, modify the boilerplates in test/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7767)
2018-12-06 14:19:22 +01:00
Matt Caswell
bc278f30f0 Add an explicit cast to time_t
Caused a compilation failure in some environments

Fixes #7204

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7205)
2018-09-13 09:00:29 +01:00
Andy Polyakov
b9d1ad3203 test/ct_test.c: remove dependency on -lm.
fabs(3m) is customarily inlined, but it's not, one has to link with -lm.
Since fabs(3m) is the only reference, it makes more sense to avoid it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2018-02-26 17:48:06 +01:00
Matt Caswell
6738bf1417 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
2018-02-13 13:59:25 +00:00
Richard Levitte
2b1aa19881 Reduce the use of e_os.h in test programs
This includes unnecessary use of the top as inclusion directory

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5132)
2018-01-22 16:21:40 +01:00
Andy Polyakov
3a63c0edab Resolve warnings in VC-WIN32 build, which allows to add /WX.
It's argued that /WX allows to keep better focus on new code, which
motivates its comeback...

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4721)
2017-11-13 10:58:57 +01:00
Pauli
99801878c0 Change SETUP_TEST_FIXTURE so that the fixture structure is passed by
reference not by value.  This allows an error return from the setup function.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4083)
2017-08-07 08:57:05 +10:00
Pauli
2326bba0e5 Test fixtures changed to pointers.
Change the fixture types to pointers to structures that are heap allocated in the tests that use SETUP_TEST_FIXTURE.  This will permit error returns from the setup function and allow for future running tests in parallel.

Also removed a call of `exit(2)` which allows the remaining tests to run if one fails to initialise.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4071)
2017-08-04 07:37:21 +10:00
Pauli
ad887416f1 Update the test framework so that the need for test_main is removed. Everything
that needed test_main now works using the same infrastructure as tests that used
register_tests.

This meant:
* renaming register_tests to setup_tests and giving it a success/failure return.
* renaming the init_test function to setup_test_framework.
* renaming the finish_test function to pulldown_test_framework.
* adding a user provided global_init function that runs before the test frame
    work is initialised.  It returns a failure indication that stops the stest.
* adding helper functions that permit tests to access their command line args.
* spliting the BIO initialisation and finalisation out from the test setup and
    teardown.
* hiding some of the now test internal functions.
* fix the comments in testutil.h

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3953)
2017-07-27 07:53:08 +10:00
Pauli
efc21a513f Fix compiler warnings
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3839)
2017-07-05 13:40:23 +10:00
Pauli
9b579777c5 Fix preprocessor indentation.
Rework main() to be in the style of the other conditional tests.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3711)
2017-06-19 08:28:04 -04:00
Benjamin Kaduk
62b0a0dea6 Fix memory leaks in CTLOG_new_from_base64
Move the call to ct_base64_decode(), which allocates, until after
the check for NULL output parameter.

Also place a cap on the number of padding characters used to decrement
the output length -- any more than two '='s is not permitted in a
well-formed base64 text.  Prior to this change, ct_base64_decode() would
return a length of -1 along with allocated storage for an input of
"====".

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3379)
2017-06-09 13:32:29 -04:00
Alex Gaynor
2b10cb5c0e Fixed merge nonsense
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Alex Gaynor
b1a3030e37 Newlines!
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Alex Gaynor
c9cf4bc815 Update the test to assert that the SCT is from an X.509 extension
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3149)
2017-05-22 08:03:22 -04:00
Richard Levitte
a9c6d22105 Adapt all test programs
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Rich Salz
adcd8e37db Convert more tests
ct_test,evp_extra_test,wpackettest,packettest
Add strncmp TEST wrappers
And make some style/consistency fixes to ct_test
Silence travis; gcc bug?

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3234)
2017-04-18 16:33:15 -04:00
Rob Percival
765731a888 Make sure things get deleted when test setup fails in ct_test.c
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:54:17 +00:00
Rob Percival
e2635c49f3 Use valid signature in test_decode_tls_sct()
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:43:36 +00:00
Rob Percival
f7a39a5a3f Construct SCT from base64 in ct_test
This gives better code coverage and is more representative of how a
user would likely construct an SCT (using the base64 returned by a CT log).

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1548)
2016-11-16 13:43:36 +00:00
Rob Percival
ebcb536858 Add test for CT_POLICY_EVAL_CTX default time
Checks that the epoch_time_in_ms field of CT_POLICY_EVAL_CTX is initialized
to approximately the current time (as returned by time()) by default. This
prevents the addition of this field, and its verification during SCT
validation, from breaking existing code that calls SCT_validate directly.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Rob Percival
1fa9ffd934 Check that SCT timestamps are not in the future
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1554)
2016-11-15 16:12:41 -05:00
Richard Levitte
42e055e124 Fix no-ct in test/ct_test.c
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1890)
2016-11-10 15:49:22 +01:00
Emilia Kasper
e364c3b24e Add main() test methods to reduce test boilerplate.
Simple tests only need to implement register_tests().
Tests that need a custom main() should implement test_main(). This will
be wrapped in a main() that performs common setup/teardown (currently
crypto-mdebug).

Note that for normal development, enable-asan is usually
sufficient for detecting leaks, and more versatile.

enable-crypto-mdebug is stricter as it will also
insist that all static variables be freed. This is useful for debugging
library init/deinit; however, it also means that test_main() must free
everything it allocates.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 16:07:16 +01:00
Emilia Kasper
d836d71b2d Simplify tests part 2
1) Remove some unnecessary fixtures
2) Add EXECUTE_TEST_NO_TEARDOWN shorthand when a fixture exists but has
no teardown.
3) Fix return values in ct_test.c (introduced by an earlier refactoring,
oops)

Note that for parameterized tests, the index (test vector) usually holds all the
customization, and there should be no need for a separate test
fixture. The CTS test is an exception: it demonstrates how to combine
customization with parameterization.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-07 16:55:16 +01:00
Emilia Kasper
6ec327eed6 testutil: always print errors on failure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 15:05:29 +01:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Rob Percival
a1bb7708ce Improves CTLOG_STORE setters
Changes them to have clearer ownership semantics, as suggested in
https://github.com/openssl/openssl/pull/1372#discussion_r73232196.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1408)
2016-08-15 12:56:47 -04:00
Rob Percival
876a1a83ad Tests should check validation status directly
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-20 11:54:56 +01:00
Rob Percival
4fc31f7583 Test SCT lists
This encompasses what was previously tested.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-06-20 11:31:04 +01:00
Rich Salz
440e5d805f Copyright consolidation 02/10
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-17 14:20:27 -04:00
Emilia Kasper
50eadf2a24 Fix warnings exposed by clang-3.8
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-10 01:50:32 +02:00
Viktor Dukhovni
43341433a8 Suppress CT callback as appropriate
Suppress CT callbacks with aNULL or PSK ciphersuites that involve
no certificates.  Ditto when the certificate chain is validated via
DANE-TA(2) or DANE-EE(3) TLSA records.  Also skip SCT processing
when the chain is fails verification.

Move and consolidate CT callbacks from libcrypto to libssl.  We
also simplify the interface to SSL_{,CTX_}_enable_ct() which can
specify either a permissive mode that just collects information or
a strict mode that requires at least one valid SCT or else asks to
abort the connection.

Simplified SCT processing and options in s_client(1) which now has
just a simple pair of "-noct" vs. "-ct" options, the latter enables
the permissive callback so that we can complete the handshake and
report all relevant information.  When printing SCTs, print the
validation status if set and not valid.

Signed-off-by: Rob Percival <robpercival@google.com>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 14:41:34 -04:00
FdaSilvaYY
f0e1fe7cc3 Add missing mem leak test activation and checks
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 06:17:21 -04:00
Emilia Kasper
ababe86b96 testutil: return 1 on success
Require that test methods return 1 on success (not 0). This is more
customary for OpenSSL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-05 17:05:40 +02:00
Rob Percival
8359b57f27 check reviewer --reviewer=emilia
Remove 'log' field from SCT and related accessors

In order to still have access to an SCT's CTLOG when calling SCT_print,
SSL_CTX_get0_ctlog_store has been added.

Improved documentation for some CT functions in openssl/ssl.h.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-10 14:53:04 -05:00
Richard Levitte
67336ea400 Make ct_dir and certs_dir static in test/ct_test.c
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:58:02 +01:00
Rob Percival
dc919c6935 Make SCT literals into const variables in ct_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
14db9bbd71 Removes SCT_LIST_set_source and SCT_LIST_set0_logs
Both of these functions can easily be implemented by callers instead.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00
Rob Percival
5c081a8f74 Remove unnecessary call to SCT_set1_extensions(sct, "", 0) in ct_test.c
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 11:34:48 -05:00