X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=test%2Fct_test.c;h=e1cc148ecba5479cd064fb19a601f8d772fb7dea;hp=b551b85bc25ccb542b87d430e582823f8c9e2f3a;hb=fb82cbfe3da846d61e1d4c6d14bf7f4111cccbb2;hpb=62b0a0dea612e3683c6bd4bef359fceda00238e8 diff --git a/test/ct_test.c b/test/ct_test.c index b551b85bc2..e1cc148ecb 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -1,14 +1,13 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include -#include #include #include #include @@ -19,10 +18,11 @@ #include #include #include "testutil.h" +#include #ifndef OPENSSL_NO_CT /* Used when declaring buffers to read text files into */ -#define CT_TEST_MAX_FILE_SIZE 8096 +# define CT_TEST_MAX_FILE_SIZE 8096 static char *certs_dir = NULL; static char *ct_dir = NULL; @@ -56,42 +56,44 @@ typedef struct ct_test_fixture { int test_validity; } CT_TEST_FIXTURE; -static CT_TEST_FIXTURE set_up(const char *const test_case_name) +static CT_TEST_FIXTURE *set_up(const char *const test_case_name) { - CT_TEST_FIXTURE fixture; - int ok = 0; + CT_TEST_FIXTURE *fixture = NULL; - memset(&fixture, 0, sizeof(fixture)); - fixture.test_case_name = test_case_name; - fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ - if (!TEST_ptr(fixture.ctlog_store = CTLOG_STORE_new()) + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + goto end; + fixture->test_case_name = test_case_name; + fixture->epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ + if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) || !TEST_int_eq( - CTLOG_STORE_load_default_file(fixture.ctlog_store), 1)) + CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) goto end; - ok = 1; + return fixture; end: - if (!ok) { - CTLOG_STORE_free(fixture.ctlog_store); - TEST_error("Failed to setup"); - exit(EXIT_FAILURE); - } - return fixture; + if (fixture != NULL) + CTLOG_STORE_free(fixture->ctlog_store); + OPENSSL_free(fixture); + TEST_error("Failed to setup"); + return NULL; } -static void tear_down(CT_TEST_FIXTURE fixture) +static void tear_down(CT_TEST_FIXTURE *fixture) { - CTLOG_STORE_free(fixture.ctlog_store); - SCT_LIST_free(fixture.sct_list); + if (fixture != NULL) { + CTLOG_STORE_free(fixture->ctlog_store); + SCT_LIST_free(fixture->sct_list); + } + OPENSSL_free(fixture); } static char *mk_file_path(const char *dir, const char *file) { -#ifndef OPENSSL_SYS_VMS +# ifndef OPENSSL_SYS_VMS const char *sep = "/"; -#else +# else const char *sep = ""; -#endif +# endif size_t len = strlen(dir) + strlen(sep) + strlen(file) + 1; char *full_file = OPENSSL_zalloc(len); @@ -192,7 +194,7 @@ end: return result; } -static int assert_validity(CT_TEST_FIXTURE fixture, STACK_OF(SCT) *scts, +static int assert_validity(CT_TEST_FIXTURE *fixture, STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *policy_ctx) { int invalid_sct_count = 0; @@ -221,7 +223,7 @@ static int assert_validity(CT_TEST_FIXTURE fixture, STACK_OF(SCT) *scts, } } - if (!TEST_int_eq(valid_sct_count, fixture.expected_valid_sct_count)) { + if (!TEST_int_eq(valid_sct_count, fixture->expected_valid_sct_count)) { int unverified_sct_count = sk_SCT_num(scts) - invalid_sct_count - valid_sct_count; @@ -233,7 +235,7 @@ static int assert_validity(CT_TEST_FIXTURE fixture, STACK_OF(SCT) *scts, return 1; } -static int execute_cert_test(CT_TEST_FIXTURE fixture) +static int execute_cert_test(CT_TEST_FIXTURE *fixture) { int success = 0; X509 *cert = NULL, *issuer = NULL; @@ -245,8 +247,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) size_t tls_sct_list_len = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); - if (fixture.sct_text_file != NULL) { - sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file, + if (fixture->sct_text_file != NULL) { + sct_text_len = read_text_file(fixture->sct_dir, fixture->sct_text_file, expected_sct_text, CT_TEST_MAX_FILE_SIZE - 1); @@ -256,24 +258,24 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE( - ct_policy_ctx, fixture.ctlog_store); + ct_policy_ctx, fixture->ctlog_store); - CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture.epoch_time_in_ms); + CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture->epoch_time_in_ms); - if (fixture.certificate_file != NULL) { + if (fixture->certificate_file != NULL) { int sct_extension_index; int i; X509_EXTENSION *sct_extension = NULL; - if (!TEST_ptr(cert = load_pem_cert(fixture.certs_dir, - fixture.certificate_file))) + if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir, + fixture->certificate_file))) goto end; CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert); - if (fixture.issuer_file != NULL) { - if (!TEST_ptr(issuer = load_pem_cert(fixture.certs_dir, - fixture.issuer_file))) + if (fixture->issuer_file != NULL) { + if (!TEST_ptr(issuer = load_pem_cert(fixture->certs_dir, + fixture->issuer_file))) goto end; CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer); } @@ -281,11 +283,11 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) sct_extension_index = X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); sct_extension = X509_get_ext(cert, sct_extension_index); - if (fixture.expected_sct_count > 0) { + if (fixture->expected_sct_count > 0) { if (!TEST_ptr(sct_extension)) goto end; - if (fixture.sct_text_file + if (fixture->sct_text_file && !compare_extension_printout(sct_extension, expected_sct_text)) goto end; @@ -294,12 +296,13 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) for (i = 0; i < sk_SCT_num(scts); ++i) { SCT *sct_i = sk_SCT_value(scts, i); - if (!TEST_int_eq(SCT_get_source(sct_i), SCT_SOURCE_X509V3_EXTENSION)) { + if (!TEST_int_eq(SCT_get_source(sct_i), + SCT_SOURCE_X509V3_EXTENSION)) { goto end; } } - if (fixture.test_validity) { + if (fixture->test_validity) { if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; } @@ -308,24 +311,24 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } } - if (fixture.tls_sct_list != NULL) { - const unsigned char *p = fixture.tls_sct_list; + if (fixture->tls_sct_list != NULL) { + const unsigned char *p = fixture->tls_sct_list; - if (!TEST_ptr(o2i_SCT_LIST(&scts, &p, fixture.tls_sct_list_len))) + if (!TEST_ptr(o2i_SCT_LIST(&scts, &p, fixture->tls_sct_list_len))) goto end; - if (fixture.test_validity && cert != NULL) { + if (fixture->test_validity && cert != NULL) { if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; } - if (fixture.sct_text_file + if (fixture->sct_text_file && !compare_sct_list_printout(scts, expected_sct_text)) { goto end; } tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list); - if (!TEST_mem_eq(fixture.tls_sct_list, fixture.tls_sct_list_len, + if (!TEST_mem_eq(fixture->tls_sct_list, fixture->tls_sct_list_len, tls_sct_list, tls_sct_list_len)) goto end; } @@ -341,76 +344,94 @@ end: return success; } -#define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) -#define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) +# define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) +# define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) static int test_no_scts_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "leaf.pem"; - fixture.issuer_file = "subinterCA.pem"; - fixture.expected_sct_count = 0; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "leaf.pem"; + fixture->issuer_file = "subinterCA.pem"; + fixture->expected_sct_count = 0; EXECUTE_CT_TEST(); + return result; } static int test_one_sct_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = 1; - fixture.sct_dir = certs_dir; - fixture.sct_text_file = "embeddedSCTs1.sct"; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = 1; + fixture->sct_dir = certs_dir; + fixture->sct_text_file = "embeddedSCTs1.sct"; EXECUTE_CT_TEST(); + return result; } static int test_multiple_scts_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs3.pem"; - fixture.issuer_file = "embeddedSCTs3_issuer.pem"; - fixture.expected_sct_count = 3; - fixture.sct_dir = certs_dir; - fixture.sct_text_file = "embeddedSCTs3.sct"; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs3.pem"; + fixture->issuer_file = "embeddedSCTs3_issuer.pem"; + fixture->expected_sct_count = 3; + fixture->sct_dir = certs_dir; + fixture->sct_text_file = "embeddedSCTs3.sct"; EXECUTE_CT_TEST(); + return result; } static int test_verify_one_sct(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = fixture.expected_valid_sct_count = 1; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = fixture->expected_valid_sct_count = 1; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } static int test_verify_multiple_scts(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs3.pem"; - fixture.issuer_file = "embeddedSCTs3_issuer.pem"; - fixture.expected_sct_count = fixture.expected_valid_sct_count = 3; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs3.pem"; + fixture->issuer_file = "embeddedSCTs3_issuer.pem"; + fixture->expected_sct_count = fixture->expected_valid_sct_count = 3; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } static int test_verify_fails_for_future_sct(void) { SETUP_CT_TEST_FIXTURE(); - fixture.epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = 1; - fixture.expected_valid_sct_count = 0; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = 1; + fixture->expected_valid_sct_count = 0; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } static int test_decode_tls_sct(void) @@ -434,11 +455,14 @@ static int test_decode_tls_sct(void) "\xED\xBF\x08"; SETUP_CT_TEST_FIXTURE(); - fixture.tls_sct_list = tls_sct_list; - fixture.tls_sct_list_len = 0x7a; - fixture.sct_dir = ct_dir; - fixture.sct_text_file = "tls1.sct"; + if (fixture == NULL) + return 0; + fixture->tls_sct_list = tls_sct_list; + fixture->tls_sct_list_len = 0x7a; + fixture->sct_dir = ct_dir; + fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); + return result; } static int test_encode_tls_sct(void) @@ -451,18 +475,21 @@ static int test_encode_tls_sct(void) SCT *sct = NULL; SETUP_CT_TEST_FIXTURE(); + if (fixture == NULL) + return 0; - fixture.sct_list = sk_SCT_new_null(); + fixture->sct_list = sk_SCT_new_null(); if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, CT_LOG_ENTRY_TYPE_X509, timestamp, extensions, signature))) return 0; - sk_SCT_push(fixture.sct_list, sct); - fixture.sct_dir = ct_dir; - fixture.sct_text_file = "tls1.sct"; + sk_SCT_push(fixture->sct_list, sct); + fixture->sct_dir = ct_dir; + fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); + return result; } /* @@ -473,11 +500,12 @@ static int test_default_ct_policy_eval_ctx_time_is_now(void) { int success = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); - const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / - 1000; + const time_t default_time = + (time_t)(CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / 1000); const time_t time_tolerance = 600; /* 10 minutes */ - if (!TEST_uint_le(fabs(difftime(time(NULL), default_time)), time_tolerance)) + if (!TEST_time_t_le(abs((int)difftime(time(NULL), default_time)), + time_tolerance)) goto end; success = 1; @@ -488,20 +516,22 @@ end: static int test_ctlog_from_base64(void) { - CTLOG *log = NULL; + CTLOG *ctlogp = NULL; const char notb64[] = "\01\02\03\04"; const char pad[] = "===="; const char name[] = "name"; /* We expect these to both fail! */ - if (!TEST_true(!CTLOG_new_from_base64(&log, notb64, name)) - || !TEST_true(!CTLOG_new_from_base64(&log, pad, name))) + if (!TEST_true(!CTLOG_new_from_base64(&ctlogp, notb64, name)) + || !TEST_true(!CTLOG_new_from_base64(&ctlogp, pad, name))) return 0; return 1; } +#endif -int test_main(int argc, char *argv[]) +int setup_tests(void) { +#ifndef OPENSSL_NO_CT if ((ct_dir = getenv("CT_DIR")) == NULL) ct_dir = "ct"; if ((certs_dir = getenv("CERTS_DIR")) == NULL) @@ -517,13 +547,8 @@ int test_main(int argc, char *argv[]) ADD_TEST(test_encode_tls_sct); ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now); ADD_TEST(test_ctlog_from_base64); - - return run_tests(argv[0]); -} #else -int test_main(int argc, char *argv[]) -{ printf("No CT support\n"); - return 0; -} #endif + return 1; +}