X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fct_test.c;h=21f186822011c5adac5aacc5b081463feccab2c9;hp=6b36a434694b5149281d1a4b563af3cc67bceb79;hb=a8ea8018fa187e22fb4989450b550589e20f62c2;hpb=c9cf4bc815e08ee53e84da4b4c8300dad1d4d178 diff --git a/test/ct_test.c b/test/ct_test.c index 6b36a43469..21f1868220 100644 --- a/test/ct_test.c +++ b/test/ct_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,10 +19,11 @@ #include #include #include "testutil.h" +#include "openssl/crypto.h" #ifndef OPENSSL_NO_CT /* Used when declaring buffers to read text files into */ -#define CT_TEST_MAX_FILE_SIZE 8096 +# define CT_TEST_MAX_FILE_SIZE 8096 static char *certs_dir = NULL; static char *ct_dir = NULL; @@ -56,42 +57,44 @@ typedef struct ct_test_fixture { int test_validity; } CT_TEST_FIXTURE; -static CT_TEST_FIXTURE set_up(const char *const test_case_name) +static CT_TEST_FIXTURE *set_up(const char *const test_case_name) { - CT_TEST_FIXTURE fixture; - int ok = 0; + CT_TEST_FIXTURE *fixture = NULL; - memset(&fixture, 0, sizeof(fixture)); - fixture.test_case_name = test_case_name; - fixture.epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ - if (!TEST_ptr(fixture.ctlog_store = CTLOG_STORE_new()) + if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) + goto end; + fixture->test_case_name = test_case_name; + fixture->epoch_time_in_ms = 1473269626000; /* Sep 7 17:33:46 2016 GMT */ + if (!TEST_ptr(fixture->ctlog_store = CTLOG_STORE_new()) || !TEST_int_eq( - CTLOG_STORE_load_default_file(fixture.ctlog_store), 1)) + CTLOG_STORE_load_default_file(fixture->ctlog_store), 1)) goto end; - ok = 1; + return fixture; end: - if (!ok) { - CTLOG_STORE_free(fixture.ctlog_store); - TEST_error("Failed to setup"); - exit(EXIT_FAILURE); - } - return fixture; + if (fixture != NULL) + CTLOG_STORE_free(fixture->ctlog_store); + OPENSSL_free(fixture); + TEST_error("Failed to setup"); + return NULL; } -static void tear_down(CT_TEST_FIXTURE fixture) +static void tear_down(CT_TEST_FIXTURE *fixture) { - CTLOG_STORE_free(fixture.ctlog_store); - SCT_LIST_free(fixture.sct_list); + if (fixture != NULL) { + CTLOG_STORE_free(fixture->ctlog_store); + SCT_LIST_free(fixture->sct_list); + } + OPENSSL_free(fixture); } static char *mk_file_path(const char *dir, const char *file) { -#ifndef OPENSSL_SYS_VMS +# ifndef OPENSSL_SYS_VMS const char *sep = "/"; -#else +# else const char *sep = ""; -#endif +# endif size_t len = strlen(dir) + strlen(sep) + strlen(file) + 1; char *full_file = OPENSSL_zalloc(len); @@ -192,7 +195,7 @@ end: return result; } -static int assert_validity(CT_TEST_FIXTURE fixture, STACK_OF(SCT) *scts, +static int assert_validity(CT_TEST_FIXTURE *fixture, STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *policy_ctx) { int invalid_sct_count = 0; @@ -221,7 +224,7 @@ static int assert_validity(CT_TEST_FIXTURE fixture, STACK_OF(SCT) *scts, } } - if (!TEST_int_eq(valid_sct_count, fixture.expected_valid_sct_count)) { + if (!TEST_int_eq(valid_sct_count, fixture->expected_valid_sct_count)) { int unverified_sct_count = sk_SCT_num(scts) - invalid_sct_count - valid_sct_count; @@ -233,7 +236,7 @@ static int assert_validity(CT_TEST_FIXTURE fixture, STACK_OF(SCT) *scts, return 1; } -static int execute_cert_test(CT_TEST_FIXTURE fixture) +static int execute_cert_test(CT_TEST_FIXTURE *fixture) { int success = 0; X509 *cert = NULL, *issuer = NULL; @@ -245,8 +248,8 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) size_t tls_sct_list_len = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); - if (fixture.sct_text_file != NULL) { - sct_text_len = read_text_file(fixture.sct_dir, fixture.sct_text_file, + if (fixture->sct_text_file != NULL) { + sct_text_len = read_text_file(fixture->sct_dir, fixture->sct_text_file, expected_sct_text, CT_TEST_MAX_FILE_SIZE - 1); @@ -256,24 +259,24 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE( - ct_policy_ctx, fixture.ctlog_store); + ct_policy_ctx, fixture->ctlog_store); - CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture.epoch_time_in_ms); + CT_POLICY_EVAL_CTX_set_time(ct_policy_ctx, fixture->epoch_time_in_ms); - if (fixture.certificate_file != NULL) { + if (fixture->certificate_file != NULL) { int sct_extension_index; int i; X509_EXTENSION *sct_extension = NULL; - if (!TEST_ptr(cert = load_pem_cert(fixture.certs_dir, - fixture.certificate_file))) + if (!TEST_ptr(cert = load_pem_cert(fixture->certs_dir, + fixture->certificate_file))) goto end; CT_POLICY_EVAL_CTX_set1_cert(ct_policy_ctx, cert); - if (fixture.issuer_file != NULL) { - if (!TEST_ptr(issuer = load_pem_cert(fixture.certs_dir, - fixture.issuer_file))) + if (fixture->issuer_file != NULL) { + if (!TEST_ptr(issuer = load_pem_cert(fixture->certs_dir, + fixture->issuer_file))) goto end; CT_POLICY_EVAL_CTX_set1_issuer(ct_policy_ctx, issuer); } @@ -281,11 +284,11 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) sct_extension_index = X509_get_ext_by_NID(cert, NID_ct_precert_scts, -1); sct_extension = X509_get_ext(cert, sct_extension_index); - if (fixture.expected_sct_count > 0) { + if (fixture->expected_sct_count > 0) { if (!TEST_ptr(sct_extension)) goto end; - if (fixture.sct_text_file + if (fixture->sct_text_file && !compare_extension_printout(sct_extension, expected_sct_text)) goto end; @@ -299,7 +302,7 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } } - if (fixture.test_validity) { + if (fixture->test_validity) { if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; } @@ -308,24 +311,24 @@ static int execute_cert_test(CT_TEST_FIXTURE fixture) } } - if (fixture.tls_sct_list != NULL) { - const unsigned char *p = fixture.tls_sct_list; + if (fixture->tls_sct_list != NULL) { + const unsigned char *p = fixture->tls_sct_list; - if (!TEST_ptr(o2i_SCT_LIST(&scts, &p, fixture.tls_sct_list_len))) + if (!TEST_ptr(o2i_SCT_LIST(&scts, &p, fixture->tls_sct_list_len))) goto end; - if (fixture.test_validity && cert != NULL) { + if (fixture->test_validity && cert != NULL) { if (!assert_validity(fixture, scts, ct_policy_ctx)) goto end; } - if (fixture.sct_text_file + if (fixture->sct_text_file && !compare_sct_list_printout(scts, expected_sct_text)) { goto end; } tls_sct_list_len = i2o_SCT_LIST(scts, &tls_sct_list); - if (!TEST_mem_eq(fixture.tls_sct_list, fixture.tls_sct_list_len, + if (!TEST_mem_eq(fixture->tls_sct_list, fixture->tls_sct_list_len, tls_sct_list, tls_sct_list_len)) goto end; } @@ -341,79 +344,97 @@ end: return success; } -#define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) -#define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) +# define SETUP_CT_TEST_FIXTURE() SETUP_TEST_FIXTURE(CT_TEST_FIXTURE, set_up) +# define EXECUTE_CT_TEST() EXECUTE_TEST(execute_cert_test, tear_down) -static int test_no_scts_in_certificate() +static int test_no_scts_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "leaf.pem"; - fixture.issuer_file = "subinterCA.pem"; - fixture.expected_sct_count = 0; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "leaf.pem"; + fixture->issuer_file = "subinterCA.pem"; + fixture->expected_sct_count = 0; EXECUTE_CT_TEST(); + return result; } -static int test_one_sct_in_certificate() +static int test_one_sct_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = 1; - fixture.sct_dir = certs_dir; - fixture.sct_text_file = "embeddedSCTs1.sct"; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = 1; + fixture->sct_dir = certs_dir; + fixture->sct_text_file = "embeddedSCTs1.sct"; EXECUTE_CT_TEST(); + return result; } -static int test_multiple_scts_in_certificate() +static int test_multiple_scts_in_certificate(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs3.pem"; - fixture.issuer_file = "embeddedSCTs3_issuer.pem"; - fixture.expected_sct_count = 3; - fixture.sct_dir = certs_dir; - fixture.sct_text_file = "embeddedSCTs3.sct"; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs3.pem"; + fixture->issuer_file = "embeddedSCTs3_issuer.pem"; + fixture->expected_sct_count = 3; + fixture->sct_dir = certs_dir; + fixture->sct_text_file = "embeddedSCTs3.sct"; EXECUTE_CT_TEST(); + return result; } -static int test_verify_one_sct() +static int test_verify_one_sct(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = fixture.expected_valid_sct_count = 1; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = fixture->expected_valid_sct_count = 1; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } -static int test_verify_multiple_scts() +static int test_verify_multiple_scts(void) { SETUP_CT_TEST_FIXTURE(); - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs3.pem"; - fixture.issuer_file = "embeddedSCTs3_issuer.pem"; - fixture.expected_sct_count = fixture.expected_valid_sct_count = 3; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs3.pem"; + fixture->issuer_file = "embeddedSCTs3_issuer.pem"; + fixture->expected_sct_count = fixture->expected_valid_sct_count = 3; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } -static int test_verify_fails_for_future_sct() +static int test_verify_fails_for_future_sct(void) { SETUP_CT_TEST_FIXTURE(); - fixture.epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ - fixture.certs_dir = certs_dir; - fixture.certificate_file = "embeddedSCTs1.pem"; - fixture.issuer_file = "embeddedSCTs1_issuer.pem"; - fixture.expected_sct_count = 1; - fixture.expected_valid_sct_count = 0; - fixture.test_validity = 1; + if (fixture == NULL) + return 0; + fixture->epoch_time_in_ms = 1365094800000; /* Apr 4 17:00:00 2013 GMT */ + fixture->certs_dir = certs_dir; + fixture->certificate_file = "embeddedSCTs1.pem"; + fixture->issuer_file = "embeddedSCTs1_issuer.pem"; + fixture->expected_sct_count = 1; + fixture->expected_valid_sct_count = 0; + fixture->test_validity = 1; EXECUTE_CT_TEST(); + return result; } -static int test_decode_tls_sct() +static int test_decode_tls_sct(void) { const unsigned char tls_sct_list[] = "\x00\x78" /* length of list */ "\x00\x76" @@ -434,14 +455,17 @@ static int test_decode_tls_sct() "\xED\xBF\x08"; SETUP_CT_TEST_FIXTURE(); - fixture.tls_sct_list = tls_sct_list; - fixture.tls_sct_list_len = 0x7a; - fixture.sct_dir = ct_dir; - fixture.sct_text_file = "tls1.sct"; + if (fixture == NULL) + return 0; + fixture->tls_sct_list = tls_sct_list; + fixture->tls_sct_list_len = 0x7a; + fixture->sct_dir = ct_dir; + fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); + return result; } -static int test_encode_tls_sct() +static int test_encode_tls_sct(void) { const char log_id[] = "3xwuwRUAlFJHqWFoMl3cXHlZ6PfG04j8AC4LvT9012Q="; const uint64_t timestamp = 1; @@ -451,33 +475,37 @@ static int test_encode_tls_sct() SCT *sct = NULL; SETUP_CT_TEST_FIXTURE(); + if (fixture == NULL) + return 0; - fixture.sct_list = sk_SCT_new_null(); + fixture->sct_list = sk_SCT_new_null(); if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, CT_LOG_ENTRY_TYPE_X509, timestamp, extensions, signature))) return 0; - sk_SCT_push(fixture.sct_list, sct); - fixture.sct_dir = ct_dir; - fixture.sct_text_file = "tls1.sct"; + sk_SCT_push(fixture->sct_list, sct); + fixture->sct_dir = ct_dir; + fixture->sct_text_file = "tls1.sct"; EXECUTE_CT_TEST(); + return result; } /* * Tests that the CT_POLICY_EVAL_CTX default time is approximately now. * Allow +-10 minutes, as it may compensate for clock skew. */ -static int test_default_ct_policy_eval_ctx_time_is_now() +static int test_default_ct_policy_eval_ctx_time_is_now(void) { int success = 0; CT_POLICY_EVAL_CTX *ct_policy_ctx = CT_POLICY_EVAL_CTX_new(); const time_t default_time = CT_POLICY_EVAL_CTX_get_time(ct_policy_ctx) / - 1000; + 1000; const time_t time_tolerance = 600; /* 10 minutes */ - if (!TEST_uint_le(fabs(difftime(time(NULL), default_time)), time_tolerance)) + if (!TEST_uint_le((unsigned int)fabs(difftime(time(NULL), default_time)), + (unsigned int)time_tolerance)) goto end; success = 1; @@ -486,8 +514,24 @@ end: return success; } -int test_main(int argc, char *argv[]) +static int test_ctlog_from_base64(void) +{ + CTLOG *ctlogp = NULL; + const char notb64[] = "\01\02\03\04"; + const char pad[] = "===="; + const char name[] = "name"; + + /* We expect these to both fail! */ + if (!TEST_true(!CTLOG_new_from_base64(&ctlogp, notb64, name)) + || !TEST_true(!CTLOG_new_from_base64(&ctlogp, pad, name))) + return 0; + return 1; +} +#endif + +int setup_tests(void) { +#ifndef OPENSSL_NO_CT if ((ct_dir = getenv("CT_DIR")) == NULL) ct_dir = "ct"; if ((certs_dir = getenv("CERTS_DIR")) == NULL) @@ -502,13 +546,9 @@ int test_main(int argc, char *argv[]) ADD_TEST(test_decode_tls_sct); ADD_TEST(test_encode_tls_sct); ADD_TEST(test_default_ct_policy_eval_ctx_time_is_now); - - return run_tests(argv[0]); -} + ADD_TEST(test_ctlog_from_base64); #else -int test_main(int argc, char *argv[]) -{ printf("No CT support\n"); - return 0; -} #endif + return 1; +}