diff options
-rw-r--r-- | tests/alpn-server-prec.c | 3 | ||||
-rw-r--r-- | tests/key-material-set-dtls.c | 3 | ||||
-rw-r--r-- | tests/mini-alpn.c | 3 | ||||
-rw-r--r-- | tests/mini-dtls-discard.c | 3 | ||||
-rw-r--r-- | tests/mini-dtls-heartbeat.c | 3 | ||||
-rw-r--r-- | tests/mini-dtls-record.c | 3 | ||||
-rw-r--r-- | tests/mini-dtls-srtp.c | 3 | ||||
-rw-r--r-- | tests/mini-record-failure.c | 1 | ||||
-rw-r--r-- | tests/prf.c | 3 | ||||
-rw-r--r-- | tests/psk-file.c | 5 | ||||
-rw-r--r-- | tests/slow/cipher-api-test.c | 178 | ||||
-rw-r--r-- | tests/utils.h | 3 |
12 files changed, 172 insertions, 39 deletions
diff --git a/tests/alpn-server-prec.c b/tests/alpn-server-prec.c index e8da9ebada..0461c5d39a 100644 --- a/tests/alpn-server-prec.c +++ b/tests/alpn-server-prec.c @@ -45,6 +45,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -262,6 +263,8 @@ static void start(const char *p1, const char *p2, const char *cp1, const char *c int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/key-material-set-dtls.c b/tests/key-material-set-dtls.c index 692c7a6574..4a569162bb 100644 --- a/tests/key-material-set-dtls.c +++ b/tests/key-material-set-dtls.c @@ -42,6 +42,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -354,6 +355,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c index 304d0a171c..bed981451a 100644 --- a/tests/mini-alpn.c +++ b/tests/mini-alpn.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -264,6 +265,8 @@ static void start(const char *p1, const char *p2) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-discard.c b/tests/mini-dtls-discard.c index e9201acaea..97bc6de29b 100644 --- a/tests/mini-dtls-discard.c +++ b/tests/mini-dtls-discard.c @@ -44,6 +44,7 @@ int main() #include <arpa/inet.h> #include <unistd.h> #include <errno.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <assert.h> @@ -266,6 +267,8 @@ void start(const char *prio) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c index bb6fa7e528..cb575f9b2c 100644 --- a/tests/mini-dtls-heartbeat.c +++ b/tests/mini-dtls-heartbeat.c @@ -43,6 +43,7 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -312,6 +313,8 @@ static void start(int server_initiated) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-record.c b/tests/mini-dtls-record.c index 63bba89aaf..4d92d81c54 100644 --- a/tests/mini-dtls-record.c +++ b/tests/mini-dtls-record.c @@ -45,6 +45,7 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -367,6 +368,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-srtp.c b/tests/mini-dtls-srtp.c index 93c06820f8..78c03b3d1e 100644 --- a/tests/mini-dtls-srtp.c +++ b/tests/mini-dtls-srtp.c @@ -43,6 +43,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -304,6 +305,8 @@ static void start(int profile) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-record-failure.c b/tests/mini-record-failure.c index 02b0546270..46df2a1900 100644 --- a/tests/mini-record-failure.c +++ b/tests/mini-record-failure.c @@ -331,6 +331,7 @@ static void ch_handler(int sig) void doit(void) { + signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, ch_handler); start("aes-cbc", AES_CBC, 1); diff --git a/tests/prf.c b/tests/prf.c index 78526cfba8..ff839fe73c 100644 --- a/tests/prf.c +++ b/tests/prf.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -423,6 +424,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/psk-file.c b/tests/psk-file.c index 2512086e0f..0a6eef4b87 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -48,6 +48,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #endif #include <unistd.h> +#include <signal.h> #include <assert.h> #include <gnutls/gnutls.h> @@ -304,6 +305,8 @@ void run_test3(const char *prio, const char *sprio, const char *user, const gnut int err; int sockets[2]; + signal(SIGPIPE, SIG_IGN); + if (expect_fail_serv || expect_fail_cli) { success("ntest %s (user:%s)\n", prio, user); } else { @@ -407,7 +410,7 @@ void doit(void) run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", "jas", &key, 0, GNUTLS_KX_DHE_PSK, 0, 0); /* try without server credentials */ - run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS); + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS); } #endif /* _WIN32 */ diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c index 66b164037d..4a9cd1ea30 100644 --- a/tests/slow/cipher-api-test.c +++ b/tests/slow/cipher-api-test.c @@ -48,14 +48,54 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -static unsigned error_detected = 0; - -static void custom_abrt(int sig) +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_cipher(int algo) { - error_detected = 1; + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = + gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's block conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret >= 0) + fail("succeeded in encrypting partial data on block cipher\n"); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); } -static void test_cipher(int algo, unsigned aead) +/* Test whether an invalid gnutls_cipher_add_auth() is caught */ +static void test_aead_cipher1(int algo) { int ret; gnutls_cipher_hd_t ch; @@ -63,10 +103,9 @@ static void test_cipher(int algo, unsigned aead) uint8_t iv16[32]; uint8_t data[128]; gnutls_datum_t key, iv; - unsigned auth = 1; if (algo == GNUTLS_CIPHER_CHACHA20_POLY1305) - auth = 0; + return; key.data = key16; key.size = gnutls_cipher_get_key_size(algo); @@ -94,44 +133,84 @@ static void test_cipher(int algo, unsigned aead) if (ret < 0) fail("gnutls_cipher_init failed\n"); /*errcode 1 */ - if (aead) { - if (auth) { - ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); - if (ret < 0) - fail("could not add auth data\n"); - - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_add_auth(ch, data, 16); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in adding auth data data after partial data were given\n"); - } + ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not add auth data\n"); - /* try encrypting in a way that violates nettle's AEAD conventions */ - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); - if (ret < 0) - fail("could not encrypt data\n"); + ret = gnutls_cipher_add_auth(ch, data, 16); + if (ret >= 0) + fail("succeeded in adding auth data data after partial data were given\n"); - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in encrypting partial data after partial data were given\n"); + gnutls_cipher_deinit(ch); - } else { - /* try encrypting in a way that violates nettle's block conventions */ - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in encrypting partial data on block cipher\n"); + gnutls_global_deinit(); + return; +} + +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_aead_cipher2(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ } + + ret = + gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's AEAD conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not encrypt data\n"); + + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); + if (ret >= 0) + fail("succeeded in encrypting partial data after partial data were given\n"); + gnutls_cipher_deinit(ch); gnutls_global_deinit(); return; } +static void check_status(int status) +{ + if (WEXITSTATUS(status) != 0 || + (WIFSIGNALED(status) && WTERMSIG(status) != SIGABRT)) { + if (WIFSIGNALED(status)) { + fail("Child died with signal %d\n", WTERMSIG(status)); + } else { + fail("Child died with status %d\n", + WEXITSTATUS(status)); + } + } +} + static void start(const char *name, int algo, unsigned aead) { @@ -152,9 +231,34 @@ void start(const char *name, int algo, unsigned aead) int status; /* parent */ wait(&status); - check_wait_status(status); + check_status(status); + } else { + if (!aead) + test_cipher(algo); + else + test_aead_cipher1(algo); + exit(0); + } + + if (!aead) + return; + + /* check test_aead_cipher2 */ + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + wait(&status); + check_status(status); } else { - test_cipher(algo,aead); + test_aead_cipher2(algo); exit(0); } } diff --git a/tests/utils.h b/tests/utils.h index b905065c52..e5728374fa 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -24,6 +24,7 @@ #define UTILS_H #include <stdio.h> +#include <stdlib.h> #include <signal.h> #include <string.h> #include <stdarg.h> @@ -148,7 +149,7 @@ inline static void _check_wait_status(int status, unsigned sigonly) { #if defined WEXITSTATUS && defined WIFSIGNALED if (WEXITSTATUS(status) != 0 || - (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { + (WIFSIGNALED(status) && WTERMSIG(status) != SIGTERM)) { if (WIFSIGNALED(status)) { fail("Child died with signal %d\n", WTERMSIG(status)); } else { |