nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix "make check-spaces"

Browse Source
This commit is contained in:
Nick Mathewson 2015-10-02 14:33:54 +02:00
parent 39901bd408
commit b5aa257d46
7 changed files with 232 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/common/crypto.c
View File

@ -2734,3 +2734,4 @@ crypto_global_cleanup(void)
}
/** @} */

1
src/common/crypto.h
View File

@ -296,3 +296,4 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
#endif

73
src/common/tortls.c
View File

@ -111,7 +111,6 @@
#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
#endif
/** Return values for tor_tls_classify_client_ciphers.
*
* @{
@ -130,7 +129,6 @@
#define CIPHERS_UNRESTRICTED 3
/** @} */
/** The ex_data index in which we store a pointer to an SSL object's
* corresponding tor_tls_t object. */
STATIC int tor_tls_object_ex_data_index = -1;
@ -383,7 +381,7 @@ tor_tls_init(void)
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
long version = SSLeay();
/* LCOV_EXCL_START because we can't reasonably test these lines on the same machine */
/* LCOV_EXCL_START : we can't test these lines on the same machine */
if (version >= OPENSSL_V_SERIES(1,0,1)) {
/* Warn if we could *almost* be running with much faster ECDH.
If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
@ -456,7 +454,7 @@ tor_x509_name_new(const char *cname)
{
int nid;
X509_NAME *name;
/* LCOV_EXCL_BR_START because these branches will only fail on out of memory errors */
/* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */
if (!(name = X509_NAME_new()))
return NULL;
if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
@ -466,7 +464,7 @@ tor_x509_name_new(const char *cname)
/* LCOV_EXCL_BR_STOP */
return name;
error:
/* LCOV_EXCL_START because these lines will only execute on out of memory errors*/
/* LCOV_EXCL_START : these lines will only execute on out of memory errors*/
X509_NAME_free(name);
return NULL;
/* LCOV_EXCL_STOP */
@ -516,17 +514,17 @@ MOCK_IMPL(STATIC X509 *,
goto error;
if (!(pkey = crypto_pk_get_evp_pkey_(rsa,0)))
goto error;
if (!(x509 = X509_new())) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
if (!(x509 = X509_new()))
goto error;
if (!(X509_set_version(x509, 2))) /* LCOV_EXCL_BR_LINE because this can only fail when something catastrophic happens in openssl */
if (!(X509_set_version(x509, 2)))
goto error;
{ /* our serial number is 8 random bytes. */
if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
goto error;
if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
goto error;
if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509)))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
goto error;
}
@ -676,7 +674,7 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
length = i2d_X509(x509_cert, &buf);
cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
if (length <= 0 || buf == NULL) { /* LCOV_EXCL_BR_LINE because these conditions can't be provoked without memory failures */
if (length <= 0 || buf == NULL) {
/* LCOV_EXCL_START for the same reason as the exclusion above */
tor_free(cert);
log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
@ -1192,7 +1190,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
goto error;
X509_free(cert); /* We just added a reference to cert. */
cert=NULL;
if (idcert) { /* LCOV_EXCL_BR_LINE because we can't actually get here without a valid idcert */
if (idcert) {
X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
tor_assert(s);
X509_STORE_add_cert(s, idcert);
@ -1272,8 +1270,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
STATIC void
tor_tls_debug_state_callback(const SSL *ssl, int type, int val)
{
log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
/* LCOV_EXCL_START since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].",
ssl, SSL_state_string_long(ssl), type, val);
/* LCOV_EXCL_STOP */
}
/* Return the name of the negotiated ciphersuite in use on <b>tls</b> */
@ -1333,7 +1333,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
{
unsigned char cipherid[3];
tor_assert(ssl);
set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */
set_uint16(cipherid, htons(cipher));
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
* with a two-byte 'cipherid', it may look for a v2
* cipher with the appropriate 3 bytes. */
@ -1345,7 +1345,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
if (m && m->get_cipher_by_char) {
unsigned char cipherid[3];
set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */
set_uint16(cipherid, htons(cipher));
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
* with a two-byte 'cipherid', it may look for a v2
* cipher with the appropriate 3 bytes. */
@ -1436,7 +1436,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) &&
strcmp(ciphername, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) &&
strcmp(ciphername, "(NONE)")) {
log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername);
// return 1;
goto v2_or_higher;
}
@ -1474,9 +1474,9 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
smartlist_add(elts, (char*)ciphername);
}
s = smartlist_join_strings(elts, ":", 0, NULL);
log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s. It is: '%s'", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s. It is: '%s'",
(res == CIPHERS_V2) ? "fictitious" : "real", ADDR(tor_tls), s);
tor_free(s); /* LCOV_EXCL_BR_LINE since s will always be non-null here */
tor_free(s);
smartlist_free(elts);
}
done:
@ -1555,7 +1555,7 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
/* Don't send a hello request. */
SSL_set_verify((SSL*) ssl, SSL_VERIFY_NONE, NULL);
if (tls) { /* LCOV_EXCL_BR_LINE impossible to have tls be NULL here, it's checked earlier */
if (tls) {
tls->wasV2Handshake = 1;
} else {
log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); /* LCOV_EXCL_LINE this line is not reachable */
@ -1618,7 +1618,7 @@ tor_tls_new(int sock, int isServer)
tor_assert(context); /* make sure somebody made it first */
if (!(result->ssl = SSL_new(context->ctx))) {
tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object");
tor_free(result); /* LCOV_EXCL_BR_LINE because result can't be null here */
tor_free(result);
goto err;
}
@ -1627,7 +1627,7 @@ tor_tls_new(int sock, int isServer)
if (!isServer) {
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
tor_free(fake_hostname); /* LCOV_EXCL_BR_LINE because fake_hostname can't be null here */
tor_free(fake_hostname);
}
#endif
@ -1638,7 +1638,7 @@ tor_tls_new(int sock, int isServer)
SSL_set_tlsext_host_name(result->ssl, NULL);
#endif
SSL_free(result->ssl);
tor_free(result); /* LCOV_EXCL_BR_LINE because this can't be null here */
tor_free(result);
goto err;
}
result->socket = sock;
@ -1791,7 +1791,7 @@ tor_tls_free(tor_tls_t *tls)
tor_tls_context_decref(tls->context);
tor_free(tls->address);
tls->magic = 0x99999999;
tor_free(tls); /* LCOV_EXCL_BR_LINE because this line will not be reached if tls is NULL */
tor_free(tls);
}
/** Underlying function for TLS reading. Reads up to <b>len</b>
@ -1812,7 +1812,7 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
#ifdef V2_HANDSHAKE_SERVER
if (tls->got_renegotiate) {
/* Renegotiation happened! */
log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls)); /* LCOV_EXCL_BR_LINE because testing the branches of ADDR feels not so useful here */
log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
if (tls->negotiated_callback)
tls->negotiated_callback(tls, tls->callback_arg);
tls->got_renegotiate = 0;
@ -1821,13 +1821,13 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
return r;
}
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) { /* LCOV_EXCL_BR_LINE err can never be TOR_TLS_CLOSE here because tor_tls_get_error will never return it with those parameters */
log_debug(LD_NET,"read returned r=%d; TLS is closed",r); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) {
log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_CLOSE;
} else {
tor_assert(err != TOR_TLS_DONE);
log_debug(LD_NET,"read returned r=%d, err=%d",r,err); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_NET,"read returned r=%d, err=%d",r,err);
return err;
}
}
@ -1857,7 +1857,7 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
if (tls->wantwrite_n) {
/* if WANTWRITE last time, we must use the _same_ n as before */
tor_assert(n >= tls->wantwrite_n);
log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)",
(int)n, (int)tls->wantwrite_n);
n = tls->wantwrite_n;
tls->wantwrite_n = 0;
@ -1890,16 +1890,16 @@ tor_tls_handshake(tor_tls_t *tls)
check_no_tls_errors();
oldstate = SSL_state(tls->ssl);
if (tls->isServer) {
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
SSL_state_string_long(tls->ssl));
r = SSL_accept(tls->ssl);
} else {
log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls,
SSL_state_string_long(tls->ssl));
r = SSL_connect(tls->ssl);
}
if (oldstate != SSL_state(tls->ssl))
log_debug(LD_HANDSHAKE, "After call, %p was in state %s", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
tls, SSL_state_string_long(tls->ssl));
/* We need to call this here and not earlier, since OpenSSL has a penchant
* for clearing its flags when you say accept or connect. */
@ -1944,7 +1944,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
" get set. Fixing that.");
}
tls->wasV2Handshake = 1;
log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting" /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting"
" for renegotiation.");
} else {
tls->wasV2Handshake = 0;
@ -1957,11 +1957,11 @@ tor_tls_finish_handshake(tor_tls_t *tls)
STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
int n_certs = sk_X509_num(chain);
if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it " /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
"looks like a v1 handshake on %p", tls);
tls->wasV2Handshake = 0;
} else {
log_debug(LD_HANDSHAKE, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
log_debug(LD_HANDSHAKE,
"Server sent back a single certificate; looks like "
"a v2 handshake on %p.", tls);
tls->wasV2Handshake = 1;
@ -2200,7 +2200,7 @@ MOCK_IMPL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *
num_in_chain);
return;
}
for (i=0; i<num_in_chain; ++i) { /* LCOV_EXCL_BR_LINE because we can never hit the case when we don't enter this loop, since num_in_chain<1 is checked above */
for (i=0; i<num_in_chain; ++i) {
id_cert = sk_X509_value(chain, i);
if (X509_cmp(id_cert, cert) != 0)
break;
@ -2445,7 +2445,7 @@ dn_indicates_v3_cert(X509_NAME *name)
str = X509_NAME_ENTRY_get_data(entry);
len = ASN1_STRING_to_UTF8(&s, str);
if (len < 0){
if (len < 0) {
return 0;
}
r = fast_memneq(s + len - 4, ".net", 4);
@ -2625,7 +2625,7 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
(char*)buf, len);
memwipe(buf, 0, sizeof(buf));
memwipe(master_key, 0, master_key_len);
tor_free(master_key); /* LCOV_EXCL_BR_LINE since master_key will never be NULL here */
tor_free(master_key);
return 0;
}
@ -2762,3 +2762,4 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
return ret;
}

31
src/common/tortls.h
View File

@ -55,7 +55,6 @@ typedef struct tor_x509_cert_t tor_x509_cert_t;
#define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
#ifdef TORTLS_PRIVATE
#define TOR_TLS_MAGIC 0x71571571
@ -128,40 +127,45 @@ struct tor_tls_t {
void *callback_arg;
};
STATIC int tor_errno_to_tls_error(int e);
STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
const char *doing, int severity, int domain);
STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, STACK_OF(SSL_CIPHER) *peer_ciphers);
STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
STACK_OF(SSL_CIPHER) *peer_ciphers);
STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
MOCK_DECL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
(int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
STATIC int dn_indicates_v3_cert(X509_NAME *name);
STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len);
STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
size_t len);
STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher);
STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
int *secret_len,
STACK_OF(SSL_CIPHER) *peer_ciphers,
SSL_CIPHER **cipher, void *arg);
STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
uint16_t cipher);
MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
crypto_pk_t *rsa_sign,
const char *cname,
const char *cname_sign,
unsigned int cert_lifetime));
STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client);
unsigned int cert_lifetime));
STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
unsigned int key_lifetime, unsigned flags, int is_client);
MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
crypto_pk_t *identity,
unsigned int key_lifetime,
unsigned int flags,
int is_client);
STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing);
STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain,
const char *doing);
#endif
const char *tor_tls_err_to_string(int err);
void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
@ -254,3 +258,4 @@ const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
int evaluate_ecgroup_for_tls(const char *ecgroup);
#endif

1
src/test/test.c
View File

@ -1218,3 +1218,4 @@ struct testgroup_t testgroups[] = {
{ "dns/", dns_tests },
END_OF_GROUPS
};

4
src/test/test_routerset.c
View File

@ -500,7 +500,7 @@ NS(test_main)(void *arg)
tt_int_op(smartlist_len(set->policies), OP_NE, 0);
tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
done:
done:
routerset_free(set);
}
@ -547,7 +547,7 @@ NS(test_main)(void *arg)
tt_int_op(smartlist_len(set->policies), OP_NE, 0);
tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
done:
done:
routerset_free(set);
}

308
src/test/test_tortls.c
View File

@ -41,12 +41,17 @@ static void
test_tortls_errno_to_tls_error(void *data)
{
(void) data;
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,TOR_TLS_ERROR_CONNRESET);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,TOR_TLS_ERROR_TIMEOUT);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,TOR_TLS_ERROR_CONNREFUSED);
tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,
TOR_TLS_ERROR_CONNRESET);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,
TOR_TLS_ERROR_TIMEOUT);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,
TOR_TLS_ERROR_NO_ROUTE);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,
TOR_TLS_ERROR_NO_ROUTE);
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,
TOR_TLS_ERROR_CONNREFUSED);
tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
done:
(void)1;
}
@ -55,17 +60,21 @@ static void
test_tortls_err_to_string(void *data)
{
(void) data;
tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,"connection refused");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,"connection reset");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,"host unreachable");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,"connection timed out");
tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,
"connection refused");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,
"connection reset");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,
"host unreachable");
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,
"connection timed out");
tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
done:
(void)1;
}
@ -82,28 +91,27 @@ static void
test_tortls_tor_tls_new(void *data)
{
(void) data;
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
crypto_pk_t *key1 = NULL, *key2 = NULL;
key1 = pk_generate(2);
key2 = pk_generate(3);
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
crypto_pk_t *key1 = NULL, *key2 = NULL;
key1 = pk_generate(2);
key2 = pk_generate(3);
tor_tls_t *tls;
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), OP_EQ, 0);
tls = tor_tls_new(-1, 0);
tt_want(tls);
tor_tls_t *tls;
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), OP_EQ, 0);
tls = tor_tls_new(-1, 0);
tt_want(tls);
client_tls_context->ctx = NULL;
tls = tor_tls_new(-1, 0);
tt_assert(!tls);
client_tls_context->ctx = NULL;
tls = tor_tls_new(-1, 0);
tt_assert(!tls);
SSL_METHOD *method = give_me_a_test_method();
SSL_CTX *ctx = SSL_CTX_new(method);
method->num_ciphers = fake_num_ciphers;
client_tls_context->ctx = ctx;
tls = tor_tls_new(-1, 0);
tt_assert(!tls);
SSL_METHOD *method = give_me_a_test_method();
SSL_CTX *ctx = SSL_CTX_new(method);
method->num_ciphers = fake_num_ciphers;
client_tls_context->ctx = ctx;
tls = tor_tls_new(-1, 0);
tt_assert(!tls);
done:
UNMOCK(tor_tls_cert_matches_key);
@ -113,40 +121,41 @@ test_tortls_tor_tls_new(void *data)
#define NS_MODULE tortls
NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
const char *funcname, const char *suffix, const char *format, va_list ap));
const char *funcname, const char *suffix,
const char *format, va_list ap));
static void
NS(logv)(int severity, log_domain_mask_t domain,
const char *funcname, const char *suffix, const char *format,
va_list ap)
const char *funcname, const char *suffix, const char *format,
va_list ap)
{
(void) severity;
(void) domain;
(void) funcname;
(void) suffix;
(void) format;
(void) ap; // XXXX look at this.
CALLED(logv)++;
(void) severity;
(void) domain;
(void) funcname;
(void) suffix;
(void) format;
(void) ap; // XXXX look at this.
CALLED(logv)++;
}
static void
test_tortls_tor_tls_get_error(void *data)
{
(void) data;
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
crypto_pk_t *key1 = NULL, *key2 = NULL;
key1 = pk_generate(2);
key2 = pk_generate(3);
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
crypto_pk_t *key1 = NULL, *key2 = NULL;
key1 = pk_generate(2);
key2 = pk_generate(3);
tor_tls_t *tls;
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), OP_EQ, 0);
tls = tor_tls_new(-1, 0);
NS_MOCK(logv);
tt_int_op(CALLED(logv), OP_EQ, 0);
tor_tls_get_error(tls, 0, 0,
(const char *)"test", 0, 0);
tt_int_op(CALLED(logv), OP_EQ, 1);
tor_tls_t *tls;
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
key1, key2, 86400), OP_EQ, 0);
tls = tor_tls_new(-1, 0);
NS_MOCK(logv);
tt_int_op(CALLED(logv), OP_EQ, 0);
tor_tls_get_error(tls, 0, 0,
(const char *)"test", 0, 0);
tt_int_op(CALLED(logv), OP_EQ, 1);
done:
UNMOCK(tor_tls_cert_matches_key);
@ -284,58 +293,68 @@ test_tortls_log_one_error(void *ignored)
tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in (null):(null):---)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: "
"(null) (in (null):(null):---)\n");
mock_clean_saved_logs();
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) (in (null):(null):---)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) "
"(in (null):(null):---)\n");
mock_clean_saved_logs();
tls->address = tor_strdup("127.hello");
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):---)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) "
"(in (null):(null):---)\n");
mock_clean_saved_logs();
tls->address = tor_strdup("127.hello");
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with 127.hello: (null) (in (null):(null):---)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with "
"127.hello: (null) (in (null):(null):---)\n");
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: BN lib (in unknown library:(null):---)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: "
"BN lib (in unknown library:(null):---)\n");
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), LOG_WARN, 0, NULL);
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST), LOG_WARN, 0, NULL);
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH), LOG_WARN, 0, NULL);
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE), LOG_WARN, 0, NULL);
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL), LOG_WARN, 0, NULL);
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs();
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL), LOG_WARN, 0, NULL);
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
@ -344,7 +363,8 @@ test_tortls_log_one_error(void *ignored)
mock_clean_saved_logs();
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):before/accept initialization)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null)"
" (in (null):(null):before/accept initialization)\n");
done:
teardown_capture_of_logs(previous_log);
@ -373,7 +393,8 @@ test_tortls_get_error(void *ignored)
ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while something (before/accept initialization)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while"
" something (before/accept initialization)\n");
mock_clean_saved_logs();
ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
@ -391,7 +412,8 @@ test_tortls_get_error(void *ignored)
ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in bignum routines:(null):before/accept initialization)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null)"
" (in bignum routines:(null):before/accept initialization)\n");
mock_clean_saved_logs();
ERR_clear_error();
@ -409,7 +431,6 @@ test_tortls_get_error(void *ignored)
tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
tt_int_op(mock_saved_log_number(), OP_EQ, 0);
mock_clean_saved_logs();
ERR_clear_error();
tls->ssl->rwstate = 0;
@ -429,7 +450,9 @@ test_tortls_get_error(void *ignored)
ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
tt_int_op(ret, OP_EQ, -9);
tt_int_op(mock_saved_log_number(), OP_EQ, 2);
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while something: (null) (in system library:connect:before/accept initialization)\n");
tt_str_op(mock_saved_log_at(1), OP_EQ,
"TLS error while something: (null) (in system library:"
"connect:before/accept initialization)\n");
done:
teardown_capture_of_logs(previous_log);
@ -449,7 +472,6 @@ test_tortls_always_accept_verify_cb(void *ignored)
(void)0;
}
static void
test_tortls_x509_cert_free(void *ignored)
{
@ -639,7 +661,6 @@ test_tortls_get_my_certs(void *ignored)
ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out);
tt_int_op(ret, OP_EQ, 0);
done:
(void)1;
}
@ -685,7 +706,7 @@ get_cipher_by_id(uint16_t id)
int num = method->num_ciphers();
for (i = 0; i < num; ++i) {
const SSL_CIPHER *cipher = method->get_cipher(i);
if(id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
return (SSL_CIPHER *)cipher;
}
}
@ -778,7 +799,7 @@ test_tortls_classify_client_ciphers(void *ignored)
tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
sk_SSL_CIPHER_zero(ciphers);
for(i=0; v2_cipher_list[i]; i++) {
for (i=0; v2_cipher_list[i]; i++) {
tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
tt_assert(tmp_cipher);
sk_SSL_CIPHER_push(ciphers, tmp_cipher);
@ -788,7 +809,6 @@ test_tortls_classify_client_ciphers(void *ignored)
tt_int_op(ret, OP_EQ, 2);
tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
done:
(void)1;
}
@ -815,7 +835,6 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
ret = tor_tls_client_is_using_v2_ciphers(ssl);
tt_int_op(ret, OP_EQ, -1);
ssl->session = sess;
ret = tor_tls_client_is_using_v2_ciphers(ssl);
tt_int_op(ret, OP_EQ, 0);
@ -846,7 +865,8 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
*id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
}
static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n"
static const char* notCompletelyValidCertString =
"-----BEGIN CERTIFICATE-----\n"
"MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
"A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
"MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
@ -862,7 +882,6 @@ static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n
"evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
"-----END CERTIFICATE-----\n";
static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
"MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
"VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
@ -936,7 +955,8 @@ test_tortls_verify(void *ignored)
int ret;
tor_tls_t *tls;
crypto_pk_t *k = NULL;
X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL, *validCert = NULL, *caCert = NULL;
X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
*validCert = NULL, *caCert = NULL;
cert1 = tor_malloc_zero(sizeof(X509));
cert1->references = 10;
@ -1123,38 +1143,45 @@ test_tortls_dn_indicates_v3_cert(void *ignored)
X509_NAME *name;
name = X509_NAME_new();
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char *)"Foobar", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(const unsigned char *)"US", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
(const unsigned char *)"Foobar", -1, -1, 0);
ret = dn_indicates_v3_cert(name);
tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(name);
name = X509_NAME_new();
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
(const unsigned char *)"US", -1, -1, 0);
ret = dn_indicates_v3_cert(name);
tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(name);
name = X509_NAME_new();
X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL, (const unsigned char *)"123", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL,
(const unsigned char *)"123", -1, -1, 0);
ret = dn_indicates_v3_cert(name);
tt_int_op(ret, OP_EQ, 0);
X509_NAME_free(name);
name = X509_NAME_new();
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.com", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
(const unsigned char *)"hello.com", -1, -1, 0);
ret = dn_indicates_v3_cert(name);
tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(name);
name = X509_NAME_new();
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.net", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
(const unsigned char *)"hello.net", -1, -1, 0);
ret = dn_indicates_v3_cert(name);
tt_int_op(ret, OP_EQ, 0);
X509_NAME_free(name);
name = X509_NAME_new();
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"x.s", -1, -1, 0);
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
(const unsigned char *)"x.s", -1, -1, 0);
ret = dn_indicates_v3_cert(name);
tt_int_op(ret, OP_EQ, 1);
@ -1181,44 +1208,46 @@ test_tortls_received_v3_certificate(void *ignored)
tls->ssl->session->peer = validCert;
subject = X509_NAME_new();
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
(const unsigned char *)"same.com", -1, -1, 0);
X509_set_subject_name(validCert, subject);
issuer = X509_NAME_new();
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC,
(const unsigned char *)"same.com", -1, -1, 0);
X509_set_issuer_name(validCert, issuer);
ret = tor_tls_received_v3_certificate(tls);
tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(subject);
subject = X509_NAME_new();
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0);
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
(const unsigned char *)"different.net", -1, -1, 0);
X509_set_subject_name(validCert, subject);
ret = tor_tls_received_v3_certificate(tls);
tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(subject);
subject = X509_NAME_new();
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
(const unsigned char *)"same.com", -1, -1, 0);
X509_set_subject_name(validCert, subject);
X509_NAME_free(issuer);
issuer = X509_NAME_new();
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0);
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC,
(const unsigned char *)"different.net", -1, -1, 0);
X509_set_issuer_name(validCert, issuer);
ret = tor_tls_received_v3_certificate(tls);
tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(subject);
subject = X509_NAME_new();
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different2.net", -1, -1, 0);
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
(const unsigned char *)"different2.net", -1, -1, 0);
X509_set_subject_name(validCert, subject);
ret = tor_tls_received_v3_certificate(tls);
tt_int_op(ret, OP_EQ, 0);
@ -1233,7 +1262,6 @@ test_tortls_received_v3_certificate(void *ignored)
ret = tor_tls_received_v3_certificate(tls);
tt_int_op(ret, OP_EQ, 1);
done:
X509_NAME_free(subject);
X509_NAME_free(issuer);
@ -1405,18 +1433,18 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored)
typedef struct cert_pkey_st_local
{
X509 *x509;
EVP_PKEY *privatekey;
const EVP_MD *digest;
X509 *x509;
EVP_PKEY *privatekey;
const EVP_MD *digest;
} CERT_PKEY_local;
typedef struct sess_cert_st_local
{
STACK_OF(X509) *cert_chain;
int peer_cert_type;
CERT_PKEY_local *peer_key;
CERT_PKEY_local peer_pkeys[8];
int references;
STACK_OF(X509) *cert_chain;
int peer_cert_type;
CERT_PKEY_local *peer_key;
CERT_PKEY_local peer_pkeys[8];
int references;
} SESS_CERT_local;
static void
@ -1577,8 +1605,8 @@ test_tortls_session_secret_cb(void *ignored)
tor_free(tls);
}
/* TODO: It seems block_renegotiation and unblock_renegotiation and using different blags. This might not be correct */
/* TODO: It seems block_renegotiation and unblock_renegotiation and
* using different blags. This might not be correct */
static void
test_tortls_block_renegotiation(void *ignored)
{
@ -1626,7 +1654,8 @@ test_tortls_assert_renegotiation_unblocked(void *ignored)
tls->ssl = tor_malloc_zero(sizeof(SSL));
tor_tls_unblock_renegotiation(tls);
tor_tls_assert_renegotiation_unblocked(tls);
// No assertion here - this test will fail if tor_assert is turned on and things are bad.
/* No assertion here - this test will fail if tor_assert is turned on
* and things are bad. */
tor_free(tls);
}
@ -1657,7 +1686,6 @@ example_cb(tor_tls_t *t, void *arg)
(void)arg;
}
static void
test_tortls_set_renegotiate_callback(void *ignored)
{
@ -1690,7 +1718,7 @@ fake_get_cipher(unsigned ncipher)
SSL_CIPHER *fixed = tor_malloc_zero(sizeof(SSL_CIPHER));
SSL_CIPHER *fixed2 = tor_malloc_zero(sizeof(SSL_CIPHER));
fixed2->id = 0xC00A;
switch(ncipher) {
switch (ncipher) {
case 1:
return fixed;
case 2:
@ -1777,7 +1805,8 @@ test_tortls_debug_state_callback(void *ignored)
tor_tls_debug_state_callback(ssl, 32, 45);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
n = snprintf(buf, 1000, "SSL %p is now in state unknown state [type=32,val=45].\n", ssl);
n = snprintf(buf, 1000, "SSL %p is now in state unknown"
" state [type=32,val=45].\n", ssl);
buf[n]='\0';
tt_str_op(mock_saved_log_at(0), OP_EQ, buf);
@ -1812,13 +1841,15 @@ test_tortls_server_info_callback(void *ignored)
mock_clean_saved_logs();
tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n");
tt_str_op(mock_saved_log_at(0), OP_EQ,
"Couldn't look up the tls for an SSL*. How odd!\n");
SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
mock_clean_saved_logs();
tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n");
tt_str_op(mock_saved_log_at(0), OP_EQ,
"Couldn't look up the tls for an SSL*. How odd!\n");
SSL_set_state(ssl, 99);
mock_clean_saved_logs();
@ -1848,7 +1879,6 @@ test_tortls_server_info_callback(void *ignored)
tor_free(ssl);
}
static int fixed_ssl_read_result_index;
static int fixed_ssl_read_result[5];
static int fixed_ssl_shutdown_result;
@ -2069,7 +2099,6 @@ fixed_ssl_write(SSL *s, const void *buf, int len)
return fixed_ssl_write_result;
}
static void
test_tortls_write(void *ignored)
{
@ -2235,7 +2264,6 @@ test_tortls_handshake(void *ignored)
ret = tor_tls_handshake(tls);
tt_int_op(ret, OP_EQ, -9);
tls->ssl->method = method;
method->ssl_accept = fixed_ssl_accept;
fixed_ssl_accept_result = 2;
@ -2252,8 +2280,12 @@ test_tortls_handshake(void *ignored)
ret = tor_tls_handshake(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
tt_int_op(mock_saved_log_number(), OP_EQ, 2);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n");
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ,
"TLS error while handshaking: (null) (in bignum routines:"
"(null):SSLv3 write client hello B)\n");
tt_str_op(mock_saved_log_at(1), OP_EQ,
"TLS error while handshaking: (null) (in system library:"
"connect:SSLv3 write client hello B)\n");
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_INFO);
@ -2266,8 +2298,10 @@ test_tortls_handshake(void *ignored)
ret = tor_tls_handshake(tls);
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
tt_int_op(mock_saved_log_number(), OP_EQ, 2);
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n");
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n");
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: "
"(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: "
"(null) (in system library:connect:SSLv3 write client hello B)\n");
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_WARN);
tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_WARN);
@ -2372,7 +2406,7 @@ fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
(void)env;
(void)bits;
return fixed_crypto_pk_generate_key_with_bits_result[
fixed_crypto_pk_generate_key_with_bits_result_index++];
fixed_crypto_pk_generate_key_with_bits_result_index++];
}
static X509 *
@ -2388,14 +2422,15 @@ fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
(void)cname_sign;
(void)cert_lifetime;
return fixed_tor_tls_create_certificate_result[
fixed_tor_tls_create_certificate_result_index++];
fixed_tor_tls_create_certificate_result_index++];
}
static tor_x509_cert_t *
fixed_tor_x509_cert_new(X509 *x509_cert)
{
(void) x509_cert;
return fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++];
return fixed_tor_x509_cert_new_result[
fixed_tor_x509_cert_new_result_index++];
}
static void
@ -2431,7 +2466,8 @@ test_tortls_context_new(void *ignored)
ret = tor_tls_context_new(NULL, 0, 0, 0);
tt_assert(!ret);
MOCK(crypto_pk_generate_key_with_bits, fixed_crypto_pk_generate_key_with_bits);
MOCK(crypto_pk_generate_key_with_bits,
fixed_crypto_pk_generate_key_with_bits);
fixed_crypto_pk_new_result_index = 0;
fixed_crypto_pk_new_result[0] = pk1;
fixed_crypto_pk_new_result[1] = NULL;
@ -2607,7 +2643,7 @@ test_tortls_create_certificate(void *ignored)
tt_assert(!ret);
fixed_crypto_pk_get_evp_pkey_result_index = 0;
fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));;
fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));
fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
tt_assert(!ret);
@ -2656,7 +2692,6 @@ test_tortls_cert_new(void *ignored)
(void)0;
}
static void
test_tortls_cert_is_valid(void *ignored)
{
@ -2675,7 +2710,8 @@ test_tortls_cert_is_valid(void *ignored)
cert = tor_x509_cert_new(read_cert_from(validCertString));
scert = tor_x509_cert_new(read_cert_from(caCertString));
cert->cert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, time(NULL)-1000000);
cert->cert->cert_info->validity->notAfter =
ASN1_TIME_set(NULL, time(NULL)-1000000);
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
tt_int_op(ret, OP_EQ, 0);
@ -2714,7 +2750,6 @@ test_tortls_cert_is_valid(void *ignored)
(void)0;
}
static void
test_tortls_context_init_one(void *ignored)
{
@ -2733,7 +2768,7 @@ test_tortls_context_init_one(void *ignored)
UNMOCK(crypto_pk_new);
}
#define LOCAL_TEST_CASE(name, flags) \
#define LOCAL_TEST_CASE(name, flags) \
{ #name, test_tortls_##name, (flags), NULL, NULL }
struct testcase_t tortls_tests[] = {
@ -2776,7 +2811,7 @@ struct testcase_t tortls_tests[] = {
LOCAL_TEST_CASE(shutdown, 0),
LOCAL_TEST_CASE(renegotiate, 0),
LOCAL_TEST_CASE(finish_handshake, 0),
LOCAL_TEST_CASE(handshake, 0),
LOCAL_TEST_CASE(handshake, 0),
LOCAL_TEST_CASE(write, 0),
LOCAL_TEST_CASE(read, 0),
LOCAL_TEST_CASE(server_info_callback, 0),
@ -2796,3 +2831,4 @@ struct testcase_t tortls_tests[] = {
LOCAL_TEST_CASE(context_init_one, 0),
END_OF_TESTCASES
};