mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-30 15:43:32 +01:00
Fix "make check-spaces"
This commit is contained in:
parent
39901bd408
commit
b5aa257d46
@ -2734,3 +2734,4 @@ crypto_global_cleanup(void)
|
||||
}
|
||||
|
||||
/** @} */
|
||||
|
||||
|
@ -296,3 +296,4 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
|
||||
void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -111,7 +111,6 @@
|
||||
#define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
|
||||
#endif
|
||||
|
||||
|
||||
/** Return values for tor_tls_classify_client_ciphers.
|
||||
*
|
||||
* @{
|
||||
@ -130,7 +129,6 @@
|
||||
#define CIPHERS_UNRESTRICTED 3
|
||||
/** @} */
|
||||
|
||||
|
||||
/** The ex_data index in which we store a pointer to an SSL object's
|
||||
* corresponding tor_tls_t object. */
|
||||
STATIC int tor_tls_object_ex_data_index = -1;
|
||||
@ -383,7 +381,7 @@ tor_tls_init(void)
|
||||
OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
|
||||
long version = SSLeay();
|
||||
|
||||
/* LCOV_EXCL_START because we can't reasonably test these lines on the same machine */
|
||||
/* LCOV_EXCL_START : we can't test these lines on the same machine */
|
||||
if (version >= OPENSSL_V_SERIES(1,0,1)) {
|
||||
/* Warn if we could *almost* be running with much faster ECDH.
|
||||
If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
|
||||
@ -456,7 +454,7 @@ tor_x509_name_new(const char *cname)
|
||||
{
|
||||
int nid;
|
||||
X509_NAME *name;
|
||||
/* LCOV_EXCL_BR_START because these branches will only fail on out of memory errors */
|
||||
/* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */
|
||||
if (!(name = X509_NAME_new()))
|
||||
return NULL;
|
||||
if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
|
||||
@ -466,7 +464,7 @@ tor_x509_name_new(const char *cname)
|
||||
/* LCOV_EXCL_BR_STOP */
|
||||
return name;
|
||||
error:
|
||||
/* LCOV_EXCL_START because these lines will only execute on out of memory errors*/
|
||||
/* LCOV_EXCL_START : these lines will only execute on out of memory errors*/
|
||||
X509_NAME_free(name);
|
||||
return NULL;
|
||||
/* LCOV_EXCL_STOP */
|
||||
@ -516,17 +514,17 @@ MOCK_IMPL(STATIC X509 *,
|
||||
goto error;
|
||||
if (!(pkey = crypto_pk_get_evp_pkey_(rsa,0)))
|
||||
goto error;
|
||||
if (!(x509 = X509_new())) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
|
||||
if (!(x509 = X509_new()))
|
||||
goto error;
|
||||
if (!(X509_set_version(x509, 2))) /* LCOV_EXCL_BR_LINE because this can only fail when something catastrophic happens in openssl */
|
||||
if (!(X509_set_version(x509, 2)))
|
||||
goto error;
|
||||
|
||||
{ /* our serial number is 8 random bytes. */
|
||||
if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
|
||||
goto error;
|
||||
if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
|
||||
if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
|
||||
goto error;
|
||||
if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509)))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
|
||||
if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
|
||||
goto error;
|
||||
}
|
||||
|
||||
@ -676,7 +674,7 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
|
||||
|
||||
length = i2d_X509(x509_cert, &buf);
|
||||
cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
|
||||
if (length <= 0 || buf == NULL) { /* LCOV_EXCL_BR_LINE because these conditions can't be provoked without memory failures */
|
||||
if (length <= 0 || buf == NULL) {
|
||||
/* LCOV_EXCL_START for the same reason as the exclusion above */
|
||||
tor_free(cert);
|
||||
log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
|
||||
@ -1192,7 +1190,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
goto error;
|
||||
X509_free(cert); /* We just added a reference to cert. */
|
||||
cert=NULL;
|
||||
if (idcert) { /* LCOV_EXCL_BR_LINE because we can't actually get here without a valid idcert */
|
||||
if (idcert) {
|
||||
X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
|
||||
tor_assert(s);
|
||||
X509_STORE_add_cert(s, idcert);
|
||||
@ -1272,8 +1270,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
|
||||
STATIC void
|
||||
tor_tls_debug_state_callback(const SSL *ssl, int type, int val)
|
||||
{
|
||||
log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
/* LCOV_EXCL_START since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].",
|
||||
ssl, SSL_state_string_long(ssl), type, val);
|
||||
/* LCOV_EXCL_STOP */
|
||||
}
|
||||
|
||||
/* Return the name of the negotiated ciphersuite in use on <b>tls</b> */
|
||||
@ -1333,7 +1333,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
|
||||
{
|
||||
unsigned char cipherid[3];
|
||||
tor_assert(ssl);
|
||||
set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */
|
||||
set_uint16(cipherid, htons(cipher));
|
||||
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
|
||||
* with a two-byte 'cipherid', it may look for a v2
|
||||
* cipher with the appropriate 3 bytes. */
|
||||
@ -1345,7 +1345,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
|
||||
#elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
|
||||
if (m && m->get_cipher_by_char) {
|
||||
unsigned char cipherid[3];
|
||||
set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */
|
||||
set_uint16(cipherid, htons(cipher));
|
||||
cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
|
||||
* with a two-byte 'cipherid', it may look for a v2
|
||||
* cipher with the appropriate 3 bytes. */
|
||||
@ -1436,7 +1436,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
|
||||
strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) &&
|
||||
strcmp(ciphername, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) &&
|
||||
strcmp(ciphername, "(NONE)")) {
|
||||
log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername);
|
||||
// return 1;
|
||||
goto v2_or_higher;
|
||||
}
|
||||
@ -1474,9 +1474,9 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
|
||||
smartlist_add(elts, (char*)ciphername);
|
||||
}
|
||||
s = smartlist_join_strings(elts, ":", 0, NULL);
|
||||
log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s. It is: '%s'", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s. It is: '%s'",
|
||||
(res == CIPHERS_V2) ? "fictitious" : "real", ADDR(tor_tls), s);
|
||||
tor_free(s); /* LCOV_EXCL_BR_LINE since s will always be non-null here */
|
||||
tor_free(s);
|
||||
smartlist_free(elts);
|
||||
}
|
||||
done:
|
||||
@ -1555,7 +1555,7 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
|
||||
/* Don't send a hello request. */
|
||||
SSL_set_verify((SSL*) ssl, SSL_VERIFY_NONE, NULL);
|
||||
|
||||
if (tls) { /* LCOV_EXCL_BR_LINE impossible to have tls be NULL here, it's checked earlier */
|
||||
if (tls) {
|
||||
tls->wasV2Handshake = 1;
|
||||
} else {
|
||||
log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); /* LCOV_EXCL_LINE this line is not reachable */
|
||||
@ -1618,7 +1618,7 @@ tor_tls_new(int sock, int isServer)
|
||||
tor_assert(context); /* make sure somebody made it first */
|
||||
if (!(result->ssl = SSL_new(context->ctx))) {
|
||||
tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object");
|
||||
tor_free(result); /* LCOV_EXCL_BR_LINE because result can't be null here */
|
||||
tor_free(result);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -1627,7 +1627,7 @@ tor_tls_new(int sock, int isServer)
|
||||
if (!isServer) {
|
||||
char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
|
||||
SSL_set_tlsext_host_name(result->ssl, fake_hostname);
|
||||
tor_free(fake_hostname); /* LCOV_EXCL_BR_LINE because fake_hostname can't be null here */
|
||||
tor_free(fake_hostname);
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1638,7 +1638,7 @@ tor_tls_new(int sock, int isServer)
|
||||
SSL_set_tlsext_host_name(result->ssl, NULL);
|
||||
#endif
|
||||
SSL_free(result->ssl);
|
||||
tor_free(result); /* LCOV_EXCL_BR_LINE because this can't be null here */
|
||||
tor_free(result);
|
||||
goto err;
|
||||
}
|
||||
result->socket = sock;
|
||||
@ -1791,7 +1791,7 @@ tor_tls_free(tor_tls_t *tls)
|
||||
tor_tls_context_decref(tls->context);
|
||||
tor_free(tls->address);
|
||||
tls->magic = 0x99999999;
|
||||
tor_free(tls); /* LCOV_EXCL_BR_LINE because this line will not be reached if tls is NULL */
|
||||
tor_free(tls);
|
||||
}
|
||||
|
||||
/** Underlying function for TLS reading. Reads up to <b>len</b>
|
||||
@ -1812,7 +1812,7 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
|
||||
#ifdef V2_HANDSHAKE_SERVER
|
||||
if (tls->got_renegotiate) {
|
||||
/* Renegotiation happened! */
|
||||
log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls)); /* LCOV_EXCL_BR_LINE because testing the branches of ADDR feels not so useful here */
|
||||
log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
|
||||
if (tls->negotiated_callback)
|
||||
tls->negotiated_callback(tls, tls->callback_arg);
|
||||
tls->got_renegotiate = 0;
|
||||
@ -1821,13 +1821,13 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
|
||||
return r;
|
||||
}
|
||||
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
|
||||
if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) { /* LCOV_EXCL_BR_LINE err can never be TOR_TLS_CLOSE here because tor_tls_get_error will never return it with those parameters */
|
||||
log_debug(LD_NET,"read returned r=%d; TLS is closed",r); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) {
|
||||
log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
|
||||
tls->state = TOR_TLS_ST_CLOSED;
|
||||
return TOR_TLS_CLOSE;
|
||||
} else {
|
||||
tor_assert(err != TOR_TLS_DONE);
|
||||
log_debug(LD_NET,"read returned r=%d, err=%d",r,err); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_NET,"read returned r=%d, err=%d",r,err);
|
||||
return err;
|
||||
}
|
||||
}
|
||||
@ -1857,7 +1857,7 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
|
||||
if (tls->wantwrite_n) {
|
||||
/* if WANTWRITE last time, we must use the _same_ n as before */
|
||||
tor_assert(n >= tls->wantwrite_n);
|
||||
log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)",
|
||||
(int)n, (int)tls->wantwrite_n);
|
||||
n = tls->wantwrite_n;
|
||||
tls->wantwrite_n = 0;
|
||||
@ -1890,16 +1890,16 @@ tor_tls_handshake(tor_tls_t *tls)
|
||||
check_no_tls_errors();
|
||||
oldstate = SSL_state(tls->ssl);
|
||||
if (tls->isServer) {
|
||||
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
|
||||
SSL_state_string_long(tls->ssl));
|
||||
r = SSL_accept(tls->ssl);
|
||||
} else {
|
||||
log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls,
|
||||
SSL_state_string_long(tls->ssl));
|
||||
r = SSL_connect(tls->ssl);
|
||||
}
|
||||
if (oldstate != SSL_state(tls->ssl))
|
||||
log_debug(LD_HANDSHAKE, "After call, %p was in state %s", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
|
||||
tls, SSL_state_string_long(tls->ssl));
|
||||
/* We need to call this here and not earlier, since OpenSSL has a penchant
|
||||
* for clearing its flags when you say accept or connect. */
|
||||
@ -1944,7 +1944,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
|
||||
" get set. Fixing that.");
|
||||
}
|
||||
tls->wasV2Handshake = 1;
|
||||
log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting" /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting"
|
||||
" for renegotiation.");
|
||||
} else {
|
||||
tls->wasV2Handshake = 0;
|
||||
@ -1957,11 +1957,11 @@ tor_tls_finish_handshake(tor_tls_t *tls)
|
||||
STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
|
||||
int n_certs = sk_X509_num(chain);
|
||||
if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
|
||||
log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it " /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
|
||||
"looks like a v1 handshake on %p", tls);
|
||||
tls->wasV2Handshake = 0;
|
||||
} else {
|
||||
log_debug(LD_HANDSHAKE, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
|
||||
log_debug(LD_HANDSHAKE,
|
||||
"Server sent back a single certificate; looks like "
|
||||
"a v2 handshake on %p.", tls);
|
||||
tls->wasV2Handshake = 1;
|
||||
@ -2200,7 +2200,7 @@ MOCK_IMPL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *
|
||||
num_in_chain);
|
||||
return;
|
||||
}
|
||||
for (i=0; i<num_in_chain; ++i) { /* LCOV_EXCL_BR_LINE because we can never hit the case when we don't enter this loop, since num_in_chain<1 is checked above */
|
||||
for (i=0; i<num_in_chain; ++i) {
|
||||
id_cert = sk_X509_value(chain, i);
|
||||
if (X509_cmp(id_cert, cert) != 0)
|
||||
break;
|
||||
@ -2445,7 +2445,7 @@ dn_indicates_v3_cert(X509_NAME *name)
|
||||
|
||||
str = X509_NAME_ENTRY_get_data(entry);
|
||||
len = ASN1_STRING_to_UTF8(&s, str);
|
||||
if (len < 0){
|
||||
if (len < 0) {
|
||||
return 0;
|
||||
}
|
||||
r = fast_memneq(s + len - 4, ".net", 4);
|
||||
@ -2625,7 +2625,7 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
|
||||
(char*)buf, len);
|
||||
memwipe(buf, 0, sizeof(buf));
|
||||
memwipe(master_key, 0, master_key_len);
|
||||
tor_free(master_key); /* LCOV_EXCL_BR_LINE since master_key will never be NULL here */
|
||||
tor_free(master_key);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -2762,3 +2762,4 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -55,7 +55,6 @@ typedef struct tor_x509_cert_t tor_x509_cert_t;
|
||||
|
||||
#define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
|
||||
|
||||
|
||||
#ifdef TORTLS_PRIVATE
|
||||
#define TOR_TLS_MAGIC 0x71571571
|
||||
|
||||
@ -128,40 +127,45 @@ struct tor_tls_t {
|
||||
void *callback_arg;
|
||||
};
|
||||
|
||||
|
||||
STATIC int tor_errno_to_tls_error(int e);
|
||||
STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
|
||||
const char *doing, int severity, int domain);
|
||||
STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
|
||||
STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
|
||||
STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
|
||||
STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, STACK_OF(SSL_CIPHER) *peer_ciphers);
|
||||
STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
|
||||
STACK_OF(SSL_CIPHER) *peer_ciphers);
|
||||
STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
|
||||
MOCK_DECL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
|
||||
MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
|
||||
(int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
|
||||
STATIC int dn_indicates_v3_cert(X509_NAME *name);
|
||||
STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len);
|
||||
STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
|
||||
size_t len);
|
||||
STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
|
||||
STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
|
||||
STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
|
||||
STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher);
|
||||
STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
|
||||
int *secret_len,
|
||||
STACK_OF(SSL_CIPHER) *peer_ciphers,
|
||||
SSL_CIPHER **cipher, void *arg);
|
||||
STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
|
||||
uint16_t cipher);
|
||||
MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
|
||||
crypto_pk_t *rsa_sign,
|
||||
const char *cname,
|
||||
const char *cname_sign,
|
||||
unsigned int cert_lifetime));
|
||||
STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client);
|
||||
unsigned int cert_lifetime));
|
||||
STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
|
||||
unsigned int key_lifetime, unsigned flags, int is_client);
|
||||
MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
|
||||
STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
|
||||
crypto_pk_t *identity,
|
||||
unsigned int key_lifetime,
|
||||
unsigned int flags,
|
||||
int is_client);
|
||||
STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing);
|
||||
STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain,
|
||||
const char *doing);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
|
||||
const char *tor_tls_err_to_string(int err);
|
||||
void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
|
||||
|
||||
@ -254,3 +258,4 @@ const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
|
||||
int evaluate_ecgroup_for_tls(const char *ecgroup);
|
||||
|
||||
#endif
|
||||
|
||||
|
@ -1218,3 +1218,4 @@ struct testgroup_t testgroups[] = {
|
||||
{ "dns/", dns_tests },
|
||||
END_OF_GROUPS
|
||||
};
|
||||
|
||||
|
@ -500,7 +500,7 @@ NS(test_main)(void *arg)
|
||||
tt_int_op(smartlist_len(set->policies), OP_NE, 0);
|
||||
tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
|
||||
|
||||
done:
|
||||
done:
|
||||
routerset_free(set);
|
||||
}
|
||||
|
||||
@ -547,7 +547,7 @@ NS(test_main)(void *arg)
|
||||
tt_int_op(smartlist_len(set->policies), OP_NE, 0);
|
||||
tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
|
||||
|
||||
done:
|
||||
done:
|
||||
routerset_free(set);
|
||||
}
|
||||
|
||||
|
@ -41,12 +41,17 @@ static void
|
||||
test_tortls_errno_to_tls_error(void *data)
|
||||
{
|
||||
(void) data;
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,TOR_TLS_ERROR_CONNRESET);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,TOR_TLS_ERROR_TIMEOUT);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,TOR_TLS_ERROR_CONNREFUSED);
|
||||
tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,
|
||||
TOR_TLS_ERROR_CONNRESET);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,
|
||||
TOR_TLS_ERROR_TIMEOUT);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,
|
||||
TOR_TLS_ERROR_NO_ROUTE);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,
|
||||
TOR_TLS_ERROR_NO_ROUTE);
|
||||
tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,
|
||||
TOR_TLS_ERROR_CONNREFUSED);
|
||||
tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
|
||||
done:
|
||||
(void)1;
|
||||
}
|
||||
@ -55,17 +60,21 @@ static void
|
||||
test_tortls_err_to_string(void *data)
|
||||
{
|
||||
(void) data;
|
||||
tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,"connection refused");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,"connection reset");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,"host unreachable");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,"connection timed out");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
|
||||
tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
|
||||
tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,
|
||||
"connection refused");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,
|
||||
"connection reset");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,
|
||||
"host unreachable");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,
|
||||
"connection timed out");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
|
||||
tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
|
||||
tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
|
||||
done:
|
||||
(void)1;
|
||||
}
|
||||
@ -82,28 +91,27 @@ static void
|
||||
test_tortls_tor_tls_new(void *data)
|
||||
{
|
||||
(void) data;
|
||||
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
|
||||
crypto_pk_t *key1 = NULL, *key2 = NULL;
|
||||
key1 = pk_generate(2);
|
||||
key2 = pk_generate(3);
|
||||
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
|
||||
crypto_pk_t *key1 = NULL, *key2 = NULL;
|
||||
key1 = pk_generate(2);
|
||||
key2 = pk_generate(3);
|
||||
|
||||
tor_tls_t *tls;
|
||||
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
|
||||
key1, key2, 86400), OP_EQ, 0);
|
||||
tls = tor_tls_new(-1, 0);
|
||||
tt_want(tls);
|
||||
tor_tls_t *tls;
|
||||
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
|
||||
key1, key2, 86400), OP_EQ, 0);
|
||||
tls = tor_tls_new(-1, 0);
|
||||
tt_want(tls);
|
||||
|
||||
client_tls_context->ctx = NULL;
|
||||
tls = tor_tls_new(-1, 0);
|
||||
tt_assert(!tls);
|
||||
|
||||
client_tls_context->ctx = NULL;
|
||||
tls = tor_tls_new(-1, 0);
|
||||
tt_assert(!tls);
|
||||
|
||||
SSL_METHOD *method = give_me_a_test_method();
|
||||
SSL_CTX *ctx = SSL_CTX_new(method);
|
||||
method->num_ciphers = fake_num_ciphers;
|
||||
client_tls_context->ctx = ctx;
|
||||
tls = tor_tls_new(-1, 0);
|
||||
tt_assert(!tls);
|
||||
SSL_METHOD *method = give_me_a_test_method();
|
||||
SSL_CTX *ctx = SSL_CTX_new(method);
|
||||
method->num_ciphers = fake_num_ciphers;
|
||||
client_tls_context->ctx = ctx;
|
||||
tls = tor_tls_new(-1, 0);
|
||||
tt_assert(!tls);
|
||||
|
||||
done:
|
||||
UNMOCK(tor_tls_cert_matches_key);
|
||||
@ -113,40 +121,41 @@ test_tortls_tor_tls_new(void *data)
|
||||
|
||||
#define NS_MODULE tortls
|
||||
NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
|
||||
const char *funcname, const char *suffix, const char *format, va_list ap));
|
||||
const char *funcname, const char *suffix,
|
||||
const char *format, va_list ap));
|
||||
|
||||
static void
|
||||
NS(logv)(int severity, log_domain_mask_t domain,
|
||||
const char *funcname, const char *suffix, const char *format,
|
||||
va_list ap)
|
||||
const char *funcname, const char *suffix, const char *format,
|
||||
va_list ap)
|
||||
{
|
||||
(void) severity;
|
||||
(void) domain;
|
||||
(void) funcname;
|
||||
(void) suffix;
|
||||
(void) format;
|
||||
(void) ap; // XXXX look at this.
|
||||
CALLED(logv)++;
|
||||
(void) severity;
|
||||
(void) domain;
|
||||
(void) funcname;
|
||||
(void) suffix;
|
||||
(void) format;
|
||||
(void) ap; // XXXX look at this.
|
||||
CALLED(logv)++;
|
||||
}
|
||||
|
||||
static void
|
||||
test_tortls_tor_tls_get_error(void *data)
|
||||
{
|
||||
(void) data;
|
||||
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
|
||||
crypto_pk_t *key1 = NULL, *key2 = NULL;
|
||||
key1 = pk_generate(2);
|
||||
key2 = pk_generate(3);
|
||||
MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
|
||||
crypto_pk_t *key1 = NULL, *key2 = NULL;
|
||||
key1 = pk_generate(2);
|
||||
key2 = pk_generate(3);
|
||||
|
||||
tor_tls_t *tls;
|
||||
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
|
||||
key1, key2, 86400), OP_EQ, 0);
|
||||
tls = tor_tls_new(-1, 0);
|
||||
NS_MOCK(logv);
|
||||
tt_int_op(CALLED(logv), OP_EQ, 0);
|
||||
tor_tls_get_error(tls, 0, 0,
|
||||
(const char *)"test", 0, 0);
|
||||
tt_int_op(CALLED(logv), OP_EQ, 1);
|
||||
tor_tls_t *tls;
|
||||
tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
|
||||
key1, key2, 86400), OP_EQ, 0);
|
||||
tls = tor_tls_new(-1, 0);
|
||||
NS_MOCK(logv);
|
||||
tt_int_op(CALLED(logv), OP_EQ, 0);
|
||||
tor_tls_get_error(tls, 0, 0,
|
||||
(const char *)"test", 0, 0);
|
||||
tt_int_op(CALLED(logv), OP_EQ, 1);
|
||||
|
||||
done:
|
||||
UNMOCK(tor_tls_cert_matches_key);
|
||||
@ -284,58 +293,68 @@ test_tortls_log_one_error(void *ignored)
|
||||
|
||||
tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in (null):(null):---)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: "
|
||||
"(null) (in (null):(null):---)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) (in (null):(null):---)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) "
|
||||
"(in (null):(null):---)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tls->address = tor_strdup("127.hello");
|
||||
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):---)\n");
|
||||
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) "
|
||||
"(in (null):(null):---)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tls->address = tor_strdup("127.hello");
|
||||
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with 127.hello: (null) (in (null):(null):---)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with "
|
||||
"127.hello: (null) (in (null):(null):---)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: BN lib (in unknown library:(null):---)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: "
|
||||
"BN lib (in unknown library:(null):---)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), LOG_WARN, 0, NULL);
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
|
||||
LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST), LOG_WARN, 0, NULL);
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
|
||||
LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH), LOG_WARN, 0, NULL);
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
|
||||
LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE), LOG_WARN, 0, NULL);
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
|
||||
LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL), LOG_WARN, 0, NULL);
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
|
||||
LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL), LOG_WARN, 0, NULL);
|
||||
tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
|
||||
LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
|
||||
@ -344,7 +363,8 @@ test_tortls_log_one_error(void *ignored)
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):before/accept initialization)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null)"
|
||||
" (in (null):(null):before/accept initialization)\n");
|
||||
|
||||
done:
|
||||
teardown_capture_of_logs(previous_log);
|
||||
@ -373,7 +393,8 @@ test_tortls_get_error(void *ignored)
|
||||
ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
|
||||
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while something (before/accept initialization)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while"
|
||||
" something (before/accept initialization)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
|
||||
@ -391,7 +412,8 @@ test_tortls_get_error(void *ignored)
|
||||
ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
|
||||
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in bignum routines:(null):before/accept initialization)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null)"
|
||||
" (in bignum routines:(null):before/accept initialization)\n");
|
||||
|
||||
mock_clean_saved_logs();
|
||||
ERR_clear_error();
|
||||
@ -409,7 +431,6 @@ test_tortls_get_error(void *ignored)
|
||||
tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 0);
|
||||
|
||||
|
||||
mock_clean_saved_logs();
|
||||
ERR_clear_error();
|
||||
tls->ssl->rwstate = 0;
|
||||
@ -429,7 +450,9 @@ test_tortls_get_error(void *ignored)
|
||||
ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
|
||||
tt_int_op(ret, OP_EQ, -9);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 2);
|
||||
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while something: (null) (in system library:connect:before/accept initialization)\n");
|
||||
tt_str_op(mock_saved_log_at(1), OP_EQ,
|
||||
"TLS error while something: (null) (in system library:"
|
||||
"connect:before/accept initialization)\n");
|
||||
|
||||
done:
|
||||
teardown_capture_of_logs(previous_log);
|
||||
@ -449,7 +472,6 @@ test_tortls_always_accept_verify_cb(void *ignored)
|
||||
(void)0;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
test_tortls_x509_cert_free(void *ignored)
|
||||
{
|
||||
@ -639,7 +661,6 @@ test_tortls_get_my_certs(void *ignored)
|
||||
ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
|
||||
|
||||
done:
|
||||
(void)1;
|
||||
}
|
||||
@ -685,7 +706,7 @@ get_cipher_by_id(uint16_t id)
|
||||
int num = method->num_ciphers();
|
||||
for (i = 0; i < num; ++i) {
|
||||
const SSL_CIPHER *cipher = method->get_cipher(i);
|
||||
if(id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
|
||||
if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
|
||||
return (SSL_CIPHER *)cipher;
|
||||
}
|
||||
}
|
||||
@ -778,7 +799,7 @@ test_tortls_classify_client_ciphers(void *ignored)
|
||||
tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
|
||||
|
||||
sk_SSL_CIPHER_zero(ciphers);
|
||||
for(i=0; v2_cipher_list[i]; i++) {
|
||||
for (i=0; v2_cipher_list[i]; i++) {
|
||||
tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
|
||||
tt_assert(tmp_cipher);
|
||||
sk_SSL_CIPHER_push(ciphers, tmp_cipher);
|
||||
@ -788,7 +809,6 @@ test_tortls_classify_client_ciphers(void *ignored)
|
||||
tt_int_op(ret, OP_EQ, 2);
|
||||
tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
|
||||
|
||||
|
||||
done:
|
||||
(void)1;
|
||||
}
|
||||
@ -815,7 +835,6 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
|
||||
ret = tor_tls_client_is_using_v2_ciphers(ssl);
|
||||
tt_int_op(ret, OP_EQ, -1);
|
||||
|
||||
|
||||
ssl->session = sess;
|
||||
ret = tor_tls_client_is_using_v2_ciphers(ssl);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
@ -846,7 +865,8 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
|
||||
*id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
|
||||
}
|
||||
|
||||
static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n"
|
||||
static const char* notCompletelyValidCertString =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
"MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
|
||||
"A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
|
||||
"MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
|
||||
@ -862,7 +882,6 @@ static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n
|
||||
"evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
|
||||
static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
|
||||
"MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
|
||||
"VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
|
||||
@ -936,7 +955,8 @@ test_tortls_verify(void *ignored)
|
||||
int ret;
|
||||
tor_tls_t *tls;
|
||||
crypto_pk_t *k = NULL;
|
||||
X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL, *validCert = NULL, *caCert = NULL;
|
||||
X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
|
||||
*validCert = NULL, *caCert = NULL;
|
||||
|
||||
cert1 = tor_malloc_zero(sizeof(X509));
|
||||
cert1->references = 10;
|
||||
@ -1123,38 +1143,45 @@ test_tortls_dn_indicates_v3_cert(void *ignored)
|
||||
X509_NAME *name;
|
||||
|
||||
name = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char *)"Foobar", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
|
||||
(const unsigned char *)"US", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
|
||||
(const unsigned char *)"Foobar", -1, -1, 0);
|
||||
ret = dn_indicates_v3_cert(name);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
X509_NAME_free(name);
|
||||
name = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
|
||||
(const unsigned char *)"US", -1, -1, 0);
|
||||
ret = dn_indicates_v3_cert(name);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
X509_NAME_free(name);
|
||||
name = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL, (const unsigned char *)"123", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL,
|
||||
(const unsigned char *)"123", -1, -1, 0);
|
||||
ret = dn_indicates_v3_cert(name);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
|
||||
X509_NAME_free(name);
|
||||
name = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.com", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"hello.com", -1, -1, 0);
|
||||
ret = dn_indicates_v3_cert(name);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
X509_NAME_free(name);
|
||||
name = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.net", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"hello.net", -1, -1, 0);
|
||||
ret = dn_indicates_v3_cert(name);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
|
||||
X509_NAME_free(name);
|
||||
name = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"x.s", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"x.s", -1, -1, 0);
|
||||
ret = dn_indicates_v3_cert(name);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
@ -1181,44 +1208,46 @@ test_tortls_received_v3_certificate(void *ignored)
|
||||
tls->ssl->session->peer = validCert;
|
||||
|
||||
subject = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"same.com", -1, -1, 0);
|
||||
X509_set_subject_name(validCert, subject);
|
||||
|
||||
issuer = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"same.com", -1, -1, 0);
|
||||
X509_set_issuer_name(validCert, issuer);
|
||||
|
||||
ret = tor_tls_received_v3_certificate(tls);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
|
||||
X509_NAME_free(subject);
|
||||
subject = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"different.net", -1, -1, 0);
|
||||
X509_set_subject_name(validCert, subject);
|
||||
|
||||
ret = tor_tls_received_v3_certificate(tls);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
|
||||
|
||||
X509_NAME_free(subject);
|
||||
subject = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"same.com", -1, -1, 0);
|
||||
X509_set_subject_name(validCert, subject);
|
||||
|
||||
X509_NAME_free(issuer);
|
||||
issuer = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"different.net", -1, -1, 0);
|
||||
X509_set_issuer_name(validCert, issuer);
|
||||
|
||||
ret = tor_tls_received_v3_certificate(tls);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
|
||||
X509_NAME_free(subject);
|
||||
subject = X509_NAME_new();
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different2.net", -1, -1, 0);
|
||||
X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
|
||||
(const unsigned char *)"different2.net", -1, -1, 0);
|
||||
X509_set_subject_name(validCert, subject);
|
||||
ret = tor_tls_received_v3_certificate(tls);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
@ -1233,7 +1262,6 @@ test_tortls_received_v3_certificate(void *ignored)
|
||||
ret = tor_tls_received_v3_certificate(tls);
|
||||
tt_int_op(ret, OP_EQ, 1);
|
||||
|
||||
|
||||
done:
|
||||
X509_NAME_free(subject);
|
||||
X509_NAME_free(issuer);
|
||||
@ -1405,18 +1433,18 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored)
|
||||
|
||||
typedef struct cert_pkey_st_local
|
||||
{
|
||||
X509 *x509;
|
||||
EVP_PKEY *privatekey;
|
||||
const EVP_MD *digest;
|
||||
X509 *x509;
|
||||
EVP_PKEY *privatekey;
|
||||
const EVP_MD *digest;
|
||||
} CERT_PKEY_local;
|
||||
|
||||
typedef struct sess_cert_st_local
|
||||
{
|
||||
STACK_OF(X509) *cert_chain;
|
||||
int peer_cert_type;
|
||||
CERT_PKEY_local *peer_key;
|
||||
CERT_PKEY_local peer_pkeys[8];
|
||||
int references;
|
||||
STACK_OF(X509) *cert_chain;
|
||||
int peer_cert_type;
|
||||
CERT_PKEY_local *peer_key;
|
||||
CERT_PKEY_local peer_pkeys[8];
|
||||
int references;
|
||||
} SESS_CERT_local;
|
||||
|
||||
static void
|
||||
@ -1577,8 +1605,8 @@ test_tortls_session_secret_cb(void *ignored)
|
||||
tor_free(tls);
|
||||
}
|
||||
|
||||
|
||||
/* TODO: It seems block_renegotiation and unblock_renegotiation and using different blags. This might not be correct */
|
||||
/* TODO: It seems block_renegotiation and unblock_renegotiation and
|
||||
* using different blags. This might not be correct */
|
||||
static void
|
||||
test_tortls_block_renegotiation(void *ignored)
|
||||
{
|
||||
@ -1626,7 +1654,8 @@ test_tortls_assert_renegotiation_unblocked(void *ignored)
|
||||
tls->ssl = tor_malloc_zero(sizeof(SSL));
|
||||
tor_tls_unblock_renegotiation(tls);
|
||||
tor_tls_assert_renegotiation_unblocked(tls);
|
||||
// No assertion here - this test will fail if tor_assert is turned on and things are bad.
|
||||
/* No assertion here - this test will fail if tor_assert is turned on
|
||||
* and things are bad. */
|
||||
|
||||
tor_free(tls);
|
||||
}
|
||||
@ -1657,7 +1686,6 @@ example_cb(tor_tls_t *t, void *arg)
|
||||
(void)arg;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
test_tortls_set_renegotiate_callback(void *ignored)
|
||||
{
|
||||
@ -1690,7 +1718,7 @@ fake_get_cipher(unsigned ncipher)
|
||||
SSL_CIPHER *fixed = tor_malloc_zero(sizeof(SSL_CIPHER));
|
||||
SSL_CIPHER *fixed2 = tor_malloc_zero(sizeof(SSL_CIPHER));
|
||||
fixed2->id = 0xC00A;
|
||||
switch(ncipher) {
|
||||
switch (ncipher) {
|
||||
case 1:
|
||||
return fixed;
|
||||
case 2:
|
||||
@ -1777,7 +1805,8 @@ test_tortls_debug_state_callback(void *ignored)
|
||||
|
||||
tor_tls_debug_state_callback(ssl, 32, 45);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
n = snprintf(buf, 1000, "SSL %p is now in state unknown state [type=32,val=45].\n", ssl);
|
||||
n = snprintf(buf, 1000, "SSL %p is now in state unknown"
|
||||
" state [type=32,val=45].\n", ssl);
|
||||
buf[n]='\0';
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, buf);
|
||||
|
||||
@ -1812,13 +1841,15 @@ test_tortls_server_info_callback(void *ignored)
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ,
|
||||
"Couldn't look up the tls for an SSL*. How odd!\n");
|
||||
|
||||
SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
|
||||
mock_clean_saved_logs();
|
||||
tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 1);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ,
|
||||
"Couldn't look up the tls for an SSL*. How odd!\n");
|
||||
|
||||
SSL_set_state(ssl, 99);
|
||||
mock_clean_saved_logs();
|
||||
@ -1848,7 +1879,6 @@ test_tortls_server_info_callback(void *ignored)
|
||||
tor_free(ssl);
|
||||
}
|
||||
|
||||
|
||||
static int fixed_ssl_read_result_index;
|
||||
static int fixed_ssl_read_result[5];
|
||||
static int fixed_ssl_shutdown_result;
|
||||
@ -2069,7 +2099,6 @@ fixed_ssl_write(SSL *s, const void *buf, int len)
|
||||
return fixed_ssl_write_result;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
test_tortls_write(void *ignored)
|
||||
{
|
||||
@ -2235,7 +2264,6 @@ test_tortls_handshake(void *ignored)
|
||||
ret = tor_tls_handshake(tls);
|
||||
tt_int_op(ret, OP_EQ, -9);
|
||||
|
||||
|
||||
tls->ssl->method = method;
|
||||
method->ssl_accept = fixed_ssl_accept;
|
||||
fixed_ssl_accept_result = 2;
|
||||
@ -2252,8 +2280,12 @@ test_tortls_handshake(void *ignored)
|
||||
ret = tor_tls_handshake(tls);
|
||||
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 2);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n");
|
||||
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ,
|
||||
"TLS error while handshaking: (null) (in bignum routines:"
|
||||
"(null):SSLv3 write client hello B)\n");
|
||||
tt_str_op(mock_saved_log_at(1), OP_EQ,
|
||||
"TLS error while handshaking: (null) (in system library:"
|
||||
"connect:SSLv3 write client hello B)\n");
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
|
||||
tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_INFO);
|
||||
|
||||
@ -2266,8 +2298,10 @@ test_tortls_handshake(void *ignored)
|
||||
ret = tor_tls_handshake(tls);
|
||||
tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
|
||||
tt_int_op(mock_saved_log_number(), OP_EQ, 2);
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n");
|
||||
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n");
|
||||
tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: "
|
||||
"(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
|
||||
tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: "
|
||||
"(null) (in system library:connect:SSLv3 write client hello B)\n");
|
||||
tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_WARN);
|
||||
tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_WARN);
|
||||
|
||||
@ -2372,7 +2406,7 @@ fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
|
||||
(void)env;
|
||||
(void)bits;
|
||||
return fixed_crypto_pk_generate_key_with_bits_result[
|
||||
fixed_crypto_pk_generate_key_with_bits_result_index++];
|
||||
fixed_crypto_pk_generate_key_with_bits_result_index++];
|
||||
}
|
||||
|
||||
static X509 *
|
||||
@ -2388,14 +2422,15 @@ fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
|
||||
(void)cname_sign;
|
||||
(void)cert_lifetime;
|
||||
return fixed_tor_tls_create_certificate_result[
|
||||
fixed_tor_tls_create_certificate_result_index++];
|
||||
fixed_tor_tls_create_certificate_result_index++];
|
||||
}
|
||||
|
||||
static tor_x509_cert_t *
|
||||
fixed_tor_x509_cert_new(X509 *x509_cert)
|
||||
{
|
||||
(void) x509_cert;
|
||||
return fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++];
|
||||
return fixed_tor_x509_cert_new_result[
|
||||
fixed_tor_x509_cert_new_result_index++];
|
||||
}
|
||||
|
||||
static void
|
||||
@ -2431,7 +2466,8 @@ test_tortls_context_new(void *ignored)
|
||||
ret = tor_tls_context_new(NULL, 0, 0, 0);
|
||||
tt_assert(!ret);
|
||||
|
||||
MOCK(crypto_pk_generate_key_with_bits, fixed_crypto_pk_generate_key_with_bits);
|
||||
MOCK(crypto_pk_generate_key_with_bits,
|
||||
fixed_crypto_pk_generate_key_with_bits);
|
||||
fixed_crypto_pk_new_result_index = 0;
|
||||
fixed_crypto_pk_new_result[0] = pk1;
|
||||
fixed_crypto_pk_new_result[1] = NULL;
|
||||
@ -2607,7 +2643,7 @@ test_tortls_create_certificate(void *ignored)
|
||||
tt_assert(!ret);
|
||||
|
||||
fixed_crypto_pk_get_evp_pkey_result_index = 0;
|
||||
fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));;
|
||||
fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));
|
||||
fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
|
||||
ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
|
||||
tt_assert(!ret);
|
||||
@ -2656,7 +2692,6 @@ test_tortls_cert_new(void *ignored)
|
||||
(void)0;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
test_tortls_cert_is_valid(void *ignored)
|
||||
{
|
||||
@ -2675,7 +2710,8 @@ test_tortls_cert_is_valid(void *ignored)
|
||||
|
||||
cert = tor_x509_cert_new(read_cert_from(validCertString));
|
||||
scert = tor_x509_cert_new(read_cert_from(caCertString));
|
||||
cert->cert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, time(NULL)-1000000);
|
||||
cert->cert->cert_info->validity->notAfter =
|
||||
ASN1_TIME_set(NULL, time(NULL)-1000000);
|
||||
ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
|
||||
tt_int_op(ret, OP_EQ, 0);
|
||||
|
||||
@ -2714,7 +2750,6 @@ test_tortls_cert_is_valid(void *ignored)
|
||||
(void)0;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
test_tortls_context_init_one(void *ignored)
|
||||
{
|
||||
@ -2733,7 +2768,7 @@ test_tortls_context_init_one(void *ignored)
|
||||
UNMOCK(crypto_pk_new);
|
||||
}
|
||||
|
||||
#define LOCAL_TEST_CASE(name, flags) \
|
||||
#define LOCAL_TEST_CASE(name, flags) \
|
||||
{ #name, test_tortls_##name, (flags), NULL, NULL }
|
||||
|
||||
struct testcase_t tortls_tests[] = {
|
||||
@ -2776,7 +2811,7 @@ struct testcase_t tortls_tests[] = {
|
||||
LOCAL_TEST_CASE(shutdown, 0),
|
||||
LOCAL_TEST_CASE(renegotiate, 0),
|
||||
LOCAL_TEST_CASE(finish_handshake, 0),
|
||||
LOCAL_TEST_CASE(handshake, 0),
|
||||
LOCAL_TEST_CASE(handshake, 0),
|
||||
LOCAL_TEST_CASE(write, 0),
|
||||
LOCAL_TEST_CASE(read, 0),
|
||||
LOCAL_TEST_CASE(server_info_callback, 0),
|
||||
@ -2796,3 +2831,4 @@ struct testcase_t tortls_tests[] = {
|
||||
LOCAL_TEST_CASE(context_init_one, 0),
|
||||
END_OF_TESTCASES
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user