Add conditional unit testing interface.
Don't call internal functions directly call them through SSL_test_functions(). This also makes unit testing work on Windows and platforms that don't export internal functions from shared libraries. By default unit testing is not enabled: it requires the compile time option "enable-unit-test". Reviewed-by: Geoff Thorpe <geoff@openssl.org>
This commit is contained in:
parent
8e55e6de45
commit
e0fc7961c4
9 changed files with 108 additions and 4 deletions
|
@ -736,6 +736,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental
|
||||||
"shared" => "default",
|
"shared" => "default",
|
||||||
"ssl-trace" => "default",
|
"ssl-trace" => "default",
|
||||||
"store" => "experimental",
|
"store" => "experimental",
|
||||||
|
"unit-test" => "default",
|
||||||
"zlib" => "default",
|
"zlib" => "default",
|
||||||
"zlib-dynamic" => "default"
|
"zlib-dynamic" => "default"
|
||||||
);
|
);
|
||||||
|
|
|
@ -30,7 +30,7 @@ LIBSRC= \
|
||||||
ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
|
ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
|
||||||
ssl_ciph.c ssl_stat.c ssl_rsa.c \
|
ssl_ciph.c ssl_stat.c ssl_rsa.c \
|
||||||
ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
|
ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \
|
||||||
bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c
|
bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c
|
||||||
LIBOBJ= \
|
LIBOBJ= \
|
||||||
s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
|
s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
|
||||||
s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
|
s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
|
||||||
|
@ -41,7 +41,7 @@ LIBOBJ= \
|
||||||
ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
|
ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
|
||||||
ssl_ciph.o ssl_stat.o ssl_rsa.o \
|
ssl_ciph.o ssl_stat.o ssl_rsa.o \
|
||||||
ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
|
ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \
|
||||||
bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o
|
bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o
|
||||||
|
|
||||||
SRC= $(LIBSRC)
|
SRC= $(LIBSRC)
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,8 @@
|
||||||
* http://mike-bland.com/tags/heartbleed.html
|
* http://mike-bland.com/tags/heartbleed.html
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#define OPENSSL_UNIT_TEST
|
||||||
|
|
||||||
#include "../ssl/ssl_locl.h"
|
#include "../ssl/ssl_locl.h"
|
||||||
|
|
||||||
#include "testutil.h"
|
#include "testutil.h"
|
||||||
|
@ -46,7 +48,7 @@
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_SYS_WINDOWS)
|
#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST)
|
||||||
|
|
||||||
/* As per https://tools.ietf.org/html/rfc6520#section-4 */
|
/* As per https://tools.ietf.org/html/rfc6520#section-4 */
|
||||||
#define MIN_PADDING_SIZE 16
|
#define MIN_PADDING_SIZE 16
|
||||||
|
|
|
@ -2570,6 +2570,10 @@ int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx))(SSL *s, SSL_CTX *ctx, i
|
||||||
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
|
void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
|
||||||
void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
|
void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_UNIT_TEST
|
||||||
|
const struct openssl_ssl_test_functions *SSL_test_functions(void);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* BEGIN ERROR CODES */
|
/* BEGIN ERROR CODES */
|
||||||
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
/* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||||
* made after this point may be overwritten when the script is next run.
|
* made after this point may be overwritten when the script is next run.
|
||||||
|
|
|
@ -971,6 +971,16 @@ const SSL_METHOD *func_name(void) \
|
||||||
return &func_name##_data; \
|
return &func_name##_data; \
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct openssl_ssl_test_functions
|
||||||
|
{
|
||||||
|
int (*p_ssl_init_wbio_buffer)(SSL *s, int push);
|
||||||
|
int (*p_ssl3_setup_buffers)(SSL *s);
|
||||||
|
int (*p_tls1_process_heartbeat)(SSL *s);
|
||||||
|
int (*p_dtls1_process_heartbeat)(SSL *s);
|
||||||
|
};
|
||||||
|
|
||||||
|
#ifndef OPENSSL_UNIT_TEST
|
||||||
|
|
||||||
void ssl_clear_cipher_ctx(SSL *s);
|
void ssl_clear_cipher_ctx(SSL *s);
|
||||||
int ssl_clear_bad_session(SSL *s);
|
int ssl_clear_bad_session(SSL *s);
|
||||||
CERT *ssl_cert_new(void);
|
CERT *ssl_cert_new(void);
|
||||||
|
@ -1380,5 +1390,12 @@ void ssl3_cbc_digest_record(
|
||||||
void tls_fips_digest_extra(
|
void tls_fips_digest_extra(
|
||||||
const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
|
const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
|
||||||
const unsigned char *data, size_t data_len, size_t orig_len);
|
const unsigned char *data, size_t data_len, size_t orig_len);
|
||||||
|
#else
|
||||||
|
|
||||||
|
#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
|
||||||
|
#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
|
||||||
|
#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat
|
||||||
|
#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
|
|
73
ssl/ssl_utst.c
Normal file
73
ssl/ssl_utst.c
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
/* ssl_utst.c */
|
||||||
|
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
|
||||||
|
* project.
|
||||||
|
*/
|
||||||
|
/* ====================================================================
|
||||||
|
* Copyright (c) 2014 The OpenSSL Project. All rights reserved.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* 1. Redistributions of source code must retain the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
* notice, this list of conditions and the following disclaimer in
|
||||||
|
* the documentation and/or other materials provided with the
|
||||||
|
* distribution.
|
||||||
|
*
|
||||||
|
* 3. All advertising materials mentioning features or use of this
|
||||||
|
* software must display the following acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
||||||
|
*
|
||||||
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
||||||
|
* endorse or promote products derived from this software without
|
||||||
|
* prior written permission. For written permission, please contact
|
||||||
|
* openssl-core@openssl.org.
|
||||||
|
*
|
||||||
|
* 5. Products derived from this software may not be called "OpenSSL"
|
||||||
|
* nor may "OpenSSL" appear in their names without prior written
|
||||||
|
* permission of the OpenSSL Project.
|
||||||
|
*
|
||||||
|
* 6. Redistributions of any form whatsoever must retain the following
|
||||||
|
* acknowledgment:
|
||||||
|
* "This product includes software developed by the OpenSSL Project
|
||||||
|
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
||||||
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
||||||
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||||
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||||
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||||
|
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "ssl_locl.h"
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_UNIT_TEST
|
||||||
|
|
||||||
|
|
||||||
|
static const struct openssl_ssl_test_functions ssl_test_functions =
|
||||||
|
{
|
||||||
|
ssl_init_wbio_buffer,
|
||||||
|
ssl3_setup_buffers,
|
||||||
|
tls1_process_heartbeat,
|
||||||
|
dtls1_process_heartbeat
|
||||||
|
};
|
||||||
|
|
||||||
|
const struct openssl_ssl_test_functions *SSL_test_functions(void)
|
||||||
|
{
|
||||||
|
return &ssl_test_functions;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif
|
|
@ -1465,6 +1465,7 @@ sub read_options
|
||||||
"no-zlib" => 0,
|
"no-zlib" => 0,
|
||||||
"no-zlib-dynamic" => 0,
|
"no-zlib-dynamic" => 0,
|
||||||
"no-ssl-trace" => 0,
|
"no-ssl-trace" => 0,
|
||||||
|
"no-unit-test" => 0,
|
||||||
"fips" => \$fips,
|
"fips" => \$fips,
|
||||||
"fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
|
"fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
|
||||||
"fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
|
"fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly],
|
||||||
|
|
|
@ -119,7 +119,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
|
||||||
# SCTP
|
# SCTP
|
||||||
"SCTP",
|
"SCTP",
|
||||||
# SSL TRACE
|
# SSL TRACE
|
||||||
"SSL_TRACE");
|
"SSL_TRACE",
|
||||||
|
# Unit testing
|
||||||
|
"UNIT_TEST");
|
||||||
|
|
||||||
my $options="";
|
my $options="";
|
||||||
open(IN,"<Makefile") || die "unable to open Makefile!\n";
|
open(IN,"<Makefile") || die "unable to open Makefile!\n";
|
||||||
|
@ -140,6 +142,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
|
||||||
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
|
my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
|
||||||
my $no_jpake; my $no_ssl2; my $no_ec2m; my $no_nextprotoneg;
|
my $no_jpake; my $no_ssl2; my $no_ec2m; my $no_nextprotoneg;
|
||||||
my $no_srp; my $no_nistp_gcc; my $no_sctp; my $no_ssl_trace;
|
my $no_srp; my $no_nistp_gcc; my $no_sctp; my $no_ssl_trace;
|
||||||
|
my $no_unit_test;
|
||||||
|
|
||||||
my $fips;
|
my $fips;
|
||||||
|
|
||||||
|
@ -239,6 +242,7 @@ foreach (@ARGV, split(/ /, $options))
|
||||||
elsif (/^no-jpake$/) { $no_jpake=1; }
|
elsif (/^no-jpake$/) { $no_jpake=1; }
|
||||||
elsif (/^no-srp$/) { $no_srp=1; }
|
elsif (/^no-srp$/) { $no_srp=1; }
|
||||||
elsif (/^no-sctp$/) { $no_sctp=1; }
|
elsif (/^no-sctp$/) { $no_sctp=1; }
|
||||||
|
elsif (/^no-unit-test$/){ $no_unit_test=1; }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1208,6 +1212,7 @@ sub is_valid
|
||||||
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
|
if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
|
||||||
if ($keyword eq "SRP" && $no_srp) { return 0; }
|
if ($keyword eq "SRP" && $no_srp) { return 0; }
|
||||||
if ($keyword eq "SCTP" && $no_sctp) { return 0; }
|
if ($keyword eq "SCTP" && $no_sctp) { return 0; }
|
||||||
|
if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; }
|
||||||
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
|
if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
|
||||||
|
|
||||||
# Nothing recognise as true
|
# Nothing recognise as true
|
||||||
|
|
|
@ -181,6 +181,7 @@ SSL_get_verify_depth 229 EXIST::FUNCTION:
|
||||||
SSL_CTX_set_session_id_context 231 EXIST::FUNCTION:
|
SSL_CTX_set_session_id_context 231 EXIST::FUNCTION:
|
||||||
SSL_CTX_set_cert_verify_callback 232 EXIST:!VMS:FUNCTION:
|
SSL_CTX_set_cert_verify_callback 232 EXIST:!VMS:FUNCTION:
|
||||||
SSL_CTX_set_cert_verify_cb 232 EXIST:VMS:FUNCTION:
|
SSL_CTX_set_cert_verify_cb 232 EXIST:VMS:FUNCTION:
|
||||||
|
SSL_test_functions 233 EXIST::FUNCTION:UNIT_TEST
|
||||||
SSL_CTX_set_default_passwd_cb_userdata 235 EXIST:!VMS:FUNCTION:
|
SSL_CTX_set_default_passwd_cb_userdata 235 EXIST:!VMS:FUNCTION:
|
||||||
SSL_CTX_set_def_passwd_cb_ud 235 EXIST:VMS:FUNCTION:
|
SSL_CTX_set_def_passwd_cb_ud 235 EXIST:VMS:FUNCTION:
|
||||||
SSL_set_purpose 236 EXIST::FUNCTION:
|
SSL_set_purpose 236 EXIST::FUNCTION:
|
||||||
|
|
Loading…
Reference in a new issue