diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-07-23 13:18:06 +0100 |
---|---|---|
committer | Janusz Kozerski <j.kozerski@samsung.com> | 2014-10-20 15:25:32 +0200 |
commit | 14008ec5123d465333de63310729f5008410a411 (patch) | |
tree | 7df271b3dcedf380c8accd7272922406e0a66b51 | |
parent | ae25ee5cb1f4bb7ae9c83bddef98735ba271e4cb (diff) | |
download | openssl-14008ec5123d465333de63310729f5008410a411.tar.gz openssl-14008ec5123d465333de63310729f5008410a411.tar.bz2 openssl-14008ec5123d465333de63310729f5008410a411.zip |
Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.
By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
(cherry picked from commit e0fc7961c4fbd27577fb519d9aea2dc788742715)
Conflicts:
ssl/Makefile
util/mkdef.pl
-rwxr-xr-x | Configure | 1 | ||||
-rw-r--r-- | ssl/Makefile | 4 | ||||
-rw-r--r-- | ssl/heartbeat_test.c | 5 | ||||
-rw-r--r-- | ssl/ssl.h | 4 | ||||
-rw-r--r-- | ssl/ssl_locl.h | 17 | ||||
-rw-r--r-- | ssl/ssl_utst.c | 73 | ||||
-rwxr-xr-x | util/mk1mf.pl | 1 | ||||
-rwxr-xr-x | util/mkdef.pl | 7 | ||||
-rwxr-xr-x | util/ssleay.num | 1 |
9 files changed, 109 insertions, 4 deletions
@@ -720,6 +720,7 @@ my %disabled = ( # "what" => "comment" [or special keyword "experimental "sctp" => "default", "shared" => "default", "store" => "experimental", + "unit-test" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); diff --git a/ssl/Makefile b/ssl/Makefile index 0045d89..9f3800d 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -30,7 +30,7 @@ LIBSRC= \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c \ - bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c + bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c ssl_utst.c LIBOBJ= \ s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ @@ -41,7 +41,7 @@ LIBOBJ= \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o \ - bio_ssl.o ssl_err.o kssl.o tls_srp.o t1_reneg.o + bio_ssl.o ssl_err.o kssl.o tls_srp.o t1_reneg.o ssl_utst.o SRC= $(LIBSRC) diff --git a/ssl/heartbeat_test.c b/ssl/heartbeat_test.c index a0a3690..de9d397 100644 --- a/ssl/heartbeat_test.c +++ b/ssl/heartbeat_test.c @@ -38,14 +38,17 @@ * http://mike-bland.com/tags/heartbleed.html */ +#define OPENSSL_UNIT_TEST + #include "../test/testutil.h" + #include "../ssl/ssl_locl.h" #include <ctype.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_SYS_WINDOWS) +#if !defined(OPENSSL_NO_HEARTBEATS) && !defined(OPENSSL_NO_UNIT_TEST) /* As per https://tools.ietf.org/html/rfc6520#section-4 */ #define MIN_PADDING_SIZE 16 @@ -2056,6 +2056,10 @@ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secre void SSL_set_debug(SSL *s, int debug); int SSL_cache_hit(SSL *s); +#ifndef OPENSSL_NO_UNIT_TEST +const struct openssl_ssl_test_functions *SSL_test_functions(void); +#endif + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 97cde40..1dcce42 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -810,6 +810,16 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } +struct openssl_ssl_test_functions + { + int (*p_ssl_init_wbio_buffer)(SSL *s, int push); + int (*p_ssl3_setup_buffers)(SSL *s); + int (*p_tls1_process_heartbeat)(SSL *s); + int (*p_dtls1_process_heartbeat)(SSL *s); + }; + +#ifndef OPENSSL_UNIT_TEST + void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); @@ -1174,5 +1184,12 @@ void ssl3_cbc_digest_record( void tls_fips_digest_extra( const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len, size_t orig_len); +#else + +#define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer +#define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers +#define tls1_process_heartbeat SSL_test_functions()->p_tls1_process_heartbeat +#define dtls1_process_heartbeat SSL_test_functions()->p_dtls1_process_heartbeat #endif +#endif diff --git a/ssl/ssl_utst.c b/ssl/ssl_utst.c new file mode 100644 index 0000000..3679bc3 --- /dev/null +++ b/ssl/ssl_utst.c @@ -0,0 +1,73 @@ +/* ssl_utst.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include "ssl_locl.h" + +#ifndef OPENSSL_NO_UNIT_TEST + + +static const struct openssl_ssl_test_functions ssl_test_functions = + { + ssl_init_wbio_buffer, + ssl3_setup_buffers, + tls1_process_heartbeat, + dtls1_process_heartbeat + }; + +const struct openssl_ssl_test_functions *SSL_test_functions(void) + { + return &ssl_test_functions; + } + +#endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 72fa089..bcd00ba 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1150,6 +1150,7 @@ sub read_options "no-montasm" => 0, "no-shared" => 0, "no-store" => 0, + "no-unit-test" => 0, "no-zlib" => 0, "no-zlib-dynamic" => 0, "fips" => \$fips diff --git a/util/mkdef.pl b/util/mkdef.pl index 9a8c7b8..79d4de8 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -116,7 +116,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # Hide SSL internals "SSL_INTERN", # SCTP - "SCTP"); + "SCTP", + # Unit testing + "UNIT_TEST"); my $options=""; open(IN,"<Makefile") || die "unable to open Makefile!\n"; @@ -137,6 +139,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; +my $no_unit_test; my $fips; @@ -235,6 +238,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-jpake$/) { $no_jpake=1; } elsif (/^no-srp$/) { $no_srp=1; } elsif (/^no-sctp$/) { $no_sctp=1; } + elsif (/^no-unit-test$/){ $no_unit_test=1; } } @@ -1205,6 +1209,7 @@ sub is_valid if ($keyword eq "JPAKE" && $no_jpake) { return 0; } if ($keyword eq "SRP" && $no_srp) { return 0; } if ($keyword eq "SCTP" && $no_sctp) { return 0; } + if ($keyword eq "UNIT_TEST" && $no_unit_test) { return 0; } if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; } # Nothing recognise as true diff --git a/util/ssleay.num b/util/ssleay.num index 37655bc..1c05a3c 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -181,6 +181,7 @@ SSL_get_verify_depth 229 EXIST::FUNCTION: SSL_CTX_set_session_id_context 231 EXIST::FUNCTION: SSL_CTX_set_cert_verify_callback 232 EXIST:!VMS:FUNCTION: SSL_CTX_set_cert_verify_cb 232 EXIST:VMS:FUNCTION: +SSL_test_functions 233 EXIST::FUNCTION:UNIT_TEST SSL_CTX_set_default_passwd_cb_userdata 235 EXIST:!VMS:FUNCTION: SSL_CTX_set_def_passwd_cb_ud 235 EXIST:VMS:FUNCTION: SSL_set_purpose 236 EXIST::FUNCTION: |