Merge branch 'tmp-tests-fail-on-signals' into 'master'

tests: treat all signals as error

Closes #623

See merge request gnutls/gnutls!856

12 files changed, 172 insertions, 39 deletions

diff --git a/tests/alpn-server-prec.c b/tests/alpn-server-prec.c
index e8da9ebada..0461c5d39a 100644
--- a/tests/alpn-server-prec.c
+++ b/tests/alpn-server-prec.c
@@ -45,6 +45,7 @@ int main(int argc, char **argv)
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -262,6 +263,8 @@ static void start(const char *p1, const char *p2, const char *cp1, const char *c
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/key-material-set-dtls.c b/tests/key-material-set-dtls.c
index 692c7a6574..4a569162bb 100644
--- a/tests/key-material-set-dtls.c
+++ b/tests/key-material-set-dtls.c
@@ -42,6 +42,7 @@ int main(int argc, char **argv)
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -354,6 +355,8 @@ static void start(void)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c
index 304d0a171c..bed981451a 100644
--- a/tests/mini-alpn.c
+++ b/tests/mini-alpn.c
@@ -41,6 +41,7 @@ int main(int argc, char **argv)
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -264,6 +265,8 @@ static void start(const char *p1, const char *p2)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/mini-dtls-discard.c b/tests/mini-dtls-discard.c
index e9201acaea..97bc6de29b 100644
--- a/tests/mini-dtls-discard.c
+++ b/tests/mini-dtls-discard.c
@@ -44,6 +44,7 @@ int main()
 #include <arpa/inet.h>
 #include <unistd.h>
 #include <errno.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 #include <assert.h>
@@ -266,6 +267,8 @@ void start(const char *prio)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c
index bb6fa7e528..cb575f9b2c 100644
--- a/tests/mini-dtls-heartbeat.c
+++ b/tests/mini-dtls-heartbeat.c
@@ -43,6 +43,7 @@ int main()
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -312,6 +313,8 @@ static void start(int server_initiated)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/mini-dtls-record.c b/tests/mini-dtls-record.c
index 63bba89aaf..4d92d81c54 100644
--- a/tests/mini-dtls-record.c
+++ b/tests/mini-dtls-record.c
@@ -45,6 +45,7 @@ int main()
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -367,6 +368,8 @@ static void start(void)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/mini-dtls-srtp.c b/tests/mini-dtls-srtp.c
index 93c06820f8..78c03b3d1e 100644
--- a/tests/mini-dtls-srtp.c
+++ b/tests/mini-dtls-srtp.c
@@ -43,6 +43,7 @@ int main(int argc, char **argv)
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -304,6 +305,8 @@ static void start(int profile)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/mini-record-failure.c b/tests/mini-record-failure.c
index 02b0546270..46df2a1900 100644
--- a/tests/mini-record-failure.c
+++ b/tests/mini-record-failure.c
@@ -331,6 +331,7 @@ static void ch_handler(int sig)
 
 void doit(void)
 {
+	signal(SIGPIPE, SIG_IGN);
 	signal(SIGCHLD, ch_handler);
 
 	start("aes-cbc", AES_CBC, 1);
diff --git a/tests/prf.c b/tests/prf.c
index 78526cfba8..ff839fe73c 100644
--- a/tests/prf.c
+++ b/tests/prf.c
@@ -41,6 +41,7 @@ int main(int argc, char **argv)
 #include <sys/wait.h>
 #include <arpa/inet.h>
 #include <unistd.h>
+#include <signal.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/dtls.h>
 
@@ -423,6 +424,8 @@ static void start(void)
 	int fd[2];
 	int ret;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
 	if (ret < 0) {
 		perror("socketpair");
diff --git a/tests/psk-file.c b/tests/psk-file.c
index 2512086e0f..0a6eef4b87 100644
--- a/tests/psk-file.c
+++ b/tests/psk-file.c
@@ -48,6 +48,7 @@ int main(int argc, char **argv)
 #include <sys/wait.h>
 #endif
 #include <unistd.h>
+#include <signal.h>
 #include <assert.h>
 #include <gnutls/gnutls.h>
 
@@ -304,6 +305,8 @@ void run_test3(const char *prio, const char *sprio, const char *user, const gnut
 	int err;
 	int sockets[2];
 
+	signal(SIGPIPE, SIG_IGN);
+
 	if (expect_fail_serv || expect_fail_cli) {
 		success("ntest %s (user:%s)\n", prio, user);
 	} else {
@@ -407,7 +410,7 @@ void doit(void)
 	run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", "jas", &key, 0, GNUTLS_KX_DHE_PSK, 0, 0);
 
 	/* try without server credentials */
-	run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+	run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS);
 }
 
 #endif				/* _WIN32 */
diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c
index 66b164037d..4a9cd1ea30 100644
--- a/tests/slow/cipher-api-test.c
+++ b/tests/slow/cipher-api-test.c
@@ -48,14 +48,54 @@ static void tls_log_func(int level, const char *str)
 	fprintf(stderr, "<%d>| %s", level, str);
 }
 
-static unsigned error_detected = 0;
-
-static void custom_abrt(int sig)
+/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */
+static void test_cipher(int algo)
 {
-	error_detected = 1;
+	int ret;
+	gnutls_cipher_hd_t ch;
+	uint8_t key16[64];
+	uint8_t iv16[32];
+	uint8_t data[128];
+	gnutls_datum_t key, iv;
+
+	key.data = key16;
+	key.size = gnutls_cipher_get_key_size(algo);
+	assert(key.size <= sizeof(key16));
+
+	iv.data = iv16;
+	iv.size = gnutls_cipher_get_iv_size(algo);
+	assert(iv.size <= sizeof(iv16));
+
+	memset(iv.data, 0xff, iv.size);
+	memset(key.data, 0xfe, key.size);
+	memset(data, 0xfa, sizeof(data));
+
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(4711);
+
+	ret = global_init();
+	if (ret < 0) {
+		fail("Cannot initialize library\n"); /*errcode 1 */
+	}
+
+	ret =
+	    gnutls_cipher_init(&ch, algo, &key, &iv);
+	if (ret < 0)
+		fail("gnutls_cipher_init failed\n"); /*errcode 1 */
+
+	/* try encrypting in a way that violates nettle's block conventions */
+	ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1);
+	if (ret >= 0)
+		fail("succeeded in encrypting partial data on block cipher\n");
+
+	gnutls_cipher_deinit(ch);
+
+	gnutls_global_deinit();
 }
 
-static void test_cipher(int algo, unsigned aead)
+/* Test whether an invalid gnutls_cipher_add_auth() is caught */
+static void test_aead_cipher1(int algo)
 {
 	int ret;
 	gnutls_cipher_hd_t ch;
@@ -63,10 +103,9 @@ static void test_cipher(int algo, unsigned aead)
 	uint8_t iv16[32];
 	uint8_t data[128];
 	gnutls_datum_t key, iv;
-	unsigned auth = 1;
 
 	if (algo == GNUTLS_CIPHER_CHACHA20_POLY1305)
-		auth = 0;
+		return;
 
 	key.data = key16;
 	key.size = gnutls_cipher_get_key_size(algo);
@@ -94,44 +133,84 @@ static void test_cipher(int algo, unsigned aead)
 	if (ret < 0)
 		fail("gnutls_cipher_init failed\n"); /*errcode 1 */
 
-	if (aead) {
-		if (auth) {
-			ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1);
-			if (ret < 0)
-				fail("could not add auth data\n");
-
-			signal(SIGABRT, custom_abrt);
-			ret = gnutls_cipher_add_auth(ch, data, 16);
-			signal(SIGABRT, SIG_DFL);
-			if (ret >= 0 && error_detected == 0)
-				fail("succeeded in adding auth data data after partial data were given\n");
-		}
+	ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1);
+	if (ret < 0)
+		fail("could not add auth data\n");
 
-		/* try encrypting in a way that violates nettle's AEAD conventions */
-		ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1);
-		if (ret < 0)
-			fail("could not encrypt data\n");
+	ret = gnutls_cipher_add_auth(ch, data, 16);
+	if (ret >= 0)
+		fail("succeeded in adding auth data data after partial data were given\n");
 
-		signal(SIGABRT, custom_abrt);
-		ret = gnutls_cipher_encrypt(ch, data, sizeof(data));
-		signal(SIGABRT, SIG_DFL);
-		if (ret >= 0 && error_detected == 0)
-			fail("succeeded in encrypting partial data after partial data were given\n");
+	gnutls_cipher_deinit(ch);
 
-	} else {
-		/* try encrypting in a way that violates nettle's block conventions */
-		signal(SIGABRT, custom_abrt);
-		ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1);
-		signal(SIGABRT, SIG_DFL);
-		if (ret >= 0 && error_detected == 0)
-			fail("succeeded in encrypting partial data on block cipher\n");
+	gnutls_global_deinit();
+	return;
+}
+
+/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */
+static void test_aead_cipher2(int algo)
+{
+	int ret;
+	gnutls_cipher_hd_t ch;
+	uint8_t key16[64];
+	uint8_t iv16[32];
+	uint8_t data[128];
+	gnutls_datum_t key, iv;
+
+	key.data = key16;
+	key.size = gnutls_cipher_get_key_size(algo);
+	assert(key.size <= sizeof(key16));
+
+	iv.data = iv16;
+	iv.size = gnutls_cipher_get_iv_size(algo);
+	assert(iv.size <= sizeof(iv16));
+
+	memset(iv.data, 0xff, iv.size);
+	memset(key.data, 0xfe, key.size);
+	memset(data, 0xfa, sizeof(data));
+
+	gnutls_global_set_log_function(tls_log_func);
+	if (debug)
+		gnutls_global_set_log_level(4711);
+
+	ret = global_init();
+	if (ret < 0) {
+		fail("Cannot initialize library\n"); /*errcode 1 */
 	}
+
+	ret =
+	    gnutls_cipher_init(&ch, algo, &key, &iv);
+	if (ret < 0)
+		fail("gnutls_cipher_init failed\n"); /*errcode 1 */
+
+	/* try encrypting in a way that violates nettle's AEAD conventions */
+	ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1);
+	if (ret < 0)
+		fail("could not encrypt data\n");
+
+	ret = gnutls_cipher_encrypt(ch, data, sizeof(data));
+	if (ret >= 0)
+		fail("succeeded in encrypting partial data after partial data were given\n");
+
 	gnutls_cipher_deinit(ch);
 
 	gnutls_global_deinit();
 	return;
 }
 
+static void check_status(int status)
+{
+	if (WEXITSTATUS(status) != 0 ||
+	    (WIFSIGNALED(status) && WTERMSIG(status) != SIGABRT)) {
+		if (WIFSIGNALED(status)) {
+			fail("Child died with signal %d\n", WTERMSIG(status));
+		} else {
+			fail("Child died with status %d\n",
+			     WEXITSTATUS(status));
+		}
+	}
+}
+
 static
 void start(const char *name, int algo, unsigned aead)
 {
@@ -152,9 +231,34 @@ void start(const char *name, int algo, unsigned aead)
 		int status;
 		/* parent */
 		wait(&status);
-		check_wait_status(status);
+		check_status(status);
+	} else {
+		if (!aead)
+			test_cipher(algo);
+		else
+			test_aead_cipher1(algo);
+		exit(0);
+	}
+
+	if (!aead)
+		return;
+
+	/* check test_aead_cipher2 */
+
+	child = fork();
+	if (child < 0) {
+		perror("fork");
+		fail("fork");
+		return;
+	}
+
+	if (child) {
+		int status;
+		/* parent */
+		wait(&status);
+		check_status(status);
 	} else {
-		test_cipher(algo,aead);
+		test_aead_cipher2(algo);
 		exit(0);
 	}
 }
diff --git a/tests/utils.h b/tests/utils.h
index b905065c52..e5728374fa 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -24,6 +24,7 @@
 #define UTILS_H
 
 #include <stdio.h>
+#include <stdlib.h>
 #include <signal.h>
 #include <string.h>
 #include <stdarg.h>
@@ -148,7 +149,7 @@ inline static void _check_wait_status(int status, unsigned sigonly)
 {
 #if defined WEXITSTATUS && defined WIFSIGNALED
 	if (WEXITSTATUS(status) != 0 ||
-	    (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) {
+	    (WIFSIGNALED(status) && WTERMSIG(status) != SIGTERM)) {
 		if (WIFSIGNALED(status)) {
 			fail("Child died with signal %d\n", WTERMSIG(status));
 		} else {