diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-01-03 09:51:34 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-01-04 17:12:43 +0100 |
| commit | 81f8d97b3486928048bb8ad701b4af62ddce9901 (patch) | |
| tree | 2b072a5b2e41ed38fbd052b73a07f1c7c54f21b8 | |
| parent | b978a25de5ef06754bf94bdfb2e6442b7fb6f1fa (diff) | |
| download | gnutls-tmp-tests-fail-on-signals.tar.gz | |
tests: treat all signals as errortmp-tests-fail-on-signals
Previously we were only treating SIGSEGV as error though there is
no reason to treat other signals as success and they may hide an
actual error case (e.g., when SIGPIPE is received). With this change we
treat any signals received by the child except SIGTERM as error, and
we ensure that SIGPIPE is ignored in all tests.
This also updates tests/slow/cipher-api-test.c to test failures with
SIGABRT or otherwise consistently.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | tests/alpn-server-prec.c | 3 | ||||
| -rw-r--r-- | tests/key-material-set-dtls.c | 3 | ||||
| -rw-r--r-- | tests/mini-alpn.c | 3 | ||||
| -rw-r--r-- | tests/mini-dtls-discard.c | 3 | ||||
| -rw-r--r-- | tests/mini-dtls-heartbeat.c | 3 | ||||
| -rw-r--r-- | tests/mini-dtls-record.c | 3 | ||||
| -rw-r--r-- | tests/mini-dtls-srtp.c | 3 | ||||
| -rw-r--r-- | tests/mini-record-failure.c | 1 | ||||
| -rw-r--r-- | tests/prf.c | 3 | ||||
| -rw-r--r-- | tests/psk-file.c | 5 | ||||
| -rw-r--r-- | tests/slow/cipher-api-test.c | 178 | ||||
| -rw-r--r-- | tests/utils.h | 3 |
12 files changed, 172 insertions, 39 deletions
diff --git a/tests/alpn-server-prec.c b/tests/alpn-server-prec.c index e8da9ebada..0461c5d39a 100644 --- a/tests/alpn-server-prec.c +++ b/tests/alpn-server-prec.c @@ -45,6 +45,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -262,6 +263,8 @@ static void start(const char *p1, const char *p2, const char *cp1, const char *c int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/key-material-set-dtls.c b/tests/key-material-set-dtls.c index 692c7a6574..4a569162bb 100644 --- a/tests/key-material-set-dtls.c +++ b/tests/key-material-set-dtls.c @@ -42,6 +42,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -354,6 +355,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-alpn.c b/tests/mini-alpn.c index 304d0a171c..bed981451a 100644 --- a/tests/mini-alpn.c +++ b/tests/mini-alpn.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -264,6 +265,8 @@ static void start(const char *p1, const char *p2) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-discard.c b/tests/mini-dtls-discard.c index e9201acaea..97bc6de29b 100644 --- a/tests/mini-dtls-discard.c +++ b/tests/mini-dtls-discard.c @@ -44,6 +44,7 @@ int main() #include <arpa/inet.h> #include <unistd.h> #include <errno.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <assert.h> @@ -266,6 +267,8 @@ void start(const char *prio) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-heartbeat.c b/tests/mini-dtls-heartbeat.c index bb6fa7e528..cb575f9b2c 100644 --- a/tests/mini-dtls-heartbeat.c +++ b/tests/mini-dtls-heartbeat.c @@ -43,6 +43,7 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -312,6 +313,8 @@ static void start(int server_initiated) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-record.c b/tests/mini-dtls-record.c index 63bba89aaf..4d92d81c54 100644 --- a/tests/mini-dtls-record.c +++ b/tests/mini-dtls-record.c @@ -45,6 +45,7 @@ int main() #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -367,6 +368,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-dtls-srtp.c b/tests/mini-dtls-srtp.c index 93c06820f8..78c03b3d1e 100644 --- a/tests/mini-dtls-srtp.c +++ b/tests/mini-dtls-srtp.c @@ -43,6 +43,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -304,6 +305,8 @@ static void start(int profile) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/mini-record-failure.c b/tests/mini-record-failure.c index 02b0546270..46df2a1900 100644 --- a/tests/mini-record-failure.c +++ b/tests/mini-record-failure.c @@ -331,6 +331,7 @@ static void ch_handler(int sig) void doit(void) { + signal(SIGPIPE, SIG_IGN); signal(SIGCHLD, ch_handler); start("aes-cbc", AES_CBC, 1); diff --git a/tests/prf.c b/tests/prf.c index 78526cfba8..ff839fe73c 100644 --- a/tests/prf.c +++ b/tests/prf.c @@ -41,6 +41,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #include <arpa/inet.h> #include <unistd.h> +#include <signal.h> #include <gnutls/gnutls.h> #include <gnutls/dtls.h> @@ -423,6 +424,8 @@ static void start(void) int fd[2]; int ret; + signal(SIGPIPE, SIG_IGN); + ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd); if (ret < 0) { perror("socketpair"); diff --git a/tests/psk-file.c b/tests/psk-file.c index 2512086e0f..0a6eef4b87 100644 --- a/tests/psk-file.c +++ b/tests/psk-file.c @@ -48,6 +48,7 @@ int main(int argc, char **argv) #include <sys/wait.h> #endif #include <unistd.h> +#include <signal.h> #include <assert.h> #include <gnutls/gnutls.h> @@ -304,6 +305,8 @@ void run_test3(const char *prio, const char *sprio, const char *user, const gnut int err; int sockets[2]; + signal(SIGPIPE, SIG_IGN); + if (expect_fail_serv || expect_fail_cli) { success("ntest %s (user:%s)\n", prio, user); } else { @@ -407,7 +410,7 @@ void doit(void) run_test2("NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE2048:+GROUP-FFDHE4096", "NORMAL:-VERS-ALL:+VERS-TLS1.3:+DHE-PSK:-GROUP-ALL:+GROUP-FFDHE4096", "jas", &key, 0, GNUTLS_KX_DHE_PSK, 0, 0); /* try without server credentials */ - run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_FATAL_ALERT_RECEIVED, GNUTLS_E_INSUFFICIENT_CREDENTIALS); + run_test3("NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+DHE-PSK", NULL, "jas", &key, 1, 0, 0, GNUTLS_E_PUSH_ERROR, GNUTLS_E_INSUFFICIENT_CREDENTIALS); } #endif /* _WIN32 */ diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c index 66b164037d..4a9cd1ea30 100644 --- a/tests/slow/cipher-api-test.c +++ b/tests/slow/cipher-api-test.c @@ -48,14 +48,54 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -static unsigned error_detected = 0; - -static void custom_abrt(int sig) +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_cipher(int algo) { - error_detected = 1; + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ + } + + ret = + gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's block conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret >= 0) + fail("succeeded in encrypting partial data on block cipher\n"); + + gnutls_cipher_deinit(ch); + + gnutls_global_deinit(); } -static void test_cipher(int algo, unsigned aead) +/* Test whether an invalid gnutls_cipher_add_auth() is caught */ +static void test_aead_cipher1(int algo) { int ret; gnutls_cipher_hd_t ch; @@ -63,10 +103,9 @@ static void test_cipher(int algo, unsigned aead) uint8_t iv16[32]; uint8_t data[128]; gnutls_datum_t key, iv; - unsigned auth = 1; if (algo == GNUTLS_CIPHER_CHACHA20_POLY1305) - auth = 0; + return; key.data = key16; key.size = gnutls_cipher_get_key_size(algo); @@ -94,44 +133,84 @@ static void test_cipher(int algo, unsigned aead) if (ret < 0) fail("gnutls_cipher_init failed\n"); /*errcode 1 */ - if (aead) { - if (auth) { - ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); - if (ret < 0) - fail("could not add auth data\n"); - - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_add_auth(ch, data, 16); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in adding auth data data after partial data were given\n"); - } + ret = gnutls_cipher_add_auth(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not add auth data\n"); - /* try encrypting in a way that violates nettle's AEAD conventions */ - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); - if (ret < 0) - fail("could not encrypt data\n"); + ret = gnutls_cipher_add_auth(ch, data, 16); + if (ret >= 0) + fail("succeeded in adding auth data data after partial data were given\n"); - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in encrypting partial data after partial data were given\n"); + gnutls_cipher_deinit(ch); - } else { - /* try encrypting in a way that violates nettle's block conventions */ - signal(SIGABRT, custom_abrt); - ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); - signal(SIGABRT, SIG_DFL); - if (ret >= 0 && error_detected == 0) - fail("succeeded in encrypting partial data on block cipher\n"); + gnutls_global_deinit(); + return; +} + +/* Test whether an invalid call to gnutls_cipher_encrypt() is caught */ +static void test_aead_cipher2(int algo) +{ + int ret; + gnutls_cipher_hd_t ch; + uint8_t key16[64]; + uint8_t iv16[32]; + uint8_t data[128]; + gnutls_datum_t key, iv; + + key.data = key16; + key.size = gnutls_cipher_get_key_size(algo); + assert(key.size <= sizeof(key16)); + + iv.data = iv16; + iv.size = gnutls_cipher_get_iv_size(algo); + assert(iv.size <= sizeof(iv16)); + + memset(iv.data, 0xff, iv.size); + memset(key.data, 0xfe, key.size); + memset(data, 0xfa, sizeof(data)); + + gnutls_global_set_log_function(tls_log_func); + if (debug) + gnutls_global_set_log_level(4711); + + ret = global_init(); + if (ret < 0) { + fail("Cannot initialize library\n"); /*errcode 1 */ } + + ret = + gnutls_cipher_init(&ch, algo, &key, &iv); + if (ret < 0) + fail("gnutls_cipher_init failed\n"); /*errcode 1 */ + + /* try encrypting in a way that violates nettle's AEAD conventions */ + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)-1); + if (ret < 0) + fail("could not encrypt data\n"); + + ret = gnutls_cipher_encrypt(ch, data, sizeof(data)); + if (ret >= 0) + fail("succeeded in encrypting partial data after partial data were given\n"); + gnutls_cipher_deinit(ch); gnutls_global_deinit(); return; } +static void check_status(int status) +{ + if (WEXITSTATUS(status) != 0 || + (WIFSIGNALED(status) && WTERMSIG(status) != SIGABRT)) { + if (WIFSIGNALED(status)) { + fail("Child died with signal %d\n", WTERMSIG(status)); + } else { + fail("Child died with status %d\n", + WEXITSTATUS(status)); + } + } +} + static void start(const char *name, int algo, unsigned aead) { @@ -152,9 +231,34 @@ void start(const char *name, int algo, unsigned aead) int status; /* parent */ wait(&status); - check_wait_status(status); + check_status(status); + } else { + if (!aead) + test_cipher(algo); + else + test_aead_cipher1(algo); + exit(0); + } + + if (!aead) + return; + + /* check test_aead_cipher2 */ + + child = fork(); + if (child < 0) { + perror("fork"); + fail("fork"); + return; + } + + if (child) { + int status; + /* parent */ + wait(&status); + check_status(status); } else { - test_cipher(algo,aead); + test_aead_cipher2(algo); exit(0); } } diff --git a/tests/utils.h b/tests/utils.h index b905065c52..e5728374fa 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -24,6 +24,7 @@ #define UTILS_H #include <stdio.h> +#include <stdlib.h> #include <signal.h> #include <string.h> #include <stdarg.h> @@ -148,7 +149,7 @@ inline static void _check_wait_status(int status, unsigned sigonly) { #if defined WEXITSTATUS && defined WIFSIGNALED if (WEXITSTATUS(status) != 0 || - (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV)) { + (WIFSIGNALED(status) && WTERMSIG(status) != SIGTERM)) { if (WIFSIGNALED(status)) { fail("Child died with signal %d\n", WTERMSIG(status)); } else { |