commit b5aa257d46f427115403ae10fe8a0588afa3721d Author: Nick Mathewson nickm@torproject.org Date: Fri Oct 2 14:33:54 2015 +0200
Fix "make check-spaces" --- src/common/crypto.c | 1 + src/common/crypto.h | 1 + src/common/tortls.c | 73 +++++------ src/common/tortls.h | 31 +++-- src/test/test.c | 1 + src/test/test_routerset.c | 4 +- src/test/test_tortls.c | 310 +++++++++++++++++++++++++-------------------- 7 files changed, 233 insertions(+), 188 deletions(-)
diff --git a/src/common/crypto.c b/src/common/crypto.c index b6ead83..7b38568 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2734,3 +2734,4 @@ crypto_global_cleanup(void) }
/** @} */ + diff --git a/src/common/crypto.h b/src/common/crypto.h index ede7d5b..96e202d 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -296,3 +296,4 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh); void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
#endif + diff --git a/src/common/tortls.c b/src/common/tortls.c index 04ec69c..2a024c7 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -111,7 +111,6 @@ #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010 #endif
- /** Return values for tor_tls_classify_client_ciphers. * * @{ @@ -130,7 +129,6 @@ #define CIPHERS_UNRESTRICTED 3 /** @} */
- /** The ex_data index in which we store a pointer to an SSL object's * corresponding tor_tls_t object. */ STATIC int tor_tls_object_ex_data_index = -1; @@ -383,7 +381,7 @@ tor_tls_init(void) OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) long version = SSLeay();
- /* LCOV_EXCL_START because we can't reasonably test these lines on the same machine */ + /* LCOV_EXCL_START : we can't test these lines on the same machine */ if (version >= OPENSSL_V_SERIES(1,0,1)) { /* Warn if we could *almost* be running with much faster ECDH. If we're built for a 64-bit target, using OpenSSL 1.0.1, but we @@ -456,7 +454,7 @@ tor_x509_name_new(const char *cname) { int nid; X509_NAME *name; - /* LCOV_EXCL_BR_START because these branches will only fail on out of memory errors */ + /* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */ if (!(name = X509_NAME_new())) return NULL; if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error; @@ -466,7 +464,7 @@ tor_x509_name_new(const char *cname) /* LCOV_EXCL_BR_STOP */ return name; error: - /* LCOV_EXCL_START because these lines will only execute on out of memory errors*/ + /* LCOV_EXCL_START : these lines will only execute on out of memory errors*/ X509_NAME_free(name); return NULL; /* LCOV_EXCL_STOP */ @@ -516,17 +514,17 @@ MOCK_IMPL(STATIC X509 *, goto error; if (!(pkey = crypto_pk_get_evp_pkey_(rsa,0))) goto error; - if (!(x509 = X509_new())) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */ + if (!(x509 = X509_new())) goto error; - if (!(X509_set_version(x509, 2))) /* LCOV_EXCL_BR_LINE because this can only fail when something catastrophic happens in openssl */ + if (!(X509_set_version(x509, 2))) goto error;
{ /* our serial number is 8 random bytes. */ if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0) goto error; - if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */ + if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) goto error; - if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509)))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */ + if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509)))) goto error; }
@@ -676,7 +674,7 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
length = i2d_X509(x509_cert, &buf); cert = tor_malloc_zero(sizeof(tor_x509_cert_t)); - if (length <= 0 || buf == NULL) { /* LCOV_EXCL_BR_LINE because these conditions can't be provoked without memory failures */ + if (length <= 0 || buf == NULL) { /* LCOV_EXCL_START for the same reason as the exclusion above */ tor_free(cert); log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate"); @@ -1192,7 +1190,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, goto error; X509_free(cert); /* We just added a reference to cert. */ cert=NULL; - if (idcert) { /* LCOV_EXCL_BR_LINE because we can't actually get here without a valid idcert */ + if (idcert) { X509_STORE *s = SSL_CTX_get_cert_store(result->ctx); tor_assert(s); X509_STORE_add_cert(s, idcert); @@ -1272,8 +1270,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val) { - log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + /* LCOV_EXCL_START since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].", ssl, SSL_state_string_long(ssl), type, val); + /* LCOV_EXCL_STOP */ }
/* Return the name of the negotiated ciphersuite in use on <b>tls</b> */ @@ -1333,7 +1333,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) { unsigned char cipherid[3]; tor_assert(ssl); - set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */ + set_uint16(cipherid, htons(cipher)); cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting * with a two-byte 'cipherid', it may look for a v2 * cipher with the appropriate 3 bytes. */ @@ -1345,7 +1345,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher) #elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR) if (m && m->get_cipher_by_char) { unsigned char cipherid[3]; - set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */ + set_uint16(cipherid, htons(cipher)); cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting * with a two-byte 'cipherid', it may look for a v2 * cipher with the appropriate 3 bytes. */ @@ -1436,7 +1436,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl, strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) && strcmp(ciphername, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) && strcmp(ciphername, "(NONE)")) { - log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername); // return 1; goto v2_or_higher; } @@ -1474,9 +1474,9 @@ tor_tls_classify_client_ciphers(const SSL *ssl, smartlist_add(elts, (char*)ciphername); } s = smartlist_join_strings(elts, ":", 0, NULL); - log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s. It is: '%s'", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s. It is: '%s'", (res == CIPHERS_V2) ? "fictitious" : "real", ADDR(tor_tls), s); - tor_free(s); /* LCOV_EXCL_BR_LINE since s will always be non-null here */ + tor_free(s); smartlist_free(elts); } done: @@ -1555,7 +1555,7 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val) /* Don't send a hello request. */ SSL_set_verify((SSL*) ssl, SSL_VERIFY_NONE, NULL);
- if (tls) { /* LCOV_EXCL_BR_LINE impossible to have tls be NULL here, it's checked earlier */ + if (tls) { tls->wasV2Handshake = 1; } else { log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); /* LCOV_EXCL_LINE this line is not reachable */ @@ -1618,7 +1618,7 @@ tor_tls_new(int sock, int isServer) tor_assert(context); /* make sure somebody made it first */ if (!(result->ssl = SSL_new(context->ctx))) { tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object"); - tor_free(result); /* LCOV_EXCL_BR_LINE because result can't be null here */ + tor_free(result); goto err; }
@@ -1627,7 +1627,7 @@ tor_tls_new(int sock, int isServer) if (!isServer) { char *fake_hostname = crypto_random_hostname(4,25, "www.",".com"); SSL_set_tlsext_host_name(result->ssl, fake_hostname); - tor_free(fake_hostname); /* LCOV_EXCL_BR_LINE because fake_hostname can't be null here */ + tor_free(fake_hostname); } #endif
@@ -1638,7 +1638,7 @@ tor_tls_new(int sock, int isServer) SSL_set_tlsext_host_name(result->ssl, NULL); #endif SSL_free(result->ssl); - tor_free(result); /* LCOV_EXCL_BR_LINE because this can't be null here */ + tor_free(result); goto err; } result->socket = sock; @@ -1791,7 +1791,7 @@ tor_tls_free(tor_tls_t *tls) tor_tls_context_decref(tls->context); tor_free(tls->address); tls->magic = 0x99999999; - tor_free(tls); /* LCOV_EXCL_BR_LINE because this line will not be reached if tls is NULL */ + tor_free(tls); }
/** Underlying function for TLS reading. Reads up to <b>len</b> @@ -1812,7 +1812,7 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len)) #ifdef V2_HANDSHAKE_SERVER if (tls->got_renegotiate) { /* Renegotiation happened! */ - log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls)); /* LCOV_EXCL_BR_LINE because testing the branches of ADDR feels not so useful here */ + log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls)); if (tls->negotiated_callback) tls->negotiated_callback(tls, tls->callback_arg); tls->got_renegotiate = 0; @@ -1821,13 +1821,13 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len)) return r; } err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET); - if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) { /* LCOV_EXCL_BR_LINE err can never be TOR_TLS_CLOSE here because tor_tls_get_error will never return it with those parameters */ - log_debug(LD_NET,"read returned r=%d; TLS is closed",r); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) { + log_debug(LD_NET,"read returned r=%d; TLS is closed",r); tls->state = TOR_TLS_ST_CLOSED; return TOR_TLS_CLOSE; } else { tor_assert(err != TOR_TLS_DONE); - log_debug(LD_NET,"read returned r=%d, err=%d",r,err); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_NET,"read returned r=%d, err=%d",r,err); return err; } } @@ -1857,7 +1857,7 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n) if (tls->wantwrite_n) { /* if WANTWRITE last time, we must use the _same_ n as before */ tor_assert(n >= tls->wantwrite_n); - log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)", (int)n, (int)tls->wantwrite_n); n = tls->wantwrite_n; tls->wantwrite_n = 0; @@ -1890,16 +1890,16 @@ tor_tls_handshake(tor_tls_t *tls) check_no_tls_errors(); oldstate = SSL_state(tls->ssl); if (tls->isServer) { - log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, SSL_state_string_long(tls->ssl)); r = SSL_accept(tls->ssl); } else { - log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls, SSL_state_string_long(tls->ssl)); r = SSL_connect(tls->ssl); } if (oldstate != SSL_state(tls->ssl)) - log_debug(LD_HANDSHAKE, "After call, %p was in state %s", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "After call, %p was in state %s", tls, SSL_state_string_long(tls->ssl)); /* We need to call this here and not earlier, since OpenSSL has a penchant * for clearing its flags when you say accept or connect. */ @@ -1944,7 +1944,7 @@ tor_tls_finish_handshake(tor_tls_t *tls) " get set. Fixing that."); } tls->wasV2Handshake = 1; - log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting" /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting" " for renegotiation."); } else { tls->wasV2Handshake = 0; @@ -1957,11 +1957,11 @@ tor_tls_finish_handshake(tor_tls_t *tls) STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl); int n_certs = sk_X509_num(chain); if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) { - log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it " /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it " "looks like a v1 handshake on %p", tls); tls->wasV2Handshake = 0; } else { - log_debug(LD_HANDSHAKE, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */ + log_debug(LD_HANDSHAKE, "Server sent back a single certificate; looks like " "a v2 handshake on %p.", tls); tls->wasV2Handshake = 1; @@ -2200,7 +2200,7 @@ MOCK_IMPL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t * num_in_chain); return; } - for (i=0; i<num_in_chain; ++i) { /* LCOV_EXCL_BR_LINE because we can never hit the case when we don't enter this loop, since num_in_chain<1 is checked above */ + for (i=0; i<num_in_chain; ++i) { id_cert = sk_X509_value(chain, i); if (X509_cmp(id_cert, cert) != 0) break; @@ -2445,7 +2445,7 @@ dn_indicates_v3_cert(X509_NAME *name)
str = X509_NAME_ENTRY_get_data(entry); len = ASN1_STRING_to_UTF8(&s, str); - if (len < 0){ + if (len < 0) { return 0; } r = fast_memneq(s + len - 4, ".net", 4); @@ -2625,7 +2625,7 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out)) (char*)buf, len); memwipe(buf, 0, sizeof(buf)); memwipe(master_key, 0, master_key_len); - tor_free(master_key); /* LCOV_EXCL_BR_LINE since master_key will never be NULL here */ + tor_free(master_key);
return 0; } @@ -2762,3 +2762,4 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
return ret; } + diff --git a/src/common/tortls.h b/src/common/tortls.h index 1775f82..6db0e8b 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -55,7 +55,6 @@ typedef struct tor_x509_cert_t tor_x509_cert_t;
#define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
- #ifdef TORTLS_PRIVATE #define TOR_TLS_MAGIC 0x71571571
@@ -128,40 +127,45 @@ struct tor_tls_t { void *callback_arg; };
- STATIC int tor_errno_to_tls_error(int e); STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra, const char *doing, int severity, int domain); STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl); STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void); STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx); -STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, STACK_OF(SSL_CIPHER) *peer_ciphers); +STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, + STACK_OF(SSL_CIPHER) *peer_ciphers); STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl); -MOCK_DECL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out)); +MOCK_DECL(STATIC void, try_to_extract_certs_from_tls, + (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out)); STATIC int dn_indicates_v3_cert(X509_NAME *name); -STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len); +STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, + size_t len); STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val); STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val); -STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); -STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher); +STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, + int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + SSL_CIPHER **cipher, void *arg); +STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, + uint16_t cipher); MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa, crypto_pk_t *rsa_sign, const char *cname, const char *cname_sign, - unsigned int cert_lifetime)); -STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client); + unsigned int cert_lifetime)); +STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, + unsigned int key_lifetime, unsigned flags, int is_client); MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert)); STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext, crypto_pk_t *identity, unsigned int key_lifetime, unsigned int flags, int is_client); -STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing); +STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, + const char *doing); #endif
- - - const char *tor_tls_err_to_string(int err); void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
@@ -254,3 +258,4 @@ const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls); int evaluate_ecgroup_for_tls(const char *ecgroup);
#endif + diff --git a/src/test/test.c b/src/test/test.c index 26c27a8..97a714e 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1218,3 +1218,4 @@ struct testgroup_t testgroups[] = { { "dns/", dns_tests }, END_OF_GROUPS }; + diff --git a/src/test/test_routerset.c b/src/test/test_routerset.c index 3e9317c..74b39c0 100644 --- a/src/test/test_routerset.c +++ b/src/test/test_routerset.c @@ -500,7 +500,7 @@ NS(test_main)(void *arg) tt_int_op(smartlist_len(set->policies), OP_NE, 0); tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
-done: + done: routerset_free(set); }
@@ -547,7 +547,7 @@ NS(test_main)(void *arg) tt_int_op(smartlist_len(set->policies), OP_NE, 0); tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
-done: + done: routerset_free(set); }
diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index 9524558..de900be 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -41,12 +41,17 @@ static void test_tortls_errno_to_tls_error(void *data) { (void) data; - tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,TOR_TLS_ERROR_CONNRESET); - tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,TOR_TLS_ERROR_TIMEOUT); - tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE); - tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE); - tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,TOR_TLS_ERROR_CONNREFUSED); - tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC); + tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ, + TOR_TLS_ERROR_CONNRESET); + tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ, + TOR_TLS_ERROR_TIMEOUT); + tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ, + TOR_TLS_ERROR_NO_ROUTE); + tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ, + TOR_TLS_ERROR_NO_ROUTE); + tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ, + TOR_TLS_ERROR_CONNREFUSED); + tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC); done: (void)1; } @@ -55,17 +60,21 @@ static void test_tortls_err_to_string(void *data) { (void) data; - tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,"connection refused"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,"connection reset"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,"host unreachable"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,"connection timed out"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read"); - tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write"); - tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)"); + tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ, + "connection refused"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ, + "connection reset"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ, + "host unreachable"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ, + "connection timed out"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read"); + tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write"); + tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)"); done: (void)1; } @@ -82,28 +91,27 @@ static void test_tortls_tor_tls_new(void *data) { (void) data; - MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); - crypto_pk_t *key1 = NULL, *key2 = NULL; - key1 = pk_generate(2); - key2 = pk_generate(3); - - tor_tls_t *tls; - tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, - key1, key2, 86400), OP_EQ, 0); - tls = tor_tls_new(-1, 0); - tt_want(tls); + MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); + crypto_pk_t *key1 = NULL, *key2 = NULL; + key1 = pk_generate(2); + key2 = pk_generate(3);
+ tor_tls_t *tls; + tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, + key1, key2, 86400), OP_EQ, 0); + tls = tor_tls_new(-1, 0); + tt_want(tls);
- client_tls_context->ctx = NULL; - tls = tor_tls_new(-1, 0); - tt_assert(!tls); + client_tls_context->ctx = NULL; + tls = tor_tls_new(-1, 0); + tt_assert(!tls);
- SSL_METHOD *method = give_me_a_test_method(); - SSL_CTX *ctx = SSL_CTX_new(method); - method->num_ciphers = fake_num_ciphers; - client_tls_context->ctx = ctx; - tls = tor_tls_new(-1, 0); - tt_assert(!tls); + SSL_METHOD *method = give_me_a_test_method(); + SSL_CTX *ctx = SSL_CTX_new(method); + method->num_ciphers = fake_num_ciphers; + client_tls_context->ctx = ctx; + tls = tor_tls_new(-1, 0); + tt_assert(!tls);
done: UNMOCK(tor_tls_cert_matches_key); @@ -113,40 +121,41 @@ test_tortls_tor_tls_new(void *data)
#define NS_MODULE tortls NS_DECL(void, logv, (int severity, log_domain_mask_t domain, - const char *funcname, const char *suffix, const char *format, va_list ap)); + const char *funcname, const char *suffix, + const char *format, va_list ap));
static void NS(logv)(int severity, log_domain_mask_t domain, - const char *funcname, const char *suffix, const char *format, - va_list ap) + const char *funcname, const char *suffix, const char *format, + va_list ap) { - (void) severity; - (void) domain; - (void) funcname; - (void) suffix; - (void) format; - (void) ap; // XXXX look at this. - CALLED(logv)++; + (void) severity; + (void) domain; + (void) funcname; + (void) suffix; + (void) format; + (void) ap; // XXXX look at this. + CALLED(logv)++; }
static void test_tortls_tor_tls_get_error(void *data) { (void) data; - MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); - crypto_pk_t *key1 = NULL, *key2 = NULL; - key1 = pk_generate(2); - key2 = pk_generate(3); - - tor_tls_t *tls; - tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, - key1, key2, 86400), OP_EQ, 0); - tls = tor_tls_new(-1, 0); - NS_MOCK(logv); - tt_int_op(CALLED(logv), OP_EQ, 0); - tor_tls_get_error(tls, 0, 0, - (const char *)"test", 0, 0); - tt_int_op(CALLED(logv), OP_EQ, 1); + MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key); + crypto_pk_t *key1 = NULL, *key2 = NULL; + key1 = pk_generate(2); + key2 = pk_generate(3); + + tor_tls_t *tls; + tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER, + key1, key2, 86400), OP_EQ, 0); + tls = tor_tls_new(-1, 0); + NS_MOCK(logv); + tt_int_op(CALLED(logv), OP_EQ, 0); + tor_tls_get_error(tls, 0, 0, + (const char *)"test", 0, 0); + tt_int_op(CALLED(logv), OP_EQ, 1);
done: UNMOCK(tor_tls_cert_matches_key); @@ -284,58 +293,68 @@ test_tortls_log_one_error(void *ignored)
tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something"); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in (null):(null):---)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: " + "(null) (in (null):(null):---)\n");
mock_clean_saved_logs(); tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) (in (null):(null):---)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) " + "(in (null):(null):---)\n");
mock_clean_saved_logs(); tls->address = tor_strdup("127.hello"); tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):---)\n"); - + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) " + "(in (null):(null):---)\n");
mock_clean_saved_logs(); tls->address = tor_strdup("127.hello"); tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg"); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with 127.hello: (null) (in (null):(null):---)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with " + "127.hello: (null) (in (null):(null):---)\n");
mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: BN lib (in unknown library:(null):---)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: " + "BN lib (in unknown library:(null):---)\n");
mock_clean_saved_logs(); - tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), LOG_WARN, 0, NULL); + tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), + LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs(); - tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST), LOG_WARN, 0, NULL); + tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST), + LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs(); - tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH), LOG_WARN, 0, NULL); + tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH), + LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs(); - tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE), LOG_WARN, 0, NULL); + tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE), + LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs(); - tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL), LOG_WARN, 0, NULL); + tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL), + LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
mock_clean_saved_logs(); - tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL), LOG_WARN, 0, NULL); + tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL), + LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
@@ -344,7 +363,8 @@ test_tortls_log_one_error(void *ignored) mock_clean_saved_logs(); tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):before/accept initialization)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null)" + " (in (null):(null):before/accept initialization)\n");
done: teardown_capture_of_logs(previous_log); @@ -373,7 +393,8 @@ test_tortls_get_error(void *ignored) ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0); tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while something (before/accept initialization)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while" + " something (before/accept initialization)\n");
mock_clean_saved_logs(); ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0); @@ -391,7 +412,8 @@ test_tortls_get_error(void *ignored) ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0); tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in bignum routines:(null):before/accept initialization)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null)" + " (in bignum routines:(null):before/accept initialization)\n");
mock_clean_saved_logs(); ERR_clear_error(); @@ -409,7 +431,6 @@ test_tortls_get_error(void *ignored) tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE); tt_int_op(mock_saved_log_number(), OP_EQ, 0);
- mock_clean_saved_logs(); ERR_clear_error(); tls->ssl->rwstate = 0; @@ -429,7 +450,9 @@ test_tortls_get_error(void *ignored) ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0); tt_int_op(ret, OP_EQ, -9); tt_int_op(mock_saved_log_number(), OP_EQ, 2); - tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while something: (null) (in system library:connect:before/accept initialization)\n"); + tt_str_op(mock_saved_log_at(1), OP_EQ, + "TLS error while something: (null) (in system library:" + "connect:before/accept initialization)\n");
done: teardown_capture_of_logs(previous_log); @@ -449,7 +472,6 @@ test_tortls_always_accept_verify_cb(void *ignored) (void)0; }
- static void test_tortls_x509_cert_free(void *ignored) { @@ -639,7 +661,6 @@ test_tortls_get_my_certs(void *ignored) ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out); tt_int_op(ret, OP_EQ, 0);
- done: (void)1; } @@ -685,7 +706,7 @@ get_cipher_by_id(uint16_t id) int num = method->num_ciphers(); for (i = 0; i < num; ++i) { const SSL_CIPHER *cipher = method->get_cipher(i); - if(id == (SSL_CIPHER_get_id(cipher) & 0xffff)) { + if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) { return (SSL_CIPHER *)cipher; } } @@ -778,7 +799,7 @@ test_tortls_classify_client_ciphers(void *ignored) tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
sk_SSL_CIPHER_zero(ciphers); - for(i=0; v2_cipher_list[i]; i++) { + for (i=0; v2_cipher_list[i]; i++) { tmp_cipher = get_cipher_by_id(v2_cipher_list[i]); tt_assert(tmp_cipher); sk_SSL_CIPHER_push(ciphers, tmp_cipher); @@ -788,7 +809,6 @@ test_tortls_classify_client_ciphers(void *ignored) tt_int_op(ret, OP_EQ, 2); tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
- done: (void)1; } @@ -815,7 +835,6 @@ test_tortls_client_is_using_v2_ciphers(void *ignored) ret = tor_tls_client_is_using_v2_ciphers(ssl); tt_int_op(ret, OP_EQ, -1);
- ssl->session = sess; ret = tor_tls_client_is_using_v2_ciphers(ssl); tt_int_op(ret, OP_EQ, 0); @@ -846,7 +865,8 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls, *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result; }
-static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n" +static const char* notCompletelyValidCertString = + "-----BEGIN CERTIFICATE-----\n" "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n" "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n" "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n" @@ -862,7 +882,6 @@ static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n" "-----END CERTIFICATE-----\n";
- static const char* validCertString = "-----BEGIN CERTIFICATE-----\n" "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n" "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n" @@ -936,7 +955,8 @@ test_tortls_verify(void *ignored) int ret; tor_tls_t *tls; crypto_pk_t *k = NULL; - X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL, *validCert = NULL, *caCert = NULL; + X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL, + *validCert = NULL, *caCert = NULL;
cert1 = tor_malloc_zero(sizeof(X509)); cert1->references = 10; @@ -1123,38 +1143,45 @@ test_tortls_dn_indicates_v3_cert(void *ignored) X509_NAME *name;
name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0); - X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char *)"Foobar", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, + (const unsigned char *)"US", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, + (const unsigned char *)"Foobar", -1, -1, 0); ret = dn_indicates_v3_cert(name); tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(name); name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, + (const unsigned char *)"US", -1, -1, 0); ret = dn_indicates_v3_cert(name); tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(name); name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL, (const unsigned char *)"123", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL, + (const unsigned char *)"123", -1, -1, 0); ret = dn_indicates_v3_cert(name); tt_int_op(ret, OP_EQ, 0);
X509_NAME_free(name); name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.com", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, + (const unsigned char *)"hello.com", -1, -1, 0); ret = dn_indicates_v3_cert(name); tt_int_op(ret, OP_EQ, 1);
X509_NAME_free(name); name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.net", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, + (const unsigned char *)"hello.net", -1, -1, 0); ret = dn_indicates_v3_cert(name); tt_int_op(ret, OP_EQ, 0);
X509_NAME_free(name); name = X509_NAME_new(); - X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"x.s", -1, -1, 0); + X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, + (const unsigned char *)"x.s", -1, -1, 0); ret = dn_indicates_v3_cert(name); tt_int_op(ret, OP_EQ, 1);
@@ -1181,44 +1208,46 @@ test_tortls_received_v3_certificate(void *ignored) tls->ssl->session->peer = validCert;
subject = X509_NAME_new(); - X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0); + X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, + (const unsigned char *)"same.com", -1, -1, 0); X509_set_subject_name(validCert, subject);
issuer = X509_NAME_new(); - X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0); + X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, + (const unsigned char *)"same.com", -1, -1, 0); X509_set_issuer_name(validCert, issuer);
ret = tor_tls_received_v3_certificate(tls); tt_int_op(ret, OP_EQ, 1);
- X509_NAME_free(subject); subject = X509_NAME_new(); - X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0); + X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, + (const unsigned char *)"different.net", -1, -1, 0); X509_set_subject_name(validCert, subject);
ret = tor_tls_received_v3_certificate(tls); tt_int_op(ret, OP_EQ, 1);
- - X509_NAME_free(subject); subject = X509_NAME_new(); - X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0); + X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, + (const unsigned char *)"same.com", -1, -1, 0); X509_set_subject_name(validCert, subject);
X509_NAME_free(issuer); issuer = X509_NAME_new(); - X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0); + X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, + (const unsigned char *)"different.net", -1, -1, 0); X509_set_issuer_name(validCert, issuer);
ret = tor_tls_received_v3_certificate(tls); tt_int_op(ret, OP_EQ, 1);
- X509_NAME_free(subject); subject = X509_NAME_new(); - X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different2.net", -1, -1, 0); + X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, + (const unsigned char *)"different2.net", -1, -1, 0); X509_set_subject_name(validCert, subject); ret = tor_tls_received_v3_certificate(tls); tt_int_op(ret, OP_EQ, 0); @@ -1233,7 +1262,6 @@ test_tortls_received_v3_certificate(void *ignored) ret = tor_tls_received_v3_certificate(tls); tt_int_op(ret, OP_EQ, 1);
- done: X509_NAME_free(subject); X509_NAME_free(issuer); @@ -1405,18 +1433,18 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored)
typedef struct cert_pkey_st_local { - X509 *x509; - EVP_PKEY *privatekey; - const EVP_MD *digest; + X509 *x509; + EVP_PKEY *privatekey; + const EVP_MD *digest; } CERT_PKEY_local;
typedef struct sess_cert_st_local { - STACK_OF(X509) *cert_chain; - int peer_cert_type; - CERT_PKEY_local *peer_key; - CERT_PKEY_local peer_pkeys[8]; - int references; + STACK_OF(X509) *cert_chain; + int peer_cert_type; + CERT_PKEY_local *peer_key; + CERT_PKEY_local peer_pkeys[8]; + int references; } SESS_CERT_local;
static void @@ -1577,8 +1605,8 @@ test_tortls_session_secret_cb(void *ignored) tor_free(tls); }
- -/* TODO: It seems block_renegotiation and unblock_renegotiation and using different blags. This might not be correct */ +/* TODO: It seems block_renegotiation and unblock_renegotiation and + * using different blags. This might not be correct */ static void test_tortls_block_renegotiation(void *ignored) { @@ -1626,7 +1654,8 @@ test_tortls_assert_renegotiation_unblocked(void *ignored) tls->ssl = tor_malloc_zero(sizeof(SSL)); tor_tls_unblock_renegotiation(tls); tor_tls_assert_renegotiation_unblocked(tls); - // No assertion here - this test will fail if tor_assert is turned on and things are bad. + /* No assertion here - this test will fail if tor_assert is turned on + * and things are bad. */
tor_free(tls); } @@ -1657,7 +1686,6 @@ example_cb(tor_tls_t *t, void *arg) (void)arg; }
- static void test_tortls_set_renegotiate_callback(void *ignored) { @@ -1690,7 +1718,7 @@ fake_get_cipher(unsigned ncipher) SSL_CIPHER *fixed = tor_malloc_zero(sizeof(SSL_CIPHER)); SSL_CIPHER *fixed2 = tor_malloc_zero(sizeof(SSL_CIPHER)); fixed2->id = 0xC00A; - switch(ncipher) { + switch (ncipher) { case 1: return fixed; case 2: @@ -1777,7 +1805,8 @@ test_tortls_debug_state_callback(void *ignored)
tor_tls_debug_state_callback(ssl, 32, 45); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - n = snprintf(buf, 1000, "SSL %p is now in state unknown state [type=32,val=45].\n", ssl); + n = snprintf(buf, 1000, "SSL %p is now in state unknown" + " state [type=32,val=45].\n", ssl); buf[n]='\0'; tt_str_op(mock_saved_log_at(0), OP_EQ, buf);
@@ -1812,13 +1841,15 @@ test_tortls_server_info_callback(void *ignored) mock_clean_saved_logs(); tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, + "Couldn't look up the tls for an SSL*. How odd!\n");
SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B); mock_clean_saved_logs(); tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0); tt_int_op(mock_saved_log_number(), OP_EQ, 1); - tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, + "Couldn't look up the tls for an SSL*. How odd!\n");
SSL_set_state(ssl, 99); mock_clean_saved_logs(); @@ -1848,7 +1879,6 @@ test_tortls_server_info_callback(void *ignored) tor_free(ssl); }
- static int fixed_ssl_read_result_index; static int fixed_ssl_read_result[5]; static int fixed_ssl_shutdown_result; @@ -2069,7 +2099,6 @@ fixed_ssl_write(SSL *s, const void *buf, int len) return fixed_ssl_write_result; }
- static void test_tortls_write(void *ignored) { @@ -2235,7 +2264,6 @@ test_tortls_handshake(void *ignored) ret = tor_tls_handshake(tls); tt_int_op(ret, OP_EQ, -9);
- tls->ssl->method = method; method->ssl_accept = fixed_ssl_accept; fixed_ssl_accept_result = 2; @@ -2252,8 +2280,12 @@ test_tortls_handshake(void *ignored) ret = tor_tls_handshake(tls); tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); tt_int_op(mock_saved_log_number(), OP_EQ, 2); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n"); - tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, + "TLS error while handshaking: (null) (in bignum routines:" + "(null):SSLv3 write client hello B)\n"); + tt_str_op(mock_saved_log_at(1), OP_EQ, + "TLS error while handshaking: (null) (in system library:" + "connect:SSLv3 write client hello B)\n"); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO); tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_INFO);
@@ -2266,8 +2298,10 @@ test_tortls_handshake(void *ignored) ret = tor_tls_handshake(tls); tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC); tt_int_op(mock_saved_log_number(), OP_EQ, 2); - tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n"); - tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n"); + tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: " + "(null) (in bignum routines:(null):SSLv3 write client hello B)\n"); + tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: " + "(null) (in system library:connect:SSLv3 write client hello B)\n"); tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_WARN); tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_WARN);
@@ -2372,7 +2406,7 @@ fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits) (void)env; (void)bits; return fixed_crypto_pk_generate_key_with_bits_result[ - fixed_crypto_pk_generate_key_with_bits_result_index++]; + fixed_crypto_pk_generate_key_with_bits_result_index++]; }
static X509 * @@ -2388,14 +2422,15 @@ fixed_tor_tls_create_certificate(crypto_pk_t *rsa, (void)cname_sign; (void)cert_lifetime; return fixed_tor_tls_create_certificate_result[ - fixed_tor_tls_create_certificate_result_index++]; + fixed_tor_tls_create_certificate_result_index++]; }
static tor_x509_cert_t * fixed_tor_x509_cert_new(X509 *x509_cert) { (void) x509_cert; - return fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++]; + return fixed_tor_x509_cert_new_result[ + fixed_tor_x509_cert_new_result_index++]; }
static void @@ -2431,7 +2466,8 @@ test_tortls_context_new(void *ignored) ret = tor_tls_context_new(NULL, 0, 0, 0); tt_assert(!ret);
- MOCK(crypto_pk_generate_key_with_bits, fixed_crypto_pk_generate_key_with_bits); + MOCK(crypto_pk_generate_key_with_bits, + fixed_crypto_pk_generate_key_with_bits); fixed_crypto_pk_new_result_index = 0; fixed_crypto_pk_new_result[0] = pk1; fixed_crypto_pk_new_result[1] = NULL; @@ -2607,7 +2643,7 @@ test_tortls_create_certificate(void *ignored) tt_assert(!ret);
fixed_crypto_pk_get_evp_pkey_result_index = 0; - fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));; + fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY)); fixed_crypto_pk_get_evp_pkey_result[1] = NULL; ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1); tt_assert(!ret); @@ -2656,7 +2692,6 @@ test_tortls_cert_new(void *ignored) (void)0; }
- static void test_tortls_cert_is_valid(void *ignored) { @@ -2675,7 +2710,8 @@ test_tortls_cert_is_valid(void *ignored)
cert = tor_x509_cert_new(read_cert_from(validCertString)); scert = tor_x509_cert_new(read_cert_from(caCertString)); - cert->cert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, time(NULL)-1000000); + cert->cert->cert_info->validity->notAfter = + ASN1_TIME_set(NULL, time(NULL)-1000000); ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0); tt_int_op(ret, OP_EQ, 0);
@@ -2714,7 +2750,6 @@ test_tortls_cert_is_valid(void *ignored) (void)0; }
- static void test_tortls_context_init_one(void *ignored) { @@ -2733,7 +2768,7 @@ test_tortls_context_init_one(void *ignored) UNMOCK(crypto_pk_new); }
-#define LOCAL_TEST_CASE(name, flags) \ +#define LOCAL_TEST_CASE(name, flags) \ { #name, test_tortls_##name, (flags), NULL, NULL }
struct testcase_t tortls_tests[] = { @@ -2776,7 +2811,7 @@ struct testcase_t tortls_tests[] = { LOCAL_TEST_CASE(shutdown, 0), LOCAL_TEST_CASE(renegotiate, 0), LOCAL_TEST_CASE(finish_handshake, 0), - LOCAL_TEST_CASE(handshake, 0), + LOCAL_TEST_CASE(handshake, 0), LOCAL_TEST_CASE(write, 0), LOCAL_TEST_CASE(read, 0), LOCAL_TEST_CASE(server_info_callback, 0), @@ -2796,3 +2831,4 @@ struct testcase_t tortls_tests[] = { LOCAL_TEST_CASE(context_init_one, 0), END_OF_TESTCASES }; +
tor-commits@lists.torproject.org