X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=test%2Fdanetest.c;h=aea3a7a43eeaae669b4c8b672e5cd02195bf76a2;hb=38a322a5f29ae0b4a9bd42233310835487d875ac;hp=e89f71100aea1e9e254621b71fc5c01c5fbda965;hpb=dccd20d1b55d15afdc80ad987ff37023d323dc42;p=oweals%2Fopenssl.git diff --git a/test/danetest.c b/test/danetest.c index e89f71100a..aea3a7a43e 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -1,50 +1,10 @@ -/* ==================================================================== - * Copyright (c) 2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" +/* + * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include @@ -114,7 +74,7 @@ static void print_errors(void) static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) { - int ret; + int ret = -1; X509_STORE_CTX *store_ctx; SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); @@ -125,8 +85,9 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) return -1; if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) - return 0; - X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl); + goto end; + if (!X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl)) + goto end; X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); @@ -141,6 +102,7 @@ static int verify_chain(SSL *ssl, STACK_OF(X509) *chain) SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx)); X509_STORE_CTX_cleanup(store_ctx); +end: X509_STORE_CTX_free(store_ctx); return (ret); @@ -198,7 +160,7 @@ static STACK_OF(X509) *load_chain(BIO *fp, int nelem) fprintf(stderr, "error reading: malformed %s\n", errtype); goto err; } - + if (count == nelem) { ERR_clear_error(); return chain; @@ -252,19 +214,16 @@ static ossl_ssize_t hexdecode(const char *in, void *result) return -1; for (byte = 0; *in; ++in) { - char c; + int x; if (isspace(_UC(*in))) continue; - c = tolower(_UC(*in)); - if ('0' <= c && c <= '9') { - byte |= c - '0'; - } else if ('a' <= c && c <= 'f') { - byte |= c - 'a' + 10; - } else { + x = OPENSSL_hexchar2int(*in); + if (x < 0) { OPENSSL_free(ret); return 0; } + byte |= (char)x; if ((nibble ^= 1) == 0) { *cp++ = byte; byte = 0; @@ -370,6 +329,7 @@ static int test_tlsafile(SSL_CTX *ctx, const char *basename, STACK_OF(X509) *chain; int ntlsa; int ncert; + int noncheck; int want; int want_depth; int off; @@ -382,7 +342,8 @@ static int test_tlsafile(SSL_CTX *ctx, const char *basename, continue; ++testno; - if (sscanf(line, "%d %d %d %d%n", &ntlsa, &ncert, &want, &want_depth, &off) != 4 + if (sscanf(line, "%d %d %d %d %d%n", + &ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5 || !allws(line + off)) { fprintf(stderr, "Expected tlsa count, cert count and result" " at test %d of %s\n", testno, path); @@ -396,6 +357,8 @@ static int test_tlsafile(SSL_CTX *ctx, const char *basename, SSL_free(ssl); return -1; } + if (noncheck) + SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); for (i = 0; i < ntlsa; ++i) { if ((line = read_to_eol(f)) == NULL || !tlsa_import_rr(ssl, line)) { @@ -475,7 +438,7 @@ int main(int argc, char *argv[]) progname = argv[0]; if (argc != 4) { test_usage(); - EXIT(1); + EXIT(ret); } basedomain = argv[1]; CAfile = argv[2]; @@ -492,10 +455,9 @@ int main(int argc, char *argv[]) if (f == NULL) { fprintf(stderr, "%s: Error opening tlsa record file: '%s': %s\n", progname, tlsafile, strerror(errno)); - return 0; + EXIT(ret); } - ctx = SSL_CTX_new(TLS_client_method()); if (SSL_CTX_dane_enable(ctx) <= 0) { print_errors();