Chiebot-Mirror
/
boringssl
mirror of https://gitee.com/mirrors/boringssl.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Introduce a test helper for asserting on the error

Browse Source 
This produces slightly nicer output, is less code, and helps us remember
to check both the library and reason code.

Change-Id: Ic49508accb0bc8a25cbb5b94cc7e4aeb1bd8cbd0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/66507
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
fips-20240407
David Benjamin 9 months ago committed by Boringssl LUCI CQ
parent 85c5d9668f
commit ec2a08dda8
14 changed files with 88 additions and 100 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      crypto/bio/bio_test.cc
  2. 14
      crypto/cipher_extra/aead_test.cc
  3. 5
      crypto/dsa/dsa_test.cc
  4. 28
      crypto/evp/evp_extra_test.cc
  5. 5
      crypto/evp/scrypt_test.cc
  6. 4
      crypto/fipsmodule/bn/bn_test.cc
  7. 3
      crypto/fipsmodule/service_indicator/service_indicator_test.cc
  8. 15
      crypto/hpke/hpke_test.cc
  9. 7
      crypto/pem/pem_test.cc
  10. 21
      crypto/rsa_extra/rsa_test.cc
  11. 15
      crypto/test/test_util.cc
  12. 6
      crypto/test/test_util.h
  13. 30
      crypto/x509/x509_test.cc
  14. 30
      ssl/ssl_test.cc

5
crypto/bio/bio_test.cc
Unescape View File

@ -813,10 +813,7 @@ TEST_P(BIOPairTest, TestPair) {
// A closed write end may not be written to. // A closed write end may not be written to.
EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1)); EXPECT_EQ(0u, BIO_ctrl_get_write_guarantee(bio1));
EXPECT_EQ(-1, BIO_write(bio1, "_____", 5)); EXPECT_EQ(-1, BIO_write(bio1, "_____", 5));
EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_BIO, BIO_R_BROKEN_PIPE));
uint32_t err = ERR_get_error();
EXPECT_EQ(ERR_LIB_BIO, ERR_GET_LIB(err));
EXPECT_EQ(BIO_R_BROKEN_PIPE, ERR_GET_REASON(err));
// The other end is still functional. // The other end is still functional.
EXPECT_EQ(5, BIO_write(bio2, "12345", 5)); EXPECT_EQ(5, BIO_write(bio2, "12345", 5));

14
crypto/cipher_extra/aead_test.cc
Unescape View File

@ -381,7 +381,7 @@ TEST_P(PerAEADTest, TestVectorScatterGather) {
// Skip decryption for AEADs that don't implement open_gather(). // Skip decryption for AEADs that don't implement open_gather().
if (!ret) { if (!ret) {
int err = ERR_peek_error(); uint32_t err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_CIPHER && if (ERR_GET_LIB(err) == ERR_LIB_CIPHER &&
ERR_GET_REASON(err) == CIPHER_R_CTRL_NOT_IMPLEMENTED) { ERR_GET_REASON(err) == CIPHER_R_CTRL_NOT_IMPLEMENTED) {
t->SkipCurrent(); t->SkipCurrent();
@ -709,10 +709,10 @@ TEST_P(PerAEADTest, InvalidNonceLength) {
nonce.data(), nonce.size(), nullptr /* in */, nonce.data(), nonce.size(), nullptr /* in */,
0, kZeros /* ad */, ad_len)); 0, kZeros /* ad */, ad_len));
uint32_t err = ERR_get_error(); uint32_t err = ERR_get_error();
EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
// TODO(davidben): Merge these errors. https://crbug.com/boringssl/129. // TODO(davidben): Merge these errors. https://crbug.com/boringssl/129.
if (ERR_GET_REASON(err) != CIPHER_R_UNSUPPORTED_NONCE_SIZE) { if (!ErrorEquals(err, ERR_LIB_CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE)) {
EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err)); EXPECT_TRUE(
ErrorEquals(err, ERR_LIB_CIPHER, CIPHER_R_INVALID_NONCE_SIZE));
} }
ctx.Reset(); ctx.Reset();
@ -723,9 +723,9 @@ TEST_P(PerAEADTest, InvalidNonceLength) {
nonce.data(), nonce.size(), kZeros /* in */, nonce.data(), nonce.size(), kZeros /* in */,
sizeof(kZeros), kZeros /* ad */, ad_len)); sizeof(kZeros), kZeros /* ad */, ad_len));
err = ERR_get_error(); err = ERR_get_error();
EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err)); if (!ErrorEquals(err, ERR_LIB_CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE)) {
if (ERR_GET_REASON(err) != CIPHER_R_UNSUPPORTED_NONCE_SIZE) { EXPECT_TRUE(
EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err)); ErrorEquals(err, ERR_LIB_CIPHER, CIPHER_R_INVALID_NONCE_SIZE));
} }
} }
} }

5
crypto/dsa/dsa_test.cc
Unescape View File

@ -267,9 +267,8 @@ TEST(DSATest, InvalidGroup) {
static const uint8_t kDigest[32] = {0}; static const uint8_t kDigest[32] = {0};
EXPECT_FALSE( EXPECT_FALSE(
DSA_sign(0, kDigest, sizeof(kDigest), sig.data(), &sig_len, dsa.get())); DSA_sign(0, kDigest, sizeof(kDigest), sig.data(), &sig_len, dsa.get()));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_DSA, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_DSA, DSA_R_INVALID_PARAMETERS));
EXPECT_EQ(DSA_R_INVALID_PARAMETERS, ERR_GET_REASON(err));
} }
// Signing and verifying should cleanly fail when the DSA object is empty. // Signing and verifying should cleanly fail when the DSA object is empty.

28
crypto/evp/evp_extra_test.cc
Unescape View File

@ -812,7 +812,8 @@ TEST(EVPExtraTest, MarshalEmptyPublicKey) {
bssl::ScopedCBB cbb; bssl::ScopedCBB cbb;
EXPECT_FALSE(EVP_marshal_public_key(cbb.get(), empty.get())) EXPECT_FALSE(EVP_marshal_public_key(cbb.get(), empty.get()))
<< "Marshalled empty public key."; << "Marshalled empty public key.";
EXPECT_EQ(EVP_R_UNSUPPORTED_ALGORITHM, ERR_GET_REASON(ERR_peek_last_error())); EXPECT_TRUE(ErrorEquals(ERR_peek_last_error(), ERR_LIB_EVP,
EVP_R_UNSUPPORTED_ALGORITHM));
} }
TEST(EVPExtraTest, d2i_PrivateKey) { TEST(EVPExtraTest, d2i_PrivateKey) {
@ -890,16 +891,14 @@ TEST(EVPExtraTest, Ed25519) {
// Passing too small of a buffer is noticed. // Passing too small of a buffer is noticed.
len = 31; len = 31;
EXPECT_FALSE(EVP_PKEY_get_raw_public_key(pubkey.get(), buf, &len)); EXPECT_FALSE(EVP_PKEY_get_raw_public_key(pubkey.get(), buf, &len));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL));
EXPECT_EQ(EVP_R_BUFFER_TOO_SMALL, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
// There is no private key. // There is no private key.
EXPECT_FALSE(EVP_PKEY_get_raw_private_key(pubkey.get(), nullptr, &len)); EXPECT_FALSE(EVP_PKEY_get_raw_private_key(pubkey.get(), nullptr, &len));
err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_NOT_A_PRIVATE_KEY));
EXPECT_EQ(EVP_R_NOT_A_PRIVATE_KEY, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
// The public key must encode properly. // The public key must encode properly.
@ -915,9 +914,8 @@ TEST(EVPExtraTest, Ed25519) {
// The public key must gracefully fail to encode as a private key. // The public key must gracefully fail to encode as a private key.
ASSERT_TRUE(CBB_init(cbb.get(), 0)); ASSERT_TRUE(CBB_init(cbb.get(), 0));
EXPECT_FALSE(EVP_marshal_private_key(cbb.get(), pubkey.get())); EXPECT_FALSE(EVP_marshal_private_key(cbb.get(), pubkey.get()));
err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_NOT_A_PRIVATE_KEY));
EXPECT_EQ(EVP_R_NOT_A_PRIVATE_KEY, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
cbb.Reset(); cbb.Reset();
@ -940,9 +938,8 @@ TEST(EVPExtraTest, Ed25519) {
// Passing too small of a buffer is noticed. // Passing too small of a buffer is noticed.
len = 31; len = 31;
EXPECT_FALSE(EVP_PKEY_get_raw_private_key(privkey.get(), buf, &len)); EXPECT_FALSE(EVP_PKEY_get_raw_private_key(privkey.get(), buf, &len));
err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL));
EXPECT_EQ(EVP_R_BUFFER_TOO_SMALL, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
// The public key must be extractable. // The public key must be extractable.
len = 32; len = 32;
@ -995,9 +992,8 @@ TEST(EVPExtraTest, Ed25519) {
EVP_DigestSignInit(ctx.get(), nullptr, nullptr, nullptr, privkey.get())); EVP_DigestSignInit(ctx.get(), nullptr, nullptr, nullptr, privkey.get()));
len = 31; len = 31;
EXPECT_FALSE(EVP_DigestSign(ctx.get(), buf, &len, nullptr /* msg */, 0)); EXPECT_FALSE(EVP_DigestSign(ctx.get(), buf, &len, nullptr /* msg */, 0));
err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL));
EXPECT_EQ(EVP_R_BUFFER_TOO_SMALL, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
} }

5
crypto/evp/scrypt_test.cc
Unescape View File

@ -69,9 +69,8 @@ TEST(ScryptTest, MemoryLimit) {
reinterpret_cast<const uint8_t *>(kSalt), reinterpret_cast<const uint8_t *>(kSalt),
strlen(kSalt), 1048576 /* N */, 8 /* r */, strlen(kSalt), 1048576 /* N */, 8 /* r */,
1 /* p */, 0 /* max_mem */, key, sizeof(key))); 1 /* p */, 0 /* max_mem */, key, sizeof(key)));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_MEMORY_LIMIT_EXCEEDED));
EXPECT_EQ(EVP_R_MEMORY_LIMIT_EXCEEDED, ERR_GET_REASON(err));
} }
TEST(ScryptTest, InvalidParameters) { TEST(ScryptTest, InvalidParameters) {

4
crypto/fipsmodule/bn/bn_test.cc
Unescape View File

@ -884,9 +884,7 @@ static void TestNotModSquare(BIGNUMFileTest *t, BN_CTX *ctx) {
EXPECT_FALSE(BN_mod_sqrt(ret.get(), not_mod_square.get(), p.get(), ctx)) EXPECT_FALSE(BN_mod_sqrt(ret.get(), not_mod_square.get(), p.get(), ctx))
<< "BN_mod_sqrt unexpectedly succeeded."; << "BN_mod_sqrt unexpectedly succeeded.";
uint32_t err = ERR_peek_error(); EXPECT_TRUE(ErrorEquals(ERR_peek_error(), ERR_LIB_BN, BN_R_NOT_A_SQUARE));
EXPECT_EQ(ERR_LIB_BN, ERR_GET_LIB(err));
EXPECT_EQ(BN_R_NOT_A_SQUARE, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
} }

3
crypto/fipsmodule/service_indicator/service_indicator_test.cc
Unescape View File

@ -657,7 +657,8 @@ TEST_P(AEADServiceIndicatorTest, EVP_AEAD) {
encrypt_output.size(), nonce.data(), nonce.size(), encrypt_output.size(), nonce.data(), nonce.size(),
kPlaintext, sizeof(kPlaintext), nullptr, 0))); kPlaintext, sizeof(kPlaintext), nullptr, 0)));
EXPECT_EQ(approved, FIPSStatus::NOT_APPROVED); EXPECT_EQ(approved, FIPSStatus::NOT_APPROVED);
EXPECT_EQ(ERR_GET_REASON(ERR_get_error()), CIPHER_R_INVALID_NONCE); EXPECT_TRUE(
ErrorEquals(ERR_get_error(), ERR_LIB_CIPHER, CIPHER_R_INVALID_NONCE));
} }
} }

15
crypto/hpke/hpke_test.cc
Unescape View File

@ -554,9 +554,8 @@ TEST(HPKETest, SetupSenderBufferTooSmall) {
sender_ctx.get(), enc, &enc_len, sizeof(enc), sender_ctx.get(), enc, &enc_len, sizeof(enc),
EVP_hpke_x25519_hkdf_sha256(), EVP_hpke_hkdf_sha256(), EVP_hpke_x25519_hkdf_sha256(), EVP_hpke_hkdf_sha256(),
EVP_hpke_aes_128_gcm(), public_key_r, sizeof(public_key_r), nullptr, 0)); EVP_hpke_aes_128_gcm(), public_key_r, sizeof(public_key_r), nullptr, 0));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_INVALID_BUFFER_SIZE));
EXPECT_EQ(EVP_R_INVALID_BUFFER_SIZE, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
} }
@ -587,9 +586,8 @@ TEST(HPKETest, SetupRecipientWrongLengthEnc) {
ASSERT_FALSE(EVP_HPKE_CTX_setup_recipient( ASSERT_FALSE(EVP_HPKE_CTX_setup_recipient(
recipient_ctx.get(), key.get(), EVP_hpke_hkdf_sha256(), recipient_ctx.get(), key.get(), EVP_hpke_hkdf_sha256(),
EVP_hpke_aes_128_gcm(), bogus_enc, sizeof(bogus_enc), nullptr, 0)); EVP_hpke_aes_128_gcm(), bogus_enc, sizeof(bogus_enc), nullptr, 0));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_INVALID_PEER_KEY));
EXPECT_EQ(EVP_R_INVALID_PEER_KEY, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
} }
@ -603,9 +601,8 @@ TEST(HPKETest, SetupSenderWrongLengthPeerPublicValue) {
EVP_hpke_x25519_hkdf_sha256(), EVP_hpke_hkdf_sha256(), EVP_hpke_x25519_hkdf_sha256(), EVP_hpke_hkdf_sha256(),
EVP_hpke_aes_128_gcm(), bogus_public_key_r, sizeof(bogus_public_key_r), EVP_hpke_aes_128_gcm(), bogus_public_key_r, sizeof(bogus_public_key_r),
nullptr, 0)); nullptr, 0));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_EVP, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_EVP, EVP_R_INVALID_PEER_KEY));
EXPECT_EQ(EVP_R_INVALID_PEER_KEY, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
} }

7
crypto/pem/pem_test.cc
Unescape View File

@ -20,6 +20,8 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include "../test/test_util.h"
// Test that implausible ciphers, notably an IV-less RC4, aren't allowed in PEM. // Test that implausible ciphers, notably an IV-less RC4, aren't allowed in PEM.
// This is a regression test for https://github.com/openssl/openssl/issues/6347, // This is a regression test for https://github.com/openssl/openssl/issues/6347,
@ -39,7 +41,6 @@ TEST(PEMTest, NoRC4) {
bssl::UniquePtr<RSA> rsa(PEM_read_bio_RSAPublicKey( bssl::UniquePtr<RSA> rsa(PEM_read_bio_RSAPublicKey(
bio.get(), nullptr, nullptr, const_cast<char *>("password"))); bio.get(), nullptr, nullptr, const_cast<char *>("password")));
EXPECT_FALSE(rsa); EXPECT_FALSE(rsa);
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_PEM, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_PEM, PEM_R_UNSUPPORTED_ENCRYPTION));
EXPECT_EQ(PEM_R_UNSUPPORTED_ENCRYPTION, ERR_GET_REASON(err));
} }

21
crypto/rsa_extra/rsa_test.cc
Unescape View File

@ -712,9 +712,8 @@ TEST(RSATest, GenerateSmallKey) {
ASSERT_TRUE(BN_set_word(e.get(), RSA_F4)); ASSERT_TRUE(BN_set_word(e.get(), RSA_F4));
EXPECT_FALSE(RSA_generate_key_ex(rsa.get(), 255, e.get(), nullptr)); EXPECT_FALSE(RSA_generate_key_ex(rsa.get(), 255, e.get(), nullptr));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL));
EXPECT_EQ(RSA_R_KEY_SIZE_TOO_SMALL, ERR_GET_REASON(err));
} }
// Attempting to generate an funny RSA key length should round down. // Attempting to generate an funny RSA key length should round down.
@ -1175,17 +1174,13 @@ TEST(RSATest, MissingParameters) {
std::vector<uint8_t> out(RSA_size(sample.get())); std::vector<uint8_t> out(RSA_size(sample.get()));
EXPECT_FALSE(RSA_sign(NID_sha256, kZeros, sizeof(kZeros), out.data(), &len_u, EXPECT_FALSE(RSA_sign(NID_sha256, kZeros, sizeof(kZeros), out.data(), &len_u,
rsa.get())); rsa.get()));
uint32_t err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_RSA, RSA_R_VALUE_MISSING));
EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err));
EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err));
size_t len; size_t len;
EXPECT_FALSE(RSA_decrypt(rsa.get(), &len, out.data(), out.size(), EXPECT_FALSE(RSA_decrypt(rsa.get(), &len, out.data(), out.size(),
kOAEPCiphertext1, sizeof(kOAEPCiphertext1), kOAEPCiphertext1, sizeof(kOAEPCiphertext1),
RSA_PKCS1_OAEP_PADDING)); RSA_PKCS1_OAEP_PADDING));
err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_RSA, RSA_R_VALUE_MISSING));
EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err));
EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err));
// A private key without e cannot perform public key operations. // A private key without e cannot perform public key operations.
rsa.reset(RSA_new_private_key_no_e(RSA_get0_n(sample.get()), rsa.reset(RSA_new_private_key_no_e(RSA_get0_n(sample.get()),
@ -1194,15 +1189,11 @@ TEST(RSATest, MissingParameters) {
EXPECT_FALSE(RSA_verify(NID_sha256, kZeros, sizeof(kZeros), sig.data(), EXPECT_FALSE(RSA_verify(NID_sha256, kZeros, sizeof(kZeros), sig.data(),
sig.size(), rsa.get())); sig.size(), rsa.get()));
err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_RSA, RSA_R_VALUE_MISSING));
EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err));
EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err));
EXPECT_FALSE(RSA_encrypt(rsa.get(), &len, out.data(), out.size(), kPlaintext, EXPECT_FALSE(RSA_encrypt(rsa.get(), &len, out.data(), out.size(), kPlaintext,
sizeof(kPlaintext), RSA_PKCS1_OAEP_PADDING)); sizeof(kPlaintext), RSA_PKCS1_OAEP_PADDING));
err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_RSA, RSA_R_VALUE_MISSING));
EXPECT_EQ(ERR_LIB_RSA, ERR_GET_LIB(err));
EXPECT_EQ(RSA_R_VALUE_MISSING, ERR_GET_REASON(err));
} }
TEST(RSATest, Negative) { TEST(RSATest, Negative) {

15
crypto/test/test_util.cc
Unescape View File

@ -16,6 +16,8 @@
#include <ostream> #include <ostream>
#include <openssl/err.h>
#include "../internal.h" #include "../internal.h"
@ -67,3 +69,16 @@ std::string EncodeHex(bssl::Span<const uint8_t> in) {
return ret; return ret;
} }
testing::AssertionResult ErrorEquals(uint32_t err, int lib, int reason) {
if (ERR_GET_LIB(err) == lib && ERR_GET_REASON(err) == reason) {
return testing::AssertionSuccess();
}
char buf[128], expected[128];
return testing::AssertionFailure()
<< "Got \"" << ERR_error_string_n(err, buf, sizeof(buf))
<< "\", wanted \""
<< ERR_error_string_n(ERR_PACK(lib, reason), expected,
sizeof(expected))
<< "\"";
}

6
crypto/test/test_util.h
Unescape View File

@ -24,6 +24,8 @@
#include <string> #include <string>
#include <vector> #include <vector>
#include <gtest/gtest.h>
#include <openssl/span.h> #include <openssl/span.h>
#include "../internal.h" #include "../internal.h"
@ -67,5 +69,9 @@ bool DecodeHex(std::vector<uint8_t> *out, const std::string &in);
// EncodeHex returns |in| encoded in hexadecimal. // EncodeHex returns |in| encoded in hexadecimal.
std::string EncodeHex(bssl::Span<const uint8_t> in); std::string EncodeHex(bssl::Span<const uint8_t> in);
// ErrorEquals asserts that |err| is an error with library |lib| and reason
// |reason|.
testing::AssertionResult ErrorEquals(uint32_t err, int lib, int reason);
#endif // OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H #endif // OPENSSL_HEADER_CRYPTO_TEST_TEST_UTIL_H

30
crypto/x509/x509_test.cc
Unescape View File

@ -2062,9 +2062,8 @@ TEST(X509Test, TestEd25519BadParameters) {
ASSERT_FALSE(X509_verify(cert.get(), pkey.get())); ASSERT_FALSE(X509_verify(cert.get(), pkey.get()));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
ASSERT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_X509, X509_R_INVALID_PARAMETER));
ASSERT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
ERR_clear_error(); ERR_clear_error();
} }
@ -2909,9 +2908,8 @@ TEST(X509Test, MismatchAlgorithms) {
ASSERT_TRUE(pkey); ASSERT_TRUE(pkey);
EXPECT_FALSE(X509_verify(cert.get(), pkey.get())); EXPECT_FALSE(X509_verify(cert.get(), pkey.get()));
uint32_t err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_X509,
EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); X509_R_SIGNATURE_ALGORITHM_MISMATCH));
EXPECT_EQ(X509_R_SIGNATURE_ALGORITHM_MISMATCH, ERR_GET_REASON(err));
} }
TEST(X509Test, PEMX509Info) { TEST(X509Test, PEMX509Info) {
@ -3044,9 +3042,8 @@ TEST(X509Test, ReadBIOEmpty) {
// certificates. // certificates.
bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr)); bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
EXPECT_FALSE(x509); EXPECT_FALSE(x509);
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG));
EXPECT_EQ(ASN1_R_HEADER_TOO_LONG, ERR_GET_REASON(err));
} }
TEST(X509Test, ReadBIOOneByte) { TEST(X509Test, ReadBIOOneByte) {
@ -3058,9 +3055,8 @@ TEST(X509Test, ReadBIOOneByte) {
// to signal EOF. // to signal EOF.
bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr)); bssl::UniquePtr<X509> x509(d2i_X509_bio(bio.get(), nullptr));
EXPECT_FALSE(x509); EXPECT_FALSE(x509);
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_ASN1, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA));
EXPECT_EQ(ASN1_R_NOT_ENOUGH_DATA, ERR_GET_REASON(err));
} }
TEST(X509Test, PartialBIOReturn) { TEST(X509Test, PartialBIOReturn) {
@ -3773,9 +3769,8 @@ TEST(X509Test, AlgorithmParameters) {
cert = CertFromPEM(kP256InvalidParam); cert = CertFromPEM(kP256InvalidParam);
ASSERT_TRUE(cert); ASSERT_TRUE(cert);
EXPECT_FALSE(X509_verify(cert.get(), key.get())); EXPECT_FALSE(X509_verify(cert.get(), key.get()));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_X509, X509_R_INVALID_PARAMETER));
EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
// RSA parameters should be NULL, but we accept omitted ones. // RSA parameters should be NULL, but we accept omitted ones.
key = PrivateKeyFromPEM(kRSAKey); key = PrivateKeyFromPEM(kRSAKey);
@ -3792,9 +3787,8 @@ TEST(X509Test, AlgorithmParameters) {
cert = CertFromPEM(kRSAInvalidParam); cert = CertFromPEM(kRSAInvalidParam);
ASSERT_TRUE(cert); ASSERT_TRUE(cert);
EXPECT_FALSE(X509_verify(cert.get(), key.get())); EXPECT_FALSE(X509_verify(cert.get(), key.get()));
err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_X509, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_X509, X509_R_INVALID_PARAMETER));
EXPECT_EQ(X509_R_INVALID_PARAMETER, ERR_GET_REASON(err));
} }
TEST(X509Test, GeneralName) { TEST(X509Test, GeneralName) {

30
ssl/ssl_test.cc
Unescape View File

@ -3021,9 +3021,8 @@ TEST(SSLTest, WriteAfterWrongVersionOnEarlyData) {
// The client processes the ServerHello and fails. // The client processes the ServerHello and fails.
EXPECT_EQ(-1, SSL_do_handshake(client.get())); EXPECT_EQ(-1, SSL_do_handshake(client.get()));
EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(client.get(), -1)); EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(client.get(), -1));
uint32_t err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_SSL,
EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); SSL_R_WRONG_VERSION_ON_EARLY_DATA));
EXPECT_EQ(SSL_R_WRONG_VERSION_ON_EARLY_DATA, ERR_GET_REASON(err));
// The client should have written an alert to the transport. // The client should have written an alert to the transport.
const uint8_t *unused; const uint8_t *unused;
@ -3035,9 +3034,8 @@ TEST(SSLTest, WriteAfterWrongVersionOnEarlyData) {
// Writing should fail, with the same error as the handshake. // Writing should fail, with the same error as the handshake.
EXPECT_EQ(-1, SSL_write(client.get(), "a", 1)); EXPECT_EQ(-1, SSL_write(client.get(), "a", 1));
EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(client.get(), -1)); EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(client.get(), -1));
err = ERR_get_error(); EXPECT_TRUE(ErrorEquals(ERR_get_error(), ERR_LIB_SSL,
EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); SSL_R_WRONG_VERSION_ON_EARLY_DATA));
EXPECT_EQ(SSL_R_WRONG_VERSION_ON_EARLY_DATA, ERR_GET_REASON(err));
// Nothing should be written to the transport. // Nothing should be written to the transport.
ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len)); ASSERT_TRUE(BIO_mem_contents(mem.get(), &unused, &len));
@ -5190,9 +5188,8 @@ TEST(SSLTest, NoCiphersAvailable) {
int ret = SSL_do_handshake(ssl.get()); int ret = SSL_do_handshake(ssl.get());
EXPECT_EQ(-1, ret); EXPECT_EQ(-1, ret);
EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret)); EXPECT_EQ(SSL_ERROR_SSL, SSL_get_error(ssl.get(), ret));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_SSL, SSL_R_NO_CIPHERS_AVAILABLE));
EXPECT_EQ(SSL_R_NO_CIPHERS_AVAILABLE, ERR_GET_REASON(err));
} }
TEST_P(SSLVersionTest, SessionVersion) { TEST_P(SSLVersionTest, SessionVersion) {
@ -7177,9 +7174,8 @@ TEST_F(QUICMethodTest, ExcessProvidedData) {
// EncryptedExtensions on key change. // EncryptedExtensions on key change.
ASSERT_EQ(SSL_do_handshake(client_.get()), -1); ASSERT_EQ(SSL_do_handshake(client_.get()), -1);
ASSERT_EQ(SSL_get_error(client_.get(), -1), SSL_ERROR_SSL); ASSERT_EQ(SSL_get_error(client_.get(), -1), SSL_ERROR_SSL);
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_GET_LIB(err), ERR_LIB_SSL); ErrorEquals(ERR_get_error(), ERR_LIB_SSL, SSL_R_EXCESS_HANDSHAKE_DATA));
EXPECT_EQ(ERR_GET_REASON(err), SSL_R_EXCESS_HANDSHAKE_DATA);
// The client sends an alert in response to this. The alert is sent at // The client sends an alert in response to this. The alert is sent at
// handshake level because we install write secrets before read secrets and // handshake level because we install write secrets before read secrets and
@ -7628,9 +7624,8 @@ TEST_P(SSLVersionTest, DoubleSSLError) {
// The client handshake should terminate on a certificate verification // The client handshake should terminate on a certificate verification
// error. // error.
EXPECT_EQ(SSL_ERROR_SSL, client_err); EXPECT_EQ(SSL_ERROR_SSL, client_err);
uint32_t err = ERR_peek_error(); EXPECT_TRUE(ErrorEquals(ERR_peek_error(), ERR_LIB_SSL,
EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); SSL_R_CERTIFICATE_VERIFY_FAILED));
EXPECT_EQ(SSL_R_CERTIFICATE_VERIFY_FAILED, ERR_GET_REASON(err));
break; break;
} }
@ -7906,9 +7901,8 @@ TEST(SSLTest, WriteWhileExplicitRenegotiate) {
// We never renegotiate as a server. // We never renegotiate as a server.
ASSERT_EQ(-1, SSL_read(server.get(), buf, sizeof(buf))); ASSERT_EQ(-1, SSL_read(server.get(), buf, sizeof(buf)));
ASSERT_EQ(SSL_ERROR_SSL, SSL_get_error(server.get(), -1)); ASSERT_EQ(SSL_ERROR_SSL, SSL_get_error(server.get(), -1));
uint32_t err = ERR_get_error(); EXPECT_TRUE(
EXPECT_EQ(ERR_LIB_SSL, ERR_GET_LIB(err)); ErrorEquals(ERR_get_error(), ERR_LIB_SSL, SSL_R_NO_RENEGOTIATION));
EXPECT_EQ(SSL_R_NO_RENEGOTIATION, ERR_GET_REASON(err));
} }
TEST(SSLTest, ConnectionPropertiesDuringRenegotiate) { TEST(SSLTest, ConnectionPropertiesDuringRenegotiate) {

Write Preview
Loading…
Cancel
Save