From 8ed9a26616a7101ea698c189fbbb663186676075 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Wed, 26 Apr 2017 12:20:44 -0400 Subject: [PATCH] Convert dtls_mtu_test, dtlsv1listentest Also converted most of ssltestlib but left the packet_dump output as-is (for now). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/3257) --- test/build.info | 4 +- test/dtls_mtu_test.c | 133 +++++++++++++++-------------- test/dtlsv1listentest.c | 180 ++++++++++++---------------------------- test/libtestutil.a | Bin 0 -> 82398 bytes test/ssltestlib.c | 154 +++++++++++++--------------------- 5 files changed, 182 insertions(+), 289 deletions(-) create mode 100644 test/libtestutil.a diff --git a/test/build.info b/test/build.info index 9f4a434f9b3..c8d86f7d134 100644 --- a/test/build.info +++ b/test/build.info @@ -233,7 +233,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN SOURCE[dtlsv1listentest]=dtlsv1listentest.c INCLUDE[dtlsv1listentest]=.. ../include - DEPEND[dtlsv1listentest]=../libssl + DEPEND[dtlsv1listentest]=../libssl libtestutil.a SOURCE[ct_test]=ct_test.c INCLUDE[ct_test]=../crypto/include ../include @@ -316,7 +316,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN PROGRAMS_NO_INST=dtls_mtu_test SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c INCLUDE[dtls_mtu_test]=.. ../include - DEPEND[dtls_mtu_test]=../libcrypto ../libssl + DEPEND[dtls_mtu_test]=../libcrypto ../libssl libtestutil.a ENDIF IF[{- !$disabled{shared} -}] diff --git a/test/dtls_mtu_test.c b/test/dtls_mtu_test.c index 24d4ccc552c..50f952b2cea 100644 --- a/test/dtls_mtu_test.c +++ b/test/dtls_mtu_test.c @@ -15,6 +15,7 @@ #include #include "ssltestlib.h" +#include "testutil.h" /* for SSL_READ_ETM() */ #include "../ssl/ssl_locl.h" @@ -57,21 +58,19 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) memset(buf, 0x5a, sizeof(buf)); - if (create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, NULL, NULL) != 1) - goto out; + if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, + NULL, NULL))) + goto end; if (no_etm) SSL_set_options(srvr_ssl, SSL_OP_NO_ENCRYPT_THEN_MAC); - if (SSL_set_cipher_list(srvr_ssl, cs) != 1 || - SSL_set_cipher_list(clnt_ssl, cs) != 1) { - ERR_print_errors_fp(stdout); - goto out; - } - sc_bio = SSL_get_rbio(srvr_ssl); - - if (create_ssl_connection(clnt_ssl, srvr_ssl, SSL_ERROR_NONE) != 1) - goto out; + if (!TEST_true(SSL_set_cipher_list(srvr_ssl, cs)) + || !TEST_true(SSL_set_cipher_list(clnt_ssl, cs)) + || !TEST_ptr(sc_bio = SSL_get_rbio(srvr_ssl)) + || !TEST_true(create_ssl_connection(clnt_ssl, srvr_ssl, + SSL_ERROR_NONE))) + goto end; if (debug) printf("Channel established\n"); @@ -82,28 +81,27 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) SSL_set_mtu(clnt_ssl, 500 + i); mtus[i] = DTLS_get_data_mtu(clnt_ssl); if (debug) - printf("%s%s payload MTU for record mtu %d = %"OSSLzu"\n", - cs, no_etm ? "-noEtM":"", 500 + i, mtus[i]); - if (mtus[i] == 0) { - fprintf(stderr, - "payload MTU failed with record MTU %d for %s\n", - 500 + i, cs); - goto out; + TEST_info("%s%s MTU for record mtu %d = %lu", + cs, no_etm ? "-noEtM" : "", + 500 + i, (unsigned long)mtus[i]); + if (!TEST_size_t_ne(mtus[i], 0)) { + TEST_info("Cipher %s MTU %d", cs, 500 + i); + goto end; } } /* Now get out of the way */ SSL_set_mtu(clnt_ssl, 1000); - /* Now for all values in the range of payload MTUs, send - * a payload of that size and see what actual record size - * we end up with. */ + /* + * Now for all values in the range of payload MTUs, send a payload of + * that size and see what actual record size we end up with. + */ for (s = mtus[0]; s <= mtus[29]; s++) { size_t reclen; - if (SSL_write(clnt_ssl, buf, s) != (int)s) { - ERR_print_errors_fp(stdout); - goto out; - } + + if (!TEST_int_eq(SSL_write(clnt_ssl, buf, s), (int)s)) + goto end; reclen = BIO_read(sc_bio, buf, sizeof(buf)); if (debug) printf("record %"OSSLzu" for payload %"OSSLzu"\n", reclen, s); @@ -111,53 +109,58 @@ static int mtu_test(SSL_CTX *ctx, const char *cs, int no_etm) for (i = 0; i < 30; i++) { /* DTLS_get_data_mtu() with record MTU 500+i returned mtus[i] ... */ - if (s <= mtus[i] && reclen > (size_t)(500 + i)) { - /* We sent a packet smaller than or equal to mtus[j] and - * that made a record *larger* than the record MTU 500+j! */ - fprintf(stderr, - "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" - "but sending a payload of %"OSSLzu" made a record of %"OSSLzu"(too large)\n", - cs, mtus[i], 500 + i, s, reclen); - goto out; + if (!TEST_false(s <= mtus[i] && reclen > (size_t)(500 + i))) { + /* + * We sent a packet smaller than or equal to mtus[j] and + * that made a record *larger* than the record MTU 500+j! + */ + TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d", + cs, (unsigned long)s, (unsigned long)mtus[i], + (unsigned long)reclen, 500 + i); + goto end; } - if (s > mtus[i] && reclen <= (size_t)(500 + i)) { - /* We sent a *larger* packet than mtus[i] and that *still* + if (!TEST_false(s > mtus[i] && reclen <= (size_t)(500 + i))) { + /* + * We sent a *larger* packet than mtus[i] and that *still* * fits within the record MTU 500+i, so DTLS_get_data_mtu() - * was overly pessimistic. */ - fprintf(stderr, - "%s: Payload MTU %"OSSLzu" reported for record MTU %d\n" - "but sending a payload of %"OSSLzu" made a record of %"OSSLzu" (too small)\n", - cs, mtus[i], 500 + i, s, reclen); - goto out; + * was overly pessimistic. + */ + TEST_error("%s: s=%lu, mtus[i]=%lu, reclen=%lu, i=%d", + cs, (unsigned long)s, (unsigned long)mtus[i], + (unsigned long)reclen, 500 + i); + goto end; } } } rv = 1; if (SSL_READ_ETM(clnt_ssl)) rv = 2; - out: + end: SSL_free(clnt_ssl); SSL_free(srvr_ssl); return rv; } -int main(void) +static int run_mtu_tests(void) { - SSL_CTX *ctx = SSL_CTX_new(DTLS_method()); + SSL_CTX *ctx = NULL; STACK_OF(SSL_CIPHER) *ciphers; - int i, rv = 0; + int i, ret = 0; + + if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method()))) + goto end; SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); SSL_CTX_set_security_level(ctx, 0); - /* We only care about iterating over each enc/mac; we don't - * want to repeat the test for each auth/kx variant. - * So keep life simple and only do (non-DH) PSK. */ - if (!SSL_CTX_set_cipher_list(ctx, "PSK")) { - fprintf(stderr, "Failed to set PSK cipher list\n"); - goto out; - } + /* + * We only care about iterating over each enc/mac; we don't want to + * repeat the test for each auth/kx variant. So keep life simple and + * only do (non-DH) PSK. + */ + if (!TEST_true(SSL_CTX_set_cipher_list(ctx, "PSK"))) + goto end; ciphers = SSL_CTX_get_ciphers(ctx); for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { @@ -165,26 +168,28 @@ int main(void) const char *cipher_name = SSL_CIPHER_get_name(cipher); /* As noted above, only one test for each enc/mac variant. */ - if (strncmp(cipher_name, "PSK-", 4)) + if (strncmp(cipher_name, "PSK-", 4) != 0) continue; - rv = mtu_test(ctx, cipher_name, 0); - if (!rv) + if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 0), 0)) break; - - printf("DTLS MTU test OK for %s\n", cipher_name); - if (rv == 1) + TEST_info("%s OK", cipher_name); + if (ret == 1) continue; /* mtu_test() returns 2 if it used Encrypt-then-MAC */ - rv = mtu_test(ctx, cipher_name, 1); - if (!rv) + if (!TEST_int_gt(ret = mtu_test(ctx, cipher_name, 1), 0)) break; - - printf("DTLS MTU test OK for %s without Encrypt-then-MAC\n", cipher_name); + TEST_info("%s without EtM OK", cipher_name); } - out: + + end: SSL_CTX_free(ctx); + bio_s_mempacket_test_free(); + return ret; +} - return !rv; +void register_tests() +{ + ADD_TEST(run_mtu_tests); } diff --git a/test/dtlsv1listentest.c b/test/dtlsv1listentest.c index dfbc7aebb87..b70c60e6180 100644 --- a/test/dtlsv1listentest.c +++ b/test/dtlsv1listentest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,10 +12,8 @@ #include #include #include -#ifndef OPENSSL_NO_ENGINE -# include -#endif #include "e_os.h" +#include "testutil.h" #ifndef OPENSSL_NO_SOCK @@ -236,7 +234,7 @@ static const unsigned char verify[] = { 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13 /* Cookie */ }; -static struct { +typedef struct { const unsigned char *in; unsigned int inlen; /* @@ -245,52 +243,18 @@ static struct { * DROP == 0 return value, no output */ enum {GOOD, VERIFY, DROP} outtype; -} testpackets[9] = { - { - clienthello_nocookie, - sizeof(clienthello_nocookie), - VERIFY - }, - { - clienthello_nocookie_frag, - sizeof(clienthello_nocookie_frag), - VERIFY - }, - { - clienthello_nocookie_short, - sizeof(clienthello_nocookie_short), - DROP - }, - { - clienthello_2ndfrag, - sizeof(clienthello_2ndfrag), - DROP - }, - { - clienthello_cookie, - sizeof(clienthello_cookie), - GOOD - }, - { - clienthello_cookie_frag, - sizeof(clienthello_cookie_frag), - GOOD - }, - { - clienthello_badcookie, - sizeof(clienthello_badcookie), - VERIFY - }, - { - clienthello_cookie_short, - sizeof(clienthello_cookie_short), - DROP - }, - { - record_short, - sizeof(record_short), - DROP - } +} tests; + +static tests testpackets[9] = { + { clienthello_nocookie, sizeof(clienthello_nocookie), VERIFY }, + { clienthello_nocookie_frag, sizeof(clienthello_nocookie_frag), VERIFY }, + { clienthello_nocookie_short, sizeof(clienthello_nocookie_short), DROP }, + { clienthello_2ndfrag, sizeof(clienthello_2ndfrag), DROP }, + { clienthello_cookie, sizeof(clienthello_cookie), GOOD }, + { clienthello_cookie_frag, sizeof(clienthello_cookie_frag), GOOD }, + { clienthello_badcookie, sizeof(clienthello_badcookie), VERIFY }, + { clienthello_cookie_short, sizeof(clienthello_cookie_short), DROP }, + { record_short, sizeof(record_short), DROP } }; # define COOKIE_LEN 20 @@ -299,9 +263,8 @@ static int cookie_gen(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned int i; - for (i = 0; i < COOKIE_LEN; i++, cookie++) { + for (i = 0; i < COOKIE_LEN; i++, cookie++) *cookie = i; - } *cookie_len = COOKIE_LEN; return 1; @@ -322,105 +285,72 @@ static int cookie_verify(SSL *ssl, const unsigned char *cookie, return 1; } -#endif -int main(void) +static int dtls_listen_test(int i) { -#ifndef OPENSSL_NO_SOCK SSL_CTX *ctx = NULL; SSL *ssl = NULL; BIO *outbio = NULL; BIO *inbio = NULL; - BIO_ADDR *peer = BIO_ADDR_new(); + BIO_ADDR *peer = NULL; + tests *tp = &testpackets[i]; char *data; long datalen; int ret, success = 0; - long i; - ctx = SSL_CTX_new(DTLS_server_method()); - if (ctx == NULL || peer == NULL) + if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_server_method())) + || !TEST_ptr(peer = BIO_ADDR_new())) goto err; - SSL_CTX_set_cookie_generate_cb(ctx, cookie_gen); SSL_CTX_set_cookie_verify_cb(ctx, cookie_verify); - /* Create an SSL object for the connection */ - ssl = SSL_new(ctx); - if (ssl == NULL) - goto err; - - outbio = BIO_new(BIO_s_mem()); - if (outbio == NULL) + /* Create an SSL object and set the BIO */ + if (!TEST_ptr(ssl = SSL_new(ctx)) + || !TEST_ptr(outbio = BIO_new(BIO_s_mem()))) goto err; SSL_set0_wbio(ssl, outbio); - success = 1; - for (i = 0; i < (long)OSSL_NELEM(testpackets) && success; i++) { - inbio = BIO_new_mem_buf((char *)testpackets[i].in, - testpackets[i].inlen); - if (inbio == NULL) { - success = 0; - goto err; - } - /* Set Non-blocking IO behaviour */ - BIO_set_mem_eof_return(inbio, -1); + /* Set Non-blocking IO behaviour */ + if (!TEST_ptr(inbio = BIO_new_mem_buf((char *)tp->in, tp->inlen))) + goto err; + BIO_set_mem_eof_return(inbio, -1); + SSL_set0_rbio(ssl, inbio); - SSL_set0_rbio(ssl, inbio); + /* Process the incoming packet */ + if (!TEST_int_ge(ret = DTLSv1_listen(ssl, peer), 0)) + goto err; + datalen = BIO_get_mem_data(outbio, &data); - /* Process the incoming packet */ - ret = DTLSv1_listen(ssl, peer); - if (ret < 0) { - success = 0; + if (tp->outtype == VERIFY) { + if (!TEST_int_eq(ret, 0) + || !TEST_mem_eq(data, datalen, verify, sizeof(verify))) goto err; - } - - datalen = BIO_get_mem_data(outbio, &data); - - if (testpackets[i].outtype == VERIFY) { - if (ret == 0) { - if (datalen != sizeof(verify) - || (memcmp(data, verify, sizeof(verify)) != 0)) { - printf("Test %ld failure: incorrect HelloVerifyRequest\n", i); - success = 0; - } else { - printf("Test %ld success\n", i); - } - } else { - printf ("Test %ld failure: should not have succeeded\n", i); - success = 0; - } - } else if (datalen == 0) { - if ((ret == 0 && testpackets[i].outtype == DROP) - || (ret == 1 && testpackets[i].outtype == GOOD)) { - printf("Test %ld success\n", i); - } else { - printf("Test %ld failure: wrong return value\n", i); - success = 0; - } - } else { - printf("Test %ld failure: Unexpected data output\n", i); - success = 0; - } - (void)BIO_reset(outbio); - inbio = NULL; - /* Frees up inbio */ - SSL_set0_rbio(ssl, NULL); + } else if (datalen == 0) { + if (!TEST_true((ret == 0 && tp->outtype == DROP) + || (ret == 1 && tp->outtype == GOOD))) + goto err; + } else { + TEST_info("Test %d: unexpected data output", i); + goto err; } + (void)BIO_reset(outbio); + inbio = NULL; + SSL_set0_rbio(ssl, NULL); + success = 1; err: - if (!success) - ERR_print_errors_fp(stderr); /* Also frees up outbio */ SSL_free(ssl); SSL_CTX_free(ctx); BIO_free(inbio); OPENSSL_free(peer); -# ifndef OPENSSL_NO_CRYPTO_MDEBUG - CRYPTO_mem_leaks_fp(stderr); -# endif - return success ? 0 : 1; -#else - printf("DTLSv1_listen() is not supported by this build - skipping\n"); - return 0; + return success; +} +#endif + +void register_tests() +{ +#ifndef OPENSSL_NO_SOCK + ADD_ALL_TESTS(dtls_listen_test, (int)OSSL_NELEM(testpackets)); #endif } diff --git a/test/libtestutil.a b/test/libtestutil.a new file mode 100644 index 0000000000000000000000000000000000000000..973419527666f587263016dfc41358af65077158 GIT binary patch literal 82398 zc-rlK3wTt;+5b7adp4W z#ZPIit%~)A6)gP}r78-FT(q`W6|uF7iZ&=#yrZK0=elQRc4kRJ`mfLPu{`0-{N|mR z-@J114^q}s_Vzaahj%0(==mN z=l%xgMgCo~K-0WQnig30f8lRILzBnb(xSm@Q!tG1cT2F51pB>#U^506Ry8!@1Wi|UeN~IcdnMzk^Rk`*pC>S*Y zjG?1TMikJI^jcThWQ(p_HS*K7ao{iVcQoE~k0<~4*0Qt;cj$v>VT8i3J0SY31-adA ziO}Z`=?JCXwoHs#+$+XFSMn+Y{C_wbg6(5bSo=tLd2$%|k3==lWkpH!2xrp>^PaD* zt<6jBzY4L0{M;*#q|jvAN=T|Wa@+YK*Kve|T*uricc!4&QR0VMkAXDYZNXzW9TKHS zc8z=cj!f2>Rq9u5qwT64;=pjb#6m39H_Y@ zXtLi|APhDL?R@ZONsbLSGwUSqpKS(hbTd$4Ovw~e(jEi2TY6CCk#@PC};mL=F1f}CY?V>r1nyxee8ZX72!4$1*vGxpt~igf`O>jEy;1t?a$ zgp>Q{ihyz$V7&>%OSl#MhZJSkt#`w!`90~x)>72-vaO{_@cO8bjVq;$iYl+vqDQmUS2hZ@wZNmJ6#?|p9kdGQv|8?DLOlys177PwfGAPVX% z9SD{72Aq;%LW6;CTzotTaO7z)neo|J@~qzH1EJVFod;p^KtG0NArQ=?#t5zF>_vA5LxjetdJwhyMiw z4L&WuzGb!+hK<=o@_>9EN+GXs zL_tw;UV{c3xXq%)TEbmoh;AguZ88kIBhN^-kHwAz`#8;F)9rhVv%%Hk2p9?As@b0s zP#vLj4DC%LDeeOhx70|oKZUNkeWjr}8jQ?1N50Vy00~nKqtejqjw~sb9p|Vs1_12L zsbTmw1)3A*7;B`$_}3Xm9)LOo2(Z%iH)-eAJ_d?{Lpz;_&L(a+EBpm;OD3k5>Y8LK z+8lwxBtE7|2$RbJx+a~7{)Wo4GuG!t5K3N2L2mjBe^a@_!A=!y^f%NsdTX2@D-8~G z6Q|73U|)rP*fBkxMO7YO1Dv%~)oHNr!pR06e-{KB13_oCud1=mxyak%Z)j?C7Uzx1 zD;QoBL}7*3fT@l@u(Z&b3u628XSvE;6E1dniboaXgV}PGZ>TdDv^U@^g0S#20@0yR+UYg+87YN-Q%-YTudTj%jtE%IU?Uy)UQ zzqcg-E3CGv!RM_x*GW|595B{7y`rp)A6W8*5knpw@D4}+Pqq&7%b=stvRRtGBt`F& z5aU=28YrA`ox$9JwFyZnzpz}8XxDI933DSB!)7zLE-|b*O4yCe9aIe45G8D9lr#@2 z!nC{^?}8wxwmP1DN1rz+3OBZ2?Ksw0up~TAsfi zBpIk$09^FCbRoLdR0XO)%qDn+frWX6+Nu9C@GVob3;1|u#>f6r1UWbru*udJS@^o1 z+z)$^eCP}>n_OQZxK)T>Vv+L|^BP3bRK*whIs|_+$zM~%|5ykVWv@__e{FA)pUo`4 zAt}GE$bS%tw_A&z|1FC6ACdT1orM353jVkE<$3lZ+(rHq75RHfgZk%5_>WcOzgd!h zoFxC@iu@p1WEq$Nty*>{geEkR_LEzH!Ap-#md{iC_C#E~&bdvtB`fWpc`Rs&85`ic6q5d=S9kVkV81skihL=d+ra6^H|C~$`Yk5k|Y3Oq@HCoAw21)i$F(-e5R z0?&xR;P{dX^yU!Se+j|GelZvPrGa``&(8nA?-vB$r!(^{gb{fGpF(hUmk0iW1Wys< zb%JyAId~r;c(cyT55aFR!N&{uW0HG5{Ke^VJY9j0SETc~0{>Bg_fw>=SSdv=c!Z@A zU8I548H(MxWm#SsoG~gEW08kM!cvT`0%4xjffir)R-Q06Nm!dP(>49#i_1JU4PJ!T zws^6l(Yx4FTcdd{ESoWLLYZgA!8Nn^&kKz|IxRt@@G5HQ+@ES$>txP&L24AH}|0YHH4=c*` zC?nsW!Jky{c|jrnu_FEN8TkPW-ba_Gf3_}{pQg*xuV&;2GWb=B^lw$jZ&sxL6eHh{ z!4E3Z|5zbU*Hv-s7BbUrA)d(KX#zf%__G+Cy-Vc?@@wh1!;Gu!-SKQep0{| zKShwI?PI2Z)Am#$;Lm9MJW^-&B(_#?#sumXQn zz!wt#vjV<~_+Jw6n~47n0jK3XB;bp6a~>mW&+Pc%=mhR$#(y@QQURy!zf!wFN67#o2aY(daQnT|C>KnWaA4MrW<` zkhOXwK8pSk4%_4?x_{(R^jXM_dNDqXZ6{~X<;UFB_(XNbdxkr-%dPKshmrt(RDw@; zxU2E0`HpuDx4vih_-uHCzz5eWcEf^%kUJ8=r@w0ne<$T1syNcwA{6yZ5mMS(kMN}k zEye2UP<2!s3Az5<)_Snx3DBbtKZvLvV$x_UKjf|k>VmCB-*=unJGs48k;8b< ziVmIF7jnI|qV+Az>D-fWYO6Q|X#H7}(%RG3`c{Y20xR~Af!ofZ!(O18!%+4xuJR5N z(sB6SA5WZE(Ru`{wk$GZQj4I@U^cBsaAmo6OrjPVI{=jlTDZcFFQF zxJtLle_v*HLmj#;%mdFVDLtj?iZQqX0ShA#IX{SjX7Jcusq_MuDrc63?2 z8C=|s_cPT0&uzIB9@8~L^n zZsU<}+j3l(61cc(TaC-)I#$-cy5IzI9xZEkrGRS(Xm|xkuLm8dqCjVD4<5w*X7$xD zl@&XoPKoJHq-{>9_4ta`TWnht!PCX zjcdxkNnSMt4Mb~pU}hsR{?A9~n*#k6Y_@0D&7^U#)R{bA#)f z!FuxJ+c6XVK6j0^Gd4TV*%?b5{S3xt2R44&PP}R{E~Pis95nTC>X|WgKA>mejkJ59 zyO$$|?z8CGDagGEx_f794mjD4y@Re$?7HItXz8*EQHvvHKYxM~BM2pJqUT4NBgPU= zXOKzI1pAs`N_emA*|6n|J|vA8;pjsk;WT1|qYr_U&E2(U%ozFM82Ma`{Kv4*hkONy zV>)|SLE_I0FJdk+!OJ({$V*J0xtJPc%1z_srf~$OeQrU%dhGj(J;c?+HwGcRScA~qkQ5uHr*ovwJHQ=BXLK@??A@^5E)WNt@a668%IqpETl%`Z+ zLn>WIhExNzDe0rZ4a8tAs_d+NQw(q4{+Rz5f(JAO5;ti(q-0L8FK5b%t#p2(FiWRUhz8CM7Agl>Y0b2cn;DG zoSeOGfnEMNnL(Fez!mhjGE*5=j2F^J&Yj^>C0Z1M%9B?-@0Vf)gc{{L}xGxO5JpgUI z_88^J#A`n?_0o_{*HmM$-2n~6rrI6Tz`p^84*s+yAf6*XdcOG9v@1IuWE>gw%HkSIAT&@kwONXR$lZ!z!>>TI`@1|1EsR zcO7Ul^{{!F&pWgNFZ)mgoTWDg7m^1fazQBnB!wTORPXgQds{sG$-n~^lu(tgVVPGu z4C0xOSA4B$<`Wn%!lqi^6!g`2TD;9oEzrQd>Iy$H<1@2)iJ{@CuJU{R+WjC+Z%d1( zdO`T4#Vpk(Vh#t#d}2eT!O@ntsLDaef?$I$(9lRjG&rb3+jl2twFL)a4uI2@*{+Lc zd!|gEJVU#bo}nOMoImXDhrZRtCprZTz*Ix8`NnH+Ry((rhk!*RA^oF>JL^|d;NY5K6Qi5xV(*v zOr=6ozg$?7rrO-FN{8l)$lQW?Lx&31gyGxKqNau#C#{^^>ZV42zzG|HbJ#hsjLzI) zLvumwuvj=%g)F!ZMZTfh5dXQ(AvI1Y?S#!?h#yREz)&#EImAz_7M;U}#SJIFI6eeL z8&bmrGwGRPxzJ*=sTKqbjnkaY2|k|_>!ul6NY>=Vg^vR#xh7Uz=qY!V&zLm_T9o{U z%_BQw8~JP$+sJ34*hY?xVjFo$6x+x_QEVgO>|bRYiT1-4wvi=5ny_rgnF%*%H+kB2 zvd3&EpR;$*b`lvkz&f;d&vw!lb85DeDI|Wz^630kwv#meb=L0LPG%1ywpaG<*-ris zIUp_9yJtK34zb;O)6zZL$pZzaW;?l+m=*2srtRd>f>X1dyeXMK^X#haq@(cEY$qp^ zhE`+gp6%rC(@xEHva|73wv#meWW9T~lSk7}&33XZ?>E2eh-aXq%C#nAf-L##o z&pb8T$+hI>J>D?$8`1^a$$bNet%Rj}wv&@}x$We)g6-re+72ujAI0bko!Jwd+Hg`j zX$0TE+=tLvF~Oe}_*w|QP2$E$2fDe6a#gRp9Fs_)Z00qQG^9E$RS;{PPNVhXVhj z0@oDj=cwfCyaBjc?wsYTbaz3qIgwZ9@ywj%nmv1tXL7~#3uaH5G2P?I3vY0kdl%;J zhdPR|6LT_KTiH&Bu;-#O$92t`1rqbZw_TujlmMaXh0WRpv*yg4Jp;Yi1DW4?JowQ< zv<=erO(&8ZP@N~dYhiBUKn_U9n1df~-Y^7Ec_2pib)s47jv?0)ave>sqsVn6xsD*$ z;s^_0awQX_bmsn*&DdC;qp-y-R@lm(&)`W6K8YFU3s@UeA>RazA4fz!jS76F0{@i) zzgK}jB=RBmtt|?CzapJa6?*$xp*IUN4@qS37+tQnBwenz-nyJmp#q z<@yOI@DNk3k!-y%_&E|=Vu%l8@P9G**$i&An0PURk74jp3_jPw+tg8f0fWadcmspm z8T?v{yu7Og+(GcW89pPJbpF>O*YmR$dA+}_z!R+|?qJf%u*&80ta3h;3i(9}{2m66 zWzyN8kbgmuZ;s8Bk7MuwHo5+DZSwk>V3XI&Oq)F4T1Gye!CMsaZyP2)n!$V9O?)_m z=P`I5J09B2d=nUaCL>?S;EU|?XBnm4!c}$cPr#sTiG0ijeS3bjeS3bjeQ@5 zjeS36ua>p3&r;af_ao~U(Z)WTnG;GZv=b;k^fP^e@UOMvhw(3 zB9|fHqY2($z=sfglz{gl_*ez*67cv`E0|vt)l&jAQJ5 zt#>DI_Suju#j_#oI94g(besu@@{(sm*zsYbfYbiFN5E-2KP2+B^Ba~Hp}oNuftpW@ zocx)Q;!$Hpb@hFS1-8g%MzXcc@G}9_iW@%}fUVHss{n~R+uRa% z2b-~vOn^&BE46*3K5Xil03V^YQB%((wAeJTajktBROYo5u}Mgs5|*mSB_ zSV7m5MHPB0EZvnhgBpqb(Y4xt_vKrttlXZ<$fD?mKBz#DdR0qZHT-W8E&#NS`Om)~ zN@W9a24e$J@_)xh;6H8?P@;9uCSWZYK-|n)r7Jc8OSDt73FvHml}!MRf4$Z{n}7oe z=AJh#e^+b*=waMkt$Q{BbS~!Ax@QxRlEm}O>Y_~meLl5MH*ErPCHZ&7CgATnf5z5T zn}G3>{JUZk@Plri*>=Y!;2F!Q*#vYpzUoY$#_#T#evb9j&h(vD`S{b>GyO_Q{iS!| zOrP$}z0u7x{en1tP1uW!ot-_?&n4qWoz}fG{ehbNO#k$mZ_l3j_7%=>OPD<}S*{6M z*Umt*RcDcklSK1N1YMl*$q&ZDwjDOof9M|OAO>gOE0V|HX^K5hyJF8XPO;}1r`Yq1 zQS5obzZ)cbo)*cTr-+Xc(z&1bFBEXPw^$+I^t~e00#0pNngsm!yopE{-zu~xkteH9 zqZ7DOI6I@iaC;#O)|0MPOG-+*x>lVpS*tSdH*khpkHbakidOV!axyaKW1m?Ci&gT{ zeAm(N3-r;d6~CYB(-?Cc%^zZ=fmsPq`L5Y(XbhC^=e#6fm2$knoCoI zEKM&*^a?t$G&QR$a($Yl8?kX8z{jgr8Ci3{sx&}XrDueTzm%*>&0&IHnl2?%8o0i@ z^1r+^HOtD6RwdEbr)JS4i_}Z2S{fS~>&|sH)HOD>0GAUi0b8n^a1B`1STh_h$DBYs z2v>yuytw~p!8@~-o%nxeE&Ko7-hE;>*S0eg`E#wV+Pkkh#kFl`J`Fm#k51r!Lc>F1@jmMwj+BjQM|6Q?nr|jPQak+If@t43n7O}aX_0oM;u^e! z!7~+W@EFA!JYKN|k5{b09f~zLl)qWB2Dd8K;8w*NJf2x2Unt;PC2R0_X02T%;E&Pj z7Vzho`?ZXZYVSgYvukauu-5i72g4^@YmY1%Sya%~bK#~aYwZ>2JAJC}#w<|V$%YbN_H#1M?j5CRFXVcf?7D0P!bh=iCYKm|(;P^z|VKZX5@DU znRmzG`rLwRcoVMk`*AC{6Ss?Xq_L0|gsXbn?YRA|#qAH*YCEpZbxXh{v?YL=UlneC z>v80nxcT9v+Hqqf>950$kz_g#G)6+h3mPLKwh%N%LNy2)BO%|q9kf8)%2wl6)=v1~ zR<@4ND#0xfvTNH0*?}f^J85#E)-OS8=y11hfvp-i54zifDd2iwx9c_B^7dt8r5|gn z_!2b04zmGH3hf1LZ(qmyADDN@@$c$8-QQ2OzvGVXTJsXq*WbY1ebSl(9T|L&7u)-K zs()OxEx53oaPjZQ3b~UsMAAA*lf}i^wg&5eIoAIYT;gWf(AW8J5$7ZI*I@Op#gWHj z_2Z=4aqB1PuftVCGQAU54PoL1RYSNf1XV-W20_&j{;iuqC17Q)#?87NQEFQUDYb1u zl-jn<$Bldq(KCFtXebEAyNZKg%sb$2Z%;vu9SnQz<)E>b@7e9ziPgS6S0gVO#G{P6 z4d}ZKjFIi-+dH;?huZmi<+~D3k1stiz7(FA5c;;Py<%Tk=&xm=z2)GxcK)~QODdE5 zPvY)pY~4-@xn7$DDz+{7+Ihi!$*b8H+QP>a3%7@MlQ))@(O3GSiY@~c-R63&tgYg} zq_%ncLbkzWq1l5SlR}pdP64-?O<)d7Oxo~UNoT6>uTl7{>M1^bdxlSYPw{F0zDM}n z+*5ph_^wCz+|*Ni7WNFE8+(e+Kfmn}K0VgI%D??-^{;KmdW6r)p5imSXZT#-Q+)3H zrbqbvqNn&I_6(ovdWui$*PY}uY0Vzjn&(7TYbxGYYJ;!JJmp#De=APqI&=Y)a>N!5^zvuxz zH})K#lC%IEP&KFdGv0Y0mGj?dB0dVo)R&+(bx6MSy&IX?T2_5h!o zdXCTdp5Sw1&+*y(shrQnfKVl%(h&+C0#pvb6*XA&?I{bDgQa8n9`||W+iAc0GCGfr zwu(c5#{s}$PZ_wMy4&V$FAHS=9+wYxxCxJ3#N$iM<4eG!axS;u)G0ozdXCTS|Ly@k z?LEiG(Gz@b?m0e7KIs8IH}xE!jw3z5=fRze;+7&&r@Azr;uLJ-3Y4tDnzkXW%YwL$Ut^Sq! z;ZLi7-TuK(tA9B@_-Xa8C5NK(0dxw)vnhH!&MilaPd0srQ+Jp>$kcjBn5-AD-vU(T zx2n7O-THoK^9z-SKVZk@cJ|3~gZrP7Tx9!ciu_i0HNS1|btbKlW}|5r<<; z=1?gscEZxb+NS4m(6)pclC0)!M~)tLn1&@s;gd8-q21BvZQJ1&-j0Sf1^r;%x^Gh9 z{uMt)Hm?Uc9V@iD`XpNIi_SO&tvcX4_`0RlpB+4@R^{i*o3Rp8R5}W|z)0rW9@-TO zKHZrH_y(t(VO#?|gHe^ctztXd2yYj6!k;D@+Z?Lc2$-x7xqjQx@dH*G&<4@lS|G6| zRI#e#A^Nl10`)}lcbIMzT%3J6&>2`DogD$@y+nfgu?Wp2jG zTzd-on~;3la}$=or%y>|NErEw`J{aFQ?il%3R$kW&Y;4Qklz-_nb0! z{_~{DH2eFCBk&Onps;Mv!c{sg3sr1)V`DD9Ic|?^j;R)6Uv{2rYx1i1&GonekXNrC2j5Va*g^%{WcXWHXw{6*ZH>XvY1IC~eP4jX#+25HvVsT>@KNTLt|7 zFi-*dsIKl_@g1}oOuiM}EcS%T{~R_Z6z)vNP%W%z{WDfAx=rnNb)@3!0b=q9^o2gK ztGmbSNnW{}g6Q+_Zc;1#D7vFVhaVD7emp~8@gB5q4^`|uoFxg}@tq9>wYhc@6|Z@2 zO~p&ekGoz9?YbeO5J*9b$b)M#l2AnSo<6|%z~L)Sz;E&r#?xuSp&jlOJFpClSblJq zP0#Cg2zJAi528=Df?Kzs|BJx@(4lbyfNW|F1_02?T$`D(^Z5zO--qMr7XaHTVE+(@ zQ#=(fz$49eFf?rDL$Y+qT?@AHt>QrY0qz59(FERwCh%Ak%>P4M>S?#B!QBRS?vC5w zJ**uWQ6aImAZTK(TjAXuM41`xIk<--%czd|AdaHvYz9529`~G@6JhHq+;b{%&vBbQ zXFSt$W{N$hgy}g+2f`~2(sRDl$*N-oGR>V!CKO70wbS;QJ^U?Y_=$~uiJ>ok%TdVWDK7ufyW%&IAzRTEd( zCa$neTw$-o$%UVDS!veNy(AjudoRcLUXJg*9AE02jeW!WFg1mIr*k`D;=K+gdZX`?=ii=W@HB%k6$HH|o0-`|iZPOHAMC z+)n4#&DJp&4v$$agxo)46psw}-jh9_Dg;n9J>9F1Lrd+#dF@xgno4w~btG z8@b#za=C5fa@)w|wvo$iBcIzsGq*>$S$L&ZYP` zm*V4miq&R{&u}R|!=?BPmm&?j+zgYZxQk117nkBLF2!A3io5s}*tCKzyBkNpL@7yFm9e)COOi%k`#(|ntWm*iVdyd+=DIYYk^ zrb{_z;cO}AUOIf87x1FDJnGq~ys7Ni0m9IiN_D4Rs&QKUUz3rG>ZzW13BejZw2}{< z$$PQdCezZ4C*Ikd+9p#qZoZZY2Wnf3{cftpqt`Hg=@CeNxSQs4rzVB??7;?iF^u2k zkW(hRp7t1db(U>L+Ox!IElPWlI4zf??+4C|0exT#OnWyBqYsp4TP{H__PN1z_^t}^tJY3$@)V^;#-7!QUzf1swS zr7o`?HWA=%XaY_fa@KfjG0eT9`ZW!HL&@^6CDRz^xWzE+Qw`nj_|nj<9!I5-73X-v z7_M1tx_!Tq1+Lmu@So*#=vr%l+OpXopxHk#VpkexIf6#4eX2d^m}c~yV+;go#ZI+9 zVhjWR0_Z6P=^vP5=qo|;S&mYe@%Y+br7%qhjfJ6cC^R85G!cd-q0p4b&{PRCf+NElVvkXo%mVnx9sWh&}CA*K7?DwQ(2SLdW zfs(;$I|BZGp;sE8!K(Y7tGcx?E&E!rki}_2C|AgcP_B>>p))MD91j>Y}?XJjbdk+-nLr`5GfxmyF zYMW|&p*yA;Kkz*+4J89hcUNTT%+T1oB1>n6Cf*fUIx{r&uE^4vp_z9@md=q5>kX9; z*VkQ<_4OmIuO~r$O=Wu9Pqjo#aDlEP1^PWL&}LGgk3fN7O??jjz6O6cg1_%!jcGsm z!etmiT)1m-*&d{2+eFIt0VvyHH0DnQgU3`OgvuzCExkul$uwf)9CdFPgB*K}p&+p- zrA8UJl})v8GW4LKZRgzyz-&^99n8t?B!XIFx;V`{zciBdyeku|EZQ3?}o9Tuh^H*J(I@XJp1%hNT-R zaMqD$A4iKgh8A%wPJ4o^lukTbI1~CD`HUCj@}uS4a4vu6GBM&nHvR43J`?LG4VPsI zDa%lt-*8!RI-8$$AW$x-v7$`Jrl)|=S@t(b8sm(S;5r7WVxr>^K&G(>xPyYUF0@>h z^>jofk2f{&L03}?6PpF9dSu*}Mh=il1=7h-BMzW<$Fy7a8gZ+PWR&Z5Mmo+k6*gew z3~*EEW53Hd2kPiaV;F8EefA@2mg|gjDFBhi{RcKP1K(0EVr&-T91lwM5X1K!gNQHsf>)jD8@Eo(&q&l(;O6!D@ z{@&`ii%x2Lqe(5At%8M^uGiV#(>9rrM7@f`8~B&4L;98uisx) z=heJmWmoU@HG5k;%`HH(mc9zRES-q^8g`R~~OBZ-OjX@t+4^jGn zTvLmudQ5?~*+!EiMZAG6a-&y!JB=@c&#P@s;VA^P4VeT9v;@7{K)zHUhA)9F1;`~g zg8Rj0?53T%;y@=UbC{f2DAgQ98(bI=do<* z0I~gcwsZjaC96)5@z1mAXN*7t04XfeB<7Rx9M3Vx**u#3p6y+C}>|R*ywMlYxLG2F*l9Fp>Qh; zUg5T4H~@YB=`oaSU1P91oF?3}LSb-w3#$NI=>K=VcqQ9uiSo58SWLc%d~Y_#VPQ~Y znjt&-v%@0WG}+$3_GES};l@~QWa1hM*I>DB$Mtt^xaS5wu4Qulf$QenaKeu^e6Qrk zOny}7?_7Kr;6{6HP~`4rT&LjrGdHC0!wKI-`O%ag(fPX+f7=uWW?_61Za%^tP`IfJ zBLsV6V@G9v@Cn~X%o`^&zOi!v_QuHFaJYe*9q-veO*#`my+L(1jhx{~?;X-9PmR}K ztyMK^bi6_VYmql8@0Zs#h$8`I`HSMf?pc(_^TFqv5y}Mp>p9j+9czi zFl5ndbBnjOVTo4T0H+`D<7+5-?ZSZOFVy@+TA)x16q#dcFPnsv50Yn=*a!3^eo%@jK@ZshQ^-JJv~@VQ4@k zR2qpy3XO|IOd*av0)uAe!Fge5KqOQei9`yGi$qKz)S!^3+RU_iUKkn>36(}7kwW7l z5mSgC++h`BDIcSCA61r*(K`p0$}pMWI2pzWhUqX&m@4p5&H0#0;J{KDCKDVd!x%x* zc9DM>Ltz<>u#BO=fu%A`COA%pF@lSl8fu)wa9Fd+pm|;x8el?j7-S@;SCo~pV#vRs zsmX^xG(aLbG-yHyIuL>fPdudI6#Qo1{&`_&00ZSgN8T_-5PGz*D=ds)FpxI2EJYf2 zE^P2GtO``u!(c(Jta4OAxv*SAwSvN;;t?Z9jV>8ewV=AjTdTQd&6+VwJ6Ch&4)G7w zoSJhyh;#0c8tp&($xY=qH{p5W8O*bO>^C>FnQyIqrA3C#W*);6!cp@cnUiBN zYyqKVI~XPGc$BbgT^%+eO4!UOVZJC~YodhR7bR?al(4s=gdK|#mSHgs z#l^6KC}Cw$!s?@ht%?%1K1$frQNj*H3HvfiSc+90c21Nqca*Rit7+gC4s)%v!m#C0 z!hRbiY-^OT*P?_SjS`k%Q-|e737ZrpY<`rmtD}V79wqFtC}I1egdK?z<}lP@gQJ9v zj}mryl&~dH!frE6qad*@ZH^N5XTvn|6T>>9gxTz-DW4eTw3~)^Vpyr&G`17ND($9e zoER3co3?6V*jl@3I3|W|w3`N6V%Q$LX(|;CbFZ|*d)Ohn{Jw&Ir@tNDso%-I9Sz?a zAbxX_{i(hkU4H`^HxtZnuXg3z(IfKZd^`K?=+4GheLI@QU)(49w^vo)jz0EF`k_Lz z{9XBW^utr})ul(zU-j+iqto#9@`UK|Ro{+2wu|T4)o(|aRTBN!qUW#rc67?_$o#wV z?dT`SM~k1*qUW#rc66>J|E_#Hx@8`|o?*!IKiRjVZ(1O4zn%SdbZ6tMz8y{D&$C76 zuljcM$F-#WY0=}Wz8!sGUFZ0#z8&qR@rBO~clO)S<4OI~`)gOf9qn$!*Y18hx;coi z>zQw;&(%8r?dTNz`W@|Jd-VKOza)$N+tJ%J{@c;Cc|T`h+z`gusdkM2n)vBglD{GH z8;PHOgZEDae@2kMir}vZ@?#19z94_XhVicjo;wKsy&%7m;7K}ypzU11>j^%>%J=JG1TV4j^TH!U4{iZ}k;qRF z+QXSd50zHFJ-IzpL7pZao4m;@4OJV zDR4u9$0%@z0*_PR2?{((fhQ~Q6a}8Dz|$0Xx&qILz*=Zj#RYfy{mkoZpdj zmRp#;bGU9M>1ga;Jopt7`I!!89~X{4q+HH;9`})Qt&QXHPYEAQz>|o4b1aX~C-Mh{ zd>r+}AH{S0LG{^0zX$`5At_Q3C2B0qizv#$q!k5E0F$?WOD zaDpElz_;@nl1_6P-;b6NJ&e!f@#|^1GI%_WwsQd=O51rlkKan$xquHQd^QXHWfpCR zNkadk?J$wY-=pnNz;#-W2|Ru=tw#aBo$x8>&DYmD!bcO@&+lkI?Ze|k=y;gJs@Td?X0O01;d7mE8?}OUP;)TgrxrHY7RML#*K^1s-VR4JI&JP}4*ykQ$>HpklxdLzvb1v|B1qy->v8poO5`MfIoFV6Uo zbqkhnybU04WXKucaURjS%yVJcjENJKI8KBdDX8I*O>HkUB=w*witSIz~`OF?AGCM`1V?y;8?W>KH*C#ne$m z9fe_G8k;&sQpX7DD5j1g>L?7$(Ad;5k~&6EM=^C2QAc4oh{mRlk<>AQI*O^Ih&l?x z2#rl0BdKEqbre%a5p@)X9W*v|jHHec)KN?wMbuGPD7EGd8~u_bsbeH{jG&HU>L{X) z!UA)iMAxbC@AwJ)+s5GI82oR#x&LtogTKkhpU>d$D&)Uq6L%%n4s!RIpg1q?o4k$ydc|C+&Hw#xN(lf%TV48D%Rlh|^_%H@YJcy9)OL?OS0 z!3Q(=xH!4Ii^205{4Wam*BSg=2LD;ST;9vzlNkKp4DMp^uNZtXgI|*%mtW1`HU>{h zl*?x_xWV9eDdg{Ga68-HlH~Fu89au;pHaxaz~BxBpOb9jv26Qf@HhrPtdKv-;PDK; zG(|4IoWTpTgjY4E}3{{CWmYX7HhDa`^%VPhs#sF?cG2Z%>oApDF2b`I+hR z_VcDf{$RSi{WN6A<(o6)?dMyCJl(Js+fOJ{F26QY-hNWEOgxRjvl%>{!S7MXZ(#5Y z1~2R-moH)POa|Yfkl(}LSqy$rwp_lF!F#dy7lnKWgJ(1NmAy?ohryRHcpnDWbL8?4 z20w$rZ&AqK&ft9+d_W($d@h6cWAHyJ^lEF*adDLKe`tJ;ur~e^?k7V$jL(Ft;XYiae<>?Gy@KJ1g zJ4>EU-C6Q<8X0^vJKxAP@e&5#$lzlb{DProzQ1JaeW*O0T?~F6gWoz#uIGVgoA_7; zUv`c>-*3;6=c^5u=lgb^eBMsa-QXN&CbRvOz~HkPJWaso5`PwhU&P4g2=Z;j-;deP zEMw%)5#%3W?6p|@_sssIES*_`{8o*(3!-=qIWqgXfcGc(Vj+EcPPbZ+r{^*^3;4Y@ z)82>UPwS}byXrdZ^BsQnA&L(d1#7UVx7e8yPhd@i)e`BVt_ zHd>DYzMbG#3i$H`zgEC^5xh;{PtO^DEyz=Qtp^qSw+e!uhTNM27 zR`B1X;Qy3@|6T?E*9HFcy!(AYK8NuCOu_$zf`6h-&cBaM&VQ&)&VRH`&i?`%&!3*- zUnIz%shjpjGX4u~a{gB-_=gnyf2H7mzk>fC1^)D0^;to_i12?|!T%o${)ZL(zftfv z3_1UFL(ady!Sko*v%>}X^9ld+3_1TPhMfPUhMd3Gkn{H|_^(j#Zx{H}bLZa(@^oMO zAqD>@6#QRM@PAdo|6K+DPZj*X7x>fj^jJGDKZo$|Wta0GVwdwTw#)fXu*><+u*><+ zv&;E6*oFBL;lEgruch-+1^-(W{O?il|AT`6HUr@Ex zbbVVLC+B~qg8#J&{_P6>zftgiNWp)Lz@ORyJ}=0BMEJj=;Qx+-|0fFm-z)gX#>@Hl zikI^r6feyG$$40zAWz@laDKd;e|fx||J-;v|Au%u|HTUas}=lj5%^QP&ASD8J6R`h zQt*FD!GEuU{~HSaA1L^Lq2PZ);7{#Q6BBrO`i_h~33C2J6Xg6yC&>A`66E|ZPLT7j zN|5tkm>|sm3ID4E`GJIgNWuSC3jX&i_&=)PzeBk3g1?a{ z=bxS^=RY7(&Obj<&VOv8od1+WVg66}UnNRkq zKyorK-%R-TO_uXNJ6XV zRnEUps+|8>slxo9*tLulRv&9 zC*l7`1^;Ii{9jh^|A&JAVFmwh6#T7e!u+4u{iLSx@~;y9{nO<9ho{N;pO+@*KP64h z|I#!$e{Y(c|CIuN`aIgTg8X}gf4hSJZxs9=Qt*F5!T$vX|5p|K-x2uJ=j=Wa-~cKFv9;)1^*oi{(n{Q|EGfg#|r-6D)<|j z!u+4u`K4#_@}mg<0hx0C`I&P5V+H(UI&Ts1Pw4n5@S)EadjAk@S)G=J|W0cyMY%Jd|p-Xc~`;bQvv^!?wbjG=yUP0S-kwE^nDsxiu1lK#d%+r zoX>$OijJRIiu1lKg}sEppT5^(uOPpR zj-Lwsyf36fp9lX;kZ&aEoKWZ?v6oyAeR|3DFtnFk52Jf2_RV@J&K-IQ_iJj9Z z5&jE%$@yQU;2%=(|CNIO{R;k%D){dZ@NWsePr!d5_*+7G>GSv>3G&yI@*Y!^*Pbme zZ$`GfyaTi4$i8`_c6Ro<-zu75M*+@V{4(&mr=E6y)jqJ)RZh*OT)8rMKeT zytlkP9O*4@58wBew}-eKd3)%cBX18wbL8z|Opd%gOv#bAhdDX&_E4K6tc!`=c|c5` z>PQ#;rj1)SQQ-Yeich@Kx2@ZZpV5&^%F_9FpbM%UK@UQO`#6!=F1K9JyF3-}mn zXWNIzsU2RDfLGA_mw=x`$3p?XlFl0id@o&h3;5rtor8cMqWce;us=h7>~jG#I)RgE zJ$mkdO{Y}Ashv!vh?DhiK){c(??Gp9YS+C{z^T3T9s#Fz%ZEgH2crNseR7U|hJaK1 z)e-@xcA>KcoZ4G93pll7yivfZec%QGr*?Nc1)SQm9TaeCCw5%Gsr^;9g~zE~(+B~l z_ChlSoZ8{|1f1HptPyZ(H*%kVQ+tf<0#5B5-V$(XKX6RI>A8G{RnR|K*A)mjJx4AR zaC$ylFW~gtbCrP8^ThQ6PS5F{7I1q0bwI%Bxzd*cPS0ynY=ZvDec~Jer{@c90jK-+ zH3Cle!MPCzey5D$I!0A3-f+6Ui>@VdCINf)eB;a&EXTE^b zeUhsMobEr|F5q-s|ClIG@O@(X1V1A3A?rJbUEojf!2(X#Q{x4ku8%GkaJueTBH(m> bew&ytna6Gxa5{hcvnWsIIUNE{@9+N)t|vck literal 0 Hc-jL100001 diff --git a/test/ssltestlib.c b/test/ssltestlib.c index 6fce12e0fc7..9bce0d32d10 100644 --- a/test/ssltestlib.c +++ b/test/ssltestlib.c @@ -11,6 +11,7 @@ #include "e_os.h" #include "ssltestlib.h" +#include "testutil.h" static int tls_dump_new(BIO *bi); static int tls_dump_free(BIO *a); @@ -21,12 +22,11 @@ static int tls_dump_gets(BIO *bp, char *buf, int size); static int tls_dump_puts(BIO *bp, const char *str); /* Choose a sufficiently large type likely to be unused for this custom BIO */ -# define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) - -# define BIO_TYPE_MEMPACKET_TEST 0x81 +#define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER) +#define BIO_TYPE_MEMPACKET_TEST 0x81 static BIO_METHOD *method_tls_dump = NULL; -static BIO_METHOD *method_mempacket_test = NULL; +static BIO_METHOD *meth_mem = NULL; /* Note: Not thread safe! */ const BIO_METHOD *bio_f_tls_dump_filter(void) @@ -265,34 +265,33 @@ static int mempacket_test_puts(BIO *bp, const char *str); const BIO_METHOD *bio_s_mempacket_test(void) { - if (method_mempacket_test == NULL) { - method_mempacket_test = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, - "Mem Packet Test"); - if ( method_mempacket_test == NULL - || !BIO_meth_set_write(method_mempacket_test, mempacket_test_write) - || !BIO_meth_set_read(method_mempacket_test, mempacket_test_read) - || !BIO_meth_set_puts(method_mempacket_test, mempacket_test_puts) - || !BIO_meth_set_gets(method_mempacket_test, mempacket_test_gets) - || !BIO_meth_set_ctrl(method_mempacket_test, mempacket_test_ctrl) - || !BIO_meth_set_create(method_mempacket_test, mempacket_test_new) - || !BIO_meth_set_destroy(method_mempacket_test, mempacket_test_free)) + if (meth_mem == NULL) { + if (!TEST_ptr(meth_mem = BIO_meth_new(BIO_TYPE_MEMPACKET_TEST, + "Mem Packet Test")) + || !TEST_true(BIO_meth_set_write(meth_mem, mempacket_test_write)) + || !TEST_true(BIO_meth_set_read(meth_mem, mempacket_test_read)) + || !TEST_true(BIO_meth_set_puts(meth_mem, mempacket_test_puts)) + || !TEST_true(BIO_meth_set_gets(meth_mem, mempacket_test_gets)) + || !TEST_true(BIO_meth_set_ctrl(meth_mem, mempacket_test_ctrl)) + || !TEST_true(BIO_meth_set_create(meth_mem, mempacket_test_new)) + || !TEST_true(BIO_meth_set_destroy(meth_mem, mempacket_test_free))) return NULL; } - return method_mempacket_test; + return meth_mem; } void bio_s_mempacket_test_free(void) { - BIO_meth_free(method_mempacket_test); + BIO_meth_free(meth_mem); } static int mempacket_test_new(BIO *bio) { - MEMPACKET_TEST_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + MEMPACKET_TEST_CTX *ctx; + + if (!TEST_ptr(ctx = OPENSSL_zalloc(sizeof(*ctx)))) return 0; - ctx->pkts = sk_MEMPACKET_new_null(); - if (ctx->pkts == NULL) { + if (!TEST_ptr(ctx->pkts = sk_MEMPACKET_new_null())) { OPENSSL_free(ctx); return 0; } @@ -309,7 +308,6 @@ static int mempacket_test_free(BIO *bio) OPENSSL_free(ctx); BIO_set_data(bio, NULL); BIO_set_init(bio, 0); - return 1; } @@ -331,7 +329,6 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) unsigned int seq, offset, len, epoch; BIO_clear_retry_flags(bio); - thispkt = sk_MEMPACKET_value(ctx->pkts, 0); if (thispkt == NULL || thispkt->num != ctx->currpkt) { /* Probably run out of data */ @@ -351,12 +348,10 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) * we know that there won't be any re-ordering. We overwrite to deal * with any packets that have been injected */ - rem = thispkt->len; - rec = thispkt->data; - while (rem > 0) { - if (rem < DTLS1_RT_HEADER_LENGTH) { + for (rem = thispkt->len, rec = thispkt->data + ; rem > 0; rec += len, rem -= len) { + if (rem < DTLS1_RT_HEADER_LENGTH) return -1; - } epoch = (rec[EPOCH_HI] << 8) | rec[EPOCH_LO]; if (epoch != ctx->epoch) { ctx->epoch = epoch; @@ -373,16 +368,11 @@ static int mempacket_test_read(BIO *bio, char *out, int outl) len = ((rec[RECORD_LEN_HI] << 8) | rec[RECORD_LEN_LO]) + DTLS1_RT_HEADER_LENGTH; - - rec += len; - rem -= len; } } memcpy(out, thispkt->data, outl); - mempacket_free(thispkt); - return outl; } @@ -404,12 +394,9 @@ int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, ctx->noinject = 1; } - thispkt = OPENSSL_malloc(sizeof(MEMPACKET)); - if (thispkt == NULL) + if (!TEST_ptr(thispkt = OPENSSL_malloc(sizeof(*thispkt)))) return -1; - - thispkt->data = OPENSSL_malloc(inl); - if (thispkt->data == NULL) { + if (!TEST_ptr(thispkt->data = OPENSSL_malloc(inl))) { mempacket_free(thispkt); return -1; } @@ -530,26 +517,16 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, SSL_CTX *serverctx = NULL; SSL_CTX *clientctx = NULL; - serverctx = SSL_CTX_new(sm); - clientctx = SSL_CTX_new(cm); - if (serverctx == NULL || clientctx == NULL) { - printf("Failed to create SSL_CTX\n"); + if (!TEST_ptr(serverctx = SSL_CTX_new(sm)) + || !TEST_ptr(clientctx = SSL_CTX_new(cm))) goto err; - } - if (SSL_CTX_use_certificate_file(serverctx, certfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server certificate\n"); + if (!TEST_int_eq(SSL_CTX_use_certificate_file(serverctx, certfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, + SSL_FILETYPE_PEM), 1) + || !TEST_int_eq(SSL_CTX_check_private_key(serverctx), 1)) goto err; - } - if (SSL_CTX_use_PrivateKey_file(serverctx, privkeyfile, - SSL_FILETYPE_PEM) <= 0) { - printf("Failed to load server private key\n"); - } - if (SSL_CTX_check_private_key(serverctx) <= 0) { - printf("Failed to check private key\n"); - goto err; - } #ifndef OPENSSL_NO_DH SSL_CTX_set_dh_auto(serverctx, 1); @@ -557,8 +534,8 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, *sctx = serverctx; *cctx = clientctx; - return 1; + err: SSL_CTX_free(serverctx); SSL_CTX_free(clientctx); @@ -573,62 +550,46 @@ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm, int create_ssl_objects(SSL_CTX *serverctx, SSL_CTX *clientctx, SSL **sssl, SSL **cssl, BIO *s_to_c_fbio, BIO *c_to_s_fbio) { - SSL *serverssl, *clientssl; + SSL *serverssl = NULL, *clientssl = NULL; BIO *s_to_c_bio = NULL, *c_to_s_bio = NULL; - if (*sssl == NULL) - serverssl = SSL_new(serverctx); - else + if (*sssl != NULL) serverssl = *sssl; - if (*cssl == NULL) - clientssl = SSL_new(clientctx); - else + else if (!TEST_ptr(serverssl = SSL_new(serverctx))) + goto error; + if (*cssl != NULL) clientssl = *cssl; - - if (serverssl == NULL || clientssl == NULL) { - printf("Failed to create SSL object\n"); + else if (!TEST_ptr(clientssl = SSL_new(clientctx))) goto error; - } if (SSL_is_dtls(clientssl)) { - s_to_c_bio = BIO_new(bio_s_mempacket_test()); - c_to_s_bio = BIO_new(bio_s_mempacket_test()); + if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) + || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) + goto error; } else { - s_to_c_bio = BIO_new(BIO_s_mem()); - c_to_s_bio = BIO_new(BIO_s_mem()); - } - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create mem BIOs\n"); - goto error; + if (!TEST_ptr(s_to_c_bio = BIO_new(BIO_s_mem())) + || !TEST_ptr(c_to_s_bio = BIO_new(BIO_s_mem()))) + goto error; } - if (s_to_c_fbio != NULL) - s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio); - if (c_to_s_fbio != NULL) - c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio); - if (s_to_c_bio == NULL || c_to_s_bio == NULL) { - printf("Failed to create chained BIOs\n"); + if (s_to_c_fbio != NULL + && !TEST_ptr(s_to_c_bio = BIO_push(s_to_c_fbio, s_to_c_bio))) + goto error; + if (c_to_s_fbio != NULL + && !TEST_ptr(c_to_s_bio = BIO_push(c_to_s_fbio, c_to_s_bio))) goto error; - } /* Set Non-blocking IO behaviour */ BIO_set_mem_eof_return(s_to_c_bio, -1); BIO_set_mem_eof_return(c_to_s_bio, -1); /* Up ref these as we are passing them to two SSL objects */ + SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); BIO_up_ref(s_to_c_bio); BIO_up_ref(c_to_s_bio); - - SSL_set_bio(serverssl, c_to_s_bio, s_to_c_bio); SSL_set_bio(clientssl, s_to_c_bio, c_to_s_bio); - - /* BIOs will now be freed when SSL objects are freed */ - s_to_c_bio = c_to_s_bio = NULL; - s_to_c_fbio = c_to_s_fbio = NULL; - *sssl = serverssl; *cssl = clientssl; - return 1; error: @@ -658,7 +619,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) } if (!clienterr && retc <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_connect() failed %d, %d\n", retc, err); + TEST_info("SSL_connect() failed %d, %d", retc, err); clienterr = 1; } if (want != SSL_ERROR_NONE && err == want) @@ -672,7 +633,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) } if (!servererr && rets <= 0 && err != SSL_ERROR_WANT_READ) { - printf("SSL_accept() failed %d, %d\n", rets, err); + TEST_info("SSL_accept() failed %d, %d", rets, err); servererr = 1; } if (want != SSL_ERROR_NONE && err == want) @@ -680,7 +641,7 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) if (clienterr && servererr) return 0; if (++abortctr == MAXLOOPS) { - printf("No progress made\n"); + TEST_info("No progress made"); return 0; } } while (retc <=0 || rets <= 0); @@ -691,12 +652,9 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) * appropriate. */ if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) { - if (readbytes != 0) { - printf("Unexpected success reading data %"OSSLzu"\n", readbytes); + if (!TEST_ulong_eq(readbytes, 0)) return 0; - } - } else if (SSL_get_error(clientssl, 0) != SSL_ERROR_WANT_READ) { - printf("SSL_read_ex() failed\n"); + } else if (!TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_WANT_READ)) { return 0; } -- 2.47.2