- LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x4
- LSAN_OPTIONS="suppressions=$(pwd)/fuzz/lsan.supp" make -C fuzz check -j$(nproc) GNUTLS_CPUID_OVERRIDE=0x8
- CFLAGS="-fsanitize=address -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libasan"
- dash ./configure --cache-file cache/config.cache --disable-doc --with-default-trust-store-pkcs11="pkcs11:" --disable-guile
+ dash ./configure --cache-file cache/config.cache --disable-doc --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM --with-default-trust-store-pkcs11="pkcs11:" --disable-guile
- make -j$(nproc)
- - make -C tests check -j$(nproc) TESTS="trust-store p11-kit-load.sh" SUBDIRS=.
+ - make -C tests check -j$(nproc) TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=.
tags:
- shared
except:
_gnutls_mpi_release;
# Internal symbols needed by tests/:
+ _gnutls_default_priority_string;
_gnutls_supplemental_deinit;
_gnutls_record_overhead;
_gnutls_cipher_to_entry;
/* This function is used by the test suite */
char *_gnutls_resolve_priorities(const char* priorities);
+const char *_gnutls_default_priority_string = DEFAULT_PRIORITY_STRING;
static void prio_remove(priority_st * priority_list, unsigned int algo);
static void prio_add(priority_st * priority_list, unsigned int algo);
_gnutls_buffer_init(&buf);
- ret = _gnutls_buffer_append_str(&buf, DEFAULT_PRIORITY_STRING);
+ ret = _gnutls_buffer_append_str(&buf, _gnutls_default_priority_string);
if (ret < 0) {
_gnutls_buffer_clear(&buf);
return gnutls_assert_val(ret);
ret = gnutls_priority_init(priority_cache, (const char*)buf.data, &ep);
if (ret < 0 && ep != (const char*)buf.data && ep != NULL) {
ptrdiff_t diff = (ptrdiff_t)ep-(ptrdiff_t)buf.data;
- unsigned hlen = strlen(DEFAULT_PRIORITY_STRING)+1;
+ unsigned hlen = strlen(_gnutls_default_priority_string)+1;
if (err_pos && diff > hlen) {
*err_pos = priorities + diff - hlen;
bulk_rmadd_func *bulk_fn;
bulk_rmadd_func *bulk_given_fn;
const cipher_entry_st *centry;
+ unsigned resolved_match = 1;
if (err_pos)
*err_pos = priorities;
(*priority_cache)->min_record_version = 1;
gnutls_atomic_init(&(*priority_cache)->usage_cnt);
- if (priorities == NULL)
- priorities = DEFAULT_PRIORITY_STRING;
+ if (priorities == NULL) {
+ priorities = _gnutls_default_priority_string;
+ resolved_match = 0;
+ }
darg = _gnutls_resolve_priorities(priorities);
if (darg == NULL) {
goto error;
}
+ if (strcmp(darg, priorities) != 0)
+ resolved_match = 0;
+
break_list(darg, broken_list, &broken_list_size);
/* This is our default set of protocol version, certificate types.
*/
return 0;
error:
- if (err_pos != NULL && i < broken_list_size) {
+ if (err_pos != NULL && i < broken_list_size && resolved_match) {
*err_pos = priorities;
for (j = 0; j < i; j++) {
(*err_pos) += strlen(broken_list[j]) + 1;
#include "cert-common.h"
const char *side;
+extern const char *_gnutls_default_priority_string;
static void tls_log_func(int level, const char *str)
{
struct test_st {
const char *name;
const char *add_prio;
+ const char *def_prio;
int exp_err;
int exp_etm;
unsigned err_pos;
else
success("running %s\n", test->name);
+ if (test && test->def_prio)
+ _gnutls_default_priority_string = test->def_prio;
+ else
+ _gnutls_default_priority_string = "NORMAL";
+
/* General init. */
global_init();
gnutls_global_set_log_function(tls_log_func);
assert(gnutls_init(&server, GNUTLS_SERVER) >= 0);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
serverx509cred);
- if (test == NULL)
+ if (test == NULL) {
ret = gnutls_priority_init(&cache, NULL, NULL);
- else
+ if (ret < 0)
+ fail("error: %s\n", gnutls_strerror(ret));
+ } else {
ret = gnutls_priority_init2(&cache, test->add_prio, &ep, GNUTLS_PRIORITY_INIT_DEF_APPEND);
- if (ret < 0) {
- if (test->exp_err == ret) {
- if (ep-test->add_prio != test->err_pos) {
- fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
- fail("error expected error on different position[%d]: %s\n",
- test->err_pos, test->add_prio);
+ if (ret < 0) {
+ if (test->exp_err == ret) {
+ if (strchr(_gnutls_default_priority_string, '@') != 0) {
+ if (ep != test->add_prio) {
+ fail("error expected error on start of string[%d]: %s\n",
+ test->err_pos, test->add_prio);
+ }
+ } else {
+ if (ep-test->add_prio != test->err_pos) {
+ fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
+ fail("error expected error on different position[%d]: %s\n",
+ test->err_pos, test->add_prio);
+ }
+ }
+ goto cleanup;
}
- goto cleanup;
+ fail("error: %s\n", gnutls_strerror(ret));
}
- fail("error: %s\n", gnutls_strerror(ret));
}
gnutls_priority_set(server, cache);
struct test_st tests[] = {
{
.name = "additional flag",
+ .def_prio = "NORMAL",
.add_prio = "%FORCE_ETM",
.exp_err = 0
},
{
.name = "additional flag typo1",
+ .def_prio = "NORMAL",
.add_prio = ":%FORCE_ETM",
.exp_err = GNUTLS_E_INVALID_REQUEST,
.err_pos = 0
},
{
.name = "additional flag typo2",
+ .def_prio = "NORMAL",
.add_prio = "%FORCE_ETM::%NO_TICKETS",
.exp_err = GNUTLS_E_INVALID_REQUEST,
.err_pos = 11
},
{
.name = "additional flag typo3",
+ .def_prio = "NORMAL",
.add_prio = "%FORCE_ETM:%%NO_TICKETS",
.exp_err = GNUTLS_E_INVALID_REQUEST,
.err_pos = 11
},
+ {
+ .name = "additional flag typo3 (with resolved def prio)",
+ .def_prio = "@HELLO",
+ .add_prio = "%FORCE_ETM:%%NO_TICKETS",
+ .exp_err = GNUTLS_E_INVALID_REQUEST,
+ .err_pos = 0
+ },
{
.name = "additional flag for version (functional)",
+ .def_prio = "NORMAL",
.add_prio = "-VERS-ALL:+VERS-TLS1.1",
.exp_etm = 1,
.exp_err = 0,
#include "cert-common.h"
const char *side;
+extern const char *_gnutls_default_priority_string;
static void tls_log_func(int level, const char *str)
{
struct test_st {
const char *name;
const char *add_prio;
+ const char *def_prio;
int exp_err;
unsigned err_pos;
unsigned exp_vers;
else
success("running %s\n", test->name);
+ if (test && test->def_prio)
+ _gnutls_default_priority_string = test->def_prio;
+ else
+ _gnutls_default_priority_string = "NORMAL";
+
/* General init. */
global_init();
gnutls_global_set_log_function(tls_log_func);
assert(gnutls_init(&server, GNUTLS_SERVER) >= 0);
gnutls_credentials_set(server, GNUTLS_CRD_CERTIFICATE,
serverx509cred);
- if (test == NULL)
+ if (test == NULL) {
ret = gnutls_set_default_priority(server);
- else
+ if (ret < 0)
+ fail("error: %s\n", gnutls_strerror(ret));
+ } else {
ret = gnutls_set_default_priority_append(server, test->add_prio, &ep, 0);
- if (ret < 0) {
- if (test->exp_err == ret) {
- if (ep-test->add_prio != test->err_pos) {
- fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
- fail("error expected error on different position[%d]: %s\n",
- test->err_pos, test->add_prio);
+ if (ret < 0) {
+ if (test->exp_err == ret) {
+ /* the &ep value is only accurate when the default priorities are not overriden;
+ * otherwise it should be a pointer to the start of the string */
+ if (strchr(_gnutls_default_priority_string, '@') != 0) {
+ if (ep != test->add_prio) {
+ fail("error expected error on start of string[%d]: %s\n",
+ test->err_pos, test->add_prio);
+ }
+ } else {
+ if (ep-test->add_prio != test->err_pos) {
+ fprintf(stderr, "diff: %d\n", (int)(ep-test->add_prio));
+ fail("error expected error on different position[%d]: %s\n",
+ test->err_pos, test->add_prio);
+ }
+ }
+ goto cleanup;
}
- goto cleanup;
+ fail("error: %s\n", gnutls_strerror(ret));
}
- fail("error: %s\n", gnutls_strerror(ret));
}
gnutls_transport_set_push_function(server, server_push);
struct test_st tests[] = {
{
.name = "additional flag",
+ .def_prio = "NORMAL",
.add_prio = "%FORCE_ETM",
.exp_err = 0
},
{
.name = "additional flag typo1",
+ .def_prio = "NORMAL",
.add_prio = ":%FORCE_ETM",
.exp_err = GNUTLS_E_INVALID_REQUEST,
.err_pos = 0
},
{
.name = "additional flag typo2",
+ .def_prio = "NORMAL",
.add_prio = "%FORCE_ETM::%NO_TICKETS",
.exp_err = GNUTLS_E_INVALID_REQUEST,
.err_pos = 11
},
{
.name = "additional flag typo3",
+ .def_prio = "NORMAL",
.add_prio = "%FORCE_ETM:%%NO_TICKETS",
.exp_err = GNUTLS_E_INVALID_REQUEST,
.err_pos = 11
},
+ {
+ .name = "additional flag typo3 (with resolved def prio)",
+ .def_prio = "@HELLO",
+ .add_prio = "%FORCE_ETM:%%NO_TICKETS",
+ .exp_err = GNUTLS_E_INVALID_REQUEST,
+ .err_pos = 0
+ },
{
.name = "additional flag for version (functional)",
+ .def_prio = "NORMAL",
.add_prio = "-VERS-ALL:+VERS-TLS1.1",
.exp_err = 0,
.exp_etm = 1,
projects / thirdparty / gnutls.git / commitdiff
