The branch master has been updated via b422ba3dda5d85c295aae6205909a6eeb4921c4b (commit) via a12da5dafbc6e681d32e88ddef0067ff14abd8f2 (commit) from e2daf6f14045587614681bf6579480be63de6da0 (commit)
- Log ----------------------------------------------------------------- commit b422ba3dda5d85c295aae6205909a6eeb4921c4b Author: Richard Levitte <levi...@openssl.org> Date: Fri May 14 12:26:21 2021 +0200 Adapt 80-test_cmp_http.t and its data for random accept ports Fixes #14694 Reviewed-by: David von Oheimb <david.von.ohe...@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15281) commit a12da5dafbc6e681d32e88ddef0067ff14abd8f2 Author: Richard Levitte <levi...@openssl.org> Date: Fri May 14 12:25:11 2021 +0200 APPS: Make the cmp Mock server output the accept address and port Fixes #14694 Reviewed-by: David von Oheimb <david.von.ohe...@siemens.com> (Merged from https://github.com/openssl/openssl/pull/15281) ----------------------------------------------------------------------- Summary of changes: apps/include/s_apps.h | 1 + apps/lib/http_server.c | 9 +++ apps/lib/s_socket.c | 66 ++++++++++++---------- test/recipes/80-test_cmp_http.t | 44 ++++++++------- test/recipes/80-test_cmp_http_data/Mock/server.cnf | 3 +- test/recipes/80-test_cmp_http_data/Mock/test.cnf | 8 +-- .../80-test_cmp_http_data/test_connection.csv | 2 +- 7 files changed, 78 insertions(+), 55 deletions(-) diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 3d2bace594..a5e9762aed 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -16,6 +16,7 @@ #define PROTOCOL "tcp" typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context); +int report_server_accept(BIO *out, int asock, int with_address); int do_server(int *accept_sock, const char *host, const char *port, int family, int type, int protocol, do_server_cb cb, unsigned char *context, int naccept, BIO *bio_s_out); diff --git a/apps/lib/http_server.c b/apps/lib/http_server.c index 691e5c9056..ae33632598 100644 --- a/apps/lib/http_server.c +++ b/apps/lib/http_server.c @@ -23,6 +23,7 @@ #include "internal/sockets.h" #include <openssl/err.h> #include <openssl/rand.h> +#include "s_apps.h" #if defined(__TANDEM) # if defined(OPENSSL_TANDEM_FLOSS) @@ -218,6 +219,7 @@ void spawn_loop(const char *prog) BIO *http_server_init_bio(const char *prog, const char *port) { BIO *acbio = NULL, *bufbio; + int asock; bufbio = BIO_new(BIO_f_buffer()); if (bufbio == NULL) @@ -237,6 +239,13 @@ BIO *http_server_init_bio(const char *prog, const char *port) goto err; } + /* Report back what address and port are used */ + BIO_get_fd(acbio, &asock); + if (!report_server_accept(bio_out, asock, 1)) { + log_message(prog, LOG_ERR, "Error printing ACCEPT string"); + goto err; + } + return acbio; err: diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 65d56c0991..e41429df89 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -191,6 +191,38 @@ out: return ret; } +int report_server_accept(BIO *out, int asock, int with_address) +{ + int success = 0; + + if (with_address) { + union BIO_sock_info_u info; + char *hostname = NULL; + char *service = NULL; + + if ((info.addr = BIO_ADDR_new()) != NULL + && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) + && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL + && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL + && BIO_printf(out, + strchr(hostname, ':') == NULL + ? /* IPv4 */ "ACCEPT %s:%s\n" + : /* IPv6 */ "ACCEPT [%s]:%s\n", + hostname, service) > 0) + success = 1; + + OPENSSL_free(hostname); + OPENSSL_free(service); + BIO_ADDR_free(info.addr); + } else { + (void)BIO_printf(out, "ACCEPT\n"); + success = 1; + } + (void)BIO_flush(out); + + return success; +} + /* * do_server - helper routine to perform a server operation * @accept_sock: pointer to storage of resulting socket. @@ -296,36 +328,10 @@ int do_server(int *accept_sock, const char *host, const char *port, BIO_ADDRINFO_free(res); res = NULL; - if (sock_port == 0) { - /* dynamically allocated port, report which one */ - union BIO_sock_info_u info; - char *hostname = NULL; - char *service = NULL; - int success = 0; - - if ((info.addr = BIO_ADDR_new()) != NULL - && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info) - && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL - && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL - && BIO_printf(bio_s_out, - strchr(hostname, ':') == NULL - ? /* IPv4 */ "ACCEPT %s:%s\n" - : /* IPv6 */ "ACCEPT [%s]:%s\n", - hostname, service) > 0) - success = 1; - - (void)BIO_flush(bio_s_out); - OPENSSL_free(hostname); - OPENSSL_free(service); - BIO_ADDR_free(info.addr); - if (!success) { - BIO_closesocket(asock); - ERR_print_errors(bio_err); - goto end; - } - } else { - (void)BIO_printf(bio_s_out, "ACCEPT\n"); - (void)BIO_flush(bio_s_out); + if (!report_server_accept(bio_s_out, asock, sock_port == 0)) { + BIO_closesocket(asock); + ERR_print_errors(bio_err); + goto end; } if (accept_sock != NULL) diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t index 7bb720a823..8bd9eacde9 100644 --- a/test/recipes/80-test_cmp_http.t +++ b/test/recipes/80-test_cmp_http.t @@ -28,15 +28,13 @@ plan skip_all => "These tests are not supported in a no-cmp build" if disabled("cmp"); plan skip_all => "These tests are not supported in a no-ec build" if disabled("ec"); +plan skip_all => "These tests are not supported in a no-sock build" + if disabled("sock"); plan skip_all => "Tests involving local HTTP server not available on Windows, AIX or VMS" if $^O =~ /^(VMS|MSWin32|AIX)$/; plan skip_all => "Tests involving local HTTP server not available in cross-compile builds" if defined $ENV{EXE_SHELL}; -plan skip_all => "Tests involving local HTTP server require 'kill' command" - if system("which kill >/dev/null"); -plan skip_all => "Tests involving local HTTP server require 'lsof' command" - if system("which lsof >/dev/null"); # this typically excludes Solaris sub chop_dblquot { # chop any leading and trailing '"' (needed for Windows) my $str = shift; @@ -65,6 +63,7 @@ my $pbm_ref; # The reference for PBM my $pbm_secret; # The secret for PBM my $column; # The column number of the expected result my $sleep = 0; # The time to sleep between two requests +my $server_fh; # Server file handle # The local $server_name variables below are among others taken as the name of a # sub-directory with server-specific certs etc. and CA-specific config section. @@ -131,6 +130,9 @@ sub test_cmp_http { my $params = shift; my $expected_exit = shift; my $path_app = bldtop_dir($app); + $params = [ '-server', "127.0.0.1:$server_port", @$params ] + unless grep { $_ eq '-server' } @$params; + with({ exit_checker => sub { my $actual_exit = shift; my $OK = $actual_exit == $expected_exit; @@ -265,28 +267,32 @@ sub load_tests { return \@result; } -sub mock_server_pid { - return `lsof -iTCP:$server_port` =~ m/\n\S+\s+(\d+)\s+[^\n]+LISTEN/s ? $1 : 0; -} - sub start_mock_server { my $args = $_[0]; # optional further CLI arguments my $dir = bldtop_dir(""); - my $cmd = "LD_LIBRARY_PATH=$dir DYLD_LIBRARY_PATH=$dir " . - bldtop_dir($app) . " -config server.cnf $args"; - my $pid = mock_server_pid(); - if ($pid) { - print "Mock server already running with pid=$pid\n"; - return $pid; - } + local $ENV{LD_LIBRARY_PATH} = $dir; + local $ENV{DYLD_LIBRARY_PATH} = $dir; + my $cmd = bldtop_dir($app) . " -config server.cnf $args"; print "Current directory is ".getcwd()."\n"; - print "Launching mock server listening on port $server_port: $cmd\n"; - return system("$cmd &") == 0 # start in background, check for success - ? (sleep 1, mock_server_pid()) : 0; + print "Launching mock server: $cmd\n"; + my $pid = open($server_fh, "$cmd|") or die "Trying to $cmd"; + print "Pid is: $pid\n"; + # Find out the actual server port + while (<$server_fh>) { + print; + s/\R$//; # Better chomp + next unless (/^ACCEPT\s.*:(\d+)$/); + $server_port = $1; + $server_tls = $1; + $kur_port = $1; + $pbm_port = $1; + last; + } + return $pid; } sub stop_mock_server { my $pid = $_[0]; print "Killing mock server with pid=$pid\n"; - system("kill $pid") if $pid; + kill('QUIT', $pid) if $pid; } diff --git a/test/recipes/80-test_cmp_http_data/Mock/server.cnf b/test/recipes/80-test_cmp_http_data/Mock/server.cnf index c8fe8edcc6..24a6ebb9f6 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/server.cnf +++ b/test/recipes/80-test_cmp_http_data/Mock/server.cnf @@ -1,6 +1,7 @@ [cmp] # mock server configuration -port = 1700 +# port 0 means that a random available port will be used +port = 0 srv_cert = server.crt srv_key = server.key srv_secret = pass:test diff --git a/test/recipes/80-test_cmp_http_data/Mock/test.cnf b/test/recipes/80-test_cmp_http_data/Mock/test.cnf index 22ca0f2362..503ded18e3 100644 --- a/test/recipes/80-test_cmp_http_data/Mock/test.cnf +++ b/test/recipes/80-test_cmp_http_data/Mock/test.cnf @@ -17,8 +17,8 @@ policies = certificatePolicies [Mock] # the built-in OpenSSL CMP mock server no_check_time = 1 server_host = 127.0.0.1 # localhost -server_port = 1700 -server_tls = 0 +server_port = 0 +server_tls = $server_port server_cert = server.crt server = $server_host:$server_port server_path = pkix/ @@ -30,8 +30,8 @@ expect_sender = $server_dn subject = "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=leaf" newkey = signer.key out_trusted = signer_root.crt -kur_port = 1700 -pbm_port = 1700 +kur_port = $server_port +pbm_port = $server_port pbm_ref = pbm_secret = pass:test cert = signer.crt diff --git a/test/recipes/80-test_cmp_http_data/test_connection.csv b/test/recipes/80-test_cmp_http_data/test_connection.csv index 3276eb5fb3..b3290e0e73 100644 --- a/test/recipes/80-test_cmp_http_data/test_connection.csv +++ b/test/recipes/80-test_cmp_http_data/test_connection.csv @@ -14,7 +14,7 @@ TBD,IP address, -section,, -server,_SERVER_IP:_SERVER_PORT,,,,,,,,,,,,,, 1,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 1,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, 1,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, -1,server with TLS port, -section,, -server,_SERVER_HOST:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, +1,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK, TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK, ,,,,,,,,,,,,,,,,,,, 1,proxy port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT, -proxy,127.0.0.1:x*/8888, -no_proxy,nonmatch.com,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,