* Fix build w/o DEBUG

krizhanovsky · krizhanovsky · commit 88202f7395d3 · 2018-12-25T04:42:01.000+03:00
* Remove x509 unit test since it uses obsoleted ciphers and hashes. #737 is extended by a point to load and test various certs. * Couple minor fixes for unit tests. * Several cleanups
diff --git a/tempesta_fw/t/unit/Makefile b/tempesta_fw/t/unit/Makefile
@@ -19,29 +19,13 @@
 
 tfw_root = $(src)/../../../
 
-EXTRA_CFLAGS += $(TFW_CFLAGS) -I$(tfw_root)/tempesta_fw -I$(tfw_root)/tempesta_fw/t \
-		-I$(tfw_root) -I$(tfw_root)/tempesta_db/core
+EXTRA_CFLAGS += $(TFW_CFLAGS) -I$(tfw_root)/tempesta_fw -I$(tfw_root) \
+		-I$(tfw_root)/tempesta_fw/t -I$(tfw_root)/tempesta_db/core
 EXTRA_CFLAGS += $(TTLS_CFLAGS)
 
 obj-m += tfw_test.o
-tfw_test-objs = \
-	main.o \
-	test.o \
-	helpers.o \
-	test_addr.o \
-	test_cfg.o \
-	test_hash.o \
-	test_http_match.o \
-	test_http_msg.o \
-	tfw_str_helper.o \
-	test_tfw_str.o \
-	test_mem_fast.o \
-	test_http_parser.o \
-	sched_helper.o \
-	test_sched_ratio.o \
-	test_sched_hash.o \
-	test_http_tbl.o \
-	test_http_sticky.o \
-	test_wq.o \
-	kallsyms_helper.o \
-	test_tls.o
+
+t-srcs = $(wildcard $(obj)/*.c)
+t-objs = $(patsubst %.c, %.o, $(t-srcs))
+
+tfw_test-objs = $(subst $(src)/,,$(t-objs))
diff --git a/tempesta_fw/t/unit/test_http_sticky.c b/tempesta_fw/t/unit/test_http_sticky.c
@@ -45,6 +45,7 @@
 #include "sock_srv.c"
 #include "client.c"
 #include "http_limits.c"
+#include "tls.c"
 
 /* rename original tfw_cli_conn_send(), a custom version will be used here */
 #define tfw_cli_conn_send	divert_tfw_cli_conn_send
@@ -264,13 +265,6 @@ tfw_http_resp_build_error(TfwHttpReq *req)
 	(void)req;
 }
 
-/* Custom version for testing purposes. */
-void
-tfw_tls_cfg_require(void)
-{
-	return;
-}
-
 int
 test_helper_sticky_start(const char *name, unsigned int misses)
 {
diff --git a/tempesta_fw/t/unit/test_tls.c b/tempesta_fw/t/unit/test_tls.c
@@ -43,12 +43,10 @@ TEST(tls, name)								\
 DEFINE_TLS_TEST(ecp);
 DEFINE_TLS_TEST(mpi);
 DEFINE_TLS_TEST(rsa);
-DEFINE_TLS_TEST(x509);
 
 TEST_SUITE(tls)
 {
 	TEST_RUN(tls, ecp);
 	TEST_RUN(tls, mpi);
 	TEST_RUN(tls, rsa);
-	TEST_RUN(tls, x509);
 }
diff --git a/tls/certs.c b/tls/certs.c
diff --git a/tls/certs.h b/tls/certs.h
diff --git a/tls/config.h b/tls/config.h
@@ -248,7 +248,7 @@
  *
  * Comment to skip keyUsage checking for both CA and leaf certificates.
  */
-#define TTLS_X509_CHECK_KEY_USAGE
+//#define TTLS_X509_CHECK_KEY_USAGE
 
 /**
  * \def TTLS_X509_CHECK_EXTENDED_KEY_USAGE
@@ -263,18 +263,6 @@
  */
 #define TTLS_X509_CHECK_EXTENDED_KEY_USAGE
 
-/**
- * \def TTLS_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module:  library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define TTLS_CERTS_C
-
 /**
  * \def TTLS_DHM_C
  *
diff --git a/tls/pk.c b/tls/pk.c
@@ -49,7 +49,8 @@ do {									\
 void
 ttls_pk_free(ttls_pk_context *ctx)
 {
-	BUG_ON(!ctx || !ctx->pk_info);
+	if (unlikely(!ctx || !ctx->pk_info))
+		return;
 
 	ctx->pk_info->ctx_free_func(ctx->pk_ctx);
 
diff --git a/tls/ttls.c b/tls/ttls.c
@@ -1551,9 +1551,7 @@ ttls_parse_certificate(TlsCtx *tls, unsigned char *buf, size_t len,
 						      ca_crl,
 						      tls->conf->cert_profile,
 						      tls->hostname,
-						      &sess->verify_result,
-						      tls->conf->f_vrfy,
-						      tls->conf->p_vrfy);
+						      &sess->verify_result);
 		if (r)
 			T_DBG("client cert verification status: %d\n", r);
 
@@ -1828,15 +1826,6 @@ ttls_conf_authmode(ttls_config *conf, int authmode)
 	conf->authmode = authmode;
 }
 
-void
-ttls_conf_verify(ttls_config *conf,
-		 int (*f_vrfy)(void *, ttls_x509_crt *, int, uint32_t *),
-		 void *p_vrfy)
-{
-	conf->f_vrfy = f_vrfy;
-	conf->p_vrfy = p_vrfy;
-}
-
 #if defined(TTLS_CLI_C)
 int ttls_set_session(ttls_context *tls, const ttls_ssl_session *session)
 {
@@ -2148,9 +2137,8 @@ static int
 ttls_handshake_step(TlsCtx *tls, unsigned char *buf, size_t len, size_t hh_len,
 		    unsigned int *read)
 {
-	TlsIOCtx *io = &tls->io_in;
-
-	T_DBG3("handshake message %u on state %x\n", io->msgtype, tls->state);
+	T_DBG3("handshake message %u on state %x\n",
+	       tls->io_in.msgtype, tls->state);
 
 #if defined(TTLS_CLI_C)
 	if (tls->conf->endpoint == TTLS_IS_CLIENT)
diff --git a/tls/ttls.h b/tls/ttls.h
@@ -545,21 +545,6 @@ int ttls_ctx_init(TlsCtx *tls, const ttls_config *conf);
  */
 void ttls_conf_authmode(ttls_config *conf, int authmode);
 
-/**
- * \brief	Set the verification callback (Optional).
- *
- *		If set, the verify callback is called for each
- *		certificate in the chain. For implementation
- *		information, please see \c ttls_x509_crt_verify()
- *
- * \param conf	SSL configuration
- * \param f_vrfy verification function
- * \param p_vrfy verification parameter
- */
-void ttls_conf_verify(ttls_config *conf,
-		      int (*f_vrfy)(void *, ttls_x509_crt *, int, uint32_t *),
-		      void *p_vrfy);
-
 /**
  * \brief	Callback type: generate and write session ticket
  *
diff --git a/tls/x509.c b/tls/x509.c
@@ -1,39 +1,37 @@
 /*
- *  X.509 common functions for parsing and verification
+ *		Tempesta TLS
  *
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  Copyright (C) 2015-2018 Tempesta Technologies, Inc.
- *  SPDX-License-Identifier: GPL-2.0
+ * X.509 common functions for parsing and verification.
  *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ * The ITU-T X.509 standard defines a certificate format for PKI.
  *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
+ * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
+ * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
+ * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
  *
- *  You should have received a copy of the GNU General Public License along
- *  with this program; if not, write to the Free Software Foundation, Inc.,
- *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
+ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  *
- *  This file is part of mbed TLS (https://tls.mbed.org)
- */
-/*
- *  The ITU-T X.509 standard defines a certificate format for PKI.
+ * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ * Copyright (C) 2015-2018 Tempesta Technologies, Inc.
+ * SPDX-License-Identifier: GPL-2.0
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
  *
- *  http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs)
- *  http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs)
- *  http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10)
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf
- *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 #include "ttls.h"
 #include "asn1.h"
-#include "certs.h"
 #include "oid.h"
 #include "pem.h"
 #include "tls_internal.h"
@@ -928,66 +926,3 @@ ttls_x509_time_is_future(const ttls_x509_time *from)
 
 	return x509_check_time(from, &now);
 }
-
-/*
- * Checkup routine
- */
-int ttls_x509_self_test(int verbose)
-{
-#if defined(TTLS_CERTS_C)
-	int ret;
-	uint32_t flags;
-	ttls_x509_crt cacert;
-	ttls_x509_crt clicert;
-
-	if (verbose != 0)
-		pr_info("  X.509 certificate load: ");
-
-	ttls_x509_crt_init(&clicert);
-
-	ret = ttls_x509_crt_parse(&clicert, (unsigned char *) ttls_test_cli_crt,
-			   ttls_test_cli_crt_len);
-	if (ret != 0)
-	{
-		if (verbose != 0)
-			pr_info("failed\n");
-
-		return ret;
-	}
-
-	ttls_x509_crt_init(&cacert);
-
-	ret = ttls_x509_crt_parse(&cacert, (unsigned char *) ttls_test_ca_crt,
-			  ttls_test_ca_crt_len);
-	if (ret != 0)
-	{
-		if (verbose != 0)
-			pr_info("failed\n");
-
-		return ret;
-	}
-
-	if (verbose != 0)
-		pr_info("passed\n  X.509 signature verify: ");
-
-	ret = ttls_x509_crt_verify(&clicert, &cacert, NULL, NULL, &flags, NULL, NULL);
-	if (ret != 0)
-	{
-		if (verbose != 0)
-			pr_info("failed\n");
-
-		return ret;
-	}
-
-	if (verbose != 0)
-		pr_info("passed\n\n");
-
-	ttls_x509_crt_free(&cacert );
-	ttls_x509_crt_free(&clicert);
-
-	return 0;
-#else
-	((void) verbose);
-	return 0;
-#endif
-}
diff --git a/tls/x509_crt.c b/tls/x509_crt.c
diff --git a/tls/x509_crt.h b/tls/x509_crt.h

Original file line number	Diff line number	Diff line change
`@@ -43,12 +43,10 @@ TEST(tls, name) \`
`43`	`43`	`DEFINE_TLS_TEST(ecp);`
`44`	`44`	`DEFINE_TLS_TEST(mpi);`
`45`	`45`	`DEFINE_TLS_TEST(rsa);`
`46`		`-DEFINE_TLS_TEST(x509);`
`47`	`46`
`48`	`47`	`TEST_SUITE(tls)`
`49`	`48`	`{`
`50`	`49`	`TEST_RUN(tls, ecp);`
`51`	`50`	`TEST_RUN(tls, mpi);`
`52`	`51`	`TEST_RUN(tls, rsa);`
`53`		`- TEST_RUN(tls, x509);`
`54`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,8 @@ do { \`
`49`	`49`	`void`
`50`	`50`	`ttls_pk_free(ttls_pk_context *ctx)`
`51`	`51`	`{`
`52`		`- BUG_ON(!ctx \|\| !ctx->pk_info);`
	`52`	`+ if (unlikely(!ctx \|\| !ctx->pk_info))`
	`53`	`+ return;`
`53`	`54`
`54`	`55`	`ctx->pk_info->ctx_free_func(ctx->pk_ctx);`
`55`	`56`