From 3e310a17becddf87483643ae21a8d66943ca53a6 Mon Sep 17 00:00:00 2001 From: Tomasz Ziolkowski Date: Tue, 27 Jul 2021 12:03:51 +0200 Subject: [PATCH 1/3] Docker environment for run tests + enhancement for ssl_handshake --- .gitignore | 1 + Dockerfile | 11 +++++++++++ Makefile.in | 2 ++ configure | 6 ++++++ doc/README.tests | 8 ++++++++ testcode/petal.c | 10 ++++++++-- testdata/fwd_zero.tdir/fwd_zero.test | 2 +- util/iana_ports.inc | 1 + util/netevent.c | 7 +++++++ 9 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 Dockerfile diff --git a/.gitignore b/.gitignore index d0c69f81d..ddd734967 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,4 @@ /testdata/.perfstats.txt /doc/html /doc/xml +.idea diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..417daccb2 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM gcc:latest +WORKDIR /usr/src/unbound +RUN apt-get update +# install semantic parser & lexical analyzer +RUN apt-get install -y bison flex +# install packages used in tests +RUN apt-get install -y ldnsutils dnsutils xxd splint doxygen netcat +# accept short rsa keys, which are used in tests +RUN sed -i 's/SECLEVEL=2/SECLEVEL=1/g' /usr/lib/ssl/openssl.cnf + +CMD ["/bin/bash"] diff --git a/Makefile.in b/Makefile.in index 476545ea9..3f2e9312b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -85,6 +85,8 @@ LINTFLAGS+=@NETBSD_LINTFLAGS@ LINTFLAGS+="-Dsigset_t=long" # FreeBSD LINTFLAGS+="-D__uint16_t=uint16_t" "-DEVP_PKEY_ASN1_METHOD=int" "-D_RuneLocale=int" "-D__va_list=va_list" "-D__uint32_t=uint32_t" "-D_Alignof(x)=x" "-D__aligned(x)=" "-D__requires_exclusive(x)=" "-D__requires_unlocked(x)=" "-D__locks_exclusive(x)=" "-D__trylocks_exclusive(x)=" "-D__unlocks(x)=" "-D__locks_shared(x)=" "-D__trylocks_shared(x)=" +# GCC Docker +LINTFLAGS+=@GCC_DOCKER_LINTFLAGS@ INSTALL=$(SHELL) $(srcdir)/install-sh diff --git a/configure b/configure index 7e722b59e..57f8094a3 100755 --- a/configure +++ b/configure @@ -683,6 +683,7 @@ HAVE_SSL PC_CRYPTO_DEPENDENCY CONFIG_DATE NETBSD_LINTFLAGS +GCC_DOCKER_LINTFLAGS PYUNBOUND_UNINSTALL PYUNBOUND_INSTALL PYUNBOUND_TARGET @@ -17888,6 +17889,11 @@ if test "`uname`" = "NetBSD"; then NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_' fi + +if test "`uname -o`" = "GNU/Linux"; then + # splint cannot parse modern c99 header files + GCC_DOCKER_LINTFLAGS='-syntax' +fi CONFIG_DATE=`date +%Y%m%d` diff --git a/doc/README.tests b/doc/README.tests index 5385e2b22..122bf02f3 100644 --- a/doc/README.tests +++ b/doc/README.tests @@ -15,6 +15,14 @@ You need to have the following programs installed and in your PATH. * xxd and nc (optional) - for (malformed) packet transmission. The optional programs are detected and can be omitted. +You can also use prepared Dockerfile to run tests inside docker based on latest gcc image: +* build container: docker build -t unbound-tester . +* run container: docker run -it --mount type=bind,source="$(pwd)",target=/usr/src/unbound --rm unbound-tester +* configure environment: ./configure +* run test: make test +* run long tests: make longtest +It is worth to mention that you need to enable [ipv6 in your docker daemon configuration](https://docs.docker.com/config/daemon/ipv6/) because some tests need ipv6 network stack. + testdata/ contains the data for tests. testcode/ contains scripts and c code for the tests. diff --git a/testcode/petal.c b/testcode/petal.c index 123684aab..78f1ca2f5 100644 --- a/testcode/petal.c +++ b/testcode/petal.c @@ -220,8 +220,11 @@ read_http_headers(SSL* ssl, char* file, size_t flen, char* host, size_t hlen, host[0] = 0; while(read_ssl_line(ssl, buf, sizeof(buf))) { if(verb>=2) printf("read: %s\n", buf); - if(buf[0] == 0) + if(buf[0] == 0) { + int e = ERR_peek_error(); + printf("error string: %s\n", ERR_reason_error_string(e)); return 1; + } if(!process_one_header(buf, file, flen, host, hlen, vs)) return 0; } @@ -238,8 +241,11 @@ setup_ctx(char* key, char* cert) (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2); #endif (void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); - if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) + if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) { + int e = ERR_peek_error(); + printf("error string: %s\n", ERR_reason_error_string(e)); print_exit("cannot read cert"); + } if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM)) print_exit("cannot read key"); if(!SSL_CTX_check_private_key(ctx)) diff --git a/testdata/fwd_zero.tdir/fwd_zero.test b/testdata/fwd_zero.tdir/fwd_zero.test index 87a2dec9c..2e0806d6f 100644 --- a/testdata/fwd_zero.tdir/fwd_zero.test +++ b/testdata/fwd_zero.tdir/fwd_zero.test @@ -7,7 +7,7 @@ PRE="../.." OPT="-i" -if nc -h 2>&1 | grep -- "-w secs" >/dev/null; then +if nc -h 2>&1 | grep -E -- "-w (timeout|secs)" >/dev/null; then OPT="-w" fi diff --git a/util/iana_ports.inc b/util/iana_ports.inc index f928d0669..b93af015d 100644 --- a/util/iana_ports.inc +++ b/util/iana_ports.inc @@ -4244,6 +4244,7 @@ 5504, 5505, 5506, +5540, 5553, 5554, 5555, diff --git a/util/netevent.c b/util/netevent.c index 01e44c9b6..b1cc995c0 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1232,6 +1232,13 @@ ssl_handshake(struct comm_point* c) if(want == SSL_ERROR_WANT_READ) { if(c->ssl_shake_state == comm_ssl_shake_read) return 1; + /* According to https://www.openssl.org/docs/man1.1.1/man3/SSL_do_handshake.html + * we should repeat handshake - for non blocking BIO + */ + if(c->ssl_shake_state == comm_ssl_shake_write) { + comm_point_listen_for_rw(c, 0, 1); + return 1; + } c->ssl_shake_state = comm_ssl_shake_read; comm_point_listen_for_rw(c, 1, 0); return 1; From 1900ea3bb38e31df874579bc58d39945d22d75ff Mon Sep 17 00:00:00 2001 From: Tomasz Ziolkowski Date: Wed, 4 Aug 2021 12:57:55 +0200 Subject: [PATCH 2/3] Revert changes in files managed by maintainers, move docker do contrib dir --- .gitignore | 1 - configure | 5 ----- configure.ac | 6 ++++++ Dockerfile => contrib/Dockerfile.tests | 0 doc/README.tests | 2 +- util/netevent.c | 7 ------- 6 files changed, 7 insertions(+), 14 deletions(-) rename Dockerfile => contrib/Dockerfile.tests (100%) diff --git a/.gitignore b/.gitignore index ddd734967..d0c69f81d 100644 --- a/.gitignore +++ b/.gitignore @@ -56,4 +56,3 @@ /testdata/.perfstats.txt /doc/html /doc/xml -.idea diff --git a/configure b/configure index d27ded8a5..457efb480 100755 --- a/configure +++ b/configure @@ -683,7 +683,6 @@ HAVE_SSL PC_CRYPTO_DEPENDENCY CONFIG_DATE NETBSD_LINTFLAGS -GCC_DOCKER_LINTFLAGS PYUNBOUND_UNINSTALL PYUNBOUND_INSTALL PYUNBOUND_TARGET @@ -17889,10 +17888,6 @@ if test "`uname`" = "NetBSD"; then fi -if test "`uname -o`" = "GNU/Linux"; then - # splint cannot parse modern c99 header files - GCC_DOCKER_LINTFLAGS='-syntax' -fi CONFIG_DATE=`date +%Y%m%d` diff --git a/configure.ac b/configure.ac index fe911723c..128232b1c 100644 --- a/configure.ac +++ b/configure.ac @@ -776,6 +776,12 @@ if test "`uname`" = "NetBSD"; then NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_' AC_SUBST(NETBSD_LINTFLAGS) fi + +if test "`uname -o`" = "GNU/Linux"; then + # splint cannot parse modern c99 header files + GCC_DOCKER_LINTFLAGS='-syntax' + AC_SUBST(GCC_DOCKER_LINTFLAGS) +fi CONFIG_DATE=`date +%Y%m%d` AC_SUBST(CONFIG_DATE) diff --git a/Dockerfile b/contrib/Dockerfile.tests similarity index 100% rename from Dockerfile rename to contrib/Dockerfile.tests diff --git a/doc/README.tests b/doc/README.tests index 122bf02f3..376f01717 100644 --- a/doc/README.tests +++ b/doc/README.tests @@ -16,7 +16,7 @@ You need to have the following programs installed and in your PATH. The optional programs are detected and can be omitted. You can also use prepared Dockerfile to run tests inside docker based on latest gcc image: -* build container: docker build -t unbound-tester . +* build container: docker build -t unbound-tester -f contrib/Dockerfile.tests . * run container: docker run -it --mount type=bind,source="$(pwd)",target=/usr/src/unbound --rm unbound-tester * configure environment: ./configure * run test: make test diff --git a/util/netevent.c b/util/netevent.c index b3df164e6..11c642a2b 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -1232,13 +1232,6 @@ ssl_handshake(struct comm_point* c) if(want == SSL_ERROR_WANT_READ) { if(c->ssl_shake_state == comm_ssl_shake_read) return 1; - /* According to https://www.openssl.org/docs/man1.1.1/man3/SSL_do_handshake.html - * we should repeat handshake - for non blocking BIO - */ - if(c->ssl_shake_state == comm_ssl_shake_write) { - comm_point_listen_for_rw(c, 0, 1); - return 1; - } c->ssl_shake_state = comm_ssl_shake_read; comm_point_listen_for_rw(c, 1, 0); return 1; From 59552a7a762f265c9a7436cecab51cea7e76530a Mon Sep 17 00:00:00 2001 From: Tomasz Ziolkowski Date: Wed, 4 Aug 2021 13:05:21 +0200 Subject: [PATCH 3/3] reformat --- configure | 1 - testcode/petal.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/configure b/configure index 457efb480..346fd5e5b 100755 --- a/configure +++ b/configure @@ -17887,7 +17887,6 @@ if test "`uname`" = "NetBSD"; then NETBSD_LINTFLAGS='"-D__RENAME(x)=" -D_NETINET_IN_H_' fi - CONFIG_DATE=`date +%Y%m%d` diff --git a/testcode/petal.c b/testcode/petal.c index fbe5ac61b..6ea3c34cd 100644 --- a/testcode/petal.c +++ b/testcode/petal.c @@ -245,8 +245,8 @@ setup_ctx(char* key, char* cert) SSL_CTX_set_security_level(ctx, 0); /* for keys in tests */ #endif if(!SSL_CTX_use_certificate_chain_file(ctx, cert)) { - int e = ERR_peek_error(); - printf("error string: %s\n", ERR_reason_error_string(e)); + int e = ERR_peek_error(); + printf("error string: %s\n", ERR_reason_error_string(e)); print_exit("cannot read cert"); } if(!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))