git: 883d1742d3d7 - main - ktls_tests: Log more details when a test fails.

From: John Baldwin <jhb_at_FreeBSD.org>
Date: Thu, 15 Dec 2022 20:06:59 UTC
The branch main has been updated by jhb:

URL: https://cgit.FreeBSD.org/src/commit/?id=883d1742d3d74635afc3ae2d8208974ac51e3dd9

commit 883d1742d3d74635afc3ae2d8208974ac51e3dd9
Author:     John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-12-15 20:06:09 +0000
Commit:     John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-12-15 20:06:09 +0000

    ktls_tests: Log more details when a test fails.
    
    - Make use of ATF_REQUIRE_INTEQ to log the values of integers for
      unexpected mismatches.
    
    - Use ATF_REQUIRE_MSG in a few more places to log values when a
      requirement fails.
    
    - Consistently use ATF_REQUIRE_ERRNO when checking for an expected
      errno value.
    
    Reviewed by:    markj
    Sponsored by:   Chelsio Communications
    Differential Revision:  https://reviews.freebsd.org/D37691
---
 tests/sys/kern/ktls_test.c | 157 ++++++++++++++++++++++++---------------------
 1 file changed, 85 insertions(+), 72 deletions(-)

diff --git a/tests/sys/kern/ktls_test.c b/tests/sys/kern/ktls_test.c
index ee575597f1f2..9488ac24f4cc 100644
--- a/tests/sys/kern/ktls_test.c
+++ b/tests/sys/kern/ktls_test.c
@@ -207,8 +207,8 @@ socketpair_tcp(int sv[2])
 	pfd.fd = cs;
 	pfd.events = POLLOUT;
 	pfd.revents = 0;
-	ATF_REQUIRE(poll(&pfd, 1, INFTIM) == 1);
-	ATF_REQUIRE(pfd.revents == POLLOUT);
+	ATF_REQUIRE_INTEQ(1, poll(&pfd, 1, INFTIM));
+	ATF_REQUIRE_INTEQ(POLLOUT, pfd.revents);
 
 	sv[0] = cs;
 	sv[1] = as;
@@ -795,8 +795,8 @@ decrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
 	hdr = src;
 	hdr_len = tls_header_len(en);
 	mac_len = tls_mac_len(en);
-	ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE);
-	ATF_REQUIRE(hdr->tls_vminor == en->tls_vminor);
+	ATF_REQUIRE_INTEQ(TLS_MAJOR_VER_ONE, hdr->tls_vmajor);
+	ATF_REQUIRE_INTEQ(en->tls_vminor, hdr->tls_vminor);
 	debug(tc, "decrypting MTE record seqno %ju:\n", (uintmax_t)seqno);
 	debug_hexdump(tc, src, len, NULL);
 
@@ -826,8 +826,11 @@ decrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
 	 * The kernel always generates the smallest amount of padding.
 	 */
 	padding = buf[payload_len - 1] + 1;
-	ATF_REQUIRE(padding > 0 && padding <= AES_BLOCK_LEN);
-	ATF_REQUIRE(payload_len >= mac_len + padding);
+	ATF_REQUIRE_MSG(padding > 0 && padding <= AES_BLOCK_LEN,
+	    "invalid padding %d", padding);
+	ATF_REQUIRE_MSG(payload_len >= mac_len + padding,
+	    "payload_len (%zu) < mac_len (%zu) + padding (%d)", payload_len,
+	    mac_len, padding);
 	payload_len -= padding;
 
 	/* Verify HMAC. */
@@ -837,7 +840,8 @@ decrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
 	ATF_REQUIRE(verify_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len,
 	    &aad, sizeof(aad), buf, payload_len, buf + payload_len));
 
-	ATF_REQUIRE(payload_len <= avail);
+	ATF_REQUIRE_MSG(payload_len <= avail, "payload_len (%zu) < avail (%zu)",
+	    payload_len, avail);
 	memcpy(dst, buf, payload_len);
 	*record_type = hdr->tls_type;
 	return (payload_len);
@@ -857,8 +861,8 @@ decrypt_tls_12_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
 	hdr_len = tls_header_len(en);
 	mac_len = tls_mac_len(en);
 	payload_len = len - (hdr_len + mac_len);
-	ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE);
-	ATF_REQUIRE(hdr->tls_vminor == TLS_MINOR_VER_TWO);
+	ATF_REQUIRE_INTEQ(TLS_MAJOR_VER_ONE, hdr->tls_vmajor);
+	ATF_REQUIRE_INTEQ(TLS_MINOR_VER_TWO, hdr->tls_vminor);
 	debug(tc, "decrypting TLS 1.2 record seqno %ju:\n", (uintmax_t)seqno);
 	debug_hexdump(tc, src, len, NULL);
 
@@ -893,10 +897,12 @@ decrypt_tls_13_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
 	hdr_len = tls_header_len(en);
 	mac_len = tls_mac_len(en);
 	payload_len = len - (hdr_len + mac_len);
-	ATF_REQUIRE(payload_len >= 1);
-	ATF_REQUIRE(hdr->tls_type == TLS_RLTYPE_APP);
-	ATF_REQUIRE(hdr->tls_vmajor == TLS_MAJOR_VER_ONE);
-	ATF_REQUIRE(hdr->tls_vminor == TLS_MINOR_VER_TWO);
+	ATF_REQUIRE_MSG(payload_len >= 1,
+	    "payload_len (%zu) too short: len %zu hdr_len %zu mac_len %zu",
+	    payload_len, len, hdr_len, mac_len);
+	ATF_REQUIRE_INTEQ(TLS_RLTYPE_APP, hdr->tls_type);
+	ATF_REQUIRE_INTEQ(TLS_MAJOR_VER_ONE, hdr->tls_vmajor);
+	ATF_REQUIRE_INTEQ(TLS_MINOR_VER_TWO, hdr->tls_vminor);
 	debug(tc, "decrypting TLS 1.3 record seqno %ju:\n", (uintmax_t)seqno);
 	debug_hexdump(tc, src, len, NULL);
 
@@ -934,17 +940,18 @@ decrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en, uint64_t seqno,
 	size_t payload_len;
 
 	hdr = src;
-	ATF_REQUIRE(ntohs(hdr->tls_length) + sizeof(*hdr) == len);
+	ATF_REQUIRE_INTEQ(len, ntohs(hdr->tls_length) + sizeof(*hdr));
 
 	payload_len = len - (tls_header_len(en) + tls_trailer_len(en));
-	ATF_REQUIRE(payload_len <= avail);
+	ATF_REQUIRE_MSG(payload_len <= avail, "payload_len (%zu) > avail (%zu)",
+	    payload_len, avail);
 
 	if (en->tls_vminor == TLS_MINOR_VER_TWO) {
-		ATF_REQUIRE(decrypt_tls_12_aead(tc, en, seqno, src, len, dst,
-		    record_type) == payload_len);
+		ATF_REQUIRE_INTEQ(payload_len, decrypt_tls_12_aead(tc, en,
+		    seqno, src, len, dst, record_type));
 	} else {
-		ATF_REQUIRE(decrypt_tls_13_aead(tc, en, seqno, src, len, dst,
-		    record_type) == payload_len);
+		ATF_REQUIRE_INTEQ(payload_len, decrypt_tls_13_aead(tc, en,
+		    seqno, src, len, dst, record_type));
 	}
 
 	return (payload_len);
@@ -980,7 +987,7 @@ encrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
 	size_t hdr_len, mac_len, record_len;
 	u_int digest_len, i;
 
-	ATF_REQUIRE(padding % 16 == 0);
+	ATF_REQUIRE_INTEQ(0, padding % 16);
 
 	hdr = dst;
 	buf = dst;
@@ -989,10 +996,13 @@ encrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
 	hdr_len = tls_header_len(en);
 	mac_len = tls_mac_len(en);
 	padding += (AES_BLOCK_LEN - (len + mac_len) % AES_BLOCK_LEN);
-	ATF_REQUIRE(padding > 0 && padding <= 255);
+	ATF_REQUIRE_MSG(padding > 0 && padding <= 255, "invalid padding (%zu)",
+	    padding);
 
 	record_len = hdr_len + len + mac_len + padding;
-	ATF_REQUIRE(record_len <= avail);
+	ATF_REQUIRE_MSG(record_len <= avail, "record_len (%zu) > avail (%zu): "
+	    "hdr_len %zu, len %zu, mac_len %zu, padding %zu", record_len,
+	    avail, hdr_len, len, mac_len, padding);
 
 	hdr->tls_type = record_type;
 	hdr->tls_vmajor = TLS_MAJOR_VER_ONE;
@@ -1012,12 +1022,13 @@ encrypt_tls_aes_cbc_mte(const atf_tc_t *tc, struct tls_enable *en,
 	debug_hexdump(tc, src, len, "plaintext");
 	ATF_REQUIRE(compute_hash(tls_EVP_MD(en), en->auth_key, en->auth_key_len,
 	    &aad, sizeof(aad), src, len, buf + hdr_len + len, &digest_len));
-	ATF_REQUIRE(digest_len == mac_len);
+	ATF_REQUIRE_INTEQ(mac_len, digest_len);
 
 	/* Store padding. */
 	for (i = 0; i < padding; i++)
 		buf[hdr_len + len + mac_len + i] = padding - 1;
-	debug_hexdump(tc, buf + hdr_len + len, mac_len + padding, "MAC and padding");
+	debug_hexdump(tc, buf + hdr_len + len, mac_len + padding,
+	    "MAC and padding");
 
 	/* Encrypt the record. */
 	ATF_REQUIRE(cbc_encrypt(tls_EVP_CIPHER(en), en->cipher_key, iv,
@@ -1123,15 +1134,17 @@ encrypt_tls_aead(const atf_tc_t *tc, struct tls_enable *en,
 	size_t record_len;
 
 	record_len = tls_header_len(en) + len + padding + tls_trailer_len(en);
-	ATF_REQUIRE(record_len <= avail);
+	ATF_REQUIRE_MSG(record_len <= avail, "record_len (%zu) > avail (%zu): "
+	    "header %zu len %zu padding %zu trailer %zu", record_len, avail,
+	    tls_header_len(en), len, padding, tls_trailer_len(en));
 
 	if (en->tls_vminor == TLS_MINOR_VER_TWO) {
-		ATF_REQUIRE(padding == 0);
-		ATF_REQUIRE(encrypt_tls_12_aead(tc, en, record_type, seqno, src,
-		    len, dst) == record_len);
+		ATF_REQUIRE_INTEQ(0, padding);
+		ATF_REQUIRE_INTEQ(record_len, encrypt_tls_12_aead(tc, en,
+		    record_type, seqno, src, len, dst));
 	} else
-		ATF_REQUIRE(encrypt_tls_13_aead(tc, en, record_type, seqno, src,
-		    len, dst, padding) == record_len);
+		ATF_REQUIRE_INTEQ(record_len, encrypt_tls_13_aead(tc, en,
+		    record_type, seqno, src, len, dst, padding));
 
 	return (record_len);
 }
@@ -1243,7 +1256,8 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
 			    record_len - outbuf_len);
 			if (rv == -1 && errno == EAGAIN)
 				break;
-			ATF_REQUIRE_MSG(rv > 0, "failed to read from socket");
+			ATF_REQUIRE_MSG(rv > 0,
+			    "failed to read from socket: %s", strerror(errno));
 
 			outbuf_len += rv;
 			if (outbuf_len == record_len) {
@@ -1251,7 +1265,7 @@ test_ktls_transmit_app_data(const atf_tc_t *tc, struct tls_enable *en,
 				    seqno, outbuf, outbuf_len,
 				    decrypted + decrypted_len,
 				    len - decrypted_len, &record_type);
-				ATF_REQUIRE(record_type == TLS_RLTYPE_APP);
+				ATF_REQUIRE_INTEQ(TLS_RLTYPE_APP, record_type);
 
 				seqno++;
 				outbuf_len = 0;
@@ -1296,7 +1310,7 @@ ktls_send_control_message(int fd, uint8_t type, void *data, size_t len)
 	msg.msg_iov = &iov;
 	msg.msg_iovlen = 1;
 
-	ATF_REQUIRE(sendmsg(fd, &msg, 0) == (ssize_t)len);
+	ATF_REQUIRE_INTEQ((ssize_t)len, sendmsg(fd, &msg, 0));
 }
 
 static void
@@ -1334,20 +1348,21 @@ test_ktls_transmit_control(const atf_tc_t *tc, struct tls_enable *en,
 	 * to read.
 	 */
 	rv = read(sockets[0], outbuf, sizeof(struct tls_record_layer));
-	ATF_REQUIRE(rv == sizeof(struct tls_record_layer));
+	ATF_REQUIRE_INTEQ(sizeof(struct tls_record_layer), rv);
 	payload_len = ntohs(hdr->tls_length);
 	record_len = payload_len + sizeof(struct tls_record_layer);
-	ATF_REQUIRE(record_len <= outbuf_cap);
+	ATF_REQUIRE_MSG(record_len <= outbuf_cap,
+	    "record_len (%zu) > outbuf_cap (%zu)", record_len, outbuf_cap);
 	rv = read(sockets[0], outbuf + sizeof(struct tls_record_layer),
 	    payload_len);
-	ATF_REQUIRE(rv == (ssize_t)payload_len);
+	ATF_REQUIRE_INTEQ((ssize_t)payload_len, rv);
 
 	rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, decrypted,
 	    len, &record_type);
 
 	ATF_REQUIRE_MSG((ssize_t)len == rv,
 	    "read %zd decrypted bytes, but wrote %zu", rv, len);
-	ATF_REQUIRE(record_type == type);
+	ATF_REQUIRE_INTEQ(type, record_type);
 
 	ATF_REQUIRE(memcmp(plaintext, decrypted, len) == 0);
 
@@ -1388,11 +1403,11 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en,
 	 */
 	rv = write(sockets[1], NULL, 0);
 	if (rv == 0) {
-		ATF_REQUIRE(en->cipher_algorithm == CRYPTO_AES_CBC);
-		ATF_REQUIRE(en->tls_vminor == TLS_MINOR_VER_ZERO);
+		ATF_REQUIRE_INTEQ(CRYPTO_AES_CBC, en->cipher_algorithm);
+		ATF_REQUIRE_INTEQ(TLS_MINOR_VER_ZERO, en->tls_vminor);
 	} else {
-		ATF_REQUIRE(rv == -1);
-		ATF_REQUIRE(errno == EINVAL);
+		ATF_REQUIRE_INTEQ(-1, rv);
+		ATF_REQUIRE_ERRNO(EINVAL, true);
 		goto out;
 	}
 
@@ -1401,20 +1416,21 @@ test_ktls_transmit_empty_fragment(const atf_tc_t *tc, struct tls_enable *en,
 	 * to read.
 	 */
 	rv = read(sockets[0], outbuf, sizeof(struct tls_record_layer));
-	ATF_REQUIRE(rv == sizeof(struct tls_record_layer));
+	ATF_REQUIRE_INTEQ(sizeof(struct tls_record_layer), rv);
 	payload_len = ntohs(hdr->tls_length);
 	record_len = payload_len + sizeof(struct tls_record_layer);
-	ATF_REQUIRE(record_len <= outbuf_cap);
+	ATF_REQUIRE_MSG(record_len <= outbuf_cap,
+	    "record_len (%zu) > outbuf_cap (%zu)", record_len, outbuf_cap);
 	rv = read(sockets[0], outbuf + sizeof(struct tls_record_layer),
 	    payload_len);
-	ATF_REQUIRE(rv == (ssize_t)payload_len);
+	ATF_REQUIRE_INTEQ((ssize_t)payload_len, rv);
 
 	rv = decrypt_tls_record(tc, en, seqno, outbuf, record_len, NULL, 0,
 	    &record_type);
 
 	ATF_REQUIRE_MSG(rv == 0,
 	    "read %zd decrypted bytes for an empty fragment", rv);
-	ATF_REQUIRE(record_type == TLS_RLTYPE_APP);
+	ATF_REQUIRE_INTEQ(TLS_RLTYPE_APP, record_type);
 
 out:
 	free(outbuf);
@@ -1449,19 +1465,19 @@ ktls_receive_tls_record(struct tls_enable *en, int fd, uint8_t record_type,
 
 	cmsg = CMSG_FIRSTHDR(&msg);
 	ATF_REQUIRE(cmsg != NULL);
-	ATF_REQUIRE(cmsg->cmsg_level == IPPROTO_TCP);
-	ATF_REQUIRE(cmsg->cmsg_type == TLS_GET_RECORD);
-	ATF_REQUIRE(cmsg->cmsg_len == CMSG_LEN(sizeof(*tgr)));
+	ATF_REQUIRE_INTEQ(IPPROTO_TCP, cmsg->cmsg_level);
+	ATF_REQUIRE_INTEQ(TLS_GET_RECORD, cmsg->cmsg_type);
+	ATF_REQUIRE_INTEQ(CMSG_LEN(sizeof(*tgr)), cmsg->cmsg_len);
 
 	tgr = (struct tls_get_record *)CMSG_DATA(cmsg);
-	ATF_REQUIRE(tgr->tls_type == record_type);
-	ATF_REQUIRE(tgr->tls_vmajor == en->tls_vmajor);
+	ATF_REQUIRE_INTEQ(record_type, tgr->tls_type);
+	ATF_REQUIRE_INTEQ(en->tls_vmajor, tgr->tls_vmajor);
 	/* XXX: Not sure if this is what OpenSSL expects? */
 	if (en->tls_vminor == TLS_MINOR_VER_THREE)
-		ATF_REQUIRE(tgr->tls_vminor == TLS_MINOR_VER_TWO);
+		ATF_REQUIRE_INTEQ(TLS_MINOR_VER_TWO, tgr->tls_vminor);
 	else
-		ATF_REQUIRE(tgr->tls_vminor == en->tls_vminor);
-	ATF_REQUIRE(tgr->tls_length == htons(rv));
+		ATF_REQUIRE_INTEQ(en->tls_vminor, tgr->tls_vminor);
+	ATF_REQUIRE_INTEQ(htons(rv), tgr->tls_length);
 
 	return (rv);
 }
@@ -1527,7 +1543,7 @@ test_ktls_receive_app_data(const atf_tc_t *tc, struct tls_enable *en,
 			rv = write(ev.ident, outbuf + outbuf_sent,
 			    outbuf_len - outbuf_sent);
 			ATF_REQUIRE_MSG(rv > 0,
-			    "failed to write to socket");
+			    "failed to write to socket: %s", strerror(errno));
 			outbuf_sent += rv;
 			if (outbuf_sent == outbuf_len) {
 				outbuf_len = 0;
@@ -1584,7 +1600,7 @@ ktls_receive_tls_error(int fd, int expected_error)
 
 	ATF_REQUIRE(recvmsg(fd, &msg, 0) == -1);
 	if (expected_error != 0)
-		ATF_REQUIRE(errno == expected_error);
+		ATF_REQUIRE_ERRNO(expected_error, true);
 }
 
 static void
@@ -1620,7 +1636,7 @@ test_ktls_receive_corrupted_record(const atf_tc_t *tc, struct tls_enable *en,
 	outbuf[offset] ^= 0x01;
 
 	rv = write(sockets[1], outbuf, outbuf_len);
-	ATF_REQUIRE(rv == (ssize_t)outbuf_len);
+	ATF_REQUIRE_INTEQ((ssize_t)outbuf_len, rv);
 
 	ktls_receive_tls_error(sockets[0], EBADMSG);
 
@@ -1670,7 +1686,7 @@ static void
 test_ktls_receive_corrupted_padding(const atf_tc_t *tc, struct tls_enable *en,
     uint64_t seqno, size_t len)
 {
-	ATF_REQUIRE(en->cipher_algorithm == CRYPTO_AES_CBC);
+	ATF_REQUIRE_INTEQ(CRYPTO_AES_CBC, en->cipher_algorithm);
 
 	/* Corrupt the last byte of the padding. */
 	test_ktls_receive_corrupted_record(tc, en, seqno, len, -1);
@@ -1704,7 +1720,7 @@ test_ktls_receive_truncated_record(const atf_tc_t *tc, struct tls_enable *en,
 	    plaintext, len, outbuf, outbuf_cap, 0);
 
 	rv = write(sockets[1], outbuf, outbuf_len / 2);
-	ATF_REQUIRE(rv == (ssize_t)(outbuf_len / 2));
+	ATF_REQUIRE_INTEQ((ssize_t)(outbuf_len / 2), rv);
 
 	ATF_REQUIRE(shutdown(sockets[1], SHUT_WR) == 0);
 
@@ -1748,7 +1764,7 @@ test_ktls_receive_bad_major(const atf_tc_t *tc, struct tls_enable *en,
 	hdr->tls_vmajor++;
 
 	rv = write(sockets[1], outbuf, outbuf_len);
-	ATF_REQUIRE(rv == (ssize_t)outbuf_len);
+	ATF_REQUIRE_INTEQ((ssize_t)outbuf_len, rv);
 
 	ktls_receive_tls_error(sockets[0], EINVAL);
 
@@ -1790,7 +1806,7 @@ test_ktls_receive_bad_minor(const atf_tc_t *tc, struct tls_enable *en,
 	hdr->tls_vminor++;
 
 	rv = write(sockets[1], outbuf, outbuf_len);
-	ATF_REQUIRE(rv == (ssize_t)outbuf_len);
+	ATF_REQUIRE_INTEQ((ssize_t)outbuf_len, rv);
 
 	ktls_receive_tls_error(sockets[0], EINVAL);
 
@@ -1811,7 +1827,7 @@ test_ktls_receive_bad_type(const atf_tc_t *tc, struct tls_enable *en,
 	int sockets[2];
 
 	ATF_REQUIRE(len <= TLS_MAX_MSG_SIZE_V10_2);
-	ATF_REQUIRE(en->tls_vminor == TLS_MINOR_VER_THREE);
+	ATF_REQUIRE_INTEQ(TLS_MINOR_VER_THREE, en->tls_vminor);
 
 	plaintext = alloc_buffer(len);
 	outbuf_cap = tls_header_len(en) + len + tls_trailer_len(en);
@@ -1833,7 +1849,7 @@ test_ktls_receive_bad_type(const atf_tc_t *tc, struct tls_enable *en,
 	hdr->tls_type = TLS_RLTYPE_APP + 1;
 
 	rv = write(sockets[1], outbuf, outbuf_len);
-	ATF_REQUIRE(rv == (ssize_t)outbuf_len);
+	ATF_REQUIRE_INTEQ((ssize_t)outbuf_len, rv);
 
 	ktls_receive_tls_error(sockets[0], EINVAL);
 
@@ -1875,7 +1891,7 @@ test_ktls_receive_bad_size(const atf_tc_t *tc, struct tls_enable *en,
 	hdr->tls_length = htons(len);
 
 	rv = write(sockets[1], outbuf, outbuf_len);
-	ATF_REQUIRE(rv == (ssize_t)outbuf_len);
+	ATF_REQUIRE_INTEQ((ssize_t)outbuf_len, rv);
 
 	ATF_REQUIRE(shutdown(sockets[1], SHUT_WR) == 0);
 
@@ -2131,9 +2147,8 @@ test_ktls_invalid_transmit_cipher_suite(const atf_tc_t *tc,
 
 	ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets");
 
-	ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_TXTLS_ENABLE, en,
-	    sizeof(*en)) == -1);
-	ATF_REQUIRE(errno == EINVAL);
+	ATF_REQUIRE_ERRNO(EINVAL, setsockopt(sockets[1], IPPROTO_TCP,
+	    TCP_TXTLS_ENABLE, en, sizeof(*en)) == -1);
 
 	close_sockets(sockets);
 }
@@ -2628,9 +2643,8 @@ test_ktls_invalid_receive_cipher_suite(const atf_tc_t *tc,
 
 	ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets");
 
-	ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
-	    sizeof(*en)) == -1);
-	ATF_REQUIRE(errno == EINVAL);
+	ATF_REQUIRE_ERRNO(EINVAL, setsockopt(sockets[1], IPPROTO_TCP,
+	    TCP_RXTLS_ENABLE, en, sizeof(*en)) == -1);
 
 	close_sockets(sockets);
 }
@@ -2668,9 +2682,8 @@ test_ktls_unsupported_receive_cipher_suite(const atf_tc_t *tc,
 
 	ATF_REQUIRE_MSG(open_sockets(tc, sockets), "failed to create sockets");
 
-	ATF_REQUIRE(setsockopt(sockets[1], IPPROTO_TCP, TCP_RXTLS_ENABLE, en,
-	    sizeof(*en)) == -1);
-	ATF_REQUIRE(errno == EPROTONOSUPPORT);
+	ATF_REQUIRE_ERRNO(EPROTONOSUPPORT, setsockopt(sockets[1], IPPROTO_TCP,
+	    TCP_RXTLS_ENABLE, en, sizeof(*en)) == -1);
 
 	close_sockets(sockets);
 }