ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to OpenSSL 1.0.2.o

Browse Source
This commit is contained in:
Steve Dower
2018-04-13 17:29:45 +00:00
parent ccd3ab4aff
commit 4933cd8231
386 changed files with 5623 additions and 2984 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
test/Makefile
View File

@@ -73,6 +73,7 @@ CLIENTHELLOTEST= clienthellotest
BADDTLSTEST= bad_dtls_test
SSLV2CONFTEST = sslv2conftest
DTLSTEST = dtlstest
FATALERRTEST = fatalerrtest
TESTS= alltests
@@ -87,7 +88,7 @@ EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)
$(ASN1TEST)$(EXE_EXT) $(V3NAMETEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT) \
$(CONSTTIMETEST)$(EXE_EXT) $(VERIFYEXTRATEST)$(EXE_EXT) \
$(CLIENTHELLOTEST)$(EXE_EXT) $(SSLV2CONFTEST)$(EXE_EXT) $(DTLSTEST)$(EXE_EXT) \
$(BADDTLSTEST)$(EXE_EXT)
$(BADDTLSTEST)$(EXE_EXT) $(FATALERRTEST)$(EXE_EXT)
# $(METHTEST)$(EXE_EXT)
@@ -102,7 +103,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
$(EVPTEST).o $(EVPEXTRATEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(V3NAMETEST).o \
$(HEARTBEATTEST).o $(CONSTTIMETEST).o $(VERIFYEXTRATEST).o \
$(CLIENTHELLOTEST).o $(SSLV2CONFTEST).o $(DTLSTEST).o ssltestlib.o \
$(BADDTLSTEST).o
$(BADDTLSTEST).o $(FATALERRTEST).o
SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
@@ -114,7 +115,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
$(EVPTEST).c $(EVPEXTRATEST).c $(IGETEST).c $(JPAKETEST).c $(SRPTEST).c $(ASN1TEST).c \
$(V3NAMETEST).c $(HEARTBEATTEST).c $(CONSTTIMETEST).c $(VERIFYEXTRATEST).c \
$(CLIENTHELLOTEST).c $(SSLV2CONFTEST).c $(DTLSTEST).c ssltestlib.c \
$(BADDTLSTEST).c
$(BADDTLSTEST).c $(FATALERRTEST).c
EXHEADER=
HEADER= testutil.h ssltestlib.h $(EXHEADER)
@@ -159,7 +160,7 @@ alltests: \
test_ss test_ca test_engine test_evp test_evp_extra test_ssl test_tsa test_ige \
test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
test_constant_time test_verify_extra test_clienthello test_sslv2conftest \
test_dtls test_bad_dtls
test_dtls test_bad_dtls test_fatalerr
test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
@@ -307,6 +308,7 @@ test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
fi
../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
@sh ./testssl keyU.ss certU.ss certCA.ss
@sh ./testssl keyU.ss certU.ss certCA.ss -rle
@sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
@sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
@@ -372,6 +374,10 @@ test_bad_dtls: $(BADDTLSTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(BADDTLSTEST)
test_fatalerr: $(FATALERRTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(FATALERRTEST) ../apps/server.pem ../apps/server.pem
test_sslv2conftest: $(SSLV2CONFTEST)$(EXE_EXT)
@echo $(START) $@
../util/shlib_wrap.sh ./$(SSLV2CONFTEST)
@@ -560,6 +566,9 @@ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
$(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
@target=$(BADDTLSTEST) $(BUILD_CMD)
$(FATALERRTEST)$(EXE_EXT): $(FATALERRTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
@target=$(FATALERRTEST); exobj=ssltestlib.o; $(BUILD_CMD)
$(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
@target=$(SSLV2CONFTEST) $(BUILD_CMD)
@@ -775,6 +784,25 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
exptest.o: ../include/openssl/symhacks.h exptest.c
fatalerrtest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
fatalerrtest.o: ../include/openssl/buffer.h ../include/openssl/comp.h
fatalerrtest.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
fatalerrtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
fatalerrtest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
fatalerrtest.o: ../include/openssl/err.h ../include/openssl/evp.h
fatalerrtest.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
fatalerrtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
fatalerrtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
fatalerrtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
fatalerrtest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
fatalerrtest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
fatalerrtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
fatalerrtest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
fatalerrtest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
fatalerrtest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
fatalerrtest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
fatalerrtest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
fatalerrtest.o: fatalerrtest.c ssltestlib.h
heartbeat_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
heartbeat_test.o: ../include/openssl/buffer.h ../include/openssl/comp.h
heartbeat_test.o: ../include/openssl/crypto.h ../include/openssl/dsa.h

134
test/igetest.c
View File

@@ -200,16 +200,16 @@ static int run_test_vectors(void)
assert(v->length <= MAX_VECTOR_SIZE);
if (v->encrypt == AES_ENCRYPT)
AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
AES_set_encrypt_key(v->key, 8 * sizeof(v->key), &key);
else
AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
memcpy(iv, v->iv, sizeof iv);
AES_set_decrypt_key(v->key, 8 * sizeof(v->key), &key);
memcpy(iv, v->iv, sizeof(iv));
AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
if (memcmp(v->out, buf, v->length)) {
printf("IGE test vector %d failed\n", n);
hexdump(stdout, "key", v->key, sizeof v->key);
hexdump(stdout, "iv", v->iv, sizeof v->iv);
hexdump(stdout, "key", v->key, sizeof(v->key));
hexdump(stdout, "iv", v->iv, sizeof(v->iv));
hexdump(stdout, "in", v->in, v->length);
hexdump(stdout, "expected", v->out, v->length);
hexdump(stdout, "got", buf, v->length);
@@ -218,14 +218,14 @@ static int run_test_vectors(void)
}
/* try with in == out */
memcpy(iv, v->iv, sizeof iv);
memcpy(iv, v->iv, sizeof(iv));
memcpy(buf, v->in, v->length);
AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
if (memcmp(v->out, buf, v->length)) {
printf("IGE test vector %d failed (with in == out)\n", n);
hexdump(stdout, "key", v->key, sizeof v->key);
hexdump(stdout, "iv", v->iv, sizeof v->iv);
hexdump(stdout, "key", v->key, sizeof(v->key));
hexdump(stdout, "iv", v->iv, sizeof(v->iv));
hexdump(stdout, "in", v->in, v->length);
hexdump(stdout, "expected", v->out, v->length);
hexdump(stdout, "got", buf, v->length);
@@ -257,9 +257,9 @@ static int run_test_vectors(void)
if (memcmp(v->out, buf, v->length)) {
printf("Bidirectional IGE test vector %d failed\n", n);
hexdump(stdout, "key 1", v->key1, sizeof v->key1);
hexdump(stdout, "key 2", v->key2, sizeof v->key2);
hexdump(stdout, "iv", v->iv, sizeof v->iv);
hexdump(stdout, "key 1", v->key1, sizeof(v->key1));
hexdump(stdout, "key 2", v->key2, sizeof(v->key2));
hexdump(stdout, "iv", v->iv, sizeof(v->iv));
hexdump(stdout, "in", v->in, v->length);
hexdump(stdout, "expected", v->out, v->length);
hexdump(stdout, "got", buf, v->length);
@@ -288,19 +288,19 @@ int main(int argc, char **argv)
assert(BIG_TEST_SIZE >= TEST_SIZE);
RAND_pseudo_bytes(rkey, sizeof rkey);
RAND_pseudo_bytes(plaintext, sizeof plaintext);
RAND_pseudo_bytes(iv, sizeof iv);
memcpy(saved_iv, iv, sizeof saved_iv);
RAND_pseudo_bytes(rkey, sizeof(rkey));
RAND_pseudo_bytes(plaintext, sizeof(plaintext));
RAND_pseudo_bytes(iv, sizeof(iv));
memcpy(saved_iv, iv, sizeof(saved_iv));
/* Forward IGE only... */
/* Straight encrypt/decrypt */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
if (memcmp(checktext, plaintext, TEST_SIZE)) {
@@ -311,16 +311,16 @@ int main(int argc, char **argv)
}
/* Now check encrypt chaining works */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
AES_ENCRYPT);
AES_ige_encrypt(plaintext + TEST_SIZE / 2,
ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
&key, iv, AES_ENCRYPT);
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
if (memcmp(checktext, plaintext, TEST_SIZE)) {
@@ -331,16 +331,16 @@ int main(int argc, char **argv)
}
/* And check decrypt chaining */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
AES_ENCRYPT);
AES_ige_encrypt(plaintext + TEST_SIZE / 2,
ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
&key, iv, AES_ENCRYPT);
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
AES_DECRYPT);
AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
@@ -355,29 +355,29 @@ int main(int argc, char **argv)
}
/* make sure garble extends forwards only */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
AES_ENCRYPT);
/* corrupt halfway through */
++ciphertext[sizeof ciphertext / 2];
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
memcpy(iv, saved_iv, sizeof iv);
AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
++ciphertext[sizeof(ciphertext) / 2];
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
memcpy(iv, saved_iv, sizeof(iv));
AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
AES_DECRYPT);
matches = 0;
for (n = 0; n < sizeof checktext; ++n)
for (n = 0; n < sizeof(checktext); ++n)
if (checktext[n] == plaintext[n])
++matches;
if (matches > sizeof checktext / 2 + sizeof checktext / 100) {
if (matches > sizeof(checktext) / 2 + sizeof(checktext) / 100) {
printf("More than 51%% matches after garbling\n");
++err;
}
if (matches < sizeof checktext / 2) {
if (matches < sizeof(checktext) / 2) {
printf("Garble extends backwards!\n");
++err;
}
@@ -389,16 +389,16 @@ int main(int argc, char **argv)
*/
/* possible with biIGE, so the IV is not updated. */
RAND_pseudo_bytes(rkey2, sizeof rkey2);
RAND_pseudo_bytes(rkey2, sizeof(rkey2));
/* Straight encrypt/decrypt */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
AES_ENCRYPT);
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
AES_DECRYPT);
@@ -410,70 +410,70 @@ int main(int argc, char **argv)
}
/* make sure garble extends both ways */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
AES_ENCRYPT);
/* corrupt halfway through */
++ciphertext[sizeof ciphertext / 2];
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
++ciphertext[sizeof(ciphertext) / 2];
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
AES_DECRYPT);
matches = 0;
for (n = 0; n < sizeof checktext; ++n)
for (n = 0; n < sizeof(checktext); ++n)
if (checktext[n] == plaintext[n])
++matches;
if (matches > sizeof checktext / 100) {
if (matches > sizeof(checktext) / 100) {
printf("More than 1%% matches after bidirectional garbling\n");
++err;
}
/* make sure garble extends both ways (2) */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
AES_ENCRYPT);
/* corrupt right at the end */
++ciphertext[sizeof ciphertext - 1];
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
++ciphertext[sizeof(ciphertext) - 1];
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
AES_DECRYPT);
matches = 0;
for (n = 0; n < sizeof checktext; ++n)
for (n = 0; n < sizeof(checktext); ++n)
if (checktext[n] == plaintext[n])
++matches;
if (matches > sizeof checktext / 100) {
if (matches > sizeof(checktext) / 100) {
printf("More than 1%% matches after bidirectional garbling (2)\n");
++err;
}
/* make sure garble extends both ways (3) */
AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
AES_set_encrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_encrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_ige_encrypt(plaintext, ciphertext, sizeof(plaintext), &key, iv,
AES_ENCRYPT);
/* corrupt right at the start */
++ciphertext[0];
AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
AES_set_decrypt_key(rkey, 8 * sizeof(rkey), &key);
AES_set_decrypt_key(rkey2, 8 * sizeof(rkey2), &key2);
AES_ige_encrypt(ciphertext, checktext, sizeof(checktext), &key, iv,
AES_DECRYPT);
matches = 0;
for (n = 0; n < sizeof checktext; ++n)
for (n = 0; n < sizeof(checktext); ++n)
if (checktext[n] == plaintext[n])
++matches;
if (matches > sizeof checktext / 100) {
if (matches > sizeof(checktext) / 100) {
printf("More than 1%% matches after bidirectional garbling (3)\n");
++err;
}

7
test/maketests.com
View File

@@ -150,8 +150,8 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
"EVP_TEST,EVP_EXTRA_TEST,IGETEST,JPAKETEST,SRPTEST,"+ -
"ASN1TEST,V3NAMETEST,HEARTBEAT_TEST,"+ -
"CONSTANT_TIME_TEST,VERIFY_EXTRA_TEST,"+ -
"CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST"
$! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well?
"CLIENTHELLOTEST,SSLV2CONFTEST,DTLSTEST,"+ -
"BAD_DTLS_TEST,FATALERRTEST"
$!
$! Additional directory information.
$ T_D_BNTEST := [-.crypto.bn]
@@ -194,10 +194,13 @@ $ T_D_HEARTBEAT_TEST := [-.ssl]
$ T_D_CONSTANT_TIME_TEST := [-.crypto]
$ T_D_VERIFY_EXTRA_TEST := [-.crypto.x509]
$ T_D_CLIENTHELLOTEST := [-.ssl]
$ T_D_BAD_DTLS_TEST := [-.ssl]
$ T_D_SSLV2CONFTEST := [-.ssl]
$ T_D_DTLSTEST := [-.ssl]
$ T_D_FATALERRTEST := [-.ssl]
$
$ EXOBJ_DTLSTEST := SSLTESTLIB
$ EXOBJ_FATALERRTEST := SSLTESTLIB
$!
$ TCPIP_PROGRAMS = ",,"
$ IF COMPILER .EQS. "VAXC" THEN -

15
test/tests.com
View File

@@ -57,7 +57,8 @@ $ tests := -
test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,test_ige,-
test_jpake,test_srp,test_cms,test_ocsp,test_v3name,test_heartbeat,-
test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,test_dtls
test_constant_time,test_verify_extra,test_clienthello,test_sslv2conftest,-
test_dtls,test_bad_dtls,test_fatalerr
$ endif
$ tests = f$edit(tests,"COLLAPSE")
$
@@ -102,8 +103,10 @@ $ HEARTBEATTEST := heartbeat_test
$ CONSTTIMETEST := constant_time_test
$ VERIFYEXTRATEST := verify_extra_test
$ CLIENTHELLOTEST := clienthellotest
$ BADDTLSTEST := bad_dtls_test
$ SSLV2CONFTEST := sslv2conftest
$ DTLSTEST := dtlstest
$ FATALERRTEST := fatalerrtest
$!
$ tests_i = 0
$ loop_tests:
@@ -402,6 +405,16 @@ $ test_clienthello:
$ write sys$output "''START' test_clienthello"
$ mcr 'texe_dir''clienthellotest'
$ return
$ test_bad_dtls:
$ write sys$output "''START' test_bad_dtls"
$ mcr 'texe_dir''baddtlstest'
$ return
$
$ test_fatalerr:
$ write sys$output "''START' test_fatalerrtest"
$ mcr 'texe_dir''fatalerrtest' 'ROOT'.APPS]server.pem 'ROOT'.APPS]server.pem
$ return
$
$ test_sslv2conftest:
$ write sys$output "''START' test_sslv2conftest"
$ mcr 'texe_dir''sslv2conftest'

30
test/testssl
View File

@@ -292,4 +292,34 @@ if [ -z "$extra" -a `uname -m` = "x86_64" ]; then
$ssltest -cipher AES128-SHA256 -bytes 8m || exit 1
fi
#############################################################################
# Signature algorithms + SNI
$ssltest -tls12 -sn_client server1 -sn_server1 server1 -sn_server2 server2 -sn_expect1 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 || exit 1
$ssltest -tls12 -sn_client server1 -sn_server1 server1 -sn_server2 server2 -sn_expect1 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 -sni_in_cert_cb || exit 1
# Switching SSL_CTX on SNI must not break signature algorithm negotiation.
$ssltest -tls12 -sn_client server2 -sn_server1 server1 -sn_server2 server2 -sn_expect2 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 || exit 1
$ssltest -tls12 -sn_client server2 -sn_server1 server1 -sn_server2 server2 -sn_expect2 -client_sigalgs RSA+SHA256 -server_digest_expect SHA256 -sni_in_cert_cb || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket yes -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket yes -ticket_expect yes || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client alice -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket yes -ticket_expect yes || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 no -s_ticket2 yes -c_ticket yes -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 no -c_ticket yes -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket no -ticket_expect no || exit 1
$ssltest -bio_pair -sn_client bob -sn_server1 alice -sn_server2 bob -s_ticket1 yes -s_ticket2 yes -c_ticket yes -ticket_expect yes || exit 1
$ssltest -bio_pair -s_ticket1 broken -c_ticket yes -ticket_expect no || exit 1
exit 0

2
test/testutil.h
View File

@@ -103,7 +103,7 @@
* TEST_CASE_NAME is defined as the name of the test case function where
* possible; otherwise we get by with the file name and line number.
*/
# if __STDC_VERSION__ < 199901L
# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
# if defined(_MSC_VER)
# define TEST_CASE_NAME __FUNCTION__
# else