ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Imported OpenSSL 1.1.1b

Browse Source
This commit is contained in:
Steve Dower
2019-03-07 09:36:23 -08:00
parent d6b2cd4920
commit 8f99635588
389 changed files with 7946 additions and 4431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
test/recipes/02-test_errstr.t Normal file
View File

@@ -0,0 +1,121 @@
#! /usr/bin/env perl
# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
no strict 'refs'; # To be able to use strings as function refs
use OpenSSL::Test;
use OpenSSL::Test::Utils;
use Errno qw(:POSIX);
use POSIX qw(strerror);
# We actually have space for up to 4095 error messages,
# numerically speaking... but we're currently only using
# numbers 1 through 127.
# This constant should correspond to the same constant
# defined in crypto/err/err.c, or at least must not be
# assigned a greater number.
use constant NUM_SYS_STR_REASONS => 127;
setup('test_errstr');
# In a cross compiled situation, there are chances that our
# application is linked against different C libraries than
# perl, and may thereby get different error messages for the
# same error.
# The safest is not to test under such circumstances.
plan skip_all => 'This is unsupported for cross compiled configurations'
if config('CROSS_COMPILE');
# The same can be said when compiling OpenSSL with mingw configuration
# on Windows when built with msys perl. Similar problems are also observed
# in MSVC builds, depending on the perl implementation used.
plan skip_all => 'This is unsupported on MSYS/MinGW or MSWin32'
if $^O eq 'msys' or $^O eq 'MSWin32';
plan skip_all => 'OpenSSL is configured "no-autoerrinit" or "no-err"'
if disabled('autoerrinit') || disabled('err');
# These are POSIX error names, which Errno implements as functions
# (this is documented)
my @posix_errors = @{$Errno::EXPORT_TAGS{POSIX}};
if ($^O eq 'MSWin32') {
# On Windows, these errors have been observed to not always be loaded by
# apps/openssl, while they are in perl, which causes a difference that we
# consider a false alarm. So we skip checking these errors.
# Because we can't know exactly what symbols exist in a perticular perl
# version, we resort to discovering them directly in the Errno package
# symbol table.
my @error_skiplist = qw(
ENETDOWN
ENETUNREACH
ENETRESET
ECONNABORTED
EISCONN
ENOTCONN
ESHUTDOWN
ETOOMANYREFS
ETIMEDOUT
EHOSTDOWN
EHOSTUNREACH
EALREADY
EINPROGRESS
ESTALE
EUCLEAN
ENOTNAM
ENAVAIL
ENOMEDIUM
ENOKEY
);
@posix_errors =
grep {
my $x = $_;
! grep {
exists $Errno::{$_} && $x == $Errno::{$_}
} @error_skiplist
} @posix_errors;
}
plan tests => scalar @posix_errors
+1 # Checking that error 128 gives 'reason(128)'
+1 # Checking that error 0 gives the library name
;
foreach my $errname (@posix_errors) {
my $errnum = "Errno::$errname"->();
SKIP: {
skip "Error $errname ($errnum) isn't within our range", 1
if $errnum > NUM_SYS_STR_REASONS;
my $perr = eval {
# Set $! to the error number...
local $! = $errnum;
# ... and $! will give you the error string back
$!
};
# We know that the system reasons are in OpenSSL error library 2
my @oerr = run(app([ qw(openssl errstr), sprintf("2%06x", $errnum) ]),
capture => 1);
$oerr[0] =~ s|\R$||;
$oerr[0] =~ s|.*system library:||g; # The actual message is last
ok($oerr[0] eq $perr, "($errnum) '$oerr[0]' == '$perr'");
}
}
my @after = run(app([ qw(openssl errstr 2000080) ]), capture => 1);
$after[0] =~ s|\R$||;
$after[0] =~ s|.*system library:||g;
ok($after[0] eq "reason(128)", "(128) '$after[0]' == 'reason(128)'");
my @zero = run(app([ qw(openssl errstr 2000000) ]), capture => 1);
$zero[0] =~ s|\R$||;
$zero[0] =~ s|.*system library:||g;
ok($zero[0] eq "system library", "(0) '$zero[0]' == 'system library'");

19
test/recipes/03-test_internal_ec.t Normal file
View File

@@ -0,0 +1,19 @@
#! /usr/bin/env perl
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use OpenSSL::Test; # get 'plan'
use OpenSSL::Test::Simple;
use OpenSSL::Test::Utils;
setup("test_internal_ec");
plan skip_all => "This test is unsupported in a no-ec build"
if disabled("ec");
simple_test("test_internal_ec", "ec_internal_test");

4
test/recipes/25-test_verify.t
View File

@@ -27,7 +27,7 @@ sub verify {
run(app([@args]));
}
plan tests => 134;
plan tests => 135;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -361,6 +361,8 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
"Not too many names and constraints to check (2)");
ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
"Not too many names and constraints to check (3)");
ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
"Public Key Algorithm rsa instead of rsaEncryption");
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 1

15
test/recipes/30-test_evp_data/evppkey.txt
View File

@@ -17601,6 +17601,14 @@ Key = ED25519-1-PUBLIC-Raw
Input = ""
Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b
#Signature maleability test.
#Same as the verify operation above but with the order added to s
OneShotDigestVerify = NULL
Key = ED25519-1-PUBLIC-Raw
Input = ""
Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901554c8c7872aa064e049dbb3013fbf29380d25bf5f0595bbe24655141438e7a101b
Result = VERIFY_ERROR
Title = ED448 tests from RFC8032
PrivateKey=ED448-1
@@ -17809,6 +17817,13 @@ Key = ED448-1-PUBLIC-Raw
Input = ""
Output = 533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980ff0d2028d4b18a9df63e006c5d1c2d345b925d8dc00b4104852db99ac5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e652600
#Signature malelability test.
#Same as the verify operation above but with the order added to s
OneShotDigestVerify = NULL
Key = ED448-1-PUBLIC-Raw
Input = ""
Output = 533a37f6bbe457251f023c0d88f976ae2dfb504a843e34d2074fd823d41a591f2b233f034f628281f2fd7a22ddd47d7828c59bd0a21bfd3980f25278d3667403c14bcec5f9cfde9955ebc8333c0ae78fc86e518317c5c7cdda8530a113a0f4dbb61149f05a7363268c71d95808ff2e656600
Result = VERIFY_ERROR
# Key generation tests
KeyGen = rsaEncryption

34
test/recipes/70-test_sslextension.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -88,9 +88,11 @@ sub inject_duplicate_extension
foreach my $message (@{$proxy->message_list}) {
if ($message->mt == $message_type) {
my %extensions = %{$message->extension_data};
# Add a duplicate (unknown) extension.
$message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
$message->set_extension(TLSProxy::Message::EXT_DUPLICATE_EXTENSION, "");
# Add a duplicate extension. We use cryptopro_bug since we never
# normally write that one, and it is allowed as unsolicited in the
# ServerHello
$message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
$message->dupext(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION);
$message->repack();
}
}
@@ -173,9 +175,23 @@ sub inject_unsolicited_extension
$sent_unsolisited_extension = 1;
}
sub inject_cryptopro_extension
{
my $proxy = shift;
# We're only interested in the initial ClientHello
if ($proxy->flight != 0) {
return;
}
my $message = ${$proxy->message_list}[0];
$message->set_extension(TLSProxy::Message::EXT_CRYPTOPRO_BUG_EXTENSION, "");
$message->repack();
}
# Test 1-2: Sending a duplicate extension should fail.
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 7;
plan tests => 8;
ok($fatal_alert, "Duplicate ClientHello extension");
$fatal_alert = 0;
@@ -234,3 +250,11 @@ SKIP: {
$proxy->start();
ok($fatal_alert, "Unsolicited server name extension (TLSv1.3)");
}
#Test 8: Send the cryptopro extension in a ClientHello. Normally this is an
# unsolicited extension only ever seen in the ServerHello. We should
# ignore it in a ClientHello
$proxy->clear();
$proxy->filter(\&inject_cryptopro_extension);
$proxy->start();
ok(TLSProxy::Message->success(), "Cryptopro extension in ClientHello");

104
test/recipes/70-test_sslrecords.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -44,7 +44,7 @@ my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
my $inject_recs_num = 1;
$proxy->serverflags("-tls1_2");
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 18;
plan tests => 20;
ok($fatal_alert, "Out of context empty records test");
#Test 2: Injecting in context empty records should succeed
@@ -155,7 +155,7 @@ ok($fatal_alert, "Changed record version in TLS1.2");
#TLS1.3 specific tests
SKIP: {
skip "TLSv1.3 disabled", 6 if disabled("tls1_3");
skip "TLSv1.3 disabled", 8 if disabled("tls1_3");
#Test 13: Sending a different record version in TLS1.3 should fail
$proxy->clear();
@@ -181,7 +181,9 @@ SKIP: {
use constant {
DATA_AFTER_SERVER_HELLO => 0,
DATA_AFTER_FINISHED => 1,
DATA_AFTER_KEY_UPDATE => 2
DATA_AFTER_KEY_UPDATE => 2,
DATA_BETWEEN_KEY_UPDATE => 3,
NO_DATA_BETWEEN_KEY_UPDATE => 4,
};
#Test 16: Sending a ServerHello which doesn't end on a record boundary
@@ -198,7 +200,6 @@ SKIP: {
$fatal_alert = 0;
$proxy->clear();
$boundary_test_type = DATA_AFTER_FINISHED;
$proxy->filter(\&not_on_record_boundary);
$proxy->start();
ok($fatal_alert, "Record not on boundary in TLS1.3 (Finished)");
@@ -207,9 +208,24 @@ SKIP: {
$fatal_alert = 0;
$proxy->clear();
$boundary_test_type = DATA_AFTER_KEY_UPDATE;
$proxy->filter(\&not_on_record_boundary);
$proxy->start();
ok($fatal_alert, "Record not on boundary in TLS1.3 (KeyUpdate)");
#Test 19: Sending application data in the middle of a fragmented KeyUpdate
# should fail. Strictly speaking this is not a record boundary test
# but we use the same filter.
$fatal_alert = 0;
$proxy->clear();
$boundary_test_type = DATA_BETWEEN_KEY_UPDATE;
$proxy->start();
ok($fatal_alert, "Data between KeyUpdate");
#Test 20: Fragmented KeyUpdate. This should succeed. Strictly speaking this
# is not a record boundary test but we use the same filter.
$proxy->clear();
$boundary_test_type = NO_DATA_BETWEEN_KEY_UPDATE;
$proxy->start();
ok(TLSProxy::Message->success(), "No data between KeyUpdate");
}
@@ -573,7 +589,7 @@ sub not_on_record_boundary
#Update the record
$last_record->data($data);
$last_record->len(length $data);
} else {
} elsif ($boundary_test_type == DATA_AFTER_KEY_UPDATE) {
return if @{$proxy->{message_list}}[-1]->{mt}
!= TLSProxy::Message::MT_FINISHED;
@@ -605,5 +621,79 @@ sub not_on_record_boundary
$record->data($data);
$record->len(length $data);
push @{$records}, $record;
} else {
return if @{$proxy->{message_list}}[-1]->{mt}
!= TLSProxy::Message::MT_FINISHED;
my $record = TLSProxy::Record->new(
1,
TLSProxy::Record::RT_APPLICATION_DATA,
TLSProxy::Record::VERS_TLS_1_2,
0,
0,
0,
0,
"",
""
);
#Add a partial KeyUpdate message into the record
$data = pack "C1",
0x18; # KeyUpdate message type. Omit the rest of the message header
#Add content type and tag
$data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16);
$record->data($data);
$record->len(length $data);
push @{$records}, $record;
if ($boundary_test_type == DATA_BETWEEN_KEY_UPDATE) {
#Now add an app data record
$record = TLSProxy::Record->new(
1,
TLSProxy::Record::RT_APPLICATION_DATA,
TLSProxy::Record::VERS_TLS_1_2,
0,
0,
0,
0,
"",
""
);
#Add an empty app data record (just content type and tag)
$data = pack("C", TLSProxy::Record::RT_APPLICATION_DATA).("\0"x16);
$record->data($data);
$record->len(length $data);
push @{$records}, $record;
}
#Now add the rest of the KeyUpdate message
$record = TLSProxy::Record->new(
1,
TLSProxy::Record::RT_APPLICATION_DATA,
TLSProxy::Record::VERS_TLS_1_2,
0,
0,
0,
0,
"",
""
);
#Add the last 4 bytes of the KeyUpdate record
$data = pack "C4",
0x00, 0x00, 0x01, # Message length
0x00; # Update not requested
#Add content type and tag
$data .= pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16);
$record->data($data);
$record->len(length $data);
push @{$records}, $record;
}
}

5
test/recipes/80-test_ssl_new.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS";
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
plan tests => 28; # = scalar @conf_srcs
plan tests => 29; # = scalar @conf_srcs
# Some test results depend on the configuration of enabled protocols. We only
# verify generated sources in the default configuration.
@@ -102,6 +102,7 @@ my %skip = (
"24-padding.conf" => disabled("tls1_3"),
"25-cipher.conf" => disabled("ec") || disabled("tls1_2"),
"26-tls13_client_auth.conf" => disabled("tls1_3"),
"29-dtls-sctp-label-bug.conf" => disabled("sctp") || disabled("sock"),
);
foreach my $conf (@conf_files) {

12
test/recipes/90-test_bio_memleak.t Normal file
View File

@@ -0,0 +1,12 @@
#! /usr/bin/env perl
# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_bio_memleak", "bio_memleak_test");

8
test/recipes/90-test_gost.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -12,11 +12,11 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_gost");
# The GOST ciphers are dynamically loaded via the GOST engine, so we must be
# able to support that. The engine also uses DSA and CMS symbols, so we skip
# this test on no-dsa or no-cms.
# able to support that. The engine also uses DSA, CMS and CMAC symbols, so we
# skip this test on no-dsa, no-cms or no-cmac.
plan skip_all => "GOST support is disabled in this OpenSSL build"
if disabled("gost") || disabled("engine") || disabled("dynamic-engine")
|| disabled("dsa") || disabled("cms");
|| disabled("dsa") || disabled("cms") || disabled("cmac");
plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build"
if disabled("tls1_3") || disabled("tls1_2");

4
test/recipes/90-test_includes.t
View File

@@ -11,11 +11,13 @@ plan skip_all => "test_includes doesn't work without posix-io"
if disabled("posix-io");
plan tests => # The number of tests being performed
3
5
+ ($^O eq "VMS" ? 2 : 0);
ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes");
ok(run(test(["conf_include_test", data_file("includes-file.cnf")])), "test file includes");
ok(run(test(["conf_include_test", data_file("includes-eq.cnf")])), "test includes with equal character");
ok(run(test(["conf_include_test", data_file("includes-eq-ws.cnf")])), "test includes with equal and whitespaces");
if ($^O eq "VMS") {
ok(run(test(["conf_include_test", data_file("vms-includes.cnf")])),
"test directory includes, VMS syntax");

5
test/recipes/90-test_includes_data/includes-eq-ws.cnf Normal file
View File

@@ -0,0 +1,5 @@
#
# Example configuration file using includes.
#
.include = conf-includes

5
test/recipes/90-test_includes_data/includes-eq.cnf Normal file
View File

@@ -0,0 +1,5 @@
#
# Example configuration file using includes.
#
.include=conf-includes

49
test/recipes/90-test_shlibload.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -8,6 +8,7 @@
use OpenSSL::Test qw/:DEFAULT bldtop_dir bldtop_file/;
use OpenSSL::Test::Utils;
use File::Temp qw(tempfile);
#Load configdata.pm
@@ -19,8 +20,10 @@ use configdata;
plan skip_all => "Test only supported in a shared build" if disabled("shared");
plan skip_all => "Test is disabled on AIX" if config('target') =~ m|^aix|;
plan skip_all => "Test is disabled on VMS" if config('target') =~ m|^vms|;
plan skip_all => "Test only supported in a dso build" if disabled("dso");
plan tests => 4;
plan tests => 10;
# When libssl and libcrypto are compiled on Linux with "-rpath", but not
# "--enable-new-dtags", the RPATH takes precedence over LD_LIBRARY_PATH,
@@ -30,14 +33,31 @@ plan tests => 4;
my $libcrypto = bldtop_file(shlib('libcrypto'));
my $libssl = bldtop_file(shlib('libssl'));
ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl])),
"running shlibloadtest -crypto_first");
ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl])),
"running shlibloadtest -ssl_first");
ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl])),
"running shlibloadtest -just_crypto");
ok(run(test(["shlibloadtest", "-dso_ref", $libcrypto, $libssl])),
"running shlibloadtest -dso_ref");
(my $fh, my $filename) = tempfile();
ok(run(test(["shlibloadtest", "-crypto_first", $libcrypto, $libssl, $filename])),
"running shlibloadtest -crypto_first $filename");
ok(check_atexit($fh));
unlink $filename;
($fh, $filename) = tempfile();
ok(run(test(["shlibloadtest", "-ssl_first", $libcrypto, $libssl, $filename])),
"running shlibloadtest -ssl_first $filename");
ok(check_atexit($fh));
unlink $filename;
($fh, $filename) = tempfile();
ok(run(test(["shlibloadtest", "-just_crypto", $libcrypto, $libssl, $filename])),
"running shlibloadtest -just_crypto $filename");
ok(check_atexit($fh));
unlink $filename;
($fh, $filename) = tempfile();
ok(run(test(["shlibloadtest", "-dso_ref", $libcrypto, $libssl, $filename])),
"running shlibloadtest -dso_ref $filename");
ok(check_atexit($fh));
unlink $filename;
($fh, $filename) = tempfile();
ok(run(test(["shlibloadtest", "-no_atexit", $libcrypto, $libssl, $filename])),
"running shlibloadtest -no_atexit $filename");
ok(!check_atexit($fh));
unlink $filename;
sub shlib {
my $lib = shift;
@@ -50,3 +70,12 @@ sub shlib {
|.$config{shlib_version_number}|x;
return $lib;
}
sub check_atexit {
my $fh = shift;
my $data = <$fh>;
return 1 if (defined $data && $data =~ m/atexit\(\) run/);
return 0;
}