ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1i

Browse Source
This commit is contained in:
Steve Dower
2021-01-05 19:44:35 +00:00
parent 7f34c3085f
commit ae8aba4cbc
344 changed files with 4257 additions and 4161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
test/asn1_decode_test.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -160,6 +160,41 @@ static int test_uint64(void)
return 1;
}
typedef struct {
ASN1_STRING *invalidDirString;
} INVALIDTEMPLATE;
ASN1_SEQUENCE(INVALIDTEMPLATE) = {
/*
* DirectoryString is a CHOICE type so it must use explicit tagging -
* but we deliberately use implicit here, which makes this template invalid.
*/
ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
/* Empty sequence for invalid template test */
static unsigned char t_invalid_template[] = {
0x30, 0x03, /* SEQUENCE tag + length */
0x0c, 0x01, 0x41 /* UTF8String, length 1, "A" */
};
static int test_invalid_template(void)
{
const unsigned char *p = t_invalid_template;
INVALIDTEMPLATE *tmp = d2i_INVALIDTEMPLATE(NULL, &p,
sizeof(t_invalid_template));
/* We expect a NULL pointer return */
if (TEST_ptr_null(tmp))
return 1;
INVALIDTEMPLATE_free(tmp);
return 0;
}
int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
@@ -169,5 +204,6 @@ int setup_tests(void)
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
ADD_TEST(test_invalid_template);
return 1;
}

35
test/asn1_encode_test.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -856,6 +856,38 @@ static int test_uint64(void)
return test_intern(&uint64_test_package);
}
typedef struct {
ASN1_STRING *invalidDirString;
} INVALIDTEMPLATE;
ASN1_SEQUENCE(INVALIDTEMPLATE) = {
/*
* DirectoryString is a CHOICE type so it must use explicit tagging -
* but we deliberately use implicit here, which makes this template invalid.
*/
ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
} static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
static int test_invalid_template(void)
{
INVALIDTEMPLATE *temp = INVALIDTEMPLATE_new();
int ret;
if (!TEST_ptr(temp))
return 0;
ret = i2d_INVALIDTEMPLATE(temp, NULL);
INVALIDTEMPLATE_free(temp);
/* We expect the i2d operation to fail */
return ret < 0;
}
int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
@@ -866,5 +898,6 @@ int setup_tests(void)
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
ADD_TEST(test_invalid_template);
return 1;
}

3
test/bioprinttest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -249,6 +249,7 @@ static int test_big(void)
if (!TEST_int_eq(BIO_snprintf(buf, sizeof(buf),
"%f\n", 2 * (double)ULONG_MAX), -1))
return 0;
return 1;
}

9
test/build.info
View File

@@ -461,6 +461,9 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
IF[{- !$disabled{ec} -}]
PROGRAMS_NO_INST=ec_internal_test curve448_internal_test
ENDIF
IF[{- !$disabled{cmac} -}]
PROGRAMS_NO_INST=cmactest
ENDIF
SOURCE[poly1305_internal_test]=poly1305_internal_test.c
INCLUDE[poly1305_internal_test]=.. ../include
@@ -494,6 +497,12 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
INCLUDE[ctype_internal_test]=.. ../include
DEPEND[ctype_internal_test]=../libcrypto.a libtestutil.a
IF[{- !$disabled{cmac} -}]
SOURCE[cmactest]=cmactest.c
INCLUDE[cmactest]=../include ../apps/include
DEPEND[cmactest]=../libcrypto.a libtestutil.a
ENDIF
SOURCE[siphash_internal_test]=siphash_internal_test.c
INCLUDE[siphash_internal_test]=.. ../include
DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a

19
test/certs/ca-cert-ec-explicit.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDGDCCAgCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTIwMDkxNTEzMDY0MVoYDzIxMjAwOTE2MTMwNjQxWjANMQswCQYDVQQD
DAJDQTCCAUswggEDBgcqhkjOPQIBMIH3AgEBMCwGByqGSM49AQECIQD/////AAAA
AQAAAAAAAAAAAAAAAP///////////////zBbBCD/////AAAAAQAAAAAAAAAAAAAA
AP///////////////AQgWsY12Ko6k+ez671VdpiGvGUdBrDMU7D2O848PifSYEsD
FQDEnTYIhucEk2pmeOETnSa3gZ9+kARBBGsX0fLhLEJH+Lzm5WOkQPJ3A32BLesz
oPShOUXYmMKWT+NC4v4af5uO5+tKfA+eFivOM1drMV7Oy7ZAaDe/UfUCIQD/////
AAAAAP//////////vOb6racXnoTzucrC/GMlUQIBAQNCAASlXna3kSD/Yol3RA5I
icjIxYb9UJoCTzb/LsxjlOvIS5OqCTzpqP0p3JrnvLPsbzq7Cf/g0bNlxAGs1iVM
5NDco1MwUTAdBgNVHQ4EFgQUFk6ucH6gMXeadmuV7a1iWEnU/CIwHwYDVR0jBBgw
FoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
9w0BAQsFAAOCAQEAdyUgfT0eAsZzoHFXoWN5uqi0MHuhLI37TEzkH5h7iTpDQJTQ
F0SjbawfM/nxxUekRW3mjFu3lft+VA7yC0OTNBLffan/vTh+HGOvvYZSMJYgKrMG
PRWgDId+n9RTcQCf+91cISvOazHixRiJG7JfRLdNZsAE+miw4HgPLFboTwpxtTDJ
zJ4ssBC6P+5IHwBCtNMiilJMMMzuSaZa5iSo6M9AdXWfcQN3uhW1lgQOLOlKLcbo
3UhW1GMMhTTeytM5aylbKhRsnL7ozmS44zsKZ25YaQxgjdKitFjVN6j7eyQ7C9J2
bLXgl3APweLQbGGs0zv08Ad0SCCKYLHK6mMJqg==
-----END CERTIFICATE-----

14
test/certs/ca-cert-ec-named.pem Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICJDCCAQygAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTIwMDkxNTEzMDY1MFoYDzIxMjAwOTE2MTMwNjUwWjANMQswCQYDVQQD
DAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPt+MXCi9+wztEvmdG2EVSk7
bAiJMXJXW/u0NbcGCrrbhO1NJSHHV3Lks888sqeSPh/bif/ASJ0HX+VarMUoFIKj
UzBRMB0GA1UdDgQWBBRjigU5REz8Lwf1iD6mALVhsHIanjAfBgNVHSMEGDAWgBSO
9SWvHptrhD18gJrJU5xNcvejUjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
CwUAA4IBAQCQs9wpblefb2C9a7usGL1DJjWJQIFHtUf+6p/KPgEV7LF138ECjL5s
0AWRd8Q8SbsBH49j2r3LLLMkvFglyRaN+FF+TCC/UQtclTb4+HgLsUT2xSU8U2cY
SOnzNB5AX/qAAsdOGqOjivPtGXcXFexDKPsw3n+3rJgymBP6hbLagb47IabNhot5
bMM6S+bmfpMwfsm885zr5vG2Gg9FjjH94Vx4I7eRLkjCS88gkIR1J35ecHFteOdo
idOaCHQddYiKukBzgdjtTxSDXKffkaybylrwOZ8VBlQd3zC7s02d+riHCnroLnnE
cwYLlJ5z6jN7zoPZ55yX/EmA0RVny2le
-----END CERTIFICATE-----

10
test/certs/ca-key-ec-explicit.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgdEf20fpuqEZU
tZ4ORoq4vb5ETV4a6QOl/iGnDQt++/ihRANCAASlXna3kSD/Yol3RA5IicjIxYb9
UJoCTzb/LsxjlOvIS5OqCTzpqP0p3JrnvLPsbzq7Cf/g0bNlxAGs1iVM5NDc
-----END PRIVATE KEY-----

5
test/certs/ca-key-ec-named.pem Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgCTrYrMKcyV49+w4B
TWr2WTZsMM4aFpaYulKAuhiuQ7mhRANCAAT7fjFwovfsM7RL5nRthFUpO2wIiTFy
V1v7tDW3Bgq624TtTSUhx1dy5LPPPLKnkj4f24n/wEidB1/lWqzFKBSC
-----END PRIVATE KEY-----

16
test/certs/ee-cert-ec-explicit.pem Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN CERTIFICATE-----
MIIChzCCAi6gAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y
MDA5MTUxMzE0MzlaGA8yMTIwMDkxNjEzMTQzOVowGTEXMBUGA1UEAwwOc2VydmVy
LmV4YW1wbGUwggFLMIIBAwYHKoZIzj0CATCB9wIBATAsBgcqhkjOPQEBAiEA////
/wAAAAEAAAAAAAAAAAAAAAD///////////////8wWwQg/////wAAAAEAAAAAAAAA
AAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n
0mBLAxUAxJ02CIbnBJNqZnjhE50mt4GffpAEQQRrF9Hy4SxCR/i85uVjpEDydwN9
gS3rM6D0oTlF2JjClk/jQuL+Gn+bjufrSnwPnhYrzjNXazFezsu2QGg3v1H1AiEA
/////wAAAAD//////////7zm+q2nF56E87nKwvxjJVECAQEDQgAE+7TDP7C9VqQP
TnqoJc/Fvf/N45BX+lBfmfiGBeRKtSsvrERUlymzQ4/nxVtymozAgFxQ0my998HH
TSVCj7Sq56N9MHswHQYDVR0OBBYEFKKwEfKYhNv6fbQf0Xd0te7J3GZdMB8GA1Ud
IwQYMBaAFGOKBTlETPwvB/WIPqYAtWGwchqeMAkGA1UdEwQCMAAwEwYDVR0lBAww
CgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwCgYIKoZIzj0E
AwIDRwAwRAIgb4UITAOFlATeaayWQX9r5gf61qcnzT7TjXCekf7ww9oCIBDltg/u
ZvS9gqviMFuPjTuk/FhsCTAUzTT7WmgcWeH7
-----END CERTIFICATE-----

11
test/certs/ee-cert-ec-named-explicit.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBlDCCATqgAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y
MDA5MTUxMzE0NDVaGA8yMTIwMDkxNjEzMTQ0NVowGTEXMBUGA1UEAwwOc2VydmVy
LmV4YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQv5PnMStW/Wx9lpvjl
JTsFIjc2wBv14sNuMh1hfNX8ZJcoCfAAKYu6ujxXt328GWBMaubRbBjOd/eqpEst
tYKzo30wezAdBgNVHQ4EFgQUmb/qcE413hkpmtjEMyRZZFcN1TYwHwYDVR0jBBgw
FoAUFk6ucH6gMXeadmuV7a1iWEnU/CIwCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
BgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNI
ADBFAiEA9y6J8rdAbO0mDZscIb8rIn6HgxBW4WAqTlFeZeHjjOYCIAmt2ldyObOL
tXaiaxYX3WAOR1vmfzsdrkCAOCfAkpbo
-----END CERTIFICATE-----

11
test/certs/ee-cert-ec-named-named.pem Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN CERTIFICATE-----
MIIBkzCCATqgAwIBAgIBAjAKBggqhkjOPQQDAjANMQswCQYDVQQDDAJDQTAgFw0y
MDA5MTUxNDEwNDhaGA8yMTIwMDkxNjE0MTA0OFowGTEXMBUGA1UEAwwOc2VydmVy
LmV4YW1wbGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS0YU57+RFRWxr/frnL
+vOYkY3h9roKnvxCG07wK5tevEYtSdKz0KsHvDBDatw1r3JNv+m2p54/3AqFPAZ3
5b0Po30wezAdBgNVHQ4EFgQUypypuZrUl0BEmbuhfJpo3QFNIvUwHwYDVR0jBBgw
FoAUY4oFOURM/C8H9Yg+pgC1YbByGp4wCQYDVR0TBAIwADATBgNVHSUEDDAKBggr
BgEFBQcDATAZBgNVHREEEjAQgg5zZXJ2ZXIuZXhhbXBsZTAKBggqhkjOPQQDAgNH
ADBEAiAEkKD7H5uxQ4YbQOiN4evbu5RCV5W7TVE80iBfcY5u4wIgGcwr++lVNX0Q
CTT+M3ukDjOA8OEvKUz1TiDuRAQ29qU=
-----END CERTIFICATE-----

10
test/certs/ee-key-ec-explicit.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN PRIVATE KEY-----
MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg
9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A
AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQg0cmpcTcEYG5G
ZaVkGjtsBc3sLZn1EuV9qNK2qx6iNzmhRANCAAT7tMM/sL1WpA9Oeqglz8W9/83j
kFf6UF+Z+IYF5Eq1Ky+sRFSXKbNDj+fFW3KajMCAXFDSbL33wcdNJUKPtKrn
-----END PRIVATE KEY-----

5
test/certs/ee-key-ec-named-explicit.pem Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg2ue+X5ZFJPJPQG2E
WQY4ALv2PkPp2Gy6KrMiokgmjkehRANCAAQv5PnMStW/Wx9lpvjlJTsFIjc2wBv1
4sNuMh1hfNX8ZJcoCfAAKYu6ujxXt328GWBMaubRbBjOd/eqpEsttYKz
-----END PRIVATE KEY-----

5
test/certs/ee-key-ec-named-named.pem Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGSoneIKG3//ujXGu
/EoJdNhpKZj026EF/YQ5FblUBWahRANCAAS0YU57+RFRWxr/frnL+vOYkY3h9roK
nvxCG07wK5tevEYtSdKz0KsHvDBDatw1r3JNv+m2p54/3AqFPAZ35b0P
-----END PRIVATE KEY-----

19
test/certs/ee-self-signed.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDIjCCAgqgAwIBAgIUT99h/YrAdcDg3fdLy5UajB8e994wDQYJKoZIhvcNAQEL
BQAwGTEXMBUGA1UEAwwOZWUtc2VsZi1zaWduZWQwIBcNMjAwNzI4MTQxNjA4WhgP
MjEyMDA3MDQxNDE2MDhaMBkxFzAVBgNVBAMMDmVlLXNlbGYtc2lnbmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqP+JWGGFrt7bLA/Vc/vit6gbenVg
K9R9PHN2ta7eky9/JJBtyRz0ijjNn6KAFlbLtCy7k+UXH/8NxkP+MTT4KNh16aO7
iILvo3LiU2IFRU3gMZfvqp0Q0lgNngaeMrsbCFZdZQ8/Zo7CNqAR/8BZNf1JHN0c
QjMGeK4EOCPl53Vn05StWqlAH6xZEPUMwWStSsTGNVOzlmqCGxWL0Zmr5J5vlKrS
luVX+4yRZIo8JBbG0hm+gmATO2Kw7T4ds8r5a98xuXqeS0dopynHP0riIie075Bj
1+/Qckk+W625G9Qrb4Zo3dVzErhDydxBD6KjRk+LZ4iED2H+eTQfSokftwIDAQAB
o2AwXjAdBgNVHQ4EFgQU55viKq2KbDrLdlHljgeYIpfhc6IwHwYDVR0jBBgwFoAU
55viKq2KbDrLdlHljgeYIpfhc6IwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMC
B4AwDQYJKoZIhvcNAQELBQADggEBAGDEbS5kJArjjQNK02oxhQyz1dbDy23evRxm
WW/NtlJAQAgEMXoNo9fioj0L4cvDy40r87V6/RsV2eijwZEfwGloACif7v78w8QO
h4XiW9oGxcQkdMIYZLDVW9AZPDIkK5NHNfQaeAxCprAufYnRMv035UotLzCBRrkG
G2TIs45vRp/6mYFVtm0Nf9CFvu4dXH8W+GlBONG0FAiBW+JzgTr9OmrzfqJTEDrf
vv/hOiu8XvvlF5piPBqKE76rEvkXUSjgDZ2/Ju1fjqpV2I8Hz1Mj9w9tRE8g4E9o
ZcRXX3MNPaHxnNhgYSPdpywwkyILz2AHwmAzh07cdttRFFPw+fM=
-----END CERTIFICATE-----

18
test/certs/root-expired.pem Normal file
View File

@@ -0,0 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC8jCCAdqgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMB4XDTIwMTIwMjE0MTYwOVoXDTIwMTIwMTE0MTYwOVowEjEQMA4GA1UEAwwH
Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOHmAPUGvKBG
OHkPPx5xGRNtAt8rm3Zr/KywIe3WkQhCO6VjNexSW6CiSsXWAJQDl1o9uWco0n3j
IVyk7cY8jY6E0Z1Uwz3ZdKKWdmdx+cYaUHez/XjuW+DjjIkjwpoi7D7UN54HzcAr
VREXOjRCHGkNOhiw7RWUXsb9nofGHOeUGpLAXwXBc0PlA94JkckkztiOi34u4DFI
0YYqalUmeugLNk6XseCkydpcaUsDgAhWg6Mfsiq4wUz+xbFN1MABqu2+ziW97mmt
9gfNbiuhiVT1aOuYCe3JYGbLM2JKA7Bo1g6rX8E1VX79Ru6669y2oqPthX9337Vo
IkN+ZiQjr8UCAwEAAaNTMFEwHQYDVR0OBBYEFI71Ja8em2uEPXyAmslTnE1y96NS
MB8GA1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMA8GA1UdEwEB/wQFMAMB
Af8wDQYJKoZIhvcNAQELBQADggEBAH1uqov7eXVT6GbhJ7foASTQpIaVi4GXIfbS
bYKCb0erWkLfW7EKalOTBp5TjWONSM4mX2OlZag7yq1P1YwMaBA51OkH0Ojic9fX
majK2S/ZyFI6NLoPqN0Uw/K1HHU0DXpK/mf3YdFOEZMf9LVlXR0O6og19HxBmNnN
LhTOQ29IGqNzayHGBi4U8LG+UAe5sxlC+gnnQEPGMrOS1XElybtHIxnqk2LJDvXj
2Dj12TCISD9bQ53oRkudTvTPyvxK6OsnFC/wTBmHk03yxnZdQEKyj9guahiRb+hj
sz4mDWWMmelcr6veEfzzlUZK7aoIrpJmgukhv/Qafwczo38J5U0=
-----END CERTIFICATE-----

20
test/certs/setup.sh
View File

@@ -1,10 +1,11 @@
#! /bin/sh
#! /bin/bash
# Primary root: root-cert
# root cert variants: CA:false, key2, DN2
# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth +anyEKU -anyEKU
#
./mkcert.sh genroot "Root CA" root-key root-cert
DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired
./mkcert.sh genss "Root CA" root-key root-nonca
./mkcert.sh genroot "Root CA" root-key2 root-cert2
./mkcert.sh genroot "Root Cert 2" root-key root-name2
@@ -116,6 +117,10 @@ openssl x509 -in ca-cert-md5.pem -trustout \
# CA has 768-bit key
OPENSSL_KEYBITS=768 \
./mkcert.sh genca "CA" ca-key-768 ca-cert-768 root-key root-cert
# EC cert with explicit curve
./mkcert.sh genca "CA" ca-key-ec-explicit ca-cert-ec-explicit root-key root-cert
# EC cert with named curve
./mkcert.sh genca "CA" ca-key-ec-named ca-cert-ec-named root-key root-cert
# client intermediate ca: cca-cert
# trust variants: +serverAuth, -serverAuth, +clientAuth, -clientAuth
@@ -164,7 +169,7 @@ openssl x509 -in sca-cert.pem -trustout \
./mkcert.sh genee server.example ee-key ee-name2 ca-key ca-name2
./mkcert.sh genee -p clientAuth server.example ee-key ee-client ca-key ca-cert
./mkcert.sh genee server.example ee-key ee-pathlen ca-key ca-cert \
-extfile <(echo "basicConstraints=CA:FALSE,pathlen:0")
-extfile <(echo "basicConstraints=CA:FALSE,pathlen:0") # bash needed here
#
openssl x509 -in ee-cert.pem -trustout \
-addtrust serverAuth -out ee+serverAuth.pem
@@ -184,6 +189,17 @@ OPENSSL_SIGALG=md5 \
# 768-bit leaf key
OPENSSL_KEYBITS=768 \
./mkcert.sh genee server.example ee-key-768 ee-cert-768 ca-key ca-cert
# EC cert with explicit curve signed by named curve ca
./mkcert.sh genee server.example ee-key-ec-explicit ee-cert-ec-explicit ca-key-ec-named ca-cert-ec-named
# EC cert with named curve signed by explicit curve ca
./mkcert.sh genee server.example ee-key-ec-named-explicit \
ee-cert-ec-named-explicit ca-key-ec-explicit ca-cert-ec-explicit
# EC cert with named curve signed by named curve ca
./mkcert.sh genee server.example ee-key-ec-named-named \
ee-cert-ec-named-named ca-key-ec-named ca-cert-ec-named
# self-signed end-entity cert with explicit keyUsage not including KeyCertSign
openssl req -new -x509 -key ee-key.pem -subj /CN=ee-self-signed -out ee-self-signed.pem -addext keyUsage=digitalSignature -days 36500
# Proxy certificates, off of ee-client
# Start with some good ones

210
test/cmactest.c Normal file
View File

@@ -0,0 +1,210 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "internal/nelem.h"
#include <openssl/cmac.h>
#include <openssl/aes.h>
#include <openssl/evp.h>
#include "testutil.h"
static const char xtskey[32] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
};
static struct test_st {
const char key[32];
int key_len;
const unsigned char data[64];
int data_len;
const char *mac;
} test[3] = {
{
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
0x0b, 0x0c, 0x0d, 0x0e, 0x0f
},
16,
"My test data",
12,
"29cec977c48f63c200bd5c4a6881b224"
},
{
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
},
32,
"My test data",
12,
"db6493aa04e4761f473b2b453c031c9a"
},
{
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
},
32,
"My test data again",
18,
"65c11c75ecf590badd0a5e56cbb8af60"
},
};
static char *pt(unsigned char *md, unsigned int len);
static int test_cmac_bad(void)
{
CMAC_CTX *ctx = NULL;
int ret = 0;
ctx = CMAC_CTX_new();
if (!TEST_ptr(ctx)
|| !TEST_false(CMAC_Init(ctx, NULL, 0, NULL, NULL))
|| !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len))
/* Should be able to pass cipher first, and then key */
|| !TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_128_cbc(), NULL))
/* Must have a key */
|| !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len))
/* Now supply the key */
|| !TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len, NULL, NULL))
/* Update should now work */
|| !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len))
/* XTS is not a suitable cipher to use */
|| !TEST_false(CMAC_Init(ctx, xtskey, sizeof(xtskey), EVP_aes_128_xts(),
NULL))
|| !TEST_false(CMAC_Update(ctx, test[0].data, test[0].data_len)))
goto err;
ret = 1;
err:
CMAC_CTX_free(ctx);
return ret;
}
static int test_cmac_run(void)
{
char *p;
CMAC_CTX *ctx = NULL;
unsigned char buf[AES_BLOCK_SIZE];
size_t len;
int ret = 0;
ctx = CMAC_CTX_new();
if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len,
EVP_aes_128_cbc(), NULL))
|| !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len))
|| !TEST_true(CMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, test[0].mac))
goto err;
if (!TEST_true(CMAC_Init(ctx, test[1].key, test[1].key_len,
EVP_aes_256_cbc(), NULL))
|| !TEST_true(CMAC_Update(ctx, test[1].data, test[1].data_len))
|| !TEST_true(CMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, test[1].mac))
goto err;
if (!TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL))
|| !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len))
|| !TEST_true(CMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, test[2].mac))
goto err;
/* Test reusing a key */
if (!TEST_true(CMAC_Init(ctx, NULL, 0, NULL, NULL))
|| !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len))
|| !TEST_true(CMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, test[2].mac))
goto err;
/* Test setting the cipher and key separately */
if (!TEST_true(CMAC_Init(ctx, NULL, 0, EVP_aes_256_cbc(), NULL))
|| !TEST_true(CMAC_Init(ctx, test[2].key, test[2].key_len, NULL, NULL))
|| !TEST_true(CMAC_Update(ctx, test[2].data, test[2].data_len))
|| !TEST_true(CMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, test[2].mac))
goto err;
ret = 1;
err:
CMAC_CTX_free(ctx);
return ret;
}
static int test_cmac_copy(void)
{
char *p;
CMAC_CTX *ctx = NULL, *ctx2 = NULL;
unsigned char buf[AES_BLOCK_SIZE];
size_t len;
int ret = 0;
ctx = CMAC_CTX_new();
ctx2 = CMAC_CTX_new();
if (!TEST_ptr(ctx) || !TEST_ptr(ctx2))
goto err;
if (!TEST_true(CMAC_Init(ctx, test[0].key, test[0].key_len,
EVP_aes_128_cbc(), NULL))
|| !TEST_true(CMAC_Update(ctx, test[0].data, test[0].data_len))
|| !TEST_true(CMAC_CTX_copy(ctx2, ctx))
|| !TEST_true(CMAC_Final(ctx2, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, test[0].mac))
goto err;
ret = 1;
err:
CMAC_CTX_free(ctx2);
CMAC_CTX_free(ctx);
return ret;
}
static char *pt(unsigned char *md, unsigned int len)
{
unsigned int i;
static char buf[80];
for (i = 0; i < len; i++)
sprintf(&(buf[i * 2]), "%02x", md[i]);
return buf;
}
int setup_tests(void)
{
ADD_TEST(test_cmac_bad);
ADD_TEST(test_cmac_run);
ADD_TEST(test_cmac_copy);
return 1;
}

81
test/drbgtest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -286,7 +286,6 @@ static int instantiate(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td,
*/
static int error_check(DRBG_SELFTEST_DATA *td)
{
static char zero[sizeof(RAND_DRBG)];
RAND_DRBG *drbg = NULL;
TEST_CTX t;
unsigned char buff[1024];
@@ -302,7 +301,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
/* Test detection of too large personalisation string */
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0)
|| !TEST_false(RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1)))
goto err;
/*
@@ -311,7 +310,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
/* Test entropy source failure detection: i.e. returns no data */
t.entropylen = 0;
if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0))
if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)))
goto err;
/* Try to generate output from uninstantiated DRBG */
@@ -321,16 +320,18 @@ static int error_check(DRBG_SELFTEST_DATA *td)
goto err;
/* Test insufficient entropy */
if (!init(drbg, td, &t))
goto err;
t.entropylen = drbg->min_entropylen - 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
|| !uninstantiate(drbg))
goto err;
/* Test too much entropy */
if (!init(drbg, td, &t))
goto err;
t.entropylen = drbg->max_entropylen + 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
|| !uninstantiate(drbg))
goto err;
@@ -340,18 +341,20 @@ static int error_check(DRBG_SELFTEST_DATA *td)
/* Test too small nonce */
if (drbg->min_noncelen) {
if (!init(drbg, td, &t))
goto err;
t.noncelen = drbg->min_noncelen - 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
|| !uninstantiate(drbg))
goto err;
}
/* Test too large nonce */
if (drbg->max_noncelen) {
if (!init(drbg, td, &t))
goto err;
t.noncelen = drbg->max_noncelen + 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
if (!TEST_false(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
|| !uninstantiate(drbg))
goto err;
}
@@ -377,7 +380,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
* failure.
*/
t.entropylen = 0;
if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
td->adin, td->adinlen))
|| !uninstantiate(drbg))
goto err;
@@ -385,15 +388,15 @@ static int error_check(DRBG_SELFTEST_DATA *td)
/* Instantiate again with valid data */
if (!instantiate(drbg, td, &t))
goto err;
reseed_counter_tmp = drbg->reseed_gen_counter;
drbg->reseed_gen_counter = drbg->reseed_interval;
reseed_counter_tmp = drbg->generate_counter;
drbg->generate_counter = drbg->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_int_eq(t.entropycnt, 1)
|| !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1)
|| !TEST_int_eq(drbg->generate_counter, reseed_counter_tmp + 1)
|| !uninstantiate(drbg))
goto err;
@@ -410,15 +413,15 @@ static int error_check(DRBG_SELFTEST_DATA *td)
/* Test reseed counter works */
if (!instantiate(drbg, td, &t))
goto err;
reseed_counter_tmp = drbg->reseed_gen_counter;
drbg->reseed_gen_counter = drbg->reseed_interval;
reseed_counter_tmp = drbg->generate_counter;
drbg->generate_counter = drbg->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_int_eq(t.entropycnt, 1)
|| !TEST_int_eq(drbg->reseed_gen_counter, reseed_counter_tmp + 1)
|| !TEST_int_eq(drbg->generate_counter, reseed_counter_tmp + 1)
|| !uninstantiate(drbg))
goto err;
@@ -428,12 +431,12 @@ static int error_check(DRBG_SELFTEST_DATA *td)
/* Test explicit reseed with too large additional input */
if (!instantiate(drbg, td, &t)
|| RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0)
|| !TEST_false(RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0)))
goto err;
/* Test explicit reseed with entropy source failure */
t.entropylen = 0;
if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0))
|| !uninstantiate(drbg))
goto err;
@@ -441,7 +444,7 @@ static int error_check(DRBG_SELFTEST_DATA *td)
if (!instantiate(drbg, td, &t))
goto err;
t.entropylen = drbg->max_entropylen + 1;
if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0))
|| !uninstantiate(drbg))
goto err;
@@ -449,14 +452,10 @@ static int error_check(DRBG_SELFTEST_DATA *td)
if (!instantiate(drbg, td, &t))
goto err;
t.entropylen = drbg->min_entropylen - 1;
if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
if (!TEST_false(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0))
|| !uninstantiate(drbg))
goto err;
/* Standard says we have to check uninstantiate really zeroes */
if (!TEST_mem_eq(zero, sizeof(drbg->data), &drbg->data, sizeof(drbg->data)))
goto err;
ret = 1;
err:
@@ -483,7 +482,7 @@ static int test_error_checks(int i)
DRBG_SELFTEST_DATA *td = &drbg_test[i];
int rv = 0;
if (error_check(td))
if (!error_check(td))
goto err;
rv = 1;
@@ -601,14 +600,14 @@ static int test_drbg_reseed(int expect_success,
*/
/* Test whether seed propagation is enabled */
if (!TEST_int_ne(master->reseed_prop_counter, 0)
|| !TEST_int_ne(public->reseed_prop_counter, 0)
|| !TEST_int_ne(private->reseed_prop_counter, 0))
if (!TEST_int_ne(master->reseed_counter, 0)
|| !TEST_int_ne(public->reseed_counter, 0)
|| !TEST_int_ne(private->reseed_counter, 0))
return 0;
/* Check whether the master DRBG's reseed counter is the largest one */
if (!TEST_int_le(public->reseed_prop_counter, master->reseed_prop_counter)
|| !TEST_int_le(private->reseed_prop_counter, master->reseed_prop_counter))
if (!TEST_int_le(public->reseed_counter, master->reseed_counter)
|| !TEST_int_le(private->reseed_counter, master->reseed_counter))
return 0;
/*
@@ -656,8 +655,8 @@ static int test_drbg_reseed(int expect_success,
if (expect_success == 1) {
/* Test whether all three reseed counters are synchronized */
if (!TEST_int_eq(public->reseed_prop_counter, master->reseed_prop_counter)
|| !TEST_int_eq(private->reseed_prop_counter, master->reseed_prop_counter))
if (!TEST_int_eq(public->reseed_counter, master->reseed_counter)
|| !TEST_int_eq(private->reseed_counter, master->reseed_counter))
return 0;
/* Test whether reseed time of master DRBG is set correctly */
@@ -771,7 +770,7 @@ static int test_rand_drbg_reseed(void)
* Test whether the public and private DRBG are both reseeded when their
* reseed counters differ from the master's reseed counter.
*/
master->reseed_prop_counter++;
master->reseed_counter++;
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1, 0)))
goto error;
reset_drbg_hook_ctx();
@@ -780,8 +779,8 @@ static int test_rand_drbg_reseed(void)
* Test whether the public DRBG is reseeded when its reseed counter differs
* from the master's reseed counter.
*/
master->reseed_prop_counter++;
private->reseed_prop_counter++;
master->reseed_counter++;
private->reseed_counter++;
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0, 0)))
goto error;
reset_drbg_hook_ctx();
@@ -790,8 +789,8 @@ static int test_rand_drbg_reseed(void)
* Test whether the private DRBG is reseeded when its reseed counter differs
* from the master's reseed counter.
*/
master->reseed_prop_counter++;
public->reseed_prop_counter++;
master->reseed_counter++;
public->reseed_counter++;
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1, 0)))
goto error;
reset_drbg_hook_ctx();
@@ -824,7 +823,7 @@ static int test_rand_drbg_reseed(void)
* Test whether none of the DRBGs is reseed if the master fails to reseed
*/
master_ctx.fail = 1;
master->reseed_prop_counter++;
master->reseed_counter++;
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0, 0)))
goto error;

103
test/ec_internal_test.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -183,6 +183,106 @@ static int field_tests_default(int n)
return ret;
}
/*
* Tests behavior of the decoded_from_explicit_params flag and API
*/
static int decoded_flag_test(void)
{
EC_GROUP *grp;
EC_GROUP *grp_copy = NULL;
ECPARAMETERS *ecparams = NULL;
ECPKPARAMETERS *ecpkparams = NULL;
EC_KEY *key = NULL;
unsigned char *encodedparams = NULL;
const unsigned char *encp;
int encodedlen;
int testresult = 0;
/* Test EC_GROUP_new not setting the flag */
grp = EC_GROUP_new(EC_GFp_simple_method());
if (!TEST_ptr(grp)
|| !TEST_int_eq(grp->decoded_from_explicit_params, 0))
goto err;
EC_GROUP_free(grp);
/* Test EC_GROUP_new_by_curve_name not setting the flag */
grp = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
if (!TEST_ptr(grp)
|| !TEST_int_eq(grp->decoded_from_explicit_params, 0))
goto err;
/* Test EC_GROUP_new_from_ecparameters not setting the flag */
if (!TEST_ptr(ecparams = EC_GROUP_get_ecparameters(grp, NULL))
|| !TEST_ptr(grp_copy = EC_GROUP_new_from_ecparameters(ecparams))
|| !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0))
goto err;
EC_GROUP_free(grp_copy);
grp_copy = NULL;
ECPARAMETERS_free(ecparams);
ecparams = NULL;
/* Test EC_GROUP_new_from_ecpkparameters not setting the flag */
if (!TEST_int_eq(EC_GROUP_get_asn1_flag(grp), OPENSSL_EC_NAMED_CURVE)
|| !TEST_ptr(ecpkparams = EC_GROUP_get_ecpkparameters(grp, NULL))
|| !TEST_ptr(grp_copy = EC_GROUP_new_from_ecpkparameters(ecpkparams))
|| !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0)
|| !TEST_ptr(key = EC_KEY_new())
/* Test EC_KEY_decoded_from_explicit_params on key without a group */
|| !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), -1)
|| !TEST_int_eq(EC_KEY_set_group(key, grp_copy), 1)
/* Test EC_KEY_decoded_from_explicit_params negative case */
|| !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), 0))
goto err;
EC_GROUP_free(grp_copy);
grp_copy = NULL;
ECPKPARAMETERS_free(ecpkparams);
ecpkparams = NULL;
/* Test d2i_ECPKParameters with named params not setting the flag */
if (!TEST_int_gt(encodedlen = i2d_ECPKParameters(grp, &encodedparams), 0)
|| !TEST_ptr(encp = encodedparams)
|| !TEST_ptr(grp_copy = d2i_ECPKParameters(NULL, &encp, encodedlen))
|| !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0))
goto err;
EC_GROUP_free(grp_copy);
grp_copy = NULL;
OPENSSL_free(encodedparams);
encodedparams = NULL;
/* Asn1 flag stays set to explicit with EC_GROUP_new_from_ecpkparameters */
EC_GROUP_set_asn1_flag(grp, OPENSSL_EC_EXPLICIT_CURVE);
if (!TEST_ptr(ecpkparams = EC_GROUP_get_ecpkparameters(grp, NULL))
|| !TEST_ptr(grp_copy = EC_GROUP_new_from_ecpkparameters(ecpkparams))
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(grp_copy), OPENSSL_EC_EXPLICIT_CURVE)
|| !TEST_int_eq(grp_copy->decoded_from_explicit_params, 0))
goto err;
EC_GROUP_free(grp_copy);
grp_copy = NULL;
/* Test d2i_ECPKParameters with explicit params setting the flag */
if (!TEST_int_gt(encodedlen = i2d_ECPKParameters(grp, &encodedparams), 0)
|| !TEST_ptr(encp = encodedparams)
|| !TEST_ptr(grp_copy = d2i_ECPKParameters(NULL, &encp, encodedlen))
|| !TEST_int_eq(EC_GROUP_get_asn1_flag(grp_copy), OPENSSL_EC_EXPLICIT_CURVE)
|| !TEST_int_eq(grp_copy->decoded_from_explicit_params, 1)
|| !TEST_int_eq(EC_KEY_set_group(key, grp_copy), 1)
/* Test EC_KEY_decoded_from_explicit_params positive case */
|| !TEST_int_eq(EC_KEY_decoded_from_explicit_params(key), 1))
goto err;
testresult = 1;
err:
EC_KEY_free(key);
EC_GROUP_free(grp);
EC_GROUP_free(grp_copy);
ECPARAMETERS_free(ecparams);
ECPKPARAMETERS_free(ecpkparams);
OPENSSL_free(encodedparams);
return testresult;
}
int setup_tests(void)
{
crv_len = EC_get_builtin_curves(NULL, 0);
@@ -196,6 +296,7 @@ int setup_tests(void)
ADD_TEST(field_tests_ec2_simple);
#endif
ADD_ALL_TESTS(field_tests_default, crv_len);
ADD_TEST(decoded_flag_test);
return 1;
}

84
test/ectest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -2099,6 +2099,87 @@ static int ec_point_hex2point_test(int id)
return ret;
}
/*
* check the EC_METHOD respects the supplied EC_GROUP_set_generator G
*/
static int custom_generator_test(int id)
{
int ret = 0, nid, bsize;
EC_GROUP *group = NULL;
EC_POINT *G2 = NULL, *Q1 = NULL, *Q2 = NULL;
BN_CTX *ctx = NULL;
BIGNUM *k = NULL;
unsigned char *b1 = NULL, *b2 = NULL;
/* Do some setup */
nid = curves[id].nid;
TEST_note("Curve %s", OBJ_nid2sn(nid));
if (!TEST_ptr(ctx = BN_CTX_new()))
return 0;
BN_CTX_start(ctx);
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid)))
goto err;
/* expected byte length of encoded points */
bsize = (EC_GROUP_get_degree(group) + 7) / 8;
bsize = 2 * bsize + 1;
if (!TEST_ptr(k = BN_CTX_get(ctx))
/* fetch a testing scalar k != 0,1 */
|| !TEST_true(BN_rand(k, EC_GROUP_order_bits(group) - 1,
BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
/* make k even */
|| !TEST_true(BN_clear_bit(k, 0))
|| !TEST_ptr(G2 = EC_POINT_new(group))
|| !TEST_ptr(Q1 = EC_POINT_new(group))
/* Q1 := kG */
|| !TEST_true(EC_POINT_mul(group, Q1, k, NULL, NULL, ctx))
/* pull out the bytes of that */
|| !TEST_int_eq(EC_POINT_point2oct(group, Q1,
POINT_CONVERSION_UNCOMPRESSED, NULL,
0, ctx), bsize)
|| !TEST_ptr(b1 = OPENSSL_malloc(bsize))
|| !TEST_int_eq(EC_POINT_point2oct(group, Q1,
POINT_CONVERSION_UNCOMPRESSED, b1,
bsize, ctx), bsize)
/* new generator is G2 := 2G */
|| !TEST_true(EC_POINT_dbl(group, G2, EC_GROUP_get0_generator(group),
ctx))
|| !TEST_true(EC_GROUP_set_generator(group, G2,
EC_GROUP_get0_order(group),
EC_GROUP_get0_cofactor(group)))
|| !TEST_ptr(Q2 = EC_POINT_new(group))
|| !TEST_true(BN_rshift1(k, k))
/* Q2 := k/2 G2 */
|| !TEST_true(EC_POINT_mul(group, Q2, k, NULL, NULL, ctx))
|| !TEST_int_eq(EC_POINT_point2oct(group, Q2,
POINT_CONVERSION_UNCOMPRESSED, NULL,
0, ctx), bsize)
|| !TEST_ptr(b2 = OPENSSL_malloc(bsize))
|| !TEST_int_eq(EC_POINT_point2oct(group, Q2,
POINT_CONVERSION_UNCOMPRESSED, b2,
bsize, ctx), bsize)
/* Q1 = kG = k/2 G2 = Q2 should hold */
|| !TEST_int_eq(CRYPTO_memcmp(b1, b2, bsize), 0))
goto err;
ret = 1;
err:
BN_CTX_end(ctx);
EC_POINT_free(Q1);
EC_POINT_free(Q2);
EC_POINT_free(G2);
EC_GROUP_free(group);
BN_CTX_free(ctx);
OPENSSL_free(b1);
OPENSSL_free(b2);
return ret;
}
#endif /* OPENSSL_NO_EC */
int setup_tests(void)
@@ -2126,6 +2207,7 @@ int setup_tests(void)
ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len);
ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
ADD_ALL_TESTS(custom_generator_test, crv_len);
#endif /* OPENSSL_NO_EC */
return 1;
}

5
test/handshake_helper.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -637,7 +637,8 @@ static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
}
if (extra->client.alpn_protocols != NULL) {
unsigned char *alpn_protos = NULL;
size_t alpn_protos_len;
size_t alpn_protos_len = 0;
if (!TEST_true(parse_protos(extra->client.alpn_protocols,
&alpn_protos, &alpn_protos_len))
/* Reversed return value convention... */

5
test/recipes/04-test_pem.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -28,6 +28,8 @@ my %cert_expected = (
"cert-1023line.pem" => 1,
"cert-1024line.pem" => 1,
"cert-1025line.pem" => 1,
"cert-254-chars-at-the-end.pem" => 1,
"cert-254-chars-in-the-middle.pem" => 1,
"cert-255line.pem" => 1,
"cert-256line.pem" => 1,
"cert-257line.pem" => 1,
@@ -42,6 +44,7 @@ my %cert_expected = (
"cert-misalignedpad.pem" => 0,
"cert-onecolumn.pem" => 1,
"cert-oneline.pem" => 1,
"cert-oneline-multiple-of-254.pem" => 1,
"cert-shortandlongline.pem" => 1,
"cert-shortline.pem" => 1,
"cert-threecolumn.pem" => 1,

6
test/recipes/04-test_pem_data/cert-254-chars-at-the-end.pem Normal file
View File

@@ -0,0 +1,6 @@
-----BEGIN CERTIFICATE-----
MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLf
mipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo
9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjo
Kx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c=
-----END CERTIFICATE-----

5
test/recipes/04-test_pem_data/cert-254-chars-in-the-middle.pem Normal file
View File

@@ -0,0 +1,5 @@
-----BEGIN CERTIFICATE-----
MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT
3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCB
TaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c=
-----END CERTIFICATE-----

3
test/recipes/04-test_pem_data/cert-oneline-multiple-of-254.pem Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN CERTIFICATE-----
MIIEcjCCAyegAwIBAgIUPLgYY73GEwkikNCKRJrcbCR+TbQwDQYJKoZIhvcNAQELBQAwgZUxCzAJBgNVBAYTAkFVMWMwYQYDVQQIDFpUaGUgR3JlYXQgU3RhdGUgb2YgTG9uZy1XaW5kZWQgQ2VydGlmaWNhdGUgRmllbGQgTmFtZXMgV2hlcmVieSB0byBJbmNyZWFzZSB0aGUgT3V0cHV0IFNpemUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMDA0MDcwMDAwNDJaFw0zMDA0MDUwMDAwNDJaMIGVMQswCQYDVQQGEwJBVTFjMGEGA1UECAxaVGhlIEdyZWF0IFN0YXRlIG9mIExvbmctV2luZGVkIENlcnRpZmljYXRlIEZpZWxkIE5hbWVzIFdoZXJlYnkgdG8gSW5jcmVhc2UgdGhlIE91dHB1dCBTaXplMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggFUMA0GCSqGSIb3DQEBAQUAA4IBQQAwggE8AoIBMwLfmipKB41NPXrbp/T5eu+fndvZq72N/Tq0vZp2dRoz89NEFC3jYVBjp4pmVwCS9F/fGX1tnVfhb9k/4fqiI/y9lBVzxaHyMG/pt0D2nTS8iaMTM7uBeRvB5rUZlEbU8uvv4GXu3CeP/NnVceXruGbPb4IpjfoUbGLvn5oK35h8a+LNY5f7QRBlAXtUwYrdxVzT+CqQ4wIAuqoIVXgRIweveS1ArbS8hOtsVnu1bUAQVKqORHx8gtbOyiA4heTCEOkwh45YV6KW+uLI1wTeE4E9erlI4RwZ7umbBnQai/hYL//AUfQKQhpGbgfyJrS0UYY7WEP/mcFQh0U2EBTXtAy/e4XPiftViR3+pd+G2TJ/JFofDDzJRrceeo9tUnMr0pKtU7oB77lSKgsruKKkhn6lLH8CAwEAAaNTMFEwHQYDVR0OBBYEFIkawSiFUdL6G3jw8qg1WQI8Xi4rMB8GA1UdIwQYMBaAFIkawSiFUdL6G3jw8qg1WQI8Xi4rMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggE0AAHe/+71vykcq9BQ5h2X7MpnkE5n0Yn0Xi24uuCpv59JjABmOdaeT6XBQ5UJN8WfidawgzbJ6WiWgjflaMfRfjsdCJRgvdw0gfXXXrsseJMeMYnw1hQTGuB83BKjXBdL6zb45qGf2Fgjm3aNW2NUVM+Q2QfMjoKx13hTyDh9l5nOhMv/Rkygcx1Row2WbkvrhxvCLxY0VhL7RuPV8K0ogKicv8VJgQriOUVTTkqBP1xUimKSTaNaZ8KAnC7thxxZHxsNa45a6AouPSzyAOPZQgCJW83OIFxvWsdYU1KvP1wmoi1XC9giSQ/5sLPu/eAYTzmY+Xd6Sq8dF8uyodeI2gFu3AzC28PVKeUriIGfxaqEUn+aXx5W+r8JTE6fQ9mBo9YxJBXG+OTIFgHR27q2dJwqK9c=
-----END CERTIFICATE-----

12
test/recipes/05-test_cmac.t Normal file
View File

@@ -0,0 +1,12 @@
#! /usr/bin/env perl
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use OpenSSL::Test::Simple;
simple_test("test_cmac", "cmactest", "cmac");

56
test/recipes/15-test_ec.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -16,23 +16,51 @@ use OpenSSL::Test::Utils;
setup("test_ec");
plan tests => 5;
plan tests => 11;
require_ok(srctop_file('test','recipes','tconversion.pl'));
ok(run(test(["ectest"])), "running ectest");
SKIP: {
skip "Skipping ec conversion test", 3
if disabled("ec");
SKIP: {
skip "Skipping EC conversion test", 3
if disabled("ec");
subtest 'ec conversions -- private key' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"));
};
subtest 'ec conversions -- private key PKCS#8' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey");
};
subtest 'ec conversions -- public key' => sub {
tconversion("ec", srctop_file("test","testecpub-p256.pem"), "ec", "-pubin", "-pubout");
};
subtest 'EC conversions -- private key' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"));
};
subtest 'EC conversions -- private key PKCS#8' => sub {
tconversion("ec", srctop_file("test","testec-p256.pem"), "pkey");
};
subtest 'EC conversions -- public key' => sub {
tconversion("ec", srctop_file("test","testecpub-p256.pem"),
"ec", "-pubin", "-pubout");
};
}
SKIP: {
skip "Skipping EdDSA conversion test", 6
if disabled("ec");
subtest 'Ed25519 conversions -- private key' => sub {
tconversion("pkey", srctop_file("test","tested25519.pem"));
};
subtest 'Ed25519 conversions -- private key PKCS#8' => sub {
tconversion("pkey", srctop_file("test","tested25519.pem"), "pkey");
};
subtest 'Ed25519 conversions -- public key' => sub {
tconversion("pkey", srctop_file("test","tested25519pub.pem"),
"pkey", "-pubin", "-pubout");
};
subtest 'Ed448 conversions -- private key' => sub {
tconversion("pkey", srctop_file("test","tested448.pem"));
};
subtest 'Ed448 conversions -- private key PKCS#8' => sub {
tconversion("pkey", srctop_file("test","tested448.pem"), "pkey");
};
subtest 'Ed448 conversions -- public key' => sub {
tconversion("pkey", srctop_file("test","tested448pub.pem"),
"pkey", "-pubin", "-pubout");
};
}

306
test/recipes/15-test_genec.t Normal file
View File

@@ -0,0 +1,306 @@
#! /usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec;
use OpenSSL::Test qw/:DEFAULT srctop_file/;
use OpenSSL::Test::Utils;
setup("test_genec");
plan skip_all => "This test is unsupported in a no-ec build"
if disabled("ec");
my @prime_curves = qw(
secp112r1
secp112r2
secp128r1
secp128r2
secp160k1
secp160r1
secp160r2
secp192k1
secp224k1
secp224r1
secp256k1
secp384r1
secp521r1
prime192v1
prime192v2
prime192v3
prime239v1
prime239v2
prime239v3
prime256v1
wap-wsg-idm-ecid-wtls6
wap-wsg-idm-ecid-wtls7
wap-wsg-idm-ecid-wtls8
wap-wsg-idm-ecid-wtls9
wap-wsg-idm-ecid-wtls12
brainpoolP160r1
brainpoolP160t1
brainpoolP192r1
brainpoolP192t1
brainpoolP224r1
brainpoolP224t1
brainpoolP256r1
brainpoolP256t1
brainpoolP320r1
brainpoolP320t1
brainpoolP384r1
brainpoolP384t1
brainpoolP512r1
brainpoolP512t1
);
my @binary_curves = qw(
sect113r1
sect113r2
sect131r1
sect131r2
sect163k1
sect163r1
sect163r2
sect193r1
sect193r2
sect233k1
sect233r1
sect239k1
sect283k1
sect283r1
sect409k1
sect409r1
sect571k1
sect571r1
c2pnb163v1
c2pnb163v2
c2pnb163v3
c2pnb176v1
c2tnb191v1
c2tnb191v2
c2tnb191v3
c2pnb208w1
c2tnb239v1
c2tnb239v2
c2tnb239v3
c2pnb272w1
c2pnb304w1
c2tnb359v1
c2pnb368w1
c2tnb431r1
wap-wsg-idm-ecid-wtls1
wap-wsg-idm-ecid-wtls3
wap-wsg-idm-ecid-wtls4
wap-wsg-idm-ecid-wtls5
wap-wsg-idm-ecid-wtls10
wap-wsg-idm-ecid-wtls11
);
my @explicit_only_curves = ();
push(@explicit_only_curves, qw(
Oakley-EC2N-3
Oakley-EC2N-4
)) if !disabled("ec2m");
my @other_curves = ();
push(@other_curves, 'SM2')
if !disabled("sm2");
my @curve_aliases = qw(
P-192
P-224
P-256
P-384
P-521
);
push(@curve_aliases, qw(
B-163
B-233
B-283
B-409
B-571
K-163
K-233
K-283
K-409
K-571
)) if !disabled("ec2m");
my @curve_list = ();
push(@curve_list, @prime_curves);
push(@curve_list, @binary_curves)
if !disabled("ec2m");
push(@curve_list, @other_curves);
push(@curve_list, @curve_aliases);
my @params_encodings = ('named_curve', 'explicit');
my @output_formats = ('PEM', 'DER');
plan tests => scalar(@curve_list) * scalar(@params_encodings)
* (1 + scalar(@output_formats)) # Try listed @output_formats and text output
* 2 # Test generating parameters and keys
+ 1 # Checking that with no curve it fails
+ 1 # Checking that with unknown curve it fails
+ 1 # Subtest for explicit only curves
;
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC'])),
"genpkey EC with no params should fail");
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:bogus_foobar_curve'])),
"genpkey EC with unknown curve name should fail");
foreach my $curvename (@curve_list) {
foreach my $paramenc (@params_encodings) {
# --- Test generating parameters ---
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
# --- Test generating actual keys ---
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
}
}
subtest "test curves that only support explicit parameters encoding" => sub {
@curve_list = @explicit_only_curves;
plan skip_all => "This test is unsupported under current configuration"
if scalar(@curve_list) <= 0;
plan tests => scalar(@curve_list) * scalar(@params_encodings)
* (1 + scalar(@output_formats)) # Try listed @output_formats and text output
* 2 # Test generating parameters and keys
;
foreach my $curvename (@curve_list) {
my $paramenc = "explicit";
# --- Test generating parameters ---
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
# --- Test generating actual keys ---
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
my $paramenc = "named_curve";
# --- Test generating parameters ---
ok(!run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(!run(app([ 'openssl', 'genpkey', '-genparam',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC params ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
# --- Test generating actual keys ---
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-text'])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (text)");
foreach my $outform (@output_formats) {
my $outfile = "ecgen.${curvename}.${paramenc}." . lc $outform;
ok(!run(app([ 'openssl', 'genpkey',
'-algorithm', 'EC',
'-pkeyopt', 'ec_paramgen_curve:'.$curvename,
'-pkeyopt', 'ec_param_enc:'.$paramenc,
'-outform', $outform,
'-out', $outfile])),
"genpkey EC key on ${curvename} with ec_param_enc:'${paramenc}' (${outform})");
}
}
};

104
test/recipes/20-test_dgst.t Normal file
View File

@@ -0,0 +1,104 @@
#! /usr/bin/env perl
# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use File::Spec;
use OpenSSL::Test qw/:DEFAULT with srctop_file/;
use OpenSSL::Test::Utils;
setup("test_dgst");
plan tests => 5;
sub tsignverify {
my $testtext = shift;
my $privkey = shift;
my $pubkey = shift;
my $data_to_sign = srctop_file('test', 'README');
my $other_data = srctop_file('test', 'README.external');
plan tests => 4;
ok(run(app(['openssl', 'dgst', '-sign', $privkey,
'-out', 'testdgst.sig',
$data_to_sign])),
$testtext.": Generating signature");
ok(run(app(['openssl', 'dgst', '-prverify', $privkey,
'-signature', 'testdgst.sig',
$data_to_sign])),
$testtext.": Verify signature with private key");
ok(run(app(['openssl', 'dgst', '-verify', $pubkey,
'-signature', 'testdgst.sig',
$data_to_sign])),
$testtext.": Verify signature with public key");
ok(!run(app(['openssl', 'dgst', '-verify', $pubkey,
'-signature', 'testdgst.sig',
$other_data])),
$testtext.": Expect failure verifying mismatching data");
unlink 'testdgst.sig';
}
SKIP: {
skip "RSA is not supported by this OpenSSL build", 1
if disabled("rsa");
subtest "RSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("RSA",
srctop_file("test","testrsa.pem"),
srctop_file("test","testrsapub.pem"));
};
}
SKIP: {
skip "DSA is not supported by this OpenSSL build", 1
if disabled("dsa");
subtest "DSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("DSA",
srctop_file("test","testdsa.pem"),
srctop_file("test","testdsapub.pem"));
};
}
SKIP: {
skip "ECDSA is not supported by this OpenSSL build", 1
if disabled("ec");
subtest "ECDSA signature generation and verification with `dgst` CLI" => sub {
tsignverify("ECDSA",
srctop_file("test","testec-p256.pem"),
srctop_file("test","testecpub-p256.pem"));
};
}
SKIP: {
skip "EdDSA is not supported by this OpenSSL build", 2
if disabled("ec");
skip "EdDSA is not supported with `dgst` CLI", 2;
subtest "Ed25519 signature generation and verification with `dgst` CLI" => sub {
tsignverify("Ed25519",
srctop_file("test","tested25519.pem"),
srctop_file("test","tested25519pub.pem"));
};
subtest "Ed448 signature generation and verification with `dgst` CLI" => sub {
tsignverify("Ed448",
srctop_file("test","tested448.pem"),
srctop_file("test","tested448pub.pem"));
};
}

44
test/recipes/25-test_req.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_req");
plan tests => 12;
plan tests => 14;
require_ok(srctop_file('test','recipes','tconversion.pl'));
@@ -106,6 +106,46 @@ subtest "generating certificate requests with ECDSA" => sub {
}
};
subtest "generating certificate requests with Ed25519" => sub {
plan tests => 2;
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "tested25519.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests with Ed448" => sub {
plan tests => 2;
SKIP: {
skip "Ed448 is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "tested448.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests" => sub {
plan tests => 2;

30
test/recipes/25-test_verify.t
View File

@@ -27,7 +27,7 @@ sub verify {
run(app([@args]));
}
plan tests => 137;
plan tests => 145;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -132,6 +132,10 @@ ok(!verify("ee-cert", "sslserver", [], [qw(ca-cert)], "-partial_chain"),
"fail untrusted partial chain");
ok(verify("ee-cert", "sslserver", [qw(ca-cert)], [], "-partial_chain"),
"accept trusted partial chain");
ok(!verify("ee-cert", "sslserver", [qw(ca-expired)], [], "-partial_chain"),
"reject expired trusted partial chain"); # this check is beyond RFC 5280
ok(!verify("ee-cert", "sslserver", [qw(root-expired)], [qw(ca-cert)]),
"reject expired trusted root"); # this check is beyond RFC 5280
ok(verify("ee-cert", "sslserver", [qw(sca-cert)], [], "-partial_chain"),
"accept partial chain with server purpose");
ok(!verify("ee-cert", "sslserver", [qw(cca-cert)], [], "-partial_chain"),
@@ -280,6 +284,27 @@ ok(verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level",
ok(!verify("ee-cert-md5", "sslserver", ["root-cert"], ["ca-cert"]),
"reject md5 leaf at auth level 1");
# Explicit vs named curve tests
SKIP: {
skip "EC is not supported by this OpenSSL build", 5
if disabled("ec");
ok(verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-named"]),
"accept explicit curve leaf with named curve intermediate without strict");
ok(verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-explicit"]),
"accept named curve leaf with explicit curve intermediate without strict");
ok(!verify("ee-cert-ec-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-named"], "-x509_strict"),
"reject explicit curve leaf with named curve intermediate with strict");
ok(!verify("ee-cert-ec-named-explicit", "sslserver", ["root-cert"],
["ca-cert-ec-explicit"], "-x509_strict"),
"reject named curve leaf with explicit curve intermediate with strict");
ok(verify("ee-cert-ec-named-named", "sslserver", ["root-cert"],
["ca-cert-ec-named"], "-x509_strict"),
"accept named curve leaf with named curve intermediate with strict");
}
# Depth tests, note the depth limit bounds the number of CA certificates
# between the trust-anchor and the leaf, so, for example, with a root->ca->leaf
# chain, depth = 1 is sufficient, but depth == 0 is not.
@@ -368,6 +393,9 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
"Public Key Algorithm rsa instead of rsaEncryption");
ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []),
"accept trusted self-signed EE cert excluding key usage keyCertSign");
SKIP: {
skip "Ed25519 is not supported by this OpenSSL build", 1
if disabled("ec");

26
test/rsa_test.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -223,18 +223,20 @@ static int pad_unknown(void)
static int rsa_setkey(RSA** key, unsigned char* ctext, int idx)
{
int clen = 0;
*key = RSA_new();
switch (idx) {
case 0:
clen = key1(*key, ctext);
break;
case 1:
clen = key2(*key, ctext);
break;
case 2:
clen = key3(*key, ctext);
break;
}
if (*key != NULL)
switch (idx) {
case 0:
clen = key1(*key, ctext);
break;
case 1:
clen = key2(*key, ctext);
break;
case 2:
clen = key3(*key, ctext);
break;
}
return clen;
}

201
test/sslapitest.c
View File

@@ -590,7 +590,6 @@ end:
return testresult;
}
#endif
/*
* Very focused test to exercise a single case in the server-side state
@@ -702,6 +701,7 @@ end:
return testresult;
}
#endif
static int execute_test_large_message(const SSL_METHOD *smeth,
const SSL_METHOD *cmeth,
@@ -2129,8 +2129,11 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
#define MSG6 "test"
#define MSG7 "message."
#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
#define TLS13_CHACHA20_POLY1305_SHA256_BYTES ((const unsigned char *)"\x13\x03")
#define TLS13_AES_128_CCM_SHA256_BYTES ((const unsigned char *)"\x13\x04")
#define TLS13_AES_128_CCM_8_SHA256_BYTES ((const unsigned char *)"\x13\05")
static SSL_SESSION *create_a_psk(SSL *ssl)
@@ -3058,6 +3061,110 @@ static int test_early_data_psk(int idx)
return testresult;
}
/*
* Test TLSv1.3 PSK can be used to send early_data with all 5 ciphersuites
* idx == 0: Test with TLS1_3_RFC_AES_128_GCM_SHA256
* idx == 1: Test with TLS1_3_RFC_AES_256_GCM_SHA384
* idx == 2: Test with TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
* idx == 3: Test with TLS1_3_RFC_AES_128_CCM_SHA256
* idx == 4: Test with TLS1_3_RFC_AES_128_CCM_8_SHA256
*/
static int test_early_data_psk_with_all_ciphers(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
const SSL_CIPHER *cipher;
const char *cipher_str[] = {
TLS1_3_RFC_AES_128_GCM_SHA256,
TLS1_3_RFC_AES_256_GCM_SHA384,
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
# else
NULL,
# endif
TLS1_3_RFC_AES_128_CCM_SHA256,
TLS1_3_RFC_AES_128_CCM_8_SHA256
};
const unsigned char *cipher_bytes[] = {
TLS13_AES_128_GCM_SHA256_BYTES,
TLS13_AES_256_GCM_SHA384_BYTES,
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
TLS13_CHACHA20_POLY1305_SHA256_BYTES,
# else
NULL,
# endif
TLS13_AES_128_CCM_SHA256_BYTES,
TLS13_AES_128_CCM_8_SHA256_BYTES
};
if (cipher_str[idx] == NULL)
return 1;
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, 2)))
goto end;
if (!TEST_true(SSL_set_ciphersuites(clientssl, cipher_str[idx]))
|| !TEST_true(SSL_set_ciphersuites(serverssl, cipher_str[idx])))
goto end;
/*
* 'setupearly_data_test' creates only one instance of SSL_SESSION
* and assigns to both client and server with incremented reference
* and the same instance is updated in 'sess'.
* So updating ciphersuite in 'sess' which will get reflected in
* PSK handshake using psk use sess and find sess cb.
*/
cipher = SSL_CIPHER_find(clientssl, cipher_bytes[idx]);
if (!TEST_ptr(cipher) || !TEST_true(SSL_SESSION_set_cipher(sess, cipher)))
goto end;
SSL_set_connect_state(clientssl);
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_SUCCESS)
|| !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_int_eq(SSL_connect(clientssl), 1)
|| !TEST_int_eq(SSL_accept(serverssl), 1))
goto end;
/* Send some normal data from client to server */
if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
|| !TEST_size_t_eq(written, strlen(MSG2)))
goto end;
if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
if (clientssl != NULL)
SSL_shutdown(clientssl);
if (serverssl != NULL)
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test that a server that doesn't try to read early data can handle a
* client sending some.
@@ -4325,9 +4432,20 @@ static int test_export_key_mat(int tst)
SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
NULL)))
goto end;
/*
* Premature call of SSL_export_keying_material should just fail.
*/
if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
sizeof(ckeymat1), label,
SMALL_LABEL_LEN + 1, context,
sizeof(context) - 1, 1), 0))
goto end;
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
if (tst == 5) {
@@ -6471,6 +6589,75 @@ static int test_servername(int tst)
return testresult;
}
#ifndef OPENSSL_NO_TLS1_2
static int test_ssl_dup(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL, *client2ssl = NULL;
int testresult = 0;
BIO *rbio = NULL, *wbio = NULL;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
0,
0,
&sctx, &cctx, cert, privkey)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (!TEST_true(SSL_set_min_proto_version(clientssl, TLS1_2_VERSION))
|| !TEST_true(SSL_set_max_proto_version(clientssl, TLS1_2_VERSION)))
goto end;
client2ssl = SSL_dup(clientssl);
rbio = SSL_get_rbio(clientssl);
if (!TEST_ptr(rbio)
|| !TEST_true(BIO_up_ref(rbio)))
goto end;
SSL_set0_rbio(client2ssl, rbio);
rbio = NULL;
wbio = SSL_get_wbio(clientssl);
if (!TEST_ptr(wbio) || !TEST_true(BIO_up_ref(wbio)))
goto end;
SSL_set0_wbio(client2ssl, wbio);
rbio = NULL;
if (!TEST_ptr(client2ssl)
/* Handshake not started so pointers should be different */
|| !TEST_ptr_ne(clientssl, client2ssl))
goto end;
if (!TEST_int_eq(SSL_get_min_proto_version(client2ssl), TLS1_2_VERSION)
|| !TEST_int_eq(SSL_get_max_proto_version(client2ssl), TLS1_2_VERSION))
goto end;
if (!TEST_true(create_ssl_connection(serverssl, client2ssl, SSL_ERROR_NONE)))
goto end;
SSL_free(clientssl);
clientssl = SSL_dup(client2ssl);
if (!TEST_ptr(clientssl)
/* Handshake has finished so pointers should be the same */
|| !TEST_ptr_eq(clientssl, client2ssl))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_free(client2ssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
int setup_tests(void)
{
if (!TEST_ptr(certsdir = test_get_argument(0))
@@ -6549,6 +6736,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_early_data_skip_abort, 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
ADD_ALL_TESTS(test_early_data_psk_with_all_ciphers, 5);
ADD_ALL_TESTS(test_early_data_not_expected, 3);
# ifndef OPENSSL_NO_TLS1_2
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
@@ -6590,6 +6778,9 @@ int setup_tests(void)
ADD_ALL_TESTS(test_client_cert_cb, 2);
ADD_ALL_TESTS(test_ca_names, 3);
ADD_ALL_TESTS(test_servername, 10);
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_ssl_dup);
#endif
return 1;
}

3
test/tested25519.pem Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
-----END PRIVATE KEY-----

3
test/tested25519pub.pem Normal file
View File

@@ -0,0 +1,3 @@
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=
-----END PUBLIC KEY-----

4
test/tested448.pem Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOWyCpWLLgI0Q1jK+ichRPr9skp803fqMn2PJlg7240ij
UoyKP8wvBE45o/xblEkvjwMudUmiAJj5Ww==
-----END PRIVATE KEY-----

4
test/tested448pub.pem Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MEMwBQYDK2VxAzoAX9dEm1m0Yf0s54fsYWrUah2hNCSFpw4fig6nXYDpZ3jt8SR2
m0bHBhvWeD3x5Q9s0foavq/oJWGA
-----END PUBLIC KEY-----

4
test/tls13encryptiontest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -288,7 +288,7 @@ static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc)
{
int ret = 0;
unsigned char *refd;
size_t refdatalen;
size_t refdatalen = 0;
if (enc)
refd = multihexstr2buf(recd->ciphertext, &refdatalen);

346
test/v3nametest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -359,8 +359,352 @@ static int call_run_cert(int i)
return failed == 0;
}
struct gennamedata {
const unsigned char der[22];
size_t derlen;
} gennames[] = {
{
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
* [0] {
* SEQUENCE {}
* }
* }
*/
{
0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
},
21
}, {
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
* [0] {
* [APPLICATION 0] {}
* }
* }
*/
{
0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
},
21
}, {
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
* [0] {
* UTF8String { "a" }
* }
* }
*/
{
0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
},
22
}, {
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
* [0] {
* UTF8String { "a" }
* }
* }
*/
{
0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
},
22
}, {
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
* [0] {
* UTF8String { "b" }
* }
* }
*/
{
0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
},
22
}, {
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
* [0] {
* BOOLEAN { TRUE }
* }
* }
*/
{
0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
},
22
}, {
/*
* [0] {
* OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
* [0] {
* BOOLEAN { FALSE }
* }
* }
*/
{
0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
},
22
}, {
/* [1 PRIMITIVE] { "a" } */
{
0x81, 0x01, 0x61
},
3
}, {
/* [1 PRIMITIVE] { "b" } */
{
0x81, 0x01, 0x62
},
3
}, {
/* [2 PRIMITIVE] { "a" } */
{
0x82, 0x01, 0x61
},
3
}, {
/* [2 PRIMITIVE] { "b" } */
{
0x82, 0x01, 0x62
},
3
}, {
/*
* [4] {
* SEQUENCE {
* SET {
* SEQUENCE {
* # commonName
* OBJECT_IDENTIFIER { 2.5.4.3 }
* UTF8String { "a" }
* }
* }
* }
* }
*/
{
0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
0x04, 0x03, 0x0c, 0x01, 0x61
},
16
}, {
/*
* [4] {
* SEQUENCE {
* SET {
* SEQUENCE {
* # commonName
* OBJECT_IDENTIFIER { 2.5.4.3 }
* UTF8String { "b" }
* }
* }
* }
* }
*/
{
0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
0x04, 0x03, 0x0c, 0x01, 0x62
},
16
}, {
/*
* [5] {
* [1] {
* UTF8String { "a" }
* }
* }
*/
{
0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
},
7
}, {
/*
* [5] {
* [1] {
* UTF8String { "b" }
* }
* }
*/
{
0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
},
7
}, {
/*
* [5] {
* [0] {
* UTF8String {}
* }
* [1] {
* UTF8String { "a" }
* }
* }
*/
{
0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
},
11
}, {
/*
* [5] {
* [0] {
* UTF8String { "a" }
* }
* [1] {
* UTF8String { "a" }
* }
* }
*/
{
0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
0x61
},
12
}, {
/*
* [5] {
* [0] {
* UTF8String { "b" }
* }
* [1] {
* UTF8String { "a" }
* }
* }
*/
{
0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
0x61
},
12
}, {
/* [6 PRIMITIVE] { "a" } */
{
0x86, 0x01, 0x61
},
3
}, {
/* [6 PRIMITIVE] { "b" } */
{
0x86, 0x01, 0x62
},
3
}, {
/* [7 PRIMITIVE] { `11111111` } */
{
0x87, 0x04, 0x11, 0x11, 0x11, 0x11
},
6
}, {
/* [7 PRIMITIVE] { `22222222`} */
{
0x87, 0x04, 0x22, 0x22, 0x22, 0x22
},
6
}, {
/* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
{
0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
},
18
}, {
/* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
{
0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
},
18
}, {
/* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
{
0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
0xb7, 0x09, 0x02, 0x01
},
15
}, {
/* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
{
0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
0xb7, 0x09, 0x02, 0x02
},
15
}
};
static int test_GENERAL_NAME_cmp(void)
{
size_t i, j;
GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
* OSSL_NELEM(gennames));
GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
* OSSL_NELEM(gennames));
int testresult = 0;
if (!TEST_ptr(namesa) || !TEST_ptr(namesb))
goto end;
for (i = 0; i < OSSL_NELEM(gennames); i++) {
const unsigned char *derp = gennames[i].der;
/*
* We create two versions of each GENERAL_NAME so that we ensure when
* we compare them they are always different pointers.
*/
namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
derp = gennames[i].der;
namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i]))
goto end;
}
/* Every name should be equal to itself and not equal to any others. */
for (i = 0; i < OSSL_NELEM(gennames); i++) {
for (j = 0; j < OSSL_NELEM(gennames); j++) {
if (i == j) {
if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
goto end;
} else {
if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
goto end;
}
}
}
testresult = 1;
end:
for (i = 0; i < OSSL_NELEM(gennames); i++) {
if (namesa != NULL)
GENERAL_NAME_free(namesa[i]);
if (namesb != NULL)
GENERAL_NAME_free(namesb[i]);
}
OPENSSL_free(namesa);
OPENSSL_free(namesb);
return testresult;
}
int setup_tests(void)
{
ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns));
ADD_TEST(test_GENERAL_NAME_cmp);
return 1;
}