ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1l

Browse Source
This commit is contained in:
Steve Dower
2021-08-26 19:30:20 +01:00
parent b439f09b29
commit b123b12c0d
104 changed files with 2011 additions and 524 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
test/recipes/25-test_req.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -47,7 +47,7 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
subtest "generating certificate requests with RSA" => sub {
plan tests => 2;
plan tests => 6;
SKIP: {
skip "RSA is not supported by this OpenSSL build", 2
@@ -63,6 +63,29 @@ subtest "generating certificate requests with RSA" => sub {
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq_withattrs_pem.pem", "-utf8",
"-key", srctop_file("test", "testrsa_withattrs.pem")])),
"Generating request from a key with extra attributes - PEM");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq_withattrs_pem.pem", "-noout"])),
"Verifying signature on request from a key with extra attributes - PEM");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq_withattrs_der.pem", "-utf8",
"-key", srctop_file("test", "testrsa_withattrs.der"),
"-keyform", "DER"])),
"Generating request from a key with extra attributes - PEM");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq_withattrs_der.pem", "-noout"])),
"Verifying signature on request from a key with extra attributes - PEM");
}
};
@@ -165,7 +188,7 @@ run_conversion('req conversions',
run_conversion('req conversions -- testreq2',
srctop_file("test", "testreq2.pem"));
unlink "testkey.pem", "testreq.pem";
unlink "testkey.pem", "testreq.pem", "testreq_withattrs_pem.pem", "testreq_withattrs_der.pem";
sub run_conversion {
my $title = shift;

3
test/recipes/25-test_verify.t
View File

@@ -396,7 +396,8 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
"Public Key Algorithm rsa instead of rsaEncryption");
ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], []),
ok(verify("ee-self-signed", "sslserver", ["ee-self-signed"], [],
"-attime", "1593565200"),
"accept trusted self-signed EE cert excluding key usage keyCertSign");
SKIP: {

12
test/recipes/30-test_evp_data/evppkey.txt
View File

@@ -1,5 +1,5 @@
#
# Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -18444,6 +18444,16 @@ Decrypt = SM2_key1
Input = 30818A0220466BE2EF5C11782EC77864A0055417F407A5AFC11D653C6BCE69E417BB1D05B6022062B572E21FF0DDF5C726BD3F9FF2EAE56E6294713A607E9B9525628965F62CC804203C1B5713B5DB2728EB7BF775E44F4689FC32668BDC564F52EA45B09E8DF2A5F40422084A9D0CC2997092B7D3C404FCE95956EB604D732B2307A8E5B8900ED6608CA5B197
Output = "The floofy bunnies hop at midnight"
# Test with an C1y value < 32 bytes in length (self generated)
Decrypt = SM2_key1
Input = 3072022070DAD60CDA7C30D64CF4F278A849003581223F5324BFEC9BB329229BFFAD21A6021F18AFAB2B35459D2643243B242BE4EA80C6FA5071D2D847340CC57EB9309E5D04200B772E4DB664B2601E3B85E39C4AA8C2C1910308BE13B331E009C5A9258C29FD040B6D588BE9260A94DA18E0E6
Output = "Hello World"
# Test with an C1x and C1y valuey > 32 bytes in length, and longer plaintext (self generated)
Decrypt = SM2_key1
Input = 3081DD022100CD49634BBCB21CAFFFA6D33669A5A867231CB2A942A14352EF4CAF6DC3344D54022100C35B41D4DEBB3A2735EFEE821B9EBA566BD86900176A0C06672E30EE5CC04E930420C4190A3D80D86C4BD20E99F7E4B59BF6427C6808793533EEA9591D1188EC56B50473747295470E81D951BED279AC1B86A1AFE388CD2833FA9632799EC199C7D364E5663D5A94888BB2358CFCBF6283184DE0CBC41CCEA91D24746E99D231A1DA77AFD83CDF908190ED628B7369724494568A27C782A1D1D7294BCAD80C34569ED22859896301128A8118F48924D8CCD43E998D9533
Output = "Some longer plaintext for testing SM2 decryption. Blah blah blah blah blah blah blah blah blah blah blah blah blah."
# This is a "fake" test as it does only verify that the SM2 EVP_PKEY interface
# is capable of creating a signature without failing, but it does not say
# anything about the generated signature being valid, nor does it test the

14
test/recipes/70-test_tls13kexmodes.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -195,17 +195,14 @@ $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 11;
ok(TLSProxy::Message->success(), "Initial connection");
#Test 2: Attempt a resume with no kex modes extension. Should not resume
#Test 2: Attempt a resume with no kex modes extension. Should fail (server
# MUST abort handshake with pre_shared key and no psk_kex_modes)
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
my $testtype = DELETE_EXTENSION;
$proxy->filter(\&modify_kex_modes_filter);
$proxy->start();
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS
| checkhandshake::KEY_SHARE_SRV_EXTENSION
| checkhandshake::PSK_CLI_EXTENSION,
"Resume with no kex modes");
ok(TLSProxy::Message->fail(), "Resume with no kex modes");
#Test 3: Attempt a resume with empty kex modes extension. Should fail (empty
# extension is invalid)
@@ -243,6 +240,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
"Resume with non-dhe kex mode");
#Test 6: Attempt a resume with only unrecognised kex modes. Should not resume
# but rather fall back to full handshake
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$testtype = UNKNOWN_KEX_MODES;
@@ -252,7 +250,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
| checkhandshake::PSK_KEX_MODES_EXTENSION
| checkhandshake::KEY_SHARE_SRV_EXTENSION
| checkhandshake::PSK_CLI_EXTENSION,
"Resume with empty kex modes");
"Resume with unrecognized kex mode");
#Test 7: Attempt a resume with both non-dhe and dhe kex mode. Should resume with
# a key_share

14
test/recipes/80-test_ssl_old.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -476,10 +476,10 @@ sub testssl {
subtest 'RSA/(EC)DHE/PSK tests' => sub {
######################################################################
plan tests => 5;
plan tests => 6;
SKIP: {
skip "TLSv1.0 is not supported by this OpenSSL build", 5
skip "TLSv1.0 is not supported by this OpenSSL build", 6
if $no_tls1;
SKIP: {
@@ -514,6 +514,14 @@ sub testssl {
ok(run(test([@ssltest, "-bio_pair", "-tls1", "-cipher", "PSK", "-psk", "abc123"])),
'test tls1 with PSK via BIO pair');
}
SKIP: {
skip "skipping auto PSK tests", 1
if ($no_dh || $no_psk || $no_ec);
ok(run(test(['ssltest_old', '-psk', '0102030405', '-cipher', '@SECLEVEL=2:DHE-PSK-AES128-CCM'])),
'test auto DH meets security strength');
}
}
};