Import OpenSSL 1.1.1l
This commit is contained in:
Steve Dower
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -17,6 +17,7 @@
|
||||
#include <openssl/srp.h>
|
||||
#include <openssl/txt_db.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/x509v3.h>
|
||||
|
||||
#include "ssltestlib.h"
|
||||
#include "testutil.h"
|
||||
@@ -1826,8 +1827,10 @@ static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
|
||||
|
||||
/* Verify changing the rbio/wbio directly does not cause leaks */
|
||||
if (change_bio != NO_BIO_CHANGE) {
|
||||
if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
|
||||
if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem()))) {
|
||||
ssl = NULL;
|
||||
goto end;
|
||||
}
|
||||
if (change_bio == CHANGE_RBIO)
|
||||
SSL_set0_rbio(ssl, membio2);
|
||||
else
|
||||
@@ -6713,6 +6716,118 @@ end:
|
||||
return testresult;
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Test that setting an ALPN does not violate RFC
|
||||
*/
|
||||
static int test_set_alpn(void)
|
||||
{
|
||||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
int testresult = 0;
|
||||
|
||||
unsigned char bad0[] = { 0x00, 'b', 'a', 'd' };
|
||||
unsigned char good[] = { 0x04, 'g', 'o', 'o', 'd' };
|
||||
unsigned char bad1[] = { 0x01, 'b', 'a', 'd' };
|
||||
unsigned char bad2[] = { 0x03, 'b', 'a', 'd', 0x00};
|
||||
unsigned char bad3[] = { 0x03, 'b', 'a', 'd', 0x01, 'b', 'a', 'd'};
|
||||
unsigned char bad4[] = { 0x03, 'b', 'a', 'd', 0x06, 'b', 'a', 'd'};
|
||||
|
||||
/* Create an initial SSL_CTX with no certificate configured */
|
||||
ctx = SSL_CTX_new(TLS_server_method());
|
||||
if (!TEST_ptr(ctx))
|
||||
goto end;
|
||||
|
||||
/* the set_alpn functions return 0 (false) on success, non-zero (true) on failure */
|
||||
if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, NULL, 2)))
|
||||
goto end;
|
||||
if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, 0)))
|
||||
goto end;
|
||||
if (!TEST_false(SSL_CTX_set_alpn_protos(ctx, good, sizeof(good))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, good, 1)))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad0, sizeof(bad0))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad1, sizeof(bad1))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad2, sizeof(bad2))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad3, sizeof(bad3))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_CTX_set_alpn_protos(ctx, bad4, sizeof(bad4))))
|
||||
goto end;
|
||||
|
||||
ssl = SSL_new(ctx);
|
||||
if (!TEST_ptr(ssl))
|
||||
goto end;
|
||||
|
||||
if (!TEST_false(SSL_set_alpn_protos(ssl, NULL, 2)))
|
||||
goto end;
|
||||
if (!TEST_false(SSL_set_alpn_protos(ssl, good, 0)))
|
||||
goto end;
|
||||
if (!TEST_false(SSL_set_alpn_protos(ssl, good, sizeof(good))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_set_alpn_protos(ssl, good, 1)))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_set_alpn_protos(ssl, bad0, sizeof(bad0))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_set_alpn_protos(ssl, bad1, sizeof(bad1))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_set_alpn_protos(ssl, bad2, sizeof(bad2))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_set_alpn_protos(ssl, bad3, sizeof(bad3))))
|
||||
goto end;
|
||||
if (!TEST_true(SSL_set_alpn_protos(ssl, bad4, sizeof(bad4))))
|
||||
goto end;
|
||||
|
||||
testresult = 1;
|
||||
|
||||
end:
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
return testresult;
|
||||
}
|
||||
|
||||
static int test_inherit_verify_param(void)
|
||||
{
|
||||
int testresult = 0;
|
||||
|
||||
SSL_CTX *ctx = NULL;
|
||||
X509_VERIFY_PARAM *cp = NULL;
|
||||
SSL *ssl = NULL;
|
||||
X509_VERIFY_PARAM *sp = NULL;
|
||||
int hostflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
|
||||
|
||||
ctx = SSL_CTX_new(TLS_server_method());
|
||||
if (!TEST_ptr(ctx))
|
||||
goto end;
|
||||
|
||||
cp = SSL_CTX_get0_param(ctx);
|
||||
if (!TEST_ptr(cp))
|
||||
goto end;
|
||||
if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(cp), 0))
|
||||
goto end;
|
||||
|
||||
X509_VERIFY_PARAM_set_hostflags(cp, hostflags);
|
||||
|
||||
ssl = SSL_new(ctx);
|
||||
if (!TEST_ptr(ssl))
|
||||
goto end;
|
||||
|
||||
sp = SSL_get0_param(ssl);
|
||||
if (!TEST_ptr(sp))
|
||||
goto end;
|
||||
if (!TEST_int_eq(X509_VERIFY_PARAM_get_hostflags(sp), hostflags))
|
||||
goto end;
|
||||
|
||||
testresult = 1;
|
||||
|
||||
end:
|
||||
SSL_free(ssl);
|
||||
SSL_CTX_free(ctx);
|
||||
|
||||
return testresult;
|
||||
}
|
||||
|
||||
int setup_tests(void)
|
||||
{
|
||||
@@ -6840,6 +6955,8 @@ int setup_tests(void)
|
||||
#ifndef OPENSSL_NO_TLS1_3
|
||||
ADD_TEST(test_sni_tls13);
|
||||
#endif
|
||||
ADD_TEST(test_set_alpn);
|
||||
ADD_TEST(test_inherit_verify_param);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user