ag/cpython-source-deps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1f

Browse Source
This commit is contained in:
Steve Dower
2020-04-03 21:53:21 +01:00
parent 6f2f71e7ea
commit e531386a2f
993 changed files with 23821 additions and 3602 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/README
View File

@@ -114,7 +114,7 @@ Generic form of C test executables
int observed;
observed = function(); /* Call the code under test */
if (!TEST_int_equal(observed, 2)) /* Check the result is correct */
if (!TEST_int_eq(observed, 2)) /* Check the result is correct */
goto end; /* Exit on failure - optional */
testresult = 1; /* Mark the test case a success */

2
test/asn1_internal_test.c
View File

@@ -59,7 +59,7 @@ static int test_tbl_standard(void)
*
***/
#include "internal/asn1_int.h"
#include "crypto/asn1.h"
#include "../crypto/asn1/standard_methods.h"
static int test_standard_methods(void)

2
test/asynciotest.c
View File

@@ -13,7 +13,7 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#include "ssltestlib.h"
#include "testutil.h"

2
test/bad_dtls_test.c
View File

@@ -37,7 +37,7 @@
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/kdf.h>
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#include "internal/nelem.h"
#include "testutil.h"

338
test/bntest.c
View File

@@ -1634,6 +1634,30 @@ static int file_modsqrt(STANZA *s)
return st;
}
static int file_gcd(STANZA *s)
{
BIGNUM *a = NULL, *b = NULL, *gcd = NULL, *ret = NULL;
int st = 0;
if (!TEST_ptr(a = getBN(s, "A"))
|| !TEST_ptr(b = getBN(s, "B"))
|| !TEST_ptr(gcd = getBN(s, "GCD"))
|| !TEST_ptr(ret = BN_new()))
goto err;
if (!TEST_true(BN_gcd(ret, a, b, ctx))
|| !equalBN("gcd(A,B)", gcd, ret))
goto err;
st = 1;
err:
BN_free(a);
BN_free(b);
BN_free(gcd);
BN_free(ret);
return st;
}
static int test_bn2padded(void)
{
#if HAVE_BN_PADDED
@@ -2352,6 +2376,316 @@ static int test_ctx_consttime_flag(void)
return st;
}
static int test_gcd_prime(void)
{
BIGNUM *a = NULL, *b = NULL, *gcd = NULL;
int i, st = 0;
if (!TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
|| !TEST_ptr(gcd = BN_new()))
goto err;
if (!TEST_true(BN_generate_prime_ex(a, 1024, 0, NULL, NULL, NULL)))
goto err;
for (i = 0; i < NUM0; i++) {
if (!TEST_true(BN_generate_prime_ex(b, 1024, 0,
NULL, NULL, NULL))
|| !TEST_true(BN_gcd(gcd, a, b, ctx))
|| !TEST_true(BN_is_one(gcd)))
goto err;
}
st = 1;
err:
BN_free(a);
BN_free(b);
BN_free(gcd);
return st;
}
typedef struct mod_exp_test_st
{
const char *base;
const char *exp;
const char *mod;
const char *res;
} MOD_EXP_TEST;
static const MOD_EXP_TEST ModExpTests[] = {
/* original test vectors for rsaz_512_sqr bug, by OSS-Fuzz */
{
"1166180238001879113042182292626169621106255558914000595999312084"
"4627946820899490684928760491249738643524880720584249698100907201"
"002086675047927600340800371",
"8000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000000"
"00000000",
"1340780792684523720980737645613191762604395855615117867483316354"
"3294276330515137663421134775482798690129946803802212663956180562"
"088664022929883876655300863",
"8243904058268085430037326628480645845409758077568738532059032482"
"8294114415890603594730158120426756266457928475330450251339773498"
"26758407619521544102068438"
},
{
"4974270041410803822078866696159586946995877618987010219312844726"
"0284386121835740784990869050050504348861513337232530490826340663"
"197278031692737429054",
"4974270041410803822078866696159586946995877428188754995041148539"
"1663243362592271353668158565195557417149981094324650322556843202"
"946445882670777892608",
"1340780716511420227215592830971452482815377482627251725537099028"
"4429769497230131760206012644403029349547320953206103351725462999"
"947509743623340557059752191",
"5296244594780707015616522701706118082963369547253192207884519362"
"1767869984947542695665420219028522815539559194793619684334900442"
"49304558011362360473525933"
},
/* test vectors for rsaz_512_srq bug, with rcx/rbx=1 */
{ /* between first and second iteration */
"5148719036160389201525610950887605325980251964889646556085286545"
"3931548809178823413169359635978762036512397113080988070677858033"
"36463909753993540214027190",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between second and third iteration */
"8908340854353752577419678771330460827942371434853054158622636544"
"8151360109722890949471912566649465436296659601091730745087014189"
"2672764191218875181826063",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between third and fourth iteration */
"3427446396505596330634350984901719674479522569002785244080234738"
"4288743635435746136297299366444548736533053717416735379073185344"
"26985272974404612945608761",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between fourth and fifth iteration */
"3472743044917564564078857826111874560045331237315597383869652985"
"6919870028890895988478351133601517365908445058405433832718206902"
"4088133164805266956353542",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between fifth and sixth iteration */
"3608632990153469264412378349742339216742409743898601587274768025"
"0110772032985643555192767717344946174122842255204082586753499651"
"14483434992887431333675068",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between sixth and seventh iteration */
"8455374370234070242910508226941981520235709767260723212165264877"
"8689064388017521524568434328264431772644802567028663962962025746"
"9283458217850119569539086",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between seventh and eighth iteration */
"5155371529688532178421209781159131443543419764974688878527112131"
"7446518205609427412336183157918981038066636807317733319323257603"
"04416292040754017461076359",
"1005585594745694782468051874865438459560952436544429503329267108"
"2791323022555160232601405723625177570767523893639864538140315412"
"108959927459825236754563832",
"1005585594745694782468051874865438459560952436544429503329267108"
"2791323022555160232601405723625177570767523893639864538140315412"
"108959927459825236754563833",
"1"
},
/* test vectors for rsaz_512_srq bug, with rcx/rbx=2 */
{ /* between first and second iteration */
"3155666506033786929967309937640790361084670559125912405342594979"
"4345142818528956285490897841406338022378565972533508820577760065"
"58494345853302083699912572",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between second and third iteration */
"3789819583801342198190405714582958759005991915505282362397087750"
"4213544724644823098843135685133927198668818185338794377239590049"
"41019388529192775771488319",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between third and forth iteration */
"4695752552040706867080542538786056470322165281761525158189220280"
"4025547447667484759200742764246905647644662050122968912279199065"
"48065034299166336940507214",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between forth and fifth iteration */
"2159140240970485794188159431017382878636879856244045329971239574"
"8919691133560661162828034323196457386059819832804593989740268964"
"74502911811812651475927076",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between fifth and sixth iteration */
"5239312332984325668414624633307915097111691815000872662334695514"
"5436533521392362443557163429336808208137221322444780490437871903"
"99972784701334569424519255",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between sixth and seventh iteration */
"1977953647322612860406858017869125467496941904523063466791308891"
"1172796739058531929470539758361774569875505293428856181093904091"
"33788264851714311303725089",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042158",
"6703903964971298549787012499102923063739682910296196688861780721"
"8608820150367734884009371490834517138450159290932430254268769414"
"05973284973216824503042159",
"1"
},
{ /* between seventh and eighth iteration */
"6456987954117763835533395796948878140715006860263624787492985786"
"8514630216966738305923915688821526449499763719943997120302368211"
"04813318117996225041943964",
"1340780792994259709957402499820584612747936582059239337772356144"
"3721764030073546976801874298166903427690031858186486050853753882"
"811946551499689575296532556",
"1340780792994259709957402499820584612747936582059239337772356144"
"3721764030073546976801874298166903427690031858186486050853753882"
"811946551499689575296532557",
"1"
}
};
static int test_mod_exp(int i)
{
const MOD_EXP_TEST *test = &ModExpTests[i];
int res = 0;
BIGNUM* result = NULL;
BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL;
char *s = NULL;
if (!TEST_ptr(result = BN_new())
|| !TEST_true(BN_dec2bn(&base, test->base))
|| !TEST_true(BN_dec2bn(&exponent, test->exp))
|| !TEST_true(BN_dec2bn(&modulo, test->mod)))
goto err;
if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1))
goto err;
if (!TEST_ptr(s = BN_bn2dec(result)))
goto err;
if (!TEST_mem_eq(s, strlen(s), test->res, strlen(test->res)))
goto err;
res = 1;
err:
OPENSSL_free(s);
BN_free(result);
BN_free(base);
BN_free(exponent);
BN_free(modulo);
return res;
}
static int test_mod_exp_consttime(int i)
{
const MOD_EXP_TEST *test = &ModExpTests[i];
int res = 0;
BIGNUM* result = NULL;
BIGNUM *base = NULL, *exponent = NULL, *modulo = NULL;
char *s = NULL;
if (!TEST_ptr(result = BN_new())
|| !TEST_true(BN_dec2bn(&base, test->base))
|| !TEST_true(BN_dec2bn(&exponent, test->exp))
|| !TEST_true(BN_dec2bn(&modulo, test->mod)))
goto err;
BN_set_flags(base, BN_FLG_CONSTTIME);
BN_set_flags(exponent, BN_FLG_CONSTTIME);
BN_set_flags(modulo, BN_FLG_CONSTTIME);
if (!TEST_int_eq(BN_mod_exp(result, base, exponent, modulo, ctx), 1))
goto err;
if (!TEST_ptr(s = BN_bn2dec(result)))
goto err;
if (!TEST_mem_eq(s, strlen(s), test->res, strlen(test->res)))
goto err;
res = 1;
err:
OPENSSL_free(s);
BN_free(result);
BN_free(base);
BN_free(exponent);
BN_free(modulo);
return res;
}
static int file_test_run(STANZA *s)
{
static const FILETEST filetests[] = {
@@ -2366,6 +2700,7 @@ static int file_test_run(STANZA *s)
{"ModExp", file_modexp},
{"Exp", file_exp},
{"ModSqrt", file_modsqrt},
{"GCD", file_gcd},
};
int numtests = OSSL_NELEM(filetests);
const FILETEST *tp = filetests;
@@ -2454,6 +2789,9 @@ int setup_tests(void)
#endif
ADD_ALL_TESTS(test_is_prime, (int)OSSL_NELEM(primes));
ADD_ALL_TESTS(test_not_prime, (int)OSSL_NELEM(not_primes));
ADD_TEST(test_gcd_prime);
ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests));
ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests));
} else {
ADD_ALL_TESTS(run_file_tests, n);
}

28
test/build.info
View File

@@ -12,7 +12,7 @@ IF[{- !$disabled{tests} -}]
SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \
testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \
testutil/format_output.c testutil/tap_bio.c \
testutil/test_cleanup.c testutil/main.c testutil/init.c \
testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \
testutil/random.c
INCLUDE[libtestutil.a]=../include
DEPEND[libtestutil.a]=../libcrypto
@@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
sysdefaulttest errtest gosttest
sysdefaulttest errtest ssl_ctx_test gosttest
SOURCE[versions]=versions.c
INCLUDE[versions]=../include
@@ -185,7 +185,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
DEPEND[evp_test]=../libcrypto libtestutil.a
SOURCE[evp_extra_test]=evp_extra_test.c
INCLUDE[evp_extra_test]=../include ../crypto/include
INCLUDE[evp_extra_test]=../include
DEPEND[evp_extra_test]=../libcrypto libtestutil.a
SOURCE[igetest]=igetest.c
@@ -393,7 +393,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
IF[{- !$disabled{shared} -}]
PROGRAMS_NO_INST=shlibloadtest
SOURCE[shlibloadtest]=shlibloadtest.c
INCLUDE[shlibloadtest]=../include ../crypto/include
INCLUDE[shlibloadtest]=../include
ENDIF
IF[{- $disabled{shared} -}]
@@ -463,15 +463,15 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
ENDIF
SOURCE[poly1305_internal_test]=poly1305_internal_test.c
INCLUDE[poly1305_internal_test]=.. ../include ../crypto/include
INCLUDE[poly1305_internal_test]=.. ../include
DEPEND[poly1305_internal_test]=../libcrypto.a libtestutil.a
SOURCE[chacha_internal_test]=chacha_internal_test.c
INCLUDE[chacha_internal_test]=.. ../include ../crypto/include
INCLUDE[chacha_internal_test]=.. ../include
DEPEND[chacha_internal_test]=../libcrypto.a libtestutil.a
SOURCE[asn1_internal_test]=asn1_internal_test.c
INCLUDE[asn1_internal_test]=.. ../include ../crypto/include
INCLUDE[asn1_internal_test]=.. ../include
DEPEND[asn1_internal_test]=../libcrypto.a libtestutil.a
SOURCE[modes_internal_test]=modes_internal_test.c
@@ -491,23 +491,23 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
DEPEND[wpackettest]=../libcrypto ../libssl.a libtestutil.a
SOURCE[ctype_internal_test]=ctype_internal_test.c
INCLUDE[ctype_internal_test]=.. ../crypto/include ../include
INCLUDE[ctype_internal_test]=.. ../include
DEPEND[ctype_internal_test]=../libcrypto.a libtestutil.a
SOURCE[siphash_internal_test]=siphash_internal_test.c
INCLUDE[siphash_internal_test]=.. ../include ../crypto/include
INCLUDE[siphash_internal_test]=.. ../include
DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a
SOURCE[sm2_internal_test]=sm2_internal_test.c
INCLUDE[sm2_internal_test]=../include ../crypto/include
INCLUDE[sm2_internal_test]=../include
DEPEND[sm2_internal_test]=../libcrypto.a libtestutil.a
SOURCE[sm4_internal_test]=sm4_internal_test.c
INCLUDE[sm4_internal_test]=.. ../include ../crypto/include
INCLUDE[sm4_internal_test]=.. ../include
DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a
SOURCE[ec_internal_test]=ec_internal_test.c
INCLUDE[ec_internal_test]=../include ../crypto/ec ../crypto/include
INCLUDE[ec_internal_test]=../include ../crypto/ec
DEPEND[ec_internal_test]=../libcrypto.a libtestutil.a
SOURCE[curve448_internal_test]=curve448_internal_test.c
@@ -560,6 +560,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
ENDIF
SOURCE[ssl_ctx_test]=ssl_ctx_test.c
INCLUDE[ssl_ctx_test]=../include
DEPEND[ssl_ctx_test]=../libcrypto ../libssl libtestutil.a
{-
use File::Spec::Functions;
use File::Basename;

10
test/certs/root-ed448-cert.pem Normal file
View File

@@ -0,0 +1,10 @@
-----BEGIN CERTIFICATE-----
MIIBeDCB+aADAgECAgEBMAUGAytlcTAVMRMwEQYDVQQDDApSb290IEVkNDQ4MCAX
DTIwMDIwOTEzMjY1NVoYDzIxMjAwMjEwMTMyNjU1WjAVMRMwEQYDVQQDDApSb290
IEVkNDQ4MEMwBQYDK2VxAzoAbbhuwNA/rdlgdLSyTJ6WaCVNO1gzccKiKW6pCADM
McMBCNiQqWSt4EIbHpqDc+eWoiKbG6t7tjUAo1MwUTAdBgNVHQ4EFgQUVg2aQ+yh
VRhOuW1l19jtgxfTgj8wHwYDVR0jBBgwFoAUVg2aQ+yhVRhOuW1l19jtgxfTgj8w
DwYDVR0TAQH/BAUwAwEB/zAFBgMrZXEDcwCiXlZXyMubWFqLYiLXfKYrurajBMON
lclLrYr57Syd+nAIlgXiF0rGK2PawoMPXVB3VWWSigEb54AImb6tsW42gC+zC6oq
nkPC2FTLXPvqqgGXUpK/OfhPUP9bWw6mcJaIozlyzJD4AyebN9LDrBqCMwA=
-----END CERTIFICATE-----

4
test/certs/root-ed448-key.pem Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOQeryQn6L8gItRarrM0pRHxjNdtaIz3BrWU2mwhLZQaq
8Cm6w5gP6aitAIde7Td3nQ55bIGC5roxFQ==
-----END PRIVATE KEY-----

21
test/certs/server-ed448-cert.pem
View File

@@ -1,14 +1,11 @@
-----BEGIN CERTIFICATE-----
MIICHTCCAQWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE4MDIyNzE1MDcxM1oYDzIxMTgwMjI4MTUwNzEzWjAQMQ4wDAYDVQQD
DAVFZDQ0ODBDMAUGAytlcQM6ABBicYlhG1s3AoG5BFmY3r50lJzjQoER4zwuieEe
QTvKxLEV06vGh79UWO6yQ5FxqmxvM1F/Xw7RAKNfMF0wHQYDVR0OBBYEFAwa1L4m
3pwA8+IEJ7K/4izrjJIHMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJ
MAkGA1UdEwQCMAAwEAYDVR0RBAkwB4IFRWQ0NDgwDQYJKoZIhvcNAQELBQADggEB
AAugH2aE6VvArnOVjKBtalqtHlx+NCC3+S65sdWc9A9sNgI1ZiN7dn76TKn5d0T7
NqV8nY1rwQg6WPGrCD6Eh63qhotytqYIxltppb4MOUJcz/Zf0ZwhB5bUfwNB//Ih
5aZT86FpXVuyMnwUTWPcISJqpZiBv95yzZFMpniHFvecvV445ly4TFW5y6VURh40
Tg4tMgjPTE7ADw+dX4FvnTWY3blxT1GzGxGvqWW4HgP8dOETnjmAwCzN0nUVmH9s
7ybHORcSljcpe0XH6L/K7mbI+r8mVLsAoIzUeDwUdKKJZ2uGEtdhQDmJBp4EjOXE
3qIn3wEQQ6ax4NIwkZihdLI=
MIIBlTCCARWgAwIBAgIBAjAFBgMrZXEwFTETMBEGA1UEAwwKUm9vdCBFZDQ0ODAg
Fw0yMDAyMDkxMzMwMjJaGA8yMTIwMDIxMDEzMzAyMlowEDEOMAwGA1UEAwwFZWQ0
NDgwQzAFBgMrZXEDOgAQYnGJYRtbNwKBuQRZmN6+dJSc40KBEeM8LonhHkE7ysSx
FdOrxoe/VFjuskORcapsbzNRf18O0QCjdDByMB0GA1UdDgQWBBQMGtS+Jt6cAPPi
BCeyv+Is64ySBzAfBgNVHSMEGDAWgBRWDZpD7KFVGE65bWXX2O2DF9OCPzAJBgNV
HRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBAGA1UdEQQJMAeCBWVkNDQ4MAUG
AytlcQNzABLGZiaU6JPKa9eQ/VsE4HN9XjSogZBKIEHEWwyxrtGvjWiZ5MOnNJmQ
7mX+Y2eJzfZ6MGHc63IlgPdIPFPzInnnAugw297kUNoLTg9SsGYeVGLbI3PNjwFL
mQ3508f1Jobb8qZnf8YFUZrd85aurgoKAA==
-----END CERTIFICATE-----

5
test/certs/setup.sh
View File

@@ -375,3 +375,8 @@ openssl req -new -nodes -subj "/CN=localhost" \
-pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 | \
./mkcert.sh geneenocsr "Server RSA-PSS restricted cert" \
server-pss-restrict-cert rootkey rootcert
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genroot "Root Ed448" \
root-ed448-key root-ed448-cert
OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \
server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert

2
test/chacha_internal_test.c
View File

@@ -15,7 +15,7 @@
#include <string.h>
#include <openssl/opensslconf.h>
#include "testutil.h"
#include "internal/chacha.h"
#include "crypto/chacha.h"
static const unsigned int key[] = {
0x03020100, 0x07060504, 0x0b0a0908, 0x0f0e0d0c,

2
test/cipher_overhead_test.c
View File

@@ -15,7 +15,7 @@
# pragma names as_is,shortened
#endif
#include "../ssl/ssl_locl.h"
#include "../ssl/ssl_local.h"
#ifdef __VMS
# pragma names restore

2
test/clienthellotest.c
View File

@@ -17,7 +17,7 @@
#include <openssl/err.h>
#include <time.h>
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#include "testutil.h"

2
test/constant_time_test.c
View File

@@ -11,7 +11,7 @@
#include <stdlib.h>
#include "internal/nelem.h"
#include "internal/constant_time_locl.h"
#include "internal/constant_time.h"
#include "testutil.h"
#include "internal/numbers.h"

2
test/ctype_internal_test.c
View File

@@ -8,7 +8,7 @@
*/
#include "testutil.h"
#include "internal/ctype.h"
#include "crypto/ctype.h"
#include "internal/nelem.h"
#include <ctype.h>
#include <stdio.h>

2
test/curve448_internal_test.c
View File

@@ -16,7 +16,7 @@
# pragma names as_is,shortened
#endif
#include "curve448_lcl.h"
#include "curve448_local.h"
#ifdef __VMS
# pragma names restore

4
test/drbg_cavs_data.h
View File

@@ -13,8 +13,8 @@
#include <stddef.h>
#ifndef DRBG_CAVS_DATA_H
# define DRBG_CAVS_DATA_H
#ifndef OSSL_TEST_DRBG_CAVS_DATA_H
# define OSSL_TEST_DRBG_CAVS_DATA_H
enum drbg_kat_type {
NO_RESEED,

2
test/drbg_cavs_test.c
View File

@@ -15,7 +15,7 @@
#include <openssl/obj_mac.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include "../crypto/rand/rand_lcl.h"
#include "../crypto/rand/rand_local.h"
#include "testutil.h"
#include "drbg_cavs_data.h"

4
test/drbgtest.c
View File

@@ -15,8 +15,8 @@
#include <openssl/obj_mac.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include "../crypto/rand/rand_lcl.h"
#include "../crypto/include/internal/rand_int.h"
#include "../crypto/rand/rand_local.h"
#include "../include/crypto/rand.h"
#if defined(_WIN32)
# include <windows.h>

2
test/dtls_mtu_test.c
View File

@@ -18,7 +18,7 @@
#include "testutil.h"
/* for SSL_READ_ETM() */
#include "../ssl/ssl_locl.h"
#include "../ssl/ssl_local.h"
static int debug = 0;

4
test/dtlstest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -122,7 +122,7 @@ static int test_dtls_unprocessed(int testidx)
#define CLI_TO_SRV_EPOCH_0_RECS 3
#define CLI_TO_SRV_EPOCH_1_RECS 1
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
# define SRV_TO_CLI_EPOCH_0_RECS 12
# define SRV_TO_CLI_EPOCH_0_RECS 10
#else
/*
* In this case we have no ServerKeyExchange message, because we don't have

2
test/ec_internal_test.c
View File

@@ -10,7 +10,7 @@
#include "internal/nelem.h"
#include "testutil.h"
#include <openssl/ec.h>
#include "ec_lcl.h"
#include "ec_local.h"
#include <openssl/objects.h>
static size_t crv_len = 0;

6
test/ecdsatest.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef ECDSATEST_CAVS_H
# define ECDSATEST_CAVS_H
#ifndef OSSL_TEST_ECDSATEST_H
# define OSSL_TEST_ECDSATEST_H
/*-
* NIST CAVP ECDSA KATs:
@@ -10211,4 +10211,4 @@ static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
"1c8c4343a8ecbf7c4d4e48f7d76d5658bc027c77086ec8b10097deb307d6"}
# endif /* OPENSSL_NO_EC2M */
};
#endif /* ECDSATEST_CAVS_H */
#endif /* OSSL_TEST_ECDSATEST_H */

103
test/ectest.c
View File

@@ -1999,7 +1999,107 @@ static int cardinality_test(int n)
BN_CTX_free(ctx);
return ret;
}
#endif
/*
* Helper for ec_point_hex2point_test
*
* Self-tests EC_POINT_point2hex() against EC_POINT_hex2point() for the given
* (group,P) pair.
*
* If P is NULL use point at infinity.
*/
static ossl_inline
int ec_point_hex2point_test_helper(const EC_GROUP *group, const EC_POINT *P,
point_conversion_form_t form,
BN_CTX *bnctx)
{
int ret = 0;
EC_POINT *Q = NULL, *Pinf = NULL;
char *hex = NULL;
if (P == NULL) {
/* If P is NULL use point at infinity. */
if (!TEST_ptr(Pinf = EC_POINT_new(group))
|| !TEST_true(EC_POINT_set_to_infinity(group, Pinf)))
goto err;
P = Pinf;
}
if (!TEST_ptr(hex = EC_POINT_point2hex(group, P, form, bnctx))
|| !TEST_ptr(Q = EC_POINT_hex2point(group, hex, NULL, bnctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, bnctx)))
goto err;
/*
* The next check is most likely superfluous, as EC_POINT_cmp should already
* cover this.
* Nonetheless it increases the test coverage for EC_POINT_is_at_infinity,
* so we include it anyway!
*/
if (Pinf != NULL
&& !TEST_true(EC_POINT_is_at_infinity(group, Q)))
goto err;
ret = 1;
err:
EC_POINT_free(Pinf);
OPENSSL_free(hex);
EC_POINT_free(Q);
return ret;
}
/*
* This test self-validates EC_POINT_hex2point() and EC_POINT_point2hex()
*/
static int ec_point_hex2point_test(int id)
{
int ret = 0, nid;
EC_GROUP *group = NULL;
const EC_POINT *G = NULL;
EC_POINT *P = NULL;
BN_CTX * bnctx = NULL;
/* Do some setup */
nid = curves[id].nid;
if (!TEST_ptr(bnctx = BN_CTX_new())
|| !TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))
|| !TEST_ptr(G = EC_GROUP_get0_generator(group))
|| !TEST_ptr(P = EC_POINT_dup(G, group)))
goto err;
if (!TEST_true(ec_point_hex2point_test_helper(group, P,
POINT_CONVERSION_COMPRESSED,
bnctx))
|| !TEST_true(ec_point_hex2point_test_helper(group, NULL,
POINT_CONVERSION_COMPRESSED,
bnctx))
|| !TEST_true(ec_point_hex2point_test_helper(group, P,
POINT_CONVERSION_UNCOMPRESSED,
bnctx))
|| !TEST_true(ec_point_hex2point_test_helper(group, NULL,
POINT_CONVERSION_UNCOMPRESSED,
bnctx))
|| !TEST_true(ec_point_hex2point_test_helper(group, P,
POINT_CONVERSION_HYBRID,
bnctx))
|| !TEST_true(ec_point_hex2point_test_helper(group, NULL,
POINT_CONVERSION_HYBRID,
bnctx)))
goto err;
ret = 1;
err:
EC_POINT_free(P);
EC_GROUP_free(group);
BN_CTX_free(bnctx);
return ret;
}
#endif /* OPENSSL_NO_EC */
int setup_tests(void)
{
@@ -2025,6 +2125,7 @@ int setup_tests(void)
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
ADD_ALL_TESTS(check_named_curve_from_ecparameters, crv_len);
ADD_ALL_TESTS(ec_point_hex2point_test, crv_len);
#endif /* OPENSSL_NO_EC */
return 1;
}

113
test/evp_extra_test.c
View File

@@ -18,9 +18,10 @@
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/kdf.h>
#include <openssl/dh.h>
#include "testutil.h"
#include "internal/nelem.h"
#include "internal/evp_int.h"
#include "crypto/evp.h"
/*
* kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
@@ -1069,6 +1070,109 @@ done:
}
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
static int test_decrypt_null_chunks(void)
{
EVP_CIPHER_CTX* ctx = NULL;
const unsigned char key[32] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
};
unsigned char iv[12] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
};
unsigned char msg[] = "It was the best of times, it was the worst of times";
unsigned char ciphertext[80];
unsigned char plaintext[80];
/* We initialise tmp to a non zero value on purpose */
int ctlen, ptlen, tmp = 99;
int ret = 0;
const int enc_offset = 10, dec_offset = 20;
if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
|| !TEST_true(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL,
key, iv))
|| !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
enc_offset))
/* Deliberate add a zero length update */
|| !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
0))
|| !TEST_int_eq(tmp, 0)
|| !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
msg + enc_offset,
sizeof(msg) - enc_offset))
|| !TEST_int_eq(ctlen += tmp, sizeof(msg))
|| !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
|| !TEST_int_eq(tmp, 0))
goto err;
/* Deliberately initialise tmp to a non zero value */
tmp = 99;
if (!TEST_true(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, key,
iv))
|| !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
dec_offset))
/*
* Deliberately add a zero length update. We also deliberately do
* this at a different offset than for encryption.
*/
|| !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
0))
|| !TEST_int_eq(tmp, 0)
|| !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
ciphertext + dec_offset,
ctlen - dec_offset))
|| !TEST_int_eq(ptlen += tmp, sizeof(msg))
|| !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
|| !TEST_int_eq(tmp, 0)
|| !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
goto err;
ret = 1;
err:
EVP_CIPHER_CTX_free(ctx);
return ret;
}
#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
#ifndef OPENSSL_NO_DH
static int test_EVP_PKEY_set1_DH(void)
{
DH *x942dh, *pkcs3dh;
EVP_PKEY *pkey1, *pkey2;
int ret = 0;
x942dh = DH_get_2048_256();
pkcs3dh = DH_new_by_nid(NID_ffdhe2048);
pkey1 = EVP_PKEY_new();
pkey2 = EVP_PKEY_new();
if (!TEST_ptr(x942dh)
|| !TEST_ptr(pkcs3dh)
|| !TEST_ptr(pkey1)
|| !TEST_ptr(pkey2))
goto err;
if(!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
|| !TEST_int_eq(EVP_PKEY_id(pkey1), EVP_PKEY_DHX))
goto err;
if(!TEST_true(EVP_PKEY_set1_DH(pkey2, pkcs3dh))
|| !TEST_int_eq(EVP_PKEY_id(pkey2), EVP_PKEY_DH))
goto err;
ret = 1;
err:
EVP_PKEY_free(pkey1);
EVP_PKEY_free(pkey2);
DH_free(x942dh);
DH_free(pkcs3dh);
return ret;
}
#endif
int setup_tests(void)
{
ADD_TEST(test_EVP_DigestSignInit);
@@ -1098,5 +1202,12 @@ int setup_tests(void)
ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
OSSL_NELEM(ec_der_pub_keys));
#endif
#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
ADD_TEST(test_decrypt_null_chunks);
#endif
#ifndef OPENSSL_NO_DH
ADD_TEST(test_EVP_PKEY_set1_DH);
#endif
return 1;
}

2
test/handshake_helper.c
View File

@@ -16,7 +16,7 @@
#include <openssl/srp.h>
#endif
#include "../ssl/ssl_locl.h"
#include "../ssl/ssl_local.h"
#include "internal/sockets.h"
#include "internal/nelem.h"
#include "handshake_helper.h"

6
test/handshake_helper.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_HANDSHAKE_HELPER_H
#define HEADER_HANDSHAKE_HELPER_H
#ifndef OSSL_TEST_HANDSHAKE_HELPER_H
#define OSSL_TEST_HANDSHAKE_HELPER_H
#include "ssl_test_ctx.h"
@@ -78,4 +78,4 @@ HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
SSL_CTX *resume_client_ctx,
const SSL_TEST_CTX *test_ctx);
#endif /* HEADER_HANDSHAKE_HELPER_H */
#endif /* OSSL_TEST_HANDSHAKE_HELPER_H */

23
test/hmactest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -173,6 +173,27 @@ static int test_hmac_run(void)
if (!TEST_str_eq(p, (char *)test[6].digest))
goto err;
/* Test reusing a key */
if (!TEST_true(HMAC_Init_ex(ctx, NULL, 0, NULL, NULL))
|| !TEST_true(HMAC_Update(ctx, test[6].data, test[6].data_len))
|| !TEST_true(HMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, (char *)test[6].digest))
goto err;
/*
* Test reusing a key where the digest is provided again but is the same as
* last time
*/
if (!TEST_true(HMAC_Init_ex(ctx, NULL, 0, EVP_sha256(), NULL))
|| !TEST_true(HMAC_Update(ctx, test[6].data, test[6].data_len))
|| !TEST_true(HMAC_Final(ctx, buf, &len)))
goto err;
p = pt(buf, len);
if (!TEST_str_eq(p, (char *)test[6].digest))
goto err;
ret = 1;
err:
HMAC_CTX_free(ctx);

2
test/modes_internal_test.c
View File

@@ -14,7 +14,7 @@
#include <openssl/aes.h>
#include <openssl/modes.h>
#include "../crypto/modes/modes_lcl.h"
#include "../crypto/modes/modes_local.h"
#include "testutil.h"
#include "internal/nelem.h"

6
test/ossl_shim/async_bio.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_ASYNC_BIO
#define HEADER_ASYNC_BIO
#ifndef OSSL_TEST_SHIM_ASYNC_BIO_H
#define OSSL_TEST_SHIM_ASYNC_BIO_H
#include <openssl/base.h>
#include <openssl/bio.h>
@@ -36,4 +36,4 @@ void AsyncBioAllowWrite(BIO *bio, size_t count);
void AsyncBioEnforceWriteQuota(BIO *bio, bool enforce);
#endif // HEADER_ASYNC_BIO
#endif // OSSL_TEST_SHIM_ASYNC_BIO_H

6
test/ossl_shim/include/openssl/base.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef OPENSSL_HEADER_BASE_H
#define OPENSSL_HEADER_BASE_H
#ifndef OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
#define OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H
/* Needed for BORINGSSL_MAKE_DELETER */
# include <openssl/bio.h>
@@ -108,4 +108,4 @@ BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
} /* extern C++ */
#endif /* OPENSSL_HEADER_BASE_H */
#endif /* OSSL_TEST_SHIM_INCLUDE_OPENSSL_BASE_H */

6
test/ossl_shim/packeted_bio.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_PACKETED_BIO
#define HEADER_PACKETED_BIO
#ifndef OSSL_TEST_SHIM_PACKETED_BIO_H
#define OSSL_TEST_SHIM_PACKETED_BIO_H
#include <openssl/base.h>
#include <openssl/bio.h>
@@ -32,4 +32,4 @@ timeval PacketedBioGetClock(const BIO *bio);
bool PacketedBioAdvanceClock(BIO *bio);
#endif // HEADER_PACKETED_BIO
#endif // OSSL_TEST_SHIM_PACKETED_BIO_H

6
test/ossl_shim/test_config.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_TEST_CONFIG
#define HEADER_TEST_CONFIG
#ifndef OSSL_TEST_SHIM_TEST_CONFIG_H
#define OSSL_TEST_SHIM_TEST_CONFIG_H
#include <string>
#include <vector>
@@ -85,4 +85,4 @@ struct TestConfig {
bool ParseConfig(int argc, char **argv, TestConfig *out_config);
#endif // HEADER_TEST_CONFIG
#endif // OSSL_TEST_SHIM_TEST_CONFIG_H

2
test/packettest.c
View File

@@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#include "testutil.h"
#define BUF_LEN 255

2
test/poly1305_internal_test.c
View File

@@ -13,7 +13,7 @@
#include <string.h>
#include "testutil.h"
#include "internal/poly1305.h"
#include "crypto/poly1305.h"
#include "../crypto/poly1305/poly1305_local.h"
#include "internal/nelem.h"

5
test/recipes/10-test_bn.t
View File

@@ -16,9 +16,8 @@ use OpenSSL::Test qw/:DEFAULT data_file/;
setup("test_bn");
my @files = (
"bnexp.txt", "bnmod.txt", "bnmul.txt", "bnshift.txt", "bnsum.txt"
);
my @files = qw( bnexp.txt bnmod.txt bnmul.txt bnshift.txt bnsum.txt bngcd.txt );
plan tests => 1 + scalar(@files);
foreach my $f ( @files ) {

17179
test/recipes/10-test_bn_data/bngcd.txt Normal file
View File

File diff suppressed because it is too large Load Diff

96
test/recipes/25-test_req.t
View File

@@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
setup("test_req");
plan tests => 9;
plan tests => 12;
require_ok(srctop_file('test','recipes','tconversion.pl'));
@@ -46,24 +46,84 @@ ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2])));
ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3])));
ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3])));
subtest "generating certificate requests with RSA" => sub {
plan tests => 2;
SKIP: {
skip "RSA is not supported by this OpenSSL build", 2
if disabled("rsa");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "testrsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests with DSA" => sub {
plan tests => 2;
SKIP: {
skip "DSA is not supported by this OpenSSL build", 2
if disabled("dsa");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "testdsa.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests with ECDSA" => sub {
plan tests => 2;
SKIP: {
skip "ECDSA is not supported by this OpenSSL build", 2
if disabled("ec");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-new", "-out", "testreq.pem", "-utf8",
"-key", srctop_file("test", "testec-p256.pem")])),
"Generating request");
ok(run(app(["openssl", "req",
"-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
}
};
subtest "generating certificate requests" => sub {
plan tests => 2;
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
@req_new, "-out", "testreq.pem"])),
@req_new, "-out", "testreq.pem"])),
"Generating request");
ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"),
"-verify", "-in", "testreq.pem", "-noout"])),
"-verify", "-in", "testreq.pem", "-noout"])),
"Verifying signature on request");
};
my @openssl_args = ("req", "-config", srctop_file("apps", "openssl.cnf"));
run_conversion('req conversions',
"testreq.pem");
"testreq.pem");
run_conversion('req conversions -- testreq2',
srctop_file("test", "testreq2.pem"));
srctop_file("test", "testreq2.pem"));
unlink "testkey.pem", "testreq.pem";
@@ -72,20 +132,20 @@ sub run_conversion {
my $reqfile = shift;
subtest $title => sub {
run(app(["openssl", @openssl_args,
"-in", $reqfile, "-inform", "p",
"-noout", "-text"],
stderr => "req-check.err", stdout => undef));
open DATA, "req-check.err";
SKIP: {
plan skip_all => "skipping req conversion test for $reqfile"
if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
run(app(["openssl", @openssl_args,
"-in", $reqfile, "-inform", "p",
"-noout", "-text"],
stderr => "req-check.err", stdout => undef));
open DATA, "req-check.err";
SKIP: {
plan skip_all => "skipping req conversion test for $reqfile"
if grep /Unknown Public Key/, map { s/\R//; } <DATA>;
tconversion("req", $reqfile, @openssl_args);
}
close DATA;
unlink "req-check.err";
tconversion("req", $reqfile, @openssl_args);
}
close DATA;
unlink "req-check.err";
done_testing();
done_testing();
};
}

10
test/recipes/30-test_evp_data/evpciph.txt
View File

@@ -2358,6 +2358,16 @@ Tag = 3615b7f90a651de15da20fb6
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1
# Test that the tag can be set after specifying AAD.
Cipher = ARIA-256-CCM
Key = 0c5ffd37a11edc42c325287fc0604f2e3e8cd5671a00fe3216aa5eb105783b54
IV = 000020e8f5eb00000000315e
AAD = 8008315ebf2e6fe020e8f5eb
Tag = 3615b7f90a651de15da20fb6
SetTagLate = TRUE
Plaintext = f57af5fd4ae19562976ec57a5a7ad55a5af5c5e5c5fdf5c55ad57a4a7272d57262e9729566ed66e97ac54a4a5a7ad5e15ae5fdd5fd5ac5d56ae56ad5c572d54ae54ac55a956afd6aed5a4ac562957a9516991691d572fd14e97ae962ed7a9f4a955af572e162f57a956666e17ae1f54a95f566d54a66e16e4afd6a9f7ae1c5c55ae5d56afde916c5e94a6ec56695e14afde1148416e94ad57ac5146ed59d1cc5
Ciphertext = ff78128ee18ee3cb9fb0d20726a017ff67fbd09d3a4c38aa32f6d306d3fdda378e459b83ed005507449d6cd981a4c1e3ff4193870c276ef09b6317a01a2283206ae4b4be0d0b235422c8abb00122410656b75e1ffc7fb49c0d0c5d6169aa7623610579968037aee8e83fc26264ea866590fd620aa3c0a5f323d953aa7f8defb0d0d60ab5a9de44dbaf8eae74ea3ab5f30594154f405fd630aa4c4d5603efdfa1
Title = SEED test vectors from RFC4269

59
test/recipes/70-test_sslsigalgs.t
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -53,7 +53,7 @@ use constant {
#Test 1: Default sig algs should succeed
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
plan tests => 22;
plan tests => 24;
ok(TLSProxy::Message->success, "Default sigalgs");
my $testtype;
@@ -132,19 +132,40 @@ SKIP: {
}
SKIP: {
skip "EC or TLSv1.2 disabled", 8 if disabled("tls1_2") || disabled("ec");
skip "EC or TLSv1.2 disabled", 10 if disabled("tls1_2") || disabled("ec");
$proxy->filter(\&sigalgs_filter);
#Test 10: Sending no sig algs extension in TLSv1.2 should succeed
#Test 10: Sending no sig algs extension in TLSv1.2 should succeed at
# security level 1
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3");
$proxy->ciphers("ECDHE-RSA-AES128-SHA");
$proxy->clientflags("-no_tls1_3 -cipher DEFAULT\@SECLEVEL=1");
$proxy->ciphers("ECDHE-RSA-AES128-SHA\@SECLEVEL=1");
$proxy->start();
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs");
ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs seclevel 1");
#Test 11: Sending an empty sig algs extension in TLSv1.2 should fail
#Test 11: Sending no sig algs extension in TLSv1.2 should fail at security
# level 2 since it will try to use SHA1. Testing client at level 1,
# server level 2.
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-tls1_2 -cipher DEFAULT\@SECLEVEL=1");
$proxy->ciphers("DEFAULT\@SECLEVEL=2");
$proxy->start();
ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs server seclevel 2");
#Test 12: Sending no sig algs extension in TLSv1.2 should fail at security
# level 2 since it will try to use SHA1. Testing client at level 2,
# server level 1.
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-tls1_2 -cipher DEFAULT\@SECLEVEL=2");
$proxy->ciphers("DEFAULT\@SECLEVEL=1");
$proxy->start();
ok(TLSProxy::Message->fail, "No TLSv1.2 sigalgs client seclevel 2");
#Test 13: Sending an empty sig algs extension in TLSv1.2 should fail
$proxy->clear();
$testtype = EMPTY_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3");
@@ -152,7 +173,7 @@ SKIP: {
$proxy->start();
ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs");
#Test 12: Sending a list with no recognised sig algs in TLSv1.2 should fail
#Test 14: Sending a list with no recognised sig algs in TLSv1.2 should fail
$proxy->clear();
$testtype = NO_KNOWN_SIG_ALGS;
$proxy->clientflags("-no_tls1_3");
@@ -160,7 +181,7 @@ SKIP: {
$proxy->start();
ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs");
#Test 13: Sending a sig algs list without pss for an RSA cert in TLSv1.2
#Test 15: Sending a sig algs list without pss for an RSA cert in TLSv1.2
# should succeed
$proxy->clear();
$testtype = NO_PSS_SIG_ALGS;
@@ -169,7 +190,7 @@ SKIP: {
$proxy->start();
ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs");
#Test 14: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
#Test 16: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed
$proxy->clear();
$testtype = PSS_ONLY_SIG_ALGS;
$proxy->serverflags("-no_tls1_3");
@@ -177,7 +198,7 @@ SKIP: {
$proxy->start();
ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2");
#Test 15: Responding with a sig alg we did not send in TLSv1.2 should fail
#Test 17: Responding with a sig alg we did not send in TLSv1.2 should fail
# We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256
# TODO(TLS1.3): Add a similar test to the TLSv1.3 section above
# when we have an API capable of configuring the TLSv1.3 sig algs
@@ -188,7 +209,7 @@ SKIP: {
$proxy->start();
ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2");
#Test 16: Sending a valid sig algs list but not including a sig type that
#Test 18: Sending a valid sig algs list but not including a sig type that
# matches the certificate should fail in TLSv1.2
$proxy->clear();
$proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256");
@@ -198,7 +219,7 @@ SKIP: {
ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs");
$proxy->filter(\&sigalgs_filter);
#Test 17: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
#Test 19: No sig algs extension, ECDSA cert, TLSv1.2 should succeed
$proxy->clear();
$testtype = NO_SIG_ALGS_EXT;
$proxy->clientflags("-no_tls1_3");
@@ -214,7 +235,7 @@ SKIP: {
my ($dsa_status, $sha1_status, $sha224_status);
SKIP: {
skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa");
#Test 18: signature_algorithms with 1.3-only ClientHello
#Test 20: signature_algorithms with 1.3-only ClientHello
$testtype = PURE_SIGALGS;
$dsa_status = $sha1_status = $sha224_status = 0;
$proxy->clear();
@@ -224,7 +245,7 @@ SKIP: {
ok($dsa_status && $sha1_status && $sha224_status,
"DSA/SHA2 sigalg sent for 1.3-only ClientHello");
#Test 19: signature_algorithms with backwards compatible ClientHello
#Test 21: signature_algorithms with backwards compatible ClientHello
SKIP: {
skip "TLSv1.2 disabled", 1 if disabled("tls1_2");
$testtype = COMPAT_SIGALGS;
@@ -239,21 +260,21 @@ SKIP: {
SKIP: {
skip "TLSv1.3 disabled", 3 if disabled("tls1_3");
#Test 20: Insert signature_algorithms_cert that match normal sigalgs
#Test 22: Insert signature_algorithms_cert that match normal sigalgs
$testtype = SIGALGS_CERT_ALL;
$proxy->clear();
$proxy->filter(\&modify_sigalgs_cert_filter);
$proxy->start();
ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3");
#Test 21: Insert signature_algorithms_cert that forces PKCS#1 cert
#Test 23: Insert signature_algorithms_cert that forces PKCS#1 cert
$testtype = SIGALGS_CERT_PKCS;
$proxy->clear();
$proxy->filter(\&modify_sigalgs_cert_filter);
$proxy->start();
ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert");
#Test 22: Insert signature_algorithms_cert that fails
#Test 24: Insert signature_algorithms_cert that fails
$testtype = SIGALGS_CERT_INVALID;
$proxy->clear();
$proxy->filter(\&modify_sigalgs_cert_filter);

4
test/run_tests.pl
View File

@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -90,7 +90,7 @@ my $ret = $harness->runtests(map { abs2rel($_, rel2abs(curdir())); }
# $ret->has_errors may be any number, not just 0 or 1. On VMS, numbers
# from 2 and on are used as is as VMS statuses, which has severity encoded
# in the lower 3 bits. 0 and 1, on the other hand, generate SUCCESS and
# FAILURE, so for currect reporting on all platforms, we make sure the only
# FAILURE, so for correct reporting on all platforms, we make sure the only
# exit codes are 0 and 1. Double-bang is the trick to do so.
exit !!$ret->has_errors if (ref($ret) eq "TAP::Parser::Aggregator");

2
test/servername_test.c
View File

@@ -18,7 +18,7 @@
#include <openssl/err.h>
#include <time.h>
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#include "testutil.h"
#include "internal/nelem.h"

2
test/shlibloadtest.c
View File

@@ -13,7 +13,7 @@
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include <openssl/ossl_typ.h>
#include "internal/dso_conf.h"
#include "crypto/dso_conf.h"
typedef void DSO;

2
test/siphash_internal_test.c
View File

@@ -14,7 +14,7 @@
#include <openssl/bio.h>
#include "testutil.h"
#include "internal/siphash.h"
#include "crypto/siphash.h"
#include "../crypto/siphash/siphash_local.h"
#include "internal/nelem.h"

2
test/sm2_internal_test.c
View File

@@ -21,7 +21,7 @@
#ifndef OPENSSL_NO_SM2
# include "internal/sm2.h"
# include "crypto/sm2.h"
static RAND_METHOD fake_rand;
static const RAND_METHOD *saved_rand;

2
test/sm4_internal_test.c
View File

@@ -17,7 +17,7 @@
#include "testutil.h"
#ifndef OPENSSL_NO_SM4
# include "internal/sm4.h"
# include "crypto/sm4.h"
static int test_sm4_ecb(void)
{

8
test/ssl-tests/20-cert-select.conf
View File

@@ -216,9 +216,9 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[4-Ed448 CipherString and Signature Algorithm Selection-client]
CipherString = aECDSA
MaxProtocol = TLSv1.2
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-cert.pem
RequestCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
SignatureAlgorithms = ed448:ECDSA+SHA256
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-4]
@@ -421,7 +421,7 @@ CipherString = aECDSA
Curves = X448
MaxProtocol = TLSv1.2
SignatureAlgorithms = ECDSA+SHA256:ed448
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-10]
@@ -1454,7 +1454,7 @@ PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
[44-TLS 1.3 Ed448 Signature Algorithm Selection-client]
CipherString = DEFAULT
SignatureAlgorithms = ed448
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-44]

5
test/ssl-tests/20-cert-select.conf.in
View File

@@ -134,7 +134,8 @@ our @tests = (
"CipherString" => "aECDSA",
"MaxProtocol" => "TLSv1.2",
"SignatureAlgorithms" => "ed448:ECDSA+SHA256",
"RequestCAFile" => test_pem("root-cert.pem"),
"RequestCAFile" => test_pem("root-ed448-cert.pem"),
"VerifyCAFile" => test_pem("root-ed448-cert.pem"),
},
test => {
"ExpectedServerCertType" =>, "Ed448",
@@ -231,6 +232,7 @@ our @tests = (
"CipherString" => "aECDSA",
"MaxProtocol" => "TLSv1.2",
"SignatureAlgorithms" => "ECDSA+SHA256:ed448",
"VerifyCAFile" => test_pem("root-ed448-cert.pem"),
# Excluding P-256 from the supported curves list means server
# certificate should be Ed25519 and not P-256
"Curves" => "X448"
@@ -727,6 +729,7 @@ my @tests_tls_1_3 = (
server => $server_tls_1_3,
client => {
"SignatureAlgorithms" => "ed448",
"VerifyCAFile" => test_pem("root-ed448-cert.pem"),
},
test => {
"ExpectedServerCertType" => "Ed448",

110
test/ssl-tests/28-seclevel.conf
View File

@@ -1,11 +1,13 @@
# Generated with generate_ssl_tests.pl
num_tests = 4
num_tests = 6
test-0 = 0-SECLEVEL 3 with default key
test-1 = 1-SECLEVEL 3 with ED448 key
test-2 = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE
test-3 = 3-SECLEVEL 3 with ED448 key, TLSv1.2
test-1 = 1-SECLEVEL 4 with ED448 key
test-2 = 2-SECLEVEL 5 server with ED448 key
test-3 = 3-SECLEVEL 5 client with ED448 key
test-4 = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE
test-5 = 5-SECLEVEL 3 with ED448 key, TLSv1.2
# ===========================================================
[0-SECLEVEL 3 with default key]
@@ -31,21 +33,21 @@ ExpectedResult = ServerFail
# ===========================================================
[1-SECLEVEL 3 with ED448 key]
ssl_conf = 1-SECLEVEL 3 with ED448 key-ssl
[1-SECLEVEL 4 with ED448 key]
ssl_conf = 1-SECLEVEL 4 with ED448 key-ssl
[1-SECLEVEL 3 with ED448 key-ssl]
server = 1-SECLEVEL 3 with ED448 key-server
client = 1-SECLEVEL 3 with ED448 key-client
[1-SECLEVEL 4 with ED448 key-ssl]
server = 1-SECLEVEL 4 with ED448 key-server
client = 1-SECLEVEL 4 with ED448 key-client
[1-SECLEVEL 3 with ED448 key-server]
[1-SECLEVEL 4 with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=3
CipherString = DEFAULT:@SECLEVEL=4
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[1-SECLEVEL 3 with ED448 key-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
[1-SECLEVEL 4 with ED448 key-client]
CipherString = DEFAULT:@SECLEVEL=4
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-1]
@@ -54,49 +56,95 @@ ExpectedResult = Success
# ===========================================================
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE]
ssl_conf = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
[2-SECLEVEL 5 server with ED448 key]
ssl_conf = 2-SECLEVEL 5 server with ED448 key-ssl
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
server = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
client = 2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
[2-SECLEVEL 5 server with ED448 key-ssl]
server = 2-SECLEVEL 5 server with ED448 key-server
client = 2-SECLEVEL 5 server with ED448 key-client
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
[2-SECLEVEL 5 server with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=5
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[2-SECLEVEL 5 server with ED448 key-client]
CipherString = DEFAULT:@SECLEVEL=4
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-2]
ExpectedResult = ServerFail
# ===========================================================
[3-SECLEVEL 5 client with ED448 key]
ssl_conf = 3-SECLEVEL 5 client with ED448 key-ssl
[3-SECLEVEL 5 client with ED448 key-ssl]
server = 3-SECLEVEL 5 client with ED448 key-server
client = 3-SECLEVEL 5 client with ED448 key-client
[3-SECLEVEL 5 client with ED448 key-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=4
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[3-SECLEVEL 5 client with ED448 key-client]
CipherString = DEFAULT:@SECLEVEL=5
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-3]
ExpectedResult = ServerFail
# ===========================================================
[4-SECLEVEL 3 with P-384 key, X25519 ECDHE]
ssl_conf = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl
[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-ssl]
server = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server
client = 4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client
[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-server]
Certificate = ${ENV::TEST_CERTS_DIR}/p384-server-cert.pem
CipherString = DEFAULT:@SECLEVEL=3
Groups = X25519
PrivateKey = ${ENV::TEST_CERTS_DIR}/p384-server-key.pem
[2-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
[4-SECLEVEL 3 with P-384 key, X25519 ECDHE-client]
CipherString = ECDHE:@SECLEVEL=3
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/p384-root.pem
VerifyMode = Peer
[test-2]
[test-4]
ExpectedResult = Success
# ===========================================================
[3-SECLEVEL 3 with ED448 key, TLSv1.2]
ssl_conf = 3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
[5-SECLEVEL 3 with ED448 key, TLSv1.2]
ssl_conf = 5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl
[3-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
server = 3-SECLEVEL 3 with ED448 key, TLSv1.2-server
client = 3-SECLEVEL 3 with ED448 key, TLSv1.2-client
[5-SECLEVEL 3 with ED448 key, TLSv1.2-ssl]
server = 5-SECLEVEL 3 with ED448 key, TLSv1.2-server
client = 5-SECLEVEL 3 with ED448 key, TLSv1.2-client
[3-SECLEVEL 3 with ED448 key, TLSv1.2-server]
[5-SECLEVEL 3 with ED448 key, TLSv1.2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
CipherString = DEFAULT:@SECLEVEL=3
MaxProtocol = TLSv1.2
PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
[3-SECLEVEL 3 with ED448 key, TLSv1.2-client]
[5-SECLEVEL 3 with ED448 key, TLSv1.2-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
VerifyMode = Peer
[test-3]
[test-5]
ExpectedResult = Success

35
test/ssl-tests/28-seclevel.conf.in
View File

@@ -1,5 +1,5 @@
# -*- mode: perl; -*-
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -23,13 +23,38 @@ our @tests = (
our @tests_ec = (
{
name => "SECLEVEL 3 with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
name => "SECLEVEL 4 with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") },
client => { },
client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "Success" },
},
{
# The Ed488 signature algorithm will not be enabled.
# Because of the config order, the certificate is first loaded, and
# then the security level is chaged. If you try this with s_server
# the order will be reversed and it will instead fail to load the key.
name => "SECLEVEL 5 server with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
"Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") },
client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "ServerFail" },
},
{
# The client will not sent the Ed488 signature algorithm, so the server
# doesn't have a useable signature algorithm for the certificate.
name => "SECLEVEL 5 client with ED448 key",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
"Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem") },
client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
"VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "ServerFail" },
},
{
name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
@@ -49,7 +74,7 @@ our @tests_tls1_2 = (
"Certificate" => test_pem("server-ed448-cert.pem"),
"PrivateKey" => test_pem("server-ed448-key.pem"),
"MaxProtocol" => "TLSv1.2" },
client => { },
client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
test => { "ExpectedResult" => "Success" },
},
);

2
test/ssl_cert_table_internal_test.c
View File

@@ -21,7 +21,7 @@
# pragma names as_is,shortened
#endif
#include "../ssl/ssl_locl.h"
#include "../ssl/ssl_local.h"
#include "../ssl/ssl_cert_table.h"
#ifdef __VMS

76
test/ssl_ctx_test.c Normal file
View File

@@ -0,0 +1,76 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "testutil.h"
#include <openssl/ssl.h>
typedef struct {
int min_version;
int max_version;
int min_ok;
int max_ok;
int expected_min;
int expected_max;
} version_test;
static const version_test version_testdata[] = {
/* min max ok expected min expected max */
{0, 0, 1, 1, 0, 0},
{TLS1_VERSION, TLS1_2_VERSION, 1, 1, TLS1_VERSION, TLS1_2_VERSION},
{TLS1_2_VERSION, TLS1_2_VERSION, 1, 1, TLS1_2_VERSION, TLS1_2_VERSION},
{TLS1_2_VERSION, TLS1_1_VERSION, 1, 0, TLS1_2_VERSION, 0},
{7, 42, 0, 0, 0, 0},
};
static int test_set_min_max_version(int idx_tst)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
int testresult = 0;
version_test t = version_testdata[idx_tst];
ctx = SSL_CTX_new(TLS_server_method());
if (ctx == NULL)
goto end;
ssl = SSL_new(ctx);
if (ssl == NULL)
goto end;
if (!TEST_int_eq(SSL_CTX_set_min_proto_version(ctx, t.min_version), t.min_ok))
goto end;
if (!TEST_int_eq(SSL_CTX_set_max_proto_version(ctx, t.max_version), t.max_ok))
goto end;
if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), t.expected_min))
goto end;
if (!TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), t.expected_max))
goto end;
if (!TEST_int_eq(SSL_set_min_proto_version(ssl, t.min_version), t.min_ok))
goto end;
if (!TEST_int_eq(SSL_set_max_proto_version(ssl, t.max_version), t.max_ok))
goto end;
if (!TEST_int_eq(SSL_get_min_proto_version(ssl), t.expected_min))
goto end;
if (!TEST_int_eq(SSL_get_max_proto_version(ssl), t.expected_max))
goto end;
testresult = 1;
end:
SSL_free(ssl);
SSL_CTX_free(ctx);
return testresult;
}
int setup_tests(void)
{
ADD_ALL_TESTS(test_set_min_max_version, sizeof(version_testdata) / sizeof(version_test));
return 1;
}

6
test/ssl_test_ctx.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_SSL_TEST_CTX_H
#define HEADER_SSL_TEST_CTX_H
#ifndef OSSL_TEST_SSL_TEST_CTX_H
#define OSSL_TEST_SSL_TEST_CTX_H
#include <openssl/conf.h>
#include <openssl/ssl.h>
@@ -250,4 +250,4 @@ SSL_TEST_CTX *SSL_TEST_CTX_new(void);
void SSL_TEST_CTX_free(SSL_TEST_CTX *ctx);
#endif /* HEADER_SSL_TEST_CTX_H */
#endif /* OSSL_TEST_SSL_TEST_CTX_H */

300
test/sslapitest.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,7 +22,7 @@
#include "testutil.h"
#include "testutil/output.h"
#include "internal/nelem.h"
#include "../ssl/ssl_locl.h"
#include "../ssl/ssl_local.h"
#ifndef OPENSSL_NO_TLS1_3
@@ -98,6 +98,17 @@ static unsigned char serverinfov2[] = {
0xff /* Dummy extension data */
};
static int hostname_cb(SSL *s, int *al, void *arg)
{
const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (hostname != NULL && (strcmp(hostname, "goodhost") == 0
|| strcmp(hostname, "altgoodhost") == 0))
return SSL_TLSEXT_ERR_OK;
return SSL_TLSEXT_ERR_NOACK;
}
static void client_keylog_callback(const SSL *ssl, const char *line)
{
int line_length = strlen(line);
@@ -581,6 +592,117 @@ end:
}
#endif
/*
* Very focused test to exercise a single case in the server-side state
* machine, when the ChangeCipherState message needs to actually change
* from one cipher to a different cipher (i.e., not changing from null
* encryption to real encryption).
*/
static int test_ccs_change_cipher(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
SSL_SESSION *sess = NULL, *sesspre, *sesspost;
int testresult = 0;
int i;
unsigned char buf;
size_t readbytes;
/*
* Create a conection so we can resume and potentially (but not) use
* a different cipher in the second connection.
*/
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, TLS1_2_VERSION,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_ptr(sesspre = SSL_get0_session(serverssl))
|| !TEST_ptr(sess = SSL_get1_session(clientssl)))
goto end;
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
/* Resume, preferring a different cipher. Our server will force the
* same cipher to be used as the initial handshake. */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sess))
|| !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384:AES128-GCM-SHA256"))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl))
|| !TEST_true(SSL_session_reused(serverssl))
|| !TEST_ptr(sesspost = SSL_get0_session(serverssl))
|| !TEST_ptr_eq(sesspre, sesspost)
|| !TEST_int_eq(TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl))))
goto end;
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
/*
* Now create a fresh connection and try to renegotiate a different
* cipher on it.
*/
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_cipher_list(clientssl, "AES128-GCM-SHA256"))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_ptr(sesspre = SSL_get0_session(serverssl))
|| !TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384"))
|| !TEST_true(SSL_renegotiate(clientssl))
|| !TEST_true(SSL_renegotiate_pending(clientssl)))
goto end;
/* Actually drive the renegotiation. */
for (i = 0; i < 3; i++) {
if (SSL_read_ex(clientssl, &buf, sizeof(buf), &readbytes) > 0) {
if (!TEST_ulong_eq(readbytes, 0))
goto end;
} else if (!TEST_int_eq(SSL_get_error(clientssl, 0),
SSL_ERROR_WANT_READ)) {
goto end;
}
if (SSL_read_ex(serverssl, &buf, sizeof(buf), &readbytes) > 0) {
if (!TEST_ulong_eq(readbytes, 0))
goto end;
} else if (!TEST_int_eq(SSL_get_error(serverssl, 0),
SSL_ERROR_WANT_READ)) {
goto end;
}
}
/* sesspre and sesspost should be different since the cipher changed. */
if (!TEST_false(SSL_renegotiate_pending(clientssl))
|| !TEST_false(SSL_session_reused(clientssl))
|| !TEST_false(SSL_session_reused(serverssl))
|| !TEST_ptr(sesspost = SSL_get0_session(serverssl))
|| !TEST_ptr_ne(sesspre, sesspost)
|| !TEST_int_eq(TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
SSL_CIPHER_get_id(SSL_get_current_cipher(clientssl))))
goto end;
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
SSL_SESSION_free(sess);
return testresult;
}
static int execute_test_large_message(const SSL_METHOD *smeth,
const SSL_METHOD *cmeth,
int min_version, int max_version,
@@ -2737,16 +2859,6 @@ static int test_early_data_not_sent(int idx)
return testresult;
}
static int hostname_cb(SSL *s, int *al, void *arg)
{
const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
return SSL_TLSEXT_ERR_OK;
return SSL_TLSEXT_ERR_NOACK;
}
static const char *servalpn;
static int alpn_select_cb(SSL *ssl, const unsigned char **out,
@@ -2839,16 +2951,16 @@ static int test_early_data_psk(int idx)
case 3:
/*
* Set inconsistent SNI (server detected). In this case the connection
* will succeed but reject early_data.
* Set inconsistent SNI (server side). In this case the connection
* will succeed and accept early_data. In TLSv1.3 on the server side SNI
* is associated with each handshake - not the session. Therefore it
* should not matter that we used a different server name last time.
*/
SSL_SESSION_free(serverpsk);
serverpsk = SSL_SESSION_dup(clientpsk);
if (!TEST_ptr(serverpsk)
|| !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
goto end;
edstatus = SSL_EARLY_DATA_REJECTED;
readearlyres = SSL_READ_EARLY_DATA_FINISH;
/* Fall through */
case 4:
/* Set consistent SNI */
@@ -6205,6 +6317,160 @@ static int test_ca_names(int tst)
return testresult;
}
/*
* Test 0: Client sets servername and server acknowledges it (TLSv1.2)
* Test 1: Client sets servername and server does not acknowledge it (TLSv1.2)
* Test 2: Client sets inconsistent servername on resumption (TLSv1.2)
* Test 3: Client does not set servername on initial handshake (TLSv1.2)
* Test 4: Client does not set servername on resumption handshake (TLSv1.2)
* Test 5: Client sets servername and server acknowledges it (TLSv1.3)
* Test 6: Client sets servername and server does not acknowledge it (TLSv1.3)
* Test 7: Client sets inconsistent servername on resumption (TLSv1.3)
* Test 8: Client does not set servername on initial handshake(TLSv1.3)
* Test 9: Client does not set servername on resumption handshake (TLSv1.3)
*/
static int test_servername(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
const char *sexpectedhost = NULL, *cexpectedhost = NULL;
#ifdef OPENSSL_NO_TLS1_2
if (tst <= 4)
return 1;
#endif
#ifdef OPENSSL_NO_TLS1_3
if (tst >= 5)
return 1;
#endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
(tst <= 4) ? TLS1_2_VERSION
: TLS1_3_VERSION,
&sctx, &cctx, cert, privkey))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (tst != 1 && tst != 6) {
if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
hostname_cb)))
goto end;
}
if (tst != 3 && tst != 8) {
if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")))
goto end;
sexpectedhost = cexpectedhost = "goodhost";
}
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (!TEST_str_eq(SSL_get_servername(clientssl, TLSEXT_NAMETYPE_host_name),
cexpectedhost)
|| !TEST_str_eq(SSL_get_servername(serverssl,
TLSEXT_NAMETYPE_host_name),
sexpectedhost))
goto end;
/* Now repeat with a resumption handshake */
if (!TEST_int_eq(SSL_shutdown(clientssl), 0)
|| !TEST_ptr_ne(sess = SSL_get1_session(clientssl), NULL)
|| !TEST_true(SSL_SESSION_is_resumable(sess))
|| !TEST_int_eq(SSL_shutdown(serverssl), 0))
goto end;
SSL_free(clientssl);
SSL_free(serverssl);
clientssl = serverssl = NULL;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL)))
goto end;
if (!TEST_true(SSL_set_session(clientssl, sess)))
goto end;
sexpectedhost = cexpectedhost = "goodhost";
if (tst == 2 || tst == 7) {
/* Set an inconsistent hostname */
if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "altgoodhost")))
goto end;
/*
* In TLSv1.2 we expect the hostname from the original handshake, in
* TLSv1.3 we expect the hostname from this handshake
*/
if (tst == 7)
sexpectedhost = cexpectedhost = "altgoodhost";
if (!TEST_str_eq(SSL_get_servername(clientssl,
TLSEXT_NAMETYPE_host_name),
"altgoodhost"))
goto end;
} else if (tst == 4 || tst == 9) {
/*
* A TLSv1.3 session does not associate a session with a servername,
* but a TLSv1.2 session does.
*/
if (tst == 9)
sexpectedhost = cexpectedhost = NULL;
if (!TEST_str_eq(SSL_get_servername(clientssl,
TLSEXT_NAMETYPE_host_name),
cexpectedhost))
goto end;
} else {
if (!TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost")))
goto end;
/*
* In a TLSv1.2 resumption where the hostname was not acknowledged
* we expect the hostname on the server to be empty. On the client we
* return what was requested in this case.
*
* Similarly if the client didn't set a hostname on an original TLSv1.2
* session but is now, the server hostname will be empty, but the client
* is as we set it.
*/
if (tst == 1 || tst == 3)
sexpectedhost = NULL;
if (!TEST_str_eq(SSL_get_servername(clientssl,
TLSEXT_NAMETYPE_host_name),
"goodhost"))
goto end;
}
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (!TEST_true(SSL_session_reused(clientssl))
|| !TEST_true(SSL_session_reused(serverssl))
|| !TEST_str_eq(SSL_get_servername(clientssl,
TLSEXT_NAMETYPE_host_name),
cexpectedhost)
|| !TEST_str_eq(SSL_get_servername(serverssl,
TLSEXT_NAMETYPE_host_name),
sexpectedhost))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
int setup_tests(void)
{
if (!TEST_ptr(certsdir = test_get_argument(0))
@@ -6268,6 +6534,7 @@ int setup_tests(void)
#endif
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_client_hello_cb);
ADD_TEST(test_ccs_change_cipher);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_early_data_read_write, 3);
@@ -6322,6 +6589,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_cert_cb, 6);
ADD_ALL_TESTS(test_client_cert_cb, 2);
ADD_ALL_TESTS(test_ca_names, 3);
ADD_ALL_TESTS(test_servername, 10);
return 1;
}

2
test/sslbuffertest.c
View File

@@ -13,7 +13,7 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#include "ssltestlib.h"
#include "testutil.h"

6
test/ssltestlib.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_SSLTESTLIB_H
# define HEADER_SSLTESTLIB_H
#ifndef OSSL_TEST_SSLTESTLIB_H
# define OSSL_TEST_SSLTESTLIB_H
# include <openssl/ssl.h>
@@ -53,4 +53,4 @@ typedef struct mempacket_st MEMPACKET;
DEFINE_STACK_OF(MEMPACKET)
#endif /* HEADER_SSLTESTLIB_H */
#endif /* OSSL_TEST_SSLTESTLIB_H */

2
test/test_test.c
View File

@@ -491,7 +491,7 @@ static int test_single_eval(void)
&& TEST_ptr_eq(p, buf + 1)
&& TEST_ptr_null(p = NULL)
/* strings */
&& TEST_str_eq(p = "123456" + 1, "23456")
&& TEST_str_eq(p = &("123456"[1]), "23456")
&& TEST_str_eq("3456", ++p)
&& TEST_str_ne(p++, "456")
/* memory */

6
test/testutil.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_TESTUTIL_H
# define HEADER_TESTUTIL_H
#ifndef OSSL_TESTUTIL_H
# define OSSL_TESTUTIL_H
#include <stdarg.h>
@@ -465,4 +465,4 @@ void test_random_seed(uint32_t sd);
/* Create a file path from a directory and a filename */
char *test_mk_file_path(const char *dir, const char *file);
#endif /* HEADER_TESTUTIL_H */
#endif /* OSSL_TESTUTIL_H */

6
test/testutil/output.h
View File

@@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_TU_OUTPUT_H
# define HEADER_TU_OUTPUT_H
#ifndef OSSL_TESTUTIL_OUTPUT_H
# define OSSL_TESTUTIL_OUTPUT_H
#include <stdarg.h>
@@ -29,4 +29,4 @@ int test_flush_stderr(void);
int test_printf_stdout(const char *fmt, ...);
int test_printf_stderr(const char *fmt, ...);
#endif /* HEADER_TU_OUTPUT_H */
#endif /* OSSL_TESTUTIL_OUTPUT_H */

0
test/testutil/init.c → test/testutil/testutil_init.c
View File

2
test/tls13ccstest.c
View File

@@ -11,7 +11,7 @@
#include <string.h>
#include "ssltestlib.h"
#include "testutil.h"
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
static char *cert = NULL;
static char *privkey = NULL;

4
test/tls13encryptiontest.c
View File

@@ -15,8 +15,8 @@
# pragma names as_is,shortened
#endif
#include "../ssl/ssl_locl.h"
#include "../ssl/record/record_locl.h"
#include "../ssl/ssl_local.h"
#include "../ssl/record/record_local.h"
#ifdef __VMS
# pragma names restore

2
test/tls13secretstest.c
View File

@@ -15,7 +15,7 @@
# pragma names as_is,shortened
#endif
#include "../ssl/ssl_locl.h"
#include "../ssl/ssl_local.h"
#ifdef __VMS
# pragma names restore

2
test/wpackettest.c
View File

@@ -15,7 +15,7 @@
# pragma names as_is,shortened
#endif
#include "../ssl/packet_locl.h"
#include "../ssl/packet_local.h"
#ifdef __VMS
# pragma names restore