Import OpenSSL 1.1.1f

2020-04-03 21:53:21 +01:00
parent 6f2f71e7ea
commit e531386a2f
993 changed files with 23821 additions and 3602 deletions
--- a/test/ssl-tests/28-seclevel.conf.in
+++ b/test/ssl-tests/28-seclevel.conf.in
@@ -1,5 +1,5 @@
 # -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -23,13 +23,38 @@ our @tests = (

 our @tests_ec = (
    {
-        name => "SECLEVEL 3 with ED448 key",
-        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
+        name => "SECLEVEL 4 with ED448 key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
                    "Certificate" => test_pem("server-ed448-cert.pem"),
                    "PrivateKey" => test_pem("server-ed448-key.pem") },
-        client => { },
+        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
        test   => { "ExpectedResult" => "Success" },
    },
+    {
+        # The Ed488 signature algorithm will not be enabled.
+        # Because of the config order, the certificate is first loaded, and
+        # then the security level is chaged. If you try this with s_server
+        # the order will be reversed and it will instead fail to load the key.
+        name => "SECLEVEL 5 server with ED448 key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
+                    "Certificate" => test_pem("server-ed448-cert.pem"),
+                    "PrivateKey" => test_pem("server-ed448-key.pem") },
+        client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
+        test   => { "ExpectedResult" => "ServerFail" },
+    },
+    {
+        # The client will not sent the Ed488 signature algorithm, so the server
+        # doesn't have a useable signature algorithm for the certificate.
+        name => "SECLEVEL 5 client with ED448 key",
+        server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Certificate" => test_pem("server-ed448-cert.pem"),
+                    "PrivateKey" => test_pem("server-ed448-key.pem") },
+        client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
+                    "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
+        test   => { "ExpectedResult" => "ServerFail" },
+    },
    {
        name => "SECLEVEL 3 with P-384 key, X25519 ECDHE",
        server => { "CipherString" => "DEFAULT:\@SECLEVEL=3",
@@ -49,7 +74,7 @@ our @tests_tls1_2 = (
                    "Certificate" => test_pem("server-ed448-cert.pem"),
                    "PrivateKey" => test_pem("server-ed448-key.pem"),
                    "MaxProtocol" => "TLSv1.2" },
-        client => { },
+        client => { "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
        test   => { "ExpectedResult" => "Success" },
    },
 );