Changeset 105945 in vbox
- Timestamp:
- Sep 4, 2024 11:32:47 AM (8 months ago)
- svn:sync-xref-src-repo-rev:
- 164679
- Location:
- trunk/src/libs/openssl-3.1.7
- Files:
-
- 105 edited
-
. (modified) (1 prop)
-
Config.kmk (modified) (1 diff)
-
NOTES-NONSTOP.md (modified) (1 diff)
-
crypto/aes/asm/aesp8-ppc.pl (modified) (46 diffs)
-
crypto/aes/build.info (modified) (2 diffs)
-
crypto/asn1/a_d2i_fp.c (modified) (2 diffs)
-
crypto/asn1/a_mbstr.c (modified) (4 diffs)
-
crypto/asn1/a_strex.c (modified) (5 diffs)
-
crypto/asn1/a_verify.c (modified) (2 diffs)
-
crypto/asn1/tasn_fre.c (modified) (2 diffs)
-
crypto/bio/bf_readbuff.c (modified) (2 diffs)
-
crypto/bio/bio_addr.c (modified) (2 diffs)
-
crypto/bio/bio_lib.c (modified) (2 diffs)
-
crypto/bio/bio_sock.c (modified) (2 diffs)
-
crypto/bn/bn_lib.c (modified) (6 diffs)
-
crypto/bn/bn_rand.c (modified) (8 diffs)
-
crypto/bn/bn_shift.c (modified) (3 diffs)
-
crypto/conf/conf_def.c (modified) (2 diffs)
-
crypto/conf/conf_lib.c (modified) (2 diffs)
-
crypto/conf/conf_sap.c (modified) (2 diffs)
-
crypto/context.c (modified) (2 diffs)
-
crypto/dsa/dsa_check.c (modified) (6 diffs)
-
crypto/dsa/dsa_ossl.c (modified) (2 diffs)
-
crypto/dsa/dsa_sign.c (modified) (3 diffs)
-
crypto/ec/build.info (modified) (1 diff)
-
crypto/ec/curve448/arch_64/f_impl64.c (modified) (2 diffs)
-
crypto/ec/ecdsa_ossl.c (modified) (5 diffs)
-
crypto/encode_decode/encoder_lib.c (modified) (2 diffs)
-
crypto/engine/eng_pkey.c (modified) (2 diffs)
-
crypto/engine/eng_table.c (modified) (2 diffs)
-
crypto/err/openssl.ec (modified) (1 diff)
-
crypto/ess/ess_lib.c (modified) (2 diffs)
-
crypto/evp/ctrl_params_translate.c (modified) (3 diffs)
-
crypto/evp/digest.c (modified) (2 diffs)
-
crypto/evp/keymgmt_lib.c (modified) (2 diffs)
-
crypto/evp/names.c (modified) (5 diffs)
-
crypto/evp/p_lib.c (modified) (2 diffs)
-
crypto/evp/pmeth_lib.c (modified) (3 diffs)
-
crypto/evp/signature.c (modified) (8 diffs)
-
crypto/init.c (modified) (2 diffs)
-
crypto/o_str.c (modified) (4 diffs)
-
crypto/objects/obj_dat.c (modified) (2 diffs)
-
crypto/pkcs12/p12_crt.c (modified) (2 diffs)
-
crypto/pkcs7/pk7_doit.c (modified) (2 diffs)
-
crypto/property/property.c (modified) (5 diffs)
-
crypto/property/property_parse.c (modified) (2 diffs)
-
crypto/provider_core.c (modified) (2 diffs)
-
crypto/rand/randfile.c (modified) (3 diffs)
-
crypto/rsa/rsa_oaep.c (modified) (2 diffs)
-
crypto/sha/build.info (modified) (1 diff)
-
crypto/sm2/sm2_crypt.c (modified) (6 diffs)
-
crypto/sm2/sm2_sign.c (modified) (6 diffs)
-
crypto/sm4/build.info (modified) (1 diff)
-
crypto/x509/v3_addr.c (modified) (1 diff)
-
crypto/x509/v3_utl.c (modified) (2 diffs)
-
crypto/x509/x_name.c (modified) (2 diffs)
-
test/bad_dtls_test.c (modified) (3 diffs)
-
test/build.info (modified) (3 diffs)
-
test/cmp_hdr_test.c (modified) (7 diffs)
-
test/crltest.c (modified) (4 diffs)
-
test/ct_test.c (modified) (2 diffs)
-
test/dsatest.c (modified) (3 diffs)
-
test/ecdsatest.c (modified) (2 diffs)
-
test/ecstresstest.c (modified) (2 diffs)
-
test/endecode_test.c (modified) (6 diffs)
-
test/evp_extra_test.c (modified) (9 diffs)
-
test/evp_kdf_test.c (modified) (2 diffs)
-
test/evp_pkey_provided_test.c (modified) (14 diffs)
-
test/evp_test.c (modified) (5 diffs)
-
test/helpers/handshake.c (modified) (2 diffs)
-
test/helpers/ssltestlib.c (modified) (3 diffs)
-
test/helpers/ssltestlib.h (modified) (2 diffs)
-
test/hexstr_test.c (modified) (2 diffs)
-
test/keymgmt_internal_test.c (modified) (3 diffs)
-
test/pkey_meth_kdf_test.c (modified) (6 diffs)
-
test/prov_config_test.c (modified) (7 diffs)
-
test/provider_fallback_test.c (modified) (2 diffs)
-
test/provider_internal_test.c (modified) (2 diffs)
-
test/provider_status_test.c (modified) (4 diffs)
-
test/provider_test.c (modified) (2 diffs)
-
test/recipes/03-test_fipsinstall.t (modified) (2 diffs)
-
test/recipes/04-test_conf.t (modified) (2 diffs)
-
test/recipes/25-test_eai_data.t (modified) (4 diffs)
-
test/recipes/25-test_req.t (modified) (2 diffs)
-
test/recipes/30-test_evp_data/evppkey_dsa.txt (modified) (5 diffs)
-
test/recipes/30-test_evp_data/evppkey_ecdsa.txt (modified) (2 diffs)
-
test/recipes/30-test_evp_data/evppkey_rsa_common.txt (modified) (2 diffs)
-
test/recipes/30-test_prov_config.t (modified) (3 diffs)
-
test/recipes/80-test_pkcs12.t (modified) (2 diffs)
-
test/recipes/90-test_shlibload.t (modified) (2 diffs)
-
test/recipes/90-test_sslapi.t (modified) (11 diffs)
-
test/sm2_internal_test.c (modified) (4 diffs)
-
test/ssl-tests/08-npn.cnf (modified) (14 diffs)
-
test/ssl-tests/08-npn.cnf.in (modified) (2 diffs)
-
test/ssl-tests/09-alpn.cnf (modified) (3 diffs)
-
test/ssl-tests/09-alpn.cnf.in (modified) (2 diffs)
-
test/ssl-tests/14-curves.cnf.in (modified) (1 diff)
-
test/ssl-tests/20-cert-select.cnf (modified) (13 diffs)
-
test/ssl-tests/20-cert-select.cnf.in (modified) (2 diffs)
-
test/ssl-tests/28-seclevel.cnf.in (modified) (3 diffs)
-
test/sslapitest.c (modified) (26 diffs)
-
test/sslbuffertest.c (modified) (4 diffs)
-
test/test.cnf (modified) (1 diff)
-
test/tls-provider.c (modified) (5 diffs)
-
test/v3ext.c (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/libs/openssl-3.1.7
- Property svn:mergeinfo
-
old new 25 25 /vendor/openssl/3.0.3:151497-151729 26 26 /vendor/openssl/3.0.7:154371 27 /vendor/openssl/3.1.7:164675-164677
-
- Property svn:mergeinfo
-
trunk/src/libs/openssl-3.1.7/Config.kmk
r104078 r105945 42 42 43 43 # Can't use relative paths when dealing with sub-makefiles. 44 VBOX_PATH_OPENSSL := $(PATH_ROOT)/src/libs/openssl-3.1. 544 VBOX_PATH_OPENSSL := $(PATH_ROOT)/src/libs/openssl-3.1.7 45 45 VBOX_PATH_CRYPTO := $(VBOX_PATH_OPENSSL)/crypto 46 46 VBOX_PATH_CRYPTO_GENASM := $(VBOX_PATH_CRYPTO)/genasm-$(VBOX_CRYPTO_ASM_SCHEME) -
trunk/src/libs/openssl-3.1.7/NOTES-NONSTOP.md
r104078 r105945 57 57 components. 58 58 59 A resolution to this situation is under investigation. 59 It is possible to configure the build with `no-atexit` to avoid the SIGSEGV. 60 Preferably, you can explicitly call `OPENSSL_cleanup()` from your application. 61 It is not mandatory as it just deallocates various global data structures 62 OpenSSL allocated. 60 63 61 64 About Prefix and OpenSSLDir -
trunk/src/libs/openssl-3.1.7/crypto/aes/asm/aesp8-ppc.pl
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2014-202 0The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 100 100 .long 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c ?rev 101 101 .long 0,0,0,0 ?asis 102 .long 0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe 102 103 Lconsts: 103 104 mflr r0 104 105 bcl 20,31,\$+4 105 106 mflr $ptr #vvvvv "distance between . and rcon 106 addi $ptr,$ptr,-0x 48107 addi $ptr,$ptr,-0x58 107 108 mtlr r0 108 109 blr … … 2406 2407 my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31)); 2407 2408 $x00=0 if ($flavour =~ /osx/); 2408 my ($in0, $in1, $in2, $in3, $in4, $in5 2409 my ($in0, $in1, $in2, $in3, $in4, $in5)=map("v$_",(0..5)); 2409 2410 my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16)); 2410 2411 my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22)); … … 2461 2462 mtspr 256,r0 2462 2463 2464 # Reverse eighty7 to 0x010101..87 2465 xxlor 2, 32+$eighty7, 32+$eighty7 2466 vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 2467 xxlor 1, 32+$eighty7, 32+$eighty7 2468 2469 # Load XOR contents. 0xf102132435465768798a9bacbdcedfe 2470 mr $x70, r6 2471 bl Lconsts 2472 lxvw4x 0, $x40, r6 # load XOR contents 2473 mr r6, $x70 2474 li $x70,0x70 2475 2463 2476 subi $rounds,$rounds,3 # -4 in total 2464 2477 … … 2503 2516 lvx v25,$x10,$key_ # pre-load round[2] 2504 2517 2518 # Switch to use the following codes with 0x010101..87 to generate tweak. 2519 # eighty7 = 0x010101..87 2520 # vsrab tmp, tweak, seven # next tweak value, right shift 7 bits 2521 # vand tmp, tmp, eighty7 # last byte with carry 2522 # vaddubm tweak, tweak, tweak # left shift 1 bit (x2) 2523 # xxlor vsx, 0, 0 2524 # vpermxor tweak, tweak, tmp, vsx 2525 2505 2526 vperm $in0,$inout,$inptail,$inpperm 2506 2527 subi $inp,$inp,31 # undo "caller" … … 2508 2529 vsrab $tmp,$tweak,$seven # next tweak value 2509 2530 vaddubm $tweak,$tweak,$tweak 2510 vsldoi $tmp,$tmp,$tmp,152511 2531 vand $tmp,$tmp,$eighty7 2512 2532 vxor $out0,$in0,$twk0 2513 vxor $tweak,$tweak,$tmp 2533 xxlor 32+$in1, 0, 0 2534 vpermxor $tweak, $tweak, $tmp, $in1 2514 2535 2515 2536 lvx_u $in1,$x10,$inp … … 2517 2538 vsrab $tmp,$tweak,$seven # next tweak value 2518 2539 vaddubm $tweak,$tweak,$tweak 2519 vsldoi $tmp,$tmp,$tmp,152520 2540 le?vperm $in1,$in1,$in1,$leperm 2521 2541 vand $tmp,$tmp,$eighty7 2522 2542 vxor $out1,$in1,$twk1 2523 vxor $tweak,$tweak,$tmp 2543 xxlor 32+$in2, 0, 0 2544 vpermxor $tweak, $tweak, $tmp, $in2 2524 2545 2525 2546 lvx_u $in2,$x20,$inp … … 2528 2549 vsrab $tmp,$tweak,$seven # next tweak value 2529 2550 vaddubm $tweak,$tweak,$tweak 2530 vsldoi $tmp,$tmp,$tmp,152531 2551 le?vperm $in2,$in2,$in2,$leperm 2532 2552 vand $tmp,$tmp,$eighty7 2533 2553 vxor $out2,$in2,$twk2 2534 vxor $tweak,$tweak,$tmp 2554 xxlor 32+$in3, 0, 0 2555 vpermxor $tweak, $tweak, $tmp, $in3 2535 2556 2536 2557 lvx_u $in3,$x30,$inp … … 2539 2560 vsrab $tmp,$tweak,$seven # next tweak value 2540 2561 vaddubm $tweak,$tweak,$tweak 2541 vsldoi $tmp,$tmp,$tmp,152542 2562 le?vperm $in3,$in3,$in3,$leperm 2543 2563 vand $tmp,$tmp,$eighty7 2544 2564 vxor $out3,$in3,$twk3 2545 vxor $tweak,$tweak,$tmp 2565 xxlor 32+$in4, 0, 0 2566 vpermxor $tweak, $tweak, $tmp, $in4 2546 2567 2547 2568 lvx_u $in4,$x40,$inp … … 2550 2571 vsrab $tmp,$tweak,$seven # next tweak value 2551 2572 vaddubm $tweak,$tweak,$tweak 2552 vsldoi $tmp,$tmp,$tmp,152553 2573 le?vperm $in4,$in4,$in4,$leperm 2554 2574 vand $tmp,$tmp,$eighty7 2555 2575 vxor $out4,$in4,$twk4 2556 vxor $tweak,$tweak,$tmp 2576 xxlor 32+$in5, 0, 0 2577 vpermxor $tweak, $tweak, $tmp, $in5 2557 2578 2558 2579 lvx_u $in5,$x50,$inp … … 2561 2582 vsrab $tmp,$tweak,$seven # next tweak value 2562 2583 vaddubm $tweak,$tweak,$tweak 2563 vsldoi $tmp,$tmp,$tmp,152564 2584 le?vperm $in5,$in5,$in5,$leperm 2565 2585 vand $tmp,$tmp,$eighty7 2566 2586 vxor $out5,$in5,$twk5 2567 vxor $tweak,$tweak,$tmp 2587 xxlor 32+$in0, 0, 0 2588 vpermxor $tweak, $tweak, $tmp, $in0 2568 2589 2569 2590 vxor v31,v31,$rndkey0 … … 2591 2612 bdnz Loop_xts_enc6x 2592 2613 2614 xxlor 32+$eighty7, 1, 1 # 0x010101..87 2615 2593 2616 subic $len,$len,96 # $len-=96 2594 2617 vxor $in0,$twk0,v31 # xor with last round key … … 2600 2623 vcipher $out2,$out2,v24 2601 2624 vcipher $out3,$out3,v24 2602 vsldoi $tmp,$tmp,$tmp,152603 2625 vcipher $out4,$out4,v24 2604 2626 vcipher $out5,$out5,v24 … … 2608 2630 vcipher $out0,$out0,v25 2609 2631 vcipher $out1,$out1,v25 2610 vxor $tweak,$tweak,$tmp 2632 xxlor 32+$in1, 0, 0 2633 vpermxor $tweak, $tweak, $tmp, $in1 2611 2634 vcipher $out2,$out2,v25 2612 2635 vcipher $out3,$out3,v25 … … 2619 2642 and r0,r0,$len 2620 2643 vaddubm $tweak,$tweak,$tweak 2621 vsldoi $tmp,$tmp,$tmp,152622 2644 vcipher $out0,$out0,v26 2623 2645 vcipher $out1,$out1,v26 … … 2625 2647 vcipher $out2,$out2,v26 2626 2648 vcipher $out3,$out3,v26 2627 vxor $tweak,$tweak,$tmp 2649 xxlor 32+$in2, 0, 0 2650 vpermxor $tweak, $tweak, $tmp, $in2 2628 2651 vcipher $out4,$out4,v26 2629 2652 vcipher $out5,$out5,v26 … … 2639 2662 vcipher $out0,$out0,v27 2640 2663 vcipher $out1,$out1,v27 2641 vsldoi $tmp,$tmp,$tmp,152642 2664 vcipher $out2,$out2,v27 2643 2665 vcipher $out3,$out3,v27 … … 2647 2669 2648 2670 addi $key_,$sp,$FRAME+15 # rewind $key_ 2649 vxor $tweak,$tweak,$tmp 2671 xxlor 32+$in3, 0, 0 2672 vpermxor $tweak, $tweak, $tmp, $in3 2650 2673 vcipher $out0,$out0,v28 2651 2674 vcipher $out1,$out1,v28 … … 2656 2679 vcipher $out3,$out3,v28 2657 2680 vaddubm $tweak,$tweak,$tweak 2658 vsldoi $tmp,$tmp,$tmp,152659 2681 vcipher $out4,$out4,v28 2660 2682 vcipher $out5,$out5,v28 … … 2664 2686 vcipher $out0,$out0,v29 2665 2687 vcipher $out1,$out1,v29 2666 vxor $tweak,$tweak,$tmp 2688 xxlor 32+$in4, 0, 0 2689 vpermxor $tweak, $tweak, $tmp, $in4 2667 2690 vcipher $out2,$out2,v29 2668 2691 vcipher $out3,$out3,v29 … … 2674 2697 lvx v25,$x10,$key_ # re-pre-load round[2] 2675 2698 vaddubm $tweak,$tweak,$tweak 2676 vsldoi $tmp,$tmp,$tmp,152677 2699 2678 2700 vcipher $out0,$out0,v30 … … 2681 2703 vcipher $out2,$out2,v30 2682 2704 vcipher $out3,$out3,v30 2683 vxor $tweak,$tweak,$tmp 2705 xxlor 32+$in5, 0, 0 2706 vpermxor $tweak, $tweak, $tmp, $in5 2684 2707 vcipher $out4,$out4,v30 2685 2708 vcipher $out5,$out5,v30 … … 2691 2714 lvx_u $in0,$x00,$inp # load next input block 2692 2715 vaddubm $tweak,$tweak,$tweak 2693 vsldoi $tmp,$tmp,$tmp,152694 2716 vcipherlast $out1,$out1,$in1 2695 2717 lvx_u $in1,$x10,$inp … … 2704 2726 le?vperm $in2,$in2,$in2,$leperm 2705 2727 lvx_u $in4,$x40,$inp 2706 vxor $tweak,$tweak,$tmp 2728 xxlor 10, 32+$in0, 32+$in0 2729 xxlor 32+$in0, 0, 0 2730 vpermxor $tweak, $tweak, $tmp, $in0 2731 xxlor 32+$in0, 10, 10 2707 2732 vcipherlast $tmp,$out5,$in5 # last block might be needed 2708 2733 # in stealing mode … … 2736 2761 mtctr $rounds 2737 2762 beq Loop_xts_enc6x # did $len-=96 borrow? 2763 2764 xxlor 32+$eighty7, 2, 2 # 0x870101..01 2738 2765 2739 2766 addic. $len,$len,0x60 … … 3113 3140 mtspr 256,r0 3114 3141 3142 # Reverse eighty7 to 0x010101..87 3143 xxlor 2, 32+$eighty7, 32+$eighty7 3144 vsldoi $eighty7,$tmp,$eighty7,1 # 0x010101..87 3145 xxlor 1, 32+$eighty7, 32+$eighty7 3146 3147 # Load XOR contents. 0xf102132435465768798a9bacbdcedfe 3148 mr $x70, r6 3149 bl Lconsts 3150 lxvw4x 0, $x40, r6 # load XOR contents 3151 mr r6, $x70 3152 li $x70,0x70 3153 3115 3154 subi $rounds,$rounds,3 # -4 in total 3116 3155 … … 3160 3199 vsrab $tmp,$tweak,$seven # next tweak value 3161 3200 vaddubm $tweak,$tweak,$tweak 3162 vsldoi $tmp,$tmp,$tmp,153163 3201 vand $tmp,$tmp,$eighty7 3164 3202 vxor $out0,$in0,$twk0 3165 vxor $tweak,$tweak,$tmp 3203 xxlor 32+$in1, 0, 0 3204 vpermxor $tweak, $tweak, $tmp, $in1 3166 3205 3167 3206 lvx_u $in1,$x10,$inp … … 3169 3208 vsrab $tmp,$tweak,$seven # next tweak value 3170 3209 vaddubm $tweak,$tweak,$tweak 3171 vsldoi $tmp,$tmp,$tmp,153172 3210 le?vperm $in1,$in1,$in1,$leperm 3173 3211 vand $tmp,$tmp,$eighty7 3174 3212 vxor $out1,$in1,$twk1 3175 vxor $tweak,$tweak,$tmp 3213 xxlor 32+$in2, 0, 0 3214 vpermxor $tweak, $tweak, $tmp, $in2 3176 3215 3177 3216 lvx_u $in2,$x20,$inp … … 3180 3219 vsrab $tmp,$tweak,$seven # next tweak value 3181 3220 vaddubm $tweak,$tweak,$tweak 3182 vsldoi $tmp,$tmp,$tmp,153183 3221 le?vperm $in2,$in2,$in2,$leperm 3184 3222 vand $tmp,$tmp,$eighty7 3185 3223 vxor $out2,$in2,$twk2 3186 vxor $tweak,$tweak,$tmp 3224 xxlor 32+$in3, 0, 0 3225 vpermxor $tweak, $tweak, $tmp, $in3 3187 3226 3188 3227 lvx_u $in3,$x30,$inp … … 3191 3230 vsrab $tmp,$tweak,$seven # next tweak value 3192 3231 vaddubm $tweak,$tweak,$tweak 3193 vsldoi $tmp,$tmp,$tmp,153194 3232 le?vperm $in3,$in3,$in3,$leperm 3195 3233 vand $tmp,$tmp,$eighty7 3196 3234 vxor $out3,$in3,$twk3 3197 vxor $tweak,$tweak,$tmp 3235 xxlor 32+$in4, 0, 0 3236 vpermxor $tweak, $tweak, $tmp, $in4 3198 3237 3199 3238 lvx_u $in4,$x40,$inp … … 3202 3241 vsrab $tmp,$tweak,$seven # next tweak value 3203 3242 vaddubm $tweak,$tweak,$tweak 3204 vsldoi $tmp,$tmp,$tmp,153205 3243 le?vperm $in4,$in4,$in4,$leperm 3206 3244 vand $tmp,$tmp,$eighty7 3207 3245 vxor $out4,$in4,$twk4 3208 vxor $tweak,$tweak,$tmp 3246 xxlor 32+$in5, 0, 0 3247 vpermxor $tweak, $tweak, $tmp, $in5 3209 3248 3210 3249 lvx_u $in5,$x50,$inp … … 3213 3252 vsrab $tmp,$tweak,$seven # next tweak value 3214 3253 vaddubm $tweak,$tweak,$tweak 3215 vsldoi $tmp,$tmp,$tmp,153216 3254 le?vperm $in5,$in5,$in5,$leperm 3217 3255 vand $tmp,$tmp,$eighty7 3218 3256 vxor $out5,$in5,$twk5 3219 vxor $tweak,$tweak,$tmp 3257 xxlor 32+$in0, 0, 0 3258 vpermxor $tweak, $tweak, $tmp, $in0 3220 3259 3221 3260 vxor v31,v31,$rndkey0 … … 3243 3282 bdnz Loop_xts_dec6x 3244 3283 3284 xxlor 32+$eighty7, 1, 1 3285 3245 3286 subic $len,$len,96 # $len-=96 3246 3287 vxor $in0,$twk0,v31 # xor with last round key … … 3252 3293 vncipher $out2,$out2,v24 3253 3294 vncipher $out3,$out3,v24 3254 vsldoi $tmp,$tmp,$tmp,153255 3295 vncipher $out4,$out4,v24 3256 3296 vncipher $out5,$out5,v24 … … 3260 3300 vncipher $out0,$out0,v25 3261 3301 vncipher $out1,$out1,v25 3262 vxor $tweak,$tweak,$tmp 3302 xxlor 32+$in1, 0, 0 3303 vpermxor $tweak, $tweak, $tmp, $in1 3263 3304 vncipher $out2,$out2,v25 3264 3305 vncipher $out3,$out3,v25 … … 3271 3312 and r0,r0,$len 3272 3313 vaddubm $tweak,$tweak,$tweak 3273 vsldoi $tmp,$tmp,$tmp,153274 3314 vncipher $out0,$out0,v26 3275 3315 vncipher $out1,$out1,v26 … … 3277 3317 vncipher $out2,$out2,v26 3278 3318 vncipher $out3,$out3,v26 3279 vxor $tweak,$tweak,$tmp 3319 xxlor 32+$in2, 0, 0 3320 vpermxor $tweak, $tweak, $tmp, $in2 3280 3321 vncipher $out4,$out4,v26 3281 3322 vncipher $out5,$out5,v26 … … 3291 3332 vncipher $out0,$out0,v27 3292 3333 vncipher $out1,$out1,v27 3293 vsldoi $tmp,$tmp,$tmp,153294 3334 vncipher $out2,$out2,v27 3295 3335 vncipher $out3,$out3,v27 … … 3299 3339 3300 3340 addi $key_,$sp,$FRAME+15 # rewind $key_ 3301 vxor $tweak,$tweak,$tmp 3341 xxlor 32+$in3, 0, 0 3342 vpermxor $tweak, $tweak, $tmp, $in3 3302 3343 vncipher $out0,$out0,v28 3303 3344 vncipher $out1,$out1,v28 … … 3308 3349 vncipher $out3,$out3,v28 3309 3350 vaddubm $tweak,$tweak,$tweak 3310 vsldoi $tmp,$tmp,$tmp,153311 3351 vncipher $out4,$out4,v28 3312 3352 vncipher $out5,$out5,v28 … … 3316 3356 vncipher $out0,$out0,v29 3317 3357 vncipher $out1,$out1,v29 3318 vxor $tweak,$tweak,$tmp 3358 xxlor 32+$in4, 0, 0 3359 vpermxor $tweak, $tweak, $tmp, $in4 3319 3360 vncipher $out2,$out2,v29 3320 3361 vncipher $out3,$out3,v29 … … 3326 3367 lvx v25,$x10,$key_ # re-pre-load round[2] 3327 3368 vaddubm $tweak,$tweak,$tweak 3328 vsldoi $tmp,$tmp,$tmp,153329 3369 3330 3370 vncipher $out0,$out0,v30 … … 3333 3373 vncipher $out2,$out2,v30 3334 3374 vncipher $out3,$out3,v30 3335 vxor $tweak,$tweak,$tmp 3375 xxlor 32+$in5, 0, 0 3376 vpermxor $tweak, $tweak, $tmp, $in5 3336 3377 vncipher $out4,$out4,v30 3337 3378 vncipher $out5,$out5,v30 … … 3343 3384 lvx_u $in0,$x00,$inp # load next input block 3344 3385 vaddubm $tweak,$tweak,$tweak 3345 vsldoi $tmp,$tmp,$tmp,153346 3386 vncipherlast $out1,$out1,$in1 3347 3387 lvx_u $in1,$x10,$inp … … 3356 3396 le?vperm $in2,$in2,$in2,$leperm 3357 3397 lvx_u $in4,$x40,$inp 3358 vxor $tweak,$tweak,$tmp 3398 xxlor 10, 32+$in0, 32+$in0 3399 xxlor 32+$in0, 0, 0 3400 vpermxor $tweak, $tweak, $tmp, $in0 3401 xxlor 32+$in0, 10, 10 3359 3402 vncipherlast $out5,$out5,$in5 3360 3403 le?vperm $in3,$in3,$in3,$leperm … … 3387 3430 beq Loop_xts_dec6x # did $len-=96 borrow? 3388 3431 3432 xxlor 32+$eighty7, 2, 2 3433 3389 3434 addic. $len,$len,0x60 3390 3435 beq Lxts_dec6x_zero -
trunk/src/libs/openssl-3.1.7/crypto/aes/build.info
r104078 r105945 39 39 $AESDEF_parisc20_64=$AESDEF_parisc11 40 40 41 IF[{- $target{sys_id} ne "MACOSX" -}] 41 42 $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s 43 ELSE 44 $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s 45 ENDIF 42 46 $AESDEF_ppc32=AES_ASM VPAES_ASM 43 47 $AESASM_ppc64=$AESASM_ppc32 … … 84 88 # added again. 85 89 IF[{- !$disabled{module} && !$disabled{shared} -}] 86 DEFINE[../ providers/liblegacy.a]=$AESDEF90 DEFINE[../../providers/liblegacy.a]=$AESDEF 87 91 ENDIF 88 92 -
trunk/src/libs/openssl-3.1.7/crypto/asn1/a_d2i_fp.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 149 149 } 150 150 len += i; 151 if ((size_t)i < want) 152 continue; 153 151 154 } 152 155 } -
trunk/src/libs/openssl-3.1.7/crypto/asn1/a_mbstr.c
r104078 r105945 1 1 /* 2 * Copyright 1999-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 140 140 free_out = 0; 141 141 dest = *out; 142 OPENSSL_free(dest->data); 143 dest->data = NULL; 144 dest->length = 0; 142 ASN1_STRING_set0(dest, NULL, 0); 145 143 dest->type = str_type; 146 144 } else { … … 156 154 if (inform == outform) { 157 155 if (!ASN1_STRING_set(dest, in, len)) { 156 if (free_out) { 157 ASN1_STRING_free(dest); 158 *out = NULL; 159 } 158 160 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 159 161 return -1; … … 186 188 } 187 189 if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { 188 if (free_out) 190 if (free_out) { 189 191 ASN1_STRING_free(dest); 192 *out = NULL; 193 } 190 194 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 191 195 return -1; -
trunk/src/libs/openssl-3.1.7/crypto/asn1/a_strex.c
r104078 r105945 1 1 /* 2 * Copyright 2000-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 11 11 #include <string.h> 12 12 #include "internal/cryptlib.h" 13 #include "internal/sizes.h" 13 14 #include "crypto/asn1.h" 14 15 #include <openssl/crypto.h> … … 346 347 if (lflags & ASN1_STRFLGS_SHOW_TYPE) { 347 348 const char *tagname; 349 348 350 tagname = ASN1_tag2str(type); 349 outlen += strlen(tagname); 351 /* We can directly cast here as tagname will never be too large. */ 352 outlen += (int)strlen(tagname); 350 353 if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) 351 354 return -1; … … 373 376 if (type == -1) { 374 377 len = do_dump(lflags, io_ch, arg, str); 375 if (len < 0 )378 if (len < 0 || len > INT_MAX - outlen) 376 379 return -1; 377 380 outlen += len; … … 392 395 393 396 len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); 394 if (len < 0 )397 if (len < 0 || len > INT_MAX - 2 - outlen) 395 398 return -1; 396 399 outlen += len; -
trunk/src/libs/openssl-3.1.7/crypto/asn1/a_verify.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 204 204 if (inl <= 0) { 205 205 ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); 206 ret = -1; 206 207 goto err; 207 208 } 208 209 if (buf_in == NULL) { 209 210 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 211 ret = -1; 210 212 goto err; 211 213 } -
trunk/src/libs/openssl-3.1.7/crypto/asn1/tasn_fre.c
r104078 r105945 1 1 /* 2 * Copyright 2000-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 86 86 case ASN1_ITYPE_NDEF_SEQUENCE: 87 87 case ASN1_ITYPE_SEQUENCE: 88 if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ 89 return; 88 if (ossl_asn1_do_lock(pval, -1, it) != 0) { 89 /* if error or ref-counter > 0 */ 90 OPENSSL_assert(embed == 0); 91 *pval = NULL; 92 return; 93 } 90 94 if (asn1_cb) { 91 95 i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); -
trunk/src/libs/openssl-3.1.7/crypto/bio/bf_readbuff.c
r104078 r105945 1 1 /* 2 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 223 223 int i, j; 224 224 225 if ( size == 0)225 if (buf == NULL || size == 0) 226 226 return 0; 227 227 --size; /* the passed in size includes the terminator - so remove it here */ 228 228 ctx = (BIO_F_BUFFER_CTX *)b->ptr; 229 230 if (ctx == NULL || b->next_bio == NULL) 231 return 0; 229 232 BIO_clear_retry_flags(b); 230 233 -
trunk/src/libs/openssl-3.1.7/crypto/bio/bio_addr.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 779 779 if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) { 780 780 ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE); 781 ret = 0; 782 goto err; 783 } 784 785 if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) { 786 ret = 0; 787 goto err; 788 } 781 return 0; 782 } 783 784 if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) 785 return 0; 786 789 787 he_fallback_address = INADDR_ANY; 790 788 if (host == NULL) { -
trunk/src/libs/openssl-3.1.7/crypto/bio/bio_lib.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 870 870 871 871 #ifndef OPENSSL_NO_SOCK 872 if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE) 873 return BIO_socket_wait(fd, BIO_should_read(bio), max_time); 872 if (BIO_get_fd(bio, &fd) > 0) { 873 int ret = BIO_socket_wait(fd, BIO_should_read(bio), max_time); 874 875 if (ret != -1) 876 return ret; 877 } 874 878 #endif 875 879 /* fall back to polling since no sockets are available */ -
trunk/src/libs/openssl-3.1.7/crypto/bio/bio_sock.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 397 397 time_t now; 398 398 399 #ifdef _WIN32 400 if ((SOCKET)fd == INVALID_SOCKET) 401 #else 399 402 if (fd < 0 || fd >= FD_SETSIZE) 403 #endif 400 404 return -1; 401 405 if (max_time == 0) -
trunk/src/libs/openssl-3.1.7/crypto/bn/bn_lib.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 619 619 BN_ULONG t1, t2, *ap, *bp; 620 620 621 ap = a->d; 622 bp = b->d; 623 624 if (BN_get_flags(a, BN_FLG_CONSTTIME) 625 && a->top == b->top) { 626 int res = 0; 627 628 for (i = 0; i < b->top; i++) { 629 res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]), 630 -1, res); 631 res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]), 632 1, res); 633 } 634 return res; 635 } 636 621 637 bn_check_top(a); 622 638 bn_check_top(b); … … 625 641 if (i != 0) 626 642 return i; 627 ap = a->d; 628 bp = b->d; 643 629 644 for (i = a->top - 1; i >= 0; i--) { 630 645 t1 = ap[i]; … … 738 753 } 739 754 740 int BN_mask_bits(BIGNUM *a, int n)755 int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n) 741 756 { 742 757 int b, w; 743 758 744 bn_check_top(a);745 759 if (n < 0) 746 760 return 0; … … 756 770 a->d[w] &= ~(BN_MASK2 << b); 757 771 } 758 bn_correct_top(a);772 a->flags |= BN_FLG_FIXED_TOP; 759 773 return 1; 774 } 775 776 int BN_mask_bits(BIGNUM *a, int n) 777 { 778 int ret; 779 780 bn_check_top(a); 781 ret = ossl_bn_mask_bits_fixed_top(a, n); 782 if (ret) 783 bn_correct_top(a); 784 return ret; 760 785 } 761 786 … … 933 958 } 934 959 960 int ossl_bn_is_word_fixed_top(const BIGNUM *a, BN_ULONG w) 961 { 962 int res, i; 963 const BN_ULONG *ap = a->d; 964 965 if (a->neg || a->top == 0) 966 return 0; 967 968 res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0); 969 970 for (i = 1; i < a->top; i++) 971 res = constant_time_select_int(constant_time_is_zero_bn(ap[i]), 972 res, 0); 973 return res; 974 } 975 935 976 int BN_is_odd(const BIGNUM *a) 936 977 { -
trunk/src/libs/openssl-3.1.7/crypto/bn/bn_rand.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 187 187 do { 188 188 /* range = 11..._2 or range = 101..._2 */ 189 if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0,190 ctx))189 if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 190 strength, ctx)) 191 191 return 0; 192 192 … … 241 241 #endif 242 242 243 int ossl_bn_priv_rand_range_fixed_top(BIGNUM *r, const BIGNUM *range, 244 unsigned int strength, BN_CTX *ctx) 245 { 246 int n; 247 int count = 100; 248 249 if (r == NULL) { 250 ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER); 251 return 0; 252 } 253 254 if (range->neg || BN_is_zero(range)) { 255 ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE); 256 return 0; 257 } 258 259 n = BN_num_bits(range); /* n > 0 */ 260 261 /* BN_is_bit_set(range, n - 1) always holds */ 262 263 if (n == 1) { 264 BN_zero(r); 265 } else { 266 BN_set_flags(r, BN_FLG_CONSTTIME); 267 do { 268 if (!bnrand(PRIVATE, r, n + 1, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY, 269 strength, ctx)) 270 return 0; 271 272 if (!--count) { 273 ERR_raise(ERR_LIB_BN, BN_R_TOO_MANY_ITERATIONS); 274 return 0; 275 } 276 ossl_bn_mask_bits_fixed_top(r, n); 277 } 278 while (BN_ucmp(r, range) >= 0); 279 #ifdef BN_DEBUG 280 /* With BN_DEBUG on a fixed top number cannot be returned */ 281 bn_correct_top(r); 282 #endif 283 } 284 285 return 1; 286 } 287 243 288 /* 244 * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike245 * BN_rand_range, it also includes the contents of |priv| and |message| in246 * the generation so that an RNG failure isn't fatal as long as |priv|289 * ossl_bn_gen_dsa_nonce_fixed_top generates a random number 0 <= out < range. 290 * Unlike BN_rand_range, it also includes the contents of |priv| and |message| 291 * in the generation so that an RNG failure isn't fatal as long as |priv| 247 292 * remains secret. This is intended for use in DSA and ECDSA where an RNG 248 293 * weakness leads directly to private key exposure unless this function is 249 294 * used. 250 295 */ 251 int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, 252 const BIGNUM *priv, const unsigned char *message, 253 size_t message_len, BN_CTX *ctx) 296 int ossl_bn_gen_dsa_nonce_fixed_top(BIGNUM *out, const BIGNUM *range, 297 const BIGNUM *priv, 298 const unsigned char *message, 299 size_t message_len, BN_CTX *ctx) 254 300 { 255 301 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); … … 261 307 unsigned char digest[SHA512_DIGEST_LENGTH]; 262 308 unsigned done, todo; 263 /* We generate |range|+ 8bytes of random output. */264 const unsigned num_k_bytes = BN_num_bytes(range) + 8;309 /* We generate |range|+1 bytes of random output. */ 310 const unsigned num_k_bytes = BN_num_bytes(range) + 1; 265 311 unsigned char private_bytes[96]; 266 312 unsigned char *k_bytes = NULL; 313 const int max_n = 64; /* Pr(failure to generate) < 2^max_n */ 314 int n; 267 315 int ret = 0; 268 316 EVP_MD *md = NULL; … … 270 318 271 319 if (mdctx == NULL) 272 goto e rr;320 goto end; 273 321 274 322 k_bytes = OPENSSL_malloc(num_k_bytes); 275 323 if (k_bytes == NULL) 276 goto err; 324 goto end; 325 /* Ensure top byte is set to avoid non-constant time in bin2bn */ 326 k_bytes[0] = 0xff; 277 327 278 328 /* We copy |priv| into a local buffer to avoid exposing its length. */ … … 284 334 */ 285 335 ERR_raise(ERR_LIB_BN, BN_R_PRIVATE_KEY_TOO_LARGE); 286 goto e rr;336 goto end; 287 337 } 288 338 … … 290 340 if (md == NULL) { 291 341 ERR_raise(ERR_LIB_BN, BN_R_NO_SUITABLE_DIGEST); 292 goto err; 293 } 294 for (done = 0; done < num_k_bytes;) { 295 if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 0) <= 0) 296 goto err; 297 298 if (!EVP_DigestInit_ex(mdctx, md, NULL) 299 || !EVP_DigestUpdate(mdctx, &done, sizeof(done)) 300 || !EVP_DigestUpdate(mdctx, private_bytes, 301 sizeof(private_bytes)) 302 || !EVP_DigestUpdate(mdctx, message, message_len) 303 || !EVP_DigestUpdate(mdctx, random_bytes, sizeof(random_bytes)) 304 || !EVP_DigestFinal_ex(mdctx, digest, NULL)) 305 goto err; 306 307 todo = num_k_bytes - done; 308 if (todo > SHA512_DIGEST_LENGTH) 309 todo = SHA512_DIGEST_LENGTH; 310 memcpy(k_bytes + done, digest, todo); 311 done += todo; 312 } 313 314 if (!BN_bin2bn(k_bytes, num_k_bytes, out)) 315 goto err; 316 if (BN_mod(out, out, range, ctx) != 1) 317 goto err; 318 ret = 1; 319 320 err: 342 goto end; 343 } 344 for (n = 0; n < max_n; n++) { 345 unsigned char i = 0; 346 347 for (done = 1; done < num_k_bytes;) { 348 if (RAND_priv_bytes_ex(libctx, random_bytes, sizeof(random_bytes), 349 0) <= 0) 350 goto end; 351 352 if (!EVP_DigestInit_ex(mdctx, md, NULL) 353 || !EVP_DigestUpdate(mdctx, &i, sizeof(i)) 354 || !EVP_DigestUpdate(mdctx, private_bytes, 355 sizeof(private_bytes)) 356 || !EVP_DigestUpdate(mdctx, message, message_len) 357 || !EVP_DigestUpdate(mdctx, random_bytes, 358 sizeof(random_bytes)) 359 || !EVP_DigestFinal_ex(mdctx, digest, NULL)) 360 goto end; 361 362 todo = num_k_bytes - done; 363 if (todo > SHA512_DIGEST_LENGTH) 364 todo = SHA512_DIGEST_LENGTH; 365 memcpy(k_bytes + done, digest, todo); 366 done += todo; 367 ++i; 368 } 369 370 if (!BN_bin2bn(k_bytes, num_k_bytes, out)) 371 goto end; 372 373 /* Clear out the top bits and rejection filter into range */ 374 BN_set_flags(out, BN_FLG_CONSTTIME); 375 ossl_bn_mask_bits_fixed_top(out, BN_num_bits(range)); 376 377 if (BN_ucmp(out, range) < 0) { 378 ret = 1; 379 #ifdef BN_DEBUG 380 /* With BN_DEBUG on a fixed top number cannot be returned */ 381 bn_correct_top(out); 382 #endif 383 goto end; 384 } 385 } 386 /* Failed to generate anything */ 387 ERR_raise(ERR_LIB_BN, ERR_R_INTERNAL_ERROR); 388 389 end: 321 390 EVP_MD_CTX_free(mdctx); 322 391 EVP_MD_free(md); … … 327 396 return ret; 328 397 } 398 399 int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, 400 const BIGNUM *priv, const unsigned char *message, 401 size_t message_len, BN_CTX *ctx) 402 { 403 int ret; 404 405 ret = ossl_bn_gen_dsa_nonce_fixed_top(out, range, priv, message, 406 message_len, ctx); 407 /* 408 * This call makes the BN_generate_dsa_nonce non-const-time, thus we 409 * do not use it internally. But fixed_top BNs currently cannot be returned 410 * from public API calls. 411 */ 412 bn_correct_top(out); 413 return ret; 414 } -
trunk/src/libs/openssl-3.1.7/crypto/bn/bn_shift.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 157 157 } 158 158 159 bn_check_top(r); 160 bn_check_top(a); 161 159 162 ret = bn_rshift_fixed_top(r, a, n); 160 163 … … 178 181 BN_ULONG l, m, mask; 179 182 180 bn_check_top(r);181 bn_check_top(a);182 183 183 assert(n >= 0); 184 184 -
trunk/src/libs/openssl-3.1.7/crypto/conf/conf_def.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 333 333 v = NULL; 334 334 /* check for line continuation */ 335 if ( bufnum >= 1) {335 if (!again && bufnum >= 1) { 336 336 /* 337 337 * If we have bytes and the last char '\\' and second last char -
trunk/src/libs/openssl-3.1.7/crypto/conf/conf_lib.c
r104078 r105945 1 1 /* 2 * Copyright 2000-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 465 465 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) 466 466 { 467 if (settings == NULL) 468 return; 469 467 470 free(settings->filename); 468 471 free(settings->appname); -
trunk/src/libs/openssl-3.1.7/crypto/conf/conf_sap.c
r104078 r105945 1 1 /* 2 * Copyright 2002-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 39 39 settings.flags = DEFAULT_CONF_MFLAGS; 40 40 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); 41 42 free(settings.appname); 41 43 } 42 44 #endif -
trunk/src/libs/openssl-3.1.7/crypto/context.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 440 440 void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx) 441 441 { 442 if ( ossl_lib_ctx_is_default(ctx))442 if (ctx == NULL || ossl_lib_ctx_is_default(ctx)) 443 443 return; 444 444 -
trunk/src/libs/openssl-3.1.7/crypto/dsa/dsa_check.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 20 20 #include "crypto/dsa.h" 21 21 22 static int dsa_precheck_params(const DSA *dsa, int *ret) 23 { 24 if (dsa->params.p == NULL || dsa->params.q == NULL) { 25 ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); 26 *ret = FFC_CHECK_INVALID_PQ; 27 return 0; 28 } 29 30 if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { 31 ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); 32 *ret = FFC_CHECK_INVALID_PQ; 33 return 0; 34 } 35 36 if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) { 37 ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); 38 *ret = FFC_CHECK_INVALID_PQ; 39 return 0; 40 } 41 42 return 1; 43 } 44 22 45 int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) 23 46 { 47 if (!dsa_precheck_params(dsa, ret)) 48 return 0; 49 24 50 if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) 25 51 return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, … … 40 66 int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) 41 67 { 68 if (!dsa_precheck_params(dsa, ret)) 69 return 0; 70 42 71 return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) 43 72 && *ret == 0; … … 51 80 int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) 52 81 { 82 if (!dsa_precheck_params(dsa, ret)) 83 return 0; 84 53 85 return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) 54 86 && *ret == 0; … … 59 91 *ret = 0; 60 92 61 return (dsa->params.q != NULL 62 && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); 93 if (!dsa_precheck_params(dsa, ret)) 94 return 0; 95 96 return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret); 63 97 } 64 98 … … 73 107 BIGNUM *pub_key = NULL; 74 108 75 if (dsa->params.p == NULL 76 || dsa->params.g == NULL 109 if (!dsa_precheck_params(dsa, &ret)) 110 return 0; 111 112 if (dsa->params.g == NULL 77 113 || dsa->priv_key == NULL 78 114 || dsa->pub_key == NULL) -
trunk/src/libs/openssl-3.1.7/crypto/dsa/dsa_ossl.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 263 263 * This protects the private key from a weak PRNG. 264 264 */ 265 if (!BN_generate_dsa_nonce(k, dsa->params.q, dsa->priv_key, dgst, 266 dlen, ctx)) 265 if (!ossl_bn_gen_dsa_nonce_fixed_top(k, dsa->params.q, 266 dsa->priv_key, dgst, 267 dlen, ctx)) 267 268 goto err; 268 } else if (! BN_priv_rand_range_ex(k, dsa->params.q, 0, ctx))269 goto err; 270 } while ( BN_is_zero(k));269 } else if (!ossl_bn_priv_rand_range_fixed_top(k, dsa->params.q, 0, ctx)) 270 goto err; 271 } while (ossl_bn_is_word_fixed_top(k, 0)); 271 272 272 273 BN_set_flags(k, BN_FLG_CONSTTIME); -
trunk/src/libs/openssl-3.1.7/crypto/dsa/dsa_sign.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 157 157 DSA_SIG *s; 158 158 159 if (sig == NULL) { 160 *siglen = DSA_size(dsa); 161 return 1; 162 } 163 159 164 /* legacy case uses the method table */ 160 165 if (dsa->libctx == NULL || dsa->meth != DSA_get_default_method()) … … 166 171 return 0; 167 172 } 168 *siglen = i2d_DSA_SIG(s, sig != NULL ? &sig : NULL);173 *siglen = i2d_DSA_SIG(s, &sig); 169 174 DSA_SIG_free(s); 170 175 return 1; -
trunk/src/libs/openssl-3.1.7/crypto/ec/build.info
r104078 r105945 78 78 # has, and doesn't need it added again. 79 79 IF[{- !$disabled{module} && !$disabled{shared} -}] 80 DEFINE[../ providers/liblegacy.a]=$ECDEF80 DEFINE[../../providers/liblegacy.a]=$ECDEF 81 81 ENDIF 82 82 -
trunk/src/libs/openssl-3.1.7/crypto/ec/curve448/arch_64/f_impl64.c
r104078 r105945 1 1 /* 2 * Copyright 2017-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2014 Cryptography Research, Inc. 4 4 * … … 46 46 } 47 47 for (; j < 4; j++) { 48 accum2 += widemul(a[j], b[i - j + 8]);49 accum1 += widemul(aa[j], bbb[i - j + 4]);50 accum0 += widemul(a[j + 4], bb[i - j + 4]);48 accum2 += widemul(a[j], b[i + 8 - j]); 49 accum1 += widemul(aa[j], bbb[i + 4 - j]); 50 accum0 += widemul(a[j + 4], bb[i + 4 - j]); 51 51 } 52 52 -
trunk/src/libs/openssl-3.1.7/crypto/ec/ecdsa_ossl.c
r104078 r105945 1 1 /* 2 * Copyright 2002-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 71 71 ECDSA_SIG *s; 72 72 73 if (sig == NULL && (kinv == NULL || r == NULL)) { 74 *siglen = ECDSA_size(eckey); 75 return 1; 76 } 77 73 78 s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey); 74 79 if (s == NULL) { … … 126 131 goto err; 127 132 } 128 order = EC_GROUP_get0_order(group); 133 134 if ((order = EC_GROUP_get0_order(group)) == NULL) { 135 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 136 goto err; 137 } 129 138 130 139 /* Preallocate space */ … … 141 150 do { 142 151 if (dgst != NULL) { 143 if (! BN_generate_dsa_nonce(k, order, priv_key,144 dgst, dlen, ctx)) {152 if (!ossl_bn_gen_dsa_nonce_fixed_top(k, order, priv_key, 153 dgst, dlen, ctx)) { 145 154 ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); 146 155 goto err; 147 156 } 148 157 } else { 149 if (! BN_priv_rand_range_ex(k, order, 0, ctx)) {158 if (!ossl_bn_priv_rand_range_fixed_top(k, order, 0, ctx)) { 150 159 ERR_raise(ERR_LIB_EC, EC_R_RANDOM_NUMBER_GENERATION_FAILED); 151 160 goto err; 152 161 } 153 162 } 154 } while ( BN_is_zero(k));163 } while (ossl_bn_is_word_fixed_top(k, 0)); 155 164 156 165 /* compute r the x-coordinate of generator * k */ … … 251 260 } 252 261 253 order = EC_GROUP_get0_order(group); 262 if ((order = EC_GROUP_get0_order(group)) == NULL) { 263 ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); 264 goto err; 265 } 266 254 267 i = BN_num_bits(order); 255 268 /* -
trunk/src/libs/openssl-3.1.7/crypto/encode_decode/encoder_lib.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 57 57 "at least one of the default or base providers " 58 58 "available. Did you forget to load them?"); 59 return 0; 60 } 61 62 if (ctx->cleanup == NULL || ctx->construct == NULL) { 63 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_INIT_FAIL); 59 64 return 0; 60 65 } -
trunk/src/libs/openssl-3.1.7/crypto/engine/eng_pkey.c
r104078 r105945 1 1 /* 2 * Copyright 2001-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 81 81 return NULL; 82 82 } 83 /* We enforce check for legacy key */84 switch (EVP_PKEY_get_id(pkey)) {85 case EVP_PKEY_RSA:86 {87 RSA *rsa = EVP_PKEY_get1_RSA(pkey);88 EVP_PKEY_set1_RSA(pkey, rsa);89 RSA_free(rsa);90 }91 break;92 # ifndef OPENSSL_NO_EC93 case EVP_PKEY_SM2:94 case EVP_PKEY_EC:95 {96 EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);97 EVP_PKEY_set1_EC_KEY(pkey, ec);98 EC_KEY_free(ec);99 }100 break;101 # endif102 # ifndef OPENSSL_NO_DSA103 case EVP_PKEY_DSA:104 {105 DSA *dsa = EVP_PKEY_get1_DSA(pkey);106 EVP_PKEY_set1_DSA(pkey, dsa);107 DSA_free(dsa);108 }109 break;110 #endif111 # ifndef OPENSSL_NO_DH112 case EVP_PKEY_DH:113 {114 DH *dh = EVP_PKEY_get1_DH(pkey);115 EVP_PKEY_set1_DH(pkey, dh);116 DH_free(dh);117 }118 break;119 #endif120 default:121 /*Do nothing */122 break;123 }124 125 83 return pkey; 126 84 } -
trunk/src/libs/openssl-3.1.7/crypto/engine/eng_table.c
r104078 r105945 1 1 /* 2 * Copyright 2001-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 216 216 return NULL; 217 217 } 218 219 if (!CRYPTO_THREAD_write_lock(global_engine_lock)) 220 return NULL; 221 218 222 ERR_set_mark(); 219 if (!CRYPTO_THREAD_write_lock(global_engine_lock))220 goto end;221 223 /* 222 224 * Check again inside the lock otherwise we could race against cleanup -
trunk/src/libs/openssl-3.1.7/crypto/err/openssl.ec
r104078 r105945 77 77 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 78 78 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 79 R TLS1_AD_UNKNOWN_PSK_IDENTITY111579 R SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 80 80 R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 81 R TLS1_AD_NO_APPLICATION_PROTOCOL112081 R SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 -
trunk/src/libs/openssl-3.1.7/crypto/ess/ess_lib.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 294 294 295 295 if (require_signing_cert && ss == NULL && ssv2 == NULL) { 296 ERR_raise(ERR_LIB_ CMS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE);296 ERR_raise(ERR_LIB_ESS, ESS_R_MISSING_SIGNING_CERTIFICATE_ATTRIBUTE); 297 297 return -1; 298 298 } -
trunk/src/libs/openssl-3.1.7/crypto/evp/ctrl_params_translate.c
r104078 r105945 1 1 /* 2 * Copyright 2021-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 2778 2778 int ret; 2779 2779 2780 tmpl.action_type = action_type;2780 ctx.action_type = tmpl.action_type = action_type; 2781 2781 tmpl.keytype1 = tmpl.keytype2 = keytype; 2782 2782 tmpl.optype = optype; … … 2787 2787 if (translation->fixup_args != NULL) 2788 2788 fixup = translation->fixup_args; 2789 ctx.action_type = translation->action_type;2790 2789 ctx.ctrl_cmd = translation->ctrl_num; 2791 2790 } -
trunk/src/libs/openssl-3.1.7/crypto/evp/digest.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 423 423 /* Code below to be removed when legacy support is dropped. */ 424 424 legacy: 425 return ctx->update (ctx, data, count);425 return ctx->update != NULL ? ctx->update(ctx, data, count) : 0; 426 426 } 427 427 -
trunk/src/libs/openssl-3.1.7/crypto/evp/keymgmt_lib.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 244 244 * A comparison and sk_P_CACHE_ELEM_find() are avoided to not cause 245 245 * problems when we've only a read lock. 246 * A keymgmt is a match if the |keymgmt| pointers are identical or if the 247 * provider and the name ID match 246 248 */ 247 249 for (i = 0; i < end; i++) { 248 250 p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); 249 if (keymgmt == p->keymgmt && (p->selection & selection) == selection) 251 if ((p->selection & selection) == selection 252 && (keymgmt == p->keymgmt 253 || (keymgmt->name_id == p->keymgmt->name_id 254 && keymgmt->prov == p->keymgmt->prov))) 250 255 return p; 251 256 } -
trunk/src/libs/openssl-3.1.7/crypto/evp/names.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 79 79 OSSL_NAMEMAP *namemap; 80 80 int id; 81 int do_retry = 1; 81 82 82 83 if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) … … 95 96 96 97 namemap = ossl_namemap_stored(libctx); 98 retry: 97 99 id = ossl_namemap_name2num(namemap, name); 98 if (id == 0) 99 return NULL; 100 if (id == 0) { 101 EVP_CIPHER *fetched_cipher; 102 103 /* Try to fetch it because the name might not be known yet. */ 104 if (!do_retry) 105 return NULL; 106 do_retry = 0; 107 ERR_set_mark(); 108 fetched_cipher = EVP_CIPHER_fetch(libctx, name, NULL); 109 EVP_CIPHER_free(fetched_cipher); 110 ERR_pop_to_mark(); 111 goto retry; 112 } 100 113 101 114 if (!ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp)) … … 125 138 OSSL_NAMEMAP *namemap; 126 139 int id; 140 int do_retry = 1; 127 141 128 142 if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) … … 141 155 142 156 namemap = ossl_namemap_stored(libctx); 157 retry: 143 158 id = ossl_namemap_name2num(namemap, name); 144 if (id == 0) 145 return NULL; 159 if (id == 0) { 160 EVP_MD *fetched_md; 161 162 /* Try to fetch it because the name might not be known yet. */ 163 if (!do_retry) 164 return NULL; 165 do_retry = 0; 166 ERR_set_mark(); 167 fetched_md = EVP_MD_fetch(libctx, name, NULL); 168 EVP_MD_free(fetched_md); 169 ERR_pop_to_mark(); 170 goto retry; 171 } 146 172 147 173 if (!ossl_namemap_doall_names(namemap, id, digest_from_name, &dp)) -
trunk/src/libs/openssl-3.1.7/crypto/evp/p_lib.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 1903 1903 * that export doesn't need to be redone. In that case, we take 1904 1904 * token copies of the cached pointers, to have token success 1905 * values to return. 1905 * values to return. It is possible (e.g. in a no-cached-fetch 1906 * build), for op->keymgmt to be a different pointer to tmp_keymgmt 1907 * even though the name/provider must be the same. In other words 1908 * the keymgmt instance may be different but still equivalent, i.e. 1909 * same algorithm/provider instance - but we make the simplifying 1910 * assumption that the keydata can be used with either keymgmt 1911 * instance. Not doing so introduces significant complexity and 1912 * probably requires refactoring - since we would have to ripple 1913 * the change in keymgmt instance up the call chain. 1906 1914 */ 1907 1915 if (op != NULL && op->keymgmt != NULL) { -
trunk/src/libs/openssl-3.1.7/crypto/evp/pmeth_lib.c
r104078 r105945 1 1 /* 2 * Copyright 2006-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 1029 1029 } 1030 1030 1031 static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback, 1032 const char *param, int op, int ctrl, 1033 const unsigned char *data, 1034 int datalen) 1035 { 1036 OSSL_PARAM os_params[2]; 1037 const OSSL_PARAM *gettables; 1038 unsigned char *info = NULL; 1039 size_t info_len = 0; 1040 size_t info_alloc = 0; 1041 int ret = 0; 1042 1043 if (ctx == NULL || (ctx->operation & op) == 0) { 1044 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); 1045 /* Uses the same return values as EVP_PKEY_CTX_ctrl */ 1046 return -2; 1047 } 1048 1049 /* Code below to be removed when legacy support is dropped. */ 1050 if (fallback) 1051 return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, datalen, (void *)(data)); 1052 /* end of legacy support */ 1053 1054 if (datalen < 0) { 1055 ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); 1056 return 0; 1057 } else if (datalen == 0) { 1058 return 1; 1059 } 1060 1061 /* Check for older provider that doesn't support getting this parameter */ 1062 gettables = EVP_PKEY_CTX_gettable_params(ctx); 1063 if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL) 1064 return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, 1065 data, datalen); 1066 1067 /* Get the original value length */ 1068 os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0); 1069 os_params[1] = OSSL_PARAM_construct_end(); 1070 1071 if (!EVP_PKEY_CTX_get_params(ctx, os_params)) 1072 return 0; 1073 1074 /* This should not happen but check to be sure. */ 1075 if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED) 1076 return 0; 1077 1078 info_alloc = os_params[0].return_size + datalen; 1079 if (info_alloc == 0) 1080 return 0; 1081 info = OPENSSL_zalloc(info_alloc); 1082 if (info == NULL) 1083 return 0; 1084 info_len = os_params[0].return_size; 1085 1086 os_params[0] = OSSL_PARAM_construct_octet_string(param, info, info_alloc); 1087 1088 /* if we have data, then go get it */ 1089 if (info_len > 0) { 1090 if (!EVP_PKEY_CTX_get_params(ctx, os_params)) 1091 goto error; 1092 } 1093 1094 /* Copy the input data */ 1095 memcpy(&info[info_len], data, datalen); 1096 ret = EVP_PKEY_CTX_set_params(ctx, os_params); 1097 1098 error: 1099 OPENSSL_clear_free(info, info_alloc); 1100 return ret; 1101 } 1102 1031 1103 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *ctx, 1032 1104 const unsigned char *sec, int seclen) … … 1079 1151 const unsigned char *info, int infolen) 1080 1152 { 1081 return evp_pkey_ctx_ set1_octet_string(ctx, ctx->op.kex.algctx == NULL,1153 return evp_pkey_ctx_add1_octet_string(ctx, ctx->op.kex.algctx == NULL, 1082 1154 OSSL_KDF_PARAM_INFO, 1083 1155 EVP_PKEY_OP_DERIVE, -
trunk/src/libs/openssl-3.1.7/crypto/evp/signature.c
r104078 r105945 1 1 /* 2 * Copyright 2006-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 404 404 405 405 if (ctx == NULL) { 406 ERR_raise(ERR_LIB_EVP, E VP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);407 return - 2;406 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); 407 return -1; 408 408 } 409 409 … … 635 635 636 636 if (ctx == NULL) { 637 ERR_raise(ERR_LIB_EVP, E VP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);638 return - 2;637 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); 638 return -1; 639 639 } 640 640 … … 647 647 goto legacy; 648 648 649 if (ctx->op.sig.signature->sign == NULL) { 650 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 651 return -2; 652 } 653 649 654 ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen, 650 655 (sig == NULL) ? 0 : *siglen, tbs, tbslen); … … 679 684 680 685 if (ctx == NULL) { 681 ERR_raise(ERR_LIB_EVP, E VP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);682 return - 2;686 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); 687 return -1; 683 688 } 684 689 … … 690 695 if (ctx->op.sig.algctx == NULL) 691 696 goto legacy; 697 698 if (ctx->op.sig.signature->verify == NULL) { 699 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 700 return -2; 701 } 692 702 693 703 ret = ctx->op.sig.signature->verify(ctx->op.sig.algctx, sig, siglen, … … 722 732 723 733 if (ctx == NULL) { 724 ERR_raise(ERR_LIB_EVP, E VP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);725 return - 2;734 ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); 735 return -1; 726 736 } 727 737 … … 733 743 if (ctx->op.sig.algctx == NULL) 734 744 goto legacy; 745 746 if (ctx->op.sig.signature->verify_recover == NULL) { 747 ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 748 return -2; 749 } 735 750 736 751 ret = ctx->op.sig.signature->verify_recover(ctx->op.sig.algctx, rout, -
trunk/src/libs/openssl-3.1.7/crypto/init.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 98 98 DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit) 99 99 { 100 #ifdef OPENSSL_INIT_DEBUG 100 #ifndef OPENSSL_NO_ATEXIT 101 # ifdef OPENSSL_INIT_DEBUG 101 102 fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n"); 102 # endif103 # ifndef OPENSSL_SYS_UEFI104 # if defined(_WIN32) && !defined(__BORLANDC__)103 # endif 104 # ifndef OPENSSL_SYS_UEFI 105 # if defined(_WIN32) && !defined(__BORLANDC__) 105 106 /* We use _onexit() in preference because it gets called on DLL unload */ 106 107 if (_onexit(win32atexit) == NULL) 107 108 return 0; 108 # else109 # else 109 110 if (atexit(OPENSSL_cleanup) != 0) 110 111 return 0; 112 # endif 111 113 # endif 112 114 #endif -
trunk/src/libs/openssl-3.1.7/crypto/o_str.c
r104078 r105945 1 1 /* 2 * Copyright 2003-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 230 230 size_t len = has_sep ? buflen * 3 : 1 + buflen * 2; 231 231 232 if (len == 0) 233 ++len; 232 234 if (strlength != NULL) 233 235 *strlength = len; … … 235 237 return 1; 236 238 237 if (str_n < (unsigned long)len) {239 if (str_n < len) { 238 240 ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER); 239 241 return 0; … … 247 249 *q++ = sep; 248 250 } 249 if (has_sep )251 if (has_sep && buflen > 0) 250 252 --q; 251 253 *q = CH_ZERO; 252 254 253 255 #ifdef CHARSET_EBCDIC 254 ebcdic2ascii(str, str, q - str - 1);256 ebcdic2ascii(str, str, q - str); 255 257 #endif 256 258 return 1; -
trunk/src/libs/openssl-3.1.7/crypto/objects/obj_dat.c
r104078 r105945 274 274 { 275 275 ASN1_OBJECT *o = NULL; 276 ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop ;276 ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop[4]; 277 277 int i; 278 278 … … 307 307 ao[i]->type = i; 308 308 ao[i]->obj = o; 309 aop = lh_ADDED_OBJ_insert(added, ao[i]); 310 /* memory leak, but should not normally matter */ 311 OPENSSL_free(aop); 309 aop[i] = lh_ADDED_OBJ_retrieve(added, ao[i]); 310 if (aop[i] != NULL) 311 aop[i]->type = -1; 312 (void)lh_ADDED_OBJ_insert(added, ao[i]); 313 if (lh_ADDED_OBJ_error(added)) { 314 if (aop[i] != NULL) 315 aop[i]->type = i; 316 while (i-- > ADDED_DATA) { 317 lh_ADDED_OBJ_delete(added, ao[i]); 318 if (aop[i] != NULL) 319 aop[i]->type = i; 320 } 321 ERR_raise(ERR_LIB_OBJ, ERR_R_CRYPTO_LIB); 322 goto err; 323 } 312 324 } 313 325 } -
trunk/src/libs/openssl-3.1.7/crypto/pkcs12/p12_crt.c
r104078 r105945 1 1 /* 2 * Copyright 1999-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 214 214 goto err; 215 215 if (nid_key != -1) { 216 /* This call does not take ownership of p8 */ 216 217 bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0, 217 218 iter, p8, ctx, propq); 219 } else { 220 bag = PKCS12_SAFEBAG_create0_p8inf(p8); 221 if (bag != NULL) 222 p8 = NULL; /* bag takes ownership of p8 */ 223 } 224 /* This does not need to be in the error path */ 225 if (p8 != NULL) 218 226 PKCS8_PRIV_KEY_INFO_free(p8); 219 } else 220 bag = PKCS12_SAFEBAG_create0_p8inf(p8); 221 222 if (!bag) 223 goto err; 224 225 if (!pkcs12_add_bag(pbags, bag)) 227 228 if (bag == NULL || !pkcs12_add_bag(pbags, bag)) 226 229 goto err; 227 230 -
trunk/src/libs/openssl-3.1.7/crypto/pkcs7/pk7_doit.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 1240 1240 { 1241 1241 X509_ATTRIBUTE *attr = NULL; 1242 int i, n; 1242 1243 1243 1244 if (*sk == NULL) { 1244 1245 if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) 1245 1246 return 0; 1246 new_attrib: 1247 if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) 1248 return 0; 1249 if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { 1250 X509_ATTRIBUTE_free(attr); 1251 return 0; 1252 } 1253 } else { 1254 int i; 1255 1256 for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { 1257 attr = sk_X509_ATTRIBUTE_value(*sk, i); 1258 if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { 1259 X509_ATTRIBUTE_free(attr); 1260 attr = X509_ATTRIBUTE_create(nid, atrtype, value); 1261 if (attr == NULL) 1262 return 0; 1263 if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { 1264 X509_ATTRIBUTE_free(attr); 1265 return 0; 1266 } 1267 goto end; 1268 } 1269 } 1270 goto new_attrib; 1271 } 1247 } 1248 n = sk_X509_ATTRIBUTE_num(*sk); 1249 for (i = 0; i < n; i++) { 1250 attr = sk_X509_ATTRIBUTE_value(*sk, i); 1251 if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) 1252 goto end; 1253 } 1254 if (!sk_X509_ATTRIBUTE_push(*sk, NULL)) 1255 return 0; 1256 1272 1257 end: 1258 attr = X509_ATTRIBUTE_create(nid, atrtype, value); 1259 if (attr == NULL) { 1260 if (i == n) 1261 sk_X509_ATTRIBUTE_pop(*sk); 1262 return 0; 1263 } 1264 X509_ATTRIBUTE_free(sk_X509_ATTRIBUTE_value(*sk, i)); 1265 (void) sk_X509_ATTRIBUTE_set(*sk, i, attr); 1273 1266 return 1; 1274 1267 } -
trunk/src/libs/openssl-3.1.7/crypto/property/property.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 4 4 * … … 97 97 DEFINE_SPARSE_ARRAY_OF(ALGORITHM); 98 98 99 DEFINE_STACK_OF(ALGORITHM) 100 99 101 typedef struct ossl_global_properties_st { 100 102 OSSL_PROPERTY_LIST *list; … … 462 464 } 463 465 464 struct alg_do_each_data_st { 465 void (*fn)(int id, void *method, void *fnarg); 466 void *fnarg; 467 }; 468 469 static void alg_do_each(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) 470 { 471 struct alg_do_each_data_st *data = arg; 472 int i, end = sk_IMPLEMENTATION_num(alg->impls); 473 474 for (i = 0; i < end; i++) { 475 IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i); 476 477 alg_do_one(alg, impl, data->fn, data->fnarg); 478 } 466 static void alg_copy(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) 467 { 468 STACK_OF(ALGORITHM) *newalg = arg; 469 470 (void)sk_ALGORITHM_push(newalg, alg); 479 471 } 480 472 … … 483 475 void *fnarg) 484 476 { 485 struct alg_do_each_data_st data; 486 487 data.fn = fn; 488 data.fnarg = fnarg; 489 if (store != NULL) 490 ossl_sa_ALGORITHM_doall_arg(store->algs, alg_do_each, &data); 477 int i, j; 478 int numalgs, numimps; 479 STACK_OF(ALGORITHM) *tmpalgs; 480 ALGORITHM *alg; 481 482 if (store != NULL) { 483 484 if (!ossl_property_read_lock(store)) 485 return; 486 487 tmpalgs = sk_ALGORITHM_new_reserve(NULL, 488 ossl_sa_ALGORITHM_num(store->algs)); 489 if (tmpalgs == NULL) { 490 ossl_property_unlock(store); 491 return; 492 } 493 494 ossl_sa_ALGORITHM_doall_arg(store->algs, alg_copy, tmpalgs); 495 ossl_property_unlock(store); 496 numalgs = sk_ALGORITHM_num(tmpalgs); 497 for (i = 0; i < numalgs; i++) { 498 alg = sk_ALGORITHM_value(tmpalgs, i); 499 numimps = sk_IMPLEMENTATION_num(alg->impls); 500 for (j = 0; j < numimps; j++) 501 alg_do_one(alg, sk_IMPLEMENTATION_value(alg->impls, j), fn, fnarg); 502 } 503 sk_ALGORITHM_free(tmpalgs); 504 } 491 505 } 492 506 … … 644 658 { 645 659 IMPL_CACHE_FLUSH *state = (IMPL_CACHE_FLUSH *)v; 660 unsigned long orig_down_load = lh_QUERY_get_down_load(alg->cache); 646 661 647 662 state->cache = alg->cache; 663 lh_QUERY_set_down_load(alg->cache, 0); 648 664 lh_QUERY_doall_IMPL_CACHE_FLUSH(state->cache, &impl_cache_flush_cache, 649 665 state); 666 lh_QUERY_set_down_load(alg->cache, orig_down_load); 650 667 } 651 668 -
trunk/src/libs/openssl-3.1.7/crypto/property/property_parse.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 4 4 * … … 15 15 #include "internal/propertyerr.h" 16 16 #include "internal/property.h" 17 #include "internal/numbers.h" 17 18 #include "crypto/ctype.h" 18 19 #include "internal/nelem.h" -
trunk/src/libs/openssl-3.1.7/crypto/provider_core.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 560 560 561 561 /* provider_new() generates an error, so no need here */ 562 if ((prov = provider_new(name, template.init, template.parameters)) == NULL) 562 prov = provider_new(name, template.init, template.parameters); 563 564 if (prov == NULL) 563 565 return NULL; 566 567 if (!ossl_provider_set_module_path(prov, template.path)) { 568 ossl_provider_free(prov); 569 return NULL; 570 } 564 571 565 572 prov->libctx = libctx; -
trunk/src/libs/openssl-3.1.7/crypto/rand/randfile.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 17 17 #endif 18 18 19 #include "internal/e_os.h" 19 20 #include "internal/cryptlib.h" 20 21 … … 213 214 */ 214 215 int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600); 215 if (fd != -1) 216 217 if (fd != -1) { 216 218 out = fdopen(fd, "wb"); 219 if (out == NULL) { 220 close(fd); 221 ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE, 222 "Filename=%s", file); 223 return -1; 224 } 225 } 217 226 } 218 227 #endif -
trunk/src/libs/openssl-3.1.7/crypto/rsa/rsa_oaep.c
r104078 r105945 1 1 /* 2 * Copyright 1999-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 187 187 mdlen = EVP_MD_get_size(md); 188 188 189 if (tlen <= 0 || flen <= 0 )189 if (tlen <= 0 || flen <= 0 || mdlen <= 0) 190 190 return -1; 191 191 /* -
trunk/src/libs/openssl-3.1.7/crypto/sha/build.info
r104078 r105945 89 89 # the static libcrypto.a has, and doesn't need it added again. 90 90 IF[{- !$disabled{module} && !$disabled{shared} -}] 91 DEFINE[../ providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF91 DEFINE[../../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF 92 92 ENDIF 93 93 -
trunk/src/libs/openssl-3.1.7/crypto/sm2/sm2_crypt.c
r104078 r105945 1 1 /* 2 * Copyright 2017-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2017 Ribose Inc. All Rights Reserved. 4 4 * Ported from Ribose contributions from Botan. … … 66 66 67 67 return field_size; 68 } 69 70 static int is_all_zeros(const unsigned char *msg, size_t msglen) 71 { 72 unsigned char re = 0; 73 size_t i; 74 75 for (i = 0; i < msglen; i++) { 76 re |= msg[i]; 77 } 78 79 return re == 0 ? 1 : 0; 68 80 } 69 81 … … 180 192 memset(ciphertext_buf, 0, *ciphertext_len); 181 193 194 msg_mask = OPENSSL_zalloc(msg_len); 195 if (msg_mask == NULL) { 196 ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE); 197 goto done; 198 } 199 200 again: 182 201 if (!BN_priv_rand_range_ex(k, order, 0, ctx)) { 183 202 ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); … … 199 218 } 200 219 201 msg_mask = OPENSSL_zalloc(msg_len);202 if (msg_mask == NULL) {203 ERR_raise(ERR_LIB_SM2, ERR_R_MALLOC_FAILURE);204 goto done;205 }206 207 220 /* X9.63 with no salt happens to match the KDF used in SM2 */ 208 221 if (!ossl_ecdh_kdf_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0, … … 210 223 ERR_raise(ERR_LIB_SM2, ERR_R_EVP_LIB); 211 224 goto done; 225 } 226 227 if (is_all_zeros(msg_mask, msg_len)) { 228 memset(x2y2, 0, 2 * field_size); 229 goto again; 212 230 } 213 231 … … 365 383 } 366 384 385 if (is_all_zeros(msg_mask, msg_len)) { 386 ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_ENCODING); 387 goto done; 388 } 389 367 390 for (i = 0; i != msg_len; ++i) 368 391 ptext_buf[i] = C2[i] ^ msg_mask[i]; -
trunk/src/libs/openssl-3.1.7/crypto/sm2/sm2_sign.c
r104078 r105945 1 1 /* 2 * Copyright 2017-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright 2017 Ribose Inc. All Rights Reserved. 4 4 * Ported from Ribose contributions from Botan. … … 29 29 int rc = 0; 30 30 const EC_GROUP *group = EC_KEY_get0_group(key); 31 const EC_POINT *pubkey = EC_KEY_get0_public_key(key); 31 32 BN_CTX *ctx = NULL; 32 33 EVP_MD_CTX *hash = NULL; … … 43 44 uint8_t e_byte = 0; 44 45 46 /* SM2 Signatures require a public key, check for it */ 47 if (pubkey == NULL) { 48 ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); 49 goto done; 50 } 51 45 52 hash = EVP_MD_CTX_new(); 46 53 ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(key)); … … 118 125 || !EVP_DigestUpdate(hash, buf, p_bytes) 119 126 || !EC_POINT_get_affine_coordinates(group, 120 EC_KEY_get0_public_key(key),127 pubkey, 121 128 xA, yA, ctx) 122 129 || BN_bn2binpad(xA, buf, p_bytes) < 0 … … 442 449 int ret = -1; 443 450 451 if (sig == NULL) { 452 ERR_raise(ERR_LIB_SM2, ERR_R_PASSED_NULL_PARAMETER); 453 goto done; 454 } 455 444 456 e = BN_bin2bn(dgst, dgstlen, NULL); 445 457 if (e == NULL) { … … 454 466 } 455 467 456 sigleni = i2d_ECDSA_SIG(s, sig != NULL ? &sig : NULL);468 sigleni = i2d_ECDSA_SIG(s, &sig); 457 469 if (sigleni < 0) { 458 470 ERR_raise(ERR_LIB_SM2, ERR_R_INTERNAL_ERROR); -
trunk/src/libs/openssl-3.1.7/crypto/sm4/build.info
r104078 r105945 26 26 # added again. 27 27 IF[{- !$disabled{module} && !$disabled{shared} -}] 28 DEFINE[../ providers/liblegacy.a]=$SM4DEF28 DEFINE[../../providers/liblegacy.a]=$SM4DEF 29 29 ENDIF 30 30 -
trunk/src/libs/openssl-3.1.7/crypto/x509/v3_addr.c
r104078 r105945 398 398 { 399 399 int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; 400 IPAddressOrRange *aor = IPAddressOrRange_new();400 IPAddressOrRange *aor; 401 401 402 402 if (prefixlen < 0 || prefixlen > (afilen * 8)) 403 403 return 0; 404 if ( aor== NULL)404 if ((aor = IPAddressOrRange_new()) == NULL) 405 405 return 0; 406 406 aor->type = IPAddressOrRange_addressPrefix; -
trunk/src/libs/openssl-3.1.7/crypto/x509/v3_utl.c
r104078 r105945 1 1 /* 2 * Copyright 1999-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 917 917 918 918 gen = sk_GENERAL_NAME_value(gens, i); 919 if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) { 920 if (OBJ_obj2nid(gen->d.otherName->type_id) == 921 NID_id_on_SmtpUTF8Mailbox) { 922 san_present = 1; 923 924 /* 925 * If it is not a UTF8String then that is unexpected and we 926 * treat it as no match 919 switch (gen->type) { 920 default: 921 continue; 922 case GEN_OTHERNAME: 923 switch (OBJ_obj2nid(gen->d.otherName->type_id)) { 924 default: 925 continue; 926 case NID_id_on_SmtpUTF8Mailbox: 927 /*- 928 * https://datatracker.ietf.org/doc/html/rfc8398#section-3 929 * 930 * Due to name constraint compatibility reasons described 931 * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT 932 * be used unless the local-part of the email address 933 * contains non-ASCII characters. When the local-part is 934 * ASCII, rfc822Name subjectAltName MUST be used instead 935 * of SmtpUTF8Mailbox. This is compatible with legacy 936 * software that supports only rfc822Name (and not 937 * SmtpUTF8Mailbox). [...] 938 * 939 * SmtpUTF8Mailbox is encoded as UTF8String. 940 * 941 * If it is not a UTF8String then that is unexpected, and 942 * we ignore the invalid SAN (neither set san_present nor 943 * consider it a candidate for equality). This does mean 944 * that the subject CN may be considered, as would be the 945 * case when the malformed SmtpUtf8Mailbox SAN is instead 946 * simply absent. 947 * 948 * When CN-ID matching is not desirable, applications can 949 * choose to turn it off, doing so is at this time a best 950 * practice. 927 951 */ 928 if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) { 929 cstr = gen->d.otherName->value->value.utf8string; 930 931 /* Positive on success, negative on error! */ 932 if ((rv = do_check_string(cstr, 0, equal, flags, 933 chk, chklen, peername)) != 0) 934 break; 935 } 936 } else 952 if (check_type != GEN_EMAIL 953 || gen->d.otherName->value->type != V_ASN1_UTF8STRING) 954 continue; 955 alt_type = 0; 956 cstr = gen->d.otherName->value->value.utf8string; 957 break; 958 } 959 break; 960 case GEN_EMAIL: 961 if (check_type != GEN_EMAIL) 937 962 continue; 938 } else { 939 if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME)) 963 cstr = gen->d.rfc822Name; 964 break; 965 case GEN_DNS: 966 if (check_type != GEN_DNS) 940 967 continue; 968 cstr = gen->d.dNSName; 969 break; 970 case GEN_IPADD: 971 if (check_type != GEN_IPADD) 972 continue; 973 cstr = gen->d.iPAddress; 974 break; 941 975 } 942 976 san_present = 1; 943 if (check_type == GEN_EMAIL)944 cstr = gen->d.rfc822Name;945 else if (check_type == GEN_DNS)946 cstr = gen->d.dNSName;947 else948 cstr = gen->d.iPAddress;949 977 /* Positive on success, negative on error! */ 950 978 if ((rv = do_check_string(cstr, alt_type, equal, flags, -
trunk/src/libs/openssl-3.1.7/crypto/x509/x_name.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 477 477 ltmp = ASN1_item_ex_i2d(&v, in, 478 478 ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); 479 if (ltmp < 0 )480 return ltmp;479 if (ltmp < 0 || len > INT_MAX - ltmp) 480 return -1; 481 481 len += ltmp; 482 482 } -
trunk/src/libs/openssl-3.1.7/test/bad_dtls_test.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 505 505 || !TEST_true(SSL_set_session(con, sess))) 506 506 goto end; 507 SSL_SESSION_free(sess);508 507 509 508 rbio = BIO_new(BIO_s_mem()); … … 593 592 594 593 end: 594 SSL_SESSION_free(sess); 595 595 BIO_free(rbio); 596 596 BIO_free(wbio); -
trunk/src/libs/openssl-3.1.7/test/build.info
r104078 r105945 41 41 evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ 42 42 evp_fetch_prov_test evp_libctx_test ossl_store_test \ 43 v3nametest v3ext punycode_test \43 v3nametest v3ext punycode_test evp_byname_test \ 44 44 crltest danetest bad_dtls_test lhash_test sparse_array_test \ 45 45 conf_include_test params_api_test params_conversion_test \ … … 306 306 DEPEND[punycode_test]=../libcrypto.a libtestutil.a 307 307 308 SOURCE[evp_byname_test]=evp_byname_test.c 309 INCLUDE[evp_byname_test]=../include ../apps/include 310 DEPEND[evp_byname_test]=../libcrypto libtestutil.a 311 308 312 SOURCE[stack_test]=stack_test.c 309 313 INCLUDE[stack_test]=../include ../apps/include … … 875 879 IF[{- $disabled{module} || !$target{dso_scheme} -}] 876 880 DEFINE[provider_test]=NO_PROVIDER_MODULE 881 DEFINE[prov_config_test]=NO_PROVIDER_MODULE 877 882 DEFINE[provider_internal_test]=NO_PROVIDER_MODULE 878 883 ENDIF -
trunk/src/libs/openssl-3.1.7/test/cmp_hdr_test.c
r104078 r105945 1 1 /* 2 * Copyright 2007-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright Nokia 2007-2019 4 4 * Copyright Siemens AG 2015-2019 … … 72 72 static int execute_HDR_get0_senderNonce_test(CMP_HDR_TEST_FIXTURE *fixture) 73 73 { 74 int res = 0; 74 75 X509_NAME *sender = X509_NAME_new(); 75 76 ASN1_OCTET_STRING *sn; 76 77 77 78 if (!TEST_ptr(sender)) 78 return 0;79 goto err; 79 80 80 81 X509_NAME_ADD(sender, "CN", "A common sender name"); 81 82 if (!TEST_int_eq(OSSL_CMP_CTX_set1_subjectName(fixture->cmp_ctx, sender), 82 83 1)) 83 return 0;84 goto err; 84 85 if (!TEST_int_eq(ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr), 85 86 1)) 86 return 0;87 goto err; 87 88 sn = ossl_cmp_hdr_get0_senderNonce(fixture->hdr); 88 89 if (!TEST_int_eq(ASN1_OCTET_STRING_cmp(fixture->cmp_ctx->senderNonce, sn), 89 90 0)) 90 return 0; 91 goto err; 92 93 res = 1; 94 err: 91 95 X509_NAME_free(sender); 92 return 1; 96 97 return res; 93 98 } 94 99 … … 103 108 static int execute_HDR_set1_sender_test(CMP_HDR_TEST_FIXTURE *fixture) 104 109 { 110 int res = 0; 105 111 X509_NAME *x509name = X509_NAME_new(); 106 112 107 113 if (!TEST_ptr(x509name)) 108 return 0;114 goto err; 109 115 110 116 X509_NAME_ADD(x509name, "CN", "A common sender name"); 111 117 if (!TEST_int_eq(ossl_cmp_hdr_set1_sender(fixture->hdr, x509name), 1)) 112 return 0; 118 goto err; 119 113 120 if (!TEST_int_eq(fixture->hdr->sender->type, GEN_DIRNAME)) 114 return 0;121 goto err; 115 122 116 123 if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->sender->d.directoryName, 117 124 x509name), 0)) 118 return 0; 119 125 goto err; 126 127 res = 1; 128 err: 120 129 X509_NAME_free(x509name); 121 return 1; 130 131 return res; 122 132 } 123 133 … … 132 142 static int execute_HDR_set1_recipient_test(CMP_HDR_TEST_FIXTURE *fixture) 133 143 { 144 int res = 0; 134 145 X509_NAME *x509name = X509_NAME_new(); 135 146 136 147 if (!TEST_ptr(x509name)) 137 return 0;148 goto err; 138 149 139 150 X509_NAME_ADD(x509name, "CN", "A common recipient name"); 140 151 if (!TEST_int_eq(ossl_cmp_hdr_set1_recipient(fixture->hdr, x509name), 1)) 141 return 0;152 goto err; 142 153 143 154 if (!TEST_int_eq(fixture->hdr->recipient->type, GEN_DIRNAME)) 144 return 0;155 goto err; 145 156 146 157 if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->recipient->d.directoryName, 147 158 x509name), 0)) 148 return 0; 149 159 goto err; 160 161 res = 1; 162 err: 150 163 X509_NAME_free(x509name); 151 return 1; 164 165 return res; 152 166 } 153 167 … … 204 218 205 219 if (!TEST_ptr(senderKID)) 206 return 0;220 goto err; 207 221 208 222 if (!TEST_int_eq(ASN1_OCTET_STRING_set(senderKID, rand_data, … … 266 280 267 281 if (!TEST_ptr(text)) 268 return 0;282 goto err; 269 283 270 284 if (!ASN1_STRING_set(text, "A free text", -1)) … … 281 295 err: 282 296 ASN1_UTF8STRING_free(text); 297 283 298 return res; 284 299 } -
trunk/src/libs/openssl-3.1.7/test/crltest.c
r104078 r105945 1 1 /* 2 * Copyright 2015-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 102 102 }; 103 103 104 static const char *kInvalidCRL[] = { 105 "-----BEGIN X509 CRL-----\n", 106 "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n", 107 "-----END X509 CRL-----\n", 108 NULL 109 }; 110 104 111 static const char *kBadIssuerCRL[] = { 105 112 "-----BEGIN X509 CRL-----\n", … … 372 379 } 373 380 374 static int test_reuse_crl(void) 375 { 376 X509_CRL *reused_crl = CRL_from_strings(kBasicCRL); 377 char *p; 378 BIO *b = glue2bio(kRevokedCRL, &p); 379 380 if (b == NULL) { 381 OPENSSL_free(p); 382 X509_CRL_free(reused_crl); 383 return 0; 381 static int test_reuse_crl(int idx) 382 { 383 X509_CRL *result, *reused_crl = CRL_from_strings(kBasicCRL); 384 X509_CRL *addref_crl = NULL; 385 char *p = NULL; 386 BIO *b = NULL; 387 int r = 0; 388 389 if (!TEST_ptr(reused_crl)) 390 goto err; 391 392 if (idx & 1) { 393 if (!TEST_true(X509_CRL_up_ref(reused_crl))) 394 goto err; 395 addref_crl = reused_crl; 384 396 } 385 397 386 reused_crl = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); 387 398 idx >>= 1; 399 b = glue2bio(idx == 2 ? kRevokedCRL : kInvalidCRL + idx, &p); 400 401 if (!TEST_ptr(b)) 402 goto err; 403 404 result = PEM_read_bio_X509_CRL(b, &reused_crl, NULL, NULL); 405 406 switch (idx) { 407 case 0: /* valid PEM + invalid DER */ 408 if (!TEST_ptr_null(result) 409 || !TEST_ptr_null(reused_crl)) 410 goto err; 411 break; 412 case 1: /* invalid PEM */ 413 if (!TEST_ptr_null(result) 414 || !TEST_ptr(reused_crl)) 415 goto err; 416 break; 417 case 2: 418 if (!TEST_ptr(result) 419 || !TEST_ptr(reused_crl) 420 || !TEST_ptr_eq(result, reused_crl)) 421 goto err; 422 break; 423 } 424 425 r = 1; 426 427 err: 388 428 OPENSSL_free(p); 389 429 BIO_free(b); 390 430 X509_CRL_free(reused_crl); 391 return 1; 431 X509_CRL_free(addref_crl); 432 return r; 392 433 } 393 434 … … 403 444 ADD_TEST(test_known_critical_crl); 404 445 ADD_ALL_TESTS(test_unknown_critical_crl, OSSL_NELEM(unknown_critical_crls)); 405 ADD_ TEST(test_reuse_crl);446 ADD_ALL_TESTS(test_reuse_crl, 6); 406 447 return 1; 407 448 } -
trunk/src/libs/openssl-3.1.7/test/ct_test.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 451 451 fixture->sct_list = sk_SCT_new_null(); 452 452 if (fixture->sct_list == NULL) 453 return 0; 453 { 454 tear_down(fixture); 455 return 0; 456 } 454 457 455 458 if (!TEST_ptr(sct = SCT_new_from_base64(SCT_VERSION_V1, log_id, 456 459 CT_LOG_ENTRY_TYPE_X509, timestamp, 457 460 extensions, signature))) 458 461 { 462 tear_down(fixture); 459 463 return 0; 464 } 460 465 461 466 sk_SCT_push(fixture->sct_list, sct); -
trunk/src/libs/openssl-3.1.7/test/dsatest.c
r104078 r105945 1 1 /* 2 * Copyright 1995-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 333 333 BIGNUM *badq = NULL, *badpriv = NULL; 334 334 const unsigned char msg[] = { 0x00 }; 335 unsigned int signature_len0; 335 336 unsigned int signature_len; 336 337 unsigned char signature[64]; … … 376 377 377 378 /* Test passing signature as NULL */ 378 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len, dsa))) 379 goto err; 380 381 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa))) 379 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), NULL, &signature_len0, dsa)) 380 || !TEST_int_gt(signature_len0, 0)) 381 goto err; 382 383 if (!TEST_true(DSA_sign(0, msg, sizeof(msg), signature, &signature_len, dsa)) 384 || !TEST_int_gt(signature_len, 0) 385 || !TEST_int_le(signature_len, signature_len0)) 382 386 goto err; 383 387 -
trunk/src/libs/openssl-3.1.7/test/ecdsatest.c
r104078 r105945 1 1 /* 2 * Copyright 2002-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved 4 4 * … … 351 351 { 352 352 int ret; 353 unsigned int siglen0; 353 354 unsigned int siglen; 354 355 unsigned char dgst[128] = { 0 }; 355 356 EC_KEY *eckey = NULL; 357 unsigned char *sig = NULL; 358 BIGNUM *kinv = NULL, *rp = NULL; 356 359 357 360 ret = TEST_ptr(eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)) 358 361 && TEST_int_eq(EC_KEY_generate_key(eckey), 1) 359 && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen, eckey), 1) 360 && TEST_int_gt(siglen, 0); 362 && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), NULL, &siglen0, 363 eckey), 1) 364 && TEST_int_gt(siglen0, 0) 365 && TEST_ptr(sig = OPENSSL_malloc(siglen0)) 366 && TEST_int_eq(ECDSA_sign(0, dgst, sizeof(dgst), sig, &siglen, 367 eckey), 1) 368 && TEST_int_gt(siglen, 0) 369 && TEST_int_le(siglen, siglen0) 370 && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, 371 eckey), 1) 372 && TEST_int_eq(ECDSA_sign_setup(eckey, NULL, &kinv, &rp), 1) 373 && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), NULL, &siglen, 374 kinv, rp, eckey), 1) 375 && TEST_int_gt(siglen, 0) 376 && TEST_int_le(siglen, siglen0) 377 && TEST_int_eq(ECDSA_sign_ex(0, dgst, sizeof(dgst), sig, &siglen0, 378 kinv, rp, eckey), 1) 379 && TEST_int_eq(siglen, siglen0) 380 && TEST_int_eq(ECDSA_verify(0, dgst, sizeof(dgst), sig, siglen, 381 eckey), 1); 361 382 EC_KEY_free(eckey); 383 OPENSSL_free(sig); 384 BN_free(kinv); 385 BN_free(rp); 362 386 return ret; 363 387 } -
trunk/src/libs/openssl-3.1.7/test/ecstresstest.c
r104078 r105945 1 1 /* 2 * Copyright 2017-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"); … … 80 80 group)) 81 81 || !TEST_ptr(result = walk_curve(group, point, num_repeats))) 82 return 0;82 goto err; 83 83 84 84 if (print_mode) { -
trunk/src/libs/openssl-3.1.7/test/endecode_test.c
r104078 r105945 1 1 /* 2 * Copyright 2020-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 1033 1033 IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitTri2G, "EC") 1034 1034 # endif 1035 # ifndef OPENSSL_NO_SM2 1036 KEYS(SM2); 1037 IMPLEMENT_TEST_SUITE(SM2, "SM2", 0) 1038 # endif 1035 1039 KEYS(ED25519); 1036 1040 IMPLEMENT_TEST_SUITE(ED25519, "ED25519", 1) … … 1338 1342 1339 1343 /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ 1340 is_fips_3_0_0 = fips_provider_version_eq(testctx, 3, 0, 0); 1341 if (is_fips_3_0_0 < 0) 1342 return 0; 1344 is_fips_3_0_0 = is_fips && fips_provider_version_eq(testctx, 3, 0, 0); 1343 1345 1344 1346 #ifdef STATIC_LEGACY … … 1398 1400 MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit); 1399 1401 # endif 1402 # ifndef OPENSSL_NO_SM2 1403 MAKE_KEYS(SM2, "SM2", NULL); 1404 # endif 1400 1405 MAKE_KEYS(ED25519, "ED25519", NULL); 1401 1406 MAKE_KEYS(ED448, "ED448", NULL); … … 1444 1449 ADD_TEST_SUITE_LEGACY(ECExplicitTri2G); 1445 1450 # endif 1451 # ifndef OPENSSL_NO_SM2 1452 if (!is_fips_3_0_0) { 1453 /* 3.0.0 FIPS provider imports explicit EC params and then fails. */ 1454 ADD_TEST_SUITE(SM2); 1455 } 1456 # endif 1446 1457 ADD_TEST_SUITE(ED25519); 1447 1458 ADD_TEST_SUITE(ED448); … … 1501 1512 FREE_DOMAIN_KEYS(ECExplicitTri2G); 1502 1513 # endif 1514 # ifndef OPENSSL_NO_SM2 1515 FREE_KEYS(SM2); 1516 # endif 1503 1517 FREE_KEYS(ED25519); 1504 1518 FREE_KEYS(ED448); -
trunk/src/libs/openssl-3.1.7/test/evp_extra_test.c
r104078 r105945 1101 1101 eckey = NULL; 1102 1102 1103 while (dup_pk == NULL) {1103 for (;;) { 1104 1104 ret = 0; 1105 1105 ctx = EVP_MD_CTX_new(); … … 1117 1117 ctx = NULL; 1118 1118 1119 if (dup_pk != NULL) 1120 break; 1121 1119 1122 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1120 1123 goto err; … … 1126 1129 goto err; 1127 1130 } 1131 ret = 1; 1128 1132 1129 1133 err: … … 2555 2559 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 2556 2560 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 2561 }; 2562 size_t expectedlen = sizeof(expected); 2563 2564 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2565 goto done; 2566 2567 outlen = sizeof(out); 2568 memset(out, 0, outlen); 2569 2570 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2571 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2572 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2573 sizeof(salt) - 1), 0) 2574 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2575 sizeof(key) - 1), 0) 2576 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2577 sizeof(info) - 1), 0) 2578 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2579 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2580 goto done; 2581 2582 ret = 1; 2583 2584 done: 2585 EVP_PKEY_CTX_free(pctx); 2586 2587 return ret; 2588 } 2589 2590 static int test_empty_salt_info_HKDF(void) 2591 { 2592 EVP_PKEY_CTX *pctx; 2593 unsigned char out[20]; 2594 size_t outlen; 2595 int ret = 0; 2596 unsigned char salt[] = ""; 2597 unsigned char key[] = "012345678901234567890123456789"; 2598 unsigned char info[] = ""; 2599 const unsigned char expected[] = { 2600 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 2601 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, 2557 2602 }; 2558 2603 size_t expectedlen = sizeof(expected); … … 4676 4721 static int test_custom_md_meth(void) 4677 4722 { 4723 ASN1_OBJECT *o = NULL; 4678 4724 EVP_MD_CTX *mdctx = NULL; 4679 4725 EVP_MD *tmp = NULL; … … 4721 4767 goto err; 4722 4768 4769 if (!TEST_int_eq(OBJ_create("1.3.6.1.4.1.16604.998866.1", 4770 "custom-md", "custom-md"), NID_undef) 4771 || !TEST_int_eq(ERR_GET_LIB(ERR_peek_error()), ERR_LIB_OBJ) 4772 || !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), OBJ_R_OID_EXISTS)) 4773 goto err; 4774 4775 o = ASN1_OBJECT_create(nid, (unsigned char *) 4776 "\53\6\1\4\1\201\201\134\274\373\122\1", 12, 4777 "custom-md", "custom-md"); 4778 if (!TEST_int_eq(OBJ_add_object(o), nid)) 4779 goto err; 4780 4723 4781 testresult = 1; 4724 4782 err: 4783 ASN1_OBJECT_free(o); 4725 4784 EVP_MD_CTX_free(mdctx); 4726 4785 EVP_MD_meth_free(tmp); … … 5307 5366 #endif 5308 5367 5368 static int test_invalid_ctx_for_digest(void) 5369 { 5370 int ret; 5371 EVP_MD_CTX *mdctx; 5372 5373 mdctx = EVP_MD_CTX_new(); 5374 if (!TEST_ptr(mdctx)) 5375 return 0; 5376 5377 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 5378 ret = 0; 5379 else 5380 ret = 1; 5381 5382 EVP_MD_CTX_free(mdctx); 5383 5384 return ret; 5385 } 5386 5309 5387 int setup_tests(void) 5310 5388 { … … 5384 5462 ADD_TEST(test_HKDF); 5385 5463 ADD_TEST(test_emptyikm_HKDF); 5464 ADD_TEST(test_empty_salt_info_HKDF); 5386 5465 #ifndef OPENSSL_NO_EC 5387 5466 ADD_TEST(test_X509_PUBKEY_inplace); … … 5471 5550 #endif 5472 5551 5552 ADD_TEST(test_invalid_ctx_for_digest); 5553 5473 5554 return 1; 5474 5555 } -
trunk/src/libs/openssl-3.1.7/test/evp_kdf_test.c
r104078 r105945 1859 1859 } 1860 1860 1861 /* Test that changing the KBKDF algorithm from KMAC to HMAC works correctly */ 1862 static int test_kbkdf_mac_change(void) 1863 { 1864 int ret = 0; 1865 EVP_KDF_CTX *kctx = NULL; 1866 OSSL_PARAM params[9], *p = params; 1867 /* Test data taken from the evptest corpus */ 1868 int l = 0, sep = 0, r = 8; 1869 static /* const */ unsigned char key[] = { 1870 0x3e, 0xdc, 0x6b, 0x5b, 0x8f, 0x7a, 0xad, 0xbd, 1871 0x71, 0x37, 0x32, 0xb4, 0x82, 0xb8, 0xf9, 0x79, 1872 0x28, 0x6e, 0x1e, 0xa3, 0xb8, 0xf8, 0xf9, 0x9c, 1873 0x30, 0xc8, 0x84, 0xcf, 0xe3, 0x34, 0x9b, 0x83 1874 }; 1875 static /* const */ unsigned char info[] = { 1876 0x98, 0xe9, 0x98, 0x8b, 0xb4, 0xcc, 0x8b, 0x34, 1877 0xd7, 0x92, 0x2e, 0x1c, 0x68, 0xad, 0x69, 0x2b, 1878 0xa2, 0xa1, 0xd9, 0xae, 0x15, 0x14, 0x95, 0x71, 1879 0x67, 0x5f, 0x17, 0xa7, 0x7a, 0xd4, 0x9e, 0x80, 1880 0xc8, 0xd2, 0xa8, 0x5e, 0x83, 0x1a, 0x26, 0x44, 1881 0x5b, 0x1f, 0x0f, 0xf4, 0x4d, 0x70, 0x84, 0xa1, 1882 0x72, 0x06, 0xb4, 0x89, 0x6c, 0x81, 0x12, 0xda, 1883 0xad, 0x18, 0x60, 0x5a 1884 }; 1885 static const unsigned char output[] = { 1886 0x6c, 0x03, 0x76, 0x52, 0x99, 0x06, 0x74, 0xa0, 1887 0x78, 0x44, 0x73, 0x2d, 0x0a, 0xd9, 0x85, 0xf9 1888 }; 1889 unsigned char out[sizeof(output)]; 1890 1891 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, 1892 OSSL_MAC_NAME_KMAC128, 0); 1893 params[1] = OSSL_PARAM_construct_end(); 1894 if (!TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_KBKDF)) 1895 || !TEST_true(EVP_KDF_CTX_set_params(kctx, params))) 1896 goto err; 1897 1898 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "COUNTER", 0); 1899 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "HMAC", 0); 1900 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0); 1901 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_L, &l); 1902 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR, &sep); 1903 *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_KBKDF_R, &r); 1904 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, 1905 key, sizeof(key)); 1906 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, 1907 info, sizeof(info)); 1908 *p = OSSL_PARAM_construct_end(); 1909 if (!TEST_true(EVP_KDF_derive(kctx, out, sizeof(out), params)) 1910 || !TEST_mem_eq(out, sizeof(out), output, sizeof(output))) 1911 goto err; 1912 1913 ret = 1; 1914 err: 1915 EVP_KDF_CTX_free(kctx); 1916 return ret; 1917 } 1918 1861 1919 int setup_tests(void) 1862 1920 { … … 1920 1978 #endif 1921 1979 ADD_TEST(test_kdf_krb5kdf); 1980 ADD_TEST(test_kbkdf_mac_change); 1922 1981 return 1; 1923 1982 } -
trunk/src/libs/openssl-3.1.7/test/evp_pkey_provided_test.c
r104078 r105945 390 390 goto err; 391 391 392 while (dup_pk == NULL) {392 for (;;) { 393 393 ret = 0; 394 394 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 32) … … 418 418 && test_print_key_using_encoder("RSA", pk); 419 419 420 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 420 if (!ret || dup_pk != NULL) 421 break; 422 423 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 421 424 goto err; 422 425 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); … … 603 606 goto err; 604 607 605 while (dup_pk == NULL) {608 for (;;) { 606 609 ret = 0; 607 610 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) … … 683 686 && test_print_key_using_encoder("DH", pk); 684 687 685 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 688 if (!ret || dup_pk != NULL) 689 break; 690 691 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 686 692 goto err; 687 693 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); … … 784 790 goto err; 785 791 786 while (dup_pk == NULL) {792 for (;;) { 787 793 ret = 0; 788 794 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) … … 858 864 && test_print_key_using_encoder("DH", pk); 859 865 860 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 866 if (!ret || dup_pk != NULL) 867 break; 868 869 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 861 870 goto err; 862 871 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); … … 1091 1100 goto err; 1092 1101 1093 while (dup_pk == NULL) {1102 for (;;) { 1094 1103 ret = 0; 1095 1104 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), bits) … … 1146 1155 && test_print_key_using_encoder(alg, pk); 1147 1156 1148 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 1157 if (!ret || dup_pk != NULL) 1158 break; 1159 1160 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 1149 1161 goto err; 1150 1162 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); … … 1263 1275 goto err; 1264 1276 1265 while (dup_pk == NULL) {1277 for (;;) { 1266 1278 ret = 0; 1267 1279 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 256) … … 1301 1313 || !TEST_BN_eq(group_b, b)) 1302 1314 goto err; 1315 1316 EC_GROUP_free(group); 1317 group = NULL; 1318 BN_free(group_p); 1319 group_p = NULL; 1320 BN_free(group_a); 1321 group_a = NULL; 1322 BN_free(group_b); 1323 group_b = NULL; 1303 1324 1304 1325 if (!EVP_PKEY_get_utf8_string_param(pk, OSSL_PKEY_PARAM_GROUP_NAME, … … 1330 1351 && test_print_key_using_encoder(alg, pk); 1331 1352 1332 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 1353 if (!ret || dup_pk != NULL) 1354 break; 1355 1356 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 1333 1357 goto err; 1334 1358 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); … … 1576 1600 goto err; 1577 1601 1578 while (dup_pk == NULL) {1602 for (;;) { 1579 1603 ret = 0; 1580 1604 if (!TEST_int_eq(EVP_PKEY_get_bits(pk), 2048) … … 1625 1649 || !TEST_int_eq(pcounter, pcounter_out)) 1626 1650 goto err; 1627 BN_free(p );1628 p = NULL;1629 BN_free(q );1630 q = NULL;1631 BN_free(g );1632 g = NULL;1651 BN_free(p_out); 1652 p_out = NULL; 1653 BN_free(q_out); 1654 q_out = NULL; 1655 BN_free(g_out); 1656 g_out = NULL; 1633 1657 BN_free(j_out); 1634 1658 j_out = NULL; … … 1658 1682 && test_print_key_using_encoder("DSA", pk); 1659 1683 1660 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 1684 if (!ret || dup_pk != NULL) 1685 break; 1686 1687 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 1661 1688 goto err; 1662 1689 ret = ret && TEST_int_eq(EVP_PKEY_eq(pk, dup_pk), 1); -
trunk/src/libs/openssl-3.1.7/test/evp_test.c
r104078 r105945 2791 2791 return 0; 2792 2792 p = strchr(name, ':'); 2793 if (p != NULL) 2793 if (p == NULL) 2794 p = ""; 2795 else 2794 2796 *p++ = '\0'; 2795 2797 … … 2802 2804 2803 2805 rv = OSSL_PARAM_allocate_from_text(kdata->p, defs, name, p, 2804 p != NULL ? strlen(p) : 0, NULL);2806 strlen(p), NULL); 2805 2807 *++kdata->p = OSSL_PARAM_construct_end(); 2806 2808 if (!rv) { … … 2809 2811 return 0; 2810 2812 } 2811 if ( p != NULL &&strcmp(name, "digest") == 0) {2813 if (strcmp(name, "digest") == 0) { 2812 2814 if (is_digest_disabled(p)) { 2813 2815 TEST_info("skipping, '%s' is disabled", p); … … 2816 2818 goto end; 2817 2819 } 2818 if (p != NULL 2819 &&(strcmp(name, "cipher") == 02820 2820 2821 if ((strcmp(name, "cipher") == 0 2822 || strcmp(name, "cekalg") == 0) 2821 2823 && is_cipher_disabled(p)) { 2822 2824 TEST_info("skipping, '%s' is disabled", p); … … 2824 2826 goto end; 2825 2827 } 2826 if (p != NULL 2827 && (strcmp(name, "mac") == 0) 2828 if ((strcmp(name, "mac") == 0) 2828 2829 && is_mac_disabled(p)) { 2829 2830 TEST_info("skipping, '%s' is disabled", p); -
trunk/src/libs/openssl-3.1.7/test/helpers/handshake.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 348 348 349 349 len = strlen(protos); 350 351 if (len == 0) { 352 *out = NULL; 353 *outlen = 0; 354 return 1; 355 } 350 356 351 357 /* Should never have reuse. */ -
trunk/src/libs/openssl-3.1.7/test/helpers/ssltestlib.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 8 8 */ 9 9 10 /* 11 * We need access to the deprecated low level ENGINE APIs for legacy purposes 12 * when the deprecated calls are not hidden 13 */ 14 #ifndef OPENSSL_NO_DEPRECATED_3_0 15 # define OPENSSL_SUPPRESS_DEPRECATED 16 #endif 17 10 18 #include <string.h> 11 19 20 #include <openssl/engine.h> 12 21 #include "internal/nelem.h" 13 22 #include "ssltestlib.h" … … 1183 1192 SSL_free(clientssl); 1184 1193 } 1194 1195 ENGINE *load_dasync(void) 1196 { 1197 #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 1198 ENGINE *e; 1199 1200 if (!TEST_ptr(e = ENGINE_by_id("dasync"))) 1201 return NULL; 1202 1203 if (!TEST_true(ENGINE_init(e))) { 1204 ENGINE_free(e); 1205 return NULL; 1206 } 1207 1208 if (!TEST_true(ENGINE_register_ciphers(e))) { 1209 ENGINE_free(e); 1210 return NULL; 1211 } 1212 1213 return e; 1214 #else 1215 return NULL; 1216 #endif 1217 } -
trunk/src/libs/openssl-3.1.7/test/helpers/ssltestlib.h
r104078 r105945 1 1 /* 2 * Copyright 2016-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 60 60 DEFINE_STACK_OF(MEMPACKET) 61 61 62 ENGINE *load_dasync(void); 62 63 #endif /* OSSL_TEST_SSLTESTLIB_H */ -
trunk/src/libs/openssl-3.1.7/test/hexstr_test.c
r104078 r105945 1 1 /* 2 * Copyright 2020-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"); … … 121 121 return TEST_true(OPENSSL_hexstr2buf_ex(buf, sizeof(buf), &len, test->in, ':')) 122 122 && TEST_mem_eq(buf, len, test->expected, test->expected_len) 123 && TEST_false(OPENSSL_buf2hexstr_ex(out, 3 * len - 1, NULL, buf, len, 124 ':')) 123 125 && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, len, 124 ':')) 125 && TEST_str_eq(out, test->in); 126 ':')) 127 && TEST_str_eq(out, test->in) 128 && TEST_true(OPENSSL_buf2hexstr_ex(out, sizeof(out), NULL, buf, 0, 129 ':')) 130 && TEST_size_t_eq(strlen(out), 0); 126 131 } 127 132 -
trunk/src/libs/openssl-3.1.7/test/keymgmt_internal_test.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 225 225 goto err; 226 226 227 while (dup_pk == NULL) {227 for (;;) { 228 228 ret = 0; 229 229 km = km3; … … 256 256 257 257 ret = (ret == OSSL_NELEM(expected)); 258 if (!ret || !TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 258 259 if (!ret || dup_pk != NULL) 260 break; 261 262 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pk))) 259 263 goto err; 260 264 -
trunk/src/libs/openssl-3.1.7/test/pkey_meth_kdf_test.c
r104078 r105945 1 1 /* 2 * Copyright 2017-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 17 17 #include "testutil.h" 18 18 19 static int test_kdf_tls1_prf( void)19 static int test_kdf_tls1_prf(int index) 20 20 { 21 21 int ret = 0; … … 41 41 goto err; 42 42 } 43 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 44 (unsigned char *)"seed", 4) <= 0) { 45 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 46 goto err; 43 if (index == 0) { 44 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 45 (unsigned char *)"seed", 4) <= 0) { 46 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 47 goto err; 48 } 49 } else { 50 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 51 (unsigned char *)"se", 2) <= 0) { 52 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 53 goto err; 54 } 55 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, 56 (unsigned char *)"ed", 2) <= 0) { 57 TEST_error("EVP_PKEY_CTX_add1_tls1_prf_seed"); 58 goto err; 59 } 47 60 } 48 61 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { … … 66 79 } 67 80 68 static int test_kdf_hkdf( void)81 static int test_kdf_hkdf(int index) 69 82 { 70 83 int ret = 0; … … 95 108 goto err; 96 109 } 97 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) 98 <= 0) { 99 TEST_error("EVP_PKEY_CTX_set1_hkdf_info"); 100 goto err; 110 if (index == 0) { 111 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"label", 5) 112 <= 0) { 113 TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); 114 goto err; 115 } 116 } else { 117 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"lab", 3) 118 <= 0) { 119 TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); 120 goto err; 121 } 122 if (EVP_PKEY_CTX_add1_hkdf_info(pctx, (const unsigned char *)"el", 2) 123 <= 0) { 124 TEST_error("EVP_PKEY_CTX_add1_hkdf_info"); 125 goto err; 126 } 101 127 } 102 128 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) { … … 196 222 int setup_tests(void) 197 223 { 198 ADD_TEST(test_kdf_tls1_prf); 199 ADD_TEST(test_kdf_hkdf); 224 int tests = 1; 225 226 if (fips_provider_version_ge(NULL, 3, 3, 1)) 227 tests = 2; 228 229 ADD_ALL_TESTS(test_kdf_tls1_prf, tests); 230 ADD_ALL_TESTS(test_kdf_hkdf, tests); 200 231 #ifndef OPENSSL_NO_SCRYPT 201 232 ADD_TEST(test_kdf_scrypt); -
trunk/src/libs/openssl-3.1.7/test/prov_config_test.c
r104078 r105945 1 1 /* 2 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 8 8 */ 9 9 10 #include <sys/stat.h> 10 11 #include <openssl/evp.h> 11 12 #include <openssl/conf.h> … … 14 15 static char *configfile = NULL; 15 16 static char *recurseconfigfile = NULL; 17 static char *pathedconfig = NULL; 16 18 17 19 /* … … 25 27 EVP_MD *sha256 = NULL; 26 28 27 if (!TEST_ptr(configfile))28 return 0;29 29 if (!TEST_ptr(ctx)) 30 30 return 0; 31 31 32 32 if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) 33 return 0;33 goto err; 34 34 if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, configfile))) 35 return 0;35 goto err; 36 36 37 37 /* Check we can actually fetch something */ … … 53 53 unsigned long err; 54 54 55 if (!TEST_ptr(recurseconfigfile))56 goto err;57 58 55 if (!TEST_ptr(ctx)) 59 56 goto err; … … 66 63 if (ERR_GET_REASON(err) == CONF_R_RECURSIVE_SECTION_REFERENCE) 67 64 testresult = 1; 65 err: 66 OSSL_LIB_CTX_free(ctx); 67 return testresult; 68 } 69 70 #define P_TEST_PATH "/../test/p_test.so" 71 static int test_path_config(void) 72 { 73 OSSL_LIB_CTX *ctx = NULL; 74 OSSL_PROVIDER *prov; 75 int testresult = 0; 76 struct stat sbuf; 77 char *module_path = getenv("OPENSSL_MODULES"); 78 char *full_path = NULL; 79 int rc; 80 81 if (!TEST_ptr(module_path)) 82 return 0; 83 84 full_path = OPENSSL_zalloc(strlen(module_path) + strlen(P_TEST_PATH) + 1); 85 if (!TEST_ptr(full_path)) 86 return 0; 87 88 strcpy(full_path, module_path); 89 full_path = strcat(full_path, P_TEST_PATH); 90 TEST_info("full path is %s", full_path); 91 rc = stat(full_path, &sbuf); 92 OPENSSL_free(full_path); 93 if (rc == -1) 94 return TEST_skip("Skipping modulepath test as provider not present"); 95 96 if (!TEST_ptr(pathedconfig)) 97 return 0; 98 99 ctx = OSSL_LIB_CTX_new(); 100 if (!TEST_ptr(ctx)) 101 return 0; 102 103 if (!TEST_true(OSSL_LIB_CTX_load_config(ctx, pathedconfig))) 104 goto err; 105 106 /* attempt to manually load the test provider */ 107 if (!TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "test"))) 108 goto err; 109 110 OSSL_PROVIDER_unload(prov); 111 112 testresult = 1; 68 113 err: 69 114 OSSL_LIB_CTX_free(ctx); … … 86 131 return 0; 87 132 133 if (!TEST_ptr(pathedconfig = test_get_argument(2))) 134 return 0; 135 88 136 ADD_TEST(test_recursive_config); 89 137 ADD_TEST(test_double_config); 138 ADD_TEST(test_path_config); 90 139 return 1; 91 140 } -
trunk/src/libs/openssl-3.1.7/test/provider_fallback_test.c
r104078 r105945 1 1 /* 2 * Copyright 2020-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 40 40 41 41 ok = TEST_ptr(ctx = OSSL_LIB_CTX_new()) 42 && TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default")) 43 && test_provider(ctx) 44 && TEST_true(OSSL_PROVIDER_unload(prov)); 42 && TEST_ptr(prov = OSSL_PROVIDER_load(ctx, "default")); 43 44 if (ok) { 45 ok = test_provider(ctx); 46 if (ok) 47 ok = TEST_true(OSSL_PROVIDER_unload(prov)); 48 else 49 OSSL_PROVIDER_unload(prov); 50 } 45 51 46 52 OSSL_LIB_CTX_free(ctx); -
trunk/src/libs/openssl-3.1.7/test/provider_internal_test.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 23 23 static int test_provider(OSSL_PROVIDER *prov, const char *expected_greeting) 24 24 { 25 const char *greeting = NULL;25 const char *greeting = "no greeting received"; 26 26 int ret = 0; 27 27 -
trunk/src/libs/openssl-3.1.7/test/provider_status_test.c
r104078 r105945 1 1 /* 2 * Copyright 2020-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 15 15 #include <openssl/self_test.h> 16 16 #include <openssl/evp.h> 17 #include <openssl/rsa.h> 17 18 #include "testutil.h" 18 19 … … 148 149 OSSL_PARAM params[2]; 149 150 EVP_MD *fetch = NULL; 151 EVP_PKEY_CTX *pctx = NULL; 152 EVP_PKEY *pkey = NULL; 150 153 151 154 if (!TEST_ptr(prov = OSSL_PROVIDER_load(libctx, provider_name))) … … 164 167 EVP_MD_free(fetch); 165 168 fetch = NULL; 169 /* Use RNG before triggering on-demand self tests */ 170 if (!TEST_ptr((pctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", NULL))) 171 || !TEST_int_gt(EVP_PKEY_keygen_init(pctx), 0) 172 || !TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, 2048), 0) 173 || !TEST_int_gt(EVP_PKEY_keygen(pctx, &pkey), 0)) 174 goto err; 175 EVP_PKEY_free(pkey); 176 EVP_PKEY_CTX_free(pctx); 177 pkey = NULL; 178 pctx = NULL; 166 179 167 180 /* Test that the provider self test is ok */ -
trunk/src/libs/openssl-3.1.7/test/provider_test.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 198 198 if (!TEST_true(OSSL_PROVIDER_add_builtin(libctx, name, 199 199 PROVIDER_INIT_FUNCTION_NAME))) { 200 OSSL_PROVIDER_unload(legacy); 200 201 OSSL_LIB_CTX_free(libctx); 201 202 return 0; -
trunk/src/libs/openssl-3.1.7/test/recipes/03-test_fipsinstall.t
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2019-202 3The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 207 207 '-provider_name', 'fips', '-mac_name', 'HMAC', 208 208 '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", 209 '-section_name', 'fips_sect', '-corrupt_desc', 'SHA 1'])),209 '-section_name', 'fips_sect', '-corrupt_desc', 'SHA2'])), 210 210 "fipsinstall fails when the digest result is corrupted"); 211 211 -
trunk/src/libs/openssl-3.1.7/test/recipes/04-test_conf.t
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2017-202 1The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 19 19 'dollarid_on.cnf' => 'dollarid_on.txt', 20 20 'dollarid_off.cnf' => 'dollarid_off.txt', 21 'oversized_line.cnf' => 'oversized_line.txt', 21 22 ); 22 23 -
trunk/src/libs/openssl-3.1.7/test/recipes/25-test_eai_data.t
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2019-202 1The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 22 22 #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem 23 23 24 plan tests => 1 2;24 plan tests => 16; 25 25 26 26 require_ok(srctop_file('test','recipes','tconversion.pl')); … … 29 29 my $ascii_pem = srctop_file($folder, "ascii_leaf.pem"); 30 30 my $utf8_pem = srctop_file($folder, "utf8_leaf.pem"); 31 my $kdc_pem = srctop_file($folder, "kdc-cert.pem"); 31 32 32 33 my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem"); 33 34 my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem"); 35 my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem"); 34 36 35 37 my $out; … … 57 59 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem]))); 58 60 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem]))); 61 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem]))); 59 62 60 63 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem]))); 61 64 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem]))); 65 66 # Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated). 67 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem]))); 68 # Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated). 69 ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", '[email protected]', "-CAfile", $kdc_chain_pem, $kdc_pem]))); 70 # We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String. 71 ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", '[email protected]', "-CAfile", $kdc_chain_pem, $kdc_pem]))); 62 72 63 73 #Check that we get the expected failure return code -
trunk/src/libs/openssl-3.1.7/test/recipes/25-test_req.t
r104078 r105945 16 16 setup("test_req"); 17 17 18 plan tests => 49;18 plan tests => 50; 19 19 20 20 require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); … … 54 54 ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); 55 55 ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); 56 ok(run(app([@addext_args, "-addext", "subjectAltName=dirName:dirname_sec"]))); 56 57 57 58 # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. -
trunk/src/libs/openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_dsa.txt
r104078 r105945 1 1 # 2 # Copyright 2001-202 3The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 271 271 # Test sign with a 2048 bit key with N == 160 is not allowed in fips mode 272 272 Availablein = fips 273 FIPSversion = <3.4.0 273 274 DigestSign = SHA256 274 275 Key = DSA-2048-160 … … 325 326 # Test sign with a 1024 bit key is not allowed in fips mode 326 327 Availablein = fips 328 FIPSversion = <3.4.0 327 329 DigestSign = SHA256 328 330 Securitycheck = 1 … … 341 343 # Test sign with a 3072 bit key with N == 224 is not allowed in fips mode 342 344 Availablein = fips 345 FIPSversion = <3.4.0 343 346 DigestSign = SHA256 344 347 Securitycheck = 1 … … 349 352 # Test sign with a 4096 bit key is not allowed in fips mode 350 353 Availablein = fips 354 FIPSversion = <3.4.0 351 355 DigestSign = SHA256 352 356 Securitycheck = 1 -
trunk/src/libs/openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
r104078 r105945 1 1 # 2 # Copyright 2001-202 2The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 217 217 # Test that SHA1 is not allowed in fips mode for signing 218 218 Availablein = fips 219 FIPSversion = <3.4.0 219 220 Sign = P-256 220 221 Securitycheck = 1 -
trunk/src/libs/openssl-3.1.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
r104078 r105945 1 1 # 2 # Copyright 2001-202 2The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 1345 1345 # Signing with SHA1 is not allowed in fips mode 1346 1346 Availablein = fips 1347 FIPSversion = <3.4.0 1347 1348 DigestSign = SHA1 1348 1349 Securitycheck = 1 -
trunk/src/libs/openssl-3.1.7/test/recipes/30-test_prov_config.t
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 24 24 25 25 ok(run(test(["prov_config_test", srctop_file("test", "default.cnf"), 26 srctop_file("test", "recursive.cnf")])), 26 srctop_file("test", "recursive.cnf"), 27 srctop_file("test", "pathed.cnf")])), 27 28 "running prov_config_test default.cnf"); 28 29 … … 31 32 32 33 ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf"), 33 srctop_file("test", "recursive.cnf")])), 34 srctop_file("test", "recursive.cnf"), 35 srctop_file("test", "pathed.cnf")])), 34 36 "running prov_config_test fips.cnf"); 35 37 } -
trunk/src/libs/openssl-3.1.7/test/recipes/80-test_pkcs12.t
r104078 r105945 55 55 $ENV{OPENSSL_WIN32_UTF8}=1; 56 56 57 plan tests => 17;57 plan tests => 20; 58 58 59 59 # Test different PKCS#12 formats … … 163 163 "test bad pkcs12 file 1 (nomacver)"); 164 164 165 ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:", 166 "-info"])), 167 "test bad pkcs12 file 1 (info)"); 168 165 169 ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:"])), 166 170 "test bad pkcs12 file 2"); 167 171 172 ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:", 173 "-info"])), 174 "test bad pkcs12 file 2 (info)"); 175 168 176 ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:"])), 169 177 "test bad pkcs12 file 3"); 178 179 ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:", 180 "-info"])), 181 "test bad pkcs12 file 3 (info)"); 170 182 }); 171 183 -
trunk/src/libs/openssl-3.1.7/test/recipes/90-test_shlibload.t
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2016-202 1The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 24 24 plan skip_all => "Test only supported in a dso build" if disabled("dso"); 25 25 plan skip_all => "Test is disabled in an address sanitizer build" unless disabled("asan"); 26 plan skip_all => "Test is disabled in no-atexit build" if disabled("atexit"); 26 27 27 28 plan tests => 10; -
trunk/src/libs/openssl-3.1.7/test/recipes/90-test_sslapi.t
r104078 r105945 1 1 #! /usr/bin/env perl 2 # Copyright 2016-202 3The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 8 8 9 9 use OpenSSL::Test::Utils; 10 use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file /;10 use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file result_dir result_file/; 11 11 use File::Temp qw(tempfile); 12 12 … … 14 14 setup("test_sslapi"); 15 15 } 16 17 use lib srctop_dir('Configurations');18 use lib bldtop_dir('.');19 16 20 17 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); … … 26 23 # A modified copy of "fipsmodule.cnf" 27 24 my $fipsmodcfgnew_filename = "fipsmodule_mod.cnf"; 28 my $fipsmodcfgnew = bldtop_file("test",$fipsmodcfgnew_filename);25 my $fipsmodcfgnew = result_file($fipsmodcfgnew_filename); 29 26 30 27 # A modified copy of "fips-and-base.cnf" 31 my $provconfnew = bldtop_file("test", "temp.cnf");28 my $provconfnew = result_file("fips-and-base-temp.cnf"); 32 29 33 30 plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" … … 52 49 if $no_fips; 53 50 51 # NOTE that because by default we setup fips provider in pedantic mode, 52 # with >= 3.1.0 this just runs test_no_ems() to check that the connection 53 # fails if ems is not used and the fips check is enabled. 54 54 ok(run(test(["sslapitest", srctop_dir("test", "certs"), 55 55 srctop_file("test", "recipes", "90-test_sslapi_data", … … 60 60 "90-test_sslapi_data", 61 61 "dhparams.pem")])), 62 "running sslapitest ");62 "running sslapitest with default fips config"); 63 63 64 64 run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]), … … 71 71 # value in $repl and output to a new file $outfile. 72 72 sub replace_line_file_internal { 73 73 74 74 my ($infile, $srch, $repl, $outfile) = @_; 75 75 my $msg; … … 86 86 return 1; 87 87 } 88 88 89 89 # Read in the text input file $infile 90 90 # and replace a single Key = Value line with a new value in $value. … … 103 103 return replace_line_file_internal($infile, $srch, $rep, $outfile); 104 104 } 105 105 106 106 # Read in the text $input file 107 107 # and search for the $key and replace with $newkey … … 115 115 } 116 116 117 # In order to enable the tls1-prf-ems-check=1 in a fips config file 117 # The default fipsmodule.cnf in tests is set with -pedantic. 118 # In order to enable the tls1-prf-ems-check=0 in a fips config file 118 119 # copy the existing fipsmodule.cnf and modify it. 119 120 # Then copy fips-and-base.cfg to make a file that includes the changed file 120 # NOTE that this just runs test_no_ems() to check that the connection 121 # fails if ems is not used and the fips check is enabled. 121 $ENV{OPENSSL_CONF_INCLUDE} = result_dir(); 122 122 ok(replace_kv_file($fipsmodcfg, 123 'tls1-prf-ems-check', ' 1',123 'tls1-prf-ems-check', '0', 124 124 $fipsmodcfgnew) 125 125 && replace_line_file($provconf, … … 135 135 "90-test_sslapi_data", 136 136 "dhparams.pem")])), 137 "running sslapitest"); 138 139 unlink $fipsmodcfgnew; 140 unlink $provconfnew; 137 "running sslapitest with modified fips config"); 141 138 } 142 139 -
trunk/src/libs/openssl-3.1.7/test/sm2_internal_test.c
r104078 r105945 1 1 /* 2 * Copyright 2017-202 1The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 306 306 const char *k_hex, 307 307 const char *r_hex, 308 const char *s_hex) 308 const char *s_hex, 309 int omit_pubkey) 309 310 { 310 311 const size_t msg_len = strlen(message); … … 328 329 goto done; 329 330 330 pt = EC_POINT_new(group); 331 if (!TEST_ptr(pt) 332 || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) 333 || !TEST_true(EC_KEY_set_public_key(key, pt))) 334 goto done; 331 if (omit_pubkey == 0) { 332 pt = EC_POINT_new(group); 333 if (!TEST_ptr(pt) 334 || !TEST_true(EC_POINT_mul(group, pt, priv, NULL, NULL, NULL)) 335 || !TEST_true(EC_KEY_set_public_key(key, pt))) 336 goto done; 337 } 335 338 336 339 start_fake_rand(k_hex); … … 393 396 "007c47811054c6f99613a578eb8453706ccb96384fe7df5c171671e760bfa8be3a", 394 397 "40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1", 395 "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"))) 398 "6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7", 0))) 399 goto done; 400 401 /* Make sure we fail if we omit the public portion of the key */ 402 if (!TEST_false(test_sm2_sign( 403 test_group, 404 /* the default ID specified in GM/T 0009-2012 (Sec. 10).*/ 405 SM2_DEFAULT_USERID, 406 /* privkey */ 407 "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8", 408 /* plaintext message */ 409 "message digest", 410 /* ephemeral nonce k */ 411 "59276E27D506861A16680F3AD9C02DCCEF3CC1FA3CDBE4CE6D54B80DEAC1BC21", 412 /* expected signature, */ 413 /* signature R, 0x20 bytes */ 414 "F5A03B0648D2C4630EEAC513E1BB81A15944DA3827D5B74143AC7EACEEE720B3", 415 /* signature S, 0x20 bytes */ 416 "B1B6AA29DF212FD8763182BC0D421CA1BB9038FD1F7F42D4840B69C485BBC1AA", 1))) 396 417 goto done; 397 418 -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/08-npn.cnf
r104078 r105945 1 1 # Generated with generate_ssl_tests.pl 2 2 3 num_tests = 2 03 num_tests = 22 4 4 5 5 test-0 = 0-npn-simple … … 9 9 test-4 = 4-npn-no-server-support 10 10 test-5 = 5-npn-no-client-support 11 test-6 = 6-npn-with-sni-no-context-switch 12 test-7 = 7-npn-with-sni-context-switch 13 test-8 = 8-npn-selected-sni-server-supports-npn 14 test-9 = 9-npn-selected-sni-server-does-not-support-npn 15 test-10 = 10-alpn-preferred-over-npn 16 test-11 = 11-sni-npn-preferred-over-alpn 17 test-12 = 12-npn-simple-resumption 18 test-13 = 13-npn-server-switch-resumption 19 test-14 = 14-npn-client-switch-resumption 20 test-15 = 15-npn-client-first-pref-on-mismatch-resumption 21 test-16 = 16-npn-no-server-support-resumption 22 test-17 = 17-npn-no-client-support-resumption 23 test-18 = 18-alpn-preferred-over-npn-resumption 24 test-19 = 19-npn-used-if-alpn-not-supported-resumption 11 test-6 = 6-npn-empty-client-list 12 test-7 = 7-npn-empty-server-list 13 test-8 = 8-npn-with-sni-no-context-switch 14 test-9 = 9-npn-with-sni-context-switch 15 test-10 = 10-npn-selected-sni-server-supports-npn 16 test-11 = 11-npn-selected-sni-server-does-not-support-npn 17 test-12 = 12-alpn-preferred-over-npn 18 test-13 = 13-sni-npn-preferred-over-alpn 19 test-14 = 14-npn-simple-resumption 20 test-15 = 15-npn-server-switch-resumption 21 test-16 = 16-npn-client-switch-resumption 22 test-17 = 17-npn-client-first-pref-on-mismatch-resumption 23 test-18 = 18-npn-no-server-support-resumption 24 test-19 = 19-npn-no-client-support-resumption 25 test-20 = 20-alpn-preferred-over-npn-resumption 26 test-21 = 21-npn-used-if-alpn-not-supported-resumption 25 27 # =========================================================== 26 28 … … 207 209 # =========================================================== 208 210 209 [6-npn-with-sni-no-context-switch] 210 ssl_conf = 6-npn-with-sni-no-context-switch-ssl 211 212 [6-npn-with-sni-no-context-switch-ssl] 213 server = 6-npn-with-sni-no-context-switch-server 214 client = 6-npn-with-sni-no-context-switch-client 215 server2 = 6-npn-with-sni-no-context-switch-server2 216 217 [6-npn-with-sni-no-context-switch-server] 218 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 219 CipherString = DEFAULT 220 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 221 222 [6-npn-with-sni-no-context-switch-server2] 223 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 224 CipherString = DEFAULT 225 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 226 227 [6-npn-with-sni-no-context-switch-client] 211 [6-npn-empty-client-list] 212 ssl_conf = 6-npn-empty-client-list-ssl 213 214 [6-npn-empty-client-list-ssl] 215 server = 6-npn-empty-client-list-server 216 client = 6-npn-empty-client-list-client 217 218 [6-npn-empty-client-list-server] 219 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 220 CipherString = DEFAULT 221 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 222 223 [6-npn-empty-client-list-client] 228 224 CipherString = DEFAULT 229 225 MaxProtocol = TLSv1.2 … … 232 228 233 229 [test-6] 230 ExpectedClientAlert = HandshakeFailure 231 ExpectedResult = ClientFail 232 server = 6-npn-empty-client-list-server-extra 233 client = 6-npn-empty-client-list-client-extra 234 235 [6-npn-empty-client-list-server-extra] 236 NPNProtocols = foo 237 238 [6-npn-empty-client-list-client-extra] 239 NPNProtocols = 240 241 242 # =========================================================== 243 244 [7-npn-empty-server-list] 245 ssl_conf = 7-npn-empty-server-list-ssl 246 247 [7-npn-empty-server-list-ssl] 248 server = 7-npn-empty-server-list-server 249 client = 7-npn-empty-server-list-client 250 251 [7-npn-empty-server-list-server] 252 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 253 CipherString = DEFAULT 254 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 255 256 [7-npn-empty-server-list-client] 257 CipherString = DEFAULT 258 MaxProtocol = TLSv1.2 259 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 260 VerifyMode = Peer 261 262 [test-7] 263 ExpectedNPNProtocol = foo 264 server = 7-npn-empty-server-list-server-extra 265 client = 7-npn-empty-server-list-client-extra 266 267 [7-npn-empty-server-list-server-extra] 268 NPNProtocols = 269 270 [7-npn-empty-server-list-client-extra] 271 NPNProtocols = foo 272 273 274 # =========================================================== 275 276 [8-npn-with-sni-no-context-switch] 277 ssl_conf = 8-npn-with-sni-no-context-switch-ssl 278 279 [8-npn-with-sni-no-context-switch-ssl] 280 server = 8-npn-with-sni-no-context-switch-server 281 client = 8-npn-with-sni-no-context-switch-client 282 server2 = 8-npn-with-sni-no-context-switch-server2 283 284 [8-npn-with-sni-no-context-switch-server] 285 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 286 CipherString = DEFAULT 287 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 288 289 [8-npn-with-sni-no-context-switch-server2] 290 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 291 CipherString = DEFAULT 292 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 293 294 [8-npn-with-sni-no-context-switch-client] 295 CipherString = DEFAULT 296 MaxProtocol = TLSv1.2 297 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 298 VerifyMode = Peer 299 300 [test-8] 234 301 ExpectedNPNProtocol = foo 235 302 ExpectedServerName = server1 236 server = 6-npn-with-sni-no-context-switch-server-extra237 server2 = 6-npn-with-sni-no-context-switch-server2-extra238 client = 6-npn-with-sni-no-context-switch-client-extra239 240 [ 6-npn-with-sni-no-context-switch-server-extra]303 server = 8-npn-with-sni-no-context-switch-server-extra 304 server2 = 8-npn-with-sni-no-context-switch-server2-extra 305 client = 8-npn-with-sni-no-context-switch-client-extra 306 307 [8-npn-with-sni-no-context-switch-server-extra] 241 308 NPNProtocols = foo 242 309 ServerNameCallback = IgnoreMismatch 243 310 244 [ 6-npn-with-sni-no-context-switch-server2-extra]245 NPNProtocols = bar 246 247 [ 6-npn-with-sni-no-context-switch-client-extra]311 [8-npn-with-sni-no-context-switch-server2-extra] 312 NPNProtocols = bar 313 314 [8-npn-with-sni-no-context-switch-client-extra] 248 315 NPNProtocols = foo,bar 249 316 ServerName = server1 … … 252 319 # =========================================================== 253 320 254 [ 7-npn-with-sni-context-switch]255 ssl_conf = 7-npn-with-sni-context-switch-ssl256 257 [ 7-npn-with-sni-context-switch-ssl]258 server = 7-npn-with-sni-context-switch-server259 client = 7-npn-with-sni-context-switch-client260 server2 = 7-npn-with-sni-context-switch-server2261 262 [ 7-npn-with-sni-context-switch-server]263 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 264 CipherString = DEFAULT 265 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 266 267 [ 7-npn-with-sni-context-switch-server2]268 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 269 CipherString = DEFAULT 270 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 271 272 [ 7-npn-with-sni-context-switch-client]273 CipherString = DEFAULT 274 MaxProtocol = TLSv1.2 275 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 276 VerifyMode = Peer 277 278 [test- 7]321 [9-npn-with-sni-context-switch] 322 ssl_conf = 9-npn-with-sni-context-switch-ssl 323 324 [9-npn-with-sni-context-switch-ssl] 325 server = 9-npn-with-sni-context-switch-server 326 client = 9-npn-with-sni-context-switch-client 327 server2 = 9-npn-with-sni-context-switch-server2 328 329 [9-npn-with-sni-context-switch-server] 330 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 331 CipherString = DEFAULT 332 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 333 334 [9-npn-with-sni-context-switch-server2] 335 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 336 CipherString = DEFAULT 337 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 338 339 [9-npn-with-sni-context-switch-client] 340 CipherString = DEFAULT 341 MaxProtocol = TLSv1.2 342 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 343 VerifyMode = Peer 344 345 [test-9] 279 346 ExpectedNPNProtocol = bar 280 347 ExpectedServerName = server2 281 server = 7-npn-with-sni-context-switch-server-extra282 server2 = 7-npn-with-sni-context-switch-server2-extra283 client = 7-npn-with-sni-context-switch-client-extra284 285 [ 7-npn-with-sni-context-switch-server-extra]348 server = 9-npn-with-sni-context-switch-server-extra 349 server2 = 9-npn-with-sni-context-switch-server2-extra 350 client = 9-npn-with-sni-context-switch-client-extra 351 352 [9-npn-with-sni-context-switch-server-extra] 286 353 NPNProtocols = foo 287 354 ServerNameCallback = IgnoreMismatch 288 355 289 [ 7-npn-with-sni-context-switch-server2-extra]290 NPNProtocols = bar 291 292 [ 7-npn-with-sni-context-switch-client-extra]356 [9-npn-with-sni-context-switch-server2-extra] 357 NPNProtocols = bar 358 359 [9-npn-with-sni-context-switch-client-extra] 293 360 NPNProtocols = foo,bar 294 361 ServerName = server2 … … 297 364 # =========================================================== 298 365 299 [ 8-npn-selected-sni-server-supports-npn]300 ssl_conf = 8-npn-selected-sni-server-supports-npn-ssl301 302 [ 8-npn-selected-sni-server-supports-npn-ssl]303 server = 8-npn-selected-sni-server-supports-npn-server304 client = 8-npn-selected-sni-server-supports-npn-client305 server2 = 8-npn-selected-sni-server-supports-npn-server2306 307 [ 8-npn-selected-sni-server-supports-npn-server]308 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 309 CipherString = DEFAULT 310 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 311 312 [ 8-npn-selected-sni-server-supports-npn-server2]313 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 314 CipherString = DEFAULT 315 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 316 317 [ 8-npn-selected-sni-server-supports-npn-client]318 CipherString = DEFAULT 319 MaxProtocol = TLSv1.2 320 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 321 VerifyMode = Peer 322 323 [test- 8]366 [10-npn-selected-sni-server-supports-npn] 367 ssl_conf = 10-npn-selected-sni-server-supports-npn-ssl 368 369 [10-npn-selected-sni-server-supports-npn-ssl] 370 server = 10-npn-selected-sni-server-supports-npn-server 371 client = 10-npn-selected-sni-server-supports-npn-client 372 server2 = 10-npn-selected-sni-server-supports-npn-server2 373 374 [10-npn-selected-sni-server-supports-npn-server] 375 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 376 CipherString = DEFAULT 377 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 378 379 [10-npn-selected-sni-server-supports-npn-server2] 380 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 381 CipherString = DEFAULT 382 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 383 384 [10-npn-selected-sni-server-supports-npn-client] 385 CipherString = DEFAULT 386 MaxProtocol = TLSv1.2 387 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 388 VerifyMode = Peer 389 390 [test-10] 324 391 ExpectedNPNProtocol = bar 325 392 ExpectedServerName = server2 326 server = 8-npn-selected-sni-server-supports-npn-server-extra327 server2 = 8-npn-selected-sni-server-supports-npn-server2-extra328 client = 8-npn-selected-sni-server-supports-npn-client-extra329 330 [ 8-npn-selected-sni-server-supports-npn-server-extra]393 server = 10-npn-selected-sni-server-supports-npn-server-extra 394 server2 = 10-npn-selected-sni-server-supports-npn-server2-extra 395 client = 10-npn-selected-sni-server-supports-npn-client-extra 396 397 [10-npn-selected-sni-server-supports-npn-server-extra] 331 398 ServerNameCallback = IgnoreMismatch 332 399 333 [ 8-npn-selected-sni-server-supports-npn-server2-extra]334 NPNProtocols = bar 335 336 [ 8-npn-selected-sni-server-supports-npn-client-extra]400 [10-npn-selected-sni-server-supports-npn-server2-extra] 401 NPNProtocols = bar 402 403 [10-npn-selected-sni-server-supports-npn-client-extra] 337 404 NPNProtocols = foo,bar 338 405 ServerName = server2 … … 341 408 # =========================================================== 342 409 343 [ 9-npn-selected-sni-server-does-not-support-npn]344 ssl_conf = 9-npn-selected-sni-server-does-not-support-npn-ssl345 346 [ 9-npn-selected-sni-server-does-not-support-npn-ssl]347 server = 9-npn-selected-sni-server-does-not-support-npn-server348 client = 9-npn-selected-sni-server-does-not-support-npn-client349 server2 = 9-npn-selected-sni-server-does-not-support-npn-server2350 351 [ 9-npn-selected-sni-server-does-not-support-npn-server]352 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 353 CipherString = DEFAULT 354 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 355 356 [ 9-npn-selected-sni-server-does-not-support-npn-server2]357 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 358 CipherString = DEFAULT 359 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 360 361 [ 9-npn-selected-sni-server-does-not-support-npn-client]362 CipherString = DEFAULT 363 MaxProtocol = TLSv1.2 364 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 365 VerifyMode = Peer 366 367 [test- 9]410 [11-npn-selected-sni-server-does-not-support-npn] 411 ssl_conf = 11-npn-selected-sni-server-does-not-support-npn-ssl 412 413 [11-npn-selected-sni-server-does-not-support-npn-ssl] 414 server = 11-npn-selected-sni-server-does-not-support-npn-server 415 client = 11-npn-selected-sni-server-does-not-support-npn-client 416 server2 = 11-npn-selected-sni-server-does-not-support-npn-server2 417 418 [11-npn-selected-sni-server-does-not-support-npn-server] 419 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 420 CipherString = DEFAULT 421 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 422 423 [11-npn-selected-sni-server-does-not-support-npn-server2] 424 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 425 CipherString = DEFAULT 426 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 427 428 [11-npn-selected-sni-server-does-not-support-npn-client] 429 CipherString = DEFAULT 430 MaxProtocol = TLSv1.2 431 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 432 VerifyMode = Peer 433 434 [test-11] 368 435 ExpectedServerName = server2 369 server = 9-npn-selected-sni-server-does-not-support-npn-server-extra370 client = 9-npn-selected-sni-server-does-not-support-npn-client-extra371 372 [ 9-npn-selected-sni-server-does-not-support-npn-server-extra]436 server = 11-npn-selected-sni-server-does-not-support-npn-server-extra 437 client = 11-npn-selected-sni-server-does-not-support-npn-client-extra 438 439 [11-npn-selected-sni-server-does-not-support-npn-server-extra] 373 440 NPNProtocols = bar 374 441 ServerNameCallback = IgnoreMismatch 375 442 376 [ 9-npn-selected-sni-server-does-not-support-npn-client-extra]443 [11-npn-selected-sni-server-does-not-support-npn-client-extra] 377 444 NPNProtocols = foo,bar 378 445 ServerName = server2 … … 381 448 # =========================================================== 382 449 383 [1 0-alpn-preferred-over-npn]384 ssl_conf = 1 0-alpn-preferred-over-npn-ssl385 386 [1 0-alpn-preferred-over-npn-ssl]387 server = 1 0-alpn-preferred-over-npn-server388 client = 1 0-alpn-preferred-over-npn-client389 390 [1 0-alpn-preferred-over-npn-server]391 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 392 CipherString = DEFAULT 393 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 394 395 [1 0-alpn-preferred-over-npn-client]396 CipherString = DEFAULT 397 MaxProtocol = TLSv1.2 398 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 399 VerifyMode = Peer 400 401 [test-1 0]450 [12-alpn-preferred-over-npn] 451 ssl_conf = 12-alpn-preferred-over-npn-ssl 452 453 [12-alpn-preferred-over-npn-ssl] 454 server = 12-alpn-preferred-over-npn-server 455 client = 12-alpn-preferred-over-npn-client 456 457 [12-alpn-preferred-over-npn-server] 458 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 459 CipherString = DEFAULT 460 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 461 462 [12-alpn-preferred-over-npn-client] 463 CipherString = DEFAULT 464 MaxProtocol = TLSv1.2 465 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 466 VerifyMode = Peer 467 468 [test-12] 402 469 ExpectedALPNProtocol = foo 403 server = 1 0-alpn-preferred-over-npn-server-extra404 client = 1 0-alpn-preferred-over-npn-client-extra405 406 [1 0-alpn-preferred-over-npn-server-extra]470 server = 12-alpn-preferred-over-npn-server-extra 471 client = 12-alpn-preferred-over-npn-client-extra 472 473 [12-alpn-preferred-over-npn-server-extra] 407 474 ALPNProtocols = foo 408 475 NPNProtocols = bar 409 476 410 [1 0-alpn-preferred-over-npn-client-extra]477 [12-alpn-preferred-over-npn-client-extra] 411 478 ALPNProtocols = foo 412 479 NPNProtocols = bar … … 415 482 # =========================================================== 416 483 417 [1 1-sni-npn-preferred-over-alpn]418 ssl_conf = 1 1-sni-npn-preferred-over-alpn-ssl419 420 [1 1-sni-npn-preferred-over-alpn-ssl]421 server = 1 1-sni-npn-preferred-over-alpn-server422 client = 1 1-sni-npn-preferred-over-alpn-client423 server2 = 1 1-sni-npn-preferred-over-alpn-server2424 425 [1 1-sni-npn-preferred-over-alpn-server]426 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 427 CipherString = DEFAULT 428 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 429 430 [1 1-sni-npn-preferred-over-alpn-server2]431 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 432 CipherString = DEFAULT 433 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 434 435 [1 1-sni-npn-preferred-over-alpn-client]436 CipherString = DEFAULT 437 MaxProtocol = TLSv1.2 438 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 439 VerifyMode = Peer 440 441 [test-1 1]484 [13-sni-npn-preferred-over-alpn] 485 ssl_conf = 13-sni-npn-preferred-over-alpn-ssl 486 487 [13-sni-npn-preferred-over-alpn-ssl] 488 server = 13-sni-npn-preferred-over-alpn-server 489 client = 13-sni-npn-preferred-over-alpn-client 490 server2 = 13-sni-npn-preferred-over-alpn-server2 491 492 [13-sni-npn-preferred-over-alpn-server] 493 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 494 CipherString = DEFAULT 495 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 496 497 [13-sni-npn-preferred-over-alpn-server2] 498 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 499 CipherString = DEFAULT 500 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 501 502 [13-sni-npn-preferred-over-alpn-client] 503 CipherString = DEFAULT 504 MaxProtocol = TLSv1.2 505 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 506 VerifyMode = Peer 507 508 [test-13] 442 509 ExpectedNPNProtocol = bar 443 510 ExpectedServerName = server2 444 server = 1 1-sni-npn-preferred-over-alpn-server-extra445 server2 = 1 1-sni-npn-preferred-over-alpn-server2-extra446 client = 1 1-sni-npn-preferred-over-alpn-client-extra447 448 [1 1-sni-npn-preferred-over-alpn-server-extra]511 server = 13-sni-npn-preferred-over-alpn-server-extra 512 server2 = 13-sni-npn-preferred-over-alpn-server2-extra 513 client = 13-sni-npn-preferred-over-alpn-client-extra 514 515 [13-sni-npn-preferred-over-alpn-server-extra] 449 516 ALPNProtocols = foo 450 517 ServerNameCallback = IgnoreMismatch 451 518 452 [1 1-sni-npn-preferred-over-alpn-server2-extra]453 NPNProtocols = bar 454 455 [1 1-sni-npn-preferred-over-alpn-client-extra]519 [13-sni-npn-preferred-over-alpn-server2-extra] 520 NPNProtocols = bar 521 522 [13-sni-npn-preferred-over-alpn-client-extra] 456 523 ALPNProtocols = foo 457 524 NPNProtocols = bar … … 461 528 # =========================================================== 462 529 463 [1 2-npn-simple-resumption]464 ssl_conf = 1 2-npn-simple-resumption-ssl465 466 [1 2-npn-simple-resumption-ssl]467 server = 1 2-npn-simple-resumption-server468 client = 1 2-npn-simple-resumption-client469 resume-server = 1 2-npn-simple-resumption-server470 resume-client = 1 2-npn-simple-resumption-client471 472 [1 2-npn-simple-resumption-server]473 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 474 CipherString = DEFAULT 475 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 476 477 [1 2-npn-simple-resumption-client]478 CipherString = DEFAULT 479 MaxProtocol = TLSv1.2 480 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 481 VerifyMode = Peer 482 483 [test-1 2]530 [14-npn-simple-resumption] 531 ssl_conf = 14-npn-simple-resumption-ssl 532 533 [14-npn-simple-resumption-ssl] 534 server = 14-npn-simple-resumption-server 535 client = 14-npn-simple-resumption-client 536 resume-server = 14-npn-simple-resumption-server 537 resume-client = 14-npn-simple-resumption-client 538 539 [14-npn-simple-resumption-server] 540 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 541 CipherString = DEFAULT 542 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 543 544 [14-npn-simple-resumption-client] 545 CipherString = DEFAULT 546 MaxProtocol = TLSv1.2 547 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 548 VerifyMode = Peer 549 550 [test-14] 484 551 ExpectedNPNProtocol = foo 485 552 HandshakeMode = Resume 486 553 ResumptionExpected = Yes 487 server = 1 2-npn-simple-resumption-server-extra488 resume-server = 1 2-npn-simple-resumption-server-extra489 client = 1 2-npn-simple-resumption-client-extra490 resume-client = 1 2-npn-simple-resumption-client-extra491 492 [1 2-npn-simple-resumption-server-extra]493 NPNProtocols = foo 494 495 [1 2-npn-simple-resumption-client-extra]496 NPNProtocols = foo 497 498 499 # =========================================================== 500 501 [1 3-npn-server-switch-resumption]502 ssl_conf = 1 3-npn-server-switch-resumption-ssl503 504 [1 3-npn-server-switch-resumption-ssl]505 server = 1 3-npn-server-switch-resumption-server506 client = 1 3-npn-server-switch-resumption-client507 resume-server = 1 3-npn-server-switch-resumption-resume-server508 resume-client = 1 3-npn-server-switch-resumption-client509 510 [1 3-npn-server-switch-resumption-server]511 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 512 CipherString = DEFAULT 513 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 514 515 [1 3-npn-server-switch-resumption-resume-server]516 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 517 CipherString = DEFAULT 518 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 519 520 [1 3-npn-server-switch-resumption-client]521 CipherString = DEFAULT 522 MaxProtocol = TLSv1.2 523 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 524 VerifyMode = Peer 525 526 [test-1 3]554 server = 14-npn-simple-resumption-server-extra 555 resume-server = 14-npn-simple-resumption-server-extra 556 client = 14-npn-simple-resumption-client-extra 557 resume-client = 14-npn-simple-resumption-client-extra 558 559 [14-npn-simple-resumption-server-extra] 560 NPNProtocols = foo 561 562 [14-npn-simple-resumption-client-extra] 563 NPNProtocols = foo 564 565 566 # =========================================================== 567 568 [15-npn-server-switch-resumption] 569 ssl_conf = 15-npn-server-switch-resumption-ssl 570 571 [15-npn-server-switch-resumption-ssl] 572 server = 15-npn-server-switch-resumption-server 573 client = 15-npn-server-switch-resumption-client 574 resume-server = 15-npn-server-switch-resumption-resume-server 575 resume-client = 15-npn-server-switch-resumption-client 576 577 [15-npn-server-switch-resumption-server] 578 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 579 CipherString = DEFAULT 580 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 581 582 [15-npn-server-switch-resumption-resume-server] 583 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 584 CipherString = DEFAULT 585 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 586 587 [15-npn-server-switch-resumption-client] 588 CipherString = DEFAULT 589 MaxProtocol = TLSv1.2 590 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 591 VerifyMode = Peer 592 593 [test-15] 527 594 ExpectedNPNProtocol = baz 528 595 HandshakeMode = Resume 529 596 ResumptionExpected = Yes 530 server = 1 3-npn-server-switch-resumption-server-extra531 resume-server = 1 3-npn-server-switch-resumption-resume-server-extra532 client = 1 3-npn-server-switch-resumption-client-extra533 resume-client = 1 3-npn-server-switch-resumption-client-extra534 535 [1 3-npn-server-switch-resumption-server-extra]597 server = 15-npn-server-switch-resumption-server-extra 598 resume-server = 15-npn-server-switch-resumption-resume-server-extra 599 client = 15-npn-server-switch-resumption-client-extra 600 resume-client = 15-npn-server-switch-resumption-client-extra 601 602 [15-npn-server-switch-resumption-server-extra] 536 603 NPNProtocols = bar,foo 537 604 538 [1 3-npn-server-switch-resumption-resume-server-extra]605 [15-npn-server-switch-resumption-resume-server-extra] 539 606 NPNProtocols = baz,foo 540 607 541 [1 3-npn-server-switch-resumption-client-extra]608 [15-npn-server-switch-resumption-client-extra] 542 609 NPNProtocols = foo,bar,baz 543 610 … … 545 612 # =========================================================== 546 613 547 [1 4-npn-client-switch-resumption]548 ssl_conf = 1 4-npn-client-switch-resumption-ssl549 550 [1 4-npn-client-switch-resumption-ssl]551 server = 1 4-npn-client-switch-resumption-server552 client = 1 4-npn-client-switch-resumption-client553 resume-server = 1 4-npn-client-switch-resumption-server554 resume-client = 1 4-npn-client-switch-resumption-resume-client555 556 [1 4-npn-client-switch-resumption-server]557 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 558 CipherString = DEFAULT 559 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 560 561 [1 4-npn-client-switch-resumption-client]562 CipherString = DEFAULT 563 MaxProtocol = TLSv1.2 564 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 565 VerifyMode = Peer 566 567 [1 4-npn-client-switch-resumption-resume-client]568 CipherString = DEFAULT 569 MaxProtocol = TLSv1.2 570 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 571 VerifyMode = Peer 572 573 [test-1 4]614 [16-npn-client-switch-resumption] 615 ssl_conf = 16-npn-client-switch-resumption-ssl 616 617 [16-npn-client-switch-resumption-ssl] 618 server = 16-npn-client-switch-resumption-server 619 client = 16-npn-client-switch-resumption-client 620 resume-server = 16-npn-client-switch-resumption-server 621 resume-client = 16-npn-client-switch-resumption-resume-client 622 623 [16-npn-client-switch-resumption-server] 624 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 625 CipherString = DEFAULT 626 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 627 628 [16-npn-client-switch-resumption-client] 629 CipherString = DEFAULT 630 MaxProtocol = TLSv1.2 631 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 632 VerifyMode = Peer 633 634 [16-npn-client-switch-resumption-resume-client] 635 CipherString = DEFAULT 636 MaxProtocol = TLSv1.2 637 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 638 VerifyMode = Peer 639 640 [test-16] 574 641 ExpectedNPNProtocol = bar 575 642 HandshakeMode = Resume 576 643 ResumptionExpected = Yes 577 server = 1 4-npn-client-switch-resumption-server-extra578 resume-server = 1 4-npn-client-switch-resumption-server-extra579 client = 1 4-npn-client-switch-resumption-client-extra580 resume-client = 1 4-npn-client-switch-resumption-resume-client-extra581 582 [1 4-npn-client-switch-resumption-server-extra]644 server = 16-npn-client-switch-resumption-server-extra 645 resume-server = 16-npn-client-switch-resumption-server-extra 646 client = 16-npn-client-switch-resumption-client-extra 647 resume-client = 16-npn-client-switch-resumption-resume-client-extra 648 649 [16-npn-client-switch-resumption-server-extra] 583 650 NPNProtocols = foo,bar,baz 584 651 585 [1 4-npn-client-switch-resumption-client-extra]652 [16-npn-client-switch-resumption-client-extra] 586 653 NPNProtocols = foo,baz 587 654 588 [1 4-npn-client-switch-resumption-resume-client-extra]655 [16-npn-client-switch-resumption-resume-client-extra] 589 656 NPNProtocols = bar,baz 590 657 … … 592 659 # =========================================================== 593 660 594 [1 5-npn-client-first-pref-on-mismatch-resumption]595 ssl_conf = 1 5-npn-client-first-pref-on-mismatch-resumption-ssl596 597 [1 5-npn-client-first-pref-on-mismatch-resumption-ssl]598 server = 1 5-npn-client-first-pref-on-mismatch-resumption-server599 client = 1 5-npn-client-first-pref-on-mismatch-resumption-client600 resume-server = 1 5-npn-client-first-pref-on-mismatch-resumption-resume-server601 resume-client = 1 5-npn-client-first-pref-on-mismatch-resumption-client602 603 [1 5-npn-client-first-pref-on-mismatch-resumption-server]604 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 605 CipherString = DEFAULT 606 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 607 608 [1 5-npn-client-first-pref-on-mismatch-resumption-resume-server]609 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 610 CipherString = DEFAULT 611 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 612 613 [1 5-npn-client-first-pref-on-mismatch-resumption-client]614 CipherString = DEFAULT 615 MaxProtocol = TLSv1.2 616 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 617 VerifyMode = Peer 618 619 [test-1 5]661 [17-npn-client-first-pref-on-mismatch-resumption] 662 ssl_conf = 17-npn-client-first-pref-on-mismatch-resumption-ssl 663 664 [17-npn-client-first-pref-on-mismatch-resumption-ssl] 665 server = 17-npn-client-first-pref-on-mismatch-resumption-server 666 client = 17-npn-client-first-pref-on-mismatch-resumption-client 667 resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server 668 resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client 669 670 [17-npn-client-first-pref-on-mismatch-resumption-server] 671 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 672 CipherString = DEFAULT 673 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 674 675 [17-npn-client-first-pref-on-mismatch-resumption-resume-server] 676 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 677 CipherString = DEFAULT 678 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 679 680 [17-npn-client-first-pref-on-mismatch-resumption-client] 681 CipherString = DEFAULT 682 MaxProtocol = TLSv1.2 683 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 684 VerifyMode = Peer 685 686 [test-17] 620 687 ExpectedNPNProtocol = foo 621 688 HandshakeMode = Resume 622 689 ResumptionExpected = Yes 623 server = 1 5-npn-client-first-pref-on-mismatch-resumption-server-extra624 resume-server = 1 5-npn-client-first-pref-on-mismatch-resumption-resume-server-extra625 client = 1 5-npn-client-first-pref-on-mismatch-resumption-client-extra626 resume-client = 1 5-npn-client-first-pref-on-mismatch-resumption-client-extra627 628 [1 5-npn-client-first-pref-on-mismatch-resumption-server-extra]629 NPNProtocols = bar 630 631 [1 5-npn-client-first-pref-on-mismatch-resumption-resume-server-extra]690 server = 17-npn-client-first-pref-on-mismatch-resumption-server-extra 691 resume-server = 17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra 692 client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra 693 resume-client = 17-npn-client-first-pref-on-mismatch-resumption-client-extra 694 695 [17-npn-client-first-pref-on-mismatch-resumption-server-extra] 696 NPNProtocols = bar 697 698 [17-npn-client-first-pref-on-mismatch-resumption-resume-server-extra] 632 699 NPNProtocols = baz 633 700 634 [1 5-npn-client-first-pref-on-mismatch-resumption-client-extra]701 [17-npn-client-first-pref-on-mismatch-resumption-client-extra] 635 702 NPNProtocols = foo,bar 636 703 … … 638 705 # =========================================================== 639 706 640 [1 6-npn-no-server-support-resumption]641 ssl_conf = 1 6-npn-no-server-support-resumption-ssl642 643 [1 6-npn-no-server-support-resumption-ssl]644 server = 1 6-npn-no-server-support-resumption-server645 client = 1 6-npn-no-server-support-resumption-client646 resume-server = 1 6-npn-no-server-support-resumption-resume-server647 resume-client = 1 6-npn-no-server-support-resumption-client648 649 [1 6-npn-no-server-support-resumption-server]650 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 651 CipherString = DEFAULT 652 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 653 654 [1 6-npn-no-server-support-resumption-resume-server]655 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 656 CipherString = DEFAULT 657 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 658 659 [1 6-npn-no-server-support-resumption-client]660 CipherString = DEFAULT 661 MaxProtocol = TLSv1.2 662 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 663 VerifyMode = Peer 664 665 [test-1 6]707 [18-npn-no-server-support-resumption] 708 ssl_conf = 18-npn-no-server-support-resumption-ssl 709 710 [18-npn-no-server-support-resumption-ssl] 711 server = 18-npn-no-server-support-resumption-server 712 client = 18-npn-no-server-support-resumption-client 713 resume-server = 18-npn-no-server-support-resumption-resume-server 714 resume-client = 18-npn-no-server-support-resumption-client 715 716 [18-npn-no-server-support-resumption-server] 717 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 718 CipherString = DEFAULT 719 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 720 721 [18-npn-no-server-support-resumption-resume-server] 722 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 723 CipherString = DEFAULT 724 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 725 726 [18-npn-no-server-support-resumption-client] 727 CipherString = DEFAULT 728 MaxProtocol = TLSv1.2 729 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 730 VerifyMode = Peer 731 732 [test-18] 666 733 HandshakeMode = Resume 667 734 ResumptionExpected = Yes 668 server = 1 6-npn-no-server-support-resumption-server-extra669 client = 1 6-npn-no-server-support-resumption-client-extra670 resume-client = 1 6-npn-no-server-support-resumption-client-extra671 672 [1 6-npn-no-server-support-resumption-server-extra]673 NPNProtocols = foo 674 675 [1 6-npn-no-server-support-resumption-client-extra]676 NPNProtocols = foo 677 678 679 # =========================================================== 680 681 [1 7-npn-no-client-support-resumption]682 ssl_conf = 1 7-npn-no-client-support-resumption-ssl683 684 [1 7-npn-no-client-support-resumption-ssl]685 server = 1 7-npn-no-client-support-resumption-server686 client = 1 7-npn-no-client-support-resumption-client687 resume-server = 1 7-npn-no-client-support-resumption-server688 resume-client = 1 7-npn-no-client-support-resumption-resume-client689 690 [1 7-npn-no-client-support-resumption-server]691 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 692 CipherString = DEFAULT 693 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 694 695 [1 7-npn-no-client-support-resumption-client]696 CipherString = DEFAULT 697 MaxProtocol = TLSv1.2 698 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 699 VerifyMode = Peer 700 701 [1 7-npn-no-client-support-resumption-resume-client]702 CipherString = DEFAULT 703 MaxProtocol = TLSv1.2 704 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 705 VerifyMode = Peer 706 707 [test-1 7]735 server = 18-npn-no-server-support-resumption-server-extra 736 client = 18-npn-no-server-support-resumption-client-extra 737 resume-client = 18-npn-no-server-support-resumption-client-extra 738 739 [18-npn-no-server-support-resumption-server-extra] 740 NPNProtocols = foo 741 742 [18-npn-no-server-support-resumption-client-extra] 743 NPNProtocols = foo 744 745 746 # =========================================================== 747 748 [19-npn-no-client-support-resumption] 749 ssl_conf = 19-npn-no-client-support-resumption-ssl 750 751 [19-npn-no-client-support-resumption-ssl] 752 server = 19-npn-no-client-support-resumption-server 753 client = 19-npn-no-client-support-resumption-client 754 resume-server = 19-npn-no-client-support-resumption-server 755 resume-client = 19-npn-no-client-support-resumption-resume-client 756 757 [19-npn-no-client-support-resumption-server] 758 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 759 CipherString = DEFAULT 760 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 761 762 [19-npn-no-client-support-resumption-client] 763 CipherString = DEFAULT 764 MaxProtocol = TLSv1.2 765 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 766 VerifyMode = Peer 767 768 [19-npn-no-client-support-resumption-resume-client] 769 CipherString = DEFAULT 770 MaxProtocol = TLSv1.2 771 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 772 VerifyMode = Peer 773 774 [test-19] 708 775 HandshakeMode = Resume 709 776 ResumptionExpected = Yes 710 server = 1 7-npn-no-client-support-resumption-server-extra711 resume-server = 1 7-npn-no-client-support-resumption-server-extra712 client = 1 7-npn-no-client-support-resumption-client-extra713 714 [1 7-npn-no-client-support-resumption-server-extra]715 NPNProtocols = foo 716 717 [1 7-npn-no-client-support-resumption-client-extra]718 NPNProtocols = foo 719 720 721 # =========================================================== 722 723 [ 18-alpn-preferred-over-npn-resumption]724 ssl_conf = 18-alpn-preferred-over-npn-resumption-ssl725 726 [ 18-alpn-preferred-over-npn-resumption-ssl]727 server = 18-alpn-preferred-over-npn-resumption-server728 client = 18-alpn-preferred-over-npn-resumption-client729 resume-server = 18-alpn-preferred-over-npn-resumption-resume-server730 resume-client = 18-alpn-preferred-over-npn-resumption-client731 732 [ 18-alpn-preferred-over-npn-resumption-server]733 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 734 CipherString = DEFAULT 735 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 736 737 [ 18-alpn-preferred-over-npn-resumption-resume-server]738 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 739 CipherString = DEFAULT 740 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 741 742 [ 18-alpn-preferred-over-npn-resumption-client]743 CipherString = DEFAULT 744 MaxProtocol = TLSv1.2 745 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 746 VerifyMode = Peer 747 748 [test- 18]777 server = 19-npn-no-client-support-resumption-server-extra 778 resume-server = 19-npn-no-client-support-resumption-server-extra 779 client = 19-npn-no-client-support-resumption-client-extra 780 781 [19-npn-no-client-support-resumption-server-extra] 782 NPNProtocols = foo 783 784 [19-npn-no-client-support-resumption-client-extra] 785 NPNProtocols = foo 786 787 788 # =========================================================== 789 790 [20-alpn-preferred-over-npn-resumption] 791 ssl_conf = 20-alpn-preferred-over-npn-resumption-ssl 792 793 [20-alpn-preferred-over-npn-resumption-ssl] 794 server = 20-alpn-preferred-over-npn-resumption-server 795 client = 20-alpn-preferred-over-npn-resumption-client 796 resume-server = 20-alpn-preferred-over-npn-resumption-resume-server 797 resume-client = 20-alpn-preferred-over-npn-resumption-client 798 799 [20-alpn-preferred-over-npn-resumption-server] 800 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 801 CipherString = DEFAULT 802 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 803 804 [20-alpn-preferred-over-npn-resumption-resume-server] 805 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 806 CipherString = DEFAULT 807 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 808 809 [20-alpn-preferred-over-npn-resumption-client] 810 CipherString = DEFAULT 811 MaxProtocol = TLSv1.2 812 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 813 VerifyMode = Peer 814 815 [test-20] 749 816 ExpectedALPNProtocol = foo 750 817 HandshakeMode = Resume 751 818 ResumptionExpected = Yes 752 server = 18-alpn-preferred-over-npn-resumption-server-extra753 resume-server = 18-alpn-preferred-over-npn-resumption-resume-server-extra754 client = 18-alpn-preferred-over-npn-resumption-client-extra755 resume-client = 18-alpn-preferred-over-npn-resumption-client-extra756 757 [ 18-alpn-preferred-over-npn-resumption-server-extra]758 NPNProtocols = bar 759 760 [ 18-alpn-preferred-over-npn-resumption-resume-server-extra]819 server = 20-alpn-preferred-over-npn-resumption-server-extra 820 resume-server = 20-alpn-preferred-over-npn-resumption-resume-server-extra 821 client = 20-alpn-preferred-over-npn-resumption-client-extra 822 resume-client = 20-alpn-preferred-over-npn-resumption-client-extra 823 824 [20-alpn-preferred-over-npn-resumption-server-extra] 825 NPNProtocols = bar 826 827 [20-alpn-preferred-over-npn-resumption-resume-server-extra] 761 828 ALPNProtocols = foo 762 829 NPNProtocols = baz 763 830 764 [ 18-alpn-preferred-over-npn-resumption-client-extra]831 [20-alpn-preferred-over-npn-resumption-client-extra] 765 832 ALPNProtocols = foo 766 833 NPNProtocols = bar,baz … … 769 836 # =========================================================== 770 837 771 [ 19-npn-used-if-alpn-not-supported-resumption]772 ssl_conf = 19-npn-used-if-alpn-not-supported-resumption-ssl773 774 [ 19-npn-used-if-alpn-not-supported-resumption-ssl]775 server = 19-npn-used-if-alpn-not-supported-resumption-server776 client = 19-npn-used-if-alpn-not-supported-resumption-client777 resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server778 resume-client = 19-npn-used-if-alpn-not-supported-resumption-client779 780 [ 19-npn-used-if-alpn-not-supported-resumption-server]781 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 782 CipherString = DEFAULT 783 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 784 785 [ 19-npn-used-if-alpn-not-supported-resumption-resume-server]786 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 787 CipherString = DEFAULT 788 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 789 790 [ 19-npn-used-if-alpn-not-supported-resumption-client]791 CipherString = DEFAULT 792 MaxProtocol = TLSv1.2 793 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 794 VerifyMode = Peer 795 796 [test- 19]838 [21-npn-used-if-alpn-not-supported-resumption] 839 ssl_conf = 21-npn-used-if-alpn-not-supported-resumption-ssl 840 841 [21-npn-used-if-alpn-not-supported-resumption-ssl] 842 server = 21-npn-used-if-alpn-not-supported-resumption-server 843 client = 21-npn-used-if-alpn-not-supported-resumption-client 844 resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server 845 resume-client = 21-npn-used-if-alpn-not-supported-resumption-client 846 847 [21-npn-used-if-alpn-not-supported-resumption-server] 848 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 849 CipherString = DEFAULT 850 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 851 852 [21-npn-used-if-alpn-not-supported-resumption-resume-server] 853 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 854 CipherString = DEFAULT 855 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 856 857 [21-npn-used-if-alpn-not-supported-resumption-client] 858 CipherString = DEFAULT 859 MaxProtocol = TLSv1.2 860 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 861 VerifyMode = Peer 862 863 [test-21] 797 864 ExpectedNPNProtocol = baz 798 865 HandshakeMode = Resume 799 866 ResumptionExpected = Yes 800 server = 19-npn-used-if-alpn-not-supported-resumption-server-extra801 resume-server = 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra802 client = 19-npn-used-if-alpn-not-supported-resumption-client-extra803 resume-client = 19-npn-used-if-alpn-not-supported-resumption-client-extra804 805 [ 19-npn-used-if-alpn-not-supported-resumption-server-extra]867 server = 21-npn-used-if-alpn-not-supported-resumption-server-extra 868 resume-server = 21-npn-used-if-alpn-not-supported-resumption-resume-server-extra 869 client = 21-npn-used-if-alpn-not-supported-resumption-client-extra 870 resume-client = 21-npn-used-if-alpn-not-supported-resumption-client-extra 871 872 [21-npn-used-if-alpn-not-supported-resumption-server-extra] 806 873 ALPNProtocols = foo 807 874 NPNProtocols = bar 808 875 809 [ 19-npn-used-if-alpn-not-supported-resumption-resume-server-extra]876 [21-npn-used-if-alpn-not-supported-resumption-resume-server-extra] 810 877 NPNProtocols = baz 811 878 812 [ 19-npn-used-if-alpn-not-supported-resumption-client-extra]879 [21-npn-used-if-alpn-not-supported-resumption-client-extra] 813 880 ALPNProtocols = foo 814 881 NPNProtocols = bar,baz -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/08-npn.cnf.in
r104078 r105945 1 1 # -*- mode: perl; -*- 2 # Copyright 2016-202 0The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 112 112 }, 113 113 { 114 name => "npn-empty-client-list", 115 server => { 116 extra => { 117 "NPNProtocols" => "foo", 118 }, 119 }, 120 client => { 121 extra => { 122 "NPNProtocols" => "", 123 }, 124 "MaxProtocol" => "TLSv1.2" 125 }, 126 test => { 127 "ExpectedResult" => "ClientFail", 128 "ExpectedClientAlert" => "HandshakeFailure" 129 }, 130 }, 131 { 132 name => "npn-empty-server-list", 133 server => { 134 extra => { 135 "NPNProtocols" => "", 136 }, 137 }, 138 client => { 139 extra => { 140 "NPNProtocols" => "foo", 141 }, 142 "MaxProtocol" => "TLSv1.2" 143 }, 144 test => { 145 "ExpectedNPNProtocol" => "foo" 146 }, 147 }, 148 { 114 149 name => "npn-with-sni-no-context-switch", 115 150 server => { -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/09-alpn.cnf
r104078 r105945 1 1 # Generated with generate_ssl_tests.pl 2 2 3 num_tests = 1 63 num_tests = 18 4 4 5 5 test-0 = 0-alpn-simple … … 19 19 test-14 = 14-alpn-no-server-support-resumption 20 20 test-15 = 15-alpn-no-client-support-resumption 21 test-16 = 16-alpn-empty-client-list 22 test-17 = 17-alpn-empty-server-list 21 23 # =========================================================== 22 24 … … 618 620 619 621 622 # =========================================================== 623 624 [16-alpn-empty-client-list] 625 ssl_conf = 16-alpn-empty-client-list-ssl 626 627 [16-alpn-empty-client-list-ssl] 628 server = 16-alpn-empty-client-list-server 629 client = 16-alpn-empty-client-list-client 630 631 [16-alpn-empty-client-list-server] 632 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 633 CipherString = DEFAULT 634 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 635 636 [16-alpn-empty-client-list-client] 637 CipherString = DEFAULT 638 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 639 VerifyMode = Peer 640 641 [test-16] 642 server = 16-alpn-empty-client-list-server-extra 643 client = 16-alpn-empty-client-list-client-extra 644 645 [16-alpn-empty-client-list-server-extra] 646 ALPNProtocols = foo 647 648 [16-alpn-empty-client-list-client-extra] 649 ALPNProtocols = 650 651 652 # =========================================================== 653 654 [17-alpn-empty-server-list] 655 ssl_conf = 17-alpn-empty-server-list-ssl 656 657 [17-alpn-empty-server-list-ssl] 658 server = 17-alpn-empty-server-list-server 659 client = 17-alpn-empty-server-list-client 660 661 [17-alpn-empty-server-list-server] 662 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 663 CipherString = DEFAULT 664 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 665 666 [17-alpn-empty-server-list-client] 667 CipherString = DEFAULT 668 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 669 VerifyMode = Peer 670 671 [test-17] 672 ExpectedResult = ServerFail 673 ExpectedServerAlert = NoApplicationProtocol 674 server = 17-alpn-empty-server-list-server-extra 675 client = 17-alpn-empty-server-list-client-extra 676 677 [17-alpn-empty-server-list-server-extra] 678 ALPNProtocols = 679 680 [17-alpn-empty-server-list-client-extra] 681 ALPNProtocols = foo 682 683 -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/09-alpn.cnf.in
r104078 r105945 1 1 # -*- mode: perl; -*- 2 # Copyright 2016-202 0The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 323 323 }, 324 324 }, 325 { 326 name => "alpn-empty-client-list", 327 server => { 328 extra => { 329 "ALPNProtocols" => "foo", 330 }, 331 }, 332 client => { 333 extra => { 334 "ALPNProtocols" => "", 335 }, 336 }, 337 test => { 338 "ExpectedALPNProtocol" => undef, 339 }, 340 }, 341 { 342 name => "alpn-empty-server-list", 343 server => { 344 extra => { 345 "ALPNProtocols" => "", 346 }, 347 }, 348 client => { 349 extra => { 350 "ALPNProtocols" => "foo", 351 }, 352 }, 353 test => { 354 "ExpectedResult" => "ServerFail", 355 "ExpectedServerAlert" => "NoApplicationProtocol", 356 }, 357 }, 325 358 ); -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/14-curves.cnf.in
r104078 r105945 13 13 our $fips_mode; 14 14 15 my @curves = ("prime256v1", "secp384r1", "secp521r1", "X25519", 16 "X448"); 15 my @curves = ("prime256v1", "secp384r1", "secp521r1"); 16 17 my @curves_no_fips = ("X25519", "X448"); 18 19 push @curves, @curves_no_fips if !$fips_mode; 17 20 18 21 #Curves *only* suitable for use in TLSv1.3 -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/20-cert-select.cnf
r104078 r105945 20 20 test-15 = 15-Ed25519 CipherString and Signature Algorithm Selection 21 21 test-16 = 16-Ed448 CipherString and Signature Algorithm Selection 22 test-17 = 17- Ed25519 CipherString and Curves Selection23 test-18 = 18- Ed448 CipherString and Curves Selection24 test-19 = 19- TLS 1.2 Ed25519 Client Auth25 test-20 = 20- TLS 1.2 Ed448 Client Auth26 test-21 = 21-E CDSA Signature Algorithm Selection SHA127 test-22 = 22-E CDSA with brainpool22 test-17 = 17-TLS 1.2 Ed25519 Client Auth 23 test-18 = 18-TLS 1.2 Ed448 Client Auth 24 test-19 = 19-ECDSA Signature Algorithm Selection SHA1 25 test-20 = 20-ECDSA with brainpool 26 test-21 = 21-Ed25519 CipherString and Curves Selection 27 test-22 = 22-Ed448 CipherString and Curves Selection 28 28 test-23 = 23-RSA-PSS Certificate CipherString Selection 29 29 test-24 = 24-RSA-PSS Certificate Legacy Signature Algorithm Selection … … 603 603 # =========================================================== 604 604 605 [17-Ed25519 CipherString and Curves Selection] 606 ssl_conf = 17-Ed25519 CipherString and Curves Selection-ssl 607 608 [17-Ed25519 CipherString and Curves Selection-ssl] 609 server = 17-Ed25519 CipherString and Curves Selection-server 610 client = 17-Ed25519 CipherString and Curves Selection-client 611 612 [17-Ed25519 CipherString and Curves Selection-server] 613 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 614 CipherString = DEFAULT 615 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 616 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 617 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 618 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 619 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 620 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 621 MaxProtocol = TLSv1.2 622 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 623 624 [17-Ed25519 CipherString and Curves Selection-client] 625 CipherString = aECDSA 626 Curves = X25519 627 MaxProtocol = TLSv1.2 628 SignatureAlgorithms = ECDSA+SHA256:ed25519 629 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 630 VerifyMode = Peer 631 632 [test-17] 633 ExpectedResult = Success 634 ExpectedServerCertType = Ed25519 635 ExpectedServerSignType = Ed25519 636 637 638 # =========================================================== 639 640 [18-Ed448 CipherString and Curves Selection] 641 ssl_conf = 18-Ed448 CipherString and Curves Selection-ssl 642 643 [18-Ed448 CipherString and Curves Selection-ssl] 644 server = 18-Ed448 CipherString and Curves Selection-server 645 client = 18-Ed448 CipherString and Curves Selection-client 646 647 [18-Ed448 CipherString and Curves Selection-server] 648 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 649 CipherString = DEFAULT 650 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 651 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 652 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 653 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 654 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 655 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 656 MaxProtocol = TLSv1.2 657 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 658 659 [18-Ed448 CipherString and Curves Selection-client] 660 CipherString = aECDSA 661 Curves = X448 662 MaxProtocol = TLSv1.2 663 SignatureAlgorithms = ECDSA+SHA256:ed448 664 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 665 VerifyMode = Peer 666 667 [test-18] 668 ExpectedResult = Success 669 ExpectedServerCertType = Ed448 670 ExpectedServerSignType = Ed448 671 672 673 # =========================================================== 674 675 [19-TLS 1.2 Ed25519 Client Auth] 676 ssl_conf = 19-TLS 1.2 Ed25519 Client Auth-ssl 677 678 [19-TLS 1.2 Ed25519 Client Auth-ssl] 679 server = 19-TLS 1.2 Ed25519 Client Auth-server 680 client = 19-TLS 1.2 Ed25519 Client Auth-client 681 682 [19-TLS 1.2 Ed25519 Client Auth-server] 605 [17-TLS 1.2 Ed25519 Client Auth] 606 ssl_conf = 17-TLS 1.2 Ed25519 Client Auth-ssl 607 608 [17-TLS 1.2 Ed25519 Client Auth-ssl] 609 server = 17-TLS 1.2 Ed25519 Client Auth-server 610 client = 17-TLS 1.2 Ed25519 Client Auth-client 611 612 [17-TLS 1.2 Ed25519 Client Auth-server] 683 613 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 684 614 CipherString = DEFAULT … … 687 617 VerifyMode = Require 688 618 689 [1 9-TLS 1.2 Ed25519 Client Auth-client]619 [17-TLS 1.2 Ed25519 Client Auth-client] 690 620 CipherString = DEFAULT 691 621 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed25519-cert.pem … … 696 626 VerifyMode = Peer 697 627 698 [test-1 9]628 [test-17] 699 629 ExpectedClientCertType = Ed25519 700 630 ExpectedClientSignType = Ed25519 … … 704 634 # =========================================================== 705 635 706 [ 20-TLS 1.2 Ed448 Client Auth]707 ssl_conf = 20-TLS 1.2 Ed448 Client Auth-ssl708 709 [ 20-TLS 1.2 Ed448 Client Auth-ssl]710 server = 20-TLS 1.2 Ed448 Client Auth-server711 client = 20-TLS 1.2 Ed448 Client Auth-client712 713 [ 20-TLS 1.2 Ed448 Client Auth-server]636 [18-TLS 1.2 Ed448 Client Auth] 637 ssl_conf = 18-TLS 1.2 Ed448 Client Auth-ssl 638 639 [18-TLS 1.2 Ed448 Client Auth-ssl] 640 server = 18-TLS 1.2 Ed448 Client Auth-server 641 client = 18-TLS 1.2 Ed448 Client Auth-client 642 643 [18-TLS 1.2 Ed448 Client Auth-server] 714 644 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 715 645 CipherString = DEFAULT … … 718 648 VerifyMode = Require 719 649 720 [ 20-TLS 1.2 Ed448 Client Auth-client]650 [18-TLS 1.2 Ed448 Client Auth-client] 721 651 CipherString = DEFAULT 722 652 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/client-ed448-cert.pem … … 727 657 VerifyMode = Peer 728 658 729 [test- 20]659 [test-18] 730 660 ExpectedClientCertType = Ed448 731 661 ExpectedClientSignType = Ed448 … … 735 665 # =========================================================== 736 666 737 [ 21-ECDSA Signature Algorithm Selection SHA1]738 ssl_conf = 21-ECDSA Signature Algorithm Selection SHA1-ssl739 740 [ 21-ECDSA Signature Algorithm Selection SHA1-ssl]741 server = 21-ECDSA Signature Algorithm Selection SHA1-server742 client = 21-ECDSA Signature Algorithm Selection SHA1-client743 744 [ 21-ECDSA Signature Algorithm Selection SHA1-server]667 [19-ECDSA Signature Algorithm Selection SHA1] 668 ssl_conf = 19-ECDSA Signature Algorithm Selection SHA1-ssl 669 670 [19-ECDSA Signature Algorithm Selection SHA1-ssl] 671 server = 19-ECDSA Signature Algorithm Selection SHA1-server 672 client = 19-ECDSA Signature Algorithm Selection SHA1-client 673 674 [19-ECDSA Signature Algorithm Selection SHA1-server] 745 675 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 746 676 CipherString = DEFAULT:@SECLEVEL=0 … … 754 684 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 755 685 756 [ 21-ECDSA Signature Algorithm Selection SHA1-client]686 [19-ECDSA Signature Algorithm Selection SHA1-client] 757 687 CipherString = DEFAULT:@SECLEVEL=0 758 688 SignatureAlgorithms = ECDSA+SHA1 … … 760 690 VerifyMode = Peer 761 691 762 [test- 21]692 [test-19] 763 693 ExpectedResult = Success 764 694 ExpectedServerCertType = P-256 … … 769 699 # =========================================================== 770 700 771 [2 2-ECDSA with brainpool]772 ssl_conf = 2 2-ECDSA with brainpool-ssl773 774 [2 2-ECDSA with brainpool-ssl]775 server = 2 2-ECDSA with brainpool-server776 client = 2 2-ECDSA with brainpool-client777 778 [2 2-ECDSA with brainpool-server]701 [20-ECDSA with brainpool] 702 ssl_conf = 20-ECDSA with brainpool-ssl 703 704 [20-ECDSA with brainpool-ssl] 705 server = 20-ECDSA with brainpool-server 706 client = 20-ECDSA with brainpool-client 707 708 [20-ECDSA with brainpool-server] 779 709 Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-cert.pem 780 710 CipherString = DEFAULT … … 782 712 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-brainpoolP256r1-key.pem 783 713 784 [2 2-ECDSA with brainpool-client]714 [20-ECDSA with brainpool-client] 785 715 CipherString = aECDSA 786 716 Groups = brainpoolP256r1 … … 790 720 VerifyMode = Peer 791 721 792 [test-2 2]722 [test-20] 793 723 ExpectedResult = Success 794 724 ExpectedServerCANames = empty 795 725 ExpectedServerCertType = brainpoolP256r1 796 726 ExpectedServerSignType = EC 727 728 729 # =========================================================== 730 731 [21-Ed25519 CipherString and Curves Selection] 732 ssl_conf = 21-Ed25519 CipherString and Curves Selection-ssl 733 734 [21-Ed25519 CipherString and Curves Selection-ssl] 735 server = 21-Ed25519 CipherString and Curves Selection-server 736 client = 21-Ed25519 CipherString and Curves Selection-client 737 738 [21-Ed25519 CipherString and Curves Selection-server] 739 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 740 CipherString = DEFAULT 741 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 742 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 743 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 744 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 745 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 746 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 747 MaxProtocol = TLSv1.2 748 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 749 750 [21-Ed25519 CipherString and Curves Selection-client] 751 CipherString = aECDSA 752 Curves = X25519 753 MaxProtocol = TLSv1.2 754 SignatureAlgorithms = ECDSA+SHA256:ed25519 755 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem 756 VerifyMode = Peer 757 758 [test-21] 759 ExpectedResult = Success 760 ExpectedServerCertType = Ed25519 761 ExpectedServerSignType = Ed25519 762 763 764 # =========================================================== 765 766 [22-Ed448 CipherString and Curves Selection] 767 ssl_conf = 22-Ed448 CipherString and Curves Selection-ssl 768 769 [22-Ed448 CipherString and Curves Selection-ssl] 770 server = 22-Ed448 CipherString and Curves Selection-server 771 client = 22-Ed448 CipherString and Curves Selection-client 772 773 [22-Ed448 CipherString and Curves Selection-server] 774 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem 775 CipherString = DEFAULT 776 ECDSA.Certificate = ${ENV::TEST_CERTS_DIR}/server-ecdsa-cert.pem 777 ECDSA.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ecdsa-key.pem 778 Ed25519.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed25519-cert.pem 779 Ed25519.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed25519-key.pem 780 Ed448.Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem 781 Ed448.PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem 782 MaxProtocol = TLSv1.2 783 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem 784 785 [22-Ed448 CipherString and Curves Selection-client] 786 CipherString = aECDSA 787 Curves = X448 788 MaxProtocol = TLSv1.2 789 SignatureAlgorithms = ECDSA+SHA256:ed448 790 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem 791 VerifyMode = Peer 792 793 [test-22] 794 ExpectedResult = Success 795 ExpectedServerCertType = Ed448 796 ExpectedServerSignType = Ed448 797 797 798 798 -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/20-cert-select.cnf.in
r104078 r105945 330 330 }, 331 331 { 332 name => "Ed25519 CipherString and Curves Selection",333 server => $server,334 client => {335 "CipherString" => "aECDSA",336 "MaxProtocol" => "TLSv1.2",337 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519",338 # Excluding P-256 from the supported curves list means server339 # certificate should be Ed25519 and not P-256340 "Curves" => "X25519"341 },342 test => {343 "ExpectedServerCertType" =>, "Ed25519",344 "ExpectedServerSignType" =>, "Ed25519",345 "ExpectedResult" => "Success"346 },347 },348 {349 name => "Ed448 CipherString and Curves Selection",350 server => $server,351 client => {352 "CipherString" => "aECDSA",353 "MaxProtocol" => "TLSv1.2",354 "SignatureAlgorithms" => "ECDSA+SHA256:ed448",355 "VerifyCAFile" => test_pem("root-ed448-cert.pem"),356 # Excluding P-256 from the supported curves list means server357 # certificate should be Ed25519 and not P-256358 "Curves" => "X448"359 },360 test => {361 "ExpectedServerCertType" =>, "Ed448",362 "ExpectedServerSignType" =>, "Ed448",363 "ExpectedResult" => "Success"364 },365 },366 {367 332 name => "TLS 1.2 Ed25519 Client Auth", 368 333 server => { … … 444 409 # Note: certificate_authorities not sent for TLS < 1.3 445 410 "ExpectedServerCANames" =>, "empty", 411 "ExpectedResult" => "Success" 412 }, 413 }, 414 { 415 name => "Ed25519 CipherString and Curves Selection", 416 server => $server, 417 client => { 418 "CipherString" => "aECDSA", 419 "MaxProtocol" => "TLSv1.2", 420 "SignatureAlgorithms" => "ECDSA+SHA256:ed25519", 421 # Excluding P-256 from the supported curves list means server 422 # certificate should be Ed25519 and not P-256 423 "Curves" => "X25519" 424 }, 425 test => { 426 "ExpectedServerCertType" =>, "Ed25519", 427 "ExpectedServerSignType" =>, "Ed25519", 428 "ExpectedResult" => "Success" 429 }, 430 }, 431 { 432 name => "Ed448 CipherString and Curves Selection", 433 server => $server, 434 client => { 435 "CipherString" => "aECDSA", 436 "MaxProtocol" => "TLSv1.2", 437 "SignatureAlgorithms" => "ECDSA+SHA256:ed448", 438 "VerifyCAFile" => test_pem("root-ed448-cert.pem"), 439 # Excluding P-256 from the supported curves list means server 440 # certificate should be Ed25519 and not P-256 441 "Curves" => "X448" 442 }, 443 test => { 444 "ExpectedServerCertType" =>, "Ed448", 445 "ExpectedServerSignType" =>, "Ed448", 446 446 "ExpectedResult" => "Success" 447 447 }, -
trunk/src/libs/openssl-3.1.7/test/ssl-tests/28-seclevel.cnf.in
r104078 r105945 1 1 # -*- mode: perl; -*- 2 # Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 # Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 # 4 4 # Licensed under the Apache License 2.0 (the "License"). You may not use … … 57 57 "VerifyCAFile" => test_pem("root-ed448-cert.pem") }, 58 58 test => { "ExpectedResult" => "ServerFail" }, 59 }, 59 } 60 ); 61 62 our @tests_ec_non_fips = ( 60 63 { 61 64 name => "SECLEVEL 3 with P-384 key, X25519 ECDHE", … … 82 85 ); 83 86 87 push @tests_ec, @tests_ec_non_fips unless $fips_mode; 84 88 push @tests, @tests_ec unless disabled("ec"); 85 89 push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); -
trunk/src/libs/openssl-3.1.7/test/sslapitest.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 3The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 2410 2410 } 2411 2411 2412 2413 2412 #ifndef OSSL_NO_USABLE_TLS1_3 2414 2413 static SSL_SESSION *sesscache[6]; … … 3498 3497 } 3499 3498 3499 static int check_early_data_timeout(time_t timer) 3500 { 3501 int res = 0; 3502 3503 /* 3504 * Early data is time sensitive. We have an approx 8 second allowance 3505 * between writing the early data and reading it. If we exceed that time 3506 * then this test will fail. This can sometimes (rarely) occur in normal CI 3507 * operation. We can try and detect this and just ignore the result of this 3508 * test if it has taken too long. We assume anything over 7 seconds is too 3509 * long 3510 */ 3511 timer = time(NULL) - timer; 3512 if (timer >= 7) 3513 res = TEST_skip("Test took too long, ignoring result"); 3514 3515 return res; 3516 } 3517 3500 3518 static int test_early_data_read_write(int idx) 3501 3519 { … … 3507 3525 size_t readbytes, written, eoedlen, rawread, rawwritten; 3508 3526 BIO *rbio; 3527 time_t timer; 3509 3528 3510 3529 if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, … … 3514 3533 3515 3534 /* Write and read some early data */ 3535 timer = time(NULL); 3516 3536 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), 3517 3537 &written)) 3518 || !TEST_size_t_eq(written, strlen(MSG1)) 3519 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, 3520 sizeof(buf), &readbytes), 3521 SSL_READ_EARLY_DATA_SUCCESS) 3522 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) 3538 || !TEST_size_t_eq(written, strlen(MSG1))) 3539 goto end; 3540 3541 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), 3542 &readbytes), 3543 SSL_READ_EARLY_DATA_SUCCESS)) { 3544 testresult = check_early_data_timeout(timer); 3545 goto end; 3546 } 3547 3548 if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) 3523 3549 || !TEST_int_eq(SSL_get_early_data_status(serverssl), 3524 3550 SSL_EARLY_DATA_ACCEPTED)) … … 3737 3763 size_t readbytes, written; 3738 3764 unsigned char buf[20]; 3765 time_t timer; 3739 3766 3740 3767 allow_ed_cb_called = 0; … … 3791 3818 3792 3819 /* Write and read some early data */ 3820 timer = time(NULL); 3793 3821 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), 3794 3822 &written)) … … 3811 3839 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), 3812 3840 &readbytes), 3813 SSL_READ_EARLY_DATA_SUCCESS) 3814 || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) 3841 SSL_READ_EARLY_DATA_SUCCESS)) { 3842 testresult = check_early_data_timeout(timer); 3843 goto end; 3844 } 3845 if (!TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) 3815 3846 /* 3816 3847 * Server will have sent its flight so client can now send … … 3915 3946 goto end; 3916 3947 #else 3917 if (!TEST_true(SSL_set1_groups_list(serverssl, "P- 256")))3948 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384"))) 3918 3949 goto end; 3919 3950 #endif … … 4329 4360 goto end; 4330 4361 } else { 4362 time_t timer = time(NULL); 4363 4331 4364 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), 4332 4365 &written))) … … 4334 4367 4335 4368 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), 4336 &readbytes), readearlyres) 4337 || (readearlyres == SSL_READ_EARLY_DATA_SUCCESS 4369 &readbytes), readearlyres)) { 4370 testresult = check_early_data_timeout(timer); 4371 goto end; 4372 } 4373 4374 if ((readearlyres == SSL_READ_EARLY_DATA_SUCCESS 4338 4375 && !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))) 4339 4376 || !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus) … … 4373 4410 size_t readbytes, written; 4374 4411 const SSL_CIPHER *cipher; 4412 time_t timer; 4375 4413 const char *cipher_str[] = { 4376 4414 TLS1_3_RFC_AES_128_GCM_SHA256, … … 4424 4462 4425 4463 SSL_set_connect_state(clientssl); 4464 timer = time(NULL); 4426 4465 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), 4427 4466 &written))) … … 4430 4469 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), 4431 4470 &readbytes), 4432 SSL_READ_EARLY_DATA_SUCCESS) 4433 || !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) 4471 SSL_READ_EARLY_DATA_SUCCESS)) { 4472 testresult = check_early_data_timeout(timer); 4473 goto end; 4474 } 4475 4476 if (!TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)) 4434 4477 || !TEST_int_eq(SSL_get_early_data_status(serverssl), 4435 4478 SSL_EARLY_DATA_ACCEPTED) … … 4872 4915 break; 4873 4916 case 4: 4917 if (is_fips) 4918 return TEST_skip("X25519 might not be supported by fips provider."); 4874 4919 kexch_alg = NID_X25519; 4875 4920 kexch_name0 = "x25519"; 4876 4921 break; 4877 4922 case 5: 4923 if (is_fips) 4924 return TEST_skip("X448 might not be supported by fips provider."); 4878 4925 kexch_alg = NID_X448; 4879 4926 kexch_name0 = "x448"; … … 5090 5137 expectednid = kexch_alg; 5091 5138 5139 if (is_fips && (kexch_alg == NID_X25519 || kexch_alg == NID_X448)) 5140 return TEST_skip("X25519 and X448 might not be available in fips provider."); 5141 5092 5142 if (!istls13) 5093 5143 max_version = TLS1_2_VERSION; … … 5511 5561 goto end; 5512 5562 #else 5513 if (!TEST_true(SSL_set1_groups_list(serverssl, "P- 256")))5563 if (!TEST_true(SSL_set1_groups_list(serverssl, "P-384"))) 5514 5564 goto end; 5515 5565 #endif … … 7475 7525 size_t written, readbytes; 7476 7526 unsigned char buf[80]; 7527 time_t timer; 7477 7528 7478 7529 /* early_data tests */ … … 7489 7540 7490 7541 /* Write and read some early data and then complete the connection */ 7542 timer = time(NULL); 7491 7543 if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), 7492 7544 &written)) 7493 || !TEST_size_t_eq(written, strlen(MSG1)) 7494 || !TEST_int_eq(SSL_read_early_data(serverssl, buf, 7495 sizeof(buf), &readbytes), 7496 SSL_READ_EARLY_DATA_SUCCESS) 7497 || !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) 7545 || !TEST_size_t_eq(written, strlen(MSG1))) 7546 goto end; 7547 7548 if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, 7549 sizeof(buf), &readbytes), 7550 SSL_READ_EARLY_DATA_SUCCESS)) { 7551 testresult = check_early_data_timeout(timer); 7552 goto end; 7553 } 7554 7555 if (!TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1)) 7498 7556 || !TEST_int_eq(SSL_get_early_data_status(serverssl), 7499 7557 SSL_EARLY_DATA_ACCEPTED) … … 8963 9021 8964 9022 /* 9023 * Test that a session cache overflow works as expected 9024 * Test 0: TLSv1.3, timeout on new session later than old session 9025 * Test 1: TLSv1.2, timeout on new session later than old session 9026 * Test 2: TLSv1.3, timeout on new session earlier than old session 9027 * Test 3: TLSv1.2, timeout on new session earlier than old session 9028 */ 9029 #if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) 9030 static int test_session_cache_overflow(int idx) 9031 { 9032 SSL_CTX *sctx = NULL, *cctx = NULL; 9033 SSL *serverssl = NULL, *clientssl = NULL; 9034 int testresult = 0; 9035 SSL_SESSION *sess = NULL; 9036 9037 #ifdef OSSL_NO_USABLE_TLS1_3 9038 /* If no TLSv1.3 available then do nothing in this case */ 9039 if (idx % 2 == 0) 9040 return TEST_skip("No TLSv1.3 available"); 9041 #endif 9042 #ifdef OPENSSL_NO_TLS1_2 9043 /* If no TLSv1.2 available then do nothing in this case */ 9044 if (idx % 2 == 1) 9045 return TEST_skip("No TLSv1.2 available"); 9046 #endif 9047 9048 if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), 9049 TLS_client_method(), TLS1_VERSION, 9050 (idx % 2 == 0) ? TLS1_3_VERSION 9051 : TLS1_2_VERSION, 9052 &sctx, &cctx, cert, privkey)) 9053 || !TEST_true(SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET))) 9054 goto end; 9055 9056 SSL_CTX_sess_set_get_cb(sctx, get_session_cb); 9057 get_sess_val = NULL; 9058 9059 SSL_CTX_sess_set_cache_size(sctx, 1); 9060 9061 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, 9062 NULL, NULL))) 9063 goto end; 9064 9065 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) 9066 goto end; 9067 9068 if (idx > 1) { 9069 sess = SSL_get_session(serverssl); 9070 if (!TEST_ptr(sess)) 9071 goto end; 9072 9073 /* 9074 * Cause this session to have a longer timeout than the next session to 9075 * be added. 9076 */ 9077 if (!TEST_true(SSL_SESSION_set_timeout(sess, LONG_MAX / 2))) { 9078 sess = NULL; 9079 goto end; 9080 } 9081 sess = NULL; 9082 } 9083 9084 SSL_shutdown(serverssl); 9085 SSL_shutdown(clientssl); 9086 SSL_free(serverssl); 9087 SSL_free(clientssl); 9088 serverssl = clientssl = NULL; 9089 9090 /* 9091 * Session cache size is 1 and we already populated the cache with a session 9092 * so the next connection should cause an overflow. 9093 */ 9094 9095 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, 9096 NULL, NULL))) 9097 goto end; 9098 9099 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) 9100 goto end; 9101 9102 /* 9103 * The session we just negotiated may have been already removed from the 9104 * internal cache - but we will return it anyway from our external cache. 9105 */ 9106 get_sess_val = SSL_get_session(serverssl); 9107 if (!TEST_ptr(get_sess_val)) 9108 goto end; 9109 sess = SSL_get1_session(clientssl); 9110 if (!TEST_ptr(sess)) 9111 goto end; 9112 9113 SSL_shutdown(serverssl); 9114 SSL_shutdown(clientssl); 9115 SSL_free(serverssl); 9116 SSL_free(clientssl); 9117 serverssl = clientssl = NULL; 9118 9119 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, 9120 NULL, NULL))) 9121 goto end; 9122 9123 if (!TEST_true(SSL_set_session(clientssl, sess))) 9124 goto end; 9125 9126 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) 9127 goto end; 9128 9129 testresult = 1; 9130 9131 end: 9132 SSL_free(serverssl); 9133 SSL_free(clientssl); 9134 SSL_CTX_free(sctx); 9135 SSL_CTX_free(cctx); 9136 SSL_SESSION_free(sess); 9137 9138 return testresult; 9139 } 9140 #endif /* !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */ 9141 9142 /* 8965 9143 * Test 0: Client sets servername and server acknowledges it (TLSv1.2) 8966 9144 * Test 1: Client sets servername and server does not acknowledge it (TLSv1.2) … … 9277 9455 /* Check that we are not impacted by a provider without any groups */ 9278 9456 OSSL_PROVIDER *legacyprov = OSSL_PROVIDER_load(libctx, "legacy"); 9279 const char *group_name = idx == 0 ? "xor group" : "xorkemgroup";9457 const char *group_name = idx == 0 ? "xorkemgroup" : "xorgroup"; 9280 9458 9281 9459 if (!TEST_ptr(tlsprov)) 9282 9460 goto end; 9283 9284 if (legacyprov == NULL) {9285 /*9286 * In this case we assume we've been built with "no-legacy" and skip9287 * this test (there is no OPENSSL_NO_LEGACY)9288 */9289 testresult = 1;9290 goto end;9291 }9292 9461 9293 9462 if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), … … 9300 9469 goto end; 9301 9470 9302 if (!TEST_true(SSL_set1_groups_list(serverssl, group_name)) 9471 /* ensure GROUPLIST_INCREMENT (=40) logic triggers: */ 9472 if (!TEST_true(SSL_set1_groups_list(serverssl, "xorgroup:xorkemgroup:dummy1:dummy2:dummy3:dummy4:dummy5:dummy6:dummy7:dummy8:dummy9:dummy10:dummy11:dummy12:dummy13:dummy14:dummy15:dummy16:dummy17:dummy18:dummy19:dummy20:dummy21:dummy22:dummy23:dummy24:dummy25:dummy26:dummy27:dummy28:dummy29:dummy30:dummy31:dummy32:dummy33:dummy34:dummy35:dummy36:dummy37:dummy38:dummy39:dummy40:dummy41:dummy42:dummy43")) 9473 /* removing a single algorithm from the list makes the test pass */ 9303 9474 || !TEST_true(SSL_set1_groups_list(clientssl, group_name))) 9304 9475 goto end; … … 10323 10494 10324 10495 #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 10325 10326 static ENGINE *load_dasync(void)10327 {10328 ENGINE *e;10329 10330 if (!TEST_ptr(e = ENGINE_by_id("dasync")))10331 return NULL;10332 10333 if (!TEST_true(ENGINE_init(e))) {10334 ENGINE_free(e);10335 return NULL;10336 }10337 10338 if (!TEST_true(ENGINE_register_ciphers(e))) {10339 ENGINE_free(e);10340 return NULL;10341 }10342 10343 return e;10344 }10345 10346 10496 /* 10347 10497 * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not … … 10635 10785 BIO_free(tmp); 10636 10786 set_always_retry_err_val(-1); 10787 return testresult; 10788 } 10789 10790 struct resume_servername_cb_data { 10791 int i; 10792 SSL_CTX *cctx; 10793 SSL_CTX *sctx; 10794 SSL_SESSION *sess; 10795 int recurse; 10796 }; 10797 10798 /* 10799 * Servername callback. We use it here to run another complete handshake using 10800 * the same session - and mark the session as not_resuamble at the end 10801 */ 10802 static int resume_servername_cb(SSL *s, int *ad, void *arg) 10803 { 10804 struct resume_servername_cb_data *cbdata = arg; 10805 SSL *serverssl = NULL, *clientssl = NULL; 10806 int ret = SSL_TLSEXT_ERR_ALERT_FATAL; 10807 10808 if (cbdata->recurse) 10809 return SSL_TLSEXT_ERR_ALERT_FATAL; 10810 10811 if ((cbdata->i % 3) != 1) 10812 return SSL_TLSEXT_ERR_OK; 10813 10814 cbdata->recurse = 1; 10815 10816 if (!TEST_true(create_ssl_objects(cbdata->sctx, cbdata->cctx, &serverssl, 10817 &clientssl, NULL, NULL)) 10818 || !TEST_true(SSL_set_session(clientssl, cbdata->sess))) 10819 goto end; 10820 10821 ERR_set_mark(); 10822 /* 10823 * We expect this to fail - because the servername cb will fail. This will 10824 * mark the session as not_resumable. 10825 */ 10826 if (!TEST_false(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) { 10827 ERR_clear_last_mark(); 10828 goto end; 10829 } 10830 ERR_pop_to_mark(); 10831 10832 ret = SSL_TLSEXT_ERR_OK; 10833 end: 10834 SSL_free(serverssl); 10835 SSL_free(clientssl); 10836 cbdata->recurse = 0; 10837 return ret; 10838 } 10839 10840 /* 10841 * Test multiple resumptions and cache size handling 10842 * Test 0: TLSv1.3 (max_early_data set) 10843 * Test 1: TLSv1.3 (SSL_OP_NO_TICKET set) 10844 * Test 2: TLSv1.3 (max_early_data and SSL_OP_NO_TICKET set) 10845 * Test 3: TLSv1.3 (SSL_OP_NO_TICKET, simultaneous resumes) 10846 * Test 4: TLSv1.2 10847 */ 10848 static int test_multi_resume(int idx) 10849 { 10850 SSL_CTX *sctx = NULL, *cctx = NULL; 10851 SSL *serverssl = NULL, *clientssl = NULL; 10852 SSL_SESSION *sess = NULL; 10853 int max_version = TLS1_3_VERSION; 10854 int i, testresult = 0; 10855 struct resume_servername_cb_data cbdata; 10856 10857 #if defined(OPENSSL_NO_TLS1_2) 10858 if (idx == 4) 10859 return TEST_skip("TLSv1.2 is disabled in this build"); 10860 #else 10861 if (idx == 4) 10862 max_version = TLS1_2_VERSION; 10863 #endif 10864 #if defined(OSSL_NO_USABLE_TLS1_3) 10865 if (idx != 4) 10866 return TEST_skip("No usable TLSv1.3 in this build"); 10867 #endif 10868 10869 if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), 10870 TLS_client_method(), TLS1_VERSION, 10871 max_version, &sctx, &cctx, cert, 10872 privkey))) 10873 goto end; 10874 10875 /* 10876 * TLSv1.3 only uses a session cache if either max_early_data > 0 (used for 10877 * replay protection), or if SSL_OP_NO_TICKET is in use 10878 */ 10879 if (idx == 0 || idx == 2) { 10880 if (!TEST_true(SSL_CTX_set_max_early_data(sctx, 1024))) 10881 goto end; 10882 } 10883 if (idx == 1 || idx == 2 || idx == 3) 10884 SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET); 10885 10886 SSL_CTX_sess_set_cache_size(sctx, 5); 10887 10888 if (idx == 3) { 10889 SSL_CTX_set_tlsext_servername_callback(sctx, resume_servername_cb); 10890 SSL_CTX_set_tlsext_servername_arg(sctx, &cbdata); 10891 cbdata.cctx = cctx; 10892 cbdata.sctx = sctx; 10893 cbdata.recurse = 0; 10894 } 10895 10896 for (i = 0; i < 30; i++) { 10897 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, 10898 NULL, NULL)) 10899 || !TEST_true(SSL_set_session(clientssl, sess))) 10900 goto end; 10901 10902 /* 10903 * Check simultaneous resumes. We pause the connection part way through 10904 * the handshake by (mis)using the servername_cb. The pause occurs after 10905 * session resumption has already occurred, but before any session 10906 * tickets have been issued. While paused we run another complete 10907 * handshake resuming the same session. 10908 */ 10909 if (idx == 3) { 10910 cbdata.i = i; 10911 cbdata.sess = sess; 10912 } 10913 10914 /* 10915 * Recreate a bug where dynamically changing the max_early_data value 10916 * can cause sessions in the session cache which cannot be deleted. 10917 */ 10918 if ((idx == 0 || idx == 2) && (i % 3) == 2) 10919 SSL_set_max_early_data(serverssl, 0); 10920 10921 if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) 10922 goto end; 10923 10924 if (sess == NULL || (idx == 0 && (i % 3) == 2)) { 10925 if (!TEST_false(SSL_session_reused(clientssl))) 10926 goto end; 10927 } else { 10928 if (!TEST_true(SSL_session_reused(clientssl))) 10929 goto end; 10930 } 10931 SSL_SESSION_free(sess); 10932 10933 /* Do a full handshake, followed by two resumptions */ 10934 if ((i % 3) == 2) { 10935 sess = NULL; 10936 } else { 10937 if (!TEST_ptr((sess = SSL_get1_session(clientssl)))) 10938 goto end; 10939 } 10940 10941 SSL_shutdown(clientssl); 10942 SSL_shutdown(serverssl); 10943 SSL_free(serverssl); 10944 SSL_free(clientssl); 10945 serverssl = clientssl = NULL; 10946 } 10947 10948 /* We should never exceed the session cache size limit */ 10949 if (!TEST_long_le(SSL_CTX_sess_number(sctx), 5)) 10950 goto end; 10951 10952 testresult = 1; 10953 end: 10954 SSL_free(serverssl); 10955 SSL_free(clientssl); 10956 SSL_CTX_free(sctx); 10957 SSL_CTX_free(cctx); 10958 SSL_SESSION_free(sess); 10959 return testresult; 10960 } 10961 10962 static struct next_proto_st { 10963 int serverlen; 10964 unsigned char server[40]; 10965 int clientlen; 10966 unsigned char client[40]; 10967 int expected_ret; 10968 size_t selectedlen; 10969 unsigned char selected[40]; 10970 } next_proto_tests[] = { 10971 { 10972 4, { 3, 'a', 'b', 'c' }, 10973 4, { 3, 'a', 'b', 'c' }, 10974 OPENSSL_NPN_NEGOTIATED, 10975 3, { 'a', 'b', 'c' } 10976 }, 10977 { 10978 7, { 3, 'a', 'b', 'c', 2, 'a', 'b' }, 10979 4, { 3, 'a', 'b', 'c' }, 10980 OPENSSL_NPN_NEGOTIATED, 10981 3, { 'a', 'b', 'c' } 10982 }, 10983 { 10984 7, { 2, 'a', 'b', 3, 'a', 'b', 'c', }, 10985 4, { 3, 'a', 'b', 'c' }, 10986 OPENSSL_NPN_NEGOTIATED, 10987 3, { 'a', 'b', 'c' } 10988 }, 10989 { 10990 4, { 3, 'a', 'b', 'c' }, 10991 7, { 3, 'a', 'b', 'c', 2, 'a', 'b', }, 10992 OPENSSL_NPN_NEGOTIATED, 10993 3, { 'a', 'b', 'c' } 10994 }, 10995 { 10996 4, { 3, 'a', 'b', 'c' }, 10997 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, 10998 OPENSSL_NPN_NEGOTIATED, 10999 3, { 'a', 'b', 'c' } 11000 }, 11001 { 11002 7, { 2, 'b', 'c', 3, 'a', 'b', 'c' }, 11003 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, 11004 OPENSSL_NPN_NEGOTIATED, 11005 3, { 'a', 'b', 'c' } 11006 }, 11007 { 11008 10, { 2, 'b', 'c', 3, 'a', 'b', 'c', 2, 'a', 'b' }, 11009 7, { 2, 'a', 'b', 3, 'a', 'b', 'c'}, 11010 OPENSSL_NPN_NEGOTIATED, 11011 3, { 'a', 'b', 'c' } 11012 }, 11013 { 11014 4, { 3, 'b', 'c', 'd' }, 11015 4, { 3, 'a', 'b', 'c' }, 11016 OPENSSL_NPN_NO_OVERLAP, 11017 3, { 'a', 'b', 'c' } 11018 }, 11019 { 11020 0, { 0 }, 11021 4, { 3, 'a', 'b', 'c' }, 11022 OPENSSL_NPN_NO_OVERLAP, 11023 3, { 'a', 'b', 'c' } 11024 }, 11025 { 11026 -1, { 0 }, 11027 4, { 3, 'a', 'b', 'c' }, 11028 OPENSSL_NPN_NO_OVERLAP, 11029 3, { 'a', 'b', 'c' } 11030 }, 11031 { 11032 4, { 3, 'a', 'b', 'c' }, 11033 0, { 0 }, 11034 OPENSSL_NPN_NO_OVERLAP, 11035 0, { 0 } 11036 }, 11037 { 11038 4, { 3, 'a', 'b', 'c' }, 11039 -1, { 0 }, 11040 OPENSSL_NPN_NO_OVERLAP, 11041 0, { 0 } 11042 }, 11043 { 11044 3, { 3, 'a', 'b', 'c' }, 11045 4, { 3, 'a', 'b', 'c' }, 11046 OPENSSL_NPN_NO_OVERLAP, 11047 3, { 'a', 'b', 'c' } 11048 }, 11049 { 11050 4, { 3, 'a', 'b', 'c' }, 11051 3, { 3, 'a', 'b', 'c' }, 11052 OPENSSL_NPN_NO_OVERLAP, 11053 0, { 0 } 11054 } 11055 }; 11056 11057 static int test_select_next_proto(int idx) 11058 { 11059 struct next_proto_st *np = &next_proto_tests[idx]; 11060 int ret = 0; 11061 unsigned char *out, *client, *server; 11062 unsigned char outlen; 11063 unsigned int clientlen, serverlen; 11064 11065 if (np->clientlen == -1) { 11066 client = NULL; 11067 clientlen = 0; 11068 } else { 11069 client = np->client; 11070 clientlen = (unsigned int)np->clientlen; 11071 } 11072 if (np->serverlen == -1) { 11073 server = NULL; 11074 serverlen = 0; 11075 } else { 11076 server = np->server; 11077 serverlen = (unsigned int)np->serverlen; 11078 } 11079 11080 if (!TEST_int_eq(SSL_select_next_proto(&out, &outlen, server, serverlen, 11081 client, clientlen), 11082 np->expected_ret)) 11083 goto err; 11084 11085 if (np->selectedlen == 0) { 11086 if (!TEST_ptr_null(out) || !TEST_uchar_eq(outlen, 0)) 11087 goto err; 11088 } else { 11089 if (!TEST_mem_eq(out, outlen, np->selected, np->selectedlen)) 11090 goto err; 11091 } 11092 11093 ret = 1; 11094 err: 11095 return ret; 11096 } 11097 11098 static const unsigned char fooprot[] = {3, 'f', 'o', 'o' }; 11099 static const unsigned char barprot[] = {3, 'b', 'a', 'r' }; 11100 11101 #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) 11102 static int npn_advert_cb(SSL *ssl, const unsigned char **out, 11103 unsigned int *outlen, void *arg) 11104 { 11105 int *idx = (int *)arg; 11106 11107 switch (*idx) { 11108 default: 11109 case 0: 11110 *out = fooprot; 11111 *outlen = sizeof(fooprot); 11112 return SSL_TLSEXT_ERR_OK; 11113 11114 case 1: 11115 *outlen = 0; 11116 return SSL_TLSEXT_ERR_OK; 11117 11118 case 2: 11119 return SSL_TLSEXT_ERR_NOACK; 11120 } 11121 } 11122 11123 static int npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, 11124 const unsigned char *in, unsigned int inlen, void *arg) 11125 { 11126 int *idx = (int *)arg; 11127 11128 switch (*idx) { 11129 case 0: 11130 case 1: 11131 *out = (unsigned char *)(fooprot + 1); 11132 *outlen = *fooprot; 11133 return SSL_TLSEXT_ERR_OK; 11134 11135 case 3: 11136 *out = (unsigned char *)(barprot + 1); 11137 *outlen = *barprot; 11138 return SSL_TLSEXT_ERR_OK; 11139 11140 case 4: 11141 *outlen = 0; 11142 return SSL_TLSEXT_ERR_OK; 11143 11144 default: 11145 case 2: 11146 return SSL_TLSEXT_ERR_ALERT_FATAL; 11147 } 11148 } 11149 11150 /* 11151 * Test the NPN callbacks 11152 * Test 0: advert = foo, select = foo 11153 * Test 1: advert = <empty>, select = foo 11154 * Test 2: no advert 11155 * Test 3: advert = foo, select = bar 11156 * Test 4: advert = foo, select = <empty> (should fail) 11157 */ 11158 static int test_npn(int idx) 11159 { 11160 SSL_CTX *sctx = NULL, *cctx = NULL; 11161 SSL *serverssl = NULL, *clientssl = NULL; 11162 int testresult = 0; 11163 11164 if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), 11165 TLS_client_method(), 0, TLS1_2_VERSION, 11166 &sctx, &cctx, cert, privkey))) 11167 goto end; 11168 11169 SSL_CTX_set_next_protos_advertised_cb(sctx, npn_advert_cb, &idx); 11170 SSL_CTX_set_next_proto_select_cb(cctx, npn_select_cb, &idx); 11171 11172 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, 11173 NULL))) 11174 goto end; 11175 11176 if (idx == 4) { 11177 /* We don't allow empty selection of NPN, so this should fail */ 11178 if (!TEST_false(create_ssl_connection(serverssl, clientssl, 11179 SSL_ERROR_NONE))) 11180 goto end; 11181 } else { 11182 const unsigned char *prot; 11183 unsigned int protlen; 11184 11185 if (!TEST_true(create_ssl_connection(serverssl, clientssl, 11186 SSL_ERROR_NONE))) 11187 goto end; 11188 11189 SSL_get0_next_proto_negotiated(serverssl, &prot, &protlen); 11190 switch (idx) { 11191 case 0: 11192 case 1: 11193 if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) 11194 goto end; 11195 break; 11196 case 2: 11197 if (!TEST_uint_eq(protlen, 0)) 11198 goto end; 11199 break; 11200 case 3: 11201 if (!TEST_mem_eq(prot, protlen, barprot + 1, *barprot)) 11202 goto end; 11203 break; 11204 default: 11205 TEST_error("Should not get here"); 11206 goto end; 11207 } 11208 } 11209 11210 testresult = 1; 11211 end: 11212 SSL_free(serverssl); 11213 SSL_free(clientssl); 11214 SSL_CTX_free(sctx); 11215 SSL_CTX_free(cctx); 11216 11217 return testresult; 11218 } 11219 #endif /* !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) */ 11220 11221 static int alpn_select_cb2(SSL *ssl, const unsigned char **out, 11222 unsigned char *outlen, const unsigned char *in, 11223 unsigned int inlen, void *arg) 11224 { 11225 int *idx = (int *)arg; 11226 11227 switch (*idx) { 11228 case 0: 11229 *out = (unsigned char *)(fooprot + 1); 11230 *outlen = *fooprot; 11231 return SSL_TLSEXT_ERR_OK; 11232 11233 case 2: 11234 *out = (unsigned char *)(barprot + 1); 11235 *outlen = *barprot; 11236 return SSL_TLSEXT_ERR_OK; 11237 11238 case 3: 11239 *outlen = 0; 11240 return SSL_TLSEXT_ERR_OK; 11241 11242 default: 11243 case 1: 11244 return SSL_TLSEXT_ERR_ALERT_FATAL; 11245 } 11246 return 0; 11247 } 11248 11249 /* 11250 * Test the ALPN callbacks 11251 * Test 0: client = foo, select = foo 11252 * Test 1: client = <empty>, select = none 11253 * Test 2: client = foo, select = bar (should fail) 11254 * Test 3: client = foo, select = <empty> (should fail) 11255 */ 11256 static int test_alpn(int idx) 11257 { 11258 SSL_CTX *sctx = NULL, *cctx = NULL; 11259 SSL *serverssl = NULL, *clientssl = NULL; 11260 int testresult = 0; 11261 const unsigned char *prots = fooprot; 11262 unsigned int protslen = sizeof(fooprot); 11263 11264 if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), 11265 TLS_client_method(), 0, 0, 11266 &sctx, &cctx, cert, privkey))) 11267 goto end; 11268 11269 SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb2, &idx); 11270 11271 if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, 11272 NULL))) 11273 goto end; 11274 11275 if (idx == 1) { 11276 prots = NULL; 11277 protslen = 0; 11278 } 11279 11280 /* SSL_set_alpn_protos returns 0 for success! */ 11281 if (!TEST_false(SSL_set_alpn_protos(clientssl, prots, protslen))) 11282 goto end; 11283 11284 if (idx == 2 || idx == 3) { 11285 /* We don't allow empty selection of NPN, so this should fail */ 11286 if (!TEST_false(create_ssl_connection(serverssl, clientssl, 11287 SSL_ERROR_NONE))) 11288 goto end; 11289 } else { 11290 const unsigned char *prot; 11291 unsigned int protlen; 11292 11293 if (!TEST_true(create_ssl_connection(serverssl, clientssl, 11294 SSL_ERROR_NONE))) 11295 goto end; 11296 11297 SSL_get0_alpn_selected(clientssl, &prot, &protlen); 11298 switch (idx) { 11299 case 0: 11300 if (!TEST_mem_eq(prot, protlen, fooprot + 1, *fooprot)) 11301 goto end; 11302 break; 11303 case 1: 11304 if (!TEST_uint_eq(protlen, 0)) 11305 goto end; 11306 break; 11307 default: 11308 TEST_error("Should not get here"); 11309 goto end; 11310 } 11311 } 11312 11313 testresult = 1; 11314 end: 11315 SSL_free(serverssl); 11316 SSL_free(clientssl); 11317 SSL_CTX_free(sctx); 11318 SSL_CTX_free(cctx); 11319 10637 11320 return testresult; 10638 11321 } … … 10923 11606 ADD_TEST(test_set_verify_cert_store_ssl); 10924 11607 ADD_ALL_TESTS(test_session_timeout, 1); 11608 #if !defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) 11609 ADD_ALL_TESTS(test_session_cache_overflow, 4); 11610 #endif 10925 11611 ADD_TEST(test_load_dhfile); 10926 11612 #ifndef OSSL_NO_USABLE_TLS1_3 … … 10935 11621 #endif 10936 11622 ADD_ALL_TESTS(test_handshake_retry, 16); 11623 ADD_ALL_TESTS(test_multi_resume, 5); 11624 ADD_ALL_TESTS(test_select_next_proto, OSSL_NELEM(next_proto_tests)); 11625 #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_NEXTPROTONEG) 11626 ADD_ALL_TESTS(test_npn, 5); 11627 #endif 11628 ADD_ALL_TESTS(test_alpn, 4); 10937 11629 return 1; 10938 11630 -
trunk/src/libs/openssl-3.1.7/test/sslbuffertest.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 0The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"); … … 9 9 */ 10 10 11 /* 12 * We need access to the deprecated low level Engine APIs for legacy purposes 13 * when the deprecated calls are not hidden 14 */ 15 #ifndef OPENSSL_NO_DEPRECATED_3_0 16 # define OPENSSL_SUPPRESS_DEPRECATED 17 #endif 18 11 19 #include <string.h> 12 20 #include <openssl/ssl.h> 13 21 #include <openssl/bio.h> 14 22 #include <openssl/err.h> 23 #include <openssl/engine.h> 15 24 16 25 #include "internal/packet.h" … … 151 160 } 152 161 162 /* 163 * Test that attempting to free the buffers at points where they cannot be freed 164 * works as expected 165 * Test 0: Attempt to free buffers after a full record has been processed, but 166 * the application has only performed a partial read 167 * Test 1: Attempt to free buffers after only a partial record header has been 168 * received 169 * Test 2: Attempt to free buffers after a full record header but no record body 170 * Test 3: Attempt to free buffers after a full record hedaer and partial record 171 * body 172 * Test 4-7: We repeat tests 0-3 but including data from a second pipelined 173 * record 174 */ 175 static int test_free_buffers(int test) 176 { 177 int result = 0; 178 SSL *serverssl = NULL, *clientssl = NULL; 179 const char testdata[] = "Test data"; 180 char buf[120]; 181 size_t written, readbytes; 182 int i, pipeline = test > 3; 183 ENGINE *e = NULL; 184 185 if (pipeline) { 186 e = load_dasync(); 187 if (e == NULL) 188 goto end; 189 test -= 4; 190 } 191 192 if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, 193 &clientssl, NULL, NULL))) 194 goto end; 195 196 if (pipeline) { 197 if (!TEST_true(SSL_set_cipher_list(serverssl, "AES128-SHA")) 198 || !TEST_true(SSL_set_max_proto_version(serverssl, 199 TLS1_2_VERSION)) 200 || !TEST_true(SSL_set_max_pipelines(serverssl, 2))) 201 goto end; 202 } 203 204 if (!TEST_true(create_ssl_connection(serverssl, clientssl, 205 SSL_ERROR_NONE))) 206 goto end; 207 208 /* 209 * For the non-pipeline case we write one record. For pipelining we write 210 * two records. 211 */ 212 for (i = 0; i <= pipeline; i++) { 213 if (!TEST_true(SSL_write_ex(clientssl, testdata, strlen(testdata), 214 &written))) 215 goto end; 216 } 217 218 if (test == 0) { 219 size_t readlen = 1; 220 221 /* 222 * Deliberately only read the first byte - so the remaining bytes are 223 * still buffered. In the pipelining case we read as far as the first 224 * byte from the second record. 225 */ 226 if (pipeline) 227 readlen += strlen(testdata); 228 229 if (!TEST_true(SSL_read_ex(serverssl, buf, readlen, &readbytes)) 230 || !TEST_size_t_eq(readlen, readbytes)) 231 goto end; 232 } else { 233 BIO *tmp; 234 size_t partial_len; 235 236 /* Remove all the data that is pending for read by the server */ 237 tmp = SSL_get_rbio(serverssl); 238 if (!TEST_true(BIO_read_ex(tmp, buf, sizeof(buf), &readbytes)) 239 || !TEST_size_t_lt(readbytes, sizeof(buf)) 240 || !TEST_size_t_gt(readbytes, SSL3_RT_HEADER_LENGTH)) 241 goto end; 242 243 switch(test) { 244 case 1: 245 partial_len = SSL3_RT_HEADER_LENGTH - 1; 246 break; 247 case 2: 248 partial_len = SSL3_RT_HEADER_LENGTH; 249 break; 250 case 3: 251 partial_len = readbytes - 1; 252 break; 253 default: 254 TEST_error("Invalid test index"); 255 goto end; 256 } 257 258 if (pipeline) { 259 /* We happen to know the first record is 57 bytes long */ 260 const size_t first_rec_len = 57; 261 262 if (test != 3) 263 partial_len += first_rec_len; 264 265 /* 266 * Sanity check. If we got the record len right then this should 267 * never fail. 268 */ 269 if (!TEST_int_eq(buf[first_rec_len], SSL3_RT_APPLICATION_DATA)) 270 goto end; 271 } 272 273 /* 274 * Put back just the partial record (plus the whole initial record in 275 * the pipelining case) 276 */ 277 if (!TEST_true(BIO_write_ex(tmp, buf, partial_len, &written))) 278 goto end; 279 280 if (pipeline) { 281 /* 282 * Attempt a read. This should pass but only return data from the 283 * first record. Only a partial record is available for the second 284 * record. 285 */ 286 if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), 287 &readbytes)) 288 || !TEST_size_t_eq(readbytes, strlen(testdata))) 289 goto end; 290 } else { 291 /* 292 * Attempt a read. This should fail because only a partial record is 293 * available. 294 */ 295 if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), 296 &readbytes))) 297 goto end; 298 } 299 } 300 301 /* 302 * Attempting to free the buffers at this point should fail because they are 303 * still in use 304 */ 305 if (!TEST_false(SSL_free_buffers(serverssl))) 306 goto end; 307 308 result = 1; 309 end: 310 SSL_free(clientssl); 311 SSL_free(serverssl); 312 #ifndef OPENSSL_NO_DYNAMIC_ENGINE 313 if (e != NULL) { 314 ENGINE_unregister_ciphers(e); 315 ENGINE_finish(e); 316 ENGINE_free(e); 317 } 318 #endif 319 return result; 320 } 321 153 322 OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") 154 323 … … 174 343 175 344 ADD_ALL_TESTS(test_func, 9); 345 #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) 346 ADD_ALL_TESTS(test_free_buffers, 8); 347 #else 348 ADD_ALL_TESTS(test_free_buffers, 4); 349 #endif 176 350 return 1; 177 351 } -
trunk/src/libs/openssl-3.1.7/test/test.cnf
r104078 r105945 73 73 emailAddress = email field 74 74 emailAddress_value = [email protected] 75 76 [ dirname_sec ] 77 C = UK 78 O = My Organization 79 OU = My Unit 80 CN = My Name -
trunk/src/libs/openssl-3.1.7/test/tls-provider.c
r104078 r105945 1 1 /* 2 * Copyright 2019-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 186 186 187 187 /* Register our 2 groups */ 188 OPENSSL_assert(xor_group.group_id >= 65024 189 && xor_group.group_id < 65279 - NUM_DUMMY_GROUPS); 188 190 ret = cb(xor_group_params, arg); 189 191 ret &= cb(xor_kemgroup_params, arg); … … 197 199 for (i = 0; i < NUM_DUMMY_GROUPS; i++) { 198 200 OSSL_PARAM dummygroup[OSSL_NELEM(xor_group_params)]; 201 unsigned int dummygroup_id; 199 202 200 203 memcpy(dummygroup, xor_group_params, sizeof(xor_group_params)); … … 211 214 dummygroup[0].data = dummy_group_names[i]; 212 215 dummygroup[0].data_size = strlen(dummy_group_names[i]) + 1; 216 /* assign unique group IDs also to dummy groups for registration */ 217 dummygroup_id = 65279 - NUM_DUMMY_GROUPS + i; 218 dummygroup[3].data = (unsigned char*)&dummygroup_id; 213 219 ret &= cb(dummygroup, arg); 214 220 } … … 818 824 /* 819 825 * Ensure group_id is within the IANA Reserved for private use range 820 * (65024-65279) 826 * (65024-65279). 827 * Carve out NUM_DUMMY_GROUPS ids for properly registering those. 821 828 */ 822 group_id %= 65279 - 65024;829 group_id %= 65279 - NUM_DUMMY_GROUPS - 65024; 823 830 group_id += 65024; 824 831 -
trunk/src/libs/openssl-3.1.7/test/v3ext.c
r104078 r105945 1 1 /* 2 * Copyright 2016-202 2The OpenSSL Project Authors. All Rights Reserved.2 * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 3 3 * 4 4 * Licensed under the Apache License 2.0 (the "License"). You may not use … … 270 270 if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) 271 271 goto end; 272 273 /* Push and transfer memory ownership to stack */ 272 274 if (!sk_IPAddressFamily_push(addr, f1)) 273 275 goto end; 276 f1 = NULL; 274 277 275 278 /* Shouldn't be able to canonize this as the len is > 3*/ … … 277 280 goto end; 278 281 279 /* Create a well formed IPAddressFamily*/280 f1 = sk_IPAddressFamily_pop(addr);281 IPAddressFamily_free(f1); 282 282 /* Pop and free the new stack element */ 283 IPAddressFamily_free(sk_IPAddressFamily_pop(addr)); 284 285 /* Create a well-formed IPAddressFamily */ 283 286 key[0] = (afi >> 8) & 0xFF; 284 287 key[1] = afi & 0xFF; … … 298 301 /* Mark this as inheritance so we skip some of the is_canonize checks */ 299 302 f1->ipAddressChoice->type = IPAddressChoice_inherit; 303 304 /* Push and transfer memory ownership to stack */ 300 305 if (!sk_IPAddressFamily_push(addr, f1)) 301 306 goto end; 307 f1 = NULL; 302 308 303 309 /* Should be able to canonize now */ … … 307 313 testresult = 1; 308 314 end: 315 /* Free stack and any memory owned by detached element */ 316 IPAddressFamily_free(f1); 309 317 sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); 318 310 319 ASN1_OCTET_STRING_free(ip1); 311 320 ASN1_OCTET_STRING_free(ip2);
Note:
See TracChangeset
for help on using the changeset viewer.
