summaryrefslogtreecommitdiff
path: root/deps/openssl/openssl/test/recipes
diff options
context:
space:
mode:
Diffstat (limited to 'deps/openssl/openssl/test/recipes')
-rw-r--r--deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt11
-rw-r--r--deps/openssl/openssl/test/recipes/70-test_sslmessages.t27
-rw-r--r--deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t38
-rw-r--r--deps/openssl/openssl/test/recipes/70-test_tls13messages.t91
-rw-r--r--deps/openssl/openssl/test/recipes/80-test_cms.t69
-rw-r--r--deps/openssl/openssl/test/recipes/80-test_cms_data/bad_signtime_attr.cmsbin0 -> 1524 bytes
-rw-r--r--deps/openssl/openssl/test/recipes/80-test_cms_data/ct_multiple_attr.cmsbin0 -> 1549 bytes
-rw-r--r--deps/openssl/openssl/test/recipes/80-test_cms_data/no_ct_attr.cmsbin0 -> 1496 bytes
-rw-r--r--deps/openssl/openssl/test/recipes/80-test_cms_data/no_md_attr.cmsbin0 -> 1473 bytes
-rw-r--r--deps/openssl/openssl/test/recipes/90-test_sslapi.t7
10 files changed, 216 insertions, 27 deletions
diff --git a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt
index 68eddca7b7..29c317a158 100644
--- a/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt
+++ b/deps/openssl/openssl/test/recipes/30-test_evp_data/evpciph.txt
@@ -1190,7 +1190,18 @@ Result = CIPHERFINAL_ERROR
Title = AES XTS test vectors from IEEE Std 1619-2007
+# Using the same key twice for encryption is always banned.
Cipher = aes-128-xts
+Operation = ENCRYPT
+Key = 0000000000000000000000000000000000000000000000000000000000000000
+IV = 00000000000000000000000000000000
+Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
+Ciphertext = 917cf69ebd68b2ec9b9fe9a3eadda692cd43d2f59598ed858c02c2652fbf922e
+Result = KEY_SET_ERROR
+
+# Using the same key twice for decryption is allowed outside of FIPS mode.
+Cipher = aes-128-xts
+Operation = DECRYPT
Key = 0000000000000000000000000000000000000000000000000000000000000000
IV = 00000000000000000000000000000000
Plaintext = 0000000000000000000000000000000000000000000000000000000000000000
diff --git a/deps/openssl/openssl/test/recipes/70-test_sslmessages.t b/deps/openssl/openssl/test/recipes/70-test_sslmessages.t
index 1e4676973a..212791fc05 100644
--- a/deps/openssl/openssl/test/recipes/70-test_sslmessages.t
+++ b/deps/openssl/openssl/test/recipes/70-test_sslmessages.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -95,58 +95,81 @@ my $proxy = TLSProxy::Proxy->new(
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
(disabled("ec") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
(disabled("ec") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO,
TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
(disabled("tls1_2") ? () :
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS]),
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ TLSProxy::Message::CLIENT,
checkhandshake::RENEGOTIATE_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_NPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::NPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SRP,
+ TLSProxy::Message::CLIENT,
checkhandshake::SRP_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_RENEGOTIATE,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::SERVER,
checkhandshake::SESSION_TICKET_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::SERVER,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::SERVER,
checkhandshake::ALPN_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::SERVER,
checkhandshake::SCT_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_NPN,
+ TLSProxy::Message::SERVER,
checkhandshake::NPN_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::SERVER,
checkhandshake::EC_POINT_FORMAT_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
#Test 1: Check we get all the right messages for a default handshake
diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t b/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t
index 716e260e5f..98989b4703 100644
--- a/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t
+++ b/deps/openssl/openssl/test/recipes/70-test_tls13kexmodes.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -62,78 +62,112 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_KEX_MODES_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_HRR_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_KEX_MODES_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_SRV_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::SERVER,
checkhandshake::PSK_SRV_EXTENSION],
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
use constant {
diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13messages.t b/deps/openssl/openssl/test/recipes/70-test_tls13messages.t
index be6a2db5d6..171a12fa12 100644
--- a/deps/openssl/openssl/test/recipes/70-test_tls13messages.t
+++ b/deps/openssl/openssl/test/recipes/70-test_tls13messages.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -62,92 +62,136 @@ $ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.conf");
@extensions = (
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
+ TLSProxy::Message::CLIENT,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::KEY_SHARE_HRR_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::CLIENT,
checkhandshake::SERVER_NAME_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::CLIENT,
checkhandshake::STATUS_REQUEST_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EC_POINT_FORMATS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::CLIENT,
checkhandshake::ALPN_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::CLIENT,
checkhandshake::SCT_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_ENCRYPT_THEN_MAC,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_EXTENDED_MASTER_SECRET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SESSION_TICKET,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK_KEX_MODES,
+ TLSProxy::Message::CLIENT,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::CLIENT,
checkhandshake::PSK_CLI_EXTENSION],
[TLSProxy::Message::MT_CLIENT_HELLO, TLSProxy::Message::EXT_POST_HANDSHAKE_AUTH,
+ TLSProxy::Message::CLIENT,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_SUPPORTED_VERSIONS,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_KEY_SHARE,
+ TLSProxy::Message::SERVER,
checkhandshake::DEFAULT_EXTENSIONS],
[TLSProxy::Message::MT_SERVER_HELLO, TLSProxy::Message::EXT_PSK,
+ TLSProxy::Message::SERVER,
checkhandshake::PSK_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SERVER_NAME,
+ TLSProxy::Message::SERVER,
checkhandshake::SERVER_NAME_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_ALPN,
+ TLSProxy::Message::SERVER,
checkhandshake::ALPN_SRV_EXTENSION],
[TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, TLSProxy::Message::EXT_SUPPORTED_GROUPS,
+ TLSProxy::Message::SERVER,
checkhandshake::SUPPORTED_GROUPS_SRV_EXTENSION],
+ [TLSProxy::Message::MT_CERTIFICATE_REQUEST, TLSProxy::Message::EXT_SIG_ALGS,
+ TLSProxy::Message::SERVER,
+ checkhandshake::DEFAULT_EXTENSIONS],
+
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_STATUS_REQUEST,
+ TLSProxy::Message::SERVER,
checkhandshake::STATUS_REQUEST_SRV_EXTENSION],
[TLSProxy::Message::MT_CERTIFICATE, TLSProxy::Message::EXT_SCT,
+ TLSProxy::Message::SERVER,
checkhandshake::SCT_SRV_EXTENSION],
- [0,0,0]
+ [0,0,0,0]
);
my $proxy = TLSProxy::Proxy->new(
@@ -163,7 +207,7 @@ $proxy->serverconnects(2);
$proxy->clientflags("-sess_out ".$session);
$proxy->sessionfile($session);
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 16;
+plan tests => 17;
checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
"Default handshake test");
@@ -179,7 +223,7 @@ checkhandshake($proxy, checkhandshake::RESUME_HANDSHAKE,
"Resumption handshake test");
SKIP: {
- skip "No OCSP support in this OpenSSL build", 3
+ skip "No OCSP support in this OpenSSL build", 4
if disabled("ct") || disabled("ec") || disabled("ocsp");
#Test 3: A status_request handshake (client request only)
$proxy->clear();
@@ -210,9 +254,23 @@ SKIP: {
| checkhandshake::STATUS_REQUEST_CLI_EXTENSION
| checkhandshake::STATUS_REQUEST_SRV_EXTENSION,
"status_request handshake test");
+
+ #Test 6: A status_request handshake (client and server) with client auth
+ $proxy->clear();
+ $proxy->clientflags("-status -enable_pha -cert "
+ .srctop_file("apps", "server.pem"));
+ $proxy->serverflags("-Verify 5 -status_file "
+ .srctop_file("test", "recipes", "ocsp-response.der"));
+ $proxy->start();
+ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
+ checkhandshake::DEFAULT_EXTENSIONS
+ | checkhandshake::STATUS_REQUEST_CLI_EXTENSION
+ | checkhandshake::STATUS_REQUEST_SRV_EXTENSION
+ | checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
+ "status_request handshake with client auth test");
}
-#Test 6: A client auth handshake
+#Test 7: A client auth handshake
$proxy->clear();
$proxy->clientflags("-enable_pha -cert ".srctop_file("apps", "server.pem"));
$proxy->serverflags("-Verify 5");
@@ -222,7 +280,7 @@ checkhandshake($proxy, checkhandshake::CLIENT_AUTH_HANDSHAKE,
checkhandshake::POST_HANDSHAKE_AUTH_CLI_EXTENSION,
"Client auth handshake test");
-#Test 7: Server name handshake (no client request)
+#Test 8: Server name handshake (no client request)
$proxy->clear();
$proxy->clientflags("-noservername");
$proxy->start();
@@ -231,7 +289,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
"Server name handshake test (client)");
-#Test 8: Server name handshake (server support only)
+#Test 9: Server name handshake (server support only)
$proxy->clear();
$proxy->clientflags("-noservername");
$proxy->serverflags("-servername testhost");
@@ -241,7 +299,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
& ~checkhandshake::SERVER_NAME_CLI_EXTENSION,
"Server name handshake test (server)");
-#Test 9: Server name handshake (client and server)
+#Test 10: Server name handshake (client and server)
$proxy->clear();
$proxy->clientflags("-servername testhost");
$proxy->serverflags("-servername testhost");
@@ -251,7 +309,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
| checkhandshake::SERVER_NAME_SRV_EXTENSION,
"Server name handshake test");
-#Test 10: ALPN handshake (client request only)
+#Test 11: ALPN handshake (client request only)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->start();
@@ -260,7 +318,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
| checkhandshake::ALPN_CLI_EXTENSION,
"ALPN handshake test (client)");
-#Test 11: ALPN handshake (server support only)
+#Test 12: ALPN handshake (server support only)
$proxy->clear();
$proxy->serverflags("-alpn test");
$proxy->start();
@@ -268,7 +326,7 @@ checkhandshake($proxy, checkhandshake::DEFAULT_HANDSHAKE,
checkhandshake::DEFAULT_EXTENSIONS,
"ALPN handshake test (server)");
-#Test 12: ALPN handshake (client and server)
+#Test 13: ALPN handshake (client and server)
$proxy->clear();
$proxy->clientflags("-alpn test");
$proxy->serverflags("-alpn test");
@@ -283,7 +341,7 @@ SKIP: {
skip "No CT, EC or OCSP support in this OpenSSL build", 1
if disabled("ct") || disabled("ec") || disabled("ocsp");
- #Test 13: SCT handshake (client request only)
+ #Test 14: SCT handshake (client request only)
$proxy->clear();
#Note: -ct also sends status_request
$proxy->clientflags("-ct");
@@ -300,10 +358,7 @@ SKIP: {
"SCT handshake test");
}
-
-
-
-#Test 14: HRR Handshake
+#Test 15: HRR Handshake
$proxy->clear();
$proxy->serverflags("-curves P-256");
$proxy->start();
@@ -312,7 +367,7 @@ checkhandshake($proxy, checkhandshake::HRR_HANDSHAKE,
| checkhandshake::KEY_SHARE_HRR_EXTENSION,
"HRR handshake test");
-#Test 15: Resumption handshake with HRR
+#Test 16: Resumption handshake with HRR
$proxy->clear();
$proxy->clientflags("-sess_in ".$session);
$proxy->serverflags("-curves P-256");
@@ -324,7 +379,7 @@ checkhandshake($proxy, checkhandshake::HRR_RESUME_HANDSHAKE,
| checkhandshake::PSK_SRV_EXTENSION),
"Resumption handshake with HRR test");
-#Test 16: Acceptable but non preferred key_share
+#Test 17: Acceptable but non preferred key_share
$proxy->clear();
$proxy->clientflags("-curves P-256");
$proxy->start();
diff --git a/deps/openssl/openssl/test/recipes/80-test_cms.t b/deps/openssl/openssl/test/recipes/80-test_cms.t
index b57ca66dac..5dc6a3aebe 100644
--- a/deps/openssl/openssl/test/recipes/80-test_cms.t
+++ b/deps/openssl/openssl/test/recipes/80-test_cms.t
@@ -21,12 +21,13 @@ setup("test_cms");
plan skip_all => "CMS is not supported by this OpenSSL build"
if disabled("cms");
+my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
my $smdir = srctop_dir("test", "smime-certs");
my $smcont = srctop_file("test", "smcont.txt");
my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
= disabled qw/des dh dsa ec ec2m rc2 zlib/;
-plan tests => 4;
+plan tests => 6;
my @smime_pkcs7_tests = (
@@ -400,6 +401,26 @@ my @smime_cms_param_tests = (
]
);
+my @contenttype_cms_test = (
+ [ "signed content test - check that content type is added to additional signerinfo, RSA keys",
+ [ "-sign", "-binary", "-nodetach", "-stream", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smrsa1.pem"), "-md", "SHA256",
+ "-out", "test.cms" ],
+ [ "-resign", "-binary", "-nodetach", "-in", "test.cms", "-inform", "DER", "-outform", "DER",
+ "-signer", catfile($smdir, "smrsa2.pem"), "-md", "SHA256",
+ "-out", "test2.cms" ],
+ [ "-verify", "-in", "test2.cms", "-inform", "DER",
+ "-CAfile", catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ]
+ ],
+);
+
+my @incorrect_attribute_cms_test = (
+ "bad_signtime_attr.cms",
+ "no_ct_attr.cms",
+ "no_md_attr.cms",
+ "ct_multiple_attr.cms"
+);
+
subtest "CMS => PKCS#7 compatibility tests\n" => sub {
plan tests => scalar @smime_pkcs7_tests;
@@ -493,6 +514,52 @@ subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub {
}
};
+# Returns the number of matches of a Content Type Attribute in a binary file.
+sub contentType_matches {
+ # Read in a binary file
+ my ($in) = @_;
+ open (HEX_IN, "$in") or die("open failed for $in : $!");
+ binmode(HEX_IN);
+ local $/;
+ my $str = <HEX_IN>;
+
+ # Find ASN1 data for a Content Type Attribute (with a OID of PKCS7 data)
+ my @c = $str =~ /\x30\x18\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x03\x31\x0B\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01/gs;
+
+ close(HEX_IN);
+ return scalar(@c);
+}
+
+subtest "CMS Check the content type attribute is added for additional signers\n" => sub {
+ plan tests =>
+ (scalar @contenttype_cms_test);
+
+ foreach (@contenttype_cms_test) {
+ SKIP: {
+ my $skip_reason = check_availability($$_[0]);
+ skip $skip_reason, 1 if $skip_reason;
+
+ ok(run(app(["openssl", "cms", @{$$_[1]}]))
+ && run(app(["openssl", "cms", @{$$_[2]}]))
+ && contentType_matches("test2.cms") == 2
+ && run(app(["openssl", "cms", @{$$_[3]}])),
+ $$_[0]);
+ }
+ }
+};
+
+subtest "CMS Check that bad attributes fail when verifying signers\n" => sub {
+ plan tests =>
+ (scalar @incorrect_attribute_cms_test);
+
+ foreach my $name (@incorrect_attribute_cms_test) {
+ ok(!run(app(["openssl", "cms", "-verify", "-in",
+ catfile($datadir, $name), "-inform", "DER", "-CAfile",
+ catfile($smdir, "smroot.pem"), "-out", "smtst.txt" ])),
+ $name);
+ }
+};
+
unlink "test.cms";
unlink "test2.cms";
unlink "smtst.txt";
diff --git a/deps/openssl/openssl/test/recipes/80-test_cms_data/bad_signtime_attr.cms b/deps/openssl/openssl/test/recipes/80-test_cms_data/bad_signtime_attr.cms
new file mode 100644
index 0000000000..048a493581
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/80-test_cms_data/bad_signtime_attr.cms
Binary files differ
diff --git a/deps/openssl/openssl/test/recipes/80-test_cms_data/ct_multiple_attr.cms b/deps/openssl/openssl/test/recipes/80-test_cms_data/ct_multiple_attr.cms
new file mode 100644
index 0000000000..974db6ef9a
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/80-test_cms_data/ct_multiple_attr.cms
Binary files differ
diff --git a/deps/openssl/openssl/test/recipes/80-test_cms_data/no_ct_attr.cms b/deps/openssl/openssl/test/recipes/80-test_cms_data/no_ct_attr.cms
new file mode 100644
index 0000000000..64b688b91c
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/80-test_cms_data/no_ct_attr.cms
Binary files differ
diff --git a/deps/openssl/openssl/test/recipes/80-test_cms_data/no_md_attr.cms b/deps/openssl/openssl/test/recipes/80-test_cms_data/no_md_attr.cms
new file mode 100644
index 0000000000..d0a3afa523
--- /dev/null
+++ b/deps/openssl/openssl/test/recipes/80-test_cms_data/no_md_attr.cms
Binary files differ
diff --git a/deps/openssl/openssl/test/recipes/90-test_sslapi.t b/deps/openssl/openssl/test/recipes/90-test_sslapi.t
index 633df47736..adbcb4fe68 100644
--- a/deps/openssl/openssl/test/recipes/90-test_sslapi.t
+++ b/deps/openssl/openssl/test/recipes/90-test_sslapi.t
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -8,7 +8,7 @@
use OpenSSL::Test::Utils;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
use File::Temp qw(tempfile);
setup("test_sslapi");
@@ -20,8 +20,7 @@ plan tests => 1;
(undef, my $tmpfilename) = tempfile();
-ok(run(test(["sslapitest", srctop_file("apps", "server.pem"),
- srctop_file("apps", "server.pem"),
+ok(run(test(["sslapitest", srctop_dir("test", "certs"),
srctop_file("test", "recipes", "90-test_sslapi_data",
"passwd.txt"), $tmpfilename])),
"running sslapitest");
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 14:49:03 +0000