Skip to content

Instantly share code, notes, and snippets.

@vladimir-ivanov

vladimir-ivanov/openssl-1.1.1.txt

Created April 13, 2023 16:13
Show Gist options
  • Save vladimir-ivanov/7126fcce4a72b9d1f0908473a2dff3be to your computer and use it in GitHub Desktop.
Save vladimir-ivanov/7126fcce4a72b9d1f0908473a2dff3be to your computer and use it in GitHub Desktop.
Download ZIP
vv
Raw
openssl-1.1.1.txt
This file has been truncated, but you can view the full file.
openssl-1.1.1/0000755000000000000000000000000013345734631011704 5ustar rootrootopenssl-1.1.1/CONTRIBUTING0000644000000000000000000000704313345734623013543 0ustar rootrootHOW TO CONTRIBUTE TO OpenSSL
----------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is done on GitHub, https://github.com/openssl/openssl.
To request new features or report bugs, please open an issue on GitHub
To submit a patch, please open a pull request on GitHub. If you are thinking
of making a large contribution, open an issue for it before starting work,
to get comments from the community. Someone may be already working on
the same thing or there may be reasons why that feature isn't implemented.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a Contributor
License Agreement (CLA), giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details. If your
contribution is too small to require a CLA, put "CLA: trivial" on a
line by itself in your commit message body.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features. Clean builds
via Travis and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/man[1357] for
examples of our style. Run "make doc-nits" to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in CHANGES. This could be a summarising
description of the change, and could explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log oneliners.
Also note that security fixes get an entry in CHANGES.
This file helps users get more in depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. For larger or more important user visible changes, as well as
security fixes, please add a line in NEWS. On exception, it might be
worth adding a multi-line entry (such as the entry that announces all
the types that became opaque with OpenSSL 1.1.0).
This file helps users get a very quick summary of what comes with a
specific release, to see if an upgrade is worth the effort.
openssl-1.1.1/ms/0000755000000000000000000000000013345734627012330 5ustar rootrootopenssl-1.1.1/ms/uplink-x86.pl0000755000000000000000000000203613345734627014616 0ustar rootroot#! /usr/bin/env perl
# Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC, "${dir}.", "${dir}../crypto/perlasm");
require "x86asm.pl";
require "uplink-common.pl";
$output = pop;
open STDOUT,">$output";
&asm_init($ARGV[0]);
&external_label("OPENSSL_Uplink");
&public_label("OPENSSL_UplinkTable");
for ($i=1;$i<=$N;$i++) {
&function_begin_B("_\$lazy${i}");
&lea ("eax",&DWP(&label("OPENSSL_UplinkTable")));
&push ($i);
&push ("eax");
&call (&label("OPENSSL_Uplink"));
&pop ("eax");
&add ("esp",4);
&jmp_ptr(&DWP(4*$i,"eax"));
&function_end_B("_\$lazy${i}");
}
&dataseg();
&align(4);
&set_label("OPENSSL_UplinkTable");
&data_word($N);
for ($i=1;$i<=$N;$i++) {
&data_word(&label("_\$lazy${i}"));
}
&asm_finish();
close STDOUT;
openssl-1.1.1/ms/uplink.c0000644000000000000000000000777213345734627014013 0ustar rootroot/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
# define UNICODE
#endif
#if defined(UNICODE) && !defined(_UNICODE)
# define _UNICODE
#endif
#if defined(_UNICODE) && !defined(UNICODE)
# define UNICODE
#endif
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include "uplink.h"
void OPENSSL_showfatal(const char *, ...);
static TCHAR msg[128];
static void unimplemented(void)
{
OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
ExitProcess(1);
}
void OPENSSL_Uplink(volatile void **table, int index)
{
static HMODULE volatile apphandle = NULL;
static void **volatile applinktable = NULL;
int len;
void (*func) (void) = unimplemented;
HANDLE h;
void **p;
/*
* Note that the below code is not MT-safe in respect to msg buffer, but
* what's the worst thing that can happen? Error message might be
* misleading or corrupted. As error condition is fatal and should never
* be risen, I accept the risk...
*/
/*
* One can argue that I should have used InterlockedExchangePointer or
* something to update static variables and table[]. Well, store
* instructions are as atomic as they can get and assigned values are
* effectively constant... So that volatile qualifier should be
* sufficient [it prohibits compiler to reorder memory access
* instructions].
*/
do {
len = _sntprintf(msg, sizeof(msg) / sizeof(TCHAR),
_T("OPENSSL_Uplink(%p,%02X): "), table, index);
_tcscpy(msg + len, _T("unimplemented function"));
if ((h = apphandle) == NULL) {
if ((h = GetModuleHandle(NULL)) == NULL) {
apphandle = (HMODULE) - 1;
_tcscpy(msg + len, _T("no host application"));
break;
}
apphandle = h;
}
if ((h = apphandle) == (HMODULE) - 1) /* revalidate */
break;
if (applinktable == NULL) {
void **(*applink) ();
applink = (void **(*)())GetProcAddress(h, "OPENSSL_Applink");
if (applink == NULL) {
apphandle = (HMODULE) - 1;
_tcscpy(msg + len, _T("no OPENSSL_Applink"));
break;
}
p = (*applink) ();
if (p == NULL) {
apphandle = (HMODULE) - 1;
_tcscpy(msg + len, _T("no ApplinkTable"));
break;
}
applinktable = p;
} else
p = applinktable;
if (index > (int)p[0])
break;
if (p[index])
func = p[index];
} while (0);
table[index] = func;
}
#if defined(_MSC_VER) && defined(_M_IX86)
# define LAZY(i) \
__declspec(naked) static void lazy##i (void) { \
_asm push i \
_asm push OFFSET OPENSSL_UplinkTable \
_asm call OPENSSL_Uplink \
_asm add esp,8 \
_asm jmp OPENSSL_UplinkTable+4*i }
# if APPLINK_MAX>25
# error "Add more stubs..."
# endif
/* make some in advance... */
LAZY(1) LAZY(2) LAZY(3) LAZY(4) LAZY(5)
LAZY(6) LAZY(7) LAZY(8) LAZY(9) LAZY(10)
LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15)
LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20)
LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25)
void *OPENSSL_UplinkTable[] = {
(void *)APPLINK_MAX,
lazy1, lazy2, lazy3, lazy4, lazy5,
lazy6, lazy7, lazy8, lazy9, lazy10,
lazy11, lazy12, lazy13, lazy14, lazy15,
lazy16, lazy17, lazy18, lazy19, lazy20,
lazy21, lazy22, lazy23, lazy24, lazy25,
};
#endif
#ifdef SELFTEST
main()
{
UP_fprintf(UP_stdout, "hello, world!\n");
}
#endif
openssl-1.1.1/ms/cmp.pl0000755000000000000000000000225213345734627013450 0ustar rootroot#! /usr/bin/env perl
# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
($#ARGV == 1) || die "usage: cmp.pl <file1> <file2>\n";
open(IN0,"<$ARGV[0]") || die "unable to open $ARGV[0]\n";
open(IN1,"<$ARGV[1]") || die "unable to open $ARGV[1]\n";
binmode IN0;
binmode IN1;
$tot=0;
$ret=1;
for (;;)
{
$n1=sysread(IN0,$b1,4096);
$n2=sysread(IN1,$b2,4096);
last if ($n1 != $n2);
last if ($b1 ne $b2);
last if ($n1 < 0);
if ($n1 == 0)
{
$ret=0;
last;
}
$tot+=$n1;
}
close(IN0);
close(IN1);
if ($ret)
{
printf STDERR "$ARGV[0] and $ARGV[1] are different\n";
@a1=unpack("C*",$b1);
@a2=unpack("C*",$b2);
for ($i=0; $i<=$#a1; $i++)
{
if ($a1[$i] ne $a2[$i])
{
printf "%02X %02X <<\n",$a1[$i],$a2[$i];
last;
}
}
$nm=$tot+$n1;
$tot+=$i+1;
printf STDERR "diff at char $tot of $nm\n";
}
exit($ret);
openssl-1.1.1/ms/uplink-common.pl0000755000000000000000000000212513345734627015460 0ustar rootroot#! /usr/bin/env perl
# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# pull APPLINK_MAX value from applink.c...
$applink_c=$0;
$applink_c=~s|[^/\\]+$||g;
$applink_c.="applink.c";
open(INPUT,$applink_c) || die "can't open $applink_c: $!";
@max=grep {/APPLINK_MAX\s+(\d+)/} <INPUT>;
close(INPUT);
($#max==0) or die "can't find APPLINK_MAX in $applink_c";
$max[0]=~/APPLINK_MAX\s+(\d+)/;
$N=$1; # number of entries in OPENSSL_UplinkTable not including
# OPENSSL_UplinkTable[0], which contains this value...
1;
# Idea is to fill the OPENSSL_UplinkTable with pointers to stubs
# which invoke 'void OPENSSL_Uplink (ULONG_PTR *table,int index)';
# and then dereference themselves. Latter shall result in endless
# loop *unless* OPENSSL_Uplink does not replace 'table[index]' with
# something else, e.g. as 'table[index]=unimplemented;'...
openssl-1.1.1/ms/applink.c0000644000000000000000000000666413345734627014146 0ustar rootroot/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#define APPLINK_STDIN 1
#define APPLINK_STDOUT 2
#define APPLINK_STDERR 3
#define APPLINK_FPRINTF 4
#define APPLINK_FGETS 5
#define APPLINK_FREAD 6
#define APPLINK_FWRITE 7
#define APPLINK_FSETMOD 8
#define APPLINK_FEOF 9
#define APPLINK_FCLOSE 10 /* should not be used */
#define APPLINK_FOPEN 11 /* solely for completeness */
#define APPLINK_FSEEK 12
#define APPLINK_FTELL 13
#define APPLINK_FFLUSH 14
#define APPLINK_FERROR 15
#define APPLINK_CLEARERR 16
#define APPLINK_FILENO 17 /* to be used with below */
#define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */
#define APPLINK_READ 19
#define APPLINK_WRITE 20
#define APPLINK_LSEEK 21
#define APPLINK_CLOSE 22
#define APPLINK_MAX 22 /* always same as last macro */
#ifndef APPMACROS_ONLY
# include <stdio.h>
# include <io.h>
# include <fcntl.h>
static void *app_stdin(void)
{
return stdin;
}
static void *app_stdout(void)
{
return stdout;
}
static void *app_stderr(void)
{
return stderr;
}
static int app_feof(FILE *fp)
{
return feof(fp);
}
static int app_ferror(FILE *fp)
{
return ferror(fp);
}
static void app_clearerr(FILE *fp)
{
clearerr(fp);
}
static int app_fileno(FILE *fp)
{
return _fileno(fp);
}
static int app_fsetmod(FILE *fp, char mod)
{
return _setmode(_fileno(fp), mod == 'b' ? _O_BINARY : _O_TEXT);
}
#ifdef __cplusplus
extern "C" {
#endif
__declspec(dllexport)
void **
# if defined(__BORLANDC__)
/*
* __stdcall appears to be the only way to get the name
* decoration right with Borland C. Otherwise it works
* purely incidentally, as we pass no parameters.
*/
__stdcall
# else
__cdecl
# endif
OPENSSL_Applink(void)
{
static int once = 1;
static void *OPENSSL_ApplinkTable[APPLINK_MAX + 1] =
{ (void *)APPLINK_MAX };
if (once) {
OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin;
OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout;
OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr;
OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf;
OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets;
OPENSSL_ApplinkTable[APPLINK_FREAD] = fread;
OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite;
OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod;
OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof;
OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose;
OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen;
OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek;
OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell;
OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush;
OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror;
OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr;
OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno;
OPENSSL_ApplinkTable[APPLINK_OPEN] = _open;
OPENSSL_ApplinkTable[APPLINK_READ] = _read;
OPENSSL_ApplinkTable[APPLINK_WRITE] = _write;
OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek;
OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close;
once = 0;
}
return OPENSSL_ApplinkTable;
}
#ifdef __cplusplus
}
#endif
#endif
openssl-1.1.1/ms/uplink-x86_64.pl0000755000000000000000000000276313345734627015136 0ustar rootroot#! /usr/bin/env perl
# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
$output=pop;
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
open OUT,"| \"$^X\" \"${dir}../crypto/perlasm/x86_64-xlate.pl\" \"$output\"";
*STDOUT=*OUT;
push(@INC,"${dir}.");
require "uplink-common.pl";
$prefix="_lazy";
print <<___;
.text
.extern OPENSSL_Uplink
.globl OPENSSL_UplinkTable
___
for ($i=1;$i<=$N;$i++) {
print <<___;
.type $prefix${i},\@abi-omnipotent
.align 16
$prefix${i}:
.byte 0x48,0x83,0xEC,0x28 # sub rsp,40
mov %rcx,48(%rsp)
mov %rdx,56(%rsp)
mov %r8,64(%rsp)
mov %r9,72(%rsp)
lea OPENSSL_UplinkTable(%rip),%rcx
mov \$$i,%rdx
call OPENSSL_Uplink
mov 48(%rsp),%rcx
mov 56(%rsp),%rdx
mov 64(%rsp),%r8
mov 72(%rsp),%r9
lea OPENSSL_UplinkTable(%rip),%rax
add \$40,%rsp
jmp *8*$i(%rax)
$prefix${i}_end:
.size $prefix${i},.-$prefix${i}
___
}
print <<___;
.data
OPENSSL_UplinkTable:
.quad $N
___
for ($i=1;$i<=$N;$i++) { print " .quad $prefix$i\n"; }
print <<___;
.section .pdata,"r"
.align 4
___
for ($i=1;$i<=$N;$i++) {
print <<___;
.rva $prefix${i},$prefix${i}_end,${prefix}_unwind_info
___
}
print <<___;
.section .xdata,"r"
.align 8
${prefix}_unwind_info:
.byte 0x01,0x04,0x01,0x00
.byte 0x04,0x42,0x00,0x00
___
close STDOUT;
openssl-1.1.1/ms/uplink.h0000644000000000000000000000426613345734627014013 0ustar rootroot/*
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#define APPMACROS_ONLY
#include "applink.c"
extern void *OPENSSL_UplinkTable[];
#define UP_stdin (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDIN])()
#define UP_stdout (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDOUT])()
#define UP_stderr (*(void *(*)(void))OPENSSL_UplinkTable[APPLINK_STDERR])()
#define UP_fprintf (*(int (*)(void *,const char *,...))OPENSSL_UplinkTable[APPLINK_FPRINTF])
#define UP_fgets (*(char *(*)(char *,int,void *))OPENSSL_UplinkTable[APPLINK_FGETS])
#define UP_fread (*(size_t (*)(void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FREAD])
#define UP_fwrite (*(size_t (*)(const void *,size_t,size_t,void *))OPENSSL_UplinkTable[APPLINK_FWRITE])
#define UP_fsetmod (*(int (*)(void *,char))OPENSSL_UplinkTable[APPLINK_FSETMOD])
#define UP_feof (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FEOF])
#define UP_fclose (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FCLOSE])
#define UP_fopen (*(void *(*)(const char *,const char *))OPENSSL_UplinkTable[APPLINK_FOPEN])
#define UP_fseek (*(int (*)(void *,long,int))OPENSSL_UplinkTable[APPLINK_FSEEK])
#define UP_ftell (*(long (*)(void *))OPENSSL_UplinkTable[APPLINK_FTELL])
#define UP_fflush (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FFLUSH])
#define UP_ferror (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FERROR])
#define UP_clearerr (*(void (*)(void *))OPENSSL_UplinkTable[APPLINK_CLEARERR])
#define UP_fileno (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FILENO])
#define UP_open (*(int (*)(const char *,int,...))OPENSSL_UplinkTable[APPLINK_OPEN])
#define UP_read (*(ossl_ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ])
#define UP_write (*(ossl_ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE])
#define UP_lseek (*(long (*)(int,long,int))OPENSSL_UplinkTable[APPLINK_LSEEK])
#define UP_close (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE])
openssl-1.1.1/ms/uplink-ia64.pl0000755000000000000000000000260313345734627014734 0ustar rootroot#! /usr/bin/env perl
# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
$output = pop;
open STDOUT,">$output";
$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
push(@INC,"${dir}.");
require "uplink-common.pl";
local $V=8; # max number of args uplink functions may accept...
my $loc0 = "r".(32+$V);
print <<___;
.text
.global OPENSSL_Uplink#
.type OPENSSL_Uplink#,\@function
___
for ($i=1;$i<=$N;$i++) {
print <<___;
.proc lazy$i#
lazy$i:
.prologue
{ .mii; .save ar.pfs,$loc0
alloc loc0=ar.pfs,$V,3,2,0
.save b0,loc1
mov loc1=b0
addl loc2=\@ltoff(OPENSSL_UplinkTable#),gp };;
.body
{ .mmi; ld8 out0=[loc2]
mov out1=$i };;
{ .mib; add loc2=8*$i,out0
br.call.sptk.many b0=OPENSSL_Uplink# };;
{ .mmi; ld8 r31=[loc2];;
ld8 r30=[r31],8 };;
{ .mii; ld8 gp=[r31]
mov b6=r30
mov b0=loc1 };;
{ .mib; mov ar.pfs=loc0
br.many b6 };;
.endp lazy$i#
___
}
print <<___;
.data
.global OPENSSL_UplinkTable#
OPENSSL_UplinkTable: data8 $N // amount of following entries
___
for ($i=1;$i<=$N;$i++) { print " data8 \@fptr(lazy$i#)\n"; }
print <<___;
.size OPENSSL_UplinkTable,.-OPENSSL_UplinkTable#
___
close STDOUT;
openssl-1.1.1/AUTHORS0000644000000000000000000000131513345734623012755 0ustar rootroot# This is the list of OpenSSL authors for copyright purposes.
#
# This does not necessarily list everyone who has contributed code, since in
# some cases, their employer may be the copyright holder. To see the full list
# of contributors, see the revision history in source control.
OpenSSL Software Services, Inc.
OpenSSL Software Foundation, Inc.
# Individuals
Andy Polyakov
Ben Laurie
Ben Kaduk
Bernd Edlinger
Bodo Möller
David Benjamin
Emilia Käsper
Eric Young
Geoff Thorpe
Holger Reif
Kurt Roeckx
Lutz Jänicke
Mark J. Cox
Matt Caswell
Matthias St. Pierre
Nils Larsch
Paul Dale
Paul C. Sutton
Ralf S. Engelschall
Rich Salz
Richard Levitte
Stephen Henson
Steve Marquess
Tim Hudson
Ulf Möller
Viktor Dukhovni
openssl-1.1.1/NOTES.ANDROID0000644000000000000000000000631213345734623013601 0ustar rootroot
NOTES FOR ANDROID PLATFORMS
===========================
Requirement details
-------------------
Beside basic tools like perl and make you'll need to download the Android
NDK. It's available for Linux, Mac OS X and Windows, but only Linux
version was actually tested. There is no reason to believe that Mac OS X
wouldn't work. And as for Windows, it's unclear which "shell" would be
suitable, MSYS2 might have best chances. NDK version should play lesser
role, the goal is to support a range of most recent versions.
Configuration
-------------
Android is naturally cross-compiled target and you can't use ./config.
You have to use ./Configure and name your target explicitly; there are
android-arm, android-arm64, android-mips, android-mip64, android-x86
and android-x86_64. Do not pass --cross-compile-prefix (as you might
be tempted), as it will be "calculated" automatically based on chosen
platform. Though you still need to know the prefix to extend your PATH,
in order to invoke $(CROSS_COMPILE)gcc and company. (Configure will fail
and give you a hint if you get it wrong.) Apart from PATH adjustment
you need to set ANDROID_NDK environment to point at NDK directory
as /some/where/android-ndk-<ver>. NDK customarily supports multiple
Android API levels, e.g. android-14, android-21, etc. By default latest
one available is chosen. If you need to target older platform, pass
additional -D__ANDROID_API__=N to Configure. N is numeric value of the
target platform version. For example, to compile for ICS on ARM with
NDK 10d:
ANDROID_NDK=/some/where/android-ndk-10d
PATH=$ANDROID_NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
./Configure android-arm -D__ANDROID_API__=14
Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
variable set to $ANDROID_NDK/platforms/android-<api>/arch-<arch> to
appoint headers-n-libraries' location. It's still recognized in order
to facilitate migration from older projects. However, since API level
appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in
conflict, and mixing the two is therefore not supported. Migration to
CROSS_SYSROOT-less setup is recommended.
One can engage clang by adjusting PATH to cover NDK's clang. Just keep
in mind that if you miss it, Configure will try to use gcc... Also,
PATH would need even further adjustment to cover unprefixed, yet
target-specific, ar and ranlib. It's possible that you don't need to
bother, if binutils-multiarch is installed on your Linux system.
Running tests (on Linux)
------------------------
This is not actually supported. Notes are meant rather as inspiration.
Even though build output targets alien system, it's possible to execute
test suite on Linux system by employing qemu-user. The trick is static
linking. Pass -static to Configure, then edit generated Makefile and
remove occurrences of -ldl and -pie flags. You would also need to pick
API version that comes with usable static libraries, 42/2=21 used to
work. Once built, you should be able to
env EXE_SHELL=qemu-<arch> make test
If you need to pass additional flag to qemu, quotes are your friend, e.g.
env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test
openssl-1.1.1/test/0000755000000000000000000000000013345734631012663 5ustar rootrootopenssl-1.1.1/test/drbgtest.c0000644000000000000000000006766013345734630014663 0ustar rootroot/*
* Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "internal/nelem.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/obj_mac.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include "../crypto/rand/rand_lcl.h"
#include "../crypto/include/internal/rand_int.h"
#if defined(_WIN32)
# include <windows.h>
#endif
#include "testutil.h"
#include "drbgtest.h"
typedef struct drbg_selftest_data_st {
int post;
int nid;
unsigned int flags;
/* KAT data for no PR */
const unsigned char *entropy;
size_t entropylen;
const unsigned char *nonce;
size_t noncelen;
const unsigned char *pers;
size_t perslen;
const unsigned char *adin;
size_t adinlen;
const unsigned char *entropyreseed;
size_t entropyreseedlen;
const unsigned char *adinreseed;
size_t adinreseedlen;
const unsigned char *adin2;
size_t adin2len;
const unsigned char *expected;
size_t exlen;
const unsigned char *kat2;
size_t kat2len;
/* KAT data for PR */
const unsigned char *entropy_pr;
size_t entropylen_pr;
const unsigned char *nonce_pr;
size_t noncelen_pr;
const unsigned char *pers_pr;
size_t perslen_pr;
const unsigned char *adin_pr;
size_t adinlen_pr;
const unsigned char *entropypr_pr;
size_t entropyprlen_pr;
const unsigned char *ading_pr;
size_t adinglen_pr;
const unsigned char *entropyg_pr;
size_t entropyglen_pr;
const unsigned char *kat_pr;
size_t katlen_pr;
const unsigned char *kat2_pr;
size_t kat2len_pr;
} DRBG_SELFTEST_DATA;
#define make_drbg_test_data(nid, flag, pr, post) {\
post, nid, flag, \
pr##_entropyinput, sizeof(pr##_entropyinput), \
pr##_nonce, sizeof(pr##_nonce), \
pr##_personalizationstring, sizeof(pr##_personalizationstring), \
pr##_additionalinput, sizeof(pr##_additionalinput), \
pr##_entropyinputreseed, sizeof(pr##_entropyinputreseed), \
pr##_additionalinputreseed, sizeof(pr##_additionalinputreseed), \
pr##_additionalinput2, sizeof(pr##_additionalinput2), \
pr##_int_returnedbits, sizeof(pr##_int_returnedbits), \
pr##_returnedbits, sizeof(pr##_returnedbits), \
pr##_pr_entropyinput, sizeof(pr##_pr_entropyinput), \
pr##_pr_nonce, sizeof(pr##_pr_nonce), \
pr##_pr_personalizationstring, sizeof(pr##_pr_personalizationstring), \
pr##_pr_additionalinput, sizeof(pr##_pr_additionalinput), \
pr##_pr_entropyinputpr, sizeof(pr##_pr_entropyinputpr), \
pr##_pr_additionalinput2, sizeof(pr##_pr_additionalinput2), \
pr##_pr_entropyinputpr2, sizeof(pr##_pr_entropyinputpr2), \
pr##_pr_int_returnedbits, sizeof(pr##_pr_int_returnedbits), \
pr##_pr_returnedbits, sizeof(pr##_pr_returnedbits) \
}
#define make_drbg_test_data_use_df(nid, pr, p) \
make_drbg_test_data(nid, 0, pr, p)
#define make_drbg_test_data_no_df(nid, pr, p) \
make_drbg_test_data(nid, RAND_DRBG_FLAG_CTR_NO_DF, pr, p)
static DRBG_SELFTEST_DATA drbg_test[] = {
make_drbg_test_data_no_df (NID_aes_128_ctr, aes_128_no_df, 0),
make_drbg_test_data_no_df (NID_aes_192_ctr, aes_192_no_df, 0),
make_drbg_test_data_no_df (NID_aes_256_ctr, aes_256_no_df, 1),
make_drbg_test_data_use_df(NID_aes_128_ctr, aes_128_use_df, 0),
make_drbg_test_data_use_df(NID_aes_192_ctr, aes_192_use_df, 0),
make_drbg_test_data_use_df(NID_aes_256_ctr, aes_256_use_df, 1),
};
static int app_data_index;
/*
* Test context data, attached as EXDATA to the RAND_DRBG
*/
typedef struct test_ctx_st {
const unsigned char *entropy;
size_t entropylen;
int entropycnt;
const unsigned char *nonce;
size_t noncelen;
int noncecnt;
} TEST_CTX;
static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
int entropy, size_t min_len, size_t max_len,
int prediction_resistance)
{
TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
t->entropycnt++;
*pout = (unsigned char *)t->entropy;
return t->entropylen;
}
static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
t->noncecnt++;
*pout = (unsigned char *)t->nonce;
return t->noncelen;
}
static int uninstantiate(RAND_DRBG *drbg)
{
int ret = drbg == NULL ? 1 : RAND_DRBG_uninstantiate(drbg);
ERR_clear_error();
return ret;
}
/*
* Do a single KAT test. Return 0 on failure.
*/
static int single_kat(DRBG_SELFTEST_DATA *td)
{
RAND_DRBG *drbg = NULL;
TEST_CTX t;
int failures = 0;
unsigned char buff[1024];
/*
* Test without PR: Instantiate DRBG with test entropy, nonce and
* personalisation string.
*/
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, td->flags, NULL)))
return 0;
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL))) {
failures++;
goto err;
}
memset(&t, 0, sizeof(t));
t.entropy = td->entropy;
t.entropylen = td->entropylen;
t.nonce = td->nonce;
t.noncelen = td->noncelen;
RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
if (!TEST_true(RAND_DRBG_instantiate(drbg, td->pers, td->perslen))
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_mem_eq(td->expected, td->exlen, buff, td->exlen))
failures++;
/* Reseed DRBG with test entropy and additional input */
t.entropy = td->entropyreseed;
t.entropylen = td->entropyreseedlen;
if (!TEST_true(RAND_DRBG_reseed(drbg, td->adinreseed, td->adinreseedlen, 0)
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len, 0,
td->adin2, td->adin2len))
|| !TEST_mem_eq(td->kat2, td->kat2len, buff, td->kat2len)))
failures++;
uninstantiate(drbg);
/*
* Now test with PR: Instantiate DRBG with test entropy, nonce and
* personalisation string.
*/
if (!TEST_true(RAND_DRBG_set(drbg, td->nid, td->flags))
|| !TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL)))
failures++;
RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
t.entropy = td->entropy_pr;
t.entropylen = td->entropylen_pr;
t.nonce = td->nonce_pr;
t.noncelen = td->noncelen_pr;
t.entropycnt = 0;
t.noncecnt = 0;
if (!TEST_true(RAND_DRBG_instantiate(drbg, td->pers_pr, td->perslen_pr)))
failures++;
/*
* Now generate with PR: we need to supply entropy as this will
* perform a reseed operation.
*/
t.entropy = td->entropypr_pr;
t.entropylen = td->entropyprlen_pr;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->katlen_pr, 1,
td->adin_pr, td->adinlen_pr))
|| !TEST_mem_eq(td->kat_pr, td->katlen_pr, buff, td->katlen_pr))
failures++;
/*
* Now generate again with PR: supply new entropy again.
*/
t.entropy = td->entropyg_pr;
t.entropylen = td->entropyglen_pr;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->kat2len_pr, 1,
td->ading_pr, td->adinglen_pr))
|| !TEST_mem_eq(td->kat2_pr, td->kat2len_pr,
buff, td->kat2len_pr))
failures++;
err:
uninstantiate(drbg);
RAND_DRBG_free(drbg);
return failures == 0;
}
/*
* Initialise a DRBG based on selftest data
*/
static int init(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td, TEST_CTX *t)
{
if (!TEST_true(RAND_DRBG_set(drbg, td->nid, td->flags))
|| !TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL)))
return 0;
RAND_DRBG_set_ex_data(drbg, app_data_index, t);
t->entropy = td->entropy;
t->entropylen = td->entropylen;
t->nonce = td->nonce;
t->noncelen = td->noncelen;
t->entropycnt = 0;
t->noncecnt = 0;
return 1;
}
/*
* Initialise and instantiate DRBG based on selftest data
*/
static int instantiate(RAND_DRBG *drbg, DRBG_SELFTEST_DATA *td,
TEST_CTX *t)
{
if (!TEST_true(init(drbg, td, t))
|| !TEST_true(RAND_DRBG_instantiate(drbg, td->pers, td->perslen)))
return 0;
return 1;
}
/*
* Perform extensive error checking as required by SP800-90.
* Induce several failure modes and check an error condition is set.
*/
static int error_check(DRBG_SELFTEST_DATA *td)
{
static char zero[sizeof(RAND_DRBG)];
RAND_DRBG *drbg = NULL;
TEST_CTX t;
unsigned char buff[1024];
unsigned int generate_counter_tmp;
int ret = 0;
if (!TEST_ptr(drbg = RAND_DRBG_new(0, 0, NULL)))
goto err;
/*
* Personalisation string tests
*/
/* Test detection of too large personlisation string */
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, drbg->max_perslen + 1) > 0)
goto err;
/*
* Entropy source tests
*/
/* Test entropy source failure detecion: i.e. returns no data */
t.entropylen = 0;
if (TEST_int_le(RAND_DRBG_instantiate(drbg, td->pers, td->perslen), 0))
goto err;
/* Try to generate output from uninstantiated DRBG */
if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !uninstantiate(drbg))
goto err;
/* Test insufficient entropy */
t.entropylen = drbg->min_entropylen - 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
|| !uninstantiate(drbg))
goto err;
/* Test too much entropy */
t.entropylen = drbg->max_entropylen + 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
|| !uninstantiate(drbg))
goto err;
/*
* Nonce tests
*/
/* Test too small nonce */
if (drbg->min_noncelen) {
t.noncelen = drbg->min_noncelen - 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
|| !uninstantiate(drbg))
goto err;
}
/* Test too large nonce */
if (drbg->max_noncelen) {
t.noncelen = drbg->max_noncelen + 1;
if (!init(drbg, td, &t)
|| RAND_DRBG_instantiate(drbg, td->pers, td->perslen) > 0
|| !uninstantiate(drbg))
goto err;
}
/* Instantiate with valid data, Check generation is now OK */
if (!instantiate(drbg, td, &t)
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen)))
goto err;
/* Request too much data for one request */
if (!TEST_false(RAND_DRBG_generate(drbg, buff, drbg->max_request + 1, 0,
td->adin, td->adinlen)))
goto err;
/* Try too large additional input */
if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, drbg->max_adinlen + 1)))
goto err;
/*
* Check prediction resistance request fails if entropy source
* failure.
*/
t.entropylen = 0;
if (TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
td->adin, td->adinlen))
|| !uninstantiate(drbg))
goto err;
/* Instantiate again with valid data */
if (!instantiate(drbg, td, &t))
goto err;
generate_counter_tmp = drbg->generate_counter;
drbg->generate_counter = drbg->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_int_eq(t.entropycnt, 1)
|| !TEST_int_eq(drbg->generate_counter, generate_counter_tmp + 1)
|| !uninstantiate(drbg))
goto err;
/*
* Check prediction resistance request fails if entropy source
* failure.
*/
t.entropylen = 0;
if (!TEST_false(RAND_DRBG_generate(drbg, buff, td->exlen, 1,
td->adin, td->adinlen))
|| !uninstantiate(drbg))
goto err;
/* Test reseed counter works */
if (!instantiate(drbg, td, &t))
goto err;
generate_counter_tmp = drbg->generate_counter;
drbg->generate_counter = drbg->reseed_interval;
/* Generate output and check entropy has been requested for reseed */
t.entropycnt = 0;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->exlen, 0,
td->adin, td->adinlen))
|| !TEST_int_eq(t.entropycnt, 1)
|| !TEST_int_eq(drbg->generate_counter, generate_counter_tmp + 1)
|| !uninstantiate(drbg))
goto err;
/*
* Explicit reseed tests
*/
/* Test explicit reseed with too large additional input */
if (!init(drbg, td, &t)
|| RAND_DRBG_reseed(drbg, td->adin, drbg->max_adinlen + 1, 0) > 0)
goto err;
/* Test explicit reseed with entropy source failure */
t.entropylen = 0;
if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
|| !uninstantiate(drbg))
goto err;
/* Test explicit reseed with too much entropy */
if (!init(drbg, td, &t))
goto err;
t.entropylen = drbg->max_entropylen + 1;
if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
|| !uninstantiate(drbg))
goto err;
/* Test explicit reseed with too little entropy */
if (!init(drbg, td, &t))
goto err;
t.entropylen = drbg->min_entropylen - 1;
if (!TEST_int_le(RAND_DRBG_reseed(drbg, td->adin, td->adinlen, 0), 0)
|| !uninstantiate(drbg))
goto err;
/* Standard says we have to check uninstantiate really zeroes */
if (!TEST_mem_eq(zero, sizeof(drbg->data), &drbg->data, sizeof(drbg->data)))
goto err;
ret = 1;
err:
uninstantiate(drbg);
RAND_DRBG_free(drbg);
return ret;
}
static int test_kats(int i)
{
DRBG_SELFTEST_DATA *td = &drbg_test[i];
int rv = 0;
if (!single_kat(td))
goto err;
rv = 1;
err:
return rv;
}
static int test_error_checks(int i)
{
DRBG_SELFTEST_DATA *td = &drbg_test[i];
int rv = 0;
if (error_check(td))
goto err;
rv = 1;
err:
return rv;
}
/*
* Hook context data, attached as EXDATA to the RAND_DRBG
*/
typedef struct hook_ctx_st {
RAND_DRBG *drbg;
/*
* Currently, all DRBGs use the same get_entropy() callback.
* The tests however, don't assume this and store
* the original callback for every DRBG separately.
*/
RAND_DRBG_get_entropy_fn get_entropy;
/* forces a failure of the get_entropy() call if nonzero */
int fail;
/* counts successful reseeds */
int reseed_count;
} HOOK_CTX;
static HOOK_CTX master_ctx, public_ctx, private_ctx;
static HOOK_CTX *get_hook_ctx(RAND_DRBG *drbg)
{
return (HOOK_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
}
/* Intercepts and counts calls to the get_entropy() callback */
static size_t get_entropy_hook(RAND_DRBG *drbg, unsigned char **pout,
int entropy, size_t min_len, size_t max_len,
int prediction_resistance)
{
size_t ret;
HOOK_CTX *ctx = get_hook_ctx(drbg);
if (ctx->fail != 0)
return 0;
ret = ctx->get_entropy(drbg, pout, entropy, min_len, max_len,
prediction_resistance);
if (ret != 0)
ctx->reseed_count++;
return ret;
}
/* Installs a hook for the get_entropy() callback of the given drbg */
static void hook_drbg(RAND_DRBG *drbg, HOOK_CTX *ctx)
{
memset(ctx, 0, sizeof(*ctx));
ctx->drbg = drbg;
ctx->get_entropy = drbg->get_entropy;
drbg->get_entropy = get_entropy_hook;
RAND_DRBG_set_ex_data(drbg, app_data_index, ctx);
}
/* Installs the hook for the get_entropy() callback of the given drbg */
static void unhook_drbg(RAND_DRBG *drbg)
{
HOOK_CTX *ctx = get_hook_ctx(drbg);
drbg->get_entropy = ctx->get_entropy;
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
}
/* Resets the given hook context */
static void reset_hook_ctx(HOOK_CTX *ctx)
{
ctx->fail = 0;
ctx->reseed_count = 0;
}
/* Resets all drbg hook contexts */
static void reset_drbg_hook_ctx(void)
{
reset_hook_ctx(&master_ctx);
reset_hook_ctx(&public_ctx);
reset_hook_ctx(&private_ctx);
}
/*
* Generates random output using RAND_bytes() and RAND_priv_bytes()
* and checks whether the three shared DRBGs were reseeded as
* expected.
*
* |expect_success|: expected outcome (as reported by RAND_status())
* |master|, |public|, |private|: pointers to the three shared DRBGs
* |expect_xxx_reseed| =
* 1: it is expected that the specified DRBG is reseeded
* 0: it is expected that the specified DRBG is not reseeded
* -1: don't check whether the specified DRBG was reseeded or not
*/
static int test_drbg_reseed(int expect_success,
RAND_DRBG *master,
RAND_DRBG *public,
RAND_DRBG *private,
int expect_master_reseed,
int expect_public_reseed,
int expect_private_reseed
)
{
unsigned char buf[32];
time_t before_reseed, after_reseed;
int expected_state = (expect_success ? DRBG_READY : DRBG_ERROR);
/*
* step 1: check preconditions
*/
/* Test whether seed propagation is enabled */
if (!TEST_int_ne(master->reseed_counter, 0)
|| !TEST_int_ne(public->reseed_counter, 0)
|| !TEST_int_ne(private->reseed_counter, 0))
return 0;
/* Check whether the master DRBG's reseed counter is the largest one */
if (!TEST_int_le(public->reseed_counter, master->reseed_counter)
|| !TEST_int_le(private->reseed_counter, master->reseed_counter))
return 0;
/*
* step 2: generate random output
*/
/* Generate random output from the public and private DRBG */
before_reseed = expect_master_reseed == 1 ? time(NULL) : 0;
if (!TEST_int_eq(RAND_bytes(buf, sizeof(buf)), expect_success)
|| !TEST_int_eq(RAND_priv_bytes(buf, sizeof(buf)), expect_success))
return 0;
after_reseed = time(NULL);
/*
* step 3: check postconditions
*/
/* Test whether reseeding succeeded as expected */
if (!TEST_int_eq(master->state, expected_state)
|| !TEST_int_eq(public->state, expected_state)
|| !TEST_int_eq(private->state, expected_state))
return 0;
if (expect_master_reseed >= 0) {
/* Test whether master DRBG was reseeded as expected */
if (!TEST_int_eq(master_ctx.reseed_count, expect_master_reseed))
return 0;
}
if (expect_public_reseed >= 0) {
/* Test whether public DRBG was reseeded as expected */
if (!TEST_int_eq(public_ctx.reseed_count, expect_public_reseed))
return 0;
}
if (expect_private_reseed >= 0) {
/* Test whether public DRBG was reseeded as expected */
if (!TEST_int_eq(private_ctx.reseed_count, expect_private_reseed))
return 0;
}
if (expect_success == 1) {
/* Test whether all three reseed counters are synchronized */
if (!TEST_int_eq(public->reseed_counter, master->reseed_counter)
|| !TEST_int_eq(private->reseed_counter, master->reseed_counter))
return 0;
/* Test whether reseed time of master DRBG is set correctly */
if (!TEST_time_t_le(before_reseed, master->reseed_time)
|| !TEST_time_t_le(master->reseed_time, after_reseed))
return 0;
/* Test whether reseed times of child DRBGs are synchronized with master */
if (!TEST_time_t_ge(public->reseed_time, master->reseed_time)
|| !TEST_time_t_ge(private->reseed_time, master->reseed_time))
return 0;
} else {
ERR_clear_error();
}
return 1;
}
/*
* Test whether the default rand_method (RAND_OpenSSL()) is
* setup correctly, in particular whether reseeding works
* as designed.
*/
static int test_rand_reseed(void)
{
RAND_DRBG *master, *public, *private;
unsigned char rand_add_buf[256];
int rv=0;
/* Check whether RAND_OpenSSL() is the default method */
if (!TEST_ptr_eq(RAND_get_rand_method(), RAND_OpenSSL()))
return 0;
/* All three DRBGs should be non-null */
if (!TEST_ptr(master = RAND_DRBG_get0_master())
|| !TEST_ptr(public = RAND_DRBG_get0_public())
|| !TEST_ptr(private = RAND_DRBG_get0_private()))
return 0;
/* There should be three distinct DRBGs, two of them chained to master */
if (!TEST_ptr_ne(public, private)
|| !TEST_ptr_ne(public, master)
|| !TEST_ptr_ne(private, master)
|| !TEST_ptr_eq(public->parent, master)
|| !TEST_ptr_eq(private->parent, master))
return 0;
/* uninstantiate the three global DRBGs */
RAND_DRBG_uninstantiate(private);
RAND_DRBG_uninstantiate(public);
RAND_DRBG_uninstantiate(master);
/* Install hooks for the following tests */
hook_drbg(master, &master_ctx);
hook_drbg(public, &public_ctx);
hook_drbg(private, &private_ctx);
/*
* Test initial seeding of shared DRBGs
*/
if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1)))
goto error;
reset_drbg_hook_ctx();
/*
* Test initial state of shared DRBGs
*/
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 0)))
goto error;
reset_drbg_hook_ctx();
/*
* Test whether the public and private DRBG are both reseeded when their
* reseed counters differ from the master's reseed counter.
*/
master->reseed_counter++;
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 1)))
goto error;
reset_drbg_hook_ctx();
/*
* Test whether the public DRBG is reseeded when its reseed counter differs
* from the master's reseed counter.
*/
master->reseed_counter++;
private->reseed_counter++;
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 1, 0)))
goto error;
reset_drbg_hook_ctx();
/*
* Test whether the private DRBG is reseeded when its reseed counter differs
* from the master's reseed counter.
*/
master->reseed_counter++;
public->reseed_counter++;
if (!TEST_true(test_drbg_reseed(1, master, public, private, 0, 0, 1)))
goto error;
reset_drbg_hook_ctx();
/* fill 'randomness' buffer with some arbitrary data */
memset(rand_add_buf, 'r', sizeof(rand_add_buf));
/*
* Test whether all three DRBGs are reseeded by RAND_add()
*/
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
if (!TEST_true(test_drbg_reseed(1, master, public, private, 1, 1, 1)))
goto error;
reset_drbg_hook_ctx();
/*
* Test whether none of the DRBGs is reseed if the master fails to reseed
*/
master_ctx.fail = 1;
master->reseed_counter++;
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
if (!TEST_true(test_drbg_reseed(0, master, public, private, 0, 0, 0)))
goto error;
reset_drbg_hook_ctx();
rv = 1;
error:
/* Remove hooks */
unhook_drbg(master);
unhook_drbg(public);
unhook_drbg(private);
return rv;
}
#if defined(OPENSSL_THREADS)
static int multi_thread_rand_bytes_succeeded = 1;
static int multi_thread_rand_priv_bytes_succeeded = 1;
static void run_multi_thread_test(void)
{
unsigned char buf[256];
time_t start = time(NULL);
RAND_DRBG *public, *private;
public = RAND_DRBG_get0_public();
private = RAND_DRBG_get0_private();
RAND_DRBG_set_reseed_time_interval(public, 1);
RAND_DRBG_set_reseed_time_interval(private, 1);
do {
if (RAND_bytes(buf, sizeof(buf)) <= 0)
multi_thread_rand_bytes_succeeded = 0;
if (RAND_priv_bytes(buf, sizeof(buf)) <= 0)
multi_thread_rand_priv_bytes_succeeded = 0;
}
while(time(NULL) - start < 5);
}
# if defined(OPENSSL_SYS_WINDOWS)
typedef HANDLE thread_t;
static DWORD WINAPI thread_run(LPVOID arg)
{
run_multi_thread_test();
return 0;
}
static int run_thread(thread_t *t)
{
*t = CreateThread(NULL, 0, thread_run, NULL, 0, NULL);
return *t != NULL;
}
static int wait_for_thread(thread_t thread)
{
return WaitForSingleObject(thread, INFINITE) == 0;
}
# else
typedef pthread_t thread_t;
static void *thread_run(void *arg)
{
run_multi_thread_test();
return NULL;
}
static int run_thread(thread_t *t)
{
return pthread_create(t, NULL, thread_run, NULL) == 0;
}
static int wait_for_thread(thread_t thread)
{
return pthread_join(thread, NULL) == 0;
}
# endif
/*
* The main thread will also run the test, so we'll have THREADS+1 parallel
* tests running
*/
# define THREADS 3
static int test_multi_thread(void)
{
thread_t t[THREADS];
int i;
for (i = 0; i < THREADS; i++)
run_thread(&t[i]);
run_multi_thread_test();
for (i = 0; i < THREADS; i++)
wait_for_thread(t[i]);
if (!TEST_true(multi_thread_rand_bytes_succeeded))
return 0;
if (!TEST_true(multi_thread_rand_priv_bytes_succeeded))
return 0;
return 1;
}
#endif
/*
* This function only returns the entropy already added with RAND_add(),
* and does not get entropy from the OS.
*
* Returns 0 on failure and the size of the buffer on success.
*/
static size_t get_pool_entropy(RAND_DRBG *drbg,
unsigned char **pout,
int entropy, size_t min_len, size_t max_len,
int prediction_resistance)
{
if (drbg->pool == NULL)
return 0;
if (drbg->pool->entropy < (size_t)entropy || drbg->pool->len < min_len
|| drbg->pool->len > max_len)
return 0;
*pout = drbg->pool->buffer;
return drbg->pool->len;
}
/*
* Clean up the entropy that get_pool_entropy() returned.
*/
static void cleanup_pool_entropy(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
{
OPENSSL_secure_clear_free(drbg->pool->buffer, drbg->pool->max_len);
OPENSSL_free(drbg->pool);
drbg->pool = NULL;
}
/*
* Test that instantiating works when OS entropy is not available and that
* RAND_add() is enough to reseed it.
*/
static int test_rand_add(void)
{
RAND_DRBG *master = RAND_DRBG_get0_master();
RAND_DRBG_get_entropy_fn old_get_entropy = master->get_entropy;
RAND_DRBG_cleanup_entropy_fn old_cleanup_entropy = master->cleanup_entropy;
int rv = 0;
unsigned char rand_add_buf[256];
master->get_entropy = get_pool_entropy;
master->cleanup_entropy = cleanup_pool_entropy;
master->reseed_counter++;
RAND_DRBG_uninstantiate(master);
memset(rand_add_buf, 0xCD, sizeof(rand_add_buf));
RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf));
if (!TEST_true(RAND_DRBG_instantiate(master, NULL, 0)))
goto error;
rv = 1;
error:
master->get_entropy = old_get_entropy;
master->cleanup_entropy = old_cleanup_entropy;
return rv;
}
int setup_tests(void)
{
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
ADD_ALL_TESTS(test_kats, OSSL_NELEM(drbg_test));
ADD_ALL_TESTS(test_error_checks, OSSL_NELEM(drbg_test));
ADD_TEST(test_rand_reseed);
ADD_TEST(test_rand_add);
#if defined(OPENSSL_THREADS)
ADD_TEST(test_multi_thread);
#endif
return 1;
}
openssl-1.1.1/test/sslapitest.c0000644000000000000000000057403413345734631015237 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/ocsp.h>
#include <openssl/srp.h>
#include <openssl/txt_db.h>
#include <openssl/aes.h>
#include "ssltestlib.h"
#include "testutil.h"
#include "testutil/output.h"
#include "internal/nelem.h"
#include "../ssl/ssl_locl.h"
#ifndef OPENSSL_NO_TLS1_3
static SSL_SESSION *clientpsk = NULL;
static SSL_SESSION *serverpsk = NULL;
static const char *pskid = "Identity";
static const char *srvid;
static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
size_t *idlen, SSL_SESSION **sess);
static int find_session_cb(SSL *ssl, const unsigned char *identity,
size_t identity_len, SSL_SESSION **sess);
static int use_session_cb_cnt = 0;
static int find_session_cb_cnt = 0;
static SSL_SESSION *create_a_psk(SSL *ssl);
#endif
static char *cert = NULL;
static char *privkey = NULL;
static char *srpvfile = NULL;
static char *tmpfilename = NULL;
#define LOG_BUFFER_SIZE 2048
static char server_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
static size_t server_log_buffer_index = 0;
static char client_log_buffer[LOG_BUFFER_SIZE + 1] = {0};
static size_t client_log_buffer_index = 0;
static int error_writing_log = 0;
#ifndef OPENSSL_NO_OCSP
static const unsigned char orespder[] = "Dummy OCSP Response";
static int ocsp_server_called = 0;
static int ocsp_client_called = 0;
static int cdummyarg = 1;
static X509 *ocspcert = NULL;
#endif
#define NUM_EXTRA_CERTS 40
#define CLIENT_VERSION_LEN 2
/*
* This structure is used to validate that the correct number of log messages
* of various types are emitted when emitting secret logs.
*/
struct sslapitest_log_counts {
unsigned int rsa_key_exchange_count;
unsigned int master_secret_count;
unsigned int client_early_secret_count;
unsigned int client_handshake_secret_count;
unsigned int server_handshake_secret_count;
unsigned int client_application_secret_count;
unsigned int server_application_secret_count;
unsigned int early_exporter_secret_count;
unsigned int exporter_secret_count;
};
static unsigned char serverinfov1[] = {
0xff, 0xff, /* Dummy extension type */
0x00, 0x01, /* Extension length is 1 byte */
0xff /* Dummy extension data */
};
static unsigned char serverinfov2[] = {
0x00, 0x00, 0x00,
(unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */
0xff, 0xff, /* Dummy extension type */
0x00, 0x01, /* Extension length is 1 byte */
0xff /* Dummy extension data */
};
static void client_keylog_callback(const SSL *ssl, const char *line)
{
int line_length = strlen(line);
/* If the log doesn't fit, error out. */
if (client_log_buffer_index + line_length > sizeof(client_log_buffer) - 1) {
TEST_info("Client log too full");
error_writing_log = 1;
return;
}
strcat(client_log_buffer, line);
client_log_buffer_index += line_length;
client_log_buffer[client_log_buffer_index++] = '\n';
}
static void server_keylog_callback(const SSL *ssl, const char *line)
{
int line_length = strlen(line);
/* If the log doesn't fit, error out. */
if (server_log_buffer_index + line_length > sizeof(server_log_buffer) - 1) {
TEST_info("Server log too full");
error_writing_log = 1;
return;
}
strcat(server_log_buffer, line);
server_log_buffer_index += line_length;
server_log_buffer[server_log_buffer_index++] = '\n';
}
static int compare_hex_encoded_buffer(const char *hex_encoded,
size_t hex_length,
const uint8_t *raw,
size_t raw_length)
{
size_t i, j;
char hexed[3];
if (!TEST_size_t_eq(raw_length * 2, hex_length))
return 1;
for (i = j = 0; i < raw_length && j + 1 < hex_length; i++, j += 2) {
sprintf(hexed, "%02x", raw[i]);
if (!TEST_int_eq(hexed[0], hex_encoded[j])
|| !TEST_int_eq(hexed[1], hex_encoded[j + 1]))
return 1;
}
return 0;
}
static int test_keylog_output(char *buffer, const SSL *ssl,
const SSL_SESSION *session,
struct sslapitest_log_counts *expected)
{
char *token = NULL;
unsigned char actual_client_random[SSL3_RANDOM_SIZE] = {0};
size_t client_random_size = SSL3_RANDOM_SIZE;
unsigned char actual_master_key[SSL_MAX_MASTER_KEY_LENGTH] = {0};
size_t master_key_size = SSL_MAX_MASTER_KEY_LENGTH;
unsigned int rsa_key_exchange_count = 0;
unsigned int master_secret_count = 0;
unsigned int client_early_secret_count = 0;
unsigned int client_handshake_secret_count = 0;
unsigned int server_handshake_secret_count = 0;
unsigned int client_application_secret_count = 0;
unsigned int server_application_secret_count = 0;
unsigned int early_exporter_secret_count = 0;
unsigned int exporter_secret_count = 0;
for (token = strtok(buffer, " \n"); token != NULL;
token = strtok(NULL, " \n")) {
if (strcmp(token, "RSA") == 0) {
/*
* Premaster secret. Tokens should be: 16 ASCII bytes of
* hex-encoded encrypted secret, then the hex-encoded pre-master
* secret.
*/
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
if (!TEST_size_t_eq(strlen(token), 16))
return 0;
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
/*
* We can't sensibly check the log because the premaster secret is
* transient, and OpenSSL doesn't keep hold of it once the master
* secret is generated.
*/
rsa_key_exchange_count++;
} else if (strcmp(token, "CLIENT_RANDOM") == 0) {
/*
* Master secret. Tokens should be: 64 ASCII bytes of hex-encoded
* client random, then the hex-encoded master secret.
*/
client_random_size = SSL_get_client_random(ssl,
actual_client_random,
SSL3_RANDOM_SIZE);
if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
return 0;
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
if (!TEST_size_t_eq(strlen(token), 64))
return 0;
if (!TEST_false(compare_hex_encoded_buffer(token, 64,
actual_client_random,
client_random_size)))
return 0;
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
master_key_size = SSL_SESSION_get_master_key(session,
actual_master_key,
master_key_size);
if (!TEST_size_t_ne(master_key_size, 0))
return 0;
if (!TEST_false(compare_hex_encoded_buffer(token, strlen(token),
actual_master_key,
master_key_size)))
return 0;
master_secret_count++;
} else if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0
|| strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0
|| strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0
|| strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0
|| strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0
|| strcmp(token, "EARLY_EXPORTER_SECRET") == 0
|| strcmp(token, "EXPORTER_SECRET") == 0) {
/*
* TLSv1.3 secret. Tokens should be: 64 ASCII bytes of hex-encoded
* client random, and then the hex-encoded secret. In this case,
* we treat all of these secrets identically and then just
* distinguish between them when counting what we saw.
*/
if (strcmp(token, "CLIENT_EARLY_TRAFFIC_SECRET") == 0)
client_early_secret_count++;
else if (strcmp(token, "CLIENT_HANDSHAKE_TRAFFIC_SECRET") == 0)
client_handshake_secret_count++;
else if (strcmp(token, "SERVER_HANDSHAKE_TRAFFIC_SECRET") == 0)
server_handshake_secret_count++;
else if (strcmp(token, "CLIENT_TRAFFIC_SECRET_0") == 0)
client_application_secret_count++;
else if (strcmp(token, "SERVER_TRAFFIC_SECRET_0") == 0)
server_application_secret_count++;
else if (strcmp(token, "EARLY_EXPORTER_SECRET") == 0)
early_exporter_secret_count++;
else if (strcmp(token, "EXPORTER_SECRET") == 0)
exporter_secret_count++;
client_random_size = SSL_get_client_random(ssl,
actual_client_random,
SSL3_RANDOM_SIZE);
if (!TEST_size_t_eq(client_random_size, SSL3_RANDOM_SIZE))
return 0;
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
if (!TEST_size_t_eq(strlen(token), 64))
return 0;
if (!TEST_false(compare_hex_encoded_buffer(token, 64,
actual_client_random,
client_random_size)))
return 0;
if (!TEST_ptr(token = strtok(NULL, " \n")))
return 0;
/*
* TODO(TLS1.3): test that application traffic secrets are what
* we expect */
} else {
TEST_info("Unexpected token %s\n", token);
return 0;
}
}
/* Got what we expected? */
if (!TEST_size_t_eq(rsa_key_exchange_count,
expected->rsa_key_exchange_count)
|| !TEST_size_t_eq(master_secret_count,
expected->master_secret_count)
|| !TEST_size_t_eq(client_early_secret_count,
expected->client_early_secret_count)
|| !TEST_size_t_eq(client_handshake_secret_count,
expected->client_handshake_secret_count)
|| !TEST_size_t_eq(server_handshake_secret_count,
expected->server_handshake_secret_count)
|| !TEST_size_t_eq(client_application_secret_count,
expected->client_application_secret_count)
|| !TEST_size_t_eq(server_application_secret_count,
expected->server_application_secret_count)
|| !TEST_size_t_eq(early_exporter_secret_count,
expected->early_exporter_secret_count)
|| !TEST_size_t_eq(exporter_secret_count,
expected->exporter_secret_count))
return 0;
return 1;
}
#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
static int test_keylog(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
struct sslapitest_log_counts expected = {0};
/* Clean up logging space */
memset(client_log_buffer, 0, sizeof(client_log_buffer));
memset(server_log_buffer, 0, sizeof(server_log_buffer));
client_log_buffer_index = 0;
server_log_buffer_index = 0;
error_writing_log = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0;
/* We cannot log the master secret for TLSv1.3, so we should forbid it. */
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
/* We also want to ensure that we use RSA-based key exchange. */
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "RSA")))
goto end;
if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
|| !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
goto end;
SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
== client_keylog_callback))
goto end;
SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
== server_keylog_callback))
goto end;
/* Now do a handshake and check that the logs have been written to. */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(error_writing_log)
|| !TEST_int_gt(client_log_buffer_index, 0)
|| !TEST_int_gt(server_log_buffer_index, 0))
goto end;
/*
* Now we want to test that our output data was vaguely sensible. We
* do that by using strtok and confirming that we have more or less the
* data we expect. For both client and server, we expect to see one master
* secret. The client should also see a RSA key exchange.
*/
expected.rsa_key_exchange_count = 1;
expected.master_secret_count = 1;
if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
SSL_get_session(clientssl), &expected)))
goto end;
expected.rsa_key_exchange_count = 0;
if (!TEST_true(test_keylog_output(server_log_buffer, serverssl,
SSL_get_session(serverssl), &expected)))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
#ifndef OPENSSL_NO_TLS1_3
static int test_keylog_no_master_key(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
SSL_SESSION *sess = NULL;
int testresult = 0;
struct sslapitest_log_counts expected = {0};
unsigned char buf[1];
size_t readbytes, written;
/* Clean up logging space */
memset(client_log_buffer, 0, sizeof(client_log_buffer));
memset(server_log_buffer, 0, sizeof(server_log_buffer));
client_log_buffer_index = 0;
server_log_buffer_index = 0;
error_writing_log = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_max_early_data(sctx,
SSL3_RT_MAX_PLAIN_LENGTH)))
return 0;
if (!TEST_true(SSL_CTX_get_keylog_callback(cctx) == NULL)
|| !TEST_true(SSL_CTX_get_keylog_callback(sctx) == NULL))
goto end;
SSL_CTX_set_keylog_callback(cctx, client_keylog_callback);
if (!TEST_true(SSL_CTX_get_keylog_callback(cctx)
== client_keylog_callback))
goto end;
SSL_CTX_set_keylog_callback(sctx, server_keylog_callback);
if (!TEST_true(SSL_CTX_get_keylog_callback(sctx)
== server_keylog_callback))
goto end;
/* Now do a handshake and check that the logs have been written to. */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(error_writing_log))
goto end;
/*
* Now we want to test that our output data was vaguely sensible. For this
* test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
* TLSv1.3, but we do expect both client and server to emit keys.
*/
expected.client_handshake_secret_count = 1;
expected.server_handshake_secret_count = 1;
expected.client_application_secret_count = 1;
expected.server_application_secret_count = 1;
expected.exporter_secret_count = 1;
if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
SSL_get_session(clientssl), &expected))
|| !TEST_true(test_keylog_output(server_log_buffer, serverssl,
SSL_get_session(serverssl),
&expected)))
goto end;
/* Terminate old session and resume with early data. */
sess = SSL_get1_session(clientssl);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
/* Reset key log */
memset(client_log_buffer, 0, sizeof(client_log_buffer));
memset(server_log_buffer, 0, sizeof(server_log_buffer));
client_log_buffer_index = 0;
server_log_buffer_index = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sess))
/* Here writing 0 length early data is enough. */
|| !TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_ERROR)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl)))
goto end;
/* In addition to the previous entries, expect early secrets. */
expected.client_early_secret_count = 1;
expected.early_exporter_secret_count = 1;
if (!TEST_true(test_keylog_output(client_log_buffer, clientssl,
SSL_get_session(clientssl), &expected))
|| !TEST_true(test_keylog_output(server_log_buffer, serverssl,
SSL_get_session(serverssl),
&expected)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
#ifndef OPENSSL_NO_TLS1_2
static int full_client_hello_callback(SSL *s, int *al, void *arg)
{
int *ctr = arg;
const unsigned char *p;
int *exts;
/* We only configure two ciphers, but the SCSV is added automatically. */
#ifdef OPENSSL_NO_EC
const unsigned char expected_ciphers[] = {0x00, 0x9d, 0x00, 0xff};
#else
const unsigned char expected_ciphers[] = {0x00, 0x9d, 0xc0,
0x2c, 0x00, 0xff};
#endif
const int expected_extensions[] = {
#ifndef OPENSSL_NO_EC
11, 10,
#endif
35, 22, 23, 13};
size_t len;
/* Make sure we can defer processing and get called back. */
if ((*ctr)++ == 0)
return SSL_CLIENT_HELLO_RETRY;
len = SSL_client_hello_get0_ciphers(s, &p);
if (!TEST_mem_eq(p, len, expected_ciphers, sizeof(expected_ciphers))
|| !TEST_size_t_eq(
SSL_client_hello_get0_compression_methods(s, &p), 1)
|| !TEST_int_eq(*p, 0))
return SSL_CLIENT_HELLO_ERROR;
if (!SSL_client_hello_get1_extensions_present(s, &exts, &len))
return SSL_CLIENT_HELLO_ERROR;
if (len != OSSL_NELEM(expected_extensions) ||
memcmp(exts, expected_extensions, len * sizeof(*exts)) != 0) {
printf("ClientHello callback expected extensions mismatch\n");
OPENSSL_free(exts);
return SSL_CLIENT_HELLO_ERROR;
}
OPENSSL_free(exts);
return SSL_CLIENT_HELLO_SUCCESS;
}
static int test_client_hello_cb(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testctr = 0, testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
SSL_CTX_set_client_hello_cb(sctx, full_client_hello_callback, &testctr);
/* The gimpy cipher list we configure can't do TLS 1.3. */
SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
"AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_WANT_CLIENT_HELLO_CB))
/*
* Passing a -1 literal is a hack since
* the real value was lost.
* */
|| !TEST_int_eq(SSL_get_error(serverssl, -1),
SSL_ERROR_WANT_CLIENT_HELLO_CB)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
static int execute_test_large_message(const SSL_METHOD *smeth,
const SSL_METHOD *cmeth,
int min_version, int max_version,
int read_ahead)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
int i;
BIO *certbio = NULL;
X509 *chaincert = NULL;
int certlen;
if (!TEST_ptr(certbio = BIO_new_file(cert, "r")))
goto end;
chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
BIO_free(certbio);
certbio = NULL;
if (!TEST_ptr(chaincert))
goto end;
if (!TEST_true(create_ssl_ctx_pair(smeth, cmeth, min_version, max_version,
&sctx, &cctx, cert, privkey)))
goto end;
if (read_ahead) {
/*
* Test that read_ahead works correctly when dealing with large
* records
*/
SSL_CTX_set_read_ahead(cctx, 1);
}
/*
* We assume the supplied certificate is big enough so that if we add
* NUM_EXTRA_CERTS it will make the overall message large enough. The
* default buffer size is requested to be 16k, but due to the way BUF_MEM
* works, it ends up allocating a little over 21k (16 * 4/3). So, in this
* test we need to have a message larger than that.
*/
certlen = i2d_X509(chaincert, NULL);
OPENSSL_assert(certlen * NUM_EXTRA_CERTS >
(SSL3_RT_MAX_PLAIN_LENGTH * 4) / 3);
for (i = 0; i < NUM_EXTRA_CERTS; i++) {
if (!X509_up_ref(chaincert))
goto end;
if (!SSL_CTX_add_extra_chain_cert(sctx, chaincert)) {
X509_free(chaincert);
goto end;
}
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
/*
* Calling SSL_clear() first is not required but this tests that SSL_clear()
* doesn't leak (when using enable-crypto-mdebug).
*/
if (!TEST_true(SSL_clear(serverssl)))
goto end;
testresult = 1;
end:
X509_free(chaincert);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_large_message_tls(void)
{
return execute_test_large_message(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
0);
}
static int test_large_message_tls_read_ahead(void)
{
return execute_test_large_message(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
1);
}
#ifndef OPENSSL_NO_DTLS
static int test_large_message_dtls(void)
{
/*
* read_ahead is not relevant to DTLS because DTLS always acts as if
* read_ahead is set.
*/
return execute_test_large_message(DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, DTLS_MAX_VERSION,
0);
}
#endif
#ifndef OPENSSL_NO_OCSP
static int ocsp_server_cb(SSL *s, void *arg)
{
int *argi = (int *)arg;
unsigned char *copy = NULL;
STACK_OF(OCSP_RESPID) *ids = NULL;
OCSP_RESPID *id = NULL;
if (*argi == 2) {
/* In this test we are expecting exactly 1 OCSP_RESPID */
SSL_get_tlsext_status_ids(s, &ids);
if (ids == NULL || sk_OCSP_RESPID_num(ids) != 1)
return SSL_TLSEXT_ERR_ALERT_FATAL;
id = sk_OCSP_RESPID_value(ids, 0);
if (id == NULL || !OCSP_RESPID_match(id, ocspcert))
return SSL_TLSEXT_ERR_ALERT_FATAL;
} else if (*argi != 1) {
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
if (!TEST_ptr(copy = OPENSSL_memdup(orespder, sizeof(orespder))))
return SSL_TLSEXT_ERR_ALERT_FATAL;
SSL_set_tlsext_status_ocsp_resp(s, copy, sizeof(orespder));
ocsp_server_called = 1;
return SSL_TLSEXT_ERR_OK;
}
static int ocsp_client_cb(SSL *s, void *arg)
{
int *argi = (int *)arg;
const unsigned char *respderin;
size_t len;
if (*argi != 1 && *argi != 2)
return 0;
len = SSL_get_tlsext_status_ocsp_resp(s, &respderin);
if (!TEST_mem_eq(orespder, len, respderin, len))
return 0;
ocsp_client_called = 1;
return 1;
}
static int test_tlsext_status_type(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
STACK_OF(OCSP_RESPID) *ids = NULL;
OCSP_RESPID *id = NULL;
BIO *certbio = NULL;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))
return 0;
if (SSL_CTX_get_tlsext_status_type(cctx) != -1)
goto end;
/* First just do various checks getting and setting tlsext_status_type */
clientssl = SSL_new(cctx);
if (!TEST_int_eq(SSL_get_tlsext_status_type(clientssl), -1)
|| !TEST_true(SSL_set_tlsext_status_type(clientssl,
TLSEXT_STATUSTYPE_ocsp))
|| !TEST_int_eq(SSL_get_tlsext_status_type(clientssl),
TLSEXT_STATUSTYPE_ocsp))
goto end;
SSL_free(clientssl);
clientssl = NULL;
if (!SSL_CTX_set_tlsext_status_type(cctx, TLSEXT_STATUSTYPE_ocsp)
|| SSL_CTX_get_tlsext_status_type(cctx) != TLSEXT_STATUSTYPE_ocsp)
goto end;
clientssl = SSL_new(cctx);
if (SSL_get_tlsext_status_type(clientssl) != TLSEXT_STATUSTYPE_ocsp)
goto end;
SSL_free(clientssl);
clientssl = NULL;
/*
* Now actually do a handshake and check OCSP information is exchanged and
* the callbacks get called
*/
SSL_CTX_set_tlsext_status_cb(cctx, ocsp_client_cb);
SSL_CTX_set_tlsext_status_arg(cctx, &cdummyarg);
SSL_CTX_set_tlsext_status_cb(sctx, ocsp_server_cb);
SSL_CTX_set_tlsext_status_arg(sctx, &cdummyarg);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(ocsp_client_called)
|| !TEST_true(ocsp_server_called))
goto end;
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = NULL;
clientssl = NULL;
/* Try again but this time force the server side callback to fail */
ocsp_client_called = 0;
ocsp_server_called = 0;
cdummyarg = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
/* This should fail because the callback will fail */
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(ocsp_client_called)
|| !TEST_false(ocsp_server_called))
goto end;
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = NULL;
clientssl = NULL;
/*
* This time we'll get the client to send an OCSP_RESPID that it will
* accept.
*/
ocsp_client_called = 0;
ocsp_server_called = 0;
cdummyarg = 2;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
/*
* We'll just use any old cert for this test - it doesn't have to be an OCSP
* specific one. We'll use the server cert.
*/
if (!TEST_ptr(certbio = BIO_new_file(cert, "r"))
|| !TEST_ptr(id = OCSP_RESPID_new())
|| !TEST_ptr(ids = sk_OCSP_RESPID_new_null())
|| !TEST_ptr(ocspcert = PEM_read_bio_X509(certbio,
NULL, NULL, NULL))
|| !TEST_true(OCSP_RESPID_set_by_key(id, ocspcert))
|| !TEST_true(sk_OCSP_RESPID_push(ids, id)))
goto end;
id = NULL;
SSL_set_tlsext_status_ids(clientssl, ids);
/* Control has been transferred */
ids = NULL;
BIO_free(certbio);
certbio = NULL;
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(ocsp_client_called)
|| !TEST_true(ocsp_server_called))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
sk_OCSP_RESPID_pop_free(ids, OCSP_RESPID_free);
OCSP_RESPID_free(id);
BIO_free(certbio);
X509_free(ocspcert);
ocspcert = NULL;
return testresult;
}
#endif
#if !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
static int new_called, remove_called, get_called;
static int new_session_cb(SSL *ssl, SSL_SESSION *sess)
{
new_called++;
/*
* sess has been up-refed for us, but we don't actually need it so free it
* immediately.
*/
SSL_SESSION_free(sess);
return 1;
}
static void remove_session_cb(SSL_CTX *ctx, SSL_SESSION *sess)
{
remove_called++;
}
static SSL_SESSION *get_sess_val = NULL;
static SSL_SESSION *get_session_cb(SSL *ssl, const unsigned char *id, int len,
int *copy)
{
get_called++;
*copy = 1;
return get_sess_val;
}
static int execute_test_session(int maxprot, int use_int_cache,
int use_ext_cache)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
SSL *serverssl2 = NULL, *clientssl2 = NULL;
# ifndef OPENSSL_NO_TLS1_1
SSL *serverssl3 = NULL, *clientssl3 = NULL;
# endif
SSL_SESSION *sess1 = NULL, *sess2 = NULL;
int testresult = 0, numnewsesstick = 1;
new_called = remove_called = 0;
/* TLSv1.3 sends 2 NewSessionTickets */
if (maxprot == TLS1_3_VERSION)
numnewsesstick = 2;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0;
/*
* Only allow the max protocol version so we can force a connection failure
* later
*/
SSL_CTX_set_min_proto_version(cctx, maxprot);
SSL_CTX_set_max_proto_version(cctx, maxprot);
/* Set up session cache */
if (use_ext_cache) {
SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
SSL_CTX_sess_set_remove_cb(cctx, remove_session_cb);
}
if (use_int_cache) {
/* Also covers instance where both are set */
SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT);
} else {
SSL_CTX_set_session_cache_mode(cctx,
SSL_SESS_CACHE_CLIENT
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl1, clientssl1,
SSL_ERROR_NONE))
|| !TEST_ptr(sess1 = SSL_get1_session(clientssl1)))
goto end;
/* Should fail because it should already be in the cache */
if (use_int_cache && !TEST_false(SSL_CTX_add_session(cctx, sess1)))
goto end;
if (use_ext_cache
&& (!TEST_int_eq(new_called, numnewsesstick)
|| !TEST_int_eq(remove_called, 0)))
goto end;
new_called = remove_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
&clientssl2, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl2, sess1))
|| !TEST_true(create_ssl_connection(serverssl2, clientssl2,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl2)))
goto end;
if (maxprot == TLS1_3_VERSION) {
/*
* In TLSv1.3 we should have created a new session even though we have
* resumed. Since we attempted a resume we should also have removed the
* old ticket from the cache so that we try to only use tickets once.
*/
if (use_ext_cache
&& (!TEST_int_eq(new_called, 1)
|| !TEST_int_eq(remove_called, 1)))
goto end;
} else {
/*
* In TLSv1.2 we expect to have resumed so no sessions added or
* removed.
*/
if (use_ext_cache
&& (!TEST_int_eq(new_called, 0)
|| !TEST_int_eq(remove_called, 0)))
goto end;
}
SSL_SESSION_free(sess1);
if (!TEST_ptr(sess1 = SSL_get1_session(clientssl2)))
goto end;
shutdown_ssl_connection(serverssl2, clientssl2);
serverssl2 = clientssl2 = NULL;
new_called = remove_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
&clientssl2, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl2, clientssl2,
SSL_ERROR_NONE)))
goto end;
if (!TEST_ptr(sess2 = SSL_get1_session(clientssl2)))
goto end;
if (use_ext_cache
&& (!TEST_int_eq(new_called, numnewsesstick)
|| !TEST_int_eq(remove_called, 0)))
goto end;
new_called = remove_called = 0;
/*
* This should clear sess2 from the cache because it is a "bad" session.
* See SSL_set_session() documentation.
*/
if (!TEST_true(SSL_set_session(clientssl2, sess1)))
goto end;
if (use_ext_cache
&& (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
goto end;
if (!TEST_ptr_eq(SSL_get_session(clientssl2), sess1))
goto end;
if (use_int_cache) {
/* Should succeeded because it should not already be in the cache */
if (!TEST_true(SSL_CTX_add_session(cctx, sess2))
|| !TEST_true(SSL_CTX_remove_session(cctx, sess2)))
goto end;
}
new_called = remove_called = 0;
/* This shouldn't be in the cache so should fail */
if (!TEST_false(SSL_CTX_remove_session(cctx, sess2)))
goto end;
if (use_ext_cache
&& (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
goto end;
# if !defined(OPENSSL_NO_TLS1_1)
new_called = remove_called = 0;
/* Force a connection failure */
SSL_CTX_set_max_proto_version(sctx, TLS1_1_VERSION);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl3,
&clientssl3, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl3, sess1))
/* This should fail because of the mismatched protocol versions */
|| !TEST_false(create_ssl_connection(serverssl3, clientssl3,
SSL_ERROR_NONE)))
goto end;
/* We should have automatically removed the session from the cache */
if (use_ext_cache
&& (!TEST_int_eq(new_called, 0) || !TEST_int_eq(remove_called, 1)))
goto end;
/* Should succeed because it should not already be in the cache */
if (use_int_cache && !TEST_true(SSL_CTX_add_session(cctx, sess2)))
goto end;
# endif
/* Now do some tests for server side caching */
if (use_ext_cache) {
SSL_CTX_sess_set_new_cb(cctx, NULL);
SSL_CTX_sess_set_remove_cb(cctx, NULL);
SSL_CTX_sess_set_new_cb(sctx, new_session_cb);
SSL_CTX_sess_set_remove_cb(sctx, remove_session_cb);
SSL_CTX_sess_set_get_cb(sctx, get_session_cb);
get_sess_val = NULL;
}
SSL_CTX_set_session_cache_mode(cctx, 0);
/* Internal caching is the default on the server side */
if (!use_int_cache)
SSL_CTX_set_session_cache_mode(sctx,
SSL_SESS_CACHE_SERVER
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
SSL_free(serverssl1);
SSL_free(clientssl1);
serverssl1 = clientssl1 = NULL;
SSL_free(serverssl2);
SSL_free(clientssl2);
serverssl2 = clientssl2 = NULL;
SSL_SESSION_free(sess1);
sess1 = NULL;
SSL_SESSION_free(sess2);
sess2 = NULL;
SSL_CTX_set_max_proto_version(sctx, maxprot);
if (maxprot == TLS1_2_VERSION)
SSL_CTX_set_options(sctx, SSL_OP_NO_TICKET);
new_called = remove_called = get_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl1, clientssl1,
SSL_ERROR_NONE))
|| !TEST_ptr(sess1 = SSL_get1_session(clientssl1))
|| !TEST_ptr(sess2 = SSL_get1_session(serverssl1)))
goto end;
if (use_int_cache) {
if (maxprot == TLS1_3_VERSION && !use_ext_cache) {
/*
* In TLSv1.3 it should not have been added to the internal cache,
* except in the case where we also have an external cache (in that
* case it gets added to the cache in order to generate remove
* events after timeout).
*/
if (!TEST_false(SSL_CTX_remove_session(sctx, sess2)))
goto end;
} else {
/* Should fail because it should already be in the cache */
if (!TEST_false(SSL_CTX_add_session(sctx, sess2)))
goto end;
}
}
if (use_ext_cache) {
SSL_SESSION *tmp = sess2;
if (!TEST_int_eq(new_called, numnewsesstick)
|| !TEST_int_eq(remove_called, 0)
|| !TEST_int_eq(get_called, 0))
goto end;
/*
* Delete the session from the internal cache to force a lookup from
* the external cache. We take a copy first because
* SSL_CTX_remove_session() also marks the session as non-resumable.
*/
if (use_int_cache && maxprot != TLS1_3_VERSION) {
if (!TEST_ptr(tmp = SSL_SESSION_dup(sess2))
|| !TEST_true(SSL_CTX_remove_session(sctx, sess2)))
goto end;
SSL_SESSION_free(sess2);
}
sess2 = tmp;
}
new_called = remove_called = get_called = 0;
get_sess_val = sess2;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl2,
&clientssl2, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl2, sess1))
|| !TEST_true(create_ssl_connection(serverssl2, clientssl2,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl2)))
goto end;
if (use_ext_cache) {
if (!TEST_int_eq(remove_called, 0))
goto end;
if (maxprot == TLS1_3_VERSION) {
if (!TEST_int_eq(new_called, 1)
|| !TEST_int_eq(get_called, 0))
goto end;
} else {
if (!TEST_int_eq(new_called, 0)
|| !TEST_int_eq(get_called, 1))
goto end;
}
}
testresult = 1;
end:
SSL_free(serverssl1);
SSL_free(clientssl1);
SSL_free(serverssl2);
SSL_free(clientssl2);
# ifndef OPENSSL_NO_TLS1_1
SSL_free(serverssl3);
SSL_free(clientssl3);
# endif
SSL_SESSION_free(sess1);
SSL_SESSION_free(sess2);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif /* !defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) */
static int test_session_with_only_int_cache(void)
{
#ifndef OPENSSL_NO_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 1, 0))
return 0;
#endif
#ifndef OPENSSL_NO_TLS1_2
return execute_test_session(TLS1_2_VERSION, 1, 0);
#else
return 1;
#endif
}
static int test_session_with_only_ext_cache(void)
{
#ifndef OPENSSL_NO_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 0, 1))
return 0;
#endif
#ifndef OPENSSL_NO_TLS1_2
return execute_test_session(TLS1_2_VERSION, 0, 1);
#else
return 1;
#endif
}
static int test_session_with_both_cache(void)
{
#ifndef OPENSSL_NO_TLS1_3
if (!execute_test_session(TLS1_3_VERSION, 1, 1))
return 0;
#endif
#ifndef OPENSSL_NO_TLS1_2
return execute_test_session(TLS1_2_VERSION, 1, 1);
#else
return 1;
#endif
}
#ifndef OPENSSL_NO_TLS1_3
static SSL_SESSION *sesscache[6];
static int do_cache;
static int new_cachesession_cb(SSL *ssl, SSL_SESSION *sess)
{
if (do_cache) {
sesscache[new_called] = sess;
} else {
/* We don't need the reference to the session, so free it */
SSL_SESSION_free(sess);
}
new_called++;
return 1;
}
static int post_handshake_verify(SSL *sssl, SSL *cssl)
{
SSL_set_verify(sssl, SSL_VERIFY_PEER, NULL);
if (!TEST_true(SSL_verify_client_post_handshake(sssl)))
return 0;
/* Start handshake on the server and client */
if (!TEST_int_eq(SSL_do_handshake(sssl), 1)
|| !TEST_int_le(SSL_read(cssl, NULL, 0), 0)
|| !TEST_int_le(SSL_read(sssl, NULL, 0), 0)
|| !TEST_true(create_ssl_connection(sssl, cssl,
SSL_ERROR_NONE)))
return 0;
return 1;
}
static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx,
SSL_CTX **cctx)
{
int sess_id_ctx = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION, sctx,
cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx))
|| !TEST_true(SSL_CTX_set_session_id_context(*sctx,
(void *)&sess_id_ctx,
sizeof(sess_id_ctx))))
return 0;
if (stateful)
SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET);
SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb);
return 1;
}
static int check_resumption(int idx, SSL_CTX *sctx, SSL_CTX *cctx, int succ)
{
SSL *serverssl = NULL, *clientssl = NULL;
int i;
/* Test that we can resume with all the tickets we got given */
for (i = 0; i < idx * 2; i++) {
new_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sesscache[i])))
goto end;
SSL_set_post_handshake_auth(clientssl, 1);
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
/*
* Following a successful resumption we only get 1 ticket. After a
* failed one we should get idx tickets.
*/
if (succ) {
if (!TEST_true(SSL_session_reused(clientssl))
|| !TEST_int_eq(new_called, 1))
goto end;
} else {
if (!TEST_false(SSL_session_reused(clientssl))
|| !TEST_int_eq(new_called, idx))
goto end;
}
new_called = 0;
/* After a post-handshake authentication we should get 1 new ticket */
if (succ
&& (!post_handshake_verify(serverssl, clientssl)
|| !TEST_int_eq(new_called, 1)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
SSL_SESSION_free(sesscache[i]);
sesscache[i] = NULL;
}
return 1;
end:
SSL_free(clientssl);
SSL_free(serverssl);
return 0;
}
static int test_tickets(int stateful, int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
size_t j;
/* idx is the test number, but also the number of tickets we want */
new_called = 0;
do_cache = 1;
if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
/* Check we got the number of tickets we were expecting */
|| !TEST_int_eq(idx, new_called))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
clientssl = serverssl = NULL;
sctx = cctx = NULL;
/*
* Now we try to resume with the tickets we previously created. The
* resumption attempt is expected to fail (because we're now using a new
* SSL_CTX). We should see idx number of tickets issued again.
*/
/* Stop caching sessions - just count them */
do_cache = 0;
if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
goto end;
if (!check_resumption(idx, sctx, cctx, 0))
goto end;
/* Start again with caching sessions */
new_called = 0;
do_cache = 1;
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
sctx = cctx = NULL;
if (!setup_ticket_test(stateful, idx, &sctx, &cctx))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
SSL_set_post_handshake_auth(clientssl, 1);
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
/* Check we got the number of tickets we were expecting */
|| !TEST_int_eq(idx, new_called))
goto end;
/* After a post-handshake authentication we should get new tickets issued */
if (!post_handshake_verify(serverssl, clientssl)
|| !TEST_int_eq(idx * 2, new_called))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
/* Stop caching sessions - just count them */
do_cache = 0;
/*
* Check we can resume with all the tickets we created. This time around the
* resumptions should all be successful.
*/
if (!check_resumption(idx, sctx, cctx, 1))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
for (j = 0; j < OSSL_NELEM(sesscache); j++) {
SSL_SESSION_free(sesscache[j]);
sesscache[j] = NULL;
}
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_stateless_tickets(int idx)
{
return test_tickets(0, idx);
}
static int test_stateful_tickets(int idx)
{
return test_tickets(1, idx);
}
static int test_psk_tickets(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
int sess_id_ctx = 1;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION, &sctx,
&cctx, NULL, NULL))
|| !TEST_true(SSL_CTX_set_session_id_context(sctx,
(void *)&sess_id_ctx,
sizeof(sess_id_ctx))))
goto end;
SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT
| SSL_SESS_CACHE_NO_INTERNAL_STORE);
SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
SSL_CTX_sess_set_new_cb(cctx, new_session_cb);
use_session_cb_cnt = 0;
find_session_cb_cnt = 0;
srvid = pskid;
new_called = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
clientpsk = serverpsk = create_a_psk(clientssl);
if (!TEST_ptr(clientpsk))
goto end;
SSL_SESSION_up_ref(clientpsk);
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_int_eq(1, find_session_cb_cnt)
|| !TEST_int_eq(1, use_session_cb_cnt)
/* We should always get 1 ticket when using external PSK */
|| !TEST_int_eq(1, new_called))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
return testresult;
}
#endif
#define USE_NULL 0
#define USE_BIO_1 1
#define USE_BIO_2 2
#define USE_DEFAULT 3
#define CONNTYPE_CONNECTION_SUCCESS 0
#define CONNTYPE_CONNECTION_FAIL 1
#define CONNTYPE_NO_CONNECTION 2
#define TOTAL_NO_CONN_SSL_SET_BIO_TESTS (3 * 3 * 3 * 3)
#define TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS (2 * 2)
#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2)
# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS (2 * 2)
#else
# define TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS 0
#endif
#define TOTAL_SSL_SET_BIO_TESTS TOTAL_NO_CONN_SSL_SET_BIO_TESTS \
+ TOTAL_CONN_SUCCESS_SSL_SET_BIO_TESTS \
+ TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS
static void setupbio(BIO **res, BIO *bio1, BIO *bio2, int type)
{
switch (type) {
case USE_NULL:
*res = NULL;
break;
case USE_BIO_1:
*res = bio1;
break;
case USE_BIO_2:
*res = bio2;
break;
}
}
/*
* Tests calls to SSL_set_bio() under various conditions.
*
* For the first 3 * 3 * 3 * 3 = 81 tests we do 2 calls to SSL_set_bio() with
* various combinations of valid BIOs or NULL being set for the rbio/wbio. We
* then do more tests where we create a successful connection first using our
* standard connection setup functions, and then call SSL_set_bio() with
* various combinations of valid BIOs or NULL. We then repeat these tests
* following a failed connection. In this last case we are looking to check that
* SSL_set_bio() functions correctly in the case where s->bbio is not NULL.
*/
static int test_ssl_set_bio(int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
BIO *bio1 = NULL;
BIO *bio2 = NULL;
BIO *irbio = NULL, *iwbio = NULL, *nrbio = NULL, *nwbio = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int initrbio, initwbio, newrbio, newwbio, conntype;
int testresult = 0;
if (idx < TOTAL_NO_CONN_SSL_SET_BIO_TESTS) {
initrbio = idx % 3;
idx /= 3;
initwbio = idx % 3;
idx /= 3;
newrbio = idx % 3;
idx /= 3;
newwbio = idx % 3;
conntype = CONNTYPE_NO_CONNECTION;
} else {
idx -= TOTAL_NO_CONN_SSL_SET_BIO_TESTS;
initrbio = initwbio = USE_DEFAULT;
newrbio = idx % 2;
idx /= 2;
newwbio = idx % 2;
idx /= 2;
conntype = idx % 2;
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
if (conntype == CONNTYPE_CONNECTION_FAIL) {
/*
* We won't ever get here if either TLSv1.3 or TLSv1.2 is disabled
* because we reduced the number of tests in the definition of
* TOTAL_CONN_FAIL_SSL_SET_BIO_TESTS to avoid this scenario. By setting
* mismatched protocol versions we will force a connection failure.
*/
SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (initrbio == USE_BIO_1
|| initwbio == USE_BIO_1
|| newrbio == USE_BIO_1
|| newwbio == USE_BIO_1) {
if (!TEST_ptr(bio1 = BIO_new(BIO_s_mem())))
goto end;
}
if (initrbio == USE_BIO_2
|| initwbio == USE_BIO_2
|| newrbio == USE_BIO_2
|| newwbio == USE_BIO_2) {
if (!TEST_ptr(bio2 = BIO_new(BIO_s_mem())))
goto end;
}
if (initrbio != USE_DEFAULT) {
setupbio(&irbio, bio1, bio2, initrbio);
setupbio(&iwbio, bio1, bio2, initwbio);
SSL_set_bio(clientssl, irbio, iwbio);
/*
* We want to maintain our own refs to these BIO, so do an up ref for
* each BIO that will have ownership transferred in the SSL_set_bio()
* call
*/
if (irbio != NULL)
BIO_up_ref(irbio);
if (iwbio != NULL && iwbio != irbio)
BIO_up_ref(iwbio);
}
if (conntype != CONNTYPE_NO_CONNECTION
&& !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)
== (conntype == CONNTYPE_CONNECTION_SUCCESS)))
goto end;
setupbio(&nrbio, bio1, bio2, newrbio);
setupbio(&nwbio, bio1, bio2, newwbio);
/*
* We will (maybe) transfer ownership again so do more up refs.
* SSL_set_bio() has some really complicated ownership rules where BIOs have
* already been set!
*/
if (nrbio != NULL
&& nrbio != irbio
&& (nwbio != iwbio || nrbio != nwbio))
BIO_up_ref(nrbio);
if (nwbio != NULL
&& nwbio != nrbio
&& (nwbio != iwbio || (nwbio == iwbio && irbio == iwbio)))
BIO_up_ref(nwbio);
SSL_set_bio(clientssl, nrbio, nwbio);
testresult = 1;
end:
BIO_free(bio1);
BIO_free(bio2);
/*
* This test is checking that the ref counting for SSL_set_bio is correct.
* If we get here and we did too many frees then we will fail in the above
* functions. If we haven't done enough then this will only be detected in
* a crypto-mdebug build
*/
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
typedef enum { NO_BIO_CHANGE, CHANGE_RBIO, CHANGE_WBIO } bio_change_t;
static int execute_test_ssl_bio(int pop_ssl, bio_change_t change_bio)
{
BIO *sslbio = NULL, *membio1 = NULL, *membio2 = NULL;
SSL_CTX *ctx;
SSL *ssl = NULL;
int testresult = 0;
if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method()))
|| !TEST_ptr(ssl = SSL_new(ctx))
|| !TEST_ptr(sslbio = BIO_new(BIO_f_ssl()))
|| !TEST_ptr(membio1 = BIO_new(BIO_s_mem())))
goto end;
BIO_set_ssl(sslbio, ssl, BIO_CLOSE);
/*
* If anything goes wrong here then we could leak memory, so this will
* be caught in a crypto-mdebug build
*/
BIO_push(sslbio, membio1);
/* Verify changing the rbio/wbio directly does not cause leaks */
if (change_bio != NO_BIO_CHANGE) {
if (!TEST_ptr(membio2 = BIO_new(BIO_s_mem())))
goto end;
if (change_bio == CHANGE_RBIO)
SSL_set0_rbio(ssl, membio2);
else
SSL_set0_wbio(ssl, membio2);
}
ssl = NULL;
if (pop_ssl)
BIO_pop(sslbio);
else
BIO_pop(membio1);
testresult = 1;
end:
BIO_free(membio1);
BIO_free(sslbio);
SSL_free(ssl);
SSL_CTX_free(ctx);
return testresult;
}
static int test_ssl_bio_pop_next_bio(void)
{
return execute_test_ssl_bio(0, NO_BIO_CHANGE);
}
static int test_ssl_bio_pop_ssl_bio(void)
{
return execute_test_ssl_bio(1, NO_BIO_CHANGE);
}
static int test_ssl_bio_change_rbio(void)
{
return execute_test_ssl_bio(0, CHANGE_RBIO);
}
static int test_ssl_bio_change_wbio(void)
{
return execute_test_ssl_bio(0, CHANGE_WBIO);
}
#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
typedef struct {
/* The list of sig algs */
const int *list;
/* The length of the list */
size_t listlen;
/* A sigalgs list in string format */
const char *liststr;
/* Whether setting the list should succeed */
int valid;
/* Whether creating a connection with the list should succeed */
int connsuccess;
} sigalgs_list;
static const int validlist1[] = {NID_sha256, EVP_PKEY_RSA};
# ifndef OPENSSL_NO_EC
static const int validlist2[] = {NID_sha256, EVP_PKEY_RSA, NID_sha512, EVP_PKEY_EC};
static const int validlist3[] = {NID_sha512, EVP_PKEY_EC};
# endif
static const int invalidlist1[] = {NID_undef, EVP_PKEY_RSA};
static const int invalidlist2[] = {NID_sha256, NID_undef};
static const int invalidlist3[] = {NID_sha256, EVP_PKEY_RSA, NID_sha256};
static const int invalidlist4[] = {NID_sha256};
static const sigalgs_list testsigalgs[] = {
{validlist1, OSSL_NELEM(validlist1), NULL, 1, 1},
# ifndef OPENSSL_NO_EC
{validlist2, OSSL_NELEM(validlist2), NULL, 1, 1},
{validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
# endif
{NULL, 0, "RSA+SHA256", 1, 1},
# ifndef OPENSSL_NO_EC
{NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
{NULL, 0, "ECDSA+SHA512", 1, 0},
# endif
{invalidlist1, OSSL_NELEM(invalidlist1), NULL, 0, 0},
{invalidlist2, OSSL_NELEM(invalidlist2), NULL, 0, 0},
{invalidlist3, OSSL_NELEM(invalidlist3), NULL, 0, 0},
{invalidlist4, OSSL_NELEM(invalidlist4), NULL, 0, 0},
{NULL, 0, "RSA", 0, 0},
{NULL, 0, "SHA256", 0, 0},
{NULL, 0, "RSA+SHA256:SHA256", 0, 0},
{NULL, 0, "Invalid", 0, 0}
};
static int test_set_sigalgs(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
const sigalgs_list *curr;
int testctx;
/* Should never happen */
if (!TEST_size_t_le((size_t)idx, OSSL_NELEM(testsigalgs) * 2))
return 0;
testctx = ((size_t)idx < OSSL_NELEM(testsigalgs));
curr = testctx ? &testsigalgs[idx]
: &testsigalgs[idx - OSSL_NELEM(testsigalgs)];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0;
/*
* TODO(TLS1.3): These APIs cannot set TLSv1.3 sig algs so we just test it
* for TLSv1.2 for now until we add a new API.
*/
SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION);
if (testctx) {
int ret;
if (curr->list != NULL)
ret = SSL_CTX_set1_sigalgs(cctx, curr->list, curr->listlen);
else
ret = SSL_CTX_set1_sigalgs_list(cctx, curr->liststr);
if (!ret) {
if (curr->valid)
TEST_info("Failure setting sigalgs in SSL_CTX (%d)\n", idx);
else
testresult = 1;
goto end;
}
if (!curr->valid) {
TEST_info("Not-failed setting sigalgs in SSL_CTX (%d)\n", idx);
goto end;
}
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
if (!testctx) {
int ret;
if (curr->list != NULL)
ret = SSL_set1_sigalgs(clientssl, curr->list, curr->listlen);
else
ret = SSL_set1_sigalgs_list(clientssl, curr->liststr);
if (!ret) {
if (curr->valid)
TEST_info("Failure setting sigalgs in SSL (%d)\n", idx);
else
testresult = 1;
goto end;
}
if (!curr->valid)
goto end;
}
if (!TEST_int_eq(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE),
curr->connsuccess))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
#ifndef OPENSSL_NO_TLS1_3
static int psk_client_cb_cnt = 0;
static int psk_server_cb_cnt = 0;
static int use_session_cb(SSL *ssl, const EVP_MD *md, const unsigned char **id,
size_t *idlen, SSL_SESSION **sess)
{
switch (++use_session_cb_cnt) {
case 1:
/* The first call should always have a NULL md */
if (md != NULL)
return 0;
break;
case 2:
/* The second call should always have an md */
if (md == NULL)
return 0;
break;
default:
/* We should only be called a maximum of twice */
return 0;
}
if (clientpsk != NULL)
SSL_SESSION_up_ref(clientpsk);
*sess = clientpsk;
*id = (const unsigned char *)pskid;
*idlen = strlen(pskid);
return 1;
}
#ifndef OPENSSL_NO_PSK
static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *id,
unsigned int max_id_len,
unsigned char *psk,
unsigned int max_psk_len)
{
unsigned int psklen = 0;
psk_client_cb_cnt++;
if (strlen(pskid) + 1 > max_id_len)
return 0;
/* We should only ever be called a maximum of twice per connection */
if (psk_client_cb_cnt > 2)
return 0;
if (clientpsk == NULL)
return 0;
/* We'll reuse the PSK we set up for TLSv1.3 */
if (SSL_SESSION_get_master_key(clientpsk, NULL, 0) > max_psk_len)
return 0;
psklen = SSL_SESSION_get_master_key(clientpsk, psk, max_psk_len);
strncpy(id, pskid, max_id_len);
return psklen;
}
#endif /* OPENSSL_NO_PSK */
static int find_session_cb(SSL *ssl, const unsigned char *identity,
size_t identity_len, SSL_SESSION **sess)
{
find_session_cb_cnt++;
/* We should only ever be called a maximum of twice per connection */
if (find_session_cb_cnt > 2)
return 0;
if (serverpsk == NULL)
return 0;
/* Identity should match that set by the client */
if (strlen(srvid) != identity_len
|| strncmp(srvid, (const char *)identity, identity_len) != 0) {
/* No PSK found, continue but without a PSK */
*sess = NULL;
return 1;
}
SSL_SESSION_up_ref(serverpsk);
*sess = serverpsk;
return 1;
}
#ifndef OPENSSL_NO_PSK
static unsigned int psk_server_cb(SSL *ssl, const char *identity,
unsigned char *psk, unsigned int max_psk_len)
{
unsigned int psklen = 0;
psk_server_cb_cnt++;
/* We should only ever be called a maximum of twice per connection */
if (find_session_cb_cnt > 2)
return 0;
if (serverpsk == NULL)
return 0;
/* Identity should match that set by the client */
if (strcmp(srvid, identity) != 0) {
return 0;
}
/* We'll reuse the PSK we set up for TLSv1.3 */
if (SSL_SESSION_get_master_key(serverpsk, NULL, 0) > max_psk_len)
return 0;
psklen = SSL_SESSION_get_master_key(serverpsk, psk, max_psk_len);
return psklen;
}
#endif /* OPENSSL_NO_PSK */
#define MSG1 "Hello"
#define MSG2 "World."
#define MSG3 "This"
#define MSG4 "is"
#define MSG5 "a"
#define MSG6 "test"
#define MSG7 "message."
#define TLS13_AES_256_GCM_SHA384_BYTES ((const unsigned char *)"\x13\x02")
#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
static SSL_SESSION *create_a_psk(SSL *ssl)
{
const SSL_CIPHER *cipher = NULL;
const unsigned char key[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
0x2c, 0x2d, 0x2e, 0x2f
};
SSL_SESSION *sess = NULL;
cipher = SSL_CIPHER_find(ssl, TLS13_AES_256_GCM_SHA384_BYTES);
sess = SSL_SESSION_new();
if (!TEST_ptr(sess)
|| !TEST_ptr(cipher)
|| !TEST_true(SSL_SESSION_set1_master_key(sess, key,
sizeof(key)))
|| !TEST_true(SSL_SESSION_set_cipher(sess, cipher))
|| !TEST_true(
SSL_SESSION_set_protocol_version(sess,
TLS1_3_VERSION))) {
SSL_SESSION_free(sess);
return NULL;
}
return sess;
}
/*
* Helper method to setup objects for early data test. Caller frees objects on
* error.
*/
static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl,
SSL **serverssl, SSL_SESSION **sess, int idx)
{
if (*sctx == NULL
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
sctx, cctx, cert, privkey)))
return 0;
if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH)))
return 0;
if (idx == 1) {
/* When idx == 1 we repeat the tests with read_ahead set */
SSL_CTX_set_read_ahead(*cctx, 1);
SSL_CTX_set_read_ahead(*sctx, 1);
} else if (idx == 2) {
/* When idx == 2 we are doing early_data with a PSK. Set up callbacks */
SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb);
SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb);
use_session_cb_cnt = 0;
find_session_cb_cnt = 0;
srvid = pskid;
}
if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl,
NULL, NULL)))
return 0;
/*
* For one of the run throughs (doesn't matter which one), we'll try sending
* some SNI data in the initial ClientHello. This will be ignored (because
* there is no SNI cb set up by the server), so it should not impact
* early_data.
*/
if (idx == 1
&& !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost")))
return 0;
if (idx == 2) {
clientpsk = create_a_psk(*clientssl);
if (!TEST_ptr(clientpsk)
/*
* We just choose an arbitrary value for max_early_data which
* should be big enough for testing purposes.
*/
|| !TEST_true(SSL_SESSION_set_max_early_data(clientpsk,
0x100))
|| !TEST_true(SSL_SESSION_up_ref(clientpsk))) {
SSL_SESSION_free(clientpsk);
clientpsk = NULL;
return 0;
}
serverpsk = clientpsk;
if (sess != NULL) {
if (!TEST_true(SSL_SESSION_up_ref(clientpsk))) {
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
return 0;
}
*sess = clientpsk;
}
return 1;
}
if (sess == NULL)
return 1;
if (!TEST_true(create_ssl_connection(*serverssl, *clientssl,
SSL_ERROR_NONE)))
return 0;
*sess = SSL_get1_session(*clientssl);
SSL_shutdown(*clientssl);
SSL_shutdown(*serverssl);
SSL_free(*serverssl);
SSL_free(*clientssl);
*serverssl = *clientssl = NULL;
if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl,
clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(*clientssl, *sess)))
return 0;
return 1;
}
static int test_early_data_read_write(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
unsigned char buf[20], data[1024];
size_t readbytes, written, eoedlen, rawread, rawwritten;
BIO *rbio;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx)))
goto end;
/* Write and read some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1))
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf,
sizeof(buf), &readbytes),
SSL_READ_EARLY_DATA_SUCCESS)
|| !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
/*
* Server should be able to write data, and client should be able to
* read it.
*/
if (!TEST_true(SSL_write_early_data(serverssl, MSG2, strlen(MSG2),
&written))
|| !TEST_size_t_eq(written, strlen(MSG2))
|| !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
/* Even after reading normal data, client should be able write early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG3, strlen(MSG3),
&written))
|| !TEST_size_t_eq(written, strlen(MSG3)))
goto end;
/* Server should still be able read early data after writing data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_SUCCESS)
|| !TEST_mem_eq(buf, readbytes, MSG3, strlen(MSG3)))
goto end;
/* Write more data from server and read it from client */
if (!TEST_true(SSL_write_early_data(serverssl, MSG4, strlen(MSG4),
&written))
|| !TEST_size_t_eq(written, strlen(MSG4))
|| !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG4, strlen(MSG4)))
goto end;
/*
* If client writes normal data it should mean writing early data is no
* longer possible.
*/
if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
|| !TEST_size_t_eq(written, strlen(MSG5))
|| !TEST_int_eq(SSL_get_early_data_status(clientssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
/*
* At this point the client has written EndOfEarlyData, ClientFinished and
* normal (fully protected) data. We are going to cause a delay between the
* arrival of EndOfEarlyData and ClientFinished. We read out all the data
* in the read BIO, and then just put back the EndOfEarlyData message.
*/
rbio = SSL_get_rbio(serverssl);
if (!TEST_true(BIO_read_ex(rbio, data, sizeof(data), &rawread))
|| !TEST_size_t_lt(rawread, sizeof(data))
|| !TEST_size_t_gt(rawread, SSL3_RT_HEADER_LENGTH))
goto end;
/* Record length is in the 4th and 5th bytes of the record header */
eoedlen = SSL3_RT_HEADER_LENGTH + (data[3] << 8 | data[4]);
if (!TEST_true(BIO_write_ex(rbio, data, eoedlen, &rawwritten))
|| !TEST_size_t_eq(rawwritten, eoedlen))
goto end;
/* Server should be told that there is no more early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH)
|| !TEST_size_t_eq(readbytes, 0))
goto end;
/*
* Server has not finished init yet, so should still be able to write early
* data.
*/
if (!TEST_true(SSL_write_early_data(serverssl, MSG6, strlen(MSG6),
&written))
|| !TEST_size_t_eq(written, strlen(MSG6)))
goto end;
/* Push the ClientFinished and the normal data back into the server rbio */
if (!TEST_true(BIO_write_ex(rbio, data + eoedlen, rawread - eoedlen,
&rawwritten))
|| !TEST_size_t_eq(rawwritten, rawread - eoedlen))
goto end;
/* Server should be able to read normal data */
if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_size_t_eq(readbytes, strlen(MSG5)))
goto end;
/* Client and server should not be able to write/read early data now */
if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
&written)))
goto end;
ERR_clear_error();
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_ERROR))
goto end;
ERR_clear_error();
/* Client should be able to read the data sent by the server */
if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG6, strlen(MSG6)))
goto end;
/*
* Make sure we process the two NewSessionTickets. These arrive
* post-handshake. We attempt reads which we do not expect to return any
* data.
*/
if (!TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_false(SSL_read_ex(clientssl, buf, sizeof(buf),
&readbytes)))
goto end;
/* Server should be able to write normal data */
if (!TEST_true(SSL_write_ex(serverssl, MSG7, strlen(MSG7), &written))
|| !TEST_size_t_eq(written, strlen(MSG7))
|| !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG7, strlen(MSG7)))
goto end;
SSL_SESSION_free(sess);
sess = SSL_get1_session(clientssl);
use_session_cb_cnt = 0;
find_session_cb_cnt = 0;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sess)))
goto end;
/* Write and read some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1))
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_SUCCESS)
|| !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
goto end;
if (!TEST_int_gt(SSL_connect(clientssl), 0)
|| !TEST_int_gt(SSL_accept(serverssl), 0))
goto end;
/* Client and server should not be able to write/read early data now */
if (!TEST_false(SSL_write_early_data(clientssl, MSG6, strlen(MSG6),
&written)))
goto end;
ERR_clear_error();
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_ERROR))
goto end;
ERR_clear_error();
/* Client and server should be able to write/read normal data */
if (!TEST_true(SSL_write_ex(clientssl, MSG5, strlen(MSG5), &written))
|| !TEST_size_t_eq(written, strlen(MSG5))
|| !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_size_t_eq(readbytes, strlen(MSG5)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int allow_ed_cb_called = 0;
static int allow_early_data_cb(SSL *s, void *arg)
{
int *usecb = (int *)arg;
allow_ed_cb_called++;
if (*usecb == 1)
return 0;
return 1;
}
/*
* idx == 0: Standard early_data setup
* idx == 1: early_data setup using read_ahead
* usecb == 0: Don't use a custom early data callback
* usecb == 1: Use a custom early data callback and reject the early data
* usecb == 2: Use a custom early data callback and accept the early data
* confopt == 0: Configure anti-replay directly
* confopt == 1: Configure anti-replay using SSL_CONF
*/
static int test_early_data_replay_int(int idx, int usecb, int confopt)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
size_t readbytes, written;
unsigned char buf[20];
allow_ed_cb_called = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION, &sctx,
&cctx, cert, privkey)))
return 0;
if (usecb > 0) {
if (confopt == 0) {
SSL_CTX_set_options(sctx, SSL_OP_NO_ANTI_REPLAY);
} else {
SSL_CONF_CTX *confctx = SSL_CONF_CTX_new();
if (!TEST_ptr(confctx))
goto end;
SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE
| SSL_CONF_FLAG_SERVER);
SSL_CONF_CTX_set_ssl_ctx(confctx, sctx);
if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"),
2)) {
SSL_CONF_CTX_free(confctx);
goto end;
}
SSL_CONF_CTX_free(confctx);
}
SSL_CTX_set_allow_early_data_cb(sctx, allow_early_data_cb, &usecb);
}
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx)))
goto end;
/*
* The server is configured to accept early data. Create a connection to
* "use up" the ticket
*/
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sess)))
goto end;
/* Write and read some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1)))
goto end;
if (usecb <= 1) {
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH)
/*
* The ticket was reused, so the we should have rejected the
* early data
*/
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_REJECTED))
goto end;
} else {
/* In this case the callback decides to accept the early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_SUCCESS)
|| !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes)
/*
* Server will have sent its flight so client can now send
* end of early data and complete its half of the handshake
*/
|| !TEST_int_gt(SSL_connect(clientssl), 0)
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
}
/* Complete the connection */
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
|| !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0)
|| !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_early_data_replay(int idx)
{
int ret = 1, usecb, confopt;
for (usecb = 0; usecb < 3; usecb++) {
for (confopt = 0; confopt < 2; confopt++)
ret &= test_early_data_replay_int(idx, usecb, confopt);
}
return ret;
}
/*
* Helper function to test that a server attempting to read early data can
* handle a connection from a client where the early data should be skipped.
* testtype: 0 == No HRR
* testtype: 1 == HRR
* testtype: 2 == HRR, invalid early_data sent after HRR
* testtype: 3 == recv_max_early_data set to 0
*/
static int early_data_skip_helper(int testtype, int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx)))
goto end;
if (testtype == 1 || testtype == 2) {
/* Force an HRR to occur */
if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
goto end;
} else if (idx == 2) {
/*
* We force early_data rejection by ensuring the PSK identity is
* unrecognised
*/
srvid = "Dummy Identity";
} else {
/*
* Deliberately corrupt the creation time. We take 20 seconds off the
* time. It could be any value as long as it is not within tolerance.
* This should mean the ticket is rejected.
*/
if (!TEST_true(SSL_SESSION_set_time(sess, (long)(time(NULL) - 20))))
goto end;
}
if (testtype == 3
&& !TEST_true(SSL_set_recv_max_early_data(serverssl, 0)))
goto end;
/* Write some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1)))
goto end;
/* Server should reject the early data */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH)
|| !TEST_size_t_eq(readbytes, 0)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_REJECTED))
goto end;
switch (testtype) {
case 0:
/* Nothing to do */
break;
case 1:
/*
* Finish off the handshake. We perform the same writes and reads as
* further down but we expect them to fail due to the incomplete
* handshake.
*/
if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
|| !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf),
&readbytes)))
goto end;
break;
case 2:
{
BIO *wbio = SSL_get_wbio(clientssl);
/* A record that will appear as bad early_data */
const unsigned char bad_early_data[] = {
0x17, 0x03, 0x03, 0x00, 0x01, 0x00
};
/*
* We force the client to attempt a write. This will fail because
* we're still in the handshake. It will cause the second
* ClientHello to be sent.
*/
if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2),
&written)))
goto end;
/*
* Inject some early_data after the second ClientHello. This should
* cause the server to fail
*/
if (!TEST_true(BIO_write_ex(wbio, bad_early_data,
sizeof(bad_early_data), &written)))
goto end;
}
/* fallthrough */
case 3:
/*
* This client has sent more early_data than we are willing to skip
* (case 3) or sent invalid early_data (case 2) so the connection should
* abort.
*/
if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL))
goto end;
/* Connection has failed - nothing more to do */
testresult = 1;
goto end;
default:
TEST_error("Invalid test type");
goto end;
}
/*
* Should be able to send normal data despite rejection of early data. The
* early_data should be skipped.
*/
if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
|| !TEST_size_t_eq(written, strlen(MSG2))
|| !TEST_int_eq(SSL_get_early_data_status(clientssl),
SSL_EARLY_DATA_REJECTED)
|| !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test that a server attempting to read early data can handle a connection
* from a client where the early data is not acceptable.
*/
static int test_early_data_skip(int idx)
{
return early_data_skip_helper(0, idx);
}
/*
* Test that a server attempting to read early data can handle a connection
* from a client where an HRR occurs.
*/
static int test_early_data_skip_hrr(int idx)
{
return early_data_skip_helper(1, idx);
}
/*
* Test that a server attempting to read early data can handle a connection
* from a client where an HRR occurs and correctly fails if early_data is sent
* after the HRR
*/
static int test_early_data_skip_hrr_fail(int idx)
{
return early_data_skip_helper(2, idx);
}
/*
* Test that a server attempting to read early data will abort if it tries to
* skip over too much.
*/
static int test_early_data_skip_abort(int idx)
{
return early_data_skip_helper(3, idx);
}
/*
* Test that a server attempting to read early data can handle a connection
* from a client that doesn't send any.
*/
static int test_early_data_not_sent(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx)))
goto end;
/* Write some data - should block due to handshake with server */
SSL_set_connect_state(clientssl);
if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
goto end;
/* Server should detect that early data has not been sent */
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH)
|| !TEST_size_t_eq(readbytes, 0)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_NOT_SENT)
|| !TEST_int_eq(SSL_get_early_data_status(clientssl),
SSL_EARLY_DATA_NOT_SENT))
goto end;
/* Continue writing the message we started earlier */
if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
|| !TEST_size_t_eq(written, strlen(MSG1))
|| !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
|| !SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written)
|| !TEST_size_t_eq(written, strlen(MSG2)))
goto end;
if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int hostname_cb(SSL *s, int *al, void *arg)
{
const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (hostname != NULL && strcmp(hostname, "goodhost") == 0)
return SSL_TLSEXT_ERR_OK;
return SSL_TLSEXT_ERR_NOACK;
}
static const char *servalpn;
static int alpn_select_cb(SSL *ssl, const unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg)
{
unsigned int protlen = 0;
const unsigned char *prot;
for (prot = in; prot < in + inlen; prot += protlen) {
protlen = *prot++;
if (in + inlen < prot + protlen)
return SSL_TLSEXT_ERR_NOACK;
if (protlen == strlen(servalpn)
&& memcmp(prot, servalpn, protlen) == 0) {
*out = prot;
*outlen = protlen;
return SSL_TLSEXT_ERR_OK;
}
}
return SSL_TLSEXT_ERR_NOACK;
}
/* Test that a PSK can be used to send early_data */
static int test_early_data_psk(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
unsigned char alpnlist[] = {
0x08, 'g', 'o', 'o', 'd', 'a', 'l', 'p', 'n', 0x07, 'b', 'a', 'd', 'a',
'l', 'p', 'n'
};
#define GOODALPNLEN 9
#define BADALPNLEN 8
#define GOODALPN (alpnlist)
#define BADALPN (alpnlist + GOODALPNLEN)
int err = 0;
unsigned char buf[20];
size_t readbytes, written;
int readearlyres = SSL_READ_EARLY_DATA_SUCCESS, connectres = 1;
int edstatus = SSL_EARLY_DATA_ACCEPTED;
/* We always set this up with a final parameter of "2" for PSK */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, 2)))
goto end;
servalpn = "goodalpn";
/*
* Note: There is no test for inconsistent SNI with late client detection.
* This is because servers do not acknowledge SNI even if they are using
* it in a resumption handshake - so it is not actually possible for a
* client to detect a problem.
*/
switch (idx) {
case 0:
/* Set inconsistent SNI (early client detection) */
err = SSL_R_INCONSISTENT_EARLY_DATA_SNI;
if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
|| !TEST_true(SSL_set_tlsext_host_name(clientssl, "badhost")))
goto end;
break;
case 1:
/* Set inconsistent ALPN (early client detection) */
err = SSL_R_INCONSISTENT_EARLY_DATA_ALPN;
/* SSL_set_alpn_protos returns 0 for success and 1 for failure */
if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN,
GOODALPNLEN))
|| !TEST_false(SSL_set_alpn_protos(clientssl, BADALPN,
BADALPNLEN)))
goto end;
break;
case 2:
/*
* Set invalid protocol version. Technically this affects PSKs without
* early_data too, but we test it here because it is similar to the
* SNI/ALPN consistency tests.
*/
err = SSL_R_BAD_PSK;
if (!TEST_true(SSL_SESSION_set_protocol_version(sess, TLS1_2_VERSION)))
goto end;
break;
case 3:
/*
* Set inconsistent SNI (server detected). In this case the connection
* will succeed but reject early_data.
*/
SSL_SESSION_free(serverpsk);
serverpsk = SSL_SESSION_dup(clientpsk);
if (!TEST_ptr(serverpsk)
|| !TEST_true(SSL_SESSION_set1_hostname(serverpsk, "badhost")))
goto end;
edstatus = SSL_EARLY_DATA_REJECTED;
readearlyres = SSL_READ_EARLY_DATA_FINISH;
/* Fall through */
case 4:
/* Set consistent SNI */
if (!TEST_true(SSL_SESSION_set1_hostname(sess, "goodhost"))
|| !TEST_true(SSL_set_tlsext_host_name(clientssl, "goodhost"))
|| !TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx,
hostname_cb)))
goto end;
break;
case 5:
/*
* Set inconsistent ALPN (server detected). In this case the connection
* will succeed but reject early_data.
*/
servalpn = "badalpn";
edstatus = SSL_EARLY_DATA_REJECTED;
readearlyres = SSL_READ_EARLY_DATA_FINISH;
/* Fall through */
case 6:
/*
* Set consistent ALPN.
* SSL_set_alpn_protos returns 0 for success and 1 for failure. It
* accepts a list of protos (each one length prefixed).
* SSL_set1_alpn_selected accepts a single protocol (not length
* prefixed)
*/
if (!TEST_true(SSL_SESSION_set1_alpn_selected(sess, GOODALPN + 1,
GOODALPNLEN - 1))
|| !TEST_false(SSL_set_alpn_protos(clientssl, GOODALPN,
GOODALPNLEN)))
goto end;
SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
break;
case 7:
/* Set inconsistent ALPN (late client detection) */
SSL_SESSION_free(serverpsk);
serverpsk = SSL_SESSION_dup(clientpsk);
if (!TEST_ptr(serverpsk)
|| !TEST_true(SSL_SESSION_set1_alpn_selected(clientpsk,
BADALPN + 1,
BADALPNLEN - 1))
|| !TEST_true(SSL_SESSION_set1_alpn_selected(serverpsk,
GOODALPN + 1,
GOODALPNLEN - 1))
|| !TEST_false(SSL_set_alpn_protos(clientssl, alpnlist,
sizeof(alpnlist))))
goto end;
SSL_CTX_set_alpn_select_cb(sctx, alpn_select_cb, NULL);
edstatus = SSL_EARLY_DATA_ACCEPTED;
readearlyres = SSL_READ_EARLY_DATA_SUCCESS;
/* SSL_connect() call should fail */
connectres = -1;
break;
default:
TEST_error("Bad test index");
goto end;
}
SSL_set_connect_state(clientssl);
if (err != 0) {
if (!TEST_false(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_int_eq(SSL_get_error(clientssl, 0), SSL_ERROR_SSL)
|| !TEST_int_eq(ERR_GET_REASON(ERR_get_error()), err))
goto end;
} else {
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes), readearlyres)
|| (readearlyres == SSL_READ_EARLY_DATA_SUCCESS
&& !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1)))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl), edstatus)
|| !TEST_int_eq(SSL_connect(clientssl), connectres))
goto end;
}
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test that a server that doesn't try to read early data can handle a
* client sending some.
*/
static int test_early_data_not_expected(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
SSL_SESSION *sess = NULL;
unsigned char buf[20];
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, idx)))
goto end;
/* Write some early data */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written)))
goto end;
/*
* Server should skip over early data and then block waiting for client to
* continue handshake
*/
if (!TEST_int_le(SSL_accept(serverssl), 0)
|| !TEST_int_gt(SSL_connect(clientssl), 0)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_REJECTED)
|| !TEST_int_gt(SSL_accept(serverssl), 0)
|| !TEST_int_eq(SSL_get_early_data_status(clientssl),
SSL_EARLY_DATA_REJECTED))
goto end;
/* Send some normal data from client to server */
if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written))
|| !TEST_size_t_eq(written, strlen(MSG2)))
goto end;
if (!TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
# ifndef OPENSSL_NO_TLS1_2
/*
* Test that a server attempting to read early data can handle a connection
* from a TLSv1.2 client.
*/
static int test_early_data_tls1_2(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
unsigned char buf[20];
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, NULL, idx)))
goto end;
/* Write some data - should block due to handshake with server */
SSL_set_max_proto_version(clientssl, TLS1_2_VERSION);
SSL_set_connect_state(clientssl);
if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written)))
goto end;
/*
* Server should do TLSv1.2 handshake. First it will block waiting for more
* messages from client after ServerDone. Then SSL_read_early_data should
* finish and detect that early data has not been sent
*/
if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_ERROR))
goto end;
/*
* Continue writing the message we started earlier. Will still block waiting
* for the CCS/Finished from server
*/
if (!TEST_false(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_FINISH)
|| !TEST_size_t_eq(readbytes, 0)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_NOT_SENT))
goto end;
/* Continue writing the message we started earlier */
if (!TEST_true(SSL_write_ex(clientssl, MSG1, strlen(MSG1), &written))
|| !TEST_size_t_eq(written, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(clientssl),
SSL_EARLY_DATA_NOT_SENT)
|| !TEST_true(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_mem_eq(buf, readbytes, MSG1, strlen(MSG1))
|| !TEST_true(SSL_write_ex(serverssl, MSG2, strlen(MSG2), &written))
|| !TEST_size_t_eq(written, strlen(MSG2))
|| !SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes)
|| !TEST_mem_eq(buf, readbytes, MSG2, strlen(MSG2)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
# endif /* OPENSSL_NO_TLS1_2 */
/*
* Test configuring the TLSv1.3 ciphersuites
*
* Test 0: Set a default ciphersuite in the SSL_CTX (no explicit cipher_list)
* Test 1: Set a non-default ciphersuite in the SSL_CTX (no explicit cipher_list)
* Test 2: Set a default ciphersuite in the SSL (no explicit cipher_list)
* Test 3: Set a non-default ciphersuite in the SSL (no explicit cipher_list)
* Test 4: Set a default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
* Test 5: Set a non-default ciphersuite in the SSL_CTX (SSL_CTX cipher_list)
* Test 6: Set a default ciphersuite in the SSL (SSL_CTX cipher_list)
* Test 7: Set a non-default ciphersuite in the SSL (SSL_CTX cipher_list)
* Test 8: Set a default ciphersuite in the SSL (SSL cipher_list)
* Test 9: Set a non-default ciphersuite in the SSL (SSL cipher_list)
*/
static int test_set_ciphersuite(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256")))
goto end;
if (idx >=4 && idx <= 7) {
/* SSL_CTX explicit cipher list */
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES256-GCM-SHA384")))
goto end;
}
if (idx == 0 || idx == 4) {
/* Default ciphersuite */
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256")))
goto end;
} else if (idx == 1 || idx == 5) {
/* Non default ciphersuite */
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_CCM_SHA256")))
goto end;
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
if (idx == 8 || idx == 9) {
/* SSL explicit cipher list */
if (!TEST_true(SSL_set_cipher_list(clientssl, "AES256-GCM-SHA384")))
goto end;
}
if (idx == 2 || idx == 6 || idx == 8) {
/* Default ciphersuite */
if (!TEST_true(SSL_set_ciphersuites(clientssl,
"TLS_AES_128_GCM_SHA256")))
goto end;
} else if (idx == 3 || idx == 7 || idx == 9) {
/* Non default ciphersuite */
if (!TEST_true(SSL_set_ciphersuites(clientssl,
"TLS_AES_128_CCM_SHA256")))
goto end;
}
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_ciphersuite_change(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
SSL_SESSION *clntsess = NULL;
int testresult = 0;
const SSL_CIPHER *aes_128_gcm_sha256 = NULL;
/* Create a session based on SHA-256 */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))
|| !TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
clntsess = SSL_get1_session(clientssl);
/* Save for later */
aes_128_gcm_sha256 = SSL_SESSION_get0_cipher(clntsess);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
/* Check we can resume a session with a different SHA-256 ciphersuite */
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_CHACHA20_POLY1305_SHA256"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl)))
goto end;
SSL_SESSION_free(clntsess);
clntsess = SSL_get1_session(clientssl);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
# endif
/*
* Check attempting to resume a SHA-256 session with no SHA-256 ciphersuites
* succeeds but does not resume.
*/
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_SSL))
|| !TEST_false(SSL_session_reused(clientssl)))
goto end;
SSL_SESSION_free(clntsess);
clntsess = NULL;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
/* Create a session based on SHA384 */
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx, "TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
clntsess = SSL_get1_session(clientssl);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384"))
|| !TEST_true(SSL_CTX_set_ciphersuites(sctx,
"TLS_AES_256_GCM_SHA384"))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess))
/*
* We use SSL_ERROR_WANT_READ below so that we can pause the
* connection after the initial ClientHello has been sent to
* enable us to make some session changes.
*/
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_WANT_READ)))
goto end;
/* Trick the client into thinking this session is for a different digest */
clntsess->cipher = aes_128_gcm_sha256;
clntsess->cipher_id = clntsess->cipher->id;
/*
* Continue the previously started connection. Server has selected a SHA-384
* ciphersuite, but client thinks the session is for SHA-256, so it should
* bail out.
*/
if (!TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_SSL))
|| !TEST_int_eq(ERR_GET_REASON(ERR_get_error()),
SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED))
goto end;
testresult = 1;
end:
SSL_SESSION_free(clntsess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test TLSv1.3 PSKs
* Test 0 = Test new style callbacks
* Test 1 = Test both new and old style callbacks
* Test 2 = Test old style callbacks
* Test 3 = Test old style callbacks with no certificate
*/
static int test_tls13_psk(int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
const SSL_CIPHER *cipher = NULL;
const unsigned char key[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
};
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, idx == 3 ? NULL : cert,
idx == 3 ? NULL : privkey)))
goto end;
if (idx != 3) {
/*
* We use a ciphersuite with SHA256 to ease testing old style PSK
* callbacks which will always default to SHA256. This should not be
* necessary if we have no cert/priv key. In that case the server should
* prefer SHA256 automatically.
*/
if (!TEST_true(SSL_CTX_set_ciphersuites(cctx,
"TLS_AES_128_GCM_SHA256")))
goto end;
}
/*
* Test 0: New style callbacks only
* Test 1: New and old style callbacks (only the new ones should be used)
* Test 2: Old style callbacks only
*/
if (idx == 0 || idx == 1) {
SSL_CTX_set_psk_use_session_callback(cctx, use_session_cb);
SSL_CTX_set_psk_find_session_callback(sctx, find_session_cb);
}
#ifndef OPENSSL_NO_PSK
if (idx >= 1) {
SSL_CTX_set_psk_client_callback(cctx, psk_client_cb);
SSL_CTX_set_psk_server_callback(sctx, psk_server_cb);
}
#endif
srvid = pskid;
use_session_cb_cnt = 0;
find_session_cb_cnt = 0;
psk_client_cb_cnt = 0;
psk_server_cb_cnt = 0;
if (idx != 3) {
/*
* Check we can create a connection if callback decides not to send a
* PSK
*/
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(SSL_session_reused(clientssl))
|| !TEST_false(SSL_session_reused(serverssl)))
goto end;
if (idx == 0 || idx == 1) {
if (!TEST_true(use_session_cb_cnt == 1)
|| !TEST_true(find_session_cb_cnt == 0)
/*
* If no old style callback then below should be 0
* otherwise 1
*/
|| !TEST_true(psk_client_cb_cnt == idx)
|| !TEST_true(psk_server_cb_cnt == 0))
goto end;
} else {
if (!TEST_true(use_session_cb_cnt == 0)
|| !TEST_true(find_session_cb_cnt == 0)
|| !TEST_true(psk_client_cb_cnt == 1)
|| !TEST_true(psk_server_cb_cnt == 0))
goto end;
}
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
use_session_cb_cnt = psk_client_cb_cnt = 0;
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
/* Create the PSK */
cipher = SSL_CIPHER_find(clientssl, TLS13_AES_128_GCM_SHA256_BYTES);
clientpsk = SSL_SESSION_new();
if (!TEST_ptr(clientpsk)
|| !TEST_ptr(cipher)
|| !TEST_true(SSL_SESSION_set1_master_key(clientpsk, key,
sizeof(key)))
|| !TEST_true(SSL_SESSION_set_cipher(clientpsk, cipher))
|| !TEST_true(SSL_SESSION_set_protocol_version(clientpsk,
TLS1_3_VERSION))
|| !TEST_true(SSL_SESSION_up_ref(clientpsk)))
goto end;
serverpsk = clientpsk;
/* Check we can create a connection and the PSK is used */
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl))
|| !TEST_true(SSL_session_reused(serverssl)))
goto end;
if (idx == 0 || idx == 1) {
if (!TEST_true(use_session_cb_cnt == 1)
|| !TEST_true(find_session_cb_cnt == 1)
|| !TEST_true(psk_client_cb_cnt == 0)
|| !TEST_true(psk_server_cb_cnt == 0))
goto end;
} else {
if (!TEST_true(use_session_cb_cnt == 0)
|| !TEST_true(find_session_cb_cnt == 0)
|| !TEST_true(psk_client_cb_cnt == 1)
|| !TEST_true(psk_server_cb_cnt == 1))
goto end;
}
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
use_session_cb_cnt = find_session_cb_cnt = 0;
psk_client_cb_cnt = psk_server_cb_cnt = 0;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
/* Force an HRR */
if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256")))
goto end;
/*
* Check we can create a connection, the PSK is used and the callbacks are
* called twice.
*/
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl))
|| !TEST_true(SSL_session_reused(serverssl)))
goto end;
if (idx == 0 || idx == 1) {
if (!TEST_true(use_session_cb_cnt == 2)
|| !TEST_true(find_session_cb_cnt == 2)
|| !TEST_true(psk_client_cb_cnt == 0)
|| !TEST_true(psk_server_cb_cnt == 0))
goto end;
} else {
if (!TEST_true(use_session_cb_cnt == 0)
|| !TEST_true(find_session_cb_cnt == 0)
|| !TEST_true(psk_client_cb_cnt == 2)
|| !TEST_true(psk_server_cb_cnt == 2))
goto end;
}
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
use_session_cb_cnt = find_session_cb_cnt = 0;
psk_client_cb_cnt = psk_server_cb_cnt = 0;
if (idx != 3) {
/*
* Check that if the server rejects the PSK we can still connect, but with
* a full handshake
*/
srvid = "Dummy Identity";
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(SSL_session_reused(clientssl))
|| !TEST_false(SSL_session_reused(serverssl)))
goto end;
if (idx == 0 || idx == 1) {
if (!TEST_true(use_session_cb_cnt == 1)
|| !TEST_true(find_session_cb_cnt == 1)
|| !TEST_true(psk_client_cb_cnt == 0)
/*
* If no old style callback then below should be 0
* otherwise 1
*/
|| !TEST_true(psk_server_cb_cnt == idx))
goto end;
} else {
if (!TEST_true(use_session_cb_cnt == 0)
|| !TEST_true(find_session_cb_cnt == 0)
|| !TEST_true(psk_client_cb_cnt == 1)
|| !TEST_true(psk_server_cb_cnt == 1))
goto end;
}
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
}
testresult = 1;
end:
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static unsigned char cookie_magic_value[] = "cookie magic";
static int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
unsigned int *cookie_len)
{
/*
* Not suitable as a real cookie generation function but good enough for
* testing!
*/
memcpy(cookie, cookie_magic_value, sizeof(cookie_magic_value) - 1);
*cookie_len = sizeof(cookie_magic_value) - 1;
return 1;
}
static int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
unsigned int cookie_len)
{
if (cookie_len == sizeof(cookie_magic_value) - 1
&& memcmp(cookie, cookie_magic_value, cookie_len) == 0)
return 1;
return 0;
}
static int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
size_t *cookie_len)
{
unsigned int temp;
int res = generate_cookie_callback(ssl, cookie, &temp);
*cookie_len = temp;
return res;
}
static int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
size_t cookie_len)
{
return verify_cookie_callback(ssl, cookie, cookie_len);
}
static int test_stateless(void)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
/* The arrival of CCS messages can confuse the test */
SSL_CTX_clear_options(cctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
/* Send the first ClientHello */
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_WANT_READ))
/*
* This should fail with a -1 return because we have no callbacks
* set up
*/
|| !TEST_int_eq(SSL_stateless(serverssl), -1))
goto end;
/* Fatal error so abandon the connection from this client */
SSL_free(clientssl);
clientssl = NULL;
/* Set up the cookie generation and verification callbacks */
SSL_CTX_set_stateless_cookie_generate_cb(sctx, generate_stateless_cookie_callback);
SSL_CTX_set_stateless_cookie_verify_cb(sctx, verify_stateless_cookie_callback);
/*
* Create a new connection from the client (we can reuse the server SSL
* object).
*/
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
/* Send the first ClientHello */
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_WANT_READ))
/* This should fail because there is no cookie */
|| !TEST_int_eq(SSL_stateless(serverssl), 0))
goto end;
/* Abandon the connection from this client */
SSL_free(clientssl);
clientssl = NULL;
/*
* Now create a connection from a new client but with the same server SSL
* object
*/
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
/* Send the first ClientHello */
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_WANT_READ))
/* This should fail because there is no cookie */
|| !TEST_int_eq(SSL_stateless(serverssl), 0)
/* Send the second ClientHello */
|| !TEST_false(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_WANT_READ))
/* This should succeed because a cookie is now present */
|| !TEST_int_eq(SSL_stateless(serverssl), 1)
/* Complete the connection */
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
shutdown_ssl_connection(serverssl, clientssl);
serverssl = clientssl = NULL;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif /* OPENSSL_NO_TLS1_3 */
static int clntaddoldcb = 0;
static int clntparseoldcb = 0;
static int srvaddoldcb = 0;
static int srvparseoldcb = 0;
static int clntaddnewcb = 0;
static int clntparsenewcb = 0;
static int srvaddnewcb = 0;
static int srvparsenewcb = 0;
static int snicb = 0;
#define TEST_EXT_TYPE1 0xff00
static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned char **out,
size_t *outlen, int *al, void *add_arg)
{
int *server = (int *)add_arg;
unsigned char *data;
if (SSL_is_server(s))
srvaddoldcb++;
else
clntaddoldcb++;
if (*server != SSL_is_server(s)
|| (data = OPENSSL_malloc(sizeof(*data))) == NULL)
return -1;
*data = 1;
*out = data;
*outlen = sizeof(char);
return 1;
}
static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned char *out,
void *add_arg)
{
OPENSSL_free((unsigned char *)out);
}
static int old_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in,
size_t inlen, int *al, void *parse_arg)
{
int *server = (int *)parse_arg;
if (SSL_is_server(s))
srvparseoldcb++;
else
clntparseoldcb++;
if (*server != SSL_is_server(s)
|| inlen != sizeof(char)
|| *in != 1)
return -1;
return 1;
}
static int new_add_cb(SSL *s, unsigned int ext_type, unsigned int context,
const unsigned char **out, size_t *outlen, X509 *x,
size_t chainidx, int *al, void *add_arg)
{
int *server = (int *)add_arg;
unsigned char *data;
if (SSL_is_server(s))
srvaddnewcb++;
else
clntaddnewcb++;
if (*server != SSL_is_server(s)
|| (data = OPENSSL_malloc(sizeof(*data))) == NULL)
return -1;
*data = 1;
*out = data;
*outlen = sizeof(*data);
return 1;
}
static void new_free_cb(SSL *s, unsigned int ext_type, unsigned int context,
const unsigned char *out, void *add_arg)
{
OPENSSL_free((unsigned char *)out);
}
static int new_parse_cb(SSL *s, unsigned int ext_type, unsigned int context,
const unsigned char *in, size_t inlen, X509 *x,
size_t chainidx, int *al, void *parse_arg)
{
int *server = (int *)parse_arg;
if (SSL_is_server(s))
srvparsenewcb++;
else
clntparsenewcb++;
if (*server != SSL_is_server(s)
|| inlen != sizeof(char) || *in != 1)
return -1;
return 1;
}
static int sni_cb(SSL *s, int *al, void *arg)
{
SSL_CTX *ctx = (SSL_CTX *)arg;
if (SSL_set_SSL_CTX(s, ctx) == NULL) {
*al = SSL_AD_INTERNAL_ERROR;
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
snicb++;
return SSL_TLSEXT_ERR_OK;
}
/*
* Custom call back tests.
* Test 0: Old style callbacks in TLSv1.2
* Test 1: New style callbacks in TLSv1.2
* Test 2: New style callbacks in TLSv1.2 with SNI
* Test 3: New style callbacks in TLSv1.3. Extensions in CH and EE
* Test 4: New style callbacks in TLSv1.3. Extensions in CH, SH, EE, Cert + NST
*/
static int test_custom_exts(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
static int server = 1;
static int client = 0;
SSL_SESSION *sess = NULL;
unsigned int context;
#if defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_TLS1_3)
/* Skip tests for TLSv1.2 and below in this case */
if (tst < 3)
return 1;
#endif
/* Reset callback counters */
clntaddoldcb = clntparseoldcb = srvaddoldcb = srvparseoldcb = 0;
clntaddnewcb = clntparsenewcb = srvaddnewcb = srvparsenewcb = 0;
snicb = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
if (tst == 2
&& !TEST_true(create_ssl_ctx_pair(TLS_server_method(), NULL,
TLS1_VERSION, TLS_MAX_VERSION,
&sctx2, NULL, cert, privkey)))
goto end;
if (tst < 3) {
SSL_CTX_set_options(cctx, SSL_OP_NO_TLSv1_3);
SSL_CTX_set_options(sctx, SSL_OP_NO_TLSv1_3);
if (sctx2 != NULL)
SSL_CTX_set_options(sctx2, SSL_OP_NO_TLSv1_3);
}
if (tst == 4) {
context = SSL_EXT_CLIENT_HELLO
| SSL_EXT_TLS1_2_SERVER_HELLO
| SSL_EXT_TLS1_3_SERVER_HELLO
| SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
| SSL_EXT_TLS1_3_CERTIFICATE
| SSL_EXT_TLS1_3_NEW_SESSION_TICKET;
} else {
context = SSL_EXT_CLIENT_HELLO
| SSL_EXT_TLS1_2_SERVER_HELLO
| SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS;
}
/* Create a client side custom extension */
if (tst == 0) {
if (!TEST_true(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
old_add_cb, old_free_cb,
&client, old_parse_cb,
&client)))
goto end;
} else {
if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1, context,
new_add_cb, new_free_cb,
&client, new_parse_cb, &client)))
goto end;
}
/* Should not be able to add duplicates */
if (!TEST_false(SSL_CTX_add_client_custom_ext(cctx, TEST_EXT_TYPE1,
old_add_cb, old_free_cb,
&client, old_parse_cb,
&client))
|| !TEST_false(SSL_CTX_add_custom_ext(cctx, TEST_EXT_TYPE1,
context, new_add_cb,
new_free_cb, &client,
new_parse_cb, &client)))
goto end;
/* Create a server side custom extension */
if (tst == 0) {
if (!TEST_true(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
old_add_cb, old_free_cb,
&server, old_parse_cb,
&server)))
goto end;
} else {
if (!TEST_true(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1, context,
new_add_cb, new_free_cb,
&server, new_parse_cb, &server)))
goto end;
if (sctx2 != NULL
&& !TEST_true(SSL_CTX_add_custom_ext(sctx2, TEST_EXT_TYPE1,
context, new_add_cb,
new_free_cb, &server,
new_parse_cb, &server)))
goto end;
}
/* Should not be able to add duplicates */
if (!TEST_false(SSL_CTX_add_server_custom_ext(sctx, TEST_EXT_TYPE1,
old_add_cb, old_free_cb,
&server, old_parse_cb,
&server))
|| !TEST_false(SSL_CTX_add_custom_ext(sctx, TEST_EXT_TYPE1,
context, new_add_cb,
new_free_cb, &server,
new_parse_cb, &server)))
goto end;
if (tst == 2) {
/* Set up SNI */
if (!TEST_true(SSL_CTX_set_tlsext_servername_callback(sctx, sni_cb))
|| !TEST_true(SSL_CTX_set_tlsext_servername_arg(sctx, sctx2)))
goto end;
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
if (tst == 0) {
if (clntaddoldcb != 1
|| clntparseoldcb != 1
|| srvaddoldcb != 1
|| srvparseoldcb != 1)
goto end;
} else if (tst == 1 || tst == 2 || tst == 3) {
if (clntaddnewcb != 1
|| clntparsenewcb != 1
|| srvaddnewcb != 1
|| srvparsenewcb != 1
|| (tst != 2 && snicb != 0)
|| (tst == 2 && snicb != 1))
goto end;
} else {
/* In this case there 2 NewSessionTicket messages created */
if (clntaddnewcb != 1
|| clntparsenewcb != 5
|| srvaddnewcb != 5
|| srvparsenewcb != 1)
goto end;
}
sess = SSL_get1_session(clientssl);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
if (tst == 3) {
/* We don't bother with the resumption aspects for this test */
testresult = 1;
goto end;
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(SSL_set_session(clientssl, sess))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
/*
* For a resumed session we expect to add the ClientHello extension. For the
* old style callbacks we ignore it on the server side because they set
* SSL_EXT_IGNORE_ON_RESUMPTION. The new style callbacks do not ignore
* them.
*/
if (tst == 0) {
if (clntaddoldcb != 2
|| clntparseoldcb != 1
|| srvaddoldcb != 1
|| srvparseoldcb != 1)
goto end;
} else if (tst == 1 || tst == 2 || tst == 3) {
if (clntaddnewcb != 2
|| clntparsenewcb != 2
|| srvaddnewcb != 2
|| srvparsenewcb != 2)
goto end;
} else {
/*
* No Certificate message extensions in the resumption handshake,
* 2 NewSessionTickets in the initial handshake, 1 in the resumption
*/
if (clntaddnewcb != 2
|| clntparsenewcb != 8
|| srvaddnewcb != 8
|| srvparsenewcb != 2)
goto end;
}
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx2);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test loading of serverinfo data in various formats. test_sslmessages actually
* tests to make sure the extensions appear in the handshake
*/
static int test_serverinfo(int tst)
{
unsigned int version;
unsigned char *sibuf;
size_t sibuflen;
int ret, expected, testresult = 0;
SSL_CTX *ctx;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx))
goto end;
if ((tst & 0x01) == 0x01)
version = SSL_SERVERINFOV2;
else
version = SSL_SERVERINFOV1;
if ((tst & 0x02) == 0x02) {
sibuf = serverinfov2;
sibuflen = sizeof(serverinfov2);
expected = (version == SSL_SERVERINFOV2);
} else {
sibuf = serverinfov1;
sibuflen = sizeof(serverinfov1);
expected = (version == SSL_SERVERINFOV1);
}
if ((tst & 0x04) == 0x04) {
ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen);
} else {
ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen);
/*
* The version variable is irrelevant in this case - it's what is in the
* buffer that matters
*/
if ((tst & 0x02) == 0x02)
expected = 0;
else
expected = 1;
}
if (!TEST_true(ret == expected))
goto end;
testresult = 1;
end:
SSL_CTX_free(ctx);
return testresult;
}
/*
* Test that SSL_export_keying_material() produces expected results. There are
* no test vectors so all we do is test that both sides of the communication
* produce the same results for different protocol versions.
*/
static int test_export_key_mat(int tst)
{
int testresult = 0;
SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
const char label[] = "test label";
const unsigned char context[] = "context";
const unsigned char *emptycontext = NULL;
unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
const int protocols[] = {
TLS1_VERSION,
TLS1_1_VERSION,
TLS1_2_VERSION,
TLS1_3_VERSION
};
#ifdef OPENSSL_NO_TLS1
if (tst == 0)
return 1;
#endif
#ifdef OPENSSL_NO_TLS1_1
if (tst == 1)
return 1;
#endif
#ifdef OPENSSL_NO_TLS1_2
if (tst == 2)
return 1;
#endif
#ifdef OPENSSL_NO_TLS1_3
if (tst == 3)
return 1;
#endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
OPENSSL_assert(tst >= 0 && (size_t)tst < OSSL_NELEM(protocols));
SSL_CTX_set_max_proto_version(cctx, protocols[tst]);
SSL_CTX_set_min_proto_version(cctx, protocols[tst]);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
sizeof(ckeymat1), label,
sizeof(label) - 1, context,
sizeof(context) - 1, 1), 1)
|| !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
sizeof(ckeymat2), label,
sizeof(label) - 1,
emptycontext,
0, 1), 1)
|| !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
sizeof(ckeymat3), label,
sizeof(label) - 1,
NULL, 0, 0), 1)
|| !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
sizeof(skeymat1), label,
sizeof(label) - 1,
context,
sizeof(context) -1, 1),
1)
|| !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
sizeof(skeymat2), label,
sizeof(label) - 1,
emptycontext,
0, 1), 1)
|| !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
sizeof(skeymat3), label,
sizeof(label) - 1,
NULL, 0, 0), 1)
/*
* Check that both sides created the same key material with the
* same context.
*/
|| !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
sizeof(skeymat1))
/*
* Check that both sides created the same key material with an
* empty context.
*/
|| !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
sizeof(skeymat2))
/*
* Check that both sides created the same key material without a
* context.
*/
|| !TEST_mem_eq(ckeymat3, sizeof(ckeymat3), skeymat3,
sizeof(skeymat3))
/* Different contexts should produce different results */
|| !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
sizeof(ckeymat2)))
goto end;
/*
* Check that an empty context and no context produce different results in
* protocols less than TLSv1.3. In TLSv1.3 they should be the same.
*/
if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
sizeof(ckeymat3)))
|| (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
sizeof(ckeymat3))))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx2);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#ifndef OPENSSL_NO_TLS1_3
/*
* Test that SSL_export_keying_material_early() produces expected
* results. There are no test vectors so all we do is test that both
* sides of the communication produce the same results for different
* protocol versions.
*/
static int test_export_key_mat_early(int idx)
{
static const char label[] = "test label";
static const unsigned char context[] = "context";
int testresult = 0;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
SSL_SESSION *sess = NULL;
const unsigned char *emptycontext = NULL;
unsigned char ckeymat1[80], ckeymat2[80];
unsigned char skeymat1[80], skeymat2[80];
unsigned char buf[1];
size_t readbytes, written;
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl,
&sess, idx)))
goto end;
/* Here writing 0 length early data is enough. */
if (!TEST_true(SSL_write_early_data(clientssl, NULL, 0, &written))
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf),
&readbytes),
SSL_READ_EARLY_DATA_ERROR)
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED))
goto end;
if (!TEST_int_eq(SSL_export_keying_material_early(
clientssl, ckeymat1, sizeof(ckeymat1), label,
sizeof(label) - 1, context, sizeof(context) - 1), 1)
|| !TEST_int_eq(SSL_export_keying_material_early(
clientssl, ckeymat2, sizeof(ckeymat2), label,
sizeof(label) - 1, emptycontext, 0), 1)
|| !TEST_int_eq(SSL_export_keying_material_early(
serverssl, skeymat1, sizeof(skeymat1), label,
sizeof(label) - 1, context, sizeof(context) - 1), 1)
|| !TEST_int_eq(SSL_export_keying_material_early(
serverssl, skeymat2, sizeof(skeymat2), label,
sizeof(label) - 1, emptycontext, 0), 1)
/*
* Check that both sides created the same key material with the
* same context.
*/
|| !TEST_mem_eq(ckeymat1, sizeof(ckeymat1), skeymat1,
sizeof(skeymat1))
/*
* Check that both sides created the same key material with an
* empty context.
*/
|| !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), skeymat2,
sizeof(skeymat2))
/* Different contexts should produce different results */
|| !TEST_mem_ne(ckeymat1, sizeof(ckeymat1), ckeymat2,
sizeof(ckeymat2)))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_SESSION_free(clientpsk);
SSL_SESSION_free(serverpsk);
clientpsk = serverpsk = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif /* OPENSSL_NO_TLS1_3 */
static int test_ssl_clear(int idx)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
#ifdef OPENSSL_NO_TLS1_2
if (idx == 1)
return 1;
#endif
/* Create an initial connection */
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey))
|| (idx == 1
&& !TEST_true(SSL_CTX_set_max_proto_version(cctx,
TLS1_2_VERSION)))
|| !TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
serverssl = NULL;
/* Clear clientssl - we're going to reuse the object */
if (!TEST_true(SSL_clear(clientssl)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/* Parse CH and retrieve any MFL extension value if present */
static int get_MFL_from_client_hello(BIO *bio, int *mfl_codemfl_code)
{
long len;
unsigned char *data;
PACKET pkt = {0}, pkt2 = {0}, pkt3 = {0};
unsigned int MFL_code = 0, type = 0;
if (!TEST_uint_gt( len = BIO_get_mem_data( bio, (char **) &data ), 0 ) )
goto end;
if (!TEST_true( PACKET_buf_init( &pkt, data, len ) )
/* Skip the record header */
|| !PACKET_forward(&pkt, SSL3_RT_HEADER_LENGTH)
/* Skip the handshake message header */
|| !TEST_true(PACKET_forward(&pkt, SSL3_HM_HEADER_LENGTH))
/* Skip client version and random */
|| !TEST_true(PACKET_forward(&pkt, CLIENT_VERSION_LEN
+ SSL3_RANDOM_SIZE))
/* Skip session id */
|| !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
/* Skip ciphers */
|| !TEST_true(PACKET_get_length_prefixed_2(&pkt, &pkt2))
/* Skip compression */
|| !TEST_true(PACKET_get_length_prefixed_1(&pkt, &pkt2))
/* Extensions len */
|| !TEST_true(PACKET_as_length_prefixed_2(&pkt, &pkt2)))
goto end;
/* Loop through all extensions */
while (PACKET_remaining(&pkt2)) {
if (!TEST_true(PACKET_get_net_2(&pkt2, &type))
|| !TEST_true(PACKET_get_length_prefixed_2(&pkt2, &pkt3)))
goto end;
if (type == TLSEXT_TYPE_max_fragment_length) {
if (!TEST_uint_ne(PACKET_remaining(&pkt3), 0)
|| !TEST_true(PACKET_get_1(&pkt3, &MFL_code)))
goto end;
*mfl_codemfl_code = MFL_code;
return 1;
}
}
end:
return 0;
}
/* Maximum-Fragment-Length TLS extension mode to test */
static const unsigned char max_fragment_len_test[] = {
TLSEXT_max_fragment_length_512,
TLSEXT_max_fragment_length_1024,
TLSEXT_max_fragment_length_2048,
TLSEXT_max_fragment_length_4096
};
static int test_max_fragment_len_ext(int idx_tst)
{
SSL_CTX *ctx;
SSL *con = NULL;
int testresult = 0, MFL_mode = 0;
BIO *rbio, *wbio;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx))
goto end;
if (!TEST_true(SSL_CTX_set_tlsext_max_fragment_length(
ctx, max_fragment_len_test[idx_tst])))
goto end;
con = SSL_new(ctx);
if (!TEST_ptr(con))
goto end;
rbio = BIO_new(BIO_s_mem());
wbio = BIO_new(BIO_s_mem());
if (!TEST_ptr(rbio)|| !TEST_ptr(wbio)) {
BIO_free(rbio);
BIO_free(wbio);
goto end;
}
SSL_set_bio(con, rbio, wbio);
SSL_set_connect_state(con);
if (!TEST_int_le(SSL_connect(con), 0)) {
/* This shouldn't succeed because we don't have a server! */
goto end;
}
if (!TEST_true(get_MFL_from_client_hello(wbio, &MFL_mode)))
/* no MFL in client hello */
goto end;
if (!TEST_true(max_fragment_len_test[idx_tst] == MFL_mode))
goto end;
testresult = 1;
end:
SSL_free(con);
SSL_CTX_free(ctx);
return testresult;
}
#ifndef OPENSSL_NO_TLS1_3
static int test_pha_key_update(void)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0;
if (!TEST_true(SSL_CTX_set_min_proto_version(sctx, TLS1_3_VERSION))
|| !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_3_VERSION))
|| !TEST_true(SSL_CTX_set_min_proto_version(cctx, TLS1_3_VERSION))
|| !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_3_VERSION)))
goto end;
SSL_CTX_set_post_handshake_auth(cctx, 1);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
goto end;
if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)))
goto end;
/* Start handshake on the server */
if (!TEST_int_eq(SSL_do_handshake(serverssl), 1))
goto end;
/* Starts with SSL_connect(), but it's really just SSL_do_handshake() */
if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
static SRP_VBASE *vbase = NULL;
static int ssl_srp_cb(SSL *s, int *ad, void *arg)
{
int ret = SSL3_AL_FATAL;
char *username;
SRP_user_pwd *user = NULL;
username = SSL_get_srp_username(s);
if (username == NULL) {
*ad = SSL_AD_INTERNAL_ERROR;
goto err;
}
user = SRP_VBASE_get1_by_user(vbase, username);
if (user == NULL) {
*ad = SSL_AD_INTERNAL_ERROR;
goto err;
}
if (SSL_set_srp_server_param(s, user->N, user->g, user->s, user->v,
user->info) <= 0) {
*ad = SSL_AD_INTERNAL_ERROR;
goto err;
}
ret = 0;
err:
SRP_user_pwd_free(user);
return ret;
}
static int create_new_vfile(char *userid, char *password, const char *filename)
{
char *gNid = NULL;
OPENSSL_STRING *row = OPENSSL_zalloc(sizeof(row) * (DB_NUMBER + 1));
TXT_DB *db = NULL;
int ret = 0;
BIO *out = NULL, *dummy = BIO_new_mem_buf("", 0);
size_t i;
if (!TEST_ptr(dummy) || !TEST_ptr(row))
goto end;
gNid = SRP_create_verifier(userid, password, &row[DB_srpsalt],
&row[DB_srpverifier], NULL, NULL);
if (!TEST_ptr(gNid))
goto end;
/*
* The only way to create an empty TXT_DB is to provide a BIO with no data
* in it!
*/
db = TXT_DB_read(dummy, DB_NUMBER);
if (!TEST_ptr(db))
goto end;
out = BIO_new_file(filename, "w");
if (!TEST_ptr(out))
goto end;
row[DB_srpid] = OPENSSL_strdup(userid);
row[DB_srptype] = OPENSSL_strdup("V");
row[DB_srpgN] = OPENSSL_strdup(gNid);
if (!TEST_ptr(row[DB_srpid])
|| !TEST_ptr(row[DB_srptype])
|| !TEST_ptr(row[DB_srpgN])
|| !TEST_true(TXT_DB_insert(db, row)))
goto end;
row = NULL;
if (!TXT_DB_write(out, db))
goto end;
ret = 1;
end:
if (row != NULL) {
for (i = 0; i < DB_NUMBER; i++)
OPENSSL_free(row[i]);
}
OPENSSL_free(row);
BIO_free(dummy);
BIO_free(out);
TXT_DB_free(db);
return ret;
}
static int create_new_vbase(char *userid, char *password)
{
BIGNUM *verifier = NULL, *salt = NULL;
const SRP_gN *lgN = NULL;
SRP_user_pwd *user_pwd = NULL;
int ret = 0;
lgN = SRP_get_default_gN(NULL);
if (!TEST_ptr(lgN))
goto end;
if (!TEST_true(SRP_create_verifier_BN(userid, password, &salt, &verifier,
lgN->N, lgN->g)))
goto end;
user_pwd = OPENSSL_zalloc(sizeof(*user_pwd));
if (!TEST_ptr(user_pwd))
goto end;
user_pwd->N = lgN->N;
user_pwd->g = lgN->g;
user_pwd->id = OPENSSL_strdup(userid);
if (!TEST_ptr(user_pwd->id))
goto end;
user_pwd->v = verifier;
user_pwd->s = salt;
verifier = salt = NULL;
if (sk_SRP_user_pwd_insert(vbase->users_pwd, user_pwd, 0) == 0)
goto end;
user_pwd = NULL;
ret = 1;
end:
SRP_user_pwd_free(user_pwd);
BN_free(salt);
BN_free(verifier);
return ret;
}
/*
* SRP tests
*
* Test 0: Simple successful SRP connection, new vbase
* Test 1: Connection failure due to bad password, new vbase
* Test 2: Simple successful SRP connection, vbase loaded from existing file
* Test 3: Connection failure due to bad password, vbase loaded from existing
* file
* Test 4: Simple successful SRP connection, vbase loaded from new file
* Test 5: Connection failure due to bad password, vbase loaded from new file
*/
static int test_srp(int tst)
{
char *userid = "test", *password = "password", *tstsrpfile;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int ret, testresult = 0;
vbase = SRP_VBASE_new(NULL);
if (!TEST_ptr(vbase))
goto end;
if (tst == 0 || tst == 1) {
if (!TEST_true(create_new_vbase(userid, password)))
goto end;
} else {
if (tst == 4 || tst == 5) {
if (!TEST_true(create_new_vfile(userid, password, tmpfilename)))
goto end;
tstsrpfile = tmpfilename;
} else {
tstsrpfile = srpvfile;
}
if (!TEST_int_eq(SRP_VBASE_init(vbase, tstsrpfile), SRP_NO_ERROR))
goto end;
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
if (!TEST_int_gt(SSL_CTX_set_srp_username_callback(sctx, ssl_srp_cb), 0)
|| !TEST_true(SSL_CTX_set_cipher_list(cctx, "SRP-AES-128-CBC-SHA"))
|| !TEST_true(SSL_CTX_set_max_proto_version(sctx, TLS1_2_VERSION))
|| !TEST_true(SSL_CTX_set_max_proto_version(cctx, TLS1_2_VERSION))
|| !TEST_int_gt(SSL_CTX_set_srp_username(cctx, userid), 0))
goto end;
if (tst % 2 == 1) {
if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, "badpass"), 0))
goto end;
} else {
if (!TEST_int_gt(SSL_CTX_set_srp_password(cctx, password), 0))
goto end;
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
ret = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
if (ret) {
if (!TEST_true(tst % 2 == 0))
goto end;
} else {
if (!TEST_true(tst % 2 == 1))
goto end;
}
testresult = 1;
end:
SRP_VBASE_free(vbase);
vbase = NULL;
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#endif
static int info_cb_failed = 0;
static int info_cb_offset = 0;
static int info_cb_this_state = -1;
static struct info_cb_states_st {
int where;
const char *statestr;
} info_cb_states[][60] = {
{
/* TLSv1.2 server followed by resumption */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWSC"}, {SSL_CB_LOOP, "TWSKE"}, {SSL_CB_LOOP, "TWSD"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWSD"}, {SSL_CB_LOOP, "TRCKE"},
{SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWST"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
{SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TRCCS"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.2 client followed by resumption */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRSC"}, {SSL_CB_LOOP, "TRSKE"},
{SSL_CB_LOOP, "TRSD"}, {SSL_CB_LOOP, "TWCKE"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_LOOP, "TRST"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {SSL_CB_ALERT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TRCCS"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 server followed by resumption */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWSC"},
{SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"},
{SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TWST"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"},
{SSL_CB_LOOP, "TWSH"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_LOOP, "TED"}, {SSL_CB_EXIT, NULL},
{SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 client followed by resumption */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL}, {SSL_CB_LOOP, "TWCH"},
{SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"}, {SSL_CB_LOOP, "TRSC"},
{SSL_CB_LOOP, "TRSCV"}, {SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
{SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_ALERT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TWCH"}, {SSL_CB_EXIT, NULL},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "SSLOK "},
{SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 server, early_data */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "PINIT "}, {SSL_CB_LOOP, "TRCH"}, {SSL_CB_LOOP, "TWSH"},
{SSL_CB_LOOP, "TWCCS"}, {SSL_CB_LOOP, "TWEE"}, {SSL_CB_LOOP, "TWFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
{SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TWEOED"}, {SSL_CB_LOOP, "TRFIN"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "TWST"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {0, NULL},
}, {
/* TLSv1.3 client, early_data */
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "PINIT "},
{SSL_CB_LOOP, "TWCH"}, {SSL_CB_LOOP, "TWCCS"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL},
{SSL_CB_HANDSHAKE_START, NULL}, {SSL_CB_LOOP, "TED"},
{SSL_CB_LOOP, "TED"}, {SSL_CB_LOOP, "TRSH"}, {SSL_CB_LOOP, "TREE"},
{SSL_CB_LOOP, "TRFIN"}, {SSL_CB_LOOP, "TPEDE"}, {SSL_CB_LOOP, "TWEOED"},
{SSL_CB_LOOP, "TWFIN"}, {SSL_CB_HANDSHAKE_DONE, NULL},
{SSL_CB_EXIT, NULL}, {SSL_CB_HANDSHAKE_START, NULL},
{SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "SSLOK "}, {SSL_CB_LOOP, "TRST"},
{SSL_CB_HANDSHAKE_DONE, NULL}, {SSL_CB_EXIT, NULL}, {0, NULL},
}, {
{0, NULL},
}
};
static void sslapi_info_callback(const SSL *s, int where, int ret)
{
struct info_cb_states_st *state = info_cb_states[info_cb_offset];
/* We do not ever expect a connection to fail in this test */
if (!TEST_false(ret == 0)) {
info_cb_failed = 1;
return;
}
/*
* Do some sanity checks. We never expect these things to happen in this
* test
*/
if (!TEST_false((SSL_is_server(s) && (where & SSL_ST_CONNECT) != 0))
|| !TEST_false(!SSL_is_server(s) && (where & SSL_ST_ACCEPT) != 0)
|| !TEST_int_ne(state[++info_cb_this_state].where, 0)) {
info_cb_failed = 1;
return;
}
/* Now check we're in the right state */
if (!TEST_true((where & state[info_cb_this_state].where) != 0)) {
info_cb_failed = 1;
return;
}
if ((where & SSL_CB_LOOP) != 0
&& !TEST_int_eq(strcmp(SSL_state_string(s),
state[info_cb_this_state].statestr), 0)) {
info_cb_failed = 1;
return;
}
/* Check that, if we've got SSL_CB_HANDSHAKE_DONE we are not in init */
if ((where & SSL_CB_HANDSHAKE_DONE) && SSL_in_init((SSL *)s) != 0) {
info_cb_failed = 1;
return;
}
}
/*
* Test the info callback gets called when we expect it to.
*
* Test 0: TLSv1.2, server
* Test 1: TLSv1.2, client
* Test 2: TLSv1.3, server
* Test 3: TLSv1.3, client
* Test 4: TLSv1.3, server, early_data
* Test 5: TLSv1.3, client, early_data
*/
static int test_info_callback(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
SSL_SESSION *clntsess = NULL;
int testresult = 0;
int tlsvers;
if (tst < 2) {
/* We need either ECDHE or DHE for the TLSv1.2 test to work */
#if !defined(OPENSSL_NO_TLS1_2) && (!defined(OPENSSL_NO_EC) \
|| !defined(OPENSSL_NO_DH))
tlsvers = TLS1_2_VERSION;
#else
return 1;
#endif
} else {
#ifndef OPENSSL_NO_TLS1_3
tlsvers = TLS1_3_VERSION;
#else
return 1;
#endif
}
/* Reset globals */
info_cb_failed = 0;
info_cb_this_state = -1;
info_cb_offset = tst;
#ifndef OPENSSL_NO_TLS1_3
if (tst >= 4) {
SSL_SESSION *sess = NULL;
size_t written, readbytes;
unsigned char buf[80];
/* early_data tests */
if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl,
&serverssl, &sess, 0)))
goto end;
/* We don't actually need this reference */
SSL_SESSION_free(sess);
SSL_set_info_callback((tst % 2) == 0 ? serverssl : clientssl,
sslapi_info_callback);
/* Write and read some early data and then complete the connection */
if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1),
&written))
|| !TEST_size_t_eq(written, strlen(MSG1))
|| !TEST_int_eq(SSL_read_early_data(serverssl, buf,
sizeof(buf), &readbytes),
SSL_READ_EARLY_DATA_SUCCESS)
|| !TEST_mem_eq(MSG1, readbytes, buf, strlen(MSG1))
|| !TEST_int_eq(SSL_get_early_data_status(serverssl),
SSL_EARLY_DATA_ACCEPTED)
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(info_cb_failed))
goto end;
testresult = 1;
goto end;
}
#endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
tlsvers, tlsvers, &sctx, &cctx, cert,
privkey)))
goto end;
/*
* For even numbered tests we check the server callbacks. For odd numbers we
* check the client.
*/
SSL_CTX_set_info_callback((tst % 2) == 0 ? sctx : cctx,
sslapi_info_callback);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_false(info_cb_failed))
goto end;
clntsess = SSL_get1_session(clientssl);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
/* Now do a resumption */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_true(SSL_session_reused(clientssl))
|| !TEST_false(info_cb_failed))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_SESSION_free(clntsess);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static int test_ssl_pending(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
char msg[] = "A test message";
char buf[5];
size_t written, readbytes;
if (tst == 0) {
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
} else {
#ifndef OPENSSL_NO_DTLS
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, DTLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
#else
return 1;
#endif
}
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
if (!TEST_int_eq(SSL_pending(clientssl), 0)
|| !TEST_false(SSL_has_pending(clientssl))
|| !TEST_int_eq(SSL_pending(serverssl), 0)
|| !TEST_false(SSL_has_pending(serverssl))
|| !TEST_true(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
|| !TEST_size_t_eq(written, sizeof(msg))
|| !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf), &readbytes))
|| !TEST_size_t_eq(readbytes, sizeof(buf))
|| !TEST_int_eq(SSL_pending(clientssl), (int)(written - readbytes))
|| !TEST_true(SSL_has_pending(clientssl)))
goto end;
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static struct {
unsigned int maxprot;
const char *clntciphers;
const char *clnttls13ciphers;
const char *srvrciphers;
const char *srvrtls13ciphers;
const char *shared;
} shared_ciphers_data[] = {
/*
* We can't establish a connection (even in TLSv1.1) with these ciphersuites if
* TLSv1.3 is enabled but TLSv1.2 is disabled.
*/
#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2)
{
TLS1_2_VERSION,
"AES128-SHA:AES256-SHA",
NULL,
"AES256-SHA:DHE-RSA-AES128-SHA",
NULL,
"AES256-SHA"
},
{
TLS1_2_VERSION,
"AES128-SHA:DHE-RSA-AES128-SHA:AES256-SHA",
NULL,
"AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA",
NULL,
"AES128-SHA:AES256-SHA"
},
{
TLS1_2_VERSION,
"AES128-SHA:AES256-SHA",
NULL,
"AES128-SHA:DHE-RSA-AES128-SHA",
NULL,
"AES128-SHA"
},
#endif
/*
* This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
* enabled.
*/
#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \
&& !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
{
TLS1_3_VERSION,
"AES128-SHA:AES256-SHA",
NULL,
"AES256-SHA:AES128-SHA256",
NULL,
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:"
"TLS_AES_128_GCM_SHA256:AES256-SHA"
},
#endif
#ifndef OPENSSL_NO_TLS1_3
{
TLS1_3_VERSION,
"AES128-SHA",
"TLS_AES_256_GCM_SHA384",
"AES256-SHA",
"TLS_AES_256_GCM_SHA384",
"TLS_AES_256_GCM_SHA384"
},
#endif
};
static int test_ssl_get_shared_ciphers(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
char buf[1024];
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
shared_ciphers_data[tst].maxprot,
&sctx, &cctx, cert, privkey)))
goto end;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx,
shared_ciphers_data[tst].clntciphers))
|| (shared_ciphers_data[tst].clnttls13ciphers != NULL
&& !TEST_true(SSL_CTX_set_ciphersuites(cctx,
shared_ciphers_data[tst].clnttls13ciphers)))
|| !TEST_true(SSL_CTX_set_cipher_list(sctx,
shared_ciphers_data[tst].srvrciphers))
|| (shared_ciphers_data[tst].srvrtls13ciphers != NULL
&& !TEST_true(SSL_CTX_set_ciphersuites(sctx,
shared_ciphers_data[tst].srvrtls13ciphers))))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
|| !TEST_int_eq(strcmp(buf, shared_ciphers_data[tst].shared), 0)) {
TEST_info("Shared ciphers are: %s\n", buf);
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
static const char *appdata = "Hello World";
static int gen_tick_called, dec_tick_called, tick_key_cb_called;
static int tick_key_renew = 0;
static SSL_TICKET_RETURN tick_dec_ret = SSL_TICKET_RETURN_ABORT;
static int gen_tick_cb(SSL *s, void *arg)
{
gen_tick_called = 1;
return SSL_SESSION_set1_ticket_appdata(SSL_get_session(s), appdata,
strlen(appdata));
}
static SSL_TICKET_RETURN dec_tick_cb(SSL *s, SSL_SESSION *ss,
const unsigned char *keyname,
size_t keyname_length,
SSL_TICKET_STATUS status,
void *arg)
{
void *tickdata;
size_t tickdlen;
dec_tick_called = 1;
if (status == SSL_TICKET_EMPTY)
return SSL_TICKET_RETURN_IGNORE_RENEW;
if (!TEST_true(status == SSL_TICKET_SUCCESS
|| status == SSL_TICKET_SUCCESS_RENEW))
return SSL_TICKET_RETURN_ABORT;
if (!TEST_true(SSL_SESSION_get0_ticket_appdata(ss, &tickdata,
&tickdlen))
|| !TEST_size_t_eq(tickdlen, strlen(appdata))
|| !TEST_int_eq(memcmp(tickdata, appdata, tickdlen), 0))
return SSL_TICKET_RETURN_ABORT;
if (tick_key_cb_called) {
/* Don't change what the ticket key callback wanted to do */
switch (status) {
case SSL_TICKET_NO_DECRYPT:
return SSL_TICKET_RETURN_IGNORE_RENEW;
case SSL_TICKET_SUCCESS:
return SSL_TICKET_RETURN_USE;
case SSL_TICKET_SUCCESS_RENEW:
return SSL_TICKET_RETURN_USE_RENEW;
default:
return SSL_TICKET_RETURN_ABORT;
}
}
return tick_dec_ret;
}
static int tick_key_cb(SSL *s, unsigned char key_name[16],
unsigned char iv[EVP_MAX_IV_LENGTH], EVP_CIPHER_CTX *ctx,
HMAC_CTX *hctx, int enc)
{
const unsigned char tick_aes_key[16] = "0123456789abcdef";
const unsigned char tick_hmac_key[16] = "0123456789abcdef";
tick_key_cb_called = 1;
memset(iv, 0, AES_BLOCK_SIZE);
memset(key_name, 0, 16);
if (!EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, tick_aes_key, iv, enc)
|| !HMAC_Init_ex(hctx, tick_hmac_key, sizeof(tick_hmac_key),
EVP_sha256(), NULL))
return -1;
return tick_key_renew ? 2 : 1;
}
/*
* Test the various ticket callbacks
* Test 0: TLSv1.2, no ticket key callback, no ticket, no renewal
* Test 1: TLSv1.3, no ticket key callback, no ticket, no renewal
* Test 2: TLSv1.2, no ticket key callback, no ticket, renewal
* Test 3: TLSv1.3, no ticket key callback, no ticket, renewal
* Test 4: TLSv1.2, no ticket key callback, ticket, no renewal
* Test 5: TLSv1.3, no ticket key callback, ticket, no renewal
* Test 6: TLSv1.2, no ticket key callback, ticket, renewal
* Test 7: TLSv1.3, no ticket key callback, ticket, renewal
* Test 8: TLSv1.2, ticket key callback, ticket, no renewal
* Test 9: TLSv1.3, ticket key callback, ticket, no renewal
* Test 10: TLSv1.2, ticket key callback, ticket, renewal
* Test 11: TLSv1.3, ticket key callback, ticket, renewal
*/
static int test_ticket_callbacks(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
SSL_SESSION *clntsess = NULL;
int testresult = 0;
#ifdef OPENSSL_NO_TLS1_2
if (tst % 2 == 0)
return 1;
#endif
#ifdef OPENSSL_NO_TLS1_3
if (tst % 2 == 1)
return 1;
#endif
gen_tick_called = dec_tick_called = tick_key_cb_called = 0;
/* Which tests the ticket key callback should request renewal for */
if (tst == 10 || tst == 11)
tick_key_renew = 1;
else
tick_key_renew = 0;
/* Which tests the decrypt ticket callback should request renewal for */
switch (tst) {
case 0:
case 1:
tick_dec_ret = SSL_TICKET_RETURN_IGNORE;
break;
case 2:
case 3:
tick_dec_ret = SSL_TICKET_RETURN_IGNORE_RENEW;
break;
case 4:
case 5:
tick_dec_ret = SSL_TICKET_RETURN_USE;
break;
case 6:
case 7:
tick_dec_ret = SSL_TICKET_RETURN_USE_RENEW;
break;
default:
tick_dec_ret = SSL_TICKET_RETURN_ABORT;
}
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
((tst % 2) == 0) ? TLS1_2_VERSION
: TLS1_3_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
/*
* We only want sessions to resume from tickets - not the session cache. So
* switch the cache off.
*/
if (!TEST_true(SSL_CTX_set_session_cache_mode(sctx, SSL_SESS_CACHE_OFF)))
goto end;
if (!TEST_true(SSL_CTX_set_session_ticket_cb(sctx, gen_tick_cb, dec_tick_cb,
NULL)))
goto end;
if (tst >= 8
&& !TEST_true(SSL_CTX_set_tlsext_ticket_key_cb(sctx, tick_key_cb)))
goto end;
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
/*
* The decrypt ticket key callback in TLSv1.2 should be called even though
* we have no ticket yet, because it gets called with a status of
* SSL_TICKET_EMPTY (the client indicates support for tickets but does not
* actually send any ticket data). This does not happen in TLSv1.3 because
* it is not valid to send empty ticket data in TLSv1.3.
*/
if (!TEST_int_eq(gen_tick_called, 1)
|| !TEST_int_eq(dec_tick_called, ((tst % 2) == 0) ? 1 : 0))
goto end;
gen_tick_called = dec_tick_called = 0;
clntsess = SSL_get1_session(clientssl);
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
/* Now do a resumption */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
NULL))
|| !TEST_true(SSL_set_session(clientssl, clntsess))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE)))
goto end;
if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE
|| tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) {
if (!TEST_false(SSL_session_reused(clientssl)))
goto end;
} else {
if (!TEST_true(SSL_session_reused(clientssl)))
goto end;
}
if (!TEST_int_eq(gen_tick_called,
(tick_key_renew
|| tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW
|| tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW)
? 1 : 0)
|| !TEST_int_eq(dec_tick_called, 1))
goto end;
testresult = 1;
end:
SSL_SESSION_free(clntsess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
/*
* Test bi-directional shutdown.
* Test 0: TLSv1.2
* Test 1: TLSv1.2, server continues to read/write after client shutdown
* Test 2: TLSv1.3, no pending NewSessionTicket messages
* Test 3: TLSv1.3, pending NewSessionTicket messages
* Test 4: TLSv1.3, server continues to read/write after client shutdown, server
* sends key update, client reads it
* Test 5: TLSv1.3, server continues to read/write after client shutdown, server
* sends CertificateRequest, client reads and ignores it
* Test 6: TLSv1.3, server continues to read/write after client shutdown, client
* doesn't read it
*/
static int test_shutdown(int tst)
{
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
int testresult = 0;
char msg[] = "A test message";
char buf[80];
size_t written, readbytes;
SSL_SESSION *sess;
#ifdef OPENSSL_NO_TLS1_2
if (tst <= 1)
return 1;
#endif
#ifdef OPENSSL_NO_TLS1_3
if (tst >= 2)
return 1;
#endif
if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
TLS_client_method(),
TLS1_VERSION,
(tst <= 1) ? TLS1_2_VERSION
: TLS1_3_VERSION,
&sctx, &cctx, cert, privkey)))
goto end;
if (tst == 5)
SSL_CTX_set_post_handshake_auth(cctx, 1);
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL)))
goto end;
if (tst == 3) {
if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
|| !TEST_false(SSL_SESSION_is_resumable(sess)))
goto end;
} else if (!TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
|| !TEST_true(SSL_SESSION_is_resumable(sess))) {
goto end;
}
if (!TEST_int_eq(SSL_shutdown(clientssl), 0))
goto end;
if (tst >= 4) {
/*
* Reading on the server after the client has sent close_notify should
* fail and provide SSL_ERROR_ZERO_RETURN
*/
if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))
|| !TEST_int_eq(SSL_get_error(serverssl, 0),
SSL_ERROR_ZERO_RETURN)
|| !TEST_int_eq(SSL_get_shutdown(serverssl),
SSL_RECEIVED_SHUTDOWN)
/*
* Even though we're shutdown on receive we should still be
* able to write.
*/
|| !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
goto end;
if (tst == 4
&& !TEST_true(SSL_key_update(serverssl,
SSL_KEY_UPDATE_REQUESTED)))
goto end;
if (tst == 5) {
SSL_set_verify(serverssl, SSL_VERIFY_PEER, NULL);
if (!TEST_true(SSL_verify_client_post_handshake(serverssl)))
goto end;
}
if ((tst == 4 || tst == 5)
&& !TEST_true(SSL_write(serverssl, msg, sizeof(msg))))
goto end;
if (!TEST_int_eq(SSL_shutdown(serverssl), 1))
goto end;
if (tst == 4 || tst == 5) {
/* Should still be able to read data from server */
if (!TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
&readbytes))
|| !TEST_size_t_eq(readbytes, sizeof(msg))
|| !TEST_int_eq(memcmp(msg, buf, readbytes), 0)
|| !TEST_true(SSL_read_ex(clientssl, buf, sizeof(buf),
&readbytes))
|| !TEST_size_t_eq(readbytes, sizeof(msg))
|| !TEST_int_eq(memcmp(msg, buf, readbytes), 0))
goto end;
}
}
/* Writing on the client after sending close_notify shouldn't be possible */
if (!TEST_false(SSL_write_ex(clientssl, msg, sizeof(msg), &written)))
goto end;
if (tst < 4) {
/*
* For these tests the client has sent close_notify but it has not yet
* been received by the server. The server has not sent close_notify
* yet.
*/
if (!TEST_int_eq(SSL_shutdown(serverssl), 0)
/*
* Writing on the server after sending close_notify shouldn't
* be possible.
*/
|| !TEST_false(SSL_write_ex(serverssl, msg, sizeof(msg), &written))
|| !TEST_int_eq(SSL_shutdown(clientssl), 1)
|| !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
|| !TEST_true(SSL_SESSION_is_resumable(sess))
|| !TEST_int_eq(SSL_shutdown(serverssl), 1))
goto end;
} else if (tst == 4 || tst == 5) {
/*
* In this test the client has sent close_notify and it has been
* received by the server which has responded with a close_notify. The
* client needs to read the close_notify sent by the server.
*/
if (!TEST_int_eq(SSL_shutdown(clientssl), 1)
|| !TEST_ptr_ne(sess = SSL_get_session(clientssl), NULL)
|| !TEST_true(SSL_SESSION_is_resumable(sess)))
goto end;
} else {
/*
* tst == 6
*
* The client has sent close_notify and is expecting a close_notify
* back, but instead there is application data first. The shutdown
* should fail with a fatal error.
*/
if (!TEST_int_eq(SSL_shutdown(clientssl), -1)
|| !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL))
goto end;
}
testresult = 1;
end:
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
|| !TEST_ptr(privkey = test_get_argument(1))
|| !TEST_ptr(srpvfile = test_get_argument(2))
|| !TEST_ptr(tmpfilename = test_get_argument(3)))
return 0;
if (getenv("OPENSSL_TEST_GETCOUNTS") != NULL) {
#ifdef OPENSSL_NO_CRYPTO_MDEBUG
TEST_error("not supported in this build");
return 0;
#else
int i, mcount, rcount, fcount;
for (i = 0; i < 4; i++)
test_export_key_mat(i);
CRYPTO_get_alloc_counts(&mcount, &rcount, &fcount);
test_printf_stdout("malloc %d realloc %d free %d\n",
mcount, rcount, fcount);
return 1;
#endif
}
ADD_TEST(test_large_message_tls);
ADD_TEST(test_large_message_tls_read_ahead);
#ifndef OPENSSL_NO_DTLS
ADD_TEST(test_large_message_dtls);
#endif
#ifndef OPENSSL_NO_OCSP
ADD_TEST(test_tlsext_status_type);
#endif
ADD_TEST(test_session_with_only_int_cache);
ADD_TEST(test_session_with_only_ext_cache);
ADD_TEST(test_session_with_both_cache);
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_stateful_tickets, 3);
ADD_ALL_TESTS(test_stateless_tickets, 3);
ADD_TEST(test_psk_tickets);
#endif
ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS);
ADD_TEST(test_ssl_bio_pop_next_bio);
ADD_TEST(test_ssl_bio_pop_ssl_bio);
ADD_TEST(test_ssl_bio_change_rbio);
ADD_TEST(test_ssl_bio_change_wbio);
#if !defined(OPENSSL_NO_TLS1_2) || defined(OPENSSL_NO_TLS1_3)
ADD_ALL_TESTS(test_set_sigalgs, OSSL_NELEM(testsigalgs) * 2);
ADD_TEST(test_keylog);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_TEST(test_keylog_no_master_key);
#endif
#ifndef OPENSSL_NO_TLS1_2
ADD_TEST(test_client_hello_cb);
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_early_data_read_write, 3);
/*
* We don't do replay tests for external PSK. Replay protection isn't used
* in that scenario.
*/
ADD_ALL_TESTS(test_early_data_replay, 2);
ADD_ALL_TESTS(test_early_data_skip, 3);
ADD_ALL_TESTS(test_early_data_skip_hrr, 3);
ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3);
ADD_ALL_TESTS(test_early_data_skip_abort, 3);
ADD_ALL_TESTS(test_early_data_not_sent, 3);
ADD_ALL_TESTS(test_early_data_psk, 8);
ADD_ALL_TESTS(test_early_data_not_expected, 3);
# ifndef OPENSSL_NO_TLS1_2
ADD_ALL_TESTS(test_early_data_tls1_2, 3);
# endif
#endif
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_set_ciphersuite, 10);
ADD_TEST(test_ciphersuite_change);
#ifdef OPENSSL_NO_PSK
ADD_ALL_TESTS(test_tls13_psk, 1);
#else
ADD_ALL_TESTS(test_tls13_psk, 4);
#endif /* OPENSSL_NO_PSK */
ADD_ALL_TESTS(test_custom_exts, 5);
ADD_TEST(test_stateless);
ADD_TEST(test_pha_key_update);
#else
ADD_ALL_TESTS(test_custom_exts, 3);
#endif
ADD_ALL_TESTS(test_serverinfo, 8);
ADD_ALL_TESTS(test_export_key_mat, 4);
#ifndef OPENSSL_NO_TLS1_3
ADD_ALL_TESTS(test_export_key_mat_early, 3);
#endif
ADD_ALL_TESTS(test_ssl_clear, 2);
ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
ADD_ALL_TESTS(test_srp, 6);
#endif
ADD_ALL_TESTS(test_info_callback, 6);
ADD_ALL_TESTS(test_ssl_pending, 2);
ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data));
ADD_ALL_TESTS(test_ticket_callbacks, 12);
ADD_ALL_TESTS(test_shutdown, 7);
return 1;
}
void cleanup_tests(void)
{
bio_s_mempacket_test_free();
}
openssl-1.1.1/test/bio_callback_test.c0000644000000000000000000000722713345734627016470 0ustar rootroot/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include "testutil.h"
#define MAXCOUNT 5
static int my_param_count;
static BIO *my_param_b[MAXCOUNT];
static int my_param_oper[MAXCOUNT];
static const char *my_param_argp[MAXCOUNT];
static int my_param_argi[MAXCOUNT];
static long my_param_argl[MAXCOUNT];
static long my_param_ret[MAXCOUNT];
static long my_bio_callback(BIO *b, int oper, const char *argp, int argi,
long argl, long ret)
{
if (my_param_count >= MAXCOUNT)
return -1;
my_param_b[my_param_count] = b;
my_param_oper[my_param_count] = oper;
my_param_argp[my_param_count] = argp;
my_param_argi[my_param_count] = argi;
my_param_argl[my_param_count] = argl;
my_param_ret[my_param_count] = ret;
my_param_count++;
return ret;
}
static int test_bio_callback(void)
{
int ok = 0;
BIO *bio;
int i;
char *test1 = "test";
char *test2 = "hello";
my_param_count = 0;
bio = BIO_new(BIO_s_mem());
if (bio == NULL)
goto err;
BIO_set_callback(bio, my_bio_callback);
i = BIO_write(bio, test1, 4);
if (!TEST_int_eq(i, 4)
|| !TEST_int_eq(my_param_count, 2)
|| !TEST_ptr_eq(my_param_b[0], bio)
|| !TEST_int_eq(my_param_oper[0], BIO_CB_WRITE)
|| !TEST_ptr_eq(my_param_argp[0], test1)
|| !TEST_int_eq(my_param_argi[0], 4)
|| !TEST_long_eq(my_param_argl[0], 0L)
|| !TEST_long_eq(my_param_ret[0], 1L)
|| !TEST_ptr_eq(my_param_b[1], bio)
|| !TEST_int_eq(my_param_oper[1], BIO_CB_WRITE | BIO_CB_RETURN)
|| !TEST_ptr_eq(my_param_argp[1], test1)
|| !TEST_int_eq(my_param_argi[1], 4)
|| !TEST_long_eq(my_param_argl[1], 0L)
|| !TEST_long_eq(my_param_ret[1], 4L))
goto err;
i = BIO_puts(bio, test2);
if (!TEST_int_eq(i, 5)
|| !TEST_int_eq(my_param_count, 4)
|| !TEST_ptr_eq(my_param_b[2], bio)
|| !TEST_int_eq(my_param_oper[2], BIO_CB_PUTS)
|| !TEST_ptr_eq(my_param_argp[2], test2)
|| !TEST_int_eq(my_param_argi[2], 0)
|| !TEST_long_eq(my_param_argl[2], 0L)
|| !TEST_long_eq(my_param_ret[2], 1L)
|| !TEST_ptr_eq(my_param_b[3], bio)
|| !TEST_int_eq(my_param_oper[3], BIO_CB_PUTS | BIO_CB_RETURN)
|| !TEST_ptr_eq(my_param_argp[3], test2)
|| !TEST_int_eq(my_param_argi[3], 0)
|| !TEST_long_eq(my_param_argl[3], 0L)
|| !TEST_long_eq(my_param_ret[3], 5L))
goto err;
i = BIO_free(bio);
if (!TEST_int_eq(i, 1)
|| !TEST_int_eq(my_param_count, 5)
|| !TEST_ptr_eq(my_param_b[4], bio)
|| !TEST_int_eq(my_param_oper[4], BIO_CB_FREE)
|| !TEST_ptr_eq(my_param_argp[4], NULL)
|| !TEST_int_eq(my_param_argi[4], 0)
|| !TEST_long_eq(my_param_argl[4], 0L)
|| !TEST_long_eq(my_param_ret[4], 1L))
goto finish;
ok = 1;
goto finish;
err:
BIO_free(bio);
finish:
/* This helps finding memory leaks with ASAN */
memset(my_param_b, 0, sizeof(my_param_b));
memset(my_param_argp, 0, sizeof(my_param_argp));
return ok;
}
int setup_tests(void)
{
ADD_TEST(test_bio_callback);
return 1;
}
openssl-1.1.1/test/conf_include_test.c0000644000000000000000000001264513345734630016525 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdlib.h>
#include <string.h>
#include <openssl/conf.h>
#include <openssl/err.h>
#include "testutil.h"
#ifdef _WIN32
# include <direct.h>
# define DIRSEP "/\\"
# define chdir _chdir
# define DIRSEP_PRESERVE 0
#elif !defined(OPENSSL_NO_POSIX_IO)
# include <unistd.h>
# ifndef OPENSSL_SYS_VMS
# define DIRSEP "/"
# define DIRSEP_PRESERVE 0
# else
# define DIRSEP "/]:"
# define DIRSEP_PRESERVE 1
# endif
#else
/* the test does not work without chdir() */
# define chdir(x) (-1);
# define DIRSEP "/"
# define DIRSEP_PRESERVE 0
#endif
/* changes path to that of the filename */
static int change_path(const char *file)
{
char *s = OPENSSL_strdup(file);
char *p = s;
char *last = NULL;
int ret;
if (s == NULL)
return -1;
while ((p = strpbrk(p, DIRSEP)) != NULL) {
last = p++;
}
if (last == NULL)
return 0;
last[DIRSEP_PRESERVE] = 0;
TEST_note("changing path to %s", s);
ret = chdir(s);
OPENSSL_free(s);
return ret;
}
/*
* This test program checks the operation of the .include directive.
*/
static CONF *conf;
static BIO *in;
static int expect_failure = 0;
static int test_load_config(void)
{
long errline;
long val;
char *str;
long err;
if (!TEST_int_gt(NCONF_load_bio(conf, in, &errline), 0)
|| !TEST_int_eq(err = ERR_peek_error(), 0)) {
if (expect_failure)
return 1;
TEST_note("Failure loading the configuration at line %ld", errline);
return 0;
}
if (expect_failure) {
TEST_note("Failure expected but did not happen");
return 0;
}
if (!TEST_int_gt(CONF_modules_load(conf, NULL, 0), 0)) {
TEST_note("Failed in CONF_modules_load");
return 0;
}
/* verify whether RANDFILE is set correctly */
str = NCONF_get_string(conf, "", "RANDFILE");
if (!TEST_ptr(str) || !TEST_str_eq(str, "./.rnd")) {
TEST_note("RANDFILE incorrect");
return 0;
}
/* verify whether CA_default/default_days is set */
val = 0;
if (!TEST_int_eq(NCONF_get_number(conf, "CA_default", "default_days", &val), 1)
|| !TEST_int_eq(val, 365)) {
TEST_note("default_days incorrect");
return 0;
}
/* verify whether req/default_bits is set */
val = 0;
if (!TEST_int_eq(NCONF_get_number(conf, "req", "default_bits", &val), 1)
|| !TEST_int_eq(val, 2048)) {
TEST_note("default_bits incorrect");
return 0;
}
/* verify whether countryName_default is set correctly */
str = NCONF_get_string(conf, "req_distinguished_name", "countryName_default");
if (!TEST_ptr(str) || !TEST_str_eq(str, "AU")) {
TEST_note("countryName_default incorrect");
return 0;
}
return 1;
}
static int test_check_null_numbers(void)
{
#if defined(_BSD_SOURCE) \
|| (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \
|| (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
long val = 0;
/* Verify that a NULL config with a present environment variable returns
* success and the value.
*/
if (!TEST_int_eq(setenv("FNORD", "123", 1), 0)
|| !TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val))
|| !TEST_long_eq(val, 123)) {
TEST_note("environment variable with NULL conf failed");
return 0;
}
/*
* Verify that a NULL config with a missing envrionment variable returns
* a failure code.
*/
if (!TEST_int_eq(unsetenv("FNORD"), 0)
|| !TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val))) {
TEST_note("missing environment variable with NULL conf failed");
return 0;
}
#endif
return 1;
}
static int test_check_overflow(void)
{
#if defined(_BSD_SOURCE) \
|| (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \
|| (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
long val = 0;
char max[(sizeof(long) * 8) / 3 + 3];
char *p;
p = max + sprintf(max, "0%ld", LONG_MAX) - 1;
setenv("FNORD", max, 1);
if (!TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val))
|| !TEST_long_eq(val, LONG_MAX))
return 0;
while (++*p > '9')
*p-- = '0';
setenv("FNORD", max, 1);
if (!TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val)))
return 0;
#endif
return 1;
}
int setup_tests(void)
{
const char *conf_file;
const char *arg2;
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
conf_file = test_get_argument(0);
if (!TEST_ptr(conf_file)
|| !TEST_ptr(in = BIO_new_file(conf_file, "r"))) {
TEST_note("Unable to open the file argument");
return 0;
}
if ((arg2 = test_get_argument(1)) != NULL && *arg2 == 'f') {
expect_failure = 1;
}
/*
* For this test we need to chdir as we use relative
* path names in the config files.
*/
change_path(conf_file);
ADD_TEST(test_load_config);
ADD_TEST(test_check_null_numbers);
ADD_TEST(test_check_overflow);
return 1;
}
void cleanup_tests(void)
{
BIO_vfree(in);
NCONF_free(conf);
CONF_modules_unload(1);
}
openssl-1.1.1/test/ctype_internal_test.c0000644000000000000000000000523213345734630017107 0ustar rootroot/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "testutil.h"
#include "internal/ctype.h"
#include "internal/nelem.h"
#include <ctype.h>
#include <stdio.h>
/*
* Even though the VMS C RTL claims to be C99 compatible, it's not entirely
* so far (C RTL version 8.4). Same applies to OSF. For the sake of these
* tests, we therefore define our own.
*/
#if (defined(__VMS) && __CRTL_VER <= 80400000) || defined(__osf__)
static int isblank(int c)
{
return c == ' ' || c == '\t';
}
#endif
static int test_ctype_chars(int n)
{
if (!TEST_int_eq(isascii((unsigned char)n) != 0, ossl_isascii(n) != 0))
return 0;
if (!ossl_isascii(n))
return 1;
return TEST_int_eq(isalpha(n) != 0, ossl_isalpha(n) != 0)
&& TEST_int_eq(isalnum(n) != 0, ossl_isalnum(n) != 0)
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L
&& TEST_int_eq(isblank(n) != 0, ossl_isblank(n) != 0)
#endif
&& TEST_int_eq(iscntrl(n) != 0, ossl_iscntrl(n) != 0)
&& TEST_int_eq(isdigit(n) != 0, ossl_isdigit(n) != 0)
&& TEST_int_eq(isgraph(n) != 0, ossl_isgraph(n) != 0)
&& TEST_int_eq(islower(n) != 0, ossl_islower(n) != 0)
&& TEST_int_eq(isprint(n) != 0, ossl_isprint(n) != 0)
&& TEST_int_eq(ispunct(n) != 0, ossl_ispunct(n) != 0)
&& TEST_int_eq(isspace(n) != 0, ossl_isspace(n) != 0)
&& TEST_int_eq(isupper(n) != 0, ossl_isupper(n) != 0)
&& TEST_int_eq(isxdigit(n) != 0, ossl_isxdigit(n) != 0);
}
static struct {
int u;
int l;
} case_change[] = {
{ 'A', 'a' },
{ 'X', 'x' },
{ 'Z', 'z' },
{ '0', '0' },
{ '%', '%' },
{ '~', '~' },
{ 0, 0 },
{ EOF, EOF }
};
static int test_ctype_toupper(int n)
{
return TEST_int_eq(ossl_toupper(case_change[n].l), case_change[n].u)
&& TEST_int_eq(ossl_toupper(case_change[n].u), case_change[n].u);
}
static int test_ctype_tolower(int n)
{
return TEST_int_eq(ossl_tolower(case_change[n].u), case_change[n].l)
&& TEST_int_eq(ossl_tolower(case_change[n].l), case_change[n].l);
}
static int test_ctype_eof(void)
{
return test_ctype_chars(EOF);
}
int setup_tests(void)
{
ADD_ALL_TESTS(test_ctype_chars, 256);
ADD_ALL_TESTS(test_ctype_toupper, OSSL_NELEM(case_change));
ADD_ALL_TESTS(test_ctype_tolower, OSSL_NELEM(case_change));
ADD_TEST(test_ctype_eof);
return 1;
}
openssl-1.1.1/test/dtlstest.c0000644000000000000000000002011113345734630014667 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include "ssltestlib.h"
#include "testutil.h"
static char *cert = NULL;
static char *privkey = NULL;
static unsigned int timer_cb_count;
#define NUM_TESTS 2
#define DUMMY_CERT_STATUS_LEN 12
static unsigned char certstatus[] = {
SSL3_RT_HANDSHAKE, /* Content type */
0xfe, 0xfd, /* Record version */
0, 1, /* Epoch */
0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
0, 5, /* Message sequence */
0, 0, 0, /* Fragment offset */
0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
0x80, 0x80, 0x80, 0x80, 0x80,
0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
};
#define RECORD_SEQUENCE 10
static unsigned int timer_cb(SSL *s, unsigned int timer_us)
{
++timer_cb_count;
if (timer_us == 0)
return 50000;
else
return 2 * timer_us;
}
static int test_dtls_unprocessed(int testidx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl1 = NULL, *clientssl1 = NULL;
BIO *c_to_s_fbio, *c_to_s_mempacket;
int testresult = 0;
timer_cb_count = 0;
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, DTLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0;
if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
goto end;
c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
if (!TEST_ptr(c_to_s_fbio))
goto end;
/* BIO is freed by create_ssl_connection on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
NULL, c_to_s_fbio)))
goto end;
DTLS_set_timer_cb(clientssl1, timer_cb);
if (testidx == 1)
certstatus[RECORD_SEQUENCE] = 0xff;
/*
* Inject a dummy record from the next epoch. In test 0, this should never
* get used because the message sequence number is too big. In test 1 we set
* the record sequence number to be way off in the future. This should not
* have an impact on the record replay protection because the record should
* be dropped before it is marked as arrived
*/
c_to_s_mempacket = SSL_get_wbio(clientssl1);
c_to_s_mempacket = BIO_next(c_to_s_mempacket);
mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
if (!TEST_true(create_ssl_connection(serverssl1, clientssl1,
SSL_ERROR_NONE)))
goto end;
if (timer_cb_count == 0) {
printf("timer_callback was not called.\n");
goto end;
}
testresult = 1;
end:
SSL_free(serverssl1);
SSL_free(clientssl1);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
#define CLI_TO_SRV_EPOCH_0_RECS 3
#define CLI_TO_SRV_EPOCH_1_RECS 1
#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
# define SRV_TO_CLI_EPOCH_0_RECS 12
#else
/*
* In this case we have no ServerKeyExchange message, because we don't have
* ECDHE or DHE. When it is present it gets fragmented into 3 records in this
* test.
*/
# define SRV_TO_CLI_EPOCH_0_RECS 9
#endif
#define SRV_TO_CLI_EPOCH_1_RECS 1
#define TOTAL_FULL_HAND_RECORDS \
(CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \
SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS)
#define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3
#define CLI_TO_SRV_RESUME_EPOCH_1_RECS 1
#define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2
#define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1
#define TOTAL_RESUME_HAND_RECORDS \
(CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \
SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS)
#define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS)
static int test_dtls_drop_records(int idx)
{
SSL_CTX *sctx = NULL, *cctx = NULL;
SSL *serverssl = NULL, *clientssl = NULL;
BIO *c_to_s_fbio, *mempackbio;
int testresult = 0;
int epoch = 0;
SSL_SESSION *sess = NULL;
int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0;
if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
DTLS_client_method(),
DTLS1_VERSION, DTLS_MAX_VERSION,
&sctx, &cctx, cert, privkey)))
return 0;
if (idx >= TOTAL_FULL_HAND_RECORDS) {
/* We're going to do a resumption handshake. Get a session first. */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, NULL))
|| !TEST_true(create_ssl_connection(serverssl, clientssl,
SSL_ERROR_NONE))
|| !TEST_ptr(sess = SSL_get1_session(clientssl)))
goto end;
SSL_shutdown(clientssl);
SSL_shutdown(serverssl);
SSL_free(serverssl);
SSL_free(clientssl);
serverssl = clientssl = NULL;
cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS;
cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS;
srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS;
idx -= TOTAL_FULL_HAND_RECORDS;
} else {
cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS;
cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS;
srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS;
}
c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
if (!TEST_ptr(c_to_s_fbio))
goto end;
/* BIO is freed by create_ssl_connection on error */
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
NULL, c_to_s_fbio)))
goto end;
if (sess != NULL) {
if (!TEST_true(SSL_set_session(clientssl, sess)))
goto end;
}
DTLS_set_timer_cb(clientssl, timer_cb);
DTLS_set_timer_cb(serverssl, timer_cb);
/* Work out which record to drop based on the test number */
if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) {
mempackbio = SSL_get_wbio(serverssl);
idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1;
if (idx >= srv_to_cli_epoch0) {
epoch = 1;
idx -= srv_to_cli_epoch0;
}
} else {
mempackbio = SSL_get_wbio(clientssl);
if (idx >= cli_to_srv_epoch0) {
epoch = 1;
idx -= cli_to_srv_epoch0;
}
mempackbio = BIO_next(mempackbio);
}
BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_EPOCH, epoch, NULL);
BIO_ctrl(mempackbio, MEMPACKET_CTRL_SET_DROP_REC, idx, NULL);
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
goto end;
if (sess != NULL && !TEST_true(SSL_session_reused(clientssl)))
goto end;
/* If the test did what we planned then it should have dropped a record */
if (!TEST_int_eq((int)BIO_ctrl(mempackbio, MEMPACKET_CTRL_GET_DROP_REC, 0,
NULL), -1))
goto end;
testresult = 1;
end:
SSL_SESSION_free(sess);
SSL_free(serverssl);
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
return testresult;
}
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
|| !TEST_ptr(privkey = test_get_argument(1)))
return 0;
ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
ADD_ALL_TESTS(test_dtls_drop_records, TOTAL_RECORDS);
return 1;
}
void cleanup_tests(void)
{
bio_f_tls_dump_filter_free();
bio_s_mempacket_test_free();
}
openssl-1.1.1/test/testx509.pem0000644000000000000000000000102213345734631014766 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
zl9HYIMxATFyqSiD9jsx
-----END CERTIFICATE-----
openssl-1.1.1/test/pkey_meth_test.c0000644000000000000000000000425213345734630016055 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Internal tests for EVP_PKEY method ordering */
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include "testutil.h"
/* Test of EVP_PKEY_ASN1_METHOD ordering */
static int test_asn1_meths(void)
{
int i;
int prev = -1;
int good = 1;
int pkey_id;
const EVP_PKEY_ASN1_METHOD *ameth;
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
if (pkey_id < prev)
good = 0;
prev = pkey_id;
}
if (!good) {
TEST_error("EVP_PKEY_ASN1_METHOD table out of order");
for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
const char *info;
ameth = EVP_PKEY_asn1_get0(i);
EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, &info, NULL, ameth);
if (info == NULL)
info = "<NO NAME>";
TEST_note("%d : %s : %s", pkey_id, OBJ_nid2ln(pkey_id), info);
}
}
return good;
}
/* Test of EVP_PKEY_METHOD ordering */
static int test_pkey_meths(void)
{
size_t i;
int prev = -1;
int good = 1;
int pkey_id;
const EVP_PKEY_METHOD *pmeth;
for (i = 0; i < EVP_PKEY_meth_get_count(); i++) {
pmeth = EVP_PKEY_meth_get0(i);
EVP_PKEY_meth_get0_info(&pkey_id, NULL, pmeth);
if (pkey_id < prev)
good = 0;
prev = pkey_id;
}
if (!good) {
TEST_error("EVP_PKEY_METHOD table out of order");
for (i = 0; i < EVP_PKEY_meth_get_count(); i++) {
pmeth = EVP_PKEY_meth_get0(i);
EVP_PKEY_meth_get0_info(&pkey_id, NULL, pmeth);
TEST_note("%d : %s", pkey_id, OBJ_nid2ln(pkey_id));
}
}
return good;
}
int setup_tests(void)
{
ADD_TEST(test_asn1_meths);
ADD_TEST(test_pkey_meths);
return 1;
}
openssl-1.1.1/test/testutil.h0000644000000000000000000004606513345734631014724 0ustar rootroot/*
* Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_TESTUTIL_H
# define HEADER_TESTUTIL_H
#include <stdarg.h>
#include <openssl/err.h>
#include <openssl/e_os2.h>
#include <openssl/bn.h>
/*-
* Simple unit tests should implement setup_tests().
* This function should return zero if the registration process fails.
* To register tests, call ADD_TEST or ADD_ALL_TESTS:
*
* int setup_tests(void)
* {
* ADD_TEST(test_foo);
* ADD_ALL_TESTS(test_bar, num_test_bar);
* return 1;
* }
*
* Tests that require clean up after execution should implement:
*
* void cleanup_tests(void);
*
* The cleanup_tests function will be called even if setup_tests()
* returns failure.
*
* In some cases, early initialization before the framework is set up
* may be needed. In such a case, this should be implemented:
*
* int global_init(void);
*
* This function should return zero if there is an unrecoverable error and
* non-zero if the initialization was successful.
*/
/* Adds a simple test case. */
# define ADD_TEST(test_function) add_test(#test_function, test_function)
/*
* Simple parameterized tests. Calls test_function(idx) for each 0 <= idx < num.
*/
# define ADD_ALL_TESTS(test_function, num) \
add_all_tests(#test_function, test_function, num, 1)
/*
* A variant of the same without TAP output.
*/
# define ADD_ALL_TESTS_NOSUBTEST(test_function, num) \
add_all_tests(#test_function, test_function, num, 0)
/*-
* Test cases that share common setup should use the helper
* SETUP_TEST_FIXTURE and EXECUTE_TEST macros for test case functions.
*
* SETUP_TEST_FIXTURE will call set_up() to create a new TEST_FIXTURE_TYPE
* object called "fixture". It will also allocate the "result" variable used
* by EXECUTE_TEST. set_up() should take a const char* specifying the test
* case name and return a TEST_FIXTURE_TYPE by reference.
*
* EXECUTE_TEST will pass fixture to execute_func() by reference, call
* tear_down(), and return the result of execute_func(). execute_func() should
* take a TEST_FIXTURE_TYPE by reference and return 1 on success and 0 on
* failure. The tear_down function is responsible for deallocation of the
* result variable, if required.
*
* Unit tests can define their own SETUP_TEST_FIXTURE and EXECUTE_TEST
* variations like so:
*
* #define SETUP_FOOBAR_TEST_FIXTURE()\
* SETUP_TEST_FIXTURE(FOOBAR_TEST_FIXTURE, set_up_foobar)
*
* #define EXECUTE_FOOBAR_TEST()\
* EXECUTE_TEST(execute_foobar, tear_down_foobar)
*
* Then test case functions can take the form:
*
* static int test_foobar_feature()
* {
* SETUP_FOOBAR_TEST_FIXTURE();
* [...set individual members of fixture...]
* EXECUTE_FOOBAR_TEST();
* }
*/
# define SETUP_TEST_FIXTURE(TEST_FIXTURE_TYPE, set_up)\
TEST_FIXTURE_TYPE *fixture = set_up(TEST_CASE_NAME); \
int result = 0
# define EXECUTE_TEST(execute_func, tear_down)\
if (fixture != NULL) {\
result = execute_func(fixture);\
tear_down(fixture);\
}
/*
* TEST_CASE_NAME is defined as the name of the test case function where
* possible; otherwise we get by with the file name and line number.
*/
# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
# if defined(_MSC_VER)
# define TEST_CASE_NAME __FUNCTION__
# else
# define testutil_stringify_helper(s) #s
# define testutil_stringify(s) testutil_stringify_helper(s)
# define TEST_CASE_NAME __FILE__ ":" testutil_stringify(__LINE__)
# endif /* _MSC_VER */
# else
# define TEST_CASE_NAME __func__
# endif /* __STDC_VERSION__ */
/*
* Tests that need access to command line arguments should use the functions:
* test_get_argument(int n) to get the nth argument, the first argument is
* argument 0. This function returns NULL on error.
* test_get_argument_count() to get the count of the arguments.
* test_has_option(const char *) to check if the specified option was passed.
* test_get_option_argument(const char *) to get an option which includes an
* argument. NULL is returns if the option is not found.
* const char *test_get_program_name(void) returns the name of the test program
* being executed.
*/
const char *test_get_program_name(void);
char *test_get_argument(size_t n);
size_t test_get_argument_count(void);
int test_has_option(const char *option);
const char *test_get_option_argument(const char *option);
/*
* Internal helpers. Test programs shouldn't use these directly, but should
* rather link to one of the helper main() methods.
*/
void add_test(const char *test_case_name, int (*test_fn) (void));
void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num,
int subtest);
/*
* Declarations for user defined functions.
* The first two return a boolean indicating that the test should not proceed.
*/
int global_init(void);
int setup_tests(void);
void cleanup_tests(void);
/*
* Test assumption verification helpers.
*/
#define PRINTF_FORMAT(a, b)
#if defined(__GNUC__) && defined(__STDC_VERSION__)
/*
* Because we support the 'z' modifier, which made its appearance in C99,
* we can't use __attribute__ with pre C99 dialects.
*/
# if __STDC_VERSION__ >= 199901L
# undef PRINTF_FORMAT
# define PRINTF_FORMAT(a, b) __attribute__ ((format(printf, a, b)))
# endif
#endif
# define DECLARE_COMPARISON(type, name, opname) \
int test_ ## name ## _ ## opname(const char *, int, \
const char *, const char *, \
const type, const type);
# define DECLARE_COMPARISONS(type, name) \
DECLARE_COMPARISON(type, name, eq) \
DECLARE_COMPARISON(type, name, ne) \
DECLARE_COMPARISON(type, name, lt) \
DECLARE_COMPARISON(type, name, le) \
DECLARE_COMPARISON(type, name, gt) \
DECLARE_COMPARISON(type, name, ge)
DECLARE_COMPARISONS(int, int)
DECLARE_COMPARISONS(unsigned int, uint)
DECLARE_COMPARISONS(char, char)
DECLARE_COMPARISONS(unsigned char, uchar)
DECLARE_COMPARISONS(long, long)
DECLARE_COMPARISONS(unsigned long, ulong)
DECLARE_COMPARISONS(time_t, time_t)
/*
* Because this comparison uses a printf format specifier that's not
* universally known (yet), we provide an option to not have it declared.
*/
# ifndef TESTUTIL_NO_size_t_COMPARISON
DECLARE_COMPARISONS(size_t, size_t)
# endif
/*
* Pointer comparisons against other pointers and null.
* These functions return 1 if the test is true.
* Otherwise, they return 0 and pretty-print diagnostics.
* These should not be called directly, use the TEST_xxx macros below instead.
*/
DECLARE_COMPARISON(void *, ptr, eq)
DECLARE_COMPARISON(void *, ptr, ne)
int test_ptr(const char *file, int line, const char *s, const void *p);
int test_ptr_null(const char *file, int line, const char *s, const void *p);
/*
* Equality tests for strings where NULL is a legitimate value.
* These calls return 1 if the two passed strings compare true.
* Otherwise, they return 0 and pretty-print diagnostics.
* These should not be called directly, use the TEST_xxx macros below instead.
*/
DECLARE_COMPARISON(char *, str, eq)
DECLARE_COMPARISON(char *, str, ne)
/*
* Same as above, but for strncmp.
*/
int test_strn_eq(const char *file, int line, const char *, const char *,
const char *a, const char *b, size_t s);
int test_strn_ne(const char *file, int line, const char *, const char *,
const char *a, const char *b, size_t s);
/*
* Equality test for memory blocks where NULL is a legitimate value.
* These calls return 1 if the two memory blocks compare true.
* Otherwise, they return 0 and pretty-print diagnostics.
* These should not be called directly, use the TEST_xxx macros below instead.
*/
int test_mem_eq(const char *, int, const char *, const char *,
const void *, size_t, const void *, size_t);
int test_mem_ne(const char *, int, const char *, const char *,
const void *, size_t, const void *, size_t);
/*
* Check a boolean result for being true or false.
* They return 1 if the condition is true (i.e. the value is non-zero).
* Otherwise, they return 0 and pretty-prints diagnostics using |s|.
* These should not be called directly, use the TEST_xxx macros below instead.
*/
int test_true(const char *file, int line, const char *s, int b);
int test_false(const char *file, int line, const char *s, int b);
/*
* Comparisons between BIGNUMs.
* BIGNUMS can be compared against other BIGNUMs or zero.
* Some additional equality tests against 1 & specific values are provided.
* Tests for parity are included as well.
*/
DECLARE_COMPARISONS(BIGNUM *, BN)
int test_BN_eq_zero(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_ne_zero(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_lt_zero(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_le_zero(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_gt_zero(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_ge_zero(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_eq_one(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_odd(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_even(const char *file, int line, const char *s, const BIGNUM *a);
int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws,
const BIGNUM *a, BN_ULONG w);
int test_BN_abs_eq_word(const char *file, int line, const char *bns,
const char *ws, const BIGNUM *a, BN_ULONG w);
/*
* Pretty print a failure message.
* These should not be called directly, use the TEST_xxx macros below instead.
*/
void test_error(const char *file, int line, const char *desc, ...)
PRINTF_FORMAT(3, 4);
void test_error_c90(const char *desc, ...) PRINTF_FORMAT(1, 2);
void test_info(const char *file, int line, const char *desc, ...)
PRINTF_FORMAT(3, 4);
void test_info_c90(const char *desc, ...) PRINTF_FORMAT(1, 2);
void test_note(const char *desc, ...) PRINTF_FORMAT(1, 2);
void test_openssl_errors(void);
void test_perror(const char *s);
/*
* The following macros provide wrapper calls to the test functions with
* a default description that indicates the file and line number of the error.
*
* The following macros guarantee to evaluate each argument exactly once.
* This allows constructs such as: if (!TEST_ptr(ptr = OPENSSL_malloc(..)))
* to produce better contextual output than:
* ptr = OPENSSL_malloc(..);
* if (!TEST_ptr(ptr))
*/
# define TEST_int_eq(a, b) test_int_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_int_ne(a, b) test_int_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_int_lt(a, b) test_int_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_int_le(a, b) test_int_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_int_gt(a, b) test_int_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_int_ge(a, b) test_int_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uint_eq(a, b) test_uint_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uint_ne(a, b) test_uint_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uint_lt(a, b) test_uint_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uint_le(a, b) test_uint_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uint_gt(a, b) test_uint_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uint_ge(a, b) test_uint_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_char_eq(a, b) test_char_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_char_ne(a, b) test_char_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_char_lt(a, b) test_char_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_char_le(a, b) test_char_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_char_gt(a, b) test_char_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_char_ge(a, b) test_char_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uchar_eq(a, b) test_uchar_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uchar_ne(a, b) test_uchar_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uchar_lt(a, b) test_uchar_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uchar_le(a, b) test_uchar_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uchar_gt(a, b) test_uchar_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_uchar_ge(a, b) test_uchar_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_long_eq(a, b) test_long_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_long_ne(a, b) test_long_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_long_lt(a, b) test_long_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_long_le(a, b) test_long_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_long_gt(a, b) test_long_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_long_ge(a, b) test_long_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_eq(a, b) test_ulong_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_ne(a, b) test_ulong_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_lt(a, b) test_ulong_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_le(a, b) test_ulong_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_gt(a, b) test_ulong_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ulong_ge(a, b) test_ulong_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_eq(a, b) test_size_t_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_ne(a, b) test_size_t_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_lt(a, b) test_size_t_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_le(a, b) test_size_t_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_gt(a, b) test_size_t_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_size_t_ge(a, b) test_size_t_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_time_t_eq(a, b) test_time_t_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_time_t_ne(a, b) test_time_t_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_time_t_lt(a, b) test_time_t_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_time_t_le(a, b) test_time_t_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_time_t_gt(a, b) test_time_t_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_time_t_ge(a, b) test_time_t_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ptr_eq(a, b) test_ptr_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ptr_ne(a, b) test_ptr_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_ptr(a) test_ptr(__FILE__, __LINE__, #a, a)
# define TEST_ptr_null(a) test_ptr_null(__FILE__, __LINE__, #a, a)
# define TEST_str_eq(a, b) test_str_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_str_ne(a, b) test_str_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_strn_eq(a, b, n) test_strn_eq(__FILE__, __LINE__, #a, #b, a, b, n)
# define TEST_strn_ne(a, b, n) test_strn_ne(__FILE__, __LINE__, #a, #b, a, b, n)
# define TEST_mem_eq(a, m, b, n) test_mem_eq(__FILE__, __LINE__, #a, #b, a, m, b, n)
# define TEST_mem_ne(a, m, b, n) test_mem_ne(__FILE__, __LINE__, #a, #b, a, m, b, n)
# define TEST_true(a) test_true(__FILE__, __LINE__, #a, (a) != 0)
# define TEST_false(a) test_false(__FILE__, __LINE__, #a, (a) != 0)
# define TEST_BN_eq(a, b) test_BN_eq(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_BN_ne(a, b) test_BN_ne(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_BN_lt(a, b) test_BN_lt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_BN_gt(a, b) test_BN_gt(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_BN_le(a, b) test_BN_le(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_BN_ge(a, b) test_BN_ge(__FILE__, __LINE__, #a, #b, a, b)
# define TEST_BN_eq_zero(a) test_BN_eq_zero(__FILE__, __LINE__, #a, a)
# define TEST_BN_ne_zero(a) test_BN_ne_zero(__FILE__, __LINE__, #a, a)
# define TEST_BN_lt_zero(a) test_BN_lt_zero(__FILE__, __LINE__, #a, a)
# define TEST_BN_gt_zero(a) test_BN_gt_zero(__FILE__, __LINE__, #a, a)
# define TEST_BN_le_zero(a) test_BN_le_zero(__FILE__, __LINE__, #a, a)
# define TEST_BN_ge_zero(a) test_BN_ge_zero(__FILE__, __LINE__, #a, a)
# define TEST_BN_eq_one(a) test_BN_eq_one(__FILE__, __LINE__, #a, a)
# define TEST_BN_eq_word(a, w) test_BN_eq_word(__FILE__, __LINE__, #a, #w, a, w)
# define TEST_BN_abs_eq_word(a, w) test_BN_abs_eq_word(__FILE__, __LINE__, #a, #w, a, w)
# define TEST_BN_odd(a) test_BN_odd(__FILE__, __LINE__, #a, a)
# define TEST_BN_even(a) test_BN_even(__FILE__, __LINE__, #a, a)
/*
* TEST_error(desc, ...) prints an informative error message in the standard
* format. |desc| is a printf format string.
*/
# if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
# define TEST_error test_error_c90
# define TEST_info test_info_c90
# else
# define TEST_error(...) test_error(__FILE__, __LINE__, __VA_ARGS__)
# define TEST_info(...) test_info(__FILE__, __LINE__, __VA_ARGS__)
# endif
# define TEST_note test_note
# define TEST_openssl_errors test_openssl_errors
# define TEST_perror test_perror
extern BIO *bio_out;
extern BIO *bio_err;
/*
* Formatted output for strings, memory and bignums.
*/
void test_output_string(const char *name, const char *m, size_t l);
void test_output_bignum(const char *name, const BIGNUM *bn);
void test_output_memory(const char *name, const unsigned char *m, size_t l);
/*
* Utilities to parse a test file.
*/
#define TESTMAXPAIRS 20
typedef struct pair_st {
char *key;
char *value;
} PAIR;
typedef struct stanza_st {
const char *test_file; /* Input file name */
BIO *fp; /* Input file */
int curr; /* Current line in file */
int start; /* Line where test starts */
int errors; /* Error count */
int numtests; /* Number of tests */
int numskip; /* Number of skipped tests */
int numpairs;
PAIR pairs[TESTMAXPAIRS];
BIO *key; /* temp memory BIO for reading in keys */
char buff[4096]; /* Input buffer for a single key/value */
} STANZA;
/*
* Prepare to start reading the file |testfile| as input.
*/
int test_start_file(STANZA *s, const char *testfile);
int test_end_file(STANZA *s);
/*
* Read a stanza from the test file. A stanza consists of a block
* of lines of the form
* key = value
* The block is terminated by EOF or a blank line.
* Return 1 if found, 0 on EOF or error.
*/
int test_readstanza(STANZA *s);
/*
* Clear a stanza, release all allocated memory.
*/
void test_clearstanza(STANZA *s);
/*
* Glue an array of strings together and return it as an allocated string.
* Optionally return the whole length of this string in |out_len|
*/
char *glue_strings(const char *list[], size_t *out_len);
#endif /* HEADER_TESTUTIL_H */
openssl-1.1.1/test/testutil/0000755000000000000000000000000013345734631014540 5ustar rootrootopenssl-1.1.1/test/testutil/driver.c0000644000000000000000000001703213345734631016202 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "output.h"
#include "tu_local.h"
#include <string.h>
#include <assert.h>
#include "internal/nelem.h"
#include <openssl/bio.h>
#ifdef _WIN32
# define strdup _strdup
#endif
/*
* Declares the structures needed to register each test case function.
*/
typedef struct test_info {
const char *test_case_name;
int (*test_fn) (void);
int (*param_test_fn)(int idx);
int num;
/* flags */
int subtest:1;
} TEST_INFO;
static TEST_INFO all_tests[1024];
static int num_tests = 0;
static int seed = 0;
/*
* A parameterised tests runs a loop of test cases.
* |num_test_cases| counts the total number of test cases
* across all tests.
*/
static int num_test_cases = 0;
void add_test(const char *test_case_name, int (*test_fn) (void))
{
assert(num_tests != OSSL_NELEM(all_tests));
all_tests[num_tests].test_case_name = test_case_name;
all_tests[num_tests].test_fn = test_fn;
all_tests[num_tests].num = -1;
++num_tests;
++num_test_cases;
}
void add_all_tests(const char *test_case_name, int(*test_fn)(int idx),
int num, int subtest)
{
assert(num_tests != OSSL_NELEM(all_tests));
all_tests[num_tests].test_case_name = test_case_name;
all_tests[num_tests].param_test_fn = test_fn;
all_tests[num_tests].num = num;
all_tests[num_tests].subtest = subtest;
++num_tests;
num_test_cases += num;
}
static int level = 0;
int subtest_level(void)
{
return level;
}
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
static int should_report_leaks(void)
{
/*
* When compiled with enable-crypto-mdebug, OPENSSL_DEBUG_MEMORY=0
* can be used to disable leak checking at runtime.
* Note this only works when running the test binary manually;
* the test harness always enables OPENSSL_DEBUG_MEMORY.
*/
char *mem_debug_env = getenv("OPENSSL_DEBUG_MEMORY");
return mem_debug_env == NULL
|| (strcmp(mem_debug_env, "0") && strcmp(mem_debug_env, ""));
}
#endif
static int gcd(int a, int b)
{
while (b != 0) {
int t = b;
b = a % b;
a = t;
}
return a;
}
void setup_test_framework()
{
char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER");
level = TAP_levels != NULL ? 4 * atoi(TAP_levels) : 0;
if (test_seed != NULL) {
seed = atoi(test_seed);
if (seed <= 0)
seed = (int)time(NULL);
test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed);
test_flush_stdout();
srand(seed);
}
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (should_report_leaks()) {
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
}
#endif
}
int pulldown_test_framework(int ret)
{
set_test_title(NULL);
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (should_report_leaks()
&& CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0)
return EXIT_FAILURE;
#endif
return ret;
}
static void finalize(int success)
{
if (success)
ERR_clear_error();
else
ERR_print_errors_cb(openssl_error_cb, NULL);
}
static char *test_title = NULL;
void set_test_title(const char *title)
{
free(test_title);
test_title = title == NULL ? NULL : strdup(title);
}
PRINTF_FORMAT(2, 3) static void test_verdict(int pass, const char *extra, ...)
{
va_list ap;
test_flush_stdout();
test_flush_stderr();
test_printf_stdout("%*s%s", level, "", pass ? "ok" : "not ok");
if (extra != NULL) {
test_printf_stdout(" ");
va_start(ap, extra);
test_vprintf_stdout(extra, ap);
va_end(ap);
}
test_printf_stdout("\n");
test_flush_stdout();
}
int run_tests(const char *test_prog_name)
{
int num_failed = 0;
int verdict = 1;
int ii, i, jj, j, jstep;
int permute[OSSL_NELEM(all_tests)];
if (num_tests < 1) {
test_printf_stdout("%*s1..0 # Skipped: %s\n", level, "",
test_prog_name);
} else {
if (level > 0)
test_printf_stdout("%*s# Subtest: %s\n", level, "", test_prog_name);
test_printf_stdout("%*s1..%d\n", level, "", num_tests);
}
test_flush_stdout();
for (i = 0; i < num_tests; i++)
permute[i] = i;
if (seed != 0)
for (i = num_tests - 1; i >= 1; i--) {
j = rand() % (1 + i);
ii = permute[j];
permute[j] = permute[i];
permute[i] = ii;
}
for (ii = 0; ii != num_tests; ++ii) {
i = permute[ii];
if (all_tests[i].num == -1) {
int ret = 0;
set_test_title(all_tests[i].test_case_name);
ret = all_tests[i].test_fn();
verdict = 1;
if (!ret) {
verdict = 0;
++num_failed;
}
test_verdict(verdict, "%d - %s", ii + 1, test_title);
finalize(ret);
} else {
int num_failed_inner = 0;
level += 4;
if (all_tests[i].subtest) {
test_printf_stdout("%*s# Subtest: %s\n", level, "",
all_tests[i].test_case_name);
test_printf_stdout("%*s%d..%d\n", level, "", 1,
all_tests[i].num);
test_flush_stdout();
}
j = -1;
if (seed == 0 || all_tests[i].num < 3)
jstep = 1;
else
do
jstep = rand() % all_tests[i].num;
while (jstep == 0 || gcd(all_tests[i].num, jstep) != 1);
for (jj = 0; jj < all_tests[i].num; jj++) {
int ret;
j = (j + jstep) % all_tests[i].num;
set_test_title(NULL);
ret = all_tests[i].param_test_fn(j);
if (!ret)
++num_failed_inner;
finalize(ret);
if (all_tests[i].subtest) {
verdict = 1;
if (!ret) {
verdict = 0;
++num_failed_inner;
}
if (test_title != NULL)
test_verdict(verdict, "%d - %s", jj + 1, test_title);
else
test_verdict(verdict, "%d - iteration %d",
jj + 1, j + 1);
}
}
level -= 4;
verdict = 1;
if (num_failed_inner) {
verdict = 0;
++num_failed;
}
test_verdict(verdict, "%d - %s", ii + 1,
all_tests[i].test_case_name);
}
}
if (num_failed != 0)
return EXIT_FAILURE;
return EXIT_SUCCESS;
}
/*
* Glue an array of strings together and return it as an allocated string.
* Optionally return the whole length of this string in |out_len|
*/
char *glue_strings(const char *list[], size_t *out_len)
{
size_t len = 0;
char *p, *ret;
int i;
for (i = 0; list[i] != NULL; i++)
len += strlen(list[i]);
if (out_len != NULL)
*out_len = len;
if (!TEST_ptr(ret = p = OPENSSL_malloc(len + 1)))
return NULL;
for (i = 0; list[i] != NULL; i++)
p += strlen(strcpy(p, list[i]));
return ret;
}
openssl-1.1.1/test/testutil/output_helpers.c0000644000000000000000000000127513345734631017773 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "output.h"
int test_printf_stdout(const char *fmt, ...)
{
va_list ap;
int ret;
va_start(ap, fmt);
ret = test_vprintf_stdout(fmt, ap);
va_end(ap);
return ret;
}
int test_printf_stderr(const char *fmt, ...)
{
va_list ap;
int ret;
va_start(ap, fmt);
ret = test_vprintf_stderr(fmt, ap);
va_end(ap);
return ret;
}
openssl-1.1.1/test/testutil/tests.c0000644000000000000000000003772313345734631016062 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "output.h"
#include "tu_local.h"
#include <errno.h>
#include <string.h>
#include <ctype.h>
#include "internal/nelem.h"
#include <openssl/asn1.h>
/*
* Output a failed test first line.
* All items are optional are generally not preinted if passed as NULL.
* The special cases are for prefix where "ERROR" is assumed and for left
* and right where a non-failure message is produced if either is NULL.
*/
void test_fail_message_prefix(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op)
{
test_printf_stderr("%s: ", prefix != NULL ? prefix : "ERROR");
if (type)
test_printf_stderr("(%s) ", type);
if (op != NULL) {
if (left != NULL && right != NULL)
test_printf_stderr("'%s %s %s' failed", left, op, right);
else
test_printf_stderr("'%s'", op);
}
if (file != NULL) {
test_printf_stderr(" @ %s:%d", file, line);
}
test_printf_stderr("\n");
}
/*
* A common routine to output test failure messages. Generally this should not
* be called directly, rather it should be called by the following functions.
*
* |desc| is a printf formatted description with arguments |args| that is
* supplied by the user and |desc| can be NULL. |type| is the data type
* that was tested (int, char, ptr, ...). |fmt| is a system provided
* printf format with following arguments that spell out the failure
* details i.e. the actual values compared and the operator used.
*
* The typical use for this is from an utility test function:
*
* int test6(const char *file, int line, int n) {
* if (n != 6) {
* test_fail_message(1, file, line, "int", "value %d is not %d", n, 6);
* return 0;
* }
* return 1;
* }
*
* calling test6(3, "oops") will return 0 and produce out along the lines of:
* FAIL oops: (int) value 3 is not 6\n
*/
static void test_fail_message(const char *prefix, const char *file, int line,
const char *type, const char *left,
const char *right, const char *op,
const char *fmt, ...)
PRINTF_FORMAT(8, 9);
static void test_fail_message_va(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const char *fmt, va_list ap)
{
test_fail_message_prefix(prefix, file, line, type, left, right, op);
if (fmt != NULL) {
test_vprintf_stderr(fmt, ap);
test_printf_stderr("\n");
}
test_flush_stderr();
}
static void test_fail_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
test_fail_message_va(prefix, file, line, type, left, right, op, fmt, ap);
va_end(ap);
}
void test_info_c90(const char *desc, ...)
{
va_list ap;
va_start(ap, desc);
test_fail_message_va("INFO", NULL, -1, NULL, NULL, NULL, NULL, desc, ap);
va_end(ap);
}
void test_info(const char *file, int line, const char *desc, ...)
{
va_list ap;
va_start(ap, desc);
test_fail_message_va("INFO", file, line, NULL, NULL, NULL, NULL, desc, ap);
va_end(ap);
}
void test_error_c90(const char *desc, ...)
{
va_list ap;
va_start(ap, desc);
test_fail_message_va(NULL, NULL, -1, NULL, NULL, NULL, NULL, desc, ap);
va_end(ap);
test_printf_stderr("\n");
}
void test_error(const char *file, int line, const char *desc, ...)
{
va_list ap;
va_start(ap, desc);
test_fail_message_va(NULL, file, line, NULL, NULL, NULL, NULL, desc, ap);
va_end(ap);
test_printf_stderr("\n");
}
void test_perror(const char *s)
{
/*
* Using openssl_strerror_r causes linking issues since it isn't
* exported from libcrypto.so
*/
TEST_error("%s: %s", s, strerror(errno));
}
void test_note(const char *fmt, ...)
{
if (fmt != NULL) {
va_list ap;
va_start(ap, fmt);
test_vprintf_stderr(fmt, ap);
va_end(ap);
test_printf_stderr("\n");
}
test_flush_stderr();
}
void test_openssl_errors(void)
{
ERR_print_errors_cb(openssl_error_cb, NULL);
ERR_clear_error();
}
/*
* Define some comparisons between pairs of various types.
* These functions return 1 if the test is true.
* Otherwise, they return 0 and pretty-print diagnostics.
*
* In each case the functions produced are:
* int test_name_eq(const type t1, const type t2, const char *desc, ...);
* int test_name_ne(const type t1, const type t2, const char *desc, ...);
* int test_name_lt(const type t1, const type t2, const char *desc, ...);
* int test_name_le(const type t1, const type t2, const char *desc, ...);
* int test_name_gt(const type t1, const type t2, const char *desc, ...);
* int test_name_ge(const type t1, const type t2, const char *desc, ...);
*
* The t1 and t2 arguments are to be compared for equality, inequality,
* less than, less than or equal to, greater than and greater than or
* equal to respectively. If the specified condition holds, the functions
* return 1. If the condition does not hold, the functions print a diagnostic
* message and return 0.
*
* The desc argument is a printf format string followed by its arguments and
* this is included in the output if the condition being tested for is false.
*/
#define DEFINE_COMPARISON(type, name, opname, op, fmt) \
int test_ ## name ## _ ## opname(const char *file, int line, \
const char *s1, const char *s2, \
const type t1, const type t2) \
{ \
if (t1 op t2) \
return 1; \
test_fail_message(NULL, file, line, #type, s1, s2, #op, \
"[" fmt "] compared to [" fmt "]", \
t1, t2); \
return 0; \
}
#define DEFINE_COMPARISONS(type, name, fmt) \
DEFINE_COMPARISON(type, name, eq, ==, fmt) \
DEFINE_COMPARISON(type, name, ne, !=, fmt) \
DEFINE_COMPARISON(type, name, lt, <, fmt) \
DEFINE_COMPARISON(type, name, le, <=, fmt) \
DEFINE_COMPARISON(type, name, gt, >, fmt) \
DEFINE_COMPARISON(type, name, ge, >=, fmt)
DEFINE_COMPARISONS(int, int, "%d")
DEFINE_COMPARISONS(unsigned int, uint, "%u")
DEFINE_COMPARISONS(char, char, "%c")
DEFINE_COMPARISONS(unsigned char, uchar, "%u")
DEFINE_COMPARISONS(long, long, "%ld")
DEFINE_COMPARISONS(unsigned long, ulong, "%lu")
DEFINE_COMPARISONS(size_t, size_t, "%zu")
DEFINE_COMPARISON(void *, ptr, eq, ==, "%p")
DEFINE_COMPARISON(void *, ptr, ne, !=, "%p")
int test_ptr_null(const char *file, int line, const char *s, const void *p)
{
if (p == NULL)
return 1;
test_fail_message(NULL, file, line, "ptr", s, "NULL", "==", "%p", p);
return 0;
}
int test_ptr(const char *file, int line, const char *s, const void *p)
{
if (p != NULL)
return 1;
test_fail_message(NULL, file, line, "ptr", s, "NULL", "!=", "%p", p);
return 0;
}
int test_true(const char *file, int line, const char *s, int b)
{
if (b)
return 1;
test_fail_message(NULL, file, line, "bool", s, "true", "==", "false");
return 0;
}
int test_false(const char *file, int line, const char *s, int b)
{
if (!b)
return 1;
test_fail_message(NULL, file, line, "bool", s, "false", "==", "true");
return 0;
}
int test_str_eq(const char *file, int line, const char *st1, const char *st2,
const char *s1, const char *s2)
{
if (s1 == NULL && s2 == NULL)
return 1;
if (s1 == NULL || s2 == NULL || strcmp(s1, s2) != 0) {
test_fail_string_message(NULL, file, line, "string", st1, st2, "==",
s1, s1 == NULL ? 0 : strlen(s1),
s2, s2 == NULL ? 0 : strlen(s2));
return 0;
}
return 1;
}
int test_str_ne(const char *file, int line, const char *st1, const char *st2,
const char *s1, const char *s2)
{
if ((s1 == NULL) ^ (s2 == NULL))
return 1;
if (s1 == NULL || strcmp(s1, s2) == 0) {
test_fail_string_message(NULL, file, line, "string", st1, st2, "!=",
s1, s1 == NULL ? 0 : strlen(s1),
s2, s2 == NULL ? 0 : strlen(s2));
return 0;
}
return 1;
}
int test_strn_eq(const char *file, int line, const char *st1, const char *st2,
const char *s1, const char *s2, size_t len)
{
if (s1 == NULL && s2 == NULL)
return 1;
if (s1 == NULL || s2 == NULL || strncmp(s1, s2, len) != 0) {
test_fail_string_message(NULL, file, line, "string", st1, st2, "==",
s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, len),
s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, len));
return 0;
}
return 1;
}
int test_strn_ne(const char *file, int line, const char *st1, const char *st2,
const char *s1, const char *s2, size_t len)
{
if ((s1 == NULL) ^ (s2 == NULL))
return 1;
if (s1 == NULL || strncmp(s1, s2, len) == 0) {
test_fail_string_message(NULL, file, line, "string", st1, st2, "!=",
s1, s1 == NULL ? 0 : OPENSSL_strnlen(s1, len),
s2, s2 == NULL ? 0 : OPENSSL_strnlen(s2, len));
return 0;
}
return 1;
}
int test_mem_eq(const char *file, int line, const char *st1, const char *st2,
const void *s1, size_t n1, const void *s2, size_t n2)
{
if (s1 == NULL && s2 == NULL)
return 1;
if (n1 != n2 || s1 == NULL || s2 == NULL || memcmp(s1, s2, n1) != 0) {
test_fail_memory_message(NULL, file, line, "memory", st1, st2, "==",
s1, n1, s2, n2);
return 0;
}
return 1;
}
int test_mem_ne(const char *file, int line, const char *st1, const char *st2,
const void *s1, size_t n1, const void *s2, size_t n2)
{
if ((s1 == NULL) ^ (s2 == NULL))
return 1;
if (n1 != n2)
return 1;
if (s1 == NULL || memcmp(s1, s2, n1) == 0) {
test_fail_memory_message(NULL, file, line, "memory", st1, st2, "!=",
s1, n1, s2, n2);
return 0;
}
return 1;
}
#define DEFINE_BN_COMPARISONS(opname, op, zero_cond) \
int test_BN_ ## opname(const char *file, int line, \
const char *s1, const char *s2, \
const BIGNUM *t1, const BIGNUM *t2) \
{ \
if (BN_cmp(t1, t2) op 0) \
return 1; \
test_fail_bignum_message(NULL, file, line, "BIGNUM", s1, s2, \
#op, t1, t2); \
return 0; \
} \
int test_BN_ ## opname ## _zero(const char *file, int line, \
const char *s, const BIGNUM *a) \
{ \
if (a != NULL &&(zero_cond)) \
return 1; \
test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", \
s, "0", #op, a); \
return 0; \
}
DEFINE_BN_COMPARISONS(eq, ==, BN_is_zero(a))
DEFINE_BN_COMPARISONS(ne, !=, !BN_is_zero(a))
DEFINE_BN_COMPARISONS(gt, >, !BN_is_negative(a) && !BN_is_zero(a))
DEFINE_BN_COMPARISONS(ge, >=, !BN_is_negative(a) || BN_is_zero(a))
DEFINE_BN_COMPARISONS(lt, <, BN_is_negative(a) && !BN_is_zero(a))
DEFINE_BN_COMPARISONS(le, <=, BN_is_negative(a) || BN_is_zero(a))
int test_BN_eq_one(const char *file, int line, const char *s, const BIGNUM *a)
{
if (a != NULL && BN_is_one(a))
return 1;
test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", s, "1", "==", a);
return 0;
}
int test_BN_odd(const char *file, int line, const char *s, const BIGNUM *a)
{
if (a != NULL && BN_is_odd(a))
return 1;
test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", "ODD(", ")", s, a);
return 0;
}
int test_BN_even(const char *file, int line, const char *s, const BIGNUM *a)
{
if (a != NULL && !BN_is_odd(a))
return 1;
test_fail_bignum_mono_message(NULL, file, line, "BIGNUM", "EVEN(", ")", s,
a);
return 0;
}
int test_BN_eq_word(const char *file, int line, const char *bns, const char *ws,
const BIGNUM *a, BN_ULONG w)
{
BIGNUM *bw;
if (a != NULL && BN_is_word(a, w))
return 1;
bw = BN_new();
BN_set_word(bw, w);
test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "==", a, bw);
BN_free(bw);
return 0;
}
int test_BN_abs_eq_word(const char *file, int line, const char *bns,
const char *ws, const BIGNUM *a, BN_ULONG w)
{
BIGNUM *bw, *aa;
if (a != NULL && BN_abs_is_word(a, w))
return 1;
bw = BN_new();
aa = BN_dup(a);
BN_set_negative(aa, 0);
BN_set_word(bw, w);
test_fail_bignum_message(NULL, file, line, "BIGNUM", bns, ws, "abs==",
aa, bw);
BN_free(bw);
BN_free(aa);
return 0;
}
static const char *print_time(const ASN1_TIME *t)
{
return t == NULL ? "<null>" : (char *)ASN1_STRING_get0_data(t);
}
#define DEFINE_TIME_T_COMPARISON(opname, op) \
int test_time_t_ ## opname(const char *file, int line, \
const char *s1, const char *s2, \
const time_t t1, const time_t t2) \
{ \
ASN1_TIME *at1 = ASN1_TIME_set(NULL, t1); \
ASN1_TIME *at2 = ASN1_TIME_set(NULL, t2); \
int r = at1 != NULL && at2 != NULL \
&& ASN1_TIME_compare(at1, at2) op 0; \
if (!r) \
test_fail_message(NULL, file, line, "time_t", s1, s2, #op, \
"[%s] compared to [%s]", \
print_time(at1), print_time(at2)); \
ASN1_STRING_free(at1); \
ASN1_STRING_free(at2); \
return r; \
}
DEFINE_TIME_T_COMPARISON(eq, ==)
DEFINE_TIME_T_COMPARISON(ne, !=)
DEFINE_TIME_T_COMPARISON(gt, >)
DEFINE_TIME_T_COMPARISON(ge, >=)
DEFINE_TIME_T_COMPARISON(lt, <)
DEFINE_TIME_T_COMPARISON(le, <=)
openssl-1.1.1/test/testutil/cb.c0000644000000000000000000000073513345734631015275 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "output.h"
#include "tu_local.h"
int openssl_error_cb(const char *str, size_t len, void *u)
{
return test_printf_stderr("%s", str);
}
openssl-1.1.1/test/testutil/test_cleanup.c0000644000000000000000000000060013345734631017366 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
void cleanup_tests(void)
{
}
openssl-1.1.1/test/testutil/tap_bio.c0000644000000000000000000001002413345734631016316 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "tu_local.h"
static int tap_write_ex(BIO *b, const char *buf, size_t size, size_t *in_size);
static int tap_read_ex(BIO *b, char *buf, size_t size, size_t *out_size);
static int tap_puts(BIO *b, const char *str);
static int tap_gets(BIO *b, char *str, int size);
static long tap_ctrl(BIO *b, int cmd, long arg1, void *arg2);
static int tap_new(BIO *b);
static int tap_free(BIO *b);
static long tap_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
const BIO_METHOD *BIO_f_tap(void)
{
static BIO_METHOD *tap = NULL;
if (tap == NULL) {
tap = BIO_meth_new(BIO_TYPE_START | BIO_TYPE_FILTER, "tap");
if (tap != NULL) {
BIO_meth_set_write_ex(tap, tap_write_ex);
BIO_meth_set_read_ex(tap, tap_read_ex);
BIO_meth_set_puts(tap, tap_puts);
BIO_meth_set_gets(tap, tap_gets);
BIO_meth_set_ctrl(tap, tap_ctrl);
BIO_meth_set_create(tap, tap_new);
BIO_meth_set_destroy(tap, tap_free);
BIO_meth_set_callback_ctrl(tap, tap_callback_ctrl);
}
}
return tap;
}
static int tap_new(BIO *b)
{
BIO_set_data(b, NULL);
BIO_set_init(b, 1);
return 1;
}
static int tap_free(BIO *b)
{
if (b == NULL)
return 0;
BIO_set_data(b, NULL);
BIO_set_init(b, 0);
return 1;
}
static int tap_read_ex(BIO *b, char *buf, size_t size, size_t *out_size)
{
BIO *next = BIO_next(b);
int ret = 0;
ret = BIO_read_ex(next, buf, size, out_size);
BIO_clear_retry_flags(b);
BIO_copy_next_retry(b);
return ret;
}
/*
* Output a string to the specified bio and return 1 if successful.
*/
static int write_string(BIO *b, const char *buf, size_t n)
{
size_t m;
return BIO_write_ex(b, buf, n, &m) != 0 && m == n;
}
/*
* Write some data.
*
* This function implements a simple state machine that detects new lines.
* It indents the output and prefixes it with a '#' character.
*
* It returns the number of input characters that were output in in_size.
* More characters than this will likely have been output however any calling
* code will be unable to correctly assess the actual number of characters
* emitted and would be prone to failure if the actual number were returned.
*
* The BIO_data field is used as our state. If it is NULL, we've just
* seen a new line. If it is not NULL, we're processing characters in a line.
*/
static int tap_write_ex(BIO *b, const char *buf, size_t size, size_t *in_size)
{
BIO *next = BIO_next(b);
size_t i;
int j;
for (i = 0; i < size; i++) {
if (BIO_get_data(b) == NULL) {
BIO_set_data(b, "");
for (j = 0; j < subtest_level(); j++)
if (!write_string(next, " ", 1))
goto err;
if (!write_string(next, "# ", 2))
goto err;
}
if (!write_string(next, buf + i, 1))
goto err;
if (buf[i] == '\n')
BIO_set_data(b, NULL);
}
*in_size = i;
return 1;
err:
*in_size = i;
return 0;
}
static long tap_ctrl(BIO *b, int cmd, long num, void *ptr)
{
BIO *next = BIO_next(b);
switch (cmd) {
case BIO_CTRL_RESET:
BIO_set_data(b, NULL);
break;
default:
break;
}
return BIO_ctrl(next, cmd, num, ptr);
}
static long tap_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
{
return BIO_callback_ctrl(BIO_next(b), cmd, fp);
}
static int tap_gets(BIO *b, char *buf, int size)
{
return BIO_gets(BIO_next(b), buf, size);
}
static int tap_puts(BIO *b, const char *str)
{
size_t m;
if (!tap_write_ex(b, str, strlen(str), &m))
return 0;
return m;
}
openssl-1.1.1/test/testutil/init.c0000644000000000000000000000061313345734631015647 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
int global_init(void)
{
return 1;
}
openssl-1.1.1/test/testutil/format_output.c0000644000000000000000000004131213345734631017615 0ustar rootroot/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "output.h"
#include "tu_local.h"
#include <string.h>
#include <ctype.h>
#include "internal/nelem.h"
/* The size of memory buffers to display on failure */
#define MEM_BUFFER_SIZE (2000)
#define MAX_STRING_WIDTH (80)
#define BN_OUTPUT_SIZE (8)
/* Output a diff header */
static void test_diff_header(const char *left, const char *right)
{
test_printf_stderr("--- %s\n", left);
test_printf_stderr("+++ %s\n", right);
}
/* Formatted string output routines */
static void test_string_null_empty(const char *m, char c)
{
if (m == NULL)
test_printf_stderr("% 4s %c NULL\n", "", c);
else
test_printf_stderr("% 4u:%c ''\n", 0u, c);
}
static void test_fail_string_common(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const char *m1, size_t l1,
const char *m2, size_t l2)
{
const size_t width = (MAX_STRING_WIDTH - subtest_level() - 12) / 16 * 16;
char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1];
char bdiff[MAX_STRING_WIDTH + 1];
size_t n1, n2, i;
unsigned int cnt = 0, diff;
test_fail_message_prefix(prefix, file, line, type, left, right, op);
if (m1 == NULL)
l1 = 0;
if (m2 == NULL)
l2 = 0;
if (l1 == 0 && l2 == 0) {
if ((m1 == NULL) == (m2 == NULL)) {
test_string_null_empty(m1, ' ');
} else {
test_diff_header(left, right);
test_string_null_empty(m1, '-');
test_string_null_empty(m2, '+');
}
goto fin;
}
if (l1 != l2 || strcmp(m1, m2) != 0)
test_diff_header(left, right);
while (l1 > 0 || l2 > 0) {
n1 = n2 = 0;
if (l1 > 0) {
b1[n1 = l1 > width ? width : l1] = 0;
for (i = 0; i < n1; i++)
b1[i] = isprint((unsigned char)m1[i]) ? m1[i] : '.';
}
if (l2 > 0) {
b2[n2 = l2 > width ? width : l2] = 0;
for (i = 0; i < n2; i++)
b2[i] = isprint((unsigned char)m2[i]) ? m2[i] : '.';
}
diff = 0;
i = 0;
if (n1 > 0 && n2 > 0) {
const size_t j = n1 < n2 ? n1 : n2;
for (; i < j; i++)
if (m1[i] == m2[i]) {
bdiff[i] = ' ';
} else {
bdiff[i] = '^';
diff = 1;
}
bdiff[i] = '\0';
}
if (n1 == n2 && !diff) {
test_printf_stderr("% 4u: '%s'\n", cnt, n2 > n1 ? b2 : b1);
} else {
if (cnt == 0 && (m1 == NULL || *m1 == '\0'))
test_string_null_empty(m1, '-');
else if (n1 > 0)
test_printf_stderr("% 4u:- '%s'\n", cnt, b1);
if (cnt == 0 && (m2 == NULL || *m2 == '\0'))
test_string_null_empty(m2, '+');
else if (n2 > 0)
test_printf_stderr("% 4u:+ '%s'\n", cnt, b2);
if (diff && i > 0)
test_printf_stderr("% 4s %s\n", "", bdiff);
}
m1 += n1;
m2 += n2;
l1 -= n1;
l2 -= n2;
cnt += width;
}
fin:
test_flush_stderr();
}
/*
* Wrapper routines so that the underlying code can be shared.
* The first is the call from inside the test utilities when a conditional
* fails. The second is the user's call to dump a string.
*/
void test_fail_string_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const char *m1, size_t l1,
const char *m2, size_t l2)
{
test_fail_string_common(prefix, file, line, type, left, right, op,
m1, l1, m2, l2);
test_printf_stderr("\n");
}
void test_output_string(const char *name, const char *m, size_t l)
{
test_fail_string_common("string", NULL, 0, NULL, NULL, NULL, name,
m, l, m, l);
}
/* BIGNUM formatted output routines */
/*
* A basic memory byte to hex digit converter with allowance for spacing
* every so often.
*/
static void hex_convert_memory(const unsigned char *m, size_t n, char *b,
size_t width)
{
size_t i;
for (i = 0; i < n; i++) {
const unsigned char c = *m++;
*b++ = "0123456789abcdef"[c >> 4];
*b++ = "0123456789abcdef"[c & 15];
if (i % width == width - 1 && i != n - 1)
*b++ = ' ';
}
*b = '\0';
}
/*
* Constants to define the number of bytes to display per line and the number
* of characters these take.
*/
static const int bn_bytes = (MAX_STRING_WIDTH - 9) / (BN_OUTPUT_SIZE * 2 + 1)
* BN_OUTPUT_SIZE;
static const int bn_chars = (MAX_STRING_WIDTH - 9) / (BN_OUTPUT_SIZE * 2 + 1)
* (BN_OUTPUT_SIZE * 2 + 1) - 1;
/*
* Output the header line for the bignum
*/
static void test_bignum_header_line(void)
{
test_printf_stderr(" %*s\n", bn_chars + 6, "bit position");
}
static const char *test_bignum_zero_null(const BIGNUM *bn)
{
if (bn != NULL)
return BN_is_negative(bn) ? "-0" : "0";
return "NULL";
}
/*
* Print a bignum zero taking care to include the correct sign.
* This routine correctly deals with a NULL bignum pointer as input.
*/
static void test_bignum_zero_print(const BIGNUM *bn, char sep)
{
const char *v = test_bignum_zero_null(bn);
const char *suf = bn != NULL ? ": 0" : "";
test_printf_stderr("%c%*s%s\n", sep, bn_chars, v, suf);
}
/*
* Convert a section of memory from inside a bignum into a displayable
* string with appropriate visual aid spaces inserted.
*/
static int convert_bn_memory(const unsigned char *in, size_t bytes,
char *out, int *lz, const BIGNUM *bn)
{
int n = bytes * 2, i;
char *p = out, *q = NULL;
if (bn != NULL && !BN_is_zero(bn)) {
hex_convert_memory(in, bytes, out, BN_OUTPUT_SIZE);
if (*lz) {
for (; *p == '0' || *p == ' '; p++)
if (*p == '0') {
q = p;
*p = ' ';
n--;
}
if (*p == '\0') {
/*
* in[bytes] is defined because we're converting a non-zero
* number and we've not seen a non-zero yet.
*/
if ((in[bytes] & 0xf0) != 0 && BN_is_negative(bn)) {
*lz = 0;
*q = '-';
n++;
}
} else {
*lz = 0;
if (BN_is_negative(bn)) {
/*
* This is valid because we always convert more digits than
* the number holds.
*/
*q = '-';
n++;
}
}
}
return n;
}
for (i = 0; i < n; i++) {
*p++ = ' ';
if (i % (2 * BN_OUTPUT_SIZE) == 2 * BN_OUTPUT_SIZE - 1 && i != n - 1)
*p++ = ' ';
}
*p = '\0';
if (bn == NULL)
q = "NULL";
else
q = BN_is_negative(bn) ? "-0" : "0";
strcpy(p - strlen(q), q);
return 0;
}
/*
* Common code to display either one or two bignums, including the diff
* pointers for changes (only when there are two).
*/
static void test_fail_bignum_common(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op,
const BIGNUM *bn1, const BIGNUM *bn2)
{
const size_t bytes = bn_bytes;
char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1];
char *p, bdiff[MAX_STRING_WIDTH + 1];
size_t l1, l2, n1, n2, i, len;
unsigned int cnt, diff, real_diff;
unsigned char *m1 = NULL, *m2 = NULL;
int lz1 = 1, lz2 = 1;
unsigned char buffer[MEM_BUFFER_SIZE * 2], *bufp = buffer;
test_fail_message_prefix(prefix, file, line, type, left, right, op);
l1 = bn1 == NULL ? 0 : (BN_num_bytes(bn1) + (BN_is_negative(bn1) ? 1 : 0));
l2 = bn2 == NULL ? 0 : (BN_num_bytes(bn2) + (BN_is_negative(bn2) ? 1 : 0));
if (l1 == 0 && l2 == 0) {
if ((bn1 == NULL) == (bn2 == NULL)) {
test_bignum_header_line();
test_bignum_zero_print(bn1, ' ');
} else {
test_diff_header(left, right);
test_bignum_header_line();
test_bignum_zero_print(bn1, '-');
test_bignum_zero_print(bn2, '+');
}
goto fin;
}
if (l1 != l2 || bn1 == NULL || bn2 == NULL || BN_cmp(bn1, bn2) != 0)
test_diff_header(left, right);
test_bignum_header_line();
len = ((l1 > l2 ? l1 : l2) + bytes - 1) / bytes * bytes;
if (len > MEM_BUFFER_SIZE && (bufp = OPENSSL_malloc(len * 2)) == NULL) {
bufp = buffer;
len = MEM_BUFFER_SIZE;
test_printf_stderr("WARNING: these BIGNUMs have been truncated\n");
}
if (bn1 != NULL) {
m1 = bufp;
BN_bn2binpad(bn1, m1, len);
}
if (bn2 != NULL) {
m2 = bufp + len;
BN_bn2binpad(bn2, m2, len);
}
while (len > 0) {
cnt = 8 * (len - bytes);
n1 = convert_bn_memory(m1, bytes, b1, &lz1, bn1);
n2 = convert_bn_memory(m2, bytes, b2, &lz2, bn2);
diff = real_diff = 0;
i = 0;
p = bdiff;
for (i=0; b1[i] != '\0'; i++)
if (b1[i] == b2[i] || b1[i] == ' ' || b2[i] == ' ') {
*p++ = ' ';
diff |= b1[i] != b2[i];
} else {
*p++ = '^';
real_diff = diff = 1;
}
*p++ = '\0';
if (!diff) {
test_printf_stderr(" %s:% 5d\n", n2 > n1 ? b2 : b1, cnt);
} else {
if (cnt == 0 && bn1 == NULL)
test_printf_stderr("-%s\n", b1);
else if (cnt == 0 || n1 > 0)
test_printf_stderr("-%s:% 5d\n", b1, cnt);
if (cnt == 0 && bn2 == NULL)
test_printf_stderr("+%s\n", b2);
else if (cnt == 0 || n2 > 0)
test_printf_stderr("+%s:% 5d\n", b2, cnt);
if (real_diff && (cnt == 0 || (n1 > 0 && n2 > 0))
&& bn1 != NULL && bn2 != NULL)
test_printf_stderr(" %s\n", bdiff);
}
if (m1 != NULL)
m1 += bytes;
if (m2 != NULL)
m2 += bytes;
len -= bytes;
}
fin:
test_flush_stderr();
if (bufp != buffer)
OPENSSL_free(bufp);
}
/*
* Wrapper routines so that the underlying code can be shared.
* The first two are calls from inside the test utilities when a conditional
* fails. The third is the user's call to dump a bignum.
*/
void test_fail_bignum_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op,
const BIGNUM *bn1, const BIGNUM *bn2)
{
test_fail_bignum_common(prefix, file, line, type, left, right, op, bn1, bn2);
test_printf_stderr("\n");
}
void test_fail_bignum_mono_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const BIGNUM *bn)
{
test_fail_bignum_common(prefix, file, line, type, left, right, op, bn, bn);
test_printf_stderr("\n");
}
void test_output_bignum(const char *name, const BIGNUM *bn)
{
if (bn == NULL || BN_is_zero(bn)) {
test_printf_stderr("bignum: '%s' = %s\n", name,
test_bignum_zero_null(bn));
} else if (BN_num_bytes(bn) <= BN_OUTPUT_SIZE) {
unsigned char buf[BN_OUTPUT_SIZE];
char out[2 * sizeof(buf) + 1];
char *p = out;
int n = BN_bn2bin(bn, buf);
hex_convert_memory(buf, n, p, BN_OUTPUT_SIZE);
while (*p == '0' && *++p != '\0')
;
test_printf_stderr("bignum: '%s' = %s0x%s\n", name,
BN_is_negative(bn) ? "-" : "", p);
} else {
test_fail_bignum_common("bignum", NULL, 0, NULL, NULL, NULL, name,
bn, bn);
}
}
/* Memory output routines */
/*
* Handle zero length blocks of memory or NULL pointers to memory
*/
static void test_memory_null_empty(const unsigned char *m, char c)
{
if (m == NULL)
test_printf_stderr("% 4s %c%s\n", "", c, "NULL");
else
test_printf_stderr("%04x %c%s\n", 0u, c, "empty");
}
/*
* Common code to display one or two blocks of memory.
*/
static void test_fail_memory_common(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op,
const unsigned char *m1, size_t l1,
const unsigned char *m2, size_t l2)
{
const size_t bytes = (MAX_STRING_WIDTH - 9) / 17 * 8;
char b1[MAX_STRING_WIDTH + 1], b2[MAX_STRING_WIDTH + 1];
char *p, bdiff[MAX_STRING_WIDTH + 1];
size_t n1, n2, i;
unsigned int cnt = 0, diff;
test_fail_message_prefix(prefix, file, line, type, left, right, op);
if (m1 == NULL)
l1 = 0;
if (m2 == NULL)
l2 = 0;
if (l1 == 0 && l2 == 0) {
if ((m1 == NULL) == (m2 == NULL)) {
test_memory_null_empty(m1, ' ');
} else {
test_diff_header(left, right);
test_memory_null_empty(m1, '-');
test_memory_null_empty(m2, '+');
}
goto fin;
}
if (l1 != l2 || (m1 != m2 && memcmp(m1, m2, l1) != 0))
test_diff_header(left, right);
while (l1 > 0 || l2 > 0) {
n1 = n2 = 0;
if (l1 > 0) {
n1 = l1 > bytes ? bytes : l1;
hex_convert_memory(m1, n1, b1, 8);
}
if (l2 > 0) {
n2 = l2 > bytes ? bytes : l2;
hex_convert_memory(m2, n2, b2, 8);
}
diff = 0;
i = 0;
p = bdiff;
if (n1 > 0 && n2 > 0) {
const size_t j = n1 < n2 ? n1 : n2;
for (; i < j; i++) {
if (m1[i] == m2[i]) {
*p++ = ' ';
*p++ = ' ';
} else {
*p++ = '^';
*p++ = '^';
diff = 1;
}
if (i % 8 == 7 && i != j - 1)
*p++ = ' ';
}
*p++ = '\0';
}
if (n1 == n2 && !diff) {
test_printf_stderr("%04x: %s\n", cnt, b1);
} else {
if (cnt == 0 && (m1 == NULL || l1 == 0))
test_memory_null_empty(m1, '-');
else if (n1 > 0)
test_printf_stderr("%04x:-%s\n", cnt, b1);
if (cnt == 0 && (m2 == NULL || l2 == 0))
test_memory_null_empty(m2, '+');
else if (n2 > 0)
test_printf_stderr("%04x:+%s\n", cnt, b2);
if (diff && i > 0)
test_printf_stderr("% 4s %s\n", "", bdiff);
}
m1 += n1;
m2 += n2;
l1 -= n1;
l2 -= n2;
cnt += bytes;
}
fin:
test_flush_stderr();
}
/*
* Wrapper routines so that the underlying code can be shared.
* The first is the call from inside the test utilities when a conditional
* fails. The second is the user's call to dump memory.
*/
void test_fail_memory_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op,
const unsigned char *m1, size_t l1,
const unsigned char *m2, size_t l2)
{
test_fail_memory_common(prefix, file, line, type, left, right, op,
m1, l1, m2, l2);
test_printf_stderr("\n");
}
void test_output_memory(const char *name, const unsigned char *m, size_t l)
{
test_fail_memory_common("memory", NULL, 0, NULL, NULL, NULL, name,
m, l, m, l);
}
openssl-1.1.1/test/testutil/stanza.c0000644000000000000000000000755013345734631016213 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <assert.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include "internal/nelem.h"
#include "../testutil.h"
#include "tu_local.h"
int test_start_file(STANZA *s, const char *testfile)
{
TEST_info("Reading %s", testfile);
set_test_title(testfile);
memset(s, 0, sizeof(*s));
if (!TEST_ptr(s->fp = BIO_new_file(testfile, "r")))
return 0;
s->test_file = testfile;
return 1;
}
int test_end_file(STANZA *s)
{
TEST_info("Completed %d tests with %d errors and %d skipped",
s->numtests, s->errors, s->numskip);
BIO_free(s->fp);
return 1;
}
/*
* Read a PEM block. Return 1 if okay, 0 on error.
*/
static int read_key(STANZA *s)
{
char tmpbuf[128];
if (s->key == NULL) {
if (!TEST_ptr(s->key = BIO_new(BIO_s_mem())))
return 0;
} else if (!TEST_int_gt(BIO_reset(s->key), 0)) {
return 0;
}
/* Read to PEM end line and place content in memory BIO */
while (BIO_gets(s->fp, tmpbuf, sizeof(tmpbuf))) {
s->curr++;
if (!TEST_int_gt(BIO_puts(s->key, tmpbuf), 0))
return 0;
if (strncmp(tmpbuf, "-----END", 8) == 0)
return 1;
}
TEST_error("Can't find key end");
return 0;
}
/*
* Delete leading and trailing spaces from a string
*/
static char *strip_spaces(char *p)
{
char *q;
/* Skip over leading spaces */
while (*p && isspace((unsigned char)*p))
p++;
if (!*p)
return NULL;
for (q = p + strlen(p) - 1; q != p && isspace((unsigned char)*q); )
*q-- = '\0';
return *p ? p : NULL;
}
/*
* Read next test stanza; return 1 if found, 0 on EOF or error.
*/
int test_readstanza(STANZA *s)
{
PAIR *pp = s->pairs;
char *p, *equals, *key, *value;
for (s->numpairs = 0; BIO_gets(s->fp, s->buff, sizeof(s->buff)); ) {
s->curr++;
if (!TEST_ptr(p = strchr(s->buff, '\n'))) {
TEST_info("Line %d too long", s->curr);
return 0;
}
*p = '\0';
/* Blank line marks end of tests. */
if (s->buff[0] == '\0')
break;
/* Lines starting with a pound sign are ignored. */
if (s->buff[0] == '#')
continue;
/* Parse into key=value */
if (!TEST_ptr(equals = strchr(s->buff, '='))) {
TEST_info("Missing = at line %d\n", s->curr);
return 0;
}
*equals++ = '\0';
if (!TEST_ptr(key = strip_spaces(s->buff))) {
TEST_info("Empty field at line %d\n", s->curr);
return 0;
}
if ((value = strip_spaces(equals)) == NULL)
value = "";
if (strcmp(key, "Title") == 0) {
TEST_info("Starting \"%s\" tests at line %d", value, s->curr);
continue;
}
if (s->numpairs == 0)
s->start = s->curr;
if (strcmp(key, "PrivateKey") == 0) {
if (!read_key(s))
return 0;
}
if (strcmp(key, "PublicKey") == 0) {
if (!read_key(s))
return 0;
}
if (!TEST_int_lt(s->numpairs++, TESTMAXPAIRS)
|| !TEST_ptr(pp->key = OPENSSL_strdup(key))
|| !TEST_ptr(pp->value = OPENSSL_strdup(value)))
return 0;
pp++;
}
/* If we read anything, return ok. */
return 1;
}
void test_clearstanza(STANZA *s)
{
PAIR *pp = s->pairs;
int i = s->numpairs;
for ( ; --i >= 0; pp++) {
OPENSSL_free(pp->key);
OPENSSL_free(pp->value);
}
s->numpairs = 0;
}
openssl-1.1.1/test/testutil/main.c0000644000000000000000000000453313345734631015635 0ustar rootroot/*
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "internal/nelem.h"
#include "output.h"
#include "tu_local.h"
#include <string.h>
static size_t arg_count;
static char **args;
static unsigned char arg_used[1000];
static void check_arg_usage(void)
{
size_t i, n = arg_count < OSSL_NELEM(arg_used) ? arg_count
: OSSL_NELEM(arg_used);
for (i = 0; i < n; i++)
if (!arg_used[i+1])
test_printf_stderr("Warning ignored command-line argument %d: %s\n",
i, args[i+1]);
if (i < arg_count)
test_printf_stderr("Warning arguments %zu and later unchecked\n", i);
}
int main(int argc, char *argv[])
{
int ret = EXIT_FAILURE;
test_open_streams();
if (!global_init()) {
test_printf_stderr("Global init failed - aborting\n");
return ret;
}
arg_count = argc - 1;
args = argv;
setup_test_framework();
if (setup_tests())
ret = run_tests(argv[0]);
cleanup_tests();
check_arg_usage();
ret = pulldown_test_framework(ret);
test_close_streams();
return ret;
}
const char *test_get_program_name(void)
{
return args[0];
}
char *test_get_argument(size_t n)
{
if (n > arg_count)
return NULL;
if (n + 1 < OSSL_NELEM(arg_used))
arg_used[n + 1] = 1;
return args[n + 1];
}
size_t test_get_argument_count(void)
{
return arg_count;
}
int test_has_option(const char *option)
{
size_t i;
for (i = 1; i <= arg_count; i++)
if (strcmp(args[i], option) == 0) {
arg_used[i] = 1;
return 1;
}
return 0;
}
const char *test_get_option_argument(const char *option)
{
size_t i, n = strlen(option);
for (i = 1; i <= arg_count; i++)
if (strncmp(args[i], option, n) == 0) {
arg_used[i] = 1;
if (args[i][n] == '\0' && i + 1 < arg_count) {
arg_used[++i] = 1;
return args[i];
}
return args[i] + n;
}
return NULL;
}
openssl-1.1.1/test/testutil/basic_output.c0000644000000000000000000000250113345734631017403 0ustar rootroot/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "output.h"
#include "tu_local.h"
#include <openssl/crypto.h>
#include <openssl/bio.h>
BIO *bio_out = NULL;
BIO *bio_err = NULL;
void test_open_streams(void)
{
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
#ifdef __VMS
bio_out = BIO_push(BIO_new(BIO_f_linebuffer()), bio_out);
bio_err = BIO_push(BIO_new(BIO_f_linebuffer()), bio_err);
#endif
bio_err = BIO_push(BIO_new(BIO_f_tap()), bio_err);
OPENSSL_assert(bio_out != NULL);
OPENSSL_assert(bio_err != NULL);
}
void test_close_streams(void)
{
BIO_free_all(bio_out);
BIO_free_all(bio_err);
}
int test_vprintf_stdout(const char *fmt, va_list ap)
{
return BIO_vprintf(bio_out, fmt, ap);
}
int test_vprintf_stderr(const char *fmt, va_list ap)
{
return BIO_vprintf(bio_err, fmt, ap);
}
int test_flush_stdout(void)
{
return BIO_flush(bio_out);
}
int test_flush_stderr(void)
{
return BIO_flush(bio_err);
}
openssl-1.1.1/test/testutil/tu_local.h0000644000000000000000000000433213345734631016515 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdlib.h> /* size_t */
#include <openssl/bn.h>
#include <openssl/bio.h>
#include "../testutil.h"
int subtest_level(void);
int openssl_error_cb(const char *str, size_t len, void *u);
const BIO_METHOD *BIO_f_tap(void);
void test_fail_message_prefix(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op);
void test_fail_string_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const char *m1, size_t l1,
const char *m2, size_t l2);
void test_fail_bignum_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op,
const BIGNUM *bn1, const BIGNUM *bn2);
void test_fail_bignum_mono_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op, const BIGNUM *bn);
void test_fail_memory_message(const char *prefix, const char *file,
int line, const char *type,
const char *left, const char *right,
const char *op,
const unsigned char *m1, size_t l1,
const unsigned char *m2, size_t l2);
void setup_test_framework(void);
__owur int pulldown_test_framework(int ret);
__owur int run_tests(const char *test_prog_name);
void set_test_title(const char *title);
openssl-1.1.1/test/testutil/output.h0000644000000000000000000000212213345734631016246 0ustar rootroot/*
* Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_TU_OUTPUT_H
# define HEADER_TU_OUTPUT_H
#include <stdarg.h>
/*
* The basic I/O functions used internally by the test framework. These
* can be overridden when needed. Note that if one is, then all must be.
*/
void test_open_streams(void);
void test_close_streams(void);
/* The following ALL return the number of characters written */
int test_vprintf_stdout(const char *fmt, va_list ap);
int test_vprintf_stderr(const char *fmt, va_list ap);
/* These return failure or success */
int test_flush_stdout(void);
int test_flush_stderr(void);
/* Commodity functions. There's no need to override these */
int test_printf_stdout(const char *fmt, ...);
int test_printf_stderr(const char *fmt, ...);
#endif /* HEADER_TU_OUTPUT_H */
openssl-1.1.1/test/asn1_decode_test.c0000644000000000000000000001062613345734627016245 0ustar rootroot/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/rand.h>
#include <openssl/asn1t.h>
#include "internal/numbers.h"
#include "testutil.h"
#ifdef __GNUC__
# pragma GCC diagnostic ignored "-Wunused-function"
#endif
#ifdef __clang__
# pragma clang diagnostic ignored "-Wunused-function"
#endif
/* Badly coded ASN.1 INTEGER zero wrapped in a sequence */
static unsigned char t_invalid_zero[] = {
0x30, 0x02, /* SEQUENCE tag + length */
0x02, 0x00 /* INTEGER tag + length */
};
#if OPENSSL_API_COMPAT < 0x10200000L
/* LONG case ************************************************************* */
typedef struct {
long test_long;
} ASN1_LONG_DATA;
ASN1_SEQUENCE(ASN1_LONG_DATA) = {
ASN1_EMBED(ASN1_LONG_DATA, test_long, LONG),
} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
static int test_long(void)
{
const unsigned char *p = t_invalid_zero;
ASN1_LONG_DATA *dectst =
d2i_ASN1_LONG_DATA(NULL, &p, sizeof(t_invalid_zero));
if (dectst == NULL)
return 0; /* Fail */
ASN1_LONG_DATA_free(dectst);
return 1;
}
#endif
/* INT32 case ************************************************************* */
typedef struct {
int32_t test_int32;
} ASN1_INT32_DATA;
ASN1_SEQUENCE(ASN1_INT32_DATA) = {
ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
static int test_int32(void)
{
const unsigned char *p = t_invalid_zero;
ASN1_INT32_DATA *dectst =
d2i_ASN1_INT32_DATA(NULL, &p, sizeof(t_invalid_zero));
if (dectst == NULL)
return 0; /* Fail */
ASN1_INT32_DATA_free(dectst);
return 1;
}
/* UINT32 case ************************************************************* */
typedef struct {
uint32_t test_uint32;
} ASN1_UINT32_DATA;
ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
static int test_uint32(void)
{
const unsigned char *p = t_invalid_zero;
ASN1_UINT32_DATA *dectst =
d2i_ASN1_UINT32_DATA(NULL, &p, sizeof(t_invalid_zero));
if (dectst == NULL)
return 0; /* Fail */
ASN1_UINT32_DATA_free(dectst);
return 1;
}
/* INT64 case ************************************************************* */
typedef struct {
int64_t test_int64;
} ASN1_INT64_DATA;
ASN1_SEQUENCE(ASN1_INT64_DATA) = {
ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
static int test_int64(void)
{
const unsigned char *p = t_invalid_zero;
ASN1_INT64_DATA *dectst =
d2i_ASN1_INT64_DATA(NULL, &p, sizeof(t_invalid_zero));
if (dectst == NULL)
return 0; /* Fail */
ASN1_INT64_DATA_free(dectst);
return 1;
}
/* UINT64 case ************************************************************* */
typedef struct {
uint64_t test_uint64;
} ASN1_UINT64_DATA;
ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
static int test_uint64(void)
{
const unsigned char *p = t_invalid_zero;
ASN1_UINT64_DATA *dectst =
d2i_ASN1_UINT64_DATA(NULL, &p, sizeof(t_invalid_zero));
if (dectst == NULL)
return 0; /* Fail */
ASN1_UINT64_DATA_free(dectst);
return 1;
}
int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
ADD_TEST(test_long);
#endif
ADD_TEST(test_int32);
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
return 1;
}
openssl-1.1.1/test/casttest.c0000644000000000000000000000616413345734627014675 0ustar rootroot/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
#include "internal/nelem.h"
#include "testutil.h"
#ifndef OPENSSL_NO_CAST
# include <openssl/cast.h>
static unsigned char k[16] = {
0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
};
static unsigned char in[8] =
{ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
static int k_len[3] = { 16, 10, 5 };
static unsigned char c[3][8] = {
{0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2},
{0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B},
{0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E},
};
static unsigned char in_a[16] = {
0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
};
static unsigned char in_b[16] = {
0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
};
static unsigned char c_a[16] = {
0xEE, 0xA9, 0xD0, 0xA2, 0x49, 0xFD, 0x3B, 0xA6,
0xB3, 0x43, 0x6F, 0xB8, 0x9D, 0x6D, 0xCA, 0x92
};
static unsigned char c_b[16] = {
0xB2, 0xC9, 0x5E, 0xB0, 0x0C, 0x31, 0xAD, 0x71,
0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E
};
static int cast_test_vector(int z)
{
int testresult = 1;
CAST_KEY key;
unsigned char out[80];
CAST_set_key(&key, k_len[z], k);
CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT);
if (!TEST_mem_eq(out, sizeof(c[z]), c[z], sizeof(c[z]))) {
TEST_info("CAST_ENCRYPT iteration %d failed (len=%d)", z, k_len[z]);
testresult = 0;
}
CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT);
if (!TEST_mem_eq(out, sizeof(in), in, sizeof(in))) {
TEST_info("CAST_DECRYPT iteration %d failed (len=%d)", z, k_len[z]);
testresult = 0;
}
return testresult;
}
static int cast_test_iterations(void)
{
long l;
int testresult = 1;
CAST_KEY key, key_b;
unsigned char out_a[16], out_b[16];
memcpy(out_a, in_a, sizeof(in_a));
memcpy(out_b, in_b, sizeof(in_b));
for (l = 0; l < 1000000L; l++) {
CAST_set_key(&key_b, 16, out_b);
CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT);
CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT);
CAST_set_key(&key, 16, out_a);
CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT);
CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT);
}
if (!TEST_mem_eq(out_a, sizeof(c_a), c_a, sizeof(c_a))
|| !TEST_mem_eq(out_b, sizeof(c_b), c_b, sizeof(c_b)))
testresult = 0;
return testresult;
}
#endif
int setup_tests(void)
{
#ifndef OPENSSL_NO_CAST
ADD_ALL_TESTS(cast_test_vector, OSSL_NELEM(k_len));
ADD_TEST(cast_test_iterations);
#endif
return 1;
}
openssl-1.1.1/test/handshake_helper.c0000644000000000000000000016461013345734630016323 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/bio.h>
#include <openssl/x509_vfy.h>
#include <openssl/ssl.h>
#ifndef OPENSSL_NO_SRP
#include <openssl/srp.h>
#endif
#include "../ssl/ssl_locl.h"
#include "internal/sockets.h"
#include "internal/nelem.h"
#include "handshake_helper.h"
#include "testutil.h"
HANDSHAKE_RESULT *HANDSHAKE_RESULT_new(void)
{
HANDSHAKE_RESULT *ret;
TEST_ptr(ret = OPENSSL_zalloc(sizeof(*ret)));
return ret;
}
void HANDSHAKE_RESULT_free(HANDSHAKE_RESULT *result)
{
if (result == NULL)
return;
OPENSSL_free(result->client_npn_negotiated);
OPENSSL_free(result->server_npn_negotiated);
OPENSSL_free(result->client_alpn_negotiated);
OPENSSL_free(result->server_alpn_negotiated);
OPENSSL_free(result->result_session_ticket_app_data);
sk_X509_NAME_pop_free(result->server_ca_names, X509_NAME_free);
sk_X509_NAME_pop_free(result->client_ca_names, X509_NAME_free);
OPENSSL_free(result->cipher);
OPENSSL_free(result);
}
/*
* Since there appears to be no way to extract the sent/received alert
* from the SSL object directly, we use the info callback and stash
* the result in ex_data.
*/
typedef struct handshake_ex_data_st {
int alert_sent;
int num_fatal_alerts_sent;
int alert_received;
int session_ticket_do_not_call;
ssl_servername_t servername;
} HANDSHAKE_EX_DATA;
typedef struct ctx_data_st {
unsigned char *npn_protocols;
size_t npn_protocols_len;
unsigned char *alpn_protocols;
size_t alpn_protocols_len;
char *srp_user;
char *srp_password;
char *session_ticket_app_data;
} CTX_DATA;
/* |ctx_data| itself is stack-allocated. */
static void ctx_data_free_data(CTX_DATA *ctx_data)
{
OPENSSL_free(ctx_data->npn_protocols);
ctx_data->npn_protocols = NULL;
OPENSSL_free(ctx_data->alpn_protocols);
ctx_data->alpn_protocols = NULL;
OPENSSL_free(ctx_data->srp_user);
ctx_data->srp_user = NULL;
OPENSSL_free(ctx_data->srp_password);
ctx_data->srp_password = NULL;
OPENSSL_free(ctx_data->session_ticket_app_data);
ctx_data->session_ticket_app_data = NULL;
}
static int ex_data_idx;
static void info_cb(const SSL *s, int where, int ret)
{
if (where & SSL_CB_ALERT) {
HANDSHAKE_EX_DATA *ex_data =
(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
if (where & SSL_CB_WRITE) {
ex_data->alert_sent = ret;
if (strcmp(SSL_alert_type_string(ret), "F") == 0
|| strcmp(SSL_alert_desc_string(ret), "CN") == 0)
ex_data->num_fatal_alerts_sent++;
} else {
ex_data->alert_received = ret;
}
}
}
/* Select the appropriate server CTX.
* Returns SSL_TLSEXT_ERR_OK if a match was found.
* If |ignore| is 1, returns SSL_TLSEXT_ERR_NOACK on mismatch.
* Otherwise, returns SSL_TLSEXT_ERR_ALERT_FATAL on mismatch.
* An empty SNI extension also returns SSL_TSLEXT_ERR_NOACK.
*/
static int select_server_ctx(SSL *s, void *arg, int ignore)
{
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
HANDSHAKE_EX_DATA *ex_data =
(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
if (servername == NULL) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return SSL_TLSEXT_ERR_NOACK;
}
if (strcmp(servername, "server2") == 0) {
SSL_CTX *new_ctx = (SSL_CTX*)arg;
SSL_set_SSL_CTX(s, new_ctx);
/*
* Copy over all the SSL_CTX options - reasonable behavior
* allows testing of cases where the options between two
* contexts differ/conflict
*/
SSL_clear_options(s, 0xFFFFFFFFL);
SSL_set_options(s, SSL_CTX_get_options(new_ctx));
ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
return SSL_TLSEXT_ERR_OK;
} else if (strcmp(servername, "server1") == 0) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return SSL_TLSEXT_ERR_OK;
} else if (ignore) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return SSL_TLSEXT_ERR_NOACK;
} else {
/* Don't set an explicit alert, to test library defaults. */
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
}
static int client_hello_select_server_ctx(SSL *s, void *arg, int ignore)
{
const char *servername;
const unsigned char *p;
size_t len, remaining;
HANDSHAKE_EX_DATA *ex_data =
(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
/*
* The server_name extension was given too much extensibility when it
* was written, so parsing the normal case is a bit complex.
*/
if (!SSL_client_hello_get0_ext(s, TLSEXT_TYPE_server_name, &p,
&remaining) ||
remaining <= 2)
return 0;
/* Extract the length of the supplied list of names. */
len = (*(p++) << 8);
len += *(p++);
if (len + 2 != remaining)
return 0;
remaining = len;
/*
* The list in practice only has a single element, so we only consider
* the first one.
*/
if (remaining == 0 || *p++ != TLSEXT_NAMETYPE_host_name)
return 0;
remaining--;
/* Now we can finally pull out the byte array with the actual hostname. */
if (remaining <= 2)
return 0;
len = (*(p++) << 8);
len += *(p++);
if (len + 2 > remaining)
return 0;
remaining = len;
servername = (const char *)p;
if (len == strlen("server2") && strncmp(servername, "server2", len) == 0) {
SSL_CTX *new_ctx = arg;
SSL_set_SSL_CTX(s, new_ctx);
/*
* Copy over all the SSL_CTX options - reasonable behavior
* allows testing of cases where the options between two
* contexts differ/conflict
*/
SSL_clear_options(s, 0xFFFFFFFFL);
SSL_set_options(s, SSL_CTX_get_options(new_ctx));
ex_data->servername = SSL_TEST_SERVERNAME_SERVER2;
return 1;
} else if (len == strlen("server1") &&
strncmp(servername, "server1", len) == 0) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return 1;
} else if (ignore) {
ex_data->servername = SSL_TEST_SERVERNAME_SERVER1;
return 1;
}
return 0;
}
/*
* (RFC 6066):
* If the server understood the ClientHello extension but
* does not recognize the server name, the server SHOULD take one of two
* actions: either abort the handshake by sending a fatal-level
* unrecognized_name(112) alert or continue the handshake.
*
* This behaviour is up to the application to configure; we test both
* configurations to ensure the state machine propagates the result
* correctly.
*/
static int servername_ignore_cb(SSL *s, int *ad, void *arg)
{
return select_server_ctx(s, arg, 1);
}
static int servername_reject_cb(SSL *s, int *ad, void *arg)
{
return select_server_ctx(s, arg, 0);
}
static int client_hello_ignore_cb(SSL *s, int *al, void *arg)
{
if (!client_hello_select_server_ctx(s, arg, 1)) {
*al = SSL_AD_UNRECOGNIZED_NAME;
return SSL_CLIENT_HELLO_ERROR;
}
return SSL_CLIENT_HELLO_SUCCESS;
}
static int client_hello_reject_cb(SSL *s, int *al, void *arg)
{
if (!client_hello_select_server_ctx(s, arg, 0)) {
*al = SSL_AD_UNRECOGNIZED_NAME;
return SSL_CLIENT_HELLO_ERROR;
}
return SSL_CLIENT_HELLO_SUCCESS;
}
static int client_hello_nov12_cb(SSL *s, int *al, void *arg)
{
int ret;
unsigned int v;
const unsigned char *p;
v = SSL_client_hello_get0_legacy_version(s);
if (v > TLS1_2_VERSION || v < SSL3_VERSION) {
*al = SSL_AD_PROTOCOL_VERSION;
return SSL_CLIENT_HELLO_ERROR;
}
(void)SSL_client_hello_get0_session_id(s, &p);
if (p == NULL ||
SSL_client_hello_get0_random(s, &p) == 0 ||
SSL_client_hello_get0_ciphers(s, &p) == 0 ||
SSL_client_hello_get0_compression_methods(s, &p) == 0) {
*al = SSL_AD_INTERNAL_ERROR;
return SSL_CLIENT_HELLO_ERROR;
}
ret = client_hello_select_server_ctx(s, arg, 0);
SSL_set_max_proto_version(s, TLS1_1_VERSION);
if (!ret) {
*al = SSL_AD_UNRECOGNIZED_NAME;
return SSL_CLIENT_HELLO_ERROR;
}
return SSL_CLIENT_HELLO_SUCCESS;
}
static unsigned char dummy_ocsp_resp_good_val = 0xff;
static unsigned char dummy_ocsp_resp_bad_val = 0xfe;
static int server_ocsp_cb(SSL *s, void *arg)
{
unsigned char *resp;
resp = OPENSSL_malloc(1);
if (resp == NULL)
return SSL_TLSEXT_ERR_ALERT_FATAL;
/*
* For the purposes of testing we just send back a dummy OCSP response
*/
*resp = *(unsigned char *)arg;
if (!SSL_set_tlsext_status_ocsp_resp(s, resp, 1))
return SSL_TLSEXT_ERR_ALERT_FATAL;
return SSL_TLSEXT_ERR_OK;
}
static int client_ocsp_cb(SSL *s, void *arg)
{
const unsigned char *resp;
int len;
len = SSL_get_tlsext_status_ocsp_resp(s, &resp);
if (len != 1 || *resp != dummy_ocsp_resp_good_val)
return 0;
return 1;
}
static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
return 0;
}
static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) {
return 1;
}
static int broken_session_ticket_cb(SSL *s, unsigned char *key_name, unsigned char *iv,
EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
{
return 0;
}
static int do_not_call_session_ticket_cb(SSL *s, unsigned char *key_name,
unsigned char *iv,
EVP_CIPHER_CTX *ctx,
HMAC_CTX *hctx, int enc)
{
HANDSHAKE_EX_DATA *ex_data =
(HANDSHAKE_EX_DATA*)(SSL_get_ex_data(s, ex_data_idx));
ex_data->session_ticket_do_not_call = 1;
return 0;
}
/* Parse the comma-separated list into TLS format. */
static int parse_protos(const char *protos, unsigned char **out, size_t *outlen)
{
size_t len, i, prefix;
len = strlen(protos);
/* Should never have reuse. */
if (!TEST_ptr_null(*out)
/* Test values are small, so we omit length limit checks. */
|| !TEST_ptr(*out = OPENSSL_malloc(len + 1)))
return 0;
*outlen = len + 1;
/*
* foo => '3', 'f', 'o', 'o'
* foo,bar => '3', 'f', 'o', 'o', '3', 'b', 'a', 'r'
*/
memcpy(*out + 1, protos, len);
prefix = 0;
i = prefix + 1;
while (i <= len) {
if ((*out)[i] == ',') {
if (!TEST_int_gt(i - 1, prefix))
goto err;
(*out)[prefix] = (unsigned char)(i - 1 - prefix);
prefix = i;
}
i++;
}
if (!TEST_int_gt(len, prefix))
goto err;
(*out)[prefix] = (unsigned char)(len - prefix);
return 1;
err:
OPENSSL_free(*out);
*out = NULL;
return 0;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* The client SHOULD select the first protocol advertised by the server that it
* also supports. In the event that the client doesn't support any of server's
* protocols, or the server doesn't advertise any, it SHOULD select the first
* protocol that it supports.
*/
static int client_npn_cb(SSL *s, unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
void *arg)
{
CTX_DATA *ctx_data = (CTX_DATA*)(arg);
int ret;
ret = SSL_select_next_proto(out, outlen, in, inlen,
ctx_data->npn_protocols,
ctx_data->npn_protocols_len);
/* Accept both OPENSSL_NPN_NEGOTIATED and OPENSSL_NPN_NO_OVERLAP. */
return TEST_true(ret == OPENSSL_NPN_NEGOTIATED || ret == OPENSSL_NPN_NO_OVERLAP)
? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_ALERT_FATAL;
}
static int server_npn_cb(SSL *s, const unsigned char **data,
unsigned int *len, void *arg)
{
CTX_DATA *ctx_data = (CTX_DATA*)(arg);
*data = ctx_data->npn_protocols;
*len = ctx_data->npn_protocols_len;
return SSL_TLSEXT_ERR_OK;
}
#endif
/*
* The server SHOULD select the most highly preferred protocol that it supports
* and that is also advertised by the client. In the event that the server
* supports no protocols that the client advertises, then the server SHALL
* respond with a fatal "no_application_protocol" alert.
*/
static int server_alpn_cb(SSL *s, const unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg)
{
CTX_DATA *ctx_data = (CTX_DATA*)(arg);
int ret;
/* SSL_select_next_proto isn't const-correct... */
unsigned char *tmp_out;
/*
* The result points either to |in| or to |ctx_data->alpn_protocols|.
* The callback is allowed to point to |in| or to a long-lived buffer,
* so we can return directly without storing a copy.
*/
ret = SSL_select_next_proto(&tmp_out, outlen,
ctx_data->alpn_protocols,
ctx_data->alpn_protocols_len, in, inlen);
*out = tmp_out;
/* Unlike NPN, we don't tolerate a mismatch. */
return ret == OPENSSL_NPN_NEGOTIATED ? SSL_TLSEXT_ERR_OK
: SSL_TLSEXT_ERR_ALERT_FATAL;
}
#ifndef OPENSSL_NO_SRP
static char *client_srp_cb(SSL *s, void *arg)
{
CTX_DATA *ctx_data = (CTX_DATA*)(arg);
return OPENSSL_strdup(ctx_data->srp_password);
}
static int server_srp_cb(SSL *s, int *ad, void *arg)
{
CTX_DATA *ctx_data = (CTX_DATA*)(arg);
if (strcmp(ctx_data->srp_user, SSL_get_srp_username(s)) != 0)
return SSL3_AL_FATAL;
if (SSL_set_srp_server_param_pw(s, ctx_data->srp_user,
ctx_data->srp_password,
"2048" /* known group */) < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
return SSL3_AL_FATAL;
}
return SSL_ERROR_NONE;
}
#endif /* !OPENSSL_NO_SRP */
static int generate_session_ticket_cb(SSL *s, void *arg)
{
CTX_DATA *server_ctx_data = arg;
SSL_SESSION *ss = SSL_get_session(s);
char *app_data = server_ctx_data->session_ticket_app_data;
if (ss == NULL || app_data == NULL)
return 0;
return SSL_SESSION_set1_ticket_appdata(ss, app_data, strlen(app_data));
}
static int decrypt_session_ticket_cb(SSL *s, SSL_SESSION *ss,
const unsigned char *keyname,
size_t keyname_len,
SSL_TICKET_STATUS status,
void *arg)
{
switch (status) {
case SSL_TICKET_EMPTY:
case SSL_TICKET_NO_DECRYPT:
return SSL_TICKET_RETURN_IGNORE_RENEW;
case SSL_TICKET_SUCCESS:
return SSL_TICKET_RETURN_USE;
case SSL_TICKET_SUCCESS_RENEW:
return SSL_TICKET_RETURN_USE_RENEW;
default:
break;
}
return SSL_TICKET_RETURN_ABORT;
}
/*
* Configure callbacks and other properties that can't be set directly
* in the server/client CONF.
*/
static int configure_handshake_ctx(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
SSL_CTX *client_ctx,
const SSL_TEST_CTX *test,
const SSL_TEST_EXTRA_CONF *extra,
CTX_DATA *server_ctx_data,
CTX_DATA *server2_ctx_data,
CTX_DATA *client_ctx_data)
{
unsigned char *ticket_keys;
size_t ticket_key_len;
if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server_ctx,
test->max_fragment_size), 1))
goto err;
if (server2_ctx != NULL) {
if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(server2_ctx,
test->max_fragment_size),
1))
goto err;
}
if (!TEST_int_eq(SSL_CTX_set_max_send_fragment(client_ctx,
test->max_fragment_size), 1))
goto err;
switch (extra->client.verify_callback) {
case SSL_TEST_VERIFY_ACCEPT_ALL:
SSL_CTX_set_cert_verify_callback(client_ctx, &verify_accept_cb, NULL);
break;
case SSL_TEST_VERIFY_REJECT_ALL:
SSL_CTX_set_cert_verify_callback(client_ctx, &verify_reject_cb, NULL);
break;
case SSL_TEST_VERIFY_NONE:
break;
}
switch (extra->client.max_fragment_len_mode) {
case TLSEXT_max_fragment_length_512:
case TLSEXT_max_fragment_length_1024:
case TLSEXT_max_fragment_length_2048:
case TLSEXT_max_fragment_length_4096:
case TLSEXT_max_fragment_length_DISABLED:
SSL_CTX_set_tlsext_max_fragment_length(
client_ctx, extra->client.max_fragment_len_mode);
break;
}
/*
* Link the two contexts for SNI purposes.
* Also do ClientHello callbacks here, as setting both ClientHello and SNI
* is bad.
*/
switch (extra->server.servername_callback) {
case SSL_TEST_SERVERNAME_IGNORE_MISMATCH:
SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_ignore_cb);
SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
break;
case SSL_TEST_SERVERNAME_REJECT_MISMATCH:
SSL_CTX_set_tlsext_servername_callback(server_ctx, servername_reject_cb);
SSL_CTX_set_tlsext_servername_arg(server_ctx, server2_ctx);
break;
case SSL_TEST_SERVERNAME_CB_NONE:
break;
case SSL_TEST_SERVERNAME_CLIENT_HELLO_IGNORE_MISMATCH:
SSL_CTX_set_client_hello_cb(server_ctx, client_hello_ignore_cb, server2_ctx);
break;
case SSL_TEST_SERVERNAME_CLIENT_HELLO_REJECT_MISMATCH:
SSL_CTX_set_client_hello_cb(server_ctx, client_hello_reject_cb, server2_ctx);
break;
case SSL_TEST_SERVERNAME_CLIENT_HELLO_NO_V12:
SSL_CTX_set_client_hello_cb(server_ctx, client_hello_nov12_cb, server2_ctx);
}
if (extra->server.cert_status != SSL_TEST_CERT_STATUS_NONE) {
SSL_CTX_set_tlsext_status_type(client_ctx, TLSEXT_STATUSTYPE_ocsp);
SSL_CTX_set_tlsext_status_cb(client_ctx, client_ocsp_cb);
SSL_CTX_set_tlsext_status_arg(client_ctx, NULL);
SSL_CTX_set_tlsext_status_cb(server_ctx, server_ocsp_cb);
SSL_CTX_set_tlsext_status_arg(server_ctx,
((extra->server.cert_status == SSL_TEST_CERT_STATUS_GOOD_RESPONSE)
? &dummy_ocsp_resp_good_val : &dummy_ocsp_resp_bad_val));
}
/*
* The initial_ctx/session_ctx always handles the encrypt/decrypt of the
* session ticket. This ticket_key callback is assigned to the second
* session (assigned via SNI), and should never be invoked
*/
if (server2_ctx != NULL)
SSL_CTX_set_tlsext_ticket_key_cb(server2_ctx,
do_not_call_session_ticket_cb);
if (extra->server.broken_session_ticket) {
SSL_CTX_set_tlsext_ticket_key_cb(server_ctx, broken_session_ticket_cb);
}
#ifndef OPENSSL_NO_NEXTPROTONEG
if (extra->server.npn_protocols != NULL) {
if (!TEST_true(parse_protos(extra->server.npn_protocols,
&server_ctx_data->npn_protocols,
&server_ctx_data->npn_protocols_len)))
goto err;
SSL_CTX_set_npn_advertised_cb(server_ctx, server_npn_cb,
server_ctx_data);
}
if (extra->server2.npn_protocols != NULL) {
if (!TEST_true(parse_protos(extra->server2.npn_protocols,
&server2_ctx_data->npn_protocols,
&server2_ctx_data->npn_protocols_len))
|| !TEST_ptr(server2_ctx))
goto err;
SSL_CTX_set_npn_advertised_cb(server2_ctx, server_npn_cb,
server2_ctx_data);
}
if (extra->client.npn_protocols != NULL) {
if (!TEST_true(parse_protos(extra->client.npn_protocols,
&client_ctx_data->npn_protocols,
&client_ctx_data->npn_protocols_len)))
goto err;
SSL_CTX_set_next_proto_select_cb(client_ctx, client_npn_cb,
client_ctx_data);
}
#endif
if (extra->server.alpn_protocols != NULL) {
if (!TEST_true(parse_protos(extra->server.alpn_protocols,
&server_ctx_data->alpn_protocols,
&server_ctx_data->alpn_protocols_len)))
goto err;
SSL_CTX_set_alpn_select_cb(server_ctx, server_alpn_cb, server_ctx_data);
}
if (extra->server2.alpn_protocols != NULL) {
if (!TEST_ptr(server2_ctx)
|| !TEST_true(parse_protos(extra->server2.alpn_protocols,
&server2_ctx_data->alpn_protocols,
&server2_ctx_data->alpn_protocols_len
)))
goto err;
SSL_CTX_set_alpn_select_cb(server2_ctx, server_alpn_cb,
server2_ctx_data);
}
if (extra->client.alpn_protocols != NULL) {
unsigned char *alpn_protos = NULL;
size_t alpn_protos_len;
if (!TEST_true(parse_protos(extra->client.alpn_protocols,
&alpn_protos, &alpn_protos_len))
/* Reversed return value convention... */
|| !TEST_int_eq(SSL_CTX_set_alpn_protos(client_ctx, alpn_protos,
alpn_protos_len), 0))
goto err;
OPENSSL_free(alpn_protos);
}
if (extra->server.session_ticket_app_data != NULL) {
server_ctx_data->session_ticket_app_data =
OPENSSL_strdup(extra->server.session_ticket_app_data);
SSL_CTX_set_session_ticket_cb(server_ctx, generate_session_ticket_cb,
decrypt_session_ticket_cb, server_ctx_data);
}
if (extra->server2.session_ticket_app_data != NULL) {
if (!TEST_ptr(server2_ctx))
goto err;
server2_ctx_data->session_ticket_app_data =
OPENSSL_strdup(extra->server2.session_ticket_app_data);
SSL_CTX_set_session_ticket_cb(server2_ctx, NULL,
decrypt_session_ticket_cb, server2_ctx_data);
}
/*
* Use fixed session ticket keys so that we can decrypt a ticket created with
* one CTX in another CTX. Don't address server2 for the moment.
*/
ticket_key_len = SSL_CTX_set_tlsext_ticket_keys(server_ctx, NULL, 0);
if (!TEST_ptr(ticket_keys = OPENSSL_zalloc(ticket_key_len))
|| !TEST_int_eq(SSL_CTX_set_tlsext_ticket_keys(server_ctx,
ticket_keys,
ticket_key_len), 1)) {
OPENSSL_free(ticket_keys);
goto err;
}
OPENSSL_free(ticket_keys);
/* The default log list includes EC keys, so CT can't work without EC. */
#if !defined(OPENSSL_NO_CT) && !defined(OPENSSL_NO_EC)
if (!TEST_true(SSL_CTX_set_default_ctlog_list_file(client_ctx)))
goto err;
switch (extra->client.ct_validation) {
case SSL_TEST_CT_VALIDATION_PERMISSIVE:
if (!TEST_true(SSL_CTX_enable_ct(client_ctx,
SSL_CT_VALIDATION_PERMISSIVE)))
goto err;
break;
case SSL_TEST_CT_VALIDATION_STRICT:
if (!TEST_true(SSL_CTX_enable_ct(client_ctx, SSL_CT_VALIDATION_STRICT)))
goto err;
break;
case SSL_TEST_CT_VALIDATION_NONE:
break;
}
#endif
#ifndef OPENSSL_NO_SRP
if (extra->server.srp_user != NULL) {
SSL_CTX_set_srp_username_callback(server_ctx, server_srp_cb);
server_ctx_data->srp_user = OPENSSL_strdup(extra->server.srp_user);
server_ctx_data->srp_password = OPENSSL_strdup(extra->server.srp_password);
SSL_CTX_set_srp_cb_arg(server_ctx, server_ctx_data);
}
if (extra->server2.srp_user != NULL) {
if (!TEST_ptr(server2_ctx))
goto err;
SSL_CTX_set_srp_username_callback(server2_ctx, server_srp_cb);
server2_ctx_data->srp_user = OPENSSL_strdup(extra->server2.srp_user);
server2_ctx_data->srp_password = OPENSSL_strdup(extra->server2.srp_password);
SSL_CTX_set_srp_cb_arg(server2_ctx, server2_ctx_data);
}
if (extra->client.srp_user != NULL) {
if (!TEST_true(SSL_CTX_set_srp_username(client_ctx,
extra->client.srp_user)))
goto err;
SSL_CTX_set_srp_client_pwd_callback(client_ctx, client_srp_cb);
client_ctx_data->srp_password = OPENSSL_strdup(extra->client.srp_password);
SSL_CTX_set_srp_cb_arg(client_ctx, client_ctx_data);
}
#endif /* !OPENSSL_NO_SRP */
return 1;
err:
return 0;
}
/* Configure per-SSL callbacks and other properties. */
static void configure_handshake_ssl(SSL *server, SSL *client,
const SSL_TEST_EXTRA_CONF *extra)
{
if (extra->client.servername != SSL_TEST_SERVERNAME_NONE)
SSL_set_tlsext_host_name(client,
ssl_servername_name(extra->client.servername));
if (extra->client.enable_pha)
SSL_set_post_handshake_auth(client, 1);
}
/* The status for each connection phase. */
typedef enum {
PEER_SUCCESS,
PEER_RETRY,
PEER_ERROR,
PEER_WAITING,
PEER_TEST_FAILURE
} peer_status_t;
/* An SSL object and associated read-write buffers. */
typedef struct peer_st {
SSL *ssl;
/* Buffer lengths are int to match the SSL read/write API. */
unsigned char *write_buf;
int write_buf_len;
unsigned char *read_buf;
int read_buf_len;
int bytes_to_write;
int bytes_to_read;
peer_status_t status;
} PEER;
static int create_peer(PEER *peer, SSL_CTX *ctx)
{
static const int peer_buffer_size = 64 * 1024;
SSL *ssl = NULL;
unsigned char *read_buf = NULL, *write_buf = NULL;
if (!TEST_ptr(ssl = SSL_new(ctx))
|| !TEST_ptr(write_buf = OPENSSL_zalloc(peer_buffer_size))
|| !TEST_ptr(read_buf = OPENSSL_zalloc(peer_buffer_size)))
goto err;
peer->ssl = ssl;
peer->write_buf = write_buf;
peer->read_buf = read_buf;
peer->write_buf_len = peer->read_buf_len = peer_buffer_size;
return 1;
err:
SSL_free(ssl);
OPENSSL_free(write_buf);
OPENSSL_free(read_buf);
return 0;
}
static void peer_free_data(PEER *peer)
{
SSL_free(peer->ssl);
OPENSSL_free(peer->write_buf);
OPENSSL_free(peer->read_buf);
}
/*
* Note that we could do the handshake transparently under an SSL_write,
* but separating the steps is more helpful for debugging test failures.
*/
static void do_handshake_step(PEER *peer)
{
if (!TEST_int_eq(peer->status, PEER_RETRY)) {
peer->status = PEER_TEST_FAILURE;
} else {
int ret = SSL_do_handshake(peer->ssl);
if (ret == 1) {
peer->status = PEER_SUCCESS;
} else if (ret == 0) {
peer->status = PEER_ERROR;
} else {
int error = SSL_get_error(peer->ssl, ret);
/* Memory bios should never block with SSL_ERROR_WANT_WRITE. */
if (error != SSL_ERROR_WANT_READ)
peer->status = PEER_ERROR;
}
}
}
/*-
* Send/receive some application data. The read-write sequence is
* Peer A: (R) W - first read will yield no data
* Peer B: R W
* ...
* Peer A: R W
* Peer B: R W
* Peer A: R
*/
static void do_app_data_step(PEER *peer)
{
int ret = 1, write_bytes;
if (!TEST_int_eq(peer->status, PEER_RETRY)) {
peer->status = PEER_TEST_FAILURE;
return;
}
/* We read everything available... */
while (ret > 0 && peer->bytes_to_read) {
ret = SSL_read(peer->ssl, peer->read_buf, peer->read_buf_len);
if (ret > 0) {
if (!TEST_int_le(ret, peer->bytes_to_read)) {
peer->status = PEER_TEST_FAILURE;
return;
}
peer->bytes_to_read -= ret;
} else if (ret == 0) {
peer->status = PEER_ERROR;
return;
} else {
int error = SSL_get_error(peer->ssl, ret);
if (error != SSL_ERROR_WANT_READ) {
peer->status = PEER_ERROR;
return;
} /* Else continue with write. */
}
}
/* ... but we only write one write-buffer-full of data. */
write_bytes = peer->bytes_to_write < peer->write_buf_len ? peer->bytes_to_write :
peer->write_buf_len;
if (write_bytes) {
ret = SSL_write(peer->ssl, peer->write_buf, write_bytes);
if (ret > 0) {
/* SSL_write will only succeed with a complete write. */
if (!TEST_int_eq(ret, write_bytes)) {
peer->status = PEER_TEST_FAILURE;
return;
}
peer->bytes_to_write -= ret;
} else {
/*
* We should perhaps check for SSL_ERROR_WANT_READ/WRITE here
* but this doesn't yet occur with current app data sizes.
*/
peer->status = PEER_ERROR;
return;
}
}
/*
* We could simply finish when there was nothing to read, and we have
* nothing left to write. But keeping track of the expected number of bytes
* to read gives us somewhat better guarantees that all data sent is in fact
* received.
*/
if (!peer->bytes_to_write && !peer->bytes_to_read) {
peer->status = PEER_SUCCESS;
}
}
static void do_reneg_setup_step(const SSL_TEST_CTX *test_ctx, PEER *peer)
{
int ret;
char buf;
if (peer->status == PEER_SUCCESS) {
/*
* We are a client that succeeded this step previously, but the server
* wanted to retry. Probably there is a no_renegotiation warning alert
* waiting for us. Attempt to continue the handshake.
*/
peer->status = PEER_RETRY;
do_handshake_step(peer);
return;
}
if (!TEST_int_eq(peer->status, PEER_RETRY)
|| !TEST_true(test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_RENEG_SERVER
|| test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_RENEG_CLIENT
|| test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
|| test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT
|| test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH)) {
peer->status = PEER_TEST_FAILURE;
return;
}
/* Reset the count of the amount of app data we need to read/write */
peer->bytes_to_write = peer->bytes_to_read = test_ctx->app_data_size;
/* Check if we are the peer that is going to initiate */
if ((test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_SERVER
&& SSL_is_server(peer->ssl))
|| (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RENEG_CLIENT
&& !SSL_is_server(peer->ssl))) {
/*
* If we already asked for a renegotiation then fall through to the
* SSL_read() below.
*/
if (!SSL_renegotiate_pending(peer->ssl)) {
/*
* If we are the client we will always attempt to resume the
* session. The server may or may not resume dependent on the
* setting of SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
*/
if (SSL_is_server(peer->ssl)) {
ret = SSL_renegotiate(peer->ssl);
} else {
if (test_ctx->extra.client.reneg_ciphers != NULL) {
if (!SSL_set_cipher_list(peer->ssl,
test_ctx->extra.client.reneg_ciphers)) {
peer->status = PEER_ERROR;
return;
}
ret = SSL_renegotiate(peer->ssl);
} else {
ret = SSL_renegotiate_abbreviated(peer->ssl);
}
}
if (!ret) {
peer->status = PEER_ERROR;
return;
}
do_handshake_step(peer);
/*
* If status is PEER_RETRY it means we're waiting on the peer to
* continue the handshake. As far as setting up the renegotiation is
* concerned that is a success. The next step will continue the
* handshake to its conclusion.
*
* If status is PEER_SUCCESS then we are the server and we have
* successfully sent the HelloRequest. We need to continue to wait
* until the handshake arrives from the client.
*/
if (peer->status == PEER_RETRY)
peer->status = PEER_SUCCESS;
else if (peer->status == PEER_SUCCESS)
peer->status = PEER_RETRY;
return;
}
} else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER
|| test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT) {
if (SSL_is_server(peer->ssl)
!= (test_ctx->handshake_mode
== SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER)) {
peer->status = PEER_SUCCESS;
return;
}
ret = SSL_key_update(peer->ssl, test_ctx->key_update_type);
if (!ret) {
peer->status = PEER_ERROR;
return;
}
do_handshake_step(peer);
/*
* This is a one step handshake. We shouldn't get anything other than
* PEER_SUCCESS
*/
if (peer->status != PEER_SUCCESS)
peer->status = PEER_ERROR;
return;
} else if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH) {
if (SSL_is_server(peer->ssl)) {
/* Make the server believe it's received the extension */
if (test_ctx->extra.server.force_pha)
peer->ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
ret = SSL_verify_client_post_handshake(peer->ssl);
if (!ret) {
peer->status = PEER_ERROR;
return;
}
}
do_handshake_step(peer);
/*
* This is a one step handshake. We shouldn't get anything other than
* PEER_SUCCESS
*/
if (peer->status != PEER_SUCCESS)
peer->status = PEER_ERROR;
return;
}
/*
* The SSL object is still expecting app data, even though it's going to
* get a handshake message. We try to read, and it should fail - after which
* we should be in a handshake
*/
ret = SSL_read(peer->ssl, &buf, sizeof(buf));
if (ret >= 0) {
/*
* We're not actually expecting data - we're expecting a reneg to
* start
*/
peer->status = PEER_ERROR;
return;
} else {
int error = SSL_get_error(peer->ssl, ret);
if (error != SSL_ERROR_WANT_READ) {
peer->status = PEER_ERROR;
return;
}
/* If we're not in init yet then we're not done with setup yet */
if (!SSL_in_init(peer->ssl))
return;
}
peer->status = PEER_SUCCESS;
}
/*
* RFC 5246 says:
*
* Note that as of TLS 1.1,
* failure to properly close a connection no longer requires that a
* session not be resumed. This is a change from TLS 1.0 to conform
* with widespread implementation practice.
*
* However,
* (a) OpenSSL requires that a connection be shutdown for all protocol versions.
* (b) We test lower versions, too.
* So we just implement shutdown. We do a full bidirectional shutdown so that we
* can compare sent and received close_notify alerts and get some test coverage
* for SSL_shutdown as a bonus.
*/
static void do_shutdown_step(PEER *peer)
{
int ret;
if (!TEST_int_eq(peer->status, PEER_RETRY)) {
peer->status = PEER_TEST_FAILURE;
return;
}
ret = SSL_shutdown(peer->ssl);
if (ret == 1) {
peer->status = PEER_SUCCESS;
} else if (ret < 0) { /* On 0, we retry. */
int error = SSL_get_error(peer->ssl, ret);
if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE)
peer->status = PEER_ERROR;
}
}
typedef enum {
HANDSHAKE,
RENEG_APPLICATION_DATA,
RENEG_SETUP,
RENEG_HANDSHAKE,
APPLICATION_DATA,
SHUTDOWN,
CONNECTION_DONE
} connect_phase_t;
static int renegotiate_op(const SSL_TEST_CTX *test_ctx)
{
switch (test_ctx->handshake_mode) {
case SSL_TEST_HANDSHAKE_RENEG_SERVER:
case SSL_TEST_HANDSHAKE_RENEG_CLIENT:
return 1;
default:
return 0;
}
}
static int post_handshake_op(const SSL_TEST_CTX *test_ctx)
{
switch (test_ctx->handshake_mode) {
case SSL_TEST_HANDSHAKE_KEY_UPDATE_CLIENT:
case SSL_TEST_HANDSHAKE_KEY_UPDATE_SERVER:
case SSL_TEST_HANDSHAKE_POST_HANDSHAKE_AUTH:
return 1;
default:
return 0;
}
}
static connect_phase_t next_phase(const SSL_TEST_CTX *test_ctx,
connect_phase_t phase)
{
switch (phase) {
case HANDSHAKE:
if (renegotiate_op(test_ctx) || post_handshake_op(test_ctx))
return RENEG_APPLICATION_DATA;
return APPLICATION_DATA;
case RENEG_APPLICATION_DATA:
return RENEG_SETUP;
case RENEG_SETUP:
if (post_handshake_op(test_ctx))
return APPLICATION_DATA;
return RENEG_HANDSHAKE;
case RENEG_HANDSHAKE:
return APPLICATION_DATA;
case APPLICATION_DATA:
return SHUTDOWN;
case SHUTDOWN:
return CONNECTION_DONE;
case CONNECTION_DONE:
TEST_error("Trying to progress after connection done");
break;
}
return -1;
}
static void do_connect_step(const SSL_TEST_CTX *test_ctx, PEER *peer,
connect_phase_t phase)
{
switch (phase) {
case HANDSHAKE:
do_handshake_step(peer);
break;
case RENEG_APPLICATION_DATA:
do_app_data_step(peer);
break;
case RENEG_SETUP:
do_reneg_setup_step(test_ctx, peer);
break;
case RENEG_HANDSHAKE:
do_handshake_step(peer);
break;
case APPLICATION_DATA:
do_app_data_step(peer);
break;
case SHUTDOWN:
do_shutdown_step(peer);
break;
case CONNECTION_DONE:
TEST_error("Action after connection done");
break;
}
}
typedef enum {
/* Both parties succeeded. */
HANDSHAKE_SUCCESS,
/* Client errored. */
CLIENT_ERROR,
/* Server errored. */
SERVER_ERROR,
/* Peers are in inconsistent state. */
INTERNAL_ERROR,
/* One or both peers not done. */
HANDSHAKE_RETRY
} handshake_status_t;
/*
* Determine the handshake outcome.
* last_status: the status of the peer to have acted last.
* previous_status: the status of the peer that didn't act last.
* client_spoke_last: 1 if the client went last.
*/
static handshake_status_t handshake_status(peer_status_t last_status,
peer_status_t previous_status,
int client_spoke_last)
{
switch (last_status) {
case PEER_TEST_FAILURE:
return INTERNAL_ERROR;
case PEER_WAITING:
/* Shouldn't ever happen */
return INTERNAL_ERROR;
case PEER_SUCCESS:
switch (previous_status) {
case PEER_TEST_FAILURE:
return INTERNAL_ERROR;
case PEER_SUCCESS:
/* Both succeeded. */
return HANDSHAKE_SUCCESS;
case PEER_WAITING:
case PEER_RETRY:
/* Let the first peer finish. */
return HANDSHAKE_RETRY;
case PEER_ERROR:
/*
* Second peer succeeded despite the fact that the first peer
* already errored. This shouldn't happen.
*/
return INTERNAL_ERROR;
}
break;
case PEER_RETRY:
return HANDSHAKE_RETRY;
case PEER_ERROR:
switch (previous_status) {
case PEER_TEST_FAILURE:
return INTERNAL_ERROR;
case PEER_WAITING:
/* The client failed immediately before sending the ClientHello */
return client_spoke_last ? CLIENT_ERROR : INTERNAL_ERROR;
case PEER_SUCCESS:
/*
* First peer succeeded but second peer errored.
* TODO(emilia): we should be able to continue here (with some
* application data?) to ensure the first peer receives the
* alert / close_notify.
* (No tests currently exercise this branch.)
*/
return client_spoke_last ? CLIENT_ERROR : SERVER_ERROR;
case PEER_RETRY:
/* We errored; let the peer finish. */
return HANDSHAKE_RETRY;
case PEER_ERROR:
/* Both peers errored. Return the one that errored first. */
return client_spoke_last ? SERVER_ERROR : CLIENT_ERROR;
}
}
/* Control should never reach here. */
return INTERNAL_ERROR;
}
/* Convert unsigned char buf's that shouldn't contain any NUL-bytes to char. */
static char *dup_str(const unsigned char *in, size_t len)
{
char *ret = NULL;
if (len == 0)
return NULL;
/* Assert that the string does not contain NUL-bytes. */
if (TEST_size_t_eq(OPENSSL_strnlen((const char*)(in), len), len))
TEST_ptr(ret = OPENSSL_strndup((const char*)(in), len));
return ret;
}
static int pkey_type(EVP_PKEY *pkey)
{
int nid = EVP_PKEY_id(pkey);
#ifndef OPENSSL_NO_EC
if (nid == EVP_PKEY_EC) {
const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
return EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
}
#endif
return nid;
}
static int peer_pkey_type(SSL *s)
{
X509 *x = SSL_get_peer_certificate(s);
if (x != NULL) {
int nid = pkey_type(X509_get0_pubkey(x));
X509_free(x);
return nid;
}
return NID_undef;
}
#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
static int set_sock_as_sctp(int sock)
{
/*
* For SCTP we have to set various options on the socket prior to
* connecting. This is done automatically by BIO_new_dgram_sctp().
* We don't actually need the created BIO though so we free it again
* immediately.
*/
BIO *tmpbio = BIO_new_dgram_sctp(sock, BIO_NOCLOSE);
if (tmpbio == NULL)
return 0;
BIO_free(tmpbio);
return 1;
}
static int create_sctp_socks(int *ssock, int *csock)
{
BIO_ADDRINFO *res = NULL;
const BIO_ADDRINFO *ai = NULL;
int lsock = INVALID_SOCKET, asock = INVALID_SOCKET;
int consock = INVALID_SOCKET;
int ret = 0;
int family = 0;
if (BIO_sock_init() != 1)
return 0;
/*
* Port is 4463. It could be anything. It will fail if it's already being
* used for some other SCTP service. It seems unlikely though so we don't
* worry about it here.
*/
if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_SERVER, family, SOCK_STREAM,
IPPROTO_SCTP, &res))
return 0;
for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
family = BIO_ADDRINFO_family(ai);
lsock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0);
if (lsock == INVALID_SOCKET) {
/* Maybe the kernel doesn't support the socket family, even if
* BIO_lookup() added it in the returned result...
*/
continue;
}
if (!set_sock_as_sctp(lsock)
|| !BIO_listen(lsock, BIO_ADDRINFO_address(ai),
BIO_SOCK_REUSEADDR)) {
BIO_closesocket(lsock);
lsock = INVALID_SOCKET;
continue;
}
/* Success, don't try any more addresses */
break;
}
if (lsock == INVALID_SOCKET)
goto err;
BIO_ADDRINFO_free(res);
res = NULL;
if (!BIO_lookup_ex(NULL, "4463", BIO_LOOKUP_CLIENT, family, SOCK_STREAM,
IPPROTO_SCTP, &res))
goto err;
consock = BIO_socket(family, SOCK_STREAM, IPPROTO_SCTP, 0);
if (consock == INVALID_SOCKET)
goto err;
if (!set_sock_as_sctp(consock)
|| !BIO_connect(consock, BIO_ADDRINFO_address(res), 0)
|| !BIO_socket_nbio(consock, 1))
goto err;
asock = BIO_accept_ex(lsock, NULL, BIO_SOCK_NONBLOCK);
if (asock == INVALID_SOCKET)
goto err;
*csock = consock;
*ssock = asock;
consock = asock = INVALID_SOCKET;
ret = 1;
err:
BIO_ADDRINFO_free(res);
if (consock != INVALID_SOCKET)
BIO_closesocket(consock);
if (lsock != INVALID_SOCKET)
BIO_closesocket(lsock);
if (asock != INVALID_SOCKET)
BIO_closesocket(asock);
return ret;
}
#endif
/*
* Note that |extra| points to the correct client/server configuration
* within |test_ctx|. When configuring the handshake, general mode settings
* are taken from |test_ctx|, and client/server-specific settings should be
* taken from |extra|.
*
* The configuration code should never reach into |test_ctx->extra| or
* |test_ctx->resume_extra| directly.
*
* (We could refactor test mode settings into a substructure. This would result
* in cleaner argument passing but would complicate the test configuration
* parsing.)
*/
static HANDSHAKE_RESULT *do_handshake_internal(
SSL_CTX *server_ctx, SSL_CTX *server2_ctx, SSL_CTX *client_ctx,
const SSL_TEST_CTX *test_ctx, const SSL_TEST_EXTRA_CONF *extra,
SSL_SESSION *session_in, SSL_SESSION *serv_sess_in,
SSL_SESSION **session_out, SSL_SESSION **serv_sess_out)
{
PEER server, client;
BIO *client_to_server = NULL, *server_to_client = NULL;
HANDSHAKE_EX_DATA server_ex_data, client_ex_data;
CTX_DATA client_ctx_data, server_ctx_data, server2_ctx_data;
HANDSHAKE_RESULT *ret = HANDSHAKE_RESULT_new();
int client_turn = 1, client_turn_count = 0, client_wait_count = 0;
connect_phase_t phase = HANDSHAKE;
handshake_status_t status = HANDSHAKE_RETRY;
const unsigned char* tick = NULL;
size_t tick_len = 0;
const unsigned char* sess_id = NULL;
unsigned int sess_id_len = 0;
SSL_SESSION* sess = NULL;
const unsigned char *proto = NULL;
/* API dictates unsigned int rather than size_t. */
unsigned int proto_len = 0;
EVP_PKEY *tmp_key;
const STACK_OF(X509_NAME) *names;
time_t start;
const char* cipher;
if (ret == NULL)
return NULL;
memset(&server_ctx_data, 0, sizeof(server_ctx_data));
memset(&server2_ctx_data, 0, sizeof(server2_ctx_data));
memset(&client_ctx_data, 0, sizeof(client_ctx_data));
memset(&server, 0, sizeof(server));
memset(&client, 0, sizeof(client));
memset(&server_ex_data, 0, sizeof(server_ex_data));
memset(&client_ex_data, 0, sizeof(client_ex_data));
if (!configure_handshake_ctx(server_ctx, server2_ctx, client_ctx,
test_ctx, extra, &server_ctx_data,
&server2_ctx_data, &client_ctx_data)) {
TEST_note("configure_handshake_ctx");
return NULL;
}
/* Setup SSL and buffers; additional configuration happens below. */
if (!create_peer(&server, server_ctx)) {
TEST_note("creating server context");
goto err;
}
if (!create_peer(&client, client_ctx)) {
TEST_note("creating client context");
goto err;
}
server.bytes_to_write = client.bytes_to_read = test_ctx->app_data_size;
client.bytes_to_write = server.bytes_to_read = test_ctx->app_data_size;
configure_handshake_ssl(server.ssl, client.ssl, extra);
if (session_in != NULL) {
SSL_SESSION_get_id(serv_sess_in, &sess_id_len);
/* In case we're testing resumption without tickets. */
if ((sess_id_len > 0
&& !TEST_true(SSL_CTX_add_session(server_ctx,
serv_sess_in)))
|| !TEST_true(SSL_set_session(client.ssl, session_in)))
goto err;
sess_id_len = 0;
}
ret->result = SSL_TEST_INTERNAL_ERROR;
if (test_ctx->use_sctp) {
#if !defined(OPENSSL_NO_SCTP) && !defined(OPENSSL_NO_SOCK)
int csock, ssock;
if (create_sctp_socks(&ssock, &csock)) {
client_to_server = BIO_new_dgram_sctp(csock, BIO_CLOSE);
server_to_client = BIO_new_dgram_sctp(ssock, BIO_CLOSE);
}
#endif
} else {
client_to_server = BIO_new(BIO_s_mem());
server_to_client = BIO_new(BIO_s_mem());
}
if (!TEST_ptr(client_to_server)
|| !TEST_ptr(server_to_client))
goto err;
/* Non-blocking bio. */
BIO_set_nbio(client_to_server, 1);
BIO_set_nbio(server_to_client, 1);
SSL_set_connect_state(client.ssl);
SSL_set_accept_state(server.ssl);
/* The bios are now owned by the SSL object. */
if (test_ctx->use_sctp) {
SSL_set_bio(client.ssl, client_to_server, client_to_server);
SSL_set_bio(server.ssl, server_to_client, server_to_client);
} else {
SSL_set_bio(client.ssl, server_to_client, client_to_server);
if (!TEST_int_gt(BIO_up_ref(server_to_client), 0)
|| !TEST_int_gt(BIO_up_ref(client_to_server), 0))
goto err;
SSL_set_bio(server.ssl, client_to_server, server_to_client);
}
ex_data_idx = SSL_get_ex_new_index(0, "ex data", NULL, NULL, NULL);
if (!TEST_int_ge(ex_data_idx, 0)
|| !TEST_int_eq(SSL_set_ex_data(server.ssl, ex_data_idx, &server_ex_data), 1)
|| !TEST_int_eq(SSL_set_ex_data(client.ssl, ex_data_idx, &client_ex_data), 1))
goto err;
SSL_set_info_callback(server.ssl, &info_cb);
SSL_set_info_callback(client.ssl, &info_cb);
client.status = PEER_RETRY;
server.status = PEER_WAITING;
start = time(NULL);
/*
* Half-duplex handshake loop.
* Client and server speak to each other synchronously in the same process.
* We use non-blocking BIOs, so whenever one peer blocks for read, it
* returns PEER_RETRY to indicate that it's the other peer's turn to write.
* The handshake succeeds once both peers have succeeded. If one peer
* errors out, we also let the other peer retry (and presumably fail).
*/
for(;;) {
if (client_turn) {
do_connect_step(test_ctx, &client, phase);
status = handshake_status(client.status, server.status,
1 /* client went last */);
if (server.status == PEER_WAITING)
server.status = PEER_RETRY;
} else {
do_connect_step(test_ctx, &server, phase);
status = handshake_status(server.status, client.status,
0 /* server went last */);
}
switch (status) {
case HANDSHAKE_SUCCESS:
client_turn_count = 0;
phase = next_phase(test_ctx, phase);
if (phase == CONNECTION_DONE) {
ret->result = SSL_TEST_SUCCESS;
goto err;
} else {
client.status = server.status = PEER_RETRY;
/*
* For now, client starts each phase. Since each phase is
* started separately, we can later control this more
* precisely, for example, to test client-initiated and
* server-initiated shutdown.
*/
client_turn = 1;
break;
}
case CLIENT_ERROR:
ret->result = SSL_TEST_CLIENT_FAIL;
goto err;
case SERVER_ERROR:
ret->result = SSL_TEST_SERVER_FAIL;
goto err;
case INTERNAL_ERROR:
ret->result = SSL_TEST_INTERNAL_ERROR;
goto err;
case HANDSHAKE_RETRY:
if (test_ctx->use_sctp) {
if (time(NULL) - start > 3) {
/*
* We've waited for too long. Give up.
*/
ret->result = SSL_TEST_INTERNAL_ERROR;
goto err;
}
/*
* With "real" sockets we only swap to processing the peer
* if they are expecting to retry. Otherwise we just retry the
* same endpoint again.
*/
if ((client_turn && server.status == PEER_RETRY)
|| (!client_turn && client.status == PEER_RETRY))
client_turn ^= 1;
} else {
if (client_turn_count++ >= 2000) {
/*
* At this point, there's been so many PEER_RETRY in a row
* that it's likely both sides are stuck waiting for a read.
* It's time to give up.
*/
ret->result = SSL_TEST_INTERNAL_ERROR;
goto err;
}
if (client_turn && server.status == PEER_SUCCESS) {
/*
* The server may finish before the client because the
* client spends some turns processing NewSessionTickets.
*/
if (client_wait_count++ >= 2) {
ret->result = SSL_TEST_INTERNAL_ERROR;
goto err;
}
} else {
/* Continue. */
client_turn ^= 1;
}
}
break;
}
}
err:
ret->server_alert_sent = server_ex_data.alert_sent;
ret->server_num_fatal_alerts_sent = server_ex_data.num_fatal_alerts_sent;
ret->server_alert_received = client_ex_data.alert_received;
ret->client_alert_sent = client_ex_data.alert_sent;
ret->client_num_fatal_alerts_sent = client_ex_data.num_fatal_alerts_sent;
ret->client_alert_received = server_ex_data.alert_received;
ret->server_protocol = SSL_version(server.ssl);
ret->client_protocol = SSL_version(client.ssl);
ret->servername = server_ex_data.servername;
if ((sess = SSL_get0_session(client.ssl)) != NULL) {
SSL_SESSION_get0_ticket(sess, &tick, &tick_len);
sess_id = SSL_SESSION_get_id(sess, &sess_id_len);
}
if (tick == NULL || tick_len == 0)
ret->session_ticket = SSL_TEST_SESSION_TICKET_NO;
else
ret->session_ticket = SSL_TEST_SESSION_TICKET_YES;
ret->compression = (SSL_get_current_compression(client.ssl) == NULL)
? SSL_TEST_COMPRESSION_NO
: SSL_TEST_COMPRESSION_YES;
if (sess_id == NULL || sess_id_len == 0)
ret->session_id = SSL_TEST_SESSION_ID_NO;
else
ret->session_id = SSL_TEST_SESSION_ID_YES;
ret->session_ticket_do_not_call = server_ex_data.session_ticket_do_not_call;
#ifndef OPENSSL_NO_NEXTPROTONEG
SSL_get0_next_proto_negotiated(client.ssl, &proto, &proto_len);
ret->client_npn_negotiated = dup_str(proto, proto_len);
SSL_get0_next_proto_negotiated(server.ssl, &proto, &proto_len);
ret->server_npn_negotiated = dup_str(proto, proto_len);
#endif
SSL_get0_alpn_selected(client.ssl, &proto, &proto_len);
ret->client_alpn_negotiated = dup_str(proto, proto_len);
SSL_get0_alpn_selected(server.ssl, &proto, &proto_len);
ret->server_alpn_negotiated = dup_str(proto, proto_len);
if ((sess = SSL_get0_session(server.ssl)) != NULL) {
SSL_SESSION_get0_ticket_appdata(sess, (void**)&tick, &tick_len);
ret->result_session_ticket_app_data = OPENSSL_strndup((const char*)tick, tick_len);
}
ret->client_resumed = SSL_session_reused(client.ssl);
ret->server_resumed = SSL_session_reused(server.ssl);
cipher = SSL_CIPHER_get_name(SSL_get_current_cipher(client.ssl));
ret->cipher = dup_str((const unsigned char*)cipher, strlen(cipher));
if (session_out != NULL)
*session_out = SSL_get1_session(client.ssl);
if (serv_sess_out != NULL) {
SSL_SESSION *tmp = SSL_get_session(server.ssl);
/*
* We create a fresh copy that is not in the server session ctx linked
* list.
*/
if (tmp != NULL)
*serv_sess_out = SSL_SESSION_dup(tmp);
}
if (SSL_get_server_tmp_key(client.ssl, &tmp_key)) {
ret->tmp_key_type = pkey_type(tmp_key);
EVP_PKEY_free(tmp_key);
}
SSL_get_peer_signature_nid(client.ssl, &ret->server_sign_hash);
SSL_get_peer_signature_nid(server.ssl, &ret->client_sign_hash);
SSL_get_peer_signature_type_nid(client.ssl, &ret->server_sign_type);
SSL_get_peer_signature_type_nid(server.ssl, &ret->client_sign_type);
names = SSL_get0_peer_CA_list(client.ssl);
if (names == NULL)
ret->client_ca_names = NULL;
else
ret->client_ca_names = SSL_dup_CA_list(names);
names = SSL_get0_peer_CA_list(server.ssl);
if (names == NULL)
ret->server_ca_names = NULL;
else
ret->server_ca_names = SSL_dup_CA_list(names);
ret->server_cert_type = peer_pkey_type(client.ssl);
ret->client_cert_type = peer_pkey_type(server.ssl);
ctx_data_free_data(&server_ctx_data);
ctx_data_free_data(&server2_ctx_data);
ctx_data_free_data(&client_ctx_data);
peer_free_data(&server);
peer_free_data(&client);
return ret;
}
HANDSHAKE_RESULT *do_handshake(SSL_CTX *server_ctx, SSL_CTX *server2_ctx,
SSL_CTX *client_ctx, SSL_CTX *resume_server_ctx,
SSL_CTX *resume_client_ctx,
const SSL_TEST_CTX *test_ctx)
{
HANDSHAKE_RESULT *result;
SSL_SESSION *session = NULL, *serv_sess = NULL;
result = do_handshake_internal(server_ctx, server2_ctx, client_ctx,
test_ctx, &test_ctx->extra,
NULL, NULL, &session, &serv_sess);
if (result == NULL
|| test_ctx->handshake_mode != SSL_TEST_HANDSHAKE_RESUME
|| result->result == SSL_TEST_INTERNAL_ERROR)
goto end;
if (result->result != SSL_TEST_SUCCESS) {
result->result = SSL_TEST_FIRST_HANDSHAKE_FAILED;
goto end;
}
HANDSHAKE_RESULT_free(result);
/* We don't support SNI on second handshake yet, so server2_ctx is NULL. */
result = do_handshake_internal(resume_server_ctx, NULL, resume_client_ctx,
test_ctx, &test_ctx->resume_extra,
session, serv_sess, NULL, NULL);
end:
SSL_SESSION_free(session);
SSL_SESSION_free(serv_sess);
return result;
}
openssl-1.1.1/test/Sssdsa.cnf0000644000000000000000000000146513345734627014626 0ustar rootroot#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
# hacked by iang to do DSA certs - Server
RANDFILE = ./.rnd
####################################################################
[ req ]
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = ES
countryName_value = ES
organizationName = Organization Name (eg, company)
organizationName_value = Tortilleras S.A.
0.commonName = Common Name (eg, YOUR name)
0.commonName_value = Torti
1.commonName = Common Name (eg, YOUR name)
1.commonName_value = Gordita
openssl-1.1.1/test/sslbuffertest.c0000644000000000000000000001237513345734631015732 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL licenses, (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
* or in the file LICENSE in the source distribution.
*/
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include "../ssl/packet_locl.h"
#include "ssltestlib.h"
#include "testutil.h"
struct async_ctrs {
unsigned int rctr;
unsigned int wctr;
};
static SSL_CTX *serverctx = NULL;
static SSL_CTX *clientctx = NULL;
#define MAX_ATTEMPTS 100
/*
* There are 9 passes in the tests
* 0 = control test
* tests during writes
* 1 = free buffers
* 2 = + allocate buffers after free
* 3 = + allocate buffers again
* 4 = + free buffers after allocation
* tests during reads
* 5 = + free buffers
* 6 = + free buffers again
* 7 = + allocate buffers after free
* 8 = + free buffers after allocation
*/
static int test_func(int test)
{
int result = 0;
SSL *serverssl = NULL, *clientssl = NULL;
int ret;
size_t i, j;
const char testdata[] = "Test data";
char buf[sizeof(testdata)];
if (!TEST_true(create_ssl_objects(serverctx, clientctx, &serverssl, &clientssl,
NULL, NULL))) {
TEST_error("Test %d failed: Create SSL objects failed\n", test);
goto end;
}
if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) {
TEST_error("Test %d failed: Create SSL connection failed\n", test);
goto end;
}
/*
* Send and receive some test data. Do the whole thing twice to ensure
* we hit at least one async event in both reading and writing
*/
for (j = 0; j < 2; j++) {
int len;
/*
* Write some test data. It should never take more than 2 attempts
* (the first one might be a retryable fail).
*/
for (ret = -1, i = 0, len = 0; len != sizeof(testdata) && i < 2;
i++) {
/* test == 0 mean to free/allocate = control */
if (test >= 1 && !TEST_true(SSL_free_buffers(clientssl)))
goto end;
if (test >= 2 && !TEST_true(SSL_alloc_buffers(clientssl)))
goto end;
/* allocate a second time */
if (test >= 3 && !TEST_true(SSL_alloc_buffers(clientssl)))
goto end;
if (test >= 4 && !TEST_true(SSL_free_buffers(clientssl)))
goto end;
ret = SSL_write(clientssl, testdata + len,
sizeof(testdata) - len);
if (ret > 0) {
len += ret;
} else {
int ssl_error = SSL_get_error(clientssl, ret);
if (ssl_error == SSL_ERROR_SYSCALL ||
ssl_error == SSL_ERROR_SSL) {
TEST_error("Test %d failed: Failed to write app data\n", test);
goto end;
}
}
}
if (!TEST_size_t_eq(len, sizeof(testdata)))
goto end;
/*
* Now read the test data. It may take more attempts here because
* it could fail once for each byte read, including all overhead
* bytes from the record header/padding etc.
*/
for (ret = -1, i = 0, len = 0; len != sizeof(testdata) &&
i < MAX_ATTEMPTS; i++)
{
if (test >= 5 && !TEST_true(SSL_free_buffers(serverssl)))
goto end;
/* free a second time */
if (test >= 6 && !TEST_true(SSL_free_buffers(serverssl)))
goto end;
if (test >= 7 && !TEST_true(SSL_alloc_buffers(serverssl)))
goto end;
if (test >= 8 && !TEST_true(SSL_free_buffers(serverssl)))
goto end;
ret = SSL_read(serverssl, buf + len, sizeof(buf) - len);
if (ret > 0) {
len += ret;
} else {
int ssl_error = SSL_get_error(serverssl, ret);
if (ssl_error == SSL_ERROR_SYSCALL ||
ssl_error == SSL_ERROR_SSL) {
TEST_error("Test %d failed: Failed to read app data\n", test);
goto end;
}
}
}
if (!TEST_mem_eq(buf, len, testdata, sizeof(testdata)))
goto end;
}
result = 1;
end:
if (!result)
ERR_print_errors_fp(stderr);
SSL_free(clientssl);
SSL_free(serverssl);
return result;
}
int global_init(void)
{
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
return 1;
}
int setup_tests(void)
{
char *cert, *pkey;
if (!TEST_ptr(cert = test_get_argument(0))
|| !TEST_ptr(pkey = test_get_argument(1)))
return 0;
if (!create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
TLS1_VERSION, TLS_MAX_VERSION,
&serverctx, &clientctx, cert, pkey)) {
TEST_error("Failed to create SSL_CTX pair\n");
return 0;
}
ADD_ALL_TESTS(test_func, 9);
return 1;
}
void cleanup_tests(void)
{
SSL_CTX_free(clientctx);
SSL_CTX_free(serverctx);
}
openssl-1.1.1/test/sysdefaulttest.c0000644000000000000000000000222413345734631016112 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <openssl/opensslconf.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
#include <openssl/tls1.h>
#include "testutil.h"
static SSL_CTX *ctx;
static int test_func(void)
{
if (!TEST_int_eq(SSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION)
&& !TEST_int_eq(SSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION)) {
TEST_info("min/max version setting incorrect");
return 0;
}
return 1;
}
int global_init(void)
{
if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
| OPENSSL_INIT_LOAD_CONFIG, NULL))
return 0;
return 1;
}
int setup_tests(void)
{
if (!TEST_ptr(ctx = SSL_CTX_new(TLS_method())))
return 0;
ADD_TEST(test_func);
return 1;
}
void cleanup_tests(void)
{
SSL_CTX_free(ctx);
}
openssl-1.1.1/test/test.cnf0000644000000000000000000000511513345734631014334 0ustar rootroot#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
RANDFILE = ./.rnd
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
new_certs_dir = $dir/new_certs # default place for new certs.
certificate = $dir/CAcert.pem # The CA certificate
serial = $dir/serial # The current serial number
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/CAkey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = md5 # which md to use.
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = testkey.pem
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_value = AU
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Queensland
stateOrProvinceName_value =
localityName = Locality Name (eg, city)
localityName_value = Brisbane
organizationName = Organization Name (eg, company)
organizationName_default =
organizationName_value = CryptSoft Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =
organizationalUnitName_value = .
commonName = Common Name (eg, YOUR name)
commonName_value = Eric Young
emailAddress = Email Address
emailAddress_value = eay@mincom.oz.au
openssl-1.1.1/test/ectest.c0000644000000000000000000017276313345734630014335 0ustar rootroot/*
* Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "internal/nelem.h"
#include "testutil.h"
#ifndef OPENSSL_NO_EC
# include <openssl/ec.h>
# ifndef OPENSSL_NO_ENGINE
# include <openssl/engine.h>
# endif
# include <openssl/err.h>
# include <openssl/obj_mac.h>
# include <openssl/objects.h>
# include <openssl/rand.h>
# include <openssl/bn.h>
# include <openssl/opensslconf.h>
static size_t crv_len = 0;
static EC_builtin_curve *curves = NULL;
/* test multiplication with group order, long and negative scalars */
static int group_order_tests(EC_GROUP *group)
{
BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL;
EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL;
const EC_POINT *G = NULL;
BN_CTX *ctx = NULL;
int i = 0, r = 0;
if (!TEST_ptr(n1 = BN_new())
|| !TEST_ptr(n2 = BN_new())
|| !TEST_ptr(order = BN_new())
|| !TEST_ptr(ctx = BN_CTX_new())
|| !TEST_ptr(G = EC_GROUP_get0_generator(group))
|| !TEST_ptr(P = EC_POINT_new(group))
|| !TEST_ptr(Q = EC_POINT_new(group))
|| !TEST_ptr(R = EC_POINT_new(group))
|| !TEST_ptr(S = EC_POINT_new(group)))
goto err;
if (!TEST_true(EC_GROUP_get_order(group, order, ctx))
|| !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
|| !TEST_true(EC_GROUP_precompute_mult(group, ctx))
|| !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
|| !TEST_true(EC_POINT_copy(P, G))
|| !TEST_true(BN_one(n1))
|| !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
|| !TEST_true(BN_sub(n1, order, n1))
|| !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx))
|| !TEST_true(EC_POINT_invert(group, Q, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
goto err;
for (i = 1; i <= 2; i++) {
const BIGNUM *scalars[6];
const EC_POINT *points[6];
if (!TEST_true(BN_set_word(n1, i))
/*
* If i == 1, P will be the predefined generator for which
* EC_GROUP_precompute_mult has set up precomputation.
*/
|| !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx))
|| (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx)))
|| !TEST_true(BN_one(n1))
/* n1 = 1 - order */
|| !TEST_true(BN_sub(n1, n1, order))
|| !TEST_true(EC_POINT_mul(group, Q, NULL, P, n1, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
/* n2 = 1 + order */
|| !TEST_true(BN_add(n2, order, BN_value_one()))
|| !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))
/* n2 = (1 - order) * (1 + order) = 1 - order^2 */
|| !TEST_true(BN_mul(n2, n1, n2, ctx))
|| !TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)))
goto err;
/* n2 = order^2 - 1 */
BN_set_negative(n2, 0);
if (!TEST_true(EC_POINT_mul(group, Q, NULL, P, n2, ctx))
/* Add P to verify the result. */
|| !TEST_true(EC_POINT_add(group, Q, Q, P, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, Q))
/* Exercise EC_POINTs_mul, including corner cases. */
|| !TEST_false(EC_POINT_is_at_infinity(group, P)))
goto err;
scalars[0] = scalars[1] = BN_value_one();
points[0] = points[1] = P;
if (!TEST_true(EC_POINTs_mul(group, R, NULL, 2, points, scalars, ctx))
|| !TEST_true(EC_POINT_dbl(group, S, points[0], ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, S, ctx)))
goto err;
scalars[0] = n1;
points[0] = Q; /* => infinity */
scalars[1] = n2;
points[1] = P; /* => -P */
scalars[2] = n1;
points[2] = Q; /* => infinity */
scalars[3] = n2;
points[3] = Q; /* => infinity */
scalars[4] = n1;
points[4] = P; /* => P */
scalars[5] = n2;
points[5] = Q; /* => infinity */
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
}
r = 1;
err:
if (r == 0 && i != 0)
TEST_info(i == 1 ? "allowing precomputation" :
"without precomputation");
EC_POINT_free(P);
EC_POINT_free(Q);
EC_POINT_free(R);
EC_POINT_free(S);
BN_free(n1);
BN_free(n2);
BN_free(order);
BN_CTX_free(ctx);
return r;
}
static int prime_field_tests(void)
{
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *scalar3 = NULL;
EC_GROUP *group = NULL, *tmp = NULL;
EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL,
*P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
BIGNUM *x = NULL, *y = NULL, *z = NULL, *yplusone = NULL;
const EC_POINT *points[4];
const BIGNUM *scalars[4];
unsigned char buf[100];
size_t len, r = 0;
int k;
if (!TEST_ptr(ctx = BN_CTX_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
|| !TEST_true(BN_hex2bn(&p, "17"))
|| !TEST_true(BN_hex2bn(&a, "1"))
|| !TEST_true(BN_hex2bn(&b, "1"))
/*
* applications should use EC_GROUP_new_curve_GFp so
* that the library gets to choose the EC_METHOD
*/
|| !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method()))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(tmp, group)))
goto err;
EC_GROUP_free(group);
group = tmp;
tmp = NULL;
if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)))
goto err;
TEST_info("Curve defined by Weierstrass equation");
TEST_note(" y^2 = x^3 + a*x + b (mod p)");
test_output_bignum("a", a);
test_output_bignum("b", b);
test_output_bignum("p", p);
buf[0] = 0;
if (!TEST_ptr(P = EC_POINT_new(group))
|| !TEST_ptr(Q = EC_POINT_new(group))
|| !TEST_ptr(R = EC_POINT_new(group))
|| !TEST_true(EC_POINT_set_to_infinity(group, P))
|| !TEST_true(EC_POINT_is_at_infinity(group, P))
|| !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx))
|| !TEST_true(EC_POINT_add(group, P, P, Q, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P))
|| !TEST_ptr(x = BN_new())
|| !TEST_ptr(y = BN_new())
|| !TEST_ptr(z = BN_new())
|| !TEST_ptr(yplusone = BN_new())
|| !TEST_true(BN_hex2bn(&x, "D"))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx)))
goto err;
if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) {
if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx)))
goto err;
TEST_info("Point is not on curve");
test_output_bignum("x", x);
test_output_bignum("y", y);
goto err;
}
TEST_note("A cyclic subgroup:");
k = 100;
do {
if (!TEST_int_ne(k--, 0))
goto err;
if (EC_POINT_is_at_infinity(group, P)) {
TEST_note(" point at infinity");
} else {
if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y,
ctx)))
goto err;
test_output_bignum("x", x);
test_output_bignum("y", y);
}
if (!TEST_true(EC_POINT_copy(R, P))
|| !TEST_true(EC_POINT_add(group, P, P, Q, ctx)))
goto err;
} while (!EC_POINT_is_at_infinity(group, P));
if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
sizeof(buf), ctx);
if (!TEST_size_t_ne(len, 0)
|| !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
goto err;
test_output_memory("Generator as octet string, compressed form:",
buf, len);
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
buf, sizeof(buf), ctx);
if (!TEST_size_t_ne(len, 0)
|| !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
goto err;
test_output_memory("Generator as octet string, uncompressed form:",
buf, len);
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID,
buf, sizeof(buf), ctx);
if (!TEST_size_t_ne(len, 0)
|| !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
goto err;
test_output_memory("Generator as octet string, hybrid form:",
buf, len);
if (!TEST_true(EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z,
ctx)))
goto err;
TEST_info("A representation of the inverse of that generator in");
TEST_note("Jacobian projective coordinates");
test_output_bignum("x", x);
test_output_bignum("y", y);
test_output_bignum("z", z);
if (!TEST_true(EC_POINT_invert(group, P, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
/*
* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
* 2000) -- not a NIST curve, but commonly used
*/
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
|| !TEST_true(BN_hex2bn(&b, "1C97BEFC"
"54BD7A8B65ACF89F81D4D4ADC565FA45"))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_true(BN_hex2bn(&x, "4A96B568"
"8EF573284664698968C38BB913CBFC82"))
|| !TEST_true(BN_hex2bn(&y, "23a62855"
"3168947d59dcc912042351377ac5fb32"))
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
ctx))
|| !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, "0100000000"
"000000000001F4C8F927AED3CA752257"))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("SEC2 curve secp160r1 -- Generator");
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, "23a62855"
"3168947d59dcc912042351377ac5fb32"))
|| !TEST_BN_eq(y, z)
|| !TEST_int_eq(EC_GROUP_get_degree(group), 160)
|| !group_order_tests(group)
|| !TEST_ptr(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(P_160, group))
/* Curve P-192 (FIPS PUB 186-2, App. 6) */
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
|| !TEST_true(BN_hex2bn(&b, "64210519E59C80E7"
"0FA7E9AB72243049FEB8DEECC146B9B1"))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6"
"7CBF20EB43A18800F4FF0AFD82FF1012"))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF"
"FFFFFFFF99DEF836146BC9B1B4D22831"))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("NIST curve P-192 -- Generator");
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78"
"631011ED6B24CDD573F977A11E794811"))
|| !TEST_BN_eq(y, z)
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
ctx))
|| !TEST_int_eq(EC_GROUP_get_degree(group), 192)
|| !group_order_tests(group)
|| !TEST_ptr(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(P_192, group))
/* Curve P-224 (FIPS PUB 186-2, App. 6) */
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFF000000000000000000000001"))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
|| !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256"
"5044B0B7D7BFD8BA270B39432355FFB4"))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9"
"4A03C1D356C21122343280D6115C1D21"))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF"
"FFFF16A2E0B8F03E13DD29455C5C2A3D"))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("NIST curve P-224 -- Generator");
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6"
"CD4375A05A07476444D5819985007E34"))
|| !TEST_BN_eq(y, z)
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
ctx))
|| !TEST_int_eq(EC_GROUP_get_degree(group), 224)
|| !group_order_tests(group)
|| !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(P_224, group))
/* Curve P-256 (FIPS PUB 186-2, App. 6) */
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFF000000010000000000000000"
"00000000FFFFFFFFFFFFFFFFFFFFFFFF"))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFF000000010000000000000000"
"00000000FFFFFFFFFFFFFFFFFFFFFFFC"))
|| !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC"
"651D06B0CC53B0F63BCE3C3E27D2604B"))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2"
"77037D812DEB33A0F4A13945D898C296"))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF"
"BCE6FAADA7179E84F3B9CAC2FC632551"))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("NIST curve P-256 -- Generator");
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
"2BCE33576B315ECECBB6406837BF51F5"))
|| !TEST_BN_eq(y, z)
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
ctx))
|| !TEST_int_eq(EC_GROUP_get_degree(group), 256)
|| !group_order_tests(group)
|| !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(P_256, group))
/* Curve P-384 (FIPS PUB 186-2, App. 6) */
|| !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
"FFFFFFFF0000000000000000FFFFFFFF"))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
"FFFFFFFF0000000000000000FFFFFFFC"))
|| !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19"
"181D9C6EFE8141120314088F5013875A"
"C656398D8A2ED19D2A85C8EDD3EC2AEF"))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74"
"6E1D3B628BA79B9859F741E082542A38"
"5502F25DBF55296C3A545E3872760AB7"))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFC7634D81F4372DDF"
"581A0DB248B0A77AECEC196ACCC52973"))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("NIST curve P-384 -- Generator");
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29"
"F8F41DBD289A147CE9DA3113B5F0B8C0"
"0A60B1CE1D7E819D7A431D7C90EA0E5F"))
|| !TEST_BN_eq(y, z)
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
ctx))
|| !TEST_int_eq(EC_GROUP_get_degree(group), 384)
|| !group_order_tests(group)
|| !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(P_384, group))
/* Curve P-521 (FIPS PUB 186-2, App. 6) */
|| !TEST_true(BN_hex2bn(&p, "1FF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, "1FF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
|| !TEST_true(BN_hex2bn(&b, "051"
"953EB9618E1C9A1F929A21A0B68540EE"
"A2DA725B99B315F3B8B489918EF109E1"
"56193951EC7E937B1652C0BD3BB1BF07"
"3573DF883D2C34F1EF451FD46B503F00"))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_true(BN_hex2bn(&x, "C6"
"858E06B70404E9CD9E3ECB662395B442"
"9C648139053FB521F828AF606B4D3DBA"
"A14B5E77EFE75928FE1DC127A2FFA8DE"
"3348B3C1856A429BF97E7E31C2E5BD66"))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, "1FF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA"
"51868783BF2F966B7FCC0148F709A5D0"
"3BB5C9B8899C47AEBB6FB71E91386409"))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("NIST curve P-521 -- Generator");
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, "118"
"39296A789A3BC0045C8A5FB42C7D1BD9"
"98F54449579B446817AFBD17273E662C"
"97EE72995EF42640C550B9013FAD0761"
"353C7086A272C24088BE94769FD16650"))
|| !TEST_BN_eq(y, z)
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
ctx))
|| !TEST_int_eq(EC_GROUP_get_degree(group), 521)
|| !group_order_tests(group)
|| !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(P_521, group))
/* more tests using the last curve */
/* Restore the point that got mangled in the (x, y + 1) test. */
|| !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
|| !TEST_true(EC_POINT_copy(Q, P))
|| !TEST_false(EC_POINT_is_at_infinity(group, Q))
|| !TEST_true(EC_POINT_dbl(group, P, P, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */
|| !TEST_true(EC_POINT_add(group, R, P, Q, ctx))
|| !TEST_true(EC_POINT_add(group, R, R, Q, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */
|| !TEST_false(EC_POINT_is_at_infinity(group, Q)))
goto err;
points[0] = Q;
points[1] = Q;
points[2] = Q;
points[3] = Q;
if (!TEST_true(EC_GROUP_get_order(group, z, ctx))
|| !TEST_true(BN_add(y, z, BN_value_one()))
|| !TEST_BN_even(y)
|| !TEST_true(BN_rshift1(y, y)))
goto err;
scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
scalars[1] = y;
TEST_note("combined multiplication ...");
/* z is still the group order */
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|| !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx))
|| !TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
|| !TEST_true(BN_add(z, z, y)))
goto err;
BN_set_negative(z, 1);
scalars[0] = y;
scalars[1] = z; /* z = -(order + y) */
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P))
|| !TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
|| !TEST_true(BN_add(z, x, y)))
goto err;
BN_set_negative(z, 1);
scalars[0] = x;
scalars[1] = y;
scalars[2] = z; /* z = -(x+y) */
if (!TEST_ptr(scalar3 = BN_new()))
goto err;
BN_zero(scalar3);
scalars[3] = scalar3;
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
TEST_note(" ok\n");
r = 1;
err:
BN_CTX_free(ctx);
BN_free(p);
BN_free(a);
BN_free(b);
EC_GROUP_free(group);
EC_GROUP_free(tmp);
EC_POINT_free(P);
EC_POINT_free(Q);
EC_POINT_free(R);
BN_free(x);
BN_free(y);
BN_free(z);
BN_free(yplusone);
BN_free(scalar3);
EC_GROUP_free(P_160);
EC_GROUP_free(P_192);
EC_GROUP_free(P_224);
EC_GROUP_free(P_256);
EC_GROUP_free(P_384);
EC_GROUP_free(P_521);
return r;
}
# ifndef OPENSSL_NO_EC2M
static struct c2_curve_test {
const char *name;
const char *p;
const char *a;
const char *b;
const char *x;
const char *y;
int ybit;
const char *order;
const char *cof;
int degree;
} char2_curve_tests[] = {
/* Curve K-163 (FIPS PUB 186-2, App. 6) */
{
"NIST curve K-163",
"0800000000000000000000000000000000000000C9",
"1",
"1",
"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
"0289070FB05D38FF58321F2E800536D538CCDAA3D9",
1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163
},
/* Curve B-163 (FIPS PUB 186-2, App. 6) */
{
"NIST curve B-163",
"0800000000000000000000000000000000000000C9",
"1",
"020A601907B8C953CA1481EB10512F78744A3205FD",
"03F0EBA16286A2D57EA0991168D4994637E8343E36",
"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
1, "040000000000000000000292FE77E70C12A4234C33", "2", 163
},
/* Curve K-233 (FIPS PUB 186-2, App. 6) */
{
"NIST curve K-233",
"020000000000000000000000000000000000000004000000000000000001",
"0",
"1",
"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
0,
"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
"4", 233
},
/* Curve B-233 (FIPS PUB 186-2, App. 6) */
{
"NIST curve B-233",
"020000000000000000000000000000000000000004000000000000000001",
"000000000000000000000000000000000000000000000000000000000001",
"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
1,
"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
"2", 233
},
/* Curve K-283 (FIPS PUB 186-2, App. 6) */
{
"NIST curve K-283",
"08000000"
"00000000000000000000000000000000000000000000000000000000000010A1",
"0",
"1",
"0503213F"
"78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
"01CCDA38"
"0F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
0,
"01FFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
"4", 283
},
/* Curve B-283 (FIPS PUB 186-2, App. 6) */
{
"NIST curve B-283",
"08000000"
"00000000000000000000000000000000000000000000000000000000000010A1",
"00000000"
"0000000000000000000000000000000000000000000000000000000000000001",
"027B680A"
"C8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
"05F93925"
"8DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
"03676854"
"FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
1,
"03FFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
"2", 283
},
/* Curve K-409 (FIPS PUB 186-2, App. 6) */
{
"NIST curve K-409",
"0200000000000000000000000000000000000000"
"0000000000000000000000000000000000000000008000000000000000000001",
"0",
"1",
"0060F05F658F49C1AD3AB1890F7184210EFD0987"
"E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
"01E369050B7C4E42ACBA1DACBF04299C3460782F"
"918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
1,
"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
"4", 409
},
/* Curve B-409 (FIPS PUB 186-2, App. 6) */
{
"NIST curve B-409",
"0200000000000000000000000000000000000000"
"0000000000000000000000000000000000000000008000000000000000000001",
"0000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000001",
"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422E"
"F1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
"015D4860D088DDB3496B0C6064756260441CDE4A"
"F1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5"
"A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
1,
"0100000000000000000000000000000000000000"
"00000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
"2", 409
},
/* Curve K-571 (FIPS PUB 186-2, App. 6) */
{
"NIST curve K-571",
"800000000000000"
"0000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000425",
"0",
"1",
"026EB7A859923FBC"
"82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E6"
"47DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
"0349DC807F4FBF37"
"4F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA7"
"4FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
0,
"0200000000000000"
"00000000000000000000000000000000000000000000000000000000131850E1"
"F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
"4", 571
},
/* Curve B-571 (FIPS PUB 186-2, App. 6) */
{
"NIST curve B-571",
"800000000000000"
"0000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000425",
"0000000000000000"
"0000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000001",
"02F40E7E2221F295"
"DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA5933"
"2BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
"0303001D34B85629"
"6C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293"
"CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
"037BF27342DA639B"
"6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A57"
"6291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
1,
"03FFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18"
"FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
"2", 571
}
};
static int char2_curve_test(int n)
{
int r = 0;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL;
BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL;
EC_GROUP *group = NULL, *variable = NULL;
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
const EC_POINT *points[3];
const BIGNUM *scalars[3];
struct c2_curve_test *const test = char2_curve_tests + n;
if (!TEST_ptr(ctx = BN_CTX_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
|| !TEST_ptr(x = BN_new())
|| !TEST_ptr(y = BN_new())
|| !TEST_ptr(z = BN_new())
|| !TEST_ptr(yplusone = BN_new())
|| !TEST_true(BN_hex2bn(&p, test->p))
|| !TEST_true(BN_hex2bn(&a, test->a))
|| !TEST_true(BN_hex2bn(&b, test->b))
|| !TEST_true(group = EC_GROUP_new(EC_GF2m_simple_method()))
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_ptr(P = EC_POINT_new(group))
|| !TEST_ptr(Q = EC_POINT_new(group))
|| !TEST_ptr(R = EC_POINT_new(group))
|| !TEST_true(BN_hex2bn(&x, test->x))
|| !TEST_true(BN_hex2bn(&y, test->y))
|| !TEST_true(BN_add(yplusone, y, BN_value_one())))
goto err;
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx))
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x,
test->y_bit,
ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, test->order))
|| !TEST_true(BN_hex2bn(&cof, test->cof))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, cof))
|| !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
goto err;
TEST_info("%s -- Generator", test->name);
test_output_bignum("x", x);
test_output_bignum("y", y);
/* G_y value taken from the standard: */
if (!TEST_true(BN_hex2bn(&z, test->y))
|| !TEST_BN_eq(y, z))
goto err;
# else
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx))
|| !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(BN_hex2bn(&z, test->order))
|| !TEST_true(BN_hex2bn(&cof, test->cof))
|| !TEST_true(EC_GROUP_set_generator(group, P, z, cof)))
goto err;
TEST_info("%s -- Generator:", test->name);
test_output_bignum("x", x);
test_output_bignum("y", y);
# endif
if (!TEST_int_eq(EC_GROUP_get_degree(group), test->degree)
|| !group_order_tests(group)
|| !TEST_ptr(variable = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(variable, group)))
goto err;
/* more tests using the last curve */
if (n == OSSL_NELEM(char2_curve_tests) - 1) {
if (!TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
|| !TEST_true(EC_POINT_copy(Q, P))
|| !TEST_false(EC_POINT_is_at_infinity(group, Q))
|| !TEST_true(EC_POINT_dbl(group, P, P, ctx))
|| !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
|| !TEST_true(EC_POINT_invert(group, Q, ctx)) /* P = -2Q */
|| !TEST_true(EC_POINT_add(group, R, P, Q, ctx))
|| !TEST_true(EC_POINT_add(group, R, R, Q, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, R)) /* R = P + 2Q */
|| !TEST_false(EC_POINT_is_at_infinity(group, Q)))
goto err;
points[0] = Q;
points[1] = Q;
points[2] = Q;
if (!TEST_true(BN_add(y, z, BN_value_one()))
|| !TEST_BN_even(y)
|| !TEST_true(BN_rshift1(y, y)))
goto err;
scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
scalars[1] = y;
TEST_note("combined multiplication ...");
/* z is still the group order */
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|| !TEST_true(EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, R, Q, ctx)))
goto err;
if (!TEST_true(BN_rand(y, BN_num_bits(y), 0, 0))
|| !TEST_true(BN_add(z, z, y)))
goto err;
BN_set_negative(z, 1);
scalars[0] = y;
scalars[1] = z; /* z = -(order + y) */
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
if (!TEST_true(BN_rand(x, BN_num_bits(y) - 1, 0, 0))
|| !TEST_true(BN_add(z, x, y)))
goto err;
BN_set_negative(z, 1);
scalars[0] = x;
scalars[1] = y;
scalars[2] = z; /* z = -(x+y) */
if (!TEST_true(EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;;
}
r = 1;
err:
BN_CTX_free(ctx);
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(x);
BN_free(y);
BN_free(z);
BN_free(yplusone);
BN_free(cof);
EC_POINT_free(P);
EC_POINT_free(Q);
EC_POINT_free(R);
EC_GROUP_free(group);
EC_GROUP_free(variable);
return r;
}
static int char2_field_tests(void)
{
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL;
EC_GROUP *group = NULL, *tmp = NULL;
EC_POINT *P = NULL, *Q = NULL, *R = NULL;
BIGNUM *x = NULL, *y = NULL, *z = NULL, *cof = NULL, *yplusone = NULL;
unsigned char buf[100];
size_t len;
int k, r = 0;
if (!TEST_ptr(ctx = BN_CTX_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
|| !TEST_true(BN_hex2bn(&p, "13"))
|| !TEST_true(BN_hex2bn(&a, "3"))
|| !TEST_true(BN_hex2bn(&b, "1")))
goto err;
group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use
* EC_GROUP_new_curve_GF2m
* so that the library gets
* to choose the EC_METHOD */
if (!TEST_ptr(group)
|| !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
|| !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group)))
|| !TEST_true(EC_GROUP_copy(tmp, group)))
goto err;
EC_GROUP_free(group);
group = tmp;
tmp = NULL;
if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)))
goto err;
TEST_info("Curve defined by Weierstrass equation");
TEST_note(" y^2 + x*y = x^3 + a*x^2 + b (mod p)");
test_output_bignum("a", a);
test_output_bignum("b", b);
test_output_bignum("p", p);
if (!TEST_ptr(P = EC_POINT_new(group))
|| !TEST_ptr(Q = EC_POINT_new(group))
|| !TEST_ptr(R = EC_POINT_new(group))
|| !TEST_true(EC_POINT_set_to_infinity(group, P))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
buf[0] = 0;
if (!TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx))
|| !TEST_true(EC_POINT_add(group, P, P, Q, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P))
|| !TEST_ptr(x = BN_new())
|| !TEST_ptr(y = BN_new())
|| !TEST_ptr(z = BN_new())
|| !TEST_ptr(cof = BN_new())
|| !TEST_ptr(yplusone = BN_new())
|| !TEST_true(BN_hex2bn(&x, "6"))
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
|| !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))
# else
|| !TEST_true(BN_hex2bn(&y, "8"))
|| !TEST_true(EC_POINT_set_affine_coordinates(group, Q, x, y, ctx))
# endif
)
goto err;
if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) {
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx)))
goto err;
# endif
TEST_info("Point is not on curve");
test_output_bignum("x", x);
test_output_bignum("y", y);
goto err;
}
TEST_note("A cyclic subgroup:");
k = 100;
do {
if (!TEST_int_ne(k--, 0))
goto err;
if (EC_POINT_is_at_infinity(group, P))
TEST_note(" point at infinity");
else {
if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y,
ctx)))
goto err;
test_output_bignum("x", x);
test_output_bignum("y", y);
}
if (!TEST_true(EC_POINT_copy(R, P))
|| !TEST_true(EC_POINT_add(group, P, P, Q, ctx)))
goto err;
}
while (!EC_POINT_is_at_infinity(group, P));
if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx))
|| !TEST_true(EC_POINT_is_at_infinity(group, P)))
goto err;
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED,
buf, sizeof(buf), ctx);
if (!TEST_size_t_ne(len, 0)
|| !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
goto err;
test_output_memory("Generator as octet string, compressed form:",
buf, len);
# endif
len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
buf, sizeof(buf), ctx);
if (!TEST_size_t_ne(len, 0)
|| !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
goto err;
test_output_memory("Generator as octet string, uncompressed form:",
buf, len);
/* Change test based on whether binary point compression is enabled or not. */
# ifdef OPENSSL_EC_BIN_PT_COMP
len =
EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof(buf),
ctx);
if (!TEST_size_t_ne(len, 0)
|| !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
goto err;
test_output_memory("Generator as octet string, hybrid form:",
buf, len);
# endif
if (!TEST_true(EC_POINT_invert(group, P, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx)))
goto err;
TEST_note("\n");
r = 1;
err:
BN_CTX_free(ctx);
BN_free(p);
BN_free(a);
BN_free(b);
EC_GROUP_free(group);
EC_GROUP_free(tmp);
EC_POINT_free(P);
EC_POINT_free(Q);
EC_POINT_free(R);
BN_free(x);
BN_free(y);
BN_free(z);
BN_free(cof);
BN_free(yplusone);
return r;
}
# endif
static int internal_curve_test(int n)
{
EC_GROUP *group = NULL;
int nid = curves[n].nid;
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
TEST_info("EC_GROUP_new_curve_name() failed with curve %s\n",
OBJ_nid2sn(nid));
return 0;
}
if (!TEST_true(EC_GROUP_check(group, NULL))) {
TEST_info("EC_GROUP_check() failed with curve %s\n", OBJ_nid2sn(nid));
EC_GROUP_free(group);
return 0;
}
EC_GROUP_free(group);
return 1;
}
static int internal_curve_test_method(int n)
{
int r, nid = curves[n].nid;
EC_GROUP *group;
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) {
TEST_info("Curve %s failed\n", OBJ_nid2sn(nid));
return 0;
}
r = group_order_tests(group);
EC_GROUP_free(group);
return r;
}
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
/*
* nistp_test_params contains magic numbers for testing our optimized
* implementations of several NIST curves with characteristic > 3.
*/
struct nistp_test_params {
const EC_METHOD *(*meth) (void);
int degree;
/*
* Qx, Qy and D are taken from
* http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
* Otherwise, values are standard curve parameters from FIPS 180-3
*/
const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
};
static const struct nistp_test_params nistp_tests_params[] = {
{
/* P-224 */
EC_GFp_nistp224_method,
224,
/* p */
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
/* a */
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
/* b */
"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
/* Qx */
"E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E",
/* Qy */
"4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555",
/* Gx */
"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
/* Gy */
"BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
/* order */
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
/* d */
"3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8",
},
{
/* P-256 */
EC_GFp_nistp256_method,
256,
/* p */
"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
/* a */
"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
/* b */
"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
/* Qx */
"b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19",
/* Qy */
"3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09",
/* Gx */
"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
/* Gy */
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
/* order */
"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
/* d */
"c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96",
},
{
/* P-521 */
EC_GFp_nistp521_method,
521,
/* p */
"1ff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
/* a */
"1ff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
/* b */
"051"
"953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e1"
"56193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
/* Qx */
"0098"
"e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e"
"59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4",
/* Qy */
"0164"
"350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8"
"554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e",
/* Gx */
"c6"
"858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dba"
"a14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
/* Gy */
"118"
"39296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c"
"97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
/* order */
"1ff"
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa"
"51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
/* d */
"0100"
"085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eee"
"df09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722",
},
};
static int nistp_single_test(int idx)
{
const struct nistp_test_params *test = nistp_tests_params + idx;
BN_CTX *ctx = NULL;
BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL;
BIGNUM *n = NULL, *m = NULL, *order = NULL, *yplusone = NULL;
EC_GROUP *NISTP = NULL;
EC_POINT *G = NULL, *P = NULL, *Q = NULL, *Q_CHECK = NULL;
int r = 0;
TEST_note("NIST curve P-%d (optimised implementation):",
test->degree);
if (!TEST_ptr(ctx = BN_CTX_new())
|| !TEST_ptr(p = BN_new())
|| !TEST_ptr(a = BN_new())
|| !TEST_ptr(b = BN_new())
|| !TEST_ptr(x = BN_new())
|| !TEST_ptr(y = BN_new())
|| !TEST_ptr(m = BN_new())
|| !TEST_ptr(n = BN_new())
|| !TEST_ptr(order = BN_new())
|| !TEST_ptr(yplusone = BN_new())
|| !TEST_ptr(NISTP = EC_GROUP_new(test->meth()))
|| !TEST_true(BN_hex2bn(&p, test->p))
|| !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
|| !TEST_true(BN_hex2bn(&a, test->a))
|| !TEST_true(BN_hex2bn(&b, test->b))
|| !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx))
|| !TEST_ptr(G = EC_POINT_new(NISTP))
|| !TEST_ptr(P = EC_POINT_new(NISTP))
|| !TEST_ptr(Q = EC_POINT_new(NISTP))
|| !TEST_ptr(Q_CHECK = EC_POINT_new(NISTP))
|| !TEST_true(BN_hex2bn(&x, test->Qx))
|| !TEST_true(BN_hex2bn(&y, test->Qy))
|| !TEST_true(BN_add(yplusone, y, BN_value_one()))
/*
* When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
* and therefore setting the coordinates should fail.
*/
|| !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x,
yplusone, ctx))
|| !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y,
ctx))
|| !TEST_true(BN_hex2bn(&x, test->Gx))
|| !TEST_true(BN_hex2bn(&y, test->Gy))
|| !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx))
|| !TEST_true(BN_hex2bn(&order, test->order))
|| !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one()))
|| !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree))
goto err;
TEST_note("NIST test vectors ... ");
if (!TEST_true(BN_hex2bn(&n, test->d)))
goto err;
/* fixed point multiplication */
EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
goto err;
/* random point multiplication */
EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
/* set generator to P = 2*G, where G is the standard generator */
|| !TEST_true(EC_POINT_dbl(NISTP, P, G, ctx))
|| !TEST_true(EC_GROUP_set_generator(NISTP, P, order, BN_value_one()))
/* set the scalar to m=n/2, where n is the NIST test scalar */
|| !TEST_true(BN_rshift(m, n, 1)))
goto err;
/* test the non-standard generator */
/* fixed point multiplication */
EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
goto err;
/* random point multiplication */
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
/*
* We have not performed precomputation so have_precompute mult should be
* false
*/
|| !TEST_false(EC_GROUP_have_precompute_mult(NISTP))
/* now repeat all tests with precomputation */
|| !TEST_true(EC_GROUP_precompute_mult(NISTP, ctx))
|| !TEST_true(EC_GROUP_have_precompute_mult(NISTP)))
goto err;
/* fixed point multiplication */
EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
goto err;
/* random point multiplication */
EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx))
/* reset generator */
|| !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())))
goto err;
/* fixed point multiplication */
EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
goto err;
/* random point multiplication */
EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
if (!TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)))
goto err;
/* regression test for felem_neg bug */
if (!TEST_true(BN_set_word(m, 32))
|| !TEST_true(BN_set_word(n, 31))
|| !TEST_true(EC_POINT_copy(P, G))
|| !TEST_true(EC_POINT_invert(NISTP, P, ctx))
|| !TEST_true(EC_POINT_mul(NISTP, Q, m, P, n, ctx))
|| !TEST_int_eq(0, EC_POINT_cmp(NISTP, Q, G, ctx)))
goto err;
r = group_order_tests(NISTP);
err:
EC_GROUP_free(NISTP);
EC_POINT_free(G);
EC_POINT_free(P);
EC_POINT_free(Q);
EC_POINT_free(Q_CHECK);
BN_free(n);
BN_free(m);
BN_free(p);
BN_free(a);
BN_free(b);
BN_free(x);
BN_free(y);
BN_free(order);
BN_free(yplusone);
BN_CTX_free(ctx);
return r;
}
# endif
static const unsigned char p521_named[] = {
0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23,
};
static const unsigned char p521_explicit[] = {
0x30, 0x82, 0x01, 0xc3, 0x02, 0x01, 0x01, 0x30, 0x4d, 0x06, 0x07, 0x2a,
0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, 0x02, 0x42, 0x01, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0x30, 0x81, 0x9f, 0x04, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xfc, 0x04, 0x42, 0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, 0x9a,
0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, 0x40, 0xee, 0xa2, 0xda, 0x72,
0x5b, 0x99, 0xb3, 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, 0x09,
0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, 0x93, 0x7b, 0x16, 0x52, 0xc0,
0xbd, 0x3b, 0xb1, 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, 0x34,
0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, 0x3f, 0x00, 0x03, 0x15, 0x00,
0xd0, 0x9e, 0x88, 0x00, 0x29, 0x1c, 0xb8, 0x53, 0x96, 0xcc, 0x67, 0x17,
0x39, 0x32, 0x84, 0xaa, 0xa0, 0xda, 0x64, 0xba, 0x04, 0x81, 0x85, 0x04,
0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, 0xe9, 0xcd, 0x9e, 0x3e,
0xcb, 0x66, 0x23, 0x95, 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, 0x3d, 0xba, 0xa1, 0x4b,
0x5e, 0x77, 0xef, 0xe7, 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, 0x42, 0x9b, 0xf9, 0x7e,
0x7e, 0x31, 0xc2, 0xe5, 0xbd, 0x66, 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78,
0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9,
0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17,
0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40,
0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86,
0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
0x02, 0x42, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfa,
0x51, 0x86, 0x87, 0x83, 0xbf, 0x2f, 0x96, 0x6b, 0x7f, 0xcc, 0x01, 0x48,
0xf7, 0x09, 0xa5, 0xd0, 0x3b, 0xb5, 0xc9, 0xb8, 0x89, 0x9c, 0x47, 0xae,
0xbb, 0x6f, 0xb7, 0x1e, 0x91, 0x38, 0x64, 0x09, 0x02, 0x01, 0x01,
};
static int parameter_test(void)
{
EC_GROUP *group = NULL, *group2 = NULL;
ECPARAMETERS *ecparameters = NULL;
unsigned char *buf = NULL;
int r = 0, len;
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp112r1))
|| !TEST_ptr(ecparameters = EC_GROUP_get_ecparameters(group, NULL))
|| !TEST_ptr(group2 = EC_GROUP_new_from_ecparameters(ecparameters))
|| !TEST_int_eq(EC_GROUP_cmp(group, group2, NULL), 0))
goto err;
EC_GROUP_free(group);
group = NULL;
/* Test the named curve encoding, which should be default. */
if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(NID_secp521r1))
|| !TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
|| !TEST_mem_eq(buf, len, p521_named, sizeof(p521_named)))
goto err;
OPENSSL_free(buf);
buf = NULL;
/*
* Test the explicit encoding. P-521 requires correctly zero-padding the
* curve coefficients.
*/
EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
if (!TEST_true((len = i2d_ECPKParameters(group, &buf)) >= 0)
|| !TEST_mem_eq(buf, len, p521_explicit, sizeof(p521_explicit)))
goto err;
r = 1;
err:
EC_GROUP_free(group);
EC_GROUP_free(group2);
ECPARAMETERS_free(ecparameters);
OPENSSL_free(buf);
return r;
}
#endif
int setup_tests(void)
{
#ifndef OPENSSL_NO_EC
crv_len = EC_get_builtin_curves(NULL, 0);
if (!TEST_ptr(curves = OPENSSL_malloc(sizeof(*curves) * crv_len))
|| !TEST_true(EC_get_builtin_curves(curves, crv_len)))
return 0;
ADD_TEST(parameter_test);
ADD_TEST(prime_field_tests);
# ifndef OPENSSL_NO_EC2M
ADD_TEST(char2_field_tests);
ADD_ALL_TESTS(char2_curve_test, OSSL_NELEM(char2_curve_tests));
# endif
# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
ADD_ALL_TESTS(nistp_single_test, OSSL_NELEM(nistp_tests_params));
# endif
ADD_ALL_TESTS(internal_curve_test, crv_len);
ADD_ALL_TESTS(internal_curve_test_method, crv_len);
#endif
return 1;
}
void cleanup_tests(void)
{
#ifndef OPENSSL_NO_EC
OPENSSL_free(curves);
#endif
}
openssl-1.1.1/test/evp_test.h0000644000000000000000000000063513345734630014670 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
typedef struct evp_test_buffer_st EVP_TEST_BUFFER;
DEFINE_STACK_OF(EVP_TEST_BUFFER)
openssl-1.1.1/test/tls13encryptiontest.c0000644000000000000000000003360213345734631017014 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/ssl.h>
#include <openssl/evp.h>
#ifdef __VMS
# pragma names save
# pragma names as_is,shortened
#endif
#include "../ssl/ssl_locl.h"
#include "../ssl/record/record_locl.h"
#ifdef __VMS
# pragma names restore
#endif
#include "internal/nelem.h"
#include "testutil.h"
/*
* Based on the test vectors provided in:
* https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06
*/
typedef struct {
/*
* We split these into 3 chunks in order to work around the 509 character
* limit that the standard specifies for string literals
*/
const char *plaintext[3];
const char *ciphertext[3];
const char *key;
const char *iv;
const char *seq;
} RECORD_DATA;
/*
* Note 1: The plaintext values given here have an additional "16" or "17" byte
* added to the end when compared to the official vectors. The official vectors
* do not include the inner content type, but we require it.
*
* Note 2: These are the vectors for the "Simple 1-RTT Handshake"
*/
static RECORD_DATA refdata[] = {
{
/*
* Server: EncryptedExtensions, Certificate, CertificateVerify and
* Finished
*/
{
"080000240022000a00140012001d00170018001901000101010201030104001c"
"00024001000000000b0001b9000001b50001b0308201ac30820115a003020102"
"020102300d06092a864886f70d01010b0500300e310c300a0603550403130372"
"7361301e170d3136303733303031323335395a170d3236303733303031323335"
"395a300e310c300a0603550403130372736130819f300d06092a864886f70d01"
"0101050003818d0030818902818100b4bb498f8279303d980836399b36c6988c"
"0c68de55e1bdb826d3901a2461eafd2de49a91d015abbc9a95137ace6c1af19e",
"aa6af98c7ced43120998e187a80ee0ccb0524b1b018c3e0b63264d449a6d38e2"
"2a5fda430846748030530ef0461c8ca9d9efbfae8ea6d1d03e2bd193eff0ab9a"
"8002c47428a6d35a8d88d79f7f1e3f0203010001a31a301830090603551d1304"
"023000300b0603551d0f0404030205a0300d06092a864886f70d01010b050003"
"81810085aad2a0e5b9276b908c65f73a7267170618a54c5f8a7b337d2df7a594"
"365417f2eae8f8a58c8f8172f9319cf36b7fd6c55b80f21a03015156726096fd"
"335e5e67f2dbf102702e608ccae6bec1fc63a42a99be5c3eb7107c3c54e9b9eb",
"2bd5203b1c3b84e0a8b2f759409ba3eac9d91d402dcc0cc8f8961229ac9187b4"
"2b4de100000f00008408040080754040d0ddab8cf0e2da2bc4995b868ad745c8"
"e1564e33cde17880a42392cc624aeef6b67bb3f0ae71d9d54a2309731d87dc59"
"f642d733be2eb27484ad8a8c8eb3516a7ac57f2625e2b5c0888a8541f4e734f7"
"3d054761df1dd02f0e3e9a33cfa10b6e3eb4ebf7ac053b01fdabbddfc54133bc"
"d24c8bbdceb223b2aa03452a2914000020ac86acbc9cd25a45b57ad5b64db15d"
"4405cf8c80e314583ebf3283ef9a99310c16"
},
{
"f10b26d8fcaf67b5b828f712122216a1cd14187465b77637cbcd78539128bb93"
"246dcca1af56f1eaa271666077455bc54965d85f05f9bd36d6996171eb536aff"
"613eeddc42bad5a2d2227c4606f1215f980e7afaf56bd3b85a51be130003101a"
"758d077b1c891d8e7a22947e5a229851fd42a9dd422608f868272abf92b3d43f"
"b46ac420259346067f66322fd708885680f4b4433c29116f2dfa529e09bba53c"
"7cd920121724809eaddcc84307ef46fc51a0b33d99d39db337fcd761ce0f2b02"
"dc73dedb6fddb77c4f8099bde93d5bee08bcf2131f29a2a37ff07949e8f8bcdd",
"3e8310b8bf8b3444c85aaf0d2aeb2d4f36fd14d5cb51fcebff418b3827136ab9"
"529e9a3d3f35e4c0ae749ea2dbc94982a1281d3e6daab719aa4460889321a008"
"bf10fa06ac0c61cc122cc90d5e22c0030c986ae84a33a0c47df174bcfbd50bf7"
"8ffdf24051ab423db63d5815db2f830040f30521131c98c66f16c362addce2fb"
"a0602cf0a7dddf22e8def7516cdfee95b4056cc9ad38c95352335421b5b1ffba"
"df75e5212fdad7a75f52a2801486a1eec3539580bee0e4b337cda6085ac9eccd"
"1a0f1a46cebfbb5cdfa3251ac28c3bc826148c6d8c1eb6a06f77f6ff632c6a83",
"e283e8f9df7c6dbabf1c6ea40629a85b43ab0c73d34f9d5072832a104eda3f75"
"f5d83da6e14822a18e14099d749eafd823ca2ac7542086501eca206ce7887920"
"008573757ce2f230a890782b99cc682377beee812756d04f9025135fb599d746"
"fefe7316c922ac265ca0d29021375adb63c1509c3e242dfb92b8dee891f7368c"
"4058399b8db9075f2dcc8216194e503b6652d87d2cb41f99adfdcc5be5ec7e1e"
"6326ac22d70bd3ba652827532d669aff005173597f8039c3ea4922d3ec757670"
"222f6ac29b93e90d7ad3f6dd96328e429cfcfd5cca22707fe2d86ad1dcb0be75"
"6e8e"
},
"c66cb1aec519df44c91e10995511ac8b",
"f7f6884c4981716c2d0d29a4",
"0000000000000000"
},
{
/* Client: Finished */
{
"14000020b9027a0204b972b52cdefa58950fa1580d68c9cb124dbe691a7178f2"
"5c554b2316", "", ""
},
{
"9539b4ae2f87fd8e616b295628ea953d9e3858db274970d19813ec136cae7d96"
"e0417775fcabd3d8858fdc60240912d218f5afb21c", "", ""
},
"2679a43e1d76784034ea1797d5ad2649",
"5482405290dd0d2f81c0d942",
"0000000000000000"
},
{
/* Server: NewSessionTicket */
{
"040000c90000001e2fd3992f02000000b2ff099f9676cdff8b0bf8825d000000"
"007905a9d28efeef4a47c6f9b06a0cecdb0070d920b898997c75b79636943ed4"
"2046a96142bd084a04acfa0c490f452d756dea02c0f927259f1f3231ac0d541a"
"769129b740ce38090842b828c27fd729f59737ba98aa7b42e043c5da28f8dca8"
"590b2df410d5134fd6c4cacad8b30370602afa35d265bf4d127976bb36dbda6a"
"626f0270e20eebc73d6fcae2b1a0da122ee9042f76be56ebf41aa469c3d2c9da"
"9197d80008002a00040000040016", "", ""
},
{
"3680c2b2109d25caa26c3b06eea9fdc5cb31613ba702176596da2e886bf6af93"
"507bd68161ad9cb4780653842e1041ecbf0088a65ac4ef438419dd1d95ddd9bd"
"2ad4484e7e167d0e6c008448ae58a0418713b6fc6c51e4bb23a537fb75a74f73"
"de31fe6aa0bc522515f8b25f8955428b5de5ac06762cec22b0aa78c94385ef8e"
"70fa24945b7c1f268510871689bbbbfaf2e7f4a19277024f95f1143ab12a31ec"
"63adb128cb390711fd6d06a498df3e98615d8eb102e23353b480efcca5e8e026"
"7a6d0fe2441f14c8c9664aefb2cfff6ae9e0442728b6a0940c1e824fda06",
"", ""
},
"a688ebb5ac826d6f42d45c0cc44b9b7d",
"c1cad4425a438b5de714830a",
"0000000000000000"
},
{
/* Client: Application Data */
{
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
"202122232425262728292a2b2c2d2e2f303117", "", ""
},
{
"8c3497da00ae023e53c01b4324b665404c1b49e78fe2bf4d17f6348ae8340551"
"e363a0cd05f2179c4fef5ad689b5cae0bae94adc63632e571fb79aa91544c639"
"4d28a1", "", ""
},
"88b96ad686c84be55ace18a59cce5c87",
"b99dc58cd5ff5ab082fdad19",
"0000000000000000"
},
{
/* Server: Application Data */
{
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
"202122232425262728292a2b2c2d2e2f303117", "", ""
},
{
"f65f49fd2df6cd2347c3d30166e3cfddb6308a5906c076112c6a37ff1dbd406b"
"5813c0abd734883017a6b2833186b13c14da5d75f33d8760789994e27d82043a"
"b88d65", "", ""
},
"a688ebb5ac826d6f42d45c0cc44b9b7d",
"c1cad4425a438b5de714830a",
"0000000000000001"
},
{
/* Client: CloseNotify */
{
"010015", "", ""
},
{
"2c2148163d7938a35f6acf2a6606f8cbd1d9f2", "", ""
},
"88b96ad686c84be55ace18a59cce5c87",
"b99dc58cd5ff5ab082fdad19",
"0000000000000001"
},
{
/* Server: CloseNotify */
{
"010015", "", ""
},
{
"f8141ebdb5eda511e0bce639a56ff9ea825a21", "", ""
},
"a688ebb5ac826d6f42d45c0cc44b9b7d",
"c1cad4425a438b5de714830a",
"0000000000000002"
}
};
/*
* Same thing as OPENSSL_hexstr2buf() but enables us to pass the string in
* 3 chunks
*/
static unsigned char *multihexstr2buf(const char *str[3], size_t *len)
{
size_t outer, inner, curr = 0;
unsigned char *outbuf;
size_t totlen = 0;
/* Check lengths of all input strings are even */
for (outer = 0; outer < 3; outer++) {
totlen += strlen(str[outer]);
if ((totlen & 1) != 0)
return NULL;
}
totlen /= 2;
outbuf = OPENSSL_malloc(totlen);
if (outbuf == NULL)
return NULL;
for (outer = 0; outer < 3; outer++) {
for (inner = 0; str[outer][inner] != 0; inner += 2) {
int hi, lo;
hi = OPENSSL_hexchar2int(str[outer][inner]);
lo = OPENSSL_hexchar2int(str[outer][inner + 1]);
if (hi < 0 || lo < 0) {
OPENSSL_free(outbuf);
return NULL;
}
outbuf[curr++] = (hi << 4) | lo;
}
}
*len = totlen;
return outbuf;
}
static int load_record(SSL3_RECORD *rec, RECORD_DATA *recd, unsigned char **key,
unsigned char *iv, size_t ivlen, unsigned char *seq)
{
unsigned char *pt = NULL, *sq = NULL, *ivtmp = NULL;
size_t ptlen;
*key = OPENSSL_hexstr2buf(recd->key, NULL);
ivtmp = OPENSSL_hexstr2buf(recd->iv, NULL);
sq = OPENSSL_hexstr2buf(recd->seq, NULL);
pt = multihexstr2buf(recd->plaintext, &ptlen);
if (*key == NULL || ivtmp == NULL || sq == NULL || pt == NULL)
goto err;
rec->data = rec->input = OPENSSL_malloc(ptlen + EVP_GCM_TLS_TAG_LEN);
if (rec->data == NULL)
goto err;
rec->length = ptlen;
memcpy(rec->data, pt, ptlen);
OPENSSL_free(pt);
memcpy(seq, sq, SEQ_NUM_SIZE);
OPENSSL_free(sq);
memcpy(iv, ivtmp, ivlen);
OPENSSL_free(ivtmp);
return 1;
err:
OPENSSL_free(*key);
*key = NULL;
OPENSSL_free(ivtmp);
OPENSSL_free(sq);
OPENSSL_free(pt);
return 0;
}
static int test_record(SSL3_RECORD *rec, RECORD_DATA *recd, int enc)
{
int ret = 0;
unsigned char *refd;
size_t refdatalen;
if (enc)
refd = multihexstr2buf(recd->ciphertext, &refdatalen);
else
refd = multihexstr2buf(recd->plaintext, &refdatalen);
if (!TEST_ptr(refd)) {
TEST_info("Failed to get reference data");
goto err;
}
if (!TEST_mem_eq(rec->data, rec->length, refd, refdatalen))
goto err;
ret = 1;
err:
OPENSSL_free(refd);
return ret;
}
#define TLS13_AES_128_GCM_SHA256_BYTES ((const unsigned char *)"\x13\x01")
static int test_tls13_encryption(void)
{
SSL_CTX *ctx = NULL;
SSL *s = NULL;
SSL3_RECORD rec;
unsigned char *key = NULL, *iv = NULL, *seq = NULL;
const EVP_CIPHER *ciph = EVP_aes_128_gcm();
int ret = 0;
size_t ivlen, ctr;
/*
* Encrypted TLSv1.3 records always have an outer content type of
* application data, and a record version of TLSv1.2.
*/
rec.data = NULL;
rec.type = SSL3_RT_APPLICATION_DATA;
rec.rec_version = TLS1_2_VERSION;
ctx = SSL_CTX_new(TLS_method());
if (!TEST_ptr(ctx)) {
TEST_info("Failed creating SSL_CTX");
goto err;
}
s = SSL_new(ctx);
if (!TEST_ptr(s)) {
TEST_info("Failed creating SSL");
goto err;
}
s->enc_read_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_read_ctx))
goto err;
s->enc_write_ctx = EVP_CIPHER_CTX_new();
if (!TEST_ptr(s->enc_write_ctx))
goto err;
s->s3->tmp.new_cipher = SSL_CIPHER_find(s, TLS13_AES_128_GCM_SHA256_BYTES);
if (!TEST_ptr(s->s3->tmp.new_cipher)) {
TEST_info("Failed to find cipher");
goto err;
}
for (ctr = 0; ctr < OSSL_NELEM(refdata); ctr++) {
/* Load the record */
ivlen = EVP_CIPHER_iv_length(ciph);
if (!load_record(&rec, &refdata[ctr], &key, s->read_iv, ivlen,
RECORD_LAYER_get_read_sequence(&s->rlayer))) {
TEST_error("Failed loading key into EVP_CIPHER_CTX");
goto err;
}
/* Set up the read/write sequences */
memcpy(RECORD_LAYER_get_write_sequence(&s->rlayer),
RECORD_LAYER_get_read_sequence(&s->rlayer), SEQ_NUM_SIZE);
memcpy(s->write_iv, s->read_iv, ivlen);
/* Load the key into the EVP_CIPHER_CTXs */
if (EVP_CipherInit_ex(s->enc_write_ctx, ciph, NULL, key, NULL, 1) <= 0
|| EVP_CipherInit_ex(s->enc_read_ctx, ciph, NULL, key, NULL, 0)
<= 0) {
TEST_error("Failed loading key into EVP_CIPHER_CTX\n");
goto err;
}
/* Encrypt it */
if (!TEST_size_t_eq(tls13_enc(s, &rec, 1, 1), 1)) {
TEST_info("Failed to encrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 1))) {
TEST_info("Record %zu encryption test failed", ctr);
goto err;
}
/* Decrypt it */
if (!TEST_int_eq(tls13_enc(s, &rec, 1, 0), 1)) {
TEST_info("Failed to decrypt record %zu", ctr);
goto err;
}
if (!TEST_true(test_record(&rec, &refdata[ctr], 0))) {
TEST_info("Record %zu decryption test failed", ctr);
goto err;
}
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
rec.data = NULL;
key = NULL;
iv = NULL;
seq = NULL;
}
TEST_note("PASS: %zu records tested", ctr);
ret = 1;
err:
OPENSSL_free(rec.data);
OPENSSL_free(key);
OPENSSL_free(iv);
OPENSSL_free(seq);
SSL_free(s);
SSL_CTX_free(ctx);
return ret;
}
int setup_tests(void)
{
ADD_TEST(test_tls13_encryption);
return 1;
}
openssl-1.1.1/test/cms-examples.pl0000644000000000000000000002130013345734630015611 0ustar rootroot#! /usr/bin/env perl
# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Perl script to run tests against S/MIME examples in RFC4134
# Assumes RFC is in current directory and called "rfc4134.txt"
use MIME::Base64;
my $badttest = 0;
my $verbose = 1;
my $cmscmd;
my $exdir = "./";
my $exfile = "./rfc4134.txt";
if (-f "../apps/openssl")
{
$cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
}
elsif (-f "..\\out32dll\\openssl.exe")
{
$cmscmd = "..\\out32dll\\openssl.exe cms";
}
elsif (-f "..\\out32\\openssl.exe")
{
$cmscmd = "..\\out32\\openssl.exe cms";
}
my @test_list = (
[ "3.1.bin" => "dataout" ],
[ "3.2.bin" => "encode, dataout" ],
[ "4.1.bin" => "encode, verifyder, cont, dss" ],
[ "4.2.bin" => "encode, verifyder, cont, rsa" ],
[ "4.3.bin" => "encode, verifyder, cont_extern, dss" ],
[ "4.4.bin" => "encode, verifyder, cont, dss" ],
[ "4.5.bin" => "verifyder, cont, rsa" ],
[ "4.6.bin" => "encode, verifyder, cont, dss" ],
[ "4.7.bin" => "encode, verifyder, cont, dss" ],
[ "4.8.eml" => "verifymime, dss" ],
[ "4.9.eml" => "verifymime, dss" ],
[ "4.10.bin" => "encode, verifyder, cont, dss" ],
[ "4.11.bin" => "encode, certsout" ],
[ "5.1.bin" => "encode, envelopeder, cont" ],
[ "5.2.bin" => "encode, envelopeder, cont" ],
[ "5.3.eml" => "envelopemime, cont" ],
[ "6.0.bin" => "encode, digest, cont" ],
[ "7.1.bin" => "encode, encrypted, cont" ],
[ "7.2.bin" => "encode, encrypted, cont" ]
);
# Extract examples from RFC4134 text.
# Base64 decode all examples, certificates and
# private keys are converted to PEM format.
my ( $filename, $data );
my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
$data = "";
open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
while (<IN>) {
next unless (/^\|/);
s/^\|//;
next if (/^\*/);
if (/^>(.*)$/) {
$filename = $1;
next;
}
if (/^</) {
$filename = "$exdir/$filename";
if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
$data = decode_base64($data);
open OUT, ">$filename";
binmode OUT;
print OUT $data;
close OUT;
push @cleanup, $filename;
}
elsif ( $filename =~ /\.cer$/ ) {
write_pem( $filename, "CERTIFICATE", $data );
}
elsif ( $filename =~ /\.pri$/ ) {
write_pem( $filename, "PRIVATE KEY", $data );
}
$data = "";
$filename = "";
}
else {
$data .= $_;
}
}
my $secretkey =
"73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
foreach (@test_list) {
my ( $file, $tlist ) = @$_;
print "Example file $file:\n";
if ( $tlist =~ /encode/ ) {
run_reencode_test( $exdir, $file );
}
if ( $tlist =~ /certsout/ ) {
run_certsout_test( $exdir, $file );
}
if ( $tlist =~ /dataout/ ) {
run_dataout_test( $exdir, $file );
}
if ( $tlist =~ /verify/ ) {
run_verify_test( $exdir, $tlist, $file );
}
if ( $tlist =~ /digest/ ) {
run_digest_test( $exdir, $tlist, $file );
}
if ( $tlist =~ /encrypted/ ) {
run_encrypted_test( $exdir, $tlist, $file, $secretkey );
}
if ( $tlist =~ /envelope/ ) {
run_envelope_test( $exdir, $tlist, $file );
}
}
foreach (@cleanup) {
unlink $_;
}
if ($badtest) {
print "\n$badtest TESTS FAILED!!\n";
}
else {
print "\n***All tests successful***\n";
}
sub write_pem {
my ( $filename, $str, $data ) = @_;
$filename =~ s/\.[^.]*$/.pem/;
push @cleanup, $filename;
open OUT, ">$filename";
print OUT "-----BEGIN $str-----\n";
print OUT $data;
print OUT "-----END $str-----\n";
close OUT;
}
sub run_reencode_test {
my ( $cmsdir, $tfile ) = @_;
unlink "tmp.der";
system( "$cmscmd -cmsout -inform DER -outform DER"
. " -in $cmsdir/$tfile -out tmp.der" );
if ($?) {
print "\tReencode command FAILED!!\n";
$badtest++;
}
elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
print "\tReencode FAILED!!\n";
$badtest++;
}
else {
print "\tReencode passed\n" if $verbose;
}
}
sub run_certsout_test {
my ( $cmsdir, $tfile ) = @_;
unlink "tmp.der";
unlink "tmp.pem";
system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
. " -in $cmsdir/$tfile -out tmp.der" );
if ($?) {
print "\tCertificate output command FAILED!!\n";
$badtest++;
}
else {
print "\tCertificate output passed\n" if $verbose;
}
}
sub run_dataout_test {
my ( $cmsdir, $tfile ) = @_;
unlink "tmp.txt";
system(
"$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
if ($?) {
print "\tDataout command FAILED!!\n";
$badtest++;
}
elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
print "\tDataout compare FAILED!!\n";
$badtest++;
}
else {
print "\tDataout passed\n" if $verbose;
}
}
sub run_verify_test {
my ( $cmsdir, $tlist, $tfile ) = @_;
unlink "tmp.txt";
$form = "DER" if $tlist =~ /verifyder/;
$form = "SMIME" if $tlist =~ /verifymime/;
$cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
$cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
$cmd =
"$cmscmd -verify -inform $form"
. " -CAfile $cafile"
. " -in $cmsdir/$tfile -out tmp.txt";
$cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
system("$cmd 2>cms.err 1>cms.out");
if ($?) {
print "\tVerify command FAILED!!\n";
$badtest++;
}
elsif ( $tlist =~ /cont/
&& !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
{
print "\tVerify content compare FAILED!!\n";
$badtest++;
}
else {
print "\tVerify passed\n" if $verbose;
}
}
sub run_envelope_test {
my ( $cmsdir, $tlist, $tfile ) = @_;
unlink "tmp.txt";
$form = "DER" if $tlist =~ /envelopeder/;
$form = "SMIME" if $tlist =~ /envelopemime/;
$cmd =
"$cmscmd -decrypt -inform $form"
. " -recip $cmsdir/BobRSASignByCarl.pem"
. " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
. " -in $cmsdir/$tfile -out tmp.txt";
system("$cmd 2>cms.err 1>cms.out");
if ($?) {
print "\tDecrypt command FAILED!!\n";
$badtest++;
}
elsif ( $tlist =~ /cont/
&& !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
{
print "\tDecrypt content compare FAILED!!\n";
$badtest++;
}
else {
print "\tDecrypt passed\n" if $verbose;
}
}
sub run_digest_test {
my ( $cmsdir, $tlist, $tfile ) = @_;
unlink "tmp.txt";
my $cmd =
"$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
system("$cmd 2>cms.err 1>cms.out");
if ($?) {
print "\tDigest verify command FAILED!!\n";
$badtest++;
}
elsif ( $tlist =~ /cont/
&& !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
{
print "\tDigest verify content compare FAILED!!\n";
$badtest++;
}
else {
print "\tDigest verify passed\n" if $verbose;
}
}
sub run_encrypted_test {
my ( $cmsdir, $tlist, $tfile, $key ) = @_;
unlink "tmp.txt";
system( "$cmscmd -EncryptedData_decrypt -inform DER"
. " -secretkey $key"
. " -in $cmsdir/$tfile -out tmp.txt" );
if ($?) {
print "\tEncrypted Data command FAILED!!\n";
$badtest++;
}
elsif ( $tlist =~ /cont/
&& !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
{
print "\tEncrypted Data content compare FAILED!!\n";
$badtest++;
}
else {
print "\tEncryptedData verify passed\n" if $verbose;
}
}
sub cmp_files {
my ( $f1, $f2 ) = @_;
my ( $fp1, $fp2 );
my ( $rd1, $rd2 );
if ( !open( $fp1, "<$f1" ) ) {
print STDERR "Can't Open file $f1\n";
return 0;
}
if ( !open( $fp2, "<$f2" ) ) {
print STDERR "Can't Open file $f2\n";
return 0;
}
binmode $fp1;
binmode $fp2;
my $ret = 0;
for ( ; ; ) {
$n1 = sysread $fp1, $rd1, 4096;
$n2 = sysread $fp2, $rd2, 4096;
last if ( $n1 != $n2 );
last if ( $rd1 ne $rd2 );
if ( $n1 == 0 ) {
$ret = 1;
last;
}
}
close $fp1;
close $fp2;
return $ret;
}
openssl-1.1.1/test/md2test.c0000644000000000000000000000317413345734630014415 0ustar rootroot/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "internal/nelem.h"
#include "testutil.h"
#ifndef OPENSSL_NO_MD2
# include <openssl/evp.h>
# include <openssl/md2.h>
# ifdef CHARSET_EBCDIC
# include <openssl/ebcdic.h>
# endif
static char *test[] = {
"",
"a",
"abc",
"message digest",
"abcdefghijklmnopqrstuvwxyz",
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
};
static char *ret[] = {
"8350e5a3e24c153df2275c9f80692773",
"32ec01ec4a6dac72c0ab96fb34c0b5d1",
"da853b0d3f88d99b30283a69e6ded6bb",
"ab4f496bfb2a530b219ff33031fe06b0",
"4e8ddff3650292ab5a4108c3aa47940b",
"da33def2a42df13975352846c30338cd",
"d5976f79d83d3a0dc9806c3c66f3efd8",
};
static int test_md2(int n)
{
char buf[80];
unsigned char md[MD2_DIGEST_LENGTH];
int i;
if (!TEST_true(EVP_Digest((unsigned char *)test[n], strlen(test[n]),
md, NULL, EVP_md2(), NULL)))
return 0;
for (i = 0; i < MD2_DIGEST_LENGTH; i++)
sprintf(&(buf[i * 2]), "%02x", md[i]);
if (!TEST_str_eq(buf, ret[n]))
return 0;
return 1;
}
#endif
int setup_tests(void)
{
#ifndef OPENSSL_NO_MD2
ADD_ALL_TESTS(test_md2, OSSL_NELEM(test));
#endif
return 1;
}
openssl-1.1.1/test/v3-cert2.pem0000644000000000000000000000165413345734631014741 0ustar rootroot-----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
-----END CERTIFICATE-----
openssl-1.1.1/test/asn1_encode_test.c0000644000000000000000000007155613345734627016270 0ustar rootroot/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <openssl/rand.h>
#include <openssl/asn1t.h>
#include "internal/numbers.h"
#include "testutil.h"
#ifdef __GNUC__
# pragma GCC diagnostic ignored "-Wunused-function"
# pragma GCC diagnostic ignored "-Wformat"
#endif
#ifdef __clang__
# pragma clang diagnostic ignored "-Wunused-function"
# pragma clang diagnostic ignored "-Wformat"
#endif
/***** Custom test data ******************************************************/
/*
* We conduct tests with these arrays for every type we try out.
* You will find the expected results together with the test structures
* for each type, further down.
*/
static unsigned char t_zero[] = {
0x00
};
static unsigned char t_one[] = {
0x01
};
static unsigned char t_one_neg[] = {
0xff
};
static unsigned char t_minus_256[] = {
0xff, 0x00
};
static unsigned char t_longundef[] = {
0x7f, 0xff, 0xff, 0xff
};
static unsigned char t_9bytes_1[] = {
0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
};
static unsigned char t_8bytes_1[] = {
0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static unsigned char t_8bytes_2[] = {
0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
};
static unsigned char t_8bytes_3_pad[] = {
0x00, 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
};
static unsigned char t_8bytes_4_neg[] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static unsigned char t_8bytes_5_negpad[] = {
0xff, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* 32-bit long */
static unsigned char t_5bytes_1[] = {
0x01, 0xff, 0xff, 0xff, 0xff
};
static unsigned char t_4bytes_1[] = {
0x00, 0x80, 0x00, 0x00, 0x00
};
/* We make the last byte 0xfe to avoid a clash with ASN1_LONG_UNDEF */
static unsigned char t_4bytes_2[] = {
0x7f, 0xff, 0xff, 0xfe
};
static unsigned char t_4bytes_3_pad[] = {
0x00, 0x7f, 0xff, 0xff, 0xfe
};
static unsigned char t_4bytes_4_neg[] = {
0x80, 0x00, 0x00, 0x00
};
static unsigned char t_4bytes_5_negpad[] = {
0xff, 0x80, 0x00, 0x00, 0x00
};
typedef struct {
unsigned char *bytes1;
size_t nbytes1;
unsigned char *bytes2;
size_t nbytes2;
} TEST_CUSTOM_DATA;
#define CUSTOM_DATA(v) \
{ v, sizeof(v), t_one, sizeof(t_one) }, \
{ t_one, sizeof(t_one), v, sizeof(v) }
static TEST_CUSTOM_DATA test_custom_data[] = {
CUSTOM_DATA(t_zero),
CUSTOM_DATA(t_longundef),
CUSTOM_DATA(t_one),
CUSTOM_DATA(t_one_neg),
CUSTOM_DATA(t_minus_256),
CUSTOM_DATA(t_9bytes_1),
CUSTOM_DATA(t_8bytes_1),
CUSTOM_DATA(t_8bytes_2),
CUSTOM_DATA(t_8bytes_3_pad),
CUSTOM_DATA(t_8bytes_4_neg),
CUSTOM_DATA(t_8bytes_5_negpad),
CUSTOM_DATA(t_5bytes_1),
CUSTOM_DATA(t_4bytes_1),
CUSTOM_DATA(t_4bytes_2),
CUSTOM_DATA(t_4bytes_3_pad),
CUSTOM_DATA(t_4bytes_4_neg),
CUSTOM_DATA(t_4bytes_5_negpad),
};
/***** Type specific test data ***********************************************/
/*
* First, a few utility things that all type specific data can use, or in some
* cases, MUST use.
*/
/*
* For easy creation of arrays of expected data. These macros correspond to
* the uses of CUSTOM_DATA above.
*/
#define CUSTOM_EXPECTED_SUCCESS(num, znum) \
{ 0xff, num, 1 }, \
{ 0xff, 1, znum }
#define CUSTOM_EXPECTED_FAILURE \
{ 0, 0, 0 }, \
{ 0, 0, 0 }
/*
* A structure to collect all test information in. There MUST be one instance
* of this for each test
*/
typedef int i2d_fn(void *a, unsigned char **pp);
typedef void *d2i_fn(void **a, unsigned char **pp, long length);
typedef void ifree_fn(void *a);
typedef struct {
ASN1_ITEM_EXP *asn1_type;
const char *name;
int skip; /* 1 if this package should be skipped */
/* An array of structures to compare decoded custom data with */
void *encode_expectations;
size_t encode_expectations_size;
size_t encode_expectations_elem_size;
/*
* An array of structures that are encoded into a DER blob, which is
* then decoded, and result gets compared with the original.
*/
void *encdec_data;
size_t encdec_data_size;
size_t encdec_data_elem_size;
/* The i2d function to use with this type */
i2d_fn *i2d;
/* The d2i function to use with this type */
d2i_fn *d2i;
/* Function to free a decoded structure */
ifree_fn *ifree;
} TEST_PACKAGE;
/* To facilitate the creation of an encdec_data array */
#define ENCDEC_DATA(num, znum) \
{ 0xff, num, 1 }, { 0xff, 1, znum }
#define ENCDEC_ARRAY(max, zmax, min, zmin) \
ENCDEC_DATA(max,zmax), \
ENCDEC_DATA(min,zmin), \
ENCDEC_DATA(1, 1), \
ENCDEC_DATA(-1, -1), \
ENCDEC_DATA(0, ASN1_LONG_UNDEF)
#if OPENSSL_API_COMPAT < 0x10200000L
/***** LONG ******************************************************************/
typedef struct {
/* If decoding is expected to succeed, set this to 1, otherwise 0 */
ASN1_BOOLEAN success;
long test_long;
long test_zlong;
} ASN1_LONG_DATA;
ASN1_SEQUENCE(ASN1_LONG_DATA) = {
ASN1_SIMPLE(ASN1_LONG_DATA, success, ASN1_FBOOLEAN),
ASN1_SIMPLE(ASN1_LONG_DATA, test_long, LONG),
ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0)
} static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
static ASN1_LONG_DATA long_expected_32bit[] = {
/* The following should fail on the second because it's the default */
{ 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_LONG_DATA long_encdec_data_32bit[] = {
ENCDEC_ARRAY(LONG_MAX - 1, LONG_MAX, LONG_MIN, LONG_MIN),
/* Check that default numbers fail */
{ 0, ASN1_LONG_UNDEF, 1 }, { 0, 1, 0 }
};
static TEST_PACKAGE long_test_package_32bit = {
ASN1_ITEM_ref(ASN1_LONG_DATA), "LONG", sizeof(long) != 4,
long_expected_32bit,
sizeof(long_expected_32bit), sizeof(long_expected_32bit[0]),
long_encdec_data_32bit,
sizeof(long_encdec_data_32bit), sizeof(long_encdec_data_32bit[0]),
(i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
(ifree_fn *)ASN1_LONG_DATA_free
};
static ASN1_LONG_DATA long_expected_64bit[] = {
/* The following should fail on the second because it's the default */
{ 0xff, 0, 1 }, { 0, 0, 0 }, /* t_zero */
{ 0, 0, 0 }, { 0xff, 1, 0x7fffffff }, /* t_longundef */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_SUCCESS(LONG_MAX, LONG_MAX), /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(LONG_MIN, LONG_MIN), /* t_8bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS((long)0x1ffffffff, (long)0x1ffffffff), /* t_5bytes_1 */
CUSTOM_EXPECTED_SUCCESS((long)0x80000000, (long)0x80000000), /* t_4bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_LONG_DATA long_encdec_data_64bit[] = {
ENCDEC_ARRAY(LONG_MAX, LONG_MAX, LONG_MIN, LONG_MIN),
/* Check that default numbers fail */
{ 0, ASN1_LONG_UNDEF, 1 }, { 0, 1, 0 }
};
static TEST_PACKAGE long_test_package_64bit = {
ASN1_ITEM_ref(ASN1_LONG_DATA), "LONG", sizeof(long) != 8,
long_expected_64bit,
sizeof(long_expected_64bit), sizeof(long_expected_64bit[0]),
long_encdec_data_64bit,
sizeof(long_encdec_data_64bit), sizeof(long_encdec_data_64bit[0]),
(i2d_fn *)i2d_ASN1_LONG_DATA, (d2i_fn *)d2i_ASN1_LONG_DATA,
(ifree_fn *)ASN1_LONG_DATA_free
};
#endif
/***** INT32 *****************************************************************/
typedef struct {
ASN1_BOOLEAN success;
int32_t test_int32;
int32_t test_zint32;
} ASN1_INT32_DATA;
ASN1_SEQUENCE(ASN1_INT32_DATA) = {
ASN1_SIMPLE(ASN1_INT32_DATA, success, ASN1_FBOOLEAN),
ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
static ASN1_INT32_DATA int32_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_INT32_DATA int32_encdec_data[] = {
ENCDEC_ARRAY(INT32_MAX, INT32_MAX, INT32_MIN, INT32_MIN),
};
static TEST_PACKAGE int32_test_package = {
ASN1_ITEM_ref(ASN1_INT32_DATA), "INT32", 0,
int32_expected, sizeof(int32_expected), sizeof(int32_expected[0]),
int32_encdec_data, sizeof(int32_encdec_data), sizeof(int32_encdec_data[0]),
(i2d_fn *)i2d_ASN1_INT32_DATA, (d2i_fn *)d2i_ASN1_INT32_DATA,
(ifree_fn *)ASN1_INT32_DATA_free
};
/***** UINT32 ****************************************************************/
typedef struct {
ASN1_BOOLEAN success;
uint32_t test_uint32;
uint32_t test_zuint32;
} ASN1_UINT32_DATA;
ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
ASN1_SIMPLE(ASN1_UINT32_DATA, success, ASN1_FBOOLEAN),
ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
static ASN1_UINT32_DATA uint32_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
CUSTOM_EXPECTED_FAILURE, /* t_5bytes_1 */
CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_UINT32_DATA uint32_encdec_data[] = {
ENCDEC_ARRAY(UINT32_MAX, UINT32_MAX, 0, 0),
};
static TEST_PACKAGE uint32_test_package = {
ASN1_ITEM_ref(ASN1_UINT32_DATA), "UINT32", 0,
uint32_expected, sizeof(uint32_expected), sizeof(uint32_expected[0]),
uint32_encdec_data, sizeof(uint32_encdec_data), sizeof(uint32_encdec_data[0]),
(i2d_fn *)i2d_ASN1_UINT32_DATA, (d2i_fn *)d2i_ASN1_UINT32_DATA,
(ifree_fn *)ASN1_UINT32_DATA_free
};
/***** INT64 *****************************************************************/
typedef struct {
ASN1_BOOLEAN success;
int64_t test_int64;
int64_t test_zint64;
} ASN1_INT64_DATA;
ASN1_SEQUENCE(ASN1_INT64_DATA) = {
ASN1_SIMPLE(ASN1_INT64_DATA, success, ASN1_FBOOLEAN),
ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
static ASN1_INT64_DATA int64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_SUCCESS(-1, -1), /* t_one_neg */
CUSTOM_EXPECTED_SUCCESS(-256, -256), /* t_minus_256 */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_1 (too large positive) */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT64_MIN, INT64_MIN), /* t_8bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(0x1ffffffff, 0x1ffffffff), /* t_5bytes_1 */
CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_SUCCESS(INT32_MIN, INT32_MIN), /* t_4bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_INT64_DATA int64_encdec_data[] = {
ENCDEC_ARRAY(INT64_MAX, INT64_MAX, INT64_MIN, INT64_MIN),
ENCDEC_ARRAY(INT32_MAX, INT32_MAX, INT32_MIN, INT32_MIN),
};
static TEST_PACKAGE int64_test_package = {
ASN1_ITEM_ref(ASN1_INT64_DATA), "INT64", 0,
int64_expected, sizeof(int64_expected), sizeof(int64_expected[0]),
int64_encdec_data, sizeof(int64_encdec_data), sizeof(int64_encdec_data[0]),
(i2d_fn *)i2d_ASN1_INT64_DATA, (d2i_fn *)d2i_ASN1_INT64_DATA,
(ifree_fn *)ASN1_INT64_DATA_free
};
/***** UINT64 ****************************************************************/
typedef struct {
ASN1_BOOLEAN success;
uint64_t test_uint64;
uint64_t test_zuint64;
} ASN1_UINT64_DATA;
ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
ASN1_SIMPLE(ASN1_UINT64_DATA, success, ASN1_FBOOLEAN),
ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
} static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
static ASN1_UINT64_DATA uint64_expected[] = {
CUSTOM_EXPECTED_SUCCESS(0, 0), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(ASN1_LONG_UNDEF, ASN1_LONG_UNDEF), /* t_zero */
CUSTOM_EXPECTED_SUCCESS(1, 1), /* t_one */
CUSTOM_EXPECTED_FAILURE, /* t_one_neg (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_minus_256 (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_9bytes_1 */
CUSTOM_EXPECTED_SUCCESS((uint64_t)INT64_MAX+1, (uint64_t)INT64_MAX+1),
/* t_8bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT64_MAX, INT64_MAX), /* t_8bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_3_pad */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_4_neg */
CUSTOM_EXPECTED_FAILURE, /* t_8bytes_5_negpad */
CUSTOM_EXPECTED_SUCCESS(0x1ffffffff, 0x1ffffffff), /* t_5bytes_1 */
CUSTOM_EXPECTED_SUCCESS(0x80000000, 0x80000000), /* t_4bytes_1 */
CUSTOM_EXPECTED_SUCCESS(INT32_MAX - 1, INT32_MAX -1), /* t_4bytes_2 */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_3_pad (illegal padding) */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_4_neg (illegal negative value) */
CUSTOM_EXPECTED_FAILURE, /* t_4bytes_5_negpad (illegal padding) */
};
static ASN1_UINT64_DATA uint64_encdec_data[] = {
ENCDEC_ARRAY(UINT64_MAX, UINT64_MAX, 0, 0),
};
static TEST_PACKAGE uint64_test_package = {
ASN1_ITEM_ref(ASN1_UINT64_DATA), "UINT64", 0,
uint64_expected, sizeof(uint64_expected), sizeof(uint64_expected[0]),
uint64_encdec_data, sizeof(uint64_encdec_data), sizeof(uint64_encdec_data[0]),
(i2d_fn *)i2d_ASN1_UINT64_DATA, (d2i_fn *)d2i_ASN1_UINT64_DATA,
(ifree_fn *)ASN1_UINT64_DATA_free
};
/***** General testing functions *********************************************/
/* Template structure to map onto any test data structure */
typedef struct {
ASN1_BOOLEAN success;
unsigned char bytes[1]; /* In reality, there's more */
} EXPECTED;
/*
* do_decode returns a tristate:
*
* -1 Couldn't decode
* 0 decoded structure wasn't what was expected (failure)
* 1 decoded structure was what was expected (success)
*/
static int do_decode(unsigned char *bytes, long nbytes,
const EXPECTED *expected, size_t expected_size,
const TEST_PACKAGE *package)
{
EXPECTED *enctst = NULL;
const unsigned char *start;
int ret = 0;
start = bytes;
enctst = package->d2i(NULL, &bytes, nbytes);
if (enctst == NULL) {
if (expected->success == 0) {
ret = 1;
ERR_clear_error();
} else {
ret = -1;
}
} else {
if (start + nbytes == bytes
&& memcmp(enctst, expected, expected_size) == 0)
ret = 1;
else
ret = 0;
}
package->ifree(enctst);
return ret;
}
/*
* do_encode returns a tristate:
*
* -1 Couldn't encode
* 0 encoded DER wasn't what was expected (failure)
* 1 encoded DER was what was expected (success)
*/
static int do_encode(EXPECTED *input,
const unsigned char *expected, size_t expected_len,
const TEST_PACKAGE *package)
{
unsigned char *data = NULL;
int len;
int ret = 0;
len = package->i2d(input, &data);
if (len < 0)
return -1;
if ((size_t)len != expected_len
|| memcmp(data, expected, expected_len) != 0) {
if (input->success == 0) {
ret = 1;
ERR_clear_error();
} else {
ret = 0;
}
} else {
ret = 1;
}
OPENSSL_free(data);
return ret;
}
/* Do an encode/decode round trip */
static int do_enc_dec(EXPECTED *bytes, long nbytes,
const TEST_PACKAGE *package)
{
unsigned char *data = NULL;
int len;
int ret = 0;
void *p = bytes;
len = package->i2d(p, &data);
if (len < 0)
return -1;
ret = do_decode(data, len, bytes, nbytes, package);
OPENSSL_free(data);
return ret;
}
static size_t der_encode_length(size_t len, unsigned char **pp)
{
size_t lenbytes;
OPENSSL_assert(len < 0x8000);
if (len > 255)
lenbytes = 3;
else if (len > 127)
lenbytes = 2;
else
lenbytes = 1;
if (pp != NULL) {
if (lenbytes == 1) {
*(*pp)++ = (unsigned char)len;
} else {
*(*pp)++ = (unsigned char)(lenbytes - 1);
if (lenbytes == 2) {
*(*pp)++ = (unsigned char)(0x80 | len);
} else {
*(*pp)++ = (unsigned char)(0x80 | (len >> 8));
*(*pp)++ = (unsigned char)(len);
}
}
}
return lenbytes;
}
static size_t make_custom_der(const TEST_CUSTOM_DATA *custom_data,
unsigned char **encoding, int explicit_default)
{
size_t firstbytes, secondbytes = 0, secondbytesinner = 0, seqbytes;
const unsigned char t_true[] = { V_ASN1_BOOLEAN, 0x01, 0xff };
unsigned char *p = NULL;
size_t i;
/*
* The first item is just an INTEGER tag, INTEGER length and INTEGER content
*/
firstbytes =
1 + der_encode_length(custom_data->nbytes1, NULL)
+ custom_data->nbytes1;
for (i = custom_data->nbytes2; i > 0; i--) {
if (custom_data->bytes2[i - 1] != '\0')
break;
}
if (explicit_default || i > 0) {
/*
* The second item is an explicit tag, content length, INTEGER tag,
* INTEGER length, INTEGER bytes
*/
secondbytesinner =
1 + der_encode_length(custom_data->nbytes2, NULL)
+ custom_data->nbytes2;
secondbytes =
1 + der_encode_length(secondbytesinner, NULL) + secondbytesinner;
}
/*
* The whole sequence is the sequence tag, content length, BOOLEAN true
* (copied from t_true), the first (firstbytes) and second (secondbytes)
* items
*/
seqbytes =
1 + der_encode_length(sizeof(t_true) + firstbytes + secondbytes, NULL)
+ sizeof(t_true) + firstbytes + secondbytes;
*encoding = p = OPENSSL_malloc(seqbytes);
if (*encoding == NULL)
return 0;
/* Sequence tag */
*p++ = 0x30;
der_encode_length(sizeof(t_true) + firstbytes + secondbytes, &p);
/* ASN1_BOOLEAN TRUE */
memcpy(p, t_true, sizeof(t_true)); /* Marks decoding success */
p += sizeof(t_true);
/* First INTEGER item (non-optional) */
*p++ = V_ASN1_INTEGER;
der_encode_length(custom_data->nbytes1, &p);
memcpy(p, custom_data->bytes1, custom_data->nbytes1);
p += custom_data->nbytes1;
if (secondbytes > 0) {
/* Second INTEGER item (optional) */
/* Start with the explicit optional tag */
*p++ = 0xa0;
der_encode_length(secondbytesinner, &p);
*p++ = V_ASN1_INTEGER;
der_encode_length(custom_data->nbytes2, &p);
memcpy(p, custom_data->bytes2, custom_data->nbytes2);
p += custom_data->nbytes2;
}
OPENSSL_assert(seqbytes == (size_t)(p - *encoding));
return seqbytes;
}
/* Attempt to decode a custom encoding of the test structure */
static int do_decode_custom(const TEST_CUSTOM_DATA *custom_data,
const EXPECTED *expected, size_t expected_size,
const TEST_PACKAGE *package)
{
unsigned char *encoding = NULL;
/*
* We force the defaults to be explicitly encoded to make sure we test
* for defaults that shouldn't be present (i.e. we check for failure)
*/
size_t encoding_length = make_custom_der(custom_data, &encoding, 1);
int ret;
if (encoding_length == 0)
return -1;
ret = do_decode(encoding, encoding_length, expected, expected_size,
package);
OPENSSL_free(encoding);
return ret;
}
/* Attempt to encode the test structure and compare it to custom DER */
static int do_encode_custom(EXPECTED *input,
const TEST_CUSTOM_DATA *custom_data,
const TEST_PACKAGE *package)
{
unsigned char *expected = NULL;
size_t expected_length = make_custom_der(custom_data, &expected, 0);
int ret;
if (expected_length == 0)
return -1;
ret = do_encode(input, expected, expected_length, package);
OPENSSL_free(expected);
return ret;
}
static int do_print_item(const TEST_PACKAGE *package)
{
#define DATA_BUF_SIZE 256
const ASN1_ITEM *i = ASN1_ITEM_ptr(package->asn1_type);
ASN1_VALUE *o;
int ret;
OPENSSL_assert(package->encode_expectations_elem_size <= DATA_BUF_SIZE);
if ((o = OPENSSL_malloc(DATA_BUF_SIZE)) == NULL)
return 0;
(void)RAND_bytes((unsigned char*)o,
(int)package->encode_expectations_elem_size);
ret = ASN1_item_print(bio_err, o, 0, i, NULL);
OPENSSL_free(o);
return ret;
}
static int test_intern(const TEST_PACKAGE *package)
{
unsigned int i;
size_t nelems;
int fail = 0;
if (package->skip)
return 1;
/* Do decode_custom checks */
nelems = package->encode_expectations_size
/ package->encode_expectations_elem_size;
OPENSSL_assert(nelems ==
sizeof(test_custom_data) / sizeof(test_custom_data[0]));
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encode_expectations_elem_size;
switch (do_encode_custom((EXPECTED *)&((unsigned char *)package
->encode_expectations)[pos],
&test_custom_data[i], package)) {
case -1:
TEST_error("Failed custom encode round trip %u of %s",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 0:
TEST_error("Custom encode round trip %u of %s mismatch",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 1:
break;
default:
OPENSSL_die("do_encode_custom() return unknown value",
__FILE__, __LINE__);
}
switch (do_decode_custom(&test_custom_data[i],
(EXPECTED *)&((unsigned char *)package
->encode_expectations)[pos],
package->encode_expectations_elem_size,
package)) {
case -1:
TEST_error("Failed custom decode round trip %u of %s",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 0:
TEST_error("Custom decode round trip %u of %s mismatch",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 1:
break;
default:
OPENSSL_die("do_decode_custom() return unknown value",
__FILE__, __LINE__);
}
}
/* Do enc_dec checks */
nelems = package->encdec_data_size / package->encdec_data_elem_size;
for (i = 0; i < nelems; i++) {
size_t pos = i * package->encdec_data_elem_size;
switch (do_enc_dec((EXPECTED *)&((unsigned char *)package
->encdec_data)[pos],
package->encdec_data_elem_size,
package)) {
case -1:
TEST_error("Failed encode/decode round trip %u of %s",
i, package->name);
TEST_openssl_errors();
fail++;
break;
case 0:
TEST_error("Encode/decode round trip %u of %s mismatch",
i, package->name);
fail++;
break;
case 1:
break;
default:
OPENSSL_die("do_enc_dec() return unknown value",
__FILE__, __LINE__);
}
}
if (!do_print_item(package)) {
TEST_error("Printing of %s failed", package->name);
TEST_openssl_errors();
fail++;
}
return fail == 0;
}
#if OPENSSL_API_COMPAT < 0x10200000L
static int test_long_32bit(void)
{
return test_intern(&long_test_package_32bit);
}
static int test_long_64bit(void)
{
return test_intern(&long_test_package_64bit);
}
#endif
static int test_int32(void)
{
return test_intern(&int32_test_package);
}
static int test_uint32(void)
{
return test_intern(&uint32_test_package);
}
static int test_int64(void)
{
return test_intern(&int64_test_package);
}
static int test_uint64(void)
{
return test_intern(&uint64_test_package);
}
int setup_tests(void)
{
#if OPENSSL_API_COMPAT < 0x10200000L
ADD_TEST(test_long_32bit);
ADD_TEST(test_long_64bit);
#endif
ADD_TEST(test_int32);
ADD_TEST(test_uint32);
ADD_TEST(test_int64);
ADD_TEST(test_uint64);
return 1;
}
openssl-1.1.1/test/ocsp-tests/0000755000000000000000000000000013345734630014766 5ustar rootrootopenssl-1.1.1/test/ocsp-tests/ND2_Cert_ICA.pem0000644000000000000000000000341113345734630017504 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WSNIC_ND3_Issuer_Root.pem0000644000000000000000000000276113345734630021363 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCVVMx
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ISIC_D2_Issuer_Root.pem0000644000000000000000000000235513345734630021107 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4Q==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WIKH_ND3.ors0000644000000000000000000000120213345734630016714 0ustar rootrootMIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE
FHyxZlScq9tE7mImFq30ZXv3etWUBBSuvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz
NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg
P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ
FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR
+mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW
YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3
K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA==
openssl-1.1.1/test/ocsp-tests/D2.ors0000644000000000000000000000377413345734630015773 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
yVdbHxANRLCFYj1mqBgPMjAxMjEwMjMxMDI1MzZaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBAEJN4FuPQPnizPIwEj4Q8Ht765gI6QqMNrvj3UykxYeu
qUajKcqA+V1zaDHTaz+eCQthtmCNKC9T+zVkjGelVsd7Kn2fVKWqp+5wVPI8dVkm
6Gs/IGZ16HDnQ/siTrY3ILWCRz4Hf6lnHpIErQuQRQyjlGKNcE7RYmjGw4w0bxx8
vHN/baCMApBL0D0zeBqlpJCMUZqJJ3D1+87HxHYR1MkMZDC9rOPIhlpEP4yL17gx
ckrPf+w+A/3kC++jVeA3b8Xtr+MaWOFH4xVn6BTxopczZKVl18tSYqgwITlx5/cL
LpYEdllC0l83E8GRzsOp0SvFxo0NBotgFNZQQujpOzagggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
fBIRKjnK621vAWvc7UR+0hqnZ+U=
openssl-1.1.1/test/ocsp-tests/D2_Cert_ICA.pem0000644000000000000000000000311213345734630017364 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIEdzCCA1+gAwIBAgILBAAAAAABL07hRxAwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNjEyMTUwODAw
MDBaFw0yODAxMjgxMjAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD
QSAtIFIyMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4h
VJsL03+EcPoSs8u/h1/Gf4bTsjBc1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtK
pspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoHL7Qed7+KD7UCfBuWuMW5Oiy81hK5
61l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN8LgtyyHK1WxbfeGgKYSh
+dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2G/YZeoXgbfJh
E4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLKA8Kb
jwIDAQABo4IBTTCCAUkwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
HQYDVR0OBBYEFJviB1dnHB7AagbeWbSaLd/cGYYuMEcGA1UdIARAMD4wPAYEVR0g
ADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBv
c2l0b3J5LzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmdsb2JhbHNpZ24u
bmV0L3Jvb3QuY3JsMD0GCCsGAQUFBwEBBDEwLzAtBggrBgEFBQcwAYYhaHR0cDov
L29jc3AuZ2xvYmFsc2lnbi5jb20vcm9vdHIxMCkGA1UdJQQiMCAGCCsGAQUFBwMB
BggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30E
zTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEAOg/NJk04MAioxvxc2Ah67/ocKgPO
Mq5EluFSA5UKUtZnr1uWfN0ZizBbNjprbqAVxoKhyzlmAFeLAqJuhfusVVq4FVAa
kN4JSOyo9lccGDG9xn3IvevCpzlRbaL/HHjeHCcE4c8klegO5NUfsPn7UMrLbp5i
JniG9cT1eI/dcq9uLtWe3c48y7jHLVRg1+WcAkuGRPBXUSvNCps8sfU6TB2KxfAw
PmWHxA5fbkqsiqge5/rkM4AVhFZlJZv7njCIy5EWwQXDqSTsIdLVsPy3I0annff3
xlMSeDe0E3OPN5deBJv5mYuTPiZCl5/9HrXVy4hINKJmoPqsco/dRy+CdA==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WRID_D2.ors0000644000000000000000000000377413345734630016620 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTrlwecTarB
yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMTI1MjVaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBAHThkPoy6eA7qX9y5C5b1ElRSwdjzsd15OJSqP2yjQbS
Ol1K8DWtX0UhTfRH+CrIPoWL40g2HjXtIVeMD6s3hakYimZUenIJ/IRRSVWp+EXU
MewgTVPz/wJN/9dJIkSbOI/BmpIGlaaBaLwcb39nJjZMq0sXj8jRI5i0isotOAFz
Zc0R20viBEH099KuGktB2fKKEpVbbWPljTxKzkIBs9SXZBIqd/X2MWzQWcLKzhL0
oynkvqxTFqNVjjZKcKSXPS/XEUufLrv/E3xQZYAfTJr778kFkyA8JzrXiH6W5DX6
UbqsnO5DaPZvMDfvlQWETkoS1j+Qgu2mIWzdiw7sPrOgggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
fBIRKjnK621vAWvc7UR+0hqnZ+U=
openssl-1.1.1/test/ocsp-tests/ISIC_ND3_Issuer_Root.pem0000644000000000000000000000276113345734630021227 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgU=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WKIC_D3_Issuer_Root.pem0000644000000000000000000000501113345734630021106 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAzyLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WINH_D3.ors0000644000000000000000000000455613345734630016620 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MzkxOFowZjBkMDwwCQYF
Kw4DAhoFAAQUjKTJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMTExNDIzMjVaoBEYDzIwMTIxMDEzMTQzOTE4WjAN
BgkqhkiG9w0BAQUFAAOCAQEAgdrf+v+BwEhG0ghTLMVmuxWprJr/9VFtpKpxQrTo
egSoW+5JOPCUAStfw3R3u7QM8sJf9bnPorgoCoY1hPKcWNLhvf1Ng3QlVkNa6NcO
EonbuI4KE9Rhoflpf//pD/3AFKzU+ecRs04KtYezKrUvC1RayGabd7bgtIpdFss4
ZCZ22riqjFtqD3+2//AHg7VaqiJMKlRt05CMmGe+HKn5PEN9HaeI52nsTf+L1Jeh
ItnaDPfV76vFHHXyUhR3iIgnqQDCig0q3yj7BQqH50+K+myiMAY+p8cuVqebno1i
BzXxxpZl/fw1KnTFdEa7p2jtmXw3KZiHAWAddwg1F1tHTaCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/pag==
openssl-1.1.1/test/ocsp-tests/D3.ors0000644000000000000000000000455613345734630015773 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAyMzEwMzkzMFowZjBkMDwwCQYF
Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMjMwOTU5MTJaoBEYDzIwMTIxMDI1MTAzOTMwWjAN
BgkqhkiG9w0BAQUFAAOCAQEAYaaAzW26JQGFRyawj9ROtnSdJ9QPJ6B/wfpJif8e
QU9lmKx0zIDdTum3Mc5tfxML71W025UW9jzowAfQ5bZbqa4nwZlWX5Py3hKebeYo
WiND4pvhS4BRkheSkycEok0bj1FJYWYiJVpnTqKAPnOKrlL4qvGC2IOHk2toS/Je
iLyoUwxrPtqaXt4Caoa3I70HE3H1QqvPIGIY6V4bxV7Km/xv99QOutkbfANGiNsx
W7EDB3TRNhldzMnjEwG58X5Pe3xwEVqjCiBL+wQ8JALn08bJzFn9E04aYrqCGc8s
gw1dgaBoZt+0vbQUN71KEocwMj5mzJqottOyqNwo7FZnBaCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/pag==
openssl-1.1.1/test/ocsp-tests/ISOP_ND2.ors0000644000000000000000000000117613345734630016735 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAwMDI1NTdaMHMwcTBJMAkGBSsOAwIaBQAE
FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDAwMjU1N1qgERgPMjAxMjEwMTQwMDI1
NTdaMA0GCSqGSIb3DQEBBQUAA4IBAQCJRXcrz4wJe7bqWBHULu/QDXVz74OhSNlu
swI0J4h+UmzJuW1GpdhTwJcTG3ARVwCLKz3evvpvHSumcsop0G3NolryNLP/oGD0
Vf6PbLrJ8v+NxUNugPbtWM985Ti/B2a+XjbzYlH2vS3KOTL4X1zWSL07IQFNXc2h
yHBscKpYgt0mZcFZFxN3NTCNpT6IjJzZzTG9xTYZ3hZdMQQ3DYO+/Hv4J+U1/Ybq
CjuMWRak/0R/BiBDJdGhbThlvV7bNUxYY7DVaOiLER8ptpmhnzlB/vsTAxZqX48J
mJdv2bxoTby98Pm/BMydEA9qcFqyP1XvqhzIY35ngoS/1XREyW7t
openssl-1.1.1/test/ocsp-tests/WIKH_ND1.ors0000644000000000000000000000117613345734630016724 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
FEi2DTgjjfhFbk7lhD6jlBEYApefBBSJRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
openssl-1.1.1/test/ocsp-tests/D1.ors0000644000000000000000000000374413345734630015767 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg
Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMjMxMDI1MzZaMHUwczBLMAkGBSsOAwIaBQAE
FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDIzMDcwMDAwWqARGA8yMDEyMTAzMDA4
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAJU3hXN7NApN50/vlZTG2p8+QQJp4uaod3
wyBQ0Ux3DoQZQ9RG6/7Mm4qpOLCCSTh/lJjZ0fD+9eB3gcp/JupN1JrU+dgTyv/Y
9MOctJz7y+VoU9I+qB8knV4sQCwohAVm8GmA9s4p/rHq5Oymci0SuG/QCfkVxOub
rI1bWjbHLvvXyvF3PoGMORVHG3SA+jJ9VkHWJyi6brHxY+QR/iYxer8lJsBtpyc7
q2itFgvax/OHwne3lxsck9q0QgKpmEdJu2LuGyWFIhrEwR3b7ASEu1G/nKClv3dR
vyOXMm1XIwuUhCjAcpNEKiOMorFwnLS1F8LhfqFWTAFG0JbWpAi8oIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
4J2l
openssl-1.1.1/test/ocsp-tests/WSNIC_ND1_Issuer_ICA.pem0000644000000000000000000000341113345734630021023 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WINH_D2.ors0000644000000000000000000000377413345734630016620 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE
FLhXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3
KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW
woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6
wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z
v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc
rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
fBIRKjnK621vAWvc7UR+0hqnZ+U=
openssl-1.1.1/test/ocsp-tests/WINH_ND2.ors0000644000000000000000000000117613345734630016730 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
FO2+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
+ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
openssl-1.1.1/test/ocsp-tests/WIKH_D3.ors0000644000000000000000000000455613345734630016615 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTE0MDYzNlowZjBkMDwwCQYF
Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBe1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMTExMzU4MTBaoBEYDzIwMTIxMDEzMTQwNjM2WjAN
BgkqhkiG9w0BAQUFAAOCAQEAjcryO6FUK5+TcPBxJKixVt9q07Xy3qv1e/VFuJ0f
tnYDcu83Q5yCta49PXaA13nFDFZ445wCDivDBLolS6JKSh+JrLpAxSBzak7Ps8wz
DPNAtexZz9/hPPzHnGOMlRtew07jk+NX5ZgCxDZGmBHIHOGyab2WoqmpRTll0oP4
b/DzI3mzrur5lm2NAT3ZJ8bVaWsAJBVTfUye3S4GRWlfGSRVAMk0QHnCkYP42okc
psIKbvdIoS2gxo6kBTMevxciPV2lPIiSrIWH0IGm7AqGM5+Vz7IdbD6fOQd1I3uw
O+1NugMYfScB6jCvSW2uESeRZ+qW/HMXQbU1eiH+x88UIKCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/pag==
openssl-1.1.1/test/ocsp-tests/WKDOSC_D2.ors0000644000000000000000000000377413345734630017045 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
yVdbHxANRLCFYj1mqBgPMjAxMjEwMTAxNDU0NDhaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBACkGyoGefA2WuktIerofBoPgeyT8Mry57DxF7IEvX8dI
Adk+MZRo5suYIE2AJty8bohYYiIxS7sZ5nsUM+iyu5cIdmsIwt/YifYsSdHc6DKz
l3Yh4bS27QX05/Vuok3HmEMsRBmensKATMfvGP+TOwhuFeHWAK8KHSCmUbGZFP3A
WKtrhRh/qC4qetMt07z/OKZcqHUYegEpO3xqRJ4MdqRJpV1urjdL/852US0mWAOL
/EPoexWiHiKJmsNy7HAEKFQ+daqdZYM1BTGbS2aj3go/BVqf0xEhRLT0fsdof4Is
1Cy2ZHGbaVEyOQpXsxUEAqEdJcFRcLFGhdgnUjcQ9lqgggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ2QF8p0+Fb7ID
MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
fBIRKjnK621vAWvc7UR+0hqnZ+U=
openssl-1.1.1/test/ocsp-tests/WKDOSC_D3.ors0000644000000000000000000000455613345734630017045 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDE1MTkzOVowZjBkMDwwCQYF
Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMTAxNDU2MTdaoBEYDzIwMTIxMDEyMTUxOTM5WjAN
BgkqhkiG9w0BAQUFAAOCAQEAH1Bs3glJoAvCHhgVtN4F/avlKA1St74v7yuD1DIu
cBf/4YRJdxZATXMI8I0TPjSl8L+rRAiUTVd8sPhWQ9XD9WaYKkTEjuQSPp851/81
zDihz9Kj5Rzo5PYpFsbSps/ALMQSRkrtuX4DCm9fbK7xC+adpbhQDnWW/GXM1+Ob
lv3pHDQXLh2GQbRsaJBgLeSUxIIE7RWJv1N+Ugi5zF8rja5qnJ9DnkilEqMeXQp8
SThaI+TOe+KHK+7wTp5QkFNIE5l/uKgvSNIOwLe9HDevlSl1wYF6e+mAz3uoQyJa
Ucx8FIoV6CIr+wUd+P8CmNXiQ7M59I8gm3FCDiEvWDQGEaCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCdxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/pag==
openssl-1.1.1/test/ocsp-tests/ISOP_D1.ors0000644000000000000000000000374413345734630016621 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0
lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxMTU1NDVaMHUwczBLMAkGBSsOAwIaBQAE
FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTAwMDAwWqARGA8yMDEyMTAxNzEw
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCaiUf6TuPaSmZR2i3hUwqdEfhjcZkcCXPu
9diWuDZbaL6ubthfeTwx6OsZ0eM3Q+WPhBNlYQ9Sm8PDUQsQiq3YvuYu+QUisChx
PN6BUEwFQZAGz+FX2h5+kAmK1M/xZeXMBCXJWJCClagiw5hOJfeV0ue7RUZRVuZv
am0ZjyIeLsxsIrxghlcaJRosFmYNoM++euu5lvclutv1UQ5yyNxlYy0T/jA9gS07
WJ/i38+zxnXTuAPOm67p5N1IkEAEg/7OPRIG17Ig1C38NctN74vAOdTU1d/ay05V
Bz4ZiI9PffkUkPgW2QRQCEjv50i80wYkKH5pIbT/mTk4t53DUK1UoIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV
BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+
m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv
CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT
T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW
sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O
ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae
BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d
DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO
RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW
ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK
0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy
RI4G
openssl-1.1.1/test/ocsp-tests/WKIC_ND2_Issuer_Root.pem0000644000000000000000000000254713345734630021236 0ustar rootroot-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UCLi3LjkRv3
UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
R1uUq27UlTMdphVx8fiUylQ5PsE=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND1_Cross_Root.pem0000644000000000000000000000276113345734630020235 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND1.ors0000644000000000000000000000117613345734630016102 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
openssl-1.1.1/test/ocsp-tests/ISDOSC_D1.ors0000644000000000000000000000374413345734630017033 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0
lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE
FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH
itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O
675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA
r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo
DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j
o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV
BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxkkb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+
m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv
CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT
T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW
sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O
ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae
BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d
DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO
RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW
ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK
0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy
RI4F
openssl-1.1.1/test/ocsp-tests/WSNIC_ND2_Issuer_Root.pem0000644000000000000000000000254713345734630021364 0ustar rootroot-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJVUzEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
R1uUq27UlTMdphVx8fiUylQ5PsE=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND1_Issuer_ICA-Cross.pem0000644000000000000000000000676613345734630021167 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE8TCCA9mgAwIBAgIQbyXcFa/fXqMIVgw7ek/H+DANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYD
VQQDEx5DT01PRE8gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDQQIuLcuORG/dRwRtUBJjTqb/B5opdO4f7u4jO
DeMvPwaW8KIpUJmu2zuhV7B0UXHN7UKRTUH+qcjYaoZ3RLtZZpdQXrTULHBEz9o3
lUJpPDDEcbNS8CFNodi6OXwcnqMknfKDFpiqFnxDmxVbt640kf7UYiYYRpo/68H5
8ZBX66x6DYvbcjBqZtXgRqNw3GjZ/wRIiXfeten7Z21B6bw5vTLZYgLxsag9bjec
4i/i06Imi8a4VUOI4SM+pdIkOWpHqwDUobOpJf4NP6cdutNRwQuk2qw471VQJAVl
RpM0Ty2NrcbUIRnSjsoFYXEHc0flihkSvQRNzk6cpUisuyb3AgMBAAGjggF0MIIB
cDAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUC1jl
i8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
Af8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9j
cmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDCBswYI
KwYBBQUHAQEEgaYwgaMwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0
LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LnA3YzA5BggrBgEFBQcwAoYtaHR0
cDovL2NydC51c2VydHJ1c3QuY29tL0FkZFRydXN0VVROU0dDQ0EuY3J0MCUGCCsG
AQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBBQUA
A4IBAQAHYJOZqs7Q00fQNzPeP2S35S6jJQzVMx0Njav2fkZ7WQaS44LE5/X289kF
z0k0LTdf9CXH8PtrI3fx8UDXTLtJRTHdAChntylMdagfeTHJNjcPyjVPjPF+3vxG
q79om3AjMC63xVx7ivsYE3lLkkKM3CyrbCK3KFOzGkrOG/soDrc6pNoN90AyT99v
uwFQ/IfTdtn8+7aEA8rJNhj33Wzbu7qBHKat/ij5z7micV0ZBepKRtxzQe+JlEKx
Q4hvNRevHmCDrHqMEHufyfaDbZ76iO4+3e6esL/garnQnweyCROa9aTlyFt5p0c1
M2jlVZ6qW8swC53HD79oRIGXi1FK
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND1_Issuer_ICA.pem0000644000000000000000000000341113345734630020060 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WKIC_D1_Issuer_ICA.pem0000644000000000000000000000313713345734630020564 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOoUbMUpq4pbR/WNnN
2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
TercGL7FG81kwA==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ISIC_D3_Issuer_Root.pem0000644000000000000000000000501113345734630021100 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVE
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ISOP_ND3.ors0000644000000000000000000000120213345734630016724 0ustar rootrootMIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxMjEwMDkxNjAxNTNaMHQwcjBKMAkGBSsOAwIaBQAE
FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
bJWejX5BTb8DmevkCauAABgPMjAxMjEwMDkxNjAxNTNaoBEYDzIwMTIxMDEzMTYw
MTUzWjANBgkqhkiG9w0BAQUFAAOCAQEAFnJAzuT8P4KKyTI6sdj5HkQ352qEu5CN
K9M2kU/eg9kPfwLv8z3yArobwgx+/IDRajbVAKrk8UPCGUqkDc0OiU5c0+jpn+nT
20VVCtWsBSWDfzKqYln/NGrblhv+/iuFZJpyfud5nWguW5nogPC8IAfgt9FMDMl6
wlQWLSWEkgAJWvhNR3nzgvyMnuDuMIVQgB9/+vAIxA7nlpEEh6KTswyGqE9+u1yC
kvrz4PwKZQMT6r1eRCLs6NaagOZT84QHhZ6TAA+QHjfK406KL8F9mFgbGKbW+st2
QHm+giUhrgZMv+1Yaxe34BjDS439LCPjdZ29On8FeZr3F55T+s3VzA==
openssl-1.1.1/test/ocsp-tests/ND3_Issuer_Root.pem0000644000000000000000000000276113345734630020420 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WIKH_ND2.ors0000644000000000000000000000117613345734630016725 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQMWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
+ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
openssl-1.1.1/test/ocsp-tests/WSNIC_D1_Issuer_ICA.pem0000644000000000000000000000313713345734630020712 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
MTAwMDAwWjBZMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN
2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
TercGL7FG81kwA==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND3.ors0000644000000000000000000000120213345734630016072 0ustar rootrootMIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE
FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz
NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg
P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ
FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR
+mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW
YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3
K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA==
openssl-1.1.1/test/ocsp-tests/ISOP_D3.ors0000644000000000000000000000455613345734630016625 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMDEzMjE1OVowZjBkMDwwCQYF
Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMTAxMzA1MjBaoBEYDzIwMTIxMDEyMTMyMTU5WjAN
BgkqhkiG9w0BAQUFAAOCAQEAH1auyXFf1fOdfShSnAFkg5JsRUvajrilUioTkPIn
IGYV//huaPNZwZGCC2haZIdUuKB6G2OCXeZVskBTXPjt8/6JmoHgsZeI3x5xKXxZ
vddLC0PgYp0cA3FqjXR2UCpdBF+GK37rnfZsdW2vD9JaEBXxTV4+ICDAg15ZphJW
lLGmdP3mQqPURIwamcYam8tntARimgEpA0KgfVue2A+izjcxC7qk9BQYG72Fh3hC
ZFxi5u6xKNUQ2EBF9KXZyP9d2i/bYCZAUeUSRtir+fsOXHlihYRih9npKyAPwpHd
NqhwK9NhKed8gmkX3cSaK0arBx7ev7avhM4Dqem+BzppjKCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/pag==
openssl-1.1.1/test/ocsp-tests/WKIC_D2_Issuer_Root.pem0000644000000000000000000000235513345734630021115 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/D3_Issuer_Root.pem0000644000000000000000000001207313345734630020277 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
4GGSt/M3mMS+lqO3ig==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WKDOSC_D1.ors0000644000000000000000000000374413345734630017041 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBSpTXftIZX0
lLT9zwVSQC5Jfp3pqhgPMjAxMjEwMTAxNDU0NDNaMHUwczBLMAkGBSsOAwIaBQAE
FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDEwMTMwMDAwWqARGA8yMDEyMTAxNzEz
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQBw5Z+0ggEddRTIq7cXlMoxG9Nrx4HtutsH
itIUoZp/rlLoxHsJTo/VmdZvTTGIc7Ok9XuoH61lY/x9glAKsGRjz4Myc9+5rx0O
675lwmOS+uaf3/hRkicVrVr7Pt2ug3R7OXm2MJrohjNKP8lqtLJ0hHP88a8rotKA
r9uz/qHm7K4Uh7dRt/Pnu9MPG74tZeFNN4M1ONMEiRdG39FqzFDXWxwQ3NmyC0Wo
DQn+NklZMknr8mm7IBWpzgU1fTD9R0yv0zdhUZGiEXxvdhm7GJrTET5jS30Ksm5j
o+n39YVu/vGbjyyYx3+WdeQLEyipaGvldSuJpT+R684/RuFWNetcoIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRIcYjwu4UNkR1VGrDbSdFei8wDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDAzMVoXDTEyMTIxOTA4NDAzMVowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDExFzAVBgNV
BAUTDjIwMTIwOTE5MDkzOTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx0kb6QhDH3sEDj4zaysjVzYelq9lZ1cso4R2IyQxaoPaG6GkaCmHA4sz6KP+
m3ADqplibEUBa/mzCxHW8/oy3NhGMFdbezduZrnRFLbzakOTeIo8VEIM3JPfgREv
CX8nj6Xu7ERD6JO/ZQ9Xr7YVzKKN+3cVZlcMHoGBnOPcO2Sz0AcYyk5m5IsGBRoT
T86j6Cr9PhOPTVwXL6Wxy1KVHsUZXUwnRacV0O4SHWQ4zM9Sablus9fTbh1CgIqW
sKDyzVB4yECXkBVeUlA+cuCaRRVHRiR+jPDSgbU62nnNudEpGG7dyoop6IOvXv2O
ydncWzaukxIVvQ/Ij85kHqs7HQIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFKlNd+0hlfSUtP3PBVJALkl+nemqMB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCe4rZg61Dmwygl/Uae
BJZog64/FvuB1sfCqKLJTjKOfLcugSTX1TT7bLJbzXRGPQuorI3TIZEOwldIw01d
DTLlsOCHrfHd+bpxgijxPkUuaA4NYnpvqTEMJqPKOC8QYfKupNjAPSuHvwqvqCfO
RCe3jY6xQDO0WCTZ8/xMsOkw+J/YEYqALETf2Ug7k5eRL/TvfLd8Sgi7vPfmUeiW
ptlsbhMOWQoQc+JA3vCI01rrjNq+0kIZ/r8nPGvablRr0Aakk6eDuS2dcReaPwuK
0xE136pJYiXdQ3SA7uwmlorjxmejavyoPCr23TU74DQEt6hhc6uIcabsa4Y8KvJy
RI4G
openssl-1.1.1/test/ocsp-tests/D1_Issuer_ICA.pem0000644000000000000000000000313713345734630017747 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN
2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
TercGL7FG81kwA==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WSNIC_D3_Issuer_Root.pem0000644000000000000000000000501113345734630021234 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdUZXN0
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO
BgNVBAoTB1Rlc3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND2_Issuer_Root.pem0000644000000000000000000000254713345734630020421 0ustar rootroot-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
R1uUq27UlTMdphVx8fiUylQ5PsE=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WSNIC_D2_Issuer_Root.pem0000644000000000000000000000235513345734630021243 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCVVMxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WRID_ND1.ors0000644000000000000000000000117613345734630016727 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSJRFH/UCpp
Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
openssl-1.1.1/test/ocsp-tests/ISOP_ND1.ors0000644000000000000000000000117613345734630016734 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTAwODU0NDVaMHMwcTBJMAkGBSsOAwIaBQAE
FEi2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMDA4NTQ0NVqgERgPMjAxMjEwMTQwODU0
NDVaMA0GCSqGSIb3DQEBBQUAA4IBAQDHKDxWTbAHRXY7HapfhE99T+OSa/AfRYqX
H9yIeMRa5VftXMyvBFuvVm/qLRwK6mxhkiVIvF/Pk5yxMjbm7xPO26D+WHOdQML4
+M4OX9BO76FjZRin5x+4b0Xo5SuSU1ulqfvSZnx+nG+hMbt/3Y7ODCEUWCYFoXNp
U+TXTbv2mwJ9AL8Q/zjL4P8NJHzFJBKjEs+AAVRxTY/5RHHKU9dcm7ux/gsWoDUM
w677Xxzn6icd8mqn72/HmzPnMrLHKKJFe2escbJn7JlV6qbZ9EWbrr+3OH0IJy5I
E3LcPIsNZ//QEc6vS6J+j8ljV8Xne6rS1EmiOwV9NgubvYwDCm4R
openssl-1.1.1/test/ocsp-tests/WIKH_D2.ors0000644000000000000000000000377413345734630016615 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
yVdbHxANRLCFYj1mqBgPMjAxMjEwMTExMzMwMTBaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRhe2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBAA0H7bvcULg1GayFtQVrYDyW0feOEMNGLmgaGuwRdrY3
KuWyNJLUUJKQZnOkdT8A4RpVX8xD4EgVyOqRACUahgdgp0g3QOn+vf2Zyf+NJIgW
woF5qaJgCOeIOw5O6F4r1vUhp8NvqXHotswgG58Nzz6UMD+uyIgq5o8uzOjryEm6
wO2X+KvN9sMzkeZhNvAHkgBQL8CG4CggWnzn7At1DmhhsizfhDrosigM4Zr6Sm6z
v1YfSPznD0b3TQ7RzvpbJPofF2aJXMIMxdKR5pemuevTDR2+JCXjVPsD/ZODFykc
rsQeqx2vTOIg84PRKboXjCAwHn4rIN7JJtQqebLtD9egggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
fBIRKjnK621vAWvc7UR+0hqnZ+U=
openssl-1.1.1/test/ocsp-tests/D3_Cert_EE.pem0000644000000000000000000000523413345734630017271 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFZDCCA0ygAwIBAgIDC7PGMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
dEBjYWNlcnQub3JnMB4XDTEyMDUwNjE4NDY0MVoXDTE0MDUwNjE4NDY0MVowWzEL
MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD
VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeNSAxSFtymeN6rQD69eXIJEnCCP7Z
24/fdOgxRDSBhfQDUVhdmsuDOvuziOoWGqRxZPcWdMEMRcJ5SrA2aHIstvnaLhUl
xp2fuaeXx9XMCJ9ZmzHZbH4wqLaU+UlhcSsdkPzapf3N3HaUAW8kT4bHEGzObYVC
UBxxhpY01EoGRQmnFojzLNF3+0O1npQzXg5MeIWHW/Z+9jE+6odL6IXgg1bvrP4d
FgoveTcG6BmJu+50RwHaUad7hQuNeS+pNsVzCiDdMF2qoCQXtAGhnEQ9/KHpBD2z
ISBVIyEbYxdyU/WxnkaOof63Mf/TAgMNzVN9duqEtFyvvMrQY1XkBBwfAgMBAAGj
ggERMIIBDTAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEF
BQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEF
BQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMIGE
BgNVHREEfTB7gg53d3cuY2FjZXJ0Lm9yZ4IRc2VjdXJlLmNhY2VydC5vcmeCEnd3
d21haWwuY2FjZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IOd3d3LmNhY2VydC5uZXSCCmNh
Y2VydC5uZXSCDnd3dy5jYWNlcnQuY29tggpjYWNlcnQuY29tMA0GCSqGSIb3DQEB
BQUAA4ICAQA2+uCGX18kZD8gyfj44TlwV4TXJ5BrT0M9qogg2k5u057i+X2ePy3D
iE2REyLkU+i5ekH5gvTl74uSJKtpSf/hMyJEByyPyIULhlXCl46z2Z60drYzO4ig
apCdkm0JthVGvk6/hjdaxgBGhUvSTEP5nLNkDa+uYVHJI58wfX2oh9gqxf8VnMJ8
/A8Zi6mYCWUlFUobNd/ozyDZ6WVntrLib85sAFhds93nkoUYxgx1N9Xg/I31/jcL
6bqmpRAZcbPtvEom0RyqPLM+AOgySWiYbg1Nl8nKx25C2AuXk63NN4CVwkXpdFF3
q5qk1izPruvJ68jNW0pG7nrMQsiY2BCesfGyEzY8vfrMjeR5MLNv5r+obeYFnC1j
uYp6JBt+thW+xPFzHYLjohKPwo/NbMOjIUM9gv/Pq3rVRPgWru4/8yYWhrmEK370
rtlYBUSGRUdR8xed1Jvs+4qJ3s9t41mLSXvUfwyPsT7eoloUAfw3RhdwOzXoC2P6
ftmniyu/b/HuYH1AWK+HFtFi9CHiMIqOJMhj/LnzL9udrQOpir7bVej/mlb3kSRo
2lZymKOvuMymMpJkvBvUU/QEbCxWZAkTyqL2qlcQhHv7W366DOFjxDqpthaTRD69
T8i/2AnsBDjYFxa47DisIvR57rLmE+fILjSvd94N/IpGs3lSOS5JeA==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ISDOSC_D2.ors0000644000000000000000000000377413345734630017037 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBTqlwecTarB
yVdbHxANRLCFYj1mqBgPMjAxMjEwMTEwOTE1MzNaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBAF/9ByrCS+pCCK4qovqUAH/yoWckmpLFCzKJGHkErJeY
FlUbAJuu/Gs0IdLmLp+2VbStjsL4vLtDU2Q4e417C1fm8+ixh+kP7qPRd8cxyMBx
cmD2m1v0CgbrflCZEC71cTrrWpcW+6jg623lI4Ug3A4zlizbT/f9IrxuV9VB9/G5
6kPI5dYOVZM0ColIxmJsafuxfr6ONQLPHKTlZJK3SyWebs25006OmrSyfBi0j26j
WU5d6B2NJZBKqvDVMXxZ0q6QOgKxOs8WD+6DaA1d1f7gTOl45XJZWz5KnRePyRxM
Fp0ak6XYbE1y2vHE2RWp1w4lcVJ0BUQXWxx+g86F5W2gggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXovYBMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP2QF8p0+Fb7ID
MwwD1gEr2oazjqbW28EZr3YEyMPk+7VFaGePSO1xjBGIE48Q7m7d6p6ZXCzlBZEi
oudrHSr3WDqdIVKLDrZIDkgEgdjJE72Hq6Pf5CEGXyebbODm4sV96EfewSvOOYLL
866g3aoVhLDK02ny+Q5OsokW7nhnmGMMh10tZqR5VmdQTiw8MgeqUxBEaEO4WH2J
ltgSsgNJBNBYuDgnn5ryzVqhvmCJvYZMYeN6qZFKy1MgHcR+wEpGLPlRL4ttu6e5
MJrVta7dVFobHUHoFog97LtQT1PY0Ubaihswjge5O04bYeCrgSSjr1e4xH/KDxRw
yyhoscaFAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBTqlwec
TarByVdbHxANRLCFYj1mqDBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAHiC6N1uF29d7CmiVapA8Nr1xLSVeIkBd4A8yHsUTQ7ATI7bwT14QUV4awe7
8cvmO5ZND8YG1ViwN162WFm9ivSoWBzvWDbU2JhQFb+XzrzCcdn0YbNiTxJh/vYm
uDuxto00dpBgujSOAQv8B90iDEJ+sZpYRzDRj62qStRey0zpq5eX+pA+gdppMUFb
4QvJf0El8TbLCWLN4TjrFe6ju7ZaN9zmgVYGQ2fMHKIGNScLuIA950nYwzRkIfHa
YW6HqP1rCR1EiYmstEeCQyDxJx+RUlh+q8L1BKzaMYhS6s63MZzQuGseYStaCmbC
fBIRKjnK621vAWvc7UR+0hqnZ+Y=
openssl-1.1.1/test/ocsp-tests/WRID_ND3.ors0000644000000000000000000000120213345734630016717 0ustar rootrootMIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBSuvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxMjEwMTAxMzA3NDZaMHQwcjBKMAkGBSsOAwIaBQAE
FHyxZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTAxMzA3NDZaoBEYDzIwMTIxMDE0MTMw
NzQ2WjANBgkqhkiG9w0BAQUFAAOCAQEAA70+GYJoFuUBwIN9KHMqmOOtnmoLBBlm
HL2Su70ZEqSmL4zTt3iHY3m2YaNYSPphgDlQ4lY8zGAkCSrZ3ulpJun3RRy+gD29
0ks155tChMbYNZrFm46vKWabBjh2p+623daymlcbgizi5Z+P4oJL68VrOqh+DArE
MpHH16BTGaF+bAjzTRSbS90xUReqwnnEpRBrmcQVo4uKpSkbyrx7iMLqsJ2vGpgh
xqj1kNPT9g3+gegmdU9QpFV0l9ZV8X/f0uz5nT4I0NL81d/KDHGx2rd+bftLODeL
ZAWAzFbr5B5EMqPGoh/SQXpcuVOqMHjh8fi8PBXBcitlIFzdDKXDvA==
openssl-1.1.1/test/ocsp-tests/ISOP_D2.ors0000644000000000000000000000377413345734630016625 0ustar rootrootMIIF4AoBAKCCBdkwggXVBgkrBgEFBQcwAQEEggXGMIIFwjCBmaIWBBT0zghPr/K8
jV5hpjGMML9Q+DwzShgPMjAxMjEwMTAxMjA5NTlaMG4wbDBEMAkGBSsOAwIaBQAE
FLdXtbacB/gWIxOOkMkqDr4yAaoxBBRge2YaRQ2XyolQL30EzTSo//z9SwILBAAA
AAABL07hRxCAABgPMjAxMjEwMDEwNjAwMDBaoBEYDzIwMTMwNDE1MDYwMDAwWjAL
BgkqhkiG9w0BAQUDggEBAGZY28eFWl169g7puLnKSeEzi6Ma5/rErOveFRp052ck
785B83HWkNmW/Bgw7Ws6Y7jBJce6ZQ5TMhwgNP34HuG/mVyn2ZjtCe4KKFBVnZV7
mHGx93jgKkQvdp4pbNKxZ504eZDp8UOlR9+uwWOWHVObn7o+2N8iWKErSbZ2uX54
Ajk8Hg/XN5wI4RUtcK3QpZSf3Ren5iit4NInwCpmTOkDz/IVK96BWaEQICq4VlHG
ziD0H0SlBQCdcSPzZndGoCtIhNyJEL3O2y3Grg4X1XH7VeeyGesuTLEIAEMHJPJD
TOVNoe5YPRK9Tqb+6jsubw8X/1b72kw3xVgb6MfC0tqgggQQMIIEDDCCBAgwggLw
oAMCAQICCwQAAAAAAThXoveHMA0GCSqGSIb3DQEBBQUAMFcxCzAJBgNVBAYTAkJF
MRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRsw
GQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMTIwNzA1MTgwMDAwWhcNMTMw
NzA1MTgwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBu
di1zYTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBPQ1NQIGZvciBSb290IFIxIC0gQnJh
bmNoIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMQY/h5DSRT24n
mMtD19lrn8WZzOoIl+Z9qOsrLLjEQeTMDlL7JPZh5pLaHHb6kSWT+O/RcEwpw6Dq
H9jtAgDOsGoN7gCK7wJbIvn4MdmkXZqVBcVl3uLuII3v1CPnlc/zoz5d9qXcZKb6
YuzseyzhDPecQ+7l2NVAUOFUj8GXOZi//bIveMsm+/zSLMfriIC84Uym2QY649SC
aFNbtF/tR6upvLCLe0b2D1g+OBfGqZasi3QI5uX6lT0gHbCnPhRo3uxG2+S4KL3M
9sndMByrR5K6QuVf7UqA1vt0CfbA2OUXwcH5x3/TsHxtXDj2F/fWnC9QBBSN5n4I
G8K7ZpYtAgMBAAGjgdIwgc8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBT0zghP
r/K8jV5hpjGMML9Q+DwzSjBMBgNVHSAERTBDMEEGCSsGAQQBoDIBXzA0MDIGCCsG
AQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAJ
BgNVHRMEAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMB8GA1UdIwQYMBaAFGB7ZhpF
DZfKiVAvfQTNNKj//P1LMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQAD
ggEBAGU9HIQImzhTHkQLyA178dUdnF5E3DdzmNtwVV3cxGrFOLMpciMQLioQ/xp5
t6j5Mshlp59imFylqowRRxRy4aN5TtMCufNh7yHIxI2Dt4O6qpPM946t5CJkMy+k
63pXz2xFIxaJDzAmzpWzu70OY0jrh3dZa8NR4AvhtoZ8zFE6suva6ZGK7JIoINaA
j5uyZ0qU+7vFwV1awdReNV6494z/HRjs1n956mNbalB9mKp9XXyfZlix/nN5mTJd
NlJqz7QjnCzZRM/Gfamzk8L3/CPS3XmSblFyn6SeZ92Vms4PNqZiEUNa2TMKXQR1
EMiDRMkyfIIMI80VgRvvzCiOt0c=
openssl-1.1.1/test/ocsp-tests/WKIC_ND3_Issuer_Root.pem0000644000000000000000000000276113345734630021235 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALj3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND3_Cert_EE.pem0000644000000000000000000000405613345734630017410 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIF3TCCBMWgAwIBAgIRAKcNbJWejX5BTb8DmevkCaswDQYJKoZIhvcNAQEFBQAw
bzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1B
ZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3Qg
RXh0ZXJuYWwgQ0EgUm9vdDAeFw0xMDA1MDQwMDAwMDBaFw0xNTA1MDQyMzU5NTla
MIIBCjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJEw1UcmFm
Zm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJExwzcmQg
Rmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8gQ0EgTGlt
aXRlZDEaMBgGA1UECxMRQ29tb2RvIFByZW1pdW1TU0wxLDAqBgNVBAMTI2FkZHRy
dXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAz5MM/mco91yFJNtF3t9c0x/bGds+zGAqJlHBXCR43og+
3vgsBkCcn5M3PAqmL6XxilpsrEfS6RqtNcLfxwDyl7rr3qpJSM537Km1ZGOTHs0C
i0JA4YBZFOxBwPO2nHQGD+t9kJx3auFdBLnjJc5Q3jFUmnyJ8D2h3P9BrHgOoIbO
KYOUc/3zcqE6NttdbiuUMzlad8guhnXlWPCh2NJtNtMLDQxG7DWWDEm/Kt+CdKAR
jko6kEp7nqBKyujjJoGD2nEtEnuuqiB9n6sgSXR1NGtecJrW8IqIS7hkcsxhGTI9
jnY73+NiMV3nglejkNseTUdcEi6L94EdifXuVLgEAwIDAQABo4IB1TCCAdEwHwYD
VR0jBBgwFoAUrb2YejS0Jvf6xCZU7wO94CTLVBowHQYDVR0OBBYEFDXpt6NocCrd
7XZ2MLUa116TIesKMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEB
AgEDBDArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQ
UzB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRU
cnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8u
bmV0L0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDQGCCsGAQUFBwEBBCgwJjAk
BggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMFcGA1UdEQRQME6C
I2FkZHRydXN0ZXh0ZXJuYWxjYXJvb3QuY29tb2RvY2EuY29tgid3d3cuYWRkdHJ1
c3RleHRlcm5hbGNhcm9vdC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEFBQADggEB
AF2TF6xg8ZoBICoiQvjD2Z0SKcJRw1Dhj3HpGzV9F+Y0e/MxCXhYA+340JZxnC2P
VA968QKFrNwDWiS9Klc+cs4k3HIeiZp3uHw1ezElqXXNa+S1CrSS03FqWeeugSrB
xpuXCWDJSfD4DJq835hlEuXgxmAjsbuRUjaq1lxwSWnNoBkfMCCAgVlHtFljTlqq
nwfBZcnj73+yiERgTvhN4gEL59ZzjFliKEUuXHZoe8klhn73cnY+XoRV0e7wU+Xj
PzLoAhjGkS35hfDQTHdCwNBaN3iI2Q+HBjhfffAYFdK+Jo3kSXq12s7CJD7utAho
xxRhA0l1ziJgrEubLi6ItNg=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WRID_ND2.ors0000644000000000000000000000117613345734630016730 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQMWOWLxkwV
N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
+ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
openssl-1.1.1/test/ocsp-tests/ISIC_ND2_Issuer_Root.pem0000644000000000000000000000254713345734630021230 0ustar rootroot-----BEGIN CERTIFICATE-----
MIID0DCCArigAwIBAgIQIKTEf93f4cdTYwcTiHdgEjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMTAxMDEwMDAw
MDBaFw0zMDEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3
UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI
2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8
Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp
+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+
DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O
nKVIrLsm9wIDAQABo0IwQDAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8w
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBAC/JxBwHO89hAgCx2SFRdXIDMLDEFh9sAIsQrK/xR9SuEDwMGvjUk2ysEDd8
t6aDZK3N3w6HM503sMZ7OHKx8xoOo/lVem0DZgMXlUrxsXrfViEGQo+x06iF3u6X
HWLrp+cxEmbDD6ZLLkGC9/3JG6gbr+48zuOcrigHoSybJMIPIyaDMouGDx8rEkYl
Fo92kANr3ryqImhrjKGsKxE5pttwwn1y6TPn/CbxdFqR5p2ErPioBhlG5qfpqjQi
pKGfeq23sqSaM4hxAjwu1nqyH6LKwN0vEJT9s4yEIHlG1QXUEOTS22RPuFvuG8Ug
R1uUq27UlTMdphVx8fiUylQ5PsI=
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WRID_D3.ors0000644000000000000000000000455613345734630016620 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEzMjE0MVowZjBkMDwwCQYF
Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMTExMjQyMTZaoBEYDzIwMTIxMDEzMTMyMTQxWjAN
BgkqhkiG9w0BAQUFAAOCAQEAEWd9kKEfaurOXDV98OVtU27TmK4L4MeGEPdkg1i+
fbPMe1mouWlVm23W6yaM7mM2NMXLW+hTNzqfyMPM7rByXNaFAAniCPTXNO3eJRIA
Zf0F10OSdBQ/ln4igHQCVZCnXR30/aP5/PMb4u3/LTuC9aW6K7mLXcuCvJztGnXO
v3r64q/qTGG/b4eS65exykV9riSFuGp1rzLAy5fSYTBWTOBQ679PFjQnL60GkrZA
Egtxw2ozEDwo+X0WamEouxN8mjX/VQlMdEbykUFDuPD3vZydZ04BV9f18RJZOU9j
gCwMzd9gb4jUL4ykdWiLmO+YPDWFyNSYEIfnGgk1VvPHuaCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/pag==
openssl-1.1.1/test/ocsp-tests/WIKH_D1.ors0000644000000000000000000000374413345734630016611 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg
Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE
FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSxsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr
XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq
NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO
/CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S
xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4
Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
4J2l
openssl-1.1.1/test/ocsp-tests/ISIC_ND1_Issuer_ICA.pem0000644000000000000000000000341113345734630020667 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMxKljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf7
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/ND1_Cert_EE.pem0000644000000000000000000000430413345734630017402 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIGTTCCBTWgAwIBAgIQIuEzIiCgSN8psr+aMcKbBzANBgkqhkiG9w0BAQUFADCB
jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV
BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew
HhcNMTEwMzMxMDAwMDAwWhcNMTMwNjI3MjM1OTU5WjCCAT8xETAPBgNVBAUTCDA0
MDU4NjkwMRMwEQYLKwYBBAGCNzwCAQMTAkdCMR0wGwYDVQQPExRQcml2YXRlIE9y
Z2FuaXphdGlvbjELMAkGA1UEBhMCR0IxDzANBgNVBBETBk01IDNFUTEbMBkGA1UE
CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRYwFAYDVQQJ
Ew1UcmFmZm9yZCBSb2FkMRYwFAYDVQQJEw1FeGNoYW5nZSBRdWF5MSUwIwYDVQQJ
ExwzcmQgRmxvb3IsIDI2IE9mZmljZSBWaWxsYWdlMRowGAYDVQQKExFDT01PRE8g
Q0EgTGltaXRlZDEaMBgGA1UECxMRQ29tb2RvIEVWIFNHQyBTU0wxGjAYBgNVBAMT
EXNlY3VyZS5jb21vZG8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA168izw0zK6cChTGFuAwNARwTu1Ky/z+dXHkSmB0tQrAk3bq7mnUPtmQ+td8r
G2hlhQPd+YXQVYEW3RuopydmdB9wMlEGCCfU2ZqohsC9uut+HenCVbYvn4sSB0KJ
VdOXLPCEnfdk/FmcNWcYv73HmoJXZjT0THNQmnfpo6mMGAOerenMgNuCpq1buZ8c
fFUeUY18ZGLZKZyRNM6GPgVA37Dm8Ru+9Cf8/rm7NSIoVWH4BDztM3Y1BZvZ0d4G
49jRA4MXbhsDEMYzaSCDmaRHSFhCtrGkN2S4A1ZxoSoxQVCLcnnInVd+J0X8J6pa
Efio/aD6UQBQq29HyTsWVe6BewIDAQABo4IB8TCCAe0wHwYDVR0jBBgwFoAUiERR
/1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFKvAXKp4bYRmxU4SlM8k8FbWiXiL
MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF
BwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMEYGA1UdIAQ/MD0w
OwYMKwYBBAGyMQECAQUBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNv
bW9kby5jb20vQ1BTMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly9jcmwuY29tb2Rv
Y2EuY29tL0NPTU9ET0V4dGVuZGVkVmFsaWRhdGlvblNlY3VyZVNlcnZlckNBLmNy
bDCBhAYIKwYBBQUHAQEEeDB2ME4GCCsGAQUFBzAChkJodHRwOi8vY3J0LmNvbW9k
b2NhLmNvbS9DT01PRE9FeHRlbmRlZFZhbGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5j
cnQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTAzBgNVHREE
LDAqghFzZWN1cmUuY29tb2RvLmNvbYIVd3d3LnNlY3VyZS5jb21vZG8uY29tMA0G
CSqGSIb3DQEBBQUAA4IBAQC9SoVG+B40khDWAzlz+G0WDBM3OuqK5n8vY/XxdPS5
qyv6K05S4VRGR/6PQa1UVzMbnhfLh54OWrpnalRGabpTmKDu8Pa912pzDSzMxg4U
Rff4/hVLd1n/58q+riLxdtkIigLUjtFfwUrE1H89QODOCb4nw7f9BQaDoug+ovM3
KO9rxVZ/3TshaxW0mPVM/cMbX+6RrQ7+d1y5fdX/fksCZhOW+P25+FPlaorQEWNa
s0UZNQ6qVuxB7CPmnLqmLBfAKTbeKcQFxx//0eyyZqCkzIvYUNjeRR0Q7DnxXq4C
Pj1Y6VcPJDmZOeogte5/vNIdU8Wq55IJJ1G/uKXztwVT
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WINH_ND3.ors0000644000000000000000000000120213345734630016717 0ustar rootrootMIIB1AoBAKCCAc0wggHJBgkrBgEFBQcwAQEEggG6MIIBtjCBn6IWBBStvZh6NLQm
9/rEJlTvA73gJMtUGhgPMjAxMjEwMTExMTM2NDdaMHQwcjBKMAkGBSsOAwIaBQAE
FH2xZlScq9tE7mImFq30ZXv3etWUBBStvZh6NLQm9/rEJlTvA73gJMtUGgIRAKcN
bJWejX5BTb8DmevkCauAABgPMjAxMjEwMTExMTM2NDdaoBEYDzIwMTIxMDE1MTEz
NjQ3WjANBgkqhkiG9w0BAQUFAAOCAQEAfnj3nh6z+USW6VlDWRytWpNmC1ZRwWlg
P2+G4UF4HE8bMJkuiFLcZEVYTxlTYv+xAEpSFxdInFM2Q5C+O6pWOZ9NbikeR4oZ
FTI1kAZ0Uw+YMpVM4ztvKBIpUSqlbi69iNJ9WGF6qzxVeqobSOyrjjwtTsuglUbR
+mshp/SP7Br2IIK+KM1vgsmVExPfGPYANyk7ki/Q8uUnjqkreeSa9WC2iJLGcybW
YavDhYWALebUGukNeedkloYhdjPboPPxDkKNjakwIG8EkbJK7uXewMOHHOFvFTX3
K388me8u5iQf4f3fj6ilEgs6f5Szzmb+vklPX0zIny/TVk2+Az7HmA==
openssl-1.1.1/test/ocsp-tests/WRID_D1.ors0000644000000000000000000000374413345734630016614 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRg2uQDFpGg
Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMTI1MjJaMHUwczBLMAkGBSsOAwIaBQAE
FKByDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQAHQBPHdHWNzaFs5bfBvQcvxBWsDnsCFXNs
a1fECiWDFNt6Nz4MCBY4rC7n0nhQfvg4m1woNcTAZVO8lacYomwUU/5/XpeFM6yc
NeFcVbfVXA48GWPANitNQCwyRL5hGfIqNy1I9T1BHlBqYusmJKy65r2iqpmld/hD
7S1dsCd4fXhjBQQORPmBqhKvWEU08Dh5aoaDAuaZoxRH8B1q+mUs0ODOIu34L84y
JcxTKccd/HCwI8oxwLoBtyXSHb+dCzc7zSjFvQhbT5dOCvJNNe/fk6+EhMtQ6ybC
D7p9EShCvU5jAdw54bZWk5wIQSvsWk9axUmYFFLYI3hAaoybpFVroIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
4J2l
openssl-1.1.1/test/ocsp-tests/ND2.ors0000644000000000000000000000117613345734630016103 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBQLWOWLxkwV
N6RAqTCpIb5HNlpW/xgPMjAxMjEwMTAyMzAzMTlaMHMwcTBJMAkGBSsOAwIaBQAE
FOy+ZAvtiWulchtVZmfKU1ZI9ewTBBQLWOWLxkwVN6RAqTCpIb5HNlpW/wIQEaO0
0OyNt3+doM1dLVEvQoAAGA8yMDEyMTAxMDIzMDMxOVqgERgPMjAxMjEwMTQyMzAz
MTlaMA0GCSqGSIb3DQEBBQUAA4IBAQCHn2nGfEUX/EJruMkTgh7GgB0u9cpAepaD
sPv9gtl3KLUZyR+NbGMIa5/bpoJp0yg1z5VL6CLMusy3AF6Cn2fyaioDxG+yc+gA
PcPFdEqiIMr+TP8s7qcEiE6WZddSSCqCn90VZSCWkpDhnCjDRwJLBBPU3803fdMz
oguvyr7y6Koxik8X/iUe8EpSzAvmm4GZL3veTI+x7IezJSrhCS9zM0ZHjySjoDxC
+ljGH0EuWPTmFEqZVGIq3cuahIYzKItUbYnXU6ipi/2p42qbsFeok7eEN0EYsY1a
vRATHGRmU7Q5HLCq4rQtZC1cis52Mvc9x1W4z/Gt5A3FtgElXXNA
openssl-1.1.1/test/ocsp-tests/ISIC_D1_Issuer_ICA.pem0000644000000000000000000000313713345734630020556 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgILBAAAAAABL07hXdQwDQYJKoZIhvcNAQEFBQAwTDEgMB4G
A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp
Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTEwNDEzMTAwMDAwWhcNMjIwNDEz
MTAwMDAwWjBZMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
YTEvMC0GA1UEAxMmR2xvYmFsU2lnbiBFeHRlbmRlZCBWYWxpZGF0aW9uIENBIC0g
RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNoUbMUpq4pbR/WNnN
2EugcgyXW6aIIMO5PUbc0FxSMPb6WU+FX7DbiLSpXysjSKyr9ZJ4FLYyD/tcaoVb
AJDgu2X1WvlPZ37HbCnsk8ArysRe2LDb1r4/mwvAj6ldrvcAAqT8umYROHf+IyAl
VRDFvYK5TLFoxuJwe4NcE2fBofN8C6iZmtDimyUxyCuNQPZSY7GgrVou9Xk2bTUs
Dt0F5NDiB0i3KF4r1VjVbNAMoQFGAVqPxq9kx1UBXeHRxmxQJaAFrQCrDI1la93r
wnJUyQ88ABeHIu/buYZ4FlGud9mmKE3zWI2DZ7k0JZscUYBR84OSaqOuR5rW5Isb
wO2xAgMBAAGjggFaMIIBVjAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUsLBK/Rx1KPgcYaoT9vrBkD1rFqMwRwYDVR0gBEAwPjA8
BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29t
L3JlcG9zaXRvcnkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFs
c2lnbi5uZXQvcm9vdC1yMi5jcmwwRAYIKwYBBQUHAQEEODA2MDQGCCsGAQUFBzAB
hihodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTENBMCkGA1Ud
JQQiMCAGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAzAfBgNVHSMEGDAW
gBSb4gdXZxwewGoG3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAL0m28rZa
pJWrnlrpK4KbzJBrfHRFIOde2Mcj7ig1sTVlKqVR4FU/9oNntOQ2KbDa7JeVqYoF
o0X+Iy5SiLQfEICt0oufo1+oxetz3nmIQZgz7qdgGLFGyUAQB5yPClLJExoGbqCb
LTr2rk/no1E1KlsYBRLlUdy2NmLz4aQP++TPw5S/EauhWTEB8MxT7I9j12yW00gq
iiPtRVaoZkHqAblH7qFHDBTxI+Egc8p9UHxkOFejj0qcm+ltRc9Ea01gIEBxJbVG
qmwIft/I+shWKpLLg7h5CZctXqEBzgbttJfJBNxB7+BPNk3kQHNG7BESfIhbNCYl
TercGL7FG81kwQ==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WKIC_ND1_Issuer_ICA.pem0000644000000000000000000000341113345734630020675 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIQEaO00OyNt3+doM1dLVEvQjANBgkqhkiG9w0BAQUFADCB
gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV
BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDA1MjQwMDAw
MDBaFw0yMDA1MzAxMDQ4MzhaMIGOMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl
YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P
RE8gQ0EgTGltaXRlZDE0MDIGA1UEAxMrQ09NT0RPIEV4dGVuZGVkIFZhbGlkYXRp
b24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1KljPNJY1n7iiWN4dG8PYEooR/U6qW5h+xAhxu7X0h1Nc8HqLYaS+ot/Wi
7WRYZOFEZTZJQSABjTsT4gjzDPJXOZM3txyTRIOOvy3xoQV12m7ue28b6naDKHRK
HCvT9cQDcpOvhs4JjDx11MkKL3Lzrb0OMDyEoXMfAyUUpY/D1vS15N2GevUZumjy
hVSiMBHK0ZLLO3QGEqA3q2rYVBHfbJoWlLm0p2XGdC0x801S6VVRn8s+oo12mHDS
b6ZlRS8bhbtbbfnywARmE4R6nc4n2PREnr+svpnba0/bWCGwiSe0jzLWS15ykV7f
BZ3ZSS/0tm9QH3XLgJ3m0+TR8tMCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaAFAtY
5YvGTBU3pECpMKkhvkc2Wlb/MB0GA1UdDgQWBBSIRFH/UCppXi2I9CG62Qzyzsvq
fDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADA+BgNVHSAENzA1
MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNv
bS9DUFMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdAYIKwYBBQUHAQEEaDBm
MD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9BZGRU
cnVzdFNlcnZlckNBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2Rv
Y2EuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCaQ7+vpHJezX1vf/T8PYy7cOYe3QT9
P9ydn7+JdpvyhjH8f7PtKpFTLOKqsOPILHH3FYojHPFpLoH7sbxiC6saVBzZIl40
TKX2Iw9dej3bQ81pfhc3Us1TocIR1FN4J2TViUFNFlW7kMvw2OTd3dMJZEgo/zIj
hC+Me1UvzymINzR4DzOq/7fylqSbRIC1vmxWVKukgZ4lGChUOn8sY89ZIIwYazgs
tN3t40DeDDYlV5rA0WCeXgNol64aO+pF11GZSe5EWVYLXrGPaOqKnsrSyaADfnAl
9DLJTlCDh6I0SD1PNXf82Ijq9n0ezkO21cJqfjhmY03n7jLvDyToKmf6
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/WINH_ND1.ors0000644000000000000000000000117613345734630016727 0ustar rootrootMIIB0woBAKCCAcwwggHIBgkrBgEFBQcwAQEEggG5MIIBtTCBnqIWBBSIRFH/UCpp
Xi2I9CG62QzyzsvqfBgPMjAxMjEwMTEwODQxMTNaMHMwcTBJMAkGBSsOAwIaBQAE
FEm2DTgjjfhFbk7lhD6jlBEYApefBBSIRFH/UCppXi2I9CG62QzyzsvqfAIQIuEz
IiCgSN8psr+aMcKbB4AAGA8yMDEyMTAxMTA4NDExM1qgERgPMjAxMjEwMTUwODQx
MTNaMA0GCSqGSIb3DQEBBQUAA4IBAQCNnhlBMxxh9z5AKfzAxiKs90CfxUsqfYfk
8XlyF9VIfWRfEwzS6MF1pEzLnghRxTAmjrFgK+sxD9wk+S5Mdgw3nbED9DVFH2Hs
RGKm/t9wkvrYOX6yRQqw6uRvU/5cibMjcyzKB/VQMwk4p4FwSUgBv88A5sTkKr2V
eYdEm34hg2TZVkipPMBiyTyBLXs8D/9oALtnczg4xlTRSjDUvqoXL5haqY4QK2Pv
mNwna6ACkwLmSuMe29UQ8IX2PUB4R5Etni5czyiKGxZLm+4NAhuEwWFNEzCyImPc
087gHGU1zx+qVSlajqMJ/9ZXYjbt7WiWdhOTGEv4VMn8dHhRUs32
openssl-1.1.1/test/ocsp-tests/WINH_D1.ors0000644000000000000000000000374413345734630016614 0ustar rootrootMIIFzwoBAKCCBcgwggXEBgkrBgEFBQcwAQEEggW1MIIFsTCBoKIWBBRf2uQDFpGg
Ywh4P1y2H9bZ2/BQNBgPMjAxMjEwMTExMzI5NDJaMHUwczBLMAkGBSsOAwIaBQAE
FKFyDqBqfGICVPKo9Z3Se6Tzty+kBBSwsEr9HHUo+BxhqhP2+sGQPWsWowISESG8
vx4IzALnkqQG05AvM+2bgAAYDzIwMTIxMDExMTAwMDAwWqARGA8yMDEyMTAxODEw
MDAwMFowCwYJKoZIhvcNAQEFA4IBAQCX3gEX+JVfxuYmxBBxC9sNCi3o76ODIicr
XMvm0DTO9VSyDBl7LDsMMgNMIDtO3flQSlBNZ2B9ikwyckXOSWXiXzybZVMdA/uq
NchgkM9aChrlhG0AHZyYe/+dJSmEBFXkIomy+S6YQ7Mcs2s6WxCeWU7gB4XOy1zO
/CvWjv0WQV1J2lZZ6pkvtECKAEjrVP275LA38HInFbYvVPXWzl4sDcX2TAxwUa4S
xAJAfwl+B+oZSerZWGRo6KjZuB/OB31cB5n/lABmRez6Obi27D0UUCRv/eSbwOF4
Ofaa/XzJt7sF7WpVgoR41HI88W7aN4vtcw1zcVsBmfRMUNYZSqtfoIID+DCCA/Qw
ggPwMIIC2KADAgECAhIRISdENsrz1CSWG3VIBwfQERQwDQYJKoZIhvcNAQEFBQAw
WTELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExLzAtBgNV
BAMTJkdsb2JhbFNpZ24gRXh0ZW5kZWQgVmFsaWRhdGlvbiBDQSAtIEcyMB4XDTEy
MDkxOTA3NDA1MFoXDTEyMTIxOTA4NDA1MFowgYUxCzAJBgNVBAYTAkJFMRkwFwYD
VQQKExBHbG9iYWxTaWduIG52LXNhMUIwQAYDVQQDEzlHbG9iYWxTaWduIEV4dGVu
ZGVkIFZhbGlkYXRpb24gQ0EgLSBHMiBPQ1NQIHJlc3BvbmRlciAtIDIxFzAVBgNV
BAUTDjIwMTIwOTE5MDk0MDAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnCgMsBO+IxIqCnXCOfXJoIC3wj+f0s4DV9h2gJBzisWXkaJD2DfNrd0kHUXK
qVVPUxnA4G5iZu0Z385/KiOt1/P6vQ/Z2/AsEh/8Z/hIyeZCHL31wrSZW4yLeZwi
M76wPiBHJxPun681HQlVs/OGKSHnbHc1XJAIeA/M8u+lLWqIKB+AJ82TrOqUMj1s
LjGhQNs84xPliONN5K7DrEy+Y65X/rFxN77Smw+UtcH1GgH2NgaHH8dpt1m25sgm
UxZWhdx66opB/lbRQwWdGt7MC0kJFaWHDZq64DTuYoekFYSxAFu0nd0EekEHEJEi
9mquB9cv/96SuEJl8BcUWU/1LwIDAQABo4GEMIGBMAkGA1UdEwQCMAAwDgYDVR0P
AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAw
HQYDVR0OBBYEFF/a5AMWkaBjCHg/XLYf1tnb8FA0MB8GA1UdIwQYMBaAFLCwSv0c
dSj4HGGqE/b6wZA9axajMA0GCSqGSIb3DQEBBQUAA4IBAQCKRl1iXFmOQtLseDWP
Y5icDDBGiRi17CGgvIzGJi/ha0PhbO+X0TmQIEnRX3Mu0Er/Mm4RZSjMtJ2iZRh3
tGf4Dn+jKgKOmgXC3oOG/l8RPHLf0yaPSdn/z0TXtA30vTFBLlFeWnhbfhovea4+
snPdBxLqWZdtxmiwojgqA7YATCWwavizrBr09YRyDwzgtpZ2BwMruGuFuV9FsEwL
PCM53yFlrM32oFghyfyE5kYjgnnueKM+pw1kA0jgb1CnVJRrMEN1TXuXDAZLtHKG
5X/drah1JtkoZhCzxzZ3bYdVDQJ90OHFqM58lwGD6z3XuPKrHDKZKt+CPIsl5g7p
4J2l
openssl-1.1.1/test/ocsp-tests/ISDOSC_D3.ors0000644000000000000000000000455613345734630017037 0ustar rootrootMIIG8AoBAKCCBukwggblBgkrBgEFBQcwAQEEggbWMIIG0jCB+aF+MHwxCzAJBgNV
BAYTAkFVMQwwCgYDVQQIEwNOU1cxDzANBgNVBAcTBlN5ZG5leTEUMBIGA1UEChML
Q0FjZXJ0IEluYy4xHjAcBgNVBAsTFVNlcnZlciBBZG1pbmlzdHJhdGlvbjEYMBYG
A1UEAxMPb2NzcC5jYWNlcnQub3JnGA8yMDEyMTAxMTEwMTAyMVowZjBkMDwwCQYF
Kw4DAhoFAAQUi6TJyxcpGUU+u45zCZG5JfKDImUEFBa1MhvUx/Pg5o7zvdKwOu6y
ORjRAgMLs8aAABgPMjAxMjEwMTEwOTUyNDJaoBEYDzIwMTIxMDEzMTAxMDIxWjAN
BgkqhkiG9w0BAQUFAAOCAQEAWX7faLDXkmIdOv/IKBh7awhPmGUhFPVSrMI4dc9/
fcPDOYhFwWr9evKT/QdXRGpZY493mfa4Z6eEDxRDTexOloaiaJzVpSeV9hoJUxoS
8NEWDyi33bDlIJH6zru4kk1LpuSMiSWsvLaeoRhHmW3EPDeadpCa5tYX2yNW5hdP
iCfphDJ34/hWHHwHP6mLd1wEO1Rw6nymqeDbuLk1FviD/ZWXMGzK8Sv++tmsQ0Tg
7XrkIPcSrozPKOTCf/1iJVF5KeQVIb0Ju1PvGUKtGaVTX8IZQmer2WQ1D6OOUcsS
cWA6NSpWmScX/0/uBpXdSDX0AnGUS9SNrPNEolz6rA5OUaCCBL4wggS6MIIEtjCC
Ap6gAwIBAgIDCpvzMA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jvb3QgQ0Ex
HjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2Vy
dCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNl
cnQub3JnMB4XDTExMDgyMzAwMDI1NloXDTEzMDgyMjAwMDI1NlowfDELMAkGA1UE
BhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYDVQQKEwtD
QWNlcnQgSW5jLjEeMBwGA1UECxMVU2VydmVyIEFkbWluaXN0cmF0aW9uMRgwFgYD
VQQDEw9vY3NwLmNhY2VydC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCcxtRv5CPHw3BLdR/k/K72YsRgodbP+UdAONmvBvWzhwm6B8h6O+M64sFr
2w6be7SYBECIyOQgNJ1flK4MoAWhdBA/H5NtxaDOKbAqA27tO9GaevcPp7c518O0
3hVnlPLvsN1f48nY0jQOXUTfv5nYXmD0OSSK/V3IRo0KsWB6T9UnMGCeEwb4Oqqz
uzM0b4SBflzMEony/m6Tg/qL7qs2TLZAqe77+BZaVdFkDUnaBN7RyMruXySxeXiz
mogT3WhROeloMa/X+E01bWBYBEK7VZIY9pgBpXQ7vDbbIGgYuIXUi20wh03WMy16
VDYdV0IUXHpidNUeK9W/BPP/7APBAgMBAAGjRDBCMAwGA1UdEwEB/wQCMAAwJwYD
VR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDCTAJBgNVHREEAjAA
MA0GCSqGSIb3DQEBBQUAA4ICAQAoT6p5f3cGprAcgrnzdenfTmDe9LCW7k2VnazA
MAzpsD6gXcSlo4+3hoHem/SpKRH2tqi34DmImCiv/S6fxsKM4Gfn5rlkAFviuTvS
r5Zrwh4ZKSfaoWv4bmbzmcAxvuxdMWHf/5PbjegjzFTbBMekVPZY/abYtD6kdHQZ
VNgzwZVfTBfYhfa+Rg72I2zjKpMsjxMqWfTmUzW6wfK6LFudZqu0U1NnJw+IlnVU
6WtjL885ebQrmcRqWz3nMhVLIu5L3w/s+VTLvm7If6jcMDNUjz8s2BPcJeCXg3TE
STsyl6tvk17RRz2+9JskxVOk11xIn96xR4FCERIid2ek9z1xi7oYOajQF50i/9Gj
ReDEfRSyb4/LzoKDOY+h4Q6jryeHh7WIHFiK5qrBN2y8qOoRJ/OqQnqci/BJBNpe
g9Q9PJRgGSzRndTXNHiYRbeLpq7eGo3sPqlR9qBQ3rd98XGOU0RCMnzjKhENC3qo
5PkSF2xs8RmjWktFSTDwjYo0qf1teo7CGHjgaPjQ7JE8Q4ysFOQndSWmLpqwDcI9
HfIvPwUIWArQrJRh9LCNSyvHVgLqY9kw8NW4TlMxV2WqaYCkiKi3XVRrSFR3ahS1
VBvRZ8KpplrV7rhXjVSSqqfLk1sX3l72Ck2F9ON+qbNFmvhgNjSiBY9neMgo804a
wG/paw==
openssl-1.1.1/test/ocsp-tests/D1_Cert_EE.pem0000644000000000000000000000453213345734630017267 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIGujCCBaKgAwIBAgISESG8vx4IzALnkqQG05AvM+2bMA0GCSqGSIb3DQEBBQUA
MFkxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMS8wLQYD
VQQDEyZHbG9iYWxTaWduIEV4dGVuZGVkIFZhbGlkYXRpb24gQ0EgLSBHMjAeFw0x
MjA4MTQxMjM1MDJaFw0xMzA4MTUxMDMxMjlaMIIBCjEdMBsGA1UEDwwUUHJpdmF0
ZSBPcmdhbml6YXRpb24xDzANBgNVBAUTBjU3ODYxMTETMBEGCysGAQQBgjc8AgED
EwJVUzEeMBwGCysGAQQBgjc8AgECEw1OZXcgSGFtcHNoaXJlMQswCQYDVQQGEwJV
UzEWMBQGA1UECAwNTmV3IEhhbXBzaGlyZTETMBEGA1UEBwwKUG9ydHNtb3V0aDEg
MB4GA1UECRMXVHdvIEludGVybmF0aW9uYWwgRHJpdmUxDTALBgNVBAsMBC5DT00x
GzAZBgNVBAoMEkdNTyBHbG9iYWxTaWduIEluYzEbMBkGA1UEAwwSd3d3Lmdsb2Jh
bHNpZ24uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx/nHBP4
6s5KKMDlfZS4qFDiAWsoPSRn6WO4nrUF/G2S3I/AdJ0IcSDOHb48/3APj5alqbgo
o4IzdG6KLAbENpHMl0L3pHBq/5tJPTi02SbiYUHfp2fhueMauRo8spfEk6fNRnDn
QpyMFRkYd7Jz+KMerTO1xAcOH+xp0KkcP0i2jFTEuM3LwR0yTms1rry+RryjDDt5
7W0DLnNFWhyGd6YymzNkCPeL6weV8uk2uYRKKf2XOAzgIpNo3zU6iakZOzlQB9h9
qRuIks2AU/cZ89cBkDjHua0ezX5rG3/Url33jAT9cR5zCXHWtj7VzlOjDXXnn16b
L9/AWsvGMNkYHQIDAQABo4ICxzCCAsMwDgYDVR0PAQH/BAQDAgWgMEwGA1UdIARF
MEMwQQYJKwYBBAGgMgEBMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh
bHNpZ24uY29tL3JlcG9zaXRvcnkvMIIBKwYDVR0RBIIBIjCCAR6CEnd3dy5nbG9i
YWxzaWduLmNvbYIVc3RhdHVzLmdsb2JhbHNpZ24uY29tghF0aC5nbG9iYWxzaWdu
LmNvbYISZGV2Lmdsb2JhbHNpZ24uY29tghNpbmZvLmdsb2JhbHNpZ24uY29tghZh
cmNoaXZlLmdsb2JhbHNpZ24uY29tghZzdGF0aWMxLmdsb2JhbHNpZ24uY29tghZz
dGF0aWMyLmdsb2JhbHNpZ24uY29tghNibG9nLmdsb2JhbHNpZ24uY29tghdzc2xj
aGVjay5nbG9iYWxzaWduLmNvbYIVc3lzdGVtLmdsb2JhbHNpZ24uY29tghhvcGVy
YXRpb24uZ2xvYmFsc2lnbi5jb22CDmdsb2JhbHNpZ24uY29tMAkGA1UdEwQCMAAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCG
Lmh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vZ3MvZ3NleHRlbmR2YWxnMi5jcmww
gYgGCCsGAQUFBwEBBHwwejBBBggrBgEFBQcwAoY1aHR0cDovL3NlY3VyZS5nbG9i
YWxzaWduLmNvbS9jYWNlcnQvZ3NleHRlbmR2YWxnMi5jcnQwNQYIKwYBBQUHMAGG
KWh0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc2V4dGVuZHZhbGcyMB0GA1Ud
DgQWBBSvMoTDlFB0aVgVrNkkS1QSmYfx1zAfBgNVHSMEGDAWgBSwsEr9HHUo+Bxh
qhP2+sGQPWsWozANBgkqhkiG9w0BAQUFAAOCAQEAgnohm8IRw1ukfc0GmArK3ZLC
DLGpsefwWMvNrclqwrgtVrBx4pfe5xGAjqyQ2QI8V8a8a1ytVMCSC1AMWiWxawvW
fw48fHunqtpTYNDyEe1Q+7tTGZ0SQ3HljYY9toVEjAMDhiM0Szl6ERRO5S7BTCen
mDpWZF8w3ScRRY2UJc8xwWFiYyGWDNzNL1O8R2Y95QIkHUgQpSD3cjl4YvF/Xx/o
hBEzl884uNAggIyQRu0ImLEetEtHWB2w0pZG3nTAqjOAAAyH2Q8IHoJtjQzvg6fy
IQEO1C5GoQ7isiKIjKBXVYOm+gKSQXlzwj1BlU/OW6kEe24IiERhAN9ILA24wA==
-----END CERTIFICATE-----
openssl-1.1.1/test/ocsp-tests/D2_Issuer_Root.pem0000644000000000000000000000235513345734630020300 0ustar rootroot-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----
openssl-1.1.1/test/sm4_internal_test.c0000644000000000000000000000441413345734631016470 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 Ribose Inc. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Internal tests for the SM4 module.
*/
#include <string.h>
#include <openssl/opensslconf.h>
#include "testutil.h"
#ifndef OPENSSL_NO_SM4
# include "internal/sm4.h"
static int test_sm4_ecb(void)
{
static const uint8_t k[SM4_BLOCK_SIZE] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
static const uint8_t input[SM4_BLOCK_SIZE] = {
0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
};
/*
* This test vector comes from Example 1 of GB/T 32907-2016,
* and described in Internet Draft draft-ribose-cfrg-sm4-02.
*/
static const uint8_t expected[SM4_BLOCK_SIZE] = {
0x68, 0x1e, 0xdf, 0x34, 0xd2, 0x06, 0x96, 0x5e,
0x86, 0xb3, 0xe9, 0x4f, 0x53, 0x6e, 0x42, 0x46
};
/*
* This test vector comes from Example 2 from GB/T 32907-2016,
* and described in Internet Draft draft-ribose-cfrg-sm4-02.
* After 1,000,000 iterations.
*/
static const uint8_t expected_iter[SM4_BLOCK_SIZE] = {
0x59, 0x52, 0x98, 0xc7, 0xc6, 0xfd, 0x27, 0x1f,
0x04, 0x02, 0xf8, 0x04, 0xc3, 0x3d, 0x3f, 0x66
};
int i;
SM4_KEY key;
uint8_t block[SM4_BLOCK_SIZE];
SM4_set_key(k, &key);
memcpy(block, input, SM4_BLOCK_SIZE);
SM4_encrypt(block, block, &key);
if (!TEST_mem_eq(block, SM4_BLOCK_SIZE, expected, SM4_BLOCK_SIZE))
return 0;
for (i = 0; i != 999999; ++i)
SM4_encrypt(block, block, &key);
if (!TEST_mem_eq(block, SM4_BLOCK_SIZE, expected_iter, SM4_BLOCK_SIZE))
return 0;
for (i = 0; i != 1000000; ++i)
SM4_decrypt(block, block, &key);
if (!TEST_mem_eq(block, SM4_BLOCK_SIZE, input, SM4_BLOCK_SIZE))
return 0;
return 1;
}
#endif
int setup_tests(void)
{
#ifndef OPENSSL_NO_SM4
ADD_TEST(test_sm4_ecb);
#endif
return 1;
}
openssl-1.1.1/test/wpackettest.c0000644000000000000000000003554113345734631015375 0ustar rootroot/*
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/buffer.h>
#ifdef __VMS
# pragma names save
# pragma names as_is,shortened
#endif
#include "../ssl/packet_locl.h"
#ifdef __VMS
# pragma names restore
#endif
#include "testutil.h"
static const unsigned char simple1[] = { 0xff };
static const unsigned char simple2[] = { 0x01, 0xff };
static const unsigned char simple3[] = { 0x00, 0x00, 0x00, 0x01, 0xff };
static const unsigned char nestedsub[] = { 0x03, 0xff, 0x01, 0xff };
static const unsigned char seqsub[] = { 0x01, 0xff, 0x01, 0xff };
static const unsigned char empty[] = { 0x00 };
static const unsigned char alloc[] = { 0x02, 0xfe, 0xff };
static const unsigned char submem[] = { 0x03, 0x02, 0xfe, 0xff };
static const unsigned char fixed[] = { 0xff, 0xff, 0xff };
static BUF_MEM *buf;
static int cleanup(WPACKET *pkt)
{
WPACKET_cleanup(pkt);
return 0;
}
static int test_WPACKET_init(void)
{
WPACKET pkt;
int i;
size_t written;
unsigned char sbuf[3];
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
/* Closing a top level WPACKET should fail */
|| !TEST_false(WPACKET_close(&pkt))
/* Finishing a top level WPACKET should succeed */
|| !TEST_true(WPACKET_finish(&pkt))
/*
* Can't call close or finish on a WPACKET that's already
* finished.
*/
|| !TEST_false(WPACKET_close(&pkt))
|| !TEST_false(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1)))
return cleanup(&pkt);
/* Now try with a one byte length prefix */
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2)))
return cleanup(&pkt);
/* And a longer length prefix */
if (!TEST_true(WPACKET_init_len(&pkt, buf, 4))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple3, sizeof(simple3)))
return cleanup(&pkt);
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1)))
return cleanup(&pkt);
for (i = 1; i < 257; i++) {
/*
* Putting more bytes in than fit for the size of the length prefix
* should fail
*/
if (!TEST_int_eq(WPACKET_put_bytes_u8(&pkt, 0xff), i < 256))
return cleanup(&pkt);
}
if (!TEST_true(WPACKET_finish(&pkt)))
return cleanup(&pkt);
/* Test initialising from a fixed size buffer */
if (!TEST_true(WPACKET_init_static_len(&pkt, sbuf, sizeof(sbuf), 0))
/* Adding 3 bytes should succeed */
|| !TEST_true(WPACKET_put_bytes_u24(&pkt, 0xffffff))
/* Adding 1 more byte should fail */
|| !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff))
/* Finishing the top level WPACKET should succeed */
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(sbuf, written, fixed, sizeof(sbuf))
/* Initialise with 1 len byte */
|| !TEST_true(WPACKET_init_static_len(&pkt, sbuf, sizeof(sbuf), 1))
/* Adding 2 bytes should succeed */
|| !TEST_true(WPACKET_put_bytes_u16(&pkt, 0xfeff))
/* Adding 1 more byte should fail */
|| !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(sbuf, written, alloc, sizeof(alloc)))
return cleanup(&pkt);
return 1;
}
static int test_WPACKET_set_max_size(void)
{
WPACKET pkt;
size_t written;
if (!TEST_true(WPACKET_init(&pkt, buf))
/*
* No previous lenbytes set so we should be ok to set the max
* possible max size
*/
|| !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX))
/* We should be able to set it smaller too */
|| !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX -1))
/* And setting it bigger again should be ok */
|| !TEST_true(WPACKET_set_max_size(&pkt, SIZE_MAX))
|| !TEST_true(WPACKET_finish(&pkt)))
return cleanup(&pkt);
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
/*
* Should fail because we already consumed 1 byte with the
* length
*/
|| !TEST_false(WPACKET_set_max_size(&pkt, 0))
/*
* Max size can't be bigger than biggest that will fit in
* lenbytes
*/
|| !TEST_false(WPACKET_set_max_size(&pkt, 0x0101))
/* It can be the same as the maximum possible size */
|| !TEST_true(WPACKET_set_max_size(&pkt, 0x0100))
/* Or it can be less */
|| !TEST_true(WPACKET_set_max_size(&pkt, 0x01))
/* Should fail because packet is already filled */
|| !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff))
/* You can't put in more bytes than max size */
|| !TEST_true(WPACKET_set_max_size(&pkt, 0x02))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_false(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2)))
return cleanup(&pkt);
return 1;
}
static int test_WPACKET_start_sub_packet(void)
{
WPACKET pkt;
size_t written;
size_t len;
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
/* Can't finish because we have a sub packet */
|| !TEST_false(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_close(&pkt))
/* Sub packet is closed so can't close again */
|| !TEST_false(WPACKET_close(&pkt))
/* Now a top level so finish should succeed */
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1)))
return cleanup(&pkt);
/* Single sub-packet with length prefix */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2)))
return cleanup(&pkt);
/* Nested sub-packets with length prefixes */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_get_length(&pkt, &len))
|| !TEST_size_t_eq(len, 1)
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_get_length(&pkt, &len))
|| !TEST_size_t_eq(len, 3)
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, nestedsub, sizeof(nestedsub)))
return cleanup(&pkt);
/* Sequential sub-packets with length prefixes */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, seqsub, sizeof(seqsub)))
return cleanup(&pkt);
/* Nested sub-packets with lengths filled before finish */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_get_length(&pkt, &len))
|| !TEST_size_t_eq(len, 1)
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_get_length(&pkt, &len))
|| !TEST_size_t_eq(len, 3)
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_fill_lengths(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, nestedsub, sizeof(nestedsub))
|| !TEST_true(WPACKET_finish(&pkt)))
return cleanup(&pkt);
return 1;
}
static int test_WPACKET_set_flags(void)
{
WPACKET pkt;
size_t written;
/* Set packet to be non-zero length */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_NON_ZERO_LENGTH))
/* Should fail because of zero length */
|| !TEST_false(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1)))
return cleanup(&pkt);
/* Repeat above test in a sub-packet */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet(&pkt))
|| !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_NON_ZERO_LENGTH))
/* Should fail because of zero length */
|| !TEST_false(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple1, sizeof(simple1)))
return cleanup(&pkt);
/* Set packet to abandon non-zero length */
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_size_t_eq(written, 0))
return cleanup(&pkt);
/* Repeat above test but only abandon a sub-packet */
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, empty, sizeof(empty)))
return cleanup(&pkt);
/* And repeat with a non empty sub-packet */
if (!TEST_true(WPACKET_init(&pkt, buf))
|| !TEST_true(WPACKET_start_sub_packet_u8(&pkt))
|| !TEST_true(WPACKET_set_flags(&pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))
|| !TEST_true(WPACKET_put_bytes_u8(&pkt, 0xff))
|| !TEST_true(WPACKET_close(&pkt))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, simple2, sizeof(simple2)))
return cleanup(&pkt);
return 1;
}
static int test_WPACKET_allocate_bytes(void)
{
WPACKET pkt;
size_t written;
unsigned char *bytes;
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_allocate_bytes(&pkt, 2, &bytes)))
return cleanup(&pkt);
bytes[0] = 0xfe;
bytes[1] = 0xff;
if (!TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, alloc, sizeof(alloc)))
return cleanup(&pkt);
/* Repeat with WPACKET_sub_allocate_bytes */
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_sub_allocate_bytes_u8(&pkt, 2, &bytes)))
return cleanup(&pkt);
bytes[0] = 0xfe;
bytes[1] = 0xff;
if (!TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, submem, sizeof(submem)))
return cleanup(&pkt);
return 1;
}
static int test_WPACKET_memcpy(void)
{
WPACKET pkt;
size_t written;
const unsigned char bytes[] = { 0xfe, 0xff };
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_memcpy(&pkt, bytes, sizeof(bytes)))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, alloc, sizeof(alloc)))
return cleanup(&pkt);
/* Repeat with WPACKET_sub_memcpy() */
if (!TEST_true(WPACKET_init_len(&pkt, buf, 1))
|| !TEST_true(WPACKET_sub_memcpy_u8(&pkt, bytes, sizeof(bytes)))
|| !TEST_true(WPACKET_finish(&pkt))
|| !TEST_true(WPACKET_get_total_written(&pkt, &written))
|| !TEST_mem_eq(buf->data, written, submem, sizeof(submem)))
return cleanup(&pkt);
return 1;
}
int setup_tests(void)
{
if (!TEST_ptr(buf = BUF_MEM_new()))
return 0;
ADD_TEST(test_WPACKET_init);
ADD_TEST(test_WPACKET_set_max_size);
ADD_TEST(test_WPACKET_start_sub_packet);
ADD_TEST(test_WPACKET_set_flags);
ADD_TEST(test_WPACKET_allocate_bytes);
ADD_TEST(test_WPACKET_memcpy);
return 1;
}
void cleanup_tests(void)
{
BUF_MEM_free(buf);
}
openssl-1.1.1/test/drbg_cavs_test.c0000644000000000000000000001727513345734630016033 0ustar rootroot/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include "internal/nelem.h"
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/obj_mac.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include "../crypto/rand/rand_lcl.h"
#include "testutil.h"
#include "drbg_cavs_data.h"
static int app_data_index;
typedef struct test_ctx_st {
const unsigned char *entropy;
size_t entropylen;
int entropycnt;
const unsigned char *nonce;
size_t noncelen;
int noncecnt;
} TEST_CTX;
static size_t kat_entropy(RAND_DRBG *drbg, unsigned char **pout,
int entropy, size_t min_len, size_t max_len,
int prediction_resistance)
{
TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
t->entropycnt++;
*pout = (unsigned char *)t->entropy;
return t->entropylen;
}
static size_t kat_nonce(RAND_DRBG *drbg, unsigned char **pout,
int entropy, size_t min_len, size_t max_len)
{
TEST_CTX *t = (TEST_CTX *)RAND_DRBG_get_ex_data(drbg, app_data_index);
t->noncecnt++;
*pout = (unsigned char *)t->nonce;
return t->noncelen;
}
/*
* Do a single NO_RESEED KAT:
*
* Instantiate
* Generate Random Bits (pr=false)
* Generate Random Bits (pr=false)
* Uninstantiate
*
* Return 0 on failure.
*/
static int single_kat_no_reseed(const struct drbg_kat *td)
{
struct drbg_kat_no_reseed *data = (struct drbg_kat_no_reseed *)td->t;
RAND_DRBG *drbg = NULL;
unsigned char *buff = NULL;
unsigned int flags = 0;
int failures = 0;
TEST_CTX t;
if (td->df != USE_DF)
flags |= RAND_DRBG_FLAG_CTR_NO_DF;
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, flags, NULL)))
return 0;
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL))) {
failures++;
goto err;
}
memset(&t, 0, sizeof(t));
t.entropy = data->entropyin;
t.entropylen = td->entropyinlen;
t.nonce = data->nonce;
t.noncelen = td->noncelen;
RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
buff = OPENSSL_malloc(td->retbyteslen);
if (buff == NULL)
goto err;
if (!TEST_true(RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen))
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
data->addin1, td->addinlen))
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
data->addin2, td->addinlen))
|| !TEST_true(RAND_DRBG_uninstantiate(drbg))
|| !TEST_mem_eq(data->retbytes, td->retbyteslen, buff,
td->retbyteslen))
failures++;
err:
if (buff != NULL)
OPENSSL_free(buff);
if (drbg != NULL) {
RAND_DRBG_uninstantiate(drbg);
RAND_DRBG_free(drbg);
}
return failures == 0;
}
/*-
* Do a single PR_FALSE KAT:
*
* Instantiate
* Reseed
* Generate Random Bits (pr=false)
* Generate Random Bits (pr=false)
* Uninstantiate
*
* Return 0 on failure.
*/
static int single_kat_pr_false(const struct drbg_kat *td)
{
struct drbg_kat_pr_false *data = (struct drbg_kat_pr_false *)td->t;
RAND_DRBG *drbg = NULL;
unsigned char *buff = NULL;
unsigned int flags = 0;
int failures = 0;
TEST_CTX t;
if (td->df != USE_DF)
flags |= RAND_DRBG_FLAG_CTR_NO_DF;
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, flags, NULL)))
return 0;
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL))) {
failures++;
goto err;
}
memset(&t, 0, sizeof(t));
t.entropy = data->entropyin;
t.entropylen = td->entropyinlen;
t.nonce = data->nonce;
t.noncelen = td->noncelen;
RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
buff = OPENSSL_malloc(td->retbyteslen);
if (buff == NULL)
goto err;
if (!TEST_true(RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)))
failures++;
t.entropy = data->entropyinreseed;
t.entropylen = td->entropyinlen;
if (!TEST_true(RAND_DRBG_reseed(drbg, data->addinreseed, td->addinlen, 0))
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
data->addin1, td->addinlen))
|| !TEST_true(RAND_DRBG_generate(drbg, buff, td->retbyteslen, 0,
data->addin2, td->addinlen))
|| !TEST_true(RAND_DRBG_uninstantiate(drbg))
|| !TEST_mem_eq(data->retbytes, td->retbyteslen, buff,
td->retbyteslen))
failures++;
err:
if (buff != NULL)
OPENSSL_free(buff);
if (drbg != NULL) {
RAND_DRBG_uninstantiate(drbg);
RAND_DRBG_free(drbg);
}
return failures == 0;
}
/*-
* Do a single PR_TRUE KAT:
*
* Instantiate
* Generate Random Bits (pr=true)
* Generate Random Bits (pr=true)
* Uninstantiate
*
* Return 0 on failure.
*/
static int single_kat_pr_true(const struct drbg_kat *td)
{
struct drbg_kat_pr_true *data = (struct drbg_kat_pr_true *)td->t;
RAND_DRBG *drbg = NULL;
unsigned char *buff = NULL;
unsigned int flags = 0;
int failures = 0;
TEST_CTX t;
if (td->df != USE_DF)
flags |= RAND_DRBG_FLAG_CTR_NO_DF;
if (!TEST_ptr(drbg = RAND_DRBG_new(td->nid, flags, NULL)))
return 0;
if (!TEST_true(RAND_DRBG_set_callbacks(drbg, kat_entropy, NULL,
kat_nonce, NULL))) {
failures++;
goto err;
}
memset(&t, 0, sizeof(t));
t.nonce = data->nonce;
t.noncelen = td->noncelen;
t.entropy = data->entropyin;
t.entropylen = td->entropyinlen;
RAND_DRBG_set_ex_data(drbg, app_data_index, &t);
buff = OPENSSL_malloc(td->retbyteslen);
if (buff == NULL)
goto err;
if (!TEST_true(RAND_DRBG_instantiate(drbg, data->persstr, td->persstrlen)))
failures++;
t.entropy = data->entropyinpr1;
t.entropylen = td->entropyinlen;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
data->addin1, td->addinlen)))
failures++;
t.entropy = data->entropyinpr2;
t.entropylen = td->entropyinlen;
if (!TEST_true(RAND_DRBG_generate(drbg, buff, td->retbyteslen, 1,
data->addin2, td->addinlen))
|| !TEST_true(RAND_DRBG_uninstantiate(drbg))
|| !TEST_mem_eq(data->retbytes, td->retbyteslen, buff,
td->retbyteslen))
failures++;
err:
if (buff != NULL)
OPENSSL_free(buff);
if (drbg != NULL) {
RAND_DRBG_uninstantiate(drbg);
RAND_DRBG_free(drbg);
}
return failures == 0;
}
static int test_cavs_kats(int i)
{
const struct drbg_kat *td = drbg_test[i];
int rv = 0;
switch (td->type) {
case NO_RESEED:
if (!single_kat_no_reseed(td))
goto err;
break;
case PR_FALSE:
if (!single_kat_pr_false(td))
goto err;
break;
case PR_TRUE:
if (!single_kat_pr_true(td))
goto err;
break;
default: /* cant happen */
goto err;
}
rv = 1;
err:
return rv;
}
int setup_tests(void)
{
app_data_index = RAND_DRBG_get_ex_new_index(0L, NULL, NULL, NULL, NULL);
ADD_ALL_TESTS(test_cavs_kats, drbg_test_nelem);
return 1;
}
openssl-1.1.1/test/build.info0000644000000000000000000004714713345734627014661 0ustar rootroot{-
use File::Spec::Functions;
sub rebase_files
{
my ($base, $files) = @_;
return join(" ", map { "$base/$_" } split(/\s+/, $files));
}
""
-}
IF[{- !$disabled{tests} -}]
LIBS_NO_INST=libtestutil.a
SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \
testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \
testutil/format_output.c testutil/tap_bio.c \
testutil/test_cleanup.c testutil/main.c testutil/init.c
INCLUDE[libtestutil.a]=../include
DEPEND[libtestutil.a]=../libcrypto
# Special hack for descrip.mms to include the MAIN object module
# explicitly. This will only be done if there isn't a MAIN in the
# program's object modules already.
BEGINRAW[descrip.mms]
INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN
ENDRAW[descrip.mms]
PROGRAMS_NO_INST=\
versions \
aborttest test_test \
sanitytest exdatatest bntest \
ectest ecstresstest ecdsatest gmdifftest pbelutest ideatest \
md2test \
hmactest \
rc2test rc4test rc5test \
destest mdc2test \
dhtest enginetest casttest \
bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \
evp_test evp_extra_test igetest v3nametest v3ext \
crltest danetest bad_dtls_test lhash_test \
conf_include_test \
constant_time_test verify_extra_test clienthellotest \
packettest asynctest secmemtest srptest memleaktest stack_test \
dtlsv1listentest ct_test threadstest afalgtest d2i_test \
ssl_test_ctx_test ssl_test x509aux cipherlist_test asynciotest \
bio_callback_test \
bioprinttest sslapitest dtlstest sslcorrupttest bio_enc_test \
pkey_meth_test pkey_meth_kdf_test uitest cipherbytes_test \
asn1_encode_test asn1_decode_test asn1_string_table_test \
x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \
recordlentest drbgtest sslbuffertest \
recordlentest drbgtest drbg_cavs_test sslbuffertest \
time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \
servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \
sysdefaulttest errtest gosttest
SOURCE[versions]=versions.c
INCLUDE[versions]=../include
DEPEND[versions]=../libcrypto
SOURCE[aborttest]=aborttest.c
INCLUDE[aborttest]=../include
DEPEND[aborttest]=../libcrypto
SOURCE[sanitytest]=sanitytest.c
INCLUDE[sanitytest]=../include
DEPEND[sanitytest]=../libcrypto libtestutil.a
SOURCE[test_test]=test_test.c
INCLUDE[test_test]=../include
DEPEND[test_test]=../libcrypto libtestutil.a
SOURCE[exdatatest]=exdatatest.c
INCLUDE[exdatatest]=../include
DEPEND[exdatatest]=../libcrypto libtestutil.a
SOURCE[bntest]=bntest.c
INCLUDE[bntest]=../include
DEPEND[bntest]=../libcrypto libtestutil.a
SOURCE[ectest]=ectest.c
INCLUDE[ectest]=../include
DEPEND[ectest]=../libcrypto libtestutil.a
SOURCE[ecstresstest]=ecstresstest.c
INCLUDE[ecstresstest]=../include
DEPEND[ecstresstest]=../libcrypto libtestutil.a
SOURCE[ecdsatest]=ecdsatest.c
INCLUDE[ecdsatest]=../include
DEPEND[ecdsatest]=../libcrypto libtestutil.a
SOURCE[gmdifftest]=gmdifftest.c
INCLUDE[gmdifftest]=../include
DEPEND[gmdifftest]=../libcrypto libtestutil.a
SOURCE[pbelutest]=pbelutest.c
INCLUDE[pbelutest]=../include
DEPEND[pbelutest]=../libcrypto libtestutil.a
SOURCE[ideatest]=ideatest.c
INCLUDE[ideatest]=../include
DEPEND[ideatest]=../libcrypto libtestutil.a
SOURCE[md2test]=md2test.c
INCLUDE[md2test]=../include
DEPEND[md2test]=../libcrypto libtestutil.a
SOURCE[hmactest]=hmactest.c
INCLUDE[hmactest]=../include
DEPEND[hmactest]=../libcrypto libtestutil.a
SOURCE[rc2test]=rc2test.c
INCLUDE[rc2test]=../include
DEPEND[rc2test]=../libcrypto libtestutil.a
SOURCE[rc4test]=rc4test.c
INCLUDE[rc4test]=../include
DEPEND[rc4test]=../libcrypto libtestutil.a
SOURCE[rc5test]=rc5test.c
INCLUDE[rc5test]=../include
DEPEND[rc5test]=../libcrypto libtestutil.a
SOURCE[destest]=destest.c
INCLUDE[destest]=../include
DEPEND[destest]=../libcrypto libtestutil.a
SOURCE[mdc2test]=mdc2test.c
INCLUDE[mdc2test]=../include
DEPEND[mdc2test]=../libcrypto libtestutil.a
SOURCE[dhtest]=dhtest.c
INCLUDE[dhtest]=../include
DEPEND[dhtest]=../libcrypto libtestutil.a
SOURCE[enginetest]=enginetest.c
INCLUDE[enginetest]=../include
DEPEND[enginetest]=../libcrypto libtestutil.a
SOURCE[casttest]=casttest.c
INCLUDE[casttest]=../include
DEPEND[casttest]=../libcrypto libtestutil.a
SOURCE[bftest]=bftest.c
INCLUDE[bftest]=../include
DEPEND[bftest]=../libcrypto libtestutil.a
SOURCE[ssltest_old]=ssltest_old.c
INCLUDE[ssltest_old]=.. ../include
DEPEND[ssltest_old]=../libcrypto ../libssl
SOURCE[dsatest]=dsatest.c
INCLUDE[dsatest]=../include
DEPEND[dsatest]=../libcrypto libtestutil.a
SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c
INCLUDE[dsa_no_digest_size_test]=../include
DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a
SOURCE[exptest]=exptest.c
INCLUDE[exptest]=../include
DEPEND[exptest]=../libcrypto libtestutil.a
SOURCE[rsa_test]=rsa_test.c
INCLUDE[rsa_test]=../include
DEPEND[rsa_test]=../libcrypto libtestutil.a
SOURCE[rsa_mp_test]=rsa_mp_test.c
INCLUDE[rsa_mp_test]=../include
DEPEND[rsa_mp_test]=../libcrypto libtestutil.a
SOURCE[fatalerrtest]=fatalerrtest.c ssltestlib.c
INCLUDE[fatalerrtest]=../include
DEPEND[fatalerrtest]=../libcrypto ../libssl libtestutil.a
SOURCE[tls13ccstest]=tls13ccstest.c ssltestlib.c
INCLUDE[tls13ccstest]=../include
DEPEND[tls13ccstest]=../libcrypto ../libssl libtestutil.a
SOURCE[evp_test]=evp_test.c
INCLUDE[evp_test]=../include
DEPEND[evp_test]=../libcrypto libtestutil.a
SOURCE[evp_extra_test]=evp_extra_test.c
INCLUDE[evp_extra_test]=../include ../crypto/include
DEPEND[evp_extra_test]=../libcrypto libtestutil.a
SOURCE[igetest]=igetest.c
INCLUDE[igetest]=../include
DEPEND[igetest]=../libcrypto libtestutil.a
SOURCE[v3nametest]=v3nametest.c
INCLUDE[v3nametest]=../include
DEPEND[v3nametest]=../libcrypto libtestutil.a
SOURCE[crltest]=crltest.c
INCLUDE[crltest]=../include
DEPEND[crltest]=../libcrypto libtestutil.a
SOURCE[v3ext]=v3ext.c
INCLUDE[v3ext]=../include
DEPEND[v3ext]=../libcrypto libtestutil.a
SOURCE[danetest]=danetest.c
INCLUDE[danetest]=../include
DEPEND[danetest]=../libcrypto ../libssl libtestutil.a
SOURCE[constant_time_test]=constant_time_test.c
INCLUDE[constant_time_test]=../include
DEPEND[constant_time_test]=../libcrypto libtestutil.a
SOURCE[verify_extra_test]=verify_extra_test.c
INCLUDE[verify_extra_test]=../include
DEPEND[verify_extra_test]=../libcrypto libtestutil.a
SOURCE[clienthellotest]=clienthellotest.c
INCLUDE[clienthellotest]=../include
DEPEND[clienthellotest]=../libcrypto ../libssl libtestutil.a
SOURCE[bad_dtls_test]=bad_dtls_test.c
INCLUDE[bad_dtls_test]=../include
DEPEND[bad_dtls_test]=../libcrypto ../libssl libtestutil.a
SOURCE[packettest]=packettest.c
INCLUDE[packettest]=../include
DEPEND[packettest]=../libcrypto libtestutil.a
SOURCE[asynctest]=asynctest.c
INCLUDE[asynctest]=../include
DEPEND[asynctest]=../libcrypto
SOURCE[secmemtest]=secmemtest.c
INCLUDE[secmemtest]=../include
DEPEND[secmemtest]=../libcrypto libtestutil.a
SOURCE[srptest]=srptest.c
INCLUDE[srptest]=../include
DEPEND[srptest]=../libcrypto libtestutil.a
SOURCE[memleaktest]=memleaktest.c
INCLUDE[memleaktest]=../include
DEPEND[memleaktest]=../libcrypto libtestutil.a
SOURCE[stack_test]=stack_test.c
INCLUDE[stack_test]=../include
DEPEND[stack_test]=../libcrypto libtestutil.a
SOURCE[lhash_test]=lhash_test.c
INCLUDE[lhash_test]=../include
DEPEND[lhash_test]=../libcrypto libtestutil.a
SOURCE[dtlsv1listentest]=dtlsv1listentest.c
INCLUDE[dtlsv1listentest]=../include
DEPEND[dtlsv1listentest]=../libssl libtestutil.a
SOURCE[ct_test]=ct_test.c
INCLUDE[ct_test]=../include
DEPEND[ct_test]=../libcrypto libtestutil.a
SOURCE[threadstest]=threadstest.c
INCLUDE[threadstest]=../include
DEPEND[threadstest]=../libcrypto libtestutil.a
SOURCE[afalgtest]=afalgtest.c
INCLUDE[afalgtest]=../include
DEPEND[afalgtest]=../libcrypto libtestutil.a
SOURCE[d2i_test]=d2i_test.c
INCLUDE[d2i_test]=../include
DEPEND[d2i_test]=../libcrypto libtestutil.a
SOURCE[ssl_test_ctx_test]=ssl_test_ctx_test.c ssl_test_ctx.c
INCLUDE[ssl_test_ctx_test]=../include
DEPEND[ssl_test_ctx_test]=../libcrypto ../libssl libtestutil.a
SOURCE[ssl_test]=ssl_test.c ssl_test_ctx.c handshake_helper.c
INCLUDE[ssl_test]=../include
DEPEND[ssl_test]=../libcrypto ../libssl libtestutil.a
SOURCE[cipherlist_test]=cipherlist_test.c
INCLUDE[cipherlist_test]=../include
DEPEND[cipherlist_test]=../libcrypto ../libssl libtestutil.a
INCLUDE[ssl_test_ctx.o]=../include
INCLUDE[handshake_helper.o]=.. ../include
INCLUDE[ssltestlib.o]=.. ../include
SOURCE[x509aux]=x509aux.c
INCLUDE[x509aux]=../include
DEPEND[x509aux]=../libcrypto libtestutil.a
SOURCE[asynciotest]=asynciotest.c ssltestlib.c
INCLUDE[asynciotest]=../include
DEPEND[asynciotest]=../libcrypto ../libssl libtestutil.a
SOURCE[bio_callback_test]=bio_callback_test.c
INCLUDE[bio_callback_test]=../include
DEPEND[bio_callback_test]=../libcrypto libtestutil.a
SOURCE[bioprinttest]=bioprinttest.c
INCLUDE[bioprinttest]=../include
DEPEND[bioprinttest]=../libcrypto libtestutil.a
SOURCE[sslapitest]=sslapitest.c ssltestlib.c
INCLUDE[sslapitest]=../include ..
DEPEND[sslapitest]=../libcrypto ../libssl libtestutil.a
SOURCE[ocspapitest]=ocspapitest.c
INCLUDE[ocspapitest]=../include
DEPEND[ocspapitest]=../libcrypto libtestutil.a
SOURCE[dtlstest]=dtlstest.c ssltestlib.c
INCLUDE[dtlstest]=../include
DEPEND[dtlstest]=../libcrypto ../libssl libtestutil.a
SOURCE[sslcorrupttest]=sslcorrupttest.c ssltestlib.c
INCLUDE[sslcorrupttest]=../include
DEPEND[sslcorrupttest]=../libcrypto ../libssl libtestutil.a
SOURCE[bio_enc_test]=bio_enc_test.c
INCLUDE[bio_enc_test]=../include
DEPEND[bio_enc_test]=../libcrypto libtestutil.a
SOURCE[pkey_meth_test]=pkey_meth_test.c
INCLUDE[pkey_meth_test]=../include
DEPEND[pkey_meth_test]=../libcrypto libtestutil.a
SOURCE[pkey_meth_kdf_test]=pkey_meth_kdf_test.c
INCLUDE[pkey_meth_kdf_test]=../include
DEPEND[pkey_meth_kdf_test]=../libcrypto libtestutil.a
SOURCE[x509_time_test]=x509_time_test.c
INCLUDE[x509_time_test]=../include
DEPEND[x509_time_test]=../libcrypto libtestutil.a
SOURCE[recordlentest]=recordlentest.c ssltestlib.c
INCLUDE[recordlentest]=../include
DEPEND[recordlentest]=../libcrypto ../libssl libtestutil.a
SOURCE[drbgtest]=drbgtest.c
INCLUDE[drbgtest]=../include
DEPEND[drbgtest]=../libcrypto libtestutil.a
SOURCE[drbg_cavs_test]=drbg_cavs_test.c drbg_cavs_data.c
INCLUDE[drbg_cavs_test]=../include . ..
DEPEND[drbg_cavs_test]=../libcrypto libtestutil.a
SOURCE[x509_dup_cert_test]=x509_dup_cert_test.c
INCLUDE[x509_dup_cert_test]=../include
DEPEND[x509_dup_cert_test]=../libcrypto libtestutil.a
SOURCE[x509_check_cert_pkey_test]=x509_check_cert_pkey_test.c
INCLUDE[x509_check_cert_pkey_test]=../include
DEPEND[x509_check_cert_pkey_test]=../libcrypto libtestutil.a
SOURCE[pemtest]=pemtest.c
INCLUDE[pemtest]=../include
DEPEND[pemtest]=../libcrypto libtestutil.a
SOURCE[ssl_cert_table_internal_test]=ssl_cert_table_internal_test.c
INCLUDE[ssl_cert_table_internal_test]=.. ../include
DEPEND[ssl_cert_table_internal_test]=../libcrypto libtestutil.a
SOURCE[ciphername_test]=ciphername_test.c
INCLUDE[ciphername_test]=../include
DEPEND[ciphername_test]=../libcrypto ../libssl libtestutil.a
SOURCE[servername_test]=servername_test.c ssltestlib.c
INCLUDE[servername_test]=../include
DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a
IF[{- !$disabled{cms} -}]
PROGRAMS_NO_INST=cmsapitest
SOURCE[cmsapitest]=cmsapitest.c
INCLUDE[cmsapitest]=../include
DEPEND[cmsapitest]=../libcrypto libtestutil.a
ENDIF
IF[{- !$disabled{psk} -}]
PROGRAMS_NO_INST=dtls_mtu_test
SOURCE[dtls_mtu_test]=dtls_mtu_test.c ssltestlib.c
INCLUDE[dtls_mtu_test]=.. ../include
DEPEND[dtls_mtu_test]=../libcrypto ../libssl libtestutil.a
ENDIF
IF[{- !$disabled{shared} -}]
PROGRAMS_NO_INST=shlibloadtest
SOURCE[shlibloadtest]=shlibloadtest.c
INCLUDE[shlibloadtest]=../include ../crypto/include
DEPEND[shlibloadtest]=libtestutil.a
ENDIF
IF[{- $disabled{shared} -}]
PROGRAMS_NO_INST=cipher_overhead_test
SOURCE[cipher_overhead_test]=cipher_overhead_test.c
INCLUDE[cipher_overhead_test]=.. ../include
DEPEND[cipher_overhead_test]=../libcrypto ../libssl libtestutil.a
ENDIF
SOURCE[uitest]=uitest.c \
{- rebase_files("../apps",
split(/\s+/, $target{apps_init_src})) -}
INCLUDE[uitest]=.. ../include ../apps
DEPEND[uitest]=../apps/libapps.a ../libcrypto ../libssl libtestutil.a
SOURCE[cipherbytes_test]=cipherbytes_test.c
INCLUDE[cipherbytes_test]=../include
DEPEND[cipherbytes_test]=../libcrypto ../libssl libtestutil.a
SOURCE[asn1_encode_test]=asn1_encode_test.c
INCLUDE[asn1_encode_test]=../include
DEPEND[asn1_encode_test]=../libcrypto libtestutil.a
SOURCE[asn1_decode_test]=asn1_decode_test.c
INCLUDE[asn1_decode_test]=../include
DEPEND[asn1_decode_test]=../libcrypto libtestutil.a
SOURCE[asn1_string_table_test]=asn1_string_table_test.c
INCLUDE[asn1_string_table_test]=../include
DEPEND[asn1_string_table_test]=../libcrypto libtestutil.a
SOURCE[time_offset_test]=time_offset_test.c
INCLUDE[time_offset_test]=../include
DEPEND[time_offset_test]=../libcrypto libtestutil.a
SOURCE[conf_include_test]=conf_include_test.c
INCLUDE[conf_include_test]=../include
DEPEND[conf_include_test]=../libcrypto libtestutil.a
# Internal test programs. These are essentially a collection of internal
# test routines. Some of them need to reach internal symbols that aren't
# available through the shared library (at least on Linux, Solaris, Windows
# and VMS, where the exported symbols are those listed in util/*.num), these
# programs are forcibly linked with the static libraries, where all symbols
# are always available. This excludes linking these programs natively on
# Windows when building shared libraries, since the static libraries share
# names with the DLL import libraries.
IF[{- $disabled{shared} || $target{build_scheme}->[1] ne 'windows' -}]
PROGRAMS_NO_INST=asn1_internal_test modes_internal_test x509_internal_test \
tls13encryptiontest wpackettest ctype_internal_test \
rdrand_sanitytest
IF[{- !$disabled{poly1305} -}]
PROGRAMS_NO_INST=poly1305_internal_test
ENDIF
IF[{- !$disabled{chacha} -}]
PROGRAMS_NO_INST=chacha_internal_test
ENDIF
IF[{- !$disabled{siphash} -}]
PROGRAMS_NO_INST=siphash_internal_test
ENDIF
IF[{- !$disabled{sm2} -}]
PROGRAMS_NO_INST=sm2_internal_test
ENDIF
IF[{- !$disabled{sm4} -}]
PROGRAMS_NO_INST=sm4_internal_test
ENDIF
IF[{- !$disabled{ec} -}]
PROGRAMS_NO_INST=curve448_internal_test
ENDIF
SOURCE[poly1305_internal_test]=poly1305_internal_test.c
INCLUDE[poly1305_internal_test]=.. ../include ../crypto/include
DEPEND[poly1305_internal_test]=../libcrypto.a libtestutil.a
SOURCE[chacha_internal_test]=chacha_internal_test.c
INCLUDE[chacha_internal_test]=.. ../include ../crypto/include
DEPEND[chacha_internal_test]=../libcrypto.a libtestutil.a
SOURCE[asn1_internal_test]=asn1_internal_test.c
INCLUDE[asn1_internal_test]=.. ../include ../crypto/include
DEPEND[asn1_internal_test]=../libcrypto.a libtestutil.a
SOURCE[modes_internal_test]=modes_internal_test.c
INCLUDE[modes_internal_test]=.. ../include
DEPEND[modes_internal_test]=../libcrypto.a libtestutil.a
SOURCE[x509_internal_test]=x509_internal_test.c
INCLUDE[x509_internal_test]=.. ../include
DEPEND[x509_internal_test]=../libcrypto.a libtestutil.a
SOURCE[tls13encryptiontest]=tls13encryptiontest.c
INCLUDE[tls13encryptiontest]=.. ../include
DEPEND[tls13encryptiontest]=../libcrypto ../libssl.a libtestutil.a
SOURCE[wpackettest]=wpackettest.c
INCLUDE[wpackettest]=../include
DEPEND[wpackettest]=../libcrypto ../libssl.a libtestutil.a
SOURCE[ctype_internal_test]=ctype_internal_test.c
INCLUDE[ctype_internal_test]=.. ../crypto/include ../include
DEPEND[ctype_internal_test]=../libcrypto.a libtestutil.a
SOURCE[siphash_internal_test]=siphash_internal_test.c
INCLUDE[siphash_internal_test]=.. ../include ../crypto/include
DEPEND[siphash_internal_test]=../libcrypto.a libtestutil.a
SOURCE[sm2_internal_test]=sm2_internal_test.c
INCLUDE[sm2_internal_test]=../include ../crypto/include
DEPEND[sm2_internal_test]=../libcrypto.a libtestutil.a
SOURCE[sm4_internal_test]=sm4_internal_test.c
INCLUDE[sm4_internal_test]=.. ../include ../crypto/include
DEPEND[sm4_internal_test]=../libcrypto.a libtestutil.a
SOURCE[curve448_internal_test]=curve448_internal_test.c
INCLUDE[curve448_internal_test]=.. ../include ../crypto/ec/curve448
DEPEND[curve448_internal_test]=../libcrypto.a libtestutil.a
SOURCE[rdrand_sanitytest]=rdrand_sanitytest.c
INCLUDE[rdrand_sanitytest]=../include
DEPEND[rdrand_sanitytest]=../libcrypto.a libtestutil.a
ENDIF
IF[{- !$disabled{mdc2} -}]
PROGRAMS_NO_INST=mdc2_internal_test
ENDIF
SOURCE[mdc2_internal_test]=mdc2_internal_test.c
INCLUDE[mdc2_internal_test]=.. ../include
DEPEND[mdc2_internal_test]=../libcrypto libtestutil.a
PROGRAMS_NO_INST=asn1_time_test
SOURCE[asn1_time_test]=asn1_time_test.c
INCLUDE[asn1_time_test]=../include
DEPEND[asn1_time_test]=../libcrypto libtestutil.a
# We disable this test completely in a shared build because it deliberately
# redefines some internal libssl symbols. This doesn't work in a non-shared
# build
IF[{- !$disabled{shared} -}]
PROGRAMS_NO_INST=tls13secretstest
SOURCE[tls13secretstest]=tls13secretstest.c
SOURCE[tls13secretstest]= ../ssl/tls13_enc.c ../ssl/packet.c
INCLUDE[tls13secretstest]=.. ../include
DEPEND[tls13secretstest]=../libcrypto ../libssl libtestutil.a
ENDIF
SOURCE[sslbuffertest]=sslbuffertest.c ssltestlib.c
INCLUDE[sslbuffertest]=../include
DEPEND[sslbuffertest]=../libcrypto ../libssl libtestutil.a
SOURCE[sysdefaulttest]=sysdefaulttest.c
INCLUDE[sysdefaulttest]=../include
DEPEND[sysdefaulttest]=../libcrypto ../libssl libtestutil.a
SOURCE[errtest]=errtest.c
INCLUDE[errtest]=../include
DEPEND[errtest]=../libcrypto libtestutil.a
SOURCE[gosttest]=gosttest.c ssltestlib.c
INCLUDE[gosttest]=../include ..
DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a
ENDIF
{-
use File::Spec::Functions;
use File::Basename;
use OpenSSL::Glob;
my @nogo_headers = ( "asn1_mac.h",
"opensslconf.h",
"__decc_include_prologue.h",
"__decc_include_epilogue.h" );
my @nogo_headers_re = ( qr/.*err\.h/ );
my @headerfiles = glob catfile($sourcedir,
updir(), "include", "openssl", "*.h");
foreach my $headerfile (@headerfiles) {
my $name = basename($headerfile, ".h");
next if $disabled{$name};
next if grep { $_ eq lc("$name.h") } @nogo_headers;
next if grep { lc("$name.h") =~ m/$_/i } @nogo_headers_re;
$OUT .= <<"_____";
PROGRAMS_NO_INST=buildtest_$name
GENERATE[buildtest_$name.c]=generate_buildtest.pl $name
SOURCE[buildtest_$name]=buildtest_$name.c
INCLUDE[buildtest_$name]=../include
DEPEND[buildtest_$name]=../libssl ../libcrypto
_____
}
-}
openssl-1.1.1/test/rsa_mp_test.c0000644000000000000000000002306013345734631015350 0ustar rootroot/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017 BaishanCloud. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* This aims to test the setting functions */
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/bn.h>
#include "testutil.h"
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#define NUM_EXTRA_PRIMES 1
static int key2048p3(RSA *key)
{
/* C90 requires string should <= 509 bytes */
static const unsigned char n[] =
"\x92\x60\xd0\x75\x0a\xe1\x17\xee\xe5\x5c\x3f\x3d\xea\xba\x74\x91"
"\x75\x21\xa2\x62\xee\x76\x00\x7c\xdf\x8a\x56\x75\x5a\xd7\x3a\x15"
"\x98\xa1\x40\x84\x10\xa0\x14\x34\xc3\xf5\xbc\x54\xa8\x8b\x57\xfa"
"\x19\xfc\x43\x28\xda\xea\x07\x50\xa4\xc4\x4e\x88\xcf\xf3\xb2\x38"
"\x26\x21\xb8\x0f\x67\x04\x64\x43\x3e\x43\x36\xe6\xd0\x03\xe8\xcd"
"\x65\xbf\xf2\x11\xda\x14\x4b\x88\x29\x1c\x22\x59\xa0\x0a\x72\xb7"
"\x11\xc1\x16\xef\x76\x86\xe8\xfe\xe3\x4e\x4d\x93\x3c\x86\x81\x87"
"\xbd\xc2\x6f\x7b\xe0\x71\x49\x3c\x86\xf7\xa5\x94\x1c\x35\x10\x80"
"\x6a\xd6\x7b\x0f\x94\xd8\x8f\x5c\xf5\xc0\x2a\x09\x28\x21\xd8\x62"
"\x6e\x89\x32\xb6\x5c\x5b\xd8\xc9\x20\x49\xc2\x10\x93\x2b\x7a\xfa"
"\x7a\xc5\x9c\x0e\x88\x6a\xe5\xc1\xed\xb0\x0d\x8c\xe2\xc5\x76\x33"
"\xdb\x26\xbd\x66\x39\xbf\xf7\x3c\xee\x82\xbe\x92\x75\xc4\x02\xb4"
"\xcf\x2a\x43\x88\xda\x8c\xf8\xc6\x4e\xef\xe1\xc5\xa0\xf5\xab\x80"
"\x57\xc3\x9f\xa5\xc0\x58\x9c\x3e\x25\x3f\x09\x60\x33\x23\x00\xf9"
"\x4b\xea\x44\x87\x7b\x58\x8e\x1e\xdb\xde\x97\xcf\x23\x60\x72\x7a"
"\x09\xb7\x75\x26\x2d\x7e\xe5\x52\xb3\x31\x9b\x92\x66\xf0\x5a\x25";
static const unsigned char e[] = "\x01\x00\x01";
static const unsigned char d[] =
"\x6a\x7d\xf2\xca\x63\xea\xd4\xdd\xa1\x91\xd6\x14\xb6\xb3\x85\xe0"
"\xd9\x05\x6a\x3d\x6d\x5c\xfe\x07\xdb\x1d\xaa\xbe\xe0\x22\xdb\x08"
"\x21\x2d\x97\x61\x3d\x33\x28\xe0\x26\x7c\x9d\xd2\x3d\x78\x7a\xbd"
"\xe2\xaf\xcb\x30\x6a\xeb\x7d\xfc\xe6\x92\x46\xcc\x73\xf5\xc8\x7f"
"\xdf\x06\x03\x01\x79\xa2\x11\x4b\x76\x7d\xb1\xf0\x83\xff\x84\x1c"
"\x02\x5d\x7d\xc0\x0c\xd8\x24\x35\xb9\xa9\x0f\x69\x53\x69\xe9\x4d"
"\xf2\x3d\x2c\xe4\x58\xbc\x3b\x32\x83\xad\x8b\xba\x2b\x8f\xa1\xba"
"\x62\xe2\xdc\xe9\xac\xcf\xf3\x79\x9a\xae\x7c\x84\x00\x16\xf3\xba"
"\x8e\x00\x48\xc0\xb6\xcc\x43\x39\xaf\x71\x61\x00\x3a\x5b\xeb\x86"
"\x4a\x01\x64\xb2\xc1\xc9\x23\x7b\x64\xbc\x87\x55\x69\x94\x35\x1b"
"\x27\x50\x6c\x33\xd4\xbc\xdf\xce\x0f\x9c\x49\x1a\x7d\x6b\x06\x28"
"\xc7\xc8\x52\xbe\x4f\x0a\x9c\x31\x32\xb2\xed\x3a\x2c\x88\x81\xe9"
"\xaa\xb0\x7e\x20\xe1\x7d\xeb\x07\x46\x91\xbe\x67\x77\x76\xa7\x8b"
"\x5c\x50\x2e\x05\xd9\xbd\xde\x72\x12\x6b\x37\x38\x69\x5e\x2d\xd1"
"\xa0\xa9\x8a\x14\x24\x7c\x65\xd8\xa7\xee\x79\x43\x2a\x09\x2c\xb0"
"\x72\x1a\x12\xdf\x79\x8e\x44\xf7\xcf\xce\x0c\x49\x81\x47\xa9\xb1";
static const unsigned char p[] =
"\x06\x77\xcd\xd5\x46\x9b\xc1\xd5\x58\x00\x81\xe2\xf3\x0a\x36\xb1"
"\x6e\x29\x89\xd5\x2f\x31\x5f\x92\x22\x3b\x9b\x75\x30\x82\xfa\xc5"
"\xf5\xde\x8a\x36\xdb\xc6\xe5\x8f\xef\x14\x37\xd6\x00\xf9\xab\x90"
"\x9b\x5d\x57\x4c\xf5\x1f\x77\xc4\xbb\x8b\xdd\x9b\x67\x11\x45\xb2"
"\x64\xe8\xac\xa8\x03\x0f\x16\x0d\x5d\x2d\x53\x07\x23\xfb\x62\x0d"
"\xe6\x16\xd3\x23\xe8\xb3";
static const unsigned char q[] =
"\x06\x66\x9a\x70\x53\xd6\x72\x74\xfd\xea\x45\xc3\xc0\x17\xae\xde"
"\x79\x17\xae\x79\xde\xfc\x0e\xf7\xa4\x3a\x8c\x43\x8f\xc7\x8a\xa2"
"\x2c\x51\xc4\xd0\x72\x89\x73\x5c\x61\xbe\xfd\x54\x3f\x92\x65\xde"
"\x4d\x65\x71\x70\xf6\xf2\xe5\x98\xb9\x0f\xd1\x0b\xe6\x95\x09\x4a"
"\x7a\xdf\xf3\x10\x16\xd0\x60\xfc\xa5\x10\x34\x97\x37\x6f\x0a\xd5"
"\x5d\x8f\xd4\xc3\xa0\x5b";
static const unsigned char dmp1[] =
"\x05\x7c\x9e\x1c\xbd\x90\x25\xe7\x40\x86\xf5\xa8\x3b\x7a\x3f\x99"
"\x56\x95\x60\x3a\x7b\x95\x4b\xb8\xa0\xd7\xa5\xf1\xcc\xdc\x5f\xb5"
"\x8c\xf4\x62\x95\x54\xed\x2e\x12\x62\xc2\xe8\xf6\xde\xce\xed\x8e"
"\x77\x6d\xc0\x40\x25\x74\xb3\x5a\x2d\xaa\xe1\xac\x11\xcb\xe2\x2f"
"\x0a\x51\x23\x1e\x47\xb2\x05\x88\x02\xb2\x0f\x4b\xf0\x67\x30\xf0"
"\x0f\x6e\xef\x5f\xf7\xe7";
static const unsigned char dmq1[] =
"\x01\xa5\x6b\xbc\xcd\xe3\x0e\x46\xc6\x72\xf5\x04\x56\x28\x01\x22"
"\x58\x74\x5d\xbc\x1c\x3c\x29\x41\x49\x6c\x81\x5c\x72\xe2\xf7\xe5"
"\xa3\x8e\x58\x16\xe0\x0e\x37\xac\x1f\xbb\x75\xfd\xaf\xe7\xdf\xe9"
"\x1f\x70\xa2\x8f\x52\x03\xc0\x46\xd9\xf9\x96\x63\x00\x27\x7e\x5f"
"\x38\x60\xd6\x6b\x61\xe2\xaf\xbe\xea\x58\xd3\x9d\xbc\x75\x03\x8d"
"\x42\x65\xd6\x6b\x85\x97";
static const unsigned char iqmp[] =
"\x03\xa1\x8b\x80\xe4\xd8\x87\x25\x17\x5d\xcc\x8d\xa9\x8a\x22\x2b"
"\x6c\x15\x34\x6f\x80\xcc\x1c\x44\x04\x68\xbc\x03\xcd\x95\xbb\x69"
"\x37\x61\x48\xb4\x23\x13\x08\x16\x54\x6a\xa1\x7c\xf5\xd4\x3a\xe1"
"\x4f\xa4\x0c\xf5\xaf\x80\x85\x27\x06\x0d\x70\xc0\xc5\x19\x28\xfe"
"\xee\x8e\x86\x21\x98\x8a\x37\xb7\xe5\x30\x25\x70\x93\x51\x2d\x49"
"\x85\x56\xb3\x0c\x2b\x96";
static const unsigned char ex_prime[] =
"\x03\x89\x22\xa0\xb7\x3a\x91\xcb\x5e\x0c\xfd\x73\xde\xa7\x38\xa9"
"\x47\x43\xd6\x02\xbf\x2a\xb9\x3c\x48\xf3\x06\xd6\x58\x35\x50\x56"
"\x16\x5c\x34\x9b\x61\x87\xc8\xaa\x0a\x5d\x8a\x0a\xcd\x9c\x41\xd9"
"\x96\x24\xe0\xa9\x9b\x26\xb7\xa8\x08\xc9\xea\xdc\xa7\x15\xfb\x62"
"\xa0\x2d\x90\xe6\xa7\x55\x6e\xc6\x6c\xff\xd6\x10\x6d\xfa\x2e\x04"
"\x50\xec\x5c\x66\xe4\x05";
static const unsigned char ex_exponent[] =
"\x02\x0a\xcd\xc3\x82\xd2\x03\xb0\x31\xac\xd3\x20\x80\x34\x9a\x57"
"\xbc\x60\x04\x57\x25\xd0\x29\x9a\x16\x90\xb9\x1c\x49\x6a\xd1\xf2"
"\x47\x8c\x0e\x9e\xc9\x20\xc2\xd8\xe4\x8f\xce\xd2\x1a\x9c\xec\xb4"
"\x1f\x33\x41\xc8\xf5\x62\xd1\xa5\xef\x1d\xa1\xd8\xbd\x71\xc6\xf7"
"\xda\x89\x37\x2e\xe2\xec\x47\xc5\xb8\xe3\xb4\xe3\x5c\x82\xaa\xdd"
"\xb7\x58\x2e\xaf\x07\x79";
static const unsigned char ex_coefficient[] =
"\x00\x9c\x09\x88\x9b\xc8\x57\x08\x69\x69\xab\x2d\x9e\x29\x1c\x3c"
"\x6d\x59\x33\x12\x0d\x2b\x09\x2e\xaf\x01\x2c\x27\x01\xfc\xbd\x26"
"\x13\xf9\x2d\x09\x22\x4e\x49\x11\x03\x82\x88\x87\xf4\x43\x1d\xac"
"\xca\xec\x86\xf7\x23\xf1\x64\xf3\xf5\x81\xf0\x37\x36\xcf\x67\xff"
"\x1a\xff\x7a\xc7\xf9\xf9\x67\x2d\xa0\x9d\x61\xf8\xf6\x47\x5c\x2f"
"\xe7\x66\xe8\x3c\x3a\xe8";
BIGNUM **pris = NULL, **exps = NULL, **coeffs = NULL;
int rv = 256; /* public key length */
if (!TEST_int_eq(RSA_set0_key(key,
BN_bin2bn(n, sizeof(n) - 1, NULL),
BN_bin2bn(e, sizeof(e) - 1, NULL),
BN_bin2bn(d, sizeof(d) - 1, NULL)), 1))
goto err;
if (!TEST_int_eq(RSA_set0_factors(key,
BN_bin2bn(p, sizeof(p) - 1, NULL),
BN_bin2bn(q, sizeof(q) - 1, NULL)), 1))
goto err;
if (!TEST_int_eq(RSA_set0_crt_params(key,
BN_bin2bn(dmp1, sizeof(dmp1) - 1, NULL),
BN_bin2bn(dmq1, sizeof(dmq1) - 1, NULL),
BN_bin2bn(iqmp, sizeof(iqmp) - 1,
NULL)), 1))
return 0;
pris = OPENSSL_zalloc(sizeof(BIGNUM *));
exps = OPENSSL_zalloc(sizeof(BIGNUM *));
coeffs = OPENSSL_zalloc(sizeof(BIGNUM *));
if (!TEST_ptr(pris) || !TEST_ptr(exps) || !TEST_ptr(coeffs))
goto err;
pris[0] = BN_bin2bn(ex_prime, sizeof(ex_prime) - 1, NULL);
exps[0] = BN_bin2bn(ex_exponent, sizeof(ex_exponent) - 1, NULL);
coeffs[0] = BN_bin2bn(ex_coefficient, sizeof(ex_coefficient) - 1, NULL);
if (!TEST_ptr(pris[0]) || !TEST_ptr(exps[0]) || !TEST_ptr(coeffs[0]))
goto err;
if (!TEST_true(RSA_set0_multi_prime_params(key, pris, exps,
coeffs, NUM_EXTRA_PRIMES)))
goto err;
ret:
OPENSSL_free(pris);
OPENSSL_free(exps);
OPENSSL_free(coeffs);
return rv;
err:
if (pris != NULL)
BN_free(pris[0]);
if (exps != NULL)
BN_free(exps[0]);
if (coeffs != NULL)
BN_free(coeffs[0]);
rv = 0;
goto ret;
}
static int test_rsa_mp(void)
{
int ret = 0;
RSA *key;
unsigned char ptext[256];
unsigned char ctext[256];
static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
int plen;
int clen = 0;
int num;
plen = sizeof(ptext_ex) - 1;
key = RSA_new();
if (!TEST_ptr(key))
goto err;
clen = key2048p3(key);
if (!TEST_int_eq(clen, 256))
goto err;
if (!TEST_true(RSA_check_key_ex(key, NULL)))
goto err;
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
if (!TEST_int_eq(num, clen))
goto err;
num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
if (!TEST_mem_eq(ptext, num, ptext_ex, plen))
goto err;
ret = 1;
err:
RSA_free(key);
return ret;
}
#endif
int setup_tests(void)
{
#ifndef OPENSSL_NO_RSA
ADD_TEST(test_rsa_mp);
#endif
return 1;
}
openssl-1.1.1/test/asynctest.c0000644000000000000000000002137513345734627015061 0ustar rootroot/*
* Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifdef _WIN32
# include <windows.h>
#endif
#include <stdio.h>
#include <string.h>
#include <openssl/async.h>
#include <openssl/crypto.h>
static int ctr = 0;
static ASYNC_JOB *currjob = NULL;
static int only_pause(void *args)
{
ASYNC_pause_job();
return 1;
}
static int add_two(void *args)
{
ctr++;
ASYNC_pause_job();
ctr++;
return 2;
}
static int save_current(void *args)
{
currjob = ASYNC_get_current_job();
ASYNC_pause_job();
return 1;
}
#define MAGIC_WAIT_FD ((OSSL_ASYNC_FD)99)
static int waitfd(void *args)
{
ASYNC_JOB *job;
ASYNC_WAIT_CTX *waitctx;
job = ASYNC_get_current_job();
if (job == NULL)
return 0;
waitctx = ASYNC_get_wait_ctx(job);
if (waitctx == NULL)
return 0;
/* First case: no fd added or removed */
ASYNC_pause_job();
/* Second case: one fd added */
if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
return 0;
ASYNC_pause_job();
/* Third case: all fd removed */
if (!ASYNC_WAIT_CTX_clear_fd(waitctx, waitctx))
return 0;
ASYNC_pause_job();
/* Last case: fd added and immediately removed */
if (!ASYNC_WAIT_CTX_set_wait_fd(waitctx, waitctx, MAGIC_WAIT_FD, NULL, NULL))
return 0;
if (!ASYNC_WAIT_CTX_clear_fd(waitctx, waitctx))
return 0;
return 1;
}
static int blockpause(void *args)
{
ASYNC_block_pause();
ASYNC_pause_job();
ASYNC_unblock_pause();
ASYNC_pause_job();
return 1;
}
static int test_ASYNC_init_thread(void)
{
ASYNC_JOB *job1 = NULL, *job2 = NULL, *job3 = NULL;
int funcret1, funcret2, funcret3;
ASYNC_WAIT_CTX *waitctx = NULL;
if ( !ASYNC_init_thread(2, 0)
|| (waitctx = ASYNC_WAIT_CTX_new()) == NULL
|| ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0)
!= ASYNC_PAUSE
|| ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0)
!= ASYNC_PAUSE
|| ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0)
!= ASYNC_NO_JOBS
|| ASYNC_start_job(&job1, waitctx, &funcret1, only_pause, NULL, 0)
!= ASYNC_FINISH
|| ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0)
!= ASYNC_PAUSE
|| ASYNC_start_job(&job2, waitctx, &funcret2, only_pause, NULL, 0)
!= ASYNC_FINISH
|| ASYNC_start_job(&job3, waitctx, &funcret3, only_pause, NULL, 0)
!= ASYNC_FINISH
|| funcret1 != 1
|| funcret2 != 1
|| funcret3 != 1) {
fprintf(stderr, "test_ASYNC_init_thread() failed\n");
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 0;
}
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 1;
}
static int test_ASYNC_start_job(void)
{
ASYNC_JOB *job = NULL;
int funcret;
ASYNC_WAIT_CTX *waitctx = NULL;
ctr = 0;
if ( !ASYNC_init_thread(1, 0)
|| (waitctx = ASYNC_WAIT_CTX_new()) == NULL
|| ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0)
!= ASYNC_PAUSE
|| ctr != 1
|| ASYNC_start_job(&job, waitctx, &funcret, add_two, NULL, 0)
!= ASYNC_FINISH
|| ctr != 2
|| funcret != 2) {
fprintf(stderr, "test_ASYNC_start_job() failed\n");
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 0;
}
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 1;
}
static int test_ASYNC_get_current_job(void)
{
ASYNC_JOB *job = NULL;
int funcret;
ASYNC_WAIT_CTX *waitctx = NULL;
currjob = NULL;
if ( !ASYNC_init_thread(1, 0)
|| (waitctx = ASYNC_WAIT_CTX_new()) == NULL
|| ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0)
!= ASYNC_PAUSE
|| currjob != job
|| ASYNC_start_job(&job, waitctx, &funcret, save_current, NULL, 0)
!= ASYNC_FINISH
|| funcret != 1) {
fprintf(stderr, "test_ASYNC_get_current_job() failed\n");
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 0;
}
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 1;
}
static int test_ASYNC_WAIT_CTX_get_all_fds(void)
{
ASYNC_JOB *job = NULL;
int funcret;
ASYNC_WAIT_CTX *waitctx = NULL;
OSSL_ASYNC_FD fd = OSSL_BAD_ASYNC_FD, delfd = OSSL_BAD_ASYNC_FD;
size_t numfds, numdelfds;
if ( !ASYNC_init_thread(1, 0)
|| (waitctx = ASYNC_WAIT_CTX_new()) == NULL
/* On first run we're not expecting any wait fds */
|| ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
!= ASYNC_PAUSE
|| !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
|| numfds != 0
|| !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
&numdelfds)
|| numfds != 0
|| numdelfds != 0
/* On second run we're expecting one added fd */
|| ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
!= ASYNC_PAUSE
|| !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
|| numfds != 1
|| !ASYNC_WAIT_CTX_get_all_fds(waitctx, &fd, &numfds)
|| fd != MAGIC_WAIT_FD
|| (fd = OSSL_BAD_ASYNC_FD, 0) /* Assign to something else */
|| !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
&numdelfds)
|| numfds != 1
|| numdelfds != 0
|| !ASYNC_WAIT_CTX_get_changed_fds(waitctx, &fd, &numfds, NULL,
&numdelfds)
|| fd != MAGIC_WAIT_FD
/* On third run we expect one deleted fd */
|| ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
!= ASYNC_PAUSE
|| !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
|| numfds != 0
|| !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
&numdelfds)
|| numfds != 0
|| numdelfds != 1
|| !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, &delfd,
&numdelfds)
|| delfd != MAGIC_WAIT_FD
/* On last run we are not expecting any wait fd */
|| ASYNC_start_job(&job, waitctx, &funcret, waitfd, NULL, 0)
!= ASYNC_FINISH
|| !ASYNC_WAIT_CTX_get_all_fds(waitctx, NULL, &numfds)
|| numfds != 0
|| !ASYNC_WAIT_CTX_get_changed_fds(waitctx, NULL, &numfds, NULL,
&numdelfds)
|| numfds != 0
|| numdelfds != 0
|| funcret != 1) {
fprintf(stderr, "test_ASYNC_get_wait_fd() failed\n");
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 0;
}
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 1;
}
static int test_ASYNC_block_pause(void)
{
ASYNC_JOB *job = NULL;
int funcret;
ASYNC_WAIT_CTX *waitctx = NULL;
if ( !ASYNC_init_thread(1, 0)
|| (waitctx = ASYNC_WAIT_CTX_new()) == NULL
|| ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0)
!= ASYNC_PAUSE
|| ASYNC_start_job(&job, waitctx, &funcret, blockpause, NULL, 0)
!= ASYNC_FINISH
|| funcret != 1) {
fprintf(stderr, "test_ASYNC_block_pause() failed\n");
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 0;
}
ASYNC_WAIT_CTX_free(waitctx);
ASYNC_cleanup_thread();
return 1;
}
int main(int argc, char **argv)
{
if (!ASYNC_is_capable()) {
fprintf(stderr,
"OpenSSL build is not ASYNC capable - skipping async tests\n");
} else {
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
if ( !test_ASYNC_init_thread()
|| !test_ASYNC_start_job()
|| !test_ASYNC_get_current_job()
|| !test_ASYNC_WAIT_CTX_get_all_fds()
|| !test_ASYNC_block_pause()) {
return 1;
}
}
printf("PASS\n");
return 0;
}
openssl-1.1.1/test/modes_internal_test.c0000644000000000000000000007177513345734630017111 0ustar rootroot/*
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/* Internal tests for the modes module */
#include <stdio.h>
#include <string.h>
#include <openssl/aes.h>
#include <openssl/modes.h>
#include "../crypto/modes/modes_lcl.h"
#include "testutil.h"
#include "internal/nelem.h"
typedef struct {
size_t size;
const unsigned char *data;
} SIZED_DATA;
/**********************************************************************
*
* Test of cts128
*
***/
/* cts128 test vectors from RFC 3962 */
static const unsigned char cts128_test_key[16] = "chicken teriyaki";
static const unsigned char cts128_test_input[64] =
"I would like the" " General Gau's C"
"hicken, please, " "and wonton soup.";
static const unsigned char cts128_test_iv[] =
{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
static const unsigned char vector_17[17] = {
0xc6, 0x35, 0x35, 0x68, 0xf2, 0xbf, 0x8c, 0xb4,
0xd8, 0xa5, 0x80, 0x36, 0x2d, 0xa7, 0xff, 0x7f,
0x97
};
static const unsigned char vector_31[31] = {
0xfc, 0x00, 0x78, 0x3e, 0x0e, 0xfd, 0xb2, 0xc1,
0xd4, 0x45, 0xd4, 0xc8, 0xef, 0xf7, 0xed, 0x22,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5
};
static const unsigned char vector_32[32] = {
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84
};
static const unsigned char vector_47[47] = {
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
0xb3, 0xff, 0xfd, 0x94, 0x0c, 0x16, 0xa1, 0x8c,
0x1b, 0x55, 0x49, 0xd2, 0xf8, 0x38, 0x02, 0x9e,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5
};
static const unsigned char vector_48[48] = {
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8
};
static const unsigned char vector_64[64] = {
0x97, 0x68, 0x72, 0x68, 0xd6, 0xec, 0xcc, 0xc0,
0xc0, 0x7b, 0x25, 0xe2, 0x5e, 0xcf, 0xe5, 0x84,
0x39, 0x31, 0x25, 0x23, 0xa7, 0x86, 0x62, 0xd5,
0xbe, 0x7f, 0xcb, 0xcc, 0x98, 0xeb, 0xf5, 0xa8,
0x48, 0x07, 0xef, 0xe8, 0x36, 0xee, 0x89, 0xa5,
0x26, 0x73, 0x0d, 0xbc, 0x2f, 0x7b, 0xc8, 0x40,
0x9d, 0xad, 0x8b, 0xbb, 0x96, 0xc4, 0xcd, 0xc0,
0x3b, 0xc1, 0x03, 0xe1, 0xa1, 0x94, 0xbb, 0xd8
};
#define CTS128_TEST_VECTOR(len) \
{ \
sizeof(vector_##len), vector_##len \
}
static const SIZED_DATA aes_cts128_vectors[] = {
CTS128_TEST_VECTOR(17),
CTS128_TEST_VECTOR(31),
CTS128_TEST_VECTOR(32),
CTS128_TEST_VECTOR(47),
CTS128_TEST_VECTOR(48),
CTS128_TEST_VECTOR(64),
};
static AES_KEY *cts128_encrypt_key_schedule(void)
{
static int init_key = 1;
static AES_KEY ks;
if (init_key) {
AES_set_encrypt_key(cts128_test_key, 128, &ks);
init_key = 0;
}
return &ks;
}
static AES_KEY *cts128_decrypt_key_schedule(void)
{
static int init_key = 1;
static AES_KEY ks;
if (init_key) {
AES_set_decrypt_key(cts128_test_key, 128, &ks);
init_key = 0;
}
return &ks;
}
typedef struct {
const char *case_name;
size_t (*last_blocks_correction)(const unsigned char *in,
unsigned char *out, size_t len);
size_t (*encrypt_block)(const unsigned char *in,
unsigned char *out, size_t len,
const void *key, unsigned char ivec[16],
block128_f block);
size_t (*encrypt_stream)(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
size_t (*decrypt_block)(const unsigned char *in,
unsigned char *out, size_t len,
const void *key, unsigned char ivec[16],
block128_f block);
size_t (*decrypt_stream)(const unsigned char *in, unsigned char *out,
size_t len, const void *key,
unsigned char ivec[16], cbc128_f cbc);
} CTS128_FIXTURE;
static size_t last_blocks_correction(const unsigned char *in,
unsigned char *out, size_t len)
{
size_t tail;
memcpy(out, in, len);
if ((tail = len % 16) == 0)
tail = 16;
tail += 16;
return tail;
}
static size_t last_blocks_correction_nist(const unsigned char *in,
unsigned char *out, size_t len)
{
size_t tail;
if ((tail = len % 16) == 0)
tail = 16;
len -= 16 + tail;
memcpy(out, in, len);
/* flip two last blocks */
memcpy(out + len, in + len + 16, tail);
memcpy(out + len + tail, in + len, 16);
len += 16 + tail;
tail = 16;
return tail;
}
static int execute_cts128(const CTS128_FIXTURE *fixture, int num)
{
const unsigned char *test_iv = cts128_test_iv;
size_t test_iv_len = sizeof(cts128_test_iv);
const unsigned char *orig_vector = aes_cts128_vectors[num].data;
size_t len = aes_cts128_vectors[num].size;
const unsigned char *test_input = cts128_test_input;
const AES_KEY *encrypt_key_schedule = cts128_encrypt_key_schedule();
const AES_KEY *decrypt_key_schedule = cts128_decrypt_key_schedule();
unsigned char iv[16];
/* The largest test inputs are = 64 bytes. */
unsigned char cleartext[64], ciphertext[64], vector[64];
size_t tail, size;
TEST_info("%s_vector_%lu", fixture->case_name, (unsigned long)len);
tail = fixture->last_blocks_correction(orig_vector, vector, len);
/* test block-based encryption */
memcpy(iv, test_iv, test_iv_len);
if (!TEST_size_t_eq(fixture->encrypt_block(test_input, ciphertext, len,
encrypt_key_schedule, iv,
(block128_f)AES_encrypt), len)
|| !TEST_mem_eq(ciphertext, len, vector, len)
|| !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
/* test block-based decryption */
memcpy(iv, test_iv, test_iv_len);
size = fixture->decrypt_block(ciphertext, cleartext, len,
decrypt_key_schedule, iv,
(block128_f)AES_decrypt);
if (!TEST_true(len == size || len + 16 == size)
|| !TEST_mem_eq(cleartext, len, test_input, len)
|| !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
/* test streamed encryption */
memcpy(iv, test_iv, test_iv_len);
if (!TEST_size_t_eq(fixture->encrypt_stream(test_input, ciphertext, len,
encrypt_key_schedule, iv,
(cbc128_f) AES_cbc_encrypt),
len)
|| !TEST_mem_eq(ciphertext, len, vector, len)
|| !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
/* test streamed decryption */
memcpy(iv, test_iv, test_iv_len);
if (!TEST_size_t_eq(fixture->decrypt_stream(ciphertext, cleartext, len,
decrypt_key_schedule, iv,
(cbc128_f)AES_cbc_encrypt),
len)
|| !TEST_mem_eq(cleartext, len, test_input, len)
|| !TEST_mem_eq(iv, sizeof(iv), vector + len - tail, sizeof(iv)))
return 0;
return 1;
}
static int test_aes_cts128(int idx)
{
static const CTS128_FIXTURE fixture_cts128 = {
"aes_cts128", last_blocks_correction,
CRYPTO_cts128_encrypt_block, CRYPTO_cts128_encrypt,
CRYPTO_cts128_decrypt_block, CRYPTO_cts128_decrypt
};
return execute_cts128(&fixture_cts128, idx);
}
static int test_aes_cts128_nist(int idx)
{
static const CTS128_FIXTURE fixture_cts128_nist = {
"aes_cts128_nist", last_blocks_correction_nist,
CRYPTO_nistcts128_encrypt_block, CRYPTO_nistcts128_encrypt,
CRYPTO_nistcts128_decrypt_block, CRYPTO_nistcts128_decrypt
};
return execute_cts128(&fixture_cts128_nist, idx);
}
/*
*
* Test of gcm128
*
*/
/* Test Case 1 */
static const u8 K1[16], P1[] = { 0 }, A1[] = { 0 }, IV1[12], C1[] = { 0 };
static const u8 T1[] = {
0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a
};
/* Test Case 2 */
# define K2 K1
# define A2 A1
# define IV2 IV1
static const u8 P2[16];
static const u8 C2[] = {
0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78
};
static const u8 T2[] = {
0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf
};
/* Test Case 3 */
# define A3 A2
static const u8 K3[] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
static const u8 P3[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
};
static const u8 IV3[] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
static const u8 C3[] = {
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85
};
static const u8 T3[] = {
0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4
};
/* Test Case 4 */
# define K4 K3
# define IV4 IV3
static const u8 P4[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
static const u8 A4[] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
static const u8 C4[] = {
0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
0x3d, 0x58, 0xe0, 0x91
};
static const u8 T4[] = {
0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47
};
/* Test Case 5 */
# define K5 K4
# define P5 P4
# define A5 A4
static const u8 IV5[] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
};
static const u8 C5[] = {
0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
0xc2, 0x3f, 0x45, 0x98
};
static const u8 T5[] = {
0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb
};
/* Test Case 6 */
# define K6 K5
# define P6 P5
# define A6 A5
static const u8 IV6[] = {
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b
};
static const u8 C6[] = {
0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
0x4c, 0x34, 0xae, 0xe5
};
static const u8 T6[] = {
0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50
};
/* Test Case 7 */
static const u8 K7[24], P7[] = { 0 }, A7[] = { 0 }, IV7[12], C7[] = { 0 };
static const u8 T7[] = {
0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35
};
/* Test Case 8 */
# define K8 K7
# define IV8 IV7
# define A8 A7
static const u8 P8[16];
static const u8 C8[] = {
0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00
};
static const u8 T8[] = {
0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb
};
/* Test Case 9 */
# define A9 A8
static const u8 K9[] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
};
static const u8 P9[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
};
static const u8 IV9[] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
static const u8 C9[] = {
0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56
};
static const u8 T9[] = {
0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14
};
/* Test Case 10 */
# define K10 K9
# define IV10 IV9
static const u8 P10[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
static const u8 A10[] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
static const u8 C10[] = {
0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
0xcc, 0xda, 0x27, 0x10
};
static const u8 T10[] = {
0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c
};
/* Test Case 11 */
# define K11 K10
# define P11 P10
# define A11 A10
static const u8 IV11[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
static const u8 C11[] = {
0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
0xa0, 0xf0, 0x62, 0xf7
};
static const u8 T11[] = {
0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8
};
/* Test Case 12 */
# define K12 K11
# define P12 P11
# define A12 A11
static const u8 IV12[] = {
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b
};
static const u8 C12[] = {
0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
0xe9, 0xb7, 0x37, 0x3b
};
static const u8 T12[] = {
0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
};
/* Test Case 13 */
static const u8 K13[32], P13[] = { 0 }, A13[] = { 0 }, IV13[12], C13[] = { 0 };
static const u8 T13[] = {
0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b
};
/* Test Case 14 */
# define K14 K13
# define A14 A13
static const u8 P14[16], IV14[12];
static const u8 C14[] = {
0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18
};
static const u8 T14[] = {
0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19
};
/* Test Case 15 */
# define A15 A14
static const u8 K15[] = {
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
};
static const u8 P15[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55
};
static const u8 IV15[] = {
0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
0xde, 0xca, 0xf8, 0x88
};
static const u8 C15[] = {
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
};
static const u8 T15[] = {
0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c
};
/* Test Case 16 */
# define K16 K15
# define IV16 IV15
static const u8 P16[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39
};
static const u8 A16[] = {
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
0xab, 0xad, 0xda, 0xd2
};
static const u8 C16[] = {
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62
};
static const u8 T16[] = {
0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
};
/* Test Case 17 */
# define K17 K16
# define P17 P16
# define A17 A16
static const u8 IV17[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad };
static const u8 C17[] = {
0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
0xf4, 0x7c, 0x9b, 0x1f
};
static const u8 T17[] = {
0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2
};
/* Test Case 18 */
# define K18 K17
# define P18 P17
# define A18 A17
static const u8 IV18[] = {
0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
0xa6, 0x37, 0xb3, 0x9b
};
static const u8 C18[] = {
0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
0x44, 0xae, 0x7e, 0x3f
};
static const u8 T18[] = {
0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a
};
/* Test Case 19 */
# define K19 K1
# define P19 P1
# define IV19 IV1
# define C19 C1
static const u8 A19[] = {
0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55,
0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad
};
static const u8 T19[] = {
0x5f, 0xea, 0x79, 0x3a, 0x2d, 0x6f, 0x97, 0x4d,
0x37, 0xe6, 0x8e, 0x0c, 0xb8, 0xff, 0x94, 0x92
};
/* Test Case 20 */
# define K20 K1
# define A20 A1
/* this results in 0xff in counter LSB */
static const u8 IV20[64] = { 0xff, 0xff, 0xff, 0xff };
static const u8 P20[288];
static const u8 C20[] = {
0x56, 0xb3, 0x37, 0x3c, 0xa9, 0xef, 0x6e, 0x4a,
0x2b, 0x64, 0xfe, 0x1e, 0x9a, 0x17, 0xb6, 0x14,
0x25, 0xf1, 0x0d, 0x47, 0xa7, 0x5a, 0x5f, 0xce,
0x13, 0xef, 0xc6, 0xbc, 0x78, 0x4a, 0xf2, 0x4f,
0x41, 0x41, 0xbd, 0xd4, 0x8c, 0xf7, 0xc7, 0x70,
0x88, 0x7a, 0xfd, 0x57, 0x3c, 0xca, 0x54, 0x18,
0xa9, 0xae, 0xff, 0xcd, 0x7c, 0x5c, 0xed, 0xdf,
0xc6, 0xa7, 0x83, 0x97, 0xb9, 0xa8, 0x5b, 0x49,
0x9d, 0xa5, 0x58, 0x25, 0x72, 0x67, 0xca, 0xab,
0x2a, 0xd0, 0xb2, 0x3c, 0xa4, 0x76, 0xa5, 0x3c,
0xb1, 0x7f, 0xb4, 0x1c, 0x4b, 0x8b, 0x47, 0x5c,
0xb4, 0xf3, 0xf7, 0x16, 0x50, 0x94, 0xc2, 0x29,
0xc9, 0xe8, 0xc4, 0xdc, 0x0a, 0x2a, 0x5f, 0xf1,
0x90, 0x3e, 0x50, 0x15, 0x11, 0x22, 0x13, 0x76,
0xa1, 0xcd, 0xb8, 0x36, 0x4c, 0x50, 0x61, 0xa2,
0x0c, 0xae, 0x74, 0xbc, 0x4a, 0xcd, 0x76, 0xce,
0xb0, 0xab, 0xc9, 0xfd, 0x32, 0x17, 0xef, 0x9f,
0x8c, 0x90, 0xbe, 0x40, 0x2d, 0xdf, 0x6d, 0x86,
0x97, 0xf4, 0xf8, 0x80, 0xdf, 0xf1, 0x5b, 0xfb,
0x7a, 0x6b, 0x28, 0x24, 0x1e, 0xc8, 0xfe, 0x18,
0x3c, 0x2d, 0x59, 0xe3, 0xf9, 0xdf, 0xff, 0x65,
0x3c, 0x71, 0x26, 0xf0, 0xac, 0xb9, 0xe6, 0x42,
0x11, 0xf4, 0x2b, 0xae, 0x12, 0xaf, 0x46, 0x2b,
0x10, 0x70, 0xbe, 0xf1, 0xab, 0x5e, 0x36, 0x06,
0x87, 0x2c, 0xa1, 0x0d, 0xee, 0x15, 0xb3, 0x24,
0x9b, 0x1a, 0x1b, 0x95, 0x8f, 0x23, 0x13, 0x4c,
0x4b, 0xcc, 0xb7, 0xd0, 0x32, 0x00, 0xbc, 0xe4,
0x20, 0xa2, 0xf8, 0xeb, 0x66, 0xdc, 0xf3, 0x64,
0x4d, 0x14, 0x23, 0xc1, 0xb5, 0x69, 0x90, 0x03,
0xc1, 0x3e, 0xce, 0xf4, 0xbf, 0x38, 0xa3, 0xb6,
0x0e, 0xed, 0xc3, 0x40, 0x33, 0xba, 0xc1, 0x90,
0x27, 0x83, 0xdc, 0x6d, 0x89, 0xe2, 0xe7, 0x74,
0x18, 0x8a, 0x43, 0x9c, 0x7e, 0xbc, 0xc0, 0x67,
0x2d, 0xbd, 0xa4, 0xdd, 0xcf, 0xb2, 0x79, 0x46,
0x13, 0xb0, 0xbe, 0x41, 0x31, 0x5e, 0xf7, 0x78,
0x70, 0x8a, 0x70, 0xee, 0x7d, 0x75, 0x16, 0x5c
};
static const u8 T20[] = {
0x8b, 0x30, 0x7f, 0x6b, 0x33, 0x28, 0x6d, 0x0a,
0xb0, 0x26, 0xa9, 0xed, 0x3f, 0xe1, 0xe8, 0x5f
};
#define GCM128_TEST_VECTOR(n) \
{ \
{sizeof(K##n), K##n}, \
{sizeof(IV##n), IV##n}, \
{sizeof(A##n), A##n}, \
{sizeof(P##n), P##n}, \
{sizeof(C##n), C##n}, \
{sizeof(T##n), T##n} \
}
static struct gcm128_data {
const SIZED_DATA K;
const SIZED_DATA IV;
const SIZED_DATA A;
const SIZED_DATA P;
const SIZED_DATA C;
const SIZED_DATA T;
} gcm128_vectors[] = {
GCM128_TEST_VECTOR(1),
GCM128_TEST_VECTOR(2),
GCM128_TEST_VECTOR(3),
GCM128_TEST_VECTOR(4),
GCM128_TEST_VECTOR(5),
GCM128_TEST_VECTOR(6),
GCM128_TEST_VECTOR(7),
GCM128_TEST_VECTOR(8),
GCM128_TEST_VECTOR(9),
GCM128_TEST_VECTOR(10),
GCM128_TEST_VECTOR(11),
GCM128_TEST_VECTOR(12),
GCM128_TEST_VECTOR(13),
GCM128_TEST_VECTOR(14),
GCM128_TEST_VECTOR(15),
GCM128_TEST_VECTOR(16),
GCM128_TEST_VECTOR(17),
GCM128_TEST_VECTOR(18),
GCM128_TEST_VECTOR(19),
GCM128_TEST_VECTOR(20)
};
static int test_gcm128(int idx)
{
unsigned char out[512];
SIZED_DATA K = gcm128_vectors[idx].K;
SIZED_DATA IV = gcm128_vectors[idx].IV;
SIZED_DATA A = gcm128_vectors[idx].A;
SIZED_DATA P = gcm128_vectors[idx].P;
SIZED_DATA C = gcm128_vectors[idx].C;
SIZED_DATA T = gcm128_vectors[idx].T;
GCM128_CONTEXT ctx;
AES_KEY key;
/* Size 1 inputs are special-cased to signal NULL. */
if (A.size == 1)
A.data = NULL;
if (P.size == 1)
P.data = NULL;
if (C.size == 1)
C.data = NULL;
AES_set_encrypt_key(K.data, K.size * 8, &key);
CRYPTO_gcm128_init(&ctx, &key, (block128_f)AES_encrypt);
CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
memset(out, 0, P.size);
if (A.data != NULL)
CRYPTO_gcm128_aad(&ctx, A.data, A.size);
if (P.data != NULL)
CRYPTO_gcm128_encrypt( &ctx, P.data, out, P.size);
if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
|| (C.data != NULL
&& !TEST_mem_eq(out, P.size, C.data, P.size)))
return 0;
CRYPTO_gcm128_setiv(&ctx, IV.data, IV.size);
memset(out, 0, P.size);
if (A.data != NULL)
CRYPTO_gcm128_aad(&ctx, A.data, A.size);
if (C.data != NULL)
CRYPTO_gcm128_decrypt(&ctx, C.data, out, P.size);
if (!TEST_false(CRYPTO_gcm128_finish(&ctx, T.data, 16))
|| (P.data != NULL
&& !TEST_mem_eq(out, P.size, P.data, P.size)))
return 0;
return 1;
}
int setup_tests(void)
{
ADD_ALL_TESTS(test_aes_cts128, OSSL_NELEM(aes_cts128_vectors));
ADD_ALL_TESTS(test_aes_cts128_nist, OSSL_NELEM(aes_cts128_vectors));
ADD_ALL_TESTS(test_gcm128, OSSL_NELEM(gcm128_vectors));
return 1;
}
openssl-1.1.1/test/danetest.c0000644000000000000000000002616413345734630014646 0ustar rootroot/*
* Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <limits.h>
#include <errno.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "testutil.h"
#include "internal/nelem.h"
#define _UC(c) ((unsigned char)(c))
static const char *basedomain;
static const char *CAfile;
static const char *tlsafile;
/*
* Forward declaration, of function that uses internal interfaces, from headers
* included at the end of this module.
*/
static void store_ctx_dane_init(X509_STORE_CTX *, SSL *);
static int saved_errno;
static void save_errno(void)
{
saved_errno = errno;
}
static int restore_errno(void)
{
int ret = errno;
errno = saved_errno;
return ret;
}
static int verify_chain(SSL *ssl, STACK_OF(X509) *chain)
{
X509_STORE_CTX *store_ctx = NULL;
SSL_CTX *ssl_ctx = NULL;
X509_STORE *store = NULL;
X509 *cert = NULL;
int ret = 0;
int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
if (!TEST_ptr(store_ctx = X509_STORE_CTX_new())
|| !TEST_ptr(ssl_ctx = SSL_get_SSL_CTX(ssl))
|| !TEST_ptr(store = SSL_CTX_get_cert_store(ssl_ctx))
|| !TEST_ptr(cert = sk_X509_value(chain, 0))
|| !TEST_true(X509_STORE_CTX_init(store_ctx, store, cert, chain))
|| !TEST_true(X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx,
ssl)))
goto end;
X509_STORE_CTX_set_default(store_ctx,
SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
SSL_get0_param(ssl));
store_ctx_dane_init(store_ctx, ssl);
if (SSL_get_verify_callback(ssl) != NULL)
X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
/* Mask "internal failures" (-1) from our return value. */
if (!TEST_int_ge(ret = X509_verify_cert(store_ctx), 0))
ret = 0;
SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(store_ctx));
X509_STORE_CTX_cleanup(store_ctx);
end:
X509_STORE_CTX_free(store_ctx);
return ret;
}
static STACK_OF(X509) *load_chain(BIO *fp, int nelem)
{
int count;
char *name = 0;
char *header = 0;
unsigned char *data = 0;
long len;
char *errtype = 0; /* if error: cert or pkey? */
STACK_OF(X509) *chain;
typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
if (!TEST_ptr(chain = sk_X509_new_null()))
goto err;
for (count = 0;
count < nelem && errtype == 0
&& PEM_read_bio(fp, &name, &header, &data, &len) == 1;
++count) {
if (strcmp(name, PEM_STRING_X509) == 0
|| strcmp(name, PEM_STRING_X509_TRUSTED) == 0
|| strcmp(name, PEM_STRING_X509_OLD) == 0) {
d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0
? d2i_X509_AUX : d2i_X509;
X509 *cert;
const unsigned char *p = data;
if (!TEST_ptr(cert = d(0, &p, len))
|| !TEST_long_eq(p - data, len)) {
TEST_info("Certificate parsing error");
goto err;
}
if (!TEST_true(sk_X509_push(chain, cert)))
goto err;
} else {
TEST_info("Unknown chain file object %s", name);
goto err;
}
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
name = header = NULL;
data = NULL;
}
if (count == nelem) {
ERR_clear_error();
return chain;
}
err:
OPENSSL_free(name);
OPENSSL_free(header);
OPENSSL_free(data);
sk_X509_pop_free(chain, X509_free);
return NULL;
}
static char *read_to_eol(BIO *f)
{
static char buf[1024];
int n;
if (!BIO_gets(f, buf, sizeof(buf)))
return NULL;
n = strlen(buf);
if (buf[n - 1] != '\n') {
if (n + 1 == sizeof(buf))
TEST_error("input too long");
else
TEST_error("EOF before newline");
return NULL;
}
/* Trim trailing whitespace */
while (n > 0 && isspace(_UC(buf[n - 1])))
buf[--n] = '\0';
return buf;
}
/*
* Hex decoder that tolerates optional whitespace
*/
static ossl_ssize_t hexdecode(const char *in, void *result)
{
unsigned char **out = (unsigned char **)result;
unsigned char *ret;
unsigned char *cp;
uint8_t byte;
int nibble = 0;
if (!TEST_ptr(ret = OPENSSL_malloc(strlen(in) / 2)))
return -1;
cp = ret;
for (byte = 0; *in; ++in) {
int x;
if (isspace(_UC(*in)))
continue;
x = OPENSSL_hexchar2int(*in);
if (x < 0) {
OPENSSL_free(ret);
return 0;
}
byte |= (char)x;
if ((nibble ^= 1) == 0) {
*cp++ = byte;
byte = 0;
} else {
byte <<= 4;
}
}
if (nibble != 0) {
OPENSSL_free(ret);
return 0;
}
return cp - (*out = ret);
}
static ossl_ssize_t checked_uint8(const char *in, void *out)
{
uint8_t *result = (uint8_t *)out;
const char *cp = in;
char *endp;
long v;
int e;
save_errno();
v = strtol(cp, &endp, 10);
e = restore_errno();
if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
endp == cp || !isspace(_UC(*endp)) ||
v != (*(uint8_t *)result = (uint8_t) v)) {
return -1;
}
for (cp = endp; isspace(_UC(*cp)); ++cp)
continue;
return cp - in;
}
struct tlsa_field {
void *var;
const char *name;
ossl_ssize_t (*parser)(const char *, void *);
};
static int tlsa_import_rr(SSL *ssl, const char *rrdata)
{
static uint8_t usage;
static uint8_t selector;
static uint8_t mtype;
static unsigned char *data = NULL;
static struct tlsa_field tlsa_fields[] = {
{ &usage, "usage", checked_uint8 },
{ &selector, "selector", checked_uint8 },
{ &mtype, "mtype", checked_uint8 },
{ &data, "data", hexdecode },
{ NULL, }
};
int ret;
struct tlsa_field *f;
const char *cp = rrdata;
ossl_ssize_t len = 0;
for (f = tlsa_fields; f->var; ++f) {
if ((len = f->parser(cp += len, f->var)) <= 0) {
TEST_info("bad TLSA %s field in: %s", f->name, rrdata);
return 0;
}
}
ret = SSL_dane_tlsa_add(ssl, usage, selector, mtype, data, len);
OPENSSL_free(data);
if (ret == 0) {
TEST_info("unusable TLSA rrdata: %s", rrdata);
return 0;
}
if (ret < 0) {
TEST_info("error loading TLSA rrdata: %s", rrdata);
return 0;
}
return ret;
}
static int allws(const char *cp)
{
while (*cp)
if (!isspace(_UC(*cp++)))
return 0;
return 1;
}
static int test_tlsafile(SSL_CTX *ctx, const char *base_name,
BIO *f, const char *path)
{
char *line;
int testno = 0;
int ret = 1;
SSL *ssl;
while (ret > 0 && (line = read_to_eol(f)) != NULL) {
STACK_OF(X509) *chain;
int ntlsa;
int ncert;
int noncheck;
int want;
int want_depth;
int off;
int i;
int ok;
int err;
int mdpth;
if (*line == '\0' || *line == '#')
continue;
++testno;
if (sscanf(line, "%d %d %d %d %d%n",
&ntlsa, &ncert, &noncheck, &want, &want_depth, &off) != 5
|| !allws(line + off)) {
TEST_error("Malformed line for test %d", testno);
return 0;
}
if (!TEST_ptr(ssl = SSL_new(ctx)))
return 0;
SSL_set_connect_state(ssl);
if (SSL_dane_enable(ssl, base_name) <= 0) {
SSL_free(ssl);
return 0;
}
if (noncheck)
SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
for (i = 0; i < ntlsa; ++i) {
if ((line = read_to_eol(f)) == NULL || !tlsa_import_rr(ssl, line)) {
SSL_free(ssl);
return 0;
}
}
/* Don't report old news */
ERR_clear_error();
if (!TEST_ptr(chain = load_chain(f, ncert))) {
SSL_free(ssl);
return 0;
}
ok = verify_chain(ssl, chain);
sk_X509_pop_free(chain, X509_free);
err = SSL_get_verify_result(ssl);
/*
* Peek under the hood, normally TLSA match data is hidden when
* verification fails, we can obtain any suppressed data by setting the
* verification result to X509_V_OK before looking.
*/
SSL_set_verify_result(ssl, X509_V_OK);
mdpth = SSL_get0_dane_authority(ssl, NULL, NULL);
/* Not needed any more, but lead by example and put the error back. */
SSL_set_verify_result(ssl, err);
SSL_free(ssl);
if (!TEST_int_eq(err, want)) {
if (want == X509_V_OK)
TEST_info("Verification failure in test %d: %d=%s",
testno, err, X509_verify_cert_error_string(err));
else
TEST_info("Unexpected error in test %d", testno);
ret = 0;
continue;
}
if (!TEST_false(want == 0 && ok == 0)) {
TEST_info("Verification failure in test %d: ok=0", testno);
ret = 0;
continue;
}
if (!TEST_int_eq(mdpth, want_depth)) {
TEST_info("In test test %d", testno);
ret = 0;
}
}
ERR_clear_error();
return ret;
}
static int run_tlsatest(void)
{
SSL_CTX *ctx = NULL;
BIO *f = NULL;
int ret = 0;
if (!TEST_ptr(f = BIO_new_file(tlsafile, "r"))
|| !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method()))
|| !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0)
|| !TEST_true(SSL_CTX_load_verify_locations(ctx, CAfile, NULL))
|| !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1),
0)
|| !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2),
0)
|| !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0))
goto end;
ret = 1;
end:
BIO_free(f);
SSL_CTX_free(ctx);
return ret;
}
int setup_tests(void)
{
if (!TEST_ptr(basedomain = test_get_argument(0))
|| !TEST_ptr(CAfile = test_get_argument(1))
|| !TEST_ptr(tlsafile = test_get_argument(2))) {
TEST_error("Usage error: danetest basedomain CAfile tlsafile");
return 0;
}
ADD_TEST(run_tlsatest);
return 1;
}
#include "internal/dane.h"
static void store_ctx_dane_init(X509_STORE_CTX *store_ctx, SSL *ssl)
{
X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl));
}
openssl-1.1.1/test/testrsapub.pem0000644000000000000000000000026613345734631015566 0ustar rootroot-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6diz
WW3DwaffznyHGAFwUJ/ITv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQ==
-----END PUBLIC KEY-----
openssl-1.1.1/test/pkcs7.pem0000644000000000000000000000724013345734630014417 0ustar rootroot MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
/D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
/9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
b+xSu/jH0gAAMYAAAAAAAAAAAA==
openssl-1.1.1/test/ssltest_old.c0000644000000000000000000030623513345734631015377 0ustar rootroot/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "e_os.h"
/* Or gethostname won't be declared properly on Linux and GNU platforms. */
#ifndef _BSD_SOURCE
# define _BSD_SOURCE 1
#endif
#ifndef _DEFAULT_SOURCE
# define _DEFAULT_SOURCE 1
#endif
#include <assert.h>
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "internal/nelem.h"
#ifdef OPENSSL_SYS_VMS
/*
* Or isascii won't be declared properly on VMS (at least with DECompHP C).
*/
# define _XOPEN_SOURCE 500
#endif
#include <ctype.h>
#include <openssl/bio.h>
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_RSA
# include <openssl/rsa.h>
#endif
#ifndef OPENSSL_NO_DSA
# include <openssl/dsa.h>
#endif
#ifndef OPENSSL_NO_DH
# include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_CT
# include <openssl/ct.h>
#endif
/*
* Or gethostname won't be declared properly
* on Compaq platforms (at least with DEC C).
* Do not try to put it earlier, or IPv6 includes
* get screwed...
*/
#define _XOPEN_SOURCE_EXTENDED 1
#ifdef OPENSSL_SYS_WINDOWS
# include <winsock.h>
#else
# include OPENSSL_UNISTD
#endif
static SSL_CTX *s_ctx = NULL;
static SSL_CTX *s_ctx2 = NULL;
/*
* There is really no standard for this, so let's assign something
* only for this test
*/
#define COMP_ZLIB 1
static int verify_callback(int ok, X509_STORE_CTX *ctx);
static int app_verify_callback(X509_STORE_CTX *ctx, void *arg);
#define APP_CALLBACK_STRING "Test Callback Argument"
struct app_verify_arg {
char *string;
int app_verify;
};
#ifndef OPENSSL_NO_DH
static DH *get_dh512(void);
static DH *get_dh1024(void);
static DH *get_dh1024dsa(void);
#endif
static char *psk_key = NULL; /* by default PSK is not used */
#ifndef OPENSSL_NO_PSK
static unsigned int psk_client_callback(SSL *ssl, const char *hint,
char *identity,
unsigned int max_identity_len,
unsigned char *psk,
unsigned int max_psk_len);
static unsigned int psk_server_callback(SSL *ssl, const char *identity,
unsigned char *psk,
unsigned int max_psk_len);
#endif
static BIO *bio_err = NULL;
static BIO *bio_stdout = NULL;
#ifndef OPENSSL_NO_NEXTPROTONEG
/* Note that this code assumes that this is only a one element list: */
static const char NEXT_PROTO_STRING[] = "\x09testproto";
static int npn_client = 0;
static int npn_server = 0;
static int npn_server_reject = 0;
static int cb_client_npn(SSL *s, unsigned char **out, unsigned char *outlen,
const unsigned char *in, unsigned int inlen,
void *arg)
{
/*
* This callback only returns the protocol string, rather than a length
* prefixed set. We assume that NEXT_PROTO_STRING is a one element list
* and remove the first byte to chop off the length prefix.
*/
*out = (unsigned char *)NEXT_PROTO_STRING + 1;
*outlen = sizeof(NEXT_PROTO_STRING) - 2;
return SSL_TLSEXT_ERR_OK;
}
static int cb_server_npn(SSL *s, const unsigned char **data,
unsigned int *len, void *arg)
{
*data = (const unsigned char *)NEXT_PROTO_STRING;
*len = sizeof(NEXT_PROTO_STRING) - 1;
return SSL_TLSEXT_ERR_OK;
}
static int cb_server_rejects_npn(SSL *s, const unsigned char **data,
unsigned int *len, void *arg)
{
return SSL_TLSEXT_ERR_NOACK;
}
static int verify_npn(SSL *client, SSL *server)
{
const unsigned char *client_s;
unsigned client_len;
const unsigned char *server_s;
unsigned server_len;
SSL_get0_next_proto_negotiated(client, &client_s, &client_len);
SSL_get0_next_proto_negotiated(server, &server_s, &server_len);
if (client_len) {
BIO_printf(bio_stdout, "Client NPN: ");
BIO_write(bio_stdout, client_s, client_len);
BIO_printf(bio_stdout, "\n");
}
if (server_len) {
BIO_printf(bio_stdout, "Server NPN: ");
BIO_write(bio_stdout, server_s, server_len);
BIO_printf(bio_stdout, "\n");
}
/*
* If an NPN string was returned, it must be the protocol that we
* expected to negotiate.
*/
if (client_len && (client_len != sizeof(NEXT_PROTO_STRING) - 2 ||
memcmp(client_s, NEXT_PROTO_STRING + 1, client_len)))
return -1;
if (server_len && (server_len != sizeof(NEXT_PROTO_STRING) - 2 ||
memcmp(server_s, NEXT_PROTO_STRING + 1, server_len)))
return -1;
if (!npn_client && client_len)
return -1;
if (!npn_server && server_len)
return -1;
if (npn_server_reject && server_len)
return -1;
if (npn_client && npn_server && (!client_len || !server_len))
return -1;
return 0;
}
#endif
static const char *alpn_client;
static char *alpn_server;
static char *alpn_server2;
static const char *alpn_expected;
static unsigned char *alpn_selected;
static const char *server_min_proto;
static const char *server_max_proto;
static const char *client_min_proto;
static const char *client_max_proto;
static const char *should_negotiate;
static const char *sn_client;
static const char *sn_server1;
static const char *sn_server2;
static int sn_expect = 0;
static const char *server_sess_out;
static const char *server_sess_in;
static const char *client_sess_out;
static const char *client_sess_in;
static SSL_SESSION *server_sess;
static SSL_SESSION *client_sess;
static int servername_cb(SSL *s, int *ad, void *arg)
{
const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
if (sn_server2 == NULL) {
BIO_printf(bio_stdout, "Servername 2 is NULL\n");
return SSL_TLSEXT_ERR_NOACK;
}
if (servername) {
if (s_ctx2 != NULL && sn_server2 != NULL &&
!strcasecmp(servername, sn_server2)) {
BIO_printf(bio_stdout, "Switching server context.\n");
SSL_set_SSL_CTX(s, s_ctx2);
}
}
return SSL_TLSEXT_ERR_OK;
}
static int verify_servername(SSL *client, SSL *server)
{
/* just need to see if sn_context is what we expect */
SSL_CTX* ctx = SSL_get_SSL_CTX(server);
if (sn_expect == 0)
return 0;
if (sn_expect == 1 && ctx == s_ctx)
return 0;
if (sn_expect == 2 && ctx == s_ctx2)
return 0;
BIO_printf(bio_stdout, "Servername: expected context %d\n", sn_expect);
if (ctx == s_ctx2)
BIO_printf(bio_stdout, "Servername: context is 2\n");
else if (ctx == s_ctx)
BIO_printf(bio_stdout, "Servername: context is 1\n");
else
BIO_printf(bio_stdout, "Servername: context is unknown\n");
return -1;
}
/*-
* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
* in: a NUL terminated string like "abc,def,ghi"
*
* returns: a malloced buffer or NULL on failure.
*/
static unsigned char *next_protos_parse(size_t *outlen,
const char *in)
{
size_t len;
unsigned char *out;
size_t i, start = 0;
len = strlen(in);
if (len >= 65535)
return NULL;
out = OPENSSL_malloc(strlen(in) + 1);
if (!out)
return NULL;
for (i = 0; i <= len; ++i) {
if (i == len || in[i] == ',') {
if (i - start > 255) {
OPENSSL_free(out);
return NULL;
}
out[start] = (unsigned char)(i - start);
start = i + 1;
} else
out[i + 1] = in[i];
}
*outlen = len + 1;
return out;
}
static int cb_server_alpn(SSL *s, const unsigned char **out,
unsigned char *outlen, const unsigned char *in,
unsigned int inlen, void *arg)
{
unsigned char *protos;
size_t protos_len;
char* alpn_str = arg;
protos = next_protos_parse(&protos_len, alpn_str);
if (protos == NULL) {
fprintf(stderr, "failed to parser ALPN server protocol string: %s\n",
alpn_str);
abort();
}
if (SSL_select_next_proto
((unsigned char **)out, outlen, protos, protos_len, in,
inlen) != OPENSSL_NPN_NEGOTIATED) {
OPENSSL_free(protos);
return SSL_TLSEXT_ERR_NOACK;
}
/*
* Make a copy of the selected protocol which will be freed in
* verify_alpn.
*/
alpn_selected = OPENSSL_malloc(*outlen);
memcpy(alpn_selected, *out, *outlen);
*out = alpn_selected;
OPENSSL_free(protos);
return SSL_TLSEXT_ERR_OK;
}
static int verify_alpn(SSL *client, SSL *server)
{
const unsigned char *client_proto, *server_proto;
unsigned int client_proto_len = 0, server_proto_len = 0;
SSL_get0_alpn_selected(client, &client_proto, &client_proto_len);
SSL_get0_alpn_selected(server, &server_proto, &server_proto_len);
OPENSSL_free(alpn_selected);
alpn_selected = NULL;
if (client_proto_len != server_proto_len) {
BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
goto err;
}
if (client_proto != NULL &&
memcmp(client_proto, server_proto, client_proto_len) != 0) {
BIO_printf(bio_stdout, "ALPN selected protocols differ!\n");
goto err;
}
if (client_proto_len > 0 && alpn_expected == NULL) {
BIO_printf(bio_stdout, "ALPN unexpectedly negotiated\n");
goto err;
}
if (alpn_expected != NULL &&
(client_proto_len != strlen(alpn_expected) ||
memcmp(client_proto, alpn_expected, client_proto_len) != 0)) {
BIO_printf(bio_stdout,
"ALPN selected protocols not equal to expected protocol: %s\n",
alpn_expected);
goto err;
}
return 0;
err:
BIO_printf(bio_stdout, "ALPN results: client: '");
BIO_write(bio_stdout, client_proto, client_proto_len);
BIO_printf(bio_stdout, "', server: '");
BIO_write(bio_stdout, server_proto, server_proto_len);
BIO_printf(bio_stdout, "'\n");
BIO_printf(bio_stdout, "ALPN configured: client: '%s', server: '",
alpn_client);
if (SSL_get_SSL_CTX(server) == s_ctx2) {
BIO_printf(bio_stdout, "%s'\n",
alpn_server2);
} else {
BIO_printf(bio_stdout, "%s'\n",
alpn_server);
}
return -1;
}
/*
* WARNING : below extension types are *NOT* IETF assigned, and could
* conflict if these types are reassigned and handled specially by OpenSSL
* in the future
*/
#define TACK_EXT_TYPE 62208
#define CUSTOM_EXT_TYPE_0 1000
#define CUSTOM_EXT_TYPE_1 1001
#define CUSTOM_EXT_TYPE_2 1002
#define CUSTOM_EXT_TYPE_3 1003
static const char custom_ext_cli_string[] = "abc";
static const char custom_ext_srv_string[] = "defg";
/* These set from cmdline */
static char *serverinfo_file = NULL;
static int serverinfo_sct = 0;
static int serverinfo_tack = 0;
/* These set based on extension callbacks */
static int serverinfo_sct_seen = 0;
static int serverinfo_tack_seen = 0;
static int serverinfo_other_seen = 0;
/* This set from cmdline */
static int custom_ext = 0;
/* This set based on extension callbacks */
static int custom_ext_error = 0;
static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in, size_t inlen,
int *al, void *arg)
{
if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp)
serverinfo_sct_seen++;
else if (ext_type == TACK_EXT_TYPE)
serverinfo_tack_seen++;
else
serverinfo_other_seen++;
return 1;
}
static int verify_serverinfo(void)
{
if (serverinfo_sct != serverinfo_sct_seen)
return -1;
if (serverinfo_tack != serverinfo_tack_seen)
return -1;
if (serverinfo_other_seen)
return -1;
return 0;
}
/*-
* Four test cases for custom extensions:
* 0 - no ClientHello extension or ServerHello response
* 1 - ClientHello with "abc", no response
* 2 - ClientHello with "abc", empty response
* 3 - ClientHello with "abc", "defg" response
*/
static int custom_ext_0_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_0)
custom_ext_error = 1;
return 0; /* Don't send an extension */
}
static int custom_ext_0_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
return 1;
}
static int custom_ext_1_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1;
*out = (const unsigned char *)custom_ext_cli_string;
*outlen = strlen(custom_ext_cli_string);
return 1; /* Send "abc" */
}
static int custom_ext_1_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
return 1;
}
static int custom_ext_2_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1;
*out = (const unsigned char *)custom_ext_cli_string;
*outlen = strlen(custom_ext_cli_string);
return 1; /* Send "abc" */
}
static int custom_ext_2_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1;
if (inlen != 0)
custom_ext_error = 1; /* Should be empty response */
return 1;
}
static int custom_ext_3_cli_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1;
*out = (const unsigned char *)custom_ext_cli_string;
*outlen = strlen(custom_ext_cli_string);
return 1; /* Send "abc" */
}
static int custom_ext_3_cli_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1;
if (inlen != strlen(custom_ext_srv_string))
custom_ext_error = 1;
if (memcmp(custom_ext_srv_string, in, inlen) != 0)
custom_ext_error = 1; /* Check for "defg" */
return 1;
}
/*
* custom_ext_0_cli_add_cb returns 0 - the server won't receive a callback
* for this extension
*/
static int custom_ext_0_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
custom_ext_error = 1;
return 1;
}
/* 'add' callbacks are only called if the 'parse' callback is called */
static int custom_ext_0_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
/* Error: should not have been called */
custom_ext_error = 1;
return 0; /* Don't send an extension */
}
static int custom_ext_1_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_1)
custom_ext_error = 1;
/* Check for "abc" */
if (inlen != strlen(custom_ext_cli_string))
custom_ext_error = 1;
if (memcmp(in, custom_ext_cli_string, inlen) != 0)
custom_ext_error = 1;
return 1;
}
static int custom_ext_1_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
return 0; /* Don't send an extension */
}
static int custom_ext_2_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_2)
custom_ext_error = 1;
/* Check for "abc" */
if (inlen != strlen(custom_ext_cli_string))
custom_ext_error = 1;
if (memcmp(in, custom_ext_cli_string, inlen) != 0)
custom_ext_error = 1;
return 1;
}
static int custom_ext_2_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
*out = NULL;
*outlen = 0;
return 1; /* Send empty extension */
}
static int custom_ext_3_srv_parse_cb(SSL *s, unsigned int ext_type,
const unsigned char *in,
size_t inlen, int *al, void *arg)
{
if (ext_type != CUSTOM_EXT_TYPE_3)
custom_ext_error = 1;
/* Check for "abc" */
if (inlen != strlen(custom_ext_cli_string))
custom_ext_error = 1;
if (memcmp(in, custom_ext_cli_string, inlen) != 0)
custom_ext_error = 1;
return 1;
}
static int custom_ext_3_srv_add_cb(SSL *s, unsigned int ext_type,
const unsigned char **out,
size_t *outlen, int *al, void *arg)
{
*out = (const unsigned char *)custom_ext_srv_string;
*outlen = strlen(custom_ext_srv_string);
return 1; /* Send "defg" */
}
static char *cipher = NULL;
static char *ciphersuites = NULL;
static int verbose = 0;
static int debug = 0;
int doit_localhost(SSL *s_ssl, SSL *c_ssl, int family,
long bytes, clock_t *s_time, clock_t *c_time);
int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
clock_t *c_time);
int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
static void sv_usage(void)
{
fprintf(stderr, "usage: ssltest [args ...]\n");
fprintf(stderr, "\n");
fprintf(stderr, " -server_auth - check server certificate\n");
fprintf(stderr, " -client_auth - do client authentication\n");
fprintf(stderr, " -v - more output\n");
fprintf(stderr, " -d - debug output\n");
fprintf(stderr, " -reuse - use session-id reuse\n");
fprintf(stderr, " -num <val> - number of connections to perform\n");
fprintf(stderr,
" -bytes <val> - number of bytes to swap between client/server\n");
#ifndef OPENSSL_NO_DH
fprintf(stderr,
" -dhe512 - use 512 bit key for DHE (to test failure)\n");
fprintf(stderr,
" -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n");
fprintf(stderr,
" -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
#endif
#ifndef OPENSSL_NO_EC
fprintf(stderr, " -no_ecdhe - disable ECDHE\nTODO(openssl-team): no_ecdhe was broken by auto ecdh. Make this work again.\n");
#endif
#ifndef OPENSSL_NO_PSK
fprintf(stderr, " -psk arg - PSK in hex (without 0x)\n");
#endif
#ifndef OPENSSL_NO_SSL3
fprintf(stderr, " -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
fprintf(stderr, " -tls1 - use TLSv1\n");
#endif
#ifndef OPENSSL_NO_DTLS
fprintf(stderr, " -dtls - use DTLS\n");
#ifndef OPENSSL_NO_DTLS1
fprintf(stderr, " -dtls1 - use DTLSv1\n");
#endif
#ifndef OPENSSL_NO_DTLS1_2
fprintf(stderr, " -dtls12 - use DTLSv1.2\n");
#endif
#endif
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
fprintf(stderr, " -cert arg - Server certificate file\n");
fprintf(stderr,
" -key arg - Server key file (default: same as -cert)\n");
fprintf(stderr, " -c_cert arg - Client certificate file\n");
fprintf(stderr,
" -c_key arg - Client key file (default: same as -c_cert)\n");
fprintf(stderr, " -cipher arg - The TLSv1.2 and below cipher list\n");
fprintf(stderr, " -ciphersuites arg - The TLSv1.3 ciphersuites\n");
fprintf(stderr, " -bio_pair - Use BIO pairs\n");
fprintf(stderr, " -ipv4 - Use IPv4 connection on localhost\n");
fprintf(stderr, " -ipv6 - Use IPv6 connection on localhost\n");
fprintf(stderr, " -f - Test even cases that can't work\n");
fprintf(stderr,
" -time - measure processor time used by client and server\n");
fprintf(stderr, " -zlib - use zlib compression\n");
#ifndef OPENSSL_NO_NEXTPROTONEG
fprintf(stderr, " -npn_client - have client side offer NPN\n");
fprintf(stderr, " -npn_server - have server side offer NPN\n");
fprintf(stderr, " -npn_server_reject - have server reject NPN\n");
#endif
fprintf(stderr, " -serverinfo_file file - have server use this file\n");
fprintf(stderr, " -serverinfo_sct - have client offer and expect SCT\n");
fprintf(stderr,
" -serverinfo_tack - have client offer and expect TACK\n");
fprintf(stderr,
" -custom_ext - try various custom extension callbacks\n");
fprintf(stderr, " -alpn_client <string> - have client side offer ALPN\n");
fprintf(stderr, " -alpn_server <string> - have server side offer ALPN\n");
fprintf(stderr, " -alpn_server1 <string> - alias for -alpn_server\n");
fprintf(stderr, " -alpn_server2 <string> - have server side context 2 offer ALPN\n");
fprintf(stderr,
" -alpn_expected <string> - the ALPN protocol that should be negotiated\n");
fprintf(stderr, " -server_min_proto <string> - Minimum version the server should support\n");
fprintf(stderr, " -server_max_proto <string> - Maximum version the server should support\n");
fprintf(stderr, " -client_min_proto <string> - Minimum version the client should support\n");
fprintf(stderr, " -client_max_proto <string> - Maximum version the client should support\n");
fprintf(stderr, " -should_negotiate <string> - The version that should be negotiated, fail-client or fail-server\n");
#ifndef OPENSSL_NO_CT
fprintf(stderr, " -noct - no certificate transparency\n");
fprintf(stderr, " -requestct - request certificate transparency\n");
fprintf(stderr, " -requirect - require certificate transparency\n");
#endif
fprintf(stderr, " -sn_client <string> - have client request this servername\n");
fprintf(stderr, " -sn_server1 <string> - have server context 1 respond to this servername\n");
fprintf(stderr, " -sn_server2 <string> - have server context 2 respond to this servername\n");
fprintf(stderr, " -sn_expect1 - expected server 1\n");
fprintf(stderr, " -sn_expect2 - expected server 2\n");
fprintf(stderr, " -server_sess_out <file> - Save the server session to a file\n");
fprintf(stderr, " -server_sess_in <file> - Read the server session from a file\n");
fprintf(stderr, " -client_sess_out <file> - Save the client session to a file\n");
fprintf(stderr, " -client_sess_in <file> - Read the client session from a file\n");
fprintf(stderr, " -should_reuse <number> - The expected state of reusing the session\n");
fprintf(stderr, " -no_ticket - do not issue TLS session ticket\n");
}
static void print_key_details(BIO *out, EVP_PKEY *key)
{
int keyid = EVP_PKEY_id(key);
#ifndef OPENSSL_NO_EC
if (keyid == EVP_PKEY_EC) {
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
int nid;
const char *cname;
nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
EC_KEY_free(ec);
cname = EC_curve_nid2nist(nid);
if (!cname)
cname = OBJ_nid2sn(nid);
BIO_printf(out, "%d bits EC (%s)", EVP_PKEY_bits(key), cname);
} else
#endif
{
const char *algname;
switch (keyid) {
case EVP_PKEY_RSA:
algname = "RSA";
break;
case EVP_PKEY_DSA:
algname = "DSA";
break;
case EVP_PKEY_DH:
algname = "DH";
break;
default:
algname = OBJ_nid2sn(keyid);
break;
}
BIO_printf(out, "%d bits %s", EVP_PKEY_bits(key), algname);
}
}
static void print_details(SSL *c_ssl, const char *prefix)
{
const SSL_CIPHER *ciph;
int mdnid;
X509 *cert;
EVP_PKEY *pkey;
ciph = SSL_get_current_cipher(c_ssl);
BIO_printf(bio_stdout, "%s%s, cipher %s %s",
prefix,
SSL_get_version(c_ssl),
SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
cert = SSL_get_peer_certificate(c_ssl);
if (cert != NULL) {
EVP_PKEY* pubkey = X509_get0_pubkey(cert);
if (pubkey != NULL) {
BIO_puts(bio_stdout, ", ");
print_key_details(bio_stdout, pubkey);
}
X509_free(cert);
}
if (SSL_get_server_tmp_key(c_ssl, &pkey)) {
BIO_puts(bio_stdout, ", temp key: ");
print_key_details(bio_stdout, pkey);
EVP_PKEY_free(pkey);
}
if (SSL_get_peer_signature_nid(c_ssl, &mdnid))
BIO_printf(bio_stdout, ", digest=%s", OBJ_nid2sn(mdnid));
BIO_printf(bio_stdout, "\n");
}
/*
* protocol_from_string - converts a protocol version string to a number
*
* Returns -1 on failure or the version on success
*/
static int protocol_from_string(const char *value)
{
struct protocol_versions {
const char *name;
int version;
};
static const struct protocol_versions versions[] = {
{"ssl3", SSL3_VERSION},
{"tls1", TLS1_VERSION},
{"tls1.1", TLS1_1_VERSION},
{"tls1.2", TLS1_2_VERSION},
{"tls1.3", TLS1_3_VERSION},
{"dtls1", DTLS1_VERSION},
{"dtls1.2", DTLS1_2_VERSION}};
size_t i;
size_t n = OSSL_NELEM(versions);
for (i = 0; i < n; i++)
if (strcmp(versions[i].name, value) == 0)
return versions[i].version;
return -1;
}
static SSL_SESSION *read_session(const char *filename)
{
SSL_SESSION *sess;
BIO *f = BIO_new_file(filename, "r");
if (f == NULL) {
BIO_printf(bio_err, "Can't open session file %s\n", filename);
ERR_print_errors(bio_err);
return NULL;
}
sess = PEM_read_bio_SSL_SESSION(f, NULL, 0, NULL);
if (sess == NULL) {
BIO_printf(bio_err, "Can't parse session file %s\n", filename);
ERR_print_errors(bio_err);
}
BIO_free(f);
return sess;
}
static int write_session(const char *filename, SSL_SESSION *sess)
{
BIO *f = BIO_new_file(filename, "w");
if (sess == NULL) {
BIO_printf(bio_err, "No session information\n");
return 0;
}
if (f == NULL) {
BIO_printf(bio_err, "Can't open session file %s\n", filename);
ERR_print_errors(bio_err);
return 0;
}
PEM_write_bio_SSL_SESSION(f, sess);
BIO_free(f);
return 1;
}
/*
* set_protocol_version - Sets protocol version minimum or maximum
*
* Returns 0 on failure and 1 on success
*/
static int set_protocol_version(const char *version, SSL *ssl, int setting)
{
if (version != NULL) {
int ver = protocol_from_string(version);
if (ver < 0) {
BIO_printf(bio_err, "Error parsing: %s\n", version);
return 0;
}
return SSL_ctrl(ssl, setting, ver, NULL);
}
return 1;
}
int main(int argc, char *argv[])
{
const char *CApath = NULL, *CAfile = NULL;
int badop = 0;
enum { BIO_MEM, BIO_PAIR, BIO_IPV4, BIO_IPV6 } bio_type = BIO_MEM;
int force = 0;
int dtls1 = 0, dtls12 = 0, dtls = 0, tls1 = 0, tls1_2 = 0, ssl3 = 0;
int ret = EXIT_FAILURE;
int client_auth = 0;
int server_auth = 0, i;
struct app_verify_arg app_verify_arg =
{ APP_CALLBACK_STRING, 0 };
char *p;
SSL_CTX *c_ctx = NULL;
const SSL_METHOD *meth = NULL;
SSL *c_ssl, *s_ssl;
int number = 1, reuse = 0;
int should_reuse = -1;
int no_ticket = 0;
long bytes = 256L;
#ifndef OPENSSL_NO_DH
DH *dh;
int dhe512 = 0, dhe1024dsa = 0;
#endif
int no_dhe = 0;
int no_psk = 0;
int print_time = 0;
clock_t s_time = 0, c_time = 0;
#ifndef OPENSSL_NO_COMP
int n, comp = 0;
COMP_METHOD *cm = NULL;
STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
#endif
int no_protocol;
int min_version = 0, max_version = 0;
#ifndef OPENSSL_NO_CT
/*
* Disable CT validation by default, because it will interfere with
* anything using custom extension handlers to deal with SCT extensions.
*/
int ct_validation = 0;
#endif
SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
STACK_OF(OPENSSL_STRING) *conf_args = NULL;
char *arg = NULL, *argn = NULL;
verbose = 0;
debug = 0;
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
p = getenv("OPENSSL_DEBUG_MEMORY");
if (p != NULL && strcmp(p, "on") == 0)
CRYPTO_set_mem_debug(1);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
s_cctx = SSL_CONF_CTX_new();
s_cctx2 = SSL_CONF_CTX_new();
c_cctx = SSL_CONF_CTX_new();
if (!s_cctx || !c_cctx || !s_cctx2) {
ERR_print_errors(bio_err);
goto end;
}
SSL_CONF_CTX_set_flags(s_cctx,
SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
SSL_CONF_FLAG_CERTIFICATE |
SSL_CONF_FLAG_REQUIRE_PRIVATE);
SSL_CONF_CTX_set_flags(s_cctx2,
SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_SERVER |
SSL_CONF_FLAG_CERTIFICATE |
SSL_CONF_FLAG_REQUIRE_PRIVATE);
if (!SSL_CONF_CTX_set1_prefix(s_cctx, "-s_")) {
ERR_print_errors(bio_err);
goto end;
}
if (!SSL_CONF_CTX_set1_prefix(s_cctx2, "-s_")) {
ERR_print_errors(bio_err);
goto end;
}
SSL_CONF_CTX_set_flags(c_cctx,
SSL_CONF_FLAG_CMDLINE | SSL_CONF_FLAG_CLIENT |
SSL_CONF_FLAG_CERTIFICATE |
SSL_CONF_FLAG_REQUIRE_PRIVATE);
if (!SSL_CONF_CTX_set1_prefix(c_cctx, "-c_")) {
ERR_print_errors(bio_err);
goto end;
}
argc--;
argv++;
while (argc >= 1) {
if (strcmp(*argv, "-F") == 0) {
fprintf(stderr,
"not compiled with FIPS support, so exiting without running.\n");
EXIT(0);
} else if (strcmp(*argv, "-server_auth") == 0)
server_auth = 1;
else if (strcmp(*argv, "-client_auth") == 0)
client_auth = 1;
else if (strcmp(*argv, "-v") == 0)
verbose = 1;
else if (strcmp(*argv, "-d") == 0)
debug = 1;
else if (strcmp(*argv, "-reuse") == 0)
reuse = 1;
else if (strcmp(*argv, "-dhe512") == 0) {
#ifndef OPENSSL_NO_DH
dhe512 = 1;
#else
fprintf(stderr,
"ignoring -dhe512, since I'm compiled without DH\n");
#endif
} else if (strcmp(*argv, "-dhe1024dsa") == 0) {
#ifndef OPENSSL_NO_DH
dhe1024dsa = 1;
#else
fprintf(stderr,
"ignoring -dhe1024dsa, since I'm compiled without DH\n");
#endif
} else if (strcmp(*argv, "-no_dhe") == 0)
no_dhe = 1;
else if (strcmp(*argv, "-no_ecdhe") == 0)
/* obsolete */;
else if (strcmp(*argv, "-psk") == 0) {
if (--argc < 1)
goto bad;
psk_key = *(++argv);
#ifndef OPENSSL_NO_PSK
if (strspn(psk_key, "abcdefABCDEF1234567890") != strlen(psk_key)) {
BIO_printf(bio_err, "Not a hex number '%s'\n", *argv);
goto bad;
}
#else
no_psk = 1;
#endif
}
else if (strcmp(*argv, "-tls1_2") == 0) {
tls1_2 = 1;
} else if (strcmp(*argv, "-tls1") == 0) {
tls1 = 1;
} else if (strcmp(*argv, "-ssl3") == 0) {
ssl3 = 1;
} else if (strcmp(*argv, "-dtls1") == 0) {
dtls1 = 1;
} else if (strcmp(*argv, "-dtls12") == 0) {
dtls12 = 1;
} else if (strcmp(*argv, "-dtls") == 0) {
dtls = 1;
} else if (strncmp(*argv, "-num", 4) == 0) {
if (--argc < 1)
goto bad;
number = atoi(*(++argv));
if (number == 0)
number = 1;
} else if (strcmp(*argv, "-bytes") == 0) {
if (--argc < 1)
goto bad;
bytes = atol(*(++argv));
if (bytes == 0L)
bytes = 1L;
i = strlen(argv[0]);
if (argv[0][i - 1] == 'k')
bytes *= 1024L;
if (argv[0][i - 1] == 'm')
bytes *= 1024L * 1024L;
} else if (strcmp(*argv, "-cipher") == 0) {
if (--argc < 1)
goto bad;
cipher = *(++argv);
} else if (strcmp(*argv, "-ciphersuites") == 0) {
if (--argc < 1)
goto bad;
ciphersuites = *(++argv);
} else if (strcmp(*argv, "-CApath") == 0) {
if (--argc < 1)
goto bad;
CApath = *(++argv);
} else if (strcmp(*argv, "-CAfile") == 0) {
if (--argc < 1)
goto bad;
CAfile = *(++argv);
} else if (strcmp(*argv, "-bio_pair") == 0) {
bio_type = BIO_PAIR;
}
#ifndef OPENSSL_NO_SOCK
else if (strcmp(*argv, "-ipv4") == 0) {
bio_type = BIO_IPV4;
} else if (strcmp(*argv, "-ipv6") == 0) {
bio_type = BIO_IPV6;
}
#endif
else if (strcmp(*argv, "-f") == 0) {
force = 1;
} else if (strcmp(*argv, "-time") == 0) {
print_time = 1;
}
#ifndef OPENSSL_NO_CT
else if (strcmp(*argv, "-noct") == 0) {
ct_validation = 0;
}
else if (strcmp(*argv, "-ct") == 0) {
ct_validation = 1;
}
#endif
#ifndef OPENSSL_NO_COMP
else if (strcmp(*argv, "-zlib") == 0) {
comp = COMP_ZLIB;
}
#endif
else if (strcmp(*argv, "-app_verify") == 0) {
app_verify_arg.app_verify = 1;
}
#ifndef OPENSSL_NO_NEXTPROTONEG
else if (strcmp(*argv, "-npn_client") == 0) {
npn_client = 1;
} else if (strcmp(*argv, "-npn_server") == 0) {
npn_server = 1;
} else if (strcmp(*argv, "-npn_server_reject") == 0) {
npn_server_reject = 1;
}
#endif
else if (strcmp(*argv, "-serverinfo_sct") == 0) {
serverinfo_sct = 1;
} else if (strcmp(*argv, "-serverinfo_tack") == 0) {
serverinfo_tack = 1;
} else if (strcmp(*argv, "-serverinfo_file") == 0) {
if (--argc < 1)
goto bad;
serverinfo_file = *(++argv);
} else if (strcmp(*argv, "-custom_ext") == 0) {
custom_ext = 1;
} else if (strcmp(*argv, "-alpn_client") == 0) {
if (--argc < 1)
goto bad;
alpn_client = *(++argv);
} else if (strcmp(*argv, "-alpn_server") == 0 ||
strcmp(*argv, "-alpn_server1") == 0) {
if (--argc < 1)
goto bad;
alpn_server = *(++argv);
} else if (strcmp(*argv, "-alpn_server2") == 0) {
if (--argc < 1)
goto bad;
alpn_server2 = *(++argv);
} else if (strcmp(*argv, "-alpn_expected") == 0) {
if (--argc < 1)
goto bad;
alpn_expected = *(++argv);
} else if (strcmp(*argv, "-server_min_proto") == 0) {
if (--argc < 1)
goto bad;
server_min_proto = *(++argv);
} else if (strcmp(*argv, "-server_max_proto") == 0) {
if (--argc < 1)
goto bad;
server_max_proto = *(++argv);
} else if (strcmp(*argv, "-client_min_proto") == 0) {
if (--argc < 1)
goto bad;
client_min_proto = *(++argv);
} else if (strcmp(*argv, "-client_max_proto") == 0) {
if (--argc < 1)
goto bad;
client_max_proto = *(++argv);
} else if (strcmp(*argv, "-should_negotiate") == 0) {
if (--argc < 1)
goto bad;
should_negotiate = *(++argv);
} else if (strcmp(*argv, "-sn_client") == 0) {
if (--argc < 1)
goto bad;
sn_client = *(++argv);
} else if (strcmp(*argv, "-sn_server1") == 0) {
if (--argc < 1)
goto bad;
sn_server1 = *(++argv);
} else if (strcmp(*argv, "-sn_server2") == 0) {
if (--argc < 1)
goto bad;
sn_server2 = *(++argv);
} else if (strcmp(*argv, "-sn_expect1") == 0) {
sn_expect = 1;
} else if (strcmp(*argv, "-sn_expect2") == 0) {
sn_expect = 2;
} else if (strcmp(*argv, "-server_sess_out") == 0) {
if (--argc < 1)
goto bad;
server_sess_out = *(++argv);
} else if (strcmp(*argv, "-server_sess_in") == 0) {
if (--argc < 1)
goto bad;
server_sess_in = *(++argv);
} else if (strcmp(*argv, "-client_sess_out") == 0) {
if (--argc < 1)
goto bad;
client_sess_out = *(++argv);
} else if (strcmp(*argv, "-client_sess_in") == 0) {
if (--argc < 1)
goto bad;
client_sess_in = *(++argv);
} else if (strcmp(*argv, "-should_reuse") == 0) {
if (--argc < 1)
goto bad;
should_reuse = !!atoi(*(++argv));
} else if (strcmp(*argv, "-no_ticket") == 0) {
no_ticket = 1;
} else {
int rv;
arg = argv[0];
argn = argv[1];
/* Try to process command using SSL_CONF */
rv = SSL_CONF_cmd_argv(c_cctx, &argc, &argv);
/* If not processed try server */
if (rv == 0)
rv = SSL_CONF_cmd_argv(s_cctx, &argc, &argv);
/* Recognised: store it for later use */
if (rv > 0) {
if (rv == 1)
argn = NULL;
if (!conf_args) {
conf_args = sk_OPENSSL_STRING_new_null();
if (!conf_args)
goto end;
}
if (!sk_OPENSSL_STRING_push(conf_args, arg))
goto end;
if (!sk_OPENSSL_STRING_push(conf_args, argn))
goto end;
continue;
}
if (rv == -3)
BIO_printf(bio_err, "Missing argument for %s\n", arg);
else if (rv < 0)
BIO_printf(bio_err, "Error with command %s\n", arg);
else if (rv == 0)
BIO_printf(bio_err, "unknown option %s\n", arg);
badop = 1;
break;
}
argc--;
argv++;
}
if (badop) {
bad:
sv_usage();
goto end;
}
if (ssl3 + tls1 + tls1_2 + dtls + dtls1 + dtls12 > 1) {
fprintf(stderr, "At most one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1 or -dtls12 should "
"be requested.\n");
EXIT(1);
}
#ifdef OPENSSL_NO_SSL3
if (ssl3)
no_protocol = 1;
else
#endif
#ifdef OPENSSL_NO_TLS1
if (tls1)
no_protocol = 1;
else
#endif
#ifdef OPENSSL_NO_TLS1_2
if (tls1_2)
no_protocol = 1;
else
#endif
#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1)
if (dtls1)
no_protocol = 1;
else
#endif
#if defined(OPENSSL_NO_DTLS) || defined(OPENSSL_NO_DTLS1_2)
if (dtls12)
no_protocol = 1;
else
#endif
no_protocol = 0;
/*
* Testing was requested for a compiled-out protocol (e.g. SSLv3).
* Ideally, we would error out, but the generic test wrapper can't know
* when to expect failure. So we do nothing and return success.
*/
if (no_protocol) {
fprintf(stderr, "Testing was requested for a disabled protocol. "
"Skipping tests.\n");
ret = EXIT_SUCCESS;
goto end;
}
if (!ssl3 && !tls1 && !tls1_2 && !dtls && !dtls1 && !dtls12 && number > 1
&& !reuse && !force) {
fprintf(stderr, "This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
"or add one of -ssl3, -tls1, -tls1_2, -dtls, -dtls1, -dtls12, -reuse\n"
"to avoid protocol mismatch.\n");
EXIT(1);
}
if (print_time) {
if (bio_type != BIO_PAIR) {
fprintf(stderr, "Using BIO pair (-bio_pair)\n");
bio_type = BIO_PAIR;
}
if (number < 50 && !force)
fprintf(stderr,
"Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
}
#ifndef OPENSSL_NO_COMP
if (comp == COMP_ZLIB)
cm = COMP_zlib();
if (cm != NULL) {
if (COMP_get_type(cm) != NID_undef) {
if (SSL_COMP_add_compression_method(comp, cm) != 0) {
fprintf(stderr, "Failed to add compression method\n");
ERR_print_errors_fp(stderr);
}
} else {
fprintf(stderr,
"Warning: %s compression not supported\n",
comp == COMP_ZLIB ? "zlib" : "unknown");
ERR_print_errors_fp(stderr);
}
}
ssl_comp_methods = SSL_COMP_get_compression_methods();
n = sk_SSL_COMP_num(ssl_comp_methods);
if (n) {
int j;
printf("Available compression methods:");
for (j = 0; j < n; j++) {
SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
printf(" %s:%d", SSL_COMP_get0_name(c), SSL_COMP_get_id(c));
}
printf("\n");
}
#endif
#ifndef OPENSSL_NO_TLS
meth = TLS_method();
if (ssl3) {
min_version = SSL3_VERSION;
max_version = SSL3_VERSION;
} else if (tls1) {
min_version = TLS1_VERSION;
max_version = TLS1_VERSION;
} else if (tls1_2) {
min_version = TLS1_2_VERSION;
max_version = TLS1_2_VERSION;
} else {
min_version = SSL3_VERSION;
max_version = TLS_MAX_VERSION;
}
#endif
#ifndef OPENSSL_NO_DTLS
if (dtls || dtls1 || dtls12) {
meth = DTLS_method();
if (dtls1) {
min_version = DTLS1_VERSION;
max_version = DTLS1_VERSION;
} else if (dtls12) {
min_version = DTLS1_2_VERSION;
max_version = DTLS1_2_VERSION;
} else {
min_version = DTLS_MIN_VERSION;
max_version = DTLS_MAX_VERSION;
}
}
#endif
c_ctx = SSL_CTX_new(meth);
s_ctx = SSL_CTX_new(meth);
s_ctx2 = SSL_CTX_new(meth); /* no SSL_CTX_dup! */
if ((c_ctx == NULL) || (s_ctx == NULL) || (s_ctx2 == NULL)) {
ERR_print_errors(bio_err);
goto end;
}
/*
* Since we will use low security ciphersuites and keys for testing set
* security level to zero by default. Tests can override this by adding
* "@SECLEVEL=n" to the cipher string.
*/
SSL_CTX_set_security_level(c_ctx, 0);
SSL_CTX_set_security_level(s_ctx, 0);
SSL_CTX_set_security_level(s_ctx2, 0);
if (no_ticket) {
SSL_CTX_set_options(c_ctx, SSL_OP_NO_TICKET);
SSL_CTX_set_options(s_ctx, SSL_OP_NO_TICKET);
}
if (SSL_CTX_set_min_proto_version(c_ctx, min_version) == 0)
goto end;
if (SSL_CTX_set_max_proto_version(c_ctx, max_version) == 0)
goto end;
if (SSL_CTX_set_min_proto_version(s_ctx, min_version) == 0)
goto end;
if (SSL_CTX_set_max_proto_version(s_ctx, max_version) == 0)
goto end;
if (cipher != NULL) {
if (!SSL_CTX_set_cipher_list(c_ctx, cipher)
|| !SSL_CTX_set_cipher_list(s_ctx, cipher)
|| !SSL_CTX_set_cipher_list(s_ctx2, cipher)) {
ERR_print_errors(bio_err);
goto end;
}
}
if (ciphersuites != NULL) {
if (!SSL_CTX_set_ciphersuites(c_ctx, ciphersuites)
|| !SSL_CTX_set_ciphersuites(s_ctx, ciphersuites)
|| !SSL_CTX_set_ciphersuites(s_ctx2, ciphersuites)) {
ERR_print_errors(bio_err);
goto end;
}
}
#ifndef OPENSSL_NO_CT
if (ct_validation &&
!SSL_CTX_enable_ct(c_ctx, SSL_CT_VALIDATION_STRICT)) {
ERR_print_errors(bio_err);
goto end;
}
#endif
/* Process SSL_CONF arguments */
SSL_CONF_CTX_set_ssl_ctx(c_cctx, c_ctx);
SSL_CONF_CTX_set_ssl_ctx(s_cctx, s_ctx);
SSL_CONF_CTX_set_ssl_ctx(s_cctx2, s_ctx2);
for (i = 0; i < sk_OPENSSL_STRING_num(conf_args); i += 2) {
int rv;
arg = sk_OPENSSL_STRING_value(conf_args, i);
argn = sk_OPENSSL_STRING_value(conf_args, i + 1);
rv = SSL_CONF_cmd(c_cctx, arg, argn);
/* If not recognised use server context */
if (rv == -2) {
rv = SSL_CONF_cmd(s_cctx2, arg, argn);
if (rv > 0)
rv = SSL_CONF_cmd(s_cctx, arg, argn);
}
if (rv <= 0) {
BIO_printf(bio_err, "Error processing %s %s\n",
arg, argn ? argn : "");
ERR_print_errors(bio_err);
goto end;
}
}
if (!SSL_CONF_CTX_finish(s_cctx) || !SSL_CONF_CTX_finish(c_cctx) || !SSL_CONF_CTX_finish(s_cctx2)) {
BIO_puts(bio_err, "Error finishing context\n");
ERR_print_errors(bio_err);
goto end;
}
#ifndef OPENSSL_NO_DH
if (!no_dhe) {
if (dhe1024dsa) {
dh = get_dh1024dsa();
} else if (dhe512)
dh = get_dh512();
else
dh = get_dh1024();
SSL_CTX_set_tmp_dh(s_ctx, dh);
SSL_CTX_set_tmp_dh(s_ctx2, dh);
DH_free(dh);
}
#else
(void)no_dhe;
#endif
if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
(!SSL_CTX_load_verify_locations(s_ctx2, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(s_ctx2)) ||
(!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(c_ctx))) {
ERR_print_errors(bio_err);
}
#ifndef OPENSSL_NO_CT
if (!SSL_CTX_set_default_ctlog_list_file(s_ctx) ||
!SSL_CTX_set_default_ctlog_list_file(s_ctx2) ||
!SSL_CTX_set_default_ctlog_list_file(c_ctx)) {
ERR_print_errors(bio_err);
}
#endif
if (client_auth) {
printf("client authentication\n");
SSL_CTX_set_verify(s_ctx,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_verify(s_ctx2,
SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
&app_verify_arg);
SSL_CTX_set_cert_verify_callback(s_ctx2, app_verify_callback,
&app_verify_arg);
}
if (server_auth) {
printf("server authentication\n");
SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
&app_verify_arg);
}
{
int session_id_context = 0;
if (!SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
sizeof(session_id_context)) ||
!SSL_CTX_set_session_id_context(s_ctx2, (void *)&session_id_context,
sizeof(session_id_context))) {
ERR_print_errors(bio_err);
goto end;
}
}
/* Use PSK only if PSK key is given */
if (psk_key != NULL) {
/*
* no_psk is used to avoid putting psk command to openssl tool
*/
if (no_psk) {
/*
* if PSK is not compiled in and psk key is given, do nothing and
* exit successfully
*/
ret = EXIT_SUCCESS;
goto end;
}
#ifndef OPENSSL_NO_PSK
SSL_CTX_set_psk_client_callback(c_ctx, psk_client_callback);
SSL_CTX_set_psk_server_callback(s_ctx, psk_server_callback);
SSL_CTX_set_psk_server_callback(s_ctx2, psk_server_callback);
if (debug)
BIO_printf(bio_err, "setting PSK identity hint to s_ctx\n");
if (!SSL_CTX_use_psk_identity_hint(s_ctx, "ctx server identity_hint") ||
!SSL_CTX_use_psk_identity_hint(s_ctx2, "ctx server identity_hint")) {
BIO_printf(bio_err, "error setting PSK identity hint to s_ctx\n");
ERR_print_errors(bio_err);
goto end;
}
#endif
}
#ifndef OPENSSL_NO_NEXTPROTONEG
if (npn_client) {
SSL_CTX_set_next_proto_select_cb(c_ctx, cb_client_npn, NULL);
}
if (npn_server) {
if (npn_server_reject) {
BIO_printf(bio_err,
"Can't have both -npn_server and -npn_server_reject\n");
goto end;
}
SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_npn, NULL);
SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_npn, NULL);
}
if (npn_server_reject) {
SSL_CTX_set_npn_advertised_cb(s_ctx, cb_server_rejects_npn, NULL);
SSL_CTX_set_npn_advertised_cb(s_ctx2, cb_server_rejects_npn, NULL);
}
#endif
if (serverinfo_sct) {
if (!SSL_CTX_add_client_custom_ext(c_ctx,
TLSEXT_TYPE_signed_certificate_timestamp,
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL)) {
BIO_printf(bio_err, "Error adding SCT extension\n");
goto end;
}
}
if (serverinfo_tack) {
if (!SSL_CTX_add_client_custom_ext(c_ctx, TACK_EXT_TYPE,
NULL, NULL, NULL,
serverinfo_cli_parse_cb, NULL)) {
BIO_printf(bio_err, "Error adding TACK extension\n");
goto end;
}
}
if (serverinfo_file)
if (!SSL_CTX_use_serverinfo_file(s_ctx, serverinfo_file) ||
!SSL_CTX_use_serverinfo_file(s_ctx2, serverinfo_file)) {
BIO_printf(bio_err, "missing serverinfo file\n");
goto end;
}
if (custom_ext) {
if (!SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_cli_add_cb,
NULL, NULL,
custom_ext_0_cli_parse_cb, NULL)
|| !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_cli_add_cb,
NULL, NULL,
custom_ext_1_cli_parse_cb, NULL)
|| !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_cli_add_cb,
NULL, NULL,
custom_ext_2_cli_parse_cb, NULL)
|| !SSL_CTX_add_client_custom_ext(c_ctx, CUSTOM_EXT_TYPE_3,
custom_ext_3_cli_add_cb,
NULL, NULL,
custom_ext_3_cli_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
custom_ext_0_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_0,
custom_ext_0_srv_add_cb,
NULL, NULL,
custom_ext_0_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
custom_ext_1_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_1,
custom_ext_1_srv_add_cb,
NULL, NULL,
custom_ext_1_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx, CUSTOM_EXT_TYPE_2,
custom_ext_2_srv_add_cb,
NULL, NULL,
custom_ext_2_srv_parse_cb, NULL)
|| !SSL_CTX_add_server_custom_ext(s_ctx2, CUSTOM_EXT_TYPE_2,
cu
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment