sync
This commit is contained in:
parent
f1b2576417
commit
2a351e0cdc
347 changed files with 9596 additions and 5486 deletions
27
regress/gnu/usr.bin/perl/Makefile
Normal file
27
regress/gnu/usr.bin/perl/Makefile
Normal file
|
@ -0,0 +1,27 @@
|
|||
# $OpenBSD: Makefile,v 1.3 2023/07/05 21:38:22 bluhm Exp $
|
||||
|
||||
.if ! (make(clean) || make(cleandir) || make(obj))
|
||||
NCPU != /sbin/sysctl -n hw.ncpuonline
|
||||
.endif
|
||||
|
||||
REGRESS_SETUP_ONCE += build
|
||||
build:
|
||||
# Makefile and Perl tree must exist in obj directory for testing.
|
||||
${MAKE} -C ${BSDSRCDIR}/gnu/usr.bin/perl -f Makefile.bsd-wrapper obj
|
||||
${MAKE} -C ${BSDSRCDIR}/gnu/usr.bin/perl -f Makefile.bsd-wrapper -j ${NCPU} all
|
||||
|
||||
REGRESS_SETUP += permissions
|
||||
permissions:
|
||||
# The permissions in CVS tree are not as in the Perl distribution.
|
||||
# Match expectations of t/porting/exec-bit.t and
|
||||
# cpan/Test-Harness/t/source_tests/source.sh
|
||||
awk '{print $$1}' ${BSDSRCDIR}/gnu/usr.bin/perl/MANIFEST |\
|
||||
( cd ${BSDOBJDIR}/gnu/usr.bin/perl/ && xargs chmod -x )
|
||||
grep -v '^#' ${BSDSRCDIR}/gnu/usr.bin/perl/Porting/exec-bit.txt |\
|
||||
( cd ${BSDOBJDIR}/gnu/usr.bin/perl/ && xargs chmod +x )
|
||||
|
||||
REGRESS_TARGETS += test
|
||||
test:
|
||||
${MAKE} -C ${BSDSRCDIR}/gnu/usr.bin/perl -f Makefile.bsd-wrapper test
|
||||
|
||||
.include <bsd.regress.mk>
|
|
@ -1,6 +1,6 @@
|
|||
/* $OpenBSD: uuidtest.c,v 1.1 2021/08/31 09:57:27 jasper Exp $ */
|
||||
/* $OpenBSD: uuidtest.c,v 1.2 2023/07/03 13:51:55 jasper Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2021 Jasper Lievisse Adriaanse <jasper@openbsd.org>
|
||||
* Copyright (c) 2021, 2023 Jasper Lievisse Adriaanse <jasper@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
|
@ -26,13 +26,14 @@
|
|||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
||||
struct uuid uuid, uuid_want;
|
||||
struct uuid uuid, uuid2, uuid_want;
|
||||
char *uuid_str, *uuid_str_want;
|
||||
uint32_t status;
|
||||
int t = 1;
|
||||
unsigned char bin[16];
|
||||
int rc, t = 1;
|
||||
|
||||
/* Test invalid input to uuid_from_string() */
|
||||
printf("[%d] uuid_from_string ", t);
|
||||
printf("[%d] uuid_from_string (invalid) ", t);
|
||||
uuid_str = "6fc3134d-011d-463d-a6b4-fe1f3a5e57dX";
|
||||
uuid_from_string(uuid_str, &uuid, &status);
|
||||
if (status != uuid_s_invalid_string_uuid) {
|
||||
|
@ -44,6 +45,19 @@ main(int argc, char **argv)
|
|||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
/* Test a bad version gets recognized */
|
||||
printf("[%d] uuid_from_string (bad version) ", t);
|
||||
uuid_str = "ffffffff-ffff-ffff-ffff-ffffffffffff";
|
||||
uuid_from_string(uuid_str, &uuid, &status);
|
||||
if (status != uuid_s_bad_version) {
|
||||
printf("failed to return uuid_s_bad_version for '%s'\n",
|
||||
uuid_str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
/* Test valid input to uuid_from_string() */
|
||||
printf("[%d] uuid_from_string ", t);
|
||||
uuid_str = "f81d4fae-7dec-11d0-a765-00a0c91e6bf6";
|
||||
|
@ -65,6 +79,7 @@ main(int argc, char **argv)
|
|||
printf("failed to return uuid_s_ok for '%s', got %d\n", uuid_str, status);
|
||||
return 1;
|
||||
}
|
||||
|
||||
ASSERT_EQ(uuid.time_low, uuid_want.time_low);
|
||||
ASSERT_EQ(uuid.time_mid, uuid_want.time_mid);
|
||||
ASSERT_EQ(uuid.time_hi_and_version, uuid_want.time_hi_and_version);
|
||||
|
@ -125,5 +140,122 @@ main(int argc, char **argv)
|
|||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
/*
|
||||
* Assuming the clock of the system running the test is ahead of the one
|
||||
* where this test was written, we can test uuid_create along with
|
||||
* uuid_compare here.
|
||||
*/
|
||||
printf("[%d] uuid_create ", t);
|
||||
uuid_create(&uuid, &status);
|
||||
if (status != uuid_s_ok) {
|
||||
printf("uuid_create failed to return uuid_s_ok, got %d\n",
|
||||
status);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_compare ", t);
|
||||
/* uuid was just generated, uuid2 was generated before. */
|
||||
uuid_from_string(uuid_str, &uuid2, &status);
|
||||
rc = uuid_compare(&uuid, &uuid2, &status);
|
||||
if ((status != uuid_s_ok) || (rc != 1)) {
|
||||
printf("uuid_compare failed, expected 1 got: %d and status: %d\n",
|
||||
rc, status);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_equal ", t);
|
||||
rc = uuid_equal(&uuid, &uuid, &status);
|
||||
if ((status != uuid_s_ok) || (rc != 1)) {
|
||||
printf("uuid_compare failed, expected 1 got: %d and status: %d\n",
|
||||
rc, status);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_equal (nil) ", t);
|
||||
uuid_create_nil(&uuid, &status);
|
||||
rc = uuid_equal(&uuid, &uuid2, &status);
|
||||
if ((status != uuid_s_ok) || (rc != 1)) {
|
||||
printf("uuid_compare failed, expected 1 got: %d and status: %d\n",
|
||||
rc, status);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_hash ", t);
|
||||
uint16_t hash = uuid_hash(&uuid_want, &status);
|
||||
if ((status != uuid_s_ok) || (hash != 0x4fae)) {
|
||||
printf("uuid_hash failed, expected 0x4fae got: 0x%04x and status: %d\n",
|
||||
hash, status);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
uuid_str_want = "f81d4fae-7dec-11d0-a765-00a0c91e6bf6";
|
||||
printf("[%d] uuid_enc_le ", t);
|
||||
uuid_from_string(uuid_str_want, &uuid, &status);
|
||||
/*
|
||||
* Check two fields to ensure they're in the right order.
|
||||
* If these two are ok, it's safe to assum the rest are too.
|
||||
*/
|
||||
uuid_enc_le(bin, &uuid);
|
||||
if (bin[4] != 0xec || bin[5] != 0x7d) {
|
||||
uuid_to_string(&uuid, &uuid_str, &status);
|
||||
printf("uuid_enc_le failed, expected %s got %s\n",
|
||||
uuid_str_want, uuid_str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_dec_le ", t);
|
||||
uuid_dec_le(bin, &uuid);
|
||||
if (uuid_equal(&uuid, &uuid_want, &status) == 0) {
|
||||
uuid_to_string(&uuid, &uuid_str, &status);
|
||||
printf("uuid_dec_le failed, expected %s got %s\n",
|
||||
uuid_str_want, uuid_str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_enc_be ", t);
|
||||
uuid_enc_be(bin, &uuid);
|
||||
if (bin[4] != 0x7d || bin[5] != 0xec) {
|
||||
uuid_to_string(&uuid, &uuid_str, &status);
|
||||
printf("uuid_enc_be failed, expected %s got %s\n",
|
||||
uuid_str_want, uuid_str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
printf("[%d] uuid_dec_be ", t);
|
||||
uuid_dec_be(bin, &uuid);
|
||||
if (uuid_equal(&uuid, &uuid_want, &status) == 0) {
|
||||
uuid_to_string(&uuid, &uuid_str, &status);
|
||||
printf("uuid_dec_be failed, expected %s got %s\n",
|
||||
uuid_str_want, uuid_str);
|
||||
return 1;
|
||||
}
|
||||
|
||||
printf("ok\n");
|
||||
t++;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.33 2023/06/03 21:20:29 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.34 2023/07/06 15:08:54 tb Exp $
|
||||
|
||||
PROGS += bn_add_sub
|
||||
PROGS += bn_cmp
|
||||
|
@ -12,6 +12,7 @@ PROGS += bn_mod_sqrt
|
|||
PROGS += bn_mont
|
||||
PROGS += bn_mul_div
|
||||
PROGS += bn_primes
|
||||
PROGS += bn_print
|
||||
PROGS += bn_rand_interval
|
||||
PROGS += bn_shift
|
||||
PROGS += bn_test
|
||||
|
@ -22,6 +23,7 @@ PROGS += bn_word
|
|||
STATIC_LINK += bn_gcd
|
||||
STATIC_LINK += bn_isqrt
|
||||
STATIC_LINK += bn_mod_exp
|
||||
STATIC_LINK += bn_print
|
||||
STATIC_LINK += bn_rand_interval
|
||||
STATIC_LINK += bn_test
|
||||
|
||||
|
|
278
regress/lib/libcrypto/bn/bn_print.c
Normal file
278
regress/lib/libcrypto/bn/bn_print.c
Normal file
|
@ -0,0 +1,278 @@
|
|||
/* $OpenBSD: bn_print.c,v 1.2 2023/07/06 15:11:21 tb Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <err.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/bn.h>
|
||||
|
||||
#include "bn_local.h"
|
||||
|
||||
#define BATIHDIDIDI "mana mana"
|
||||
#define BUF_MEM_LEN 1024
|
||||
|
||||
static const char *pk = "040d305e1b159d03d0a17935b73a3c927aca151ccd62f39c"
|
||||
"265c073de554faa3d6cc12eaf4145fe88e19ab2f2e48e6ac"
|
||||
"184378acd037c3bdb2cd2ce647e21ae663b83d2e2f78c44f"
|
||||
"dbf40fa4684c55726b951d4e18429578cc373c91e29b652b"
|
||||
"29";
|
||||
|
||||
const struct print_test {
|
||||
const char *desc;
|
||||
const char *want;
|
||||
} bn_print_tests[] = {
|
||||
{
|
||||
.desc = "zero",
|
||||
.want = " mana mana 0\n",
|
||||
},
|
||||
{
|
||||
.desc = "minus one",
|
||||
.want = " mana mana 1 (0x1)\n",
|
||||
},
|
||||
{
|
||||
.desc = "minus one",
|
||||
.want = " mana mana -1 (-0x1)\n",
|
||||
},
|
||||
#ifdef _LP64
|
||||
{
|
||||
.desc = "largest word",
|
||||
.want = " mana mana 18446744073709551615 "
|
||||
"(0xffffffffffffffff)\n",
|
||||
},
|
||||
{
|
||||
.desc = "smallest word",
|
||||
.want = " mana mana -18446744073709551615 "
|
||||
"(-0xffffffffffffffff)\n",
|
||||
},
|
||||
{
|
||||
.desc = "largest negative non-word",
|
||||
.want = " mana mana (Negative)\n"
|
||||
" 01:00:00:00:00:00:00:00:00\n",
|
||||
},
|
||||
{
|
||||
.desc = "smallest positive non-word",
|
||||
.want = " mana mana\n"
|
||||
" 01:00:00:00:00:00:00:00:00\n",
|
||||
},
|
||||
#else
|
||||
{
|
||||
.desc = "largest word",
|
||||
.want = " mana mana 4294967295 (0xffffffff)\n",
|
||||
},
|
||||
{
|
||||
.desc = "smallest word",
|
||||
.want = " mana mana -4294967295 (-0xffffffff)\n",
|
||||
},
|
||||
{
|
||||
.desc = "largest negative non-word",
|
||||
.want = " mana mana (Negative)\n"
|
||||
" 01:00:00:00:00\n",
|
||||
},
|
||||
{
|
||||
.desc = "smallest positive non-word",
|
||||
.want = " mana mana\n"
|
||||
" 01:00:00:00:00\n",
|
||||
},
|
||||
#endif
|
||||
{
|
||||
.desc = "some pubkey",
|
||||
.want = " mana mana\n"
|
||||
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
|
||||
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
|
||||
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
|
||||
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
|
||||
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
|
||||
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37:\n"
|
||||
" 3c:91:e2:9b:65:2b:29\n",
|
||||
},
|
||||
{
|
||||
.desc = "negated pubkey",
|
||||
.want = " mana mana (Negative)\n"
|
||||
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
|
||||
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
|
||||
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
|
||||
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
|
||||
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
|
||||
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37:\n"
|
||||
" 3c:91:e2:9b:65:2b:29\n",
|
||||
},
|
||||
{
|
||||
.desc = "shifted negated pubkey",
|
||||
.want = " mana mana (Negative)\n"
|
||||
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
|
||||
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
|
||||
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
|
||||
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
|
||||
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
|
||||
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37\n",
|
||||
},
|
||||
{
|
||||
.desc = "shifted pubkey",
|
||||
.want = " mana mana\n"
|
||||
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
|
||||
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
|
||||
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
|
||||
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
|
||||
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
|
||||
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37\n",
|
||||
},
|
||||
};
|
||||
|
||||
#define N_TESTCASES (sizeof(bn_print_tests) / sizeof(bn_print_tests[0]))
|
||||
|
||||
static int
|
||||
bn_print_testcase(const BIGNUM *bn, const struct print_test *test)
|
||||
{
|
||||
BIO *bio;
|
||||
char *got;
|
||||
size_t want_len;
|
||||
long got_len;
|
||||
int failed = 1;
|
||||
|
||||
if ((bio = BIO_new(BIO_s_mem())) == NULL)
|
||||
errx(1, "BIO_new");
|
||||
|
||||
if (!bn_printf(bio, bn, 4, "%s", BATIHDIDIDI))
|
||||
errx(1, "bn_printf");
|
||||
|
||||
if ((got_len = BIO_get_mem_data(bio, &got)) < 0)
|
||||
errx(1, "BIO_get_mem_data");
|
||||
|
||||
if ((want_len = strlen(test->want)) != (size_t)got_len) {
|
||||
fprintf(stderr, "%s: want: %zu, got %ld\n",
|
||||
test->desc, want_len, got_len);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (strncmp(got, test->want, want_len) != 0) {
|
||||
fprintf(stderr, "%s: strings differ\n", test->desc);
|
||||
fprintf(stderr, "want: \"%s\"\ngot : \"%*s\"\n",
|
||||
test->want, (int)got_len, got);
|
||||
goto err;
|
||||
}
|
||||
|
||||
failed = 0;
|
||||
err:
|
||||
BIO_free(bio);
|
||||
|
||||
return failed;
|
||||
}
|
||||
|
||||
int
|
||||
main(void)
|
||||
{
|
||||
const struct print_test *test;
|
||||
size_t testcase = 0;
|
||||
BIGNUM *bn;
|
||||
int failed = 0;
|
||||
|
||||
/* zero */
|
||||
if ((bn = BN_new()) == NULL)
|
||||
errx(1, "BN_new");
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* one */
|
||||
if (!BN_set_word(bn, 1))
|
||||
errx(1, "BIO_set_word");
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* minus one */
|
||||
BN_set_negative(bn, 1);
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* largest word */
|
||||
if (!BN_set_word(bn, ~0))
|
||||
errx(1, "BN_set_word");
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* smallest word */
|
||||
BN_set_negative(bn, 1);
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* largest negative non-word */
|
||||
if (!BN_sub_word(bn, 1))
|
||||
errx(1, "ASN1_bn_print");
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* smallest positive non-word */
|
||||
BN_set_negative(bn, 0);
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* some pubkey */
|
||||
if (BN_hex2bn(&bn, pk) == 0)
|
||||
errx(1, "BN_hex2bn");
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* negated pubkey */
|
||||
BN_set_negative(bn, 1);
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* shifted negated pubkey */
|
||||
if (!BN_rshift(bn, bn, 7 * 8))
|
||||
errx(1, "BN_rshift");
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
/* shifted pubkey */
|
||||
BN_set_negative(bn, 0);
|
||||
if (testcase >= N_TESTCASES)
|
||||
errx(1, "Too many tests");
|
||||
test = &bn_print_tests[testcase++];
|
||||
failed |= bn_print_testcase(bn, test);
|
||||
|
||||
if (testcase != N_TESTCASES) {
|
||||
warnx("Not all tests run");
|
||||
failed |= 1;
|
||||
}
|
||||
|
||||
BN_free(bn);
|
||||
|
||||
return failed;
|
||||
}
|
|
@ -1,11 +1,11 @@
|
|||
# $OpenBSD: Makefile,v 1.51 2022/11/05 21:58:24 jsing Exp $
|
||||
# $OpenBSD: Makefile,v 1.52 2023/07/02 17:21:32 beck Exp $
|
||||
|
||||
SUBDIR += api
|
||||
SUBDIR += asn1
|
||||
SUBDIR += buffer
|
||||
SUBDIR += bytestring
|
||||
SUBDIR += ciphers
|
||||
SUBDIR += client
|
||||
#SUBDIR += client
|
||||
SUBDIR += dtls
|
||||
SUBDIR += exporter
|
||||
SUBDIR += handshake
|
||||
|
@ -13,7 +13,7 @@ SUBDIR += pqueue
|
|||
SUBDIR += quic
|
||||
SUBDIR += record
|
||||
SUBDIR += record_layer
|
||||
SUBDIR += server
|
||||
#SUBDIR += server
|
||||
SUBDIR += ssl
|
||||
SUBDIR += tls
|
||||
SUBDIR += tlsext
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.6 2023/04/19 15:34:23 tb Exp $
|
||||
# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
|
||||
|
||||
# Connect a client to a server. Both can be current libressl, or
|
||||
# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
|
||||
|
@ -14,7 +14,7 @@ LIBRARIES += openssl11
|
|||
LIBRARIES += openssl30
|
||||
.endif
|
||||
|
||||
VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3
|
||||
VERSIONS = any TLS1_2 TLS1_3
|
||||
|
||||
.for cver in ${VERSIONS}
|
||||
.for sver in ${VERSIONS}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssltest.c,v 1.39 2023/04/15 16:50:05 tb Exp $ */
|
||||
/* $OpenBSD: ssltest.c,v 1.41 2023/07/04 08:47:01 tb Exp $ */
|
||||
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
|
||||
* All rights reserved.
|
||||
*
|
||||
|
@ -254,6 +254,7 @@ cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
|
|||
* Make a copy of the selected protocol which will be freed in
|
||||
* verify_alpn.
|
||||
*/
|
||||
free(alpn_selected);
|
||||
if ((alpn_selected = malloc(*outlen)) == NULL) {
|
||||
fprintf(stderr, "malloc failed\n");
|
||||
abort();
|
||||
|
@ -336,7 +337,7 @@ sv_usage(void)
|
|||
fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
|
||||
fprintf(stderr, " -no_dhe - disable DHE\n");
|
||||
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
|
||||
fprintf(stderr, " -dtls1 - use DTLSv1\n");
|
||||
fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n");
|
||||
fprintf(stderr, " -tls1 - use TLSv1\n");
|
||||
fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
|
||||
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
|
||||
|
@ -409,7 +410,7 @@ main(int argc, char *argv[])
|
|||
int badop = 0;
|
||||
int bio_pair = 0;
|
||||
int force = 0;
|
||||
int tls1 = 0, tls1_2 = 0, dtls1 = 0, ret = 1;
|
||||
int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1;
|
||||
int client_auth = 0;
|
||||
int server_auth = 0, i;
|
||||
char *app_verify_arg = "Test Callback Argument";
|
||||
|
@ -464,8 +465,8 @@ main(int argc, char *argv[])
|
|||
no_dhe = 1;
|
||||
else if (strcmp(*argv, "-no_ecdhe") == 0)
|
||||
no_ecdhe = 1;
|
||||
else if (strcmp(*argv, "-dtls1") == 0)
|
||||
dtls1 = 1;
|
||||
else if (strcmp(*argv, "-dtls1_2") == 0)
|
||||
dtls1_2 = 1;
|
||||
else if (strcmp(*argv, "-tls1") == 0)
|
||||
tls1 = 1;
|
||||
else if (strcmp(*argv, "-tls1_2") == 0)
|
||||
|
@ -565,7 +566,7 @@ bad:
|
|||
goto end;
|
||||
}
|
||||
|
||||
if (!dtls1 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
|
||||
if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
|
||||
fprintf(stderr,
|
||||
"This case cannot work. Use -f to perform "
|
||||
"the test anyway (and\n-d to see what happens), "
|
||||
|
@ -588,8 +589,8 @@ bad:
|
|||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
if (dtls1)
|
||||
meth = DTLSv1_method();
|
||||
if (dtls1_2)
|
||||
meth = DTLSv1_2_method();
|
||||
else if (tls1)
|
||||
meth = TLSv1_method();
|
||||
else if (tls1_2)
|
||||
|
|
|
@ -95,8 +95,7 @@ done
|
|||
if $openssl no-dh; then
|
||||
echo skipping anonymous DH tests
|
||||
else
|
||||
echo test tls1 with 1024bit anonymous DH, multiple handshakes
|
||||
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
echo skipping tls1 tests.
|
||||
fi
|
||||
|
||||
#if $openssl no-rsa; then
|
||||
|
@ -117,17 +116,16 @@ fi
|
|||
# DTLS tests
|
||||
#
|
||||
|
||||
echo test dtlsv1
|
||||
$ssltest -dtls1 $extra || exit 1
|
||||
$ssltest -dtls1_2 $extra || exit 1
|
||||
|
||||
echo test dtlsv1 with server authentication
|
||||
$ssltest -dtls1 -server_auth $CA $extra || exit 1
|
||||
echo test dtlsv1_2 with server authentication
|
||||
$ssltest -dtls1_2 -server_auth $CA $extra || exit 1
|
||||
|
||||
echo test dtlsv1 with client authentication
|
||||
$ssltest -dtls1 -client_auth $CA $extra || exit 1
|
||||
echo test dtlsv1_2 with client authentication
|
||||
$ssltest -dtls1_2 -client_auth $CA $extra || exit 1
|
||||
|
||||
echo test dtlsv1 with both client and server authentication
|
||||
$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
|
||||
echo test dtlsv1_2 with both client and server authentication
|
||||
$ssltest -dtls1_2 -server_auth -client_auth $CA $extra || exit 1
|
||||
|
||||
echo "Testing DTLS ciphersuites"
|
||||
for protocol in SSLv3; do
|
||||
|
@ -136,7 +134,7 @@ for protocol in SSLv3; do
|
|||
awk "/ $protocol / { print \\$1 }" |
|
||||
grep -v RC4`; do
|
||||
echo "Testing $cipher"
|
||||
$ssltest -cipher $cipher -dtls1
|
||||
$ssltest -cipher $cipher -dtls1_2
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "Failed $cipher"
|
||||
exit 1
|
||||
|
@ -148,17 +146,17 @@ done
|
|||
# ALPN tests
|
||||
#
|
||||
echo "Testing ALPN..."
|
||||
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
|
||||
$ssltest -bio_pair -alpn_client foo -alpn_server bar || exit 1
|
||||
$ssltest -bio_pair -alpn_client foo -alpn_server foo \
|
||||
-alpn_expected foo || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
|
||||
$ssltest -bio_pair -alpn_client foo,bar -alpn_server foo \
|
||||
-alpn_expected foo || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
|
||||
$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo \
|
||||
-alpn_expected foo || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
|
||||
$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo,bar \
|
||||
-alpn_expected foo || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
|
||||
$ssltest -bio_pair -alpn_client bar,foo -alpn_server bar,foo \
|
||||
-alpn_expected bar || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
|
||||
$ssltest -bio_pair -alpn_client foo,bar -alpn_server bar,foo \
|
||||
-alpn_expected bar || exit 1
|
||||
$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
|
||||
$ssltest -bio_pair -alpn_client baz -alpn_server bar,foo || exit 1
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: tlstest.c,v 1.1 2021/10/23 14:34:10 jsing Exp $ */
|
||||
/* $OpenBSD: tlstest.c,v 1.2 2023/07/02 17:21:33 beck Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
|
||||
*
|
||||
|
@ -244,14 +244,6 @@ static const struct tls_test tls_tests[] = {
|
|||
.desc = "Default client and TLSv1.2 server",
|
||||
.server_max_version = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.1 server",
|
||||
.server_max_version = TLS1_1_VERSION,
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.0 server",
|
||||
.server_max_version = TLS1_VERSION,
|
||||
},
|
||||
{
|
||||
.desc = "Default client and default server with ECDHE KEX",
|
||||
.server_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
|
@ -261,16 +253,6 @@ static const struct tls_test tls_tests[] = {
|
|||
.server_max_version = TLS1_2_VERSION,
|
||||
.server_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.1 server with ECDHE KEX",
|
||||
.server_max_version = TLS1_1_VERSION,
|
||||
.server_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.0 server with ECDHE KEX",
|
||||
.server_max_version = TLS1_VERSION,
|
||||
.server_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and default server with DHE KEX",
|
||||
.server_ciphers = "DHE-RSA-AES128-SHA",
|
||||
|
@ -280,16 +262,6 @@ static const struct tls_test tls_tests[] = {
|
|||
.server_max_version = TLS1_2_VERSION,
|
||||
.server_ciphers = "DHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.1 server with DHE KEX",
|
||||
.server_max_version = TLS1_1_VERSION,
|
||||
.server_ciphers = "DHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.0 server with DHE KEX",
|
||||
.server_max_version = TLS1_VERSION,
|
||||
.server_ciphers = "DHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and default server with RSA KEX",
|
||||
.server_ciphers = "AES128-SHA",
|
||||
|
@ -299,73 +271,25 @@ static const struct tls_test tls_tests[] = {
|
|||
.server_max_version = TLS1_2_VERSION,
|
||||
.server_ciphers = "AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.1 server with RSA KEX",
|
||||
.server_max_version = TLS1_1_VERSION,
|
||||
.server_ciphers = "AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "Default client and TLSv1.0 server with RSA KEX",
|
||||
.server_max_version = TLS1_VERSION,
|
||||
.server_ciphers = "AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.2 client and default server",
|
||||
.client_max_version = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.1 client and default server",
|
||||
.client_max_version = TLS1_1_VERSION,
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.0 client and default server",
|
||||
.client_max_version = TLS1_VERSION,
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.2 client and default server with ECDHE KEX",
|
||||
.client_max_version = TLS1_2_VERSION,
|
||||
.client_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.1 client and default server with ECDHE KEX",
|
||||
.client_max_version = TLS1_1_VERSION,
|
||||
.client_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.0 client and default server with ECDHE KEX",
|
||||
.client_max_version = TLS1_VERSION,
|
||||
.client_ciphers = "ECDHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.2 client and default server with DHE KEX",
|
||||
.server_max_version = TLS1_2_VERSION,
|
||||
.client_ciphers = "DHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.1 client and default server with DHE KEX",
|
||||
.client_max_version = TLS1_1_VERSION,
|
||||
.client_ciphers = "DHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.0 client and default server with DHE KEX",
|
||||
.client_max_version = TLS1_VERSION,
|
||||
.client_ciphers = "DHE-RSA-AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.2 client and default server with RSA KEX",
|
||||
.client_max_version = TLS1_2_VERSION,
|
||||
.client_ciphers = "AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.1 client and default server with RSA KEX",
|
||||
.client_max_version = TLS1_1_VERSION,
|
||||
.client_ciphers = "AES128-SHA",
|
||||
},
|
||||
{
|
||||
.desc = "TLSv1.0 client and default server with RSA KEX",
|
||||
.client_max_version = TLS1_VERSION,
|
||||
.client_ciphers = "AES128-SHA",
|
||||
},
|
||||
};
|
||||
|
||||
#define N_TLS_TESTS (sizeof(tls_tests) / sizeof(*tls_tests))
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: tlsexttest.c,v 1.81 2023/04/27 10:53:58 tb Exp $ */
|
||||
/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
|
||||
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
|
||||
|
@ -1774,8 +1774,11 @@ static const unsigned char tlsext_sni_client[] = {
|
|||
0x6c, 0x2e, 0x6f, 0x72, 0x67,
|
||||
};
|
||||
|
||||
/* An empty array is an incomplete type and sizeof() is undefined. */
|
||||
static const unsigned char tlsext_sni_server[] = {
|
||||
0x00,
|
||||
};
|
||||
static size_t tlsext_sni_server_len = 0;
|
||||
|
||||
static int
|
||||
test_tlsext_sni_client(void)
|
||||
|
@ -1973,9 +1976,9 @@ test_tlsext_sni_server(void)
|
|||
if (!CBB_finish(&cbb, &data, &dlen))
|
||||
errx(1, "failed to finish CBB");
|
||||
|
||||
if (dlen != sizeof(tlsext_sni_server)) {
|
||||
if (dlen != tlsext_sni_server_len) {
|
||||
FAIL("got server SNI with length %zu, "
|
||||
"want length %zu\n", dlen, sizeof(tlsext_sni_server));
|
||||
"want length %zu\n", dlen, tlsext_sni_server_len);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -1984,14 +1987,14 @@ test_tlsext_sni_server(void)
|
|||
fprintf(stderr, "received:\n");
|
||||
hexdump(data, dlen);
|
||||
fprintf(stderr, "test data:\n");
|
||||
hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
|
||||
hexdump(tlsext_sni_server, tlsext_sni_server_len);
|
||||
goto err;
|
||||
}
|
||||
|
||||
free(ssl->session->tlsext_hostname);
|
||||
ssl->session->tlsext_hostname = NULL;
|
||||
|
||||
CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
|
||||
CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len);
|
||||
if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
|
||||
FAIL("failed to parse server SNI\n");
|
||||
goto err;
|
||||
|
@ -3186,7 +3189,7 @@ test_tlsext_srtp_server(void)
|
|||
}
|
||||
#endif /* OPENSSL_NO_SRTP */
|
||||
|
||||
unsigned char tlsext_clienthello_default[] = {
|
||||
static const unsigned char tlsext_clienthello_default[] = {
|
||||
0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
|
||||
0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
|
||||
0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
|
||||
|
@ -3196,7 +3199,11 @@ unsigned char tlsext_clienthello_default[] = {
|
|||
0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
|
||||
};
|
||||
|
||||
unsigned char tlsext_clienthello_disabled[] = {};
|
||||
/* An empty array is an incomplete type and sizeof() is undefined. */
|
||||
static const unsigned char tlsext_clienthello_disabled[] = {
|
||||
0x00,
|
||||
};
|
||||
static size_t tlsext_clienthello_disabled_len = 0;
|
||||
|
||||
static int
|
||||
test_tlsext_clienthello_build(void)
|
||||
|
@ -3287,18 +3294,18 @@ test_tlsext_clienthello_build(void)
|
|||
goto err;
|
||||
}
|
||||
|
||||
if (dlen != sizeof(tlsext_clienthello_disabled)) {
|
||||
if (dlen != tlsext_clienthello_disabled_len) {
|
||||
FAIL("got clienthello extensions with length %zu, "
|
||||
"want length %zu\n", dlen,
|
||||
sizeof(tlsext_clienthello_disabled));
|
||||
tlsext_clienthello_disabled_len);
|
||||
compare_data(data, dlen, tlsext_clienthello_disabled,
|
||||
sizeof(tlsext_clienthello_disabled));
|
||||
tlsext_clienthello_disabled_len);
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
|
||||
FAIL("clienthello extensions differs:\n");
|
||||
compare_data(data, dlen, tlsext_clienthello_disabled,
|
||||
sizeof(tlsext_clienthello_disabled));
|
||||
tlsext_clienthello_disabled_len);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: tlsfuzzer.py,v 1.49 2023/06/10 05:00:58 tb Exp $
|
||||
# $OpenBSD: tlsfuzzer.py,v 1.50 2023/07/02 17:21:33 beck Exp $
|
||||
#
|
||||
# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
|
||||
#
|
||||
|
@ -323,6 +323,8 @@ tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
|
|||
tls12_exclude_legacy_protocols = [
|
||||
# all these have BIO_read timeouts against TLSv1.3
|
||||
"-e", "Protocol (3, 0)",
|
||||
"-e", "Protocol (3, 1)",
|
||||
"-e", "Protocol (3, 2)",
|
||||
"-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
|
||||
# the following only fail with TLSv1.3
|
||||
"-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
|
||||
|
@ -331,13 +333,20 @@ tls12_exclude_legacy_protocols = [
|
|||
"-e", "Protocol (3, 1) with x448 group",
|
||||
"-e", "Protocol (3, 2) with x448 group",
|
||||
"-e", "Protocol (3, 3) with x448 group",
|
||||
# These don't work without TLSv1.0 and TLSv1.1
|
||||
"-e", "Protocol (3, 1) with secp256r1 group",
|
||||
"-e", "Protocol (3, 1) with secp384r1 group",
|
||||
"-e", "Protocol (3, 1) with secp521r1 group",
|
||||
"-e", "Protocol (3, 1) with x25519 group",
|
||||
"-e", "Protocol (3, 2) with secp256r1 group",
|
||||
"-e", "Protocol (3, 2) with secp384r1 group",
|
||||
"-e", "Protocol (3, 2) with secp521r1 group",
|
||||
"-e", "Protocol (3, 2) with x25519 group",
|
||||
]
|
||||
|
||||
tls12_tests = TestGroup("TLSv1.2 tests", [
|
||||
# Tests that pass as they are.
|
||||
Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
|
||||
Test("test-aes-gcm-nonces.py"),
|
||||
Test("test-chacha20.py"),
|
||||
Test("test-connection-abort.py"),
|
||||
Test("test-conversation.py"),
|
||||
Test("test-cve-2016-2107.py"),
|
||||
|
@ -386,13 +395,30 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
|
|||
]
|
||||
),
|
||||
Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
|
||||
Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.0"]),
|
||||
Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]),
|
||||
Test(
|
||||
"test-downgrade-protection.py",
|
||||
tls12_args = ["--server-max-protocol", "TLSv1.2"],
|
||||
tls13_args = ["--server-max-protocol", "TLSv1.3"],
|
||||
tls13_args = [
|
||||
"--server-max-protocol", "TLSv1.3",
|
||||
"-e", "TLS 1.3 downgrade check for Protocol (3, 1)",
|
||||
"-e", "TLS 1.3 downgrade check for Protocol (3, 2)",
|
||||
]
|
||||
),
|
||||
Test(
|
||||
"test-fallback-scsv.py",
|
||||
tls13_args = [
|
||||
"--tls-1.3",
|
||||
"-e", "FALLBACK - hello TLSv1.1 - pos 0",
|
||||
"-e", "FALLBACK - hello TLSv1.1 - pos 1",
|
||||
"-e", "FALLBACK - hello TLSv1.1 - pos 2",
|
||||
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 0",
|
||||
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 1",
|
||||
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 2",
|
||||
"-e", "record TLSv1.1 hello TLSv1.1",
|
||||
"-e", "sanity - TLSv1.1",
|
||||
]
|
||||
),
|
||||
Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ),
|
||||
|
||||
Test("test-invalid-compression-methods.py", [
|
||||
"-x", "invalid compression methods",
|
||||
|
@ -412,6 +438,8 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
|
|||
Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
|
||||
|
||||
Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
|
||||
|
||||
Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
|
||||
])
|
||||
|
||||
tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
|
||||
|
@ -549,6 +577,9 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
|
|||
|
||||
# x448 tests need disabling plus x25519 corner cases need sorting out
|
||||
Test("test-x25519.py"),
|
||||
|
||||
# Needs TLS 1.0 or 1.1
|
||||
Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
|
||||
])
|
||||
|
||||
tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssl_versions.c,v 1.19 2022/11/26 16:08:57 tb Exp $ */
|
||||
/* $OpenBSD: ssl_versions.c,v 1.20 2023/07/02 17:21:33 beck Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
|
||||
*
|
||||
|
@ -32,43 +32,43 @@ static struct version_range_test version_range_tests[] = {
|
|||
.options = 0,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_3_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_3_VERSION,
|
||||
},
|
||||
{
|
||||
.options = 0,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1_3,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_3_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1_2,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_minver = 0,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1_1,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
|
||||
|
@ -81,15 +81,15 @@ static struct version_range_test version_range_tests[] = {
|
|||
.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_minver = 0,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_1_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_minver = 0,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
|
||||
|
@ -119,14 +119,14 @@ static struct version_range_test version_range_tests[] = {
|
|||
.options = 0,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
.options = 0,
|
||||
.minver = TLS1_1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.want_minver = TLS1_1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_2_VERSION,
|
||||
},
|
||||
{
|
||||
|
@ -140,14 +140,14 @@ static struct version_range_test version_range_tests[] = {
|
|||
.options = 0,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_3_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_3_VERSION,
|
||||
},
|
||||
{
|
||||
.options = 0,
|
||||
.minver = TLS1_1_VERSION,
|
||||
.maxver = TLS1_3_VERSION,
|
||||
.want_minver = TLS1_1_VERSION,
|
||||
.want_minver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_3_VERSION,
|
||||
},
|
||||
{
|
||||
|
@ -168,15 +168,15 @@ static struct version_range_test version_range_tests[] = {
|
|||
.options = 0,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_1_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_minver = 0,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.options = 0,
|
||||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_VERSION,
|
||||
.want_minver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_minver = 0,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
};
|
||||
|
||||
|
@ -276,7 +276,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -284,7 +284,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_1_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -316,7 +316,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -324,7 +324,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -340,7 +340,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_1_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -356,7 +356,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_1_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -372,7 +372,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_1_VERSION,
|
||||
.peerver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLS_method,
|
||||
|
@ -380,7 +380,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_VERSION,
|
||||
.peerver = TLS1_2_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLSv1_method,
|
||||
|
@ -388,7 +388,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_VERSION,
|
||||
.want_maxver = TLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = TLSv1_method,
|
||||
|
@ -404,7 +404,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = TLS1_1_VERSION,
|
||||
.want_maxver = TLS1_1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = DTLS_method,
|
||||
|
@ -412,7 +412,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = DTLS1_VERSION,
|
||||
.want_maxver = DTLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = DTLS_method,
|
||||
|
@ -436,7 +436,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_1_VERSION,
|
||||
.maxver = TLS1_1_VERSION,
|
||||
.peerver = DTLS1_2_VERSION,
|
||||
.want_maxver = DTLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
{
|
||||
.ssl_method = DTLSv1_2_method,
|
||||
|
@ -476,7 +476,7 @@ static struct shared_version_test shared_version_tests[] = {
|
|||
.minver = TLS1_1_VERSION,
|
||||
.maxver = TLS1_2_VERSION,
|
||||
.peerver = DTLS1_2_VERSION,
|
||||
.want_maxver = DTLS1_VERSION,
|
||||
.want_maxver = 0,
|
||||
},
|
||||
};
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: configtest.c,v 1.2 2020/01/20 08:40:16 jsing Exp $ */
|
||||
/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
|
||||
*
|
||||
|
@ -71,30 +71,27 @@ struct parse_protocols_test parse_protocols_tests[] = {
|
|||
{
|
||||
.protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
|
||||
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
|
||||
},
|
||||
{
|
||||
.protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
|
||||
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
|
||||
},
|
||||
{
|
||||
.protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
|
||||
TLS_PROTOCOL_TLSv1_2,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_2,
|
||||
},
|
||||
{
|
||||
.protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_2,
|
||||
},
|
||||
{
|
||||
.protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_2,
|
||||
.want_protocols = 0,
|
||||
},
|
||||
{
|
||||
.protostr = "unknown",
|
||||
|
@ -114,19 +111,17 @@ struct parse_protocols_test parse_protocols_tests[] = {
|
|||
{
|
||||
.protostr = "all,!tlsv1.0",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
|
||||
TLS_PROTOCOL_TLSv1_3,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_3,
|
||||
},
|
||||
{
|
||||
.protostr = "!tlsv1.0",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
|
||||
TLS_PROTOCOL_TLSv1_3,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_3,
|
||||
},
|
||||
{
|
||||
.protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
|
||||
.want_return = 0,
|
||||
.want_protocols = TLS_PROTOCOL_TLSv1_2,
|
||||
.want_protocols = 0,
|
||||
},
|
||||
{
|
||||
.protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",
|
||||
|
|
|
@ -45,8 +45,6 @@ const (
|
|||
)
|
||||
|
||||
var protocolNames = map[ProtocolVersion]string{
|
||||
ProtocolTLSv10: "TLSv1",
|
||||
ProtocolTLSv11: "TLSv1.1",
|
||||
ProtocolTLSv12: "TLSv1.2",
|
||||
ProtocolTLSv13: "TLSv1.3",
|
||||
ProtocolsAll: "all",
|
||||
|
|
|
@ -251,11 +251,11 @@ func TestTLSVersions(t *testing.T) {
|
|||
{tls.VersionSSL30, tls.VersionTLS12, ProtocolTLSv12, false},
|
||||
{tls.VersionTLS10, tls.VersionTLS12, ProtocolTLSv12, false},
|
||||
{tls.VersionTLS11, tls.VersionTLS12, ProtocolTLSv12, false},
|
||||
{tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, false},
|
||||
{tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, false},
|
||||
{tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, true},
|
||||
{tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, true},
|
||||
{tls.VersionSSL30, tls.VersionSSL30, 0, true},
|
||||
{tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, false},
|
||||
{tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, false},
|
||||
{tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, true},
|
||||
{tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, true},
|
||||
{tls.VersionTLS12, tls.VersionTLS12, ProtocolTLSv12, false},
|
||||
}
|
||||
for i, test := range tests {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: copy.c,v 1.6 2021/12/13 16:56:49 deraadt Exp $ */
|
||||
/* $OpenBSD: copy.c,v 1.7 2023/07/06 07:47:04 deraadt Exp $ */
|
||||
|
||||
/* Written by Ted Unangst 2004 Public Domain */
|
||||
|
||||
|
@ -63,9 +63,9 @@ main(int argc, char **argv)
|
|||
/* printf("goodbuf %p badbuf %p\n", goodbuf, badbuf); */
|
||||
|
||||
/* copyin */
|
||||
if (!syscall(202, 0, 6, &kinfo, &kinfosize, 0, 0))
|
||||
if (!sysctl(0, 6, &kinfo, &kinfosize, 0, 0))
|
||||
fail("copyin did not fail on 0 buf\n");
|
||||
if (!syscall(202, badbuf, 6, &kinfo, &kinfosize, 0, 0))
|
||||
if (!sysctl(badbuf, 6, &kinfo, &kinfosize, 0, 0))
|
||||
fail("copyin did not fail on bad buf\n");
|
||||
|
||||
/* copyout */
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.104 2023/01/18 19:18:49 anton Exp $
|
||||
# $OpenBSD: Makefile,v 1.105 2023/07/06 07:45:56 deraadt Exp $
|
||||
|
||||
SUBDIR+= accept access
|
||||
SUBDIR+= bind
|
||||
|
@ -20,7 +20,7 @@ SUBDIR+= select
|
|||
.ifmake clean || cleandir || obj
|
||||
SUBDIR+= setuid
|
||||
.endif
|
||||
SUBDIR+= signal sosplice stackjmp stackpivot syscall syscall_segment
|
||||
SUBDIR+= signal sosplice stackjmp stackpivot syscall_segment
|
||||
SUBDIR+= sysvmsg sysvsem sysvshm
|
||||
SUBDIR+= unalign unfdpass unixsockets unveil unveil-unmount
|
||||
SUBDIR+= wait
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
# $OpenBSD: Makefile,v 1.1 2002/02/08 21:33:32 art Exp $
|
||||
|
||||
PROG= syscall
|
||||
|
||||
.include <bsd.regress.mk>
|
|
@ -1,35 +0,0 @@
|
|||
/* $OpenBSD: syscall.c,v 1.2 2003/07/31 21:48:10 deraadt Exp $ */
|
||||
/*
|
||||
* Written by Artur Grabowski <art@openbsd.org> 2002 Public Domain.
|
||||
*/
|
||||
#include <sys/types.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
#include <stdlib.h>
|
||||
#include <err.h>
|
||||
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
int status;
|
||||
|
||||
switch(fork()) {
|
||||
case -1:
|
||||
err(1, "fork");
|
||||
case 0:
|
||||
syscall(SYS_exit, 17);
|
||||
abort();
|
||||
}
|
||||
|
||||
if (wait(&status) < 0)
|
||||
err(1, "wait");
|
||||
|
||||
if (!WIFEXITED(status))
|
||||
errx(1, "child didn't exit gracefully");
|
||||
|
||||
if (WEXITSTATUS(status) != 17)
|
||||
errx(1, "wrong exit status");
|
||||
|
||||
return 0;
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# $OpenBSD: appstest.sh,v 1.56 2023/04/26 09:07:59 tb Exp $
|
||||
# $OpenBSD: appstest.sh,v 1.57 2023/07/03 05:31:56 beck Exp $
|
||||
#
|
||||
# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
|
||||
#
|
||||
|
@ -1760,10 +1760,6 @@ function test_server_client {
|
|||
sleep 1
|
||||
|
||||
# test by protocol version
|
||||
if [ "$other_openssl_version" = "OpenSSL 1." ] ; then
|
||||
test_sc_by_protocol_version $sc tls1 'Protocol : TLSv1$' $c_id
|
||||
test_sc_by_protocol_version $sc tls1_1 'Protocol : TLSv1\.1$' $c_id
|
||||
fi
|
||||
test_sc_by_protocol_version $sc tls1_2 'Protocol : TLSv1\.2$' $c_id
|
||||
test_sc_by_protocol_version $sc tls1_3 'Protocol : TLSv1\.3$' $c_id
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh
|
||||
# $OpenBSD: test_client.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
|
||||
# $OpenBSD: test_client.sh,v 1.3 2023/07/03 05:31:56 beck Exp $
|
||||
|
||||
echo
|
||||
echo This starts a tls1 mode client to talk to the server run by
|
||||
|
@ -9,4 +9,4 @@ echo type in this window after ssl negotiation and your output should
|
|||
echo be echoed by the server.
|
||||
echo
|
||||
echo
|
||||
${OPENSSL:-/usr/bin/openssl} s_client -tls1
|
||||
${OPENSSL:-/usr/bin/openssl} s_client
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh
|
||||
# $OpenBSD: test_server.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
|
||||
# $OpenBSD: test_server.sh,v 1.3 2023/07/03 05:31:56 beck Exp $
|
||||
|
||||
echo This starts a tls1 mode server using the DSA certificate in ./server.pem
|
||||
echo Run ./testclient.sh in another window and type at it, you should
|
||||
|
@ -7,4 +7,4 @@ echo see the results of the ssl negotiation, and stuff you type in the client
|
|||
echo should echo in this window
|
||||
echo
|
||||
echo
|
||||
${OPENSSL:-/usr/bin/openssl} s_server -tls1 -key testdsa.key -cert testdsa.pem
|
||||
${OPENSSL:-/usr/bin/openssl} s_server -key testdsa.key -cert testdsa.pem
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $OpenBSD: Makefile,v 1.63 2023/06/08 08:57:02 espie Exp $
|
||||
# $OpenBSD: Makefile,v 1.65 2023/07/03 17:55:51 anton Exp $
|
||||
|
||||
REGRESS_TARGETS=cmp-vers1-1 \
|
||||
cmp-vers1-2 \
|
||||
|
@ -106,7 +106,10 @@ REGRESS_TARGETS=cmp-vers1-1 \
|
|||
lib-flags-2 \
|
||||
lib-flags-3 \
|
||||
lib-flags-4 \
|
||||
|
||||
private-cflags-1 \
|
||||
private-libs-1 \
|
||||
private-cflags-libs-1 \
|
||||
private-static-libs-1
|
||||
|
||||
PKG_CONFIG?= /usr/bin/pkg-config
|
||||
PCONFIG = PKG_CONFIG_PATH=${.CURDIR}/pcdir/ ${PKG_CONFIG}
|
||||
|
@ -700,9 +703,6 @@ cflags-system-path-2:
|
|||
@PKG_CONFIG_SYSTEM_INCLUDE_PATH=/usr/X11R6/include:/usr/private/include ${VPCONFIG} --cflags cflags-2
|
||||
@diff -u ${WANT} ${GOT}
|
||||
|
||||
clean:
|
||||
rm -f *.want *.got
|
||||
|
||||
lib-flags-1:
|
||||
# Test --libs-only-other
|
||||
@echo "-pthread" > ${WANT}
|
||||
|
@ -727,6 +727,34 @@ lib-flags-4:
|
|||
@${VPCONFIG} --libs-only-l lib-flags
|
||||
@diff -u ${WANT} ${GOT}
|
||||
|
||||
private-cflags-1:
|
||||
# Test --cflags printing Requires
|
||||
@echo "-I/requires-test/include -I/private-dep/include -I/public-dep/include" > ${WANT}
|
||||
@${VPCONFIG} --cflags requires-test
|
||||
@diff -u ${WANT} ${GOT}
|
||||
|
||||
private-libs-1:
|
||||
# Test --libs printing Requires
|
||||
@echo "-L/requires-test/lib -L/public-dep/lib -lrequires-test -lpublic-dep" > ${WANT}
|
||||
@${VPCONFIG} --libs requires-test
|
||||
@diff -u ${WANT} ${GOT}
|
||||
|
||||
REGRESS_EXPECTED_FAILURES+=private-cflags-libs-1
|
||||
private-cflags-libs-1:
|
||||
# Test --cflags --libs printing Requires and not also Requires.private libs
|
||||
@echo "-I/requires-test/include -I/private-dep/include -I/public-dep/include -L/requires-test/lib -L/public-dep/lib -lrequires-test -lpublic-dep" > ${WANT}
|
||||
@${VPCONFIG} --cflags --libs requires-test
|
||||
@diff -u ${WANT} ${GOT}
|
||||
|
||||
private-static-libs-1:
|
||||
# Test --static --libs printing Requires.private
|
||||
@echo "-L/requires-test/lib -L/private-dep/lib -L/public-dep/lib -lrequires-test -lprivate-dep -lpublic-dep" > ${WANT}
|
||||
@${VPCONFIG} --static --libs requires-test
|
||||
@diff -u ${WANT} ${GOT}
|
||||
|
||||
clean:
|
||||
rm -f *.want *.got
|
||||
|
||||
.PHONY: ${REGRESS_TARGETS}
|
||||
|
||||
.include <bsd.regress.mk>
|
||||
|
|
|
@ -424,7 +424,7 @@ test-rcs-oflag: clean
|
|||
case "$$?" in 1) exit 0;; esac && exit 1
|
||||
@tr '\n' ' ' < blah.c,v | grep -q '[[:space:]]1.5[[:space:]]' || \
|
||||
case "$$?" in 1) exit 0;; esac && exit 1
|
||||
|
||||
|
||||
test-rcs-lock-unlock: clean
|
||||
@touch file
|
||||
@mkdir -p RCS
|
||||
|
@ -482,7 +482,7 @@ test-co-lock-filemodes:
|
|||
@chmod 754 RCS/blah.c,v
|
||||
@${CO} -q -l blah.c
|
||||
@eval 'test `stat -f%p blah.c` = 100754'
|
||||
|
||||
|
||||
|
||||
# Testing 'co -u blah.c' for permissions inheritance
|
||||
test-co-unlock-filemodes: test-co-lock-filemodes
|
||||
|
@ -617,7 +617,7 @@ test-ci-parse-keywords: clean
|
|||
@echo . | ${CI} -q -k test
|
||||
|
||||
test-ci-parse-keywords2: clean
|
||||
@echo '$Id: blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah' > test
|
||||
@echo '$Id: blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah' > test
|
||||
@echo . | ${CI} -q -k test
|
||||
|
||||
# Check for correct EOF handling in rcs parser
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
# The client writes a message to Sys::Syslog native method.
|
||||
# The syslogd writes it into a file and through a pipe.
|
||||
# The syslogd passes it via TLS to localhost loghost without verification.
|
||||
# The server receives the message on its TLS version 1.0 socket.
|
||||
# Find the message in client, file, pipe, syslogd, server log.
|
||||
# Check that server log contains ssl version 1.
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Socket;
|
||||
|
||||
our %args = (
|
||||
syslogd => {
|
||||
loghost => '@tls://localhost:$connectport',
|
||||
loggrep => {
|
||||
qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
|
||||
get_testgrep() => 1,
|
||||
qr/syslogd: loghost .* connection error: connect failed:/ => 0,
|
||||
},
|
||||
},
|
||||
server => {
|
||||
listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
|
||||
loggrep => {
|
||||
qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
|
||||
get_testgrep() => 1,
|
||||
qr/ssl version: TLSv1$/ => 1,
|
||||
},
|
||||
sslversion => "TLSv1",
|
||||
},
|
||||
);
|
||||
|
||||
1;
|
|
@ -1,33 +0,0 @@
|
|||
# The client writes a message to Sys::Syslog native method.
|
||||
# The syslogd writes it into a file and through a pipe.
|
||||
# The syslogd passes it via TLS to localhost loghost.
|
||||
# The server receives the message on its TLS version 1.0 socket.
|
||||
# Find the message in client, file, pipe, syslogd, server log.
|
||||
# Check that server log contains ssl version 1.
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Socket;
|
||||
|
||||
our %args = (
|
||||
syslogd => {
|
||||
loghost => '@tls://localhost:$connectport',
|
||||
loggrep => {
|
||||
qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
|
||||
get_testgrep() => 1,
|
||||
qr/syslogd: loghost .* connection error: connect failed:/ => 0,
|
||||
},
|
||||
cacrt => "ca.crt",
|
||||
},
|
||||
server => {
|
||||
listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
|
||||
loggrep => {
|
||||
qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
|
||||
get_testgrep() => 1,
|
||||
qr/ssl version: TLSv1$/ => 1,
|
||||
},
|
||||
sslversion => "TLSv1",
|
||||
},
|
||||
);
|
||||
|
||||
1;
|
Loading…
Add table
Add a link
Reference in a new issue