This commit is contained in:
purplerain 2023-07-06 21:55:14 +00:00
parent f1b2576417
commit 2a351e0cdc
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
347 changed files with 9596 additions and 5486 deletions

View file

@ -0,0 +1,27 @@
# $OpenBSD: Makefile,v 1.3 2023/07/05 21:38:22 bluhm Exp $
.if ! (make(clean) || make(cleandir) || make(obj))
NCPU != /sbin/sysctl -n hw.ncpuonline
.endif
REGRESS_SETUP_ONCE += build
build:
# Makefile and Perl tree must exist in obj directory for testing.
${MAKE} -C ${BSDSRCDIR}/gnu/usr.bin/perl -f Makefile.bsd-wrapper obj
${MAKE} -C ${BSDSRCDIR}/gnu/usr.bin/perl -f Makefile.bsd-wrapper -j ${NCPU} all
REGRESS_SETUP += permissions
permissions:
# The permissions in CVS tree are not as in the Perl distribution.
# Match expectations of t/porting/exec-bit.t and
# cpan/Test-Harness/t/source_tests/source.sh
awk '{print $$1}' ${BSDSRCDIR}/gnu/usr.bin/perl/MANIFEST |\
( cd ${BSDOBJDIR}/gnu/usr.bin/perl/ && xargs chmod -x )
grep -v '^#' ${BSDSRCDIR}/gnu/usr.bin/perl/Porting/exec-bit.txt |\
( cd ${BSDOBJDIR}/gnu/usr.bin/perl/ && xargs chmod +x )
REGRESS_TARGETS += test
test:
${MAKE} -C ${BSDSRCDIR}/gnu/usr.bin/perl -f Makefile.bsd-wrapper test
.include <bsd.regress.mk>

View file

@ -1,6 +1,6 @@
/* $OpenBSD: uuidtest.c,v 1.1 2021/08/31 09:57:27 jasper Exp $ */
/* $OpenBSD: uuidtest.c,v 1.2 2023/07/03 13:51:55 jasper Exp $ */
/*
* Copyright (c) 2021 Jasper Lievisse Adriaanse <jasper@openbsd.org>
* Copyright (c) 2021, 2023 Jasper Lievisse Adriaanse <jasper@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@ -26,13 +26,14 @@
int
main(int argc, char **argv)
{
struct uuid uuid, uuid_want;
struct uuid uuid, uuid2, uuid_want;
char *uuid_str, *uuid_str_want;
uint32_t status;
int t = 1;
unsigned char bin[16];
int rc, t = 1;
/* Test invalid input to uuid_from_string() */
printf("[%d] uuid_from_string ", t);
printf("[%d] uuid_from_string (invalid) ", t);
uuid_str = "6fc3134d-011d-463d-a6b4-fe1f3a5e57dX";
uuid_from_string(uuid_str, &uuid, &status);
if (status != uuid_s_invalid_string_uuid) {
@ -44,6 +45,19 @@ main(int argc, char **argv)
printf("ok\n");
t++;
/* Test a bad version gets recognized */
printf("[%d] uuid_from_string (bad version) ", t);
uuid_str = "ffffffff-ffff-ffff-ffff-ffffffffffff";
uuid_from_string(uuid_str, &uuid, &status);
if (status != uuid_s_bad_version) {
printf("failed to return uuid_s_bad_version for '%s'\n",
uuid_str);
return 1;
}
printf("ok\n");
t++;
/* Test valid input to uuid_from_string() */
printf("[%d] uuid_from_string ", t);
uuid_str = "f81d4fae-7dec-11d0-a765-00a0c91e6bf6";
@ -65,6 +79,7 @@ main(int argc, char **argv)
printf("failed to return uuid_s_ok for '%s', got %d\n", uuid_str, status);
return 1;
}
ASSERT_EQ(uuid.time_low, uuid_want.time_low);
ASSERT_EQ(uuid.time_mid, uuid_want.time_mid);
ASSERT_EQ(uuid.time_hi_and_version, uuid_want.time_hi_and_version);
@ -125,5 +140,122 @@ main(int argc, char **argv)
printf("ok\n");
t++;
/*
* Assuming the clock of the system running the test is ahead of the one
* where this test was written, we can test uuid_create along with
* uuid_compare here.
*/
printf("[%d] uuid_create ", t);
uuid_create(&uuid, &status);
if (status != uuid_s_ok) {
printf("uuid_create failed to return uuid_s_ok, got %d\n",
status);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_compare ", t);
/* uuid was just generated, uuid2 was generated before. */
uuid_from_string(uuid_str, &uuid2, &status);
rc = uuid_compare(&uuid, &uuid2, &status);
if ((status != uuid_s_ok) || (rc != 1)) {
printf("uuid_compare failed, expected 1 got: %d and status: %d\n",
rc, status);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_equal ", t);
rc = uuid_equal(&uuid, &uuid, &status);
if ((status != uuid_s_ok) || (rc != 1)) {
printf("uuid_compare failed, expected 1 got: %d and status: %d\n",
rc, status);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_equal (nil) ", t);
uuid_create_nil(&uuid, &status);
rc = uuid_equal(&uuid, &uuid2, &status);
if ((status != uuid_s_ok) || (rc != 1)) {
printf("uuid_compare failed, expected 1 got: %d and status: %d\n",
rc, status);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_hash ", t);
uint16_t hash = uuid_hash(&uuid_want, &status);
if ((status != uuid_s_ok) || (hash != 0x4fae)) {
printf("uuid_hash failed, expected 0x4fae got: 0x%04x and status: %d\n",
hash, status);
return 1;
}
printf("ok\n");
t++;
uuid_str_want = "f81d4fae-7dec-11d0-a765-00a0c91e6bf6";
printf("[%d] uuid_enc_le ", t);
uuid_from_string(uuid_str_want, &uuid, &status);
/*
* Check two fields to ensure they're in the right order.
* If these two are ok, it's safe to assum the rest are too.
*/
uuid_enc_le(bin, &uuid);
if (bin[4] != 0xec || bin[5] != 0x7d) {
uuid_to_string(&uuid, &uuid_str, &status);
printf("uuid_enc_le failed, expected %s got %s\n",
uuid_str_want, uuid_str);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_dec_le ", t);
uuid_dec_le(bin, &uuid);
if (uuid_equal(&uuid, &uuid_want, &status) == 0) {
uuid_to_string(&uuid, &uuid_str, &status);
printf("uuid_dec_le failed, expected %s got %s\n",
uuid_str_want, uuid_str);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_enc_be ", t);
uuid_enc_be(bin, &uuid);
if (bin[4] != 0x7d || bin[5] != 0xec) {
uuid_to_string(&uuid, &uuid_str, &status);
printf("uuid_enc_be failed, expected %s got %s\n",
uuid_str_want, uuid_str);
return 1;
}
printf("ok\n");
t++;
printf("[%d] uuid_dec_be ", t);
uuid_dec_be(bin, &uuid);
if (uuid_equal(&uuid, &uuid_want, &status) == 0) {
uuid_to_string(&uuid, &uuid_str, &status);
printf("uuid_dec_be failed, expected %s got %s\n",
uuid_str_want, uuid_str);
return 1;
}
printf("ok\n");
t++;
return 0;
}

View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.33 2023/06/03 21:20:29 tb Exp $
# $OpenBSD: Makefile,v 1.34 2023/07/06 15:08:54 tb Exp $
PROGS += bn_add_sub
PROGS += bn_cmp
@ -12,6 +12,7 @@ PROGS += bn_mod_sqrt
PROGS += bn_mont
PROGS += bn_mul_div
PROGS += bn_primes
PROGS += bn_print
PROGS += bn_rand_interval
PROGS += bn_shift
PROGS += bn_test
@ -22,6 +23,7 @@ PROGS += bn_word
STATIC_LINK += bn_gcd
STATIC_LINK += bn_isqrt
STATIC_LINK += bn_mod_exp
STATIC_LINK += bn_print
STATIC_LINK += bn_rand_interval
STATIC_LINK += bn_test

View file

@ -0,0 +1,278 @@
/* $OpenBSD: bn_print.c,v 1.2 2023/07/06 15:11:21 tb Exp $ */
/*
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <err.h>
#include <stdio.h>
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include "bn_local.h"
#define BATIHDIDIDI "mana mana"
#define BUF_MEM_LEN 1024
static const char *pk = "040d305e1b159d03d0a17935b73a3c927aca151ccd62f39c"
"265c073de554faa3d6cc12eaf4145fe88e19ab2f2e48e6ac"
"184378acd037c3bdb2cd2ce647e21ae663b83d2e2f78c44f"
"dbf40fa4684c55726b951d4e18429578cc373c91e29b652b"
"29";
const struct print_test {
const char *desc;
const char *want;
} bn_print_tests[] = {
{
.desc = "zero",
.want = " mana mana 0\n",
},
{
.desc = "minus one",
.want = " mana mana 1 (0x1)\n",
},
{
.desc = "minus one",
.want = " mana mana -1 (-0x1)\n",
},
#ifdef _LP64
{
.desc = "largest word",
.want = " mana mana 18446744073709551615 "
"(0xffffffffffffffff)\n",
},
{
.desc = "smallest word",
.want = " mana mana -18446744073709551615 "
"(-0xffffffffffffffff)\n",
},
{
.desc = "largest negative non-word",
.want = " mana mana (Negative)\n"
" 01:00:00:00:00:00:00:00:00\n",
},
{
.desc = "smallest positive non-word",
.want = " mana mana\n"
" 01:00:00:00:00:00:00:00:00\n",
},
#else
{
.desc = "largest word",
.want = " mana mana 4294967295 (0xffffffff)\n",
},
{
.desc = "smallest word",
.want = " mana mana -4294967295 (-0xffffffff)\n",
},
{
.desc = "largest negative non-word",
.want = " mana mana (Negative)\n"
" 01:00:00:00:00\n",
},
{
.desc = "smallest positive non-word",
.want = " mana mana\n"
" 01:00:00:00:00\n",
},
#endif
{
.desc = "some pubkey",
.want = " mana mana\n"
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37:\n"
" 3c:91:e2:9b:65:2b:29\n",
},
{
.desc = "negated pubkey",
.want = " mana mana (Negative)\n"
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37:\n"
" 3c:91:e2:9b:65:2b:29\n",
},
{
.desc = "shifted negated pubkey",
.want = " mana mana (Negative)\n"
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37\n",
},
{
.desc = "shifted pubkey",
.want = " mana mana\n"
" 04:0d:30:5e:1b:15:9d:03:d0:a1:79:35:b7:3a:3c:\n"
" 92:7a:ca:15:1c:cd:62:f3:9c:26:5c:07:3d:e5:54:\n"
" fa:a3:d6:cc:12:ea:f4:14:5f:e8:8e:19:ab:2f:2e:\n"
" 48:e6:ac:18:43:78:ac:d0:37:c3:bd:b2:cd:2c:e6:\n"
" 47:e2:1a:e6:63:b8:3d:2e:2f:78:c4:4f:db:f4:0f:\n"
" a4:68:4c:55:72:6b:95:1d:4e:18:42:95:78:cc:37\n",
},
};
#define N_TESTCASES (sizeof(bn_print_tests) / sizeof(bn_print_tests[0]))
static int
bn_print_testcase(const BIGNUM *bn, const struct print_test *test)
{
BIO *bio;
char *got;
size_t want_len;
long got_len;
int failed = 1;
if ((bio = BIO_new(BIO_s_mem())) == NULL)
errx(1, "BIO_new");
if (!bn_printf(bio, bn, 4, "%s", BATIHDIDIDI))
errx(1, "bn_printf");
if ((got_len = BIO_get_mem_data(bio, &got)) < 0)
errx(1, "BIO_get_mem_data");
if ((want_len = strlen(test->want)) != (size_t)got_len) {
fprintf(stderr, "%s: want: %zu, got %ld\n",
test->desc, want_len, got_len);
goto err;
}
if (strncmp(got, test->want, want_len) != 0) {
fprintf(stderr, "%s: strings differ\n", test->desc);
fprintf(stderr, "want: \"%s\"\ngot : \"%*s\"\n",
test->want, (int)got_len, got);
goto err;
}
failed = 0;
err:
BIO_free(bio);
return failed;
}
int
main(void)
{
const struct print_test *test;
size_t testcase = 0;
BIGNUM *bn;
int failed = 0;
/* zero */
if ((bn = BN_new()) == NULL)
errx(1, "BN_new");
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* one */
if (!BN_set_word(bn, 1))
errx(1, "BIO_set_word");
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* minus one */
BN_set_negative(bn, 1);
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* largest word */
if (!BN_set_word(bn, ~0))
errx(1, "BN_set_word");
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* smallest word */
BN_set_negative(bn, 1);
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* largest negative non-word */
if (!BN_sub_word(bn, 1))
errx(1, "ASN1_bn_print");
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* smallest positive non-word */
BN_set_negative(bn, 0);
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* some pubkey */
if (BN_hex2bn(&bn, pk) == 0)
errx(1, "BN_hex2bn");
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* negated pubkey */
BN_set_negative(bn, 1);
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* shifted negated pubkey */
if (!BN_rshift(bn, bn, 7 * 8))
errx(1, "BN_rshift");
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
/* shifted pubkey */
BN_set_negative(bn, 0);
if (testcase >= N_TESTCASES)
errx(1, "Too many tests");
test = &bn_print_tests[testcase++];
failed |= bn_print_testcase(bn, test);
if (testcase != N_TESTCASES) {
warnx("Not all tests run");
failed |= 1;
}
BN_free(bn);
return failed;
}

View file

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.51 2022/11/05 21:58:24 jsing Exp $
# $OpenBSD: Makefile,v 1.52 2023/07/02 17:21:32 beck Exp $
SUBDIR += api
SUBDIR += asn1
SUBDIR += buffer
SUBDIR += bytestring
SUBDIR += ciphers
SUBDIR += client
#SUBDIR += client
SUBDIR += dtls
SUBDIR += exporter
SUBDIR += handshake
@ -13,7 +13,7 @@ SUBDIR += pqueue
SUBDIR += quic
SUBDIR += record
SUBDIR += record_layer
SUBDIR += server
#SUBDIR += server
SUBDIR += ssl
SUBDIR += tls
SUBDIR += tlsext

View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.6 2023/04/19 15:34:23 tb Exp $
# $OpenBSD: Makefile,v 1.7 2023/07/02 17:21:32 beck Exp $
# Connect a client to a server. Both can be current libressl, or
# openssl 1.1 or openssl 3.0. Pin client or server to a fixed TLS
@ -14,7 +14,7 @@ LIBRARIES += openssl11
LIBRARIES += openssl30
.endif
VERSIONS = any TLS1 TLS1_1 TLS1_2 TLS1_3
VERSIONS = any TLS1_2 TLS1_3
.for cver in ${VERSIONS}
.for sver in ${VERSIONS}

View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssltest.c,v 1.39 2023/04/15 16:50:05 tb Exp $ */
/* $OpenBSD: ssltest.c,v 1.41 2023/07/04 08:47:01 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -254,6 +254,7 @@ cb_server_alpn(SSL *s, const unsigned char **out, unsigned char *outlen,
* Make a copy of the selected protocol which will be freed in
* verify_alpn.
*/
free(alpn_selected);
if ((alpn_selected = malloc(*outlen)) == NULL) {
fprintf(stderr, "malloc failed\n");
abort();
@ -336,7 +337,7 @@ sv_usage(void)
fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
fprintf(stderr, " -no_dhe - disable DHE\n");
fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
fprintf(stderr, " -dtls1 - use DTLSv1\n");
fprintf(stderr, " -dtls1_2 - use DTLSv1.2\n");
fprintf(stderr, " -tls1 - use TLSv1\n");
fprintf(stderr, " -tls1_2 - use TLSv1.2\n");
fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
@ -409,7 +410,7 @@ main(int argc, char *argv[])
int badop = 0;
int bio_pair = 0;
int force = 0;
int tls1 = 0, tls1_2 = 0, dtls1 = 0, ret = 1;
int tls1 = 0, tls1_2 = 0, dtls1_2 = 0, ret = 1;
int client_auth = 0;
int server_auth = 0, i;
char *app_verify_arg = "Test Callback Argument";
@ -464,8 +465,8 @@ main(int argc, char *argv[])
no_dhe = 1;
else if (strcmp(*argv, "-no_ecdhe") == 0)
no_ecdhe = 1;
else if (strcmp(*argv, "-dtls1") == 0)
dtls1 = 1;
else if (strcmp(*argv, "-dtls1_2") == 0)
dtls1_2 = 1;
else if (strcmp(*argv, "-tls1") == 0)
tls1 = 1;
else if (strcmp(*argv, "-tls1_2") == 0)
@ -565,7 +566,7 @@ bad:
goto end;
}
if (!dtls1 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
if (!dtls1_2 && !tls1 && !tls1_2 && number > 1 && !reuse && !force) {
fprintf(stderr,
"This case cannot work. Use -f to perform "
"the test anyway (and\n-d to see what happens), "
@ -588,8 +589,8 @@ bad:
SSL_library_init();
SSL_load_error_strings();
if (dtls1)
meth = DTLSv1_method();
if (dtls1_2)
meth = DTLSv1_2_method();
else if (tls1)
meth = TLSv1_method();
else if (tls1_2)

View file

@ -95,8 +95,7 @@ done
if $openssl no-dh; then
echo skipping anonymous DH tests
else
echo test tls1 with 1024bit anonymous DH, multiple handshakes
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
echo skipping tls1 tests.
fi
#if $openssl no-rsa; then
@ -117,17 +116,16 @@ fi
# DTLS tests
#
echo test dtlsv1
$ssltest -dtls1 $extra || exit 1
$ssltest -dtls1_2 $extra || exit 1
echo test dtlsv1 with server authentication
$ssltest -dtls1 -server_auth $CA $extra || exit 1
echo test dtlsv1_2 with server authentication
$ssltest -dtls1_2 -server_auth $CA $extra || exit 1
echo test dtlsv1 with client authentication
$ssltest -dtls1 -client_auth $CA $extra || exit 1
echo test dtlsv1_2 with client authentication
$ssltest -dtls1_2 -client_auth $CA $extra || exit 1
echo test dtlsv1 with both client and server authentication
$ssltest -dtls1 -server_auth -client_auth $CA $extra || exit 1
echo test dtlsv1_2 with both client and server authentication
$ssltest -dtls1_2 -server_auth -client_auth $CA $extra || exit 1
echo "Testing DTLS ciphersuites"
for protocol in SSLv3; do
@ -136,7 +134,7 @@ for protocol in SSLv3; do
awk "/ $protocol / { print \\$1 }" |
grep -v RC4`; do
echo "Testing $cipher"
$ssltest -cipher $cipher -dtls1
$ssltest -cipher $cipher -dtls1_2
if [ $? -ne 0 ] ; then
echo "Failed $cipher"
exit 1
@ -148,17 +146,17 @@ done
# ALPN tests
#
echo "Testing ALPN..."
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo -alpn_server foo \
$ssltest -bio_pair -alpn_client foo -alpn_server bar || exit 1
$ssltest -bio_pair -alpn_client foo -alpn_server foo \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo \
$ssltest -bio_pair -alpn_client foo,bar -alpn_server foo \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo \
$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar \
$ssltest -bio_pair -alpn_client bar,foo -alpn_server foo,bar \
-alpn_expected foo || exit 1
$ssltest -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo \
$ssltest -bio_pair -alpn_client bar,foo -alpn_server bar,foo \
-alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo \
$ssltest -bio_pair -alpn_client foo,bar -alpn_server bar,foo \
-alpn_expected bar || exit 1
$ssltest -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo || exit 1
$ssltest -bio_pair -alpn_client baz -alpn_server bar,foo || exit 1

View file

@ -1,4 +1,4 @@
/* $OpenBSD: tlstest.c,v 1.1 2021/10/23 14:34:10 jsing Exp $ */
/* $OpenBSD: tlstest.c,v 1.2 2023/07/02 17:21:33 beck Exp $ */
/*
* Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
*
@ -244,14 +244,6 @@ static const struct tls_test tls_tests[] = {
.desc = "Default client and TLSv1.2 server",
.server_max_version = TLS1_2_VERSION,
},
{
.desc = "Default client and TLSv1.1 server",
.server_max_version = TLS1_1_VERSION,
},
{
.desc = "Default client and TLSv1.0 server",
.server_max_version = TLS1_VERSION,
},
{
.desc = "Default client and default server with ECDHE KEX",
.server_ciphers = "ECDHE-RSA-AES128-SHA",
@ -261,16 +253,6 @@ static const struct tls_test tls_tests[] = {
.server_max_version = TLS1_2_VERSION,
.server_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.1 server with ECDHE KEX",
.server_max_version = TLS1_1_VERSION,
.server_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.0 server with ECDHE KEX",
.server_max_version = TLS1_VERSION,
.server_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "Default client and default server with DHE KEX",
.server_ciphers = "DHE-RSA-AES128-SHA",
@ -280,16 +262,6 @@ static const struct tls_test tls_tests[] = {
.server_max_version = TLS1_2_VERSION,
.server_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.1 server with DHE KEX",
.server_max_version = TLS1_1_VERSION,
.server_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "Default client and TLSv1.0 server with DHE KEX",
.server_max_version = TLS1_VERSION,
.server_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "Default client and default server with RSA KEX",
.server_ciphers = "AES128-SHA",
@ -299,73 +271,25 @@ static const struct tls_test tls_tests[] = {
.server_max_version = TLS1_2_VERSION,
.server_ciphers = "AES128-SHA",
},
{
.desc = "Default client and TLSv1.1 server with RSA KEX",
.server_max_version = TLS1_1_VERSION,
.server_ciphers = "AES128-SHA",
},
{
.desc = "Default client and TLSv1.0 server with RSA KEX",
.server_max_version = TLS1_VERSION,
.server_ciphers = "AES128-SHA",
},
{
.desc = "TLSv1.2 client and default server",
.client_max_version = TLS1_2_VERSION,
},
{
.desc = "TLSv1.1 client and default server",
.client_max_version = TLS1_1_VERSION,
},
{
.desc = "TLSv1.0 client and default server",
.client_max_version = TLS1_VERSION,
},
{
.desc = "TLSv1.2 client and default server with ECDHE KEX",
.client_max_version = TLS1_2_VERSION,
.client_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.1 client and default server with ECDHE KEX",
.client_max_version = TLS1_1_VERSION,
.client_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.0 client and default server with ECDHE KEX",
.client_max_version = TLS1_VERSION,
.client_ciphers = "ECDHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.2 client and default server with DHE KEX",
.server_max_version = TLS1_2_VERSION,
.client_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.1 client and default server with DHE KEX",
.client_max_version = TLS1_1_VERSION,
.client_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.0 client and default server with DHE KEX",
.client_max_version = TLS1_VERSION,
.client_ciphers = "DHE-RSA-AES128-SHA",
},
{
.desc = "TLSv1.2 client and default server with RSA KEX",
.client_max_version = TLS1_2_VERSION,
.client_ciphers = "AES128-SHA",
},
{
.desc = "TLSv1.1 client and default server with RSA KEX",
.client_max_version = TLS1_1_VERSION,
.client_ciphers = "AES128-SHA",
},
{
.desc = "TLSv1.0 client and default server with RSA KEX",
.client_max_version = TLS1_VERSION,
.client_ciphers = "AES128-SHA",
},
};
#define N_TLS_TESTS (sizeof(tls_tests) / sizeof(*tls_tests))

View file

@ -1,4 +1,4 @@
/* $OpenBSD: tlsexttest.c,v 1.81 2023/04/27 10:53:58 tb Exp $ */
/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@ -1774,8 +1774,11 @@ static const unsigned char tlsext_sni_client[] = {
0x6c, 0x2e, 0x6f, 0x72, 0x67,
};
/* An empty array is an incomplete type and sizeof() is undefined. */
static const unsigned char tlsext_sni_server[] = {
0x00,
};
static size_t tlsext_sni_server_len = 0;
static int
test_tlsext_sni_client(void)
@ -1973,9 +1976,9 @@ test_tlsext_sni_server(void)
if (!CBB_finish(&cbb, &data, &dlen))
errx(1, "failed to finish CBB");
if (dlen != sizeof(tlsext_sni_server)) {
if (dlen != tlsext_sni_server_len) {
FAIL("got server SNI with length %zu, "
"want length %zu\n", dlen, sizeof(tlsext_sni_server));
"want length %zu\n", dlen, tlsext_sni_server_len);
goto err;
}
@ -1984,14 +1987,14 @@ test_tlsext_sni_server(void)
fprintf(stderr, "received:\n");
hexdump(data, dlen);
fprintf(stderr, "test data:\n");
hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
hexdump(tlsext_sni_server, tlsext_sni_server_len);
goto err;
}
free(ssl->session->tlsext_hostname);
ssl->session->tlsext_hostname = NULL;
CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
CBS_init(&cbs, tlsext_sni_server, tlsext_sni_server_len);
if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("failed to parse server SNI\n");
goto err;
@ -3186,7 +3189,7 @@ test_tlsext_srtp_server(void)
}
#endif /* OPENSSL_NO_SRTP */
unsigned char tlsext_clienthello_default[] = {
static const unsigned char tlsext_clienthello_default[] = {
0x00, 0x34, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00,
0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d,
0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x23,
@ -3196,7 +3199,11 @@ unsigned char tlsext_clienthello_default[] = {
0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
};
unsigned char tlsext_clienthello_disabled[] = {};
/* An empty array is an incomplete type and sizeof() is undefined. */
static const unsigned char tlsext_clienthello_disabled[] = {
0x00,
};
static size_t tlsext_clienthello_disabled_len = 0;
static int
test_tlsext_clienthello_build(void)
@ -3287,18 +3294,18 @@ test_tlsext_clienthello_build(void)
goto err;
}
if (dlen != sizeof(tlsext_clienthello_disabled)) {
if (dlen != tlsext_clienthello_disabled_len) {
FAIL("got clienthello extensions with length %zu, "
"want length %zu\n", dlen,
sizeof(tlsext_clienthello_disabled));
tlsext_clienthello_disabled_len);
compare_data(data, dlen, tlsext_clienthello_disabled,
sizeof(tlsext_clienthello_disabled));
tlsext_clienthello_disabled_len);
goto err;
}
if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
FAIL("clienthello extensions differs:\n");
compare_data(data, dlen, tlsext_clienthello_disabled,
sizeof(tlsext_clienthello_disabled));
tlsext_clienthello_disabled_len);
goto err;
}

View file

@ -1,4 +1,4 @@
# $OpenBSD: tlsfuzzer.py,v 1.49 2023/06/10 05:00:58 tb Exp $
# $OpenBSD: tlsfuzzer.py,v 1.50 2023/07/02 17:21:33 beck Exp $
#
# Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
#
@ -323,6 +323,8 @@ tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
tls12_exclude_legacy_protocols = [
# all these have BIO_read timeouts against TLSv1.3
"-e", "Protocol (3, 0)",
"-e", "Protocol (3, 1)",
"-e", "Protocol (3, 2)",
"-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
# the following only fail with TLSv1.3
"-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
@ -331,13 +333,20 @@ tls12_exclude_legacy_protocols = [
"-e", "Protocol (3, 1) with x448 group",
"-e", "Protocol (3, 2) with x448 group",
"-e", "Protocol (3, 3) with x448 group",
# These don't work without TLSv1.0 and TLSv1.1
"-e", "Protocol (3, 1) with secp256r1 group",
"-e", "Protocol (3, 1) with secp384r1 group",
"-e", "Protocol (3, 1) with secp521r1 group",
"-e", "Protocol (3, 1) with x25519 group",
"-e", "Protocol (3, 2) with secp256r1 group",
"-e", "Protocol (3, 2) with secp384r1 group",
"-e", "Protocol (3, 2) with secp521r1 group",
"-e", "Protocol (3, 2) with x25519 group",
]
tls12_tests = TestGroup("TLSv1.2 tests", [
# Tests that pass as they are.
Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
Test("test-aes-gcm-nonces.py"),
Test("test-chacha20.py"),
Test("test-connection-abort.py"),
Test("test-conversation.py"),
Test("test-cve-2016-2107.py"),
@ -386,13 +395,30 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
]
),
Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.0"]),
Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]),
Test(
"test-downgrade-protection.py",
tls12_args = ["--server-max-protocol", "TLSv1.2"],
tls13_args = ["--server-max-protocol", "TLSv1.3"],
tls13_args = [
"--server-max-protocol", "TLSv1.3",
"-e", "TLS 1.3 downgrade check for Protocol (3, 1)",
"-e", "TLS 1.3 downgrade check for Protocol (3, 2)",
]
),
Test(
"test-fallback-scsv.py",
tls13_args = [
"--tls-1.3",
"-e", "FALLBACK - hello TLSv1.1 - pos 0",
"-e", "FALLBACK - hello TLSv1.1 - pos 1",
"-e", "FALLBACK - hello TLSv1.1 - pos 2",
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 0",
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 1",
"-e", "FALLBACK - record TLSv1.1 hello TLSv1.1 - pos 2",
"-e", "record TLSv1.1 hello TLSv1.1",
"-e", "sanity - TLSv1.1",
]
),
Test("test-fallback-scsv.py", tls13_args = ["--tls-1.3"] ),
Test("test-invalid-compression-methods.py", [
"-x", "invalid compression methods",
@ -412,6 +438,8 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
])
tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
@ -549,6 +577,9 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
# x448 tests need disabling plus x25519 corner cases need sorting out
Test("test-x25519.py"),
# Needs TLS 1.0 or 1.1
Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
])
tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [

View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_versions.c,v 1.19 2022/11/26 16:08:57 tb Exp $ */
/* $OpenBSD: ssl_versions.c,v 1.20 2023/07/02 17:21:33 beck Exp $ */
/*
* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
*
@ -32,43 +32,43 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_3_VERSION,
},
{
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_3,
.minver = TLS1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = SSL_OP_NO_TLSv1_1,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1,
@ -81,15 +81,15 @@ static struct version_range_test version_range_tests[] = {
.options = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 |
@ -119,14 +119,14 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
.options = 0,
.minver = TLS1_1_VERSION,
.maxver = TLS1_2_VERSION,
.want_minver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_2_VERSION,
},
{
@ -140,14 +140,14 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_3_VERSION,
},
{
.options = 0,
.minver = TLS1_1_VERSION,
.maxver = TLS1_3_VERSION,
.want_minver = TLS1_1_VERSION,
.want_minver = TLS1_2_VERSION,
.want_maxver = TLS1_3_VERSION,
},
{
@ -168,15 +168,15 @@ static struct version_range_test version_range_tests[] = {
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_1_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
{
.options = 0,
.minver = TLS1_VERSION,
.maxver = TLS1_VERSION,
.want_minver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_minver = 0,
.want_maxver = 0,
},
};
@ -276,7 +276,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -284,7 +284,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -316,7 +316,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -324,7 +324,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -340,7 +340,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -356,7 +356,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -372,7 +372,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_1_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLS_method,
@ -380,7 +380,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_VERSION,
.peerver = TLS1_2_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLSv1_method,
@ -388,7 +388,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_VERSION,
.want_maxver = TLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = TLSv1_method,
@ -404,7 +404,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = TLS1_1_VERSION,
.want_maxver = TLS1_1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = DTLS_method,
@ -412,7 +412,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = DTLS1_VERSION,
.want_maxver = DTLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = DTLS_method,
@ -436,7 +436,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_1_VERSION,
.maxver = TLS1_1_VERSION,
.peerver = DTLS1_2_VERSION,
.want_maxver = DTLS1_VERSION,
.want_maxver = 0,
},
{
.ssl_method = DTLSv1_2_method,
@ -476,7 +476,7 @@ static struct shared_version_test shared_version_tests[] = {
.minver = TLS1_1_VERSION,
.maxver = TLS1_2_VERSION,
.peerver = DTLS1_2_VERSION,
.want_maxver = DTLS1_VERSION,
.want_maxver = 0,
},
};

View file

@ -1,4 +1,4 @@
/* $OpenBSD: configtest.c,v 1.2 2020/01/20 08:40:16 jsing Exp $ */
/* $OpenBSD: configtest.c,v 1.3 2023/07/02 06:37:27 beck Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
*
@ -71,30 +71,27 @@ struct parse_protocols_test parse_protocols_tests[] = {
{
.protostr = "tlsv1.0:tlsv1.1:tlsv1.2:tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
.want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
.want_protocols = TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "tlsv1.1,tlsv1.2,tlsv1.0",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_0 | TLS_PROTOCOL_TLSv1_1 |
TLS_PROTOCOL_TLSv1_2,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
},
{
.protostr = "tlsv1.1,tlsv1.2,tlsv1.1",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
},
{
.protostr = "tlsv1.1,tlsv1.2,!tlsv1.1",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
.want_protocols = 0,
},
{
.protostr = "unknown",
@ -114,19 +111,17 @@ struct parse_protocols_test parse_protocols_tests[] = {
{
.protostr = "all,!tlsv1.0",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
TLS_PROTOCOL_TLSv1_3,
.want_protocols = TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "!tlsv1.0",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | \
TLS_PROTOCOL_TLSv1_3,
.want_protocols = TLS_PROTOCOL_TLSv1_3,
},
{
.protostr = "!tlsv1.0,!tlsv1.1,!tlsv1.3",
.want_return = 0,
.want_protocols = TLS_PROTOCOL_TLSv1_2,
.want_protocols = 0,
},
{
.protostr = "!tlsv1.0,!tlsv1.1,tlsv1.2,!tlsv1.3",

View file

@ -45,8 +45,6 @@ const (
)
var protocolNames = map[ProtocolVersion]string{
ProtocolTLSv10: "TLSv1",
ProtocolTLSv11: "TLSv1.1",
ProtocolTLSv12: "TLSv1.2",
ProtocolTLSv13: "TLSv1.3",
ProtocolsAll: "all",

View file

@ -251,11 +251,11 @@ func TestTLSVersions(t *testing.T) {
{tls.VersionSSL30, tls.VersionTLS12, ProtocolTLSv12, false},
{tls.VersionTLS10, tls.VersionTLS12, ProtocolTLSv12, false},
{tls.VersionTLS11, tls.VersionTLS12, ProtocolTLSv12, false},
{tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, false},
{tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, false},
{tls.VersionSSL30, tls.VersionTLS11, ProtocolTLSv11, true},
{tls.VersionSSL30, tls.VersionTLS10, ProtocolTLSv10, true},
{tls.VersionSSL30, tls.VersionSSL30, 0, true},
{tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, false},
{tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, false},
{tls.VersionTLS10, tls.VersionTLS10, ProtocolTLSv10, true},
{tls.VersionTLS11, tls.VersionTLS11, ProtocolTLSv11, true},
{tls.VersionTLS12, tls.VersionTLS12, ProtocolTLSv12, false},
}
for i, test := range tests {

View file

@ -1,4 +1,4 @@
/* $OpenBSD: copy.c,v 1.6 2021/12/13 16:56:49 deraadt Exp $ */
/* $OpenBSD: copy.c,v 1.7 2023/07/06 07:47:04 deraadt Exp $ */
/* Written by Ted Unangst 2004 Public Domain */
@ -63,9 +63,9 @@ main(int argc, char **argv)
/* printf("goodbuf %p badbuf %p\n", goodbuf, badbuf); */
/* copyin */
if (!syscall(202, 0, 6, &kinfo, &kinfosize, 0, 0))
if (!sysctl(0, 6, &kinfo, &kinfosize, 0, 0))
fail("copyin did not fail on 0 buf\n");
if (!syscall(202, badbuf, 6, &kinfo, &kinfosize, 0, 0))
if (!sysctl(badbuf, 6, &kinfo, &kinfosize, 0, 0))
fail("copyin did not fail on bad buf\n");
/* copyout */

View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.104 2023/01/18 19:18:49 anton Exp $
# $OpenBSD: Makefile,v 1.105 2023/07/06 07:45:56 deraadt Exp $
SUBDIR+= accept access
SUBDIR+= bind
@ -20,7 +20,7 @@ SUBDIR+= select
.ifmake clean || cleandir || obj
SUBDIR+= setuid
.endif
SUBDIR+= signal sosplice stackjmp stackpivot syscall syscall_segment
SUBDIR+= signal sosplice stackjmp stackpivot syscall_segment
SUBDIR+= sysvmsg sysvsem sysvshm
SUBDIR+= unalign unfdpass unixsockets unveil unveil-unmount
SUBDIR+= wait

View file

@ -1,5 +0,0 @@
# $OpenBSD: Makefile,v 1.1 2002/02/08 21:33:32 art Exp $
PROG= syscall
.include <bsd.regress.mk>

View file

@ -1,35 +0,0 @@
/* $OpenBSD: syscall.c,v 1.2 2003/07/31 21:48:10 deraadt Exp $ */
/*
* Written by Artur Grabowski <art@openbsd.org> 2002 Public Domain.
*/
#include <sys/types.h>
#include <sys/syscall.h>
#include <sys/wait.h>
#include <unistd.h>
#include <stdlib.h>
#include <err.h>
int
main(int argc, char *argv[])
{
int status;
switch(fork()) {
case -1:
err(1, "fork");
case 0:
syscall(SYS_exit, 17);
abort();
}
if (wait(&status) < 0)
err(1, "wait");
if (!WIFEXITED(status))
errx(1, "child didn't exit gracefully");
if (WEXITSTATUS(status) != 17)
errx(1, "wrong exit status");
return 0;
}

View file

@ -1,6 +1,6 @@
#!/bin/sh
#
# $OpenBSD: appstest.sh,v 1.56 2023/04/26 09:07:59 tb Exp $
# $OpenBSD: appstest.sh,v 1.57 2023/07/03 05:31:56 beck Exp $
#
# Copyright (c) 2016 Kinichiro Inoguchi <inoguchi@openbsd.org>
#
@ -1760,10 +1760,6 @@ function test_server_client {
sleep 1
# test by protocol version
if [ "$other_openssl_version" = "OpenSSL 1." ] ; then
test_sc_by_protocol_version $sc tls1 'Protocol : TLSv1$' $c_id
test_sc_by_protocol_version $sc tls1_1 'Protocol : TLSv1\.1$' $c_id
fi
test_sc_by_protocol_version $sc tls1_2 'Protocol : TLSv1\.2$' $c_id
test_sc_by_protocol_version $sc tls1_3 'Protocol : TLSv1\.3$' $c_id

View file

@ -1,5 +1,5 @@
#!/bin/sh
# $OpenBSD: test_client.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
# $OpenBSD: test_client.sh,v 1.3 2023/07/03 05:31:56 beck Exp $
echo
echo This starts a tls1 mode client to talk to the server run by
@ -9,4 +9,4 @@ echo type in this window after ssl negotiation and your output should
echo be echoed by the server.
echo
echo
${OPENSSL:-/usr/bin/openssl} s_client -tls1
${OPENSSL:-/usr/bin/openssl} s_client

View file

@ -1,5 +1,5 @@
#!/bin/sh
# $OpenBSD: test_server.sh,v 1.2 2018/02/06 02:31:13 tb Exp $
# $OpenBSD: test_server.sh,v 1.3 2023/07/03 05:31:56 beck Exp $
echo This starts a tls1 mode server using the DSA certificate in ./server.pem
echo Run ./testclient.sh in another window and type at it, you should
@ -7,4 +7,4 @@ echo see the results of the ssl negotiation, and stuff you type in the client
echo should echo in this window
echo
echo
${OPENSSL:-/usr/bin/openssl} s_server -tls1 -key testdsa.key -cert testdsa.pem
${OPENSSL:-/usr/bin/openssl} s_server -key testdsa.key -cert testdsa.pem

View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.63 2023/06/08 08:57:02 espie Exp $
# $OpenBSD: Makefile,v 1.65 2023/07/03 17:55:51 anton Exp $
REGRESS_TARGETS=cmp-vers1-1 \
cmp-vers1-2 \
@ -106,7 +106,10 @@ REGRESS_TARGETS=cmp-vers1-1 \
lib-flags-2 \
lib-flags-3 \
lib-flags-4 \
private-cflags-1 \
private-libs-1 \
private-cflags-libs-1 \
private-static-libs-1
PKG_CONFIG?= /usr/bin/pkg-config
PCONFIG = PKG_CONFIG_PATH=${.CURDIR}/pcdir/ ${PKG_CONFIG}
@ -700,9 +703,6 @@ cflags-system-path-2:
@PKG_CONFIG_SYSTEM_INCLUDE_PATH=/usr/X11R6/include:/usr/private/include ${VPCONFIG} --cflags cflags-2
@diff -u ${WANT} ${GOT}
clean:
rm -f *.want *.got
lib-flags-1:
# Test --libs-only-other
@echo "-pthread" > ${WANT}
@ -727,6 +727,34 @@ lib-flags-4:
@${VPCONFIG} --libs-only-l lib-flags
@diff -u ${WANT} ${GOT}
private-cflags-1:
# Test --cflags printing Requires
@echo "-I/requires-test/include -I/private-dep/include -I/public-dep/include" > ${WANT}
@${VPCONFIG} --cflags requires-test
@diff -u ${WANT} ${GOT}
private-libs-1:
# Test --libs printing Requires
@echo "-L/requires-test/lib -L/public-dep/lib -lrequires-test -lpublic-dep" > ${WANT}
@${VPCONFIG} --libs requires-test
@diff -u ${WANT} ${GOT}
REGRESS_EXPECTED_FAILURES+=private-cflags-libs-1
private-cflags-libs-1:
# Test --cflags --libs printing Requires and not also Requires.private libs
@echo "-I/requires-test/include -I/private-dep/include -I/public-dep/include -L/requires-test/lib -L/public-dep/lib -lrequires-test -lpublic-dep" > ${WANT}
@${VPCONFIG} --cflags --libs requires-test
@diff -u ${WANT} ${GOT}
private-static-libs-1:
# Test --static --libs printing Requires.private
@echo "-L/requires-test/lib -L/private-dep/lib -L/public-dep/lib -lrequires-test -lprivate-dep -lpublic-dep" > ${WANT}
@${VPCONFIG} --static --libs requires-test
@diff -u ${WANT} ${GOT}
clean:
rm -f *.want *.got
.PHONY: ${REGRESS_TARGETS}
.include <bsd.regress.mk>

View file

@ -424,7 +424,7 @@ test-rcs-oflag: clean
case "$$?" in 1) exit 0;; esac && exit 1
@tr '\n' ' ' < blah.c,v | grep -q '[[:space:]]1.5[[:space:]]' || \
case "$$?" in 1) exit 0;; esac && exit 1
test-rcs-lock-unlock: clean
@touch file
@mkdir -p RCS
@ -482,7 +482,7 @@ test-co-lock-filemodes:
@chmod 754 RCS/blah.c,v
@${CO} -q -l blah.c
@eval 'test `stat -f%p blah.c` = 100754'
# Testing 'co -u blah.c' for permissions inheritance
test-co-unlock-filemodes: test-co-lock-filemodes
@ -617,7 +617,7 @@ test-ci-parse-keywords: clean
@echo . | ${CI} -q -k test
test-ci-parse-keywords2: clean
@echo '$Id: blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah' > test
@echo '$Id: blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah' > test
@echo . | ${CI} -q -k test
# Check for correct EOF handling in rcs parser

View file

@ -1,32 +0,0 @@
# The client writes a message to Sys::Syslog native method.
# The syslogd writes it into a file and through a pipe.
# The syslogd passes it via TLS to localhost loghost without verification.
# The server receives the message on its TLS version 1.0 socket.
# Find the message in client, file, pipe, syslogd, server log.
# Check that server log contains ssl version 1.
use strict;
use warnings;
use Socket;
our %args = (
syslogd => {
loghost => '@tls://localhost:$connectport',
loggrep => {
qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
get_testgrep() => 1,
qr/syslogd: loghost .* connection error: connect failed:/ => 0,
},
},
server => {
listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
loggrep => {
qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
get_testgrep() => 1,
qr/ssl version: TLSv1$/ => 1,
},
sslversion => "TLSv1",
},
);
1;

View file

@ -1,33 +0,0 @@
# The client writes a message to Sys::Syslog native method.
# The syslogd writes it into a file and through a pipe.
# The syslogd passes it via TLS to localhost loghost.
# The server receives the message on its TLS version 1.0 socket.
# Find the message in client, file, pipe, syslogd, server log.
# Check that server log contains ssl version 1.
use strict;
use warnings;
use Socket;
our %args = (
syslogd => {
loghost => '@tls://localhost:$connectport',
loggrep => {
qr/Logging to FORWTLS \@tls:\/\/localhost:\d+/ => '>=4',
get_testgrep() => 1,
qr/syslogd: loghost .* connection error: connect failed:/ => 0,
},
cacrt => "ca.crt",
},
server => {
listen => { domain => AF_UNSPEC, proto => "tls", addr => "localhost" },
loggrep => {
qr/listen sock: (127.0.0.1|::1) \d+/ => 1,
get_testgrep() => 1,
qr/ssl version: TLSv1$/ => 1,
},
sslversion => "TLSv1",
},
);
1;