sync code with last fixes and improvements from OpenBSD

This commit is contained in:
purplerain 2023-06-07 21:20:56 +00:00
parent 4b78db449c
commit bf0676207f
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
2406 changed files with 6353 additions and 434004 deletions

View file

@ -1,2 +1,4 @@
# Use this variable when the test needs internal symbols from libcrypto
CRYPTO_INT= -Wl,-Bstatic -lcrypto -Wl,-Bdynamic
# Use this variable when the test needs internal symbols from libssl
SSL_INT= -Wl,-Bstatic -lssl -Wl,-Bdynamic

View file

@ -1,10 +1,10 @@
# $OpenBSD: Makefile,v 1.9 2022/05/10 19:27:21 tb Exp $
# $OpenBSD: Makefile,v 1.10 2023/06/04 11:33:45 tb Exp $
OPENSSL_RUBY_TESTS = /usr/local/share/openssl-ruby-tests
.if exists(/usr/local/bin/ruby31)
RUBY_BINREV = 31
.else
RUBY_BINREV = 30
RUBY_BINREV = 32
.endif
RUBY = ruby${RUBY_BINREV}

View file

@ -1,9 +1,10 @@
# $OpenBSD: Makefile,v 1.14 2022/12/02 01:15:11 tb Exp $
# $OpenBSD: Makefile,v 1.16 2023/05/24 09:15:14 tb Exp $
PROGS += cipher_list
PROGS += ssl_get_shared_ciphers
PROGS += ssl_methods
PROGS += ssl_set_alpn_protos
PROGS += ssl_verify_param
PROGS += ssl_versions
PROGS += tls_ext_alpn
PROGS += tls_prf
@ -15,4 +16,6 @@ CFLAGS+= -DLIBRESSL_INTERNAL -Wall -Wundef -Werror
CFLAGS+= -DCERTSDIR=\"${.CURDIR}/../certs\"
CFLAGS+= -I${.CURDIR}/../../../../lib/libssl
LDADD_ssl_verify_param = ${LIBSSL} ${CRYPTO_INT}
.include <bsd.regress.mk>

View file

@ -0,0 +1,99 @@
/* $OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */
/*
* Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <err.h>
#include <stdio.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
static int
ssl_verify_param_flags_inherited(void)
{
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
X509_VERIFY_PARAM *param;
unsigned int defaultflags = 0;
unsigned int newflags = X509_CHECK_FLAG_NEVER_CHECK_SUBJECT;
unsigned int flags;
int failed = 1;
if ((ssl_ctx = SSL_CTX_new(TLS_method())) == NULL)
errx(1, "SSL_CTX_new");
if ((param = SSL_CTX_get0_param(ssl_ctx)) == NULL) {
fprintf(stderr, "FAIL: no verify param on ssl_ctx\n");
goto failure;
}
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
fprintf(stderr, "FAIL: SSL_CTX default hostflags, "
"want: %x, got: %x\n", defaultflags, flags);
goto failure;
}
X509_VERIFY_PARAM_set_hostflags(param, newflags);
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
fprintf(stderr, "FAIL: SSL_CTX new hostflags, "
"want: %x, got: %x\n", newflags, flags);
goto failure;
}
if ((ssl = SSL_new(ssl_ctx)) == NULL)
errx(1, "SSL_new");
if ((param = SSL_get0_param(ssl)) == NULL) {
fprintf(stderr, "FAIL: no verify param on ssl\n");
goto failure;
}
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != newflags) {
fprintf(stderr, "FAIL: SSL inherited hostflags, "
"want: %x, got: %x\n", newflags, flags);
goto failure;
}
SSL_set_hostflags(ssl, defaultflags);
if ((flags = X509_VERIFY_PARAM_get_hostflags(param)) != defaultflags) {
fprintf(stderr, "FAIL: SSL set hostflags, "
"want: %x, got: %x\n", defaultflags, flags);
goto failure;
}
failed = 0;
failure:
SSL_CTX_free(ssl_ctx);
SSL_free(ssl);
return failed;
}
int
main(void)
{
int failed = 0;
failed |= ssl_verify_param_flags_inherited();
return failed;
}